CHANGELOG.md

+# 1.2.0
+
+* Add app admin email as argument in provision #189 
+* Handle git branches when provisioning #174 
+* REPO mode to retrieve application recipe #187 
+
+
 # 0.3.0
 
 * adds automation script for user provisionning

INSTALL.cloud.md

+# Instructions to install libre.sh
+
+## Recommendation
+- you'd need API key on Namecheap (if you want to automatically buy and configure domain name)
+
+## Installation
+
+These instructions depend a bit on your cloud provider.
+
+### [Digital Ocean](https://m.do.co/c/1b468ce0671f)
+
+ 1. Install [doctl](https://github.com/digitalocean/doctl/)
+ 2. Issue the following command:
+
+```
+doctl compute droplet create libre.sh --user-data-file ./user_data --wait --ssh-keys $KEY_ID --size 1gb --region lon1 --image coreos-stable
+```
+
+### Provider with user_data support
+
+If you use a cloud provider that support `user_data`, like [Scaleway](http://scaleway.com/), just use [this user_data](https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data).
+
+### Hetzner
+
+You can also buy a baremetal at [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around. Follow these [instructions](INSTALL_HETZNER.md) in this case.
+
+### Provider without user_data support
+
+Use boot a live cd, and issue that command:
+
+```
+wget https://raw.github.com/coreos/init/master/bin/coreos-install
+bash coreos-install -d /dev/sda -c user_data
+```
+
+And voila, your first libre.sh node is ready!

INSTALL_HETZNER.md

+# Instructions to install libre.sh
+
+## Recommendation
+- ssd on /dev/sda
+- hdd on /dev/sdb
+- hdd on /dev/sdc
+- API key on Namecheap (if you want to automatically buy domain name)
+
+# Installation
+
+First, you need a server.
+We recommend [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around.
+You can filter servers with ssd.
+
+These instructions can also work on any VM/VPS/Hardware.
+
+## Install the system
+
+```
+IP=
+
+ssh -o "StrictHostKeyChecking no" root@$IP
+
+hostname=
+ssh_public_key=""
+
+fdisk -l #find your ssd
+
+# Setup raid
+cat > /etc/mdadm.conf << EOF
+MAILADDR dev@null.org
+EOF
+mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sdb /dev/sdc
+mkfs.ext4 /dev/md0
+
+cat > cloud-config.tmp << EOF
+#cloud-config
+
+hostname: "$hostname"
+ssh_authorized_keys:
+  - $ssh_public_key
+EOF
+
+apt-get install gawk
+wget https://raw.github.com/coreos/init/master/bin/coreos-install
+bash coreos-install -d /dev/sda -c cloud-config.tmp
+
+reboot
+```
+
+```
+ssh core@$IP
+
+#configure mdmonitor.
+
+sudo su -
+
+mdadm --examine --scan > /etc/mdadm.conf
+vim /etc/mdadm.conf
+#ADD your mail
+MAILADDR xxx@xxx.org
+
+# Start service
+systemctl start  mdmonitor.service
+
+cat > /etc/systemd/system/data.mount << EOF
+[Mount]
+What=/dev/md0
+Where=/data
+Type=ext4
+EOF
+
+wget https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data -O /var/lib/coreos-install/user_data
+
+coreos-cloudinit /var/lib/coreos-install/user_data

