From 2d6e9040eb28d85bd09ca0e39d83cebe3a0b1757 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 24 Apr 2021 00:00:27 +0200 Subject: [PATCH] Complete rework UNTESTED UNFINISHED --- debian-priv.sh => archive/debian-priv.sh | 0 debian-unpriv.sh => archive/debian-unpriv.sh | 15 +- mailpiler.sh => archive/mailpiler.sh | 0 matrix.sh => archive/matrix.sh | 0 zmb-ad.sh => archive/zmb-ad.sh | 0 zmb-member.sh => archive/zmb-member.sh | 0 .../zmb-standalone.sh | 0 install.sh | 67 +++---- new-config.py | 136 ++++++++++++++ proxmox.conf | 1 + src/__init__.py | 0 src/config_base.py | 121 ++++++++++++ src/constants.conf | 11 ++ src/debian-priv/constants-service.conf | 17 ++ src/debian-priv/features.json | 9 + src/debian-priv/info | 1 + src/debian-priv/install-service.sh | 8 + src/debian-unpriv/constants-service.conf | 17 ++ src/debian-unpriv/features.json | 11 ++ src/debian-unpriv/info | 1 + src/debian-unpriv/install-service.sh | 8 + src/lxc-base.sh | 40 ++++ src/mailpiler/constants-service.conf | 25 +++ src/mailpiler/features.json | 11 ++ src/mailpiler/info | 1 + src/mailpiler/install-service.sh | 176 ++++++++++++++++++ src/matrix/constants-service.conf | 17 ++ src/matrix/features.json | 9 + src/matrix/info | 1 + src/matrix/install-service.sh | 153 +++++++++++++++ src/menu.py | 73 ++++++++ src/sources.list | 6 + src/zmb-ad/constants-service.conf | 20 ++ src/zmb-ad/features.json | 11 ++ src/zmb-ad/info | 1 + src/zmb-ad/install-service.sh | 112 +++++++++++ src/zmb-member/constants-service.conf | 17 ++ src/zmb-member/features.json | 12 ++ src/zmb-member/info | 1 + src/zmb-member/install-service.sh | 104 +++++++++++ src/zmb-standalone/constants-service.conf | 17 ++ src/zmb-standalone/features.json | 12 ++ src/zmb-standalone/info | 1 + src/zmb-standalone/install-service.sh | 35 ++++ zamba.conf.example | 112 +++++++++++ 45 files changed, 1346 insertions(+), 44 deletions(-) rename debian-priv.sh => archive/debian-priv.sh (100%) rename debian-unpriv.sh => archive/debian-unpriv.sh (62%) rename mailpiler.sh => archive/mailpiler.sh (100%) rename matrix.sh => archive/matrix.sh (100%) rename zmb-ad.sh => archive/zmb-ad.sh (100%) rename zmb-member.sh => archive/zmb-member.sh (100%) rename zmb-standalone.sh => archive/zmb-standalone.sh (100%) create mode 100755 new-config.py create mode 100644 proxmox.conf create mode 100644 src/__init__.py create mode 100644 src/config_base.py create mode 100644 src/constants.conf create mode 100644 src/debian-priv/constants-service.conf create mode 100644 src/debian-priv/features.json create mode 100644 src/debian-priv/info create mode 100644 src/debian-priv/install-service.sh create mode 100644 src/debian-unpriv/constants-service.conf create mode 100644 src/debian-unpriv/features.json create mode 100644 src/debian-unpriv/info create mode 100644 src/debian-unpriv/install-service.sh create mode 100644 src/lxc-base.sh create mode 100644 src/mailpiler/constants-service.conf create mode 100644 src/mailpiler/features.json create mode 100644 src/mailpiler/info create mode 100644 src/mailpiler/install-service.sh create mode 100644 src/matrix/constants-service.conf create mode 100644 src/matrix/features.json create mode 100644 src/matrix/info create mode 100644 src/matrix/install-service.sh create mode 100644 src/menu.py create mode 100644 src/sources.list create mode 100644 src/zmb-ad/constants-service.conf create mode 100644 src/zmb-ad/features.json create mode 100644 src/zmb-ad/info create mode 100644 src/zmb-ad/install-service.sh create mode 100644 src/zmb-member/constants-service.conf create mode 100644 src/zmb-member/features.json create mode 100644 src/zmb-member/info create mode 100644 src/zmb-member/install-service.sh create mode 100644 src/zmb-standalone/constants-service.conf create mode 100644 src/zmb-standalone/features.json create mode 100644 src/zmb-standalone/info create mode 100644 src/zmb-standalone/install-service.sh create mode 100644 zamba.conf.example diff --git a/debian-priv.sh b/archive/debian-priv.sh similarity index 100% rename from debian-priv.sh rename to archive/debian-priv.sh diff --git a/debian-unpriv.sh b/archive/debian-unpriv.sh similarity index 62% rename from debian-unpriv.sh rename to archive/debian-unpriv.sh index 881a310..7d90719 100644 --- a/debian-unpriv.sh +++ b/archive/debian-unpriv.sh @@ -5,12 +5,19 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille -dpkg-reconfigure locales - source /root/zamba.conf +source /root/proxmox.conf -# Set Timezone -ln -sf /usr/share/zoneinfo/$LXC_TIMEZONE /etc/localtime +sed -i "s/^#.$HOST_LOCALE/$HOST_LOCALE/" /etc/locale.gen +locale-gen $HOST_LOCALE + +sed -i "s/^#.$LXC_LOCALE/$LXC_LOCALE/" /etc/locale.gen +locale-gen $LXC_LOCALE +echo LANG=$LXC_LOCALE > /etc/default/locale +echo LANGUAGE=$LXC_LOCALE >> /etc/default/locale +export LANG=$LXC_LOCALE +export LANGUAGE=$LXC_LOCALE +export LC_CTYPE=C apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade diff --git a/mailpiler.sh b/archive/mailpiler.sh similarity index 100% rename from mailpiler.sh rename to archive/mailpiler.sh diff --git a/matrix.sh b/archive/matrix.sh similarity index 100% rename from matrix.sh rename to archive/matrix.sh diff --git a/zmb-ad.sh b/archive/zmb-ad.sh similarity index 100% rename from zmb-ad.sh rename to archive/zmb-ad.sh diff --git a/zmb-member.sh b/archive/zmb-member.sh similarity index 100% rename from zmb-member.sh rename to archive/zmb-member.sh diff --git a/zmb-standalone.sh b/archive/zmb-standalone.sh similarity index 100% rename from zmb-standalone.sh rename to archive/zmb-standalone.sh diff --git a/install.sh b/install.sh index 2f5461e..eca4cf5 100644 --- a/install.sh +++ b/install.sh @@ -16,50 +16,37 @@ ############### ZAMBA INSTALL SCRIPT ############### +if [[ "$2" == *".conf" ]]; then + CONF=$2 +else + CONF=zamba.conf +fi + # Load configuration file -source $PWD/zamba.conf +source $PWD/$CONF +OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) -select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv debian-priv quit; do - case $opt in - debian-unpriv) - echo "Debian-only LXC container unprivileged mode selected" - break - ;; - debian-priv) - echo "Debian-only LXC container privileged mode selected" - break - ;; - zmb-standalone) - echo "Configuring LXC container '$opt'!" - break - ;; - zmb-member) - echo "Configuring LXC container '$opt'!" - break - ;; - zmb-ad) - echo "Selected Zamba AD DC" - break - ;; - mailpiler) - echo "Configuring LXC container for '$opt'!" - break - ;; - matrix) - echo "Install Matrix chat server and element web service" - break - ;; - quit) - echo "Script aborted by user interaction." +if [ -z ${1+x} ]; then + if [[ $opt in $OPTS ]]; then + echo "Configuring '$opt' container..." + else + echo "Invalid option: '$opt', exiting..." + exit 1 + fi +else + select opt in $OPTS quit; do + if [[ $opt in $OPTS ]]; then + echo "Configuring '$opt' container..." + elif [[ "$opt" == "quit" ]]; then + echo "'quit' selected, exiting..." exit 0 - ;; - *) - echo "Invalid option! Exiting..." + else + echo "Invalid option, exiting..." exit 1 - ;; - esac -done + fi + done +fi source $PWD/src/$opt/constants-service.conf @@ -119,7 +106,7 @@ echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; lxc-attach -n$LXC_NBR mkdir -p /root/.ssh; pct push $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list -pct push $LXC_NBR $PWD/zamba.conf /root/zamba.conf +pct push $LXC_NBR $PWD/$CONF /root/zamba.conf pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh pct push $LXC_NBR $PWD/src/$opt/install-service.sh /root/install-service.sh diff --git a/new-config.py b/new-config.py new file mode 100755 index 0000000..48b8af8 --- /dev/null +++ b/new-config.py @@ -0,0 +1,136 @@ +#!/usr/bin/python3 +import os +from src import config_base, menu + +# Check installation of zfs-auto-snapshot, if not installed, just notify user +config_base.check_zfs_autosnapshot() + +cfg = {} +# set template storage +t_storages = config_base.get_pve_storages(content=config_base.PveStorageContent.vztmpl) +if len(t_storages.keys()) > 1: + t_stors={} + for st in t_storages.keys(): + t_stors[st] = f"driver: {t_storages[st]['driver']}\tfree space: {int(t_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_TEMPLATE_STORAGE'] = menu.radiolist("Select container template storage", "Please choose the storage, where your container templates are stored.", t_stors) +elif len(t_storages.keys()) == 1: + cfg['LXC_TEMPLATE_STORAGE'] = next(iter(t_storages)) +else: + print("Could not find any storage enabled for container templates. Please ensure your storages are configured properly.") + os._exit(1) + +# get zmb service +cfg['ZMB_SERVICE'] = menu.radiolist("Select service","Please choose the service to install:", config_base.get_zmb_services()) + +# get static ct features +ct_features = config_base.get_ct_features(cfg["ZMB_SERVICE"]) +cfg['LXC_UNPRIVILEGED'] = ct_features['unprivileged'] +# get ct id +cfg['LXC_NBR'] = menu.question("Container ID", f"Please select an ID for the {cfg['ZMB_SERVICE']} container.", menu.qType.Integer, config_base.get_ct_id(), config_base.validate_ct_id) + +# configure rootfs +r_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir) +if len(r_storages.keys()) > 1: + r_stors = {} + for st in r_storages.keys(): + r_stors[st] = f"driver: {r_storages[st]['driver']}\tfree space: {int(r_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_ROOTFS_STORAGE'] = menu.radiolist("Select rootfs storage", "Please choose the storage for your container's rootfs",r_stors) +elif len(r_storages.keys()) == 1: + cfg['LXC_ROOTFS_STORAGE'] = next(iter(r_storages)) +else: + print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.") + os._exit(1) + +cfg['LXC_ROOTFS_SIZE'] = menu.question("Set rootfs size","Please type in the desired rootfs size (GB)", menu.qType.Integer,32) + +# create additional mountpoints +if 'size' in ct_features['sharefs'].keys(): + f_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir) + if len(f_storages.keys()) > 1: + f_stors = {} + for st in f_storages.keys(): + f_stors[st] = f"driver: {f_storages[st]['driver']}\tfree space: {int(f_storages[st]['available'])/1024/1024:.2f} GB" + cfg['LXC_SHAREFS_STORAGE'] = menu.radiolist("Select sharefs storage", "Please choose the storage of your shared filesystem", f_stors) + elif len(r_storages.keys()) == 1: + cfg['LXC_SHAREFS_STORAGE'] = next(iter(f_storages)) + else: + print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.") + os._exit(1) + cfg['LXC_SHAREFS_SIZE'] = menu.question("Select sharefs size","Please type in the desired size (GB) of your shared filesystem", menu.qType.Integer,ct_features['sharefs']['size']) + cfg['LXC_SHAREFS_MOUNTPOINT'] = menu.question("Select sharefs mountpoint","Please type in the folder where to mount your shared filesystem inside the container.", menu.qType.String,ct_features['sharefs']['mountpoint']) + +# configure ram and swap +cfg['LXC_MEM'] = menu.question("Set container RAM", "Please type in the desired amount of RAM for the container (MB)",menu.qType.Integer,ct_features["mem"]) +cfg['LXC_SWAP'] = menu.question("Set container Swap", "Please type in the desired amount of Swap for the container (MB)",menu.qType.Integer,ct_features["swap"]) +cfg['LXC_HOSTNAME'] = menu.question("Set container Hostname", "Please type in the desired hostname of the container",menu.qType.String,ct_features['hostname']) +cfg['LXC_DOMAIN'] = menu.question("Set container search domain", "Please type in the search domain of your network.", menu.qType.String,ct_features['domain']) +cfg['LXC_TIMEZONE'] = 'host' # TODO +cfg['LXC_LOCALE'] = "de_DE.utf8" # TODO + +# get pve bridge +bridges = config_base.get_pve_bridges() +if len(bridges) > 1: + cfg['LXC_BRIDGE'] = menu.radiolist("Select PVE Network Bridge", f"Please select the network bridge to connect the {cfg['ZMB_SERVICE']} container",bridges) +elif len(bridges) == 1: + cfg['LXC_BRIDGE'] = bridges[0] +else: + print("Could not find any bridge device to connect container. Please ensure your networksettings are configured properly.") + os._exit(1) + +cfg['LXC_VLAN'] = menu.question("Set vlan tag", "You you want to tag your container's network to a vlan? (0 = untagged, 1 - 4094 = tagged vlan id)",menu.qType.Integer,0, config_base.validate_vlan) + +# configure network interface +if cfg['ZMB_SERVICE'] != 'zmb-ad': + enable_dhcp = menu.question("Set network mode", "Do you want to configure the network interface in dhcp mode?",menu.qType.Boolean,default=True) +else: + enable_dhcp = False +if enable_dhcp == True: + cfg["LXC_NET_MODE"] = 'dhcp' +else: + cfg["LXC_NET_MODE"] = 'static' + cfg["LXC_IP"] = menu.question("Set interface IP Addess", "Pleace type in the containers IP address (CIDR Format).",menu.qType.String,default='10.10.10.10/8') + cfg["LXC_GW"] = menu.question("Set interface default gateway", "Pleace type in the containers default gateway.",menu.qType.String,default='10.10.10.1') +cfg['LXC_DNS'] = menu.question("Set containers dns server", "Pleace type in the containers dns server. ZMB AD will use this as dns forwarder",menu.qType.String,default='10.10.10.1') + +cfg['LXC_PWD'] = menu.question("Set root password", "Please type in the containers root password", menu.qType.String,default='') +cfg['LXC_AUTHORIZED_KEY'] = menu.question ("Set authorized_keys file to import", "Please select authorized_keys file to import.", menu.qType.String, default='~/.ssh/authorized_keys') + +os.system('clear') +print (f"#### Zamba LXC Toolbox ####\n") +print (f"GLOBAL CONFIGURATION:") +print (f"\tct template storage:\t{cfg['LXC_TEMPLATE_STORAGE']}") +print (f"\nCONTAINER CONFIGURATION:") +print (f"\tzmb service:\t\t{cfg['ZMB_SERVICE']}") +print (f"\tcontainer id:\t\t{cfg['LXC_NBR']}") +print (f"\tunprivileged:\t\t{cfg['LXC_UNPRIVILEGED']}") +for feature in ct_features['features'].keys(): + if feature == 'nesting': + cfg['LXC_NESTING'] = ct_features['features'][feature] + print (f"\t{feature}:\t\t{cfg['LXC_NESTING']}") +print (f"\tcontainer memory:\t{cfg['LXC_MEM']} MB") +print (f"\tcontainer swap:\t\t{cfg['LXC_SWAP']} MB") +print (f"\tcontainer hostname:\t{cfg['LXC_HOSTNAME']}") +print (f"\tct search domain:\t{cfg['LXC_DOMAIN']}") +print (f"\tcontainer timezone\t{cfg['LXC_TIMEZONE']}") +print (f"\tcontainer language\t{cfg['LXC_LOCALE']}") +print (f"\nSTORAGE CONFIGURATION:") +print (f"\trootfs storage:\t\t{cfg['LXC_ROOTFS_STORAGE']}") +print (f"\trootfs size:\t\t{cfg['LXC_ROOTFS_SIZE']} GB") +if 'size' in ct_features['sharefs'].keys(): + print (f"\tsharefs storage:\t{cfg['LXC_SHAREFS_STORAGE']}") + print (f"\tsharefs size:\t\t{cfg['LXC_SHAREFS_SIZE']} GB") + print (f"\tsharefs mountpoint:\t{cfg['LXC_SHAREFS_MOUNTPOINT']}") +print (f"\nNETWORK CONFIGURATION:") +print (f"\tpve bridge:\t\t{cfg['LXC_BRIDGE']}") +if cfg['LXC_VLAN'] > 0: + print (f"\tcontainer vlan:\t\t{cfg['LXC_VLAN']}") +else: + print (f"\tcontainer vlan:\t\tuntagged") +print (f"\tnetwork mode:\t\t{cfg['LXC_NET_MODE']}") +if enable_dhcp == False: + print (f"\tip address (CIDR):\t{cfg['LXC_IP']}") + print (f"\tdefault gateway:\t{cfg['LXC_GW']}") + print (f"\tdns server / forwarder:\t{cfg['LXC_GW']}") +print (f"\nCONTAINER CREDENTIALS:") +print (f"\troot password:\t\t{cfg['LXC_PWD']}") +print (f"\tauthorized ssh keys:\t{cfg['LXC_AUTHORIZED_KEY']}") \ No newline at end of file diff --git a/proxmox.conf b/proxmox.conf new file mode 100644 index 0000000..13e26f3 --- /dev/null +++ b/proxmox.conf @@ -0,0 +1 @@ +HOST_LOCALE=de_DE.UTF-8 diff --git a/src/__init__.py b/src/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/config_base.py b/src/config_base.py new file mode 100644 index 0000000..1d5cb07 --- /dev/null +++ b/src/config_base.py @@ -0,0 +1,121 @@ +#!/usr/bin/python3 +from pathlib import Path +import os +import ipaddress +import socket +import json +import subprocess +from enum import Enum + +def check_zfs_autosnapshot(): + proc = subprocess.Popen(["dpkg","-l","zfs-auto-snapshot"],stdout=subprocess.PIPE,stderr=subprocess.PIPE) + proc.communicate() + if proc.returncode > 0: + print ("'zfs-auto-snapshot' is NOT installed on your system. This ist required for 'previous versions' feature in Zamba containers.\nYou can install it with the following command:\n\tapt install zfs-auto-snapshot\n") + input ("Press Enter to continue...") + +# get_pve_bridges queries and returns availabe Proxmox bridges +def get_pve_bridges(): + pve_bridges=[] + ifaces=os.listdir(os.path.join("/","sys","class","net")) + for iface in ifaces: + if "vmbr" in iface: + pve_bridges.append(iface) + return pve_bridges + +# get_pve_storages queries and returns available Proxmox bridges +def get_pve_storages(driver=None,content=None): + pve_storages={} + cmd = ["pvesm","status","--enabled","1"] + if content != None: + cmd.extend(["--content",content.name]) + result = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate() + stdout = result[0].decode("utf-8").split('\n') + for line in filter(lambda x: len(x)>0, stdout): + if not "Status" in line: + item = [x for x in line.split(' ') if x.strip()] + storage = {} + storage["driver"] = item[1] + storage["status"] = item[2] + storage["total"] = item[3] + storage["used"] = item[4] + storage["available"] = item[5] + storage["percent_used"] = item[6] + + if driver == None: + pve_storages[item[0]] = storage + else: + if driver.name == storage["driver"]: + pve_storages[item[0]] = storage + + return pve_storages + +# get_zmb_services queries and returns available Zamba services +def get_zmb_services(): + zmb_services={} + for item in Path.iterdir(Path.joinpath(Path.cwd(),"src")): + if Path.is_dir(item) and "__" not in item.name: + with open(os.path.join(item._str, "info"),"r") as info: + description = info.read() + zmb_services[item.name] = description + return zmb_services + +# get_ct_id queries and returns the next available container id +def get_ct_id(base="ct"): + with open("/etc/pve/.vmlist","r") as v: + vmlist_json = json.loads(v.read()) + ct_id = 100 + for cid in vmlist_json["ids"].keys(): + if int(cid) > ct_id and base == "ct" and vmlist_json["ids"][cid]["type"] == "lxc": + ct_id = int(cid) + elif int(cid) > ct_id and base == "all": + ct_id = int(cid) + while True: + ct_id = ct_id + 1 + if ct_id not in vmlist_json["ids"].keys(): + break + return ct_id + +# validate_ct_id queries if ct_id is available and returns as boolean +def validate_ct_id(ct_id:int): + with open("/etc/pve/.vmlist","r") as v: + vmlist_json = json.loads(v.read()) + ct_id = str(ct_id) + if int(ct_id) >= 100 and int(ct_id) <= 999999999 and ct_id not in vmlist_json["ids"].keys(): + return True + else: + return False + +def validate_vlan(tag:int): + if int(tag) >= 1 and int(tag) <= 4094: + return True + else: + return False + +def get_ct_features(zmb_service): + with open(Path.joinpath(Path.cwd(),"src",zmb_service,"features.json")) as ff: + return json.loads(ff.read()) + + +class PveStorageContent(Enum): + images = 0 + rootdir = 1 + vztmpl = 2 + backup = 3 + iso = 4 + snippets = 5 + +class PveStorageType(Enum): + zfspool = 0 + dir = 1 + nfs = 2 + cifs = 3 + pbs = 4 + glusterfs = 5 + cephfs = 6 + lvm = 7 + lvmthin = 8 + iscsi = 9 + iscsidirect = 10 + rbd = 11 + zfs = 12 \ No newline at end of file diff --git a/src/constants.conf b/src/constants.conf new file mode 100644 index 0000000..bc1838c --- /dev/null +++ b/src/constants.conf @@ -0,0 +1,11 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on container level + +# Define your (administrative) tools, you always want to have installed into your LXC container +LXC_TOOLSET_BASE="lsb-release curl git gnupg2 apt-transport-https software-properties-common" \ No newline at end of file diff --git a/src/debian-priv/constants-service.conf b/src/debian-priv/constants-service.conf new file mode 100644 index 0000000..9439c47 --- /dev/null +++ b/src/debian-priv/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/debian-priv/features.json b/src/debian-priv/features.json new file mode 100644 index 0000000..100b62c --- /dev/null +++ b/src/debian-priv/features.json @@ -0,0 +1,9 @@ +{ + "unprivileged": 0, + "features": {}, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "debian", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/debian-priv/info b/src/debian-priv/info new file mode 100644 index 0000000..7490252 --- /dev/null +++ b/src/debian-priv/info @@ -0,0 +1 @@ +Debian privileged container with basic tools \ No newline at end of file diff --git a/src/debian-priv/install-service.sh b/src/debian-priv/install-service.sh new file mode 100644 index 0000000..6b6b19e --- /dev/null +++ b/src/debian-priv/install-service.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +echo "'debian-priv' is ready to use!" \ No newline at end of file diff --git a/src/debian-unpriv/constants-service.conf b/src/debian-unpriv/constants-service.conf new file mode 100644 index 0000000..382f437 --- /dev/null +++ b/src/debian-unpriv/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/debian-unpriv/features.json b/src/debian-unpriv/features.json new file mode 100644 index 0000000..cc1cdec --- /dev/null +++ b/src/debian-unpriv/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 1, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "debian", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/debian-unpriv/info b/src/debian-unpriv/info new file mode 100644 index 0000000..c1edd70 --- /dev/null +++ b/src/debian-unpriv/info @@ -0,0 +1 @@ +Debian unprivileged container with basic tools \ No newline at end of file diff --git a/src/debian-unpriv/install-service.sh b/src/debian-unpriv/install-service.sh new file mode 100644 index 0000000..4fe3d01 --- /dev/null +++ b/src/debian-unpriv/install-service.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +echo "'debian-unpriv' is ready to use!" \ No newline at end of file diff --git a/src/lxc-base.sh b/src/lxc-base.sh new file mode 100644 index 0000000..4ded575 --- /dev/null +++ b/src/lxc-base.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# load configuration +echo "Loading configuration..." +source /root/zamba.conf +source /root/constants.conf + +echo "Updating locales" +# update locales +sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen +cat << EOF > /etc/default/locale +LANG="$LXC_LOCALE" +LANGUAGE=$LXC_LOCALE +EOF +locale-gen $LXC_LOCALE + +# update package lists +echo "Updating package database..." +apt update + +# install latest packages +echo "Installing latest updates" +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade + +# install toolset +echo "Installing preconfigured toolset..." +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET_BASE $LXC_TOOLSET + +echo "Enabling vim syntax highlighting..." +sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc +if [ $LXC_VIM_BG_DARK -gt 0 ]; then + sed -i "s|\"set background=dark|set background=dark|g" /etc/vim/vimrc +fi + +echo "Basic container setup finished, continuing with service installation..." \ No newline at end of file diff --git a/src/mailpiler/constants-service.conf b/src/mailpiler/constants-service.conf new file mode 100644 index 0000000..2f48d83 --- /dev/null +++ b/src/mailpiler/constants-service.conf @@ -0,0 +1,25 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="1" + +# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest') +PILER_VERSION="latest" +# Defines the version of sphinx to install +PILER_SPHINX_VERSION="3.3.1" +# Defines the php version to install +PILER_PHP_VERSION="7.4" \ No newline at end of file diff --git a/src/mailpiler/features.json b/src/mailpiler/features.json new file mode 100644 index 0000000..5a478f9 --- /dev/null +++ b/src/mailpiler/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 1, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "piler", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/mailpiler/info b/src/mailpiler/info new file mode 100644 index 0000000..e396db9 --- /dev/null +++ b/src/mailpiler/info @@ -0,0 +1 @@ +Mailpiler email archive \ No newline at end of file diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh new file mode 100644 index 0000000..c42fa9a --- /dev/null +++ b/src/mailpiler/install-service.sh @@ -0,0 +1,176 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +HOSTNAME=$(hostname -f) + +echo "Ensure your Hostname is set to your Piler FQDN!" + +echo $HOSTNAME + +if + [ "$HOSTNAME" != "$PILER_FQDN" ] +then + echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit +else + echo "Hostname matches PILER_FQDNAIN, so starting installation." +fi + +# install php +wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip} + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix + +cat > /etc/mysql/conf.d/mailpiler.conf <> /usr/local/etc/piler/config-site.php < +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/matrix/features.json b/src/matrix/features.json new file mode 100644 index 0000000..6798cc8 --- /dev/null +++ b/src/matrix/features.json @@ -0,0 +1,9 @@ +{ + "unprivileged": 1, + "features": {}, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "matrix", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/matrix/info b/src/matrix/info new file mode 100644 index 0000000..174eaa0 --- /dev/null +++ b/src/matrix/info @@ -0,0 +1 @@ +Matrix Synapse server with Element Web \ No newline at end of file diff --git a/src/matrix/install-service.sh b/src/matrix/install-service.sh new file mode 100644 index 0000000..b4dd4aa --- /dev/null +++ b/src/matrix/install-service.sh @@ -0,0 +1,153 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + +ELE_DBNAME="synapse_db" +ELE_DBUSER="synapse_user" +ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2 + +wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list +apt update +DEBIAN_FRONTEND=nonintercative DEBIAN_PRIORITY=critical apt install -y -qq matrix-synapse-py3 +systemctl enable matrix-synapse + +ss -tulpen + +mkdir /etc/nginx/ssl +openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN" + +cat > /etc/nginx/sites-available/$MATRIX_FQDN < /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml + +systemctl restart matrix-synapse + +register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008 + +#curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' +#echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null + +#apt update +#apt install -y jitsi-meet + + + diff --git a/src/menu.py b/src/menu.py new file mode 100644 index 0000000..62af1e0 --- /dev/null +++ b/src/menu.py @@ -0,0 +1,73 @@ +#!/usr/bin/python3 +from enum import Enum +from . import config_base + +def radiolist(title:str,question:str,choices): + invalid_input=True + while(invalid_input): + print(f"#### {title} ####\n") + print(question) + index = {} + counter = 1 + if isinstance(choices,dict): + for choice in choices.keys(): + if len(choice) <= 12: + sep="\t\t" + else: + sep="\t" + print(f"{counter}) {choice}{sep}{choices[choice]}") + index[str(counter)] = choice + counter = counter + 1 + elif isinstance(choices,list): + for choice in choices: + print(f"{counter}) {choice}") + index[str(counter)] = choice + counter = counter + 1 + else: + print (f"object 'choices': {type(choices)} objects are unsupported.") + selected = input("Type in number: ") + if selected in index.keys(): + print("\n") + return index[selected] + +def question(title:str,q:str,returntype, default, validation=None): + print(f"#### {title} ####\n") + if str(returntype.name) == "Boolean": + if default == True: + suggest = "Y/n" + else: + suggest = "y/N" + a = input(f"{q} [{suggest}]\n") + if "y" in str(a).lower(): + return True + elif "n" in str(a).lower(): + return False + else: + return default + elif str(returntype.name) == "Integer": + invalid_input = True + while(invalid_input): + a = input(f"{q} [{default}]\n") + if str(a) == "" or f"{str(default)}" == str(a): + return default + else: + try: + valid = validation(int(a)) + if valid: + return int(a) + except: + pass + else: + a = input(f"{q} [{default}]\n") + if a == '': + return default + else: + return a + + +class qType(Enum): + Boolean = 0 + Integer = 1 + String = 2 + IPAdress = 3 + CIDR = 4 \ No newline at end of file diff --git a/src/sources.list b/src/sources.list new file mode 100644 index 0000000..aa474ae --- /dev/null +++ b/src/sources.list @@ -0,0 +1,6 @@ +deb http://ftp.de.debian.org/debian buster main contrib + +deb http://ftp.de.debian.org/debian buster-updates main contrib + +# security updates +deb http://security.debian.org buster/updates main contrib \ No newline at end of file diff --git a/src/zmb-ad/constants-service.conf b/src/zmb-ad/constants-service.conf new file mode 100644 index 0000000..a403e3c --- /dev/null +++ b/src/zmb-ad/constants-service.conf @@ -0,0 +1,20 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage +ZMB_DNS_BACKEND="SAMBA_INTERNAL" + +# Create sharefs mountpoint +LXC_MP="0" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="1" \ No newline at end of file diff --git a/src/zmb-ad/features.json b/src/zmb-ad/features.json new file mode 100644 index 0000000..8cc5c0d --- /dev/null +++ b/src/zmb-ad/features.json @@ -0,0 +1,11 @@ +{ + "unprivileged": 0, + "features": { + "nesting": 1 + }, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "ad", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-ad/info b/src/zmb-ad/info new file mode 100644 index 0000000..092f8dc --- /dev/null +++ b/src/zmb-ad/info @@ -0,0 +1 @@ +Zamba Active Directory Domain Controller \ No newline at end of file diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh new file mode 100644 index 0000000..eb32037 --- /dev/null +++ b/src/zmb-ad/install-service.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then + BINDNINE=bind9 +fi + +## configure ntp +cat << EOF > /etc/ntp.conf +# Local clock. Note that is not the "localhost" address! +server 127.127.1.0 +fudge 127.127.1.0 stratum 10 + +# Where to retrieve the time from +server 0.de.pool.ntp.org iburst prefer +server 1.de.pool.ntp.org iburst prefer +server 2.de.pool.ntp.org iburst prefer + +driftfile /var/lib/ntp/ntp.drift +logfile /var/log/ntp +ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ + +# Access control +# Default restriction: Allow clients only to query the time +restrict default kod nomodify notrap nopeer mssntp + +# No restrictions for "localhost" +restrict 127.0.0.1 + +# Enable the time sources to only provide time to this host +restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery +restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery +restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery + +tinker panic 0 +EOF + +# update packages +apt update +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade +# install required packages +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE + +if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then + # configure bind dns service + cat << EOF > /etc/default/bind9 +# +# run resolvconf? +RESOLVCONF=no + +# startup options for the server +OPTIONS="-4 -u bind" +EOF + +cat << EOF > /etc/bind/named.conf.local +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; +dlz "$LXC_DOMAIN" { + database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; +}; +EOF + + cat << EOF > /etc/bind/named.conf.options +options { + directory "/var/cache/bind"; + + forwarders { + $LXC_DNS; + }; + + allow-query { any;}; + dnssec-validation no; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + listen-on { any; }; + + tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; + minimal-responses yes; +}; +EOF + + mkdir -p /var/lib/samba/bind-dns/dns +fi + +# stop + disable samba services and remove default config +systemctl stop smbd nmbd winbind +systemctl disable smbd nmbd winbind +rm -f /etc/samba/smb.conf +rm -f /etc/krb5.conf + +# provision zamba domain +samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND + +cp /var/lib/samba/private/krb5.conf /etc/krb5.conf + +systemctl unmask samba-ad-dc +systemctl enable samba-ad-dc $BINDNINE +systemctl restart samba-ad-dc $BINDNINE + +exit 0 diff --git a/src/zmb-member/constants-service.conf b/src/zmb-member/constants-service.conf new file mode 100644 index 0000000..a2d006f --- /dev/null +++ b/src/zmb-member/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/zmb-member/features.json b/src/zmb-member/features.json new file mode 100644 index 0000000..a651666 --- /dev/null +++ b/src/zmb-member/features.json @@ -0,0 +1,12 @@ +{ + "unprivileged": 0, + "features": {}, + "sharefs": { + "size": "100", + "mountpoint": "/tank" + }, + "mem": 1024, + "swap": 1024, + "hostname": "zamba", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-member/info b/src/zmb-member/info new file mode 100644 index 0000000..5064c82 --- /dev/null +++ b/src/zmb-member/info @@ -0,0 +1 @@ +Zamba AD Member Server \ No newline at end of file diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh new file mode 100644 index 0000000..e4edaf0 --- /dev/null +++ b/src/zmb-member/install-service.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules + +mv /etc/krb5.conf /etc/krb5.conf.bak +cat > /etc/krb5.conf < /etc/samba/smb.conf <> /etc/pam.d/common-session + +systemctl restart winbind nmbd +wbinfo -u +wbinfo -g + +mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +# originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins' +chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +systemctl restart smbd nmbd winbind + diff --git a/src/zmb-standalone/constants-service.conf b/src/zmb-standalone/constants-service.conf new file mode 100644 index 0000000..a2d006f --- /dev/null +++ b/src/zmb-standalone/constants-service.conf @@ -0,0 +1,17 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Create sharefs mountpoint +LXC_MP="1" + +# Create unprivileged container +LXC_UNPRIVILEGED="0" + +# enable nesting feature +LXC_NESTING="0" \ No newline at end of file diff --git a/src/zmb-standalone/features.json b/src/zmb-standalone/features.json new file mode 100644 index 0000000..18faaf5 --- /dev/null +++ b/src/zmb-standalone/features.json @@ -0,0 +1,12 @@ +{ + "unprivileged": 0, + "features": { }, + "sharefs": { + "size": "100", + "mountpoint": "/tank" + }, + "mem": 1024, + "swap": 1024, + "hostname": "zamba", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/zmb-standalone/info b/src/zmb-standalone/info new file mode 100644 index 0000000..29a2c22 --- /dev/null +++ b/src/zmb-standalone/info @@ -0,0 +1 @@ +Zamba Standalone Server \ No newline at end of file diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh new file mode 100644 index 0000000..f3f0110 --- /dev/null +++ b/src/zmb-standalone/install-service.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/zamba.conf + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules + +USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}') +useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER +echo "$USER:$ZMB_ADMIN_PASS" | chpasswd +smbpasswd -x $USER +(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER + +cat << EOF >> /etc/samba/smb.conf +[share] + comment = Main Share + path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + read only = No + vfs objects = shadow_copy2 + shadow: snapdir = .zfs/snapshot + shadow: sort = desc + shadow: format = -%Y-%m-%d-%H%M + shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\} + shadow: delimiter = -20 +EOF + +mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE +chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE + +systemctl restart smbd nmbd diff --git a/zamba.conf.example b/zamba.conf.example new file mode 100644 index 0000000..ef7137c --- /dev/null +++ b/zamba.conf.example @@ -0,0 +1,112 @@ +#!/bin/bash + +# This ist the Zamba main configuration file. +# Please adjust the settings to your needs before running the installer. + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + + +############### Linux Container Section ############### + +# Defines the Proxmox storage where your LXC container template are stored (default: local) +LXC_TEMPLATE_STORAGE="local" + +# Defines the size in GB of the LXC container's root filesystem (default: 32) +# Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`. +LXC_ROOTFS_SIZE="32" +# Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs) +LXC_ROOTFS_STORAGE="local-zfs" + +# Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100) +LXC_SHAREFS_SIZE="100" +# Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs) +LXC_SHAREFS_STORAGE="local-zfs" +# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) +LXC_SHAREFS_MOUNTPOINT="tank" + +# Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024) +LXC_MEM="1024" + +# Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024) +LXC_SWAP="1024" + +# Defines the hostname of your LXC container +LXC_HOSTNAME="zamba" + +# Defines the domain name / search domain of your LXC container +LXC_DOMAIN="zmb.rocks" + +# Defines the local IP address and subnet of your LXC container in CIDR format +LXC_IP="192.168.100.200/24" + +# Defines the default gateway IP address of your LXC container +LXC_GW="192.168.100.254" + +# Defines the DNS server ip address of your LXC container +# `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS +# For other services this should be your active directory domain controller (if present, else a DNS server of your choice) +LXC_DNS="192.168.100.254" + +# Defines the network bridge to bind the network adapter of your LXC container +LXC_BRIDGE="vmbr0" + +# Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty. +LXC_VLAN= + +# Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour. +LXC_PWD='S3cr3tp@ssw0rd' + +# Defines an authorized_keys file to push into the LXC container. +# By default the authorized_keys will be inherited from your proxmox host. +LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys" + +# Define your (administrative) tools, you always want to have installed into your LXC container +LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc" + +# Define the local timezone of your LXC container (default: Euroe/Berlin) +LXC_TIMEZONE="Europe/Berlin" + +# Define system language on LXC container (locales) +# This parameter is not used yet, but will be integrated in future releases. +LXC_LOCALE=de_DE.UTF-8 + +# Set dark background for vim syntax highlighting (0 or 1) +LXC_VIM_BG_DARK=1 + +############### Zamba-Server-Section ############### + +# Defines the REALM for the Active Directory (AD DC, AD member) +ZMB_REALM="ZMB.ROCKS" +# Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone) +ZMB_DOMAIN="ZMB" + +# Defines the name of your domain administrator account (AD DC, AD member, standalone) +ZMB_ADMIN_USER="administrator" +# The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour +# `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail +ZMB_ADMIN_PASS='1c@nd0@nyth1n9' + +# Defines the name of your Zamba share +ZMB_SHARE="share" + +############### Mailpiler-Section ############### + +# Defines the (public) FQDN of your piler mail archive +PILER_FQDN="piler.zmb.rocks" +# Defines the smarthost for piler mail archive +PILER_SMARTHOST="your.mailserver.tld" + + +############### Matrix-Section ############### + +# Define the FQDN of your Matrix server +MATRIX_FQDN="matrix.zmb.rocks" + +# Define the FQDN for the Element Web virtual host +MATRIX_ELEMENT_FQDN="element.zmb.rocks" + +# Define the version of Element Web +MATRIX_ELEMENT_VERSION="v1.7.24"