feat(gb-infra): Add scripts for various services including ALM CI, PostgreSQL, and webmail setup

2025-05-31 14:00:12 -03:00 · 2025-05-31 14:00:12 -03:00 · 36bd66e0c9
commit 36bd66e0c9
parent b8e0dd0e35
11 changed files with 563 additions and 115 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 target
-.env
+.env
+*.env
--- a/gb-infra/src/scripts/alm-ci.sh
+++ b/gb-infra/src/scripts/alm-ci.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+
+ALM_CI_VERSION="v6.3.1"
+ALM_CI_NAME="CI"
+ALM_CI_LABELS="pragmatismo.com.br"
+ALM_CI_BIN_PATH="/opt/gbo/bin"
+
+
+mkdir -p "${ALM_CI_BIN_PATH}"
+chmod -R 750 "${ALM_CI_BIN_PATH}"
+chown -R 100999:100999 "${ALM_CI_BIN_PATH}"
+
+lxc launch images:debian/12 "${PARAM_TENANT}-alm-ci" -c security.privileged=true
+sleep 15
+
+lxc exec "${PARAM_TENANT}-alm-ci" -- bash -c "
+apt-get update && apt-get install -y wget
+wget -O ${ALM_CI_BIN_PATH}/forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/${ALM_CI_VERSION}/forgejo-runner-${ALM_CI_VERSION}-linux-amd64
+chmod +x ${ALM_CI_BIN_PATH}/forgejo-runner
+
+${ALM_CI_BIN_PATH}/forgejo-runner register --no-interactive \
+    --name \"${ALM_CI_NAME}\" \
+    --instance \"${PARAM_ALM_CI_INSTANCE}\" \
+    --token \"${PARAM_ALM_CI_TOKEN}\" \
+    --labels \"${ALM_CI_LABELS}\"
+
+cat > /etc/systemd/system/alm-ci.service <<EOF
+[Unit]
+Description=ALM CI Runner
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=${ALM_CI_BIN_PATH}/forgejo-runner daemon
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable alm-ci
+systemctl start alm-ci
+"
--- a/gb-infra/src/scripts/alm.sh
+++ b/gb-infra/src/scripts/alm.sh
@ -0,0 +1,61 @@
+#!/bin/bash
+
+ALM_VERSION="v10.0.2"
+HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/alm"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-alm -c security.privileged=true
+sleep 15
+
+lxc exec "$PARAM_TENANT"-alm -- bash -c "
+apt-get update && apt-get install -y git git-lfs wget
+wget https://codeberg.org/forgejo/forgejo/releases/download/$ALM_VERSION/forgejo-$ALM_VERSION-linux-amd64 -O /usr/local/bin/forgejo
+chmod +x /usr/local/bin/forgejo
+useradd --system --no-create-home --shell /bin/false forgejo
+"
+
+FORGEJO_UID=$(lxc exec "$PARAM_TENANT"-alm -- id -u forgejo)
+FORGEJO_GID=$(lxc exec "$PARAM_TENANT"-alm -- id -g forgejo)
+HOST_FORGEJO_UID=$((100000 + FORGEJO_UID))
+HOST_FORGEJO_GID=$((100000 + FORGEJO_GID))
+chown -R "$HOST_FORGEJO_UID:$HOST_FORGEJO_GID" "$HOST_BASE"
+
+lxc config device add "$PARAM_TENANT"-alm almdata disk source="$HOST_DATA" path=/var/lib/forgejo
+lxc config device add "$PARAM_TENANT"-alm almconf disk source="$HOST_CONF" path=/etc/forgejo
+lxc config device add "$PARAM_TENANT"-alm almlogs disk source="$HOST_LOGS" path=/var/log/forgejo
+
+lxc exec "$PARAM_TENANT"-alm -- bash -c "
+mkdir -p /var/lib/forgejo /etc/forgejo /var/log/forgejo
+chown -R forgejo:forgejo /var/lib/forgejo /etc/forgejo /var/log/forgejo
+
+cat > /etc/systemd/system/forgejo.service <<EOF
+[Unit]
+Description=Forgejo
+After=network.target
+
+[Service]
+User=forgejo
+Group=forgejo
+WorkingDirectory=/var/lib/forgejo
+ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
+Restart=always
+Environment=USER=forgejo HOME=/var/lib/forgejo
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable forgejo
+systemctl start forgejo
+"
+
+lxc config device remove "$PARAM_TENANT"-alm alm-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-alm alm-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_ALM_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_ALM_PORT"
--- a/gb-infra/src/scripts/bot.sh
+++ b/gb-infra/src/scripts/bot.sh
@ -0,0 +1,66 @@
+#!/bin/bash
+
+HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/botserver"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-botserver -c security.privileged=true
+sleep 15
+
+lxc exec "$PARAM_TENANT"-botserver -- bash -c "
+apt-get update && apt-get install -y \
+build-essential cmake git pkg-config libjpeg-dev libtiff-dev \
+libpng-dev libavcodec-dev libavformat-dev libswscale-dev \
+libv4l-dev libatlas-base-dev gfortran python3-dev cpulimit \
+expect libxtst-dev libpng-dev
+
+export OPENCV4NODEJS_DISABLE_AUTOBUILD=1
+export OPENCV_LIB_DIR=/usr/lib/x86_64-linux-gnu
+
+useradd --system --no-create-home --shell /bin/false botserver
+"
+
+BOT_UID=$(lxc exec "$PARAM_TENANT"-botserver -- id -u botserver)
+BOT_GID=$(lxc exec "$PARAM_TENANT"-botserver -- id -g botserver)
