chore: publish 2.1.0+6.5.0-34 release

fix saml logout url
Update .drone.yml
2025-05-27 16:25:24 +02:00 · 2025-01-21 16:10:01 +01:00 · 2025-01-08 10:09:13 -08:00 · 2024-12-03 18:34:35 +01:00 · 2024-10-22 21:33:15 +02:00 · 2024-10-22 17:28:22 +02:00
11 changed files with 469 additions and 114 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,38 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: zammad
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+      networks:
+        - proxy
+    environment:
+      DOMAIN: zammad.swarm-test.autonomic.zone
+      STACK_NAME: zammad
+      LETS_ENCRYPT_ENV: production
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - toolshed/auto-recipes-catalogue-json
+
+trigger:
+  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -1,13 +1,38 @@
 TYPE=zammad

 DOMAIN=zammad.example.com
+TIMEOUT=600
+ENABLE_BACKUPS=true

 ## Domain aliases
 #EXTRA_DOMAINS=', `www.zammad.example.com`'

 LETS_ENCRYPT_ENV=production
+COMPOSE_FILE="compose.yml"

 SECRET_DB_PASSWORD_VERSION=v1
+SECRET_SMTP_PASSWORD_VERSION=v1
+SECRET_ADMIN_PASSWORD_VERSION=v1

-RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app']
+#RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app']
+## Initialization ##
+PRODUCT_NAME="Support"
+ORGANIZATION="Test Org"
+# TIMEZONE="Europe/Berlin"
+LOCALE="de-de"

+ADMIN_EMAIL=admin@example.com
+SMTP_HOST=mail.example.com
+SMTP_LOGIN=user@example.com
+SMTP_PORT=465
+
+## SAML SSO ##
+#SSO_PROVIDER_DOMAIN=authentik.example.com
+#IDP_SSO_TARGET_URL=https://authentik.example.com/application/saml/zammad/sso/binding/init/
+#IDP_SLO_SERVICE_URL=https://zammad.example.com/auth/saml/slo
+
+
+## Zammad internal backups
+# COMPOSE_FILE="$COMPOSE_FILE:compose.backup.yml"
+# BACKUP_TIME=03:00"
+# HOLD_DAYS=10
--- a/README.md
+++ b/README.md
@ -1,17 +1,17 @@
 # zammad

-> One line description of the recipe
+Zammad is a free helpdesk or issue tracking system. 

 <!-- metadata -->

 * **Category**: Apps
 * **Status**: 0
 * **Image**: [`zammad`](https://hub.docker.com/r/zammad), 4, upstream
-* **Healthcheck**: No
+* **Healthcheck**: Yes
 * **Backups**: No
-* **Email**: No
+* **Email**: Yes
 * **Tests**: No
-* **SSO**: No
+* **SSO**: Yes

 <!-- endmetadata -->

@ -21,6 +21,28 @@ if using elasticsearch, set on your host: `vm.max_map_count=262144`  in `/etc/sy

 * `abra app new zammad --secrets`
 * `abra app config <app-name>`
+* `abra app secret insert <app-name> smtp_password v1 <password>`
+* `abra app secret generate -a <app-name>`
 * `abra app deploy <app-name>`

+Either use the web wizard for the initial setup or run: `abra app cmd <app-name> zammad-railsserver init`
+
+## Authentik SSO
+
+* `abra app config <app-name>`
+```
+SSO_PROVIDER_DOMAIN=authentik.example.com
+IDP_SSO_TARGET_URL=https://authentik.example.com/application/saml/zammad/sso/binding/init/
+IDP_SLO_SERVICE_URL=https://authentik.example.com/application/saml/zammad/slo/binding/redirect/
+```
+Run:
+`abra app cmd --local <app_name> enable_authentik_sso`
+
+## Useful Commands
+
+Show changed settings: `abra app cmd <app_name> zammad-railsserver get_setting_changes`
+
+Open rails console: `abra app cmd <app_name> zammad-railsserver console`
+
+
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
--- a/abra.sh
+++ b/abra.sh
@ -1 +1,53 @@
-export ENTRYPOINT_VERSION=v1
+export ENTRYPOINT_VERSION=v2
+export AUTO_WIZARD_VERSION=v2
+export PG_BACKUP_VERSION=v2
+
+get_setting_changes() {
+    /custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
+}
+
+console() {
+    /custom-entrypoint.sh "rails c"
+}
+
+
+rails_run() {
+    COMMAND="rails r \"$@\""
+    /custom-entrypoint.sh "$COMMAND"
+}
+
+init() {
+    cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
+    /custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
+}
+
+enable_authentik_sso() {
+    ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
+    CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
+    COMMAND="
+    (u = User.find_by(login: 'admin')) && (u.login='$ADMIN_UID') && u.save!;
+    Setting.set('auth_saml', true);
+    Setting.set('auth_third_party_auto_link_at_inital_login', true);
+    Setting.set('auth_saml_credentials', {
+        'display_name'=>'$ORGANIZATION',
+        'idp_sso_target_url'=>'$IDP_SSO_TARGET_URL',
+        'idp_slo_service_url'=>'$IDP_SLO_SERVICE_URL',
+        'idp_cert'=>'$CERT',
+        'idp_cert_fingerprint'=>'',
+        'name_identifier_format'=>'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'})
+    "
+    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+}
+
+set_logo() {
+    LOGO_PATH="$1"
+    abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
+    filename="$(basename "$LOGO_PATH")"
+    COMMAND="
+    logo_path = '/tmp/$filename';
+    logo_content = File.open(logo_path, 'rb') { |file| file.read };
+    logo_timestamp = Service::SystemAssets::ProductLogo.store(logo_content);
+    Setting.set('product_logo', logo_timestamp);
+    "
+    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+}
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -0,0 +1,8 @@
+authentik:
+    uncomment:
+        - SSO_PROVIDER_DOMAIN
+        - IDP_SSO_TARGET_URL
+        - IDP_SLO_SERVICE_URL
+    initial-hooks:
+        - local enable_authentik_sso
+
--- a/auto_wizard.json.tmpl
+++ b/auto_wizard.json.tmpl
@ -0,0 +1,65 @@
+{
+    "Users": [
+        {
+            "login": "admin",
+            "firstname": "Admin",
+            "lastname": "Agent",
+            "password": "{{ secret "admin_password" }}",
+            "email": "{{ env "ADMIN_EMAIL" }}"
+        }
+    ],
+    "Channels": [
+        {
+            "id": 1,
+            "area": "Email::Notification",
+            "options": {
+                "outbound": {
+                    "adapter": "smtp",
+                    "options": {
+                        "host": "{{ env "SMTP_HOST" }}",
+                        "user": "{{ env "SMTP_LOGIN" }}",
+                        "password": "{{ secret "smtp_password" }}",
+                        "port": "{{ env "SMTP_PORT" }}",
+                        "ssl": true,
+                        "domain": "{{ env "DOMAIN" }}",
+                        "enable_starttls_auto": true,
+                        "openssl_verify_mode": "none"
+                    }
+                }
+            },
+            "active": true,
+            "preferences": {
+                "online_service_disable": true
+            }
+        }
+    ],
+    "Settings": [
+        {
+            "name": "fqdn",
+            "value": "{{ env "DOMAIN" }}"
+        },
+        {
+            "name": "product_name",
+            "value": "{{ env "PRODUCT_NAME" }}"
+        },
+        {
+            "name": "organization",
+            "value": "{{ env "ORGANIZATION" }}"
+        },
+        {
+            "name": "timezone_default",
+            "value": "{{ env "TZ" }}"
+        },
+        {
+            "name": "locale_default",
+            "value": "{{ env "LOCALE" }}"
+        },
+        {
+            "name": "http_type",
+            "value": "https"
+        }
+    ],
+    "TextModuleLocale": {
+        "Locale": "{{ env "LOCALE" }}"
+    }
+}
--- a/compose.backup.yml
+++ b/compose.backup.yml
@ -0,0 +1,36 @@
+version: "3.8"
+services:
+  zammad-backup:
+    image: ghcr.io/zammad/zammad:6.5.0-34
+    command: ["zammad-backup"]
+    volumes:
+      - zammad-backup:/var/tmp/zammad
+      - zammad-storage:/opt/zammad/storage:ro
+    user: 0:0
+    deploy:
+      labels:
+        backupbot.backup.volumes.zammad-backup: "false"
+      restart_policy:
+        condition: on-failure
+    environment:
+      POSTGRESQL_DB: zammad_production
+      POSTGRESQL_HOST: zammad-postgresql
+      POSTGRESQL_USER: zammad
+      POSTGRESQL_PASS_FILE: /run/secrets/db_password
+      POSTGRESQL_PORT: 5432
+      # Backup settings
+      BACKUP_DIR: "/var/tmp/zammad"
+      BACKUP_TIME: "${BACKUP_TIME:-03:00}"
+      #BACKUP_SLEEP: 86400
+      HOLD_DAYS: 10
+      DOMAIN:
+    entrypoint: /custom-entrypoint.sh
+    configs:
+        - source: entrypoint
+          target: /custom-entrypoint.sh
+          mode: 0555
+    secrets:
+      - db_password
+
+volumes:
+  zammad-backup:
--- a/compose.yml
+++ b/compose.yml
@ -1,158 +1,224 @@
 ---
 version: "3.8"

-services:
-  zammad-backup:
-    image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19
-    command: ["zammad-backup"]
+x-shared:
+  zammad-service: &zammad-service
+    environment: &zammad-environment
+      MEMCACHE_SERVERS: zammad-memcached:11211
+      POSTGRESQL_DB: zammad_production
+      POSTGRESQL_HOST: zammad-postgresql
+      POSTGRESQL_USER: zammad
+      POSTGRESQL_PASS_FILE: /run/secrets/db_password
+      POSTGRESQL_PORT: 5432
+      POSTGRESQL_OPTIONS: ?pool=50
+      POSTGRESQL_DB_CREATE:
+      REDIS_URL: redis://zammad-redis:6379
+      TZ: "${TZ:-Europe/Berlin}"
+      # Allow passing in these variables via .env:
+      AUTOWIZARD_JSON:
+      AUTOWIZARD_RELATIVE_PATH:
+      ELASTICSEARCH_ENABLED:
+      ELASTICSEARCH_HOST:
+      ELASTICSEARCH_PORT:
+      ELASTICSEARCH_SCHEMA:
+      ELASTICSEARCH_NAMESPACE:
+      ELASTICSEARCH_REINDEX:
+      ELASTICSEARCH_SSL_VERIFY:
+      NGINX_PORT:
+      NGINX_SERVER_NAME:
+      NGINX_SERVER_SCHEME: https
+      RAILS_TRUSTED_PROXIES:
+      ZAMMAD_WEB_CONCURRENCY:
+      ZAMMAD_SESSION_JOBS:
+      ZAMMAD_PROCESS_SCHEDULED:
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
+      PRODUCT_NAME:
+      ORGANIZATION:
+      LOCALE:
+      ADMIN_EMAIL:
+      SMTP_HOST:
+      SMTP_LOGIN:
+      SMTP_PORT:
+      DOMAIN:
+      SSO_PROVIDER_DOMAIN:
+      IDP_SSO_TARGET_URL:
+      IDP_SLO_SERVICE_URL:
+    image: ghcr.io/zammad/zammad:6.5.0-34
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - zammad-storage:/opt/zammad/storage
    depends_on:
-      - zammad-railsserver
+      - zammad-memcached
      - zammad-postgresql
+      - zammad-redis
    entrypoint: /custom-entrypoint.sh
    configs:
-        - source: entrypoint
-          target: /custom-entrypoint.sh
-          mode: 0555
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+      - source: auto_wizard
+        target: /opt/zammad/contrib/auto_wizard.json
    secrets:
      - db_password
-    environment:
-      - BACKUP_SLEEP=86400
-      - HOLD_DAYS=10
-      - POSTGRESQL_USER=zammad
-      - POSTGRESQL_PASS_FILE=/run/secrets/db_password
-    volumes:
-      - zammad-backup:/var/tmp/zammad
-      - zammad-data:/opt/zammad
-    deploy:
-      labels:
-        - "backupbot.backup=true"
-        - "backupbot.backup.path=/var/tmp/zammad"
+      - smtp_password
+      - admin_password

+services:
  zammad-elasticsearch:
-    image: zammad/zammad-docker-compose:zammad-elasticsearch-5.2.3-19
-    environment:
-      - discovery.type=single-node
-    volumes:
-      - elasticsearch-data:/usr/share/elasticsearch/data
+    image: bitnami/elasticsearch:8.18.0
    deploy:
+      restart_policy:
+        condition: on-failure
      resources:
        limits:
          memory: 4G
        reservations:
          memory: 2G
+    volumes:
+      - elasticsearch-data:/bitnami/elasticsearch/data
+    environment:
+      - discovery.type=single-node
+    healthcheck:
+      test: "/opt/bitnami/scripts/elasticsearch/healthcheck.sh"
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m

  zammad-init:
-    image: zammad/zammad-docker-compose:zammad-5.2.3-19
+    <<: *zammad-service
    command: ["zammad-init"]
    depends_on:
      - zammad-postgresql
-    entrypoint: /custom-entrypoint.sh
-    configs:
-        - source: entrypoint
-          target: /custom-entrypoint.sh
-          mode: 0555
-    secrets:
-      - db_password
-    environment:
-      - MEMCACHE_SERVERS=zammad-memcached:11211
-      - POSTGRESQL_USER=zammad
-      - POSTGRESQL_PASS_FILE=/run/secrets/db_password
-      - REDIS_URL=redis://zammad-redis:6379
-    volumes:
-      - zammad-data:/opt/zammad
-    deploy:
-      restart_policy:
-        condition: on-failure
+    user: 0:0

  zammad-memcached:
    command: memcached -m 256M
-    image: memcached:1.6.17-alpine
-
-  app:
-    image: zammad/zammad-docker-compose:zammad-5.2.3-19
-    command: ["zammad-nginx"]
-    depends_on:
-      - zammad-railsserver
-    volumes:
-      - zammad-data:/opt/zammad
-    networks:
-      - proxy
-      - default
-    environment:
-      - NGINX_SERVER_SCHEME=https
-      - RAILS_TRUSTED_PROXIES
+    image: memcached:1.6.38-alpine
+    healthcheck:
+      test: 'echo "version" | nc -vn -w 1 127.0.0.1 11211'
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m
    deploy:
      restart_policy:
        condition: on-failure
+
+  app:
+    <<: *zammad-service
+    command: ["zammad-nginx"]
+    #expose:
+    #  - 8080
+    #ports:
+    #  - "8080:8080"
+    depends_on:
+      - zammad-railsserver
+    networks:
+      - proxy
+      - default
+    deploy:
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.0+zammad-5.2.3-19"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=2.1.0+6.5.0-34"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m

  zammad-postgresql:
-    image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19
+    image: postgres:15.7-alpine
    environment:
-      - POSTGRES_USER=zammad
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
-    secrets:
-      - db_password
+      POSTGRES_DB: zammad_production
+      POSTGRES_USER: zammad
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.postgresql-data.path: "backup.sql"
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
+        backupbot.backup.volumes.elasticsearch-data: "false"
+        backupbot.backup.volumes.redis-data: "false"
    volumes:
      - postgresql-data:/var/lib/postgresql/data
+    configs:
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
+    secrets:
+      - db_password
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "zammad"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 2m

  zammad-railsserver:
-    image: zammad/zammad-docker-compose:zammad-5.2.3-19
+    <<: *zammad-service
    command: ["zammad-railsserver"]
-    depends_on:
-      - zammad-memcached
-      - zammad-postgresql
-      - zammad-redis
-    environment:
-      - MEMCACHE_SERVERS=zammad-memcached:11211
-      - REDIS_URL=redis://zammad-redis:6379
-    volumes:
-      - zammad-data:/opt/zammad
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m

  zammad-redis:
-    image: redis:6.2.7-alpine
+    image: redis:7.4.3-alpine
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m

  zammad-scheduler:
-    image: zammad/zammad-docker-compose:zammad-5.2.3-19
+    <<: *zammad-service
    command: ["zammad-scheduler"]
-    depends_on:
-      - zammad-memcached
-      - zammad-railsserver
-      - zammad-redis
-    environment:
-      - MEMCACHE_SERVERS=zammad-memcached:11211
-      - REDIS_URL=redis://zammad-redis:6379
-    volumes:
-      - zammad-data:/opt/zammad
+    healthcheck:
+      test: 'grep -a "background-worker.rb" -r /proc/[0-9]*/cmdline'
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m

  zammad-websocket:
-    image: zammad/zammad-docker-compose:zammad-5.2.3-19
+    <<: *zammad-service
    command: ["zammad-websocket"]
-    depends_on:
-      - zammad-memcached
-      - zammad-railsserver
-      - zammad-redis
-    environment:
-      - MEMCACHE_SERVERS=zammad-memcached:11211
-      - REDIS_URL=redis://zammad-redis:6379
-    volumes:
-      - zammad-data:/opt/zammad
+    healthcheck:
+      test: 'ruby -rsocket -e "s = TCPSocket.new(''localhost'', 6042); s.close"'
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m

 volumes:
  elasticsearch-data:
  postgresql-data:
-  zammad-backup:
-  zammad-data:
+  redis-data:
+  zammad-storage:

 networks:
  default:
@ -163,8 +229,21 @@ configs:
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh
+  auto_wizard:
+    name: ${STACK_NAME}_auto_wizard_${AUTO_WIZARD_VERSION}
+    file: auto_wizard.json.tmpl
+    template_driver: golang
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh

 secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  smtp_password:
+    external: true
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+  admin_password:
+    external: true
+    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -26,10 +26,5 @@ file_env() {

 file_env "POSTGRESQL_PASS"

-if [ "$1" == "zammad-backup" ];
-then
-    bash -c "/usr/local/bin/backup.sh $@"
-else
-    # https://github.com/zammad/zammad-docker-compose/blob/master/containers/zammad/docker-entrypoint.sh
-    bash -c "/docker-entrypoint.sh $@"
-fi
+# https://github.com/zammad/zammad/blob/develop/contrib/docker/docker-entrypoint.sh
+bash -c "/docker-entrypoint.sh $@"
--- a/pg_backup.sh
+++ b/pg_backup.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat /run/secrets/db_password)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@
--- a/release/1.0.0+6.3.1-95
+++ b/release/1.0.0+6.3.1-95
@ -0,0 +1 @@
+New Major Version, breaking change! Backup and restore your database.
Author	SHA1	Message	Date
Moritz	b6b52b6e9c	chore: publish 2.1.0+6.5.0-34 release All checks were successful continuous-integration/drone/tag Build is passing Details	2025-05-27 16:25:24 +02:00
Moritz	d7dbf76a53	fix saml logout url	2025-01-21 16:10:01 +01:00
Cassowary	f80f630304	Update .drone.yml	2025-01-08 10:09:13 -08:00
Moritz	73e9f7bfcc	chore: publish 2.0.0+6.4.0-34 release All checks were successful continuous-integration/drone/tag Build is passing Details	2024-12-03 18:34:35 +01:00
Moritz	3a940d845f	update pg_backup.sh	2024-10-22 21:33:15 +02:00
Moritz	d7b3c1e18e	add ENABLE_BACKUPS label	2024-10-22 17:28:22 +02:00
Moritz	3af308645e	chore: publish 1.0.5+6.3.1-95 release All checks were successful continuous-integration/drone/tag Build is passing Details	2024-10-15 19:06:10 +02:00
Moritz	cb85124b06	Add postgres backup script pg_backup	2024-10-15 17:25:01 +02:00
Moritz	d68c9ad18c	chore: publish 1.0.4+6.3.1-95 release	2024-09-19 23:34:07 +02:00
Moritz	38682b8503	add backupbot label	2024-09-19 23:23:06 +02:00
Moritz	ce314169cb	move zammad internal backups to compose overwrite	2024-09-19 23:18:28 +02:00
Moritz	34be0c287e	fix elasticsearch resources limits	2024-09-19 23:12:12 +02:00
Moritz	aab7e022d0	chore: publish 1.0.3+6.3.1-95 release	2024-09-17 12:49:44 +02:00
Moritz	a7e409b337	fix set_logo and enable_authentik_sso	2024-09-17 12:46:33 +02:00
Moritz	ffe4fa1c54	fix init: remove LOGO_URL	2024-09-03 19:12:30 +02:00
Moritz	71d770afb0	chore: publish 1.0.2+6.3.1-95 release	2024-09-03 16:37:27 +02:00
Moritz	3db2ea49a2	add set_logo command	2024-09-03 16:37:24 +02:00
Moritz	4d77a2e48a	Update README	2024-08-23 16:41:17 +02:00
Moritz	2abf963cd5	chore: publish 1.0.1+6.3.1-95 release	2024-08-22 01:15:15 +02:00
Moritz	dcd703d6a3	add alaconnect	2024-08-22 01:15:15 +02:00
Moritz	4ce7571905	abra.sh: enable_authentik_sso() command	2024-08-21 23:00:40 +02:00
Moritz	1000b563eb	automatic initialization	2024-08-21 22:29:42 +02:00
Moritz	6ae8b9543d	Add healthchecks	2024-08-20 17:38:06 +02:00
Moritz	63c6b6de53	Fix backup container	2024-08-20 17:37:58 +02:00
Moritz	e69c5155b4	chore: publish 1.0.0+6.3.1-95 release	2024-08-15 16:07:44 +02:00
3wc	3c161f0270	Switch to self-hosted stack-ssh-deploy image [mass update]	2023-01-21 11:49:56 -08:00
3wc	adbc1f08e9	Add CI and catalogue generation [mass update]	2023-01-20 10:37:25 -08:00
Philipp Rothmann	6a93603994	add xframe options	2022-11-15 13:29:16 +01:00
				`@ -0,0 +1 @@`
				`New Major Version, breaking change! Backup and restore your database.`