add postgres workaround (#1), misc fixes (wip), cleanup

docker-compose.yml

@@ -2,30 +2,31 @@ version: "3.8"
 
 # Define default configuration for SODAR.
 x-sodar: &default-sodar
-  image: bihealth/sodar-server:${SODAR_SERVER_VERSION}
+  image: ghcr.io/bihealth/sodar-server:${SODAR_SERVER_VERSION}
   environment: &default-sodar-environment
     WAIT_HOSTS: "postgres:5432, redis:6379, irods:1247"
     LC_ALL: en_US.UTF-8
+    DJANGO_ALLOWED_HOSTS: "*"
+    DJANGO_SECRET_KEY: ${SODAR_DJANGO_SECRET_KEY}
+    DJANGO_SETTINGS_MODULE: config.settings.production
     CELERY_BROKER_URL: redis://redis:6379/0
+    CELERY_CHDIR: /usr/src/app
+    CELERY_CREATE_DIRS: "1"
     DATABASE_URL: postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}/sodar
     CONN_MAX_AGE: "0"
     PROJECTROLES_SEND_EMAIL: ${SODAR_EMAIL_ENABLED}
     EMAIL_SENDER: ${SODAR_EMAIL_SENDER}
     EMAIL_SUBJECT_PREFIX: ${SODAR_EMAIL_SUBJECT_PREFIX}
     EMAIL_URL: ${SODAR_EMAIL_URL}
-    DJANGO_ALLOWED_HOSTS: "*"
-    DJANGO_SECRET_KEY: ${SODAR_DJANGO_SECRET_KEY}
-    DJANGO_SETTINGS_MODULE: config.settings.production
     ENABLED_BACKEND_PLUGINS: timeline_backend,taskflow,omics_irods,sodar_cache,ontologyaccess_backend
     PROJECTROLES_ADMIN_OWNER: ${SODAR_ADMIN_OWNER}
     PROJECTROLES_DEFAULT_ADMIN: ${SODAR_ADMIN_DEFAULT_ADMIN}
     PROJECTROLES_ALLOW_LOCAL_USERS: ${SODAR_ALLOW_LOCAL_USERS}
-    CELERY_CHDIR: /usr/src/app
-    CELERY_CREATE_DIRS: "1"
+    PROJECTROLES_ALLOW_ANONYMOUS: ${SODAR_ALLOW_ANONYMOUS}
     PROJECTROLES_DISABLE_CDN_INCLUDES: "1"
     PROJECTROLES_CUSTOM_JS_INCLUDES: /static/local/js/jquery-3.5.1.min.js,/static/local/js/bootstrap.bundle.min.js,/static/local/js/tether.js,/static/local/js/shepherd.min.js,/static/local/js/clipboard.min.js
     PROJECTROLES_CUSTOM_CSS_INCLUDES: /static/local/css/font-awesome.min.css,/static/local/css/bootstrap.min.css
-    CUSTOM_STATIC_DIR: /usr/src/app/static-local
+    CUSTOM_STATIC_DIR: /usr/src/app/local-static
     ENABLE_LDAP: ${SODAR_LDAP_ENABLED}
     AUTH_LDAP_SERVER_URI: ${SODAR_LDAP_SERVER_URI}
     AUTH_LDAP_BIND_PASSWORD: ${SODAR_LDAP_BIND_PASSWORD}
@@ -125,7 +126,7 @@ services:
     restart: unless-stopped
 
   sodar-taskflow:
-    image: bihealth/sodar-taskflow:${SODAR_TASKFLOW_VERSION}
+    image: ghcr.io/bihealth/sodar-taskflow:${SODAR_TASKFLOW_VERSION}
     environment:
       SODAR_TASKFLOW_SETTINGS: /usr/src/app/config/production.py
       TASKFLOW_IRODS_HOST: irods
@@ -144,7 +145,7 @@ services:
       - redis
 
   postgres:
-    image: postgres:12
+    image: postgres:11
     environment:
       POSTGRES_USER: ${POSTGRES_USERNAME}
       POSTGRES_USER: ${POSTGRES_USERNAME}
@@ -171,19 +172,19 @@ services:
   # BEGIN: auth-sssd
   #
   # Uncomment and run container if you want SSSD configuration.
-  sssd:
-    image: ghcr.io/bihealth/sssd-docker:${SSSD_VERSION}
-    restart: unless-stopped
-    networks:
-      - sodar
-    volumes:
-      - type: bind  # SSSD config, copied to /etc/sssd
-        source: ./config/sssd/sssd.conf
-        target: /etc/sssd.in/sssd.conf
-        read_only: true
-      - type: volume
-        source: sssd-sockets
-        target: /var/lib/sss
+  # sssd:
+  #   image: ghcr.io/bihealth/sssd-docker:${SSSD_VERSION}
+  #   restart: unless-stopped
+  #   networks:
+  #     - sodar
+  #   volumes:
+  #     - type: bind  # SSSD config, copied to /etc/sssd
+  #       source: ./config/sssd/sssd.conf
+  #       target: /etc/sssd.in/sssd.conf
+  #       read_only: true
+  #     - type: volume
+  #       source: sssd-sockets
+  #       target: /var/lib/sss
   # END: auth-sssd
 
   irods:

env.example

@@ -1,37 +1,41 @@
-SODAR_SERVER_VERSION=docker-build-0
-SODAR_TASKFLOW_VERSION=docker-build-0
+SODAR_SERVER_VERSION=dev-0
+SODAR_TASKFLOW_VERSION=0.5.0-0
 SSSD_VERSION=1.16.5-10
 IRODS_VERSION=latest
 
-# The admin credentials to use.  Is setup when container is first taken up.
+# The admin credentials to use.  Is setup when container is first taken up
 # CHANGE FOR PRODUCTION: IRODS_ADMIN_PASSWORD
 IRODS_ADMIN_USERNAME=rods
 IRODS_ADMIN_PASSWORD=rods
-# The zone name.
+# The zone name
 IRODS_ZONE_NAME=demoZone
-# Secret keys used by iRODS.  CHANGE FOR PRODUCTION.
+# Secret keys used by iRODS.  CHANGE FOR PRODUCTION
 IRODS_ZONE_KEY=TEMPORARY_zone_key
 IRODS_NEGOTIATION_KEY=TEMPORARY_32byte_negotiation_key
 IRODS_CONTROLPLANE_KEY=TEMPORARY__32byte_ctrl_plane_key
 
-# Secret key used for HTTP sessions.  CHANGE FOR PRODUCTION.
+# Secret key used for HTTP sessions.  CHANGE FOR PRODUCTION
 SODAR_DJANGO_SECRET_KEY=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH
 
-# Configure admin owner for folders.  User must exist.
+# Configure admin owner for folders.  User must exist
 SODAR_ADMIN_OWNER=root
-# Configure default admin.  User must exist.
+# Configure default admin.  User must exist
 SODAR_ADMIN_DEFAULT_ADMIN=${SODAR_ADMIN_OWNER}
 
-# Shared secret with SODAR Taskflow.
+# Shared secret with SODAR Taskflow
 SODAR_TASKFLOW_SECRET=not-so-important-with-docker
 
-# Whether local (non-LDAP) users are allowed.
+# Whether local (non-LDAP) users are allowed
 SODAR_ALLOW_LOCAL_USERS=1
 
-# Configure default base URL for SODAR API.
+# Allow anonymous users to view the site
+# NOTE: Also grants anonymous users access to "public" projects!
+SODAR_ALLOW_ANONYMOUS=0
+
+# Configure default base URL for SODAR API
 SODAR_API_DEFAULT_HOST=https://changeme.example.com
 
-# Configure UI-related settings.
+# Configure UI-related settings
 SODAR_EMAIL_SUBJECT_PREFIX=ACME SODAR
 SODAR_SITE_INSTANCE_TITLE=ACME SODAR
 SODAR_SITE_SUBTITLE=Beta
@@ -46,7 +50,7 @@ SODAR_EMAIL_SUBJECT_PREFIX=[SODAR]
 SODAR_EMAIL_URL=smtp://mail.example.com
 
 #
-# Configure primary LDAP connection (optional).
+# Configure primary LDAP connection (optional)
 #
 
 SODAR_LDAP_ENABLED=0
@@ -58,7 +62,7 @@ SODAR_LDAP_USERNAME_DOMAIN=
 SODAR_LDAP_DOMAIN_PRINTABLE=
 
 #
-# Configure secondary LDAP connection (optional; primary required to work).
+# Configure secondary LDAP connection (optional; primary required to work)
 #
 
 SODAR_LDAP2_ENABLED=1
@@ -70,7 +74,7 @@ SODAR_LDAP2_USERNAME_DOMAIN="MDC-BERLIN"
 SODAR_LDAP2_DOMAIN_PRINTABLE="MDC"
 
 #
-# Enable and configure WebDAV support (optional).
+# Enable and configure WebDAV support (optional)
 #
 
 SODAR_IRODS_WEBDAV_ENABLED=0
@@ -79,7 +83,7 @@ SODAR_IRODS_WEBDAV_URL=
 #
 # Postgres credentials.
 #
-# Can remain as they are for docker based deployments.
+# Can remain as they are for docker based deployments
 #
 POSTGRES_HOST=postgres
 POSTGRES_PORT=5432