+HOST_BOT_UID=$((100000 + BOT_UID))
+HOST_BOT_GID=$((100000 + BOT_GID))
+chown -R "$HOST_BOT_UID:$HOST_BOT_GID" "$HOST_BASE"
+
+lxc config device add "$PARAM_TENANT"-botserver botdata disk source="$HOST_DATA" path=/var/lib/botserver
+lxc config device add "$PARAM_TENANT"-botserver botconf disk source="$HOST_CONF" path=/etc/botserver
+lxc config device add "$PARAM_TENANT"-botserver botlogs disk source="$HOST_LOGS" path=/var/log/botserver
+
+lxc exec "$PARAM_TENANT"-botserver -- bash -c "
+mkdir -p /var/lib/botserver /etc/botserver /var/log/botserver
+chown -R botserver:botserver /var/lib/botserver /etc/botserver /var/log/botserver
+
+cat > /etc/systemd/system/botserver.service <<EOF
+[Unit]
+Description=Bot Server
+After=network.target
+
+[Service]
+User=botserver
+Group=botserver
+WorkingDirectory=/var/lib/botserver
+ExecStart=/usr/bin/node /var/lib/botserver/main.js
+Restart=always
+Environment=PORT=$PARAM_BOT_PORT
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable botserver
+systemctl start botserver
+"
+
+lxc config device remove "$PARAM_TENANT"-botserver bot-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-botserver bot-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_BOT_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_BOT_PORT"
--- a/gb-infra/src/scripts/directory.sh
+++ b/gb-infra/src/scripts/directory.sh
@ -0,0 +1,66 @@
+#!/bin/bash
+
+DIRECTORY_VERSION="v2.71.2"
+HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/directory"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-directory -c security.privileged=true
+sleep 15
+
+lxc config device add "$PARAM_TENANT"-directory directorydata disk source="$HOST_DATA" path=/var/lib/zitadel
+lxc config device add "$PARAM_TENANT"-directory directoryconf disk source="$HOST_CONF" path=/etc/zitadel
+lxc config device add "$PARAM_TENANT"-directory directorylogs disk source="$HOST_LOGS" path=/var/log/zitadel
+
+lxc exec "$PARAM_TENANT"-directory -- bash -c "
+apt-get update && apt-get install -y wget
+wget -c https://github.com/zitadel/zitadel/releases/download/$DIRECTORY_VERSION/zitadel-linux-amd64.tar.gz -O - | tar -xz -C /usr/local/bin/
+
+useradd -r -s /bin/false zitadel
+mkdir -p /var/lib/zitadel /etc/zitadel /var/log/zitadel
+chown -R zitadel:zitadel /var/lib/zitadel /etc/zitadel /var/log/zitadel
+
+cat > /etc/systemd/system/directory.service <<EOF
+[Unit]
+Description=Directory Service
+After=network.target
+
+[Service]
+Type=simple
+User=zitadel
+Group=zitadel
+Environment=ZITADEL_DEFAULTINSTANCE_INSTANCENAME=$PARAM_TENANT
+Environment=ZITADEL_DEFAULTINSTANCE_ORG_NAME=$PARAM_TENANT
+Environment=ZITADEL_DATABASE_TABLES_HOST=$PARAM_TABLES_HOST
+Environment=ZITADEL_DATABASE_TABLES_PORT=$PARAM_TABLES_PORT
+Environment=ZITADEL_DATABASE_TABLES_DATABASE=$PARAM_DIRECTORY_DATABASE
+Environment=ZITADEL_DATABASE_TABLES_USER_USERNAME=$PARAM_TABLES_USERNAME
+Environment=ZITADEL_DATABASE_TABLES_USER_PASSWORD=$PARAM_TABLES_PASSWORD
+Environment=ZITADEL_DATABASE_TABLES_ADMIN_SSL_MODE=disable
+Environment=ZITADEL_DATABASE_TABLES_USER_SSL_MODE=disable
+Environment=ZITADEL_DATABASE_TABLES_ADMIN_USERNAME=$PARAM_TABLES_USERNAME
+Environment=ZITADEL_DATABASE_TABLES_ADMIN_PASSWORD=$PARAM_TABLES_PASSWORD
+Environment=ZITADEL_EXTERNALSECURE=true
+ExecStart=/usr/local/bin/zitadel start --masterkey $PARAM_DIRECTORY_MASTERKEY --config /etc/zitadel/config.yaml
+WorkingDirectory=/var/lib/zitadel
+StandardOutput=append:/var/log/zitadel/output.log
+StandardError=append:/var/log/zitadel/error.log
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable directory
+systemctl start directory
+"
+
+lxc config device remove "$PARAM_TENANT"-directory directory-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-directory directory-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_DIRECTORY_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_DIRECTORY_PORT"
--- a/gb-infra/src/scripts/drive.sh
+++ b/gb-infra/src/scripts/drive.sh
@ -1,14 +1,4 @@
-minio version RELEASE.2025-02-28T09-55-16Z (commit-id=8c2c92f7afdc8386b000c0cb57ecec2ee1f5bcb0)
-
-i need this version to be installed in the container in this script upate main stuctur
-
 #!/bin/bash
-PARAM_TENANT=""
-PARAM_USER=""
-PARAM_PASSWORD=""
-PARAM_API_PORT=""
-PARAM_PORT=""
-
 STORAGE_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/data"
 LOGS_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/logs"

