Merge branch 'master' of ssh://git.alemor.org:4323/mar/container

bin/pdm-build

@@ -64,6 +64,10 @@ fi
 
 # Main
 
+# tell buildah to build images in docker format instead of the default OCI format
+# because only docker-format images can use the SHELL directive in Containerfiles
+export BUILDAH_FORMAT=docker
+
 # build image
 echo "Building image ..."
 podman build -f Containerfile -t tmp-$epoch $buildopts || quit $?

src/debian/Containerfile

@@ -2,11 +2,21 @@ FROM debian:stable
 CMD [ "/sbin/init" ]
 ENTRYPOINT [ "/sbin/init" ]
 
+# set default working directory as root for child images
 WORKDIR /root/
+ONBUILD WORKDIR /root/
+
+# set bash as the default shell for executing commands 
+# inside Containerfiles for child images
+ONBUILD SHELL ["/bin/bash", "-c"]
+
+# tell bash to read /etc/environment when being run
+# non-interactively for child images
+ONBUILD ENV BASH_ENV=/etc/environment
 
 # We can't use timedatectl because systemd isn't available
 # during the build process, so we have to set the timezone manually
-ENV TZ=US/Central
+ENV TZ=US/Eastern
 RUN rm /etc/localtime && \
     ln -s /usr/share/zoneinfo/$TZ /etc/localtime && \
     echo $TZ > /etc/timezone

src/debian/assets/bash.bashrc

@@ -6,6 +6,9 @@
 # If not running interactively, don't do anything
 [ -z "$PS1" ] && return
 
+# load environment variables
+. /etc/environment
+
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
 shopt -s checkwinsize

src/gitea/Containerfile

@@ -9,16 +9,9 @@ LABEL deployopts="\
 -p 9081:80 \
 -p 9022:22 \
 -v /srv/vol/gitea/git:/vol/git \
--v /srv/vol/gitea/db:/vol/db"
-# make sure mount directories exist
-RUN mkdir -p /vol/git /vol/db
+-v /srv/vol/gitea/data:/vol/data"
 
 # Build variables
-# version of Gitea
-# see the Gitea github page to determine the latest stable release
-ARG giteav=1.12.1
-# version of postgres
-ARG psqlv=11
 # uid that the files owner user should have
 ARG FILESUID=5000
 
@@ -26,9 +19,6 @@ ARG FILESUID=5000
 # database name and user
 ENV DBUSER=gtadmin
 ENV DBNAME=gitea
-# put environment variables in /etc/environment so we can access them from cron scripts
-RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
-    echo "DBNAME=$DBNAME" >> /etc/environment
 
 ###
 ### General Setup
@@ -37,6 +27,14 @@ RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
 # install packages we want
 RUN apt update -y && apt install -y postgresql postgresql-doc git
 
+# put database variables in /etc/environment so anyone can access them
+# also autodetect versions of postgres and gitea and put them in /etc/environment as well
+RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
+    echo "DBNAME=$DBNAME" >> /etc/environment && \
+    echo "PSQLV=$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" >> /etc/environment && \
+    echo "GITEAV=$(wget -q -O - https://dl.gitea.io/gitea/ | grep -m 1 'Current Release' \
+                 | perl -pe 's/.*Current Release ([\d.]+).*/\1/')" >> /etc/environment
+
 # create gitea user with file owner UID
 RUN addgroup --gid $FILESUID gitea && \
     adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea
@@ -49,15 +47,15 @@ COPY assets/bin/ /usr/local/bin/
 ###
 
 # configure PostgreSQL access
-COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
+COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf
 
 ###
 ### Gitea
 ###
 
 # dowload gitea
-RUN wget https://dl.gitea.io/gitea/${giteav}/gitea-${giteav}-linux-amd64 && \
-    mv gitea /usr/local/bin/gitea && \
+RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \
+    mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \
     chmod +x /usr/local/bin/gitea
 
 # make directories gitea needs

src/gitea/assets/bin/maint

@@ -8,7 +8,7 @@ day=$(date +%d)
 month=$(date +%m)
 year=$(date +%Y)
 
-dumpdir=/vol/db
+dumpdir=/vol/data
 errlog=error/$year-$month-$day-T$hour.log
 
 mkdir -p $dumpdir/error

src/gitea/assets/gitea.service

@@ -21,7 +21,7 @@ WorkingDirectory=/var/lib/gitea/
 #RuntimeDirectory=gitea
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
-Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea
+Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
 # If you want to bind Gitea to a port below 1024, uncomment
 # the two values below, or use socket activation to pass Gitea its ports as above
 ###

src/mailsrv/Containerfile

@@ -10,7 +10,7 @@ LABEL deployopts="\
 -p 587:587 \
 -p 143:143 \
 -p 993:993 \
--v /srv/vol/mailsrv/etc:/vol/etc \
+-v /srv/vol/mailsrv/data:/vol/data \
 -v /srv/vol/mailsrv/mail:/vol/mail \
 -v /srv/vol/mailsrv/ssl:/vol/ssl:ro"
 
@@ -35,6 +35,12 @@ RUN addgroup --gid ${FILESUID:?} vmail && \
 # copy our custom scripts
 COPY assets/bin /usr/local/bin
 
+# copy root's crontab
+COPY assets/crontab /root/
+
+# load root's crontab
+RUN crontab /root/crontab
+
 ###
 ### mkvirtual
 ###

src/mailsrv/assets/bin/maint

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+cd /vol/mail
+
+for user in *; do
+    # create an archive mailbox (and throw away error because
+    # we don't mind if it already exists)
+    doveadm mailbox create -u $user -s Archive 2> /dev/null
+
+    # get current year
+    currentyear=$(date +%Y)
+    # assume no messages in INBOX are older than this year
+    #year=2000
+    year=$(($currentyear-1))
+    while [[ $year -le $currentyear ]]; do
+        # create an Archive/$year mailbox
+        doveadm mailbox create -u $user -s Archive.$year 2> /dev/null
+
+        # Get list of all subdirs of INBOX
+        mailboxes=$(doveadm mailbox list -u $user | grep -E '^INBOX\..*$' \
+                    | perl -pe 'chomp if eof' | perl -pe 's/^/MAILBOX /' \
+                    | perl -pe 's/\n/ OR /')
+        # add Sent and INBOX to our mailboxes list
+        mailboxes="MAILBOX Sent OR MAILBOX INBOX ${mailboxes:+OR} $mailboxes"
+        # move to the Archive/$year mailbox messages that:
+        # have been flagged as read,
+        # were received on or before $year,
+        # are older than 90 days,
+        # and are in our aforementioned mailboxes
+        doveadm move -u $user Archive.$year SEEN BEFORE 1-Jan-$(($year+1)) \
+                                            BEFORE 90d \( $mailboxes \)
+
+        # delete messages from Trash that have been there for more than 2 weeks
+        doveadm expunge -u $user SAVEDBEFORE 2w MAILBOX Trash
+
+        # step year variable
+        year=$(($year+1))
+    done
+done

src/mailsrv/assets/bin/mkvirt

@@ -6,24 +6,24 @@ set -e
 ### Users ###
 
 # copy users db to dovecot config
-cp /vol/etc/users /etc/dovecot/users
+cp /vol/data/users /etc/dovecot/users
 chown dovecot:dovecot /etc/dovecot/users
 
 # copy users db to postfix config, but without passwords
-cat /vol/etc/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/users
+cat /vol/data/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/users
 postmap /etc/postfix/users
 
 ### Aliases ###
 
 # copy aliases to postifx config
 cd /etc/postfix
-cat /vol/etc/aliases.d/*.list > aliases
+cat /vol/data/aliases.d/*.list > aliases
 postmap aliases
 
 ### Sieve ###
 
 # copy users sieve to mail
-cd /vol/etc/sieve.d
+cd /vol/data/sieve.d
 for user in * ; do
   mkdir -p /vol/mail/${user}
   chown vmail:vmail /vol/mail/${user}

src/mailsrv/assets/crontab

@@ -0,0 +1,4 @@
+# m h  dom mon dow   command
+
+# Run daily mail maintenance
+11 1   *   *   *     /usr/local/bin/maint

src/minecraft_be/Containerfile

@@ -8,7 +8,7 @@ FROM localhost/debian:latest
 LABEL deployopts="\
 -p 19132:19132/udp \
 -p 19133:19133/udp \
--v /srv/vol/minecraft_be/worlds:/vol/worlds"
+-v /srv/vol/minecraft_be/data:/vol/data"
 
 # Build variables
 # uid that the files owner user should have
@@ -37,7 +37,8 @@ WORKDIR /home/mcadmin
 # download Minecraft Bedrock dedicated server
 RUN url=$(wget -q https://www.minecraft.net/en-us/download/server/bedrock/ -O - | grep -Eo 'https://[^ ]+bin-linux/bedrock-server-[^ ]+\.zip' | head -n 1) && \
     wget $url && \
-    unzip $(basename $url) && \
+    echo "Unzipping ..." && \
+    unzip -q $(basename $url) && \
     rm $(basename $url) && \
     chown -R mcadmin:mcadmin ./
 

src/minecraft_be/assets/bin/mcbe-backup

@@ -1,14 +1,29 @@
 #!/bin/bash
 
-do_backup() {
+do_stop() {
     echo "Shutting down server for scheduled daily backup."
     mcbe-shutdown 10 "Shutting down server for scheduled daily backup."
-    rsync -vaSH /home/mcadmin/worlds/ /vol/worlds/
+}
+
+do_start() {
     sleep 5
     echo "Restarting server after backup."
     service mcbe start
 }
 
+do_backup() {
+    day=$(date +%d)
+    cd /vol/data
+    mkdir -p worlds-daily-$day/
+    rsync -vaSH /home/mcadmin/worlds/ worlds-daily-$day/
+    if [[ $day == 1 ]]; then
+        month=$(date +%m)
+        year=$(date +%Y)
+        mkdir -p worlds-$year-$month-$day/
+        rsync -vaSH worlds-daily-$day/ worlds-$year-$month-$day/
+    fi
+}
+
 # Check if server is started
 status=$(systemctl show mcbe -p ActiveState --value)
 # Check if any players present
@@ -16,22 +31,26 @@ players=$(mcbe-exec list | cut -d ' ' -f 3 | cut -d '/' -f 1)
 # check when mcbe-backup was last triggered
 last=$(date -d "$(systemctl show mcbe-backup.timer -p LastTriggerUSec --value)" +%s)
 # get current time
-today=$(date +%s)
+now=$(date +%s)
 
 # if service is not active, do backup immediately and exit
-if [[ $status == inactive ]]; then
+if [[ $status != active ]]; then
     echo "Service is inactive: copying worlds immediately without restarting service."
-    rsync -vaSH /home/mcadmin/worlds/ /vol/worlds/
+    do_backup
 
 # if no players are present, do backup immediately and exit
 elif [[ $players == 0 ]]; then
     echo "No players detected: running backup immediately."
+    do_stop
     do_backup
+    do_start
 
 # if 12 or more hours have passed since backup was triggered, go ahead and force a shutdown anyways
-elif [[ $(( $today - $last )) -ge 43200 ]]; then
+elif [[ $(( $now - $last )) -ge 43200 ]]; then
     echo "Backup was triggered more than 12 hours ago: forcing backup now."
+    do_stop
     do_backup
+    do_start
 
 # otherwise, schedule another attempt in an hour
 else

src/minecraft_be/assets/minecraft/permissions.json

@@ -1,6 +1,10 @@
 [
-   {
-      "permission" : "operator",
-      "xuid" : "2535473403284928"
-   }
+        {
+                "permission": "operator",
+                "xuid": "2535473403284928"
+        },
+        {
+                "permission": "operator",
+                "xuid": "2535422548094088"
+        }
 ]

src/minecraft_be/assets/minecraft/server.properties

@@ -40,11 +40,11 @@ view-distance=80
 # The maximum allowed view distance in number of chunks.
 # Allowed values: Any positive integer.
 
-tick-distance=8
+tick-distance=12
 # The world will be ticked this many chunks away from any player.
 # Allowed values: Integers in the range [4, 12]
 
-player-idle-timeout=30
+player-idle-timeout=0
 # After a player has idled for this many minutes they will be kicked. If set to 0 then players can idle indefinitely.
 # Allowed values: Any non-negative integer.
 

src/minecraft_be/assets/minecraft/whitelist.json

@@ -1 +1,28 @@
-[{ignoresPlayerLimit:false,name:MarVel0z,xuid:2535473403284928},{ignoresPlayerLimit:false,name:BISONMEATS},{ignoresPlayerLimit:false},{ignoresPlayerLimit:false,name:TrinityAri,xuid:2535422548094088},{ignoresPlayerLimit:false,name:Marcade645},{ignoresPlayerLimit:false,name:JogsIntoMordor}]
+[
+        {
+                "ignoresPlayerLimit": false,
+                "name": "MarVel0z",
+                "xuid": "2535473403284928"
+        },
+        {
+                "ignoresPlayerLimit": false,
+                "name": "BISONMEATS"
+        },
+        {
+                "ignoresPlayerLimit": false,
+                "name": "TrinityAri",
+                "xuid": "2535422548094088"
+        },
+        {
+                "ignoresPlayerLimit": false,
+                "name": "Marcade645"
+        },
+        {
+                "ignoresPlayerLimit": false,
+                "name": "JogsIntoMordor"
+        },
+        {
+                "ignoresPlayerLimit": false,
+                "name": "ElagabalusC"
+        }
+]

src/nextcloud/Containerfile

@@ -6,26 +6,17 @@ FROM localhost/debian
 # deploy options
 # -p (port) and -v (volume) both go host:container
 LABEL deployopts="\
+--cap-add SYS_ADMIN \
 -p 9080:80 \
--v /tank/files/user/mar:/vol/files/mar/files \
--v /tank/files/db/nextcloud:/vol/db"
-# make sure mount directories exist
-RUN mkdir -p /vol/files/mar/files /vol/db
+-v /srv/vol/nextcloud/files:/vol/files \
+-v /srv/vol/nextcloud/data:/vol/data"
 
 # Build Variables
-# versions of php and postgres
-ARG phpv=7.3
-ARG psqlv=11
 # uid that the files owner user should have
 ARG FILESUID=5000
-
-# Environment Variables
 # database name and user
 ENV DBUSER=ncadmin
 ENV DBNAME=nextcloud
-# put environment variables in /etc/environment so we can access them from cron scripts
-RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
-    echo "DBNAME=$DBNAME" >> /etc/environment
 
 ###
 ### General Setup
@@ -36,37 +27,56 @@ RUN apt update -y && apt install -y apache2 php-fpm php-gd php-zip \
     php-pgsql php-curl php-mbstring php-intl php-imagick php-xml \
     php-json redis php-redis postgresql postgresql-doc php-ldap
 
+
+# put database variables in /etc/environment so anyone can access them
+# also autodetect versions of php and postgres and put them in /etc/environment as well
+RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
+    echo "DBNAME=$DBNAME" >> /etc/environment && \
+    echo "PSQLV=$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" >> /etc/environment && \
+    echo "PHPV=$(echo $(php -r 'echo PHP_VERSION;') | cut -d '.' -f 1-2)" >> /etc/environment
+
 # change www-data's UID to the file owner UID
 RUN usermod --uid $FILESUID www-data && \
     groupmod --gid $FILESUID www-data && \
-    chown -R www-data:www-data /var/www /vol
+    chown -R www-data:www-data /var/www
 
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
 
+###
+### PHP
+###
+
+# enable PHP interpreter
+RUN systemctl enable php${PHPV:?}-fpm
+
+# copy php configuration
+COPY assets/php/ php/
+RUN mv php/php.ini /etc/php/${PHPV:?}/fpm/ && \
+    mv php/www.conf /etc/php/${PHPV:?}/fpm/pool.d/ && \
+    rmdir php
+
+###
+### PostgreSQL ###
+###
+
+# configure PostgreSQL access
+COPY --chown=postgres:postgres assets/pg_hba.conf ./
+RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/
+
 ###
 ### Apache
 ###
 
 # enable modules we need
-RUN a2enmod rewrite headers env dir mime proxy_fcgi && a2enconf php${phpv}-fpm
+RUN a2enmod rewrite headers env dir mime proxy_fcgi && \
+    a2enconf php${PHPV:?}-fpm
 
 # copy site config
 COPY assets/apache/nextcloud.conf /etc/apache2/sites-available/
 WORKDIR /etc/apache2/sites-enabled
 RUN rm 000-default.conf && ln -s ../sites-available/nextcloud.conf
 
-###
-### PHP
-###
-
-# enable PHP interpreter
-RUN systemctl enable php${phpv}-fpm
-
-# copy php configuration
-COPY assets/php/php.ini /etc/php/${phpv}/fpm/
-COPY assets/php/www.conf /etc/php/${phpv}/fpm/pool.d/
-
 ###
 ### Redis
 ###
@@ -77,13 +87,6 @@ COPY --chown=redis:redis assets/redis.conf /etc/redis/redis.conf
 # add www-data to redis group so it can use the socket
 RUN usermod -a -G redis www-data
 
-###
-### PostgreSQL ###
-###
-
-# configure PostgreSQL access
-COPY --chown=postgres:postgres assets/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
-
 ###
 ### Nextcloud
 ###
@@ -96,6 +99,10 @@ RUN wget https://download.nextcloud.com/server/releases/latest.zip && \
     chown -R www-data:www-data nextcloud && \
     rm latest.zip
 
+# create data dir for nextcloud
+RUN mkdir -p /srv/nextcloud/data && \
+    chown -R www-data:www-data /srv/nextcloud
+
 # copy nextcloud config
 COPY --chown=www-data:www-data assets/my.config.php nextcloud/config/
 
@@ -113,6 +120,4 @@ RUN crontab -u www-data /root/crontab
 # push the fixed systemd file for redis
 COPY bugfix/redis.service /etc/systemd/system/redis.service
 
-# execute command to workaround bug in cron
-COPY bugfix/cronfix /root/
-RUN chmod +x /root/cronfix && /root/cronfix
+COPY bugfix/apache2.override /etc/systemd/system/apache2.service.d/override.conf

src/nextcloud/Systemdfile

@@ -10,9 +10,9 @@ sleep 5
 db-make
 
 # install nextcloud
-nc-occ maintenance:install --data-dir "/vol/files/" --database "pgsql" --database-host "/var/run/postgresql" --database-name "$DBNAME" --database-user "$DBUSER" --database-pass "" --admin-user "admin" --admin-pass "admin"
+nc-occ maintenance:install --data-dir "/srv/nextcloud/data/" --database "pgsql" --database-host "/var/run/postgresql" --database-name "$DBNAME" --database-user "$DBUSER" --database-pass "" --admin-user "admin" --admin-pass "admin"
 
-# configure nextcloud
+# do post-installation steps
 nc-occ maintenance:update:htaccess
 nc-occ db:add-missing-indices
 nc-occ db:convert-filecache-bigint
@@ -28,5 +28,5 @@ nc-occ app:install mail
 nc-occ app:disable comments federation files_trashbin files_versions firstrunwizard recommendations support survey_client systemtags
 
 # configure apps
-# currently set to one day; to set to one hour use 'PT1H'
+# set calendar to refresh subscriptions once a day (to set to one hour use 'PT1H' instead)
 nc-occ config:app:set dav calendarSubscriptionRefreshRate --value P1D

src/nextcloud/assets/bin/maint

@@ -1,14 +1,14 @@
 #!/bin/bash
 
 # load environment variables
-source /etc/environment
+. /etc/environment
 
 hour=$(date +%H)
 day=$(date +%d)
 month=$(date +%m)
 year=$(date +%Y)
 
-dumpdir=/vol/db
+dumpdir=/vol/data
 errlog=error/$year-$month-$day-T$hour.log
 
 mkdir -p $dumpdir/error

src/nextcloud/assets/bin/nc-adduser

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [[ -z $1 ]]; then
+        echo "Usage: $0 username"
+        exit 2
+fi
+
+set -e
+
+nc-occ user:add "$1"
+
+mkdir -p /vol/files/"$1"
+chown www-data:www-data /vol/files/"$1"
+
+nc-mntuser "$1"

src/nextcloud/assets/bin/nc-mntuser

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [[ -z $1 ]]; then
+        echo "Usage: $0 user"
+        exit 2
+fi
+
+intdir=/srv/nextcloud/data
+extdir=/vol/files
+
+set -e
+
+nc-occ maintenance:mode --on
+
+mkdir -p $intdir/$user/files
+chown -R www-data:www-data $intdir/$user
+echo "$extdir/$user $intdir/$user/files none defaults,bind 0 0" >> /etc/fstab
+mount -a
+
+nc-occ maintenance:mode --off

src/nextcloud/bugfix/apache2.override

@@ -0,0 +1,2 @@
+[Service]
+PrivateTmp=false

src/nextcloud/bugfix/cronfix

@@ -1,2 +0,0 @@
-#!/bin/sh
-sed -i '/session    required     pam_loginuid.so/c\#session    required   pam_loginuid.so' /etc/pam.d/cron

src/samba/Containerfile

@@ -7,11 +7,9 @@ FROM localhost/debian:latest
 # -p (port) and -v (volume) both go host:container
 LABEL deployopts="\
 -p 9045:445 \
--v /tank/files/db/samba:/vol/db \
--v /tank/files/media:/vol/media \
--v /tank/files/user:/vol/user"
-# make sure mount directories exist
-RUN mkdir -p /vol/db /vol/media /vol/user
+-v /srv/vol/samba/data:/vol/data \
+-v /srv/vol/samba/media:/vol/media \
+-v /srv/vol/samba/files:/vol/files"
 
 # uid that the files owner user should have
 ARG FILESUID=5000
@@ -27,7 +25,7 @@ RUN apt update -y && apt install -y samba
 RUN addgroup --gid $FILESUID files && \
     adduser files --ingroup files --uid $FILESUID --disabled-password --gecos "Files Owner" --shell /usr/sbin/nologin --no-create-home
 
-RUN chown -R files:files /vol
+RUN mkdir /vol && chown -R files:files /vol
 
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
@@ -35,7 +33,7 @@ COPY assets/bin/ /usr/local/bin/
 RUN ls -A /home
 
 # replace home with symlink
-RUN cd / && rmdir home && ln -s /vol/user home
+RUN cd / && rmdir home && ln -s /vol/files home
 
 ###
 ### NMBD

src/startpage/assets/data.json

@@ -111,7 +111,12 @@
 		"url"  : "https://www.pandora.com/",
 		"title": "Pandora",
 		"image": "assets/thumbnails/pandora.svg"
-	    }
+	    },
+            {
+                "url"  : "https://libro.fm/",
+                "title": "Libro.fm",
+                "image": "assets/thumbnails/librofm.jpg"
+            }
 	]
     },
     "bookmarks" : {