From 9bf7d329750c1108a54d034400e7b684eb0b5300 Mon Sep 17 00:00:00 2001
From: "Luna D." <luna@nighty.cloud>
Date: Fri, 24 May 2024 22:04:23 +0200
Subject: [PATCH] opensearch security is stupid

---
 docker-compose.yml               |  5 ++---
 docker/app/run-development       |  2 +-
 docker/opensearch/opensearch.yml | 15 +++++++++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 docker/opensearch/opensearch.yml

diff --git a/docker-compose.yml b/docker-compose.yml
index e372f1c5..b4d57ea2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,7 +31,7 @@ services:
       - IMAGE_URL_ROOT=/img
       - BADGE_URL_ROOT=/badge-img
       - TAG_URL_ROOT=/tag-img
-      - OPENSEARCH_URL=https://admin:admin@opensearch:9200
+      - OPENSEARCH_URL=http://opensearch:9200
       - REDIS_HOST=valkey
       - DATABASE_URL=ecto://postgres:postgres@postgres/philomena_dev
       - CDN_HOST=localhost
@@ -72,10 +72,9 @@ services:
     image: opensearchproject/opensearch:2.14.0
     volumes:
       - opensearch_data:/usr/share/opensearch/data
+      - ./docker/opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
     logging:
       driver: "none"
-    environment:
-      - discovery.type=single-node
     ulimits:
       nofile:
         soft: 65536
diff --git a/docker/app/run-development b/docker/app/run-development
index 73ec4f26..39900c76 100755
--- a/docker/app/run-development
+++ b/docker/app/run-development
@@ -38,7 +38,7 @@ npm install
 # if it's not done doing whatever it does yet
 echo -n "Waiting for OpenSearch"
 
-until wget --no-check-certificate -qO - https://admin:admin@opensearch:9200; do
+until wget --no-check-certificate -qO - http://opensearch:9200; do
   echo -n "."
   sleep 2
 done
diff --git a/docker/opensearch/opensearch.yml b/docker/opensearch/opensearch.yml
new file mode 100644
index 00000000..afb4d34c
--- /dev/null
+++ b/docker/opensearch/opensearch.yml
@@ -0,0 +1,15 @@
+---
+cluster.name: docker-cluster
+
+# Bind to all interfaces because we don't know what IP address Docker will assign to us.
+network.host: 0.0.0.0
+
+# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
+discovery.type: single-node
+
+# Disable security. We don't need it for dev environment.
+# Also, whoever thought it's a GREAT IDEA TO ENFORCE SECURITY FEATURES
+# BY DEFAULT IN A FREAKING DOCKER CONTAINER should be forced to play
+# the password game every time they would like to create a new account
+# anywhere whatsoever.
+plugins.security.disabled: true