mirror of
https://github.com/tiredofit/docker-collabora-online.git
synced 2024-05-03 15:03:12 +02:00
332 lines
21 KiB
Plaintext
Executable file
332 lines
21 KiB
Plaintext
Executable file
#!/usr/bin/with-contenv bash
|
|
|
|
source /assets/functions/00-container
|
|
prepare_service single
|
|
prepare_service 03-monitoring
|
|
PROCESS_NAME="collabora-online"
|
|
|
|
transform_file_var \
|
|
ADMIN_USER \
|
|
ADMIN_PASS \
|
|
DEEPL_API_URL \
|
|
DEEPL_AUTH_KEY \
|
|
LANGUAGE_TOOL_USER_NAME \
|
|
LANGUAGE_TOOL_REST_PROTOCOL
|
|
|
|
sanity_var "ALLOWED_HOSTS" "Allowed Hostnames"
|
|
|
|
print_debug "Creating directories and setting up logging"
|
|
mkdir -p "${LOG_PATH}"
|
|
touch "${LOG_PATH}"/"${LOG_FILE}"
|
|
chown -R cool "${LOG_PATH}"
|
|
|
|
print_debug "Setting up DNS Resolution"
|
|
rm /opt/cool/systemplate/etc/resolv.conf
|
|
cp /etc/hosts /opt/cool/systemplate/etc/
|
|
cp /etc/resolv.conf /opt/cool/systemplate/etc/
|
|
|
|
## Custom Dictionary Support
|
|
if [ -n "${DICTIONARIES}" ]; then
|
|
langs=$(echo "${DICTIONARIES}" | tr "," "\n")
|
|
print_notice "Setting up custom dictionary support - Please wait.."
|
|
silent apt-get update
|
|
for lang in $langs
|
|
do
|
|
print_notice "Adding dictionary for '${lang}' - Please wait.."
|
|
case "${lang}" in
|
|
"de" )
|
|
silent apt-get install -y hunspell-de-de
|
|
cp -R /usr/share/hunspell/de*.{aff,dic} /opt/libreoffice/share/extensions/dict-de/
|
|
;;
|
|
"en-au" )
|
|
silent apt-get install -y hunspell-en-au
|
|
cp -R /usr/share/hunspell/en*.{aff,dic} /opt/libreoffice/share/extensions/dict-en/
|
|
;;
|
|
"en-za" )
|
|
silent apt-get install -y hunspell-en-za
|
|
cp -R /usr/share/hunspell/en*.{aff,dic} /opt/libreoffice/share/extensions/dict-en/
|
|
;;
|
|
"pt-br" )
|
|
silent apt-get install -y hunspell-pt-br
|
|
cp -R /usr/share/hunspell/pt*.{aff,dic} /opt/libreoffice/share/extensions/dict-pt-BR/
|
|
;;
|
|
"pt-pt" )
|
|
silent apt-get install -y hunspell-pt-pt
|
|
cp -R /usr/share/hunspell/pt*.{aff,dic} /opt/libreoffice/share/extensions/dict-pt-PT/
|
|
;;
|
|
* )
|
|
silent apt-get install -y hunspell-"${lang}"
|
|
cp -R /usr/share/hunspell/"${lang}"*.{aff,dic} /opt/libreoffice/share/extensions/dict-"${lang}"/
|
|
;;
|
|
esac
|
|
done
|
|
|
|
silent apt-get clean
|
|
rm -rf /var/lib/apt/lists/*
|
|
chown -R cool. /opt/libreoffice/share/extensions/*
|
|
rm -rf /opt/cool/systemplate/*
|
|
silent sudo -u cool /opt/cool/bin/coolwsd-systemplate-setup /opt/cool/systemplate /opt/libreoffice
|
|
fi
|
|
|
|
custom_files "${CONTAINER_CUSTOM_PATH}" /opt/cool/share/ cool cool
|
|
custom_scripts
|
|
|
|
### Load Custom Fonts
|
|
if [ -d /assets/custom-fonts/ ] ; then
|
|
print_warn "Found Custom Fonts to insert"
|
|
chown -R cool /assets/custom-fonts
|
|
chmod +rx /assets/custom-fonts
|
|
ln -s /assets/custom-fonts /usr/share/fonts/truetype/custom
|
|
silent fc-cache -f -v
|
|
rm -rf /opt/cool/systemplate/*
|
|
silent sudo -u cool /opt/cool/bin/coolwsd-systemplate-setup /opt/cool/systemplate /opt/libreoffice
|
|
fi
|
|
|
|
if var_true "${ENABLE_TLS}" ; then
|
|
print_debug "TLS Enabled"
|
|
if [ ! -d "${TLS_CERT_PATH}" ] || [ ! -f "${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_FILENAME}" ] ; then
|
|
print_debug "No TLS Certificates found"
|
|
if var_true "${ENABLE_TLS_CERT_GENERATE}" ; then
|
|
print_debug "TLS Certificate Autogeneration"
|
|
mkdir -p "$TLS_CERT_PATH"
|
|
# Generate new SSL certificate instead of using the default
|
|
print_notice "Auto Generating Self Signed Certificates"
|
|
mkdir -p /tmp/ssl/
|
|
cd /tmp/ssl/
|
|
mkdir -p certs/ca
|
|
silent openssl genrsa -out certs/ca/root.key.pem 2048
|
|
silent openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
|
|
Authority/CN=Dummy Authority"
|
|
mkdir -p certs/{servers,tmp}
|
|
mkdir -p "certs/servers/localhost"
|
|
silent openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
|
|
if test "${cert_domain-set}" == set; then
|
|
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
|
|
else
|
|
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
|
|
fi
|
|
silent openssl x509 -req -in "certs/tmp/localhost.csr.pem" -CA "certs/ca/root.crt.pem" -CAkey "certs/ca/root.key.pem" -CAcreateserial -out "certs/servers/localhost/cert.pem" -days 9131
|
|
cp -R certs/servers/localhost/privkey.pem "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}"
|
|
cp -R certs/servers/localhost/cert.pem "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}"
|
|
cp -R certs/ca/root.crt.pem "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}"
|
|
rm -rf /tmp/ssl
|
|
chown -R cool "${TLS_CERT_PATH}"
|
|
else
|
|
if [ ! -f "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}" ] ; then
|
|
print_error "TLS Certificates missing... Please switch to autogenerate mode, or place your certifcates in the correct location."
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ "${SETUP_TYPE,,}" = "auto" ]; then
|
|
print_notice "Autogenerating Configuration File"
|
|
### Replace Configuration directives
|
|
sed -i -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${LANGUAGE}</allowed_languages>|g" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Language Tool
|
|
sed -i \
|
|
-e "s|<enabled desc=\"Enable Remote Spell and Grammar Checker\"\(.*\)>.*</enabled>|<enabled desc=\"Enable Remote Spell and Grammar Checker\"\1>${ENABLE_LANGUAGE_TOOL,,}</enabled>|g" \
|
|
-e "s|<base_url desc=\"Http endpoint for the API server\(.*\)>.*<\/base_url>|<base_url desc=\"Http endpointfor the API server\1>${LANGUAGE_TOOL_BASE_URL}<\/base_url>|" \
|
|
-e "s|<user_name desc=\"Lan\(.*\)>.*<\/user_name>|<user_name desc=\"Lan\1>${LANGUAGE_TOOL_USER_NAME}<\/user_name>|" \
|
|
-e "s|<api_key desc=\"API key provided by Lan\(.*\)>.*<\/api_key>|<api_key desc=\"API key provided by Lan\1>${LANGUAGE_TOOL_API_KEY}<\/api_key>|" \
|
|
-e "s|<ssl_verification desc=\"Enable or disable SSL\(.*\)>.*<\/ssl_verification>|<ssl_verification desc=\"Enable or disable SSL\1>${LANGUAGE_TOOL_SSL_VERIFY,,}<\/ssl_verification>|" \
|
|
-e "s|<rest_protocol desc=\"REST API protocol\(.*\)>.*<\/rest_protocol>|<rest_protocol desc=\"REST API protocol\1>${LANGUAGE_TOOL_REST_PROTOCOL,,}<\/rest_protocol>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## DeepL
|
|
sed -i \
|
|
-e "s|<enabled desc=\"If true, shows translate option as a menu\(.*\)>.*</enabled>|<enabled desc=\"If true, shows translate option as a menu\1>${ENABLE_DEEPL,,}</enabled>|g" \
|
|
-e "s|<api_url desc=\"URL for the API\"\(.*\)>.*<\/api_url>|<api_url desc=\"URL for the API\"\1>${DEEPL_API_URL}<\/api_url>|" \
|
|
-e "s|<auth_key desc=\"Auth Key generated by your account\"(.*\)>.*<\/auth_key>|<auth_key desc="Auth Key generated by your account"\1>${DEEPL_AUTH_KEY}<\/auth_key>|g" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
|
|
sed -i -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL,,}</mount_jail_tree>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<file_server_root_path \(.*\)>.*</file_server_root_path>|<file_server_root_path \1>${FILE_SERVER_ROOT_PATH}</file_server_root_path>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<hexify_embedded_urls \(.*\)>.*<\/hexify_embedded_urls>|<hexify_embedded_urls \1>${HEXIFY_EMBEDDED_URLS,,}<\/hexify_embedded_urls>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<experimental_features \(.*\)>.*<\/experimental_features>|<experimental_features \1>${ENABLE_EXPERIMENTAL_FEATURES,,}<\/experimental_features>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<memproportion \(.*\)>.*</memproportion>|<memproportion \1>${MEMORY_USAGE_MAX}</memproportion>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<num_prespawn_children \(.*\)>.*</num_prespawn_children>|<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}</num_prespawn_children>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Per Document
|
|
sed -i \
|
|
-e "s|<max_concurrency \(.*\)>.*<\/max_concurrency>|<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>|" \
|
|
-e "s|<batch_priority \(.*\)>.*<\/batch_priority>|<batch_priority \1>${BATCH_PRIORITY}<\/batch_priority>|" \
|
|
-e "s|<document_signing_url \(.*\)>.*<\/document_signing_url>|<document_signing_url \1>${DOCUMENT_SIGNING_URL}<\/document_signing_url>|" \
|
|
-e "s|<redlining_as_comments \(.*\)>.*<\/redlining_as_comments>|<redlining_as_comments \1>${REDLINING_AS_COMMENTS}<\/redlining_as_comments>|" \
|
|
-e "s|<pdf_resolution_dpi \(.*\)>.*<\/pdf_resolution_dpi>|<pdf_resolution_dpi \1>${PDF_RESOLUTION_DPI}<\/pdf_resolution_dpi>|" \
|
|
-e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>|" \
|
|
-e "s|<idlesave_duration_secs \(.*\)>.*<\/idlesave_duration_secs>|<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>|" \
|
|
-e "s|<autosave_duration_secs \(.*\)>.*<\/autosave_duration_secs>|<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>|" \
|
|
-e "s|<always_save_on_exit \(.*\)>.*<\/always_save_on_exit>|<always_save_on_exit \1>${ALWAYS_SAVE_ON_EXIT}<\/always_save_on_exit>|" \
|
|
-e "s|<limit_virt_mem_mb \(.*\)>.*<\/limit_virt_mem_mb>|<limit_virt_mem_mb \1>${MEMORY_VIRT_LIMIT}<\/limit_virt_mem_mb>|" \
|
|
-e "s|<limit_stack_mem_kb \(.*\)>.*<\/limit_stack_mem_kb>|<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>|" \
|
|
-e "s|<limit_file_size_mb \(.*\)>.*<\/limit_file_size_mb>|<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>|" \
|
|
-e "s|<limit_num_open_files \(.*\)>.*<\/limit_num_open_files>|<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>|" \
|
|
-e "s|<limit_load_secs \(.*\)>.*<\/limit_load_secs>|<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>|" \
|
|
-e "s|<limit_convert_secs \(.*\)>.*<\/limit_convert_secs>|<limit_convert_secs \1>${MAX_CONVERT_LIMIT}<\/limit_convert_secs>|" \
|
|
-e "s|<min_time_between_saves_ms \(.*\)>.*<\/min_time_between_saves_ms>|<min_time_between_saves_ms \1>${MIN_TIME_BETWEEN_SAVES}<\/min_time_between_saves_ms>|" \
|
|
