Added MSP and fix for DKIM on convertdomain

2023-10-31 15:12:31 +00:00 · 2023-10-31 15:12:31 +00:00 · f9e03ec46f
commit f9e03ec46f
parent f909c1953d
6 changed files with 126 additions and 141 deletions
--- a/bin/convertdomain
+++ b/bin/convertdomain
@ -222,6 +222,10 @@ convert_mail() {
  docker exec pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
  # Stop and Start mail to reload DKIM
  /federated/bin/stop mail &> /dev/null
  /federated/bin/start mail &> /dev/null
  echo -ne "done."
 }
 convert_collabora() {
--- a/bin/install-federated
+++ b/bin/install-federated
@ -4,6 +4,7 @@
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 . /federated/lib/functions.sh
 . /federated/lib/network.sh
 trap cleanup `seq 1 15`
 get_config() {
@ -18,32 +19,32 @@ get_config() {
 #    fi
 #  done
-  . /federated/lib/network.sh
+#  . /federated/lib/pdnsmysql.sh
-  . /federated/lib/pdnsmysql.sh
+#  . /federated/lib/pdns.sh
-  . /federated/lib/pdns.sh
+#  . /federated/lib/pdnsadmin.sh
-  . /federated/lib/pdnsadmin.sh
+#  . /federated/lib/traefik.sh
-  . /federated/lib/traefik.sh
+#  . /federated/lib/postgresql.sh
-  . /federated/lib/postgresql.sh
+#  . /federated/lib/ldap.sh
-  . /federated/lib/ldap.sh
+#  . /federated/lib/mail.sh
-  . /federated/lib/mail.sh
+#  . /federated/lib/collabora.sh
-  . /federated/lib/collabora.sh
+#  . /federated/lib/nextcloud.sh
-  . /federated/lib/nextcloud.sh
+#  . /federated/lib/matrix.sh
-  . /federated/lib/matrix.sh
+#  . /federated/lib/element.sh
-  . /federated/lib/element.sh
+#  . /federated/lib/jitsi.sh
-  . /federated/lib/jitsi.sh
+#  . /federated/lib/listmonk.sh
-  . /federated/lib/listmonk.sh
+#  . /federated/lib/vaultwarden.sh
-  . /federated/lib/vaultwarden.sh
+#  . /federated/lib/panel.sh
-  . /federated/lib/panel.sh
+#  . /federated/lib/wireguard.sh
-  . /federated/lib/wireguard.sh
+#  . /federated/lib/baserow.sh
-  . /federated/lib/baserow.sh
+#  . /federated/lib/gitea.sh
-  . /federated/lib/gitea.sh
+#  . /federated/lib/caddy.sh
-  . /federated/lib/caddy.sh
+#  . /federated/lib/autodiscover.sh
-  . /federated/lib/autodiscover.sh
+#  . /federated/lib/castopod.sh
-  . /federated/lib/castopod.sh
+#  . /federated/lib/wordpress.sh
-  . /federated/lib/wordpress.sh
+#  . /federated/lib/coturn.sh
-  . /federated/lib/coturn.sh
+#  . /federated/lib/bookstack.sh
-  . /federated/lib/bookstack.sh
+#  . /federated/lib/freescout.sh
-  . /federated/lib/freescout.sh
+#  . /federated/lib/msp.sh
  COUNTRIES=("AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CG" "CD" "CK" "CR" "CI" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GG" "GN" "GW" "GY" "HT" "HM" "VA" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IM" "IL" "IT" "JM" "JP" "JE" "JO" "KZ" "KE" "KI" "KP" "KR" "KR" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LY" "LI" "LT" "LU" "MO" "MK" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "FM" "MD" "MC" "MN" "ME" "MS" "MA" "MZ" "MM" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PS" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RU" "RW" "SH" "KN" "LC" "PM" "VC" "VC" "VC" "WS" "SM" "ST" "SA" "SN" "RS" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "SS" "ES" "LK" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TW" "TJ" "TZ" "TH" "TL" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VE" "VE" "VN" "VN" "VG" "VI" "WF" "EH" "YE" "ZM" "ZW")
@ -98,6 +99,7 @@ config_network
 # Configure and start each federated service
 for i in "${SERVICES[@]}"; do
        . /federated/lib/$i.sh
 	config_$i
 	start_$i
 done
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -1,7 +1,7 @@
 # Federated Computer functions
 # Define all services
-SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout")
+SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp")
 fail() {
  echo -ne "FAILED\n\n$1\n\n"
@ -412,6 +412,14 @@ Here is your applications reference chart with $DOMAIN:
