forked from bashclub/zamba-lxc-toolbox
Release 1.0
This commit is contained in:
parent
96b2279a3d
commit
27741f41c2
23
CHANGELOG.md
23
CHANGELOG.md
@ -1,23 +0,0 @@
|
|||||||
**** Zamba LXC Toolbox devel branch ****
|
|
||||||
- added dhcp support
|
|
||||||
- fixed hardcoded samba sharename in `zmb-standalone` script
|
|
||||||
- added support for container id's larger than 999
|
|
||||||
- added optional parameters for ct id, service and config file
|
|
||||||
- mailpiler version now configured to download `latest` version
|
|
||||||
- added `conf` folder to store user configs
|
|
||||||
- splitted basic container setup and service installation into multiple scripts
|
|
||||||
- created `constants` to minimize config variables
|
|
||||||
- added `wsdd` to `zmb-standalone` service
|
|
||||||
|
|
||||||
**** Zamba LXC Toolbox v0.1 ****
|
|
||||||
- `locales` are now configured noninteractive #21
|
|
||||||
- timezone is now configured with `pct set` command in `install.sh` #22
|
|
||||||
- changed command sequence in `install.sh` - select container first, then start the installation
|
|
||||||
- improved / updated documentation
|
|
||||||
- replaced `just-lxc` container by `debian-priv` and `debian-unpriv` container
|
|
||||||
- (un)privileged now defined as constant based on created service #6
|
|
||||||
- improved log messages in `install.sh`
|
|
||||||
- `mailpiler`: website is now also `default_host`, removed nginx default site, dns entry is still required
|
|
||||||
- changed `mailpiler` version to 1.3.11
|
|
||||||
- changed `element-web` version to 1.7.25
|
|
||||||
- `LXC_AUTHORIZED_KEY` variable now defines an `authorized_keys` file, by default the configuration of you proxmox host will be inherited (`~/.ssh/authorized_keys`)
|
|
33
README.md
33
README.md
@ -10,14 +10,19 @@ The package also provides LXC container installers for `mailpiler`, `matrix-syna
|
|||||||
### Requirements
|
### Requirements
|
||||||
Proxmox VE Server with at least one configured ZFS Pool.
|
Proxmox VE Server with at least one configured ZFS Pool.
|
||||||
### Included services:
|
### Included services:
|
||||||
- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
|
- `checkmk` => Check_MK 2.0 Monitoring Server
|
||||||
- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
|
- `debian-priv` => Debian privileged container with basic toolset
|
||||||
- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
|
- `debian-unpriv` => Debian unprivileged container with basic toolset
|
||||||
- `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/)
|
- `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/)
|
||||||
- `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web)
|
- `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web)
|
||||||
- `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration
|
- `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration
|
||||||
- `debian-unpriv` => Debian unprivileged container with basic toolset
|
- `onlyoffice` => OnlyOffice [onlyoffice.com](https://onlyoffice.com)
|
||||||
- `debian-priv` => Debian privileged container with basic toolset
|
- `open3a` => Open3a web based accounting software [open3a.de](https://open3a.de)
|
||||||
|
- `proxmox-pbs` => Proxmox Backup Server [proxmox.com](https://proxmox.com/en/proxmox-backup-server)
|
||||||
|
- `urbackup` => UrBackup Server [urbackup.org](https://urbackup.org)
|
||||||
|
- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
|
||||||
|
- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
|
||||||
|
- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
|
||||||
## Usage
|
## Usage
|
||||||
Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`.
|
Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`.
|
||||||
```bash
|
```bash
|
||||||
@ -30,14 +35,24 @@ git clone https://github.com/bashclub/zamba-lxc-toolbox
|
|||||||
cd zamba-lxc-toolbox
|
cd zamba-lxc-toolbox
|
||||||
```
|
```
|
||||||
### Configuration
|
### Configuration
|
||||||
To fit your requirements, please edit the file `zamba.conf` with your favourite text editor (e.g. `vim` or `nano`).
|
Copy `zamba.conf.example` located in `conf` directory to a new file (default: `zamba.conf`) and adjust your desired settings.
|
||||||
The required adjustments are in the LXC container section and in the section for the service you want to launch.
|
For further information about configuration variables, have a look at [conf/README.md](conf/README.md)
|
||||||
For further information about the config variables, have a look at [zamba.conf.md](zamba.conf.md)
|
```bash
|
||||||
|
cp conf/zamba.conf.example conf/zamba.conf
|
||||||
|
```
|
||||||
### Installation
|
### Installation
|
||||||
After configuring, you are able to launch the script interactively:
|
After configuring, you are able to launch the script interactively (only works with `conf/zamba.conf`):
|
||||||
```bash
|
```bash
|
||||||
bash install.sh
|
bash install.sh
|
||||||
```
|
```
|
||||||
|
### Advanced Usage
|
||||||
|
You can set optional parameters (config file, service, container id):
|
||||||
|
#### Example:
|
||||||
|
```bash
|
||||||
|
bash install.sh -i 280 -c conf/my-zmb-service.conf -s zmb-member
|
||||||
|
```
|
||||||
|
You can also view possible parameters with `install.sh -h`
|
||||||
|
|
||||||
After container creation, you will be prompted to select the service to install and depending on the service there may be some more questions during installation.
|
After container creation, you will be prompted to select the service to install and depending on the service there may be some more questions during installation.
|
||||||
|
|
||||||
Once the script has finished, the container is installed and running and you can continue with the service specific configuration.
|
Once the script has finished, the container is installed and running and you can continue with the service specific configuration.
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
apt update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
|
|
||||||
sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
|
|
@ -1,25 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
source /root/proxmox.conf
|
|
||||||
|
|
||||||
sed -i "s/^#.$HOST_LOCALE/$HOST_LOCALE/" /etc/locale.gen
|
|
||||||
locale-gen $HOST_LOCALE
|
|
||||||
|
|
||||||
sed -i "s/^#.$LXC_LOCALE/$LXC_LOCALE/" /etc/locale.gen
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
echo LANG=$LXC_LOCALE > /etc/default/locale
|
|
||||||
echo LANGUAGE=$LXC_LOCALE >> /etc/default/locale
|
|
||||||
export LANG=$LXC_LOCALE
|
|
||||||
export LANGUAGE=$LXC_LOCALE
|
|
||||||
export LC_CTYPE=C
|
|
||||||
|
|
||||||
apt update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
|
|
||||||
sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
|
|
@ -1,187 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
HOSTNAME=$(hostname -f)
|
|
||||||
|
|
||||||
echo "Ensure your Hostname is set to your Piler FQDN!"
|
|
||||||
|
|
||||||
echo $HOSTNAME
|
|
||||||
|
|
||||||
if
|
|
||||||
[ "$HOSTNAME" != "$PILER_FQDN" ]
|
|
||||||
then
|
|
||||||
echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit
|
|
||||||
else
|
|
||||||
echo "Hostname matches PILER_FQDNAIN, so starting installation."
|
|
||||||
fi
|
|
||||||
|
|
||||||
apt update && apt full-upgrade -y
|
|
||||||
|
|
||||||
apt install -y $LXC_TOOLSET build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 software-properties-common libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23
|
|
||||||
|
|
||||||
# install php
|
|
||||||
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
|
|
||||||
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
|
|
||||||
|
|
||||||
apt update && apt install -y php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
|
|
||||||
|
|
||||||
apt purge -y postfix
|
|
||||||
|
|
||||||
cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
|
|
||||||
innodb_buffer_pool_size=256M
|
|
||||||
innodb_flush_log_at_trx_commit=1
|
|
||||||
innodb_log_buffer_size=64M
|
|
||||||
innodb_log_file_size=16M
|
|
||||||
query_cache_size=0
|
|
||||||
query_cache_type=0
|
|
||||||
query_cache_limit=2M
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl restart mariadb
|
|
||||||
|
|
||||||
cd /tmp
|
|
||||||
wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
|
|
||||||
tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
|
|
||||||
|
|
||||||
groupadd piler
|
|
||||||
useradd -g piler -m -s /bin/bash -d /var/piler piler
|
|
||||||
usermod -L piler
|
|
||||||
chmod 755 /var/piler
|
|
||||||
|
|
||||||
wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
|
|
||||||
tar -xvzf piler-$PILER_VERSION.tar.gz
|
|
||||||
cd piler-$PILER_VERSION/
|
|
||||||
./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
|
|
||||||
make
|
|
||||||
make install
|
|
||||||
ldconfig
|
|
||||||
|
|
||||||
cp util/postinstall.sh util/postinstall.sh.bak
|
|
||||||
sed -i "s/ PILER_SMARTHOST=.*/ PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
|
|
||||||
sed -i 's/ WWWGROUP=.*/ WWWGROUP="www-data"/' util/postinstall.sh
|
|
||||||
|
|
||||||
make postinstall
|
|
||||||
|
|
||||||
cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
|
|
||||||
sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
|
|
||||||
sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
|
|
||||||
|
|
||||||
su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
|
|
||||||
|
|
||||||
/etc/init.d/rc.piler start
|
|
||||||
/etc/init.d/rc.searchd start
|
|
||||||
|
|
||||||
update-rc.d rc.piler defaults
|
|
||||||
update-rc.d rc.searchd defaults
|
|
||||||
|
|
||||||
mkdir -p /etc/nginx/ssl
|
|
||||||
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
|
|
||||||
|
|
||||||
cd /etc/nginx/sites-available
|
|
||||||
cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
|
|
||||||
ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
|
|
||||||
|
|
||||||
sed -i "s|PILER_HOST|$PILER_FQDN default_host|g" /etc/nginx/sites-available/piler-nginx.conf
|
|
||||||
sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
|
|
||||||
|
|
||||||
sed -i "/server_name.*/a \\
|
|
||||||
listen 443 ssl http2;\n\n\
|
|
||||||
ssl_certificate /etc/nginx/ssl/piler.crt;\n\
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/piler.key;\n\n\
|
|
||||||
ssl_session_timeout 1d;\n\
|
|
||||||
ssl_session_cache shared:SSL:15m;\n\
|
|
||||||
ssl_session_tickets off;\n\n\
|
|
||||||
# modern configuration of Mozilla SSL configurator. Tweak to your needs.\n\
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;\n\
|
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\
|
|
||||||
ssl_prefer_server_ciphers off;\n\n\
|
|
||||||
add_header X-Frame-Options SAMEORIGIN;\n\
|
|
||||||
add_header X-Content-Type-Options nosniff;" /etc/nginx/sites-available/piler-nginx.conf
|
|
||||||
|
|
||||||
sed -i "/^server {.*/i\
|
|
||||||
server {\n\
|
|
||||||
listen 80;\n\
|
|
||||||
server_name $PILER_FQDN default_host;\n\
|
|
||||||
server_tokens off;\n\
|
|
||||||
# HTTP to HTTPS redirect.\n\
|
|
||||||
return 301 https://\$host\$request_uri;\n\
|
|
||||||
}" /etc/nginx/sites-available/piler-nginx.conf
|
|
||||||
|
|
||||||
cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
|
|
||||||
sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
|
|
||||||
cat >> /usr/local/etc/piler/config-site.php <<EOF
|
|
||||||
|
|
||||||
// CUSTOM
|
|
||||||
\$config['PROVIDED_BY'] = '$PILER_FQDN';
|
|
||||||
\$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
|
|
||||||
\$config['COMPATIBILITY'] = '';
|
|
||||||
|
|
||||||
// fancy features.
|
|
||||||
\$config['ENABLE_INSTANT_SEARCH'] = 1;
|
|
||||||
\$config['ENABLE_TABLE_RESIZE'] = 1;
|
|
||||||
|
|
||||||
\$config['ENABLE_DELETE'] = 1;
|
|
||||||
\$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
|
|
||||||
|
|
||||||
// general settings.
|
|
||||||
\$config['TIMEZONE'] = '$LXC_TIMEZONE';
|
|
||||||
|
|
||||||
// authentication
|
|
||||||
// Enable authentication against an imap server
|
|
||||||
//\$config['ENABLE_IMAP_AUTH'] = 1;
|
|
||||||
//\$config['RESTORE_OVER_IMAP'] = 1;
|
|
||||||
//\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
|
|
||||||
//\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
|
|
||||||
//\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
|
|
||||||
//\$config['IMAP_PORT'] = 993;
|
|
||||||
//\$config['IMAP_SSL'] = true;
|
|
||||||
|
|
||||||
// authentication against an ldap directory (disabled by default)
|
|
||||||
//\$config['ENABLE_LDAP_AUTH'] = 1;
|
|
||||||
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
|
|
||||||
//\$config['LDAP_PORT'] = 389;
|
|
||||||
//\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
|
|
||||||
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
|
|
||||||
//\$config['LDAP_MAIL_ATTR'] = 'mail';
|
|
||||||
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
|
|
||||||
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
|
|
||||||
//\$config['LDAP_BASE_DN'] = 'ou=Benutzer,dc=krs,dc=local';
|
|
||||||
|
|
||||||
// authentication against an Uninvention based ldap directory
|
|
||||||
//\$config['ENABLE_LDAP_AUTH'] = 1;
|
|
||||||
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
|
|
||||||
//\$config['LDAP_PORT'] = 7389;
|
|
||||||
//\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
|
|
||||||
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
|
|
||||||
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
|
|
||||||
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
|
|
||||||
//\$config['LDAP_BASE_DN'] = 'cn=users,dc=mydomain,dc=local';
|
|
||||||
//\$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
|
|
||||||
//\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
|
|
||||||
//\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
|
|
||||||
//\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
|
|
||||||
|
|
||||||
// special settings.
|
|
||||||
\$config['MEMCACHED_ENABLED'] = 1;
|
|
||||||
\$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
|
|
||||||
EOF
|
|
||||||
|
|
||||||
rm /etc/nginx/sites-enabled/default
|
|
||||||
|
|
||||||
nginx -t && systemctl restart nginx
|
|
||||||
|
|
||||||
apt autoremove -y
|
|
||||||
apt clean -y
|
|
@ -1,161 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
||||||
|
|
||||||
ELE_DBNAME="synapse_db"
|
|
||||||
ELE_DBUSER="synapse_user"
|
|
||||||
ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
||||||
|
|
||||||
apt update && apt full-upgrade -y
|
|
||||||
|
|
||||||
apt install -y $LXC_TOOLSET apt-transport-https gpg software-properties-common nginx postgresql python3-psycopg2
|
|
||||||
|
|
||||||
wget wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
|
|
||||||
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
|
|
||||||
apt update && apt install -y matrix-synapse-py3
|
|
||||||
systemctl enable matrix-synapse
|
|
||||||
|
|
||||||
ss -tulpen
|
|
||||||
|
|
||||||
mkdir /etc/nginx/ssl
|
|
||||||
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN"
|
|
||||||
|
|
||||||
cat > /etc/nginx/sites-available/$MATRIX_FQDN <<EOF
|
|
||||||
# Virtual Host configuration for example.com
|
|
||||||
#
|
|
||||||
# You can move that to a different file under sites-available/ and symlink that
|
|
||||||
# to sites-enabled/ to enable it.
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name $MATRIX_FQDN;
|
|
||||||
|
|
||||||
return 301 https://$MATRIX_FQDN;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name $MATRIX_FQDN;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/nginx/ssl/matrix.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/matrix.key;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8008;
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 8448 ssl;
|
|
||||||
listen [::]:8448 ssl;
|
|
||||||
server_name $MATRIX_FQDN;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/nginx/ssl/matrix.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/matrix.key;
|
|
||||||
|
|
||||||
# If you don't wanna serve a site, comment this out
|
|
||||||
root /var/www/$MATRIX_FQDN;
|
|
||||||
index index.html index.htm;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8008;
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
EOF
|
|
||||||
ln -s /etc/nginx/sites-available/$MATRIX_FQDN /etc/nginx/sites-enabled/$MATRIX_FQDN
|
|
||||||
|
|
||||||
cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
|
|
||||||
# Virtual Host configuration for example.com
|
|
||||||
#
|
|
||||||
# You can move that to a different file under sites-available/ and symlink that
|
|
||||||
# to sites-enabled/ to enable it.
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name $MATRIX_ELEMENT_FQDN;
|
|
||||||
return 301 https://$MATRIX_ELEMENT_FQDN;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name $MATRIX_ELEMENT_FQDN;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/nginx/ssl/matrix.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/matrix.key;
|
|
||||||
|
|
||||||
# If you don't wanna serve a site, comment this out
|
|
||||||
root /var/www/$MATRIX_ELEMENT_FQDN/element;
|
|
||||||
index index.html index.htm;
|
|
||||||
}
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
|
|
||||||
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
mkdir /var/www/$MATRIX_ELEMENT_FQDN
|
|
||||||
cd /var/www/$MATRIX_ELEMENT_FQDN
|
|
||||||
wget https://packages.riot.im/element-release-key.asc
|
|
||||||
gpg --import element-release-key.asc
|
|
||||||
|
|
||||||
wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz
|
|
||||||
wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
|
|
||||||
gpg --verify element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
|
|
||||||
|
|
||||||
tar -xzvf element-$MATRIX_ELEMENT_VERSION.tar.gz
|
|
||||||
ln -s element-$MATRIX_ELEMENT_VERSION element
|
|
||||||
chown www-data:www-data -R element
|
|
||||||
cp ./element/config.sample.json ./element/config.json
|
|
||||||
sed -i "s|https://matrix-client.matrix.org|https://$MATRIX_FQDN|" ./element/config.json
|
|
||||||
sed -i "s|\"server_name\": \"matrix.org\"|\"server_name\": \"$MATRIX_FQDN\"|" ./element/config.json
|
|
||||||
|
|
||||||
su postgres <<EOF
|
|
||||||
psql -c "CREATE USER $ELE_DBUSER WITH PASSWORD '$ELE_DBPASS';"
|
|
||||||
psql -c "CREATE DATABASE $ELE_DBNAME ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $ELE_DBUSER;"
|
|
||||||
echo "Postgres User '$ELE_DBUSER' and database '$ELE_DBNAME' created."
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cd /
|
|
||||||
sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
|
|
||||||
sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
|
|
||||||
sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
|
|
||||||
sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
|
|
||||||
sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
|
|
||||||
|
|
||||||
systemctl restart matrix-synapse
|
|
||||||
|
|
||||||
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
|
|
||||||
|
|
||||||
#curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
|
|
||||||
#echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
|
|
||||||
|
|
||||||
#apt update
|
|
||||||
#apt install -y jitsi-meet
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,115 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# This ist the Zamba main configuration file.
|
|
||||||
# Please adjust the settings to your needs before running the installer.
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
|
|
||||||
############### Linux Container Section ###############
|
|
||||||
|
|
||||||
# Defines the Proxmox storage where your LXC container template are stored (default: local)
|
|
||||||
LXC_TEMPLATE_STORAGE="local"
|
|
||||||
|
|
||||||
# Defines the size in GB of the LXC container's root filesystem (default: 32)
|
|
||||||
# Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
|
|
||||||
LXC_ROOTFS_SIZE="32"
|
|
||||||
# Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
|
|
||||||
LXC_ROOTFS_STORAGE="local-zfs"
|
|
||||||
|
|
||||||
# Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
|
|
||||||
LXC_SHAREFS_SIZE="100"
|
|
||||||
# Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
|
|
||||||
LXC_SHAREFS_STORAGE="local-zfs"
|
|
||||||
# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
|
|
||||||
LXC_SHAREFS_MOUNTPOINT="tank"
|
|
||||||
|
|
||||||
# Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
|
|
||||||
LXC_MEM="1024"
|
|
||||||
|
|
||||||
# Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
|
|
||||||
LXC_SWAP="1024"
|
|
||||||
|
|
||||||
# Defines the hostname of your LXC container
|
|
||||||
LXC_HOSTNAME="zamba"
|
|
||||||
|
|
||||||
# Defines the domain name / search domain of your LXC container
|
|
||||||
LXC_DOMAIN="zmb.rocks"
|
|
||||||
|
|
||||||
# Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
|
|
||||||
LXC_DHCP=false
|
|
||||||
|
|
||||||
# Defines the local IP address and subnet of your LXC container in CIDR format
|
|
||||||
LXC_IP="192.168.100.200/24"
|
|
||||||
|
|
||||||
# Defines the default gateway IP address of your LXC container
|
|
||||||
LXC_GW="192.168.100.254"
|
|
||||||
|
|
||||||
# Defines the DNS server ip address of your LXC container
|
|
||||||
# `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
|
|
||||||
# For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
|
|
||||||
LXC_DNS="192.168.100.254"
|
|
||||||
|
|
||||||
# Defines the network bridge to bind the network adapter of your LXC container
|
|
||||||
LXC_BRIDGE="vmbr0"
|
|
||||||
|
|
||||||
# Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
|
|
||||||
LXC_VLAN=
|
|
||||||
|
|
||||||
# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
|
|
||||||
LXC_PWD='S3cr3tp@ssw0rd'
|
|
||||||
|
|
||||||
# Defines an authorized_keys file to push into the LXC container.
|
|
||||||
# By default the authorized_keys will be inherited from your proxmox host.
|
|
||||||
LXC_AUTHORIZED_KEY=~/.ssh/authorized_keys
|
|
||||||
|
|
||||||
# Define your (administrative) tools, you always want to have installed into your LXC container
|
|
||||||
LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
|
|
||||||
|
|
||||||
# Define the local timezone of your LXC container (default: Euroe/Berlin)
|
|
||||||
LXC_TIMEZONE="Europe/Berlin"
|
|
||||||
|
|
||||||
# Define system language on LXC container (locales)
|
|
||||||
LXC_LOCALE=de_DE.UTF-8
|
|
||||||
|
|
||||||
# Set dark background for vim syntax highlighting (0 or 1)
|
|
||||||
LXC_VIM_BG_DARK=1
|
|
||||||
|
|
||||||
############### Zamba-Server-Section ###############
|
|
||||||
|
|
||||||
# Defines the REALM for the Active Directory (AD DC, AD member)
|
|
||||||
# IMPORTANT NOTE: ZMB_REALM is case sensitive and the value needs to be written completely in capital letters, otherwise Kerberos will fail
|
|
||||||
ZMB_REALM="ZMB.ROCKS"
|
|
||||||
# Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
|
|
||||||
# IMPORTANT NOTE: ZMB_DOMAIN is case sensitive and the value needs to be written completely in capital letters
|
|
||||||
ZMB_DOMAIN="ZMB"
|
|
||||||
|
|
||||||
# Defines the name of your domain administrator account (AD DC, AD member, standalone)
|
|
||||||
ZMB_ADMIN_USER="administrator"
|
|
||||||
# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
|
|
||||||
# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
|
|
||||||
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
|
|
||||||
|
|
||||||
# Defines the name of your Zamba share
|
|
||||||
ZMB_SHARE="share"
|
|
||||||
|
|
||||||
############### Mailpiler-Section ###############
|
|
||||||
|
|
||||||
# Defines the (public) FQDN of your piler mail archive
|
|
||||||
PILER_FQDN="piler.zmb.rocks"
|
|
||||||
# Defines the smarthost for piler mail archive
|
|
||||||
PILER_SMARTHOST="your.mailserver.tld"
|
|
||||||
|
|
||||||
############### Matrix-Section ###############
|
|
||||||
|
|
||||||
# Define the FQDN of your Matrix server
|
|
||||||
MATRIX_FQDN="matrix.zmb.rocks"
|
|
||||||
|
|
||||||
# Define the FQDN for the Element Web virtual host
|
|
||||||
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
|
|
||||||
|
|
||||||
# Define the FQDN for the Jitsi Meet virtual host
|
|
||||||
MATRIX_JITSI_FQDN="meet.zmb.rocks"
