diff --git a/conf/zamba.conf.example b/conf/zamba.conf.example index 0595879..e8095ba 100644 --- a/conf/zamba.conf.example +++ b/conf/zamba.conf.example @@ -165,18 +165,6 @@ CMK_ADMIN_PW='Start!123' # free = limited version of the enterprise edition (25 hosts, 1 instance) CMK_EDITION=raw -############### Kopano-Section ############### - -# Define the FQDN of your Nextcloud server -KOPANO_FQDN="kopano.zmb.rocks" - -# Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban -KOPANO_MAILGW="192.168.100.254" - -# Kopano test- or subscription-key offerd from -# https://kopano.com/downloads-demo/?demo=Kopano+Groupware&headline=Packages&target=Debian+10 -KOPANO_REPKEY="1234567890abcdefghijklmno" - ############### vaultwarden Section ############### # Enable/disable signups (true/false) diff --git a/src/functions.sh b/src/functions.sh index 510bdbd..20aee4b 100644 --- a/src/functions.sh +++ b/src/functions.sh @@ -130,6 +130,6 @@ inst_mongodb() { inst_bashclub() { BASHCLUB_COMPONENT=${1:-release} - apt_repo "bashclub" "https://apt.bashclub.org/gpg/bashclub.pub" "https://apt.bashclub.org/$BASHCLUB_COMPONENT" "$(lsb_release -cs)" "main" + apt_repo "bashclub-$BASHCLUB_COMPONENT" "https://apt.bashclub.org/gpg/bashclub.pub" "https://apt.bashclub.org/$BASHCLUB_COMPONENT" "$(lsb_release -cs)" "main" apt update } \ No newline at end of file diff --git a/src/icinga2/constants-service.conf b/src/icinga2/constants-service.conf index 944f7c9..ee6c969 100644 --- a/src/icinga2/constants-service.conf +++ b/src/icinga2/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 @@ -34,4 +34,4 @@ SERVICE_TAGS="php-fpm,nginx,mariadb" CRED_FILE="/root/.zamba_credentials/icinga_stack.txt" -PHP_VERSION=8.2 \ No newline at end of file +PHP_VERSION=8.4 \ No newline at end of file diff --git a/src/icinga2/install-service.sh b/src/icinga2/install-service.sh index 749d725..869355b 100644 --- a/src/icinga2/install-service.sh +++ b/src/icinga2/install-service.sh @@ -18,8 +18,8 @@ echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://pac curl -fsSL https://packages.netways.de/netways-repo.asc | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/extras/debian/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/netways.list -curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg -echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/influxdata.list +curl -fsSL https://repos.influxdata.com/influxdata-archive.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian bookworm stable" > /etc/apt/sources.list.d/influxdata.list apt update @@ -347,7 +347,8 @@ database: password: ${NOTIFICATIONS_DB_PASS} EOF -cat << EOF > /etc/icingaweb2/modules/notifications/config.ini +mkdir -p /etc/icingaweb2/modules/notifications/ +cat << EOF > /etc/icingaweb2/modules/notifications/config.ini [database] resource = "notifications" EOF @@ -468,7 +469,7 @@ EOF icinga2 feature enable icingadb api influxdb2-writer perfdata -icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt +#icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert." icingacli module enable reactbundle diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index c87068c..b97fd77 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -576,4 +576,3 @@ echo "=> Modifying Crowdsec ..." mod_crowdsec echo -e "\n######################################################################\n\n Please note this user and password for the nextcloud login:\n '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n Enjoy your Nextcloud intallation.\n\n######################################################################" -shutdown -r now diff --git a/src/open3a/constants-service.conf b/src/open3a/constants-service.conf index c4548eb..50fd76b 100644 --- a/src/open3a/constants-service.conf +++ b/src/open3a/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index 0fb565a..a8b79e7 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -15,10 +15,13 @@ webroot=/var/www/html LXC_RANDOMPWD=20 MYSQL_PASSWORD="$(random_password)" +PHP_VERSION=8.4 apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd +inst_php cli,fpm,mysql,xml,mbstring,gd $PHP_VERSION + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends unzip sudo nginx-full mariadb-server mariadb-client mkdir -p /etc/nginx/ssl openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN" @@ -41,13 +44,12 @@ server { index index.php; - ssl on; ssl_certificate /etc/nginx/ssl/open3a.crt; ssl_certificate_key /etc/nginx/ssl/open3a.key; location ~ .php$ { include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock; } } @@ -78,8 +80,8 @@ localhost &%%%&open3a &%%%&$MYSQL_PAS */ ?> EOF -systemctl enable --now php8.2-fpm -systemctl restart php8.2-fpm nginx +systemctl enable --now php${PHP_VERSION}-fpm +systemctl restart php${PHP_VERSION}-fpm nginx LXC_IP=$(ip address show dev eth0 | grep "inet " | cut -d ' ' -f6) diff --git a/src/piler/constants-service.conf b/src/piler/constants-service.conf index 88aac0c..21b0d3a 100644 --- a/src/piler/constants-service.conf +++ b/src/piler/constants-service.conf @@ -6,7 +6,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=1 diff --git a/src/piler/install-service.sh b/src/piler/install-service.sh index 67125b2..a3c7262 100644 --- a/src/piler/install-service.sh +++ b/src/piler/install-service.sh @@ -5,13 +5,12 @@ set -euo pipefail -source zamba.conf +source /root/functions.sh +source /root/zamba.conf +source /root/constants-service.conf -wget -O - https://apt.bashclub.org/gpg/bashclub.pub | gpg --dearmor > /usr/share/keyrings/bashclub-keyring.gpg - -echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/manticore bookworm main" > /etc/apt/sources.list.d/bashclub-manticore.list -echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/$PILER_BRANCH bookworm main" > /etc/apt/sources.list.d/bashclub-$PILER_BRANCH.list -apt update +inst_bashclub manticore +inst_bashclub $PILER_BRANCH DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends piler diff --git a/src/rei3/constants-service.conf b/src/rei3/constants-service.conf index ac00ebb..783b680 100644 --- a/src/rei3/constants-service.conf +++ b/src/rei3/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 diff --git a/src/rei3/install-service.sh b/src/rei3/install-service.sh index 6f2a3d5..08b72d7 100644 --- a/src/rei3/install-service.sh +++ b/src/rei3/install-service.sh @@ -14,13 +14,12 @@ source /root/constants-service.conf mkdir /opt/rei3 wget -c https://rei3.de/latest/x64_linux -O - | tar -zx -C /opt/rei3 -wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /usr/share/keyrings/postgres.gpg -echo "deb [signed-by=/usr/share/keyrings/postgres.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list +inst_postgresql apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends postgresql imagemagick ghostscript postgresql-client +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends imagemagick ghostscript timedatectl set-timezone ${LXC_TIMEZONE} diff --git a/src/vaultwarden/constants-service.conf b/src/vaultwarden/constants-service.conf index d9325a7..36b207b 100644 --- a/src/vaultwarden/constants-service.conf +++ b/src/vaultwarden/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 diff --git a/src/vaultwarden/install-service.sh b/src/vaultwarden/install-service.sh index 0fe53ec..539c584 100644 --- a/src/vaultwarden/install-service.sh +++ b/src/vaultwarden/install-service.sh @@ -13,7 +13,9 @@ source /root/constants-service.conf admin_token=$(openssl rand -base64 48) -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq postgresql nginx git ssl-cert +inst_postgresql + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq nginx git ssl-cert systemctl enable --now postgresql diff --git a/src/zabbix-proxy/constants-service.conf b/src/zabbix-proxy/constants-service.conf index a931567..0eb2b46 100644 --- a/src/zabbix-proxy/constants-service.conf +++ b/src/zabbix-proxy/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 @@ -42,8 +42,8 @@ ZABBIX_DB_USR="zabbix" # Build a strong password for the SQL user - could be overwritten with something fixed ZABBIX_DB_PWD="$(random_password)" -ZABBIX_VERSION=7.0 #zabbix 7 beta -POSTGRES_VERSION=16 #postgres repo, latest release (2024-05-13) +ZABBIX_VERSION=7.4 #zabbix 7 beta +POSTGRES_VERSION=18 #postgres repo, latest release (2024-05-13) # Sets the minimum amount of RAM the service needs for operation LXC_MEM_MIN=4096 diff --git a/src/zabbix-proxy/install-service.sh b/src/zabbix-proxy/install-service.sh index fc9472a..9e452db 100644 --- a/src/zabbix-proxy/install-service.sh +++ b/src/zabbix-proxy/install-service.sh @@ -11,13 +11,14 @@ source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -apt_repo "zabbix" "https://repo.zabbix.com/zabbix-official-repo.key" "https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/debian/ $(lsb_release -cs) main" -apt_repo "postgresql" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" "http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" +apt_repo "zabbix" "https://repo.zabbix.com/zabbix-official-repo.key" "https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/stable/debian/" "$(lsb_release -cs)" "main" apt update +inst_postgresql $POSTGRES_VERSION + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends postgresql-$POSTGRES_VERSION postgresql-client zabbix-proxy-pgsql zabbix-sql-scripts zabbix-agent2 zabbix-agent2-plugin-* ssl-cert +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends zabbix-proxy-pgsql zabbix-sql-scripts zabbix-agent2 zabbix-agent2-plugin-* ssl-cert timedatectl set-timezone ${LXC_TIMEZONE} @@ -29,7 +30,7 @@ psql -c "CREATE DATABASE ${ZABBIX_DB_NAME} ENCODING UTF8 TEMPLATE template0 OWNE echo "Postgres User ${ZABBIX_DB_USR} and database ${ZABBIX_DB_NAME} created." EOF -cat /usr/share/zabbix-sql-scripts/postgresql/proxy.sql | sudo -u zabbix psql ${ZABBIX_DB_NAME} +cat /usr/share/zabbix/sql-scripts/postgresql/proxy.sql | sudo -u zabbix psql ${ZABBIX_DB_NAME} echo "DBPassword=${ZABBIX_DB_PWD}" >> /etc/zabbix/zabbix_proxy.conf @@ -53,6 +54,8 @@ sed -i "s/# TLSAccept=unencrypted/TLSAccept=psk/g" /etc/zabbix/zabbix_proxy.conf sed -i "s/# TLSPSKIdentity=/TLSPSKIdentity=${LXC_HOSTNAME}.${LXC_DOMAIN}/g" /etc/zabbix/zabbix_proxy.conf sed -i "s|# TLSPSKFile=|TLSPSKFile=/var/lib/zabbix/proxy.psk|g" /etc/zabbix/zabbix_proxy.conf +mv /etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf /etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.off + systemctl enable zabbix-proxy zabbix-agent2 systemctl restart zabbix-proxy zabbix-agent2 diff --git a/src/zabbix/constants-service.conf b/src/zabbix/constants-service.conf index b074420..f228e7a 100644 --- a/src/zabbix/constants-service.conf +++ b/src/zabbix/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 @@ -42,10 +42,10 @@ ZABBIX_DB_USR="zabbix" # Build a strong password for the SQL user - could be overwritten with something fixed ZABBIX_DB_PWD="$(random_password)" -ZABBIX_VERSION=7.0 #zabbix 7 beta -POSTGRES_VERSION=16 #postgres repo, latest release (2024-05-13) -PHP_VERSION=8.2 # debian 12 default -TS_VERSION=2.16.1 # currently latest by zabbix supported version of timescaledb (2024-05-13) +ZABBIX_VERSION=7.4 #zabbix 7 beta +POSTGRES_VERSION=18 #postgres repo, latest release (2024-05-13) +PHP_VERSION=8.4 # debian 12 default +TS_VERSION=2.23.0 # currently latest by zabbix supported version of timescaledb (2024-05-13) # Sets the minimum amount of RAM the service needs for operation LXC_MEM_MIN=4096 diff --git a/src/zabbix/install-service.sh b/src/zabbix/install-service.sh index 41b98e0..b290803 100644 --- a/src/zabbix/install-service.sh +++ b/src/zabbix/install-service.sh @@ -11,14 +11,15 @@ source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -apt_repo "zabbix" "https://repo.zabbix.com/zabbix-official-repo.key" "https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/debian/ $(lsb_release -cs) main" -apt_repo "postgresql" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" "http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" -apt_repo "timescaledb" "https://packagecloud.io/timescale/timescaledb/gpgkey" "https://packagecloud.io/timescale/timescaledb/debian/ $(lsb_release -c -s) main" +apt_repo "zabbix" "https://repo.zabbix.com/zabbix-official-repo.key" "https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/stable/debian/" "$(lsb_release -cs)" "main" +apt_repo "timescaledb" "https://packagecloud.io/timescale/timescaledb/gpgkey" "https://packagecloud.io/timescale/timescaledb/debian/" "$(lsb_release -cs)" "main" +inst_postgresql ${POSTGRES_VERSION} +inst_php pgsql,fpm $PHP_VERSION apt update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends postgresql-$POSTGRES_VERSION timescaledb-2-oss-$TS_VERSION-postgresql-$POSTGRES_VERSION postgresql-client-$POSTGRES_VERSION timescaledb-tools nginx php$PHP_VERSION-pgsql php$PHP_VERSION-fpm zabbix-server-pgsql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent2 zabbix-agent2-plugin-* ssl-cert +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends timescaledb-2-oss-$TS_VERSION-postgresql-$POSTGRES_VERSION timescaledb-tools nginx zabbix-server-pgsql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent2 zabbix-agent2-plugin-* ssl-cert unlink /etc/nginx/sites-enabled/default @@ -216,18 +217,20 @@ psql -c "CREATE DATABASE ${ZABBIX_DB_NAME} ENCODING UTF8 TEMPLATE template0 OWNE echo "Postgres User ${ZABBIX_DB_USR} and database ${ZABBIX_DB_NAME} created." EOF -sed -i "s/false/true/g" /usr/share/zabbix/include/locales.inc.php +#sed -i "s/false/true/g" /usr/share/zabbix/include/locales.inc.php -zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql ${ZABBIX_DB_NAME} +zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql ${ZABBIX_DB_NAME} timescaledb-tune --quiet --yes >> /etc/postgresql/$POSTGRES_VERSION/main/postgresql.conf systemctl restart postgresql echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix -cat /usr/share/zabbix-sql-scripts/postgresql/timescaledb/schema.sql | sudo -u zabbix psql ${ZABBIX_DB_NAME} +cat /usr/share/zabbix/sql-scripts/postgresql/timescaledb/schema.sql | sudo -u zabbix psql ${ZABBIX_DB_NAME} -echo "DBPassword=${ZABBIX_DB_PWD}" >> /etc/zabbix/zabbix_server.conf +echo "DBPassword=${ZABBIX_DB_PWD}" >> /etc/zabbix/zabbix_server.d/dbpassword.conf + +mv /etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf /etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.off generate_dhparam diff --git a/src/zammad/constants-service.conf b/src/zammad/constants-service.conf index 014cafd..e695b6f 100644 --- a/src/zammad/constants-service.conf +++ b/src/zammad/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index 1cd4af6..47deddb 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -19,7 +19,7 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg:: USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}') useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER echo "$USER:$ZMB_ADMIN_PASS" | chpasswd -smbpasswd -x $USER +smbpasswd -x $USER || true (echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER usermod -aG sudo $USER