    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
    <td class="tg-0pky">FreeScout is the super lightweight and powerful free open source help desk</td>
  </tr>
  <tr>
    <td class="tg-0pky">Music Side Project</td>
    <td class="tg-0pky"><a href="https://msp.$DOMAIN" target="_blank" rel="noopener noreferrer"><span style="color:#340096">msp.$DOMAIN</span></a></td>
    <td class="tg-0pky">admin@$DOMAIN<br>admin password above</td>
    <td class="tg-0pky">User access is separate from panel</td>
    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
    <td class="tg-0pky">Music Side Project Studio enables you to harness the potential of RSS feeds and the Lightning Network, allowing you to self-host your music and receive direct payment from your fans</td>
  </tr>
 </tbody>
 </table>
 <h4>Thanks for your support!</h4>
@ -640,6 +648,14 @@ Password = "$LISTMONKPASS"
    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
    <td class="tg-0pky">FreeScout is the super lightweight and powerful free open source help desk</td>
  </tr>
  <tr>
    <td class="tg-0pky">Music Side Project</td>
    <td class="tg-0pky"><a href="https://msp.$DOMAIN" target="_blank" rel="noopener noreferrer"><span style="color:#340096">msp.$DOMAIN</span></a></td>
    <td class="tg-0pky">admin@$DOMAIN<br>admin password above</td>
    <td class="tg-0pky">User access is separate from panel</td>
    <td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
    <td class="tg-0pky">Music Side Project Studio enables you to harness the potential of RSS feeds and the Lightning Network, allowing you to self-host your music and receive direct payment from your fans</td>
  </tr>
 </tbody>
 </table>
 <br>
--- a/lib/latest-versions
+++ b/lib/latest-versions
@ -22,3 +22,5 @@ castopod=1.6.5
 wordpress=6.2.2
 coturn=4.6.2
 bookstack=23.08.3
 freescout=latest_php8.0
 msp=latest
--- a/lib/msp.sh
+++ b/lib/msp.sh
@ -0,0 +1,75 @@
 #!/bin/bash
 #
 # MSP Service
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 config_msp() {
  echo -ne "\n* Configuring /federated/apps/msp container.."
  spin &
  SPINPID=$!
  if [ ! -d "/federated/apps/msp" ]; then
    mkdir -p /federated/apps/msp/data
  fi
 ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
 TRAEFIK_HTTPAUTH_STRING_MSP=$(echo `htpasswd -nb admin@$DOMAIN $ADMINPASS` | sed -e s/\\$/\\$\\$/g)
 cat > /federated/apps/msp/docker-compose.yml <<EOF
 version: '3.7'
 services:
  msp:
    image: thebells1111/federated-msp:\${IMAGE_VERSION}
    container_name: msp
    hostname: msp.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      federated:
        ipv4_address: 172.99.0.38
    volumes:
      - ./data/var/docker/msp/credentials:/usr/src/app/msp/credentials
      - ./data/var/docker/msp/mspDB:/usr/src/app/msp/mspDB
      - ./data/var/docker/msp/albums:/usr/src/app/msp/public
    env_file:
      - ./.env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.msp.rule=Host(\`msp.$DOMAIN\`)"
      - "traefik.http.routers.msp.service=msp"
      - "traefik.http.routers.msp.entrypoints=websecure"
      - "traefik.http.routers.msp.tls.certresolver=letsencrypt"
      - "traefik.http.services.msp.loadbalancer.server.port=3000"
      - "traefik.http.routers.msp.middlewares=msp-auth"
      - "traefik.http.middlewares.msp-auth.basicauth.users=$TRAEFIK_HTTPAUTH_STRING_MSP
      - "traefik.http.routers.mspnew.rule=Host(\`msp.$DOMAIN\`) && PathPrefix(\`/albums\`)"
      - "traefik.http.routers.mspnew.entrypoints=websecure"
      - "traefik.http.routers.mspnew.tls.certresolver=letsencrypt"
      - "traefik.http.routers.mspnew.service=mspnew"
      - "traefik.http.services.mspnew.loadbalancer.server.port=3000"
 networks:
  federated:
    external: true
 EOF
 cat > /federated/apps/msp/.env <<EOF
 IMAGE_VERSION="latest"
 EOF
 chmod 600 /federated/apps/msp/.env
 kill -9 $SPINPID &> /dev/null
 echo -ne "done."
 }
 start_msp() {
  # Start service with command to make sure it's up before proceeding
  start_service "msp" "nc -z 172.99.0.38 3000 &> /dev/null" "7"
  docker exec pdns pdnsutil add-record $DOMAIN msp A 86400 $EXTERNALIP
  [ $? -ne 0 ] && fail "Couldn't add dns record for msp"
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
 }
--- a/lib/pdns.sh.bak
+++ b/lib/pdns.sh.bak
@ -1,114 +0,0 @@
 #!/bin/bash -x
 #
 # PowerDNS DNS Service
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 config_pdns() {
  echo -ne "\n* Configuring /federated/apps/pdns container.."
  spin &
  SPINPID=$!
  if [ ! -d "/federated/apps/pdns" ]; then
    mkdir -p /federated/apps/pdns/data/root
  fi
 cat > /federated/apps/pdns/docker-compose.yml <<EOF
 version: '3.7'
 services:
  pdns:
    image: pschiffe/pdns-mysql:\${IMAGE_VERSION}
    container_name: pdns
    hostname: pdns.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      federated:
        ipv4_address: 172.99.0.11
    ports:
      - "53:53"
      - "53:53/udp"
    env_file:
      - ./.env
    volumes:
      - ./data/root:/root
 networks:
  federated:
    external: true
 EOF
 MYSQL_PASSWORD=`grep MYSQL_PASSWORD /federated/apps/pdnsmysql/.env | awk -F= '{ print $2 }'`
 PDNS_APIKEY=$(create_password);
 PDNS_WEBSERVER_PASSWORD=$(create_password);
 cat > /federated/apps/pdns/.env <<EOF
 IMAGE_VERSION="4.7"
 PDNS_gmysql_host=pdnsmysql.$DOMAIN
 PDNS_gmysql_port=3306
 PDNS_gmysql_user=pdns
 PDNS_gmysql_dbname=pdns
 PDNS_gmysql_password=$MYSQL_PASSWORD
 PDNS_master=yes
 PDNS_api=yes
 PDNS_api_key=$PDNS_APIKEY
 PDNSCONF_API_KEY=$PDNS_APIKEY
 PDNS_webserver=yes
 PDNS_webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/24,172.99.0.0/16
 PDNS_webserver_address=0.0.0.0
 PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
 PDNS_version_string=anonymous
 PDNS_default_ttl=1500
 PDNS_allow_notify_from=0.0.0.0
 PDNS_allow_axfr_ips=127.0.0.1
 PDNS_default_soa_content=ns1.@ hostmaster.@ 0 10800 3600 604800 3600
 PDNS_allow_dnsupdate_from=127.0.0.0/8,::1,172.99.0.0/16
 PDNS_dnsupdate=yes
 EOF
 chmod 600 /federated/apps/pdns/.env
 cat > /federated/apps/pdns/data/root/createrecords.sh <<EOF
 #!/bin/bash -x
 # Create the default domain DNS zone
 curl -X POST --data '{"name":"$DOMAIN.", "kind": "Master", "masters": []}' -v -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones
 # Create the MX and SPF TXT record for domain
 curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "MX", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "10 mail.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
 curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "TXT", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "\"v=spf1 mx a:$DOMAIN ~all\"", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
 # Create the A records for domain
 for i in ns1 ns2 pdnsadmin powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
  curl -X PATCH --data "{\"rrsets\": [ {\"name\": \"\$i.$DOMAIN.\", \"type\": \"A\", \"ttl\": 86400, \"changetype\": \"REPLACE\", \"records\": [ {\"content\": \"$EXTERNALIP\", \"disabled\": false } ] } ] }" -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
 done
 # TEST
 # Create catchall A record for domain
 #curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "A", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "$EXTERNALIP", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
 # Create CNAME record for domain to www
 curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "www.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
 pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP
 EOF
 chmod +x /federated/apps/pdns/data/root/createrecords.sh
 kill -9 $SPINPID &> /dev/null
 echo -ne "done."
 }
 start_pdns() {
  # Grab the container IP from docker-compose above
  SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'`
  # Start service with command to make sure it's up before proceeding
  start_service "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null"
  # Run createrecords.sh inside baserow container
  docker exec -it pdns /root/createrecords.sh &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run createrecords.sh in /federated/apps/pdns container"
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
 }