Add sftpgo container and configuration

nethesis · Jan 20, 2025 · 64817e3 · 64817e3
1 parent 83035e4
commit 64817e3
Show file tree

Hide file tree

Showing 6 changed files with 119 additions and 14 deletions.
diff --git a/imageroot/actions/create-module/05setenvs b/imageroot/actions/create-module/05setenvs
@@ -79,6 +79,8 @@ agent.set_env('NETHCTI_TLS_PORT', port_list[23])
 agent.set_env('ASTERISK_SIP_PORT', port_list[24])
 agent.set_env('ASTERISK_SIPS_PORT', port_list[25])
 agent.set_env('ASTERISK_IAX_PORT', port_list[26])
+agent.set_env('ASTERISK_RECORDING_SFTP_PORT', port_list[27])
+
 
 # Set root password for MariaDB
 # MARIADB_ROOT_PASSWORD written to passwords.env

diff --git a/imageroot/actions/create-module/90firewall b/imageroot/actions/create-module/90firewall
@@ -14,6 +14,7 @@ agent.add_public_service(os.environ['MODULE_ID'], [
     os.environ['JANUS_RTPSTART']+"-"+os.environ['JANUS_RTPEND']+"/udp", # Janus
     os.environ['ASTERISK_IAX_PORT']+"/udp", # Asterisk
     os.environ['PHONEBOOK_LDAP_PORT']+"/tcp", # Phonebook LDAPS
-])
+	os.environ['ASTERISK_RECORDING_SFTP_PORT']+"/tcp", # Asterisk recordings SFTP
+	])
 
 # Ignore exit code
diff --git a/imageroot/actions/set-nethvoice-admin-password/20set_password b/imageroot/actions/set-nethvoice-admin-password/20set_password
@@ -6,7 +6,6 @@
 #
 
 import json
-import os
 import sys
 import agent
 import subprocess
@@ -15,21 +14,26 @@ mariadb_root_passwd = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD
 
 request = json.load(sys.stdin)
 
-# do nothing if the password is empty
-if not request['nethvoice_admin_password']:
-    sys.exit(0)
+# change password in asterisk database if it isn't empty
+if request['nethvoice_admin_password']:
 
-command = [
-    "/usr/bin/podman", "exec", "-it", "mariadb",
-    "mysql", "-uroot", f"-p{mariadb_root_passwd}", "asterisk",
-    "-e",
-    f"UPDATE ampusers SET password_sha1 = SHA1('{request['nethvoice_admin_password']}') WHERE username = 'admin';"
-]
+	command = [
+    	"/usr/bin/podman", "exec", "-it", "mariadb",
+    	"mysql", "-uroot", f"-p{mariadb_root_passwd}", "asterisk",
+    	"-e",
+    	f"UPDATE ampusers SET password_sha1 = SHA1('{request['nethvoice_admin_password']}') WHERE username = 'admin';"
+	]
 
-result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+	result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+	if result.returncode != 0:
+		print(f"Failed to execute command: {result.stderr}")
+		sys.exit(1)
+
+# change password in sftpgo configuration
+result = subprocess.run(["bin/set-sftp-config"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
 if result.returncode != 0:
-    print(f"Failed to execute command: {result.stderr}")
-    sys.exit(1)
+	print(f"Failed to execute command: {result.stderr}")
+	sys.exit(1)
 
 sys.exit(0)
 
diff --git a/imageroot/bin/set-sftp-config b/imageroot/bin/set-sftp-config
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import sys
+import agent
+import subprocess
+
+
+sftpgo_config_path = "sftpgo.conf.d/sftpgo.json"
+# Read the current configuration
+with open(sftpgo_config_path, 'r') as file:
+	config = json.load(file)
+
+#update sftp server bind address port
+config['server']['protocols']['sftp']['bind_arrd'] = "0.0.0.0:" + os.environ['ASTERISK_RECORDING_SFTP_PORT']
+
+# get NethVoice password from mariadb
+mariadb_root_passwd = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD']
+command = [
+	"/usr/bin/podman", "exec", "-it", "mariadb",
+	"mysql", "-uroot", f"-p{mariadb_root_passwd}", "asterisk",
+	"-e",
+	"SELECT password_sha1 FROM ampusers WHERE username = 'admin';"
+]
+
+result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+if result.returncode != 0:
+	print(f"Failed to execute command: {result.stderr}")
+	sys.exit(1)
+
+# Update the password
+for user in config['users']:
+	if user['username'] == 'nethvoice':
+		user['password'] = '$pbkdf2-sha1$' + result.stdout.strip()
+
+
+# Write the updated configuration back to the file
+with open(sftpgo_config_path, 'w') as file:
+	json.dump(config, file, indent=4)
diff --git a/imageroot/state/sftpgo.conf.d/sftpgo.json b/imageroot/state/sftpgo.conf.d/sftpgo.json
@@ -0,0 +1,26 @@
+{
+	"server": {
+	  "protocols": {
+		"sftp": {
+		  "enabled": true,
+		  "bind_addr": "0.0.0.0:22"
+		}
+	  }
+	},
+	"users": [
+	  {
+		"username": "nethvoice",
+		"password": "",
+		"home_dir": "/srv/sftpgo/moh",
+		"permissions": {
+		  "/srv/sftpgo/moh": ["*"]
+		},
+		"filesystem": {
+		  "provider": "local",
+		  "params": {
+			"base_directory": "/srv/sftpgo/moh"
+		  }
+		}
+	  }
+	]
+  }
diff --git a/imageroot/systemd/user/sftpgo.service b/imageroot/systemd/user/sftpgo.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=Podman sftpgo.service
+After=nginx.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+WorkingDirectory=%S/state
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/sftpgo.pid %t/sftpgo.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/sftpgo.pid \
+    --cidfile %t/sftpgo.ctr-id --cgroups=no-conmon \
+    --replace \
+    --detach \
+    --name sftpgo \
+    --volume moh:/srv/sftpgo/data:z \
+    --volume sftpgo_config:/var/lib/sftpgo:Z \
+    --volume %S/state/sftpgo.conf.d/admin.json:/etc/sftpgo/admin.json:Z \
+    --env SFTPGO_LOADDATA_FROM=/etc/sftpgo/admin.json \
+    --env SFTPGO_HTTPD__WEB_ROOT=${TRAEFIK_PATH}\
+	--env-file=%S/state/passwords.env \
+    --user 0:0 \
+    ${SFTPGO_IMAGE}
+ExecStartPost=/usr/bin/bash -c "while [[ $(curl --request GET --url http://localhost:${SFTPGO_TCP_PORT}/healthz --header 'Accept: text/plain; charset=utf-8') != ok ]]; do sleep 3 ; done"
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/sftpgo.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/sftpgo.ctr-id
+PIDFile=%t/sftpgo.pid
+Type=forking
+
+[Install]
+WantedBy=default.target