added auto-recognition of package versions, updated containerfiles with new paths

5 years ago · 9456b02238
15 changed files with 155 additions and 65 deletions
--- a/bin/pdm-build
+++ b/bin/pdm-build
@ -64,6 +64,10 @@ fi
 # Main
 # tell buildah to build images in docker format instead of the default OCI format
 # because only docker-format images can use the SHELL directive in Containerfiles
 export BUILDAH_FORMAT=docker
 # build image
 echo "Building image ..."
 podman build -f Containerfile -t tmp-$epoch $buildopts || quit $?
--- a/src/debian/Containerfile
+++ b/src/debian/Containerfile
@ -2,11 +2,21 @@ FROM debian:stable
 CMD [ "/sbin/init" ]
 ENTRYPOINT [ "/sbin/init" ]
 # set default working directory as root for child images
 WORKDIR /root/
 ONBUILD WORKDIR /root/
 # set bash as the default shell for executing commands 
 # inside Containerfiles for child images
 ONBUILD SHELL ["/bin/bash", "-c"]
 # tell bash to read /etc/environment when being run
 # non-interactively for child images
 ONBUILD ENV BASH_ENV=/etc/environment
 # We can't use timedatectl because systemd isn't available
 # during the build process, so we have to set the timezone manually
-ENV TZ=US/Central
+ENV TZ=US/Eastern
 RUN rm /etc/localtime && \
    ln -s /usr/share/zoneinfo/$TZ /etc/localtime && \
    echo $TZ > /etc/timezone
--- a/src/debian/assets/bash.bashrc
+++ b/src/debian/assets/bash.bashrc
@ -6,6 +6,9 @@
 # If not running interactively, don't do anything
 [ -z "$PS1" ] && return
 # load environment variables
 . /etc/environment
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
 shopt -s checkwinsize
--- a/src/gitea/Containerfile
+++ b/src/gitea/Containerfile
@ -9,16 +9,9 @@ LABEL deployopts="\
 -p 9081:80 \
 -p 9022:22 \
 -v /srv/vol/gitea/git:/vol/git \
-v /srv/vol/gitea/db:/vol/db"
+-v /srv/vol/gitea/data:/vol/data"
 # make sure mount directories exist
 RUN mkdir -p /vol/git /vol/db
 # Build variables
 # version of Gitea
 # see the Gitea github page to determine the latest stable release
 ARG giteav=1.12.1
 # version of postgres
 ARG psqlv=11
 # uid that the files owner user should have
 ARG FILESUID=5000
@ -26,9 +19,6 @@ ARG FILESUID=5000
 # database name and user
 ENV DBUSER=gtadmin
 ENV DBNAME=gitea
 # put environment variables in /etc/environment so we can access them from cron scripts
 RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
    echo "DBNAME=$DBNAME" >> /etc/environment
 ###
 ### General Setup
@ -37,6 +27,14 @@ RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
 # install packages we want
 RUN apt update -y && apt install -y postgresql postgresql-doc git
 # put database variables in /etc/environment so anyone can access them
 # also autodetect versions of postgres and gitea and put them in /etc/environment as well
 RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
    echo "DBNAME=$DBNAME" >> /etc/environment && \
    echo "PSQLV=$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" >> /etc/environment && \
    echo "GITEAV=$(wget -q -O - https://dl.gitea.io/gitea/ | grep -m 1 'Current Release' \
                 | perl -pe 's/.*Current Release ([\d.]+).*/\1/')" >> /etc/environment
 # create gitea user with file owner UID
 RUN addgroup --gid $FILESUID gitea && \
    adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea
@ -49,15 +47,15 @@ COPY assets/bin/ /usr/local/bin/
 ###
 # configure PostgreSQL access
-COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
+COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf
 ###
 ### Gitea
 ###
 # dowload gitea
-RUN wget https://dl.gitea.io/gitea/${giteav}/gitea-${giteav}-linux-amd64 && \
+RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \
-    mv gitea-${giteav}-linux-amd64 /usr/local/bin/gitea && \
+    mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \
    chmod +x /usr/local/bin/gitea
 # make directories gitea needs
--- a/src/gitea/assets/bin/maint
+++ b/src/gitea/assets/bin/maint
@ -8,7 +8,7 @@ day=$(date +%d)
 month=$(date +%m)
 year=$(date +%Y)
-dumpdir=/vol/db
+dumpdir=/vol/data
 errlog=error/$year-$month-$day-T$hour.log
 mkdir -p $dumpdir/error
--- a/src/mailsrv/Containerfile
+++ b/src/mailsrv/Containerfile
@ -10,7 +10,7 @@ LABEL deployopts="\
 -p 587:587 \
 -p 143:143 \
 -p 993:993 \
-v /srv/vol/mailsrv/etc:/vol/etc \
+-v /srv/vol/mailsrv/data:/vol/data \
 -v /srv/vol/mailsrv/mail:/vol/mail \
 -v /srv/vol/mailsrv/ssl:/vol/ssl:ro"
--- a/src/mailsrv/assets/bin/mkvirt
+++ b/src/mailsrv/assets/bin/mkvirt
@ -6,24 +6,24 @@ set -e
 ### Users ###
 # copy users db to dovecot config
-cp /vol/etc/users /etc/dovecot/users
+cp /vol/data/users /etc/dovecot/users
 chown dovecot:dovecot /etc/dovecot/users
 # copy users db to postfix config, but without passwords
-cat /vol/etc/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/users
+cat /vol/data/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/users
 postmap /etc/postfix/users
 ### Aliases ###
 # copy aliases to postifx config
 cd /etc/postfix
-cat /vol/etc/aliases.d/*.list > aliases
+cat /vol/data/aliases.d/*.list > aliases
 postmap aliases
 ### Sieve ###
 # copy users sieve to mail
-cd /vol/etc/sieve.d
+cd /vol/data/sieve.d
 for user in * ; do
  mkdir -p /vol/mail/${user}
  chown vmail:vmail /vol/mail/${user}
--- a/src/minecraft_be/Containerfile
+++ b/src/minecraft_be/Containerfile
@ -37,7 +37,8 @@ WORKDIR /home/mcadmin
 # download Minecraft Bedrock dedicated server
 RUN url=$(wget -q https://www.minecraft.net/en-us/download/server/bedrock/ -O - | grep -Eo 'https://[^ ]+bin-linux/bedrock-server-[^ ]+\.zip' | head -n 1) && \
    wget $url && \
-    unzip $(basename $url) && \
+    echo "Unzipping ..." && \
    unzip -q $(basename $url) && \
    rm $(basename $url) && \
    chown -R mcadmin:mcadmin ./
--- a/src/nextcloud/Containerfile
+++ b/src/nextcloud/Containerfile
@ -6,24 +6,17 @@ FROM localhost/debian
 # deploy options
 # -p (port) and -v (volume) both go host:container
 LABEL deployopts="\
 --cap-add SYS_ADMIN \
 -p 9080:80 \
 -v /srv/vol/nextcloud/files:/vol/files \
 -v /srv/vol/nextcloud/data:/vol/data"
 # Build Variables
 # versions of php and postgres
 ARG phpv=7.3
 ARG psqlv=11
 # uid that the files owner user should have
 ARG FILESUID=5000
 # Environment Variables
 # database name and user
 ENV DBUSER=ncadmin
 ENV DBNAME=nextcloud
 # put environment variables in /etc/environment so we can access them from cron scripts
 RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
    echo "DBNAME=$DBNAME" >> /etc/environment
 ###
 ### General Setup
@ -34,37 +27,56 @@ RUN apt update -y && apt install -y apache2 php-fpm php-gd php-zip \
    php-pgsql php-curl php-mbstring php-intl php-imagick php-xml \
    php-json redis php-redis postgresql postgresql-doc php-ldap
 # put database variables in /etc/environment so anyone can access them
 # also autodetect versions of php and postgres and put them in /etc/environment as well
 RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
    echo "DBNAME=$DBNAME" >> /etc/environment && \
    echo "PSQLV=$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" >> /etc/environment && \
    echo "PHPV=$(echo $(php -r 'echo PHP_VERSION;') | cut -d '.' -f 1-2)" >> /etc/environment
 # change www-data's UID to the file owner UID
 RUN usermod --uid $FILESUID www-data && \
    groupmod --gid $FILESUID www-data && \
-    chown -R www-data:www-data /var/www /vol
+    chown -R www-data:www-data /var/www
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
 ###
 ### PHP
 ###
 # enable PHP interpreter
 RUN systemctl enable php${PHPV:?}-fpm
 # copy php configuration
 COPY assets/php/ php/
 RUN mv php/php.ini /etc/php/${PHPV:?}/fpm/ && \
    mv php/www.conf /etc/php/${PHPV:?}/fpm/pool.d/ && \
    rmdir php
 ###
 ### PostgreSQL ###
 ###
 # configure PostgreSQL access
 COPY --chown=postgres:postgres assets/pg_hba.conf ./
 RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/
 ###
 ### Apache
 ###
 # enable modules we need
-RUN a2enmod rewrite headers env dir mime proxy_fcgi && a2enconf php${phpv}-fpm
+RUN a2enmod rewrite headers env dir mime proxy_fcgi && \
    a2enconf php${PHPV:?}-fpm
 # copy site config
 COPY assets/apache/nextcloud.conf /etc/apache2/sites-available/
 WORKDIR /etc/apache2/sites-enabled
 RUN rm 000-default.conf && ln -s ../sites-available/nextcloud.conf
 ###
 ### PHP
 ###
 # enable PHP interpreter
 RUN systemctl enable php${phpv}-fpm
 # copy php configuration
 COPY assets/php/php.ini /etc/php/${phpv}/fpm/
 COPY assets/php/www.conf /etc/php/${phpv}/fpm/pool.d/
 ###
 ### Redis
 ###
@ -75,13 +87,6 @@ COPY --chown=redis:redis assets/redis.conf /etc/redis/redis.conf
 # add www-data to redis group so it can use the socket
 RUN usermod -a -G redis www-data
 ###
 ### PostgreSQL ###
 ###
 # configure PostgreSQL access
 COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
 ###
 ### Nextcloud
 ###
@ -107,3 +112,12 @@ COPY --chown=www-data:www-data assets/my.config.php nextcloud/config/
 COPY assets/crontab /root/
 # crontab for www-data
 RUN crontab -u www-data /root/crontab
 ###
 ### Bugfix
 ###
 # push the fixed systemd file for redis
 COPY bugfix/redis.service /etc/systemd/system/redis.service
 COPY bugfix/apache2.override /etc/systemd/system/apache2.service.d/override.conf
--- a/src/nextcloud/assets/bin/maint
+++ b/src/nextcloud/assets/bin/maint
@ -1,7 +1,7 @@
 #!/bin/bash
 # load environment variables
-source /etc/environment
+. /etc/environment
 hour=$(date +%H)
 day=$(date +%d)
--- a/src/nextcloud/assets/bin/nc-adduser
+++ b/src/nextcloud/assets/bin/nc-adduser
@ -9,13 +9,7 @@ set -e
 nc-occ user:add "$1"
 nc-occ maintenance:mode --on
 mkdir -p /vol/files/"$1"
 chown www-data:www-data /vol/files/"$1"
