By having the environment explicit on each service, we both document
the settings and have more control over what each service is allowed
to see.
This avoids weird things like nginx having access to postgresql's
credentials on its environment.
As a bonus: we are able to use one single environment file, which is
basically dd.conf with some values that are dynamically-calculated and
added from dd-ctl.
This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.
For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
node_modules needs proper permissions on image build and the Nextcloud
queue on run-time.
We also realised the user must be www-data for compatibility with the NC
image.
With this commit, code from the admin module can be re-used and thanks
to adding type-hints in most places we are able to discover some bugs.
This commit attempts to fix only that which was necessary to:
- Add a reasonable amount of type hints
- Disentangle the module
There are already some issues that have been discovered by mypy.
Evilham