EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

DD education workspace 

DD is the education workspace generated within the framework of Xnet's
Democratic Digitalisation Plan. It has been created and powered by Xnet,
families and promoting centres, IsardVDI, 3iPunt, MaadiX, eXO.cat,
Evilham and funded by the Directorate for Democratic Innovation, the
Barcelona City Council's Digital Innovation Commissioner, Social Economy
Commissioner, in collaboration with the Barcelona Education Consortium,
aFFaC and AirVPN.

DD can be used freely as long as this footer is included and the AGPLv3
license (https://www.gnu.org/licenses/agpl-3.0.en.html) is respected.

Trobareu meś informació en català a la documentació:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/).

Más información en castellano en la documentación:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/).

More info in English in the documentation:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/).

We thank the help of Miriam Carles, Cristian Ruiz, Anna Francàs,
Christopher Millard.
Xnet-DigitalDemocratic-main-patch-41273
Evilham 2022-07-10 12:15:47 +02:00
commit 78b0254ba0
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
335 changed files with 28852 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.gitignore vendored Normal file
View File

@ -0,0 +1,24 @@
dd.conf
docker-compose.yml
devel.yml
adminer.yml
pgtuner.yml
devel.yml
custom/
docs.built/
.env
dd-sso/docker/api/src/api/static/templates/*.html
dd-sso/docker/api/src/api/static/templates/*.json
.idea/
*.log
# External, unmodified files
*.orig
# And their patches
*.patch
# Editor files
*.swp
# Python compiled and cached
*.pyc
**/*.pyc
__pycache__
**/__pycache__

9
.gitmodules vendored Normal file
View File

@ -0,0 +1,9 @@
[submodule "dd-apps/docker/moodle/src"]
path = dd-apps/docker/moodle/src
url = https://github.com/erseco/alpine-moodle.git
[submodule "dd-apps/docker/wordpress/src/wp-content/plugins"]
path = dd-apps/docker/wordpress/src/wp-content/plugins
url = https://github.com/onelogin/wordpress-saml.git
[submodule "dd-apps/docker/nextcloud/src/custom_apps/user_saml"]
path = dd-apps/docker/nextcloud/src/custom_apps/user_saml
url = https://github.com/nextcloud/user_saml.git

668
LICENSE Normal file
View File

@ -0,0 +1,668 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
Isard-vdi: DD
Copyright (C) 2022 Alberto Larraz Dalmases & Josep Maria Viñolas Auquer
Isard Apps
Copyright (C) 2022 Isard
Isard SSO
Copyright (C) 2022 Isard
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<http://www.gnu.org/licenses/>.

89
README.md Normal file
View File

@ -0,0 +1,89 @@
# DD
[TOC]
## Català
DD és el workspace educatiu generat en el marc del Pla de Digitalització Democràtica d'Xnet. Ha estat creat i powered per
Xnet, famílies i centres promotors, IsardVDI, 3iPunt, MaadiX, eXO.cat, Evilham i financiat per la Direcció d'Innovació
Democràtica, Comissionat d'Innovació Digital, Comissionat d'Economia Social de l'Ajuntament de Barcelona, en
col·laboració amb Consorci d'Educació de Barcelona, aFFaC i AirVPN.
L'aplicació DD pot utilitzar-se lliurement sempre i quan consti aquest footer i es respecti la llicència AGPLv3
(https://www.gnu.org/licenses/agpl-3.0.en.html).
Trobareu meś informació en català a la documentació: [https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/).
Agraïm l'ajuda de Miriam Carles, Cristian Ruiz, Anna Francàs, Christopher Millard.
## Castellano
DD es el workspace educativo generado en el marco del Plan de Digitalización Democrática de Xnet. Ha sido creado y powered por
Xnet, familias y centros promotores, IsardVDI, 3ipunt, MaadiX, eXO.cat, Evilham y financiado por la Dirección de Innovación
Democrática, Comisionado de Innovación Digital, Comisionado de Economía Social del Ayuntamiento de Barcelona, en
colaboración con el Consorcio de Educación de Barcelona, aFFaC y AirVPN.
La aplicación DD puede utilizarse libremente siempre y cuando conste este footer y se respete la licencia AGPLv3
(https://www.gnu.org/licenses/agpl-3.0.en.html).
Más información en castellano en la documentación: [https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/).
Agradecemos la ayuda de Miriam Carles, Cristian Ruiz, Anna Francàs, Christopher Millard.
## English
DD is the education workspace generated within the framework of Xnet's Democratic Digitalisation Plan. It has been created and powered by
Xnet, families and promoting centres, IsardVDI, 3iPunt, MaadiX, eXO.cat, Evilham and funded by the Directorate for
Democratic Innovation, the Barcelona City Council's Digital Innovation Commissioner, Social Economy Commissioner, in
collaboration with the Barcelona Education Consortium, aFFaC and AirVPN.
DD can be used freely as long as this footer is included and the AGPLv3 license (https://www.gnu.org/licenses/agpl-3.0.en.html) is respected.
More info in English in the documentation: [https://dd.digitalitzacio-democratica.xnet-x.net/docs/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/).
We thank the help of Miriam Carles, Cristian Ruiz, Anna Francàs, Christopher Millard.
# What is DD?
DD sets up an identity provider and many apps providing a cohesive user
experience considering schools and universities as the main use-case.
The project provides an integrated solution to handle the common
environment in education:
- **Classrooms**: A Moodle instance with custom theme and custom plugins
- **Cloud drive**: A Nextcloud instance with custom theme and custom plugins
- **Documents**: A document viewer and editor integrated with Nextcloud
- **Web pages**: A Wordpress instance with custom theme and custom plugins
- **Pad**: An Etherpad instance integrated with Nextcloud
- **Conferences**: BigBlueButton integrated with Moodle and Nextcloud (needs a standalone host)
- **Forms**: A forms Nextcloud plugin
| | |
| ---------------------------- | ------------------------------- |
| ![](docs/img/classrooms.png) | ![](docs/img/cloud_storage.png) |
## Administration interface
The project includes an administration interface that allows to easily manage
users and groups and keep these in sync between applications.
| ![](docs/img/admin_sync.png) | ![](docs/img/admin_user_edit.png) |
| ---------------------------- | --------------------------------- |
To easily migrate and insert users and groups to the system there are also two
provided imports:
- From Google Admin Console as a JSON dump
- From a CSV file
# I'm interested!
That's great! Whether you want to contribute or are interested in deploying DD
for your organisation, we'll be happy to hear from you, here are some
resources to aid you further:
- **User handbook**: [https://dd.digitalitzacio-democratica.xnet-x.net/manual-usuari/](https://dd.digitalitzacio-democratica.xnet-x.net/manual-usuari/)
- **Admin/developer docs**: [https://dd.digitalitzacio-democratica.xnet-x.net/docs/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/)
- **Source code**: [https://gitlab.com/DD-workspace/DD](https://gitlab.com/DD-workspace/DD)

BIN
custom.sample/avatars/admin.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
custom.sample/avatars/manager.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
custom.sample/avatars/student.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
custom.sample/avatars/studenth.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
custom.sample/avatars/teacher.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
custom.sample/avatars/unknown.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
custom.sample/img/background.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 MiB

BIN
custom.sample/img/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
custom.sample/img/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

71
custom.sample/img/product-logo.svg Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="svg833"
xml:space="preserve"
width="938.60156"
height="822.26654"
viewBox="0 0 938.60156 822.26654"
sodipodi:docname="IMAGOTIPO.ai"
inkscape:version="1.0.2 (e86c870879, 2021-01-15, custom)"><metadata
id="metadata839"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
id="defs837" /><sodipodi:namedview
pagecolor="#262626"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1920"
inkscape:window-height="1017"
id="namedview835"
showgrid="false"
inkscape:zoom="0.52175937"
inkscape:cx="469.36709"
inkscape:cy="470.02306"
inkscape:window-x="1912"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="g841"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" /><g
id="g841"
inkscape:groupmode="layer"
inkscape:label="IMAGOTIPO"
transform="matrix(1.3333333,0,0,-1.3333333,-3.0729151,942.46306)"><g
id="g1485"><path
d="M 2.3046864,178.26794 H 90.405195 v 176.1992 H 2.3046864 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path851" /><path
d="m 442.47373,706.84731 h -88.10052 v -88.10052 h 88.10052 z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path853" /><path
d="M 90.607482,90.14739 H 266.27453 v 88.1005 H 90.607482 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path855" /><path
d="m 618.15536,618.74679 h 88.1005 v 88.10052 h -88.1005 z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path857" /><g
id="g859"
transform="matrix(1.8224046,0,0,1.8224046,530.05484,442.54687)"><path
d="m 0,0 h -96.401 v 96.685 h -48.342 V 0 h -96.393 v -48.343 h 96.393 v -96.685 h 48.342 v 0 96.685 H 0 v -96.685 H 48.343 V -48.343 0 96.685 H 0 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path861" /></g><path
d="m 354.37321,90.14739 h 175.68163 v 88.1005 H 354.37321 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path863" /></g><g
id="g843"
transform="translate(548.0029,136.6879)" /></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

BIN
custom.sample/login/background.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 MiB

BIN
custom.sample/login/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

52
custom.sample/menu/custom.yaml Normal file
View File

@ -0,0 +1,52 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
background_login: /img/background.png
colours:
background: "#F0F0F0"
primary: "#92AE01"
secondary: "#FFFFFF"
logo: /img/logo.png
product_logo: /img/product-logo.svg
product_url: https://xnet-x.net/ca/digital-democratic/
apps_external:
- href: https://myweb
icon: fa fa-university
name: Escola Web
shortname: web
- href: https://myvideos
icon: fa fa-youtube-play
name: Youtube
shortname: youtube
- href: https://mydictionary
icon: fa fa-book
name: Diccionari
shortname: diccionari
- href: http://meet.jit.si
icon: fa fa-video-camera
name: Reunions Jitsi
shortname: jitsi
- href: https://www.duckduckgo.com
icon: fa fa-search
name: Cercar
shortname: search
- href: https://www.openstreetmap.org
icon: fa fa-map-marker
name: Maps
shortname: maps

90
custom.sample/menu/system.yaml Normal file
View File

@ -0,0 +1,90 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
users_avatars:
- subdomain: api
href: /avatar/<username>
icon: fa fa-user
name: Avatar
shortname: avatar
user_menu:
- subdomain: sso
href: /auth/realms/master/account
icon: fa fa-user
name: Perfil
shortname: profile
- subdomain: <app_subdomain>
href: /<app_plugin>
icon: fa fa-sign-out
name: Sortir
shortname: logout
apps_internal:
- subdomain: moodle
href: /
icon: fa fa-graduation-cap
name: Aules
shortname: courses
- subdomain: nextcloud
href: /
icon: fa fa-cloud
name: Fitxers
shortname: cloud
- subdomain: nextcloud
href: /apps/mail
icon: fa fa-envelope-o
name: Correu
shortname: email
- subdomain: nextcloud
href: /apps/forms
icon: fa fa-check-square-o
name: Formularis
shortname: forms
- subdomain: nextcloud
href: /apps/polls
icon: fa fa-bar-chart
name: Enquestes
shortname: feedback
- subdomain: nextcloud
href: /apps/spreed
icon: fa fa-commenting-o
name: Xat
shortname: chat
- subdomain: nextcloud
href: /apps/calendar
icon: fa fa-calendar
name: Calendari
shortname: schedule
- subdomain: wp
href: /wp-login.php?redirect_to=wp-admin/admin.php?page=mis-sitios
icon: fa fa-rss
name: Webs
shortname: webs
- subdomain: nextcloud
href: /apps/bbb
icon: fa fa-video-camera
name: Reunions BBB
shortname: meets_bbb
- subdomain: nextcloud
href: /apps/photos
icon: fa fa-file-image-o
name: Fotos
shortname: photos
user:
account: /auth/realms/master/account
avatar: /auth/realms/master/avatar-provider

BIN
custom.sample/moodle/plugins/block_tresipuntmodspend.zip Normal file
View File

Binary file not shown.

5
dd-apps/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
.idea/
.env
**/.env
main.conf
docker-compose.*

15
dd-apps/.gitmodules vendored Normal file
View File

@ -0,0 +1,15 @@
[submodule "docker/jitsi/src"]
path = docker/jitsi/src
url = https://github.com/jitsi/docker-jitsi-meet.git
[submodule "docker/onlyoffice/src"]
path = docker/onlyoffice/src
url = https://github.com/aleho/onlyoffice-ce-docker-license.git
[submodule "docker/moodle/src"]
path = docker/moodle/src
url = https://github.com/erseco/alpine-moodle.git
[submodule "docker/moodle/rootfs-php7"]
path = docker/moodle/rootfs-php7
url = https://github.com/erseco/alpine-php7-webserver.git
[submodule "docker/wordpress/plugins/saml"]
path = docker/wordpress/plugins/saml
url = https://github.com/onelogin/wordpress-saml.git

36
dd-apps/docker/etherpad/Dockerfile Normal file
View File

@ -0,0 +1,36 @@
ARG IMG
FROM ${IMG}
MAINTAINER James Swineson <jamesswineson@gmail.com>
ENV NODE_ENV production
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y curl unzip mariadb-client supervisor gzip git python libssl-dev pkg-config build-essential && \
rm -r /var/lib/apt/lists/*
WORKDIR /opt/
ARG ETHERPAD_VERSION
RUN curl -SL \
https://github.com/ether/etherpad-lite/archive/${ETHERPAD_VERSION}.zip \
> etherpad.zip && unzip etherpad && rm etherpad.zip && \
mv etherpad-lite-${ETHERPAD_VERSION} etherpad-lite
WORKDIR etherpad-lite
RUN bin/installDeps.sh \
&& rm settings.json
COPY entrypoint.sh /entrypoint.sh
RUN sed -i 's/^node/exec\ node/' bin/run.sh
VOLUME /opt/etherpad-lite/var
RUN ln -s var/settings.json settings.json
ADD supervisor.conf /etc/supervisor/supervisor.conf
EXPOSE 9001
ENTRYPOINT ["/entrypoint.sh"]
CMD ["supervisord", "-c", "/etc/supervisor/supervisor.conf", "-n"]

5
dd-apps/docker/etherpad/dd-patch Normal file
View File

@ -0,0 +1,5 @@
# Generate .orig and .patch files with ./dd-ctl genpatches
# file license author source
Dockerfile ? https://github.com/Jamesits/ https://raw.githubusercontent.com/Jamesits/docker-etherpad-lite/f5d66bd35f0d7e7f3959ddfcca4b3f9d02d11c95/Dockerfile
entrypoint.sh ? https://github.com/Jamesits/ https://raw.githubusercontent.com/Jamesits/docker-etherpad-lite/f5d66bd35f0d7e7f3959ddfcca4b3f9d02d11c95/entrypoint.sh
supervisor.conf ? https://github.com/Jamesits/ https://raw.githubusercontent.com/Jamesits/docker-etherpad-lite/f5d66bd35f0d7e7f3959ddfcca4b3f9d02d11c95/supervisor.conf

73
dd-apps/docker/etherpad/entrypoint.sh Executable file
View File

@ -0,0 +1,73 @@
#!/bin/bash
#set -e
: ${ETHERPAD_DB_USER:=root}
if [ "$ETHERPAD_DB_USER" = 'root' ]; then
: ${ETHERPAD_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD}
fi
: ${ETHERPAD_DB_NAME:=etherpad}
ETHERPAD_DB_NAME=$( echo $ETHERPAD_DB_NAME | sed 's/\./_/g' )
if [ -z "$ETHERPAD_DB_PASSWORD" ]; then
echo >&2 'error: missing required ETHERPAD_DB_PASSWORD environment variable'
echo >&2 ' Did you forget to -e ETHERPAD_DB_PASSWORD=... ?'
echo >&2
echo >&2 ' (Also of interest might be ETHERPAD_DB_USER and ETHERPAD_DB_NAME.)'
exit 1
fi
: ${ETHERPAD_TITLE:=Etherpad}
: ${ETHERPAD_PORT:=9001}
cat settings.json
if [ ! -f settings.json ]; then
cat <<- EOF > settings.json
{
"title": "${ETHERPAD_TITLE}",
"ip": "0.0.0.0",
"port": ${ETHERPAD_PORT},
"maxAge": "${ETHERPAD_MAXAGE:-3600}",
"minify": true,
"dbType": "postgres",
"dbSettings": {
"user": "etherpad",
"host": "${ETHERPAD_DB_HOST}",
"port": 5432,
"password": "${ETHERPAD_DB_PASSWORD}",
"database": "${ETHERPAD_DB_NAME}",
"charset": "utf8mb4"
},
EOF
if [ $ETHERPAD_ADMIN_PASSWORD ]; then
: ${ETHERPAD_ADMIN_USER:=admin}
cat <<- EOF >> settings.json
"users": {
"${ETHERPAD_ADMIN_USER}": {
"password": "${ETHERPAD_ADMIN_PASSWORD}",
"is_admin": true
}
},
EOF
fi
cat <<- EOF >> settings.json
}
EOF
fi
cat settings.json
echo "Installing plugins..."
if [ $ETHERPAD_PLUGINS ]; then
IFS=',' read -r -a PLUGIN_LIST <<< "$ETHERPAD_PLUGINS"
for PLUGIN in "${PLUGIN_LIST[@]}"
do
./src/node_modules/.bin/npm install ${PLUGIN}
done
fi
exec "$@"

52
dd-apps/docker/etherpad/etherpad.yml Normal file
View File

@ -0,0 +1,52 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-apps-etherpad:
build:
context: ${BUILD_APPS_ROOT_PATH}/docker/etherpad
dockerfile: Dockerfile
args:
- IMG=${ETHERPAD_IMG-node:16.13.2}
- ETHERPAD_VERSION=${ETHERPAD_VERSION}
container_name: dd-apps-etherpad
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9001"]
interval: 1m30s
timeout: 10s
retries: 3
environment:
ETHERPAD_TITLE: Title
ETHERPAD_PORT: 9001
ETHERPAD_ADMIN_PASSWORD: ${ADMINAPP_PASSWORD}
ETHERPAD_ADMIN_USER: ${ADMINAPP_USER}
ETHERPAD_PLUGINS: ep_headings2,ep_adminpads2,ep_comments_page,ep_embedded_hyperlinks2,ep_font_color,ep_table_of_contents
ETHERPAD_MAXAGE: 3600
ETHERPAD_DB_USER: ${ETHERPAD_POSTGRES_USER}
ETHERPAD_DB_PASSWORD: ${ETHERPAD_POSTGRES_PASSWORD}
ETHERPAD_DB_NAME: etherpad
ETHERPAD_DB_HOST: dd-apps-postgresql
networks:
- dd_net

22
dd-apps/docker/etherpad/supervisor.conf Normal file
View File

@ -0,0 +1,22 @@
[supervisord]
nodaemon=true
[unix_http_server]
file=/var/run//supervisor.sock
chmod=0700
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run//supervisor.sock
[program:etherpad]
directory=/opt/etherpad-lite/bin
command=/opt/etherpad-lite/bin/run.sh --root
user=root
autostart=true
autorestart=true
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

34
dd-apps/docker/haproxy/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM haproxy:2.3-alpine as production
RUN apk add openssl certbot py-pip
RUN pip install pip install certbot-plugin-gandi
ADD letsencrypt.sh /
ADD letsencrypt-check.sh /
ADD deploy-hook.sh /etc/letsencrypt/renewal-hooks/deploy/
COPY auto-generate-certs.sh /usr/local/bin/
COPY docker-entrypoint.sh /usr/local/bin/
COPY auto-generate-certs.sh /
RUN rm /docker-entrypoint.sh
RUN ln -s /usr/local/bin/docker-entrypoint.sh /
RUN chmod 775 docker-entrypoint.sh
ADD haproxy.conf /usr/local/etc/haproxy/haproxy.cfg

51
dd-apps/docker/haproxy/_common/auto-generate-certs.sh Executable file
View File

@ -0,0 +1,51 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cd /certs
# Self signed cert generic data
C=CA
L=Barcelona
O=localdomain
CN_CA=$O
CN_HOST=*.$O
OU=$O
echo '#### Creating 2048-bit RSA key:'
openssl genrsa -out ca-key.pem 2048
echo '#### Using the key to create a self-signed certificate to your CA:'
openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
echo '#### Creating server certificate:'
openssl genrsa -out server-key.pem 2048
echo '#### Creating a certificate signing request for the server:'
openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-subj "/CN=$CN_HOST"
echo '#### Creating server certificate:'
RND=$(( ( RANDOM % 1000 ) + 1 ))
openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial $RND -sha256 -out server-cert.pem
echo '#### Concatenate certs for haprox'
cat server-cert.pem server-key.pem > chain.pem
chmod 440 *

42
dd-apps/docker/haproxy/_common/haproxy-docker-entrypoint.sh Normal file
View File

@ -0,0 +1,42 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
prepare.sh
if [ ! -f /certs/chain.pem ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

23
dd-apps/docker/haproxy/_common/letsencrypt-hook-deploy-concatenante.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cat $RENEWED_LINEAGE/fullchain.pem $RENEWED_LINEAGE/privkey.pem > /certs/chain.pem
kill -SIGUSR2 1

21
dd-apps/docker/haproxy/_common/letsencrypt-renew-cron.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
certbot renew --cert-name $LETSENCRYPT_DOMAIN

37
dd-apps/docker/haproxy/_common/letsencrypt.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
if [ -f /letsencrypt-hook-deploy-concatenante.sh ]
then
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
mv /letsencrypt-hook-deploy-concatenante.sh /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh
fi
if [ -n "$LETSENCRYPT_DOMAIN" -a -n "$LETSENCRYPT_EMAIL" ]
then
LETSENCRYPT_DOMAIN="$LETSENCRYPT_DOMAIN" crond
if [ ! -f /certs/chain.pem ]
then
if certbot certonly --standalone -d "$LETSENCRYPT_DOMAIN" -m "$LETSENCRYPT_EMAIL" -n --agree-tos
then
RENEWED_LINEAGE="/etc/letsencrypt/live/$LETSENCRYPT_DOMAIN" /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh
fi
fi
fi

55
dd-apps/docker/haproxy/auto-generate-certs.sh Executable file
View File

@ -0,0 +1,55 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
mkdir /certs
cd /certs
# Self signed cert generic data
C=CA
L=Barcelona
O=localdomain
CN_CA=$O
CN_HOST=*.$O
OU=$O
echo '#### Creating 2048-bit RSA key:'
openssl genrsa -out ca-key.pem 2048
echo '#### Using the key to create a self-signed certificate to your CA:'
openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
echo '#### Creating server certificate:'
openssl genrsa -out server-key.pem 2048
echo '#### Creating a certificate signing request for the server:'
openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-subj "/CN=$CN_HOST"
echo '#### Creating server certificate:'
RND=$(( ( RANDOM % 1000 ) + 1 ))
openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial $RND -sha256 -out server-cert.pem
chmod 440 *
echo '#### Concatenate certs for haprox'
cat server-cert.pem server-key.pem > /certs/chain.pem
cd /

27
dd-apps/docker/haproxy/deploy-hook.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
echo "Domain(s) $LETSENCRYPT_DNS renewed. Restarting haproxy..."
cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem
chmod 440 /certs/chain.pem
mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS
cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/
kill -SIGUSR2 1

46
dd-apps/docker/haproxy/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,46 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
# Set debug path password
PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["ADMINAPP_PASSWORD"], crypt.mksalt(crypt.METHOD_SHA512)))')
sed -i "/^ user admin password/c\ user admin password $ADMINAPP_PASSWORD" /usr/local/etc/haproxy/haproxy.cfg
#/bin/sh /letsencrypt.sh
if [ ! -e "/certs/chain.pem" ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

101
dd-apps/docker/haproxy/haproxy.conf Normal file
View File

@ -0,0 +1,101 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
resolvers mydns
nameserver dns1 127.0.0.11:53
global
# debug
daemon
log 127.0.0.1 local0
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 120s
timeout client 120s
timeout client-fin 120s
timeout server 120s
timeout tunnel 7200s
option http-server-close
option httpclose
log global
option httplog
backlog 4096
maxconn 2000
option tcpka
frontend website
mode http
bind :80
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /certs/chain.pem
acl is_nextcloud hdr_beg(host) nextcloud.
acl is_moodle hdr_beg(host) moodle.
acl is_jitsi hdr_beg(host) jitsi.
use_backend be_nextcloud if is_nextcloud
use_backend be_moodle if is_moodle
use_backend be_jitsi if is_jitsi
default_backend be_moodle
backend be_moodle
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server moodle moodle:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none
backend be_nextcloud
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server nextcloud nextcloud:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
backend be_jitsi
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server jitsi jitsi:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
listen stats
bind 0.0.0.0:8888
mode http
stats enable
option httplog
stats show-legends
stats uri /haproxy
stats realm Haproxy\ Statistics
stats refresh 5s
#stats auth staging:pep1n1ll0
#acl authorized http_auth(AuthUsers)
#stats http-request auth unless authorized
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
userlist AuthUsers
user admin password $6$grgQMVfwI0XSGAQl$2usaQC9LVXXXYHtSkGUf74CIGsiH8fi/K.V6DuKSq0twPkmFGP2vL/b//Ulp2I4xBEZ3eYDhUbwBPK8jpmsbo.

40
dd-apps/docker/haproxy/haproxy.yml Normal file
View File

@ -0,0 +1,40 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-apps-haproxy:
build:
context: ${BUILD_APPS_ROOT_PATH}/docker/haproxy
dockerfile: Dockerfile
target: production
container_name: dd-apps-haproxy
restart: unless-stopped
environment:
- ADMINAPP_PASSWORD=${ADMINAPP_PASSWORD}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SRC_FOLDER}/haproxy:/certs:rw
networks:
- dd_net
ports:
- published: 80
target: 80
- published: 443
target: 443

26
dd-apps/docker/haproxy/letsencrypt-check.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
trap exit TERM
while :
do
sleep 12h
certbot renew --http-01-port 8888
done

34
dd-apps/docker/haproxy/letsencrypt.sh Executable file
View File

@ -0,0 +1,34 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
RENEW=0
if [[ ! -f /certs/chain.pem && ! -z "$LETSENCRYPT_EMAIL" && ! -z "$LETSENCRYPT_DNS" ]]; then
/usr/bin/certbot certonly --standalone -d "$LETSENCRYPT_DNS" -m "$LETSENCRYPT_EMAIL" -n --agree-tos
if [[ $? == 0 ]] ; then
cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem
chmod 440 /certs/chain.pem
mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS
cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/
RENEW=1
fi
fi
if [ $RENEW == 1 ]; then
/bin/sh -c '/letsencrypt-check.sh' &
fi

26
dd-apps/docker/haproxy/prepare.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Set debug path password
PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["WEBAPP_ADMIN_PWD"], crypt.mksalt(crypt.METHOD_SHA512)))')
sed -i "/^ user admin password/c\ user admin password $ADMIN_PWD" /usr/local/etc/haproxy/haproxy.cfg
#LETSENCRYPT_DOMAIN="$WEBAPP_LETSENCRYPT_DNS" LETSENCRYPT_EMAIL="$WEBAPP_LETSENCRYPT_EMAIL"
letsencrypt.sh

3
dd-apps/docker/mariadb/dd-patch Normal file
View File

@ -0,0 +1,3 @@
# Generate .orig and .patch files with ./dd-ctl genpatches
# file license author source
mariadb.yml MIT https://github.com/t0lya https://raw.githubusercontent.com/t0lya/headless-wordpress-preview/master/docker-compose.yml

27
dd-apps/docker/mariadb/mariadb.yml Normal file
View File

@ -0,0 +1,27 @@
version: '3.7'
services:
dd-apps-mariadb:
image: ${MARIADB_IMG-mariadb:10.6.5}
container_name: dd-apps-mariadb
# Arguments inspired by:
# https://github.com/t0lya/headless-wordpress-preview/blob/master/docker-compose.yml
command: [
'--default_authentication_plugin=mysql_native_password',
'--character-set-server=utf8mb4',
'--collation-server=utf8mb4_unicode_ci'
]
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DB_FOLDER}/mariadb:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MARIADB_PASSWORD}
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: ${WORDPRESS_MARIADB_PASSWORD}
restart: unless-stopped
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
timeout: 20s
retries: 10
networks:
- dd_net

85
dd-apps/docker/moodle/02-configure-moodle.sh Executable file
View File

@ -0,0 +1,85 @@
#!/bin/sh
set -eo pipefail
echo "Waiting for $database:$port to be ready"
while ! nc -w 1 $DB_HOST $DB_PORT; do
# Show some progress
echo -n '.';
sleep 1;
done
echo "$database is ready"
sleep 3;
if [ ! -f /var/www/html/config.php ]; then
curl --location https://github.com/moodle/moodle/archive/$MOODLE_VERSION.tar.gz | tar xz --strip-components=1 -C /var/www/html/
cp /isinstalled.php /var/www/html/admin/cli/
chown nobody:root /var/www/html -R
echo "Generating config.php file..."
ENV_VAR='var' php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/install.php \
--lang=$MOODLE_LANGUAGE \
--wwwroot=$SITE_URL \
--dataroot=/var/www/moodledata/ \
--dbtype=$DB_TYPE \
--dbhost=$DB_HOST \
--dbname=$DB_NAME \
--dbuser=$DB_USER \
--dbpass=$DB_PASS \
--dbport=$DB_PORT \
--prefix=$DB_PREFIX \
--fullname="$MOODLE_SITENAME" \
--shortname="$MOODLE_SHORTSITENAME" \
--adminuser=$MOODLE_USERNAME \
--adminpass=$MOODLE_PASSWORD \
--adminemail=$MOODLE_EMAIL \
--non-interactive \
--agree-license \
--skip-database
if [ "$SSLPROXY" = 'true' ]; then
sed -i '/require_once/i $CFG->sslproxy=true;' /var/www/html/config.php
fi
fi
if php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/isinstalled.php ; then
echo "Installing database..."
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/install_database.php \
--lang=$MOODLE_LANGUAGE \
--adminuser=$MOODLE_USERNAME \
--adminpass=$MOODLE_PASSWORD \
--adminemail=$MOODLE_EMAIL \
--fullname="$MOODLE_SITENAME" \
--shortname="$MOODLE_SHORTSITENAME" \
--agree-license
echo "Configuring settings..."
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=pathtophp --set=/usr/bin/php
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=pathtodu --set=/usr/bin/du
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=enableblogs --set=0
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=smtphosts --set=$SMTP_HOST:$SMTP_PORT
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=smtpuser --set=$SMTP_USER
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=smtppass --set=$SMTP_PASSWORD
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=smtpsecure --set=$SMTP_PROTOCOL
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=noreplyaddress --set=$MOODLE_MAIL_NOREPLY_ADDRESS
php -d max_input_vars=$max_input_vars /var/www/html/admin/cli/cfg.php --name=emailsubjectprefix --set=$MOODLE_MAIL_PREFIX
fi
chown -R nobody:root /var/www/html

27
dd-apps/docker/moodle/03-plugins.sh Executable file
View File

@ -0,0 +1,27 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
if [ ! -f /var/www/html/config.php ]; then
#ADD plugins/auth_saml2.zip /var/www/html/
curl --location https://github.com/isard-vdi/moodle-auth_saml2/archive/refs/heads/role_map.zip > auth_saml2.zip
unzip auth_saml2.zip -d /var/www/html/auth/
mv /var/www/html/auth/moodle-auth_saml2-role_map /var/www/html/auth/saml2
rm auth_saml2.zip
fi
chown -R nobody:root /var/www/html

16
dd-apps/docker/moodle/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
ARG IMG=$MOODLE_IMG
FROM ${IMG}
LABEL maintainer="Adapted from: Ernesto Serrano <info@ernesto.es>"
USER root
COPY src/rootfs/ /
COPY 02-configure-moodle.sh /docker-entrypoint-init.d/
COPY 03-plugins.sh /docker-entrypoint-init.d/
COPY src/rootfs/var/www/html/admin/cli/isinstalled.php /
RUN echo "user=nobody" >> /etc/php7/php-fpm.d/www.conf
RUN echo "group=nobody" >> /etc/php7/php-fpm.d/www.conf
RUN apk add --no-cache dcron libcap && \
chown nobody:nobody /usr/sbin/crond && \
setcap cap_setgid=ep /usr/sbin/crond
RUN apk add php7-sodium

5
dd-apps/docker/moodle/dd-patch Normal file
View File

@ -0,0 +1,5 @@
# Generate .orig and .patch files with ./dd-ctl genpatches
# file license author source
02-configure-moodle.sh MIT https://github.com/erseco/ https://raw.githubusercontent.com/erseco/alpine-moodle/63b8b80d333eaec1cdffa2e768a364e973d6c1ee/rootfs/docker-entrypoint-init.d/02-configure-moodle.sh
Dockerfile MIT https://github.com/erseco/ https://raw.githubusercontent.com/erseco/alpine-moodle/63b8b80d333eaec1cdffa2e768a364e973d6c1ee/Dockerfile
moodle.yml MIT https://github.com/erseco/ https://raw.githubusercontent.com/erseco/alpine-moodle/63b8b80d333eaec1cdffa2e768a364e973d6c1ee/docker-compose.yml

51
dd-apps/docker/moodle/moodle.yml Normal file
View File

@ -0,0 +1,51 @@
version: '3.7'
services:
dd-apps-moodle:
build:
context: ${BUILD_APPS_ROOT_PATH}/docker/moodle
dockerfile: Dockerfile
args:
- IMG=${MOODLE_IMG}
container_name: dd-apps-moodle
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DATA_FOLDER}/moodle:/var/www/moodledata:rw
- ${SRC_FOLDER}/moodle:/var/www/html:rw
depends_on:
- dd-apps-postgresql
environment:
#- LANG=en_US.UTF-8
#- LANGUAGE=en_US:en
- MOODLE_VERSION=${MOODLE_VERSION}
- DOMAIN=${DOMAIN}
- SITE_URL=https://moodle.${DOMAIN}
- DB_TYPE=pgsql
- DB_HOST=dd-apps-postgresql
- DB_PORT=5432
- DB_NAME=moodle
- DB_USER=${MOODLE_POSTGRES_USER}
- DB_PASS=${MOODLE_POSTGRES_PASSWORD}
- DB_PREFIX=mdl_
- SSLPROXY=true
- MOODLE_EMAIL=${MOODLE_EMAIL} #
- MOODLE_LANGUAGE=${LANGUAGE_CODE} #
- MOODLE_SITENAME=${TITLE} #
- MOODLE_SHORTSITENAME=${TITLE_SHORT} #
- MOODLE_USERNAME=${MOODLE_ADMIN_USER}
- MOODLE_PASSWORD=${MOODLE_ADMIN_PASSWORD}
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USER=${SMTP_USER}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_PROTOCOL=${SMTP_PROTOCOL}
- MOODLE_MAIL_NOREPLY_ADDRESS=${MOODLE_MAIL_NOREPLY_ADDRESS}
- MOODLE_MAIL_PREFIX=${MOODLE_MAIL_PREFIX}
- client_max_body_size=${MOODLE_MAX_FILESIZE_UPLOAD}
- post_max_size=${MOODLE_MAX_FILESIZE_UPLOAD}
- upload_max_filesize=${MOODLE_MAX_FILESIZE_UPLOAD}
- max_input_vars=5000
- max_execution_time=${MOODLE_MAX_EXECUTION_TIME}
- memory_limit=${MOODLE_MEMORY_LIMIT}
networks:
- dd_net

1
dd-apps/docker/moodle/src Submodule

@ -0,0 +1 @@
Subproject commit 53d1631d2fc355d9bd3d8e466ffd176e31de115c

23
dd-apps/docker/network.yml Normal file
View File

@ -0,0 +1,23 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
networks:
dd_net:
name: dd_net

71
dd-apps/docker/nextcloud/Dockerfile Normal file
View File

@ -0,0 +1,71 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
ARG IMG
FROM ${IMG}
RUN apk update
RUN set -ex; \
\
apk add --no-cache \
ffmpeg \
procps \
samba-client \
supervisor \
# libreoffice \
;
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
imap-dev \
krb5-dev \
openssl-dev \
samba-dev \
bzip2-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

3
dd-apps/docker/nextcloud/dd-patch Normal file
View File

@ -0,0 +1,3 @@
# Generate .orig and .patch files with ./dd-ctl genpatches
# file license author source
nginx.conf AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.githubusercontent.com/nextcloud/docker/522559eefdd56d2e49259c3b0f4a0e92882cdb87/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

59
dd-apps/docker/nextcloud/nextcloud.yml Normal file
View File

@ -0,0 +1,59 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-apps-nextcloud-app:
build:
context: ${BUILD_APPS_ROOT_PATH}/docker/nextcloud
dockerfile: Dockerfile
args:
- IMG=${NEXTCLOUD_IMG}
container_name: dd-apps-nextcloud-app
restart: unless-stopped
depends_on:
- dd-apps-postgresql
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SRC_FOLDER}/nextcloud:/var/www/html
- ${DATA_FOLDER}/nextcloud:/var/www/html/data
environment:
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- POSTGRES_DB=nextcloud
- POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER}
- POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD}
- POSTGRES_HOST=dd-apps-postgresql
- REDIS_HOST=dd-apps-redis
- NC_overwriteprotocol=https
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.${DOMAIN}
networks:
- dd_net
dd-apps-nextcloud-nginx:
image: ${NGINX_IMG-nginx:1.21.6}
container_name: dd-apps-nextcloud-nginx
restart: unless-stopped
links:
- dd-apps-nextcloud-app
volumes:
- ${BUILD_APPS_ROOT_PATH}/docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
- ${SRC_FOLDER}/nextcloud:/var/www/html:ro
networks:
- dd_net

118
dd-apps/docker/nextcloud/nginx.conf Normal file
View File

@ -0,0 +1,118 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
upstream php-handler {
server dd-apps-nextcloud-app:9000;
}
server {
listen 80;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_param SERVER_NAME $host;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
}

1
dd-apps/docker/nextcloud/src/custom_apps/user_saml Submodule

@ -0,0 +1 @@
Subproject commit 4e74fb44d08ff9e669c4a44db697badf8bdf2996

71
dd-apps/docker/nextcloud/src/themes/dd/core/img/dd.svg Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="svg833"
xml:space="preserve"
width="938.60156"
height="822.26654"
viewBox="0 0 938.60156 822.26654"
sodipodi:docname="IMAGOTIPO.ai"
inkscape:version="1.0.2 (e86c870879, 2021-01-15, custom)"><metadata
id="metadata839"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
id="defs837" /><sodipodi:namedview
pagecolor="#262626"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1920"
inkscape:window-height="1017"
id="namedview835"
showgrid="false"
inkscape:zoom="0.52175937"
inkscape:cx="469.36709"
inkscape:cy="470.02306"
inkscape:window-x="1912"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="g841"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" /><g
id="g841"
inkscape:groupmode="layer"
inkscape:label="IMAGOTIPO"
transform="matrix(1.3333333,0,0,-1.3333333,-3.0729151,942.46306)"><g
id="g1485"><path
d="M 2.3046864,178.26794 H 90.405195 v 176.1992 H 2.3046864 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path851" /><path
d="m 442.47373,706.84731 h -88.10052 v -88.10052 h 88.10052 z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path853" /><path
d="M 90.607482,90.14739 H 266.27453 v 88.1005 H 90.607482 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path855" /><path
d="m 618.15536,618.74679 h 88.1005 v 88.10052 h -88.1005 z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path857" /><g
id="g859"
transform="matrix(1.8224046,0,0,1.8224046,530.05484,442.54687)"><path
d="m 0,0 h -96.401 v 96.685 h -48.342 V 0 h -96.393 v -48.343 h 96.393 v -96.685 h 48.342 v 0 96.685 H 0 v -96.685 H 48.343 V -48.343 0 96.685 H 0 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path861" /></g><path
d="m 354.37321,90.14739 h 175.68163 v 88.1005 H 354.37321 Z"
style="fill:#262626;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.82241"
id="path863" /></g><g
id="g843"
transform="translate(548.0029,136.6879)" /></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

55
dd-apps/docker/nextcloud/src/themes/dd/core/js/navbar.js Normal file
View File

@ -0,0 +1,55 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
jQuery(document).ready(() => {
base_url = `${window.location.protocol}//${window.location.host.replace(/^nextcloud\./, 'api.')}`
$.getJSON(`${base_url}/json`, (result) => {
if (result.logo) {
$("#navbar-logo img").attr('src', result.logo)
}
if (result.product_logo) {
$("#product-logo img").attr("src", result.product_logo)
}
if (result.product_url) {
$("#product-logo a").attr("href", result.product_url)
}
})
$.get(`${base_url}/header/html/nextcloud`, (result) => {
console.log(result)
$("#settings").before(result)
$('#dropdownMenuAppsButton').click(() => {
$('#dropdownMenuApps').toggle()
})
$('#dropdownMenuApps a').click(() => {
$('#dropdownMenuApps').toggle()
})
})
$(window).click( (event) => {
if (
!$(event.target).parents(
'#dropdownMenuAppsButton, #dropdownMenuApps'
).length
) {
$('#dropdownMenuApps').hide()
}
})
$(window).blur( (event) => {
$('#dropdownMenuApps').hide()
})
})

161
dd-apps/docker/nextcloud/src/themes/dd/core/templates/layout.user.php Normal file
View File

@ -0,0 +1,161 @@
<?php
/*
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
*/
$api_url = "https://" . preg_replace('/^nextcloud\./', 'api.', $_SERVER['HTTP_HOST']);
$avatar_url = "https://" . preg_replace('/^nextcloud\./', 'sso.', $_SERVER['HTTP_HOST']) . "/auth/realms/master/avatar-provider";
// Remove user menu Settings item for non-administrator users
if(!array_key_exists('core_apps', $_["settingsnavigation"])){
unset($_["settingsnavigation"]["settings"]);
}
?>
<!DOCTYPE html>
<html class="ng-csp" data-placeholder-focus="false" lang="<?php p($_['language']); ?>" data-locale="<?php p($_['locale']); ?>" >
<head data-user="<?php p($_['user_uid']); ?>" data-user-displayname="<?php p($_['user_displayname']); ?>" data-requesttoken="<?php p($_['requesttoken']); ?>">
<meta charset="utf-8">
<title>
<?php
p(!empty($_['application'])?$_['application'].' - ':'');
p($theme->getTitle());
?>
</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
<?php if ($theme->getiTunesAppId() !== '') { ?>
<meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>">
<?php } ?>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="apple-mobile-web-app-title" content="<?php p((!empty($_['application']) && $_['appid'] != 'files')? $_['application']:$theme->getTitle()); ?>">
<meta name="mobile-web-app-capable" content="yes">
<meta name="theme-color" content="<?php p($theme->getColorPrimary()); ?>">
<link rel="icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon.ico')); /* IE11+ supports png */ ?>">
<link rel="apple-touch-icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>">
<link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>">
<link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="<?php p($theme->getColorPrimary()); ?>">
<link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>">
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="/themes/digitaldemocratic/core/js/jquery_slim_3.2.1.js"></script>
<link rel="stylesheet" href="<?php p($api_url) ?>/css/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="<?php p($api_url) ?>/css/dd.css">
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="/themes/digitaldemocratic/core/js/navbar.js"></script>
<?php emit_css_loading_tags($_); ?>
<?php emit_script_loading_tags($_); ?>
<?php print_unescaped($_['headers']); ?>
<style>
/*
* Move "New text document" to last position of file app plus menu
*/
.newFileMenu > ul:nth-child(1) > li:nth-child(3) {
order: 1;
}
</style>
</head>
<body id="<?php p($_['bodyid']);?>">
<?php include 'layout.noscript.warning.php'; ?>
<?php foreach ($_['initialStates'] as $app => $initialState) { ?>
<input type="hidden" id="initial-state-<?php p($app); ?>" value="<?php p(base64_encode($initialState)); ?>">
<?php }?>
<a href="#app-content" class="button primary skip-navigation skip-content"><?php p($l->t('Skip to main content')); ?></a>
<a href="#app-navigation" class="button primary skip-navigation"><?php p($l->t('Skip to navigation of app')); ?></a>
<div id="notification-container">
<div id="notification"></div>
</div>
<header role="banner" id="header">
<div id="navbar-logo" class="header-left">
<a href="<?php print_unescaped(link_to('', 'index.php')); ?>"
id="nextcloud">
<img src="<?php p($api_url) ?>/img/logo.png" alt="" style="height: 39px;">
</a>
</div>
<div id="navbar-nextcloud" class="header-right">
<div id="notifications"></div>
<div id="unified-search"></div>
<div id="contactsmenu">
<div class="icon-contacts menutoggle" tabindex="0" role="button"
aria-haspopup="true" aria-controls="contactsmenu-menu" aria-expanded="false">
<span class="hidden-visually"><?php p($l->t('Contacts'));?></span>
</div>
<div id="contactsmenu-menu" class="menu"
aria-label="<?php p($l->t('Contacts menu'));?>"></div>
</div>
<div id="settings">
<div id="expand" tabindex="0" role="button" class="menutoggle"
aria-label="<?php p($l->t('Settings'));?>"
aria-haspopup="true" aria-controls="expanddiv" aria-expanded="false">
<div class="avatardiv<?php if ($_['userAvatarSet']) {
print_unescaped(' avatardiv-shown');
} else {
print_unescaped('" style="display: none');
} ?>">
<?php if ($_['userAvatarSet']): ?>
<img alt="" width="32" height="32"
src="<?php p($avatar_url)?>"
>
<?php endif; ?>
</div>
<div id="expandDisplayName" class="icon-settings-white"></div>
</div>
<nav class="settings-menu" id="expanddiv" style="display:none;"
aria-label="<?php p($l->t('Settings menu'));?>">
<ul>
<?php foreach ($_['settingsnavigation'] as $entry):?>
<li data-id="<?php p($entry['id']); ?>">
<a href="<?php print_unescaped($entry['href']); ?>"
<?php if ($entry["active"]): ?> class="active"<?php endif; ?>>
<img alt="" src="<?php print_unescaped($entry['icon'] . '?v=' . $_['versionHash']); ?>">
<?php p($entry['name']) ?>
</a>
</li>
<?php endforeach; ?>
</ul>
</nav>
</div>
<div id="product-logo">
<a href="https://xnet-x.net/ca/digital-democratic/" target="_blank">
<img src="/themes/digitaldemocratic/core/img/dd.svg" alt="" style="height: 16px; margin-right: 21px; margin-top: 16px"/>
</a>
</div>
</div>
</header>
<div id="sudo-login-background" class="hidden"></div>
<form id="sudo-login-form" class="hidden" method="POST">
<label>
<?php p($l->t('This action requires you to confirm your password')); ?><br/>
<input type="password" class="question" autocomplete="new-password" name="question" value=" <?php /* Hack against browsers ignoring autocomplete="off" */ ?>"
placeholder="<?php p($l->t('Confirm your password')); ?>" />
</label>
<input class="confirm" value="<?php p($l->t('Confirm')); ?>" type="submit">
</form>
<div id="content" class="app-<?php p($_['appid']) ?>" role="main">
<?php print_unescaped($_['content']); ?>
</div>
</body>
</html>

22
dd-apps/docker/nextcloud/supervisord.conf Normal file
View File

@ -0,0 +1,22 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB
logfile_backups=10
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

BIN
dd-apps/docker/nextcloud/template.docx Normal file
View File

Binary file not shown.

43
dd-apps/docker/onlyoffice/local.json Normal file
View File

@ -0,0 +1,43 @@
{
"services": {
"CoAuthoring": {
"sql": {
"type": "postgres",
"dbHost": "localhost",
"dbPort": "5432",
"dbName": "onlyoffice",
"dbUser": "onlyoffice",
"dbPass": "onlyoffice"
},
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "Authorization"
},
"outbox": {
"header": "Authorization"
}
},
"secret": {
"inbox": {
"string": "secret"
},
"outbox": {
"string": "secret"
},
"session": {
"string": "secret"
}
}
}
},
"rabbitmq": {
"url": "amqp://guest:guest@localhost"
}
}

31
dd-apps/docker/onlyoffice/onlyoffice.yml Normal file
View File

@ -0,0 +1,31 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: "3.7"
services:
dd-apps-onlyoffice:
container_name: dd-apps-onlyoffice
image: ${ONLYOFFICE_IMG}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${BUILD_APPS_ROOT_PATH}/docker/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.json:ro
restart: unless-stopped
networks:
- dd_net

25
dd-apps/docker/postgresql/docker-entrypoint-initdb.d/etherpad.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $ETHERPAD_POSTGRES_USER SUPERUSER PASSWORD '${ETHERPAD_POSTGRES_PASSWORD}';
CREATE DATABASE etherpad;
GRANT ALL PRIVILEGES ON DATABASE etherpad TO ${ETHERPAD_POSTGRES_USER};
EOSQL

25
dd-apps/docker/postgresql/docker-entrypoint-initdb.d/keycloak.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $KEYCLOAK_DB_USER SUPERUSER PASSWORD '$KEYCLOAK_DB_PASSWORD';
CREATE DATABASE $KEYCLOAK_DB_DATABASE;
GRANT ALL PRIVILEGES ON DATABASE $KEYCLOAK_DB_DATABASE TO $KEYCLOAK_DB_USER;
EOSQL

26
dd-apps/docker/postgresql/docker-entrypoint-initdb.d/moodle.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $MOODLE_POSTGRES_USER SUPERUSER PASSWORD '${MOODLE_POSTGRES_PASSWORD}';
CREATE DATABASE moodle;
GRANT ALL PRIVILEGES ON DATABASE moodle TO ${MOODLE_POSTGRES_USER};
EOSQL

25
dd-apps/docker/postgresql/docker-entrypoint-initdb.d/nextcloud.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $NEXTCLOUD_POSTGRES_USER SUPERUSER PASSWORD '$NEXTCLOUD_POSTGRES_PASSWORD';
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO $NEXTCLOUD_POSTGRES_USER;
EOSQL

35
dd-apps/docker/postgresql/postgresql.yml Normal file
View File

@ -0,0 +1,35 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: "3.7"
services:
dd-apps-postgresql:
image: ${POSTGRESQL_IMG-postgres:13.5-alpine3.15}
container_name: dd-apps-postgresql
restart: unless-stopped
env_file: .env
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_USER=${POSTGRES_USER}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DB_FOLDER}/postgres:/var/lib/postgresql/data
- ${BUILD_APPS_ROOT_PATH}/docker/postgresql/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
networks:
- dd_net

30
dd-apps/docker/redis/redis.yml Normal file
View File

@ -0,0 +1,30 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-apps-redis:
image: ${REDIS_IMG-redis:6.2.6-alpine3.15}
container_name: dd-apps-redis
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DB_FOLDER}/redis:/data
restart: unless-stopped
networks:
- dd_net

11
dd-apps/docker/wordpress/.htaccess Normal file
View File

@ -0,0 +1,11 @@
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

32
dd-apps/docker/wordpress/multisite.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cat <<EOT >> multisite.cfg
define( 'WP_ALLOW_MULTISITE', true );
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', false );
\$base = '/';
define( 'DOMAIN_CURRENT_SITE', '$WORDPRESS_DOMAIN_CURRENT_SITE' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );
EOT
sed -i '/Happy publishing/e cat multisite.cfg' /var/www/html/wp-config.php

1
dd-apps/docker/wordpress/src/wp-content/plugins Submodule

@ -0,0 +1 @@
Subproject commit fb75edc20db7982d9112ac92a5f8a239ec636ca8

82
dd-apps/docker/wordpress/wordpress.yml Normal file
View File

@ -0,0 +1,82 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
x-volumes:
&wordpress-volumes
- /etc/localtime:/etc/localtime:ro
- ${BUILD_APPS_ROOT_PATH}/docker/wordpress/src/config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini
- ${SRC_FOLDER}/wordpress:/var/www/html
- ${BUILD_APPS_ROOT_PATH}/docker/wordpress/plugins:/plugins
- ${BUILD_APPS_ROOT_PATH}/docker/wordpress/.htaccess:/var/www/html/.htaccess:ro
- ${BUILD_APPS_ROOT_PATH}/docker/wordpress/multisite.sh:/multisite.sh:ro
- ${DATA_FOLDER}/wordpress:/var/www/html/wp-content/uploads
services:
dd-apps-wordpress:
image: ${WORDPRESS_IMG}
container_name: dd-apps-wordpress
volumes:
*wordpress-volumes
environment:
WORDPRESS_DB_HOST: dd-apps-mariadb
WORDPRESS_DB_NAME: "wordpress"
WORDPRESS_DB_USER: ${WORDPRESS_MARIADB_USER}
WORDPRESS_DB_PASSWORD: ${WORDPRESS_MARIADB_PASSWORD}
WORDPRESS_DOMAIN_CURRENT_SITE: wp.${DOMAIN}
depends_on:
- dd-apps-mariadb
links:
- dd-apps-mariadb
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80"]
interval: 30s
timeout: 10s
retries: 5
networks:
- dd_net
dd-apps-wordpress-cli:
image: ${WORDPRESS_CLI_IMG}
container_name: dd-apps-wordpress-cli
volumes:
*wordpress-volumes
command: >
bash -c 'wp core install --path="/var/www/html" --url=wp.${DOMAIN} --title="${TITLE}" --admin_user=${WORDPRESS_ADMIN_USER} --admin_password=${WORDPRESS_ADMIN_PASSWORD} --admin_email=${SMTP_USER};
wp core multisite-convert;'
depends_on:
dd-apps-mariadb:
condition: service_healthy
dd-apps-wordpress:
condition: service_healthy
networks:
- dd_net
restart: "no"
environment:
WORDPRESS_DB_HOST: dd-apps-mariadb
WORDPRESS_DB_NAME: "wordpress"
WORDPRESS_DB_USER: ${WORDPRESS_MARIADB_USER}
WORDPRESS_DB_PASSWORD: ${WORDPRESS_MARIADB_PASSWORD}
DOMAIN: ${DOMAIN}
TITLE: ${TITLE}
SMTP_USER: ${SMTP_USER}

833
dd-ctl Executable file
View File

@ -0,0 +1,833 @@
#!/usr/bin/env bash
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
OPERATION="$1"
# We need docker-compose >= 1.28 to catch configuration variables
REQUIRED_DOCKER_COMPOSE_VERSION="1.28"
docker_compose_version(){
docker-compose --version --short | sed 's/^docker-compose version \([^,]\+\),.*$/\1/'
}
check_docker_compose_version(){
# We cannot use sort -C because is not included in BusyBox v1.33.1 of docker:dind image
{
echo "$REQUIRED_DOCKER_COMPOSE_VERSION"
docker_compose_version
} | sort -c -V 2> /dev/null
}
get_os(){
if grep -q ^DISTRIB_ID=Ubuntu /etc/lsb-release 2>/dev/null; then
echo ubuntu
elif [ -f /etc/debian_version ]; then
echo debian
fi
}
help() {
cat <<-EOF
Example: ./dd.ctl [operation] [arguments]
For a new installation, you usually will want to run:
./dd-ctl repo-update
./dd-ctl prerequisites
./dd-ctl securize
./dd-ctl all
./dd-ctl saml
Generate adminer.yml to access DBs: ./dd-ctl adminer
Bring the current project up: ./dd-ctl all
Branding (custom/img, custom/menu): ./dd-ctl branding
Build the compose files: ./dd-ctl build
Build the devel compose files: ./dd-ctl build-devel
Apply customizations: ./dd-ctl customize
Stop the project when started: ./dd-ctl down
Show external files in repo, their license and source: ./dd-ctl listpatches
Generate .orig and .patch files to compare with upstream: ./dd-ctl genpatches
Rescan nextcloud data folders: ./dd-ctl nextcloud-scan
Install all prerequisites for installation: ./dd-ctl prerequisites
Update repository: ./dd-ctl repo-update [branch-name] (defaults to main)
Restart api if changes applied (development): ./dd-ctl restart-api
Update SAML certificates: ./dd-ctl saml
Set secure passwords in dd.conf: ./dd-ctl securize
Set a config variable in dd.conf: ./dd-ctl setconf VARIABLE [VALUE]
Start the project when stopped: ./dd-ctl up
Upgrade plugins: ./dd-ctl upgrade-plugins
Regenerate docker-compose.yml from conf: ./dd-ctl yml
EOF
}
# Help messages
if [ -z "$OPERATION" ] || [ "$OPERATION" = "-h" ] || [ "$OPERATION" = "--help" ]; then
test -n "$OPERATION" || printf "Missing command.\n\n"
help
exit
fi
# Sanity checks
if [ -z "$(get_os)" ]; then
cat >&2 <<-EOF
*****************************************************************
Your OS doesn't seem to be Debian or Ubuntu and is not supported!
Things might still work, please report back.
*****************************************************************
EOF
fi
if [ "$OPERATION" != "prerequisites" ]; then
if [ ! -d "custom" ]; then
echo "You need to copy custom.sample to custom folder and adapt it to your needs." >&2
exit 1
fi
if [ ! -f "dd.conf" ]; then
echo "You need to copy dd.conf.sample to dd.conf and adapt" >&2
exit 1
fi
if ! check_docker_compose_version; then
echo "ERROR: Please use docker-compose greather than or equal to $REQUIRED_DOCKER_COMPOSE_VERSION." >&2
exit 1
fi
fi
REPO_BRANCH="${2:-main}"
cp dd.conf .env
CUSTOM_PATH=$(pwd)
. ./.env
prerequisites_docker(){
# Remove uncompatible docker packages
for pkg in docker docker-engine docker.io containerd runc; do
if dpkg -s "${pkg}" >/dev/null; then
apt-get remove -y "${pkg}"
fi
done
# Install upstream-docker repo pre-requisites
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
git \
unzip \
libffi-dev
os="$(get_os)"
curl -fsSL "https://download.docker.com/linux/${os:?}/gpg" | \
apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/${os:?} \
$(lsb_release -cs) \
stable"
apt-get update -y
# docker-ce must be used instead of the one from the distro
apt-get install -y docker-ce docker-ce-cli containerd.io
apt-get install -y python3-pip
# docker-compose > 1.28 is required, latest will be installed
pip3 install docker-compose
}
prerequisites_pwd(){
apt-get install -y dictionaries-common wamerican
}
update_repo(){
# Switch to latest version
git fetch && git checkout $REPO_BRANCH
# Needed for dd-apps submodules...
git submodule update --init --recursive
# Remove old repositories
for old_dir in isard-apps isard-sso; do
if [ -d "${old_dir}" ]; then
mkdir -p _old
mv "${old_dir}" "_old/${old_dir}_$(date +'%Y-%m-%d_%H-%M')"
fi
done
# Cleanup
for old_dir in isard-apps isard-sso; do
git submodule deinit "${old_dir}" || true
if [ -d "${old_dir}" ]; then
rmdir "${old_dir}"
fi
done
}
build_compose(){
setconf CUSTOM_PATH "$CUSTOM_PATH" .env
setconf BUILD_APPS_ROOT_PATH "$CUSTOM_PATH/dd-apps" .env
setconf BUILD_SSO_ROOT_PATH "$CUSTOM_PATH/dd-sso" .env
## Prepare apps environment
ln -sf "${CUSTOM_PATH}/.env" dd-apps/.env
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/postgresql && \
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/mariadb && \
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/moodle && \
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/nextcloud && \
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/wordpress && \
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/etherpad
## Prepare sso environment
ln -sf "${CUSTOM_PATH}/.env" dd-sso/.env
ln -sf "${CUSTOM_PATH}/.env" dd-sso/docker-compose-parts/.env
# Clean up older custom data
rm -rf custom/system/keycloak-themes
rmdir custom/system 2>/dev/null || true
if [ "$BEHIND_PROXY" = "true" ]; then
BEHIND="haproxy-behind.yml"
else
BEHIND="haproxy.yml"
fi
# Build compose ymls
docker-compose -f dd-sso/docker-compose-parts/$BEHIND \
-f dd-sso/docker-compose-parts/api.yml \
-f dd-sso/docker-compose-parts/keycloak.yml \
-f dd-sso/docker-compose-parts/avatars.yml \
-f dd-apps/docker/postgresql/postgresql.yml \
-f dd-sso/docker-compose-parts/admin.yml \
\
-f dd-apps/docker/moodle/moodle.yml \
-f dd-apps/docker/nextcloud/nextcloud.yml \
-f dd-apps/docker/wordpress/wordpress.yml \
-f dd-apps/docker/etherpad/etherpad.yml \
-f dd-apps/docker/onlyoffice/onlyoffice.yml \
-f dd-apps/docker/redis/redis.yml \
-f dd-apps/docker/postgresql/postgresql.yml \
-f dd-apps/docker/mariadb/mariadb.yml \
-f dd-apps/docker/network.yml \
config > docker-compose.yml
}
listpatches(){
cat <<-EOM
# Generate .orig and .patch files with ./dd-ctl genpatches
# file license author url
EOM
for patchfile in $(find . -name 'dd-patch'); do
patchdir="$(dirname "${patchfile}")"
grep -vE '^#' "${patchfile}" | awk "{print \"${patchdir}/\" \$0}"
done
}
genpatches(){
CD="$(pwd)"
for patchfile in $(find . -name 'dd-patch'); do
cd "$(dirname "${patchfile}")"
echo "IN DIR $(pwd)"
grep -vE '^#' dd-patch | while IFS= read -r line; do
fn="$(echo "${line}" | cut -f 1)"
url="$(echo "${line}" | cut -f 4)"
wget "${url}" -O "${fn}.orig"
diff "${fn}.orig" "${fn}" > "${fn}.patch"
done
cd "${CD}"
done
}
build(){
build_compose
docker-compose build
}
build_compose_develop(){
build_compose
## Prepare sso environment
setconf CUSTOM_PATH "$CUSTOM_PATH" .env
setconf BUILD_SSO_ROOT_PATH "$CUSTOM_PATH/dd-sso" .env
ln -sf "${CUSTOM_PATH}/.env" dd-sso/.env
ln -sf "${CUSTOM_PATH}/.env" dd-sso/docker-compose-parts/.env
docker-compose -f docker-compose.yml \
-f dd-sso/docker-compose-parts/api.devel.yml \
-f dd-sso/docker-compose-parts/admin.devel.yml \
config > devel.yml
}
up(){
docker-compose up -d
}
down(){
docker-compose down
}
setup_nextcloud(){
echo " --> Applying custom settings in nextcloud"
# docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $DDADMIN_USER'
# docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin'
# docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=LostAdminGroup && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin'
# docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:app:set unaprova token --value "SuperS3cret"
#cp -R $BUILD_APPS_ROOT_PATH/dd-apps/docker/nextcloud/themes/* $DATA_FOLDER/nextcloud/themes/
docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set default_language --value="ca"
docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set skeletondirectory --value=''
# Disable certain NextCloud apps
for app in firstrunwizard recommendations dashboard; do
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings app:disable "${app}"
EOF
done
# Install and enable NextCloud apps
for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice circles; do
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings app:install "${app}"
php occ --no-warnings app:enable "${app}"
EOF
done
# Custom forms
docker exec dd-apps-nextcloud-app apk add git npm composer
docker exec -u www-data dd-apps-nextcloud-app rm -rf /var/www/html/custom_apps/forms
docker exec -u www-data dd-apps-nextcloud-app git clone https://github.com/juanan3ip/form -b dependabot/npm_and_yarn/babel/eslint-parser-7.17.0 /var/www/html/custom_apps/forms
docker exec -u www-data dd-apps-nextcloud-app npm --prefix /var/www/html/custom_apps/forms install
docker exec -u www-data dd-apps-nextcloud-app composer -d/var/www/html/custom_apps/forms install --no-dev -o
docker exec -u www-data dd-apps-nextcloud-app php occ app:enable forms
# Disable Big Blue Button media check by default
docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set bbb join.mediaCheck --value="false"
# Disable Big Blue Button listen only mode by default
docker exec dd-apps-nextcloud-app sed -i.orig 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php
# Enable option to join muted to Big Blue Button room by default
docker exec dd-apps-nextcloud-app sed -i 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php
# Remove meeting join nextcloud bbb app dialog exclamation marks
docker exec dd-apps-nextcloud-app sh -c "sed -i.orig 's/\(^\s*\"Please enter your name!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json"
docker exec dd-apps-nextcloud-app sh -c "sed -i 's/\(^\s*\"Let\x27s go!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json"
docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set theme --value=dd
docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set allow_local_remote_servers --value=true
docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings maintenance:theme:update
#docker exec -u www-data dd-apps-nextcloud-app php occ app:install user_saml
docker exec -u www-data dd-apps-nextcloud-app php occ app:enable user_saml
docker exec dd-apps-nextcloud-app apk add jq
docker exec dd-apps-nextcloud-app sh -c 'jq ". + {\"pad\": [\"application/x-ownpad\"], \"calc\": [\"application/x-ownpad\"]}" /var/www/html/resources/config/mimetypemapping.dist.json > /var/www/html/config/mimetypemapping.json'
nextcloud_scan
# Open pads in a new tab/window
docker exec dd-apps-nextcloud-app sed -i.orig 's/^\(\s*\)\(var viewer = OC.generateUrl.*\)/\1\2\n\1window.open(viewer);\n\1return;/' /var/www/html/custom_apps/ownpad/js/ownpad.js
# SMTP
SMTP_LOCAL_PART="$(echo "${SMTP_USER}" | cut -d '@' -f 1)"
SMTP_DOMAIN="$(echo "${SMTP_USER}" | cut -d '@' -f 2)"
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings config:system:set -n mail_smtpmode --value="smtp"
php occ --no-warnings config:system:set -n mail_smtpsecure --value="${SMTP_PROTOCOL}"
php occ --no-warnings config:system:set -n mail_sendmailmode --value="smtp"
php occ --no-warnings config:system:set -n mail_from_address --value="${SMTP_LOCAL_PART}"
php occ --no-warnings config:system:set -n mail_domain --value="${SMTP_DOMAIN}"
php occ --no-warnings config:system:set -n mail_smtpauth --value=1
php occ --no-warnings config:system:set -n mail_smtpauthtype --value="LOGIN"
php occ --no-warnings config:system:set -n mail_smtphost --value="${SMTP_HOST}"
php occ --no-warnings config:system:set -n mail_smtpport --value="${SMTP_PORT}"
php occ --no-warnings config:system:set -n mail_smtpname --value="${SMTP_USER}"
echo 'Setting Nextcloud password'
php occ --no-warnings config:system:set -n -q mail_smtppassword --value="${SMTP_PASSWORD}"
EOF
# Settings
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings config:app:set -n ownpad ownpad_etherpad_enable --value="yes"
php occ --no-warnings config:app:set -n ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN"
php occ --no-warnings config:app:set -n onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN"
php occ --no-warnings config:app:set -n onlyoffice jwt_secret --value="secret"
php occ --no-warnings config:app:set -n onlyoffice jwt_header --value="Authorization"
php occ --no-warnings config:app:set -n onlyoffice sameTab --value="false"
# Moodle nextcloud task needs forcesave onlyoffice option
php occ --no-warnings config:app:set -n onlyoffice customizationForcesave --value="true"
# Enable circles
php occ --no-warnings config:app:set -n circles members_limit --value="150"
php occ --no-warnings config:app:set -n circles allow_linked_groups --value="1"
php occ --no-warnings config:app:set -n circles skip_invitation_to_closed_circles --value="1"
# Add allow list IPs
php occ --no-warnings config:app:set -n bruteForce whitelist_1 --value='172.16.0.0/12'
# OnlyOffice
php occ --no-warnings config:app:set -n onlyoffice preview --value="true"
php occ --no-warnings config:app:set -n onlyoffice defFormats --value="{\"csv\":\"false\",\"doc\":\"true\",\"docm\":\"false\",\"docx\":\"true\",\"docxf\":\"true\",\"oform\":\"true\",\"dotx\":\"false\",\"epub\":\"false\",\"html\":\"false\",\"odp\":\"true\",\"ods\":\"true\",\"odt\":\"true\",\"otp\":\"true\",\"ots\":\"true\",\"ott\":\"true\",\"pdf\":\"false\",\"potm\":\"false\",\"potx\":\"false\",\"ppsm\":\"false\",\"ppsx\":\"true\",\"ppt\":\"true\",\"pptm\":\"false\",\"pptx\":\"true\",\"rtf\":\"false\",\"txt\":\"false\",\"xls\":\"true\",\"xlsm\":\"false\",\"xlsx\":\"true\",\"xltm\":\"false\",\"xltx\":\"true\"}",
php occ --no-warnings config:app:set -n onlyoffice editFormats --value="{\"csv\":\"true\",\"odp\":\"false\",\"ods\":\"false\",\"odt\":\"false\",\"rtf\":\"false\",\"txt\":\"true\"}"
EOF
# Allow nextcloud into other apps iframes
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;
docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Sety-Policy: connect-src 'self -' *.$DOMAIN;
docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Sety-Policy: img-src 'self' *. -$DOMAIN;
docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Sety-Policy: style-src 'self' -*.$DOMAIN;
docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Sety-Policy: font-src 'self' * -.$DOMAIN;
docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Fix nextcloud files_external "segudos" typo
# https://github.com/nextcloud/server/pull/28990
docker exec dd-apps-nextcloud-app sh -c 'sed -i.orig -e "s/segudos/segundos/" /var/www/html/apps/files_external/l10n/es_*.js'
# Import fix from Nextcloud 22 of pdf viewer
# https://github.com/nextcloud/files_pdfviewer/issues/381#issuecomment-845806364
docker exec dd-apps-nextcloud-app sed -i 's/encodeURIComponent(i\[a\])/i[a]/' /var/www/html/apps/files_pdfviewer/js/files_pdfviewer-main.js
# Add default file for moodle activities
if [ ! -f $DATA_FOLDER/nextcloud/admin/files/template.docx ]; then
cp dd-apps/docker/nextcloud/template.docx $DATA_FOLDER/nextcloud/admin/files/
nextcloud_scan
fi
configure_nextcloud_logo
}
nextcloud_scan(){
# The folders shown as 'not writeable' are empty user folders. Not a problem.
docker exec -u www-data dd-apps-nextcloud-app php occ files:scan --all
}
setup_moodle(){
echo " --> Applying custom settings in moodle"
docker exec -ti dd-apps-moodle php7 admin/cli/cfg.php --name=guestloginbutton --set=0
docker exec -ti dd-apps-moodle php7 admin/cli/cfg.php --name=enrol_plugins_enabled --set=manual
docker exec -ti dd-apps-moodle php7 admin/cli/cfg.php --name=enablemobilewebservice --set=0
docker exec -ti dd-apps-moodle php7 admin/cli/cfg.php --name=enablebadges --set=0
docker exec -ti dd-apps-moodle php7 admin/cli/cfg.php --name=timezone --set="${MOODLE_TIMEZONE-Europe/Madrid}"
docker exec -ti dd-apps-moodle php7 admin/cli/purge_caches.php
}
setup_wordpress(){
echo " --> Applying custom settings in wordpress"
## Multisite
docker exec -ti dd-apps-wordpress /bin/sh -c "/multisite.sh"
docker-compose run --user=33 dd-apps-wordpress-cli /bin/bash -s <<-EOF
wp plugin activate onelogin-saml-sso
wp plugin install generateblocks --activate
wp plugin activate generateblocks --network
wp theme install generatepress --activate
wp theme enable generatepress --network
wp theme delete twentynineteen
wp theme delete twentytwenty
wp theme delete twentytwentyone
wp option set WPLANG ca
wp option set date_format "d/m/Y"
EOF
docker-compose run --user=root dd-apps-wordpress-cli /bin/bash -c 'chown -R 33:33 /var/www/html/wp-content/uploads;'
}
setup_keycloak(){
# configure keycloak: realm and client_scopes
echo " --> Setting up SAML for moodle"
docker exec -ti dd-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 keycloak_config.py"
}
saml_certificates(){
wait_for_moodle
echo " --> Setting up SAML for moodle"
docker exec -ti dd-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 moodle_saml.py"
docker exec -ti dd-apps-moodle php7 admin/cli/purge_caches.php
# CERTIFICATES FOR SAML
echo " --> Generating certificates for nextcloud and wordpress"
docker exec -ti dd-sso-admin /bin/sh -c "/admin/generate_certificates.sh"
# SAML PLUGIN NEXTCLOUD
echo " --> Setting up SAML for nextcloud"
docker exec -ti dd-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 nextcloud_saml.py"
# SAML PLUGIN WORDPRESS
echo " --> Setting up SAML for wordpress"
docker exec -ti dd-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 wordpress_saml.py"
# SAML PLUGIN MOODLE
# echo "To add SAML to moodle:"
# echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate"
# echo "2.-Then run: docker exec -ti dd-sso-admin python3 /admin/nextcloud_saml.py"
# echo "3.-"
}
wait_for_moodle(){
echo "Waiting for system to be fully up before customizing... It can take some minutes..."
echo " (you can monitorize install with: docker logs dd-apps-moodle --follow"
while [ "`docker inspect -f {{.State.Health.Status}} dd-apps-moodle`" != "healthy" ]; do sleep 2; done
}
upgrade_moodle(){
docker exec -ti dd-apps-moodle php7 admin/cli/maintenance.php --enable
docker exec -ti dd-apps-moodle php7 admin/cli/upgrade.php --non-interactive --allow-unstable
docker exec -ti dd-apps-moodle php7 admin/cli/maintenance.php --disable
}
extras_adminer(){
docker-compose -f dd-apps/docker/network.yml \
-f dd-sso/docker-compose-parts/adminer.yml config > adminer.yml
echo " --> Generated adminer.yml"
echo " Bring it up: docker-compose -f adminer.yml up -d"
echo " Connect to: https://sso.$DOMAIN/dd-sso-adminer/"
echo " Parameters:"
echo " - System: PostgreSQL (or Mysql for wordpress db)"
echo " Server: dd-apps-postgresql (or dd-apps-mariadb for wordpress db)"
echo " User/Pass/Database from dd.conf"
}
extras_pgtuner(){
docker-compose -f dd-apps/docker/network.yml \
-f dd-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml
echo " --> Generated pgtuner.yml"
}
extras_nextcloud_remove_banned_ips(){
docker-compose exec dd-apps-postgresql psql -v ON_ERROR_STOP=1 \
-U admin nextcloud -c "DELETE FROM oc_bruteforce_attempts;"
}
extras_nextcloud_set_admin_group(){
docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin'
docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=N3xtcl0ud && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin'
}
extras_dump_keycloak_client(){
docker exec -ti dd-sso-keycloak sh -c "
/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password keycloakkeycloak \
&& /opt/jboss/keycloak/bin/kcadm.sh get clients/bef873f0-2079-4876-8657-067de27d01b7 -r master"""
}
upgrade_plugins_moodle(){
wait_for_moodle
rm -rf /tmp/moodle
mkdir -p /tmp/moodle/mod
mkdir -p /tmp/moodle/mod/assign/submission
mkdir -p /tmp/moodle/auth/saml2
mkdir -p /tmp/moodle/theme/cbe
mkdir -p /tmp/moodle/blocks
curl --location $MOODLE_PLUGIN_JITSI > jitsi.zip
unzip jitsi.zip -d /tmp/moodle/mod/
rm jitsi.zip
curl --location $MOODLE_PLUGIN_BBB > bbb.zip
unzip bbb.zip -d /tmp/moodle/mod/
rm bbb.zip
# curl --location https://github.com/isard-vdi/moodle-auth_saml2/archive/refs/heads/role_map.zip > auth_saml2.zip
# curl --location https://moodle.org/plugins/download.php/24556/auth_saml2_moodle311_2021062900.zip > auth_saml2.zip
curl --location $MOODLE_PLUGIN_SAML > auth_saml2.zip
unzip auth_saml2.zip -d /tmp/moodle/auth/
mv /tmp/moodle/auth/moodle-auth_saml2-role_map/* /tmp/moodle/auth/saml2/
rm -rf /tmp/moodle/auth/moodle-auth_saml2-role_map
rm auth_saml2.zip
if [[ "$MOODLE_PLUGIN_TRESIPUNTSHARE" == *"develop"* ]]; then
PLUGIN_BRANCH=develop
else
PLUGIN_BRANCH=master
fi
curl --location $MOODLE_PLUGIN_TRESIPUNTSHARE > tresipuntshare.zip
unzip tresipuntshare.zip -d /tmp/moodle/mod/
mv /tmp/moodle/mod/moodle_mod_tresipuntshare-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntshare
rm tresipuntshare.zip
if [[ "$MOODLE_PLUGIN_TRESIPUNTVIDEO" == *"develop"* ]]; then
PLUGIN_BRANCH=develop
else
PLUGIN_BRANCH=master
fi
curl --location $MOODLE_PLUGIN_TRESIPUNTVIDEO > tresipuntvideo.zip
unzip tresipuntvideo.zip -d /tmp/moodle/mod/
mv /tmp/moodle/mod/moodle_mod_tresipuntvideo-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntvideo
rm tresipuntvideo.zip
if [[ "$MOODLE_PLUGIN_TRESIPUNTAUDIO" == *"develop"* ]]; then
PLUGIN_BRANCH=develop
else
PLUGIN_BRANCH=master
fi
curl --location $MOODLE_PLUGIN_TRESIPUNTAUDIO > tresipuntaudio.zip
unzip tresipuntaudio.zip -d /tmp/moodle/mod/
mv /tmp/moodle/mod/moodle_mod_tresipuntaudio-$PLUGIN_BRANCH /tmp/moodle/mod/tresipuntaudio
rm tresipuntaudio.zip
if [[ "$MOODLE_PLUGIN_ASSIGNSUBMISSION" == *"develop"* ]]; then
PLUGIN_BRANCH=develop
else
PLUGIN_BRANCH=master
fi
curl --location $MOODLE_PLUGIN_ASSIGNSUBMISSION > assignsubmission_tipnc.zip
unzip assignsubmission_tipnc.zip -d /tmp/moodle/mod/assign/submission/
mv /tmp/moodle/mod/assign/submission/moodle_assignsubmission_tipnc-$PLUGIN_BRANCH /tmp/moodle/mod/assign/submission/tipnc
rm assignsubmission_tipnc.zip
curl --location $MOODLE_PLUGIN_TRESIPUNTMODSPEND > block_tresipuntmodspend.zip
unzip block_tresipuntmodspend.zip -d /tmp/moodle/blocks/
rm block_tresipuntmodspend.zip
if [[ "$MOODLE_THEME_CBE" == *"develop"* ]]; then
PLUGIN_BRANCH=develop
else
PLUGIN_BRANCH=master
fi
curl --location $MOODLE_THEME_CBE > tresipunt_theme_cbe.zip
unzip tresipunt_theme_cbe.zip -d /tmp/moodle/theme/cbe/
mv /tmp/moodle/theme/cbe/moodle_theme_cbe-$PLUGIN_BRANCH/* /tmp/moodle/theme/cbe/
rm tresipunt_theme_cbe.zip
#mkdir -p /tmp/moodle/local/tresipuntimportgc
#cp -R local_plugins/moodle/tresipuntimportgc/* /tmp/moodle/local/tresipuntimportgc/
cp -R /tmp/moodle/* $SRC_FOLDER/moodle/
rm -rf /tmp/moodle
docker exec -ti dd-apps-moodle php7 admin/cli/purge_caches.php
}
upgrade_plugins_nextcloud(){
wget https://code.jquery.com/jquery-3.2.1.slim.min.js -O $SRC_FOLDER/nextcloud/themes/dd/core/js/jquery_slim_3.2.1.js
cp -R dd-apps/docker/nextcloud/src/* $SRC_FOLDER/nextcloud/
}
upgrade_plugins_wp(){
cp -R dd-apps/docker/wordpress/src/* $SRC_FOLDER/wordpress/
if [ ! -d $SRC_FOLDER/wordpress/wp-content/mu-plugins ]; then
git clone https://gitlab.com/muplugins-multiste1/muplugins-google-sites.git $SRC_FOLDER/wordpress/wp-content/mu-plugins
fi
if [ ! -d $SRC_FOLDER/wordpress/wp-content/mu-plugins/.git ]; then
echo "WARNING: $SRC_FOLDER/wordpress/wp-content/mu-plugins is not a git repository."
echo " This could be due to old installation. To bring all new mu-plugins code for WP"
echo " remove that folder and it will be cloned and mantained with git from now on."
else
sh -c "cd $SRC_FOLDER/wordpress/wp-content/mu-plugins; git pull"
fi
docker-compose run --user=root dd-apps-wordpress-cli /bin/bash -c 'chown -R 33:33 /var/www/html/wp-content/mu-plugins;'
}
update_logos_and_menu(){
# docker exec -ti dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'"
# docker exec -ti dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'"
# docker exec -ti dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'"
# docker exec -ti dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='reload'"
docker exec -ti --user root dd-sso-keycloak sh -c 'rm -rf /opt/jboss/keycloak/standalone/tmp/kc-gzip-cache/*'
docker-compose build dd-sso-api && docker-compose up -d dd-sso-api
configure_nextcloud_logo
}
configure_nextcloud_logo(){
local instance_id=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:system:get instanceid)
local cachebuster=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:app:get theming cachebuster)
docker exec -u www-data dd-apps-nextcloud-app mkdir -p /var/www/html/data/appdata_$instance_id/theming/images
docker cp custom/img/logo.png dd-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/logo
docker cp custom/img/background.png dd-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/background
docker exec dd-apps-nextcloud-app chown www-data:www-data /var/www/html/data/appdata_$instance_id/theming/images/{logo,background}
docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming logoMime --value="image/png"
docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming backgroundMime --value="image/png"
docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming cachebuster --value="$(expr $cachebuster + 1 )"
}
genpwd() {
if [ ! -f /usr/share/dict/words ]; then
prerequisites_pwd > /dev/null
fi
shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'"
}
securize() {
for dd_var in \
ADMINAPP_PASSWORD \
DDADMIN_PASSWORD \
KEYCLOAK_PASSWORD \
KEYCLOAK_DB_PASSWORD \
POSTGRES_PASSWORD \
MARIADB_PASSWORD \
MOODLE_POSTGRES_PASSWORD \
MOODLE_ADMIN_PASSWORD \
NEXTCLOUD_POSTGRES_PASSWORD \
NEXTCLOUD_ADMIN_PASSWORD \
ETHERPAD_POSTGRES_PASSWORD \
ETHERPAD_ADMIN_PASSWORD \
WORDPRESS_MARIADB_PASSWORD \
WORDPRESS_ADMIN_PASSWORD \
IPA_ADMIN_PWD; do
setconf "${dd_var}" "$(genpwd)"
done
}
setconf() {
dd_var="$(echo "$1" | tr "[:lower:]" "[:upper:]")"
dd_val="$2"
dd_line="$(printf '%s="%s"' "${dd_var:?}" "${dd_val}")"
conf_file="${3:-dd.conf}"
if grep -qE "^${dd_var:?}=" "${conf_file}"; then
# Found uncommented, replace in-place
sed -i'' -E "s!^${dd_var:?}=.*\$!${dd_line}!" "${conf_file}"
elif grep -qE "^#[[:space:]]*${dd_var:?}=" "${conf_file}"; then
# Found commented, replace in-place
sed -i'' -E "s!^#[[:space:]]*${dd_var:?}=.*\$!${dd_line}!" "${conf_file}"
else
# Not found, append
echo "${dd_line}" >> "${conf_file}"
fi
}
# Argument handling
case "$OPERATION" in
build)
build
;;
build-devel)
build_compose_develop
;;
adminer)
extras_adminer
;;
all)
build
up
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
setup_nextcloud
setup_moodle
setup_wordpress
setup_keycloak
saml_certificates
cat <<-EOF
#### After install ####
- SSO in moodle should be active. You can go to: https://moodle.$DOMAIN
If it fails, regenerate and lock certificate in moodle SAML2 connector as a local admin.
After that run ./dd-ctl saml
- SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN
- SSO in wordpress should be active. You should go to https://wp.$DOMAIN/wp-admin//plugins.php
#### Update customizations ####
- ./dd-ctl customize
EOF
;;
branding)
up
wait_for_moodle
update_logos_and_menu
;;
customize)
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
;;
down)
down
;;
nextcloud-scan)
nextcloud_scan
;;
pgtuner)
extras_pgtuner
;;
prerequisites)
prerequisites_docker
prerequisites_pwd
;;
repo-update)
update_repo
;;
reset-data|reset-1714)
cat <<-EOF
# Following commands RESET ALL DATA except for certificates
# execute them only if you know what you are doing
# This *will* result in DATA LOSS
"$0" down
rm -rf /opt/DD/data/*
rm -rf /opt/DD/db/*
rm -rf '$SRC_FOLDER/avatars'
rm -rf '$SRC_FOLDER/moodle'
rm -rf '$SRC_FOLDER/nextcloud'
rm -rf '$SRC_FOLDER/wordpress'
EOF
;;
restart-api)
up
wait_for_moodle
docker restart dd-sso-api
;;
saml)
up
wait_for_moodle
setup_keycloak
saml_certificates
;;
securize)
securize
;;
setconf)
setconf "$2" "$3"
;;
up)
up
;;
upgrade-plugins)
up
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
;;
yml)
cp dd.conf .env
CUSTOM_PATH=$(pwd)
. ./.env
build_compose
;;
listpatches)
listpatches
;;
genpatches)
genpatches
;;
*)
printf "Unknown command '%s'\n\n" "$OPERATION" >&2
help >&2
exit 1
;;
esac

270
dd-install.sh Executable file
View File

@ -0,0 +1,270 @@
#!/usr/bin/env -S bash -eu
#
# Copyright 2022 -- Evilham <contact@evilham.com>
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# General settings, dir, repo, branch. You usually do not want these changed.
DDSRC_DIR="${DDSRC_DIR:-/opt/src/DD}"
DDREPO_URL="${DDREPO_URL:-https://gitlab.com/DD-workspace/DD}"
DDBRANCH="${DDBRANCH:-main}"
DDLOG="${DDLOG:-dd-install.log}"
help() {
cat <<EOF
Usage: $0 --install
Use the environment extensively to configure DD.
Any VARIABLE that is found in:
${DDREPO_URL:?}/-/raw/${DDBRANCH:?}/dd.conf.sample
Can be specified in this script's environment as DD_VARIABLE.
For example, use DD_DOMAIN to pre-configure the DOMAIN.
Furthermore, you can set DDIMG_LOGO_PNG and DDIMG_BACKGROUND_PNG to the path
of PNG files that will be used for the logo and background respectively.
This script will take care of installing all pre-requisites, pulling and
updating sources, applying workarounds for known bugs, etc.
EOF
}
case "${1:-}" in
-h|--help)
help
exit
;;
""|--install)
;;
*)
help
exit 1
;;
esac
check_config_interactive() {
if [ -z "${DD_DOMAIN:-}" ]; then
INTERACTIVE_INSTALL="YES"
cat <<-EOF
Interactive install detected!
Please follow the instructions carefully:
EOF
read -rep "Under which DOMAIN will you install DD? " DD_DOMAIN
export DD_DOMAIN
cat <<-EOF
You will need to setup DNS entries for:
- [ ] moodle.${DD_DOMAIN}
- [ ] nextcloud.${DD_DOMAIN}
- [ ] wp.${DD_DOMAIN}
- [ ] oof.${DD_DOMAIN}
- [ ] sso.${DD_DOMAIN}
- [ ] pad.${DD_DOMAIN}
- [ ] admin.${DD_DOMAIN}
- [ ] api.${DD_DOMAIN}
EOF
fi
# TODO: perform some kind of DNS check to help with installation?
if [ -z "${DD_TITLE_SHORT:-}" ]; then
if [ -n "${INTERACTIVE_INSTALL:-}" ]; then
read -rep "What is the short title of the DD instance? [DD] " DD_TITLE_SHORT
fi
if [ -z "${DD_TITLE_SHORT:-}" ]; then
DD_TITLE_SHORT="DD"
fi
export DD_TITLE_SHORT
fi
if [ -z "${DD_TITLE:-}" ]; then
if [ -n "${INTERACTIVE_INSTALL:-}" ]; then
read -rep "What is the full title of the DD instance? [${DD_TITLE_SHORT}] " DD_TITLE
fi
if [ -z "${DD_TITLE:-}" ]; then
DD_TITLE="${DD_TITLE_SHORT}"
fi
export DD_TITLE
fi
if [ -n "${INTERACTIVE_INSTALL:-}" ]; then
read -rep "Do you want to use Let's Encrypt certificates? [Y/n] " USE_LETSENCRYPT
case ${USE_LETSENCRYPT:-} in
n*|N*)
;;
*)
# Reuse user-provided info
export DD_LETSENCRYPT_DNS="${DD_DOMAIN}"
read -rep "Which email will you use for Let's Encrypt notifications? " \
DD_LETSENCRYPT_EMAIL
export DD_LETSENCRYPT_EMAIL
read -rep "Generate a certificate for ${DD_DOMAIN}? (neds the DNS entry) [y/N] " \
LE_ROOT_CERT
case ${LE_ROOT_CERT:-} in
y*|Y*)
DD_LETSENCRYPT_DOMAIN_ROOT=true
;;
*)
DD_LETSENCRYPT_DOMAIN_ROOT=false
;;
esac
export DD_LETSENCRYPT_DOMAIN_ROOT
;;
esac
read -rep "Path to the logo's PNG file (optional): " \
DDIMG_LOGO_PNG
read -rep "Path to the background's PNG file (optional): " \
DDIMG_BACKGROUND_PNG
cat <<-EOF
About to install with following information:
DOMAIN=${DD_DOMAIN}
TITLE_SHORT=${DD_TITLE_SHORT}
TITLE=${DD_TITLE}
LETSENCRYPT_DNS=${DD_LETSENCRYPT_DNS}
LETSENCRYPT_EMAIL=${DD_LETSENCRYPT_EMAIL:-}
LETSENCRYPT_DOMAIN_ROOT=${DD_LETSENCRYPT_DOMAIN_ROOT:-}
Custom logo in PNG (if requested): ${DDIMG_LOGO_PNG:-}
Custom background in PNG (if requested): ${DDIMG_BACKGROUND_PNG:-}
EOF
read -rep "Is this correct? proceed with the install? [Y/n] " DO_INSTALL
case ${DO_INSTALL:-} in
n*|N*)
exit
;;
*)
;;
esac
fi
}
# Ensure we have all necessary info
check_config_interactive
# Read all environment variables (DD_ prefix removed)
DD_ENV="$(env | grep -E '^DD_' | cut -c 4-)"
DD_VARS="$(echo "${DD_ENV}" | cut -d = -f 1)"
# Ensure DDIMG_* paths are full
# TODO: ensure the images are .png files
if [ -n "${DDIMG_LOGO_PNG:-}" ]; then
DDIMG_LOGO_PNG="$(realpath "${DDIMG_LOGO_PNG}")"
fi
if [ -n "${DDIMG_BACKGROUND_PNG:-}" ]; then
DDIMG_BACKGROUND_PNG="$(realpath "${DDIMG_BACKGROUND_PNG}")"
fi
#
# START MANUAL INSTALL
#
# Ensure apt cache is up to date
apt-get update
# Ensure git is available
GIT="$(command -v git || true)"
if [ -z "${GIT:-}" ]; then
apt-get install -y git
GIT="$(command -v git)"
fi
# Create source dir and clone repo as necessary
if [ ! -d "${DDSRC_DIR:?}" ]; then
mkdir -p "${DDSRC_DIR:?}"
"${GIT:?}" clone "${DDREPO_URL:?}" "${DDSRC_DIR:?}"
# Change to the requested branch
"${GIT:?}" -C "${DDSRC_DIR:?}" checkout "${DDBRANCH:?}"
fi
# Change to the source dir
cd "${DDSRC_DIR:?}"
# Copy the custom directory
if [ ! -d "custom" ]; then
cp -r custom.sample custom
fi
# Copy conf file
cp dd.conf.sample dd.conf
# Patch the configuration with the environment variables
# If installing manually, you'd edit `dd.conf` instead
for dd_var in ${DD_VARS:?}; do
dd_val="$(echo "${DD_ENV}" | grep -E "^${dd_var:?}=" | cut -d = -f 2- | head -n 1)"
./dd-ctl setconf "${dd_var:?}" "${dd_val:-}"
done
# Replace logos if requested
# If installing manually you'd replace:
# - custom/img/logo.png
# - custom/img/background.png
if [ -f "${DDIMG_LOGO_PNG:-}" ]; then
cp "${DDIMG_LOGO_PNG:?}" "custom/img/logo.png"
fi
if [ -f "${DDIMG_BACKGROUND_PNG:-}" ]; then
cp "${DDIMG_BACKGROUND_PNG:?}" "custom/img/background.png"
fi
# Update all repositories
./dd-ctl repo-update "${DDBRANCH:?}" 2>&1 | tee -a "${DDLOG}"
# Install all prerequisites
./dd-ctl prerequisites 2>&1 | tee -a "${DDLOG}"
# Fix insecure passwords
./dd-ctl securize 2>&1 | tee -a "${DDLOG}"
# Perform installation as per further instructions
./dd-ctl all 2>&1 | tee -a "${DDLOG}"
# Wait a tad to work around dd-sso issues
echo "Waiting a few seconds for things to settle..."
sleep 30
# Address timing dd-sso issue by restarting the containers
./dd-ctl down
./dd-ctl up
## Ensure SAML is set up (it errors always)
./dd-ctl saml || true
# Address Moodle custom settings, plugins and registration
NEXTCLOUD_ADMIN_USER="$(grep -E '^NEXTCLOUD_ADMIN_USER=' dd.conf | cut -d = -f 2-)"
NEXTCLOUD_ADMIN_PASSWORD="$(grep -E '^NEXTCLOUD_ADMIN_PASSWORD=' dd.conf | cut -d = -f 2-)"
docker exec -i -u nobody dd-apps-moodle sh -s <<EOF
php admin/cli/maintenance.php --enable
php admin/cli/upgrade.php --non-interactive
php theme/cbe/postinstall.php \
--wwwroot="moodle.${DD_DOMAIN}" \
--ncadmin="${NEXTCLOUD_ADMIN_USER}" \
--ncpass="${NEXTCLOUD_ADMIN_PASSWORD}" \
--sitename="${DD_TITLE}" \
--contactname="${DD_LETSENCRYPT_EMAIL}" \
--contactemail="${DD_LETSENCRYPT_EMAIL}"
php admin/cli/maintenance.php --disable
EOF
# And fix moodle SAML with the admin
docker exec dd-sso-admin python3 /admin/saml_scripts/moodle_saml.py
# Proceed further with manual steps
cat <<EOF | tee -a "${DDLOG}"
Proceed now with further manual steps as per:
https://dd.digitalitzacio-democratica.xnet-x.net/docs/post-install.ca/
If necessary, check the install logs at: ${DDLOG}
EOF

25
dd-sso/.gitignore vendored Normal file
View File

@ -0,0 +1,25 @@
.env
**/.env
main.conf
docker-compose.yml
#*.yml
**/custom.yaml
**/system.yaml
admin/src/node_modules
admin/src/admin/node_modules/
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# Python compiled and cached
*.pyc
**/*.pyc
__pycache__
**/__pycache__
# api generated templates
docker/api/src/api/static/templates/*.html
docker/api/src/api/static/templates/*.json

8
dd-sso/.isort.cfg Normal file
View File

@ -0,0 +1,8 @@
[settings]
multi_line_output = 3
include_trailing_comma = True
force_grid_wrap = 0
use_parentheses = True
ensure_newline_before_comments = True
line_length = 88

63
dd-sso/admin/docker/Dockerfile Normal file
View File

@ -0,0 +1,63 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM alpine:3.12.0 as production
MAINTAINER isard <info@isardvdi.com>
RUN apk add python3 py3-pip py3-pyldap~=3.2.0
RUN pip3 install --upgrade pip
RUN apk add --no-cache --virtual .build_deps \
build-base \
python3-dev \
libffi-dev \
gcc python3-dev linux-headers musl-dev postgresql-dev
COPY admin/docker/requirements.pip3 /requirements.pip3
RUN pip3 install --no-cache-dir -r requirements.pip3
RUN apk del .build_deps
RUN apk add --no-cache curl py3-yaml yarn libpq openssl py3-pillow
RUN wget -O /usr/lib/python3.8/site-packages/diceware/wordlists/wordlist_cat_ascii.txt https://raw.githubusercontent.com/1ma/diceware-cat/master/cat-wordlist-ascii.txt
# SSH configuration
# ARG SSH_ROOT_PWD
# RUN apk add openssh
# RUN echo "root:$SSH_ROOT_PWD" |chpasswd
# RUN sed -i \
# -e 's|[#]*PermitRootLogin prohibit-password|PermitRootLogin yes|g' \
# -e 's|[#]*PasswordAuthentication yes|PasswordAuthentication yes|g' \
# -e 's|[#]*ChallengeResponseAuthentication yes|ChallengeResponseAuthentication yes|g' \
# -e 's|[#]*UsePAM yes|UsePAM yes|g' \
# -e 's|[#]#Port 22|Port 22|g' \
# /etc/ssh/sshd_config
# Let's test 0.26.1 python-keycloak version
# RUN apk add --no-cache git && \
# git clone -b delete_realm_roles https://github.com/isard-vdi/python-keycloak.git && \
# cd python-keycloak && \
# python3 setup.py install && \
# apk del git
COPY admin/src /admin
RUN cd /admin/admin && yarn install
COPY admin/docker/run.sh /run.sh
#EXPOSE 7039
CMD [ "/run.sh" ]

35
dd-sso/admin/docker/requirements.pip3 Normal file
View File

@ -0,0 +1,35 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
Flask==2.0.1
Flask-Login==0.5.0
eventlet==0.33.0
Flask-SocketIO==5.1.0
bcrypt==3.2.0
diceware==0.9.6
mysql-connector-python==8.0.25
psycopg2==2.8.6
python-keycloak==0.26.1
minio==7.0.3
urllib3==1.26.6
schema==0.7.5
Werkzeug~=2.0.0
python-jose==3.3.0
Cerberus==1.3.4
PyYAML==6.0

30
dd-sso/admin/docker/run.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# ssh-keygen -A
## Only in development
cd /admin/admin
yarn install
## End Only in development
cd /admin
export PYTHONWARNINGS="ignore:Unverified HTTPS request"
python3 start.py
#&
# /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config

128
dd-sso/admin/src/admin/__init__.py Normal file
View File

@ -0,0 +1,128 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import os
from flask import Flask, render_template, send_from_directory
app = Flask(__name__, static_url_path="")
app = Flask(__name__, template_folder="static/templates")
app.url_map.strict_slashes = False
"""
App secret key for encrypting cookies
You can generate one with:
import os
os.urandom(24)
And paste it here.
"""
app.secret_key = "Change this key!/\xf7\x83\xbe\x17\xfa\xa3zT\n\\]m\xa6\x8bF\xdd\r\xf7\x9e\x1d\x1f\x14'"
print("Starting dd-sso api...")
from admin.lib.load_config import loadConfig
try:
loadConfig(app)
except:
print("Could not get environment variables...")
from admin.lib.postup import Postup
Postup()
from admin.lib.admin import Admin
app.admin = Admin()
app.ready = False
"""
Debug should be removed on production!
"""
if app.debug:
log.warning("Debug mode: {}".format(app.debug))
else:
log.info("Debug mode: {}".format(app.debug))
"""
Serve static files
"""
@app.route("/build/<path:path>")
def send_build(path):
return send_from_directory(
os.path.join(app.root_path, "node_modules/gentelella/build"), path
)
@app.route("/vendors/<path:path>")
def send_vendors(path):
return send_from_directory(
os.path.join(app.root_path, "node_modules/gentelella/vendors"), path
)
@app.route("/node_modules/<path:path>")
def send_nodes(path):
return send_from_directory(os.path.join(app.root_path, "node_modules"), path)
@app.route("/templates/<path:path>")
def send_templates(path):
return send_from_directory(os.path.join(app.root_path, "templates"), path)
# @app.route('/templates/<path:path>')
# def send_templates(path):
# return send_from_directory(os.path.join(app.root_path, 'static/templates'), path)
@app.route("/static/<path:path>")
def send_static_js(path):
return send_from_directory(os.path.join(app.root_path, "static"), path)
@app.route("/avatars/<path:path>")
def send_avatars_img(path):
return send_from_directory(
os.path.join(app.root_path, "../avatars/master-avatars"), path
)
@app.route("/custom/<path:path>")
def send_custom(path):
return send_from_directory(os.path.join(app.root_path, "../custom"), path)
# @app.errorhandler(404)
# def not_found_error(error):
# return render_template('page_404.html'), 404
# @app.errorhandler(500)
# def internal_error(error):
# return render_template('page_500.html'), 500
"""
Import all views
"""
from .views import ApiViews, AppViews, LoginViews, WebViews, WpViews

19
dd-sso/admin/src/admin/auth/__init__.py Normal file
View File

@ -0,0 +1,19 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later

79
dd-sso/admin/src/admin/auth/authentication.py Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import os
from flask_login import LoginManager, UserMixin
from admin import app
""" OIDC TESTS """
# from flask_oidc import OpenIDConnect
# app.config.update({
# 'SECRET_KEY': 'u\x91\xcf\xfa\x0c\xb9\x95\xe3t\xba2K\x7f\xfd\xca\xa3\x9f\x90\x88\xb8\xee\xa4\xd6\xe4',
# 'TESTING': True,
# 'DEBUG': True,
# 'OIDC_CLIENT_SECRETS': 'client_secrets.json',
# 'OIDC_ID_TOKEN_COOKIE_SECURE': False,
# 'OIDC_REQUIRE_VERIFIED_EMAIL': False,
# 'OIDC_VALID_ISSUERS': ['https://sso.mydomain.duckdns.org:8080/auth/realms/master'],
# 'OIDC_OPENID_REALM': 'https://sso.mydomain.duckdns.org//custom_callback',
# 'OVERWRITE_REDIRECT_URI': 'https://sso.mydomain.duckdns.org//custom_callback',
# })
# # 'OVERWRITE_REDIRECT_URI': 'https://sso.mydomain.duckdns.org//custom_callback',
# # 'OIDC_CALLBACK_ROUTE': '//custom_callback'
# oidc = OpenIDConnect(app)
""" OIDC TESTS """
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"
ram_users = {
os.environ["ADMINAPP_USER"]: {
"id": os.environ["ADMINAPP_USER"],
"password": os.environ["ADMINAPP_PASSWORD"],
"role": "manager",
},
os.environ["KEYCLOAK_USER"]: {
"id": os.environ["KEYCLOAK_USER"],
"password": os.environ["KEYCLOAK_PASSWORD"],
"role": "admin",
},
os.environ["WORDPRESS_MARIADB_USER"]: {
"id": os.environ["WORDPRESS_MARIADB_USER"],
"password": os.environ["WORDPRESS_MARIADB_PASSWORD"],
"role": "manager",
},
}
class User(UserMixin):
def __init__(self, dict):
self.id = dict["id"]
self.username = dict["id"]
self.password = dict["password"]
self.role = dict["role"]
@login_manager.user_loader
def user_loader(username):
return User(ram_users[username])

118
dd-sso/admin/src/admin/auth/tokens.py Normal file
View File

@ -0,0 +1,118 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Copyright 2017 the Isard-vdi project authors:
# Josep Maria Viñolas Auquer
# Alberto Larraz Dalmases
# License: AGPLv3
import json
import logging as log
import os
import traceback
from functools import wraps
from flask import request
from jose import jwt
from admin import app
from ..lib.api_exceptions import Error
def get_header_jwt_payload():
return get_token_payload(get_token_auth_header())
def get_token_header(header):
"""Obtains the Access Token from the a Header"""
auth = request.headers.get(header, None)
if not auth:
raise Error(
"unauthorized",
"Authorization header is expected",
traceback.format_stack(),
)
parts = auth.split()
if parts[0].lower() != "bearer":
raise Error(
"unauthorized",
"Authorization header must start with Bearer",
traceback.format_stack(),
)
elif len(parts) == 1:
raise Error("bad_request", "Token not found")
elif len(parts) > 2:
raise Error(
"unauthorized",
"Authorization header must be Bearer token",
traceback.format_stack(),
)
return parts[1] # Token
def get_token_auth_header():
return get_token_header("Authorization")
def get_token_payload(token):
# log.warning("The received token in get_token_payload is: " + str(token))
try:
claims = jwt.get_unverified_claims(token)
secret = app.config["API_SECRET"]
except:
log.warning(
"JWT token with invalid parameters. Can not parse it.: " + str(token)
)
raise Error(
"unauthorized",
"Unable to parse authentication parameters token.",
traceback.format_stack(),
)
try:
payload = jwt.decode(
token,
secret,
algorithms=["HS256"],
options=dict(verify_aud=False, verify_sub=False, verify_exp=True),
)
except jwt.ExpiredSignatureError:
log.warning("Token expired")
raise Error("unauthorized", "Token is expired", traceback.format_stack())
except jwt.JWTClaimsError:
raise Error(
"unauthorized",
"Incorrect claims, please check the audience and issuer",
traceback.format_stack(),
)
except Exception:
raise Error(
"unauthorized",
"Unable to parse authentication token.",
traceback.format_stack(),
)
if payload.get("data", False):
return payload["data"]
return payload

1930
dd-sso/admin/src/admin/lib/admin.py Normal file
View File

File diff suppressed because it is too large Load Diff

162
dd-sso/admin/src/admin/lib/api_exceptions.py Normal file
View File

@ -0,0 +1,162 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import inspect
import json
import logging as log
import os
import traceback
from flask import jsonify, request
from admin import app
content_type = {"Content-Type": "application/json"}
ex = {
"bad_request": {
"error": {
"error": "bad_request",
"msg": "Bad request",
},
"status_code": 400,
},
"unauthorized": {
"error": {
"error": "unauthorized",
"msg": "Unauthorized",
},
"status_code": 401,
},
"forbidden": {
"error": {
"error": "forbidden",
"msg": "Forbidden",
},
"status_code": 403,
},
"not_found": {
"error": {
"error": "not_found",
"msg": "Not found",
},
"status_code": 404,
},
"conflict": {
"error": {
"error": "conflict",
"msg": "Conflict",
},
"status_code": 409,
},
"internal_server": {
"error": {
"error": "internal_server",
"msg": "Internal server error",
},
"status_code": 500,
},
"gateway_timeout": {
"error": {
"error": "gateway_timeout",
"msg": "Gateway timeout",
},
"status_code": 504,
},
"precondition_required": {
"error": {
"error": "precondition_required",
"msg": "Precondition required",
},
"status_code": 428,
},
"insufficient_storage": {
"error": {
"error": "insufficient_storage",
"msg": "Insufficient storage",
},
"status_code": 507,
},
}
class Error(Exception):
def __init__(self, error="bad_request", description="", debug="", data=None):
self.error = ex[error]["error"].copy()
self.error["function"] = (
inspect.stack()[1][1].split(os.sep)[-1]
+ ":"
+ str(inspect.stack()[1][2])
+ ":"
+ inspect.stack()[1][3]
)
self.error["function_call"] = (
inspect.stack()[2][1].split(os.sep)[-1]
+ ":"
+ str(inspect.stack()[2][2])
+ ":"
+ inspect.stack()[2][3]
)
self.error["description"] = str(description)
self.error["debug"] = "{}\n\r{}{}".format(
"----------- DEBUG START -------------",
debug,
"----------- DEBUG STOP -------------",
)
self.error["request"] = (
"{}\n{}\r\n{}\r\n\r\n{}{}".format(
"----------- REQUEST START -----------",
request.method + " " + request.url,
"\r\n".join("{}: {}".format(k, v) for k, v in request.headers.items()),
request.body if hasattr(request, "body") else "",
"----------- REQUEST STOP -----------",
)
if request
else ""
)
self.error["data"] = (
"{}\n{}\n{}".format(
"----------- DATA START -----------",
json.dumps(data, indent=2),
"----------- DATA STOP -----------",
)
if data
else ""
)
self.status_code = ex[error]["status_code"]
self.content_type = content_type
log.debug(
"%s - %s - [%s -> %s]\r\n%s\r\n%s\r\n%s"
% (
error,
str(description),
self.error["function_call"],
self.error["function"],
self.error["debug"],
self.error["request"],
self.error["data"],
)
)
@app.errorhandler(Error)
def handle_user_error(ex):
response = jsonify(ex.error)
response.status_code = ex.status_code
response.headers = {"content-type": content_type}
return response

101
dd-sso/admin/src/admin/lib/avatars.py Normal file
View File

@ -0,0 +1,101 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import os
from pprint import pprint
from minio import Minio
from minio.commonconfig import REPLACE, CopySource
from minio.deleteobjects import DeleteObject
from requests import get, post
from admin import app
class Avatars:
def __init__(self):
self.mclient = Minio(
"dd-sso-avatars:9000",
access_key="AKIAIOSFODNN7EXAMPLE",
secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
secure=False,
)
self.bucket = "master-avatars"
self._minio_set_realm()
# self.update_missing_avatars()
def add_user_default_avatar(self, userid, role="unknown"):
self.mclient.fput_object(
self.bucket,
userid,
os.path.join(app.root_path, "../custom/avatars/" + role + ".jpg"),
content_type="image/jpeg ",
)
log.warning(
" AVATARS: Updated avatar for user " + userid + " with role " + role
)
def delete_user_avatar(self, userid):
self.minio_delete_object(userid)
def update_missing_avatars(self, users):
sys_roles = ["admin", "manager", "teacher", "student"]
for u in self.get_users_without_image(users):
try:
img = [r + ".jpg" for r in sys_roles if r in u["roles"]][0]
except:
img = "unknown.jpg"
self.mclient.fput_object(
self.bucket,
u["id"],
os.path.join(app.root_path, "../custom/avatars/" + img),
content_type="image/jpeg ",
)
log.warning(
" AVATARS: Updated avatar for user "
+ u["username"]
+ " with role "
+ img.split(".")[0]
)
def _minio_set_realm(self):
if not self.mclient.bucket_exists(self.bucket):
self.mclient.make_bucket(self.bucket)
def minio_get_objects(self):
return [o.object_name for o in self.mclient.list_objects(self.bucket)]
def minio_delete_all_objects(self):
delete_object_list = map(
lambda x: DeleteObject(x.object_name),
self.mclient.list_objects(self.bucket),
)
errors = self.mclient.remove_objects(self.bucket, delete_object_list)
for error in errors:
log.error(" AVATARS: Error occured when deleting avatar object: " + error)
def minio_delete_object(self, oid):
errors = self.mclient.remove_objects(self.bucket, [DeleteObject(oid)])
for error in errors:
log.error(" AVATARS: Error occured when deleting avatar object: " + error)
def get_users_without_image(self, users):
return [u for u in users if u["id"] and u["id"] not in self.minio_get_objects()]

88
dd-sso/admin/src/admin/lib/dashboard.py Normal file
View File

@ -0,0 +1,88 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import os
import shutil
import traceback
from io import BytesIO
from pprint import pprint
import requests
import yaml
from PIL import Image
from schema import And, Optional, Schema, SchemaError, Use
from admin import app
class Dashboard:
def __init__(
self,
):
self.custom_menu = os.path.join(app.root_path, "../custom/menu/custom.yaml")
def _update_custom_menu(self, custom_menu_part):
with open(self.custom_menu) as yml:
menu = yaml.load(yml, Loader=yaml.FullLoader)
menu = {**menu, **custom_menu_part}
with open(self.custom_menu, "w") as yml:
yml.write(yaml.dump(menu, default_flow_style=False))
return True
def update_colours(self, colours):
schema_template = Schema(
{
"background": And(Use(str)),
"primary": And(Use(str)),
"secondary": And(Use(str)),
}
)
try:
schema_template.validate(colours)
except SchemaError:
return False
self._update_custom_menu({"colours": colours})
return self.apply_updates()
def update_menu(self, menu):
items = []
for menu_item in menu.keys():
for mustexist_key in ["href", "icon", "name", "shortname"]:
if mustexist_key not in menu[menu_item].keys():
return False
items.append(menu[menu_item])
self._update_custom_menu({"apps_external": items})
return self.apply_updates()
def update_logo(self, logo):
img = Image.open(logo.stream)
img.save(os.path.join(app.root_path, "../custom/img/logo.png"))
return self.apply_updates()
def update_background(self, background):
img = Image.open(background.stream)
img.save(os.path.join(app.root_path, "../custom/img/background.png"))
return self.apply_updates()
def apply_updates(self):
resp = requests.get("http://dd-sso-api:7039/restart")
return True

193
dd-sso/admin/src/admin/lib/events.py Normal file
View File

@ -0,0 +1,193 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import base64
import json
import logging as log
import os
import sys
import traceback
from time import sleep
from uuid import uuid4
from flask import Response, jsonify, redirect, render_template, request, url_for
from flask_socketio import (
SocketIO,
close_room,
disconnect,
emit,
join_room,
leave_room,
rooms,
send,
)
from admin import app
def sio_event_send(event, data):
app.socketio.emit(
event,
json.dumps(data),
namespace="/sio/events",
room="events",
)
sleep(0.001)
class Events:
def __init__(self, title, text="", total=0, table=False, type="info"):
# notice, info, success, and error
self.eid = str(base64.b64encode(os.urandom(32))[:8])
self.title = title
self.text = text
self.total = total
self.table = table
self.item = 0
self.type = type
self.create()
def create(self):
log.info("START " + self.eid + ": " + self.text)
app.socketio.emit(
"notify-create",
json.dumps(
{
"id": self.eid,
"title": self.title,
"text": self.text,
"type": self.type,
}
),
namespace="/sio",
room="admin",
)
sleep(0.001)
def __del__(self):
log.info("END " + self.eid + ": " + self.text)
app.socketio.emit(
"notify-destroy",
json.dumps({"id": self.eid}),
namespace="/sio",
room="admin",
)
sleep(0.001)
def update_text(self, text):
self.text = text
app.socketio.emit(
"notify-update",
json.dumps(
{
"id": self.eid,
"text": self.text,
}
),
namespace="/sio",
room="admin",
)
sleep(0.001)
def append_text(self, text):
self.text = self.text + "<br>" + text
app.socketio.emit(
"notify-update",
json.dumps(
{
"id": self.eid,
"text": self.text,
}
),
namespace="/sio",
room="admin",
)
sleep(0.001)
def increment(self, data={"name": "", "data": []}):
self.item += 1
log.info("INCREMENT " + self.eid + ": " + self.text)
app.socketio.emit(
"notify-increment",
json.dumps(
{
"id": self.eid,
"title": self.title,
"text": "["
+ str(self.item)
+ "/"
+ str(self.total)
+ "] "
+ self.text
+ " "
+ data["name"],
"item": self.item,
"total": self.total,
"table": self.table,
"type": self.type,
"data": data,
}
),
namespace="/sio",
room="admin",
)
sleep(0.0001)
def decrement(self, data={"name": "", "data": []}):
self.item -= 1
log.info("DECREMENT " + self.eid + ": " + self.text)
app.socketio.emit(
"notify-decrement",
json.dumps(
{
"id": self.eid,
"title": self.title,
"text": "["
+ str(self.item)
+ "/"
+ str(self.total)
+ "] "
+ self.text
+ " "
+ data["name"],
"item": self.item,
"total": self.total,
"table": self.table,
"type": self.type,
"data": data,
}
),
namespace="/sio",
room="admin",
)
sleep(0.001)
def reload(self):
app.socketio.emit("reload", json.dumps({}), namespace="/sio", room="admin")
sleep(0.0001)
def table(self, event, table, data={}):
# refresh, add, delete, update
app.socketio.emit(
"table_" + event,
json.dumps({"table": table, "data": data}),
namespace="/sio",
room="admin",
)
sleep(0.0001)

26
dd-sso/admin/src/admin/lib/exceptions.py Normal file
View File

@ -0,0 +1,26 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
class UserExists(Exception):
pass
class UserNotFound(Exception):
pass

134
dd-sso/admin/src/admin/lib/helpers.py Normal file
View File

@ -0,0 +1,134 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import random
import string
from collections import Counter
from pprint import pprint
def get_recursive_groups(l_groups, l):
for d_group in l_groups:
data = {}
for key, value in d_group.items():
if key == "subGroups":
get_recursive_groups(value, l)
else:
data[key] = value
l.append(data)
return l
def get_group_with_childs(keycloak_group):
return [g["path"] for g in get_recursive_groups([keycloak_group], [])]
def system_username(username):
return (
True
if username in ["guest", "ddadmin", "admin"] or username.startswith("system_")
else False
)
def system_group(groupname):
return True if groupname in ["admin", "manager", "teacher", "student"] else False
def get_group_from_group_id(group_id, groups):
return next((d for d in groups if d.get("id") == group_id), None)
def get_kid_from_kpath(kpath, groups):
ids = [g["id"] for g in groups if g["path"] == kpath]
if not len(ids) or len(ids) > 1:
return False
return ids[0]
def get_gid_from_kgroup_id(kgroup_id, groups):
return [
g["path"].replace("/", ".")[1:] if len(g["path"].split("/")) else g["path"][1:]
for g in groups
if g["id"] == kgroup_id
][0]
def get_gids_from_kgroup_ids(kgroup_ids, groups):
return [get_gid_from_kgroup_id(kgroup_id, groups) for kgroup_id in kgroup_ids]
def kpath2gid(path):
# print(path.replace('/','.')[1:])
if path.startswith("/"):
return path.replace("/", ".")[1:]
return path.replace("/", ".")
def kpath2gids(path):
path = kpath2gid(path)
l = []
for i in range(len(path.split("."))):
l.append(".".join(path.split(".")[: i + 1]))
return l
def kpath2kpaths(path):
l = []
for i in range(len(path.split("/"))):
l.append("/".join(path.split("/")[: i + 1]))
return l[1:]
def gid2kpath(gid):
return "/" + gid.replace(".", "/")
def count_repeated(itemslist):
print(Counter(itemslist))
def groups_kname2gid(groups):
return [name.replace(".", "/") for name in groups]
def groups_path2id(groups):
return [g.replace("/", ".")[1:] for g in groups]
def groups_id2path(groups):
return ["/" + g.replace(".", "/") for g in groups]
def filter_roles_list(role_list):
client_roles = ["admin", "manager", "teacher", "student"]
return [r for r in role_list if r in client_roles]
def filter_roles_listofdicts(role_listofdicts):
client_roles = ["admin", "manager", "teacher", "student"]
return [r for r in role_listofdicts if r["name"] in client_roles]
def rand_password(lenght):
characters = string.ascii_letters + string.digits + string.punctuation
passwd = "".join(random.choice(characters) for i in range(lenght))
while not any(ele.isupper() for ele in passwd):
passwd = "".join(random.choice(characters) for i in range(lenght))
return passwd

460
dd-sso/admin/src/admin/lib/keycloak_client.py Normal file
View File

@ -0,0 +1,460 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
import logging as log
import os
import time
import traceback
from datetime import datetime, timedelta
from pprint import pprint
import yaml
from jinja2 import Environment, FileSystemLoader
from keycloak import KeycloakAdmin
from .api_exceptions import Error
from .helpers import get_recursive_groups, kpath2kpaths
from .postgres import Postgres
# from admin import app
class KeycloakClient:
"""https://www.keycloak.org/docs-api/13.0/rest-api/index.html
https://github.com/marcospereirampj/python-keycloak
https://gist.github.com/kaqfa/99829941121188d7cef8271f93f52f1f
"""
def __init__(
self,
url="http://dd-sso-keycloak:8080/auth/",
username=os.environ["KEYCLOAK_USER"],
password=os.environ["KEYCLOAK_PASSWORD"],
realm="master",
verify=True,
):
self.url = url
self.username = username
self.password = password
self.realm = realm
self.verify = verify
self.keycloak_pg = Postgres(
"dd-apps-postgresql",
"keycloak",
os.environ["KEYCLOAK_DB_USER"],
os.environ["KEYCLOAK_DB_PASSWORD"],
)
def connect(self):
self.keycloak_admin = KeycloakAdmin(
server_url=self.url,
username=self.username,
password=self.password,
realm_name=self.realm,
verify=self.verify,
)
# from keycloak import KeycloakAdmin
# keycloak_admin = KeycloakAdmin(server_url="http://dd-sso-keycloak:8080/auth/",username="admin",password="keycloakkeycloak",realm_name="master",verify=False)
""" USERS """
def get_user_id(self, username):
self.connect()
return self.keycloak_admin.get_user_id(username)
def get_users(self):
self.connect()
return self.keycloak_admin.get_users({})
def get_users_with_groups_and_roles(self):
q = """select u.id, u.username, u.email, u.first_name, u.last_name, u.realm_id, u.enabled, ua.value as quota
,json_agg(g."id") as group, json_agg(g_parent."name") as group_parent1, json_agg(g_parent2."name") as group_parent2
,json_agg(r.name) as role
from user_entity as u
left join user_attribute as ua on ua.user_id=u.id and ua.name = 'quota'
left join user_group_membership as ugm on ugm.user_id = u.id
left join keycloak_group as g on g.id = ugm.group_id
left join keycloak_group as g_parent on g.parent_group = g_parent.id
left join keycloak_group as g_parent2 on g_parent.parent_group = g_parent2.id
left join user_role_mapping as rm on rm.user_id = u.id
left join keycloak_role as r on r.id = rm.role_id
group by u.id,u.username,u.email,u.first_name,u.last_name, u.realm_id, u.enabled, ua.value
order by u.username"""
(headers, users) = self.keycloak_pg.select_with_headers(q)
users_with_lists = [
list(l[:-4])
+ ([[]] if l[-4] == [None] else [list(set(l[-4]))])
+ ([[]] if l[-3] == [None] else [list(set(l[-3]))])
+ ([[]] if l[-3] == [None] else [list(set(l[-2]))])
+ ([[]] if l[-1] == [None] else [list(set(l[-1]))])
for l in users
]
users_with_lists = [
list(l[:-4])
+ ([[]] if l[-4] == [None] else [list(set(l[-4]))])
+ ([[]] if l[-3] == [None] else [list(set(l[-3]))])
+ ([[]] if l[-3] == [None] else [list(set(l[-2]))])
+ ([[]] if l[-1] == [None] else [list(set(l[-1]))])
for l in users_with_lists
]
list_dict_users = [dict(zip(headers, r)) for r in users_with_lists]
return list_dict_users
def getparent(self, group_id, data):
# Recursively get full path from any group_id in the tree
path = ""
for item in data:
if group_id == item[0]:
path = self.getparent(item[2], data)
path = f"{path}/{item[1]}"
return path
def get_group_path(self, group_id):
# Get full path using getparent recursive func
# RETURNS: String with full path
q = """SELECT * FROM keycloak_group"""
groups = self.keycloak_pg.select(q)
return self.getparent(group_id, groups)
def get_user_groups_paths(self, user_id):
# Get full paths for user grups
# RETURNS list of paths
q = """SELECT group_id FROM user_group_membership WHERE user_id = '%s'""" % (
user_id
)
user_group_ids = self.keycloak_pg.select(q)
paths = []
for g in user_group_ids:
paths.append(self.get_group_path(g[0]))
return paths
## Too slow. Used the direct postgres
# def get_users_with_groups_and_roles(self):
# self.connect()
# users=self.keycloak_admin.get_users({})
# for user in users:
# user['groups']=[g['path'] for g in self.keycloak_admin.get_user_groups(user_id=user['id'])]
# user['roles']= [r['name'] for r in self.keycloak_admin.get_realm_roles_of_user(user_id=user['id'])]
# return users
def add_user(
self,
username,
first,
last,
email,
password,
group=False,
password_temporary=True,
enabled=True,
):
# RETURNS string with keycloak user id (the main id in this app)
self.connect()
username = username.lower()
try:
uid = self.keycloak_admin.create_user(
{
"email": email,
"username": username,
"enabled": enabled,
"firstName": first,
"lastName": last,
"credentials": [
{
"type": "password",
"value": password,
"temporary": password_temporary,
}
],
}
)
except Exception as e:
log.error(traceback.format_exc())
raise Error(
"conflict",
"user/email already exists: " + str(username) + "/" + str(email),
)
if group:
path = "/" + group if group[1:] != "/" else group
try:
gid = self.keycloak_admin.get_group_by_path(
path=path, search_in_subgroups=False
)["id"]
except:
self.keycloak_admin.create_group({"name": group})
gid = self.keycloak_admin.get_group_by_path(path)["id"]
self.keycloak_admin.group_user_add(uid, gid)
return uid
def update_user_pwd(self, user_id, password, password_temporary=True):
# Updates
payload = {
"credentials": [
{"type": "password", "value": password, "temporary": password_temporary}
]
}
self.connect()
return self.keycloak_admin.update_user(user_id, payload)
def user_update(self, user_id, enabled, email, first, last, groups=[], roles=[]):
## NOTE: Roles didn't seem to be updated/added. Also not confident with groups
# Updates
payload = {
"enabled": enabled,
"email": email,
"firstName": first,
"lastName": last,
"groups": groups,
"realmRoles": roles,
}
self.connect()
return self.keycloak_admin.update_user(user_id, payload)
def user_enable(self, user_id):
payload = {"enabled": True}
self.connect()
return self.keycloak_admin.update_user(user_id, payload)
def user_disable(self, user_id):
payload = {"enabled": False}
self.connect()
return self.keycloak_admin.update_user(user_id, payload)
def group_user_remove(self, user_id, group_id):
self.connect()
return self.keycloak_admin.group_user_remove(user_id, group_id)
# def add_user_role(self,user_id,role_id):
# self.connect()
# return self.keycloak_admin.assign_role(client_id=client_id, user_id=user_id, role_id=role_id, role_name="test")
def remove_user_realm_roles(self, user_id, roles):
self.connect()
roles = [
r
for r in self.get_user_realm_roles(user_id)
if r["name"] in ["admin", "manager", "teacher", "student"]
]
return self.keycloak_admin.delete_user_realm_role(user_id, roles)
def delete_user(self, userid):
self.connect()
return self.keycloak_admin.delete_user(user_id=userid)
def get_user_groups(self, userid):
self.connect()
return self.keycloak_admin.get_user_groups(user_id=userid)
def get_user_realm_roles(self, userid):
self.connect()
return self.keycloak_admin.get_realm_roles_of_user(user_id=userid)
def add_user_client_role(self, client_id, user_id, role_id, role_name):
self.connect()
return self.keycloak_admin.assign_client_role(
client_id=client_id, user_id=user_id, role_id=role_id, role_name="test"
)
## GROUPS
def get_all_groups(self):
## RETURNS ONLY MAIN GROUPS WITH NESTED subGroups list
self.connect()
return self.keycloak_admin.get_groups()
def get_groups(self, with_subgroups=True):
## RETURNS ALL GROUPS in root list
self.connect()
groups = self.keycloak_admin.get_groups()
return get_recursive_groups(groups, [])
def get_group_by_id(self, group_id):
self.connect()
return self.keycloak_admin.get_group(group_id=group_id)
def get_group_by_path(self, path, recursive=True):
self.connect()
return self.keycloak_admin.get_group_by_path(
path=path, search_in_subgroups=recursive
)
def add_group(self, name, parent=None, skip_exists=False):
self.connect()
if parent != None:
parent = self.get_group_by_path(parent)["id"]
return self.keycloak_admin.create_group({"name": name}, parent=parent)
def delete_group(self, group_id):
self.connect()
return self.keycloak_admin.delete_group(group_id=group_id)
def group_user_add(self, user_id, group_id):
self.connect()
return self.keycloak_admin.group_user_add(user_id, group_id)
def add_group_tree(self, path):
paths = kpath2kpaths(path)
parent = "/"
for path in paths:
try:
parent_path = None if parent == "/" else parent
# print("parent: "+str(parent_path)+" path: "+path.split("/")[-1])
self.add_group(path.split("/")[-1], parent_path, skip_exists=True)
parent = path
except:
# print(traceback.format_exc())
log.warning("KEYCLOAK: Group :" + path + " already exists.")
parent = path
def add_user_with_groups_and_role(
self, username, first, last, email, password, role, groups
):
## Add user
uid = self.add_user(username, first, last, email, password)
## Add user to role
log.info("User uid: " + str(uid) + " role: " + str(role))
try:
therole = role[0]
except:
therole = ""
log.info(self.assign_realm_roles(uid, role))
## Create groups in user
for g in groups:
log.warning("Creating keycloak group: " + g)
parts = g.split("/")
parent_path = None
for i in range(1, len(parts)):
# parent_id=None if parent_path==None else self.get_group(parent_path)['id']
try:
self.add_group(parts[i], parent_path, skip_exists=True)
except:
log.warning(
"Group "
+ str(parent_path)
+ " already exists. Skipping creation"
)
pass
if parent_path is None:
thepath = "/" + parts[i]
else:
thepath = parent_path + "/" + parts[i]
if thepath == "/":
log.warning(
"Not adding the user "
+ username
+ " to any group as does not have any..."
)
continue
gid = self.get_group_by_path(path=thepath)["id"]
log.warning(
"Adding "
+ username
+ " with uuid: "
+ uid
+ " to group "
+ g
+ " with uuid: "
+ gid
)
self.keycloak_admin.group_user_add(uid, gid)
if parent_path == None:
parent_path = ""
parent_path = parent_path + "/" + parts[i]
# self.group_user_add(uid,gid)
## ROLES
def get_roles(self):
self.connect()
return self.keycloak_admin.get_realm_roles()
def get_role(self, name):
self.connect()
return self.keycloak_admin.get_realm_role(name)
def add_role(self, name, description=""):
self.connect()
return self.keycloak_admin.create_realm_role(
{"name": name, "description": description}
)
def delete_role(self, name):
self.connect()
return self.keycloak_admin.delete_realm_role(name)
## CLIENTS
def get_client_roles(self, client_id):
self.connect()
return self.keycloak_admin.get_client_roles(client_id=client_id)
def add_client_role(self, client_id, name, description=""):
self.connect()
return self.keycloak_admin.create_client_role(
client_id, {"name": name, "description": description, "clientRole": True}
)
## SYSTEM
def get_server_info(self):
self.connect()
return self.keycloak_admin.get_server_info()
def get_server_clients(self):
self.connect()
return self.keycloak_admin.get_clients()
def get_server_rsa_key(self):
self.connect()
rsa_key = [
k for k in self.keycloak_admin.get_keys()["keys"] if k["type"] == "RSA"
][0]
return {"name": rsa_key["kid"], "certificate": rsa_key["certificate"]}
## REALM
def assign_realm_roles(self, user_id, role):
self.connect()
try:
role = [
r for r in self.keycloak_admin.get_realm_roles() if r["name"] == role
]
except:
return False
return self.keycloak_admin.assign_realm_roles(user_id=user_id, roles=role)
# return self.keycloak_admin.assign_realm_roles(user_id=user_id, client_id=None, roles=role)
## CLIENTS
def delete_client(self, clientid):
self.connect()
return self.keycloak_admin.delete_client(clientid)
def add_client(self, client):
self.connect()
return self.keycloak_admin.create_client(client)

46
dd-sso/admin/src/admin/lib/legal.py Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import os
import traceback
from admin import app
from pprint import pprint
from minio import Minio
from minio.commonconfig import REPLACE, CopySource
from minio.deleteobjects import DeleteObject
from requests import get, post
legal_path= os.path.join(app.root_path, "static/templates/pages/legal/")
def get_legal(lang):
with open(legal_path+lang, "r") as languagefile:
return languagefile.read()
def gen_legal_if_not_exists(lang):
if not os.path.isfile(legal_path+lang):
log.debug("Creating new language file")
with open(legal_path+lang, "w") as languagefile:
languagefile.write("<b>Legal</b><br>This is the default legal page for language " + lang)
def new_legal(lang,html):
with open(legal_path+lang, "w") as languagefile:
languagefile.write(html)

94
dd-sso/admin/src/admin/lib/load_config.py Normal file
View File

@ -0,0 +1,94 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import os
import sys
import traceback
import yaml
from cerberus import Validator, rules_set_registry, schema_registry
from admin import app
class AdminValidator(Validator):
None
# def _normalize_default_setter_genid(self, document):
# return _parse_string(document["name"])
# def _normalize_default_setter_genidlower(self, document):
# return _parse_string(document["name"]).lower()
# def _normalize_default_setter_gengroupid(self, document):
# return _parse_string(
# document["parent_category"] + "-" + document["uid"]
# ).lower()
def load_validators(purge_unknown=True):
validators = {}
schema_path = os.path.join(app.root_path, "schemas")
for schema_filename in os.listdir(schema_path):
try:
with open(os.path.join(schema_path, schema_filename)) as file:
schema_yml = file.read()
schema = yaml.load(schema_yml, Loader=yaml.FullLoader)
validators[schema_filename.split(".")[0]] = AdminValidator(
schema, purge_unknown=purge_unknown
)
except IsADirectoryError:
None
return validators
app.validators = load_validators()
class loadConfig:
def __init__(self, app=None):
try:
app.config.setdefault("DOMAIN", os.environ["DOMAIN"])
app.config.setdefault(
"KEYCLOAK_POSTGRES_USER", os.environ["KEYCLOAK_DB_USER"]
)
app.config.setdefault(
"KEYCLOAK_POSTGRES_PASSWORD", os.environ["KEYCLOAK_DB_PASSWORD"]
)
app.config.setdefault(
"MOODLE_POSTGRES_USER", os.environ["MOODLE_POSTGRES_USER"]
)
app.config.setdefault(
"MOODLE_POSTGRES_PASSWORD", os.environ["MOODLE_POSTGRES_PASSWORD"]
)
app.config.setdefault(
"NEXTCLOUD_POSTGRES_USER", os.environ["NEXTCLOUD_POSTGRES_USER"]
)
app.config.setdefault(
"NEXTCLOUD_POSTGRES_PASSWORD", os.environ["NEXTCLOUD_POSTGRES_PASSWORD"]
)
app.config.setdefault(
"VERIFY", True if os.environ["VERIFY"] == "true" else False
)
app.config.setdefault("API_SECRET", os.environ.get("API_SECRET"))
except Exception as e:
log.error(traceback.format_exc())
raise

285
dd-sso/admin/src/admin/lib/moodle.py Normal file
View File

@ -0,0 +1,285 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import logging as log
import traceback
from pprint import pprint
from requests import get, post
from admin import app
from .exceptions import UserExists, UserNotFound
from .postgres import Postgres
# Module variables to connect to moodle api
class Moodle:
"""https://github.com/mrcinv/moodle_api.py
https://docs.moodle.org/dev/Web_service_API_functions
https://docs.moodle.org/311/en/Using_web_services
"""
def __init__(
self,
key=app.config["MOODLE_WS_TOKEN"],
url="https://moodle." + app.config["DOMAIN"],
endpoint="/webservice/rest/server.php",
verify=app.config["VERIFY"],
):
self.key = key
self.url = url
self.endpoint = endpoint
self.verify = verify
self.moodle_pg = Postgres(
"dd-apps-postgresql",
"moodle",
app.config["MOODLE_POSTGRES_USER"],
app.config["MOODLE_POSTGRES_PASSWORD"],
)
def rest_api_parameters(self, in_args, prefix="", out_dict=None):
"""Transform dictionary/array structure to a flat dictionary, with key names
defining the structure.
Example usage:
>>> rest_api_parameters({'courses':[{'id':1,'name': 'course1'}]})
{'courses[0][id]':1,
'courses[0][name]':'course1'}
"""
if out_dict == None:
out_dict = {}
if not type(in_args) in (list, dict):
out_dict[prefix] = in_args
return out_dict
if prefix == "":
prefix = prefix + "{0}"
else:
prefix = prefix + "[{0}]"
if type(in_args) == list:
for idx, item in enumerate(in_args):
self.rest_api_parameters(item, prefix.format(idx), out_dict)
elif type(in_args) == dict:
for key, item in in_args.items():
self.rest_api_parameters(item, prefix.format(key), out_dict)
return out_dict
def call(self, fname, **kwargs):
"""Calls moodle API function with function name fname and keyword arguments.
Example:
>>> call_mdl_function('core_course_update_courses',
courses = [{'id': 1, 'fullname': 'My favorite course'}])
"""
parameters = self.rest_api_parameters(kwargs)
parameters.update(
{"wstoken": self.key, "moodlewsrestformat": "json", "wsfunction": fname}
)
response = post(self.url + self.endpoint, parameters, verify=self.verify)
response = response.json()
if type(response) == dict and response.get("exception"):
raise SystemError(response)
return response
def create_user(self, email, username, password, first_name="-", last_name="-"):
if len(self.get_user_by("username", username)["users"]):
raise UserExists
try:
data = [
{
"username": username,
"email": email,
"password": password,
"firstname": first_name,
"lastname": last_name,
}
]
user = self.call("core_user_create_users", users=data)
return user # [{'id': 8, 'username': 'asdfw'}]
except SystemError as se:
raise SystemError(se.args[0]["message"])
def update_user(self, username, email, first_name, last_name, enabled=True):
user = self.get_user_by("username", username)["users"][0]
if not len(user):
raise UserNotFound
try:
data = [
{
"id": user["id"],
"username": username,
"email": email,
"firstname": first_name,
"lastname": last_name,
"suspended": 0 if enabled else 1,
}
]
user = self.call("core_user_update_users", users=data)
return user
except SystemError as se:
raise SystemError(se.args[0]["message"])
def delete_user(self, user_id):
user = self.call("core_user_delete_users", userids=[user_id])
return user
def delete_users(self, userids):
user = self.call("core_user_delete_users", userids=userids)
return user
def get_user_by(self, key, value):
criteria = [{"key": key, "value": value}]
try:
user = self.call("core_user_get_users", criteria=criteria)
except:
raise SystemError("Error calling Moodle API\n", traceback.format_exc())
return user
# {'users': [{'id': 8, 'username': 'asdfw', 'firstname': 'afowie', 'lastname': 'aokjdnfwe', 'fullname': 'afowie aokjdnfwe', 'email': 'awfewe@ads.com', 'department': '', 'firstaccess': 0, 'lastaccess': 0, 'auth': 'manual', 'suspended': False, 'confirmed': True, 'lang': 'ca', 'theme': '', 'timezone': '99', 'mailformat': 1, 'profileimageurlsmall': 'https://moodle.mydomain.duckdns.org/theme/image.php/cbe/core/1630941606/u/f2', 'profileimageurl': 'https://DOMAIN/theme/image.php/cbe/core/1630941606/u/f1'}], 'warnings': []}
def get_users_with_groups_and_roles(self):
q = """select u.id as id, username, firstname as first, lastname as last, email, json_agg(h.name) as groups, json_agg(r.shortname) as roles
from mdl_user as u
LEFT JOIN mdl_cohort_members AS hm on hm.userid = u.id
left join mdl_cohort AS h ON h.id = hm.cohortid
left join mdl_role_assignments AS ra ON ra.id = u.id
left join mdl_role as r on r.id = ra.roleid
where u.deleted = 0
group by u.id , username, first, last, email"""
(headers, users) = self.moodle_pg.select_with_headers(q)
users_with_lists = [
list(l[:-2])
+ ([[]] if l[-2] == [None] else [list(set(l[-2]))])
+ ([[]] if l[-1] == [None] else [list(set(l[-1]))])
for l in users
]
list_dict_users = [dict(zip(headers, r)) for r in users_with_lists]
return list_dict_users
## NOT USED. Too slow
# def get_users_with_groups_and_roles(self):
# users=self.get_user_by('email','%%')['users']
# for user in users:
# user['groups']=[c['name'] for c in self.get_user_cohorts(user['id'])]
# user['roles']=[]
# return users
def enroll_user_to_course(self, user_id, course_id, role_id=5):
# 5 is student
data = [{"roleid": role_id, "userid": user_id, "courseid": course_id}]
enrolment = self.call("enrol_manual_enrol_users", enrolments=data)
return enrolment
def get_quiz_attempt(self, quiz_id, user_id):
attempts = self.call(
"mod_quiz_get_user_attempts", quizid=quiz_id, userid=user_id
)
return attempts
def get_cohorts(self):
cohorts = self.call("core_cohort_get_cohorts")
return cohorts
def add_system_cohort(self, name, description="", visible=True):
visible = 1 if visible else 0
data = [
{
"categorytype": {"type": "system", "value": ""},
"name": name,
"idnumber": name,
"description": description,
"visible": visible,
}
]
cohort = self.call("core_cohort_create_cohorts", cohorts=data)
return cohort
# def add_users_to_cohort(self,users,cohort):
# criteria = [{'key': key, 'value': value}]
# user = self.call('core_cohort_add_cohort_members', criteria=criteria)
# return user
def add_user_to_cohort(self, userid, cohortid):
members = [
{
"cohorttype": {"type": "id", "value": cohortid},
"usertype": {"type": "id", "value": userid},
}
]
user = self.call("core_cohort_add_cohort_members", members=members)
return user
def delete_user_in_cohort(self, userid, cohortid):
members = [{"cohortid": cohortid, "userid": userid}]
user = self.call("core_cohort_delete_cohort_members", members=members)
return user
def get_cohort_members(self, cohort_ids):
members = self.call("core_cohort_get_cohort_members", cohortids=cohort_ids)
# [0]['userids']
return members
def delete_cohorts(self, cohortids):
deleted = self.call("core_cohort_delete_cohorts", cohortids=cohortids)
return deleted
def get_user_cohorts(self, user_id):
user_cohorts = []
cohorts = self.get_cohorts()
for cohort in cohorts:
if user_id in self.get_cohort_members(cohort["id"]):
user_cohorts.append(cohort)
return user_cohorts
def add_user_to_siteadmin(self, user_id):
q = """SELECT value FROM mdl_config WHERE name='siteadmins'"""
value = self.moodle_pg.select(q)[0][0]
if str(user_id) not in value:
value = value + "," + str(user_id)
q = """UPDATE mdl_config SET value = '%s' WHERE name='siteadmins'""" % (
value
)
self.moodle_pg.update(q)
log.warning(
"MOODLE:ADDING THE USER TO ADMINS: This needs a purge cache in moodle!"
)
# def add_role_to_user(self, user_id, role='admin', context='missing'):
# if role=='admin':
# role_id=1
# else:
# return False
# assignments = [{'roleid': role_id, 'userid': user_id, 'contextid': 0}]
# self.call('core_role_assign_roles', assignments=assignments)
# userid=user_id, role_id=role_id)
# 'contextlevel': 1,
# define('CONTEXT_SYSTEM', 10);
# define('CONTEXT_USER', 30);
# define('CONTEXT_COURSECAT', 40);
# define('CONTEXT_COURSE', 50);
# define('CONTEXT_MODULE', 70);
# define('CONTEXT_BLOCK', 80);
# 'contextlevel': , 'instanceid'
# $assignment = array( 'roleid' => $role_id, 'userid' => $user_id, 'contextid' => $context_id );
# $assignments = array( $assignment );
# $params = array( 'assignments' => $assignments );
# $response = call_moodle( 'core_role_assign_roles', $params, $token );

50
dd-sso/admin/src/admin/lib/mysql.py Normal file
View File

@ -0,0 +1,50 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
import logging as log
import time
import traceback
from datetime import datetime, timedelta
import mysql.connector
import yaml
# from admin import app
class Mysql:
def __init__(self, host, database, user, password):
self.conn = mysql.connector.connect(
host=host, database=database, user=user, password=password
)
def select(self, sql):
self.cur = self.conn.cursor()
self.cur.execute(sql)
data = self.cur.fetchall()
self.cur.close()
return data
def update(self, sql):
self.cur = self.conn.cursor()
self.cur.execute(sql)
self.conn.commit()
self.cur.close()

583
dd-sso/admin/src/admin/lib/nextcloud.py Normal file
View File

@ -0,0 +1,583 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
import logging as log
import os
import pprint
import time
import traceback
import urllib
import requests
from psycopg2 import sql
# from ..lib.log import *
from admin import app
from .nextcloud_exc import *
from .postgres import Postgres
class Nextcloud:
def __init__(
self,
url="https://nextcloud." + app.config["DOMAIN"],
username=os.environ["NEXTCLOUD_ADMIN_USER"],
password=os.environ["NEXTCLOUD_ADMIN_PASSWORD"],
verify=True,
):
self.verify_cert = verify
self.apiurl = url + "/ocs/v1.php/cloud/"
self.shareurl = url + "/ocs/v2.php/apps/files_sharing/api/v1/"
self.davurl = url + "/remote.php/dav/files/"
self.auth = (username, password)
self.user = username
self.nextcloud_pg = Postgres(
"dd-apps-postgresql",
"nextcloud",
app.config["NEXTCLOUD_POSTGRES_USER"],
app.config["NEXTCLOUD_POSTGRES_PASSWORD"],
)
def _request(
self, method, url, data={}, headers={"OCS-APIRequest": "true"}, auth=False
):
if auth == False:
auth = self.auth
try:
response = requests.request(
method,
url,
data=data,
auth=auth,
verify=self.verify_cert,
headers=headers,
)
if "meta" in response.text:
if "<statuscode>997</statuscode>" in response.text:
raise ProviderUnauthorized
# if '<statuscode>998</statuscode>' in response.text: raise ProviderInvalidQuery
return response.text
## At least the ProviderSslError is not being catched or not raised correctly
except requests.exceptions.HTTPError as errh:
raise ProviderConnError
except requests.exceptions.Timeout as errt:
raise ProviderConnTimeout
except requests.exceptions.SSLError as err:
raise ProviderSslError
except requests.exceptions.ConnectionError as errc:
raise ProviderConnError
# except requests.exceptions.RequestException as err:
# raise ProviderError
except Exception as e:
if str(e) == "an integer is required (got type bytes)":
raise ProviderConnError
raise ProviderError
def check_connection(self):
url = self.apiurl + "users/" + self.user + "?format=json"
try:
result = self._request("GET", url)
if json.loads(result)["ocs"]["meta"]["statuscode"] == 100:
return True
raise ProviderError
except requests.exceptions.HTTPError as errh:
raise ProviderConnError
except requests.exceptions.ConnectionError as errc:
raise ProviderConnError
except requests.exceptions.Timeout as errt:
raise ProviderConnTimeout
except requests.exceptions.SSLError as err:
raise ProviderSslError
except requests.exceptions.RequestException as err:
raise ProviderError
except Exception as e:
if str(e) == "an integer is required (got type bytes)":
raise ProviderConnError
raise ProviderError
def get_user(self, userid):
url = self.apiurl + "users/" + userid + "?format=json"
try:
result = json.loads(self._request("GET", url))
if result["ocs"]["meta"]["statuscode"] == 100:
return result["ocs"]["data"]
raise ProviderItemNotExists
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# q = """select u.uid as username, adn.value as displayname, ade.value as email, json_agg(gg.displayname) as admin_groups,json_agg(g.displayname) as groups
# from oc_users as u
# left join oc_group_user as gu on gu.uid = u.uid
# left join oc_groups as g on gu.gid = g.gid
# left join oc_group_admin as ga on ga.uid = u.uid
# left join oc_groups as gg on gg.gid = ga.gid
# left join oc_accounts_data as adn on adn.uid = u.uid and adn.name = 'displayname'
# left join oc_accounts_data as ade on ade.uid = u.uid and ade.name = 'email'
# group by u.uid, adn.value, ade.value"""
# cur.execute(q)
# users = cur.fetchall()
# fields = [a.name for a in cur.description]
# cur.close()
# conn.close()
# users_with_lists = [list(l[:-2])+([[]] if l[-2] == [None] else [list(set(l[-2]))]) + ([[]] if l[-1] == [None] else [list(set(l[-1]))]) for l in users]
# users_with_lists = [list(l[:-2])+([[]] if l[-2] == [None] else [list(set(l[-2]))]) + ([[]] if l[-1] == [None] else [list(set(l[-1]))]) for l in users_with_lists]
# list_dict_users = [dict(zip(fields, r)) for r in users_with_lists]
def get_users_list(self):
# q = """select u.uid as username, adn.value as displayname, ade.value as email, json_agg(gg.displayname) as admin_groups,json_agg(g.displayname) as groups
# from oc_users as u
# left join oc_group_user as gu on gu.uid = u.uid
# left join oc_groups as g on gu.gid = g.gid
# left join oc_group_admin as ga on ga.uid = u.uid
# left join oc_groups as gg on gg.gid = ga.gid
# left join oc_accounts_data as adn on adn.uid = u.uid and adn.name = 'displayname'
# left join oc_accounts_data as ade on ade.uid = u.uid and ade.name = 'email'
# group by u.uid, adn.value, ade.value"""
# With quotas
q = """select u.uid as username, configvalue as quota, sum(size) as total_bytes, adn.value as displayname, ade.value as email, json_agg(gg.displayname) as admin_groups,json_agg(g.displayname) as groups
from oc_accounts as u
left join oc_group_user as gu on gu.uid = u.uid
left join oc_groups as g on gu.gid = g.gid
left join oc_group_admin as ga on ga.uid = u.uid
left join oc_groups as gg on gg.gid = ga.gid
left join oc_accounts_data as adn on adn.uid = u.uid and adn.name = 'displayname'
left join oc_accounts_data as ade on ade.uid = u.uid and ade.name = 'email'
left join oc_preferences as pref on u.uid=pref.userid and appid='files' and configkey='quota'
left join oc_storages as s on s.id=CONCAT('home::',u.uid)
left join oc_filecache as fc on fc.storage = numeric_id
group by u.uid, adn.value, ade.value, pref.configvalue"""
(headers, users) = self.nextcloud_pg.select_with_headers(q)
users_with_lists = [
list(l[:-2])
+ ([[]] if l[-2] == [None] else [list(set(l[-2]))])
+ ([[]] if l[-1] == [None] else [list(set(l[-1]))])
for l in users
]
users_with_lists = [
list(l[:-2])
+ ([[]] if l[-2] == [None] else [list(set(l[-2]))])
+ ([[]] if l[-1] == [None] else [list(set(l[-1]))])
for l in users_with_lists
]
list_dict_users = [dict(zip(headers, r)) for r in users_with_lists]
return list_dict_users
### Too slow...
# def get_users_list(self):
# url = self.apiurl + "users?format=json"
# try:
# result = json.loads(self._request('GET',url))
# if result['ocs']['meta']['statuscode'] == 100: return result['ocs']['data']['users']
# log.error('Get Nextcloud provider users list error: '+str(result))
# raise ProviderOpError
# except:
# log.error(traceback.format_exc())
# raise
def add_user(
self, userid, userpassword, quota=False, group=False, email="", displayname=""
):
data = {
"userid": userid,
"password": userpassword,
"quota": quota,
"groups[]": group,
"email": email,
"displayname": displayname,
}
if not group:
del data["groups[]"]
if not quota:
del data["quota"]
# if group:
# data={'userid':userid,'password':userpassword,'quota':quota,'groups[]':group,'email':email,'displayname':displayname}
# else:
# data={'userid':userid,'password':userpassword,'quota':quota,'email':email,'displayname':displayname}
url = self.apiurl + "users?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(self._request("POST", url, data=data, headers=headers))
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
if result["ocs"]["meta"]["statuscode"] == 104:
self.add_group(group)
# raise ProviderGroupNotExists
log.error("Get Nextcloud provider user add error: " + str(result))
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# 101 - invalid input data
# 102 - username already exists
# 103 - unknown error occurred whilst adding the user
# 104 - group does not exist
# 105 - insufficient privileges for group
# 106 - no group specified (required for subadmins)
# 107 - all errors that contain a hint - for example “Password is among the 1,000,000 most common ones. Please make it unique.” (this code was added in 12.0.6 & 13.0.1)
def update_user(self, userid, key_values):
# key_values={'quota':quota,'email':email,'displayname':displayname}
url = self.apiurl + "users/" + userid + "?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
for k, v in key_values.items():
data = {"key": k, "value": v}
try:
result = json.loads(
self._request("PUT", url, data=data, headers=headers)
)
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
if result["ocs"]["meta"]["statuscode"] == 104:
raise ProviderGroupNotExists
log.error("Get Nextcloud provider user add error: " + str(result))
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def add_user_to_group(self, userid, group_id):
data = {"groupid": group_id}
url = self.apiurl + "users/" + userid + "/groups?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(self._request("POST", url, data=data, headers=headers))
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
if result["ocs"]["meta"]["statuscode"] == 104:
raise ProviderGroupNotExists
log.error("Get Nextcloud provider user add error: " + str(result))
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def remove_user_from_group(self, userid, group_id):
data = {"groupid": group_id}
url = self.apiurl + "users/" + userid + "/groups?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(
self._request("DELETE", url, data=data, headers=headers)
)
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
if result["ocs"]["meta"]["statuscode"] == 104:
self.add_group(group)
# raise ProviderGroupNotExists
log.error("Get Nextcloud provider user add error: " + str(result))
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def add_user_with_groups(
self, userid, userpassword, quota=False, groups=[], email="", displayname=""
):
data = {
"userid": userid,
"password": userpassword,
"quota": quota,
"groups[]": groups,
"email": email,
"displayname": displayname,
}
# if not group: del data['groups[]']
if not quota:
del data["quota"]
# if group:
# data={'userid':userid,'password':userpassword,'quota':quota,'groups[]':group,'email':email,'displayname':displayname}
# else:
# data={'userid':userid,'password':userpassword,'quota':quota,'email':email,'displayname':displayname}
url = self.apiurl + "users?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(self._request("POST", url, data=data, headers=headers))
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
if result["ocs"]["meta"]["statuscode"] == 104:
# self.add_group(group)
None
# raise ProviderGroupNotExists
log.error("Get Nextcloud provider user add error: " + str(result))
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# 101 - invalid input data
# 102 - username already exists
# 103 - unknown error occurred whilst adding the user
# 104 - group does not exist
# 105 - insufficient privileges for group
# 106 - no group specified (required for subadmins)
# 107 - all errors that contain a hint - for example “Password is among the 1,000,000 most common ones. Please make it unique.” (this code was added in 12.0.6 & 13.0.1)
def delete_user(self, userid):
url = self.apiurl + "users/" + userid + "?format=json"
try:
result = json.loads(self._request("DELETE", url))
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 101:
raise ProviderUserNotExists
# log.error(traceback.format_exc())
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# 101 - failure
def enable_user(self, userid):
None
def disable_user(self, userid):
None
def exists_user_folder(self, userid, userpassword, folder="IsardVDI"):
auth = (userid, userpassword)
url = self.davurl + userid + "/" + folder + "?format=json"
headers = {
"Depth": "0",
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = self._request("PROPFIND", url, auth=auth, headers=headers)
if "<d:status>HTTP/1.1 200 OK</d:status>" in result:
return True
return False
except:
# log.error(traceback.format_exc())
raise
def add_user_folder(self, userid, userpassword, folder="IsardVDI"):
auth = (userid, userpassword)
url = self.davurl + userid + "/" + folder + "?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = self._request("MKCOL", url, auth=auth, headers=headers)
if result == "":
return True
if (
"<s:message>The resource you tried to create already exists</s:message>"
in result
):
raise ProviderItemExists
log.error(result.split("message>")[1].split("<")[0])
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def exists_user_share_folder(self, userid, userpassword, folder="IsardVDI"):
auth = (userid, userpassword)
url = self.shareurl + "shares?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(self._request("GET", url, auth=auth, headers=headers))
if result["ocs"]["meta"]["statuscode"] == 200:
share = [s for s in result["ocs"]["data"] if s["path"] == "/" + folder]
if len(share) >= 1:
# Should we delete all but the first (0) one?
return {"token": share[0]["token"], "url": share[0]["url"]}
raise ProviderItemNotExists
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def add_user_share_folder(self, userid, userpassword, folder="IsardVDI"):
auth = (userid, userpassword)
data = {"path": "/" + folder, "shareType": 3}
url = self.shareurl + "shares?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(
self._request("POST", url, data=data, auth=auth, headers=headers)
)
if (
result["ocs"]["meta"]["statuscode"] == 100
or result["ocs"]["meta"]["statuscode"] == 200
):
return {
"token": result["ocs"]["data"]["token"],
"url": result["ocs"]["data"]["url"],
}
log.error(
"Add user share folder error: " + result["ocs"]["meta"]["message"]
)
raise ProviderFolderNotExists
except:
# log.error(traceback.format_exc())
raise
def get_group(self, userid):
None
def get_groups_list(self):
url = self.apiurl + "groups?format=json"
try:
result = json.loads(self._request("GET", url))
if result["ocs"]["meta"]["statuscode"] == 100:
return [g for g in result["ocs"]["data"]["groups"]]
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
def add_group(self, groupid):
data = {"groupid": groupid}
url = self.apiurl + "groups?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(
self._request("POST", url, data=data, auth=self.auth, headers=headers)
)
if result["ocs"]["meta"]["statuscode"] == 100:
return True
if result["ocs"]["meta"]["statuscode"] == 102:
raise ProviderItemExists
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# 101 - invalid input data
# 102 - group already exists
# 103 - failed to add the group
def delete_group(self, groupid):
group = urllib.parse.quote(groupid, safe="")
url = self.apiurl + "groups/" + group + "?format=json"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"OCS-APIRequest": "true",
}
try:
result = json.loads(
self._request("DELETE", url, auth=self.auth, headers=headers)
)
if result["ocs"]["meta"]["statuscode"] == 100:
return True
# log.error(traceback.format_exc())
raise ProviderOpError
except:
# log.error(traceback.format_exc())
raise
# 100 - successful
# 101 - invalid input data
# 102 - group already exists
# 103 - failed to add the group
def set_user_mail(self, data):
query = """SELECT * FROM "oc_mail_accounts" WHERE "email" = '%s'"""
sql_query = sql.SQL(query.format(data["email"]))
if not len(self.nextcloud_pg.select(sql_query)):
query = """INSERT INTO "oc_mail_accounts" ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") VALUES
('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s');"""
account = [
data["user_id"],
data["name"],
data["email"],
data["inbound_host"],
data["inbound_port"],
data["inbound_ssl_mode"],
data["inbound_user"],
data["inbound_password"],
data["outbound_host"],
data["outbound_port"],
data["outbound_ssl_mode"],
data["outbound_user"],
data["outbound_password"],
]
else:
query = """UPDATE "oc_mail_accounts" SET ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") =
('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') WHERE email = '%s';"""
account = [
data["user_id"],
data["name"],
data["email"],
data["inbound_host"],
data["inbound_port"],
data["inbound_ssl_mode"],
data["inbound_user"],
data["inbound_password"],
data["outbound_host"],
data["outbound_port"],
data["outbound_ssl_mode"],
data["outbound_user"],
data["outbound_password"],
data["email"],
]
sql_query = sql.SQL(query.format(",".join([str(acc) for acc in account])))
self.nextcloud_pg.update(sql_query)

58
dd-sso/admin/src/admin/lib/nextcloud_exc.py Normal file
View File

@ -0,0 +1,58 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
class ProviderUnauthorized(Exception):
pass
class ProviderConnError(Exception):
pass
class ProviderSslError(Exception):
pass
class ProviderConnTimeout(Exception):
pass
class ProviderError(Exception):
pass
class ProviderItemExists(Exception):
pass
class ProviderItemNotExists(Exception):
pass
class ProviderGroupNotExists(Exception):
pass
class ProviderFolderNotExists(Exception):
pass
class ProviderOpError(Exception):
pass

71
dd-sso/admin/src/admin/lib/postgres.py Normal file
View File

@ -0,0 +1,71 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
import logging as log
import time
import traceback
from datetime import datetime, timedelta
import psycopg2
import yaml
# from admin import app
class Postgres:
def __init__(self, host, database, user, password):
self.conn = psycopg2.connect(
host=host, database=database, user=user, password=password
)
# def __del__(self):
# self.cur.close()
# self.conn.close()
def select(self, sql):
self.cur = self.conn.cursor()
self.cur.execute(sql)
data = self.cur.fetchall()
self.cur.close()
return data
def update(self, sql):
self.cur = self.conn.cursor()
self.cur.execute(sql)
self.conn.commit()
self.cur.close()
# return self.cur.fetchall()
def select_with_headers(self, sql):
self.cur = self.conn.cursor()
self.cur.execute(sql)
data = self.cur.fetchall()
fields = [a.name for a in self.cur.description]
self.cur.close()
return (fields, data)
# def update_moodle_saml_plugin(self):
# plugin[('idpmetadata', '<md:EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Name="urn:keycloak"><md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.'+app.config['DOMAIN']+'/auth/realms/master"><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:KeyName>NrtA5ynG0htowP3SXw7dBJRIAMxn-1PwuuXwOwNhlRw</ds:KeyName><ds:X509Data><ds:X509Certificate>MIICmzCCAYMCBgF5jb0RCTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwNTIxMDcwMjI4WhcNMzEwNTIxMDcwNDA4WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCI8xh/C0+frz3kgWiUbziTDls71R2YiXLSVE+bw7gbEgZUGCLhoEI679azMtIxmnzM/snIX+yTb12+XoYkgbiLTMPQfnH+Kiab6g3HL3KPfhqS+yWkFxOoCp6Ibmp7yPlVWuHH+MBfO8OBr/r8Ao7heFbuzjiLd1KG67rcoaxfDgMuBoEomg1bgEjFgHaQIrSC6OZzH0h987/arqufZXeXlfyiqScMPUi+u5IpDWSwz06UKP0k8mxzNSlpZ93CKOUSsV0SMLxqg7FQ3SGiOk577bGW9o9BDTkkmSo3Up6smc0LzwvvUwuNd0B1irGkWZFQN9OXJnJYf1InEebIMtmPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADM34+qEGeBQ22luphVTuVJtGxcbxLx7DfsT0QfJD/OuxTTbNAa1VRyarb5juIAkqdj4y2quZna9ZXLecVo4RkwpzPoKoAkYA8b+kHnWqEwJi9iPrDvKb+GR0bBkLPN49YxIZ8IdKX/PRa3yuLHe+loiNsCaS/2ZK2KO46COsqU4QX1iVhF9kWphNLybjNAX45B6cJLsa1g0vXLdm3kv3SB4I2fErFVaOoDtFIjttoYlXdpUiThkPXBfr7N67P3dZHaS4tjJh+IZ8I6TINpcsH8dBkUhzYEIPHCePwSiC1w6WDBLNDuKt1mj1CZrLq+1x+Yhrs+QNRheEKGi89HZ8N0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml/resolve" index="0"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sso.mydomain.duckdns.org/auth/realms/master/protocol/saml"/></md:IDPSSODescriptor></md:EntityDescriptor></md:EntitiesDescriptor>')]
# pg_update = """UPDATE mdl_config_plugins set title = %s where plugin = auth_saml2 and name ="""
# cursor.execute(pg_update, (title, bookid))
# connection.commit()
# count = cursor.rowcount
# print(count, "Successfully Updated!")

228
dd-sso/admin/src/admin/lib/postup.py Normal file
View File

@ -0,0 +1,228 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
import logging as log
import os
import random
# from .keycloak import Keycloak
# from .moodle import Moodle
import string
import time
import traceback
from datetime import datetime, timedelta
import psycopg2
import yaml
from admin import app
from .postgres import Postgres
class Postup:
def __init__(self):
ready = False
while not ready:
try:
self.pg = Postgres(
"dd-apps-postgresql",
"moodle",
app.config["MOODLE_POSTGRES_USER"],
app.config["MOODLE_POSTGRES_PASSWORD"],
)
ready = True
except:
log.warning("Could not connect to moodle database. Retrying...")
time.sleep(2)
log.info("Connected to moodle database.")
ready = False
while not ready:
try:
with open(
os.path.join(
app.root_path,
"../moodledata/saml2/moodle." + app.config["DOMAIN"] + ".crt",
),
"r",
) as crt:
app.config.setdefault("SP_CRT", crt.read())
ready = True
except IOError:
log.warning("Could not get moodle SAML2 crt certificate. Retrying...")
time.sleep(2)
except:
log.error(traceback.format_exc())
log.info("Got moodle srt certificate.")
ready = False
while not ready:
try:
with open(
os.path.join(
app.root_path,
"../moodledata/saml2/moodle." + app.config["DOMAIN"] + ".pem",
),
"r",
) as pem:
app.config.setdefault("SP_PEM", pem.read())
ready = True
except IOError:
log.warning("Could not get moodle SAML2 pem certificate. Retrying...")
time.sleep(2)
log.info("Got moodle pem certificate.")
self.select_and_configure_theme()
self.configure_tipnc()
self.add_moodle_ws_token()
def select_and_configure_theme(self, theme="cbe"):
try:
self.pg.update(
"""UPDATE "mdl_config" SET value = '%s' WHERE "name" = 'theme';"""
% (theme)
)
except:
log.error(traceback.format_exc())
exit(1)
None
try:
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '%s' WHERE "plugin" = 'theme_cbe' AND "name" = 'host';"""
% (os.environ["DOMAIN"])
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '%s' WHERE "plugin" = 'theme_cbe' AND "name" = 'logourl';"""
% ("https://api." + os.environ["DOMAIN"] + "/img/logo.png")
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '1' WHERE "plugin" = 'theme_cbe' AND "name" = 'header_api';"""
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '1' WHERE "plugin" = 'theme_cbe' AND "name" = 'vclasses_direct';"""
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '1' WHERE "plugin" = 'theme_cbe' AND "name" = 'uniquenamecourse';"""
)
except:
log.error(traceback.format_exc())
exit(1)
None
def configure_tipnc(self):
try:
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '%s' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'host';"""
% ("https://nextcloud." + os.environ["DOMAIN"] + "/")
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '%s' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'password';"""
% (os.environ["NEXTCLOUD_ADMIN_PASSWORD"])
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = 'template.docx' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'template';"""
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '/apps/onlyoffice/' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'location';"""
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = '%s' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'user';"""
% (os.environ["NEXTCLOUD_ADMIN_USER"])
)
self.pg.update(
"""UPDATE "mdl_config_plugins" SET value = 'tasks' WHERE "plugin" = 'assignsubmission_tipnc' AND "name" = 'folder';"""
)
except:
log.error(traceback.format_exc())
exit(1)
None
def add_moodle_ws_token(self):
try:
token = self.pg.select(
"""SELECT * FROM "mdl_external_tokens" WHERE "externalserviceid" = 3"""
)[0][1]
app.config.setdefault("MOODLE_WS_TOKEN", token)
return
except:
# log.error(traceback.format_exc())
None
try:
self.pg.update(
"""INSERT INTO "mdl_external_services" ("name", "enabled", "requiredcapability", "restrictedusers", "component", "timecreated", "timemodified", "shortname", "downloadfiles", "uploadfiles") VALUES
('dd admin', 1, '', 1, NULL, 1621719763, 1621719850, 'dd_admin', 0, 0);"""
)
self.pg.update(
"""INSERT INTO "mdl_external_services_functions" ("externalserviceid", "functionname") VALUES
(3, 'core_course_update_courses'),
(3, 'core_user_get_users'),
(3, 'core_user_get_users_by_field'),
(3, 'core_user_update_picture'),
(3, 'core_user_update_users'),
(3, 'core_user_delete_users'),
(3, 'core_user_create_users'),
(3, 'core_cohort_get_cohort_members'),
(3, 'core_cohort_add_cohort_members'),
(3, 'core_cohort_delete_cohort_members'),
(3, 'core_cohort_create_cohorts'),
(3, 'core_cohort_delete_cohorts'),
(3, 'core_cohort_search_cohorts'),
(3, 'core_cohort_update_cohorts'),
(3, 'core_role_assign_roles'),
(3, 'core_cohort_get_cohorts');"""
)
self.pg.update(
"""INSERT INTO "mdl_external_services_users" ("externalserviceid", "userid", "iprestriction", "validuntil", "timecreated") VALUES
(3, 2, NULL, NULL, 1621719871);"""
)
b32 = "".join(
random.choices(
string.ascii_uppercase
+ string.ascii_uppercase
+ string.ascii_lowercase,
k=32,
)
)
b64 = "".join(
random.choices(
string.ascii_uppercase
+ string.ascii_uppercase
+ string.ascii_lowercase,
k=64,
)
)
self.pg.update(
"""INSERT INTO "mdl_external_tokens" ("token", "privatetoken", "tokentype", "userid", "externalserviceid", "sid", "contextid", "creatorid", "iprestriction", "validuntil", "timecreated", "lastaccess") VALUES
('%s', '%s', 0, 2, 3, NULL, 1, 2, NULL, 0, 1621831206, NULL);"""
% (b32, b64)
)
app.config.setdefault("MOODLE_WS_TOKEN", b32)
except:
log.error(traceback.format_exc())
exit(1)
None

6
dd-sso/admin/src/admin/package.json Normal file
View File

@ -0,0 +1,6 @@
{
"dependencies": {
"gentelella": "^1.4.0",
"socket.io": "^4.1.3"
}
}

30
dd-sso/admin/src/admin/schemas/group.yml Normal file
View File

@ -0,0 +1,30 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
name:
required: true
type: string
description:
required: false
type: string
default: "Api created"
parent:
required: false
type: string
default: ""

Some files were not shown because too many files have changed in this diff Show More