Merge branch 'main' into 'master'
Main See merge request domaindrivenarchitecture/c4k-nextcloud!1
This commit is contained in:
commit
ca06a80f59
55 changed files with 2075 additions and 1 deletions
29
.gitignore
vendored
Normal file
29
.gitignore
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# pybuilder
|
||||||
|
.pybuilder/
|
||||||
|
__pycache__/
|
||||||
|
|
||||||
|
# lein
|
||||||
|
target/
|
||||||
|
.lein-repl-history
|
||||||
|
.lein-failures
|
||||||
|
pom.*
|
||||||
|
|
||||||
|
# cljs
|
||||||
|
.shadow-cljs
|
||||||
|
.nrepl-*
|
||||||
|
package-lock.json
|
||||||
|
node_modules/
|
||||||
|
public/js/
|
||||||
|
logs/
|
||||||
|
|
||||||
|
# ide
|
||||||
|
.calva
|
||||||
|
|
||||||
|
*.iml
|
||||||
|
.idea/
|
||||||
|
|
||||||
|
#valid-auth.edn
|
||||||
|
#valid-config.edn
|
||||||
|
my-auth.edn
|
||||||
|
auth.edn
|
||||||
|
config.edn
|
141
.gitlab-ci.yml
Normal file
141
.gitlab-ci.yml
Normal file
|
@ -0,0 +1,141 @@
|
||||||
|
stages:
|
||||||
|
- build_and_test
|
||||||
|
- package
|
||||||
|
- security
|
||||||
|
- upload
|
||||||
|
- image
|
||||||
|
|
||||||
|
services:
|
||||||
|
- docker:19.03.12-dind
|
||||||
|
|
||||||
|
.cljs-job: &cljs
|
||||||
|
image: domaindrivenarchitecture/shadow-cljs
|
||||||
|
cache:
|
||||||
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
|
paths:
|
||||||
|
- node_modules/
|
||||||
|
- .shadow-cljs/
|
||||||
|
- .m2
|
||||||
|
before_script:
|
||||||
|
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
|
||||||
|
- npm install
|
||||||
|
|
||||||
|
.clj-uploadjob: &clj
|
||||||
|
image: domaindrivenarchitecture/lein
|
||||||
|
cache:
|
||||||
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
|
paths:
|
||||||
|
- .m2
|
||||||
|
before_script:
|
||||||
|
- mkdir -p /root/.lein
|
||||||
|
- echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
|
||||||
|
|
||||||
|
test-cljs:
|
||||||
|
<<: *cljs
|
||||||
|
stage: build_and_test
|
||||||
|
script:
|
||||||
|
- shadow-cljs compile test
|
||||||
|
|
||||||
|
test-clj:
|
||||||
|
<<: *clj
|
||||||
|
stage: build_and_test
|
||||||
|
script:
|
||||||
|
- lein test
|
||||||
|
|
||||||
|
test-schema:
|
||||||
|
<<: *clj
|
||||||
|
stage: build_and_test
|
||||||
|
script:
|
||||||
|
- lein uberjar
|
||||||
|
- java -jar target/uberjar/c4k-nextcloud-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- target/uberjar
|
||||||
|
|
||||||
|
.report-frontend:
|
||||||
|
<<: *cljs
|
||||||
|
stage: package
|
||||||
|
script:
|
||||||
|
- mkdir -p target/frontend-build
|
||||||
|
- shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- target/frontend-build/build-report.html
|
||||||
|
|
||||||
|
.package-frontend:
|
||||||
|
<<: *cljs
|
||||||
|
stage: package
|
||||||
|
script:
|
||||||
|
- mkdir -p target/frontend-build
|
||||||
|
- shadow-cljs release frontend
|
||||||
|
- cp public/js/main.js target/frontend-build/c4k-nextcloud.js
|
||||||
|
- sha256sum target/frontend-build/c4k-nextcloud.js > target/frontend-build/c4k-nextcloud.js.sha256
|
||||||
|
- sha512sum target/frontend-build/c4k-nextcloud.js > target/frontend-build/c4k-nextcloud.js.sha512
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- target/frontend-build
|
||||||
|
|
||||||
|
package-uberjar:
|
||||||
|
<<: *clj
|
||||||
|
stage: package
|
||||||
|
script:
|
||||||
|
- sha256sum target/uberjar/c4k-nextcloud-standalone.jar > target/uberjar/c4k-nextcloud-standalone.jar.sha256
|
||||||
|
- sha512sum target/uberjar/c4k-nextcloud-standalone.jar > target/uberjar/c4k-nextcloud-standalone.jar.sha512
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- target/uberjar
|
||||||
|
|
||||||
|
sast:
|
||||||
|
variables:
|
||||||
|
SAST_EXCLUDED_ANALYZERS:
|
||||||
|
bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
|
||||||
|
pmd-apex, security-code-scan, sobelow, spotbugs
|
||||||
|
stage: security
|
||||||
|
before_script:
|
||||||
|
- mkdir -p builds && cp -r target/ builds/
|
||||||
|
include:
|
||||||
|
- template: Security/SAST.gitlab-ci.yml
|
||||||
|
|
||||||
|
upload-clj-prerelease:
|
||||||
|
<<: *clj
|
||||||
|
stage: upload
|
||||||
|
rules:
|
||||||
|
- if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
|
||||||
|
script:
|
||||||
|
- lein deploy clojars
|
||||||
|
|
||||||
|
release:
|
||||||
|
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||||
|
stage: upload
|
||||||
|
rules:
|
||||||
|
- if: '$CI_COMMIT_TAG != null'
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- target/uberjar
|
||||||
|
- target/frontend-build
|
||||||
|
script:
|
||||||
|
- apk --no-cache add curl
|
||||||
|
- |
|
||||||
|
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar\"}" \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar.sha256\"}" \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar.sha512\"}" \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js\"}" \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js.sha256\"}" \
|
||||||
|
--assets-link "{\"name\":\"c4k-nextcloud.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js.sha512\"}" \
|
||||||
|
|
||||||
|
nextcloud-image-test-publish:
|
||||||
|
image: domaindrivenarchitecture/devops-build:latest
|
||||||
|
stage: image
|
||||||
|
rules:
|
||||||
|
- if: '$CI_COMMIT_TAG != null'
|
||||||
|
script:
|
||||||
|
- cd infrastructure/docker-nextcloud && pyb image test publish
|
||||||
|
|
||||||
|
backup-image-test-publish:
|
||||||
|
image: domaindrivenarchitecture/devops-build:latest
|
||||||
|
stage: image
|
||||||
|
rules:
|
||||||
|
- if: '$CI_COMMIT_TAG != null'
|
||||||
|
script:
|
||||||
|
- cd infrastructure/docker-backup && pyb image test publish
|
201
LICENSE
Normal file
201
LICENSE
Normal file
|
@ -0,0 +1,201 @@
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright [yyyy] [name of copyright owner]
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
|
@ -1,2 +1,5 @@
|
||||||
# c4k-nextcloud
|
# meissa-cloud
|
||||||
|
|
||||||
|
# backup manuell triggern
|
||||||
|
|
||||||
|
# restore manuell triggern
|
110
doc/Development.md
Normal file
110
doc/Development.md
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
# Project Setup
|
||||||
|
|
||||||
|
## clj setup
|
||||||
|
|
||||||
|
### install leiningen
|
||||||
|
```
|
||||||
|
sudo apt install leiningen
|
||||||
|
```
|
||||||
|
or manually using Instructions on https://leiningen.org/#install
|
||||||
|
|
||||||
|
### install vscode + extensions
|
||||||
|
```
|
||||||
|
sudo snap install code
|
||||||
|
```
|
||||||
|
or with packages from https://code.visualstudio.com/Download
|
||||||
|
|
||||||
|
install extension "Calva: Clojure & ClojureScript Interactive Programming"
|
||||||
|
|
||||||
|
## cljs / js-dev setup
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo apt install npm
|
||||||
|
sudo npm install -g npx
|
||||||
|
|
||||||
|
# maybe
|
||||||
|
sudo npm install -g shadow-cljs
|
||||||
|
|
||||||
|
# in project root to retrieve all dependencies
|
||||||
|
npm install --ignore-scripts
|
||||||
|
npx shadow-cljs compile test
|
||||||
|
```
|
||||||
|
|
||||||
|
### create frontend script
|
||||||
|
|
||||||
|
```
|
||||||
|
npx shadow-cljs release frontend
|
||||||
|
```
|
||||||
|
|
||||||
|
## graalvm-setup
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -LO https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-21.0.0.2/graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
|
||||||
|
|
||||||
|
# unpack
|
||||||
|
tar -xzf graalvm-ce-java11-linux-amd64-21.0.0.2.tar.gz
|
||||||
|
|
||||||
|
sudo mv graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/
|
||||||
|
sudo ln -s /usr/lib/jvm/graalvm-ce-java11-21.0.0.2 /usr/lib/jvm/graalvm
|
||||||
|
sudo ln -s /usr/lib/jvm/graalvm/bin/gu /usr/local/bin
|
||||||
|
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm/bin/java 2
|
||||||
|
sudo update-alternatives --config java
|
||||||
|
|
||||||
|
# install native-image in graalvm-ce-java11-linux-amd64-21.0.0.2/bin
|
||||||
|
sudo gu install native-image
|
||||||
|
sudo ln -s /usr/lib/jvm/graalvm/bin/native-image /usr/local/bin
|
||||||
|
|
||||||
|
# deps
|
||||||
|
sudo apt-get install build-essential libz-dev zlib1g-dev
|
||||||
|
|
||||||
|
# build
|
||||||
|
cd ~/repo/dda/c4k-cloud
|
||||||
|
lein uberjar
|
||||||
|
mkdir -p target/graalvm
|
||||||
|
lein native
|
||||||
|
|
||||||
|
# execute
|
||||||
|
./target/graalvm/c4k-cloud -h
|
||||||
|
./target/graalvm/c4k-cloud src/test/resources/valid-config.edn src/test/resources/valid-auth.edn
|
||||||
|
./target/graalvm/c4k-cloud src/test/resources/invalid-config.edn src/test/resources/invalid-auth.edn
|
||||||
|
```
|
||||||
|
|
||||||
|
## c4k-setup
|
||||||
|
### install kubectl
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo -i
