chore(devadmin): remove container

The devadmin functionalities have become obsolete because we have the REST
API now, and manual access to the database is easily possible via
docker-compose.

After applying this commit, some manual cleanup is advised:

  - In .env, clean up the devadmin-related section.

  - On dblord, delete the poweradmin database user.

  - In the pdns database on dblord, drop the following tables:
      - users
      - perm_items
      - perm_templ
      - perm_templ_items
      - zones
      - zone_templ
      - zone_templ_records
      - records_zone_templ
      - migrations

    These tables are not required by PowerDNS.

.env.default

@@ -37,7 +37,3 @@ DESECSTACK_DBMASTER_SUBJECT_ns2replication=ns2.desec.io
 DESECSTACK_NSMASTER_APIKEY=
 DESECSTACK_NSMASTER_CARBONSERVER=
 DESECSTACK_NSMASTER_CARBONOURNAME=
-
-# devadmin-related
-DESECSTACK_DEVADMIN_PASSWORD_poweradmin=
-DESECSTACK_DEVADMIN_SESSIONKEY_poweradmin=

.travis.yml

@@ -20,7 +20,6 @@ env:
    - DESECSTACK_DB_SUBJECT_ns1replication=9Fn33T5yGufacv
    - DESECSTACK_DB_PASSWORD_ns2replication=9Fn33T5yGulkjhetrlkjew
    - DESECSTACK_DB_SUBJECT_ns2replication=9Fn33T5yGukjnrtj
-   - DESECSTACK_DEVADMIN_PASSWORDmd5=.
    - DESECSTACK_NSLORD_APIKEY=9Fn33T5yGukjekwjew
    - DESECSTACK_NSMASTER_APIKEY=LLq1orOQuXCINUz4TV
    - DESECSTACK_IPV4_REAR_PREFIX16=172.19

README.md

@@ -8,7 +8,6 @@ This is a docker-compose application providing the basic stack for deSEC name se
 - `nsmaster`: Stealth authoritative DNS server (PowerDNS). Receives fully signed AXFR zone transfers from `nslord`. No access to keys.
 - `api`: RESTful API to create deSEC users and domains. Currently used for dynDNS purposes only.
 - `dbapi`, `dblord`, `dbmaster`: MariaDB database services for `api`, `nslord`, and `nsmaster`, respectively. The `dbmaster` database is exposed at 3306 for TLS-secured replication.
-- `devadmin`: Web server with phpmyadmin and poweradmin for dev purposes.
 
 
 Requirements
@@ -58,9 +57,6 @@ Although most configuration is contained in this repository, some external depen
       - `DESECSTACK_NSMASTER_APIKEY`: pdns API key on nsmaster (required so that we can execute zone deletions on nsmaster, which replicates to the slaves)
       - `DESECSTACK_NSMASTER_CARBONSERVER`: pdns `carbon-server` setting on nsmaster (optional)
       - `DESECSTACK_NSMASTER_CARBONOURNAME`: pdns `carbon-ourname` setting on nsmaster (optional)
-    - devadmin-related
-      - `DESECSTACK_DEVADMIN_PASSWORD_poweradmin`: poweradmin password (if you're planning to use the dev environment)
-      - `DESECSTACK_DEVADMIN_SESSIONKEY_poweradmin`: poweradmin session key
 
 Running the standard stack will also fire up an instance of the `www` proxy service (see `desec-www` repository), assuming that the `desec-static` project is located under the `static` directory/symlink.
 

dblord/initdb.d/00-init.sql.var

@@ -2,7 +2,3 @@
 CREATE DATABASE pdns;
 CREATE USER 'pdns'@'${DESECSTACK_IPV4_REAR_PREFIX16}.3.%' IDENTIFIED BY '${DESECSTACK_DBLORD_PASSWORD_pdns}';
 GRANT SELECT, INSERT, UPDATE, DELETE ON pdns.* TO 'pdns'@'${DESECSTACK_IPV4_REAR_PREFIX16}.3.%';
-
--- poweradmin database (for devadmin)
-CREATE USER 'poweradmin'@'${DESECSTACK_IPV4_REAR_PREFIX16}.3.%' IDENTIFIED BY '${DESECSTACK_DBLORD_PASSWORD_poweradmin}';
-GRANT SELECT, INSERT, UPDATE, DELETE ON pdns.* TO 'poweradmin'@'${DESECSTACK_IPV4_REAR_PREFIX16}.3.%';

dblord/initdb.d/20-poweradmin-mysql-db-structure.sql

@@ -1,2 +0,0 @@
--- This file is required to exist and will be overriden by 00-init.sh.
--- If it is created only by 00-init.sh, the entrypoint script will miss it.

dblord/initdb.d/20-poweradmin-mysql-db-structure.sql.var

@@ -1,121 +0,0 @@
-USE pdns;
-
--- PowerAdmin
--- MySQL Database Structure
---
-
-CREATE TABLE users (
-  id          INTEGER      NOT NULL AUTO_INCREMENT,
-  username    VARCHAR(64)  NOT NULL,
-  `password`  VARCHAR(128) NOT NULL,
-  fullname    VARCHAR(255) NOT NULL,
-  email       VARCHAR(255) NOT NULL,
-  description TEXT         NOT NULL,
-  perm_templ  TINYINT      NOT NULL,
-  active      TINYINT      NOT NULL,
-  use_ldap    TINYINT      NOT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB;
-
-START TRANSACTION;
-    INSERT INTO users ( id, username, `password`, fullname, email
-                      , description, perm_templ, active, use_ldap )
-    VALUES ( 1, 'admin', MD5('${DESECSTACK_DEVADMIN_PASSWORD_poweradmin}'), 'Administrator'
-           , 'admin@example.net', 'Administrator with full rights.', 1, 1, 0 );
-COMMIT;
-
-CREATE TABLE perm_items (
-  id INTEGER       NOT NULL AUTO_INCREMENT,
-  name VARCHAR(64) NOT NULL,
-  descr TEXT       NOT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB;
-
-START TRANSACTION;
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 41, 'zone_master_add', 'User is allowed to add new master zones.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 42, 'zone_slave_add', 'User is allowed to add new slave zones.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 49, 'search', 'User is allowed to perform searches.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 50, 'supermaster_view', 'User is allowed to view supermasters.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 51, 'supermaster_add', 'User is allowed to add new supermasters.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 52, 'supermaster_edit', 'User is allowed to edit supermasters.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 54, 'user_view_others', 'User is allowed to see other users and their details.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 55, 'user_add_new', 'User is allowed to add new users.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 56, 'user_edit_own', 'User is allowed to edit their own details.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 57, 'user_edit_others', 'User is allowed to edit other users.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 60, 'templ_perm_add', 'User is allowed to add new permission templates.' );
-    INSERT INTO perm_items ( id, name, descr ) VALUES ( 61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.' );
-COMMIT;
-
-CREATE TABLE perm_templ (
-  id    INTEGER      NOT NULL AUTO_INCREMENT,
-  name  VARCHAR(128) NOT NULL,
-  descr TEXT         NOT NULL,
-  PRIMARY KEY  (id)
-) ENGINE=InnoDB;
-
-START TRANSACTION;
-    INSERT INTO perm_templ ( id, name, descr )
-        VALUES ( 1, 'Administrator'
-               , 'Administrator template with full rights.' );
-COMMIT;
-
-CREATE TABLE perm_templ_items (
-  id INTEGER       NOT NULL AUTO_INCREMENT,
-  templ_id INTEGER NOT NULL,
-  perm_id INTEGER  NOT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB;
-
-START TRANSACTION;
-    INSERT INTO perm_templ_items ( id, templ_id, perm_id )
-    VALUES ( 1, 1, 53 );
-COMMIT;
-
-CREATE TABLE zones (
-  id            INTEGER NOT NULL AUTO_INCREMENT,
-  domain_id     INTEGER NOT NULL,
-  owner         INTEGER NOT NULL,
-  `comment`     TEXT,
-  zone_templ_id INTEGER NOT NULL,
-  PRIMARY KEY (id),
-  KEY owner (owner)
-) ENGINE=InnoDB;
-
-CREATE TABLE zone_templ (
-  id    INTEGER      NOT NULL AUTO_INCREMENT,
-  name  VARCHAR(128) NOT NULL,
-  descr TEXT         NOT NULL,
-  owner INTEGER      NOT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB;
-
-CREATE TABLE zone_templ_records (
-  id            INTEGER      NOT NULL AUTO_INCREMENT,
-  zone_templ_id INTEGER      NOT NULL,
-  name          VARCHAR(255) NOT NULL,
-  `type`        VARCHAR(6)   NOT NULL,
-  content       VARCHAR(255) NOT NULL,
-  ttl           INTEGER      NOT NULL,
-  prio          INTEGER      NOT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB;
-
-CREATE TABLE records_zone_templ (
-    domain_id INTEGER NOT NULL,
-    record_id INTEGER NOT NULL,
-    zone_templ_id INTEGER NOT NULL
-) ENGINE=InnoDB;
-
-CREATE TABLE migrations (
-    version VARCHAR(255) NOT NULL,
-    apply_time INTEGER NOT NULL
-) ENGINE=InnoDB;

devadmin/Dockerfile

@@ -1,22 +0,0 @@
-FROM richarvey/nginx-php-fpm:php5
-
-RUN apk add --no-cache \
-	php5-gettext \
-	phpmyadmin
-
-# Can't use /var/www/html/ because parent image defines it as a volume, but we're going to modify it at build time
-ENV WEBROOT /var/www/htdocs
-
-RUN mkdir /var/www/htdocs \
-	&& cd /var/www/htdocs \
-	&& wget https://github.com/poweradmin/poweradmin/archive/v2.1.7.tar.gz \
-	&& tar xzf v2.1.7.tar.gz \
-	&& rm -rf v2.1.7.tar.gz poweradmin-2.1.7/install/ \
-	&& ln -s /usr/share/webapps/phpmyadmin phpmyadmin \
-	&& ln -s poweradmin-2.1.7 poweradmin
-
-COPY conf/phpmyadmin/config.inc.php /etc/phpmyadmin/
-COPY conf/poweradmin/config.inc.php /var/www/htdocs/poweradmin-2.1.7/inc/
-
-# Don't be smart
-ENV TEMPLATE_NGINX_HTML=0

devadmin/README.md

@@ -1,6 +0,0 @@
-deSEC devadmin
-=====
-
-This is a docker-compose application providing a web service with raw database access via phpMyAdmin and poweradmin.
-
-Don't expect it to be safe (e.g., poweradmin session key is left at default value) and don't use in production.

