From c6430c8a80235278d84330f824229a7553d9c45f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Oct 2022 17:48:17 +0000 Subject: [PATCH] Added ansible support for nextcloud, panel images. This enables mail client being auto configured for when new users are added --- fstack/files/new_user.php | 422 ++++++++++++++++++++++++++++++++++++++ fstack/lib/checks.sh | Bin 4065 -> 51200 bytes fstack/lib/nextcloud.sh | 65 +++++- fstack/lib/panel.sh | 38 +++- install-federated.sh | 2 +- 5 files changed, 515 insertions(+), 12 deletions(-) create mode 100644 fstack/files/new_user.php diff --git a/fstack/files/new_user.php b/fstack/files/new_user.php new file mode 100644 index 0000000..52e9bcb --- /dev/null +++ b/fstack/files/new_user.php @@ -0,0 +1,422 @@ + array("label" => "Account UID"))); +} + +if ( isset($_POST['setup_admin_account']) ) { + + $admin_setup = TRUE; + + validate_setup_cookie(); + set_page_access("setup"); + + $completed_action="${SERVER_PATH}log_in"; + $page_title="New administrator account"; + + render_header("$ORGANISATION_NAME account manager - setup administrator account", FALSE); + +} +else { + set_page_access("admin"); + + $completed_action="${THIS_MODULE_PATH}/"; + $page_title="New account"; + $admin_setup = FALSE; + + render_header("$ORGANISATION_NAME account manager"); + render_submenu(); +} + +$invalid_password = FALSE; +$mismatched_passwords = FALSE; +$invalid_username = FALSE; +$weak_password = FALSE; +$invalid_email = FALSE; +$disabled_email_tickbox = TRUE; +$invalid_cn = FALSE; +$invalid_account_identifier = FALSE; +$account_attribute = $LDAP['account_attribute']; + +$new_account_r = array(); + +foreach ($attribute_map as $attribute => $attr_r) { + + if (isset($_FILES[$attribute]['size']) and $_FILES[$attribute]['size'] > 0) { + + $this_attribute = array(); + $this_attribute['count'] = 1; + $this_attribute[0] = file_get_contents($_FILES[$attribute]['tmp_name']); + $$attribute = $this_attribute; + $new_account_r[$attribute] = $this_attribute; + unset($new_account_r[$attribute]['count']); + + } + + if (isset($_POST[$attribute])) { + + $this_attribute = array(); + + if (is_array($_POST[$attribute]) and count($_POST[$attribute]) > 0) { + foreach($_POST[$attribute] as $key => $value) { + if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); } + } + if (count($this_attribute) > 0) { + $this_attribute['count'] = count($this_attribute); + $$attribute = $this_attribute; + } + } + elseif ($_POST[$attribute] != "") { + $this_attribute['count'] = 1; + $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $$attribute = $this_attribute; + } + + } + + if (!isset($$attribute) and isset($attr_r['default'])) { + $$attribute['count'] = 1; + $$attribute[0] = $attr_r['default']; + } + + if (isset($$attribute)) { + $new_account_r[$attribute] = $$attribute; + unset($new_account_r[$attribute]['count']); + } + +} + +## + +if (isset($_GET['account_request'])) { + + $givenname[0]=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $new_account_r['givenname'] = $givenname[0]; + unset($new_account_r['givenname']['count']); + + $sn[0]=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $new_account_r['sn'] = $sn[0]; + unset($new_account_r['sn']['count']); + + $mail[0]=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL); + if ($mail[0] == "") { + if (isset($EMAIL_DOMAIN)) { + $mail[0] = $uid . "@" . $EMAIL_DOMAIN; + $disabled_email_tickbox = FALSE; + } + } + else { + $disabled_email_tickbox = FALSE; + } + $new_account_r['mail'] = $mail; + unset($new_account_r['mail']['count']); + +} + + +if (isset($_GET['account_request']) or isset($_POST['create_account'])) { + + if (!isset($uid[0])) { + $uid[0] = generate_username($givenname[0],$sn[0]); + $new_account_r['uid'] = $uid; + unset($new_account_r['uid']['count']); + } + + if (!isset($cn[0])) { + if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) { + $cn[0] = $givenname[0] . $sn[0]; + } + else { + $cn[0] = $givenname[0] . " " . $sn[0]; + } + $new_account_r['cn'] = $cn; + unset($new_account_r['cn']['count']); + } + +} + + +if (isset($_POST['create_account'])) { + + $password = $_POST['password']; + $new_account_r['password'][0] = $password; + $account_identifier = $new_account_r[$account_attribute][0]; + $this_cn=$cn[0]; + $this_mail=$mail[0]; + $this_givenname=$givenname[0]; + $this_sn=$sn[0]; + $this_password=$password[0]; + + if (!isset($this_cn) or $this_cn == "") { $invalid_cn = TRUE; } + if ((!isset($account_identifier) or $account_identifier == "") and $invalid_cn != TRUE) { $invalid_account_identifier = TRUE; } + if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $weak_password = TRUE; } + if (isset($this_mail) and !is_valid_email($this_mail)) { $invalid_email = TRUE; } + if (preg_match("/\"|'/",$password)) { $invalid_password = TRUE; } + if ($password != $_POST['password_match']) { $mismatched_passwords = TRUE; } + if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$account_identifier)) { $invalid_account_identifier = TRUE; } + if (isset($_POST['send_email']) and isset($mail) and $EMAIL_SENDING_ENABLED == TRUE) { $send_user_email = TRUE; } + + if ( isset($this_givenname) + and isset($this_sn) + and isset($this_password) + and !$mismatched_passwords + and !$weak_password + and !$invalid_password + and !$invalid_account_identifier + and !$invalid_cn + and !$invalid_email) { + + $ldap_connection = open_ldap_connection(); + $new_account = ldap_new_account($ldap_connection, $new_account_r); + + if ($new_account) { + $testout = shell_exec ("sudo -u ansible ansible nextcloud -a \"sudo -u www-data php -d memory_limit=-1 -f /var/www/html/occ user:list | grep $this_cn\" -u ansible -m shell"); + $string1 = explode(':', $testout); + $string2 = explode(' ', $string1[0]); + $newmail = explode('@', $this_mail); + + $command1 = shell_exec("sudo -u ansible ansible nextcloud -a \"sudo -u www-data php -d memory_limit=-1 -f /var/www/html/occ mail:account:create $string2[8] $newmail[0] $newmail[0]@$newmail[1] mail.$newmail[1] 993 ssl $newmail[0]@$newmail[1] $password mail.$newmail[1] 465 ssl $newmail[0]@$newmail[1] $password password\" -u ansible -m shell"); + $creation_message = "The account was created."; + + if (isset($send_user_email) and $send_user_email == TRUE) { + + include_once "mail_functions.inc.php"; + + $mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $this_givenname, $this_sn); + $mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $this_givenname, $this_sn); + + $sent_email = send_email($this_mail,"$this_givenname $this_sn",$mail_subject,$mail_body); + $creation_message = "The account was created"; + if ($sent_email) { + $creation_message .= " and an email sent to $this_mail."; + } + else { + $creation_message .= " but unfortunately the email wasn't sent.
More information will be available in the logs."; + } + } + + if ($admin_setup == TRUE) { + $member_add = ldap_add_member_to_group($ldap_connection, $LDAP['admins_group'], $account_identifier); + if (!$member_add) { ?> +
+

Unfortunately adding it to the admin group failed.

+
+ +
+

+
+
+

+ +

+
+ +
+

Failed to create the account:

+ 
+     
+
+
+ The Common Name is required\n"; } +if ($invalid_account_identifier) { $errors.="
  • The account identifier (" . $attribute_map[$account_attribute]['label'] . ") is invalid.
    • \n"; } +if ($weak_password) { $errors.="
  • The password is too weak
    • \n"; } +if ($invalid_password) { $errors.="
  • The password contained invalid characters
    • \n"; } +if ($invalid_email) { $errors.="
  • The email address is invalid
    • \n"; } +if ($mismatched_passwords) { $errors.="
  • The passwords are mismatched
    • \n"; } +if ($invalid_username) { $errors.="
  • The username is invalid
    • \n"; } + +if ($errors != "") { ?> +
    +

    + There were issues creating the account: +

    +

    +
    + + + + + + + + + + + +
    +
    + +
    +
    +
    + +
    + + + + + + $attr_r) { + $label = $attr_r['label']; + if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; } + if ($attribute == $LDAP['account_attribute']) { $label = "$label*"; } + if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); } + if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype = ""; } + render_attribute_fields($attribute,$label,$these_values,"",$onkeyup,$inputtype,$tabindex); + $tabindex++; + } + ?> + +
    + +
    + +
    +
    + +
    +
    + +
    + +
    + +
    +
    + + +
    + +
    + > Email these credentials to the user? +
    +
    + + +
    + +
    + +
    + +
    +
    +
    + +
    *The account identifier
    + +
    +
    + +
    +
    + diff --git a/fstack/lib/checks.sh b/fstack/lib/checks.sh index a85badfbc3ff26d0edfb5c11177ae5ba305d4eb1..72efc31254e0b38d69450425af8d2558d176631b 100644 GIT binary patch literal 51200 zcmeHQdwUu;m(RcEQ>fH$lXSz?mn5`wUxIPM);2ESw%NK58N=Aj8@`e)j#H zBaP<5aIs@M-F@+s*r3aibaW&gotp->m-mK`?)9gLpWW^4NAwpziNB?tot^Td()L!l zR4ni8Jl}a#EES)ZijPF`UVEj0Pd(pog?QvTj=!kAW%-Nh{*Cj#{;F_h*@ZL18)m-F zd@c6Pf$18)IS_ScJem5YEB1~$qGP(3R^QBIj%(dF)y+4p!$u)LaQg2}x6mJ1xyfjH zVcA}#Fmn3FsNex+r7-ne^<94rGdM|p#m7vh@7U+oMQ>nxPo9d886nL6&=EP?6xmbz zTl9vqr>aVR^M?0n?YvtSo|f7tM?+eFY@B?M=?QLzS!IrpB}%900E5VQEhLp zy()mMY(BeLreCFO-m-JXVBqErcVcAc0PfXm$DLb2Zyx2SXZc$DxTc_w-w!NTw~Hs z&&*$sN8sgLn5s$a>FCJ$yo+LJ}f>trf^hXG5Y+RTXVT>@vW@Q8t z^{D?MB!Ql7j8OtLIDP1NemuoR6~pxj$dz#|OIp#~y* z!o8VXZue*=P0y={((`iu<;#3AUn+9bm(FN9Hg)Bk$V;3DIIR?dPh4DxScwQ8Wx+^7 zvV02eD}|KAWIdYwN;uq!m1|wO5{wTr>2lUw_ML3fc(Yp-wA(c+CawFqG^MQMk7IsLjVJU#(d`Z zVuDQxG)i=3Ox_Dnhsfn@C)YRnLz9cA=cxLb81!2Gu)#a8*LN)}C@g@mi!^%$qdzut zgmYu+5A&1jNGFB3x-fk)^!*98HsxUS@%uiTE zfkzLp)`nweApYZnNH&h#a|^!$B+}Lo1QjON{?M_-@8X+p#K;yoPw+g2SzE~jA@R_j z+QPL5ec?Nz@0wWd65;R7YfqdzuFiC)G%ZvVdy9R3VWJfSDYOBFb4mGm)D=Jc5J{!& zVF0|?=V7CDHJdcEIMMJ;)Q@VI4A<;CE~TMIJoi+OjwHj!=7kpbT8FjfQT5#jgACTU z+&yu!3{3;%P@N=xt+~SBuY+P^W1b@bCBx~LCU5Ls-=AsSp)NIdJ#>|4aDiUdDS6- zZ~9}-xNuD~=Q~u-92?e1(4H&l=byTmEy_QXfB_VqXu45nZFtOXsbf|m=QWm76zdhS z8N~zPMHY-FTb*8#+Dz>Y~W zcV#<4+wo-7_eLgg`#gn+FTflTjbT|ZTSwa%6P$H!VTG8e{C|?9zQN24%*%p39gQ#s z-Wxan6Z`icq8Qr25*c?zJbMk{Tk+YMy*{?MZ8hfiCH-eOGI6L*B z*?$ij1xl}-sTdlUraS~qe>$NBgQ1PCRoxGkFUsGcA2@mNdv++1u3i}^oU=3Lh)HGc zIZx-*Z%H;lqa;FEt8Vu5miE8{$TzX`A6;jJ>tvCre|HGjknF$)Ifo}fDu zVy8S70pR*);Q;p?_ZpWBy4DcmmHm#EyAUG_jH;ajd-)N3`1N<<6Kw{O^xWkxvTQK$ zIuG2AbCvU5!}h=dAvY}>O-}hnnyejW*p6%qOp|B!bC<@*!mSz|7hso>hprI6AhPN# z$*S@A*Ar7n4oLzy$99XcX?(=E42(1c6bdSo0OEEq^R9U*;Sw|AI^b46GTLyh_C=}u z9M@P}WCdLb#mk*7&SSIz8#)^Z70il%6j|oI@g>VxMu!*N=+eijrv7xZ+dbGQ4>G5l ztu|ydM***y&nPtJH;~9bomP$i+FmJOPV*7=GfaDu*^o8D-=!BD-;qSiGKhEJpV>0y zAqut4b8v9-j1B8=Y~U#7uT;W!uj5T@Y+a#hXsh$h5QENa zY-~KuU~n5posH;_!nCp;QfA}u*Nsw9Y!J&GNk#4MuicI8W!0OUm&6#iv`Vyy_#aGT zHUsd~P;Db3`a)t^qgEnTh-f~+SyS|&B#IVgJ5X>`fWg!?F!h`S2k&IlbPa&Antw2-2NO9T<4-I)c;g1vm^pG-PJ+=7%;hDU-M7%l;YvPItWmQW7W{$gUP6_5SBzB%HK3JKhCLs+3!0#={Wj2-USH$iJ zpCDEw;on>VbBA*2IuIUdLJ1=0%a*ZyNG4{l@#^Gtggqod5kriEqf4Q{tq`=y_kJ96 z4t9UK_w%)zHzO%j59FkDDGWPQh-b186{20bxlbot`!^BZf{2$*py<@jiogC6#N>-? zcZl0DSOQNN#9E(?%(2k7RW!qSrH=<1y*)4Ms&0huB2&FuxW*(v25e zuacp7rYWxtbaT;{Il7$%H{StQY&W{?x7BRvg}g&t4e9s=(l{O0Z(m*?2M(78FM%5& za3Zx0p%8c8Rj=@EegZ7UIxJ~=KCespOt`t1b7)sWh-yR>y+aT{Kj9=pPZAryf1}=m zI@GX*ID^dXz51qSof_kTWF^9~qFNQD7}-;iTTl1Exq|v8ezlhXaml+4&7Ru9jnWJj zo^vi9OKKEQTCmvbF-c?mscQ=dH*#KzEWiQng$QBsrtHj)rC?C-t%Yoq@>zZ7nRC4 z>#V?io7v0e*Q1*eL-9sfk%>c(wv_o*>CE$P(nr!C&6e*^M9z(~8>EEej)kh-g5mau z5$UEn@*+r;$0T>EAU8k!mh!S*t=+D@tv=cOD8Cm9`GWXFyQs?FZ?-$#YLG39|5p6{ zQ&@r&_{jn#ENF@FAV9>8eIy1K9^`@E&?t!ZsJuFDsIJHvC5Sy##G#nXMM1Y z0(F)17U;SuAE*(0^CeMAMNm?}Cv(=o!L`bkndE!PHkNXnjjTVO&Be7?9fd9?R0D89=15glgQhFD*#F#-{BD z>i?V|QtP$auWLumPOaN)9aT5$t;6Hm(OcaSE~2EwQM6M_oX2F@BU=51RC^(r#zD0A z>*cND^H(+n5BWW5JFDkVtUyO**(Ks=<6Q!X-j9v9VPPzeO9+7G6s_0dpcjGtxzTR!zwOlz znvJ6_`gwgLGXjyeB()&{uZ+W(3+1Qx9flp?=>G z$F%i9Q4Cz~TrgCU%|&KMsDCN5-vC2P(@zv^fo)2>FE zVf3q!pFGgW(ayY)8~wgBwf*SWGs4E%PFmaO*a=2r>_OcXM-K>k^gywDedY|VpJ6$y zOo>q%p!tpw0BpRh53gw=BU@DTKG$>LGY^q#dXAp@<2vnqD8<1525+8(dvV$cdY;j^~q}OP<7sn}C z*l+xE>%%J;%Nzo5O)kH9b*AJX2b+(3j9nkLfoOj-#&Kpax)|Lh=@8-u%kB)#5e6O_ z-430xxff`;kU`%I3UTSjNPIwJUMj8gioia`^=?GCvFdsm-h}jL1?P0oM%00P?!r_r zF!$8<4|i(0cP?ODYx&UWSbyRu2=8@L{n~`tsg&;y%yVNp@`VShys;_yW#$UlvWuoP zOZr7(HQ9vkQshR;luC0D$d{5N778Q=mK+3V&-M& zTqI~-O%{I}fi(4M1&K5jyE~Eeb9Hx{kw_!`Ye8nV&eWB=AogggY9(IxHkz?kx) zHw)x0G!-GrnX7(ibwylKDLb>G@*w6PM>S*G19{%&Er$s~&St;@hx5D0fsRTs(-3;l zQPQoI3Q<2W;`!vYCJ?5BL!9GFCruBNu4(0+O2DL&{5y+-qk{i|q8=&RyE_&9kEHCp zcwWK(NXpBXTNV75Df1K*Az?^YxpaL&u*#(hgD^!}FZ$75eL)eqsKbKtdus7uC5PU8 zsgP3_Z>5l$9JV8MdgQ6=TaeQvzPb+gKUMJo<-n_hMz3>RJA~o_|KRW>wLCQ3l-%Br zwZlk>Xhnw7>$YId`l|J7q>utrKR_ctSEWm31U%ib%dcuF4Ij5U-Pi5L+X$@IQKPrl zY)4Y|4m&-*dqyB1v|jfP8b3D^BgI@RTaic0-uk>tFdc6TH$}u@f zOCDG5D|56dRDl#JGv((iR65-n8XzUkHG3LLI@^Q#r{0=P#|$0RPP%XQdNhPydS#i_ zXhZkXdjkwsnY&KaS#=tOZ`v{6WbNtKIfVLtF4DrChA`>vjt&G*z92*-|cj zb4ay=X020w@|S{DBOxb4iAXA|32EfM<6ar=;OWzam14rcwDAQdN@)XB>Pg+N>bL(S zBrWKa5`?BTl!B)_0LSv+<^9sg3WiIUTeT|m`V3YH>0C*92@0XvjSe?~P7;9s!;TP1 z0D=hXEEe+PS9$T>W1{u-qDoE=cHtKIk zWqsJ;HLfcsw+Y@0(zk&`(c3TP1fWHF@I=wi+=LR)R;PoL2p!N#gAc+6kHRVx z1%dA?yPXsFl;=;<0z+e)>h3px#cbdNeT~Dk`QMG+LGutXDN1B2M?YM+Z%io0K)@;G z#8IP*=3wEXVRhbida#nN)f*&LzLF;NF@6v_IQTwK&rF<0>J#mTix@x!h8qcaK$ZI7 zY~VKcBf$o~EEda^7a?o#avN+Q{&U&S>T&uUytlvn*l$ zfh{nS2k_6$cJ~B9Ope>FZmY_^{kln=*J^jG0UD?;K?a}eX){QLaLgU;)lXi*xTJXi z-e|vea?q8mfIp%D0z@#ed7rJ-IqZVJkQ>L!l}?TiTD862VeMD8C832--7db|J>-E6 zOjtk-ydENh=z&sCZe$XYcFzi|+U87T0qYNb@T?^YJkw;Lk^^{qA3B36F18-HXWV#u z-f-MM>me!vCCV5SFk%WI%XF`Rzr9$Eyys-1(7e%VFgytBP?J611Wk12`=2e>M*x5~ z*lxtPSQ9^FSXg7aHPXH+O{(6JGGfo^BRGlex5)^Q%@yIhQyBVVT>2WW>$nHbh1mQE zTRNB<^@uYD|NNWG=-jMIz33;{mvR1SifF-+^AU--Td>EjPGUB)n| z&z*yY4FxHzI}l6(-|C?y`#xFeFXE@;#eX!fXKKVa>c2aNW>u<0_fix!yFDo}$(n4} zWcy_o_9C)Pmq-xL1Op7jFtO}>pA7TlM(d6J33g0u|EAj`Lsi%6OSj-EZ1CK%<@Y=T zdnU!E!B)nhEC$bltnqaqa(V`m4HE2Wx23sS_vIa3MeELEVy%05hs+sor+8Pg$fX`>NyYn? zK&vy-`Y)t+Uxv^xqj#rXt)O?OVh^Qve;tj-v-e~3ki(q7h8lF6)R;4U!CoB^P@v;R z$SE;+Z;jdg9;QyBT-<(vIw%ES2Px4>(!&ysdf*}{xFZO10P8kZqI0k_uwiTnpnC}? zbAe44E)#4qrL2_53014$F$#*mrLt%Ml6gr#1<2EZhE%}#y&!6iyma^<5JoT_M=;>t zDHMbZuN725t4l@-djT3wWSsNIkb;3jNI!X^RzrcbJnId{aG43NPkD0trs}8g)88Y2 zrSHU~DuYzGQv)((Yvel>w&V*8Aismr!}**XPgl08FLt+!#nUW82i-l&ce?PzUGV!&_A)4Blua8|1vxpzdWt$LbTwK%oU8!2 zUf)2}Dt(CFkw2?9F+jKOm$FSnbVgQI2b2{5!zwi@@*hT@d()dYwHn)CgC zkyqYH`v2}0ch>el_c7l|m@C--9LZR?_aFON(PHYgr>=r+a)b^YqdK78xxt^qgGCh$ zf{EsG-t-J+HF?A{KYL!3#0pyc8_;o;XS#7s|;WpJ-q~p4;YIpaNYtK`n z64{QR;u>Fje~grMTJV)Crm8g$-*$dF=(St0QCg(wm&KNs*sFDGY=oo{&P|hAQi5Q^ zpD+`-`b%uO!_-wKoEr%>;=1y!r~0;2w8K3~=)|)xaL_^l7%_8vvAw-bYVqZEj*-Uz z2#b*i3j$rHH0@Q&rZi2s%F;8TU_|#hNiV^!$0bwA9aoHwik1JVhIk_$`aZ`d0OyVT9vvyy16k8hib!6G$0~Wb(0Z{(!A7{|bL=HfmM&3L! zxI)CqGhcA}eO$UH6-goF{qFY2$S@{FDFYTPdH>Cgbg@Ei4q5BO(Hr=Y1(AA{AD`T%s>X`G0v!X{8FRJzeZqgFJfEnH>G7Fh^MQpzghlP%wNjh%qzc^bp*i{gDR zLlJ5*ZuOo=l@|4uf>E~4&&dQz2C!U62VB|?P9IPw-g7}%f(5;rdZsjGZ=H9YJ;cuG z`|`Utv?j|5B@o8(b)<&t31V4m>XI6tigyi~A6H~(9tzb#OQ0w3L7wVbyeN*ICS^YM{maiuWTvI)LC$~Zj!>v#lc!X(_&&#mMn|#Mjzb$jRS;pfsDw11nAJ2>h zkGq|2mXLG$PIc#k4h?AD1_W0c&WTeQmy4QJrMOWwEY0|+yaBQUe`upx-4+!IWIQQIeAC zAzTye{p92j0xB>Eq=-g}yNhB|;Wwt|WL_Y+ObPgBu^KC0B#e_5FAa~c#ib`IZcBQQ z4Ly@{*xE$2zeMr5;+WNp@@{7Rxi&$;+==LFWV6>inBuHFJxb) zF|riHU&hi*_iqJrGhOzfY|aiHuxYwg64lTfhs1To5-C#4)F|bPuqK!uEm2`5b zU}EjA456cQ2?sgo$;eob{A!;i44}Ylh1gCRQ*J7@w!#t%#*hR6pljt zC^IOXH8Z?~NfPdbq5X}nl`;~YC!#h*30s>LIvuT@(sH7|^T`b?J;f=F82>Dp68-;9ahu;0q}@FM7rWNPhT*)QE>}RZx@N73H6}M! zdPXX&HL+_=EE(~zrA~_Z3++qMHMU6iNHD_kYfbE06KnfW4Bnq6_KtO~0c}S#w5)VZ zN!MD}lss0urld#pt|{51cuh%`n%6lG2t@8mI_nK!t=kmQH%{p8zWA}`dwR1%Psm!g`8MTg<;Cw56t zi@PQ1{~dk*y^JT}Me)7|Pw-)vY`8)^qFd3T_Lk)@s{1$2TS5N|Yj59mM&g)A1-310 zM{)nrAeb^!jTzA)M8TT6918-|2mfy_9PaNo^!?`Ai}k)-B&q#O?w*Kxbq8;#r#AJ) z9IaJvR#dVoD;xGX=9)46>ebLRN7rYTJCFer$&?i+X#_P zuU@3TT+Uu0ot}KFfn5c{7u^|#d}saD=e;@+0doAy{KwjB^*Ul{Q;_z(COr#}aNVs} z|JA6&tr%|(G&;#Q9)fpeV}nisLeB&=U!8OTf!r!2-#Vxq;Akn@!lxsRHN72E_OPR}3Cu1v@366>c9gq*%#;d0(&jY;4QSG-|hdLa8 z%xfeL39ax8D*S$M0OF|Cd(-V6cdF+G-oOeg$ahiLAstTz;F*QPMs?nEF0w4W=%S0p z;!X!`)ob#d7+tDQ9)+d+1da_iu?G;hegl@5vpQT8kHB))?O%bF)zvw${2X5X3~XwD za6;VV9ax4jN3J5_-*Ze_Ze%q{+bVrs#d|=Gi{sMbJbHM?filIXpXHFgkaTT1R=vo_xg8* z`~NYK$OGQ{skxQ!{oFTwUtG>_#GZg<;$L#_rv_HK_lE(6WpVNe9+^Jg7U;XzxZoiO z^bn5nL9psVoQVt^akxv#_JTV3zN;?Clb}4pB(K(7lo1UoFK$dmBmW}N-BibJBXpqo ziU}S5b!Cn4j6{JRm-&!m$jseqq6vfyRFiWeLIz5UT~!`J$gs=3m=Q8WMGOli4D5sl zhcCtO;>Do;`{5 zr1j^f*Ajv;?^?p}@B3OpjjVVrS)s2hT}yaeU+!A6`}ew*EXC>eP literal 4065 zcmcInYi|=r6#X3kip$1Ipk=*DASDShZA2Wflm-h2sS=@NygRl>Ue9c2W^r8LzxU2# zU$zNROJgbW&d%Jq=RVFo-hL2`7>`CoOnzZlr*J8Q3wefyoeI|DdKsW!WWoGnnC{zzmdfZ!t)c@{S298TtoW+ zzV70STOudwriDh?7#=_@=5xXm2tR?l5q4fcY4SPfDdo7={Ly$SAmkK+YyK0w6nUEP zT@7P~$KBb-fXFpTQ^qHqPT5cM#5OBtdX^H_Exr z0sI#9_C2)AKtQ((f!h+mhlZa3+wd++Fj!c``u4yRgY3Stt*RBAS6F(Sw3T&AGJSTBgAVJ1ap-cl8s zjAM9z6xhsY-)F)id0w7?xq zfm$j}=cOHsDjcifg}dt{iW0HlsUV4O!Vcn#umJPhD7O_9O|l8reG$aaI6%;u@V_P7 zdV*dWQ@&_DJePBW*I@Kr)r2N;38#ZA%ug<3OqQwB5~K4pNkUVewR1s2NARA=c-kfN z%(?i~UQIC2qSYmQPH{GimYIoPaqkGrUa)>fGS({Y|Bd~~pKt8XE)DAE$wgmEg9 z4in`&F~|DAVzv~!vigHiVLLW`D?78GvoZ6Tnla?u@EF>j(>B#p#hHoV)KVgzM+2M5 z*EFYr*f3Qix60hND7dh&iHd7PT%%!