Remove recursive for mysql db dir

Unfortunatly we must do the same calcultions for multinode

facts.d/nc_versions.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+if ! [[ $(hostname) =~ monitor ]]; then
+  exit 0
+fi
+
 repo="/var/cache/cosmos/repo"
 common="${repo}/global/overlay/etc/hiera/data/common.yaml"
 

manifests/app_type.pp

@@ -33,6 +33,7 @@ define sunetdrive::app_type (
     $dbhost = 'proxysql_proxysql_1'
     $dbname = 'nextcloud'
     $dbuser = 'nextcloud'
+    $full_backup_retention = hiera('full_backup_retention')
     $instanceid = safe_hiera('instanceid')
     $mysql_user_password = safe_hiera('mysql_user_password')
     $passwordsalt = safe_hiera('passwordsalt')
@@ -91,6 +92,11 @@ define sunetdrive::app_type (
   $lb_servers = hiera_hash($environment)['lb_servers']
   $document_servers = hiera_hash($environment)['document_servers']
 
+  # Calculate some values
+  $expiration_months = max(12, $full_backup_retention)
+  $expiration_days_min = $expiration_months * 31
+  $expiration_days_max = $expiration_months * 31 + 93
+
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }
 

manifests/db_type.pp

@@ -18,7 +18,7 @@ define sunetdrive::db_type(
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
-  ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
+  ensure_resource('file',$mariadb_dir, { ensure => directory } )
   $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
   $dirs.each |$dir| {
     ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )

manifests/multinode.pp

@@ -291,6 +291,15 @@ MACAddressPolicy=none'
     if $customer_config['twofactor_enforced_excluded_groups'] {
     $twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups']
     }
+    if $customer_config['full_backup_retention'] {
+      $full_backup_retention = $customer_config['full_backup_retention']
+    } else {
+      $full_backup_retention = hiera('full_backup_retention')
+    }
+    # Calculate some values
+    $expiration_months = max(12, $full_backup_retention)
+    $expiration_days_min = $expiration_months * 31
+    $expiration_days_max = $expiration_months * 31 + 93
 
     # Secrets from local.eyaml
     $admin_password = safe_hiera("${customer}_admin_password")

manifests/proxysql.pp

@@ -12,6 +12,8 @@ class sunetdrive::proxysql (
   $config = hiera_hash($environment)
   $db_ip = $config['db']
   $nextcloud_ip = $config['app']
+  $nextcloud_ipv6 = $config['app_v6']
+  $nextcloud_ip_all = $nextcloud_ip + $nextcloud_ipv6
   $proxysql_ok_num = length($nextcloud_ip)
   $proxysql_warn_num = $proxysql_ok_num - 1
 
@@ -79,7 +81,7 @@ class sunetdrive::proxysql (
       iif           => 'ens3',
     }
     sunet::nftables::docker_expose { 'proxysql':
-      allow_clients => ['any'],
+      allow_clients => $nextcloud_ip_all,
       port          => 6032,
       iif           => 'ens3',
     }

manifests/satosa.pp

@@ -29,17 +29,23 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
         }
     }
   }
-  sunet::docker_run {'satosa':
-    image    => $image,
-    imagetag => $tag,
-    dns      => ['89.32.32.32'],
-    volumes  => ['/etc/satosa:/etc/satosa','/etc/dehydrated:/etc/dehydrated'],
-    ports    => ['443:8000'],
-    env      => ['METADATA_DIR=/etc/satosa/metadata', 'WORKER_TIMEOUT=120']
+  $dehydrated_status = $dehydrated_name ? {
+    undef   => 'absent',
+    default => 'present'
+  }
+  file {'/opt/docker_run':
+    ensure => 'absent',
+  }
+  sunet::docker_compose { 'satosa':
+    content          => template('sunetdrive/satosa/docker-compose.yml.erb'),
+    service_name     => 'satosa',
+    compose_dir      => '/opt/',
+    compose_filename => 'docker-compose.yml',
+    description      => 'Satosa',
   }
   file {'/etc/satosa/proxy_conf.yaml':
     content => inline_template("<%= @merged_conf.to_yaml %>\n"),
-    notify  => Sunet::Docker_run['satosa']
+    notify  => Sunet::Docker_compose['satosa']
   }
   $plugins = hiera('satosa_config')
   sort(keys($plugins)).each |$n| {
@@ -47,23 +53,13 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
     $fn = $plugins[$n]
     file { $fn:
       content => inline_template("<%= @conf.to_yaml %>\n"),
-      notify  => Sunet::Docker_run['satosa']
+      notify  => Sunet::Docker_compose['satosa']
     }
   }
   sunet::misc::ufw_allow { 'satosa-allow-https':
     from => 'any',
     port => '443'
   }
-  $dehydrated_status = $dehydrated_name ? {
-    undef   => 'absent',
-    default => 'present'
-  }
-  sunet::docker_run {'alwayshttps':
-    ensure => $dehydrated_status,
-    image  => 'docker.sunet.se/always-https',
-    ports  => ['80:80'],
-    env    => ['ACME_URL=http://acme-c.sunet.se']
-  }
   sunet::misc::ufw_allow { 'satosa-allow-http':
     ensure => $dehydrated_status,
     from   => 'any',
@@ -78,12 +74,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
       cert_file => '/etc/satosa/https.crt'
     }
   }
-  file { '/opt/satosa':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0755',
-  }
   -> file { '/opt/satosa/restart.sh':
     ensure  => file,
     owner   => 'root',

templates/application/config.php.erb

@@ -192,6 +192,9 @@ $CONFIG = array (
   'secret' => '<%= @secret %>',
   'skeletondirectory' => '<%= @skeletondirectory %>',
   'templatedirectory' => '',
+<% if @environment == 'test' -%>
+  'trashbin_retention_obligation' => 'auto, 30',
+<% end -%>
   'trusted_domains' =>
     array (
     <%- index = 0 -%>
@@ -234,4 +237,7 @@ $CONFIG = array (
     ),
   'updatechecker' => false,
   'version' => '<%= @nextcloud_version_string %>',
+<% if @environment == 'test' -%>
+  'versions_retention_obligation' => '<%= @expiration_days_min %>, <%= @expiration_days_max %>',
+<% end -%>
 );

templates/mariadb_backup/listusers.erb.sh

@@ -13,7 +13,7 @@ dexec="docker exec ${container}"
 
 password=$(${dexec} env | grep MYSQL_ROOT_PASSWORD | awk -F '=' '{print $2}')
 
-mysql="${dexec} mysql -p${password}"
+mysql="${dexec} mysql -p${password} -u root"
 
 if [[ "$(${mysql} -NB -e 'select exists(select * from information_schema.TABLES where TABLE_SCHEMA = "nextcloud" and TABLE_NAME = "oc_global_scale_users")')" == "1" ]]
 then

templates/satosa/docker-compose.yml.erb

@@ -0,0 +1,23 @@
+services:
+  satosa:
+    environment:
+      - "METADATA_DIR=/etc/satosa/metadata"
+      - "WORKER_TIMEOUT=120"
+    dns:
+      - "89.32.32.32"
+    image: "<%= @image %><% if @tag %>:<%= @tag %><% end %>"
+    pull_policy: "always"
+    ports:
+      - "443:8000"
+    volumes:
+      - "/etc/satosa:/etc/satosa"
+      - "/etc/dehydrated:/etc/dehydrated"
+  alwayshttps:
+    environment:
+      - "ACME_URL=http://acme-c.sunet.se"
+    dns:
+      - "89.32.32.32"
+    image: "docker.sunet.se/always-https"
+    pull_policy: "always"
+    ports:
+      - "80:80"