diff --git a/install.sh b/install.sh index addf0ef..fb8b1be 100755 --- a/install.sh +++ b/install.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -euo pipefail # This script will create and fire up a standard debian buster lxc container on your Proxmox VE. # On a Proxmox cluster, the script will create the container on the local node, where it's executed. @@ -15,7 +16,7 @@ # Please adjust th settings in 'zamba.conf' to your needs before running the script ############### ZAMBA INSTALL SCRIPT ############### -prog="$(basename "$0")" +prog="$(basename $0)" usage() { cat >&2 <<-EOF @@ -36,7 +37,6 @@ usage() { ctid=0 service=ask config=$PWD/conf/zamba.conf -verbose=0 while getopts "hi:s:c:" opt; do case $opt in @@ -49,13 +49,13 @@ while getopts "hi:s:c:" opt; do done shift $((OPTIND-1)) -OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a) +OPTS=$(find src/ -maxdepth 1 -mindepth 1 -type d -exec basename -a {} + | sort -n) valid=0 if [[ "$service" == "ask" ]]; then select svc in $OPTS quit; do if [[ "$svc" != "quit" ]]; then - for line in $(echo $OPTS); do + for line in $OPTS; do if [[ "$svc" == "$line" ]]; then service=$svc echo "Installation of $service selected." @@ -72,7 +72,7 @@ if [[ "$service" == "ask" ]]; then fi done else - for line in $(echo $OPTS); do + for line in $OPTS; do if [[ "$service" == "$line" ]]; then echo "Installation of $service selected." valid=1 @@ -88,9 +88,16 @@ fi # Load configuration file echo "Loading config file '$config'..." -source $config +if [ ! -e "$config" ]; then + echo "Configuration files does not exist" + exit 1 +fi -source $PWD/src/$service/constants-service.conf +source "src/functions.sh" + +source "$config" + +source "$PWD/src/$service/constants-service.conf" # CHeck is the newest template available, else download it. DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d'_' -f2) @@ -99,7 +106,7 @@ TMPL_NAME=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | tail if [[ $DEB_LOC == $DEB_REP ]]; then - echo "Newest Version of $LXC_TEMPLATE_VERSION $DEP_REP exists."; + echo "Newest Version of $LXC_TEMPLATE_VERSION $DEB_REP exists."; else echo "Will now download newest $LXC_TEMPLATE_VERSION $DEP_REP."; pveam download $LXC_TEMPLATE_STORAGE $TMPL_NAME @@ -121,17 +128,17 @@ fi echo "Will now create LXC Container $LXC_NBR!"; # Create the container -pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/$TMPL_NAME -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE; +pct create $LXC_NBR --password $LXC_PWD -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/$TMPL_NAME -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE; sleep 2; # Check vlan configuration -if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi +if [[ $LXC_VLAN != "NONE" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi # Reconfigure conatiner pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING; if [ $LXC_DHCP == true ]; then - pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN; + pct set $LXC_NBR -net0 "name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN" else - pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth$VLAN -nameserver $LXC_DNS -searchdomain $LXC_DOMAIN; + pct set $LXC_NBR -net0 "name=eth0,bridge=$LXC_BRIDGE,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth$VLAN" -nameserver $LXC_DNS -searchdomain $LXC_DOMAIN fi sleep 2 @@ -144,15 +151,15 @@ PS3="Select the Server-Function: " pct start $LXC_NBR; sleep 5; -# Set the root password and key -echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd; -lxc-attach -n$LXC_NBR mkdir /root/.ssh; +# Set the root ssh key +pct exec $LXC_NBR -- mkdir /root/.ssh pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys -pct push $LXC_NBR $config /root/zamba.conf -pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf -pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh -pct push $LXC_NBR $PWD/src/$service/install-service.sh /root/install-service.sh -pct push $LXC_NBR $PWD/src/$service/constants-service.conf /root/constants-service.conf +pct push $LXC_NBR "$config" /root/zamba.conf +pct push $LXC_NBR "$PWD/src/functions.sh" /root/functions.sh +pct push $LXC_NBR "$PWD/src/constants.conf" /root/constants.conf +pct push $LXC_NBR "$PWD/src/lxc-base.sh" /root/lxc-base.sh +pct push $LXC_NBR "$PWD/src/$service/install-service.sh" /root/install-service.sh +pct push $LXC_NBR "$PWD/src/$service/constants-service.conf" /root/constants-service.conf echo "Installing basic container setup..." lxc-attach -n$LXC_NBR bash /root/lxc-base.sh @@ -161,6 +168,7 @@ lxc-attach -n$LXC_NBR bash /root/install-service.sh if [[ $service == "zmb-ad" ]]; then pct stop $LXC_NBR - pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1) + ## set nameserver, ${LXC_IP%/*} extracts the ip address from cidr format + pct set $LXC_NBR -nameserver ${LXC_IP%/*} pct start $LXC_NBR fi diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index d422a13..6822b58 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/functions.sh b/src/functions.sh new file mode 100644 index 0000000..fa37998 --- /dev/null +++ b/src/functions.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# +# This script has basic functions like a random password generator + +random_password() { + set +o pipefail + C_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c32 +} \ No newline at end of file diff --git a/src/gitea/constants-service.conf b/src/gitea/constants-service.conf index 09949e8..77513ba 100644 --- a/src/gitea/constants-service.conf +++ b/src/gitea/constants-service.conf @@ -31,5 +31,5 @@ GITEA_DB_NAME="gitea" # Defines the name from the SQL user GITEA_DB_USR="gitea" -# Build a strong password for the SQL user - could be overwritten with something fixed -GITEA_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" \ No newline at end of file +# Build a strong password for the SQL user - could be overwritten with something fixed +GITEA_DB_PWD="$(random_password)" \ No newline at end of file diff --git a/src/gitea/install-service.sh b/src/gitea/install-service.sh index 9c43322..f57f7e5 100644 --- a/src/gitea/install-service.sh +++ b/src/gitea/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf @@ -83,10 +84,11 @@ SSL_MODE=disable APP_DATA_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea DOMAIN = ${LXC_HOSTNAME}.${LXC_DOMAIN} SSH_DOMAIN = ${LXC_HOSTNAME}.${LXC_DOMAIN} +HTTP_HOST = localhost HTTP_PORT = 3000 ROOT_URL = http://${LXC_HOSTNAME}.${LXC_DOMAIN}/ DISABLE_SSH = false -SSH_PORT = 11122 +SSH_PORT = 22 SSH_LISTEN_PORT = 22 EOF @@ -136,24 +138,11 @@ server { add_header Strict-Transport-Security "max-age=31536000" always; - location = /robots.txt { - access_log off; - log_not_found off; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - access_log /var/log/nginx/gitea.access.log; error_log /var/log/nginx/gitea.error.log; client_max_body_size 50M; - location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png) { - expires max; - } location / { proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; diff --git a/src/kopano-core/constants-service.conf b/src/kopano-core/constants-service.conf index 30026c7..739d6d1 100644 --- a/src/kopano-core/constants-service.conf +++ b/src/kopano-core/constants-service.conf @@ -35,10 +35,7 @@ MARIA_DB_NAME="kopano" MARIA_DB_USER="kopano" # Build a strong password for the SQL user - could be overwritten with something fixed -secure_pwd() { - set +o pipefail - LC_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c32 -} -MARIA_ROOT_PWD=$(secure_pwd) -MARIA_USER_PWD=$(secure_pwd) + +MARIA_ROOT_PWD=$(random_password) +MARIA_USER_PWD=$(random_password) diff --git a/src/kopano-core/install-service.sh b/src/kopano-core/install-service.sh index 53c375f..ef5fbe5 100644 --- a/src/kopano-core/install-service.sh +++ b/src/kopano-core/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/lxc-base.sh b/src/lxc-base.sh index a99fdfe..e90f6b7 100644 --- a/src/lxc-base.sh +++ b/src/lxc-base.sh @@ -8,6 +8,7 @@ set -euo pipefail # load configuration echo "Loading configuration..." +source /root/functions.sh source /root/zamba.conf source /root/constants.conf source /root/constants-service.conf diff --git a/src/mailpiler/install-service.sh b/src/mailpiler/install-service.sh index 035b852..217bfc6 100644 --- a/src/mailpiler/install-service.sh +++ b/src/mailpiler/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/matrix/install-service.sh b/src/matrix/install-service.sh index 1283d5b..bec0ae3 100644 --- a/src/matrix/install-service.sh +++ b/src/matrix/install-service.sh @@ -5,14 +5,15 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) +MRX_PKE=$(random_password) ELE_DBNAME="synapse_db" ELE_DBUSER="synapse_user" -ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) +ELE_DBPASS=$(random_password) DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2 diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf index e7ba80a..c805262 100644 --- a/src/nextcloud/constants-service.conf +++ b/src/nextcloud/constants-service.conf @@ -38,4 +38,4 @@ NEXTCLOUD_DB_NAME="nextcloud_db" NEXTCLOUD_DB_USR="nextcloud" # Build a strong password for the SQL user - could be overwritten with something fixed -NEXTCLOUD_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" +NEXTCLOUD_DB_PWD="$(random_password)" diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 0137db9..e719ce6 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/onlyoffice/install-service.sh b/src/onlyoffice/install-service.sh index c623bee..afea5b3 100644 --- a/src/onlyoffice/install-service.sh +++ b/src/onlyoffice/install-service.sh @@ -1,7 +1,15 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -ONLYOFFICE_DB_PASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) +ONLYOFFICE_DB_PASS=$(random_password) apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5 echo "deb https://download.onlyoffice.com/repo/debian squeeze main" > /etc/apt/sources.list.d/onlyoffice.list diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 9b22d69..cae28e0 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -5,12 +5,13 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf webroot=/var/www/html -MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)" +MYSQL_PASSWORD="$(random_password)" apt update diff --git a/src/proxmox-pbs/install-service.sh b/src/proxmox-pbs/install-service.sh index 4c3c121..5e77729 100644 --- a/src/proxmox-pbs/install-service.sh +++ b/src/proxmox-pbs/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/urbackup/install-service.sh b/src/urbackup/install-service.sh index b9ce29a..e35ddcf 100644 --- a/src/urbackup/install-service.sh +++ b/src/urbackup/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zammad/install-service.sh b/src/zammad/install-service.sh index 957437f..b6ea274 100644 --- a/src/zammad/install-service.sh +++ b/src/zammad/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-ad-join/install-service.sh b/src/zmb-ad-join/install-service.sh index da5d728..ee0dae9 100644 --- a/src/zmb-ad-join/install-service.sh +++ b/src/zmb-ad-join/install-service.sh @@ -4,6 +4,8 @@ # (C) 2021 Idea an concept by Christian Zengel # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille + +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh index c4c2845..dd87596 100644 --- a/src/zmb-ad/install-service.sh +++ b/src/zmb-ad/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh index 0cf017d..c2fdfcf 100644 --- a/src/zmb-member/install-service.sh +++ b/src/zmb-member/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index 8d0979e..6ba2878 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -5,6 +5,7 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf