From 2a3a7f86b2deb288608747bc33f9abbc9049f331 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 30 Jan 2019 14:53:33 +0100 Subject: [PATCH 01/11] Move scripts to subfolder --- scripts/check-update.sh | 5 ++++- generate-signup-link.sh => scripts/generate-signup-link.sh | 1 + init-repo.sh => scripts/init-repo.sh | 2 +- postinstall.sh => scripts/postinstall.sh | 4 ++-- showInfo.sh => scripts/show-info.sh | 0 5 files changed, 8 insertions(+), 4 deletions(-) rename generate-signup-link.sh => scripts/generate-signup-link.sh (98%) rename init-repo.sh => scripts/init-repo.sh (99%) rename postinstall.sh => scripts/postinstall.sh (97%) rename showInfo.sh => scripts/show-info.sh (100%) diff --git a/scripts/check-update.sh b/scripts/check-update.sh index 17a899e..99a227d 100755 --- a/scripts/check-update.sh +++ b/scripts/check-update.sh @@ -1,7 +1,9 @@ #!/bin/bash set -e -ENVFILE="/mnt/docker/.env" +cd /mnt/repo-base/ + +ENVFILE="/mnt/repo-base/.env" DOMAIN=$(grep ^DOMAIN= "$ENVFILE" | awk -F= '{ print $NF }') ALT_EMAIL=$(grep ^ALT_EMAIL= "$ENVFILE" | awk -F= '{ print $NF }') KNOWN_VERSION_FILE="/mnt/repo-base/config/latest-known-version" @@ -16,6 +18,7 @@ LATEST_VERSION_DATE=$(git show -s --format=%ci "$LATEST_TAG") if [[ "$LATEST_VERSION_DATE" > "$CURRENT_VERSION_DATE" ]] then +<<<<<<< HEAD echo "New version $LATEST_TAG is available!" if [ "$LATEST_TAG" != "$(cat $KNOWN_VERSION_FILE)" ] then diff --git a/generate-signup-link.sh b/scripts/generate-signup-link.sh similarity index 98% rename from generate-signup-link.sh rename to scripts/generate-signup-link.sh index 7fa11c4..167c7f6 100755 --- a/generate-signup-link.sh +++ b/scripts/generate-signup-link.sh @@ -23,6 +23,7 @@ DOMAIN=$(grep ^DOMAIN= "/mnt/docker/.env" | awk -F= '{ print $NF }') SIGNUP_URL="https://welcome.$DOMAIN/?authmail=$EMAIL&authsecret=$AUTH_SECRET" echo "The new user can sign up now at $SIGNUP_URL" +cd /mnt/repo-base/ echo -e "Subject:Signup for $DOMAIN You can now sign up for your $DOMAIN account at $SIGNUP_URL" | \ docker-compose exec -T eelomailserver sendmail -f "drive@$DOMAIN" -t "$EMAIL" diff --git a/init-repo.sh b/scripts/init-repo.sh similarity index 99% rename from init-repo.sh rename to scripts/init-repo.sh index 3c803dd..1aae6ba 100755 --- a/init-repo.sh +++ b/scripts/init-repo.sh @@ -168,4 +168,4 @@ else exit 1 fi -bash /mnt/repo-base/postinstall.sh +bash /mnt/repo-base/scripts/postinstall.sh diff --git a/postinstall.sh b/scripts/postinstall.sh similarity index 97% rename from postinstall.sh rename to scripts/postinstall.sh index 1822fc5..ae08558 100755 --- a/postinstall.sh +++ b/scripts/postinstall.sh @@ -73,8 +73,8 @@ find /mnt/docker/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; d echo "=================================================================================================================================" echo "=================================================================================================================================" echo "Your logins:" -bash /mnt/repo-base/showInfo.sh +bash /mnt/repo-base/scripts/showInfo.sh echo "=================================================================================================================================" echo "Your signup link:" -bash /mnt/repo-base/generate-signup-link.sh --user-email $ALT_EMAIL +bash /mnt/repo-base/scripts/generate-signup-link.sh --user-email $ALT_EMAIL diff --git a/showInfo.sh b/scripts/show-info.sh similarity index 100% rename from showInfo.sh rename to scripts/show-info.sh -- GitLab From a3e629f31ced38df85b24ce5ea899b42b9152e61 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 30 Jan 2019 15:11:18 +0100 Subject: [PATCH 02/11] Moved docs to subfolder, added docs for env file --- docs/ENV_FILE.md | 40 +++++++++++++++++++ HOWTO_ADD_VHOST.md => docs/HOWTO_ADD_VHOST.md | 0 .../HOWTO_UPDATE_ONLYOFFICE.md | 0 env-example | 27 ------------- 4 files changed, 40 insertions(+), 27 deletions(-) create mode 100644 docs/ENV_FILE.md rename HOWTO_ADD_VHOST.md => docs/HOWTO_ADD_VHOST.md (100%) rename HOWTO_UPDATE_ONLYOFFICE.md => docs/HOWTO_UPDATE_ONLYOFFICE.md (100%) delete mode 100644 env-example diff --git a/docs/ENV_FILE.md b/docs/ENV_FILE.md new file mode 100644 index 0000000..c3995c1 --- /dev/null +++ b/docs/ENV_FILE.md @@ -0,0 +1,40 @@ +## General configuration +``` +DOMAIN=example.com # the main domain for your installation +ADD_DOMAINS=example.com, example2.com # one or more domains that are used for email +ALT_EMAIL=myname@gmail.com # admin email address +INSTALL_ONLYOFFICE=n # y or n, whether Onlyoffice is installed +``` + +## Nextcloud +``` +NEXTCLOUD_ADMIN_USER=ncadmin_z5BL +NEXTCLOUD_ADMIN_PASSWORD=sxOY26y0wKm1Q8SGhqmZ +``` + +## Mail +``` +RSPAMD_PASSWORD=gsteZuLgWLUNCs5b1Ksz +SMTP_PW=wGfQsTXPD3Ipm8Lfyk8y +PFA_SETUP_PASSWORD=93fqGWebGGXZb1CR2I +PFA_SUPERADMIN_PASSWORD=1oyHLEWikVlKx0bz72 +DISABLE_RATELIMITING=false +DRIVE_SMTP_PASSWORD=FL8D6SRnRWOdyMsN +ENABLE_POP3=false +VIRTUAL_HOST=autoconfig.domaina.pw,autodiscover.domaina.pw +``` + +## Database +``` +MYSQL_USER_NC=nc_0VwU +MYSQL_PASSWORD_NC=LxsjA8bzNuzUcTYtkfof +MYSQL_DATABASE_NC=ncdb_aJWW +PFDB_DB=postfix +PFDB_USR=postfix +MYSQL_ROOT_PASSWORD=RqT9WkfrZ9e6SzX2ARoN +DBPASS=QPpTpgFkLFA2ABPizXwk +DBA_USER=phpmyadmin +DBA_PASSWORD=T1N2tYn7aDILXYNS +``` +VHOSTS_ACCOUNTS=welcome.domaina.pw +SMTP_FROM=welcome@domaina.pw \ No newline at end of file diff --git a/HOWTO_ADD_VHOST.md b/docs/HOWTO_ADD_VHOST.md similarity index 100% rename from HOWTO_ADD_VHOST.md rename to docs/HOWTO_ADD_VHOST.md diff --git a/HOWTO_UPDATE_ONLYOFFICE.md b/docs/HOWTO_UPDATE_ONLYOFFICE.md similarity index 100% rename from HOWTO_UPDATE_ONLYOFFICE.md rename to docs/HOWTO_UPDATE_ONLYOFFICE.md diff --git a/env-example b/env-example deleted file mode 100644 index bed62d0..0000000 --- a/env-example +++ /dev/null @@ -1,27 +0,0 @@ -DBPASS=supersecretpw -RSPAMD_PASSWORD=supersecretpwRPSAMD -ADD_DOMAINS=domainA.com,domainB.com -#DISABLE_DNS_RESOLVER=true -#ENABLE_POP3=true -#ENABLE_FETCHMAIL=true -#DISABLE_CLAMAV=true -#DISABLE_SIGNING=true -#DISABLE_GREYLISTING=true -#DISABLE_RATELIMITING=true - -MYSQL_ROOT_PASSWORD=rootpwsecret - -VHOSTS_ACCOUNTS=welcome.domainA.com -PFDB_DB=postfix -PFDB_USR=postfix -SMTP_FROM=welcome@domainA.com -SMTP_PW=smtppw - -MYSQL_DATABASE_NC=nextcloud -MYSQL_USER_NC=nextcloud -MYSQL_PASSWORD_NC=ncdbpw -NEXTCLOUD_ADMIN_USER=adminusername -NEXTCLOUD_ADMIN_PASSWORD=adminaccountpw - -VIRTUAL_HOST=autoconfig.domainA.com,autodiscover.domainA.com,autoconfig.domainB.com,autodiscover.domainB.com -DOMAIN=domainA.com \ No newline at end of file -- GitLab From 8fc2da212db44fb4a5298cff68961bd205e83d68 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 11:17:29 +0100 Subject: [PATCH 03/11] Added documentation about files and folders --- docs/FOLDERS.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/FOLDERS.md diff --git a/docs/FOLDERS.md b/docs/FOLDERS.md new file mode 100644 index 0000000..2081d51 --- /dev/null +++ b/docs/FOLDERS.md @@ -0,0 +1,16 @@ +Files and Folders +------- + +- `docs/` General project documentation + +- `config-dynamic/` Config files that are generated based on templates, and contain hardcoded values like the local domain + +- `config-static/` Config files that are included with the git repo and don't change (except in repo updates) + +- `scripts/` Various scripts that are used for installation, updating and administration + +- `templates/` Used to dynamically generate various config files + +- `volumes/` Docker volumes used to store data for the different applications (eg Nextcloud files, mail data) + +- `docker-compose.yml` Defines the Docker images and volumes. Run `docker-compose up -d` to start the services, and `docker-compose down` to stop them. -- GitLab From 92cab07dfc16413e3647505b46c077d5d53c1efc Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 11:26:03 +0100 Subject: [PATCH 04/11] Move docker-compose files to templates folder --- scripts/init-repo.sh | 5 +++-- .../docker-compose/docker-compose-base.yml | 0 .../docker-compose/docker-compose-networks.yml | 0 .../docker-compose/docker-compose-onlyoffice.yml | 0 .../docker-compose/docker-compose_legacy.yml | 0 5 files changed, 3 insertions(+), 2 deletions(-) rename docker-compose-base.yml => templates/docker-compose/docker-compose-base.yml (100%) rename docker-compose-networks.yml => templates/docker-compose/docker-compose-networks.yml (100%) rename docker-compose-onlyoffice.yml => templates/docker-compose/docker-compose-onlyoffice.yml (100%) rename docker-compose_legacy.yml => templates/docker-compose/docker-compose_legacy.yml (100%) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 1aae6ba..485f1b5 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -24,16 +24,17 @@ MYSQL_PASSWORD_NC=$(grep ^MYSQL_PASSWORD_NC= "$ENVFILE" | awk -F= '{ print $NF } INSTALL_ONLYOFFICE=$(grep ^INSTALL_ONLYOFFICE= "$ENVFILE" | awk -F= '{ print $NF }') +DC_DIR="templates/docker-compose/" case $INSTALL_ONLYOFFICE in [Yy]* ) - cat docker-compose-base.yml docker-compose-onlyoffice.yml docker-compose-networks.yml > docker-compose.yml; + cat "${DC_DIR}docker-compose-base.yml" "${DC_DIR}docker-compose-onlyoffice.yml" "${DC_DIR}docker-compose-networks.yml" > docker-compose.yml; cat nginx/templates/office | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/office.$DOMAIN.conf" OFFICE_DOMAIN=",office.$DOMAIN" OFFICE_LETSENCRYPT_KEY="letsencrypt/certstore/live/office.$DOMAIN/privkey.pem" NUM_CERTIFICATES="7" ;; [Nn]* ) - cat docker-compose-base.yml docker-compose-networks.yml > docker-compose.yml + cat "${DC_DIR}docker-compose-base.yml" "${DC_DIR}docker-compose-networks.yml" > docker-compose.yml NUM_CERTIFICATES="6" ;; esac diff --git a/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml similarity index 100% rename from docker-compose-base.yml rename to templates/docker-compose/docker-compose-base.yml diff --git a/docker-compose-networks.yml b/templates/docker-compose/docker-compose-networks.yml similarity index 100% rename from docker-compose-networks.yml rename to templates/docker-compose/docker-compose-networks.yml diff --git a/docker-compose-onlyoffice.yml b/templates/docker-compose/docker-compose-onlyoffice.yml similarity index 100% rename from docker-compose-onlyoffice.yml rename to templates/docker-compose/docker-compose-onlyoffice.yml diff --git a/docker-compose_legacy.yml b/templates/docker-compose/docker-compose_legacy.yml similarity index 100% rename from docker-compose_legacy.yml rename to templates/docker-compose/docker-compose_legacy.yml -- GitLab From 1db5dde4e1ff960972cf58b65a9bba4e7a64e89e Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 12:21:50 +0100 Subject: [PATCH 05/11] Move accounts config to config-static and config-dynamic folders --- config-dynamic/accounts/.keep | 0 {accounts => config-static/accounts}/exclude_names | 0 scripts/generate-signup-link.sh | 2 +- scripts/init-repo.sh | 10 +++++----- templates/docker-compose/docker-compose-base.yml | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 config-dynamic/accounts/.keep rename {accounts => config-static/accounts}/exclude_names (100%) diff --git a/config-dynamic/accounts/.keep b/config-dynamic/accounts/.keep new file mode 100644 index 0000000..e69de29 diff --git a/accounts/exclude_names b/config-static/accounts/exclude_names similarity index 100% rename from accounts/exclude_names rename to config-static/accounts/exclude_names diff --git a/scripts/generate-signup-link.sh b/scripts/generate-signup-link.sh index 167c7f6..276d4a3 100755 --- a/scripts/generate-signup-link.sh +++ b/scripts/generate-signup-link.sh @@ -18,7 +18,7 @@ fi AUTH_SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) -echo "$EMAIL:$AUTH_SECRET" >> /mnt/docker/accounts/auth.file +echo "$EMAIL:$AUTH_SECRET" >> /mnt/repo-base/config-dynamic/accounts/auth.file DOMAIN=$(grep ^DOMAIN= "/mnt/docker/.env" | awk -F= '{ print $NF }') SIGNUP_URL="https://welcome.$DOMAIN/?authmail=$EMAIL&authsecret=$AUTH_SECRET" echo "The new user can sign up now at $SIGNUP_URL" diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 485f1b5..93ea046 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -137,13 +137,13 @@ fi #PFEXEC_UID=$(docker-compose exec --user pfexec postfixadmin id -u | tr -d '\r') # Generate ssh key for welcome -ssh-keygen -f /mnt/docker/accounts/id_rsa_postfixadmincontainer -N "" -chown "33:33" /mnt/docker/accounts/id_rsa_postfixadmincontainer -chown "1000:1000" /mnt/docker/accounts/id_rsa_postfixadmincontainer.pub +ssh-keygen -f /mnt/repo-base/config-dynamic/accounts/id_rsa_postfixadmincontainer -N "" +chown "33:33" /mnt/repo-base/config-dynamic/accounts/id_rsa_postfixadmincontainer +chown "1000:1000" /mnt/repo-base/config-dynamic/accounts/id_rsa_postfixadmincontainer.pub # needed to store created accounts, and needs to be writable by welcome -touch /mnt/docker/accounts/auth.file.done -chown "33:33" /mnt/docker/accounts/auth.file.done +touch /mnt/repo-base/config-dynamic/accounts/auth.file.done +chown "33:33" /mnt/repo-base/config-dynamic/accounts/auth.file.done # Login to /e/ registry | not necessary when going public docker login registry.gitlab.e.foundation:5000 diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index a62f320..8ab7784 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -59,7 +59,7 @@ services: environment: - DBPASS=${DBPASS} volumes: - - /mnt/docker/accounts/id_rsa_postfixadmincontainer.pub:/home/pfexec/.ssh/authorized_keys + - /mnt/repo-base/config-dynamic/accounts/id_rsa_postfixadmincontainer.pub:/home/pfexec/.ssh/authorized_keys depends_on: - eelomailserver - mariadb @@ -138,9 +138,9 @@ services: networks: - serverbase volumes: - - /mnt/docker/accounts:/var/accounts - - /mnt/docker/accounts/id_rsa_postfixadmincontainer:/home/www-data/.ssh/id_rsa - - /mnt/docker/accounts/exclude_names:/var/script/exclude_names + - /mnt/repo-base/config-dynamic/accounts:/var/accounts + - /mnt/repo-base/config-dynamic/accounts/id_rsa_postfixadmincontainer:/home/www-data/.ssh/id_rsa + - /mnt/repo-base/config-static/accounts/exclude_names:/var/script/exclude_names depends_on: - mariadb ################################################################################################################################## -- GitLab From 757e58ccbd1b91ecb0fe43154a96e0511a0ca009 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 12:39:28 +0100 Subject: [PATCH 06/11] Move nginx files to proper subfolders --- .../nginx/passwds}/.keep | 0 config-dynamic/nginx/sites-enabled/.keep | 0 .../nginx-params}/headers_params | 0 .../nginx-params}/proxy_params | 0 .../nginx-params}/ssl_params | 0 scripts/init-repo.sh | 20 +++++++++---------- .../docker-compose-networks.yml | 10 +++++----- .../templates => templates/nginx}/autoconfig | 0 {nginx/templates => templates/nginx}/dba | 0 {nginx/templates => templates/nginx}/drive | 0 {nginx/templates => templates/nginx}/mail | 0 {nginx/templates => templates/nginx}/office | 0 {nginx/templates => templates/nginx}/spam | 0 {nginx/templates => templates/nginx}/webmail | 0 {nginx/templates => templates/nginx}/welcome | 0 15 files changed, 15 insertions(+), 15 deletions(-) rename {nginx/sites-enabled => config-dynamic/nginx/passwds}/.keep (100%) create mode 100644 config-dynamic/nginx/sites-enabled/.keep rename {nginx/params => config-static/nginx-params}/headers_params (100%) rename {nginx/params => config-static/nginx-params}/proxy_params (100%) rename {nginx/params => config-static/nginx-params}/ssl_params (100%) rename {nginx/templates => templates/nginx}/autoconfig (100%) rename {nginx/templates => templates/nginx}/dba (100%) rename {nginx/templates => templates/nginx}/drive (100%) rename {nginx/templates => templates/nginx}/mail (100%) rename {nginx/templates => templates/nginx}/office (100%) rename {nginx/templates => templates/nginx}/spam (100%) rename {nginx/templates => templates/nginx}/webmail (100%) rename {nginx/templates => templates/nginx}/welcome (100%) diff --git a/nginx/sites-enabled/.keep b/config-dynamic/nginx/passwds/.keep similarity index 100% rename from nginx/sites-enabled/.keep rename to config-dynamic/nginx/passwds/.keep diff --git a/config-dynamic/nginx/sites-enabled/.keep b/config-dynamic/nginx/sites-enabled/.keep new file mode 100644 index 0000000..e69de29 diff --git a/nginx/params/headers_params b/config-static/nginx-params/headers_params similarity index 100% rename from nginx/params/headers_params rename to config-static/nginx-params/headers_params diff --git a/nginx/params/proxy_params b/config-static/nginx-params/proxy_params similarity index 100% rename from nginx/params/proxy_params rename to config-static/nginx-params/proxy_params diff --git a/nginx/params/ssl_params b/config-static/nginx-params/ssl_params similarity index 100% rename from nginx/params/ssl_params rename to config-static/nginx-params/ssl_params diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 93ea046..ca2cc5a 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -28,7 +28,7 @@ DC_DIR="templates/docker-compose/" case $INSTALL_ONLYOFFICE in [Yy]* ) cat "${DC_DIR}docker-compose-base.yml" "${DC_DIR}docker-compose-onlyoffice.yml" "${DC_DIR}docker-compose-networks.yml" > docker-compose.yml; - cat nginx/templates/office | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/office.$DOMAIN.conf" + cat templates/nginx/office | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/office.$DOMAIN.conf" OFFICE_DOMAIN=",office.$DOMAIN" OFFICE_LETSENCRYPT_KEY="letsencrypt/certstore/live/office.$DOMAIN/privkey.pem" NUM_CERTIFICATES="7" @@ -52,7 +52,7 @@ echo "VHOSTS_ACCOUNTS=welcome.$DOMAIN" >> "$ENVFILE" echo "SMTP_FROM=welcome@$DOMAIN" >> "$ENVFILE" # generate basic auth for phpmyadmin -htpasswd -c -b /mnt/docker/nginx/passwds/pma.htpasswd $DBA_USER "$DBA_PASSWORD" +htpasswd -c -b /mnt/repo-base/config-dynamic/nginx/passwds/pma.htpasswd $DBA_USER "$DBA_PASSWORD" VIRTUAL_HOST=$(echo "$ADD_DOMAINS" | tr "," "\n" | while read line; do echo "autoconfig.$line,autodiscover.$line"; done | tr "\n" "," | sed 's/.$//g') @@ -75,17 +75,17 @@ cat automx/automx-template.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > automx/automx # automx echo "$DOMAIN,$ADD_DOMAINS" | tr "," "\n" | while read CURDOMAIN; do - cat nginx/templates/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > nginx/sites-enabled/autoconfig.$CURDOMAIN.conf - cat nginx/templates/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > nginx/sites-enabled/autodiscover.$CURDOMAIN.conf + cat templates/nginx/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > "config-dynamic/nginx/sites-enabled/autoconfig.$CURDOMAIN.conf" + cat templates/nginx/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > "config-dynamic/nginx/sites-enabled/autodiscover.$CURDOMAIN.conf" :; done # other hosts -cat nginx/templates/dba | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/dba.$DOMAIN.conf" -cat nginx/templates/drive | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/drive.$DOMAIN.conf" -cat nginx/templates/mail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/mail.$DOMAIN.conf" -cat nginx/templates/spam | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/spam.$DOMAIN.conf" -cat nginx/templates/webmail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/webmail.$DOMAIN.conf" -cat nginx/templates/welcome | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "nginx/sites-enabled/welcome.$DOMAIN.conf" +cat templates/nginx/dba | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/dba.$DOMAIN.conf" +cat templates/nginx/drive | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/drive.$DOMAIN.conf" +cat templates/nginx/mail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/mail.$DOMAIN.conf" +cat templates/nginx/spam | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/spam.$DOMAIN.conf" +cat templates/nginx/webmail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/webmail.$DOMAIN.conf" +cat templates/nginx/welcome | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/welcome.