From c7de56f73f1109ccb5b4b9310d4a2ed28a0f1df3 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:58:16 +0100
Subject: [PATCH 01/10] one more

---
 manifests/satosa.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 023937b..0fcc34f 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -53,7 +53,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     $fn = $plugins[$n]
     file { $fn:
       content => inline_template("<%= @conf.to_yaml %>\n"),
-      notify  => Sunet::Docker_run['satosa']
+      notify  => Sunet::Docker_compose['satosa']
     }
   }
   sunet::misc::ufw_allow { 'satosa-allow-https':

From 977bd84f500d02b6545688d189d3e2a7c0b9051c Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 13:00:59 +0100
Subject: [PATCH 02/10] duplicate

---
 manifests/satosa.pp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 0fcc34f..3524f87 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -74,12 +74,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
       cert_file => '/etc/satosa/https.crt'
     }
   }
-  file { '/opt/satosa':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0755',
-  }
   -> file { '/opt/satosa/restart.sh':
     ensure  => file,
     owner   => 'root',

From 9e6e33e137044780dcad2a812fabace8090d2d86 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 03/10] Add full_backup_retention

---
 manifests/multinode.pp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f1f5987..3913f46 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -291,6 +291,11 @@ MACAddressPolicy=none'
     if $customer_config['twofactor_enforced_excluded_groups'] {
     $twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups']
     }
+    if $customer_config['full_backup_retention'] {
+      $full_backup_retention = $customer_config['full_backup_retention']
+    } else {
+      $full_backup_retention = hiera('full_backup_retention')
+    }
 
     # Secrets from local.eyaml
     $admin_password = safe_hiera("${customer}_admin_password")
@@ -315,6 +320,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From 31f4c1eb9bed1e2d8d568987eb0698cfd227c6e5 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 04/10] Set expiration for multinode

---
 manifests/app_type.pp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 3ef7a6c..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
@@ -33,6 +34,7 @@ define sunetdrive::app_type (
     $dbhost = 'proxysql_proxysql_1'
     $dbname = 'nextcloud'
     $dbuser = 'nextcloud'
+    $full_backup_retention = hiera('full_backup_retention')
     $instanceid = safe_hiera('instanceid')
     $mysql_user_password = safe_hiera('mysql_user_password')
     $passwordsalt = safe_hiera('passwordsalt')
@@ -88,13 +90,13 @@ define sunetdrive::app_type (
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
   $drive_email_template_url_left = $config['drive_email_template_url_left']
-  $full_backup_retention = hiera('full_backup_retention')
   $lb_servers = hiera_hash($environment)['lb_servers']
   $document_servers = hiera_hash($environment)['document_servers']
 
   # Calculate some values
-  $expiration_days_min = $full_backup_retention * 31
-  $expiration_days_max = $full_backup_retention * 31 + 93
+  $expiration_months = max(12, $full_backup_retention)
+  $expiration_days_min = $expiration_months * 31
+  $expiration_days_max = $expiration_months * 31 + 93
 
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }

From 63b780028ffd4e7fc7665f82489cf9b1851b237f Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 05/10] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp                | 1 -
 manifests/multinode.pp               | 5 ++++-
 templates/application/config.php.erb | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index 3913f46..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -296,6 +296,10 @@ MACAddressPolicy=none'
     } else {
       $full_backup_retention = hiera('full_backup_retention')
     }
+    # Calculate some values
+    $expiration_months = max(12, $full_backup_retention)
+    $expiration_days_min = $expiration_months * 31
+    $expiration_days_max = $expiration_months * 31 + 93
 
     # Secrets from local.eyaml
     $admin_password = safe_hiera("${customer}_admin_password")
@@ -320,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,
diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb
index 23080bc..cb30831 100644
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@@ -238,6 +238,6 @@ $CONFIG = array (
   'updatechecker' => false,
   'version' => '<%= @nextcloud_version_string %>',
 <% if @environment == 'test' -%>
-  'versions_retention_obligation' => '<%= @expiration_days_min %>,<%= @expiration_days_max %>',
+  'versions_retention_obligation' => '<%= @expiration_days_min %>, <%= @expiration_days_max %>',
 <% end -%>
 );

From 0154a533ce07a482e126cf84f2caeadea4a0c765 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 15:16:33 +0100
Subject: [PATCH 06/10] SATOSA: Always have alwayshttps

---
 templates/satosa/docker-compose.yml.erb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/templates/satosa/docker-compose.yml.erb b/templates/satosa/docker-compose.yml.erb
index 4a237f2..8728a6b 100644
--- a/templates/satosa/docker-compose.yml.erb
+++ b/templates/satosa/docker-compose.yml.erb
@@ -12,7 +12,6 @@ services:
     volumes:
       - "/etc/satosa:/etc/satosa"
       - "/etc/dehydrated:/etc/dehydrated"
-<% if @dehydrated_status == "present" -%>
   alwayshttps:
     environment:
       - "ACME_URL=http://acme-c.sunet.se"
@@ -22,4 +21,3 @@ services:
     pull_policy: "always"
     ports:
       - "80:80"
-<% end -%>

From ab2d70303f14a7ed9db8200fc233bba20d247cbf Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 20 Jan 2025 08:45:55 +0100
Subject: [PATCH 07/10] Run as root user

---
 templates/mariadb_backup/listusers.erb.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/mariadb_backup/listusers.erb.sh b/templates/mariadb_backup/listusers.erb.sh
index ec8d794..ad519da 100644
--- a/templates/mariadb_backup/listusers.erb.sh
+++ b/templates/mariadb_backup/listusers.erb.sh
@@ -13,7 +13,7 @@ dexec="docker exec ${container}"
 
 password=$(${dexec} env | grep MYSQL_ROOT_PASSWORD | awk -F '=' '{print $2}')
 
-mysql="${dexec} mysql -p${password}"
+mysql="${dexec} mysql -p${password} -u root"
 
 if [[ "$(${mysql} -NB -e 'select exists(select * from information_schema.TABLES where TABLE_SCHEMA = "nextcloud" and TABLE_NAME = "oc_global_scale_users")')" == "1" ]]
 then

From 38cd097f71f586bc67d663f31629451903dc4b6a Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 20 Jan 2025 09:00:14 +0100
Subject: [PATCH 08/10] Only run this on monitor hosts, as it takes a long time

---
 facts.d/nc_versions.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/facts.d/nc_versions.sh b/facts.d/nc_versions.sh
index 38ce14f..f466f89 100755
--- a/facts.d/nc_versions.sh
+++ b/facts.d/nc_versions.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+if ! [[ $(hostname) =~ monitor ]]; then
+  exit 0
+fi
+
 repo="/var/cache/cosmos/repo"
 common="${repo}/global/overlay/etc/hiera/data/common.yaml"
 

From 2625269abae567fed2be02b3cce0f1e009586f37 Mon Sep 17 00:00:00 2001
From: Lars Delhage <lasse@nohup.se>
Date: Mon, 20 Jan 2025 11:53:25 +0100
Subject: [PATCH 09/10] Remove recursive for mysql db dir

---
 manifests/db_type.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/db_type.pp b/manifests/db_type.pp
index 440a3e9..23e4660 100644
--- a/manifests/db_type.pp
+++ b/manifests/db_type.pp
@@ -18,7 +18,7 @@ define sunetdrive::db_type(
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
-  ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
+  ensure_resource('file',$mariadb_dir, { ensure => directory } )
   $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
   $dirs.each |$dir| {
     ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )

From def0a0a77b3193588629426dc08048b5468f6e16 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 3 Feb 2025 15:00:28 +0100
Subject: [PATCH 10/10] Allow more inc backups

---
 templates/script/check_backup.erb.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/script/check_backup.erb.sh b/templates/script/check_backup.erb.sh
index 6dd31f0..e54a2fe 100644
--- a/templates/script/check_backup.erb.sh
+++ b/templates/script/check_backup.erb.sh
@@ -20,7 +20,7 @@ for project in $(ls ${data_dir}); do
     if [[ "${issixmonths}" == "true" ]]; then
       number_of_full_to_keep=6
     fi
-    max_num_inc=$((32 * number_of_full_to_keep))
+    max_num_inc=$((50 * number_of_full_to_keep))
     max_num_full=$((2 * number_of_full_to_keep))
     
 		tabular_data=$(cat "${data_dir}/${project}/${bucket}.dat")