removing extras to other repos

5 years ago · a6a641679d
28 changed files with 30 additions and 1252 deletions
--- a/compose/production/traefik/dynamic.toml
+++ b/compose/production/traefik/dynamic.toml
@ -8,17 +8,17 @@
  [tls.options.default]
    minVersion = "VersionTLS12"
-[http.services]
+#[http.services]
-  [http.services.cockpit.loadBalancer]
+#  [http.services.cockpit.loadBalancer]
-    [[http.services.cockpit.loadBalancer.servers]]
+#    [[http.services.cockpit.loadBalancer.servers]]
-      url = "http://10.2.3.1:9090"
+#      url = "http://10.2.3.1:9090"
-
+#
-[http.routers]
+#[http.routers]
-  [http.routers.cockpit]
+#  [http.routers.cockpit]
-    rule = "Host(`cockpit.mistborn`)"
+#    rule = "Host(`cockpit.mistborn`)"
-    service = "cockpit"
+#    service = "cockpit"
-    entrypoints = ["web", "websecure"]
+#    entrypoints = ["web", "websecure"]
-    middlewares = ["mistborn_auth"]
+#    middlewares = ["mistborn_auth"]
 [http.middlewares]
  [http.middlewares.mistborn_auth.forwardAuth]
@ -28,4 +28,4 @@
      insecureSkipVerify = true
  [http.middlewares.mistborn_headers.headers]
-    hostsProxyHeaders = ['X-CSRFToken']
+    hostsProxyHeaders = ['X-CSRFToken']
--- a/extra/bitwarden.yml
+++ b/extra/bitwarden.yml
@ -1,28 +0,0 @@
 version: '3'
 services:  
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: mistborn_production_bitwarden
    env_file:
      - ../.envs/.production/.bitwarden
    volumes:
      - ../../mistborn_volumes/extra/bitwarden:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.mistborn`)"
      - "traefik.http.routers.bitwarden-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.mistborn`)"
      - "traefik.http.routers.bitwarden-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.bitwarden-https.tls.certresolver=basic"
      - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80"
    ports:
      - 3012:3012/tcp
    restart: unless-stopped
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/homeassistant.yml
+++ b/extra/homeassistant.yml
@ -1,26 +0,0 @@
 version: '3'
 services:
  homeassistant:
    container_name: mistborn_production_home_assistant 
    image: homeassistant/home-assistant:stable
    volumes:
      - ../../mistborn_volumes/extra/homeassistant/config:/config
    environment:
      - TZ=America/New_York
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homeassistant-http.rule=Host(`homeassistant.mistborn`)"
      - "traefik.http.routers.homeassistant-http.entrypoints=web"
      - "traefik.http.routers.homeassistant-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.homeassistant-https.rule=Host(`homeassistant.mistborn`)"
      - "traefik.http.routers.homeassistant-https.entrypoints=websecure"
      - "traefik.http.routers.homeassistant-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.homeassistant-https.tls.certresolver=basic"
      - "traefik.http.services.homeassistant-service.loadbalancer.server.port=8123"
    restart: unless-stopped 
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/jellyfin.yml
+++ b/extra/jellyfin.yml
@ -1,30 +0,0 @@
 version: '3'
 volumes:
  production_jellyfin_config: {}
  production_jellyfin_cache: {}
 services:  
  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: mistborn_production_jellyfin
    volumes:
      - production_jellyfin_config:/config
      - production_jellyfin_cache:/cache
      - ../../mistborn_volumes/extra/nextcloud:/media:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.jellyfin-http.rule=Host(`jellyfin.mistborn`)"
      - "traefik.http.routers.jellyfin-http.entrypoints=web"
      - "traefik.http.routers.jellyfin-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.jellyfin-https.rule=Host(`jellyfin.mistborn`)"
      - "traefik.http.routers.jellyfin-https.entrypoints=websecure"
      - "traefik.http.routers.jellyfin-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.jellyfin-https.tls.certresolver=basic"
      - "traefik.http.services.jellyfin-service.loadbalancer.server.port=8096"
    restart: unless-stopped
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/jitsi-meet.yml
+++ b/extra/jitsi-meet.yml
@ -1,255 +0,0 @@
 version: '3'
 services:
    # Frontend
    jitsi-web:
        image: jitsi/web:stable-5142-3
        restart: unless-stopped
        #ports:
            #- '${HTTP_PORT}:80'
            #- '${HTTPS_PORT}:443'
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.jitsi-http.rule=Host(`jitsi.mistborn`)"
            - "traefik.http.routers.jitsi-http.entrypoints=web"
            - "traefik.http.routers.jitsi-http.middlewares=mistborn_auth@file"
            - "traefik.http.routers.jitsi-https.rule=Host(`jitsi.mistborn`)"
            - "traefik.http.routers.jitsi-https.entrypoints=websecure"
            - "traefik.http.routers.jitsi-https.middlewares=mistborn_auth@file"
            - "traefik.http.routers.jitsi-https.tls.certresolver=basic"
            - "traefik.http.services.jitsi-service.loadbalancer.server.port=${HTTP_PORT}"
        volumes:
            - ${CONFIG}/web:/config:Z
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
        env_file:
            - ../.envs/.production/.jitsi
        environment:
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_XMPP_WEBSOCKET
            - DISABLE_HTTPS
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - LETSENCRYPT_USE_STAGING
            - PUBLIC_URL
            - TZ
            - AMPLITUDE_ID
            - ANALYTICS_SCRIPT_URLS
            - ANALYTICS_WHITELISTED_EVENTS
            - BRIDGE_CHANNEL
            - BRANDING_DATA_URL
            - CALLSTATS_CUSTOM_SCRIPT_URL
            - CALLSTATS_ID
            - CALLSTATS_SECRET
            - CHROME_EXTENSION_BANNER_JSON
            - CONFCODE_URL
            - CONFIG_EXTERNAL_CONNECT
            - DEPLOYMENTINFO_ENVIRONMENT
            - DEPLOYMENTINFO_ENVIRONMENT_TYPE
            - DEPLOYMENTINFO_USERREGION
            - DIALIN_NUMBERS_URL
            - DIALOUT_AUTH_URL
            - DIALOUT_CODES_URL
            - DROPBOX_APPKEY
            - DROPBOX_REDIRECT_URI
            - ENABLE_AUDIO_PROCESSING
            - ENABLE_AUTH
            - ENABLE_CALENDAR
            - ENABLE_FILE_RECORDING_SERVICE
            - ENABLE_FILE_RECORDING_SERVICE_SHARING
            - ENABLE_GUESTS
            - ENABLE_IPV6
            - ENABLE_LIPSYNC
            - ENABLE_NO_AUDIO_DETECTION
            - ENABLE_P2P
            - ENABLE_PREJOIN_PAGE
            - ENABLE_RECORDING
            - ENABLE_REMB
            - ENABLE_REQUIRE_DISPLAY_NAME
            - ENABLE_SIMULCAST
            - ENABLE_STATS_ID
            - ENABLE_STEREO
            - ENABLE_SUBDOMAINS
            - ENABLE_TALK_WHILE_MUTED
            - ENABLE_TCC
            - ENABLE_TRANSCRIPTIONS
            - ETHERPAD_PUBLIC_URL
            - ETHERPAD_URL_BASE
            - GOOGLE_ANALYTICS_ID
            - GOOGLE_API_APP_CLIENT_ID
            - INVITE_SERVICE_URL
            - JICOFO_AUTH_USER
            - MATOMO_ENDPOINT
            - MATOMO_SITE_ID
            - MICROSOFT_API_APP_CLIENT_ID
            - NGINX_RESOLVER
            - NGINX_WORKER_PROCESSES
            - NGINX_WORKER_CONNECTIONS
            - PEOPLE_SEARCH_URL
            - RESOLUTION
            - RESOLUTION_MIN
            - RESOLUTION_WIDTH
            - RESOLUTION_WIDTH_MIN
            - START_AUDIO_ONLY
            - START_AUDIO_MUTED
            - START_BITRATE
            - START_VIDEO_MUTED
            - TESTING_CAP_SCREENSHARE_BITRATE
            - TESTING_OCTO_PROBABILITY
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - TOKEN_AUTH_URL
        networks:
            default:
            meet.jitsi:
                aliases:
                    - ${XMPP_DOMAIN}
    # XMPP server
    jitsi-prosody:
        image: jitsi/prosody:stable-5142-3
        restart: unless-stopped
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody/config:/config:Z
            - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
        env_file:
            - ../.envs/.production/.jitsi
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LOBBY
            - ENABLE_XMPP_WEBSOCKET
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - XMPP_CROSS_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - PUBLIC_URL
            - TZ
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_SERVER}
    # Focus component
    jitsi-jicofo:
        image: jitsi/jicofo:stable-5142-3
        restart: unless-stopped
        volumes:
            - ${CONFIG}/jicofo:/config:Z
        env_file:
            - ../.envs/.production/.jitsi
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIGASI_SIP_URI
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - jitsi-prosody
        networks:
            meet.jitsi:
    # Video bridge
    jitsi-jvb:
        image: jitsi/jvb:stable-5142-3
        restart: unless-stopped
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
        volumes:
            - ${CONFIG}/jvb:/config:Z
        env_file:
            - ../.envs/.production/.jitsi
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_TCP_MAPPED_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - JVB_WS_DOMAIN
            - JVB_WS_SERVER_ID
            - PUBLIC_URL
            - TZ
        depends_on:
            - jitsi-prosody
        networks:
            meet.jitsi:
