data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

Add phanpy service #188

Open
reynir wants to merge 2 commits from reynir/ansible:phanpy into main
pull from: reynir/ansible:phanpy
merge into: data.coop:main
Conversation 6 Commits 2 Files changed 2 +27
reynir commented 2024-01-06 12:48:27 +00:00
Owner
Copy link

Together with this hack we can deploy phanpy and update the content on new releases https://git.data.coop/reynir/phanpy

Together with this hack we can deploy phanpy and update the content on new releases https://git.data.coop/reynir/phanpy
reynir added 1 commit 2024-01-06 12:48:28 +00:00
samsapti reviewed 2024-01-06 17:18:43 +00:00
roles/docker/templates/compose-files/phanpy_website.yml.j2 Outdated
@ -0,0 +15,4 @@
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
samsapti commented 2024-01-06 17:18:32 +00:00
Owner
Copy link

What's this needed for?

What's this needed for?
reynir commented 2024-01-06 18:48:00 +00:00
Author
Owner
Copy link

It is needed to deconfigure the network, set up a bridge and a tap device like in the other unipi instances we run. For further details see entrypoint.sh in docker-unipi. Ideally, this would be handled by a docker network provider, but who has time to learn that?!

It is needed to deconfigure the network, set up a bridge and a tap device like in the other unipi instances we run. For further details see [entrypoint.sh](https://git.data.coop/reynir/docker-unipi/src/branch/main/entrypoint.sh) in docker-unipi. Ideally, this would be handled by a docker network provider, but who has time to learn that?!
reynir commented 2024-01-06 18:52:10 +00:00
Author
Owner
Copy link

There is definitely room for deduplicating code. Each unipi instance requires largely the same configuration except the domain name and --remote is different. I haven't figured out how to refactor this yet.

There is definitely room for deduplicating code. Each unipi instance requires largely the same configuration except the domain name and `--remote` is different. I haven't figured out how to refactor this yet.
samsapti commented 2024-03-31 01:47:12 +00:00
Owner
Copy link

But doesn't it just need to set up the network interface for the container itself? I.e. inside the container? It doesn't need to modify anything outside the container, right?

But doesn't it just need to set up the network interface for the container itself? I.e. inside the container? It doesn't need to modify anything outside the container, right?
reynir commented 2024-04-02 08:10:39 +00:00
Author
Owner
Copy link

Correct, but you still need CAP_NET_ADMIN.

Correct, but you still need `CAP_NET_ADMIN`.
samsapti requested changes 2024-03-31 01:46:14 +00:00
roles/docker/defaults/main.yml Outdated
@ -157,2 +157,4 @@
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
phanpy_website:
domain: "phanpy.data.coop"
samsapti commented 2024-03-31 01:42:30 +00:00
Owner
Copy link

Let's change this to phanpy.{{ base_domain }}.

Let's change this to `phanpy.{{ base_domain }}`.
reynir commented 2024-04-02 08:13:07 +00:00
Author
Owner
Copy link

Done in 65527be1f0.

Done in 65527be1f03408ba0a323c54cad282ad793704a7.
reynir marked this conversation as resolved
reynir force-pushed phanpy from 722a4aba9c to 65527be1f0 2024-04-02 08:12:32 +00:00 Compare
benjaoming commented 2024-04-02 12:09:15 +00:00
Owner
Copy link

If phanpy had an XSS vulnerability, for instance through unescaped messages or third-party libraries, do we then restrict through HTTP Headers?

If phanpy had an XSS vulnerability, for instance through unescaped messages or third-party libraries, do we then restrict through HTTP Headers?
reynir commented 2024-04-02 13:05:48 +00:00
Author
Owner
Copy link

No. How does that work?

No. How does that work?
benjaoming commented 2024-04-02 19:55:28 +00:00
Owner
Copy link

Sorry, was writing while distracted. I mean security headers like in this example: https://gist.github.com/ambroisemaupate/bce4b760405558f358ae

I can try to dig out what is appropriate for phanpy...

Sorry, was writing while distracted. I mean security headers like in this example: https://gist.github.com/ambroisemaupate/bce4b760405558f358ae I can try to dig out what is appropriate for phanpy...
👍 1
reynir commented 2024-04-03 12:07:59 +00:00
Author
Owner
Copy link

Unipi (the http server used for this) doesn't support adding extra headers at the moment (it would be nice to add and likely not too difficult to do; I'll look into it). In the interim we can add a vhost file to the nginx proxy.

Unipi (the http server used for this) doesn't support adding extra headers at the moment (it would be nice to add and likely not too difficult to do; I'll look into it). In the interim we can add a vhost file to the nginx proxy.
👍 1
benjaoming commented 2024-04-03 12:10:40 +00:00
Owner
Copy link

I should maybe try to add an Nginx configuration file in my own setup and see if it works... https://git.data.coop/benjaoming/phanpy/src/branch/main/Dockerfile

I should maybe try to add an Nginx configuration file in my own setup and see if it works... https://git.data.coop/benjaoming/phanpy/src/branch/main/Dockerfile
❤️ 1
benjaoming commented 2024-08-03 22:40:59 +00:00
Owner
Copy link

Jeg har været i gang med at lave nogle forsøg, men jeg tænker at #218 skal fikses, før det kommer videre....

Jeg har været i gang med at lave nogle forsøg, men jeg tænker at #218 skal fikses, før det kommer videre....
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u phanpy:reynir-phanpy
git checkout reynir-phanpy

Merge

Merge the changes and update on Forgejo.
git checkout main
git merge --no-ff reynir-phanpy
git checkout main
git merge --ff-only reynir-phanpy
git checkout reynir-phanpy
git rebase main
git checkout main
git merge --no-ff reynir-phanpy
git checkout main
git merge --squash reynir-phanpy
git checkout main
git merge --ff-only reynir-phanpy
git checkout main
git merge reynir-phanpy
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
samsapti
Labels
Clear labels   
Blocked

Something is blocking progress

  
Existing Service

Issues/improvements regarding existing services

  
Infrastructure Issue

Infrastructure issue that needs investigation or time to fix

  
Refactor

Refactoring of files / file structure or other improvements

  
Security Hardening

Non-verified / non-critical security improvements

  
Security Issue

Urgent security issue that needs to be fixed ASAP

  
Service Idea

Ideas for new services

  
Service Removal

Removal of services for one reason or another

  
Upgrade service
No labels
Blocked
Existing Service
Infrastructure Issue
Refactor
Security Hardening
Security Issue
Service Idea
Service Removal
Upgrade service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: data.coop/ansible#188
No description provided.
Delete branch "reynir/ansible:phanpy"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?