Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP NO MERGE rsmb initial deploy #3

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

WIP NO MERGE rsmb initial deploy #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0b350b5
init commit
robert-bryson Nov 21, 2024
ab863da
fixup github action
robert-bryson Nov 21, 2024
7b5f850
shhh linter shhh
robert-bryson Nov 21, 2024
cb43a3d
doesnt seem like its finding CoreConfig.js in ./start
robert-bryson Nov 21, 2024
973af3b
sushing other part of ldap
robert-bryson Nov 21, 2024
3388697
who are you HostedDomain?
robert-bryson Nov 21, 2024
cf2d543
linters are fighting
robert-bryson Nov 26, 2024
b2db9a5
linters fighting back
robert-bryson Dec 6, 2024
910a16f
added auth LDAP, tmate for debug
robert-bryson Dec 12, 2024
0abab5b
fix bad Dockerfile to fix aws-acm-root.jks missing, moving tmate to i…
robert-bryson Dec 12, 2024
afe50b9
validates, removing tmate
robert-bryson Dec 12, 2024
cc0f6aa
add pipefail
robert-bryson Dec 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
---
name: Test

on:
config:
push:

jobs:
test:
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
if: ${{ github.event.pull_request.draft == false }}
timeout-minutes: 60

steps:
- uses: actions/checkout@v4
with:
Expand All @@ -20,4 +25,3 @@ on:

- name: Lint
run: npm run lint

1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# TAK Specific Files
*CoreConfig.xml
*UserAuthentication.xml
tak-data/

# Logs
Expand Down
162 changes: 93 additions & 69 deletions CoreConfig.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,17 @@
]) {
if (!process.env[env]) {
console.error(`${env} Environment Variable not set`);
process.exit(1);

Check warning on line 19 in CoreConfig.js

View workflow job for this annotation

GitHub Actions / test 

Don't use process.exit(); throw an error instead
}
}

const LDAP_DN = process.env.LDAP_Domain.split('.').map((part) => {
return `dc=${part}`;
}).join(',');
console.log('HostedDomain:', process.env.HostedDomain);

const LDAP_DN = process.env.LDAP_Domain.split('.')
.map((part) => {
return `dc=${part}`;
})
.join(',');

const Certificate = {
O: process.env.ORGANIZATION || 'COTAK',
Expand Down Expand Up @@ -51,25 +55,28 @@
coreVersion: '2'
}
},
connector: [{
_attributes: {
port: '8443',
_name: 'https',
keystore: 'JKS',
keystoreFile: `/opt/tak/certs/${process.env.HostedDomain}/letsencrypt.jks`,
keystorePass: 'atakatak'
}
}, {
_attributes: {
port: '8446',
clientAuth: 'false',
_name: 'cert_https',
keystore: 'JKS',
keystoreFile: `/opt/tak/certs/${process.env.HostedDomain}/letsencrypt.jks`,
keystorePass: 'atakatak',
enableNonAdminUI: 'false'
connector: [
{
_attributes: {
port: '8443',
_name: 'https',
keystore: 'JKS',
keystoreFile: `/opt/tak/certs/${process.env.HostedDomain}/letsencrypt.jks`,
keystorePass: 'atakatak'
}
},
{
_attributes: {
port: '8446',
clientAuth: 'false',
_name: 'cert_https',
keystore: 'JKS',
keystoreFile: `/opt/tak/certs/${process.env.HostedDomain}/letsencrypt.jks`,
keystorePass: 'atakatak',
enableNonAdminUI: 'false'
}
}
}],
],
announce: {
_attributes: {}
}
Expand Down Expand Up @@ -100,17 +107,17 @@
ldapsTruststorePass: 'INTENTIONALLY_NOT_SENSITIVE',
enableConnectionPool: 'false'
}
},
File: {
_attributes: {
location: 'UserAuthenticationFile.xml'
}
},
oauth: {
_attributes: {
oauthUseGroupCache: 'true'
}
}
// File: {
// _attributes: {
// location: 'UserAuthenticationFile.xml'
// }
// },
// oauth: {
// _attributes: {
// oauthUseGroupCache: 'true'
// }
// }
},
submission: {
_attributes: {
Expand Down Expand Up @@ -144,31 +151,38 @@
periodMillis: '3000',
staleDelayMillis: '15000'
},
repeatableType: [{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='911 Alert']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: '911'
}
},{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='Ring The Bell']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'RingTheBell'
}
},{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='Geo-fence Breached']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'GeoFenceBreach'
}
},{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='Troops In Contact']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'TroopsInContact'
repeatableType: [
{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='911 Alert']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: '911'
}
},
{
_attributes: {
'initiate-test': "/event/detail/emergency[@type='Ring The Bell']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'RingTheBell'
}
},
{
_attributes: {
'initiate-test':
"/event/detail/emergency[@type='Geo-fence Breached']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'GeoFenceBreach'
}
},
{
_attributes: {
'initiate-test':
"/event/detail/emergency[@type='Troops In Contact']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'TroopsInContact'
}
}
}]
]
},
filter: {
_attributes: {}
Expand Down Expand Up @@ -198,17 +212,20 @@
},
certificateConfig: {
nameEntries: {
nameEntry: [{
_attributes: {
name: 'O',
value: Certificate.O
nameEntry: [
{
_attributes: {
name: 'O',
value: Certificate.O
}
},
{
_attributes: {
name: 'OU',
value: Certificate.OU
}
}
},{
_attributes: {
name: 'OU',
value: Certificate.OU
}
}]
]
}
},
TAKServerCAConfig: {
Expand Down Expand Up @@ -260,20 +277,27 @@

if (config.Configuration.network.connector) {
if (!config.Configuration.network.connector) {
config.Configuration.network.connector = [config.Configuration.network.connector];
config.Configuration.network.connector = [
config.Configuration.network.connector
];
}

for (const connector of config.Configuration.network.connector) {
validateKeystore(connector._attributes.keystoreFile, connector._attributes.keystorePass);
validateKeystore(
connector._attributes.keystoreFile,
connector._attributes.keystorePass
);
}
} else {
console.warn('No Network Connectors Found');
}

if (config.Configuration.certificateSigning.TAKServerCAConfig) {
validateKeystore(
config.Configuration.certificateSigning.TAKServerCAConfig._attributes.keystoreFile,
config.Configuration.certificateSigning.TAKServerCAConfig._attributes.keystorePass
config.Configuration.certificateSigning.TAKServerCAConfig._attributes
.keystoreFile,
config.Configuration.certificateSigning.TAKServerCAConfig._attributes
.keystorePass
);
}

Expand Down
45 changes: 28 additions & 17 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,43 +1,54 @@
FROM eclipse-temurin:17-jammy
RUN apt update \
&& apt-get install -y emacs-nox net-tools netcat vim certbot curl libxml2-utils unzip
&& apt-get install -y emacs-nox net-tools netcat vim certbot curl libxml2-utils unzip

ENV HOME=/home/server
WORKDIR $HOME

COPY ./ $HOME/

# 80/443 currently unused
EXPOSE 80
EXPOSE 443
# streaming CoT enpoint
EXPOSE 8089

# webtak api & public CA api
EXPOSE 8443
# maybe for federation tak servers, not used currently
EXPOSE 8444
# probably WebTak on OAuth
EXPOSE 8446


ENV NVM_DIR=/usr/local/nvm
ENV NODE_VERSION=22
ENV TAK_VERSION=takserver-docker-5.2-RELEASE-43
ENV PASSWORD=INTENTIONALLY_NOT_SENSITIVE

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN curl -o- https://www.amazontrust.com/repository/AmazonRootCA1.pem > /tmp/AmazonRootCA1.pem \
&& openssl pkcs12 -export -nokeys -in /tmp/AmazonRootCA1.pem -out /tmp/intermediate.p12 -password pass:INTENTIONALLY_NOT_SENSITIVE \
&& keytool -importkeystore -srckeystore /tmp/intermediate.p12 -srcstoretype PKCS12 -destkeystore ./aws-acm-root.jks -deststoretype JKS \
&& rm /tmp/*.pem \
&& rm /tmp/*.p12
&& openssl pkcs12 -export -nokeys -in /tmp/AmazonRootCA1.pem -out /tmp/intermediate.p12 -password pass:${PASSWORD} \
&& keytool -importkeystore -srckeystore /tmp/intermediate.p12 -srcstoretype PKCS12 -destkeystore ./aws-acm-root.jks -deststoretype JKS \
-srcstorepass $PASSWORD -deststorepass $PASSWORD -noprompt \
&& rm /tmp/*.pem \
&& rm /tmp/*.p12

RUN wget "http://tak-server-releases.s3-website.us-gov-east-1.amazonaws.com/${TAK_VERSION}.zip" \
&& unzip "./${TAK_VERSION}.zip" \
&& rm "./${TAK_VERSION}.zip" \
&& rm -rf "./${TAK_VERSION}/docker" \
&& mv ./${TAK_VERSION}/tak/* ./ \
&& rm -rf "./${TAK_VERSION}"
&& unzip "./${TAK_VERSION}.zip" \
&& rm "./${TAK_VERSION}.zip" \
&& rm -rf "./${TAK_VERSION}/docker" \
&& mv ./${TAK_VERSION}/tak/* ./ \
&& rm -rf "./${TAK_VERSION}"

RUN mkdir -p $NVM_DIR \
&& curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash \
&& . $NVM_DIR/nvm.sh \
&& nvm install $NODE_VERSION \
&& nvm alias default $NODE_VERSION \
&& nvm use default \
&& npm install \
&& npm install --global http-server
&& curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash \
&& . $NVM_DIR/nvm.sh \
&& nvm install $NODE_VERSION \
&& nvm alias default $NODE_VERSION \
&& nvm use default \
&& npm install \
&& npm install --global http-server

ENTRYPOINT ["/bin/bash", "-c", "./start"]
1 change: 0 additions & 1 deletion package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading