8 年之前 · 83df59448f
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
 .env
 *~
 getmailrc-*
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,24 @@
 [submodule "images/rpi-mariadb"]
 	path = images/rpi-mariadb
 	url = git@github.com:bingen/rpi-mariadb.git
 [submodule "rpi-nextcloud"]
 	path = rpi-nextcloud
 	url = git@github.com:bingen/rpi-nextcloud.git
 [submodule "images/rpi-openldap"]
 	path = images/rpi-openldap
 	url = git@github.com:bingen/rpi-openldap.git
 [submodule "images/rpi-nextcloud"]
 	path = images/rpi-nextcloud
 	url = git@github.com:bingen/rpi-nextcloud.git
 [submodule "images/rpi-haproxy"]
 	path = images/rpi-haproxy
 	url = git@github.com:bingen/rpi-haproxy.git
 [submodule "images/rpi-email"]
 	path = images/rpi-email
 	url = git@github.com:bingen/rpi-email.git
 [submodule "images/rpi-nginx"]
 	path = images/rpi-nginx
 	url = git@github.com:bingen/rpi-nginx.git
 [submodule "images/rpi-nginx-php"]
 	path = images/rpi-nginx-php
 	url = git@github.com:bingen/rpi-nginx-php.git
--- a/README.md
+++ b/README.md
@@ -0,0 +1,259 @@
 # Docker Home Server for Raspberry Pi

 Flash Hypriot
 -------------

 You can check last images [here](http://blog.hypriot.com/downloads/) and use [flash tool](https://github.com/hypriot/flash) to flash your RespberryPi SD:

    flash --hostname your-hostname https://github.com/hypriot/image-builder-rpi/releases/download/v1.4.0/hypriotos-rpi-v1.4.0.img.zip

 SSH into each RPI:

    ssh pirate@you-rpi-ip

 As of version 1.4, default credentials are pirate/hypriot. You can use arp-scan to guess the IP. You can also use:

    function getip() { (traceroute $1 2>&1 | head -n 1 | cut -d\( -f 2 | cut -d\) -f 1) }

 Change default password:

    passwd

 You can also set up paswwordless access with:

    ssh-copy-id -i ~/.ssh/your-key_rsa.pub pirate@your-rpi -o "IdentitiesOnly yes"

 And also add an entry to you ~/.ssh/config file:

    Host your-rpi-1 your-rpi-2 ...
        Hostname %h.local
        User pirate
        IdentityFile ~/.ssh/your-key_rsa
        IdentitiesOnly yes
        StrictHostKeyChecking no

 If you want, you can also add this config snippet to all your nodes and add your private key to each `~/.ssh` folder to be able to connect from one RPI to another.

 (?) Add regular user to docker group

    sudo usermod -aG docker pirate

 (Optional) In case you see annoying warning messages about locales from perl:

    sudo dpkg-reconfigure locales

 (Optional) Install some useful packages

    sudo aptitude update && sudo aptitude install rsync zsh

 (Optional) Encrypt external hard disk
 -------------------------------------

    sudo aptitude install cryptsetup
    sudo fdisk /dev/sdX
    sudo cryptsetup --verify-passphrase luksFormat /dev/sdX1 -c aes -s 256 -h sha256
    sudo cryptsetup luksOpen /dev/sdX1 volumes
    sudo mkfs -t ext4 -m 1 -O dir_index,sparse_super /dev/mapper/volumes
    #mount -t auto /dev/mapper/volumes /media/volumes

    sudo dd if=/dev/urandom of=/root/volumes_luks_pwd bs=1024 count=4
    sudo chmod 0400 /root/volumes_luks_pwd
    sudo cryptsetup luksAddKey /dev/sdX1 /root/volumes_luks_pwd

 Add to /etc/crypttab:

    volumes      /dev/disk/by-uuid/uuid-of-your-drive  /root/volumes_luks_pwd  luks

 and add to /etc/fstab:

    /dev/mapper/volumes  /media/volumes     ext4    defaults        0       2

 NFS
 ---

 Install server on main host:

    sudo aptitude install nfs-kernel-server
    sudo mkdir -p /export/volumes
    sudo mount --bind /media/volumes /export/volumes

