robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 09:04:12 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: robin:v2.2.0
Branches Tags
robin:main
robin:v2.2.2
robin:v2.2.1
robin:v2.2.0
robin:v2.1.6
robin:v2.1.5
robin:v2.1.4
robin:v2.1.3
robin:v2.1.2
robin:v2.1.1
robin:v2.1.0
robin:v2.0.0
robin:v1.6.0
robin:v1.5.0
robin:v1.4.0
robin:v1.3.0
robin:v1.2.1
robin:v1.2.0
robin:v1.1.0
robin:v1.0.1
robin:v1.0.0
...
compare: robin:main
Branches Tags
robin:main
robin:v2.2.2
robin:v2.2.1
robin:v2.2.0
robin:v2.1.6
robin:v2.1.5
robin:v2.1.4
robin:v2.1.3
robin:v2.1.2
robin:v2.1.1
robin:v2.1.0
robin:v2.0.0
robin:v1.6.0
robin:v1.5.0
robin:v1.4.0
robin:v1.3.0
robin:v1.2.1
robin:v1.2.0
robin:v1.1.0
robin:v1.0.1
robin:v1.0.0

36 commits
v2.2.0 ... main

Author SHA1 Message Date
Robin Appelman
a3f2355dea create smb/sftp accounts for ldaptest 2026-05-28 18:48:40 +02:00
Robin Appelman
d852f9db4f remove php-smbclient for now as it's broken 2026-05-28 18:48:19 +02:00
Robin Appelman
92fbc74a5b fix ldap 2026-05-28 18:40:21 +02:00
Robin Appelman
204fb676d6 add sftp with key authentication service 2026-05-26 20:49:19 +02:00
Robin Appelman
f99238121b nix cleanup 2026-05-09 16:45:55 +02:00
Robin Appelman
cd9740675f clippy fixes 2026-05-08 22:23:40 +02:00
Robin Appelman
39ba7a2a53 mention webhook tester in readme 2026-05-08 22:22:42 +02:00
Robin Appelman
ad999702aa improve websocket proxying 2026-05-08 20:41:19 +02:00
Robin Appelman
b977cd9dfa parallelize git pull 
fixes #21
 2026-05-08 19:09:43 +02:00
Robin Appelman
8771e7dc5f switch to multiprogress for git pull 2026-05-08 18:57:19 +02:00
Robin Appelman
373ce0f3fd add php-imagick 
fixes #22
 2026-05-07 18:59:05 +02:00
Robin Appelman
9e080f0d54 fix using '--' flags in test and integration commands 2026-05-07 18:40:30 +02:00
Robin Appelman
512b669a7c sqlite table mode 2026-04-30 19:08:13 +02:00
Robin Appelman
ea3f89bb04 fpm logs 2026-04-28 18:55:12 +02:00
Robin Appelman
b4a77997ab fpm status page 2026-04-28 18:54:48 +02:00
Robin Appelman
87f6907778 autosetup for ldap 
fixes #19
 2026-04-17 22:22:33 +02:00
Robin Appelman
9de626a905 typo 2026-04-16 16:30:09 +02:00
Robin Appelman
53e30a94aa fix generated urls in integration tests 2026-04-15 23:28:46 +02:00
Robin Appelman
948d01600e readme typo 2026-04-14 14:52:46 +02:00
Robin Appelman
19e60217ea 127.0.0.1 now works for federation 2026-04-14 14:05:02 +02:00
Robin Appelman
96b7dd671c clippy fixes 2026-04-13 23:42:07 +02:00
Robin Appelman
24b8fd26ca rebuild images on version number change 2026-04-13 23:29:04 +02:00
Robin Appelman
814a1c3121 2.2.1 2026-04-13 23:23:10 +02:00
Robin Appelman
a1ed0571be exclude frankenphp from older php versions 2026-04-13 20:59:29 +02:00
Robin Appelman
0a16737398 migrate scripts to nushell 2026-04-13 20:53:43 +02:00
Robin Appelman
266b70339b cleanup 2026-04-10 17:40:44 +02:00
Robin Appelman
3abf183ae3 app integration support 2026-04-10 17:37:30 +02:00
Robin Appelman
a80354c922 fix office 2026-03-25 17:31:27 +01:00
Robin Appelman
3b4014b5e4 basic frankenphp support 
fixes #17
 2026-03-22 15:03:50 +01:00
Robin Appelman
4ab23610a2 fix redis-tls not starting 2026-03-22 14:10:27 +01:00
Robin Appelman
0d98667650 add dns for proxy inside container 2026-03-20 21:22:37 +01:00
Robin Appelman
ce34f302a1 clippy fixes 2026-03-20 16:10:42 +01:00
Robin Appelman
63e17d609f record haze version when building images and warn on out of date images 2026-03-20 15:14:45 +01:00
Robin Appelman
6fdadd9bad use supervisord in image 2026-03-12 15:43:32 +01:00
Robin Appelman
0105c60a09 workflow cleanup 2026-03-10 15:06:39 +01:00
Robin Appelman
85ffdcea5a fix workflow typo 2026-03-10 15:05:19 +01:00
56 changed files with 1089 additions and 485 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.forgejo/workflows/docker.yaml
View file

@ -4,6 +4,7 @@ on:
push:
branches: ["main"]
paths:
- "Cargo.toml"
- ".forgejo/workflows/docker.yaml"
- "nix/image/**"
@ -16,10 +17,9 @@ jobs:
strategy:
matrix:
php-version: ["8.0", "8,1", "8.2", "8.3", "8.4", "8.5"]
variant: [""]
php-version: ["8.0", "8.1", "8.2", "8.3", "8.4", "8.5"]
name: haze-${{ matrix.php-version }}${{ matrix.variant }}
name: haze-${{ matrix.php-version }}
steps:
- name: Checkout repository

95
Cargo.lock generated
View file

@ -147,6 +147,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
dependencies = [
"axum-core",
"axum-macros",
"bytes",
"form_urlencoded",
"futures-util",
@ -192,6 +193,17 @@ dependencies = [
"tracing",
]
[[package]]
name = "axum-macros"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "backtrace"
version = "0.3.74"
@ -506,6 +518,31 @@ dependencies = [
"cfg-if",
]
[[package]]
name = "crossbeam-deque"
version = "0.8.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51"
dependencies = [
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
version = "0.9.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "crypto-common"
version = "0.1.7"
@ -896,25 +933,6 @@ dependencies = [
"url",
]
[[package]]
name = "h2"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5017294ff4bb30944501348f6f8e42e6ad28f42c8bbef7a74029aff064a4e3c2"
dependencies = [
"atomic-waker",
"bytes",
"fnv",
"futures-core",
"futures-sink",
"http",
"indexmap",
"slab",
"tokio",
"tokio-util",
"tracing",
]
[[package]]
name = "hashbrown"
version = "0.15.2"
@ -932,7 +950,7 @@ checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
[[package]]
name = "haze"
version = "2.2.0"
version = "2.2.2"
dependencies = [
"async-trait",
"atty",
@ -956,6 +974,7 @@ dependencies = [
"opener",
"owo-colors",
"petname",
"rayon",
"reqwest",
"serde",
"serde_json",
@ -965,6 +984,7 @@ dependencies = [
"tar",
"termion",
"tokio",
"tokio-stream",
"toml",
"tracing",
"tracing-subscriber",
@ -1072,7 +1092,6 @@ dependencies = [
"bytes",
"futures-channel",
"futures-core",
"h2",
"http",
"http-body",
"httparse",
@ -1103,8 +1122,9 @@ dependencies = [
[[package]]
name = "hyper-reverse-proxy"
version = "0.5.2-dev"
source = "git+https://github.com/chpio/hyper-reverse-proxy?rev=6934877eb74465204f605cc1c05ca5a9772db7c0#6934877eb74465204f605cc1c05ca5a9772db7c0"
source = "git+https://code.betamike.com/micropelago/hyper-reverse-proxy.git?rev=d5a6f799189360d9449ae47ab3cdde511f02cf39#d5a6f799189360d9449ae47ab3cdde511f02cf39"
dependencies = [
"http-body-util",
"hyper",
"hyper-util",
"tokio",
@ -2002,6 +2022,26 @@ dependencies = [
"getrandom 0.3.4",
]
[[package]]
name = "rayon"
version = "1.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d"
dependencies = [
"either",
"rayon-core",
]
[[package]]
name = "rayon-core"
version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91"
dependencies = [
"crossbeam-deque",
"crossbeam-utils",
]
[[package]]
name = "redox_syscall"
version = "0.5.10"
@ -2695,6 +2735,17 @@ dependencies = [
"tokio",
]
[[package]]
name = "tokio-stream"
version = "0.1.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70"
dependencies = [
"futures-core",
"pin-project-lite",
"tokio",
]
[[package]]
name = "tokio-util"
version = "0.7.13"

8
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "haze"
version = "2.2.0"
version = "2.2.2"
authors = ["Robin Appelman <robin@icewind.nl>"]
edition = "2021"
repository = "https://codeberg.org/icewind/haze"
@ -12,6 +12,7 @@ bollard = "0.20.1"
maplit = "1.0.2"
camino = { version = "1.2.2", features = ["serde1"] }
tokio = { version = "1.49.0", features = ["fs", "macros", "signal", "rt-multi-thread"] }
tokio-stream = { version = "0.1.18", features = ["net"] }
futures-util = "0.3.32"
termion = "4.0.6"
opener = "0.8.4"
@ -39,11 +40,12 @@ zip = "8.1.0"
sha2 = "0.11.0-rc.5"
base16ct = { version = "1.0.0", features = ["alloc"] }
indicatif = "0.18.4"
rayon = "1.12.0"
hyper-reverse-proxy = { version = "0.5.2-dev", git = "https://github.com/chpio/hyper-reverse-proxy", rev = "6934877eb74465204f605cc1c05ca5a9772db7c0" }
hyper-reverse-proxy = { version = "0.5.2-dev", git = "https://code.betamike.com/micropelago/hyper-reverse-proxy.git", rev = "d5a6f799189360d9449ae47ab3cdde511f02cf39" }
hyper = "1.8.1"
hyper-util = "0.1.20"
axum = { version = "0.8.8", features = ["tokio"] }
axum = { version = "0.8.8", features = ["tokio", "macros"] }
[profile.release]
lto = true

9
README.md
View file

@ -81,6 +81,8 @@ Additionally, you can use the following options when starting an instance:
- `smb`: set up a samba server for external storage use.
- `dav`: set up a WebDAV server for external storage use.
- `sftp`: set up a SFTP server for external storage use.
- `sftp-key`: set up a SFTP server for external storage use with public key
authentication.
- `kaspersky`: set up a kaspersky scan engine server in http mode. ( Requires
[manually setting up the image](https://github.com/icewind1991/kaspersky-docker))
- `kaspersky-icap`: setup a kaspersky scan engine server in ICAP mode.
@ -93,6 +95,8 @@ Additionally, you can use the following options when starting an instance:
generation.
- `mail`: start a [smtp4dev](https://github.com/rnwood/smtp4dev) server and
configure it the mail server.
- `webhook` start a
[webhook tester](https://github.com/tarampampam/webhook-tester)
- `redis`: start a separate container for redis.
- `redis-tls`: connect to redis over TLS.
- `<path to app.tar.gz>`: by specifying the path to an app package this package
@ -274,8 +278,7 @@ proxy to allow using a wildcard domain.
### Setup
- Set a DNS record for `*.haze.exmaple.com` and `haze.example.com` pointing to
your development machine. Pointing it to `127.0.0.1` will also work, but comes
with limitations like federation not being supported.
your development machine.
- Set the `proxy` configuration with your domain and desired listen endpoint.
- Set up a service to run `haze proxy` in the background as your own user. A
systemd user service is recommended (see [haze.service](./haze.service) for an
@ -296,7 +299,7 @@ will automatically point to the last created instance.
Additionally, the proxy allows access to the server containers trough either
`<instance id>-<service id>.haze.example.com` for a specific instance, or
`<service-id>.haze.example.com` for the last created instead. For example
`<service-id>.haze.example.com` for the last created instance. For example
`rolling-bees-mail.haze.example.com` will give access to the smtp4dev web
interface of the `rolling-bees` instance.

38
certificates/sftp/id_rsa Normal file
View file

@ -0,0 +1,38 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA323aWqH6YwRLbCBO94UKOkfnJ2m6Zsic0dMt3TmDnjLU0JzpOt7w
t5+mMZrEKQTpefozyUHo3z+HkmllLAGOupNy3A+jG2O955UUgw0dGfu6j6OOb66Du9jpqt
8BQ6gr3cEYASplPI7B889/cVpJ5l1HiBUgyR7Z16v15qCDtmpFVIECAdICEmPosfmZutt3
YYl9xLay5WCmUztWS/amPcGs0DOEGrWeCtdxGKWT3TywdBKyQ0PbdYMamgDIT7JV1ZSzZP
aly4sB7E+dpS5AgBFVXmZ61151KN1TJ8gyoUjFhY7ctYEIpncZmyT4PYvyIvxRsbJtvERi
eNH8DoX5DwtqcxbgHK0OwYtdl4ydRXToYo3l+qIidf+g8ADVea/mbkfTPegdToo3LOuThX
OwExDlukpM8obFDpz1Yl1L6rRJAVNO1KmHWhn6to23jtYjBhczA2nkemQXQbVSjc/hItjQ
DIFNMOsLW33P+Y2k9LkpI0TL09ogOxOFZzGZp2tNAAAFgIgMIZ+IDCGfAAAAB3NzaC1yc2
EAAAGBAN9t2lqh+mMES2wgTveFCjpH5ydpumbInNHTLd05g54y1NCc6Tre8LefpjGaxCkE
6Xn6M8lB6N8/h5JpZSwBjrqTctwPoxtjveeVFIMNHRn7uo+jjm+ug7vY6arfAUOoK93BGA
EqZTyOwfPPf3FaSeZdR4gVIMke2der9eagg7ZqRVSBAgHSAhJj6LH5mbrbd2GJfcS2suVg
plM7Vkv2pj3BrNAzhBq1ngrXcRilk908sHQSskND23WDGpoAyE+yVdWUs2T2pcuLAexPna
UuQIARVV5metdedSjdUyfIMqFIxYWO3LWBCKZ3GZsk+D2L8iL8UbGybbxEYnjR/A6F+Q8L
anMW4BytDsGLXZeMnUV06GKN5fqiInX/oPAA1Xmv5m5H0z3oHU6KNyzrk4VzsBMQ5bpKTP
KGxQ6c9WJdS+q0SQFTTtSph1oZ+raNt47WIwYXMwNp5HpkF0G1Uo3P4SLY0AyBTTDrC1t9
z/mNpPS5KSNEy9PaIDsThWcxmadrTQAAAAMBAAEAAAGAWCkM/TEnztU9e3M+JX253OhNRe
h6lB75ffOxh7avgAc3oP8hKkkYu6PDnJQgbb0R8T7wGywmGp0DPhrXQGd27ZjLvBhxeBfB
sbTJ7LIKdxu0cAQN6nR2Z3M+NF2dLpiXgn80HRWg76W20yDffRcuzLamyIPptWI2e9rPAw
r4HczOAXuMErLOfXotsbg22BvL/dEWLr4WVdruli32LbArxXd73IVPTYi3TTjYV+zRrPzK
9WoBK/iFClfKcdT4NTY82llQesuUNu640lEJtT2G3Iba8UZnohyzm/S+UbeU65z8DKD5co
P7+QehxQSV+kj2BZnTi0WEwsD+GTznJYR5rvUsJCCAzoISsWrncSSgOQhF2XeW/T4ewvH+
njLZViEhdG8R3kkdDjJG91OrSgrEqlk6Qhz1xEsv1rCOR69En7EJP3TNNrymPXPASrAnuE
HQkrVgGUfGqyD1sw1e6nBfNWisuw+g99CieIB8EI9WwpxQdKqWNU9Hjx+SAdC3NrPjAAAA
wQCo0hUGjSf6xhcgeaNa0gWSKEVuFhxR/FaCPTKadV7Md0APW4toeQZDujzDFlCZbQTZjC
0723B4lKugDzXfsOgvOTKp4vEjZOu0YGruS00LFWM7Sutdzx68b/ZMFALzITt/myKVMdpv
WpaO+3+PyEYIQH44QrSWw7cKLzNiZ8kt2drPkPktub4o2h5TdIBluEQLJDPMejy8IqQEU8
aOyJOMvYxAbGAWY7Ck9DGlcJgaFdORROW8d8ZGrHQkyRl41JQAAADBAPeUMsrbI17wPP/s
Tsrkms5ws5yTz0xle2Wn6HwDSzQRSdn5abnIDYb3QSy0nRBvczef6ssH65dl50+2V4BV2L
MwHcmKD6/UoFsWwP/RMf1EoacPFiEAWJGxFbOthNX+rx5BpbUHNoQd8xby+88saDI0e8W6
36HPBZrAZhQljkMa4OJqZDDCpOJvSndXwkZ789E96uprKopJZGwlLmfMtikQpNXT9R+I0b
SQCJj4yNakcdOE/7UifkOR02u+pgux3wAAAMEA5wdelKwGQ0EdkIF2TM844uLPszo3ZSH+
Heff/Lbxs1Y+oL0NTJQicwMF0d9WEwBoTZJpuzsQEA1zkfmW0gi2womIRmiY0ZhpxbBuhO
6XePMIhUfQmWWjaUbAkrNB0eJkSTuUGzwxVkMXehrMuj4gYe8GMC8GgULbP0A8FjH01fKk
jFwgg4WAg6zUTpck12bh49NZRFyXIbXNk/jjxJtb0p//5TRTUQ6mR5IloaNTM23EiF6tle
Y6CAchnyhHO0BTAAAACWhhemVAaGF6ZQE=
-----END OPENSSH PRIVATE KEY-----

1
certificates/sftp/id_rsa.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfbdpaofpjBEtsIE73hQo6R+cnabpmyJzR0y3dOYOeMtTQnOk63vC3n6YxmsQpBOl5+jPJQejfP4eSaWUsAY66k3LcD6MbY73nlRSDDR0Z+7qPo45vroO72Omq3wFDqCvdwRgBKmU8jsHzz39xWknmXUeIFSDJHtnXq/XmoIO2akVUgQIB0gISY+ix+Zm623dhiX3EtrLlYKZTO1ZL9qY9wazQM4QatZ4K13EYpZPdPLB0ErJDQ9t1gxqaAMhPslXVlLNk9qXLiwHsT52lLkCAEVVeZnrXXnUo3VMnyDKhSMWFjty1gQimdxmbJPg9i/Ii/FGxsm28RGJ40fwOhfkPC2pzFuAcrQ7Bi12XjJ1FdOhijeX6oiJ1/6DwANV5r+ZuR9M96B1Oijcs65OFc7ATEOW6SkzyhsUOnPViXUvqtEkBU07UqYdaGfq2jbeO1iMGFzMDaeR6ZBdBtVKNz+Ei2NAMgU0w6wtbfc/5jaT0uSkjRMvT2iA7E4VnMZmna00= haze@haze

88
nix/image/bootstrap Executable file
View file

@ -0,0 +1,88 @@
#!/bin/nu
touch /var/log/nginx/access.log
touch /var/log/nginx/error.log
touch /var/log/cron/owncloud.log
mkdir /config
echo "# Options in here overwrite the builtin php.ini\n" | save /config/php.ini
echo "# xdebug.mode = debug\n" | save -a /config/php.ini
echo "# xdebug.start_with_request = yes\n\n" | save -a /config/php.ini
chmod 0777 /config/php.ini
let PHP_INI_DIR = php --ini | grep 'Scan' | cut -d ' ' -f7 | tr -d '"'
ln -s /config/php.ini $"($PHP_INI_DIR)/zz_extra.ini"
let HAZE_UID = $env.HAZE_UID | default "1000"
let HAZE_GID = $env.HAZE_GID | default "1000"
nc-auto-config
shadow-setup
echo $"Running as ($HAZE_UID):($HAZE_GID)"
mkdir /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
chown -R $"($HAZE_UID):($HAZE_GID)" /var/www/html/data /var/www/html/config
chown $"($HAZE_UID):($HAZE_GID)" /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/composer.lock /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
echo "{}\n" | save -f /var/www/html/build/integration/composer.lock
echo $"Starting server using ($env.SQL) database…"
chmod +sx /sbin/sudo
mkdir /var/log/nginx /tmp /var/run/blackfire
touch /var/log/nginx/access.log
touch /var/log/nginx/error.log
if ((getent group $HAZE_GID | length) > 0) {
groupadd haze
useradd -u $HAZE_UID -g $HAZE_GID -G haze haze
} else {
groupadd -g $HAZE_GID haze
useradd -u $HAZE_UID -g $HAZE_GID haze
}
chown -R $"haze:($HAZE_GID)" /home/haze
ls -af /etc/home | each {|file| ln -s $file.name $"/home/haze/($file.name | path basename)" }
if ("/var/run/docker.sock" | path exists) {
let dockerGid = stat --format "%g" /var/run/docker.sock
groupadd docker -g $dockerGid
usermod -a -G docker haze
}
if ("REDIS_TLS" in $env) {
cp /etc/supervisor/redis-tls.conf /etc/supervisor/enabled/
} else {
cp /etc/supervisor/redis-plain.conf /etc/supervisor/enabled/
}
if ("BLACKFIRE_SERVER_ID" in $env) {
blackfire agent:config --server-id $env.BLACKFIRE_SERVER_ID --server-token $env.BLACKFIRE_SERVER_TOKEN
cp /etc/supervisor/blackfire.conf /etc/supervisor/enabled/
}
if ("PROXY_BASE" in $env) {
let UPSTREAM_DNS = cat /etc/resolv.conf | grep nameserver | cut -d' ' -f 2
let RC = sed '/nameserver/d' /etc/resolv.conf
echo $RC | save -f /etc/resolv.conf
echo "\nnameserver 127.0.0.22\n" | save -a /etc/resolv.conf
echo $"s/UPSTREAM_DNS/($UPSTREAM_DNS)"
sed -i $"s/UPSTREAM_DNS/($UPSTREAM_DNS)/" /etc/dnsmasq.conf
echo $"s/PROXY_BASE/($env.PROXY_BASE)"
sed -i $"s/PROXY_BASE/($env.PROXY_BASE)/" /etc/dnsmasq.conf
echo $"s/HOST_IP/($env.HOST_IP)"
sed -i $"s/HOST_IP/($env.HOST_IP)/" /etc/dnsmasq.conf
cp /etc/supervisor/dnsmasq.conf /etc/supervisor/enabled/
}
if ("FRANKENPHP" in $env) {
cp /etc/supervisor/frankenphp.conf /etc/supervisor/enabled/
} else {
cp /etc/supervisor/php-fpm.conf /etc/supervisor/enabled/
cp /etc/supervisor/nginx.conf /etc/supervisor/enabled/
}
exec supervisord -c /etc/supervisor/supervisord.conf

79
nix/image/bootstrap.sh
View file

@ -1,79 +0,0 @@
#!/usr/bin/env bash
touch /var/log/nginx/access.log
touch /var/log/nginx/error.log
touch /var/log/cron/owncloud.log
mkdir -p /config
echo "# Options in here overwrite the builtin php.ini" > /config/php.ini
echo "# xdebug.mode = debug" >> /config/php.ini
echo "# xdebug.start_with_request = yes" >> /config/php.ini
chmod 0777 /config/php.ini
PHP_INI_DIR="$(php --ini | grep 'Scan' | cut -d ' ' -f7 | tr -d '"')"
ln -s /config/php.ini "$PHP_INI_DIR/zz_extra.ini"
HAZE_UID=${HAZE_UID:-www-data}
HAZE_GID=${HAZE_GID:-www-data}
nc-auto-config
shadow-setup
echo "Running as $HAZE_UID:$HAZE_GID"
mkdir -p /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
chown -R "$HAZE_UID":"$HAZE_GID" /var/www/html/data /var/www/html/config
chown "$HAZE_UID":"$HAZE_GID" /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/composer.lock /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
echo "{}" > /var/www/html/build/integration/composer.lock
echo "Starting server using $SQL database…"
# tail --follow --retry /var/log/nginx/*.log /var/log/cron/owncloud.log &
chmod +sx /sbin/sudo
mkdir -p /var/log/nginx /tmp /var/run/blackfire
touch /var/log/nginx/access.log
touch /var/log/nginx/error.log
HAZE_UID=${HAZE_UID:-1000}
HAZE_GID=${HAZE_GID:-1000}
if [ "$(getent group "$HAZE_GID")" ]; then
groupadd haze
EXTRA_GROUP=" -G haze"
else
groupadd -g "$HAZE_GID" haze
EXTRA_GROUP=""
fi
useradd -u "$HAZE_UID" -g "$HAZE_GID""$EXTRA_GROUP" haze
chown -R haze:"$HAZE_GID" /home/haze
if [ -f "/var/run/docker.sock" ]; then
groupadd docker -g "$(stat --format "%g" /var/run/docker.sock)"
usermod -a -G docker haze
fi
if [ -n "${REDIS_TLS:-}" ]
then
redis-server --protected-mode no \
--tls-port 6379 --port 0 \
--tls-cert-file /certificates/redis/server.crt \
--tls-key-file /certificates/redis/server.key \
--tls-ca-cert-file /certificates/redis/ca.crt &
else
redis-server --protected-mode no &
fi
if [ -n "${BLACKFIRE_SERVER_ID:-}" ]
then
sh -c '
yes | blackfire agent:config --server-id=$BLACKFIRE_SERVER_ID --server-token=$BLACKFIRE_SERVER_TOKEN
BLACKFIRE_LOG_LEVEL=4 BLACKFIRE_LOG_FILE=/var/log/agent.log blackfire agent &
'&
fi
php-fpm --fpm-config /etc/php-fpm.conf&
nginx -c /etc/nginx.conf

13
nix/image/configs.nix
View file

@ -1,12 +1,7 @@
{runCommand}:
runCommand "configs" {} ''
mkdir -p $out/etc
mkdir -p $out/etc/sudoers.d
mkdir -p $out/conf
cp ${./configs/cron.conf} $out/etc/oc-cron.conf
cp ${./configs/nginx-app.conf} $out/conf/nginx-app.conf
cp ${./configs/sudoers} $out/etc/sudoers.d/haze
cp -r ${./configs/nc} $out/etc/nc
cp ${./php-fpm.conf} $out/etc/php-fpm.conf
cp ${./nginx.conf} $out/etc/nginx.conf
mkdir -p $out
cp -r ${./configs} $out/etc
chmod -R +w $out/etc
mkdir $out/etc/supervisor/enabled/
''

6
nix/image/configs/dnsmasq.conf Normal file
View file

@ -0,0 +1,6 @@
listen-address=127.0.0.22
no-resolv
address=/PROXY_BASE/HOST_IP
server=UPSTREAM_DNS

1
nix/image/configs/home/.sqliterc Normal file
View file

@ -0,0 +1 @@
.mode table

1
nix/image/configs/nc/redis-default.php
View file

@ -1,2 +1 @@
'redis' => ['host' => 'localhost'],
//PLACEHOLDER

1
nix/image/configs/nc/redis-tls.php
View file

@ -8,4 +8,3 @@
'verify_peer_name' => false,
],
],
//PLACEHOLDER

13
nix/image/nginx.conf → nix/image/configs/nginx.conf
View file

@ -79,7 +79,7 @@ http {
}
}
include /conf/nginx-app.conf;
include /etc/nginx-app.conf;
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
@ -109,5 +109,16 @@ http {
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location /fpm-status {
include /conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler;
fastcgi_read_timeout 3600;
proxy_request_buffering off;
fastcgi_request_buffering off;
fastcgi_buffering off;
}
}
}

0
nix/image/configs/cron.conf → nix/image/configs/oc-cron.conf
View file

5
nix/image/php-fpm.conf → nix/image/configs/php-fpm.conf
View file

@ -1,11 +1,11 @@
[global]
error_log = /proc/self/fd/2
error_log = /var/log/php-fpm-error.log
daemonize = no
[www]
access.log = /proc/self/fd/2
access.log =/var/log/php-fpm-access.log
user = haze
group = haze
@ -21,6 +21,7 @@ pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /fpm-status
clear_env = no

0
nix/image/configs/sudoers → nix/image/configs/sudoers.d/haze
View file

2
nix/image/configs/supervisor/blackfire.conf Normal file
View file

@ -0,0 +1,2 @@
[program:blackfire]
command = blackfire agent

2
nix/image/configs/supervisor/dnsmasq.conf Normal file
View file

@ -0,0 +1,2 @@
[program:dnsmasq]
command = /bin/dnsmasq --keep-in-foreground -u root

3
nix/image/configs/supervisor/frankenphp.conf Normal file
View file

@ -0,0 +1,3 @@
[program:frankenphp]
command = /bin/frankenphp php-server
directory = /var/www/html

2
nix/image/configs/supervisor/nginx.conf Normal file
View file

@ -0,0 +1,2 @@
[program:nginx]
command = /bin/nginx -c /etc/nginx.conf

2
nix/image/configs/supervisor/php-fpm.conf Normal file
View file

@ -0,0 +1,2 @@
[program:php-fpm]
command = /bin/php-fpm --fpm-config /etc/php-fpm.conf

2
nix/image/configs/supervisor/redis-plain.conf Normal file
View file

@ -0,0 +1,2 @@
[program:redis]
command = /bin/redis-server --protected-mode no

2
nix/image/configs/supervisor/redis-tls.conf Normal file
View file

@ -0,0 +1,2 @@
[program:redis-tls]
command = /bin/redis-server --protected-mode no --tls-port 6379 --port 0 --tls-cert-file /certificates/redis/server.crt --tls-key-file /certificates/redis/server.key --tls-ca-cert-file /certificates/redis/ca.crt

19
nix/image/configs/supervisor/supervisord.conf Normal file
View file

@ -0,0 +1,19 @@
[supervisord]
logfile = /dev/stdout
logfile_maxbytes = 0
nodaemon = true
pidfile = /var/run/supervisord.pid
user = root
[unix_http_server]
file = /var/run/supervisor.sock
chmod = 0777
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///var/run/supervisor.sock
[include]
files = enabled/*

59
nix/image/haze.nix
View file

@ -7,10 +7,9 @@
blackfire,
coreutils,
getent,
writers,
shadow,
buildEnv,
runCommand,
cacert,
callPackage,
cronie,
redis,
@ -33,18 +32,20 @@
writeShellApplication,
vim,
helix,
python3Packages,
dnsmasq,
frankenphp,
nushell,
}: let
inherit (builtins) toString;
inherit (lib) readFile getExe concatStringsSep splitString take;
inherit (builtins) toString compareVersions;
inherit (lib) readFile getExe concatStringsSep splitString take optionals;
version = (fromTOML (readFile ../../Cargo.toml)).package.version;
phpVersion = concatStringsSep "." (take 2 (splitString "." php.version));
phpEnv = callPackage ./php.nix {inherit debug php;};
bootstrap = writeShellApplication {
name = "bootstrap";
runtimeInputs = [getent];
text = readFile ./bootstrap.sh;
};
bootstrap = writers.writeNuBin "bootstrap" (readFile ./bootstrap);
shadowSetupScript = writeShellApplication {
name = "shadow-setup";
text = dockerTools.shadowSetup;
@ -70,14 +71,6 @@
php = phpEnv;
};
phpunitWrapped = majorVersion:
writeShellApplication {
name = "phpunit${toString majorVersion}";
text = ''
${phpunitUnwrapped (toString majorVersion)}/bin/phpunit "$@"
'';
};
phpunit = writeShellApplication {
name = "phpunit";
runtimeInputs = [jq];
@ -145,6 +138,10 @@
oracle-instantclient
vim
helix
python3Packages.supervisor
dnsmasq
nushell
getent
];
};
@ -153,11 +150,20 @@
tag = phpVersion;
fromImage = baseImage;
copyToRoot = [
phpEnv
phpEnv.packages.composer
phpunit
];
copyToRoot =
[
phpEnv
phpEnv.packages.composer
phpunit
]
++ optionals ((compareVersions phpVersion "8.2") == 1) [
(frankenphp.override {
php = php.withExtensions (import ./php-ext.nix {
inherit lib php;
enableBlackfire = false;
});
})
];
};
in
dockerTools.buildLayeredImage {
@ -185,7 +191,14 @@ in
'';
config = {
Cmd = [(getExe bootstrap)];
Env = ["EDITOR=hx" "WEBROOT=/var/www/html"];
Env = [
"EDITOR=hx"
"WEBROOT=/var/www/html"
"HAZE_IMAGE_VERSION=${toString version}"
];
WorkingDir = "/var/www/html";
Labels = {
"nl.icewind.haze.version" = toString version;
};
};
}

45
nix/image/php-ext.nix Normal file
View file

@ -0,0 +1,45 @@
{
lib,
php,
debug ? false,
enableBlackfire ? true,
}: let
inherit (builtins) compareVersions;
inherit (lib) optionals;
withBlackfire = enableBlackfire && !debug && ((compareVersions php.version "8.1.0") == 1);
in
{
enabled,
all,
}:
enabled
++ (with all;
[
xdebug
excimer
inotify
redis
oci8
zip
pdo
pdo_pgsql
pdo_sqlite
pdo_mysql
pgsql
intl
curl
mbstring
pcntl
ldap
exif
gmp
apcu
ffi
imagick
]
++ optionals (!debug) [
# smbclient # this breaks the build for no apparent reason
]
++ optionals withBlackfire [
blackfire
])

71
nix/image/php.nix
View file

@ -2,60 +2,23 @@
lib,
php,
debug ? false,
}: let
inherit (builtins) compareVersions;
inherit (lib) optionals;
withBlackfire = !debug && ((compareVersions php.version "8.1.0") == 1);
in
php.buildEnv {
extensions = {
enabled,
all,
}:
enabled
++ (with all;
[
xdebug
excimer
inotify
redis
oci8
zip
pdo
pdo_pgsql
pdo_sqlite
pdo_mysql
pgsql
intl
curl
mbstring
pcntl
ldap
exif
gmp
apcu
ffi
]
++ optionals (!debug) [
smbclient # this breaks the build for no apparent reason
]
++ optionals withBlackfire [
blackfire
]);
extraConfig = ''
xdebug.mode=debug,trace,profile
xdebug.start_with_request=trigger
xdebug.discover_client_host=false
xdebug.client_host=hazehost
xdebug.log_level=0
xdebug.output_dir=/tmp/xdebug
}:
php.buildEnv {
extensions = import ./php-ext.nix {inherit lib php debug;};
extraConfig = ''
xdebug.mode=debug,trace,profile
xdebug.start_with_request=trigger
xdebug.discover_client_host=false
xdebug.client_host=hazehost
xdebug.log_level=0
xdebug.output_dir=/tmp/xdebug
memory_limit=512M
memory_limit=512M
post_max_size 10G
upload_max_filesize 10G
post_max_size 10G
upload_max_filesize 10G
apc.enable_cli=1
opcache.enable_cli=1
'';
}
apc.enable_cli=1
opcache.enable_cli=1
'';
}

38
nix/image/scripts/install
View file

@ -1,20 +1,22 @@
#!/bin/sh
#!/bin/nu
USER=$1
PASSWORD=$2
def main [username: string, password: string] {
cd $env.WEBROOT;
let sql = match $env.SQL {
"oracle" => "oci"
"mariadb" => "mysql"
_ => $env.SQL
}
let dbName = match $env.SQL {
"oracle" => "xe"
_ => "haze"
}
let dbUser = match $env.SQL {
"oracle" => "system"
_ => "haze"
}
let dbPass = "haze"
let dbHost = $env.SQL
if [ -z "$USER" ] || [ -z "$PASSWORD" ]; then
echo "Usage: install \$USER \$PASSWORD"
exit;
fi
cd $WEBROOT
if [ "$SQL" = "oracle" ]; then
# oracle is a special snowflake
occ maintenance:install --admin-user=$USER --admin-pass=$PASSWORD --database=oci --database-name=xe --database-host=$SQL --database-user=system --database-pass=haze
elif [ "$SQL" = "mariadb" ]; then
occ maintenance:install --admin-user=$USER --admin-pass=$PASSWORD --database=mysql --database-name=haze --database-host=$SQL --database-user=haze --database-pass=haze
else
occ maintenance:install --admin-user=$USER --admin-pass=$PASSWORD --database=$SQL --database-name=haze --database-host=$SQL --database-user=haze --database-pass=haze
fi;
occ maintenance:install --admin-user $username --admin-pass $password --database $sql --database-name $dbName --database-host $dbHost --database-user $dbUser --database-pass $dbPass
}

24
nix/image/scripts/integration
View file

@ -1,4 +1,22 @@
#!/bin/sh
#!/bin/nu
cd $WEBROOT/build/integration
./run.sh "$@"
def --wrapped main [feature: path, ...rest] {
mut feature = $feature;
mut workdir = $"($env.WEBROOT)/build/integration"
if ($feature | str starts-with "apps/") {
let parts = $feature | split row '/'
occ app:enable $parts.1
let parts = $feature | split row -n 2 '/features/'
$workdir = $parts.0
$feature = $"features/($parts.1)"
} else if ($feature | str starts-with "build/integration/") {
$feature = $feature | str replace "build/integration/" ""
}
# don't use the proxy urls for generated urls
occ config:system:delete overwritehost
occ config:system:delete overwriteprotocol
cd $workdir
bash run.sh $feature ...$rest
}

80
nix/image/scripts/nc-auto-config
View file

@ -1,4 +1,4 @@
#!/usr/bin/env bash
#!/bin/nu
touch /var/log/nginx/access.log
touch /var/log/nginx/error.log
@ -7,64 +7,30 @@ touch /var/log/cron/owncloud.log
cp /etc/nc/config.php /var/www/html/config/config.php
chmod 0755 /var/www/html/config/config.php
if [ "$SQL" = "mysql" ]
then
cp /etc/nc/autoconfig_mysql.php /var/www/html/config/autoconfig.php
fi
let configName = match $env.SQL {
"oracle" => "oci"
_ => $env.SQL
if [ "$SQL" = "mariadb" ]
then
cp /etc/nc/autoconfig_mariadb.php /var/www/html/config/autoconfig.php
fi
}
let configPath = $"/etc/nc/autoconfig_($configName).php"
if [ "$SQL" = "pgsql" ]
then
cp /etc/nc/autoconfig_pgsql.php /var/www/html/config/autoconfig.php
fi
if ($configPath | path exists) {
cp $configPath /var/www/html/config/autoconfig.php
}
if [ "$SQL" = "oci" ]
then
cp /etc/nc/autoconfig_oci.php /var/www/html/config/autoconfig.php
fi
def loadExtraConfig [name: string] {
sed -i $'/\/\/PLACEHOLDER/ r /etc/nc/($name).php' /var/www/html/config/config.php
}
if [ -n "${S3:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3.php' /var/www/html/config/config.php
fi
let extraConfigs = ["S3", "S3S", "S3MB", "S3M", "SWIFT", "SWIFTV3", "AZURE"];
$extraConfigs | each {
if ($in in $env) {
loadExtraConfig ($in | str downcase)
}
}
if [ -n "${S3S:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3s.php' /var/www/html/config/config.php
fi
if [ -n "${S3MB:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3mb.php' /var/www/html/config/config.php
fi
if [ -n "${S3M:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3m.php' /var/www/html/config/config.php
fi
if [ -n "${SWIFT:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/swift.php' /var/www/html/config/config.php
fi
if [ -n "${SWIFTV3:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/swiftv3.php' /var/www/html/config/config.php
fi
if [ -n "${AZURE:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/azure.php' /var/www/html/config/config.php
fi
if [ -n "${REDIS_TLS:-}" ]
then
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/redis-tls.php' /var/www/html/config/config.php
else
sed -i '/\/\/PLACEHOLDER/ r /etc/nc/redis-default.php' /var/www/html/config/config.php
fi
if ("REDIS_TLS" in $env) {
loadExtraConfig "redis-tls"
} else {
loadExtraConfig "redis-default"
}

8
nix/image/scripts/occ
View file

@ -1,5 +1,5 @@
#!/bin/sh
#!/bin/nu
export XDEBUG_SESSION=haze
php $WEBROOT/occ "$@"
def --wrapped main [...rest] {
XDEBUG_SESSION=haze php $"($env.WEBROOT)/occ" ...$rest
}

10
nix/image/scripts/tests
View file

@ -1,7 +1,7 @@
#!/bin/sh
#!/bin/nu
cd $WEBROOT
def --wrapped main [...rest] {
cd $env.WEBROOT
export XDEBUG_SESSION=haze
phpunit --configuration $WEBROOT/tests/phpunit-autotest.xml $@
XDEBUG_SESSION=haze phpunit --configuration $"($env.WEBROOT)/tests/phpunit-autotest.xml" ...$rest
}

5
nix/package.nix
View file

@ -1,6 +1,5 @@
{
rustPlatform,
pkg-config,
lib,
git,
}: let
@ -10,7 +9,7 @@
src = sourceByRegex ../. ["Cargo.*" "(src|certificates)(/.*)?"];
version = (fromTOML (readFile ../Cargo.toml)).package.version;
in
rustPlatform.buildRustPackage rec {
rustPlatform.buildRustPackage {
pname = "haze";
inherit src version;
@ -20,7 +19,7 @@ in
cargoLock = {
lockFile = ../Cargo.lock;
outputHashes = {
"hyper-reverse-proxy-0.5.2-dev" = "sha256-+ebi4FVVkiOpf75e8K5oGkHJBYQjLNJhUPNj+78zd7Q=";
"hyper-reverse-proxy-0.5.2-dev" = "sha256-awmj5aLFTea+kj81cwmfP1HWlWezwEKfyQSUJWjtamk=";
};
};
}

88
src/git.rs
View file

@ -2,11 +2,15 @@ use crate::config::HazeConfig;
use crate::Result;
use git2::build::CheckoutBuilder;
use git2::{Branch, BranchType, Repository, RepositoryState};
use indicatif::{MultiProgress, ProgressBar, ProgressStyle};
use miette::{Context, IntoDiagnostic};
use rayon::iter::{IntoParallelRefIterator, ParallelIterator};
use rayon::ThreadPoolBuilder;
use std::fs::read_dir;
use std::iter::once;
use std::path::PathBuf;
use std::process::Command;
use std::time::Duration;
fn find_app_repos(config: &HazeConfig) -> Result<impl Iterator<Item = PathBuf>> {
let apps_dirs = once(config.sources_root.as_path().join("apps"))
@ -83,38 +87,66 @@ const GIT_BINARY: &str = match option_env!("GIT_BINARY") {
pub fn pull_all(config: &HazeConfig) -> Result<()> {
let (max_app, max_branch) = longest_app_branch(config)?;
for app_dir in find_app_repos(config)? {
let app_name = app_dir.file_name().unwrap().to_string_lossy();
let repo = Repository::init(&app_dir)
.into_diagnostic()
.wrap_err_with(|| format!("Failed to open repository {}", app_dir.display()))?;
let branch_name = current_branch_name(&repo).unwrap_or("unknown".into());
let progress = MultiProgress::new();
let pull_style = ProgressStyle::with_template("{spinner:.green} {msg}").unwrap();
print!(
"{app_name:<app_width$} - {branch_name:<branch_width$}",
app_width = max_app,
branch_width = max_branch
);
let pool = ThreadPoolBuilder::new()
.num_threads(8)
.build()
.into_diagnostic()?;
let repos = find_app_repos(config)?.collect::<Vec<_>>();
if repo.state() != RepositoryState::Clean {
println!(": repository not clean ❌");
continue;
}
pool.install(|| {
repos.par_iter().for_each(|app_dir| {
let app_name = app_dir.file_name().unwrap().to_string_lossy();
let Ok(repo) = Repository::init(app_dir) else {
return;
};
let branch_name = current_branch_name(&repo).unwrap_or("unknown".into());
let output = Command::new(GIT_BINARY)
.arg("pull")
.current_dir(&app_dir)
.output()
.into_diagnostic()
.wrap_err_with(|| format!("Failed to run git pull for {}", app_dir.display()))?;
let bar = ProgressBar::new_spinner().with_style(pull_style.clone());
bar.enable_steady_tick(Duration::from_millis(100));
let bar = progress.add(bar);
let msg = |state: &str| {
format!(
"{app_name:<app_width$} - {branch_name:<branch_width$}{state}",
app_width = max_app,
branch_width = max_branch
)
};
if repo.state() != RepositoryState::Clean {
bar.set_message(msg(" repository not clean"));
bar.finish();
return;
}
bar.set_message(msg(""));
let output = match Command::new(GIT_BINARY)
.arg("pull")
.current_dir(app_dir)
.output()
{
Ok(output) => output,
Err(error) => {
bar.set_message(msg(&format!(" {error}")));
return;
}
};
if output.status.success() {
bar.set_message(msg(""));
} else {
let err = String::from_utf8_lossy(&output.stderr);
let err_line = err.lines().next().unwrap();
bar.set_message(msg(&format!(" {err_line}")));
}
bar.finish();
});
});
if output.status.success() {
println!("");
} else {
println!("");
eprintln!("{}", String::from_utf8_lossy(&output.stderr))
}
}
Ok(())
}

37
src/image.rs
View file

@ -5,11 +5,48 @@ use futures_util::StreamExt;
use indicatif::{MultiProgress, ProgressBar, ProgressStyle};
use miette::{IntoDiagnostic, Result, WrapErr};
use std::collections::HashMap;
use std::fmt::{Display, Formatter};
use std::str::FromStr;
#[derive(Debug, Copy, Clone, PartialOrd, PartialEq)]
pub struct ImageVersion {
pub major: u8,
pub minor: u8,
pub patch: u8,
}
impl FromStr for ImageVersion {
type Err = ();
fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
let mut parts = s.split('.');
let major = parts.next().ok_or(())?.parse().map_err(|_| ())?;
let minor = parts.next().ok_or(())?.parse().map_err(|_| ())?;
let patch = parts.next().ok_or(())?.parse().map_err(|_| ())?;
Ok(ImageVersion {
major,
minor,
patch,
})
}
}
impl Display for ImageVersion {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{}.{}.{}", self.major, self.minor, self.patch)
}
}
pub async fn image_exists(docker: &Docker, image: &str) -> bool {
docker.inspect_image(image).await.is_ok()
}
pub async fn image_version(docker: &Docker, image: &str) -> Option<ImageVersion> {
let labels = docker.inspect_image(image).await.ok()?.config?.labels?;
let label = labels.get("nl.icewind.haze.version")?;
ImageVersion::from_str(label).ok()
}
pub async fn update_image(docker: &Docker, image: &str) -> Result<()> {
if image_exists(docker, image).await {
force_pull_image(docker, image).await?;

7
src/main.rs
View file

@ -633,12 +633,7 @@ async fn setup(docker: &Docker, options: CloudOptions, config: &HazeConfig) -> R
for service in cloud.services() {
for cmd in service.post_setup(docker, &cloud.id, config).await? {
cloud
.exec(
docker,
shell_words::split(&cmd).into_diagnostic()?,
false,
Vec::<String>::default(),
)
.exec(docker, cmd, false, Vec::<String>::default())
.await?;
}
}

19
src/php.rs
View file

@ -1,6 +1,7 @@
use owo_colors::OwoColorize;
use crate::config::ProxyConfig;
use crate::database::Database;
use crate::image::pull_image;
use crate::image::{image_version, pull_image, ImageVersion};
use crate::network::ensure_network_exists;
use crate::service::Service;
use crate::service::ServiceTrait;
@ -123,6 +124,17 @@ impl PhpVersion {
) -> Result<String> {
ensure_network_exists(docker, "haze").await?;
pull_image(docker, self.image()).await?;
let image_version = image_version(docker, self.image()).await;
let haze_version = ImageVersion::from_str(env!("CARGO_PKG_VERSION"));
if let (Some(image_version), Ok(haze_version)) = (image_version, haze_version) {
if image_version < haze_version {
eprintln!("{}: image version is out of date, run {} to update.", "Warning".red(), "haze update".blue());
eprintln!(" Haze version: {}", haze_version.bright_yellow());
eprintln!(" Image version: {}", image_version.bright_yellow());
}
}
let options = Some(CreateContainerOptions {
name: Some(id.to_string()),
..CreateContainerOptions::default()
@ -148,6 +160,11 @@ impl PhpVersion {
proxy_config.addr(id, IpAddr::V4(Ipv4Addr::LOCALHOST))
));
env.push(format!("HOST_IP={host}"));
if !proxy_config.address.is_empty() {
env.push(format!("PROXY_BASE={}", proxy_config.address));
}
let mut labels = hashmap! {
"haze-type".to_string() => "cloud".to_string(),
"haze-db".to_string() => db.name().to_string(),

72
src/proxy.rs
View file

@ -5,26 +5,34 @@ use axum::http::header::HOST;
use axum::http::HeaderValue;
use axum::{
body::Body,
extract::{Request, State},
extract::Request,
response::{IntoResponse, Response},
Router,
};
use bollard::Docker;
use futures_util::StreamExt;
use hyper::body::Incoming;
use hyper::server::conn::http1;
use hyper::service::service_fn;
use hyper::StatusCode;
use hyper_util::rt::TokioIo;
use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor};
use miette::{miette, IntoDiagnostic};
use std::collections::HashMap;
use std::convert::Infallible;
use std::fs::{create_dir_all, set_permissions};
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf;
use std::pin::pin;
use std::str::FromStr;
use std::sync::{Arc, Mutex};
use std::time::Duration;
use tokio::io::{AsyncRead, AsyncWrite};
use tokio::net::UnixListener;
use tokio::signal::ctrl_c;
use tokio::spawn;
use tokio::time::sleep;
use tokio_stream::wrappers::{TcpListenerStream, UnixListenerStream};
use tracing::{debug, error, info};
struct ActiveInstances {
@ -163,20 +171,26 @@ async fn serve(instances: ActiveInstances, listen: String, base_address: String)
ctrl_c().await.ok();
};
let app = Router::new().fallback(handler).with_state(AppState {
let state = AppState {
instances: instances.clone(),
base_address: base_address.clone(),
proxy_client: Arc::new(proxy_client),
});
};
if !listen.starts_with('/') {
let addr: SocketAddr = listen.parse().into_diagnostic()?;
let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
println!("listening on {}", listener.local_addr().unwrap());
axum::serve(listener, app)
.with_graceful_shutdown(cancel)
.await
.unwrap();
let mut connections = pin!(TcpListenerStream::new(listener).take_until(cancel));
while let Some(stream) = connections.next().await {
match stream {
Ok(stream) => handle_connection(state.clone(), stream),
Err(error) => {
error!(%error, "connection failed");
}
}
}
} else {
let listen: PathBuf = listen.into();
if let Some(parent) = listen.parent() {
@ -187,18 +201,42 @@ async fn serve(instances: ActiveInstances, listen: String, base_address: String)
}
let _ = tokio::fs::remove_file(&listen).await;
let uds = UnixListener::bind(&listen).unwrap();
let listener = UnixListener::bind(&listen).unwrap();
println!("listening on {}", listen.display());
set_permissions(&listen, PermissionsExt::from_mode(0o666)).into_diagnostic()?;
axum::serve(uds, app)
.with_graceful_shutdown(cancel)
.await
.unwrap();
let mut connections = pin!(UnixListenerStream::new(listener).take_until(cancel));
while let Some(stream) = connections.next().await {
match stream {
Ok(stream) => handle_connection(state.clone(), stream),
Err(error) => {
error!(%error, "connection failed");
}
}
}
}
Ok(())
}
fn handle_connection<I: AsyncRead + AsyncWrite + Unpin + Send + 'static>(
state: AppState,
stream: I,
) {
let io = TokioIo::new(stream);
// Spawn a tokio task to serve multiple connections concurrently
tokio::task::spawn(async move {
if let Err(err) = http1::Builder::new()
.serve_connection(io, service_fn(move |req| handler(state.clone(), req)))
.with_upgrades()
.await
{
eprintln!("Error serving connection: {:?}", err);
}
});
}
async fn get_remote(
host: Option<&HeaderValue>,
instances: &ActiveInstances,
@ -232,9 +270,9 @@ async fn get_remote(
}
}
type Client = hyper_util::client::legacy::Client<HttpConnector, Body>;
type Client = hyper_util::client::legacy::Client<HttpConnector, Incoming>;
async fn handler(State(state): State<AppState>, mut req: Request) -> Result<Response, StatusCode> {
async fn handler(state: AppState, mut req: Request<Incoming>) -> Result<Response, Infallible> {
let host = req.headers().get(HOST).cloned();
let remote = match get_remote(host.as_ref(), &state.instances, &state.base_address).await {
Ok(remote) => remote,
@ -259,13 +297,13 @@ async fn handler(State(state): State<AppState>, mut req: Request) -> Result<Resp
IpAddr::V4(Ipv4Addr::UNSPECIFIED),
&uri,
req,
&state.proxy_client,
state.proxy_client.as_ref(),
)
.await
{
Ok(response) => Ok(response.map(Body::new)),
Err(error) => {
error!(%error, "error while proxying request");
error!(?error, "error while proxying request");
Ok(StatusCode::BAD_REQUEST.into_response())
}
}

