il y a 7 ans · e31ee0ec46
--- a/README.md
+++ b/README.md
@@ -238,6 +238,11 @@ You generate the password with:

    slappasswd -s your-password

 You can use the following script to add users if you have previously created `ldif` files:

    ./add_users <your-stack-name>


 MariaDB
 -------

@@ -250,6 +255,12 @@ After first run, set DATA_CHOWN=0. Otherwise every time you deploy the whole fol

 Need to log in as admin for the first time and enable Apps manually.

 Let's Encrypt
 -------------
 Run the following script to enable Let's Encrypt for Nextcloud:

    ./letsencrypt.sh <your-stack-name>

 Dynamic DNS
 -----------

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,6 @@ services:
    build:
      context: ./images/rpi-openldap/
    image: bingen/rpi-openldap:latest
    deploy:
      replicas: 1
    secrets:
      - source: ldap_pwd
        target: admin_pwd
@@ -31,17 +29,15 @@ services:
      #- "639:639"
      #- "8080:80"
    volumes:
      - ${LDAP_DATA_PATH}:/var/lib/ldap
      - ${LDAP_CONFIG_PATH}:/etc/ldap/slapd.d
      - ${LDAP_CERTS_PATH}:/container/service/slapd/assets/certs/
      - ${LDAP_DATA_VOLUME_PATH}:/var/lib/ldap
      - ${LDAP_CONFIG_VOLUME_PATH}:/etc/ldap/slapd.d
      - ${LDAP_CERTS_VOLUME_PATH}:/container/service/slapd/assets/certs/
    hostname: openldap.${LDAP_DOMAIN}

  db:
    build:
      context: ./images/rpi-mariadb/
    image: bingen/rpi-mariadb:latest
    deploy:
      replicas: 1
    secrets:
      - source: db_pwd
        target: admin_pwd
@@ -54,8 +50,8 @@ services:
    #ports:
      #- "3306:3306"
    volumes:
      #- ${DB_CONFIG_PATH}:/etc/mysql
      - ${DB_DATA_PATH}:/var/lib/mysql
      #- ${DB_CONFIG_VOLUME_PATH}:/etc/mysql
      - ${DB_DATA_VOLUME_PATH}:/var/lib/mysql

  haproxy:
    build:
@@ -64,8 +60,6 @@ services:
    depends_on:
      # For DNS resolution
      - nextcloud
    deploy:
      replicas: 1
    env_file:
      - haproxy.env
    networks:
@@ -79,8 +73,6 @@ services:
    image: bingen/rpi-mailserver:latest
    depends_on:
      - openldap
    deploy:
      replicas: 1
    secrets:
      - source: ldap_mail_pwd
        target: ldap_pwd
@@ -146,9 +138,31 @@ services:
      - ${NEXTCLOUD_DATA_VOLUME_PATH}:${NEXTCLOUD_DATA_PATH}
      - ${NEXTCLOUD_BACKUP_VOLUME_PATH}:${NEXTCLOUD_BACKUP_PATH}

  #gogs:
  paperless:
    build:
      context: ./images/rpi-paperless/
    image: bingen/rpi-paperless
    ports:
      - "8081:8000"
      - "21:21"
    volumes:
      - ${PAPERLESS_DATA_VOLUME_PATH}:/usr/src/paperless/data
      - ${PAPERLESS_MEDIA_VOLUME_PATH}:/usr/src/paperless/media
      - ${PAPERLESS_CONSUMPTION_VOLUME_PATH}:${PAPERLESS_CONSUMPTION_PATH}
      - ${PAPERLESS_EXPORT_VOLUME_PATH}:${PAPERLESS_EXPORT_PATH}
    secrets:
      - source: paperless_webserver_pwd
        target: webserver_pwd
        uid: '999'
        mode: 0440
      - source: paperless_passphrase
        target: passphrase
        uid: '999'
        mode: 0440
    env_file:
      - paperless.env

  #turtl:
  #gogs:

  #wordpress:

@@ -170,6 +184,10 @@ secrets:
    external: true
  nextcloud_secret:
    external: true
  paperless_webserver_pwd:
    external: true
  paperless_passphrase:
    external: true
 networks:
  default:
    driver: overlay
--- a/env.template
+++ b/env.template
@@ -1,17 +1,17 @@
 # modify and copy to .env

 # DB
 DB_DATA_PATH=${VOLUMES_PATH}/mariadb/data
 #DB_CONFIG_PATH=${VOLUMES_PATH}/mariadb/config
 DB_DATA_VOLUME_PATH=${VOLUMES_PATH}/mariadb/data
 #DB_CONFIG_VOLUME_PATH=${VOLUMES_PATH}/mariadb/config

 # LDAP
 LDAP_DOMAIN=${DOMAIN}
 LDAP_ORGANIZATION=${ORGANIZATION}
 LDAP_EXTENSION=${EXTENSION}
 LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd
 LDAP_DATA_PATH=${VOLUMES_PATH}/openldap/data
 LDAP_CONFIG_PATH=${VOLUMES_PATH}/openldap/config
 LDAP_CERTS_PATH=${VOLUMES_PATH}/openldap/certs
 LDAP_DATA_VOLUME_PATH=${VOLUMES_PATH}/openldap/data
 LDAP_CONFIG_VOLUME_PATH=${VOLUMES_PATH}/openldap/config
 LDAP_CERTS_VOLUME_PATH=${VOLUMES_PATH}/openldap/certs

 # MAIL

@@ -33,3 +33,12 @@ NEXTCLOUD_DATA_VOLUME_PATH=${VOLUMES_PATH}/nextcloud/data
 NEXTCLOUD_BACKUP_PATH=/srv/nextcloud/backup
 # external Volume path
 NEXTCLOUD_BACKUP_VOLUME_PATH=${VOLUMES_PATH}/nextcloud/backup

 # PAPERLESS

 PAPERLESS_DATA_VOLUME_PATH=${VOLUMES_PATH}/paperless/data
 PAPERLESS_MEDIA_VOLUME_PATH=${VOLUMES_PATH}/paperless/media
 PAPERLESS_CONSUMPTION_VOLUME_PATH=${VOLUMES_PATH}/paperless/consume
 PAPERLESS_CONSUMPTION_PATH=/consume
 PAPERLESS_EXPORT_VOLUME_PATH=${VOLUMES_PATH}/paperless/export
 PAPERLESS_EXPORT_PATH=/export
--- a/paperless.env.template
+++ b/paperless.env.template
@@ -0,0 +1,9 @@
 # Webserver
 PAPERLESS_WEBSERVER_USER=${PAPERLESS_WEBSERVER_USER}
 PAPERLESS_WEBSERVER_PWD_FILE=/run/secrets/webserver_pwd
 # paperless variables
 PAPERLESS_PASSPHRASE_FILE=/run/secrets/passphrase
 #PAPERLESS_OCR_THREADS=
 PAPERLESS_OCR_LANGUAGES=cat spa
 #USERMAP_UID=
 #USERMAP_GID=
--- a/setup.sh
+++ b/setup.sh
@@ -64,6 +64,21 @@ echo "They are used by Passman and need to remain the same for the vaults to be
 read -p "Nextcloud Pwd Salt (a random one will be generated by NC if empty): " nextcloud_salt
 read -p "Nextcloud Secret (a random one will be generated by NC if empty): " nextcloud_secret

 read -p "Paperless Web Server User (paperless): " paperless_webserver_user
 if [[ ${#paperless_webserver_user} -eq 0 ]]; then
    paperless_webserver_user=paperless
 fi

 read -p "Paperless Web Server Pwd (a random one will be generated if empty): " paperless_webserver_pwd
 if [[ ${#paperless_webserver_pwd} -eq 0 ]]; then
    paperless_webserver_pwd=`eval "$PWD_GEN"`
 fi

 read -p "Paperless Encryption Passphrase (a random one will be generated if empty): " paperless_passphrase
 if [[ ${#paperless_passphrase} -eq 0 ]]; then
    paperless_=`eval "$PWD_GEN"`
 fi

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
 echo "///////////////// PLEASE CONFIRM /////////////////"
@@ -75,6 +90,7 @@ echo Your Volumes path is:                 $volumes
 echo Your LDAP Mail Bind DN Uid is:        $ldap_mail_uid
 echo Your LDAP Nextcloud Bind DN Uid is:   $ldap_nextcloud_uid
 echo Your Let\'s Encrypt account e-mail:   $letsencrypt_email
 echo Your PAperless Web Server User:       $paperless_webserver_user

 echo $'\E[1;37m'
 read -p "Are These Settings Correct? Yes (y), No (n): " confirm
@@ -94,6 +110,8 @@ echo $ldap_nextcloud_pwd | docker secret create ldap_nextcloud_pwd -
 echo $nextcloud_admin_pwd | docker secret create nextcloud_admin_pwd -
 echo $nextcloud_salt | docker secret create nextcloud_salt -
 echo $nextcloud_secret | docker secret create nextcloud_secret -
 echo $paperless_webserver_pwd | docker secret create paperless_webserver_pwd -
 echo $paperless_passphrase | docker secret create paperless_passphrase -

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
@@ -106,6 +124,7 @@ cp openldap.env.template openldap.env
 cp mail.env.template mail.env
 cp nextcloud.env.template nextcloud.env
 cp haproxy.env.template haproxy.env
 cp paperless.env.template paperless.env

 for i in `ls *.env .env`; do
    sed -i "s/\${DOMAIN}/${domain}/g" $i
@@ -115,16 +134,19 @@ for i in `ls *.env .env`; do
    sed -i "s/\${MAIL_LDAP_UID}/${ldap_mail_uid}/g" $i
    sed -i "s/\${NEXTCLOUD_LDAP_UID}/${ldap_nextcloud_uid}/g" $i
    sed -i "s/\${LETSENCRYPT_EMAIL}/${letsencrypt_email}/g" $i
    sed -i "s/\${PAPERLESS_WEBSERVER_USER}/${paperless_webserver_user}/g" $i
    #sed -i "s/\${}/${}/g" $i
 done;

 # read variables
 . .env
 # repeated env variables
 echo "\nNEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
 echo "\nMAIL_DATA_PATH=${MAIL_DATA_PATH}" >> mail.env
 echo "\nNEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
 echo "\nNEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env
 echo "\nNEXTCLOUD_BACKUP_PATH=${NEXTCLOUD_BACKUP_PATH}" >> nextcloud.env
 echo "\nPAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUPTION_PATH}" >> paperless.env
 echo "\nPAPERLESS_EXPORT_DIR=${PAPERLESS_EXPORT_PATH}" >> paperless.env

 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
@@ -133,19 +155,24 @@ echo "//////////////////////////////////////////////////"
 echo $'\E[1;30m'

 # openldap
 sudo mkdir -p ${LDAP_DATA_PATH}
 sudo mkdir -p ${LDAP_CONFIG_PATH}
 sudo mkdir -p ${LDAP_CERTS_PATH}
 sudo mkdir -p ${LDAP_DATA_VOLUME_PATH}
 sudo mkdir -p ${LDAP_CONFIG_VOLUME_PATH}
 sudo mkdir -p ${LDAP_CERTS_VOLUME_PATH}
 # db
 sudo mkdir -p ${DB_DATA_PATH}
 #sudo mkdir -p ${DB_CONFIG_PATH}
 sudo mkdir -p ${DB_DATA_VOLUME_PATH}
 #sudo mkdir -p ${DB_CONFIG_VOLUME_PATH}
 # mail
 sudo mkdir -p ${MAIL_DATA_PATH}
 sudo mkdir -p ${MAIL_DATA_PATH}/getmail
 #sudo mkdir -p ${MAIL_STATE_PATH}
 sudo mkdir -p ${MAIL_DATA_VOLUME_PATH}
 sudo mkdir -p ${MAIL_DATA_VOLUME_PATH}/getmail
 #sudo mkdir -p ${MAIL_STATE_VOLUME_PATH}
 # nextcloud
 sudo mkdir -p ${NEXTCLOUD_DATA_PATH}
 sudo mkdir -p ${NEXTCLOUD_BACKUP_PATH}
 sudo mkdir -p ${NEXTCLOUD_DATA_VOLUME_PATH}
 sudo mkdir -p ${NEXTCLOUD_BACKUP_VOLUME_PATH}
 # paperless
 sudo mkdir -p ${PAPERLESS_DATA_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_MEDIA_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_CONSUMPTION_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_EXPORT_VOLUME_PATH}

 echo "Copying gemail confs"
 cp images/rpi-email/getmail/getmailrc-* ${MAIL_DATA_PATH}/getmail/
 cp images/rpi-email/getmail/getmailrc-* ${MAIL_DATA_VOLUME_PATH}/getmail/