Compare commits
merge into: 0k:master
0k:0k/dev/master
0k:backup
0k:bgallet/nextcloud
0k:boris/smtp-extern
0k:charm-codimd-new
0k:cups_service_alpha
0k:dev
0k:dev1
0k:dhcp
0k:element
0k:etherpad-upd
0k:framadate
0k:get-version
0k:lokavaluto/dev/master
0k:master
0k:matomo
0k:new-mailhog-charms
0k:new-monujo-options
0k:nj-collabra-office
0k:nj-keycloak-17.0
0k:nj-organice-charm
0k:nj-vaulwarden-migrate
0k:ntfy-install
0k:odoo_fix_webhook_url
0k:postgres
0k:rsync-stats
0k:test
0k:upd-docker
0k:update-latest-synapse
0k:wip
bgallet:0k/dev/master
bgallet:backup
bgallet:bgallet/mattermost
bgallet:boris/docuseal
bgallet:boris/matomo
bgallet:boris/rallly
bgallet:boris/smtp-extern
bgallet:charm-codimd-new
bgallet:cups_service_alpha
bgallet:dev
bgallet:dev1
bgallet:dhcp
bgallet:discourse
bgallet:element
bgallet:etherpad-upd
bgallet:framadate
bgallet:hedgedoc
bgallet:lokavaluto/dev/master
bgallet:master
bgallet:matomo
bgallet:mattermost
bgallet:nanoyaml
bgallet:netdata
bgallet:new-mailhog-charms
bgallet:new-monujo-options
bgallet:nextcloud
bgallet:nj-collabra-office
bgallet:nj-keycloak-17.0
bgallet:nj-organice-charm
bgallet:nj-vaulwarden-migrate
bgallet:odoo_fix_webhook_url
bgallet:postgres
bgallet:rallly
bgallet:test
bgallet:upd
bgallet:upd-docker
bgallet:update-latest-synapse
bgallet:wip
pull from: bgallet:hedgedoc
bgallet:0k/dev/master
bgallet:backup
bgallet:bgallet/mattermost
bgallet:boris/docuseal
bgallet:boris/matomo
bgallet:boris/rallly
bgallet:boris/smtp-extern
bgallet:charm-codimd-new
bgallet:cups_service_alpha
bgallet:dev
bgallet:dev1
bgallet:dhcp
bgallet:discourse
bgallet:element
bgallet:etherpad-upd
bgallet:framadate
bgallet:hedgedoc
bgallet:lokavaluto/dev/master
bgallet:master
bgallet:matomo
bgallet:mattermost
bgallet:nanoyaml
bgallet:netdata
bgallet:new-mailhog-charms
bgallet:new-monujo-options
bgallet:nextcloud
bgallet:nj-collabra-office
bgallet:nj-keycloak-17.0
bgallet:nj-organice-charm
bgallet:nj-vaulwarden-migrate
bgallet:odoo_fix_webhook_url
bgallet:postgres
bgallet:rallly
bgallet:test
bgallet:upd
bgallet:upd-docker
bgallet:update-latest-synapse
bgallet:wip
0k:0k/dev/master
0k:backup
0k:bgallet/nextcloud
0k:boris/smtp-extern
0k:charm-codimd-new
0k:cups_service_alpha
0k:dev
0k:dev1
0k:dhcp
0k:element
0k:etherpad-upd
0k:framadate
0k:get-version
0k:lokavaluto/dev/master
0k:master
0k:matomo
0k:new-mailhog-charms
0k:new-monujo-options
0k:nj-collabra-office
0k:nj-keycloak-17.0
0k:nj-organice-charm
0k:nj-vaulwarden-migrate
0k:ntfy-install
0k:odoo_fix_webhook_url
0k:postgres
0k:rsync-stats
0k:test
0k:upd-docker
0k:update-latest-synapse
0k:wip
15 Commits
28 changed files with 1123 additions and 318 deletions
-
138README.org
-
188apache/README.org
-
29apache/README.rst
-
4apache/hooks/publish_dir-relation-joined
-
4apache/hooks/web_proxy-relation-joined
-
315apache/lib/common
-
316apache/test/get_domains
-
17apache/test/vhost
-
2apache/test/vhost_cert_provider
-
14apache/test/vhost_files
-
20hedgedoc/README.org
-
1letsencrypt/actions/crt
-
15mariadb/hooks/sql_database-relation-joined
-
1mariadb/metadata.yml
-
1nextcloud/actions/occ
-
1nextcloud/hooks/init
-
51nextcloud/hooks/mysql_database-relation-joined
-
1nextcloud/hooks/mysql_database-relation-joined
-
54nextcloud/hooks/postgres_database-relation-joined
-
75nextcloud/hooks/sql_database-relation-joined
-
31nextcloud/hooks/web_proxy-relation-joined
-
45nextcloud/lib/common
-
11nextcloud/metadata.yml
-
40odoo-tecnativa/README.org
-
8odoo-tecnativa/README.rst
-
39odoo-tecnativa/hooks/init
-
16postgres/hooks/sql_database-relation-joined
-
1postgres/metadata.yml
-
3rocketchat/README.org
@ -0,0 +1,188 @@ |
|||
|
|||
|
|||
* Usage |
|||
|
|||
Other services will often require a service managed with this charm to |
|||
act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS. |
|||
|
|||
|
|||
** Domain assignment |
|||
|
|||
Services using relation =web-proxy= or =publish-dir= will be required |
|||
to be assigned a domain name for the virtual host that will be |
|||
created. |
|||
|
|||
*** Domain sources |
|||
|
|||
This domain name can be set (in order of priority), the first source |
|||
giving a name will be taken. |
|||
|
|||
- *Relation's options* (=web-proxy= or =publish-dir=) |
|||
Using =domain= option, and optionally the deprecated |
|||
=server-aliases= for additional names. |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
relations: |
|||
web-proxy: |
|||
apache: |
|||
domain: mydomain.org |
|||
#server-aliases: |
|||
# - www.mydomain.org |
|||
# - pro.mydomain.org |
|||
#+end_src |
|||
- *Apache service's options*, using a =service-domain-name= mapping: |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
# ... |
|||
myservice: |
|||
- mydomain.org |
|||
- www.mydomain.org |
|||
- pro.mydomain.org |
|||
# ... |
|||
#+end_src |
|||
|
|||
- *the service name* itself if is a domain name: |
|||
|
|||
#+begin_src yaml |
|||
www.mydomain.org: |
|||
# ... |
|||
#+end_src |
|||
|
|||
Please note that this is not recommended, and will be deprecated. |
|||
|
|||
*** Domain and alternate domains |
|||
|
|||
Every source (except the one coming out from the domain name), can use |
|||
several ways to provide *more than one domain name*. |
|||
|
|||
Please remember: |
|||
- At least one domain name needs to be provided |
|||
- and the first domain can't use wildcards and will be considered the main domain name. |
|||
|
|||
If other domains are specified, they will be used as aliases, and |
|||
wildcard (using ~*~) is supported. |
|||
|
|||
Additionally, bash braces expansion and regex matching are |
|||
available. Space separated YAML string or YAML sequences are |
|||
supported, also as mix of both. |
|||
|
|||
As examples, notice the following are equivalent and will serve |
|||
=myservice= on the exact same set of domain names: |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
relations: |
|||
web-proxy: |
|||
domain: |
|||
## A yaml list |
|||
- myservice.home.org |
|||
- mydomain.org |
|||
- www.mydomain.org |
|||
- pro.mydomain.org |
|||
- *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... no domain set in relation |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## A yaml list as a mapping value |
|||
myservice: |
|||
- myservice.home.org |
|||
- {,www.,pro.}mydomain.org ## bash braces expansion used |
|||
- *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## space separated YAML string and bash braces expansion |
|||
myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## Leveraging bash braces expansion and regex replacement |
|||
.*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org |
|||
#+end_src |
|||
|
|||
** Domain mapping |
|||
|
|||
You can automatically assign a domain to services in relation |
|||
=web-proxy= or =publish-dir= with services managed by this charm using |
|||
the =service-domain-name= option. For instance: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
.*: $0.mydomain.org |
|||
#+end_src |
|||
|
|||
Where ~mydomain.org~ stands for the domain where most of your services |
|||
will be served. You can override this behavior for some services: |
|||
- by adding a matching rule *before* the given rule. |
|||
- by specifying a =domain= in the relation's options. |
|||
|
|||
first rule matching will end the mapping: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
foo: www.mydomain.org |
|||
bar: beta.myotherdomain.com |
|||
#+end_src |
|||
|
|||
Allows to distribute services to domains quite freely. |
|||
|
|||
|
|||
* SSH Tunnel |
|||
|
|||
On the server side, you can configure your compose file:: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
ssh-tunnel: |
|||
domain: ssh.domain.com ## required |
|||
#ssl: ... ## required, but automatically setup if you |
|||
## provide a ``cert-provider`` to ``apache``. |
|||
#+end_src |
|||
|
|||
|
|||
On the client side you should add this to your ``~/.ssh/config``:: |
|||
|
|||
#+begin_src conf-space |
|||
Host ssh.domain.com |
|||
Port 443 |
|||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|||
DynamicForward 1080 |
|||
ServerAliveInterval 60 |
|||
#+end_src |
|||
|
|||
If it doesn't work, you can do some checks thanks to this command:: |
|||
|
|||
#+begin_example |
|||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|||
#+end_example |
|||
|
|||
|
@ -1,29 +0,0 @@ |
|||
|
|||
|
|||
SSH Tunnel |
|||
---------- |
|||
|
|||
On the server side, you can configure your compose file:: |
|||
|
|||
apache: |
|||
options: |
|||
ssh-tunnel: |
|||
domain: ssh.domain.com ## required |
|||
#ssh: ... ## required, but automatically setup if you |
|||
## provide a ``cert-provider`` to ``apache``. |
|||
|
|||
|
|||
On the client side you should add this to your ``~/.ssh/config``:: |
|||
|
|||
Host ssh.domain.com |
|||
Port 443 |
|||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|||
DynamicForward 1080 |
|||
ServerAliveInterval 60 |
|||
|
|||
If it doesn't work, you can do some checks thanks to this command:: |
|||
|
|||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|||
|
|||
|
@ -0,0 +1,316 @@ |
|||
#!/bin/bash |
|||
|
|||
exname=$(basename $0) |
|||
|
|||
compose_core=$(which compose-core) || { |
|||
echo "Requires compose-core executable to be in \$PATH." >&2 |
|||
exit 1 |
|||
} |
|||
|
|||
fetch-def() { |
|||
local path="$1" fname="$2" |
|||
( . "$path" 1>&2 || { |
|||
echo "Failed to load '$path'." >&2 |
|||
exit 1 |
|||
} |
|||
declare -f "$fname" |
|||
) |
|||
} |
|||
|
|||
prefix_cmd=" |
|||
. /etc/shlib |
|||
|
|||
include common |
|||
include parse |
|||
|
|||
. ../lib/common |
|||
|
|||
$(fetch-def "$compose_core" yaml_get_values) |
|||
$(fetch-def "$compose_core" yaml_get_interpret) |
|||
|
|||
" || { |
|||
echo "Couldn't build prefix cmd" >&2 |
|||
exit 1 |
|||
} |
|||
|
|||
# mock |
|||
cfg-get-value() { |
|||
local key="$1" |
|||
shyaml get-value "$key" 2>/dev/null |
|||
} |
|||
export -f cfg-get-value |
|||
|
|||
yaml_get_interpret() { |
|||
shyaml get-value |
|||
} |
|||
export -f yaml_get_interpret |
|||
|
|||
|
|||
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX) |
|||
trap "rm -rf \"$state_tmpdir\"" EXIT |
|||
|
|||
## |
|||
## Tests |
|||
## |
|||
|
|||
try " |
|||
get_domains ' |
|||
'" |
|||
is errlvl 1 |
|||
is err reg 'Error: .*domain option.*' |
|||
is out '' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: toto |
|||
'" |
|||
noerror |
|||
is out 'toto |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: toto titi |
|||
'" |
|||
noerror |
|||
is out 'toto titi |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- toto |
|||
'" |
|||
noerror |
|||
is out 'toto |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
server-aliases: |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
server-aliases: |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
server-aliases: |
|||
- toto |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part "You can't specify server aliases if you don't have a domain" |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo |
|||
server-aliases: |
|||
- bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo |
|||
server-aliases: bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo |
|||
server-aliases: bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
server-aliases: wiz |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar wiz |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
server-aliases: foo1 |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
- \"*.zoo\" |
|||
server-aliases: foo1 |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar *.zoo |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo+ bar |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'Invalid domain value' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options.service-domain-map: |
|||
'" "empty service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
is err part 'service-domain-map' |
|||
|
|||
|
|||
try " |
|||
BASE_SERVICE_NAME=foo |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz: bar |
|||
'" "no map matching in service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
is err part 'service-domain-map' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz: bar |
|||
'" "matching map in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz?: bar |
|||
wiz: bar2 |
|||
'" "only first matching map in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
\"[w]i?zz?\": bar |
|||
'" "map are regex in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
(w)i(z): bar\$1\$2 |
|||
'" "regex capture in service-domain-map" |
|||
noerror |
|||
is out 'barwz |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: \$0.shrubbery |
|||
'" "regex capture 2 in service-domain-map" |
|||
noerror |
|||
is out 'wiz.shrubbery |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: \$x |
|||
'" "refuse other variables in service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'Invalid mapping value' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: |
|||
- \$0.example.com |
|||
- my-\$0.domain.org |
|||
|
|||
'" "list is possible as value of service-domain-map" |
|||
noerror |
|||
is out 'wiz.example.com my-wiz.domain.org |
|||
' |
@ -0,0 +1,20 @@ |
|||
# -*- ispell-local-dictionary: "english" -*- |
|||
|
|||
* How to reset password version 1.X : |
|||
|
|||
#+begin_src sh |
|||
## 1. Access the server and then enter the container |
|||
docker exec -ti hedgedoc sh |
|||
|
|||
## 2. use the script to manage users ./bin/manage_users |
|||
|
|||
Command-line utility to create users for email-signin. |
|||
|
|||
Usage: bin/manage_users [--pass password] (--add | --del) user-email |
|||
Options: |
|||
--add Add user with the specified user-email |
|||
--del Delete user with specified user-email |
|||
--reset Reset user password with specified user-email |
|||
--pass Use password from cmdline rather than prompting |
|||
#+end_src |
|||
|
@ -0,0 +1,15 @@ |
|||
#!/bin/bash |
|||
|
|||
## When writing relation script, remember: |
|||
## - they should be idempotents |
|||
## - they can be launched while the dockers is already up |
|||
## - they are launched from the host |
|||
## - the target of the link is launched first, and get a chance to ``relation-set`` |
|||
## - both side of the scripts get to use ``relation-get``. |
|||
|
|||
relation-set type mysql || { |
|||
err "Could not set relation ${WHITE}type${NORMAL} to 'mysql'." |
|||
exit 1 |
|||
} |
|||
|
|||
. hooks/mysql_database-relation-joined |
@ -1,51 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
PASSWORD="$(relation-get password)" |
|||
USER="$(relation-get user)" |
|||
DBNAME="$(relation-get dbname)" |
|||
|
|||
|
|||
## This check adds purely arbitrary limits to what could be a password |
|||
## if we need to open that more, just consider the next script where we'll |
|||
## need to write in a PHP structure, or in YAML structure. |
|||
|
|||
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
|||
## to test for those in bash. |
|||
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
|||
err "Invalid password chosen for mysql database." |
|||
exit 1 |
|||
fi |
|||
|
|||
## if config is not existent |
|||
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
|||
|
|||
## 'occ' can't be used as it will try to connect to mysql before running and |
|||
## will fail if user/password is not correct |
|||
|
|||
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
|||
quoted_user="${USER//\\/\\\\\\\\\\}" |
|||
quoted_user="${quoted_user//\'/\\\\\'}" |
|||
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
|||
quoted_password="${quoted_password//\'/\\\\\'}" |
|||
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
|||
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE" |
|||
else |
|||
|
|||
## These variable are not used by current docker image after first install |
|||
|
|||
config-add "\ |
|||
services: |
|||
$MASTER_BASE_SERVICE_NAME: |
|||
environment: |
|||
MYSQL_HOST: $MASTER_TARGET_SERVICE_NAME |
|||
MYSQL_DATABASE: $DBNAME |
|||
MYSQL_PASSWORD: $PASSWORD |
|||
MYSQL_USER: $USER |
|||
" |
|||
fi |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1 @@ |
|||
postgres_database-relation-joined |
@ -1,51 +1,11 @@ |
|||
#!/bin/bash |
|||
|
|||
. lib/common |
|||
type="${0##*/}" |
|||
type="${type%_database-relation-joined}" |
|||
|
|||
set -e |
|||
set-relation type "$type" || { |
|||
err "Could not set relation ${WHITE}type${NORMAL} to '$type'." |
|||
exit 1 |
|||
} |
|||
|
|||
PASSWORD="$(relation-get password)" |
|||
USER="$(relation-get user)" |
|||
DBNAME="$(relation-get dbname)" |
|||
|
|||
|
|||
## This check adds purely arbitrary limits to what could be a password |
|||
## if we need to open that more, just consider the next script where we'll |
|||
## need to write in a PHP structure, or in YAML structure. |
|||
|
|||
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
|||
## to test for those in bash. |
|||
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
|||
err "Invalid password chosen for postgres database." |
|||
exit 1 |
|||
fi |
|||
|
|||
## if config is not existent |
|||
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
|||
|
|||
## 'occ' can't be used as it will try to connect to postgres before running and |
|||
## will fail if user/password is not correct |
|||
|
|||
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
|||
quoted_user="${USER//\\/\\\\\\\\\\}" |
|||
quoted_user="${quoted_user//\'/\\\\\'}" |
|||
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
|||
quoted_password="${quoted_password//\'/\\\\\'}" |
|||
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
|||
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE" |
|||
else |
|||
|
|||
## These variable are not used by current docker image after first install |
|||
|
|||
config-add "\ |
|||
services: |
|||
$MASTER_BASE_SERVICE_NAME: |
|||
environment: |
|||
POSTGRES_HOST: $MASTER_TARGET_SERVICE_NAME |
|||
POSTGRES_DB: $DBNAME |
|||
POSTGRES_PASSWORD: $PASSWORD |
|||
POSTGRES_USER: $USER |
|||
" |
|||
fi |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
|||
. ./hooks/sql_database-relation-joined |
@ -0,0 +1,75 @@ |
|||
#!/bin/bash |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
TYPE="$(relation-get type)" || { |
|||
err "No ${WHITE}type${NORMAL} set in relation." |
|||
exit 1 |
|||
} |
|||
PASSWORD="$(relation-get password)" |
|||
USER="$(relation-get user)" |
|||
DBNAME="$(relation-get dbname)" |
|||
|
|||
|
|||
## This check adds purely arbitrary limits to what could be a password |
|||
## if we need to open that more, just consider the next script where we'll |
|||
## need to write in a PHP structure, or in YAML structure. |
|||
|
|||
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
|||
## to test for those in bash. |
|||
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
|||
err "Invalid password chosen for $type database." |
|||
exit 1 |
|||
fi |
|||
|
|||
## if config is not existent |
|||
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
|||
|
|||
## 'occ' can't be used as it will try to connect to db before running and |
|||
## will fail if user/password is not correct |
|||
|
|||
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
|||
quoted_user="${USER//\\/\\\\\\\\\\}" |
|||
quoted_user="${quoted_user//\'/\\\\\'}" |
|||
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
|||
quoted_password="${quoted_password//\'/\\\\\'}" |
|||
case "$TYPE" in |
|||
mysql) |
|||
nextcloud_type="mysql";; |
|||
postgres) |
|||
nextcloud_type="pgsql";; |
|||
*) |
|||
err "Unknown type '$TYPE' for database." |
|||
exit 1 |
|||
;; |
|||
esac |
|||
|
|||
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
|||
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;\ |
|||
s/^( 'dbtype' => ')(.*)(',)$/\1${nextcloud_type}\3/g;\ |
|||
s/^( 'dbhost' => ')(.*)(',)$/\1${MASTER_TARGET_SERVICE_NAME}\3/g;\ |
|||
" "$CONFIGFILE" |
|||
|
|||
else |
|||
|
|||
## These variable are not used by current docker image after first install |
|||
|
|||
if [ "$TYPE" == "mysql" ]; then |
|||
database_env_label="DATABASE" |
|||
else |
|||
database_env_label="DB" |
|||
fi |
|||
|
|||
config-add "\ |
|||
services: |
|||
$MASTER_BASE_SERVICE_NAME: |
|||
environment: |
|||
${TYPE^^}_HOST: $MASTER_TARGET_SERVICE_NAME |
|||
${TYPE^^}_${database_env_label}: $DBNAME |
|||
${TYPE^^}_PASSWORD: $PASSWORD |
|||
${TYPE^^}_USER: $USER |
|||
" |
|||
fi |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -1,33 +1,20 @@ |
|||
#!/bin/bash |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
DOMAIN=$(relation-get domain) || exit 1 |
|||
URL="$(relation-get url)" || exit 1 |
|||
PROTO="${URL%%://*}" |
|||
|
|||
if ! trusted_domains="$( |
|||
compose -q --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" \ |
|||
config:system:get trusted_domains)"; then |
|||
err "Couldn't get 'trusted_domains'. Here's the ouput:" |
|||
echo "$trusted_domains" | prefix " | " >&2 |
|||
|
|||
echo "If the code of nextcloud is already there (command occ is found), but " >&2 |
|||
echo "the database is not yet created, this situation will arise." >&2 |
|||
nextcloud:config:simple:add overwritehost "$DOMAIN" || { |
|||
err "Failed to set ${WHITE}overwritehost${NORMAL} to '$DOMAIN'." |
|||
exit 1 |
|||
fi |
|||
} |
|||
|
|||
occ_opts=( |
|||
## necessary as nextcloud do not detect correctly those, and behind |
|||
## a proxy, it will generate a lot of URL that are not detected |
|||
## by means of ``ReverseProxyPass`` on apache for instance |
|||
nextcloud:config:simple:add overwriteprotocol "$PROTO" || { |
|||
err "Failed to set ${WHITE}overwriteprotocol${NORMAL} to '$PROTO'." |
|||
exit 1 |
|||
} |
|||
|
|||
config:system:set overwritehost --value="$DOMAIN" \; |
|||
config:system:set overwriteprotocol --value="$PROTO" |
|||
) |
|||
if ! [[ $'\n'"$trusted_domains"$'\n' == *$'\n'"$MASTER_BASE_SERVICE_NAME"$'\n'* ]]; then |
|||
trusted_index=$(echo "$trusted_domains" | wc -l) |
|||
debug "Adding $MASTER_TARGET_SERVICE_NAME to ${WHITE}trusted_domains${NORMAL}." |
|||
occ_opts+=( \; config:system:set trusted_domains "$trusted_index" --value="$MASTER_BASE_SERVICE_NAME") |
|||
fi |
|||
compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}" |
@ -0,0 +1,40 @@ |
|||
|
|||
|
|||
Odoo-tecnativa is a odoo image containing all source and add-ons because |
|||
we want to certify the whole image. |
|||
|
|||
So this means there are no builds being managed by compose, and no injection |
|||
of code. |
|||
|
|||
|
|||
* Usage |
|||
|
|||
** dbfilter |
|||
|
|||
With image ~16.0~, an advanced version of ~dbfilter~ is installed. Here |
|||
a few examples: |
|||
|
|||
#+begin_src yaml |
|||
odoo: |
|||
# .. |
|||
options: |
|||
dbfilter: |
|||
## DOMAIN_REGEX: DBFILTER |
|||
'^www.domain.org$': '^bar$' ## domain `www.domain.org` can only see `bar`. |
|||
'^foo\.': 'foo_.*' ## domain starting with `foo.` can see db `foo_` |
|||
'^(?P<name>[^.]+)\.': '%{name}s_.*' ## domain starting with `<PREFIX>.` can see db `PREFIX_` |
|||
'': 'other_.*' ## all domains can see db 'other_*' |
|||
|
|||
## Don't forget to configure the domains in the web-proxy part ! |
|||
relations: |
|||
web-proxy: |
|||
apache: |
|||
domain: www.domain.org |
|||
aliases: |
|||
- foo.otherdomain.com |
|||
- bar.wiz.eu |
|||
- test.domain.org |
|||
#+end_src |
|||
|
|||
If there's only one database seen because of the ~dbfilter~, odoo will |
|||
use it by default. |
@ -1,8 +0,0 @@ |
|||
|
|||
|
|||
Odoo-tecnativa is a odoo image containing all source and add-ons because |
|||
we want to certify the whole image. |
|||
|
|||
So this means there are no builds being managed by compose, and no injection |
|||
of code. |
|||
|
@ -0,0 +1,16 @@ |
|||
#!/bin/bash |
|||
|
|||
## When writing relation script, remember: |
|||
## - they should be idempotents |
|||
## - they can be launched while the dockers is already up |
|||
## - they are launched from the host |
|||
## - the target of the link is launched first, and get a chance to ``relation-set`` |
|||
## - both side of the scripts get to use ``relation-get``. |
|||
|
|||
relation-set type postgres || { |
|||
err "Could not set relation ${WHITE}type${NORMAL} to 'postgres'." |
|||
exit 1 |
|||
} |
|||
|
|||
. hooks/postgres_database-relation-joined |
|||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue