bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
test/bin/convertdomain
root df077689f5 Added fixes to convertdomain
2023-06-20 13:50:52 +00:00

643 lines
31 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -x
#
# Federated Convert Domain
#
# Converts Federated Core services
# From: customer.federatedcomputer.cloud
# To: domain.com
#
# Assumes all services are currently running
. /federated/lib/functions.sh
. /federated/bin/.env
check_gluerecords() {
echo -ne "\n* Checking glue records for $DOMAIN_NEW.."
NS_PARENT="$(dig +short NS "$DOMAIN_LAST." | head -n 1)"
CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW`
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW"
CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW`
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW"
CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP`
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP"
CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP`
[ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP"
echo -ne "done."
}
do_serviceprep() {
# Create DNS records for newdomain
docker exec -it pdns pdnsutil create-zone $DOMAIN_NEW
docker exec -it pdns pdnsutil set-kind $DOMAIN_NEW native
docker exec -it pdns pdnsutil set-meta $DOMAIN_NEW SOA-EDIT-API DEFAULT
for i in ns1 ns2 powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW $i A 86400 $EXTERNALIP
done
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns1.$DOMAIN_NEW
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ NS ns2.$DOMAIN_NEW
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ MX 86400 "10 mail.$DOMAIN_NEW"
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ TXT 86400 "\"v=spf1 mx a:$DOMAIN_NEW ~all\""
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW \* CNAME 86400 www.$DOMAIN_NEW
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW @ A 86400 $EXTERNALIP
# Other pre-prep service stuff
docker exec -it -u 33 nextcloud /var/www/html/occ -vv ldap:delete-config s01
docker exec -it -u 33 nextcloud /var/www/html/occ app:disable user_ldap
docker exec -it ldap bash -c "slapcat > /root/convertdomain.ldif"
# Remove first lines of ldap config, replace dc= with new domain, replace domain name
sed -n '/^dn: ou=people,dc=federatedcomputer,dc=cloud$/,$p' /federated/apps/ldap/data/root/convertdomain.ldif > /federated/apps/ldap/data/root/convertdomain1.ldif
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/data/root/convertdomain1.ldif
}
convert_powerdns() {
#### Convert PowerDNS pdnsmysql
echo -ne "\n* Converting pdnsmysql.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsmysql/docker-compose.yml
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsmysql/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "pdnsmysql" "nc -z ${SERVICE_IP} 3306 &> /dev/null"
echo -ne "done."
#### Convert PowerDNS pdns
echo -ne "\n* Converting pdns.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/.env
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null"
echo -ne "done."
#### Convert PowerDNS pdnsadmin
echo -ne "\n* Converting pdnsadmin.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/.env
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/pdnsadmin/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null"
echo -ne "done."
}
convert_traefik() {
#### Convert Traefik
echo -ne "\n* Converting traefik. Waiting 60s first for dns.."
sleep 60
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/.env
rm -rf /federated/apps/traefik/data/letsencrypt/acme.json
# Start Traefik
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
# Keep trying to see that certificates are generated
RETRY="20"
while [ $RETRY -gt 0 ]; do
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
# Check if certs are generated
ls /federated/certs/private/$DOMAIN_NEW.key /federated/certs/certs/$DOMAIN_NEW.crt &> /dev/null
if [ $? -eq 0 ]; then
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
failcheck "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik'"
fi
((RETRY--))
sleep 9
fi
done
echo -ne "done."
}
convert_postgresql() {
#### Convert Postgresql
echo -ne "\n* Converting postgresql.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/.env
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/certs/private/$DOMAIN_NEW.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null"
echo -ne "done."
}
convert_ldap() {
#### Convert LDAP
echo -ne "\n* Converting ldap.."
