bero/test
1
0
Fork 0
Code Issues52 Pull Requests3 Actions Packages Projects Releases Wiki Activity

First run of .env and secret files

Browse Source
This commit is contained in:
Derek Crudgington 2023-01-05 20:29:17 +00:00
parent 7efedcd8e9
commit b8593ba656
12 changed files with 214 additions and 127 deletions

5
bin/install-federated.sh

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash -x
#
# Federated installation script
@ -44,6 +44,7 @@ get_config() {
fi
done
. /federated/lib/functions.sh
. /federated/lib/checks.sh
. /federated/lib/network.sh
. /federated/lib/dns.sh
@ -88,7 +89,7 @@ check_ports
config_network
# Configure and start each federated service
for i in dns postgresql ldap mail collabora nextcloud matrix listmonk vaultwarden panel proxy jitsi; do
for i in dns postgresql ldap mail collabora proxy nextcloud matrix listmonk vaultwarden panel jitsi; do
config_$i
start_$i
done

17
lib/collabora.sh

@ -39,12 +39,8 @@ services:
- ./data/root/certs/fullchain1.pem:/etc/coolwsd/cert.pem
- ./data/root/certs/privkey1.pem:/etc/coolwsd/key.pem
- ./data/root/certs/chain1.pem:/etc/coolwsd/ca-chain.cert.pem
environment:
- VIRTUAL_PROTO=https
- VIRTUAL_PORT=9980
- VIRTUAL_HOST=collabora.$DOMAIN
- domain=nextcloud.$DOMAIN
- server_name=collabora.$DOMAIN
env_file:
- ./.env
cap_add:
- MKNOD
@ -53,6 +49,15 @@ networks:
external: true
EOF
cat > /federated/apps/collabora/.env <<EOF
VIRTUAL_PROTO=https
VIRTUAL_PORT=9980
VIRTUAL_HOST=collabora.$DOMAIN
domain=nextcloud.$DOMAIN
server_name=collabora.$DOMAIN
EOF
chmod 600 /federated/apps/collabora/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

6
lib/functions.sh Normal file

@ -0,0 +1,6 @@
create_password() {
# eval $1_var=$1
# echo "$postgres_var"
SECRET=`tr -cd '[:alnum:]' < /dev/urandom | fold -w32 | head -n1`
echo "$SECRET";
}

2
lib/jitsi.sh

@ -532,7 +532,7 @@ LDAP_BASE=DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST
LDAP_BINDDN=CN=admin,DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST
# LDAP user password. Do not specify this parameter for the anonymous bind
LDAP_BINDPW=$ADMINPASS
LDAP_BINDPW=$LDAP_SECRET
# LDAP filter. Tokens example:

36
lib/ldap.sh

@ -42,23 +42,37 @@ services:
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
- ./data/certs:/container/service/slapd/assets/certs
- ./data/root:/root
environment:
- LDAP_ORGANISATION=$COMPANY
- LDAP_DOMAIN=$DOMAIN
- LDAP_ADMIN_PASSWORD=$ADMINPASS
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_REMOVE_CONFIG_AFTER_SETUP=true
- LDAP_TLS=true
- LDAP_TLS_CRT_FILENAME=fullchain1.pem
- LDAP_TLS_KEY_FILENAME=privkey1.pem
- LDAP_TLS_CA_CRT_FILENAME=chain1.pem
- LDAP_TLS_VERIFY_CLIENT=try
env_file:
- ./.env
secrets:
- federated_ldap_password
secrets:
federated_ldap_password:
file: ./.ldap.secret
networks:
federated:
external: true
EOF
cat > /federated/apps/ldap/.env <<EOF
LDAP_ORGANISATION=$COMPANY
LDAP_DOMAIN=$DOMAIN
LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password
LDAP_RFC2307BIS_SCHEMA=true
LDAP_REMOVE_CONFIG_AFTER_SETUP=true
LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=fullchain1.pem
LDAP_TLS_KEY_FILENAME=privkey1.pem
LDAP_TLS_CA_CRT_FILENAME=chain1.pem
LDAP_TLS_VERIFY_CLIENT=try
EOF
chmod 600 /federated/apps/ldap/.env
LDAP_SECRET=$(create_password);
echo "$LDAP_SECRET" > /federated/apps/ldap/.ldap.secret
chmod 600 /federated/apps/ldap/.ldap.secret
cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF
dn: ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
ou: people

17
lib/listmonk.sh

@ -31,11 +31,8 @@ services:
networks:
federated:
ipv4_address: 172.99.0.39
environment:
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=9000
- VIRTUAL_HOST=listmonk.$DOMAIN
- TZ=Etc/UTC
env_file:
- ./.env
volumes:
- ./data/listmonk/config.toml:/listmonk/config.toml
- ./data/listmonk/static:/listmonk/static
@ -45,6 +42,13 @@ networks:
external: true
EOF
cat > /federated/apps/listmonk/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=9000
VIRTUAL_HOST=listmonk.$DOMAIN
TZ=Etc/UTC
EOF
cat > /federated/apps/listmonk/data/listmonk/config.toml <<EOF
[app]
address = "0.0.0.0:9000"
@ -56,13 +60,14 @@ admin_password = "$ADMINPASS"
host = "postgresql.$DOMAIN"
port = 5432
user = "listmonk"
password = "$ADMINPASS"
password = "$LISTMONK_SECRET"
database = "listmonk"
ssl_mode = "disable"
max_open = 25
max_idle = 25
max_lifetime = "300s"
EOF
chmod 600 /federated/apps/listmonk/data/listmonk/config.toml /federated/apps/listmonk/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."

83
lib/mail.sh

@ -48,45 +48,8 @@ services:
- ./data/var/log/mail:/var/log/mail/
- ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_SPAMASSASSIN_KAM=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- LOG_LEVEL=debug
- ENABLE_LDAP=1
- SSL_TYPE=manual
- SSL_CERT_PATH=/root/certs/fullchain1.pem
- SSL_KEY_PATH=/root/certs/privkey1.pem
- LDAP_START_TLS=yes
- DOVECOT_TLS=yes
- SASLAUTHD_LDAP_START_TLS=yes
- LDAP_SERVER_HOST=ldap.$DOMAIN
- LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_BIND_PW=$ADMINPASS
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
# DOVECOT
- DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
- DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- SASLAUTHD_LDAP_PASSWORD=$ADMINPASS
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
env_file:
- ./.env
cap_add:
- NET_ADMIN
- SYS_PTRACE
@ -96,6 +59,48 @@ networks:
external: true
EOF
cat > /federated/apps/mail/.env <<EOF
ENABLE_SPAMASSASSIN=1
ENABLE_SPAMASSASSIN_KAM=1
SPAMASSASSIN_SPAM_TO_INBOX=1
ENABLE_CLAMAV=0
ENABLE_FAIL2BAN=1
ENABLE_POSTGREY=1
ONE_DIR=1
DMS_DEBUG=0
LOG_LEVEL=debug
ENABLE_LDAP=1
SSL_TYPE=manual
SSL_CERT_PATH=/root/certs/fullchain1.pem
SSL_KEY_PATH=/root/certs/privkey1.pem
LDAP_START_TLS=yes
DOVECOT_TLS=yes
SASLAUTHD_LDAP_START_TLS=yes
LDAP_SERVER_HOST=ldap.$DOMAIN
LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_BIND_PW=$LDAP_SECRET
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
# DOVECOT
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
ENABLE_SASLAUTHD=1
SASLAUTHD_MECHANISMS=ldap
SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
EOF
chmod 600 /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf

28
lib/matrix.sh

@ -34,10 +34,8 @@ services:
networks:
federated:
ipv4_address: 172.99.0.31
environment:
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
- VIRTUAL_HOST=element.$DOMAIN
env_file:
- ./.env.element
synapse:
image: matrixdotorg/synapse:latest
@ -50,16 +48,26 @@ services:
ipv4_address: 172.99.0.32
volumes:
- ./data/matrix:/data
environment:
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=8008
- VIRTUAL_HOST=matrix.$DOMAIN
env_file:
- ./.env.matrix
networks:
federated:
external: true
EOF
cat > /federated/apps/matrix/.env.element <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=element.$DOMAIN
EOF
cat > /federated/apps/matrix/.env.matrix <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=8008
VIRTUAL_HOST=matrix.$DOMAIN
EOF
chmod 600 /federated/apps/matrix/.env.element /federated/apps/matrix/.env.matrix
cat > /federated/apps/matrix/data/element/element-config.json <<EOF
{
"default_server_config": {
@ -156,7 +164,7 @@ database:
name: psycopg2
args:
user: matrix
password: $ADMINPASS
password: $MATRIX_SECRET
host: postgresql.$DOMAIN
database: matrix
cp_min: 5
@ -173,7 +181,7 @@ modules:
mail: "mail"
name: "givenName"
bind_dn: cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
bind_password: $ADMINPASS
bind_password: $LDAP_SECRET
tls_options:
validate: true
local_certificate_file: /data/fullchain1.pem

43
lib/nextcloud.sh

@ -37,24 +37,41 @@ services:
- "collabora.$DOMAIN:$EXTERNALIP"
volumes:
- ./data/var/www/html:/var/www/html
environment:
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
- VIRTUAL_HOST=nextcloud.$DOMAIN
- PHP_MEMORY_LIMIT=2048M
- PHP_UPLOAD_LIMIT=2048M
- NEXTCLOUD_ADMIN_USER=nextcloud
- NEXTCLOUD_ADMIN_PASSWORD=$ADMINPASS
- POSTGRES_HOST=postgresql.$DOMAIN
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=$ADMINPASS
env_file:
- ./.env
secrets:
- federated_psql_password
- federated_nextcloud_password
secrets:
federated_psql_password:
file: ./.postgresql.secret
federated_nextcloud_password:
file: ./.nextcloud.secret
networks:
federated:
external: true
EOF
cp /federated/apps/postgresql/.postgresql.secret /federated/apps/nextcloud/
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
cat > /federated/apps/nextcloud/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=nextcloud.$DOMAIN
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=2048M
NEXTCLOUD_ADMIN_USER=nextcloud
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/federated_nextcloud_password
POSTGRES_HOST=postgresql.$DOMAIN
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
EOF
chmod 600 /federated/apps/nextcloud/.env
cat > /federated/apps/nextcloud/supervisord.conf <<EOF
[supervisord]
nodaemon=true
@ -110,7 +127,7 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
./occ ldap:create-empty-config
./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapAgentPassword $ADMINPASS
./occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST

49
lib/panel.sh

@ -58,34 +58,39 @@ services:
networks:
federated:
ipv4_address: 172.99.0.12
environment:
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
- VIRTUAL_HOST=panel.$DOMAIN
- SERVER_HOSTNAME=panel.$DOMAIN
- LDAP_URI=ldap://ldap.$DOMAIN
- LDAP_BASE_DN=dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_REQUIRE_STARTTLS=true
- LDAP_ADMINS_GROUP=admins
- LDAP_ADMIN_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
- LDAP_ADMIN_BIND_PWD=$ADMINPASS
- LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases
- EMAIL_DOMAIN=$DOMAIN
- USERNAME_FORMAT={first_name}.{last_name}
- SITE_NAME=$COMPANY User Manager
- SMTP_HOSTNAME=mail.$DOMAIN
- SMTP_USERNAME=admin
- SMTP_PASSWORD=$ADMINPASS
- EMAIL_FROM_ADDRESS=admin@$DOMAIN
- SMTP_USE_TLS=true
- NO_HTTPS=true
env_file:
- ./.env
networks:
federated:
external: true
EOF
cat > /federated/apps/panel/.env <<EOF
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=panel.$DOMAIN
SERVER_HOSTNAME=panel.$DOMAIN
LDAP_URI=ldap://ldap.$DOMAIN
LDAP_BASE_DN=dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_REQUIRE_STARTTLS=true
LDAP_ADMINS_GROUP=admins
LDAP_ADMIN_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
LDAP_ADMIN_BIND_PWD=$LDAP_SECRET
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases
EMAIL_DOMAIN=$DOMAIN
USERNAME_FORMAT={first_name}.{last_name}
SITE_NAME=$COMPANY User Manager
SMTP_HOSTNAME=mail.$DOMAIN
SMTP_USERNAME=admin
SMTP_PASSWORD=$ADMINPASS
EMAIL_FROM_ADDRESS=admin@$DOMAIN
SMTP_USE_TLS=true
NO_HTTPS=true
EOF
chmod 600 /federated/apps/panel/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

33
lib/postgresql.sh

@ -39,11 +39,10 @@ services:
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
- ./data/var/lib/postgresql/data:/var/lib/postgresql/data
- ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=$ADMINPASS
- POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
env_file:
- ./.env
secrets:
- federated_psql_password
command: >
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
@ -54,20 +53,38 @@ services:
timeout: 5s
retries: 5
secrets:
federated_psql_password:
file: ./.postgresql.secret
networks:
federated:
external: true
EOF
cat > /federated/apps/postgresql/.env <<EOF
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
EOF
chmod 600 /federated/apps/postgresql/.env
PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret
VAULTWARDEN_SECRET=$(create_password);
LISTMONK_SECRET=$(create_password);
MATRIX_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER vaultwarden WITH PASSWORD '$ADMINPASS';
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
CREATE USER listmonk WITH PASSWORD '$ADMINPASS';
CREATE USER listmonk WITH PASSWORD '$LISTMONK_SECRET';
CREATE DATABASE listmonk;
GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk;
CREATE USER matrix WITH PASSWORD '$ADMINPASS';
CREATE USER matrix WITH PASSWORD '$MATRIX_SECRET';
CREATE DATABASE matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
EOF

22
lib/vaultwarden.sh

@ -30,15 +30,8 @@ services:
networks:
federated:
ipv4_address: 172.99.0.33
environment:
- VAULTWARDEN_DATABASE_URL=vaultwarden://vaultwarden:$ADMINPASS@vaultwarden.$DOMAIN/vaultwarden
- "DATABASE_URL=vaultwarden://vaultwarden:$ADMINPASS@vaultwarden.$DOMAIN/vaultwarden"
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
- VIRTUAL_HOST=vaultwarden.$DOMAIN
- WEBSOCKET_ENABLED=true
- ADMIN_TOKEN=$ADMINPASS
# - SIGNUPS_ALLOWED=false
env_file:
- ./.env
volumes:
- ./data/data:/data
@ -47,6 +40,17 @@ networks:
external: true
EOF
cat > /federated/apps/vaultwarden/.env <<EOF
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
VIRTUAL_PROTO=http
VIRTUAL_PORT=80
VIRTUAL_HOST=vaultwarden.$DOMAIN
WEBSOCKET_ENABLED=true
ADMIN_TOKEN=$VAULTWARDEN_SECRET
#- SIGNUPS_ALLOWED=false
EOF
chmod 600 /federated/apps/vaultwarden/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}