From 9eebc19922c6d58a4d97753ac151c0111f5e31ff Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 12:29:43 +0100 Subject: [PATCH 1/5] matrix: migrated to debian bullseye --- conf/zamba.conf.example | 6 ++++++ src/matrix/constants-service.conf | 4 ++-- src/matrix/install-service.sh | 11 +++++------ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 2885a7e..459538f 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -112,6 +112,12 @@ MATRIX_FQDN="matrix.zmb.rocks" # Define the FQDN for the Element Web virtual host MATRIX_ELEMENT_FQDN="element.zmb.rocks" +# Define the administrative user of matrix service +MATRIX_ADMIN_USER="admin" + +# Define the admin password +MATRIX_ADMIN_PASSWORD="Start!123" + ############### Nextcloud-Section ############### # Define the FQDN of your Nextcloud server diff --git a/src/matrix/constants-service.conf b/src/matrix/constants-service.conf index 3737735..da80d37 100644 --- a/src/matrix/constants-service.conf +++ b/src/matrix/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-10-standard" +LXC_TEMPLATE_VERSION="debian-11-standard" # Create sharefs mountpoint LXC_MP="0" @@ -20,4 +20,4 @@ LXC_UNPRIVILEGED="1" LXC_NESTING="1" # Define the version of Element Web -MATRIX_ELEMENT_VERSION="v1.7.25" +MATRIX_ELEMENT_VERSION="v1.9.8" diff --git a/src/matrix/install-service.sh b/src/matrix/install-service.sh index 80d5fff..1283d5b 100644 --- a/src/matrix/install-service.sh +++ b/src/matrix/install-service.sh @@ -87,7 +87,7 @@ cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml +sed -i "s|server_name:|server_name: $MATRIX_FQDN|g" /etc/matrix-synapse/conf.d/server_name.yaml sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n user: $ELE_DBUSER\n password: $ELE_DBPASS\n host: 127.0.0.1\n cp_min: 5\n cp_max: 10|" /etc/matrix-synapse/homeserver.yaml systemctl restart matrix-synapse -register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008 +register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p '$MATRIX_ADMIN_PASSWORD' -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008 #curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null #apt update -#apt install -y jitsi-meet - - - +#apt install -y jitsi-meet \ No newline at end of file From e368bbde08b010e6721492a6501be6c56bfdd81f Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 13:13:36 +0100 Subject: [PATCH 2/5] nextcloud: migration to debian bullseye --- src/nextcloud/constants-service.conf | 2 +- src/nextcloud/install-service.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf index ad9bf6d..e7ba80a 100644 --- a/src/nextcloud/constants-service.conf +++ b/src/nextcloud/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-10-standard" +LXC_TEMPLATE_VERSION="debian-11-standard" # Create sharefs mountpoint LXC_MP="1" diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 870263c..ada9cc5 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -11,7 +11,7 @@ source /root/constants-service.conf HOSTNAME=$(hostname -f) wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - -echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list +echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add - echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list @@ -76,7 +76,7 @@ sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/ sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini -sed -i '\$aapc.enable_cli=1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini +echo -e '\napc.enable_cli=1' >> /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml From d2ed7cb0e4a65b3971eaa0601b211e83f1d01a1d Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 14:10:47 +0100 Subject: [PATCH 3/5] open3a: migration to debian bullseye --- src/open3a/constants-service.conf | 2 +- src/open3a/features.json | 9 +++++ src/open3a/info | 1 + src/open3a/install-service.sh | 55 ++++++++++++++++++++----------- 4 files changed, 47 insertions(+), 20 deletions(-) create mode 100644 src/open3a/features.json create mode 100644 src/open3a/info diff --git a/src/open3a/constants-service.conf b/src/open3a/constants-service.conf index bc20c1a..4f5ef36 100644 --- a/src/open3a/constants-service.conf +++ b/src/open3a/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-10-standard" +LXC_TEMPLATE_VERSION="debian-11-standard" # Create sharefs mountpoint LXC_MP="0" diff --git a/src/open3a/features.json b/src/open3a/features.json new file mode 100644 index 0000000..0a173fb --- /dev/null +++ b/src/open3a/features.json @@ -0,0 +1,9 @@ +{ + "unprivileged": 1, + "features": {}, + "sharefs": {}, + "mem": 1024, + "swap": 1024, + "hostname": "open3a", + "domain": "zmb.rocks" +} \ No newline at end of file diff --git a/src/open3a/info b/src/open3a/info new file mode 100644 index 0000000..6600e6d --- /dev/null +++ b/src/open3a/info @@ -0,0 +1 @@ +Open3A Server \ No newline at end of file diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 00c5cc8..28fb349 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -8,28 +8,45 @@ source /root/zamba.conf source /root/constants-service.conf +webroot=/var/www/html + MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)" apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd +mkdir /etc/nginx/ssl +openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN" + cat << EOF > /etc/nginx/sites-available/default server { - listen 80 default_server; - listen [::]:80 default_server; + listen 80; + listen [::]:80; + server_name _; - root /var/www/html; - - index index.php; - - server_name _; - - location ~ .php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; - } + return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN; } + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $LXC_HOSTNAME.$LXC_DOMAIN; + + root $webroot; + + index index.php; + + ssl on; + ssl_certificate /etc/nginx/ssl/open3a.crt; + ssl_certificate_key /etc/nginx/ssl/open3a.key; + + location ~ .php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + } +} + EOF mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; @@ -37,19 +54,19 @@ GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WIT CREATE DATABASE IF NOT EXISTS open3a; GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';" -cd /var/www/html/ -wget https://www.open3a.de/download/open3A%203.4.zip -O open3a.zip +cd $webroot +wget https://www.open3a.de/download/open3A%203.5.zip -O $webroot/open3a.zip unzip open3a.zip rm open3a.zip chmod 666 system/DBData/Installation.pfdb.php chmod -R 777 specifics/ -chmod -R 777 system/Backups -chown -R www-data:www-data /var/www/html +chmod -R 777 system/Backup +chown -R www-data:www-data $webroot -echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup +echo "sudo -u www-data /usr/bin/php $webroot/plugins/Installation/backup.php; for backup in \$(ls -r1 $webroot/system/Backup/*.gz | /bin/grep -v \$(date +%Y%m%d)); do /bin/rm \$backup;done" > /etc/cron.daily/open3a-backup chmod +x /etc/cron.daily/open3a-backup -systemctl enable --now php7.3-fpm -systemctl restart nginx +systemctl enable --now php7.4-fpm +systemctl restart php7.4-fpm nginx echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a" \ No newline at end of file From d2af773363ccb37005589763cc0db11085be54f1 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 14:20:28 +0100 Subject: [PATCH 4/5] proxmox-pbs: migration to debian bullseye --- src/proxmox-pbs/install-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proxmox-pbs/install-service.sh b/src/proxmox-pbs/install-service.sh index 1771d45..4c3c121 100644 --- a/src/proxmox-pbs/install-service.sh +++ b/src/proxmox-pbs/install-service.sh @@ -11,7 +11,7 @@ source /root/constants-service.conf cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list # PBS pbs-no-subscription repository provided by proxmox.com, # NOT recommended for production use -deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription +deb http://download.proxmox.com/debian/pbs $(lsb_release -cs) pbs-no-subscription EOF wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg From 24c9b03abe37ca3bd77730d0a6f9d61783e88b5f Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 16:34:45 +0100 Subject: [PATCH 5/5] urbackup: added https proxy, still debian buster --- src/urbackup/constants-service.conf | 5 ++- src/urbackup/install-service.sh | 53 ++++++++++++++++++++++++++--- 2 files changed, 52 insertions(+), 6 deletions(-) diff --git a/src/urbackup/constants-service.conf b/src/urbackup/constants-service.conf index a27d2ff..6d9a772 100644 --- a/src/urbackup/constants-service.conf +++ b/src/urbackup/constants-service.conf @@ -20,4 +20,7 @@ LXC_UNPRIVILEGED="1" LXC_NESTING="1" # Backup ubdir where Urbackup will store backups -URBACKUP_DATA="urbackup" \ No newline at end of file +URBACKUP_DATA="urbackup" + +# OS codename for opensuse / urbackup repo +REPO_CODENAME="Debian_10" \ No newline at end of file diff --git a/src/urbackup/install-service.sh b/src/urbackup/install-service.sh index b7f6893..b9ce29a 100644 --- a/src/urbackup/install-service.sh +++ b/src/urbackup/install-service.sh @@ -8,13 +8,56 @@ source /root/zamba.conf source /root/constants-service.conf -mkdir /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA +mkdir -p /$LXC_SHAREFS_MOUNTPOINT/tmp +mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA mkdir /etc/urbackup echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder -echo 'deb http://download.opensuse.org/repositories/home:/uroni/Debian_10/ /' | tee /etc/apt/sources.list.d/home:uroni.list -curl -fsSL https://download.opensuse.org/repositories/home:uroni/Debian_10/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null +echo "deb http://download.opensuse.org/repositories/home:/uroni/$REPO_CODENAME/ /" | tee /etc/apt/sources.list.d/urbackup.list +curl -fsSL https://download.opensuse.org/repositories/home:uroni/$REPO_CODENAME/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server -chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA \ No newline at end of file +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server nginx + +mkdir /etc/nginx/ssl +openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/urbackup.key -out /etc/nginx/ssl/urbackup.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN" + +ln -s /usr/share/urbackup/www /var/www/urbackup + +cat << EOF > /etc/nginx/sites-available/default +server { + listen 80; + listen [::]:80; + server_name _; + + return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $LXC_HOSTNAME.$LXC_DOMAIN; + + root /var/www/urbackup; + + index index.htm; + + ssl on; + ssl_certificate /etc/nginx/ssl/urbackup.crt; + ssl_certificate_key /etc/nginx/ssl/urbackup.key; + + location /x { + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:55413; + } +} + +EOF + +sed -i "s/DAEMON_TMPDIR=\"\/tmp\"/DAEMON_TMPDIR=\"\/$LXC_SHAREFS_MOUNTPOINT\/tmp\"/g" /etc/default/urbackupsrv +sed -i "s/HTTP_SERVER=\"true\"/HTTP_SERVER=\"false\"/g" /etc/default/urbackupsrv +chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/tmp +chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA + +systemctl restart urbackupsrv nginx \ No newline at end of file