From f9e03ec46fa8e2a67bc4a7a35f195f7044865cdb Mon Sep 17 00:00:00 2001
From: root <root@f11306a1.federatedcomputer.cloud>
Date: Tue, 31 Oct 2023 15:12:31 +0000
Subject: [PATCH] Added MSP and fix for DKIM on convertdomain

---
 bin/convertdomain     |   4 ++
 bin/install-federated |  54 ++++++++++----------
 lib/functions.sh      |  18 ++++++-
 lib/latest-versions   |   2 +
 lib/msp.sh            |  75 +++++++++++++++++++++++++++
 lib/pdns.sh.bak       | 114 ------------------------------------------
 6 files changed, 126 insertions(+), 141 deletions(-)
 create mode 100644 lib/msp.sh
 delete mode 100644 lib/pdns.sh.bak

diff --git a/bin/convertdomain b/bin/convertdomain
index 9d50fba..9ee4f2c 100755
--- a/bin/convertdomain
+++ b/bin/convertdomain
@@ -222,6 +222,10 @@ convert_mail() {
   docker exec pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null
   [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
 
+  # Stop and Start mail to reload DKIM
+  /federated/bin/stop mail &> /dev/null
+  /federated/bin/start mail &> /dev/null
+
   echo -ne "done."
 }
 convert_collabora() {
diff --git a/bin/install-federated b/bin/install-federated
index c60afee..fe8efb8 100755
--- a/bin/install-federated
+++ b/bin/install-federated
@@ -4,6 +4,7 @@
 
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 . /federated/lib/functions.sh
+. /federated/lib/network.sh
 trap cleanup `seq 1 15`
 
 get_config() {
@@ -18,32 +19,32 @@ get_config() {
 #    fi
 #  done
 
-  . /federated/lib/network.sh
-  . /federated/lib/pdnsmysql.sh
-  . /federated/lib/pdns.sh
-  . /federated/lib/pdnsadmin.sh
-  . /federated/lib/traefik.sh
-  . /federated/lib/postgresql.sh
-  . /federated/lib/ldap.sh
-  . /federated/lib/mail.sh
-  . /federated/lib/collabora.sh
-  . /federated/lib/nextcloud.sh
-  . /federated/lib/matrix.sh
-  . /federated/lib/element.sh
-  . /federated/lib/jitsi.sh
-  . /federated/lib/listmonk.sh
-  . /federated/lib/vaultwarden.sh
-  . /federated/lib/panel.sh
-  . /federated/lib/wireguard.sh
-  . /federated/lib/baserow.sh
-  . /federated/lib/gitea.sh
-  . /federated/lib/caddy.sh
-  . /federated/lib/autodiscover.sh
-  . /federated/lib/castopod.sh
-  . /federated/lib/wordpress.sh
-  . /federated/lib/coturn.sh
-  . /federated/lib/bookstack.sh
-  . /federated/lib/freescout.sh
+#  . /federated/lib/pdnsmysql.sh
+#  . /federated/lib/pdns.sh
+#  . /federated/lib/pdnsadmin.sh
+#  . /federated/lib/traefik.sh
+#  . /federated/lib/postgresql.sh
+#  . /federated/lib/ldap.sh
+#  . /federated/lib/mail.sh
+#  . /federated/lib/collabora.sh
+#  . /federated/lib/nextcloud.sh
+#  . /federated/lib/matrix.sh
+#  . /federated/lib/element.sh
+#  . /federated/lib/jitsi.sh
+#  . /federated/lib/listmonk.sh
+#  . /federated/lib/vaultwarden.sh
+#  . /federated/lib/panel.sh
+#  . /federated/lib/wireguard.sh
+#  . /federated/lib/baserow.sh
+#  . /federated/lib/gitea.sh
+#  . /federated/lib/caddy.sh
+#  . /federated/lib/autodiscover.sh
+#  . /federated/lib/castopod.sh
+#  . /federated/lib/wordpress.sh
+#  . /federated/lib/coturn.sh
+#  . /federated/lib/bookstack.sh
+#  . /federated/lib/freescout.sh
+#  . /federated/lib/msp.sh
   
   COUNTRIES=("AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CG" "CD" "CK" "CR" "CI" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GG" "GN" "GW" "GY" "HT" "HM" "VA" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IM" "IL" "IT" "JM" "JP" "JE" "JO" "KZ" "KE" "KI" "KP" "KR" "KR" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LY" "LI" "LT" "LU" "MO" "MK" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "FM" "MD" "MC" "MN" "ME" "MS" "MA" "MZ" "MM" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PS" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RU" "RW" "SH" "KN" "LC" "PM" "VC" "VC" "VC" "WS" "SM" "ST" "SA" "SN" "RS" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "SS" "ES" "LK" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TW" "TJ" "TZ" "TH" "TL" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VE" "VE" "VN" "VN" "VG" "VI" "WF" "EH" "YE" "ZM" "ZW")
 
@@ -98,6 +99,7 @@ config_network
 
 # Configure and start each federated service
 for i in "${SERVICES[@]}"; do
+        . /federated/lib/$i.sh
 	config_$i
 	start_$i
 done
diff --git a/lib/functions.sh b/lib/functions.sh
index 607d619..1f1e447 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -1,7 +1,7 @@
 # Federated Computer functions
 
 # Define all services
-SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout")
+SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp")
 
 fail() {
   echo -ne "FAILED\n\n$1\n\n"
@@ -412,6 +412,14 @@ Here is your applications reference chart with $DOMAIN:
     <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
     <td class="tg-0pky">FreeScout is the super lightweight and powerful free open source help desk</td>
   </tr>
+  <tr>
+    <td class="tg-0pky">Music Side Project</td>
+    <td class="tg-0pky"><a href="https://msp.$DOMAIN" target="_blank" rel="noopener noreferrer"><span style="color:#340096">msp.$DOMAIN</span></a></td>
+    <td class="tg-0pky">admin@$DOMAIN<br>admin password above</td>
+    <td class="tg-0pky">User access is separate from panel</td>
+    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
+    <td class="tg-0pky">Music Side Project Studio enables you to harness the potential of RSS feeds and the Lightning Network, allowing you to self-host your music and receive direct payment from your fans</td>
+  </tr>
 </tbody>
 </table>
 <h4>Thanks for your support!</h4>
@@ -640,6 +648,14 @@ Password = "$LISTMONKPASS"
     <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
     <td class="tg-0pky">FreeScout is the super lightweight and powerful free open source help desk</td>
   </tr>
+  <tr>
+    <td class="tg-0pky">Music Side Project</td>
+    <td class="tg-0pky"><a href="https://msp.$DOMAIN" target="_blank" rel="noopener noreferrer"><span style="color:#340096">msp.$DOMAIN</span></a></td>
+    <td class="tg-0pky">admin@$DOMAIN<br>admin password above</td>
+    <td class="tg-0pky">User access is separate from panel</td>
+    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
+    <td class="tg-0pky">Music Side Project Studio enables you to harness the potential of RSS feeds and the Lightning Network, allowing you to self-host your music and receive direct payment from your fans</td>
+  </tr>
 </tbody>
 </table>
 <br>
diff --git a/lib/latest-versions b/lib/latest-versions
index ccbc4dd..5e8efe9 100644
--- a/lib/latest-versions
+++ b/lib/latest-versions
@@ -22,3 +22,5 @@ castopod=1.6.5
 wordpress=6.2.2
 coturn=4.6.2
 bookstack=23.08.3
+freescout=latest_php8.0
+msp=latest
diff --git a/lib/msp.sh b/lib/msp.sh
new file mode 100644
index 0000000..2ecb71a
--- /dev/null
+++ b/lib/msp.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# MSP Service
+
+PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+config_msp() {
+  echo -ne "\n* Configuring /federated/apps/msp container.."
+  spin &
+  SPINPID=$!
+
+  if [ ! -d "/federated/apps/msp" ]; then
+    mkdir -p /federated/apps/msp/data
+  fi
+
+ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
+TRAEFIK_HTTPAUTH_STRING_MSP=$(echo `htpasswd -nb admin@$DOMAIN $ADMINPASS` | sed -e s/\\$/\\$\\$/g)
+
+cat > /federated/apps/msp/docker-compose.yml <<EOF
+version: '3.7'
+
+services:
+  msp:
+    image: thebells1111/federated-msp:\${IMAGE_VERSION}
+    container_name: msp
+    hostname: msp.$DOMAIN
+    domainname: $DOMAIN
+    restart: always
+    networks:
+      federated:
+        ipv4_address: 172.99.0.38
+    volumes:
+      - ./data/var/docker/msp/credentials:/usr/src/app/msp/credentials
+      - ./data/var/docker/msp/mspDB:/usr/src/app/msp/mspDB
+      - ./data/var/docker/msp/albums:/usr/src/app/msp/public
+    env_file:
+      - ./.env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.msp.rule=Host(\`msp.$DOMAIN\`)"
+      - "traefik.http.routers.msp.service=msp"
+      - "traefik.http.routers.msp.entrypoints=websecure"
+      - "traefik.http.routers.msp.tls.certresolver=letsencrypt"
+      - "traefik.http.services.msp.loadbalancer.server.port=3000"
+      - "traefik.http.routers.msp.middlewares=msp-auth"
+      - "traefik.http.middlewares.msp-auth.basicauth.users=$TRAEFIK_HTTPAUTH_STRING_MSP
+      - "traefik.http.routers.mspnew.rule=Host(\`msp.$DOMAIN\`) && PathPrefix(\`/albums\`)"
+      - "traefik.http.routers.mspnew.entrypoints=websecure"
+      - "traefik.http.routers.mspnew.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.mspnew.service=mspnew"
+      - "traefik.http.services.mspnew.loadbalancer.server.port=3000"
+
+networks:
+  federated:
+    external: true
+EOF
+