|
||||||
|
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||||
|
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" \
|
||||||
|
| tee -a /etc/apt/sources.list.d/kubernetes.list
|
||||||
|
apt update && apt install kubectl
|
||||||
|
kubectl completion bash >> /etc/bash_completion.d/kubernetes
|
||||||
|
```
|
||||||
|
|
||||||
|
### install kubeconform
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -Lo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v0.4.7/kubeconform-linux-amd64.tar.gz
|
||||||
|
tar -xf /tmp/kubeconform.tar.gz
|
||||||
|
sudo cp kubeconform /usr/local/bin
|
||||||
|
```
|
||||||
|
|
||||||
|
### remote access to c4k
|
||||||
|
|
||||||
|
```
|
||||||
|
scp -r root@devops.test.meissa-gmbh.de:/home/c4k/.kube ~/
|
||||||
|
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@devops.test.meissa-gmbh.de -L 8002:localhost:8002 -L 6443:192.168.5.1:6443
|
||||||
|
|
||||||
|
# add in /etc/hosts "127.0.0.1 kubernetes"
|
||||||
|
|
||||||
|
# change in ~/.kube/config 192.168.5.1 -> kubernetes
|
||||||
|
|
||||||
|
kubectl get pods
|
||||||
|
```
|
||||||
|
|
||||||
|
### deploy cloud
|
||||||
|
|
||||||
|
```
|
||||||
|
java -jar target/uberjar/c4k-cloud-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
|
||||||
|
java -jar target/uberjar/c4k-cloud-standalone.jar valid-config.edn my-auth.edn | kubectl apply -f -
|
||||||
|
```
|
14
doc/Releasing.md
Normal file
14
doc/Releasing.md
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# stable release (should be done from master)
|
||||||
|
|
||||||
|
```
|
||||||
|
#adjust [version]
|
||||||
|
vi package.json
|
||||||
|
|
||||||
|
lein release
|
||||||
|
git push --follow-tags
|
||||||
|
|
||||||
|
# bump version - increase version and add -SNAPSHOT
|
||||||
|
vi package.json
|
||||||
|
git commit -am "version bump"
|
||||||
|
git push
|
||||||
|
```
|
206
doc/SUBCOMPONENT_LICENSE.md
Normal file
206
doc/SUBCOMPONENT_LICENSE.md
Normal file
|
@ -0,0 +1,206 @@
|
||||||
|
SUBCOMPONENTS:
|
||||||
|
|
||||||
|
This Software includes a number of subcomponents with
|
||||||
|
separate copyright notices and license terms. Your use of the source
|
||||||
|
code for the these subcomponents is subject to the terms and
|
||||||
|
conditions of the following licenses.
|
||||||
|
|
||||||
|
lein with-profile uberjar licenses
|
||||||
|
...
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Eclipse Public License, Version 1.0 (EPL-1.0)
|
||||||
|
|
||||||
|
THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
|
||||||
|
|
||||||
|
1. DEFINITIONS
|
||||||
|
|
||||||
|
"Contribution" means:
|
||||||
|
|
||||||
|
a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and
|
||||||
|
b) in the case of each subsequent Contributor:
|
||||||
|
i) changes to the Program, and
|
||||||
|
ii) additions to the Program;
|
||||||
|
where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
|
||||||
|
|
||||||
|
"Contributor" means any person or entity that distributes the Program.
|
||||||
|
|
||||||
|
"Licensed Patents" mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program.
|
||||||
|
|
||||||
|
"Program" means the Contributions distributed in accordance with this Agreement.
|
||||||
|
|
||||||
|
"Recipient" means anyone who receives the Program under this Agreement, including all Contributors.
|
||||||
|
|
||||||
|
2. GRANT OF RIGHTS
|
||||||
|
|
||||||
|
a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
|
||||||
|
b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
|
||||||
|
c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
|
||||||
|
d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement.
|
||||||
|
|
||||||
|
3. REQUIREMENTS
|
||||||
|
|
||||||
|
A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:
|
||||||
|
|
||||||
|
a) it complies with the terms and conditions of this Agreement; and
|
||||||
|
b) its license agreement:
|
||||||
|
i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose;
|
||||||
|
ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits;
|
||||||
|
iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and
|
||||||
|
iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.
|
||||||
|
|
||||||
|
When the Program is made available in source code form:
|
||||||
|
|
||||||
|
a) it must be made available under this Agreement; and
|
||||||
|
b) a copy of this Agreement must be included with each copy of the Program.
|
||||||
|
|
||||||
|
Contributors may not remove or alter any copyright notices contained within the Program.
|
||||||
|
|
||||||
|
Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
|
||||||
|
|
||||||
|
4. COMMERCIAL DISTRIBUTION
|
||||||
|
|
||||||
|
Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense.
|
||||||
|
|
||||||
|
For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages.
|
||||||
|
|
||||||
|
5. NO WARRANTY
|
||||||
|
|
||||||
|
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement , including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations.
|
||||||
|
|
||||||
|
6. DISCLAIMER OF LIABILITY
|
||||||
|
|
||||||
|
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
|
||||||
|
7. GENERAL
|
||||||
|
|
||||||
|
If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
|
||||||
|
|
||||||
|
If Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed.
|
||||||
|
|
||||||
|
All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive.
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. The Eclipse Foundation is the initial Agreement Steward. The Eclipse Foundation may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved.
|
||||||
|
|
||||||
|
This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
|
||||||
|
-------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright © 2015 Stuart Sierra
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
The BSD 3-Clause License The following is a BSD 3-Clause ("BSD New" or "BSD Simplified") license template. To generate your own license, change the values of OWNER, ORGANIZATION and YEAR from their original values as given here, and substitute your own.
|
||||||
|
|
||||||
|
Note: You may omit clause 3 and still be OSD-conformant. Despite its colloquial name "BSD New", this is not the newest version of the BSD license; it was followed by the even newer BSD-2-Clause version, sometimes known as the "Simplified BSD License". On January 9th, 2008 the OSI Board approved BSD-2-Clause, which is used by FreeBSD and others. It omits the final "no-endorsement" clause and is thus roughly equivalent to the MIT License.
|
||||||
|
|
||||||
|
Historical Background: The original license used on BSD Unix had four clauses. The advertising clause (the third of four clauses) required you to acknowledge use of U.C. Berkeley code in your advertising of any product using that code. It was officially rescinded by the Director of the Office of Technology Licensing of the University of California on July 22nd, 1999. He states that clause 3 is "hereby deleted in its entirety." The four clause license has not been approved by OSI. The license below does not contain the advertising clause.
|
||||||
|
|
||||||
|
This prelude is not part of the license.
|
||||||
|
|
||||||
|
OWNER = Regents of the University of California
|
||||||
|
|
||||||
|
ORGANIZATION = University of California, Berkeley
|
||||||
|
|
||||||
|
YEAR = 1998
|
||||||
|
|
||||||
|
In the original BSD license, both occurrences of the phrase "COPYRIGHT HOLDERS AND CONTRIBUTORS" in the disclaimer read "REGENTS AND CONTRIBUTORS".
|
||||||
|
License template
|
||||||
|
|
||||||
|
Copyright (c) $YEAR $OWNER, All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright © 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.
|
||||||
|
0. Additional Definitions.
|
||||||
|
|
||||||
|
As used herein, “this License” refers to version 3 of the GNU Lesser General Public License, and the “GNU GPL” refers to version 3 of the GNU General Public License.
|
||||||
|
|
||||||
|
“The Library” refers to a covered work governed by this License, other than an Application or a Combined Work as defined below.
|
||||||
|
|
||||||
|
An “Application” is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library.
|
||||||
|
|
||||||
|
A “Combined Work” is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the “Linked Version”.
|
||||||
|
|
||||||
|
The “Minimal Corresponding Source” for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version.
|
||||||
|
|
||||||
|
The “Corresponding Application Code” for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work.
|
||||||
|
1. Exception to Section 3 of the GNU GPL.
|
||||||
|
|
||||||
|
You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL.
