robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 17:14:08 +02:00
Code Issues Projects Releases Wiki Activity

add clamav-icap-tls service

Browse source
This commit is contained in:
Robin Appelman 2023-10-17 17:25:18 +02:00
commit a8a3fb2765
3 changed files with 120 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -71,6 +71,7 @@ Additionally, you can use the following options when starting an instance:
- `kaspersky`: setup a kaspersky scan engine server in http mode. (Requires [manually setting up the image](https://github.com/icewind1991/kaspersky-docker)) - `kaspersky`: setup a kaspersky scan engine server in http mode. (Requires [manually setting up the image](https://github.com/icewind1991/kaspersky-docker))
- `kaspersky-icap`: setup a kaspersky scan engine server in ICAP mode. - `kaspersky-icap`: setup a kaspersky scan engine server in ICAP mode.
- `clamav-icap`: setup a clam av scanner in ICAP mode. - `clamav-icap`: setup a clam av scanner in ICAP mode.
- `clamav-icap-tls`: setup a clam av scanner in ICAP mode with TLS encryption.
- `oc`: start an ownCloud instance in the same network. - `oc`: start an ownCloud instance in the same network.
- The name of any configured preset - The name of any configured preset

10
src/service.rs
View file

@ -11,7 +11,7 @@ mod sftp;
mod smb; mod smb;
use crate::config::{HazeConfig, Preset}; use crate::config::{HazeConfig, Preset};
pub use crate::service::clam::ClamIcap; pub use crate::service::clam::{ClamIcap, ClamIcapTls};
use crate::service::dav::Dav; use crate::service::dav::Dav;
use crate::service::kaspersky::{Kaspersky, KasperskyIcap}; use crate::service::kaspersky::{Kaspersky, KasperskyIcap};
pub use crate::service::ldap::{Ldap, LdapAdmin}; pub use crate::service::ldap::{Ldap, LdapAdmin};
@ -51,7 +51,7 @@ pub trait ServiceTrait {
async fn is_healthy(&self, docker: &Docker, cloud_id: &str) -> Result<bool> { async fn is_healthy(&self, docker: &Docker, cloud_id: &str) -> Result<bool> {
let Some(container) = self.container_name(cloud_id) else { let Some(container) = self.container_name(cloud_id) else {
return Ok(true) return Ok(true);
}; };
let info = docker let info = docker
.inspect_container(&container, None) .inspect_container(&container, None)
@ -89,7 +89,7 @@ pub trait ServiceTrait {
async fn is_running(&self, docker: &Docker, cloud_id: &str) -> Result<bool> { async fn is_running(&self, docker: &Docker, cloud_id: &str) -> Result<bool> {
let Some(container) = self.container_name(cloud_id) else { let Some(container) = self.container_name(cloud_id) else {
return Ok(true) return Ok(true);
}; };
let info = docker let info = docker
.inspect_container(&container, None) .inspect_container(&container, None)
@ -178,6 +178,7 @@ pub enum Service {
Kaspersky(Kaspersky), Kaspersky(Kaspersky),
KasperskyIcap(KasperskyIcap), KasperskyIcap(KasperskyIcap),
ClamIcap(ClamIcap), ClamIcap(ClamIcap),
ClamIcapTls(ClamIcapTls),
Oc(Oc), Oc(Oc),
Preset(PresetService), Preset(PresetService),
} }
@ -200,6 +201,9 @@ impl Service {
"kaspersky" => Some(vec![Service::Kaspersky(Kaspersky)]), "kaspersky" => Some(vec![Service::Kaspersky(Kaspersky)]),
"kaspersky-icap" => Some(vec![Service::KasperskyIcap(KasperskyIcap)]), "kaspersky-icap" => Some(vec![Service::KasperskyIcap(KasperskyIcap)]),
"clamav-icap" => Some(vec![Service::ClamIcap(ClamIcap)]), "clamav-icap" => Some(vec![Service::ClamIcap(ClamIcap)]),
"clamav-icap-tls" => Some(vec![Service::ClamIcapTls(ClamIcapTls)]),
"clam-icap" => Some(vec![Service::ClamIcap(ClamIcap)]),
"clam-icap-tls" => Some(vec![Service::ClamIcapTls(ClamIcapTls)]),
_ => presets _ => presets
.iter() .iter()
.find_map(|preset| (preset.name == ty).then(|| PresetService(preset.name.clone()))) .find_map(|preset| (preset.name == ty).then(|| PresetService(preset.name.clone())))

114
src/service/clam.rs
View file

@ -1,4 +1,5 @@
use crate::config::HazeConfig; use crate::config::HazeConfig;
use crate::exec::exec;
use crate::image::pull_image; use crate::image::pull_image;
use crate::service::ServiceTrait; use crate::service::ServiceTrait;
use crate::Result; use crate::Result;
@ -6,7 +7,8 @@ use bollard::container::{Config, CreateContainerOptions, NetworkingConfig};
use bollard::models::{EndpointSettings, HostConfig}; use bollard::models::{EndpointSettings, HostConfig};
use bollard::Docker; use bollard::Docker;
use maplit::hashmap; use maplit::hashmap;
use miette::IntoDiagnostic; use miette::{IntoDiagnostic, WrapErr};
use tokio::fs::write;
#[derive(Debug, Clone, Eq, PartialEq)] #[derive(Debug, Clone, Eq, PartialEq)]
pub struct ClamIcap; pub struct ClamIcap;
@ -33,7 +35,7 @@ impl ServiceTrait for ClamIcap {
network: &str, network: &str,
_config: &HazeConfig, _config: &HazeConfig,
) -> Result<Option<String>> { ) -> Result<Option<String>> {
let image = "deepdiver/icap-clamav-service"; let image = "ghcr.io/icewind1991/icap-clamav-service-tls";
pull_image(docker, image).await?; pull_image(docker, image).await?;
let options = Some(CreateContainerOptions { let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id).unwrap(), name: self.container_name(cloud_id).unwrap(),
@ -95,3 +97,111 @@ impl ServiceTrait for ClamIcap {
]) ])
} }
} }
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct ClamIcapTls;
#[async_trait::async_trait]
impl ServiceTrait for ClamIcapTls {
fn name(&self) -> &str {
"clamav-icap-tls"
}
fn env(&self) -> &[&str] {
&[
"ICAP_HOST=clamav-icap-tls",
"ICAP_PORT=1345",
"ICAP_REQUEST=avscan",
"ICAP_HEADER=X-Infection-Found",
]
}
async fn spawn(
&self,
docker: &Docker,
cloud_id: &str,
network: &str,
_config: &HazeConfig,
) -> Result<Option<String>> {
let image = "ghcr.io/icewind1991/icap-clamav-service-tls";
pull_image(docker, image).await?;
let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id).unwrap(),
..CreateContainerOptions::default()
});
let config = Config {
image: Some(image),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
..Default::default()
}),
labels: Some(hashmap! {
"haze-type" => self.name(),
"haze-cloud-id" => cloud_id
}),
networking_config: Some(NetworkingConfig {
endpoints_config: hashmap! {
network => EndpointSettings {
aliases: Some(vec![self.name().to_string()]),
..Default::default()
}
},
}),
..Default::default()
};
let id = docker
.create_container(options, config)
.await
.into_diagnostic()?
.id;
docker
.start_container::<String>(&id, None)
.await
.into_diagnostic()?;
Ok(Some(id))
}
fn container_name(&self, cloud_id: &str) -> Option<String> {
Some(format!("{}-{}", cloud_id, self.name()))
}
fn apps(&self) -> &'static [&'static str] {
&["files_antivirus"]
}
async fn post_setup(
&self,
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
let mut cert = Vec::new();
exec(
docker,
self.container_name(cloud_id).unwrap(),
"root",
vec!["cat", "/local/cert.pem"],
Vec::<String>::new(),
Some(&mut cert),
)
.await
.wrap_err("Failed to get icap certificate")?;
let cert_path = config.work_dir.join(cloud_id).join("data/icap-cert.pem");
write(cert_path, cert)
.await
.into_diagnostic()
.wrap_err("Failed to write icap certificate")?;
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=icap".into(),
"occ config:app:set files_antivirus av_icap_tls --value=1".into(),
"occ config:app:set files_antivirus av_host --value=clamav-icap-tls".into(),
"occ config:app:set files_antivirus av_port --value=1345".into(),
"occ config:app:set files_antivirus av_icap_request_service --value=avscan".into(),
"occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"
.into(),
"occ security:certificates:import data/icap-cert.pem".into(),
])
}
}