diff --git a/README.md b/README.md index 29a0f0a..018bc7a 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ cp -R custom.sample custom Edita i substitueix els fitxers per personalitzar el sistema. ``` -make all +./dd-ctl all ``` NOTA: L'autenticació SAML actualment es troba automatitzada: @@ -135,7 +135,7 @@ Copia recursivament la carpeta *custom.sample* a *custom* i edita els fitxers ya ### Iniciar el projecte ``` -make all +./dd-ctl all ``` ### Integració diff --git a/README_en.md b/README_en.md index 76a24cd..56d9f61 100644 --- a/README_en.md +++ b/README_en.md @@ -72,7 +72,7 @@ cp -R custom.sample custom Edit and replace files to personalize system. ``` -make all +./dd-ctl all ``` NOTE: The SAML Auth in plugin automation status now is: @@ -134,7 +134,7 @@ Copia recursivament la carpeta *custom.sample* a *custom* i edita els fitxers ya ### Inicial el projecte ``` -make all +./dd-ctl all ``` ### Integració diff --git a/Makefile b/dd-ctl old mode 100644 new mode 100755 similarity index 55% rename from Makefile rename to dd-ctl index 08a7052..14feb73 --- a/Makefile +++ b/dd-ctl @@ -1,34 +1,42 @@ -#!make +#!/bin/sh -# if [ ! -d "custom" ]; then echo "You need to copy custom.sample to custom folder and adapt." && exit 1; fi -# if [ ! -f "digitaldemocratic.conf" ]; then echo "You need to copy digitaldemocratic.conf.sample to .sample to custom folder and adapt" && exit 1; fi -# folder and adapt before bringing up." && exit 1; fi +if [ ! -d "custom" ]; then echo "You need to copy custom.sample to custom folder and adapt it to your needs." && exit 1; fi +if [ ! -f "digitaldemocratic.conf" ]; then echo "You need to copy digitaldemocratic.conf.sample to .sample to custom folder and adapt" && exit 1; fi -include digitaldemocratic.conf -export $(shell sed 's/=.*//' digitaldemocratic.conf) +OPERATION="$1" +if [ -z "$OPERATION" ]; then + set +x + echo "Missing command." + echo " Example: ./dd.ctl [operation] [branch]" + echo "./dd-ctl prepare" + echo "./dd-ctl build" + echo "./dd-ctl up" + echo "./dd-ctl down" + echo "./dd-ctl customize" + exit 1 +fi -VERSION := 0.0.1-rc0 -export VERSION +BRANCH="$2" +if [ -z "$BRANCH" ]; then + BRANCH="master" +fi -CUSTOM_PATH=$(shell pwd) -.PHONY: all -all: add-plugins +cp digitaldemocratic.conf .env +CUSTOM_PATH=$(pwd) +. ./.env -.PHONY: environment -environment: +prepare_submodules(){ git submodule update --init --recursive - mkdir -p custom/system/keycloak - cp -R isard-sso/docker/keycloak/themes custom/system/keycloak/ - cp custom/login/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/logo.png - cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png - cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png - cp custom/login/style.css custom/system/keycloak/themes/liiibrelite/login/resources/css/ + cd isard-apps && git fetch && git reset --hard origin/$BRANCH && cd .. + cd isard-sso && git fetch && git reset --hard origin/$BRANCH && cd .. +} - # Prepare apps environment - cp digitaldemocratic.conf isard-apps/.env - echo "CUSTOM_PATH=$(CUSTOM_PATH)" >> isard-apps/.env - echo "BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-apps" >> isard-apps/.env +prepare(){ + ## Prepare apps environment + cp .env isard-apps/.env + echo "CUSTOM_PATH=$CUSTOM_PATH" >> isard-apps/.env + echo "BUILD_ROOT_PATH=$CUSTOM_PATH/isard-apps" >> isard-apps/.env cp isard-apps/.env isard-apps/docker/postgresql && \ cp isard-apps/.env isard-apps/docker/mariadb && \ cp isard-apps/.env isard-apps/docker/moodle && \ @@ -36,17 +44,23 @@ environment: cp isard-apps/.env isard-apps/docker/wordpress && \ cp isard-apps/.env isard-apps/docker/etherpad - # Prepare sso environment - cp digitaldemocratic.conf isard-sso/.env - echo "CUSTOM_PATH=$(CUSTOM_PATH)" >> isard-sso/.env - echo "BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso" >> isard-sso/.env + ## Prepare sso environment + cp .env isard-sso/.env + echo "CUSTOM_PATH=$CUSTOM_PATH" >> isard-sso/.env + echo "BUILD_ROOT_PATH=$CUSTOM_PATH/isard-sso" >> isard-sso/.env cp isard-sso/.env isard-sso/docker-compose-parts/.env -.PHONY: build -build: environment - echo CUSTOM_PATH=$(CUSTOM_PATH) > .env - echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso >> .env + mkdir -p custom/system/keycloak + cp -R isard-sso/docker/keycloak/themes custom/system/keycloak/ + cp custom/login/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/logo.png + cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png + cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png + cp custom/login/style.css custom/system/keycloak/themes/liiibrelite/login/resources/css/ + + # Build compose ymls + echo CUSTOM_PATH=$CUSTOM_PATH > .env + echo BUILD_ROOT_PATH=$CUSTOM_PATH/isard-sso >> .env docker-compose -f isard-sso/docker-compose-parts/haproxy.yml \ -f isard-sso/docker-compose-parts/api.yml \ -f isard-sso/docker-compose-parts/keycloak.yml \ @@ -56,7 +70,7 @@ build: environment -f isard-sso/docker-compose-parts/backup.yml \ config > sso.yml #-f isard-sso/docker-compose-parts/freeipa.yml - echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-apps > .env + echo BUILD_ROOT_PATH=$CUSTOM_PATH/isard-apps > .env docker-compose -f isard-apps/docker/moodle/moodle.yml \ -f isard-apps/docker/nextcloud/nextcloud.yml \ -f isard-apps/docker/wordpress/wordpress.yml \ @@ -69,46 +83,29 @@ build: environment config > apps.yml docker-compose -f sso.yml -f apps.yml config > docker-compose.yml rm sso.yml apps.yml + +} + +build(){ docker-compose build +} -.PHONY: up -up: build - docker-compose up -d --no-deps +up(){ + docker-compose up -d +} -.PHONY: down -down: +down(){ docker-compose down +} -# .PHONY: remove -# remove: down -# rm -rf /opt/digitaldemocratic/postgres -# rm -rf /opt/digitaldemocratic/redis -# rm -rf /opt/digitaldemocratic/wordpress -# rm -rf /opt/digitaldemocratic/nextcloud -# rm -rf /opt/digitaldemocratic/mariadb -# rm -rf /opt/digitaldemocratic/freeipa - # Leaves haproxy folder with certificates. Remove manually to get new certificates. - -.PHONY: add-plugins -add-plugins: connect-saml - # Add dd admin user (NOT USED, done in isard-sso-admin) - # docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $$DDADMIN_USER -p $$DDADMIN_PASSWORD - # docker restart isard-sso-keycloak - # sleep 10 - # docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $$DDADMIN_USER' +setup_nextcloud(){ + echo " --> Applying custom settings in nextcloud" + # docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $DDADMIN_USER' # docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin' # docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=LostAdminGroup && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin' - - # Wordpress - ## Multisite - docker exec -ti isard-apps-wordpress /bin/sh -c "/multisite.sh" - - docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/plugins/saml/onelogin-saml-sso ]; then cp -R /plugins/saml/onelogin-saml-sso /var/www/html/wp-content/plugins/; fi" - docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/mu-plugins ]; then cp -R /plugins/mu-plugins /var/www/html/wp-content/; fi" - # Nextcloud - #cp -R $$BUILD_ROOT_PATH/isard-apps/docker/nextcloud/themes/* $$DATA_FOLDER/nextcloud/themes/ + #cp -R $BUILD_ROOT_PATH/isard-apps/docker/nextcloud/themes/* $DATA_FOLDER/nextcloud/themes/ docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set default_language --value="ca" docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set skeletondirectory --value='' docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:disable firstrunwizard @@ -130,76 +127,203 @@ add-plugins: connect-saml docker exec -ti isard-apps-nextcloud-app /bin/sh -c "/ownpad_cfg.sh" docker exec -ti isard-apps-nextcloud-app /bin/sh -c "su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ app:enable ownpad'" docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_enable --value="yes" - docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_host --value="https://pad.