jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
14,867 Commits 33 Branches 583 Tags
ca2ebac6942b6a87f226b1a3d03f73b796a4ecb2
Commit Graph

46 Commits

Author SHA1 Message Date
Johannes Zellner
10e07fa300 Add disk speeds to disk usage data 2023-01-27 21:05:25 +01:00
Girish Ramakrishnan
656f3fcc13 add system.du 2022-10-11 23:06:54 +02:00
Girish Ramakrishnan
6f61145b01 configurecollectd.sh is no more 2022-10-11 21:04:25 +02:00
Girish Ramakrishnan
7598cf2baf consolidate storage validation logic 2022-06-06 12:50:21 -07:00
Girish Ramakrishnan
7ec1594428 create a separate support user 
This creates a separate user named 'cloudron-support' using which we
can provide remote support. The hyphen username convention follows the
systemd sytem username convention.

With a separate user, we don't need to ask users to keep changing PermitRootLogin
(and remind them to change it back).

Using a sudo user has various advantages:

* https://askubuntu.com/questions/687249/why-does-ubuntu-have-a-disabled-root-account
* https://wiki.debian.org/sudo
* https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root

The yellowtent user is also locked down further - no password and no shell login.
 2022-03-30 15:08:20 -07:00
Johannes Zellner
1c7eeb6ac6 Handle exposed ldap allowlist 2021-12-10 17:04:30 +01:00
Johannes Zellner
9eed3af8b6 add volume remount 2021-10-11 16:22:56 +02:00
Girish Ramakrishnan
50407eba0b volumes: generate systemd mount files based on mount type 2021-05-12 23:57:12 -07:00
Girish Ramakrishnan
0447dce0d6 graphite: restart collectd as well 2021-03-23 16:34:36 -07:00
Girish Ramakrishnan
7a6a170451 remove retire.sh 2021-02-25 10:32:53 -08:00
Girish Ramakrishnan
e4b06b16a9 firewall: implement blocklist 2020-08-31 21:46:07 -07:00
Girish Ramakrishnan
b1b6f70118 Kill all tasks on shutdown and startup 
BindsTo will kill all the tasks when systemctl stop box is executed.
But when restarted, it keeps the tasks running. Because of this behavior,
we kill the tasks on startup and stop of the box code.
 2020-08-06 23:47:40 -07:00
Girish Ramakrishnan
ac63d00c93 run tasks as separate cgroup via systemd 
this allows us to adjust the nice value and memory settings per task

part of #691
 2020-08-06 16:43:14 -07:00
Girish Ramakrishnan
ed09c06ba4 Add option to remove mailbox data 
Fixes #720
 2020-07-27 22:55:09 -07:00
Girish Ramakrishnan
a0d1016c01 containerize sftp 2019-04-04 22:43:02 -07:00
Johannes Zellner
cde852f0f9 Add proftpd as service 2019-03-19 15:24:09 -07:00
Girish Ramakrishnan
38a4c1aede Fixup volume management 
Fixes related to removing directory and directory perms
 2019-01-18 15:18:42 -08:00
Girish Ramakrishnan
13c628b58b backups (tgz): work with a layout 
this will allow us to place the localstorage directory in an arbitrary
location
 2019-01-16 12:52:04 -08:00
Girish Ramakrishnan
4a34703cd3 rework code to enable/disable remote support 
we had a generic ssh key management api. this was causing issues because
the ssh format is more complicated than what we had implemented. currently,
the only use case we have is to add our ssh key.

Fixes #600
 2018-12-19 13:35:20 -08:00
Girish Ramakrishnan
7c1ef143f9 Add unbound service 2018-12-02 19:38:34 -08:00
Girish Ramakrishnan
df927eae74 move backupupload.js to scripts 
it is just a sudo helper
 2018-11-29 23:30:56 -08:00
Girish Ramakrishnan
a2da9bea58 backup: use ipc for communicating with upload process 2018-11-26 15:21:48 -08:00
Girish Ramakrishnan
6cd8e769be remove all uses of sudoSync 2018-11-25 14:43:29 -08:00
Johannes Zellner
161a8fe2bf Make docker restartable 2018-11-24 22:12:28 +01:00
Girish Ramakrishnan
6abd48d480 rename backuptask to backupupload 2018-11-15 12:00:51 -08:00
Girish Ramakrishnan
2c60614d4b remove special rm script for redis 2018-10-15 16:14:16 -07:00
Girish Ramakrishnan
816fa94555 Upgrade the db addons using dumps when major version changes 2018-10-15 16:14:13 -07:00
Girish Ramakrishnan
23b9854c57 Use REST API instead of volumes for redis 2018-09-18 13:09:24 -07:00
Girish Ramakrishnan
a46e208c63 Use docker volumes instead of bind mount for app data 2018-09-13 15:35:41 -07:00
Girish Ramakrishnan
ac94a0b7f2 Add route to restore box from backup 
Part of #439
 2017-11-22 23:08:59 -08:00
Girish Ramakrishnan
e39a5c8872 preserve env in backuptask.js 2017-09-22 11:19:44 -07:00
Girish Ramakrishnan
84649b9471 Bring back backuptask 
This is required for various small reasons:

* dir iteration with a way to pass messagein back to the upload() easily
* can be killed independently of box code
* allows us to run sync (blocking) commands in the upload logic
 2017-09-19 12:32:38 -07:00
Girish Ramakrishnan
6525a467a2 Rework backuptask into tar.js 
This makes it easy to integrate another backup strategy
as the next step
 2017-09-17 18:50:26 -07:00
Girish Ramakrishnan
c8750a3bed merge the logrotate scripts 2017-09-12 22:03:24 -07:00
Girish Ramakrishnan
9710f74250 remove collectd stats when app is uninstalled 2017-09-12 21:34:15 -07:00
Johannes Zellner
2f51088e67 Add logrotate support for *.log files in /run mounts of apps 
logrotate config files may contain arbitrary commands which are
exectued as root, thus the config files have to be owned by root.
This is the reason we need the sudo scripts :-/

To test the generated scripts, just run:
$ logrotate /etc/logrotate.conf -v

Fixes #396
 2017-08-12 00:04:00 +02:00
Girish Ramakrishnan
a0e122e578 Try to make tests work again 2017-04-23 18:03:40 -07:00
Johannes Zellner
a94d44da75 Add generic node.sh to run node apps as root and with memory limitations 2017-04-20 15:20:11 +02:00
Johannes Zellner
dda16331f6 Remove unused rmbackup.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner
d95e68926b Remove unused backupapp.sh and backupbox.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner
ff3a748398 Call backuptask.js directly as root to avoid trampoline shell scripts 2017-04-17 20:26:05 +02:00
Johannes Zellner
9354784f01 Remove unused cpbackup.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner
e021a4b377 Remove unused restoreapp.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner
5e1ad4ad93 We need root access to copy backup files with the filesystem backend 2017-04-17 20:26:05 +02:00
Johannes Zellner
101a44affd Add authorized_keys.sh 2017-03-07 15:16:18 +01:00
Girish Ramakrishnan
7de94fff1b Merge container logic into start.sh 
This whole container thinking is over-engineered and we will get to
it if and when we need to.
 2016-12-29 12:01:59 -08:00