From 5e43447bb23e65413bbd2bd2f3c13f10414cd92d Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 20:26:49 -0500 Subject: [PATCH 01/15] guac --- extra/guacamole.yml | 52 +++++++++++++++++++++ scripts/services/Mistborn-guacamole.service | 22 +++++++++ 2 files changed, 74 insertions(+) create mode 100644 extra/guacamole.yml create mode 100644 scripts/services/Mistborn-guacamole.service diff --git a/extra/guacamole.yml b/extra/guacamole.yml new file mode 100644 index 0000000..b390bdd --- /dev/null +++ b/extra/guacamole.yml @@ -0,0 +1,52 @@ +version: '3' + +# services +services: + # guacd + guacd: + container_name: mistborn_production_guacd + image: guacamole/guacd + networks: + guacnetwork: + restart: unless-stopped + volumes: + - ../../mistborn_volumes/extra/guacamole/drive:/drive:rw + - ../../mistborn_volumes/extra/guacamole/record:/record:rw + + # guacamole + guacamole: + container_name: mistborn_production_guacamole + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice-http.rule=Host(`guac.mistborn`)" + - "traefik.http.routers.onlyoffice-http.entrypoints=web" + - "traefik.http.routers.onlyoffice-http.middlewares=mistborn_auth@file" + - "traefik.http.routers.onlyoffice-https.rule=Host(`guac.mistborn`)" + - "traefik.http.routers.onlyoffice-https.entrypoints=websecure" + - "traefik.http.routers.onlyoffice-https.middlewares=mistborn_auth@file" + - "traefik.http.routers.onlyoffice-https.tls.certresolver=basic" + - "traefik.http.services.onlyoffice-service.loadbalancer.server.port=8080" + depends_on: + - guacd + - postgres + environment: + GUACD_HOSTNAME: guacd + env_file: + - ../.envs/.production/.postgres + image: guacamole/guacamole + links: + - guacd + networks: + guacnetwork: + #ports: +## enable next line if not using nginx +## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. +## enable next line when using nginx + #- 8080/tcp + restart: unless-stopped + +# networks +# create a network 'guacnetwork' in mode 'bridged' +networks: + guacnetwork: + driver: bridge \ No newline at end of file diff --git a/scripts/services/Mistborn-guacamole.service b/scripts/services/Mistborn-guacamole.service new file mode 100644 index 0000000..9fde853 --- /dev/null +++ b/scripts/services/Mistborn-guacamole.service @@ -0,0 +1,22 @@ +[Unit] +Description=Mistborn Guacamole +Requires=Mistborn-base.service +After=Mistborn-base.service +PartOf=Mistborn-base.service + +[Service] +Restart=always +User=root +Group=docker +PermissionsStartOnly=true +# Shutdown container (if running) when unit is stopped +ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/guacamole.yml down + +# Start container when unit is started +ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/guacamole.yml up --build +# Stop container when unit is stopped +ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/guacamole.yml down +# Post stop + +[Install] +WantedBy=multi-user.target From eda5073f5bed22f25ef13307bfac337d3d0388c9 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 21:45:04 -0500 Subject: [PATCH 02/15] bugfixes --- extra/guacamole.yml | 3 +-- scripts/subinstallers/gen_prod_env.sh | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index b390bdd..331c16d 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -28,7 +28,6 @@ services: - "traefik.http.services.onlyoffice-service.loadbalancer.server.port=8080" depends_on: - guacd - - postgres environment: GUACD_HOSTNAME: guacd env_file: @@ -49,4 +48,4 @@ services: # create a network 'guacnetwork' in mode 'bridged' networks: guacnetwork: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index ef9bab6..0ed9c3b 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -29,6 +29,7 @@ POSTGRES_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([s echo "POSTGRES_HOST=postgres" > $POSTGRES_PROD_FILE echo "POSTGRES_PORT=5432" >> $POSTGRES_PROD_FILE echo "POSTGRES_DB=mistborn" >> $POSTGRES_PROD_FILE +echo "POSTGRES_DATABASE=mistborn" >> $POSTGRES_PROD_FILE echo "POSTGRES_USER=prod" >> $POSTGRES_PROD_FILE echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $POSTGRES_PROD_FILE From 9aff1b662501dd9abfa98f1e50cc33612a9fc89e Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 21:51:47 -0500 Subject: [PATCH 03/15] postgres hostname --- extra/guacamole.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 331c16d..5c68e3d 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -30,6 +30,7 @@ services: - guacd environment: GUACD_HOSTNAME: guacd + POSTGRES_HOSTNAME: postgres env_file: - ../.envs/.production/.postgres image: guacamole/guacamole From d33f41da5b8427aecb52ae715e5f466ad9d34ce8 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 21:52:38 -0500 Subject: [PATCH 04/15] one place --- scripts/subinstallers/gen_prod_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index 0ed9c3b..cae42ca 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -29,7 +29,7 @@ POSTGRES_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([s echo "POSTGRES_HOST=postgres" > $POSTGRES_PROD_FILE echo "POSTGRES_PORT=5432" >> $POSTGRES_PROD_FILE echo "POSTGRES_DB=mistborn" >> $POSTGRES_PROD_FILE -echo "POSTGRES_DATABASE=mistborn" >> $POSTGRES_PROD_FILE +echo "POSTGRES_DATABASE=$POSTGRES_DB" >> $POSTGRES_PROD_FILE echo "POSTGRES_USER=prod" >> $POSTGRES_PROD_FILE echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $POSTGRES_PROD_FILE From 4bd093b63b926991d5e1642fb0f323299abebeba Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 22:11:35 -0500 Subject: [PATCH 05/15] not variable --- scripts/subinstallers/gen_prod_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index cae42ca..0ed9c3b 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -29,7 +29,7 @@ POSTGRES_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([s echo "POSTGRES_HOST=postgres" > $POSTGRES_PROD_FILE echo "POSTGRES_PORT=5432" >> $POSTGRES_PROD_FILE echo "POSTGRES_DB=mistborn" >> $POSTGRES_PROD_FILE -echo "POSTGRES_DATABASE=$POSTGRES_DB" >> $POSTGRES_PROD_FILE +echo "POSTGRES_DATABASE=mistborn" >> $POSTGRES_PROD_FILE echo "POSTGRES_USER=prod" >> $POSTGRES_PROD_FILE echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $POSTGRES_PROD_FILE From 85c6766d4dfc9a026449ade4ec7b988b915a6615 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 22:44:57 -0500 Subject: [PATCH 06/15] init --- scripts/env/guacamole_init.sh | 5 +++++ scripts/services/Mistborn-guacamole.service | 1 + 2 files changed, 6 insertions(+) create mode 100755 scripts/env/guacamole_init.sh diff --git a/scripts/env/guacamole_init.sh b/scripts/env/guacamole_init.sh new file mode 100755 index 0000000..4f265da --- /dev/null +++ b/scripts/env/guacamole_init.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +mkdir -p /opt/mistborn_volumes/extra/guacamole/init/ || true +chmod -R +x /opt/mistborn_volumes/extra/guacamole/init/ +docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /opt/mistborn_volumes/extra/guacamole/init/initdb.sql diff --git a/scripts/services/Mistborn-guacamole.service b/scripts/services/Mistborn-guacamole.service index 9fde853..9576cbc 100644 --- a/scripts/services/Mistborn-guacamole.service +++ b/scripts/services/Mistborn-guacamole.service @@ -9,6 +9,7 @@ Restart=always User=root Group=docker PermissionsStartOnly=true +ExecStartPre=/opt/mistborn/scripts/env/guacamole_init.sh # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/guacamole.yml down From 6eb0a31d7a6520efb054fff0103d703947385510 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 23:01:56 -0500 Subject: [PATCH 07/15] more vars --- extra/guacamole.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 5c68e3d..8187ab0 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -30,7 +30,9 @@ services: - guacd environment: GUACD_HOSTNAME: guacd + GUACD_PORT: 4822 POSTGRES_HOSTNAME: postgres + GUACAMOLE_HOME: /opt/mistborn_volumes/extra/guacamole/config env_file: - ../.envs/.production/.postgres image: guacamole/guacamole From 1c1adc391a4b8d2bfd5aa46b72e7eb267a568655 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Thu, 25 Feb 2021 23:05:02 -0500 Subject: [PATCH 08/15] traefik names --- extra/guacamole.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 8187ab0..283cedc 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -18,14 +18,14 @@ services: container_name: mistborn_production_guacamole labels: - "traefik.enable=true" - - "traefik.http.routers.onlyoffice-http.rule=Host(`guac.mistborn`)" - - "traefik.http.routers.onlyoffice-http.entrypoints=web" - - "traefik.http.routers.onlyoffice-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.onlyoffice-https.rule=Host(`guac.mistborn`)" - - "traefik.http.routers.onlyoffice-https.entrypoints=websecure" - - "traefik.http.routers.onlyoffice-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.onlyoffice-https.tls.certresolver=basic" - - "traefik.http.services.onlyoffice-service.loadbalancer.server.port=8080" + - "traefik.http.routers.guacamole-http.rule=Host(`guac.mistborn`)" + - "traefik.http.routers.guacamole-http.entrypoints=web" + - "traefik.http.routers.guacamole-http.middlewares=mistborn_auth@file" + - "traefik.http.routers.guacamole-https.rule=Host(`guac.mistborn`)" + - "traefik.http.routers.guacamole-https.entrypoints=websecure" + - "traefik.http.routers.guacamole-https.middlewares=mistborn_auth@file" + - "traefik.http.routers.guacamole-https.tls.certresolver=basic" + - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080" depends_on: - guacd environment: From 85d33063618895f0dbc2c009a48f9edae6e4bc58 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 09:54:42 -0500 Subject: [PATCH 09/15] tweaks --- extra/guacamole.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 283cedc..62efd14 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -32,7 +32,7 @@ services: GUACD_HOSTNAME: guacd GUACD_PORT: 4822 POSTGRES_HOSTNAME: postgres - GUACAMOLE_HOME: /opt/mistborn_volumes/extra/guacamole/config + #GUACAMOLE_HOME: /config env_file: - ../.envs/.production/.postgres image: guacamole/guacamole @@ -40,11 +40,11 @@ services: - guacd networks: guacnetwork: - #ports: + ports: ## enable next line if not using nginx ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx - #- 8080/tcp + - 8080/tcp restart: unless-stopped # networks From 86872bc6483ca940764d5ed33e84f51e01d0521a Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 11:10:27 -0500 Subject: [PATCH 10/15] standalone postgres --- extra/guacamole.yml | 27 +++++++++++++++++++++++---- scripts/subinstallers/gen_prod_env.sh | 11 ++++++++++- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 62efd14..dbacf4b 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -13,6 +13,26 @@ services: - ../../mistborn_volumes/extra/guacamole/drive:/drive:rw - ../../mistborn_volumes/extra/guacamole/record:/record:rw + + # postgres + guac_postgres: + container_name: mistborn_production_guac_postgres + env_file: + - ../.envs/.production/.guacamole + environment: + PGDATA: /var/lib/postgresql/data/guacamole + #POSTGRES_DB: guacamole_db + #POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234 + #POSTGRES_USER: guacamole_user + image: postgres + networks: + guacnetwork: + restart: unless-stopped + volumes: + - ../../mistborn_volumes/extra/guacamole/init:/docker-entrypoint-initdb.d:ro + - ../../mistborn_volumes/extra/guacamole/data:/var/lib/postgresql/data:rw + + # guacamole guacamole: container_name: mistborn_production_guacamole @@ -31,20 +51,19 @@ services: environment: GUACD_HOSTNAME: guacd GUACD_PORT: 4822 - POSTGRES_HOSTNAME: postgres #GUACAMOLE_HOME: /config env_file: - - ../.envs/.production/.postgres + - ../.envs/.production/.guacamole image: guacamole/guacamole links: - guacd networks: guacnetwork: - ports: + #ports: ## enable next line if not using nginx ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx - - 8080/tcp + #- 8080/tcp restart: unless-stopped # networks diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index 0ed9c3b..818f64b 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -29,7 +29,6 @@ POSTGRES_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([s echo "POSTGRES_HOST=postgres" > $POSTGRES_PROD_FILE echo "POSTGRES_PORT=5432" >> $POSTGRES_PROD_FILE echo "POSTGRES_DB=mistborn" >> $POSTGRES_PROD_FILE -echo "POSTGRES_DATABASE=mistborn" >> $POSTGRES_PROD_FILE echo "POSTGRES_USER=prod" >> $POSTGRES_PROD_FILE echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $POSTGRES_PROD_FILE @@ -79,3 +78,13 @@ sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; im sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" + +# Guacamole +GUAC_PROD_FILE="./.envs/.production/.guacamole" +GUAC_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") +echo "POSTGRES_HOST=guac_postgres" > $GUAC_PROD_FILE +echo "POSTGRES_PORT=5432" >> $GUAC_PROD_FILE +echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE +echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE +echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE +echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file From 41cdfd3bb4bf2170647b60f5a89f06a443f9c31f Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 11:11:59 -0500 Subject: [PATCH 11/15] dependency --- extra/guacamole.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/extra/guacamole.yml b/extra/guacamole.yml index dbacf4b..2513565 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -48,6 +48,7 @@ services: - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080" depends_on: - guacd + - guac_postgres environment: GUACD_HOSTNAME: guacd GUACD_PORT: 4822 From 065b58140f0f162210a3375bd85e5301db6d1872 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 16:36:50 -0500 Subject: [PATCH 12/15] set default password --- scripts/env/guacamole_init.sh | 7 +++++++ scripts/services/Mistborn-guacamole.service | 1 + scripts/subinstallers/gen_prod_env.sh | 4 +++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scripts/env/guacamole_init.sh b/scripts/env/guacamole_init.sh index 4f265da..fbdf813 100755 --- a/scripts/env/guacamole_init.sh +++ b/scripts/env/guacamole_init.sh @@ -3,3 +3,10 @@ mkdir -p /opt/mistborn_volumes/extra/guacamole/init/ || true chmod -R +x /opt/mistborn_volumes/extra/guacamole/init/ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /opt/mistborn_volumes/extra/guacamole/init/initdb.sql + +# reset default password in init.db +SALT=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice('0123456789ABCDEF') for x in range(32)]))") +GUAC_PASSWORD_HASHED=$(echo -n "${MISTBORN_DEFAULT_PASSWORD}${SALT}" | sha256sum | awk '{print $1}' | tr a-z A-Z) + +sed -i "s/\'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264\'/\'$SALT\'/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +sed -i "s/\'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960\'/\'$GUAC_PASSWORD_HASHED\'/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql \ No newline at end of file diff --git a/scripts/services/Mistborn-guacamole.service b/scripts/services/Mistborn-guacamole.service index 9576cbc..be4f9f1 100644 --- a/scripts/services/Mistborn-guacamole.service +++ b/scripts/services/Mistborn-guacamole.service @@ -9,6 +9,7 @@ Restart=always User=root Group=docker PermissionsStartOnly=true +EnvironmentFile=/opt/mistborn/.envs/.production/.guacamole ExecStartPre=/opt/mistborn/scripts/env/guacamole_init.sh # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/guacamole.yml down diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index 818f64b..bc06297 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -83,8 +83,10 @@ sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets GUAC_PROD_FILE="./.envs/.production/.guacamole" GUAC_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") echo "POSTGRES_HOST=guac_postgres" > $GUAC_PROD_FILE +echo "POSTGRES_HOSTNAME=guac_postgres" > $GUAC_PROD_FILE echo "POSTGRES_PORT=5432" >> $GUAC_PROD_FILE echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE -echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file +echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file From e8bb0ebc082102a890a81c2b827c7e94ba4ddff1 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 16:44:37 -0500 Subject: [PATCH 13/15] mistborn user --- scripts/env/guacamole_init.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/env/guacamole_init.sh b/scripts/env/guacamole_init.sh index fbdf813..92d26dd 100755 --- a/scripts/env/guacamole_init.sh +++ b/scripts/env/guacamole_init.sh @@ -8,5 +8,6 @@ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /o SALT=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice('0123456789ABCDEF') for x in range(32)]))") GUAC_PASSWORD_HASHED=$(echo -n "${MISTBORN_DEFAULT_PASSWORD}${SALT}" | sha256sum | awk '{print $1}' | tr a-z A-Z) -sed -i "s/\'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264\'/\'$SALT\'/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql -sed -i "s/\'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960\'/\'$GUAC_PASSWORD_HASHED\'/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql \ No newline at end of file +sed -i "s/FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264/$SALT/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +sed -i "s/CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960/$GUAC_PASSWORD_HASHED/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +sed -i "s/guacadmin/mistborn/g" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql \ No newline at end of file From 0da0b33b2f97822da81746312513cf6745b51a3b Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 18:08:55 -0500 Subject: [PATCH 14/15] more robust --- scripts/env/guacamole_init.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/env/guacamole_init.sh b/scripts/env/guacamole_init.sh index 92d26dd..5445e6f 100755 --- a/scripts/env/guacamole_init.sh +++ b/scripts/env/guacamole_init.sh @@ -4,10 +4,13 @@ mkdir -p /opt/mistborn_volumes/extra/guacamole/init/ || true chmod -R +x /opt/mistborn_volumes/extra/guacamole/init/ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +# grab values in initdb.sql to replace +HEXSTRINGS=($(egrep -o [0-9a-fA-F]{64} /opt/mistborn_volumes/extra/guacamole/init/initdb.sql)) + # reset default password in init.db -SALT=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice('0123456789ABCDEF') for x in range(32)]))") +SALT=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice('0123456789ABCDEF') for x in range(64)]))") GUAC_PASSWORD_HASHED=$(echo -n "${MISTBORN_DEFAULT_PASSWORD}${SALT}" | sha256sum | awk '{print $1}' | tr a-z A-Z) -sed -i "s/FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264/$SALT/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql -sed -i "s/CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960/$GUAC_PASSWORD_HASHED/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +sed -i "s/${HEXSTRINGS[1]}/$SALT/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql +sed -i "s/${HEXSTRINGS[0]}/$GUAC_PASSWORD_HASHED/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql sed -i "s/guacadmin/mistborn/g" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql \ No newline at end of file From 46c7db6dbfa200020f57b2ee16e6d9da2a0a9f04 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 26 Feb 2021 18:40:49 -0500 Subject: [PATCH 15/15] README --- README.md | 6 +++++- extra/guacamole.yml | 3 --- scripts/env/guacamole_init.sh | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e5afaa0..3026cd5 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Within Mistborn is a panel to enable and manage these free extra services (off b - [Jellyfin](https://jellyfin.org): The Free Media Software System. - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy. - [Jitsi](https://jitsi.org): Multi-platform open-source video conferencing +- [Guacamole](https://guacamole.apache.org): A clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. # Quickstart Tested Operating Systems (in order of thoroughness): @@ -69,7 +70,7 @@ The Mistborn docker images exist for these architectures: | Mistborn Docker Images (hub.docker.com) | Architectures | |------------------------------------------------|---------------------| -| mistborn (django, celery{worker,beat}, flower) | amd64, arm64, arm/v7 | +| mistborn (django, celery{worker,beat}) | amd64, arm64, arm/v7 | | dnscrypt-proxy | amd64, arm64, arm/v7 | Recommended System Specifications: @@ -277,6 +278,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client | Syncthing | syncthing.mistborn | Off | | OnlyOffice | onlyoffice.mistborn | Off | | Jitsi | jitsi.mistborn | Off | +| Guacamole | guac.mistborn | Off | # Default Credentials These are the default credentials to use in the services you choose to use: @@ -286,6 +288,7 @@ These are the default credentials to use in the services you choose to use: | Pihole | | {{default mistborn password}} | | Cockpit | cockpit | {{default mistborn password}} | | Nextcloud | mistborn | {{default mistborn password}} | +| Guacamole | mistborn | {{default mistborn password }} | You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/` @@ -445,6 +448,7 @@ sudo journalctl -xfu Mistborn-syncthing sudo journalctl -xfu Mistborn-jellyfin sudo journalctl -xfu Mistborn-nextcloud sudo journalctl -xfu Mistborn-jitsi +sudo journalctl -xfu Mistborn-guacamole sudo journalctl -xfu Mistborn-rocketchat sudo journalctl -xfu Mistborn-onlyoffice sudo journalctl -xfu Mistborn-tor diff --git a/extra/guacamole.yml b/extra/guacamole.yml index 2513565..f3310a7 100644 --- a/extra/guacamole.yml +++ b/extra/guacamole.yml @@ -21,9 +21,6 @@ services: - ../.envs/.production/.guacamole environment: PGDATA: /var/lib/postgresql/data/guacamole - #POSTGRES_DB: guacamole_db - #POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234 - #POSTGRES_USER: guacamole_user image: postgres networks: guacnetwork: diff --git a/scripts/env/guacamole_init.sh b/scripts/env/guacamole_init.sh index 5445e6f..50c846f 100755 --- a/scripts/env/guacamole_init.sh +++ b/scripts/env/guacamole_init.sh @@ -1,6 +1,6 @@ #!/bin/bash -mkdir -p /opt/mistborn_volumes/extra/guacamole/init/ || true +mkdir -p /opt/mistborn_volumes/extra/guacamole/init/ >/dev/null 2>&1 chmod -R +x /opt/mistborn_volumes/extra/guacamole/init/ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /opt/mistborn_volumes/extra/guacamole/init/initdb.sql