first cut of librenms package

Techops/netmon.knownelement.com/CloudronManifest.json

@@ -0,0 +1,52 @@
+{
+  "id": "org.librenms.cloudronapp",
+  "title": "LibreNMS",
+  "author": "LibreNMS Team",
+  "description": "LibreNMS is a fully featured network monitoring system that provides a wealth of features and device support.",
+  "version": "24.4.0",
+  "tagline": "Open Source Network Monitoring",
+  "healthCheckPath": "/login",
+  "httpPort": 8000,
+  "addons": {
+    "localstorage": {},
+    "mysql": {
+      "memoryLimit": 134217728
+    },
+    "redis": {}
+  },
+  "manifestVersion": 2,
+  "website": "https://www.librenms.org/",
+  "documentation": "https://docs.librenms.org/",
+  "icon": "file://logo.png",
+  "memoryLimit": 734003200,
+  "minBoxVersion": "7.0.0",
+  "tags": [
+    "monitoring",
+    "network",
+    "snmp",
+    "graphs",
+    "alerts"
+  ],
+  "postInstallMessage": "LibreNMS has been installed successfully!\n\nDefault login:\nUsername: admin\nPassword: admin\n\nPlease change your password after the first login.",
+  "forceSSL": true,
+  "installationProgress": true,
+  "tcpPorts": {
+    "SNMP": {
+      "port": 161,
+      "description": "SNMP port for device monitoring"
+    }
+  },
+  "optionalSso": true,
+  "sso": [
+    {
+      "name": "oidc",
+      "configurePath": "/auth/oidc/login",
+      "logoutPath": "/logout"
+    },
+    {
+      "name": "ldap",
+      "configurePath": "/auth/ldap/login",
+      "logoutPath": "/logout"
+    }
+  ]
+}

Techops/netmon.knownelement.com/Dockerfile

@@ -0,0 +1,77 @@
+FROM cloudron/base:4.2.0
+
+# Install required packages
+RUN apt-get update && apt-get install -y \
+    acl \
+    composer \
+    fping \
+    git \
+    graphviz \
+    imagemagick \
+    mariadb-client \
+    mtr-tiny \
+    nginx \
+    nmap \
+    php8.2-cli \
+    php8.2-curl \
+    php8.2-fpm \
+    php8.2-gd \
+    php8.2-gmp \
+    php8.2-mbstring \
+    php8.2-mysql \
+    php8.2-snmp \
+    php8.2-xml \
+    php8.2-zip \
+    python3 \
+    python3-pip \
+    python3-pymysql \
+    python3-redis \
+    python3-dotenv \
+    python3-systemd \
+    rrdtool \
+    snmp \
+    snmp-mibs-downloader \
+    unzip \
+    whois \
+    supervisor \
+    && rm -rf /var/lib/apt/lists/*
+
+# Download MIBs
+RUN download-mibs
+
+# Clone LibreNMS repository
+WORKDIR /app/code
+RUN git clone --depth 1 https://github.com/librenms/librenms.git .
+
+# Install PHP dependencies
+RUN composer install --no-dev --no-interaction
+
+# Install Python dependencies
+RUN pip3 install -r requirements.txt
+
+# Create initial data directory structure
+RUN mkdir -p /tmp/data/rrd \
+             /tmp/data/logs \
+             /tmp/data/config \
+             /tmp/data/plugins \
+             /app/data/rrd \
+             /app/data/logs \
+             /app/data/config \
+             /app/data/plugins
+
+# Copy configuration files
+COPY nginx.conf /etc/nginx/sites-available/librenms
+RUN ln -sf /etc/nginx/sites-available/librenms /etc/nginx/sites-enabled/default
+COPY supervisord.conf /etc/supervisor/conf.d/librenms.conf
+COPY start.sh /app/code/
+COPY config.php /tmp/data/config/
+
+# Set permissions
+RUN chmod +x /app/code/start.sh \
+    && chown -R cloudron:cloudron /app/code \
+    && chown -R cloudron:cloudron /tmp/data \
+    && chown -R cloudron:cloudron /app/data
+
+WORKDIR /app/code
+
+CMD ["/app/code/start.sh"]

Techops/netmon.knownelement.com/LibrenmsBuildNotes.md

@@ -0,0 +1,158 @@
+# LibreNMS for Cloudron - Build Notes
+
+This document provides instructions for building, testing, and deploying the LibreNMS package to your Cloudron instance.
+
+## Package Contents
+
+The LibreNMS Cloudron package includes:
+
+- **CloudronManifest.json**: The main configuration file for the Cloudron application
+- **Dockerfile**: Sets up the container with all required dependencies
+- **start.sh**: The entry point script that initializes and configures LibreNMS
+- **nginx.conf**: Web server configuration for LibreNMS
+- **supervisord.conf**: Process management for multiple services
+- **config.php**: Default LibreNMS configuration
+
+## Building the Package
+
+1. Create a new directory for the package:
+   ```bash
+   mkdir librenms-cloudron
+   cd librenms-cloudron
+   ```
+
+2. Copy all files into this directory:
+   - CloudronManifest.json
+   - Dockerfile
+   - start.sh
+   - nginx.conf
+   - supervisord.conf
+   - config.php
+
+3. Download the LibreNMS logo:
+   ```bash
+   curl -o logo.png https://raw.githubusercontent.com/librenms/librenms/master/html/images/librenms_logo_light.svg
+   ```
+
+4. Ensure proper file permissions:
+   ```bash
+   chmod +x start.sh
+   ```
+
+5. Build the Cloudron package:
+   ```bash
+   cloudron build
+   ```
+
+## Testing the Package
+
+1. Install the app on your Cloudron for testing:
+   ```bash
+   cloudron install —app librenms
+   ```
+
+2. Access the LibreNMS web interface at the URL provided by Cloudron.
+
+3. Log in with the default credentials:
+   - Username: `admin`
+   - Password: `admin`
+
+4. Verify functionality by:
+   - Adding a test device
+   - Checking discovery and polling
+   - Configuring alerts
+   - Testing authentication (especially if using Cloudron SSO)
+
+## Deploying to Production
+
+1. Update the CloudronManifest.json with appropriate values:
+   - Update `version` if needed
+   - Adjust `memoryLimit` based on your production needs
+   - Update `contactEmail` with your support email
+
+2. Rebuild the package:
+   ```bash
+   cloudron build
+   ```
+
+3. Install on your production Cloudron:
+   ```bash
+   cloudron install —app librenms
+   ```
+
+## Authentication Configuration
+
+### OIDC Authentication (Recommended)
+
+The package automatically configures OIDC authentication when Cloudron SSO is enabled. This provides:
+
+- Single sign-on with your Cloudron users
+- Automatic user provisioning
+- Group-based access control
+
+### LDAP Authentication
+
+If OIDC is not enabled, the package can use Cloudron’s LDAP server. This is configured automatically by the start.sh script.
+
+### Manual Authentication
+
+If neither OIDC nor LDAP is used, the package defaults to MySQL authentication with a local admin user.
+
+## Data Persistence
+
+The following data is stored in persistent volumes:
+
+- **/app/data/rrd**: RRD files for graphing
+- **/app/data/logs**: LibreNMS logs
+- **/app/data/config**: Configuration files
+- **/app/data/plugins**: Custom plugins
+
+## Troubleshooting
+
+If you encounter issues:
+
+1. Check the logs:
+   ```bash
+   cloudron logs -f librenms
+   ```
+
+2. Verify database connection:
+   ```bash
+   cloudron exec —app librenms — mysql -h “$CLOUDRON_MYSQL_HOST” -P “$CLOUDRON_MYSQL_PORT” -u “$CLOUDRON_MYSQL_USERNAME” -p”$CLOUDRON_MYSQL_PASSWORD” -e “SHOW TABLES” “$CLOUDRON_MYSQL_DATABASE”
+   ```
+
+3. Check file permissions:
+   ```bash
+   cloudron exec —app librenms — ls -la /app/data
+   ```
+
+4. Restart the application:
+   ```bash
+   cloudron restart —app librenms
+   ```
+
+## Upgrading
+
+To upgrade LibreNMS:
+
+1. Update the git clone command in the Dockerfile to use the latest version tag
+2. Update the version in CloudronManifest.json
+3. Rebuild and upgrade the package:
+   ```bash
+   cloudron build
+   cloudron update —app librenms
+   ```
+
+## Security Considerations
+
+- The default admin password should be changed immediately after installation
+- Consider using Cloudron SSO to leverage your existing authentication system
+- SNMP port 161 is exposed for device monitoring - ensure proper network security
+
+## Resource Usage
+
+LibreNMS resource requirements depend on the number of monitored devices:
+
+- For <100 devices: Default memory limit (734MB) should be sufficient
+- For 100-500 devices: Consider increasing memory limit to 1GB or more
+- For >500 devices: Consider distributed polling with multiple instances

