From 84961c793feaf3a227d6186ce2ab069ebd543823 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 5 Mar 2021 20:36:13 -0500 Subject: [PATCH 1/4] parsing --- scripts/subinstallers/extra/guacamole.sh | 2 +- scripts/subinstallers/extra/nextcloud.sh | 2 +- scripts/subinstallers/extra/onlyoffice.sh | 2 +- scripts/subinstallers/extra/rocketchat.sh | 2 +- scripts/subinstallers/gen_prod_env.sh | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/subinstallers/extra/guacamole.sh b/scripts/subinstallers/extra/guacamole.sh index 8df9d00..8c76a89 100755 --- a/scripts/subinstallers/extra/guacamole.sh +++ b/scripts/subinstallers/extra/guacamole.sh @@ -10,4 +10,4 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file +echo "MISTBORN_DEFAULT_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $GUAC_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/nextcloud.sh b/scripts/subinstallers/extra/nextcloud.sh index b1568b7..101f93c 100755 --- a/scripts/subinstallers/extra/nextcloud.sh +++ b/scripts/subinstallers/extra/nextcloud.sh @@ -5,5 +5,5 @@ NEXTCLOUD_PROD_FILE="$1" #NEXTCLOUD_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") NEXTCLOUD_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE +echo "NEXTCLOUD_ADMIN_PASSWORD=\"$NEXTCLOUD_PASSWORD\"" >> $NEXTCLOUD_PROD_FILE echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/onlyoffice.sh b/scripts/subinstallers/extra/onlyoffice.sh index 3fadeca..aa9f917 100755 --- a/scripts/subinstallers/extra/onlyoffice.sh +++ b/scripts/subinstallers/extra/onlyoffice.sh @@ -4,4 +4,4 @@ ONLYOFFICE_PROD_FILE="$1" JWT_SECRET="${MISTBORN_DEFAULT_PASSWORD}" echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE -echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file +echo "JWT_SECRET=\"$JWT_SECRET\"" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/rocketchat.sh b/scripts/subinstallers/extra/rocketchat.sh index 6da1e2d..f446683 100755 --- a/scripts/subinstallers/extra/rocketchat.sh +++ b/scripts/subinstallers/extra/rocketchat.sh @@ -7,7 +7,7 @@ ROCKETCHAT_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "ROCKETCHAT_USER=bot" > $ROCKETCHAT_PROD_FILE echo "ROCKETCHAT_ROOM=GENERAL" >> $ROCKETCHAT_PROD_FILE echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE -echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE +echo "ROCKETCHAT_PASSWORD=\"$ROCKETCHAT_PASSWORD\"" >> $ROCKETCHAT_PROD_FILE # docker environment echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index d185c32..73028f2 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -15,8 +15,8 @@ echo "DJANGO_ADMIN_URL=admin/" >> $DJANGO_PROD_FILE echo "USE_DOCKER=yes" >> $DJANGO_PROD_FILE echo "REDIS_URL=redis://redis:6379/0" >> $DJANGO_PROD_FILE echo "CELERY_FLOWER_USER=prod" >> $DJANGO_PROD_FILE -echo "CELERY_FLOWER_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $DJANGO_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $DJANGO_PROD_FILE +echo "CELERY_FLOWER_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $DJANGO_PROD_FILE +echo "MISTBORN_DEFAULT_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $DJANGO_PROD_FILE echo "#MAILGUN_API_KEY=" >> $DJANGO_PROD_FILE echo "#MAILGUN_API_URL=" >> $DJANGO_PROD_FILE echo "#SENTRY_DNS=" >> $DJANGO_PROD_FILE @@ -41,5 +41,5 @@ PIHOLE_PROD_FILE="./.envs/.production/.pihole" #WEBPASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") WEBPASSWORD="$1" echo "TZ=\"America/New York\"" > $PIHOLE_PROD_FILE -echo "WEBPASSWORD=$WEBPASSWORD" >> $PIHOLE_PROD_FILE +echo "WEBPASSWORD=\"$WEBPASSWORD\"" >> $PIHOLE_PROD_FILE chmod 600 $PIHOLE_PROD_FILE From ce5dfb10faf8de3f464ce534b1a2fa84b4e064ff Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 12 Mar 2021 18:04:21 +0000 Subject: [PATCH 2/4] Resolve "Mistborn default password parsing" --- scripts/install.sh | 29 ++++++++++------------- scripts/subinstallers/extra/guacamole.sh | 2 +- scripts/subinstallers/extra/nextcloud.sh | 2 +- scripts/subinstallers/extra/onlyoffice.sh | 2 +- scripts/subinstallers/extra/rocketchat.sh | 2 +- scripts/subinstallers/gen_prod_env.sh | 6 ++--- scripts/subinstallers/passwd.sh | 22 +++++++++++++++++ 7 files changed, 41 insertions(+), 24 deletions(-) create mode 100755 scripts/subinstallers/passwd.sh diff --git a/scripts/install.sh b/scripts/install.sh index e79b838..a142ad9 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -59,13 +59,18 @@ echo -e "| | | | \__ \ |_| |_) | (_) | | | | | |" echo -e "|_| |_|_|___/\__|_.__/ \___/|_| |_| |_|" echo -e "" -# INPUT default admin password -if [ -z "${MISTBORN_DEFAULT_PASSWORD}" ]; then - read -p "(Mistborn) Set default admin password: " -s MISTBORN_DEFAULT_PASSWORD - echo -else - echo "MISTBORN_DEFAULT_PASSWORD is already set" -fi +sudo rm -rf /opt/mistborn 2>/dev/null || true + +# clone to /opt and change directory +echo "Cloning $GIT_BRANCH branch from mistborn repo" +sudo git clone https://gitlab.com/cyber5k/mistborn.git -b $GIT_BRANCH /opt/mistborn +sudo chown -R $USER:$USER /opt/mistborn +pushd . +cd /opt/mistborn +git submodule update --init --recursive + +# MISTBORN_DEFAULT_PASSWORD +source ./scripts/subinstallers/passwd.sh # Install Cockpit? if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then @@ -85,16 +90,6 @@ else echo "SSH key exists for $USER" fi -sudo rm -rf /opt/mistborn 2>/dev/null || true - -# clone to /opt and change directory -echo "Cloning $GIT_BRANCH branch from mistborn repo" -sudo git clone https://gitlab.com/cyber5k/mistborn.git -b $GIT_BRANCH /opt/mistborn -sudo chown -R $USER:$USER /opt/mistborn -pushd . -cd /opt/mistborn -git submodule update --init --recursive - # initial load update package list sudo apt-get update diff --git a/scripts/subinstallers/extra/guacamole.sh b/scripts/subinstallers/extra/guacamole.sh index 8c76a89..8df9d00 100755 --- a/scripts/subinstallers/extra/guacamole.sh +++ b/scripts/subinstallers/extra/guacamole.sh @@ -10,4 +10,4 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $GUAC_PROD_FILE \ No newline at end of file +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/nextcloud.sh b/scripts/subinstallers/extra/nextcloud.sh index 101f93c..b1568b7 100755 --- a/scripts/subinstallers/extra/nextcloud.sh +++ b/scripts/subinstallers/extra/nextcloud.sh @@ -5,5 +5,5 @@ NEXTCLOUD_PROD_FILE="$1" #NEXTCLOUD_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") NEXTCLOUD_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_ADMIN_PASSWORD=\"$NEXTCLOUD_PASSWORD\"" >> $NEXTCLOUD_PROD_FILE +echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/onlyoffice.sh b/scripts/subinstallers/extra/onlyoffice.sh index aa9f917..3fadeca 100755 --- a/scripts/subinstallers/extra/onlyoffice.sh +++ b/scripts/subinstallers/extra/onlyoffice.sh @@ -4,4 +4,4 @@ ONLYOFFICE_PROD_FILE="$1" JWT_SECRET="${MISTBORN_DEFAULT_PASSWORD}" echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE -echo "JWT_SECRET=\"$JWT_SECRET\"" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file +echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/rocketchat.sh b/scripts/subinstallers/extra/rocketchat.sh index f446683..6da1e2d 100755 --- a/scripts/subinstallers/extra/rocketchat.sh +++ b/scripts/subinstallers/extra/rocketchat.sh @@ -7,7 +7,7 @@ ROCKETCHAT_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "ROCKETCHAT_USER=bot" > $ROCKETCHAT_PROD_FILE echo "ROCKETCHAT_ROOM=GENERAL" >> $ROCKETCHAT_PROD_FILE echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE -echo "ROCKETCHAT_PASSWORD=\"$ROCKETCHAT_PASSWORD\"" >> $ROCKETCHAT_PROD_FILE +echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE # docker environment echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index 73028f2..d185c32 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -15,8 +15,8 @@ echo "DJANGO_ADMIN_URL=admin/" >> $DJANGO_PROD_FILE echo "USE_DOCKER=yes" >> $DJANGO_PROD_FILE echo "REDIS_URL=redis://redis:6379/0" >> $DJANGO_PROD_FILE echo "CELERY_FLOWER_USER=prod" >> $DJANGO_PROD_FILE -echo "CELERY_FLOWER_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $DJANGO_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=\"$MISTBORN_DEFAULT_PASSWORD\"" >> $DJANGO_PROD_FILE +echo "CELERY_FLOWER_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $DJANGO_PROD_FILE +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $DJANGO_PROD_FILE echo "#MAILGUN_API_KEY=" >> $DJANGO_PROD_FILE echo "#MAILGUN_API_URL=" >> $DJANGO_PROD_FILE echo "#SENTRY_DNS=" >> $DJANGO_PROD_FILE @@ -41,5 +41,5 @@ PIHOLE_PROD_FILE="./.envs/.production/.pihole" #WEBPASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") WEBPASSWORD="$1" echo "TZ=\"America/New York\"" > $PIHOLE_PROD_FILE -echo "WEBPASSWORD=\"$WEBPASSWORD\"" >> $PIHOLE_PROD_FILE +echo "WEBPASSWORD=$WEBPASSWORD" >> $PIHOLE_PROD_FILE chmod 600 $PIHOLE_PROD_FILE diff --git a/scripts/subinstallers/passwd.sh b/scripts/subinstallers/passwd.sh new file mode 100755 index 0000000..417926b --- /dev/null +++ b/scripts/subinstallers/passwd.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# INPUT default admin password +while [ -z "${MISTBORN_DEFAULT_PASSWORD}" ]; do + echo + echo "(Mistborn) The default admin password may only container alphanumeric characters and _" + read -p "(Mistborn) Set default admin password: " -s MISTBORN_DEFAULT_PASSWORD + echo + + if [[ ${MISTBORN_DEFAULT_PASSWORD} =~ ^[A-Za-z0-9_]+$ ]]; then + # it matches + echo "(Mistborn) Password is accepted" + else + unset MISTBORN_DEFAULT_PASSWORD + echo "(Mistborn) Try again" + fi + +done + +echo +echo "MISTBORN_DEFAULT_PASSWORD is set" +echo From d65e5434a0ecc84154a7331329e92c73cb2f1a83 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Sun, 21 Mar 2021 16:09:58 +0000 Subject: [PATCH 3/4] Resolve "Started Extra Services restart on OS reboot" --- scripts/conf/docker-daemon.json | 3 +++ scripts/services/Mistborn-bitwarden.service | 1 + scripts/services/Mistborn-guacamole.service | 1 + scripts/services/Mistborn-homeassistant.service | 1 + scripts/services/Mistborn-jellyfin.service | 1 + scripts/services/Mistborn-jitsi.service | 1 + scripts/services/Mistborn-nextcloud.service | 1 + scripts/services/Mistborn-onlyoffice.service | 1 + scripts/services/Mistborn-rocketchat.service | 1 + scripts/services/Mistborn-syncthing.service | 1 + scripts/services/Mistborn-tor.service | 1 + scripts/subinstallers/docker.sh | 3 +++ scripts/subinstallers/docker_daemon.sh | 7 +++++++ scripts/update.sh | 7 +++++++ scripts/wrappers/mistborn_docker.sh | 13 ++++++++++++- 15 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 scripts/conf/docker-daemon.json create mode 100755 scripts/subinstallers/docker_daemon.sh diff --git a/scripts/conf/docker-daemon.json b/scripts/conf/docker-daemon.json new file mode 100644 index 0000000..ef746cb --- /dev/null +++ b/scripts/conf/docker-daemon.json @@ -0,0 +1,3 @@ +{ + "shutdown-timeout": 60 +} diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 4fed369..8b0c8de 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-guacamole.service b/scripts/services/Mistborn-guacamole.service index a688edd..1c193e8 100644 --- a/scripts/services/Mistborn-guacamole.service +++ b/scripts/services/Mistborn-guacamole.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index a36b7c0..6ca8cc1 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index 7c27676..270769c 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-jitsi.service b/scripts/services/Mistborn-jitsi.service index c6bcd5c..d99aa81 100644 --- a/scripts/services/Mistborn-jitsi.service +++ b/scripts/services/Mistborn-jitsi.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index f46c2b7..01f0132 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 72b31d8..16f0010 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index 37bb83f..8106fc9 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index 273be71..0399dec 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index ed47323..43b8c42 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -6,6 +6,7 @@ PartOf=Mistborn-base.service [Service] Restart=always +RestartSec=15 User=root Group=docker PermissionsStartOnly=true diff --git a/scripts/subinstallers/docker.sh b/scripts/subinstallers/docker.sh index a4206ab..cdc83fa 100755 --- a/scripts/subinstallers/docker.sh +++ b/scripts/subinstallers/docker.sh @@ -18,3 +18,6 @@ fi if [ ! -f /usr/local/bin/docker-compose ]; then sudo -E ln -s $(which docker-compose) /usr/local/bin/docker-compose fi + +# daemon.json +#source ./scripts/subinstallers/docker_daemon.sh diff --git a/scripts/subinstallers/docker_daemon.sh b/scripts/subinstallers/docker_daemon.sh new file mode 100755 index 0000000..92f6edc --- /dev/null +++ b/scripts/subinstallers/docker_daemon.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# daemon.json +if [ ! -f /etc/docker/daemon.json ]; then + sudo -E cp ./scripts/conf/docker-daemon.json /etc/docker/daemon.json + sudo -E systemctl restart docker +fi diff --git a/scripts/update.sh b/scripts/update.sh index 8026316..dbf0845 100755 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -18,6 +18,13 @@ sudo mistborn-cli pullbuild sudo docker container prune -f sudo docker image prune -f + +# RESTART + sudo systemctl stop Mistborn-base + +# docker daemon +#source ./scripts/subinstallers/docker_daemon.sh + sudo systemctl restart Mistborn-setup sudo systemctl restart Mistborn-base diff --git a/scripts/wrappers/mistborn_docker.sh b/scripts/wrappers/mistborn_docker.sh index 781eaa6..bb33894 100755 --- a/scripts/wrappers/mistborn_docker.sh +++ b/scripts/wrappers/mistborn_docker.sh @@ -32,4 +32,15 @@ else echo "No init script. Proceeding." fi -exec "$@" \ No newline at end of file +# ensure base is up and listening +echo "Waiting for Mistborn-base to finish starting up..." + +while ! nc -z 10.2.3.1 5000; do + WAIT_TIME=$((5 + $RANDOM % 15)) + echo "Waiting ${WAIT_TIME} seconds for Mistborn-base..." + sleep ${WAIT_TIME} +done + +echo "Mistborn-base is running" + +exec "$@" From 9e7f85b6f99233543f74899cc0432f7ec7e33b5e Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Wed, 31 Mar 2021 02:40:04 +0000 Subject: [PATCH 4/4] Resolve "Integrate RaspAP as extra service" --- README.md | 3 +++ extra/raspap.yml | 19 ++++++++------ scripts/services/Mistborn-raspap.service | 25 +++++++++++++++++++ .../services/raspap/Mistborn-raspap.service | 21 ---------------- scripts/services/raspap/install.sh | 4 --- scripts/subinstallers/extra/bitwarden.sh | 3 ++- scripts/subinstallers/extra/guacamole.sh | 3 ++- scripts/subinstallers/extra/jitsi.sh | 3 ++- scripts/subinstallers/extra/nextcloud.sh | 3 ++- scripts/subinstallers/extra/onlyoffice.sh | 3 ++- scripts/subinstallers/extra/raspap.sh | 6 +++++ scripts/subinstallers/extra/rocketchat.sh | 4 ++- 12 files changed, 58 insertions(+), 39 deletions(-) create mode 100644 scripts/services/Mistborn-raspap.service delete mode 100644 scripts/services/raspap/Mistborn-raspap.service delete mode 100755 scripts/services/raspap/install.sh create mode 100644 scripts/subinstallers/extra/raspap.sh diff --git a/README.md b/README.md index 252331c..7ca1b26 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ Within Mistborn is a panel to enable and manage these free extra services (off b - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy. - [Jitsi](https://jitsi.org): Multi-platform open-source video conferencing - [Guacamole](https://guacamole.apache.org): A clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. +- [RaspAP](https://raspap.com/): The easiest, full-featured wireless router setup for Debian-based devices. Period. (Mistborn integration in alpha testing). # Quickstart Tested Operating Systems (in order of thoroughness): @@ -288,6 +289,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client | OnlyOffice | onlyoffice.mistborn | Off | | Jitsi | jitsi.mistborn | Off | | Guacamole | guac.mistborn | Off | +| RaspAP | raspap.mistborn | Off | # Default Credentials These are the default credentials to use in the services you choose to use: @@ -298,6 +300,7 @@ These are the default credentials to use in the services you choose to use: | Cockpit | cockpit | {{default mistborn password}} | | Nextcloud | mistborn | {{default mistborn password}} | | Guacamole | mistborn | {{default mistborn password }} | +| RaspAP | mistborn | {{default mistborn password}} | You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/` diff --git a/extra/raspap.yml b/extra/raspap.yml index 3be7dce..9b773ce 100644 --- a/extra/raspap.yml +++ b/extra/raspap.yml @@ -2,12 +2,9 @@ version: '3' services: raspap: - build: - context: .. - dockerfile: ./compose/production/raspap/Dockerfile - #user: root - image: mistborn_production_raspap + image: "cyber5k/raspap:${MISTBORN_TAG}" container_name: mistborn_production_raspap + #network_mode: host labels: - "traefik.enable=true" - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)" @@ -19,10 +16,16 @@ services: - "traefik.http.routers.raspap-https.tls.certresolver=basic" - "traefik.http.services.raspap-service.loadbalancer.server.port=80" env_file: - - ../.envs/.production/.pihole - command: /start + - ../.envs/.production/.raspap + cap_add: + #- NET_ADMIN + - SYS_ADMIN + #- CAP_FOWNER + privileged: true volumes: - - ../../mistborn_volumes/extra/raspap/etc-raspap:/etc/raspap + - /sys/fs/cgroup:/sys/fs/cgroup:ro + #command: /start + restart: unless-stopped networks: default: diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service new file mode 100644 index 0000000..bb62297 --- /dev/null +++ b/scripts/services/Mistborn-raspap.service @@ -0,0 +1,25 @@ +[Unit] +Description=Mistborn RaspAP Service +Requires=Mistborn-base.service +After=Mistborn-base.service + +[Service] +Restart=always +RestartSec=15 +User=root +Group=docker +PermissionsStartOnly=true +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP +#ExecStartPre=/bin/bash /opt/mistborn_volumes/extra/raspap/etc-raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +# Shutdown container (if running) when unit is stopped +ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down + +# Start container when unit is started +ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml up --build +# Stop container when unit is stopped +ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down +ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP +# Post stop + +[Install] +WantedBy=multi-user.target diff --git a/scripts/services/raspap/Mistborn-raspap.service b/scripts/services/raspap/Mistborn-raspap.service deleted file mode 100644 index 2f3faec..0000000 --- a/scripts/services/raspap/Mistborn-raspap.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn RaspAP Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/raspap/install.sh b/scripts/services/raspap/install.sh deleted file mode 100755 index 4b373ef..0000000 --- a/scripts/services/raspap/install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# install on gateway -sudo apt-get install -y hostapd vnstat \ No newline at end of file diff --git a/scripts/subinstallers/extra/bitwarden.sh b/scripts/subinstallers/extra/bitwarden.sh index abc37a5..339310f 100755 --- a/scripts/subinstallers/extra/bitwarden.sh +++ b/scripts/subinstallers/extra/bitwarden.sh @@ -3,4 +3,5 @@ # generate bitwarden .env files BITWARDEN_PROD_FILE="$1" echo "WEBSOCKET_ENABLED=true" > $BITWARDEN_PROD_FILE -echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE \ No newline at end of file +echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE +chmod 600 $BITWARDEN_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/guacamole.sh b/scripts/subinstallers/extra/guacamole.sh index 8df9d00..5cb4871 100755 --- a/scripts/subinstallers/extra/guacamole.sh +++ b/scripts/subinstallers/extra/guacamole.sh @@ -10,4 +10,5 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE +chmod 600 $GUAC_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/jitsi.sh b/scripts/subinstallers/extra/jitsi.sh index fcf3493..a883b67 100755 --- a/scripts/subinstallers/extra/jitsi.sh +++ b/scripts/subinstallers/extra/jitsi.sh @@ -9,4 +9,5 @@ sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secre sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" \ No newline at end of file +sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" +chmod 600 $JITSI_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/nextcloud.sh b/scripts/subinstallers/extra/nextcloud.sh index b1568b7..4bd8ca4 100755 --- a/scripts/subinstallers/extra/nextcloud.sh +++ b/scripts/subinstallers/extra/nextcloud.sh @@ -6,4 +6,5 @@ NEXTCLOUD_PROD_FILE="$1" NEXTCLOUD_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE \ No newline at end of file +echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE +chmod 600 $NEXTCLOUD_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/onlyoffice.sh b/scripts/subinstallers/extra/onlyoffice.sh index 3fadeca..fbf579c 100755 --- a/scripts/subinstallers/extra/onlyoffice.sh +++ b/scripts/subinstallers/extra/onlyoffice.sh @@ -4,4 +4,5 @@ ONLYOFFICE_PROD_FILE="$1" JWT_SECRET="${MISTBORN_DEFAULT_PASSWORD}" echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE -echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file +echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE +chmod 600 $ONLYOFFICE_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/raspap.sh b/scripts/subinstallers/extra/raspap.sh new file mode 100644 index 0000000..ced9860 --- /dev/null +++ b/scripts/subinstallers/extra/raspap.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# RaspAP +RASPAP_PROD_FILE="$1" +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" > $RASPAP_PROD_FILE +chmod 600 $RASPAP_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/rocketchat.sh b/scripts/subinstallers/extra/rocketchat.sh index 6da1e2d..e61e4b4 100755 --- a/scripts/subinstallers/extra/rocketchat.sh +++ b/scripts/subinstallers/extra/rocketchat.sh @@ -10,4 +10,6 @@ echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE # docker environment -echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE \ No newline at end of file +echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE + +chmod 600 $ROCKETCHAT_PROD_FILE \ No newline at end of file