bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

First run of .env and secret files

Browse Source
This commit is contained in:
Derek Crudgington 2023-01-05 20:29:17 +00:00
parent 7efedcd8e9
commit b8593ba656
12 changed files with 214 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/install-federated.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -x
# #
# Federated installation script # Federated installation script
@ -44,6 +44,7 @@ get_config() {
fi fi
done done
. /federated/lib/functions.sh
. /federated/lib/checks.sh . /federated/lib/checks.sh
. /federated/lib/network.sh . /federated/lib/network.sh
. /federated/lib/dns.sh . /federated/lib/dns.sh
@ -88,7 +89,7 @@ check_ports
config_network config_network
# Configure and start each federated service # Configure and start each federated service
for i in dns postgresql ldap mail collabora nextcloud matrix listmonk vaultwarden panel proxy jitsi; do for i in dns postgresql ldap mail collabora proxy nextcloud matrix listmonk vaultwarden panel jitsi; do
config_$i config_$i
start_$i start_$i
done done

17
lib/collabora.sh
View File

@ -39,12 +39,8 @@ services:
- ./data/root/certs/fullchain1.pem:/etc/coolwsd/cert.pem - ./data/root/certs/fullchain1.pem:/etc/coolwsd/cert.pem
- ./data/root/certs/privkey1.pem:/etc/coolwsd/key.pem - ./data/root/certs/privkey1.pem:/etc/coolwsd/key.pem
- ./data/root/certs/chain1.pem:/etc/coolwsd/ca-chain.cert.pem - ./data/root/certs/chain1.pem:/etc/coolwsd/ca-chain.cert.pem
environment: env_file:
- VIRTUAL_PROTO=https - ./.env
- VIRTUAL_PORT=9980
- VIRTUAL_HOST=collabora.$DOMAIN
- domain=nextcloud.$DOMAIN
- server_name=collabora.$DOMAIN
cap_add: cap_add:
- MKNOD - MKNOD
@ -53,6 +49,15 @@ networks:
external: true external: true
EOF EOF
cat > /federated/apps/collabora/.env <<EOF
VIRTUAL_PROTO=https
VIRTUAL_PORT=9980
VIRTUAL_HOST=collabora.$DOMAIN
domain=nextcloud.$DOMAIN
server_name=collabora.$DOMAIN
EOF
chmod 600 /federated/apps/collabora/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }

6
lib/functions.sh Normal file
View File

@ -0,0 +1,6 @@
create_password() {
# eval $1_var=$1
# echo "$postgres_var"
SECRET=`tr -cd '[:alnum:]' < /dev/urandom | fold -w32 | head -n1`
echo "$SECRET";
}

2
lib/jitsi.sh
View File

@ -532,7 +532,7 @@ LDAP_BASE=DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST
LDAP_BINDDN=CN=admin,DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST LDAP_BINDDN=CN=admin,DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST
# LDAP user password. Do not specify this parameter for the anonymous bind # LDAP user password. Do not specify this parameter for the anonymous bind
LDAP_BINDPW=$ADMINPASS LDAP_BINDPW=$LDAP_SECRET
# LDAP filter. Tokens example: # LDAP filter. Tokens example:

36
lib/ldap.sh
View File

@ -42,23 +42,37 @@ services:
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d - ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
- ./data/certs:/container/service/slapd/assets/certs - ./data/certs:/container/service/slapd/assets/certs
- ./data/root:/root - ./data/root:/root
environment: env_file:
- LDAP_ORGANISATION=$COMPANY - ./.env
- LDAP_DOMAIN=$DOMAIN secrets:
- LDAP_ADMIN_PASSWORD=$ADMINPASS - federated_ldap_password
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_REMOVE_CONFIG_AFTER_SETUP=true
- LDAP_TLS=true
- LDAP_TLS_CRT_FILENAME=fullchain1.pem
- LDAP_TLS_KEY_FILENAME=privkey1.pem
- LDAP_TLS_CA_CRT_FILENAME=chain1.pem
- LDAP_TLS_VERIFY_CLIENT=try
secrets:
federated_ldap_password:
file: ./.ldap.secret
networks: networks:
federated: federated:
external: true external: true
EOF EOF
cat > /federated/apps/ldap/.env <<EOF
LDAP_ORGANISATION=$COMPANY
LDAP_DOMAIN=$DOMAIN
LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password
LDAP_RFC2307BIS_SCHEMA=true
LDAP_REMOVE_CONFIG_AFTER_SETUP=true
LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=fullchain1.pem
LDAP_TLS_KEY_FILENAME=privkey1.pem
LDAP_TLS_CA_CRT_FILENAME=chain1.pem
LDAP_TLS_VERIFY_CLIENT=try
EOF
chmod 600 /federated/apps/ldap/.env
LDAP_SECRET=$(create_password);
echo "$LDAP_SECRET" > /federated/apps/ldap/.ldap.secret
chmod 600 /federated/apps/ldap/.ldap.secret
cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF
dn: ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
ou: people ou: people

17
lib/listmonk.sh
View File

@ -31,11 +31,8 @@ services:
networks: networks:
federated: federated:
ipv4_address: 172.99.0.39 ipv4_address: 172.99.0.39
environment: env_file:
- VIRTUAL_PROTO=http - ./.env
- VIRTUAL_PORT=9000
- VIRTUAL_HOST=listmonk.$DOMAIN
- TZ=Etc/UTC
volumes: volumes:
- ./data/listmonk/config.toml:/listmonk/config.toml - ./data/listmonk/config.toml:/listmonk/config.toml
- ./data/listmonk/static:/listmonk/static - ./data/listmonk/static:/listmonk/static
@ -45,6 +42,13 @@ networks:
external: true external: true
EOF EOF
cat > /federated/apps/listmonk/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=9000
VIRTUAL_HOST=listmonk.$DOMAIN
TZ=Etc/UTC
EOF
cat > /federated/apps/listmonk/data/listmonk/config.toml <<EOF cat > /federated/apps/listmonk/data/listmonk/config.toml <<EOF
[app] [app]
address = "0.0.0.0:9000" address = "0.0.0.0:9000"
@ -56,13 +60,14 @@ admin_password = "$ADMINPASS"
host = "postgresql.$DOMAIN" host = "postgresql.$DOMAIN"
port = 5432 port = 5432
user = "listmonk" user = "listmonk"
password = "$ADMINPASS" password = "$LISTMONK_SECRET"
database = "listmonk" database = "listmonk"
ssl_mode = "disable" ssl_mode = "disable"
max_open = 25 max_open = 25
max_idle = 25 max_idle = 25
max_lifetime = "300s" max_lifetime = "300s"
EOF EOF
chmod 600 /federated/apps/listmonk/data/listmonk/config.toml /federated/apps/listmonk/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

83
lib/mail.sh
View File

@ -48,45 +48,8 @@ services:
- ./data/var/log/mail:/var/log/mail/ - ./data/var/log/mail:/var/log/mail/
- ./data/tmp/docker-mailserver:/tmp/docker-mailserver/ - ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: env_file:
- ENABLE_SPAMASSASSIN=1 - ./.env
- ENABLE_SPAMASSASSIN_KAM=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- LOG_LEVEL=debug
- ENABLE_LDAP=1
- SSL_TYPE=manual
- SSL_CERT_PATH=/root/certs/fullchain1.pem
- SSL_KEY_PATH=/root/certs/privkey1.pem
- LDAP_START_TLS=yes
- DOVECOT_TLS=yes
- SASLAUTHD_LDAP_START_TLS=yes
- LDAP_SERVER_HOST=ldap.$DOMAIN
- LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_BIND_PW=$ADMINPASS
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
# DOVECOT
- DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
- DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- SASLAUTHD_LDAP_PASSWORD=$ADMINPASS
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
- SYS_PTRACE - SYS_PTRACE
@ -96,6 +59,48 @@ networks:
external: true external: true
EOF EOF
cat > /federated/apps/mail/.env <<EOF
ENABLE_SPAMASSASSIN=1
ENABLE_SPAMASSASSIN_KAM=1
SPAMASSASSIN_SPAM_TO_INBOX=1
ENABLE_CLAMAV=0
ENABLE_FAIL2BAN=1
ENABLE_POSTGREY=1
ONE_DIR=1
DMS_DEBUG=0
LOG_LEVEL=debug
ENABLE_LDAP=1
SSL_TYPE=manual
SSL_CERT_PATH=/root/certs/fullchain1.pem
SSL_KEY_PATH=/root/certs/privkey1.pem
LDAP_START_TLS=yes
DOVECOT_TLS=yes
SASLAUTHD_LDAP_START_TLS=yes
LDAP_SERVER_HOST=ldap.$DOMAIN
LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_BIND_PW=$LDAP_SECRET
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
# DOVECOT
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
ENABLE_SASLAUTHD=1
SASLAUTHD_MECHANISMS=ldap
SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
EOF
chmod 600 /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf

28
lib/matrix.sh
View File

@ -34,10 +34,8 @@ services:
networks: networks:
federated: federated:
ipv4_address: 172.99.0.31 ipv4_address: 172.99.0.31
environment: env_file:
- VIRTUAL_PROTO=http - ./.env.element
- VIRTUAL_PORT=80
- VIRTUAL_HOST=element.$DOMAIN
synapse: synapse:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
@ -50,16 +48,26 @@ services:
ipv4_address: 172.99.0.32 ipv4_address: 172.99.0.32
volumes: volumes:
- ./data/matrix:/data - ./data/matrix:/data
environment: env_file:
- VIRTUAL_PROTO=http - ./.env.matrix
- VIRTUAL_PORT=8008
- VIRTUAL_HOST=matrix.$DOMAIN
networks: networks:
federated: federated:
external: true external: true
EOF EOF
cat > /federated/apps/matrix/.env.element <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=element.$DOMAIN
EOF
cat > /federated/apps/matrix/.env.matrix <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=8008
VIRTUAL_HOST=matrix.$DOMAIN
EOF
chmod 600 /federated/apps/matrix/.env.element /federated/apps/matrix/.env.matrix
cat > /federated/apps/matrix/data/element/element-config.json <<EOF cat > /federated/apps/matrix/data/element/element-config.json <<EOF
{ {
"default_server_config": { "default_server_config": {
@ -156,7 +164,7 @@ database:
name: psycopg2 name: psycopg2
args: args:
user: matrix user: matrix
password: $ADMINPASS password: $MATRIX_SECRET
host: postgresql.$DOMAIN host: postgresql.$DOMAIN
database: matrix database: matrix
cp_min: 5 cp_min: 5
@ -173,7 +181,7 @@ modules:
mail: "mail" mail: "mail"
name: "givenName" name: "givenName"
bind_dn: cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST bind_dn: cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
bind_password: $ADMINPASS bind_password: $LDAP_SECRET
tls_options: tls_options:
validate: true validate: true
local_certificate_file: /data/fullchain1.pem local_certificate_file: /data/fullchain1.pem

43
lib/nextcloud.sh
View File

@ -37,24 +37,41 @@ services:
- "collabora.$DOMAIN:$EXTERNALIP" - "collabora.$DOMAIN:$EXTERNALIP"
volumes: volumes:
- ./data/var/www/html:/var/www/html - ./data/var/www/html:/var/www/html
environment: env_file:
- VIRTUAL_PROTO=http - ./.env
- VIRTUAL_PORT=80 secrets:
- VIRTUAL_HOST=nextcloud.$DOMAIN - federated_psql_password
- PHP_MEMORY_LIMIT=2048M - federated_nextcloud_password
- PHP_UPLOAD_LIMIT=2048M
- NEXTCLOUD_ADMIN_USER=nextcloud
- NEXTCLOUD_ADMIN_PASSWORD=$ADMINPASS
- POSTGRES_HOST=postgresql.$DOMAIN
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=$ADMINPASS
secrets:
federated_psql_password:
file: ./.postgresql.secret
federated_nextcloud_password:
file: ./.nextcloud.secret
networks: networks:
federated: federated:
external: true external: true
EOF EOF
cp /federated/apps/postgresql/.postgresql.secret /federated/apps/nextcloud/
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
cat > /federated/apps/nextcloud/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=nextcloud.$DOMAIN
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=2048M
NEXTCLOUD_ADMIN_USER=nextcloud
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/federated_nextcloud_password
POSTGRES_HOST=postgresql.$DOMAIN
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
EOF
chmod 600 /federated/apps/nextcloud/.env
cat > /federated/apps/nextcloud/supervisord.conf <<EOF cat > /federated/apps/nextcloud/supervisord.conf <<EOF
[supervisord] [supervisord]
nodaemon=true nodaemon=true
@ -110,7 +127,7 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
./occ ldap:create-empty-config ./occ ldap:create-empty-config
./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN' ./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST ./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapAgentPassword $ADMINPASS ./occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST ./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST ./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST ./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST

49
lib/panel.sh
View File

@ -58,34 +58,39 @@ services:
networks: networks:
federated: federated:
ipv4_address: 172.99.0.12 ipv4_address: 172.99.0.12
environment: env_file:
- VIRTUAL_PROTO=http - ./.env
- VIRTUAL_PORT=80
- VIRTUAL_HOST=panel.$DOMAIN
- SERVER_HOSTNAME=panel.$DOMAIN
- LDAP_URI=ldap://ldap.$DOMAIN
- LDAP_BASE_DN=dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_REQUIRE_STARTTLS=true
- LDAP_ADMINS_GROUP=admins
- LDAP_ADMIN_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_ADMIN_BIND_PWD=$ADMINPASS
- LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases
- EMAIL_DOMAIN=$DOMAIN
- USERNAME_FORMAT={first_name}.{last_name}
- SITE_NAME=$COMPANY User Manager
- SMTP_HOSTNAME=mail.$DOMAIN
- SMTP_USERNAME=admin
- SMTP_PASSWORD=$ADMINPASS
- EMAIL_FROM_ADDRESS=admin@$DOMAIN
- SMTP_USE_TLS=true
- NO_HTTPS=true
networks: networks:
federated: federated:
external: true external: true
EOF EOF
cat > /federated/apps/panel/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=panel.$DOMAIN
SERVER_HOSTNAME=panel.$DOMAIN
LDAP_URI=ldap://ldap.$DOMAIN
LDAP_BASE_DN=dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_REQUIRE_STARTTLS=true
LDAP_ADMINS_GROUP=admins
LDAP_ADMIN_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_ADMIN_BIND_PWD=$LDAP_SECRET
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases
EMAIL_DOMAIN=$DOMAIN
USERNAME_FORMAT={first_name}.{last_name}
SITE_NAME=$COMPANY User Manager
SMTP_HOSTNAME=mail.$DOMAIN
SMTP_USERNAME=admin
SMTP_PASSWORD=$ADMINPASS
EMAIL_FROM_ADDRESS=admin@$DOMAIN
SMTP_USE_TLS=true
NO_HTTPS=true
EOF
chmod 600 /federated/apps/panel/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }

33
lib/postgresql.sh
View File

@ -39,11 +39,10 @@ services:
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key - ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
- ./data/var/lib/postgresql/data:/var/lib/postgresql/data - ./data/var/lib/postgresql/data:/var/lib/postgresql/data
- ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
environment: env_file:
- POSTGRES_DB=nextcloud - ./.env
- POSTGRES_USER=nextcloud secrets:
- POSTGRES_PASSWORD=$ADMINPASS - federated_psql_password
- POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
command: > command: >
-c ssl=on -c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_cert_file=/var/lib/postgresql/server.crt
@ -54,20 +53,38 @@ services:
timeout: 5s timeout: 5s
retries: 5 retries: 5
secrets:
federated_psql_password:
file: ./.postgresql.secret
networks: networks:
federated: federated:
external: true external: true
EOF EOF
cat > /federated/apps/postgresql/.env <<EOF
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
EOF
chmod 600 /federated/apps/postgresql/.env
PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret
VAULTWARDEN_SECRET=$(create_password);
LISTMONK_SECRET=$(create_password);
MATRIX_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql # cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER vaultwarden WITH PASSWORD '$ADMINPASS'; CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden; CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden; GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
CREATE USER listmonk WITH PASSWORD '$ADMINPASS'; CREATE USER listmonk WITH PASSWORD '$LISTMONK_SECRET';
CREATE DATABASE listmonk; CREATE DATABASE listmonk;
GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk; GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk;
CREATE USER matrix WITH PASSWORD '$ADMINPASS'; CREATE USER matrix WITH PASSWORD '$MATRIX_SECRET';
CREATE DATABASE matrix; CREATE DATABASE matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix; GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
EOF EOF

22
lib/vaultwarden.sh
View File

@ -30,15 +30,8 @@ services:
networks: networks:
federated: federated:
ipv4_address: 172.99.0.33 ipv4_address: 172.99.0.33
environment: env_file:
- VAULTWARDEN_DATABASE_URL=vaultwarden://vaultwarden:$ADMINPASS@vaultwarden.$DOMAIN/vaultwarden - ./.env
- "DATABASE_URL=vaultwarden://vaultwarden:$ADMINPASS@vaultwarden.$DOMAIN/vaultwarden"
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
- VIRTUAL_HOST=vaultwarden.$DOMAIN
- WEBSOCKET_ENABLED=true
- ADMIN_TOKEN=$ADMINPASS
# - SIGNUPS_ALLOWED=false
volumes: volumes:
- ./data/data:/data - ./data/data:/data
@ -47,6 +40,17 @@ networks:
external: true external: true
EOF EOF
cat > /federated/apps/vaultwarden/.env <<EOF
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=vaultwarden.$DOMAIN
WEBSOCKET_ENABLED=true
ADMIN_TOKEN=$VAULTWARDEN_SECRET
#- SIGNUPS_ALLOWED=false
EOF
chmod 600 /federated/apps/vaultwarden/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }