Commit Graph

53 Commits (e5d2a20d3784934fd69e31479ea9fffe376d824f)

Author SHA1 Message Date
Evilham a27f44262b
[NC] Rework image to self-configure as opposed to using dd-ctl
By managing volumes in a better fashion and using code that is closer
to being idempotent, while being declarative, we achieve an image that
is closer to the original one, but gets the plugins that we want and
the configuration that we want for integration with DD.

Closes #9. This image now allows for BBB_HOST and BBB_API_SECRET as
variables in dd.conf, which also configure the corresponding plugin on
Nextcloud.

This is a necessary update-step towards NC25, and temporarily disables
the forms plugin.
2023-03-14 09:30:59 +01:00
elena 0888c2ba05 changes suggested 2023-02-27 10:53:11 +00:00
elena 92c5828b33 admin avatar added 2023-02-27 10:53:11 +00:00
Evilham e15a3b760c
[dd.conf] Cleanup some variables
While at it, also ensure that API_SECRET gets rotated when running
./dd-ctl securize
2023-01-20 11:40:03 +01:00
Evilham a72001dea5
[docker] Cleanup environment files
By having the environment explicit on each service, we both document
the settings and have more control over what each service is allowed
to see.

This avoids weird things like nginx having access to postgresql's
credentials on its environment.

As a bonus: we are able to use one single environment file, which is
basically dd.conf with some values that are dynamically-calculated and
added from dd-ctl.
2023-01-20 11:40:03 +01:00
Evilham ea995c0336
[dd-ctl] Force DD_DEFAULT_BUILD length to 8 hex digits
This is used to tag Docker images in the registry / pull images form
the registry, it has been observed in the wiled that:

    git rev-parse --short

can have different default values for its length depending on the
system.

We currently specify the length to be 8 as specified here:
https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
2023-01-03 10:18:54 +01:00
Evilham c7d172f916
[dd-ctl] Improve image pulling before building
Using this differently may have been triggering DockerHub rates
2022-12-24 16:14:13 +01:00
Evilham ac789f8d6c
[dd-ctl] Move NC forms towards the end
This may be causing issues when the plugin requires occ upgrade

Alternatively, installing plugins may require it.

While there, also remove one of the nextcloud_scan calls and delay it
along with logo customisation until after a potential ./occ upgrade
has taken place.
2022-12-24 16:13:29 +01:00
Evilham cdfa4c5724
[api] Give operators the ability to easily add custom CSS
This enables various use-cases like custom icons and other personalisations.
2022-12-10 11:53:28 +01:00
Evilham 08ed2bb1bb
[moodle] Configure cookies to be HttpOnly
This is done with the cookiehttponly config set to 1.
2022-12-02 10:32:54 +01:00
Evilham c0c5ee79fc
[dd-ctl] Unify for loops for apps that have to be disabled 2022-11-24 21:55:46 +01:00
Evilham c38bf4caba
[dd-ctl] Remove leftover setup of dd-waf env
This is not needed since waf-modsecurity lives in dd-sso now.
2022-11-24 21:55:35 +01:00
Roger Garcia 8110da578b
Added disabled option in ClamAV 2022-11-24 21:55:29 +01:00
Roger Garcia 4de82fc041
Conditionally enable/disable ClamAV 2022-11-24 21:54:17 +01:00
Roger Garcia 07913ff7f8
Added clamav configuration in nextcloud 2022-11-24 16:35:09 +01:00
Roger Garcia fcfd5265a1
Added clamav image and configuration 2022-11-24 16:35:09 +01:00
Evilham 09fec74915
[WAF] Consolidate proxies and documentation
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.

- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled

This simplifies maintenance, as well as the overall architecture and operation.

While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero e6325c9618
enable and disable modsecurity env_var 2022-11-24 10:01:37 +01:00
Manuel Caballero 8050fb4fe4
fix shellcheck docker-compose command 2022-11-24 10:01:37 +01:00
Manuel Caballero 392f8e0ee9
Volume to modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero c19872dadb
update README.md 2022-11-24 10:01:37 +01:00
Manuel Caballero d3c78c5bb0
config vhost and dd rules modsecurity on volumen 2022-11-24 10:01:37 +01:00
Manuel Caballero 5f1d0acf27
update documentation 2022-11-24 10:01:37 +01:00
Manuel Caballero 26728a3c72
configure deploy modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero 2395789c9d
update readme 2022-11-24 10:01:36 +01:00
Manuel Caballero fcff698f6f
exclude rules 2022-11-24 10:01:36 +01:00
Manuel Caballero e2815d8151
update path and fix write error 2022-11-24 10:01:36 +01:00
Manuel Caballero b10178f0f7
Initial config modsecurity 2022-11-24 10:01:35 +01:00
Evilham 596bc4ef5d
[dd-ctl] Actually pull images, else we might not use them
This performs a pull on docker-compose build as well
2022-11-23 20:51:27 +01:00
Evilham 75e314ff7e
[NC] Remove jQuery dependency for theme's navbar.js
It wasn't really necessary and could lead to the whole megamenu not
being loaded under certain circumstances.
2022-11-13 10:03:47 +01:00
Evilham f355b160a1
Revert "DD- facilita la instalacion desde el dd-ctl"
This reverts commit bd27ef4b6a.

Which is generating various installation issues.
2022-11-13 10:02:24 +01:00
elena bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl 2022-10-30 20:09:09 +01:00
Evilham 651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham d2fb24379a
[nextcloud] Disable circles app
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena 089876ff28 moodle new atto plugin 2022-10-18 08:37:26 +00:00
elena 226d0f7861 new moodle plugins to install 2022-10-18 08:37:26 +00:00
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
Evilham 3ae974432a
[registry] Add dd-sso-admin as an image
This would be the first image that is already distributed directly
from the registry to improve setup and maintenance.
2022-09-22 12:48:13 +02:00
Evilham 3c53a5aead
[wp] Fix multisite installation
While there we also simplify DD by removing an the unnecessary wp-cli
container.
2022-09-22 12:40:31 +02:00
Evilham 7d7c2ddfcf
[containers] Add healthcheck for SSO redirections
This will help us catch issues in e.g. moodle, nextcloud and wp.
2022-09-22 11:52:15 +02:00
Evilham 397655232f
[dd-ctl] Moodle plugins install: reduce verbosity
This was polluting the logs making debugging difficult.
2022-09-06 19:37:29 +02:00
Evilham 66e009abff
[dd-ctl] Fix installation
By toying with the new CI we discover that:
Commit 075529f472 gets into an endless
loop:
    WARNING:root:Could not get moodle SAML2 crt certificate. Retrying...
See: https://ci.dd-work.space/#/builders/4/builds/62/steps/8/logs/stdio

But by reverting 52f99c38bb it works as
expected.
See: https://ci.dd-work.space/#/builders/4/builds/67/steps/8/logs/stdio

Upon investigation, we were not waiting for moodle to be fully up
because 'healthy' is a substring of 'unhealthy' and grep wasn't taking
that into account.
2022-09-06 19:35:23 +02:00
Evilham 08a36cce9f
[dd-ctl] Bundle up some docker commands
This ought to be faster and is easier to read.
2022-09-06 19:30:12 +02:00
Evilham 52f99c38bb
[shellcheck] Fix ShellCheck issues
Detected on the CI we are testing.
2022-08-30 14:41:19 +02:00
Evilham 5bb3afe2aa
[dd-ctl] Fix installations without docker
When we improved the update process, we introduced a deadlock when not
having docker.

By separating update from repo-update we can differentiate those cases:
- update: full update of an existing installation
- repo-update: bring repository to latest stand
2022-08-30 12:42:08 +02:00
Jose Antonio Exposito Garcia b58e43f5d4 install package in worpdress docker for plugin gsite 2022-08-26 12:55:06 +00:00
Evilham 3fa0d48858
[dd-ctl] Adapt update subcommand with all actions
This way existing installations can just run ./dd-ctl update and have a
working environment with the latest version.
2022-08-08 11:58:04 +02:00
Evilham e3b1513725
[dd-ctl] [moodle] Do not use plugin dd.conf vars
This was a bad design choice since it doesn't allow us to easily manage
the intended plugin version and therefore keep them up to date.

As a short-term mechanism, we change the used variables to have the
_OVERRIDE suffix and default in dd-ctl to the actual URLs, while also
removing them from dd.conf.sample.

This solves the issue in both current and future installations; in a
near future we want to have these dependencies in a .tsv file where they
can easily be managed.
2022-08-08 11:42:28 +02:00
Evilham 80ff9cce22
[dd-ctl] [nc] forms plugin branch + occ upgrade
When installing / upgrading plugins it is often the case that occ
upgrade needs to run.
2022-08-08 11:40:57 +02:00
Evilham 71237cabb6
[dd-ctl] Remove some docker calls 2022-08-03 10:29:25 +02:00