utils/helpers.sh → utils/helpers

@@ -65,4 +65,3 @@ function help () {
   echo "" 1>&2
   exit 1
 }
-

utils/libre

+#!/bin/bash -eu
+
+
+function error_path {
+  >&2 echo "Error: you must be in either /data/domains/*/ or /system/*/ to execute these commands"
+  exit 1
+}
+
+function systemctl_param {
+  first_level_path=`pwd | cut -d'/' -f2`
+  second_level_path=`pwd | cut -d'/' -f3`
+
+  if [ "$first_level_path" == "system" ]; then
+    module=`pwd | cut -d'/' -f3`
+    if [ -n "$module" ]; then
+      echo s@$module
+    else
+      error_path
+    fi
+  elif [ "$first_level_path" == "data" ] && [ "$second_level_path" == "domains" ]; then
+    domain=`pwd | cut -d'/' -f4`
+    if [ -n "$domain" ]; then
+      echo u@$domain
+    else
+      error_path
+    fi
+  else
+    error_path
+  fi
+}
+
+function show_usage {
+  echo "Usage:"
+  echo " - provision -a <app_repo_url> -u <domainname> -s : install and start a libre.sh service."
+  echo " - start|status|enable|disable|restart|stop: command sent to systemctl."
+  echo " - ps|exec|logs: command sent to docker compose."
+  echo " - update: to update the current folder."
+  echo " - stats: show docker stats with names."
+  echo " - delete <domainname>: remove a libre.sh service."
+  echo " - getsize <domainname>: give you the size of the installed application"
+  exit 1
+}
+
+if [ $# -eq 0 ]; then
+  show_usage
+fi
+
+case "$1" in
+  start|status|enable|disable|restart|stop)
+    if [ -n "$(systemctl_param)" ]; then
+      echo "systemctl $1 $(systemctl_param)"
+      systemctl $1 $(systemctl_param)
+    fi;;
+  journal)
+    if [ -n "$(systemctl_param)" ]; then
+      journalctl -fu $(systemctl_param)
+    fi;;
+  ps|exec|logs)
+    if [ -f ./env ]; then
+      env $(cat ./env | xargs) docker-compose $1 ${@:2}
+    else
+      docker-compose $1 ${@:2}
+    fi;;
+  update)
+    if [ "$(pwd)" == "/libre.sh" ]; then
+      git pull
+      cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload
+      cp /libre.sh/utils/* /opt/bin/
+    elif [ -n "$(systemctl_param)" ]; then
+      git pull
+      docker-compose pull
+      docker-compose build
+      /opt/bin/libre restart
+    fi;;
+  provision)
+    provision ${@:2};;
+  stats)
+    docker stats $(docker ps|grep -v "NAMES"|awk '{ print $NF }'|tr "\n" " ");;
+  delete)
+    if [ $# -ne 2 ]; then
+      echo "delete requires a domainname argument."
+      exit 1
+    fi
+
+    read -p "Are you sure you want to delete ${2}? (yN)" -n 1 -r
+    echo    # (optional) move to a new line
+    if [[ $REPLY =~ ^[Yy]$ ]]
+    then
+      cd /data/domains/${2}
+      libre stop
+      libre disable
+      cd /data/domains
+      tar cvzf ${2}.tgz ./${2}
+      if [ -f ./${2}.tgz ]; then
+	if [ ! -d /data/trash/ ]; then
+	  mkdir /data/trash/
+	fi
+        mv ${2}.tgz /data/trash/
+        rm -rf /data/domains/${2}
+        rm -rf /system/haproxy/certs/${2}
+        rm /system/haproxy/haproxy/certs/${2}.pem
+      fi
+    fi;;
+  getsize)
+    # check the current size
+    if [ $# -ne 2 ]; then
+      echo "getsize requires a domainname argument."
+      exit 1
+    fi
+    echo $(du -hs /data/domains/${2}) |cut -d ' ' -f 1;;
+  *)
+    show_usage
+esac

utils/mail-mon.sh

+#!/bin/bash -eux
+
+/usr/bin/journalctl --since '1 hour ago' | grep postfix/cleanup | grep "from=" | sed -n 's/.*from=<\(.*\)> to=<\(.*\)> pro.*/\1/p' | sort |uniq -c | sort | awk 'BEGIN {FS=" ";} {printf "mail_sent{domain_name=\"%s\"} %s\n", $2, $1}' > /system/metrics-collection/textfiles/mail.prom

utils/migrate

+#!/bin/bash -eux
+#!/bin/bash -eux
+
+hash=$1
+domain=$2
+
+cd /data/domains/
+wget https://wader.indie.host/migrate/$hash
+unzip $hash
+rm $hash
+
+cd $domain
+
+cp TLS/$domain.pem /system/haproxy/haproxy/certs
+
+systemctl start u@$domain
+systemctl enable u@$domain

utils/ocsp.sh

-#!/bin/bash -eux
-
-PEM_FILE=${1}
-CRT_FILE=/tmp/`basename ${PEM_FILE} | sed 's/pem/crt/'`
-DIR=`dirname ${PEM_FILE}`
-URL=`openssl x509 -in ${PEM_FILE} -text | grep OCSP | cut -d: -f2,3`
-HEADER=`echo $URL | cut -d/ -f3`
-ISSUER_CRT_URL=`openssl x509 -in ${PEM_FILE} -text | grep Issuers | cut -d: -f2,3`
-wget ${ISSUER_CRT_URL} -q -O - | openssl x509 -inform DER -outform PEM > ${PEM_FILE}.issuer
-openssl x509 -outform PEM -in ${PEM_FILE} > ${CRT_FILE}
-openssl ocsp -noverify -issuer ${PEM_FILE}.issuer -cert ${CRT_FILE} -url ${URL} -no_nonce -header Host ${HEADER}  -respout ${PEM_FILE}.ocsp
-

utils/provision.sh → utils/provision

 #!/usr/bin/env bash
-# Provision an application for a user for IndiePaaS
+# Provision an application for a user for LibrePaaS
 #
 # This file:
 #  - Registers the domain name to NameCheap
-#  - Generates the TLS certificate associated
 #  - Configures the DNS
-#  - Configures the mail forwarding
 #
 # Version 0.0.3
 #
@@ -13,7 +11,7 @@
 #  - Pierre Ozoux (pierre-o.fr)
 #
 # Usage:
-#  LOG_LEVEL=7 ./provision.sh -e test@test.org -a known -u example.org -g -b -c
+#  LOG_LEVEL=7 ./provision -a github.com/indiehosters/known -u example.org -g -b -c
 #
 # Licensed under AGPLv3
 
@@ -28,12 +26,13 @@ LOG_LEVEL="${LOG_LEVEL:-6}" # 7 = debug -> 0 = emergency
 # opts & defaults from. The parsing is unforgiving so be precise in your syntax
 read -r -d '' usage <<-'EOF'
   -u   [arg] URL to process. Required.
-  -f   [arg] Certificate file to use.
-  -g         Generates the necessary certificate.
-  -p         Paste certificate from previous run.
+  -a   [arg] Application to install. (in the form github.com/indiehosters/wordpress or wordpress in REPO_MODE)
+  -t   [arg] Checkout a specific tag or branch from the application repo. default to master
+  -e   [arg] Specify the email of the application admin 
+  -s         Start the application right away.
   -b         Buys the associated domain name.
   -i         Configure OpenDKIM.
-  -c         Configures DNS on Namecheap.
+  -c         Configures DNS if possible.
   -d         Enables debug mode
   -h         This page
 EOF
@@ -41,14 +40,9 @@ EOF
 ### Functions
 #####################################################################
 
-source /data/indiehosters/utils/helpers.sh
-source /data/indiehosters/utils/configure_dkim_dns.sh
-
-function scaffold () {
-  info "Creating application folder"
-  mkdir -p ${APP_FOLDER}
-
-}
+source /etc/environment
+source /opt/bin/helpers
+source /opt/bin/configure_dkim_dns
 
 function buy_domain_name () {
 
@@ -110,53 +104,58 @@ function buy_domain_name () {
   call_API ${arguments}
 }
 
-function provision_certificate () {
-  scaffold
-  filename=$(basename "${arg_f}")
-  extension="${filename##*.}"
-  if [ "${extension}" != "pem" ]; then
-    error "File extension must be pem."
-    exit 1
-  fi
-
-  info "Provisionning certificate."
-  cp -Ra $(dirname ${arg_f}) ${TLS_FOLDER}
-  cd ${TLS_FOLDER}
-  mv *.pem ${arg_u}.pem
-}
-
-function generate_certificate () {
-  scaffold
-  info "creating TLS ans CSR folder."
-  mkdir -p ${TLS_FOLDER}/CSR
-
-  info "Generating the key."
-  openssl genrsa -out ${TLS_FOLDER}/CSR/${arg_u}.key 4096
+function application () {
 
-  info "Creating the request."
-  openssl req -new \
-    -key ${TLS_FOLDER}/CSR/${arg_u}.key \
-    -out ${TLS_FOLDER}/CSR/${arg_u}.csr \
-    -subj "/C=${CountryCode}/ST=${City}/L=${City}/O=${arg_u}/OU=/CN=${arg_u}/emailAddress=${EmailAddress}"
+  #We check if a APP_REPO_URL was specified
 
-  info "Here is your CSR, paste it in your Certificate authority interface."
-  echo ""
-  cat ${TLS_FOLDER}/CSR/${arg_u}.csr
+  if [ -z ${APP_REPO_URL:-} ]; then
+    warning "NO repo URL specified, using argument as full URL"
+    git_url=https://${arg_a}.git
+  else
+    warning "REPO specified, using argument as app name"
+    git_url=https://${APP_REPO_URL}/${arg_a}.git
+  fi
+  
+  #Define the tag/branch 
+  
+  git clone ${git_url} -b ${arg_t} /data/domains/${arg_u} 
 
-  paste_certificate
+  cd /data/domains/${arg_u}
+  
+  if [ -f ./scripts/install ]; then
+    #domain
+    export URL=${arg_u} 
+    #admin email
+    if [ -z "${arg_e}" ]; then
+      warning "No admin_email specified with -e , using default hoster email"
+    else
+      export ADMIN_EMAIL=${arg_e}
+      debug " admin email is ${ADMIN_EMAIL} "
+    fi
+
+    if [ -z ${MAIL_DOMAIN:-} ]; then
+      warning "you have no email server setup, we'll print a random configuration in your application. Make sure to check the parameters for your app to send proper emails."
+      warning "To stop having this warning, please configure your libre.sh to be abble to create email accounts."
+      warning "You can also contact support@indie.host to setup an email account for you"
+      export MAIL_PASS="randompass"
+      export MAIL_USER="example@indie.host"
+      export MAIL_DOMAIN="indie.host"
+      export MAIL_HOST="mail.indie.host"
+      export MAIL_PORT="587"
+    else
+      echo "using MAIL_DOMAIN from server env"
+      #export MAIL_PASS=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs`
+      #export MAIL_USER="noreply.${arg_u}@${MAIL_DOMAIN}"
+      #/opt/bin/add_mailbox ${MAIL_USER} ${MAIL_PASS}
+    fi
+    ./scripts/install
+  fi
 }
 
-function paste_certificate () {
-  echo ""
-  info "You should have received a certificate."
-  info "Please paste your certificate now: (finish with enter and ctrl-d)"
-  
-  cat > ${TLS_FOLDER}/CSR/${arg_u}.crt
 
-  info "Concat certificate, CA and key into pem file."
-  cat ${TLS_FOLDER}/CSR/${arg_u}.crt /data/indiehosters/certs/sub.class2.server.sha2.ca.pem /data/indiehosters/certs/ca-sha2.pem ${TLS_FOLDER}/CSR/${arg_u}.key > ${TLS_FOLDER}/${arg_u}.pem
-  
-  /data/indiehosters/utils/append_crt_list.sh ${arg_u}
+function start () {
+  systemctl start u@${arg_u}
+  systemctl enable u@${arg_u}
 }
 
 ### Parse commandline options
@@ -229,6 +228,8 @@ fi
 
 [ -z "${arg_u}" ]     && help      "URL is required."
 [ -z "${LOG_LEVEL}" ] && emergency "Cannot continue without LOG_LEVEL."
+# tags/branch for modules 
+[ -z "${arg_t}" ]     && arg_t=master
 
 
 ### Runtime
@@ -236,7 +237,7 @@ fi
 
 # Exit on error. Append ||true if you expect an error.
 # set -e is safer than #!/bin/bash -e because that is neutralised if
-# someone runs your script like `bash yourscript.sh`
+# someone runs your script like `bash yourscript`
 set -o errexit
 set -o nounset
 
@@ -248,10 +249,9 @@ FOLDER=/data/domains/${arg_u}
 TLS_FOLDER=${FOLDER}/TLS
 
 [ ${arg_b} -eq 1 ] && buy_domain_name
-[ ${arg_g} -eq 1 ] && generate_certificate
-[ ${arg_p} -eq 1 ] && paste_certificate
-[ ! -z "${arg_f}" ] && provision_certificate
+[ ! -z "${arg_a}" ] && application
 [ ${arg_i} -eq 1 ] && provision_dkim
 [ ${arg_c} -eq 1 ] && configure_dns
+[ ${arg_s} -eq 1 ] && start
 
 exit 0

utils/spread_backups.sh

-#!/bin/bash -eux
-
-for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f2 | grep backup | sort -R`
-do
-  systemctl stop $unit
-  systemctl restart $unit
-done
-
-for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f3 | grep backup | sort -R`
-do
-  systemctl stop $unit
-  systemctl restart $unit
-done
-
-for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f1 | grep backup | sort -R`
-do
-  systemctl stop $unit
-  systemctl restart $unit
-done
-

utils/stop_before_migration

+#!/bin/bash -eux
+
+domain=$1
+ip=$2
+cd /data/domains/$domain
+./scripts/backup
+
+systemctl stop u@$domain
+systemctl disable u@$domain
+
+tar cvzf /home/core/${domain}.tgz .

utils/test-domain.sh

+#!/bin/bash
+cd /data/domains
+my_ip=`curl http://ipv4.icanhazip.com/`
+echo "My IP is $my_ip"
+for domain in `ls .`; do
+  domain_ip=`host ${domain} | awk '/has address/ { print $4 }'`
+  if [[ "${domain_ip}" != "${my_ip}" ]]; then
+    echo "$domain has this IP: $domain_ip"
+  fi
+done