From 7eec15df1cb5f3f727431a4f9475a9a37e69d2b2 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Fri, 23 Apr 2021 19:39:58 +0200 Subject: [PATCH 01/54] Move Service constants to extra file --- install.sh | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/install.sh b/install.sh index 35b2f2e..09cca52 100644 --- a/install.sh +++ b/install.sh @@ -19,9 +19,6 @@ # Load configuration file source $PWD/zamba.conf -LXC_MP="0" -LXC_UNPRIVILEGED="1" -LXC_NESTING="0" select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv debian-priv quit; do case $opt in @@ -31,30 +28,22 @@ select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv de ;; debian-priv) echo "Debian-only LXC container privileged mode selected" - LXC_UNPRIVILEGED="0" break ;; zmb-standalone) echo "Configuring LXC container '$opt'!" - LXC_MP="1" - LXC_UNPRIVILEGED="0" break ;; zmb-member) echo "Configuring LXC container '$opt'!" - LXC_MP="1" - LXC_UNPRIVILEGED="0" break ;; zmb-ad) echo "Selected Zamba AD DC" - LXC_NESTING="1" - LXC_UNPRIVILEGED="0" break ;; mailpiler) echo "Configuring LXC container for '$opt'!" - LXC_NESTING="1" break ;; matrix) @@ -72,6 +61,8 @@ select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv de esac done +source $PWD/src/$opt/constants-service.conf + # CHeck is the newest template available, else download it. DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2) DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2) @@ -119,20 +110,20 @@ PS3="Select the Server-Function: " pct start $LXC_NBR; sleep 5; # Set the root password and key -echo "Setting root password" echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; -echo "Creating /root/.ssh" -lxc-attach -n$LXC_NBR mkdir /root/.ssh; -echo "Copying authorized_keys" -pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys -echo "Copying sources.list" -pct push $LXC_NBR ./sources.list /etc/apt/sources.list -echo "Copying zamba.conf" -pct push $LXC_NBR ./zamba.conf /root/zamba.conf -echo "Copying install script" -pct push $LXC_NBR ./$opt.sh /root/$opt.sh +lxc-attach -n$LXC_NBR mkdir -p /root/.ssh; +pct push $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys +pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list +pct push $LXC_NBR $PWD/zamba.conf /root/zamba.conf +pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf +pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh +pct push $LXC_NBR $PWD/src/$opt/install-service.sh /root/install-service.sh +pct push $LXC_NBR $PWD/src/$opt/constants-service.conf /root/constants-service.conf + +echo "Installing basic container setup..." +pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh echo "Install '$opt'!" -lxc-attach -n$LXC_NBR bash /root/$opt.sh +lxc-attach -n$LXC_NBR bash /root/install-service.sh if [[ $opt == "zmb-ad" ]]; then pct stop $LXC_NBR From 2d6e9040eb28d85bd09ca0e39d83cebe3a0b1757 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 24 Apr 2021 00:00:27 +0200 Subject: [PATCH 02/54] Complete rework UNTESTED UNFINISHED --- debian-priv.sh => archive/debian-priv.sh | 0 debian-unpriv.sh => archive/debian-unpriv.sh | 15 +- mailpiler.sh => archive/mailpiler.sh | 0 matrix.sh => archive/matrix.sh | 0 zmb-ad.sh => archive/zmb-ad.sh | 0 zmb-member.sh => archive/zmb-member.sh | 0 .../zmb-standalone.sh | 0 install.sh | 67 +++---- new-config.py | 136 ++++++++++++++ proxmox.conf | 1 + src/__init__.py | 0 src/config_base.py | 121 ++++++++++++ src/constants.conf | 11 ++ src/debian-priv/constants-service.conf | 17 ++ src/debian-priv/features.json | 9 + src/debian-priv/info | 1 + src/debian-priv/install-service.sh | 8 + src/debian-unpriv/constants-service.conf | 17 ++ src/debian-unpriv/features.json | 11 ++ src/debian-unpriv/info | 1 + src/debian-unpriv/install-service.sh | 8 + src/lxc-base.sh | 40 ++++ src/mailpiler/constants-service.conf | 25 +++ src/mailpiler/features.json | 11 ++ src/mailpiler/info | 1 + src/mailpiler/install-service.sh | 176 ++++++++++++++++++ src/matrix/constants-service.conf | 17 ++ src/matrix/features.json | 9 + src/matrix/info | 1 + src/matrix/install-service.sh | 153 +++++++++++++++ src/menu.py | 73 ++++++++ src/sources.list | 6 + src/zmb-ad/constants-service.conf | 20 ++ src/zmb-ad/features.json | 11 ++ src/zmb-ad/info | 1 + src/zmb-ad/install-service.sh | 112 +++++++++++ src/zmb-member/constants-service.conf | 17 ++ src/zmb-member/features.json | 12 ++ src/zmb-member/info | 1 + src/zmb-member/install-service.sh | 104 +++++++++++ src/zmb-standalone/constants-service.conf | 17 ++ src/zmb-standalone/features.json | 12 ++ src/zmb-standalone/info | 1 + src/zmb-standalone/install-service.sh | 35 ++++ zamba.conf.example | 112 +++++++++++ 45 files changed, 1346 insertions(+), 44 deletions(-) rename debian-priv.sh => archive/debian-priv.sh (100%) rename debian-unpriv.sh => archive/debian-unpriv.sh (62%) rename mailpiler.sh => archive/mailpiler.sh (100%) rename matrix.sh => archive/matrix.sh (100%) rename zmb-ad.sh => archive/zmb-ad.sh (100%) rename zmb-member.sh => archive/zmb-member.sh (100%) rename zmb-standalone.sh => archive/zmb-standalone.sh (100%) create mode 100755 new-config.py create mode 100644 proxmox.conf create mode 100644 src/__init__.py create mode 100644 src/config_base.py create mode 100644 src/constants.conf create mode 100644 src/debian-priv/constants-service.conf create mode 100644 src/debian-priv/features.json create mode 100644 src/debian-priv/info create mode 100644 src/debian-priv/install-service.sh create mode 100644 src/debian-unpriv/constants-service.conf create mode 100644 src/debian-unpriv/features.json create mode 100644 src/debian-unpriv/info create mode 100644 src/debian-unpriv/install-service.sh create mode 100644 src/lxc-base.sh create mode 100644 src/mailpiler/constants-service.conf create mode 100644 src/mailpiler/features.json create mode 100644 src/mailpiler/info create mode 100644 src/mailpiler/install-service.sh create mode 100644 src/matrix/constants-service.conf create mode 100644 src/matrix/features.json create mode 100644 src/matrix/info create mode 100644 src/matrix/install-service.sh create mode 100644 src/menu.py create mode 100644 src/sources.list create mode 100644 src/zmb-ad/constants-service.conf create mode 100644 src/zmb-ad/features.json create mode 100644 src/zmb-ad/info create mode 100644 src/zmb-ad/install-service.sh create mode 100644 src/zmb-member/constants-service.conf create mode 100644 src/zmb-member/features.json create mode 100644 src/zmb-member/info create mode 100644 src/zmb-member/install-service.sh create mode 100644 src/zmb-standalone/constants-service.conf create mode 100644 src/zmb-standalone/features.json create mode 100644 src/zmb-standalone/info create mode 100644 src/zmb-standalone/install-service.sh create mode 100644 zamba.conf.example diff --git a/debian-priv.sh b/archive/debian-priv.sh similarity index 100% rename from debian-priv.sh rename to archive/debian-priv.sh diff --git a/debian-unpriv.sh b/archive/debian-unpriv.sh similarity index 62% rename from debian-unpriv.sh rename to archive/debian-unpriv.sh index 881a310..7d90719 100644 --- a/debian-unpriv.sh +++ b/archive/debian-unpriv.sh @@ -5,12 +5,19 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille -dpkg-reconfigure locales - source /root/zamba.conf +source /root/proxmox.conf -# Set Timezone -ln -sf /usr/share/zoneinfo/$LXC_TIMEZONE /etc/localtime +sed -i "s/^#.$HOST_LOCALE/$HOST_LOCALE/" /etc/locale.gen +locale-gen $HOST_LOCALE + +sed -i "s/^#.$LXC_LOCALE/$LXC_LOCALE/" /etc/locale.gen +locale-gen $LXC_LOCALE +echo LANG=$LXC_LOCALE > /etc/default/locale +echo LANGUAGE=$LXC_LOCALE >> /etc/default/locale +export LANG=$LXC_LOCALE +export LANGUAGE=$LXC_LOCALE +export LC_CTYPE=C apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade diff --git a/mailpiler.sh b/archive/mailpiler.sh similarity index 100% rename from mailpiler.sh rename to archive/mailpiler.sh diff --git a/matrix.sh b/archive/matrix.sh similarity index 100% rename from matrix.sh rename to archive/matrix.sh diff --git a/zmb-ad.sh b/archive/zmb-ad.sh similarity index 100% rename from zmb-ad.sh rename to archive/zmb-ad.sh diff --git a/zmb-member.sh b/archive/zmb-member.sh similarity index 100% rename from zmb-member.sh rename to archive/zmb-member.sh diff --git a/zmb-standalone.sh b/archive/zmb-standalone.sh similarity index 100% rename from zmb-standalone.sh rename to archive/zmb-standalone.sh diff --git a/install.sh b/install.sh index 2f5461e..eca4cf5 100644 --- a/install.sh +++ b/install.sh @@ -16,50 +16,37 @@ ############### ZAMBA INSTALL SCRIPT ############### +if [[ "$2" == *".conf" ]]; then + CONF=$2 +else + CONF=zamba.conf +fi + # Load configuration file -source $PWD/zamba.conf +source $PWD/$CONF +OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) -select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv debian-priv quit; do - case $opt in - debian-unpriv) - echo "Debian-only LXC container unprivileged mode selected" - break - ;; - debian-priv) - echo "Debian-only LXC container privileged mode selected" - break - ;; - zmb-standalone) - echo "Configuring LXC container '$opt'!" - break - ;; - zmb-member) - echo "Configuring LXC container '$opt'!" - break - ;; - zmb-ad) - echo "Selected Zamba AD DC" - break - ;; - mailpiler) - echo "Configuring LXC container for '$opt'!" - break - ;; - matrix) - echo "Install Matrix chat server and element web service" - break - ;; - quit) - echo "Script aborted by user interaction." +if [ -z ${1+x} ]; then + if [[ $opt in $OPTS ]]; then + echo "Configuring '$opt' container..." + else + echo "Invalid option: '$opt', exiting..." + exit 1 + fi +else + select opt in $OPTS quit; do + if [[ $opt in $OPTS ]]; then + echo "Configuring '$opt' container..." + elif [[ "$opt" == "quit" ]]; then + echo "'quit' selected, exiting..." exit 0 - ;; - *) - echo "Invalid option! Exiting..." + else + echo "Invalid option, exiting..." exit 1 - ;; - esac -done + fi + done +fi source $PWD/src/$opt/constants-service.conf @@ -119,7 +106,7 @@ echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; lxc-attach -n$LXC_NBR mkdir -p /root/.ssh; pct push $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list -pct push $LXC_NBR $PWD/zamba.conf /root/zamba.conf +pct push $LXC_NBR $PWD/$CONF /root/zamba.conf pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh pct push $LXC_NBR $PWD/src/$opt/install-service.sh /root/install-service.sh diff --git a/new-config.py b/new-config.py new file mode 100755 index 0000000..48b8af8 --- /dev/null +++ b/new-config.py @@ -0,0 +1,136 @@ +#!/usr/bin/python3 +import os +from src import config_base, menu + +# Check installation of zfs-auto-snapshot, if not installed, just notify user +config_base.check_zfs_autosnapshot() + +cfg = {} +# set template storage +t_storages = config_base.get_pve_storages(content=config_base.PveStorageContent.vztmpl) +if len(t_storages.keys()) > 1: + t_stors={} + for st in t_storages.keys(): + t_stors[st] = f"driver: {t_storages[st]['driver']}\tfree space: {int(t_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_TEMPLATE_STORAGE'] = menu.radiolist("Select container template storage", "Please choose the storage, where your container templates are stored.", t_stors) +elif len(t_storages.keys()) == 1: + cfg['LXC_TEMPLATE_STORAGE'] = next(iter(t_storages)) +else: + print("Could not find any storage enabled for container templates. Please ensure your storages are configured properly.") + os._exit(1) + +# get zmb service +cfg['ZMB_SERVICE'] = menu.radiolist("Select service","Please choose the service to install:", config_base.get_zmb_services()) + +# get static ct features +ct_features = config_base.get_ct_features(cfg["ZMB_SERVICE"]) +cfg['LXC_UNPRIVILEGED'] = ct_features['unprivileged'] +# get ct id +cfg['LXC_NBR'] = menu.question("Container ID", f"Please select an ID for the {cfg['ZMB_SERVICE']} container.", menu.qType.Integer, config_base.get_ct_id(), config_base.validate_ct_id) + +# configure rootfs +r_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir) +if len(r_storages.keys()) > 1: + r_stors = {} + for st in r_storages.keys(): + r_stors[st] = f"driver: {r_storages[st]['driver']}\tfree space: {int(r_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_ROOTFS_STORAGE'] = menu.radiolist("Select rootfs storage", "Please choose the storage for your container's rootfs",r_stors) +elif len(r_storages.keys()) == 1: + cfg['LXC_ROOTFS_STORAGE'] = next(iter(r_storages)) +else: + print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.") + os._exit(1) + +cfg['LXC_ROOTFS_SIZE'] = menu.question("Set rootfs size","Please type in the desired rootfs size (GB)", menu.qType.Integer,32) + +# create additional mountpoints +if 'size' in ct_features['sharefs'].keys(): + f_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir) + if len(f_storages.keys()) > 1: + f_stors = {} + for st in f_storages.keys(): + f_stors[st] = f"driver: {f_storages[st]['driver']}\tfree space: {int(f_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_SHAREFS_STORAGE'] = menu.radiolist("Select sharefs storage", "Please choose the storage of your shared filesystem", f_stors) + elif len(r_storages.keys()) == 1: + cfg['LXC_SHAREFS_STORAGE'] = next(iter(f_storages)) + else: + print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.") + os._exit(1) + cfg['LXC_SHAREFS_SIZE'] = menu.question("Select sharefs size","Please type in the desired size (GB) of your shared filesystem", menu.qType.Integer,ct_features['sharefs']['size']) + cfg['LXC_SHAREFS_MOUNTPOINT'] = menu.question("Select sharefs mountpoint","Please type in the folder where to mount your shared filesystem inside the container.", menu.qType.String,ct_features['sharefs']['mountpoint']) + +# configure ram and swap +cfg['LXC_MEM'] = menu.question("Set container RAM", "Please type in the desired amount of RAM for the container (MB)",menu.qType.Integer,ct_features["mem"]) +cfg['LXC_SWAP'] = menu.question("Set container Swap", "Please type in the desired amount of Swap for the container (MB)",menu.qType.Integer,ct_features["swap"]) +cfg['LXC_HOSTNAME'] = menu.question("Set container Hostname", "Please type in the desired hostname of the container",menu.qType.String,ct_features['hostname']) +cfg['LXC_DOMAIN'] = menu.question("Set container search domain", "Please type in the search domain of your network.", menu.qType.String,ct_features['domain']) +cfg['LXC_TIMEZONE'] = 'host' # TODO +cfg['LXC_LOCALE'] = "de_DE.utf8" # TODO + +# get pve bridge +bridges = config_base.get_pve_bridges() +if len(bridges) > 1: + cfg['LXC_BRIDGE'] = menu.radiolist("Select PVE Network Bridge", f"Please select the network bridge to connect the {cfg['ZMB_SERVICE']} container",bridges) +elif len(bridges) == 1: + cfg['LXC_BRIDGE'] = bridges[0] +else: + print("Could not find any bridge device to connect container. Please ensure your networksettings are configured properly.") + os._exit(1) + +cfg['LXC_VLAN'] = menu.question("Set vlan tag", "You you want to tag your container's network to a vlan? (0 = untagged, 1 - 4094 = tagged vlan id)",menu.qType.Integer,0, config_base.validate_vlan) + +# configure network interface +if cfg['ZMB_SERVICE'] != 'zmb-ad': + enable_dhcp = menu.question("Set network mode", "Do you want to configure the network interface in dhcp mode?",menu.qType.Boolean,default=True) +else: + enable_dhcp = False +if enable_dhcp == True: + cfg["LXC_NET_MODE"] = 'dhcp' +else: + cfg["LXC_NET_MODE"] = 'static' + cfg["LXC_IP"] = menu.question("Set interface IP Addess", "Pleace type in the containers IP address (CIDR Format).",menu.qType.String,default='10.10.10.10/8') + cfg["LXC_GW"] = menu.question("Set interface default gateway", "Pleace type in the containers default gateway.",menu.qType.String,default='10.10.10.1') +cfg['LXC_DNS'] = menu.question("Set containers dns server", "Pleace type in the containers dns server. ZMB AD will use this as dns forwarder",menu.qType.String,default='10.10.10.1') + +cfg['LXC_PWD'] = menu.question("Set root password", "Please type in the containers root password", menu.qType.String,default='') +cfg['LXC_AUTHORIZED_KEY'] = menu.question ("Set authorized_keys file to import", "Please select authorized_keys file to import.", menu.qType.String, default='~/.ssh/authorized_keys') + +os.system('clear') +print (f"#### Zamba LXC Toolbox ####\n") +print (f"GLOBAL CONFIGURATION:") +print (f"\tct template storage:\t{cfg['LXC_TEMPLATE_STORAGE']}") +print (f"\nCONTAINER CONFIGURATION:") +print (f"\tzmb service:\t\t{cfg['ZMB_SERVICE']}") +print (f"\tcontainer id:\t\t{cfg['LXC_NBR']}") +print (f"\tunprivileged:\t\t{cfg['LXC_UNPRIVILEGED']}") +for feature in ct_features['features'].keys(): + if feature == 'nesting': + cfg['LXC_NESTING'] = ct_features['features'][feature] + print (f"\t{feature}:\t\t{cfg['LXC_NESTING']}") +print (f"\tcontainer memory:\t{cfg['LXC_MEM']} MB") +print (f"\tcontainer swap:\t\t{cfg['LXC_SWAP']} MB") +print (f"\tcontainer hostname:\t{cfg['LXC_HOSTNAME']}") +print (f"\tct search domain:\t{cfg['LXC_DOMAIN']}") +print (f"\tcontainer timezone\t{cfg['LXC_TIMEZONE']}") +print (f"\tcontainer language\t{cfg['LXC_LOCALE']}") +print (f"\nSTORAGE CONFIGURATION:") +print (f"\trootfs storage:\t\t{cfg['LXC_ROOTFS_STORAGE']}") +print (f"\trootfs size:\t\t{cfg['LXC_ROOTFS_SIZE']} GB") +if 'size' in ct_features['sharefs'].keys(): + print (f"\tsharefs storage:\t{cfg['LXC_SHAREFS_STORAGE']}") + print (f"\tsharefs size:\t\t{cfg['LXC_SHAREFS_SIZE']} GB") + print (f"\tsharefs mountpoint:\t{cfg['LXC_SHAREFS_MOUNTPOINT']}") +print (f"\nNETWORK CONFIGURATION:") +print (f"\tpve bridge:\t\t{cfg['LXC_BRIDGE']}") +if cfg['LXC_VLAN'] > 0: + print (f"\tcontainer vlan:\t\t{cfg['LXC_VLAN']}") +else: + print (f"\tcontainer vlan:\t\tuntagged") +print (f"\tnetwork mode:\t\t{cfg['LXC_NET_MODE']}") +if enable_dhcp == False: + print (f"\tip address (CIDR):\t{cfg['LXC_IP']}") + print (f"\tdefault gateway:\t{cfg['LXC_GW']}") + print (f"\tdns server / forwarder:\t{cfg['LXC_GW']}") +print (f"\nCONTAINER CREDENTIALS:") +print (f"\troot password:\t\t{cfg['LXC_PWD']}") +print (f"\tauthorized ssh keys:\t{cfg['LXC_AUTHORIZED_KEY']}") \ No newline at end of file diff --git a/proxmox.conf b/proxmox.conf new file mode 100644 index 0000000..13e26f3 --- /dev/null +++ b/proxmox.conf @@ -0,0 +1 @@ +HOST_LOCALE=de_DE.UTF-8 diff --git a/src/__init__.py b/src/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/config_base.py b/src/config_base.py new file mode 100644 index 0000000..1d5cb07 --- /dev/null +++ b/src/config_base.py @@ -0,0 +1,121 @@ +#!/usr/bin/python3 +from pathlib import Path +import os +import ipaddress +import socket +import json +import subprocess +from enum import Enum + +def check_zfs_autosnapshot(): + proc = subprocess.Popen(["dpkg","-l","zfs-auto-snapshot"],stdout=subprocess.PIPE,stderr=subprocess.PIPE) + proc.communicate() + if proc.returncode > 0: + print ("'zfs-auto-snapshot' is NOT installed on your system. This ist required for 'previous versions' feature in Zamba containers.\nYou can install it with the following command:\n\tapt install zfs-auto-snapshot\n") + input ("Press Enter to continue...") + +# get_pve_bridges queries and returns availabe Proxmox bridges +def get_pve_bridges(): + pve_bridges=[] + ifaces=os.listdir(os.path.join("/","sys","class","net")) + for iface in ifaces: + if "vmbr" in iface: + pve_bridges.append(iface) + return pve_bridges + +# get_pve_storages queries and returns available Proxmox bridges +def get_pve_storages(driver=None,content=None): + pve_storages={} + cmd = ["pvesm","status","--enabled","1"] + if content != None: + cmd.extend(["--content",content.name]) + result = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate() + stdout = result[0].decode("utf-8").split('\n') + for line in filter(lambda x: len(x)>0, stdout): + if not "Status" in line: + item = [x for x in line.split(' ') if x.strip()] + storage = {} + storage["driver"] = item[1] + storage["status"] = item[2] + storage["total"] = item[3] + storage["used"] = item[4] + storage["available"] = item[5] + storage["percent_used"] = item[6] + + if driver == None: + pve_storages[item[0]] = storage + else: + if driver.name == storage["driver"]: + pve_storages[item[0]] = storage + + return pve_storages + +# get_zmb_services queries and returns available Zamba services +def get_zmb_services(): + zmb_services={} + for item in Path.iterdir(Path.joinpath(Path.cwd(),"src")): + if Path.is_dir(item) and "__" not in item.name: + with open(os.path.join(item._str, "info"),"r") as info: + description = info.read() + zmb_services[item.name] = description + return zmb_services + +# get_ct_id queries and returns the next available container id +def get_ct_id(base="ct"): + with open("/etc/pve/.vmlist","r") as v: + vmlist_json = json.loads(v.read()) + ct_id = 100 + for cid in vmlist_json["ids"].keys(): + if int(cid) > ct_id and base == "ct" and vmlist_json["ids"][cid]["type"] == "lxc": + ct_id = int(cid) + elif int(cid) > ct_id and base == "all": + ct_id = int(cid) + while True: + ct_id = ct_id + 1 + if ct_id not in vmlist_json["ids"].keys(): + break + return ct_id + +# validate_ct_id queries if ct_id is available and returns as boolean +def validate_ct_id(ct_id:int): + with open("/etc/pve/.vmlist","r") as v: + vmlist_json = json.loads(v.read()) + ct_id = str(ct_id) + if int(ct_id) >= 100 and int(ct_id) <= 999999999 and ct_id not in vmlist_json["ids"].keys(): + return True + else: + return False + +def validate_vlan(tag:int): + if int(tag) >= 1 and int(tag) <= 4094: + return True + else: + return False + +def get_ct_features(zmb_service): + with open(Path.joinpath(Path.cwd(),"src",zmb_service,"features.json")) as ff: + return json.loads(ff.read()) + + +class PveStorageContent(Enum): + images = 0 + rootdir = 1 + vztmpl = 2 + backup = 3 + iso = 4 + snippets = 5 + +class PveStorageType(Enum): + zfspool = 0 + dir = 1 + nfs = 2 + cifs = 3 + pbs = 4 + glusterfs = 5 + cephfs = 6 + lvm = 7 + lvmthin = 8 + iscsi = 9 + iscsidirect = 10 + rbd = 11 + zfs = 12 \ No newline at end of file diff --git a/src/constants.conf b/src/constants.conf new file mode 100644 index 0000000..bc1838c --- /dev/null +++ b/src/constants.conf @@ -0,0 +1,11 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on container level + +# Define your (administrative) tools, you always want to have installed into your LXC container +LXC_TOOLSET_BASE="lsb-release curl git gnupg2 apt-transport-https software-properties-common" \ No newline at end of file diff --git a/src/debian-priv/constants-service.conf b/src/debian-priv/constants-service.conf new file mode 100644 index 0000000..9439c47 --- /dev/null +++ b/src/debian-priv/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/debian-priv/features.json b/src/debian-priv/features.json new file mode 100644 index 0000000..100b62c --- /dev/null +++ b/src/debian-priv/features.json @@ -0,0 +1,9 @@ +{ + "unprivileged": 0, + "features": {}, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "debian", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/debian-priv/info b/src/debian-priv/info new file mode 100644 index 0000000..7490252 --- /dev/null +++ b/src/debian-priv/info @@ -0,0 +1 @@ +Debian privileged container with basic tools \ No newline at end of file diff --git a/src/debian-priv/install-service.sh b/src/debian-priv/install-service.sh new file mode 100644 index 0000000..6b6b19e --- /dev/null +++ b/src/debian-priv/install-service.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +echo "'debian-priv' is ready to use!" \ No newline at end of file diff --git a/src/debian-unpriv/constants-service.conf b/src/debian-unpriv/constants-service.conf new file mode 100644 index 0000000..382f437 --- /dev/null +++ b/src/debian-unpriv/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/debian-unpriv/features.json b/src/debian-unpriv/features.json new file mode 100644 index 0000000..cc1cdec --- /dev/null +++ b/src/debian-unpriv/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 1, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "debian", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/debian-unpriv/info b/src/debian-unpriv/info new file mode 100644 index 0000000..c1edd70 --- /dev/null +++ b/src/debian-unpriv/info @@ -0,0 +1 @@ +Debian unprivileged container with basic tools \ No newline at end of file diff --git a/src/debian-unpriv/install-service.sh b/src/debian-unpriv/install-service.sh new file mode 100644 index 0000000..4fe3d01 --- /dev/null +++ b/src/debian-unpriv/install-service.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +echo "'debian-unpriv' is ready to use!" \ No newline at end of file diff --git a/src/lxc-base.sh b/src/lxc-base.sh new file mode 100644 index 0000000..4ded575 --- /dev/null +++ b/src/lxc-base.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# load configuration +echo "Loading configuration..." +source /root/zamba.conf +source /root/constants.conf + +echo "Updating locales" +# update locales +sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen +cat << EOF > /etc/default/locale +LANG="$LXC_LOCALE" +LANGUAGE=$LXC_LOCALE +EOF +locale-gen $LXC_LOCALE + +# update package lists +echo "Updating package database..." +apt update + +# install latest packages +echo "Installing latest updates" +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade + +# install toolset +echo "Installing preconfigured toolset..." +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET_BASE $LXC_TOOLSET + +echo "Enabling vim syntax highlighting..." +sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc +if [ $LXC_VIM_BG_DARK -gt 0 ]; then + sed -i "s|\"set background=dark|set background=dark|g" /etc/vim/vimrc +fi + +echo "Basic container setup finished, continuing with service installation..." \ No newline at end of file diff --git a/src/mailpiler/constants-service.conf b/src/mailpiler/constants-service.conf new file mode 100644 index 0000000..2f48d83 --- /dev/null +++ b/src/mailpiler/constants-service.conf @@ -0,0 +1,25 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="1" + +# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest') +PILER_VERSION="latest" +# Defines the version of sphinx to install +PILER_SPHINX_VERSION="3.3.1" +# Defines the php version to install +PILER_PHP_VERSION="7.4" \ No newline at end of file diff --git a/src/mailpiler/features.json b/src/mailpiler/features.json new file mode 100644 index 0000000..5a478f9 --- /dev/null +++ b/src/mailpiler/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 1, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "piler", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/mailpiler/info b/src/mailpiler/info new file mode 100644 index 0000000..e396db9 --- /dev/null +++ b/src/mailpiler/info @@ -0,0 +1 @@ +Mailpiler email archive \ No newline at end of file diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh new file mode 100644 index 0000000..c42fa9a --- /dev/null +++ b/src/mailpiler/install-service.sh @@ -0,0 +1,176 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +HOSTNAME=$(hostname -f) + +echo "Ensure your Hostname is set to your Piler FQDN!" + +echo $HOSTNAME + +if + [ "$HOSTNAME" != "$PILER_FQDN" ] +then + echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit +else + echo "Hostname matches PILER_FQDNAIN, so starting installation." +fi + +# install php +wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip} + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix + +cat > /etc/mysql/conf.d/mailpiler.conf <> /usr/local/etc/piler/config-site.php < +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/matrix/features.json b/src/matrix/features.json new file mode 100644 index 0000000..6798cc8 --- /dev/null +++ b/src/matrix/features.json @@ -0,0 +1,9 @@ +{ + "unprivileged": 1, + "features": {}, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "matrix", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/matrix/info b/src/matrix/info new file mode 100644 index 0000000..174eaa0 --- /dev/null +++ b/src/matrix/info @@ -0,0 +1 @@ +Matrix Synapse server with Element Web \ No newline at end of file diff --git a/src/matrix/install-service.sh b/src/matrix/install-service.sh new file mode 100644 index 0000000..b4dd4aa --- /dev/null +++ b/src/matrix/install-service.sh @@ -0,0 +1,153 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + +ELE_DBNAME="synapse_db" +ELE_DBUSER="synapse_user" +ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2 + +wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list +apt update +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq matrix-synapse-py3 +systemctl enable matrix-synapse + +ss -tulpen + +mkdir /etc/nginx/ssl +openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN" + +cat > /etc/nginx/sites-available/$MATRIX_FQDN < /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml + +systemctl restart matrix-synapse + +register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008 + +#curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' +#echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null + +#apt update +#apt install -y jitsi-meet + + + diff --git a/src/menu.py b/src/menu.py new file mode 100644 index 0000000..62af1e0 --- /dev/null +++ b/src/menu.py @@ -0,0 +1,73 @@ +#!/usr/bin/python3 +from enum import Enum +from . import config_base + +def radiolist(title:str,question:str,choices): + invalid_input=True + while(invalid_input): + print(f"#### {title} ####\n") + print(question) + index = {} + counter = 1 + if isinstance(choices,dict): + for choice in choices.keys(): + if len(choice) <= 12: + sep="\t\t" + else: + sep="\t" + print(f"{counter}) {choice}{sep}{choices[choice]}") + index[str(counter)] = choice + counter = counter + 1 + elif isinstance(choices,list): + for choice in choices: + print(f"{counter}) {choice}") + index[str(counter)] = choice + counter = counter + 1 + else: + print (f"object 'choices': {type(choices)} objects are unsupported.") + selected = input("Type in number: ") + if selected in index.keys(): + print("\n") + return index[selected] + +def question(title:str,q:str,returntype, default, validation=None): + print(f"#### {title} ####\n") + if str(returntype.name) == "Boolean": + if default == True: + suggest = "Y/n" + else: + suggest = "y/N" + a = input(f"{q} [{suggest}]\n") + if "y" in str(a).lower(): + return True + elif "n" in str(a).lower(): + return False + else: + return default + elif str(returntype.name) == "Integer": + invalid_input = True + while(invalid_input): + a = input(f"{q} [{default}]\n") + if str(a) == "" or f"{str(default)}" == str(a): + return default + else: + try: + valid = validation(int(a)) + if valid: + return int(a) + except: + pass + else: + a = input(f"{q} [{default}]\n") + if a == '': + return default + else: + return a + + +class qType(Enum): + Boolean = 0 + Integer = 1 + String = 2 + IPAdress = 3 + CIDR = 4 \ No newline at end of file diff --git a/src/sources.list b/src/sources.list new file mode 100644 index 0000000..aa474ae --- /dev/null +++ b/src/sources.list @@ -0,0 +1,6 @@ +deb http://ftp.de.debian.org/debian buster main contrib + +deb http://ftp.de.debian.org/debian buster-updates main contrib + +# security updates +deb http://security.debian.org buster/updates main contrib \ No newline at end of file diff --git a/src/zmb-ad/constants-service.conf b/src/zmb-ad/constants-service.conf new file mode 100644 index 0000000..a403e3c --- /dev/null +++ b/src/zmb-ad/constants-service.conf @@ -0,0 +1,20 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage +ZMB_DNS_BACKEND="SAMBA_INTERNAL" + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="1" \ No newline at end of file diff --git a/src/zmb-ad/features.json b/src/zmb-ad/features.json new file mode 100644 index 0000000..8cc5c0d --- /dev/null +++ b/src/zmb-ad/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 0, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "ad", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-ad/info b/src/zmb-ad/info new file mode 100644 index 0000000..092f8dc --- /dev/null +++ b/src/zmb-ad/info @@ -0,0 +1 @@ +Zamba Active Directory Domain Controller \ No newline at end of file diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh new file mode 100644 index 0000000..eb32037 --- /dev/null +++ b/src/zmb-ad/install-service.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then + BINDNINE=bind9 +fi + +## configure ntp +cat << EOF > /etc/ntp.conf +# Local clock. Note that is not the "localhost" address! +server 127.127.1.0 +fudge 127.127.1.0 stratum 10 + +# Where to retrieve the time from +server 0.de.pool.ntp.org iburst prefer +server 1.de.pool.ntp.org iburst prefer +server 2.de.pool.ntp.org iburst prefer + +driftfile /var/lib/ntp/ntp.drift +logfile /var/log/ntp +ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ + +# Access control +# Default restriction: Allow clients only to query the time +restrict default kod nomodify notrap nopeer mssntp + +# No restrictions for "localhost" +restrict 127.0.0.1 + +# Enable the time sources to only provide time to this host +restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery +restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery +restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery + +tinker panic 0 +EOF + +# update packages +apt update +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade +# install required packages +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE + +if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then + # configure bind dns service + cat << EOF > /etc/default/bind9 +# +# run resolvconf? +RESOLVCONF=no + +# startup options for the server +OPTIONS="-4 -u bind" +EOF + +cat << EOF > /etc/bind/named.conf.local +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; +dlz "$LXC_DOMAIN" { + database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; +}; +EOF + + cat << EOF > /etc/bind/named.conf.options +options { + directory "/var/cache/bind"; + + forwarders { + $LXC_DNS; + }; + + allow-query { any;}; + dnssec-validation no; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + listen-on { any; }; + + tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; + minimal-responses yes; +}; +EOF + + mkdir -p /var/lib/samba/bind-dns/dns +fi + +# stop + disable samba services and remove default config +systemctl stop smbd nmbd winbind +systemctl disable smbd nmbd winbind +rm -f /etc/samba/smb.conf +rm -f /etc/krb5.conf + +# provision zamba domain +samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND + +cp /var/lib/samba/private/krb5.conf /etc/krb5.conf + +systemctl unmask samba-ad-dc +systemctl enable samba-ad-dc $BINDNINE +systemctl restart samba-ad-dc $BINDNINE + +exit 0 diff --git a/src/zmb-member/constants-service.conf b/src/zmb-member/constants-service.conf new file mode 100644 index 0000000..a2d006f --- /dev/null +++ b/src/zmb-member/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/zmb-member/features.json b/src/zmb-member/features.json new file mode 100644 index 0000000..a651666 --- /dev/null +++ b/src/zmb-member/features.json @@ -0,0 +1,12 @@ +{ + "unprivileged": 0, + "features": {}, + "sharefs": { + "size": "100", + "mountpoint": "/tank" + }, + "mem": 1024, + "swap": 1024, + "hostname": "zamba", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-member/info b/src/zmb-member/info new file mode 100644 index 0000000..5064c82 --- /dev/null +++ b/src/zmb-member/info @@ -0,0 +1 @@ +Zamba AD Member Server \ No newline at end of file diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh new file mode 100644 index 0000000..e4edaf0 --- /dev/null +++ b/src/zmb-member/install-service.