#!/bin/bash
#
# Discourse Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /etc/federated
get_appvars
config_discourse() {
echo -ne "* Configuring discourse container.."
[[ ! -d "/federated/apps/redis" ]] && failcheck "Redis needs installed first. Run installapp redis"
if [ ! -d "/federated/apps/discourse" ]; then
mkdir -p /federated/apps/discourse/data/discourse/bitnami/discourse
mkdir -p /federated/apps/discourse/data/sidekiq/bitnami/discourse
mkdir -p /federated/apps/discourse/data/discourse/log
touch /federated/apps/discourse/data/discourse/log/.gitkeep
fi
chown lxd /federated/apps/discourse/data/discourse/log
chmod 775 /federated/apps/discourse/data/discourse/log
chown lxd:root /federated/apps/discourse/data/discourse/log/.gitkeep
chmod 664 /federated/apps/discourse/data/discourse/log/.gitkeep
cat > /federated/apps/discourse/docker-compose.yml <<EOF
services:
discourse:
image: docker.io/bitnami/discourse:\${IMAGE_VERSION}
container_name: discourse
hostname: discourse.$DOMAIN
restart: always
extra_hosts:
- "authelia.$DOMAIN:5.161.240.73"
networks:
core:
ipv4_address: 192.168.0.43
env_file:
- ./.env
volumes:
- ./data/discourse/bitnami/discourse:/bitnami/discourse
- ./data/discourse/log:/opt/bitnami/discourse/log
labels:
- "traefik.enable=true"
- "traefik.http.routers.discourse.rule=Host(\`discourse.$DOMAIN\`, \`forum.$DOMAIN\`)"
- "traefik.http.routers.discourse.entrypoints=websecure"
- "traefik.http.routers.discourse.tls.certresolver=letsencrypt"
logging:
driver: "json-file"
options:
max-size: "50m" # Maximum size of the log file
max-file: "1" # Keep only one log file
sidekiq:
image: docker.io/bitnami/discourse:\${IMAGE_VERSION}
container_name: discoursesidekiq
hostname: discoursesidekiq.$DOMAIN
restart: always
extra_hosts:
- "authelia.$DOMAIN:5.161.240.73"
networks:
core:
ipv4_address: 192.168.0.44
env_file:
- ./.env
depends_on:
- discourse
volumes:
- ./data/sidekiq/bitnami/discourse:/bitnami/discourse
command: /opt/bitnami/scripts/discourse-sidekiq/run.sh
networks:
core:
external: true
EOF
DISCOURSE_SECRET=$(create_password);
REDIS_SECRET=$(awk -F= '/REDIS_PASSWORD/ { print $2 }' /federated/apps/redis/.env)
[[ "${PLUS}" = "true" ]] && sed -i "s/letsencrypt/httpresolver/g" /federated/apps/discourse/docker-compose.yml
[[ -z "${ADMINPASS}" ]] && ADMINPASS=$(create_password)
cat > /etc/logrotate.d/federated <<EOF
/federated/apps/discourse/data/discourse/log/production.log
{
daily
rotate 31
compress
delaycompress
missingok
notifempty
copytruncate
}
EOF
cat > /federated/apps/discourse/.env <<EOF
IMAGE_VERSION="$(current_version discourse)"
DISCOURSE_HOST=discourse.$DOMAIN
DISCOURSE_USERNAME=admin
DISCOURSE_PASSWORD=$ADMINPASS
DISCOURSE_EMAIL=admin@$DOMAIN
DISCOURSE_SITE_NAME="$COMPANY Forum"
DISCOURSE_DATABASE_HOST=postgresql.$DOMAIN
DISCOURSE_DATABASE_PORT_NUMBER=5432
DISCOURSE_DATABASE_USER=discourse
DISCOURSE_DATABASE_NAME=discourse
DISCOURSE_DATABASE_PASSWORD=$DISCOURSE_SECRET
DISCOURSE_REDIS_HOST=redis.$DOMAIN
DISCOURSE_REDIS_PORT_NUMBER=6379
DISCOURSE_REDIS_PASSWORD=$REDIS_SECRET
DISCOURSE_SMTP_HOST=mail.$DOMAIN
DISCOURSE_SMTP_PORT=587
DISCOURSE_SMTP_USER=fcore
DISCOURSE_SMTP_PASSWORD=$ADMINPASS
DISCOURSE_SMTP_PROTOCOL=tls
BITNAMI_DEBUG=true
DISCOURSE_HOSTNAME=forum.$DOMAIN
DISCOURSE_SMTP_ADDRESS=mail.$DOMAIN
DISCOURSE_SMTP_USER_NAME=fcore
DISCOURSE_SMTP_ENABLE_START_TLS=true
RAILS_ENV=production
DISCOURSE_DB_HOST=postgresql.$DOMAIN
DISCOURSE_DB_PORT=5432
DISCOURSE_DB_USERNAME=discourse
DISCOURSE_DB_PASSWORD=$DISCOURSE_SECRET
DISCOURSE_DB_NAME=discourse
DISCOURSE_REDIS_PORT=6379
DISCOURSE_PASSENGER_EXTRA_FLAGS="--max-request-queue-size 1500 --min-instances 25 --max-pool-size 150 --pool-idle-time 800"
DISCOURSE_ASSET_RATE_LIMITERS=limiter60
DISCOURSE_RATE_LIMITERS=limiter60
DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS=192.168.0.13
EOF
chmod 600 /federated/apps/discourse/.env
# Tune discourse for each memory size
MEMTOTAL=$(awk '/MemTotal/ {printf( "%d\n", $2 / 1024 )}' /proc/meminfo)
[[ "${MEMTOTAL}" = "3815" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 100 --min-instances 3 --max-pool-size 15 --pool-idle-time 400\"/g" /federated/apps/discourse/.env
[[ "${MEMTOTAL}" = "7747" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 200 --min-instances 5 --max-pool-size 25 --pool-idle-time 500\"/g" /federated/apps/discourse/.env
[[ "${MEMTOTAL}" = "15610" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 400 --min-instances 10 --max-pool-size 50 --pool-idle-time 600\"/g" /federated/apps/discourse/.env
[[ "${MEMTOTAL}" = "31334" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 750 --min-instances 15 --max-pool-size 75 --pool-idle-time 700\"/g" /federated/apps/discourse/.env
[[ "${MEMTOTAL}" = "62786" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 1500 --min-instances 25 --max-pool-size 150 --pool-idle-time 800\"/g" /federated/apps/discourse/.env
# Create database and user in postgresql
docker exec postgresql psql -U postgres -c "CREATE USER discourse WITH PASSWORD '$DISCOURSE_SECRET'" &> /dev/null
docker exec postgresql psql -U postgres -c "CREATE DATABASE discourse" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE discourse TO discourse" &> /dev/null
echo -ne "done.\n"
}
start_discourse() {
# Start service with command to make sure it's up before proceeding
start_service "discourse" "nc -z 192.168.0.43 3000 &> /dev/null" "70"
docker exec postgresql psql -U discourse -c "update users set username='admin@$DOMAIN' where username='admin';" &> /dev/null
docker exec postgresql psql -U discourse -c "update users set username_lower='admin@$DOMAIN' where username_lower='admin';" &> /dev/null
docker exec postgresql psql -U discourse -c "update site_settings set value='discourse@$DOMAIN' where name='notification_email';" &> /dev/null
if [[ "${PLUS}" != "true" ]]; then
docker exec pdns pdnsutil add-record $DOMAIN discourse A 86400 $EXTERNALIP &> /dev/null
docker exec pdns pdnsutil add-record $DOMAIN forum A 86400 $EXTERNALIP &> /dev/null
fi
echo -ne "done.\n"
}
email_discourse() {
echo -ne "* Sending email to customer.."
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>Discourse is now installed on $DOMAIN</h4>
<p>
Here is your applications chart on how to access this service:<br>
<p>
<h4>Applications</h4>
<style type="text/css">
.tg {border-collapse:collapse;border-spacing:0;}
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
overflow:hidden;padding:10px 5px;word-break:normal;}
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
</style>
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
<colgroup>
<col style="width: 101.333333px">
<col style="width: 203.333333px">
<col style="width: 282.333333px">
<col style="width: 185.33333px">
<col style="width: 78.333333px">
<col style="width: 220.333333px">
</colgroup>
<thead>
<tr>
<th class="tg-0hty">Service</th>
<th class="tg-0hty">Link</th>
<th class="tg-0hty">User / Pass</th>
<th class="tg-0hty">Access</th>
<th class="tg-0hty">Docs</th>
<th class="tg-0hty">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-0pky">Discourse</td>
<td class="tg-0pky"><a href="https://discourse.$DOMAIN/login" target="_blank" rel="noopener noreferrer"><span style="color:#340096">discourse.$DOMAIN</span></a></td>
<td class="tg-0pky">admin@$DOMAIN<br>$ADMINPASS</td>
<td class="tg-0pky">User access is separate from panel</td>
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
<td class="tg-0pky">Discourse is a simple, open-source, self-hosted, easy-to-use platform (Wiki) for organising and storing information</td>
</tr>
</tbody>
</table>
<h4>Thanks for your support!</h4>
<p>
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
time with Federated Core.
<p>
Again, if we can be of any assistance, please don't hesitate to get in touch.
<p>
Support: https://support.federated.computer<br>
Phone: (970) 722-8715<br>
Email: support@federated.computer<br>
<p>
It's <b>your</b> computer. Let's make it work for you!
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
echo -ne "done.\n"
}
uninstall_discourse() {
echo -ne "* Uninstalling discourse container.."
# First stop the service
cd /federated/apps/discourse && docker compose -f docker-compose.yml -p discourse down &> /dev/null
# Delete database and user in postgresql
docker exec postgresql psql -U postgres -c "DROP DATABASE discourse" &> /dev/null
docker exec postgresql psql -U postgres -c "DROP USER discourse" &> /dev/null
# Delete the app directory
rm -rf /federated/apps/discourse
if [[ "${PLUS}" != "true" ]]; then
docker exec pdns pdnsutil delete-rrset $DOMAIN discourse A &> /dev/null
docker exec pdns pdnsutil delete-rrset $DOMAIN forum A &> /dev/null
fi
echo -ne "done.\n"
}
configsso_discourse() {
if [[ "${PLUS}" != "true" ]]; then
echo -ne "* Configuring discourse container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Discourse" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Discourse configuration."
DISCOURSE_CLIENT_SECRET=$(create_password);
DISCOURSE_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $DISCOURSE_CLIENT_SECRET | awk '{ print $2 }')
echo "$DISCOURSE_CLIENT_SECRET" > /federated/apps/discourse/.discourse.client.secret
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
### Discourse
- client_id: 'discourse'
client_name: 'Discourse'
client_secret: $DISCOURSE_CLIENT_SECRET_HASH
consent_mode: 'implicit'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://discourse.$DOMAIN/auth/oidc/callback'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
EOF
# Restart Authelia for changes to take the above configuration
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
/federated/bin/stop discourse
/federated/bin/start discourse
echo -ne "done.\n"
fi
}
configsso_discourse_plus() {
DISCOURSE_CLIENT_SECRET=$(cat /federated/apps/discourse/.discourse.client.secret)
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
/federated/bin/stop discourse
/federated/bin/start discourse
}