From 9e7f85b6f99233543f74899cc0432f7ec7e33b5e Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Wed, 31 Mar 2021 02:40:04 +0000 Subject: [PATCH] Resolve "Integrate RaspAP as extra service" --- README.md | 3 +++ extra/raspap.yml | 19 ++++++++------ scripts/services/Mistborn-raspap.service | 25 +++++++++++++++++++ .../services/raspap/Mistborn-raspap.service | 21 ---------------- scripts/services/raspap/install.sh | 4 --- scripts/subinstallers/extra/bitwarden.sh | 3 ++- scripts/subinstallers/extra/guacamole.sh | 3 ++- scripts/subinstallers/extra/jitsi.sh | 3 ++- scripts/subinstallers/extra/nextcloud.sh | 3 ++- scripts/subinstallers/extra/onlyoffice.sh | 3 ++- scripts/subinstallers/extra/raspap.sh | 6 +++++ scripts/subinstallers/extra/rocketchat.sh | 4 ++- 12 files changed, 58 insertions(+), 39 deletions(-) create mode 100644 scripts/services/Mistborn-raspap.service delete mode 100644 scripts/services/raspap/Mistborn-raspap.service delete mode 100755 scripts/services/raspap/install.sh create mode 100644 scripts/subinstallers/extra/raspap.sh diff --git a/README.md b/README.md index 252331c..7ca1b26 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ Within Mistborn is a panel to enable and manage these free extra services (off b - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy. - [Jitsi](https://jitsi.org): Multi-platform open-source video conferencing - [Guacamole](https://guacamole.apache.org): A clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. +- [RaspAP](https://raspap.com/): The easiest, full-featured wireless router setup for Debian-based devices. Period. (Mistborn integration in alpha testing). # Quickstart Tested Operating Systems (in order of thoroughness): @@ -288,6 +289,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client | OnlyOffice | onlyoffice.mistborn | Off | | Jitsi | jitsi.mistborn | Off | | Guacamole | guac.mistborn | Off | +| RaspAP | raspap.mistborn | Off | # Default Credentials These are the default credentials to use in the services you choose to use: @@ -298,6 +300,7 @@ These are the default credentials to use in the services you choose to use: | Cockpit | cockpit | {{default mistborn password}} | | Nextcloud | mistborn | {{default mistborn password}} | | Guacamole | mistborn | {{default mistborn password }} | +| RaspAP | mistborn | {{default mistborn password}} | You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/` diff --git a/extra/raspap.yml b/extra/raspap.yml index 3be7dce..9b773ce 100644 --- a/extra/raspap.yml +++ b/extra/raspap.yml @@ -2,12 +2,9 @@ version: '3' services: raspap: - build: - context: .. - dockerfile: ./compose/production/raspap/Dockerfile - #user: root - image: mistborn_production_raspap + image: "cyber5k/raspap:${MISTBORN_TAG}" container_name: mistborn_production_raspap + #network_mode: host labels: - "traefik.enable=true" - "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)" @@ -19,10 +16,16 @@ services: - "traefik.http.routers.raspap-https.tls.certresolver=basic" - "traefik.http.services.raspap-service.loadbalancer.server.port=80" env_file: - - ../.envs/.production/.pihole - command: /start + - ../.envs/.production/.raspap + cap_add: + #- NET_ADMIN + - SYS_ADMIN + #- CAP_FOWNER + privileged: true volumes: - - ../../mistborn_volumes/extra/raspap/etc-raspap:/etc/raspap + - /sys/fs/cgroup:/sys/fs/cgroup:ro + #command: /start + restart: unless-stopped networks: default: diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service new file mode 100644 index 0000000..bb62297 --- /dev/null +++ b/scripts/services/Mistborn-raspap.service @@ -0,0 +1,25 @@ +[Unit] +Description=Mistborn RaspAP Service +Requires=Mistborn-base.service +After=Mistborn-base.service + +[Service] +Restart=always +RestartSec=15 +User=root +Group=docker +PermissionsStartOnly=true +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP +#ExecStartPre=/bin/bash /opt/mistborn_volumes/extra/raspap/etc-raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +# Shutdown container (if running) when unit is stopped +ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down + +# Start container when unit is started +ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml up --build +# Stop container when unit is stopped +ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh raspap docker-compose -f /opt/mistborn/extra/raspap.yml down +ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 8095 -j MISTBORN_LOG_DROP +# Post stop + +[Install] +WantedBy=multi-user.target diff --git a/scripts/services/raspap/Mistborn-raspap.service b/scripts/services/raspap/Mistborn-raspap.service deleted file mode 100644 index 2f3faec..0000000 --- a/scripts/services/raspap/Mistborn-raspap.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Mistborn RaspAP Service -Requires=Mistborn-base.service -After=Mistborn-base.service - -[Service] -Restart=always -User=root -Group=docker -PermissionsStartOnly=true -# Shutdown container (if running) when unit is stopped -ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down - -# Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build -# Stop container when unit is stopped -ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -# Post stop - -[Install] -WantedBy=multi-user.target diff --git a/scripts/services/raspap/install.sh b/scripts/services/raspap/install.sh deleted file mode 100755 index 4b373ef..0000000 --- a/scripts/services/raspap/install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# install on gateway -sudo apt-get install -y hostapd vnstat \ No newline at end of file diff --git a/scripts/subinstallers/extra/bitwarden.sh b/scripts/subinstallers/extra/bitwarden.sh index abc37a5..339310f 100755 --- a/scripts/subinstallers/extra/bitwarden.sh +++ b/scripts/subinstallers/extra/bitwarden.sh @@ -3,4 +3,5 @@ # generate bitwarden .env files BITWARDEN_PROD_FILE="$1" echo "WEBSOCKET_ENABLED=true" > $BITWARDEN_PROD_FILE -echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE \ No newline at end of file +echo "SIGNUPS_ALLOWED=true" >> $BITWARDEN_PROD_FILE +chmod 600 $BITWARDEN_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/guacamole.sh b/scripts/subinstallers/extra/guacamole.sh index 8df9d00..5cb4871 100755 --- a/scripts/subinstallers/extra/guacamole.sh +++ b/scripts/subinstallers/extra/guacamole.sh @@ -10,4 +10,5 @@ echo "POSTGRES_DB=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_DATABASE=guacamole_db" >> $GUAC_PROD_FILE echo "POSTGRES_USER=guac_user" >> $GUAC_PROD_FILE echo "POSTGRES_PASSWORD=$GUAC_PASSWORD" >> $GUAC_PROD_FILE -echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE \ No newline at end of file +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $GUAC_PROD_FILE +chmod 600 $GUAC_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/jitsi.sh b/scripts/subinstallers/extra/jitsi.sh index fcf3493..a883b67 100755 --- a/scripts/subinstallers/extra/jitsi.sh +++ b/scripts/subinstallers/extra/jitsi.sh @@ -9,4 +9,5 @@ sed -i "s/JICOFO_AUTH_PASSWORD.*/JICOFO_AUTH_PASSWORD=$(python3 -c "import secre sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" -sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" \ No newline at end of file +sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE" +chmod 600 $JITSI_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/nextcloud.sh b/scripts/subinstallers/extra/nextcloud.sh index b1568b7..4bd8ca4 100755 --- a/scripts/subinstallers/extra/nextcloud.sh +++ b/scripts/subinstallers/extra/nextcloud.sh @@ -6,4 +6,5 @@ NEXTCLOUD_PROD_FILE="$1" NEXTCLOUD_PASSWORD="${MISTBORN_DEFAULT_PASSWORD}" echo "NEXTCLOUD_ADMIN_USER=mistborn" > $NEXTCLOUD_PROD_FILE echo "NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_PASSWORD" >> $NEXTCLOUD_PROD_FILE -echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE \ No newline at end of file +echo "NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mistborn" >> $NEXTCLOUD_PROD_FILE +chmod 600 $NEXTCLOUD_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/onlyoffice.sh b/scripts/subinstallers/extra/onlyoffice.sh index 3fadeca..fbf579c 100755 --- a/scripts/subinstallers/extra/onlyoffice.sh +++ b/scripts/subinstallers/extra/onlyoffice.sh @@ -4,4 +4,5 @@ ONLYOFFICE_PROD_FILE="$1" JWT_SECRET="${MISTBORN_DEFAULT_PASSWORD}" echo "JWT_ENABLED=true" > $ONLYOFFICE_PROD_FILE -echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE \ No newline at end of file +echo "JWT_SECRET=$JWT_SECRET" >> $ONLYOFFICE_PROD_FILE +chmod 600 $ONLYOFFICE_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/raspap.sh b/scripts/subinstallers/extra/raspap.sh new file mode 100644 index 0000000..ced9860 --- /dev/null +++ b/scripts/subinstallers/extra/raspap.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# RaspAP +RASPAP_PROD_FILE="$1" +echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" > $RASPAP_PROD_FILE +chmod 600 $RASPAP_PROD_FILE \ No newline at end of file diff --git a/scripts/subinstallers/extra/rocketchat.sh b/scripts/subinstallers/extra/rocketchat.sh index 6da1e2d..e61e4b4 100755 --- a/scripts/subinstallers/extra/rocketchat.sh +++ b/scripts/subinstallers/extra/rocketchat.sh @@ -10,4 +10,6 @@ echo "BOT_NAME=bot" >> $ROCKETCHAT_PROD_FILE echo "ROCKETCHAT_PASSWORD=$ROCKETCHAT_PASSWORD" >> $ROCKETCHAT_PROD_FILE # docker environment -echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE \ No newline at end of file +echo "MISTBORN_BIND_IP=${MISTBORN_BIND_IP}" >> $ROCKETCHAT_PROD_FILE + +chmod 600 $ROCKETCHAT_PROD_FILE \ No newline at end of file