Kickstart module Up to Date?

stephdl · February 6, 2024, 7:06am

Add mattermost-ldap configuration for OAuth server

NethServer:main ← NethServer:mattermostLDAP

opened 11:40AM - 29 Jan 24 UTC

This pull request adds the necessary Docker configuration files for setting up t…he OAuth server. It includes the Dockerfile for the mattermost-ldap container. Additionally, it adds the oauth files for build images and the necessary network and host configuration to the mattermost.service file. ![image](https://github.com/NethServer/ns8-mattermost/assets/3164851/a25df3e3-d94a-4860-8c3f-f551248f9656) ![image](https://github.com/NethServer/ns8-mattermost/assets/3164851/fff0d227-1ac1-44bb-b666-abdf902b84c2) ![image](https://github.com/NethServer/ns8-mattermost/assets/3164851/d3b47a97-6f99-49ee-982b-45fd0da3b8d8) you need to read the readme on how to enable it, by default it is disable

you can create an equivalent at the create-module step and store them in environment

oneitonitram · February 6, 2024, 7:45am

I am not sure what i was trying to do as well, but its something to…

oneitonitram · February 6, 2024, 8:37am

looks like i am only limited to using these two methods 2024-02-06T11:35:36+03:00 [1:vaultwarden2:vaultwarden-app] Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.

And mor einfo as documented here: Enabling admin page - vaultwarden - Gitlockr | A self hosted version of Gitea

PHC is found here: phc-string-format/phc-sf-spec.md at master · P-H-C/phc-string-format (github.com)

oneitonitram · February 7, 2024, 2:26pm

@step hello,

How would i implement an internal module thats not supposed to be exposed on the intenet, but only available to be consumed and used by normal modules.

In gernal most modules mus timplement publish, which exposes the module, if this publish is not given, will this be the case, or what exactly happenes

stephdl · February 7, 2024, 9:55pm

You can open a port restricted to the localhost like you do in the pod and do not create a route in traefik. Like this any other modules could contact your module by the 127.0.0.1:tcpport but nobody from the external could have a route to this module

The cons is that you won’t have encryption by traefik so you need to make it workable on your own

Hence maybe using traefik is the easier way

oneitonitram · February 8, 2024, 5:41am

Easier is not always the best, anyways, I’ll just leave it normal, maybe as I gain more experience I can figure it out.

oneitonitram · February 8, 2024, 6:05pm

I had no Idea that modules can get dangerous.
A certain version of a module i was building caused a Loop during the upgrade process

Attempts to remove the module through the normal means are proving to be futile

I am attempting a reboot to see if it resolves the issue.

Could we implement a Core level check that would prevent a module installation, Update or any other processing to run forever for any given module.

MAybe a NS8 parameter that checks for this kind of behavior in a module action state, and stops it.

From a security perspective i can see Many ways a Bad Actor could use that loopHole.

The reboot seems to fix the issue, But assume, someone adds a scrip that restarts the process on boot.

stephdl · February 15, 2024, 8:32am

Make a broken module is always easier than make a robust module and at core level there is no way to control what a developer could do I think.

Except maybe with a strict control of what a developer does by implementing rules and permissions like apple does. However it could become a nightmare for you martin

Look the last apple vision pro, the only thing for what I want it is for pornoVR and it is forbidden (dont tell it to my wife)

oneitonitram · February 16, 2024, 6:36am

What a wonderful business