# Remove LDAP files so we can start clean
rm -rf /federated/apps/ldap/data/var/lib/ldap/*
rm -rf /federated/apps/ldap/data/etc/ldap/slapd.d/*
rm -rf /federated/apps/ldap/data/root/.ldaprc
rm -rf /federated/apps/ldap/data/certs/dhparam.pem
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/.env
sed -i "s#LDAP_DOMAIN=.*#LDAP_DOMAIN=$DOMAIN_NEW#g" /federated/apps/ldap/.env
sed -i "s#LDAP_ORGANISATION=.*#LDAP_ORGANISATION=$ORG_NEW#g" /federated/apps/ldap/.env
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/ldap/data/certs/
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/ldap/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "ldap" "nc -z $SERVICE_IP 636 &> /dev/null"
# This imports the modified LDAP configuration above
docker exec -it ldap bash -c "slapadd -v -l /root/convertdomain1.ldif" &> /dev/null
[ $? -ne 0 ] && failcheck "Couldn't slapadd convertdomain1.ldif inside ldap container"
echo -ne "done."
}
convert_mail() {
#### Convert Mail
echo -ne "\n* Converting mail.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/.env
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/mail/data/root/certs/
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "mail" "nc -z $SERVICE_IP 25 &> /dev/null"
# Generate the DKIM DNS key for new domain
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN_NEW &> /dev/null
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
# Insert the DKIM DNS TXT entry into /federated/apps/pdns container
DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN_NEW/mail.txt | sed 's/.*(//'`
DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'`
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container"
# Insert the DMARC DNS TXT entry into /federated/apps/pdns container
docker exec -it pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
echo -ne "done."
}
convert_collabora() {
#### Convert Collabora
echo -ne "\n* Converting collabora.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/.env
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/*
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/collabora/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "collabora" "nc -z $SERVICE_IP 9980 &> /dev/null"
echo -ne "done."
}
convert_nextcloud() {
#### Convert Nextcloud
echo -ne "\n* Converting nextcloud.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php
# Make new nextcloud config
cat > /federated/apps/nextcloud/data/configs.json <<EOF
{
"system": {
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "nextcloud",
"mail_domain": "$DOMAIN_NEW",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "mail.$DOMAIN_NEW",
"mail_smtpport": "587",
"mail_smtpname": "admin",
"mail_smtppassword": "$ADMINPASS"
},
"apps": {
"side_menu": {
"background-color-opacity": "100",
"current-app-background-color": "#005b8d",
"types": "",
"enabled": "yes",
"text-color": "#ffffff",
"loader-color": "#339bd4",
"types": "",
"always-displayed": "0",
"big-menu": "0",
"side-with-categories": "0",
"background-color": "#0068a1",
"background-color-to": "#0068a1",
"icon-invert-filter": "0",
"icon-opacity": "100",
"opener": "side-menu-opener",
"dark-mode-background-color": "#0068a1",
"dark-mode-background-color-to": "#0068a1",
"dark-mode-background-color-opacity": "100",
"dark-mode-current-app-background-color": "#005b8d",
"dark-mode-text-color": "#ffffff",
"dark-mode-loader-color": "#ffffff",
"dark-mode-icon-invert-filter": "0",
"dark-mode-icon-opacity": "100",
"dark-mode-opener": "side-menu-opener",
"opener-position": "before",
"opener-only": "0",
"hide-when-no-apps": "0",
"opener-hover": "0",
"display-logo": "1",
"use-avatar": "0",
"add-logo-link": "1",
"big-menu-hidden-apps": "[]",
"show-settings": "0",
"size-icon": "normal",
"size-text": "normal",
"target-blank-apps": "[]",
"loader-enabled": "1",
"top-side-menu-apps": "[]",
"top-menu-mouse-over-hidden-label": "0",
"apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
"categories-order-type": "default",
"categories-custom": "[]",
"apps-categories-custom": "[]",
"categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
"default-enabled": "1",
"force": "0",
"top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
"cache": "2"
}
}
}
EOF
cat > /federated/apps/nextcloud/data/config.sh <<EOF
#!/bin/sh
PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
/var/www/html/occ app:enable user_ldap
/var/www/html/occ ldap:create-empty-config
/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN_NEW'
/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
/var/www/html/occ ldap:set-config s01 ldapPagingSize 500
/var/www/html/occ ldap:set-config s01 ldapPort 636
/var/www/html/occ ldap:set-config s01 ldapTLS 1
/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto
/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0
/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0
/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1
/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
/var/www/html/occ config:system:set overwriteprotocol --value=https
/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
/var/www/html/occ config:system:delete trusted_domains
/var/www/html/occ config:system:set trusted_domains 1 --value=*
/var/www/html/occ group:adduser admin admin
/var/www/html/occ user:delete nextcloud
/var/www/html/occ app:enable mail
/var/www/html/occ app:enable calendar
/var/www/html/occ app:enable contacts
/var/www/html/occ app:enable notes
/var/www/html/occ app:enable deck
/var/www/html/occ app:enable tasks
/var/www/html/occ app:enable bookmarks
/var/www/html/occ app:enable forms
/var/www/html/occ app:enable spreed
/var/www/html/occ app:enable side_menu
/var/www/html/occ app:enable external
/var/www/html/occ app:enable richdocuments
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments public_wopi_url
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments wopi_url
/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN_NEW\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN_NEW\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN_NEW\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN_NEW\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN_NEW\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN_NEW\"}}"
/var/www/html/occ config:import configs.json
EOF
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null"
# Move config.sh and sidemenu config, set config.sh executable
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
docker exec nextcloud chmod 755 /var/www/html/config.sh
[ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
# Run config.sh - Setup LDAP, configuration for nextcloud
docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
# Add admin user to group
# Have to do it this many times so it will query LDAP and populate admin user first
docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
docker exec -it -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN_NEW mail.$DOMAIN_NEW 993 ssl admin@$DOMAIN_NEW $ADMINPASS mail.$DOMAIN_NEW 465 ssl admin@$DOMAIN_NEW $ADMINPASS password"
echo -ne "done."
}
convert_matrix() {
#### Convert Matrix
echo -ne "\n* Converting matrix.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/.env
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#server_name: \"matrix.$DOMAIN\"#server_name: \"matrix.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#smtp_host: \"mail.$DOMAIN\"#smtp_host: \"mail.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#notif_from:.*#notif_from: \"Your Friendly %(app)s homeserver <matrix@matrix.$DOMAIN_NEW>\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#app_name:.*#app_name: $ORG_NEW Matrix Server#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#postgresql.$DOMAIN#postgresql.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#ldap.$DOMAIN#ldap.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#$DOMAIN.crt#$DOMAIN_NEW.crt#g" /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i "s#$DOMAIN.key#$DOMAIN_NEW.key#g" /federated/apps/matrix/data/matrix/homeserver.yaml
cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/matrix/data/matrix/
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN_NEW.crt /federated/apps/matrix/data/matrix/$DOMAIN_NEW.key
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/matrix/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "matrix" "nc -z $SERVICE_IP 8008 &> /dev/null"
echo -ne "done."
}
convert_element() {
#### Convert Element
echo -ne "\n* Converting element.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/element/data/element/element-config.json
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/element/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "element" "nc -z $SERVICE_IP 80 &> /dev/null"
echo -ne "done."
}
convert_listmonk() {
#### Convert Listmonk
echo -ne "\n* Converting listmonk.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/data/listmonk/config.toml
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "listmonk" "nc -z $SERVICE_IP 9000 &> /dev/null"
# Change app.root_url and other settings to our domain
docker exec -it postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN_NEW\"' where key='app.root_url'" &> /dev/null
docker exec -it postgresql psql -U listmonk -c "update settings set value='\"listmonk <listmonk@listmonk.$DOMAIN_NEW>\"' where key='app.from_email'" &> /dev/null
docker exec -it postgresql psql -U listmonk -c "update settings set value='[{\"host\": \"mail.$DOMAIN_NEW\", \"port\": 587, \"enabled\": true, \"password\": \"$ADMINPASS\", \"tls_type\": \"STARTTLS\", \"username\": \"admin\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}, {\"host\": \"smtp.gmail.com\", \"port\": 465, \"enabled\": false, \"password\": \"password\", \"tls_type\": \"TLS\", \"username\": \"username@gmail.com\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}]' where key='smtp';" &> /dev/null
echo -ne "done."
}
convert_vaultwarden() {
#### Convert Vaultwarden
echo -ne "\n* Converting vaultwarden.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/.env
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/vaultwarden/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "vaultwarden" "nc -z $SERVICE_IP 80 &> /dev/null"
echo -ne "done."
}
convert_panel() {
#### Convert Panel
echo -ne "\n* Converting panel.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/.env
sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env
sed -i "s#SITE_NAME=.*#SITE_NAME=$ORG_NEW Panel#g" /federated/apps/panel/.env
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/panel/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "panel" "nc -z $SERVICE_IP 80 &> /dev/null"
echo -ne "done."
}
convert_wireguard() {
#### Convert Wireguard
echo -ne "\n* Converting wireguard.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/.donoteditthisfile
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/peer1/peer1.conf
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/coredns/Corefile
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/wireguard/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "wireguard" "nc -uvz $SERVICE_IP 51820 &> /dev/null"
echo -ne "done."
}
convert_jitsi() {
#### Convert Jitsi
echo -ne "\n* Converting jitsi.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/.env
sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env
start_service_convert "jitsi" "nc -z 172.99.0.25 443 &> /dev/null"
echo -ne "done."
}
convert_baserow() {
#### Convert Baserow
echo -ne "\n* Converting baserow.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/.env
docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set username='admin@$DOMAIN_NEW' where username='admin@$DOMAIN'\"" &> /dev/null
[ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
docker exec -it postgresql bash -c "psql -U baserow -c \"update auth_user set email='admin@$DOMAIN_NEW' where email='admin@$DOMAIN'\"" &> /dev/null
[ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
start_service_convert "baserow" "docker exec -it baserow curl http://localhost:8000 &> /dev/null"
echo -ne "done."
}
convert_gitea() {
#### Convert Gitea
echo -ne "\n* Converting gitea.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/data/data/gitea/conf/app.ini
# Replace users in Gitea postgres database with new domain name
for i in `docker exec -it postgresql bash -c "psql -U gitea -t -c 'select * from email_address;' | grep $DOMAIN" | awk -F\@ '{ print $1 }' | awk '{ print $5 }'`; do
USER="$i";
docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set email='$USER@$DOMAIN_NEW' where email='$USER@$DOMAIN'\""
docker exec -it postgresql bash -c "psql -U gitea -c \"update email_address set lower_email='$USER@$DOMAIN_NEW' where lower_email='$USER@$DOMAIN'\""
done
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null"
# Delete tne current admin and create the admin user with new domain name
docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1"
docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW
echo -ne "done."
}
convert_caddy() {
#### Convert Caddy
echo -ne "\n* Converting caddy.."
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/docker-compose.yml
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/.env
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/data/etc/caddy/Caddyfile
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/caddy/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service_convert "caddy" "nc -z $SERVICE_IP 80 &> /dev/null"
echo -ne "done."
}
usage() {
echo "$0: <domain.com> <organization name>"
exit 2
}
[ $# != 2 ] && usage
DOMAIN_NEW=$1
ORG_NEW=$2
# Check if DNS works
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working"
# Setup DOMAIN variable for domain or subdomain
DOMAIN_ARRAY=(${DOMAIN_NEW//./ })
if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
DOMAIN_LAST=${DOMAIN_ARRAY[2]}
else
failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com"
fi
ADMINPASS=`cat /federated/bin/.adminpass | head -1`
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
echo -ne "\n\nConverting Federated Core $DOMAIN to $DOMAIN_NEW.\n\n"
check_gluerecords
do_serviceprep
# Stop all services
/federated/bin/stop all &> /dev/null
convert_powerdns
convert_traefik
convert_postgresql
convert_ldap
convert_mail
convert_collabora
convert_nextcloud
convert_matrix
convert_element
convert_listmonk
convert_vaultwarden
convert_panel
convert_wireguard
convert_jitsi
convert_baserow
convert_gitea
convert_caddy
Reference in New Issue View Git Blame Copy Permalink