From 6e009743f470469e0ea68071239b493b8d4b2a7a Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 18 Jan 2026 12:52:37 +0000 Subject: [PATCH] remove kopano, ad-restore, enable strict mode in all installers --- TODO Debian 13 | 1 + src/ansible-semaphore/install-service.sh | 2 + src/authentik/install-service.sh | 2 + src/bookstack/install-service.sh | 2 + src/checkmk/install-service.sh | 2 + src/docker/install-service.sh | 2 + src/gitea/install-service.sh | 2 + src/icinga2/install-service.sh | 2 + src/kimai/constants-service.conf | 4 +- src/kimai/install-service.sh | 7 +- src/kopano-core/constants-service.conf | 53 ----- src/kopano-core/install-service.sh | 276 ---------------------- src/mailcow/install-service.sh | 2 + src/matrix/install-service.sh | 4 +- src/onlyoffice/install-service.sh | 4 +- src/open3a/install-service.sh | 2 + src/piler/install-service.sh | 2 + src/rei3/install-service.sh | 2 + src/urbackup/install-service.sh | 2 + src/vaultwarden/install-service.sh | 2 + src/zammad/install-service.sh | 2 + src/zmb-ad-restore/constants-service.conf | 45 ---- src/zmb-ad-restore/install-service.sh | 195 --------------- src/zmb-cups/install-service.sh | 2 + src/zmb-member/install-service.sh | 2 + src/zmb-standalone/install-service.sh | 2 + 26 files changed, 44 insertions(+), 579 deletions(-) create mode 100644 TODO Debian 13 delete mode 100644 src/kopano-core/constants-service.conf delete mode 100644 src/kopano-core/install-service.sh delete mode 100644 src/zmb-ad-restore/constants-service.conf delete mode 100644 src/zmb-ad-restore/install-service.sh diff --git a/TODO Debian 13 b/TODO Debian 13 new file mode 100644 index 0000000..ad91e89 --- /dev/null +++ b/TODO Debian 13 @@ -0,0 +1 @@ +- icinga2 diff --git a/src/ansible-semaphore/install-service.sh b/src/ansible-semaphore/install-service.sh index a9dc2ca..ffb4c26 100644 --- a/src/ansible-semaphore/install-service.sh +++ b/src/ansible-semaphore/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/authentik/install-service.sh b/src/authentik/install-service.sh index 3333df4..922975c 100644 --- a/src/authentik/install-service.sh +++ b/src/authentik/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/bookstack/install-service.sh b/src/bookstack/install-service.sh index a040873..7d12c05 100644 --- a/src/bookstack/install-service.sh +++ b/src/bookstack/install-service.sh @@ -7,6 +7,8 @@ set -euo pipefail # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/checkmk/install-service.sh b/src/checkmk/install-service.sh index d619409..499934e 100644 --- a/src/checkmk/install-service.sh +++ b/src/checkmk/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/docker/install-service.sh b/src/docker/install-service.sh index 6d08041..1856481 100644 --- a/src/docker/install-service.sh +++ b/src/docker/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/gitea/install-service.sh b/src/gitea/install-service.sh index fd57e91..68fa218 100644 --- a/src/gitea/install-service.sh +++ b/src/gitea/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/icinga2/install-service.sh b/src/icinga2/install-service.sh index 45a7228..749d725 100644 --- a/src/icinga2/install-service.sh +++ b/src/icinga2/install-service.sh @@ -1,4 +1,6 @@ +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/kimai/constants-service.conf b/src/kimai/constants-service.conf index a940f2e..27df3c5 100644 --- a/src/kimai/constants-service.conf +++ b/src/kimai/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-12-standard" +LXC_TEMPLATE_VERSION="debian-13-standard" # Create sharefs mountpoint LXC_MP=0 @@ -30,7 +30,7 @@ LXC_KEYCTL="0" #KIMAI_VERSION="main" # Defines the php version to install -KIMAI_PHP_VERSION="8.2" +KIMAI_PHP_VERSION="8.4" # Sets the minimum amount of RAM the service needs for operation LXC_MEM_MIN=1024 diff --git a/src/kimai/install-service.sh b/src/kimai/install-service.sh index ee941f7..19d4b2e 100644 --- a/src/kimai/install-service.sh +++ b/src/kimai/install-service.sh @@ -14,12 +14,11 @@ source /root/constants-service.conf KIMAI_DB_PWD=$(random_password) webroot=/var/www/kimai/public -#wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - -#echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list - apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq zip unzip sudo nginx-full mariadb-server mariadb-client php${KIMAI_PHP_VERSION} php${KIMAI_PHP_VERSION}-intl php${KIMAI_PHP_VERSION}-cli php${KIMAI_PHP_VERSION}-fpm php${KIMAI_PHP_VERSION}-mysql php${KIMAI_PHP_VERSION}-xml php${KIMAI_PHP_VERSION}-mbstring php${KIMAI_PHP_VERSION}-gd php${KIMAI_PHP_VERSION}-tokenizer php${KIMAI_PHP_VERSION}-zip php${KIMAI_PHP_VERSION}-opcache php${KIMAI_PHP_VERSION}-curl +inst_php intl,cli,fpm,mysql,xml,mbstring,gd,tokenizer,zip,opcache,curl $KIMAI_PHP_VERSION + +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq zip unzip sudo nginx-full mariadb-server mariadb-client mkdir -p /etc/nginx/ssl openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/kimai.key -out /etc/nginx/ssl/kimai.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN" diff --git a/src/kopano-core/constants-service.conf b/src/kopano-core/constants-service.conf deleted file mode 100644 index 0dae961..0000000 --- a/src/kopano-core/constants-service.conf +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -# Authors: -# (C) 2021 Idea an concept by Christian Zengel -# (C) 2021 Script design and prototype by Markus Helmke -# (C) 2021 Script rework and documentation by Thorsten Spille - -# This file contains the project constants on service level - -# Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-11-standard" - -# Create sharefs mountpoint -LXC_MP=0 -# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) -LXC_SHAREFS_MOUNTPOINT="tank" -# Defines the recordsize of mp0 -LXC_MP_RECORDSIZE="16K" - -# Create unprivileged container -LXC_UNPRIVILEGED="1" - -# enable nesting feature -LXC_NESTING="1" - -# enable keyctl feature -LXC_KEYCTL="0" - -# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest') -KOPANO_VERSION="latest" - -# Defines the php version to install -KOPANO_PHP_VERSION="7.4" - -# Defines Maria DB Version -MARIA_DB_VERS="10.5" - -# Defines the name from the SQL database -MARIA_DB_NAME="kopano" - -# Defines the name from the SQL user -MARIA_DB_USER="kopano" - -# Build a strong password for the SQL user - could be overwritten with something fixed - -MARIA_ROOT_PWD=$(random_password) -MARIA_USER_PWD=$(random_password) - -# Sets the minimum amount of RAM the service needs for operation -LXC_MEM_MIN=4096 - -# service dependent meta tags -SERVICE_TAGS="php-fpm,nginx,mariadb" \ No newline at end of file diff --git a/src/kopano-core/install-service.sh b/src/kopano-core/install-service.sh deleted file mode 100644 index fa73226..0000000 --- a/src/kopano-core/install-service.sh +++ /dev/null @@ -1,276 +0,0 @@ -#!/bin/bash - -# Authors: -# (C) 2021 Idea an concept by Christian Zengel -# (C) 2021 Script design and prototype by Markus Helmke -# (C) 2021 Script rework and documentation by Thorsten Spille - -source /root/functions.sh -source /root/zamba.conf -source /root/constants-service.conf - -HOSTNAME=$(hostname -f) - -#wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - -#echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list - -wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add - -echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list - -wget -q -O - https://mariadb.org/mariadb_release_signing_key.asc | apt-key add - -echo "deb https://mirror.wtnet.de/mariadb/repo/$MARIA_DB_VERS/debian $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/maria.list - -apt update - -#DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends nginx-light mariadb-server postfix postfix-ldap \ -#php$KOPANO_PHP_VERSION-{cli,common,curl,fpm,gd,json,mysql,mbstring,opcache,phpdbg,readline,soap,xml,zip} -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends nginx-light mariadb-server postfix postfix-ldap \ -php-{cli,common,curl,fpm,gd,json,mysql,mbstring,opcache,phpdbg,readline,soap,xml,zip} - -#timedatectl set-timezone Europe/Berlin -#mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www -#chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www - -#### Secure Maria Instance #### - -mysqladmin -u root password "[$MARIA_ROOT_PWD]" - -mysql -uroot -p$MARIA_ROOT_PWD -e"DELETE FROM mysql.user WHERE User=''" -mysql -uroot -p$MARIA_ROOT_PWD -e"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" -#mysql -uroot -p$MARIA_ROOT_PWD -e"DROP DATABASE test;DELETE FROM mysql.db WHERE Db='test' OR Db='test_%'" -mysql -uroot -p$MARIA_ROOT_PWD -e"FLUSH PRIVILEGES" - -#### Create user and DB for Kopano #### - -mysql -uroot -p$MARIA_ROOT_PWD -e"CREATE USER '$MARIA_DB_USER'@'localhost' IDENTIFIED BY '$MARIA_USER_PWD'" -mysql -uroot -p$MARIA_ROOT_PWD -e"CREATE DATABASE $MARIA_DB_NAME; GRANT ALL PRIVILEGES ON $MARIA_DB_NAME.* TO '$MARIA_DB_USER'@'localhost'" -mysql -uroot -p$MARIA_ROOT_PWD -e"FLUSH PRIVILEGES" - -echo "root-password: $MARIA_ROOT_PWD,\ -db-user: $MARIA_DB_USER, password: $MARIA_USER_PWD" > /root/maria.log - -cat > /etc/apt/sources.list.d/kopano.list << EOF - -# Kopano Core -deb https://download.kopano.io/supported/core:/final/Debian_11/ ./ - -# Kopano WebApp -deb https://download.kopano.io/supported/webapp:/final/Debian_11/ ./ - -# Kopano MobileDeviceManagement -deb https://download.kopano.io/supported/mdm:/final/Debian_11/ ./ - -# Kopano Files -deb https://download.kopano.io/supported/files:/final/Debian_11/ ./ - -# Z-Push -deb https://download.kopano.io/zhub/z-push:/final/Debian_11/ ./ - -EOF - -cat > /etc/apt/auth.conf.d/kopano.conf << EOF - -machine download.kopano.io -login serial -password $KOPANO_REPKEY - -EOF - -curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/core:/final/Debian_11/Release.key | apt-key add - -curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/webapp:/final/Debian_11/Release.key | apt-key add - -curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/mdm:/final/Debian_11/Release.key | apt-key add - -curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/files:/final/Debian_11/Release.key | apt-key add - -curl https://serial:$KOPANO_REPKEY@download.kopano.io/zhub/z-push:/final/Debian_11/Release.key | apt-key add - - -apt update && apt full-upgrade -y - -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends kopano-server-packages kopano-webapp \ -z-push-kopano z-push-config-nginx kopano-webapp-plugin-mdm kopano-webapp-plugin-files - -#### Adjust kopano settings #### - -cat > /etc/kopano/ldap.cfg << EOF - -!include /usr/share/kopano/ldap.active-directory.cfg - -ldap_uri = ldap://192.168.100.100:389 -ldap_bind_user = cn=zmb-ldap,cn=Users,dc=zmb,dc=rocks -ldap_bind_passwd = Start123! -ldap_search_base = dc=zmb,dc=rocks - -#ldap_user_search_filter = (kopanoAccount=1) - -EOF - -cat > /etc/kopano/server.cfg << EOF - -server_listen = *:236 -local_admin_users = root kopano - -#database_engine = mysql -#mysql_host = localhost -#mysql_port = 3306 -mysql_user = $MARIA_DB_USER -mysql_password = $MARIA_USER_PWD -mysql_database = $MARIA_DB_NAME - -#user_plugin = ldap -#user_plugin_config = /etc/kopano/ldap.cfg - -EOF - -#### Adjust php settings #### - -sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php - -cat > /etc/php/7.4/fpm/pool.d/webapp.conf << EOF - -[webapp] -listen = 127.0.0.1:9002 -user = www-data -group = www-data -listen.allowed_clients = 127.0.0.1 -pm = dynamic -pm.max_children = 150 -pm.start_servers = 35 -pm.min_spare_servers = 20 -pm.max_spare_servers = 50 -pm.max_requests = 200 -listen.backlog = -1 -request_terminate_timeout = 120s -rlimit_files = 131072 -rlimit_core = unlimited -catch_workers_output = yes - -EOF - -sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php - -#### Adjust nginx settings #### - -openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/kopano.key -out /etc/ssl/certs/kopano.crt -subj "/CN=$KOPANO_FQDN" -addext "subjectAltName=DNS:$KOPANO_FQDN" -generate_dhparam - -#mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak - -cat > /etc/nginx/sites-available/webapp.conf << EOF -upstream php-handler { - #server 127.0.0.1:9002; - #server unix:/var/run/php5-fpm.sock; - server unix:/var/run/php/php7.4-fpm.sock; -} - -server{ - listen 80; - charset utf-8; - listen [::]:80; - server_name _; - - location / { - rewrite ^(.*) https://\$server_name\$1 permanent; - } - } - -server { - charset utf-8; - listen 443; - listen [::]:443 ssl; - server_name _; - ssl on; - client_max_body_size 1024m; - ssl_certificate /etc/ssl/certs/kopano.crt; - ssl_certificate_key /etc/ssl/private/kopano.key; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 5m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; - ssl_prefer_server_ciphers on; - # - # ssl_dhparam require you to create a dhparam.pem, this takes a long time - ssl_dhparam /etc/nginx/dhparam.pem; - # - - # add headers - server_tokens off; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - location /webapp { - alias /usr/share/kopano-webapp/; - index index.php; - - location ~ /webapp/presence/ { - rewrite ^/webapp/presence(/.*)$ \$1 break; - proxy_pass http://localhost:1234; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - } - - } - - location ~* ^/webapp/(.+\.php)$ { - alias /usr/share/kopano-webapp/; - - # deny access to .htaccess files - location ~ /\.ht { - deny all; - } - - fastcgi_param PHP_VALUE " - register_globals=off - magic_quotes_gpc=off - magic_quotes_runtime=off - post_max_size=31M - upload_max_filesize=30M - "; - fastcgi_param PHP_VALUE "post_max_size=31M - upload_max_filesize=30M - max_execution_time=3660 - "; - - include fastcgi_params; - fastcgi_index index.php; - #fastcgi_param HTTPS on; - fastcgi_param SCRIPT_FILENAME \$document_root\$1; - fastcgi_pass php-handler; - access_log /var/log/nginx/kopano-webapp-access.log; - error_log /var/log/nginx/kopano-webapp-error.log; - - # CSS and Javascript - location ~* \.(?:css|js)$ { - expires 1y; - access_log off; - add_header Cache-Control "public"; - } - - # All (static) resources set to 2 months expiration time. - location ~* \.