INSTALL_LINUX.md

+# Instructions to install libre.sh on linux with Systemd
+
+## Recommendation
+- Systemd distro (ubuntu server 18.04.3 or debian 9 )
+
+# Installation
+Where basicly reproduce what the user_data do for us.
+
+as root
+
+# configure sshd (Optional)
+Don't forget to create the user core and adding your ssh key before
+You could also remove AllowUsers core or/and change the username.
+
+```
+cat > /etc/ssh/sshd_config <<EOF
+UsePrivilegeSeparation sandbox
+Subsystem sftp internal-sftp
+PermitRootLogin no
+AllowUsers core
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+EOF
+chmod 600 /etc/ssh/sshd_config
+systemctl restart sshd
+```
+
+# add kernel parameter (optional but recommended )
+
+```
+cat > /etc/sysctl.d/libresh.conf <<EOF
+fs.aio-max-nr=1048576
+vm.max_map_count=262144
+vm.overcommit_memory=1
+EOF
+chmod 644 /etc/sysctl.d/libresh.conf
+sysctl -p /etc/sysctl.d/libresh.conf
+
+echo never > /sys/kernel/mm/transparent_hugepage/enabled
+```
+
+# define Localhost (should not be needed but... )
+
+```
+cat > /etc/hosts <<EOF
+127.0.0.1 localhost
+255.255.255.255 broadcasthost
+::1 localhost
+EOF
+```
+
+# define envrionment
+
+```
+cat > /etc/environment <<EOF
+NAMECHEAP_URL="namecheap.com"
+NAMECHEAP_API_USER="pierreo"
+NAMECHEAP_API_KEY=
+IP="curl -s http://icanhazip.com/"
+FirstName="Pierre"
+LastName="Ozoux"
+Address=""
+PostalCode=""
+Country="Portugal"
+Phone="+351.967184553"
+EmailAddress="pierre@ozoux.net"
+City="Lisbon"
+CountryCode="PT"
+BACKUP_DESTINATION=root@xxxxx:port
+MAIL_USER=
+MAIL_PASS=
+MAIL_HOST=mail.indie.host
+MAIL_PORT=587
+EOF
+```
+
+# install docker
+
+*Current tested version : 19.03.5 see https://docs.docker.com/install/linux/docker-ce/ubuntu/ .*  
+
+# install docker-compose
+
+*Remark I did a variante to find the last version of DockerCompose and download it*
+
+```
+mkdir -p /opt/bin &&\
+dockerComposeVersion=$(curl -s https://api.github.com/repos/docker/compose/releases/latest|grep tag_name|cut -d'"' -f4) &&\
+curl -L https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose &&\
+chmod +x /opt/bin/docker-compose
+```
+# install Libre.sh
+
+```
+git clone https://lab.libreho.st/libre.sh/compose.libre.sh /libre.sh &&\
+mkdir -p /{data,system} &&\
+mkdir -p /data/trash &&\
+cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+systemctl enable web-net.service &&\
+systemctl start web-net.service &&\
+mkdir -p /opt/bin &&\
+cp /libre.sh/utils/* /opt/bin/
+```
+
+# add /opt/bin path
+
+```
+cat > /etc/profile.d/libre.sh <<EOF
+export PATH=$PATH:/opt/bin
+EOF
+chmod 644 /etc/profile.d/libre.sh
+```

README.md

-# LibrePaaS
+# libre.sh Version 1.2
+[![Backers on Open Collective](https://opencollective.com/libresh/backers/badge.svg)](#backers)
+ [![Sponsors on Open Collective](https://opencollective.com/libresh/sponsors/badge.svg)](#sponsors) 
 
 ## Introduction
 
-A PaaS that is aimed at hosting free software \o/
+An ecosystem to ease  free software hosting \o/
 
-To install it, follow instructions in `INSTALL.nd`.
+We are working on bootstrapping an ecosystem of tools to facilitate the hosting of free software.
+Think of it as
+ - [ISPconfig](https://www.ispconfig.org/)
+ - FLOSS [cpanel](https://www.cpanel.net/products/)
+ - [cloudron](https://cloudron.io/) with email
 
-## Modular
+
+  * Libre.sh V1 (Stable) is using docker-compose 
+  * Libre.sh V2 (Alpha) is using [kubernetes](https://kubernetes.io/).
+
+
+This ecosystem can be deployed on [Raspberries](https://kubecloud.io/setting-up-a-kubernetes-1-11-raspberry-pi-cluster-using-kubeadm-952bbda329c8) or on popular cloud providers and scale globally or anything in between. 
+We can affirm that V2 scales globally because it is based on kubernetes, a tool developped from the experience of Google hosting containers at scale.
+
+## Installation
+
+
+
+To install it, follow the instructions in `INSTALL_LINUX.md` : https://lab.libreho.st/libre.sh/compose.libre.sh/blob/master/INSTALL_LINUX.md
+
+Or run our installer script 
+
+https://lab.libreho.st/libre.sh/compose.libre.sh/raw/master/install.linux.sh
+
+### What is libre.sh
+
+libre.sh is a little framework to host Docker. It is simple and modular and respect the convention over configuration paradigm.
+
+This is aimed at Hosters to manage a huge amount of different web application, and a quantity of domain names related with emails and so on.
+
+It is currently installed at 3 different hosters in production and hosting ~20 different web applications, with ~500 containers.
+
+Once well installed, in one bash command, you'll be able to:
+ - buy a domain name
+ - configure DNS for it
+ - configure email for it
+ - configure dkim for that domain
+ - configure dmarc for that domain
+ - configure autoconfig for that domain
+ - install and start a web application on that domain (WordPress, Nextcloud, piwik...)
+ - provision a TLS cert on that domain
+
+Amazing, right?
+
+### Modular
 
 The PaaS is really modular, that's why it contains the strict necessary, then you'll probably want to add `system` modules or `applications`.
 
+It contains 2 [unit-files](https://lab.libreho.st/libre.sh/compose.libre.sh/tree/master/unit-files) to manage system modules and applications, start them at boot, and load the appropriate environment.
+
+### Support
+
+You can use the following channels to request community support:
+ - [mailinglist/forum](https://forum.indie.host/t/about-the-libre-sh-category/71)
+ - [chat](https://chat.indie.host/channel/libre.sh)
+
+For paid support, just send an inquiry to support@libre.sh.
+
+You can also watch the Fosdem Video : [Video Fosdem](https://fosdem.org/2017/schedule/event/libre_sh/)
+
+All of this is hosted by libre.sh :)
+
 ## System modules
 
 Here is a list of modules supported:
- - [HAProxy](https://github.com/indiehosters/haproxy)
- - [git-puller](https://github.com/indiehosters/git-puller)
- - [backups](https://github.com/indiehosters/backups)
- - [sshd](https://github.com/indiehosters/sshd)
- - [pull-backups](https://github.com/indiehosters/pull-backups)
+ - https proxy:
+ - [HAProxy](https://lab.libreho.st/libre.sh/compose/haproxy)
+ - [Nginx](https://lab.libreho.st/libre.sh/compose/nginx)
+ - [monitoring](https://lab.libreho.st/libre.sh/compose/monitoring)
+ - [git-puller](https://lab.libreho.st/libre.sh/compose/git-puller)
+
 Go to their respective page for more details.
 
-To install and start a module:
+### To install and start a module:
 
 ```
 cd /system/
-git clone module
-systemctl enable s@module
-systemctl start s@module
+git clone https://lab.libreho.st/libre.sh/compose/[module]
+cd module
+libre enable
+libre start
 ```
 
-## Application modules
+## Applications
+
+### List of supported applications
+
+| Application  | Latest Version             | Comments   |
+|--------------|---------------------------|------------|
+| wordpress    | 5.9   |  Includes the support of SMTP email though libresh variables       |
+| dolibarr     | 15.0.3   | need manual deletion of the install.lock to upgrade        |
 
-To install application `wordpress` on `example.org`, just run:
+
+### Installation
+
+To install application `wordpress` on `example.org`, first make point example.org to your server IP, and then, just run:
 
 ```
-provision -a github.com/indiehosters/wordpress -u example.org -s
+libre provision -a wordpress -u example.org -s
 ```
 