 And add the following line to /etc/fstab toavoid repeating it on startup:

    /media/volumes       /export/volumes    none    bind            0       0

 And to /etc/exports:

    /export         192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
    /export/volumes 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async,no_root_squash)

 (changing network/mask by your local values)

 On the other nodes:

    sudo aptitude install nfs-common

 And add to fstab:

    your-main-host:/export/volumes /media/volumes nfs auto,user 0 0

 Swap file
 ---------

 http://jermsmit.com/my-raspberry-pi-needs-a-swap/

    dd if=/dev/zero of=/media/volumes/swap bs=1M count=2048
    chmod 600 /media/volumes/swap
    mkswap /media/volumes/swap
    swapon /media/volumes/swap

 Add to /etc/fstab:

    /media/volumes/swap               swap                    swap    defaults        0 0

 Repeat for worker nodes (changing name of swap file)

 Swarm
 -----

 Login to the main RPI and start the swarm:

    docker swarm init --listen-addr eth0

 And join from the other ones, just copy-paste command provided by the master from them:

    docker swarm join --token your-token your-main_rpi:2377


 Data and volumes
 ----------------

 If you have existing data, create folders (otherwise setup script will do it) and copy it data:

    sudo mkdir -p /media/volumes/mail/data
    sudo mkdir -p /media/volumes/mail/state
    sudo mkdir -p /media/volumes/nextcloud

    sudo chown -R pirate:pirate /media/volumes/*

    sudo mkdir -p /media/volumes/openldap/data
    sudo mkdir -p /media/volumes/openldap/config
    sudo mkdir -p /media/volumes/openldap/certs
    sudo chown -R 999 /media/volumes/openldap*

 From your current installation:

    rsync -auv --delete -e "ssh -i ~/.ssh/your-key_rsa" /var/www/nextcloud/data your-main-host:/media/volumes/nextcloud/
    mysqldump --lock-tables -u nextcloud -p -h localhost nextcloud > /var/www/nextcloud/nextcloud_db_backup.sql
    rsync -auv --delete -e "ssh -i ~/.ssh/your-key_rsa" /srv/vmail/ your-main-host:/media/volumes/mail/data


 Configuration and deployment
 ----------------------------

    ./setup.sh

 (Optional, can be downloaded from registry, unless you changed them) Build aux images:

    cd ~/docker_home_server/images/rpi-nginx
    docker build . -t bingen/rpi-nginx
    cd ~/docker_home_server/images/rpi-nginx-php5
    docker build . -t bingen/rpi-nginx-php5
    cd ../../

 (Optional, can be downloaded from registry, unless you changed them) Build images:

    docker-compose build

 Deploy docker stack

    deploy.sh your-stack-name

 Other useful commands
 ---------------------

    docker node ls

    docker stack ls
    docker stack ps your-stack-name

 To see logs of a docker swarm/stack service:
 https://github.com/docker/docker/issues/23710

    docker logs $(docker inspect --format "{{.Status.ContainerStatus.ContainerID}}" `docker stack ps your-stack-name | grep your-service-name | cut -f1 -d' '`)

 To shutdown the stack:

    docker stack rm your-stack-name

 To get into containers:

    docker ps # in the swarm node containing it
    docker exec -ti 5105b27d9cf0 bash

 To view swarm token:

    docker swarm join-token worker

 Openldap
 --------

    ldapsearch -x -w your-admin-ldap-password -D cn=admin,dc=your-domain,dc=com -b dc=your-domain,dc=com -LLL

 To reset a user's password:
 Copy this into a file, `user_pwd.ldif`:

    dn: uniqueIdentifier=your-user,ou=people,dc=your-domain,dc=com
    changetype: modify
    replace: userPassword
    userPassword: {SSHA}Rs60p+2QKxAFRnA6vtWV71SI6Jz57CDF

 And the run:

    ldapadd -W -D "cn=admin,dc=your-domain,dc=com" -f user_pwd.ldif

 You generate the password with:

    slappaswwd -s your-password

 MariaDB
 -------

 If you have existing data, make sure root password matches and access from outside ('%') is allowed.

 Nextcloud
 ---------

 After first run, set DATA_CHOWN=0, explain why... (TODO)

 Need to log in as admin for the first time and enable Apps manually.

 Dynamic DNS
 -----------

 Check your domain registration provider

 Fail2ban
 --------

 Install fail2ban in you docker swarm master node if you want to allow ssh connections from outside.

    sudo aptitude install fail2ban

 Have a look at the [documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0_8) for configuration.

 Port mapping
 ------------

 Get into your router admin page and redirect ports:

 - `80`, `443` for Web (Nextcloud and eventually other through HaProxy)
 - `25`, `143`, `587`, `993` for mail server
 - `22` for ssh

 to your docker swarm master node IP.

 TODO
 ----

 - Use PHP7 for Nextcloud
 - Alternative: run your own registry for images.
--- a/deploy.sh
+++ b/deploy.sh
@@ -0,0 +1,62 @@
 #!/bin/bash

 STACK_NAME=$1

 if [ $# -eq 0 ]; then
    echo "You must pass stack name as a parameter"
    exit 1
 fi

 docker stack rm ${STACK_NAME}

 docker-compose build
 docker push bingen/rpi-openldap
 docker push bingen/rpi-mariadb
 docker push bingen/rpi-haproxy
 docker push bingen/rpi-mailserver
 docker push bingen/rpi-nextcloud

 # seen here: https://github.com/docker/docker/issues/29133#issuecomment-278198683
 env $(cat .env | grep "^[A-Z]" | xargs) \
    docker stack deploy --compose-file docker-compose.yml ${STACK_NAME}

 echo Wait for services to start
 sleep 60

 host=$(docker stack ps ${STACK_NAME} | grep Running | grep openldap | awk '{ print $4 }')
 #echo Host=$host
 if [ -z $host ]; then
    echo "No host found!";
    exit 1;
 fi
 container=$(ssh $host 'docker ps | grep openldap | cut -f1 -d" "')
 #echo Container=$container
 if [ -z $container ]; then
    echo "Qué me estás container?!";
    exit 1;
 fi

 # read variables, for mail data path
 . .env
 # Replace Mail data path for users
 find images/rpi-openldap/users -type f -exec \
     sed -i "s/\${MAIL_DATA_PATH}/${MAIL_DATA_PATH//\//\\/}/g" {} \;

 echo Copying user files to Host $host
 scp -r images/rpi-openldap/users $host:/tmp/

 echo Copying user files to Container $container in Host $host
 ssh $host "docker cp /tmp/users $container:/tmp/"

 echo Adding users to openldap
 ssh $host \
    "for i in \$(ls /tmp/users/userimport*.ldif); do \
        ls \$i;
        docker exec ${container} sh -c \
        'slapadd -l '\$i; \
    done;"
 #'ldapadd -w \$(cat \${LDAP_ADMIN_PWD_FILE}) -D cn=admin,dc=\${LDAP_ORGANIZATION},dc=\${LDAP_EXTENSION} -f '\$i; \

 echo Removing copied user files
 ssh $host "docker exec ${container} sh -c 'rm -Rf /tmp/users'"
 ssh $host "rm -Rf /tmp/users"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,163 @@
 version: '3.1'
 services:
  openldap:
    build:
      context: ./images/rpi-openldap/
    image: bingen/rpi-openldap:latest
    deploy:
      replicas: 1
    secrets:
      - source: ldap_pwd
        target: admin_pwd
        uid: '999'
        mode: 0440
      - source: ldap_mail_pwd
        target: mail_pwd
        uid: '999'
        mode: 0440
      - source: ldap_nextcloud_pwd
        target: nextcloud_pwd
        uid: '999'
        mode: 0440
    # container_name: openldap
    tty: true
    stdin_open: true
    env_file:
      - openldap.env
    networks:
      - default
    #ports:
      #- "389:389"
      #- "639:639"
      #- "8080:80"
    volumes:
      - ${LDAP_DATA_PATH}:/var/lib/ldap
      - ${LDAP_CONFIG_PATH}:/etc/ldap/slapd.d
      - ${LDAP_CERTS_PATH}:/container/service/slapd/assets/certs/
    hostname: openldap.${LDAP_DOMAIN}

  db:
    build:
      context: ./images/rpi-mariadb/
    image: bingen/rpi-mariadb:latest
    deploy:
      replicas: 1
    secrets:
      - source: db_pwd
        target: admin_pwd
        mode: 0440
    environment:
      - MYSQL_ROOT_PWD_FILE=/run/secrets/admin_pwd
    #container_name: mariadb
    networks:
      - default
    #ports:
      #- "3306:3306"
    volumes:
      #- ${DB_CONFIG_PATH}:/etc/mysql
      - ${DB_DATA_PATH}:/var/lib/mysql

  haproxy:
    build:
      context: ./images/rpi-haproxy/
    image: bingen/rpi-haproxy:latest
    depends_on:
      # For DNS resolution
      - nextcloud
    deploy:
      replicas: 1
    env_file:
      - haproxy.env
    networks:
      - default
    ports:
      - "80:80"
      - "443:443"
  mail:
    build:
      context: ./images/rpi-email/
    image: bingen/rpi-mailserver:latest
    depends_on:
      - openldap
    deploy:
      replicas: 1
    secrets:
      - source: ldap_mail_pwd
        target: ldap_pwd
        uid: '999'
        mode: 0440
    hostname: ${MAIL_HOSTNAME}.${MAIL_DOMAIN}
    #domainname: ${MAIL_DOMAIN}
    env_file:
      - mail.env
    networks:
      - default
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
    volumes:
      - ${MAIL_DATA_VOLUME_PATH}:${MAIL_DATA_PATH}
      #- ${MAIL_STATE_VOLUME_PATH}:${MAIL_STATE_PATH}
    cap_add:
      - NET_ADMIN

  nextcloud:
    build:
      context: ./images/rpi-nextcloud/
      args:
        - NEXTCLOUD_VERSION=${NEXTCLOUD_VERSION}
        - NEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}
    image: bingen/rpi-nextcloud:latest
    depends_on:
      - db
      - openldap
      #- haproxy
    secrets:
      - source: nextcloud_admin_pwd
        target: admin_pwd
        uid: '999'
        mode: 0440
      - source: ldap_nextcloud_pwd
        target: ldap_pwd
        uid: '999'
        mode: 0440
      - source: db_pwd
        target: mysql_pwd
        mode: 0440
    env_file:
      - nextcloud.env
    networks:
      - default
    ports:
      - "8000:80"
      - "8443:443"
    volumes:
      - ${NEXTCLOUD_DATA_VOLUME_PATH}:${NEXTCLOUD_DATA_PATH}

  #padlock:

  #gitlab:

  #turtl:

  #wordpress:

  #transmission:
    #image: lsioarmhf/transmission:15.01.17

 secrets:
  db_pwd:
    external: true
  ldap_pwd:
    external: true
  ldap_mail_pwd:
    external: true
  ldap_nextcloud_pwd:
    external: true
  nextcloud_admin_pwd:
    external: true
 networks:
  default:
    driver: overlay
--- a/env.template
+++ b/env.template
@@ -0,0 +1,31 @@
 # modify and copy to .env

 # DB
 DB_DATA_PATH=${VOLUMES_PATH}/mariadb/data
 #DB_CONFIG_PATH=${VOLUMES_PATH}/mariadb/config

 # LDAP
 LDAP_DOMAIN=${DOMAIN}
 LDAP_ORGANIZATION=${ORGANIZATION}
 LDAP_EXTENSION=${EXTENSION}
 LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd
 LDAP_DATA_PATH=${VOLUMES_PATH}/openldap/data
 LDAP_CONFIG_PATH=${VOLUMES_PATH}/openldap/config
 LDAP_CERTS_PATH=${VOLUMES_PATH}/openldap/certs

 # MAIL

 MAIL_HOSTNAME=mail
 MAIL_DOMAIN=${DOMAIN}
 MAIL_DATA_VOLUME_PATH=${VOLUMES_PATH}/mail
 #MAIL_STATE_VOLUME_PATH=${VOLUMES_PATH}/mail/state
 MAIL_DATA_PATH=/srv/vmail
 #MAIL_STATE_PATH=/var/mail-state

 # NEXTCLOUD

 NEXTCLOUD_VERSION=nextcloud-11.0.2
 # Internal data path
 NEXTCLOUD_DATA_PATH=/srv/nextcloud/data
 # external Volume path
 NEXTCLOUD_DATA_VOLUME_PATH=${VOLUMES_PATH}/nextcloud/data
--- a/haproxy.env.template
+++ b/haproxy.env.template
@@ -0,0 +1 @@
 NEXTCLOUD_URL=nextcloud.${DOMAIN}
--- a/images/rpi-email
+++ b/images/rpi-email
@@ -0,0 +1 @@
 Subproject commit 8bd86ab2e91d2fbb74cae3551264fa593b8c07fb
--- a/images/rpi-haproxy
+++ b/images/rpi-haproxy
@@ -0,0 +1 @@
 Subproject commit 36de66b8e7cc7762d5051d7fbd0aa1a1542c3d2c
--- a/images/rpi-mariadb
+++ b/images/rpi-mariadb
@@ -0,0 +1 @@
 Subproject commit f5e8d2b03c0304fd6d6b3e9dbf62b85eeb55326c
--- a/images/rpi-nextcloud
+++ b/images/rpi-nextcloud
@@ -0,0 +1 @@
 Subproject commit 10c73c0a9e08dede7e28a6c6d3746f714ef070c9
--- a/images/rpi-nginx
+++ b/images/rpi-nginx
@@ -0,0 +1 @@
 Subproject commit 19686aa1b81b85589e62f012e379d857d3becf43
--- a/images/rpi-nginx-php
+++ b/images/rpi-nginx-php
@@ -0,0 +1 @@
 Subproject commit c5d459989fa6fff796108fde7be7a57453015c2e
--- a/images/rpi-openldap
+++ b/images/rpi-openldap
@@ -0,0 +1 @@
 Subproject commit fc9d5fc06fc81b7c5a7660851b92b16c00fb2b0a
--- a/mail.env.template
+++ b/mail.env.template
@@ -0,0 +1,7 @@
 DOMAIN=${DOMAIN}
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${MAIL_LDAP_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
 LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
 LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}
 VIRTUAL_DOMAINS=()
 DATA_CHOWN=1
--- a/nextcloud.env.template
+++ b/nextcloud.env.template
@@ -0,0 +1,15 @@
 NEXTCLOUD_DOMAIN=${DOMAIN}
 NEXTCLOUD_SERVER_NAME=nextcloud
 NEXTCLOUD_ADMIN_PWD_FILE=/run/secrets/admin_pwd
 DATA_CHOWN=1
 # LDAP
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${NEXTCLOUD_LDAP_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
 LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
 #LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}
 LDAP_SEARCH_BASE=dc=${ORGANIZATION},dc=${EXTENSION}
 # DB
 MYSQL_ROOT_PWD_FILE=/run/secrets/mysql_pwd
 DB_HOST=db
 NEXTCLOUD_DB_NAME=nextcloud
 NEXTCLOUD_DB_USER=nextcloud
--- a/openldap.env.template
+++ b/openldap.env.template
@@ -0,0 +1,25 @@
 VOLUMES_PATH=${VOLUMES_PATH}
 LDAP_DOMAIN=${DOMAIN}
 LDAP_ORGANIZATION=${ORGANIZATION}
 LDAP_EXTENSION=${EXTENSION}
 LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd
 LDAP_MAIL_PWD_FILE=/run/secrets/mail_pwd
 LDAP_NEXTCLOUD_PWD_FILE=/run/secrets/nextcloud_pwd
 DEBUG_LEVEL=0
 #BKP_FILE=/tmp/ldap_bkp.ldif
 LDAP_BACKEND="hdb"
 LDAP_LOG_LEVEL="256"
 LDAP_BASE_DN=""
 LDAP_READONLY_USER="false"
 LDAP_BACKEND="hdb"
 LDAP_TLS="true"
 LDAP_TLS_CRT_FILENAME="ldap.crt"
 LDAP_TLS_KEY_FILENAME="ldap.key"
 LDAP_TLS_CA_CRT_FILENAME="ca.crt"
 LDAP_TLS_ENFORCE="false"
 LDAP_TLS_CIPHER_SUITE="SECURE256:-VERS-SSL3.0"
 LDAP_TLS_PROTOCOL_MIN="3.1"
 LDAP_TLS_VERIFY_CLIENT="demand"
 LDAP_REPLICATION="false"
 LDAP_REMOVE_CONFIG_AFTER_SETUP="true"
 LDAP_SSL_HELPER_PREFIX="ldap"
--- a/rpi-nextcloud
+++ b/rpi-nextcloud
@@ -0,0 +1 @@
 Subproject commit 10c73c0a9e08dede7e28a6c6d3746f714ef070c9
--- a/setup.sh
+++ b/setup.sh
@@ -0,0 +1,131 @@
 #!/bin/bash

 DEFAULT_VOLUMES=/media/volumes
 PWD_GEN='< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;'
 #PWD_GEN='openssl rand -base64 20'
 DEFAULT_LDAP_MAIL_UID='mail'
 DEFAULT_LDAP_NEXTCLOUD_UID='nextcloud'

 read -p "Main domain: " domain
 while [[ ! $domain =~ ^.*\.[a-z]{2,}$ ]]; do
    read -p "Please Enter a valid domain: " domain
 done
 # TODO: more than 1 level domains
 org=`echo $domain | cut -f1 -d'.'`
 ext=`echo $domain | cut -f2 -d'.'`

 read -p "Volumes path ($DEFAULT_VOLUMES): " volumes
 if [[ ${#volumes} -eq 0 ]]; then
    volumes=$DEFAULT_VOLUMES
 fi

 read -p "DB admin password (a random one will be generated if empty): " db_pwd
 if [[ ${#db_pwd} -eq 0 ]]; then
    db_pwd=`eval "$PWD_GEN"`
 fi

 read -p "LDAP admin password (a random one will be generated if empty): " ldap_pwd
 if [[ ${#ldap_pwd} -eq 0 ]]; then
    ldap_pwd=`eval "$PWD_GEN"`
 fi

 read -p "LDAP Mail Bind DN uid ($DEFAULT_LDAP_MAIL_UID): " ldap_mail_uid
 if [[ ${#ldap_mail_uid} -eq 0 ]]; then
    ldap_mail_uid=$DEFAULT_LDAP_MAIL_UID
 fi

 read -p "LDAP Mail Bind DN Pwd (a random one will be generated if empty): " ldap_mail_pwd
 if [[ ${#ldap_mail_pwd} -eq 0 ]]; then
    ldap_mail_pwd=`eval "$PWD_GEN"`
 fi

 read -p "LDAP Nextcloud Bind DN uid ($DEFAULT_LDAP_NEXTCLOUD_UID): " ldap_nextcloud_uid
 if [[ ${#ldap_nextcloud_uid} -eq 0 ]]; then
    ldap_nextcloud_uid=$DEFAULT_LDAP_NEXTCLOUD_UID
 fi

 read -p "LDAP Nextcloud Bind DN Pwd (a random one will be generated if empty): " ldap_nextcloud_pwd
 if [[ ${#ldap_nextcloud_pwd} -eq 0 ]]; then
    ldap_nextcloud_pwd=`eval "$PWD_GEN"`
 fi

 read -p "Nextcloud Admin User Pwd (a random one will be generated if empty): " nextcloud_admin_pwd
 if [[ ${#nextcloud_admin_pwd} -eq 0 ]]; then
    nextcloud_admin_pwd=`eval "$PWD_GEN"`
 fi

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
 echo "///////////////// PLEASE CONFIRM /////////////////"
 echo "//////////////////////////////////////////////////"
 echo $'\E[1;30m'

 echo Your domain is:                       $domain
 echo Your Volumes path is:                 $volumes
 echo Your LDAP Mail Bind DN Uid is:        $ldap_mail_uid
 echo Your LDAP Nextcloud Bind DN Uid is:   $ldap_nextcloud_uid

 echo $'\E[1;37m'
 read -p "Are These Settings Correct? Yes (y), No (n): " confirm
 while [[ ! $confirm =~ ^[yYnN]{1}$ ]]; do
    read -p "Please Enter 'y' or 'n' To Confirm Settings: " confirm
 done

 if [[ $confirm != [yY] ]]; then
    exit 1
 fi

 # Generate docker secrets
 echo $db_pwd | docker secret create db_pwd -
 echo $ldap_pwd | docker secret create ldap_pwd -
 echo $ldap_mail_pwd | docker secret create ldap_mail_pwd -
 echo $ldap_nextcloud_pwd | docker secret create ldap_nextcloud_pwd -
 echo $nextcloud_admin_pwd | docker secret create nextcloud_admin_pwd -

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
 echo "///////////// COPYING TEMPLATE FILES /////////////"
 echo "//////////////////////////////////////////////////"
 echo $'\E[1;30m'

 cp env.template .env
 cp openldap.env.template openldap.env
 cp mail.env.template mail.env
 cp nextcloud.env.template nextcloud.env
 cp haproxy.env.template haproxy.env

 for i in `ls *.env .env`; do
    sed -i "s/\${DOMAIN}/${domain}/g" $i
    sed -i "s/\${ORGANIZATION}/${org}/g" $i
    sed -i "s/\${EXTENSION}/${ext}/g" $i
    sed -i "s/\${VOLUMES_PATH}/${volumes//\//\\/}/g" $i
    sed -i "s/\${MAIL_LDAP_UID}/${ldap_mail_uid}/g" $i
    sed -i "s/\${NEXTCLOUD_LDAP_UID}/${ldap_nextcloud_uid}/g" $i
    #sed -i "s/\${}/$/g" $i
 done;

 # read variables
 . .env
 # repeated env variables
 echo "\nNEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
 echo "\nMAIL_DATA_PATH=${MAIL_DATA_PATH}" >> mail.env
 echo "\nNEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
 echo "//////////////// CREATING FOLDERS ////////////////"
 echo "//////////////////////////////////////////////////"
 echo $'\E[1;30m'

 # openldap
 sudo mkdir -p ${LDAP_DATA_PATH}
 sudo mkdir -p ${LDAP_CONFIG_PATH}
 sudo mkdir -p ${LDAP_CERTS_PATH}
 # db
 sudo mkdir -p ${DB_DATA_PATH}
 #sudo mkdir -p ${DB_CONFIG_PATH}
 # mail
 sudo mkdir -p ${MAIL_DATA_PATH}
 sudo mkdir -p ${MAIL_STATE_PATH}
 # nextcloud
 sudo mkdir -p ${NEXTCLOUD_DATA_PATH}
			@@ -0,0 +1 @@
			Subproject commit 8bd86ab2e91d2fbb74cae3551264fa593b8c07fb
			@@ -0,0 +1 @@
			Subproject commit 36de66b8e7cc7762d5051d7fbd0aa1a1542c3d2c
			@@ -0,0 +1 @@
			Subproject commit f5e8d2b03c0304fd6d6b3e9dbf62b85eeb55326c
			@@ -0,0 +1 @@
			Subproject commit 10c73c0a9e08dede7e28a6c6d3746f714ef070c9
			@@ -0,0 +1 @@
			Subproject commit 19686aa1b81b85589e62f012e379d857d3becf43
			@@ -0,0 +1 @@
			Subproject commit c5d459989fa6fff796108fde7be7a57453015c2e
			@@ -0,0 +1 @@
			Subproject commit fc9d5fc06fc81b7c5a7660851b92b16c00fb2b0a