"Migrating Zulip to new version" sounds very general and unclear about
what step is actually happening - easy to even confuse with a full
server upgrade being run. This should be explicit that this is about db
migrations.
This matches the way systemd would run supervisord, and avoids
problems with uv finding the cache location.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This variable value needs to be a complex array, so it needs the same
exemption as some other variables in `entrypoint.sh`.
Co-authored-by: Isaac van Bakel <isaac.vanbakel@inf.ethz.ch>
This reverts commit 0d72546a4c. The
extended glob matched when the _entire_ value was numeric, whereas
the pattern matches if it _starts_ with a number.
Fixes: #433Fixes: #435
If DISABLE_HTTPS was set, puppet would run twice, unnecessarily. Move
the `zulip.conf` and subsequent Puppet application to be grouped with
the others; this requires moving that above the nginx configuration,
as it tweaks puppet-controlled nginx files.
Puppet writes the current DNS servers into nginx's config, which may
vary each time the image starts up, depending on the network it is
attached to. We can either write custom logic to mirror Puppet's
behaviour, or just always run Puppet.
With previous `%D` format preventable errors like
```
tar (child): /data/backups/backup-09/05/22-03-22-03.tar.gz: Cannot open: No such file or directory
```
will occur. Let's use a more sane[^1] date format where possible.
The -I flag to date(1) was added in roughly 1999[^2] and is portable across
GNU coreutils and BusyBox. Piping to tr(1) to remove colons in filenames
is largely a Windows-compatibility concern, as Win32 does not allow for
that character in filenames[^3], and it's possible that the backups target
directory could be a volume mount to a Windows host (for example on
Docker Desktop For Windows).
[^1]: https://xkcd.com/1179/
[^2]: https://unix.stackexchange.com/a/164834
[^3]: https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions
Co-Authored-By: Josh Klar <josh@zulip.com>
This is required for connecting to a LDAPS server without validating certificators:
```
SETTING_AUTH_LDAP_GLOBAL_OPTIONS: "{ ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }"
```
Using `SETTING_AUTH_LDAP_CONNECTION_OPTIONS` doesn't work.
Currently LDAP group settings are being treat as string, they should be treated as array
so we could configure it correctly while executing on `docker` or `kubernetes`.
Currently this conditional results in `exit 1` when the backups
directory does exist. This change flips the logic to complain
when there are no backup files which, based on the error message,
is the intended result.
The previous code wrote
MAILTO=\n30 3 * * * cd /;/entrypoint.sh app:backup
(with a literal backslash n).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This fixes a bug introduced in
62bf74190b, where the template
settings.py content wasn't being put in place properly.
The previous model meant that if the user exported the settings.py
file to the data directory, we'd end up appending various versions of
the users' configuration to it over time.
While those users should have been using the MANUAL_CONFIGURATION
setting, this at least is a much cleaner model for managing configuration.
Fixes#130.
Fixes#153.
Fixes#155.
The ignore option was removed a long time ago, and the settings style
variable for RabbitMQ is very old backwards-compatibility code that is
no longer needed.
Using an actual tool designed to do this is a lot more robust and
fixes some nasty escaping issues involving secrets containing `~` that
were reported in #143.
This fixes#150, and should eliminate the possibility for future bugs
in the same vein.
I still want to eliminate this whole type-detection system, but that's
for future work.
The task is to generate a self-signed cert so Zulip can be started, then
to wait until Zulip is up before using certbot to generate new certs.
Zulip needs to be up so it can meet certbot's challenge. Using a deploy
hook, certs are persisted in the data directory. The same applies to
renewal.
Tweaked by tabbott mostly to edit comments remove an unnecessary
setting before merging.
Fixes#120.
This removes the fork of the core Zulip nginx configuration file that
we were maintaining in the docker-zulip project; doing so improves the
maintainability of this project for the future, since we don't need to
check on every Zulip upgrade whether we've made any changes to the
`nginx` package in zulip/zulip.
The only feature we were using that for was the DISABLE_HTTPS setting
in docker-zulip, and it's now possible to do that by editing
zulip.conf instead.
Fixes#114.
First, we stop deleting the `puppet` directory, which is important for
being able to run `zulip-puppet-apply` inside the container (super
useful for debugging).
Second, we call this inside the code block for the `nginx` option, in
order to support the `DISABLE_HTTPS` option working without any copied
nginx configuration code in docker-zulip.
See #137 for how we could optimize this away.
