ConfigLMM 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0078988f4f9bf52b61e5de21839b6ab1da6c56e24e4999987b9818cab6b5c7ca'
-  data.tar.gz: 429aed3d4f1a83271175022c479408db601b85c0f991163d0f87527a6fe55135
+  metadata.gz: e75cd300255c00348e10301216861bbc10e1fd1473e35a19c0b879f6c90f433c
+  data.tar.gz: b75628e73fa064c403e4dc51cb69997c1e5d8215536df9f961ce8861bf405757
 SHA512:
-  metadata.gz: afc93dc18858dd5102963d65c27adf37891a69e3cd80a768d2fc8c08c64ccb8cc50478a594a18c3769de7efc6c921d75fc92357fa948ace10091b010a932e6f6
-  data.tar.gz: 615fdfbd8cb389fefa0aacd51e6b2cf3739e7e7305d0ed389dec481d79a12cb1289e12a4b3224faf092c8c858cfd357c95e803d584024feb0225409b0d8cca69
+  metadata.gz: f357dba4ec543ed5b7d1ac66e678df83bb5bcf0c22793b80f70a30e6c22648837ca259d429ccff099fb77fb640c87ecafcf679b052d34ff45f1764ca650eedd5
+  data.tar.gz: 954e1f8b9720c7ffaa4f6173fe28ead5e1dd706d488b950172651273016422df300a2fd81a70652aaeb506f84bfa755902c6c198849821d72decf551779337e2

data/CHANGELOG.md

@@ -1,3 +1,39 @@
+## [0.4.0] - 2024-10-04
+
+Implement:
+- Authentik: Outpost deployment
+- gollum: Authentik authentication
+- MariaDB - https://mariadb.org/
+- BookStack - https://www.bookstackapp.com/
+- Discourse - https://www.discourse.org/
+- OpenVidu - https://openvidu.io/
+- Matrix server - https://matrix.org/
+- Wiki.js - https://js.wiki/
+- ERPNext - https://erpnext.com/
+- Let's Encrypt - https://letsencrypt.org/
+- Roundcube - https://roundcube.net/
+- Tunnel support
+- Support Proxmox VE distro - https://www.proxmox.com/en/proxmox-virtual-environment/overview
+- Support Debian distro - https://www.debian.org/
+
+Other improvements:
+- bootstrap.sh script
+- Peppermint
+- Vaultwarden
+- Nginx
+- Valkey
+- PostgreSQL
+- Dovecot
+- GitLab
+- Linux
+- PowerDNS
+- GoDaddy
+- NginxProxy
+- Nextcloud
+- Cassandra
+- Postfix: Implement cleanup/uninstall functionality
+- WireGuard: Implement cleanup/uninstall functionality
+- Various other improvements
 
 ## [0.3.0] - 2024-08-13
 

data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container

@@ -0,0 +1,14 @@
+
+[Unit]
+Description=Authentik Proxy Outpost container
+After=local-fs.target
+
+[Container]
+Image=ghcr.io/goauthentik/proxy:latest
+EnvironmentFile=/var/lib/authentik/.config/containers/systemd/ProxyOutpost.env
+PublishPort=127.0.0.1:19010:9000
+UserNS=keep-id:uid=1000,gid=1000
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Authentik/Authentik-Server.container

@@ -13,6 +13,7 @@ PublishPort=127.0.0.1:19300:9300
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/authentik/media:/media
 Volume=/var/lib/authentik/templates:/templates
+AutoUpdate=registry
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/Authentik/Authentik-Worker.container

@@ -12,6 +12,7 @@ UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/authentik/media:/media
 Volume=/var/lib/authentik/templates:/templates
 Volume=/var/lib/authentik/certs:/certs
+AutoUpdate=registry
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/Authentik/Authentik.conf.erb

@@ -32,4 +32,11 @@ server {
         proxy_pass http://authentik;
         include config-lmm/proxy.conf;
     }
+
+    <% if config['Outposts'].to_a.include?('Proxy') %>
+        location /outpost.goauthentik.io {
+            proxy_pass http://localhost:19010/outpost.goauthentik.io;
+            include config-lmm/proxy.conf;
+        }
+    <% end %>
 }

data/Plugins/Apps/Authentik/Authentik.lmm.rb

@@ -37,13 +37,15 @@ module ConfigLMM
                             ssh.scp.upload!(__dir__ + '/Authentik-Server.container', path)
                             ssh.scp.upload!(__dir__ + '/Authentik-Worker.container', path)
                             self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
-                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start Authentik-Server")
-                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start Authentik-Worker")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ restart Authentik-Server")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ restart Authentik-Worker")
 
                             Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
                             self.writeNginxConfig(__dir__, 'Authentik', id, target, state, context, options)
                             self.deployNginxConfig(id, target, activeState, context, options)
                             Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+
+                            self.deployProxyOutpost(target, ssh)
                         end
                     else
                         raise Framework::PluginProcessError.new("#{id}: Unknown protocol: #{uri.scheme}!")
@@ -53,6 +55,26 @@ module ConfigLMM
                 end
             end
 
+            def deployProxyOutpost(target, ssh = nil)
+                return unless target['Outposts'].to_a.include?('Proxy')
+
+                path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                self.class.exec("echo 'AUTHENTIK_HOST=https://#{target['Domain'].downcase}' > #{path}/ProxyOutpost.env", ssh)
+                self.class.exec("echo 'AUTHENTIK_INSECURE=false' >> #{path}/ProxyOutpost.env", ssh)
+                self.class.exec(" echo 'AUTHENTIK_TOKEN=#{ENV['AUTHENTIK_TOKEN']}' >> #{path}/ProxyOutpost.env", ssh)
+                self.class.exec("chown #{USER}:#{USER} #{path}/ProxyOutpost.env", ssh)
+                self.class.exec("chmod 600 #{path}/ProxyOutpost.env", ssh)
+
+                if ssh.nil?
+                    self.class.exec("cp #{__dir__ + '/Authentik-ProxyOutpost.container'} #{path}/")
+                else
+                    ssh.scp.upload!(__dir__ + '/Authentik-ProxyOutpost.container', path)
+                end
+
+                self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                self.class.exec("systemctl --user --machine=#{USER}@ restart Authentik-ProxyOutpost", ssh)
+            end
+
             def prepareConfig(target, ssh)
               target['Database'] ||= {}
 

data/Plugins/Apps/BookStack/BookStack.conf.erb

@@ -0,0 +1,41 @@
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        <% if config['NginxVersion'] >= 1.25 %>
+            listen <%= config['Port'] %> ssl;
+            listen [::]:<%= config['Port'] %> ssl;
+            http2 on;
+            http3 on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":<%= config['Port'] %>"; ma=86400';
+        <% else %>
+            listen <%= config['Port'] %> ssl http2;
+            listen [::]:<%= config['Port'] %> ssl http2;
+        <% end %>
+
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/bookstack.access.log;
+    error_log   /var/log/nginx/bookstack.error.log;
+
+    include config-lmm/errors.conf;
+    include config-lmm/security.conf;
+
+    location / {
+        <% if config['Server'] %>
+            proxy_pass <%= config['Server'] %>;
+        <% else %>
+            proxy_pass http://127.0.0.1:18200;
+        <% end %>
+
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/BookStack/BookStack.container

@@ -0,0 +1,15 @@
+
+[Unit]
+Description=BookStack container
+After=local-fs.target
+
+[Container]
+Image=ghcr.io/linuxserver/bookstack:latest
+EnvironmentFile=/var/lib/bookstack/.config/containers/systemd/BookStack.env
+Network=slirp4netns:allow_host_loopback=true
+PublishPort=127.0.0.1:18200:80
+Volume=/var/lib/bookstack/config:/config
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/BookStack/BookStack.lmm.rb

@@ -0,0 +1,80 @@
+
+module ConfigLMM
+    module LMM
+        class BookStack < Framework::NginxApp
+
+            USER = 'bookstack'
+            HOME_DIR = '/var/lib/bookstack'
+            HOST_IP = '10.0.2.2'
+
+            def actionBookStackDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+
+                target['Database'] ||= {}
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+
+                        dbPassword = self.configureMariaDB(target['Database'], activeState, ssh)
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'BookStack', distroInfo, ssh)
+                        self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/config'")
+
+                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                        self.class.exec(" echo 'DB_HOST=#{HOST_IP}' > #{path}/BookStack.env", ssh)
+                        self.class.exec(" echo 'DB_DATABASE=#{USER}' >> #{path}/BookStack.env", ssh)
+                        self.class.exec(" echo 'DB_USERNAME=#{USER}' >> #{path}/BookStack.env", ssh)
+                        self.class.exec(" echo 'DB_PASSWORD=#{dbPassword}' >> #{path}/BookStack.env", ssh)
+                        self.class.exec(" echo 'APP_URL=https://#{target['Domain']}' >> #{path}/BookStack.env", ssh)
+
+                        if target['OIDC'] && target['OIDC']['Issuer']
+                            self.class.exec(" echo 'AUTH_METHOD=oidc' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'AUTH_AUTO_INITIATE=true' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'OIDC_CLIENT_ID=#{ENV['BOOKSTACK_OIDC_CLIENT_ID']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'OIDC_CLIENT_SECRET=#{ENV['BOOKSTACK_OIDC_CLIENT_SECRET']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'OIDC_ISSUER=#{target['OIDC']['Issuer']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'OIDC_ISSUER_DISCOVER=true' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'OIDC_USER_TO_GROUPS=true' >> #{path}/BookStack.env", ssh)
+                        end
+
+                        if target['SMTP']
+                            host = target['SMTP']['Host']
+                            host = HOST_IP if ['localhost', '127.0.0.1'].include?(host)
+                            self.class.exec(" echo 'MAIL_HOST=#{host}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'MAIL_PORT=#{target['SMTP']['Port']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'MAIL_USERNAME=#{target['SMTP']['Username']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'MAIL_PASSWORD=#{ENV['BOOKSTACK_SMTP_PASSWORD']}' >> #{path}/BookStack.env", ssh)
+                            self.class.exec(" echo 'MAIL_FROM=#{target['SMTP']['From']}' >> #{path}/BookStack.env", ssh)
+                        end
+
+                        self.class.exec("chown #{USER}:#{USER} #{path}/BookStack.env", ssh)
+                        self.class.exec("chmod 600 #{path}/BookStack.env", ssh)
+
+                        ssh.scp.upload!(__dir__ + '/BookStack.container', path)
+                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart BookStack", ssh)
+
+                        Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+                        self.class.prepareNginxConfig(target, ssh)
+                        self.writeNginxConfig(__dir__, 'BookStack', id, target, state, context, options)
+                        self.deployNginxConfig(id, target, activeState, context, options)
+                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def configureMariaDB(settings, activeState, ssh)
+                password = SecureRandom.alphanumeric(20)
+                MariaDB.createRemoteUserAndDB(settings, USER, password, ssh)
+                password
+            end
+
+        end
+    end
+end
+

data/Plugins/Apps/Discourse/Discourse-Sidekiq.container

@@ -0,0 +1,17 @@
+
+
+[Unit]
+Description=Discourse Sidekiq container
+After=local-fs.target
+
+[Container]
+Image=docker.io/bitnami/discourse:latest
+Exec=/opt/bitnami/scripts/discourse-sidekiq/run.sh
+EnvironmentFile=/var/lib/discourse/.config/containers/systemd/Discourse.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=999,gid=999
+Volume=/var/lib/discourse/sidekiq:/bitnami/discourse
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Discourse/Discourse.conf.erb

@@ -0,0 +1,41 @@
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        <% if config['NginxVersion'] >= 1.25 %>
+            listen <%= config['Port'] %> ssl;
+            listen [::]:<%= config['Port'] %> ssl;
+            http2 on;
+            http3 on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":<%= config['Port'] %>"; ma=86400';
+        <% else %>
+            listen <%= config['Port'] %> ssl http2;
+            listen [::]:<%= config['Port'] %> ssl http2;
+        <% end %>
+
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/discourse.access.log;
+    error_log   /var/log/nginx/discourse.error.log;
+
+    include config-lmm/errors.conf;
+    include config-lmm/security.conf;
+
+    location / {
+        <% if config['Server'] %>
+            proxy_pass <%= config['Server'] %>;
+        <% else %>
+            proxy_pass http://127.0.0.1:13100;
+        <% end %>
+
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Discourse/Discourse.container

@@ -0,0 +1,17 @@
+
+[Unit]
+Description=Discourse container
+After=local-fs.target
+
+[Container]
+ContainerName=Discourse
+Image=docker.io/bitnami/discourse:latest
+EnvironmentFile=/var/lib/discourse/.config/containers/systemd/Discourse.env
+Network=slirp4netns:allow_host_loopback=true
+PublishPort=127.0.0.1:13100:3000
+UserNS=keep-id:uid=999,gid=999
+Volume=/var/lib/discourse/data:/bitnami/discourse
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Discourse/Discourse.lmm.rb

@@ -0,0 +1,95 @@
+
+module ConfigLMM
+    module LMM
+        class Discourse < Framework::NginxApp
+
+            USER = 'discourse'
+            HOME_DIR = '/var/lib/discourse'
+            HOST_IP = '10.0.2.2'
+
+            def actionDiscourseDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+
+                target['Database'] ||= {}
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+
+                        dbPassword = self.configurePostgreSQL(target['Database'], ssh)
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Discourse', distroInfo, ssh)
+                        self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/data ~/sidekiq'")
+
+                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                        self.class.exec("echo 'DISCOURSE_DATABASE_HOST=#{HOST_IP}' > #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'DISCOURSE_DATABASE_NAME=#{USER}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_DATABASE_USER=#{USER}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_DATABASE_PASSWORD=#{dbPassword}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'DISCOURSE_HOST=#{target['Domain']}' >> #{path}/Discourse.env", ssh)
+
+                        self.class.exec("echo 'DISCOURSE_REDIS_HOST=#{HOST_IP}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_REDIS_PASSWORD=#{ENV['REDIS_PASSWORD']}' >> #{path}/Discourse.env", ssh)
+
+                        if target['SMTP']
+                            host = target['SMTP']['Host']
+                            host = HOST_IP if ['localhost', '127.0.0.1'].include?(host)
+                            self.class.exec("echo 'DISCOURSE_SMTP_HOST=#{host}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec("echo 'DISCOURSE_SMTP_PORT_NUMBER=#{target['SMTP']['Port']}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec(" echo 'DISCOURSE_SMTP_USER=#{target['SMTP']['Username']}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec(" echo 'DISCOURSE_SMTP_PASSWORD=#{ENV['DISCOURSE_SMTP_PASSWORD']}' >> #{path}/Discourse.env", ssh)
+                            auth = target['SMTP']['Auth'].to_s.downcase
+                            auth = 'plain' if auth.empty?
+                            self.class.exec("echo 'DISCOURSE_SMTP_AUTH=#{auth}' >> #{path}/Discourse.env", ssh)
+                            if target['SMTP']['Port'] == 465
+                                self.class.exec("echo 'DISCOURSE_EXTRA_CONF_CONTENT=smtp_force_tls = true' >> #{path}/Discourse.env", ssh)
+                            end
+                        end
+
+                        self.class.exec(" echo 'DISCOURSE_PRECOMPILE_ASSETS=no' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'CHEAP_SOURCE_MAPS=1' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'JOBS=1' >> #{path}/Discourse.env", ssh)
+
+                        self.class.exec("chown #{USER}:#{USER} #{path}/Discourse.env", ssh)
+                        self.class.exec("chmod 600 #{path}/Discourse.env", ssh)
+
+                        ssh.scp.upload!(__dir__ + '/Discourse.container', path)
+                        ssh.scp.upload!(__dir__ + '/Discourse-Sidekiq.container', path)
+                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart Discourse", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart Discourse-Sidekiq", ssh)
+
+                        Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+                        self.class.prepareNginxConfig(target, ssh)
+                        self.writeNginxConfig(__dir__, 'Discourse', id, target, state, context, options)
+                        self.deployNginxConfig(id, target, activeState, context, options)
+                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+
+                        containers = JSON.parse(self.class.exec("su --login #{USER} --shell /usr/bin/sh --command 'podman ps --format json --filter name=^Discourse$'", ssh).strip)
+                        raise 'Failed to find container!' if containers.empty?
+                        if !target['Plugins'].to_a.empty?
+                            target['Plugins'].each do |plugin|
+                                self.class.exec("su --login #{USER} --shell /usr/bin/sh --command \"podman exec --workdir /opt/bitnami/discourse #{containers.first['Id']} sh -c 'RAILS_ENV=production bundle exec rake plugin:install repo=#{plugin}'\"", ssh, true)
+                            end
+                        end
+
+                        self.class.exec("su --login #{USER} --shell /usr/bin/sh --command \"podman exec --workdir /opt/bitnami/discourse #{containers.first['Id']} sh -c 'RAILS_ENV=production CHEAP_SOURCE_MAPS=1 JOBS=1 bundle exec rake assets:precompile'\"", ssh)
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def configurePostgreSQL(settings, ssh)
+                password = SecureRandom.alphanumeric(20)
+                PostgreSQL.createRemoteUserAndDBOverSSH(settings, USER, password, ssh)
+                PostgreSQL.createExtensions(settings, USER, ['hstore', 'pg_trgm'], ssh)
+                password
+            end
+
+        end
+    end
+end
+

data/Plugins/Apps/Dovecot/Dovecot.lmm.rb

@@ -29,6 +29,12 @@ module ConfigLMM
                         cmd = "sed -i 's|^#mail_location =.*|mail_location = maildir:~/Mail|' #{DOVECOT_DIR}conf.d/10-mail.conf"
                         self.class.sshExec!(ssh, cmd)
 
+                        if !target['Protocols'].to_a.empty?
+                            updateRemoteFile(ssh, DOVECOT_DIR + 'dovecot.conf', options) do |configLines|
+                                configLines << "protocols = #{target['Protocols'].join(' ')}\n"
+                            end
+                        end
+
                         updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-mail.conf', options) do |configLines|
                             configLines << "mail_home = #{EMAIL_HOME}/emails/%u\n"
                             configLines << "first_valid_uid = #{uid}\n"
@@ -68,8 +74,7 @@ module ConfigLMM
                             configLines << "}\n"
                         end
 
-                        self.class.sshExec!(ssh, "firewall-cmd -q --add-service='imaps'")
-                        self.class.sshExec!(ssh, "firewall-cmd -q --permanent --add-service='imaps'")
+                        Framework::LinuxApp.firewallAddService('imaps', ssh)
 
                         cmd = "sed -i 's|^!include auth-system.conf.ext|#!include auth-system.conf.ext|' #{DOVECOT_DIR}conf.d/10-auth.conf"
                         self.class.sshExec!(ssh, cmd)
@@ -137,6 +142,24 @@ module ConfigLMM
                 end
 
                 plugins[:Linux].startService(SERVICE_NAME, target['Location'])
+
+                activeState['Status'] = State::STATUS_DEPLOYED
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:Dovecot, configs, state, context, options) do |item, id, state, context, options, ssh|
+                    Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
+                    Framework::LinuxApp.firewallRemoveService('imaps', ssh, options[:dry])
+                    Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
+
+                    state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                    if options[:destroy]
+                        Framework::LinuxApp.deleteUserAndGroup(EMAIL_USER, ssh, options[:dry])
+
+                        state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                    end
+                end
             end
 
             def self.cutConfigSection(file, sectionStart, options, ssh)

data/Plugins/Apps/ERPNext/ERPNext-Frontend.container

@@ -0,0 +1,19 @@
+
+[Unit]
+Description=ERPNext Frontend container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Frontend
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=nginx-entrypoint.sh
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+PublishPort=127.0.0.1:18400:8080
+Network=ERPNext
+HostName=ERPNext-Frontend
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Queue.container

@@ -0,0 +1,17 @@
+
+[Unit]
+Description=ERPNext Queue container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Queue
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=bench worker --queue long,default,short
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container

@@ -0,0 +1,17 @@
+
+[Unit]
+Description=ERPNext Scheduler container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Scheduler
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=bench schedule
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target
+

data/Plugins/Apps/ERPNext/ERPNext-Websocket.container

@@ -0,0 +1,19 @@
+
+[Unit]
+Description=ERPNext Websocket container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Websocket
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=node /home/frappe/frappe-bench/apps/frappe/socketio.js
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=ERPNext
+IP=10.90.50.11
+HostName=ERPNext-Websocket
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext.container

@@ -0,0 +1,18 @@
+
+[Unit]
+Description=ERPNext container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext
+Image=ConfigLM.moe/erpnext:v$VERSION
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=ERPNext
+IP=10.90.50.10
+HostName=ERPNext
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target