Commit Graph

872 Commits

Author SHA1 Message Date
kiekerjan 2921a77edc
Merge pull request #15 from hughsw/add-custom-rsync-port
feat(rsync-port): Add support for non-standard ssh port for rsync backup
2022-11-28 20:30:24 +01:00
kiekerjan 4e96509ef1
Merge pull request #14 from hughsw/fix-rsync-display
fix(backup-display): Fix parsing of rsync target in system-backup.htm…
2022-11-28 20:28:24 +01:00
Hugh Secker-Walker 142e9bd974 feat(rsync-port): Add support for non-standard ssh port for rsync backup 2022-11-22 12:16:31 +00:00
Hugh Secker-Walker 97e1f39aec fix(backup-display): Fix parsing of rsync target in system-backup.html, fixes #2206 2022-11-21 18:39:23 +00:00
KiekerJan 210d9f08dc simplify utils.py#shell method used by unbound-control call 2022-11-05 21:04:05 +01:00
KiekerJan 16728860f4 add not set case to blacklist lookup 2022-11-03 08:27:56 +01:00
KiekerJan ebc5f06d61 merge upstream 60.1 2022-10-30 23:01:19 +01:00
alento-group 32c68874c5
Fix NSD not restarting (#2182)
A previous commit (0a970f4bb2) broke nsd restarting. This fixes that change by reverting it.

Josh added: Use nsd-control with reconfig and reload if they succeed and only fall back to restarting nsd if they fail

Co-authored-by: Joshua Tauberer <jt@occams.info>
2022-10-30 08:16:03 -04:00
KiekerJan fe52334288 merge upstream 2022-10-15 16:38:47 +02:00
KiekerJan 4914b0c423 add logging 2022-10-15 07:59:25 +02:00
Joshua Tauberer ddf8e857fd
Support Ubuntu 22.04 Jammy Jellyfish (#2083) 2022-10-11 21:18:34 -04:00
Joshua Tauberer 0a970f4bb2 Use nsd-control to refresh nsd after zone files are rewritten rather than 'service nsd restart'
I am not sure if this was the problem but nsd didn't serve updated zonefiles on my box and 'service nsd restart' must have been used, so maybe it doesn't reload zones.
2022-10-08 07:24:57 -04:00
jvolkenant b8feb77ef4
Move postgrey database under $STORAGE_ROOT (#2077) 2022-09-24 13:17:55 -04:00
Steve Hay 1e1a054686
BUGFIX: Correctly handle the multiprocessing for run_checks in the management daemon (#2163)
See discussion here: #2083

Co-authored-by: Steve Hay <hay.steve@gmail.com>
2022-09-24 09:56:27 -04:00
KiekerJan 9ee26d3ef1 merge upstream changes proposed for 2204 2022-09-17 16:41:35 +02:00
Joshua Tauberer 58ded74181 Restore the backup S3 host select box if an S3 target has been set
Also remove unnecessary import added in 7cda439c. Was a mistake from edits during PR review.
2022-09-17 09:07:54 -04:00
Steve Hay 3fd2e3efa9
Replace Flask built-in WSGI server with gunicorn (#2158) 2022-09-17 08:03:16 -04:00
Steve Hay 7cda439c80
Port boto to boto3 and fix asyncio issue in the management daemon (#2156)
Co-authored-by: Steve Hay <hay.steve@gmail.com>
2022-09-17 07:57:12 -04:00
KiekerJan 9327a1df4f merge proposed boto chagnes 2022-09-12 22:58:52 +02:00
KiekerJan 1ce9766204 merge upstream changes to update to ubuntu 2204 2022-09-04 20:52:56 +02:00
KiekerJan 197a142043 check returned nameserver values 2022-08-26 11:34:18 +02:00
KiekerJan b051137f36 more resilient nameserver usage in query dns 2022-08-26 11:29:23 +02:00
Sudheesh Singanamalla d7244ed920
Fixes #2149 Append ; in policy strings for DMARC settings (#2151)
Signed-off-by: Sudheesh Singanamalla <sudheesh@cloudflare.com>
2022-08-19 13:23:42 -04:00
Joshua Tauberer ab71abbc7c Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT) 2022-07-28 14:42:51 -04:00
Joshua Tauberer 78d71498fa Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04
* Add the PHP PPA.
* Specify the version when invoking the php CLI.
* Specify the version in package names.
* Update paths to 8.0 (using a variable in the setup scripts).
* Update z-push's php-xsl dependency to php8.0-xml.
* php-json is now built-into PHP.

Although PHP 8.1 is the stock version in Ubuntu 22.04, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.
2022-07-28 14:02:46 -04:00
Joshua Tauberer b41a0ad80e Drop some hacks that we needed for Ubuntu 18.04
* certbot's PPA is no longer needed because a recent version is now included in the Ubuntu respository.
* Un-pin b2sdk (reverts 69d8fdef99 and d829d74048).
* Revert boto+s3 workaround for duplicity (partial revert of 99474b348f).
* Revert old "fix boto 2 conflict on Google Compute Engine instances" (cf33be4596) which is probably no longer needed.
2022-07-28 14:02:46 -04:00
Rauno Moisto 78569e9a88 Fix DeprecationWarning in dnspython query vs resolve method
The resolve method disables resolving relative names by default. This change probably makes a7710e90 unnecessary. @JoshData added some additional changes from query to resolve.
2022-07-28 14:02:46 -04:00
KiekerJan 5787f0dfd5 fix access rights of after-backup script 2022-07-03 18:29:08 +02:00
KiekerJan 727d84004f add configurable backup dir to status checks 2022-06-13 20:25:48 +02:00
KiekerJan 69e15fa942 merge upstream v57 2022-06-13 20:07:50 +02:00
Joshua Tauberer 99474b348f Update backup to be compatible with duplicity 0.8.23
We were using duplicity 0.8.21-ppa202111091602~ubuntu1 from the duplicity PPA probably until June 5, which is when my box automatically updated to 0.8.23-ppa202205151528~ubuntu18.04.1. Starting with that version, two changes broke backups:

* The default s3 backend was changed to boto3. But boto3 depends on the AWS SDK which does not support Ubuntu 18.04, so we can't install it. Instead, we map s3: backup target URLs to the boto+s3 scheme which tells duplicity to use legacy boto. This should be reverted when we can switch to boto3.
* Contrary to the documentation, the s3 target no longer accepts a S3 hostname in the URL. It now reads the bucket from the hostname part of the URL. So we now drop the hostname from our target URL before passing it to duplicity and we pass the endpoint URL in a separate command-line argument. (The boto backend was dropped from duplicity's "uses_netloc" in 74d4cf44b1 (f5a07610d36bd242c3e5b98f8348879a468b866a_37_34), but other changes may be related.)

The change of target URL (due to both changes) seems to also cause duplicity to store cached data in a different directory within $STORAGE_ROOT/backup/cache, so on the next backup it will re-download cached manifest/signature files. Since the cache directory will still hold the prior data which is no longer needed, it might be a good idea to clear out the cache directory to save space. A system status checks message is added about that.

Fixes #2123
2022-06-12 08:17:48 -04:00
Joshua Tauberer 8bebaf6a48 Simplify duplicity command line by omitting rsync options if the backup target type is not rsync 2022-06-11 15:12:31 -04:00
KiekerJan 02f2a34bcf remove deprecated method call 2022-05-30 19:37:00 +02:00
KiekerJan f575b1c2a2 add documentation 2022-05-29 11:53:24 +02:00
KiekerJan c3750426df fix coding error 2022-05-25 22:47:20 +02:00
kiekerjan f0f3c7a442
Merge pull request #12 from kiekerjan/master
Merge master into development branch
2022-05-25 22:33:19 +02:00
KiekerJan bf4ec5697b merge upstream 2022-05-12 22:15:52 +02:00
KiekerJan c1b7a9d4d2 Merge remote-tracking branch 'origin/master' into configurablebackupfolder 2022-04-24 16:01:04 +02:00
github@kiekerjan.isdronken.nl 5d186fcced Merge branch 'dns_to_unbound' 2022-04-21 21:54:11 +02:00
github@kiekerjan.isdronken.nl 6b30ee8665 skip retry on spamhaus dns lookups 2022-04-20 23:42:34 +02:00
KiekerJan d359cef13e CSP header disrupts roundcube 2022-04-18 21:58:53 +02:00
KiekerJan a1851a413b use actual unbound command to flush cache 2022-04-18 21:52:33 +02:00
github@kiekerjan.isdronken.nl aaa7702d9d make dns resolver retrying explicit 2022-04-18 21:40:20 +02:00
KiekerJan 0392b07008 updates on nginx security headers 2022-04-18 21:16:21 +02:00
KiekerJan 1b0f7991db fix spelling error 2022-04-18 08:30:22 +02:00
KiekerJan d35b068a73 add dns exception handling 2022-04-17 22:56:30 +02:00
KiekerJan 9b252e0209 retrying dns timeouts 2022-04-04 22:31:54 +02:00
KiekerJan 7ac4b412b0 attempts to reduce unnecessary dns update messages 2022-04-03 16:37:51 +02:00
lamberete 6e40c69cb5
Error message using IPv4 instead of failing IPv6.
One of the error messages around IPv6 was using the IPv4 for the output, making the error message confusing.
2022-03-26 13:50:24 +01:00
lamberete c0e54f87d7
Sorting ds records on report.
When building the part of the report about the current DS records founded, they are added in the same order as they were received when calling query_dns(), which can differ from run to run. This was making the difflib.SequenceMatcher() method to find the same line removed and added one line later, and sending an Status Checks Change Notice email with the same line added and removed when there was actually no real changes.
2022-03-26 13:45:49 +01:00