jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,983 Commits 33 Branches 583 Tags
cf40346e1af2e7385a8d2f0a6817ccbf5555475b
Commit Graph

144 Commits

Author SHA1 Message Date
Johannes Zellner
daa8a60da2 oidc: Inject currently hardcoded CLOUDRON_OIDC_PROVIDER_NAME env var 
This is designed to be used in the packages for the login button:
"Login with ${CLOUDRON_OIDC_PROVIDER_NAME}"
 2024-04-17 15:06:22 +02:00
Johannes Zellner
21d7438bbe proxyauth: user OpenID instead of basic auth 2024-04-15 15:59:16 +02:00
Girish Ramakrishnan
0a748ac78a better AVX error message 2024-04-15 10:10:13 +02:00
Girish Ramakrishnan
efd0be5e2c services: send the default memory limit 2024-04-10 12:42:25 +02:00
Girish Ramakrishnan
be2775e12e memoryLimit: redefine to not include swap 
Currently, we allocate 50% as RAM and 50% as swap. The manifest is
usually quite conservative on memory values. This means that we set
up a system where the app is applying memory pressure almost immediately.
This then swaps things randomly and increases cpu usage (kswapd shows
up in the profile).

To rethink the whole situation: we should not cap apps with a swap limit at all.
The memory hard limit is what is important. By redefining memoryLimit , we are
doubling every container's memory and it's good that we over allocate this.
 2024-04-09 18:59:40 +02:00
Girish Ramakrishnan
de99b8ecce Fix AVX support edge cases 
* Always show restart button. When using a local VM, you can dynamically
switch flags. So, let the user rebuild. Show error if we cannot.
* The logs button is an "a" tag which is clickable despite ng-disabled
 2024-04-01 23:05:20 +02:00
Girish Ramakrishnan
1c4f6315a6 mongodb: optional avx support in service routes 2024-04-01 17:31:20 +02:00
Girish Ramakrishnan
774f14327c addons: optional start mongodb based on AVX 2024-03-30 19:20:24 +01:00
Girish Ramakrishnan
781ee77280 services: remove docker dynamic env hook 2024-03-30 18:25:37 +01:00
Girish Ramakrishnan
104997d77c syslog: change it to unix domain socket 
docker is using a extra udp port for every container. when there is
a lot of containers, a lot of random udp ports get used up. this causes
problems when installing apps that require contiguous port ranges
 2024-03-21 18:59:08 +01:00
Johannes Zellner
96eeb70076 Update postgres addon to 1.5.10 
This contains a hack for immich in apptask to migrate the extension on
immich app update
 2024-03-06 13:20:58 +01:00
Johannes Zellner
eadc4fda30 Optional VectorRS is gone 2024-03-03 12:40:04 +01:00
Girish Ramakrishnan
3ff8f5cb33 scheduler: proper crash when app is still being installed 2024-03-01 10:38:49 +01:00
Girish Ramakrishnan
b6162a3bef docker addon: env var can be stored in the db 2024-03-01 10:31:41 +01:00
Girish Ramakrishnan
3316dd1f42 fixup various shell usage 2024-02-28 18:59:45 +01:00
Girish Ramakrishnan
64bb53abc3 services: startTurn needs a shell 2024-02-28 16:02:42 +01:00
Girish Ramakrishnan
73d1860995 turn: remove quotes 2024-02-28 13:00:29 +01:00
Johannes Zellner
e3f31e6560 Ensure we keep the oidc secret on app update 2024-02-26 17:20:00 +01:00
Girish Ramakrishnan
13e62bc738 logs: use stream.destroy() instead of custom hooks 2024-02-24 17:35:37 +01:00
Girish Ramakrishnan
0e83658aa3 make sudo commands terminate properly 
sudo forks and execs the program. sudo also hangs around as the parent of the program waiting on the program and also forwarding signals.
sudo does not forward signals when the originator comes from the same process group. recently, there has been a change where it will
forward signals as long as sudo or the command is not the group leader (https://www.sudo.ws/repos/sudo/rev/d1bf60eac57f)
for us, this means that calling kill from this node process doesn't work since it's in the same group (and ubuntu 22 doesn't have the above fix).
the workaround is to invoke a kill from a different process group and this is done by starting detached
another idea is: use "ps --pid cp.pid -o pid=" to get the pid of the command and then send it signal directly

see also: https://dxuuu.xyz/sudo.html
 2024-02-24 16:19:07 +01:00
Girish Ramakrishnan
d0dc104ede logs: make logPaths work 
we have to tail via sudo script

Fixes #811
 2024-02-23 17:46:22 +01:00
Girish Ramakrishnan
60994f9ed1 shell: docker run needs shell 
don't want to get into parsing quotes!
 2024-02-22 10:59:39 +01:00
Girish Ramakrishnan
a6f078330f shell: no need to promise scoping 2024-02-21 19:40:27 +01:00
Girish Ramakrishnan
14c9260ab0 shell: exec encoding is utf8 by default and no shell 
explicitly mark calls that require the shell
 2024-02-21 17:47:25 +01:00
Girish Ramakrishnan
26eb739b46 shell: add options to exec 2024-02-20 21:11:09 +01:00
Johannes Zellner
66da8dd4dc Always resetup oidc client record for apps 2024-02-15 12:40:58 +01:00
Johannes Zellner
38e32942cb oidc: remove env var for disabled session/end route 2024-02-09 19:37:54 +01:00
Johannes Zellner
7499aa9201 Do not fail is we don't have a servicesConfig yet 2024-01-17 13:13:48 +01:00
Johannes Zellner
b7631689b0 Add useVectorRsExtension for postgresql service 2024-01-16 12:53:43 +01:00
Girish Ramakrishnan
bf381aff7f redis: use default instead of redisuser 
suggested at https://github.com/redis/node-redis/issues/1591
 2023-11-14 10:50:25 +01:00
Girish Ramakrishnan
6830c4fc67 redis: fix issue when restoring optional redis 2023-10-11 14:53:25 +05:30
Girish Ramakrishnan
c1a53f7b29 oidc: loginRedirectUri can be empty string 
this is required for ttrss
 2023-09-20 14:47:27 +05:30
Girish Ramakrishnan
253f509fc6 redis: set default memory limit to 256M 
The 'reset to default' functionality in services view has 256M hardcoded
 2023-09-04 18:22:57 +05:30
Girish Ramakrishnan
eee49a8291 move dashboard setting into dashboard.js 2023-08-11 21:04:10 +05:30
Girish Ramakrishnan
c6db1c70c0 docker: fix image prune 
it seems docker images --digests cloudron/sftp --format "{{.ID}} {{.Repository}}:{{.Tag}}@{{.Digest}}
broke at some point
 2023-08-08 21:21:00 +05:30
Girish Ramakrishnan
4cdf37b060 settings: move mailFqdn/Domain into mailServer 2023-08-04 22:02:24 +05:30
Girish Ramakrishnan
946e5caacb split mail and mailserver 
mail = all the per-domain code
mailserver = all the mail server level code
 2023-08-04 20:54:39 +05:30
Girish Ramakrishnan
a4d57e7b08 refactor into getServiceConfig 2023-08-03 12:52:47 +05:30
Girish Ramakrishnan
bbc6ba1a35 settings: move service setting into services.js 
this also introduces getJson/setJson
 2023-08-03 11:50:00 +05:30
Girish Ramakrishnan
1d69207e6e redis: do not list in services when disabled 2023-07-14 18:01:21 +05:30
Girish Ramakrishnan
e1ff5f1cae ui: optional redis 
fixes #810
 2023-07-14 12:43:32 +05:30
Girish Ramakrishnan
25328d884f redis: make optional 
part of #810
 2023-07-13 16:46:09 +05:30
Girish Ramakrishnan
f34840e1a3 mail: use the new services change task type 2023-07-13 16:46:09 +05:30
Girish Ramakrishnan
519b258a25 make turn service optional 
part of #810
 2023-07-13 15:32:28 +05:30
Girish Ramakrishnan
7511339656 bump timeout when waiting for container 
some server disks are very slow
 2023-05-16 09:51:42 +02:00
Girish Ramakrishnan
aa02d839a7 remove console.log 2023-04-30 10:18:48 +02:00
Johannes Zellner
d2b12ff1ab oidc: discovery document is explicitly on openid/.well-known instead of .well-known 2023-04-29 14:09:31 +02:00
Johannes Zellner
0036bf1e2f Add addon hook to get dynamic environment variables 2023-04-24 15:29:57 +02:00
Johannes Zellner
bd7e931674 Do not throw if oidc addon client already exists 2023-04-21 15:09:49 +02:00
Johannes Zellner
5ac8e89c8e Set some oidc addon loginRedirectUri default 2023-04-21 12:36:20 +02:00