Compare revisions

1c50fd51 · 1c50fd51 · 408b8f91 · 408b8f91 · 1c50fd51 · 1c50fd51
--- a/unit-files/haproxy.service
+++ b/unit-files/haproxy.service
-[Unit]
-Description=%p
-
-# Requirements
-Requires=docker.service
-
-# Dependency ordering
-After=docker.service
-After=rsyslog.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name %p \
-  -v /data/runtime/dev/log:/dev/log \
-  -v /data/runtime/haproxy:/etc/haproxy \
-  -p 80:80 \
-  -p 443:443 \
-  indiepaas/haproxy
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-
--- a/unit-files/lamp@.service
+++ b/unit-files/lamp@.service
-[Unit]
-Description=%p-%i
-
-# Requirements
-Requires=mysql@%i.service
-Requires=web@%i.service
-
-# Dependency ordering
-After=mysql@%i.service
-Before=web@%i.service
-
-# Dependency binding
-BindsTo=web@%i.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=/data/domains/%i/.env
-ExecStart=/bin/bash -euxc ' \
-  application_folder=/data/domains/%i/${APPLICATION}; \
-  if [ ! -f $application_folder/.env ]; then \
-    cat /data/domains/%i/mysql/.env | sed s/MYSQL_PASS/DB_PASS/ > $application_folder/.env; \
-  fi;'
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/mail-mon.service
+++ b/unit-files/mail-mon.service
+[Service]
+Type=oneshot
+ExecStart=/libre.sh/utils/mail-mon.sh
--- a/unit-files/ocsp.timer
+++ b/unit-files/ocsp.timer
 [Unit]
-Description=Daily timer for OCSP stapling
+Description=Run mail mon hourly and on boot

 [Timer]
 OnBootSec=15min
-OnUnitActiveSec=1day
+OnUnitActiveSec=1h

 [Install]
-WantedBy=multi-user.target
-
+WantedBy=timers.target
--- a/unit-files/mysql@.service
+++ b/unit-files/mysql@.service
-[Unit]
-Description=%p-%i
-
-# Requirements
-Requires=docker.service
-
-# Dependency ordering
-After=docker.service
-Before=backup@%i.timer
-
-# Dependency binding
-BindsTo=lamp@%i.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-Type=notify
-NotifyAccess=all
-ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
-ExecStartPre=-/usr/bin/docker kill %p-%i
-ExecStartPre=-/usr/bin/docker rm %p-%i
-ExecStartPre=/bin/bash -euxc ' \
-  mysql_folder=/data/domains/%i/mysql; \
-  if [ ! -d /data/runtime/domains/%i/mysql ]; then \
-    mkdir -p /data/runtime/domains/%i/mysql/db_files; \
-    if [ ! -d $mysql_folder ]; then \
-      mkdir -p $mysql_folder; \
-      pass=`echo $RANDOM  ${date} | md5sum | base64 | cut -c-10`; \
-      echo MYSQL_PASS=$pass > $mysql_folder/.env; \
-    fi; \
-  fi'
-
-ExecStart=/opt/bin/systemd-docker run \
-  --rm \
-  --name %p-%i \
-  -v /data/runtime/domains/%i/log/mysql:/var/log/mysql \
-  -v /data/runtime/domains/%i/%p/db_files:/var/lib/mysql \
-  --env-file /data/domains/%i/%p/.env \
-  indiepaas/mysql
-ExecReload=/usr/bin/docker restart %p-%i
-ExecStop=/usr/bin/docker stop %p-%i
-
--- a/unit-files/ocsp.service
+++ b/unit-files/ocsp.service
-[Unit]
-Description=Get the OCSP data from the cert provider
-
-[Service]
-Type=oneshot
-TimeoutStartSec=0
-ExecStart=/bin/bash -euxc ' \
-  for cert in `ls /data/runtime/haproxy/approved-certs/*.pem`;do \
-    /data/indiehosters/utils/ocsp.sh $cert; \
-  done; \
-  systemctl restart haproxy; \
-  rm /tmp/*.crt'
-
--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
-[Unit]
-Description=%p
-
-# Requirements
-Requires=docker.service
-Requires=dovecot.service
-
-# Dependency ordering
-After=docker.service
-After=rsyslog.service
-After=dovecot.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name %p \
-  --env-file=/data/domains/mail/.env \
-  -v /data/runtime/dev/log:/dev/log \
-  -v /data/runtime/postfix:/data \
-  -v /data/runtime/mail:/var/mail \
-  -v /data/domains/mail/TLS:/ssl \
-  -v /data/domains/mail/opendkim:/etc/opendkim \
-  --volumes-from=dovecot \
-  -p 25:25 \
-  -p 587:587 \
-  --link=mysql-mail:db \
-  indiepaas/postfix
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/rsyslog.service
+++ b/unit-files/rsyslog.service
 [Unit]
-Description=%p
+Description=%p-%i

 # Requirements
 Requires=docker.service
@@ -9,19 +9,15 @@ After=docker.service

 [Service]
 Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name rsyslog \
-  -v /data/runtime/dev:/dev \
-  -v /data/runtime/log:/var/log \
-  indiepaas/rsyslog
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
+RestartSec=10
+TimeoutStartSec=60
+TimeoutStopSec=15
+EnvironmentFile=-/system/%i/env
+Environment=HOSTNAME=%H
+WorkingDirectory=/system/%i/
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "docker-compose up"
+ExecStop=docker-compose stop

 [Install]
 WantedBy=multi-user.target
-
--- a/unit-files/static@.service
+++ b/unit-files/static@.service
-[Unit]
-Description=%p-%i
-
-# Requirements
-Requires=web@%i.service
-
-# Dependency ordering
-Before=web@%i.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/bash -euxc ' \
-  application_folder=/data/domains/%i/%p/www-content; \
-  if [ ! -d $application_folder ]; then \
-    mkdir -p $application_folder; \
-    echo Hello %i > $application_folder/index.html; \
-  fi'
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/swapon.service
+++ b/unit-files/swapon.service
+[Unit]
+Description=Turn on swap
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStartPre=-/bin/bash -euxc ' \
+  fallocate -l 8192m /swap &&\
+  chmod 600 /swap &&\
+  mkswap /swap'
+ExecStart=/sbin/swapon /swap
+ExecStop=/sbin/swapoff /swap
+[Install]
+WantedBy=local.target
--- a/unit-files/u@.service
+++ b/unit-files/u@.service
+[Unit]
+Description=%p-%i
+
+# Requirements
+Requires=docker.service
+
+# Dependency ordering
+After=docker.service
+
+[Service]
+Restart=always
+RestartSec=10
+TimeoutStartSec=60
+TimeoutStopSec=15
+EnvironmentFile=-/data/domains/%i/env
+Environment=HOSTNAME=%H
+WorkingDirectory=/data/domains/%i/
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "LETSENCRYPT_HOST=%i VIRTUAL_HOST=%i,www.%i docker-compose up"
+ExecStop=docker-compose stop
+
+[Install]
+WantedBy=multi-user.target
--- a/unit-files/web-net.service
+++ b/unit-files/web-net.service
+[Unit]
+Description=Create lb_web network
+Requires=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/docker network create lb_web
+ExecStop=/usr/bin/docker network rm lb_web
+[Install]
+WantedBy=local.target
--- a/unit-files/web@.service
+++ b/unit-files/web@.service
-[Unit]
-Description=%p-%i
-
-# Requirements
-Requires=docker.service
-Requires=discovery@%i.service
-Requires=backup@%i.timer
-
-# Dependency ordering
-After=docker.service
-Before=discovery@%i.service
-Before=backup@%i.timer
-
-[Service]
-Restart=always
-RestartSec=10
-TimeoutStartSec=60
-TimeoutStopSec=15
-Type=notify
-NotifyAccess=all
-EnvironmentFile=/data/domains/%i/.env
-Environment=URL=%i
-ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
-ExecStartPre=-/usr/bin/docker kill %i
-ExecStartPre=-/usr/bin/docker rm %i
-ExecStartPre=/bin/cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
-ExecStart=/bin/bash -euxc ' \
-  /opt/bin/systemd-docker --env run \
-    --rm \
-    --name %i \
-    -v /data/runtime/domains/%i/log/apache2:/var/log/apache2 \
-    ${DOCKER_ARGUMENTS} \
-    indiepaas/${APPLICATION}'
-ExecReload=/usr/bin/docker restart %i
-ExecStop=/usr/bin/docker stop %i
-
--- a/user_data
+++ b/user_data
+#cloud-config
+
+ssh_authorized_keys:
+  - "PUT YOUR SSH KEY PUBLIC HERE"
+
+write_files:
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
+  - path: /etc/sysctl.d/libresh.conf
+    permissions: 0644
+    owner: root
+    content: |
+      fs.aio-max-nr=1048576
+      vm.max_map_count=262144
+      vm.overcommit_memory=1
+      vm.nr_hugepages=0
+  - path: /etc/hosts
+    permissions: 0644
+    owner: root
+    content: |
+      127.0.0.1 localhost
+      255.255.255.255 broadcasthost
+      ::1 localhost
+  - path: /etc/environment
+    permissions: 0644
+    owner: root
+    content: |
+      NAMECHEAP_URL="namecheap.com"
+      NAMECHEAP_API_USER="pierreo"
+      NAMECHEAP_API_KEY=
+      IP=`curl -s http://icanhazip.com/`
+      FirstName="Pierre"
+      LastName="Ozoux"
+      Address=""
+      PostalCode=""
+      Country="Portugal"
+      Phone="+351.967184553"
+      EmailAddress="pierre@ozoux.net"
+      City="Lisbon"
+      CountryCode="PT"
+      BACKUP_DESTINATION=root@xxxxx:port
+      MAIL_USER=
+      MAIL_PASS=
+      MAIL_HOST=mail.indie.host
+      MAIL_PORT=587
+coreos:
+  update:
+    reboot-strategy: off
+  units:
+    - name: systemd-sysctl.service
+      command: restart
+    - name: swap.service
+      enable: true
+      command: start
+      content: |
+        [Unit]
+        Description=Turn on swap
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStartPre=-/bin/bash -euxc ' \
+          fallocate -l 8192m /swap &&\
+          chmod 600 /swap &&\
+          mkswap /swap'
+        ExecStart=/sbin/swapon /swap
+        ExecStop=/sbin/swapoff /swap
+        [Install]
+        WantedBy=local.target
+    - name: install-compose.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install Docker Compose
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          mkdir -p /opt/bin &&\
+          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
+          curl -L $url > /opt/bin/docker-compose &&\
+          chmod +x /opt/bin/docker-compose'
+    - name: install-libresh.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install libre.sh
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
+          mkdir /{data,system} &&\
+          mkdir /data/trash &&\
+          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+          systemctl enable web-net.service &&\
+          systemctl start web-net.service &&\
+          cp /libre.sh/utils/* /opt/bin/'
--- a/utils/add_cloud_user
+++ b/utils/add_cloud_user
+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+email=$2
+quota=$3
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users -d userid="$1" -d password="`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="email" -d value="${email}"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="quota" -d value="${quota}"
--- a/utils/add_email.sh
+++ b/utils/add_email.sh
-#!/bin/bash -ex
-
-EMAIL=$1
-PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
-MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
-
-DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
-
-/usr/bin/docker run \
-  --rm \
-  --name add_email_support_to_$DOMAIN \
-  --link mysql-mail:db \
-  indiepaas/mysql \
-    mysql \
-      -uadmin \
-      -p$MYSQL_PASS \
-      -h db \
-        -e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
-          VALUES( \
-            (SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
-            ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
-            '$EMAIL');"
-
-echo "Email added with success"
-echo "Pass: $PASSWORD"
-
-
--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
-#!/bin/bash -ex
-
-DOMAIN=$1
-SOURCE=$2
-DESTINATION=$3
-MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
-
-/usr/bin/docker run \
-  --rm \
-  --name add_email_support_to_$DOMAIN \
-  --link mysql-mail:db \
-  indiepaas/mysql \
-    mysql \
-      -uadmin \
-      -p$MYSQL_PASS \
-      -h db \
-        -e "INSERT INTO servermail.virtual_aliases (domain_id, source , destination) \
-          VALUES( \
-            (SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
-            '$SOURCE',
-            '$DESTINATION');"
-
--- a/utils/add_email_support.sh
+++ b/utils/add_email_support.sh
-#!/bin/bash -ex
-
-DOMAIN=$1
-MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
-
-/usr/bin/docker run \
-  --rm \
-  --name add_email_support_to_$DOMAIN \
-  --link mysql-mail:db \
-  indiepaas/mysql \
-    mysql \
-      -uadmin \
-      -p$MYSQL_PASS \
-      -h db \
-        -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
-
-mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
-
-/usr/bin/docker run \
-  --rm \
-  --name opendkim-genkey \
-  -v /data/domains/mail/opendkim:/etc/opendkim \
-  indiepaas/postfix \
-    /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail
-
-/usr/bin/docker run \
-  --rm \
-  --name opendkim-genkey \
-  -v /data/domains/mail/opendkim:/etc/opendkim \
-  indiepaas/postfix \
-  /bin/chown -R opendkim /etc/opendkim/keys
-
-mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
-
-echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
-
-echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
-
-echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
-echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
-
-echo "Domain installed with success."
-echo "Please add the followig records to it's DNS."
-
-cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
-
-echo "And don't forget spf :)"
-
--- a/utils/add_mailbox
+++ b/utils/add_mailbox
+#!/bin/bash
+set -e
+set -u
+set -x
+
+source /etc/environment
+
+email=$1
+email_password=$2
+
+local_part=`echo $email | cut -d@ -f1`
+email_domain=`echo $email | cut -d@ -f2`
+
+curl --data "username=${mail_username}&password=${mail_password}&login=Log+In&rememberme=0" -c /tmp/cookie.txt https://${mail_hostname}/auth/login
+domain_id=`curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*'`
+curl --data "local_part=${local_part}&domain=${domain_id}&password=${email_password}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
+
+rm /tmp/cookie.txt
--- a/utils/add_to_group
+++ b/utils/add_to_group
+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+group=$2
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${1}/groups -d groupid="${2}"
No results found