bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Separated element / matrix. Added IMAGE_VERSION to env files

Browse Source
This commit is contained in:
Derek Crudgington 2023-01-19 15:55:10 +00:00
parent b8593ba656
commit a4a0ab566d
17 changed files with 350 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/install-federated.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash -x
#!/bin/bash
#
# Federated installation script
@ -54,11 +54,13 @@ get_config() {
. /federated/lib/collabora.sh
. /federated/lib/nextcloud.sh
. /federated/lib/matrix.sh
. /federated/lib/element.sh
. /federated/lib/jitsi.sh
. /federated/lib/listmonk.sh
. /federated/lib/vaultwarden.sh
. /federated/lib/panel.sh
. /federated/lib/proxy.sh
. /federated/lib/wireguard.sh
echo -ne "\nFederated Stack install script\n\n"
read -p '* Enter domain name (domain.com): ' DOMAIN
@ -89,7 +91,7 @@ check_ports
config_network
# Configure and start each federated service
for i in dns postgresql ldap mail collabora proxy nextcloud matrix listmonk vaultwarden panel jitsi; do
for i in dns postgresql ldap mail collabora proxy nextcloud matrix element listmonk vaultwarden panel wireguard jitsi; do
config_$i
start_$i
done

6
bin/start.sh
View File

@ -3,7 +3,7 @@
# Federated Start Script
usage() {
echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy"
echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard"
exit 2
}
startservice() {
@ -11,7 +11,7 @@ startservice() {
cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE up -d
}
startservice_all() {
for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do
for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy wireguard; do
echo "* Starting $i.."
cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i up -d
done
@ -22,6 +22,6 @@ SERVICE=$1
case "$SERVICE" in
all) startservice_all;;
dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) startservice;;
dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard) startservice;;
*) usage;;
esac

6
bin/stop.sh
View File

@ -3,7 +3,7 @@
# Federated Stop Script
usage() {
echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy"
echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard"
exit 2
}
stopservice() {
@ -11,7 +11,7 @@ stopservice() {
cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE down
}
stopservice_all() {
for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do
for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy wireguard; do
echo "* Stopping $i.."
cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i down
done
@ -22,6 +22,6 @@ SERVICE=$1
case "$SERVICE" in
all) stopservice_all;;
dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) stopservice;;
dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy|wireguard) stopservice;;
*) usage;;
esac

9
lib/collabora.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Collabora Service
# Collabora Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -24,14 +24,14 @@ version: '3.7'
services:
collabora:
image: collabora/code:latest
image: collabora/code:\${IMAGE_VERSION}
container_name: collabora
hostname: collabora.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.20
ipv4_address: 172.99.0.14
ports:
- "9980:9980"
volumes:
@ -50,6 +50,7 @@ networks:
EOF
cat > /federated/apps/collabora/.env <<EOF
IMAGE_VERSION="latest"
VIRTUAL_PROTO=https
VIRTUAL_PORT=9980
VIRTUAL_HOST=collabora.$DOMAIN
@ -79,7 +80,7 @@ start_collabora() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.20 9980 &> /dev/null
nc -z 172.99.0.14 9980 &> /dev/null
if [ $? -eq 0 ]; then
break
else

10
lib/dns.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer DNS Service
# DNS Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -20,7 +20,7 @@ version: '3.7'
services:
dns:
image: alpine:latest
image: alpine:\${IMAGE_VERSION}
container_name: dns
hostname: dns
restart: always
@ -129,6 +129,11 @@ EOF
chmod +x /federated/apps/dns/data/root/dns-cert.sh
cat > /federated/apps/dns/.env <<EOF
IMAGE_VERSION="3.17.1"
EOF
chmod 600 /federated/apps/dns/.env
cat > /federated/apps/dns/data/etc/bind/named.conf <<EOF
options {
directory "/var/bind";
@ -180,6 +185,7 @@ matrix IN A $EXTERNALIP
element IN A $EXTERNALIP
listmonk IN A $EXTERNALIP
vaultwarden IN A $EXTERNALIP
vpn IN A $EXTERNALIP
$DOMAIN. IN A $EXTERNALIP
EOF

168
lib/element.sh Normal file
View File

@ -0,0 +1,168 @@
#!/bin/bash
#
# Element Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_element() {
echo -ne "\n* Configuring /federated/apps/element container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/element" ]; then
mkdir -p /federated/apps/element/data/element &> /dev/null
fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/element/docker-compose.yml <<EOF
version: '3.7'
services:
element:
image: vectorim/element-web:\${IMAGE_VERSION}
container_name: element
hostname: element.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.18
volumes:
- ./data/element/element-config.json:/app/config.json
env_file:
- ./.env
networks:
federated:
external: true
EOF
cat > /federated/apps/element/.env <<EOF
IMAGE_VERSION="v1.11.19"
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=element.$DOMAIN
EOF
chmod 600 /federated/apps/element/.env
cat > /federated/apps/element/data/element/element-config.json <<EOF
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.$DOMAIN",
"server_name": "matrix.$DOMAIN"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"jitsi": {
"preferredDomain": "jitsi.$DOMAIN"
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"hosting_signup_link": "https://element.io/matrix-services?utm_source=element-web&utm_medium=web",
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"uisi_autorageshake_app": "element-auto-uisi",
"showLabsSettings": true,
"roomDirectory": {
"servers": [
"matrix.org",
"gitter.im",
"libera.chat"
]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"terms_and_conditions_links": [
{
"url": "https://element.io/privacy",
"text": "Privacy Policy"
},
{
"url": "https://element.io/cookie-policy",
"text": "Cookie Policy"
}
],
"hostSignup": {
"brand": "Element Home",
"cookiePolicyUrl": "https://element.io/cookie-policy",
"domains": [
"matrix.org"
],
"privacyPolicyUrl": "https://element.io/privacy",
"termsOfServiceUrl": "https://element.io/terms-of-service",
"url": "https://ems.element.io/element-home/in-app-loader"
},
"sentry": {
"dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6",
"environment": "develop"
},
"posthog": {
"projectApiKey": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO",
"apiHost": "https://posthog.element.io"
},
"privacy_policy_url": "https://element.io/cookie-policy",
"features": {
"feature_spotlight": true,
"feature_video_rooms": true
},
"element_call": {
"url": "https://element-call.netlify.app"
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_element() {
# Start /federated/apps/element with output to /dev/null
echo -ne "\n* Starting /federated/apps/element service.."
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/element with output to console for debug
docker-compose -f /federated/apps/element/docker-compose.yml -p element up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/element"
else
docker-compose -f /federated/apps/element/docker-compose.yml -p element up -d &> /dev/null
# Keep trying element port 80 to make sure it's up
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.18 80 &> /dev/null
if [ $? -eq 0 ]; then
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/element/docker-compose.yml -p element down &> /dev/null
kill -9 $SPINPID &> /dev/null
fail "There was a problem starting service /federated/apps/element\nCheck the output of 'docker logs element' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 7
fi
done
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

10
lib/jitsi.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Jitsi Service
# Jitsi Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -181,7 +181,7 @@ services:
- XMPP_PORT
networks:
federated:
ipv4_address: 172.99.0.25
ipv4_address: 172.99.0.23
# XMPP server
prosody:
@ -276,7 +276,7 @@ services:
- XMPP_PORT
networks:
federated:
ipv4_address: 172.99.0.26
ipv4_address: 172.99.0.24
aliases:
- xmpp.meet.jitsi
- xmpp.northendnetwork.com
@ -330,7 +330,7 @@ services:
- prosody
networks:
federated:
ipv4_address: 172.99.0.27
ipv4_address: 172.99.0.25
# Video bridge
jvb:
@ -375,7 +375,7 @@ services:
- prosody
networks:
federated:
ipv4_address: 172.99.0.28
ipv4_address: 172.99.0.26
networks:
federated:

9
lib/ldap.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer LDAP Service
# LDAP Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -28,7 +28,7 @@ version: '3.7'
services:
ldap:
image: osixia/openldap:latest
image: osixia/openldap:\${IMAGE_VERSION}
container_name: ldap
hostname: ldap.$DOMAIN
domainname: $DOMAIN
@ -36,7 +36,7 @@ services:
working_dir: /root
networks:
federated:
ipv4_address: 172.99.0.11
ipv4_address: 172.99.0.12
volumes:
- ./data/var/lib/ldap:/var/lib/ldap
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
@ -56,6 +56,7 @@ networks:
EOF
cat > /federated/apps/ldap/.env <<EOF
IMAGE_VERSION="1.5.0"
LDAP_ORGANISATION=$COMPANY
LDAP_DOMAIN=$DOMAIN
LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password
@ -178,7 +179,7 @@ start_ldap() {
# before we proceed
RETRY="35"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.11 636 &> /dev/null
nc -z 172.99.0.12 636 &> /dev/null
if [ $? -eq 0 ]; then
break
else

9
lib/listmonk.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Control Postgresql Service
# Federated Computer Listmonk Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -22,7 +22,7 @@ version: "3.7"
services:
listmonk:
image: listmonk/listmonk:latest
image: listmonk/listmonk:\${IMAGE_VERSION}
container_name: listmonk
hostname: listmonk.$DOMAIN
domainname: $DOMAIN
@ -30,7 +30,7 @@ services:
command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"]
networks:
federated:
ipv4_address: 172.99.0.39
ipv4_address: 172.99.0.19
env_file:
- ./.env
volumes:
@ -43,6 +43,7 @@ networks:
EOF
cat > /federated/apps/listmonk/.env <<EOF
IMAGE_VERSION="v2.3.0"
VIRTUAL_PROTO=http
VIRTUAL_PORT=9000
VIRTUAL_HOST=listmonk.$DOMAIN
@ -90,7 +91,7 @@ start_listmonk() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.39 9000 &> /dev/null
nc -z 172.99.0.19 9000 &> /dev/null
if [ $? -eq 0 ]; then
break
else

3
lib/mail.sh
View File

@ -27,7 +27,7 @@ version: '3.7'
services:
mail:
image: docker.io/mailserver/docker-mailserver:latest
image: docker.io/mailserver/docker-mailserver:\${IMAGE_VERSION}
container_name: mail
hostname: mail.$DOMAIN
domainname: $DOMAIN
@ -60,6 +60,7 @@ networks:
EOF
cat > /federated/apps/mail/.env <<EOF
IMAGE_VERSION="11.3.1"
ENABLE_SPAMASSASSIN=1
ENABLE_SPAMASSASSIN_KAM=1
SPAMASSASSIN_SPAM_TO_INBOX=1

