diff --git a/.env.example b/.env.example index aa681b5e3fdb9fb1a3a412ff74902b7f873be6a9..6f292b00037191ecaca4035d2b25bc6dbc406ee0 100644 --- a/.env.example +++ b/.env.example @@ -30,6 +30,8 @@ NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim: NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=@dm1n NEXTCLOUD_TRUSTED_DOMAINS=nginx +NEXTCLOUD_LOGLEVEL=2 +NEXTCLOUD_SYSLOG_TAG=nextcloud TRUSTED_PROXIES= OVERWRITEPROTOCOL= SENTRY_DSN= diff --git a/config/alloy/config.alloy b/config/alloy/config.alloy new file mode 100644 index 0000000000000000000000000000000000000000..b1a93002d64244b2798fdb3c74cf8bb814e293e6 --- /dev/null +++ b/config/alloy/config.alloy @@ -0,0 +1,73 @@ +loki.source.syslog "local" { + listener { + address = "0.0.0.0:514" + use_incoming_timestamp = true + syslog_format = "rfc5424" + idle_timeout = "24h" + labels = { component = "loki.source.syslog", protocol = "tcp" } + } + relabel_rules = loki.relabel.syslog_tag.rules + forward_to = [loki.process.nextcloud.receiver] +} + +loki.relabel "syslog_tag" { + forward_to = [] + + rule { + action = "replace" + source_labels = ["__syslog_message_app_name"] + target_label = "nextcloud_tag" + } +} + +loki.process "nextcloud" { + forward_to = [loki.echo.syslog.receiver] + + stage.json { + expressions = { + nc_req_id = "reqId", + nc_level = "level", + nc_time = "time", + nc_remote = "remoteAddr", + nc_user = "user", + nc_app = "app", + nc_method = "method", + nc_url = "url", + nc_user_agent = "userAgent", + nc_version = "version", + nc_data_app = "data.app", + nc_message = "message", + } + } + + stage.timestamp { + source = "nc_time" + format = "RFC3339Nano" + } + + stage.labels { + values = { + nextcloud_req_id = "nc_req_id", + nextcloud_app = "nc_app", + nextcloud_user = "nc_user", + nextcloud_level = "nc_level", + } + } + + stage.structured_metadata { + values = { + remoteAddr = "nc_remote", + method = "nc_method", + url = "nc_url", + userAgent = "nc_user_agent", + version = "nc_version", + dataApp = "nc_data_app", + } + } + + stage.output { + source = "nc_message" + } +} + +loki.echo "syslog" {} diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php index d7d9c60d6a829dbe710bc2d4c25209acf312f767..61cc478dfa7a5c96b3b4b02f8d7e94cf326f11ea 100644 --- a/config/nextcloud/murena.config.php +++ b/config/nextcloud/murena.config.php @@ -6,8 +6,13 @@ $CONFIG = array( 'theme' => 'eCloud', 'filelocking.enabled' => true, 'log_type' => 'syslog', - 'loglevel' => 2, - 'syslog_tag' => 'nextcloud', + 'loglevel' => getenv('NEXTCLOUD_LOGLEVEL') !== false ? (int) getenv('NEXTCLOUD_LOGLEVEL') : 2, + 'syslog_tag' => getenv('NEXTCLOUD_SYSLOG_TAG') ?: 'nextcloud', + 'log_type_audit' => 'syslog', + 'syslog_tag_audit' => (getenv('NEXTCLOUD_SYSLOG_TAG') ?: 'nextcloud'), + 'log.condition' => [ + 'apps' => ['admin_audit'], + ], 'cron_log' => true, 'preview_max_x' => 1024, 'preview_max_y' => 1024, diff --git a/config/syslog-ng/syslog-ng.conf b/config/syslog-ng/syslog-ng.conf index 8f4a7429854e3a2ca78dc2851a84ee2ffcf87d9b..01ee99b9cd081315ac71c721b04d682623b69309 100644 --- a/config/syslog-ng/syslog-ng.conf +++ b/config/syslog-ng/syslog-ng.conf @@ -5,11 +5,26 @@ source s_local { internal(); }; +filter f_nextcloud { + program("${NEXTCLOUD_SYSLOG_TAG}"); +}; + destination d_remote { - network("${SYSLOG_HOST}" port(514) transport(tcp)); + network( + "${SYSLOG_HOST}" + port(514) + transport("tcp") + flags(syslog-protocol) + so-keepalive(yes) # enable TCP keepalive probes + tcp-keepalive-time(60) # wait 60s before sending the first probe + tcp-keepalive-intvl(15) # resend probes every 15s if no reply + tcp-keepalive-probes(3) # give up after 3 unanswered probes + time-reopen(5) # reconnect quickly when peer closes + ); }; log { source(s_local); + filter(f_nextcloud); destination(d_remote); }; diff --git a/custom_entrypoint-slim.sh b/custom_entrypoint-slim.sh index 726009409ec5d4e148ba4ce41f1d182749616c8a..fabed8f0c90bcdec991a3eb92297aff1ab12a250 100755 --- a/custom_entrypoint-slim.sh +++ b/custom_entrypoint-slim.sh @@ -3,8 +3,11 @@ echo "Murena entrypoint" # syslog-ng -if [ -n ${SYSLOG_HOST} ]; then - sed -i "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" /etc/syslog-ng/syslog-ng.conf +if [ -n "${SYSLOG_HOST}" ]; then + sed -i \ + -e "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" \ + -e "s|\${NEXTCLOUD_SYSLOG_TAG}|${NEXTCLOUD_SYSLOG_TAG:-nextcloud}|g" \ + /etc/syslog-ng/syslog-ng.conf syslog-ng --no-caps echo "syslog-ng started." fi diff --git a/docker-compose.local.yml b/docker-compose.local.yml index a0baee97c2fbb9f9b5f7a0292faaab3e7a5f5edb..9a2a1fcebf2d4b9e2a0e7c7ad07367ecf4588e76 100644 --- a/docker-compose.local.yml +++ b/docker-compose.local.yml @@ -32,8 +32,11 @@ services: - worker-network syslog: - image: jumanjiman/rsyslog + image: grafana/alloy:v1.11.3 restart: unless-stopped + volumes: + - ./config/alloy/config.alloy:/etc/alloy/config.alloy + command: run --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy networks: - worker-network diff --git a/docker-compose.yml b/docker-compose.yml index e1754bdf11a85b695d7940f4cf400188182f9b7d..915d625f88ddf85d0ace006a9c56b78cf8498f26 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,8 @@ services: - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - NEXTCLOUD_LOGLEVEL=${NEXTCLOUD_LOGLEVEL} + - NEXTCLOUD_SYSLOG_TAG=${NEXTCLOUD_SYSLOG_TAG} - TRUSTED_PROXIES=${TRUSTED_PROXIES} - OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL} - SMTP_SECURE=${SMTP_SECURE} @@ -22,7 +24,6 @@ services: - SYSLOG_HOST=${SYSLOG_HOST} - SENTRY_DSN=${SENTRY_DSN} - SENTRY_PUBLIC_DSN=${SENTRY_PUBLIC_DSN} - # Object Storage (S3) configuration - OBJECTSTORE_S3_BUCKET=${OBJECTSTORE_S3_BUCKET} - OBJECTSTORE_S3_REGION=${OBJECTSTORE_S3_REGION} - OBJECTSTORE_S3_HOST=${OBJECTSTORE_S3_HOST} diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh index 1509f4d28c3fd81d5ab858b350df47de778de67d..9a2806357c682a6325d0a3e0a345062f9c440dd7 100755 --- a/hooks.d/post-installation/murena-config.sh +++ b/hooks.d/post-installation/murena-config.sh @@ -14,6 +14,7 @@ occ app:enable murena-dashboard occ app:enable murena_launcher occ app:enable snappymail occ app:enable oidc_login +occ app:enable admin_audit occ app:enable notes occ app:enable tasks diff --git a/slim.Dockerfile b/slim.Dockerfile index 5ca5cd11ab91e7ba9851f9a11ad5a6570234da2a..c535af1ff02e5374700fde9f3828079b64171bda 100644 --- a/slim.Dockerfile +++ b/slim.Dockerfile @@ -14,9 +14,9 @@ ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/gen ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20251117/snappymail-v2.38.2+murena-20251117.tar.gz" ARG OIDC_LOGIN_URL="https://gitlab.e.foundation/api/v4/projects/1496/packages/generic/oidc_login/v3.2.2+murena-20251028/oidc_login-v3.2.2+murena-20251028.tar.gz" -ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.12.3/notes-v4.12.3.tar.gz" +ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.12.4/notes-v4.12.4.tar.gz" ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.17.1/tasks.tar.gz" -ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.16.5/sentry-v8.16.5.tar.gz" +ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.16.6/sentry-v8.16.6.tar.gz" ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz" ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v31.0.3/eCloud-v31.0.3.tar.gz"