add clamav as option

Signed-off-by: szaimen <szaimen@e.mail.de>
This commit is contained in:
szaimen 2022-03-15 23:46:58 +01:00
parent 31f86c1570
commit 38726f039a
13 changed files with 155 additions and 7 deletions

View file

@ -108,3 +108,12 @@ updates:
labels:
- 3. to review
- dependencies
- package-ecosystem: "docker"
directory: "/Containers/clamav"
schedule:
interval: "daily"
time: "12:00"
open-pull-requests-limit: 10
labels:
- 3. to review
- dependencies

View file

@ -0,0 +1,9 @@
# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
FROM clamav/clamav:0.104.2-2
RUN echo -e '\n\
MaxDirectoryRecursion 30\n\
MaxFileSize 100M\n\
PCREMaxFileSize 100M\n\
StreamMaxLength 100M\
' >> /clamav/etc/clamav/clamd.conf

View file

@ -304,5 +304,26 @@ php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS"
php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
# Clamav
if [ "$CLAMAV_ENABLED" = 'yes' ]; then
if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
php /var/www/html/occ app:install files_antivirus
elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
php /var/www/html/occ app:enable files_antivirus
else
php /var/www/html/occ app:update files_antivirus
fi
php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
else
if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
php /var/www/html/occ app:remove files_antivirus
fi
fi
# Remove the update skip file always
rm -f /mnt/ncdata/skip.update

View file

@ -4,7 +4,8 @@
"dependsOn": [
"nextcloud-aio-nextcloud",
"nextcloud-aio-collabora",
"nextcloud-aio-talk"
"nextcloud-aio-talk",
"nextcloud-aio-clamav"
],
"identifier": "nextcloud-aio-apache",
"displayName": "Apache",
@ -123,7 +124,9 @@
"TURN_SECRET=%TURN_SECRET%",
"SIGNALING_SECRET=%SIGNALING_SECRET%",
"AIO_URL=%AIO_URL%",
"NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%"
"NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
"CLAMAV_ENABLED=%CLAMAV_ENABLED%",
"CLAMAV_HOST=nextcloud-aio-clamav"
],
"maxShutdownTime": 10,
"restartPolicy": "unless-stopped"
@ -292,6 +295,21 @@
],
"maxShutdownTime": 1,
"restartPolicy": ""
},
{
"dependsOn": [],
"identifier": "nextcloud-aio-clamav",
"displayName": "ClamAV",
"containerName": "nextcloud/aio-clamav",
"ports": [],
"internalPorts": [
"3310"
],
"environmentVariables": [],
"volumes": [],
"secrets": [],
"maxShutdownTime": 10,
"restartPolicy": "unless-stopped"
}
]
}

View file

@ -0,0 +1,4 @@
document.addEventListener("DOMContentLoaded", function(event) {
// Clamav
document.getElementById("clamav").disabled = true;
});

View file

@ -85,6 +85,8 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
'last_backup_time' => $configurationManager->GetLastBackupTime(),
'backup_times' => $configurationManager->GetBackupTimes(),
'current_channel' => $dockerActionManger->GetCurrentChannel(),
'is_x64_platform' => $configurationManager->isx64Platform(),
'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
]);
})->setName('profile');
$app->get('/login', function ($request, $response, $args) use ($container) {

View file

@ -0,0 +1,14 @@
function makeOptionsFormSubmitVisible() {
var optionsFormSubmit = document.getElementById("options-form-submit");
optionsFormSubmit.style.display = 'block';
}
document.addEventListener("DOMContentLoaded", function(event) {
// handle submit button for options form
var optionsFormSubmit = document.getElementById("options-form-submit");
optionsFormSubmit.style.display = 'none';
// Clamav
var clamav = document.getElementById("clamav");
clamav.addEventListener('change', makeOptionsFormSubmitVisible);
});

View file

@ -49,6 +49,12 @@ class ContainerDefinitionFetcher
$containers = [];
foreach ($data['production'] as $entry) {
if ($entry['identifier'] === 'nextcloud-aio-clamav') {
if (!$this->configurationManager->isClamavEnabled()) {
continue;
}
}
$ports = new ContainerPorts();
foreach ($entry['ports'] as $port) {
if($port === '%APACHE_PORT%/tcp') {
@ -99,6 +105,16 @@ class ContainerDefinitionFetcher
);
}
$dependsOn = [];
foreach ($entry['dependsOn'] as $value) {
if ($value === 'nextcloud-aio-clamav') {
if (!$this->configurationManager->isClamavEnabled()) {
continue;
}
}
$dependsOn[] = $value;
}
$variables = new ContainerEnvironmentVariables();
foreach ($entry['environmentVariables'] as $value) {
$variables->AddVariable($value);
@ -114,7 +130,7 @@ class ContainerDefinitionFetcher
$internalPorts,
$volumes,
$variables,
$entry['dependsOn'],
$dependsOn,
$entry['secrets'],
$this->container->get(DockerActionManager::class)
);

View file

@ -35,6 +35,17 @@ class ConfigurationController
$this->configurationManager->SetBorgBackupHostLocation($request->getParsedBody()['borg_backup_host_location']);
}
if (isset($request->getParsedBody()['clamav'])) {
$value = $request->getParsedBody()['clamav'];
if ($value === 'on') {
$this->configurationManager->SetClamavEnabledState(1);
} elseif ($value === 'off') {
$this->configurationManager->SetClamavEnabledState(0);
} else {
error_log('It seems like clamav was changed but not to on or off.');
}
}
return $response->withStatus(201)->withHeader('Location', '/');
} catch (InvalidSettingConfigurationException $ex) {
$response->getBody()->write($ex->getMessage());

View file

@ -116,6 +116,29 @@ class ConfigurationManager
}
}
public function isx64Platform() : bool {
if (php_uname('m') === 'x86_64') {
return true;
} else {
return false;
}
}
public function isClamavEnabled() : bool {
$config = $this->GetConfig();
if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
return true;
} else {
return false;
}
}
public function SetClamavEnabledState(int $value) : void {
$config = $this->GetConfig();
$config['isClamavEnabled'] = $value;
$this->WriteConfig($config);
}
/**
* @throws InvalidSettingConfigurationException
*/

View file

@ -241,6 +241,12 @@ class DockerActionManager
$replacements[1] = $this->configurationManager->GetApachePort();
} elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
$replacements[1] = $this->configurationManager->GetNextcloudMount();
} elseif ($out[1] === 'CLAMAV_ENABLED') {
if ($this->configurationManager->isClamavEnabled()) {
$replacements[1] = 'yes';
} else {
$replacements[1] = '';
}
} else {
$replacements[1] = $this->configurationManager->GetSecret($out[1]);
}

View file

@ -286,10 +286,24 @@
{% endif %}
{% endif %}
{% endif %}
<h2>Optional</h2>
In this section, you will find optional addons in the future.
It will disable the ability to change them when any containers are running and allow to change them when they are stopped.
Also, it will display possible sections for optional addons. (which itself will be displayed when enabled and running).
{% if isBackupContainerRunning == false %}
<h2>Optional</h2>
In this section, you can find optional addons.<br><br>
You can change the state of them when your containers are stopped.<br><br>
<form id="options-form" method="POST" action="/api/configuration" class="xhr">
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
{% if is_clamav_enabled == true %}
<input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (only supported on x64)</label>
{% else %}
<input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (only supported on x64)</label>
{% endif %}
<input id="options-form-submit" class="button" type="submit" value="Save changes" />
</form>
{% if isAnyRunning == true or is_x64_platform == false %}
<script type="text/javascript" src="disabe-clamav.js"></script>
{% endif %}
{% endif %}
{% endif %}
{% endif %}

View file

@ -4,6 +4,7 @@
<link rel="stylesheet" href="/style.css" media="all" />
<link rel="icon" href="/img/favicon.png">
<script type="text/javascript" src="forms.js"></script>
<script type="text/javascript" src="options-form-submit.js"></script>
</head>
<body>