@ -40,9 +30,9 @@ After=network.target
 Type=simple
 User=minio-user
 Group=minio-user
-Environment="MINIO_ROOT_USER='"${PARAM_USER}"'"
-Environment="MINIO_ROOT_PASSWORD='"${PARAM_PASSWORD}"'"
-ExecStart=/usr/local/bin/minio server --console-address ":'"${PARAM_PORT}"'" /data
+Environment="MINIO_ROOT_USER='"${PARAM_DRIVE_USER}"'"
+Environment="MINIO_ROOT_PASSWORD='"${PARAM_DRIVE_PASSWORD}"'"
+ExecStart=/usr/local/bin/minio server --console-address ":'"${PARAM_DRIVE_PORT}"'" /data
 StandardOutput=append:/var/log/minio/output.log
 StandardError=append:/var/log/minio/error.log

@ -57,10 +47,10 @@ systemctl start minio

 lxc config device remove "${PARAM_TENANT}-drive" minio-proxy 2>/dev/null || true
 lxc config device add "${PARAM_TENANT}-drive" minio-proxy proxy \
-    listen=tcp:0.0.0.0:"${PARAM_API_PORT}" \
-    connect=tcp:127.0.0.1:"${PARAM_API_PORT}"
+    listen=tcp:0.0.0.0:"${PARAM_DRIVE_API_PORT}" \
+    connect=tcp:127.0.0.1:"${PARAM_DRIVE_API_PORT}"

 lxc config device remove "${PARAM_TENANT}-drive" console-proxy 2>/dev/null || true
 lxc config device add "${PARAM_TENANT}-drive" console-proxy proxy \
-    listen=tcp:0.0.0.0:"${PARAM_PORT}" \
-    connect=tcp:127.0.0.1:"${PARAM_PORT}"
+    listen=tcp:0.0.0.0:"${PARAM_DRIVE_PORT}" \
+    connect=tcp:127.0.0.1:"${PARAM_DRIVE_PORT}"
--- a/gb-infra/src/scripts/email.sh
+++ b/gb-infra/src/scripts/email.sh
@ -0,0 +1,70 @@
+#!/bin/bash
+PARAM_TENANT="pragmatismo"
+PARAM_STALWART_VERSION="latest"
+PARAM_OAUTH_PROVIDER="zitadel"
+PARAM_OAUTH_CLIENT_ID="SEU_CLIENT_ID"
+PARAM_OAUTH_CLIENT_SECRET="SEU_CLIENT_SECRET"
+PARAM_OAUTH_AUTH_ENDPOINT="https://login.pragmatismo.com.br/oauth/v2/authorize"
+PARAM_OAUTH_TOKEN_ENDPOINT="https://login.pragmatismo.com.br/oauth/v2/token"
+PARAM_OAUTH_USERINFO_ENDPOINT="https://login.pragmatismo.com.br/userinfo"
+PARAM_OAUTH_SCOPE="openid email profile"
+PARAM_STALWART_PORT="8080"
+
+BIN_PATH="/opt/gbo/bin"
+CONF_PATH="/opt/gbo/conf.d"
+LOGS_PATH="/opt/gbo/tenants/$PARAM_TENANT/stalwart/logs"
+
+mkdir -p "${BIN_PATH}" "${CONF_PATH}" "${LOGS_PATH}"
+chmod -R 770 "${BIN_PATH}" "${CONF_PATH}" "${LOGS_PATH}"
+chown -R 100999:100999 "${BIN_PATH}" "${CONF_PATH}" "${LOGS_PATH}"
+
+lxc launch images:debian/12 "${PARAM_TENANT}-stalwart" -c security.privileged=true
+sleep 15
+
+lxc config device add "${PARAM_TENANT}-stalwart" logs disk source="${LOGS_PATH}" path=/var/log/stalwart
+
+lxc exec "${PARAM_TENANT}-stalwart" -- bash -c '
+apt-get update && apt-get install -y wget
+wget -c https://github.com/stalwartlabs/mail-server/releases/download/'"${PARAM_STALWART_VERSION}"'/stalwart-mail-x86_64-unknown-linux-gnu.tar.gz -O - | tar -xz -C /usr/local/bin/
+
+useradd -r -s /bin/false stalwart || true
+mkdir -p /var/log/stalwart /opt/gbo/bin /opt/gbo/conf.d
+chown -R stalwart:stalwart /var/log/stalwart /opt/gbo/bin /opt/gbo/conf.d
+
+cat > /opt/gbo/conf.d/stalwart.toml <<EOF
+[oauth]
+provider = "'"${PARAM_OAUTH_PROVIDER}"'"
+client_id = "'"${PARAM_OAUTH_CLIENT_ID}"'"
+client_secret = "'"${PARAM_OAUTH_CLIENT_SECRET}"'"
+authorization_endpoint = "'"${PARAM_OAUTH_AUTH_ENDPOINT}"'"
+token_endpoint = "'"${PARAM_OAUTH_TOKEN_ENDPOINT}"'"
+userinfo_endpoint = "'"${PARAM_OAUTH_USERINFO_ENDPOINT}"'"
+scope = "'"${PARAM_OAUTH_SCOPE}"'"
+EOF
+
+cat > /etc/systemd/system/stalwart.service <<EOF
+[Unit]
+Description=Stalwart Mail Server
+After=network.target
+
+[Service]
+Type=simple
+User=stalwart
+Group=stalwart
+ExecStart=/usr/local/bin/stalwart-mail --config /opt/gbo/conf.d/stalwart.toml
+StandardOutput=append:/var/log/stalwart/output.log
+StandardError=append:/var/log/stalwart/error.log
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable stalwart
+systemctl start stalwart
+'
+
+lxc config device remove "${PARAM_TENANT}-stalwart" stalwart-proxy 2>/dev/null || true
+lxc config device add "${PARAM_TENANT}-stalwart" stalwart-proxy proxy \
+    listen=tcp:0.0.0.0:"${PARAM_STALWART_PORT}" \
+    connect=tcp:127.0.0.1:"${PARAM_STALWART_PORT}"
--- a/gb-infra/src/scripts/meeting.sh
+++ b/gb-infra/src/scripts/meeting.sh
@ -0,0 +1,81 @@
+#!/bin/bash
+
+HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/meeting"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-meeting -c security.privileged=true
+sleep 15
+
+lxc exec "$PARAM_TENANT"-meeting -- bash -c "
+apt-get update && apt-get install -y wget coturn
+mkdir -p /opt/livekit-server
+cd /opt/livekit-server
+wget -q https://github.com/livekit/livekit/releases/download/v1.8.4/livekit_1.8.4_linux_amd64.tar.gz
+tar -xzf livekit*.tar.gz
+chmod +x livekit-server
+
+while netstat -tuln | grep -q \":$PARAM_MEETING_TURN_PORT \"; do
+  ((PARAM_MEETING_TURN_PORT++))
+done
+"
+
+MEETING_UID=$(lxc exec "$PARAM_TENANT"-meeting -- id -u turnserver)
+MEETING_GID=$(lxc exec "$PARAM_TENANT"-meeting -- id -g turnserver)
+HOST_MEETING_UID=$((100000 + MEETING_UID))
+HOST_MEETING_GID=$((100000 + MEETING_GID))
+chown -R "$HOST_MEETING_UID:$HOST_MEETING_GID" "$HOST_BASE"