51
src/service.rs
View file

@ -14,6 +14,7 @@ mod sftp;
mod redis;
mod sharded;
mod smb;
mod webhook;
use crate::cloud::CloudOptions;
use crate::config::{HazeConfig, Preset, ProxyConfig};
@ -29,9 +30,10 @@ pub use crate::service::office::Office;
pub use crate::service::onlyoffice::OnlyOffice;
pub use crate::service::push::NotifyPush;
use crate::service::redis::Redis;
use crate::service::sftp::Sftp;
use crate::service::sftp::{Sftp, SftpKey};
use crate::service::sharded::{Sharding, ShardingMigrate, ShardingMigrateUnset, SingleShard};
use crate::service::smb::Smb;
use crate::service::webhook::Webhook;
use bollard::models::ContainerState;
use bollard::Docker;
use enum_dispatch::enum_dispatch;
@ -114,7 +116,7 @@ pub trait ServiceTrait {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(Vec::new())
}
@ -207,6 +209,19 @@ impl ServiceTrait for RedisTls {
}
}
#[derive(Clone, Eq, PartialEq, Debug)]
pub struct FrankenPhp;
impl ServiceTrait for FrankenPhp {
fn name(&self) -> &str {
"franken-php"
}
fn env(&self) -> &[&str] {
&["FRANKENPHP=1"]
}
}
#[derive(
Copy, Clone, Debug, PartialEq, EnumString, EnumMessage, EnumIter, IntoStaticStr, Display,
)]
@ -252,6 +267,8 @@ pub enum ServiceType {
Dav,
/// Sftp external storage
Sftp,
/// Sftp external storage with public key authentication
SftpKey,
/// ownCloud instance for migration
Oc,
/// Imaginary for preview generation
@ -281,6 +298,10 @@ pub enum ServiceType {
Redis,
/// External redis instance with TLS
RedisTls,
/// Use FrankenPHP instead of PHP-FPM
FrankenPhp,
/// Webhook test listener
Webhook,
}
#[enum_dispatch]
@ -299,6 +320,7 @@ pub enum Service {
ShardingMigrate(ShardingMigrate),
ShardingMigrateUnset(ShardingMigrateUnset),
Sftp(Sftp),
SftpKey(SftpKey),
Kaspersky(Kaspersky),
KasperskyIcap(KasperskyIcap),
Clam(Clam),
@ -310,6 +332,8 @@ pub enum Service {
Mail(Mail),
Redis(Redis),
RedisTls(RedisTls),
FrankenPhp(FrankenPhp),
Webhook(Webhook),
Preset(PresetService),
}
@ -340,6 +364,7 @@ impl Service {
}
ServiceType::Dav => Some(vec![Service::Dav(Dav)]),
ServiceType::Sftp => Some(vec![Service::Sftp(Sftp)]),
ServiceType::SftpKey => Some(vec![Service::SftpKey(SftpKey)]),
ServiceType::Oc => Some(vec![Service::Oc(Oc)]),
ServiceType::Imaginary => Some(vec![Service::Imaginary(Imaginary)]),
ServiceType::Kaspersky => Some(vec![Service::Kaspersky(Kaspersky)]),
@ -352,6 +377,8 @@ impl Service {
ServiceType::Mail => Some(vec![Service::Mail(Mail)]),
ServiceType::Redis => Some(vec![Service::Redis(Redis)]),
ServiceType::RedisTls => Some(vec![Service::RedisTls(RedisTls)]),
ServiceType::FrankenPhp => Some(vec![Service::FrankenPhp(FrankenPhp)]),
ServiceType::Webhook => Some(vec![Service::Webhook(Webhook)]),
}
} else {
presets
@ -414,15 +441,29 @@ impl ServiceTrait for PresetService {
_docker: &Docker,
_cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
let preset =
get_preset(&config.preset, &self.0).ok_or_else(|| Report::msg("invalid preset"))?;
let mut commands: Vec<_> = preset
.apps
.iter()
.map(|app| format!("occ app:enable {app} --force"))
.map(|app| {
vec![
"occ".into(),
"app:enable".into(),
app.clone(),
"--force".into(),
]
})
.collect();
commands.extend_from_slice(&preset.commands);
for cmnd in &preset.commands {
commands.push(shell_words::split(cmnd).into_diagnostic()?);
}
Ok(commands)
}
}
fn split_cmnd(s: &str) -> Vec<String> {
s.split(' ').map(String::from).collect()
}

46
src/service/clam.rs
View file

@ -2,7 +2,7 @@ use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::exec::exec;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
@ -85,14 +85,13 @@ impl ServiceTrait for ClamIcap {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=icap".into(),
"occ config:app:set files_antivirus av_host --value=clamav-icap".into(),
"occ config:app:set files_antivirus av_port --value=1344".into(),
"occ config:app:set files_antivirus av_icap_request_service --value=avscan".into(),
"occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"
.into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=icap"),
split_cmnd("occ config:app:set files_antivirus av_host --value=clamav-icap"),
split_cmnd("occ config:app:set files_antivirus av_port --value=1344"),
split_cmnd("occ config:app:set files_antivirus av_icap_request_service --value=avscan"),
split_cmnd("occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"),
])
}
}
@ -171,7 +170,7 @@ impl ServiceTrait for ClamIcapTls {
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
let mut cert = Vec::new();
exec(
docker,
@ -191,14 +190,13 @@ impl ServiceTrait for ClamIcapTls {
.wrap_err("Failed to write icap certificate")?;
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=icap".into(),
"occ config:app:set files_antivirus av_icap_tls --value=1".into(),
"occ config:app:set files_antivirus av_host --value=clamav-icap-tls".into(),
"occ config:app:set files_antivirus av_port --value=1345".into(),
"occ config:app:set files_antivirus av_icap_request_service --value=avscan".into(),
"occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"
.into(),
"occ security:certificates:import data/icap-cert.pem".into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=icap"),
split_cmnd("occ config:app:set files_antivirus av_icap_tls --value=1"),
split_cmnd("occ config:app:set files_antivirus av_host --value=clamav-icap-tls"),
split_cmnd("occ config:app:set files_antivirus av_port --value=1345"),
split_cmnd("occ config:app:set files_antivirus av_icap_request_service --value=avscan"),
split_cmnd("occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"),
split_cmnd("occ security:certificates:import data/icap-cert.pem"),
])
}
}
@ -221,10 +219,10 @@ impl ServiceTrait for Clam {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=executable".into(),
"occ config:app:set files_antivirus av_path --value=/bin/clamscan".into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=executable"),
split_cmnd("occ config:app:set files_antivirus av_path --value=/bin/clamscan"),
])
}
}
@ -294,10 +292,12 @@ impl ServiceTrait for ClamSocket {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=socket".into(),
"occ config:app:set files_antivirus av_socket --value=tcp://clamav-socket:3310".into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=socket"),
split_cmnd(
"occ config:app:set files_antivirus av_socket --value=tcp://clamav-socket:3310",
),
])
}
}

12
src/service/dav.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::config::ContainerCreateBody;
use bollard::models::{EndpointSettings, HostConfig, NetworkingConfig};
@ -76,12 +76,12 @@ impl ServiceTrait for Dav {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ files_external:create dav dav password::password".into(),
"occ files_external:config 1 host dav".into(),
"occ files_external:config 1 user test".into(),
"occ files_external:config 1 password test".into(),
split_cmnd("occ files_external:create dav dav password::password"),
split_cmnd("occ files_external:config 1 host dav"),
split_cmnd("occ files_external:config 1 user test"),
split_cmnd("occ files_external:config 1 password test"),
])
}
}

13
src/service/imaginary.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::config::NetworkingConfig;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig};
@ -71,11 +71,14 @@ impl ServiceTrait for Imaginary {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:system:set enabledPreviewProviders 0 --value='OC\\Preview\\Imaginary'"
.into(),
"occ config:system:set preview_imaginary_url --value='http://imaginary:9000'".into(),
split_cmnd(
"occ config:system:set enabledPreviewProviders 0 --value='OC\\Preview\\Imaginary'",
),
split_cmnd(
"occ config:system:set preview_imaginary_url --value='http://imaginary:9000'",
),
])
}
}

24
src/service/kaspersky.rs
View file

@ -2,7 +2,7 @@ use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::exec::exec;
use crate::image::{image_exists, pull_image};
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
@ -101,11 +101,11 @@ impl ServiceTrait for Kaspersky {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=kaspersky".into(),
"occ config:app:set files_antivirus av_host --value=kaspersky".into(),
"occ config:app:set files_antivirus av_port --value=80".into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=kaspersky"),
split_cmnd("occ config:app:set files_antivirus av_host --value=kaspersky"),
split_cmnd("occ config:app:set files_antivirus av_port --value=80"),
])
}
}
@ -187,13 +187,15 @@ impl ServiceTrait for KasperskyIcap {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:app:set files_antivirus av_mode --value=icap".into(),
"occ config:app:set files_antivirus av_host --value=kaspersky-icap".into(),
"occ config:app:set files_antivirus av_port --value=1344".into(),
"occ config:app:set files_antivirus av_icap_request_service --value=req".into(),
"occ config:app:set files_antivirus av_icap_response_header --value=X-Virus-ID".into(),
split_cmnd("occ config:app:set files_antivirus av_mode --value=icap"),
split_cmnd("occ config:app:set files_antivirus av_host --value=kaspersky-icap"),
split_cmnd("occ config:app:set files_antivirus av_port --value=1344"),
split_cmnd("occ config:app:set files_antivirus av_icap_request_service --value=req"),
split_cmnd(
"occ config:app:set files_antivirus av_icap_response_header --value=X-Virus-ID",
),
])
}
}

46
src/service/ldap.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::{HazeConfig, ProxyConfig};
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::config::NetworkingConfig;
use bollard::models::{ContainerCreateBody, ContainerState, EndpointSettings, HostConfig};
@ -86,6 +86,46 @@ impl ServiceTrait for Ldap {
) -> Result<bool> {
self.is_running(docker, cloud_id).await
}
async fn post_setup(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<Vec<String>>> {
Ok(vec![
split_cmnd("occ ldap:create-empty-config"),
split_cmnd("occ ldap:set-config s01 ldapHost ldap://ldap"),
split_cmnd("occ ldap:set-config s01 ldapPort 389"),
split_cmnd("occ ldap:set-config s01 ldapAgentName cn=admin,dc=example,dc=org"),
split_cmnd("occ ldap:set-config s01 ldapAgentPassword haze"),
split_cmnd("occ ldap:set-config s01 ldapBase dc=example,dc=org"),
split_cmnd("occ ldap:set-config s01 ldapBaseUsers dc=example,dc=org"),
split_cmnd("occ ldap:set-config s01 ldapBaseGroups dc=example,dc=org"),
split_cmnd("occ ldap:set-config s01 ldapLoginFilter (&(&(objectclass=inetOrgPerson))(uid=%uid))"),
split_cmnd("occ ldap:set-config s01 ldapUserFilter ((objectclass=inetOrgPerson))"),
split_cmnd("occ ldap:set-config s01 ldapUserFilterMode 0"),
split_cmnd("occ ldap:set-config s01 ldapUserDisplayName sn"),
split_cmnd("occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson"),
split_cmnd("occ ldap:set-config s01 ldapGroupFilter (&(|(objectclass=posixGroup)))"),
split_cmnd("occ ldap:set-config s01 ldapGroupFilterObjectclass posixGroup"),
split_cmnd("occ ldap:set-config s01 ldapEmailAttribute email"),
split_cmnd("occ ldap:set-config s01 ldapUuidUserAttribute email"),
split_cmnd("occ ldap:set-config s01 ldapUuidUserAttribute auto"),
split_cmnd("occ ldap:set-config s01 ldapUuidGroupAttribute auto"),
split_cmnd("occ ldap:set-config s01 ldapLoginFilterUsername 1"),
split_cmnd("occ ldap:set-config s01 ldapConfigurationActive 1"),
])
}
async fn start_message(
&self,
_docker: &Docker,
_cloud_id: &str,
_proxy: &ProxyConfig,
) -> Result<Option<String>> {
Ok(Some("\nLdap users provisioned:\n\t'cn=admin,dc=example,dc=org' and password 'haze'\n\t'cn=ldaptest,dc=example,dc=org' and password 'test'\n\nldaptest is available for login\n".into()))
}
}
#[derive(Debug, Clone, Eq, PartialEq)]
@ -185,8 +225,6 @@ impl ServiceTrait for LdapAdmin {
return Err(Report::msg("ldap admin not started"));
};
let addr = proxy.addr(&id, IpAddr::from_str(&ip).unwrap());
Ok(Some(format!(
"Ldap admin running at: {addr} with 'cn=admin,dc=example,dc=org' and password 'haze'"
)))
Ok(Some(format!("Ldap admin running at: {addr}")))
}
}

16
src/service/mail.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
@ -70,14 +70,14 @@ impl ServiceTrait for Mail {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ config:system:set mail_smtpmode --value smtp".into(),
"occ config:system:set mail_sendmailmode --value smtp".into(),
"occ config:system:set mail_domain --value haze".into(),
"occ config:system:set mail_smtphost --value mail".into(),
"occ config:system:set mail_smtpport --value 25".into(),
"occ user:setting admin settings email admin@haze".into(),
split_cmnd("occ config:system:set mail_smtpmode --value smtp"),
split_cmnd("occ config:system:set mail_sendmailmode --value smtp"),
split_cmnd("occ config:system:set mail_domain --value haze"),
split_cmnd("occ config:system:set mail_smtphost --value mail"),
split_cmnd("occ config:system:set mail_smtpport --value 25"),
split_cmnd("occ user:setting admin settings email admin@haze"),
])
}
}

22
src/service/objectstore.rs
View file

@ -2,7 +2,7 @@ use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::exec::exec;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{
ContainerCreateBody, ContainerState, EndpointSettings, HostConfig, NetworkingConfig,
@ -247,18 +247,18 @@ impl ServiceTrait for ObjectStore {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
match self {
ObjectStore::S3 => Ok(vec![
"occ files_external:create s3 amazons3 amazons3::accesskey".into(),
"occ files_external:config 1 bucket ext".into(),
"occ files_external:config 1 hostname s3".into(),
"occ files_external:config 1 port 9000".into(),
"occ files_external:config 1 use_ssl false".into(),
"occ files_external:config 1 use_path_style true".into(),
"occ files_external:config 1 key minio".into(),
"occ files_external:config 1 secret minio123".into(),
"mc alias set s3 http://s3:9000 minio minio123".into(),
split_cmnd("occ files_external:create s3 amazons3 amazons3::accesskey"),
split_cmnd("occ files_external:config 1 bucket ext"),
split_cmnd("occ files_external:config 1 hostname s3"),
split_cmnd("occ files_external:config 1 port 9000"),
split_cmnd("occ files_external:config 1 use_ssl false"),
split_cmnd("occ files_external:config 1 use_path_style true"),
split_cmnd("occ files_external:config 1 key minio"),
split_cmnd("occ files_external:config 1 secret minio123"),
split_cmnd("mc alias set s3 http://s3:9000 minio minio123"),
]),
// ObjectStore::S3s => Ok(vec![
// "occ files_external:create s3 amazons3 amazons3::accesskey".into(),

2
src/service/oc.rs
View file

@ -83,7 +83,7 @@ impl ServiceTrait for Oc {
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
if let Some(ip) = self.get_ips(docker, cloud_id).await?.next() {
let container = self.container_name(cloud_id).unwrap();
let addr = config.proxy.addr(&container, ip);

82
src/service/office.rs
View file

@ -32,6 +32,23 @@ impl ServiceTrait for Office {
config: &HazeConfig,
_options: &CloudOptions,
) -> Result<Vec<String>> {
let network_info = docker
.inspect_network(network, None)
.await
.into_diagnostic()?;
let gateway = network_info
.ipam
.as_ref()
.ok_or_else(|| Report::msg("Network has no ip info"))?
.config
.as_deref()
.ok_or_else(|| Report::msg("Network has no ip info"))?
.first()
.ok_or_else(|| Report::msg("Network has no ip info"))?
.gateway
.as_deref()
.ok_or_else(|| Report::msg("Network has no ip info"))?;
let image = "collabora/code";
pull_image(docker, image).await?;
let container_id = self.container_name(cloud_id).unwrap();
@ -39,28 +56,31 @@ impl ServiceTrait for Office {
name: Some(container_id.clone()),
..CreateContainerOptions::default()
});
let mut env = vec!["extra_params=--o:ssl.enable=false --o:ssl.termination=true"];
let mut env =
vec![r#"extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.frame_ancestors=*"#.to_string()];
let proxy_base = &config.proxy.address;
let clean_id = container_id.strip_prefix("haze-").unwrap_or(&container_id);
let server_name_opt = match (&config.proxy.address, config.proxy.https) {
(public, true) if !public.is_empty() => {
format!("server_name={clean_id}.{public}")
}
(public, false) if !public.is_empty() => {
format!("server_name={clean_id}.{public}")
}
_ => "".to_string(),
};
if !server_name_opt.is_empty() {
env.push(&server_name_opt);
if !proxy_base.is_empty() {
env.push(format!("server_name={clean_id}.{}", config.proxy.address));
}
let clean_cloud_id = cloud_id.strip_prefix("haze-").unwrap_or(cloud_id);
let hosts = if proxy_base.is_empty() {
vec![]
} else {
vec![
format!("{proxy_base}:{gateway}"),
format!("{clean_cloud_id}.{proxy_base}:{gateway}"),
]
};
let config = ContainerCreateBody {
image: Some(image.into()),
env: Some(env.into_iter().map(String::from).collect()),
env: Some(env),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
extra_hosts: Some(hosts),
..Default::default()
}),
labels: Some(hashmap! {
@ -99,7 +119,7 @@ impl ServiceTrait for Office {
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
let container = &self.container_name(cloud_id).unwrap();
let info = docker
.inspect_container(container, None)
@ -127,19 +147,27 @@ impl ServiceTrait for Office {
} else {
return Err(Report::msg("office not started"));
};
let public = config
.proxy
.addr_with_port(container, ip, self.proxy_port());
Ok(vec![
format!(
r#"occ config:app:set richdocuments wopi_url --value="http://{}:9980""#,
ip
),
format!(
r#"occ config:app:set richdocuments public_wopi_url --value="{}""#,
config.proxy.addr_with_port(container, ip, 9980)
),
format!(
r#"occ config:app:set richdocuments wopi_root --value="http://{}""#,
cloud_id
),
vec![
"occ".into(),
"config:app:set".into(),
"richdocuments".into(),
"public_wopi_url".into(),
"--value".into(),
public,
],
vec![
"occ".into(),
"richdocuments:setup".into(),
"--wopi-url".into(),
"http://office:9980".into(),
"--callback-url".into(),
"http://cloud".into(),
],
])
}

46
src/service/onlyoffice.rs
View file

@ -2,7 +2,7 @@ use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::exec::exec;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{
ContainerCreateBody, ContainerState, EndpointSettings, HostConfig, NetworkingConfig,
@ -82,7 +82,7 @@ impl ServiceTrait for OnlyOffice {
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
let info = docker
.inspect_container(&self.container_name(cloud_id).unwrap(), None)
.await
@ -137,16 +137,44 @@ impl ServiceTrait for OnlyOffice {
);
Ok(vec![
format!("occ config:app:set onlyoffice DocumentServerUrl --value {addr}/"),
format!("occ config:app:set onlyoffice jwt_secret --value {secret}"),
"occ onlyoffice:documentserver --check".into(),
vec![
"occ".into(),
"config:app:set".into(),
"onlyoffice".into(),
"DocumentServerUrl".into(),
"--value".into(),
addr,
],
vec![
"occ".into(),
"config:app:set".into(),
"onlyoffice".into(),
"jwt_secret".into(),
"--value".into(),
secret.into(),
],
split_cmnd("occ onlyoffice:documentserver --check"),
])
} else {
Ok(vec![
format!("occ config:app:set onlyoffice DocumentServerUrl --value https://{ip}/"),
"occ config:app:set onlyoffice verify_peer_off --value true".into(),
format!("occ config:app:set onlyoffice jwt_secret --value {secret}"),
"occ onlyoffice:documentserver --check".into(),
vec![
"occ".into(),
"config:app:set".into(),
"onlyoffice".into(),
"DocumentServerUrl".into(),
"--value".into(),
format!("https://{ip}/"),
],
split_cmnd("occ config:app:set onlyoffice verify_peer_off --value true"),
vec![
"occ".into(),
"config:app:set".into(),
"onlyoffice".into(),
"jwt_secret".into(),
"--value".into(),
secret.into(),
],
split_cmnd("occ onlyoffice:documentserver --check"),
])
}
}

16
src/service/push.rs
View file

@ -87,7 +87,7 @@ impl ServiceTrait for NotifyPush {
docker: &Docker,
cloud_id: &str,
config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
let mut ips: Vec<_> = self.get_ips(docker, cloud_id).await?.collect();
if let Ok(local_interfaces) = list_afinet_netifas() {
ips.extend(local_interfaces.into_iter().map(|(_, ip)| ip));
@ -97,10 +97,14 @@ impl ServiceTrait for NotifyPush {
.iter()
.enumerate()
.map(|(i, ip)| {
format!(
"occ config:system:set trusted_proxies {} --value {ip}",
i + 1
)
vec![
"occ".into(),
"config:system:set".into(),
"trusted_proxies".into(),
(i + 1).to_string(),
"--value".into(),
ip.to_string(),
]
})
.collect();
@ -108,7 +112,7 @@ impl ServiceTrait for NotifyPush {
config
.proxy
.addr_with_port(&self.container_name(cloud_id).unwrap(), ips[0], 7867);
commands.push(format!("occ notify_push:setup {}", addr));
commands.push(vec!["occ".into(), "notify_push:setup".into(), addr]);
Ok(commands)
}

8
src/service/redis.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
@ -70,7 +70,9 @@ impl ServiceTrait for Redis {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
Ok(vec!["occ config:system:set redis host --value redis".into()])
) -> Result<Vec<Vec<String>>> {
Ok(vec![split_cmnd(
"occ config:system:set redis host --value redis",
)])
}
}

128
src/service/sftp.rs
View file

@ -1,13 +1,14 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
use bollard::Docker;
use maplit::hashmap;
use miette::IntoDiagnostic;
use miette::{Context, IntoDiagnostic};
use std::fs::{create_dir_all, write};
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct Sftp;
@ -50,7 +51,10 @@ impl ServiceTrait for Sftp {
}
}),
}),
cmd: Some(vec!["test:test:::data".into()]),
cmd: Some(vec![
"test:test:::data".into(),
"ldaptest:test:::data".into(),
]),
..Default::default()
};
let id = docker
@ -75,13 +79,119 @@ impl ServiceTrait for Sftp {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ files_external:create sftp sftp password::password".into(),
"occ files_external:config 1 host sftp".into(),
"occ files_external:config 1 user test".into(),
"occ files_external:config 1 root data".into(),
"occ files_external:config 1 password test".into(),
split_cmnd("occ files_external:create sftp sftp password::password"),
split_cmnd("occ files_external:config 1 host sftp"),
split_cmnd("occ files_external:config 1 user test"),
split_cmnd("occ files_external:config 1 root data"),
split_cmnd("occ files_external:config 1 password test"),
])
}
}
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct SftpKey;
#[async_trait::async_trait]
impl ServiceTrait for SftpKey {
fn name(&self) -> &str {
"sftp-key"
}
async fn spawn(
&self,
docker: &Docker,
cloud_id: &str,
network: &str,
config: &HazeConfig,
_options: &CloudOptions,
) -> Result<Vec<String>> {
let image = "atmoz/sftp:alpine";
pull_image(docker, image).await?;
let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id),
..CreateContainerOptions::default()
});
let key_dir = config.work_dir.join("certificates/sftp");
create_dir_all(&key_dir)
.into_diagnostic()
.wrap_err("Failed to create sftp certificate directory")?;
let private_path = key_dir.join("id_rsa");
let public_path = key_dir.join("id_rsa.pub");
let private_key = include_str!("../../certificates/sftp/id_rsa");
let public_key = include_str!("../../certificates/sftp/id_rsa.pub");
if !private_path.exists() {
write(&private_path, private_key)
.into_diagnostic()
.wrap_err("Failed to write sftp client certificate")?;
}
if !public_path.exists() {
write(&public_path, public_key)
.into_diagnostic()
.wrap_err("Failed to write sftp client key")?;
}
let volumes = vec![format!("{public_path}:/home/test/.ssh/keys/id_rsa:ro")];
let config = ContainerCreateBody {
image: Some(image.into()),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
binds: Some(volumes),
..Default::default()
}),
labels: Some(hashmap! {
"haze-type".into() => self.name().into(),
"haze-cloud-id".into() => cloud_id.into(),
}),
networking_config: Some(NetworkingConfig {
endpoints_config: Some(hashmap! {
network.into() => EndpointSettings {
aliases: Some(vec![self.name().to_string()]),
..Default::default()
}
}),
}),
cmd: Some(vec!["test::::data".into()]),
..Default::default()
};
let id = docker
.create_container(options, config)
.await
.into_diagnostic()?
.id;
docker.start_container(&id, None).await.into_diagnostic()?;
Ok(vec![id])
}
fn container_name(&self, cloud_id: &str) -> Option<String> {
Some(format!("{}-sftp-key", cloud_id))
}
fn apps(&self) -> &'static [&'static str] {
&["files_external"]
}
async fn post_setup(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<Vec<String>>> {
Ok(vec![
split_cmnd("occ files_external:create sftp sftp publickey::rsa_private"),
split_cmnd("occ files_external:config 1 host sftp-key"),
split_cmnd("occ files_external:config 1 user test"),
split_cmnd("occ files_external:config 1 root data"),
vec![
"occ".into(),
"files_external:config".into(),
"--value-from-file".into(),
"1".into(),
"private_key".into(),
"/certificates/sftp/id_rsa".into(),
],
])
}
}

16
src/service/smb.rs
View file

@ -1,7 +1,7 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::service::{split_cmnd, ServiceTrait};
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
@ -40,8 +40,10 @@ impl ServiceTrait for Smb {
}),
env: Some(vec![
"ACCOUNT_test=test".into(),
"ACCOUNT_ldaptest=test".into(),
"UID_test=1000".into(),
"SAMBA_VOLUME_CONFIG_test=[test]; path=/tmp; valid users = test; guest ok = no; read only = no; browseable = yes".into(),
"SAMBA_VOLUME_CONFIG_ldaptest=[ldaptest]; path=/tmp; valid users = ldaptest; guest ok = no; read only = no; browseable = yes".into(),
]),
labels: Some(hashmap! {
"haze-type".into() => self.name().into(),
@ -79,13 +81,13 @@ impl ServiceTrait for Smb {
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
) -> Result<Vec<Vec<String>>> {
Ok(vec![
"occ files_external:create smb smb password::password".into(),
"occ files_external:config 1 host smb".into(),
"occ files_external:config 1 user test".into(),
"occ files_external:config 1 password test".into(),
"occ files_external:config 1 share test".into(),
split_cmnd("occ files_external:create smb smb password::password"),
split_cmnd("occ files_external:config 1 host smb"),
split_cmnd("occ files_external:config 1 user test"),
split_cmnd("occ files_external:config 1 password test"),
split_cmnd("occ files_external:config 1 share test"),
])
}
}

71
src/service/webhook.rs Normal file
View file

@ -0,0 +1,71 @@
use crate::cloud::CloudOptions;
use crate::config::HazeConfig;
use crate::image::pull_image;
use crate::service::ServiceTrait;
use crate::Result;
use bollard::models::{ContainerCreateBody, EndpointSettings, HostConfig, NetworkingConfig};
use bollard::query_parameters::CreateContainerOptions;
use bollard::Docker;
use maplit::hashmap;
use miette::IntoDiagnostic;
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct Webhook;
#[async_trait::async_trait]
impl ServiceTrait for Webhook {
fn name(&self) -> &str {
"webhook"
}
async fn spawn(
&self,
docker: &Docker,
cloud_id: &str,
network: &str,
_config: &HazeConfig,
_options: &CloudOptions,
) -> Result<Vec<String>> {
let image = "ghcr.io/tarampampam/webhook-tester";
pull_image(docker, image).await?;
let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id),
..CreateContainerOptions::default()
});
let config = ContainerCreateBody {
image: Some(image.into()),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
..Default::default()
}),
labels: Some(hashmap! {
"haze-type".into() => self.name().into(),
"haze-cloud-id".into() => cloud_id.into(),
}),
networking_config: Some(NetworkingConfig {
endpoints_config: Some(hashmap! {
network.into() => EndpointSettings {
aliases: Some(vec![self.name().to_string()]),
..Default::default()
}
}),
}),
..Default::default()
};
let id = docker
.create_container(options, config)
.await
.into_diagnostic()?
.id;
docker.start_container(&id, None).await.into_diagnostic()?;
Ok(vec![id])
}
fn container_name(&self, cloud_id: &str) -> Option<String> {
Some(format!("{}-webhook", cloud_id))
}
fn proxy_port(&self) -> u16 {
8080
}
}

2
src/sources.rs
View file

@ -122,7 +122,7 @@ pub async fn download_nc(config: &HazeConfig, version: &str) -> Result<Utf8PathB
}
hash_bar.finish();
let extract_bar = ProgressBar::new_spinner().with_message("Extracing");
let extract_bar = ProgressBar::new_spinner().with_message("Extracting");
extract_bar.enable_steady_tick(Duration::from_millis(100));
let extract_bar = progress.add(extract_bar);
let mut archive = ZipArchive::new(Cursor::new(archive)).into_diagnostic()?;