diff --git a/bin/install-federated.sh b/bin/install-federated.sh index 525ade1..958fa78 100755 --- a/bin/install-federated.sh +++ b/bin/install-federated.sh @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # # Federated installation script @@ -54,11 +54,13 @@ get_config() { . /federated/lib/collabora.sh . /federated/lib/nextcloud.sh . /federated/lib/matrix.sh + . /federated/lib/element.sh . /federated/lib/jitsi.sh . /federated/lib/listmonk.sh . /federated/lib/vaultwarden.sh . /federated/lib/panel.sh . /federated/lib/proxy.sh + . /federated/lib/wireguard.sh echo -ne "\nFederated Stack install script\n\n" read -p '* Enter domain name (domain.com): ' DOMAIN @@ -89,7 +91,7 @@ check_ports config_network # Configure and start each federated service -for i in dns postgresql ldap mail collabora proxy nextcloud matrix listmonk vaultwarden panel jitsi; do +for i in dns postgresql ldap mail collabora proxy nextcloud matrix element listmonk vaultwarden panel wireguard jitsi; do config_$i start_$i done diff --git a/bin/start.sh b/bin/start.sh index 08f7dbc..e362d76 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -3,7 +3,7 @@ # Federated Start Script usage() { - echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard" exit 2 } startservice() { @@ -11,7 +11,7 @@ startservice() { cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE up -d } startservice_all() { - for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do + for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy wireguard; do echo "* Starting $i.." cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i up -d done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) startservice_all;; - dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) startservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard) startservice;; *) usage;; esac diff --git a/bin/stop.sh b/bin/stop.sh index 3cf2efd..bdc63e1 100755 --- a/bin/stop.sh +++ b/bin/stop.sh @@ -3,7 +3,7 @@ # Federated Stop Script usage() { - echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard" exit 2 } stopservice() { @@ -11,7 +11,7 @@ stopservice() { cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE down } stopservice_all() { - for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do + for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy wireguard; do echo "* Stopping $i.." cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i down done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) stopservice_all;; - dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) stopservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard) stopservice;; *) usage;; esac diff --git a/lib/collabora.sh b/lib/collabora.sh index 58eef52..19781a8 100644 --- a/lib/collabora.sh +++ b/lib/collabora.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Collabora Service +# Collabora Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -24,14 +24,14 @@ version: '3.7' services: collabora: - image: collabora/code:latest + image: collabora/code:\${IMAGE_VERSION} container_name: collabora hostname: collabora.$DOMAIN domainname: $DOMAIN restart: always networks: federated: - ipv4_address: 172.99.0.20 + ipv4_address: 172.99.0.14 ports: - "9980:9980" volumes: @@ -50,6 +50,7 @@ networks: EOF cat > /federated/apps/collabora/.env < /dev/null + nc -z 172.99.0.14 9980 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/dns.sh b/lib/dns.sh index 815b5ae..3dea556 100644 --- a/lib/dns.sh +++ b/lib/dns.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer DNS Service +# DNS Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -20,7 +20,7 @@ version: '3.7' services: dns: - image: alpine:latest + image: alpine:\${IMAGE_VERSION} container_name: dns hostname: dns restart: always @@ -129,6 +129,11 @@ EOF chmod +x /federated/apps/dns/data/root/dns-cert.sh +cat > /federated/apps/dns/.env < /federated/apps/dns/data/etc/bind/named.conf < /dev/null + fi + + DOMAIN_ARRAY=(${DOMAIN//./ }) + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} + +cat > /federated/apps/element/docker-compose.yml < /federated/apps/element/.env < /federated/apps/element/data/element/element-config.json < /dev/null +echo -ne "done." +} + +start_element() { + # Start /federated/apps/element with output to /dev/null + echo -ne "\n* Starting /federated/apps/element service.." + spin & + SPINPID=$! + + if [ $DEBUG ]; then + # Start /federated/apps/element with output to console for debug + docker-compose -f /federated/apps/element/docker-compose.yml -p element up + [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/element" + else + docker-compose -f /federated/apps/element/docker-compose.yml -p element up -d &> /dev/null + + # Keep trying element port 80 to make sure it's up + # before we proceed + RETRY="30" + while [ $RETRY -gt 0 ]; do + nc -z 172.99.0.18 80 &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f /federated/apps/element/docker-compose.yml -p element down &> /dev/null + kill -9 $SPINPID &> /dev/null + fail "There was a problem starting service /federated/apps/element\nCheck the output of 'docker logs element' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 7 + fi + done + fi + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/lib/jitsi.sh b/lib/jitsi.sh index cb95b1e..d2cac9a 100644 --- a/lib/jitsi.sh +++ b/lib/jitsi.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Jitsi Service +# Jitsi Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -181,7 +181,7 @@ services: - XMPP_PORT networks: federated: - ipv4_address: 172.99.0.25 + ipv4_address: 172.99.0.23 # XMPP server prosody: @@ -276,7 +276,7 @@ services: - XMPP_PORT networks: federated: - ipv4_address: 172.99.0.26 + ipv4_address: 172.99.0.24 aliases: - xmpp.meet.jitsi - xmpp.northendnetwork.com @@ -330,7 +330,7 @@ services: - prosody networks: federated: - ipv4_address: 172.99.0.27 + ipv4_address: 172.99.0.25 # Video bridge jvb: @@ -375,7 +375,7 @@ services: - prosody networks: federated: - ipv4_address: 172.99.0.28 + ipv4_address: 172.99.0.26 networks: federated: diff --git a/lib/ldap.sh b/lib/ldap.sh index ea473da..26cef35 100644 --- a/lib/ldap.sh +++ b/lib/ldap.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer LDAP Service +# LDAP Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -28,7 +28,7 @@ version: '3.7' services: ldap: - image: osixia/openldap:latest + image: osixia/openldap:\${IMAGE_VERSION} container_name: ldap hostname: ldap.$DOMAIN domainname: $DOMAIN @@ -36,7 +36,7 @@ services: working_dir: /root networks: federated: - ipv4_address: 172.99.0.11 + ipv4_address: 172.99.0.12 volumes: - ./data/var/lib/ldap:/var/lib/ldap - ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d @@ -56,6 +56,7 @@ networks: EOF cat > /federated/apps/ldap/.env < /dev/null + nc -z 172.99.0.12 636 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/listmonk.sh b/lib/listmonk.sh index 50df743..e29507d 100644 --- a/lib/listmonk.sh +++ b/lib/listmonk.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Control Postgresql Service +# Federated Computer Listmonk Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -22,7 +22,7 @@ version: "3.7" services: listmonk: - image: listmonk/listmonk:latest + image: listmonk/listmonk:\${IMAGE_VERSION} container_name: listmonk hostname: listmonk.$DOMAIN domainname: $DOMAIN @@ -30,7 +30,7 @@ services: command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"] networks: federated: - ipv4_address: 172.99.0.39 + ipv4_address: 172.99.0.19 env_file: - ./.env volumes: @@ -43,6 +43,7 @@ networks: EOF cat > /federated/apps/listmonk/.env < /dev/null + nc -z 172.99.0.19 9000 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/mail.sh b/lib/mail.sh index 4d4542c..fef8aae 100644 --- a/lib/mail.sh +++ b/lib/mail.sh @@ -27,7 +27,7 @@ version: '3.7' services: mail: - image: docker.io/mailserver/docker-mailserver:latest + image: docker.io/mailserver/docker-mailserver:\${IMAGE_VERSION} container_name: mail hostname: mail.$DOMAIN domainname: $DOMAIN @@ -60,6 +60,7 @@ networks: EOF cat > /federated/apps/mail/.env < /dev/null + mkdir -p /federated/apps/matrix/data/matrix &> /dev/null cp -rf /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem /federated/apps/matrix/data/matrix chmod 644 /federated/apps/matrix/data/matrix/*.pem fi @@ -23,129 +23,32 @@ cat > /federated/apps/matrix/docker-compose.yml < /federated/apps/matrix/.env.element < /federated/apps/matrix/.env.matrix < /federated/apps/matrix/.env < /federated/apps/matrix/data/element/element-config.json < /dev/null @@ -187,6 +90,7 @@ modules: local_certificate_file: /data/fullchain1.pem local_private_key_file: /data/privkey1.pem EOF +chmod 600 /federated/apps/matrix/data/matrix/homeserver.yaml kill -9 $SPINPID &> /dev/null echo -ne "done." @@ -209,7 +113,7 @@ start_matrix() { # before we proceed RETRY="30" while [ $RETRY -gt 0 ]; do - nc -z 172.99.0.32 8008 &> /dev/null + nc -z 172.99.0.17 8008 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/nextcloud.sh b/lib/nextcloud.sh index fb2735a..53b14c4 100644 --- a/lib/nextcloud.sh +++ b/lib/nextcloud.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer NextCloud Service +# NextCloud Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -22,7 +22,7 @@ version: '3.7' services: nextcloud: - image: nextcloud:latest + image: nextcloud:\${IMAGE_VERSION} container_name: nextcloud hostname: nextcloud.$DOMAIN domainname: $DOMAIN @@ -32,7 +32,7 @@ services: dockerfile: Dockerfile networks: federated: - ipv4_address: 172.99.0.15 + ipv4_address: 172.99.0.16 extra_hosts: - "collabora.$DOMAIN:$EXTERNALIP" volumes: @@ -58,6 +58,7 @@ echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret cat > /federated/apps/nextcloud/.env < /dev/null + nc -z 172.99.0.16 80 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/panel.sh b/lib/panel.sh index 844f7b8..fc5b904 100644 --- a/lib/panel.sh +++ b/lib/panel.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Control Panel Service +# Panel Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -19,7 +19,7 @@ config_panel() { cat > /federated/apps/panel/ansible_hosts < /federated/apps/panel/.env < /dev/null + nc -z 172.99.0.21 80 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/postgresql.sh b/lib/postgresql.sh index dc51c9d..254ffa4 100644 --- a/lib/postgresql.sh +++ b/lib/postgresql.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Control Postgresql Service +# Postgresql Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -26,14 +26,14 @@ version: "3.7" services: postgresql: - image: postgres:14 + image: postgres:${IMAGE_VERSION} container_name: postgresql hostname: postgresql.$DOMAIN domainname: $DOMAIN restart: always networks: federated: - ipv4_address: 172.99.0.40 + ipv4_address: 172.99.0.11 volumes: - ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt - ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key @@ -62,6 +62,7 @@ networks: EOF cat > /federated/apps/postgresql/.env < /dev/null + nc -z 172.99.0.11 5432 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/proxy.sh b/lib/proxy.sh index 2226517..ec21936 100644 --- a/lib/proxy.sh +++ b/lib/proxy.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Proxy Service +# Proxy Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -24,14 +24,14 @@ version: '3.7' services: proxy: - image: jwilder/nginx-proxy + image: jwilder/nginx-proxy:\${IMAGE_VERSION} container_name: proxy hostname: proxy.$DOMAIN domainname: $DOMAIN restart: always networks: federated: - ipv4_address: 172.99.0.16 + ipv4_address: 172.99.0.15 ports: - 80:80 - 443:443 @@ -43,6 +43,11 @@ networks: federated: external: true EOF + +cat > /federated/apps/proxy/.env < /dev/null echo -ne "done." @@ -65,7 +70,7 @@ start_proxy() { # before we proceed RETRY="23" while [ $RETRY -gt 0 ]; do - nc -z 172.99.0.16 443 &> /dev/null + nc -z 172.99.0.15 443 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/vaultwarden.sh b/lib/vaultwarden.sh index c601f6b..a808872 100644 --- a/lib/vaultwarden.sh +++ b/lib/vaultwarden.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Federated Computer Control Postgresql Service +# Vaultwarden Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -22,14 +22,14 @@ version: '3.7' services: vaultwarden: - image: vaultwarden/server:latest + image: vaultwarden/server:\${IMAGE_VERSION} container_name: vaultwarden hostname: vaultwarden.$DOMAIN domainname: $DOMAIN restart: always networks: federated: - ipv4_address: 172.99.0.33 + ipv4_address: 172.99.0.20 env_file: - ./.env volumes: @@ -41,6 +41,7 @@ networks: EOF cat > /federated/apps/vaultwarden/.env < /dev/null + nc -z 172.99.0.20 80 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/lib/wireguard.sh b/lib/wireguard.sh new file mode 100644 index 0000000..e0fdb44 --- /dev/null +++ b/lib/wireguard.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# +# Wireguard / VPN Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_wireguard() { + echo -ne "\n* Configuring /federated/apps/wireguard container.." + spin & + SPINPID=$! + + if [ ! -d "/federated/apps/wireguard" ]; then + mkdir -p /federated/apps/wireguard/data/config + fi + + DOMAIN_ARRAY=(${DOMAIN//./ }) + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} + +cat > /federated/apps/wireguard/docker-compose.yml < /federated/apps/wireguard/.env < /dev/null +echo -ne "done." +} + +start_wireguard() { + # Start /federated/apps/wireguard with output to /dev/null + echo -ne "\n* Starting /federated/apps/wireguard service.." + spin & + SPINPID=$! + + if [ $DEBUG ]; then + # Start /federated/apps/wireguard with output to console for debug + docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up + [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/wireguard" + else + docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up -d &> /dev/null + + # Keep trying wireguard port 80 to make sure it's up + # before we proceed + RETRY="30" + while [ $RETRY -gt 0 ]; do + nc -uvz 172.99.0.22 51820 &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard down &> /dev/null + kill -9 $SPINPID &> /dev/null + fail "There was a problem starting service /federated/apps/wireguard\nCheck the output of 'docker logs wireguard' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 7 + fi + done + fi + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +}