Rigo/zamba-lxc-toolbox
1
0
Fork 0
forked from bashclub/zamba-lxc-toolbox
Code Issues Pull Requests Projects Releases Wiki Activity

Release 1.0

Browse Source
This commit is contained in:
thorstenspille 2022-01-15 22:01:54 +01:00
parent 96b2279a3d
commit 27741f41c2
35 changed files with 283 additions and 1344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CHANGELOG.md
View File

@ -1,23 +0,0 @@
**** Zamba LXC Toolbox devel branch ****
- added dhcp support
- fixed hardcoded samba sharename in `zmb-standalone` script
- added support for container id's larger than 999
- added optional parameters for ct id, service and config file
- mailpiler version now configured to download `latest` version
- added `conf` folder to store user configs
- splitted basic container setup and service installation into multiple scripts
- created `constants` to minimize config variables
- added `wsdd` to `zmb-standalone` service
**** Zamba LXC Toolbox v0.1 ****
- `locales` are now configured noninteractive #21
- timezone is now configured with `pct set` command in `install.sh` #22
- changed command sequence in `install.sh` - select container first, then start the installation
- improved / updated documentation
- replaced `just-lxc` container by `debian-priv` and `debian-unpriv` container
- (un)privileged now defined as constant based on created service #6
- improved log messages in `install.sh`
- `mailpiler`: website is now also `default_host`, removed nginx default site, dns entry is still required
- changed `mailpiler` version to 1.3.11
- changed `element-web` version to 1.7.25
- `LXC_AUTHORIZED_KEY` variable now defines an `authorized_keys` file, by default the configuration of you proxmox host will be inherited (`~/.ssh/authorized_keys`)

33
README.md
View File

@ -10,14 +10,19 @@ The package also provides LXC container installers for `mailpiler`, `matrix-syna
### Requirements
Proxmox VE Server with at least one configured ZFS Pool.
### Included services:
- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
- `checkmk` => Check_MK 2.0 Monitoring Server
- `debian-priv` => Debian privileged container with basic toolset
- `debian-unpriv` => Debian unprivileged container with basic toolset
- `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/)
- `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web)
- `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration
- `debian-unpriv` => Debian unprivileged container with basic toolset
- `debian-priv` => Debian privileged container with basic toolset
- `onlyoffice` => OnlyOffice [onlyoffice.com](https://onlyoffice.com)
- `open3a` => Open3a web based accounting software [open3a.de](https://open3a.de)
- `proxmox-pbs` => Proxmox Backup Server [proxmox.com](https://proxmox.com/en/proxmox-backup-server)
- `urbackup` => UrBackup Server [urbackup.org](https://urbackup.org)
- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
## Usage
Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`.
```bash
@ -30,14 +35,24 @@ git clone https://github.com/bashclub/zamba-lxc-toolbox
cd zamba-lxc-toolbox
```
### Configuration
To fit your requirements, please edit the file `zamba.conf` with your favourite text editor (e.g. `vim` or `nano`).
The required adjustments are in the LXC container section and in the section for the service you want to launch.
For further information about the config variables, have a look at [zamba.conf.md](zamba.conf.md)
Copy `zamba.conf.example` located in `conf` directory to a new file (default: `zamba.conf`) and adjust your desired settings.
For further information about configuration variables, have a look at [conf/README.md](conf/README.md)
```bash
cp conf/zamba.conf.example conf/zamba.conf
```
### Installation
After configuring, you are able to launch the script interactively:
After configuring, you are able to launch the script interactively (only works with `conf/zamba.conf`):
```bash
bash install.sh
```
### Advanced Usage
You can set optional parameters (config file, service, container id):
#### Example:
```bash
bash install.sh -i 280 -c conf/my-zmb-service.conf -s zmb-member
```
You can also view possible parameters with `install.sh -h`
After container creation, you will be prompted to select the service to install and depending on the service there may be some more questions during installation.
Once the script has finished, the container is installed and running and you can continue with the service specific configuration.

20
archive/debian-priv.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc

25
archive/debian-unpriv.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
source /root/proxmox.conf
sed -i "s/^#.$HOST_LOCALE/$HOST_LOCALE/" /etc/locale.gen
locale-gen $HOST_LOCALE
sed -i "s/^#.$LXC_LOCALE/$LXC_LOCALE/" /etc/locale.gen
locale-gen $LXC_LOCALE
echo LANG=$LXC_LOCALE > /etc/default/locale
echo LANGUAGE=$LXC_LOCALE >> /etc/default/locale
export LANG=$LXC_LOCALE
export LANGUAGE=$LXC_LOCALE
export LC_CTYPE=C
apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc

187
archive/mailpiler.sh
View File

@ -1,187 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
HOSTNAME=$(hostname -f)
echo "Ensure your Hostname is set to your Piler FQDN!"
echo $HOSTNAME
if
[ "$HOSTNAME" != "$PILER_FQDN" ]
then
echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit
else
echo "Hostname matches PILER_FQDNAIN, so starting installation."
fi
apt update && apt full-upgrade -y
apt install -y $LXC_TOOLSET build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 software-properties-common libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23
# install php
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt update && apt install -y php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
apt purge -y postfix
cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
innodb_buffer_pool_size=256M
innodb_flush_log_at_trx_commit=1
innodb_log_buffer_size=64M
innodb_log_file_size=16M
query_cache_size=0
query_cache_type=0
query_cache_limit=2M
EOF
systemctl restart mariadb
cd /tmp
wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
groupadd piler
useradd -g piler -m -s /bin/bash -d /var/piler piler
usermod -L piler
chmod 755 /var/piler
wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
tar -xvzf piler-$PILER_VERSION.tar.gz
cd piler-$PILER_VERSION/
./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
make
make install
ldconfig
cp util/postinstall.sh util/postinstall.sh.bak
sed -i "s/ PILER_SMARTHOST=.*/ PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
sed -i 's/ WWWGROUP=.*/ WWWGROUP="www-data"/' util/postinstall.sh
make postinstall
cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
/etc/init.d/rc.piler start
/etc/init.d/rc.searchd start
update-rc.d rc.piler defaults
update-rc.d rc.searchd defaults
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
cd /etc/nginx/sites-available
cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
sed -i "s|PILER_HOST|$PILER_FQDN default_host|g" /etc/nginx/sites-available/piler-nginx.conf
sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
sed -i "/server_name.*/a \\
listen 443 ssl http2;\n\n\
ssl_certificate /etc/nginx/ssl/piler.crt;\n\
ssl_certificate_key /etc/nginx/ssl/piler.key;\n\n\
ssl_session_timeout 1d;\n\
ssl_session_cache shared:SSL:15m;\n\
ssl_session_tickets off;\n\n\
# modern configuration of Mozilla SSL configurator. Tweak to your needs.\n\
ssl_protocols TLSv1.2 TLSv1.3;\n\
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\
ssl_prefer_server_ciphers off;\n\n\
add_header X-Frame-Options SAMEORIGIN;\n\
add_header X-Content-Type-Options nosniff;" /etc/nginx/sites-available/piler-nginx.conf
sed -i "/^server {.*/i\
server {\n\
listen 80;\n\
server_name $PILER_FQDN default_host;\n\
server_tokens off;\n\
# HTTP to HTTPS redirect.\n\
return 301 https://\$host\$request_uri;\n\
}" /etc/nginx/sites-available/piler-nginx.conf
cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
cat >> /usr/local/etc/piler/config-site.php <<EOF
// CUSTOM
\$config['PROVIDED_BY'] = '$PILER_FQDN';
\$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
\$config['COMPATIBILITY'] = '';
// fancy features.
\$config['ENABLE_INSTANT_SEARCH'] = 1;
\$config['ENABLE_TABLE_RESIZE'] = 1;
\$config['ENABLE_DELETE'] = 1;
\$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
// general settings.
\$config['TIMEZONE'] = '$LXC_TIMEZONE';
// authentication
// Enable authentication against an imap server
//\$config['ENABLE_IMAP_AUTH'] = 1;
//\$config['RESTORE_OVER_IMAP'] = 1;
//\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
//\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
//\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
//\$config['IMAP_PORT'] = 993;
//\$config['IMAP_SSL'] = true;
// authentication against an ldap directory (disabled by default)
//\$config['ENABLE_LDAP_AUTH'] = 1;
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
//\$config['LDAP_PORT'] = 389;
//\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
//\$config['LDAP_MAIL_ATTR'] = 'mail';
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
//\$config['LDAP_BASE_DN'] = 'ou=Benutzer,dc=krs,dc=local';
// authentication against an Uninvention based ldap directory
//\$config['ENABLE_LDAP_AUTH'] = 1;
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
//\$config['LDAP_PORT'] = 7389;
//\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
//\$config['LDAP_BASE_DN'] = 'cn=users,dc=mydomain,dc=local';
//\$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
//\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
//\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
//\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
// special settings.
\$config['MEMCACHED_ENABLED'] = 1;
\$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
EOF
rm /etc/nginx/sites-enabled/default
nginx -t && systemctl restart nginx
apt autoremove -y
apt clean -y

161
archive/matrix.sh
View File

@ -1,161 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
ELE_DBNAME="synapse_db"
ELE_DBUSER="synapse_user"
ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
apt update && apt full-upgrade -y
apt install -y $LXC_TOOLSET apt-transport-https gpg software-properties-common nginx postgresql python3-psycopg2
wget wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
apt update && apt install -y matrix-synapse-py3
systemctl enable matrix-synapse
ss -tulpen
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN"
cat > /etc/nginx/sites-available/$MATRIX_FQDN <<EOF
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
server {
listen 80;
listen [::]:80;
server_name $MATRIX_FQDN;
return 301 https://$MATRIX_FQDN;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $MATRIX_FQDN;
ssl on;
ssl_certificate /etc/nginx/ssl/matrix.crt;
ssl_certificate_key /etc/nginx/ssl/matrix.key;
location / {
proxy_pass http://127.0.0.1:8008;
proxy_set_header X-Forwarded-For \$remote_addr;
}
}
server {
listen 8448 ssl;
listen [::]:8448 ssl;
server_name $MATRIX_FQDN;
ssl on;
ssl_certificate /etc/nginx/ssl/matrix.crt;
ssl_certificate_key /etc/nginx/ssl/matrix.key;
# If you don't wanna serve a site, comment this out
root /var/www/$MATRIX_FQDN;
index index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8008;
proxy_set_header X-Forwarded-For \$remote_addr;
}
}
EOF
ln -s /etc/nginx/sites-available/$MATRIX_FQDN /etc/nginx/sites-enabled/$MATRIX_FQDN
cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
server {
listen 80;
listen [::]:80;
server_name $MATRIX_ELEMENT_FQDN;
return 301 https://$MATRIX_ELEMENT_FQDN;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $MATRIX_ELEMENT_FQDN;
ssl on;
ssl_certificate /etc/nginx/ssl/matrix.crt;
ssl_certificate_key /etc/nginx/ssl/matrix.key;
# If you don't wanna serve a site, comment this out
root /var/www/$MATRIX_ELEMENT_FQDN/element;
index index.html index.htm;
}
EOF
ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
systemctl restart nginx
mkdir /var/www/$MATRIX_ELEMENT_FQDN
cd /var/www/$MATRIX_ELEMENT_FQDN
wget https://packages.riot.im/element-release-key.asc
gpg --import element-release-key.asc
wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz
wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
gpg --verify element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
tar -xzvf element-$MATRIX_ELEMENT_VERSION.tar.gz
ln -s element-$MATRIX_ELEMENT_VERSION element
chown www-data:www-data -R element
cp ./element/config.sample.json ./element/config.json
sed -i "s|https://matrix-client.matrix.org|https://$MATRIX_FQDN|" ./element/config.json
sed -i "s|\"server_name\": \"matrix.org\"|\"server_name\": \"$MATRIX_FQDN\"|" ./element/config.json
su postgres <<EOF
psql -c "CREATE USER $ELE_DBUSER WITH PASSWORD '$ELE_DBPASS';"
psql -c "CREATE DATABASE $ELE_DBNAME ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $ELE_DBUSER;"
echo "Postgres User '$ELE_DBUSER' and database '$ELE_DBNAME' created."
EOF
cd /
sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
systemctl restart matrix-synapse
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
#curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
#echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
#apt update
#apt install -y jitsi-meet

115
archive/zamba.conf
View File

@ -1,115 +0,0 @@
#!/bin/bash
# This ist the Zamba main configuration file.
# Please adjust the settings to your needs before running the installer.
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
############### Linux Container Section ###############
# Defines the Proxmox storage where your LXC container template are stored (default: local)
LXC_TEMPLATE_STORAGE="local"
# Defines the size in GB of the LXC container's root filesystem (default: 32)
# Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
LXC_ROOTFS_SIZE="32"
# Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
LXC_ROOTFS_STORAGE="local-zfs"
# Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
LXC_SHAREFS_SIZE="100"
# Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
LXC_SHAREFS_STORAGE="local-zfs"
# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
LXC_SHAREFS_MOUNTPOINT="tank"
# Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
LXC_MEM="1024"
# Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
LXC_SWAP="1024"
# Defines the hostname of your LXC container
LXC_HOSTNAME="zamba"
# Defines the domain name / search domain of your LXC container
LXC_DOMAIN="zmb.rocks"
# Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
LXC_DHCP=false
# Defines the local IP address and subnet of your LXC container in CIDR format
LXC_IP="192.168.100.200/24"
# Defines the default gateway IP address of your LXC container
LXC_GW="192.168.100.254"
# Defines the DNS server ip address of your LXC container
# `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
# For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
LXC_DNS="192.168.100.254"
# Defines the network bridge to bind the network adapter of your LXC container
LXC_BRIDGE="vmbr0"
# Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
LXC_VLAN=
# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
LXC_PWD='S3cr3tp@ssw0rd'
# Defines an authorized_keys file to push into the LXC container.
# By default the authorized_keys will be inherited from your proxmox host.
LXC_AUTHORIZED_KEY=~/.ssh/authorized_keys
# Define your (administrative) tools, you always want to have installed into your LXC container
LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
# Define the local timezone of your LXC container (default: Euroe/Berlin)
LXC_TIMEZONE="Europe/Berlin"
# Define system language on LXC container (locales)
LXC_LOCALE=de_DE.UTF-8
# Set dark background for vim syntax highlighting (0 or 1)
LXC_VIM_BG_DARK=1
############### Zamba-Server-Section ###############
# Defines the REALM for the Active Directory (AD DC, AD member)
# IMPORTANT NOTE: ZMB_REALM is case sensitive and the value needs to be written completely in capital letters, otherwise Kerberos will fail
ZMB_REALM="ZMB.ROCKS"
# Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
# IMPORTANT NOTE: ZMB_DOMAIN is case sensitive and the value needs to be written completely in capital letters
ZMB_DOMAIN="ZMB"
# Defines the name of your domain administrator account (AD DC, AD member, standalone)
ZMB_ADMIN_USER="administrator"
# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
# Defines the name of your Zamba share
ZMB_SHARE="share"
############### Mailpiler-Section ###############
# Defines the (public) FQDN of your piler mail archive
PILER_FQDN="piler.zmb.rocks"
# Defines the smarthost for piler mail archive
PILER_SMARTHOST="your.mailserver.tld"
############### Matrix-Section ###############
# Define the FQDN of your Matrix server
MATRIX_FQDN="matrix.zmb.rocks"
# Define the FQDN for the Element Web virtual host
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
# Define the FQDN for the Jitsi Meet virtual host
MATRIX_JITSI_FQDN="meet.zmb.rocks"

119
archive/zmb-ad.sh
View File

@ -1,119 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
BINDNINE=bind9
fi
## configure ntp
cat << EOF > /etc/ntp.conf
# Local clock. Note that is not the "localhost" address!
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# Where to retrieve the time from
server 0.de.pool.ntp.org iburst prefer
server 1.de.pool.ntp.org iburst prefer
server 2.de.pool.ntp.org iburst prefer
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
# Access control
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer mssntp
# No restrictions for "localhost"
restrict 127.0.0.1
# Enable the time sources to only provide time to this host
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
tinker panic 0
EOF
# update packages
apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
# install required packages
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE
if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
# configure bind dns service
cat << EOF > /etc/default/bind9
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-4 -u bind"
EOF
cat << EOF > /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
dlz "$LXC_DOMAIN" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
EOF
cat << EOF > /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
$LXC_DNS;
};
allow-query { any;};
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { any; };
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
minimal-responses yes;
};
EOF
mkdir -p /var/lib/samba/bind-dns/dns
fi
# stop + disable samba services and remove default config
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
rm -f /etc/samba/smb.conf
rm -f /etc/krb5.conf
# provision zamba domain
samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc $BINDNINE
systemctl restart samba-ad-dc $BINDNINE
exit 0

113
archive/zmb-member.sh
View File

@ -1,113 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules
mv /etc/krb5.conf /etc/krb5.conf.bak
cat > /etc/krb5.conf <<EOF
[libdefaults]
default_realm = $ZMB_REALM
ticket_lifetime = 600
dns_lookup_realm = true
dns_lookup_kdc = true
renew_lifetime = 7d
EOF
echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
klist
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
cat > /etc/samba/smb.conf <<EOF
[global]
workgroup = $ZMB_DOMAIN
security = ADS
realm = $ZMB_REALM
server string = %h server
vfs objects = acl_xattr shadow_copy2
map acl inherit = Yes
store dos attributes = Yes
idmap config *:backend = tdb
idmap config *:range = 3000000-4000000
idmap config *:schema_mode = rfc2307
winbind refresh tickets = Yes
winbind use default domain = Yes
winbind separator = /
winbind nested groups = yes
winbind nss info = rfc2307
pam password change = Yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
template homedir = /home/%U
template shell = /bin/bash
bind interfaces only = Yes
interfaces = lo eth0
log file = /var/log/samba/log.%m
logging = syslog
max log size = 1000
panic action = /usr/share/samba/panic-action %d
load printers = No
printcap name = /dev/null
printing = bsd
disable spoolss = Yes
allow trusted domains = No
dns proxy = No
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = -%Y-%m-%d-%H%M
shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
shadow: delimiter = -20
[$ZMB_SHARE]
comment = Main Share
path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
read only = No
create mask = 0660
directory mask = 0770
inherit acls = Yes
EOF
systemctl restart smbd
echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
sed -i "s|files systemd|files systemd winbind|g" /etc/nsswitch.conf
sed -i "s|#WINBINDD_OPTS=|WINBINDD_OPTS=|" /etc/default/winbind
echo -e "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session
systemctl restart winbind nmbd
wbinfo -u
wbinfo -g
mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
# originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
systemctl restart smbd nmbd winbind

44
archive/zmb-standalone.sh
View File

@ -1,44 +0,0 @@
#!/bin/bash
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
source /root/zamba.conf
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
cat << EOF > /etc/default/locale
LANG="$LXC_LOCALE"
LANGUAGE=$LXC_LOCALE
EOF
locale-gen $LXC_LOCALE
apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba samba-dsdb-modules samba-vfs-modules
USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
smbpasswd -x $USER
(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER
cat << EOF >> /etc/samba/smb.conf
[$ZMB_SHARE]
comment = Main Share
path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
read only = No
vfs objects = shadow_copy2
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = -%Y-%m-%d-%H%M
shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
shadow: delimiter = -20
EOF
mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
systemctl restart smbd nmbd

257
conf/README.md
View File

@ -1 +1,256 @@
# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
# Configuration options reference
This is the reference of all config options you can set in `zamba.conf`
<br>
## Linux Container Section
In this section all settings relevant for the LXC container.
<br>
### LXC_TEMPLATE_STORAGE
Defines the Proxmox storage where your LXC container template are stored (default: local)
```bash
LXC_TEMPLATE_STORAGE="local"
```
### LXC_ROOTFS_SIZE
Defines the size in GB of the LXC container's root filesystem (default: 32)
```bash
LXC_ROOTFS_SIZE="32"
```
Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
### LXC_ROOTFS_STORAGE
Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
```bash
LXC_ROOTFS_STORAGE="local-zfs"
```
### LXC_SHAREFS_SIZE
Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
```bash
LXC_SHAREFS_SIZE="100"
```
### LXC_SHAREFS_STORAGE
Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
```bash
LXC_SHAREFS_STORAGE="local-zfs"
```
### LXC_SHAREFS_MOUNTPOINT
Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
```bash
LXC_SHAREFS_MOUNTPOINT="tank"
```
### LXC_MEM
Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
```bash
LXC_MEM="1024"
```
### LXC_SWAP
Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
```bash
LXC_SWAP="1024"
```
### LXC_HOSTNAME
Defines the hostname of your LXC container (Default: Name of installed Service)
```bash
LXC_SWAP="zamba"
```
### LXC_DOMAIN
Defines the domain name / search domain of your LXC container
```bash
LXC_DOMAIN="zmb.rocks"
```
### LXC_DHCP
Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
```bash
LXC_DHCP=false
```
### LXC_IP
Defines the local IP address and subnet of your LXC container in CIDR format
```bash
LXC_IP="10.10.80.20/24"
```
### LXC_GW
Defines the default gateway IP address of your LXC container
```bash
LXC_GW="10.10.80.254"
```
### LXC_DNS
Defines the DNS server ip address of your LXC container
```bash
LXC_DNS="10.10.80.254"
```
`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
### LXC_BRIDGE
Defines the network bridge to bind the network adapter of your LXC container
```bash
LXC_BRIDGE="vmbr0"
```
### LXC_VLAN
Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
```bash
LXC_VLAN="80"
```
### LXC_PWD
Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
```bash
LXC_PWD="Start!123"
```
### LXC_AUTHORIZED_KEY
Defines an authorized_keys file to push into the LXC container.
By default the authorized_keys will be inherited from your proxmox host.
```bash
LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
```
### LXC_TOOLSET
Define your (administrative) tools, you always want to have installed into your LXC container
```bash
LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc"
```
### LXC_TIMEZONE
Define the local timezone of your LXC container (default: Euroe/Berlin)
```bash
LXC_TIMEZONE="Europe/Berlin"
```
### LXC_LOCALE
Define system language on LXC container (locales)
```bash
LXC_LOCALE="de_DE.utf8"
```
This parameter is not used yet, but will be integrated in future releases.
### LXC_VIM_BG_DARK
Set dark background for vim syntax highlighting (0 or 1)
```bash
LXC_VIM_BG_DARK=1
```
<br>
## Zamba Server Section
This section configures the Zamba server (AD DC, AD member and standalone)
<br>
### ZMB_REALM
Defines the REALM for the Active Directory (AD DC, AD member)
```bash
ZMB_REALM="ZMB.ROCKS"
```
### ZMB_DOMAIN
Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
```bash
ZMB_DOMAIN="ZMB"
```
### ZMB_ADMIN_USER
Defines the name of your domain administrator account (AD DC, AD member, standalone)
```bash
ZMB_ADMIN_USER="Administrator"
```
### ZMB_ADMIN_PASS
Defines the domain administrator's password (AD DC, AD member).
```bash
ZMB_ADMIN_PASS='Start!123'
```
Please use 'single quotation marks' to avoid unexpected behaviour.
`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
### ZMB_SHARE
Defines the name of your Zamba share
```bash
ZMB_SHARE="share"
```
<br>
## Mailpiler section
This section configures the mailpiler email archive
<br>
### PILER_FQDN
Defines the (public) FQDN of your piler mail archive
```bash
PILER_FQDN="piler.zmb.rocks"
```
### PILER_SMARTHOST
Defines the smarthost for piler mail archive
```bash
PILER_SMARTHOST="your.mailserver.tld"
```
<br>
## Matrix section
This section configures the matrix chat server
<br>
### MATRIX_FQDN
Define the FQDN of your Matrix server
```bash
MATRIX_FQDN="matrix.zmb.rocks"
```
### MATRIX_ELEMENT_FQDN
Define the FQDN for the Element Web virtual host
```bash
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
```
### MATRIX_ADMIN_USER
Define the administrative user of matrix service
```bash
MATRIX_ADMIN_USER="admin"
```
### MATRIX_ADMIN_PASSWORD
Define the admin password
```bash
MATRIX_ADMIN_PASSWORD="Start!123"
```
## Nextcloud-Section
### NEXTCLOUD_FQDN
Define the FQDN of your Nextcloud server
```bash
NEXTCLOUD_FQDN="nc1.zmb.rocks"
```
### NEXTCLOUD_ADMIN_USR
The initial admin-user which will be configured
```bash
NEXTCLOUD_ADMIN_USR="zmb-admin"
```
### NEXTCLOUD_ADMIN_PWD
Build a strong password for this user. Username and password will shown at the end of the instalation.
```bash
NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
```
### NEXTCLOUD_DATA
Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
```bash
NEXTCLOUD_DATA="nc_data"
```
### NEXTCLOUD_REVPROX
Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
```bash
NEXTCLOUD_REVPROX="192.168.100.254"
```
## Check_MK-Section
### CMK_INSTANCE
Define the name of your checkmk instance
```bash
CMK_INSTANCE=zmbrocks
```
### CMK_ADMIN_PW
Define the password of user 'cmkadmin'
```bash
CMK_ADMIN_PW='Start!123'
```
### CMK_EDITION
checkmk edition (raw or free)
- raw = completely free
- free = limited version of the enterprise edition (25 hosts, 1 instance)
```bash
CMK_EDITION=raw
```

6
conf/zamba.conf.example
View File

@ -60,7 +60,7 @@ LXC_BRIDGE="vmbr0"
LXC_VLAN=
# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
LXC_PWD='S3cr3tp@ssw0rd'
LXC_PWD='Start!123'
# Defines an authorized_keys file to push into the LXC container.
# By default the authorized_keys will be inherited from your proxmox host.
@ -92,7 +92,7 @@ ZMB_DOMAIN="ZMB"
ZMB_ADMIN_USER="administrator"
# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
ZMB_ADMIN_PASS='Start!123'
# Defines the name of your Zamba share
ZMB_SHARE="share"
@ -141,7 +141,7 @@ NEXTCLOUD_REVPROX="192.168.100.254"
CMK_INSTANCE=zmbrocks
# Define the password of user 'cmkadmin'
CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd'
CMK_ADMIN_PW='Start!123'
# checkmk edition (raw or free)
# raw = completely free

0
src/__init__.py
View File

9
src/checkmk/features.json
View File

@ -1,9 +0,0 @@
{
"unprivileged": 0,
"features": {},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "checkmk",
"domain": "zmb.rocks"
}

1
src/checkmk/info
View File

@ -1 +0,0 @@
CheckMK Monitoring Server

121
src/config_base.py
View File

@ -1,121 +0,0 @@
#!/usr/bin/python3
from pathlib import Path
import os
import ipaddress
import socket
import json
import subprocess
from enum import Enum
def check_zfs_autosnapshot():
proc = subprocess.Popen(["dpkg","-l","zfs-auto-snapshot"],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
proc.communicate()
if proc.returncode > 0:
print ("'zfs-auto-snapshot' is NOT installed on your system. This ist required for 'previous versions' feature in Zamba containers.\nYou can install it with the following command:\n\tapt install zfs-auto-snapshot\n")
input ("Press Enter to continue...")
# get_pve_bridges queries and returns availabe Proxmox bridges
def get_pve_bridges():
pve_bridges=[]
ifaces=os.listdir(os.path.join("/","sys","class","net"))
for iface in ifaces:
if "vmbr" in iface:
pve_bridges.append(iface)
return pve_bridges
# get_pve_storages queries and returns available Proxmox bridges
def get_pve_storages(driver=None,content=None):
pve_storages={}
cmd = ["pvesm","status","--enabled","1"]
if content != None:
cmd.extend(["--content",content.name])
result = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate()
stdout = result[0].decode("utf-8").split('\n')
for line in filter(lambda x: len(x)>0, stdout):
if not "Status" in line:
item = [x for x in line.split(' ') if x.strip()]
storage = {}
storage["driver"] = item[1]
storage["status"] = item[2]
storage["total"] = item[3]
storage["used"] = item[4]
storage["available"] = item[5]
storage["percent_used"] = item[6]
if driver == None:
pve_storages[item[0]] = storage
else:
if driver.name == storage["driver"]:
pve_storages[item[0]] = storage
return pve_storages
# get_zmb_services queries and returns available Zamba services
def get_zmb_services():
zmb_services={}
for item in Path.iterdir(Path.joinpath(Path.cwd(),"src")):
if Path.is_dir(item) and "__" not in item.name:
with open(os.path.join(item._str, "info"),"r") as info:
description = info.read()
zmb_services[item.name] = description
return zmb_services
# get_ct_id queries and returns the next available container id
def get_ct_id(base="ct"):
with open("/etc/pve/.vmlist","r") as v:
vmlist_json = json.loads(v.read())
ct_id = 100
for cid in vmlist_json["ids"].keys():
if int(cid) > ct_id and base == "ct" and vmlist_json["ids"][cid]["type"] == "lxc":
ct_id = int(cid)
elif int(cid) > ct_id and base == "all":
ct_id = int(cid)
while True:
ct_id = ct_id + 1
if ct_id not in vmlist_json["ids"].keys():
break
return ct_id
# validate_ct_id queries if ct_id is available and returns as boolean
def validate_ct_id(ct_id:int):
with open("/etc/pve/.vmlist","r") as v:
vmlist_json = json.loads(v.read())
ct_id = str(ct_id)
if int(ct_id) >= 100 and int(ct_id) <= 999999999 and ct_id not in vmlist_json["ids"].keys():
return True
else:
return False
def validate_vlan(tag:int):
if int(tag) >= 1 and int(tag) <= 4094:
return True
else:
return False
def get_ct_features(zmb_service):
with open(Path.joinpath(Path.cwd(),"src",zmb_service,"features.json")) as ff:
return json.loads(ff.read())
class PveStorageContent(Enum):
images = 0
rootdir = 1
vztmpl = 2
backup = 3
iso = 4
snippets = 5
class PveStorageType(Enum):
zfspool = 0
dir = 1
nfs = 2
cifs = 3
pbs = 4
glusterfs = 5
cephfs = 6
lvm = 7
lvmthin = 8
iscsi = 9
iscsidirect = 10
rbd = 11
zfs = 12

9
src/debian-priv/features.json
View File

@ -1,9 +0,0 @@
{
"unprivileged": 0,
"features": {},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "debian",
"domain": "zmb.rocks"
}

1
src/debian-priv/info
View File

@ -1 +0,0 @@
Debian privileged container with basic tools

11
src/debian-unpriv/features.json
View File

@ -1,11 +0,0 @@
{
"unprivileged": 1,
"features": {
"nesting": 1
},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "debian",
"domain": "zmb.rocks"
}

1
src/debian-unpriv/info
View File

@ -1 +0,0 @@
Debian unprivileged container with basic tools

11
src/mailpiler/features.json
View File

@ -1,11 +0,0 @@
{
"unprivileged": 1,
"features": {
"nesting": 1
},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "piler",
"domain": "zmb.rocks"
}

1
src/mailpiler/info
View File

@ -1 +0,0 @@
Mailpiler email archive

9
src/matrix/features.json
View File

@ -1,9 +0,0 @@
{
"unprivileged": 1,
"features": {},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "matrix",
"domain": "zmb.rocks"
}

1
src/matrix/info
View File

@ -1 +0,0 @@
Matrix Synapse server with Element Web

73
src/menu.py
View File

@ -1,73 +0,0 @@
#!/usr/bin/python3
from enum import Enum
from . import config_base
def radiolist(title:str,question:str,choices):
invalid_input=True
while(invalid_input):
print(f"#### {title} ####\n")
print(question)
index = {}
counter = 1
if isinstance(choices,dict):
for choice in choices.keys():
if len(choice) <= 12:
sep="\t\t"
else:
sep="\t"
print(f"{counter}) {choice}{sep}{choices[choice]}")
index[str(counter)] = choice
counter = counter + 1
elif isinstance(choices,list):
for choice in choices:
print(f"{counter}) {choice}")
index[str(counter)] = choice
counter = counter + 1
else:
print (f"object 'choices': {type(choices)} objects are unsupported.")
selected = input("Type in number: ")
if selected in index.keys():
print("\n")
return index[selected]
def question(title:str,q:str,returntype, default, validation=None):
print(f"#### {title} ####\n")
if str(returntype.name) == "Boolean":
if default == True:
suggest = "Y/n"
else:
suggest = "y/N"
a = input(f"{q} [{suggest}]\n")
if "y" in str(a).lower():
return True
elif "n" in str(a).lower():
return False
else:
return default
elif str(returntype.name) == "Integer":
invalid_input = True
while(invalid_input):
a = input(f"{q} [{default}]\n")
if str(a) == "" or f"{str(default)}" == str(a):
return default
else:
try:
valid = validation(int(a))
if valid:
return int(a)
except:
pass
else:
a = input(f"{q} [{default}]\n")
if a == '':
return default
else:
return a
class qType(Enum):
Boolean = 0
Integer = 1
String = 2
IPAdress = 3
CIDR = 4

9
src/open3a/features.json
View File

@ -1,9 +0,0 @@
{
"unprivileged": 1,
"features": {},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "open3a",
"domain": "zmb.rocks"
}

1
src/open3a/info
View File

@ -1 +0,0 @@
Open3A Server

11
src/zmb-ad/features.json
View File

@ -1,11 +0,0 @@
{
"unprivileged": 0,
"features": {
"nesting": 1
},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "ad",
"domain": "zmb.rocks"
}

1
src/zmb-ad/info
View File

@ -1 +0,0 @@
Zamba Active Directory Domain Controller

12
src/zmb-member/features.json
View File

@ -1,12 +0,0 @@
{
"unprivileged": 0,
"features": {},
"sharefs": {
"size": "100",
"mountpoint": "/tank"
},
"mem": 1024,
"swap": 1024,
"hostname": "zamba",
"domain": "zmb.rocks"
}

1
src/zmb-member/info
View File

@ -1 +0,0 @@
Zamba AD Member Server

12
src/zmb-standalone/features.json
View File

@ -1,12 +0,0 @@
{
"unprivileged": 0,
"features": { },
"sharefs": {
"size": "100",
"mountpoint": "/tank"
},
"mem": 1024,
"swap": 1024,
"hostname": "zamba",
"domain": "zmb.rocks"
}

1
src/zmb-standalone/info
View File

@ -1 +0,0 @@
Zamba Standalone Server

14
testinstall
View File

@ -1,14 +0,0 @@
bash -vx install.sh -s checkmk > checkmk.inst.log
bash -vx install.sh -s debian-unpriv > debian-unpriv.inst.log
bash -vx install.sh -s matrix > matrix.inst.log
bash -vx install.sh -s nextcloud > nextcloud.inst.log
bash -vx install.sh -s open3a > open3a.inst.log
bash -vx install.sh -s zmb-ad > zmb-ad.inst.log
bash -vx install.sh -s zmb-member > zmb-member.inst.log
bash -vx install.sh -s zmb-standalone > zmb-standalone.inst.log
bash -vx install.sh -s debian-priv > debian-priv.inst.log
bash -vx install.sh -s mailpiler > mailpiler.inst.log
bash -vx install.sh -s onlyoffice > onlyoffice.inst.log
bash -vx install.sh -s proxmox-pbs > proxmox-pbs.inst.log
bash -vx install.sh -s urbackup > urbackup.inst.log

214
zamba.conf.md
View File

@ -1,214 +0,0 @@
# `zamba.conf` options reference
This is the reference of all config options you can set in `zamba.conf`
<br>
## Linux Container Section
In this section all settings relevant for the LXC container.
<br>
### LXC_TEMPLATE_STORAGE
Defines the Proxmox storage where your LXC container template are stored (default: local)
```bash
LXC_TEMPLATE_STORAGE="local"
```
### LXC_ROOTFS_SIZE
Defines the size in GB of the LXC container's root filesystem (default: 32)
```bash
LXC_ROOTFS_SIZE="32"
```
Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
### LXC_ROOTFS_STORAGE
Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
```bash
LXC_ROOTFS_STORAGE="local-zfs"
```
### LXC_SHAREFS_SIZE
Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
```bash
LXC_SHAREFS_SIZE="100"
```
### LXC_SHAREFS_STORAGE
Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
```bash
LXC_SHAREFS_STORAGE="local-zfs"
```
### LXC_SHAREFS_MOUNTPOINT
Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
```bash
LXC_SHAREFS_MOUNTPOINT="tank"
```
### LXC_MEM
Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
```bash
LXC_MEM="1024"
```
### LXC_SWAP
Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
```bash
LXC_SWAP="1024"
```
### LXC_HOSTNAME
Defines the hostname of your LXC container
```bash
LXC_SWAP="zamba"
```
### LXC_DOMAIN
Defines the domain name / search domain of your LXC container
```bash
LXC_DOMAIN="zmb.rocks"
```
### LXC_DHCP
Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
```bash
LXC_DHCP=false
```
### LXC_IP
Defines the local IP address and subnet of your LXC container in CIDR format
```bash
LXC_IP="10.10.80.20/24"
```
### LXC_GW
Defines the default gateway IP address of your LXC container
```bash
LXC_GW="10.10.80.254"
```
### LXC_DNS
Defines the DNS server ip address of your LXC container
```bash
LXC_DNS="10.10.80.254"
```
`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
### LXC_BRIDGE
Defines the network bridge to bind the network adapter of your LXC container
```bash
LXC_BRIDGE="vmbr0"
```
### LXC_VLAN
Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
```bash
LXC_VLAN="80"
```
### LXC_PWD
Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
```bash
LXC_PWD="S3cr3tp@ssw0rd"
```
### LXC_AUTHORIZED_KEY
Defines an authorized_keys file to push into the LXC container.
By default the authorized_keys will be inherited from your proxmox host.
```bash
LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
```
### LXC_TOOLSET
Define your (administrative) tools, you always want to have installed into your LXC container
```bash
LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
```
### LXC_TIMEZONE
Define the local timezone of your LXC container (default: Euroe/Berlin)
```bash
LXC_TIMEZONE="Europe/Berlin"
```
### LXC_LOCALE
Define system language on LXC container (locales)
```bash
LXC_LOCALE="de_DE.utf8"
```
This parameter is not used yet, but will be integrated in future releases.
<br>
## Zamba Server Section
This section configures the Zamba server (AD DC, AD member and standalone)
<br>
### ZMB_REALM
Defines the REALM for the Active Directory (AD DC, AD member)
```bash
ZMB_REALM="ZMB.ROCKS"
```
### ZMB_DOMAIN
Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
```bash
ZMB_DOMAIN="ZMB"
```
### ZMB_DNS_BACKEND
Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
```bash
ZMB_DNS_BACKEND="SAMBA_INTERNAL"
```
### ZMB_ADMIN_USER
Defines the name of your domain administrator account (AD DC, AD member, standalone)
```bash
ZMB_ADMIN_USER="Administrator"
```
### ZMB_ADMIN_PASS
Defines the domain administrator's password (AD DC, AD member).
```bash
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
```
Please use 'single quotation marks' to avoid unexpected behaviour.
`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
### ZMB_SHARE
Defines the name of your Zamba share
```bash
ZMB_SHARE="share"
```
<br>
## Mailpiler section
This section configures the mailpiler email archive
<br>
### PILER_FQDN
Defines the (public) FQDN of your piler mail archive
```bash
PILER_FQDN="piler.zmb.rocks"
```
### PILER_SMARTHOST
Defines the smarthost for piler mail archive
```bash
PILER_SMARTHOST="10.10.80.20"
```
### PILER_VERSION
Defines the version number of piler mail archive to install
```bash
PILER_VERSION="1.3.10"
```
### PILER_SPHINX_VERSION
Defines the version of sphinx to install
```bash
PILER_SPHINX_VERSION="3.3.1"
```
### PILER_PHP_VERSION
Defines the php version to install
```bash
PILER_PHP_VERSION="7.4"
```
<br>
## Matrix section
This section configures the matrix chat server
<br>
### MATRIX_FQDN
Define the FQDN of your Matrix server
```bash
MATRIX_FQDN="matrix.zmb.rocks"
```
### MATRIX_ELEMENT_FQDN
Define the FQDN for the Element Web virtual host
```bash
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
```
### MATRIX_ELEMENT_VERSION
Define the version of Element Web
```bash
MATRIX_ELEMENT_VERSION="v1.7.24"
```
### MATRIX_JITSI_FQDN
Define the FQDN for the Jitsi Meet virtual host
```bash
MATRIX_JITSI_FQDN="meet.zmb.rocks"
```