remove temporary container

.install/bin/pdm-build

@@ -8,6 +8,14 @@ trap 'cleanup' EXIT
 epoch=$(date +%s.%3N)
 today=$(date +%Y-%m-%d-T%H%M)
 
+notopt() {
+	case $1 in
+		1) return 0;;
+		0) return 1;;
+		*) return $1;;
+	esac
+}
+
 badarg() {
     echo -n "$(basename $0): " >&2
     echo "$1" >&2
@@ -21,34 +29,36 @@ cleanup() {
     fi
 }
 
-help="Usage: $(basename $0) [-sdh] [-t tag] [directory] [name]
+help="Usage: $(basename $0) [-sdh] [-t tag] [-v vol] [directory] [name]
 Builds an image from files in a directory, and assigns it a name.
 
-Files used are 'Containerfile' and optionally 'Systemdfile'. If first argument
+Files used are 'Containerfile' and optionally 'Initfile'. If first argument
 is omitted, script assumes files can be found in the current working directory.
 If second argument is omitted, the directory where the files were found is used
 as the image name.
 
 Options:
-  -s        Squash all layers in the image into a single layer
-  -r        Redo build from scratch instead of using cached layers
   -d        Debug mode: don't delete the temporary container created by the script
-            when encountering an error
+  -r        Redo build from scratch instead of using cached layers
-  -t [tag]  Tag the image with the given string. Can be used multiple times to assign
+  -s        Squash all layers in the image into a single layer
+  -t tag    Tag the image with the given string. Can be used multiple times to assign
             multiple tags
+  -v vol    Mount ~/vol as /vol while building
   -h        Display this help and exit"
 
 # Handle options
-opt_squash=0
+opt_squash=1
 opt_redo=0
 opt_debug=0
 opt_tags=()
-while getopts ':srdt:h' arg; do
+opt_vols=()
+while getopts ':srdt:v:h' arg; do
     case $arg in
-        s) opt_squash=1;;
+        s) opt_squash=$(notopt ${opt_squash});;
-        r) opt_redo=1;;
+        r) opt_redo=$(notopt ${opt_redo});;
-        d) opt_debug=1;;
+        d) opt_debug=$(notopt ${opt_debug});;
         t) opt_tags+=("${OPTARG}");;
+	v) opt_vols+=("${OPTARG}");;
         h) echo "$help"; exit 0;;
         :) badarg "Argument missing for option '-$OPTARG'";;
         ?) badarg "Invalid option '-$OPTARG'";;
@@ -82,7 +92,8 @@ else
     cd "$directory"
 fi
 
-buildopts=""
+buildopts="--build-arg EXT_HOME=$HOME"
+runopts=""
 if [[ $opt_squash -eq 1 ]]; then
     buildopts="$buildopts --squash-all"
 fi
@@ -90,39 +101,56 @@ if [[ $opt_redo -eq 1 ]]; then
     buildopts="$buildopts --no-cache"
 fi
 
+for vol in "${opt_vols[@]}"; do
+	buildopts="$buildopts -v $HOME/vol/${name}/${vol}:/vol/${vol}"
+	runopts="$runopts -v $HOME/vol/${name}/${vol}:/vol/${vol}"
+done
+
 # tell buildah to build images in docker format instead of the default OCI format
 # because only docker-format images can use the SHELL directive in Containerfiles
-export BUILDAH_FORMAT=docker
+### export BUILDAH_FORMAT=docker
 
 # build image
-echo "Building image ..."
+echo "Building image tmp-$epoch ..."
 podman build -f Containerfile -t tmp-$epoch $buildopts
 
-# Systemdfile is for commands that need systemd to execute
+# Initfile is for commands that need systemd to execute
-if [[ -f Systemdfile ]]; then
+if [[ -f Initfile ]]; then
-    echo "Running build steps that require systemd ..."
+    echo "Running initialization ..."
-    echo "Creating temporary container ..."
+    echo "Creating temporary container tmp-$epoch ..."
-    podman create --name tmp-$epoch tmp-$epoch
+    podman create --name tmp-$epoch $runopts tmp-$epoch
     podman start tmp-$epoch
-    echo "Copying script to container ..."
+    echo "Copying script to container tmp-$epoch ..."
-    podman cp Systemdfile tmp-$epoch:/root/
+    podman cp Initfile tmp-$epoch:/root/
-    echo "Running script ..."
+    echo "Running Initfile script ..."
-    podman exec tmp-$epoch bash -c "chmod +x /root/Systemdfile && /root/Systemdfile"
+    podman exec tmp-$epoch bash -c "chmod +x /root/Initfile && /root/Initfile"
-    echo "Committing container to image ..."
+    echo "Committing container tmp-$epoch to image $name:$today ..."
     podman commit tmp-$epoch "$name:$today"
+    if [[ $opt_debug -eq 0 ]]; then
+	echo "Removing temporary container tmp-$epoch ..."
+	podman rm -i -f tmp-$epoch
+    fi
 else
-   echo "Systemdfile not found, skipping temporary container step ..."
+   echo "Initfile not found, skipping temporary container step ..."
    # tag image we already built with appropriate tag, and untag with tmp
+   echo "Tagging image tmp-$epoch as $name:$today ..."
    podman tag tmp-$epoch "$name:$today"
-   podman rmi tmp-$epoch
+fi
+
+if ! podman container exists tmp-$epoch ; then
+    echo "Removing temporary image tmp-$epoch ..."
+    podman rmi tmp-$epoch
 fi
 
 # tag image as latest
+echo "Adding latest tag to image $name:$today ..."
 podman tag "$name:$today" "$name:latest"
 
 # assign any extra tags
 for tag in "${opt_tags[@]}"; do
+    echo "Adding tag $tag to image $name:$today ..."
     podman tag "$name:$today" "$name:$tag"
 done
 
-echo "Done!"
+echo "... Done!"
+

debian/Containerfile

@@ -5,19 +5,19 @@ ENTRYPOINT [ "/sbin/init" ]
 
 # set default working directory as root for child images
 WORKDIR /root/
-ONBUILD WORKDIR /root/
+### ONBUILD WORKDIR /root/
 
 # set bash as the default shell for executing commands 
 # inside Containerfiles for child images
-ONBUILD SHELL ["/bin/bash", "-c"]
+### ONBUILD SHELL ["/bin/bash", "-c"]
 
 # tell bash to read /etc/environment when being run
 # non-interactively for child images
-ONBUILD ENV BASH_ENV=/etc/environment
+### ONBUILD ENV BASH_ENV=/etc/environment
 
 # We can't use timedatectl because systemd isn't available
 # during the build process, so we have to set the timezone manually
-ENV TZ=US/Eastern
+ENV TZ=US/Central
 RUN rm /etc/localtime && \
     ln -s /usr/share/zoneinfo/$TZ /etc/localtime && \
     echo $TZ > /etc/timezone
@@ -25,13 +25,15 @@ RUN rm /etc/localtime && \
 # Install packages
 RUN apt update -y && \
     apt full-upgrade -y && \
-    apt install -y init sudo wget nano less man-db unzip rsync procps software-properties-common && \
+    apt install -y init sudo wget vim-tiny \
+                   nano less man-db unzip rsync procps \
+                   software-properties-common && \
     apt autoremove -y --purge && \
     apt clean -y
 
 # Set configuration
-COPY assets/nanorc /etc/nanorc
+COPY assets/etc/ /etc/
-COPY assets/bash.bashrc /etc/bash.bashrc
 
 # copy custom scripts
 COPY assets/bin/ /usr/local/bin/
+

debian/assets/bash.bashrc → debian/assets/etc/bash.bashrc

@@ -5,6 +5,7 @@
 
 # If not running interactively, don't do anything
 [ -z "$PS1" ] && return
+alias more='more -e'
 
 # load environment variables
 . /etc/environment

nextcloud/Containerfile

@@ -5,15 +5,16 @@ FROM localhost/debian
 
 # deploy options
 # -p (port) and -v (volume) both go host:container
+ARG EXT_HOME
 LABEL config_default="\
 -p 9080:80 \
--v $HOME/vol/nextcloud/files:/vol/files \
+-v $EXT_HOME/vol/nextcloud/files:/vol/files \
--v $HOME/vol/nextcloud/data:/vol/data \
+-v $EXT_HOME/vol/nextcloud/data:/vol/data \
 --shm-size=1g"
 
 # Build Variables
 # uid that the files owner user should have
-ARG FILESUID=5000
+### ARG FILESUID=5000
 # database name and user
 ENV DBUSER=ncadmin
 ENV DBNAME=nextcloud
@@ -28,37 +29,43 @@ RUN apt update -y && apt install -y apache2 php-fpm php-gd php-zip php-pgsql \
     redis php-redis postgresql postgresql-doc php-ldap php-bcmath cron
 
 
+# autodetect versions of php and postgres and put them in /etc/environment
 # put database variables in /etc/environment so anyone can access them
-# also autodetect versions of php and postgres and put them in /etc/environment as well
+RUN export PSQLV="$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" && \
-RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
+    export PHPV="$(echo $(php -r 'echo PHP_VERSION;') | cut -d '.' -f 1-2)" && \
-    echo "DBNAME=$DBNAME" >> /etc/environment && \
+    rm -f /vol/data/etc/environment && \
-    echo "PSQLV=$(psql -V | cut -d ' ' -f 3 | cut -d '.' -f 1)" >> /etc/environment && \
+    echo "export PSQLV=$PSQLV" >> /vol/data/etc/environment && \
-    echo "PHPV=$(echo $(php -r 'echo PHP_VERSION;') | cut -d '.' -f 1-2)" >> /etc/environment
+    echo "export PHPV=$PHPV" >> /vol/data/etc/environment && \
+    echo "export DBUSER=$DBUSER" >> /vol/data/etc/environment && \
+    echo "export DBNAME=$DBNAME" >> /vol/data/etc/environment && \
+    rm -f /etc/environment && \
+    ln -s /vol/data/etc/environment /etc/environment
 
 # change www-data's UID to the file owner UID
-RUN usermod --uid $FILESUID www-data && \
+### RUN usermod --uid $FILESUID www-data && \
-    groupmod --gid $FILESUID www-data && \
+###     groupmod --gid $FILESUID www-data
+
+# make sure volume dirs exist, and copy sample data
+### COPY --chown=www-data:www-data data/ /vol/data/
+RUN mkdir -p /vol/data /vol/files && \
+    chown -R www-data:www-data /vol/data && \
     chown -R www-data:www-data /var/www
 
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
 
-# make sure volume dirs exist, and copy sample data
-RUN mkdir -p /vol/data /vol/files
-
-COPY --chown=www-data:www-data data/ /vol/data/
-
 ###
 ### PHP
 ###
 
-# enable PHP interpreter
-RUN systemctl enable php${PHPV:?}-fpm
-
 # copy php configuration
 COPY assets/php/ php/
-RUN mv php/php.ini /etc/php/${PHPV:?}/fpm/ && \
+
+# enable PHP interpreter
+RUN . /vol/data/etc/environment && \
+    mv php/php.ini /etc/php/${PHPV:?}/fpm/ && \
     mv php/www.conf /etc/php/${PHPV:?}/fpm/pool.d/ && \
+    systemctl enable php${PHPV:?}-fpm && \
     rmdir php
 
 ###
@@ -69,7 +76,8 @@ RUN mv php/php.ini /etc/php/${PHPV:?}/fpm/ && \
 COPY --chown=postgres:postgres assets/postgresql/ postgresql/
 # If the posgresql.conf file contains multiple entries for the same parameter, all but the last one is ignored.
 # So we can just append our settings to the already-existing postgresql.conf file.
-RUN mv postgresql/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/ && \
+RUN . /vol/data/etc/environment && \
+    mv postgresql/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/ && \
     cat postgresql/postgresql.conf >> /etc/postgresql/${PSQLV:?}/main/postgresql.conf && \
     rm -rf postgresql
 
@@ -79,7 +87,8 @@ RUN mv postgresql/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/ && \
 ###
 
 # enable modules we need
-RUN a2enmod rewrite headers env dir mime proxy_fcgi && \
+RUN . /vol/data/etc/environment && \
+    a2enmod rewrite headers env dir mime proxy_fcgi && \
     a2enconf php${PHPV:?}-fpm
 
 # copy site config
@@ -102,26 +111,27 @@ RUN usermod -a -G redis www-data
 
 # download nextcloud
 COPY assets/nextcloud/ ./
-RUN test -f latest.zip || \
+# copy nextcloud config
-    wget --progress=dot:giga https://download.nextcloud.com/server/releases/latest.zip
+COPY --chown=www-data:www-data assets/config/ nextcloud/config/
+
+### RUN test -f latest.zip || \
+###     wget --progress=dot:giga https://download.nextcloud.com/server/releases/latest.zip
 
     
 WORKDIR /var/www/html
-RUN echo "Unzipping ..." && \
+
+RUN echo "Unzipping nextcloud ..." && \
     unzip -q $HOME/latest.zip && \
     chown -R www-data:www-data nextcloud && \
-    rm $HOME/latest.zip
+    rm $HOME/latest.zip && \
-
+    echo "Creating files dir for nextcloud ..." && \
-# create data dir for nextcloud
+    mkdir -p /vol/files && \
-RUN mkdir -p /vol/files && \
+    chown -R www-data:www-data /vol/files && \
-    chown -R www-data:www-data /vol/files
+    echo "Making link to host config & secret config ..." && \
-
+    cd nextcloud/config && \
-# copy nextcloud config
+    ln -s /vol/data/ncconfig/host.config.php && \
-COPY --chown=www-data:www-data assets/config/ nextcloud/config/
+    ln -s /vol/data/ncconfig/secret.config.php && \
-# make link to host config & secret config
+    echo "... finished installing nextcloud"
-RUN cd nextcloud/config && \
-    ln -s /vol/data/host.config.php && \
-    ln -s /vol/data/secret.config.php
 
 ###
 ### DB Auto Load/Dump
@@ -138,7 +148,8 @@ RUN systemctl enable db-updown.service
 ###
 COPY assets/crontab /root/
 # crontab for www-data
-RUN crontab -u www-data /root/crontab
+RUN crontab -u www-data /root/crontab && \
+    rm -f /root/crontab
 
 ###
 ### Bugfix
@@ -151,10 +162,13 @@ COPY assets/bugfix/apache2.override /etc/systemd/system/apache2.service.d/overri
 
 # bugfix for cron
 COPY assets/bugfix/cronfix /root/
-RUN chmod +x /root/cronfix && /root/cronfix
+RUN chmod +x /root/cronfix && \
+    /root/cronfix && \
+    rm -f /root/cronfix
 
 ###
 ### Workdir
 ###
 
-WORKDIR /vol/data
+### WORKDIR /vol/data
+

nextcloud/Systemdfile → nextcloud/Initfile

@@ -14,7 +14,6 @@ nc-occ maintenance:install --data-dir "/vol/files" --database "pgsql" --database
 
 # do post-installation steps
 nc-occ maintenance:update:htaccess
-nc-occ db:add-missing-indices
 nc-occ db:add-missing-columns
 nc-occ db:convert-filecache-bigint
 
@@ -29,5 +28,10 @@ nc-occ app:install mail
 nc-occ app:disable comments dashboard federation files_trashbin firstrunwizard recommendations support survey_client systemtags
 
 # configure apps
-# set calendar to refresh subscriptions once a day (to set to one hour use 'PT1H' instead)
+# set calendar to refresh subscriptions once a day ('PT1H' for 1 hour, 'P1D' for a day)
-nc-occ config:app:set dav calendarSubscriptionRefreshRate --value P1D
+nc-occ config:app:set dav calendarSubscriptionRefreshRate --value PT1H
+
+# finish configuration
+nc-occ db:add-missing-indices
+nc-occ maintenance:repair --include-expensive
+

nextcloud/data/host.config.php → nextcloud/data/ncconfig/host.config.php

@@ -6,7 +6,7 @@ $CONFIG = array(
   ),
 'overwriteprotocol'     => 'https',
 'overwritehost'         => 'example.domain.com',
-'overwritewebroot'      => '/nextcloud',
+### 'overwritewebroot'      => '/nextcloud',
-
+'overwrite.cli.url' => 'https://example.domain.com/',
 'default_phone_region'  => 'US'
 );

nextcloud/data/ncconfig/secret.config.php

@@ -0,0 +1,9 @@
+<?php
+$CONFIG = array(
+/** After your first install, place the auto-generated values for these parameters here
+    and uncomment them, so that they persist across re-deploys.
+  'passwordsalt' => 'Tor00eCxYW7hxUzeBhdzEU0+MJWwg/',
+  'secret' => 'jBL6XxrYZs7h5TQcLDB33vB5N4RzHxomGGgUEer25K4wdSwc',
+  'instanceid' => 'oc3sbo2jitqd',
+*/
+);

nextcloud/data/secret.config.php

@@ -1,10 +0,0 @@
-<?php
-$CONFIG = array(
-/** After your first install, place the auto-generated values for these parameters here
-    and uncomment them, so that they persist across re-deploys. */
-/**
-  'passwordsalt' => '',
-  'secret' => '',
-  'instanceid' => '',
-*/
-);

nextcloud/scripts/build.sh

@@ -0,0 +1,2 @@
+exec pdm-build -v data -v files "$@"
+

nextcloud/scripts/clean.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+for tag in $(podman images --filter reference=nextcloud --format='{{.Tag}}')
+do
+    echo "Removing image nextcloud:$tag"
+    podman rmi -f nextcloud:$tag
+done
+
+podman unshare rm -rf $HOME/vol/nextcloud
+

nextcloud/scripts/launch.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+#
+exec pdm-launch -c nextcloud "$@"
+

nextcloud/scripts/prep.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+DATADIR=$HOME/vol/nextcloud/data
+FILEDIR=$HOME/vol/nextcloud/files
+
+if [ -f env ]; then
+    . ./env
+else
+    echo "Need env like:"
+    echo USE_HOST="<external host>"
+    exit 1
+fi
+
+if [ ! -d $DATADIR ]; then
+    mkdir -p $DATADIR/etc $DATADIR/ncconfig
+    cp data/ncconfig/* $DATADIR/ncconfig/
+    sed -e "s/example.domain.com/$USE_HOST/" \
+           data/ncconfig/host.config.php \
+           > $DATADIR/ncconfig/host.config.php
+fi
+
+if [ ! -d $FILEDIR ]; then
+    mkdir -p $FILEDIR
+fi
+
+
+mkdir -p assets/nextcloud
+cd assets/nextcloud
+if [ -e latest.zip ]; then
+    echo Available Nextcloud files:
+    ls -lF
+else
+    wget --progress=dot:giga https://download.nextcloud.com/server/releases/latest.zip
+fi
+
+