Fixed setting of share acls (user = lower case)

fixed default values in zamba.conf.example

README.md

@@ -5,7 +5,7 @@ Zamba LXC Toolbox is a collection of scripts to easily install Debian LXC contai
 The main feature is `Zamba`, the fusion of ZFS and Samba in three different flavours (standalone, active directory dc or active directory member), preconfigured to access ZFS snapshots by "Windows Previous Versions" to easily recover encrypted by ransomware files, accidently deleted files or just to revert changes.
 The package also provides LXC container installers for `mailpiler`, `matrix-synapse` + `element-web` and more services will follow in future releases.
 ### Requirements
-Proxmox VE Server with at least one configured ZFS Pool.
+Proxmox VE Server (>=6.30) with at least one configured ZFS Pool.
 ### Included services:
 - `checkmk` => Check_MK 2.0 Monitoring Server
 - `debian-priv` => Debian privileged container with basic toolset

conf/README.md

@@ -51,7 +51,7 @@ LXC_SWAP="1024"
 ### LXC_HOSTNAME
 Defines the hostname of your LXC container (Default: Name of installed Service)
 ```bash
-LXC_SWAP="zamba"
+LXC_HOSTNAME="zamba"
 ```
 ### LXC_DOMAIN
 Defines the domain name / search domain of your LXC container

conf/zamba.conf.example

@@ -100,9 +100,9 @@ ZMB_SHARE="share"
 ############### Mailpiler-Section ###############
 
 # Defines the (public) FQDN of your piler mail archive
-PILER_FQDN="piler.zmb.rocks"
+PILER_FQDN="mailpiler.zmb.rocks"
 # Defines the smarthost for piler mail archive
-PILER_SMARTHOST="your.mailserver.tld"
+PILER_SMARTHOST="mail.zmb.rocks"
 
 ############### Matrix-Section ###############
 
@@ -121,7 +121,7 @@ MATRIX_ADMIN_PASSWORD="Start!123"
 ############### Nextcloud-Section ###############
 
 # Define the FQDN of your Nextcloud server
-NEXTCLOUD_FQDN="nc1.zmb.rocks"
+NEXTCLOUD_FQDN="nextcloud.zmb.rocks"
 
 # The initial admin-user which will be configured
 NEXTCLOUD_ADMIN_USR="zmb-admin"

install.sh

@@ -49,10 +49,6 @@ while getopts "hi:s:c:" opt; do
 done
 shift $((OPTIND-1))
 
-# Load configuration file
-echo "Loading config file '$config'..."
-source $config
-
 OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a)
 
 valid=0
@@ -90,18 +86,23 @@ if [[ "$valid" != "1" ]]; then
   usage 1
 fi
 
+# Load configuration file
+echo "Loading config file '$config'..."
+source $config
+
 source $PWD/src/$service/constants-service.conf
 
 # CHeck is the newest template available, else download it.
-DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2)
-DEB_REP=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2)
+DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d'_' -f2)
+DEB_REP=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d'_' -f2)
+TMPL_NAME=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d' ' -f11)
 
 if [[ $DEB_LOC == $DEB_REP ]];
 then
   echo "Newest Version of $LXC_TEMPLATE_VERSION $DEP_REP exists.";
 else
   echo "Will now download newest $LXC_TEMPLATE_VERSION $DEP_REP.";
-  pveam download $LXC_TEMPLATE_STORAGE "$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz
+  pveam download $LXC_TEMPLATE_STORAGE $TMPL_NAME
 fi
 
 if [ $ctid -gt 99 ]; then
@@ -120,7 +121,7 @@ fi
 echo "Will now create LXC Container $LXC_NBR!";
 
 # Create the container
-pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/"$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
+pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/$TMPL_NAME -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
 sleep 2;
 
 # Check vlan configuration
@@ -162,4 +163,4 @@ if [[ $service == "zmb-ad" ]]; then
   pct stop $LXC_NBR
   pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1)
   pct start $LXC_NBR
-fi
+fi

new-config.py

@@ -1,136 +0,0 @@
-#!/usr/bin/python3
-import os
-from src import config_base, menu
-
-# Check installation of zfs-auto-snapshot, if not installed, just notify user
-config_base.check_zfs_autosnapshot()
-    
-cfg = {}
-# set template storage
-t_storages = config_base.get_pve_storages(content=config_base.PveStorageContent.vztmpl)
-if len(t_storages.keys()) > 1:
-    t_stors={}
-    for st in t_storages.keys():
-        t_stors[st] = f"driver: {t_storages[st]['driver']}\tfree space: {int(t_storages[st]['available'])/1024/1024:.2f} GB"
-    cfg['LXC_TEMPLATE_STORAGE'] = menu.radiolist("Select container template storage", "Please choose the storage, where your container templates are stored.", t_stors)
-elif len(t_storages.keys()) == 1:
-    cfg['LXC_TEMPLATE_STORAGE'] = next(iter(t_storages))
-else:
-    print("Could not find any storage enabled for container templates. Please ensure your storages are configured properly.")
-    os._exit(1)
-
-# get zmb service
-cfg['ZMB_SERVICE'] = menu.radiolist("Select service","Please choose the service to install:", config_base.get_zmb_services())
-
-# get static ct features
-ct_features = config_base.get_ct_features(cfg["ZMB_SERVICE"])
-cfg['LXC_UNPRIVILEGED'] = ct_features['unprivileged']
-# get ct id
-cfg['LXC_NBR'] = menu.question("Container ID", f"Please select an ID for the {cfg['ZMB_SERVICE']} container.", menu.qType.Integer, config_base.get_ct_id(), config_base.validate_ct_id)
-
-# configure rootfs
-r_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
-if len(r_storages.keys()) > 1:
-    r_stors = {}
-    for st in r_storages.keys():
-        r_stors[st] = f"driver: {r_storages[st]['driver']}\tfree space: {int(r_storages[st]['available'])/1024/1024:.2f} GB"
-    cfg['LXC_ROOTFS_STORAGE'] = menu.radiolist("Select rootfs storage", "Please choose the storage for your container's rootfs",r_stors)
-elif len(r_storages.keys()) == 1:
-    cfg['LXC_ROOTFS_STORAGE'] = next(iter(r_storages))
-else:
-    print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
-    os._exit(1)
-
-cfg['LXC_ROOTFS_SIZE'] = menu.question("Set rootfs size","Please type in the desired rootfs size (GB)", menu.qType.Integer,32)
-
-# create additional mountpoints
-if 'size' in ct_features['sharefs'].keys():
-    f_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
-    if len(f_storages.keys()) > 1:
-        f_stors = {}
-        for st in f_storages.keys():
-            f_stors[st] = f"driver: {f_storages[st]['driver']}\tfree space: {int(f_storages[st]['available'])/1024/1024:.2f} GB"
-        cfg['LXC_SHAREFS_STORAGE'] = menu.radiolist("Select sharefs storage", "Please choose the storage of your shared filesystem", f_stors)
-    elif len(r_storages.keys()) == 1:
-        cfg['LXC_SHAREFS_STORAGE'] = next(iter(f_storages))
-    else:
-        print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
-        os._exit(1)
-    cfg['LXC_SHAREFS_SIZE'] = menu.question("Select sharefs size","Please type in the desired size (GB) of your shared filesystem", menu.qType.Integer,ct_features['sharefs']['size'])
-    cfg['LXC_SHAREFS_MOUNTPOINT'] = menu.question("Select sharefs mountpoint","Please type in the folder where to mount your shared filesystem inside the container.", menu.qType.String,ct_features['sharefs']['mountpoint'])
-
-# configure ram and swap
-cfg['LXC_MEM'] = menu.question("Set container RAM", "Please type in the desired amount of RAM for the container (MB)",menu.qType.Integer,ct_features["mem"])
-cfg['LXC_SWAP'] = menu.question("Set container Swap", "Please type in the desired amount of Swap for the container (MB)",menu.qType.Integer,ct_features["swap"])
-cfg['LXC_HOSTNAME'] = menu.question("Set container Hostname", "Please type in the desired hostname of the container",menu.qType.String,ct_features['hostname'])
-cfg['LXC_DOMAIN'] = menu.question("Set container search domain", "Please type in the search domain of your network.", menu.qType.String,ct_features['domain'])
-cfg['LXC_TIMEZONE'] = 'host' # TODO
-cfg['LXC_LOCALE'] = "de_DE.utf8" # TODO
-
-# get pve bridge
-bridges = config_base.get_pve_bridges()
-if len(bridges) > 1:
-    cfg['LXC_BRIDGE'] = menu.radiolist("Select PVE Network Bridge", f"Please select the network bridge to connect the {cfg['ZMB_SERVICE']} container",bridges)
-elif len(bridges) == 1:
-    cfg['LXC_BRIDGE'] = bridges[0]
-else:
-    print("Could not find any bridge device to connect container. Please ensure your networksettings are configured properly.")
-    os._exit(1)
-
-cfg['LXC_VLAN'] = menu.question("Set vlan tag", "You you want to tag your container's network to a vlan? (0 = untagged, 1 - 4094 = tagged vlan id)",menu.qType.Integer,0, config_base.validate_vlan)
-
-# configure network interface
-if  cfg['ZMB_SERVICE'] != 'zmb-ad':
-    enable_dhcp = menu.question("Set network mode", "Do you want to configure the network interface in dhcp mode?",menu.qType.Boolean,default=True)
-else:
-    enable_dhcp = False
-if enable_dhcp == True:
-    cfg["LXC_NET_MODE"] = 'dhcp'
-else:
-    cfg["LXC_NET_MODE"] = 'static'
-    cfg["LXC_IP"] = menu.question("Set interface IP Addess", "Pleace type in the containers IP address (CIDR Format).",menu.qType.String,default='10.10.10.10/8')
-    cfg["LXC_GW"] = menu.question("Set interface default gateway", "Pleace type in the containers default gateway.",menu.qType.String,default='10.10.10.1')
-cfg['LXC_DNS']  = menu.question("Set containers dns server", "Pleace type in the containers dns server. ZMB AD will use this as dns forwarder",menu.qType.String,default='10.10.10.1')
-
-cfg['LXC_PWD'] = menu.question("Set root password", "Please type in the containers root password", menu.qType.String,default='')
-cfg['LXC_AUTHORIZED_KEY'] = menu.question ("Set authorized_keys file to import", "Please select authorized_keys file to import.", menu.qType.String, default='~/.ssh/authorized_keys')
-
-os.system('clear')
-print (f"#### Zamba LXC Toolbox ####\n")
-print (f"GLOBAL CONFIGURATION:")
-print (f"\tct template storage:\t{cfg['LXC_TEMPLATE_STORAGE']}")
-print (f"\nCONTAINER CONFIGURATION:")
-print (f"\tzmb service:\t\t{cfg['ZMB_SERVICE']}")
-print (f"\tcontainer id:\t\t{cfg['LXC_NBR']}")
-print (f"\tunprivileged:\t\t{cfg['LXC_UNPRIVILEGED']}")
-for feature in ct_features['features'].keys():
-    if feature == 'nesting':
-        cfg['LXC_NESTING'] = ct_features['features'][feature]
-        print (f"\t{feature}:\t\t{cfg['LXC_NESTING']}")
-print (f"\tcontainer memory:\t{cfg['LXC_MEM']} MB")
-print (f"\tcontainer swap:\t\t{cfg['LXC_SWAP']} MB")
-print (f"\tcontainer hostname:\t{cfg['LXC_HOSTNAME']}")
-print (f"\tct search domain:\t{cfg['LXC_DOMAIN']}")
-print (f"\tcontainer timezone\t{cfg['LXC_TIMEZONE']}")
-print (f"\tcontainer language\t{cfg['LXC_LOCALE']}")
-print (f"\nSTORAGE CONFIGURATION:")
-print (f"\trootfs storage:\t\t{cfg['LXC_ROOTFS_STORAGE']}")
-print (f"\trootfs size:\t\t{cfg['LXC_ROOTFS_SIZE']} GB")
-if 'size' in ct_features['sharefs'].keys():
-    print (f"\tsharefs storage:\t{cfg['LXC_SHAREFS_STORAGE']}")
-    print (f"\tsharefs size:\t\t{cfg['LXC_SHAREFS_SIZE']} GB")
-    print (f"\tsharefs mountpoint:\t{cfg['LXC_SHAREFS_MOUNTPOINT']}")
-print (f"\nNETWORK CONFIGURATION:")
-print (f"\tpve bridge:\t\t{cfg['LXC_BRIDGE']}")
-if cfg['LXC_VLAN'] > 0:
-    print (f"\tcontainer vlan:\t\t{cfg['LXC_VLAN']}")
-else:
-    print (f"\tcontainer vlan:\t\tuntagged")
-print (f"\tnetwork mode:\t\t{cfg['LXC_NET_MODE']}")
-if enable_dhcp == False:
-    print (f"\tip address (CIDR):\t{cfg['LXC_IP']}")
-    print (f"\tdefault gateway:\t{cfg['LXC_GW']}")
-    print (f"\tdns server / forwarder:\t{cfg['LXC_GW']}")
-print (f"\nCONTAINER CREDENTIALS:")
-print (f"\troot password:\t\t{cfg['LXC_PWD']}")
-print (f"\tauthorized ssh keys:\t{cfg['LXC_AUTHORIZED_KEY']}")

proxmox.conf

@@ -1 +0,0 @@
-HOST_LOCALE=de_DE.UTF-8

src/checkmk/constants-service.conf

@@ -20,6 +20,6 @@ LXC_UNPRIVILEGED="1"
 LXC_NESTING="1"
 
 # checkmk version
-CMK_VERSION=2.0.0p18
+CMK_VERSION=2.0.0p23
 # build number of the debian package (needs to start with underscore)
-CMK_BUILD=_0
+CMK_BUILD=_0

src/mailpiler/install-service.sh

@@ -143,7 +143,7 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 \$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
 
 // general settings.
-\$config['TIMEZONE'] = 'Europe/Berlin';
+\$config['TIMEZONE'] = '$LXC_TIMEZONE';
 
 // authentication
 // Enable authentication against an imap server

src/matrix/constants-service.conf

@@ -20,4 +20,4 @@ LXC_UNPRIVILEGED="1"
 LXC_NESTING="1"
 
 # Define the version of Element Web
-MATRIX_ELEMENT_VERSION="v1.9.8"
+MATRIX_ELEMENT_VERSION="v1.9.9"

src/nextcloud/install-service.sh

@@ -21,10 +21,10 @@ echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main"
 
 apt update
 
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils nfs-common cifs-utils redis-server imagemagick \
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends sudo tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \
 postgresql-13 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
 
-timedatectl set-timezone Europe/Berlin
+timedatectl set-timezone $LXC_TIMEZONE
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 
@@ -60,14 +60,14 @@ sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
-sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
+sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/memory_limit = 128M/memory_limit = 1024M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
-sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
+sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
@@ -375,7 +375,7 @@ array (
 'knowledgebaseenabled' => false,
 'logfile' => '/var/$NEXTCLOUD_DATA/nextcloud.log',
 'loglevel' => 2,
-'logtimezone' => 'Europe/Berlin',
+'logtimezone' => '$LXC_TIMEZONE',
 'log_rotate_size' => 104857600,
 'maintenance' => false,
 'memcache.local' => '\OC\Memcache\APCu',

src/open3a/install-service.sh

@@ -69,4 +69,4 @@ chmod +x /etc/cron.daily/open3a-backup
 systemctl enable --now php7.4-fpm
 systemctl restart php7.4-fpm nginx
 
-echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"
+echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"

src/zmb-member/install-service.sh

@@ -99,9 +99,9 @@ wbinfo -g
 mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 
 # originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
-chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+chown "${ZMB_ADMIN_USER@L}" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 
-setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
-setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+setfacl -Rm u:${ZMB_ADMIN_USER@L}:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+setfacl -Rdm u:${ZMB_ADMIN_USER@L}:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 
-systemctl restart smbd nmbd winbind wsdd
+systemctl restart smbd nmbd winbind wsdd