                aliases:
                    - jvb.meet.jitsi
 # Custom network so all services can communicate using a FQDN
 networks:
    default:
      external:
        name: mistborn_default
    meet.jitsi:
--- a/extra/nextcloud.yml
+++ b/extra/nextcloud.yml
@ -1,29 +0,0 @@
 version: '3'
 services:  
  nextcloud:
    image: nextcloud
    container_name: mistborn_production_nextcloud
    env_file:
      - ../.envs/.production/.postgres
      - ../.envs/.production/.nextcloud
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.mistborn`)"
      - "traefik.http.routers.nextcloud-http.entrypoints=web"
      - "traefik.http.routers.nextcloud-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.nextcloud-https.rule=Host(`nextcloud.mistborn`)"
      - "traefik.http.routers.nextcloud-https.entrypoints=websecure"
      - "traefik.http.routers.nextcloud-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.nextcloud-https.tls.certresolver=basic"
      - "traefik.http.services.nextcloud-service.loadbalancer.server.port=80"
    volumes:
      - ../../mistborn_volumes/extra/nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=nextcloud.mistborn
    restart: unless-stopped
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/onlyoffice.yml
+++ b/extra/onlyoffice.yml
@ -1,27 +0,0 @@
 version: '3'
 services:
  onlyoffice:
    container_name: mistborn_production_onlyoffice
    image: onlyoffice/documentserver:latest
    volumes:
      - ../../mistborn_volumes/extra/onlyoffice/logs:/var/log/onlyoffice
      - ../../mistborn_volumes/extra/onlyoffice/cache:/var/lib/onlyoffice
    env_file:
      - ../.envs/.production/.onlyoffice
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.onlyoffice-http.rule=Host(`onlyoffice.mistborn`)"
      - "traefik.http.routers.onlyoffice-http.entrypoints=web"
      - "traefik.http.routers.onlyoffice-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.onlyoffice-https.rule=Host(`onlyoffice.mistborn`)"
      - "traefik.http.routers.onlyoffice-https.entrypoints=websecure"
      - "traefik.http.routers.onlyoffice-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.onlyoffice-https.tls.certresolver=basic"
      - "traefik.http.services.onlyoffice-service.loadbalancer.server.port=80"
    restart: unless-stopped 
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/raspap.yml
+++ b/extra/raspap.yml
@ -1,30 +0,0 @@
 version: '3'
 services:
  raspap:
    build:
      context: ..
      dockerfile: ./compose/production/raspap/Dockerfile
    #user: root
    image: mistborn_production_raspap
    container_name: mistborn_production_raspap
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)"
      - "traefik.http.routers.raspap-http.entrypoints=web"
      - "traefik.http.routers.raspap-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.raspap-https.rule=Host(`raspap.mistborn`)"
      - "traefik.http.routers.raspap-https.entrypoints=websecure"
      - "traefik.http.routers.raspap-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.raspap-https.tls.certresolver=basic"
      - "traefik.http.services.raspap-service.loadbalancer.server.port=80"
    env_file:
      - ../.envs/.production/.pihole
    command: /start
    volumes:
      - ../../mistborn_volumes/extra/raspap/etc-raspap:/etc/raspap
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/rocketchat.yml
+++ b/extra/rocketchat.yml
@ -1,72 +0,0 @@
 version: '3'
 services:
  # rocketchat
  rocketchat:
    image: rocket.chat:latest
    container_name: mistborn_production_rocketchat
    command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)'
    restart: unless-stopped
    volumes:
      - ../../mistborn_volumes/extra/rocketchat/uploads:/app/uploads
    environment:
      - PORT=3000
      - ROOT_URL=http://chat.mistborn
      - MONGO_URL=mongodb://mongo:27017/rocketchat
      - MONGO_OPLOG_URL=mongodb://mongo:27017/local
      - Accounts_UseDNSDomainCheck=False
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.chat-http.rule=Host(`chat.mistborn`)"
      - "traefik.http.routers.chat-http.entrypoints=web"
      - "traefik.http.routers.chat-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.chat-https.rule=Host(`chat.mistborn`)"
      - "traefik.http.routers.chat-https.entrypoints=websecure"
      - "traefik.http.routers.chat-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.chat-https.tls.certresolver=basic"
      - "traefik.http.services.chat-service.loadbalancer.server.port=3000"
    depends_on:
      - mongo
    #ports:
    #  - 3000:3000
  mongo:
    image: mongo:4.0
    container_name: mistborn_production_rocketchat_mongo
    restart: unless-stopped
    volumes:
     - ../../mistborn_volumes/extra/rocketchat/data/db:/data/db
     - ../../mistborn_volumes/extra/rocketchat/data/dump:/dump
    command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
  # this container's job is just run the command to initialize the replica set.
  # it will run the command and remove himself (it will not stay running)
  mongo-init-replica:
    image: mongo
    command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
    depends_on:
      - mongo
  # hubot, the popular chatbot (add the bot user first and change the password before starting this image)
  hubot:
    image: rocketchat/hubot-rocketchat:latest
    container_name: mistborn_production_rocketchat_hubot
    restart: unless-stopped
    environment:
      - ROCKETCHAT_URL=chat.mistborn #:3000
      # you can add more scripts as you'd like here, they need to be installable by npm
      - EXTERNAL_SCRIPTS=hubot-help,hubot-seen,hubot-links,hubot-diagnostics
    env_file:
      - ../.envs/.production/.rocketchat
    depends_on:
      - rocketchat
    volumes:
      - ../../mistborn_volumes/extra/rocketchat/hubot/scripts:/home/hubot/scripts
  # this is used to expose the hubot port for notifications on the host on port 3001, e.g. for hubot-jenkins-notifier
    ports:
      - "${MISTBORN_BIND_IP}:3001:8080/tcp"
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/syncthing.yml
+++ b/extra/syncthing.yml
@ -1,35 +0,0 @@
 version: '3'
 services:
  syncthing:
    image: linuxserver/syncthing
    container_name: mistborn_production_syncthing
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Amereica/New_York
      - UMASK_SET=022
    volumes:
      - ../../mistborn_volumes/extra/syncthing/config:/config
      - ../../mistborn_volumes/extra/syncthing/data1:/data1
      - ../../mistborn_volumes/extra/syncthing/data2:/data2
    ports:
      #- 8384:8384
      - 22000:22000/tcp # listening port
      - 21027:21027/udp # protocol discovery
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)"
      - "traefik.http.routers.syncthing-http.entrypoints=web"
      - "traefik.http.routers.syncthing-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.syncthing-https.rule=Host(`syncthing.mistborn`)"
      - "traefik.http.routers.syncthing-https.entrypoints=websecure"
      - "traefik.http.routers.syncthing-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.syncthing-https.tls.certresolver=basic"
      - "traefik.http.services.syncthing-service.loadbalancer.server.port=8384"
    restart: unless-stopped
 networks:
  default:
    external:
      name: mistborn_default
--- a/extra/tor.yml
+++ b/extra/tor.yml
@ -1,16 +0,0 @@
 version: '3'
 services:
  tor-client:
    build:
      context: ../compose/production/tor
      dockerfile: ./Dockerfile
    image: mistborn_production_tor
    container_name: mistborn_production_tor
    ports:
      - 9150:9150/tcp
 networks:
  default:
    external:
      name: mistborn_default
--- a/scripts/conf/cockpit.conf
+++ b/scripts/conf/cockpit.conf
@ -1,3 +0,0 @@
 [WebService]
 ProtocolHeader = X-Forwarded-Proto
 AllowUnencrypted=true
--- a/scripts/conf/jitsi.env
+++ b/scripts/conf/jitsi.env
@ -1,366 +0,0 @@
 # shellcheck disable=SC2034
 # Security
 #
 # Set these to strong passwords to avoid intruders from impersonating a service account
 # The service(s) won't start unless these are specified
 # Running ./gen-passwords.sh will update .env with strong passwords
 # You may skip the Jigasi and Jibri passwords if you are not using those
 # DO NOT reuse passwords
 #
 # XMPP component password for Jicofo
 JICOFO_COMPONENT_SECRET=
 # XMPP password for Jicofo client connections
 JICOFO_AUTH_PASSWORD=
 # XMPP password for JVB client connections
 JVB_AUTH_PASSWORD=
 # XMPP password for Jigasi MUC client connections
 JIGASI_XMPP_PASSWORD=
 # XMPP recorder password for Jibri client connections
 JIBRI_RECORDER_PASSWORD=
 # XMPP password for Jibri client connections
 JIBRI_XMPP_PASSWORD=
 #
 # Basic configuration options
 #
 # Directory where all configuration will be stored
 #CONFIG=~/.jitsi-meet-cfg
 CONFIG=../.envs/.production/.jitsi-cfg
 # Exposed HTTP port
 HTTP_PORT=80
 # Exposed HTTPS port
 HTTPS_PORT=443
 # System time zone
 TZ=UTC
 # Public URL for the web service (required)
 PUBLIC_URL=https://jitsi.mistborn
 # IP address of the Docker host
 # See the "Running behind NAT or on a LAN environment" section in the Handbook:
 # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
 #DOCKER_HOST_ADDRESS=192.168.1.1
 DOCKER_HOST_ADDRESS=10.2.3.1
 # Control whether the lobby feature should be enabled or not
 #ENABLE_LOBBY=1
 # Show a prejoin page before entering a conference
 #ENABLE_PREJOIN_PAGE=0
 #
 # Let's Encrypt configuration
 #
 # Enable Let's Encrypt certificate generation
 #ENABLE_LETSENCRYPT=1
 # Domain for which to generate the certificate
 #LETSENCRYPT_DOMAIN=meet.example.com
 # E-Mail for receiving important account notifications (mandatory)
 #LETSENCRYPT_EMAIL=alice@atlanta.net
 # Use the staging server (for avoiding rate limits while testing)
 #LETSENCRYPT_USE_STAGING=1
 #
 # Etherpad integration (for document sharing)
 #
 # Set etherpad-lite URL in docker local network (uncomment to enable)
 #ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
 # Set etherpad-lite public URL (uncomment to enable)
 #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain
 # Name your etherpad instance!
 ETHERPAD_TITLE="Video Chat"
 # The default text of a pad
 ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
 # Name of the skin for etherpad
 ETHERPAD_SKIN_NAME="colibris"
 # Skin variants for etherpad
 ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
 #
 # Basic Jigasi configuration options (needed for SIP gateway support)
 #
 # SIP URI for incoming / outgoing calls
 #JIGASI_SIP_URI=test@sip2sip.info
 # Password for the specified SIP account as a clear text
 #JIGASI_SIP_PASSWORD=passw0rd
 # SIP server (use the SIP account domain if in doubt)
 #JIGASI_SIP_SERVER=sip2sip.info
 # SIP server port
 #JIGASI_SIP_PORT=5060
 # SIP server transport
 #JIGASI_SIP_TRANSPORT=UDP
 #
 # Authentication configuration (see handbook for details)
 #
 # Enable authentication
 #ENABLE_AUTH=1
 # Enable guest access
 #ENABLE_GUESTS=1
 # Select authentication type: internal, jwt or ldap
 #AUTH_TYPE=internal
 # JWT authentication
 #
 # Application identifier
 #JWT_APP_ID=my_jitsi_app_id
 # Application secret known only to your token
 #JWT_APP_SECRET=my_jitsi_app_secret
 # (Optional) Set asap_accepted_issuers as a comma separated list
 #JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
 # (Optional) Set asap_accepted_audiences as a comma separated list
 #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
 # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
 #
 # LDAP url for connection
 #LDAP_URL=ldaps://ldap.domain.com/
 # LDAP base DN. Can be empty
 #LDAP_BASE=DC=example,DC=domain,DC=com
 # LDAP user DN. Do not specify this parameter for the anonymous bind
 #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
 # LDAP user password. Do not specify this parameter for the anonymous bind
 #LDAP_BINDPW=LdapUserPassw0rd
 # LDAP filter. Tokens example:
 # %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
 # %s - %s is replaced by the complete service string
 # %r - %r is replaced by the complete realm string
 #LDAP_FILTER=(sAMAccountName=%u)
 # LDAP authentication method
 #LDAP_AUTH_METHOD=bind
 # LDAP version
 #LDAP_VERSION=3
 # LDAP TLS using
 #LDAP_USE_TLS=1
 # List of SSL/TLS ciphers to allow
 #LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
 # Require and verify server certificate
 #LDAP_TLS_CHECK_PEER=1
 # Path to CA cert file. Used when server certificate verify is enabled
 #LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
 # Path to CA certs directory. Used when server certificate verify is enabled
 #LDAP_TLS_CACERT_DIR=/etc/ssl/certs
 # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
 # LDAP_START_TLS=1
 #
 # Advanced configuration options (you generally don't need to change these)
 #
 # Internal XMPP domain
 XMPP_DOMAIN=meet.jitsi
 # Internal XMPP server
 XMPP_SERVER=xmpp.meet.jitsi
 # Internal XMPP server URL
 XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
 # Internal XMPP domain for authenticated services
 XMPP_AUTH_DOMAIN=auth.meet.jitsi
 # XMPP domain for the MUC
 XMPP_MUC_DOMAIN=muc.meet.jitsi
 # XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
 XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
 # XMPP domain for unauthenticated users
 XMPP_GUEST_DOMAIN=guest.meet.jitsi
 # Comma separated list of domains for cross domain policy or "true" to allow all
 # The PUBLIC_URL is always allowed
 #XMPP_CROSS_DOMAIN=true
 # Custom Prosody modules for XMPP_DOMAIN (comma separated)
 XMPP_MODULES=
 # Custom Prosody modules for MUC component (comma separated)
 XMPP_MUC_MODULES=
 # Custom Prosody modules for internal MUC component (comma separated)
 XMPP_INTERNAL_MUC_MODULES=
 # MUC for the JVB pool
 JVB_BREWERY_MUC=jvbbrewery
 # XMPP user for JVB client connections
 JVB_AUTH_USER=jvb
 # STUN servers used to discover the server's public IP
 JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
 # Media port for the Jitsi Videobridge
 JVB_PORT=10000
 # TCP Fallback for Jitsi Videobridge for when UDP isn't available
 JVB_TCP_HARVESTER_DISABLED=true
 JVB_TCP_PORT=4443
 JVB_TCP_MAPPED_PORT=4443
 # A comma separated list of APIs to enable when the JVB is started [default: none]
 # See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
 #JVB_ENABLE_APIS=rest,colibri
 # XMPP user for Jicofo client connections.
 # NOTE: this option doesn't currently work due to a bug
 JICOFO_AUTH_USER=focus
 # Base URL of Jicofo's reservation REST API
 #JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
 # Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
 #JICOFO_ENABLE_HEALTH_CHECKS=true
 # XMPP user for Jigasi MUC client connections
 JIGASI_XMPP_USER=jigasi
 # MUC name for the Jigasi pool
 JIGASI_BREWERY_MUC=jigasibrewery
 # Minimum port for media used by Jigasi
 JIGASI_PORT_MIN=20000
 # Maximum port for media used by Jigasi
 JIGASI_PORT_MAX=20050
 # Enable SDES srtp
 #JIGASI_ENABLE_SDES_SRTP=1
 # Keepalive method
 #JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
 # Health-check extension
 #JIGASI_HEALTH_CHECK_SIP_URI=keepalive
 # Health-check interval
 #JIGASI_HEALTH_CHECK_INTERVAL=300000
 #
 # Enable Jigasi transcription
 #ENABLE_TRANSCRIPTIONS=1
 # Jigasi will record audio when transcriber is on [default: false]
 #JIGASI_TRANSCRIBER_RECORD_AUDIO=true
 # Jigasi will send transcribed text to the chat when transcriber is on [default: false]
 #JIGASI_TRANSCRIBER_SEND_TXT=true
 # Jigasi will post an url to the chat with transcription file [default: false]
 #JIGASI_TRANSCRIBER_ADVERTISE_URL=true
 # Credentials for connect to Cloud Google API from Jigasi
 # Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
 # section "Before you begin" paragraph 1 to 5
 # Copy the values from the json to the related env vars
 #GC_PROJECT_ID=
 #GC_PRIVATE_KEY_ID=
 #GC_PRIVATE_KEY=
 #GC_CLIENT_EMAIL=
 #GC_CLIENT_ID=
 #GC_CLIENT_CERT_URL=
 # Enable recording
 #ENABLE_RECORDING=1
 # XMPP domain for the jibri recorder
 XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
 # XMPP recorder user for Jibri client connections
 JIBRI_RECORDER_USER=recorder
 # Directory for recordings inside Jibri container
 JIBRI_RECORDING_DIR=/config/recordings
 # The finalizing script. Will run after recording is complete
 JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
 # XMPP user for Jibri client connections
 JIBRI_XMPP_USER=jibri
 # MUC name for the Jibri pool
 JIBRI_BREWERY_MUC=jibribrewery
 # MUC connection timeout
 JIBRI_PENDING_TIMEOUT=90
 # When jibri gets a request to start a service for a room, the room
 # jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
 # We'll build the url for the call by transforming that into:
 # https://xmpp_domain/subdomain/roomName
 # So if there are any prefixes in the jid (like jitsi meet, which
 # has its participants join a muc at conference.xmpp_domain) then
 # list that prefix here so it can be stripped out to generate
 # the call url correctly
 JIBRI_STRIP_DOMAIN_JID=muc
 # Directory for logs inside Jibri container
 JIBRI_LOGS_DIR=/config/logs
 # Disable HTTPS: handle TLS connections outside of this setup
 DISABLE_HTTPS=1
 # Redirect HTTP traffic to HTTPS
 # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1
 # Enable IPv6
 # Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
 #ENABLE_IPV6=1
 # Container restart policy
 # Defaults to unless-stopped
 RESTART_POLICY=unless-stopped
 # Authenticate using external service or just focus external auth window if there is one already.
 # TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
--- a/scripts/env/setup.sh
+++ b/scripts/env/setup.sh
@ -1,5 +1,10 @@
 #!/bin/bash
 # Version
 MISTBORN_MAJOR_VERSION="0"
 MISTBORN_MINOR_VERSION="1"
 MISTBORN_PATCH_NUMBER="1"
 #### ENV file
 VAR_FILE=/opt/mistborn/.env
@ -12,6 +17,12 @@ source /opt/mistborn/scripts/subinstallers/platform.sh
 echo "" | sudo tee ${VAR_FILE}
 sudo chown mistborn:mistborn ${VAR_FILE}
 # Version env variables
 echo "MISTBORN_VERSION=${MISTBORN_MAJOR_VERSION}.${MISTBORN_MINOR_VERSION}.${MISTBORN_PATCH_NUMBER}" | sudo tee -a ${VAR_FILE}
 echo "MISTBORN_MAJOR_VERSION=${MISTBORN_MAJOR_VERSION}" | sudo tee -a ${VAR_FILE}
 echo "MISTBORN_MINOR_VERSION=${MISTBORN_MINOR_VERSION}" | sudo tee -a ${VAR_FILE}
 echo "MISTBORN_PATCH_NUMBER=${MISTBORN_PATCH_NUMBER}" | sudo tee -a ${VAR_FILE}
 # MISTBORN_DNS_BIND_IP
 MISTBORN_DNS_BIND_IP="10.2.3.1"
@ -28,9 +39,11 @@ echo "MISTBORN_BIND_IP=10.2.3.1" | sudo tee -a ${VAR_FILE}
 # MISTBORN_TAG
 GIT_BRANCH=$(git -C /opt/mistborn symbolic-ref --short HEAD || echo "master")
-MISTBORN_TAG="latest"
+MISTBORN_TAG="${MISTBORN_MAJOR_VERSION}.${MISTBORN_MINOR_VERSION}"
-if [ "$GIT_BRANCH" != "master" ]; then
+if [ ! -z "$MISTBORN_TEST_CONTAINER" ]; then
-    MISTBORN_TAG="test"
+    MISTBORN_TAG="test"	
 else if [ "$GIT_BRANCH" == "master" ]; then
    MISTBORN_TAG="latest"
 fi
 echo "MISTBORN_TAG=$MISTBORN_TAG" | sudo tee -a ${VAR_FILE}
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -39,7 +39,7 @@ if [ $(whoami) != "$MISTBORN_USER" ]; then
        sudo cp $FULLPATH /home/$MISTBORN_USER
        sudo chown $MISTBORN_USER:$MISTBORN_USER /home/$MISTBORN_USER/$FILENAME
-        sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" MISTBORN_INSTALL_COCKPIT="$MISTBORN_INSTALL_COCKPIT" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call
+        sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call
        exit 0
 fi
@ -67,13 +67,6 @@ else
    echo "MISTBORN_DEFAULT_PASSWORD is already set"
 fi
 # Install Cockpit?
 if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then
    read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface -- NOT RECOMMENDED on Raspberry Pi)? [y/N]: " MISTBORN_INSTALL_COCKPIT
    echo
    MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-N}
 fi
 # SSH keys
 if [ ! -f ~/.ssh/id_rsa ]; then
    echo "Generating SSH keypair for $USER"
@ -150,16 +143,6 @@ sudo systemctl start docker
 # Unattended upgrades
 sudo -E apt-get install -y unattended-upgrades
 # Cockpit
 if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]]
 then
    # install cockpit
    source ./scripts/subinstallers/cockpit.sh
    # set variable (that will be available in environment)
    MISTBORN_INSTALL_COCKPIT=Y
 fi
 # Mistborn-cli (pip3 installed by docker)
 figlet "Mistborn: Installing mistborn-cli"
 sudo pip3 install -e ./modules/mistborn-cli
@ -200,9 +183,6 @@ sudo mkdir -p ../mistborn_volumes/base/pihole/etc-pihole
 sudo mkdir -p ../mistborn_volumes/base/pihole/etc-dnsmasqd
 sudo mkdir -p ../mistborn_volumes/extra
 # Traefik final setup (cockpit)
 #cp ./compose/production/traefik/traefikv2.toml.template ./compose/production/traefik/traefik.toml
 # setup tls certs 
 source ./scripts/subinstallers/openssl.sh
 #sudo rm -rf ../mistborn_volumes/base/tls
--- a/scripts/services/Mistborn-bitwarden.service
+++ b/scripts/services/Mistborn-bitwarden.service
@ -1,23 +0,0 @@
 [Unit]
 Description=Mistborn Bitwarden Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down
 # Post stop
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-homeassistant.service
+++ b/scripts/services/Mistborn-homeassistant.service
@ -1,21 +0,0 @@
 [Unit]
 Description=Mistborn Home Assistant 
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down
 # Post stop
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-jellyfin.service
+++ b/scripts/services/Mistborn-jellyfin.service
@ -1,21 +0,0 @@
 [Unit]
 Description=Mistborn Jellyfin Service
 Requires=Mistborn-nextcloud.service
 After=Mistborn-nextcloud.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down
 # Post stop
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-jitsi.service
+++ b/scripts/services/Mistborn-jitsi.service
@ -1,27 +0,0 @@
 [Unit]
 Description=Mistborn Jitsi Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 EnvironmentFile=/opt/mistborn/.envs/.production/.jitsi
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml down