+
+lxc config device add "$PARAM_TENANT"-meeting meetingdata disk source="$HOST_DATA" path=/var/lib/livekit
+lxc config device add "$PARAM_TENANT"-meeting meetingconf disk source="$HOST_CONF" path=/etc/livekit
+lxc config device add "$PARAM_TENANT"-meeting meetinglogs disk source="$HOST_LOGS" path=/var/log/livekit
+
+lxc exec "$PARAM_TENANT"-meeting -- bash -c "
+mkdir -p /var/lib/livekit /etc/livekit /var/log/livekit
+chown -R turnserver:turnserver /var/lib/livekit /etc/livekit /var/log/livekit
+
+cat > /etc/systemd/system/livekit.service <<EOF
+[Unit]
+Description=LiveKit Server
+After=network.target
+
+[Service]
+User=turnserver
+Group=turnserver
+WorkingDirectory=/opt/livekit-server
+ExecStart=/opt/livekit-server/livekit-server --config /etc/livekit/config.yaml
+Restart=always
+Environment=TURN_PORT=$PARAM_MEETING_TURN_PORT
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /etc/systemd/system/turnserver.service <<EOF
+[Unit]
+Description=TURN Server
+After=network.target
+
+[Service]
+User=turnserver
+Group=turnserver
+ExecStart=/usr/bin/turnserver -c /etc/livekit/turnserver.conf
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable livekit turnserver
+systemctl start livekit turnserver
+"
+
+lxc config device remove "$PARAM_TENANT"-meeting meeting-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-meeting meeting-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_MEETING_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_MEETING_PORT"
--- a/gb-infra/src/scripts/proxy.sh
+++ b/gb-infra/src/scripts/proxy.sh
@ -0,0 +1,79 @@
+#!/bin/bash
+
+HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/proxy"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-proxy -c security.privileged=true
+sleep 15
+
+lxc exec "$PARAM_TENANT"-proxy -- bash -c "
+apt-get update && apt-get install -y curl libcap2-bin
+curl -sL \"https://github.com/caddyserver/caddy/releases/download/v2.10.0-beta.3/caddy_2.10.0-beta.3_linux_amd64.tar.gz\" | tar -C /usr/local/bin -xz caddy
+chmod 755 /usr/local/bin/caddy
+setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
+useradd --system --no-create-home --shell /usr/sbin/nologin caddy
+"
+
+CADDY_UID=$(lxc exec "$PARAM_TENANT"-proxy -- id -u caddy)
+CADDY_GID=$(lxc exec "$PARAM_TENANT"-proxy -- id -g caddy)
+HOST_CADDY_UID=$((100000 + CADDY_UID))
+HOST_CADDY_GID=$((100000 + CADDY_GID))
+chown -R "$HOST_CADDY_UID:$HOST_CADDY_GID" "$HOST_BASE"
+
+lxc config device add "$PARAM_TENANT"-proxy proxydata disk source="$HOST_DATA" path=/var/lib/caddy
+lxc config device add "$PARAM_TENANT"-proxy proxyconf disk source="$HOST_CONF" path=/etc/caddy
+lxc config device add "$PARAM_TENANT"-proxy proxylogs disk source="$HOST_LOGS" path=/var/log/caddy
+
+lxc exec "$PARAM_TENANT"-proxy -- bash -c "
+mkdir -p /var/lib/caddy /etc/caddy /var/log/caddy
+chown -R caddy:caddy /var/lib/caddy /etc/caddy /var/log/caddy
+
+cat > /etc/caddy/Caddyfile <<EOF
+:80 {
+    respond \"Welcome to $PARAM_TENANT Proxy\"
+    log {
+        output file /var/log/caddy/access.log
+    }
+}
+EOF
+
+cat > /etc/systemd/system/caddy.service <<EOF
+[Unit]
+Description=Caddy
+After=network.target
+
+[Service]
+User=caddy
+Group=caddy
+ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
+ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable caddy
+systemctl start caddy
+"
+
+lxc config device remove "$PARAM_TENANT"-proxy http-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-proxy http-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_HTTP_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_HTTP_PORT"
+
+lxc config device remove "$PARAM_TENANT"-proxy https-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-proxy https-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_HTTPS_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_HTTPS_PORT"
--- a/gb-infra/src/scripts/tables.sh
+++ b/gb-infra/src/scripts/tables.sh
@ -1,93 +1,48 @@
-#!/bin/bash

