From 45989b8d3d6763a2fa93ee95afaf58a0c12b30ad Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 11 Dec 2024 09:28:08 +0100
Subject: [PATCH 01/45] Use new uptime check

---
 manifests/nrpe.pp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp
index 44ba586..c9aac3b 100644
--- a/manifests/nrpe.pp
+++ b/manifests/nrpe.pp
@@ -5,6 +5,8 @@ class sunetdrive::nrpe(
   $loadc           = '30,25,20',
   $procsw          = 150,
   $procsc          = 200,
+  $uptimew         = 30,
+  $uptimec         = 50,
 ) {
 
   require apt
@@ -76,4 +78,8 @@ class sunetdrive::nrpe(
   sunet::nagios::nrpe_command {'check_mysql_server_status':
     command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status'
   }
+  sunet::nagios::nrpe_check_uptime { 'check_uptime':
+    uptimew => $uptimew,
+    uptimec => $uptimec,
+  }
 }

From 04e4592f4ca8bc9a65f63855e6b904946c873dac Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 11 Dec 2024 09:38:52 +0100
Subject: [PATCH 02/45] Revert "Use new uptime check"

This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd.
---
 manifests/nrpe.pp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp
index c9aac3b..44ba586 100644
--- a/manifests/nrpe.pp
+++ b/manifests/nrpe.pp
@@ -5,8 +5,6 @@ class sunetdrive::nrpe(
   $loadc           = '30,25,20',
   $procsw          = 150,
   $procsc          = 200,
-  $uptimew         = 30,
-  $uptimec         = 50,
 ) {
 
   require apt
@@ -78,8 +76,4 @@ class sunetdrive::nrpe(
   sunet::nagios::nrpe_command {'check_mysql_server_status':
     command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status'
   }
-  sunet::nagios::nrpe_check_uptime { 'check_uptime':
-    uptimew => $uptimew,
-    uptimec => $uptimec,
-  }
 }

From 8927f194d9b19b67c3354cd49feb95d3228497ee Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 24 Dec 2024 09:35:53 +0100
Subject: [PATCH 03/45] Proxysql no longer has external network

---
 templates/multinode/docker-compose_nextcloud.yml.erb | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb
index b536672..11898c1 100644
--- a/templates/multinode/docker-compose_nextcloud.yml.erb
+++ b/templates/multinode/docker-compose_nextcloud.yml.erb
@@ -18,7 +18,6 @@ services:
 
     networks:
       - default
-      - proxysql_proxysql
     dns:
       - 89.46.20.75
       - 89.46.21.29
@@ -27,7 +26,3 @@ services:
       - <%= @https_port %>:443
     command: sh -c 'tail -F  /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND'
     tty: true
-
-networks:
-  proxysql_proxysql:
-    external: true

From 5a04dcdd0f1c823385ac36dbbbdaa17ada072ffc Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 24 Dec 2024 10:39:15 +0100
Subject: [PATCH 04/45] Add back proxysql networ

---
 templates/multinode/docker-compose_nextcloud.yml.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb
index 11898c1..b536672 100644
--- a/templates/multinode/docker-compose_nextcloud.yml.erb
+++ b/templates/multinode/docker-compose_nextcloud.yml.erb
@@ -18,6 +18,7 @@ services:
 
     networks:
       - default
+      - proxysql_proxysql
     dns:
       - 89.46.20.75
       - 89.46.21.29
@@ -26,3 +27,7 @@ services:
       - <%= @https_port %>:443
     command: sh -c 'tail -F  /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND'
     tty: true
+
+networks:
+  proxysql_proxysql:
+    external: true

From ee6887bfebb7bc9558ea4e5a948aa9cce949d27e Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 24 Dec 2024 15:56:32 +0100
Subject: [PATCH 05/45] Fix redis name

---
 manifests/multinode.pp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index 8934343..16168b4 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -274,7 +274,12 @@ MACAddressPolicy=none'
     $rclone_conf_path = "/opt/multinode/${customer}/rclone.conf"
     $redis_conf_dir = "/opt/multinode/${customer}/server"
     $redis_conf_path = "${redis_conf_dir}/redis.conf"
-    $redis_host= "redis-${customer}_redis-server_1"
+    if $::facts['sunet_nftables_enabled'] == 'yes' {
+      $redis_host= "redis-${customer}-redis-server_1"
+    } else {
+      $redis_host= "redis-${customer}_redis-server_1"
+    }
+
     $s3_host = $customer_config['s3_host']
     $s3_usepath = hiera('s3_usepath')
     $smtpuser = hiera("smtp_user_${environment}")

From 8057a2fa22cf06d844c99ffd923c0188f7142f6f Mon Sep 17 00:00:00 2001
From: Rikard Danielsson <richir@sunet.se>
Date: Tue, 14 Jan 2025 11:08:48 +0100
Subject: [PATCH 06/45] convert config to use newer docker_compose class

---
 manifests/satosa.pp                     | 31 ++++++++++++-------------
 templates/satosa/docker-compose.yml.erb | 25 ++++++++++++++++++++
 2 files changed, 40 insertions(+), 16 deletions(-)
 create mode 100644 templates/satosa/docker-compose.yml.erb

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 10f6c1f..8e72497 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -29,13 +29,22 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
         }
     }
   }
+  $dehydrated_status = $dehydrated_name ? {
+    undef   => 'absent',
+    default => 'present'
+  }
+  sunet::docker_run {'alwayshttps':
+    ensure => 'absent'
+  }
   sunet::docker_run {'satosa':
-    image    => $image,
-    imagetag => $tag,
-    dns      => ['89.32.32.32'],
-    volumes  => ['/etc/satosa:/etc/satosa','/etc/dehydrated:/etc/dehydrated'],
-    ports    => ['443:8000'],
-    env      => ['METADATA_DIR=/etc/satosa/metadata', 'WORKER_TIMEOUT=120']
+    ensure => 'absent'
+  }
+  sunet::docker_compose { 'satosa':
+    content          => template('satosa/docker-compose.yml.erb'),
+    service_name     => 'satosa',
+    compose_dir      => '/opt/',
+    compose_filename => 'docker-compose.yml',
+    description      => 'Satosa',
   }
   file {'/etc/satosa/proxy_conf.yaml':
     content => inline_template("<%= @merged_conf.to_yaml %>\n"),
@@ -54,16 +63,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     from => 'any',
     port => '443'
   }
-  $dehydrated_status = $dehydrated_name ? {
-    undef   => 'absent',
-    default => 'present'
-  }
-  sunet::docker_run {'alwayshttps':
-    ensure => $dehydrated_status,
-    image  => 'docker.sunet.se/always-https',
-    ports  => ['80:80'],
-    env    => ['ACME_URL=http://acme-c.sunet.se']
-  }
   sunet::misc::ufw_allow { 'satosa-allow-http':
     ensure => $dehydrated_status,
     from   => 'any',
diff --git a/templates/satosa/docker-compose.yml.erb b/templates/satosa/docker-compose.yml.erb
new file mode 100644
index 0000000..4a237f2
--- /dev/null
+++ b/templates/satosa/docker-compose.yml.erb
@@ -0,0 +1,25 @@
+services:
+  satosa:
+    environment:
+      - "METADATA_DIR=/etc/satosa/metadata"
+      - "WORKER_TIMEOUT=120"
+    dns:
+      - "89.32.32.32"
+    image: "<%= @image %><% if @tag %>:<%= @tag %><% end %>"
+    pull_policy: "always"
+    ports:
+      - "443:8000"
+    volumes:
+      - "/etc/satosa:/etc/satosa"
+      - "/etc/dehydrated:/etc/dehydrated"
+<% if @dehydrated_status == "present" -%>
+  alwayshttps:
+    environment:
+      - "ACME_URL=http://acme-c.sunet.se"
+    dns:
+      - "89.32.32.32"
+    image: "docker.sunet.se/always-https"
+    pull_policy: "always"
+    ports:
+      - "80:80"
+<% end -%>

From 4201f18ce6eed0d738f53c8647cda71126ca2b0c Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:36:12 +0100
Subject: [PATCH 07/45] Fix path

---
 manifests/satosa.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 8e72497..404a398 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -40,7 +40,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     ensure => 'absent'
   }
   sunet::docker_compose { 'satosa':
-    content          => template('satosa/docker-compose.yml.erb'),
+    content          => template('sunetdrive/satosa/docker-compose.yml.erb'),
     service_name     => 'satosa',
     compose_dir      => '/opt/',
     compose_filename => 'docker-compose.yml',

From 45a44789a457a95515bef995f9586d8488bafff3 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:43:52 +0100
Subject: [PATCH 08/45] add back image

---
 manifests/satosa.pp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 404a398..9832a90 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -34,10 +34,12 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     default => 'present'
   }
   sunet::docker_run {'alwayshttps':
-    ensure => 'absent'
+    ensure => 'absent',
+    image  => 'docker.sunet.se/always-https',
   }
   sunet::docker_run {'satosa':
-    ensure => 'absent'
+    ensure => 'absent',
+    image  => $image,
   }
   sunet::docker_compose { 'satosa':
     content          => template('sunetdrive/satosa/docker-compose.yml.erb'),

From 9794b03d444496012bccacc2878840696f794c42 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:49:18 +0100
Subject: [PATCH 09/45] Can not redeclare class

---
 manifests/satosa.pp | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 9832a90..76b1a14 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -33,13 +33,8 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     undef   => 'absent',
     default => 'present'
   }
-  sunet::docker_run {'alwayshttps':
+  file {'/opt/docker_run':
     ensure => 'absent',
-    image  => 'docker.sunet.se/always-https',
-  }
-  sunet::docker_run {'satosa':
-    ensure => 'absent',
-    image  => $image,
   }
   sunet::docker_compose { 'satosa':
     content          => template('sunetdrive/satosa/docker-compose.yml.erb'),

From d4d998cf81b7518c34a14a5a8982031d20b769a7 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:53:25 +0100
Subject: [PATCH 10/45] Fix notify

---
 manifests/satosa.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 76b1a14..023937b 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -45,7 +45,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
   }
   file {'/etc/satosa/proxy_conf.yaml':
     content => inline_template("<%= @merged_conf.to_yaml %>\n"),
-    notify  => Sunet::Docker_run['satosa']
+    notify  => Sunet::Docker_compose['satosa']
   }
   $plugins = hiera('satosa_config')
   sort(keys($plugins)).each |$n| {

From 4afec74a346919df8c9ae1fb853d937493bc6150 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 12:58:16 +0100
Subject: [PATCH 11/45] one more

---
 manifests/satosa.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 023937b..0fcc34f 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -53,7 +53,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     $fn = $plugins[$n]
     file { $fn:
       content => inline_template("<%= @conf.to_yaml %>\n"),
-      notify  => Sunet::Docker_run['satosa']
+      notify  => Sunet::Docker_compose['satosa']
     }
   }
   sunet::misc::ufw_allow { 'satosa-allow-https':

From ace56103fcb4b885f02ea524cb4154afc8e1a052 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 14 Jan 2025 13:00:59 +0100
Subject: [PATCH 12/45] duplicate

---
 manifests/satosa.pp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/manifests/satosa.pp b/manifests/satosa.pp
index 0fcc34f..3524f87 100644
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@@ -74,12 +74,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
       cert_file => '/etc/satosa/https.crt'
     }
   }
-  file { '/opt/satosa':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0755',
-  }
   -> file { '/opt/satosa/restart.sh':
     ensure  => file,
     owner   => 'root',

From 62670483c1e1ea21bbac80ab56eb7033f42c142b Mon Sep 17 00:00:00 2001
From: Rasmus Thorslund <thorslund@sunet.se>
Date: Tue, 14 Jan 2025 16:07:18 +0100
Subject: [PATCH 13/45] changed nft rules for proxysql

---
 manifests/proxysql.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp
index c75edeb..57298db 100644
--- a/manifests/proxysql.pp
+++ b/manifests/proxysql.pp
@@ -79,7 +79,7 @@ class sunetdrive::proxysql (
       iif           => 'ens3',
     }
     sunet::nftables::docker_expose { 'proxysql':
-      allow_clients => ['any'],
+      allow_clients => $nextcloud_ip,
       port          => 6032,
       iif           => 'ens3',
     }

From 8ee75b06015075c4b6e7645aa9e68e30c8bd4cc6 Mon Sep 17 00:00:00 2001
From: Rasmus Thorslund <thorslund@sunet.se>
Date: Tue, 14 Jan 2025 16:30:00 +0100
Subject: [PATCH 14/45] changed nft rules for proxysql - ipv6

---
 manifests/proxysql.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp
index 57298db..93e16bc 100644
--- a/manifests/proxysql.pp
+++ b/manifests/proxysql.pp
@@ -12,6 +12,8 @@ class sunetdrive::proxysql (
   $config = hiera_hash($environment)
   $db_ip = $config['db']
   $nextcloud_ip = $config['app']
+  $nextcloud_ipv6 = $config['app_v6']
+  $nextcloud_ip_all = $nextcloud_ip + $nextcloud_ipv6
   $proxysql_ok_num = length($nextcloud_ip)
   $proxysql_warn_num = $proxysql_ok_num - 1
 
@@ -79,7 +81,7 @@ class sunetdrive::proxysql (
       iif           => 'ens3',
     }
     sunet::nftables::docker_expose { 'proxysql':
-      allow_clients => $nextcloud_ip,
+      allow_clients => $nextcloud_ip_all,
       port          => 6032,
       iif           => 'ens3',
     }

From 5f0c24865f27adb19e8ec66290140e5bb48314e7 Mon Sep 17 00:00:00 2001
From: Rikard Danielsson <richir@sunet.se>
Date: Tue, 17 Dec 2024 08:47:33 +0100
Subject: [PATCH 15/45] added ability to set trashbin_retention_obligation and
 versions_retention_obligation in config.php

---
 manifests/app_type.pp                | 5 +++++
 templates/application/config.php.erb | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 5e8f6a2..3ef7a6c 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -88,9 +88,14 @@ define sunetdrive::app_type (
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
   $drive_email_template_url_left = $config['drive_email_template_url_left']
+  $full_backup_retention = hiera('full_backup_retention')
   $lb_servers = hiera_hash($environment)['lb_servers']
   $document_servers = hiera_hash($environment)['document_servers']
 
+  # Calculate some values
+  $expiration_days_min = $full_backup_retention * 31
+  $expiration_days_max = $full_backup_retention * 31 + 93
+
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }
 
diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb
index ec36ad8..23080bc 100644
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@@ -192,6 +192,9 @@ $CONFIG = array (
   'secret' => '<%= @secret %>',
   'skeletondirectory' => '<%= @skeletondirectory %>',
   'templatedirectory' => '',
+<% if @environment == 'test' -%>
+  'trashbin_retention_obligation' => 'auto, 30',
+<% end -%>
   'trusted_domains' =>
     array (
     <%- index = 0 -%>
@@ -234,4 +237,7 @@ $CONFIG = array (
     ),
   'updatechecker' => false,
   'version' => '<%= @nextcloud_version_string %>',
+<% if @environment == 'test' -%>
+  'versions_retention_obligation' => '<%= @expiration_days_min %>,<%= @expiration_days_max %>',
+<% end -%>
 );

From a91bb853137a15a5d60c7cfae2ea62c069334906 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 16/45] Add full_backup_retention

---
 manifests/multinode.pp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f1f5987..3913f46 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -291,6 +291,11 @@ MACAddressPolicy=none'
     if $customer_config['twofactor_enforced_excluded_groups'] {
     $twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups']
     }
+    if $customer_config['full_backup_retention'] {
+      $full_backup_retention = $customer_config['full_backup_retention']
+    } else {
+      $full_backup_retention = hiera('full_backup_retention')
+    }
 
     # Secrets from local.eyaml
     $admin_password = safe_hiera("${customer}_admin_password")
@@ -315,6 +320,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From dc59842fe8d492123de0d5d965153aed01cd2193 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 17/45] Set expiration for multinode

---
 manifests/app_type.pp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 3ef7a6c..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
@@ -33,6 +34,7 @@ define sunetdrive::app_type (
     $dbhost = 'proxysql_proxysql_1'
     $dbname = 'nextcloud'
     $dbuser = 'nextcloud'
+    $full_backup_retention = hiera('full_backup_retention')
     $instanceid = safe_hiera('instanceid')
     $mysql_user_password = safe_hiera('mysql_user_password')
     $passwordsalt = safe_hiera('passwordsalt')
@@ -88,13 +90,13 @@ define sunetdrive::app_type (
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
   $drive_email_template_url_left = $config['drive_email_template_url_left']
-  $full_backup_retention = hiera('full_backup_retention')
   $lb_servers = hiera_hash($environment)['lb_servers']
   $document_servers = hiera_hash($environment)['document_servers']
 
   # Calculate some values
-  $expiration_days_min = $full_backup_retention * 31
-  $expiration_days_max = $full_backup_retention * 31 + 93
+  $expiration_months = max(12, $full_backup_retention)
+  $expiration_days_min = $expiration_months * 31
+  $expiration_days_max = $expiration_months * 31 + 93
 
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }

From 5b68f26771378fce177adcf5cae6fc3cacee5d58 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 18/45] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp                | 1 -
 manifests/multinode.pp               | 5 ++++-
 templates/application/config.php.erb | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index 3913f46..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -296,6 +296,10 @@ MACAddressPolicy=none'
     } else {
       $full_backup_retention = hiera('full_backup_retention')
     }
+    # Calculate some values
+    $expiration_months = max(12, $full_backup_retention)
+    $expiration_days_min = $expiration_months * 31
+    $expiration_days_max = $expiration_months * 31 + 93
 
     # Secrets from local.eyaml
     $admin_password = safe_hiera("${customer}_admin_password")
@@ -320,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,
diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb
index 23080bc..cb30831 100644
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@@ -238,6 +238,6 @@ $CONFIG = array (
   'updatechecker' => false,
   'version' => '<%= @nextcloud_version_string %>',
 <% if @environment == 'test' -%>
-  'versions_retention_obligation' => '<%= @expiration_days_min %>,<%= @expiration_days_max %>',
+  'versions_retention_obligation' => '<%= @expiration_days_min %>, <%= @expiration_days_max %>',
 <% end -%>
 );

From 84fc07cffebd1e3a4deadb6d876b5bbdae16f4b6 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 19/45] Add full_backup_retention

---
 manifests/multinode.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f973dc9..fb47699 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,6 +324,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From d24fa2326291c09f189abb19aadf7879e33aa9b9 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 20/45] Set expiration for multinode

---
 manifests/app_type.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7e52592..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]

From 8dd5534b0f7e7049dc52ce6577065f9f171a210b Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 21/45] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp  | 1 -
 manifests/multinode.pp | 1 -
 2 files changed, 2 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index fb47699..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From efd05971b1c959dcc0d70fad0077cc4c863bbc5e Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 15:16:33 +0100
Subject: [PATCH 22/45] SATOSA: Always have alwayshttps

---
 templates/satosa/docker-compose.yml.erb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/templates/satosa/docker-compose.yml.erb b/templates/satosa/docker-compose.yml.erb
index 4a237f2..8728a6b 100644
--- a/templates/satosa/docker-compose.yml.erb
+++ b/templates/satosa/docker-compose.yml.erb
@@ -12,7 +12,6 @@ services:
     volumes:
       - "/etc/satosa:/etc/satosa"
       - "/etc/dehydrated:/etc/dehydrated"
-<% if @dehydrated_status == "present" -%>
   alwayshttps:
     environment:
       - "ACME_URL=http://acme-c.sunet.se"
@@ -22,4 +21,3 @@ services:
     pull_policy: "always"
     ports:
       - "80:80"
-<% end -%>

From d67cc243180733c71fe14ec6892bf3158e961b2f Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 23/45] Add full_backup_retention

---
 manifests/multinode.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f973dc9..fb47699 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,6 +324,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From b2d3b80f37d1a6e4d2185422d848e3302a265fa5 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 24/45] Set expiration for multinode

---
 manifests/app_type.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7e52592..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]

From 9425d5671678526a043896f2ec47fa5aae3f643a Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 25/45] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp  | 1 -
 manifests/multinode.pp | 1 -
 2 files changed, 2 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index fb47699..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From c9bdb766eb8ff7054544fab9e871e2606a4b29b2 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 20 Jan 2025 08:45:55 +0100
Subject: [PATCH 26/45] Run as root user

---
 templates/mariadb_backup/listusers.erb.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/mariadb_backup/listusers.erb.sh b/templates/mariadb_backup/listusers.erb.sh
index ec8d794..ad519da 100644
--- a/templates/mariadb_backup/listusers.erb.sh
+++ b/templates/mariadb_backup/listusers.erb.sh
@@ -13,7 +13,7 @@ dexec="docker exec ${container}"
 
 password=$(${dexec} env | grep MYSQL_ROOT_PASSWORD | awk -F '=' '{print $2}')
 
-mysql="${dexec} mysql -p${password}"
+mysql="${dexec} mysql -p${password} -u root"
 
 if [[ "$(${mysql} -NB -e 'select exists(select * from information_schema.TABLES where TABLE_SCHEMA = "nextcloud" and TABLE_NAME = "oc_global_scale_users")')" == "1" ]]
 then

From 02578640a960a677962f8a1ce352652f87d3d487 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 27/45] Add full_backup_retention

---
 manifests/multinode.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f973dc9..fb47699 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,6 +324,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From e57349f0110409255df77ddf7b44eccaba8caae3 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 28/45] Set expiration for multinode

---
 manifests/app_type.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7e52592..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]

From 9596f9d2105053946e642bbfdc5c0e97c95f3a7e Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 29/45] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp  | 1 -
 manifests/multinode.pp | 1 -
 2 files changed, 2 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index fb47699..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From c11e95f5fe71101d7fd238b6d35a26751d7f6f87 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 20 Jan 2025 09:00:14 +0100
Subject: [PATCH 30/45] Only run this on monitor hosts, as it takes a long time

---
 facts.d/nc_versions.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/facts.d/nc_versions.sh b/facts.d/nc_versions.sh
index 38ce14f..f466f89 100755
--- a/facts.d/nc_versions.sh
+++ b/facts.d/nc_versions.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+if ! [[ $(hostname) =~ monitor ]]; then
+  exit 0
+fi
+
 repo="/var/cache/cosmos/repo"
 common="${repo}/global/overlay/etc/hiera/data/common.yaml"
 

From d8918742027ae877be05c3945a8fac4808f92bec Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:41:12 +0100
Subject: [PATCH 31/45] Add full_backup_retention

---
 manifests/multinode.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f973dc9..fb47699 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,6 +324,7 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
+      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From 26ee034887a306f7d60fdc8f80eef14954fa2005 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 12:47:16 +0100
Subject: [PATCH 32/45] Set expiration for multinode

---
 manifests/app_type.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7e52592..7738499 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,6 +18,7 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
+    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]

From 78bc2b3f7e1232f55b3fe46570fc46a083fb73d1 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 16 Jan 2025 13:14:37 +0100
Subject: [PATCH 33/45] Multinode: Double book keeping

Unfortunatly we must do the same calcultions for multinode
---
 manifests/app_type.pp  | 1 -
 manifests/multinode.pp | 1 -
 2 files changed, 2 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 7738499..7e52592 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -18,7 +18,6 @@ define sunetdrive::app_type (
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
-    $full_backup_retention = $config[ 'full_backup_retention' ]
     $instanceid = $config[ 'instanceid' ]
     $mysql_user_password = $config[ 'mysql_user_password' ]
     $passwordsalt = $config[ 'passwordsalt' ]
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index fb47699..f973dc9 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -324,7 +324,6 @@ MACAddressPolicy=none'
       drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
       drive_email_template_text_left       => hiera($environment)['drive_email_template_text_left'],
       drive_email_template_url_left        => hiera($environment)['drive_email_template_url_left'],
-      full_backup_retention                => $full_backup_retention,
       mariadb_dir                          => "/opt/multinode/${customer}/mariadb-${customer}",
       mycnf_path                           => 'sunetdrive/multinode/my.cnf.erb',
       mysql_root_password                  => $mysql_root_password,

From 98158e1be5418b9260a86ba5caeda5a2048dc19b Mon Sep 17 00:00:00 2001
From: Lars Delhage <lasse@nohup.se>
Date: Mon, 20 Jan 2025 11:53:25 +0100
Subject: [PATCH 34/45] Remove recursive for mysql db dir

---
 manifests/db_type.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/db_type.pp b/manifests/db_type.pp
index 440a3e9..23e4660 100644
--- a/manifests/db_type.pp
+++ b/manifests/db_type.pp
@@ -18,7 +18,7 @@ define sunetdrive::db_type(
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
-  ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
+  ensure_resource('file',$mariadb_dir, { ensure => directory } )
   $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
   $dirs.each |$dir| {
     ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )

From 74343d15ef634df5d4f781b0d8cb83c00460ab11 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 3 Feb 2025 15:10:28 +0100
Subject: [PATCH 35/45] Allow long running check for scriptherder

---
 manifests/sitemonitornaemon.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp
index e0abcd4..82f2406 100644
--- a/manifests/sitemonitornaemon.pp
+++ b/manifests/sitemonitornaemon.pp
@@ -47,7 +47,7 @@ class sunetdrive::sitemonitornaemon() {
   }
   nagioscfg::service {'check_scriptherder':
     hostgroup_name => ['sunetdrive::nrpe'],
-    check_command  => 'check_nrpe_1arg_to30!check_scriptherder',
+    check_command  => 'check_nrpe_1arg_to300!check_scriptherder',
     description    => 'Scriptherder Status',
     contact_groups => ['naemon-admins'],
   }

From 96632b111bad59df8106a6ac9543b27be3057e4d Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 10 Feb 2025 10:25:36 +0100
Subject: [PATCH 36/45] Containers changed names

---
 manifests/multinode.pp                                       | 4 ++--
 manifests/script.pp                                          | 2 +-
 templates/script/create_folders_in_singlenode_buckets.erb.sh | 2 +-
 templates/script/listusers.erb.sh                            | 2 +-
 templates/scriptreceiver/create_bucket.erb.sh                | 4 ++--
 templates/scriptreceiver/list_files_for_user.erb.sh          | 2 +-
 templates/scriptreceiver/list_users.erb.sh                   | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index f973dc9..5c4dff0 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -213,7 +213,7 @@ MACAddressPolicy=none'
   }
 #  if $nodenumber == '2' {
 #    cron { 'add_back_bucket_for_karin_nordgren':
-#      command => '(/usr/local/bin/occ nextcloud-kmh_app_1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh_app_1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
+#      command => '(/usr/local/bin/occ nextcloud-kmh-app-1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh-app-1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
 #      user    => 'root',
 #      minute  =>  '*/10',
 #    }
@@ -222,7 +222,7 @@ MACAddressPolicy=none'
     $customer_config_full = hiera_hash($customer)
     $customer_config = $customer_config_full[$environment]
     cron { "multinode_cron_${customer}":
-      command => "/opt/nextcloud/cron.sh nextcloud-${customer}_app_1",
+      command => "/opt/nextcloud/cron.sh nextcloud-${customer}-app-1",
       require => File['/opt/nextcloud/cron.sh'],
       user    => 'root',
       minute  =>  '*/10',
diff --git a/manifests/script.pp b/manifests/script.pp
index daa22bc..56a910d 100644
--- a/manifests/script.pp
+++ b/manifests/script.pp
@@ -388,7 +388,7 @@ class sunetdrive::script (
     $singlenodes.each | $singlenode| {
       $multinode = hiera_hash('multinode_mapping')[$singlenode]['server']
       $multinodeserver = "${multinode}.${site_name}"
-      $nccontainer = "nextcloud-${singlenode}_app_1"
+      $nccontainer = "nextcloud-${singlenode}-app-1"
 
       sunet::scriptherder::cronjob { "backup${singlenode}db":
         ensure => absent,
diff --git a/templates/script/create_folders_in_singlenode_buckets.erb.sh b/templates/script/create_folders_in_singlenode_buckets.erb.sh
index 27e1fb7..904ab58 100644
--- a/templates/script/create_folders_in_singlenode_buckets.erb.sh
+++ b/templates/script/create_folders_in_singlenode_buckets.erb.sh
@@ -5,7 +5,7 @@ shift
 include_userbuckets="${1}"
 shift
 environment="<%= @environment %>"
-container="nextcloud-${customer}_app_1"
+container="nextcloud-${customer}-app-1"
 
 yq="/usr/local/bin/yq"
 if ! [[ -x ${yq} ]]; then
diff --git a/templates/script/listusers.erb.sh b/templates/script/listusers.erb.sh
index c261e31..d065ee1 100644
--- a/templates/script/listusers.erb.sh
+++ b/templates/script/listusers.erb.sh
@@ -4,7 +4,7 @@ customer="${1}"
 multinode="${2}" 
 environment="<%= @environment %>"
 location="${customer}-${environment}"
-userjson=$(ssh "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}_app_1") 
+userjson=$(ssh "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}-app-1") 
 project="statistics"
 bucket="drive-server-coms"
 base_dir="${project}:${bucket}"
diff --git a/templates/scriptreceiver/create_bucket.erb.sh b/templates/scriptreceiver/create_bucket.erb.sh
index b5b970a..c18c0b5 100755
--- a/templates/scriptreceiver/create_bucket.erb.sh
+++ b/templates/scriptreceiver/create_bucket.erb.sh
@@ -11,7 +11,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	usage
 fi
 if ! [[ ${bucket} =~ ^[a-zA-Z0-9]+ ]]; then
@@ -26,7 +26,7 @@ echo "$(date): Start executing create_bucket.sh ${1} ${2} ${3}"
 
 rclone_config="/opt/nextcloud/rclone.conf"
 if [[ "${container}" != "nextcloud_app_1" ]]; then
-  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/_app_1$//')
+  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/-app-1$//')
   rclone_config="/opt/multinode/${customer}/rclone.conf"
 fi
 
diff --git a/templates/scriptreceiver/list_files_for_user.erb.sh b/templates/scriptreceiver/list_files_for_user.erb.sh
index b6e6214..4e71834 100644
--- a/templates/scriptreceiver/list_files_for_user.erb.sh
+++ b/templates/scriptreceiver/list_files_for_user.erb.sh
@@ -9,7 +9,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	usage
 fi
 
diff --git a/templates/scriptreceiver/list_users.erb.sh b/templates/scriptreceiver/list_users.erb.sh
index f69f3b8..3216870 100644
--- a/templates/scriptreceiver/list_users.erb.sh
+++ b/templates/scriptreceiver/list_users.erb.sh
@@ -2,7 +2,7 @@
 
 container=${1}
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	echo "Usage: ${0} <nextcloud container name>"
 	echo "Example : ${0} nextcloud_app_1"
 	exit 1

From cbb291be478abe9c67065753dc888cce5d10fc55 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 25 Feb 2025 20:18:52 +0100
Subject: [PATCH 37/45] Make sure we know where our backups are located

---
 manifests/script.pp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/manifests/script.pp b/manifests/script.pp
index 56a910d..50de71b 100644
--- a/manifests/script.pp
+++ b/manifests/script.pp
@@ -254,8 +254,11 @@ class sunetdrive::script (
     group   => 'root',
     mode    => '0700',
   }
-  file { '/root/tasks/backupsinglenodedb.sh':
-    ensure  => absent,
+  file_line { 'FIXME_remove_when_s3_migration_done_in_sto3':
+    ensure => 'present',
+    line   => '37.156.195.53 s3.sto3.safedc.net',
+    path   => '/etc/hosts',
+    match  => '^37.156.195.53',
   }
   if $environment == 'test' {
     sunet::scriptherder::cronjob { 'reboot-customer':

From b3c42225e1500580a913a642e74e49b63b3c87e4 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 25 Feb 2025 11:49:09 +0100
Subject: [PATCH 38/45] Remove lookup related manifests and config

---
 functions/get_customer.pp                     |  2 -
 manifests/app_type.pp                         |  1 -
 manifests/db_type.pp                          |  6 +-
 manifests/infra_script.pp                     |  4 +-
 manifests/lookup.pp                           | 47 --------------
 manifests/multinode.pp                        |  1 -
 manifests/script.pp                           |  8 +--
 templates/lookup/config.php.erb               | 29 ---------
 .../lookup/docker-compose_lookup.yml.erb      | 17 -----
 templates/mariadb/05-lookup.sql.erb           | 62 -------------------
 templates/monitor/sunetdrive_sites.cfg.erb    | 27 --------
 templates/script/restart-db-cluster.erb       |  6 +-
 12 files changed, 9 insertions(+), 201 deletions(-)
 delete mode 100644 manifests/lookup.pp
 delete mode 100644 templates/lookup/config.php.erb
 delete mode 100644 templates/lookup/docker-compose_lookup.yml.erb
 delete mode 100644 templates/mariadb/05-lookup.sql.erb

diff --git a/functions/get_customer.pp b/functions/get_customer.pp
index ab67f9f..c1d9964 100644
--- a/functions/get_customer.pp
+++ b/functions/get_customer.pp
@@ -4,8 +4,6 @@ function sunetdrive::get_customer() >> String {
   if $hostnameparts[1] ==  'drive' {
       if $hostnameparts[0] =~ /^gss/ {
         return 'gss'
-      } elsif $hostnameparts[0] =~ /^lookup/ {
-        return 'lookup'
       } else {
         return 'common'
       }
diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index d8096b1..e86aa86 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -74,7 +74,6 @@ define sunetdrive::app_type (
   $gs_federation = hiera('gs_federation')
   $gss_master_admin = hiera_array('gss_master_admin')
   $gss_master_url = hiera("gss_master_url_${environment}")
-  $lookup_server = hiera("lookup_server_${environment}")
   $mail_domain = hiera("mail_domain_${environment}")
   $mail_smtphost = hiera("mail_smtphost_${environment}")
   $mail_from_address = hiera("mail_from_address_${environment}")
diff --git a/manifests/db_type.pp b/manifests/db_type.pp
index 23e4660..376334b 100644
--- a/manifests/db_type.pp
+++ b/manifests/db_type.pp
@@ -46,11 +46,7 @@ define sunetdrive::db_type(
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
 
 
-  if $location =~ /^lookup/ {
-    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql']
-  } else {
-    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
-  }
+  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
   $sql_files.each |$sql_file|{
     file { "${mariadb_dir}/init/${sql_file}":
       ensure  => present,
diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp
index be78e19..818cf1a 100644
--- a/manifests/infra_script.pp
+++ b/manifests/infra_script.pp
@@ -7,7 +7,6 @@ class sunetdrive::infra_script (
   $customer = 'common'
   $config = hiera_hash($environment)
   $gss_backup_server  = $config['gss_backup_server']
-  $lookup_backup_server  = $config['lookup_backup_server']
   $ssh_config = "Host *.sunet.se
   User script
   IdentityFile /root/.ssh/id_script"
@@ -66,7 +65,8 @@ class sunetdrive::infra_script (
     warn_criteria => ['exit_status=1','max_age=3d'],
   }
   sunet::scriptherder::cronjob { 'backuplookupdb':
-    cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
+    ensure        => 'absent',
+    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],
diff --git a/manifests/lookup.pp b/manifests/lookup.pp
deleted file mode 100644
index 30994b8..0000000
--- a/manifests/lookup.pp
+++ /dev/null
@@ -1,47 +0,0 @@
-#Class for SUNET-Drive-Lookup-Server
-class sunetdrive::lookup (
-  $bootstrap = undef,
-  $location  = undef
-) {
-
-  $environment = sunetdrive::get_environment()
-  $config = lookup($environment, undef, undef, undef)
-
-  $public_url = "https://${config['site_name']}"
-
-
-  # Firewall settings
-  $nextcloud_ip = hiera_array("${location}_app", [])
-  $tug_office = hiera_array('tug_office')
-
-  $dbhost = '127.0.0.1'
-  $gss_jwt_key = safe_hiera('gss_jwt_key')
-  $replication_auth = safe_hiera('replication_auth')
-  $mysql_user_password = safe_hiera('mysql_user_password')
-  $lookup_version = hiera("lookup_version_${environment}")
-  $email_sender = $config['email_sender']
-
-  #Create users
-  user { 'www-data': ensure => present, system => true }
-
-  file { '/opt/lookup/config.php':
-    ensure  => file,
-    owner   => 'www-data',
-    group   => 'root',
-    content => template('sunetdrive/lookup/config.php.erb'),
-    mode    => '0644',
-  }
-
-  sunet::docker_compose { 'drive_lookup_docker_compose':
-    content          => template('sunetdrive/lookup/docker-compose_lookup.yml.erb'),
-    service_name     => 'lookup',
-    compose_dir      => '/opt/',
-    compose_filename => 'docker-compose.yml',
-    description      => 'Lookup server',
-  }
-
-  sunet::misc::ufw_allow { 'https':
-    from => '0.0.0.0/0',
-    port => 443,
-  }
-}
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index ed3def2..1bf9aeb 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -274,7 +274,6 @@ MACAddressPolicy=none'
     $gss_master_admin = hiera_array('gss_master_admin')
     $gss_master_url = hiera("gss_master_url_${environment}")
     $https_port = hiera_hash('multinode_mapping')[$customer]['port']
-    $lookup_server = hiera("lookup_server_${environment}")
     $mail_domain = hiera("mail_domain_${environment}")
     $mail_from_address = hiera("mail_from_address_${environment}")
     $mail_smtphost = hiera("mail_smtphost_${environment}")
diff --git a/manifests/script.pp b/manifests/script.pp
index 50de71b..ef1dc5c 100644
--- a/manifests/script.pp
+++ b/manifests/script.pp
@@ -421,17 +421,17 @@ class sunetdrive::script (
         }
       }
     }
-    $gss_backup_server  = $config['gss_backup_server']
-    $lookup_backup_server  = $config['lookup_backup_server']
     sunet::scriptherder::cronjob { 'backupgssdb':
-      cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
+      ensure        => 'absent',
+      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
       warn_criteria => ['exit_status=1','max_age=3d'],
     }
     sunet::scriptherder::cronjob { 'backuplookupdb':
-      cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
+      ensure        => 'absent',
+      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
diff --git a/templates/lookup/config.php.erb b/templates/lookup/config.php.erb
deleted file mode 100644
index c7f9551..0000000
--- a/templates/lookup/config.php.erb
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-$CONFIG = [
-	'AUTH_KEY' => "<%= @gss_jwt_key %>",
-	'DB' => [
-		'host' => "<%= @dbhost %>",
-		'db' => "lookup" ,
-		'user' => "lookup",
-		'pass' => "<%= @mysql_user_password %>",
-	],
-	'EMAIL_SENDER' => '<%= @email_sender %>',
-	'ERROR_VERBOSE' => false,
-	'GLOBAL_SCALE' => true,
-	'IP_BLACKLIST' => [
-	],
-	'MAX_REQUESTS' => 10000,
-	'MAX_SEARCH_PAGE' => 10,
-	'PUBLIC_URL' => '<%= @public_url %>',
-	'REPLICATION_AUTH' => '<%= @replication_auth %>',
-	'REPLICATION_HOSTS' => [
-	],
-	'SPAM_BLACKLIST' => [
-	],
-	'TWITTER' => [
-		'CONSUMER_KEY' => '',
-		'CONSUMER_SECRET' => '',
-		'ACCESS_TOKEN' => '',
-		'ACCESS_TOKEN_SECRET' => '',
-	],
-];
diff --git a/templates/lookup/docker-compose_lookup.yml.erb b/templates/lookup/docker-compose_lookup.yml.erb
deleted file mode 100644
index 0fbf94d..0000000
--- a/templates/lookup/docker-compose_lookup.yml.erb
+++ /dev/null
@@ -1,17 +0,0 @@
-version: '3.2'
-
-services:
-
-  app:
-    container_name: lookup_app_1
-    image:  docker.sunet.se/drive/nextcloud-lookup:<%= @lookup_version %>
-    restart: always
-    volumes:
-      - /opt/lookup/config.php:/var/www/html/config/config.php
-    network_mode: host
-    dns:
-      - 89.46.20.75
-      - 89.46.21.29
-      - 89.32.32.32
-    command: apachectl -D FOREGROUND
-    tty: true
diff --git a/templates/mariadb/05-lookup.sql.erb b/templates/mariadb/05-lookup.sql.erb
deleted file mode 100644
index 577c0e9..0000000
--- a/templates/mariadb/05-lookup.sql.erb
+++ /dev/null
@@ -1,62 +0,0 @@
-SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
-SET time_zone = "+00:00";
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8mb4 */;
-
-CREATE DATABASE IF NOT EXISTS `lookup` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-USE `lookup`;
-
-CREATE USER 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
-GRANT ALL PRIVILEGES ON lookup.* TO 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
-
-
-DROP TABLE IF EXISTS `emailValidation`;
-CREATE TABLE IF NOT EXISTS `emailValidation` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `storeId` int(11) NOT NULL,
-  `token` varchar(16) COLLATE utf8mb4_unicode_ci NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `token` (`token`),
-  KEY `storeId` (`storeId`)
-) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `store`;
-CREATE TABLE IF NOT EXISTS `store` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `userId` int(11) NOT NULL,
-  `k` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `v` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `valid` tinyint(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`),
-  KEY `key` (`k`(191)),
-  KEY `value` (`v`(191)),
-  KEY `userId` (`userId`)
-) ENGINE=InnoDB AUTO_INCREMENT=51 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `users`;
-CREATE TABLE IF NOT EXISTS `users` (
-  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
-  `federationId` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-  PRIMARY KEY (`id`),
-  KEY `federationId` (`federationId`(191))
-) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `toVerify`;
-CREATE TABLE IF NOT EXISTS `toVerify` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `userId` int(11) NOT NULL,
-  `storeId` int(11) NOT NULL,
-  `property` varchar(512) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `location` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `tries` int(11) NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
diff --git a/templates/monitor/sunetdrive_sites.cfg.erb b/templates/monitor/sunetdrive_sites.cfg.erb
index 7991da6..c9a7772 100644
--- a/templates/monitor/sunetdrive_sites.cfg.erb
+++ b/templates/monitor/sunetdrive_sites.cfg.erb
@@ -131,32 +131,6 @@ define host {
 <% end -%>
   use                 monitor-site
 }
-<% if site.match('lookup') %>
-define service {
-  notes_url             https://<%= site %>
-  action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
-  check_command         check_https
-  check_interval        5
-  check_period          24x7
-<% if @environment == 'prod' %>
-  contacts              slack
-<% else -%>
-  contact_groups        naemon-admins
-<% end -%>
-  host_name             <%= site %>
-  max_check_attempts    3
-  notification_interval 60
-  notification_period   24x7
-  retry_interval        1
-  service_description   HTTPS
-<% if site.match('test') -%>
-  servicegroups         test-sites
-<% else -%>
-  servicegroups         prod-sites
-<% end -%>
-}
-<% end -%>
-<% unless site.match('lookup') %>
 define service {
   notes_url             https://<%= site %>/status.php
   action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
@@ -209,4 +183,3 @@ define service {
 <% end -%>
 }
 <% end -%>
-<% end -%>
diff --git a/templates/script/restart-db-cluster.erb b/templates/script/restart-db-cluster.erb
index 82ac939..3fdcbca 100755
--- a/templates/script/restart-db-cluster.erb
+++ b/templates/script/restart-db-cluster.erb
@@ -67,12 +67,10 @@ def main() -> int:
     reboot_command = ['sudo /usr/local/bin/safer_reboot']
 
     if customers[0] == "common":
-        customers = ["lookup", "multinode"]
+        customers = ["multinode"]
     for customer in customers:
         backup_type = "backup"
-        if customer == "lookup":
-            backup_type = "lookupbackup"
-        elif customer == "multinode":
+        if customer == "multinode":
             backup_command = ['sudo /home/script/bin/backup_multinode_db.sh']
             backup_type = "multinode-db"
 

From 434cd6d1e4fcc018023070250f3f6de12acd9007 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 25 Feb 2025 11:55:43 +0100
Subject: [PATCH 39/45] Remove gss related manifests and config

---
 functions/get_customer.pp                     |  6 +----
 manifests/app_type.pp                         | 27 +------------------
 manifests/infra_script.pp                     |  4 +--
 manifests/multinode.pp                        |  5 ----
 .../docker-compose_nextcloud.yml.erb          |  3 ---
 templates/monitor/sunetdrive_sites.cfg.erb    |  1 -
 templates/script/maintenance.erb.sh           |  2 +-
 7 files changed, 5 insertions(+), 43 deletions(-)

diff --git a/functions/get_customer.pp b/functions/get_customer.pp
index c1d9964..fc162fe 100644
--- a/functions/get_customer.pp
+++ b/functions/get_customer.pp
@@ -2,11 +2,7 @@
 function sunetdrive::get_customer() >> String {
   $hostnameparts = split($facts['networking']['fqdn'],'\.')
   if $hostnameparts[1] ==  'drive' {
-      if $hostnameparts[0] =~ /^gss/ {
-        return 'gss'
-      } else {
-        return 'common'
-      }
+    return 'common'
   } elsif $hostnameparts[0] =~ /idp-proxy/ {
     return 'common'
   }
diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index e86aa86..e791207 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -66,14 +66,11 @@ define sunetdrive::app_type (
 
   # These are encrypted values from local.eyaml
 
-  $gss_jwt_key = safe_hiera('gss_jwt_key')
   $smtppassword = safe_hiera('smtp_password')
 
   #These are global values from common.yaml
   $gs_enabled = hiera('gs_enabled')
   $gs_federation = hiera('gs_federation')
-  $gss_master_admin = hiera_array('gss_master_admin')
-  $gss_master_url = hiera("gss_master_url_${environment}")
   $mail_domain = hiera("mail_domain_${environment}")
   $mail_smtphost = hiera("mail_smtphost_${environment}")
   $mail_from_address = hiera("mail_from_address_${environment}")
@@ -81,9 +78,6 @@ define sunetdrive::app_type (
   $smtpuser = hiera("smtp_user_${environment}")
   $tug_office = hiera_array('tug_office')
 
-  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
-  $gss_mode = hiera('gss_mode')
-
   # These are global values from common.yaml but can be overridden in group.yaml
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
@@ -114,9 +108,6 @@ define sunetdrive::app_type (
     file { '/opt/nextcloud/user-sync.sh':
       ensure  => absent,
     }
-    -> cron { 'gss_user_sync':
-      ensure  => absent,
-    }
     file { '/usr/local/bin/nocc':
       ensure  => present,
       force   => true,
@@ -322,23 +313,7 @@ define sunetdrive::app_type (
       mode    => '0744',
     }
   }
-  if $location =~ /^gss-test/ {
-    file { '/opt/nextcloud/mappingfile.json':
-      ensure  => present,
-      owner   => 'www-data',
-      group   => 'root',
-      content => template('sunetdrive/application/mappingfile-test.json.erb'),
-      mode    => '0644',
-    }
-  } elsif $location =~ /^gss/ {
-    file { '/opt/nextcloud/mappingfile.json':
-      ensure  => present,
-      owner   => 'www-data',
-      group   => 'root',
-      content => template('sunetdrive/application/mappingfile-prod.json.erb'),
-      mode    => '0644',
-    }
-  } elsif $location =~ /^kau/ {
+  if $location =~ /^kau/ {
     file { '/mnt':
       ensure => directory,
       owner  => 'www-data',
diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp
index 818cf1a..55376b6 100644
--- a/manifests/infra_script.pp
+++ b/manifests/infra_script.pp
@@ -6,7 +6,6 @@ class sunetdrive::infra_script (
   $environment = sunetdrive::get_environment()
   $customer = 'common'
   $config = hiera_hash($environment)
-  $gss_backup_server  = $config['gss_backup_server']
   $ssh_config = "Host *.sunet.se
   User script
   IdentityFile /root/.ssh/id_script"
@@ -58,7 +57,8 @@ class sunetdrive::infra_script (
     mode    => '0700',
   }
   sunet::scriptherder::cronjob { 'backupgssdb':
-    cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
+    ensure        => 'absent',
+    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index 1bf9aeb..385b1cd 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -14,8 +14,6 @@ class sunetdrive::multinode (
   $db_ip = hiera_hash($environment)['db']
   $admin_password = hiera('admin_password')
   $cluster_admin_password = hiera('cluster_admin_password')
-  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
-  $gss_mode = hiera('gss_mode')
 
   $twofactor_enforced_groups = []
   $twofactor_enforced_excluded_groups = []
@@ -271,8 +269,6 @@ MACAddressPolicy=none'
 
     $gs_enabled = hiera('gs_enabled')
     $gs_federation = hiera('gs_federation')
-    $gss_master_admin = hiera_array('gss_master_admin')
-    $gss_master_url = hiera("gss_master_url_${environment}")
     $https_port = hiera_hash('multinode_mapping')[$customer]['port']
     $mail_domain = hiera("mail_domain_${environment}")
     $mail_from_address = hiera("mail_from_address_${environment}")
@@ -326,7 +322,6 @@ MACAddressPolicy=none'
     $secret = safe_hiera("${customer}_secret")
     $passwordsalt= safe_hiera("${customer}_passwordsalt")
     $redis_host_password = safe_hiera("${customer}_redis_host_password")
-    $gss_jwt_key = safe_hiera('gss_jwt_key')
     $smtppassword = safe_hiera('smtp_password')
 
     $extra_config = {
diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb
index 6ca5473..8722e40 100644
--- a/templates/application/docker-compose_nextcloud.yml.erb
+++ b/templates/application/docker-compose_nextcloud.yml.erb
@@ -24,9 +24,6 @@ services:
 <%- if @skeletondirectory -%>
       - /opt/nextcloud/skeleton:<%= @skeletondirectory %>
 <%- end -%>
-<%- if @location =~ /^gss/ -%>
-      - /opt/nextcloud/mappingfile.json:/var/www/html/mappingfile.json
-<%- end -%>
 <% if @location =~ /^kau/ -%>
       - /mnt:/opt/tmp/
 <%- end -%>
diff --git a/templates/monitor/sunetdrive_sites.cfg.erb b/templates/monitor/sunetdrive_sites.cfg.erb
index c9a7772..ae293c4 100644
--- a/templates/monitor/sunetdrive_sites.cfg.erb
+++ b/templates/monitor/sunetdrive_sites.cfg.erb
@@ -138,7 +138,6 @@ define service {
   check_interval        5
   check_period          24x7
 <% cur_cust = site.gsub(/\.drive.*/,'') %>
-<% cur_cust = cur_cust.gsub(/drive.*/,'gss') %>
 # 'check_nextcloud' command definition
 <% if @environment == 'prod' and not site.match('test') and @fullnodes.include?(cur_cust) %>
   contacts              slack
diff --git a/templates/script/maintenance.erb.sh b/templates/script/maintenance.erb.sh
index f37cdc7..c57b690 100644
--- a/templates/script/maintenance.erb.sh
+++ b/templates/script/maintenance.erb.sh
@@ -17,7 +17,7 @@ if [[ "${ENVIRONMENT}" == "prod" ]]; then
 fi
 if [[ "${CUSTOMER}" == "common" ]]; then
 	customer=""
-	types="multinode gss"
+	types="multinode"
 fi
 
 domain="${customer}drive.${env}sunet.se"

From d7743499503c9dc846ae4bfe76d3859663838623 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 24 Mar 2025 14:59:54 +0100
Subject: [PATCH 40/45] Disable bruteforce

---
 templates/application/config.php.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb
index 809cd9f..838539c 100644
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@@ -16,6 +16,7 @@ $CONFIG = array (
     ),
   ),
   'appstoreenabled' => false,
+  'auth.bruteforce.protection.enabled' => false;
   'config_is_read_only' => true,
   'csrf.disabled' => true,
   'datadirectory' => '/var/www/html/data',

From 46f1330b5cb27e3d9b470d744478c3bae5a79ace Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 24 Mar 2025 15:06:39 +0100
Subject: [PATCH 41/45] Disable bruteforce

---
 templates/application/config.php.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb
index 838539c..1fba868 100644
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@@ -16,7 +16,7 @@ $CONFIG = array (
     ),
   ),
   'appstoreenabled' => false,
-  'auth.bruteforce.protection.enabled' => false;
+  'auth.bruteforce.protection.enabled' => false,
   'config_is_read_only' => true,
   'csrf.disabled' => true,
   'datadirectory' => '/var/www/html/data',

From 55cc71871ff865cce1582c359d6a8dd3a6374c3a Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 25 Mar 2025 19:01:44 +0100
Subject: [PATCH 42/45] Create dirs

---
 manifests/multinode_db.pp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp
index 1a2a817..491ac07 100644
--- a/manifests/multinode_db.pp
+++ b/manifests/multinode_db.pp
@@ -41,7 +41,10 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0600',
       }
-      file { '/root/tasks/listusersbydep.sh':
+      file { '/root/tasks/':
+        ensure  => directory,
+      }
+      -> file { '/root/tasks/listusersbydep.sh':
         ensure  => file,
         content => template('sunetdrive/mariadb/listusersdep.sh.erb'),
         owner   => 'root',
@@ -55,7 +58,10 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0700',
       }
-      file {'/opt/mariadb/statistics/custdata.json':
+      file {'/opt/mariadb/statistics/':
+        ensure      => directory,
+      }
+      -> file {'/opt/mariadb/statistics/custdata.json':
         ensure      => file,
         content     => template('sunetdrive/mariadb/custconfig.json.erb'),
         owner       => 'root',

From 4b3c189481a9857c21de38813437bc1dfe79ba62 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 26 Mar 2025 12:48:56 +0100
Subject: [PATCH 43/45] Add sql for roundcube

Signed-off-by: Micke Nordin <kano@sunet.se>
---
 manifests/db_type.pp                   | 3 ++-
 templates/mariadb/05-roundcube.sql.erb | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 templates/mariadb/05-roundcube.sql.erb

diff --git a/manifests/db_type.pp b/manifests/db_type.pp
index 71b30e4..d5dabc8 100644
--- a/manifests/db_type.pp
+++ b/manifests/db_type.pp
@@ -15,6 +15,7 @@ define sunetdrive::db_type(
   $backup_password = safe_hiera('backup_password')
   $proxysql_password = safe_hiera('proxysql_password')
   $mysql_user_password = safe_hiera('mysql_user_password')
+  $roundcube_password = safe_hiera('rundcube_password')
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
@@ -46,7 +47,7 @@ define sunetdrive::db_type(
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
 
 
-  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
+  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql', '05-roundcube.sql']
   $sql_files.each |$sql_file|{
     file { "${mariadb_dir}/init/${sql_file}":
       ensure  => present,
diff --git a/templates/mariadb/05-roundcube.sql.erb b/templates/mariadb/05-roundcube.sql.erb
new file mode 100644
index 0000000..4d1c037
--- /dev/null
+++ b/templates/mariadb/05-roundcube.sql.erb
@@ -0,0 +1,8 @@
+CREATE SCHEMA roundcube;
+CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
+GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
+-- USE roundcube;
+-- CREATE TABLE `cache` (  `user_id` int(10) unsigned NOT NULL,  `cache_key` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `expires` datetime DEFAULT NULL,  `data` longtext NOT NULL,  PRIMARY KEY
+-- (`user_id`,`cache_key`),  KEY `expires_index` (`expires`),  CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC
+-- CREATE TABLE `users` (  `user_id` int(10) unsigned NOT NULL AUTO_INCREMENT,  `username` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `mail_host` varchar(128) NOT NULL,  `created` datetime NOT
+-- NULL DEFAULT '1000-01-01 00:00:00',  `last_login` datetime DEFAULT NULL,  `failed_login` datetime DEFAULT NULL,  `failed_login_counter` int(10) unsigned DEFAULT NULL,  `language` varchar(16) DEFAULT NULL,  `preferences` longtext DEFAULT NULL,  PRIMARY KEY (`user_id`),  UNIQUE KEY `username` (`username`,`mail_host`)) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

From b63229092cb13ed0d7b67dd50a774099b032b122 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 26 Mar 2025 12:48:56 +0100
Subject: [PATCH 44/45] Add sql for roundcube

---
 templates/mariadb/05-rundcube.sql.erb | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 templates/mariadb/05-rundcube.sql.erb

diff --git a/templates/mariadb/05-rundcube.sql.erb b/templates/mariadb/05-rundcube.sql.erb
new file mode 100644
index 0000000..4d1c037
--- /dev/null
+++ b/templates/mariadb/05-rundcube.sql.erb
@@ -0,0 +1,8 @@
+CREATE SCHEMA roundcube;
+CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
+GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
+-- USE roundcube;
+-- CREATE TABLE `cache` (  `user_id` int(10) unsigned NOT NULL,  `cache_key` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `expires` datetime DEFAULT NULL,  `data` longtext NOT NULL,  PRIMARY KEY
+-- (`user_id`,`cache_key`),  KEY `expires_index` (`expires`),  CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC
+-- CREATE TABLE `users` (  `user_id` int(10) unsigned NOT NULL AUTO_INCREMENT,  `username` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `mail_host` varchar(128) NOT NULL,  `created` datetime NOT
+-- NULL DEFAULT '1000-01-01 00:00:00',  `last_login` datetime DEFAULT NULL,  `failed_login` datetime DEFAULT NULL,  `failed_login_counter` int(10) unsigned DEFAULT NULL,  `language` varchar(16) DEFAULT NULL,  `preferences` longtext DEFAULT NULL,  PRIMARY KEY (`user_id`),  UNIQUE KEY `username` (`username`,`mail_host`)) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

From ad13e65250d1c42fe2d6dbb5e58d71b965cc7051 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 26 Mar 2025 12:55:08 +0100
Subject: [PATCH 45/45] Remove fault file

---
 templates/mariadb/05-rundcube.sql.erb | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 templates/mariadb/05-rundcube.sql.erb

diff --git a/templates/mariadb/05-rundcube.sql.erb b/templates/mariadb/05-rundcube.sql.erb
deleted file mode 100644
index 4d1c037..0000000
--- a/templates/mariadb/05-rundcube.sql.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-CREATE SCHEMA roundcube;
-CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
-GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
--- USE roundcube;
--- CREATE TABLE `cache` (  `user_id` int(10) unsigned NOT NULL,  `cache_key` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `expires` datetime DEFAULT NULL,  `data` longtext NOT NULL,  PRIMARY KEY
--- (`user_id`,`cache_key`),  KEY `expires_index` (`expires`),  CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC
--- CREATE TABLE `users` (  `user_id` int(10) unsigned NOT NULL AUTO_INCREMENT,  `username` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,  `mail_host` varchar(128) NOT NULL,  `created` datetime NOT
--- NULL DEFAULT '1000-01-01 00:00:00',  `last_login` datetime DEFAULT NULL,  `failed_login` datetime DEFAULT NULL,  `failed_login_counter` int(10) unsigned DEFAULT NULL,  `language` varchar(16) DEFAULT NULL,  `preferences` longtext DEFAULT NULL,  PRIMARY KEY (`user_id`),  UNIQUE KEY `username` (`username`,`mail_host`)) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;