+cat > /federated/apps/msp/.env <<EOF
+IMAGE_VERSION="latest"
+EOF
+chmod 600 /federated/apps/msp/.env
+
+kill -9 $SPINPID &> /dev/null
+echo -ne "done."
+}
+start_msp() {
+  # Start service with command to make sure it's up before proceeding
+  start_service "msp" "nc -z 172.99.0.38 3000 &> /dev/null" "7"
+
+  docker exec pdns pdnsutil add-record $DOMAIN msp A 86400 $EXTERNALIP
+  [ $? -ne 0 ] && fail "Couldn't add dns record for msp"
+
+  kill -9 $SPINPID &> /dev/null
+  echo -ne "done."
+}
diff --git a/lib/pdns.sh.bak b/lib/pdns.sh.bak
deleted file mode 100644
index cec6298..0000000
--- a/lib/pdns.sh.bak
+++ /dev/null
@@ -1,114 +0,0 @@
-#!/bin/bash -x
-#
-# PowerDNS DNS Service
-
-PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-config_pdns() {
-  echo -ne "\n* Configuring /federated/apps/pdns container.."
-  spin &
-  SPINPID=$!
-
-  if [ ! -d "/federated/apps/pdns" ]; then
-    mkdir -p /federated/apps/pdns/data/root
-  fi
-
-cat > /federated/apps/pdns/docker-compose.yml <<EOF
-version: '3.7'
-
-services:
-  pdns:
-    image: pschiffe/pdns-mysql:\${IMAGE_VERSION}
-    container_name: pdns
-    hostname: pdns.$DOMAIN
-    domainname: $DOMAIN
-    restart: always
-    networks:
-      federated:
-        ipv4_address: 172.99.0.11
-    ports:
-      - "53:53"
-      - "53:53/udp"
-    env_file:
-      - ./.env
-    volumes:
-      - ./data/root:/root
-
-networks:
-  federated:
-    external: true
-EOF
-
-MYSQL_PASSWORD=`grep MYSQL_PASSWORD /federated/apps/pdnsmysql/.env | awk -F= '{ print $2 }'`
-PDNS_APIKEY=$(create_password);
-PDNS_WEBSERVER_PASSWORD=$(create_password);
-
-cat > /federated/apps/pdns/.env <<EOF
-IMAGE_VERSION="4.7"
-PDNS_gmysql_host=pdnsmysql.$DOMAIN
-PDNS_gmysql_port=3306
-PDNS_gmysql_user=pdns
-PDNS_gmysql_dbname=pdns
-PDNS_gmysql_password=$MYSQL_PASSWORD
-PDNS_master=yes
-PDNS_api=yes
-PDNS_api_key=$PDNS_APIKEY
-PDNSCONF_API_KEY=$PDNS_APIKEY
-PDNS_webserver=yes
-PDNS_webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/24,172.99.0.0/16
-PDNS_webserver_address=0.0.0.0
-PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
-PDNS_version_string=anonymous
-PDNS_default_ttl=1500
-PDNS_allow_notify_from=0.0.0.0
-PDNS_allow_axfr_ips=127.0.0.1
-PDNS_default_soa_content=ns1.@ hostmaster.@ 0 10800 3600 604800 3600
-PDNS_allow_dnsupdate_from=127.0.0.0/8,::1,172.99.0.0/16
-PDNS_dnsupdate=yes
-EOF
-chmod 600 /federated/apps/pdns/.env
-
-cat > /federated/apps/pdns/data/root/createrecords.sh <<EOF
-#!/bin/bash -x
-
-# Create the default domain DNS zone
-curl -X POST --data '{"name":"$DOMAIN.", "kind": "Master", "masters": []}' -v -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones
-
-# Create the MX and SPF TXT record for domain
-curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "MX", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "10 mail.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
-curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "TXT", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "\"v=spf1 mx a:$DOMAIN ~all\"", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
-
-# Create the A records for domain
-for i in ns1 ns2 pdnsadmin powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
-  curl -X PATCH --data "{\"rrsets\": [ {\"name\": \"\$i.$DOMAIN.\", \"type\": \"A\", \"ttl\": 86400, \"changetype\": \"REPLACE\", \"records\": [ {\"content\": \"$EXTERNALIP\", \"disabled\": false } ] } ] }" -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
-done
-
-# TEST
-
-# Create catchall A record for domain
-#curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "A", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "$EXTERNALIP", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
-
-# Create CNAME record for domain to www
-curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "www.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
-
-pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP
-EOF
-chmod +x /federated/apps/pdns/data/root/createrecords.sh
- 
-kill -9 $SPINPID &> /dev/null
-echo -ne "done."
-}
-start_pdns() {
-  # Grab the container IP from docker-compose above
-  SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'`
-
-  # Start service with command to make sure it's up before proceeding
-  start_service "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null"
-
-  # Run createrecords.sh inside baserow container
-  docker exec -it pdns /root/createrecords.sh &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't run createrecords.sh in /federated/apps/pdns container"
-
-  kill -9 $SPINPID &> /dev/null
-  echo -ne "done."
-}