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules + +mv /etc/krb5.conf /etc/krb5.conf.bak +cat > /etc/krb5.conf < /etc/samba/smb.conf <> /etc/pam.d/common-session + +systemctl restart winbind nmbd +wbinfo -u +wbinfo -g + +mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +# originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins' +chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +systemctl restart smbd nmbd winbind + diff --git a/src/zmb-standalone/constants-service.conf b/src/zmb-standalone/constants-service.conf new file mode 100644 index 0000000..a2d006f --- /dev/null +++ b/src/zmb-standalone/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/zmb-standalone/features.json b/src/zmb-standalone/features.json new file mode 100644 index 0000000..18faaf5 --- /dev/null +++ b/src/zmb-standalone/features.json @@ -0,0 +1,12 @@ +{ + "unprivileged": 0, + "features": { }, + "sharefs": { + "size": "100", + "mountpoint": "/tank" + }, + "mem": 1024, + "swap": 1024, + "hostname": "zamba", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-standalone/info b/src/zmb-standalone/info new file mode 100644 index 0000000..29a2c22 --- /dev/null +++ b/src/zmb-standalone/info @@ -0,0 +1 @@ +Zamba Standalone Server \ No newline at end of file diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh new file mode 100644 index 0000000..f3f0110 --- /dev/null +++ b/src/zmb-standalone/install-service.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules + +USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}') +useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER +echo "$USER:$ZMB_ADMIN_PASS" | chpasswd +smbpasswd -x $USER +(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER + +cat << EOF >> /etc/samba/smb.conf +[share] + comment = Main Share + path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + read only = No + vfs objects = shadow_copy2 + shadow: snapdir = .zfs/snapshot + shadow: sort = desc + shadow: format = -%Y-%m-%d-%H%M + shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\} + shadow: delimiter = -20 +EOF + +mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +systemctl restart smbd nmbd diff --git a/zamba.conf.example b/zamba.conf.example new file mode 100644 index 0000000..ef7137c --- /dev/null +++ b/zamba.conf.example @@ -0,0 +1,112 @@ +#!/bin/bash + +# This ist the Zamba main configuration file. +# Please adjust the settings to your needs before running the installer. + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + + +############### Linux Container Section ############### + +# Defines the Proxmox storage where your LXC container template are stored (default: local) +LXC_TEMPLATE_STORAGE="local" + +# Defines the size in GB of the LXC container's root filesystem (default: 32) +# Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`. +LXC_ROOTFS_SIZE="32" +# Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs) +LXC_ROOTFS_STORAGE="local-zfs" + +# Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100) +LXC_SHAREFS_SIZE="100" +# Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs) +LXC_SHAREFS_STORAGE="local-zfs" +# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) +LXC_SHAREFS_MOUNTPOINT="tank" + +# Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024) +LXC_MEM="1024" + +# Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024) +LXC_SWAP="1024" + +# Defines the hostname of your LXC container +LXC_HOSTNAME="zamba" + +# Defines the domain name / search domain of your LXC container +LXC_DOMAIN="zmb.rocks" + +# Defines the local IP address and subnet of your LXC container in CIDR format +LXC_IP="192.168.100.200/24" + +# Defines the default gateway IP address of your LXC container +LXC_GW="192.168.100.254" + +# Defines the DNS server ip address of your LXC container +# `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS +# For other services this should be your active directory domain controller (if present, else a DNS server of your choice) +LXC_DNS="192.168.100.254" + +# Defines the network bridge to bind the network adapter of your LXC container +LXC_BRIDGE="vmbr0" + +# Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty. +LXC_VLAN= + +# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour. +LXC_PWD='S3cr3tp@ssw0rd' + +# Defines an authorized_keys file to push into the LXC container. +# By default the authorized_keys will be inherited from your proxmox host. +LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" + +# Define your (administrative) tools, you always want to have installed into your LXC container +LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" + +# Define the local timezone of your LXC container (default: Euroe/Berlin) +LXC_TIMEZONE="Europe/Berlin" + +# Define system language on LXC container (locales) +# This parameter is not used yet, but will be integrated in future releases. +LXC_LOCALE=de_DE.UTF-8 + +# Set dark background for vim syntax highlighting (0 or 1) +LXC_VIM_BG_DARK=1 + +############### Zamba-Server-Section ############### + +# Defines the REALM for the Active Directory (AD DC, AD member) +ZMB_REALM="ZMB.ROCKS" +# Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone) +ZMB_DOMAIN="ZMB" + +# Defines the name of your domain administrator account (AD DC, AD member, standalone) +ZMB_ADMIN_USER="administrator" +# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour +# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail +ZMB_ADMIN_PASS='1c@nd0@nyth1n9' + +# Defines the name of your Zamba share +ZMB_SHARE="share" + +############### Mailpiler-Section ############### + +# Defines the (public) FQDN of your piler mail archive +PILER_FQDN="piler.zmb.rocks" +# Defines the smarthost for piler mail archive +PILER_SMARTHOST="your.mailserver.tld" + + +############### Matrix-Section ############### + +# Define the FQDN of your Matrix server +MATRIX_FQDN="matrix.zmb.rocks" + +# Define the FQDN for the Element Web virtual host +MATRIX_ELEMENT_FQDN="element.zmb.rocks" + +# Define the version of Element Web +MATRIX_ELEMENT_VERSION="v1.7.24" From c56a9a3815f4dcec3acf76d7c4826b4809a97a3c Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sat, 24 Apr 2021 17:45:06 +0200 Subject: [PATCH 03/54] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 287bd0f..5c95157 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # Zamba LXC Toolbox +# IMPORTANT NOTE: +`devel` branch is still under heavy development, do not use this on a productive machine! + ## About Zamba LXC Toolbox is a collection of scripts to easily install Debian LXC containers with preconfigured services on Proxmox with ZFS. The main feature is `Zamba`, the fusion of ZFS and Samba in three different flavours (standalone, active directory dc or active directory member), preconfigured to access ZFS snapshots by "Windows Previous Versions" to easily recover encrypted by ransomware files, accidently deleted files or just to revert changes. From d5a56268df4909a69e646ff3b8dd4ab3f31040d0 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 18:02:04 +0200 Subject: [PATCH 04/54] Added conf folder with README --- conf/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 conf/README.md diff --git a/conf/README.md b/conf/README.md new file mode 100644 index 0000000..4a821a3 --- /dev/null +++ b/conf/README.md @@ -0,0 +1 @@ +# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS \ No newline at end of file From 54648ffec244779dce218444a6a89c682c8150f4 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 18:02:35 +0200 Subject: [PATCH 05/54] Added parameters to install.sh --- install.sh | 113 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 80 insertions(+), 33 deletions(-) diff --git a/install.sh b/install.sh index eca4cf5..e2d34e5 100644 --- a/install.sh +++ b/install.sh @@ -15,40 +15,83 @@ # Please adjust th settings in 'zamba.conf' to your needs before running the script ############### ZAMBA INSTALL SCRIPT ############### +prog="$(basename "$0")" -if [[ "$2" == *".conf" ]]; then - CONF=$2 -else - CONF=zamba.conf -fi +usage() { + cat >&2 <<-EOF + usage: $prog [-h] [-i CTID] [-s SERVICE] [-c CFGFILE] + installs a preconfigured lxc container on your proxmox server + -h displays this help text + -i CTID provide a container id instead of auto detection + -s SERVICE provide the service name and skip the selection dialog + -c CFGFILE use a different config file than 'zamba.conf' + --------------------------------------------------------------------------- + (C) 2021 zamba-lxc-toolbox by bashclub (https://github.con/bashclub) + --------------------------------------------------------------------------- + + EOF + exit $1 +} + +ctid=0 +service=ask +config=$PWD/zamba.conf + +while getopts "hi:s:c:" opt; do + case $opt in + h) usage 0 ;; + i) ctid=$OPTARG ;; + s) service=$OPTARG ;; + c) config=$OPTARG ;; + *) usage 1 ;; + esac +done +shift $((OPTIND-1)) # Load configuration file -source $PWD/$CONF +echo "Loading config file '$config'..." +source $config OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) -if [ -z ${1+x} ]; then - if [[ $opt in $OPTS ]]; then - echo "Configuring '$opt' container..." - else - echo "Invalid option: '$opt', exiting..." - exit 1 - fi -else - select opt in $OPTS quit; do - if [[ $opt in $OPTS ]]; then - echo "Configuring '$opt' container..." - elif [[ "$opt" == "quit" ]]; then - echo "'quit' selected, exiting..." - exit 0 +echo 0 > $PWD/VALIDATION +if [[ "$service" == "ask" ]]; then + select svc in $OPTS quit; do + if [[ "$svc" != "quit" ]]; then + echo -e "$OPTS" | while read line; do + if [[ "$svc" == "$line" ]]; then + service=$svc + echo "Installation of $service selected." + echo 1 > $PWD/VALIDATION + break + fi + done else - echo "Invalid option, exiting..." - exit 1 + echo "Selected 'quit' exiting without action..." + exit 0 + fi + if [[ "$(cat $PWD/VALIDATION)" == "1" ]]; then + break + fi + done +else + echo -e "$OPTS" | while read line; do + if [[ "$service" == "$line" ]]; then + echo "Installation of $service selected." + echo 1 > $PWD/VALIDATION + break fi done fi -source $PWD/src/$opt/constants-service.conf +if [[ "$(cat $PWD/VALIDATION)" != "1" ]]; then + echo "Invalid option, exiting..." + usage 1 +fi + +rm -f $PWD/VALIDATION + +source $PWD/src/$service/constants-service.conf # CHeck is the newest template available, else download it. DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2) @@ -62,9 +105,13 @@ else pveam download $LXC_TEMPLATE_STORAGE debian-10-standard_$DEB_REP\_amd64.tar.gz fi -# Get next free LXC-number -LXC_LST=$( lxc-ls -1 | tail -1 ) -LXC_CHK=$((LXC_LST+1)); +if [ $ctid -gt 99 ]; then + LXC_CHK=$ctid +else + # Get next free LXC-number + LXC_LST=$( lxc-ls -1 | tail -1 ) + LXC_CHK=$((LXC_LST+1)); +fi if [ $LXC_CHK -lt 100 ] || [ -f /etc/pve/qemu-server/$LXC_CHK.conf ]; then LXC_NBR=$(pvesh get /cluster/nextid); @@ -103,21 +150,21 @@ pct start $LXC_NBR; sleep 5; # Set the root password and key echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; -lxc-attach -n$LXC_NBR mkdir -p /root/.ssh; -pct push $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys +lxc-attach -n$LXC_NBR mkdir /root/.ssh; +pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list -pct push $LXC_NBR $PWD/$CONF /root/zamba.conf +pct push $LXC_NBR $config /root/zamba.conf pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh -pct push $LXC_NBR $PWD/src/$opt/install-service.sh /root/install-service.sh -pct push $LXC_NBR $PWD/src/$opt/constants-service.conf /root/constants-service.conf +pct push $LXC_NBR $PWD/src/$service/install-service.sh /root/install-service.sh +pct push $LXC_NBR $PWD/src/$service/constants-service.conf /root/constants-service.conf echo "Installing basic container setup..." pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh -echo "Install '$opt'!" +echo "Install '$service'!" lxc-attach -n$LXC_NBR bash /root/install-service.sh -if [[ $opt == "zmb-ad" ]]; then +if [[ $service == "zmb-ad" ]]; then pct stop $LXC_NBR pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1) pct start $LXC_NBR From 0b51da7ab9048b51d1e4ea98341570db378ff029 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 18:18:30 +0200 Subject: [PATCH 06/54] Fixed call of lxc-base.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index e2d34e5..c6126f1 100644 --- a/install.sh +++ b/install.sh @@ -160,7 +160,7 @@ pct push $LXC_NBR $PWD/src/$service/install-service.sh /root/install-service.sh pct push $LXC_NBR $PWD/src/$service/constants-service.conf /root/constants-service.conf echo "Installing basic container setup..." -pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh +lxc-attach -n$LXC_NBR bash /root/lxc-base.sh echo "Install '$service'!" lxc-attach -n$LXC_NBR bash /root/install-service.sh From 5a42aadb4112edbe7fe2832ddb5e250e6610fbae Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 18:19:00 +0200 Subject: [PATCH 07/54] Added variable for vim syntax highlighting --- zamba.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/zamba.conf b/zamba.conf index 11738a4..16f5612 100644 --- a/zamba.conf +++ b/zamba.conf @@ -75,6 +75,9 @@ LXC_TIMEZONE="Europe/Berlin" # Define system language on LXC container (locales) LXC_LOCALE=de_DE.UTF-8 +# Set dark background for vim syntax highlighting (0 or 1) +LXC_VIM_BG_DARK=1 + ############### Zamba-Server-Section ############### # Defines the REALM for the Active Directory (AD DC, AD member) From 43c05b2dea7c30113de3d316489c4f939541b4a0 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 18:20:26 +0200 Subject: [PATCH 08/54] Added conf folder to .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 6b2a1e2..095ce83 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *__pycache__* -.vscode/* \ No newline at end of file +.vscode/* +conf/* From 53a95d34e271e8a3df250cfc0de7b0fa309d6487 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 25 Apr 2021 19:26:49 +0200 Subject: [PATCH 09/54] Added wsdd to zmb-standalone #25 --- src/zmb-standalone/install-service.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index f3f0110..07ba9f7 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -7,7 +7,13 @@ source /root/zamba.conf -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules +# add wsdd package repo +apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key +echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list + +apt update + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules wsdd USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}') useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER @@ -16,7 +22,7 @@ smbpasswd -x $USER (echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER cat << EOF >> /etc/samba/smb.conf -[share] +[$ZMB_SHARE] comment = Main Share path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE read only = No @@ -32,4 +38,4 @@ mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE -systemctl restart smbd nmbd +systemctl restart smbd nmbd wsdd From e8a753900156583053ee539b4676720b8ee430c4 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 09:21:10 +0200 Subject: [PATCH 10/54] moved zamba.conf to archive --- zamba.conf => archive/zamba.conf | 12 ------------ 1 file changed, 12 deletions(-) rename zamba.conf => archive/zamba.conf (91%) diff --git a/zamba.conf b/archive/zamba.conf similarity index 91% rename from zamba.conf rename to archive/zamba.conf index 16f5612..f5634c6 100644 --- a/zamba.conf +++ b/archive/zamba.conf @@ -85,9 +85,6 @@ ZMB_REALM="ZMB.ROCKS" # Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone) ZMB_DOMAIN="ZMB" -# Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage -ZMB_DNS_BACKEND="SAMBA_INTERNAL" - # Defines the name of your domain administrator account (AD DC, AD member, standalone) ZMB_ADMIN_USER="administrator" # The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour @@ -103,12 +100,6 @@ ZMB_SHARE="share" PILER_FQDN="piler.zmb.rocks" # Defines the smarthost for piler mail archive PILER_SMARTHOST="your.mailserver.tld" -# Defines the version number of piler mail archive to install -PILER_VERSION="1.3.11" -# Defines the version of sphinx to install -PILER_SPHINX_VERSION="3.3.1" -# Defines the php version to install -PILER_PHP_VERSION="7.4" ############### Matrix-Section ############### @@ -118,8 +109,5 @@ MATRIX_FQDN="matrix.zmb.rocks" # Define the FQDN for the Element Web virtual host MATRIX_ELEMENT_FQDN="element.zmb.rocks" -# Define the version of Element Web -MATRIX_ELEMENT_VERSION="v1.7.25" - # Define the FQDN for the Jitsi Meet virtual host MATRIX_JITSI_FQDN="meet.zmb.rocks" From f6913342ed1436cbb755f16b4aee043ff2d6a5f8 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 09:21:46 +0200 Subject: [PATCH 11/54] Added element version to canstants-service.conf --- src/matrix/constants-service.conf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/matrix/constants-service.conf b/src/matrix/constants-service.conf index 382f437..a8136ea 100644 --- a/src/matrix/constants-service.conf +++ b/src/matrix/constants-service.conf @@ -14,4 +14,7 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="0" + +# Define the version of Element Web +MATRIX_ELEMENT_VERSION="v1.7.25" From ce5bcb00f5df647ca2ad81801d832c5fc4077434 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 09:22:05 +0200 Subject: [PATCH 12/54] Updated zamba.conf.example --- zamba.conf.example | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/zamba.conf.example b/zamba.conf.example index ef7137c..336fd88 100644 --- a/zamba.conf.example +++ b/zamba.conf.example @@ -39,6 +39,9 @@ LXC_HOSTNAME="zamba" # Defines the domain name / search domain of your LXC container LXC_DOMAIN="zmb.rocks" +# Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false] +LXC_DHCP=false + # Defines the local IP address and subnet of your LXC container in CIDR format LXC_IP="192.168.100.200/24" @@ -61,7 +64,7 @@ LXC_PWD='S3cr3tp@ssw0rd' # Defines an authorized_keys file to push into the LXC container. # By default the authorized_keys will be inherited from your proxmox host. -LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" +LXC_AUTHORIZED_KEY=~/.ssh/authorized_keys # Define your (administrative) tools, you always want to have installed into your LXC container LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" @@ -70,8 +73,8 @@ LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" LXC_TIMEZONE="Europe/Berlin" # Define system language on LXC container (locales) -# This parameter is not used yet, but will be integrated in future releases. -LXC_LOCALE=de_DE.UTF-8 +# With thi paramater you can generate additional locales, the default language will be inherited from proxmox host. +LXC_LOCALE="en_US.UTF-8" # Set dark background for vim syntax highlighting (0 or 1) LXC_VIM_BG_DARK=1 @@ -99,7 +102,6 @@ PILER_FQDN="piler.zmb.rocks" # Defines the smarthost for piler mail archive PILER_SMARTHOST="your.mailserver.tld" - ############### Matrix-Section ############### # Define the FQDN of your Matrix server @@ -107,6 +109,3 @@ MATRIX_FQDN="matrix.zmb.rocks" # Define the FQDN for the Element Web virtual host MATRIX_ELEMENT_FQDN="element.zmb.rocks" - -# Define the version of Element Web -MATRIX_ELEMENT_VERSION="v1.7.24" From fcaff32462ed84727694c4793e93796e8b3f2532 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 09:22:49 +0200 Subject: [PATCH 13/54] Updated Changelog --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8344929..b7acdea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,13 @@ -**** Zamba LXC Toolbox main branch **** +**** Zamba LXC Toolbox devel branch **** - added dhcp support - fixed hardcoded samba sharename in `zmb-standalone` script - added support for container id's larger than 999 +- added optional parameters for ct id, service and config file +- mailpiler version now configured to download `latest` version +- added `conf` folder to store user configs +- splitted basic container setup and service installation into multiple scripts +- created `constants` to minimize config variables +- added `wsdd` to `zmb-standalone` service **** Zamba LXC Toolbox v0.1 **** - `locales` are now configured noninteractive #21 From 73e68efc7a430aa57eb73aa8ae8cec8186c31d70 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 11:17:02 +0200 Subject: [PATCH 14/54] Moved zamba.conf.example to conf folder --- .gitignore | 2 ++ zamba.conf.example => conf/zamba.conf.example | 0 2 files changed, 2 insertions(+) rename zamba.conf.example => conf/zamba.conf.example (100%) diff --git a/.gitignore b/.gitignore index 095ce83..4a66929 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ *__pycache__* .vscode/* conf/* +!conf/README.md +!conf/zamba.conf.example \ No newline at end of file diff --git a/zamba.conf.example b/conf/zamba.conf.example similarity index 100% rename from zamba.conf.example rename to conf/zamba.conf.example From 2d701d4df24719705e8fcdb82945874e05d16b34 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Tue, 27 Apr 2021 20:30:28 +0200 Subject: [PATCH 15/54] Replaced while loops with more safe for loops --- install.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/install.sh b/install.sh index c6126f1..175f787 100644 --- a/install.sh +++ b/install.sh @@ -21,10 +21,10 @@ usage() { cat >&2 <<-EOF usage: $prog [-h] [-i CTID] [-s SERVICE] [-c CFGFILE] installs a preconfigured lxc container on your proxmox server - -h displays this help text -i CTID provide a container id instead of auto detection -s SERVICE provide the service name and skip the selection dialog -c CFGFILE use a different config file than 'zamba.conf' + -h displays this help text --------------------------------------------------------------------------- (C) 2021 zamba-lxc-toolbox by bashclub (https://github.con/bashclub) --------------------------------------------------------------------------- @@ -35,7 +35,8 @@ usage() { ctid=0 service=ask -config=$PWD/zamba.conf +config=$PWD/conf/zamba.conf +verbose=0 while getopts "hi:s:c:" opt; do case $opt in @@ -54,15 +55,15 @@ source $config OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) -echo 0 > $PWD/VALIDATION +valid=0 if [[ "$service" == "ask" ]]; then select svc in $OPTS quit; do if [[ "$svc" != "quit" ]]; then - echo -e "$OPTS" | while read line; do + for line in $(echo $OPTS); do if [[ "$svc" == "$line" ]]; then service=$svc echo "Installation of $service selected." - echo 1 > $PWD/VALIDATION + valid=1 break fi done @@ -70,27 +71,25 @@ if [[ "$service" == "ask" ]]; then echo "Selected 'quit' exiting without action..." exit 0 fi - if [[ "$(cat $PWD/VALIDATION)" == "1" ]]; then + if [[ "$valid" == "1" ]]; then break fi done else - echo -e "$OPTS" | while read line; do + for line in $(echo $OPTS); do if [[ "$service" == "$line" ]]; then echo "Installation of $service selected." - echo 1 > $PWD/VALIDATION + valid=1 break fi done fi -if [[ "$(cat $PWD/VALIDATION)" != "1" ]]; then +if [[ "$valid" != "1" ]]; then echo "Invalid option, exiting..." usage 1 fi -rm -f $PWD/VALIDATION - source $PWD/src/$service/constants-service.conf # CHeck is the newest template available, else download it. From 735719d600dd9c40a8fd46d7983bf9c7a231af21 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 01:04:34 +0200 Subject: [PATCH 16/54] Create install-service.sh --- src/nextcloud/install-service.sh | 413 +++++++++++++++++++++++++++++++ 1 file changed, 413 insertions(+) create mode 100644 src/nextcloud/install-service.sh diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh new file mode 100644 index 0000000..66d7a52 --- /dev/null +++ b/src/nextcloud/install-service.sh @@ -0,0 +1,413 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf +source /root/constants-service.conf + +HOSTNAME=$(hostname -f) + +wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list + +wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add - +echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list + +wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - +echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list + +apt update + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils nfs-common cifs-utils redis-server imagemagick \ +postgresql-13 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline} + +timedatectl set-timezone Europe/Berlin +mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www +chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www + +#### Create database for nextcloud #### + +su - postgres < /etc/nginx/nginx.conf < /etc/nginx/conf.d/http.conf << EOF +upstream php-handler { +server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock; +} +server { +listen 80 default_server; +listen [::]:80 default_server; +server_name $NEXTCLOUD_FQDN; +root /var/www; +location / { +return 301 https://\$host\$request_uri; +} +} +EOF + +cat > /etc/nginx/conf.d/nextcloud.conf << EOF +server { +listen 443 ssl http2; +listen [::]:443 ssl http2; +server_name $NEXTCLOUD_FQDN; +ssl_certificate /etc/ssl/certs/nextcloud.crt; +ssl_certificate_key /etc/ssl/private/nextcloud.key; +ssl_trusted_certificate /etc/ssl/certs/nextcloud.crt; +#ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem; +#ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem; +#ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem; +#ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem; +#ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem; +ssl_dhparam /etc/ssl/certs/dhparam.pem; +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:50m; +ssl_session_tickets off; +ssl_protocols TLSv1.3 TLSv1.2; +ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384'; +ssl_ecdh_curve X448:secp521r1:secp384r1; +ssl_prefer_server_ciphers on; +ssl_stapling on; +ssl_stapling_verify on; +client_max_body_size 5120M; +fastcgi_buffers 64 4K; +gzip on; +gzip_vary on; +gzip_comp_level 4; +gzip_min_length 256; +gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; +gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; +add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; +add_header Permissions-Policy "interest-cohort=()"; +add_header Referrer-Policy "no-referrer" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-Download-Options "noopen" always; +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-Permitted-Cross-Domain-Policies "none" always; +add_header X-Robots-Tag "none" always; +add_header X-XSS-Protection "1; mode=block" always; +fastcgi_hide_header X-Powered-By; +fastcgi_read_timeout 3600; +fastcgi_send_timeout 3600; +fastcgi_connect_timeout 3600; +root /var/www/nextcloud; +index index.php index.html /index.php\$request_uri; +expires 1m; +location = / { +if ( \$http_user_agent ~ ^DavClnt ) { +return 302 /remote.php/webdav/\$is_args\$args; +} +} +location = /robots.txt { +allow all; +log_not_found off; +access_log off; +} +location ^~ /apps/rainloop/app/data { +deny all; +} +location ^~ /.well-known { +location = /.well-known/carddav { return 301 /remote.php/dav/; } +location = /.well-known/caldav { return 301 /remote.php/dav/; } +location ^~ /.well-known { return 301 /index.php/\$uri; } +try_files \$uri \$uri/ =404; +} +location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/) { return 404; } +location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } +location ~ \.php(?:\$|/) { +rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; +fastcgi_split_path_info ^(.+?\.php)(/.*)\$; +set \$path_info \$fastcgi_path_info; +try_files \$fastcgi_script_name =404; +include fastcgi_params; +fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; +fastcgi_param PATH_INFO \$path_info; +fastcgi_param HTTPS on; +fastcgi_param modHeadersAvailable true; +fastcgi_param front_controller_active true; +fastcgi_pass php-handler; +fastcgi_intercept_errors on; +fastcgi_request_buffering off; +} +location ~ \.(?:css|js|svg|gif)\$ { +try_files \$uri /index.php\$request_uri; +expires 6M; +access_log off; +} +location ~ \.woff2?\$ { +try_files \$uri /index.php\$request_uri; +expires 7d; +access_log off; +} +location / { +try_files \$uri \$uri/ /index.php\$request_uri; +} +} +EOF + +systemctl restart php$NEXTCLOUD_PHP_VERSION-fpm nginx + +#### Adjust redis settings #### + +cp /etc/redis/redis.conf /etc/redis/redis.conf.bak +sed -i "s/port 6379/port 0/" /etc/redis/redis.conf +sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf +sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf +sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf +usermod -aG redis www-data + +#### Adjust sysctl.conf settings #### + +cp /etc/sysctl.conf /etc/sysctl.conf.bak +echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf +systemctl restart redis + +#### HIER MÃœSSTE EIN REBOOT REIN #### + + +#### Install nextcloud #### + +cd /usr/local/src + +wget https://download.nextcloud.com/server/releases/latest.tar.bz2 +wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5 + +md5sum -c latest.tar.bz2.md5 < latest.tar.bz2 + +tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2 + +cat > /root/permissions.sh << EOF +#!/bin/bash +find /var/www/ -type f -print0 | xargs -0 chmod 0640 +find /var/www/ -type d -print0 | xargs -0 chmod 0750 +chown -R www-data:www-data /var/www +chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA +chmod 0644 /var/www/nextcloud/.htaccess +chmod 0644 /var/www/nextcloud/.user.ini +exit 0 +EOF + +chmod +x /root/permissions.sh +/root/permissions.sh + +#### install fail2ban #### + +cat </etc/fail2ban/filter.d/nextcloud.conf +[Definition] +_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) +failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. +datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" +EOF + +cat > /etc/fail2ban/jail.d/nextcloud.local << EOF +[nextcloud] +backend = auto +enabled = true +port = 80,443 +protocol = tcp +filter = nextcloud +maxretry = 5 +bantime = 3600 +findtime = 36000 +logpath = /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/nextcloud.log +EOF + +systemctl restart fail2ban + +#### Create configuration script for nextcloud, which will be executet as user www-data + +cat > /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh << DFOE + +#!/bin/bash + +php /var/www/nextcloud/occ maintenance:install --database pgsql \ +--database-host $NEXTCLOUD_DB_IP \ +--database-port $NEXTCLOUD_DB_PORT \ +--database-name $NEXTCLOUD_DB_NAME \ +--database-user $NEXTCLOUD_DB_USR \ +--database-pass $NEXTCLOUD_DB_PWD \ +--admin-user $NEXTCLOUD_ADMIN_USR \ +--admin-pass $NEXTCLOUD_ADMIN_PWD \ +--data-dir /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA + +php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$NEXTCLOUD_FQDN +php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://$NEXTCLOUD_FQDN + +cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak +sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php +sed -i '/);/d' /var/www/nextcloud/config/config.php + +cat >> /var/www/nextcloud/config/config.php << EOF +'activity_expire_days' => 14, +'auth.bruteforce.protection.enabled' => true, +'blacklisted_files' => +array ( +0 => '.htaccess', +1 => 'Thumbs.db', +2 => 'thumbs.db', +), +'cron_log' => true, +'default_phone_region' => 'DE', +'enable_previews' => true, +'enabledPreviewProviders' => +array ( +0 => 'OC\Preview\PNG', +1 => 'OC\Preview\JPEG', +2 => 'OC\Preview\GIF', +3 => 'OC\Preview\BMP', +4 => 'OC\Preview\XBitmap', +5 => 'OC\Preview\Movie', +6 => 'OC\Preview\PDF', +7 => 'OC\Preview\MP3', +8 => 'OC\Preview\TXT', +9 => 'OC\Preview\MarkDown', +), +'filesystem_check_changes' => 0, +'filelocking.enabled' => 'true', +'htaccess.RewriteBase' => '/', +'integrity.check.disabled' => false, +'knowledgebaseenabled' => false, +'logfile' => '/var/$NEXTCLOUD_DATA/nextcloud.log', +'loglevel' => 2, +'logtimezone' => 'Europe/Berlin', +'log_rotate_size' => 104857600, +'maintenance' => false, +'memcache.local' => '\OC\Memcache\APCu', +'memcache.locking' => '\OC\Memcache\Redis', +'overwriteprotocol' => 'https', +'preview_max_x' => 1024, +'preview_max_y' => 768, +'preview_max_scale_factor' => 1, +'redis' => +array ( +'host' => '/var/run/redis/redis-server.sock', +'port' => 0, +'timeout' => 0.0, +), +'quota_include_external_storage' => false, +'share_folder' => '/Freigaben', +'skeletondirectory' => '', +'theme' => '', +'trashbin_retention_obligation' => 'auto, 7', +'updater.release.channel' => 'stable', +); +EOF + +sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini +php /var/www/nextcloud/occ app:disable survey_client +php /var/www/nextcloud/occ app:disable firstrunwizard +php /var/www/nextcloud/occ app:enable admin_audit +php /var/www/nextcloud/occ app:enable files_pdfviewer +php /var/www/nextcloud/occ background:cron +DFOE + +/root/permissions.sh + +su -s /bin/bash www-data < /dev/null 2>&1" > /etc/cron.d/nextcloud + +echo -e "\n######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" +systemctl stop nginx php$NEXTCLOUD_PHP_VERSION-fpm +systemctl restart postgresql php$NEXTCLOUD_PHP_VERSION-fpm redis-server nginx + +exit 0 From 168aa38cfd21bd952739de440d59842de2a98643 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 01:06:58 +0200 Subject: [PATCH 17/54] Create constants-service.conf --- src/nextcloud/constants-service.conf | 39 ++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 src/nextcloud/constants-service.conf diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf new file mode 100644 index 0000000..5c78dbd --- /dev/null +++ b/src/nextcloud/constants-service.conf @@ -0,0 +1,39 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" + +# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest') +NEXTCLOUD_VERSION="latest" + +# Defines the php version to install +NEXTCLOUD_PHP_VERSION="8.0" + +# Defines the IP from the SQL server +NEXTCLOUD_DB_IP="127.0.0.1" + +# Defines the PORT from the SQL server +NEXTCLOUD_DB_PORT="5432" + +# Defines the name from the SQL database +NEXTCLOUD_DB_NAME="nextcloud_db" + +# Defines the name from the SQL user +NEXTCLOUD_DB_USR="nextcloud" + +# Build a strong password for the SQL user - could be overwritten with something fixed +NEXTCLOUD_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" From 7bf34a91ab2007de8fb431516936b53eb4e430a3 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 01:10:18 +0200 Subject: [PATCH 18/54] Update zamba.conf.example Added nextcloud part --- conf/zamba.conf.example | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 336fd88..b1f9a76 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -109,3 +109,20 @@ MATRIX_FQDN="matrix.zmb.rocks" # Define the FQDN for the Element Web virtual host MATRIX_ELEMENT_FQDN="element.zmb.rocks" + +############### Nextcloud-Section ############### + +# Define the FQDN of your Matrix server +NEXTCLOUD_FQDN="nc1.zmb.rocks" + +# The initial admin-user which will be configured +NEXTCLOUD_ADMIN_USR="zmb-admin" + +# Build a strong password for this user. Username and password will shown at the end of the instalation. +NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" + +# Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT +NEXTCLOUD_DATA="nc_data" + + + From 833a00e5c7114d61bf37dfb4a1eea4809e4c70f8 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 15:10:05 +0200 Subject: [PATCH 19/54] Update README.md Added nextcloud --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5c95157..bf73ac3 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ Proxmox VE Server with at least one configured ZFS Pool. - `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions) - `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/) - `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web) +- `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration - `debian-unpriv` => Debian unprivileged container with basic toolset - `debian-unpriv` => Debian privileged container with basic toolset ## Usage From 2b9dda705c85a50f1181dc75e296c71881e277f0 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 2 May 2021 17:10:53 +0200 Subject: [PATCH 20/54] Added loading constants-service.conf --- src/zmb-ad/install-service.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh index eb32037..5005f05 100644 --- a/src/zmb-ad/install-service.sh +++ b/src/zmb-ad/install-service.sh @@ -6,6 +6,7 @@ # (C) 2021 Script rework and documentation by Thorsten Spille source /root/zamba.conf +source /root/constants-service.conf if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then BINDNINE=bind9 From 55d50e3ba65c20edfc66f9c254019a999a3455b8 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 2 May 2021 19:21:09 +0200 Subject: [PATCH 21/54] Added command to load constants-service.conf --- src/mailpiler/install-service.sh | 14 ++++++++++---- src/matrix/install-service.sh | 5 +++-- src/zmb-member/install-service.sh | 1 + src/zmb-standalone/install-service.sh | 1 + 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh index c42fa9a..d7df5ae 100644 --- a/src/mailpiler/install-service.sh +++ b/src/mailpiler/install-service.sh @@ -6,6 +6,7 @@ # (C) 2021 Script rework and documentation by Thorsten Spille source /root/zamba.conf +source /root/constants-service.conf HOSTNAME=$(hostname -f) @@ -16,18 +17,23 @@ echo $HOSTNAME if [ "$HOSTNAME" != "$PILER_FQDN" ] then - echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit + echo "Hostname doesn't match $PILER_FQDN! Check install.sh, /etc/hosts, /etc/hostname." && exit else - echo "Hostname matches PILER_FQDNAIN, so starting installation." + echo "Hostname matches $PILER_FQDN, so starting installation." fi # install php wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list -DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip} +apt update -DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \ +unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx \ +mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \ +php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip} + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix cat > /etc/mysql/conf.d/mailpiler.conf < source /root/zamba.conf +source /root/constants-service.conf MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) @@ -13,12 +14,12 @@ ELE_DBNAME="synapse_db" ELE_DBUSER="synapse_user" ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) -DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2 +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2 wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list apt update -DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq matrix-synapse-py3 +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq matrix-synapse-py3 systemctl enable matrix-synapse ss -tulpen diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh index e4edaf0..e93e54f 100644 --- a/src/zmb-member/install-service.sh +++ b/src/zmb-member/install-service.sh @@ -6,6 +6,7 @@ # (C) 2021 Script rework and documentation by Thorsten Spille source /root/zamba.conf +source /root/constants-service.conf DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index 07ba9f7..d808dcf 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -6,6 +6,7 @@ # (C) 2021 Script rework and documentation by Thorsten Spille source /root/zamba.conf +source /root/constants-service.conf # add wsdd package repo apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key From 90e7134bac89eafbcaff728310628868fadb6dbb Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 19:33:54 +0200 Subject: [PATCH 22/54] Update install-service.sh Adjust cronjob line 407 --- src/nextcloud/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 66d7a52..4e0821a 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -404,7 +404,7 @@ DFOE su -s /bin/bash www-data < /dev/null 2>&1" > /etc/cron.d/nextcloud +echo "*/5 * * * * www-data php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud echo -e "\n######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" systemctl stop nginx php$NEXTCLOUD_PHP_VERSION-fpm From da0de1457933bd29b5a853372981558566e1217e Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Sun, 2 May 2021 19:43:55 +0200 Subject: [PATCH 23/54] Update install-service.sh --- src/nextcloud/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 4e0821a..32f1c93 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -404,7 +404,7 @@ DFOE su -s /bin/bash www-data < /dev/null 2>&1" > /etc/cron.d/nextcloud +echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud echo -e "\n######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" systemctl stop nginx php$NEXTCLOUD_PHP_VERSION-fpm From 6c643e2df6992a8211045cd9a01662574a7e3a71 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Mon, 3 May 2021 08:47:48 +0200 Subject: [PATCH 24/54] Update README.md Line 20 - unpriv => priv --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bf73ac3..9cbc32b 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Proxmox VE Server with at least one configured ZFS Pool. - `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web) - `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration - `debian-unpriv` => Debian unprivileged container with basic toolset -- `debian-unpriv` => Debian privileged container with basic toolset +- `debian-priv` => Debian privileged container with basic toolset ## Usage Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`. ```bash From 3971df5e7c1ce89dfde2fcdbedada5ae402d96ad Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Mon, 3 May 2021 09:02:16 +0200 Subject: [PATCH 25/54] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 175f787..acb71ba 100644 --- a/install.sh +++ b/install.sh @@ -26,7 +26,7 @@ usage() { -c CFGFILE use a different config file than 'zamba.conf' -h displays this help text --------------------------------------------------------------------------- - (C) 2021 zamba-lxc-toolbox by bashclub (https://github.con/bashclub) + (C) 2021 zamba-lxc-toolbox by bashclub (https://github.com/bashclub) --------------------------------------------------------------------------- EOF From 8e6c7b5e6a1d92e5a689d64f63cfd71dfffc14b5 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Wed, 5 May 2021 10:35:46 +0200 Subject: [PATCH 26/54] Update zamba.conf.example Added Nextcloud_RevProx Parameter will used to config a trusted proxy in config.php --- conf/zamba.conf.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index b1f9a76..73cbbfc 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -124,5 +124,5 @@ NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head # Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT NEXTCLOUD_DATA="nc_data" - - +# Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban +NEXTCLOUD_REVPROX="192.168.100.254" From 94a72bff1ed53b0578589b666c797c613d749e18 Mon Sep 17 00:00:00 2001 From: DerFossiBaer <56678897+DerFossiBaer@users.noreply.github.com> Date: Wed, 5 May 2021 10:39:58 +0200 Subject: [PATCH 27/54] Update install-service.sh Added'trusted_proxies' => array ( '$NEXTCLOUD_REVPROX' ), To enable source IP detection over reverse proxy --- src/nextcloud/install-service.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 32f1c93..870263c 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -388,6 +388,10 @@ array ( 'theme' => '', 'trashbin_retention_obligation' => 'auto, 7', 'updater.release.channel' => 'stable', +'trusted_proxies' => +array ( +'$NEXTCLOUD_REVPROX' +), ); EOF From b239b064e2eba00aa01701d9d4ec0b1658ddd195 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 13 May 2021 14:16:49 +0200 Subject: [PATCH 28/54] Added open3a prototype --- src/open3a/constants-service.conf | 17 ++++++++++ src/open3a/install-service.sh | 53 +++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 src/open3a/constants-service.conf create mode 100644 src/open3a/install-service.sh diff --git a/src/open3a/constants-service.conf b/src/open3a/constants-service.conf new file mode 100644 index 0000000..382f437 --- /dev/null +++ b/src/open3a/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh new file mode 100644 index 0000000..2c695bc --- /dev/null +++ b/src/open3a/install-service.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf +source /root/constants-service.conf + +MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)" + +apt update + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring + +cat << EOF > /etc/nginx/sites-available/default +server { + listen 80 default_server; + listen [::]:80 default_server; + + root /var/www/html; + + index index.php; + + server_name _; + + location ~ .php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + } +} +EOF + +mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; +GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; +CREATE DATABASE IF NOT EXISTS open3a; +GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';" + +cd /var/www/html/ +wget https://www.open3a.de/download/open3A%203.4.zip -O open3a.zip +unzip open3a.zip +rm open3a.zip +chmod 666 system/DBData/Installation.pfdb.php +chmod -R 777 specifics/ + +echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup +chmod +x /etc/cron.daily/open3a-backup + +systemctl enable --now php7.3-fpm +systemctl restart nginx + +echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" \ No newline at end of file From 2f4a5a0de57383bbdd7807985da1902c75814c1b Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 13 May 2021 20:17:46 +0200 Subject: [PATCH 29/54] Added php-gd to open3a installation --- src/open3a/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 2c695bc..6ab26fc 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -12,7 +12,7 @@ MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd cat << EOF > /etc/nginx/sites-available/default server { From fdb7ed6fd020b58e64e885ddb498f4afbfc00386 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 13 May 2021 21:32:37 +0200 Subject: [PATCH 30/54] Fixed permissions on backup folder --- src/open3a/install-service.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 6ab26fc..a46d05c 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -43,6 +43,7 @@ unzip open3a.zip rm open3a.zip chmod 666 system/DBData/Installation.pfdb.php chmod -R 777 specifics/ +chmod -R 777 system/Backups echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup chmod +x /etc/cron.daily/open3a-backup From c07a0f833390cb46512090e0eb7959b710a983e7 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 13 May 2021 21:34:49 +0200 Subject: [PATCH 31/54] Fixed permissions on webroot, added sudo --- src/open3a/install-service.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index a46d05c..00c5cc8 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -12,7 +12,7 @@ MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd cat << EOF > /etc/nginx/sites-available/default server { @@ -44,6 +44,7 @@ rm open3a.zip chmod 666 system/DBData/Installation.pfdb.php chmod -R 777 specifics/ chmod -R 777 system/Backups +chown -R www-data:www-data /var/www/html echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup chmod +x /etc/cron.daily/open3a-backup From 6a4ccb5011b5d575d1d47bbe3d66153762f5d034 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Wed, 19 May 2021 00:10:35 +0200 Subject: [PATCH 32/54] Added checkmk prototype (TLS config left) --- conf/zamba.conf.example | 13 +++++++++++++ src/checkmk/constants-service.conf | 22 ++++++++++++++++++++++ src/checkmk/install-service.sh | 16 ++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 src/checkmk/constants-service.conf create mode 100644 src/checkmk/install-service.sh diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 73cbbfc..1e20320 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -126,3 +126,16 @@ NEXTCLOUD_DATA="nc_data" # Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban NEXTCLOUD_REVPROX="192.168.100.254" + +############### Check_MK-Section ############### + +# Define the name of your checkmk instance +CMK_INSTANCE=zmb-rocks + +# Define the password of user 'cmkadmin' +CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd' + +# checkmk edition (raw or free) +# raw = completely free +# free = limited version of the enterprise edition (25 hosts, 1 instance) +CMK_EDITION=raw diff --git a/src/checkmk/constants-service.conf b/src/checkmk/constants-service.conf new file mode 100644 index 0000000..d6a75fa --- /dev/null +++ b/src/checkmk/constants-service.conf @@ -0,0 +1,22 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" + +# checkmk version +CMK_VERSION=2.0.0p4 +# build number of the debian package (needs to start with underscore) +CMK_BUILD=_0 \ No newline at end of file diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh new file mode 100644 index 0000000..9fc78e5 --- /dev/null +++ b/src/checkmk/install-service.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf +source /root/constants-service.conf + +wget https://download.checkmk.com/checkmk/$CMK_VERSION/check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.buster_amd64.deb +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ./check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.buster_amd64.deb + +omd create --admin-password $CMK_ADMIN_PW $CMK_INSTANCE + +omd start $CMK_INSTANCE From 5656e79578373bb1ab6007dbd4a6b2742506c7ba Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 20 May 2021 21:45:53 +0200 Subject: [PATCH 33/54] Added tls configuration + http reewrite to checkmk --- src/checkmk/install-service.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index 9fc78e5..97aec0a 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -13,4 +13,18 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ./che omd create --admin-password $CMK_ADMIN_PW $CMK_INSTANCE -omd start $CMK_INSTANCE +cat << EOF > /etc/apache2/sites-available/000-default.conf + + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/spille [R,L] + +EOF + +a2enmod ssl +a2enmod rewrite +a2ensite default-ssl + +systemctl restart apache2.service + +omd start $CMK_INSTANCE \ No newline at end of file From 531c87e15e0f6a451f0f8fe96a59fe7c62c67b4e Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Thu, 20 May 2021 21:49:26 +0200 Subject: [PATCH 34/54] Fixed rewrite rule --- src/checkmk/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index 97aec0a..163f51f 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -17,7 +17,7 @@ cat << EOF > /etc/apache2/sites-available/000-default.conf RewriteEngine On RewriteCond %{HTTPS} !=on - RewriteRule ^/?(.*) https://%{SERVER_NAME}/spille [R,L] + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$CMK_INSTANCE [R,L] EOF From f5da57b487f1d9ec696c9914bd251e6c024712b0 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Fri, 21 May 2021 00:01:09 +0200 Subject: [PATCH 35/54] Added matrix notification --- src/checkmk/install-service.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index 163f51f..25ab743 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -27,4 +27,11 @@ a2ensite default-ssl systemctl restart apache2.service -omd start $CMK_INSTANCE \ No newline at end of file +omd start $CMK_INSTANCE + +# install matrix notification plugin +su - $CMK_INSTANCE +cd ~/local/share/check_mk/notifications/ +wget https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py +chmod +x ./matrix.py +exit \ No newline at end of file From 44d093d98276af162685360eee07fcc2e2634af8 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 11 Jul 2021 23:26:27 +0200 Subject: [PATCH 36/54] Added cockpit + samba manager to zmb-standalone --- src/zmb-standalone/constants-service.conf | 2 +- src/zmb-standalone/install-service.sh | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/zmb-standalone/constants-service.conf b/src/zmb-standalone/constants-service.conf index a2d006f..b5d26cf 100644 --- a/src/zmb-standalone/constants-service.conf +++ b/src/zmb-standalone/constants-service.conf @@ -14,4 +14,4 @@ LXC_MP="1" LXC_UNPRIVILEGED="0" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="1" \ No newline at end of file diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index d808dcf..3fea769 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -11,10 +11,17 @@ source /root/constants-service.conf # add wsdd package repo apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list +echo "deb http://ftp.de.debian.org/debian buster-backports main contrib" > /etc/apt/sources.list.d/buster-backports.list apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules wsdd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends -t buster-backports cockpit + +mkdir /usr/share/cockpit/smb +wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/index.html -O /usr/share/cockpit/smb/index.html +wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/manifest.json -O /usr/share/cockpit/smb/manifest.json +wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/smb.js -O /usr/share/cockpit/smb/smb.js USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}') useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER From bfcbce84ee5a2ec55cac83421d0c8773b81dfff3 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 12 Jul 2021 20:59:38 +0200 Subject: [PATCH 37/54] fixed mailpiler script (latest version) --- src/mailpiler/install-service.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh index d7df5ae..f3c7460 100644 --- a/src/mailpiler/install-service.sh +++ b/src/mailpiler/install-service.sh @@ -26,6 +26,9 @@ fi wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list +apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' +add-apt-repository 'deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian buster main' + apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \ @@ -59,6 +62,7 @@ chmod 755 /var/piler if [[ "$PILER_VERSION" == "latest" ]]; then URL=$(curl -s https://www.mailpiler.org/wiki/download | grep "https://bitbucket.org/jsuto/piler/downloads/piler-" | cut -d '"' -f2) wget -O piler-$PILER_VERSION.tar.gz $URL + PILER_VERSION=$(ls piler-* | cut -d'-' -f2 | cut -d'.' -f1-3) else wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz fi From c3429ebbab590f07a734f58ea13d2e4048aa68d0 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 12 Jul 2021 21:06:16 +0200 Subject: [PATCH 38/54] Piler version fix --- src/mailpiler/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh index f3c7460..e557b5d 100644 --- a/src/mailpiler/install-service.sh +++ b/src/mailpiler/install-service.sh @@ -61,8 +61,8 @@ chmod 755 /var/piler if [[ "$PILER_VERSION" == "latest" ]]; then URL=$(curl -s https://www.mailpiler.org/wiki/download | grep "https://bitbucket.org/jsuto/piler/downloads/piler-" | cut -d '"' -f2) + PILER_VERSION=$(echo $URL | cut -d'-' -f2 | cut -d'.' -f1-3) wget -O piler-$PILER_VERSION.tar.gz $URL - PILER_VERSION=$(ls piler-* | cut -d'-' -f2 | cut -d'.' -f1-3) else wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz fi From 82552e7b3f1f22c1d4cc21a16df1b7d7920d6d85 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 12 Jul 2021 21:13:25 +0200 Subject: [PATCH 39/54] changed vlan tag config to one line --- install.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/install.sh b/install.sh index acb71ba..a903d14 100644 --- a/install.sh +++ b/install.sh @@ -124,11 +124,7 @@ pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl sleep 2; # Check vlan configuration -if [[ $LXC_VLAN != "" ]];then - VLAN=",tag=$LXC_VLAN" -else - VLAN="" -fi +if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi # Reconfigure conatiner pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING; if [ $LXC_DHCP == true ]; then From dda16d14007ac59cc41af5488ed16de73fd16249 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 12 Jul 2021 21:24:59 +0200 Subject: [PATCH 40/54] Set defaul language to de_DE.utf-8 --- conf/zamba.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 1e20320..791bcad 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -74,7 +74,7 @@ LXC_TIMEZONE="Europe/Berlin" # Define system language on LXC container (locales) # With thi paramater you can generate additional locales, the default language will be inherited from proxmox host. -LXC_LOCALE="en_US.UTF-8" +LXC_LOCALE="de_DE.UTF-8" # Set dark background for vim syntax highlighting (0 or 1) LXC_VIM_BG_DARK=1 From c52525caf7c4dbfa2ea569d073676d54f052ead0 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Tue, 27 Jul 2021 11:30:04 +0200 Subject: [PATCH 41/54] Changed matrix notification plugin installation --- src/checkmk/install-service.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index 25ab743..180c4a5 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -30,8 +30,4 @@ systemctl restart apache2.service omd start $CMK_INSTANCE # install matrix notification plugin -su - $CMK_INSTANCE -cd ~/local/share/check_mk/notifications/ -wget https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py -chmod +x ./matrix.py -exit \ No newline at end of file +su - $CMK_INSTANCE -c "wget -O ~/local/share/check_mk/notifications/matrix.py https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py && chmod +x ~/local/share/check_mk/notifications/matrix.py" From 01460566edd2ac15628dd9be6508838f431647a1 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Tue, 27 Jul 2021 12:18:42 +0200 Subject: [PATCH 42/54] Update constants-service.conf Changed checkmk version to 2.0.0p8 --- src/checkmk/constants-service.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/checkmk/constants-service.conf b/src/checkmk/constants-service.conf index d6a75fa..e506a6e 100644 --- a/src/checkmk/constants-service.conf +++ b/src/checkmk/constants-service.conf @@ -17,6 +17,6 @@ LXC_UNPRIVILEGED="1" LXC_NESTING="0" # checkmk version -CMK_VERSION=2.0.0p4 +CMK_VERSION=2.0.0p8 # build number of the debian package (needs to start with underscore) -CMK_BUILD=_0 \ No newline at end of file +CMK_BUILD=_0 From 14fc948e5750bb2e01eac89078422dd1d53aef5a Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Thu, 29 Jul 2021 15:15:45 +0200 Subject: [PATCH 43/54] Update README.md Added checkmk and open3a to list --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9cbc32b..1a38e0e 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ Proxmox VE Server with at least one configured ZFS Pool. - `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/) - `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web) - `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration +- `checkmk` => CheckMK 2.0 Raw Edition [checkmk.com](https://checkmk.com) with our Fork of Matrix Notification Plugin (https://github.com/bashclub/check_mk_matrix_notifications) +- `open3a` => Open3A accounting software for small and medium business [open3a.de](https://www.open3a.de/) - `debian-unpriv` => Debian unprivileged container with basic toolset - `debian-priv` => Debian privileged container with basic toolset ## Usage From 32036dfb2f76754869f55a4f3fb41e39e9ec2c0d Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Thu, 29 Jul 2021 17:11:45 +0200 Subject: [PATCH 44/54] Update zamba.conf.example fixed checkmk instance name --- conf/zamba.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 1e20320..9bd2691 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -130,7 +130,7 @@ NEXTCLOUD_REVPROX="192.168.100.254" ############### Check_MK-Section ############### # Define the name of your checkmk instance -CMK_INSTANCE=zmb-rocks +CMK_INSTANCE=zmbrocks # Define the password of user 'cmkadmin' CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd' From 98b1bb77d369581277f615cb08b0abb67fab0e68 Mon Sep 17 00:00:00 2001 From: Patrick Greiner Date: Fri, 6 Aug 2021 22:00:09 +0200 Subject: [PATCH 45/54] added Config check for Timezone and Storages modified Hostname with Service PREFIX "${service}.zmbrocks" fix "pct set -timezone" # timezone switch added in Version 6.3 https://github.com/bashclub/zamba-lxc-toolbox/issues/29 added Set "/root/summary" file from LXC-container as pct description modified updated Matrix Element Version --- conf/zamba.conf.example | 2 +- install.sh | 42 +++++++++++++++++++++++++------ src/matrix/constants-service.conf | 2 +- src/nextcloud/install-service.sh | 5 +++- src/open3a/install-service.sh | 5 +++- 5 files changed, 45 insertions(+), 11 deletions(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 1e20320..5e62dc1 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -34,7 +34,7 @@ LXC_MEM="1024" LXC_SWAP="1024" # Defines the hostname of your LXC container -LXC_HOSTNAME="zamba" +LXC_HOSTNAME="${service}.zmbrocks" # Defines the domain name / search domain of your LXC container LXC_DOMAIN="zmb.rocks" diff --git a/install.sh b/install.sh index acb71ba..245cf78 100644 --- a/install.sh +++ b/install.sh @@ -53,6 +53,27 @@ shift $((OPTIND-1)) echo "Loading config file '$config'..." source $config +# Check config Settings +echo "Check Setting 'Timezone'" +if [[ $LXC_TIMEZONE != $(timedatectl list-timezones | grep $LXC_TIMEZONE) ]]; then + echo "Unknown LXC_TIMEZONE setting (list available Timezones 'timedatectl list-timezones')"; exit 0 +fi +echo "Check Setting 'Template Storage'" +pvstorage=$(pvesh get storage --noborder --noheader); +if [[ $LXC_TEMPLATE_STORAGE != $(echo "$pvstorage" | grep $LXC_TEMPLATE_STORAGE$) ]]; then + echo "Unknown LXC_TEMPLATE_STORAGE, please check your storage name"; exit 0 +fi +echo "Check Setting 'Rootfs Storage'" +if [[ $LXC_ROOTFS_STORAGE != $(echo "$pvstorage" | grep $LXC_ROOTFS_STORAGE$) ]]; then + echo "Unknown LXC_ROOTFS_STORAGE, please check your storage name"; exit 0 +fi +echo "Check Setting 'Sharefs Storage'" +if [[ $LXC_SHAREFS_STORAGE != $(echo "$pvstorage" | grep $LXC_SHAREFS_STORAGE$) ]]; then + echo "Unknown LXC_SHAREFS_STORAGE, please check your storage name"; exit 0 +fi +echo -e "Settings \e[0;92mOK\e[0m" + + OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) valid=0 @@ -90,9 +111,11 @@ if [[ "$valid" != "1" ]]; then usage 1 fi +source $config source $PWD/src/$service/constants-service.conf +LXC_HOSTNAME="${LXC_HOSTNAME/-/}" -# CHeck is the newest template available, else download it. +# Check is the newest template available, else download it. DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2) DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2) @@ -124,13 +147,12 @@ pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl sleep 2; # Check vlan configuration -if [[ $LXC_VLAN != "" ]];then - VLAN=",tag=$LXC_VLAN" -else - VLAN="" -fi +if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi # Reconfigure conatiner -pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING; +PVE_VER=$(pveversion | grep 'pve-manager' | cut -d'/' -f2 | sed 's/[^0-9]//g') +pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -features nesting=$LXC_NESTING; +# timezone switch added in Version 6.3 +if [ $PVE_VER -gt 630 ];then pct set $LXC_NBR -timezone $LXC_TIMEZONE;fi if [ $LXC_DHCP == true ]; then pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN; else @@ -163,8 +185,14 @@ lxc-attach -n$LXC_NBR bash /root/lxc-base.sh echo "Install '$service'!" lxc-attach -n$LXC_NBR bash /root/install-service.sh +summary=$(pct exec $LXC_NBR -- bash -c '[ -f /root/summary ] && cat /root/summary') +if [[ $summary != "" ]];then pct set $LXC_NBR --description="$(echo -e "$summary")"; fi + if [[ $service == "zmb-ad" ]]; then pct stop $LXC_NBR pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1) pct start $LXC_NBR fi + +# timezone switch added in Version 6.3 +if [ $PVE_VER -lt 630 ]; then echo "echo "$LXC_TIMEZONE" > /etc/timezone" | pct enter $LXC_NBR; fi \ No newline at end of file diff --git a/src/matrix/constants-service.conf b/src/matrix/constants-service.conf index a8136ea..57a6fe2 100644 --- a/src/matrix/constants-service.conf +++ b/src/matrix/constants-service.conf @@ -17,4 +17,4 @@ LXC_UNPRIVILEGED="1" LXC_NESTING="0" # Define the version of Element Web -MATRIX_ELEMENT_VERSION="v1.7.25" +MATRIX_ELEMENT_VERSION="v1.7.34" diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 870263c..fd9ab14 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -410,7 +410,10 @@ bash /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh EOF echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud -echo -e "\n######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" +echo "\n\n" +echo "######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" > /root/summary +echo -e "$(cat /root/summary)" + systemctl stop nginx php$NEXTCLOUD_PHP_VERSION-fpm systemctl restart postgresql php$NEXTCLOUD_PHP_VERSION-fpm redis-server nginx diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 00c5cc8..39bced0 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -52,4 +52,7 @@ chmod +x /etc/cron.daily/open3a-backup systemctl enable --now php7.3-fpm systemctl restart nginx -echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" \ No newline at end of file +echo "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" > /root/summary +echo -e "$(cat /root/summary)" + +exit 0 \ No newline at end of file From 0888e25e9b622aa85ff5649e273b3e59083c835c Mon Sep 17 00:00:00 2001 From: Patrick Greiner Date: Fri, 6 Aug 2021 22:06:13 +0200 Subject: [PATCH 46/54] merged conf/README.md with zamba.conf.md --- conf/README.md | 216 ++++++++++++++++++++++++++++++++++++++++++++++++- zamba.conf.md | 214 ------------------------------------------------ 2 files changed, 215 insertions(+), 215 deletions(-) delete mode 100644 zamba.conf.md diff --git a/conf/README.md b/conf/README.md index 4a821a3..fcdf540 100644 --- a/conf/README.md +++ b/conf/README.md @@ -1 +1,215 @@ -# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS \ No newline at end of file +# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS +# `zamba.conf` options reference +This is the reference of all config options you can set in `zamba.conf` +
+ +## Linux Container Section +In this section all settings relevant for the LXC container. +
+ +### LXC_TEMPLATE_STORAGE +Defines the Proxmox storage where your LXC container template are stored (default: local) +```bash +LXC_TEMPLATE_STORAGE="local" +``` +### LXC_ROOTFS_SIZE +Defines the size in GB of the LXC container's root filesystem (default: 32) +```bash +LXC_ROOTFS_SIZE="32" +``` +Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`. +### LXC_ROOTFS_STORAGE +Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs) +```bash +LXC_ROOTFS_STORAGE="local-zfs" +``` +### LXC_SHAREFS_SIZE +Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100) +```bash +LXC_SHAREFS_SIZE="100" +``` +### LXC_SHAREFS_STORAGE +Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs) +```bash +LXC_SHAREFS_STORAGE="local-zfs" +``` +### LXC_SHAREFS_MOUNTPOINT +Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) +```bash +LXC_SHAREFS_MOUNTPOINT="tank" +``` +### LXC_MEM +Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024) +```bash +LXC_MEM="1024" +``` +### LXC_SWAP +Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024) +```bash +LXC_SWAP="1024" +``` +### LXC_HOSTNAME +Defines the hostname of your LXC container +```bash +LXC_SWAP="zamba" +``` +### LXC_DOMAIN +Defines the domain name / search domain of your LXC container +```bash +LXC_DOMAIN="zmb.rocks" +``` +### LXC_DHCP +Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false] +```bash +LXC_DHCP=false +``` +### LXC_IP +Defines the local IP address and subnet of your LXC container in CIDR format +```bash +LXC_IP="10.10.80.20/24" +``` +### LXC_GW +Defines the default gateway IP address of your LXC container +```bash +LXC_GW="10.10.80.254" +``` +### LXC_DNS +Defines the DNS server ip address of your LXC container +```bash +LXC_DNS="10.10.80.254" +``` +`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS +For other services this should be your active directory domain controller (if present, else a DNS server of your choice) +### LXC_BRIDGE +Defines the network bridge to bind the network adapter of your LXC container +```bash +LXC_BRIDGE="vmbr0" +``` +### LXC_VLAN +Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty. +```bash +LXC_VLAN="80" +``` +### LXC_PWD +Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour. +```bash +LXC_PWD="S3cr3tp@ssw0rd" +``` +### LXC_AUTHORIZED_KEY +Defines an authorized_keys file to push into the LXC container. +By default the authorized_keys will be inherited from your proxmox host. +```bash +LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" +``` +### LXC_TOOLSET +Define your (administrative) tools, you always want to have installed into your LXC container +```bash +LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https" +``` +### LXC_TIMEZONE +Define the local timezone of your LXC container (default: Euroe/Berlin) +```bash +LXC_TIMEZONE="Europe/Berlin" +``` +### LXC_LOCALE +Define system language on LXC container (locales) +```bash +LXC_LOCALE="de_DE.utf8" +``` +This parameter is not used yet, but will be integrated in future releases. +
+ +## Zamba Server Section +This section configures the Zamba server (AD DC, AD member and standalone) +
+ +### ZMB_REALM +Defines the REALM for the Active Directory (AD DC, AD member) +```bash +ZMB_REALM="ZMB.ROCKS" +``` +### ZMB_DOMAIN +Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone) +```bash +ZMB_DOMAIN="ZMB" +``` +### ZMB_DNS_BACKEND +Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage +```bash +ZMB_DNS_BACKEND="SAMBA_INTERNAL" +``` +### ZMB_ADMIN_USER +Defines the name of your domain administrator account (AD DC, AD member, standalone) +```bash +ZMB_ADMIN_USER="Administrator" +``` +### ZMB_ADMIN_PASS +Defines the domain administrator's password (AD DC, AD member). +```bash +ZMB_ADMIN_PASS='1c@nd0@nyth1n9' +``` +Please use 'single quotation marks' to avoid unexpected behaviour. +`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail. +### ZMB_SHARE +Defines the name of your Zamba share +```bash +ZMB_SHARE="share" +``` +
+ +## Mailpiler section +This section configures the mailpiler email archive +
+ +### PILER_FQDN +Defines the (public) FQDN of your piler mail archive +```bash +PILER_FQDN="piler.zmb.rocks" +``` +### PILER_SMARTHOST +Defines the smarthost for piler mail archive +```bash +PILER_SMARTHOST="10.10.80.20" +``` +### PILER_VERSION +Defines the version number of piler mail archive to install +```bash +PILER_VERSION="1.3.10" +``` +### PILER_SPHINX_VERSION +Defines the version of sphinx to install +```bash +PILER_SPHINX_VERSION="3.3.1" +``` +### PILER_PHP_VERSION +Defines the php version to install +```bash +PILER_PHP_VERSION="7.4" +``` +
+ +## Matrix section +This section configures the matrix chat server +
+ +### MATRIX_FQDN +Define the FQDN of your Matrix server +```bash +MATRIX_FQDN="matrix.zmb.rocks" +``` + +### MATRIX_ELEMENT_FQDN +Define the FQDN for the Element Web virtual host +```bash +MATRIX_ELEMENT_FQDN="element.zmb.rocks" +``` +### MATRIX_ELEMENT_VERSION +Define the version of Element Web +```bash +MATRIX_ELEMENT_VERSION="v1.7.24" +``` +### MATRIX_JITSI_FQDN +Define the FQDN for the Jitsi Meet virtual host +```bash +MATRIX_JITSI_FQDN="meet.zmb.rocks" +``` \ No newline at end of file diff --git a/zamba.conf.md b/zamba.conf.md deleted file mode 100644 index a4c3114..0000000 --- a/zamba.conf.md +++ /dev/null @@ -1,214 +0,0 @@ -# `zamba.conf` options reference -This is the reference of all config options you can set in `zamba.conf` -
- -## Linux Container Section -In this section all settings relevant for the LXC container. -
- -### LXC_TEMPLATE_STORAGE -Defines the Proxmox storage where your LXC container template are stored (default: local) -```bash -LXC_TEMPLATE_STORAGE="local" -``` -### LXC_ROOTFS_SIZE -Defines the size in GB of the LXC container's root filesystem (default: 32) -```bash -LXC_ROOTFS_SIZE="32" -``` -Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`. -### LXC_ROOTFS_STORAGE -Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs) -```bash -LXC_ROOTFS_STORAGE="local-zfs" -``` -### LXC_SHAREFS_SIZE -Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100) -```bash -LXC_SHAREFS_SIZE="100" -``` -### LXC_SHAREFS_STORAGE -Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs) -```bash -LXC_SHAREFS_STORAGE="local-zfs" -``` -### LXC_SHAREFS_MOUNTPOINT -Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) -```bash -LXC_SHAREFS_MOUNTPOINT="tank" -``` -### LXC_MEM -Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024) -```bash -LXC_MEM="1024" -``` -### LXC_SWAP -Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024) -```bash -LXC_SWAP="1024" -``` -### LXC_HOSTNAME -Defines the hostname of your LXC container -```bash -LXC_SWAP="zamba" -``` -### LXC_DOMAIN -Defines the domain name / search domain of your LXC container -```bash -LXC_DOMAIN="zmb.rocks" -``` -### LXC_DHCP -Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false] -```bash -LXC_DHCP=false -``` -### LXC_IP -Defines the local IP address and subnet of your LXC container in CIDR format -```bash -LXC_IP="10.10.80.20/24" -``` -### LXC_GW -Defines the default gateway IP address of your LXC container -```bash -LXC_GW="10.10.80.254" -``` -### LXC_DNS -Defines the DNS server ip address of your LXC container -```bash -LXC_DNS="10.10.80.254" -``` -`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS -For other services this should be your active directory domain controller (if present, else a DNS server of your choice) -### LXC_BRIDGE -Defines the network bridge to bind the network adapter of your LXC container -```bash -LXC_BRIDGE="vmbr0" -``` -### LXC_VLAN -Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty. -```bash -LXC_VLAN="80" -``` -### LXC_PWD -Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour. -```bash -LXC_PWD="S3cr3tp@ssw0rd" -``` -### LXC_AUTHORIZED_KEY -Defines an authorized_keys file to push into the LXC container. -By default the authorized_keys will be inherited from your proxmox host. -```bash -LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" -``` -### LXC_TOOLSET -Define your (administrative) tools, you always want to have installed into your LXC container -```bash -LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https" -``` -### LXC_TIMEZONE -Define the local timezone of your LXC container (default: Euroe/Berlin) -```bash -LXC_TIMEZONE="Europe/Berlin" -``` -### LXC_LOCALE -Define system language on LXC container (locales) -```bash -LXC_LOCALE="de_DE.utf8" -``` -This parameter is not used yet, but will be integrated in future releases. -
- -## Zamba Server Section -This section configures the Zamba server (AD DC, AD member and standalone) -
- -### ZMB_REALM -Defines the REALM for the Active Directory (AD DC, AD member) -```bash -ZMB_REALM="ZMB.ROCKS" -``` -### ZMB_DOMAIN -Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone) -```bash -ZMB_DOMAIN="ZMB" -``` -### ZMB_DNS_BACKEND -Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage -```bash -ZMB_DNS_BACKEND="SAMBA_INTERNAL" -``` -### ZMB_ADMIN_USER -Defines the name of your domain administrator account (AD DC, AD member, standalone) -```bash -ZMB_ADMIN_USER="Administrator" -``` -### ZMB_ADMIN_PASS -Defines the domain administrator's password (AD DC, AD member). -```bash -ZMB_ADMIN_PASS='1c@nd0@nyth1n9' -``` -Please use 'single quotation marks' to avoid unexpected behaviour. -`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail. -### ZMB_SHARE -Defines the name of your Zamba share -```bash -ZMB_SHARE="share" -``` -
- -## Mailpiler section -This section configures the mailpiler email archive -
- -### PILER_FQDN -Defines the (public) FQDN of your piler mail archive -```bash -PILER_FQDN="piler.zmb.rocks" -``` -### PILER_SMARTHOST -Defines the smarthost for piler mail archive -```bash -PILER_SMARTHOST="10.10.80.20" -``` -### PILER_VERSION -Defines the version number of piler mail archive to install -```bash -PILER_VERSION="1.3.10" -``` -### PILER_SPHINX_VERSION -Defines the version of sphinx to install -```bash -PILER_SPHINX_VERSION="3.3.1" -``` -### PILER_PHP_VERSION -Defines the php version to install -```bash -PILER_PHP_VERSION="7.4" -``` -
- -## Matrix section -This section configures the matrix chat server -
- -### MATRIX_FQDN -Define the FQDN of your Matrix server -```bash -MATRIX_FQDN="matrix.zmb.rocks" -``` - -### MATRIX_ELEMENT_FQDN -Define the FQDN for the Element Web virtual host -```bash -MATRIX_ELEMENT_FQDN="element.zmb.rocks" -``` -### MATRIX_ELEMENT_VERSION -Define the version of Element Web -```bash -MATRIX_ELEMENT_VERSION="v1.7.24" -``` -### MATRIX_JITSI_FQDN -Define the FQDN for the Jitsi Meet virtual host -```bash -MATRIX_JITSI_FQDN="meet.zmb.rocks" -``` \ No newline at end of file From 5ad07c9a06c22ca00aa5c8a10d3c0ec265ebd38b Mon Sep 17 00:00:00 2001 From: Patrick G <38922528+diddip21@users.noreply.github.com> Date: Fri, 6 Aug 2021 22:23:12 +0200 Subject: [PATCH 47/54] Update README.md --- conf/README.md | 82 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 29 deletions(-) diff --git a/conf/README.md b/conf/README.md index fcdf540..889863c 100644 --- a/conf/README.md +++ b/conf/README.md @@ -51,7 +51,7 @@ LXC_SWAP="1024" ### LXC_HOSTNAME Defines the hostname of your LXC container ```bash -LXC_SWAP="zamba" +LXC_HOSTNAME="${service}.zmbrocks" ``` ### LXC_DOMAIN Defines the domain name / search domain of your LXC container @@ -104,7 +104,7 @@ LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" ### LXC_TOOLSET Define your (administrative) tools, you always want to have installed into your LXC container ```bash -LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https" +LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" ``` ### LXC_TIMEZONE Define the local timezone of your LXC container (default: Euroe/Berlin) @@ -113,11 +113,14 @@ LXC_TIMEZONE="Europe/Berlin" ``` ### LXC_LOCALE Define system language on LXC container (locales) +With this paramater you can generate additional locales, the default language will be inherited from proxmox host. ```bash -LXC_LOCALE="de_DE.utf8" +LXC_LOCALE="en_US.UTF-8"" +``` +### Set dark background for vim syntax highlighting (0 or 1) +```bash +LXC_VIM_BG_DARK=1 ``` -This parameter is not used yet, but will be integrated in future releases. -
## Zamba Server Section This section configures the Zamba server (AD DC, AD member and standalone) @@ -133,11 +136,6 @@ Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, ```bash ZMB_DOMAIN="ZMB" ``` -### ZMB_DNS_BACKEND -Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage -```bash -ZMB_DNS_BACKEND="SAMBA_INTERNAL" -``` ### ZMB_ADMIN_USER Defines the name of your domain administrator account (AD DC, AD member, standalone) ```bash @@ -171,21 +169,6 @@ Defines the smarthost for piler mail archive ```bash PILER_SMARTHOST="10.10.80.20" ``` -### PILER_VERSION -Defines the version number of piler mail archive to install -```bash -PILER_VERSION="1.3.10" -``` -### PILER_SPHINX_VERSION -Defines the version of sphinx to install -```bash -PILER_SPHINX_VERSION="3.3.1" -``` -### PILER_PHP_VERSION -Defines the php version to install -```bash -PILER_PHP_VERSION="7.4" -```
## Matrix section @@ -208,8 +191,49 @@ Define the version of Element Web ```bash MATRIX_ELEMENT_VERSION="v1.7.24" ``` -### MATRIX_JITSI_FQDN -Define the FQDN for the Jitsi Meet virtual host + +## Nextcloud Section +This section configures the nextcloud server +
+ +### Define the FQDN of your Nextcloud server ```bash -MATRIX_JITSI_FQDN="meet.zmb.rocks" -``` \ No newline at end of file +NEXTCLOUD_FQDN="nc1.zmb.rocks" +``` + +### The initial admin-user which will be configured +```bash +NEXTCLOUD_ADMIN_USR="zmb-admin" +``` + +### Build a strong password for this user. Username and password will shown at the end of the instalation. +```bash +NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" +``` +### Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT +```bash +NEXTCLOUD_DATA="nc_data" +``` +### Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban +```bash +NEXTCLOUD_REVPROX="192.168.100.254" +``` +## Check_MK Section +This section configures the checkmk server +
+ +### Define the name of your checkmk instance +```bash +CMK_INSTANCE=zmbrocks +``` + +### Define the password of user 'cmkadmin' +```bash +CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd' +``` +### checkmk edition (raw or free) +#### raw = completely free +#### free = limited version of the enterprise edition (25 hosts, 1 instance) +```bash +CMK_EDITION=raw +``` From 6583b0daad55e0e2ec9fdcb758ee4c918adc87bb Mon Sep 17 00:00:00 2001 From: Patrick G <38922528+diddip21@users.noreply.github.com> Date: Fri, 6 Aug 2021 22:25:41 +0200 Subject: [PATCH 48/54] Update zamba.conf.example --- conf/zamba.conf.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 65fcce2..a429b21 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -73,7 +73,7 @@ LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" LXC_TIMEZONE="Europe/Berlin" # Define system language on LXC container (locales) -# With thi paramater you can generate additional locales, the default language will be inherited from proxmox host. +# With this paramater you can generate additional locales, the default language will be inherited from proxmox host. LXC_LOCALE="en_US.UTF-8" # Set dark background for vim syntax highlighting (0 or 1) @@ -112,7 +112,7 @@ MATRIX_ELEMENT_FQDN="element.zmb.rocks" ############### Nextcloud-Section ############### -# Define the FQDN of your Matrix server +# Define the FQDN of your Nextcloud server NEXTCLOUD_FQDN="nc1.zmb.rocks" # The initial admin-user which will be configured From 510bdbb1a66ed80575735c983d334eff5e2b5404 Mon Sep 17 00:00:00 2001 From: Patrick Greiner Date: Sat, 7 Aug 2021 18:24:56 +0200 Subject: [PATCH 49/54] set LXC_HOSTNAME to service name set lxc_locale german --- conf/zamba.conf.example | 6 ++++-- install.sh | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index a429b21..2885a7e 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -34,7 +34,7 @@ LXC_MEM="1024" LXC_SWAP="1024" # Defines the hostname of your LXC container -LXC_HOSTNAME="${service}.zmbrocks" +LXC_HOSTNAME="${service}" # Defines the domain name / search domain of your LXC container LXC_DOMAIN="zmb.rocks" @@ -74,7 +74,9 @@ LXC_TIMEZONE="Europe/Berlin" # Define system language on LXC container (locales) # With this paramater you can generate additional locales, the default language will be inherited from proxmox host. -LXC_LOCALE="en_US.UTF-8" +# en_US.UTF-8 english +# de_DE.UTF-8 german (default) +LXC_LOCALE="de_DE.UTF-8" # Set dark background for vim syntax highlighting (0 or 1) LXC_VIM_BG_DARK=1 diff --git a/install.sh b/install.sh index 245cf78..b0b58e6 100644 --- a/install.sh +++ b/install.sh @@ -152,7 +152,7 @@ if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi PVE_VER=$(pveversion | grep 'pve-manager' | cut -d'/' -f2 | sed 's/[^0-9]//g') pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -features nesting=$LXC_NESTING; # timezone switch added in Version 6.3 -if [ $PVE_VER -gt 630 ];then pct set $LXC_NBR -timezone $LXC_TIMEZONE;fi +if [ $PVE_VER -ge 630 ];then pct set $LXC_NBR -timezone $LXC_TIMEZONE;fi if [ $LXC_DHCP == true ]; then pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN; else From 0cac5584eff95f73957933c021ce2f652b7d0f47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Holger=20Pannenb=C3=A4cker?= Date: Fri, 13 Aug 2021 11:01:18 +0200 Subject: [PATCH 50/54] Update install-service.sh Fixed a typo. --- src/open3a/install-service.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 00c5cc8..9fdef53 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -43,7 +43,7 @@ unzip open3a.zip rm open3a.zip chmod 666 system/DBData/Installation.pfdb.php chmod -R 777 specifics/ -chmod -R 777 system/Backups +chmod -R 777 system/Backup chown -R www-data:www-data /var/www/html echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup @@ -52,4 +52,4 @@ chmod +x /etc/cron.daily/open3a-backup systemctl enable --now php7.3-fpm systemctl restart nginx -echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" \ No newline at end of file +echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" From 57e3b458a95edaad7e091df5bb99dc237b9384c9 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Fri, 13 Aug 2021 15:13:38 +0200 Subject: [PATCH 51/54] Revert "Update install-service.sh" --- src/open3a/install-service.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 9fdef53..00c5cc8 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -43,7 +43,7 @@ unzip open3a.zip rm open3a.zip chmod 666 system/DBData/Installation.pfdb.php chmod -R 777 specifics/ -chmod -R 777 system/Backup +chmod -R 777 system/Backups chown -R www-data:www-data /var/www/html echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup @@ -52,4 +52,4 @@ chmod +x /etc/cron.daily/open3a-backup systemctl enable --now php7.3-fpm systemctl restart nginx -echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" +echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" \ No newline at end of file From f6cafff82e73546483eaff14bbbca44d5e4e5b22 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Wed, 6 Oct 2021 20:17:27 +0200 Subject: [PATCH 52/54] Added onlyoffice prototype --- src/onlyoffice/constants-service.conf | 23 ++++++++++++++++++++++ src/onlyoffice/install-service.sh | 28 +++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 src/onlyoffice/constants-service.conf create mode 100644 src/onlyoffice/install-service.sh diff --git a/src/onlyoffice/constants-service.conf b/src/onlyoffice/constants-service.conf new file mode 100644 index 0000000..07c2aa6 --- /dev/null +++ b/src/onlyoffice/constants-service.conf @@ -0,0 +1,23 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" + +ONLYOFFICE_DB_HOST=localhost + +ONLYOFFICE_DB_NAME=onlyoffice + +ONLYOFFICE_DB_USER=onlyoffice \ No newline at end of file diff --git a/src/onlyoffice/install-service.sh b/src/onlyoffice/install-service.sh new file mode 100644 index 0000000..7e81b7b --- /dev/null +++ b/src/onlyoffice/install-service.sh @@ -0,0 +1,28 @@ +source /root/zamba.conf +source /root/constants-service.conf +ONLYOFFICE_DB_PASSWORD=$(source /root/postgresql.sh 13 $ONLYOFFICE_DB_NAME $ONLYOFFICE_DB_USER) +source /root/rabbitmq-server.sh + +apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5 +echo "deb https://download.onlyoffice.com/repo/debian squeeze main" > /etc/apt/sources.list.d/onlyoffice.list + +apt update + +echo onlyoffice-documentserver onlyoffice/ds-port select 80 | debconf-set-selections +echo onlyoffice-documentserver onlyoffice/db-host string $ONLYOFFICE_DB_HOST | sudo debconf-set-selections +echo onlyoffice-documentserver onlyoffice/db-user string $ONLYOFFICE_DB_NAME | sudo debconf-set-selections +echo onlyoffice-documentserver onlyoffice/db-name string $ONLYOFFICE_DB_USER | sudo debconf-set-selections +echo onlyoffice-documentserver onlyoffice/db-pwd password $ONLYOFFICE_DB_PASSWORD | debconf-set-selections + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ttf-mscorefonts-installer onlyoffice-documentserver + +cat << EOF > /root/onlyoffice.credentials +ONLYOFFICE_DB_HOST=$ONLYOFFICE_DB_HOST +ONLYOFFICE_DB_NAME=$ONLYOFFICE_DB_NAME +ONLYOFFICE_DB_USER=$ONLYOFFICE_DB_USER +ONLYOFFICE_DB_PASSWORD=$ONLYOFFICE_DB_PASSWORD +EOF + +/etc/nginx/conf.d/ds.conf +cp /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds-ssl.conf +ln -sf /etc/onlyoffice/documentserver/nginx/ds-ssl.conf /etc/nginx/conf.d/ds-ssl.conf From bda8bb9e86b5a4c9d8b214a654f8e9b7fe213dbd Mon Sep 17 00:00:00 2001 From: DerFossibaer Date: Fri, 14 Jan 2022 22:44:06 +0100 Subject: [PATCH 53/54] coder weekend --- install.sh | 15 ++++++------ src/checkmk/constants-service.conf | 3 +++ src/debian-priv/constants-service.conf | 3 +++ src/debian-unpriv/constants-service.conf | 3 +++ src/lxc-base.sh | 30 +++++++++++++++++++++-- src/mailpiler/constants-service.conf | 2 ++ src/matrix/constants-service.conf | 3 +++ src/nextcloud/constants-service.conf | 2 ++ src/onlyoffice/constants-service.conf | 3 +++ src/open3a/constants-service.conf | 3 +++ src/proxmox-pbs/constants-service.conf | 23 +++++++++++++++++ src/proxmox-pbs/install-service.sh | 22 +++++++++++++++++ src/urbackup/constants-service.conf | 23 +++++++++++++++++ src/urbackup/install-service.sh | 20 +++++++++++++++ src/zmb-ad/constants-service.conf | 3 +++ src/zmb-member/constants-service.conf | 3 +++ src/zmb-standalone/constants-service.conf | 3 +++ testinstall | 14 +++++++++++ 18 files changed, 168 insertions(+), 10 deletions(-) mode change 100644 => 100755 install.sh create mode 100644 src/proxmox-pbs/constants-service.conf create mode 100644 src/proxmox-pbs/install-service.sh create mode 100644 src/urbackup/constants-service.conf create mode 100644 src/urbackup/install-service.sh create mode 100755 testinstall diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 index a903d14..d283175 --- a/install.sh +++ b/install.sh @@ -93,15 +93,15 @@ fi source $PWD/src/$service/constants-service.conf # CHeck is the newest template available, else download it. -DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2) -DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2) +DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2) +DEB_REP=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2) if [[ $DEB_LOC == $DEB_REP ]]; then - echo "Newest Version of Debian 10 Standard $DEP_REP exists."; + echo "Newest Version of $LXC_TEMPLATE_VERSION $DEP_REP exists."; else - echo "Will now download newest Debian 10 Standard $DEP_REP."; - pveam download $LXC_TEMPLATE_STORAGE debian-10-standard_$DEB_REP\_amd64.tar.gz + echo "Will now download newest $LXC_TEMPLATE_VERSION $DEP_REP."; + pveam download $LXC_TEMPLATE_STORAGE "$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz fi if [ $ctid -gt 99 ]; then @@ -120,7 +120,7 @@ fi echo "Will now create LXC Container $LXC_NBR!"; # Create the container -pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/debian-10-standard_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE; +pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/"$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE; sleep 2; # Check vlan configuration @@ -147,7 +147,6 @@ sleep 5; echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; lxc-attach -n$LXC_NBR mkdir /root/.ssh; pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys -pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list pct push $LXC_NBR $config /root/zamba.conf pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh @@ -163,4 +162,4 @@ if [[ $service == "zmb-ad" ]]; then pct stop $LXC_NBR pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1) pct start $LXC_NBR -fi +fi \ No newline at end of file diff --git a/src/checkmk/constants-service.conf b/src/checkmk/constants-service.conf index d6a75fa..f896b3f 100644 --- a/src/checkmk/constants-service.conf +++ b/src/checkmk/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/debian-priv/constants-service.conf b/src/debian-priv/constants-service.conf index 9439c47..2855c22 100644 --- a/src/debian-priv/constants-service.conf +++ b/src/debian-priv/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/debian-unpriv/constants-service.conf b/src/debian-unpriv/constants-service.conf index 382f437..bb64eeb 100644 --- a/src/debian-unpriv/constants-service.conf +++ b/src/debian-unpriv/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/lxc-base.sh b/src/lxc-base.sh index 4ded575..b89d820 100644 --- a/src/lxc-base.sh +++ b/src/lxc-base.sh @@ -9,6 +9,7 @@ echo "Loading configuration..." source /root/zamba.conf source /root/constants.conf +source /root/constants-service.conf echo "Updating locales" # update locales @@ -17,11 +18,36 @@ cat << EOF > /etc/default/locale LANG="$LXC_LOCALE" LANGUAGE=$LXC_LOCALE EOF -locale-gen $LXC_LOCALE +locale-gen $LXC_LOCALE + +# Generate sources +if [ "$LXC_TEMPLATE_VERSION" == "debian-11-standard" ] ; then + +cat << EOF > /etc/apt/sources.list +deb http://ftp.de.debian.org/debian bullseye main contrib + +deb http://ftp.de.debian.org/debian bullseye-updates main contrib + +# security updates +deb http://security.debian.org bullseye-security main contrib +EOF + +elif [ "$LXC_TEMPLATE_VERSION" == "debian-10-standard" ] ; then + +cat << EOF > /etc/apt/sources.list +deb http://ftp.de.debian.org/debian buster main contrib + +deb http://ftp.de.debian.org/debian buster-updates main contrib + +# security updates +deb http://security.debian.org buster/updates main contrib +EOF +else echo "LXC Debian Version false. Please check configuration files!" ; exit +fi # update package lists echo "Updating package database..." -apt update +apt --allow-releaseinfo-change update # install latest packages echo "Installing latest updates" diff --git a/src/mailpiler/constants-service.conf b/src/mailpiler/constants-service.conf index 2f48d83..f70dc46 100644 --- a/src/mailpiler/constants-service.conf +++ b/src/mailpiler/constants-service.conf @@ -7,6 +7,8 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" # Create sharefs mountpoint LXC_MP="0" diff --git a/src/matrix/constants-service.conf b/src/matrix/constants-service.conf index a8136ea..5ae596c 100644 --- a/src/matrix/constants-service.conf +++ b/src/matrix/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf index 5c78dbd..5015602 100644 --- a/src/nextcloud/constants-service.conf +++ b/src/nextcloud/constants-service.conf @@ -7,6 +7,8 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" # Create sharefs mountpoint LXC_MP="1" diff --git a/src/onlyoffice/constants-service.conf b/src/onlyoffice/constants-service.conf index 07c2aa6..7666975 100644 --- a/src/onlyoffice/constants-service.conf +++ b/src/onlyoffice/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/open3a/constants-service.conf b/src/open3a/constants-service.conf index 382f437..bb64eeb 100644 --- a/src/open3a/constants-service.conf +++ b/src/open3a/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" + # Create sharefs mountpoint LXC_MP="0" diff --git a/src/proxmox-pbs/constants-service.conf b/src/proxmox-pbs/constants-service.conf new file mode 100644 index 0000000..6fa62ad --- /dev/null +++ b/src/proxmox-pbs/constants-service.conf @@ -0,0 +1,23 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" + +# Backup ubdir where Urbackup will store backups +PBS_DATA="backup" \ No newline at end of file diff --git a/src/proxmox-pbs/install-service.sh b/src/proxmox-pbs/install-service.sh new file mode 100644 index 0000000..1771d45 --- /dev/null +++ b/src/proxmox-pbs/install-service.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf +source /root/constants-service.conf + +cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list +# PBS pbs-no-subscription repository provided by proxmox.com, +# NOT recommended for production use +deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription +EOF + +wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg + +apt update && apt upgrade -y +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" proxmox-backup-server + +proxmox-backup-manager datastore create $PBS_DATA /$LXC_SHAREFS_MOUNTPOINT/$PBS_DATA diff --git a/src/urbackup/constants-service.conf b/src/urbackup/constants-service.conf new file mode 100644 index 0000000..17d6e12 --- /dev/null +++ b/src/urbackup/constants-service.conf @@ -0,0 +1,23 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-10-standard" + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" + +# Backup ubdir where Urbackup will store backups +URBACKUP_DATA="urbackup" \ No newline at end of file diff --git a/src/urbackup/install-service.sh b/src/urbackup/install-service.sh new file mode 100644 index 0000000..b7f6893 --- /dev/null +++ b/src/urbackup/install-service.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf +source /root/constants-service.conf + +mkdir /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA +mkdir /etc/urbackup +echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder + +echo 'deb http://download.opensuse.org/repositories/home:/uroni/Debian_10/ /' | tee /etc/apt/sources.list.d/home:uroni.list +curl -fsSL https://download.opensuse.org/repositories/home:uroni/Debian_10/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null + +apt update +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server +chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA \ No newline at end of file diff --git a/src/zmb-ad/constants-service.conf b/src/zmb-ad/constants-service.conf index a403e3c..148d75d 100644 --- a/src/zmb-ad/constants-service.conf +++ b/src/zmb-ad/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage ZMB_DNS_BACKEND="SAMBA_INTERNAL" diff --git a/src/zmb-member/constants-service.conf b/src/zmb-member/constants-service.conf index a2d006f..a3d76c9 100644 --- a/src/zmb-member/constants-service.conf +++ b/src/zmb-member/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Create sharefs mountpoint LXC_MP="1" diff --git a/src/zmb-standalone/constants-service.conf b/src/zmb-standalone/constants-service.conf index b5d26cf..e650fc8 100644 --- a/src/zmb-standalone/constants-service.conf +++ b/src/zmb-standalone/constants-service.conf @@ -7,6 +7,9 @@ # This file contains the project constants on service level +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-11-standard" + # Create sharefs mountpoint LXC_MP="1" diff --git a/testinstall b/testinstall new file mode 100755 index 0000000..6a6c464 --- /dev/null +++ b/testinstall @@ -0,0 +1,14 @@ + +bash -vx install.sh -s checkmk > checkmk.inst.log +bash -vx install.sh -s debian-unpriv > debian-unpriv.inst.log +bash -vx install.sh -s matrix > matrix.inst.log +bash -vx install.sh -s nextcloud > nextcloud.inst.log +bash -vx install.sh -s open3a > open3a.inst.log +bash -vx install.sh -s zmb-ad > zmb-ad.inst.log +bash -vx install.sh -s zmb-member > zmb-member.inst.log +bash -vx install.sh -s zmb-standalone > zmb-standalone.inst.log +bash -vx install.sh -s debian-priv > debian-priv.inst.log +bash -vx install.sh -s mailpiler > mailpiler.inst.log +bash -vx install.sh -s onlyoffice > onlyoffice.inst.log +bash -vx install.sh -s proxmox-pbs > proxmox-pbs.inst.log +bash -vx install.sh -s urbackup > urbackup.inst.log From 4380612175c263fca7e15d010f667284d9548352 Mon Sep 17 00:00:00 2001 From: DerFossibaer Date: Fri, 14 Jan 2022 23:26:57 +0100 Subject: [PATCH 54/54] Nesting all to on --- src/checkmk/constants-service.conf | 2 +- src/debian-priv/constants-service.conf | 2 +- src/debian-unpriv/constants-service.conf | 4 ++-- src/matrix/constants-service.conf | 2 +- src/nextcloud/constants-service.conf | 2 +- src/onlyoffice/constants-service.conf | 2 +- src/open3a/constants-service.conf | 2 +- src/proxmox-pbs/constants-service.conf | 2 +- src/urbackup/constants-service.conf | 2 +- src/zmb-member/constants-service.conf | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/checkmk/constants-service.conf b/src/checkmk/constants-service.conf index f896b3f..f14becb 100644 --- a/src/checkmk/constants-service.conf +++ b/src/checkmk/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" # checkmk version CMK_VERSION=2.0.0p4 diff --git a/src/debian-priv/constants-service.conf b/src/debian-priv/constants-service.conf index 2855c22..1f764d7 100644 --- a/src/debian-priv/constants-service.conf +++ b/src/debian-priv/constants-service.conf @@ -17,4 +17,4 @@ LXC_MP="0" LXC_UNPRIVILEGED="0" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="1" \ No newline at end of file diff --git a/src/debian-unpriv/constants-service.conf b/src/debian-unpriv/constants-service.conf index bb64eeb..4f5ef36 100644 --- a/src/debian-unpriv/constants-service.conf +++ b/src/debian-unpriv/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-10-standard" +LXC_TEMPLATE_VERSION="debian-11-standard" # Create sharefs mountpoint LXC_MP="0" @@ -17,4 +17,4 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="1" \ No newline at end of file diff --git a/src/matrix/constants-service.conf b/src/matrix/constants-service.conf index 5ae596c..3737735 100644 --- a/src/matrix/constants-service.conf +++ b/src/matrix/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" # Define the version of Element Web MATRIX_ELEMENT_VERSION="v1.7.25" diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf index 5015602..ad9bf6d 100644 --- a/src/nextcloud/constants-service.conf +++ b/src/nextcloud/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="1" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest') NEXTCLOUD_VERSION="latest" diff --git a/src/onlyoffice/constants-service.conf b/src/onlyoffice/constants-service.conf index 7666975..bbaeda4 100644 --- a/src/onlyoffice/constants-service.conf +++ b/src/onlyoffice/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" ONLYOFFICE_DB_HOST=localhost diff --git a/src/open3a/constants-service.conf b/src/open3a/constants-service.conf index bb64eeb..bc20c1a 100644 --- a/src/open3a/constants-service.conf +++ b/src/open3a/constants-service.conf @@ -17,4 +17,4 @@ LXC_MP="0" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="1" \ No newline at end of file diff --git a/src/proxmox-pbs/constants-service.conf b/src/proxmox-pbs/constants-service.conf index 6fa62ad..b0609cd 100644 --- a/src/proxmox-pbs/constants-service.conf +++ b/src/proxmox-pbs/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="1" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" # Backup ubdir where Urbackup will store backups PBS_DATA="backup" \ No newline at end of file diff --git a/src/urbackup/constants-service.conf b/src/urbackup/constants-service.conf index 17d6e12..a27d2ff 100644 --- a/src/urbackup/constants-service.conf +++ b/src/urbackup/constants-service.conf @@ -17,7 +17,7 @@ LXC_MP="1" LXC_UNPRIVILEGED="1" # enable nesting feature -LXC_NESTING="0" +LXC_NESTING="1" # Backup ubdir where Urbackup will store backups URBACKUP_DATA="urbackup" \ No newline at end of file diff --git a/src/zmb-member/constants-service.conf b/src/zmb-member/constants-service.conf index a3d76c9..e650fc8 100644 --- a/src/zmb-member/constants-service.conf +++ b/src/zmb-member/constants-service.conf @@ -17,4 +17,4 @@ LXC_MP="1" LXC_UNPRIVILEGED="0" # enable nesting feature -LXC_NESTING="0" \ No newline at end of file +LXC_NESTING="1" \ No newline at end of file