From a49ca5208dba20bb27de45461ccea0bc1c60a051 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 25 May 2024 19:56:38 +0200 Subject: [PATCH] Add freescout container --- src/freescout/constants-service.conf | 33 +++++++ src/freescout/install-service.sh | 133 +++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 src/freescout/constants-service.conf create mode 100644 src/freescout/install-service.sh diff --git a/src/freescout/constants-service.conf b/src/freescout/constants-service.conf new file mode 100644 index 0000000..c4548eb --- /dev/null +++ b/src/freescout/constants-service.conf @@ -0,0 +1,33 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +# This file contains the project constants on service level + +# Debian Version, which will be installed +LXC_TEMPLATE_VERSION="debian-12-standard" + +# Create sharefs mountpoint +LXC_MP=0 +# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) +LXC_SHAREFS_MOUNTPOINT="tank" +# Defines the recordsize of mp0 +LXC_MP_RECORDSIZE="16K" + +# Create unprivileged container +LXC_UNPRIVILEGED="1" + +# enable nesting feature +LXC_NESTING="1" + +# enable keyctl feature +LXC_KEYCTL="0" + +# Sets the minimum amount of RAM the service needs for operation +LXC_MEM_MIN=1024 + +# service dependent meta tags +SERVICE_TAGS="php-fpm,nginx,mariadb" \ No newline at end of file diff --git a/src/freescout/install-service.sh b/src/freescout/install-service.sh new file mode 100644 index 0000000..cfe3b11 --- /dev/null +++ b/src/freescout/install-service.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +# Authors: +# (C) 2021 Idea an concept by Christian Zengel +# (C) 2021 Script design and prototype by Markus Helmke +# (C) 2021 Script rework and documentation by Thorsten Spille + +set -euo pipefail + +source /root/functions.sh +source /root/zamba.conf +source /root/constants-service.conf + +webroot=/var/www/html + +LXC_RANDOMPWD=20 +MYSQL_PASSWORD="$(random_password)" + +apt update + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-zip php-curl php-intl php-fpm php-mysql php-imap php-xml php-mbstring php-gd ssl-cert git + + +echo ‘cgi.fix_pathinfo=0’ >> /etc/php/8.2/fpm/php.ini + +cat << EOF > /etc/nginx/sites-available/default +server { + listen 80; + listen [::]:80; + server_name _; + + return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $LXC_HOSTNAME.$LXC_DOMAIN; + + root $webroot/freescout/public; + + index index.php index.html index.htm; + + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privkey.pem; + + client_max_body_size 20M; + + location / { + try_files \$uri \$uri/ /index.php?\$query_string; + } + + location ~ .php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + include fastcgi_params; + } + + location ^~ /storage/app/attachment/ { + internal; + alias /var/www/html/storage/app/attachment/; + } + + location ~* ^/storage/attachment/ { + expires 1M; + access_log off; + try_files \$uri \$uri/ /index.php?\$query_string; + } + + location ~* ^/(?:css|js)/.*\.(?:css|js)$ { + expires 2d; + access_log off; + add_header Cache-Control "public, must-revalidate"; + } + + # The list should be in sync with /storage/app/public/uploads/.htaccess and /config/app.php + location ~* ^/storage/.*\.((?!(jpg|jpeg|jfif|pjpeg|pjp|apng|bmp|gif|ico|cur|png|tif|tiff|webp|pdf|txt|diff|patch|json|mp3|wav|ogg|wma)).)*$ { + add_header Content-disposition "attachment; filename=\$2"; + default_type application/octet-stream; + } + + location ~* ^/(?:css|fonts|img|installer|js|modules|[^\\\\\\]+\..*)$ { + expires 1M; + access_log off; + add_header Cache-Control "public"; + } + + location ~ /\. { + deny all; + } +} + +EOF + +rm /var/www/html/*nginx*.html +mkdir -p /etc/nginx/ssl +ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem +ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem + +mysql -uroot -e "CREATE USER 'freescout'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; +GRANT USAGE ON * . * TO 'freescout'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; +CREATE DATABASE IF NOT EXISTS freescout; +GRANT ALL PRIVILEGES ON freescout . * TO 'freescout'@'localhost';" + +curl -s https://api.github.com/repos/freescout-helpdesk/freescout/releases/latest | grep tarball_url | cut -d '"' -f 4 | wget -O $webroot/freescout.tar.gz -i - +cd $webroot +tar -vxf freescout.tar.gz +dir=$(ls -d freescout-helpdesk-freescout*) +mv -v $dir freescout +chown -R www-data:www-data /var/www/html +find /var/www/html -type f -exec chmod 664 {} \; +find /var/www/html -type d -exec chmod 775 {} \; +cd $webroot/freescout +APP_KEY=$(sudo -u www-data php artisan key:generate --show) +sudo -u www-data sed -e "s|APP_URL=.*|APP_URL=https://${LXC_HOSTNAME}.${LXC_DOMAIN}|" -e "s|DB_DATABASE=|DB_DATABASE=freescout|" -e "s|DB_USERNAME=|DB_USERNAME=freescout|" -e "s|DB_PASSWORD=|DB_PASSWORD=${MYSQL_PASSWORD}|" -e "s|APP_KEY=|APP_KEY=${APP_KEY}|" .env.example > .env +sudo -u www-data php artisan freescout:clear-cache +sudo -u www-data php artisan storage:link +sudo -u www-data php artisan migrate -n --force +FS_PASSWORD=$(random_password) +sudo -u www-data php artisan freescout:create-user -n --role=admin --firstName=$FS_FIRSTNAME --lastName=$FS_LASTNAME --email=$FS_EMAIL --password=$FS_PASSWORD + +cat << EOF > /etc/cron.d/freescout +* * * * * www-data /bin/php /var/www/html/freescout/artisan schedule:run >> /dev/null 2>&1 +EOF + +systemctl enable --now php8.2-fpm +systemctl restart php8.2-fpm nginx + +LXC_IP=$(ip address show dev eth0 | grep "inet " | cut -d ' ' -f6) + +echo -e "Your freescout installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttps://$(echo $LXC_IP | cut -d'/' -f1)\nLogin:\t\t$FS_EMAIL\nPassword:\t$FS_PASSWORD\n" \ No newline at end of file