diff options
author | Mike Crute <mike@crute.us> | 2023-11-21 21:19:38 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2023-11-21 21:19:38 -0800 |
commit | a6dcbdda8fb66393be7e12bd3a90b77c203987d1 (patch) | |
tree | 5be553d205eb689837f6a7972e46880c73681421 | |
parent | aad62a8b259005cb8353d6a7b4a3f60c85803d1f (diff) | |
download | dockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.tar.bz2 dockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.tar.xz dockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.zip |
Remove old builds
114 files changed, 0 insertions, 3005 deletions
diff --git a/al2-wireguard/Dockerfile b/al2-wireguard/Dockerfile deleted file mode 100644 index ca76f37..0000000 --- a/al2-wireguard/Dockerfile +++ /dev/null | |||
@@ -1,56 +0,0 @@ | |||
1 | FROM amazonlinux:2 AS builder | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | ARG VERSION | ||
5 | ARG REGION | ||
6 | |||
7 | RUN set -euxo pipefail; \ | ||
8 | echo "${REGION}" > /etc/yum/vars/awsregion; \ | ||
9 | amazon-linux-extras install -y kernel-ng; \ | ||
10 | yum install -y \ | ||
11 | libmnl-devel \ | ||
12 | libmnl-static \ | ||
13 | glibc-static \ | ||
14 | elfutils-libelf-devel \ | ||
15 | kernel-devel \ | ||
16 | pkgconfig \ | ||
17 | "@Development Tools" \ | ||
18 | ; \ | ||
19 | curl -Ls https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${VERSION}.tar.xz | tar -xJC /usr/src; \ | ||
20 | cd /usr/src/WireGuard-${VERSION}/src; \ | ||
21 | \ | ||
22 | make module; \ | ||
23 | make LDFLAGS="-static" tools | ||
24 | |||
25 | |||
26 | FROM amazonlinux:2 | ||
27 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
28 | |||
29 | ARG VERSION | ||
30 | |||
31 | COPY --from=builder /usr/src/WireGuard-${VERSION}/ /tmp/WireGuard-${VERSION}/ | ||
32 | |||
33 | RUN set -euxo pipefail; \ | ||
34 | yum install -y kmod; \ | ||
35 | \ | ||
36 | mkdir -p /opt/wireguard; \ | ||
37 | cp /tmp/WireGuard-${VERSION}/src/wireguard.ko /opt/wireguard; \ | ||
38 | \ | ||
39 | cd /tmp/WireGuard-${VERSION}/src; \ | ||
40 | \ | ||
41 | install -v -d "/usr/bin"; \ | ||
42 | install -v -d "/usr/share/man/man8"; \ | ||
43 | install -v -m 0755 tools/wg "/usr/bin/wg"; \ | ||
44 | install -v -m 0644 tools/man/wg.8 "/usr/share/man/man8/wg.8"; \ | ||
45 | \ | ||
46 | install -v -m 0700 -d "/etc/wireguard"; \ | ||
47 | install -v -m 0755 tools/wg-quick/linux.bash "/usr/bin/wg-quick"; \ | ||
48 | install -v -m 0644 tools/man/wg-quick.8 "/usr/share/man/man8/wg-quick.8"; \ | ||
49 | \ | ||
50 | yum clean all; \ | ||
51 | rm -rf /tmp/WireGuard-${VERSION} /var/cache/yum | ||
52 | |||
53 | ADD entrypoint.sh / | ||
54 | |||
55 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
56 | CMD [ "sleep", "infinity" ] | ||
diff --git a/al2-wireguard/Makefile b/al2-wireguard/Makefile deleted file mode 100644 index 6b8a2d0..0000000 --- a/al2-wireguard/Makefile +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | WG_VERSION=0.0.20191206 | ||
2 | FULL_VERSION="$(shell uname -r)-wg-$(WG_VERSION)" | ||
3 | IMAGE=docker.crute.me/al2-wireguard:$(FULL_VERSION) | ||
4 | LATEST=$(subst :$(FULL_VERSION),,$(IMAGE)):latest | ||
5 | REGION="us-west-2" | ||
6 | |||
7 | all: | ||
8 | docker pull amazonlinux:2 | ||
9 | docker build \ | ||
10 | --build-arg=VERSION=$(WG_VERSION) \ | ||
11 | --build-arg=REGION=$(REGION) \ | ||
12 | -t $(IMAGE) . | ||
13 | |||
14 | all-no-cache: | ||
15 | docker pull amazonlinux:2 | ||
16 | docker build \ | ||
17 | --no-cache \ | ||
18 | --build-arg=VERSION=$(WG_VERSION) \ | ||
19 | --build-arg=REGION=$(REGION) \ | ||
20 | -t $(IMAGE) . | ||
21 | |||
22 | publish: | ||
23 | docker push $(IMAGE) | ||
24 | docker tag $(IMAGE) $(LATEST) | ||
25 | docker push $(LATEST) | ||
diff --git a/al2-wireguard/entrypoint.sh b/al2-wireguard/entrypoint.sh deleted file mode 100755 index 93f59de..0000000 --- a/al2-wireguard/entrypoint.sh +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | # This needs the SYS_MODULES and NET_ADMIN capabilities | ||
4 | # | ||
5 | # /etc/wireguard should be mounted and include wg-quick configs | ||
6 | # | ||
7 | # /lib/modules/$(uname -r) should be mounted to same in container | ||
8 | |||
9 | modprobe ip6_udp_tunnel | ||
10 | modprobe udp_tunnel | ||
11 | |||
12 | insmod /opt/wireguard/wireguard.ko | ||
13 | |||
14 | for i in /etc/wireguard/*; do | ||
15 | wg-quick up "$(basename ${i/.conf/})" | ||
16 | done | ||
17 | |||
18 | exec "$@" | ||
diff --git a/auto-dvd-ripper/Dockerfile b/auto-dvd-ripper/Dockerfile deleted file mode 100644 index 5994cb7..0000000 --- a/auto-dvd-ripper/Dockerfile +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | COPY handbrake-1.0.7-r5.apk /tmp/ | ||
5 | |||
6 | RUN \ | ||
7 | echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories; \ | ||
8 | apk --no-cache add su-exec dumb-init sg3_utils; \ | ||
9 | apk --no-cache --allow-untrusted add /tmp/handbrake-1.0.7-r5.apk; \ | ||
10 | addgroup -g 1000 -S alpine; \ | ||
11 | adduser -u 1000 -S -H -D -G alpine alpine; \ | ||
12 | addgroup alpine cdrom; \ | ||
13 | rm -rf /root/.cache /tmp/*; | ||
14 | |||
15 | ADD rip_dvd.sh /usr/bin/ | ||
16 | ADD entrypoint.sh / | ||
17 | |||
18 | ENTRYPOINT ["/entrypoint.sh"] | ||
19 | CMD ["/sbin/su-exec", "alpine", "/usr/bin/rip_dvd.sh"] | ||
diff --git a/auto-dvd-ripper/Makefile b/auto-dvd-ripper/Makefile deleted file mode 100644 index a8c34a7..0000000 --- a/auto-dvd-ripper/Makefile +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | ||
2 | IMAGE=auto-dvd-ripper:latest-alpine | ||
3 | |||
4 | all: | ||
5 | docker build -t $(IMAGE) . | ||
6 | |||
7 | all-no-cache: | ||
8 | docker build --no-cache -t $(IMAGE) . | ||
9 | |||
10 | run: | ||
11 | docker run -d \ | ||
12 | --device /dev/cdrom \ | ||
13 | -v /mnt/Media:/mnt/Media \ | ||
14 | -v /var/log/ripper:/var/log/ripper \ | ||
15 | $(IMAGE) | ||
16 | |||
17 | send: | ||
18 | docker save auto-dvd-ripper:latest-alpine | ssh alpine@snoopy docker load | ||
19 | |||
20 | publish: | ||
21 | eval $$(aws ecr get-login --region us-west-2) | ||
22 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | ||
23 | docker push $(REPO)/$(IMAGE) | ||
diff --git a/auto-dvd-ripper/entrypoint.sh b/auto-dvd-ripper/entrypoint.sh deleted file mode 100755 index 8b1a3e4..0000000 --- a/auto-dvd-ripper/entrypoint.sh +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | sg_raw /dev/cdrom ea 00 00 00 00 00 01 | ||
4 | |||
5 | exec /usr/bin/dumb-init "$@" | ||
diff --git a/auto-dvd-ripper/handbrake-1.0.7-r5.apk b/auto-dvd-ripper/handbrake-1.0.7-r5.apk deleted file mode 100644 index c103667..0000000 --- a/auto-dvd-ripper/handbrake-1.0.7-r5.apk +++ /dev/null | |||
Binary files differ | |||
diff --git a/auto-dvd-ripper/rip_dvd.sh b/auto-dvd-ripper/rip_dvd.sh deleted file mode 100755 index 9bb79e0..0000000 --- a/auto-dvd-ripper/rip_dvd.sh +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | exec 1> /var/log/ripper/ripper.log 2>&1 | ||
4 | |||
5 | function handbrake_rip() { | ||
6 | TEMP_FILE="${1}.m4v" | ||
7 | |||
8 | if [ -e "/mnt/Media/IncomingBackup/$TEMP_FILE" ]; then | ||
9 | TEMP_FILE="NewMovie-$(date +%s).m4v" | ||
10 | fi | ||
11 | |||
12 | HandBrakeCLI --main-feature --native-language eng \ | ||
13 | -i /dev/cdrom -o "$TEMP_FILE" \ | ||
14 | --subtitle scan --subtitle-burned native | ||
15 | |||
16 | cp "$TEMP_FILE" "/mnt/Media/Incoming/$TEMP_FILE" | ||
17 | } | ||
18 | |||
19 | function dvdbackup_rip() { | ||
20 | dvdbackup -i /dev/cdrom -M -p | ||
21 | cp -r "${1}" "/mnt/Media/IncomingBackup/" | ||
22 | } | ||
23 | |||
24 | function rip_dvd() { | ||
25 | # Make sure we have storage | ||
26 | if ! mount | grep /mnt/Media > /dev/null; then | ||
27 | email "Error: DVD Rip Failed" "Tried to rip but media wasn't mounted" | ||
28 | return 1 | ||
29 | fi | ||
30 | |||
31 | # Make a temp directory and go there | ||
32 | TEMPDIR=$(mktemp -d) | ||
33 | echo $TEMPDIR | ||
34 | cd $TEMPDIR | ||
35 | |||
36 | # Get title and language | ||
37 | HandBrakeCLI --scan -i /dev/cdrom > dvdinfo 2>&1 | ||
38 | |||
39 | TITLE=$(egrep -o 'DVD Title:.*' dvdinfo | awk 'BEGIN { FS=": "; } { print $2 }') | ||
40 | LANGUAGE=$(grep -A 1 'audio tracks:' dvdinfo | sed -n 2p | awk '{ print $3 }') | ||
41 | |||
42 | # Makeup something unique if the DVD doesn't have one | ||
43 | if [ -z "$TITLE" ]; then | ||
44 | TITLE="NewMovie-$(date +%s)" | ||
45 | fi | ||
46 | |||
47 | trap "eject /dev/cdrom" ERR | ||
48 | |||
49 | #dvdbackup_rip "$TITLE" | ||
50 | handbrake_rip "$TITLE" | ||
51 | |||
52 | eject /dev/cdrom | ||
53 | cd /tmp && rm -rf "$TEMPDIR" | ||
54 | } | ||
55 | |||
56 | while true; do | ||
57 | if ! blkid /dev/cdrom | grep 'TYPE=' >/dev/null; then | ||
58 | sleep 1 | ||
59 | else | ||
60 | echo "=============================== START DVD RIP ==============================" | ||
61 | rip_dvd | ||
62 | echo "============================== FINISH DVD RIP ==============================" | ||
63 | fi | ||
64 | done | ||
diff --git a/awstats/Dockerfile b/awstats/Dockerfile deleted file mode 100644 index 18a679a..0000000 --- a/awstats/Dockerfile +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | |||
5 | # TODO: Is this really needed? | ||
6 | # apk add perl-net-ssleay | ||
7 | |||
8 | RUN set -euxo pipefail; \ | ||
9 | # Install build dependencies | ||
10 | apk add --virtual .build-deps \ | ||
11 | build-base \ | ||
12 | git \ | ||
13 | perl-app-cpanminus \ | ||
14 | perl-dev \ | ||
15 | wget \ | ||
16 | ; \ | ||
17 | apk add \ | ||
18 | curl \ | ||
19 | ; \ | ||
20 | \ | ||
21 | # Install awstats | ||
22 | git clone https://github.com/eldy/awstats.git /opt/awstats; \ | ||
23 | cpanm -n Net::IP Net::DNS; \ | ||
24 | mkdir /etc/awstats; \ | ||
25 | \ | ||
26 | # Install MaxMind GeoIP2 library | ||
27 | apk add perl-net-ssleay; \ | ||
28 | cpanm -n \ | ||
29 | Data::Validate::IP \ | ||
30 | HTTP::Headers \ | ||
31 | HTTP::Request \ | ||
32 | HTTP::Response \ | ||
33 | HTTP::Status \ | ||
34 | JSON::MaybeXS \ | ||
35 | List::SomeUtils \ | ||
36 | LWP::Protocol::https \ | ||
37 | LWP::UserAgent \ | ||
38 | MaxMind::DB::Metadata \ | ||
39 | MaxMind::DB::Reader \ | ||
40 | Moo \ | ||
41 | Moo::Role \ | ||
42 | namespace::clean \ | ||
43 | Params::Validate \ | ||
44 | Path::Class \ | ||
45 | Sub::Quote \ | ||
46 | Test::Fatal \ | ||
47 | Test::Number::Delta \ | ||
48 | Throwable::Error \ | ||
49 | Try::Tiny URI \ | ||
50 | ; \ | ||
51 | \ | ||
52 | git clone https://github.com/maxmind/GeoIP2-perl.git /tmp/GeoIP2-perl; \ | ||
53 | cd /tmp/GeoIP2-perl; \ | ||
54 | perl Makefile.PL; \ | ||
55 | make all install; \ | ||
56 | mkdir /geoip; \ | ||
57 | rm -rf /tmp/GeoIP2-perl; \ | ||
58 | \ | ||
59 | # Cleanup | ||
60 | apk del .build-deps; \ | ||
61 | rm -rf /root/.cpanm/ /var/cache/apk/*; | ||
62 | |||
63 | ADD main /serve | ||
64 | ADD build.sh /build | ||
65 | |||
66 | CMD [ "/serve" ] | ||
diff --git a/awstats/Makefile b/awstats/Makefile deleted file mode 100644 index 52b3117..0000000 --- a/awstats/Makefile +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/awstats:latest | ||
2 | |||
3 | all: | ||
4 | docker pull alpine:edge | ||
5 | docker build -t $(IMAGE) . | ||
6 | |||
7 | all-no-cache: | ||
8 | docker build --no-cache -t $(IMAGE) . | ||
9 | |||
10 | publish: | ||
11 | docker push $(IMAGE) | ||
diff --git a/awstats/build.sh b/awstats/build.sh deleted file mode 100755 index 816ae3b..0000000 --- a/awstats/build.sh +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -euo pipefail | ||
4 | |||
5 | # Validate environment variables | ||
6 | [ -z "$SITE_DOMAIN" ] && { echo "SITE_DOMAIN env variable required"; exit 1; } | ||
7 | [ -z "$SITE_ALIASES" ] && { echo "SITE_DOMAIN env variable required"; exit 1; } | ||
8 | [ -z "$GEOIP_LICENSE_KEY" ] && { echo "GEOIP_LICENSE_KEY env variable required"; exit 1; } | ||
9 | |||
10 | # Create the config template | ||
11 | cat > /etc/awstats/awstats.${SITE_DOMAIN}.conf <<EOF | ||
12 | LogFile="/input/${SITE_DOMAIN}.log" | ||
13 | DirData="/output" | ||
14 | LogFormat = "%virtualname %host - %other %time1 %methodurl %code %bytesd %refererquot %uaquot" | ||
15 | SiteDomain="${SITE_DOMAIN}" | ||
16 | HostAliases="${SITE_DOMAIN} ${SITE_ALIASES}" | ||
17 | #ShowScreenSizeStats=1 | ||
18 | DefaultFile="index.html default.html" | ||
19 | AllowFullYearView=3 | ||
20 | |||
21 | LoadPlugin="ipv6" | ||
22 | # Should be enabled for build only | ||
23 | LoadPlugin="geoip2 /geoip/GeoLite2-Country.mmdb" | ||
24 | LoadPlugin="geoip2_city /geoip/GeoLite2-City.mmdb" | ||
25 | |||
26 | #ExtraSectionName1="Redirected Hit" | ||
27 | #ExtraSectionCodeFilter1="302" | ||
28 | #ExtraSectionCondition1="URL,\/offsite" | ||
29 | #ExtraSectionFirstColumnTitle1="Url" | ||
30 | #ExtraSectionFirstColumnValues1="QUERY_STRING,url=([^&]+)" | ||
31 | #ExtraSectionStatTypes1=HL | ||
32 | #MaxNbOfExtra1=500 | ||
33 | #MinHitExtra1=1 | ||
34 | #ExtraSectionAddSumRow1=1 | ||
35 | EOF | ||
36 | |||
37 | # Download and setup GeoIP Databases | ||
38 | curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp | ||
39 | curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp | ||
40 | curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp | ||
41 | |||
42 | find /tmp -name '*.mmdb' -exec cp '{}' /geoip/ \; | ||
43 | rm -rf /tmp/GeoLite2* | ||
44 | |||
45 | /opt/awstats/wwwroot/cgi-bin/awstats.pl -config=${SITE_DOMAIN} -update -dir=/output | ||
diff --git a/bird/Dockerfile b/bird/Dockerfile deleted file mode 100644 index c8dfd65..0000000 --- a/bird/Dockerfile +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -euxo pipefail; \ | ||
5 | echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories; \ | ||
6 | apk add --no-cache bird; | ||
7 | |||
8 | ADD entrypoint.sh / | ||
9 | ADD bird_common.conf /etc | ||
10 | |||
11 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
diff --git a/bird/Makefile b/bird/Makefile deleted file mode 100644 index e96c7b7..0000000 --- a/bird/Makefile +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/bird:latest | ||
2 | |||
3 | all: | ||
4 | docker build -t $(IMAGE) . | ||
5 | |||
6 | all-no-cache: | ||
7 | docker build --no-cache -t $(IMAGE) . | ||
8 | |||
9 | run: | ||
10 | docker run -d --net=host \ | ||
11 | --cap-add=NET_ADMIN \ | ||
12 | --name=bird \ | ||
13 | -v $PWD/bird:/srv/bird \ | ||
14 | $(IMAGE) | ||
15 | |||
16 | publish: | ||
17 | docker push $(IMAGE) | ||
diff --git a/bird/bird_common.conf b/bird/bird_common.conf deleted file mode 100644 index 2f7f9ac..0000000 --- a/bird/bird_common.conf +++ /dev/null | |||
@@ -1,90 +0,0 @@ | |||
1 | protocol device { | ||
2 | }; | ||
3 | |||
4 | function is_self_net() { | ||
5 | return net ~ OWNNETS; | ||
6 | }; | ||
7 | |||
8 | function is_valid_network() { | ||
9 | return net ~ [ | ||
10 | 172.16.0.0/12+, | ||
11 | 192.168.0.0/16+, | ||
12 | 10.0.0.0/8+, | ||
13 | 100.64.0.0/10+, | ||
14 | 2000::/3+, | ||
15 | fd00::/8+ | ||
16 | ]; | ||
17 | }; | ||
18 | |||
19 | protocol kernel { | ||
20 | ipv4 { | ||
21 | import none; | ||
22 | export filter { | ||
23 | if source = RTS_STATIC && proto != "vpnras_v4" && proto != "hack_v4" then reject; | ||
24 | krt_prefsrc = OWNIP4; | ||
25 | accept; | ||
26 | }; | ||
27 | }; | ||
28 | }; | ||
29 | |||
30 | protocol kernel { | ||
31 | ipv6 { | ||
32 | import none; | ||
33 | export filter { | ||
34 | if source = RTS_STATIC && proto != "vpnras_v6" && proto != "hack_v6" then reject; | ||
35 | krt_prefsrc = OWNIP6; | ||
36 | accept; | ||
37 | }; | ||
38 | }; | ||
39 | }; | ||
40 | |||
41 | template bgp v4peers { | ||
42 | local as OWNAS; | ||
43 | |||
44 | ipv4 { | ||
45 | # this lines allows debugging filter rules | ||
46 | # filtered routes can be looked up in birdc using the "show route filtered" command | ||
47 | import keep filtered; | ||
48 | import filter { | ||
49 | # accept every subnet, except our own advertised subnet | ||
50 | # filtering is important, because some guys try to advertise routes like 0.0.0.0 | ||
51 | if is_valid_network() && !is_self_net() then { | ||
52 | accept; | ||
53 | } | ||
54 | reject; | ||
55 | }; | ||
56 | export filter { | ||
57 | if is_valid_network() then { | ||
58 | accept; | ||
59 | } | ||
60 | reject; | ||
61 | }; | ||
62 | import limit 1000 action block; | ||
63 | }; | ||
64 | }; | ||
65 | |||
66 | template bgp v6peers { | ||
67 | local as OWNAS; | ||
68 | |||
69 | ipv6 { | ||
70 | # this lines allows debugging filter rules | ||
71 | # filtered routes can be looked up in birdc using the "show route filtered" command | ||
72 | import keep filtered; | ||
73 | import filter { | ||
74 | # accept every subnet, except our own advertised subnet | ||
75 | # filtering is important, because some guys try to advertise routes like 0.0.0.0 | ||
76 | if is_valid_network() && !is_self_net() then { | ||
77 | accept; | ||
78 | } | ||
79 | reject; | ||
80 | }; | ||
81 | export filter { | ||
82 | if is_valid_network() then { | ||
83 | accept; | ||
84 | } | ||
85 | reject; | ||
86 | }; | ||
87 | import limit 1000 action block; | ||
88 | }; | ||
89 | }; | ||
90 | |||
diff --git a/bird/entrypoint.sh b/bird/entrypoint.sh deleted file mode 100755 index 54aab0d..0000000 --- a/bird/entrypoint.sh +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | PROFILE="$1" | ||
4 | |||
5 | if [ -z "$PROFILE" ]; then | ||
6 | echo "Profile must be specified on the command line" | ||
7 | exit 1 | ||
8 | fi | ||
9 | |||
10 | if [ ! -e "/srv/bird/${PROFILE}.conf" ]; then | ||
11 | echo "Profile '$PROFILE' does not exist" | ||
12 | exit 1 | ||
13 | fi | ||
14 | |||
15 | exec /usr/sbin/bird -d -f -c /srv/bird/${PROFILE}.conf | ||
diff --git a/bitbucket/Dockerfile b/bitbucket/Dockerfile deleted file mode 100644 index 99d4ad8..0000000 --- a/bitbucket/Dockerfile +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | MAINTAINER Michael Crute <mike@crute.us> | ||
3 | |||
4 | ARG version=4.13.0 | ||
5 | |||
6 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
7 | apt-get update && \ | ||
8 | apt-get install -y curl git openjdk-8-jdk && \ | ||
9 | useradd -r -M -d /srv/wiki -s /bin/nologin bitbucket && \ | ||
10 | curl -o /tmp/bitbucket.tar.gz \ | ||
11 | https://downloads.atlassian.com/software/stash/downloads/atlassian-bitbucket-${version}.tar.gz && \ | ||
12 | mkdir -p /opt/bitbucket && \ | ||
13 | tar -xvzf /tmp/bitbucket.tar.gz -C /opt/bitbucket --strip-components 1 && \ | ||
14 | chown -R bitbucket /opt/bitbucket | ||
15 | |||
16 | RUN \ | ||
17 | apt-get clean && \ | ||
18 | rm -rf /var/lib/apt/lists/* && \ | ||
19 | rm -rf /tmp/* | ||
20 | |||
21 | RUN sed -i 's/^JVM_MAXIMUM_MEMORY="768m"/JVM_MAXIMUM_MEMORY="512m"/' /opt/bitbucket/bin/setenv.sh | ||
22 | ADD entrypoint.sh / | ||
23 | ADD su-exec /usr/bin/ | ||
24 | ENV BITBUCKET_HOME /srv/bitbucket/data | ||
25 | ENV ES_HEAP_SIZE 512m | ||
26 | VOLUME "/srv/bitbucket" | ||
27 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
28 | #CMD ["/opt/bitbucket/bin/start-bitbucket.sh", "-fg"] | ||
29 | CMD ["/opt/bitbucket/bin/start-webapp.sh", "-fg"] | ||
diff --git a/bitbucket/Makefile b/bitbucket/Makefile deleted file mode 100644 index 10ab4df..0000000 --- a/bitbucket/Makefile +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | all: | ||
2 | docker build -t bitbucket . | ||
3 | |||
4 | all-no-cache: | ||
5 | docker build --no-cache -t bitbucket . | ||
6 | |||
7 | run: | ||
8 | docker run -d \ | ||
9 | -p 7990:7990 \ | ||
10 | -p 7999:7999 \ | ||
11 | -v /srv/bitbucket:/srv/bitbucket \ | ||
12 | bitbucket | ||
diff --git a/bitbucket/entrypoint.sh b/bitbucket/entrypoint.sh deleted file mode 100755 index bc3828f..0000000 --- a/bitbucket/entrypoint.sh +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | set -e | ||
4 | |||
5 | export PATH="/usr/bin:$PATH" | ||
6 | |||
7 | if [ ! -d /srv/bitbucket/data ]; then | ||
8 | mkdir /srv/bitbucket/data | ||
9 | chown bitbucket /srv/bitbucket/data | ||
10 | fi | ||
11 | |||
12 | umask 0027 | ||
13 | su-exec bitbucket "$@" | ||
diff --git a/bitbucket/su-exec b/bitbucket/su-exec deleted file mode 100755 index 940f452..0000000 --- a/bitbucket/su-exec +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/Dockerfile b/bugzilla/Dockerfile deleted file mode 100644 index 8ebf911..0000000 --- a/bugzilla/Dockerfile +++ /dev/null | |||
@@ -1,144 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | MAINTAINER Michael Crute <mike@crute.us> | ||
3 | ARG bz_version | ||
4 | |||
5 | ADD binaries/ /tmp/ | ||
6 | ADD patches/ /tmp/ | ||
7 | |||
8 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
9 | echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' > /etc/apt/apt.conf && \ | ||
10 | apt-get update && \ | ||
11 | |||
12 | # Perl needs the UTF-8 locale | ||
13 | apt-get install -y locales && \ | ||
14 | locale-gen en_US.UTF-8 && \ | ||
15 | |||
16 | # Install system dependencies | ||
17 | apt-get install -y \ | ||
18 | cron \ | ||
19 | nginx \ | ||
20 | patch \ | ||
21 | python-boto3 \ | ||
22 | runit \ | ||
23 | sudo \ | ||
24 | syslog-ng \ | ||
25 | && \ | ||
26 | |||
27 | # Install Bugzilla dependencies | ||
28 | apt-get install -y \ | ||
29 | graphviz \ | ||
30 | libappconfig-perl \ | ||
31 | libauthen-radius-perl \ | ||
32 | libauthen-sasl-perl \ | ||
33 | libcache-memcached-fast-perl \ | ||
34 | libcgi-pm-perl \ | ||
35 | libchart-perl \ | ||
36 | libdaemon-generic-perl \ | ||
37 | libdate-calc-perl \ | ||
38 | libdatetime-perl \ | ||
39 | libdatetime-timezone-perl \ | ||
40 | libdbd-mysql-perl \ | ||
41 | libdbd-sqlite3-perl \ | ||
42 | libdbi-perl \ | ||
43 | libemail-mime-perl \ | ||
44 | libemail-reply-perl \ | ||
45 | libemail-sender-perl \ | ||
46 | libencode-detect-perl \ | ||
47 | libfile-copy-recursive-perl \ | ||
48 | libfile-mimeinfo-perl \ | ||
49 | libfile-slurp-perl \ | ||
50 | libfile-which-perl \ | ||
51 | libgd-graph-perl \ | ||
52 | libhtml-formattext-withlinks-perl \ | ||
53 | libhtml-scrubber-perl \ | ||
54 | libjson-rpc-perl \ | ||
55 | libmath-random-isaac-perl \ | ||
56 | libmath-random-isaac-xs-perl \ | ||
57 | libmime-tools-perl \ | ||
58 | libmodule-build-perl \ | ||
59 | libmoox-strictconstructor-perl \ | ||
60 | libnet-ldap-perl \ | ||
61 | libplack-perl \ | ||
62 | libsoap-lite-perl \ | ||
63 | libtemplate-perl \ | ||
64 | libtemplate-plugin-gd-perl \ | ||
65 | libtest-taint-perl \ | ||
66 | libtext-multimarkdown-perl \ | ||
67 | libtheschwartz-perl \ | ||
68 | liburi-db-perl \ | ||
69 | libxml-perl \ | ||
70 | libxml-twig-perl \ | ||
71 | perlmagick \ | ||
72 | python-sphinx \ | ||
73 | rst2pdf \ | ||
74 | && \ | ||
75 | |||
76 | dpkg -i /tmp/libpatchreader-perl_0.9.6-1_all.deb && \ | ||
77 | dpkg -i /tmp/libtheschwartz-perl_1.12-1_all.deb && \ | ||
78 | |||
79 | # Setup users and groups | ||
80 | groupadd -g 901 bugzilla && \ | ||
81 | usermod -a -G bugzilla www-data && \ | ||
82 | useradd -d /var/www/html/bugzilla -M -N -g bugzilla -G www-data -s /bin/bash -u 901 bugzilla && \ | ||
83 | |||
84 | # Setup bugzilla app | ||
85 | curl -L -o "/tmp/release-${bz_version}.tar.gz" "https://github.com/bugzilla/bugzilla/archive/release-${bz_version}.tar.gz" && \ | ||
86 | mkdir -p /var/www/html && \ | ||
87 | tar -C /var/www/html/ -xvzf /tmp/release-${bz_version}.tar.gz && \ | ||
88 | ln -s /var/www/html/bugzilla-release-${bz_version} /var/www/html/bugzilla && \ | ||
89 | tar -C /var/www/html/bugzilla/skins/contrib/ -xvzf /tmp/Bright-Skin.tar.gz && \ | ||
90 | rm /etc/nginx/sites-enabled/default && \ | ||
91 | ln -s /etc/nginx/sites-available/bugzilla /etc/nginx/sites-enabled/bugzilla && \ | ||
92 | |||
93 | # Run the initial setup | ||
94 | # | ||
95 | # The bugzilla user must have permissions to modify files in the release | ||
96 | # directory because checksetup.pl will change permissions so that the files are | ||
97 | # owned by that user. Without those permission changes running plack will fail | ||
98 | # with permission errors. Additionally, all checksetup.pl invocations must | ||
99 | # happen as the bugzilla user for permissions to be properly updated. | ||
100 | |||
101 | chown -R bugzilla /var/www/html/bugzilla-release-${bz_version} && \ | ||
102 | |||
103 | # First time creates the config file | ||
104 | cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \ | ||
105 | |||
106 | # Second time does the real setup | ||
107 | cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \ | ||
108 | |||
109 | # Allow admin overrides | ||
110 | mkdir /srv/bugzilla && \ | ||
111 | |||
112 | mv /var/www/html/bugzilla/localconfig /srv/bugzilla/localconfig && \ | ||
113 | ln -s /srv/bugzilla/localconfig /var/www/html/bugzilla/localconfig && \ | ||
114 | |||
115 | mv /var/www/html/bugzilla/data/db /srv/bugzilla/ && \ | ||
116 | ln -s /srv/bugzilla/db /var/www/html/bugzilla/data/ && \ | ||
117 | |||
118 | mv /var/www/html/bugzilla/data/attachments /srv/bugzilla/ && \ | ||
119 | ln -s /srv/bugzilla/attachments /var/www/html/bugzilla/data/ && \ | ||
120 | |||
121 | mv /var/www/html/bugzilla/data/mining /srv/bugzilla/ && \ | ||
122 | ln -s /srv/bugzilla/mining /var/www/html/bugzilla/data/ && \ | ||
123 | |||
124 | cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/ && \ | ||
125 | |||
126 | # Enable voting extension | ||
127 | rm /var/www/html/bugzilla/extensions/Voting/disabled && \ | ||
128 | |||
129 | # Patch the code | ||
130 | # Update the email_in script to lookup by email instead of assuming that | ||
131 | # usernames are the same as email addresses. | ||
132 | cd / && patch -p1 < /tmp/email_in.pl.patch && \ | ||
133 | |||
134 | # Clean up | ||
135 | rm /etc/apt/apt.conf && \ | ||
136 | apt-get clean && \ | ||
137 | rm -rf /var/lib/apt/lists/* && \ | ||
138 | rm -rf /tmp/* | ||
139 | |||
140 | ADD usr/ /usr/ | ||
141 | ADD etc/ /etc/ | ||
142 | |||
143 | STOPSIGNAL SIGHUP | ||
144 | CMD [ "/usr/bin/dumb-init", "/usr/bin/runsvdir", "/etc/service" ] | ||
diff --git a/bugzilla/Makefile b/bugzilla/Makefile deleted file mode 100644 index f11a22d..0000000 --- a/bugzilla/Makefile +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | IMAGE=bugzilla:latest | ||
2 | VERSION=5.1.1 | ||
3 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | ||
4 | |||
5 | all: | ||
6 | docker build --build-arg=bz_version=$(VERSION) -t $(IMAGE) . | ||
7 | |||
8 | all-no-cache: | ||
9 | docker build --no-cache --build-arg=bz_version=$(VERSION) -t $(IMAGE) . | ||
10 | |||
11 | run: | ||
12 | docker run -d \ | ||
13 | -p 9000:80 \ | ||
14 | -v /srv/bugzilla:/srv/bugzilla \ | ||
15 | $(IMAGE) | ||
16 | |||
17 | publish: | ||
18 | eval $$(aws ecr get-login --region us-west-2) | ||
19 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | ||
20 | docker push $(REPO)/$(IMAGE) | ||
diff --git a/bugzilla/binaries/Bright-Skin.tar.gz b/bugzilla/binaries/Bright-Skin.tar.gz deleted file mode 100644 index 3629fdf..0000000 --- a/bugzilla/binaries/Bright-Skin.tar.gz +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb b/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb deleted file mode 100644 index d6ea10c..0000000 --- a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb b/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb deleted file mode 100644 index b28a307..0000000 --- a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/etc/cron.d/bugzilla b/bugzilla/etc/cron.d/bugzilla deleted file mode 100644 index 8853366..0000000 --- a/bugzilla/etc/cron.d/bugzilla +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | 5 0 * * * bugzilla cd /var/www/html/bugzilla && ./collectstats.pl | ||
2 | */15 * * * * bugzilla cd /var/www/html/bugzilla && ./whine.pl | ||
3 | 0 * * * * bugzilla cd /var/www/html/bugzilla && ./whineatnews.pl | ||
diff --git a/bugzilla/etc/nginx/sites-available/bugzilla b/bugzilla/etc/nginx/sites-available/bugzilla deleted file mode 100644 index d10798f..0000000 --- a/bugzilla/etc/nginx/sites-available/bugzilla +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | server { | ||
2 | root /var/www/html/bugzilla; | ||
3 | |||
4 | autoindex off; | ||
5 | index index.cgi; | ||
6 | |||
7 | location /attachments { return 403; } | ||
8 | location /Bugzilla { return 403; } | ||
9 | location /lib { return 403; } | ||
10 | location /template { return 403; } | ||
11 | location /contrib { return 403; } | ||
12 | location /t { return 403; } | ||
13 | location /xt { return 403; } | ||
14 | location /data { return 403; } | ||
15 | location /graphs { return 403; } | ||
16 | location ~ (\.pm|\.pl|\.psgi|\.tmpl|localconfig.*|cpanfile)$ { return 403; } | ||
17 | |||
18 | location ~ ^/data/webdot/[^/]*\.png$ { } | ||
19 | location ~ ^/graphs/[^/]*\.(png|gif) { } | ||
20 | |||
21 | location /rest { | ||
22 | rewrite ^/rest/(.*)$ rest.cgi?$1 last; | ||
23 | } | ||
24 | |||
25 | location ~ \.(css|js)$ { | ||
26 | expires 1y; | ||
27 | add_header Cache-Control public; | ||
28 | } | ||
29 | |||
30 | location ~ \.cgi$ { | ||
31 | include fastcgi_params; | ||
32 | fastcgi_param SERVER_NAME 'bugs.crute.me'; | ||
33 | fastcgi_param SCRIPT_NAME ''; | ||
34 | fastcgi_param PATH_INFO $uri; | ||
35 | fastcgi_param BZ_CACHE_CONTROL 1; | ||
36 | fastcgi_pass localhost:9090; | ||
37 | } | ||
38 | |||
39 | gzip on; | ||
40 | gzip_types text/xml application/rdf+xml; | ||
41 | } | ||
diff --git a/bugzilla/etc/service/bugzilla/log/run b/bugzilla/etc/service/bugzilla/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/bugzilla/log/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | cat - | ||
diff --git a/bugzilla/etc/service/bugzilla/run b/bugzilla/etc/service/bugzilla/run deleted file mode 100755 index acf5287..0000000 --- a/bugzilla/etc/service/bugzilla/run +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | trap "cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/params.json" EXIT | ||
4 | |||
5 | cp /srv/bugzilla/params.json /var/www/html/bugzilla/data/params.json | ||
6 | |||
7 | cd /var/www/html/bugzilla | ||
8 | |||
9 | /usr/bin/su-exec bugzilla:bugzilla \ | ||
10 | /usr/bin/plackup -s FCGI --listen :9090 /var/www/html/bugzilla/app.psgi | ||
diff --git a/bugzilla/etc/service/cron/log/run b/bugzilla/etc/service/cron/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/cron/log/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | cat - | ||
diff --git a/bugzilla/etc/service/cron/run b/bugzilla/etc/service/cron/run deleted file mode 100755 index dd49bb6..0000000 --- a/bugzilla/etc/service/cron/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | /usr/sbin/cron -f -n | ||
diff --git a/bugzilla/etc/service/nginx/log/run b/bugzilla/etc/service/nginx/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/nginx/log/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | cat - | ||
diff --git a/bugzilla/etc/service/nginx/run b/bugzilla/etc/service/nginx/run deleted file mode 100755 index 0a99b49..0000000 --- a/bugzilla/etc/service/nginx/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | /usr/sbin/nginx -g 'daemon off; master_process on;' | ||
diff --git a/bugzilla/etc/service/syslog-ng/run b/bugzilla/etc/service/syslog-ng/run deleted file mode 100755 index c2b1cd1..0000000 --- a/bugzilla/etc/service/syslog-ng/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | /usr/sbin/syslog-ng -F --no-caps | ||
diff --git a/bugzilla/etc/syslog-ng/syslog-ng.conf b/bugzilla/etc/syslog-ng/syslog-ng.conf deleted file mode 100644 index 989fd46..0000000 --- a/bugzilla/etc/syslog-ng/syslog-ng.conf +++ /dev/null | |||
@@ -1,6 +0,0 @@ | |||
1 | @version: 3.5 | ||
2 | |||
3 | options { flush-lines(0); use-dns(no); stats-freq(0); }; | ||
4 | source s_src { unix-dgram("/dev/log" so-rcvbuf(8192)); internal(); }; | ||
5 | destination d_stdout { pipe("/dev/stdout"); }; | ||
6 | log { source(s_src); destination(d_stdout); }; | ||
diff --git a/bugzilla/patches/answers.pl b/bugzilla/patches/answers.pl deleted file mode 100644 index 90b06af..0000000 --- a/bugzilla/patches/answers.pl +++ /dev/null | |||
@@ -1,6 +0,0 @@ | |||
1 | %answer = ( | ||
2 | 'ADMIN_LOGIN' => 'admin', | ||
3 | 'ADMIN_EMAIL' => 'admin@example.com', | ||
4 | 'ADMIN_PASSWORD' => 'password', | ||
5 | 'ADMIN_REALNAME' => 'Example Admin', | ||
6 | ); | ||
diff --git a/bugzilla/patches/email_in.pl.patch b/bugzilla/patches/email_in.pl.patch deleted file mode 100644 index e2e5ba0..0000000 --- a/bugzilla/patches/email_in.pl.patch +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | --- a/var/www/html/bugzilla-release-5.1.1//email_in.pl 2016-05-16 18:48:27.000000000 +0000 | ||
2 | +++ b/var/www/html/bugzilla-release-5.1.1//email_in.pl 2017-05-17 03:53:38.978805718 +0000 | ||
3 | @@ -509,7 +509,7 @@ | ||
4 | |||
5 | my $username = $mail_fields->{'reporter'}; | ||
6 | |||
7 | -my $user = Bugzilla::User->check($username); | ||
8 | +my $user = new Bugzilla::User(Bugzilla::User::email_to_id($username, 1)); | ||
9 | Bugzilla->set_user($user); | ||
10 | |||
11 | my ($bug, $comment); | ||
diff --git a/bugzilla/sbin/sendmail b/bugzilla/sbin/sendmail deleted file mode 100755 index db5abbd..0000000 --- a/bugzilla/sbin/sendmail +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | #!/usr/bin/python | ||
2 | |||
3 | import os | ||
4 | import re | ||
5 | import sys | ||
6 | import email | ||
7 | import boto3 | ||
8 | import socket | ||
9 | import argparse | ||
10 | from botocore.exceptions import NoRegionError | ||
11 | |||
12 | # These are all the sendmail options we don't support but have to accept so we | ||
13 | # can ignore them without messing up the command line. | ||
14 | # | ||
15 | # Format is (argument, takes parameters) | ||
16 | IGNORED = ( | ||
17 | ("-4", False), ("-6", False), ("-au", True), ("-ap", True), | ||
18 | ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False), | ||
19 | ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False), | ||
20 | ("-bv", False), ("-bz", False), ("-C", True), ("-d", True), | ||
21 | ("-E", False), ("-h", True), ("-m", False), ("-M", True), | ||
22 | ("-N", True), ("-n", False), ("-oA", True), ("-oc", False), | ||
23 | ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True), | ||
24 | ("-of", False), ("-og", True), ("-oH", True), ("-oi", False), | ||
25 | ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True), | ||
26 | ("-or", True), ("-oS", True), ("-os", False), ("-oT", True), | ||
27 | ("-ot", False), ("-ou", True), ("-q", True), ("-R", True), | ||
28 | ("-v", False), ("-F", True), ("-t", True), | ||
29 | ) | ||
30 | |||
31 | # A rough approximation of an email address but should be good enough to pick | ||
32 | # emails out of a command line | ||
33 | SORTA_EMAIL = re.compile("\S+@\S+\.\S+") | ||
34 | |||
35 | if os.path.exists("/etc/mailname"): | ||
36 | with open("/etc/mailname", "r") as fp: | ||
37 | MAIL_DOMAIN = fp.read().strip() | ||
38 | else: | ||
39 | MAIL_DOMAIN = socket.getfqdn() | ||
40 | |||
41 | # Configuration comes from the environment or metadata service | ||
42 | try: | ||
43 | client = boto3.client("ses") | ||
44 | except NoRegionError: | ||
45 | boto3.setup_default_session(region_name="us-west-2") | ||
46 | client = boto3.client("ses") | ||
47 | |||
48 | |||
49 | |||
50 | def parse_args(): | ||
51 | parser = argparse.ArgumentParser(add_help=False) | ||
52 | parser.add_argument("-V", action="store_true", dest="display_version") | ||
53 | parser.add_argument("-f", nargs=1, dest="sender_addr") | ||
54 | parser.add_argument("-r", nargs=1, dest="sender_addr") | ||
55 | |||
56 | for arg, nargs in IGNORED: | ||
57 | parser.add_argument(arg, nargs="?" if nargs else None) | ||
58 | |||
59 | opts, args = parser.parse_known_args() | ||
60 | addresses = [a for a in args if SORTA_EMAIL.match(a)] | ||
61 | |||
62 | return opts, addresses | ||
63 | |||
64 | |||
65 | def main(): | ||
66 | opts, addresses = parse_args() | ||
67 | |||
68 | if opts.display_version: | ||
69 | print("SES raw mail sender (definitely not sendmail)") | ||
70 | sys.exit(0) | ||
71 | |||
72 | try: | ||
73 | sender = opts.sender_addr[0] | ||
74 | except (IndexError, TypeError): | ||
75 | sender = None | ||
76 | |||
77 | msg = email.message_from_string(sys.stdin.read().encode("us-ascii")) | ||
78 | |||
79 | # Fix up cron emails | ||
80 | if 'Cron Daemon' in msg.get("From"): | ||
81 | msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN)) | ||
82 | |||
83 | ses_args = {"RawMessage": {"Data": msg.as_string()}} | ||
84 | |||
85 | if sender and not SORTA_EMAIL.match(sender): | ||
86 | raise Exception("Sender email does not look like an email") | ||
87 | |||
88 | if sender: | ||
89 | ses_args["Source"] = sender | ||
90 | |||
91 | if addresses: | ||
92 | ses_args["Destinations"] = addresses | ||
93 | |||
94 | client.send_raw_email(**ses_args) | ||
95 | |||
96 | |||
97 | if __name__ == "__main__": | ||
98 | try: | ||
99 | main() | ||
100 | sys.exit(0) | ||
101 | except Exception as e: | ||
102 | print("Error during sending:") | ||
103 | print(e) | ||
104 | sys.exit(1) | ||
diff --git a/bugzilla/usr/bin/bugzilla_fetch.py b/bugzilla/usr/bin/bugzilla_fetch.py deleted file mode 100755 index b4a9805..0000000 --- a/bugzilla/usr/bin/bugzilla_fetch.py +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import boto3 | ||
4 | import subprocess | ||
5 | |||
6 | |||
7 | client = boto3.client("s3") | ||
8 | bucket = "mcrute-bugs-emails" | ||
9 | email_bin = "/var/www/html/bugzilla/email_in.pl" | ||
10 | items = client.list_objects_v2(Bucket=bucket) | ||
11 | |||
12 | |||
13 | for item in items["Contents"]: | ||
14 | key = item["Key"] | ||
15 | |||
16 | if key == "AMAZON_SES_SETUP_NOTIFICATION": | ||
17 | continue | ||
18 | |||
19 | body = client.get_object(Bucket=bucket, Key=key)["Body"] | ||
20 | |||
21 | cmd = subprocess.Popen([email_bin], stdin=subprocess.PIPE) | ||
22 | cmd.communicate(body.read()) | ||
23 | |||
24 | client.delete_object(Bucket=bucket, Key=key) | ||
diff --git a/bugzilla/usr/bin/dumb-init b/bugzilla/usr/bin/dumb-init deleted file mode 100755 index 4a41698..0000000 --- a/bugzilla/usr/bin/dumb-init +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/usr/bin/su-exec b/bugzilla/usr/bin/su-exec deleted file mode 100755 index 940f452..0000000 --- a/bugzilla/usr/bin/su-exec +++ /dev/null | |||
Binary files differ | |||
diff --git a/bugzilla/usr/sbin/sendmail b/bugzilla/usr/sbin/sendmail deleted file mode 100755 index 69e5816..0000000 --- a/bugzilla/usr/sbin/sendmail +++ /dev/null | |||
@@ -1,108 +0,0 @@ | |||
1 | #!/usr/bin/python | ||
2 | |||
3 | import os | ||
4 | import re | ||
5 | import sys | ||
6 | import email | ||
7 | import boto3 | ||
8 | import socket | ||
9 | import argparse | ||
10 | from botocore.exceptions import NoRegionError | ||
11 | |||
12 | # These are all the sendmail options we don't support but have to accept so we | ||
13 | # can ignore them without messing up the command line. | ||
14 | # | ||
15 | # Format is (argument, takes parameters) | ||
16 | IGNORED = ( | ||
17 | ("-4", False), ("-6", False), ("-au", True), ("-ap", True), | ||
18 | ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False), | ||
19 | ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False), | ||
20 | ("-bv", False), ("-bz", False), ("-C", True), ("-d", True), | ||
21 | ("-E", False), ("-h", True), ("-m", False), ("-M", True), | ||
22 | ("-N", True), ("-n", False), ("-oA", True), ("-oc", False), | ||
23 | ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True), | ||
24 | ("-of", False), ("-og", True), ("-oH", True), ("-oi", False), | ||
25 | ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True), | ||
26 | ("-or", True), ("-oS", True), ("-os", False), ("-oT", True), | ||
27 | ("-ot", False), ("-ou", True), ("-q", True), ("-R", True), | ||
28 | ("-v", False), ("-F", True), ("-t", True), | ||
29 | ) | ||
30 | |||
31 | # A rough approximation of an email address but should be good enough to pick | ||
32 | # emails out of a command line | ||
33 | SORTA_EMAIL = re.compile("\S+@\S+\.\S+") | ||
34 | |||
35 | if os.path.exists("/etc/mailname"): | ||
36 | with open("/etc/mailname", "r") as fp: | ||
37 | MAIL_DOMAIN = fp.read().strip() | ||
38 | else: | ||
39 | MAIL_DOMAIN = socket.getfqdn() | ||
40 | |||
41 | # Configuration comes from the environment or metadata service | ||
42 | try: | ||
43 | client = boto3.client("ses") | ||
44 | except NoRegionError: | ||
45 | # TODO: Handle this better | ||
46 | boto3.setup_default_session( | ||
47 | aws_access_key_id="AKIAJSJZAZDLGRZVT6ZQ", | ||
48 | aws_secret_access_key="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", | ||
49 | region_name="us-west-2") | ||
50 | client = boto3.client("ses") | ||
51 | |||
52 | |||
53 | |||
54 | def parse_args(): | ||
55 | parser = argparse.ArgumentParser(add_help=False) | ||
56 | parser.add_argument("-V", action="store_true", dest="display_version") | ||
57 | parser.add_argument("-f", nargs=1, dest="sender_addr") | ||
58 | parser.add_argument("-r", nargs=1, dest="sender_addr") | ||
59 | |||
60 | for arg, nargs in IGNORED: | ||
61 | parser.add_argument(arg, nargs="?" if nargs else None) | ||
62 | |||
63 | opts, args = parser.parse_known_args() | ||
64 | addresses = [a for a in args if SORTA_EMAIL.match(a)] | ||
65 | |||
66 | return opts, addresses | ||
67 | |||
68 | |||
69 | def main(): | ||
70 | opts, addresses = parse_args() | ||
71 | |||
72 | if opts.display_version: | ||
73 | print("SES raw mail sender (definitely not sendmail)") | ||
74 | sys.exit(0) | ||
75 | |||
76 | try: | ||
77 | sender = opts.sender_addr[0] | ||
78 | except (IndexError, TypeError): | ||
79 | sender = None | ||
80 | |||
81 | msg = email.message_from_string(sys.stdin.read().encode("us-ascii")) | ||
82 | |||
83 | # Fix up cron emails | ||
84 | if 'Cron Daemon' in msg.get("From"): | ||
85 | msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN)) | ||
86 | |||
87 | ses_args = {"RawMessage": {"Data": msg.as_string()}} | ||
88 | |||
89 | if sender and not SORTA_EMAIL.match(sender): | ||
90 | raise Exception("Sender email does not look like an email") | ||
91 | |||
92 | if sender: | ||
93 | ses_args["Source"] = sender | ||
94 | |||
95 | if addresses: | ||
96 | ses_args["Destinations"] = addresses | ||
97 | |||
98 | client.send_raw_email(**ses_args) | ||
99 | |||
100 | |||
101 | if __name__ == "__main__": | ||
102 | try: | ||
103 | main() | ||
104 | sys.exit(0) | ||
105 | except Exception as e: | ||
106 | print("Error during sending:") | ||
107 | print(e) | ||
108 | sys.exit(1) | ||
diff --git a/chrome/Dockerfile b/chrome/Dockerfile deleted file mode 100644 index ef07d5b..0000000 --- a/chrome/Dockerfile +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | FROM ubuntu:14.04 | ||
2 | |||
3 | # TODO: Bridge kerberos credentials | ||
4 | # TODO: Add infosec CAs | ||
5 | |||
6 | RUN \ | ||
7 | export DEBIAN_FRONTEND=noninteractive && \ | ||
8 | sed 's/main$/main universe/' -i /etc/apt/sources.list && \ | ||
9 | apt-get update && \ | ||
10 | apt-get install -y curl && \ | ||
11 | curl -s https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \ | ||
12 | sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' && \ | ||
13 | apt-get update && \ | ||
14 | apt-get install -y google-chrome-stable && \ | ||
15 | apt-get clean && \ | ||
16 | rm -rf /var/lib/apt/lists/* && \ | ||
17 | rm -rf /tmp/* | ||
18 | |||
19 | RUN mkdir -p /home/crutem && \ | ||
20 | echo "crutem:x:1677955:1677955:Developer,,,:/home/crutem:/bin/bash" >> /etc/passwd && \ | ||
21 | echo "crutem:x:1677955:" >> /etc/group && \ | ||
22 | echo "crutem ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/crutem && \ | ||
23 | chmod 0440 /etc/sudoers.d/crutem && \ | ||
24 | chown crutem:crutem -R /home/crutem | ||
25 | |||
26 | USER crutem | ||
27 | ENV HOME /home/crutem | ||
28 | WORKDIR /home/crutem | ||
29 | CMD /usr/bin/google-chrome | ||
diff --git a/chrome/run b/chrome/run deleted file mode 100755 index 2f8b96d..0000000 --- a/chrome/run +++ /dev/null | |||
@@ -1,8 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -ti --rm --net=host \ | ||
4 | -e DISPLAY \ | ||
5 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
6 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
7 | -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ | ||
8 | chrome | ||
diff --git a/datastudio/Dockerfile b/datastudio/Dockerfile deleted file mode 100644 index ca4b092..0000000 --- a/datastudio/Dockerfile +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | apt-get update && \ | ||
5 | apt-get install -y apt-utils runit curl | ||
6 | |||
7 | RUN \ | ||
8 | groupadd -g 1677955 crutem && \ | ||
9 | useradd -m -d /home/crutem -g crutem -u 1677955 crutem | ||
10 | |||
11 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
12 | apt-get update && \ | ||
13 | apt-get install -y openjdk-8-jdk && \ | ||
14 | cd /tmp && \ | ||
15 | curl -O http://www.aquafold.com/download/v17.0.0/linux/ads-linux-x64-17.0.10.tar.gz && \ | ||
16 | tar -xvzf ads-linux-x64-17.0.10.tar.gz && \ | ||
17 | mv datastudio /usr/local | ||
18 | |||
19 | RUN \ | ||
20 | apt-get clean && \ | ||
21 | rm -rf /var/lib/apt/lists/* && \ | ||
22 | rm -rf /tmp/* | ||
23 | |||
24 | USER crutem | ||
25 | ENV LANG C.UTF-8 | ||
26 | ENV HOME /home/crutem | ||
27 | WORKDIR /home/crutem | ||
28 | |||
29 | CMD ["/usr/local/datastudio/datastudio-bundled.sh"] | ||
diff --git a/datastudio/run b/datastudio/run deleted file mode 100755 index ec07fb9..0000000 --- a/datastudio/run +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$DISPLAY" ]; then | ||
4 | echo "\$DISPLAY is not set" | ||
5 | DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) | ||
6 | |||
7 | if [ "${#DISPLAYS[@]}" = 0 ]; then | ||
8 | echo "No X11 ports available" | ||
9 | exit 1 | ||
10 | fi | ||
11 | |||
12 | if [ "${#DISPLAYS[@]}" > 1 ]; then | ||
13 | echo "More than 1 X11 port available. Which one do you want?" | ||
14 | for i in "${DISPLAYS[@]}"; do | ||
15 | echo "export DISPLAY=\"$i\"" | ||
16 | done | ||
17 | exit 1 | ||
18 | else | ||
19 | export DISPLAY="${DISPLAYS[0]}" | ||
20 | fi | ||
21 | fi | ||
22 | |||
23 | docker run -ti --rm --net=host \ | ||
24 | -e DISPLAY \ | ||
25 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
26 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
27 | -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ | ||
28 | -v $HOME/share:$HOME/share \ | ||
29 | -v $HOME/.datastudio:$HOME/.datastudio \ | ||
30 | datastudio "$@" | ||
diff --git a/dropbox/Dockerfile b/dropbox/Dockerfile deleted file mode 100644 index 7e6ff2b..0000000 --- a/dropbox/Dockerfile +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | FROM frolvlad/alpine-glibc:latest | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -eu -o pipefail; \ | ||
5 | apk --no-cache add dumb-init runit su-exec; \ | ||
6 | wget -O /tmp/dropbox.tar.gz https://www.dropbox.com/download?plat=lnx.x86_64; \ | ||
7 | mkdir -p /opt/dropbox; \ | ||
8 | tar -C /opt/dropbox/ --strip-components=1 -xf /tmp/dropbox.tar.gz; \ | ||
9 | rm -rf /tmp/*; | ||
10 | |||
11 | ADD entrypoint.sh / | ||
12 | ADD dropbox-srv/ /opt/dropbox-srv | ||
13 | |||
14 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
15 | |||
16 | # Dropbox is a persnickety process that will die without error for no obvious | ||
17 | # reason. Run it with runsv so that it will get restarted when it does die | ||
18 | # instead of killing the whole container.. | ||
19 | CMD [ "/sbin/runsv", "/opt/dropbox-srv" ] | ||
diff --git a/dropbox/Makefile b/dropbox/Makefile deleted file mode 100644 index 817e869..0000000 --- a/dropbox/Makefile +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | ||
2 | IMAGE=dropbox:latest-alpine | ||
3 | |||
4 | all: | ||
5 | docker build \ | ||
6 | -t $(IMAGE) . | ||
7 | |||
8 | all-no-cache: | ||
9 | docker build \ | ||
10 | --no-cache \ | ||
11 | -t $(IMAGE) . | ||
12 | |||
13 | run: | ||
14 | docker run \ | ||
15 | -v /home/mcrute/Dropbox:/home/mcrute/Dropbox \ | ||
16 | $(IMAGE) | ||
17 | |||
18 | publish: | ||
19 | eval $$(aws ecr get-login --region us-west-2) | ||
20 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | ||
21 | docker push $(REPO)/$(IMAGE) | ||
diff --git a/dropbox/dropbox-srv/log/run b/dropbox/dropbox-srv/log/run deleted file mode 100755 index 6193824..0000000 --- a/dropbox/dropbox-srv/log/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cat - | ||
diff --git a/dropbox/dropbox-srv/run b/dropbox/dropbox-srv/run deleted file mode 100755 index fd5ac2b..0000000 --- a/dropbox/dropbox-srv/run +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | /opt/dropbox/dropboxd | ||
diff --git a/dropbox/entrypoint.sh b/dropbox/entrypoint.sh deleted file mode 100755 index 596cac6..0000000 --- a/dropbox/entrypoint.sh +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | DATA_DIR="/srv/dropbox/data" | ||
6 | CFG_DIR="/srv/dropbox/config" | ||
7 | USERNAME="dropbox" | ||
8 | |||
9 | # Default UID/GID to owner of the data directory | ||
10 | USER_UID=${USER_UID:-$(stat -L -c "%u" $DATA_DIR)} | ||
11 | USER_GID=${USER_GID:-$(stat -L -c "%u" $DATA_DIR)} | ||
12 | |||
13 | if [ "$USER_GID" = 0 -o "$USER_GID" = 0 ]; then | ||
14 | echo "User UID/GID could not be discovered, is $DATA_DIR mounted?" | ||
15 | exit 1 | ||
16 | fi | ||
17 | |||
18 | # Create the user and group | ||
19 | addgroup -g ${USER_GID} -S ${USERNAME} | ||
20 | adduser -u ${USER_UID} -h /home/${USERNAME} -D -G ${USERNAME} ${USERNAME} | ||
21 | |||
22 | ln -s /srv/dropbox/data /home/${USERNAME}/Dropbox | ||
23 | ln -s /srv/dropbox/config /home/${USERNAME}/.dropbox | ||
24 | |||
25 | # Allow runsv to write its superisory files for the main process | ||
26 | mkdir /opt/dropbox-srv/supervise | ||
27 | chown dropbox:dropbox /opt/dropbox-srv/supervise | ||
28 | |||
29 | # Allow runsv to write its superisory files for the log process | ||
30 | mkdir /opt/dropbox-srv/log/supervise | ||
31 | chown dropbox:dropbox /opt/dropbox-srv/log/supervise | ||
32 | |||
33 | if [ "$@" == "/bin/sh" ]; then | ||
34 | exec "$@" | ||
35 | else | ||
36 | exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} "$@" | ||
37 | fi | ||
diff --git a/feh/Dockerfile b/feh/Dockerfile deleted file mode 100644 index f23483a..0000000 --- a/feh/Dockerfile +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | apt-get update && \ | ||
5 | apt-get install -y apt-utils feh | ||
6 | |||
7 | RUN \ | ||
8 | apt-get clean && \ | ||
9 | rm -rf /var/lib/apt/lists/* && \ | ||
10 | rm -rf /tmp/* | ||
11 | |||
12 | ENTRYPOINT [ "/usr/bin/feh" ] | ||
diff --git a/feh/run b/feh/run deleted file mode 100755 index 1ecca1d..0000000 --- a/feh/run +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -ti --rm --net=host \ | ||
4 | -w `pwd` \ | ||
5 | -e DISPLAY \ | ||
6 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
7 | -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ | ||
8 | -v `pwd`:`pwd`:ro \ | ||
9 | feh "$@" | ||
diff --git a/intellij-idea/Dockerfile b/intellij-idea/Dockerfile deleted file mode 100644 index 3da5b0d..0000000 --- a/intellij-idea/Dockerfile +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | ARG idea_version | ||
4 | |||
5 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
6 | # Get core requirements | ||
7 | apt-get update && \ | ||
8 | apt-get install -y apt-utils curl && \ | ||
9 | |||
10 | # Setup user account | ||
11 | groupadd -g 1677955 crutem && \ | ||
12 | useradd -m -d /home/crutem -g crutem -u 1677955 crutem && \ | ||
13 | |||
14 | # Install software | ||
15 | apt-get update && \ | ||
16 | apt-get install -y openjdk-8-jdk && \ | ||
17 | mkdir -p /usr/local/idea && \ | ||
18 | cd /tmp && \ | ||
19 | curl -LO https://download.jetbrains.com/idea/ideaIU-${idea_version}.tar.gz && \ | ||
20 | tar -C /usr/local/idea --strip-components=1 -xvzf ideaIU-${idea_version}.tar.gz && \ | ||
21 | |||
22 | # Cleanup | ||
23 | apt-get clean && \ | ||
24 | rm -rf /var/lib/apt/lists/* && \ | ||
25 | rm -rf /tmp/* | ||
26 | |||
27 | USER crutem | ||
28 | ENV LANG C.UTF-8 | ||
29 | WORKDIR /home/crutem | ||
30 | |||
31 | CMD ["/usr/local/idea/bin/idea.sh"] | ||
diff --git a/intellij-idea/Makefile b/intellij-idea/Makefile deleted file mode 100644 index 598366f..0000000 --- a/intellij-idea/Makefile +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | IMAGE=intellij-idea:latest | ||
2 | VERSION=2017.1.4 | ||
3 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | ||
4 | |||
5 | all: | ||
6 | docker build --build-arg=idea_version=$(VERSION) -t $(IMAGE) . | ||
7 | |||
8 | all-no-cache: | ||
9 | docker build --no-cache --build-arg=idea_version=$(VERSION) -t $(IMAGE) . | ||
10 | |||
11 | run: | ||
12 | ./run | ||
13 | |||
14 | publish: | ||
15 | eval $$(aws ecr get-login --region us-west-2) | ||
16 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | ||
17 | docker push $(REPO)/$(IMAGE) | ||
diff --git a/intellij-idea/run b/intellij-idea/run deleted file mode 100755 index 9b8a576..0000000 --- a/intellij-idea/run +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$DISPLAY" ]; then | ||
4 | echo "\$DISPLAY is not set" | ||
5 | DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) | ||
6 | |||
7 | if [ "${#DISPLAYS[@]}" = 0 ]; then | ||
8 | echo "No X11 ports available" | ||
9 | exit 1 | ||
10 | fi | ||
11 | |||
12 | if [ "${#DISPLAYS[@]}" > 1 ]; then | ||
13 | echo "More than 1 X11 port available. Which one do you want?" | ||
14 | for i in "${DISPLAYS[@]}"; do | ||
15 | echo "export DISPLAY=\"$i\"" | ||
16 | done | ||
17 | exit 1 | ||
18 | else | ||
19 | export DISPLAY="${DISPLAYS[0]}" | ||
20 | fi | ||
21 | fi | ||
22 | |||
23 | docker run -ti --rm --net=host \ | ||
24 | -e DISPLAY \ | ||
25 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
26 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
27 | -v $HOME:$HOME \ | ||
28 | intellij-idea "$@" | ||
diff --git a/irssi/Dockerfile b/irssi/Dockerfile deleted file mode 100644 index 3eb23fd..0000000 --- a/irssi/Dockerfile +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | apt-get update && \ | ||
5 | apt-get install -y apt-utils runit | ||
6 | |||
7 | RUN \ | ||
8 | groupadd -g 1677955 crutem && \ | ||
9 | useradd -m -d /home/crutem -g crutem -u 1677955 crutem | ||
10 | |||
11 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
12 | apt-get install -y irssi-plugin-xmpp bitlbee-libpurple pidgin-sipe | ||
13 | |||
14 | RUN \ | ||
15 | apt-get clean && \ | ||
16 | rm -rf /var/lib/apt/lists/* && \ | ||
17 | rm -rf /tmp/* | ||
18 | |||
19 | USER crutem | ||
20 | ENV LANG C.UTF-8 | ||
21 | ENV HOME /home/crutem | ||
22 | WORKDIR /home/crutem | ||
23 | |||
24 | COPY entrypoint.sh /entrypoint.sh | ||
25 | |||
26 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
27 | CMD ["irssi"] | ||
diff --git a/irssi/Makefile b/irssi/Makefile deleted file mode 100644 index 9e654a8..0000000 --- a/irssi/Makefile +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | all: | ||
2 | docker build -t irssi . | ||
3 | |||
4 | all-no-cache: | ||
5 | docker build --no-cache -t irssi . | ||
diff --git a/irssi/entrypoint.sh b/irssi/entrypoint.sh deleted file mode 100755 index 0b7dce7..0000000 --- a/irssi/entrypoint.sh +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | /usr/sbin/bitlbee -P ~/.bitlbee/pid -d ~/.bitlbee/ -c ~/.bitlbee/bitlbee.conf & | ||
4 | |||
5 | exec "$@" | ||
diff --git a/irssi/run b/irssi/run deleted file mode 100755 index 231b870..0000000 --- a/irssi/run +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -ti --rm \ | ||
4 | -e TERM \ | ||
5 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
6 | -v $HOME/.irssi:$HOME/.irssi \ | ||
7 | -v $HOME/.bitlbee:$HOME/.bitlbee \ | ||
8 | -v $HOME/.exchange.pass:$HOME/.exchange.pass \ | ||
9 | irssi | ||
diff --git a/mariadb/Dockerfile b/mariadb/Dockerfile deleted file mode 100644 index 73b1d05..0000000 --- a/mariadb/Dockerfile +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | # vim:set ft=dockerfile: | ||
2 | FROM alpine:latest | ||
3 | |||
4 | RUN \ | ||
5 | addgroup -S mysql \ | ||
6 | && adduser -S -h /var/lib/mysql -H -D -G mysql mysql \ | ||
7 | && mkdir /docker-entrypoint-initdb.d \ | ||
8 | && apk --no-cache add \ | ||
9 | bash \ | ||
10 | mariadb \ | ||
11 | mariadb-client \ | ||
12 | pwgen \ | ||
13 | socat \ | ||
14 | su-exec \ | ||
15 | tzdata \ | ||
16 | # comment out any "user" entires in the MySQL config | ||
17 | # ("docker-entrypoint.sh" or "--user" will handle user switching) | ||
18 | && sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf \ | ||
19 | # increase innodb buffer pool size | ||
20 | && sed -i 's/^#innodb_buffer_pool_size = 16M/innodb_buffer_pool_size = 30M/' /etc/mysql/my.cnf \ | ||
21 | # purge and re-create /var/lib/mysql with appropriate ownership | ||
22 | && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /run/mysqld \ | ||
23 | && chown -R mysql:mysql /var/lib/mysql /run/mysqld \ | ||
24 | # ensure that /run/mysqld (used for socket and lock files) is writable | ||
25 | # regardless of the UID our mysqld instance ends up having at runtime | ||
26 | && chmod 777 /run/mysqld \ | ||
27 | # don't reverse lookup hostnames, they are usually another container | ||
28 | && sed -i 's/\[mysqld\]/[mysqld]\nskip-host-cache/' /etc/mysql/my.cnf | ||
29 | |||
30 | COPY docker-entrypoint.sh /usr/local/bin/ | ||
31 | ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] | ||
32 | CMD ["mysqld"] | ||
33 | |||
diff --git a/mariadb/Makefile b/mariadb/Makefile deleted file mode 100644 index 1e5ecfb..0000000 --- a/mariadb/Makefile +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | IMAGE=mariadb:latest-alpine | ||
2 | VERSION=5.1.1 | ||
3 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | ||
4 | |||
5 | all: | ||
6 | docker build -t $(IMAGE) . | ||
7 | |||
8 | all-no-cache: | ||
9 | docker build --no-cache -t $(IMAGE) . | ||
10 | |||
11 | run: | ||
12 | docker run -d \ | ||
13 | -e MYSQL_RANDOM_ROOT_PASSWORD=yes \ | ||
14 | -e MYSQL_ROOT_HOST=% \ | ||
15 | -p 3306:3306 \ | ||
16 | -v /srv/mysql:/var/lib/mysql \ | ||
17 | $(IMAGE) | ||
18 | |||
19 | publish: | ||
20 | eval $$(aws ecr get-login --region us-west-2) | ||
21 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | ||
22 | docker push $(REPO)/$(IMAGE) | ||
diff --git a/mariadb/docker-entrypoint.sh b/mariadb/docker-entrypoint.sh deleted file mode 100755 index 8242a6f..0000000 --- a/mariadb/docker-entrypoint.sh +++ /dev/null | |||
@@ -1,193 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # From https://github.com/docker-library/mariadb/blob/1037a0b7ab09343e011826078fbdffb0bf465fc3/10.3/docker-entrypoint.sh | ||
3 | # Modified to use su-exec instead of gosu, otherwise unmodified | ||
4 | set -eo pipefail | ||
5 | shopt -s nullglob | ||
6 | |||
7 | # if command starts with an option, prepend mysqld | ||
8 | if [ "${1:0:1}" = '-' ]; then | ||
9 | set -- mysqld "$@" | ||
10 | fi | ||
11 | |||
12 | # skip setup if they want an option that stops mysqld | ||
13 | wantHelp= | ||
14 | for arg; do | ||
15 | case "$arg" in | ||
16 | -'?'|--help|--print-defaults|-V|--version) | ||
17 | wantHelp=1 | ||
18 | break | ||
19 | ;; | ||
20 | esac | ||
21 | done | ||
22 | |||
23 | # usage: file_env VAR [DEFAULT] | ||
24 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' | ||
25 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of | ||
26 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) | ||
27 | file_env() { | ||
28 | local var="$1" | ||
29 | local fileVar="${var}_FILE" | ||
30 | local def="${2:-}" | ||
31 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then | ||
32 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" | ||
33 | exit 1 | ||
34 | fi | ||
35 | local val="$def" | ||
36 | if [ "${!var:-}" ]; then | ||
37 | val="${!var}" | ||
38 | elif [ "${!fileVar:-}" ]; then | ||
39 | val="$(< "${!fileVar}")" | ||
40 | fi | ||
41 | export "$var"="$val" | ||
42 | unset "$fileVar" | ||
43 | } | ||
44 | |||
45 | _check_config() { | ||
46 | toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) | ||