$DOMAIN.conf" # confirm DNS is ready echo "" diff --git a/templates/docker-compose/docker-compose-networks.yml b/templates/docker-compose/docker-compose-networks.yml index fdf99f0..e06d752 100644 --- a/templates/docker-compose/docker-compose-networks.yml +++ b/templates/docker-compose/docker-compose-networks.yml @@ -8,11 +8,11 @@ - "80:8000" - "443:4430" volumes: - - /mnt/docker/nginx/sites-enabled:/etc/nginx/conf.d/ - - /mnt/docker/nginx/params:/etc/nginx/params/ - - /mnt/docker/letsencrypt/certstore:/certs - - /mnt/docker/nginx/passwds:/passwds - - /mnt/docker/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge + - /mnt/repo-base/config-dynamic/nginx/sites-enabled:/etc/nginx/conf.d/ + - /mnt/repo-base/config-static/nginx-params:/etc/nginx/params/ + - /mnt/repo-base/letsencrypt/certstore:/certs + - /mnt/repo-base/config-dynamic/nginx/passwds:/passwds + - /mnt/repo-base/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge networks: serverbase: diff --git a/nginx/templates/autoconfig b/templates/nginx/autoconfig similarity index 100% rename from nginx/templates/autoconfig rename to templates/nginx/autoconfig diff --git a/nginx/templates/dba b/templates/nginx/dba similarity index 100% rename from nginx/templates/dba rename to templates/nginx/dba diff --git a/nginx/templates/drive b/templates/nginx/drive similarity index 100% rename from nginx/templates/drive rename to templates/nginx/drive diff --git a/nginx/templates/mail b/templates/nginx/mail similarity index 100% rename from nginx/templates/mail rename to templates/nginx/mail diff --git a/nginx/templates/office b/templates/nginx/office similarity index 100% rename from nginx/templates/office rename to templates/nginx/office diff --git a/nginx/templates/spam b/templates/nginx/spam similarity index 100% rename from nginx/templates/spam rename to templates/nginx/spam diff --git a/nginx/templates/webmail b/templates/nginx/webmail similarity index 100% rename from nginx/templates/webmail rename to templates/nginx/webmail diff --git a/nginx/templates/welcome b/templates/nginx/welcome similarity index 100% rename from nginx/templates/welcome rename to templates/nginx/welcome -- GitLab From a4ebfd0d583886974390fa804b44ff22fdad8289 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 13:14:59 +0100 Subject: [PATCH 07/11] Moved mail config to proper folders --- automx/automx-ecloud.conf | 56 ------------------- config-dynamic/automx/.keep | 0 .../mail}/dovecot-custom/10-mail.conf | 0 .../mail}/dovecot-custom/90-quota.conf | 0 .../mail}/dovecot-custom/90-sieve.conf | 0 scripts/init-repo.sh | 2 +- .../automx/automx.conf | 0 .../docker-compose/docker-compose-base.yml | 10 ++-- 8 files changed, 6 insertions(+), 62 deletions(-) delete mode 100644 automx/automx-ecloud.conf create mode 100644 config-dynamic/automx/.keep rename {mail => config-static/mail}/dovecot-custom/10-mail.conf (100%) rename {mail => config-static/mail}/dovecot-custom/90-quota.conf (100%) rename {mail => config-static/mail}/dovecot-custom/90-sieve.conf (100%) rename automx/automx-template.conf => templates/automx/automx.conf (100%) diff --git a/automx/automx-ecloud.conf b/automx/automx-ecloud.conf deleted file mode 100644 index b087707..0000000 --- a/automx/automx-ecloud.conf +++ /dev/null @@ -1,56 +0,0 @@ -# file: /etc/automx.conf - -[automx] -provider = ecloud.global -domains = * - -#debug = yes -#logfile = /var/log/automx/automx.log - -# Protect against DoS -#memcache = 127.0.0.1:11211 -#memcache_ttl = 600 -#client_error_limit = 20 -#rate_limit_exception_networks = 127.0.0.0/8, ::1/128 - -# The DEFAULT section is always merged into each other section. Each section -# can overwrite settings done here. -[DEFAULT] -account_type = email -account_name = %s -account_name_short = %s - - -# If a domain is listed in the automx section, it may have its own section. If -# none is found here, the global section is used. -[global] -backend = static -action = settings - - -# If you want to sign mobileconfig profiles, enable these options. Make sure -# that your webserver has proper privileges to read the key. The cert file -# must contain the server certificate and all intermediate certificates. You -# can simply concatenate these certificates. -#sign_mobileconfig = yes -#sign_cert = /certs/autodiscover.eelo.io.crt -#sign_key = /certs/autodiscover.eelo.io.key - -smtp = yes -smtp_server = mail.ecloud.global -smtp_port = 587 -smtp_encryption = starttls -smtp_auth = plaintext -smtp_auth_identity = %s -smtp_refresh_ttl = 6 -smtp_default = yes - -imap = yes -imap_server = mail.ecloud.global -imap_port = 993 -imap_encryption = ssl -imap_auth = plaintext -imap_auth_identity = %s -imap_refresh_ttl = 6 - -pop = no diff --git a/config-dynamic/automx/.keep b/config-dynamic/automx/.keep new file mode 100644 index 0000000..e69de29 diff --git a/mail/dovecot-custom/10-mail.conf b/config-static/mail/dovecot-custom/10-mail.conf similarity index 100% rename from mail/dovecot-custom/10-mail.conf rename to config-static/mail/dovecot-custom/10-mail.conf diff --git a/mail/dovecot-custom/90-quota.conf b/config-static/mail/dovecot-custom/90-quota.conf similarity index 100% rename from mail/dovecot-custom/90-quota.conf rename to config-static/mail/dovecot-custom/90-quota.conf diff --git a/mail/dovecot-custom/90-sieve.conf b/config-static/mail/dovecot-custom/90-sieve.conf similarity index 100% rename from mail/dovecot-custom/90-sieve.conf rename to config-static/mail/dovecot-custom/90-sieve.conf diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index ca2cc5a..a3e389c 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -69,7 +69,7 @@ echo "$VIRTUAL_HOST,dba.$DOMAIN,drive.$DOMAIN,mail.$DOMAIN,spam.$DOMAIN,webmail. # Configure automx -cat automx/automx-template.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > automx/automx.conf +cat templates/automx/automx.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > config-dynamic/automx/automx.conf # Configure nginx vhost diff --git a/automx/automx-template.conf b/templates/automx/automx.conf similarity index 100% rename from automx/automx-template.conf rename to templates/automx/automx.conf diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 8ab7784..c6bf71d 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -35,10 +35,10 @@ services: # volumes: - /mnt/docker/mail:/var/mail - - /mnt/docker/letsencrypt/certstore:/etc/letsencrypt - - /mnt/docker/mail/dovecot-custom/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf - - /mnt/docker/mail/dovecot-custom/90-quota.conf:/etc/dovecot/conf.d/90-quota.conf - - /mnt/docker/mail/dovecot-custom/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf + - /mnt/repo-base/letsencrypt/certstore:/etc/letsencrypt + - /mnt/repo-base/config-static/mail/dovecot-custom/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf + - /mnt/repo-base/config-static/mail/dovecot-custom/90-quota.conf:/etc/dovecot/conf.d/90-quota.conf + - /mnt/repo-base/config-static/mail/dovecot-custom/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf # - /mnt/docker/mail/dovecot/dovecot.conf:/etc/dovecot/dovecot.conf depends_on: - mariadb @@ -177,4 +177,4 @@ services: networks: - serverbase volumes: - - /mnt/docker/automx/automx.conf:/etc/automx.conf + - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf -- GitLab From d4075cc20859fde872271695dcd034de9ade3c84 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 15:15:43 +0100 Subject: [PATCH 08/11] Move Nextcloud files to templates folder, use volumes/ subfolder --- docs/FOLDERS.md | 6 ++++-- scripts/init-repo.sh | 6 +++--- scripts/postinstall.sh | 2 +- .../docker-compose/docker-compose-base.yml | 18 ++++++++--------- .../docker-compose-onlyoffice.yml | 20 +++++++++---------- .../nextcloud}/a_user.sql | 0 .../nextcloud}/b_db.sql | 0 .../nextcloud}/c_grant.sql | 0 .../nextcloud}/user_sql_raw_config.conf | 0 volumes/.keep | 0 10 files changed, 27 insertions(+), 25 deletions(-) rename {deployment/ncdb-templates => templates/nextcloud}/a_user.sql (100%) rename {deployment/ncdb-templates => templates/nextcloud}/b_db.sql (100%) rename {deployment/ncdb-templates => templates/nextcloud}/c_grant.sql (100%) rename {deployment/nc-plugin-config => templates/nextcloud}/user_sql_raw_config.conf (100%) create mode 100644 volumes/.keep diff --git a/docs/FOLDERS.md b/docs/FOLDERS.md index 2081d51..c1cc78a 100644 --- a/docs/FOLDERS.md +++ b/docs/FOLDERS.md @@ -1,12 +1,14 @@ Files and Folders ------- -- `docs/` General project documentation - - `config-dynamic/` Config files that are generated based on templates, and contain hardcoded values like the local domain - `config-static/` Config files that are included with the git repo and don't change (except in repo updates) +- `deployment/` Files that are required for the initial installation + +- `docs/` General project documentation + - `scripts/` Various scripts that are used for installation, updating and administration - `templates/` Used to dynamically generate various config files diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index a3e389c..c6b864c 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -43,9 +43,9 @@ esac cd /mnt/docker && grep mnt docker-compose.yml | grep -v \# | awk '{ print $2 }' | awk -F: '{ print $1 }' | sed 's@m/.*conf$@m@g' | grep -v -e id_rsa -v -e exclude_names| sed 's@x/.*conf$@x@g' | sort -u | while read line; do mkdir -p "$line"; done # prepare nextcloud DB init scripts -cat /mnt/docker/deployment/ncdb-templates/a_user.sql | sed "s/@@@USER@@@/$MYSQL_USER_NC/g" | sed "s/@@@PASSWORD@@@/$MYSQL_PASSWORD_NC/g" > /mnt/docker/deployment/ncdb/a_user.sql -cat /mnt/docker/deployment/ncdb-templates/b_db.sql | sed "s/@@@ADMINUSER@@@/$NEXTCLOUD_ADMIN_USER/g" | sed "s/@@@DBNAME@@@/$MYSQL_DATABASE_NC/g" > /mnt/docker/deployment/ncdb/b_db.sql -cat /mnt/docker/deployment/ncdb-templates/c_grant.sql | sed "s/@@@USER@@@/$MYSQL_USER_NC/g" | sed "s/@@@DBNAME@@@/$MYSQL_DATABASE_NC/g" > /mnt/docker/deployment/ncdb/c_grant.sql +cat /mnt/repo-base/templates/nextcloud/a_user.sql | sed "s/@@@USER@@@/$MYSQL_USER_NC/g" | sed "s/@@@PASSWORD@@@/$MYSQL_PASSWORD_NC/g" > /mnt/repo-base/config-dynamic/nextcloud/a_user.sql +cat /mnt/repo-base/templates/nextcloud/b_db.sql | sed "s/@@@ADMINUSER@@@/$NEXTCLOUD_ADMIN_USER/g" | sed "s/@@@DBNAME@@@/$MYSQL_DATABASE_NC/g" > /mnt/repo-base/config-dynamic/nextcloud/b_db.sql +cat /mnt/repo-base/templates/nextcloud/c_grant.sql | sed "s/@@@USER@@@/$MYSQL_USER_NC/g" | sed "s/@@@DBNAME@@@/$MYSQL_DATABASE_NC/g" > /mnt/repo-base/config-dynamic/nextcloud/c_grant.sql # To be constructed repo specific echo "VHOSTS_ACCOUNTS=welcome.$DOMAIN" >> "$ENVFILE" diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index ae08558..b12109c 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -37,7 +37,7 @@ echo "Tweaking nextcloud config" sed -i "s/localhost/drive.$DOMAIN/g" /mnt/docker/nextcloud/config/config.php sed -i "s/);//g" /mnt/docker/nextcloud/config/config.php /bin/echo -e " 'skeletondirectory' => '',\n 'mail_from_address' => 'drive',\n 'mail_smtpmode' => 'smtp',\n 'mail_smtpauthtype' => 'PLAIN',\n 'mail_domain' => '$DOMAIN',\n 'mail_smtpauth' => 1,\n 'mail_smtphost' => 'mail.$DOMAIN',\n 'mail_smtpname' => 'drive@$DOMAIN',\n 'mail_smtppassword' => '$DRIVE_SMTP_PASSWORD',\n 'mail_smtpport' => '587',\n 'mail_smtpsecure' => 'tls'," >> /mnt/docker/nextcloud/config/config.php -cat /mnt/docker/deployment/nc-plugin-config/user_sql_raw_config.conf | sed "s/@@@DBNAME@@@/$PFDB_DB/g" | sed "s/@@@DBUSER@@@/$PFDB_USR/g" | sed "s/@@@DBPW@@@/$PFDB_DBPASS/g" >> /mnt/docker/nextcloud/config/config.php +cat /mnt/repo-base/templates/nextcloud/user_sql_raw_config.conf | sed "s/@@@DBNAME@@@/$PFDB_DB/g" | sed "s/@@@DBUSER@@@/$PFDB_USR/g" | sed "s/@@@DBPW@@@/$PFDB_DBPASS/g" >> /mnt/docker/nextcloud/config/config.php touch /mnt/docker/nextcloud/data/.ocdata echo "Installing nextcloud plugin" diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index c6bf71d..bda0c7b 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -34,12 +34,12 @@ services: # Full list : https://github.com/hardware/mailserver#environment-variables # volumes: - - /mnt/docker/mail:/var/mail + - /mnt/repo-base/volumes/mail:/var/mail - /mnt/repo-base/letsencrypt/certstore:/etc/letsencrypt - /mnt/repo-base/config-static/mail/dovecot-custom/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf - /mnt/repo-base/config-static/mail/dovecot-custom/90-quota.conf:/etc/dovecot/conf.d/90-quota.conf - /mnt/repo-base/config-static/mail/dovecot-custom/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf -# - /mnt/docker/mail/dovecot/dovecot.conf:/etc/dovecot/dovecot.conf +# - /mnt/repo-base/volumes/mail/dovecot/dovecot.conf:/etc/dovecot/dovecot.conf depends_on: - mariadb - redis @@ -76,7 +76,7 @@ services: networks: - serverbase volumes: - - /mnt/docker/rainloop/data:/rainloop/data + - /mnt/repo-base/volumes/rainloop/data:/rainloop/data depends_on: - eelomailserver - mariadb @@ -97,8 +97,8 @@ services: - MYSQL_USER=${PFDB_USR} - MYSQL_PASSWORD=${DBPASS} volumes: - - /mnt/docker/mysql/db:/var/lib/mysql - - /mnt/docker/deployment/ncdb:/docker-entrypoint-initdb.d + - /mnt/repo-base/volumes/mysql/db:/var/lib/mysql + - /mnt/repo-base/config-dynamic/nextcloud:/docker-entrypoint-initdb.d # Cache Database # https://github.com/docker-library/redis # https://redis.io/ @@ -158,10 +158,10 @@ services: networks: - serverbase volumes: - - /mnt/docker/nextcloud/html:/var/www/html/ - - /mnt/docker/nextcloud/custom_apps:/var/www/html/custom_apps/ - - /mnt/docker/nextcloud/config:/var/www/html/config/ - - /mnt/docker/nextcloud/data:/var/www/html/data/ + - /mnt/repo-base/volumes/nextcloud/html:/var/www/html/ + - /mnt/repo-base/volumes/nextcloud/custom_apps:/var/www/html/custom_apps/ + - /mnt/repo-base/volumes/nextcloud/config:/var/www/html/config/ + - /mnt/repo-base/volumes/nextcloud/data:/var/www/html/data/ depends_on: - mariadb diff --git a/templates/docker-compose/docker-compose-onlyoffice.yml b/templates/docker-compose/docker-compose-onlyoffice.yml index 032e0c4..5b2e6a2 100644 --- a/templates/docker-compose/docker-compose-onlyoffice.yml +++ b/templates/docker-compose/docker-compose-onlyoffice.yml @@ -7,8 +7,8 @@ networks: - serverbase volumes: - - /mnt/docker/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data - - /mnt/docker/onlyoffice/DocumentServer/logs:/var/log/onlyoffice + - /mnt/repo-base/volumes/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data + - /mnt/repo-base/volumes/onlyoffice/DocumentServer/logs:/var/log/onlyoffice onlyoffice-mail-server: image: onlyoffice/mailserver:latest container_name: onlyoffice-mail-server @@ -22,10 +22,10 @@ # - 143:143 # - 587:587 volumes: - - /mnt/docker/onlyoffice/MailServer/data:/var/vmail - - /mnt/docker/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver - - /mnt/docker/onlyoffice/MailServer/logs:/var/log - - /mnt/docker/onlyoffice/MailServer/mysql:/var/lib/mysql + - /mnt/repo-base/volumes/onlyoffice/MailServer/data:/var/vmail + - /mnt/repo-base/volumes/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver + - /mnt/repo-base/volumes/onlyoffice/MailServer/logs:/var/log + - /mnt/repo-base/volumes/onlyoffice/MailServer/mysql:/var/lib/mysql onlyoffice-community-server: image: onlyoffice/communityserver:latest container_name: onlyoffice-community-server @@ -38,10 +38,10 @@ - DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server - MAIL_SERVER_DB_HOST=onlyoffice-mail-server volumes: - - /mnt/docker/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data - - /mnt/docker/onlyoffice/CommunityServer/mysql:/var/lib/mysql - - /mnt/docker/onlyoffice/CommunityServer/logs:/var/log/onlyoffice - - /mnt/docker/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData + - /mnt/repo-base/volumes/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data + - /mnt/repo-base/volumes/onlyoffice/CommunityServer/mysql:/var/lib/mysql + - /mnt/repo-base/volumes/onlyoffice/CommunityServer/logs:/var/log/onlyoffice + - /mnt/repo-base/volumes/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData depends_on: - onlyoffice-documentserver - onlyoffice-mail-server diff --git a/deployment/ncdb-templates/a_user.sql b/templates/nextcloud/a_user.sql similarity index 100% rename from deployment/ncdb-templates/a_user.sql rename to templates/nextcloud/a_user.sql diff --git a/deployment/ncdb-templates/b_db.sql b/templates/nextcloud/b_db.sql similarity index 100% rename from deployment/ncdb-templates/b_db.sql rename to templates/nextcloud/b_db.sql diff --git a/deployment/ncdb-templates/c_grant.sql b/templates/nextcloud/c_grant.sql similarity index 100% rename from deployment/ncdb-templates/c_grant.sql rename to templates/nextcloud/c_grant.sql diff --git a/deployment/nc-plugin-config/user_sql_raw_config.conf b/templates/nextcloud/user_sql_raw_config.conf similarity index 100% rename from deployment/nc-plugin-config/user_sql_raw_config.conf rename to templates/nextcloud/user_sql_raw_config.conf diff --git a/volumes/.keep b/volumes/.keep new file mode 100644 index 0000000..e69de29 -- GitLab From ad2beeac1f6c2b24daa407aedb59800fde4a71a5 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 16:30:38 +0100 Subject: [PATCH 09/11] minor fixes --- scripts/init-repo.sh | 6 +++--- scripts/postinstall.sh | 20 ++++++++++---------- scripts/show-info.sh | 10 +++++----- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index c6b864c..8580af3 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -4,7 +4,7 @@ set -e #source <(curl -s https://gitlab.e.foundation/thilo/bootstrap/raw/master/bootstrap-commons.sh) source <(curl -s https://gitlab.e.foundation/e/infra/bootstrap/raw/master/bootstrap-commons.sh) -ENVFILE="/mnt/docker/.env" +ENVFILE="/mnt/repo-base/.env" rm -f "$ENVFILE" # Create .env file @@ -40,7 +40,7 @@ case $INSTALL_ONLYOFFICE in esac # Create folder structure -cd /mnt/docker && grep mnt docker-compose.yml | grep -v \# | awk '{ print $2 }' | awk -F: '{ print $1 }' | sed 's@m/.*conf$@m@g' | grep -v -e id_rsa -v -e exclude_names| sed 's@x/.*conf$@x@g' | sort -u | while read line; do mkdir -p "$line"; done +cd /mnt/repo-base && grep mnt docker-compose.yml | grep -v \# | awk '{ print $2 }' | awk -F: '{ print $1 }' | sed 's@m/.*conf$@m@g' | grep -v -e id_rsa -v -e exclude_names| sed 's@x/.*conf$@x@g' | sort -u | while read line; do mkdir -p "$line"; done # prepare nextcloud DB init scripts cat /mnt/repo-base/templates/nextcloud/a_user.sql | sed "s/@@@USER@@@/$MYSQL_USER_NC/g" | sed "s/@@@PASSWORD@@@/$MYSQL_PASSWORD_NC/g" > /mnt/repo-base/config-dynamic/nextcloud/a_user.sql @@ -148,7 +148,7 @@ chown "33:33" /mnt/repo-base/config-dynamic/accounts/auth.file.done # Login to /e/ registry | not necessary when going public docker login registry.gitlab.e.foundation:5000 -cd /mnt/docker/ +cd /mnt/repo-base/ docker-compose up -d # Run LE cert request diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index b12109c..8c0f862 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -2,7 +2,7 @@ set -e echo "Getting info from .env file" -ENVFILE="/mnt/docker/.env" +ENVFILE="/mnt/repo-base/.env" DOMAIN=$(grep ^DOMAIN= "$ENVFILE" | awk -F= '{ print $NF }') ADD_DOMAINS=$(grep ^ADD_DOMAINS= "$ENVFILE" | awk -F= '{ print $NF }') @@ -22,7 +22,7 @@ PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }') # We need to wait until both the config exists and occ works. If we only do one of these, it might # still not work. printf "Waiting for Nextcloud to be started" -while [ ! -f /mnt/docker/nextcloud/config/config.php ] +while [ ! -f /mnt/repo-base/volumes/nextcloud/config/config.php ] do printf "." sleep 0.1 @@ -34,11 +34,11 @@ do done echo "Tweaking nextcloud config" -sed -i "s/localhost/drive.$DOMAIN/g" /mnt/docker/nextcloud/config/config.php -sed -i "s/);//g" /mnt/docker/nextcloud/config/config.php -/bin/echo -e " 'skeletondirectory' => '',\n 'mail_from_address' => 'drive',\n 'mail_smtpmode' => 'smtp',\n 'mail_smtpauthtype' => 'PLAIN',\n 'mail_domain' => '$DOMAIN',\n 'mail_smtpauth' => 1,\n 'mail_smtphost' => 'mail.