lerkolabs/uptop
1
1
Fork 0
Code Issues 17 Pull Requests 1 Actions Packages Projects 2 Releases 1 Wiki Activity

fix: Kuma import tokens/paused, Docker hardening, migrate-secrets idempotency #116

Merged
lerko merged 1 commits from fix/import-docker-hardening into main 2026-06-12 12:49:21 +00:00
Conversation 0 Commits 1 Files Changed 4
+21 -2
4 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit edfe6122b1 - Show all commits
Dockerfile
+2
View File
@@ -31,6 +31,8 @@ ENV UPTOP_SSH_HOST_KEY=/data/.ssh/id_ed25519
ENV UPTOP_PORT=23234 ENV UPTOP_PORT=23234
EXPOSE 23234 EXPOSE 23234
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD wget -qO- http://localhost:8080/api/health || exit 1
USER uptop USER uptop
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["./uptop"] CMD ["./uptop"]
cmd/uptop/main.go
+2 -2
View File
@@ -237,13 +237,13 @@ func runMigrateSecrets(args []string) {
os.Exit(1) os.Exit(1)
} }
ss.SetEncryptor(enc)
alerts, err := ss.GetAllAlerts(context.Background()) alerts, err := ss.GetAllAlerts(context.Background())
if err != nil { if err != nil {
slog.Error("failed to load alerts", "err", err) slog.Error("failed to load alerts", "err", err)
os.Exit(1) os.Exit(1)
} }
ss.SetEncryptor(enc)
migrated := 0 migrated := 0
for _, a := range alerts { for _, a := range alerts {
if err := ss.UpdateAlert(context.Background(), a.ID, a.Name, a.Type, a.Settings); err != nil { if err := ss.UpdateAlert(context.Background(), a.ID, a.Name, a.Type, a.Settings); err != nil {
deploy/docker-compose.yml
+7
View File
@@ -5,6 +5,13 @@ services:
dockerfile: Dockerfile dockerfile: Dockerfile
container_name: uptop container_name: uptop
restart: unless-stopped restart: unless-stopped
read_only: true
cap_drop:
- ALL
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
ports: ports:
- "23234:23234" - "23234:23234"
- "8080:8080" - "8080:8080"
internal/importer/kuma.go
+10
View File
@@ -1,6 +1,8 @@
package importer package importer
import ( import (
"crypto/rand"
"encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"os" "os"
@@ -156,10 +158,18 @@ func convertKumaMonitor(m KumaMonitor, alertMap map[int]int) models.SiteConfig {
site.DNSResolveType = m.DNSResolveType site.DNSResolveType = m.DNSResolveType
site.DNSServer = m.DNSResolveServer site.DNSServer = m.DNSResolveServer
site.Paused = !m.Active
switch m.Type { switch m.Type {
case "http": case "http":
site.URL = m.URL site.URL = m.URL
site.CheckSSL = m.ExpiryNotif site.CheckSSL = m.ExpiryNotif
case "push":
site.Type = "push"
b := make([]byte, 16)
if _, err := rand.Read(b); err == nil {
site.Token = hex.EncodeToString(b)
}
case "ping": case "ping":
if m.Hostname != "" { if m.Hostname != "" {
site.Hostname = m.Hostname site.Hostname = m.Hostname