118
lib/matrix.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Matrix / Element Service
# Matrix Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -10,7 +10,7 @@ config_matrix() {
SPINPID=$!
if [ ! -d "/federated/apps/matrix" ]; then
mkdir -p /federated/apps/matrix/data/matrix /federated/apps/matrix/data/element &> /dev/null
mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
cp -rf /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem /federated/apps/matrix/data/matrix
chmod 644 /federated/apps/matrix/data/matrix/*.pem
fi
@ -23,129 +23,32 @@ cat > /federated/apps/matrix/docker-compose.yml <<EOF
version: '3.7'
services:
element:
image: vectorim/element-web:latest
container_name: element
hostname: element.$DOMAIN
domainname: $DOMAIN
restart: always
volumes:
- ./data/element/element-config.json:/app/config.json
networks:
federated:
ipv4_address: 172.99.0.31
env_file:
- ./.env.element
synapse:
image: matrixdotorg/synapse:latest
matrix:
image: matrixdotorg/synapse:\${IMAGE_VERSION}
container_name: matrix
hostname: matrix.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.32
ipv4_address: 172.99.0.17
volumes:
- ./data/matrix:/data
env_file:
- ./.env.matrix
- ./.env
networks:
federated:
external: true
EOF
cat > /federated/apps/matrix/.env.element <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=element.$DOMAIN
EOF
cat > /federated/apps/matrix/.env.matrix <<EOF
cat > /federated/apps/matrix/.env <<EOF
IMAGE_VERSION="v1.75.0"
VIRTUAL_PROTO=http
VIRTUAL_PORT=8008
VIRTUAL_HOST=matrix.$DOMAIN
EOF
chmod 600 /federated/apps/matrix/.env.element /federated/apps/matrix/.env.matrix
cat > /federated/apps/matrix/data/element/element-config.json <<EOF
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.$DOMAIN",
"server_name": "matrix.$DOMAIN"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"jitsi": {
"preferredDomain": "jitsi.$DOMAIN"
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"hosting_signup_link": "https://element.io/matrix-services?utm_source=element-web&utm_medium=web",
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"uisi_autorageshake_app": "element-auto-uisi",
"showLabsSettings": true,
"roomDirectory": {
"servers": [
"matrix.org",
"gitter.im",
"libera.chat"
]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"terms_and_conditions_links": [
{
"url": "https://element.io/privacy",
"text": "Privacy Policy"
},
{
"url": "https://element.io/cookie-policy",
"text": "Cookie Policy"
}
],
"hostSignup": {
"brand": "Element Home",
"cookiePolicyUrl": "https://element.io/cookie-policy",
"domains": [
"matrix.org"
],
"privacyPolicyUrl": "https://element.io/privacy",
"termsOfServiceUrl": "https://element.io/terms-of-service",
"url": "https://ems.element.io/element-home/in-app-loader"
},
"sentry": {
"dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6",
"environment": "develop"
},
"posthog": {
"projectApiKey": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO",
"apiHost": "https://posthog.element.io"
},
"privacy_policy_url": "https://element.io/cookie-policy",
"features": {
"feature_spotlight": true,
"feature_video_rooms": true
},
"element_call": {
"url": "https://element-call.netlify.app"
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}
EOF
chmod 600 /federated/apps/matrix/.env
# Generate the matrix homeserver.yaml file
docker run -it --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null
@ -187,6 +90,7 @@ modules:
local_certificate_file: /data/fullchain1.pem
local_private_key_file: /data/privkey1.pem
EOF
chmod 600 /federated/apps/matrix/data/matrix/homeserver.yaml
kill -9 $SPINPID &> /dev/null
echo -ne "done."
@ -209,7 +113,7 @@ start_matrix() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.32 8008 &> /dev/null
nc -z 172.99.0.17 8008 &> /dev/null
if [ $? -eq 0 ]; then
break
else

9
lib/nextcloud.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer NextCloud Service
# NextCloud Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -22,7 +22,7 @@ version: '3.7'
services:
nextcloud:
image: nextcloud:latest
image: nextcloud:\${IMAGE_VERSION}
container_name: nextcloud
hostname: nextcloud.$DOMAIN
domainname: $DOMAIN
@ -32,7 +32,7 @@ services:
dockerfile: Dockerfile
networks:
federated:
ipv4_address: 172.99.0.15
ipv4_address: 172.99.0.16
extra_hosts:
- "collabora.$DOMAIN:$EXTERNALIP"
volumes:
@ -58,6 +58,7 @@ echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
cat > /federated/apps/nextcloud/.env <<EOF
IMAGE_VERSION="25.0.3"
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=nextcloud.$DOMAIN
@ -203,7 +204,7 @@ start_nextcloud() {
# before we proceed
RETRY="35"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.15 80 &> /dev/null
nc -z 172.99.0.16 80 &> /dev/null
if [ $? -eq 0 ]; then
break
else

11
lib/panel.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Control Panel Service
# Panel Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -19,7 +19,7 @@ config_panel() {
cat > /federated/apps/panel/ansible_hosts <<EOF
[servers]
nextcloud ansible_host=172.99.0.15
nextcloud ansible_host=172.99.0.16
[all:vars]
ansible_python_interpreter=/usr/bin/python3
@ -47,7 +47,7 @@ version: '3.7'
services:
panel:
image: wheelybird/ldap-user-manager:latest
image: wheelybird/ldap-user-manager:\${IMAGE_VERSION}
container_name: panel
hostname: panel.$DOMAIN
domainname: $DOMAIN
@ -57,7 +57,7 @@ services:
dockerfile: Dockerfile
networks:
federated:
ipv4_address: 172.99.0.12
ipv4_address: 172.99.0.21
env_file:
- ./.env
@ -67,6 +67,7 @@ networks:
EOF
cat > /federated/apps/panel/.env <<EOF
IMAGE_VERSION="1.10"
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=panel.$DOMAIN
@ -112,7 +113,7 @@ start_panel() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.12 80 &> /dev/null
nc -z 172.99.0.21 80 &> /dev/null
if [ $? -eq 0 ]; then
break
else

9
lib/postgresql.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Control Postgresql Service
# Postgresql Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -26,14 +26,14 @@ version: "3.7"
services:
postgresql:
image: postgres:14
image: postgres:${IMAGE_VERSION}
container_name: postgresql
hostname: postgresql.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.40
ipv4_address: 172.99.0.11
volumes:
- ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
@ -62,6 +62,7 @@ networks:
EOF
cat > /federated/apps/postgresql/.env <<EOF
IMAGE_VERSION="14"
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
@ -110,7 +111,7 @@ start_postgresql() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.40 5432 &> /dev/null
nc -z 172.99.0.11 5432 &> /dev/null
if [ $? -eq 0 ]; then
break
else

13
lib/proxy.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Proxy Service
# Proxy Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -24,14 +24,14 @@ version: '3.7'
services:
proxy:
image: jwilder/nginx-proxy
image: jwilder/nginx-proxy:\${IMAGE_VERSION}
container_name: proxy
hostname: proxy.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.16
ipv4_address: 172.99.0.15
ports:
- 80:80
- 443:443
@ -43,6 +43,11 @@ networks:
federated:
external: true
EOF
cat > /federated/apps/proxy/.env <<EOF
IMAGE_VERSION="1.1"
EOF
chmod 600 /federated/apps/proxy/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
@ -65,7 +70,7 @@ start_proxy() {
# before we proceed
RETRY="23"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.16 443 &> /dev/null
nc -z 172.99.0.15 443 &> /dev/null
if [ $? -eq 0 ]; then
break
else

9
lib/vaultwarden.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Federated Computer Control Postgresql Service
# Vaultwarden Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -22,14 +22,14 @@ version: '3.7'
services:
vaultwarden:
image: vaultwarden/server:latest
image: vaultwarden/server:\${IMAGE_VERSION}
container_name: vaultwarden
hostname: vaultwarden.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.33
ipv4_address: 172.99.0.20
env_file:
- ./.env
volumes:
@ -41,6 +41,7 @@ networks:
EOF
cat > /federated/apps/vaultwarden/.env <<EOF
IMAGE_VERSION="1.27.0"
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
@ -72,7 +73,7 @@ start_vaultwarden() {
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.33 80 &> /dev/null
nc -z 172.99.0.20 80 &> /dev/null
if [ $? -eq 0 ]; then
break
else

101
lib/wireguard.sh Normal file
View File

@ -0,0 +1,101 @@
#!/bin/bash
#
# Wireguard / VPN Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_wireguard() {
echo -ne "\n* Configuring /federated/apps/wireguard container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/wireguard" ]; then
mkdir -p /federated/apps/wireguard/data/config
fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/wireguard/docker-compose.yml <<EOF
version: "3.7"
services:
wireguard:
image: linuxserver/wireguard:\${IMAGE_VERSION}
container_name: vpn
hostname: vpn.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.22
ports:
- 51820:51820/udp
volumes:
- ./data/config:/config
- /lib/modules:/lib/modules
env_file:
- ./.env
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
networks:
federated:
external: true
EOF
cat > /federated/apps/wireguard/.env <<EOF
IMAGE_VERSION="1.0.20210914"
PUID=1000
PGID=1000
SERVERURL=vpn.$DOMAIN
SERVERPORT=51820
PEERS=1
PEERDNS=auto
ALLOWEDIPS=172.99.0.0/24
LOG_CONFS=true
EOF
chmod 600 /federated/apps/wireguard/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_wireguard() {
# Start /federated/apps/wireguard with output to /dev/null
echo -ne "\n* Starting /federated/apps/wireguard service.."
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/wireguard with output to console for debug
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/wireguard"
else
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up -d &> /dev/null
# Keep trying wireguard port 80 to make sure it's up
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -uvz 172.99.0.22 51820 &> /dev/null
if [ $? -eq 0 ]; then
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard down &> /dev/null
kill -9 $SPINPID &> /dev/null
fail "There was a problem starting service /federated/apps/wireguard\nCheck the output of 'docker logs wireguard' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 7
fi
done
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}