$DOMAIN',\n 'mail_smtpname' => 'drive@$DOMAIN',\n 'mail_smtppassword' => '$DRIVE_SMTP_PASSWORD',\n 'mail_smtpport' => '587',\n 'mail_smtpsecure' => 'tls'," >> /mnt/docker/nextcloud/config/config.php -cat /mnt/repo-base/templates/nextcloud/user_sql_raw_config.conf | sed "s/@@@DBNAME@@@/$PFDB_DB/g" | sed "s/@@@DBUSER@@@/$PFDB_USR/g" | sed "s/@@@DBPW@@@/$PFDB_DBPASS/g" >> /mnt/docker/nextcloud/config/config.php -touch /mnt/docker/nextcloud/data/.ocdata +sed -i "s/localhost/drive.$DOMAIN/g" /mnt/repo-base/volumes/nextcloud/config/config.php +sed -i "s/);//g" /mnt/repo-base/volumes/nextcloud/config/config.php +/bin/echo -e " 'skeletondirectory' => '',\n 'mail_from_address' => 'drive',\n 'mail_smtpmode' => 'smtp',\n 'mail_smtpauthtype' => 'PLAIN',\n 'mail_domain' => '$DOMAIN',\n 'mail_smtpauth' => 1,\n 'mail_smtphost' => 'mail.$DOMAIN',\n 'mail_smtpname' => 'drive@$DOMAIN',\n 'mail_smtppassword' => '$DRIVE_SMTP_PASSWORD',\n 'mail_smtpport' => '587',\n 'mail_smtpsecure' => 'tls'," >> /mnt/repo-base/volumes/nextcloud/config/config.php +cat /mnt/repo-base/templates/nextcloud/user_sql_raw_config.conf | sed "s/@@@DBNAME@@@/$PFDB_DB/g" | sed "s/@@@DBUSER@@@/$PFDB_USR/g" | sed "s/@@@DBPW@@@/$PFDB_DBPASS/g" >> /mnt/repo-base/volumes/nextcloud/config/config.php +touch /mnt/repo-base/volumes/nextcloud/data/.ocdata echo "Installing nextcloud plugin" docker exec -ti nextcloud su - www-data -s /bin/bash -c "php /var/www/html/occ app:install user_backend_sql_raw" @@ -51,7 +51,7 @@ echo "Creating postfix database schema" curl --silent -L https://mail.$DOMAIN/setup.php > /dev/null echo "Setting Postfix admin setup password" -docker cp /mnt/docker/deployment/postfixadmin/pwgen.php postfixadmin:/postfixadmin +docker cp /mnt/repo-base/deployment/postfixadmin/pwgen.php postfixadmin:/postfixadmin SETUPPW_HASH=$(docker exec -t postfixadmin php /postfixadmin/pwgen.php "$PFA_SETUP_PASSWORD" | tail -n1) docker exec -t postfixadmin sed -i "s|\($CONF\['setup_password'\].*=\).*|\1 '${SETUPPW_HASH}';|" /postfixadmin/config.inc.php docker exec -t postfixadmin rm /postfixadmin/pwgen.php @@ -68,12 +68,12 @@ docker exec -t postfixadmin php /postfixadmin/scripts/postfixadmin-cli.php mailb # display DKIM DNS setup info/instructions to the user echo -e "\n\n\n" echo -e "Please add the following records to your domain's DNS configuration:\n" -find /mnt/docker/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; do DOMAIN=$(basename $line); echo " - DKIM record (TXT) for $DOMAIN:" && cat $line/public.key; done +find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; do DOMAIN=$(basename $line); echo " - DKIM record (TXT) for $DOMAIN:" && cat $line/public.key; done echo "=================================================================================================================================" echo "=================================================================================================================================" echo "Your logins:" -bash /mnt/repo-base/scripts/showInfo.sh +bash /mnt/repo-base/scripts/show-info.sh echo "=================================================================================================================================" echo "Your signup link:" diff --git a/scripts/show-info.sh b/scripts/show-info.sh index e38246a..780faaf 100755 --- a/scripts/show-info.sh +++ b/scripts/show-info.sh @@ -1,20 +1,20 @@ #!/usr/bin/env bash set -e -ENVFILE="/mnt/docker/.env" +ENVFILE="/mnt/repo-base/.env" -SPAM_UI=$(grep server_name $(grep -l mailserver:11334 /mnt/docker/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') +SPAM_UI=$(grep server_name $(grep -l mailserver:11334 /mnt/repo-base/config-dynamic/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') RSPAMD_PASSWORD=$(grep ^RSPAMD_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') -NEXTCLOUD_UI=$(grep server_name $(grep -l nextcloud:80 /mnt/docker/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') +NEXTCLOUD_UI=$(grep server_name $(grep -l nextcloud:80 /mnt/repo-base/config-dynamic/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') NEXTCLOUD_ADMIN_USER=$(grep ^NEXTCLOUD_ADMIN_USER= "$ENVFILE" | awk -F= '{ print $NF }') NEXTCLOUD_ADMIN_PASSWORD=$(grep ^NEXTCLOUD_ADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') -DBA_UI=$(grep server_name $(grep -l pma:80 /mnt/docker/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') +DBA_UI=$(grep server_name $(grep -l pma:80 /mnt/repo-base/config-dynamic/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') DBA_USER=$(grep ^DBA_USER= "$ENVFILE" | awk -F= '{ print $NF }') DBA_PASSWORD=$(grep ^DBA_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') -POSTFIX_UI=$(grep server_name $(grep -l postfixadmin:8888 /mnt/docker/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') +POSTFIX_UI=$(grep server_name $(grep -l postfixadmin:8888 /mnt/repo-base/config-dynamic/nginx/sites-enabled/*.conf) | sort -u | head -n1 | awk '{ print $2 }' | sed 's/;$//g') POSTFIX_USER=$(grep ALT_EMAIL= "$ENVFILE" | awk -F= '{ print $NF }') POSTFIX_PASSWORD=$(grep PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') -- GitLab From 88132a8a27c8516f7cee1297f9458a6eef984e98 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 1 Feb 2019 16:39:46 +0100 Subject: [PATCH 10/11] Remove references to /mnt/docker --- deployment/salt/init-config/masterless.conf | 2 +- docs/FOLDERS.md | 2 ++ docs/HOWTO_ADD_VHOST.md | 20 +++++++++---------- docs/HOWTO_UPDATE_ONLYOFFICE.md | 12 +++++------ scripts/generate-signup-link.sh | 2 +- scripts/ssl-renew.sh | 8 ++++---- .../docker-compose/docker-compose-base.yml | 2 +- 7 files changed, 25 insertions(+), 23 deletions(-) diff --git a/deployment/salt/init-config/masterless.conf b/deployment/salt/init-config/masterless.conf index d5b9098..ffa00ee 100644 --- a/deployment/salt/init-config/masterless.conf +++ b/deployment/salt/init-config/masterless.conf @@ -2,4 +2,4 @@ file_client: local minion_id_caching: false file_roots: base: - - /mnt/docker/deployment/salt/base + - /mnt/repo-base/deployment/salt/base diff --git a/docs/FOLDERS.md b/docs/FOLDERS.md index c1cc78a..7f68757 100644 --- a/docs/FOLDERS.md +++ b/docs/FOLDERS.md @@ -15,4 +15,6 @@ Files and Folders - `volumes/` Docker volumes used to store data for the different applications (eg Nextcloud files, mail data) +- `.env` Defines passwords and other variables (see [ENV_FILE.md](ENV_FILE.md) for details) + - `docker-compose.yml` Defines the Docker images and volumes. Run `docker-compose up -d` to start the services, and `docker-compose down` to stop them. diff --git a/docs/HOWTO_ADD_VHOST.md b/docs/HOWTO_ADD_VHOST.md index 1f949e8..a600683 100644 --- a/docs/HOWTO_ADD_VHOST.md +++ b/docs/HOWTO_ADD_VHOST.md @@ -12,16 +12,16 @@ NEWVHOST=thilo-test.ecloud.global # Request cert from LE -echo -e "sub\t$NEWVHOST" >> /mnt/docker/letsencrypt/autrenew/ssl-domains.dat -/mnt/docker/letsencrypt/autrenew/ssl-renew.sh +echo -e "sub\t$NEWVHOST" >> /mnt/repo-base/letsencrypt/autrenew/ssl-domains.dat +/mnt/repo-base/letsencrypt/autrenew/ssl-renew.sh # Add vhost to docker-compose configuration -sed -i "s@VHOSTS_DOMAINS=@VHOSTS_DOMAINS=$NEWVHOST,@g" /mnt/docker/compose/.env +sed -i "s@VHOSTS_DOMAINS=@VHOSTS_DOMAINS=$NEWVHOST,@g" /mnt/repo-base/compose/.env # Create dir to host php files -mkdir -p /mnt/docker/www/$NEWVHOST/htdocs/ +mkdir -p /mnt/repo-base/www/$NEWVHOST/htdocs/ # Create nginx proxy vhost to point to dockered vhost echo "server { @@ -41,14 +41,14 @@ server { proxy_pass http://vhosts:80; include /etc/nginx/conf/proxy_params; } -}" > /mnt/docker/nginx/sites-enabled/${NEWVHOST}.conf +}" > /mnt/repo-base/nginx/sites-enabled/${NEWVHOST}.conf # Place file to check it is working -echo "hello world" > /mnt/docker/www/$NEWVHOST/htdocs/index.php -chown www-data: /mnt/docker/www/$NEWVHOST/ -R +echo "hello world" > /mnt/repo-base/www/$NEWVHOST/htdocs/index.php +chown www-data: /mnt/repo-base/www/$NEWVHOST/ -R # Restart services to bring changes into effect -cd /mnt/docker/compose && docker-compose up -d +cd /mnt/repo-base/compose && docker-compose up -d docker restart nginx ``` @@ -58,6 +58,6 @@ Health check: - Is new host working? https://thilo-test.ecloud.global # Happy hacking -Update you code in /mnt/docker/www/$NEWVHOST/htdocs/ to your liking :) +Update you code in /mnt/repo-base/www/$NEWVHOST/htdocs/ to your liking :) -Enjoy! \ No newline at end of file +Enjoy! diff --git a/docs/HOWTO_UPDATE_ONLYOFFICE.md b/docs/HOWTO_UPDATE_ONLYOFFICE.md index b3bf922..06e9cfd 100644 --- a/docs/HOWTO_UPDATE_ONLYOFFICE.md +++ b/docs/HOWTO_UPDATE_ONLYOFFICE.md @@ -9,7 +9,7 @@ docker stop onlyoffice-document-server docker stop onlyoffice-mail-server #Create backup copy of files -cp -pR /mnt/docker/onlyoffice{,.bck} +cp -pR /mnt/repo-base/onlyoffice{,.bck} # Save image IDs of old images to a file docker images | grep office > /somewhere/a-file.txt @@ -24,7 +24,7 @@ docker pull onlyoffice/communityserver docker pull onlyoffice/mailserver # Start again -cd /mnt/docker/compose +cd /mnt/repo-base/compose docker-compose up -d ``` @@ -44,10 +44,10 @@ docker tag 0e667b917252 onlyoffice/communityserver dockr tag 6b2398f473ea onlyoffice/mailserver # Move current files to yet another location and move previous backup into original location -mv /mnt/docker/onlyoffice /mnt/docker/onlyoffice.bck.rolledback -mv /mnt/docker/onlyoffice.bck /mnt/docker/onlyoffice +mv /mnt/repo-base/onlyoffice /mnt/repo-base/onlyoffice.bck.rolledback +mv /mnt/repo-base/onlyoffice.bck /mnt/repo-base/onlyoffice # Start again -cd /mnt/docker/compose +cd /mnt/repo-base/compose docker-compose up -d -``` \ No newline at end of file +``` diff --git a/scripts/generate-signup-link.sh b/scripts/generate-signup-link.sh index 276d4a3..5dcd51b 100755 --- a/scripts/generate-signup-link.sh +++ b/scripts/generate-signup-link.sh @@ -19,7 +19,7 @@ fi AUTH_SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) echo "$EMAIL:$AUTH_SECRET" >> /mnt/repo-base/config-dynamic/accounts/auth.file -DOMAIN=$(grep ^DOMAIN= "/mnt/docker/.env" | awk -F= '{ print $NF }') +DOMAIN=$(grep ^DOMAIN= "/mnt/repo-base/.env" | awk -F= '{ print $NF }') SIGNUP_URL="https://welcome.$DOMAIN/?authmail=$EMAIL&authsecret=$AUTH_SECRET" echo "The new user can sign up now at $SIGNUP_URL" diff --git a/scripts/ssl-renew.sh b/scripts/ssl-renew.sh index 39e2f52..fd8c21b 100755 --- a/scripts/ssl-renew.sh +++ b/scripts/ssl-renew.sh @@ -6,12 +6,12 @@ then exit 1 fi -ENVFILE="/mnt/docker/.env" +ENVFILE="/mnt/repo-base/.env" DOMAIN=$(grep ^DOMAIN= "$ENVFILE" | awk -F= '{ print $NF }') MAILHOST="mail.$DOMAIN" -CONFIG=/mnt/docker/letsencrypt/autorenew/ssl-domains.dat +CONFIG=/mnt/repo-base/letsencrypt/autorenew/ssl-domains.dat OPENSSLBIN=/usr/bin/openssl -CERTSTOREBASE=/mnt/docker/letsencrypt/certstore +CERTSTOREBASE=/mnt/repo-base/letsencrypt/certstore CERTSTORE=$CERTSTOREBASE/live SERVERADMIN="admin@$DOMAIN" PUBIP=0.0.0.0 @@ -23,7 +23,7 @@ cat "$CONFIG" | while read TYPE DOMAIN; do then ALIAS="-d www.$DOMAIN" fi - docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/docker/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge "$CERTBOT_IMAGE" certonly --non-interactive \ + docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/repo-base/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge "$CERTBOT_IMAGE" certonly --non-interactive \ --agree-tos -m $SERVERADMIN -d $DOMAIN $ALIAS --webroot -w /etc/letsencrypt/acme-challenge docker exec nginx nginx -s reload NVALIDTHRU=$($OPENSSLBIN x509 -enddate -noout -in $CERTSTORE/$DOMAIN/fullchain.pem | awk -F= '{ print $NF }') diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index bda0c7b..9241a4f 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -110,7 +110,7 @@ services: - serverbase command: redis-server --appendonly yes volumes: - - /mnt/docker/redis/db:/data + - /mnt/repo-base/volumes/redis/db:/data pma: image: phpmyadmin/phpmyadmin container_name: pma -- GitLab From 0b603e16effa1326eb70961a3c05bdf4ed96f90b Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 4 Feb 2019 09:31:05 +0100 Subject: [PATCH 11/11] grep -q, bash instead of sh --- scripts/init-repo.sh | 2 +- scripts/postinstall.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 8580af3..7460a1d 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -152,7 +152,7 @@ cd /mnt/repo-base/ docker-compose up -d # Run LE cert request -sh scripts/ssl-renew.sh +bash scripts/ssl-renew.sh # verify LE status CTR_LE=$(find letsencrypt/certstore/live/dba.$DOMAIN/privkey.pem letsencrypt/certstore/live/drive.$DOMAIN/privkey.pem letsencrypt/certstore/live/mail.$DOMAIN/privkey.pem letsencrypt/certstore/live/spam.$DOMAIN/privkey.pem letsencrypt/certstore/live/webmail.$DOMAIN/privkey.pem letsencrypt/certstore/live/welcome.$DOMAIN/privkey.pem $OFFICE_LETSENCRYPT_KEY 2>/dev/null| wc -l) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 8c0f862..0bd170e 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -27,7 +27,7 @@ do printf "." sleep 0.1 done -while docker-compose exec --user www-data nextcloud php occ | grep "Nextcloud is not installed" > /dev/null; +while docker-compose exec --user www-data nextcloud php occ | grep -q "Nextcloud is not installed"; do printf "." sleep 0.1 -- GitLab