748 lines
31 KiB
Bash
Executable File
748 lines
31 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
OPERATION="$1"
|
|
|
|
# We need docker-compose >= 1.28 to catch configuration variables
|
|
REQUIRED_DOCKER_COMPOSE_VERSION="1.28"
|
|
|
|
docker_compose_version(){
|
|
docker-compose --version --short | sed 's/^docker-compose version \([^,]\+\),.*$/\1/'
|
|
}
|
|
|
|
check_docker_compose_version(){
|
|
# We cannot use sort -C because is not included in BusyBox v1.33.1 of docker:dind image
|
|
{
|
|
echo "$REQUIRED_DOCKER_COMPOSE_VERSION"
|
|
docker_compose_version
|
|
} | sort -c -V 2> /dev/null
|
|
}
|
|
|
|
help() {
|
|
cat <<-EOF
|
|
Example: ./dd.ctl [operation] [arguments]
|
|
|
|
For a new installation, you usually will want to run:
|
|
./dd-ctl repo-update
|
|
./dd-ctl prerequisites
|
|
./dd-ctl securize
|
|
./dd-ctl all
|
|
./dd-ctl saml
|
|
|
|
|
|
Generate adminer.yml to access DBs: ./dd-ctl adminer
|
|
Bring the current project up: ./dd-ctl all
|
|
Branding (custom/img, custom/menu): ./dd-ctl branding
|
|
Build the compose files: ./dd-ctl build
|
|
Build the devel compose files: ./dd-ctl build-devel
|
|
Apply customizations: ./dd-ctl customize
|
|
Stop the project when started: ./dd-ctl down
|
|
Rescan nextcloud data folders: ./dd-ctl nextcloud-scan
|
|
Install all prerequisites for installation: ./dd-ctl prerequisites
|
|
Update repository: ./dd-ctl repo-update [branch-name] (defaults to main)
|
|
Restart api if changes applied (development): ./dd-ctl restart-api
|
|
Update SAML certificates: ./dd-ctl saml
|
|
Set secure passwords in digitaldemocratic.conf: ./dd-ctl securize
|
|
Set a config variable in digitaldemocratic.conf: ./dd-ctl setconf VARIABLE [VALUE]
|
|
Start the project when stopped: ./dd-ctl up
|
|
Upgrade plugins: ./dd-ctl upgrade-plugins
|
|
Regenerate docker-compose.yml from conf: ./dd-ctl yml
|
|
EOF
|
|
}
|
|
|
|
# Help messages
|
|
if [ -z "$OPERATION" ] || [ "$OPERATION" = "-h" ] || [ "$OPERATION" = "--help" ]; then
|
|
test -n "$OPERATION" || printf "Missing command.\n\n"
|
|
help
|
|
exit
|
|
fi
|
|
|
|
# Sanity checks
|
|
if [ "$OPERATION" != "prerequisites" ]; then
|
|
if [ ! -d "custom" ]; then
|
|
echo "You need to copy custom.sample to custom folder and adapt it to your needs."
|
|
exit 1
|
|
fi
|
|
if [ ! -f "digitaldemocratic.conf" ]; then
|
|
echo "You need to copy digitaldemocratic.conf.sample to digitaldemocratic.conf and adapt"
|
|
exit 1
|
|
fi
|
|
if ! check_docker_compose_version
|
|
then
|
|
echo "ERROR: Please use docker-compose greather than or equal to $REQUIRED_DOCKER_COMPOSE_VERSION." >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
REPO_BRANCH="${2:-main}"
|
|
|
|
|
|
cp digitaldemocratic.conf .env
|
|
CUSTOM_PATH=$(pwd)
|
|
. ./.env
|
|
|
|
prerequisites_docker(){
|
|
# Remove uncompatible docker packages
|
|
for pkg in docker docker-engine docker.io containerd runc; do
|
|
if dpkg -s "${pkg}" >/dev/null; then
|
|
apt-get remove -y "${pkg}"
|
|
fi
|
|
done
|
|
|
|
# Install upstream-docker repo pre-requisites
|
|
apt-get install -y \
|
|
apt-transport-https \
|
|
ca-certificates \
|
|
curl \
|
|
gnupg-agent \
|
|
software-properties-common \
|
|
git \
|
|
unzip \
|
|
libffi-dev
|
|
|
|
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
|
|
add-apt-repository \
|
|
"deb [arch=amd64] https://download.docker.com/linux/debian \
|
|
$(lsb_release -cs) \
|
|
stable"
|
|
apt-get update -y
|
|
# docker-ce must be used instead of the one from the distro
|
|
apt-get install -y docker-ce docker-ce-cli containerd.io
|
|
|
|
apt-get install -y python3-pip
|
|
# docker-compose > 1.28 is required, latest will be installed
|
|
pip3 install docker-compose
|
|
}
|
|
prerequisites_pwd(){
|
|
apt-get install -y dictionaries-common wamerican
|
|
}
|
|
|
|
update_repo(){
|
|
# Switch to latest version
|
|
git fetch && git checkout $REPO_BRANCH
|
|
# Needed for dd-apps submodules...
|
|
git submodule update --init --recursive
|
|
# Remove old repositories
|
|
for old_dir in isard-apps isard-sso; do
|
|
if [ -d "${old_dir}" ]; then
|
|
mkdir -p _old
|
|
mv "${old_dir}" "_old/${old_dir}_$(date +'%Y-%m-%d_%H-%M')"
|
|
fi
|
|
done
|
|
# Cleanup
|
|
for old_dir in isard-apps isard-sso; do
|
|
git submodule deinit "${old_dir}" || true
|
|
if [ -d "${old_dir}" ]; then
|
|
rmdir "${old_dir}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
build_compose(){
|
|
## Prepare apps environment
|
|
cp .env dd-apps/.env
|
|
echo "CUSTOM_PATH=$CUSTOM_PATH" >> dd-apps/.env
|
|
echo "BUILD_ROOT_PATH=$CUSTOM_PATH/dd-apps" >> dd-apps/.env
|
|
cp dd-apps/.env dd-apps/docker/postgresql && \
|
|
cp dd-apps/.env dd-apps/docker/mariadb && \
|
|
cp dd-apps/.env dd-apps/docker/moodle && \
|
|
cp dd-apps/.env dd-apps/docker/nextcloud && \
|
|
cp dd-apps/.env dd-apps/docker/wordpress && \
|
|
cp dd-apps/.env dd-apps/docker/etherpad
|
|
|
|
## Prepare sso environment
|
|
cp .env dd-sso/.env
|
|
echo "CUSTOM_PATH=$CUSTOM_PATH" >> dd-sso/.env
|
|
echo "BUILD_ROOT_PATH=$CUSTOM_PATH/dd-sso" >> dd-sso/.env
|
|
cp dd-sso/.env dd-sso/docker-compose-parts/.env
|
|
|
|
|
|
mkdir -p custom/system/keycloak
|
|
cp -R dd-sso/docker/keycloak/themes custom/system/keycloak/
|
|
cp custom/login/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/logo.png
|
|
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png
|
|
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png
|
|
|
|
if [ "$BEHIND_PROXY" = "true" ]; then
|
|
BEHIND="haproxy-behind.yml"
|
|
else
|
|
BEHIND="haproxy.yml"
|
|
fi
|
|
|
|
# Build compose ymls
|
|
echo CUSTOM_PATH=$CUSTOM_PATH > .env
|
|
echo BUILD_ROOT_PATH=$CUSTOM_PATH/dd-sso >> .env
|
|
docker-compose -f dd-sso/docker-compose-parts/$BEHIND \
|
|
-f dd-sso/docker-compose-parts/api.yml \
|
|
-f dd-sso/docker-compose-parts/keycloak.yml \
|
|
-f dd-sso/docker-compose-parts/avatars.yml \
|
|
-f dd-apps/docker/postgresql/postgresql.yml \
|
|
-f dd-sso/docker-compose-parts/admin.yml \
|
|
-f dd-sso/docker-compose-parts/backup.yml \
|
|
config > sso.yml
|
|
#-f dd-sso/docker-compose-parts/freeipa.yml
|
|
echo BUILD_ROOT_PATH=$CUSTOM_PATH/dd-apps > .env
|
|
docker-compose -f dd-apps/docker/moodle/moodle.yml \
|
|
-f dd-apps/docker/nextcloud/nextcloud.yml \
|
|
-f dd-apps/docker/wordpress/wordpress.yml \
|
|
-f dd-apps/docker/etherpad/etherpad.yml \
|
|
-f dd-apps/docker/onlyoffice/onlyoffice.yml \
|
|
-f dd-apps/docker/redis/redis.yml \
|
|
-f dd-apps/docker/postgresql/postgresql.yml \
|
|
-f dd-apps/docker/mariadb/mariadb.yml \
|
|
-f dd-apps/docker/network.yml \
|
|
config > apps.yml
|
|
docker-compose -f sso.yml -f apps.yml config > docker-compose.yml
|
|
rm sso.yml apps.yml
|
|
}
|
|
|
|
build(){
|
|
build_compose
|
|
docker-compose build
|
|
}
|
|
|
|
build_compose_develop(){
|
|
build_compose
|
|
## Prepare sso environment
|
|
cp .env dd-sso/.env
|
|
echo "CUSTOM_PATH=$CUSTOM_PATH" >> dd-sso/.env
|
|
echo "BUILD_ROOT_PATH=$CUSTOM_PATH/dd-sso" >> dd-sso/.env
|
|
cp dd-sso/.env dd-sso/docker-compose-parts/.env
|
|
|
|
# Build compose ymls
|
|
echo CUSTOM_PATH=$CUSTOM_PATH > .env
|
|
echo BUILD_ROOT_PATH=$CUSTOM_PATH/dd-sso >> .env
|
|
|
|
# echo CUSTOM_PATH=$(CUSTOM_PATH) > .env
|
|
# echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/dd-sso >> .env
|
|
docker-compose -f docker-compose.yml \
|
|
-f dd-sso/docker-compose-parts/api.devel.yml \
|
|
-f dd-sso/docker-compose-parts/admin.devel.yml \
|
|
config > devel.yml
|
|
}
|
|
|
|
up(){
|
|
docker-compose up -d
|
|
}
|
|
|
|
down(){
|
|
docker-compose down
|
|
}
|
|
|
|
setup_nextcloud(){
|
|
echo " --> Applying custom settings in nextcloud"
|
|
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $DDADMIN_USER'
|
|
|
|
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin'
|
|
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=LostAdminGroup && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin'
|
|
|
|
# docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set unaprova token --value "SuperS3cret"
|
|
|
|
#cp -R $BUILD_ROOT_PATH/isard-apps/docker/nextcloud/themes/* $DATA_FOLDER/nextcloud/themes/
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set default_language --value="ca"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set skeletondirectory --value=''
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:disable firstrunwizard
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:disable recommendations
|
|
|
|
# Add bruteforcesettings app. This host docker network should be added at this plugins settings through nextcloud ddadmin web ui.
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:install bruteforcesettings
|
|
|
|
# Custom forms
|
|
docker exec isard-apps-nextcloud-app apk add git npm composer
|
|
docker exec -u www-data isard-apps-nextcloud-app rm -rf /var/www/html/custom_apps/forms
|
|
docker exec -u www-data isard-apps-nextcloud-app git clone https://github.com/juanan3ip/form -b dependabot/npm_and_yarn/babel/eslint-parser-7.17.0 /var/www/html/custom_apps/forms
|
|
docker exec -u www-data isard-apps-nextcloud-app npm --prefix /var/www/html/custom_apps/forms install
|
|
docker exec -u www-data isard-apps-nextcloud-app composer -d/var/www/html/custom_apps/forms install --no-dev -o
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:enable forms
|
|
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install polls
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install calendar
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install spreed
|
|
|
|
# Big Blue Button
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install bbb
|
|
# Disable Big Blue Button media check by default
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set bbb join.mediaCheck --value="false"
|
|
# Disable Big Blue Button listen only mode by default
|
|
docker exec isard-apps-nextcloud-app sed -i.orig 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php
|
|
# Enable option to join muted to Big Blue Button room by default
|
|
docker exec isard-apps-nextcloud-app sed -i 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php
|
|
# Remove meeting join nextcloud bbb app dialog exclamation marks
|
|
docker exec isard-apps-nextcloud-app sh -c "sed -i.orig 's/\(^\s*\"Please enter your name!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json"
|
|
docker exec isard-apps-nextcloud-app sh -c "sed -i 's/\(^\s*\"Let\x27s go!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json"
|
|
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set theme --value=digitaldemocratic
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set allow_local_remote_servers --value=true
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings maintenance:theme:update
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:disable dashboard
|
|
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:install mail
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:enable mail
|
|
#docker exec -u www-data isard-apps-nextcloud-app php occ app:install user_saml
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:enable user_saml
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:install ownpad
|
|
docker exec isard-apps-nextcloud-app apk add jq
|
|
docker exec isard-apps-nextcloud-app sh -c 'jq ". + {\"pad\": [\"application/x-ownpad\"], \"calc\": [\"application/x-ownpad\"]}" /var/www/html/resources/config/mimetypemapping.dist.json > /var/www/html/config/mimetypemapping.json'
|
|
nextcloud_scan
|
|
# Open pads in a new tab/window
|
|
docker exec isard-apps-nextcloud-app sed -i.orig 's/^\(\s*\)\(var viewer = OC.generateUrl.*\)/\1\2\n\1window.open(viewer);\n\1return;/' /var/www/html/custom_apps/ownpad/js/ownpad.js
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ app:enable ownpad
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_enable --value="yes"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN"
|
|
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install onlyoffice
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_secret --value="secret"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_header --value="Authorization"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice sameTab --value="false"
|
|
# Moodle nextcloud task needs forcesave onlyoffice option
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set onlyoffice customizationForcesave --value="true"
|
|
|
|
|
|
# Allow nextcloud into other apps iframes
|
|
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;
|
|
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Content-Security-Policy: connect-src 'self' *.$DOMAIN;
|
|
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Content-Security-Policy: img-src 'self' *.$DOMAIN;
|
|
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Content-Security-Policy: style-src 'self' *.$DOMAIN;
|
|
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Content-Security-Policy: font-src 'self' *.$DOMAIN;
|
|
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Fix nextcloud files_external "segudos" typo
|
|
# https://github.com/nextcloud/server/pull/28990
|
|
docker exec isard-apps-nextcloud-app sh -c 'sed -i.orig -e "s/segudos/segundos/" /var/www/html/apps/files_external/l10n/es_*.js'
|
|
|
|
# Import fix from Nextcloud 22 of pdf viewer
|
|
# https://github.com/nextcloud/files_pdfviewer/issues/381#issuecomment-845806364
|
|
docker exec isard-apps-nextcloud-app sed -i 's/encodeURIComponent(i\[a\])/i[a]/' /var/www/html/apps/files_pdfviewer/js/files_pdfviewer-main.js
|
|
|
|
# Add default file for moodle activities
|
|
if [ ! -f $DATA_FOLDER/nextcloud/admin/files/template.docx ]; then
|
|
cp dd-apps/docker/nextcloud/template.docx $DATA_FOLDER/nextcloud/admin/files/
|
|
nextcloud_scan
|
|
fi
|
|
|
|
configure_nextcloud_logo
|
|
}
|
|
|
|
nextcloud_scan(){
|
|
# The folders shown as 'not writeable' are empty user folders. Not a problem.
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ files:scan --all
|
|
}
|
|
|
|
setup_moodle(){
|
|
echo " --> Applying custom settings in moodle"
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=guestloginbutton --set=0
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enrol_plugins_enabled --set=manual
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablemobilewebservice --set=0
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablebadges --set=0
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=timezone --set="${MOODLE_TIMEZONE-Europe/Madrid}"
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php
|
|
}
|
|
|
|
setup_wordpress(){
|
|
echo " --> Applying custom settings in wordpress"
|
|
## Multisite
|
|
docker exec -ti isard-apps-wordpress /bin/sh -c "/multisite.sh"
|
|
|
|
#docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/plugins/saml/onelogin-saml-sso ]; then cp -R /plugins/saml/onelogin-saml-sso /var/www/html/wp-content/plugins/; fi"
|
|
# docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/mu-plugins ]; then cp -R /plugins/mu-plugins /var/www/html/wp-content/; fi"
|
|
# docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin install onelogin-saml-sso --activate'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin activate onelogin-saml-sso'
|
|
# cp -R dd-apps/docker/nextcloud/onelogin-saml-sso $SRC_FOLDER/wordpress/wp-content/plugins/
|
|
# docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin activate onelogin-saml-sso'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin install generateblocks --activate'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin activate generateblocks --network'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp plugin delete hola'
|
|
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp theme install generatepress --activate'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp theme enable generatepress --network'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp theme delete twentynineteen'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp theme delete twentytwenty'
|
|
docker-compose run --user=33 isard-apps-wordpress-cli /bin/bash -c 'wp theme delete twentytwentyone'
|
|
docker-compose run --user=root isard-apps-wordpress-cli /bin/bash -c 'chown -R 33:33 /var/www/html/wp-content/uploads;'
|
|
}
|
|
|
|
setup_keycloak(){
|
|
# configure keycloack: realm and client_scopes
|
|
echo " --> Setting up SAML for moodle"
|
|
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 keycloak_config.py"
|
|
}
|
|
|
|
saml_certificates(){
|
|
wait_for_moodle
|
|
echo " --> Setting up SAML for moodle"
|
|
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 moodle_saml.py"
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php
|
|
|
|
# CERTIFICATES FOR SAML
|
|
echo " --> Generating certificates for nextcloud and wordpress"
|
|
docker exec -ti isard-sso-admin /bin/sh -c "/admin/generate_certificates.sh"
|
|
|
|
# SAML PLUGIN NEXTCLOUD
|
|
echo " --> Setting up SAML for nextcloud"
|
|
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 nextcloud_saml.py"
|
|
|
|
# SAML PLUGIN WORDPRESS
|
|
echo " --> Setting up SAML for wordpress"
|
|
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 wordpress_saml.py"
|
|
|
|
# SAML PLUGIN MOODLE
|
|
# echo "To add SAML to moodle:"
|
|
# echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate"
|
|
# echo "2.-Then run: docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py"
|
|
# echo "3.-"
|
|
}
|
|
|
|
wait_for_moodle(){
|
|
echo "Waiting for system to be fully up before customizing... It can take some minutes..."
|
|
echo " (you can monitorize install with: docker logs isard-apps-moodle --follow"
|
|
while [ "`docker inspect -f {{.State.Health.Status}} isard-apps-moodle`" != "healthy" ]; do sleep 2; done
|
|
}
|
|
|
|
upgrade_moodle(){
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --enable
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/upgrade.php --non-interactive --allow-unstable
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --disable
|
|
}
|
|
|
|
extras_adminer(){
|
|
docker-compose -f dd-apps/docker/network.yml \
|
|
-f dd-sso/docker-compose-parts/adminer.yml config > adminer.yml
|
|
echo " --> Generated adminer.yml"
|
|
echo " Bring it up: docker-compose -f adminer.yml up -d"
|
|
echo " Connect to: https://sso.$DOMAIN/isard-sso-adminer/"
|
|
echo " Parameters:"
|
|
echo " - System: PostgreSQL (or Mysql for wordpress db)"
|
|
echo " Server: isard-apps-postgresql (or isard-apps-mariadb for wordpress db)"
|
|
echo " User/Pass/Database from digitaldemocratic.conf"
|
|
}
|
|
|
|
extras_pgtuner(){
|
|
docker-compose -f dd-apps/docker/network.yml \
|
|
-f dd-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml
|
|
echo " --> Generated pgtuner.yml"
|
|
}
|
|
|
|
extras_nextcloud_remove_banned_ips(){
|
|
docker-compose exec isard-apps-postgresql psql -v ON_ERROR_STOP=1 \
|
|
-U admin nextcloud -c "DELETE FROM oc_bruteforce_attempts;"
|
|
}
|
|
|
|
extras_nextcloud_set_admin_group(){
|
|
docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin'
|
|
docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=N3xtcl0ud && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin'
|
|
}
|
|
|
|
extras_dump_keycloak_client(){
|
|
docker exec -ti isard-sso-keycloak sh -c "
|
|
/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password keycloakkeycloak \
|
|
&& /opt/jboss/keycloak/bin/kcadm.sh get clients/bef873f0-2079-4876-8657-067de27d01b7 -r master"""
|
|
}
|
|
upgrade_plugins_moodle(){
|
|
wait_for_moodle
|
|
rm -rf /tmp/moodle
|
|
|
|
mkdir -p /tmp/moodle/mod
|
|
mkdir -p /tmp/moodle/mod/assign/submission
|
|
mkdir -p /tmp/moodle/auth/saml2
|
|
mkdir -p /tmp/moodle/theme/cbe
|
|
mkdir -p /tmp/moodle/blocks
|
|
|
|
curl --location $MOODLE_PLUGIN_JITSI > jitsi.zip
|
|
unzip jitsi.zip -d /tmp/moodle/mod/
|
|
rm jitsi.zip
|
|
|
|
curl --location $MOODLE_PLUGIN_BBB > bbb.zip
|
|
unzip bbb.zip -d /tmp/moodle/mod/
|
|
rm bbb.zip
|
|
|
|
# curl --location https://github.com/isard-vdi/moodle-auth_saml2/archive/refs/heads/role_map.zip > auth_saml2.zip
|
|
# curl --location https://moodle.org/plugins/download.php/24556/auth_saml2_moodle311_2021062900.zip > auth_saml2.zip
|
|
curl --location $MOODLE_PLUGIN_SAML > auth_saml2.zip
|
|
unzip auth_saml2.zip -d /tmp/moodle/auth/
|
|
mv /tmp/moodle/auth/moodle-auth_saml2-role_map/* /tmp/moodle/auth/saml2/
|
|
rm -rf /tmp/moodle/auth/moodle-auth_saml2-role_map
|
|
rm auth_saml2.zip
|
|
|
|
if [[ "$MOODLE_PLUGIN_TRESIPUNTSHARE" == *"develop"* ]]; then
|
|
PLUGIN_BRANCH=develop
|
|
else
|
|
PLUGIN_BRANCH=master
|
|
fi
|
|
curl --location $MOODLE_PLUGIN_TRESIPUNTSHARE > tresipuntshare.zip
|
|
unzip tresipuntshare.zip -d /tmp/moodle/mod/
|
|
mv /tmp/moodle/mod/moodle_mod_tresipuntshare-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntshare
|
|
rm tresipuntshare.zip
|
|
|
|
if [[ "$MOODLE_PLUGIN_TRESIPUNTVIDEO" == *"develop"* ]]; then
|
|
PLUGIN_BRANCH=develop
|
|
else
|
|
PLUGIN_BRANCH=master
|
|
fi
|
|
curl --location $MOODLE_PLUGIN_TRESIPUNTVIDEO > tresipuntvideo.zip
|
|
unzip tresipuntvideo.zip -d /tmp/moodle/mod/
|
|
mv /tmp/moodle/mod/moodle_mod_tresipuntvideo-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntvideo
|
|
rm tresipuntvideo.zip
|
|
|
|
if [[ "$MOODLE_PLUGIN_TRESIPUNTAUDIO" == *"develop"* ]]; then
|
|
PLUGIN_BRANCH=develop
|
|
else
|
|
PLUGIN_BRANCH=master
|
|
fi
|
|
curl --location $MOODLE_PLUGIN_TRESIPUNTAUDIO > tresipuntaudio.zip
|
|
unzip tresipuntaudio.zip -d /tmp/moodle/mod/
|
|
mv /tmp/moodle/mod/moodle_mod_tresipuntaudio-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntaudio
|
|
rm tresipuntaudio.zip
|
|
|
|
if [[ "$MOODLE_PLUGIN_ASSIGNSUBMISSION" == *"develop"* ]]; then
|
|
PLUGIN_BRANCH=develop
|
|
else
|
|
PLUGIN_BRANCH=master
|
|
fi
|
|
curl --location $MOODLE_PLUGIN_ASSIGNSUBMISSION > assignsubmission_tipnc.zip
|
|
unzip assignsubmission_tipnc.zip -d /tmp/moodle/mod/assign/submission/
|
|
mv /tmp/moodle/mod/assign/submission/moodle_assignsubmission_tipnc-$PLUGIN_BRANCH /tmp/moodle/mod/assign/submission/tipnc
|
|
rm assignsubmission_tipnc.zip
|
|
|
|
curl --location $MOODLE_PLUGIN_TRESIPUNTMODSPEND > block_tresipuntmodspend.zip
|
|
unzip block_tresipuntmodspend.zip -d /tmp/moodle/blocks/
|
|
rm block_tresipuntmodspend.zip
|
|
|
|
if [[ "$MOODLE_THEME_CBE" == *"develop"* ]]; then
|
|
PLUGIN_BRANCH=develop
|
|
else
|
|
PLUGIN_BRANCH=master
|
|
fi
|
|
curl --location $MOODLE_THEME_CBE > tresipunt_theme_cbe.zip
|
|
unzip tresipunt_theme_cbe.zip -d /tmp/moodle/theme/cbe/
|
|
mv /tmp/moodle/theme/cbe/moodle_theme_cbe-$PLUGIN_BRANCH/* /tmp/moodle/theme/cbe/
|
|
rm tresipunt_theme_cbe.zip
|
|
|
|
#mkdir -p /tmp/moodle/local/tresipuntimportgc
|
|
#cp -R local_plugins/moodle/tresipuntimportgc/* /tmp/moodle/local/tresipuntimportgc/
|
|
|
|
cp -R /tmp/moodle/* $SRC_FOLDER/moodle/
|
|
rm -rf /tmp/moodle
|
|
docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php
|
|
}
|
|
|
|
upgrade_plugins_nextcloud(){
|
|
cp -R dd-apps/docker/nextcloud/src/* $SRC_FOLDER/nextcloud/
|
|
}
|
|
|
|
upgrade_plugins_wp(){
|
|
cp -R dd-apps/docker/wordpress/src/* $SRC_FOLDER/wordpress/
|
|
|
|
if [ ! -d $SRC_FOLDER/wordpress/wp-content/mu-plugins ]; then
|
|
git clone https://gitlab.com/muplugins-multiste1/muplugins-google-sites.git $SRC_FOLDER/wordpress/wp-content/mu-plugins
|
|
fi
|
|
if [ ! -d $SRC_FOLDER/wordpress/wp-content/mu-plugins/.git ]; then
|
|
echo "WARNING: $SRC_FOLDER/wordpress/wp-content/mu-plugins is not a git repository."
|
|
echo " This could be due to old installation. To bring all new mu-plugins code for WP"
|
|
echo " remove that folder and it will be cloned and mantained with git from now on."
|
|
else
|
|
sh -c "cd $SRC_FOLDER/wordpress/wp-content/mu-plugins; git pull"
|
|
fi
|
|
docker-compose run --user=root isard-apps-wordpress-cli /bin/bash -c 'chown -R 33:33 /var/www/html/wp-content/mu-plugins;'
|
|
}
|
|
|
|
update_logos_and_menu(){
|
|
cp custom/img/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/
|
|
cp custom/img/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png
|
|
cp custom/img/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png
|
|
# docker exec -ti isard-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'"
|
|
# docker exec -ti isard-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'"
|
|
# docker exec -ti isard-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'"
|
|
# docker exec -ti isard-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='reload'"
|
|
docker exec -ti --user root isard-sso-keycloak sh -c 'rm -rf /opt/jboss/keycloak/standalone/tmp/kc-gzip-cache/*'
|
|
docker-compose build isard-sso-api && docker-compose up -d isard-sso-api
|
|
configure_nextcloud_logo
|
|
}
|
|
|
|
configure_nextcloud_logo(){
|
|
local instance_id=$(docker exec -u www-data isard-apps-nextcloud-app php occ config:system:get instanceid)
|
|
local cachebuster=$(docker exec -u www-data isard-apps-nextcloud-app php occ config:app:get theming cachebuster)
|
|
docker exec -u www-data isard-apps-nextcloud-app mkdir -p /var/www/html/data/appdata_$instance_id/theming/images
|
|
docker cp custom/img/logo.png isard-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/logo
|
|
docker cp custom/img/background.png isard-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/background
|
|
docker exec isard-apps-nextcloud-app chown www-data:www-data /var/www/html/data/appdata_$instance_id/theming/images/{logo,background}
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set theming logoMime --value="image/png"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set theming backgroundMime --value="image/png"
|
|
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set theming cachebuster --value="$(expr $cachebuster + 1 )"
|
|
}
|
|
|
|
genpwd() {
|
|
if [ ! -f /usr/share/dict/words ]; then
|
|
prerequisites_pwd > /dev/null
|
|
fi
|
|
shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'"
|
|
}
|
|
|
|
securize() {
|
|
for dd_var in \
|
|
SMTP_PASSWORD \
|
|
ADMINAPP_PASSWORD \
|
|
DDADMIN_PASSWORD \
|
|
KEYCLOAK_PASSWORD \
|
|
KEYCLOAK_DB_PASSWORD \
|
|
POSTGRES_PASSWORD \
|
|
MARIADB_PASSWORD \
|
|
MOODLE_POSTGRES_PASSWORD \
|
|
MOODLE_ADMIN_PASSWORD \
|
|
NEXTCLOUD_POSTGRES_PASSWORD \
|
|
NEXTCLOUD_ADMIN_PASSWORD \
|
|
ETHERPAD_POSTGRES_PASSWORD \
|
|
ETHERPAD_ADMIN_PASSWORD \
|
|
WORDPRESS_MARIADB_PASSWORD \
|
|
WORDPRESS_ADMIN_PASSWORD \
|
|
IPA_ADMIN_PWD; do
|
|
setconf "${dd_var}" "$(genpwd)"
|
|
done
|
|
}
|
|
|
|
setconf() {
|
|
dd_var="$(echo "$1" | tr "[:lower:]" "[:upper:]")"
|
|
dd_val="$2"
|
|
dd_line="$(printf '%s="%s"' "${dd_var:?}" "${dd_val}")"
|
|
if grep -qE "^${dd_var:?}=" digitaldemocratic.conf; then
|
|
# Found uncommented, replace in-place
|
|
sed -i'' -E "s!^${dd_var:?}=.*\$!${dd_line}!" digitaldemocratic.conf
|
|
elif grep -qE "^#[[:space:]]*${dd_var:?}=" digitaldemocratic.conf; then
|
|
# Found commented, replace in-place
|
|
sed -i'' -E "s!^#[[:space:]]*${dd_var:?}=.*\$!${dd_line}!" digitaldemocratic.conf
|
|
else
|
|
# Not found, append
|
|
echo "${dd_line}" >> digitaldemocratic.conf
|
|
fi
|
|
}
|
|
|
|
# Argument handling
|
|
case "$OPERATION" in
|
|
build)
|
|
build
|
|
;;
|
|
build-devel)
|
|
build_compose_develop
|
|
;;
|
|
adminer)
|
|
extras_adminer
|
|
;;
|
|
all)
|
|
build
|
|
up
|
|
|
|
wait_for_moodle
|
|
upgrade_plugins_moodle
|
|
upgrade_plugins_nextcloud
|
|
upgrade_plugins_wp
|
|
|
|
setup_nextcloud
|
|
setup_wordpress
|
|
setup_moodle
|
|
|
|
setup_keycloak
|
|
saml_certificates
|
|
|
|
cat <<-EOF
|
|
|
|
#### After install ####
|
|
- SSO in moodle should be active. You can go to: https://moodle.$DOMAIN
|
|
If it fails, regenerate and lock certificate in moodle SAML2 connector as a local admin.
|
|
After that run ./dd-ctl saml
|
|
- SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN
|
|
- SSO in wordpress should be active. You should go to https://wp.$DOMAIN/wp-admin//plugins.php
|
|
|
|
#### Update customizations ####
|
|
- ./dd-ctl customize
|
|
EOF
|
|
;;
|
|
branding)
|
|
up
|
|
wait_for_moodle
|
|
update_logos_and_menu
|
|
;;
|
|
customize)
|
|
up
|
|
wait_for_moodle
|
|
setup_nextcloud
|
|
setup_wordpress
|
|
setup_moodle
|
|
;;
|
|
down)
|
|
down
|
|
;;
|
|
nextcloud-scan)
|
|
nextcloud_scan
|
|
;;
|
|
pgtuner)
|
|
extras_pgtuner
|
|
;;
|
|
prerequisites)
|
|
prerequisites_docker
|
|
prerequisites_pwd
|
|
;;
|
|
repo-update)
|
|
update_repo
|
|
;;
|
|
reset-data|reset-1714)
|
|
cat <<-EOF
|
|
# Following commands RESET ALL DATA except for certificates
|
|
# execute them only if you know what you are doing
|
|
# This *will* result in DATA LOSS
|
|
"$0" down
|
|
rm -rf /opt/digitaldemocratic/backup
|
|
rm -rf /opt/digitaldemocratic/data/*
|
|
rm -rf /opt/digitaldemocratic/db/*
|
|
rm -rf '$SRC_FOLDER/avatars'
|
|
rm -rf '$SRC_FOLDER/moodle'
|
|
rm -rf '$SRC_FOLDER/nextcloud'
|
|
rm -rf '$SRC_FOLDER/wordpress'
|
|
EOF
|
|
;;
|
|
restart-api)
|
|
up
|
|
wait_for_moodle
|
|
docker restart isard-sso-api
|
|
;;
|
|
saml)
|
|
up
|
|
wait_for_moodle
|
|
setup_keycloak
|
|
saml_certificates
|
|
;;
|
|
securize)
|
|
securize
|
|
;;
|
|
setconf)
|
|
setconf "$2" "$3"
|
|
;;
|
|
up)
|
|
up
|
|
;;
|
|
upgrade-plugins)
|
|
up
|
|
wait_for_moodle
|
|
upgrade_plugins_moodle
|
|
upgrade_plugins_nextcloud
|
|
upgrade_plugins_wp
|
|
;;
|
|
yml)
|
|
cp digitaldemocratic.conf .env
|
|
CUSTOM_PATH=$(pwd)
|
|
. ./.env
|
|
build_compose
|
|
;;
|
|
*)
|
|
printf "Unknown command '%s'\n\n" "$OPERATION" >&2
|
|
help >&2
|
|
exit 1
|
|
;;
|
|
esac
|