Merge branch '2022-01-14' of https://github.com/bashclub/zamba-lxc-toolbox into 2022-01-14

This commit is contained in:
DerFossibaer 2022-01-15 17:02:24 +01:00
commit b790959e95
12 changed files with 116 additions and 38 deletions

View File

@ -112,6 +112,12 @@ MATRIX_FQDN="matrix.zmb.rocks"
# Define the FQDN for the Element Web virtual host # Define the FQDN for the Element Web virtual host
MATRIX_ELEMENT_FQDN="element.zmb.rocks" MATRIX_ELEMENT_FQDN="element.zmb.rocks"
# Define the administrative user of matrix service
MATRIX_ADMIN_USER="admin"
# Define the admin password
MATRIX_ADMIN_PASSWORD="Start!123"
############### Nextcloud-Section ############### ############### Nextcloud-Section ###############
# Define the FQDN of your Nextcloud server # Define the FQDN of your Nextcloud server

View File

@ -8,7 +8,7 @@
# This file contains the project constants on service level # This file contains the project constants on service level
# Debian Version, which will be installed # Debian Version, which will be installed
LXC_TEMPLATE_VERSION="debian-10-standard" LXC_TEMPLATE_VERSION="debian-11-standard"
# Create sharefs mountpoint # Create sharefs mountpoint
LXC_MP="0" LXC_MP="0"
@ -20,4 +20,4 @@ LXC_UNPRIVILEGED="1"
LXC_NESTING="1" LXC_NESTING="1"
# Define the version of Element Web # Define the version of Element Web
MATRIX_ELEMENT_VERSION="v1.7.25" MATRIX_ELEMENT_VERSION="v1.9.8"

View File

@ -87,7 +87,7 @@ cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name $MATRIX_ELEMENT_FQDN; server_name _;
return 301 https://$MATRIX_ELEMENT_FQDN; return 301 https://$MATRIX_ELEMENT_FQDN;
} }
@ -107,6 +107,7 @@ server {
EOF EOF
unlink /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
systemctl restart nginx systemctl restart nginx
@ -136,19 +137,17 @@ EOF
cd / cd /
sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|server_name:|server_name: $MATRIX_FQDN|g" /etc/matrix-synapse/conf.d/server_name.yaml
sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
systemctl restart matrix-synapse systemctl restart matrix-synapse
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008 register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p '$MATRIX_ADMIN_PASSWORD' -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
#curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' #curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
#echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
#apt update #apt update
#apt install -y jitsi-meet #apt install -y jitsi-meet

View File

@ -8,7 +8,7 @@
# This file contains the project constants on service level # This file contains the project constants on service level
# Debian Version, which will be installed # Debian Version, which will be installed
LXC_TEMPLATE_VERSION="debian-10-standard" LXC_TEMPLATE_VERSION="debian-11-standard"
# Create sharefs mountpoint # Create sharefs mountpoint
LXC_MP="1" LXC_MP="1"

View File

@ -11,7 +11,7 @@ source /root/constants-service.conf
HOSTNAME=$(hostname -f) HOSTNAME=$(hostname -f)
wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add -
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add - wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
@ -76,7 +76,7 @@ sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
sed -i '\$aapc.enable_cli=1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini echo -e '\napc.enable_cli=1' >> /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml

View File

@ -8,7 +8,7 @@
# This file contains the project constants on service level # This file contains the project constants on service level
# Debian Version, which will be installed # Debian Version, which will be installed
LXC_TEMPLATE_VERSION="debian-10-standard" LXC_TEMPLATE_VERSION="debian-11-standard"
# Create sharefs mountpoint # Create sharefs mountpoint
LXC_MP="0" LXC_MP="0"

9
src/open3a/features.json Normal file
View File

@ -0,0 +1,9 @@
{
"unprivileged": 1,
"features": {},
"sharefs": {},
"mem": 1024,
"swap": 1024,
"hostname": "open3a",
"domain": "zmb.rocks"
}

1
src/open3a/info Normal file
View File

@ -0,0 +1 @@
Open3A Server

View File

@ -8,28 +8,45 @@
source /root/zamba.conf source /root/zamba.conf
source /root/constants-service.conf source /root/constants-service.conf
webroot=/var/www/html
MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)" MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)"
apt update apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
cat << EOF > /etc/nginx/sites-available/default cat << EOF > /etc/nginx/sites-available/default
server { server {
listen 80 default_server; listen 80;
listen [::]:80 default_server; listen [::]:80;
server_name _;
root /var/www/html; return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $LXC_HOSTNAME.$LXC_DOMAIN;
root $webroot;
index index.php; index index.php;
server_name _; ssl on;
ssl_certificate /etc/nginx/ssl/open3a.crt;
ssl_certificate_key /etc/nginx/ssl/open3a.key;
location ~ .php$ { location ~ .php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
} }
} }
EOF EOF
mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';
@ -37,19 +54,19 @@ GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WIT
CREATE DATABASE IF NOT EXISTS open3a; CREATE DATABASE IF NOT EXISTS open3a;
GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';" GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';"
cd /var/www/html/ cd $webroot
wget https://www.open3a.de/download/open3A%203.4.zip -O open3a.zip wget https://www.open3a.de/download/open3A%203.5.zip -O $webroot/open3a.zip
unzip open3a.zip unzip open3a.zip
rm open3a.zip rm open3a.zip
chmod 666 system/DBData/Installation.pfdb.php chmod 666 system/DBData/Installation.pfdb.php
chmod -R 777 specifics/ chmod -R 777 specifics/
chmod -R 777 system/Backups chmod -R 777 system/Backup
chown -R www-data:www-data /var/www/html chown -R www-data:www-data $webroot
echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup echo "sudo -u www-data /usr/bin/php $webroot/plugins/Installation/backup.php; for backup in \$(ls -r1 $webroot/system/Backup/*.gz | /bin/grep -v \$(date +%Y%m%d)); do /bin/rm \$backup;done" > /etc/cron.daily/open3a-backup
chmod +x /etc/cron.daily/open3a-backup chmod +x /etc/cron.daily/open3a-backup
systemctl enable --now php7.3-fpm systemctl enable --now php7.4-fpm
systemctl restart nginx systemctl restart php7.4-fpm nginx
echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"

View File

@ -11,7 +11,7 @@ source /root/constants-service.conf
cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list
# PBS pbs-no-subscription repository provided by proxmox.com, # PBS pbs-no-subscription repository provided by proxmox.com,
# NOT recommended for production use # NOT recommended for production use
deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription deb http://download.proxmox.com/debian/pbs $(lsb_release -cs) pbs-no-subscription
EOF EOF
wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg

View File

@ -21,3 +21,6 @@ LXC_NESTING="1"
# Backup ubdir where Urbackup will store backups # Backup ubdir where Urbackup will store backups
URBACKUP_DATA="urbackup" URBACKUP_DATA="urbackup"
# OS codename for opensuse / urbackup repo
REPO_CODENAME="Debian_10"

View File

@ -8,13 +8,56 @@
source /root/zamba.conf source /root/zamba.conf
source /root/constants-service.conf source /root/constants-service.conf
mkdir /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA mkdir -p /$LXC_SHAREFS_MOUNTPOINT/tmp
mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
mkdir /etc/urbackup mkdir /etc/urbackup
echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder
echo 'deb http://download.opensuse.org/repositories/home:/uroni/Debian_10/ /' | tee /etc/apt/sources.list.d/home:uroni.list echo "deb http://download.opensuse.org/repositories/home:/uroni/$REPO_CODENAME/ /" | tee /etc/apt/sources.list.d/urbackup.list
curl -fsSL https://download.opensuse.org/repositories/home:uroni/Debian_10/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null curl -fsSL https://download.opensuse.org/repositories/home:uroni/$REPO_CODENAME/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null
apt update apt update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server nginx
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/urbackup.key -out /etc/nginx/ssl/urbackup.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
ln -s /usr/share/urbackup/www /var/www/urbackup
cat << EOF > /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $LXC_HOSTNAME.$LXC_DOMAIN;
root /var/www/urbackup;
index index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/urbackup.crt;
ssl_certificate_key /etc/nginx/ssl/urbackup.key;
location /x {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:55413;
}
}
EOF
sed -i "s/DAEMON_TMPDIR=\"\/tmp\"/DAEMON_TMPDIR=\"\/$LXC_SHAREFS_MOUNTPOINT\/tmp\"/g" /etc/default/urbackupsrv
sed -i "s/HTTP_SERVER=\"true\"/HTTP_SERVER=\"false\"/g" /etc/default/urbackupsrv
chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/tmp
chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
systemctl restart urbackupsrv nginx