Merge branch 'master' into 135-scirius

5 years ago · 5d497b7ab9
29 changed files with 134 additions and 57 deletions
--- a/README.md
+++ b/README.md
@ -51,6 +51,7 @@ Within Mistborn is a panel to enable and manage these free extra services (off b
				@@ -51,6 +51,7 @@ Within Mistborn is a panel to enable and manage these free extra services (off b
 - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy.
 - [Jitsi](https://jitsi.org): Multi-platform open-source video conferencing
 - [Guacamole](https://guacamole.apache.org): A clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH.
+- [RaspAP](https://raspap.com/): The easiest, full-featured wireless router setup for Debian-based devices. Period. (Mistborn integration in alpha testing).

 # Quickstart
 Tested Operating Systems (in order of thoroughness):
@ -288,6 +289,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client
				@@ -288,6 +289,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client
 | OnlyOffice | onlyoffice.mistborn | Off |
 | Jitsi | jitsi.mistborn | Off |
 | Guacamole | guac.mistborn | Off |
+| RaspAP | raspap.mistborn | Off |

 # Default Credentials
 These are the default credentials to use in the services you choose to use:
@ -298,6 +300,7 @@ These are the default credentials to use in the services you choose to use:
				@@ -298,6 +300,7 @@ These are the default credentials to use in the services you choose to use:
 | Cockpit | cockpit | {{default mistborn password}} |
 | Nextcloud | mistborn | {{default mistborn password}} |
 | Guacamole | mistborn | {{default mistborn password }} |
+| RaspAP | mistborn | {{default mistborn password}} |

 You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/`

--- a/extra/raspap.yml
+++ b/extra/raspap.yml
@ -2,12 +2,9 @@ version: '3'
				@@ -2,12 +2,9 @@ version: '3'

 services:
  raspap:
-    build:
-      context: ..
-      dockerfile: ./compose/production/raspap/Dockerfile
-    #user: root
-    image: mistborn_production_raspap
+    image: "cyber5k/raspap:${MISTBORN_TAG}"
    container_name: mistborn_production_raspap
+    #network_mode: host
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)"
@ -19,10 +16,16 @@ services:
				@@ -19,10 +16,16 @@ services:
      - "traefik.http.routers.raspap-https.tls.certresolver=basic"
      - "traefik.http.services.raspap-service.loadbalancer.server.port=80"
    env_file:
-      - ../.envs/.production/.pihole
-    command: /start
+      - ../.envs/.production/.raspap
+    cap_add:
+      #- NET_ADMIN
+      - SYS_ADMIN
+      #- CAP_FOWNER
+    privileged: true
    volumes:
-      - ../../mistborn_volumes/extra/raspap/etc-raspap:/etc/raspap
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    #command: /start
+    restart: unless-stopped

 networks:
  default:
--- a/scripts/conf/docker-daemon.json
+++ b/scripts/conf/docker-daemon.json
@ -0,0 +1,3 @@
				@@ -0,0 +1,3 @@
+{
+    "shutdown-timeout": 60 
+}
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -59,13 +59,18 @@ echo -e "| |  | | \__ \ |_| |_) | (_) | |  | | | |"
				@@ -59,13 +59,18 @@ echo -e "| |  | | \__ \ |_| |_) | (_) | |  | | | |"
 echo -e "|_|  |_|_|___/\__|_.__/ \___/|_|  |_| |_|"
 echo -e ""

-# INPUT default admin password
-if [ -z "${MISTBORN_DEFAULT_PASSWORD}" ]; then
-    read -p "(Mistborn) Set default admin password: " -s MISTBORN_DEFAULT_PASSWORD
-    echo
-else
-    echo "MISTBORN_DEFAULT_PASSWORD is already set"
-fi
+sudo rm -rf /opt/mistborn 2>/dev/null || true
+
+# clone to /opt and change directory
+echo "Cloning $GIT_BRANCH branch from mistborn repo"
+sudo git clone https://gitlab.com/cyber5k/mistborn.git -b $GIT_BRANCH /opt/mistborn
+sudo chown -R $USER:$USER /opt/mistborn
+pushd .
+cd /opt/mistborn
+git submodule update --init --recursive
+
+# MISTBORN_DEFAULT_PASSWORD
+source ./scripts/subinstallers/passwd.sh

 # Install Cockpit?
 if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then
@ -85,16 +90,6 @@ else
				@@ -85,16 +90,6 @@ else
    echo "SSH key exists for $USER"
 fi

-sudo rm -rf /opt/mistborn 2>/dev/null || true
-
-# clone to /opt and change directory
-echo "Cloning $GIT_BRANCH branch from mistborn repo"
-sudo git clone https://gitlab.com/cyber5k/mistborn.git -b $GIT_BRANCH /opt/mistborn
-sudo chown -R $USER:$USER /opt/mistborn
-pushd .
-cd /opt/mistborn
-git submodule update --init --recursive
-
 # initial load update package list
 sudo apt-get update

--- a/scripts/services/Mistborn-bitwarden.service
+++ b/scripts/services/Mistborn-bitwarden.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-guacamole.service
+++ b/scripts/services/Mistborn-guacamole.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-homeassistant.service
+++ b/scripts/services/Mistborn-homeassistant.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-jellyfin.service
+++ b/scripts/services/Mistborn-jellyfin.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-jitsi.service
+++ b/scripts/services/Mistborn-jitsi.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-nextcloud.service
+++ b/scripts/services/Mistborn-nextcloud.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-onlyoffice.service
+++ b/scripts/services/Mistborn-onlyoffice.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-raspap.service
+++ b/scripts/services/Mistborn-raspap.service
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+[Unit]
+Description=Mistborn RaspAP Service 
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+
+[Service]
+Restart=always
+RestartSec=15
+User=root
+Group=docker
+PermissionsStartOnly=true
+ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP
+#ExecStartPre=/bin/bash /opt/mistborn_volumes/extra/raspap/etc-raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down
+
+# Start container when unit is started
+ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml up --build
+# Stop container when unit is stopped
+ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP
+# Post stop
+
+[Install]
+WantedBy=multi-user.target
--- a/scripts/services/Mistborn-rocketchat.service
+++ b/scripts/services/Mistborn-rocketchat.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-syncthing.service
+++ b/scripts/services/Mistborn-syncthing.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/Mistborn-tor.service
+++ b/scripts/services/Mistborn-tor.service
@ -6,6 +6,7 @@ PartOf=Mistborn-base.service
				@@ -6,6 +6,7 @@ PartOf=Mistborn-base.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/raspap/Mistborn-raspap.service
+++ b/scripts/services/raspap/Mistborn-raspap.service
@ -1,21 +0,0 @@
				@@ -1,21 +0,0 @@
-[Unit]
-Description=Mistborn RaspAP Service 
-Requires=Mistborn-base.service
-After=Mistborn-base.service
-
-[Service]
-Restart=always
-User=root
-Group=docker
-PermissionsStartOnly=true
-# Shutdown container (if running) when unit is stopped
-ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down
-
-# Start container when unit is started
-ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build
-# Stop container when unit is stopped
-ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down
-# Post stop
-
-[Install]
-WantedBy=multi-user.target
--- a/scripts/services/raspap/install.sh
+++ b/scripts/services/raspap/install.sh
@ -1,4 +0,0 @@
				@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# install on gateway
-sudo apt-get install -y hostapd vnstat
--- a/scripts/subinstallers/docker.sh
+++ b/scripts/subinstallers/docker.sh
@ -18,3 +18,6 @@ fi
				@@ -18,3 +18,6 @@ fi
 if [ ! -f /usr/local/bin/docker-compose ]; then
    sudo -E ln -s $(which docker-compose) /usr/local/bin/docker-compose
 fi
+
+# daemon.json
+#source ./scripts/subinstallers/docker_daemon.sh
--- a/scripts/subinstallers/docker_daemon.sh
+++ b/scripts/subinstallers/docker_daemon.sh
@ -0,0 +1,7 @@
				@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# daemon.json
+if [ ! -f /etc/docker/daemon.json ]; then
+    sudo -E cp ./scripts/conf/docker-daemon.json /etc/docker/daemon.json
+    sudo -E systemctl restart docker
+fi
--- a/scripts/subinstallers/extra/bitwarden.sh
+++ b/scripts/subinstallers/extra/bitwarden.sh
@ -3,4 +3,5 @@
				@@ -3,4 +3,5 @@
 # generate bitwarden .env files
 BITWARDEN_PROD_FILE="$1"
 echo "WEBSOCKET_ENABLED=true" > $BITWARDEN_PROD_FILE
-echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE
+echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE
+chmod 600 $BITWARDEN_PROD_FILE
--- a/scripts/subinstallers/extra/guacamole.sh
+++ b/scripts/subinstallers/extra/guacamole.sh
@ -10,4 +10,5 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE
				@@ -10,4 +10,5 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE
 echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE
 echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE
 echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE
-echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE
+echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE
+chmod 600 $GUAC_PROD_FILE
--- a/scripts/subinstallers/extra/jitsi.sh
+++ b/scripts/subinstallers/extra/jitsi.sh
@ -9,4 +9,5 @@ sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secre
				@@ -9,4 +9,5 @@ sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secre
 sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
-sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
+sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
+chmod 600 $JITSI_PROD_FILE
--- a/scripts/subinstallers/extra/nextcloud.sh
+++ b/scripts/subinstallers/extra/nextcloud.sh
@ -6,4 +6,5 @@ NEXTCLOUD_PROD_FILE="$1"
				@@ -6,4 +6,5 @@ NEXTCLOUD_PROD_FILE="$1"
 NEXTCLOUD_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}"
 echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE
 echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE
-echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE
+echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE
+chmod 600 $NEXTCLOUD_PROD_FILE
--- a/scripts/subinstallers/extra/onlyoffice.sh
+++ b/scripts/subinstallers/extra/onlyoffice.sh
@ -4,4 +4,5 @@
				@@ -4,4 +4,5 @@
 ONLYOFFICE_PROD_FILE="$1"
 JWT_SECRET="${MISTBORN_DEFAULT_PASSWORD}"
 echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE
-echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE
+echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE
+chmod 600 $ONLYOFFICE_PROD_FILE
--- a/scripts/subinstallers/extra/raspap.sh
+++ b/scripts/subinstallers/extra/raspap.sh
@ -0,0 +1,6 @@
				@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# RaspAP
+RASPAP_PROD_FILE="$1"
+echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" > $RASPAP_PROD_FILE
+chmod 600 $RASPAP_PROD_FILE
--- a/scripts/subinstallers/extra/rocketchat.sh
+++ b/scripts/subinstallers/extra/rocketchat.sh
@ -10,4 +10,6 @@ echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE
				@@ -10,4 +10,6 @@ echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE
 echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE

 # docker environment
-echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE
+echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE
+
+chmod 600 $ROCKETCHAT_PROD_FILE
--- a/scripts/subinstallers/passwd.sh
+++ b/scripts/subinstallers/passwd.sh
@ -0,0 +1,22 @@
				@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# INPUT default admin password
+while [ -z "${MISTBORN_DEFAULT_PASSWORD}" ]; do
+    echo
+    echo "(Mistborn) The default admin password may only container alphanumeric characters and _"
+    read -p "(Mistborn) Set default admin password: " -s MISTBORN_DEFAULT_PASSWORD
+    echo
+
+    if [[ ${MISTBORN_DEFAULT_PASSWORD} =~ ^[A-Za-z0-9_]+$ ]]; then
+    # it matches
+        echo "(Mistborn) Password is accepted"
+    else
+        unset MISTBORN_DEFAULT_PASSWORD
+        echo "(Mistborn) Try again"
+    fi
+
+done
+
+echo
+echo "MISTBORN_DEFAULT_PASSWORD is set"
+echo
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -18,6 +18,13 @@ sudo mistborn-cli pullbuild
				@@ -18,6 +18,13 @@ sudo mistborn-cli pullbuild
 sudo docker container prune -f
 sudo docker image prune -f

+
+# RESTART
+
 sudo systemctl stop Mistborn-base
+
+# docker daemon
+#source ./scripts/subinstallers/docker_daemon.sh
+
 sudo systemctl restart Mistborn-setup
 sudo systemctl restart Mistborn-base
--- a/scripts/wrappers/mistborn_docker.sh
+++ b/scripts/wrappers/mistborn_docker.sh
@ -32,4 +32,15 @@ else
				@@ -32,4 +32,15 @@ else
    echo "No init script. Proceeding."
 fi

-exec "$@"
+# ensure base is up and listening
+echo "Waiting for Mistborn-base to finish starting up..."
+
+while ! nc -z 10.2.3.1 5000; do
+    WAIT_TIME=$((5 + $RANDOM % 15))
+    echo "Waiting ${WAIT_TIME} seconds for Mistborn-base..."
+    sleep ${WAIT_TIME}
+done
+
+echo "Mistborn-base is running"
+
+exec "$@"