bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Second round of powerdns and traefik install

Browse Source
This commit is contained in:
Derek Crudgington 2023-05-12 19:39:45 +00:00
parent af39face59
commit cc6fef50f0
25 changed files with 216 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/.b2init Normal file
View File

@ -0,0 +1 @@
9585ba84-ef8a-11ed-9363-431dba4e45bd

2
bin/.env
View File

@ -1,5 +1,5 @@
# Domain name # Domain name
DOMAIN="test.com" DOMAIN="customer5.fangfree.com"
# Company name # Company name
COMPANY="Fang Free Inc" COMPANY="Fang Free Inc"

1
bin/.gpg.backblaze Normal file
View File

@ -0,0 +1 @@
rDGL27yH6YlIa73MyQpcR38jMyrtOTe5

12
bin/dumpcerts
View File

@ -9,21 +9,21 @@ fi
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
# Install into PostgreSQL container # Install into PostgreSQL container
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/apps/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
# Install into LDAP container # Install into LDAP container
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/
# Install into Mail container # Install into Mail container
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/
# Install into Collabora container # Install into Collabora container
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/* chown 104 /federated/apps/collabora/data/root/certs/*
# Install into Matrix container # Install into Matrix container
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key

16
bin/install-federated
View File

@ -19,7 +19,10 @@ get_config() {
# done # done
. /federated/lib/network.sh . /federated/lib/network.sh
. /federated/lib/dns.sh . /federated/lib/pdnsmysql.sh
. /federated/lib/pdns.sh
. /federated/lib/pdnsadmin.sh
. /federated/lib/traefik.sh
. /federated/lib/postgresql.sh . /federated/lib/postgresql.sh
. /federated/lib/ldap.sh . /federated/lib/ldap.sh
. /federated/lib/mail.sh . /federated/lib/mail.sh
@ -31,16 +34,10 @@ get_config() {
. /federated/lib/listmonk.sh . /federated/lib/listmonk.sh
. /federated/lib/vaultwarden.sh . /federated/lib/vaultwarden.sh
. /federated/lib/panel.sh . /federated/lib/panel.sh
. /federated/lib/proxy.sh
. /federated/lib/wireguard.sh . /federated/lib/wireguard.sh
. /federated/lib/baserow.sh . /federated/lib/baserow.sh
. /federated/lib/calcom.sh
. /federated/lib/gitea.sh . /federated/lib/gitea.sh
. /federated/lib/caddy.sh . /federated/lib/caddy.sh
. /federated/lib/pdns-mysql.sh
. /federated/lib/pdns.sh
. /federated/lib/pdnsadmin.sh
. /federated/lib/pdns-static.sh
COUNTRIES=("AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CG" "CD" "CK" "CR" "CI" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GG" "GN" "GW" "GY" "HT" "HM" "VA" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IM" "IL" "IT" "JM" "JP" "JE" "JO" "KZ" "KE" "KI" "KP" "KR" "KR" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LY" "LI" "LT" "LU" "MO" "MK" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "FM" "MD" "MC" "MN" "ME" "MS" "MA" "MZ" "MM" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PS" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RU" "RW" "SH" "KN" "LC" "PM" "VC" "VC" "VC" "WS" "SM" "ST" "SA" "SN" "RS" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "SS" "ES" "LK" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TW" "TJ" "TZ" "TH" "TL" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VE" "VE" "VN" "VN" "VG" "VI" "WF" "EH" "YE" "ZM" "ZW") COUNTRIES=("AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CG" "CD" "CK" "CR" "CI" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GG" "GN" "GW" "GY" "HT" "HM" "VA" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IM" "IL" "IT" "JM" "JP" "JE" "JO" "KZ" "KE" "KI" "KP" "KR" "KR" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LY" "LI" "LT" "LU" "MO" "MK" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "FM" "MD" "MC" "MN" "ME" "MS" "MA" "MZ" "MM" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PS" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RU" "RW" "SH" "KN" "LC" "PM" "VC" "VC" "VC" "WS" "SM" "ST" "SA" "SN" "RS" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "SS" "ES" "LK" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TW" "TJ" "TZ" "TH" "TL" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VE" "VE" "VN" "VN" "VG" "VI" "WF" "EH" "YE" "ZM" "ZW")
@ -49,7 +46,6 @@ get_config() {
[ -z "$DOMAIN" ] && failcheck "/federated/bin/.env doesn't include DOMAIN" [ -z "$DOMAIN" ] && failcheck "/federated/bin/.env doesn't include DOMAIN"
[ -z "$COMPANY" ] && failcheck "/federated/bin/.env doesn't include COMPANY" [ -z "$COMPANY" ] && failcheck "/federated/bin/.env doesn't include COMPANY"
[ -z "$COUNTRY" ] && failcheck "/federated/bin/.env doesn't include COUNTRY" [ -z "$COUNTRY" ] && failcheck "/federated/bin/.env doesn't include COUNTRY"
[ -z "$ADMINPASS" ] && failcheck "/federated/bin/.env doesn't include ADMINPASS"
if ! printf '%s\0' "${COUNTRIES[@]}" | grep -Fxqz -- "$COUNTRY"; then if ! printf '%s\0' "${COUNTRIES[@]}" | grep -Fxqz -- "$COUNTRY"; then
failcheck "$COUNTRY is not a valid country code. Use US, GB, HK, etc" failcheck "$COUNTRY is not a valid country code. Use US, GB, HK, etc"
fi fi
@ -71,6 +67,9 @@ get_config() {
else else
failcheck "$DOMAIN is not a valid domain.com or sub.domain.com" failcheck "$DOMAIN is not a valid domain.com or sub.domain.com"
fi fi
ADMINPASS=$(create_password);
LISTMONKPASS=$(create_password);
} }
while getopts d OPTION; do while getopts d OPTION; do
@ -95,7 +94,6 @@ check_ports
config_network config_network
# Configure and start each federated service # Configure and start each federated service
#for i in pdnsmysql pdns pdnsadmin traefik postgresql ldap mail collabora nextcloud matrix element listmonk vaultwarden panel wireguard jitsi baserow gitea caddy; do
for i in "${SERVICES[@]}"; do for i in "${SERVICES[@]}"; do
config_$i config_$i
start_$i start_$i

7
lib/baserow.sh
View File

@ -13,10 +13,6 @@ config_baserow() {
mkdir -p /federated/apps/baserow/data/baserow/data mkdir -p /federated/apps/baserow/data/baserow/data
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/baserow/docker-compose.yml <<EOF cat > /federated/apps/baserow/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -29,7 +25,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.28 ipv4_address: 172.99.0.29
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
@ -67,6 +63,7 @@ EMAIL_SMTP_USE_TLS=True
EOF EOF
chmod 600 /federated/apps/baserow/.env chmod 600 /federated/apps/baserow/.env
BASEROW_SECRET="BlAYmXoxZ6mJHzL0VbeP2cfif3NGoVQm"
echo "$BASEROW_SECRET" > /federated/apps/baserow/data/baserow/data/.federated.postgresql.secret echo "$BASEROW_SECRET" > /federated/apps/baserow/data/baserow/data/.federated.postgresql.secret
cat > /federated/apps/baserow/data/createuser.sh <<EOF cat > /federated/apps/baserow/data/createuser.sh <<EOF

19
lib/caddy.sh
View File

@ -15,18 +15,14 @@ config_caddy() {
mkdir -p /federated/apps/caddy/data/etc/caddy mkdir -p /federated/apps/caddy/data/etc/caddy
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/caddy/docker-compose.yml <<EOF cat > /federated/apps/caddy/docker-compose.yml <<EOF
version: "3.7" version: "3.7"
services: services:
caddy: caddy:
image: federatedcomputer/caddy:\${IMAGE_VERSION} image: federatedcomputer/caddy:\${IMAGE_VERSION}
container_name: www container_name: caddy
hostname: www.$DOMAIN hostname: caddy.$DOMAIN
domainname: $DOMAIN domainname: $DOMAIN
restart: always restart: always
networks: networks:
@ -42,9 +38,9 @@ services:
- ./data/data:/data - ./data/data:/data
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdnsadmin.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`)" - "traefik.http.routers.caddy.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`)"
- "traefik.http.routers.pdnsadmin.entrypoints=websecure" - "traefik.http.routers.caddy.entrypoints=websecure"
- "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt" - "traefik.http.routers.caddy.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
@ -108,8 +104,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_caddy() { start_caddy() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/caddy/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "caddy" "nc -z 172.99.0.31 80 &> /dev/null" start_service "caddy" "nc -z $SERVICE_IP 80 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

21
lib/collabora.sh
View File

@ -11,14 +11,10 @@ config_collabora() {
if [ ! -d "/federated/apps/collabora" ]; then if [ ! -d "/federated/apps/collabora" ]; then
mkdir -p /federated/apps/collabora/data/root/certs &> /dev/null mkdir -p /federated/apps/collabora/data/root/certs &> /dev/null
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/* chown 104 /federated/apps/collabora/data/root/certs/*
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/collabora/docker-compose.yml <<EOF cat > /federated/apps/collabora/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -31,7 +27,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.14 ipv4_address: 172.99.0.17
extra_hosts: extra_hosts:
- "nextcloud.$DOMAIN:$EXTERNALIP" - "nextcloud.$DOMAIN:$EXTERNALIP"
ports: ports:
@ -46,9 +42,9 @@ services:
- MKNOD - MKNOD
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdnsadmin.rule=Host(\`collabora.$DOMAIN\`)" - "traefik.http.routers.collabora.rule=Host(\`collabora.$DOMAIN\`)"
- "traefik.http.routers.pdnsadmin.entrypoints=websecure" - "traefik.http.routers.collabora.entrypoints=websecure"
- "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt" - "traefik.http.routers.collabora.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
@ -65,9 +61,12 @@ chmod 600 /federated/apps/collabora/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_vaultwarden() { start_collabora() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/collabora/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "collabora" "nc -z 172.99.0.14 9980 &> /dev/null" start_service "collabora" "nc -z $SERVICE_IP 9980 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

17
lib/element.sh
View File

@ -13,10 +13,6 @@ config_element() {
mkdir -p /federated/apps/element/data/element &> /dev/null mkdir -p /federated/apps/element/data/element &> /dev/null
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/element/docker-compose.yml <<EOF cat > /federated/apps/element/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -29,16 +25,16 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.18 ipv4_address: 172.99.0.20
volumes: volumes:
- ./data/element/element-config.json:/app/config.json - ./data/element/element-config.json:/app/config.json
env_file: env_file:
- ./.env - ./.env
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdnsadmin.rule=Host(\`element.$DOMAIN\`)" - "traefik.http.routers.element.rule=Host(\`element.$DOMAIN\`)"
- "traefik.http.routers.pdnsadmin.entrypoints=websecure" - "traefik.http.routers.element.entrypoints=websecure"
- "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt" - "traefik.http.routers.element.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
@ -133,8 +129,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_element() { start_element() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/element/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "element" "nc -z 172.99.0.18 80 &> /dev/null" start_service "element" "nc -z $SERVICE_IP 80 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

15
lib/functions.sh
View File

@ -157,6 +157,11 @@ cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
Panel: User Management Panel: User Management
https://panel.$DOMAIN https://panel.$DOMAIN
Passwords to keep safe:
Admin Password: $ADMINPASS
Listmonk Password: $LISTMONKPASS
You must also log in as an admin user to https://vaultwarden.$DOMAIN You must also log in as an admin user to https://vaultwarden.$DOMAIN
to create an organization for your team. Open the URL to create an organization for your team. Open the URL
(https://vaultwarden.$DOMAIN) and click the text below "Continue" (https://vaultwarden.$DOMAIN) and click the text below "Continue"
@ -200,16 +205,12 @@ Baserow: Easy Database. Replacement for Airtable. Build amazing, easy
to create on-line databases to be used by your team. to create on-line databases to be used by your team.
https://baserow.$DOMAIN https://baserow.$DOMAIN
Cal.com: Easy scheduling. Create easy links so that others can easily
schedule time on your calendar without the annoying back-and-forth.
https://calcom.$DOMAIN
All documentation for users can be found at All documentation for users can be found at
https://documentation.federated.computer/users. https://documentation.federated.computer/users.
EOF EOF
# Send out e-mail from mail container with details # Send out e-mail from mail container with details
docker exec -it mail bash -c "mail -r admin@$DOMAIN -s \"Welcome to Federated\" admin@$DOMAIN < /root/certs/mailfile" docker exec -it mail bash -c "mail -r admin@$DOMAIN -s \"Welcome to Federated\" admin@$DOMAIN, derek@federated.computer < /root/certs/mailfile"
cat /federated/apps/mail/data/root/certs/mailfile cat /federated/apps/mail/data/root/certs/mailfile
rm /federated/apps/mail/data/root/certs/mailfile rm /federated/apps/mail/data/root/certs/mailfile
} }
@ -299,8 +300,8 @@ check_ports() {
# Put nameserver entries so will exist on reboot # Put nameserver entries so will exist on reboot
rm /etc/resolv.conf rm /etc/resolv.conf
echo "nameserver 1.1.1.1" >> /etc/resolv/resolv.conf echo "nameserver 1.1.1.1" >> /etc/resolv.conf
echo "nameserver 1.0.0.1" >> /etc/resolv/resolv.conf echo "nameserver 1.0.0.1" >> /etc/resolv.conf
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

