PiFrameFleet/root/etc/cont-init.d/30-config

#!/usr/bin/with-contenv bash

####################
# Pictures storage
####################
if [ ! -d "/opt/pictures" ] ; then
  mkdir /opt/pictures
fi

####################
# Email notifications
####################
if [ ! -d "/opt/misc" ] ; then
  mkdir /opt/misc
fi
if [ ! -f "/opt/misc/msmtp.log" ] ; then
touch /opt/misc/msmtp.log
chown root: /opt/misc/msmtp.log
chmod 666 /opt/misc/msmtp.log
fi
if [ ! -f "/opt/misc/aliases" ] ; then
cat > /opt/misc/aliases <<EOF
# Example aliases file

# Send root to Joe and Jane
root: $CONFIG_NOTIFY_EMAIL

# Send cron to Mark
cron: $CONFIG_NOTIFY_EMAIL

# Send everything else to admin
default: $CONFIG_NOTIFY_EMAIL
EOF
fi
if [ ! -f "/opt/misc/msmtprc" ] ; then
cat > /opt/misc/msmtprc <<EOF
# Accounts will inherit settings from this section
defaults
auth             on
tls              on
tls_trust_file   /etc/ssl/certs/ca-certificates.crt

logfile        /opt/misc/msmtp.log

from           $CONFIG_NOTIFY_SMTP_USER
keepbcc        on

account        piframe
host           $CONFIG_NOTIFY_SMTP_SERVER
port           587
auth           on
user           $CONFIG_NOTIFY_SMTP_USER
password       $CONFIG_NOTIFY_SMTP_PASS

# Set a default account
account default : piframe

aliases /etc/aliases
EOF
fi
ln -sf /opt/misc/aliases /etc/aliases
ln -sf /opt/misc/msmtprc /etc/msmtprc

####################
# rtty
####################
if [ ! -d "/opt/rtty" ] ; then
  mkdir /opt/rtty
fi
if [ ! -f "/opt/rtty/rttys.conf" ] ; then
cat > /opt/rtty/rttys.conf <<EOF
#addr-dev: :5912
#addr-user: :5913

# Auth for http
http-username: ${CONFIG_RTTY_USER}
http-password: ${CONFIG_RTTY_PASS}

#ssl-cert: /etc/rttys/rttys.crt
#ssl-key: /etc/rttys/rttys.key

#base-url: /

#token: a1d4cdb1a3cd6a0e94aa3599afcddcf5

# font-size: 16

# No login required to connect device.
# Values can be device IDs separated by spaces,
# or a "*" indicates that all devices do not require login
# http://localhost:5913/connect/rtty1
#white-list: "*"
#white-list: rtty1 rtty2
EOF
fi

####################
# Ansible
####################
if [ ! -d "/opt/ansible" ] ; then
  mkdir /opt/ansible
fi
if [ ! -d "/opt/ansible/.git" ] ; then
  git clone https://git.kemonine.info/PiFrame/ansible.git /opt/ansible/
else
  cd /opt/ansible
  git pull
fi
if [ ! -f "/opt/ansible/ssh.key" ] ; then
  ssh-keygen -t rsa -b 4096 -f /opt/ansible/ssh.key -N ''
  echo "
-------------------------------------
Ansible SSH Key"
cat /opt/ansible/ssh.key.pub
echo "-------------------------------------
"
fi

####################
# Monit
####################
if [ ! -d "/opt/monit/conf.d" ] ; then
  mkdir /opt/monit/conf.d
fi
if [ ! -f "/opt/monit/monitrc" ] ; then
cat > /opt/monit/monitrc <<EOF
set daemon 120
set log /opt/monit/monit.log
set idfile /opt/monit/id
set statefile /opt/monit/state
set eventqueue
    basedir /opt/monit/events # set the base directory where events will be stored
    slots 100                     # optionally limit the queue size

set httpd port 2812 and
    use address 0.0.0.0
    allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS}

include /opt/monit/conf.d/*
EOF
chmod 600 /opt/monit/monitrc
fi
if [ ! -f "/opt/monit/conf.d/picturesfs" ] ; then
cat > /opt/monit/conf.d/picturesfs <<EOF
check filesystem picturesfs with path /opt/pictures
    if space usage > 80% then alert
EOF
fi

####################
# Monit dashboard
####################
if [ ! -d "/opt/monit-dashboard" ] ; then
  mkdir /opt/monit-dashboard
fi
if [ ! -d "/opt/monit-dashboard/.git" ] ; then
  git clone https://git.kemonine.info/PiFrame/monit-dashboard.git /opt/monit-dashboard
  sed -i 's/app.run(port=8080)/app.run(port=2811)/g' /opt/monit-dashboard/bin/monit-dashboard.py
else
  cd /opt/monit-dashboard
  git stash
  git pull
  sed -i 's/app.run(port=8080)/app.run(port=2811)/g' /opt/monit-dashboard/bin/monit-dashboard.py
fi
cd /opt/monit-dashboard
if [ ! -f "/opt/monit-dashboard/conf/servers.json" ] ; then
cat > conf/servers.json <<EOF
{
"dispatcher": {
  "url": "http://127.0.0.1:2812",
  "user": "${CONFIG_MONIT_USER}",
  "passwd": "${CONFIG_MONIT_PASS}"
  }
}
EOF
fi
cd /opt

####################
# Munin
####################
if [ ! -d "/opt/munin" ] ; then
  mkdir /opt/munin
fi
if [ ! -f "/opt/munin/munin.conf" ] ; then
cat > /opt/munin/munin.conf <<EOF
dbdir /opt/munin/db
htmldir /opt/munin/www
logdir /opt/munin/log
rundir /opt/munin/run
cgitmpdir /opt/munin/cgi-tmp

graph_strategy cron
html_strategy cron

timeout 15

[dispatcher]
    address 127.0.0.1
    use_node_name yes
EOF
fi
if [ ! -f "/opt/munin/munin-node.conf" ] ; then
cat > /opt/munin/munin-node.conf <<EOF
log_level 4
log_file /opt/munin/log/munin-node.log
pid_file /opt/munin/munin-node.pid

background 0
setsid 0

user munin
group munin

# Regexps for files to ignore
ignore_file [\#~]\$
ignore_file DEADJOE\$
ignore_file \.bak\$
ignore_file %\$
ignore_file \.dpkg-(tmp|new|old|dist)\$
ignore_file \.rpm(save|new)\$
ignore_file \.pod\$

allow ^127\.0\.0\.1\$
allow ^::1\$

host 127.0.0.1
port 4949
EOF
fi
rm /etc/munin/munin-node.conf
ln -sf /opt/munin/munin-node.conf /etc/munin/munin-node.conf
rm /etc/munin/munin.conf
ln -sf /opt/munin/munin.conf /etc/munin/munin.conf
if [ ! -d "/opt/munin/log" ] ; then
mkdir /opt/munin/log
chown munin: /opt/munin/log
fi
if [ ! -d "/opt/munin/run" ] ; then
mkdir /opt/munin/run
chown munin: /opt/munin/run
fi
if [ ! -d "/opt/munin/db" ] ; then
mkdir /opt/munin/db
chown munin: /opt/munin/db
fi
if [ ! -d "/opt/munin/www" ] ; then
mkdir /opt/munin/www
fi
chown munin: /opt/munin/www
if [ ! -d "/opt/munin/cgi-tmp" ] ; then
mkdir /opt/munin/cgi-tmp
chown munin: /opt/munin/cgi-tmp
fi
if [ ! -f "/opt/munin/log/munin-update.log" ] ; then
touch /opt/munin/log/munin-update.log
chown munin: /opt/munin/log/munin-update.log
fi
if [ ! -f "/opt/munin/lighttpd-munin.conf" ] ; then
cat > /opt/munin/lighttpd-munin.conf <<EOF
server.username = "munin"
server.groupname = "munin"

server.document-root = "/opt/munin/www"
server.port = 2813

server.errorlog         = "/dev/stdout"
accesslog.filename      = "/dev/stdout"
dir-listing.activate    = "disable"
server.modules          = (
                            "mod_access",
                            "mod_accesslog",
                            "mod_alias",
                            "mod_rewrite",
                            "mod_redirect",
                            "mod_cgi",
                            "mod_fastcgi",
                            "mod_auth",
                            "mod_authn_file",
                            )
server.pid-file         = "/run/lighttpd-munin.pid"
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )

url.redirect += ( "^/*$" => "/munin/" )

\$HTTP["url"] =~ "/munin-cgi/munin-cgi-graph" {
  alias.url += ( "/munin-cgi/munin-cgi-graph" => "/usr/lib/munin/cgi/munin-cgi-graph" )
  cgi.assign = ( "" => "" )
}

alias.url += ( "/munin/static" => "/etc/munin/static" )
alias.url += ( "/munin" => "/opt/munin/www" )

mimetype.assign         = (
                                ".html" => "text/html",
                                ".txt" => "text/plain",
                                ".css" => "text/css",
                                ".js" => "application/x-javascript",
                                ".jpg" => "image/jpeg",
                                ".jpeg" => "image/jpeg",
                                ".gif" => "image/gif",
                                ".png" => "image/png",
                                "" => "application/octet-stream"
                        )
EOF
fi
munin-node-configure --shell
# Prime the munin values so there isn't a 404 on initial view of page
su - munin --shell=/bin/bash /usr/bin/munin-cron

####################
# Dashboard
####################
if [ ! -d "/opt/dashboard" ] ; then
  mkdir /opt/dashboard
fi
if [ ! -f "/opt/dashboard/lighttpd.conf" ] ; then
cat > /opt/dashboard/lighttpd.conf <<EOF
server.username = "www-data"
server.groupname = "www-data"

server.document-root = "/opt/dashboard/www"
server.port = 80

server.errorlog         = "/dev/stdout"
accesslog.filename      = "/dev/stdout"
dir-listing.activate    = "disable"
server.modules          = (
                            "mod_access",
                            "mod_accesslog",
                            "mod_alias",
                            "mod_rewrite",
                            "mod_redirect",
                            "mod_cgi",
                            "mod_fastcgi",
                            "mod_auth",
                            "mod_authn_file",
                            )
server.pid-file         = "/run/lighttpd.pid"
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )

mimetype.assign         = (
                                ".html" => "text/html",
                                ".txt" => "text/plain",
                                ".css" => "text/css",
                                ".js" => "application/x-javascript",
                                ".jpg" => "image/jpeg",
                                ".jpeg" => "image/jpeg",
                                ".gif" => "image/gif",
                                ".png" => "image/png",
                                "" => "application/octet-stream"
                        )
EOF
fi
if [ ! -d "/opt/dashboard/www" ] ; then
mkdir /opt/dashboard/www
chown www-data /opt/dashboard/www
fi
if [ ! -f "/opt/dashboard/www/index.html" ] ; then
cat > /opt/dashboard/www/index.html <<EOF
<html>

<head>
<title>PiFrameFleet</title>
</head>

<body>
<p><a href="http://127.0.0.1:5913">Command Line</a></p>
<p><a href="http://127.0.0.1:2811">Monit Monitoring</a></p>
<p><a href="http://127.0.0.1:2813">Munin Monitoring</a></p>
<p><a href="http://127.0.0.1:8384">Syncthing Admin Interface</a></p>
<p><a href="http://127.0.0.1:9191">Picture File Browser</a></p>
</body>
</html>
EOF
chown www-data /opt/dashboard/www/index.html
fi

####################
# WireGuard
####################
ip link del dev test 2>/dev/null
if ip link add dev test type wireguard; then
  echo "**** It seems the wireguard module is already active :) ****"
  ip link del dev test
else
  echo "**** The wireguard module is not active, please install wireguard on the host and activate the 'wg' kernel module ****"
fi
if [ ! -d "/opt/wireguard" ] ; then
  mkdir /opt/wireguard
fi

####################
# syncthing
####################
if [ ! -d "/opt/syncthing" ]; then
  mkdir /opt/syncthing
fi
ST_CONF="/opt/syncthing/config.xml"
if [ ! -f "$ST_CONF" ]; then
  echo "**** Initial Syncthing Config ****"
  /usr/bin/syncthing -generate /opt/syncthing
  sed -i 's/<address>127.0.0.1:8384<\/address>/<address>0.0.0.0:8384<\/address>/g' /opt/syncthing/config.xml
  sed -i 's/<folder id="default" label="Default Folder" path="\/root\/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">/<folder id="piframe-pictures" label="PiFrameFleet Pictures" path="\/opt\/pictures" type="sendonly" rescanIntervalS="86400" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">/g' /opt/syncthing/config.xml
  if [ -d "/root/Sync" ]; then
    rm -r /root/Sync
  fi
fi

####################
# FileBrowser
####################
if [ ! -d "/opt/filebrowser" ]; then
  mkdir /opt/filebrowser
fi
FB_DB="/opt/filebrowser/pictures.db"
if [ ! -f "$FB_DB" ]; then
  echo "**** Initial FileBrowser Config ****"
  filebrowser -d $FB_DB \
      config init 2>&1 > /dev/null
  filebrowser -d $FB_DB \
      config set --address 0.0.0.0 2>&1 > /dev/null
  filebrowser -d $FB_DB \
      config set --port 9191 2>&1 > /dev/null
  filebrowser -d $FB_DB \
      config set --branding.name "PiFrameFleet - Pictures" 2>&1 > /dev/null
  filebrowser -d $FB_DB \
      users add admin password 2>&1 > /dev/null
fi