diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a362f90 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +bin/.adminpass +bin/.b2init +bin/.gpg.backblaze +logs/ +certs/ +apps/ diff --git a/bin/.b2init b/bin/.b2init deleted file mode 100644 index 46ba1a4..0000000 --- a/bin/.b2init +++ /dev/null @@ -1 +0,0 @@ -9585ba84-ef8a-11ed-9363-431dba4e45bd diff --git a/bin/.env b/bin/.env index ea24940..4f91d8a 100644 --- a/bin/.env +++ b/bin/.env @@ -7,9 +7,6 @@ COMPANY="Fang Free Inc" # Country Code (US, HK, GB, JP, etc) COUNTRY="US" -# Administrator password -ADMINPASS="password123" - # Backblaze KeyID (Master Key) for backups B2_APPLICATION_KEY_ID="3239c6765fdc" diff --git a/bin/.gpg.backblaze b/bin/.gpg.backblaze deleted file mode 100644 index c872550..0000000 --- a/bin/.gpg.backblaze +++ /dev/null @@ -1 +0,0 @@ -rDGL27yH6YlIa73MyQpcR38jMyrtOTe5 diff --git a/bin/convertdomain b/bin/convertdomain new file mode 100755 index 0000000..c79df66 --- /dev/null +++ b/bin/convertdomain @@ -0,0 +1,474 @@ +#!/bin/bash -x +# +# Federated Convert Domain +# +# Converts Federated Core services +# From: customer.federatedcomputer.cloud +# To: domain.com + +. /federated/lib/functions.sh +. /federated/bin/.env + +check_gluerecords() { + echo -ne "\n* Checking glue records for $DOMAIN_NEW.." + + NS_PARENT="$(dig +short NS "$DOMAIN_LAST." | head -n 1)" + CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW" + + CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW" + + CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP" + + CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP" + + echo -ne "done." +} +do_serviceprep() { + # Create DNS records for newdomain + docker exec -it pdns pdnsutil create-zone $DOMAIN_NEW + docker exec -it pdns pdnsutil set-kind $DOMAIN_NEW native + docker exec -it pdns pdnsutil set-meta $DOMAIN_NEW SOA-EDIT-API DEFAULT + + for i in ns1 ns2 powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW $i A 86400 $EXTERNALIP + done + + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns1.$DOMAIN_NEW + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns2.$DOMAIN_NEW + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ MX 86400 "10 mail.$DOMAIN_NEW" + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ TXT 86400 "\"v=spf1 mx a:$DOMAIN_NEW ~all\"" + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW \* CNAME 86400 www.$DOMAIN_NEW + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ A 86400 $EXTERNALIP + + # Other pre-prep service stuff + docker exec -it -u 33 nextcloud /var/www/html/occ -vv ldap:delete-config s01 + docker exec -it -u 33 nextcloud /var/www/html/occ app:disable user_ldap + docker exec -it ldap bash -c "slapcat > /root/convertdomain.ldif" + + # Remove first lines of ldap config, replace dc= with new domain, replace domain name + sed -n '/^dn: ou=people,dc=federatedcomputer,dc=cloud$/,$p' /federated/apps/ldap/data/root/convertdomain.ldif > /federated/apps/ldap/data/root/convertdomain1.ldif + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/data/root/convertdomain1.ldif +} +convert_powerdns() { + #### Convert PowerDNS pdnsmysql + echo -ne "\n* Converting pdnsmysql.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsmysql/docker-compose.yml + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/pdnsmysql/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "pdnsmysql" "nc -z ${SERVICE_IP} 3306 &> /dev/null" + + echo -ne "done." + + #### Convert PowerDNS pdns + echo -ne "\n* Converting pdns.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/.env + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null" + + echo -ne "done." + + #### Convert PowerDNS pdnsadmin + echo -ne "\n* Converting pdnsadmin.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/.env + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/pdnsadmin/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null" + + echo -ne "done." +} +convert_traefik() { + #### Convert Traefik + echo -ne "\n* Converting traefik. Waiting 60s first for dns.." + sleep 60 + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/.env + rm -rf /federated/apps/traefik/data/letsencrypt/acme.json + + # Start Traefik + docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null + + # Keep trying to see that certificates are generated + RETRY="20" + while [ $RETRY -gt 0 ]; do + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null + + # Check if certs are generated + ls /federated/certs/private/$DOMAIN_NEW.key /federated/certs/certs/$DOMAIN_NEW.crt &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null + failcheck "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik'" + fi + ((RETRY--)) + sleep 9 + fi + done + + echo -ne "done." +} +convert_postgresql() { + #### Convert Postgresql + echo -ne "\n* Converting postgresql.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt + cp /federated/certs/private/$DOMAIN_NEW.key /federated/apps/postgresql/data/var/lib/postgresql/server.key + chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null" + + echo -ne "done." +} +convert_ldap() { + #### Convert LDAP + echo -ne "\n* Converting ldap.." + + # Remove LDAP files so we can start clean + rm -rf /federated/apps/ldap/data/var/lib/ldap/* + rm -rf /federated/apps/ldap/data/etc/ldap/slapd.d/* + rm -rf /federated/apps/ldap/data/root/.ldaprc + rm -rf /federated/apps/ldap/data/certs/dhparam.pem + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/.env + sed -i "s#LDAP_DOMAIN=.*#LDAP_DOMAIN=$DOMAIN_NEW#g" /federated/apps/ldap/.env + sed -i "s#LDAP_ORGANISATION=.*#LDAP_ORGANISATION=$ORG_NEW#g" /federated/apps/ldap/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/ldap/data/certs/ + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/ldap/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "ldap" "nc -z $SERVICE_IP 636 &> /dev/null" + + # This imports the modified LDAP configuration above + docker exec -it ldap bash -c "slapadd -v -l /root/convertdomain1.ldif" &> /dev/null + [ $? -ne 0 ] && failcheck "Couldn't slapadd convertdomain1.ldif inside ldap container" + + echo -ne "done." +} +convert_mail() { + #### Convert Mail + echo -ne "\n* Converting mail.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/mail/data/root/certs/ + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "mail" "nc -z $SERVICE_IP 25 &> /dev/null" + + # Generate the DKIM DNS key for new domain + docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN_NEW &> /dev/null + [ $? -ne 0 ] && fail "Couldn't generate DKIM record" + + # Insert the DKIM DNS TXT entry into /federated/apps/pdns container + DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN_NEW/mail.txt | sed 's/.*(//'` + DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'` + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container" + + # Insert the DMARC DNS TXT entry into /federated/apps/pdns container + docker exec -it pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container" + + echo -ne "done." +} +convert_collabora() { + #### Convert Collabora + echo -ne "\n* Converting collabora.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/collabora/data/root/certs/ + chown 104 /federated/apps/collabora/data/root/certs/* + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/collabora/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "collabora" "nc -z $SERVICE_IP 9980 &> /dev/null" + + echo -ne "done." +} +convert_nextcloud() { + #### Convert Nextcloud + echo -ne "\n* Converting nextcloud.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config.sh + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/configs.json + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/nextcloud/data/var/www/html/config.sh + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null" + + docker exec -it -u 33 nextcloud /var/www/html/config.sh + + echo -ne "done." +} +convert_matrix() { + #### Convert Matrix + echo -ne "\n* Converting matrix.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/.env + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i "s#server_name: \"matrix.$DOMAIN\"#server_name: \"matrix.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i "s#postgresql.$DOMAIN#postgresql.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i "s#ldap.$DOMAIN#ldap.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i "s#$DOMAIN.crt#$DOMAIN_NEW.crt#g" /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i "s#$DOMAIN.key#$DOMAIN_NEW.key#g" /federated/apps/matrix/data/matrix/homeserver.yaml + + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/matrix/data/matrix/ + chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN_NEW.crt /federated/apps/matrix/data/matrix/$DOMAIN_NEW.key + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/matrix/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "matrix" "nc -z $SERVICE_IP 8008 &> /dev/null" + + echo -ne "done." +} +convert_element() { + #### Convert Element + echo -ne "\n* Converting element.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/data/element/element-config.json + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/element/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "element" "nc -z $SERVICE_IP 80 &> /dev/null" + + echo -ne "done." +} +convert_listmonk() { + #### Convert Listmonk + echo -ne "\n* Converting listmonk.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/data/listmonk/config.toml + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "listmonk" "nc -z $SERVICE_IP 9000 &> /dev/null" + + echo -ne "done." +} +convert_vaultwarden() { + #### Convert Vaultwarden + echo -ne "\n* Converting vaultwarden.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/.env + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/vaultwarden/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "vaultwarden" "nc -z $SERVICE_IP 80 &> /dev/null" + + echo -ne "done." +} +convert_panel() { + #### Convert Panel + echo -ne "\n* Converting panel.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/.env + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env + sed -i "s#SITE_NAME=.*#SITE_NAME=$ORG_NEW Panel#g" /federated/apps/panel/.env + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/panel/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "panel" "nc -z $SERVICE_IP 80 &> /dev/null" + + echo -ne "done." +} +convert_wireguard() { + #### Convert Wireguard + echo -ne "\n* Converting wireguard.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/.donoteditthisfile + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/peer1/peer1.conf + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/wireguard/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "wireguard" "nc -uvz $SERVICE_IP 51820 &> /dev/null" + + echo -ne "done." +} +convert_jitsi() { + #### Convert Jitsi + echo -ne "\n* Converting jitsi.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/.env + sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env + + start_service_convert "jitsi" "nc -z 172.99.0.25 443 &> /dev/null" + + echo -ne "done." +} +convert_baserow() { + #### Convert Baserow + echo -ne "\n* Converting baserow.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/.env + docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set username='admin@$DOMAIN_NEW' where username='admin@$DOMAIN'\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow" + + docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set email='admin@$DOMAIN_NEW' where email='admin@$DOMAIN'\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow" + + start_service_convert "baserow" "docker exec -it baserow curl http://localhost:8000 &> /dev/null" + + echo -ne "done." +} +convert_gitea() { + #### Convert Gitea + echo -ne "\n* Converting gitea.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/data/data/gitea/conf/app.ini + + # Replace users in Gitea postgres database with new domain name + for i in `docker exec -it postgresql bash -c "psql -U gitea -t -c 'select * from email_address;'" | grep $DOMAIN | awk -F\@ '{ print $1 }' | awk '{ print $5 }'`; do + USER="$i"; + docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set email='$USER@$DOMAIN_NEW' where email='$USER@$DOMAIN'\"" + docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set lower_email='$USER@$DOMAIN_NEW' where lower_email='$USER@$DOMAIN'\"" + done + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null" + + # Delete tne current admin and create the admin user with new domain name + docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1" + docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW + + echo -ne "done." +} +convert_caddy() { + #### Convert Caddy + echo -ne "\n* Converting caddy.." + + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/data/etc/caddy/Caddyfile + + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/caddy/docker-compose.yml | awk '{ print $2 }'` + + # Start service with command to make sure it's up before proceeding + start_service_convert "caddy" "nc -z $SERVICE_IP 80 &> /dev/null" + + echo -ne "done." +} +usage() { + echo "$0: " + exit 2 +} + +[ $# != 2 ] && usage +DOMAIN_NEW=$1 +ORG_NEW=$2 + +# Check if DNS works +EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null` +[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working" + +# Setup DOMAIN variable for domain or subdomain +DOMAIN_ARRAY=(${DOMAIN_NEW//./ }) +if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} +elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]} + DOMAIN_LAST=${DOMAIN_ARRAY[2]} +else + failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com" +fi +ADMINPASS=`cat /federated/bin/.adminpass | head -1` + +echo -ne "\n\nConverting Federated Core $DOMAIN to $DOMAIN_NEW.\n\n" + +check_gluerecords +do_serviceprep + +# Stop all services +/federated/bin/stop all &> /dev/null + +convert_powerdns +convert_traefik +convert_postgresql +convert_ldap +convert_mail +convert_collabora +convert_nextcloud +convert_matrix +convert_element +convert_listmonk +convert_vaultwarden +convert_panel +convert_wireguard +convert_jitsi +convert_baserow +convert_gitea +convert_caddy diff --git a/bin/dumpcerts b/bin/dumpcerts index bc6c825..4fbaa56 100755 --- a/bin/dumpcerts +++ b/bin/dumpcerts @@ -6,6 +6,8 @@ if ! command -v traefik-certs-dumper &> /dev/null; then failcheck "FAILED - traefik-certs-dumper tool not installed" fi +. /federated/bin/.env + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null # Install into PostgreSQL container diff --git a/bin/gluerecords.sh b/bin/gluerecords.sh new file mode 100755 index 0000000..5431766 --- /dev/null +++ b/bin/gluerecords.sh @@ -0,0 +1,39 @@ +#!/bin/bash -x + +. /federated/lib/functions.sh + +check_gluerecords() { + echo -ne "\n* Checking glue records for $DOMAIN_NEW.." + # Setup DOMAIN variable for domain or subdomain + DOMAIN_ARRAY=(${DOMAIN_NEW//./ }) + if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} + elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]} + DOMAIN_LAST=${DOMAIN_ARRAY[2]} + else + failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com" + fi + + NS_PARENT="$(dig +short NS "$DOMAIN_LAST." | head -n 1)" + CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW" + + CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW" + + CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP" + + CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP" + + echo -ne "done." +} + +DOMAIN_NEW="customer5.fangfree.com" +EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null` +[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working" +check_gluerecords diff --git a/bin/install-federated b/bin/install-federated index 0c81244..75755cd 100755 --- a/bin/install-federated +++ b/bin/install-federated @@ -102,7 +102,7 @@ for i in "${SERVICES[@]}"; do done # Add cron jobs for backup, upgrade, dumpcerts -add_cron +#add_cron # Print out federated environment details echo -ne "\n\n" diff --git a/lib/caddy.sh b/lib/caddy.sh index 1f939b2..2e7fc2a 100644 --- a/lib/caddy.sh +++ b/lib/caddy.sh @@ -54,50 +54,50 @@ chmod 600 /federated/apps/caddy/.env cat > /federated/apps/caddy/data/etc/caddy/Caddyfile < /dev/null if [ $? -eq 0 ]; then diff --git a/lib/gitea.sh b/lib/gitea.sh index 3e89f2d..e77ecea 100644 --- a/lib/gitea.sh +++ b/lib/gitea.sh @@ -82,13 +82,13 @@ GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","s int \$4 }' | awk -F\" '{ print \$2 }'\` # Create the repository website, blog, and documentation -curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}' -curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}' -curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation","auto_init":true,"default_branch":"master"}' # Create the webhook inside the www repository curl -X 'POST' \ - 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www.$DOMAIN/hooks' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www/hooks' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H "Authorization: token \$GITEA_TOKEN_2" \ @@ -107,7 +107,7 @@ curl -X 'POST' \ # Create the webhook inside the blog repository curl -X 'POST' \ - 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog/hooks' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H "Authorization: token \$GITEA_TOKEN_2" \ @@ -126,7 +126,7 @@ curl -X 'POST' \ # Create the webhook inside the documentation repository curl -X 'POST' \ - 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation/hooks' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H "Authorization: token \$GITEA_TOKEN_2" \ diff --git a/lib/mail.sh b/lib/mail.sh index 46d09fd..7438869 100644 --- a/lib/mail.sh +++ b/lib/mail.sh @@ -101,8 +101,7 @@ EOF chmod 600 /federated/apps/mail/.env cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' -smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_ -hostname +smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, check_policy_service unix:private/policyd-spf, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname @@ -168,7 +167,7 @@ start_mail() { docker exec -it pdns pdnsutil add-record $DOMAIN mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null [ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container" - # Insert the DMARC DNS TXT entry into /federated/apps/dns container + # Insert the DMARC DNS TXT entry into /federated/apps/pdns container docker exec -it pdns pdnsutil add-record $DOMAIN _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" &> /dev/null [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"