Techops/netmon.knownelement.com/config.php

@@ -0,0 +1,88 @@
+<?php
+
+$config['db_host'] = getenv('DB_HOST');
+$config['db_port'] = getenv('DB_PORT');
+$config['db_user'] = getenv('DB_USER');
+$config['db_pass'] = getenv('DB_PASS');
+$config['db_name'] = getenv('DB_NAME');
+
+// Redis settings (used for distributed polling)
+$config['redis']['host'] = getenv('REDIS_HOST');
+$config['redis']['port'] = getenv('REDIS_PORT');
+$config['redis']['db'] = getenv('REDIS_DB');
+$config['redis']['pass'] = getenv('REDIS_PASS');
+
+// Base URL
+$config['base_url'] = getenv('APP_URL');
+
+// Authentication mechanism - This will be modified by start.sh if needed
+$config['auth_mechanism'] = 'mysql';
+
+// Enable alerting
+$config['alert']['enable'] = true;
+
+// RRD storage
+$config['rrd_dir'] = '/app/data/rrd';
+
+// Log directory
+$config['log_dir'] = '/app/data/logs';
+$config['log_file'] = '/app/data/logs/librenms.log';
+$config['auth_log'] = '/app/data/logs/auth.log';
+
+// Plugin directory 
+$config['plugin_dir'] = '/app/data/plugins';
+
+// Default theme
+$config['webui']['default_theme'] = 'light';
+
+// Path settings
+$config['fping'] = '/usr/bin/fping';
+$config['fping6'] = '/usr/bin/fping6';
+$config['snmpwalk'] = '/usr/bin/snmpwalk';
+$config['snmpget'] = '/usr/bin/snmpget';
+$config['snmpbulkwalk'] = '/usr/bin/snmpbulkwalk';
+$config['snmptranslate'] = '/usr/bin/snmptranslate';
+$config['rrdtool'] = '/usr/bin/rrdtool';
+$config['whois'] = '/usr/bin/whois';
+$config['ping'] = '/bin/ping';
+$config['mtr'] = '/usr/bin/mtr';
+$config['nmap'] = '/usr/bin/nmap';
+
+// Disable in-app updates
+$config['update'] = 0;
+
+// Security settings
+$config['allow_unauth_graphs'] = false;
+$config['allow_unauth_graphs_cidr'] = array();
+
+// Alert tolerance window
+$config['alert']['tolerance_window'] = 5;
+
+// Poller settings
+$config['poller_modules']['bgp'] = 1;
+$config['poller_modules']['ospf'] = 1;
+$config['poller_modules']['isis'] = 1;
+$config['poller_modules']['applications'] = 1;
+$config['poller_modules']['services'] = 1;
+
+// Set timezone according to Cloudron environment
+$config['timezone'] = 'UTC';
+
+// Auto-discovery settings
+$config['autodiscovery']['xdp'] = true;
+$config['autodiscovery']['ospf'] = true;
+$config['autodiscovery']['bgp'] = true;
+$config['autodiscovery']['snmpscan'] = true;
+
+// API Settings
+$config['api']['cors']['enabled'] = false;
+$config['api']['cors']['origin'] = null;
+
+// Rate Limiting
+$config['ratelimit']['enabled'] = true;
+$config['ratelimit']['api']['limit'] = 300;
+$config['ratelimit']['api']['period'] = 60;
+
+// Default alert rules
+$config['enable_inventory'] = 1;
+$config['enable_syslog'] = 0;

Techops/netmon.knownelement.com/docker-compose.yml

@@ -1 +0,0 @@
-#librenms docker compose for tsys

Techops/netmon.knownelement.com/input-files/info

@@ -1 +0,0 @@
-This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).

Techops/netmon.knownelement.com/nginx.conf

@@ -0,0 +1,39 @@
+server {
+    listen 8000;
+    
+    server_name _;
+    root /app/code/html;
+    index index.php;
+
+    charset utf-8;
+    gzip on;
+    gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
+    
+    access_log /dev/stdout;
+    error_log /dev/stderr;
+
+    # Set the client MAX Body size to allow for larger image uploads
+    client_max_body_size 64M;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
+        fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
+        fastcgi_param HTTPS on;
+        fastcgi_read_timeout 900;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

Techops/netmon.knownelement.com/output-files/info

@@ -1 +0,0 @@
-This directory contains final docker compose files for the application at FQDN indidicated by the parent directory. 

Techops/netmon.knownelement.com/start.sh

@@ -0,0 +1,126 @@
+#!/bin/bash
+
+set -eu
+
+# Setup directories
+if [ ! -d "/app/data/rrd" ] || [ -z "$(ls -A /app/data/rrd)" ]; then
+    echo "First run, initializing data directories..."
+    mkdir -p /app/data/rrd
+    mkdir -p /app/data/logs
+    mkdir -p /app/data/config
+    mkdir -p /app/data/plugins
+    
+    # Copy initial configurations if they don't exist
+    if [ ! -f "/app/data/config/config.php" ]; then
+        cp /tmp/data/config/config.php /app/data/config/
+    fi
+fi
+
+# Create necessary log files
+touch /app/data/logs/librenms.log
+touch /app/data/logs/auth.log
+touch /app/data/logs/discovery.log
+touch /app/data/logs/poller.log
+
+# Environment variables for database and redis
+export DB_HOST=${CLOUDRON_MYSQL_HOST}
+export DB_PORT=${CLOUDRON_MYSQL_PORT}
+export DB_USER=${CLOUDRON_MYSQL_USERNAME}
+export DB_PASS=${CLOUDRON_MYSQL_PASSWORD}
+export DB_NAME=${CLOUDRON_MYSQL_DATABASE}
+export REDIS_HOST=${CLOUDRON_REDIS_HOST}
+export REDIS_PORT=${CLOUDRON_REDIS_PORT}
+export REDIS_DB=0
+export REDIS_PASS=${CLOUDRON_REDIS_PASSWORD}
+export APP_URL=https://${CLOUDRON_APP_DOMAIN}
+
+# Set up OIDC authentication if enabled
+if [[ -n "${CLOUDRON_OIDC_IDENTIFIER:-}" ]]; then
+    echo "Configuring OIDC authentication..."
+    sed -i "s|'auth_mechanism' => 'mysql'|'auth_mechanism' => 'socialite'|g" /app/data/config/config.php
+    
+    # Add OIDC configuration
+    cat >> /app/data/config/config.php << EOF
+\$config['auth_socialite_oidc']['enabled'] = true;
+\$config['auth_socialite_oidc']['client_id'] = '${CLOUDRON_OIDC_CLIENT_ID}';
+\$config['auth_socialite_oidc']['client_secret'] = '${CLOUDRON_OIDC_CLIENT_SECRET}';
+\$config['auth_socialite_oidc']['authorize_url'] = '${CLOUDRON_OIDC_ISSUER}/auth';
+\$config['auth_socialite_oidc']['token_url'] = '${CLOUDRON_OIDC_ISSUER}/token';
+\$config['auth_socialite_oidc']['userinfo_url'] = '${CLOUDRON_OIDC_ISSUER}/userinfo';
+\$config['auth_socialite_oidc']['scope'] = 'openid email profile groups';
+\$config['auth_socialite_oidc']['redirect'] = 'https://${CLOUDRON_APP_DOMAIN}/auth/oidc/callback';
+EOF
+fi
+
+# Set up LDAP authentication if enabled and OIDC is not enabled
+if [[ -z "${CLOUDRON_OIDC_IDENTIFIER:-}" && -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+    echo "Configuring LDAP authentication..."
+    sed -i "s|'auth_mechanism' => 'mysql'|'auth_mechanism' => 'ldap'|g" /app/data/config/config.php
+    
+    # Add LDAP configuration
+    cat >> /app/data/config/config.php << EOF
+\$config['auth_ldap_server'] = '${CLOUDRON_LDAP_SERVER}';
+\$config['auth_ldap_port'] = ${CLOUDRON_LDAP_PORT};
+\$config['auth_ldap_version'] = 3;
+\$config['auth_ldap_starttls'] = true;
+\$config['auth_ldap_prefix'] = '${CLOUDRON_LDAP_BIND_DN%%,*}';
+\$config['auth_ldap_suffix'] = ',${CLOUDRON_LDAP_BIND_DN#*,}';
+\$config['auth_ldap_group'] = '${CLOUDRON_LDAP_USERS_GROUP_DN}';
+\$config['auth_ldap_groupbase'] = '${CLOUDRON_LDAP_GROUPS_BASE_DN}';
+\$config['auth_ldap_groups']['admin']['level'] = 10;
+\$config['auth_ldap_groups']['admin']['group'] = '${CLOUDRON_LDAP_ADMINS_GROUP_DN}';
+EOF
+fi
+
+# Fix permissions
+chown -R cloudron:cloudron /app/data
+
+# Initialize database if needed
+echo "Checking database..."
+if ! mysql -h "${CLOUDRON_MYSQL_HOST}" -P "${CLOUDRON_MYSQL_PORT}" -u "${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -e "USE ${CLOUDRON_MYSQL_DATABASE}" 2>/dev/null; then
+    echo "Setting up database schema..."
+    cd /app/code
+    php build-base.php
+fi
+
+# Apply database updates if needed
+cd /app/code
+php includes/sql-schema/update.php
+
+# Create admin user on first run if authentication is MySQL
+if [[ ! -n "${CLOUDRON_OIDC_IDENTIFIER:-}" && ! -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+    if ! mysql -h "${CLOUDRON_MYSQL_HOST}" -P "${CLOUDRON_MYSQL_PORT}" -u "${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -e "SELECT username FROM users WHERE username='admin'" ${CLOUDRON_MYSQL_DATABASE} 2>/dev/null | grep -q admin; then
+        echo "Creating admin user..."
+        php adduser.php admin admin 10 admin@localhost
+    fi
+fi
+
+# Link config file
+ln -sf /app/data/config/config.php /app/code/config.php
+
+# Setup cron jobs
+echo "Setting up cron jobs..."
+cat > /etc/cron.d/librenms << EOF
+# Run a complete discovery of all devices once every 6 hours
+33  */6 * * *   cloudron   cd /app/code/ && php discovery.php -h all >> /app/data/logs/discovery-all.log 2>&1
+# Run a complete poll of all devices once every 5 minutes
+*/5 *   * * *   cloudron   cd /app/code/ && php poller.php -h all >> /app/data/logs/poll-all.log 2>&1
+# Run hourly maintenance tasks
+15  *   * * *   cloudron   cd /app/code/ && php daily.php >> /app/data/logs/daily.log 2>&1
+# Run daily maintenance tasks
+15  0   * * *   cloudron   cd /app/code/ && php daily.sh >> /app/data/logs/daily.log 2>&1
+# Check services
+*/5 *   * * *   cloudron   cd /app/code/ && php check-services.php >> /app/data/logs/check-services.log 2>&1
+# Process alerts
+*/5 *   * * *   cloudron   cd /app/code/ && php alerts.php >> /app/data/logs/alerts.log 2>&1
+# Poll billing
+*/5 *   * * *   cloudron   cd /app/code/ && php poll-billing.php >> /app/data/logs/poll-billing.log 2>&1
+# Generate billing data
+01  *   * * *   cloudron   cd /app/code/ && php billing-calculate.php >> /app/data/logs/billing-calculate.log 2>&1
+# Update device groups
+*/5 *   * * *   cloudron   cd /app/code/ && php update-device-groups.php >> /app/data/logs/update-device-groups.log 2>&1
+EOF
+
+# Start supervisord to manage all processes
+echo "Starting supervisord..."
+exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

Techops/netmon.knownelement.com/supervisord.conf

@@ -0,0 +1,41 @@
+[program:nginx]
+command=nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:php-fpm]
+command=/usr/sbin/php-fpm8.2 --nodaemonize
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:cron]
+command=cron -f
+autostart=true
+autorestart=true
+priority=15
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:dispatcher-service]
+command=/usr/bin/python3 /app/code/dispatcher.py
+directory=/app/code
+user=cloudron
+autostart=true
+autorestart=true
+priority=20
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0

Techops/netmon.knownelement.com/vendor-files/info

@@ -1 +0,0 @@
-This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory