65d64860 · 65d64860 · 65d64860 · 408b8f91 · 408b8f91 · 65d64860
--- a/unit-files/backup@.service
+++ b/unit-files/backup@.service
-[Unit]
-Description=Back up domain data to a git repo and push it out
-[Service]
-Type=oneshot
-ExecStartPre=-/usr/bin/docker kill mysqldump-%i
-ExecStartPre=-/usr/bin/docker rm mysqldump-%i
-ExecStartPre=/bin/bash -euxc ' \
-  if [ -d /data/domains/%i/mysql ]; then \
-    echo "Backing up mysql databases for %i"; \
-    mysql_passwd=`cat /data/domains/%i/mysql/.env | cut -d= -f2`; \
-    /usr/bin/docker run \
-      --rm \
-      --name mysqldump-%i \
-      --link mysql-%i:db \
-      --env-file /data/domains/%i/mysql/.env \
-      pierreozoux/mysql \
-        mysqldump \
-          --all-databases \
-          --events \
-          -uadmin \
-          -p$mysql_passwd \
-          -h db > /data/domains/%i/mysql/dump.sql; \
-  fi'
-ExecStart=/bin/bash -euxc ' \
-  echo "Committing everything"; \
-  cd /data/domains/%i/; \
-  git add *; \
-  git status; \
-  git commit --allow-empty -am"backup %i @ `hostname` - `date`"; \
-  git push origin master'
--- a/unit-files/confd.service
+++ b/unit-files/confd.service
-[Unit]
-Description=%p
-# Requirements
-Requires=docker.service
-Requires=etcd.service
-# Dependency ordering
-After=docker.service
-After=etcd.service
-Before=haproxy.service
-[Service]
-Restart=always
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --name %p \
-  -v /data/runtime/haproxy/:/etc/haproxy/ \
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  pierreozoux/confd
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-[Install]
-WantedBy=multi-user.target
--- a/unit-files/discovery@.service
+++ b/unit-files/discovery@.service
-[Unit]
-Description=%p for %i etcd registration
-# Requirements
-Requires=etcd.service
-[Service]
-ExecStart=/bin/bash -c ' \
-  sleep 30; \
-  while true; do \
-    ip=`docker inspect --format \'{{.NetworkSettings.IPAddress}}\' %i`; \
-    curl -f $ip; \
-    if [ $? -eq 0 ]; then \
-      etcdctl set /services/web/%i \'{"ip":"\'$ip\'", "port":"80"}\' --ttl 60; \
-    else \
-      etcdctl rm /services/web/%i; \
-    fi; \
-    sleep 50; \
-  done'
-ExecStop=-/usr/bin/etcdctl rm /services/web/%i
--- a/unit-files/dump_all.service
+++ b/unit-files/dump_all.service
+[Service]
+Type=oneshot
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin
+ExecStart=/opt/bin/dump_all.sh 
--- a/unit-files/backup@.timer
+++ b/unit-files/backup@.timer
 [Unit]
-Description=Hourly backup of www and mysql content to a git repo
+Description=Run dump all dayly
 [Timer]
-OnActiveSec=20
+OnCalendar=*-*-* 00:15:30
-OnUnitActiveSec=60min
 [Install]
 WantedBy=timers.target
--- a/unit-files/haproxy.path
+++ b/unit-files/haproxy.path
-[Path]
-PathExists=/data/runtime/haproxy/haproxy.cfg
-[Install]
-WantedBy=multi-user.target
--- a/unit-files/init@.service
+++ b/unit-files/init@.service
-[Unit]
-Description=Initializer
-After=network-online.target
-[Service]
-Type=oneshot
-ExecStartPre=/bin/bash -euxc ' \
-  BACKUP_DESTINATION=`cat /data/BACKUP_DESTINATION`; \
-  echo "Intitializing backups with $BACKUP_DESTINATION"; \
-  if [ ! -d /data/domains/%i/.git ]; then \
-    if [ `ssh $BACKUP_DESTINATION "test -d %i"; echo $?` -eq 0 ]; then \
-      git clone $BACKUP_DESTINATION:%i /data/domains/%i; \
-      cd /data/domains/%i; \
-    else \
-      ssh $BACKUP_DESTINATION " \
-        if [ ! -d %i ]; then \
-          mkdir -p %i; \
-          cd %i; \
-          git init --bare; \
-        fi"; \
-      if [ ! -d /data/domains/%i ]; then \
-        mkdir /data/domains/%i; \
-      fi; \
-      cd /data/domains/%i; \
-      git init; \
-      git remote add origin $BACKUP_DESTINATION:%i; \
-    fi; \
-    git config --local user.email "backups@`hostname`"; \
-    git config --local user.name "`hostname` hourly backups"; \
-  fi'
-ExecStart=/bin/bash -euxc ' \
-  if [ -d /data/import/%i ]; then \
-    cp -av /data/import/%i/* /data/domains/%i; \
-    cp /data/import/%i/.env /data/domains/%i/; \
-    cd /data/domains/%i/; \
-    git add .env; \
-    rm -rf /data/import/%i; \
-  fi; \
-  cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem;'
--- a/unit-files/lamp@.service
+++ b/unit-files/lamp@.service
-[Unit]
-Description=%p-%i
-# Requirements
-Requires=docker.service
-Requires=init@%i.service
-Requires=mysql@%i.service
-Requires=discovery@%i.service
-Requires=backup@%i.timer
-# Dependency ordering
-After=docker.service
-After=init@%i.service
-After=mysql@%i.service
-Before=discovery@%i.service
-Before=backup@%i.timer
-[Service]
-Restart=always
-Type=notify
-NotifyAccess=all
-EnvironmentFile=/data/domains/%i/.env
-Environment=URL=%i
-ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
-ExecStartPre=-/usr/bin/docker kill %i
-ExecStartPre=-/usr/bin/docker rm %i
-ExecStartPre=/bin/bash -euxc ' \
-  application_folder=/data/domains/%i/${APPLICATION}; \
-  if [ ! -d $application_folder ]; then \
-    mkdir -p $application_folder; \
-    touch $application_folder/.htaccess; \
-  fi; \
-  cat /data/domains/%i/mysql/.env | sed s/MYSQL_PASS/DB_PASS/ > $application_folder/.env'
-ExecStart=/opt/bin/systemd-docker --env run \
-  --name %i \
-  --link mysql-%i:db \
-  -v /data/domains/%i/${APPLICATION}/data:${VOLUME} \
-  -v /data/domains/%i/${APPLICATION}/.htaccess:/app/.htaccess \
-  --env-file /data/domains/%i/${APPLICATION}/.env \
-  pierreozoux/${APPLICATION}
-ExecReload=/usr/bin/docker restart %i
-ExecStop=/bin/bash -euxc ' \
-  systemctl stop discovery@%i.service; \
-  systemctl stop backup@%i.timer; \
-  /usr/bin/docker stop %i;'
-[Install]
-WantedBy=multi-user.target
--- a/unit-files/mail-mon.service
+++ b/unit-files/mail-mon.service
+[Service]
+Type=oneshot
+ExecStart=/libre.sh/utils/mail-mon.sh
--- a/unit-files/mail-mon.timer
+++ b/unit-files/mail-mon.timer
+[Unit]
+Description=Run mail mon hourly and on boot
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=1h
+[Install]
+WantedBy=timers.target
--- a/unit-files/mysql@.service
+++ b/unit-files/mysql@.service
-[Unit]
-Description=%p-%i
-# Requirements
-Requires=docker.service
-# Dependency ordering
-After=docker.service
-After=init@%i.service
-Before=backup@%i.timer
-# Dependency binding
-BindsTo=lamp@%i.service
-[Service]
-Restart=always
-Type=notify
-NotifyAccess=all
-ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
-ExecStartPre=-/usr/bin/docker kill %p-%i
-ExecStartPre=-/usr/bin/docker rm %p-%i
-ExecStartPre=/bin/bash -euxc ' \
-  mysql_folder=/data/domains/%i/mysql; \
-  if [ ! -d /data/runtime/domains/%i/mysql ]; then \
-    mkdir -p /data/runtime/domains/%i/mysql/db_files; \
-    if [ ! -d $mysql_folder ]; then \
-      mkdir -p $mysql_folder; \
-      pass=`echo $RANDOM  ${date} | md5sum | base64 | cut -c-10`; \
-      echo MYSQL_PASS=$pass > $mysql_folder/.env; \
-    else \
-      cp $mysql_folder/dump.sql /data/runtime/domains/%i/mysql/db_files/; \
-    fi; \
-  fi'
-ExecStart=/opt/bin/systemd-docker run \
-  --name %p-%i \
-  -v /data/runtime/domains/%i/%p/db_files:/var/lib/mysql \
-  -e STARTUP_SQL=/var/lib/mysql/dump.sql \
-  --env-file /data/domains/%i/%p/.env \
-  pierreozoux/mysql
-ExecReload=/usr/bin/docker restart %p-%i
-ExecStop=/usr/bin/docker stop %p-%i
-[Install]
-WantedBy=multi-user.target
--- a/unit-files/email-forwarder.service
+++ b/unit-files/email-forwarder.service
 [Unit]
-Description=%p
+Description=%p-%i
 # Requirements
 Requires=docker.service
@@ -9,15 +9,15 @@ After=docker.service
 [Service]
 Restart=always
-ExecStartPre=-/usr/bin/docker kill %p
+RestartSec=10
-ExecStartPre=-/usr/bin/docker rm %p
+TimeoutStartSec=60
-ExecStart=/usr/bin/docker run \
+TimeoutStopSec=15
-  --name %p \
+EnvironmentFile=-/system/%i/env
-  -v /data/runtime/postfix/:/data \
+Environment=HOSTNAME=%H
-  -p 25:25 \
+WorkingDirectory=/system/%i/
-  pierreozoux/email-forwarder
+ExecStartPre=-docker-compose rm -f
-ExecReload=/usr/bin/docker restart %p
+ExecStart=/bin/bash -euxc "docker-compose up"
-ExecStop=/usr/bin/docker stop %p
+ExecStop=docker-compose stop
 [Install]
 WantedBy=multi-user.target
--- a/unit-files/static@.service
+++ b/unit-files/static@.service
-[Unit]
-Description=%p-%i
-# Requirements
-Requires=docker.service
-Requires=init@%i.service
-Requires=discovery@%i.service
-Requires=backup@%i.timer
-# Dependency ordering
-After=docker.service
-After=init@%i.service
-Before=discovery@%i.service
-Before=backup@%i.timer
-[Service]
-Restart=always
-ExecStartPre=-/usr/bin/docker kill %i
-ExecStartPre=-/usr/bin/docker rm %i
-ExecStartPre=/bin/bash -euxc ' \
-  application_folder=/data/domains/%i/%p/www-content; \
-  if [ ! -d $application_folder ]; then \
-    mkdir -p $application_folder; \
-    echo Hello %i > $application_folder/index.html; \
-  fi'
-ExecStart=/usr/bin/docker run \
-  --name %i \
-  -v /data/domains/%i/%p/www-content:/app \
-  pierreozoux/nginx
-ExecReload=/bin/bash -euxc ' \
-  /usr/bin/docker restart %i; \
-  systemctl restart discovery@%i.service; \
-  systemctl restart backup@%i.timer;'
-ExecStop=/bin/bash -euxc ' \
-  systemctl stop discovery@%i.service; \
-  systemctl stop backup@%i.timer; \
-  /usr/bin/docker stop %i;'
-[Install]
-WantedBy=multi-user.target
--- a/unit-files/swapon.service
+++ b/unit-files/swapon.service
+[Unit]
+Description=Turn on swap
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStartPre=-/bin/bash -euxc ' \
+  fallocate -l 8192m /swap &&\
+  chmod 600 /swap &&\
+  mkswap /swap'
+ExecStart=/sbin/swapon /swap
+ExecStop=/sbin/swapoff /swap
+[Install]
+WantedBy=local.target
--- a/unit-files/haproxy.service
+++ b/unit-files/haproxy.service
 [Unit]
-Description=%p
+Description=%p-%i
 # Requirements
 Requires=docker.service
@@ -9,16 +9,15 @@ After=docker.service
 [Service]
 Restart=always
-ExecStartPre=-/usr/bin/docker kill %p
+RestartSec=10
-ExecStartPre=-/usr/bin/docker rm %p
+TimeoutStartSec=60
-ExecStart=/usr/bin/docker run \
+TimeoutStopSec=15
-  --name %p \
+EnvironmentFile=-/data/domains/%i/env
-  -v /data/runtime/haproxy:/etc/haproxy \
+Environment=HOSTNAME=%H
-  -p 80:80 \
+WorkingDirectory=/data/domains/%i/
-  -p 443:443 \
+ExecStartPre=-docker-compose rm -f
-  pierreozoux/haproxy
+ExecStart=/bin/bash -euxc "LETSENCRYPT_HOST=%i VIRTUAL_HOST=%i,www.%i docker-compose up"
-ExecReload=/usr/bin/docker restart %p
+ExecStop=docker-compose stop
-ExecStop=/usr/bin/docker stop %p
 [Install]
 WantedBy=multi-user.target
--- a/unit-files/web-net.service
+++ b/unit-files/web-net.service
+[Unit]
+Description=Create lb_web network
+Requires=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/docker network create lb_web
+ExecStop=/usr/bin/docker network rm lb_web
+[Install]
+WantedBy=local.target
--- a/user_data
+++ b/user_data
+#cloud-config
+ssh_authorized_keys:
+  - "PUT YOUR SSH KEY PUBLIC HERE"
+write_files:
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
+  - path: /etc/sysctl.d/libresh.conf
+    permissions: 0644
+    owner: root
+    content: |
+      fs.aio-max-nr=1048576
+      vm.max_map_count=262144
+      vm.overcommit_memory=1
+      vm.nr_hugepages=0
+  - path: /etc/hosts
+    permissions: 0644
+    owner: root
+    content: |
+      127.0.0.1 localhost
+      255.255.255.255 broadcasthost
+      ::1 localhost
+  - path: /etc/environment
+    permissions: 0644
+    owner: root
+    content: |
+      NAMECHEAP_URL="namecheap.com"
+      NAMECHEAP_API_USER="pierreo"
+      NAMECHEAP_API_KEY=
+      IP=`curl -s http://icanhazip.com/`
+      FirstName="Pierre"
+      LastName="Ozoux"
+      Address=""
+      PostalCode=""
+      Country="Portugal"
+      Phone="+351.967184553"
+      EmailAddress="pierre@ozoux.net"
+      City="Lisbon"
+      CountryCode="PT"
+      BACKUP_DESTINATION=root@xxxxx:port
+      MAIL_USER=
+      MAIL_PASS=
+      MAIL_HOST=mail.indie.host
+      MAIL_PORT=587
+coreos:
+  update:
+    reboot-strategy: off
+  units:
+    - name: systemd-sysctl.service
+      command: restart
+    - name: swap.service
+      enable: true
+      command: start
+      content: |
+        [Unit]
+        Description=Turn on swap
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStartPre=-/bin/bash -euxc ' \
+          fallocate -l 8192m /swap &&\
+          chmod 600 /swap &&\
+          mkswap /swap'
+        ExecStart=/sbin/swapon /swap
+        ExecStop=/sbin/swapoff /swap
+        [Install]
+        WantedBy=local.target
+    - name: install-compose.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install Docker Compose
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          mkdir -p /opt/bin &&\
+          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
+          curl -L $url > /opt/bin/docker-compose &&\
+          chmod +x /opt/bin/docker-compose'
+    - name: install-libresh.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install libre.sh
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
+          mkdir /{data,system} &&\
+          mkdir /data/trash &&\
+          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+          systemctl enable web-net.service &&\
+          systemctl start web-net.service &&\
+          cp /libre.sh/utils/* /opt/bin/'
--- a/utils/add_cloud_user
+++ b/utils/add_cloud_user
+#!/bin/bash -eux
+source /etc/environment
+user=$1
+email=$2
+quota=$3
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users -d userid="$1" -d password="`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="email" -d value="${email}"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="quota" -d value="${quota}"
--- a/utils/add_mailbox
+++ b/utils/add_mailbox
+#!/bin/bash
+set -e
+set -u
+set -x
+source /etc/environment
+email=$1
+email_password=$2
+local_part=`echo $email | cut -d@ -f1`
+email_domain=`echo $email | cut -d@ -f2`
+curl --data "username=${mail_username}&password=${mail_password}&login=Log+In&rememberme=0" -c /tmp/cookie.txt https://${mail_hostname}/auth/login
+domain_id=`curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*'`
+curl --data "local_part=${local_part}&domain=${domain_id}&password=${email_password}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
+rm /tmp/cookie.txt
--- a/utils/add_to_group
+++ b/utils/add_to_group
+#!/bin/bash -eux
+source /etc/environment
+user=$1
+group=$2
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${1}/groups -d groupid="${2}"