(?:jpg|gif|png)\$ { - expires 2M; - access_log off; - add_header Cache-Control "public"; - } - - # enable gzip compression - gzip on; - gzip_min_length 1100; - gzip_buffers 4 32k; - gzip_types text/plain application/x-javascript text/xml text/css application/json; - gzip_vary on; - } - -} - -map \$http_upgrade \$connection_upgrade { - default upgrade; - '' close; -} -EOF - - - -ln -s /etc/nginx/sites-available/webapp.conf /etc/nginx/sites-enabled/ - -phpenmod kopano -systemctl restart php7.4-fpm nginx diff --git a/src/mailcow/install-service.sh b/src/mailcow/install-service.sh index 16a1bcc..63dcd77 100644 --- a/src/mailcow/install-service.sh +++ b/src/mailcow/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/matrix/install-service.sh b/src/matrix/install-service.sh index fa54e91..eb929d5 100644 --- a/src/matrix/install-service.sh +++ b/src/matrix/install-service.sh @@ -5,12 +5,12 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -set -euo pipefail - #### Set repo and install matrix #### inst_matrix() { apt_repo "matrix" "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg" "https://packages.matrix.org/debian" "$(lsb_release -cs)" "main" diff --git a/src/onlyoffice/install-service.sh b/src/onlyoffice/install-service.sh index 1bb429f..943d78b 100644 --- a/src/onlyoffice/install-service.sh +++ b/src/onlyoffice/install-service.sh @@ -5,12 +5,12 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf -set -euo pipefail - #### Set repo and install onlyoffice #### inst_onlyoffice() { apt_repo "onlyoffice" "https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE" "https://download.onlyoffice.com/repo/debian" "squeeze" "main" diff --git a/src/open3a/install-service.sh b/src/open3a/install-service.sh index ff96ff0..0fb565a 100644 --- a/src/open3a/install-service.sh +++ b/src/open3a/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/piler/install-service.sh b/src/piler/install-service.sh index 72a7e98..67125b2 100644 --- a/src/piler/install-service.sh +++ b/src/piler/install-service.sh @@ -3,6 +3,8 @@ # Author: # (C) 2024 Thorsten Spille +set -euo pipefail + source zamba.conf wget -O - https://apt.bashclub.org/gpg/bashclub.pub | gpg --dearmor > /usr/share/keyrings/bashclub-keyring.gpg diff --git a/src/rei3/install-service.sh b/src/rei3/install-service.sh index 7ecaaaf..6f2a3d5 100644 --- a/src/rei3/install-service.sh +++ b/src/rei3/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/urbackup/install-service.sh b/src/urbackup/install-service.sh index 959aec8..88fe70c 100644 --- a/src/urbackup/install-service.sh +++ b/src/urbackup/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/vaultwarden/install-service.sh b/src/vaultwarden/install-service.sh index 2ee9866..0fe53ec 100644 --- a/src/vaultwarden/install-service.sh +++ b/src/vaultwarden/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zammad/install-service.sh b/src/zammad/install-service.sh index aa482c4..b485846 100644 --- a/src/zammad/install-service.sh +++ b/src/zammad/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-ad-restore/constants-service.conf b/src/zmb-ad-restore/constants-service.conf deleted file mode 100644 index e849a50..0000000 --- a/src/zmb-ad-restore/constants-service.conf +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# Authors: -# (C) 2021 Idea an concept by Christian Zengel -# (C) 2021 Script design and prototype by Markus Helmke -# (C) 2021 Script rework and documentation by Thorsten Spille - -# This file contains the project constants on service level - -# Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-13-standard" - -# Create sharefs mountpoint -LXC_MP=0 -# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank) -LXC_SHAREFS_MOUNTPOINT="backup" -# Defines the recordsize of mp0 -LXC_MP_RECORDSIZE="16K" - -# Create unprivileged container -LXC_UNPRIVILEGED="0" - -# enable nesting feature -LXC_NESTING="1" - -# enable keyctl feature -LXC_KEYCTL="0" - -# add optional features to samba ad dc - -# CURRENTLY SUPPORTED: -# wsdd = add windows service discovery -# splitdns = add nginx to redirect to website www.domain.tld in splitdns setup -# bind9dlz = Set ZMB_DNS_BACKEND to BIND9_DLZ - -# Example: -# OPTIONAL_FEATURES=(wsdd) -# OPTIONAL_FEATURES=(wsdd splitdns) -OPTIONAL_FEATURES=(wsdd) - -# Sets the minimum amount of RAM the service needs for operation -LXC_MEM_MIN=1024 - -# service dependent meta tags -SERVICE_TAGS="nginx,samba,dns,ntp,dc,ldap,secondary" \ No newline at end of file diff --git a/src/zmb-ad-restore/install-service.sh b/src/zmb-ad-restore/install-service.sh deleted file mode 100644 index a0045bf..0000000 --- a/src/zmb-ad-restore/install-service.sh +++ /dev/null @@ -1,195 +0,0 @@ -#!/bin/bash - -# Authors: -# (C) 2021 Idea an concept by Christian Zengel -# (C) 2021 Script design and prototype by Markus Helmke -# (C) 2021 Script rework and documentation by Thorsten Spille - -source /root/functions.sh -source /root/zamba.conf -source /root/constants-service.conf - -ZMB_DNS_BACKEND="SAMBA_INTERNAL" - -for f in ${OPTIONAL_FEATURES[@]}; do - if [[ "$f" == "wsdd" ]]; then - ADDITIONAL_PACKAGES="wsdd2 $ADDITIONAL_PACKAGES" - ADDITIONAL_SERVICES="wsdd2 $ADDITIONAL_SERVICES" - elif [[ "$f" == "splitdns" ]]; then - ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES" - ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES" - elif [[ "$f" == "bind9dlz" ]]; then - ZMB_DNS_BACKEND="BIND9_DLZ" - ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES" - ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES" - else - echo "Unsupported optional feature $f" - fi -done - -# echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list - -# update packages -apt update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade -# install required packages -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpdate rpl net-tools dnsutils chrony sipcalc -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba samba-ad-dc smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils - -mkdir -p /etc/chrony/conf.d -mkdir -p /etc/systemd/system/chrony.service.d - -cat << EOF > /etc/default/chrony -# This is a configuration file for /etc/init.d/chrony and -# /lib/systemd/system/chrony.service; it allows you to pass various options to -# the chrony daemon without editing the init script or service file. - -# Options to pass to chrony. -DAEMON_OPTS="-x -F 1" -EOF - -cat << EOF > /etc/systemd/system/chrony.service.d/override.conf -[Unit] -ConditionCapability= -EOF - -cat << EOF > /etc/chrony/conf.d/samba.conf -bindcmdaddress $(sipcalc ${LXC_IP} | grep -m1 "Host address" | rev | cut -d' ' -f1 | rev) -server de.pool.ntp.org iburst -server europe.pool.ntp.org iburst -allow $(sipcalc ${LXC_IP} | grep -m1 "Network address" | rev | cut -d' ' -f1 | rev)/$(sipcalc ${LXC_IP} | grep -m1 "Network mask (bits)" | rev | cut -d' ' -f1 | rev) -ntpsigndsocket /var/lib/samba/ntp_signd -EOF - -if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then - cat << EOF > /etc/nginx/sites-available/default -server { - listen 80 default_server; - server_name _; - return 301 http://www.$LXC_DOMAIN\$request_uri; -} -EOF -fi - -if [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then - # configure bind dns service - cat << EOF > /etc/default/bind9 -# -# run resolvconf? -RESOLVCONF=no - -# startup options for the server -OPTIONS="-4 -u bind" -EOF - - cat << EOF > /etc/bind/named.conf.local -// -// Do any local configuration here -// - -// Consider adding the 1918 zones here, if they are not used in your -// organization -//include "/etc/bind/zones.rfc1918"; -dlz "$LXC_DOMAIN" { - database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; -}; -EOF - - cat << EOF > /etc/bind/named.conf.options -options { - directory "/var/cache/bind"; - - forwarders { - $LXC_DNS; - }; - - allow-query { any;}; - dnssec-validation no; - - auth-nxdomain no; # conform to RFC1035 - listen-on-v6 { any; }; - listen-on { any; }; - - tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; - minimal-responses yes; -}; -EOF - - mkdir -p /var/lib/samba/bind-dns/dns -fi - -# stop + disable samba services and remove default config -systemctl disable --now smbd nmbd winbind systemd-resolved > /dev/null 2>&1 -rm -f /etc/samba/smb.conf -rm -f /etc/krb5.conf - -rm -r /var/lib/samba/* - -backupfile=$(find /backup/online -name samba-backup* | tail -1) -samba-tool domain backup restore --backup-file=${backupfile} --newservername=${LXC_HOSTNAME} --targetdir=/var/lib/samba/ - -ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf - -# disable password expiry for administrator -samba-tool user setexpiry Administrator --noexpiry - -systemctl unmask samba-ad-dc -systemctl enable samba-ad-dc -systemctl restart samba-ad-dc $ADDITIONAL_SERVICES - -# configure ad backup -cat << EOF > /usr/local/bin/smb-backup -#!/bin/bash -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -rc=0 -keep=\$1 - -mkdir -p /${LXC_SHAREFS_MOUNTPOINT}/{online,offline} - -prune () { - backup_type=\$1 - if [ \$(find /${LXC_SHAREFS_MOUNTPOINT}/\$backup_type/*.tar.bz2 | wc -l) -gt \$keep ]; then - find /${LXC_SHAREFS_MOUNTPOINT}/\$backup_type/*.tar.bz2 | head --lines=-\$keep | xargs -d '\n' rm - fi -} - -echo "\$(date) Starting samba-ad-dc online backup" -if echo -e '${ZMB_ADMIN_PASS}' | samba-tool domain backup online --targetdir=/${LXC_SHAREFS_MOUNTPOINT}/online --server=${LXC_HOSTNAME}.${LXC_DOMAIN} -UAdministrator ; then - echo "\$(date) Finished samba-ad-dc online backup. Cleaning up old online backups..." - prune online -else - echo "\$(date) samba-ad-dc online backup failed" - rc=\$((\$rc + 1)) -fi - -echo "\$(date) Starting samba-ad-dc offline backup" -if samba-tool domain backup offline --targetdir=/${LXC_SHAREFS_MOUNTPOINT}/offline ; then - echo "\$(date) Finished samba-ad-dc offline backup. Cleaning up old offline backups..." - prune offline -else - echo "S(date) samba-ad-dc offline backup failed" - rc=\$((\$rc + 1)) -fi - -exit \$rc -EOF -chmod +x /usr/local/bin/smb-backup - -cat << EOF > /etc/cron.d/smb-backup -23 * * * * root /usr/local/bin/smb-backup 7 >> /var/log/smb-backup.log 2>&1 -EOF - -cat << EOF > /etc/logrotate.d/smb-backup -/var/log/smb-backup.log { - weekly - rotate 12 - compress - delaycompress - missingok - notifempty - create 644 root root -} -EOF - -exit 0 \ No newline at end of file diff --git a/src/zmb-cups/install-service.sh b/src/zmb-cups/install-service.sh index 0f8333c..a79b066 100644 --- a/src/zmb-cups/install-service.sh +++ b/src/zmb-cups/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh index c211b1e..f75b26b 100644 --- a/src/zmb-member/install-service.sh +++ b/src/zmb-member/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh index 2d149f7..1cd4af6 100644 --- a/src/zmb-standalone/install-service.sh +++ b/src/zmb-standalone/install-service.sh @@ -5,6 +5,8 @@ # (C) 2021 Script design and prototype by Markus Helmke # (C) 2021 Script rework and documentation by Thorsten Spille +set -euo pipefail + source /root/functions.sh source /root/zamba.conf source /root/constants-service.conf