Add secret file and fix smarthost and restore

Author: mrmarkuz

build-images.sh

@@ -39,6 +39,7 @@ buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@node:routeadm" \
     --label="org.nethserver.tcp-ports-demand=1" \
     --label="org.nethserver.rootfull=0" \
+	--label="org.nethserver.min-core=3.12.4-0" \
     --label="org.nethserver.images=docker.io/library/postgres:16.11 docker.io/n8nio/n8n:2.0.2 docker.io/n8nio/runners:2.0.2" \
     --label="org.nethserver.tcp-ports-demand=1" \
     "${container}"

imageroot/actions/configure-module/01Hostname_validation

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2025 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import os
+import sys
+import json
+import agent
+import urllib.request
+import urllib.error
+import ssl
+
+agent.set_weight(os.path.basename(__file__), 0) # Validation step, no task progress at all
+
+# retrieve json data
+data = json.load(sys.stdin)
+
+# Setup default values
+host = data["host"]
+# do not test if it is the same host
+oldHost = os.environ.get('TRAEFIK_HOST','')
+
+if host != oldHost and agent.http_route_in_use(domain=host):
+    agent.set_status('validation-failed')
+    json.dump([{'field':'host','parameter':'host','value':host,'error':'domain_already_used_in_traefik'}],fp=sys.stdout)
+    sys.exit(2)

imageroot/actions/configure-module/20configure

@@ -7,35 +7,30 @@
 import os
 import json
 import sys
-# agent is a NethServer library which provides function to communicate with the agent
 import agent
 
+# Try to parse the stdin as JSON.
+# If parsing fails, output everything to stderr
 data = json.load(sys.stdin)
 
 # Setup default values
-
-# n8n CSRF settings
-host = data.get("host", "")
-n8n_URL = "https://"+host
-
-# Db Config
-
-POSTGRES_DB = data.get("POSTGRES_DB","n8n")
-POSTGRES_USER = data.get("POSTGRES_USER","n8n")
-POSTGRES_PASSWORD = data.get("POSTGRES_PASSWORD","N@8ni0p$$")
-POSTGRES_NON_ROOT_USER = data.get("POSTGRES_NON_ROOT_USER","n8n")
-POSTGRES_NON_ROOT_PASSWORD = data.get("POSTGRES_NON_ROOT_PASSWORD","N@8ni0p$$")
-
-db_config = {
-    "POSTGRES_ROOT_HOST": "localhost",
-    "POSTGRES_DATABASE": POSTGRES_DB,
-    "POSTGRES_USER": POSTGRES_USER,
-    "POSTGRES_PASSWORD": POSTGRES_PASSWORD,
-    "POSTGRES_NON_ROOT_USER": POSTGRES_NON_ROOT_USER,
-    "POSTGRES_NON_ROOT_PASSWORD": POSTGRES_NON_ROOT_PASSWORD,
-    
+host = data["host"]
+h2hs = data.get("http2https", True)
+
+# Configure Traefik route for API
+set_route_data = {
+    'instance': os.environ['MODULE_ID'],
+    'url':  'http://127.0.0.1:' + os.environ["TCP_PORT"],
+    'host': host,
+    'http2https': h2hs,
+    'lets_encrypt_check': True,
+    'lets_encrypt_cleanup': True,
 }
-agent.write_envfile('database.env', db_config)
+if 'lets_encrypt' in data:
+    set_route_data['lets_encrypt'] = data['lets_encrypt']
+
+agent.set_route(set_route_data)
 
-# Set N8N_HOST
-agent.set_env("N8N_HOST", host)
+# Setup Traefik
+agent.set_env("TRAEFIK_HOST", host)
+agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)

imageroot/actions/configure-module/30traefik

@@ -1,48 +1 @@
-#!/usr/bin/env python3
-
-import os
-import sys
-import json
-import agent
-import agent.tasks
-                       
-# Try to parse the stdin as JSON.
-# If parsing fails, output everything to stderr
-data = json.load(sys.stdin)
-
-
-# Setup default values
-host = data.get("host", "")
-h2hs = data.get("http2https", True)
-le = data.get("lets_encrypt", True)
-
-# Talk with agent using file descriptor.
-# Setup configuration from user input.
-agent.set_env("TRAEFIK_HOST", host)
-agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)
-agent.set_env("TRAEFIK_LETS_ENCRYPT", le)
-
-# Make sure everything is saved inside the environment file
-# just before starting systemd unit
-agent.dump_env()
-
-# Find default traefik instance for current node
-default_traefik_id = agent.resolve_agent_id('traefik@node')
-if default_traefik_id is None:
-    sys.exit(2)
-
-# Configure traefik virtual host
-response = agent.tasks.run(
-    agent_id=default_traefik_id,
-    action='set-route',
-    data={
-        'instance': os.environ['MODULE_ID'],
-        'url': f'http://127.0.0.1:{os.environ["TCP_PORT"]}',
-        'host': host,
-        'lets_encrypt': le,
-        'http2https': h2hs,
-    },
-)
-
-# Check if traefik configuration has been successfull
-agent.assert_exp(response['exit_code'] == 0)
+# Placeholder, see bug NethServer/dev#7058

imageroot/actions/configure-module/validate-input.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema#",
     "title": "configure n8n settings",
     "$id": "http://nethserver.org/json-schema/task/input/n8n/configure-module",
-    "description": "Condifure n8n settings",
+    "description": "Configure n8n settings",
     "examples": [
         {
             "host": "n8n.domain.org",
@@ -18,17 +18,18 @@
         "host": {
             "type": "string",
             "description": "Host name for the application, like 'n8n.domain.org'",
-            "format": "idn-hostname"
+            "format": "hostname",
+            "pattern": "\\."
         },
-        "lets_encrypt": {
+	"lets_encrypt": {
             "type": "boolean",
             "title": "Let's Encrypt certificate",
             "description": "Request a valid Let's Encrypt certificate."
         },
-        "http2https": {
+	"http2https": {
             "type": "boolean",
             "title": "HTTP to HTTPS redirection",
             "description": "Redirect all the HTTP requests to HTTPS"
         }
-        }
-    }
+    }
+}

imageroot/actions/create-module/20configure

@@ -1,35 +1 @@
-#!/usr/bin/env python3
-
-#
-# Copyright (C) 2023 Nethesis S.r.l.
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-
-# Remove traefik route
-
-import os
-import sys
-import json
-import agent
-import agent.tasks
-
-# Try to parse the stdin as JSON.
-# If parsing fails, output everything to stderr
-data = json.load(sys.stdin)
-
-# Find default traefik instance for current node
-default_traefik_id = agent.resolve_agent_id('traefik@node')
-if default_traefik_id is None:
-    sys.exit(2)
-
-# Remove traefik route
-response = agent.tasks.run(
-    agent_id=default_traefik_id,
-    action='delete-route',
-    data={
-        'instance': os.environ['MODULE_ID']
-    },
-)
-
-# Check if traefik configuration has been successfull
-agent.assert_exp(response['exit_code'] == 0)
+# Placeholder, see bug NethServer/dev#7058

imageroot/actions/destroy-module/20destroy

@@ -15,9 +15,6 @@ config = {}
 # Read current configuration from Redis
 config["host"] = os.getenv("TRAEFIK_HOST","")
 config["http2https"] = os.getenv("TRAEFIK_HTTP2HTTPS") == "True"
-config["lets_encrypt"] = os.getenv("TRAEFIK_LETS_ENCRYPT") == "True"
+config["lets_encrypt"] = agent.get_route(os.environ['MODULE_ID']).get('lets_encrypt', False)
 
-if not config:
-    print("Error: JSON output is empty.")
-else:
-    json.dump(config, fp=sys.stdout, indent=2)
+json.dump(config, fp=sys.stdout)

imageroot/actions/get-configuration/20read

@@ -12,23 +12,25 @@
     ],
     "type": "object",
     "required": [
-        "host"
+        "host",
+        "http2https",
+        "lets_encrypt"
     ],
     "properties": {
         "host": {
             "type": "string",
             "description": "Host name for the application, like 'n8n.domain.org'",
             "format": "idn-hostname"
         },
-        "lets_encrypt": {
+	"lets_encrypt": {
             "type": "boolean",
             "title": "Let's Encrypt certificate",
             "description": "Request a valid Let's Encrypt certificate."
         },
-        "http2https": {
+	"http2https": {
             "type": "boolean",
             "title": "HTTP to HTTPS redirection",
             "description": "Redirect all the HTTP requests to HTTPS"
         }
-        }
     }
+}

imageroot/actions/get-configuration/validate-output.json

@@ -29,8 +29,7 @@ request = json.load(sys.stdin)
 original_environment = request['environment']
 
 for evar in [
-        "TRAEFIK_HOST",
+	"TRAEFIK_HOST",
         "TRAEFIK_HTTP2HTTPS",
-        "TRAEFIK_LETS_ENCRYPT",
     ]:
-    agent.set_env(evar, original_environment[evar])
+    agent.set_env(evar, original_environment[evar])