Commit 2afe411f authored by nimrod's avatar nimrod
Browse files

Updates.

A lot of different fixes. What I have in production right now.
parent 7da51307
Loading
Loading
Loading
Loading
Loading

.gitlab-ci.yml

0 → 100644
+46 −0
Original line number Diff line number Diff line
---
image: adarnimrod/ci-images:docker

stages:
  - test
  - build
  - run

pre-commit:
  stage: test
  image: adarnimrod/ci-images:pre-commit
  variables:
    XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
    # Disabled until https://github.com/pre-commit/pre-commit/issues/1387 is
    # resolved.
    SKIP: "hadolint,docker-compose"
  script:
    - pre-commit run --all-files
  cache:
    paths:
      - .cache/

build:
  stage: build
  tags: ["host01.shore.co.il"]
  variables:
    # COMPOSE_DOCKER_CLI_BUILD: "1"
    # DOCKER_BUILDKIT: "1"
  script:
    - docker-compose build --no-cache --pull
    - docker-compose pull --quiet

run:
  stage: run
  tags: ["host01.shore.co.il"]
  when: manual
  script:
    - docker-compose up --detach --remove-orphans
    # yamllint disable rule:line-length
    - |
        for i in $(seq 12)
        do
            docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$' || break
            sleep 10
        done
        ! docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$'
+8 −3
Original line number Diff line number Diff line
@@ -19,14 +19,19 @@ repos:
    hooks:
      - id: proselint
        types: [plain-text]
        exclude: LICENSE|requirements
  - repo: https://www.shore.co.il/git/shell-pre-commit/
        exclude: LICENSE
  - repo: https://git.shore.co.il/nimrod/shell-pre-commit.git/
    rev: v0.6.0
    hooks:
      - id: shell-lint
      - id: shellcheck
  - repo: https://www.shore.co.il/git/docker-pre-commit
  - repo: https://git.shore.co.il/nimrod/docker-pre-commit.git/
    rev: v0.3.0
    hooks:
      - id: hadolint
      - id: docker-compose
  - repo: https://github.com/Yelp/detect-secrets
    rev: v0.13.0
    hooks:
      - id: detect-secrets
        exclude: \.diff$
+21 −24
Original line number Diff line number Diff line
@@ -10,53 +10,50 @@ services:

  ldap:
    build:
      cache_from:
        - adarnimrod/slapd
      context: slapd/
    domainname: "${LDAP_HOSTNAME:-ldap}.${LDAP_DOMAIN:-nowhere.com}"
    environment:
      LDAP_ROOTPASS: &password "${LDAP_ROOTPASS:-foo}"
      LDAP_DOMAIN: "${LDAP_DOMAIN:-nowhere.com}"
      LDAP_ORGANIZATION: "${LDAP_ORGANIZATION:-none}"
    hostname: "${LDAP_HOSTNAME:-ldap}"
      LDAP_DOMAIN: "${LDAP_DOMAIN:-shore.co.il}"
      LDAP_ORGANIZATION: "${LDAP_ORGANIZATION:-shore}"
      #SLAPD_DEBUG_LEVEL: "any"
      SSL_DHPARAMS_FILE: /var/ssl/dhparams
    hostname: "${LDAP_HOSTNAME:-ldap}.${LDAP_DOMAIN:-shore.co.il}"
    image: adarnimrod/slapd
    restart: always
    volumes:
      - _run_slapd:/run/slapd
      - ldap:/var/lib/ldap
      - backup_ldap:/var/backups/ldap

  nss-pam-ldapd:
    build:
      context: nss-pam-ldapd/
    command: /usr/sbin/nslcd --debug --nofork
    depends_on:
      - ldap
    environment:
      LDAP_BASE_DN: &base_dn "${LDAP_BASE_DN:-dc=nowhere,dc=com}"
    volumes:
      - _run_slapd:/run/slapd
      - /var/ssl/dhparams:/var/ssl/dhparams:ro

  ldap-account-manager:
    build:
      cache_from:
        - adarnimrod/ldap-account-manager
      context: ldap-account-manager/
    depends_on:
      - ldap
    environment:
      LAM_PASSWORD: *password
      LDAP_ADMIN_DN: "cn=admin,${LDAP_BASE_DN:-dc=nowhere,dc=com}"
      LDAP_BASE_DN: *base_dn
      LAM_PASSWORD: *password  # pragma: allowlist secret
      LDAP_ADMIN_DN: "cn=admin,${LDAP_BASE_DN:-dc=shore,dc=co,dc=il}"
      LDAP_BASE_DN: &base_dn "${LDAP_BASE_DN:-dc=shore,dc=co,dc=il}"
    image: adarnimrod/ldap-account-manager
    ports:
      - 80:80
    restart: always
    volumes:
      - _run_slapd:/run/slapd

  # nss-pam-ldapd:
  #   build:
  #     context: nss-pam-ldapd/
  #   command: /usr/sbin/nslcd --debug --nofork
  #   depends_on:
  #     - ldap
  #   environment:
  #     LDAP_BASE_DN: *base_dn
  #   volumes:
  #     - _run_slapd:/run/slapd

volumes:
  _run_slapd:
    name: run_slapd
  ldap:
  backup_ldap:
    labels:
+2 −4
Original line number Diff line number Diff line
FROM debian:sid-slim
FROM debian:bullseye-slim
# hadolint ignore=DL3008
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -15,7 +15,6 @@ RUN apt-get update && \
    a2enmod status && \
    ln -sf /dev/stdout /var/log/apache2/access.log && \
    ln -sf /dev/stderr /var/log/apache2/error.log && \
    ln -sf /dev/stdout /var/log/apache2/lam.log && \
    ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
ENV APACHE_RUN_DIR=/run/apache2 \
@@ -28,8 +27,7 @@ COPY --chown=root:root entrypoint /usr/local/bin/
COPY --chown=root:root lam-setpass /usr/local/bin/
RUN patch --strip 0 --verbose --directory / --input /root/patch.diff && \
    apache2 -t
ENV LDAP_URI=ldapi:/// \
    LAM_PASSWORD=lam
ENV LDAP_URI=ldapi:///
EXPOSE 80
USER "www-data"
WORKDIR /var/www
+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@

Name | Description | Default value
--- | --- | ---
`LAM_PASSWORD` | Password for administrating LAM | `lam`
`LAM_PASSWORD` | Password for administering LAM | `lam`
`LDAP_URI` | URI of the LDAP service | `ldapi:///`
`LDAP_ADMIN_DN` | DN of the admin account
`LDAP_BASE_DN` | Base DN
Loading