-# Configuration
-PARAM_TENANT=""
-PARAM_PORT="4444"
-PARAM_PASSWORD=""
-
-# Host paths
 HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/tables"
 HOST_DATA="$HOST_BASE/data"
 HOST_CONF="$HOST_BASE/conf"
 HOST_LOGS="$HOST_BASE/logs"

-# Create fresh directories with proper permissions
-echo "Creating host directories..."
 mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"

-# Launch container first to get the postgres UID
-echo "Launching container..."
 lxc launch images:debian/12 "$PARAM_TENANT"-tables -c security.privileged=true

-# Wait for container to be ready
-echo "Waiting for container to start..."
 until lxc exec "$PARAM_TENANT"-tables -- test -f /bin/bash; do
-    echo "Container not ready, waiting..."
+
    sleep 5
 done
 sleep 10

-# Install PostgreSQL 14
-echo "Installing PostgreSQL 14..."
 lxc exec "$PARAM_TENANT"-tables -- bash -c "
 set -e
 export DEBIAN_FRONTEND=noninteractive
-
-# Update package list and install prerequisites
 apt-get update
 apt-get install -y wget gnupg2 sudo lsb-release
-
-# Add PostgreSQL repository with proper variable expansion
 CODENAME=\$(lsb_release -cs)
-echo \"deb http://apt.postgresql.org/pub/repos/apt \${CODENAME}-pgdg main\" > /etc/apt/sources.list.d/pgdg.list

-# Add repository key
 wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/postgresql.gpg
-
-# Update package list with new repository
-apt-get update
-
-# Install PostgreSQL 14 specifically
 apt-get install -y postgresql-14 postgresql-client-14
-
-# Verify installation
 if ! id postgres &>/dev/null; then
-    echo 'ERROR: PostgreSQL installation failed - postgres user not created'
+
    exit 1
 fi
-
-# Stop PostgreSQL service
 systemctl stop postgresql@14-main 2>/dev/null || systemctl stop postgresql 2>/dev/null || true
 "

-# Get the postgres UID/GID from inside the container
-echo "Getting postgres user information..."
 POSTGRES_UID=$(lxc exec "$PARAM_TENANT"-tables -- id -u postgres)
 POSTGRES_GID=$(lxc exec "$PARAM_TENANT"-tables -- id -g postgres)

-echo "Container postgres UID: $POSTGRES_UID, GID: $POSTGRES_GID"
-
-# Set correct ownership on host directories
-# LXD maps container UID 999 to host UID 100999, container UID 70 to host UID 100070, etc.
 HOST_POSTGRES_UID=$((100000 + POSTGRES_UID))
 HOST_POSTGRES_GID=$((100000 + POSTGRES_GID))

-echo "Setting host directory ownership to UID: $HOST_POSTGRES_UID, GID: $HOST_POSTGRES_GID"
 chown -R "$HOST_POSTGRES_UID:$HOST_POSTGRES_GID" "$HOST_BASE"
 chmod -R 750 "$HOST_BASE"

-# Now mount directories after setting permissions
-echo "Mounting directories..."
 lxc config device add "$PARAM_TENANT"-tables pgdata disk source="$HOST_DATA" path=/var/lib/postgresql/14/main
 lxc config device add "$PARAM_TENANT"-tables pgconf disk source="$HOST_CONF" path=/etc/postgresql/14/main
 lxc config device add "$PARAM_TENANT"-tables pglogs disk source="$HOST_LOGS" path=/var/log/postgresql

-# Initialize and configure PostgreSQL
-echo "Configuring PostgreSQL..."
-lxc exec "$PARAM_TENANT"-tables -- bash -c "
-set -e
-
-# Ensure directories exist and have correct permissions inside container
 mkdir -p /var/lib/postgresql/14/main
 mkdir -p /etc/postgresql/14/main
 mkdir -p /var/log/postgresql
@ -96,16 +51,14 @@ chown -R postgres:postgres /etc/postgresql/14/main
 chown -R postgres:postgres /var/log/postgresql
 chmod 700 /var/lib/postgresql/14/main

-# Initialize database in the mounted directory
 sudo -u postgres /usr/lib/postgresql/14/bin/initdb -D /var/lib/postgresql/14/main

-# Create PostgreSQL configuration
 cat > /etc/postgresql/14/main/postgresql.conf <<EOF
 data_directory = '/var/lib/postgresql/14/main'
 hba_file = '/etc/postgresql/14/main/pg_hba.conf'
 ident_file = '/etc/postgresql/14/main/pg_ident.conf'
 listen_addresses = '*'
-port = $PARAM_PORT
+port = $PARAM_TABLES_PORT
 max_connections = 100
 shared_buffers = 128MB
 log_destination = 'stderr'
@ -114,64 +67,25 @@ log_directory = '/var/log/postgresql'
 log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
 EOF

-# Configure authentication
 cat > /etc/postgresql/14/main/pg_hba.conf <<EOF
-# PostgreSQL Client Authentication Configuration File
 local   all             postgres                                peer
 local   all             all                                     peer
 host    all             all             127.0.0.1/32            md5
 host    all             all             ::1/128                 md5
 host    all             all             0.0.0.0/0               md5
-EOF
-
-# Set proper ownership again after configuration
-chown -R postgres:postgres /var/lib/postgresql/14/main
-chown -R postgres:postgres /etc/postgresql/14/main
-chown -R postgres:postgres /var/log/postgresql
-
-# Start PostgreSQL service
 systemctl start postgresql@14-main
 systemctl enable postgresql@14-main
+EOF

-# Wait for PostgreSQL to be ready
-sleep 10
-"
-
-# Set up port forwarding
-echo "Setting up port forwarding..."
 lxc config device remove "$PARAM_TENANT"-tables postgres-proxy 2>/dev/null || true
 lxc config device add "$PARAM_TENANT"-tables postgres-proxy proxy \
-    listen=tcp:0.0.0.0:"$PARAM_PORT" \
-    connect=tcp:127.0.0.1:"$PARAM_PORT"
+    listen=tcp:0.0.0.0:"$PARAM_TABLES_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_TABLES_PORT"

-# Create database user and database
-echo "Creating database user and database..."
-lxc exec "$PARAM_TENANT"-tables -- bash -c "
-set -e
 cd /var/lib/postgresql
+until sudo -u postgres psql -p $PARAM_TABLES_PORT -c '\q' 2>/dev/null; do 

-# Wait for PostgreSQL to be fully ready on the correct port
-until sudo -u postgres psql -p $PARAM_PORT -c '\q' 2>/dev/null; do 
-    echo 'Waiting for PostgreSQL to be ready on port $PARAM_PORT ...'
-    sleep 3
-done
-
-# Create user and database (suppress directory warnings)
-sudo -u postgres psql -p $PARAM_PORT -c \"CREATE USER $PARAM_TENANT WITH PASSWORD '$PARAM_PASSWORD';\" 2>/dev/null
-sudo -u postgres psql -p $PARAM_PORT -c \"CREATE DATABASE ${PARAM_TENANT}_db OWNER $PARAM_TENANT;\" 2>/dev/null
-sudo -u postgres psql -p $PARAM_PORT -c \"GRANT ALL PRIVILEGES ON DATABASE ${PARAM_TENANT}_db TO $PARAM_TENANT;\" 2>/dev/null
-
-echo 'PostgreSQL setup completed successfully!'
-"
-
-echo "Container setup complete!"
-echo "Connection details:"
-echo "  Host: localhost"
-echo "  Port: $PARAM_PORT"
-echo "  Database: ${PARAM_TENANT}_db"
-echo "  Username: $PARAM_TENANT"
-echo "  Password: $PARAM_PASSWORD"
-
-# Test connection on the correct port
-echo "Testing connection..."
-lxc exec "$PARAM_TENANT"-tables -- bash -c "cd /var/lib/postgresql && sudo -u postgres psql -p $PARAM_PORT -c '\l'" 2>/dev/null | grep "${PARAM_TENANT}_db" && echo "✓ Database created successfully" || echo "✗ Database creation failed"
+sleep 3
+sudo -u "$PARAM_TABLES_USER" psql -p $PARAM_TABLES_PORT -c \"CREATE USER $PARAM_TENANT WITH PASSWORD '$PARAM_TABLES_PASSWORD';\" 2>/dev/null
+sudo -u "$PARAM_TABLES_USER" psql -p $PARAM_TABLES_PORT -c \"CREATE DATABASE ${PARAM_TENANT}_db OWNER $PARAM_TENANT;\" 2>/dev/null
+sudo -u "$PARAM_TABLES_USER" psql -p $PARAM_TABLES_PORT -c \"GRANT ALL PRIVILEGES ON DATABASE ${PARAM_TENANT}_db TO $PARAM_TENANT;\" 2>/dev/null
--- a/gb-infra/src/scripts/webmail.sh
+++ b/gb-infra/src/scripts/webmail.sh
@ -0,0 +1,74 @@
+#!/bin/bash
+PARAM_RC_VERSION="1.6.6"
+
+HOST_BASE="/opt/$PARAM_WEBMAIL_DOMAIN"
+HOST_DATA="$HOST_BASE/data"
+HOST_CONF="$HOST_BASE/conf"
+HOST_LOGS="$HOST_BASE/logs"
+
+mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
+chmod -R 750 "$HOST_BASE"
+
+lxc launch images:debian/12 "$PARAM_TENANT"-webmail -c security.privileged=true
+sleep 15
+
+lxc exec "$PARAM_TENANT"-webmail -- bash -c "
+apt-get update && apt-get install -y software-properties-common wget
+add-apt-repository ppa:ondrej/php -y
+apt-get update && apt-get install -y \
+php8.1 php8.1-fpm php8.1-imap php8.1-pgsql php8.1-mbstring \
+php8.1-xml php8.1-curl php8.1-zip php8.1-cli php8.1-intl \
+php8.1-dom composer npm roundcube-plugins roundcube-plugins-extra roundcube-pgsql
+
+npm install -g less less-plugin-clean-css
+
+mkdir -p $HOST_BASE
+wget -q https://github.com/roundcube/roundcubemail/releases/download/$PARAM_RC_VERSION/roundcubemail-$PARAM_RC_VERSION-complete.tar.gz
+tar -xzf roundcubemail-*.tar.gz
+mv roundcubemail-$PARAM_RC_VERSION/* $HOST_BASE
+rm -rf roundcubemail-*
+
+chown -R www-data:www-data $HOST_BASE
+chmod 750 $HOST_BASE
+find $HOST_BASE -type d -exec chmod 750 {} \;
+find $HOST_BASE -type f -exec chmod 640 {} \;
+mkdir $HOST_LOGS
+"
+
+WEBMAIL_UID=$(lxc exec "$PARAM_TENANT"-webmail -- id -u www-data)
+WEBMAIL_GID=$(lxc exec "$PARAM_TENANT"-webmail -- id -g www-data)
+HOST_WEBMAIL_UID=$((100000 + WEBMAIL_UID))
+HOST_WEBMAIL_GID=$((100000 + WEBMAIL_GID))
+chown -R "$HOST_WEBMAIL_UID:$HOST_WEBMAIL_GID" "$HOST_BASE"
+
+lxc config device add "$PARAM_TENANT"-webmail webmaildata disk source="$HOST_DATA" path=/var/lib/roundcube
+lxc config device add "$PARAM_TENANT"-webmail webmailconf disk source="$HOST_CONF" path=/etc/roundcube
+lxc config device add "$PARAM_TENANT"-webmail webmaillogs disk source="$HOST_LOGS" path=/var/log/roundcube
+
+lxc exec "$PARAM_TENANT"-webmail -- bash -c "
+cat > /etc/systemd/system/webmail.service <<EOF
+[Unit]
+Description=Roundcube Webmail
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+WorkingDirectory=$HOST_BASE
+ExecStart=/usr/bin/php -S 0.0.0.0:$PARAM_WEBMAIL_PORT -t $HOST_BASE/public_html
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable webmail
+systemctl start webmail
+systemctl restart php8.1-fpm
+"
+
+lxc config device remove "$PARAM_TENANT"-webmail webmail-proxy 2>/dev/null || true
+lxc config device add "$PARAM_TENANT"-webmail webmail-proxy proxy \
+    listen=tcp:0.0.0.0:"$PARAM_WEBMAIL_PORT" \
+    connect=tcp:127.0.0.1:"$PARAM_WEBMAIL_PORT"