ßingen
il y a 6 ans
21 fichiers modifiés avec 127 ajouts et 75 suppressions
+ 5
- 7
add_dns_entries.sh
Voir le fichier
| @@ -18,13 +18,11 @@ IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')" # May not work | |||
| source .env | |||
| # global domain with all subdomains | |||
| echo address=/.${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| #echo address=/${MAIL_HOSTNAME}.${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| # Nextcloud | |||
| #echo address=/${NEXTCLOUD_SERVER_NAME}.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| # gogs | |||
| #echo address=/gogs.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| echo address=/.${DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| # virtual domains | |||
| for domain in ${VIRTUAL_DOMAINS[@]}; do | |||
| echo address=/.${domain}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| done; | |||
| # ##### Add entries to PiHole ###### # | |||
+ 5
- 7
add_dns_entries_noswarm.sh
Voir le fichier
| @@ -11,13 +11,11 @@ IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')" # May not work | |||
| source .env | |||
| # global domain with all subdomains | |||
| echo address=/.${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| #echo address=/${MAIL_HOSTNAME}.${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| # Nextcloud | |||
| #echo address=/${NEXTCLOUD_SERVER_NAME}.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| # gogs | |||
| #echo address=/gogs.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| echo address=/.${DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE} | |||
| # virtual domains | |||
| for domain in ${VIRTUAL_DOMAINS[@]}; do | |||
| echo address=/.${domain}/${IP_LOOKUP} >> /tmp/${CONF_FILE} | |||
| done; | |||
| # ##### Add entries to PiHole ###### # | |||
+ 2
- 3
docker-compose.yml
Voir le fichier
| @@ -18,7 +18,7 @@ services: | |||
| - ${LDAP_DATA_VOLUME_PATH}:/var/lib/ldap | |||
| - ${LDAP_CONFIG_VOLUME_PATH}:/etc/ldap/slapd.d | |||
| - ${LDAP_CERTS_VOLUME_PATH}:/container/service/slapd/assets/certs/ | |||
| hostname: openldap.${LDAP_DOMAIN} | |||
| hostname: openldap.${DOMAIN} | |||
| db: | |||
| build: | |||
| @@ -58,8 +58,7 @@ services: | |||
| image: bingen/${ARCH}-mailserver:latest | |||
| depends_on: | |||
| - openldap | |||
| hostname: ${MAIL_HOSTNAME}.${MAIL_DOMAIN} | |||
| #domainname: ${MAIL_DOMAIN} | |||
| hostname: ${MAIL_HOSTNAME}.${DOMAIN} | |||
| env_file: | |||
| - mail.env | |||
| networks: | |||
+ 8
- 2
env.template
Voir le fichier
| @@ -2,12 +2,17 @@ | |||
| ARCH=ARCH_PLACEHOLDER | |||
| # DOMAINS | |||
| DOMAIN=${DOMAIN} | |||
| VIRTUAL_DOMAINS=${VIRTUAL_DOMAINS} | |||
| DOMAINS=${DOMAIN} ${VIRTUAL_DOMAINS} | |||
| # DB | |||
| DB_DATA_VOLUME_PATH=${VOLUMES_PATH}/mariadb/data | |||
| #DB_CONFIG_VOLUME_PATH=${VOLUMES_PATH}/mariadb/config | |||
| # LDAP | |||
| LDAP_DOMAIN=${DOMAIN} | |||
| LDAP_ORGANIZATION=${ORGANIZATION} | |||
| LDAP_EXTENSION=${EXTENSION} | |||
| LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd | |||
| @@ -18,7 +23,6 @@ LDAP_CERTS_VOLUME_PATH=${VOLUMES_PATH}/openldap/certs | |||
| MAIL_HOSTNAME=mail | |||
| MAIL_DOMAIN=${DOMAIN} | |||
| MAIL_DATA_VOLUME_PATH=${VOLUMES_PATH}/mail | |||
| #MAIL_STATE_VOLUME_PATH=${VOLUMES_PATH}/mail/state | |||
| MAIL_DATA_PATH=/srv/vmail | |||
| @@ -27,6 +31,7 @@ MAIL_DATA_PATH=/srv/vmail | |||
| # NEXTCLOUD | |||
| NEXTCLOUD_VERSION=nextcloud-15.0.5 | |||
| NEXTCLOUD_SERVER_NAME=nextcloud | |||
| # Internal data path | |||
| NEXTCLOUD_DATA_PATH=/srv/nextcloud/data | |||
| # external Volume path | |||
| @@ -47,6 +52,7 @@ PAPERLESS_EXPORT_PATH=/export | |||
| # GOGS | |||
| GOGS_SERVER_NAME=gogs | |||
| GOGS_DATA_VOLUME_PATH=${VOLUMES_PATH}/gogs/data | |||
| # PI-HOLE | |||
+ 1
- 1
gogs.env.template
Voir le fichier
| @@ -1,4 +1,4 @@ | |||
| GOGS_DOMAIN=gogs.${DOMAIN} | |||
| GOGS_DOMAIN=${DOMAIN} | |||
| GOGS_ADMIN_PWD_FILE=/run/secrets/admin_pwd | |||
| ADMIN_EMAIL=${ADMIN_EMAIL} | |||
+ 0
- 5
haproxy.env.template
Voir le fichier
| @@ -1,7 +1,2 @@ | |||
| # services | |||
| NEXTCLOUD_URL=nextcloud.${DOMAIN} | |||
| GOGS_URL=gogs.${DOMAIN} | |||
| ZONEMINDER_URL=zoneminder.${DOMAIN} | |||
| # Let's Encrypt | |||
| ADMIN_EMAIL=${ADMIN_EMAIL} | |||
+ 1
- 1
images/email/config/postfix/ldap_virtual_aliases.cf
Voir le fichier
| @@ -3,6 +3,6 @@ bind_dn = ${LDAP_BIND_DN} | |||
| bind_pw = ${LDAP_BIND_PWD} | |||
| server_host = ${LDAP_SERVER_HOST} | |||
| search_base = ${LDAP_SEARCH_BASE} | |||
| domain = ${DOMAIN} | |||
| #domain = ${DOMAINS} | |||
| query_filter = (&(mailAlias=%s)(mailEnabled=TRUE)) | |||
| result_attribute = mail, email | |||
+ 2
- 2
images/email/config/postfix/ldap_virtual_recipients.cf
Voir le fichier
| @@ -3,6 +3,6 @@ bind_dn = ${LDAP_BIND_DN} | |||
| bind_pw = ${LDAP_BIND_PWD} | |||
| server_host = ${LDAP_SERVER_HOST} | |||
| search_base = ${LDAP_SEARCH_BASE} | |||
| domain = ${DOMAIN} | |||
| query_filter = (&(mail=%s)(mailEnabled=TRUE)) | |||
| domain = ${DOMAINS} | |||
| query_filter = (&(|(mail=%s)(uniqueIdentifier=%u))(mailEnabled=TRUE)) | |||
| result_attribute = mail | |||
+ 2
- 2
images/email/startup.sh
Voir le fichier
| @@ -11,6 +11,7 @@ function replace { | |||
| sed -i "s/\${LDAP_BIND_DN}/${LDAP_BIND_DN}/g" $1 | |||
| sed -i "s/\${LDAP_SEARCH_BASE}/${LDAP_SEARCH_BASE}/g" $1 | |||
| sed -i "s/\${DOMAIN}/${DOMAIN}/g" $1 | |||
| sed -i "s/\${DOMAINS}/${DOMAINS[*]}/g" $1 | |||
| sed -i "s/\${LDAP_BIND_PWD}/${LDAP_BIND_PWD}/g" $1 | |||
| } | |||
| for i in `find /tmp/config/postfix -type f -exec ls {} \;`; do | |||
| @@ -30,8 +31,7 @@ done; | |||
| cp -f /tmp/config/postfix/* /etc/postfix/ | |||
| mkdir -p /etc/postfix/sasl | |||
| cp -f /tmp/config/postfix/sasl/* /etc/postfix/sasl/sasl | |||
| echo "${DOMAIN} OK" >> /etc/postfix/virtual_domains; | |||
| for i in ${VIRTUAL_DOMAINS[@]}; do | |||
| for i in ${DOMAINS[@]}; do | |||
| echo "$i OK" >> /etc/postfix/virtual_domains; | |||
| done; | |||
| postmap hash:/etc/postfix/virtual_domains | |||
+ 2
- 2
images/gogs/app.ini
Voir le fichier
| @@ -2,10 +2,10 @@ RUN_USER = git | |||
| RUN_MODE = prod | |||
| [server] | |||
| DOMAIN = GOGS_DOMAIN | |||
| DOMAIN = GOGS_FULL_DOMAIN | |||
| SSH_ROOT_PATH = /data/ssh | |||
| PROTOCOL = https | |||
| ROOT_URL = https://GOGS_DOMAIN/ | |||
| ROOT_URL = https://GOGS_FULL_DOMAIN/ | |||
| CERT_FILE = /data/gogs/https/cert.pem | |||
| KEY_FILE = /data/gogs/https/key.pem | |||
| HTTP_PORT = 2443 | |||
+ 4
- 2
images/gogs/docker-entrypoint.sh
Voir le fichier
| @@ -1,5 +1,7 @@ | |||
| #!/bin/bash | |||
| GOGS_FULL_DOMAIN=${GOGS_SERVER_NAME}.${GOGS_DOMAIN} | |||
| source /etc/profile.d/gogs.sh | |||
| # set DB root password from secret | |||
| @@ -90,7 +92,7 @@ service ssh start | |||
| # SSH certs | |||
| if [[ ! -e ${GOGS_CUSTOM}/https/cert.pem || ! -e ${GOGS_CUSTOM}/https/key.pem ]]; then | |||
| su git -c "mkdir -p ${GOGS_CUSTOM}/https" | |||
| su git -c "cd ${GOGS_CUSTOM}/https && ${GOGS_PATH}/gogs cert --ca=true --duration=8760h0m0s --host=${GOGS_DOMAIN} && cd -" | |||
| su git -c "cd ${GOGS_CUSTOM}/https && ${GOGS_PATH}/gogs cert --ca=true --duration=8760h0m0s --host=${GOGS_FULL_DOMAIN} && cd -" | |||
| fi | |||
| # ### Conf file ### | |||
| @@ -103,7 +105,7 @@ su git -c "mkdir -p ${GOGS_CUSTOM}/conf" | |||
| mv ${GOGS_PATH}/custom/conf/app.ini ${CONF_FILE} | |||
| echo Setting domain | |||
| sed -i "s/GOGS_DOMAIN/${GOGS_DOMAIN}/g" ${CONF_FILE} | |||
| sed -i "s/GOGS_FULL_DOMAIN/${GOGS_FULL_DOMAIN}/g" ${CONF_FILE} | |||
| # DB conf | |||
| echo Setting DB conf | |||
+ 12
- 5
images/haproxy/haproxy.cfg
Voir le fichier
| @@ -14,13 +14,18 @@ defaults | |||
| # https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ | |||
| frontend https-in | |||
| mode http | |||
| bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem | |||
| #bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem | |||
| bind *:443 ssl ${HAPROXY_CERTS} | |||
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |||
| #acl nextcloud-acl ssl_fc_sni ${NEXTCLOUD_URL} | |||
| #acl gogs-acl ssl_fc_sni ${GOGS_URL} | |||
| acl nextcloud-acl ssl_fc_sni_reg ^${NEXTCLOUD_SERVER_NAME}\. | |||
| acl gogs-acl ssl_fc_sni_reg ^${GOGS_SERVER_NAME}\. | |||
| use_backend letsencrypt-backend if letsencrypt-acl | |||
| use_backend nextcloud if { ssl_fc_sni ${NEXTCLOUD_URL} } | |||
| use_backend gogs if { ssl_fc_sni ${GOGS_URL} } | |||
| use_backend nextcloud if nextcloud-acl | |||
| use_backend gogs if gogs-acl | |||
| default_backend nextcloud | |||
| @@ -43,8 +48,10 @@ backend gogs | |||
| frontend http-in | |||
| bind *:80 | |||
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |||
| acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL} | |||
| acl is_gogs hdr_end(host) -i ${GOGS_URL} | |||
| #acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL} | |||
| #acl is_gogs hdr_end(host) -i ${GOGS_URL} | |||
| acl is_nextcloud hdr_reg(host) ^${NEXTCLOUD_SERVER_NAME}\. | |||
| acl is_gogs hdr_reg(host) ^${GOGS_SERVER_NAME}\. | |||
| use_backend letsencrypt-backend if letsencrypt-acl | |||
| use_backend nextcloud-insecure if is_nextcloud | |||
+ 27
- 15
images/haproxy/startup.sh
Voir le fichier
| @@ -6,9 +6,6 @@ LETSENCRYPT_PORT=8888 | |||
| mkdir -p /etc/letsencrypt/haproxy | |||
| sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE | |||
| sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE | |||
| # Let's Encrypt | |||
| # Following these instructions: | |||
| @@ -18,19 +15,34 @@ sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE | |||
| haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid | |||
| # Get Let's Encrypt certificates | |||
| for _URL in ${NEXTCLOUD_URL} ${GOGS_URL}; do | |||
| if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then | |||
| # Query Let's Encrypt | |||
| certbot certonly -d ${_URL} \ | |||
| --email ${ADMIN_EMAIL} --non-interactive --agree-tos \ | |||
| --standalone --http-01-port=${LETSENCRYPT_PORT} | |||
| if [ $? -eq 0 ]; then | |||
| cat /etc/letsencrypt/live/${_URL}/fullchain.pem \ | |||
| /etc/letsencrypt/live/${_URL}/privkey.pem \ | |||
| > /etc/letsencrypt/haproxy/${_URL}.pem | |||
| HAPROXY_CERTS="" | |||
| for domain in ${DOMAINS}; do | |||
| for server_name in ${NEXTCLOUD_SERVER_NAME} ${GOGS_SERVER_NAME}; do | |||
| _URL=${server_name}.${domain}; | |||
| echo ${_URL} | |||
| HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem"; | |||
| if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then | |||
| # Query Let's Encrypt | |||
| certbot certonly -d ${_URL} \ | |||
| --email ${ADMIN_EMAIL} --non-interactive --agree-tos \ | |||
| --standalone --http-01-port=${LETSENCRYPT_PORT} | |||
| if [ $? -eq 0 ]; then | |||
| cat /etc/letsencrypt/live/${_URL}/fullchain.pem \ | |||
| /etc/letsencrypt/live/${_URL}/privkey.pem \ | |||
| > /etc/letsencrypt/haproxy/${_URL}.pem | |||
| fi | |||
| fi | |||
| fi | |||
| done; | |||
| done | |||
| done | |||
| #sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE | |||
| #sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE | |||
| sed -i "s/\${NEXTCLOUD_SERVER_NAME}/${NEXTCLOUD_SERVER_NAME}/g" $CFG_FILE | |||
| sed -i "s/\${GOGS_SERVER_NAME}/${GOGS_SERVER_NAME}/g" $CFG_FILE | |||
| echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE} | |||
| sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE} | |||
| cat ${CFG_FILE} | |||
| echo Killing haproxy `cat /tmp/haproxy.pid` | |||
| kill -SIGTERM `cat /tmp/haproxy.pid` | |||
+ 11
- 4
images/nextcloud/docker-entrypoint.sh
Voir le fichier
| @@ -10,7 +10,7 @@ if [ -z "${NEXTCLOUD_SERVER_NAME}" ]; then | |||
| exit 1 | |||
| fi | |||
| sed -i "s/server_name localhost/server_name ${NEXTCLOUD_SERVER_NAME}.${NEXTCLOUD_DOMAIN} ${NEXTCLOUD_SERVER_NAME}/g" /etc/nginx/sites-available/default | |||
| sed -i "s/server_name localhost/server_name ${NEXTCLOUD_SERVER_NAME}.${DOMAIN} ${NEXTCLOUD_SERVER_NAME}/g" /etc/nginx/sites-available/default | |||
| # set Admin password from secret | |||
| if [ ! -z $NEXTCLOUD_ADMIN_PWD_FILE -a -f $NEXTCLOUD_ADMIN_PWD_FILE ]; then | |||
| @@ -125,8 +125,15 @@ fi | |||
| if [ ! -z "${NEXTCLOUD_SECRET}" ]; then | |||
| sudo -u www-data php occ config:system:set secret --value "${NEXTCLOUD_SECRET}" | |||
| fi | |||
| sudo -u www-data php occ config:system:set trusted_domains 0 --value ${NEXTCLOUD_SERVER_NAME}.${NEXTCLOUD_DOMAIN} | |||
| sudo -u www-data php occ config:system:set trusted_domains 1 --value ${NEXTCLOUD_DOMAIN} | |||
| #sudo -u www-data php occ config:system:set trusted_domains 0 --value ${NEXTCLOUD_SERVER_NAME}.${DOMAIN} | |||
| #sudo -u www-data php occ config:system:set trusted_domains 1 --value ${DOMAIN} | |||
| index=0 | |||
| for domain in ${DOMAINS[@]}; do | |||
| sudo -u www-data php occ config:system:set trusted_domains ${index} --value ${NEXTCLOUD_SERVER_NAME}.${domain} | |||
| index=$((${index}+1)) | |||
| sudo -u www-data php occ config:system:set trusted_domains ${index} --value ${domain} | |||
| index=$((${index}+1)) | |||
| done; | |||
| # Already in manitenance:install command: | |||
| #sudo -u www-data php occ config:system:set datadirectory ${NEXTCLOUD_DATA_PATH} | |||
| #sudo -u www-data php occ config:system:set dbtype --value mysql | |||
| @@ -135,7 +142,7 @@ sudo -u www-data php occ config:system:set trusted_domains 1 --value ${NEXTCLOUD | |||
| #sudo -u www-data php occ config:system:set dbuser --value ${NEXTCLOUD_DB_USER} | |||
| #sudo -u www-data php occ config:system:set dbpassword --value ${NEXTCLOUD_DB_PWD} | |||
| sudo -u www-data php occ config:system:set mail_from_address --value postmaster | |||
| sudo -u www-data php occ config:system:set mail_domain --value ${NEXTCLOUD_DOMAIN} | |||
| sudo -u www-data php occ config:system:set mail_domain --value ${DOMAIN} | |||
| sudo -u www-data php occ config:system:set ldapIgnoreNamingRules --value false | |||
| sudo -u www-data php occ config:system:set ldapProviderFactory --value "\\OCA\\User_LDAP\\LDAPProviderFactory" | |||
| # https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html | |||
+ 1
- 1
images/openldap/data/001_admin_mail.ldif
Voir le fichier
| @@ -1,4 +1,4 @@ | |||
| dn: cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION} | |||
| changetype: modify | |||
| add: mail | |||
| mail: admin@${LDAP_DOMAIN} | |||
| mail: admin@${DOMAIN} | |||
+ 3
- 3
images/openldap/startup.sh
Voir le fichier
| @@ -30,7 +30,7 @@ echo slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD} | debconf | |||
| && echo slapd slapd/password2 password ${LDAP_ADMIN_PWD} | debconf-set-selections \ | |||
| && echo slapd slapd/password1 password ${LDAP_ADMIN_PWD} | debconf-set-selections \ | |||
| && echo slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION | debconf-set-selections \ | |||
| && echo slapd slapd/domain string ${LDAP_DOMAIN} | debconf-set-selections \ | |||
| && echo slapd slapd/domain string ${DOMAIN} | debconf-set-selections \ | |||
| && echo slapd shared/organization string ${LDAP_ORGANIZATION} | debconf-set-selections \ | |||
| && echo slapd slapd/purge_database boolean true | debconf-set-selections \ | |||
| && echo slapd slapd/move_old_database boolean true | debconf-set-selections \ | |||
| @@ -45,7 +45,7 @@ echo "Starting server" | |||
| #pid="$!" | |||
| #echo $pid | |||
| for i in {30..0}; do | |||
| ldapsearch -x -w ${LDAP_ADMIN_PWD} -D cn=admin,dc=${LDAP_DOMAIN},dc=${LDAP_EXTENSION} -b dc=${LDAP_DOMAIN},dc=${LDAP_EXTENSION} -LLL # &> /dev/null | |||
| ldapsearch -x -w ${LDAP_ADMIN_PWD} -D cn=admin,dc=${DOMAIN},dc=${LDAP_EXTENSION} -b dc=${DOMAIN},dc=${LDAP_EXTENSION} -LLL # &> /dev/null | |||
| r="$?" | |||
| echo result $r | |||
| # TODO: it returns 49, Bad Credentials, | |||
| @@ -66,7 +66,7 @@ function replace { | |||
| echo $1 | |||
| sed -i "s/\${LDAP_ORGANIZATION}/${LDAP_ORGANIZATION}/g" $1 | |||
| sed -i "s/\${LDAP_EXTENSION}/${LDAP_EXTENSION}/g" $1 | |||
| sed -i "s/\${LDAP_DOMAIN}/${LDAP_DOMAIN}/g" $1 | |||
| sed -i "s/\${DOMAIN}/${DOMAIN}/g" $1 | |||
| sed -i "s/\${VOLUMES_PATH}/${VOLUMES_PATH//\//\\/}/g" $1 | |||
| sed -i "s/\${LDAP_MAIL_UID}/${LDAP_MAIL_UID}/g" $1 | |||
| sed -i "s/\${LDAP_NEXTCLOUD_UID}/${LDAP_NEXTCLOUD_UID}/g" $1 | |||
+ 3
- 3
images/openldap/users/userimport_example.ldif.template
Voir le fichier
| @@ -8,12 +8,12 @@ objectClass: PostfixBookMailAccount | |||
| objectClass: extensibleObject | |||
| cn: Example Lastname | |||
| givenName: Example | |||
| mail: example@${LDAP_DOMAIN} | |||
| mail: example@${DOMAIN} | |||
| mailEnabled: TRUE | |||
| mailGidNumber: 5000 | |||
| mailHomeDirectory: ${MAIL_DATA_PATH}/example@${LDAP_DOMAIN} | |||
| mailHomeDirectory: ${MAIL_DATA_PATH}/example@${DOMAIN} | |||
| mailQuota: 10240000 | |||
| mailStorageDirectory: maildir:${MAIL_DATA_PATH}/example@${LDAP_DOMAIN}/Maildir | |||
| mailStorageDirectory: maildir:${MAIL_DATA_PATH}/example@${DOMAIN}/Maildir | |||
| mailUidNumber: 5000 | |||
| sn: Lastname | |||
| uniqueIdentifier: example | |||
+ 0
- 2
mail.env.template
Voir le fichier
| @@ -1,7 +1,5 @@ | |||
| DOMAIN=${DOMAIN} | |||
| LDAP_SERVER_HOST=openldap | |||
| LDAP_BIND_DN=uid=${LDAP_MAIL_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION} | |||
| LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd | |||
| LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION} | |||
| VIRTUAL_DOMAINS=() | |||
| DATA_CHOWN=1 | |||
+ 2
- 2
nextcloud.env.template
Voir le fichier
| @@ -1,15 +1,15 @@ | |||
| NEXTCLOUD_DOMAIN=${DOMAIN} | |||
| NEXTCLOUD_SERVER_NAME=nextcloud | |||
| NEXTCLOUD_ADMIN_PWD_FILE=/run/secrets/admin_pwd | |||
| NEXTCLOUD_SALT_FILE=/run/secrets/salt | |||
| NEXTCLOUD_SECRET_FILE=/run/secrets/secret | |||
| DATA_CHOWN=1 | |||
| # LDAP | |||
| LDAP_SERVER_HOST=openldap | |||
| LDAP_BIND_DN=uid=${LDAP_NEXTCLOUD_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION} | |||
| LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd | |||
| #LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION} | |||
| LDAP_SEARCH_BASE=dc=${ORGANIZATION},dc=${EXTENSION} | |||
| # DB | |||
| MYSQL_ROOT_PWD_FILE=/run/secrets/mysql_pwd | |||
| DB_HOST=db | |||
+ 0
- 1
openldap.env.template
Voir le fichier
| @@ -1,5 +1,4 @@ | |||
| VOLUMES_PATH=${VOLUMES_PATH} | |||
| LDAP_DOMAIN=${DOMAIN} | |||
| LDAP_ORGANIZATION=${ORGANIZATION} | |||
| LDAP_EXTENSION=${EXTENSION} | |||
| LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd | |||
+ 36
- 5
setup_noswarm.sh
Voir le fichier
| @@ -7,13 +7,27 @@ DEFAULT_LDAP_MAIL_UID='mail' | |||
| DEFAULT_LDAP_NEXTCLOUD_UID='nextcloud' | |||
| DEFAULT_LDAP_GOGS_UID='gogs' | |||
| read -p "Main domain: " domain | |||
| # main domain | |||
| read -p "Add main domain: " domain | |||
| while [[ ! $domain =~ ^.*\.[a-z]{2,}$ ]]; do | |||
| read -p "Please Enter a valid domain: " domain | |||
| read -p "Add domain (empty to finish): " domain | |||
| done | |||
| # TODO: more than 1 level domains | |||
| org=`echo $domain | cut -f1 -d'.'` | |||
| ext=`echo $domain | cut -f2 -d'.'` | |||
| org=`echo ${domain} | cut -f1 -d'.'` | |||
| ext=`echo ${domain} | cut -f2 -d'.'` | |||
| # additional domain | |||
| virtual_domains=() | |||
| while :; do | |||
| read -p "Add additional domains (empty to finish): " virtual_domain | |||
| if [[ -z $virtual_domain ]]; then | |||
| break; | |||
| elif [[ ! $virtual_domain =~ ^.*\.[a-z]{2,}$ ]]; then | |||
| echo "Please Enter a valid domain"; | |||
| else | |||
| virtual_domains+=($virtual_domain); | |||
| fi | |||
| done | |||
| read -p "Volumes path ($DEFAULT_VOLUMES): " volumes | |||
| if [[ ${#volumes} -eq 0 ]]; then | |||
| @@ -116,7 +130,8 @@ echo "///////////////// PLEASE CONFIRM /////////////////" | |||
| echo "//////////////////////////////////////////////////" | |||
| echo $'\E[1;30m' | |||
| echo Your domain is: $domain | |||
| echo Your main domain is: ${domain} | |||
| echo Your virtual domains are: ${virtual_domains[*]} | |||
| echo Your Volumes path is: $volumes | |||
| echo Your LDAP Mail Bind DN Uid is: $ldap_mail_uid | |||
| echo Your LDAP Nextcloud Bind DN Uid is: $ldap_nextcloud_uid | |||
| @@ -183,6 +198,7 @@ IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) i | |||
| for i in `ls *.env .env`; do | |||
| sed -i "s/\${DOMAIN}/${domain}/g" $i | |||
| sed -i "s/\${VIRTUAL_DOMAINS}/${virtual_domains[*]}/g" $i | |||
| sed -i "s/\${ORGANIZATION}/${org}/g" $i | |||
| sed -i "s/\${EXTENSION}/${ext}/g" $i | |||
| sed -i "s/\${VOLUMES_PATH}/${volumes//\//\\/}/g" $i | |||
| @@ -200,17 +216,32 @@ done; | |||
| # read variables | |||
| . .env | |||
| # repeated env variables | |||
| # domains available for all, just in case | |||
| for i in `ls *.env`; do | |||
| echo "" >> $i | |||
| echo "# Domains" >> $i | |||
| echo "DOMAIN=${DOMAIN}" >> $i | |||
| echo "VIRTUAL_DOMAINS=${VIRTUAL_DOMAINS}" >> $i | |||
| echo "DOMAINS=${DOMAINS}" >> $i | |||
| done | |||
| echo "" >> mail.env | |||
| echo "MAIL_DATA_PATH=${MAIL_DATA_PATH}" >> mail.env | |||
| echo "" >> nextcloud.env | |||
| echo "NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}" >> nextcloud.env | |||
| echo "NEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env | |||
| echo "NEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env | |||
| echo "NEXTCLOUD_BACKUP_PATH=${NEXTCLOUD_BACKUP_PATH}" >> nextcloud.env | |||
| echo "" >> gogs.env | |||
| echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> gogs.env | |||
| echo "" >> paperless.env | |||
| echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> paperless.env | |||
| echo "PAPERLESS_EXPORT_DIR=${PAPERLESS_EXPORT_PATH}" >> paperless.env | |||
| echo "" >> sftp.env | |||
| echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> sftp.env | |||
| echo "" >> haproxy.env | |||
| echo "NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}" >> haproxy.env | |||
| echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> haproxy.env | |||
| echo $'\E[33m' | |||
| echo "//////////////////////////////////////////////////" | |||
Chargement…