18
lib/gitea.sh
View File

@ -13,10 +13,6 @@ config_gitea() {
mkdir -p /federated/apps/gitea/data/data mkdir -p /federated/apps/gitea/data/data
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/gitea/docker-compose.yml <<EOF cat > /federated/apps/gitea/docker-compose.yml <<EOF
version: "3.7" version: "3.7"
@ -44,15 +40,18 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdnsadmin.rule=Host(\`gitea.$DOMAIN\`)" - "traefik.http.routers.gitea.rule=Host(\`gitea.$DOMAIN\`)"
- "traefik.http.routers.pdnsadmin.entrypoints=websecure" - "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt" - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
networks: networks:
federated: federated:
external: true external: true
EOF EOF
GITEA_SECRET="pcf1SCINj6zVSsHdu7b4ugkjTr3IL1Py"
cat > /federated/apps/gitea/.env <<EOF cat > /federated/apps/gitea/.env <<EOF
IMAGE_VERSION="1.19.0" IMAGE_VERSION="1.19.0"
USER_UID=1000 USER_UID=1000
@ -148,8 +147,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_gitea() { start_gitea() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "gitea" "nc -z 172.99.0.30 3000 &> /dev/null" start_service "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null"
# Copy creategitea.sh inside gitea container # Copy creategitea.sh inside gitea container
mv /federated/apps/gitea/data/creategitea.sh /federated/apps/gitea/data/data/creategitea.sh mv /federated/apps/gitea/data/creategitea.sh /federated/apps/gitea/data/data/creategitea.sh

58
lib/jitsi.sh
View File

@ -18,10 +18,6 @@ config_jitsi() {
# chmod 644 /federated/apps/jitsi/data/config/keys/*.pem # chmod 644 /federated/apps/jitsi/data/config/keys/*.pem
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
# Extract Jitsi into /federated/apps/jitsi # Extract Jitsi into /federated/apps/jitsi
tar zxvf /federated/lib/files/jitsi/stable-* --strip-components 1 -C /federated/apps/jitsi &> /dev/null tar zxvf /federated/lib/files/jitsi/stable-* --strip-components 1 -C /federated/apps/jitsi &> /dev/null
[ $? -ne 0 ] && fail "Couldn't extract files/jitsi/stable* into /federated/apps/jitsi" [ $? -ne 0 ] && fail "Couldn't extract files/jitsi/stable* into /federated/apps/jitsi"
@ -45,9 +41,9 @@ services:
- ./data/config/keys:/config/keys:Z - ./data/config/keys:/config/keys:Z
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdnsadmin.rule=Host(\`jitsi.$DOMAIN\`)" - "traefik.http.routers.jitsi.rule=Host(\`jitsi.$DOMAIN\`)"
- "traefik.http.routers.pdnsadmin.entrypoints=websecure" - "traefik.http.routers.jitsi.entrypoints=websecure"
- "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt" - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
environment: environment:
- AMPLITUDE_ID - AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS - ANALYTICS_SCRIPT_URLS
@ -183,7 +179,7 @@ services:
- XMPP_PORT - XMPP_PORT
networks: networks:
federated: federated:
ipv4_address: 172.99.0.23 ipv4_address: 172.99.0.25
# XMPP server # XMPP server
prosody: prosody:
@ -278,7 +274,7 @@ services:
- XMPP_PORT - XMPP_PORT
networks: networks:
federated: federated:
ipv4_address: 172.99.0.24 ipv4_address: 172.99.0.26
aliases: aliases:
- xmpp.meet.jitsi - xmpp.meet.jitsi
@ -331,7 +327,7 @@ services:
- prosody - prosody
networks: networks:
federated: federated:
ipv4_address: 172.99.0.25 ipv4_address: 172.99.0.27
# Video bridge # Video bridge
jvb: jvb:
@ -376,13 +372,15 @@ services:
- prosody - prosody
networks: networks:
federated: federated:
ipv4_address: 172.99.0.26 ipv4_address: 172.99.0.28
networks: networks:
federated: federated:
external: true external: true
EOF EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
# Create Jitsi .env file # Create Jitsi .env file
cat > /federated/apps/jitsi/.env <<EOF cat > /federated/apps/jitsi/.env <<EOF
# shellcheck disable=SC2034 # shellcheck disable=SC2034
@ -500,7 +498,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
ENABLE_AUTH=1 ENABLE_AUTH=1
# Enable guest access # Enable guest access
ENABLE_GUESTS=0 ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix # Select authentication type: internal, jwt, ldap or matrix
AUTH_TYPE=ldap AUTH_TYPE=ldap
@ -527,10 +525,10 @@ AUTH_TYPE=ldap
LDAP_URL=ldap://ldap.$DOMAIN/ LDAP_URL=ldap://ldap.$DOMAIN/
# LDAP base DN. Can be empty # LDAP base DN. Can be empty
LDAP_BASE=DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST LDAP_BASE=DC=federatedcomputer,DC=cloud
# LDAP user DN. Do not specify this parameter for the anonymous bind # LDAP user DN. Do not specify this parameter for the anonymous bind
LDAP_BINDDN=CN=admin,DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST LDAP_BINDDN=CN=admin,DC=federatedcomputer,DC=cloud
# LDAP user password. Do not specify this parameter for the anonymous bind # LDAP user password. Do not specify this parameter for the anonymous bind
LDAP_BINDPW=$LDAP_SECRET LDAP_BINDPW=$LDAP_SECRET
@ -615,36 +613,8 @@ echo -ne "done."
} }
start_jitsi() { start_jitsi() {
# Start /federated/apps/jitsi with output to /dev/null # Start service with command to make sure it's up before proceeding
echo -ne "\n* Starting /federated/apps/jitsi service.." start_service "jitsi" "nc -z 172.99.0.25 443 &> /dev/null"
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/jitsi with output to console for debug
cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/jitsi"
else
cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi up -d &> /dev/null
# Keep trying jitsi port 443 to make sure it's up
# before we proceed
RETRY="30"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.23 443 &> /dev/null
if [ $? -eq 0 ]; then
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
kill -9 $SPINPID &> /dev/null
fail "There was a problem starting service /federated/apps/jitsi\nCheck the output of 'docker logs jitsi' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 7
fi
done
fi
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

43
lib/ldap.sh
View File

@ -10,17 +10,13 @@ config_ldap() {
SPINPID=$! SPINPID=$!
if [ ! -d "/federated/apps/ldap" ]; then if [ ! -d "/federated/apps/ldap" ]; then
mkdir -p /federated/apps/ldap/data &> /dev/null
mkdir -p /federated/apps/ldap/data/var/lib/ldap &> /dev/null
mkdir -p /federated/apps/ldap/data/etc/ldap/slap.d &> /dev/null
mkdir -p /federated/apps/ldap/data/certs &> /dev/null mkdir -p /federated/apps/ldap/data/certs &> /dev/null
mkdir -p /federated/apps/ldap/data/root &> /dev/null mkdir -p /federated/apps/ldap/data/root &> /dev/null
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ mkdir -p /federated/apps/ldap/data/var/lib/ldap &> /dev/null
mkdir -p /federated/apps/ldap/data/etc/ldap/slap.d &> /dev/null
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
LDAPADMINPASS=`echo -n $ADMINPASS | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print "{SHA}"$0}'` LDAPADMINPASS=`echo -n $ADMINPASS | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print "{SHA}"$0}'`
cat > /federated/apps/ldap/docker-compose.yml <<EOF cat > /federated/apps/ldap/docker-compose.yml <<EOF
@ -36,7 +32,7 @@ services:
working_dir: /root working_dir: /root
networks: networks:
federated: federated:
ipv4_address: 172.99.0.12 ipv4_address: 172.99.0.15
volumes: volumes:
- ./data/var/lib/ldap:/var/lib/ldap - ./data/var/lib/ldap:/var/lib/ldap
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d - ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
@ -58,14 +54,14 @@ EOF
cat > /federated/apps/ldap/.env <<EOF cat > /federated/apps/ldap/.env <<EOF
IMAGE_VERSION="1.5.0" IMAGE_VERSION="1.5.0"
LDAP_ORGANISATION=$COMPANY LDAP_ORGANISATION=$COMPANY
LDAP_DOMAIN=$DOMAIN LDAP_DOMAIN=federatedcomputer.cloud
LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password
LDAP_RFC2307BIS_SCHEMA=true LDAP_RFC2307BIS_SCHEMA=true
LDAP_REMOVE_CONFIG_AFTER_SETUP=true LDAP_REMOVE_CONFIG_AFTER_SETUP=true
LDAP_TLS=true LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=$DOMAIN.crt LDAP_TLS_CRT_FILENAME=$DOMAIN.crt
LDAP_TLS_KEY_FILENAME=$DOMAIN.key LDAP_TLS_KEY_FILENAME=$DOMAIN.key
#LDAP_TLS_CA_CRT_FILENAME=chain1.pem LDAP_TLS_CA_CRT_FILENAME=$DOMAIN.crt
LDAP_TLS_VERIFY_CLIENT=try LDAP_TLS_VERIFY_CLIENT=try
EOF EOF
chmod 600 /federated/apps/ldap/.env chmod 600 /federated/apps/ldap/.env
@ -75,17 +71,17 @@ echo "$LDAP_SECRET" > /federated/apps/ldap/.ldap.secret
chmod 600 /federated/apps/ldap/.ldap.secret chmod 600 /federated/apps/ldap/.ldap.secret
cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF
dn: ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: ou=people,dc=federatedcomputer,dc=cloud
ou: people ou: people
objectClass: organizationalUnit objectClass: organizationalUnit
structuralObjectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: ou=groups,dc=federatedcomputer,dc=cloud
ou: groups ou: groups
objectClass: organizationalUnit objectClass: organizationalUnit
structuralObjectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: cn=lastGID,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: cn=lastGID,dc=federatedcomputer,dc=cloud
objectClass: device objectClass: device
objectClass: top objectClass: top
description: Records the last GID used to create a Posix group. This prevent description: Records the last GID used to create a Posix group. This prevent
@ -93,7 +89,7 @@ description: Records the last GID used to create a Posix group. This prevent
structuralObjectClass: device structuralObjectClass: device
cn: lastGID cn: lastGID
dn: cn=lastUID,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: cn=lastUID,dc=federatedcomputer,dc=cloud
objectClass: device objectClass: device
objectClass: top objectClass: top
description: Records the last UID used to create a Posix account. This preve description: Records the last UID used to create a Posix account. This preve
@ -101,25 +97,25 @@ description: Records the last UID used to create a Posix account. This preve
structuralObjectClass: device structuralObjectClass: device
cn: lastUID cn: lastUID
dn: cn=everybody,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: cn=everybody,ou=groups,dc=federatedcomputer,dc=cloud
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
objectClass: groupOfUniqueNames objectClass: groupOfUniqueNames
cn: everybody cn: everybody
uniqueMember: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST uniqueMember: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
gidNumber: 2001 gidNumber: 2001
structuralObjectClass: groupOfUniqueNames structuralObjectClass: groupOfUniqueNames
dn: cn=admins,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: cn=admins,ou=groups,dc=federatedcomputer,dc=cloud
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
objectClass: groupOfUniqueNames objectClass: groupOfUniqueNames
cn: admins cn: admins
uniqueMember: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST uniqueMember: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
gidNumber: 2002 gidNumber: 2002
structuralObjectClass: groupOfUniqueNames structuralObjectClass: groupOfUniqueNames
dn: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST dn: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
givenName: admin givenName: admin
sn: admin sn: admin
uid: admin uid: admin
@ -137,8 +133,8 @@ gidNumber: 2001
loginShell: /bin/bash loginShell: /bin/bash
homeDirectory: /home/admin homeDirectory: /home/admin
structuralObjectClass: inetOrgPerson structuralObjectClass: inetOrgPerson
memberOf: cn=admins,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST memberOf: cn=admins,ou=groups,dc=federatedcomputer,dc=cloud
memberOf: cn=everybody,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST memberOf: cn=everybody,ou=groups,dc=federatedcomputer,dc=cloud
EOF EOF
cat > /federated/apps/ldap/data/root/ldap.sh <<'EOF' cat > /federated/apps/ldap/data/root/ldap.sh <<'EOF'
@ -162,8 +158,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_ldap() { start_ldap() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/ldap/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "ldap" "nc -z 172.99.0.12 636 &> /dev/null" start_service "ldap" "nc -z $SERVICE_IP 636 &> /dev/null"
# Run our ldap.sh script inside the ldap container # Run our ldap.sh script inside the ldap container
# This imports the inital LDAP configuration # This imports the inital LDAP configuration

13
lib/listmonk.sh
View File

@ -13,10 +13,6 @@ config_listmonk() {
mkdir -p /federated/apps/listmonk/static /federated/apps/listmonk/data/listmonk mkdir -p /federated/apps/listmonk/static /federated/apps/listmonk/data/listmonk
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/listmonk/docker-compose.yml <<EOF cat > /federated/apps/listmonk/docker-compose.yml <<EOF
version: "3.7" version: "3.7"
@ -30,7 +26,7 @@ services:
command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"] command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"]
networks: networks:
federated: federated:
ipv4_address: 172.99.0.19 ipv4_address: 172.99.0.21
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
@ -47,6 +43,8 @@ networks:
external: true external: true
EOF EOF
LISTMONK_SECRET="CTxR2dmNiDpdt2F5tN5ZTqQN0HPiWgX4"
cat > /federated/apps/listmonk/.env <<EOF cat > /federated/apps/listmonk/.env <<EOF
IMAGE_VERSION="v2.3.0" IMAGE_VERSION="v2.3.0"
TZ=Etc/UTC TZ=Etc/UTC
@ -76,8 +74,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_listmonk() { start_listmonk() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "listmonk" "nc -z 172.99.0.19 9000 &> /dev/null" start_service "listmonk" "nc -z $SERVICE_IP 9000 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

45
lib/mail.sh
View File

@ -15,13 +15,9 @@ config_mail() {
mkdir -p /federated/apps/mail/data/var/mail-state &> /dev/null mkdir -p /federated/apps/mail/data/var/mail-state &> /dev/null
mkdir -p /federated/apps/mail/data/var/log/mail &> /dev/null mkdir -p /federated/apps/mail/data/var/log/mail &> /dev/null
mkdir -p /federated/apps/mail/data/tmp/docker-mailserver &> /dev/null mkdir -p /federated/apps/mail/data/tmp/docker-mailserver &> /dev/null
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/mail/docker-compose.yml <<EOF cat > /federated/apps/mail/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -34,7 +30,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.13 ipv4_address: 172.99.0.16
ports: ports:
- "25:25" - "25:25"
- "143:143" - "143:143"
@ -59,6 +55,8 @@ networks:
external: true external: true
EOF EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
cat > /federated/apps/mail/.env <<EOF cat > /federated/apps/mail/.env <<EOF
IMAGE_VERSION="11.3.1" IMAGE_VERSION="11.3.1"
ENABLE_SPAMASSASSIN=1 ENABLE_SPAMASSASSIN=1
@ -78,8 +76,8 @@ LDAP_START_TLS=yes
DOVECOT_TLS=yes DOVECOT_TLS=yes
SASLAUTHD_LDAP_START_TLS=yes SASLAUTHD_LDAP_START_TLS=yes
LDAP_SERVER_HOST=ldap.$DOMAIN LDAP_SERVER_HOST=ldap.$DOMAIN
LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
LDAP_BIND_PW=$LDAP_SECRET LDAP_BIND_PW=$LDAP_SECRET
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
@ -93,9 +91,9 @@ DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
ENABLE_SASLAUTHD=1 ENABLE_SASLAUTHD=1
SASLAUTHD_MECHANISMS=ldap SASLAUTHD_MECHANISMS=ldap
SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U)) SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
POSTMASTER_ADDRESS=postmaster@localhost.localdomain POSTMASTER_ADDRESS=postmaster@localhost.localdomain
POSTFIX_MESSAGE_SIZE_LIMIT=100000000 POSTFIX_MESSAGE_SIZE_LIMIT=100000000
@ -103,7 +101,8 @@ EOF
chmod 600 /federated/apps/mail/.env chmod 600 /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
EOF EOF
@ -111,27 +110,25 @@ EOF
echo -ne "done." echo -ne "done."
} }
start_mail() { start_mail() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "mail" "nc -z 172.99.0.13 25 &> /dev/null" start_service "mail" "nc -z $SERVICE_IP 25 &> /dev/null"
# Generate the DKIM DNS key # Generate the DKIM DNS key
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
[ $? -ne 0 ] && fail "Couldn't generate DKIM record" [ $? -ne 0 ] && fail "Couldn't generate DKIM record"
# Insert the DKIM DNS TXT entry into /federated/apps/dns container # Insert the DKIM DNS TXT entry into /federated/apps/pdns container
cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt | sed 's/.*(//'`
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/dns container" DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'`
docker exec -it pdns pdnsutil add-record $DOMAIN mail._domainkey TXT 86400 "$DKIM_RECORD"
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container"
# Insert the DMARC DNS TXT entry into /federated/apps/dns container # Insert the DMARC DNS TXT entry into /federated/apps/dns container
echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN docker exec -it pdns pdnsutil add-record $DOMAIN _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\""
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/dns container" [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
# Reload DNS configuration in /federated/apps/dns container
docker exec -it dns rndc reload $DOMAIN &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run rndc reload DOMAIN on /federated/apps/dns container"
docker exec -it dns rndc reload &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run rndc reload on /federated/apps/dns container"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

26
lib/matrix.sh
View File

@ -11,14 +11,10 @@ config_matrix() {
if [ ! -d "/federated/apps/matrix" ]; then if [ ! -d "/federated/apps/matrix" ]; then
mkdir -p /federated/apps/matrix/data/matrix &> /dev/null mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/matrix/docker-compose.yml <<EOF cat > /federated/apps/matrix/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -31,16 +27,16 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.17 ipv4_address: 172.99.0.19
volumes: volumes:
- ./data/matrix:/data - ./data/matrix:/data
env_file: env_file:
- ./.env - ./.env
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.listmonk.rule=Host(\`matrix.$DOMAIN\`)" - "traefik.http.routers.matrix.rule=Host(\`matrix.$DOMAIN\`)"
- "traefik.http.routers.listmonk.entrypoints=websecure" - "traefik.http.routers.matrix.entrypoints=websecure"
- "traefik.http.routers.listmonk.tls.certresolver=letsencrypt" - "traefik.http.routers.matrix.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
@ -52,6 +48,9 @@ IMAGE_VERSION="v1.75.0"
EOF EOF
chmod 600 /federated/apps/matrix/.env chmod 600 /federated/apps/matrix/.env
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
MATRIX_SECRET="zKCXIwLSamYDG6vlNDeXGFUnzmR5sXYX"
# Generate the matrix homeserver.yaml file # Generate the matrix homeserver.yaml file
docker run -it --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null docker run -it --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate" [ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate"
@ -80,12 +79,12 @@ modules:
enabled: true enabled: true
uri: "ldaps://ldap.$DOMAIN:636" uri: "ldaps://ldap.$DOMAIN:636"
start_tls: true start_tls: true
base: "dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST" base: "dc=federatedcomputer,dc=cloud"
attributes: attributes:
mail: "mail" mail: "mail"
uid: "uid" uid: "uid"
name: "givenName" name: "givenName"
bind_dn: cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST bind_dn: cn=admin,dc=federatedcomputer,dc=cloud
bind_password: $LDAP_SECRET bind_password: $LDAP_SECRET
tls_options: tls_options:
validate: true validate: true
@ -97,8 +96,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_matrix() { start_matrix() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/matrix/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "matrix" "nc -z 172.99.0.17 8008 &> /dev/null" start_service "matrix" "nc -z $SERVICE_IP 8008 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

29
lib/nextcloud.sh
View File

@ -18,10 +18,6 @@ config_nextcloud() {
mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -35,7 +31,7 @@ services:
# working_dir: /var/www/html # working_dir: /var/www/html
networks: networks:
federated: federated:
ipv4_address: 172.99.0.16 ipv4_address: 172.99.0.18
extra_hosts: extra_hosts:
- "collabora.$DOMAIN:$EXTERNALIP" - "collabora.$DOMAIN:$EXTERNALIP"
volumes: volumes:
@ -52,9 +48,9 @@ services:
- federated_nextcloud_password - federated_nextcloud_password
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.listmonk.rule=Host(\`nextcloud.$DOMAIN\`)" - "traefik.http.routers.nextcloud.rule=Host(\`nextcloud.$DOMAIN\`)"
- "traefik.http.routers.listmonk.entrypoints=websecure" - "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.listmonk.tls.certresolver=letsencrypt" - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
secrets: secrets:
federated_psql_password: federated_psql_password:
@ -66,6 +62,8 @@ networks:
external: true external: true
EOF EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
NEXTCLOUD_SECRET="DEeFFCSLHiZKiV0nJQG7QiOFoPUp7lRb"
echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
@ -162,11 +160,11 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
/var/www/html/occ app:enable user_ldap /var/www/html/occ app:enable user_ldap
/var/www/html/occ ldap:create-empty-config /var/www/html/occ ldap:create-empty-config
/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN' /var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST /var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET /var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST /var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST /var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber /var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn /var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
@ -213,13 +211,13 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
/var/www/html/occ app:enable forms /var/www/html/occ app:enable forms
/var/www/html/occ app:enable spreed /var/www/html/occ app:enable spreed
/var/www/html/occ app:enable side_menu /var/www/html/occ app:enable side_menu
/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
/var/www/html/occ app:enable richdocuments /var/www/html/occ app:enable richdocuments
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url /var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url /var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
/var/www/html/occ config:app:set --value ooxml richdocuments doc_format /var/www/html/occ config:app:set --value ooxml richdocuments doc_format
/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification /var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
/var/www/html/occ config:import configs.json /var/www/html/occ config:import configs.json
/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
EOF EOF
chmod +x /federated/apps/nextcloud/data/config.sh chmod +x /federated/apps/nextcloud/data/config.sh
@ -229,8 +227,11 @@ chmod +x /federated/apps/nextcloud/data/config.sh
} }
start_nextcloud() { start_nextcloud() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "nextcloud" "nc -z 172.99.0.16 80 &> /dev/null" start_service "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null"
# Move config.sh and sidemenu config, set config.sh executable # Move config.sh and sidemenu config, set config.sh executable
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/ mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/

23
lib/panel.sh
View File

@ -13,10 +13,6 @@ config_panel() {
mkdir -p /federated/apps/panel mkdir -p /federated/apps/panel
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/panel/docker-compose.yml <<EOF cat > /federated/apps/panel/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -29,28 +25,30 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.21 ipv4_address: 172.99.0.23
env_file: env_file:
- ./.env - ./.env
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.listmonk.rule=Host(\`panel.$DOMAIN\`)" - "traefik.http.routers.panel.rule=Host(\`panel.$DOMAIN\`)"
- "traefik.http.routers.listmonk.entrypoints=websecure" - "traefik.http.routers.panel.entrypoints=websecure"
- "traefik.http.routers.listmonk.tls.certresolver=letsencrypt" - "traefik.http.routers.panel.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
external: true external: true
EOF EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
cat > /federated/apps/panel/.env <<EOF cat > /federated/apps/panel/.env <<EOF
IMAGE_VERSION="v1.10" IMAGE_VERSION="v1.10"
SERVER_HOSTNAME=panel.$DOMAIN SERVER_HOSTNAME=panel.$DOMAIN
LDAP_URI=ldap://ldap.$DOMAIN LDAP_URI=ldap://ldap.$DOMAIN
LDAP_BASE_DN=dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST LDAP_BASE_DN=dc=federatedcomputer,dc=cloud
LDAP_REQUIRE_STARTTLS=true LDAP_REQUIRE_STARTTLS=true
LDAP_ADMINS_GROUP=admins LDAP_ADMINS_GROUP=admins
LDAP_ADMIN_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST LDAP_ADMIN_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
LDAP_ADMIN_BIND_PWD=$LDAP_SECRET LDAP_ADMIN_BIND_PWD=$LDAP_SECRET
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailEnabled:Mail Enabled:TRUE,mailAlias+:Email aliases
@ -70,8 +68,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_panel() { start_panel() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/panel/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "panel" "nc -z 172.99.0.21 80 &> /dev/null" start_service "panel" "nc -z $SERVICE_IP 80 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

11
lib/pdns.sh
View File

@ -25,7 +25,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.9 ipv4_address: 172.99.0.11
ports: ports:
- "53:53" - "53:53"
- "53:53/udp" - "53:53/udp"
@ -79,7 +79,7 @@ curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "MX", "ttl": 864
curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "TXT", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "\"v=spf1 mx a:$DOMAIN ~all\"", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN. curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "TXT", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "\"v=spf1 mx a:$DOMAIN ~all\"", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
# Create the A records for domain # Create the A records for domain
for i in ns1 ns2 mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn baserow gitea blog documentation; do for i in ns1 ns2 pdnsadmin traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
curl -X PATCH --data "{\"rrsets\": [ {\"name\": \"\$i.$DOMAIN.\", \"type\": \"A\", \"ttl\": 86400, \"changetype\": \"REPLACE\", \"records\": [ {\"content\": \"$EXTERNALIP\", \"disabled\": false } ] } ] }" -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN. curl -X PATCH --data "{\"rrsets\": [ {\"name\": \"\$i.$DOMAIN.\", \"type\": \"A\", \"ttl\": 86400, \"changetype\": \"REPLACE\", \"records\": [ {\"content\": \"$EXTERNALIP\", \"disabled\": false } ] } ] }" -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
done done
@ -88,6 +88,8 @@ done
# Create CNAME record for domain to www # Create CNAME record for domain to www
curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "www.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN. curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "www.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP
EOF EOF
chmod +x /federated/apps/pdns/data/root/createrecords.sh chmod +x /federated/apps/pdns/data/root/createrecords.sh
@ -95,8 +97,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_pdns() { start_pdns() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "pdns" "nc -z 172.99.0.9 8081 &> /dev/null" start_service "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null"
# Run createrecords.sh inside baserow container # Run createrecords.sh inside baserow container
docker exec -it pdns /root/createrecords.sh docker exec -it pdns /root/createrecords.sh

19
lib/pdnsadmin.sh
View File

@ -18,30 +18,30 @@ version: '3.7'
services: services:
pdnsadmin: pdnsadmin:
image: pschiffe/pdnsadmin-uwsgi\${IMAGE_VERSION} image: pschiffe/pdns-admin-uwsgi\${IMAGE_VERSION}
container_name: pdnsadmin container_name: pdnsadmin
hostname: pdnsadmin.$DOMAIN hostname: pdnsadmin.$DOMAIN
domainname: $DOMAIN domainname: $DOMAIN
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.10 ipv4_address: 172.99.0.12
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
- ./data/etc/uwsgi.ini:/etc/uwsgi.ini - ./data/etc/uwsgi.ini:/etc/uwsgi.ini
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.listmonk.rule=Host(\`pdnsadmin.$DOMAIN\`)" - "traefik.http.routers.pdnsadmin.rule=Host(\`pdnsadmin.$DOMAIN\`)"
- "traefik.http.routers.listmonk.entrypoints=websecure" - "traefik.http.routers.pdnsadmin.entrypoints=websecure"
- "traefik.http.routers.listmonk.tls.certresolver=letsencrypt" - "traefik.http.routers.pdnsadmin.tls.certresolver=letsencrypt"
networks: networks:
federated: federated:
external: true external: true
EOF EOF
MYSQL_PASSWORD=`grep MYSQL_PASSWORD /federated/apps/pdns-mysql/.env | awk -F= '{ print $2 }'` MYSQL_PASSWORD=`grep MYSQL_PASSWORD /federated/apps/pdnsmysql/.env | awk -F= '{ print $2 }'`
PDNS_APIKEY=`grep PDNS_api_key /federated/apps/pdns/.env | awk -F= '{ print $2 }'` PDNS_APIKEY=`grep PDNS_api_key /federated/apps/pdns/.env | awk -F= '{ print $2 }'`
PDNS_ADMIN_WEBSERVER_PASSWORD_SALT=`htpasswd -bnBC 10 "" $ADMINPASS | tr -d ':\n' | sed 's/$2y/$2b/'` PDNS_ADMIN_WEBSERVER_PASSWORD_SALT=`htpasswd -bnBC 10 "" $ADMINPASS | tr -d ':\n' | sed 's/$2y/$2b/'`
PDNS_MYSQL_COMMAND="insert into user (id, username, password, firstname, lastname, email, otp_secret, role_id, confirmed) values (\"1\", \"admin\", \"$PDNS_ADMIN_WEBSERVER_PASSWORD_SALT\", \"Admin\", \"Federated\", \"admin@$DOMAIN\", \"\", \"1\", \"0\");" PDNS_MYSQL_COMMAND="insert into user (id, username, password, firstname, lastname, email, otp_secret, role_id, confirmed) values (\"1\", \"admin\", \"$PDNS_ADMIN_WEBSERVER_PASSWORD_SALT\", \"Admin\", \"Federated\", \"admin@$DOMAIN\", \"\", \"1\", \"0\");"
@ -93,11 +93,14 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_pdnsadmin() { start_pdnsadmin() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsadmin/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "pdnsadmin" "nc -z 172.99.0.10 9494 &> /dev/null" start_service "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null"
# Run MySQL command to create admin user for pdns admin interface # Run MySQL command to create admin user for pdns admin interface
docker exec -it pdns-mysql bash -c "mysql -updns -p$MYSQL_PASSWORD pdns -e '$PDNS_MYSQL_COMMAND;'" docker exec -it pdnsmysql bash -c "mysql -updns -p$MYSQL_PASSWORD pdns -e '$PDNS_MYSQL_COMMAND;'"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

7
lib/pdnsmysql.sh
View File

@ -25,7 +25,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.8 ipv4_address: 172.99.0.10
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
@ -52,8 +52,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_pdnsmysql() { start_pdnsmysql() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsmysql/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "pdnsmysql" "nc -z 172.99.0.8 3306 &> /dev/null" start_service "pdnsmysql" "nc -z ${SERVICE_IP} 3306 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

15
lib/postgresql.sh
View File

@ -11,8 +11,8 @@ config_postgresql() {
if [ ! -d "/federated/apps/postgresql" ]; then if [ ! -d "/federated/apps/postgresql" ]; then
mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/apps/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
fi fi
@ -29,7 +29,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.11 ipv4_address: 172.99.0.14
volumes: volumes:
- ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt - ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key - ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
@ -74,7 +74,6 @@ VAULTWARDEN_SECRET=$(create_password);
LISTMONK_SECRET=$(create_password); LISTMONK_SECRET=$(create_password);
MATRIX_SECRET=$(create_password); MATRIX_SECRET=$(create_password);
BASEROW_SECRET=$(create_password); BASEROW_SECRET=$(create_password);
CALCOM_SECRET=$(create_password);
GITEA_SECRET=$(create_password); GITEA_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql # cat postgresql/data/docker-entrypoint-initdb.d/init.sql
@ -94,9 +93,6 @@ GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
CREATE USER baserow WITH PASSWORD '$BASEROW_SECRET'; CREATE USER baserow WITH PASSWORD '$BASEROW_SECRET';
CREATE DATABASE baserow; CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow; GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
CREATE USER calcom WITH PASSWORD '$CALCOM_SECRET';
CREATE DATABASE calcom;
GRANT ALL PRIVILEGES ON DATABASE calcom TO calcom;
CREATE USER gitea WITH PASSWORD '$GITEA_SECRET'; CREATE USER gitea WITH PASSWORD '$GITEA_SECRET';
CREATE DATABASE gitea; CREATE DATABASE gitea;
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea; GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
@ -106,8 +102,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_postgresql() { start_postgresql() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "postgresql" "nc -z 172.99.0.11 5432 &> /dev/null" start_service "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

4
lib/traefik.sh
View File

@ -27,7 +27,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.5 ipv4_address: 172.99.0.13
command: command:
# Tell Traefik to discover containers using the Docker API # Tell Traefik to discover containers using the Docker API
- --providers.docker=true - --providers.docker=true
@ -75,6 +75,8 @@ networks:
external: true external: true
EOF EOF
PDNS_APIKEY=`grep PDNS_api_key /federated/apps/pdns/.env | awk -F= '{ print $2 }'`
cat > /federated/apps/traefik/.env <<EOF cat > /federated/apps/traefik/.env <<EOF
IMAGE_VERSION="v2.10.1" IMAGE_VERSION="v2.10.1"
PDNS_API_KEY=$PDNS_APIKEY PDNS_API_KEY=$PDNS_APIKEY

18
lib/vaultwarden.sh
View File

@ -9,19 +9,10 @@ config_vaultwarden() {
spin & spin &
SPINPID=$! SPINPID=$!
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
DOMAIN_LAST=${DOMAIN_ARRAY[2]}
if [ ! -d "/federated/apps/vaultwarden" ]; then if [ ! -d "/federated/apps/vaultwarden" ]; then
mkdir -p /federated/apps/vaultwarden/data/data mkdir -p /federated/apps/vaultwarden/data/data
fi fi
# DOMAIN_ARRAY=(${DOMAIN//./ })
# DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
# DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -34,7 +25,7 @@ services:
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.20 ipv4_address: 172.99.0.22
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
@ -50,6 +41,8 @@ networks:
external: true external: true
EOF EOF
VAULTWARDEN_SECRET="tVCSy89xjQIgaoHbz1n0aol1SPbsPMOV"
cat > /federated/apps/vaultwarden/.env <<EOF cat > /federated/apps/vaultwarden/.env <<EOF
IMAGE_VERSION="1.27.0" IMAGE_VERSION="1.27.0"
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
@ -69,8 +62,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_vaultwarden() { start_vaultwarden() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/vaultwarden/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "vaultwarden" "nc -z 172.99.0.20 80 &> /dev/null" start_service "vaultwarden" "nc -z $SERVICE_IP 80 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

17
lib/wireguard.sh
View File

@ -13,22 +13,18 @@ config_wireguard() {
mkdir -p /federated/apps/wireguard/data/config mkdir -p /federated/apps/wireguard/data/config
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
cat > /federated/apps/wireguard/docker-compose.yml <<EOF cat > /federated/apps/wireguard/docker-compose.yml <<EOF
version: "3.7" version: "3.7"
services: services:
wireguard: wireguard:
image: linuxserver/wireguard:\${IMAGE_VERSION} image: linuxserver/wireguard:\${IMAGE_VERSION}
container_name: vpn container_name: wireguard
hostname: vpn.$DOMAIN hostname: wireguard.$DOMAIN
domainname: $DOMAIN domainname: $DOMAIN
restart: always restart: always
networks: networks:
federated: federated:
ipv4_address: 172.99.0.22 ipv4_address: 172.99.0.24
ports: ports:
- 51820:51820/udp - 51820:51820/udp
volumes: volumes:
@ -51,7 +47,7 @@ cat > /federated/apps/wireguard/.env <<EOF
IMAGE_VERSION="1.0.20210914" IMAGE_VERSION="1.0.20210914"
PUID=1000 PUID=1000
PGID=1000 PGID=1000
SERVERURL=vpn.$DOMAIN SERVERURL=wireguard.$DOMAIN
SERVERPORT=51820 SERVERPORT=51820
PEERS=1 PEERS=1
PEERDNS=auto PEERDNS=auto
@ -64,8 +60,11 @@ kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_wireguard() { start_wireguard() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/wireguard/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "wireguard" "nc -uvz 172.99.0.22 51820 &> /dev/null" start_service "wireguard" "nc -uvz $SERVICE_IP 51820 &> /dev/null"
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."