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml down
 # Post stop
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-nextcloud.service
+++ b/scripts/services/Mistborn-nextcloud.service
@ -1,21 +0,0 @@
 [Unit]
 Description=Mistborn Nextcloud Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=www-data
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down
 # Post stop
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-onlyoffice.service
+++ b/scripts/services/Mistborn-onlyoffice.service
@ -1,21 +0,0 @@
 [Unit]
 Description=Mistborn OnlyOffice Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down
 # Post stop
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-rocketchat.service
+++ b/scripts/services/Mistborn-rocketchat.service
@ -1,24 +0,0 @@
 [Unit]
 Description=Mistborn Rocket Chat Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 EnvironmentFile=/opt/mistborn/.env
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down
 # Post stop
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-syncthing.service
+++ b/scripts/services/Mistborn-syncthing.service
@ -1,25 +0,0 @@
 [Unit]
 Description=Mistborn Syncthing Service
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down
 # Post stop
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/Mistborn-tor.service
+++ b/scripts/services/Mistborn-tor.service
@ -1,23 +0,0 @@
 [Unit]
 Description=Mistborn Tor Service 
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down
 # Post stop
 ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/raspap/Mistborn-raspap.service
+++ b/scripts/services/raspap/Mistborn-raspap.service
@ -1,21 +0,0 @@
 [Unit]
 Description=Mistborn RaspAP Service 
 Requires=Mistborn-base.service
 After=Mistborn-base.service
 [Service]
 Restart=always
 User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down
 # Post stop
 [Install]
 WantedBy=multi-user.target
--- a/scripts/services/raspap/install.sh
+++ b/scripts/services/raspap/install.sh
@ -1,4 +0,0 @@
 #!/bin/bash
 # install on gateway
 sudo apt-get install -y hostapd vnstat
--- a/scripts/subinstallers/cockpit.sh
+++ b/scripts/subinstallers/cockpit.sh
@ -1,29 +0,0 @@
 #!/bin/bash
 # Cockpit
 figlet "Mistborn: Installing Cockpit"
 if [ "$DISTRO" == "ubuntu" ]; then
    echo "Ubuntu backports enabled by default"
 elif [ "$DISTRO" == "debian" ]; then
    sudo grep -qF "buster-backports" /etc/apt/sources.list.d/backports.list \
    && echo "buster-backports already in sources" \
    || echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list
 elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
    echo "Raspbian repos contain cockpit"
 fi
 sudo -E apt-get install -y cockpit
 if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then
    # no longer supported upstream in Ubuntu 20.04
    sudo -E apt-get install -y cockpit-docker
 fi
 sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf
 sudo systemctl restart cockpit.socket
 # create system cockpit user
 echo "Creating cockpit user"
 sudo useradd -s /bin/bash -d /home/cockpit -m -G sudo -p $(openssl passwd -1 "$MISTBORN_DEFAULT_PASSWORD") cockpit || true
--- a/scripts/subinstallers/gen_prod_env.sh
+++ b/scripts/subinstallers/gen_prod_env.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 figlet "Mistborn: Container Credentials"
@ -40,41 +40,3 @@ WEBPASSWORD="$1"
 echo "TZ=\"America/New York\"" > $PIHOLE_PROD_FILE
 echo "WEBPASSWORD=$WEBPASSWORD" >> $PIHOLE_PROD_FILE
 # generate rocketchat .env files
 ROCKETCHAT_PROD_FILE="./.envs/.production/.rocketchat"
 #ROCKETCHAT_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")
 ROCKETCHAT_PASSWORD="$1"
 echo "ROCKETCHAT_USER=bot" > $ROCKETCHAT_PROD_FILE
 echo "ROCKETCHAT_ROOM=GENERAL" >> $ROCKETCHAT_PROD_FILE
 echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE
 echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE
 # generate nextcloud .env files
 NEXTCLOUD_PROD_FILE="./.envs/.production/.nextcloud"
 #NEXTCLOUD_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")
 NEXTCLOUD_PASSWORD="$1"
 echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE
 echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE
 echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE
 # generate onlyoffice .env files
 ONLYOFFICE_PROD_FILE="./.envs/.production/.onlyoffice"
 JWT_SECRET="$1"
 echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE
 echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE
 # generate bitwarden .env files
 BITWARDEN_PROD_FILE="./.envs/.production/.bitwarden"
 echo "WEBSOCKET_ENABLED=true" > $BITWARDEN_PROD_FILE
 echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE
 # JITSI
 JITSI_PROD_FILE="./.envs/.production/.jitsi"
 cp ./scripts/conf/jitsi.env $JITSI_PROD_FILE
 mkdir -p ./.envs/.production/.jitsi-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb}
 sed -i "s/JICOFO_COMPONENT_SECRET.*/JICOFO_COMPONENT_SECRET=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"