devadmin/conf/phpmyadmin/config.inc.php

@@ -1,175 +0,0 @@
-<?php
-/* vim: set expandtab sw=4 ts=4 sts=4: */
-/**
- * phpMyAdmin sample configuration, you can use it as base for
- * manual configuration. For easier setup you can use setup/
- *
- * All directives are explained in documentation in the doc/ folder
- * or at <https://docs.phpmyadmin.net/>.
- *
- * @package PhpMyAdmin
- */
-
-/**
- * This is needed for cookie based authentication to encrypt password in
- * cookie
- */
-$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
-
-/**
- * Servers configuration
- */
-$i = 0;
-
-/**
- * First server
- */
-$i++;
-/* Authentication type */
-$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-$cfg['Servers'][$i]['host'] = 'dbapi';
-$cfg['Servers'][$i]['connect_type'] = 'tcp';
-$cfg['Servers'][$i]['compress'] = false;
-$cfg['Servers'][$i]['AllowNoPassword'] = false;
-
-$i++;
-/* Authentication type */
-$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-$cfg['Servers'][$i]['host'] = 'dblord';
-$cfg['Servers'][$i]['connect_type'] = 'tcp';
-$cfg['Servers'][$i]['compress'] = false;
-$cfg['Servers'][$i]['AllowNoPassword'] = false;
-
-$i++;
-/* Authentication type */
-$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-$cfg['Servers'][$i]['host'] = 'dbmaster';
-$cfg['Servers'][$i]['connect_type'] = 'tcp';
-$cfg['Servers'][$i]['compress'] = false;
-$cfg['Servers'][$i]['AllowNoPassword'] = false;
-
-/**
- * phpMyAdmin configuration storage settings.
- */
-
-/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controlport'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
-
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
-// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
-// $cfg['Servers'][$i]['users'] = 'pma__users';
-// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
-// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
-// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
-// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
-// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
-// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
-/* Contrib / Swekey authentication */
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
-
-/**
- * End of servers configuration
- */
-
-/**
- * Directories for saving/loading files from server
- */
-$cfg['UploadDir'] = '';
-$cfg['SaveDir'] = '';
-
-/**
- * Whether to display icons or text or both icons and text in table row
- * action segment. Value can be either of 'icons', 'text' or 'both'.
- * default = 'both'
- */
-//$cfg['RowActionType'] = 'icons';
-
-/**
- * Defines whether a user should be displayed a "show all (records)"
- * button in browse mode or not.
- * default = false
- */
-//$cfg['ShowAll'] = true;
-
-/**
- * Number of rows displayed when browsing a result set. If the result
- * set contains more rows, "Previous" and "Next".
- * Possible values: 25, 50, 100, 250, 500
- * default = 25
- */
-//$cfg['MaxRows'] = 50;
-
-/**
- * Disallow editing of binary fields
- * valid values are:
- *   false    allow editing
- *   'blob'   allow editing except for BLOB fields
- *   'noblob' disallow editing except for BLOB fields
- *   'all'    disallow editing
- * default = 'blob'
- */
-//$cfg['ProtectBinary'] = false;
-
-/**
- * Default language to use, if not browser-defined or user-defined
- * (you find all languages in the locale folder)
- * uncomment the desired line:
- * default = 'en'
- */
-//$cfg['DefaultLang'] = 'en';
-//$cfg['DefaultLang'] = 'de';
-
-/**
- * How many columns should be used for table display of a database?
- * (a value larger than 1 results in some information being hidden)
- * default = 1
- */
-//$cfg['PropertiesNumColumns'] = 2;
-
-/**
- * Set to true if you want DB-based query history.If false, this utilizes
- * JS-routines to display query history (lost by window close)
- *
- * This requires configuration storage enabled, see above.
- * default = false
- */
-//$cfg['QueryHistoryDB'] = true;
-
-/**
- * When using DB-based query history, how many entries should be kept?
- * default = 25
- */
-//$cfg['QueryHistoryMax'] = 100;
-
-/**
- * Whether or not to query the user before sending the error report to
- * the phpMyAdmin team when a JavaScript error occurs
- *
- * Available options
- * ('ask' | 'always' | 'never')
- * default = 'ask'
- */
-//$cfg['SendErrorReports'] = 'always';
-
-/**
- * You can find more configuration options in the documentation
- * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
- */

devadmin/conf/poweradmin/config.inc.php

@@ -1,75 +0,0 @@
-<?php
-
-/**
- * Sample configuration file with default values
- *
- * @package     Poweradmin
- * @copyright   2007-2010 Rejo Zenger <rejo@zenger.nl>
- * @copyright   2010-2014 Poweradmin Development Team
- * @license     http://opensource.org/licenses/GPL-3.0 GPL
- */
-// NOTE: Do not edit this file, otherwise it's very likely your changes 
-// will be overwritten with an upgrade.  
-// Instead, create the file "inc/config.inc.php" and set the variables you
-// want to set there. Your changes will override the defaults provided by us.
-// Better description of available configuration settings you can find here:
-// <https://github.com/poweradmin/poweradmin/wiki/Configuration-File>
-// Database settings
-$db_host = 'dblord';
-$db_port = '';
-$db_user = 'poweradmin';
-$db_pass = getenv('DESECSTACK_DBLORD_PASSWORD_poweradmin');
-$db_name = 'pdns';
-$db_type = 'mysql';
-//$db_file		= '';		# used only for SQLite, provide full path to database file
-//$db_debug		= false;	# show all SQL queries
-$db_layer		= 'PDO';	# or MDB2
-//$db_ssl_ca            = '';
-// Security settings
-// This should be changed upon install
-$session_key = getenv('DESECSTACK_DEVADMIN_SESSIONKEY_poweradmin');
-$password_encryption = 'md5'; // or md5salt
-
-// Interface settings
-$iface_lang = 'en_EN';
-$iface_style = 'example';
-$iface_rowamount = 50;
-$iface_expire = 1800;
-$iface_zonelist_serial = false;
-$iface_title = 'Poweradmin';
-$iface_add_reverse_record = true;
-
-// Predefined DNS settings
-$dns_hostmaster = 'hostmaster.desec.io.';
-$dns_ns1 = 'ns1.desec.io';
-$dns_ns2 = 'ns1.desec.io';
-$dns_ttl = 3600;
-$dns_fancy = false;
-$dns_strict_tld_check = false;
-$dns_top_level_tld_check = false;     // Don't allow to create top level TLDs
-$dns_third_level_check = false;
-// Timezone settings
-// See <http://www.php.net/manual/en/timezones.php> for help.
-//$timezone		= 'UTC';
-// Logging settings
-// Syslog usage - writes authentication attempts to syslog
-// This facility could be used in combination with fail2ban to
-// ban IPs with break-in attempts
-$syslog_use = false;
-$syslog_ident = 'poweradmin';
-// On Windows usually only LOG_USER is available
-$syslog_facility = LOG_USER;
-
-// PowerDNSSEC settings
-$pdnssec_use = false;
-$pdnssec_command = '/usr/bin/pdnssec';
-
-// LDAP settings
-$ldap_use = false;
-$ldap_debug = false;
-$ldap_uri = 'ldap://domaincontroller.example.com';
-$ldap_basedn = 'OU=Users,DC=example,DC=com';
-$ldap_binddn = 'GROUP\lookupuser';
-$ldap_bindpw = 'some_password';
-$ldap_user_attribute = 'sAMAccountName';
-$ldap_proto = 3;

devadmin/html/phpmyadmin

@@ -1 +0,0 @@
-/usr/share/webapps/phpmyadmin

devadmin/html/poweradmin

@@ -1 +0,0 @@
-poweradmin-2.1.7

docker-compose.dev.yml

@@ -42,15 +42,3 @@ services:
      - "5321:53/udp"
     logging:
       driver: "json-file"
-
-  # this container is dev-only
-  devadmin:
-    build: devadmin
-    environment:
-    - DESECSTACK_DBLORD_PASSWORD_poweradmin
-    - DESECSTACK_DEVADMIN_SESSIONKEY_poweradmin
-    ports:
-     - "127.0.0.1:81:80"
-    networks:
-    - rearwww
-    - rearlord

docker-compose.yml

@@ -63,7 +63,6 @@ services:
     - DESECSTACK_IPV4_REAR_PREFIX16
     - DESECSTACK_DBLORD_PASSWORD_pdns
     - DESECSTACK_DBLORD_PASSWORD_poweradmin
-    - DESECSTACK_DEVADMIN_PASSWORD_poweradmin
     networks:
     - rearlord
     logging: