From 0f9a7cf38fe9bbe90976f7f72350acc93dd14fb2 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Wed, 29 May 2024 09:01:35 +0100 Subject: [PATCH] Config s3 bucket for nextcloud container + changes along the way (#6245) --- .../helpers/delius_microservice/ecs.tf | 1 + .../helpers/delius_microservice/locals.tf | 3 +- .../helpers/delius_microservice/outputs.tf | 21 ++ .../helpers/delius_microservice/variables.tf | 14 +- .../modules/components/nextcloud/alb.tf | 10 + .../components/nextcloud/ecs_service.tf | 36 +- .../modules/components/nextcloud/efs.tf | 2 +- .../modules/components/nextcloud/ip.tf | 3 + .../modules/components/nextcloud/locals.tf | 17 + .../modules/components/nextcloud/s3.tf | 110 ++++++ .../templates/nextcloud-conf.json.tftpl | 324 ++++++++++++++++++ .../modules/environment/nextcloud.tf | 1 + 12 files changed, 530 insertions(+), 12 deletions(-) create mode 100644 terraform/environments/delius-nextcloud/modules/components/nextcloud/ip.tf create mode 100644 terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf create mode 100644 terraform/environments/delius-nextcloud/modules/components/nextcloud/templates/nextcloud-conf.json.tftpl diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf index f86baead182..3559bf0241b 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf @@ -27,6 +27,7 @@ module "ecs_policies" { env_name = var.env_name service_name = var.name tags = var.tags + extra_task_role_policies = var.extra_task_role_policies } module "ecs_service" { diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf index 8ea4bafc629..de7c6bd5bc4 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf @@ -44,7 +44,8 @@ locals { } : {} rds_secrets = var.rds_password_secret_variable != "" ? { - (var.rds_password_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:password:AWSCURRENT" + (var.rds_password_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:password::" + (var.rds_user_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:username::" } : {} elasticache_env_vars = var.elasticache_endpoint_environment_variable != "" ? { diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf index 91d1e84909c..b98507fdeda 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf @@ -9,3 +9,24 @@ output "service_security_group_id" { output "rds_password_secret_arn" { value = var.create_rds ? "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:password:AWSCURRENT" : null } + +output "task_role_arn" { + value = "arn:aws:iam::${var.account_info.id}:role/${module.ecs_policies.task_role.name}" +} + +output "elasticache_endpoint" { + value = var.create_elasticache ? aws_elasticache_cluster.this[0].cache_nodes[0].address : null +} + +output "elasticache_port" { + value = var.create_elasticache ? aws_elasticache_cluster.this[0].port : null +} + + +output "rds_endpoint" { + value = var.create_rds ? aws_db_instance.this[0].address : null +} + +output "rds_port" { + value = var.create_rds ? aws_db_instance.this[0].port : null +} diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/variables.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/variables.tf index 9b6615b4d00..3cbfe5bc572 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/variables.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/variables.tf @@ -51,7 +51,13 @@ variable "rds_endpoint_environment_variable" { } variable "rds_password_secret_variable" { - description = "Secret variable to store the rds secretsmanager arn" + description = "Secret variable to store the rds secretsmanager arn password" + type = string + default = "" +} + +variable "rds_user_secret_variable" { + description = "Secret variable to store the rds secretsmanager arn username" type = string default = "" } @@ -520,3 +526,9 @@ variable "frontend_lb_arn_suffix" { description = "Used by alarms" type = string } + +variable "extra_task_role_policies" { + description = "A map of data \"aws_iam_policy_document\" objects, keyed by name, to attach to the task role" + type = map(any) + default = {} +} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/alb.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/alb.tf index 4c151fac0be..36263cb8453 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/alb.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/alb.tf @@ -19,3 +19,13 @@ resource "aws_alb_listener" "nextcloud_https" { target_group_arn = module.nextcloud_service.target_group_arn } } + +resource "aws_vpc_security_group_ingress_rule" "ancillary_alb_ingress_https_global_protect_allowlist" { + for_each = toset(local.all_ingress_ips) + security_group_id = aws_security_group.nextcloud_alb_sg.id + description = "Access into alb over https" + from_port = "443" + to_port = "443" + ip_protocol = "tcp" + cidr_ipv4 = each.key # Global Protect VPN +} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf index 28186e18a21..a61a5fb61b8 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf @@ -10,7 +10,7 @@ module "nextcloud_service" { target_group_protocol_version = "HTTP1" - container_image = "nextcloud:latest" + container_image = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-nextcloud:latest" container_port_config = [ { containerPort = "80" @@ -59,21 +59,25 @@ module "nextcloud_service" { alb_listener_rule_paths = ["/"] microservice_lb_https_listener_arn = aws_alb_listener.nextcloud_https.arn microservice_lb = aws_alb.nextcloud - name = "nextcloud-poc" + name = "nextcloud" + + extra_task_role_policies = { + "S3_BUCKET_CONFIG" = data.aws_iam_policy_document.s3_bucket_config + } create_rds = true rds_engine = "mariadb" - rds_engine_version = "10.6" + rds_engine_version = "10.5" rds_instance_class = "db.t3.small" rds_allocated_storage = 500 rds_username = "misnextcloud" rds_port = 3306 - rds_parameter_group_name = "default.mariadb10.6" + rds_parameter_group_name = "default.mariadb10.5" rds_license_model = "general-public-license" - snapshot_identifier = "rds-090524-shared-key" + snapshot_identifier = "nextcloud-dev-db-final-532c" - rds_allow_major_version_upgrade = false - rds_apply_immediately = false + rds_allow_major_version_upgrade = true + rds_apply_immediately = true create_elasticache = true elasticache_engine = "redis" @@ -86,16 +90,17 @@ module "nextcloud_service" { db_ingress_security_groups = [aws_security_group.cluster.id] rds_endpoint_environment_variable = "MYSQL_HOST" + rds_password_secret_variable = "MYSQL_PASSWORD" + rds_user_secret_variable = "MYSQL_USER" elasticache_endpoint_environment_variable = "REDIS_HOST" container_vars_default = { MYSQL_DATABASE = "nextcloud" - MYSQL_USER = "dbadmin" - MYSQL_PASSWORD = "password" REDIS_PORT = "6379" REDIS_PASSWORD = "password" NEXTCLOUD_ADMIN_USER = "admin" NEXTCLOUD_TRUSTED_DOMAINS = aws_route53_record.nextcloud_external.fqdn + S3_BUCKET_CONFIG = module.s3_bucket_config.bucket.id } container_vars_env_specific = {} @@ -117,6 +122,8 @@ module "nextcloud_service" { aws.core-network-services = aws.core-network-services } + ignore_changes_service_task_definition = false + } resource "aws_secretsmanager_secret" "nextcloud_admin_password" { @@ -132,3 +139,14 @@ resource "random_password" "nextcloud_admin_password" { length = 32 special = true } + + +data "aws_iam_policy_document" "s3_bucket_config" { + statement { + actions = [ + "s3:ListBucket", + "s3:GetObject" + ] + resources = [module.s3_bucket_config.bucket.arn] + } +} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/efs.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/efs.tf index b6613f75db0..b459d95f81c 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/efs.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/efs.tf @@ -1,5 +1,5 @@ module "nextcloud_efs" { - for_each = toset(["html", "custom_apps", "config", "data", "themes"]) + for_each = toset(["html", "custom_apps", "data", "themes"]) source = "../../../../delius-core/modules/helpers/efs" diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ip.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ip.tf new file mode 100644 index 00000000000..36d840a61ee --- /dev/null +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ip.tf @@ -0,0 +1,3 @@ +module "ip_addresses" { + source = "../../../../../modules/ip_addresses" +} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/locals.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/locals.tf index 24ff18bcdc2..3af71974e51 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/locals.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/locals.tf @@ -13,4 +13,21 @@ locals { domain_type_main = [for k, v in local.domain_types : v.type if k == "modernisation-platform.service.justice.gov.uk"] domain_type_sub = [for k, v in local.domain_types : v.type if k != "modernisation-platform.service.justice.gov.uk"] + globalprotect_ips = module.ip_addresses.moj_cidr.moj_aws_digital_macos_globalprotect_alpha + unilink_ips = [ + "194.75.210.216/29", # Unilink AOVPN + "83.98.63.176/29", # Unilink AOVPN + "78.33.10.50/31", # Unilink AOVPN + "78.33.10.52/30", # Unilink AOVPN + "78.33.10.56/30", # Unilink AOVPN + "78.33.10.60/32", # Unilink AOVPN + "78.33.32.99/32", # Unilink AOVPN + "78.33.32.100/30", # Unilink AOVPN + "78.33.32.104/30", # Unilink AOVPN + "78.33.32.108/32", # Unilink AOVPN + "217.138.45.109/32", # Unilink AOVPN + "217.138.45.110/32", # Unilink AOVPN + ] + all_ingress_ips = concat(local.globalprotect_ips, local.unilink_ips) + } diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf new file mode 100644 index 00000000000..e02acbd4a51 --- /dev/null +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf @@ -0,0 +1,110 @@ +module "s3_bucket_config" { + source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0" + + providers = { + aws.bucket-replication = aws + } + + bucket_prefix = "${var.env_name}-config" + versioning_enabled = true + sse_algorithm = "AES256" + # Useful guide - https://aws.amazon.com/blogs/storage/how-to-use-aws-datasync-to-migrate-data-between-amazon-s3-buckets/ + bucket_policy_v2 = [{ + effect = "Allow" + actions = [ + "s3:ListBucket", + "s3:GetObject" + ] + principals = { + type = "AWS" + identifiers = [ + module.nextcloud_service.task_role_arn, + ] + } + }] + + ownership_controls = "BucketOwnerEnforced" # Disable all S3 bucket ACL + + lifecycle_rule = [ + { + id = "main" + enabled = "Enabled" + prefix = "" + + tags = { + rule = "log" + autoclean = "true" + } + + noncurrent_version_transition = [ + { + days = 90 + storage_class = "STANDARD_IA" + }, { + days = 365 + storage_class = "GLACIER" + } + ] + + noncurrent_version_expiration = { + days = 730 + } + } + ] + + tags = var.tags +} + + +resource "random_password" "nextcloud_password_salt" { + length = 16 +} + +resource "aws_ssm_parameter" "nextcloud_secret" { + name = "/${var.env_name}/nextcloud/secret" + type = "SecureString" + value = "replace_me" + lifecycle { + ignore_changes = [ + value + ] + } +} + +data "aws_ssm_parameter" "nextcloud_secret" { + name = aws_ssm_parameter.nextcloud_secret.name +} + +resource "aws_s3_object" "config" { + bucket = module.s3_bucket_config.bucket.id + key = "config.json" + content = templatefile("${path.module}/templates/nextcloud-conf.json.tftpl", + { + nextcloud_passwordsalt = random_password.nextcloud_password_salt.result, + nextcloud_secret = data.aws_ssm_parameter.nextcloud_secret.value, + nextcloud_id = "nextcloud", + redis = { + host = module.nextcloud_service.elasticache_endpoint + port = module.nextcloud_service.elasticache_port + }, + mail = { + server = "replace" + from_address = "replace" + domain = "replace" + } + nextcloud_s01ldap_agent_password = "replace" + fileshare_user_base = "replace" + standard_user_base = "replace" + fs_group_prefix = "replace" + ldap_host = "ldap.dev.delius-core.hmpps-development.modernisation-platform.internal" + pwm_url = "pwm.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk" + + fileshare_base_groups = "replace" + fileshare_user_base = "replace" + standard_user_base = "replace" + + ldap_user = "cn=admin,ou=Users,dc=moj,dc=com" + nextcloud_s01ldap_agent_password = "replace" + } + ) +} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/templates/nextcloud-conf.json.tftpl b/terraform/environments/delius-nextcloud/modules/components/nextcloud/templates/nextcloud-conf.json.tftpl new file mode 100644 index 00000000000..3a8929dd551 --- /dev/null +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/templates/nextcloud-conf.json.tftpl @@ -0,0 +1,324 @@ +{ + "system": { + "passwordsalt": "${nextcloud_passwordsalt}", + "secret": "${nextcloud_secret}", + "forwarded_for_headers": [ + "HTTP_X_FORWARDED_FOR" + ], + "installed": true, + "instanceid": "${nextcloud_id}", + "lost_password_link": "https:\/\/${pwm_url}\/public\/forgottenpassword", + "session_lifetime": "43200", + "session_keepalive": false, + "ldapIgnoreNamingRules": false, + "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", + "forcessl": true, + "loglevel": 1, + "trashbin_retention_obligation": "30, 32", + "overwriteprotocol": "https", + "memcache.distributed": "\\OC\\Memcache\\Redis", + "memcache.locking": "\\OC\\Memcache\\Redis", + "filelocking.enabled": "true", + "redis": { + "host": "${redis["host"]}", + "port": "{redis["port"]}", + "timeout": "1.5" + }, + "csrf.disabled": "false", + "filesystem_check_changes": "1", + "mail_smtpmode": "smtp", + "mail_smtphost": "${mail["server"]}", + "mail_sendmailmode": "smtp", + "mail_smtpport": "25", + "mail_from_address": "${mail["from_address"]}", + "mail_domain": "${mail["domain"]}", + "auth.webauthn.enabled": false, + "maintenance": false + }, + "apps": { + "accessibility": { + "enabled": "yes", + "installed_version": "1.6.0", + "types": "" + }, + "activity": { + "enabled": "yes", + "installed_version": "2.13.1", + "types": "filesystem" + }, + "cloud_federation_api": { + "enabled": "yes", + "installed_version": "1.3.0", + "types": "filesystem" + }, + "comments": { + "enabled": "yes", + "installed_version": "1.10.0", + "types": "logging" + }, + "contactsinteraction": { + "enabled": "yes", + "installed_version": "1.1.0", + "types": "dav" + }, + "core": { + "enterpriseLogoChecked": "yes", + "installedat": "1570694511.5532", + "lastcron": "1603042772", + "lastupdatedat": "0", + "oc.integritycheck.checker": "[]", + "public_files": "files_sharing\/public.php", + "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php", + "scss.variables": "c56f3e52ca21a32ed9fd299f482ae5be", + "shareapi_allow_public_upload": "no", + "shareapi_default_permission_cancreate": "yes", + "shareapi_default_permissions": "31", + "vendor": "nextcloud" + }, + "dashboard": { + "enabled": "no", + "installed_version": "7.0.0", + "types": "" + }, + "dav": { + "buildCalendarReminderIndex": "yes", + "buildCalendarSearchIndex": "yes", + "enabled": "yes", + "installed_version": "1.16.0", + "regeneratedBirthdayCalendarsForYearFix": "yes", + "types": "filesystem" + }, + "federatedfilesharing": { + "enabled": "yes", + "installed_version": "1.10.1", + "types": "" + }, + "federation": { + "enabled": "yes", + "installed_version": "1.10.1", + "types": "authentication" + }, + "files": { + "cronjob_scan_files": "500", + "default_quota": "5 GB", + "enabled": "yes", + "installed_version": "1.15.0", + "types": "filesystem" + }, + "files_pdfviewer": { + "enabled": "yes", + "installed_version": "2.0.1", + "types": "" + }, + "files_rightclick": { + "enabled": "yes", + "installed_version": "0.17.0", + "types": "" + }, + "files_sharing": { + "enabled": "yes", + "installed_version": "1.12.0", + "types": "filesystem" + }, + "files_texteditor": { + "enabled": "yes", + "installed_version": "2.8.0", + "types": "" + }, + "files_trashbin": { + "enabled": "yes", + "installed_version": "1.10.1", + "types": "filesystem,dav" + }, + "files_versions": { + "enabled": "yes", + "installed_version": "1.13.0", + "types": "filesystem,dav" + }, + "files_videoplayer": { + "enabled": "yes", + "installed_version": "1.9.0", + "types": "" + }, + "firstrunwizard": { + "enabled": "yes", + "installed_version": "2.9.0", + "types": "logging" + }, + "gallery": { + "enabled": "yes", + "installed_version": "18.4.0", + "types": "" + }, + "logreader": { + "enabled": "yes", + "installed_version": "2.5.0", + "types": "" + }, + "lookup_server_connector": { + "enabled": "yes", + "installed_version": "1.8.0", + "types": "authentication" + }, + "nextcloud_announcements": { + "enabled": "yes", + "installed_version": "1.9.0", + "pub_date": "Thu, 24 Oct 2019 00:00:00 +0200", + "types": "logging" + }, + "notifications": { + "enabled": "yes", + "installed_version": "2.8.0", + "types": "logging" + }, + "oauth2": { + "enabled": "yes", + "installed_version": "1.8.0", + "types": "authentication" + }, + "password_policy": { + "enabled": "yes", + "installed_version": "1.10.1", + "types": "authentication" + }, + "photos": { + "enabled": "yes", + "installed_version": "1.2.0", + "types": "" + }, + "privacy": { + "enabled": "yes", + "fullDiskEncryptionEnabled": "1", + "installed_version": "1.4.0", + "readableLocation": "gb", + "types": "" + }, + "provisioning_api": { + "enabled": "yes", + "installed_version": "1.10.0", + "types": "prevent_group_restriction" + }, + "recommendations": { + "enabled": "yes", + "installed_version": "0.8.0", + "types": "" + }, + "serverinfo": { + "enabled": "yes", + "installed_version": "1.10.0", + "types": "" + }, + "settings": { + "enabled": "yes", + "installed_version": "1.2.0", + "types": "" + }, + "sharebymail": { + "enabled": "yes", + "enforcePasswordProtection": "yes", + "installed_version": "1.10.0", + "types": "filesystem" + }, + "support": { + "SwitchUpdaterServerHasRun": "yes", + "enabled": "yes", + "installed_version": "1.3.0", + "types": "session" + }, + "survey_client": { + "enabled": "yes", + "installed_version": "1.8.0", + "types": "" + }, + "systemtags": { + "enabled": "yes", + "installed_version": "1.10.0", + "types": "logging" + }, + "text": { + "enabled": "yes", + "installed_version": "3.1.0", + "types": "dav" + }, + "theming": { + "backgroundMime": "backgroundColor", + "cachebuster": "2", + "enabled": "yes", + "installed_version": "1.11.0", + "types": "logging" + }, + "twofactor_backupcodes": { + "enabled": "yes", + "installed_version": "1.9.0", + "types": "" + }, + "twofactor_totp": { + "enabled": "yes", + "installed_version": "5.0.0", + "types": "" + }, + "updatenotification": { + "core": "18.0.10.2", + "enabled": "yes", + "files_rightclick": "0.15.1", + "files_texteditor": "2.11.0", + "installed_version": "1.10.0", + "types": "", + "update_check_errors": "0" + }, + "user_ldap": { + "cleanUpJobOffset": "0", + "enabled": "yes", + "installed_version": "1.10.2", + "s01_lastChange": "1589607346", + "s01has_memberof_filter_support": "1", + "s01ldap_agent_password": "${nextcloud_s01ldap_agent_password}", + "s01ldap_base": "${fileshare_user_base}\n${standard_user_base}", + "s01ldap_base_groups": "${fileshare_base_groups}", + "s01ldap_base_users": "${standard_user_base}", + "s01ldap_cache_ttl": "600", + "s01ldap_configuration_active": "1", + "s01ldap_display_name": "cn", + "s01ldap_dn": "${ldap_user}", + "s01ldap_email_attr": "mail", + "s01ldap_experienced_admin": "0", + "s01ldap_group_filter": "(|(cn=${fs_group_prefix}-WMT-RW)(cn=${fs_group_prefix}-CFO-R)(cn=${fs_group_prefix}-BENCH-DEBS-R)(cn=${fs_group_prefix}-BENCH-DEBS-RW)(cn=${fs_group_prefix}-BGSW-DEBS-RW)(cn=${fs_group_prefix}-CGM-DEBS-RW)(cn=${fs_group_prefix}-CL-DEBS-R)(cn=${fs_group_prefix}-CL-DEBS-RW)(cn=${fs_group_prefix}-DDC-DEBS-R)(cn=${fs_group_prefix}-DDC-DEBS-RW)(cn=${fs_group_prefix}-DLNR-DEBS-R)(cn=${fs_group_prefix}-DLNR-DEBS-RW)(cn=${fs_group_prefix}-DTV-DEBS-R)(cn=${fs_group_prefix}-DTV-DEBS-RW)(cn=${fs_group_prefix}-EPP-NPS-R)(cn=${fs_group_prefix}-EPP-NPS-RW)(cn=${fs_group_prefix}-Essex-DEBS-R)(cn=${fs_group_prefix}-Essex-DEBS-RW)(cn=${fs_group_prefix}-HLNY-DEBS-R)(cn=${fs_group_prefix}-HLNY-DEBS-RW)(cn=${fs_group_prefix}-Hampshire-DEBS-RW)(cn=${fs_group_prefix}-KSS-DEBS-RW)(cn=${fs_group_prefix}-LONDON-DEBS-R)(cn=${fs_group_prefix}-LONDON-DEBS-RW)(cn=${fs_group_prefix}-London-NPS-R)(cn=${fs_group_prefix}-London-NPS-RW)(cn=${fs_group_prefix}-MISC-DEBS-R)(cn=${fs_group_prefix}-MISC-DEBS-RW)(cn=${fs_group_prefix}-Merseyside-DEBS-RW)(cn=${fs_group_prefix}-NS-DEBS-R)(cn=${fs_group_prefix}-NS-DEBS-RW)(cn=${fs_group_prefix}-Northumbria-DEBS-RW)(cn=${fs_group_prefix}-PPAS-NPS-R)(cn=${fs_group_prefix}-PPAS-NPS-RW)(cn=${fs_group_prefix}-SWM-DEBS-R)(cn=${fs_group_prefix}-SWM-DEBS-RW)(cn=${fs_group_prefix}-South-Yorkshire-DEBS-R)(cn=${fs_group_prefix}-South-Yorkshire-DEBS-RW)(cn=${fs_group_prefix}-Thames-DEBS-R)(cn=${fs_group_prefix}-Thames-DEBS-RW)(cn=${fs_group_prefix}-WWM-DEBS-RW)(cn=${fs_group_prefix}-Wales-DEBS-RW)(cn=${fs_group_prefix}-Wales-NPS-R)(cn=${fs_group_prefix}-Wales-NPS-RW)(cn=${fs_group_prefix}-West-Yorkshire-DEBS-R)(cn=${fs_group_prefix}-West-Yorkshire-DEBS-RW)(cn=${fs_group_prefix}-MIS-R)(cn=${fs_group_prefix}-N50-GreaterManchester-NPS-R)(cn=${fs_group_prefix}-N50-GreaterManchester-NPS-RW)(cn=${fs_group_prefix}-N51-NorthWest-NPS-R)(cn=${fs_group_prefix}-N51-NorthWest-NPS-RW)(cn=${fs_group_prefix}-N52-WestMidlands-NPS-R)(cn=${fs_group_prefix}-N52-WestMidlands-NPS-RW)(cn=${fs_group_prefix}-N53-EastMidlands-NPS-R)(cn=${fs_group_prefix}-N53-EastMidlands-NPS-RW)(cn=${fs_group_prefix}-N54-NorthEast-NPS-R)(cn=${fs_group_prefix}-N54-NorthEast-NPS-RW)(cn=${fs_group_prefix}-N55-YorkshireandHumberside-NPS-R)(cn=${fs_group_prefix}-N55-YorkshireandHumberside-NPS-RW)(cn=${fs_group_prefix}-N56-EastofEngland-NPS-R)(cn=${fs_group_prefix}-N56-EastofEngland-NPS-RW)(cn=${fs_group_prefix}-N57-KentSurreyandSussex-NPS-R)(cn=${fs_group_prefix}-N57-KentSurreyandSussex-NPS-RW)(cn=${fs_group_prefix}-N58-SouthWest-NPS-R)(cn=${fs_group_prefix}-N58-SouthWest-NPS-RW)(cn=${fs_group_prefix}-N59-SouthCentral-NPS-R)(cn=${fs_group_prefix}-N59-SouthCentral-NPS-RW)(cn=${fs_group_prefix}-N03-Wales-NPS-R)(cn=${fs_group_prefix}-N03-Wales-NPS-RW)(cn=${fs_group_prefix}-N07-London-NPS-R)(cn=${fs_group_prefix}-N07-London-NPS-RW)(cn=${fs_group_prefix}-IDC-NPS-R)(cn=${fs_group_prefix}-IDC-NPS-RW)(cn=${fs_group_prefix}-NSD-NPS-R)(cn=${fs_group_prefix}-NSD-NPS-RW)(cn=${fs_group_prefix}-NDST-UPW-Reports-R)(cn=${fs_group_prefix}-NDST-UPW-Reports-RW)(cn=${fs_group_prefix}-NDST-UPW-Reports-Seetec-R)(cn=${fs_group_prefix}-NDST-UPW-Reports-Seetec-RW))", + "s01ldap_group_filter_mode": "1", + "s01ldap_group_member_assoc_attribute": "member", + "s01ldap_groupfilter_groups": "${fs_group_prefix}-BENCH-DEBS-R\n${fs_group_prefix}-BENCH-DEBS-RW\n${fs_group_prefix}-BGSW-DEBS-RW\n${fs_group_prefix}-CFO-R\n${fs_group_prefix}-CGM-DEBS-RW\n${fs_group_prefix}-CL-DEBS-R\n${fs_group_prefix}-CL-DEBS-RW\n${fs_group_prefix}-DDC-DEBS-R\n${fs_group_prefix}-DDC-DEBS-RW\n${fs_group_prefix}-DLNR-DEBS-R\n${fs_group_prefix}-DLNR-DEBS-RW\n${fs_group_prefix}-DTV-DEBS-R\n${fs_group_prefix}-DTV-DEBS-RW\n${fs_group_prefix}-Essex-DEBS-R\n${fs_group_prefix}-Essex-DEBS-RW\n${fs_group_prefix}-HLNY-DEBS-R\n${fs_group_prefix}-HLNY-DEBS-RW\n${fs_group_prefix}-Hampshire-DEBS-RW\n${fs_group_prefix}-KSS-DEBS-RW\n${fs_group_prefix}-LONDON-DEBS-R\n${fs_group_prefix}-LONDON-DEBS-RW\n${fs_group_prefix}-Merseyside-DEBS-RW\n${fs_group_prefix}-NS-DEBS-R\n${fs_group_prefix}-NS-DEBS-RW\n${fs_group_prefix}-Northumbria-DEBS-RW\n${fs_group_prefix}-SWM-DEBS-R\n${fs_group_prefix}-SWM-DEBS-RW\n${fs_group_prefix}-South-Yorkshire-DEBS-R\n${fs_group_prefix}-South-Yorkshire-DEBS-RW\n${fs_group_prefix}-Thames-DEBS-R\n${fs_group_prefix}-Thames-DEBS-RW\n${fs_group_prefix}-WMT-RW\n${fs_group_prefix}-WWM-DEBS-RW\n${fs_group_prefix}-Wales-DEBS-RW\n${fs_group_prefix}-West-Yorkshire-DEBS-R\n${fs_group_prefix}-West-Yorkshire-DEBS-RW\n${fs_group_prefix}-N50-GreaterManchester-NPS-R\n${fs_group_prefix}-N50-GreaterManchester-NPS-RW\n${fs_group_prefix}-N51-NorthWest-NPS-R\n${fs_group_prefix}-N51-NorthWest-NPS-RW\n${fs_group_prefix}-N52-WestMidlands-NPS-R\n${fs_group_prefix}-N52-WestMidlands-NPS-RW\n${fs_group_prefix}-N53-EastMidlands-NPS-R\n${fs_group_prefix}-N53-EastMidlands-NPS-RW\n${fs_group_prefix}-N54-NorthEast-NPS-R\n${fs_group_prefix}-N54-NorthEast-NPS-RW\n${fs_group_prefix}-N55-YorkshireandHumberside-NPS-R\n${fs_group_prefix}-N55-YorkshireandHumberside-NPS-RW\n${fs_group_prefix}-N56-EastofEngland-NPS-R\n${fs_group_prefix}-N56-EastofEngland-NPS-RW\n${fs_group_prefix}-N57-KentSurreyandSussex-NPS-R\n${fs_group_prefix}-N57-KentSurreyandSussex-NPS-RW\n${fs_group_prefix}-N58-SouthWest-NPS-R\n${fs_group_prefix}-N58-SouthWest-NPS-RW\n${fs_group_prefix}-N59-SouthCentral-NPS-R\n${fs_group_prefix}-N59-SouthCentral-NPS-RW\n${fs_group_prefix}-N03-Wales-NPS-R\n${fs_group_prefix}-N03-Wales-NPS-RW\n${fs_group_prefix}-N07-London-NPS-R\n${fs_group_prefix}-N07-London-NPS-RW\n${fs_group_prefix}-IDC-NPS-R\n${fs_group_prefix}-IDC-NPS-RW\n${fs_group_prefix}-NSD-NPS-R\n${fs_group_prefix}-NSD-NPS-RW\n${fs_group_prefix}-NDST-UPW-Reports-R\n${fs_group_prefix}-NDST-UPW-Reports-RW\n${fs_group_prefix}-NDST-UPW-Reports-Seetec-R\n${fs_group_prefix}-NDST-UPW-Reports-Seetec-RW", + "s01ldap_groupfilter_objectclass": "", + "s01ldap_host": "${ldap_host}", + "s01ldap_login_filter": "(&(&(|(objectclass=inetOrgPerson)))(|(mailPrimaryAddress=%uid)(mail=%uid)))", + "s01ldap_login_filter_mode": "1", + "s01ldap_loginfilter_attributes": "", + "s01ldap_loginfilter_email": "1", + "s01ldap_loginfilter_username": "0", + "s01ldap_port": "389", + "s01ldap_user_filter_mode": "1", + "s01ldap_userfilter_groups": "", + "s01ldap_userfilter_objectclass": "inetOrgPerson", + "s01ldap_userlist_filter": "(&(|(objectclass=inetOrgPerson)))", + "types": "authentication" + }, + "user_status": { + "enabled": "yes", + "installed_version": "1.0.0", + "types": "" + }, + "viewer": { + "enabled": "yes", + "installed_version": "1.4.0", + "types": "" + }, + "weather_status": { + "enabled": "yes", + "installed_version": "1.0.0", + "types": "" + }, + "workflowengine": { + "enabled": "yes", + "installed_version": "2.2.0", + "types": "filesystem" + } + } +} diff --git a/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf b/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf index e3924c89255..1280d16a4c5 100644 --- a/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf +++ b/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf @@ -4,6 +4,7 @@ module "nextcloud" { providers = { aws.core-network-services = aws.core-network-services aws.core-vpc = aws.core-vpc + aws = aws } env_name = "dev"