|
|
@ -1,119 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
|
|
||||||
BINDNINE=bind9
|
|
||||||
fi
|
|
||||||
|
|
||||||
## configure ntp
|
|
||||||
cat << EOF > /etc/ntp.conf
|
|
||||||
# Local clock. Note that is not the "localhost" address!
|
|
||||||
server 127.127.1.0
|
|
||||||
fudge 127.127.1.0 stratum 10
|
|
||||||
|
|
||||||
# Where to retrieve the time from
|
|
||||||
server 0.de.pool.ntp.org iburst prefer
|
|
||||||
server 1.de.pool.ntp.org iburst prefer
|
|
||||||
server 2.de.pool.ntp.org iburst prefer
|
|
||||||
|
|
||||||
driftfile /var/lib/ntp/ntp.drift
|
|
||||||
logfile /var/log/ntp
|
|
||||||
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
|
|
||||||
|
|
||||||
# Access control
|
|
||||||
# Default restriction: Allow clients only to query the time
|
|
||||||
restrict default kod nomodify notrap nopeer mssntp
|
|
||||||
|
|
||||||
# No restrictions for "localhost"
|
|
||||||
restrict 127.0.0.1
|
|
||||||
|
|
||||||
# Enable the time sources to only provide time to this host
|
|
||||||
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
||||||
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
||||||
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
||||||
|
|
||||||
tinker panic 0
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# update packages
|
|
||||||
apt update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
|
|
||||||
# install required packages
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE
|
|
||||||
|
|
||||||
if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
|
|
||||||
# configure bind dns service
|
|
||||||
cat << EOF > /etc/default/bind9
|
|
||||||
#
|
|
||||||
# run resolvconf?
|
|
||||||
RESOLVCONF=no
|
|
||||||
|
|
||||||
# startup options for the server
|
|
||||||
OPTIONS="-4 -u bind"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat << EOF > /etc/bind/named.conf.local
|
|
||||||
//
|
|
||||||
// Do any local configuration here
|
|
||||||
//
|
|
||||||
|
|
||||||
// Consider adding the 1918 zones here, if they are not used in your
|
|
||||||
// organization
|
|
||||||
//include "/etc/bind/zones.rfc1918";
|
|
||||||
dlz "$LXC_DOMAIN" {
|
|
||||||
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
|
|
||||||
};
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat << EOF > /etc/bind/named.conf.options
|
|
||||||
options {
|
|
||||||
directory "/var/cache/bind";
|
|
||||||
|
|
||||||
forwarders {
|
|
||||||
$LXC_DNS;
|
|
||||||
};
|
|
||||||
|
|
||||||
allow-query { any;};
|
|
||||||
dnssec-validation no;
|
|
||||||
|
|
||||||
auth-nxdomain no; # conform to RFC1035
|
|
||||||
listen-on-v6 { any; };
|
|
||||||
listen-on { any; };
|
|
||||||
|
|
||||||
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
|
|
||||||
minimal-responses yes;
|
|
||||||
};
|
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /var/lib/samba/bind-dns/dns
|
|
||||||
fi
|
|
||||||
|
|
||||||
# stop + disable samba services and remove default config
|
|
||||||
systemctl stop smbd nmbd winbind
|
|
||||||
systemctl disable smbd nmbd winbind
|
|
||||||
rm -f /etc/samba/smb.conf
|
|
||||||
rm -f /etc/krb5.conf
|
|
||||||
|
|
||||||
# provision zamba domain
|
|
||||||
samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
|
|
||||||
|
|
||||||
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
|
|
||||||
|
|
||||||
systemctl unmask samba-ad-dc
|
|
||||||
systemctl enable samba-ad-dc $BINDNINE
|
|
||||||
systemctl restart samba-ad-dc $BINDNINE
|
|
||||||
|
|
||||||
exit 0
|
|
@ -1,113 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
apt update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules
|
|
||||||
|
|
||||||
mv /etc/krb5.conf /etc/krb5.conf.bak
|
|
||||||
cat > /etc/krb5.conf <<EOF
|
|
||||||
[libdefaults]
|
|
||||||
default_realm = $ZMB_REALM
|
|
||||||
ticket_lifetime = 600
|
|
||||||
dns_lookup_realm = true
|
|
||||||
dns_lookup_kdc = true
|
|
||||||
renew_lifetime = 7d
|
|
||||||
EOF
|
|
||||||
|
|
||||||
echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
|
|
||||||
klist
|
|
||||||
|
|
||||||
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
|
|
||||||
cat > /etc/samba/smb.conf <<EOF
|
|
||||||
[global]
|
|
||||||
workgroup = $ZMB_DOMAIN
|
|
||||||
security = ADS
|
|
||||||
realm = $ZMB_REALM
|
|
||||||
server string = %h server
|
|
||||||
|
|
||||||
vfs objects = acl_xattr shadow_copy2
|
|
||||||
map acl inherit = Yes
|
|
||||||
store dos attributes = Yes
|
|
||||||
idmap config *:backend = tdb
|
|
||||||
idmap config *:range = 3000000-4000000
|
|
||||||
idmap config *:schema_mode = rfc2307
|
|
||||||
|
|
||||||
winbind refresh tickets = Yes
|
|
||||||
winbind use default domain = Yes
|
|
||||||
winbind separator = /
|
|
||||||
winbind nested groups = yes
|
|
||||||
winbind nss info = rfc2307
|
|
||||||
|
|
||||||
pam password change = Yes
|
|
||||||
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
|
|
||||||
passwd program = /usr/bin/passwd %u
|
|
||||||
|
|
||||||
template homedir = /home/%U
|
|
||||||
template shell = /bin/bash
|
|
||||||
bind interfaces only = Yes
|
|
||||||
interfaces = lo eth0
|
|
||||||
log file = /var/log/samba/log.%m
|
|
||||||
logging = syslog
|
|
||||||
max log size = 1000
|
|
||||||
panic action = /usr/share/samba/panic-action %d
|
|
||||||
|
|
||||||
load printers = No
|
|
||||||
printcap name = /dev/null
|
|
||||||
printing = bsd
|
|
||||||
disable spoolss = Yes
|
|
||||||
|
|
||||||
allow trusted domains = No
|
|
||||||
dns proxy = No
|
|
||||||
shadow: snapdir = .zfs/snapshot
|
|
||||||
shadow: sort = desc
|
|
||||||
shadow: format = -%Y-%m-%d-%H%M
|
|
||||||
shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
|
|
||||||
shadow: delimiter = -20
|
|
||||||
|
|
||||||
[$ZMB_SHARE]
|
|
||||||
comment = Main Share
|
|
||||||
path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
read only = No
|
|
||||||
create mask = 0660
|
|
||||||
directory mask = 0770
|
|
||||||
inherit acls = Yes
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl restart smbd
|
|
||||||
|
|
||||||
echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
|
|
||||||
sed -i "s|files systemd|files systemd winbind|g" /etc/nsswitch.conf
|
|
||||||
sed -i "s|#WINBINDD_OPTS=|WINBINDD_OPTS=|" /etc/default/winbind
|
|
||||||
echo -e "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session
|
|
||||||
|
|
||||||
systemctl restart winbind nmbd
|
|
||||||
wbinfo -u
|
|
||||||
wbinfo -g
|
|
||||||
|
|
||||||
mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
|
|
||||||
# originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
|
|
||||||
chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
|
|
||||||
setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
|
|
||||||
systemctl restart smbd nmbd winbind
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Authors:
|
|
||||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
|
||||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
|
||||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
|
||||||
|
|
||||||
source /root/zamba.conf
|
|
||||||
|
|
||||||
sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
|
|
||||||
cat << EOF > /etc/default/locale
|
|
||||||
LANG="$LXC_LOCALE"
|
|
||||||
LANGUAGE=$LXC_LOCALE
|
|
||||||
EOF
|
|
||||||
locale-gen $LXC_LOCALE
|
|
||||||
|
|
||||||
apt update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba samba-dsdb-modules samba-vfs-modules
|
|
||||||
|
|
||||||
USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
|
|
||||||
useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
|
|
||||||
echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
|
|
||||||
smbpasswd -x $USER
|
|
||||||
(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER
|
|
||||||
|
|
||||||
cat << EOF >> /etc/samba/smb.conf
|
|
||||||
[$ZMB_SHARE]
|
|
||||||
comment = Main Share
|
|
||||||
path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
read only = No
|
|
||||||
vfs objects = shadow_copy2
|
|
||||||
shadow: snapdir = .zfs/snapshot
|
|
||||||
shadow: sort = desc
|
|
||||||
shadow: format = -%Y-%m-%d-%H%M
|
|
||||||
shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
|
|
||||||
shadow: delimiter = -20
|
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
|
|
||||||
|
|
||||||
systemctl restart smbd nmbd
|
|
255
conf/README.md
255
conf/README.md
@ -1 +1,256 @@
|
|||||||
# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
|
# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
|
||||||
|
# Configuration options reference
|
||||||
|
This is the reference of all config options you can set in `zamba.conf`
|
||||||
|
<br>
|
||||||
|
|
||||||
|
## Linux Container Section
|
||||||
|
In this section all settings relevant for the LXC container.
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### LXC_TEMPLATE_STORAGE
|
||||||
|
Defines the Proxmox storage where your LXC container template are stored (default: local)
|
||||||
|
```bash
|
||||||
|
LXC_TEMPLATE_STORAGE="local"
|
||||||
|
```
|
||||||
|
### LXC_ROOTFS_SIZE
|
||||||
|
Defines the size in GB of the LXC container's root filesystem (default: 32)
|
||||||
|
```bash
|
||||||
|
LXC_ROOTFS_SIZE="32"
|
||||||
|
```
|
||||||
|
Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
|
||||||
|
### LXC_ROOTFS_STORAGE
|
||||||
|
Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
|
||||||
|
```bash
|
||||||
|
LXC_ROOTFS_STORAGE="local-zfs"
|
||||||
|
```
|
||||||
|
### LXC_SHAREFS_SIZE
|
||||||
|
Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
|
||||||
|
```bash
|
||||||
|
LXC_SHAREFS_SIZE="100"
|
||||||
|
```
|
||||||
|
### LXC_SHAREFS_STORAGE
|
||||||
|
Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
|
||||||
|
```bash
|
||||||
|
LXC_SHAREFS_STORAGE="local-zfs"
|
||||||
|
```
|
||||||
|
### LXC_SHAREFS_MOUNTPOINT
|
||||||
|
Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
|
||||||
|
```bash
|
||||||
|
LXC_SHAREFS_MOUNTPOINT="tank"
|
||||||
|
```
|
||||||
|
### LXC_MEM
|
||||||
|
Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
|
||||||
|
```bash
|
||||||
|
LXC_MEM="1024"
|
||||||
|
```
|
||||||
|
### LXC_SWAP
|
||||||
|
Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
|
||||||
|
```bash
|
||||||
|
LXC_SWAP="1024"
|
||||||
|
```
|
||||||
|
### LXC_HOSTNAME
|
||||||
|
Defines the hostname of your LXC container (Default: Name of installed Service)
|
||||||
|
```bash
|
||||||
|
LXC_SWAP="zamba"
|
||||||
|
```
|
||||||
|
### LXC_DOMAIN
|
||||||
|
Defines the domain name / search domain of your LXC container
|
||||||
|
```bash
|
||||||
|
LXC_DOMAIN="zmb.rocks"
|
||||||
|
```
|
||||||
|
### LXC_DHCP
|
||||||
|
Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
|
||||||
|
```bash
|
||||||
|
LXC_DHCP=false
|
||||||
|
```
|
||||||
|
### LXC_IP
|
||||||
|
Defines the local IP address and subnet of your LXC container in CIDR format
|
||||||
|
```bash
|
||||||
|
LXC_IP="10.10.80.20/24"
|
||||||
|
```
|
||||||
|
### LXC_GW
|
||||||
|
Defines the default gateway IP address of your LXC container
|
||||||
|
```bash
|
||||||
|
LXC_GW="10.10.80.254"
|
||||||
|
```
|
||||||
|
### LXC_DNS
|
||||||
|
Defines the DNS server ip address of your LXC container
|
||||||
|
```bash
|
||||||
|
LXC_DNS="10.10.80.254"
|
||||||
|
```
|
||||||
|
`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
|
||||||
|
For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
|
||||||
|
### LXC_BRIDGE
|
||||||
|
Defines the network bridge to bind the network adapter of your LXC container
|
||||||
|
```bash
|
||||||
|
LXC_BRIDGE="vmbr0"
|
||||||
|
```
|
||||||
|
### LXC_VLAN
|
||||||
|
Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
|
||||||
|
```bash
|
||||||
|
LXC_VLAN="80"
|
||||||
|
```
|
||||||
|
### LXC_PWD
|
||||||
|
Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
|
||||||
|
```bash
|
||||||
|
LXC_PWD="Start!123"
|
||||||
|
```
|
||||||
|
### LXC_AUTHORIZED_KEY
|
||||||
|
Defines an authorized_keys file to push into the LXC container.
|
||||||
|
By default the authorized_keys will be inherited from your proxmox host.
|
||||||
|
```bash
|
||||||
|
LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
|
||||||
|
```
|
||||||
|
### LXC_TOOLSET
|
||||||
|
Define your (administrative) tools, you always want to have installed into your LXC container
|
||||||
|
```bash
|
||||||
|
LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc"
|
||||||
|
```
|
||||||
|
### LXC_TIMEZONE
|
||||||
|
Define the local timezone of your LXC container (default: Euroe/Berlin)
|
||||||
|
```bash
|
||||||
|
LXC_TIMEZONE="Europe/Berlin"
|
||||||
|
```
|
||||||
|
### LXC_LOCALE
|
||||||
|
Define system language on LXC container (locales)
|
||||||
|
```bash
|
||||||
|
LXC_LOCALE="de_DE.utf8"
|
||||||
|
```
|
||||||
|
This parameter is not used yet, but will be integrated in future releases.
|
||||||
|
|
||||||
|
### LXC_VIM_BG_DARK
|
||||||
|
Set dark background for vim syntax highlighting (0 or 1)
|
||||||
|
```bash
|
||||||
|
LXC_VIM_BG_DARK=1
|
||||||
|
```
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
## Zamba Server Section
|
||||||
|
This section configures the Zamba server (AD DC, AD member and standalone)
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### ZMB_REALM
|
||||||
|
Defines the REALM for the Active Directory (AD DC, AD member)
|
||||||
|
```bash
|
||||||
|
ZMB_REALM="ZMB.ROCKS"
|
||||||
|
```
|
||||||
|
### ZMB_DOMAIN
|
||||||
|
Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
|
||||||
|
```bash
|
||||||
|
ZMB_DOMAIN="ZMB"
|
||||||
|
```
|
||||||
|
### ZMB_ADMIN_USER
|
||||||
|
Defines the name of your domain administrator account (AD DC, AD member, standalone)
|
||||||
|
```bash
|
||||||
|
ZMB_ADMIN_USER="Administrator"
|
||||||
|
```
|
||||||
|
### ZMB_ADMIN_PASS
|
||||||
|
Defines the domain administrator's password (AD DC, AD member).
|
||||||
|
```bash
|
||||||
|
ZMB_ADMIN_PASS='Start!123'
|
||||||
|
```
|
||||||
|
Please use 'single quotation marks' to avoid unexpected behaviour.
|
||||||
|
`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
|
||||||
|
### ZMB_SHARE
|
||||||
|
Defines the name of your Zamba share
|
||||||
|
```bash
|
||||||
|
ZMB_SHARE="share"
|
||||||
|
```
|
||||||
|
<br>
|
||||||
|
|
||||||
|
## Mailpiler section
|
||||||
|
This section configures the mailpiler email archive
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### PILER_FQDN
|
||||||
|
Defines the (public) FQDN of your piler mail archive
|
||||||
|
```bash
|
||||||
|
PILER_FQDN="piler.zmb.rocks"
|
||||||
|
```
|
||||||
|
### PILER_SMARTHOST
|
||||||
|
Defines the smarthost for piler mail archive
|
||||||
|
```bash
|
||||||
|
PILER_SMARTHOST="your.mailserver.tld"
|
||||||
|
```
|
||||||
|
<br>
|
||||||
|
|
||||||
|
## Matrix section
|
||||||
|
This section configures the matrix chat server
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### MATRIX_FQDN
|
||||||
|
Define the FQDN of your Matrix server
|
||||||
|
```bash
|
||||||
|
MATRIX_FQDN="matrix.zmb.rocks"
|
||||||
|
```
|
||||||
|
|
||||||
|
### MATRIX_ELEMENT_FQDN
|
||||||
|
Define the FQDN for the Element Web virtual host
|
||||||
|
```bash
|
||||||
|
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
|
||||||
|
```
|
||||||
|
|
||||||
|
### MATRIX_ADMIN_USER
|
||||||
|
Define the administrative user of matrix service
|
||||||
|
```bash
|
||||||
|
MATRIX_ADMIN_USER="admin"
|
||||||
|
```
|
||||||
|
|
||||||
|
### MATRIX_ADMIN_PASSWORD
|
||||||
|
Define the admin password
|
||||||
|
```bash
|
||||||
|
MATRIX_ADMIN_PASSWORD="Start!123"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nextcloud-Section
|
||||||
|
|
||||||
|
### NEXTCLOUD_FQDN
|
||||||
|
Define the FQDN of your Nextcloud server
|
||||||
|
```bash
|
||||||
|
NEXTCLOUD_FQDN="nc1.zmb.rocks"
|
||||||
|
```
|
||||||
|
|
||||||
|
### NEXTCLOUD_ADMIN_USR
|
||||||
|
The initial admin-user which will be configured
|
||||||
|
```bash
|
||||||
|
NEXTCLOUD_ADMIN_USR="zmb-admin"
|
||||||
|
```
|
||||||
|
|
||||||
|
### NEXTCLOUD_ADMIN_PWD
|
||||||
|
Build a strong password for this user. Username and password will shown at the end of the instalation.
|
||||||
|
```bash
|
||||||
|
NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
||||||
|
```
|
||||||
|
### NEXTCLOUD_DATA
|
||||||
|
Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
|
||||||
|
```bash
|
||||||
|
NEXTCLOUD_DATA="nc_data"
|
||||||
|
```
|
||||||
|
### NEXTCLOUD_REVPROX
|
||||||
|
Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
|
||||||
|
```bash
|
||||||
|
NEXTCLOUD_REVPROX="192.168.100.254"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Check_MK-Section
|
||||||
|
|
||||||
|
### CMK_INSTANCE
|
||||||
|
Define the name of your checkmk instance
|
||||||
|
```bash
|
||||||
|
CMK_INSTANCE=zmbrocks
|
||||||
|
```
|
||||||
|
|
||||||
|
### CMK_ADMIN_PW
|
||||||
|
Define the password of user 'cmkadmin'
|
||||||
|
```bash
|
||||||
|
CMK_ADMIN_PW='Start!123'
|
||||||
|
```
|
||||||
|
|
||||||
|
### CMK_EDITION
|
||||||
|
checkmk edition (raw or free)
|
||||||
|
- raw = completely free
|
||||||
|
- free = limited version of the enterprise edition (25 hosts, 1 instance)
|
||||||
|
```bash
|
||||||
|
CMK_EDITION=raw
|
||||||
|
```
|
||||||
|
@ -60,7 +60,7 @@ LXC_BRIDGE="vmbr0"
|
|||||||
LXC_VLAN=
|
LXC_VLAN=
|
||||||
|
|
||||||
# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
|
# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
|
||||||
LXC_PWD='S3cr3tp@ssw0rd'
|
LXC_PWD='Start!123'
|
||||||
|
|
||||||
# Defines an authorized_keys file to push into the LXC container.
|
# Defines an authorized_keys file to push into the LXC container.
|
||||||
# By default the authorized_keys will be inherited from your proxmox host.
|
# By default the authorized_keys will be inherited from your proxmox host.
|
||||||
@ -92,7 +92,7 @@ ZMB_DOMAIN="ZMB"
|
|||||||
ZMB_ADMIN_USER="administrator"
|
ZMB_ADMIN_USER="administrator"
|
||||||
# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
|
# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
|
||||||
# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
|
# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
|
||||||
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
|
ZMB_ADMIN_PASS='Start!123'
|
||||||
|
|
||||||
# Defines the name of your Zamba share
|
# Defines the name of your Zamba share
|
||||||
ZMB_SHARE="share"
|
ZMB_SHARE="share"
|
||||||
@ -141,7 +141,7 @@ NEXTCLOUD_REVPROX="192.168.100.254"
|
|||||||
CMK_INSTANCE=zmbrocks
|
CMK_INSTANCE=zmbrocks
|
||||||
|
|
||||||
# Define the password of user 'cmkadmin'
|
# Define the password of user 'cmkadmin'
|
||||||
CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd'
|
CMK_ADMIN_PW='Start!123'
|
||||||
|
|
||||||
# checkmk edition (raw or free)
|
# checkmk edition (raw or free)
|
||||||
# raw = completely free
|
# raw = completely free
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 0,
|
|
||||||
"features": {},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "checkmk",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
CheckMK Monitoring Server
|
|
@ -1,121 +0,0 @@
|
|||||||
#!/usr/bin/python3
|
|
||||||
from pathlib import Path
|
|
||||||
import os
|
|
||||||
import ipaddress
|
|
||||||
import socket
|
|
||||||
import json
|
|
||||||
import subprocess
|
|
||||||
from enum import Enum
|
|
||||||
|
|
||||||
def check_zfs_autosnapshot():
|
|
||||||
proc = subprocess.Popen(["dpkg","-l","zfs-auto-snapshot"],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
|
|
||||||
proc.communicate()
|
|
||||||
if proc.returncode > 0:
|
|
||||||
print ("'zfs-auto-snapshot' is NOT installed on your system. This ist required for 'previous versions' feature in Zamba containers.\nYou can install it with the following command:\n\tapt install zfs-auto-snapshot\n")
|
|
||||||
input ("Press Enter to continue...")
|
|
||||||
|
|
||||||
# get_pve_bridges queries and returns availabe Proxmox bridges
|
|
||||||
def get_pve_bridges():
|
|
||||||
pve_bridges=[]
|
|
||||||
ifaces=os.listdir(os.path.join("/","sys","class","net"))
|
|
||||||
for iface in ifaces:
|
|
||||||
if "vmbr" in iface:
|
|
||||||
pve_bridges.append(iface)
|
|
||||||
return pve_bridges
|
|
||||||
|
|
||||||
# get_pve_storages queries and returns available Proxmox bridges
|
|
||||||
def get_pve_storages(driver=None,content=None):
|
|
||||||
pve_storages={}
|
|
||||||
cmd = ["pvesm","status","--enabled","1"]
|
|
||||||
if content != None:
|
|
||||||
cmd.extend(["--content",content.name])
|
|
||||||
result = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate()
|
|
||||||
stdout = result[0].decode("utf-8").split('\n')
|
|
||||||
for line in filter(lambda x: len(x)>0, stdout):
|
|
||||||
if not "Status" in line:
|
|
||||||
item = [x for x in line.split(' ') if x.strip()]
|
|
||||||
storage = {}
|
|
||||||
storage["driver"] = item[1]
|
|
||||||
storage["status"] = item[2]
|
|
||||||
storage["total"] = item[3]
|
|
||||||
storage["used"] = item[4]
|
|
||||||
storage["available"] = item[5]
|
|
||||||
storage["percent_used"] = item[6]
|
|
||||||
|
|
||||||
if driver == None:
|
|
||||||
pve_storages[item[0]] = storage
|
|
||||||
else:
|
|
||||||
if driver.name == storage["driver"]:
|
|
||||||
pve_storages[item[0]] = storage
|
|
||||||
|
|
||||||
return pve_storages
|
|
||||||
|
|
||||||
# get_zmb_services queries and returns available Zamba services
|
|
||||||
def get_zmb_services():
|
|
||||||
zmb_services={}
|
|
||||||
for item in Path.iterdir(Path.joinpath(Path.cwd(),"src")):
|
|
||||||
if Path.is_dir(item) and "__" not in item.name:
|
|
||||||
with open(os.path.join(item._str, "info"),"r") as info:
|
|
||||||
description = info.read()
|
|
||||||
zmb_services[item.name] = description
|
|
||||||
return zmb_services
|
|
||||||
|
|
||||||
# get_ct_id queries and returns the next available container id
|
|
||||||
def get_ct_id(base="ct"):
|
|
||||||
with open("/etc/pve/.vmlist","r") as v:
|
|
||||||
vmlist_json = json.loads(v.read())
|
|
||||||
ct_id = 100
|
|
||||||
for cid in vmlist_json["ids"].keys():
|
|
||||||
if int(cid) > ct_id and base == "ct" and vmlist_json["ids"][cid]["type"] == "lxc":
|
|
||||||
ct_id = int(cid)
|
|
||||||
elif int(cid) > ct_id and base == "all":
|
|
||||||
ct_id = int(cid)
|
|
||||||
while True:
|
|
||||||
ct_id = ct_id + 1
|
|
||||||
if ct_id not in vmlist_json["ids"].keys():
|
|
||||||
break
|
|
||||||
return ct_id
|
|
||||||
|
|
||||||
# validate_ct_id queries if ct_id is available and returns as boolean
|
|
||||||
def validate_ct_id(ct_id:int):
|
|
||||||
with open("/etc/pve/.vmlist","r") as v:
|
|
||||||
vmlist_json = json.loads(v.read())
|
|
||||||
ct_id = str(ct_id)
|
|
||||||
if int(ct_id) >= 100 and int(ct_id) <= 999999999 and ct_id not in vmlist_json["ids"].keys():
|
|
||||||
return True
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
|
|
||||||
def validate_vlan(tag:int):
|
|
||||||
if int(tag) >= 1 and int(tag) <= 4094:
|
|
||||||
return True
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
|
|
||||||
def get_ct_features(zmb_service):
|
|
||||||
with open(Path.joinpath(Path.cwd(),"src",zmb_service,"features.json")) as ff:
|
|
||||||
return json.loads(ff.read())
|
|
||||||
|
|
||||||
|
|
||||||
class PveStorageContent(Enum):
|
|
||||||
images = 0
|
|
||||||
rootdir = 1
|
|
||||||
vztmpl = 2
|
|
||||||
backup = 3
|
|
||||||
iso = 4
|
|
||||||
snippets = 5
|
|
||||||
|
|
||||||
class PveStorageType(Enum):
|
|
||||||
zfspool = 0
|
|
||||||
dir = 1
|
|
||||||
nfs = 2
|
|
||||||
cifs = 3
|
|
||||||
pbs = 4
|
|
||||||
glusterfs = 5
|
|
||||||
cephfs = 6
|
|
||||||
lvm = 7
|
|
||||||
lvmthin = 8
|
|
||||||
iscsi = 9
|
|
||||||
iscsidirect = 10
|
|
||||||
rbd = 11
|
|
||||||
zfs = 12
|
|
@ -1,9 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 0,
|
|
||||||
"features": {},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "debian",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Debian privileged container with basic tools
|
|
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 1,
|
|
||||||
"features": {
|
|
||||||
"nesting": 1
|
|
||||||
},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "debian",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Debian unprivileged container with basic tools
|
|
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 1,
|
|
||||||
"features": {
|
|
||||||
"nesting": 1
|
|
||||||
},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "piler",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Mailpiler email archive
|
|
@ -1,9 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 1,
|
|
||||||
"features": {},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "matrix",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Matrix Synapse server with Element Web
|
|
73
src/menu.py
73
src/menu.py
@ -1,73 +0,0 @@
|
|||||||
#!/usr/bin/python3
|
|
||||||
from enum import Enum
|
|
||||||
from . import config_base
|
|
||||||
|
|
||||||
def radiolist(title:str,question:str,choices):
|
|
||||||
invalid_input=True
|
|
||||||
while(invalid_input):
|
|
||||||
print(f"#### {title} ####\n")
|
|
||||||
print(question)
|
|
||||||
index = {}
|
|
||||||
counter = 1
|
|
||||||
if isinstance(choices,dict):
|
|
||||||
for choice in choices.keys():
|
|
||||||
if len(choice) <= 12:
|
|
||||||
sep="\t\t"
|
|
||||||
else:
|
|
||||||
sep="\t"
|
|
||||||
print(f"{counter}) {choice}{sep}{choices[choice]}")
|
|
||||||
index[str(counter)] = choice
|
|
||||||
counter = counter + 1
|
|
||||||
elif isinstance(choices,list):
|
|
||||||
for choice in choices:
|
|
||||||
print(f"{counter}) {choice}")
|
|
||||||
index[str(counter)] = choice
|
|
||||||
counter = counter + 1
|
|
||||||
else:
|
|
||||||
print (f"object 'choices': {type(choices)} objects are unsupported.")
|
|
||||||
selected = input("Type in number: ")
|
|
||||||
if selected in index.keys():
|
|
||||||
print("\n")
|
|
||||||
return index[selected]
|
|
||||||
|
|
||||||
def question(title:str,q:str,returntype, default, validation=None):
|
|
||||||
print(f"#### {title} ####\n")
|
|
||||||
if str(returntype.name) == "Boolean":
|
|
||||||
if default == True:
|
|
||||||
suggest = "Y/n"
|
|
||||||
else:
|
|
||||||
suggest = "y/N"
|
|
||||||
a = input(f"{q} [{suggest}]\n")
|
|
||||||
if "y" in str(a).lower():
|
|
||||||
return True
|
|
||||||
elif "n" in str(a).lower():
|
|
||||||
return False
|
|
||||||
else:
|
|
||||||
return default
|
|
||||||
elif str(returntype.name) == "Integer":
|
|
||||||
invalid_input = True
|
|
||||||
while(invalid_input):
|
|
||||||
a = input(f"{q} [{default}]\n")
|
|
||||||
if str(a) == "" or f"{str(default)}" == str(a):
|
|
||||||
return default
|
|
||||||
else:
|
|
||||||
try:
|
|
||||||
valid = validation(int(a))
|
|
||||||
if valid:
|
|
||||||
return int(a)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
a = input(f"{q} [{default}]\n")
|
|
||||||
if a == '':
|
|
||||||
return default
|
|
||||||
else:
|
|
||||||
return a
|
|
||||||
|
|
||||||
|
|
||||||
class qType(Enum):
|
|
||||||
Boolean = 0
|
|
||||||
Integer = 1
|
|
||||||
String = 2
|
|
||||||
IPAdress = 3
|
|
||||||
CIDR = 4
|
|
@ -1,9 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 1,
|
|
||||||
"features": {},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "open3a",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Open3A Server
|
|
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 0,
|
|
||||||
"features": {
|
|
||||||
"nesting": 1
|
|
||||||
},
|
|
||||||
"sharefs": {},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "ad",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Zamba Active Directory Domain Controller
|
|
@ -1,12 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 0,
|
|
||||||
"features": {},
|
|
||||||
"sharefs": {
|
|
||||||
"size": "100",
|
|
||||||
"mountpoint": "/tank"
|
|
||||||
},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "zamba",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Zamba AD Member Server
|
|
@ -1,12 +0,0 @@
|
|||||||
{
|
|
||||||
"unprivileged": 0,
|
|
||||||
"features": { },
|
|
||||||
"sharefs": {
|
|
||||||
"size": "100",
|
|
||||||
"mountpoint": "/tank"
|
|
||||||
},
|
|
||||||
"mem": 1024,
|
|
||||||
"swap": 1024,
|
|
||||||
"hostname": "zamba",
|
|
||||||
"domain": "zmb.rocks"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
Zamba Standalone Server
|
|
14
testinstall
14
testinstall
@ -1,14 +0,0 @@
|
|||||||
|
|
||||||
bash -vx install.sh -s checkmk > checkmk.inst.log
|
|
||||||
bash -vx install.sh -s debian-unpriv > debian-unpriv.inst.log
|
|
||||||
bash -vx install.sh -s matrix > matrix.inst.log
|
|
||||||
bash -vx install.sh -s nextcloud > nextcloud.inst.log
|
|
||||||
bash -vx install.sh -s open3a > open3a.inst.log
|
|
||||||
bash -vx install.sh -s zmb-ad > zmb-ad.inst.log
|
|
||||||
bash -vx install.sh -s zmb-member > zmb-member.inst.log
|
|
||||||
bash -vx install.sh -s zmb-standalone > zmb-standalone.inst.log
|
|
||||||
bash -vx install.sh -s debian-priv > debian-priv.inst.log
|
|
||||||
bash -vx install.sh -s mailpiler > mailpiler.inst.log
|
|
||||||
bash -vx install.sh -s onlyoffice > onlyoffice.inst.log
|
|
||||||
bash -vx install.sh -s proxmox-pbs > proxmox-pbs.inst.log
|
|
||||||
bash -vx install.sh -s urbackup > urbackup.inst.log
|
|
214
zamba.conf.md
214
zamba.conf.md
@ -1,214 +0,0 @@
|
|||||||
# `zamba.conf` options reference
|
|
||||||
This is the reference of all config options you can set in `zamba.conf`
|
|
||||||
<br>
|
|
||||||
|
|
||||||
## Linux Container Section
|
|
||||||
In this section all settings relevant for the LXC container.
|
|
||||||
<br>
|
|
||||||
|
|
||||||
### LXC_TEMPLATE_STORAGE
|
|
||||||
Defines the Proxmox storage where your LXC container template are stored (default: local)
|
|
||||||
```bash
|
|
||||||
LXC_TEMPLATE_STORAGE="local"
|
|
||||||
```
|
|
||||||
### LXC_ROOTFS_SIZE
|
|
||||||
Defines the size in GB of the LXC container's root filesystem (default: 32)
|
|
||||||
```bash
|
|
||||||
LXC_ROOTFS_SIZE="32"
|
|
||||||
```
|
|
||||||
Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
|
|
||||||
### LXC_ROOTFS_STORAGE
|
|
||||||
Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
|
|
||||||
```bash
|
|
||||||
LXC_ROOTFS_STORAGE="local-zfs"
|
|
||||||
```
|
|
||||||
### LXC_SHAREFS_SIZE
|
|
||||||
Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
|
|
||||||
```bash
|
|
||||||
LXC_SHAREFS_SIZE="100"
|
|
||||||
```
|
|
||||||
### LXC_SHAREFS_STORAGE
|
|
||||||
Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
|
|
||||||
```bash
|
|
||||||
LXC_SHAREFS_STORAGE="local-zfs"
|
|
||||||
```
|
|
||||||
### LXC_SHAREFS_MOUNTPOINT
|
|
||||||
Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
|
|
||||||
```bash
|
|
||||||
LXC_SHAREFS_MOUNTPOINT="tank"
|
|
||||||
```
|
|
||||||
### LXC_MEM
|
|
||||||
Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
|
|
||||||
```bash
|
|
||||||
LXC_MEM="1024"
|
|
||||||
```
|
|
||||||
### LXC_SWAP
|
|
||||||
Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
|
|
||||||
```bash
|
|
||||||
LXC_SWAP="1024"
|
|
||||||
```
|
|
||||||
### LXC_HOSTNAME
|
|
||||||
Defines the hostname of your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_SWAP="zamba"
|
|
||||||
```
|
|
||||||
### LXC_DOMAIN
|
|
||||||
Defines the domain name / search domain of your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_DOMAIN="zmb.rocks"
|
|
||||||
```
|
|
||||||
### LXC_DHCP
|
|
||||||
Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
|
|
||||||
```bash
|
|
||||||
LXC_DHCP=false
|
|
||||||
```
|
|
||||||
### LXC_IP
|
|
||||||
Defines the local IP address and subnet of your LXC container in CIDR format
|
|
||||||
```bash
|
|
||||||
LXC_IP="10.10.80.20/24"
|
|
||||||
```
|
|
||||||
### LXC_GW
|
|
||||||
Defines the default gateway IP address of your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_GW="10.10.80.254"
|
|
||||||
```
|
|
||||||
### LXC_DNS
|
|
||||||
Defines the DNS server ip address of your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_DNS="10.10.80.254"
|
|
||||||
```
|
|
||||||
`zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
|
|
||||||
For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
|
|
||||||
### LXC_BRIDGE
|
|
||||||
Defines the network bridge to bind the network adapter of your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_BRIDGE="vmbr0"
|
|
||||||
```
|
|
||||||
### LXC_VLAN
|
|
||||||
Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
|
|
||||||
```bash
|
|
||||||
LXC_VLAN="80"
|
|
||||||
```
|
|
||||||
### LXC_PWD
|
|
||||||
Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
|
|
||||||
```bash
|
|
||||||
LXC_PWD="S3cr3tp@ssw0rd"
|
|
||||||
```
|
|
||||||
### LXC_AUTHORIZED_KEY
|
|
||||||
Defines an authorized_keys file to push into the LXC container.
|
|
||||||
By default the authorized_keys will be inherited from your proxmox host.
|
|
||||||
```bash
|
|
||||||
LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
|
|
||||||
```
|
|
||||||
### LXC_TOOLSET
|
|
||||||
Define your (administrative) tools, you always want to have installed into your LXC container
|
|
||||||
```bash
|
|
||||||
LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
|
|
||||||
```
|
|
||||||
### LXC_TIMEZONE
|
|
||||||
Define the local timezone of your LXC container (default: Euroe/Berlin)
|
|
||||||
```bash
|
|
||||||
LXC_TIMEZONE="Europe/Berlin"
|
|
||||||
```
|
|
||||||
### LXC_LOCALE
|
|
||||||
Define system language on LXC container (locales)
|
|
||||||
```bash
|
|
||||||
LXC_LOCALE="de_DE.utf8"
|
|
||||||
```
|
|
||||||
This parameter is not used yet, but will be integrated in future releases.
|
|
||||||
<br>
|
|
||||||
|
|
||||||
## Zamba Server Section
|
|
||||||
This section configures the Zamba server (AD DC, AD member and standalone)
|
|
||||||
<br>
|
|
||||||
|
|
||||||
### ZMB_REALM
|
|
||||||
Defines the REALM for the Active Directory (AD DC, AD member)
|
|
||||||
```bash
|
|
||||||
ZMB_REALM="ZMB.ROCKS"
|
|
||||||
```
|
|
||||||
### ZMB_DOMAIN
|
|
||||||
Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
|
|
||||||
```bash
|
|
||||||
ZMB_DOMAIN="ZMB"
|
|
||||||
```
|
|
||||||
### ZMB_DNS_BACKEND
|
|
||||||
Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
|
|
||||||
```bash
|
|
||||||
ZMB_DNS_BACKEND="SAMBA_INTERNAL"
|
|
||||||
```
|
|
||||||
### ZMB_ADMIN_USER
|
|
||||||
Defines the name of your domain administrator account (AD DC, AD member, standalone)
|
|
||||||
```bash
|
|
||||||
ZMB_ADMIN_USER="Administrator"
|
|
||||||
```
|
|
||||||
### ZMB_ADMIN_PASS
|
|
||||||
Defines the domain administrator's password (AD DC, AD member).
|
|
||||||
```bash
|
|
||||||
ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
|
|
||||||
```
|
|
||||||
Please use 'single quotation marks' to avoid unexpected behaviour.
|
|
||||||
`zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
|
|
||||||
### ZMB_SHARE
|
|
||||||
Defines the name of your Zamba share
|
|
||||||
```bash
|
|
||||||
ZMB_SHARE="share"
|
|
||||||
```
|
|
||||||
<br>
|
|
||||||
|
|
||||||
## Mailpiler section
|
|
||||||
This section configures the mailpiler email archive
|
|
||||||
<br>
|
|
||||||
|
|
||||||
### PILER_FQDN
|
|
||||||
Defines the (public) FQDN of your piler mail archive
|
|
||||||
```bash
|
|
||||||
PILER_FQDN="piler.zmb.rocks"
|
|
||||||
```
|
|
||||||
### PILER_SMARTHOST
|
|
||||||
Defines the smarthost for piler mail archive
|
|
||||||
```bash
|
|
||||||
PILER_SMARTHOST="10.10.80.20"
|
|
||||||
```
|
|
||||||
### PILER_VERSION
|
|
||||||
Defines the version number of piler mail archive to install
|
|
||||||
```bash
|
|
||||||
PILER_VERSION="1.3.10"
|
|
||||||
```
|
|
||||||
### PILER_SPHINX_VERSION
|
|
||||||
Defines the version of sphinx to install
|
|
||||||
```bash
|
|
||||||
PILER_SPHINX_VERSION="3.3.1"
|
|
||||||
```
|
|
||||||
### PILER_PHP_VERSION
|
|
||||||
Defines the php version to install
|
|
||||||
```bash
|
|
||||||
PILER_PHP_VERSION="7.4"
|
|
||||||
```
|
|
||||||
<br>
|
|
||||||
|
|
||||||
## Matrix section
|
|
||||||
This section configures the matrix chat server
|
|
||||||
<br>
|
|
||||||
|
|
||||||
### MATRIX_FQDN
|
|
||||||
Define the FQDN of your Matrix server
|
|
||||||
```bash
|
|
||||||
MATRIX_FQDN="matrix.zmb.rocks"
|
|
||||||
```
|
|
||||||
|
|
||||||
### MATRIX_ELEMENT_FQDN
|
|
||||||
Define the FQDN for the Element Web virtual host
|
|
||||||
```bash
|
|
||||||
MATRIX_ELEMENT_FQDN="element.zmb.rocks"
|
|
||||||
```
|
|
||||||
### MATRIX_ELEMENT_VERSION
|
|
||||||
Define the version of Element Web
|
|
||||||
```bash
|
|
||||||
MATRIX_ELEMENT_VERSION="v1.7.24"
|
|
||||||
```
|
|
||||||
### MATRIX_JITSI_FQDN
|
|
||||||
Define the FQDN for the Jitsi Meet virtual host
|
|
||||||
```bash
|
|
||||||
MATRIX_JITSI_FQDN="meet.zmb.rocks"
|
|
||||||
```
|
|
Loading…
Reference in New Issue
Block a user