47 | if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then | ||
48 | cat >&2 <<-EOM | ||
49 | |||
50 | ERROR: mysqld failed while attempting to check config | ||
51 | command was: "${toRun[*]}" | ||
52 | |||
53 | $errors | ||
54 | EOM | ||
55 | exit 1 | ||
56 | fi | ||
57 | } | ||
58 | |||
59 | # Fetch value from server config | ||
60 | # We use mysqld --verbose --help instead of my_print_defaults because the | ||
61 | # latter only show values present in config files, and not server defaults | ||
62 | _get_config() { | ||
63 | local conf="$1"; shift | ||
64 | "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }' | ||
65 | } | ||
66 | |||
67 | # allow the container to be started with `--user` | ||
68 | if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then | ||
69 | _check_config "$@" | ||
70 | DATADIR="$(_get_config 'datadir' "$@")" | ||
71 | mkdir -p "$DATADIR" | ||
72 | chown -R mysql:mysql "$DATADIR" | ||
73 | exec su-exec mysql "$BASH_SOURCE" "$@" | ||
74 | fi | ||
75 | |||
76 | if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then | ||
77 | # still need to check config, container may have started with --user | ||
78 | _check_config "$@" | ||
79 | # Get config | ||
80 | DATADIR="$(_get_config 'datadir' "$@")" | ||
81 | |||
82 | if [ ! -d "$DATADIR/mysql" ]; then | ||
83 | file_env 'MYSQL_ROOT_PASSWORD' | ||
84 | if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then | ||
85 | echo >&2 'error: database is uninitialized and password option is not specified ' | ||
86 | echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' | ||
87 | exit 1 | ||
88 | fi | ||
89 | |||
90 | mkdir -p "$DATADIR" | ||
91 | |||
92 | echo 'Initializing database' | ||
93 | mysql_install_db --datadir="$DATADIR" --rpm | ||
94 | echo 'Database initialized' | ||
95 | |||
96 | SOCKET="$(_get_config 'socket' "$@")" | ||
97 | "$@" --skip-networking --socket="${SOCKET}" & | ||
98 | pid="$!" | ||
99 | |||
100 | mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) | ||
101 | |||
102 | for i in {60..0}; do | ||
103 | if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then | ||
104 | break | ||
105 | fi | ||
106 | echo 'MySQL init process in progress...' | ||
107 | sleep 1 | ||
108 | done | ||
109 | if [ "$i" = 0 ]; then | ||
110 | echo >&2 'MySQL init process failed.' | ||
111 | exit 1 | ||
112 | fi | ||
113 | |||
114 | if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then | ||
115 | # sed is for https://bugs.mysql.com/bug.php?id=20545 | ||
116 | mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql | ||
117 | fi | ||
118 | |||
119 | if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then | ||
120 | export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" | ||
121 | echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" | ||
122 | fi | ||
123 | |||
124 | rootCreate= | ||
125 | # default root to listen for connections from anywhere | ||
126 | file_env 'MYSQL_ROOT_HOST' '%' | ||
127 | if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then | ||
128 | # no, we don't care if read finds a terminating character in this heredoc | ||
129 | # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 | ||
130 | read -r -d '' rootCreate <<-EOSQL || true | ||
131 | CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; | ||
132 | GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; | ||
133 | EOSQL | ||
134 | fi | ||
135 | |||
136 | "${mysql[@]}" <<-EOSQL | ||
137 | -- What's done in this file shouldn't be replicated | ||
138 | -- or products like mysql-fabric won't work | ||
139 | SET @@SESSION.SQL_LOG_BIN=0; | ||
140 | |||
141 | DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; | ||
142 | SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; | ||
143 | GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; | ||
144 | ${rootCreate} | ||
145 | DROP DATABASE IF EXISTS test ; | ||
146 | FLUSH PRIVILEGES ; | ||
147 | EOSQL | ||
148 | |||
149 | if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then | ||
150 | mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) | ||
151 | fi | ||
152 | |||
153 | file_env 'MYSQL_DATABASE' | ||
154 | if [ "$MYSQL_DATABASE" ]; then | ||
155 | echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" | ||
156 | mysql+=( "$MYSQL_DATABASE" ) | ||
157 | fi | ||
158 | |||
159 | file_env 'MYSQL_USER' | ||
160 | file_env 'MYSQL_PASSWORD' | ||
161 | if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then | ||
162 | echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" | ||
163 | |||
164 | if [ "$MYSQL_DATABASE" ]; then | ||
165 | echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" | ||
166 | fi | ||
167 | |||
168 | echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" | ||
169 | fi | ||
170 | |||
171 | echo | ||
172 | for f in /docker-entrypoint-initdb.d/*; do | ||
173 | case "$f" in | ||
174 | *.sh) echo "$0: running $f"; . "$f" ;; | ||
175 | *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; | ||
176 | *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; | ||
177 | *) echo "$0: ignoring $f" ;; | ||
178 | esac | ||
179 | echo | ||
180 | done | ||
181 | |||
182 | if ! kill -s TERM "$pid" || ! wait "$pid"; then | ||
183 | echo >&2 'MySQL init process failed.' | ||
184 | exit 1 | ||
185 | fi | ||
186 | |||
187 | echo | ||
188 | echo 'MySQL init process done. Ready for start up.' | ||
189 | echo | ||
190 | fi | ||
191 | fi | ||
192 | |||
193 | exec "$@" | ||
diff --git a/mfi/Dockerfile b/mfi/Dockerfile deleted file mode 100644 index 35a160f..0000000 --- a/mfi/Dockerfile +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | FROM ubuntu:14.04 | ||
2 | MAINTAINER Michael Crute <mike@crute.us> | ||
3 | |||
4 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
5 | apt-get update && \ | ||
6 | apt-get install -y curl software-properties-common | ||
7 | |||
8 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
9 | apt-get install -y sudo psmisc mongodb-server openjdk-7-jre-headless jsvc && \ | ||
10 | apt-add-repository -y "deb http://dl.ubnt.com/mfi/distros/deb/ubuntu ubuntu ubiquiti" && \ | ||
11 | apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 && \ | ||
12 | apt-get update && \ | ||
13 | apt-get install -y mfi | ||
14 | |||
15 | RUN \ | ||
16 | apt-get clean && \ | ||
17 | rm -rf /var/lib/apt/lists/* && \ | ||
18 | rm -rf /tmp/* | ||
19 | |||
20 | # Inform Port | ||
21 | EXPOSE 6080 | ||
22 | # HTTPS Web UI & API | ||
23 | EXPOSE 6443 | ||
24 | |||
25 | VOLUME "/var/lib/mfi" | ||
26 | VOLUME "/var/log/mifi" | ||
27 | |||
28 | CMD [ \ | ||
29 | "/usr/bin/jsvc", "-nodetach", \ | ||
30 | "-home", "/usr/lib/jvm/java-7-openjdk-amd64", \ | ||
31 | "-cp", "/usr/share/java/commons-daemon.jar:/usr/lib/mfi/lib/ace.jar", \ | ||
32 | "-pidfile", "/var/run/mfi/mfi.pid", \ | ||
33 | "-procname", "mfi", \ | ||
34 | "-outfile", "SYSLOG", \ | ||
35 | "-errfile", "SYSLOG", \ | ||
36 | "-Djava.awt.headless=true", \ | ||
37 | "-Xmx1024M", \ | ||
38 | "com.ubnt.ace.Launcher" \ | ||
39 | ] | ||
diff --git a/mfi/Makefile b/mfi/Makefile deleted file mode 100644 index 8a91d23..0000000 --- a/mfi/Makefile +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | all: | ||
2 | docker build -t mfi . | ||
3 | |||
4 | run: | ||
5 | docker run -d --privileged \ | ||
6 | -p 6080:6080 \ | ||
7 | -p 6443:6443 \ | ||
8 | -v /srv/mfi:/var/lib/mfi \ | ||
9 | -v /var/log/docker/mfi:/var/log/mfi \ | ||
10 | mfi | ||
diff --git a/mosquitto/Dockerfile b/mosquitto/Dockerfile deleted file mode 100644 index 3ed038b..0000000 --- a/mosquitto/Dockerfile +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -euxo pipefail; \ | ||
5 | apk add --no-cache \ | ||
6 | mosquitto \ | ||
7 | ; | ||
8 | |||
9 | CMD [ "/usr/sbin/mosquitto", "-v" ] | ||
diff --git a/mosquitto/Makefile b/mosquitto/Makefile deleted file mode 100644 index 5f50baf..0000000 --- a/mosquitto/Makefile +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/mosquitto:latest | ||
2 | |||
3 | all: | ||
4 | docker pull alpine:edge | ||
5 | docker build -t $(IMAGE) . | ||
6 | |||
7 | all-no-cache: | ||
8 | docker build --no-cache -t $(IMAGE) . | ||
9 | |||
10 | run: | ||
11 | docker run -d --net=host \ | ||
12 | -p 53:53/tcp \ | ||
13 | -p 53:53/udp \ | ||
14 | -p 953:953 \ | ||
15 | -v /home/mcrute/tmp/bind/conf:/etc/bind \ | ||
16 | -v /home/mcrute/tmp/bind/cache:/var/cache/bind \ | ||
17 | $(IMAGE) | ||
18 | |||
19 | publish: | ||
20 | docker push $(IMAGE) | ||
diff --git a/mutt/Dockerfile b/mutt/Dockerfile deleted file mode 100644 index 214a770..0000000 --- a/mutt/Dockerfile +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | |||
3 | RUN \ | ||
4 | echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories; \ | ||
5 | apk --no-cache add \ | ||
6 | su-exec \ | ||
7 | neomutt \ | ||
8 | elinks \ | ||
9 | vim \ | ||
10 | feh \ | ||
11 | perl-data-ical \ | ||
12 | perl-text-autoformat; | ||
13 | |||
14 | ADD entrypoint.sh / | ||
15 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
16 | CMD ["neomutt", "-F", "/home/mutt/.mutt/muttrc"] | ||
diff --git a/mutt/Makefile b/mutt/Makefile deleted file mode 100644 index 6b302f6..0000000 --- a/mutt/Makefile +++ /dev/null | |||
@@ -1,2 +0,0 @@ | |||
1 | all: | ||
2 | docker build -t docker.crute.me/mutt:latest . | ||
diff --git a/mutt/entrypoint.sh b/mutt/entrypoint.sh deleted file mode 100755 index 3196629..0000000 --- a/mutt/entrypoint.sh +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | export TERM=${TERM:-xterm-256color} | ||
6 | export BROWSER=${DOCKER_BROWSER:-elinks} | ||
7 | export EDITOR=${DOCKER_EDITOR:-vim} | ||
8 | |||
9 | USERNAME="mutt" | ||
10 | DATA_DIR="/home/mutt/Mail" | ||
11 | |||
12 | # Default UID/GID to owner of the data directory | ||
13 | PROG_UID=${PROG_UID:-$(stat -L -c "%u" $DATA_DIR)} | ||
14 | PROG_GID=${PROG_GID:-$(stat -L -c "%u" $DATA_DIR)} | ||
15 | |||
16 | if [ "$PROG_GID" = 0 -o "$PROG_GID" = 0 ]; then | ||
17 | echo "Set PROG_UID and PROG_GID in environment" | ||
18 | exit 1 | ||
19 | else | ||
20 | echo "UID/GID: $PROG_UID $PROG_GID" | ||
21 | fi | ||
22 | |||
23 | # Create the user and group | ||
24 | addgroup -g ${PROG_GID} -S ${USERNAME} | ||
25 | adduser -u ${PROG_UID} -S -h /home/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} | ||
26 | |||
27 | # Allow running a shell in the container | ||
28 | /sbin/su-exec ${USERNAME} "$@" | ||
diff --git a/mutt/run b/mutt/run deleted file mode 100755 index 00b7085..0000000 --- a/mutt/run +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | X11_MANDATORY=0 | ||
4 | |||
5 | if [ -z "$DISPLAY" ]; then | ||
6 | echo "\$DISPLAY is not set" | ||
7 | DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) | ||
8 | |||
9 | if [ "${#DISPLAYS[@]}" = 0 ]; then | ||
10 | echo "No X11 ports available" | ||
11 | if [ $X11_MANDATORY = 1 ]; then | ||
12 | exit 1 | ||
13 | fi | ||
14 | fi | ||
15 | |||
16 | if [ "${#DISPLAYS[@]}" -gt 1 ]; then | ||
17 | echo "More than 1 X11 port available. Which one do you want?" | ||
18 | for i in "${DISPLAYS[@]}"; do | ||
19 | echo "export DISPLAY=\"$i\"" | ||
20 | done | ||
21 | exit 1 | ||
22 | else | ||
23 | export DISPLAY="${DISPLAYS[0]}" | ||
24 | fi | ||
25 | fi | ||
26 | |||
27 | docker run -ti --rm --net=host \ | ||
28 | -e TERM \ | ||
29 | -e DISPLAY \ | ||
30 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
31 | -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ | ||
32 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
33 | -v $HOME/bin:$HOME/bin \ | ||
34 | -v $HOME/.vim:$HOME/.vim \ | ||
35 | -v $HOME/.vimrc:$HOME/.vimrc \ | ||
36 | -v $HOME/amazon-bin:$HOME/amazon-bin:ro \ | ||
37 | -v $HOME/.mutt:$HOME/.mutt \ | ||
38 | -v $HOME/share:$HOME/share \ | ||
39 | -v $HOME/.exchange.pass:$HOME/.exchange.pass \ | ||
40 | mutt | ||
diff --git a/newsboat/Dockerfile b/newsboat/Dockerfile deleted file mode 100644 index e15f4ef..0000000 --- a/newsboat/Dockerfile +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN \ | ||
5 | apk add --no-cache \ | ||
6 | curl \ | ||
7 | su-exec \ | ||
8 | newsboat \ | ||
9 | ; | ||
10 | |||
11 | ADD entrypoint.sh / | ||
12 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
13 | CMD [ "/usr/bin/newsboat" ] | ||
diff --git a/newsboat/Makefile b/newsboat/Makefile deleted file mode 100644 index b2f9907..0000000 --- a/newsboat/Makefile +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/newsboat:latest | ||
2 | |||
3 | all: | ||
4 | docker build -t $(IMAGE) . | ||
5 | |||
6 | all-no-cache: | ||
7 | docker build --no-cache -t $(IMAGE) . | ||
8 | |||
9 | run: | ||
10 | docker run -ti --detach-keys ctrl-@ $(IMAGE) | ||
11 | |||
12 | publish: | ||
13 | docker push $(IMAGE) | ||
diff --git a/newsboat/entrypoint.sh b/newsboat/entrypoint.sh deleted file mode 100755 index 0e308cf..0000000 --- a/newsboat/entrypoint.sh +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | HOME_DIR="/home/newsboat/.newsboat" | ||
4 | URLS_FILE="${HOME_DIR}/urls" | ||
5 | |||
6 | # No point starting if they don't have config, also we don't | ||
7 | # want to store the actual user data in the container so force | ||
8 | # a mount. | ||
9 | if [ ! -d $HOME_DIR ]; then | ||
10 | echo "Mount your newsboat config to /home/newsboat/.newsboat" | ||
11 | exit 1 | ||
12 | fi | ||
13 | |||
14 | # Also force a urls file because this newsboat will just fail | ||
15 | # anyhow without it. | ||
16 | if [ ! -f $URLS_FILE ]; then | ||
17 | echo "Create a urls file in your newsboat config first" | ||
18 | exit 1 | ||
19 | fi | ||
20 | |||
21 | # Allow users to specify the UID/GID in the environment but | ||
22 | # default these to the existing owner of the files in their | ||
23 | # mounted config, which should be sane. | ||
24 | UID=${UID:-$(stat -c "%u" $URLS_FILE)} | ||
25 | GID=${GID:-$(stat -c "%u" $URLS_FILE)} | ||
26 | |||
27 | # Create the user and group | ||
28 | addgroup -g ${GID} -S newsboat | ||
29 | adduser -u ${UID} -S -h /home/newsboat -H -D -G newsboat newsboat | ||
30 | |||
31 | /sbin/su-exec newsboat "$@" | ||
diff --git a/ping_tester/Dockerfile b/ping_tester/Dockerfile deleted file mode 100644 index 702b596..0000000 --- a/ping_tester/Dockerfile +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | FROM alpine:latest | ||
2 | |||
3 | RUN set -euxo pipefail; \ | ||
4 | apk --no-cache add python3; \ | ||
5 | python3 -m pip install boto3; | ||
6 | |||
7 | COPY ping_test.py /usr/bin/ | ||
8 | |||
9 | ENTRYPOINT [ "/usr/bin/ping_test.py" ] | ||
diff --git a/ping_tester/Makefile b/ping_tester/Makefile deleted file mode 100644 index 8e15cbe..0000000 --- a/ping_tester/Makefile +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/ping_tester:latest | ||
2 | |||
3 | all: | ||
4 | docker build -t $(IMAGE) . | ||
5 | |||
6 | all-no-cache: | ||
7 | docker build --no-cache -t $(IMAGE) . | ||
8 | |||
9 | publish: | ||
10 | docker push $(IMAGE) | ||
11 | |||