-rsync -vaSH /srv/nextcloud/data/"$1"/files/ /vol/files/"$1"/
+nc-mntuser "$1"
 rm -r /srv/nextcloud/data/"$1"/files
 ln -s /vol/files/"$1" /srv/nextcloud/data/"$1"/files
 nc-occ maintenance:mode --off
--- a/src/nextcloud/assets/bin/nc-mntuser
+++ b/src/nextcloud/assets/bin/nc-mntuser
@ -0,0 +1,20 @@
 #!/bin/bash
 if [[ -z $1 ]]; then
        echo "Usage: $0 user"
        exit 2
 fi
 intdir=/srv/nextcloud/data
 extdir=/vol/files
 set -e
 nc-occ maintenance:mode --on
 mkdir -p $intdir/$user/files
 chown -R www-data:www-data $intdir/$user
 echo "$extdir/$user $intdir/$user/files none defaults,bind 0 0" >> /etc/fstab
 mount -a
 nc-occ maintenance:mode --off
--- a/src/nextcloud/bugfix/apache2.override
+++ b/src/nextcloud/bugfix/apache2.override
@ -0,0 +1,2 @@
 [Service]
 PrivateTmp=false
--- a/src/nextcloud/bugfix/redis.service
+++ b/src/nextcloud/bugfix/redis.service
@ -0,0 +1,46 @@
 [Unit]
 Description=Advanced key-value store
 After=network.target
 Documentation=http://redis.io/documentation, man:redis-server(1)
 [Service]
 Type=forking
 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
 ExecStop=/bin/kill -s TERM $MAINPID
 PIDFile=/run/redis/redis-server.pid
 TimeoutStopSec=0
 Restart=always
 User=redis
 Group=redis
 RuntimeDirectory=redis
 RuntimeDirectoryMode=2755
 UMask=007
 #PrivateTmp=yes
 LimitNOFILE=65535
 #PrivateDevices=yes
 #ProtectHome=yes
 #ReadOnlyDirectories=/
 #ReadWritePaths=-/var/lib/redis
 #ReadWritePaths=-/var/log/redis
 #ReadWritePaths=-/var/run/redis
 NoNewPrivileges=true
 CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
 MemoryDenyWriteExecute=true
 #ProtectKernelModules=true
 #ProtectKernelTunables=true
 #ProtectControlGroups=true
 RestrictRealtime=true
 RestrictNamespaces=true
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 # redis-server can write to its own config file when in cluster mode so we
 # permit writing there by default. If you are not using this feature, it is
 # recommended that you replace the following lines with "ProtectSystem=full".
 #ProtectSystem=true
 #ReadWritePaths=-/etc/redis
 [Install]
 WantedBy=multi-user.target
 Alias=redis.service
--- a/src/samba/Containerfile
+++ b/src/samba/Containerfile
@ -7,11 +7,9 @@ FROM localhost/debian:latest
 # -p (port) and -v (volume) both go host:container
 LABEL deployopts="\
 -p 9045:445 \
-v /tank/files/db/samba:/vol/db \
+-v /srv/vol/samba/data:/vol/data \
-v /tank/files/media:/vol/media \
+-v /srv/vol/samba/media:/vol/media \
-v /tank/files/user:/vol/user"
+-v /srv/vol/samba/files:/vol/files"
 # make sure mount directories exist
 RUN mkdir -p /vol/db /vol/media /vol/user
 # uid that the files owner user should have
 ARG FILESUID=5000
@ -27,7 +25,7 @@ RUN apt update -y && apt install -y samba
 RUN addgroup --gid $FILESUID files && \
    adduser files --ingroup files --uid $FILESUID --disabled-password --gecos "Files Owner" --shell /usr/sbin/nologin --no-create-home
-RUN chown -R files:files /vol
+RUN mkdir /vol && chown -R files:files /vol
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
@ -35,7 +33,7 @@ COPY assets/bin/ /usr/local/bin/
 RUN ls -A /home
 # replace home with symlink
-RUN cd / && rmdir home && ln -s /vol/user home
+RUN cd / && rmdir home && ln -s /vol/files home
 ###
 ### NMBD