$$DOMAIN" + docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN" docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install onlyoffice - docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value="https://oof.$$DOMAIN" + docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN" docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_secret --value="secret" docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_header --value="Authorization" # Allow nextcloud into other apps iframes - # Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN; - docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + # Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN; + docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - # Content-Security-Policy: connect-src 'self' *.$$DOMAIN; - docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + # Content-Security-Policy: connect-src 'self' *.$DOMAIN; + docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - # Content-Security-Policy: img-src 'self' *.$$DOMAIN; - docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + # Content-Security-Policy: img-src 'self' *.$DOMAIN; + docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - # Content-Security-Policy: style-src 'self' *.$$DOMAIN; - docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + # Content-Security-Policy: style-src 'self' *.$DOMAIN; + docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - # Content-Security-Policy: font-src 'self' *.$$DOMAIN; - docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + # Content-Security-Policy: font-src 'self' *.$DOMAIN; + docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - # CERTIFICATES FOR SAML - docker exec -ti isard-sso-admin /bin/sh -c "/admin/generate_certificates.sh" + # Fix onlyoffice size with custom navbar + docker exec isard-apps-nextcloud-app sed -ie 's/\(\s\+min-height: calc(100% - \)50\(px);\)/\175\2/' /var/www/html/custom_apps/onlyoffice/css/editor.css +} - # SAML PLUGIN NEXTCLOUD - docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py - - # SAML PLUGIN WORDPRESS - docker exec -ti isard-sso-admin python3 /admin/wordpress_saml.py - - # SAML PLUGIN MOODLE - echo "To add SAML to moodle:" - echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate" - echo "2.-Then run: docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py" - echo "3.-" - - # Moodle +setup_moodle(){ + echo " --> Applying custom settings in moodle" docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=guestloginbutton --set=0 docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enrol_plugins_enabled --set=manual docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablemobilewebservice --set=0 docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablebadges --set=0 docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php +} + +setup_wordpress(){ + echo " --> Applying custom settings in wordpress" + ## Multisite + docker exec -ti isard-apps-wordpress /bin/sh -c "/multisite.sh" + + docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/plugins/saml/onelogin-saml-sso ]; then cp -R /plugins/saml/onelogin-saml-sso /var/www/html/wp-content/plugins/; fi" + docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/mu-plugins ]; then cp -R /plugins/mu-plugins /var/www/html/wp-content/; fi" + +} + +setup_keycloak(){ + # Add dd admin user (NOT USED, done in isard-sso-admin) + # docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $DDADMIN_USER -p $DDADMIN_PASSWORD + # docker restart isard-sso-keycloak + sleep 10 +} -.PHONY: connect-saml -connect-saml: up - echo "Waiting for system to be fully up before personalizing... It can take some minutes..." +saml_certificates(){ + wait_for_moodle + echo " --> Setting up SAML for moodle" + docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 moodle_saml.py" + docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php + + # CERTIFICATES FOR SAML + echo " --> Generating certificates for nextcloud and wordpress" + docker exec -ti isard-sso-admin /bin/sh -c "/admin/generate_certificates.sh" + + # SAML PLUGIN NEXTCLOUD + echo " --> Setting up SAML for nextcloud" + docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 nextcloud_saml.py" + + # SAML PLUGIN WORDPRESS + echo " --> Setting up SAML for wordpress" + docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 wordpress_saml.py" + + # SAML PLUGIN MOODLE + # echo "To add SAML to moodle:" + # echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate" + # echo "2.-Then run: docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py" + # echo "3.-" +} + +wait_for_moodle(){ + echo "Waiting for system to be fully up before customizing... It can take some minutes..." + echo " (you can monitorize install with: docker logs isard-apps-moodle --follow" while [ "`docker inspect -f {{.State.Health.Status}} isard-apps-moodle`" != "healthy" ]; do sleep 2; done +} -adminer: - docker-compose -f isard-apps/docker/network.yml \ - -f isard-sso/docker-compose-parts/adminer.yml config > adminer.yml - -pgtuner: - docker-compose -f isard-apps/docker/network.yml \ - -f isard-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml - -upgrade-moodle: +upgrade_moodle(){ docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --enable docker exec -ti isard-apps-moodle php7 admin/cli/upgrade.php --non-interactive --allow-unstable docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --disable +} -.PHONY: devel -devel: build +extras_adminer(){ + docker-compose -f isard-apps/docker/network.yml \ + -f isard-sso/docker-compose-parts/adminer.yml config > adminer.yml + echo " --> Generated adminer.yml" + echo " Bring it up: docker-compose -f adminer.yml up -d" + echo " Connect to: https://admin.$DOMAIN/isard-sso-adminer/" + echo " Parameters:" + echo " - System: PostgreSQL (or Mysql for wordpress db)" + echo " Server: isard-apps-postgresql (or isard-apps-mariadb for wordpress db)" + echo " User/Pass/Database from digitaldemocratic.conf" +} + +extras_pgtuner(){ + docker-compose -f isard-apps/docker/network.yml \ + -f isard-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml + echo " --> Generated pgtuner.yml" +} + +extras_develop(){ echo CUSTOM_PATH=$(CUSTOM_PATH) > .env echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso >> .env docker-compose -f docker-compose.yml \ -f isard-sso/docker-compose-parts/api.devel.yml \ -f isard-sso/docker-compose-parts/admin.devel.yml \ config > devel.yml +} + +if [ "$OPERATION" = "prepare" ]; then + prepare_submodules + prepare + build +fi + +if [ "$OPERATION" = "build" ]; then + prepare_submodules + prepare + build +fi + +if [ "$OPERATION" = "up" ]; then + prepare_submodules + prepare + build + up +fi + +if [ "$OPERATION" = "customize" ]; then + up + wait_for_moodle + setup_nextcloud + setup_wordpress + setup_moodle +fi + +if [ "$OPERATION" = "saml" ]; then + up + saml_certificates +fi + +if [ "$OPERATION" = "all" ]; then + prepare_submodules + prepare + build + up + wait_for_moodle + setup_nextcloud + setup_wordpress + setup_moodle + saml_certificates + + echo "\n\n" + echo " #### After install ####" + echo " - SSO in moodle should be active. You can go to: https://moodle.$DOMAIN" + echo " - SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN" + echo " - SSO in wordpress needs manual activation. You should go to https://wp.$DOMAIN/wp-admin//plugins.php " + echo " and activate 'OneLogin SAML SSO' plugin" + + echo "\n\n" + echo " #### Update customizations ####" + echo " - ./dd-ctl customize" +fi + +if [ "$OPERATION" = "all-develop" ]; then + prepare + build + up + wait_for_moodle + setup_nextcloud + setup_wordpress + setup_moodle + saml_certificates +fi + +if [ "$OPERATION" = "adminer" ]; then + extras_adminer +fi + +if [ "$OPERATION" = "reset-7941" ]; then + echo "Resetting all but certificates" + docker-compose down + rm -rf /opt/digitaldemocratic/backup + rm -rf /opt/digitaldemocratic/data + rm -rf /opt/digitaldemocratic/db + rm -rf /opt/digitaldemocratic/src/avatars + rm -rf /opt/digitaldemocratic/src/moodle + rm -rf /opt/digitaldemocratic/src/nextcloud + rm -rf /opt/digitaldemocratic/src/wordpress +fi