unit-files/mail-mon.service

+[Service]
+Type=oneshot
+ExecStart=/libre.sh/utils/mail-mon.sh

unit-files/mail-mon.timer

+[Unit]
+Description=Run mail mon hourly and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=1h
+
+[Install]
+WantedBy=timers.target

unit-files/ssh-backup.service → unit-files/s@.service

@@ -12,10 +12,12 @@ Restart=always
 RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
-WorkingDirectory=/media/diskb/backup/
-ExecStartPre=-/opt/bin/docker-compose rm -f
-ExecStart=/opt/bin/docker-compose up
-ExecStop=/opt/bin/docker-compose stop
+EnvironmentFile=-/system/%i/env
+Environment=HOSTNAME=%H
+WorkingDirectory=/system/%i/
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "docker-compose up"
+ExecStop=docker-compose stop
 
 [Install]
 WantedBy=multi-user.target

unit-files/swapon.service

 [Unit]
 Description=Turn on swap
-
 [Service]
 Type=oneshot
-ExecStart=/sbin/swapon /data/swap
-
+RemainAfterExit=true
+ExecStartPre=-/bin/bash -euxc ' \
+  fallocate -l 8192m /swap &&\
+  chmod 600 /swap &&\
+  mkswap /swap'
+ExecStart=/sbin/swapon /swap
+ExecStop=/sbin/swapoff /swap
 [Install]
 WantedBy=local.target

unit-files/u@.service

@@ -3,22 +3,21 @@ Description=%p-%i
 
 # Requirements
 Requires=docker.service
-Requires=b-u@%i.timer
 
 # Dependency ordering
 After=docker.service
-Before=b-u@%i.timer
 
 [Service]
 Restart=always
 RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
+EnvironmentFile=-/data/domains/%i/env
+Environment=HOSTNAME=%H
 WorkingDirectory=/data/domains/%i/
-ExecStartPre=-/opt/bin/docker-compose rm -f
-ExecStart=/bin/bash -euxc "HOST=%i /opt/bin/docker-compose up"
-ExecStop=/opt/bin/docker-compose stop
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "LETSENCRYPT_HOST=%i VIRTUAL_HOST=%i,www.%i docker-compose up"
+ExecStop=docker-compose stop
 
 [Install]
 WantedBy=multi-user.target
-

unit-files/universal@.service

-[Unit]
-Description=%p-%i
-
-# Requirements
-Requires=docker.service
-Requires=discovery-u@%i.service
-Requires=backup-u@%i.timer
-
-# Dependency ordering
-After=docker.service
-Before=discovery-u@%i.service
-Before=backup-u@%i.timer
-
-[Service]
-Restart=always
-RestartSec=10
-TimeoutStartSec=60
-TimeoutStopSec=15
-WorkingDirectory=/data/domains/%i/
-ExecStartPre=/bin/cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
-ExecStart=/bin/bash -euxc '/data/domains/%i/RUN'
-ExecStop=/bin/bash -euxc '/data/domains/%i/STOP'
-
-[Install]
-WantedBy=multi-user.target
-

unit-files/web-net.service

+[Unit]
+Description=Create lb_web network
+Requires=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/docker network create lb_web
+ExecStop=/usr/bin/docker network rm lb_web
+[Install]
+WantedBy=local.target

user_data

+#cloud-config
+
+ssh_authorized_keys:
+  - "PUT YOUR SSH KEY PUBLIC HERE"
+
+write_files:
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
+  - path: /etc/sysctl.d/libresh.conf
+    permissions: 0644
+    owner: root
+    content: |
+      fs.aio-max-nr=1048576
+      vm.max_map_count=262144
+      vm.overcommit_memory=1
+      vm.nr_hugepages=0
+  - path: /etc/hosts
+    permissions: 0644
+    owner: root
+    content: |
+      127.0.0.1 localhost
+      255.255.255.255 broadcasthost
+      ::1 localhost
+  - path: /etc/environment
+    permissions: 0644
+    owner: root
+    content: |
+      NAMECHEAP_URL="namecheap.com"
+      NAMECHEAP_API_USER="pierreo"
+      NAMECHEAP_API_KEY=
+      IP=`curl -s http://icanhazip.com/`
+      FirstName="Pierre"
+      LastName="Ozoux"
+      Address=""
+      PostalCode=""
+      Country="Portugal"
+      Phone="+351.967184553"
+      EmailAddress="pierre@ozoux.net"
+      City="Lisbon"
+      CountryCode="PT"
+      BACKUP_DESTINATION=root@xxxxx:port
+      MAIL_USER=
+      MAIL_PASS=
+      MAIL_HOST=mail.indie.host
+      MAIL_PORT=587
+coreos:
+  update:
+    reboot-strategy: off
+  units:
+    - name: systemd-sysctl.service
+      command: restart
+    - name: swap.service
+      enable: true
+      command: start
+      content: |
+        [Unit]
+        Description=Turn on swap
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStartPre=-/bin/bash -euxc ' \
+          fallocate -l 8192m /swap &&\
+          chmod 600 /swap &&\
+          mkswap /swap'
+        ExecStart=/sbin/swapon /swap
+        ExecStop=/sbin/swapoff /swap
+        [Install]
+        WantedBy=local.target
+    - name: install-compose.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install Docker Compose
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          mkdir -p /opt/bin &&\
+          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
+          curl -L $url > /opt/bin/docker-compose &&\
+          chmod +x /opt/bin/docker-compose'
+    - name: install-libresh.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install libre.sh
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
+          mkdir /{data,system} &&\
+          mkdir /data/trash &&\
+          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+          systemctl enable web-net.service &&\
+          systemctl start web-net.service &&\
+          cp /libre.sh/utils/* /opt/bin/'

utils/add_cloud_user

+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+email=$2
+quota=$3
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users -d userid="$1" -d password="`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="email" -d value="${email}"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="quota" -d value="${quota}"

utils/add_to_group

+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+group=$2
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${1}/groups -d groupid="${2}"

utils/add_user

+#!/bin/bash -eux
+
+source /etc/environment
+
+email=$1
+cc_welcome_email=$2
+quota=$3
+
+password=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`
+local_part=`echo $email | cut -d@ -f1`
+email_domain=`echo $email | cut -d@ -f2`
+
+curl --data "username=${mail_username}&password=${mail_password}&login=Log+In&rememberme=0" -c /tmp/cookie.txt https://${mail_hostname}/auth/login
+
+if ! curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*' ; then
+  curl --data "backupmx=0&active=1&max_aliases=0&max_mailboxes=0&max_quota=0&quota=0&transport=virtual&domain=${email_domain}" -b /tmp/cookie.txt https://${mail_hostname}/domain/add
+fi
+
+domain_id=`curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*'`
+curl --data "local_part=${local_part}&domain=${domain_id}&password=${password}&welcome_email=1&cc_welcome_email=${cc_welcome_email}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
+
+rm /tmp/cookie.txt
+
+curl -X PUT --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${email} -d key="quota" -d value="${quota}"
+
+#docker exec -it --user www-data `echo ${cloud_hostname}_app_1 |sed 's/-//g' | sed 's/\.//g'` bash -c "\
+  #  php occ mail:account:create ${email} ${email} ${email} ${mail_hostname} 993 ssl ${email} ${password} ${mail_hostname} 587 tls ${email} ${password}"

utils/backup-server.sh

-#!/bin/bash
-
-cd
-cp /etc/environment .
-cp /var/lib/coreos-install/user_data .
-tar cvzf /home/core/root-k4.tgz --exclude ./.cache/* .
-chown core:core /home/core/root-k4.tgz
-
-echo 'scp core@k4:root-k4.tgz .'
-

utils/clean_docker.sh

-#!/bin/bash
-
-docker rm -v $(docker ps -a -q -f status=exited)
-
-docker rmi $(docker images -f "dangling=true" -q)
-
-docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker --rm martin/docker-cleanup-volumes

utils/configure_dkim_dns.sh → utils/configure_dkim_dns

@@ -8,7 +8,7 @@ function provision_dkim () {
 
 
 function configure_dns () {
-  domain_key=`cat /data/domains/mail.indie.host/opendkim/keys/${arg_u}/mail.txt | cut -d\" -f2 | sed 'N;s/\n//g' | sed 's/ //g'`
+  domain_key=`cat /data/domains/mail.indie.host/opendkim/keys/${arg_u}/mail.txt | cut -d\" -f2 | sed 'N;s/\n//g' | sed 's/ //g' | sed 's/+/%2B/g' | sed 's/\//%2F/g'`
   info "Configuring DNS."
   arguments="&Command=namecheap.domains.dns.setHosts\
 &DomainName=${arg_u}\
@@ -20,16 +20,16 @@ function configure_dns () {
 &HostName2=www\
 &RecordType2=CNAME\
 &Address2=${arg_u}\
-&HostName3=mail\
-&RecordType3=CNAME\
+&HostName3=@\
+&RecordType3=MX\
 &Address3=${mail_hostname}\
+&MXPref3=10\
 &HostName4=@\
-&RecordType4=MX\
-&Address4=mail.${arg_u}\
-&MXPref4=10\
-&HostName5=@\
+&RecordType4=TXT\
+&Address4=v=spf1%20include:${mail_hostname}\
+&Hostname5=_dmarc\
 &RecordType5=TXT\
-&Address5=v=spf1%20include:${mail_hostname}\
+&Address5=v=DMARC1;%20p=none;%20rua=mailto:support@indie.host\
 &HostName6=mail._domainkey\
 &RecordType6=TXT\
 &Address6=${domain_key}\
@@ -37,7 +37,6 @@ function configure_dns () {
 &RecordType7=CNAME\
 &Address7=autoconfig.`echo $mail_hostname | cut -d. -f2,3`\
 &EmailType=mx"
-
   call_API ${arguments}
 
 }

utils/disable

-systemctl_commands
\ No newline at end of file

utils/dump_all.sh

+#!/bin/bash -eux
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin
+
+echo BEGIN > /tmp/dump-logs
+date > /tmp/dump-logs
+
+for domain in `ls /data/domains`; do
+  echo $domain >> /tmp/dump-logs
+  cd /data/domains/${domain}/
+  if [[ -f ./scripts/pre-backup ]]; then
+    cat ./scripts/pre-backup >> /tmp/dump-logs
+    ./scripts/pre-backup >> /tmp/dump-logs
+  fi
+done
+
+date > /tmp/dump
+echo END >> /tmp/dump-logs
+date >> /tmp/dump-logs

utils/enable

-systemctl_commands
\ No newline at end of file

utils/fix_backup

-#!/bin/bash -eux
-
-systemctl list-units | grep failed | cut -d' ' -f2 | xargs systemctl status | grep lockfile.lock | cut -f4 -d: | xargs rm
-systemctl list-units | grep failed | cut -d' ' -f2 | xargs systemctl start

utils/helpers.sh → utils/helpers

@@ -65,4 +65,3 @@ function help () {
   echo "" 1>&2
   exit 1
 }
-