continuous-integration/drone/push Build is passingDetails
Currently, only the NGINX server on biloba is reloaded after adding a new vhost or renewing an SSL certificate. The NGINX server on chamomile should also be reloaded, since chamomile is a warm standby for biloba.
This PR adds a new config option in ceod.ini to specify the shell command to reload the web servers.
Reviewed-on: #90
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is failingDetails
#63
Added the following positions:
* ext affairs lead
* marketing lead
* design lead
* events lead
* reps lead
* mods lead
* photography lead
* other
Signed-off-by: n4chung <n4chung@csclub.uwaterloo.ca>
Co-authored-by: n4chung <n4chung@csclub.uwaterloo.ca>
Reviewed-on: #79
Reviewed-by: Raymond Li <raymo@csclub.uwaterloo.ca>
Co-authored-by: Nathan Chung <n4chung@csclub.uwaterloo.ca>
Co-committed-by: Nathan Chung <n4chung@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Closes#51.
An API argument called `remove_inactive_club_reps` was added so that we can dynamically control whether we want to remove inactive club reps or not. The default action is only to disable club websites without changing group membership.
Reviewed-on: #68
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Office staff currently can't sign up new members because ceod uses their GSSAPI credentials to authenticate to LDAP, and those credentials are insufficient.
This PR uses the ceod/admin credentials instead for signing up new members and for renewing existing memberships.
Reviewed-on: #45
continuous-integration/drone/push Build is passingDetails
Add an API for members to create a project on Harbor.
Co-authored-by: Max Erenberg <>
Reviewed-on: #42
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Add an API for members to create their own Kubernetes namespace.
Co-authored-by: Max Erenberg <>
Reviewed-on: #38
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Add an API for members to create their own virtual hosts.
Co-authored-by: Max Erenberg <>
Reviewed-on: #35
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
This PR adds API endpoints and a CLI to create cloud accounts and to purge accounts of expired members.
Co-authored-by: Max Erenberg <>
Reviewed-on: #34
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Co-authored-by: Max Erenberg <>
Co-authored-by: Rio <r345liu@localhost>
Reviewed-on: #16
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
continuous-integration/drone/push Build is passingDetails
Implement DB endpoints
Co-authored-by: Andrew Wang <someone.zip@gmail.com>
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Reviewed-on: #10
Co-authored-by: Andrew Wang <a268wang@localhost>
Co-committed-by: Andrew Wang <a268wang@localhost>
continuous-integration/drone/push Build is passingDetails
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-authored-by: Rio Liu <r345liu@csclub.uwaterloo.ca>
Co-authored-by: Rio6 <rio.liu@r26.me>
Reviewed-on: #7
Co-authored-by: Rio <r345liu@localhost>
Co-committed-by: Rio <r345liu@localhost>
This PR implements the /api/groups endpoints.
Closes #2.
Reviewed-on: #6
Co-authored-by: Max Erenberg <merenber@localhost>
Co-committed-by: Max Erenberg <merenber@localhost>
This PR adds unconstrained Kerberos delegation to the API.
The client obtains a forwarded TGT and sends it, base64-encoded, in an HTTP header named 'X-KRB5-CRED'. The server reads this credential, creates a new credentials cache for the user, and stores the credential into the new cache. The server can now authenticate to other services (e.g. LDAP) over GSSAPI using the forwarded client's credentials.
Reviewed-on: #5
Co-authored-by: Max Erenberg <merenber@localhost>
Co-committed-by: Max Erenberg <merenber@localhost>