From 878beae027fa428440e48a08874a8412d6b69426 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Thu, 6 Jan 2022 22:25:03 +0100
Subject: [PATCH] Added wiki.in.

---
 sources/wiki.in/config                        | 22 +++++++
 sources/wiki.in/envvars                       |  5 ++
 .../wiki.in/firstboot/01_setupnetworking.sh   | 59 +++++++++++++++++++
 sources/wiki.in/firstboot/02_settimezone.sh   | 21 +++++++
 sources/wiki.in/firstboot/03_setupldap.sh     | 10 ++++
 sources/wiki.in/firstboot/10_certbot.sh       | 14 +++++
 sources/wiki.in/firstboot/99_cleanup.sh       |  6 ++
 .../wiki.in/postinstall/01_setownership.sh    |  7 +++
 .../wiki.in/postinstall/02_setpermissions.sh  |  7 +++
 sources/wiki.in/postinstall/03_setdate.sh     |  7 +++
 .../wiki.in/postinstall/04_installfiles.sh    | 16 +++++
 .../wiki.in/postinstall/10_setupservices.sh   |  8 +++
 sources/wiki.in/postinstall/99_cleanup.sh     |  6 ++
 sources/wiki.in/postinstall/copy.list         |  1 +
 .../install/etc/dokuwiki/local.php            | 27 +++++++++
 .../install/etc/dokuwiki/users.auth.php       | 10 ++++
 .../install/etc/httpd/conf.d/dokuwiki.conf    | 29 +++++++++
 17 files changed, 255 insertions(+)
 create mode 100644 sources/wiki.in/config
 create mode 100644 sources/wiki.in/envvars
 create mode 100755 sources/wiki.in/firstboot/01_setupnetworking.sh
 create mode 100755 sources/wiki.in/firstboot/02_settimezone.sh
 create mode 100755 sources/wiki.in/firstboot/03_setupldap.sh
 create mode 100755 sources/wiki.in/firstboot/10_certbot.sh
 create mode 100755 sources/wiki.in/firstboot/99_cleanup.sh
 create mode 100755 sources/wiki.in/postinstall/01_setownership.sh
 create mode 100755 sources/wiki.in/postinstall/02_setpermissions.sh
 create mode 100755 sources/wiki.in/postinstall/03_setdate.sh
 create mode 100755 sources/wiki.in/postinstall/04_installfiles.sh
 create mode 100755 sources/wiki.in/postinstall/10_setupservices.sh
 create mode 100755 sources/wiki.in/postinstall/99_cleanup.sh
 create mode 100644 sources/wiki.in/postinstall/copy.list
 create mode 100644 sources/wiki.in/postinstall/install/etc/dokuwiki/local.php
 create mode 100644 sources/wiki.in/postinstall/install/etc/dokuwiki/users.auth.php
 create mode 100644 sources/wiki.in/postinstall/install/etc/httpd/conf.d/dokuwiki.conf

diff --git a/sources/wiki.in/config b/sources/wiki.in/config
new file mode 100644
index 0000000..9b30ed1
--- /dev/null
+++ b/sources/wiki.in/config
@@ -0,0 +1,22 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = wiki.in.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ data none bind,create=dir 0 0
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = bri-dev
+lxc.net.0.hwaddr = 02:0c:18:03:6d:ef
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5
diff --git a/sources/wiki.in/envvars b/sources/wiki.in/envvars
new file mode 100644
index 0000000..64c45e4
--- /dev/null
+++ b/sources/wiki.in/envvars
@@ -0,0 +1,5 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=35
+ROOT_PACKAGES="hostname initscripts iproute rootfiles systemd-udev"
+BASE_PACKAGES="NetworkManager iputils logrotate rsyslog tar vim-minimal"
+SPEC_PACKAGES="dokuwiki httpd mod_ssl php-ldap python3-certbot-apache"
diff --git a/sources/wiki.in/firstboot/01_setupnetworking.sh b/sources/wiki.in/firstboot/01_setupnetworking.sh
new file mode 100755
index 0000000..4d91f3a
--- /dev/null
+++ b/sources/wiki.in/firstboot/01_setupnetworking.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $WAITED -eq 1 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -ne 1 ]
+do
+    echo "Number of connections: $CONNECTIONS" >&2
+    sleep 1
+    CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+nmcli --terse connection show | grep ':$' >/dev/null
+ALL_CONNECTION_DEVICES_KNOWN=$?
+while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ]
+do
+    echo "Not all connection devices are known yet" >&2
+    sleep 1
+    nmcli --terse connection show | grep ':$' >/dev/null
+    ALL_CONNECTION_DEVICES_KNOWN=$?
+done
+
+CONNECTION_LINE=$(nmcli --terse connection show)
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id internal \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "10.228.109.239/16" \
+    ipv4.dns "10.228.109.104, 10.228.109.253" \
+    ipv4.dns-search "in.useribm.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6def/64" \
+    ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6dfd, 2a02:d400:0000:f268:000c:18ff:fe03:6d68" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.gateway "2a02:d400:0000:f268:000c:18ff:fe03:6dfe" \
+    ipv6.method "manual" \
+    save yes
+
+nmcli connection show
diff --git a/sources/wiki.in/firstboot/02_settimezone.sh b/sources/wiki.in/firstboot/02_settimezone.sh
new file mode 100755
index 0000000..20b2a71
--- /dev/null
+++ b/sources/wiki.in/firstboot/02_settimezone.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    if [ $WAITED -eq 0 ]
+    then
+        echo -n "Waiting for dbus.service"
+    fi
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
diff --git a/sources/wiki.in/firstboot/03_setupldap.sh b/sources/wiki.in/firstboot/03_setupldap.sh
new file mode 100755
index 0000000..415d6db
--- /dev/null
+++ b/sources/wiki.in/firstboot/03_setupldap.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+exit 0
+authselect select sssd with-mkhomedir --force
+
+cat >>/etc/openldap/ldap.conf <<EOF
+BASE dc=user,dc=hu
+URI ldap://ldap.in.useribm.hu
+EOF
diff --git a/sources/wiki.in/firstboot/10_certbot.sh b/sources/wiki.in/firstboot/10_certbot.sh
new file mode 100755
index 0000000..bd14fed
--- /dev/null
+++ b/sources/wiki.in/firstboot/10_certbot.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+
+for f in /etc/httpd/conf.d/*.le
+do
+    cf=$(echo $f | sed 's/^\(.*\).le$/\1/')
+    mv $f $cf
+done
+/usr/bin/cp \
+    --archive \
+    /usr/lib/python3.10/site-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf \
+    /etc/letsencrypt/options-ssl-apache.conf
+systemctl enable httpd.service
+systemctl start httpd.service
diff --git a/sources/wiki.in/firstboot/99_cleanup.sh b/sources/wiki.in/firstboot/99_cleanup.sh
new file mode 100755
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/wiki.in/firstboot/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
diff --git a/sources/wiki.in/postinstall/01_setownership.sh b/sources/wiki.in/postinstall/01_setownership.sh
new file mode 100755
index 0000000..f2e6b94
--- /dev/null
+++ b/sources/wiki.in/postinstall/01_setownership.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown -R root.root $SOURCE_PATH/*
diff --git a/sources/wiki.in/postinstall/02_setpermissions.sh b/sources/wiki.in/postinstall/02_setpermissions.sh
new file mode 100755
index 0000000..ae5578a
--- /dev/null
+++ b/sources/wiki.in/postinstall/02_setpermissions.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown apache.apache $SOURCE_PATH/etc/dokuwiki/*
diff --git a/sources/wiki.in/postinstall/03_setdate.sh b/sources/wiki.in/postinstall/03_setdate.sh
new file mode 100755
index 0000000..46d35e9
--- /dev/null
+++ b/sources/wiki.in/postinstall/03_setdate.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+touch $SOURCE_PATH/etc/dokuwiki/local.php
diff --git a/sources/wiki.in/postinstall/04_installfiles.sh b/sources/wiki.in/postinstall/04_installfiles.sh
new file mode 100755
index 0000000..e4ee7ff
--- /dev/null
+++ b/sources/wiki.in/postinstall/04_installfiles.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+tar --create \
+    --directory=$REAL_PATH \
+    --exclude=.placeholder \
+    --to-stdout \
+    install \
+    | tar --extract \
+          --backup \
+          --directory=/ \
+          --no-overwrite-dir \
+          --strip-components=1 \
+          --suffix=.orig
diff --git a/sources/wiki.in/postinstall/10_setupservices.sh b/sources/wiki.in/postinstall/10_setupservices.sh
new file mode 100755
index 0000000..d786dbc
--- /dev/null
+++ b/sources/wiki.in/postinstall/10_setupservices.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+
+systemctl enable httpd.service
+
+systemctl enable NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
diff --git a/sources/wiki.in/postinstall/99_cleanup.sh b/sources/wiki.in/postinstall/99_cleanup.sh
new file mode 100755
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/wiki.in/postinstall/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
diff --git a/sources/wiki.in/postinstall/copy.list b/sources/wiki.in/postinstall/copy.list
new file mode 100644
index 0000000..2bbc234
--- /dev/null
+++ b/sources/wiki.in/postinstall/copy.list
@@ -0,0 +1 @@
+ws.pm.useribm.hu /etc/letsencrypt etc
diff --git a/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php b/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php
new file mode 100644
index 0000000..d07d0fb
--- /dev/null
+++ b/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * This is an example of how a local.php could look like.
+ * Simply copy the options you want to change from dokuwiki.php
+ * to this file and change them.
+ *
+ * When using the installer, a correct local.php file be generated for
+ * you automatically.
+ */
+
+
+$conf['title']		= 'USER Wiki';			// what to show in the title
+$conf['baseurl']	= 'https://wiki.useribm.hu';	// URL to server including protocol - blank for autodetect
+$conf['savedir']	= '/data/dokuwiki/data';	// where to store all the files
+
+$conf['useacl']		= 1;				// use Access Control Lists to restrict access
+$conf['superuser']	= 'zfelleg';
+
+$conf['authtype']	= 'authldap';
+
+$conf['plugin']['authldap']['server']		= 'ldap://ldap.in.useribm.hu:389';
+$conf['plugin']['authldap']['usertree']		= 'ou=People,dc=user,dc=hu';
+$conf['plugin']['authldap']['grouptree']	= 'ou=Group,dc=user,dc=hu';
+$conf['plugin']['authldap']['userfilter']	= '(&(uid=%{user})(objectClass=posixAccount))';
+$conf['plugin']['authldap']['groupfilter']	= '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
+$conf['plugin']['authldap']['version']		= 3;
+$conf['plugin']['authldap']['attributes']	= array();
diff --git a/sources/wiki.in/postinstall/install/etc/dokuwiki/users.auth.php b/sources/wiki.in/postinstall/install/etc/dokuwiki/users.auth.php
new file mode 100644
index 0000000..a9f50a2
--- /dev/null
+++ b/sources/wiki.in/postinstall/install/etc/dokuwiki/users.auth.php
@@ -0,0 +1,10 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Format:
+#
+# login:passwordhash:Real Name:email:groups,comma,separated
+zfelleg:$2y$10$FCyVO45in9u5IIkEwmX8vuqT5LSc588dgNcSGIpp0vMP9YgR9Uxpq:Zoltán Felleg:zoltan.felleg@userrendszerhaz.hu:admins,users
diff --git a/sources/wiki.in/postinstall/install/etc/httpd/conf.d/dokuwiki.conf b/sources/wiki.in/postinstall/install/etc/httpd/conf.d/dokuwiki.conf
new file mode 100644
index 0000000..8c5657a
--- /dev/null
+++ b/sources/wiki.in/postinstall/install/etc/httpd/conf.d/dokuwiki.conf
@@ -0,0 +1,29 @@
+
+Alias / /usr/share/dokuwiki/
+
+<Directory /usr/share/dokuwiki>
+	<RequireAny>
+		Require all granted
+	</RequireAny>
+</Directory>
+
+<Directory /usr/share/dokuwiki/bin>
+	Order Deny,Allow
+	Deny from all
+</Directory>
+
+<Directory /usr/share/dokuwiki/conf>
+	Order Deny,Allow
+	Deny from all
+</Directory>
+
+<Directory /usr/share/dokuwiki/inc>
+	Order Deny,Allow
+	Deny from all
+</Directory>
+
+<Directory /usr/share/dokuwiki/vendor>
+	Order Deny,Allow
+	Deny from all
+</Directory>
+
-- 
2.54.0