Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F262014
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
12 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/ansible/Makefile b/ansible/Makefile
index 1f5bdcae..a8b290af 100644
--- a/ansible/Makefile
+++ b/ansible/Makefile
@@ -1,11 +1,12 @@
OX_API_KEY=
FIREBASE_API_KEY=
HOSTNAME=
PUBLIC_IP=
-ADMIN_PASSWORD=
+ADMIN_PASSWORD=simple123
GIT_BRANCH=beta-release
+CONFIG=config.demo
setup:
touch ./hosts
echo "${HOSTNAME}" > ./hosts
- ansible-playbook -v --inventory=./hosts --extra-vars="hostname=${HOSTNAME} openexchangerates_api_key=${OX_API_KEY} firebase_api_key=${FIREBASE_API_KEY} public_ip=${PUBLIC_IP} admin_password=${ADMIN_PASSWORD} git_branch=${GIT_BRANCH}" setup.yml
+ ansible-playbook -v --inventory=./hosts --extra-vars="config=${CONFIG} hostname=${HOSTNAME} openexchangerates_api_key=${OX_API_KEY} firebase_api_key=${FIREBASE_API_KEY} public_ip=${PUBLIC_IP} admin_password=${ADMIN_PASSWORD} git_branch=${GIT_BRANCH}" setup.yml
diff --git a/ansible/setup.yml b/ansible/setup.yml
index 1dac567e..ab15edcc 100755
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@@ -1,122 +1,122 @@
#!/usr/bin/ansible-playbook
- name: Setup kolab deployment on fedora server
hosts: "{{ hostname }}"
remote_user: root
tasks:
- import_tasks: grub.yml
- name: Set hostname
ansible.builtin.hostname:
name: "{{ hostname }}"
- import_tasks: packages.yml
- name: Put SELinux in permissive mode for docker
selinux:
policy: targeted
state: permissive
- name: Setup user kolab
ansible.builtin.user:
name: kolab
shell: /bin/bash
groups: wheel, audio, docker
append: yes
- name: sudo without password
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel\s'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
- name: Start service docker, if not started
ansible.builtin.service:
name: docker
state: started
- import_tasks: certbot.yml
- name: get kolab git repo
become: true
become_user: kolab
git:
repo: https://git.kolab.org/source/kolab.git
dest: /home/kolab/kolab
version: "{{ git_branch }}"
force: yes
- name: Run bin/configure
become: true
become_user: kolab
- ansible.builtin.command: bin/configure.sh config.production
+ ansible.builtin.command: bin/configure.sh {{ config }}
args:
chdir: /home/kolab/kolab
environment:
HOSTNAME: "{{ hostname }}"
OPENEXCHANGERATES_API_KEY: "{{ openexchangerates_api_key }}"
FIREBASE_API_KEY: "{{ firebase_api_key }}"
PUBLIC_IP: "{{ public_ip }}"
ADMIN_PASSWORD: "{{ admin_password }}"
- name: Permit receiving mail
firewalld:
port: 25/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit http traffic
firewalld:
port: 80/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit https traffic
firewalld:
port: 443/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit TCP trafic for coturn
firewalld:
port: 3478/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit TCP trafic for coturn
firewalld:
port: 5349/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit UDP trafic for coturn
firewalld:
port: 3478/udp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit UDP trafic for coturn
firewalld:
port: 5349/udp
permanent: yes
state: enabled
zone: FedoraServer
- name: Always restart docker before deploy (because of potential network issues otherwise)
ansible.builtin.service:
name: docker
state: restarted
- name: Run bin/deploy
become: true
become_user: kolab
ansible.builtin.command: bin/deploy.sh
args:
chdir: /home/kolab/kolab
diff --git a/bin/configure.sh b/bin/configure.sh
index ac385384..b79adbd5 100755
--- a/bin/configure.sh
+++ b/bin/configure.sh
@@ -1,76 +1,76 @@
#!/bin/bash
# Uninstall the old config
if [ -d config ]; then
echo "Uninstalling the old config."
find -L config/ -type f | while read file; do
file=$(echo $file | sed -e 's|^config||g')
file="./$file"
rm -v $file
done
fi
if [ "$1" == "" ]; then
echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
exit 1
fi
if [ ! -d $1 ]; then
echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
exit 1
fi
echo "Installing $1."
# Link new config
rm config
ln -s $1 config
# Install new config
find -L config/ -type f | while read file; do
dir=$(dirname $file | sed -e 's|^config||g')
dir="./$dir"
if [ ! -d $dir ]; then
mkdir -p $dir
fi
cp -v $file $dir/
done
# Generate random secrets
if ! grep -q "COTURN_STATIC_SECRET" .env; then
COTURN_STATIC_SECRET=$(openssl rand -hex 32);
echo "COTURN_STATIC_SECRET=${COTURN_STATIC_SECRET}" >> src/.env
fi
if ! grep -q "MEET_WEBHOOK_TOKEN" .env; then
MEET_WEBHOOK_TOKEN=$(openssl rand -hex 32);
echo "MEET_WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN}" >> src/.env
fi
if ! grep -q "MEET_SERVER_TOKEN" .env; then
MEET_SERVER_TOKEN=$(openssl rand -hex 32);
echo "MEET_SERVER_TOKEN=${MEET_SERVER_TOKEN}" >> src/.env
fi
# Customize configuration
sed -i \
- -e "s/{{ host }}/${HOSTNAME}/g" \
+ -e "s/{{ host }}/${HOSTNAME:-kolab.local}/g" \
-e "s/{{ openexchangerates_api_key }}/${OPENEXCHANGERATES_API_KEY}/g" \
-e "s/{{ firebase_api_key }}/${FIREBASE_API_KEY}/g" \
- -e "s/{{ public_ip }}/${PUBLIC_IP}/g" \
+ -e "s/{{ public_ip }}/${PUBLIC_IP:-172.18.0.1}/g" \
-e "s/{{ admin_password }}/${ADMIN_PASSWORD}/g" \
src/.env
if [ -f /etc/letsencrypt/live/${HOSTNAME}/cert.pem ]; then
echo "Using the available letsencrypt certificate for ${HOSTNAME}"
cat >> .env << EOF
KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOSTNAME}/cert.pem
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOSTNAME}/privkey.pem
PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOSTNAME}/privkey.pem
EOF
fi
diff --git a/config.demo/src/.env b/config.demo/src/.env
index 91d4030c..21a2e108 100644
--- a/config.demo/src/.env
+++ b/config.demo/src/.env
@@ -1,206 +1,206 @@
APP_NAME=Kolab
APP_ENV=local
APP_KEY=
APP_DEBUG=true
-APP_URL=https://kolab.local
+APP_URL=https://{{ host }}
APP_PASSPHRASE=simple123
-APP_PUBLIC_URL=https://kolab.local
-APP_DOMAIN=kolab.local
-APP_WEBSITE_DOMAIN=kolab.local
+APP_PUBLIC_URL=https://{{ host }}
+APP_DOMAIN={{ host }}
+APP_WEBSITE_DOMAIN={{ host }}
APP_THEME=default
APP_TENANT_ID=5
APP_LOCALE=en
APP_LOCALES=
APP_WITH_ADMIN=1
APP_WITH_RESELLER=1
APP_WITH_SERVICES=1
APP_WITH_FILES=1
APP_LDAP=1
APP_IMAP=0
APP_HEADER_CSP="connect-src 'self'; child-src 'self'; font-src 'self'; form-action 'self' data:; frame-ancestors 'self'; img-src blob: data: 'self' *; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'self';"
APP_HEADER_XFO=sameorigin
SIGNUP_LIMIT_EMAIL=0
SIGNUP_LIMIT_IP=0
-ASSET_URL=https://kolab.local
+ASSET_URL=https://{{ host }}
WEBMAIL_URL=/roundcubemail/
SUPPORT_URL=/support
SUPPORT_EMAIL=
LOG_CHANNEL=stack
LOG_SLOW_REQUESTS=5
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_DATABASE=kolabdev
DB_HOST=mariadb
DB_PASSWORD=kolab
DB_PORT=3306
DB_USERNAME=kolabdev
BROADCAST_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=file
SESSION_LIFETIME=120
OPENEXCHANGERATES_API_KEY="from openexchangerates.org"
MFA_DSN=mysql://roundcube:kolab@mariadb/roundcube
MFA_TOTP_DIGITS=6
MFA_TOTP_INTERVAL=30
MFA_TOTP_DIGEST=sha1
IMAP_URI=ssl://kolab:11993
IMAP_HOST=172.18.0.5
IMAP_ADMIN_LOGIN=cyrus-admin
IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
IMAP_VERIFY_HOST=false
IMAP_VERIFY_PEER=false
LDAP_BASE_DN="dc=mgmt,dc=com"
LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com"
LDAP_HOSTS=kolab
LDAP_PORT=389
LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_SERVICE_BIND_PW="Welcome2KolabSystems"
LDAP_USE_SSL=false
LDAP_USE_TLS=false
# Administrative
LDAP_ADMIN_BIND_DN="cn=Directory Manager"
LDAP_ADMIN_BIND_PW="Welcome2KolabSystems"
LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com"
# Hosted (public registration)
LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_HOSTED_BIND_PW="Welcome2KolabSystems"
LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com"
-COTURN_PUBLIC_IP='172.18.0.1'
+COTURN_PUBLIC_IP='{{ public_ip }}'
COTURN_STATIC_SECRET="Welcome2KolabSystems"
MEET_WEBHOOK_TOKEN=Welcome2KolabSystems
MEET_SERVER_TOKEN=Welcome2KolabSystems
-MEET_SERVER_URLS=https://kolab.local/meetmedia/api/
+MEET_SERVER_URLS=https://{{ host }}/meetmedia/api/
MEET_SERVER_VERIFY_TLS=false
MEET_WEBRTC_LISTEN_IP='172.18.0.1'
-MEET_PUBLIC_DOMAIN=kolab.local
+MEET_PUBLIC_DOMAIN={{ host }}
MEET_TURN_SERVER='turn:172.18.0.1:3478'
MEET_LISTENING_HOST=172.18.0.1
PGP_ENABLE=true
PGP_BINARY=/usr/bin/gpg
PGP_AGENT=/usr/bin/gpg-agent
PGP_GPGCONF=/usr/bin/gpgconf
PGP_LENGTH=
# Set these to IP addresses you serve WOAT with.
# Have the domain owner point _woat.<hosted-domain> NS RRs refer to ns0{1,2}.<provider-domain>
WOAT_NS1=ns01.domain.tld
WOAT_NS2=ns02.domain.tld
REDIS_HOST=redis
REDIS_PASSWORD=null
REDIS_PORT=6379
OCTANE_HTTP_HOST=0.0.0.0
SWOOLE_PACKAGE_MAX_LENGTH=10485760
PAYMENT_PROVIDER=
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
STRIPE_WEBHOOK_SECRET=
MAIL_DRIVER=log
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="noreply@example.com"
MAIL_FROM_NAME="Example.com"
MAIL_REPLYTO_ADDRESS="replyto@example.com"
MAIL_REPLYTO_NAME=null
DNS_TTL=3600
DNS_SPF="v=spf1 mx -all"
DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com."
DNS_COPY_FROM=null
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_ASSET_PATH='/'
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
# Generate with ./artisan passport:client --password
#PASSPORT_PROXY_OAUTH_CLIENT_ID=
#PASSPORT_PROXY_OAUTH_CLIENT_SECRET=
PASSPORT_PRIVATE_KEY=
PASSPORT_PUBLIC_KEY=
PASSWORD_POLICY=
COMPANY_NAME=
COMPANY_ADDRESS=
COMPANY_DETAILS=
COMPANY_EMAIL=
COMPANY_LOGO=
COMPANY_FOOTER=
VAT_COUNTRIES=CH,LI
VAT_RATE=7.7
KB_ACCOUNT_DELETE=
KB_ACCOUNT_SUSPENDED=
KB_PAYMENT_SYSTEM=
KOLAB_SSL_CERTIFICATE=/etc/pki/tls/certs/kolab.hosted.com.cert
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/pki/tls/certs/kolab.hosted.com.chain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/kolab.hosted.com.key
PROXY_SSL_CERTIFICATE=/etc/certs/imap.hosted.com.cert
PROXY_SSL_CERTIFICATE_KEY=/etc/certs/imap.hosted.com.key
APP_KEY=base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E=
COTURN_STATIC_SECRET=uzYguvIl9tpZFMuQOE78DpOi6Jc7VFSD0UAnvgMsg5n4e74MgIf6vQvbc6LWzZjz
MOLLIE_KEY="from mollie"
STRIPE_KEY="from stripe"
STRIPE_PUBLIC_KEY="from stripe"
STRIPE_WEBHOOK_SECRET="from stripe"
OX_API_KEY="from openexchange"
FIREBASE_API_KEY="from firebase"
#Generated by php artisan passport:client --password, but can be left hardcoded (the seeder will pick it up)
PASSPORT_PROXY_OAUTH_CLIENT_ID=942edef5-3dbd-4a14-8e3e-d5d59b727bee
PASSPORT_PROXY_OAUTH_CLIENT_SECRET=L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf
#Generated by php artisan passport:client --password, but can be left hardcoded (the seeder will pick it up)
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_ID=9566e018-f05d-425c-9915-420cdb9258bb
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_SECRET=XjgV6SU9shO0QFKaU6pQPRC5rJpyRezDJTSoGLgz
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Jun 27, 11:36 PM (4 h, 35 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
201407
Default Alt Text
(12 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment