this tries to solve two issues:
* the current approach mounts the data directories of apps/volumes individually.
this causes a problem with volume mounts that mount after the container is started i.e not
network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires
unbound to be running but unbound can only start after docker because it wants to bind to
the docker network. one way to fix is to not start sftp automatically and only start sftp
container in the box code. This results in the sftp container attaching itself of the
directory before mounting and it appears empty. (on the host, the directory will appear
to have mount data!)
* every time apptask runs we keep rebuilding this sftp container. this results in much race.
the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata
paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely
on binding to the mount point itself. the child directories can mount in leisure. this limits the race
issue to only no-op volume mounts.
part of #789
restart service does not rebuild automatically, we should add a route
for that. we need to figure where to scale services etc if we randomly
create containers like that.
This reverts commit ecc9415679.
We want to support the workflow where normal users can have SFTP
access without being cloudron admins. The reason it is admin only
is because it is possible to upload/modify app code via SFTP to
then get cloudron admin credentials.
For this reason, we will fixup the apps as follows:
* Unmanaged WP - remove LDAP integration
* LAMP - remove LDAP. We will make a new major version that informs
the user NOT to update the app if they use LDAP. In 4.1, we will
expose the LDAP server, so they can use the public LDAP server for
any integration.
* Managed WP - Remove SFTP. This is contential but if people want to
really build/develop plugins then they can use Unmanaged WP for the dev
environment.
* Surfer - no change. Can have SFTP and LDAP since code is not modifiable
In general, should also be careful then about adding SFTP access to random
apps (like say nextcloud), since this would allow normal user to access
other people's data.