&rs61H%Y`GWM0|f5zBAt*<|Yzy@d5aLc&ljC zgZtGFP{WPN&(Gc;SG~8Frx*P}_aDH8IDHFi`z~}m_ks<)_x4rTVw*|>Z4f0(TqF3F_sH6 z6u~UPV1@++PEn|!Wu|xWa&9J!O|v0hW)=<(;qVC@?ZN)jC-CIx7!Hq~!SS(K+S_}M zt!1|Z42Rttygbx-y5NPtxabeBdY4{gR08AB35<2+ae40ESalNo*=Fqk4^JsU65coQ zG=EruIH!&O=-5LH+9U5cjFx^1AQ_shCGgM<{zq1w0LhVt$L!V{vK1P%hr_^V1T?m) z4(x_|DhY6sD%d}GcHP+vAfh^soEum%eB4NjcfjFsx1esIe*x--S`)kX=6_Ydrkw{K zyvtVwJMp+_^4P#^Xsg0jt+k6KOkSn68m`%3d%fkbSSXDs7FLQbE?Kd5U{m)N=ZYqA z=#6Tsz;-bGU+OCA90e5?ENUo@=*m&O;m!b1P`Nv{VK~h-mMRveQwdd|ial;U)+r=R znc=s#vzb6|`i}lyb=As~yDkXUeNkFuYmOA#{>|MR4c63G5wHQqi<3E3R2r2@xt6F1 zQH8+5%rZ+pMtVy+5~30$?zqigP&iHPge@?PGeXH-omP} zGWp*h4pkvmg;$P=+RGHF(WkxIc+JmG`xm`46p2MwdP-72Qi;s9^z3xauX$k0`xFZDj4$tFadx4sYC`!xc9_i@DHrf5G$=c#OYi z!8%eKF+6Uxg6AvT2zUU(zoA_XQNybBd1UOZH+&6D(~C7EsEf>R?D8sP+s+<-_WzHI JY=pkH{sGOnxBmbD diff --git a/fstack/lib/nextcloud.sh b/fstack/lib/nextcloud.sh index b871fec..20ac0e1 100644 --- a/fstack/lib/nextcloud.sh +++ b/fstack/lib/nextcloud.sh @@ -48,6 +48,9 @@ services: hostname: nextcloud.$DOMAIN domainname: $DOMAIN restart: always + build: + context: . + dockerfile: Dockerfile networks: fstack: ipv4_address: 172.99.0.15 @@ -77,9 +80,57 @@ networks: external: true EOF +cat > fstack/nextcloud/supervisord.conf < fstack/nextcloud/Dockerfile <> /etc/sudoers \ +&& useradd -m ansible -s /bin/bash \ +&& sudo -u ansible mkdir /home/ansible/.ssh \ +&& mkdir -p /var/run/sshd + +RUN apt-get install -y supervisor \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir /var/log/supervisord /var/run/supervisord + +COPY supervisord.conf / + +ENV NEXTCLOUD_UPDATE=1 + +CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] +EOF + cat > fstack/nextcloud/data/root/nextcloud.sh < fstack/nextcloud/data/etc/apache2/sites-enabled/000-default.conf <<'EOF' LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so @@ -170,14 +219,14 @@ start_nextcloud() { if [ $DEBUG ]; then # Start fstack/nextcloud with output to console for debug - docker-compose -f fstack/nextcloud/docker-compose.yml -p nextcloud up + docker-compose -f fstack/nextcloud/docker-compose.yml -p nextcloud up --build [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/nextcloud" else - docker-compose -f fstack/nextcloud/docker-compose.yml -p nextcloud up -d &> /dev/null + docker-compose -f fstack/nextcloud/docker-compose.yml -p nextcloud up --build -d &> /dev/null - # Keep trying nextcloud port 8000 to make sure it's up + # Keep trying nextcloud port 80 to make sure it's up # before we proceed - RETRY="23" + RETRY="35" while [ $RETRY -gt 0 ]; do nc -z 172.99.0.15 80 &> /dev/null if [ $? -eq 0 ]; then @@ -201,7 +250,7 @@ start_nextcloud() { [ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in fstack/nextcloud container" # Run nextcloud.sh - Setup LDAP, configuration for nextcloud - docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null + docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh [ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside fstack/nextcloud container" # Enable SSL module in fstack/nextcloud diff --git a/fstack/lib/panel.sh b/fstack/lib/panel.sh index 27d4ffe..a28e7fe 100644 --- a/fstack/lib/panel.sh +++ b/fstack/lib/panel.sh @@ -18,6 +18,31 @@ config_panel() { DOMAIN_FIRST=${DOMAIN_ARRAY[0]} DOMAIN_LAST=${DOMAIN_ARRAY[1]} +cat > fstack/panel/ansible_hosts < fstack/panel/Dockerfile <> /etc/sudoers \ +&& useradd -m ansible -s /bin/bash \ +&& sudo -u ansible mkdir /home/ansible/.ssh && mkdir /etc/ansible +RUN sudo -u ansible ssh-keygen -q -t rsa -N '' -f /home/ansible/.ssh/id_rsa + +COPY ansible_hosts /etc/ansible/hosts +COPY new_user.php /opt/ldap_user_manager/account_manager/ +EOF + cat > fstack/panel/docker-compose.yml < /dev/null + docker-compose -f fstack/panel/docker-compose.yml -p panel up --build -d &> /dev/null # Keep trying panel port 443 to make sure it's up # before we proceed - RETRY="23" + RETRY="30" while [ $RETRY -gt 0 ]; do nc -z 172.99.0.12 443 &> /dev/null if [ $? -eq 0 ]; then @@ -102,6 +130,10 @@ start_panel() { fi done fi + + # Insert ansible key into nextcloud + KEY=`docker exec -it panel bash -c "cat /home/ansible/.ssh/id_rsa.pub"` + docker exec -it nextcloud bash -c "echo $KEY > /home/ansible/.ssh/authorized_keys" kill -9 $SPINPID &> /dev/null echo -ne "done." diff --git a/install-federated.sh b/install-federated.sh index 67236d6..9e75ac7 100755 --- a/install-federated.sh +++ b/install-federated.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -x # # Federated installation script