No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/README.md b/README.md
	index 91066d96..7bb1e6b0 100644
	--- a/README.md
	+++ b/README.md
	@@ -1,42 +1,42 @@
	## Quickstart Instructions to try it out

	* Make sure you have docker and docker-compose available.
	* Change to the base directory of this repository.
	-* Run 'HOSTNAME=kolab.local ADMIN_PASSWORD="simple123" bin/configure.sh config.prod' to configure this deployment.
	+* Run 'HOST=kolab.local ADMIN_PASSWORD="simple123" bin/configure.sh config.prod' to configure this deployment.
	* Run 'bin/deploy.sh' to start the deployment.
	* Run 'docker exec -w /src/kolabsrc/ kolab-webapp ./artisan user:password admin@kolab.local simple123' to set your admin password
	* Add an /etc/hosts entry "127.0.0.1 kolab.local"
	* navigate to https://kolab.local
	* login as "admin@kolab.local" with password "simple123" (or whatever you have set), and create your users.

	# Customization

	To customize the installation, copy config.prod and adjust to your liking. You can then install the configuration using 'bin/configure.sh $YOURCONFIG',
	and afterwards 'bin/deploy.sh' again.

	Please note that bin/deploy.sh will remove any existing data.

	# Use the ansible setup

	The ansible/ directory contains setup scripts to setup a fresh Fedora system with a kolab deployment.
	Modify the Makefile with the required variables and then execute `make setup`.

	This will configure the remote system and execute the above steps.

	### Update

	To update the containers without removing the data:

	* git pull
	* Run "bin/update.sh"

	### Backup / Restore

	The "bin/backup.sh" script will stop all containers, snapshot the volumes to the backup/ directory, and restart the containers.

	"bin/restore.sh" will stop all containers, restore the volumes from tarballs in the backup/ directory, and restart the containers.


	### Requirements
	* docker
	* openssl
	diff --git a/ansible/setup.yml b/ansible/setup.yml
	index ab15edcc..fd5c18fd 100755
	--- a/ansible/setup.yml
	+++ b/ansible/setup.yml
	@@ -1,122 +1,122 @@
	#!/usr/bin/ansible-playbook
	- name: Setup kolab deployment on fedora server
	hosts: "{{ hostname }}"
	remote_user: root
	tasks:
	- import_tasks: grub.yml

	- name: Set hostname
	ansible.builtin.hostname:
	name: "{{ hostname }}"

	- import_tasks: packages.yml

	- name: Put SELinux in permissive mode for docker
	selinux:
	policy: targeted
	state: permissive

	- name: Setup user kolab
	ansible.builtin.user:
	name: kolab
	shell: /bin/bash
	groups: wheel, audio, docker
	append: yes

	- name: sudo without password
	ansible.builtin.lineinfile:
	path: /etc/sudoers
	state: present
	regexp: '^%wheel\s'
	line: '%wheel ALL=(ALL) NOPASSWD: ALL'

	- name: Start service docker, if not started
	ansible.builtin.service:
	name: docker
	state: started

	- import_tasks: certbot.yml

	- name: get kolab git repo
	become: true
	become_user: kolab
	git:
	repo: https://git.kolab.org/source/kolab.git
	dest: /home/kolab/kolab
	version: "{{ git_branch }}"
	force: yes

	- name: Run bin/configure
	become: true
	become_user: kolab
	ansible.builtin.command: bin/configure.sh {{ config }}
	args:
	chdir: /home/kolab/kolab
	environment:
	- HOSTNAME: "{{ hostname }}"
	+ HOST: "{{ hostname }}"
	OPENEXCHANGERATES_API_KEY: "{{ openexchangerates_api_key }}"
	FIREBASE_API_KEY: "{{ firebase_api_key }}"
	PUBLIC_IP: "{{ public_ip }}"
	ADMIN_PASSWORD: "{{ admin_password }}"


	- name: Permit receiving mail
	firewalld:
	port: 25/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit http traffic
	firewalld:
	port: 80/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit https traffic
	firewalld:
	port: 443/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit TCP trafic for coturn
	firewalld:
	port: 3478/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit TCP trafic for coturn
	firewalld:
	port: 5349/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit UDP trafic for coturn
	firewalld:
	port: 3478/udp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit UDP trafic for coturn
	firewalld:
	port: 5349/udp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Always restart docker before deploy (because of potential network issues otherwise)
	ansible.builtin.service:
	name: docker
	state: restarted

	- name: Run bin/deploy
	become: true
	become_user: kolab
	ansible.builtin.command: bin/deploy.sh
	args:
	chdir: /home/kolab/kolab
	diff --git a/bin/configure.sh b/bin/configure.sh
	index b79adbd5..221337a2 100755
	--- a/bin/configure.sh
	+++ b/bin/configure.sh
	@@ -1,76 +1,76 @@
	#!/bin/bash

	# Uninstall the old config
	if [ -d config ]; then
	echo "Uninstalling the old config."
	find -L config/ -type f \| while read file; do
	file=$(echo $file \| sed -e 's\|^config\|\|g')
	file="./$file"

	rm -v $file
	done
	fi

	if [ "$1" == "" ]; then
	echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
	exit 1
	fi

	if [ ! -d $1 ]; then
	echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
	exit 1
	fi

	echo "Installing $1."
	# Link new config
	rm config
	ln -s $1 config

	# Install new config
	find -L config/ -type f \| while read file; do
	dir=$(dirname $file \| sed -e 's\|^config\|\|g')
	dir="./$dir"

	if [ ! -d $dir ]; then
	mkdir -p $dir
	fi

	cp -v $file $dir/
	done


	# Generate random secrets
	if ! grep -q "COTURN_STATIC_SECRET" .env; then
	COTURN_STATIC_SECRET=$(openssl rand -hex 32);
	echo "COTURN_STATIC_SECRET=${COTURN_STATIC_SECRET}" >> src/.env
	fi

	if ! grep -q "MEET_WEBHOOK_TOKEN" .env; then
	MEET_WEBHOOK_TOKEN=$(openssl rand -hex 32);
	echo "MEET_WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN}" >> src/.env
	fi

	if ! grep -q "MEET_SERVER_TOKEN" .env; then
	MEET_SERVER_TOKEN=$(openssl rand -hex 32);
	echo "MEET_SERVER_TOKEN=${MEET_SERVER_TOKEN}" >> src/.env
	fi

	# Customize configuration
	sed -i \
	- -e "s/{{ host }}/${HOSTNAME:-kolab.local}/g" \
	+ -e "s/{{ host }}/${HOST:-kolab.local}/g" \
	-e "s/{{ openexchangerates_api_key }}/${OPENEXCHANGERATES_API_KEY}/g" \
	-e "s/{{ firebase_api_key }}/${FIREBASE_API_KEY}/g" \
	-e "s/{{ public_ip }}/${PUBLIC_IP:-172.18.0.1}/g" \
	-e "s/{{ admin_password }}/${ADMIN_PASSWORD}/g" \
	src/.env

	-if [ -f /etc/letsencrypt/live/${HOSTNAME}/cert.pem ]; then
	- echo "Using the available letsencrypt certificate for ${HOSTNAME}"
	+if [ -f /etc/letsencrypt/live/${HOST}/cert.pem ]; then
	+ echo "Using the available letsencrypt certificate for ${HOST}"
	cat >> .env << EOF
	-KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOSTNAME}/cert.pem
	-KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
	-KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOSTNAME}/privkey.pem
	-PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
	-PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOSTNAME}/privkey.pem
	+KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOST}/cert.pem
	+KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/${HOST}/fullchain.pem
	+KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOST}/privkey.pem
	+PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOST}/fullchain.pem
	+PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOST}/privkey.pem
	EOF
	fi

File Metadata

Mime Type: text/x-diff
Expires: Fri, May 16, 2:13 PM (22 h, 54 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 178363
Default Alt Text: (7 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions