more work on munin

* install the munin-node package
* don't install munin-plugins-extra (if the user wants it they can add it)
* expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file

conf/nginx-primaryonly.conf

@@ -2,6 +2,7 @@
 	# Proxy /admin to our Python based control panel daemon. It is
 	# listening on IPv4 only so use an IP address and not 'localhost'.
 	rewrite ^/admin$ /admin/;
+	rewrite ^/admin/munin$ /admin/munin redirect;
 	location /admin/ {
 		proxy_pass http://127.0.0.1:10222/;
 		proxy_set_header X-Forwarded-For $remote_addr;

management/daemon.py

@@ -4,7 +4,7 @@ import os, os.path, re, json
 
 from functools import wraps
 
-from flask import Flask, request, render_template, abort, Response
+from flask import Flask, request, render_template, abort, Response, send_from_directory
 
 import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
@@ -384,6 +384,17 @@ def backup_status():
 	from backup import backup_status
 	return json_response(backup_status(env))
 
+# MUNIN
+
+@app.route('/munin/')
+@app.route('/munin/<path:filename>')
+@authorized_personnel_only
+def munin(filename=""):
+	# Checks administrative access (@authorized_personnel_only) and then just proxies
+	# the request to static files.
+	if filename == "": filename = "index.html"
+	return send_from_directory("/var/cache/munin/www", filename)
+
 # APP
 
 if __name__ == '__main__':

setup/munin.sh

@@ -6,7 +6,7 @@ source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
 # install Munin
-apt_install munin munin-plugins-extra
+apt_install munin munin-node
 
 # edit config
 cat > /etc/munin/munin.conf <<EOF;
@@ -21,7 +21,6 @@ cat > /etc/munin/munin.conf <<EOF;
 # a simple host tree
 [$PRIMARY_HOSTNAME]
 address 127.0.0.1
-  use_node_name yes
 
 # send alerts to the following address
 contacts admin
@@ -29,40 +28,5 @@ cat > /etc/munin/munin.conf <<EOF;
 contact.admin.always_send warning critical
 EOF
 
-
+# generate initial statistics so the directory isn't empty
-# set subdomain
+sudo -u munin munin-cron
-DOMAIN=${PRIMARY_HOSTNAME#[[:alpha:]]*.}
-hide_output curl -d "" --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/set/munin.$DOMAIN
-
-# write nginx config
-cat > /etc/nginx/conf.d/munin.conf <<EOF;
-  # Redirect all HTTP to HTTPS.
-  server {
-    listen 80;
-    listen [::]:80;
-
-    server_name munin.$DOMAIN;
-    root /tmp/invalid-path-nothing-here;
-    rewrite ^/(.*)$ https://munin.$DOMAIN/$1 permanent;
-  }
-
-  server {
-    listen 443 ssl;
-
-    server_name munin.$DOMAIN;
-
-    ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
-    ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
-    include /etc/nginx/nginx-ssl.conf;
-
-    auth_basic "Authenticate";
-    auth_basic_user_file /etc/nginx/htpasswd;
-
-    root /var/cache/munin/www;
-
-    location = /robots.txt {
-      log_not_found off;
-      access_log off;
-    }
-  }
-EOF

tools/munin_update.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-# Grant admins access to munin
-
-source setup/functions.sh # load our functions
-source /etc/mailinabox.conf # load global vars
-
-db=$STORAGE_ROOT'/mail/users.sqlite'
-
-users=`sqlite3 $db "SELECT email FROM users WHERE privileges = 'admin'"`;
-passwords=`sqlite3 $db "SELECT password FROM users WHERE privileges = 'admin'"`;
-
-# Define the arrays
-users_array=(${users// / })
-passwords_array=(${passwords// / })
-
-# clear htpasswd
->/etc/nginx/htpasswd
-
-# write user:password
-for i in "${!users_array[@]}"; do
-  echo "${users_array[i]}:${passwords_array[i]:14}" >> /etc/nginx/htpasswd
-done