diff --git a/ping_tester/ping_test.py b/ping_tester/ping_test.py deleted file mode 100755 index f6b7238..0000000 --- a/ping_tester/ping_test.py +++ /dev/null | |||
@@ -1,103 +0,0 @@ | |||
1 | #!/usr/bin/env python3 | ||
2 | |||
3 | import os | ||
4 | import re | ||
5 | import sys | ||
6 | import boto3 | ||
7 | import subprocess | ||
8 | from datetime import datetime | ||
9 | |||
10 | |||
11 | def main(sample_count=5): | ||
12 | try: | ||
13 | _, from_location, to_location, hostname = sys.argv | ||
14 | except ValueError: | ||
15 | print("usage: {} <this_location> <to_location> <hostname>".format( | ||
16 | os.path.basename(sys.argv[0]))) | ||
17 | sys.exit(1) | ||
18 | |||
19 | client = boto3.client("cloudwatch") | ||
20 | now = datetime.now() | ||
21 | |||
22 | patt = re.compile( | ||
23 | "round-trip min/avg/max = " | ||
24 | "(?P<min>[0-9]+\.[0-9]+)/(?P<avg>[0-9]+\.[0-9]+)/" | ||
25 | "(?P<max>[0-9]+\.[0-9]+) (?P<unit>.*)") | ||
26 | |||
27 | out = subprocess.run( | ||
28 | ["ping", "-c", str(sample_count), hostname], | ||
29 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) | ||
30 | |||
31 | # Prevent failing with an error if the ping fails | ||
32 | match = patt.search(out.stdout.decode("us-ascii")) | ||
33 | if not match: | ||
34 | return 1 | ||
35 | |||
36 | val = match.groupdict() | ||
37 | |||
38 | client.put_metric_data( | ||
39 | Namespace="VPNLatency", | ||
40 | MetricData=[ | ||
41 | { | ||
42 | "MetricName": "PingRTT", | ||
43 | "Dimensions": [ | ||
44 | { | ||
45 | "Name": "From Location", | ||
46 | "Value": from_location, | ||
47 | }, | ||
48 | { | ||
49 | "Name": "To Location", | ||
50 | "Value": to_location, | ||
51 | } | ||
52 | ], | ||
53 | "Timestamp": now, | ||
54 | "StatisticValues": { | ||
55 | "SampleCount": sample_count, | ||
56 | "Sum": float(val["avg"]) * sample_count, | ||
57 | "Minimum": float(val["min"]), | ||
58 | "Maximum": float(val["max"]), | ||
59 | }, | ||
60 | "Unit": "Milliseconds" | ||
61 | }, | ||
62 | { | ||
63 | "MetricName": "PingRTT", | ||
64 | "Dimensions": [ | ||
65 | { | ||
66 | "Name": "From Location", | ||
67 | "Value": from_location, | ||
68 | }, | ||
69 | ], | ||
70 | "Timestamp": now, | ||
71 | "StatisticValues": { | ||
72 | "SampleCount": sample_count, | ||
73 | "Sum": float(val["avg"]) * sample_count, | ||
74 | "Minimum": float(val["min"]), | ||
75 | "Maximum": float(val["max"]), | ||
76 | }, | ||
77 | "Unit": "Milliseconds" | ||
78 | }, | ||
79 | { | ||
80 | "MetricName": "PingRTT", | ||
81 | "Dimensions": [ | ||
82 | { | ||
83 | "Name": "To Location", | ||
84 | "Value": to_location, | ||
85 | } | ||
86 | ], | ||
87 | "Timestamp": now, | ||
88 | "StatisticValues": { | ||
89 | "SampleCount": sample_count, | ||
90 | "Sum": float(val["avg"]) * sample_count, | ||
91 | "Minimum": float(val["min"]), | ||
92 | "Maximum": float(val["max"]), | ||
93 | }, | ||
94 | "Unit": "Milliseconds" | ||
95 | }, | ||
96 | ] | ||
97 | ) | ||
98 | |||
99 | return 0 | ||
100 | |||
101 | |||
102 | if __name__ == "__main__": | ||
103 | sys.exit(main()) | ||
diff --git a/psql/Dockerfile b/psql/Dockerfile deleted file mode 100644 index eee7712..0000000 --- a/psql/Dockerfile +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \ | ||
5 | apt-get update && \ | ||
6 | apt-get install -y postgresql-client && \ | ||
7 | # Cleanup | ||
8 | apt-get clean && \ | ||
9 | rm -rf /var/lib/apt/lists/* && \ | ||
10 | rm -rf /tmp/* | ||
11 | |||
12 | ENTRYPOINT [ "/usr/bin/psql" ] | ||
diff --git a/psql/run b/psql/run deleted file mode 100755 index a14f7c6..0000000 --- a/psql/run +++ /dev/null | |||
@@ -1,7 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -ti --rm --detach-keys=ctrl-@ \ | ||
4 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
5 | -v $HOME/share:$HOME/share \ | ||
6 | -v $HOME/.psqlrc:$HOME/.psqlrc \ | ||
7 | psql "$@" | ||
diff --git a/s3cmd/Dockerfile b/s3cmd/Dockerfile deleted file mode 100644 index 7962dcb..0000000 --- a/s3cmd/Dockerfile +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | apt-get update && \ | ||
5 | apt-get install -y apt-utils s3cmd ca-certificates | ||
6 | |||
7 | RUN \ | ||
8 | groupadd -g 1677955 crutem && \ | ||
9 | useradd -m -d /home/crutem -g crutem -u 1677955 crutem | ||
10 | |||
11 | RUN \ | ||
12 | apt-get clean && \ | ||
13 | rm -rf /var/lib/apt/lists/* && \ | ||
14 | rm -rf /tmp/* | ||
15 | |||
16 | USER crutem | ||
17 | ENV LANG C.UTF-8 | ||
18 | ENV BROWSER elinks | ||
19 | ENV HOME /home/crutem | ||
20 | WORKDIR /home/crutem | ||
21 | |||
22 | ENTRYPOINT ["/usr/bin/s3cmd"] | ||
diff --git a/s3cmd/run b/s3cmd/run deleted file mode 100755 index de2e9de..0000000 --- a/s3cmd/run +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -i --rm \ | ||
4 | -w `pwd` \ | ||
5 | -v `pwd`:`pwd` \ | ||
6 | -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ | ||
7 | -v $HOME/share:$HOME/share \ | ||
8 | -v $HOME/.s3cfg:$HOME/.s3cfg \ | ||
9 | s3cmd "$@" | ||
diff --git a/skopeo/Dockerfile b/skopeo/Dockerfile deleted file mode 100644 index 5a7b0a3..0000000 --- a/skopeo/Dockerfile +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -euxo pipefail; \ | ||
5 | apk add --no-cache \ | ||
6 | skopeo \ | ||
7 | ; | ||
8 | |||
9 | ENTRYPOINT [ "/usr/bin/skopeo" ] | ||
diff --git a/skopeo/Makefile b/skopeo/Makefile deleted file mode 100644 index 28e15d5..0000000 --- a/skopeo/Makefile +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/skopeo:latest | ||
2 | |||
3 | all: | ||
4 | docker pull alpine:edge | ||
5 | docker build -t $(IMAGE) . | ||
6 | |||
7 | all-no-cache: | ||
8 | docker build --no-cache -t $(IMAGE) . | ||
9 | |||
10 | run: | ||
11 | docker run -d --net=host \ | ||
12 | -p 53:53/tcp \ | ||
13 | -p 53:53/udp \ | ||
14 | -p 953:953 \ | ||
15 | -v /home/mcrute/tmp/bind/conf:/etc/bind \ | ||
16 | -v /home/mcrute/tmp/bind/cache:/var/cache/bind \ | ||
17 | $(IMAGE) | ||
18 | |||
19 | publish: | ||
20 | docker push $(IMAGE) | ||
diff --git a/smokeping_prober/Dockerfile b/smokeping_prober/Dockerfile deleted file mode 100644 index 0e8fe47..0000000 --- a/smokeping_prober/Dockerfile +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | FROM golang:latest AS builder | ||
2 | LABEL maintainer="Mike Crute <mike@pomonaconsulting.com>" | ||
3 | |||
4 | RUN set -eux; \ | ||
5 | cd /tmp; \ | ||
6 | go version; \ | ||
7 | git clone https://github.com/SuperQ/smokeping_prober.git; \ | ||
8 | cd smokeping_prober; \ | ||
9 | CGO_ENABLED=0 go build -o smokeping_prober *.go | ||
10 | |||
11 | |||
12 | FROM alpine:latest | ||
13 | COPY --from=builder /tmp/smokeping_prober/smokeping_prober /smokeping_prober | ||
14 | ENTRYPOINT [ "/smokeping_prober" ] | ||
diff --git a/smokeping_prober/Makefile b/smokeping_prober/Makefile deleted file mode 100644 index 2f2de74..0000000 --- a/smokeping_prober/Makefile +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | VERSION=0.3.0 | ||
2 | IMAGE=docker.crute.me/smokeping-prober:$(VERSION) | ||
3 | LATEST=$(subst :$(VERSION),,$(IMAGE)):latest | ||
4 | |||
5 | all: | ||
6 | docker pull golang:latest | ||
7 | docker pull alpine:latest | ||
8 | docker build -t $(IMAGE) . | ||
9 | |||
10 | all-no-cache: | ||
11 | docker build \ | ||
12 | --no-cache \ | ||
13 | -t $(IMAGE) . | ||
14 | |||
15 | publish: | ||
16 | docker push $(IMAGE) | ||
17 | docker tag $(IMAGE) $(LATEST) | ||
18 | docker push $(LATEST) | ||
diff --git a/ssh-bastion/Dockerfile b/ssh-bastion/Dockerfile deleted file mode 100644 index 2539c7b..0000000 --- a/ssh-bastion/Dockerfile +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN \ | ||
5 | apk add --no-cache \ | ||
6 | openssh-server-pam \ | ||
7 | google-authenticator \ | ||
8 | && cp /etc/ssh/sshd_config /etc/ssh/sshd_config.alpine \ | ||
9 | && mkdir /var/run/sshd \ | ||
10 | && chmod 700 /var/run/sshd | ||
11 | |||
12 | ADD etc/ /etc/ | ||
13 | ADD entrypoint.sh / | ||
14 | |||
15 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
16 | CMD [ "/usr/sbin/sshd", "-D", "-e" ] | ||
diff --git a/ssh-bastion/Makefile b/ssh-bastion/Makefile deleted file mode 100644 index b38c4f4..0000000 --- a/ssh-bastion/Makefile +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/ssh-bastion:latest | ||
2 | |||
3 | all: | ||
4 | docker build -t $(IMAGE) . | ||
5 | |||
6 | all-no-cache: | ||
7 | docker build --no-cache -t $(IMAGE) . | ||
8 | |||
9 | run: | ||
10 | docker run \ | ||
11 | -p 4321:4321 \ | ||
12 | -v /home/mcrute/tmp/ssh:/srv/ssh \ | ||
13 | $(IMAGE) | ||
14 | |||
15 | publish: | ||
16 | docker push $(IMAGE) | ||
diff --git a/ssh-bastion/entrypoint.sh b/ssh-bastion/entrypoint.sh deleted file mode 100755 index f48a3c3..0000000 --- a/ssh-bastion/entrypoint.sh +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if [ ! -d /srv/ssh/hostkeys ]; then | ||
4 | echo "No host keys found... generating" | ||
5 | mkdir -p /srv/ssh/hostkeys | ||
6 | |||
7 | ssh-keygen -f /srv/ssh/hostkeys/rsa_key -N '' -t rsa | ||
8 | ssh-keygen -f /srv/ssh/hostkeys/ed25519_key -N '' -t ed25519 | ||
9 | ssh-keygen -f /srv/ssh/hostkeys/ecdsa_key -N '' -t ecdsa | ||
10 | |||
11 | rm *.pub | ||
12 | fi | ||
13 | |||
14 | if [ ! -d /srv/ssh/users ]; then | ||
15 | echo "No users directory found... creating" | ||
16 | mkdir -p /srv/ssh/users | ||
17 | fi | ||
18 | |||
19 | for path in /srv/ssh/users/*; do | ||
20 | user=$(basename $path) | ||
21 | if [ "$user" = "*" ]; then | ||
22 | break | ||
23 | fi | ||
24 | |||
25 | if getent passwd $user 2>&1 >/dev/null; then | ||
26 | echo "User $user already exists" | ||
27 | continue | ||
28 | fi | ||
29 | |||
30 | uid=$(cat /srv/ssh/users/$user/uid) | ||
31 | if [[ -z "$uid" ]]; then | ||
32 | echo "No UID for $user" | ||
33 | exit 1 | ||
34 | fi | ||
35 | |||
36 | echo "Creating user ${user}(${uid})" | ||
37 | adduser -DH -s /sbin/nologin -u $uid $user | ||
38 | done | ||
39 | |||
40 | exec "$@" | ||
diff --git a/ssh-bastion/etc/pam.d/sshd b/ssh-bastion/etc/pam.d/sshd deleted file mode 100644 index b0f90a4..0000000 --- a/ssh-bastion/etc/pam.d/sshd +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | account include base-account | ||
2 | |||
3 | auth required pam_google_authenticator.so secret=/srv/ssh/users/${USER}/totp user=root no_strict_owner | ||
4 | |||
5 | session required pam_unix.so | ||
diff --git a/ssh-bastion/etc/ssh/sshd_config b/ssh-bastion/etc/ssh/sshd_config deleted file mode 100644 index fbe71c6..0000000 --- a/ssh-bastion/etc/ssh/sshd_config +++ /dev/null | |||
@@ -1,101 +0,0 @@ | |||
1 | # vim:set ft=sshdconfig | ||
2 | |||
3 | HostKey /srv/ssh/hostkeys/rsa_key | ||
4 | HostKey /srv/ssh/hostkeys/ed25519_key | ||
5 | |||
6 | # By default SSH attempts to chdir to the logged-in user's home directory. The | ||
7 | # vast majority of users won't have a home directory on the machine, so | ||
8 | # suppress the warning with a chroot. | ||
9 | ChrootDirectory / | ||
10 | |||
11 | # No users will have home directories and all configs are under control of the | ||
12 | # admin who mounts them from outside of this docker container so there is no | ||
13 | # need to check modes and in-fact enabling this will cause failures. | ||
14 | StrictModes no | ||
15 | |||
16 | Protocol 2 | ||
17 | |||
18 | # Bind a port above 1024 so we can run ssh as an unpriviledged user | ||
19 | Port 4321 | ||
20 | |||
21 | SyslogFacility AUTH | ||
22 | LogLevel INFO | ||
23 | PidFile /var/run/sshd.pid | ||
24 | |||
25 | PubkeyAuthentication yes | ||
26 | HostbasedAuthentication no | ||
27 | IgnoreRhosts yes | ||
28 | PasswordAuthentication no | ||
29 | PermitEmptyPasswords no | ||
30 | AuthorizedKeysFile /srv/ssh/users/%u/ssh | ||
31 | |||
32 | UsePAM yes | ||
33 | PermitRootLogin no | ||
34 | ChallengeResponseAuthentication yes | ||
35 | AuthenticationMethods publickey,keyboard-interactive:pam | ||
36 | |||
37 | # Limit the number of authentication attemps per connection. SSH will log | ||
38 | # failues once attempts reach half this number so this should also log all | ||
39 | # authentication failures as well. | ||
40 | PermitTTY no | ||
41 | MaxAuthTries 2 | ||
42 | ForceCommand /usr/bin/nologin | ||
43 | |||
44 | # This turns off reverse lookups of the originating host which hang sshd on DNS | ||
45 | # timeouts when DNS is down. This also breaks "from=" lines in authorizd_keys | ||
46 | # files which must be converted to dotted quad ip addrs. | ||
47 | UseDNS no | ||
48 | |||
49 | # By default SSH doesn't accept any environment variables from the client. But | ||
50 | # we use this specific variable to pass robot user authentication tokens into | ||
51 | # the system. | ||
52 | AcceptEnv LANG LC_* | ||
53 | |||
54 | # Disconnect after this period of time if the user hasn't provided a correct | ||
55 | # password. | ||
56 | LoginGraceTime 120 | ||
57 | |||
58 | # Disconnect dead sessions after 30 minutes of inactivity. The server will send | ||
59 | # a keepalive every minutes and tolerate up to 30 failures before terminating | ||
60 | # the session. | ||
61 | ClientAliveInterval 60 | ||
62 | ClientAliveCountMax 30 | ||
63 | |||
64 | # Don't use TCP keepalives to prevent connections from dying when a temporary | ||
65 | # routing issue occurs. | ||
66 | TCPKeepAlive no | ||
67 | |||
68 | # Allow up to 100 simultaneous unauthenticated connections. Any connections | ||
69 | # beyond that limit will be dropped. | ||
70 | MaxStartups 100 | ||
71 | |||
72 | # The maxiumum number of sessions which can be served on one multi-plexing | ||
73 | # connection. ssh does not fail gracefully when this number is exceeded, so we | ||
74 | # keep it high. | ||
75 | MaxSessions 100 | ||
76 | |||
77 | X11Forwarding no | ||
78 | PrintMotd no | ||
79 | |||
80 | # Used hardened crypto algorithms | ||
81 | # | ||
82 | # Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html | ||
83 | # And also: https://access.redhat.com/discussions/3121481 | ||
84 | # And also: https://infosec.mozilla.org/guidelines/openssh | ||
85 | # Validated by: https://sshcheck.com/ | ||
86 | KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | ||
87 | Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | ||
88 | MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com | ||
89 | HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com | ||
90 | # These may be needed for older ssh clients but use SHA1 so are discouraged | ||
91 | #HostKeyAlgorithms ssh-rsa,ssh-rsa-cert-v01@openssh.com | ||
92 | |||
93 | # Enable gateway ports for phone-home bastions so that administrators can | ||
94 | # connect back to the forwarded ports without needing ssh access to the bastion | ||
95 | # host itself. Also locks down what can be forwarded and to where. | ||
96 | Match user phonehome | ||
97 | GatewayPorts yes | ||
98 | AuthenticationMethods publickey | ||
99 | AllowTcpForwarding remote | ||
100 | PermitOpen none | ||
101 | Match all | ||
diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile deleted file mode 100644 index 630446b..0000000 --- a/strongswan/Dockerfile +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -euxo pipefail; \ | ||
5 | apk add --no-cache \ | ||
6 | strongswan \ | ||
7 | ; \ | ||
8 | rm /etc/ipsec.conf; \ | ||
9 | echo ": RSA vpn.pem" > /etc/ipsec.secrets | ||
10 | |||
11 | ADD crute-root.pem /etc/ipsec.d/cacerts/ | ||
12 | ADD vpn-g1.pem /etc/ipsec.d/cacerts/ | ||
13 | ADD entrypoint.sh / | ||
14 | |||
15 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
16 | CMD [ "/usr/sbin/ipsec", "start", "--nofork" ] | ||
diff --git a/strongswan/Makefile b/strongswan/Makefile deleted file mode 100644 index 7913802..0000000 --- a/strongswan/Makefile +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | IMAGE=docker.crute.me/strongswan:latest | ||
2 | |||
3 | all: | ||
4 | docker build -t $(IMAGE) . | ||
5 | |||
6 | all-no-cache: | ||
7 | docker build --no-cache -t $(IMAGE) . | ||
8 | |||
9 | run: | ||
10 | @echo "Not configured" | ||
11 | @exit 1 | ||
12 | |||
13 | publish: | ||
14 | docker push $(IMAGE) | ||
diff --git a/strongswan/entrypoint.sh b/strongswan/entrypoint.sh deleted file mode 100755 index 22dff19..0000000 --- a/strongswan/entrypoint.sh +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if [ ! -f "/config/vpn-cert.pem" ]; then | ||
4 | echo "Missing VPN server cert at '/config/vpn-cert.pem'" | ||
5 | exit 1 | ||
6 | fi | ||
7 | cp /config/vpn-cert.pem /etc/ipsec.d/certs/vpn.pem | ||
8 | chmod 444 /etc/ipsec.d/certs/vpn.pem | ||
9 | |||
10 | if [ ! -f "/config/vpn-key.pem" ]; then | ||
11 | echo "Missing VPN server key at '/config/vpn-key.pem'" | ||
12 | exit 1 | ||
13 | fi | ||
14 | cp /config/vpn-key.pem /etc/ipsec.d/private/vpn.pem | ||
15 | chmod 400 /etc/ipsec.d/private/vpn.pem | ||
16 | |||
17 | if [ ! -f "/config/ipsec.conf" ]; then | ||
18 | echo "Missing VPN server config at '/config/ipsec.conf'" | ||
19 | exit 1 | ||
20 | fi | ||
21 | cp /config/ipsec.conf /etc/ipsec.conf | ||
22 | chmod 444 /etc/ipsec.conf | ||
23 | |||
24 | exec "$@" | ||
diff --git a/stund/Dockerfile b/stund/Dockerfile deleted file mode 100644 index 962ecb6..0000000 --- a/stund/Dockerfile +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | FROM alpine:latest | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | RUN set -euxo pipefail; \ | ||
5 | apk add --no-cache \ | ||
6 | dumb-init \ | ||
7 | su-exec \ | ||
8 | libnice; \ | ||
9 | adduser -SDH stun | ||
10 | |||
11 | CMD [ \ | ||
12 | "/usr/bin/dumb-init", "-c", \ | ||
13 | "/sbin/su-exec", "stun", \ | ||
14 | "/usr/bin/stund", "-4" \ | ||
15 | ] | ||
diff --git a/stund/Makefile b/stund/Makefile deleted file mode 100644 index a0fa40d..0000000 --- a/stund/Makefile +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | VERSION=latest | ||
2 | IMAGE=docker.crute.me/stund | ||
3 | |||
4 | all: | ||
5 | docker build -t $(IMAGE):$(VERSION) . | ||
6 | |||
7 | all-no-cache: | ||
8 | docker build \ | ||
9 | --no-cache \ | ||
10 | -t $(IMAGE):$(VERSION) . | ||
11 | |||
12 | run: | ||
13 | docker run -d \ | ||
14 | -p 3478:3478/udp \ | ||
15 | $(IMAGE):$(VERSION) | ||
16 | |||
17 | publish: | ||
18 | docker push $(IMAGE):$(VERSION) | ||
19 | docker tag $(IMAGE):$(VERSION) $(IMAGE):latest | ||
20 | docker push $(IMAGE):latest | ||
diff --git a/unifi-video/Dockerfile b/unifi-video/Dockerfile deleted file mode 100644 index ae584b0..0000000 --- a/unifi-video/Dockerfile +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | FROM frolvlad/alpine-java:jre8-slim | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | ARG dl_url | ||
5 | |||
6 | ADD lsb_release /usr/bin | ||
7 | ADD log4j2.json /tmp | ||
8 | |||
9 | RUN \ | ||
10 | # Validate required arguments were passed | ||
11 | test -z "${dl_url}" && { echo -e "\033[31mMissing build parameter 'dl_url'\033[39m"; exit 1; }; \ | ||
12 | \ | ||
13 | # Install build and run dependencies | ||
14 | apk add --no-cache --virtual .build-deps \ | ||
15 | binutils \ | ||
16 | ca-certificates \ | ||
17 | curl \ | ||
18 | && apk add --no-cache \ | ||
19 | dumb-init \ | ||
20 | libcap \ | ||
21 | mongodb \ | ||
22 | su-exec \ | ||
23 | \ | ||
24 | # Fetch the Unifi package | ||
25 | && cd /tmp \ | ||
26 | && curl -s -o unifi_video.deb "${dl_url}" \ | ||
27 | \ | ||
28 | # Unpack the debian package and "install" it | ||
29 | && ar x unifi_video.deb \ | ||
30 | && mkdir debian \ | ||
31 | && tar -C debian -xzf control.tar.gz \ | ||
32 | && tar -xzf data.tar.gz \ | ||
33 | && rm -rf usr/share usr/sbin \ | ||
34 | && mv usr/lib/unifi-video /usr/lib \ | ||
35 | \ | ||
36 | # Create directories and link everything together | ||
37 | && mkdir -p /var/lib/unifi-video /var/log/unifi-video /var/run/unifi-video \ | ||
38 | && ln -sf /usr/bin/mongod /usr/lib/unifi-video/bin/mongod \ | ||
39 | && ln -sf /var/lib/unifi-video /usr/lib/unifi-video/data \ | ||
40 | && ln -sf /var/log/unifi-video /usr/lib/unifi-video/logs \ | ||
41 | && ln -sf /var/run/unifi-video /usr/lib/unifi-video/run \ | ||
42 | \ | ||
43 | # Create Tomcat directories | ||
44 | && mkdir -p /usr/lib/unifi-video/conf/Catalina \ | ||
45 | && mkdir -p /usr/lib/unifi-video/work \ | ||
46 | \ | ||
47 | # Write out version file | ||
48 | && VERSIG=$(awk '/^VERSIG/ { split($1, a, "="); print a[2]; }' debian/postinst) \ | ||
49 | && echo "NVR.x86_64.${VERSIG}" > /etc/discovery.version \ | ||
50 | \ | ||
51 | # Install our customizations | ||
52 | && mv /tmp/log4j2.json /usr/lib/unifi-video \ | ||
53 | \ | ||
54 | # Cleanup | ||
55 | && apk del .build-deps \ | ||
56 | && rm -rf /tmp/* | ||
57 | |||
58 | ADD entrypoint.sh / | ||
59 | |||
60 | STOPSIGNAL SIGTERM | ||
61 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
diff --git a/unifi-video/Makefile b/unifi-video/Makefile deleted file mode 100644 index 1b8fde4..0000000 --- a/unifi-video/Makefile +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | VERSION=3.10.13 | ||
2 | IMAGE=docker.crute.me/unifi-video | ||
3 | DL_URL="https://dl.ubnt.com/firmwares/ufv/v$(VERSION)/unifi-video.Ubuntu16.04_amd64.v$(VERSION).deb" | ||
4 | |||
5 | all: | ||
6 | docker pull frolvlad/alpine-java:jre8-slim | ||
7 | docker build \ | ||
8 | --build-arg=dl_url=$(DL_URL) \ | ||
9 | -t $(IMAGE):$(VERSION) . | ||
10 | |||
11 | all-no-cache: | ||
12 | docker build \ | ||
13 | --no-cache \ | ||
14 | --build-arg=dl_url=$(DL_URL) \ | ||
15 | -t $(IMAGE):$(VERSION) . | ||
16 | |||
17 | run: | ||
18 | # 6666 - Inbound Camera Streams | ||
19 | # 7080 - HTTP Web UI | ||
20 | # 7442 - Camera Management | ||
21 | # 7443 - HTTPS Web UI | ||
22 | # 7445 - Video Over HTTP | ||
23 | # 7446 - Video Over HTTPS | ||
24 | # 7447 - RTSP via Controller | ||
25 | docker run \ | ||
26 | -p 6666:6666 \ | ||
27 | -p 7080:7080 \ | ||
28 | -p 7442:7442 \ | ||
29 | -p 7443:7443 \ | ||
30 | -p 7445:7445 \ | ||
31 | -p 7446:7446 \ | ||
32 | -p 7447:7447 \ | ||
33 | -v /home/mcrute/tmp/unifi-data:/var/lib/unifi-video \ | ||
34 | $(IMAGE):$(VERSION) | ||
35 | |||
36 | publish: | ||
37 | docker push $(IMAGE):$(VERSION) | ||
38 | docker tag $(IMAGE):$(VERSION) $(IMAGE):latest | ||
39 | docker push $(IMAGE):latest | ||
diff --git a/unifi-video/entrypoint.sh b/unifi-video/entrypoint.sh deleted file mode 100755 index 7b1e7b1..0000000 --- a/unifi-video/entrypoint.sh +++ /dev/null | |||
@@ -1,97 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | USERNAME="unifi-video" | ||
6 | BASEDIR="/usr/lib/unifi-video" | ||
7 | DATA_DIR="${BASEDIR}/data" | ||
8 | |||
9 | # Default UID/GID to owner of the data directory | ||
10 | UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)} | ||
11 | UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)} | ||
12 | |||
13 | if [ "$UNIFI_UID" = 0 -o "$UNIFI_GID" = 0 ]; then | ||
14 | echo "Set UNIFI_UID and UNIFI_GID in environment" | ||
15 | exit 1 | ||
16 | else | ||
17 | echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID" | ||
18 | fi | ||
19 | |||
20 | cd ${BASEDIR} | ||
21 | |||
22 | # Create the user and group if they don't exist | ||
23 | if ! grep "^${USERNAME}:" /etc/group &>/dev/null; then | ||
24 | addgroup -g ${UNIFI_GID} -S ${USERNAME} | ||
25 | fi | ||
26 | if ! grep "^${USERNAME}:" /etc/passwd &>/dev/null; then | ||
27 | adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} | ||
28 | fi | ||
29 | |||
30 | mkdir -p /var/log/mongodb/logs | ||
31 | |||
32 | # Update permissions on the root directories | ||
33 | chown -R ${USERNAME}:${USERNAME} \ | ||
34 | /var/run/unifi-video \ | ||
35 | /var/log/unifi-video \ | ||
36 | /var/lib/unifi-video \ | ||
37 | /var/log/mongodb/logs | ||
38 | |||
39 | chown -R ${USERNAME}:${USERNAME} \ | ||
40 | /usr/lib/unifi-video/conf/evostream \ | ||
41 | /usr/lib/unifi-video/webapps \ | ||
42 | /usr/lib/unifi-video/conf/Catalina \ | ||
43 | /usr/lib/unifi-video/work | ||
44 | |||
45 | # But do not let the unifi user write the ROOT WAR | ||
46 | chown root:root /usr/lib/unifi-video/webapps/ROOT.war | ||
47 | |||
48 | # Setup tmpfs if the user mounted it | ||
49 | TMPFS_ARG= | ||
50 | TMPFS_DIR="/var/cache/unifi-video" | ||
51 | if [ -d $TMPFS_DIR ]; then | ||
52 | TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}" | ||
53 | chown ${USERNAME} ${TMPFS_DIR} | ||
54 | chmod -R 0700 ${TMPFS_DIR} | ||
55 | fi | ||
56 | |||
57 | # Do the base setup and migrate files | ||
58 | if [ ! -f "${DATA_DIR}/system.properties" ]; then | ||
59 | cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties" | ||
60 | fi | ||
61 | |||
62 | if [ -f "${DATA_DIR}/truststore" ]; then | ||
63 | rm -f "${DATA_DIR}/truststore" | ||
64 | fi | ||
65 | |||
66 | if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then | ||
67 | cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore" | ||
68 | fi | ||
69 | |||
70 | chown -h ${USERNAME}:${USERNAME} \ | ||
71 | "${DATA_DIR}" \ | ||
72 | "${DATA_DIR}/system.properties" \ | ||
73 | "${DATA_DIR}/ufv-truststore" | ||
74 | |||
75 | # Cleanup mongodb lock file if it exists otherwise the controller will freeze | ||
76 | # forever trying to start Mongo | ||
77 | [ -f data/db/mongod.lock ] && rm data/db/mongod.lock | ||
78 | |||
79 | # Allow running a shell in the container | ||
80 | if [ ! -z "$@" ]; then | ||
81 | /sbin/su-exec ${USERNAME} "$@" | ||
82 | else | ||
83 | # Replace the current process with a scoped-down controller. The java app | ||
84 | # is designed to do its own job control but it has to run with an init | ||
85 | # system or it doesn't get the signals from docker. | ||
86 | exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/jre/bin/java \ | ||
87 | -cp ${BASEDIR}/lib/airvision.jar \ | ||
88 | -Dlog4j.configurationFile=${BASEDIR}/log4j2.json \ | ||
89 | ${TMPFS_ARG} \ | ||
90 | -Djava.library.path=${BASEDIR}/lib \ | ||
91 | -Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \ | ||
92 | -Djava.security.egd=file:/dev/urandom \ | ||
93 | -Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \ | ||
94 | -Djava.awt.headless=true \ | ||
95 | -Dfile.encoding=UTF-8 \ | ||
96 | com.ubnt.airvision.Main start | ||
97 | fi | ||
diff --git a/unifi-video/log4j2.json b/unifi-video/log4j2.json deleted file mode 100644 index 6e0270c..0000000 --- a/unifi-video/log4j2.json +++ /dev/null | |||
@@ -1,135 +0,0 @@ | |||
1 | { | ||
2 | "configuration": { | ||
3 | "name": "Release", | ||
4 | |||
5 | "properties": { | ||
6 | "property": { | ||
7 | "name": "fileAppenderLayout", | ||
8 | "value": "%d{UNIX}.%d{SSS} %d{yyyy-MM-dd HH:mm:ss.SSS/zzz}: %-6p %m in %t%n" | ||
9 | } | ||
10 | }, | ||
11 | |||
12 | "appenders": { | ||
13 | "appender": [ | ||
14 | { | ||
15 | "type": "Console", | ||
16 | "name": "STDOUT", | ||
17 | "patternLayout": { "pattern": "${fileAppenderLayout}" }, | ||
18 | "thresholdFilter": { "level": "trace" } | ||
19 | } | ||
20 | ] | ||
21 | }, | ||
22 | |||
23 | "loggers": { | ||
24 | "root": { | ||
25 | "level": "warn", | ||
26 | "AppenderRef": [ | ||
27 | { "ref": "STDOUT" } | ||
28 | ] | ||
29 | }, | ||
30 | "logger": [ | ||
31 | { "name": "uv", "level": "INFO" }, | ||
32 | { "name": "com.ubnt", "level": "off" }, | ||
33 | { "name": "org.apache.commons.httpclient", "level": "error" }, | ||
34 | { "name": "com.mongodb", "level": "error" }, | ||
35 | { "name": "javax.jmdns", "level": "fatal" }, | ||
36 | { "name": "net.schmizz", "level": "fatal" }, | ||
37 | { "name": "org.apache.catalina.startup.Catalina", "level": "error" }, | ||
38 | { "name": "org.apache.catalina.startup.DigesterFactory", "level": "error" }, | ||
39 | { "name": "org.apache.tomcat.util.digester.Digester", "level": "error" }, | ||
40 | { "name": "org.atmosphere.cpr.SessionSupport", "level": "error" }, | ||
41 | { | ||
42 | "name": "uv.service.recording", | ||
43 | "level": "info", "additivity": "false", | ||
44 | "AppenderRef": [ | ||
45 | { "ref": "STDOUT" } | ||
46 | ] | ||
47 | }, | ||
48 | { | ||
49 | "name": "uv.service.recording.sync", | ||
50 | "level": "debug", "additivity": "false", | ||
51 | "AppenderRef": [ | ||
52 | { "ref": "STDOUT" } | ||
53 | ] | ||
54 | }, | ||
55 | { | ||
56 | "name": "uv.service.recording.segments", | ||
57 | "level": "debug", "additivity": "false", | ||
58 | "AppenderRef": [ | ||
59 | { "ref": "STDOUT" } | ||
60 | ] | ||
61 | }, | ||
62 | { | ||
63 | "name": "uv.service.connection", | ||
64 | "level": "info", "additivity": "false", | ||
65 | "AppenderRef": [ | ||
66 | { "ref": "STDOUT" } | ||
67 | ] | ||
68 | }, | ||
69 | { | ||
70 | "name": "uv.purge", | ||
71 | "level": "info", "additivity": "false", | ||
72 | "AppenderRef": [ | ||
73 | { "ref": "STDOUT" } | ||
74 | ] | ||
75 | }, | ||
76 | { | ||
77 | "name": "uv.service.motion", | ||
78 | "level": "info", "additivity": "false", | ||
79 | "AppenderRef": [ | ||
80 | { "ref": "STDOUT" } | ||
81 | ] | ||
82 | }, | ||
83 | { | ||
84 | "name": "uv.stream", | ||
85 | "level": "info", "additivity": "false", | ||
86 | "AppenderRef": [ | ||
87 | { "ref": "STDOUT" } | ||
88 | ] | ||
89 | }, | ||
90 | { | ||
91 | "name": "uv.comm.ems", | ||
92 | "level": "info", "additivity": "false", | ||
93 | "AppenderRef": [ | ||
94 | { "ref": "STDOUT" } | ||
95 | ] | ||
96 | }, | ||
97 | { | ||
98 | "name": "uv.comm.camera", | ||
99 | "level": "info", "additivity": "false", | ||
100 | "AppenderRef": [ | ||
101 | { "ref": "STDOUT" } | ||
102 | ] | ||
103 | }, | ||
104 | { | ||
105 | "name": "uv.comm.sso", | ||
106 | "level": "info", "additivity": "false", | ||
107 | "AppenderRef": [ | ||
108 | { "ref": "STDOUT" } | ||
109 | ] | ||
110 | }, | ||
111 | { | ||
112 | "name": "uv.service.dbMigration", | ||
113 | "level": "info", "additivity": "false", | ||
114 | "AppenderRef": [ | ||
115 | { "ref": "STDOUT" } | ||
116 | ] | ||
117 | }, | ||
118 | { | ||
119 | "name": "uv.service.hls", | ||
120 | "level": "info", "additivity": "false", | ||
121 | "AppenderRef": [ | ||
122 | { "ref": "STDOUT" } | ||
123 | ] | ||
124 | }, | ||
125 | { | ||
126 | "name": "uv.login", | ||
127 | "level": "info", "additivity": "false", | ||
128 | "AppenderRef": [ | ||
129 | { "ref": "STDOUT" } | ||
130 | ] | ||
131 | } | ||
132 | ] | ||
133 | } | ||
134 | } | ||
135 | } | ||
diff --git a/unifi-video/lsb_release b/unifi-video/lsb_release deleted file mode 100755 index 2edb739..0000000 --- a/unifi-video/lsb_release +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Stub called by the controller to do software update checks. Absence causes | ||
4 | # failure. Since we're running alpine but UBNT doesn't know what that is just | ||
5 | # lie and say we're Ubuntu | ||
6 | # | ||
7 | |||
8 | cat <<EOF | ||
9 | Distributor ID: Ubuntu | ||
10 | Description: Ubuntu 16.04.3 LTS | ||
11 | Release: 16.04 | ||
12 | Codename: xenial | ||
13 | EOF | ||
diff --git a/unifi/.dockerignore b/unifi/.dockerignore deleted file mode 100644 index f3c7a7c..0000000 --- a/unifi/.dockerignore +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | Makefile | ||
diff --git a/unifi/Dockerfile b/unifi/Dockerfile deleted file mode 100644 index b04fd2d..0000000 --- a/unifi/Dockerfile +++ /dev/null | |||
@@ -1,60 +0,0 @@ | |||
1 | FROM alpine:edge | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | # TODO: Move all the unpacking stuff to the Makefile | ||
5 | |||
6 | ARG deb_version | ||
7 | ARG checksum | ||
8 | |||
9 | ADD log4j.properties /tmp/ | ||
10 | |||
11 | RUN set -euxo pipefail; \ | ||
12 | # Validate required arguments were passed | ||
13 | test -z "${deb_version}" && { echo -e "\033[31mMissing build parameter 'deb_version'\033[39m"; exit 1; }; \ | ||
14 | test -z "${checksum}" && { echo -e "\033[31mMissing build parameter 'checksum'\033[39m"; exit 1; }; \ | ||
15 | \ | ||
16 | # Install build and run dependencies | ||
17 | apk add --no-cache --virtual .build-deps \ | ||
18 | binutils \ | ||
19 | ca-certificates \ | ||
20 | curl \ | ||
21 | && apk add --no-cache \ | ||
22 | dumb-init \ | ||
23 | java-snappy \ | ||
24 | libcap \ | ||
25 | nss \ | ||
26 | openjdk17-jre-headless \ | ||
27 | su-exec \ | ||
28 | \ | ||
29 | # Fetch the Unifi package and validate the checksum before unpacking | ||
30 | && cd /tmp \ | ||
31 | && curl -sO "https://dl.ui.com/unifi/${deb_version}/unifi_sysvinit_all.deb" \ | ||
32 | && echo "${checksum} *unifi_sysvinit_all.deb" > checksums.txt \ | ||
33 | && sha256sum -sc checksums.txt \ | ||
34 | \ | ||
35 | # Unpack the debian package and "install" it | ||
36 | && ar x unifi_sysvinit_all.deb \ | ||
37 | && tar -xJf data.tar.xz \ | ||
38 | && rm usr/lib/unifi/bin/unifi.init \ | ||
39 | && mv usr/lib/unifi /usr/lib \ | ||
40 | \ | ||
41 | # Create directories and link everything together | ||
42 | && mkdir -p /var/lib/unifi /var/log/unifi /var/run/unifi \ | ||
43 | && ln -sf /usr/bin/mongod /usr/lib/unifi/bin/mongod \ | ||
44 | && ln -sf /var/lib/unifi /usr/lib/unifi/data \ | ||
45 | && ln -sf /var/log/unifi /usr/lib/unifi/logs \ | ||
46 | && ln -sf /var/run/unifi /usr/lib/unifi/run \ | ||
47 | \ | ||
48 | # Install our customizations | ||
49 | && mv /tmp/log4j.properties /usr/lib/unifi \ | ||
50 | \ | ||
51 | # Cleanup | ||
52 | && apk del .build-deps \ | ||
53 | && rm -rf /tmp/* | ||
54 | |||
55 | ADD unifi-setup.sh / | ||
56 | ADD simplevisor.json / | ||
57 | ADD simplevisor / | ||
58 | |||
59 | STOPSIGNAL SIGTERM | ||
60 | ENTRYPOINT [ "/simplevisor" ] | ||
diff --git a/unifi/Makefile b/unifi/Makefile deleted file mode 100644 index 36f0327..0000000 --- a/unifi/Makefile +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | VERSION=8.0.7 | ||
2 | VERSION_SUFFIX=-7a3d06144a | ||
3 | VERSION_TAG=$(VERSION)-0 | ||
4 | IMAGE=docker.crute.me/unifi:$(VERSION_TAG) | ||
5 | LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest | ||
6 | |||
7 | DEB_VERSION="$(VERSION)$(VERSION_SUFFIX)" | ||
8 | CHECKSUM="4221d7a0f8ce66c58a4f71b70ba6f32e16310429d3fe8165bf0f47bbdb6401a6" | ||
9 | |||
10 | all: | ||
11 | docker pull alpine:latest | ||
12 | docker build \ | ||
13 | --no-cache \ | ||
14 | --build-arg=deb_version=$(DEB_VERSION) \ | ||
15 | --build-arg=checksum=$(CHECKSUM) \ | ||
16 | -t $(IMAGE) . | ||
17 | |||
18 | all-no-cache: | ||
19 | docker build \ | ||
20 | --no-cache \ | ||
21 | --build-arg=deb_version=$(DEB_VERSION) \ | ||
22 | --build-arg=checksum=$(CHECKSUM) \ | ||
23 | -t $(IMAGE) . | ||
24 | |||
25 | run: | ||
26 | docker run -d \ | ||
27 | -e UNIFI_UID=1001 \ | ||
28 | -e UNIFI_GID=1001 \ | ||
29 | -p 8080:8080 \ | ||
30 | -p 8443:8443 \ | ||
31 | $(IMAGE) | ||
32 | |||
33 | publish: | ||
34 | docker push $(IMAGE) | ||
35 | |||
36 | publish-prod: | ||
37 | docker tag $(IMAGE) $(LATEST) | ||
38 | docker push $(LATEST) | ||
diff --git a/unifi/log4j.properties b/unifi/log4j.properties deleted file mode 100644 index 643c623..0000000 --- a/unifi/log4j.properties +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | log4j.rootLogger=INFO,server_log | ||
2 | |||
3 | log4j.appender.server_log=org.apache.log4j.ConsoleAppender | ||
4 | log4j.appender.server_log.layout=org.apache.log4j.PatternLayout | ||
5 | log4j.appender.server_log.layout.ConversionPattern=[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n | ||
6 | |||
7 | log4j.logger.java=INFO | ||
8 | log4j.logger.javax=INFO | ||
9 | log4j.logger.javax.jmdns=INFO | ||
10 | log4j.logger.sun=INFO | ||
11 | log4j.logger.org.apache=INFO | ||
12 | log4j.logger.httpclient.wire=INFO | ||
13 | log4j.logger.net.schmizz=INFO | ||
14 | log4j.logger.com.codahale=INFO | ||
15 | log4j.logger.org.apache.jasper=INFO | ||
16 | log4j.logger.org.apache.tomcat=INFO | ||
17 | log4j.logger.org.apache.commons=INFO | ||
18 | log4j.logger.org.apache.catalina=INFO | ||
19 | |||
20 | log4j.logger.org.springframework=INFO | ||
21 | log4j.logger.de.javawi.jstun=INFO | ||
22 | log4j.logger.com.mongodb=INFO | ||
23 | |||
24 | log4j.logger.com.ubnt=INFO | ||
25 | log4j.logger.com.ubiquiti=INFO | ||
diff --git a/unifi/simplevisor.json b/unifi/simplevisor.json deleted file mode 100644 index 566c872..0000000 --- a/unifi/simplevisor.json +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | { | ||
2 | "env": { | ||
3 | "pass": [ | ||
4 | "PATH", | ||
5 | "HOSTNAME", | ||
6 | "SHLVL", | ||
7 | "HOME", | ||
8 | "PWD", | ||
9 | |||
10 | "UNIFI_UID", | ||
11 | "UNIFI_GID", | ||
12 | |||
13 | "MONGO_URL", | ||
14 | "MONGO_STATS_URL" | ||
15 | ], | ||
16 | "vault-replace": [ | ||
17 | "MONGO_USER", | ||
18 | "MONGO_PASSWORD" | ||
19 | ], | ||
20 | "vault-template": [ | ||
21 | "MONGO_URL", | ||
22 | "MONGO_STATS_URL" | ||
23 | ] | ||
24 | }, | ||
25 | "jobs": { | ||
26 | "init": [ | ||
27 | { | ||
28 | "cmd": ["/unifi-setup.sh"], | ||
29 | "run-as": "root" | ||
30 | } | ||
31 | ], | ||
32 | "main": [ | ||
33 | { | ||
34 | "cmd": [ | ||
35 | "/usr/lib/jvm/default-jvm/bin/java", | ||
36 | "-cp", "/usr/lib/unifi/lib/ace.jar", | ||
37 | "-Dlog4j.configuration=file:/usr/lib/unifi/log4j.properties", | ||
38 | "-Dlog4j2.formatMsgNoLookups=true", | ||
39 | "-Dunifi.datadir=/usr/lib/unifi/data", | ||
40 | "-Dunifi.logdir=/usr/lib/unifi/logs", | ||
41 | "-Dunifi.rundir=/usr/lib/unifi/run", | ||
42 | "-Xmx1024M", | ||
43 | "-Djava.awt.headless=true", | ||
44 | "-Dorg.xerial.snappy.use.systemlib=true", | ||
45 | "-Dfile.encoding=UTF-8", | ||
46 | "--add-opens=java.base/java.time=ALL-UNNAMED", | ||
47 | "com.ubnt.ace.Launcher", "start" | ||
48 | ], | ||
49 | "run-as": "unifi" | ||
50 | } | ||
51 | ] | ||
52 | } | ||
53 | } | ||
diff --git a/unifi/unifi-setup.sh b/unifi/unifi-setup.sh deleted file mode 100755 index 86153b5..0000000 --- a/unifi/unifi-setup.sh +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | USERNAME="unifi" | ||
6 | BASEDIR="/usr/lib/unifi" | ||
7 | DATA_DIR="${BASEDIR}/data" | ||
8 | |||
9 | # Default UID/GID to owner of the data directory | ||
10 | UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)} | ||
11 | UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)} | ||
12 | |||
13 | if [ "$UNIFI_GID" = 0 -o "$UNIFI_GID" = 0 ]; then | ||
14 | echo "Set UNIFI_UID and UNIFI_GID in environment" | ||
15 | exit 1 | ||
16 | else | ||
17 | echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID" | ||
18 | fi | ||
19 | |||
20 | cd ${BASEDIR} | ||
21 | |||
22 | # Create the user and group | ||
23 | if ! getent group ${USERNAME} > /dev/null 2>&1; then | ||
24 | addgroup -g ${UNIFI_GID} -S ${USERNAME} | ||
25 | fi | ||
26 | if ! getent passwd ${USERNAME} > /dev/null 2>&1; then | ||
27 | adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} | ||
28 | fi | ||
29 | |||
30 | # Update permissions on the root directories | ||
31 | chown -R ${USERNAME}:${USERNAME} \ | ||
32 | /var/lib/unifi \ | ||
33 | /var/log/unifi \ | ||
34 | /var/run/unifi \ | ||
35 | /usr/lib/unifi/dl | ||
36 | |||
37 | ln -s /var/log/unifi /logs | ||
38 | |||
39 | # Cleanup mongodb lock file if it exists otherwise the controller will freeze | ||
40 | # forever trying to start Mongo | ||
41 | [ -f data/db/mongod.lock ] && rm data/db/mongod.lock | ||
42 | |||
43 | if [ -n "$MONGO_URL" ]; then | ||
44 | echo "Using external mongodb instance" | ||
45 | echo "db.mongo.local=false" >> /var/lib/unifi/system.properties | ||
46 | echo "db.mongo.uri=${MONGO_URL}" >> /var/lib/unifi/system.properties | ||
47 | echo "statdb.mongo.uri=${MONGO_STATS_URL}" >> /var/lib/unifi/system.properties | ||
48 | echo "unifi.db.name=${MONGO_DB_NAME:-ace}" >> /var/lib/unifi/system.properties | ||
49 | echo "statdb.db.name=${MONGO_STATS_DB_NAME:-ace_stat}" >> /var/lib/unifi/system.properties | ||
50 | fi | ||
51 | |||
52 | # If this is set that the controller will start with no settings and will run | ||
53 | # the setup. | ||
54 | # | ||
55 | # WARNING! If this is set on a live database then the controller will delete | ||
56 | # all data and start fresh. | ||
57 | if [ -z "$START_DEFAULT" ]; then | ||
58 | echo "is_default=false" >> /var/lib/unifi/system.properties | ||
59 | fi | ||
60 | |||
61 | # Replace the current process with a scoped-down controller. The java app | ||
62 | # is designed to do its own job control but it has to run with an init | ||
63 | # system or it doesn't get the signals from docker. | ||
64 | # | ||
65 | # Use the snappy native library installed with apk because the bundled on | ||
66 | # is built against libc which is not available in Alpine. Without this | ||
67 | # inform will fail with a decompression library error. | ||
68 | |||
69 | # NOTE: This has been migrated to simplevisor.json | ||
diff --git a/vlc/Dockerfile b/vlc/Dockerfile deleted file mode 100644 index 2c7f50d..0000000 --- a/vlc/Dockerfile +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | FROM ubuntu:16.04 | ||
2 | |||
3 | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||
4 | # sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \ | ||
5 | apt-get update && \ | ||
6 | apt-get install -y apt-utils vlc | ||
7 | |||
8 | RUN \ | ||
9 | apt-get clean && \ | ||
10 | rm -rf /var/lib/apt/lists/* && \ | ||
11 | rm -rf /tmp/* | ||
12 | |||
13 | ENTRYPOINT [ "/usr/bin/vlc" ] | ||
diff --git a/vlc/run b/vlc/run deleted file mode 100755 index 7a4004c..0000000 --- a/vlc/run +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | docker run -ti --rm --net=host \ | ||
4 | -w `pwd` \ | ||
5 | -e DISPLAY \ | ||
6 | -e XAUTHORITY=$HOME/.Xauthority \ | ||
7 | -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ | ||
8 | -v `pwd`:`pwd`:ro \ | ||
9 | vlc "$@" | ||
diff --git a/wekan/Dockerfile b/wekan/Dockerfile deleted file mode 100644 index 4d810d9..0000000 --- a/wekan/Dockerfile +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | FROM quay.io/wekan/wekan:v6.28 | ||
2 | LABEL maintainer="Mike Crute <mike@crute.us>" | ||
3 | |||
4 | USER root | ||
5 | |||
6 | RUN set -eux; \ | ||
7 | \ | ||
8 | mkdir -p /etc/ssl/certs; | ||
9 | |||
10 | ADD /simplevisor /simplevisor | ||
11 | ADD /simplevisor.json /simplevisor.json | ||
12 | ADD /isrgrootx1.pem /etc/ssl/certs/isrgrootx1.pem | ||
13 | ADD /isrg-root-x1-cross-signed.pem /etc/ssl/certs/isrg-root-x1-cross-signed.pem | ||
14 | |||
15 | CMD [ "/simplevisor" ] | ||
diff --git a/wekan/Makefile b/wekan/Makefile deleted file mode 100644 index 0a6d096..0000000 --- a/wekan/Makefile +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | VERSION=6.28 | ||
2 | VERSION_TAG=$(VERSION) | ||
3 | IMAGE=docker.crute.me/wekan:$(VERSION_TAG) | ||
4 | LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest | ||
5 | |||
6 | .PHONY: all | ||
7 | all: | ||
8 | sed -i "s#^FROM .*#FROM quay.io/wekan/wekan:v$(VERSION)#" Dockerfile | ||
9 | curl -O https://letsencrypt.org/certs/isrgrootx1.pem | ||
10 | curl -O https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem | ||
11 | docker pull quay.io/wekan/wekan:v$(VERSION) | ||
12 | docker build -t $(IMAGE) . | ||
13 | |||
14 | .PHONY: all-no-cache | ||
15 | all-no-cache: | ||
16 | docker build --no-cache -t $(IMAGE) . | ||
17 | |||
18 | .PHONY: run | ||
19 | run: | ||
20 | docker run -d \ | ||
21 | -p 9110:9000 \ | ||
22 | -p 9111:9001 \ | ||
23 | -v /srv/code:/srv/code \ | ||
24 | $(IMAGE) | ||
25 | |||
26 | .PHONY: publish | ||
27 | publish: | ||
28 | docker push $(IMAGE) | ||
29 | docker tag $(IMAGE) $(LATEST) | ||
30 | docker push $(LATEST) | ||
31 | |||
32 | |||
33 | .PHONY: clean | ||
34 | clean: | ||
35 | rm -f isrg-root-x1-cross-signed.pem isrgrootx1.pem || true | ||
diff --git a/wekan/simplevisor.json b/wekan/simplevisor.json deleted file mode 100644 index 55dd77a..0000000 --- a/wekan/simplevisor.json +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | { | ||
2 | "env": { | ||
3 | "pass-all": true, | ||
4 | "vault-replace": [ | ||
5 | "MONGO_USER", | ||
6 | "MONGO_PASSWORD" | ||
7 | ], | ||
8 | "vault-template": [ | ||
9 | "MONGO_URL" | ||
10 | ] | ||
11 | }, | ||
12 | "jobs": { | ||
13 | "main": [ | ||
14 | { | ||
15 | "cmd": ["/bin/bash", "-c", "ulimit -s 65500; exec node --stack-size=65500 /build/main.js"], | ||
16 | "run-as": "wekan" | ||
17 | } | ||
18 | ] | ||
19 | } | ||
20 | } | ||
diff --git a/znc/Dockerfile b/znc/Dockerfile deleted file mode 100644 index 9e7f4f7..0000000 --- a/znc/Dockerfile +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | FROM alpine:latest | ||
2 | |||
3 | RUN set -euxo pipefail; \ | ||
4 | apk add --no-cache znc znc-extra su-exec; | ||
5 | |||
6 | COPY push.so /usr/lib/znc/push.so | ||
7 | COPY clientbuffer.so /usr/lib/znc/clientbuffer.so | ||
8 | COPY entrypoint.sh /entrypoint.sh | ||
9 | |||
10 | ENTRYPOINT [ "/entrypoint.sh" ] | ||
11 | CMD [ "znc", "-f" ] | ||
diff --git a/znc/clientbuffer.so b/znc/clientbuffer.so deleted file mode 100755 index 3dcdf32..0000000 --- a/znc/clientbuffer.so +++ /dev/null | |||
Binary files differ | |||
diff --git a/znc/entrypoint.sh b/znc/entrypoint.sh deleted file mode 100755 index 8c3f5a9..0000000 --- a/znc/entrypoint.sh +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | chown -R znc:znc /var/lib/znc/.znc | ||
4 | |||
5 | /sbin/su-exec znc "$@" | ||
diff --git a/znc/push.so b/znc/push.so deleted file mode 100755 index 9443c5f..0000000 --- a/znc/push.so +++ /dev/null | |||
Binary files differ | |||