-e "s|<min_time_between_uploads_ms \(.*\)>.*<\/min_time_between_uploads_ms>|<min_time_between_uploads_ms \1>${MIN_TIME_BETWEEN_UPLOADS}<\/min_time_between_uploads_ms>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Cleanup
|
|
sed -i \
|
|
-e "s|<cleanup desc=\(.*\)>.*>|<cleanup desc=\1>${ENABLE_CLEANUP},,>|" \
|
|
-e "s|<cleanup_interval_ms \(.*\)>.*<\/cleanup_interval_ms>|<cleanup_interval_ms \1>${CLEANUP_INTERVAL}<\/cleanup_interval_ms>|" \
|
|
-e "s|<bad_behavior_period_secs \(.*\)>.*<\/bad_behavior_period_secs>|<bad_behavior_period_secs \1>${CLEANUP_BAD_BEHAVIOUR_TIME}<\/bad_behavior_period_secs>|" \
|
|
-e "s|<idle_time_secs \(.*\)>.*<\/<idle_time_secs>|<<idle_time_secs \1>${CLEANUP_IDLE_TIME}<\/<idle_time_secs>|" \
|
|
-e "s|<limit_dirty_mem_mb \(.*\)>.*<\/limit_dirty_mem_mb>|<limit_dirty_mem_mb \1>${CLEANUP_LIMIT_DIRTY_MEMORY}<\/limit_dirty_mem_mb>|" \
|
|
-e "s|<limit_cpu_per \(.*\)>.*<\/limit_cpu_per>|<limit_cpu_per \1>${CLEANUP_LIMIT_CPU_PER}<\/limit_cpu_per>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Per View Settings
|
|
sed -i \
|
|
-e "s|<group_download_as \(.*\)>.*<\/group_download_as>|<group_download_as \1>${GROUP_DOWNLOAD_AS,,}<\/group_download_as>|" \
|
|
-e "s|<out_of_focus_timeout_secs \(.*\)>.*<\/out_of_focus_timeout_secs>|<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>|" \
|
|
-e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
sed -i -e "s|<ver_suffix \(.*\)>.*<\/ver_suffix>|<ver_suffix \1>${VERSION_SUFFIX}<\/ver_suffix>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Logging
|
|
sed -i \
|
|
-e "s|<color \(.*\)>.*<\/color>|<color \1>${LOG_COLOURIZE}<\/color>|" \
|
|
-e "s|<level \(.*\)>.*<\/level>|<level \1>${LOG_LEVEL,,}<\/level>|" \
|
|
-e "s|<protocol \(.*\)>.*<\/protocol>|<protocol \1>${LOG_CLIENT_CONSOLE}<\/protocol>|" \
|
|
-e "s|<lokit_sal_log \(.*\)>.*<\/lokit_sal_log>|<lokit_sal_log \1>${LOG_LIBREOFFICE}<\/lokit_sal_log>|" \
|
|
-e "s|<browser_logging \(.*\)>.*<\/browser_logging>|<browser_logging \1>${LOG_CLIENT_CONSOLE}<\/browser_logging>|" \
|
|
-e "s|<protocol \(.*\)>.*<\/protocol>|<protocol \1>${LOG_PROTOCOL,,}<\/protocol>|" \
|
|
-e "s|<most_verbose_level_settable_from_client \(.*\)>.*<\/most_verbose_level_settable_from_client>|<most_verbose_level_settable_from_client \1>${LOG_LEVEL_CLIENT_MOST_VERBOSE}<\/most_verbose_level_settable_from_client>|" \
|
|
-e "s|<least_verbose_level_settable_from_client \(.*\)>.*<\/least_verbose_level_settable_from_client>|<least_verbose_level_settable_from_client \1>${LOG_LEVEL_CLIENT_LEAST_VERBOSE}<\/least_verbose_level_settable_from_client>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
if [ "${LOG_TYPE,,}" = "file" ]; then
|
|
sed -i \
|
|
-e "s|<file enable=\"false\"|<file enable=\"true\"|" \
|
|
-e "s|<property name=\"path\"\(.*\)>.*<\/property>|<property name=\"path\" \1>${LOG_PATH}/${LOG_FILE}<\/property>|" \
|
|
-e "s|<property name=\"flush\"\(.*\)>.*<\/property>|<property name=\"flush\" \1>${LOG_FILE_FLUSH}<\/property>|" \
|
|
-e "s|<property name=\"rotateOnOpen\"\(.*\)>.*<\/property>|<property name=\"rotateOnOpen\" \1>false<\/property>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
create_logrotate cool "${LOG_PATH}"/"${LOG_FILE}" none cool cool
|
|
else
|
|
print_debug "Log: Console"
|
|
fi
|
|
|
|
if var_true "${LOG_ANONYMIZE}"; then
|
|
sed -i \
|
|
-e "s|<anonymize_user_data \(.*\)>.*<\/anonymize_user_data>|<anonymize_user_data \1>${LOG_ANONYMIZE}<\/anonymize_user_data>|" \
|
|
-e "s|<anonymization_salt \(.*\)>.*<\/anonymization_salt>|<anonymization_salt \1>${LOG_ANONYMIZE_SALT}<\/anonymization_salt>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
fi
|
|
|
|
sed -i -e "s|<docstats \(.*\)>.*<\/docstats>|<docstats \1>${ENABLE_DOCUMENT_STATISTICS,,}<\/docstats>|" /etc/coolwsd/coolwsd.xml
|
|
sed -i -e "s|<userstats \(.*\)>.*<\/userstats>|<userstats \1>${ENABLE_USER_STATISTICS,,}<\/userstats>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Network
|
|
### Allowed Hosts
|
|
sed -i -e 's|<alias_groups \(.*\) mode=.*>|<alias_groups \1 mode="groups">|' /etc/coolwsd/coolwsd.xml
|
|
allowed_hosts=$(echo "${ALLOWED_HOSTS}" | tr "," "\n")
|
|
for host in $allowed_hosts; do
|
|
print_info "Adding Allowed Host: ${host}"
|
|
sed -i "/<alias_groups .*>/a \ <group><host desc=\"hostname to allow or deny.\" allow=\"true\">${host}</host></group>" /etc/coolwsd/coolwsd.xml
|
|
done
|
|
sed -i \
|
|
-e "s|<frame_ancestors \(.*\)>.*<\/frame_ancestors>|<frame_ancestors \1>${FRAME_ANCESTORS}<\/frame_ancestors>|" \
|
|
-e "s|<connection_timeout \(.*\)>.*<\/connection_timeout>|<connection_timeout \1>${CONNECTION_TIMEOUT}<\/connection_timeout>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## SSL
|
|
if var_false "${ENABLE_TLS}" ; then
|
|
sed -i -E "s|<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>|<enable type=\"bool\" desc=\"Controls\1>false<\/enable>|" /etc/coolwsd/coolwsd.xml
|
|
fi
|
|
|
|
if var_true "${ENABLE_TLS_REVERSE_PROXY}" ; then
|
|
sed -i -e "s|<termination \(.*\)>.*<\/termination>|<termination \1>true<\/termination>|" /etc/coolwsd/coolwsd.xml
|
|
else
|
|
sed -i -e "s|<termination \(.*\)>.*<\/termination>|<termination \1>false<\/termination>|" /etc/coolwsd/coolwsd.xml
|
|
fi
|
|
|
|
sed -i \
|
|
-e "s|<ca_file_path \(.*\) relative=\"false\">.*<\/ca_file_path>|<ca_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/ca_file_path>|" \
|
|
-e "s|<cert_file_path \(.*\) relative=\"false\">.*<\/cert_file_path>|<cert_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>|" \
|
|
-e "s|<key_file_path \(.*\) relative=\"false\">.*<\/key_file_path>|<key_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Security
|
|
sed -i \
|
|
-e "s|<seccomp \(.*\)>.*<\/seccomp>|<seccomp \1>${ENABLE_SECCOMP,,}<\/seccomp>|" \
|
|
-e "s|<capabilities \(.*\)>.*<\/capabilities>|<capabilities \1>${ENABLE_CAPABILITIES,,}<\/capabilities>|" \
|
|
-e "s|<jwt_expiry_secs \(.*\)>.*<\/jwt_expiry_secs>|<jwt_expiry_secs \1>${ADMIN_JWT_EXPIRY}<\/jwt_expiry_secs>|" \
|
|
-e "s|<enable_macros_execution \(.*\)>.*<\/enable_macros_execution>|<enable_macros_execution \1>${ENABLE_MACROS,,}<\/enable_macros_execution>|" \
|
|
-e "s|<macro_security_level \(.*\)>.*<\/macro_security_level>|<macro_security_level \1>${MACRO_SECURITY_LEVEL}<\/macro_security_level>|" \
|
|
-e "s|<enable_metrics_unauthenticated \(.*\)>.*<\/enable_metrics_unauthenticated>|<enable_metrics_unauthenticated \1>${ENABLE_METRICS_UNAUTHENTICATED,,}<\/enable_metrics_unauthenticated>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Watermark
|
|
sed -i \
|
|
-e "s|<opacity \(.*\)>.*<\/opacity>|<opacity \1>${WATERMARK_OPACITY}<\/opacity>|" \
|
|
-e "s|<text \(.*\)>.*<\/text>|<text \1>${WATERMARK_TEXT}<\/text>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## User Interface
|
|
sed -i \
|
|
-e "s|<mode \(.*\)>.*<\/mode>|<mode \1>${INTERFACE}<\/mode>|" \
|
|
-e "s|<use_integration_theme \(.*\)>.*<\/use_integration_theme>|<use_integration_theme \1>${USE_INTEGRATOR_THEME,,}<\/use_integration_theme>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
sed -i -e "s|<tile_cache_persistent \(.*\)>.*<\/tile_cache_persistent>|<tile_cache_persistent \1>${ENABLE_TILES_CACHE,,}<\/tile_cache_persistent>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Admin Console
|
|
sed -i \
|
|
-e "s|<enable desc=\(.*\)>.*<\/enable>|<enable desc=\1>${ENABLE_ADMIN_CONSOLE,,}<\/enable>|" \
|
|
-e "s|<username \(.*\)>.*<\/username>|<username \1>${ADMIN_USER}<\/username>|" \
|
|
-e "s|<password \(.*\)>.*<\/password>|<password \1>${ADMIN_PASS}<\/password>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Quarantine Files
|
|
sed -i \
|
|
-e "s|<quarantine_files \(.*\) enable\".*\">|<quarantine_files \1> enable=\"${ENABLE_FILES_QUARANTINE,,}\">|" \
|
|
-e "s|<limit_dir_size_mb \(.*\)>.*<\/limit_dir_size_mb>|<limit_dir_size_mb \1>${FILES_QUARANTINE_DIRECTORY_SIZE_LIMIT}<\/limit_dir_size_mb>|" \
|
|
-e "s|<path desc=\"Path to directory\(.*\)>.*<\/path>|<path desc=\"Path to directory\1>${FILES_QUARANTINE_PATH}<\/path>|" \
|
|
-e "s|<max_versions_to_maintain \(.*\)>.*<\/max_versions_to_maintain>|<max_versions_to_maintain \1>${FILES_QUARANTINE_MAX_VERSIONS}<\/max_versions_to_maintain>|" \
|
|
-e "s|<expiry_min \(.*\)>.*<\/expiry_min>|<expiry_min \1>${FILES_QUARANTINE_EXPIRY}<\/expiry_min>|" \
|
|
/etc/coolwsd/coolwsd.xml
|
|
|
|
## Remote Config
|
|
sed -i -e "s|<remote_url desc=\(.*\)>.*<\/remote_url>|<remote_url desc=\1>${REMOTE_URL}<\/remote_url>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Remote Fonts
|
|
sed -i -e "s|<url desc=\"URL of optional JSON\(.*\)>.*<\/url>|<url desc=\"URL of optional JSON\1>${REMOTE_FONT_URL}<\/url>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Home Mode
|
|
sed -i -e "s|<enable desc=\"Enable more configuration options for home users\(.*\)>.*<\/enable>|<enable desc=\"Enable more configuration options for home users\1>${ENABLE_HOME_MODE,,}<\/enable>|g" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Fonts Missing
|
|
sed -i -e "s|<handling desc=\(.*\)>.*<\/handling>|<handling desc=\1>${FONTS_MISSING_ACTION}<\/handling>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Indirection Endpoint
|
|
sed -i -e "s|<url desc=\"URL endpoint to server which servers routeToken in\(.*\)>.*<\/url>|<url desc=\"URL endpoint to server which servers routeToken in\1>${INDIRECTION_ENDPOINT}<\/url>|" /etc/coolwsd/coolwsd.xml
|
|
|
|
## Zotero
|
|
sed -i -e "s|<enable .*=\"Enable Zotero Plugin\(.*\)>.*<\/url>|<enable desc=\"Enable Zotero Plugin\1>${ENABLE_ZOTERO}<\/enable>|" /etc/coolwsd/coolwsd.xml
|
|
fi
|
|
|
|
# Generate WOPI proof key
|
|
if [ ! -f /etc/coolwsd/proof_key.pub ]; then
|
|
silent /opt/cool/bin/coolwsd-generate-proof-key
|
|
fi
|
|
|
|
# Enable Config Reload (Restart when /etc/coolwsd/coolwsd.xml changes)
|
|
if var_false "${ENABLE_CONFIG_RELOAD}" ; then
|
|
print_debug "Disabling Automatic Configuration Reloader"
|
|
rm -rf /etc/services.available/11-inotify
|
|
fi
|
|
|
|
print_info "Container Initialization Complete"
|
|
liftoff
|