def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'virtual-subnet=', 'domain='])
except getopt.GetoptError as e:
usage(e)
profile = ""
virtual_subnet = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--profile':
profile = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--domain':
domain = val
dialog = Dialog("TurnKey Linux - First boot configuration")
if not profile:
profile = dialog.menu(
"Wireguard Profile",
"Choose a profile for this server.\n\n* Server: clients will route traffic through the VPN.",
[('server', 'Accccept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')])
if not profile in ('server', 'client'):
fatal(f'invalid profile: {profile!r}')
if profile == 'client':
return
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"Wireguard Virtual Address",
"Enter IP address in CIDR of server reachable by clients",
"10.0.0.0/8")
if not domain:
domain = dialog.get_input(
"Wireguard Public Address",
"Used in client configuration as wireguard endpoint",
"www.example.com")
cmd = os.path.join(os.path.dirname(os.path.abspath(__file__)),
'wireguard-server-init.sh')
subprocess.run([cmd, virtual_subnet, domain])
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
password = ""
email = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Foswiki Password",
"Enter new password for the Foswiki 'admin' account.")
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Foswiki Email",
"Enter email address for the Foswiki 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
domain = d.get_input("Foswiki Domain",
"Enter the domain to serve Foswiki.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
if not (domain.startswith('http://') or domain.startswith('https://')):
domain = 'https://' + domain
check_output([
'perl', '-CA', '/var/www/foswiki/tools/configure', '-save', '-set',
'{Password}=%s' % password, '-set',
'{WebMasterEmail}=%s' % email, '-set',
'{DefaultUrlHost}=%s' % domain
])
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
email = ""
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"PHPlist Password",
"Enter new password for the PHPlist 'admin' account.")
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"PHPlist Email",
"Enter email address for the PHPlist 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"PHPlist Domain",
"Enter the domain to serve PHPlist.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
m = MySQL()
m.execute('UPDATE phplist.admin SET password=%s WHERE loginname=\"admin\";', (password,))
m.execute('UPDATE phplist.admin SET email=%s WHERE loginname=\"admin\";', (email,))
m.execute('UPDATE phplist.config SET value=%s WHERE item=\"website\";', (domain,))
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'domain='])
except getopt.GetoptError as e:
usage(e)
password = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey GNU/Linux - First boot configuration')
password = d.get_password(
"Nextcloud Password",
"Enter new password for the Nextcloud 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey GNU/Linux - First boot configuration')
domain = d.get_input("Nextcloud Domain",
"Enter the domain to serve Nextcloud.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
sedcom = """
/0 => 'localhost',/ a\
1 => '%s',
"""
conf = '/var/www/nextcloud/config/config.php'
call(['sed', '-i', "/1 => /d", conf])
call(['sed', '-i', sedcom % domain, conf])
call([
'/usr/local/bin/turnkey-occ', 'user:resetpassword',
'--password-from-env', 'admin'
],
cwd='/var/www/nextcloud',
env={"OC_PASS": password})
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'domain='])
except getopt.GetoptError as e:
usage(e)
password = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"SuiteCRM Password",
"Enter new password for the SuiteCRM 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"SuiteCRM Domain",
"Enter the domain to serve SuiteCRM.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
with open('/var/www/suitecrm/config.php', 'r') as fob:
filedata = fob.read()
filedata = filedata.replace('http://127.0.0.1', domain)
with open('/var/www/suitecrm/config.php', 'w') as fob:
fob.write(filedata)
hash_pass = hashlib.md5(password.encode('utf8')).hexdigest()
m = MySQL()
m.execute('UPDATE suitecrm.users SET user_hash=%s WHERE user_name=\"admin\";', (hash_pass,))
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'domain='])
except getopt.GetoptError as e:
usage(e)
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"OpenLDAP Password",
"Enter new password for the OpenLDAP 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("OpenLDAP Domain", "Enter the OpenLDAP domain.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
script = os.path.join(os.path.dirname(__file__), 'openldap-reinit.sh')
subprocess.check_output([script, domain, password])
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email("Piwik Email",
"Enter email address for Piwik 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("Piwik Domain",
"Enter the domain to serve Piwik.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
domain = domain.strip("/")
if not domain.startswith("http://"):
domain = "http://%s/" % domain
m = MySQL()
m.execute(
'UPDATE piwik.piwik_option SET option_value=\"%s\" WHERE option_name=\"piwikUrl\";'
% domain)
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
email = ""
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
elif opt == '--schema':
schema = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"GitLab Password",
"Enter new password for the GitLab 'root' account.",
pass_req=8)
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"GitLab Email",
"Enter email address for the GitLab 'root' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("GitLab Domain",
"Enter the domain to serve GitLab.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
print("Reconfiguring GitLab. This might take a while. Please wait.")
config = "/etc/gitlab/gitlab.rb"
domain = "http://%s" % domain
subprocess.run(
["sed", "-i",
"/^external_url/ s|'.*|'%s'|" % domain, config])
subprocess.run([
"sed", "-i",
"/^gitlab_rails\['gitlab_email_from'\]/ s|=.*|= '%s'|" % email, config
])
subprocess.run(["gitlab-ctl", "reconfigure"])
print(
"Setting GitLab 'root' user password and email in database. This might take a while too. Please wait (again)."
)
tmp_dir = '/run/user/0'
tmp_file = '.gitlab-init.rb'
if not os.path.exists(tmp_dir):
os.makedirs(tmp_dir)
tmp_path = '/'.join([tmp_dir, tmp_file])
# include token resetting here now (just before 'exit'); should fix #1315/#1342 for good!
tmp_contents = """
ActiveRecord::Base.logger.level = 1
u = User.where(id: 1).first
u.password = u.password_confirmation = '{}'
u.email = '{}'
u.skip_reconfirmation!
u.save!
ApplicationSetting.current.reset_runners_registration_token!
exit
"""
flags = os.O_WRONLY | os.O_CREAT
with os.fdopen(os.open(tmp_path, flags, 0o600), 'w') as fob:
fob.write(tmp_contents.format(password, email))
uid = pwd.getpwnam('git').pw_uid
os.chown(tmp_path, uid, 0)
try:
subprocess.run(
["gitlab-rails", "runner", "-e", "production", tmp_path])
print("Done.")
finally:
os.remove(tmp_path)
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"SimpleMachines Email",
"Enter email address for the SMF 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"SimpleMachines Domain",
"Enter the domain to serve SimpleMachines.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
hash = hashlib.sha1('admin' + password).hexdigest()
m = MySQL()
m.execute('UPDATE simplemachines.members SET passwd=\"%s\" WHERE member_name=\"admin\";' % hash)
m.execute('UPDATE simplemachines.members SET email_address=\"%s\" WHERE member_name=\"admin\";' % email)
m.execute('UPDATE simplemachines.settings SET value=\"http://%s/Smileys\" WHERE variable=\"smileys_url\";' % domain)
m.execute('UPDATE simplemachines.settings SET value=\"http://%s/avatars\" WHERE variable=\"avatar_url\";' % domain)
m.execute('UPDATE simplemachines.themes SET value=\"http://%s/Themes/default\" WHERE variable=\"theme_url\" AND id_theme=1;' % domain)
username = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--user ':
username = val
if not username:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
username = d.get_input(
"ownCloud Admin Username",
"Enter the username for the ownCloud Admin user).",
DEFAULT_USER)
if username == "DEFAULT":
username = DEFAULT_USER
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"ownCloud Password",
"Enter new password for the ownCloud Admin account")
hashpass = md5(password).hexdigest()
m = MySQL()
m.execute('UPDATE owncloud.oc_users SET uid=\"%s\" WHERE id=\"1\";' % username)
m.execute('UPDATE owncloud.oc_users SET password=\"%s\" WHERE id=\"1\";' % hashpass)
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"ownCloud Password",
"Enter new password for the ownCloud 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("OwnCloud Domain",
"Enter the domain to serve OwnCloud.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
# make sure MySQL is running when we call the OCServer hasher in owncloud_pass.php
m = MySQL()
command = ["php", join(dirname(__file__), 'owncloud_pass.php'), password]
p = Popen(command, stdin=PIPE, stdout=PIPE)
stdout, stderr = p.communicate()
if stderr:
fatal(stderr)
cryptpass = stdout.strip()
usage(e)
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--domain':
domain = val
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"EspoCRM URL",
"Example: www.mydomain.com or mydomain.com",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
conf = "/var/www/espocrm/data/config.php"
system("sed -i \"s|siteUrl.*|siteUrl' => 'http://%s',|\" %s" % (domain, conf))
if __name__ == "__main__":
main()
if not password:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"PrestaShop Password",
"Enter new password for the PrestaShop '%s' account." % email,
pass_req=8)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"PrestaShop Domain",
"Enter the domain to serve Prestashop.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
for line in file('/var/www/prestashop/config/settings.inc.php').readlines():
m = re.match("define\('_COOKIE_KEY_', '(.*)'", line.strip())
if m:
cookie_key = m.group(1)
hashpass = hashlib.md5(cookie_key + password).hexdigest()
m = MySQL()
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Canvas Email",
"Enter email address for the Canvas 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Canvas Domain",
"Enter the domain to serve Canvas.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
salt = "".join(random.choice(string.letters) for line in range(20))
hash = password + salt
for i in range(20):
hash = hashlib.sha512(hash).hexdigest()
access_token = "".join(random.choice(string.letters) for line in range(20))
m = MySQL()
m.execute('UPDATE canvas_production.users SET name=\"%s\", sortable_name=\"%s\" WHERE id=1;' % (email, email))
m.execute('UPDATE canvas_production.pseudonyms SET unique_id=\"%s\", crypted_password=\"%s\", password_salt=\"%s\", single_access_token=\"%s\" WHERE user_id=1;' % (email, hash, salt, access_token))
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"ZenCart Email",
"Enter email address for the ZenCart 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"ZenCart Domain",
"Enter the domain to serve ZenCart.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
salt = "".join(random.choice(string.letters) for line in range(2))
hashpass = "******".join([hashlib.md5(salt + password).hexdigest(), salt])
m = MySQL()
m.execute('UPDATE zencart.admin SET admin_pass=\"%s\" WHERE admin_name=\"admin\";' % hashpass)
m.execute('UPDATE zencart.admin SET admin_email=\"%s\" WHERE admin_name=\"admin\";' % email)
# perform tweaks so user isn't asked to reset password
now = datetime.now()
date = now.strftime("%Y-%m-%d %H:%M:%S")
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Django Email",
"Enter email address for the Django 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Django Domain",
"Enter the domain to serve Django.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
m = MySQL()
m.execute('UPDATE django.auth_user SET email=\"%s\" WHERE username=\"admin\";' % email)
os.system("echo \"from django.contrib.auth.models import User; user = User.objects.get(username='******'); user.set_password('"+ password + "');user.save()\" | /var/www/turnkey_project/manage.py shell")
with open('/var/lib/django/allowed_hosts', 'w') as fob:
fob.write("*" + '\n')
fob.write(domain + '\n')
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"GNU social Email",
"Please enter email address for the GNU Social 'administrator' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"GNU social Domain",
"Enter the domain to serve GNU social",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
hashpass = hashlib.md5(password + '1').hexdigest() # userid
m = MySQL()
m.execute('UPDATE gnusocial.user SET email=\"%s\" WHERE nickname=\"administrator\";' % email)
m.execute('UPDATE gnusocial.user SET password=\"%s\" WHERE nickname=\"administrator\";' % hashpass)
m.execute('UPDATE gnusocial.user SET uri=\"http://%s/user/1\" WHERE nickname=\"administrator\";' % domain)
new = []
admin_password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
admin_password = val
elif opt == '--realm':
realm = val
DEFAULT_DOMAIN = realm.split('.')[0].upper()
elif opt == '--domain':
domain = val
if not realm:
d = Dialog('Turnkey Linux - First boot configuration')
realm = d.get_input(
"Samba/Kerberos Realm",
"Enter realm you would like to use.",
DEFAULT_REALM)
DEFAULT_DOMAIN = realm.split('.')[0].upper()
if not domain:
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Samba Domain",
"Enter domain you would like to use.",
DEFAULT_DOMAIN)
if not admin_password:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
admin_password = d.get_password(
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Zurmo Password",
"Enter new password for the Zurmo 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Zurmo Domain",
"Enter the domain to serve Zurmo.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
hash = hashlib.md5(password).hexdigest()
m = MySQL()
m.execute('UPDATE zurmo._user SET hash=\"%s\" WHERE username=\"admin\";' % hash)
conf = "/var/www/zurmo/app/protected/config/perInstance.php"
system("sed -i \"s|hostInfo.*|hostInfo'] = 'http://%s';|\" %s" % (domain, conf))
if __name__ == "__main__":
main()
if not email:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
email = d.get_email(
"Ghost Email",
"Please enter email address for the Ghost blogger account.",
"*****@*****.**")
if not uname:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
uname = d.get_input(
"Ghost Account Name",
"Enter the Ghost blogger's name (real name recommended).",
DEFAULT_UNAME)
if uname == "DEFAULT":
uname = DEFAULT_UNAME
if not domain:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
domain = d.get_input(
"Ghost Domain",
"Enter the domain to serve Ghost, include http(s) protocol, defaults to https.",
"https://www.example.com")
if not domain.startswith('https://') and not domain.startswith('http://'):
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"eZPublish Email",
"Enter email address for the eZPublish 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"eZPublish Domain",
"Enter the domain to serve eZPublish.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
def sed(var, val, conf):
system("sed -i \"s|%s.*|%s%s|\" %s" % (var, var, val, conf))
# tweak configuration files
conf = "/var/www/ezpublish/settings/siteaccess/eng/site.ini.append.php"
sed("SiteURL=", "%s/index.php/eng" % domain, conf)
sed("ActionURL=", "http://%s/index.php/site_admin/user/login" % domain, conf)
sed("AdminEmail=", email, conf)
conf = "/var/www/ezpublish/settings/siteaccess/site/site.ini.append.php"
def main():
HOSTNAME = subprocess.run(['hostname', '-s'],
encoding='utf-8',
stdout=PIPE).stdout.strip()
NET_IP = subprocess.run(['hostname', '-I'], encoding='utf-8',
stdout=PIPE).stdout.strip()
# disabled for now, will reimplment at some point...
# NET_IP321 = NET_IP.split('.')[:-1]
# NET_IP321.reverse()
# NET_IP321 = '.'.join(NET_IP321)
# NET_IP4 = NET_IP.split('.')[-1]
DEFAULT_HOSTNAME = "dc1"
DEFAULT_REALM = "DOMAIN.LAN"
DEFAULT_DOMAIN = "DOMAIN"
DEFAULT_NS = ""
DEFAULT_NEW_HOSTNAME = "dc2"
try:
opts, args = getopt.gnu_getopt(
sys.argv[1:], "h",
['help', 'pass='******'domain=', 'realm=', 'join_ns=', 'hostname='])
except getopt.GetoptError as e:
usage(e)
interactive = False
domain = ""
realm = ""
admin_password = ""
join_nameserver = ""
hostname = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
admin_password = val
elif opt == '--realm':
realm = val
elif opt == '--domain':
domain = val
elif opt == '--join_ns':
join_nameserver = val
DEFAULT_NS = join_nameserver
elif opt == '--hostname':
hostname = val
if ((not (realm and domain and admin_password))
or (join_nameserver and not valid_ip(join_nameserver) or
(join_nameserver and not hostname)) or TURNKEY_INIT):
interactive = True
if join_nameserver:
create = True
elif realm and domain and admin_password and join_nameserver and hostname:
join_nameserver = valid_ip(join_nameserver)
update_resolvconf(realm.lower(), join_nameserver, interactive)
hostname = validate_hostname(hostname, realm, interactive,
DEFAULT_HOSTNAME)
if join_nameserver and hostname[0]: # both valid
create = False
elif join_nameserver: # invalid hostname
restore_resolvconf()
interactive = True
hostname = ""
elif hostname[0]: # invalid nameserver IPv4
interactive = True
else: # both invalid
restore_resolvconf()
interactive = True
hostname = ""
join_nameserver = ""
elif realm and domain and admin_password and not join_nameserver:
create = True
while True:
if TURNKEY_INIT:
d = Dialog('Turnkey Linux - First boot configuration')
do_it = d.yesno(
"Reconfigure Samba?",
"Existing Samba config will be removed.\n\n"
"Cancelling will leave existing config in place.\n"
"\nContinue?", "Reconfigure", "Cancel")
if not do_it:
sys.exit(0)
if interactive and not join_nameserver:
d = Dialog('Turnkey Linux - First boot configuration')
create = d.yesno(
"Create new AD or join existing?",
"You can create new Active Directory or join existing one."
"\n\nNote that joining a non-TurnKey existing AD domain not is"
" experimental and may fail. If so, please manually configure"
" using the 'samba-tool' commandline tool.", "Create", "Join")
if create:
create = True
else:
create = False
if not realm:
while True:
d = Dialog('Turnkey Linux - First boot configuration')
realm = d.get_input(
"Samba Kerberos Realm / AD DNS zone",
"Kerberos Realm should be 2 or more groups of 63 or less"
" ASCII characters, separated by dot(s). Kerberos realm"
" will be stored as uppercase; DNS zone as"
" lowercase\n\n"
"Enter the Realm / DNS zone you would like to use.",
DEFAULT_REALM)
realm = validate_realm(realm, interactive)
if realm[0]:
break
else:
d.error(realm[1])
continue
else:
realm = validate_realm(realm, interactive)
if not domain:
while True:
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Samba NetBIOS Domain (aka workgroup)",
"The NetBIOS domain (aka workgroup) should be 15 or less"
" ASCII characters.\n\n"
"Enter NetBIOS domain (aka 'WORKGROUP') to use.",
DEFAULT_DOMAIN)
domain = validate_netbios(domain, interactive)
if domain[0]:
break
else:
d.error(domain[1])
continue
else:
domain = validate_netbios(domain, interactive)
if not admin_password:
d = Dialog('TurnKey Linux - First boot configuration')
server_status = 'new' if create else 'existing'
admin_password = d.get_password(
"Samba Password",
"Enter password for the {} samba Domain 'Administrator'"
" account.".format(server_status),
pass_req=8,
min_complexity=3,
blacklist=['(', ')'])
if interactive and not create:
d = Dialog('Turnkey Linux - First boot configuration')
if not join_nameserver:
while True:
join_nameserver = d.get_input(
"Add nameserver",
"Set DNS server IPv4 for existing AD domain DNS"
" server", DEFAULT_NS)
if not valid_ip(join_nameserver):
d.error("IP: '{}' not valid.".format(join_nameserver))
join_nameserver = ""
continue
else:
break
update_resolvconf(realm.lower(), join_nameserver, interactive)
if not hostname:
while True:
hostname = d.get_input(
"Set new hostname",
"Set new unique hostname for this domain-controller.",
DEFAULT_NEW_HOSTNAME)
hostname = validate_hostname(hostname, realm.lower(),
interactive, DEFAULT_HOSTNAME)
if not hostname[0]:
d.error(hostname[1])
continue
else:
set_hostname(hostname)
break
# Stop any Samba services
services = ['samba', 'samba-ad-dc', 'smbd', 'nmbd']
for service in services:
subprocess.run(['systemctl', 'stop', service], stderr=PIPE)
# Remove Samba & Kerberos conf
rm_f('/etc/samba/smb.conf')
rm_f('/etc/krb5.conf')
# Remove Samba DBs
dirs = [
'/var/run/samba', '/var/lib/samba', '/var/cache/samba',
'/var/lib/samba/private'
]
for _dir in dirs:
for _db_file in ['*.tdb', '*.ldb']:
rm_glob('/'.join([_dir, _db_file]))
set_expiry = [
'samba-tool', 'user', 'setexpiry', ADMIN_USER, '--noexpiry'
]
export_krb = [
'samba-tool', 'domain', 'exportkeytab', '/etc/krb5.keytab'
]
krb_pass = None
if create:
ip = NET_IP # will add to hosts file
samba_domain = [
'samba-tool', 'domain', 'provision', '--server-role=dc',
'--use-rfc2307', '--dns-backend=SAMBA_INTERNAL',
'--realm={}'.format(realm), '--domain={}'.format(domain),
'--adminpass={}'.format(admin_password),
'--option=dns forwarder=8.8.8.8',
'--option=interfaces=127.0.0.1 {}'.format(NET_IP)
]
commands = [samba_domain, set_expiry, export_krb]
nameserver = '127.0.0.1'
hostname = HOSTNAME
else: # join
with open('/etc/krb5.conf', 'w') as fob:
fob.write('[libdefaults]\n')
fob.write(' dns_lookup_realm = false\n')
fob.write(' dns_lookup_kdc = true\n')
fob.write(' default_realm = {}'.format(realm))
ip = None # will update 127.0.1.1 hosts entry only
config_krb = ['kinit', 'administrator']
krb_pass = admin_password
samba_domain = [
'samba-tool', 'domain', 'join',
realm.lower(), 'DC', "--option='idmap_ldb:use rfc2307 = yes'"
]
commands = [config_krb, samba_domain, export_krb]
nameserver = join_nameserver
finalize = False
update_resolvconf(realm.lower(), nameserver, interactive)
print('hostname', hostname, 'realm', realm)
update_hosts('127.0.1.1', hostname, realm)
if ip:
update_hosts(ip, hostname, realm)
for samba_command in commands:
print('Running command: {}'.format(' '.join(samba_command)))
if krb_pass:
samba_run_code, samba_run_out = run_command(samba_command,
stdin=krb_pass)
krb_pass = None
else:
samba_run_code, samba_run_out = run_command(samba_command)
if samba_run_code != 0:
os.makedirs(os.path.dirname(COMMAND_LOG), exist_ok=True)
with open(COMMAND_LOG, 'a') as fob:
fob.write("Command: {}\n\n".format(
" ".join(samba_command)))
fob.write("\n")
fob.write("{}\n".format(samba_run_out))
if interactive:
d = Dialog('Turnkey Linux - First boot configuration')
# handle incorrect details
lines_to_print = []
end = False
for line in samba_run_out.split('\n'):
if line.startswith('Failed to bind'):
lines_to_print.append("-".join(
line.split("-", 2)[:2]))
elif line.startswith('Failed to connect'):
lines_to_print.append(line.split("-", 1)[:1][0])
elif line.startswith('ERROR'):
lines_to_print.append("-".join(
line.split("-", 2)[:2]))
end = True
else:
if not end:
lines_to_print.append(line)
continue
lines_to_print.append('')
lines_to_print.append(
"See {} for full output".format(COMMAND_LOG))
retry = d.error("{}\n\n".format('\n'.join(lines_to_print)))
finalize = False
DEFAULT_REALM = realm
realm = ""
DEFAULT_DOMAIN = domain
domain = ""
admin_password = ""
DEFAULT_NS = join_nameserver
join_nameserver = ""
break
else:
fatal("Errors in processing domain-controller inithook"
" data:\n{}".format(samba_run_out))
else:
finalize = True
if finalize:
os.chown('/etc/krb5.keytab', 0, 0)
os.chmod('/etc/krb5.keytab', 0o600)
shutil.copy2('/var/lib/samba/private/krb5.conf', '/etc/krb5.conf')
subprocess.run(['systemctl', 'start', 'samba-ad-dc'])
while subprocess.run([
'systemctl', 'is-active', '--quiet', 'samba-ad-dc'
]).returncode != 0:
time.sleep(1)
subprocess.check_output(['kinit', ADMIN_USER],
encoding='utf-8',
input=admin_password)
msg = "\nPlease ensure that you have set a static IP. If you" \
" haven't already, please ensure that you do that ASAP," \
" and update IP addresses in DNS and hosts file (please" \
" see docs for more info).\n"
if create:
msg = msg + \
"\nWhen adding clients, you'll need this info:\n" \
" nameserver: {}\n" \
" * - set client to use this nameserver first!\n" \
" AD DNS domain: {}\n" \
" AD admin account name: {}\n" \
" AD admin user password: (what you set)\n" \
"".format(nameserver, realm.lower(), ADMIN_USER)
if interactive:
d = Dialog('Turnkey Linux - First boot configuration')
d.infobox(msg)
else:
print(msg)
cleanup()
break
else:
restore_resolvconf()
restore_hosts()
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Magento Email",
"Enter email address for the Magento 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Magento Domain",
"Enter the domain to serve Magento.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
hashpass = hashlib.md5("qX" + password).hexdigest() + ":qX"
m = MySQL()
m.execute('UPDATE magento.admin_user SET email=\"%s\" WHERE username=\"admin\";' % email)
m.execute('UPDATE magento.admin_user SET password=\"%s\" WHERE username=\"admin\";' % hashpass)
m.execute('UPDATE magento.core_config_data SET value=\"http://%s/\" WHERE path=\"web/unsecure/base_url\";' % (domain))
m.execute('UPDATE magento.core_config_data SET value=\"https://%s/\" WHERE path=\"web/secure/base_url\";' % (domain))
# delete cache so it will be rebuilt for new domain
shutil.rmtree("/var/www/magento/var/cache", ignore_errors=True)
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"OpenLDAP Password",
"Enter new password for the OpenLDAP 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"OpenLDAP Domain",
"Enter the OpenLDAP domain.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
script = os.path.join(os.path.dirname(__file__), 'openldap-reinit.sh')
system(script, domain, password)
if __name__ == "__main__":
main()
usage(e)
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not domain:
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Samba Domain",
"Enter domain you would like to use.",
DEFAULT_DOMAIN)
if not password:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Samba Password",
"Enter new password for the samba 'administrator' account.")
system("/etc/init.d/samba stop >/dev/null || true")
# set domain
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Mattermost Administrator's Email",
"Enter email address for Mattermost 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Mattermost domain",
"Enter domain to serve Mattermost",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
if not domain.startswith('https://') and not domain.startswith('http://'):
domain = 'https://'+domain
system('sed -i "/SiteURL/ s|\\":.*|\\": \\\"%s\\\",|" /opt/mattermost/config/config.json' % domain)
salt = bcrypt.gensalt()
hashpass = bcrypt.hashpw(password, salt)
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Elgg Email",
"Enter email address for the Elgg 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Elgg Domain",
"Enter the domain to serve Elgg.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
domain = domain.strip("/")
if not domain.startswith("http://"):
domain = "http://%s/" % domain
salt = "".join(random.choice(string.letters) for line in range(8))
hashpass = hashlib.md5(password + salt).hexdigest()
m = MySQL()
m.execute('UPDATE elgg.elgg_users_entity SET salt=\"%s\" WHERE username=\"admin\";' % salt)
m.execute('UPDATE elgg.elgg_users_entity SET password=\"%s\" WHERE username=\"admin\";' % hashpass)
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"BambooInvoice Email",
"Enter email address for the 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"BambooInvoice Domain",
"Enter the domain to serve BambooInvoice.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
command = ["php", join(dirname(__file__), 'bambooinvoice_pass.php'), password]
p = subprocess.Popen(command, stdin=PIPE, stdout=PIPE, shell=False)
stdout, stderr = p.communicate()
if stderr:
fatal(stderr)
cryptpass = stdout.strip()
d = Dialog("TurnKey Linux - First boot configuration")
password = d.get_password("GitLab Password", "Enter new password for the GitLab 'admin' account.")
if not email:
if "d" not in locals():
d = Dialog("TurnKey Linux - First boot configuration")
email = d.get_email("GitLab Email", "Enter email address for the GitLab 'admin' account.", "*****@*****.**")
inithooks_cache.write("APP_EMAIL", email)
if not domain:
if "d" not in locals():
d = Dialog("TurnKey Linux - First boot configuration")
domain = d.get_input("GitLab Domain", "Enter the domain to serve GitLab.", DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write("APP_DOMAIN", domain)
system_gitlab(
"""echo '\
conf.return_format = ""; \
ActiveRecord::Base.logger.level = 1; \
u = User.find_by_id(1); \
u.password = "******"; \
u.email = "%s"; \
u.skip_reconfirmation!; \
u.save!; \
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"OpenLDAP Password",
"Enter new password for the OpenLDAP 'admin' account.")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("OpenLDAP Domain", "Enter the OpenLDAP domain.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
script = os.path.join(os.path.dirname(__file__), 'openldap-reinit.sh')
system(script, domain, password)
if __name__ == "__main__":
main()
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"ClipBucket Email",
"Enter email address for the ClipBucket 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"ClipBucket Domain",
"Enter the domain to serve ClipBucket.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
hash = clipbucket_hash(password)
m = MySQL()
m.execute('UPDATE clipbucket.users SET password=\"%s\", email=\"%s\" WHERE username=\"admin\";' % (hash, email))
m.execute('UPDATE clipbucket.config SET value=\"%s\" WHERE name=\"support_email\";' % email)
m.execute('UPDATE clipbucket.config SET value=\"%s\" WHERE name=\"website_email\";' % email)
m.execute('UPDATE clipbucket.config SET value=\"%s\" WHERE name=\"welcome_email\";' % email)
m.execute('UPDATE clipbucket.config SET value=\"http://%s\" WHERE name=\"baseurl\";' % domain)
except getopt.GetoptError, e:
usage(e)
password = ""
email = ""
addy = ""
uname = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--URL':
addy = val
if not addy:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
addy = d.get_input(
"Ghost URL",
"Enter the full URL of the Ghost Blog.",
"http://tryghost.org")
for line in fileinput.FileInput("/var/www/ghost/config.js",inplace=1):
line = line.replace("http://my-ghost-blog.com",addy)
print line
if __name__ == "__main__":
main()
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
email = ""
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Elgg Password",
"Enter new password for the Elgg 'admin' account.")
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Elgg Email", "Enter email address for the Elgg 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Elgg Domain",
"Enter the domain to serve Elgg. Note: Elgg does not support http without further configuration, domain will default to https.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
fqdn = re.compile(r"https?://")
fqdn = fqdn.sub('', domain).strip('/')
domain = ("https://%s/" % fqdn)
inithooks_cache.write('APP_DOMAIN', fqdn)
salt = bcrypt.gensalt(10)
hashpass = bcrypt.hashpw(password.encode('utf8'), salt)
m = MySQL()
try:
with m.connection.cursor() as cursor:
cursor.execute(
'SELECT guid FROM elgg.elgg_entities WHERE type="user" AND owner_guid="0"'
)
admin_guid = cursor.fetchone()['guid']
cursor.execute(
'SELECT name FROM elgg.elgg_metadata WHERE entity_guid=%s',
(admin_guid, ))
assert (cursor.fetchone()['name'])
# sanity check, if this fails, look at the database. You'll probably need to update
# all of this database stuff
cursor.execute(
'UPDATE elgg.elgg_metadata SET value=%s WHERE entity_guid=%s AND name="password_hash"',
(
hashpass,
admin_guid,
))
cursor.execute(
'UPDATE elgg.elgg_metadata SET value=%s WHERE entity_guid=%s AND name="email"',
(
email,
admin_guid,
))
cursor.execute(
'UPDATE elgg.elgg_metadata SET value=%s WHERE entity_guid=1 AND name="email"',
(email, ))
m.connection.commit()
finally:
m.connection.close()
with open('/etc/cron.d/elgg', 'r') as fob:
contents = fob.read()
contents = re.sub("ELGG='.*'", "ELGG='%s'" % domain, contents)
with open('/etc/cron.d/elgg', 'w') as fob:
fob.write(contents)
elgg_conf = "/var/www/elgg/elgg-config/settings.php"
subprocess.run([
"sed", "-i",
'\|^\$CONFIG->wwwroot|s|=.*|= "%s";|' % domain.strip('/'), elgg_conf
])
apache_conf = "/etc/apache2/sites-available/elgg.conf"
subprocess.run([
"sed", "-i",
"\|RewriteRule|s|https://.*|https://%s/\$1 [R,L]|" % fqdn, apache_conf
])
subprocess.run(
["sed", "-i",
"\|RewriteCond|s|!^.*|!^%s$|" % fqdn, apache_conf])
subprocess.run(["service", "apache2", "restart"])
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"osCommerce Email",
"Enter email address for the osCommerce 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("osCommerce Domain",
"Enter the domain to serve osCommerce",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
command = ["php", join(dirname(__file__), 'oscommerce_pass.php'), password]
p = subprocess.Popen(command, stdin=PIPE, stdout=PIPE, shell=False)
stdout, stderr = p.communicate()
if stderr:
fatal(stderr)
cryptpass = stdout.strip()
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Elgg Email",
"Enter email address for the Elgg 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Elgg Domain",
"Enter the domain to serve Elgg. Note: Elgg does not support http without further configuration, domain will default to https.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
fqdn = re.compile(r"https?://")
fqdn = fqdn.sub('', domain).strip('/')
domain = "https://%s/" % fqdn
inithooks_cache.write('APP_DOMAIN', fqdn)
salt = bcrypt.gensalt(10)
hashpass = bcrypt.hashpw(password, salt)
m = MySQL()
if not email:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
email = d.get_email(
"Ghost Email",
"Please enter email address for the Ghost blogger account.",
"*****@*****.**")
if not uname:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
uname = d.get_input(
"Ghost Account Name",
"Enter the Ghost blogger's name (real name recommended).",
DEFAULT_UNAME)
if uname == "DEFAULT":
uname = DEFAULT_UNAME
if not domain:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
domain = d.get_input(
"Ghost Domain",
"Enter the domain to serve Ghost, include http(s) protocol, defaults to https.",
"https://www.example.com")
if not domain.startswith('https://') and not domain.startswith('http://'):
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
email = ""
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Gitea Password",
"Enter new password for the Gitea 'admin' account.",
pass_req=8,
min_complexity=4)
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Gitea Email",
"Enter email address for the Gitea 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("Gitea Domain",
"Enter the domain to serve Gitea.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
config = "/etc/gitea/app.ini"
subprocess.run([
"su", "git", "-c",
"cd /home/git && ./gitea admin change-password -u gitea -p %s" %
password
])
subprocess.run(['sed', '-i', "\|DOMAIN|s|=.*|= %s|" % domain, config])
subprocess.run(
['sed', '-i',
"\|ROOT_URL|s|=.*|= https://%s/|" % domain, config])
subprocess.run(['sed', '-i', "\|FROM|s|=.*|= %s|" % email, config])
m = MySQL()
m.execute("UPDATE gitea.user SET email='%s' WHERE id=1;" % (email, ))
subprocess.run(["systemctl", "restart", "gitea"])
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"GitLab Email",
"Enter email address for the GitLab 'root' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("GitLab Domain",
"Enter the domain to serve GitLab.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
print("Reconfiguring GitLab. This might take a while. Please wait.")
config = "/etc/gitlab/gitlab.rb"
domain = "http://%s" % domain
system("sed -i \"/^external_url/ s|'.*|'%s'|\" %s" % (domain, config))
system(
"sed -i \"/^gitlab_rails\['gitlab_email_from'\]/ s|=.*|= '%s'|\" %s" %
(email, config))
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Piwik Email",
"Enter email address for Piwik 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Piwik Domain",
"Enter the domain to serve Piwik.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
domain = domain.strip("/")
if not domain.startswith("http://"):
domain = "http://%s/" % domain
m = MySQL()
m.execute('UPDATE piwik.piwik_option SET option_value=\"%s\" WHERE option_name=\"piwikUrl\";' % domain)
piwik_config.update("[General]", "trusted_hosts[]", domain)
hash = hashlib.md5(password).hexdigest()
token = hashlib.md5('admin' + hash).hexdigest()
for opt, val in opts:
if opt in ("-h", "--help"):
usage()
elif opt == "--pass":
password = val
elif opt == "--server":
server = val
elif opt == "--base":
ldap_base = val
elif opt == "--binddn":
ldap_user = val
if not ldap_base:
d = Dialog("TurnKey Linux - First boot configuration")
ldap_base = d.get_input("LDAP Base", "Enter the LDAP Base DN.", DEFAULT_BASE)
if ldap_base == "DEFAULT":
ldap_base = DEFAULT_BASE
if not ldap_user:
if "d" not in locals():
d = Dialog("TurnKey Linux - First boot configuration")
ldap_user = d.get_input(
"LDAP User", "Enter the LDAP User for NSS and PAM connections.", "cn=nsspam," + ldap_base
)
if not password:
if "d" not in locals():
d = Dialog("TurnKey Linux - First boot configuration")
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email", "Enter email address for the OpenVPN server key.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', key_email)
if not public_address:
public_address = dialog.get_input(
"OpenVPN Public Address",
"Enter FQDN or IP address of server reachable by clients",
"vpn.example.com")
auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254))
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"OpenVPN Virtual Subnet",
"Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.",
auto_virtual_subnet)
if virtual_subnet.upper() == "AUTO":
virtual_subnet = auto_virtual_subnet
if profile == "server":
if not private_subnet:
retcode, private_subnet = dialog.inputbox(
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"PHPlist Email",
"Enter email address for the PHPlist 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"PHPlist Domain",
"Enter the domain to serve PHPlist.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
m = MySQL()
m.execute('UPDATE phplist.admin SET password=\"%s\" WHERE loginname=\"admin\";' % password)
m.execute('UPDATE phplist.admin SET email=\"%s\" WHERE loginname=\"admin\";' % email)
m.execute('UPDATE phplist.config SET value=\"%s\" WHERE item=\"website\";' % domain)
if __name__ == "__main__":
main()
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"PunBB Email",
"Enter email address for the PunBB 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"PunBB Domain",
"Enter the domain to serve PunBB.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
def sha1(s):
return hashlib.sha1(s).hexdigest()
salt = ''.join((random.choice(string.letters+string.digits) for x in range(12)))
hash = sha1(salt + sha1(password))
m = MySQL()
m.execute('UPDATE punbb.users SET password=\"%s\", salt=\"%s\", email=\"%s\" WHERE username=\"admin\";' % (hash, salt, email))
usage(e)
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--domain':
domain = val
if not domain:
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"Ejabberd Domain",
"Enter top-level domain to associate with ejabberd and speeqe.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
if not password:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Ejabberd Password",
"Enter new password for ejabberd 'admin@%s' account." % domain)
command = ["/usr/lib/inithooks/bin/ejabberd.sh", domain, password]
p = subprocess.Popen(command, stdin=PIPE, stdout=PIPE, shell=False)
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email",
"Enter email address for the OpenVPN server key.",
"*****@*****.**")
if not public_address:
public_address = dialog.get_input(
"OpenVPN Public Address",
"Enter FQDN or IP address of server reachable by clients",
"vpn.example.com")
auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254))
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"OpenVPN Virtual Subnet",
"Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.",
auto_virtual_subnet)
if virtual_subnet.upper() == "AUTO":
virtual_subnet = auto_virtual_subnet
if profile == "server":
if not private_subnet:
retcode, private_subnet = dialog.inputbox(
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Foswiki Email",
"Enter email address for the Foswiki 'AdminUser' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('Turnkey Linux - First boot configuration')
domain = d.get_input("Foswiki Domain",
"Enter the domain to serve Foswiki.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
if not (domain.startswith('http://') or domain.startswith('https://')):
domain = 'https://' + domain
inithooks_cache.write('APP_DOMAIN', domain)
check_output([
'perl', '-CA', '/var/www/foswiki/tools/configure', '-save', '-set',
'{Password}=%s' % password, '-set',
'{WebMasterEmail}=%s' % email, '-set',
'{DefaultUrlHost}=%s' % domain
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"iceScrum Email",
"Enter email address for the iceScrum 'admin' account.",
"*****@*****.**")
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"iceScrum Domain",
"Enter the domain to serve iceScrum.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
hash = hashlib.sha256(password).hexdigest()
m = MySQL()
m.execute('UPDATE icescrum.icescrum2_user SET passwd=\"%s\" WHERE username=\"admin\";' % hash)
m.execute('UPDATE icescrum.icescrum2_user SET email=\"%s\" WHERE username=\"admin\";' % email)
config = "/etc/icescrum/config.groovy"
system("sed -i \"s|serverURL =.*|serverURL = \\\"http://%s\\\"|\" %s" % (domain, config))
# restart tomcat if running so changes will take effect
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h", [
'help', 'profile=', 'key-email=', 'public-address=',
'virtual-subnet=', 'private-subnet='
])
except getopt.GetoptError as e:
usage(e)
profile = ""
key_email = ""
public_address = ""
virtual_subnet = ""
private_subnet = ""
redirect_client_gateway = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--profile':
profile = val
elif opt == '--key-email':
key_email = val
elif opt == '--public-address':
public_address = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--private-subnet':
private_subnet = val
dialog = Dialog('TurnKey Linux - First boot configuration')
if not profile:
profile = dialog.menu(
"OpenVPN Profile",
"Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.",
[('server', 'Accept VPN connections from clients'),
('gateway', 'Accept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')])
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email", "Enter email address for the OpenVPN server key.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', key_email)
if not public_address:
public_address = dialog.get_input(
"OpenVPN Public Address",
"Enter FQDN or IP address of server reachable by clients",
"vpn.example.com")
auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254))
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"OpenVPN Virtual Subnet",
"Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.",
auto_virtual_subnet)
if virtual_subnet.upper() == "AUTO":
virtual_subnet = auto_virtual_subnet
if profile == "server":
if not private_subnet:
retcode, private_subnet = dialog.inputbox(
"OpenVPN Private Subnet",
"Enter CIDR subnet behind server for clients to reach.",
"10.0.1.0/24", "Apply", "Skip")
if private_subnet.upper() == "SKIP":
private_subnet = ""
cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh')
subprocess.run([cmd, key_email, public_address, virtual_subnet])
if profile == "gateway":
fh = open("/etc/openvpn/server.conf", "a")
fh.write(
"# configure clients to route all their traffic through the vpn\n")
fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n")
fh.close()
if private_subnet:
fh = open("/etc/openvpn/server.conf", "a")
fh.write(
"# push routes to clients to allow them to reach private subnets\n"
)
for _private_subnet in private_subnet.split(','):
fh.write("push \"route %s\"\n" % expand_cidr(_private_subnet))
fh.close()
subprocess.run(['systemctl', 'start', 'openvpn@server'])
rootpass = val
elif opt in ('-r', '--rpass'):
rounduppass = val
elif opt in ('-s', '--sipass'):
simpleinvoicespass = val
elif opt in ('-t', '--tld'):
tld = val
elif opt in ('-u', '--user'):
username = val
elif opt in ('-z', '--zpass'):
toolspass = val
if not tld:
sitename = ""
d = Dialog('TurnKey Linux - First boot configuration')
tld = d.get_input("Set tld (top level domain) in http://www.basesitename.TLD", "Please enter top level domain (tld) without a dot (e.g. com, org, net).")
if not sitename:
d = Dialog('TurnKey Linux - First boot configuration')
sitename = d.get_input("Set base site name in http://www.BASESITENAME.%s" % tld, "Please enter base site name without 'http://www.' or '.%s'." % tld)
lowername = sitename.replace(" ","").lower()
tld = tld.lower()
hostname = ".".join([lowername,tld])
if not email:
email = "@".join(['admin',hostname])
# Set root password.
if not username:
username = "******"
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
password = ""
email = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Drupal9 Password",
"Enter new password for the Drupal9 'admin' account.")
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Drupal9 Email",
"Enter email address for the Drupal9 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("Drupal9 Domain",
"Enter the domain to serve Drupal9.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
print("Progress...")
m = MySQL()
m.execute(
'UPDATE drupal9.users_field_data SET mail=%s WHERE name=\"admin\";',
(email, ))
m.execute(
'UPDATE drupal9.users_field_data SET init=%s WHERE name=\"admin\";',
(email, ))
domain = domain.replace('.', '\\\\\.')
subprocess.run([
'/usr/lib/inithooks/bin/drupalconf.sh', '-e', email, '-p', password,
'-d', domain
])
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--server':
server = val
elif opt == '--base':
ldap_base = val
elif opt == '--binddn':
ldap_user = val
if not ldap_base:
d = Dialog('TurnKey Linux - First boot configuration')
ldap_base = d.get_input(
"LDAP Base",
"Enter the LDAP Base DN.",
DEFAULT_BASE)
if ldap_base == "DEFAULT":
ldap_base = DEFAULT_BASE
if not ldap_user:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
ldap_user = d.get_input(
"LDAP User",
"Enter the LDAP User for owncloud connections.",
"cn=owncloud," + ldap_base)
if not password:
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'pass='******'email=', 'domain='])
except getopt.GetoptError as e:
usage(e)
email = ""
domain = ""
password = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--pass':
password = val
elif opt == '--email':
email = val
elif opt == '--domain':
domain = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Canvas Password",
"Enter new password for the Canvas 'admin' account.")
if not email:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"Canvas Email",
"Enter email address for the Canvas 'admin' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("Canvas Domain",
"Enter the domain to serve Canvas.",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
salt = "".join(random.choice(string.ascii_letters) for line in range(20))
hash = password + salt
for i in range(20):
hash = hashlib.sha512(hash.encode('utf-8')).hexdigest()
access_token = "".join(
random.choice(string.ascii_letters) for line in range(20))
conn = psycopg2.connect("dbname=canvas_production user=root")
c = conn.cursor()
c.execute('UPDATE users SET name=%s, sortable_name=%s WHERE id=1;',
(email, email))
c.execute(
'UPDATE pseudonyms SET unique_id=%s, crypted_password=%s, password_salt=%s, single_access_token=%s WHERE user_id=1;',
(email, hash, salt, access_token))
c.execute('UPDATE communication_channels SET path=%s WHERE id=1;',
(email, ))
conn.commit()
c.close()
conn.close()
config = "/var/www/canvas/config/outgoing_mail.yml"
subprocess.run(
["sed", "-ri",
's|domain:.*|domain: "%s"|' % domain, config])
subprocess.run([
"sed", "-ri",
's|outgoing_address:.*|outgoing_address: "%s"|' % email, config
])
config = "/var/www/canvas/config/dynamic_settings.yml"
subprocess.run(
["sed", "-ri",
's|app-host:.*|app-host: "%s:3000"|' % domain, config])
config = "/var/www/canvas/config/domain.yml"
subprocess.run(
["sed", "-ri",
's|domain:.*|domain: "%s"|' % domain, config])
config = "/var/www/canvas/config/initializers/outgoing_mail.rb"
subprocess.run(
["sed", "-ri",
's|:domain => .*|:domain => "%s",|' % domain, config])
print("Restarting services; please wait...")
for service in ['canvas_init', 'apache2']:
subprocess.run(['systemctl', 'restart', service])
elif opt == '--join_ns':
join_nameserver = val
while 1:
if not join:
d = Dialog('Turnkey Linux - First boot configuration')
join = d.yesno(
"Join existing AD?",
"You can create the Active Directory or join existing.",
"Join", "Create")
if not realm:
d = Dialog('Turnkey Linux - First boot configuration')
realm = d.get_input("Samba/Kerberos Realm",
"Enter realm you would like to use.",
DEFAULT_REALM)
DEFAULT_DOMAIN = realm.split('.')[0].upper()
if not domain:
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input("Samba Domain",
"Enter domain you would like to use.",
DEFAULT_DOMAIN)
if not admin_password:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
admin_password = d.get_password(
"Samba Password",
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
email = d.get_email(
"GNU social Email",
"Please enter email address for the GNU Social 'administrator' account.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', email)
if not domain:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
domain = d.get_input(
"GNU social Domain",
"Enter the domain to serve GNU social",
DEFAULT_DOMAIN)
if domain == "DEFAULT":
domain = DEFAULT_DOMAIN
inithooks_cache.write('APP_DOMAIN', domain)
hashpass = hashlib.md5(password + '1').hexdigest() # userid
m = MySQL()
m.execute('UPDATE gnusocial.user SET email=\"%s\" WHERE nickname=\"administrator\";' % email)
m.execute('UPDATE gnusocial.user SET password=\"%s\" WHERE nickname=\"administrator\";' % hashpass)
m.execute('UPDATE gnusocial.user SET uri=\"http://%s/user/1\" WHERE nickname=\"administrator\";' % domain)
new = []
