diff --git a/README.md b/README.md index 5298329..7654855 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ Within Mistborn is a panel to enable and manage these free extra services (off b # Quickstart Tested Operating Systems (in order of thoroughness): - Ubuntu 20.04 LTS -- Ubuntu 18.04 LTS - Debian 10 (Buster) - Raspberry Pi OS (formerly Raspbian) Buster @@ -606,6 +605,7 @@ Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com) # Support Mistborn Please consider supporting the project via: +- [Patreon](https://www.patreon.com/cyber5k) - [Paypal.me](https://paypal.me/cyber5k) - [Buy me a drink](https://www.buymeacoffee.com/cyber5k) -- [Patreon](https://www.patreon.com/cyber5k) +- Bitcoin: `3Lqxc1vpndN3TGi9cipNHg1RgXxGxVDdZo` diff --git a/base.yml b/base.yml index e4980f5..9058b34 100644 --- a/base.yml +++ b/base.yml @@ -13,7 +13,7 @@ services: - postgres - redis ports: - - "10.2.3.1:5000:5000/tcp" # auth access + - "${MISTBORN_DNS_BIND_IP}:5000:5000/tcp" # auth access labels: - "traefik.enable=true" - "traefik.http.routers.django-http.rule=Host(`home.mistborn`)" @@ -51,7 +51,7 @@ services: # context: . # dockerfile: ./compose/production/traefik/Dockerfile #image: mistborn_production_traefik - image: traefik:v2.2 + image: traefik:v2.4.9 container_name: mistborn_production_traefik depends_on: - django @@ -85,8 +85,42 @@ services: #- --serversTransport.insecureSkipVerify=true restart: unless-stopped + portal: + build: + context: ./compose/production/portal/ + dockerfile: Dockerfile + image: mistborn_production_portal + container_name: mistborn_production_portal + ports: + - "${MISTBORN_DNS_BIND_IP}:5001:80" + environment: + - SERVER_REDIRECT=home.mistborn + # optionally define path to redirect all requests + # if not set nginx var $request_uri is used + - SERVER_REDIRECT_PATH=/ + # optionally define schema to redirect all requests + # if not set but X-Forwarded-Proto is send as request header with value 'https' this will be used. + # In all other cases nginx var `$scheme` is used + #- SERVER_REDIRECT_SCHEME=https + # optionally define the http code to use for redirection + # allowed Codes are: 301, 302, 303, 307, 308, default is 301 + #- SERVER_REDIRECT_CODE=301 + # optionally define the http code to redirect POST requests + # if not set or not in allowed Codes, SERVER_REDIRECT_CODE will be used + #- SERVER_REDIRECT_POST_CODE= + # optionally define the http code to redirect PUT, PATCH and DELETE requests + # if not set or not in allowed Codes, SERVER_REDIRECT_CODE will be used + #- SERVER_REDIRECT_PUT_PATCH_DELETE_CODE= + # optionally define the location for the nginx access log + # if not set /dev/stdout is used + #- SERVER_ACCESS_LOG=/dev/null + # optionally define the location for the nginx error log + # if not set /dev/stderr is used + #- SERVER_ERROR_LOG=/dev/null + restart: unless-stopped + redis: - image: redis:5.0 + image: redis:6.2-alpine container_name: mistborn_production_redis restart: unless-stopped @@ -158,7 +192,7 @@ services: pihole: container_name: mistborn_production_pihole - image: pihole/pihole:v5.7 + image: pihole/pihole:v5.8 env_file: - ./.envs/.production/.pihole ports: @@ -177,8 +211,9 @@ services: - "traefik.http.services.pihole-service.loadbalancer.server.port=80" environment: - ServerIP=10.2.0.3 - - DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used - - DNS2='' + - PIHOLE_DNS_=10.2.0.2#5054 + #- DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used + #- DNS2='' - IPv6='false' - DNSMASQ_LISTENING=all # TZ: 'America/New York' diff --git a/compose/production/portal/Dockerfile b/compose/production/portal/Dockerfile new file mode 100644 index 0000000..5f5edeb --- /dev/null +++ b/compose/production/portal/Dockerfile @@ -0,0 +1,8 @@ +FROM nginx:1.21.1-alpine + +ADD run.sh /run.sh +ADD default.conf /etc/nginx/conf.d/default.conf + +RUN chmod +x /run.sh + +CMD ["/run.sh"] \ No newline at end of file diff --git a/compose/production/portal/default.conf b/compose/production/portal/default.conf new file mode 100644 index 0000000..be0b82b --- /dev/null +++ b/compose/production/portal/default.conf @@ -0,0 +1,29 @@ +map $http_x_forwarded_proto $redirect_scheme { + default $scheme; + https https; +} + +server { + listen 80; + listen [::]:80; + server_name ${SERVER_NAME}; + + # cherry picked from https://github.com/schmunk42/docker-nginx-redirect/pull/8 + if ($request_method = POST) { + return ${SERVER_REDIRECT_POST_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; + } + + if ($request_method ~ PUT|PATCH|DELETE) { + return ${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; + } + + return ${SERVER_REDIRECT_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} \ No newline at end of file diff --git a/compose/production/portal/run.sh b/compose/production/portal/run.sh new file mode 100755 index 0000000..6ff495a --- /dev/null +++ b/compose/production/portal/run.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env sh + +if [ ! -n "$SERVER_REDIRECT" ] ; then + echo "Environment variable SERVER_REDIRECT is not set, exiting." + exit 1 +fi + +# set server name from optional ENV var +if [ ! -n "$SERVER_NAME" ] ; then + SERVER_NAME='localhost' +fi + +# set redirect code from optional ENV var +# allowed Status Codes are: 301, 302, 303, 307, 308 +expr match "$SERVER_REDIRECT_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_CODE='301' + +# set redirect code from optional ENV var for POST requests +expr match "$SERVER_REDIRECT_POST_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_POST_CODE=$SERVER_REDIRECT_CODE + +# set redirect code from optional ENV var for PUT, PATCH and DELETE requests +expr match "$SERVER_REDIRECT_PUT_PATCH_DELETE_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_PUT_PATCH_DELETE_CODE=$SERVER_REDIRECT_CODE + +# set redirect path from optional ENV var +if [ ! -n "$SERVER_REDIRECT_PATH" ] ; then + SERVER_REDIRECT_PATH='$request_uri' +fi + +# set redirect scheme from optional ENV var +if [ ! -n "$SERVER_REDIRECT_SCHEME" ] ; then + SERVER_REDIRECT_SCHEME='$redirect_scheme' +fi + +# set access log location from optional ENV var +if [ ! -n "$SERVER_ACCESS_LOG" ] ; then + SERVER_ACCESS_LOG='/dev/stdout' +fi + +# set error log location from optional ENV var +if [ ! -n "$SERVER_ERROR_LOG" ] ; then + SERVER_ERROR_LOG='/dev/stderr' +fi + +sed -i "s|\${SERVER_REDIRECT}|${SERVER_REDIRECT}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_NAME}|${SERVER_NAME}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_REDIRECT_CODE}|${SERVER_REDIRECT_CODE}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_REDIRECT_POST_CODE}|${SERVER_REDIRECT_POST_CODE}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE}|${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_REDIRECT_PATH}|${SERVER_REDIRECT_PATH}|" /etc/nginx/conf.d/default.conf +sed -i "s|\${SERVER_REDIRECT_SCHEME}|${SERVER_REDIRECT_SCHEME}|" /etc/nginx/conf.d/default.conf + +ln -sfT "$SERVER_ACCESS_LOG" /var/log/nginx/access.log +ln -sfT "$SERVER_ERROR_LOG" /var/log/nginx/error.log + +exec nginx -g 'daemon off;' \ No newline at end of file diff --git a/compose/production/postgres/Dockerfile b/compose/production/postgres/Dockerfile index 7cf4173..c37f89c 100644 --- a/compose/production/postgres/Dockerfile +++ b/compose/production/postgres/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:11.3 +FROM postgres:13.3-alpine COPY ./compose/production/postgres/maintenance /usr/local/bin/maintenance RUN chmod +x /usr/local/bin/maintenance/* diff --git a/compose/production/tor/Dockerfile b/compose/production/tor/Dockerfile index 11f8bb8..d7821c9 100644 --- a/compose/production/tor/Dockerfile +++ b/compose/production/tor/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.14.0 RUN apk update \ && apk upgrade \ diff --git a/compose/production/traefik/Dockerfile b/compose/production/traefik/Dockerfile index 04c5f93..8fad7ed 100644 --- a/compose/production/traefik/Dockerfile +++ b/compose/production/traefik/Dockerfile @@ -1,4 +1,4 @@ -FROM traefik:v2.2 +FROM traefik:v2.4.9 RUN mkdir -p /etc/traefik/acme RUN touch /etc/traefik/acme/acme.json RUN chmod 600 /etc/traefik/acme/acme.json diff --git a/extra/bitwarden.yml b/extra/bitwarden.yml deleted file mode 100644 index cd66424..0000000 --- a/extra/bitwarden.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: '3' - -services: - bitwarden: - image: bitwardenrs/server:latest - container_name: mistborn_production_bitwarden - env_file: - - ../.envs/.production/.bitwarden - volumes: - - ../../mistborn_volumes/extra/bitwarden:/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.mistborn`)" - - "traefik.http.routers.bitwarden-http.entrypoints=web" - - "traefik.http.routers.bitwarden-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.mistborn`)" - - "traefik.http.routers.bitwarden-https.entrypoints=websecure" - - "traefik.http.routers.bitwarden-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.bitwarden-https.tls.certresolver=basic" - - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80" - ports: - - "${MISTBORN_BIND_IP}:3012:3012/tcp" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/jitsi-meet.yml b/extra/jitsi-meet.yml deleted file mode 100644 index 4a92b8e..0000000 --- a/extra/jitsi-meet.yml +++ /dev/null @@ -1,255 +0,0 @@ -version: '3' - -services: - # Frontend - jitsi-web: - image: jitsi/web:latest - restart: unless-stopped - #ports: - #- '${HTTP_PORT}:80' - #- '${HTTPS_PORT}:443' - labels: - - "traefik.enable=true" - - "traefik.http.routers.jitsi-http.rule=Host(`jitsi.mistborn`)" - - "traefik.http.routers.jitsi-http.entrypoints=web" - - "traefik.http.routers.jitsi-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.jitsi-https.rule=Host(`jitsi.mistborn`)" - - "traefik.http.routers.jitsi-https.entrypoints=websecure" - - "traefik.http.routers.jitsi-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.jitsi-https.tls.certresolver=basic" - - "traefik.http.services.jitsi-service.loadbalancer.server.port=${HTTP_PORT}" - volumes: - - ${CONFIG}/web:/config:Z - - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - ENABLE_LETSENCRYPT - - ENABLE_HTTP_REDIRECT - - ENABLE_XMPP_WEBSOCKET - - DISABLE_HTTPS - - LETSENCRYPT_DOMAIN - - LETSENCRYPT_EMAIL - - LETSENCRYPT_USE_STAGING - - PUBLIC_URL - - TZ - - AMPLITUDE_ID - - ANALYTICS_SCRIPT_URLS - - ANALYTICS_WHITELISTED_EVENTS - - BRIDGE_CHANNEL - - BRANDING_DATA_URL - - CALLSTATS_CUSTOM_SCRIPT_URL - - CALLSTATS_ID - - CALLSTATS_SECRET - - CHROME_EXTENSION_BANNER_JSON - - CONFCODE_URL - - CONFIG_EXTERNAL_CONNECT - - DEPLOYMENTINFO_ENVIRONMENT - - DEPLOYMENTINFO_ENVIRONMENT_TYPE - - DEPLOYMENTINFO_USERREGION - - DIALIN_NUMBERS_URL - - DIALOUT_AUTH_URL - - DIALOUT_CODES_URL - - DROPBOX_APPKEY - - DROPBOX_REDIRECT_URI - - ENABLE_AUDIO_PROCESSING - - ENABLE_AUTH - - ENABLE_CALENDAR - - ENABLE_FILE_RECORDING_SERVICE - - ENABLE_FILE_RECORDING_SERVICE_SHARING - - ENABLE_GUESTS - - ENABLE_IPV6 - - ENABLE_LIPSYNC - - ENABLE_NO_AUDIO_DETECTION - - ENABLE_P2P - - ENABLE_PREJOIN_PAGE - - ENABLE_RECORDING - - ENABLE_REMB - - ENABLE_REQUIRE_DISPLAY_NAME - - ENABLE_SIMULCAST - - ENABLE_STATS_ID - - ENABLE_STEREO - - ENABLE_SUBDOMAINS - - ENABLE_TALK_WHILE_MUTED - - ENABLE_TCC - - ENABLE_TRANSCRIPTIONS - - ETHERPAD_PUBLIC_URL - - ETHERPAD_URL_BASE - - GOOGLE_ANALYTICS_ID - - GOOGLE_API_APP_CLIENT_ID - - INVITE_SERVICE_URL - - JICOFO_AUTH_USER - - MATOMO_ENDPOINT - - MATOMO_SITE_ID - - MICROSOFT_API_APP_CLIENT_ID - - NGINX_RESOLVER - - NGINX_WORKER_PROCESSES - - NGINX_WORKER_CONNECTIONS - - PEOPLE_SEARCH_URL - - RESOLUTION - - RESOLUTION_MIN - - RESOLUTION_WIDTH - - RESOLUTION_WIDTH_MIN - - START_AUDIO_ONLY - - START_AUDIO_MUTED - - START_BITRATE - - START_VIDEO_MUTED - - TESTING_CAP_SCREENSHARE_BITRATE - - TESTING_OCTO_PROBABILITY - - XMPP_AUTH_DOMAIN - - XMPP_BOSH_URL_BASE - - XMPP_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - TOKEN_AUTH_URL - networks: - default: - meet.jitsi: - aliases: - - ${XMPP_DOMAIN} - - # XMPP server - jitsi-prosody: - image: jitsi/prosody:latest - restart: unless-stopped - expose: - - '5222' - - '5347' - - '5280' - volumes: - - ${CONFIG}/prosody/config:/config:Z - - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - AUTH_TYPE - - ENABLE_AUTH - - ENABLE_GUESTS - - ENABLE_LOBBY - - ENABLE_XMPP_WEBSOCKET - - GLOBAL_MODULES - - GLOBAL_CONFIG - - LDAP_URL - - LDAP_BASE - - LDAP_BINDDN - - LDAP_BINDPW - - LDAP_FILTER - - LDAP_AUTH_METHOD - - LDAP_VERSION - - LDAP_USE_TLS - - LDAP_TLS_CIPHERS - - LDAP_TLS_CHECK_PEER - - LDAP_TLS_CACERT_FILE - - LDAP_TLS_CACERT_DIR - - LDAP_START_TLS - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MODULES - - XMPP_MUC_MODULES - - XMPP_INTERNAL_MUC_MODULES - - XMPP_RECORDER_DOMAIN - - XMPP_CROSS_DOMAIN - - JICOFO_COMPONENT_SECRET - - JICOFO_AUTH_USER - - JICOFO_AUTH_PASSWORD - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD - - JIGASI_XMPP_USER - - JIGASI_XMPP_PASSWORD - - JIBRI_XMPP_USER - - JIBRI_XMPP_PASSWORD - - JIBRI_RECORDER_USER - - JIBRI_RECORDER_PASSWORD - - JWT_APP_ID - - JWT_APP_SECRET - - JWT_ACCEPTED_ISSUERS - - JWT_ACCEPTED_AUDIENCES - - JWT_ASAP_KEYSERVER - - JWT_ALLOW_EMPTY - - JWT_AUTH_TYPE - - JWT_TOKEN_AUTH_MODULE - - LOG_LEVEL - - PUBLIC_URL - - TZ - networks: - meet.jitsi: - aliases: - - ${XMPP_SERVER} - - # Focus component - jitsi-jicofo: - image: jitsi/jicofo:latest - restart: unless-stopped - volumes: - - ${CONFIG}/jicofo:/config:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - AUTH_TYPE - - ENABLE_AUTH - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_SERVER - - JICOFO_COMPONENT_SECRET - - JICOFO_AUTH_USER - - JICOFO_AUTH_PASSWORD - - JICOFO_RESERVATION_REST_BASE_URL - - JVB_BREWERY_MUC - - JIGASI_BREWERY_MUC - - JIGASI_SIP_URI - - JIBRI_BREWERY_MUC - - JIBRI_PENDING_TIMEOUT - - TZ - depends_on: - - jitsi-prosody - networks: - meet.jitsi: - - # Video bridge - jitsi-jvb: - image: jitsi/jvb:latest - restart: unless-stopped - ports: - - "${MISTBORN_BIND_IP}:${JVB_PORT}:${JVB_PORT}/udp" - - "${MISTBORN_BIND_IP}:${JVB_TCP_PORT}:${JVB_TCP_PORT}" - volumes: - - ${CONFIG}/jvb:/config:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - DOCKER_HOST_ADDRESS - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_SERVER - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD - - JVB_BREWERY_MUC - - JVB_PORT - - JVB_TCP_HARVESTER_DISABLED - - JVB_TCP_PORT - - JVB_TCP_MAPPED_PORT - - JVB_STUN_SERVERS - - JVB_ENABLE_APIS - - JVB_WS_DOMAIN - - JVB_WS_SERVER_ID - - PUBLIC_URL - - TZ - depends_on: - - jitsi-prosody - networks: - meet.jitsi: - aliases: - - jvb.meet.jitsi - -# Custom network so all services can communicate using a FQDN -networks: - default: - external: - name: mistborn_default - meet.jitsi: diff --git a/extra/raspap.yml b/extra/raspap.yml deleted file mode 100644 index 9b773ce..0000000 --- a/extra/raspap.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: '3' - -services: - raspap: - image: "cyber5k/raspap:${MISTBORN_TAG}" - container_name: mistborn_production_raspap - #network_mode: host - labels: - - "traefik.enable=true" - - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)" - - "traefik.http.routers.raspap-http.entrypoints=web" - - "traefik.http.routers.raspap-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.raspap-https.rule=Host(`raspap.mistborn`)" - - "traefik.http.routers.raspap-https.entrypoints=websecure" - - "traefik.http.routers.raspap-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.raspap-https.tls.certresolver=basic" - - "traefik.http.services.raspap-service.loadbalancer.server.port=80" - env_file: - - ../.envs/.production/.raspap - cap_add: - #- NET_ADMIN - - SYS_ADMIN - #- CAP_FOWNER - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - #command: /start - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/syncthing.yml b/extra/syncthing.yml deleted file mode 100644 index f66bd73..0000000 --- a/extra/syncthing.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '3' - -services: - syncthing: - image: linuxserver/syncthing - container_name: mistborn_production_syncthing - environment: - - PUID=1000 - - PGID=1000 - - TZ=Amereica/New_York - - UMASK_SET=022 - volumes: - - ../../mistborn_volumes/extra/syncthing/config:/config - - ../../mistborn_volumes/extra/syncthing/data1:/data1 - - ../../mistborn_volumes/extra/syncthing/data2:/data2 - ports: - #- 8384:8384 - - "${MISTBORN_BIND_IP}:22000:22000/tcp" # listening port - - "${MISTBORN_BIND_IP}:21027:21027/udp" # protocol discovery - labels: - - "traefik.enable=true" - - "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)" - - "traefik.http.routers.syncthing-http.entrypoints=web" - - "traefik.http.routers.syncthing-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.syncthing-https.rule=Host(`syncthing.mistborn`)" - - "traefik.http.routers.syncthing-https.entrypoints=websecure" - - "traefik.http.routers.syncthing-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.syncthing-https.tls.certresolver=basic" - - "traefik.http.services.syncthing-service.loadbalancer.server.port=8384" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/tor.yml b/extra/tor.yml deleted file mode 100644 index 6b06975..0000000 --- a/extra/tor.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' - -services: - tor-client: - build: - context: ../compose/production/tor - dockerfile: ./Dockerfile - image: mistborn_production_tor - container_name: mistborn_production_tor - ports: - - "${MISTBORN_BIND_IP}:9150:9150/tcp" - -networks: - default: - external: - name: mistborn_default diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index b7698f9..5024a68 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -21,8 +21,8 @@ echo "#MAILGUN_API_KEY=" >> $DJANGO_PROD_FILE echo "#MAILGUN_API_URL=" >> $DJANGO_PROD_FILE echo "#SENTRY_DNS=" >> $DJANGO_PROD_FILE echo "MISTBORN_INSTALL_COCKPIT=$MISTBORN_INSTALL_COCKPIT" >> $DJANGO_PROD_FILE -echo "MISTBORN_PORTAL_IP=10.2.3.1" >> $DJANGO_PROD_FILE -echo "MISTBORN_PORTAL_PORT=5000" >> $DJANGO_PROD_FILE +#echo "MISTBORN_PORTAL_IP=10.2.3.1" >> $DJANGO_PROD_FILE +echo "MISTBORN_PORTAL_REDIRECT_PORT=5001" >> $DJANGO_PROD_FILE chmod 600 $DJANGO_PROD_FILE # generate production .env file for postgresql diff --git a/scripts/subinstallers/iptables.sh b/scripts/subinstallers/iptables.sh index 3c509f8..f785fd0 100755 --- a/scripts/subinstallers/iptables.sh +++ b/scripts/subinstallers/iptables.sh @@ -11,6 +11,9 @@ if [ "$DISTRO" == "ubuntu" ]; then sudo systemctl disable ufw || true fi +# make sure user land binaries installed +sudo apt-get install -y iptables + # default interface iface=$(ip -o -4 route show to default | egrep -o 'dev [^ ]*' | awk 'NR==1{print $2}') diff --git a/scripts/subinstallers/wireguard.sh b/scripts/subinstallers/wireguard.sh index baedd88..b5f0d55 100755 --- a/scripts/subinstallers/wireguard.sh +++ b/scripts/subinstallers/wireguard.sh @@ -1,16 +1,16 @@ #!/bin/bash -figlet "Mistborn: Installing Wireguard" +figlet "Mistborn: Installing WireGuard" # if wireguard not in current repositories if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then # install PPAs - echo "Adding Wireguard PPAs" + echo "Adding WireGuard PPAs" # Wireguard if [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then - echo "Adding Wireguard repo keys" + echo "Adding WireGuard repo keys" sudo -E apt-get install -y dirmngr sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8B48AD6246925553 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7638D0442B90D010 @@ -28,6 +28,6 @@ if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then fi fi -echo "Installing Wireguard" +echo "Installing WireGuard" sudo apt-get update sudo -E apt-get install -y openresolv wireguard