From 925e6995791e34197875c643641029774df49008 Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Mon, 24 Nov 2025 18:49:30 +0100 Subject: [PATCH 1/2] chore: update notes and sentry apps --- slim.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slim.Dockerfile b/slim.Dockerfile index 5ca5cd1..c535af1 100644 --- a/slim.Dockerfile +++ b/slim.Dockerfile @@ -14,9 +14,9 @@ ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/gen ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20251117/snappymail-v2.38.2+murena-20251117.tar.gz" ARG OIDC_LOGIN_URL="https://gitlab.e.foundation/api/v4/projects/1496/packages/generic/oidc_login/v3.2.2+murena-20251028/oidc_login-v3.2.2+murena-20251028.tar.gz" -ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.12.3/notes-v4.12.3.tar.gz" +ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.12.4/notes-v4.12.4.tar.gz" ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.17.1/tasks.tar.gz" -ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.16.5/sentry-v8.16.5.tar.gz" +ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.16.6/sentry-v8.16.6.tar.gz" ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz" ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v31.0.3/eCloud-v31.0.3.tar.gz" -- GitLab From 68a80f29ff7350d925b4779bdd6ed3705316105c Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Thu, 6 Nov 2025 16:39:53 +0100 Subject: [PATCH 2/2] feat: switch from syslog-ng to alloy --- .env.example | 2 + config/alloy/config.alloy | 73 ++++++++++++++++++++++ config/nextcloud/murena.config.php | 9 ++- config/syslog-ng/syslog-ng.conf | 17 ++++- custom_entrypoint-slim.sh | 7 ++- docker-compose.local.yml | 5 +- docker-compose.yml | 3 +- hooks.d/post-installation/murena-config.sh | 1 + 8 files changed, 110 insertions(+), 7 deletions(-) create mode 100644 config/alloy/config.alloy diff --git a/.env.example b/.env.example index aa681b5..6f292b0 100644 --- a/.env.example +++ b/.env.example @@ -30,6 +30,8 @@ NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim: NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=@dm1n NEXTCLOUD_TRUSTED_DOMAINS=nginx +NEXTCLOUD_LOGLEVEL=2 +NEXTCLOUD_SYSLOG_TAG=nextcloud TRUSTED_PROXIES= OVERWRITEPROTOCOL= SENTRY_DSN= diff --git a/config/alloy/config.alloy b/config/alloy/config.alloy new file mode 100644 index 0000000..b1a9300 --- /dev/null +++ b/config/alloy/config.alloy @@ -0,0 +1,73 @@ +loki.source.syslog "local" { + listener { + address = "0.0.0.0:514" + use_incoming_timestamp = true + syslog_format = "rfc5424" + idle_timeout = "24h" + labels = { component = "loki.source.syslog", protocol = "tcp" } + } + relabel_rules = loki.relabel.syslog_tag.rules + forward_to = [loki.process.nextcloud.receiver] +} + +loki.relabel "syslog_tag" { + forward_to = [] + + rule { + action = "replace" + source_labels = ["__syslog_message_app_name"] + target_label = "nextcloud_tag" + } +} + +loki.process "nextcloud" { + forward_to = [loki.echo.syslog.receiver] + + stage.json { + expressions = { + nc_req_id = "reqId", + nc_level = "level", + nc_time = "time", + nc_remote = "remoteAddr", + nc_user = "user", + nc_app = "app", + nc_method = "method", + nc_url = "url", + nc_user_agent = "userAgent", + nc_version = "version", + nc_data_app = "data.app", + nc_message = "message", + } + } + + stage.timestamp { + source = "nc_time" + format = "RFC3339Nano" + } + + stage.labels { + values = { + nextcloud_req_id = "nc_req_id", + nextcloud_app = "nc_app", + nextcloud_user = "nc_user", + nextcloud_level = "nc_level", + } + } + + stage.structured_metadata { + values = { + remoteAddr = "nc_remote", + method = "nc_method", + url = "nc_url", + userAgent = "nc_user_agent", + version = "nc_version", + dataApp = "nc_data_app", + } + } + + stage.output { + source = "nc_message" + } +} + +loki.echo "syslog" {} diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php index d7d9c60..61cc478 100644 --- a/config/nextcloud/murena.config.php +++ b/config/nextcloud/murena.config.php @@ -6,8 +6,13 @@ $CONFIG = array( 'theme' => 'eCloud', 'filelocking.enabled' => true, 'log_type' => 'syslog', - 'loglevel' => 2, - 'syslog_tag' => 'nextcloud', + 'loglevel' => getenv('NEXTCLOUD_LOGLEVEL') !== false ? (int) getenv('NEXTCLOUD_LOGLEVEL') : 2, + 'syslog_tag' => getenv('NEXTCLOUD_SYSLOG_TAG') ?: 'nextcloud', + 'log_type_audit' => 'syslog', + 'syslog_tag_audit' => (getenv('NEXTCLOUD_SYSLOG_TAG') ?: 'nextcloud'), + 'log.condition' => [ + 'apps' => ['admin_audit'], + ], 'cron_log' => true, 'preview_max_x' => 1024, 'preview_max_y' => 1024, diff --git a/config/syslog-ng/syslog-ng.conf b/config/syslog-ng/syslog-ng.conf index 8f4a742..01ee99b 100644 --- a/config/syslog-ng/syslog-ng.conf +++ b/config/syslog-ng/syslog-ng.conf @@ -5,11 +5,26 @@ source s_local { internal(); }; +filter f_nextcloud { + program("${NEXTCLOUD_SYSLOG_TAG}"); +}; + destination d_remote { - network("${SYSLOG_HOST}" port(514) transport(tcp)); + network( + "${SYSLOG_HOST}" + port(514) + transport("tcp") + flags(syslog-protocol) + so-keepalive(yes) # enable TCP keepalive probes + tcp-keepalive-time(60) # wait 60s before sending the first probe + tcp-keepalive-intvl(15) # resend probes every 15s if no reply + tcp-keepalive-probes(3) # give up after 3 unanswered probes + time-reopen(5) # reconnect quickly when peer closes + ); }; log { source(s_local); + filter(f_nextcloud); destination(d_remote); }; diff --git a/custom_entrypoint-slim.sh b/custom_entrypoint-slim.sh index 7260094..fabed8f 100755 --- a/custom_entrypoint-slim.sh +++ b/custom_entrypoint-slim.sh @@ -3,8 +3,11 @@ echo "Murena entrypoint" # syslog-ng -if [ -n ${SYSLOG_HOST} ]; then - sed -i "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" /etc/syslog-ng/syslog-ng.conf +if [ -n "${SYSLOG_HOST}" ]; then + sed -i \ + -e "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" \ + -e "s|\${NEXTCLOUD_SYSLOG_TAG}|${NEXTCLOUD_SYSLOG_TAG:-nextcloud}|g" \ + /etc/syslog-ng/syslog-ng.conf syslog-ng --no-caps echo "syslog-ng started." fi diff --git a/docker-compose.local.yml b/docker-compose.local.yml index a0baee9..9a2a1fc 100644 --- a/docker-compose.local.yml +++ b/docker-compose.local.yml @@ -32,8 +32,11 @@ services: - worker-network syslog: - image: jumanjiman/rsyslog + image: grafana/alloy:v1.11.3 restart: unless-stopped + volumes: + - ./config/alloy/config.alloy:/etc/alloy/config.alloy + command: run --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy networks: - worker-network diff --git a/docker-compose.yml b/docker-compose.yml index e1754bd..915d625 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,8 @@ services: - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - NEXTCLOUD_LOGLEVEL=${NEXTCLOUD_LOGLEVEL} + - NEXTCLOUD_SYSLOG_TAG=${NEXTCLOUD_SYSLOG_TAG} - TRUSTED_PROXIES=${TRUSTED_PROXIES} - OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL} - SMTP_SECURE=${SMTP_SECURE} @@ -22,7 +24,6 @@ services: - SYSLOG_HOST=${SYSLOG_HOST} - SENTRY_DSN=${SENTRY_DSN} - SENTRY_PUBLIC_DSN=${SENTRY_PUBLIC_DSN} - # Object Storage (S3) configuration - OBJECTSTORE_S3_BUCKET=${OBJECTSTORE_S3_BUCKET} - OBJECTSTORE_S3_REGION=${OBJECTSTORE_S3_REGION} - OBJECTSTORE_S3_HOST=${OBJECTSTORE_S3_HOST} diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh index 1509f4d..9a28063 100755 --- a/hooks.d/post-installation/murena-config.sh +++ b/hooks.d/post-installation/murena-config.sh @@ -14,6 +14,7 @@ occ app:enable murena-dashboard occ app:enable murena_launcher occ app:enable snappymail occ app:enable oidc_login +occ app:enable admin_audit occ app:enable notes occ app:enable tasks -- GitLab