Merge branch 'amidaware:develop' into develop

.devcontainer/.env.example

@@ -23,7 +23,7 @@ POSTGRES_USER=postgres
 POSTGRES_PASS=postgrespass
 
 # DEV SETTINGS
-APP_PORT=80
+APP_PORT=443
 API_PORT=80
 HTTP_PROTOCOL=https
 DOCKER_NETWORK=172.21.0.0/24

.devcontainer/api.dockerfile

@@ -1,4 +1,11 @@
-FROM python:3.9.9-slim
+# pulls community scripts from git repo
+FROM python:3.11.4-slim AS GET_SCRIPTS_STAGE
+
+RUN apt-get update &&
+    apt-get install -y --no-install-recommends git &&
+    git clone https://github.com/amidaware/community-scripts.git /community-scripts
+
+FROM python:3.11.4-slim
 
 ENV TACTICAL_DIR /opt/tactical
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
@@ -10,11 +17,17 @@ ENV PYTHONUNBUFFERED=1
 
 EXPOSE 8000 8383 8005
 
-RUN groupadd -g 1000 tactical && \
+RUN apt-get update &&
+    apt-get install -y build-essential
+
+RUN groupadd -g 1000 tactical &&
     useradd -u 1000 -g 1000 tactical
 
+# copy community scripts
+COPY --from=GET_SCRIPTS_STAGE /community-scripts /community-scripts
+
 # Copy dev python reqs
-COPY .devcontainer/requirements.txt  /
+COPY .devcontainer/requirements.txt /
 
 # Copy docker entrypoint.sh
 COPY .devcontainer/entrypoint.sh /

.devcontainer/docker-compose.yml

@@ -5,10 +5,11 @@ services:
     container_name: trmm-api-dev
     image: api-dev
     restart: always
+    user: 1000:1000
     build:
       context: ..
       dockerfile: .devcontainer/api.dockerfile
-    command: ["tactical-api"]
+    command: [ "tactical-api" ]
     environment:
       API_PORT: ${API_PORT}
     ports:
@@ -18,29 +19,15 @@ services:
       - ..:/workspace:cached
     networks:
       dev:
-        aliases: 
+        aliases:
           - tactical-backend
 
-  app-dev:
-    container_name: trmm-app-dev
-    image: node:14-alpine
-    restart: always
-    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
-    working_dir: /workspace/web
-    volumes:
-      - ..:/workspace:cached
-    ports:
-      - "8080:${APP_PORT}"
-    networks:
-      dev:
-        aliases: 
-          - tactical-frontend
-
   # nats
   nats-dev:
     container_name: trmm-nats-dev
     image: ${IMAGE_REPO}tactical-nats:${VERSION}
     restart: always
+    user: 1000:1000
     environment:
       API_HOST: ${API_HOST}
       API_PORT: ${API_PORT}
@@ -61,7 +48,8 @@ services:
     container_name: trmm-meshcentral-dev
     image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
     restart: always
-    environment: 
+    user: 1000:1000
+    environment:
       MESH_HOST: ${MESH_HOST}
       MESH_USER: ${MESH_USER}
       MESH_PASS: ${MESH_PASS}
@@ -84,6 +72,7 @@ services:
     container_name: trmm-mongodb-dev
     image: mongo:4.4
     restart: always
+    user: 1000:1000
     environment:
       MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
       MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
@@ -101,7 +90,7 @@ services:
     image: postgres:13-alpine
     restart: always
     environment:
-      POSTGRES_DB: tacticalrmm
+      POSTGRES_DB: ${POSTGRES_DB}
       POSTGRES_USER: ${POSTGRES_USER}
       POSTGRES_PASSWORD: ${POSTGRES_PASS}
     volumes:
@@ -115,9 +104,10 @@ services:
   redis-dev:
     container_name: trmm-redis-dev
     restart: always
-    command: redis-server --appendonly yes
+    user: 1000:1000
+    command: redis-server
     image: redis:6.0-alpine
-    volumes: 
+    volumes:
       - redis-data-dev:/data
     networks:
       dev:
@@ -128,7 +118,7 @@ services:
     container_name: trmm-init-dev
     image: api-dev
     restart: on-failure
-    command: ["tactical-init-dev"]
+    command: [ "tactical-init-dev" ]
     environment:
       POSTGRES_USER: ${POSTGRES_USER}
       POSTGRES_PASS: ${POSTGRES_PASS}
@@ -140,21 +130,26 @@ services:
       TRMM_PASS: ${TRMM_PASS}
       HTTP_PROTOCOL: ${HTTP_PROTOCOL}
       APP_PORT: ${APP_PORT}
+      POSTGRES_DB: ${POSTGRES_DB}
     depends_on:
       - postgres-dev
       - meshcentral-dev
     networks:
       - dev
     volumes:
       - tactical-data-dev:/opt/tactical
+      - mesh-data-dev:/meshcentral-data
+      - redis-data-dev:/redis/data
+      - mongo-dev-data:/mongo/data/db
       - ..:/workspace:cached
 
   # container for celery worker service
   celery-dev:
     container_name: trmm-celery-dev
     image: api-dev
-    command: ["tactical-celery-dev"]
+    command: [ "tactical-celery-dev" ]
     restart: always
+    user: 1000:1000
     networks:
       - dev
     volumes:
@@ -168,8 +163,9 @@ services:
   celerybeat-dev:
     container_name: trmm-celerybeat-dev
     image: api-dev
-    command: ["tactical-celerybeat-dev"]
+    command: [ "tactical-celerybeat-dev" ]
     restart: always
+    user: 1000:1000
     networks:
       - dev
     volumes:
@@ -183,8 +179,9 @@ services:
   websockets-dev:
     container_name: trmm-websockets-dev
     image: api-dev
-    command: ["tactical-websockets-dev"]
+    command: [ "tactical-websockets-dev" ]
     restart: always
+    user: 1000:1000
     networks:
       dev:
         aliases:
@@ -201,6 +198,7 @@ services:
     container_name: trmm-nginx-dev
     image: ${IMAGE_REPO}tactical-nginx:${VERSION}
     restart: always
+    user: 1000:1000
     environment:
       APP_HOST: ${APP_HOST}
       API_HOST: ${API_HOST}
@@ -214,29 +212,17 @@ services:
       dev:
         ipv4_address: ${DOCKER_NGINX_IP}
     ports:
-      - "80:80"
-      - "443:443"
+      - "80:8080"
+      - "443:4443"
     volumes:
       - tactical-data-dev:/opt/tactical
 
-  mkdocs-dev:
-    container_name: trmm-mkdocs-dev
-    image: api-dev
-    restart: always
-    command: ["tactical-mkdocs-dev"]
-    ports:
-      - "8005:8005"
-    volumes:
-      - ..:/workspace:cached
-    networks:
-      - dev
-
 volumes:
-  tactical-data-dev:
-  postgres-data-dev:
-  mongo-dev-data:
-  mesh-data-dev:
-  redis-data-dev:
+  tactical-data-dev: null
+  postgres-data-dev: null
+  mongo-dev-data: null
+  mesh-data-dev: null
+  redis-data-dev: null
 
 networks:
   dev:

.devcontainer/entrypoint.sh

@@ -9,17 +9,18 @@ set -e
 : "${POSTGRES_USER:=tactical}"
 : "${POSTGRES_PASS:=tactical}"
 : "${POSTGRES_DB:=tacticalrmm}"
-: "${MESH_CONTAINER:=tactical-meshcentral}"
+: "${MESH_SERVICE:=tactical-meshcentral}"
+: "${MESH_WS_URL:=ws://${MESH_SERVICE}:4443}"
 : "${MESH_USER:=meshcentral}"
 : "${MESH_PASS:=meshcentralpass}"
 : "${MESH_HOST:=tactical-meshcentral}"
 : "${API_HOST:=tactical-backend}"
-: "${APP_HOST:=tactical-frontend}"
 : "${REDIS_HOST:=tactical-redis}"
-: "${HTTP_PROTOCOL:=http}"
-: "${APP_PORT:=8080}"
 : "${API_PORT:=8000}"
 
+: "${CERT_PRIV_PATH:=${TACTICAL_DIR}/certs/privkey.pem}"
+: "${CERT_PUB_PATH:=${TACTICAL_DIR}/certs/fullchain.pem}"
+
 # Add python venv to path
 export PATH="${VIRTUAL_ENV}/bin:$PATH"
 
@@ -37,7 +38,7 @@ function django_setup {
     sleep 5
   done
 
-  until (echo > /dev/tcp/"${MESH_CONTAINER}"/443) &> /dev/null; do
+  until (echo > /dev/tcp/"${MESH_SERVICE}"/4443) &> /dev/null; do
     echo "waiting for meshcentral container to be ready..."
     sleep 5
   done
@@ -56,10 +57,12 @@ DEBUG = True
 
 DOCKER_BUILD = True
 
-CERT_FILE = '/opt/tactical/certs/fullchain.pem'
-KEY_FILE = '/opt/tactical/certs/privkey.pem'
+SWAGGER_ENABLED = True
+
+CERT_FILE = '${CERT_PUB_PATH}'
+KEY_FILE = '${CERT_PRIV_PATH}'
 
-SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
+SCRIPTS_DIR = '/community-scripts'
 
 ALLOWED_HOSTS = ['${API_HOST}', '*']
 
@@ -82,13 +85,15 @@ MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
+MESH_WS_URL = '${MESH_WS_URL}'
 ADMIN_ENABLED = True
 EOF
 )"
 
   echo "${localvars}" > ${WORKSPACE_DIR}/api/tacticalrmm/tacticalrmm/local_settings.py
 
   # run migrations and init scripts
+  "${VIRTUAL_ENV}"/bin/python manage.py pre_update_tasks
   "${VIRTUAL_ENV}"/bin/python manage.py migrate --no-input
   "${VIRTUAL_ENV}"/bin/python manage.py collectstatic --no-input
   "${VIRTUAL_ENV}"/bin/python manage.py initial_db_setup
@@ -98,6 +103,8 @@ EOF
   "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
   "${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf
   "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
+  "${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks
+
 
   # create super user 
   echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', '[email protected]', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
@@ -110,22 +117,28 @@ if [ "$1" = 'tactical-init-dev' ]; then
 
   test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
 
+  mkdir -p /meshcentral-data
+  mkdir -p ${TACTICAL_DIR}/tmp
+  mkdir -p ${TACTICAL_DIR}/certs
+  mkdir -p /mongo/data/db
+  mkdir -p /redis/data
+  touch /meshcentral-data/.initialized && chown -R 1000:1000 /meshcentral-data
+  touch ${TACTICAL_DIR}/tmp/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}
+  touch ${TACTICAL_DIR}/certs/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}/certs
+  touch /mongo/data/db/.initialized && chown -R 1000:1000 /mongo/data/db
+  touch /redis/data/.initialized && chown -R 1000:1000 /redis/data
+  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/exe
+  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/log
+  touch ${TACTICAL_DIR}/api/tacticalrmm/private/log/django_debug.log
+
   # setup Python virtual env and install dependencies
   ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
+  "${VIRTUAL_ENV}"/bin/python -m pip install --upgrade pip
+  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir setuptools wheel
   "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
 
   django_setup
 
-  # create .env file for frontend
-  webenv="$(cat << EOF
-PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = "https://${APP_HOST}"
-DOCKER_BUILD = 1
-EOF
-)"
-  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null
-
   # chown everything to tactical user
   chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
   chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${TACTICAL_DIR}"
@@ -154,8 +167,3 @@ if [ "$1" = 'tactical-websockets-dev' ]; then
   check_tactical_ready
   "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
 fi
-
-if [ "$1" = 'tactical-mkdocs-dev' ]; then
-  cd "${WORKSPACE_DIR}/docs"
-  "${VIRTUAL_ENV}"/bin/mkdocs serve
-fi