|
||||||
|
2. Conveying Modified Versions.
|
||||||
|
|
||||||
|
If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version:
|
||||||
|
|
||||||
|
a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or
|
||||||
|
b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy.
|
||||||
|
|
||||||
|
3. Object Code Incorporating Material from Library Header Files.
|
||||||
|
|
||||||
|
The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License.
|
||||||
|
b) Accompany the object code with a copy of the GNU GPL and this license document.
|
||||||
|
|
||||||
|
4. Combined Works.
|
||||||
|
|
||||||
|
You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
|
||||||
|
b) Accompany the Combined Work with a copy of the GNU GPL and this license document.
|
||||||
|
c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document.
|
||||||
|
d) Do one of the following:
|
||||||
|
0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
|
||||||
|
1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version.
|
||||||
|
e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.)
|
||||||
|
|
||||||
|
5. Combined Libraries.
|
||||||
|
|
||||||
|
You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following:
|
||||||
|
|
||||||
|
a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License.
|
||||||
|
b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.
|
||||||
|
|
||||||
|
6. Revised Versions of the GNU Lesser General Public License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
License
|
||||||
|
|
||||||
|
Copyright (c) 2000 - 2018 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org)
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
49
infrastructure/docker-backup/build.py
Normal file
49
infrastructure/docker-backup/build.py
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
from os import environ
|
||||||
|
from pybuilder.core import task, init
|
||||||
|
from ddadevops import *
|
||||||
|
import logging
|
||||||
|
|
||||||
|
name = 'meissa-cloud-backup'
|
||||||
|
MODULE = 'docker'
|
||||||
|
PROJECT_ROOT_PATH = '../..'
|
||||||
|
|
||||||
|
|
||||||
|
class MyBuild(DevopsDockerBuild):
|
||||||
|
pass
|
||||||
|
|
||||||
|
@init
|
||||||
|
def initialize(project):
|
||||||
|
project.build_depends_on('ddadevops>=0.12.4')
|
||||||
|
stage = 'notused'
|
||||||
|
dockerhub_user = environ.get('DOCKERHUB_USER')
|
||||||
|
if not dockerhub_user:
|
||||||
|
dockerhub_user = gopass_field_from_path('meissa/web/docker.com', 'login')
|
||||||
|
dockerhub_password = environ.get('DOCKERHUB_PASSWORD')
|
||||||
|
if not dockerhub_password:
|
||||||
|
dockerhub_password = gopass_password_from_path('meissa/web/docker.com')
|
||||||
|
config = create_devops_docker_build_config(
|
||||||
|
stage, PROJECT_ROOT_PATH, MODULE, dockerhub_user, dockerhub_password)
|
||||||
|
build = MyBuild(project, config)
|
||||||
|
build.initialize_build_dir()
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def image(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.image()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def drun(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.drun()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.test()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def publish(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.dockerhub_login()
|
||||||
|
build.dockerhub_publish()
|
5
infrastructure/docker-backup/image/Dockerfile
Normal file
5
infrastructure/docker-backup/image/Dockerfile
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
FROM domaindrivenarchitecture/dda-backup
|
||||||
|
|
||||||
|
# Prepare Entrypoint Script
|
||||||
|
ADD resources /tmp
|
||||||
|
RUN /tmp/install.sh
|
27
infrastructure/docker-backup/image/resources/backup.sh
Executable file
27
infrastructure/docker-backup/image/resources/backup.sh
Executable file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
|
||||||
|
start-maintenance.sh
|
||||||
|
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
file_env RESTIC_DAYS_TO_KEEP 14
|
||||||
|
|
||||||
|
backup-roles 'oc_'
|
||||||
|
backup-db-dump
|
||||||
|
backup-directory '/var/backups/'
|
||||||
|
|
||||||
|
end-maintenance.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
|
||||||
|
main
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if test -f "/var/backups/config/config.orig"; then
|
||||||
|
|
||||||
|
rm /var/backups/config/config.php
|
||||||
|
mv /var/backups/config/config.orig /var/backups/config/config.php
|
||||||
|
chown www-data:root /var/backups/config/config.php
|
||||||
|
touch /var/backups/config/config.php
|
||||||
|
|
||||||
|
fi
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
|
||||||
|
create-pg-pass
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
sleep 1m
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
main
|
15
infrastructure/docker-backup/image/resources/entrypoint.sh
Executable file
15
infrastructure/docker-backup/image/resources/entrypoint.sh
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
|
||||||
|
create-pg-pass
|
||||||
|
|
||||||
|
/usr/local/bin/backup.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
main
|
15
infrastructure/docker-backup/image/resources/init.sh
Executable file
15
infrastructure/docker-backup/image/resources/init.sh
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
init-role-repo
|
||||||
|
init-database-repo
|
||||||
|
init-file-repo
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
main
|
12
infrastructure/docker-backup/image/resources/install.sh
Executable file
12
infrastructure/docker-backup/image/resources/install.sh
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt-get update > /dev/null;
|
||||||
|
|
||||||
|
install -m 0700 /tmp/entrypoint.sh /
|
||||||
|
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
|
||||||
|
|
||||||
|
install -m 0700 /tmp/init.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/backup.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/restore.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/start-maintenance.sh /usr/local/bin/
|
||||||
|
install -m 0700 /tmp/end-maintenance.sh /usr/local/bin/
|
28
infrastructure/docker-backup/image/resources/restore.sh
Executable file
28
infrastructure/docker-backup/image/resources/restore.sh
Executable file
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -Eeo pipefail
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
|
||||||
|
start-maintenance.sh
|
||||||
|
|
||||||
|
file_env AWS_ACCESS_KEY_ID
|
||||||
|
file_env AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
|
||||||
|
drop-create-db
|
||||||
|
|
||||||
|
restore-roles
|
||||||
|
restore-db
|
||||||
|
restore-directory '/var/backups/'
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
source /usr/local/lib/functions.sh
|
||||||
|
source /usr/local/lib/pg-functions.sh
|
||||||
|
source /usr/local/lib/file-functions.sh
|
||||||
|
main
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -f "/var/backups/config/config.orig" ]; then
|
||||||
|
|
||||||
|
rm -f /var/backups/config/config.orig
|
||||||
|
cp /var/backups/config/config.php /var/backups/config/config.orig
|
||||||
|
sed -i "s/);/ \'maintenance\' => true,\n);/g" /var/backups/config/config.php
|
||||||
|
chown www-data:root /var/backups/config/config.php
|
||||||
|
touch /var/backups/config/config.php
|
||||||
|
|
||||||
|
fi
|
10
infrastructure/docker-backup/test/Dockerfile
Normal file
10
infrastructure/docker-backup/test/Dockerfile
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
FROM meissa-cloud-backup
|
||||||
|
|
||||||
|
RUN apt update
|
||||||
|
RUN apt -yqq --no-install-recommends --yes install curl default-jre-headless
|
||||||
|
|
||||||
|
RUN curl -L -o /tmp/serverspec.jar https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.0/dda-serverspec-standalone.jar
|
||||||
|
|
||||||
|
COPY serverspec.edn /tmp/serverspec.edn
|
||||||
|
|
||||||
|
RUN java -jar /tmp/serverspec.jar /tmp/serverspec.edn -v
|
7
infrastructure/docker-backup/test/serverspec.edn
Normal file
7
infrastructure/docker-backup/test/serverspec.edn
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{:file [{:path "/usr/local/bin/init.sh" :mod "700"}
|
||||||
|
{:path "/usr/local/bin/backup.sh" :mod "700"}
|
||||||
|
{:path "/usr/local/bin/restore.sh" :mod "700"}
|
||||||
|
{:path "/usr/local/bin/start-maintenance.sh" :mod "700"}
|
||||||
|
{:path "/usr/local/bin/end-maintenance.sh" :mod "700"}
|
||||||
|
{:path "/entrypoint.sh" :mod "700"}
|
||||||
|
{:path "/entrypoint-start-and-wait.sh" :mod "700"}]}
|
49
infrastructure/docker-nextcloud/build.py
Normal file
49
infrastructure/docker-nextcloud/build.py
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
from os import environ
|
||||||
|
from pybuilder.core import task, init
|
||||||
|
from ddadevops import *
|
||||||
|
import logging
|
||||||
|
|
||||||
|
name = 'meissa-cloud-app'
|
||||||
|
MODULE = 'docker'
|
||||||
|
PROJECT_ROOT_PATH = '../..'
|
||||||
|
|
||||||
|
|
||||||
|
class MyBuild(DevopsDockerBuild):
|
||||||
|
pass
|
||||||
|
|
||||||
|
@init
|
||||||
|
def initialize(project):
|
||||||
|
project.build_depends_on('ddadevops>=0.6.1')
|
||||||
|
stage = 'notused'
|
||||||
|
dockerhub_user = environ.get('DOCKERHUB_USER')
|
||||||
|
if not dockerhub_user:
|
||||||
|
dockerhub_user = gopass_field_from_path('meissa/web/docker.com', 'login')
|
||||||
|
dockerhub_password = environ.get('DOCKERHUB_PASSWORD')
|
||||||
|
if not dockerhub_password:
|
||||||
|
dockerhub_password = gopass_password_from_path('meissa/web/docker.com')
|
||||||
|
config = create_devops_docker_build_config(
|
||||||
|
stage, PROJECT_ROOT_PATH, MODULE, dockerhub_user, dockerhub_password)
|
||||||
|
build = MyBuild(project, config)
|
||||||
|
build.initialize_build_dir()
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def image(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.image()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def drun(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.drun()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.test()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def publish(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.dockerhub_login()
|
||||||
|
build.dockerhub_publish()
|
8
infrastructure/docker-nextcloud/image/Dockerfile
Normal file
8
infrastructure/docker-nextcloud/image/Dockerfile
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
FROM nextcloud:19
|
||||||
|
|
||||||
|
# Prepare Entrypoint Script
|
||||||
|
ADD resources /tmp
|
||||||
|
RUN /tmp/install.sh
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
CMD ["apache2-foreground"]
|
191
infrastructure/docker-nextcloud/image/resources/entrypoint.sh
Normal file
191
infrastructure/docker-nextcloud/image/resources/entrypoint.sh
Normal file
|
@ -0,0 +1,191 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
# version_greater A B returns whether A > B
|
||||||
|
version_greater() {
|
||||||
|
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
# return true if specified directory is empty
|
||||||
|
directory_empty() {
|
||||||
|
[ -z "$(ls -A "$1/")" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
run_as() {
|
||||||
|
if [ "$(id -u)" = 0 ]; then
|
||||||
|
su -p www-data -s /bin/sh -c "$1"
|
||||||
|
else
|
||||||
|
sh -c "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: file_env VAR [DEFAULT]
|
||||||
|
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||||
|
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||||
|
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
|
||||||
|
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
|
||||||
|
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n "${varValue}" ]; then
|
||||||
|
export "$var"="${varValue}"
|
||||||
|
elif [ -n "${fileVarValue}" ]; then
|
||||||
|
export "$var"="$(cat "${fileVarValue}")"
|
||||||
|
elif [ -n "${def}" ]; then
|
||||||
|
export "$var"="$def"
|
||||||
|
fi
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
if expr "$1" : "apache" 1>/dev/null; then
|
||||||
|
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
|
||||||
|
a2disconf remoteip
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||||
|
if [ -n "${REDIS_HOST+x}" ]; then
|
||||||
|
|
||||||
|
echo "Configuring Redis as session handler"
|
||||||
|
{
|
||||||
|
echo 'session.save_handler = redis'
|
||||||
|
# check if redis host is an unix socket path
|
||||||
|
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
|
||||||
|
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
|
||||||
|
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
|
||||||
|
else
|
||||||
|
echo "session.save_path = \"unix://${REDIS_HOST}\""
|
||||||
|
fi
|
||||||
|
# check if redis password has been set
|
||||||
|
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
|
||||||
|
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
|
||||||
|
else
|
||||||
|
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
|
||||||
|
fi
|
||||||
|
} > /usr/local/etc/php/conf.d/redis-session.ini
|
||||||
|
fi
|
||||||
|
|
||||||
|
installed_version="0.0.0.0"
|
||||||
|
if [ -f /var/www/html/version.php ]; then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||||
|
fi
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||||
|
|
||||||
|
if version_greater "$installed_version" "$image_version"; then
|
||||||
|
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if version_greater "$image_version" "$installed_version"; then
|
||||||
|
echo "Initializing nextcloud $image_version (image) over $installed_version (installed) ..."
|
||||||
|
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||||
|
echo "Upgrading nextcloud from $installed_version ..."
|
||||||
|
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||||
|
fi
|
||||||
|
if [ "$(id -u)" = 0 ]; then
|
||||||
|
rsync_options="-rlDog --chown www-data:root"
|
||||||
|
else
|
||||||
|
rsync_options="-rlD"
|
||||||
|
fi
|
||||||
|
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
|
||||||
|
|
||||||
|
for dir in config data custom_apps themes; do
|
||||||
|
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||||
|
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||||
|
echo "Initializing finished"
|
||||||
|
|
||||||
|
#install
|
||||||
|
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||||
|
echo "New nextcloud instance"
|
||||||
|
|
||||||
|
file_env NEXTCLOUD_ADMIN_PASSWORD
|
||||||
|
file_env NEXTCLOUD_ADMIN_USER
|
||||||
|
|
||||||
|
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||||
|
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
|
||||||
|
fi
|
||||||
|
|
||||||
|
file_env MYSQL_DATABASE
|
||||||
|
file_env MYSQL_PASSWORD
|
||||||
|
file_env MYSQL_USER
|
||||||
|
file_env POSTGRES_DB
|
||||||
|
file_env POSTGRES_PASSWORD
|
||||||
|
file_env POSTGRES_USER
|
||||||
|
|
||||||
|
install=false
|
||||||
|
if [ -n "${SQLITE_DATABASE+x}" ]; then
|
||||||
|
echo "Installing with SQLite database"
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
|
||||||
|
install=true
|
||||||
|
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
|
||||||
|
echo "Installing with MySQL database"
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
|
||||||
|
install=true
|
||||||
|
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
|
||||||
|
echo "Installing with PostgreSQL database"
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
|
||||||
|
install=true
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$install" = true ]; then
|
||||||
|
echo "starting nextcloud installation"
|
||||||
|
echo "$install_options"
|
||||||
|
max_retries=10
|
||||||
|
try=0
|
||||||
|
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
|
||||||
|
do
|
||||||
|
echo "retrying install..."
|
||||||
|
try=$((try+1))
|
||||||
|
sleep 20s
|
||||||
|
done
|
||||||
|
if [ "$try" -gt "$max_retries" ]; then
|
||||||
|
echo "installing of nextcloud failed!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
|
||||||
|
echo "setting trusted domains…"
|
||||||
|
NC_TRUSTED_DOMAIN_IDX=1
|
||||||
|
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
|
||||||
|
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
|
||||||
|
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
|
||||||
|
run_as "php /var/www/html/occ config:system:set overwritehost --value=$DOMAIN"
|
||||||
|
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
run_as "php /var/www/html/occ config:system:set overwriteprotocol --value=https"
|
||||||
|
else
|
||||||
|
echo "running web-based installer on first connect!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
#upgrade
|
||||||
|
else
|
||||||
|
run_as 'php /var/www/html/occ upgrade'
|
||||||
|
|
||||||
|
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||||
|
echo "The following apps have been disabled:"
|
||||||
|
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||||
|
rm -f /tmp/list_before /tmp/list_after
|
||||||
|
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt update && apt -qqy install vim bash-completion less
|
9
infrastructure/docker-nextcloud/image/resources/install.sh
Executable file
9
infrastructure/docker-nextcloud/image/resources/install.sh
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -Eeo pipefail
|
||||||
|
|
||||||
|
mkdir /var/data
|
||||||
|
|
||||||
|
install -m 0700 /tmp/install-debug.sh /usr/local/bin/
|
||||||
|
install -m 0544 /tmp/upload-max-limit.ini /usr/local/etc/php/conf.d/
|
||||||
|
install -m 0544 /tmp/memory-limit.ini /usr/local/etc/php/conf.d/
|
||||||
|
install -m 0755 /tmp/entrypoint.sh /
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
memory_limit=5120M
|
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
post_max_size = 512M
|
||||||
|
upload_max_filesize = 512M
|
11
infrastructure/docker-nextcloud/test/Dockerfile
Normal file
11
infrastructure/docker-nextcloud/test/Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
FROM meissa-cloud-app
|
||||||
|
|
||||||
|
RUN apt update
|
||||||
|
RUN mkdir /usr/share/man/man1/
|
||||||
|
RUN apt -yqq install --no-install-recommends --yes curl default-jre-headless
|
||||||
|
|
||||||
|
RUN curl -L -o /tmp/serverspec.jar https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.0/dda-serverspec-standalone.jar
|
||||||
|
|
||||||
|
COPY serverspec.edn /tmp/serverspec.edn
|
||||||
|
|
||||||
|
RUN java -jar /tmp/serverspec.jar /tmp/serverspec.edn -v
|
2
infrastructure/docker-nextcloud/test/serverspec.edn
Normal file
2
infrastructure/docker-nextcloud/test/serverspec.edn
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
{:file [{:path "/var/data"}
|
||||||
|
{:path "/entrypoint.sh" :mod "755"}]}
|
33
package.json
Normal file
33
package.json
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{
|
||||||
|
"name": "c4k-nextcloud",
|
||||||
|
"description": "Generate c4k yaml for a nextcloud deployment.",
|
||||||
|
"author": "meissa GmbH",
|
||||||
|
"version": "0.1.3-SNAPSHOT",
|
||||||
|
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud#readme",
|
||||||
|
"repository": "https://www.npmjs.com/package/c4k-nextcloud",
|
||||||
|
"license": "APACHE2",
|
||||||
|
"main": "c4k-nextcloud.js",
|
||||||
|
"bin": {
|
||||||
|
"c4k-nextcloud": "./c4k-nextcloud.js"
|
||||||
|
},
|
||||||
|
"keywords": [
|
||||||
|
"cljs",
|
||||||
|
"nextcloud",
|
||||||
|
"k8s",
|
||||||
|
"c4k",
|
||||||
|
"deployment",
|
||||||
|
"yaml",
|
||||||
|
"convention4kubernetes"
|
||||||
|
],
|
||||||
|
"bugs": {
|
||||||
|
"url": "https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/issues"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"js-base64": "^3.6.1",
|
||||||
|
"js-yaml": "^4.0.0"
|
||||||
|
},
|
||||||
|
"devDependencies": {
|
||||||
|
"shadow-cljs": "^2.11.18",
|
||||||
|
"source-map-support": "^0.5.19"
|
||||||
|
}
|
||||||
|
}
|
41
project.clj
Normal file
41
project.clj
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
(defproject org.domaindrivenarchitecture/c4k-nextcloud "1.0.2-SNAPSHOT"
|
||||||
|
:description "nextcloud c4k-installation package"
|
||||||
|
:url "https://domaindrivenarchitecture.org"
|
||||||
|
:license {:name "Apache License, Version 2.0"
|
||||||
|
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
|
||||||
|
:dependencies [[org.clojure/clojure "1.10.3"]
|
||||||
|
[org.clojure/tools.reader "1.3.4"]
|
||||||
|
[org.domaindrivenarchitecture/c4k-common-clj "0.2.8"]]
|
||||||
|
:target-path "target/%s/"
|
||||||
|
:source-paths ["src/main/cljc"
|
||||||
|
"src/main/clj"]
|
||||||
|
:resource-paths ["src/main/resources"]
|
||||||
|
:repositories [["snapshots" :clojars]
|
||||||
|
["releases" :clojars]]
|
||||||
|
:deploy-repositories [["snapshots" :clojars]
|
||||||
|
["releases" :clojars]]
|
||||||
|
:profiles {:test {:test-paths ["src/test/cljc"]
|
||||||
|
:resource-paths ["src/test/resources"]
|
||||||
|
:dependencies [[dda/data-test "0.1.1"]]}
|
||||||
|
:dev {:plugins [[lein-shell "0.5.0"]]}
|
||||||
|
:uberjar {:aot :all
|
||||||
|
:main dda.c4k-nextcloud.uberjar
|
||||||
|
:uberjar-name "c4k-nextcloud-standalone.jar"
|
||||||
|
:dependencies [[org.clojure/tools.cli "1.0.206"]
|
||||||
|
[ch.qos.logback/logback-classic "1.3.0-alpha4"
|
||||||
|
:exclusions [com.sun.mail/javax.mail]]
|
||||||
|
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}}
|
||||||
|
:release-tasks [["test"]
|
||||||
|
["vcs" "assert-committed"]
|
||||||
|
["change" "version" "leiningen.release/bump-version" "release"]
|
||||||
|
["vcs" "commit"]
|
||||||
|
["vcs" "tag"]
|
||||||
|
["change" "version" "leiningen.release/bump-version"]]
|
||||||
|
:aliases {"native" ["shell"
|
||||||
|
"native-image"
|
||||||
|
"--report-unsupported-elements-at-runtime"
|
||||||
|
"--initialize-at-build-time"
|
||||||
|
"-jar" "target/uberjar/c4k-nextcloud-standalone.jar"
|
||||||
|
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
|
||||||
|
"-H:Log=registerResource"
|
||||||
|
"-H:Name=target/graalvm/${:name}"]})
|
15
shadow-cljs.edn
Normal file
15
shadow-cljs.edn
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{:source-paths ["src/main/cljc"
|
||||||
|
"src/main/cljs"
|
||||||
|
"src/main/resources"
|
||||||
|
"src/test/cljc"
|
||||||
|
"src/test/cljs"
|
||||||
|
"src/test/resources"]
|
||||||
|
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "0.2.8"]]
|
||||||
|
:builds {:frontend {:target :browser
|
||||||
|
:modules {:main {:init-fn dda.c4k-nextcloud.browser/init}}
|
||||||
|
:release {}
|
||||||
|
:compiler-options {:optimizations :advanced}}
|
||||||
|
:test {:target :node-test
|
||||||
|
:output-to "target/node-tests.js"
|
||||||
|
:autorun true
|
||||||
|
:repl-pprint true}}}
|
56
src/main/clj/dda/c4k_nextcloud/uberjar.clj
Normal file
56
src/main/clj/dda/c4k_nextcloud/uberjar.clj
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
(ns dda.c4k-nextcloud.uberjar
|
||||||
|
(:gen-class)
|
||||||
|
(:require
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
[clojure.string :as cs]
|
||||||
|
[clojure.tools.reader.edn :as edn]
|
||||||
|
[expound.alpha :as expound]
|
||||||
|
[dda.c4k-nextcloud.core :as core]))
|
||||||
|
|
||||||
|
(def usage
|
||||||
|
"usage:
|
||||||
|
|
||||||
|
c4k-nextcloud {your configuraton file} {your authorization file}")
|
||||||
|
|
||||||
|
(s/def ::options (s/* #{"-h"}))
|
||||||
|
(s/def ::filename (s/and string?
|
||||||
|
#(not (cs/starts-with? % "-"))))
|
||||||
|
(s/def ::cmd-args (s/cat :options ::options
|
||||||
|
:args (s/?
|
||||||
|
(s/cat :config ::filename
|
||||||
|
:auth ::filename))))
|
||||||
|
|
||||||
|
(defn expound-config
|
||||||
|
[config]
|
||||||
|
(expound/expound ::core/config config))
|
||||||
|
|
||||||
|
(defn invalid-args-msg
|
||||||
|
[spec args]
|
||||||
|
(s/explain spec args)
|
||||||
|
(println (str "Bad commandline arguments\n" usage)))
|
||||||
|
|
||||||
|
(defn -main [& cmd-args]
|
||||||
|
(let [parsed-args-cmd (s/conform ::cmd-args cmd-args)]
|
||||||
|
(if (= ::s/invalid parsed-args-cmd)
|
||||||
|
(invalid-args-msg ::cmd-args cmd-args)
|
||||||
|
(let [{:keys [options args]} parsed-args-cmd
|
||||||
|
{:keys [config auth]} args]
|
||||||
|
(cond
|
||||||
|
(some #(= "-h" %) options)
|
||||||
|
(println usage)
|
||||||
|
:default
|
||||||
|
(let [config-str (slurp config)
|
||||||
|
auth-str (slurp auth)
|
||||||
|
config-edn (edn/read-string config-str)
|
||||||
|
auth-edn (edn/read-string auth-str)
|
||||||
|
config-valid? (s/valid? core/config? config-edn)
|
||||||
|
auth-valid? (s/valid? core/auth? auth-edn)]
|
||||||
|
(if (and config-valid? auth-valid?)
|
||||||
|
(println (core/generate config-edn auth-edn))
|
||||||
|
(do
|
||||||
|
(when (not config-valid?)
|
||||||
|
(println
|
||||||
|
(expound/expound-str core/config? config-edn {:print-specs? false})))
|
||||||
|
(when (not auth-valid?)
|
||||||
|
(println
|
||||||
|
(expound/expound-str core/auth? auth-edn {:print-specs? false})))))))))))
|
37
src/main/cljc/dda/c4k_nextcloud/backup.cljc
Normal file
37
src/main/cljc/dda/c4k_nextcloud/backup.cljc
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
(ns dda.c4k-nextcloud.backup
|
||||||
|
(:require
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
#?(:cljs [shadow.resource :as rc])
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-common.base64 :as b64]
|
||||||
|
[dda.c4k-common.common :as cm]))
|
||||||
|
|
||||||
|
(s/def ::aws-access-key-id cm/bash-env-string?)
|
||||||
|
(s/def ::aws-secret-access-key cm/bash-env-string?)
|
||||||
|
(s/def ::restic-password cm/bash-env-string?)
|
||||||
|
(s/def ::restic-repository cm/bash-env-string?)
|
||||||
|
|
||||||
|
#?(:cljs
|
||||||
|
(defmethod yaml/load-resource :backup [resource-name]
|
||||||
|
(case resource-name
|
||||||
|
"backup/config.yaml" (rc/inline "backup/config.yaml")
|
||||||
|
"backup/cron.yaml" (rc/inline "backup/cron.yaml")
|
||||||
|
"backup/secret.yaml" (rc/inline "backup/secret.yaml")
|
||||||
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
|
(defn generate-config [my-conf]
|
||||||
|
(let [{:keys [restic-repository]} my-conf]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "backup/config.yaml"))
|
||||||
|
(cm/replace-key-value :restic-repository restic-repository))))
|
||||||
|
|
||||||
|
(defn generate-cron []
|
||||||
|
(yaml/from-string (yaml/load-resource "backup/cron.yaml")))
|
||||||
|
|
||||||
|
(defn generate-secret [my-auth]
|
||||||
|
(let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "backup/secret.yaml"))
|
||||||
|
(cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id))
|
||||||
|
(cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key))
|
||||||
|
(cm/replace-key-value :restic-password (b64/encode restic-password)))))
|
52
src/main/cljc/dda/c4k_nextcloud/core.cljc
Normal file
52
src/main/cljc/dda/c4k_nextcloud/core.cljc
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
(ns dda.c4k-nextcloud.core
|
||||||
|
(:require
|
||||||
|
[clojure.string :as cs]
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-common.postgres :as postgres]
|
||||||
|
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||||
|
[dda.c4k-nextcloud.backup :as backup]))
|
||||||
|
|
||||||
|
(def config-defaults {:issuer :staging})
|
||||||
|
|
||||||
|
(def config? (s/keys :req-un [::nextcloud/fqdn]
|
||||||
|
:opt-un [::nextcloud/issuer ::nextcloud/nextcloud-data-volume-path
|
||||||
|
::postgres/postgres-data-volume-path ::restic-repository
|
||||||
|
::nextcloud/storage-size]))
|
||||||
|
|
||||||
|
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
||||||
|
::aws-access-key-id ::aws-secret-access-key
|
||||||
|
::restic-password]))
|
||||||
|
|
||||||
|
(defn k8s-objects [config]
|
||||||
|
(into
|
||||||
|
[]
|
||||||
|
(concat [(yaml/to-string (postgres/generate-config))
|
||||||
|
(yaml/to-string (postgres/generate-secret config))]
|
||||||
|
(when (contains? config :postgres-data-volume-path)
|
||||||
|
[(yaml/to-string (postgres/generate-persistent-volume config))])
|
||||||
|
[(yaml/to-string (postgres/generate-pvc))
|
||||||
|
(yaml/to-string (postgres/generate-deployment))
|
||||||
|
(yaml/to-string (postgres/generate-service))]
|
||||||
|
(when (contains? config :nextcloud-data-volume-path)
|
||||||
|
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
|
||||||
|
[(yaml/to-string (nextcloud/generate-pvc))
|
||||||
|
(yaml/to-string (nextcloud/generate-deployment config))
|
||||||
|
(yaml/to-string (nextcloud/generate-service))
|
||||||
|
(yaml/to-string (nextcloud/generate-certificate config))
|
||||||
|
(yaml/to-string (nextcloud/generate-ingress config))
|
||||||
|
(yaml/to-string (nextcloud/generate-service))]
|
||||||
|
(when (contains? config :restic-repository)
|
||||||
|
[(yaml/to-string (backup/generate-config config))
|
||||||
|
(yaml/to-string (backup/generate-secret config))
|
||||||
|
(yaml/to-string (backup/generate-cron))]))))
|
||||||
|
|
||||||
|
(defn-spec generate any?
|
||||||
|
[my-config config?
|
||||||
|
my-auth auth?]
|
||||||
|
(let [resulting-config (merge config-defaults my-config my-auth)]
|
||||||
|
(cs/join
|
||||||
|
"\n---\n"
|
||||||
|
(k8s-objects resulting-config))))
|
59
src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc
Normal file
59
src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
(ns dda.c4k-nextcloud.nextcloud
|
||||||
|
(:require
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
#?(:cljs [shadow.resource :as rc])
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-common.common :as cm]))
|
||||||
|
|
||||||
|
(s/def ::fqdn cm/fqdn-string?)
|
||||||
|
(s/def ::issuer cm/letsencrypt-issuer?)
|
||||||
|
(s/def ::restic-repository string?)
|
||||||
|
(s/def ::nextcloud-data-volume-path string?)
|
||||||
|
|
||||||
|
#?(:cljs
|
||||||
|
(defmethod yaml/load-resource :nextcloud [resource-name]
|
||||||
|
(case resource-name
|
||||||
|
"nextcloud/certificate.yaml" (rc/inline "nextcloud/certificate.yaml")
|
||||||
|
"nextcloud/deployment.yaml" (rc/inline "nextcloud/deployment.yaml")
|
||||||
|
"nextcloud/ingress.yaml" (rc/inline "nextcloud/ingress.yaml")
|
||||||
|
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
|
||||||
|
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
|
||||||
|
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
|
||||||
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
|
(defn generate-certificate [config]
|
||||||
|
(let [{:keys [fqdn issuer]} config
|
||||||
|
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/certificate.yaml"))
|
||||||
|
(assoc-in [:spec :commonName] fqdn)
|
||||||
|
(assoc-in [:spec :dnsNames] [fqdn])
|
||||||
|
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
|
||||||
|
|
||||||
|
(defn generate-deployment [config]
|
||||||
|
(let [{:keys [fqdn]} config]
|
||||||
|
(-> (yaml/from-string (yaml/load-resource "nextcloud/deployment.yaml"))
|
||||||
|
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||||
|
|
||||||
|
(defn generate-ingress [config]
|
||||||
|
(let [{:keys [fqdn issuer]
|
||||||
|
:or {issuer :staging}} config
|
||||||
|
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/ingress.yaml"))
|
||||||
|
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||||
|
|
||||||
|
(defn generate-persistent-volume [config]
|
||||||
|
(let [{:keys [nextcloud-data-volume-path storage-size]} config]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/persistent-volume.yaml"))
|
||||||
|
(assoc-in [:spec :hostPath :path] nextcloud-data-volume-path)
|
||||||
|
;(assoc-in [:spec :capacity :storage] (str storage-size "Gi"))
|
||||||
|
)))
|
||||||
|
|
||||||
|
(defn generate-pvc []
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/pvc.yaml")))
|
||||||
|
|
||||||
|
(defn generate-service []
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
|
62
src/main/cljs/dda/c4k_nextcloud/browser.cljs
Normal file
62
src/main/cljs/dda/c4k_nextcloud/browser.cljs
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
(ns dda.c4k-nextcloud.browser
|
||||||
|
(:require
|
||||||
|
[clojure.tools.reader.edn :as edn]
|
||||||
|
[dda.c4k-nextcloud.core :as core]
|
||||||
|
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||||
|
[dda.c4k-common.browser :as br]
|
||||||
|
[dda.c4k-common.postgres :as pgc]))
|
||||||
|
|
||||||
|
(defn config-from-document []
|
||||||
|
(let [nextcloud-data-volume-path (br/get-content-from-element "nextcloud-data-volume-path" :optional true)
|
||||||
|
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true)
|
||||||
|
restic-repository (br/get-content-from-element "restic-repository" :optional true)
|
||||||
|
issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)]
|
||||||
|
(merge
|
||||||
|
{:fqdn (br/get-content-from-element "fqdn")}
|
||||||
|
(when (some? nextcloud-data-volume-path)
|
||||||
|
{:nextcloud-data-volume-path nextcloud-data-volume-path})
|
||||||
|
(when (some? postgres-data-volume-path)
|
||||||
|
{:postgres-data-volume-path postgres-data-volume-path})
|
||||||
|
(when (some? restic-repository)
|
||||||
|
{:restic-repository restic-repository})
|
||||||
|
(when (some? issuer)
|
||||||
|
{:issuer issuer})
|
||||||
|
)))
|
||||||
|
|
||||||
|
(defn validate-all! []
|
||||||
|
(br/validate! "fqdn" ::nextcloud/fqdn)
|
||||||
|
(br/validate! "nextcloud-data-volume-path" ::nextcloud/nextcloud-data-volume-path :optional true)
|
||||||
|
(br/validate! "postgres-data-volume-path" ::pgc/postgres-data-volume-path :optional true)
|
||||||
|
(br/validate! "restic-repository" ::nextcloud/restic-repository :optional true)
|
||||||
|
(br/validate! "issuer" ::nextcloud/issuer :optional true :deserializer keyword)
|
||||||
|
(br/validate! "auth" core/auth? :deserializer edn/read-string)
|
||||||
|
(br/set-validated!))
|
||||||
|
|
||||||
|
(defn init []
|
||||||
|
(-> js/document
|
||||||
|
(.getElementById "generate-button")
|
||||||
|
(.addEventListener "click"
|
||||||
|
#(do (validate-all!)
|
||||||
|
(-> (core/generate
|
||||||
|
(config-from-document)
|
||||||
|
(br/get-content-from-element "auth" :deserializer edn/read-string))
|
||||||
|
(br/set-output!)))))
|
||||||
|
(-> (br/get-element-by-id "fqdn")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
(-> (br/get-element-by-id "nextcloud-data-volume-path")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
(-> (br/get-element-by-id "postgres-data-volume-path")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
(-> (br/get-element-by-id "restic-repository")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
(-> (br/get-element-by-id "issuer")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
(-> (br/get-element-by-id "auth")
|
||||||
|
(.addEventListener "blur"
|
||||||
|
#(do (validate-all!))))
|
||||||
|
)
|
59
src/main/resources/backup/backup-restore.yaml
Normal file
59
src/main/resources/backup/backup-restore.yaml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
kind: Pod
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: backup-restore
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: backup-restore
|
||||||
|
app.kubernetes.io/part-of: cloud
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: backup-app
|
||||||
|
image: domaindrivenarchitecture/c4k-cloud-backup
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["/entrypoint-start-and-wait.sh"]
|
||||||
|
env:
|
||||||
|
- name: POSTGRES_USER_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
|
- name: POSTGRES_DB_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: "postgresql-service:5432"
|
||||||
|
- name: POSTGRES_SERVICE
|
||||||
|
value: "postgresql-service"
|
||||||
|
- name: POSTGRES_PORT
|
||||||
|
value: "5432"
|
||||||
|
- name: AWS_DEFAULT_REGION
|
||||||
|
value: eu-central-1
|
||||||
|
- name: AWS_ACCESS_KEY_ID_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||||
|
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||||
|
- name: RESTIC_REPOSITORY
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: backup-config
|
||||||
|
key: restic-repository
|
||||||
|
- name: RESTIC_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/restic-password
|
||||||
|
volumeMounts:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
mountPath: /var/backups
|
||||||
|
- name: backup-secret-volume
|
||||||
|
mountPath: /var/run/secrets/backup-secrets
|
||||||
|
readOnly: true
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: cloud-pvc
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: cloud-secret
|
||||||
|
- name: backup-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: backup-secret
|
||||||
|
restartPolicy: OnFailure
|
9
src/main/resources/backup/config.yaml
Normal file
9
src/main/resources/backup/config.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: backup-config
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: backup
|
||||||
|
app.kubernetes.io/part-of: cloud
|
||||||
|
data:
|
||||||
|
restic-repository: restic-repository
|
65
src/main/resources/backup/cron.yaml
Normal file
65
src/main/resources/backup/cron.yaml
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
apiVersion: batch/v1beta1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: cloud-backup
|
||||||
|
labels:
|
||||||
|
app.kubernetes.part-of: cloud
|
||||||
|
spec:
|
||||||
|
schedule: "10 23 * * *"
|
||||||
|
successfulJobsHistoryLimit: 0
|
||||||
|
failedJobsHistoryLimit: 0
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: backup-app
|
||||||
|
image: domaindrivenarchitecture/meissa-cloud-backup
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["/entrypoint.sh"]
|
||||||
|
env:
|
||||||
|
- name: POSTGRES_USER_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
|
- name: POSTGRES_DB_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: "postgresql-service:5432"
|
||||||
|
- name: POSTGRES_SERVICE
|
||||||
|
value: "postgresql-service"
|
||||||
|
- name: POSTGRES_PORT
|
||||||
|
value: "5432"
|
||||||
|
- name: AWS_DEFAULT_REGION
|
||||||
|
value: eu-central-1
|
||||||
|
- name: AWS_ACCESS_KEY_ID_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||||
|
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||||
|
- name: RESTIC_REPOSITORY
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: backup-config
|
||||||
|
key: restic-repository
|
||||||
|
- name: RESTIC_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/backup-secrets/restic-password
|
||||||
|
volumeMounts:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
mountPath: /var/backups
|
||||||
|
- name: backup-secret-volume
|
||||||
|
mountPath: /var/run/secrets/backup-secrets
|
||||||
|
readOnly: true
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: cloud-pvc
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: cloud-secret
|
||||||
|
- name: backup-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: backup-secret
|
||||||
|
restartPolicy: OnFailure
|
9
src/main/resources/backup/secret.yaml
Normal file
9
src/main/resources/backup/secret.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: backup-secret
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
aws-access-key-id: aws-access-key-id
|
||||||
|
aws-secret-access-key: aws-secret-access-key
|
||||||
|
restic-password: restic-password
|
13
src/main/resources/nextcloud/certificate.yaml
Normal file
13
src/main/resources/nextcloud/certificate.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: cert-manager.io/v1alpha2
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: cloud-cert
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
secretName: cloud-secret
|
||||||
|
commonName: fqdn
|
||||||
|
dnsNames:
|
||||||
|
- fqdn
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-staging-issuer
|
||||||
|
kind: ClusterIssuer
|
22
src/main/resources/nextcloud/configure-as-user.sh
Normal file
22
src/main/resources/nextcloud/configure-as-user.sh
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-ingress.yml
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-pod.yml
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-pvc.yml
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-service.yml
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-secret.yml
|
||||||
|
kubectl delete --ignore-not-found=true -f cloud-persistent-volume.yml
|
||||||
|
|
||||||
|
#Wait for postgres to be running
|
||||||
|
while [$POSTGRES = ""]
|
||||||
|
do
|
||||||
|
POSTGRES=$(kubectl get pods --selector=app=postgresql -o jsonpath='{.items[*].metadata.name}')
|
||||||
|
done
|
||||||
|
kubectl wait --for=condition=ready pod/$POSTGRES
|
||||||
|
|
||||||
|
kubectl apply -f cloud-persistent-volume.yml
|
||||||
|
kubectl apply -f cloud-secret.yml
|
||||||
|
kubectl apply -f cloud-service.yml
|
||||||
|
kubectl apply -f cloud-pvc.yml
|
||||||
|
kubectl apply -f cloud-pod.yml
|
||||||
|
kubectl apply -f cloud-ingress.yml
|
52
src/main/resources/nextcloud/deployment.yaml
Normal file
52
src/main/resources/nextcloud/deployment.yaml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cloud
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cloud
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cloud
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- image: domaindrivenarchitecture/meissa-cloud-app
|
||||||
|
name: cloud-app
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
env:
|
||||||
|
- name: NEXTCLOUD_ADMIN_USER_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
||||||
|
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
||||||
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||||
|
value: fqdn
|
||||||
|
- name: POSTGRES_USER_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
|
- name: POSTGRES_DB_FILE
|
||||||
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: "postgresql-service:5432"
|
||||||
|
volumeMounts:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
mountPath: /var/www/html
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: cloud-pvc
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: cloud-secret
|
||||||
|
- name: backup-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: backup-secret
|
26
src/main/resources/nextcloud/ingress.yaml
Normal file
26
src/main/resources/nextcloud/ingress.yaml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: ingress-cloud
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
|
||||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- fqdn
|
||||||
|
secretName: cloud-secret
|
||||||
|
rules:
|
||||||
|
- host: fqdn
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
backend:
|
||||||
|
serviceName: cloud-service
|
||||||
|
servicePort: 80
|
4
src/main/resources/nextcloud/install-as-root.sh.template
Normal file
4
src/main/resources/nextcloud/install-as-root.sh.template
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir -p /var/cloud
|
||||||
|
install -d -m 0777 -o {{user}} -g {{user}} /var/cloud
|
15
src/main/resources/nextcloud/persistent-volume.yaml
Normal file
15
src/main/resources/nextcloud/persistent-volume.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
kind: PersistentVolume
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: cloud-pv-volume
|
||||||
|
labels:
|
||||||
|
type: local
|
||||||
|
app: cloud
|
||||||
|
spec:
|
||||||
|
storageClassName: manual
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
capacity:
|
||||||
|
storage: 200Gi
|
||||||
|
hostPath:
|
||||||
|
path: "/var/cloud"
|
25
src/main/resources/nextcloud/pod-running.sh
Normal file
25
src/main/resources/nextcloud/pod-running.sh
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/bash
|
||||||
|
SECONDS=0
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
|
||||||
|
POD_STATUS="$(kubectl get pods --all-namespaces --field-selector=status.phase=Running | grep $1 )";
|
||||||
|
if [ ! -z "$POD_STATUS" ]
|
||||||
|
then
|
||||||
|
# pod = ready is not enough
|
||||||
|
sleep $4
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
|
||||||
|
let duration=$SECONDS/60
|
||||||
|
# pallet needs a regular action, otherwise unwanted timeout after 5 min
|
||||||
|
echo "Seconds waited: ${SECONDS}"
|
||||||
|
if [ "$duration" -ge "$2" ]
|
||||||
|
then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep $3
|
||||||
|
done
|
||||||
|
|
||||||
|
exit 0
|
16
src/main/resources/nextcloud/pvc.yaml
Normal file
16
src/main/resources/nextcloud/pvc.yaml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: cloud-pvc
|
||||||
|
labels:
|
||||||
|
app: cloud
|
||||||
|
spec:
|
||||||
|
storageClassName: manual
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 200Gi
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cloud
|
11
src/main/resources/nextcloud/secret.yaml
Normal file
11
src/main/resources/nextcloud/secret.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: cloud-secret
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
postgres-db: db-name
|
||||||
|
postgres-user: db-user-name
|
||||||
|
postgres-password: db-user-password
|
||||||
|
nextcloud-admin-user: admin-user
|
||||||
|
nextcloud-admin-password: admin-password
|
9
src/main/resources/nextcloud/service.yaml
Normal file
9
src/main/resources/nextcloud/service.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cloud-service
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: cloud
|
||||||
|
ports:
|
||||||
|
- port: 80
|
65
src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
Normal file
65
src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
(ns dda.c4k-nextcloud.backup-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[dda.c4k-nextcloud.backup :as cut]))
|
||||||
|
|
||||||
|
|
||||||
|
(deftest should-generate-secret
|
||||||
|
(is (= {:apiVersion "v1"
|
||||||
|
:kind "Secret"
|
||||||
|
:metadata {:name "backup-secret"}
|
||||||
|
:type "Opaque"
|
||||||
|
:stringData
|
||||||
|
{:aws-access-key-id "YXdzLWlk", :aws-secret-access-key "YXdzLXNlY3JldA==", :restic-password "cmVzdGljLXB3"}}
|
||||||
|
(cut/generate-secret {:aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-pw"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-config
|
||||||
|
(is (= {:apiVersion "v1"
|
||||||
|
:kind "ConfigMap"
|
||||||
|
:metadata {:name "backup-config"
|
||||||
|
:labels {:app.kubernetes.io/name "backup"
|
||||||
|
:app.kubernetes.io/part-of "cloud"}}
|
||||||
|
:data
|
||||||
|
{:restic-repository "s3:restic-repository"}}
|
||||||
|
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-cron
|
||||||
|
(is (= {:apiVersion "batch/v1beta1"
|
||||||
|
:kind "CronJob"
|
||||||
|
:metadata {:name "cloud-backup", :labels {:app.kubernetes.part-of "cloud"}}
|
||||||
|
:spec
|
||||||
|
{:schedule "10 23 * * *"
|
||||||
|
:successfulJobsHistoryLimit 0
|
||||||
|
:failedJobsHistoryLimit 0
|
||||||
|
:jobTemplate
|
||||||
|
{:spec
|
||||||
|
{:template
|
||||||
|
{:spec
|
||||||
|
{:containers
|
||||||
|
[{:name "backup-app"
|
||||||
|
:image "domaindrivenarchitecture/meissa-cloud-backup"
|
||||||
|
:imagePullPolicy "IfNotPresent"
|
||||||
|
:command ["/entrypoint.sh"]
|
||||||
|
:env
|
||||||
|
[{:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"}
|
||||||
|
{:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"}
|
||||||
|
{:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"}
|
||||||
|
{:name "POSTGRES_HOST", :value "postgresql-service:5432"}
|
||||||
|
{:name "POSTGRES_SERVICE", :value "postgresql-service"}
|
||||||
|
{:name "POSTGRES_PORT", :value "5432"}
|
||||||
|
{:name "AWS_DEFAULT_REGION", :value "eu-central-1"}
|
||||||
|
{:name "AWS_ACCESS_KEY_ID_FILE", :value "/var/run/secrets/backup-secrets/aws-access-key-id"}
|
||||||
|
{:name "AWS_SECRET_ACCESS_KEY_FILE", :value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
|
||||||
|
{:name "RESTIC_REPOSITORY", :valueFrom {:configMapKeyRef {:name "backup-config", :key "restic-repository"}}}
|
||||||
|
{:name "RESTIC_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-password"}]
|
||||||
|
:volumeMounts
|
||||||
|
[{:name "cloud-data-volume", :mountPath "/var/backups"}
|
||||||
|
{:name "backup-secret-volume", :mountPath "/var/run/secrets/backup-secrets", :readOnly true}
|
||||||
|
{:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}]
|
||||||
|
:volumes
|
||||||
|
[{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}}
|
||||||
|
{:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}}
|
||||||
|
{:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]
|
||||||
|
:restartPolicy "OnFailure"}}}}}}
|
||||||
|
(cut/generate-cron))))
|
35
src/test/cljc/dda/c4k_nextcloud/core_test.cljc
Normal file
35
src/test/cljc/dda/c4k_nextcloud/core_test.cljc
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
(ns dda.c4k-nextcloud.core-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[dda.c4k-nextcloud.core :as cut]))
|
||||||
|
|
||||||
|
(deftest should-k8s-objects
|
||||||
|
(is (= 16
|
||||||
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
|
:postgres-db-user "nextcloud"
|
||||||
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:issuer :prod
|
||||||
|
:nextcloud-data-volume-path "/var/nextcloud"
|
||||||
|
:postgres-data-volume-path "/var/postgres"
|
||||||
|
:aws-access-key-id "aws-id"
|
||||||
|
:aws-secret-access-key "aws-secret"
|
||||||
|
:restic-password "restic-pw"
|
||||||
|
:restic-repository "restic-repository"}))))
|
||||||
|
(is (= 14
|
||||||
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
|
:postgres-db-user "nextcloud"
|
||||||
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:issuer :prod
|
||||||
|
:aws-access-key-id "aws-id"
|
||||||
|
:aws-secret-access-key "aws-secret"
|
||||||
|
:restic-password "restic-pw"
|
||||||
|
:restic-repository "restic-repository"}))))
|
||||||
|
(is (= 11
|
||||||
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
|
:postgres-db-user "nextcloud"
|
||||||
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:issuer :prod
|
||||||
|
:aws-access-key-id "aws-id"
|
||||||
|
:aws-secret-access-key "aws-secret"
|
||||||
|
:restic-password "restic-pw"})))))
|
86
src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc
Normal file
86
src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
(ns dda.c4k-nextcloud.nextcloud-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[dda.c4k-nextcloud.nextcloud :as cut]))
|
||||||
|
|
||||||
|
(deftest should-generate-certificate
|
||||||
|
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
||||||
|
:kind "Certificate"
|
||||||
|
:metadata {:name "cloud-cert", :namespace "default"}
|
||||||
|
:spec
|
||||||
|
{:secretName "cloud-secret"
|
||||||
|
:commonName "xx"
|
||||||
|
:dnsNames ["xx"]
|
||||||
|
:issuerRef
|
||||||
|
{:name "letsencrypt-prod-issuer", :kind "ClusterIssuer"}}}
|
||||||
|
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
||||||
|
|
||||||
|
(deftest should-generate-ingress
|
||||||
|
(is (= {:apiVersion "extensions/v1beta1"
|
||||||
|
:kind "Ingress"
|
||||||
|
:metadata
|
||||||
|
{:name "ingress-cloud"
|
||||||
|
:annotations
|
||||||
|
{:cert-manager.io/cluster-issuer
|
||||||
|
"letsencrypt-staging-issuer"
|
||||||
|
:nginx.ingress.kubernetes.io/proxy-body-size "256m"
|
||||||
|
:nginx.ingress.kubernetes.io/ssl-redirect "true"
|
||||||
|
:nginx.ingress.kubernetes.io/rewrite-target "/"
|
||||||
|
:nginx.ingress.kubernetes.io/proxy-connect-timeout "300"
|
||||||
|
:nginx.ingress.kubernetes.io/proxy-send-timeout "300"
|
||||||
|
:nginx.ingress.kubernetes.io/proxy-read-timeout "300"}
|
||||||
|
:namespace "default"}
|
||||||
|
:spec
|
||||||
|
{:tls [{:hosts ["xx"], :secretName "cloud-secret"}]
|
||||||
|
:rules
|
||||||
|
[{:host "xx"
|
||||||
|
:http
|
||||||
|
{:paths
|
||||||
|
[{:path "/"
|
||||||
|
:backend
|
||||||
|
{:serviceName "cloud-service", :servicePort 80}}]}}]}}
|
||||||
|
(cut/generate-ingress {:fqdn "xx"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-persistent-volume
|
||||||
|
(is (= {:kind "PersistentVolume"
|
||||||
|
:apiVersion "v1"
|
||||||
|
:metadata {:name "cloud-pv-volume", :labels {:type "local" :app "cloud"}}
|
||||||
|
:spec
|
||||||
|
{:storageClassName "manual"
|
||||||
|
:accessModes ["ReadWriteOnce"]
|
||||||
|
:capacity {:storage "200Gi"}
|
||||||
|
:hostPath {:path "xx"}}}
|
||||||
|
(cut/generate-persistent-volume {:nextcloud-data-volume-path "xx"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-deployment
|
||||||
|
(is (= {:apiVersion "apps/v1"
|
||||||
|
:kind "Deployment"
|
||||||
|
:metadata {:name "cloud"}
|
||||||
|
:spec
|
||||||
|
{:selector {:matchLabels {:app "cloud"}}
|
||||||
|
:strategy {:type "Recreate"}
|
||||||
|
:template
|
||||||
|
{:metadata {:labels {:app "cloud"}}
|
||||||
|
:spec
|
||||||
|
{:containers
|
||||||
|
[{:image "domaindrivenarchitecture/meissa-cloud-app"
|
||||||
|
:name "cloud-app"
|
||||||
|
:imagePullPolicy "IfNotPresent"
|
||||||
|
:ports [{:containerPort 80}]
|
||||||
|
:env
|
||||||
|
[{:name "NEXTCLOUD_ADMIN_USER_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
|
||||||
|
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
|
||||||
|
{:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"}
|
||||||
|
{:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"}
|
||||||
|
{:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"}
|
||||||
|
{:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"}
|
||||||
|
{:name "POSTGRES_HOST", :value "postgresql-service:5432"}]
|
||||||
|
:volumeMounts
|
||||||
|
[{:name "cloud-data-volume", :mountPath "/var/www/html"}
|
||||||
|
{:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}]
|
||||||
|
:volumes
|
||||||
|
[{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}}
|
||||||
|
{:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}}
|
||||||
|
{:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]}}}}
|
||||||
|
(cut/generate-deployment {:fqdn "xx"}))))
|
5
valid-auth.edn
Normal file
5
valid-auth.edn
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{:postgres-db-user "nextcloud"
|
||||||
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:aws-access-key-id "aws-id"
|
||||||
|
:aws-secret-access-key "aws-secret"
|
||||||
|
:restic-password "restic-password"}
|
5
valid-config.edn
Normal file
5
valid-config.edn
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||||
|
:nextcloud-data-volume-path "/var/nextcloud"
|
||||||
|
:postgres-data-volume-path "/var/postgres"
|
||||||
|
;:storage-size 300
|
||||||
|
:restic-repository "restic-repository"}
|
Loading…
Reference in a new issue