-Run `provision` for more details on the capabilities of the script.
+- -u   [arg] URL to process. Required.
+- -a   [arg] Application to install. (wordpress in REPO_MODE)
+- -t   [arg] Checkout a specific tag or branch from the application repo. default to master
+- -e   [arg] Specify the email of the application admin 
+- -s         Start the application right away.
+- -b         Buys the associated domain name.
+- -i         Configure OpenDKIM.
+- -c         Configures DNS if possible.
+
+## To debug a module or an application:
+
+```
+libre ps
+libre logs -f --tail=100
+libre stop
+libre restart
+```
 
 ## Contributing
 
@@ -52,3 +138,45 @@ You can help us by:
  - writing documentation/blog on how you got up and running in 5mins
  - writing more documentation
  - sending us cake :) We loove cake!
+
+## Contributors
+
+This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
+<a href="https://github.com/indiehosters/libre.sh/graphs/contributors"><img src="https://opencollective.com/libresh/contributors.svg?width=890&button=false" /></a>
+
+
+## Backers
+
+Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/libresh#backer)]
+
+<a href="https://opencollective.com/libresh#backers" target="_blank"><img src="https://opencollective.com/libresh/backers.svg?width=890"></a>
+
+
+## Sponsors
+
+Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/libresh#sponsor)]
+
+<a href="https://opencollective.com/libresh/sponsor/0/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/0/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/1/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/1/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/2/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/2/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/3/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/3/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/4/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/4/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/5/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/5/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/6/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/6/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/7/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/7/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/8/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/8/avatar.svg"></a>
+<a href="https://opencollective.com/libresh/sponsor/9/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/9/avatar.svg"></a>
+
+
+## Other projects
+
+
+Simplifying web application hosting has always been a goal for a lot of other projects, here is some project that share goals with libre.sh
+
+
+
+ - Yunohost https://yunohost.org
+ - Sandstorm https://sandstorm.io/
+ - Cloudron https://git.cloudron.io/cloudron/box
+
+

ROADMAP.md

+# TL;DR
+
+ - k8s
+  - [ ] ceph
+  - [ ] flannel
+  - [ ] baremetal install
+
+# Object
+
+The aim of this document is to write the big lines of the future of libre.sh.
+
+# Version 1
+
+The current version, let's call it 1, is a nice opiniated framework on how to run a single host with docker-compose.
+It provides a list of packages and module compatible with this framework.
+The best features of this framework are:
+ - https only
+ - some integration between the tools (auto provisioning of emails for new applications)
+ - domain name buying (Namecheap api)
+ - dns configuration (Namecheap api)
+
+# Version 2 - k8s
+
+This roadmap will discuss about the migration to kubernetes (k8s).
+
+## Distributions
+
+There are various k8s distributions (Tectonic, deis, openshift..) and the aim of libre.sh is not to become yet another distribution.
+
+It would be nice if we could list them, evaluate them, and decide to use one of them or not.
+
+## Installation/Operation
+
+libre.sh should be opiniated on the way to install and operate the cluster.
+
+It should provide easy steps to install on baremetal first. We aim for libre software, and as such, we can't rely
+on cloud providers like gcloud, aws, or digital ocean.
+As a second priority, we should give easy instructions to deploy on any cloud providers, as people are free to choose their chains :)
+
+## Storage
+
+One big challenge in k8s cluster context is to provide an implementation of major cloud providers about [PersistantVolume](https://kubernetes.io/docs/user-guide/persistent-volumes/).
+In a libre cluster, this function would be achieved by a distributed file system technology.
+After some investigation, the choice would be to use ceph.
+There are already some work done on it like the [ceph-docker](https://github.com/ceph/ceph-docker/tree/master/examples) repo.
+
+## Network
+
+Another big challenge is network. k8s is strongly opiniated on what should be the network configuration.
+Ideally, we would use some IPsec to secure the links between machine in a context we can't trust the network (like at hetzner).
+There are 3 options:
+ - zerotier  
+ - tinc vpn
+ - flannel that might implement IPsec in a near future
+
+The cheapest in term of work would be to bet on flannel.
+
+## Packages
+
+There is now a way to create and distribute packages in a standard way.
+We can then remove the idea of modules and applications.
+They will all be packages.
+
+The k8s standard for that is [helm](http://helm.sh/). There is already a big list of packages.
+As for libre.sh, the idea would be to contribute the missing packages there.
+
+### opportunistic packages
+
+libre.sh would then be, just a repo of documentation on how to install, operate and manage a k8s cluster on baremetal.
+There is still a place where we can have a difference.
+
+This idea is called opportunistic package.
+This would be a package based on an official one.
+
+Let's take the example of WordPress.
+The libre.sh version of WordPress would be based on the official one.
+But it will have some mechanisms to discovers services available inside the cluster it is running on.
+
+These services could be:
+ - ldap
+ - piwik
+ - email
+
+So, when you install a new WordPress, it will try to discover opportunistically if there is a ldap service in the cluster,
+and if yes, configure WordPress to use this ldap service.
+
+This pattern will help make it happen:
+https://github.com/kubernetes-incubator/service-catalog

install.linux.sh

+#!/bin/bash
+
+#This script is tested on Debian 12
+
+#Current version of libre.sh to be installed 
+LIBRE_VERSION=1.2
+# System env vars  : can be overrided by a values.env file next to this install file
+
+
+### CONFIG : Specify you template repo ROOT without training slash (Optional) or comment if you want to supply full url for apps
+
+APP_REPO_URL="lab.libreho.st/libre.sh/compose"
+
+
+
+
+## domain handling 
+
+### CONFIG : change to your domain vendor ( namecheap, ovh , scaleway, )
+DOMAIN_SERVER=namecheap
+
+###  Namecheap specific
+NAMECHEAP_URL="namecheap.com"
+NAMECHEAP_API_USER="pierreo"
+NAMECHEAP_API_KEY=
+
+### ovh specific (WIP) 
+OVH_URL="eu.api.ovh.com"
+OVH_API_USER=""
+OVH_API_KEY=
+
+
+### Scaleway specific (WIP) 
+SCALEWAY_URL=""
+SCALEWAY_API_USER=""
+SCALEWAY_API_KEY=
+
+
+### TODO :  change your settings 
+IP="curl -s http://icanhazip.com/"
+FirstName="Pierre"
+LastName="Ozoux"
+Address=""
+PostalCode=""
+Country="Portugal"
+Phone="+351.967184553"
+EmailAddress="pierre@ozoux.net"
+City="Lisbon"
+CountryCode="PT"
+## Backup
+BACKUP_DESTINATION=root@xxxxx:port
+
+### CONFIG  : Change your mail settings.
+## SMTP
+MAIL_USER=
+MAIL_PASS=
+MAIL_HOST=mail.indie.host
+MAIL_PORT=587
+MAIL_SECURITY=
+
+# Default admin emails for apps
+
+ADMIN_EMAIL=support@ekimia.fr
+
+### TODO : source a setting file is present to override defaults
+
+echo "-------- Welcome to libre.sh $LIBRE_VERSION installer"
+
+echo "----  sourcing local values.env file if present"
+
+source values.env
+
+
+# STEP add kernel parameter
+
+# STEP Define environnement
+
+echo "-------- setting up system variables"
+
+echo "APP_REPO_URL=${APP_REPO_URL}" >> /etc/environment
+
+echo "LIBRE_VERSION=${LIBRE_VERSION}" >> /etc/environment
+
+echo "MAIL_USER=${MAIL_USER}" >> /etc/environment
+
+echo "MAIL_PASS=${MAIL_PASS}" >> /etc/environment
+
+echo "MAIL_HOST=${MAIL_HOST}" >> /etc/environment
+
+echo "MAIL_PORT=${MAIL_PORT}" >> /etc/environment
+
+echo "MAIL_SECURITY=${MAIL_SECURITY}" >> /etc/environment
+
+
+echo "ADMIN_EMAIL=${ADMIN_EMAIL}" >> /etc/environment
+
+
+# STEP Install Docker 
+
+name="docker.io"
+# TODO : Fix a version for docker  ?
+
+    dpkg -s $name &> /dev/null  
+
+    if [ $? -ne 0 ]
+
+        then
+            echo "$name not installed"  
+            apt-get update
+#            curl -fsSL https://get.docker.com -o get-docker.sh
+#            sh get-docker.sh
+            apt install -y $name
+            echo "-------- Native docker installed "
+
+        else
+            echo    "$name already installed"
+    fi
+
+# STEP "install docker-compose" 
+echo "-------- Install native docker-compose "
+
+# TODO : Fix a version for docker compose ? 
+
+#mkdir -p /opt/bin &&\
+#dockerComposeVersion=$(curl -s https://api.github.com/repos/docker/compose/releases/latest|grep tag_name|cut -d'"' -f4) &&\
+#curl -L https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` > /opt/bin/#docker-compose &&\
+#chmod +x /opt/bin/docker-compose
+
+apt install -y docker-compose
+
+
+# STEP "install git"
+
+echo "-------- Install git"
+
+distro=$( ( lsb_release -ds || cat /etc/*release || uname -om ) 2>/dev/null | head -n1 | cut -d " " -f1)
+if [[ "$distro" == "Ubuntu" || "$distro" == "Debian" ]]; then
+apt-get install -y git
+elif [[ "$distro" == "CentOS" || "$distro" == "AlmaLinux" || "$distro" == "Rocky" || "$distro" == "Fedora" ]]; then
+yum install -y git
+elif [[ "$distro" == "openSUSE" ]]; then
+zypper install git
+elif [[ "$distro" == "Arch" ]]; then
+pacman -S git
+elif [[ "$distro" == "Mageia" ]]; then
+urpmi git
+fi
+
+# STEP install Libre.sh
+
+echo " ---Removing previous install --- "
+rm -rf /libre.sh
+
+echo "-------- installing libre.sh" 
+
+git clone https://lab.libreho.st/libre.sh/compose.libre.sh.git /libre.sh 
+mkdir -p /{data,system}
+mkdir -p /data/trash
+mkdir -p /data/domains
+cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload 
+systemctl enable web-net.service 
+systemctl start web-net.service 
+mkdir -p /opt/bin 
+cp /libre.sh/utils/* /opt/bin/
+
+
+# STEP add /opt/bin path
+
+
+echo "-------- updating PATH" 
+cat > /etc/profile.d/libre.sh <<EOF
+export PATH=$PATH:/opt/bin
+EOF
+chmod 644 /etc/profile.d/libre.sh
+bash /etc/profile.d/libre.sh
+
+#TODO : reload profile to use libre right away 

migrations/update-oo.sh

+#!/bin/bash -eux
+
+# Verify they are all in sync with git, if not, print the domain name.
+for oo  in `ls -d ./oo-*`;do
+  cd $oo
+  if ! git diff --exit-code --quiet; then
+    echo $oo
+  fi
+  cd ..
+done
+
+# Update all oo
+for oo  in `ls -d ./oo-*`;do
+  cd $oo
+  libre update
+  cd ..
+done

unit-files/dump_all.service

+[Service]
+Type=oneshot
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin
+ExecStart=/opt/bin/dump_all.sh 

unit-files/dump_all.timer

+[Unit]
+Description=Run dump all dayly
+
+[Timer]
+OnCalendar=*-*-* 00:15:30
+
+[Install]
+WantedBy=timers.target

unit-files/mail-mon.service

+[Service]
+Type=oneshot
+ExecStart=/libre.sh/utils/mail-mon.sh

unit-files/mail-mon.timer

+[Unit]
+Description=Run mail mon hourly and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=1h
+
+[Install]
+WantedBy=timers.target

unit-files/s@.service

@@ -13,10 +13,11 @@ RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
 EnvironmentFile=-/system/%i/env
+Environment=HOSTNAME=%H
 WorkingDirectory=/system/%i/
-ExecStartPre=-/opt/bin/docker-compose rm -f
-ExecStart=/bin/bash -euxc "/opt/bin/docker-compose up"
-ExecStop=/opt/bin/docker-compose stop
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "docker-compose up"
+ExecStop=docker-compose stop
 
 [Install]
 WantedBy=multi-user.target

unit-files/swapon.service

+[Unit]
+Description=Turn on swap
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStartPre=-/bin/bash -euxc ' \
+  fallocate -l 8192m /swap &&\
+  chmod 600 /swap &&\
+  mkswap /swap'
+ExecStart=/sbin/swapon /swap
+ExecStop=/sbin/swapoff /swap
+[Install]
+WantedBy=local.target

unit-files/u@.service

@@ -13,10 +13,11 @@ RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
 EnvironmentFile=-/data/domains/%i/env
+Environment=HOSTNAME=%H
 WorkingDirectory=/data/domains/%i/
-ExecStartPre=-/opt/bin/docker-compose rm -f
-ExecStart=/bin/bash -euxc "HOST=%i /opt/bin/docker-compose up"
-ExecStop=/opt/bin/docker-compose stop
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "LETSENCRYPT_HOST=%i VIRTUAL_HOST=%i,www.%i docker-compose up"
+ExecStop=docker-compose stop
 
 [Install]
 WantedBy=multi-user.target

unit-files/web-net.service

+[Unit]
+Description=Create lb_web network
+Requires=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/docker network create lb_web
+ExecStop=/usr/bin/docker network rm lb_web
+[Install]
+WantedBy=local.target

INSTALL.md → user_data

-# Instructions to install LibrePaaS
-
-## Requirements
-
-- API key on Namecheap
-
-## Recommendation
-- ssd on /dev/sda
-- hdd on /dev/sdb
-- hdd on /dev/sdc
-
-# Installation
-
-Replace the following variables with yours:
-IP
-hostname
-
-```
-
-ssh -o "StrictHostKeyChecking no" root@$IP
-
-fdisk -l #find your ssd
-
-# Setup raid
-cat > /etc/mdadm.conf << EOF
-MAILADDR dev@null.org
-EOF
-mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sdb /dev/sdc
-mkfs.ext4 /dev/md0
-
-cat > cloud-config.tmp << EOF
 #cloud-config
 
-hostname: $hostname
 ssh_authorized_keys:
-  - #your ssh public key here
-EOF
-
-wget https://raw.github.com/coreos/init/master/bin/coreos-install
-bash coreos-install -d /dev/sda -c cloud-config 
-
-reboot
-```
-
-```
-ssh core@$IP
-sudo su -
+  - "PUT YOUR SSH KEY PUBLIC HERE"
 
-# Add swap
-fallocate -l 8192m /swap
-chmod 600 /swap
-mkswap /swap
-
-cat > /var/lib/coreos-install/user_data << EOF
-#cloud-config
-
-hostname: $hostname
-ssh_authorized_keys:
-  - #your ssh public key here
 write_files:
-  - path: /etc/sysctl.d/aio-max.conf
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
+  - path: /etc/sysctl.d/libresh.conf
     permissions: 0644
     owner: root
-    content: "fs.aio-max-nr = 1048576"
+    content: |
+      fs.aio-max-nr=1048576
+      vm.max_map_count=262144
+      vm.overcommit_memory=1
+      vm.nr_hugepages=0
   - path: /etc/hosts
     permissions: 0644
     owner: root
@@ -70,7 +31,7 @@ write_files:
       255.255.255.255 broadcasthost
       ::1 localhost
   - path: /etc/environment
-    permission: 0644
+    permissions: 0644
     owner: root
     content: |
       NAMECHEAP_URL="namecheap.com"
@@ -79,15 +40,15 @@ write_files:
       IP=`curl -s http://icanhazip.com/`
       FirstName="Pierre"
       LastName="Ozoux"
-      Address="23CalcadaSaoVicente"
-      PostalCode="1100-567"
+      Address=""
+      PostalCode=""
       Country="Portugal"
       Phone="+351.967184553"
       EmailAddress="pierre@ozoux.net"
       City="Lisbon"
       CountryCode="PT"
       BACKUP_DESTINATION=root@xxxxx:port
-      MAIL_USER=contact%40indie.host
+      MAIL_USER=
       MAIL_PASS=
       MAIL_HOST=mail.indie.host
       MAIL_PORT=587
@@ -97,31 +58,49 @@ coreos:
   units:
     - name: systemd-sysctl.service
       command: restart
-    - name: data.mount
-      command: start
-      content: |
-        [Mount]
-        What=/dev/md0
-        Where=/data
-        Type=ext4
     - name: swap.service
+      enable: true
       command: start
       content: |
+        [Unit]
+        Description=Turn on swap
         [Service]
         Type=oneshot
+        RemainAfterExit=true
+        ExecStartPre=-/bin/bash -euxc ' \
+          fallocate -l 8192m /swap &&\
+          chmod 600 /swap &&\
+          mkswap /swap'
         ExecStart=/sbin/swapon /swap
-EOF
-
-# Create Directory structure
-git clone https://github.com/indiehosters/LibrePaaS.git /indiehosters
-mkdir /{data,system}
-mkdir /data/trash
-
-# Install unit-files and utils
-cp /indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload
-cp /indiehosters/utils/* /opt/bin/
-
-mkdir -p /opt/bin
-DOCKER_COMPOSE_VERSION=1.6.0
-curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose
-chmod +x /opt/bin/docker-compose
+        ExecStop=/sbin/swapoff /swap
+        [Install]
+        WantedBy=local.target
+    - name: install-compose.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install Docker Compose
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          mkdir -p /opt/bin &&\
+          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
+          curl -L $url > /opt/bin/docker-compose &&\
+          chmod +x /opt/bin/docker-compose'
+    - name: install-libresh.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install libre.sh
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
+          mkdir /{data,system} &&\
+          mkdir /data/trash &&\
+          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+          systemctl enable web-net.service &&\
+          systemctl start web-net.service &&\
+          cp /libre.sh/utils/* /opt/bin/'

utils/add_cloud_user

+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+email=$2
+quota=$3
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users -d userid="$1" -d password="`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="email" -d value="${email}"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="quota" -d value="${quota}"

utils/add_to_group

+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+group=$2
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${1}/groups -d groupid="${2}"

utils/add_user

+#!/bin/bash -eux
+
+source /etc/environment
+
+email=$1
+cc_welcome_email=$2
+quota=$3
+
+password=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`
+local_part=`echo $email | cut -d@ -f1`
+email_domain=`echo $email | cut -d@ -f2`
+
+curl --data "username=${mail_username}&password=${mail_password}&login=Log+In&rememberme=0" -c /tmp/cookie.txt https://${mail_hostname}/auth/login
+
+if ! curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*' ; then
+  curl --data "backupmx=0&active=1&max_aliases=0&max_mailboxes=0&max_quota=0&quota=0&transport=virtual&domain=${email_domain}" -b /tmp/cookie.txt https://${mail_hostname}/domain/add
+fi
+
+domain_id=`curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*'`
+curl --data "local_part=${local_part}&domain=${domain_id}&password=${password}&welcome_email=1&cc_welcome_email=${cc_welcome_email}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
+
+rm /tmp/cookie.txt
+
+curl -X PUT --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${email} -d key="quota" -d value="${quota}"
+
+#docker exec -it --user www-data `echo ${cloud_hostname}_app_1 |sed 's/-//g' | sed 's/\.//g'` bash -c "\
+  #  php occ mail:account:create ${email} ${email} ${email} ${mail_hostname} 993 ssl ${email} ${password} ${mail_hostname} 587 tls ${email} ${password}"