From a6a641679d15f5abf14150fc1c0561caf4f62d67 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 18 Dec 2020 23:27:54 -0500 Subject: [PATCH] removing extras to other repos --- compose/production/traefik/dynamic.toml | 24 +- extra/bitwarden.yml | 28 -- extra/homeassistant.yml | 26 -- extra/jellyfin.yml | 30 -- extra/jitsi-meet.yml | 255 ------------ extra/nextcloud.yml | 29 -- extra/onlyoffice.yml | 27 -- extra/raspap.yml | 30 -- extra/rocketchat.yml | 72 ---- extra/syncthing.yml | 35 -- extra/tor.yml | 16 - scripts/conf/cockpit.conf | 3 - scripts/conf/jitsi.env | 366 ------------------ scripts/env/setup.sh | 19 +- scripts/install.sh | 22 +- scripts/services/Mistborn-bitwarden.service | 23 -- .../services/Mistborn-homeassistant.service | 21 - scripts/services/Mistborn-jellyfin.service | 21 - scripts/services/Mistborn-jitsi.service | 27 -- scripts/services/Mistborn-nextcloud.service | 21 - scripts/services/Mistborn-onlyoffice.service | 21 - scripts/services/Mistborn-rocketchat.service | 24 -- scripts/services/Mistborn-syncthing.service | 25 -- scripts/services/Mistborn-tor.service | 23 -- .../services/raspap/Mistborn-raspap.service | 21 - scripts/services/raspap/install.sh | 4 - scripts/subinstallers/cockpit.sh | 29 -- scripts/subinstallers/gen_prod_env.sh | 40 +- 28 files changed, 30 insertions(+), 1252 deletions(-) delete mode 100644 extra/bitwarden.yml delete mode 100644 extra/homeassistant.yml delete mode 100644 extra/jellyfin.yml delete mode 100644 extra/jitsi-meet.yml delete mode 100644 extra/nextcloud.yml delete mode 100644 extra/onlyoffice.yml delete mode 100644 extra/raspap.yml delete mode 100644 extra/rocketchat.yml delete mode 100644 extra/syncthing.yml delete mode 100644 extra/tor.yml delete mode 100644 scripts/conf/cockpit.conf delete mode 100644 scripts/conf/jitsi.env delete mode 100644 scripts/services/Mistborn-bitwarden.service delete mode 100644 scripts/services/Mistborn-homeassistant.service delete mode 100644 scripts/services/Mistborn-jellyfin.service delete mode 100644 scripts/services/Mistborn-jitsi.service delete mode 100644 scripts/services/Mistborn-nextcloud.service delete mode 100644 scripts/services/Mistborn-onlyoffice.service delete mode 100644 scripts/services/Mistborn-rocketchat.service delete mode 100644 scripts/services/Mistborn-syncthing.service delete mode 100644 scripts/services/Mistborn-tor.service delete mode 100644 scripts/services/raspap/Mistborn-raspap.service delete mode 100755 scripts/services/raspap/install.sh delete mode 100755 scripts/subinstallers/cockpit.sh diff --git a/compose/production/traefik/dynamic.toml b/compose/production/traefik/dynamic.toml index a9f26dd..59d6f9e 100644 --- a/compose/production/traefik/dynamic.toml +++ b/compose/production/traefik/dynamic.toml @@ -8,17 +8,17 @@ [tls.options.default] minVersion = "VersionTLS12" -[http.services] - [http.services.cockpit.loadBalancer] - [[http.services.cockpit.loadBalancer.servers]] - url = "http://10.2.3.1:9090" - -[http.routers] - [http.routers.cockpit] - rule = "Host(`cockpit.mistborn`)" - service = "cockpit" - entrypoints = ["web", "websecure"] - middlewares = ["mistborn_auth"] +#[http.services] +# [http.services.cockpit.loadBalancer] +# [[http.services.cockpit.loadBalancer.servers]] +# url = "http://10.2.3.1:9090" +# +#[http.routers] +# [http.routers.cockpit] +# rule = "Host(`cockpit.mistborn`)" +# service = "cockpit" +# entrypoints = ["web", "websecure"] +# middlewares = ["mistborn_auth"] [http.middlewares] [http.middlewares.mistborn_auth.forwardAuth] @@ -28,4 +28,4 @@ insecureSkipVerify = true [http.middlewares.mistborn_headers.headers] - hostsProxyHeaders = ['X-CSRFToken'] \ No newline at end of file + hostsProxyHeaders = ['X-CSRFToken'] diff --git a/extra/bitwarden.yml b/extra/bitwarden.yml deleted file mode 100644 index 377b4b8..0000000 --- a/extra/bitwarden.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: '3' - -services: - bitwarden: - image: bitwardenrs/server:latest - container_name: mistborn_production_bitwarden - env_file: - - ../.envs/.production/.bitwarden - volumes: - - ../../mistborn_volumes/extra/bitwarden:/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.mistborn`)" - - "traefik.http.routers.bitwarden-http.entrypoints=web" - - "traefik.http.routers.bitwarden-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.mistborn`)" - - "traefik.http.routers.bitwarden-https.entrypoints=websecure" - - "traefik.http.routers.bitwarden-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.bitwarden-https.tls.certresolver=basic" - - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80" - ports: - - 3012:3012/tcp - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/homeassistant.yml b/extra/homeassistant.yml deleted file mode 100644 index db70d62..0000000 --- a/extra/homeassistant.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: '3' - -services: - homeassistant: - container_name: mistborn_production_home_assistant - image: homeassistant/home-assistant:stable - volumes: - - ../../mistborn_volumes/extra/homeassistant/config:/config - environment: - - TZ=America/New_York - labels: - - "traefik.enable=true" - - "traefik.http.routers.homeassistant-http.rule=Host(`homeassistant.mistborn`)" - - "traefik.http.routers.homeassistant-http.entrypoints=web" - - "traefik.http.routers.homeassistant-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.homeassistant-https.rule=Host(`homeassistant.mistborn`)" - - "traefik.http.routers.homeassistant-https.entrypoints=websecure" - - "traefik.http.routers.homeassistant-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.homeassistant-https.tls.certresolver=basic" - - "traefik.http.services.homeassistant-service.loadbalancer.server.port=8123" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/jellyfin.yml b/extra/jellyfin.yml deleted file mode 100644 index 2235322..0000000 --- a/extra/jellyfin.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: '3' - -volumes: - production_jellyfin_config: {} - production_jellyfin_cache: {} - -services: - jellyfin: - image: jellyfin/jellyfin:latest - container_name: mistborn_production_jellyfin - volumes: - - production_jellyfin_config:/config - - production_jellyfin_cache:/cache - - ../../mistborn_volumes/extra/nextcloud:/media:ro - labels: - - "traefik.enable=true" - - "traefik.http.routers.jellyfin-http.rule=Host(`jellyfin.mistborn`)" - - "traefik.http.routers.jellyfin-http.entrypoints=web" - - "traefik.http.routers.jellyfin-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.jellyfin-https.rule=Host(`jellyfin.mistborn`)" - - "traefik.http.routers.jellyfin-https.entrypoints=websecure" - - "traefik.http.routers.jellyfin-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.jellyfin-https.tls.certresolver=basic" - - "traefik.http.services.jellyfin-service.loadbalancer.server.port=8096" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/jitsi-meet.yml b/extra/jitsi-meet.yml deleted file mode 100644 index 5670540..0000000 --- a/extra/jitsi-meet.yml +++ /dev/null @@ -1,255 +0,0 @@ -version: '3' - -services: - # Frontend - jitsi-web: - image: jitsi/web:stable-5142-3 - restart: unless-stopped - #ports: - #- '${HTTP_PORT}:80' - #- '${HTTPS_PORT}:443' - labels: - - "traefik.enable=true" - - "traefik.http.routers.jitsi-http.rule=Host(`jitsi.mistborn`)" - - "traefik.http.routers.jitsi-http.entrypoints=web" - - "traefik.http.routers.jitsi-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.jitsi-https.rule=Host(`jitsi.mistborn`)" - - "traefik.http.routers.jitsi-https.entrypoints=websecure" - - "traefik.http.routers.jitsi-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.jitsi-https.tls.certresolver=basic" - - "traefik.http.services.jitsi-service.loadbalancer.server.port=${HTTP_PORT}" - volumes: - - ${CONFIG}/web:/config:Z - - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - ENABLE_LETSENCRYPT - - ENABLE_HTTP_REDIRECT - - ENABLE_XMPP_WEBSOCKET - - DISABLE_HTTPS - - LETSENCRYPT_DOMAIN - - LETSENCRYPT_EMAIL - - LETSENCRYPT_USE_STAGING - - PUBLIC_URL - - TZ - - AMPLITUDE_ID - - ANALYTICS_SCRIPT_URLS - - ANALYTICS_WHITELISTED_EVENTS - - BRIDGE_CHANNEL - - BRANDING_DATA_URL - - CALLSTATS_CUSTOM_SCRIPT_URL - - CALLSTATS_ID - - CALLSTATS_SECRET - - CHROME_EXTENSION_BANNER_JSON - - CONFCODE_URL - - CONFIG_EXTERNAL_CONNECT - - DEPLOYMENTINFO_ENVIRONMENT - - DEPLOYMENTINFO_ENVIRONMENT_TYPE - - DEPLOYMENTINFO_USERREGION - - DIALIN_NUMBERS_URL - - DIALOUT_AUTH_URL - - DIALOUT_CODES_URL - - DROPBOX_APPKEY - - DROPBOX_REDIRECT_URI - - ENABLE_AUDIO_PROCESSING - - ENABLE_AUTH - - ENABLE_CALENDAR - - ENABLE_FILE_RECORDING_SERVICE - - ENABLE_FILE_RECORDING_SERVICE_SHARING - - ENABLE_GUESTS - - ENABLE_IPV6 - - ENABLE_LIPSYNC - - ENABLE_NO_AUDIO_DETECTION - - ENABLE_P2P - - ENABLE_PREJOIN_PAGE - - ENABLE_RECORDING - - ENABLE_REMB - - ENABLE_REQUIRE_DISPLAY_NAME - - ENABLE_SIMULCAST - - ENABLE_STATS_ID - - ENABLE_STEREO - - ENABLE_SUBDOMAINS - - ENABLE_TALK_WHILE_MUTED - - ENABLE_TCC - - ENABLE_TRANSCRIPTIONS - - ETHERPAD_PUBLIC_URL - - ETHERPAD_URL_BASE - - GOOGLE_ANALYTICS_ID - - GOOGLE_API_APP_CLIENT_ID - - INVITE_SERVICE_URL - - JICOFO_AUTH_USER - - MATOMO_ENDPOINT - - MATOMO_SITE_ID - - MICROSOFT_API_APP_CLIENT_ID - - NGINX_RESOLVER - - NGINX_WORKER_PROCESSES - - NGINX_WORKER_CONNECTIONS - - PEOPLE_SEARCH_URL - - RESOLUTION - - RESOLUTION_MIN - - RESOLUTION_WIDTH - - RESOLUTION_WIDTH_MIN - - START_AUDIO_ONLY - - START_AUDIO_MUTED - - START_BITRATE - - START_VIDEO_MUTED - - TESTING_CAP_SCREENSHARE_BITRATE - - TESTING_OCTO_PROBABILITY - - XMPP_AUTH_DOMAIN - - XMPP_BOSH_URL_BASE - - XMPP_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - TOKEN_AUTH_URL - networks: - default: - meet.jitsi: - aliases: - - ${XMPP_DOMAIN} - - # XMPP server - jitsi-prosody: - image: jitsi/prosody:stable-5142-3 - restart: unless-stopped - expose: - - '5222' - - '5347' - - '5280' - volumes: - - ${CONFIG}/prosody/config:/config:Z - - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - AUTH_TYPE - - ENABLE_AUTH - - ENABLE_GUESTS - - ENABLE_LOBBY - - ENABLE_XMPP_WEBSOCKET - - GLOBAL_MODULES - - GLOBAL_CONFIG - - LDAP_URL - - LDAP_BASE - - LDAP_BINDDN - - LDAP_BINDPW - - LDAP_FILTER - - LDAP_AUTH_METHOD - - LDAP_VERSION - - LDAP_USE_TLS - - LDAP_TLS_CIPHERS - - LDAP_TLS_CHECK_PEER - - LDAP_TLS_CACERT_FILE - - LDAP_TLS_CACERT_DIR - - LDAP_START_TLS - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MODULES - - XMPP_MUC_MODULES - - XMPP_INTERNAL_MUC_MODULES - - XMPP_RECORDER_DOMAIN - - XMPP_CROSS_DOMAIN - - JICOFO_COMPONENT_SECRET - - JICOFO_AUTH_USER - - JICOFO_AUTH_PASSWORD - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD - - JIGASI_XMPP_USER - - JIGASI_XMPP_PASSWORD - - JIBRI_XMPP_USER - - JIBRI_XMPP_PASSWORD - - JIBRI_RECORDER_USER - - JIBRI_RECORDER_PASSWORD - - JWT_APP_ID - - JWT_APP_SECRET - - JWT_ACCEPTED_ISSUERS - - JWT_ACCEPTED_AUDIENCES - - JWT_ASAP_KEYSERVER - - JWT_ALLOW_EMPTY - - JWT_AUTH_TYPE - - JWT_TOKEN_AUTH_MODULE - - LOG_LEVEL - - PUBLIC_URL - - TZ - networks: - meet.jitsi: - aliases: - - ${XMPP_SERVER} - - # Focus component - jitsi-jicofo: - image: jitsi/jicofo:stable-5142-3 - restart: unless-stopped - volumes: - - ${CONFIG}/jicofo:/config:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - AUTH_TYPE - - ENABLE_AUTH - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_SERVER - - JICOFO_COMPONENT_SECRET - - JICOFO_AUTH_USER - - JICOFO_AUTH_PASSWORD - - JICOFO_RESERVATION_REST_BASE_URL - - JVB_BREWERY_MUC - - JIGASI_BREWERY_MUC - - JIGASI_SIP_URI - - JIBRI_BREWERY_MUC - - JIBRI_PENDING_TIMEOUT - - TZ - depends_on: - - jitsi-prosody - networks: - meet.jitsi: - - # Video bridge - jitsi-jvb: - image: jitsi/jvb:stable-5142-3 - restart: unless-stopped - ports: - - '${JVB_PORT}:${JVB_PORT}/udp' - - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' - volumes: - - ${CONFIG}/jvb:/config:Z - env_file: - - ../.envs/.production/.jitsi - environment: - - DOCKER_HOST_ADDRESS - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_SERVER - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD - - JVB_BREWERY_MUC - - JVB_PORT - - JVB_TCP_HARVESTER_DISABLED - - JVB_TCP_PORT - - JVB_TCP_MAPPED_PORT - - JVB_STUN_SERVERS - - JVB_ENABLE_APIS - - JVB_WS_DOMAIN - - JVB_WS_SERVER_ID - - PUBLIC_URL - - TZ - depends_on: - - jitsi-prosody - networks: - meet.jitsi: - aliases: - - jvb.meet.jitsi - -# Custom network so all services can communicate using a FQDN -networks: - default: - external: - name: mistborn_default - meet.jitsi: diff --git a/extra/nextcloud.yml b/extra/nextcloud.yml deleted file mode 100644 index c452356..0000000 --- a/extra/nextcloud.yml +++ /dev/null @@ -1,29 +0,0 @@ -version: '3' - -services: - nextcloud: - image: nextcloud - container_name: mistborn_production_nextcloud - env_file: - - ../.envs/.production/.postgres - - ../.envs/.production/.nextcloud - labels: - - "traefik.enable=true" - - "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.mistborn`)" - - "traefik.http.routers.nextcloud-http.entrypoints=web" - - "traefik.http.routers.nextcloud-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.nextcloud-https.rule=Host(`nextcloud.mistborn`)" - - "traefik.http.routers.nextcloud-https.entrypoints=websecure" - - "traefik.http.routers.nextcloud-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.nextcloud-https.tls.certresolver=basic" - - "traefik.http.services.nextcloud-service.loadbalancer.server.port=80" - volumes: - - ../../mistborn_volumes/extra/nextcloud:/var/www/html - environment: - - VIRTUAL_HOST=nextcloud.mistborn - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/onlyoffice.yml b/extra/onlyoffice.yml deleted file mode 100644 index 043d33e..0000000 --- a/extra/onlyoffice.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '3' - -services: - onlyoffice: - container_name: mistborn_production_onlyoffice - image: onlyoffice/documentserver:latest - volumes: - - ../../mistborn_volumes/extra/onlyoffice/logs:/var/log/onlyoffice - - ../../mistborn_volumes/extra/onlyoffice/cache:/var/lib/onlyoffice - env_file: - - ../.envs/.production/.onlyoffice - labels: - - "traefik.enable=true" - - "traefik.http.routers.onlyoffice-http.rule=Host(`onlyoffice.mistborn`)" - - "traefik.http.routers.onlyoffice-http.entrypoints=web" - - "traefik.http.routers.onlyoffice-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.onlyoffice-https.rule=Host(`onlyoffice.mistborn`)" - - "traefik.http.routers.onlyoffice-https.entrypoints=websecure" - - "traefik.http.routers.onlyoffice-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.onlyoffice-https.tls.certresolver=basic" - - "traefik.http.services.onlyoffice-service.loadbalancer.server.port=80" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/raspap.yml b/extra/raspap.yml deleted file mode 100644 index 3be7dce..0000000 --- a/extra/raspap.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: '3' - -services: - raspap: - build: - context: .. - dockerfile: ./compose/production/raspap/Dockerfile - #user: root - image: mistborn_production_raspap - container_name: mistborn_production_raspap - labels: - - "traefik.enable=true" - - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)" - - "traefik.http.routers.raspap-http.entrypoints=web" - - "traefik.http.routers.raspap-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.raspap-https.rule=Host(`raspap.mistborn`)" - - "traefik.http.routers.raspap-https.entrypoints=websecure" - - "traefik.http.routers.raspap-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.raspap-https.tls.certresolver=basic" - - "traefik.http.services.raspap-service.loadbalancer.server.port=80" - env_file: - - ../.envs/.production/.pihole - command: /start - volumes: - - ../../mistborn_volumes/extra/raspap/etc-raspap:/etc/raspap - -networks: - default: - external: - name: mistborn_default diff --git a/extra/rocketchat.yml b/extra/rocketchat.yml deleted file mode 100644 index f3b85ed..0000000 --- a/extra/rocketchat.yml +++ /dev/null @@ -1,72 +0,0 @@ -version: '3' - -services: - # rocketchat - rocketchat: - image: rocket.chat:latest - container_name: mistborn_production_rocketchat - command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)' - restart: unless-stopped - volumes: - - ../../mistborn_volumes/extra/rocketchat/uploads:/app/uploads - environment: - - PORT=3000 - - ROOT_URL=http://chat.mistborn - - MONGO_URL=mongodb://mongo:27017/rocketchat - - MONGO_OPLOG_URL=mongodb://mongo:27017/local - - Accounts_UseDNSDomainCheck=False - labels: - - "traefik.enable=true" - - "traefik.http.routers.chat-http.rule=Host(`chat.mistborn`)" - - "traefik.http.routers.chat-http.entrypoints=web" - - "traefik.http.routers.chat-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.chat-https.rule=Host(`chat.mistborn`)" - - "traefik.http.routers.chat-https.entrypoints=websecure" - - "traefik.http.routers.chat-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.chat-https.tls.certresolver=basic" - - "traefik.http.services.chat-service.loadbalancer.server.port=3000" - depends_on: - - mongo - #ports: - # - 3000:3000 - - mongo: - image: mongo:4.0 - container_name: mistborn_production_rocketchat_mongo - restart: unless-stopped - volumes: - - ../../mistborn_volumes/extra/rocketchat/data/db:/data/db - - ../../mistborn_volumes/extra/rocketchat/data/dump:/dump - command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1 - - # this container's job is just run the command to initialize the replica set. - # it will run the command and remove himself (it will not stay running) - mongo-init-replica: - image: mongo - command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"' - depends_on: - - mongo - - # hubot, the popular chatbot (add the bot user first and change the password before starting this image) - hubot: - image: rocketchat/hubot-rocketchat:latest - container_name: mistborn_production_rocketchat_hubot - restart: unless-stopped - environment: - - ROCKETCHAT_URL=chat.mistborn #:3000 - # you can add more scripts as you'd like here, they need to be installable by npm - - EXTERNAL_SCRIPTS=hubot-help,hubot-seen,hubot-links,hubot-diagnostics - env_file: - - ../.envs/.production/.rocketchat - depends_on: - - rocketchat - volumes: - - ../../mistborn_volumes/extra/rocketchat/hubot/scripts:/home/hubot/scripts - # this is used to expose the hubot port for notifications on the host on port 3001, e.g. for hubot-jenkins-notifier - ports: - - "${MISTBORN_BIND_IP}:3001:8080/tcp" - -networks: - default: - external: - name: mistborn_default diff --git a/extra/syncthing.yml b/extra/syncthing.yml deleted file mode 100644 index 6083393..0000000 --- a/extra/syncthing.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '3' - -services: - syncthing: - image: linuxserver/syncthing - container_name: mistborn_production_syncthing - environment: - - PUID=1000 - - PGID=1000 - - TZ=Amereica/New_York - - UMASK_SET=022 - volumes: - - ../../mistborn_volumes/extra/syncthing/config:/config - - ../../mistborn_volumes/extra/syncthing/data1:/data1 - - ../../mistborn_volumes/extra/syncthing/data2:/data2 - ports: - #- 8384:8384 - - 22000:22000/tcp # listening port - - 21027:21027/udp # protocol discovery - labels: - - "traefik.enable=true" - - "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)" - - "traefik.http.routers.syncthing-http.entrypoints=web" - - "traefik.http.routers.syncthing-http.middlewares=mistborn_auth@file" - - "traefik.http.routers.syncthing-https.rule=Host(`syncthing.mistborn`)" - - "traefik.http.routers.syncthing-https.entrypoints=websecure" - - "traefik.http.routers.syncthing-https.middlewares=mistborn_auth@file" - - "traefik.http.routers.syncthing-https.tls.certresolver=basic" - - "traefik.http.services.syncthing-service.loadbalancer.server.port=8384" - restart: unless-stopped - -networks: - default: - external: - name: mistborn_default diff --git a/extra/tor.yml b/extra/tor.yml deleted file mode 100644 index f8c4141..0000000 --- a/extra/tor.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' - -services: - tor-client: - build: - context: ../compose/production/tor - dockerfile: ./Dockerfile - image: mistborn_production_tor - container_name: mistborn_production_tor - ports: - - 9150:9150/tcp - -networks: - default: - external: - name: mistborn_default diff --git a/scripts/conf/cockpit.conf b/scripts/conf/cockpit.conf deleted file mode 100644 index a6b31e3..0000000 --- a/scripts/conf/cockpit.conf +++ /dev/null @@ -1,3 +0,0 @@ -[WebService] -ProtocolHeader = X-Forwarded-Proto -AllowUnencrypted=true diff --git a/scripts/conf/jitsi.env b/scripts/conf/jitsi.env deleted file mode 100644 index 3693dd4..0000000 --- a/scripts/conf/jitsi.env +++ /dev/null @@ -1,366 +0,0 @@ -# shellcheck disable=SC2034 - -# Security -# -# Set these to strong passwords to avoid intruders from impersonating a service account -# The service(s) won't start unless these are specified -# Running ./gen-passwords.sh will update .env with strong passwords -# You may skip the Jigasi and Jibri passwords if you are not using those -# DO NOT reuse passwords -# - -# XMPP component password for Jicofo -JICOFO_COMPONENT_SECRET= - -# XMPP password for Jicofo client connections -JICOFO_AUTH_PASSWORD= - -# XMPP password for JVB client connections -JVB_AUTH_PASSWORD= - -# XMPP password for Jigasi MUC client connections -JIGASI_XMPP_PASSWORD= - -# XMPP recorder password for Jibri client connections -JIBRI_RECORDER_PASSWORD= - -# XMPP password for Jibri client connections -JIBRI_XMPP_PASSWORD= - - -# -# Basic configuration options -# - -# Directory where all configuration will be stored -#CONFIG=~/.jitsi-meet-cfg -CONFIG=../.envs/.production/.jitsi-cfg - -# Exposed HTTP port -HTTP_PORT=80 - -# Exposed HTTPS port -HTTPS_PORT=443 - -# System time zone -TZ=UTC - -# Public URL for the web service (required) -PUBLIC_URL=https://jitsi.mistborn - -# IP address of the Docker host -# See the "Running behind NAT or on a LAN environment" section in the Handbook: -# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment -#DOCKER_HOST_ADDRESS=192.168.1.1 -DOCKER_HOST_ADDRESS=10.2.3.1 - -# Control whether the lobby feature should be enabled or not -#ENABLE_LOBBY=1 - -# Show a prejoin page before entering a conference -#ENABLE_PREJOIN_PAGE=0 - -# -# Let's Encrypt configuration -# - -# Enable Let's Encrypt certificate generation -#ENABLE_LETSENCRYPT=1 - -# Domain for which to generate the certificate -#LETSENCRYPT_DOMAIN=meet.example.com - -# E-Mail for receiving important account notifications (mandatory) -#LETSENCRYPT_EMAIL=alice@atlanta.net - -# Use the staging server (for avoiding rate limits while testing) -#LETSENCRYPT_USE_STAGING=1 - - -# -# Etherpad integration (for document sharing) -# - -# Set etherpad-lite URL in docker local network (uncomment to enable) -#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 - -# Set etherpad-lite public URL (uncomment to enable) -#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain - -# Name your etherpad instance! -ETHERPAD_TITLE="Video Chat" - -# The default text of a pad -ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n" - -# Name of the skin for etherpad -ETHERPAD_SKIN_NAME="colibris" - -# Skin variants for etherpad -ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor" - - -# -# Basic Jigasi configuration options (needed for SIP gateway support) -# - -# SIP URI for incoming / outgoing calls -#JIGASI_SIP_URI=test@sip2sip.info - -# Password for the specified SIP account as a clear text -#JIGASI_SIP_PASSWORD=passw0rd - -# SIP server (use the SIP account domain if in doubt) -#JIGASI_SIP_SERVER=sip2sip.info - -# SIP server port -#JIGASI_SIP_PORT=5060 - -# SIP server transport -#JIGASI_SIP_TRANSPORT=UDP - -# -# Authentication configuration (see handbook for details) -# - -# Enable authentication -#ENABLE_AUTH=1 - -# Enable guest access -#ENABLE_GUESTS=1 - -# Select authentication type: internal, jwt or ldap -#AUTH_TYPE=internal - -# JWT authentication -# - -# Application identifier -#JWT_APP_ID=my_jitsi_app_id - -# Application secret known only to your token -#JWT_APP_SECRET=my_jitsi_app_secret - -# (Optional) Set asap_accepted_issuers as a comma separated list -#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client - -# (Optional) Set asap_accepted_audiences as a comma separated list -#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 - - -# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) -# - -# LDAP url for connection -#LDAP_URL=ldaps://ldap.domain.com/ - -# LDAP base DN. Can be empty -#LDAP_BASE=DC=example,DC=domain,DC=com - -# LDAP user DN. Do not specify this parameter for the anonymous bind -#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com - -# LDAP user password. Do not specify this parameter for the anonymous bind -#LDAP_BINDPW=LdapUserPassw0rd - -# LDAP filter. Tokens example: -# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail -# %s - %s is replaced by the complete service string -# %r - %r is replaced by the complete realm string -#LDAP_FILTER=(sAMAccountName=%u) - -# LDAP authentication method -#LDAP_AUTH_METHOD=bind - -# LDAP version -#LDAP_VERSION=3 - -# LDAP TLS using -#LDAP_USE_TLS=1 - -# List of SSL/TLS ciphers to allow -#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC - -# Require and verify server certificate -#LDAP_TLS_CHECK_PEER=1 - -# Path to CA cert file. Used when server certificate verify is enabled -#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt - -# Path to CA certs directory. Used when server certificate verify is enabled -#LDAP_TLS_CACERT_DIR=/etc/ssl/certs - -# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// -# LDAP_START_TLS=1 - - -# -# Advanced configuration options (you generally don't need to change these) -# - -# Internal XMPP domain -XMPP_DOMAIN=meet.jitsi - -# Internal XMPP server -XMPP_SERVER=xmpp.meet.jitsi - -# Internal XMPP server URL -XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 - -# Internal XMPP domain for authenticated services -XMPP_AUTH_DOMAIN=auth.meet.jitsi - -# XMPP domain for the MUC -XMPP_MUC_DOMAIN=muc.meet.jitsi - -# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools -XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi - -# XMPP domain for unauthenticated users -XMPP_GUEST_DOMAIN=guest.meet.jitsi - -# Comma separated list of domains for cross domain policy or "true" to allow all -# The PUBLIC_URL is always allowed -#XMPP_CROSS_DOMAIN=true - -# Custom Prosody modules for XMPP_DOMAIN (comma separated) -XMPP_MODULES= - -# Custom Prosody modules for MUC component (comma separated) -XMPP_MUC_MODULES= - -# Custom Prosody modules for internal MUC component (comma separated) -XMPP_INTERNAL_MUC_MODULES= - -# MUC for the JVB pool -JVB_BREWERY_MUC=jvbbrewery - -# XMPP user for JVB client connections -JVB_AUTH_USER=jvb - -# STUN servers used to discover the server's public IP -JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 - -# Media port for the Jitsi Videobridge -JVB_PORT=10000 - -# TCP Fallback for Jitsi Videobridge for when UDP isn't available -JVB_TCP_HARVESTER_DISABLED=true -JVB_TCP_PORT=4443 -JVB_TCP_MAPPED_PORT=4443 - -# A comma separated list of APIs to enable when the JVB is started [default: none] -# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information -#JVB_ENABLE_APIS=rest,colibri - -# XMPP user for Jicofo client connections. -# NOTE: this option doesn't currently work due to a bug -JICOFO_AUTH_USER=focus - -# Base URL of Jicofo's reservation REST API -#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com - -# Enable Jicofo's health check REST API (http://:8888/about/health) -#JICOFO_ENABLE_HEALTH_CHECKS=true - -# XMPP user for Jigasi MUC client connections -JIGASI_XMPP_USER=jigasi - -# MUC name for the Jigasi pool -JIGASI_BREWERY_MUC=jigasibrewery - -# Minimum port for media used by Jigasi -JIGASI_PORT_MIN=20000 - -# Maximum port for media used by Jigasi -JIGASI_PORT_MAX=20050 - -# Enable SDES srtp -#JIGASI_ENABLE_SDES_SRTP=1 - -# Keepalive method -#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS - -# Health-check extension -#JIGASI_HEALTH_CHECK_SIP_URI=keepalive - -# Health-check interval -#JIGASI_HEALTH_CHECK_INTERVAL=300000 -# -# Enable Jigasi transcription -#ENABLE_TRANSCRIPTIONS=1 - -# Jigasi will record audio when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_RECORD_AUDIO=true - -# Jigasi will send transcribed text to the chat when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_SEND_TXT=true - -# Jigasi will post an url to the chat with transcription file [default: false] -#JIGASI_TRANSCRIBER_ADVERTISE_URL=true - -# Credentials for connect to Cloud Google API from Jigasi -# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" paragraph 1 to 5 -# Copy the values from the json to the related env vars -#GC_PROJECT_ID= -#GC_PRIVATE_KEY_ID= -#GC_PRIVATE_KEY= -#GC_CLIENT_EMAIL= -#GC_CLIENT_ID= -#GC_CLIENT_CERT_URL= - -# Enable recording -#ENABLE_RECORDING=1 - -# XMPP domain for the jibri recorder -XMPP_RECORDER_DOMAIN=recorder.meet.jitsi - -# XMPP recorder user for Jibri client connections -JIBRI_RECORDER_USER=recorder - -# Directory for recordings inside Jibri container -JIBRI_RECORDING_DIR=/config/recordings - -# The finalizing script. Will run after recording is complete -JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh - -# XMPP user for Jibri client connections -JIBRI_XMPP_USER=jibri - -# MUC name for the Jibri pool -JIBRI_BREWERY_MUC=jibribrewery - -# MUC connection timeout -JIBRI_PENDING_TIMEOUT=90 - -# When jibri gets a request to start a service for a room, the room -# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain -# We'll build the url for the call by transforming that into: -# https://xmpp_domain/subdomain/roomName -# So if there are any prefixes in the jid (like jitsi meet, which -# has its participants join a muc at conference.xmpp_domain) then -# list that prefix here so it can be stripped out to generate -# the call url correctly -JIBRI_STRIP_DOMAIN_JID=muc - -# Directory for logs inside Jibri container -JIBRI_LOGS_DIR=/config/logs - -# Disable HTTPS: handle TLS connections outside of this setup -DISABLE_HTTPS=1 - -# Redirect HTTP traffic to HTTPS -# Necessary for Let's Encrypt, relies on standard HTTPS port (443) -#ENABLE_HTTP_REDIRECT=1 - -# Enable IPv6 -# Provides means to disable IPv6 in environments that don't support it (get with the times, people!) -#ENABLE_IPV6=1 - -# Container restart policy -# Defaults to unless-stopped -RESTART_POLICY=unless-stopped - -# Authenticate using external service or just focus external auth window if there is one already. -# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} diff --git a/scripts/env/setup.sh b/scripts/env/setup.sh index 43060b6..31e7211 100755 --- a/scripts/env/setup.sh +++ b/scripts/env/setup.sh @@ -1,5 +1,10 @@ #!/bin/bash +# Version +MISTBORN_MAJOR_VERSION="0" +MISTBORN_MINOR_VERSION="1" +MISTBORN_PATCH_NUMBER="1" + #### ENV file VAR_FILE=/opt/mistborn/.env @@ -12,6 +17,12 @@ source /opt/mistborn/scripts/subinstallers/platform.sh echo "" | sudo tee ${VAR_FILE} sudo chown mistborn:mistborn ${VAR_FILE} +# Version env variables +echo "MISTBORN_VERSION=${MISTBORN_MAJOR_VERSION}.${MISTBORN_MINOR_VERSION}.${MISTBORN_PATCH_NUMBER}" | sudo tee -a ${VAR_FILE} +echo "MISTBORN_MAJOR_VERSION=${MISTBORN_MAJOR_VERSION}" | sudo tee -a ${VAR_FILE} +echo "MISTBORN_MINOR_VERSION=${MISTBORN_MINOR_VERSION}" | sudo tee -a ${VAR_FILE} +echo "MISTBORN_PATCH_NUMBER=${MISTBORN_PATCH_NUMBER}" | sudo tee -a ${VAR_FILE} + # MISTBORN_DNS_BIND_IP MISTBORN_DNS_BIND_IP="10.2.3.1" @@ -28,9 +39,11 @@ echo "MISTBORN_BIND_IP=10.2.3.1" | sudo tee -a ${VAR_FILE} # MISTBORN_TAG GIT_BRANCH=$(git -C /opt/mistborn symbolic-ref --short HEAD || echo "master") -MISTBORN_TAG="latest" -if [ "$GIT_BRANCH" != "master" ]; then - MISTBORN_TAG="test" +MISTBORN_TAG="${MISTBORN_MAJOR_VERSION}.${MISTBORN_MINOR_VERSION}" +if [ ! -z "$MISTBORN_TEST_CONTAINER" ]; then + MISTBORN_TAG="test" +else if [ "$GIT_BRANCH" == "master" ]; then + MISTBORN_TAG="latest" fi echo "MISTBORN_TAG=$MISTBORN_TAG" | sudo tee -a ${VAR_FILE} diff --git a/scripts/install.sh b/scripts/install.sh index 31e0f83..a90220c 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -39,7 +39,7 @@ if [ $(whoami) != "$MISTBORN_USER" ]; then sudo cp $FULLPATH /home/$MISTBORN_USER sudo chown $MISTBORN_USER:$MISTBORN_USER /home/$MISTBORN_USER/$FILENAME - sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" MISTBORN_INSTALL_COCKPIT="$MISTBORN_INSTALL_COCKPIT" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call + sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call exit 0 fi @@ -67,13 +67,6 @@ else echo "MISTBORN_DEFAULT_PASSWORD is already set" fi -# Install Cockpit? -if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then - read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface -- NOT RECOMMENDED on Raspberry Pi)? [y/N]: " MISTBORN_INSTALL_COCKPIT - echo - MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-N} -fi - # SSH keys if [ ! -f ~/.ssh/id_rsa ]; then echo "Generating SSH keypair for $USER" @@ -150,16 +143,6 @@ sudo systemctl start docker # Unattended upgrades sudo -E apt-get install -y unattended-upgrades -# Cockpit -if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]] -then - # install cockpit - source ./scripts/subinstallers/cockpit.sh - - # set variable (that will be available in environment) - MISTBORN_INSTALL_COCKPIT=Y -fi - # Mistborn-cli (pip3 installed by docker) figlet "Mistborn: Installing mistborn-cli" sudo pip3 install -e ./modules/mistborn-cli @@ -200,9 +183,6 @@ sudo mkdir -p ../mistborn_volumes/base/pihole/etc-pihole sudo mkdir -p ../mistborn_volumes/base/pihole/etc-dnsmasqd sudo mkdir -p ../mistborn_volumes/extra -# Traefik final setup (cockpit) -#cp ./compose/production/traefik/traefikv2.toml.template ./compose/production/traefik/traefik.toml - # setup tls certs source ./scripts/subinstallers/openssl.sh #sudo rm -rf ../mistborn_volumes/base/tls diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service deleted file mode 100644 index ff79fde..0000000 --- a/scripts/services/Mistborn-bitwarden.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Mistborn Bitwarden Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down - -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -# Post stop -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service deleted file mode 100644 index f1a0d4d..0000000 --- a/scripts/services/Mistborn-homeassistant.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn Home Assistant -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service deleted file mode 100644 index 86d1315..0000000 --- a/scripts/services/Mistborn-jellyfin.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn Jellyfin Service -Requires=Mistborn-nextcloud.service -After=Mistborn-nextcloud.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-jitsi.service b/scripts/services/Mistborn-jitsi.service deleted file mode 100644 index 49a9c21..0000000 --- a/scripts/services/Mistborn-jitsi.service +++ /dev/null @@ -1,27 +0,0 @@ -[Unit] -Description=Mistborn Jitsi Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -EnvironmentFile=/opt/mistborn/.envs/.production/.jitsi - -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml down - -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml down -# Post stop -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service deleted file mode 100644 index 6a9302c..0000000 --- a/scripts/services/Mistborn-nextcloud.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn Nextcloud Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=www-data -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service deleted file mode 100644 index 421912e..0000000 --- a/scripts/services/Mistborn-onlyoffice.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn OnlyOffice Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service deleted file mode 100644 index ecb93a2..0000000 --- a/scripts/services/Mistborn-rocketchat.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=Mistborn Rocket Chat Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -EnvironmentFile=/opt/mistborn/.env -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down - -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -# Post stop -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service deleted file mode 100644 index e3065f3..0000000 --- a/scripts/services/Mistborn-syncthing.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Mistborn Syncthing Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down - -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -# Post stop -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service deleted file mode 100644 index bbb871f..0000000 --- a/scripts/services/Mistborn-tor.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Mistborn Tor Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down - -ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -# Post stop -ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/raspap/Mistborn-raspap.service b/scripts/services/raspap/Mistborn-raspap.service deleted file mode 100644 index 2f3faec..0000000 --- a/scripts/services/raspap/Mistborn-raspap.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn RaspAP Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/raspap/install.sh b/scripts/services/raspap/install.sh deleted file mode 100755 index 4b373ef..0000000 --- a/scripts/services/raspap/install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# install on gateway -sudo apt-get install -y hostapd vnstat \ No newline at end of file diff --git a/scripts/subinstallers/cockpit.sh b/scripts/subinstallers/cockpit.sh deleted file mode 100755 index fbdb141..0000000 --- a/scripts/subinstallers/cockpit.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# Cockpit -figlet "Mistborn: Installing Cockpit" -if [ "$DISTRO" == "ubuntu" ]; then - echo "Ubuntu backports enabled by default" - -elif [ "$DISTRO" == "debian" ]; then - sudo grep -qF "buster-backports" /etc/apt/sources.list.d/backports.list \ - && echo "buster-backports already in sources" \ - || echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list - -elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then - echo "Raspbian repos contain cockpit" -fi - -sudo -E apt-get install -y cockpit - -if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then - # no longer supported upstream in Ubuntu 20.04 - sudo -E apt-get install -y cockpit-docker -fi - -sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf -sudo systemctl restart cockpit.socket - -# create system cockpit user -echo "Creating cockpit user" -sudo useradd -s /bin/bash -d /home/cockpit -m -G sudo -p $(openssl passwd -1 "$MISTBORN_DEFAULT_PASSWORD") cockpit || true diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh index f4b9675..c2e754c 100755 --- a/scripts/subinstallers/gen_prod_env.sh +++ b/scripts/subinstallers/gen_prod_env.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash figlet "Mistborn: Container Credentials" @@ -40,41 +40,3 @@ WEBPASSWORD="$1" echo "TZ=\"America/New York\"" > $PIHOLE_PROD_FILE echo "WEBPASSWORD=$WEBPASSWORD" >> $PIHOLE_PROD_FILE -# generate rocketchat .env files -ROCKETCHAT_PROD_FILE="./.envs/.production/.rocketchat" -#ROCKETCHAT_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") -ROCKETCHAT_PASSWORD="$1" -echo "ROCKETCHAT_USER=bot" > $ROCKETCHAT_PROD_FILE -echo "ROCKETCHAT_ROOM=GENERAL" >> $ROCKETCHAT_PROD_FILE -echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE -echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE - -# generate nextcloud .env files -NEXTCLOUD_PROD_FILE="./.envs/.production/.nextcloud" -#NEXTCLOUD_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))") -NEXTCLOUD_PASSWORD="$1" -echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE - -# generate onlyoffice .env files -ONLYOFFICE_PROD_FILE="./.envs/.production/.onlyoffice" -JWT_SECRET="$1" -echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE -echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE - -# generate bitwarden .env files -BITWARDEN_PROD_FILE="./.envs/.production/.bitwarden" -echo "WEBSOCKET_ENABLED=true" > $BITWARDEN_PROD_FILE -echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE - -# JITSI -JITSI_PROD_FILE="./.envs/.production/.jitsi" -cp ./scripts/conf/jitsi.env $JITSI_PROD_FILE -mkdir -p ./.envs/.production/.jitsi-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb} -sed -i "s/JICOFO_COMPONENT_SECRET.*/JICOFO_COMPONENT_SECRET=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"