First round of convertdomain
This commit is contained in:
parent
d63f5680e7
commit
ede42f4c31
6
.gitignore
vendored
Normal file
6
.gitignore
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
bin/.adminpass
|
||||
bin/.b2init
|
||||
bin/.gpg.backblaze
|
||||
logs/
|
||||
certs/
|
||||
apps/
|
@ -1 +0,0 @@
|
||||
9585ba84-ef8a-11ed-9363-431dba4e45bd
|
3
bin/.env
3
bin/.env
@ -7,9 +7,6 @@ COMPANY="Fang Free Inc"
|
||||
# Country Code (US, HK, GB, JP, etc)
|
||||
COUNTRY="US"
|
||||
|
||||
# Administrator password
|
||||
ADMINPASS="password123"
|
||||
|
||||
# Backblaze KeyID (Master Key) for backups
|
||||
B2_APPLICATION_KEY_ID="3239c6765fdc"
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
rDGL27yH6YlIa73MyQpcR38jMyrtOTe5
|
474
bin/convertdomain
Executable file
474
bin/convertdomain
Executable file
@ -0,0 +1,474 @@
|
||||
#!/bin/bash -x
|
||||
#
|
||||
# Federated Convert Domain
|
||||
#
|
||||
# Converts Federated Core services
|
||||
# From: customer.federatedcomputer.cloud
|
||||
# To: domain.com
|
||||
|
||||
. /federated/lib/functions.sh
|
||||
. /federated/bin/.env
|
||||
|
||||
check_gluerecords() {
|
||||
echo -ne "\n* Checking glue records for $DOMAIN_NEW.."
|
||||
|
||||
NS_PARENT="$(dig +short NS "$DOMAIN_LAST." | head -n 1)"
|
||||
CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW"
|
||||
|
||||
CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW"
|
||||
|
||||
CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP"
|
||||
|
||||
CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
do_serviceprep() {
|
||||
# Create DNS records for newdomain
|
||||
docker exec -it pdns pdnsutil create-zone $DOMAIN_NEW
|
||||
docker exec -it pdns pdnsutil set-kind $DOMAIN_NEW native
|
||||
docker exec -it pdns pdnsutil set-meta $DOMAIN_NEW SOA-EDIT-API DEFAULT
|
||||
|
||||
for i in ns1 ns2 powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW $i A 86400 $EXTERNALIP
|
||||
done
|
||||
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns1.$DOMAIN_NEW
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns2.$DOMAIN_NEW
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ MX 86400 "10 mail.$DOMAIN_NEW"
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ TXT 86400 "\"v=spf1 mx a:$DOMAIN_NEW ~all\""
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW \* CNAME 86400 www.$DOMAIN_NEW
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ A 86400 $EXTERNALIP
|
||||
|
||||
# Other pre-prep service stuff
|
||||
docker exec -it -u 33 nextcloud /var/www/html/occ -vv ldap:delete-config s01
|
||||
docker exec -it -u 33 nextcloud /var/www/html/occ app:disable user_ldap
|
||||
docker exec -it ldap bash -c "slapcat > /root/convertdomain.ldif"
|
||||
|
||||
# Remove first lines of ldap config, replace dc= with new domain, replace domain name
|
||||
sed -n '/^dn: ou=people,dc=federatedcomputer,dc=cloud$/,$p' /federated/apps/ldap/data/root/convertdomain.ldif > /federated/apps/ldap/data/root/convertdomain1.ldif
|
||||
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/data/root/convertdomain1.ldif
|
||||
}
|
||||
convert_powerdns() {
|
||||
#### Convert PowerDNS pdnsmysql
|
||||
echo -ne "\n* Converting pdnsmysql.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsmysql/docker-compose.yml
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsmysql/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "pdnsmysql" "nc -z ${SERVICE_IP} 3306 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
|
||||
#### Convert PowerDNS pdns
|
||||
echo -ne "\n* Converting pdns.."
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/.env
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
|
||||
#### Convert PowerDNS pdnsadmin
|
||||
echo -ne "\n* Converting pdnsadmin.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/.env
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsadmin/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_traefik() {
|
||||
#### Convert Traefik
|
||||
echo -ne "\n* Converting traefik. Waiting 60s first for dns.."
|
||||
sleep 60
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/.env
|
||||
rm -rf /federated/apps/traefik/data/letsencrypt/acme.json
|
||||
|
||||
# Start Traefik
|
||||
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
|
||||
|
||||
# Keep trying to see that certificates are generated
|
||||
RETRY="20"
|
||||
while [ $RETRY -gt 0 ]; do
|
||||
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
|
||||
|
||||
# Check if certs are generated
|
||||
ls /federated/certs/private/$DOMAIN_NEW.key /federated/certs/certs/$DOMAIN_NEW.crt &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
break
|
||||
else
|
||||
if [ "$RETRY" == 1 ]; then
|
||||
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
|
||||
failcheck "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik'"
|
||||
fi
|
||||
((RETRY--))
|
||||
sleep 9
|
||||
fi
|
||||
done
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_postgresql() {
|
||||
#### Convert Postgresql
|
||||
echo -ne "\n* Converting postgresql.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/.env
|
||||
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
|
||||
cp /federated/certs/private/$DOMAIN_NEW.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
||||
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
||||
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_ldap() {
|
||||
#### Convert LDAP
|
||||
echo -ne "\n* Converting ldap.."
|
||||
|
||||
# Remove LDAP files so we can start clean
|
||||
rm -rf /federated/apps/ldap/data/var/lib/ldap/*
|
||||
rm -rf /federated/apps/ldap/data/etc/ldap/slapd.d/*
|
||||
rm -rf /federated/apps/ldap/data/root/.ldaprc
|
||||
rm -rf /federated/apps/ldap/data/certs/dhparam.pem
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/.env
|
||||
sed -i "s#LDAP_DOMAIN=.*#LDAP_DOMAIN=$DOMAIN_NEW#g" /federated/apps/ldap/.env
|
||||
sed -i "s#LDAP_ORGANISATION=.*#LDAP_ORGANISATION=$ORG_NEW#g" /federated/apps/ldap/.env
|
||||
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/ldap/data/certs/
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/ldap/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "ldap" "nc -z $SERVICE_IP 636 &> /dev/null"
|
||||
|
||||
# This imports the modified LDAP configuration above
|
||||
docker exec -it ldap bash -c "slapadd -v -l /root/convertdomain1.ldif" &> /dev/null
|
||||
[ $? -ne 0 ] && failcheck "Couldn't slapadd convertdomain1.ldif inside ldap container"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_mail() {
|
||||
#### Convert Mail
|
||||
echo -ne "\n* Converting mail.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/.env
|
||||
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/mail/data/root/certs/
|
||||
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "mail" "nc -z $SERVICE_IP 25 &> /dev/null"
|
||||
|
||||
# Generate the DKIM DNS key for new domain
|
||||
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN_NEW &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
|
||||
|
||||
# Insert the DKIM DNS TXT entry into /federated/apps/pdns container
|
||||
DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN_NEW/mail.txt | sed 's/.*(//'`
|
||||
DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'`
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container"
|
||||
|
||||
# Insert the DMARC DNS TXT entry into /federated/apps/pdns container
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_collabora() {
|
||||
#### Convert Collabora
|
||||
echo -ne "\n* Converting collabora.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/.env
|
||||
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/collabora/data/root/certs/
|
||||
chown 104 /federated/apps/collabora/data/root/certs/*
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/collabora/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "collabora" "nc -z $SERVICE_IP 9980 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_nextcloud() {
|
||||
#### Convert Nextcloud
|
||||
echo -ne "\n* Converting nextcloud.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config.sh
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/configs.json
|
||||
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/nextcloud/data/var/www/html/config.sh
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null"
|
||||
|
||||
docker exec -it -u 33 nextcloud /var/www/html/config.sh
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_matrix() {
|
||||
#### Convert Matrix
|
||||
echo -ne "\n* Converting matrix.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/.env
|
||||
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
sed -i "s#server_name: \"matrix.$DOMAIN\"#server_name: \"matrix.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
sed -i "s#postgresql.$DOMAIN#postgresql.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
sed -i "s#ldap.$DOMAIN#ldap.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
sed -i "s#$DOMAIN.crt#$DOMAIN_NEW.crt#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
sed -i "s#$DOMAIN.key#$DOMAIN_NEW.key#g" /federated/apps/matrix/data/matrix/homeserver.yaml
|
||||
|
||||
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/matrix/data/matrix/
|
||||
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN_NEW.crt /federated/apps/matrix/data/matrix/$DOMAIN_NEW.key
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/matrix/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "matrix" "nc -z $SERVICE_IP 8008 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_element() {
|
||||
#### Convert Element
|
||||
echo -ne "\n* Converting element.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/data/element/element-config.json
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/element/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "element" "nc -z $SERVICE_IP 80 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_listmonk() {
|
||||
#### Convert Listmonk
|
||||
echo -ne "\n* Converting listmonk.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/data/listmonk/config.toml
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "listmonk" "nc -z $SERVICE_IP 9000 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_vaultwarden() {
|
||||
#### Convert Vaultwarden
|
||||
echo -ne "\n* Converting vaultwarden.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/.env
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/vaultwarden/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "vaultwarden" "nc -z $SERVICE_IP 80 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_panel() {
|
||||
#### Convert Panel
|
||||
echo -ne "\n* Converting panel.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/.env
|
||||
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env
|
||||
sed -i "s#SITE_NAME=.*#SITE_NAME=$ORG_NEW Panel#g" /federated/apps/panel/.env
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/panel/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "panel" "nc -z $SERVICE_IP 80 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_wireguard() {
|
||||
#### Convert Wireguard
|
||||
echo -ne "\n* Converting wireguard.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/.donoteditthisfile
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/peer1/peer1.conf
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/wireguard/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "wireguard" "nc -uvz $SERVICE_IP 51820 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_jitsi() {
|
||||
#### Convert Jitsi
|
||||
echo -ne "\n* Converting jitsi.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/.env
|
||||
sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env
|
||||
|
||||
start_service_convert "jitsi" "nc -z 172.99.0.25 443 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_baserow() {
|
||||
#### Convert Baserow
|
||||
echo -ne "\n* Converting baserow.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/.env
|
||||
docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set username='admin@$DOMAIN_NEW' where username='admin@$DOMAIN'\"" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
|
||||
|
||||
docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set email='admin@$DOMAIN_NEW' where email='admin@$DOMAIN'\"" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
|
||||
|
||||
start_service_convert "baserow" "docker exec -it baserow curl http://localhost:8000 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_gitea() {
|
||||
#### Convert Gitea
|
||||
echo -ne "\n* Converting gitea.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/data/data/gitea/conf/app.ini
|
||||
|
||||
# Replace users in Gitea postgres database with new domain name
|
||||
for i in `docker exec -it postgresql bash -c "psql -U gitea -t -c 'select * from email_address;'" | grep $DOMAIN | awk -F\@ '{ print $1 }' | awk '{ print $5 }'`; do
|
||||
USER="$i";
|
||||
docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set email='$USER@$DOMAIN_NEW' where email='$USER@$DOMAIN'\""
|
||||
docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set lower_email='$USER@$DOMAIN_NEW' where lower_email='$USER@$DOMAIN'\""
|
||||
done
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null"
|
||||
|
||||
# Delete tne current admin and create the admin user with new domain name
|
||||
docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1"
|
||||
docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
convert_caddy() {
|
||||
#### Convert Caddy
|
||||
echo -ne "\n* Converting caddy.."
|
||||
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/docker-compose.yml
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/.env
|
||||
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/data/etc/caddy/Caddyfile
|
||||
|
||||
# Grab the container IP from docker-compose
|
||||
SERVICE_IP=`grep ipv4_address /federated/apps/caddy/docker-compose.yml | awk '{ print $2 }'`
|
||||
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service_convert "caddy" "nc -z $SERVICE_IP 80 &> /dev/null"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
usage() {
|
||||
echo "$0: <domain.com> <organization name>"
|
||||
exit 2
|
||||
}
|
||||
|
||||
[ $# != 2 ] && usage
|
||||
DOMAIN_NEW=$1
|
||||
ORG_NEW=$2
|
||||
|
||||
# Check if DNS works
|
||||
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working"
|
||||
|
||||
# Setup DOMAIN variable for domain or subdomain
|
||||
DOMAIN_ARRAY=(${DOMAIN_NEW//./ })
|
||||
if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then
|
||||
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
||||
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
||||
elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
|
||||
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
||||
DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
|
||||
DOMAIN_LAST=${DOMAIN_ARRAY[2]}
|
||||
else
|
||||
failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com"
|
||||
fi
|
||||
ADMINPASS=`cat /federated/bin/.adminpass | head -1`
|
||||
|
||||
echo -ne "\n\nConverting Federated Core $DOMAIN to $DOMAIN_NEW.\n\n"
|
||||
|
||||
check_gluerecords
|
||||
do_serviceprep
|
||||
|
||||
# Stop all services
|
||||
/federated/bin/stop all &> /dev/null
|
||||
|
||||
convert_powerdns
|
||||
convert_traefik
|
||||
convert_postgresql
|
||||
convert_ldap
|
||||
convert_mail
|
||||
convert_collabora
|
||||
convert_nextcloud
|
||||
convert_matrix
|
||||
convert_element
|
||||
convert_listmonk
|
||||
convert_vaultwarden
|
||||
convert_panel
|
||||
convert_wireguard
|
||||
convert_jitsi
|
||||
convert_baserow
|
||||
convert_gitea
|
||||
convert_caddy
|
@ -6,6 +6,8 @@ if ! command -v traefik-certs-dumper &> /dev/null; then
|
||||
failcheck "FAILED - traefik-certs-dumper tool not installed"
|
||||
fi
|
||||
|
||||
. /federated/bin/.env
|
||||
|
||||
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
|
||||
|
||||
# Install into PostgreSQL container
|
||||
|
39
bin/gluerecords.sh
Executable file
39
bin/gluerecords.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
. /federated/lib/functions.sh
|
||||
|
||||
check_gluerecords() {
|
||||
echo -ne "\n* Checking glue records for $DOMAIN_NEW.."
|
||||
# Setup DOMAIN variable for domain or subdomain
|
||||
DOMAIN_ARRAY=(${DOMAIN_NEW//./ })
|
||||
if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then
|
||||
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
||||
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
||||
elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
|
||||
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
||||
DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
|
||||
DOMAIN_LAST=${DOMAIN_ARRAY[2]}
|
||||
else
|
||||
failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com"
|
||||
fi
|
||||
|
||||
NS_PARENT="$(dig +short NS "$DOMAIN_LAST." | head -n 1)"
|
||||
CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW"
|
||||
|
||||
CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW"
|
||||
|
||||
CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP"
|
||||
|
||||
CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
|
||||
DOMAIN_NEW="customer5.fangfree.com"
|
||||
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
||||
[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working"
|
||||
check_gluerecords
|
@ -102,7 +102,7 @@ for i in "${SERVICES[@]}"; do
|
||||
done
|
||||
|
||||
# Add cron jobs for backup, upgrade, dumpcerts
|
||||
add_cron
|
||||
#add_cron
|
||||
|
||||
# Print out federated environment details
|
||||
echo -ne "\n\n"
|
||||
|
20
lib/caddy.sh
20
lib/caddy.sh
@ -54,50 +54,50 @@ chmod 600 /federated/apps/caddy/.env
|
||||
|
||||
cat > /federated/apps/caddy/data/etc/caddy/Caddyfile <<EOF
|
||||
$DOMAIN:80 {
|
||||
root * /srv/www.$DOMAIN.com/public
|
||||
root * /srv/www/public
|
||||
file_server
|
||||
}
|
||||
www.$DOMAIN:80 {
|
||||
root * /srv/www.$DOMAIN/public
|
||||
root * /srv/www/public
|
||||
file_server
|
||||
route /webhook {
|
||||
webhook {
|
||||
repo https://gitea.$DOMAIN/gitea/www.$DOMAIN
|
||||
repo https://gitea.$DOMAIN/gitea/www
|
||||
type github
|
||||
secret $WEBHOOK_SECRET
|
||||
submodule
|
||||
token $GITEA_TOKEN_1
|
||||
path www.$DOMAIN
|
||||
path www
|
||||
branch master
|
||||
}
|
||||
}
|
||||
}
|
||||
blog.$DOMAIN:80 {
|
||||
root * /srv/blog.$DOMAIN/public
|
||||
root * /srv/blog/public
|
||||
file_server
|
||||
route /webhook {
|
||||
webhook {
|
||||
repo https://gitea.$DOMAIN/gitea/blog.$DOMAIN
|
||||
repo https://gitea.$DOMAIN/gitea/blog
|
||||
type github
|
||||
secret $WEBHOOK_SECRET
|
||||
submodule
|
||||
token $GITEA_TOKEN_1
|
||||
path blog.$DOMAIN
|
||||
path blog
|
||||
branch master
|
||||
}
|
||||
}
|
||||
}
|
||||
documentation.$DOMAIN:80 {
|
||||
root * /srv/documentation.$DOMAIN/public
|
||||
root * /srv/documentation/public
|
||||
file_server
|
||||
route /webhook {
|
||||
webhook {
|
||||
repo https://gitea.$DOMAIN/gitea/documentation.$DOMAIN
|
||||
repo https://gitea.$DOMAIN/gitea/documentation
|
||||
type github
|
||||
secret $WEBHOOK_SECRET
|
||||
submodule
|
||||
token $GITEA_TOKEN_1
|
||||
path documentation.$DOMAIN
|
||||
path documentation
|
||||
branch master
|
||||
}
|
||||
}
|
||||
|
@ -96,7 +96,7 @@ start_service_convert() {
|
||||
|
||||
# Keep trying service port to make sure it's up before
|
||||
# we proceed
|
||||
RETRY="30"
|
||||
RETRY="40"
|
||||
while [ $RETRY -gt 0 ]; do
|
||||
bash -c "$COMMAND" &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
|
12
lib/gitea.sh
12
lib/gitea.sh
@ -82,13 +82,13 @@ GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","s
|
||||
int \$4 }' | awk -F\" '{ print \$2 }'\`
|
||||
|
||||
# Create the repository website, blog, and documentation
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}'
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}'
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}'
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www","auto_init":true,"default_branch":"master"}'
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog","auto_init":true,"default_branch":"master"}'
|
||||
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation","auto_init":true,"default_branch":"master"}'
|
||||
|
||||
# Create the webhook inside the www repository
|
||||
curl -X 'POST' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www.$DOMAIN/hooks' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www/hooks' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-H "Authorization: token \$GITEA_TOKEN_2" \
|
||||
@ -107,7 +107,7 @@ curl -X 'POST' \
|
||||
|
||||
# Create the webhook inside the blog repository
|
||||
curl -X 'POST' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog/hooks' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-H "Authorization: token \$GITEA_TOKEN_2" \
|
||||
@ -126,7 +126,7 @@ curl -X 'POST' \
|
||||
|
||||
# Create the webhook inside the documentation repository
|
||||
curl -X 'POST' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \
|
||||
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation/hooks' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-H "Authorization: token \$GITEA_TOKEN_2" \
|
||||
|
@ -101,8 +101,7 @@ EOF
|
||||
chmod 600 /federated/apps/mail/.env
|
||||
|
||||
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
|
||||
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_
|
||||
hostname
|
||||
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
|
||||
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, check_policy_service unix:private/policyd-spf, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
|
||||
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
|
||||
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
|
||||
@ -168,7 +167,7 @@ start_mail() {
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container"
|
||||
|
||||
# Insert the DMARC DNS TXT entry into /federated/apps/dns container
|
||||
# Insert the DMARC DNS TXT entry into /federated/apps/pdns container
|
||||
docker exec -it pdns pdnsutil add-record $DOMAIN _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user