uleenucks/dockerfiles
1
0
Fork 0
Code Issues Pull Requests Actions Projects Activity

Merge pull request '* MOD: test actions' (#2) from actions_test into main
Some checks failed
Test stage / check and test (push) Has been cancelled
Details
Build and push / build_and_push (push) Failing after 5m44s
Details

Browse Source 
Reviewed-on: #2
This commit was merged in pull request #2.
This commit is contained in:
Uwe Hermann
2024-01-21 09:24:55 +01:00
parent 87e9a5a7eb ba71eb74c9
commit 2b97f16fdd
29 changed files with 192 additions and 553 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.gitea/workflows/build_and_push.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
name: Build and push
on:
push:
branches:
- main
jobs:
buildpush:
name: build_and_push
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to docker
run: mkdir -p $HOME/.docker && cp config.json $HOME/.docker/config.json
- name: Install docker
run: curl -fsSL https://get.docker.com | sh
- name: Install parallel
run: apt install parallel -y
- name: Build docker container
run: ./build-all.sh && exit 0

19
.gitea/workflows/demo.yaml
View File

@@ -1,19 +0,0 @@
name: Gitea Actions Demo
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
- run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ gitea.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."

15
.gitea/workflows/test.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
name: Test stage
on:
- push
jobs:
lint:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install shellcheck
run: apt update && apt install -y shellcheck
- name: test
run: ./shellcheck.sh

26
Makefile Normal file
View File

@@ -0,0 +1,26 @@
.PHONY: build
build: ## Builds all the dockerfiles in the repository.
@$(CURDIR)/build-all.sh
.PHONY: test
test: shellcheck ## Runs the tests on the repository.
# if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach
# so that the user can send e.g. ^C through.
INTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0)
ifeq ($(INTERACTIVE), 1)
DOCKER_FLAGS += -t
endif
.PHONY: shellcheck
shellcheck: ## Runs the shellcheck tests on the scripts.
docker run --rm -i $(DOCKER_FLAGS) \
--name df-shellcheck \
-v $(CURDIR):/usr/src:ro \
--workdir /usr/src \
uleenucks/shellcheck find / -iname '*powershell*'
.PHONY: help
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

132
build-all.sh
View File

@@ -4,94 +4,98 @@ set -o pipefail
SCRIPT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/$(basename "${BASH_SOURCE[0]}")"
REPO_URL="${REPO_URL:-uleenucks}"
JOBS=${JOBS:-2}
JOBS=${JOBS:-4}
DOCKER="$(which docker)"
DOCKERFILESPATH="${HOME}/closed/dockerfiles"
ERRORS="$(pwd)/errors"
dcleanup(){
${DOCKER} rm $(${DOCKER} ps -aq 2>/dev/null) 2>/dev/null
${DOCKER} rm -v $(${DOCKER} ps --filter status=exited -q 2>/dev/null) 2>/dev/null
${DOCKER} rmi $(${DOCKER} images --filter dangling=true -q 2>/dev/null) 2>/dev/null
"${DOCKER}" rm "$(${DOCKER} ps -aq 2>/dev/null)" 2>/dev/null
"${DOCKER}" rm -v "$(${DOCKER} ps --filter status=exited -q 2>/dev/null)" 2>/dev/null
"${DOCKER}" rmi "$(${DOCKER} images --filter dangling=true -q 2>/dev/null)" 2>/dev/null
}
build_and_push_kaniko(){
base=$1
suite=$2
build_dir=$3
build_and_push(){
base=$1
suite=$2
build_dir=$3
echo "Building ${REPO_URL}/${base}:${suite} for context ${build_dir}"
docker run \
-v "${HOME}/config.json:/kaniko/.docker/config.json:ro" \
-v "$(pwd)/${build_dir}:/workspace" \
gcr.io/kaniko-project/executor:debug \
--destination "${REPO_URL}/${base}:${suite}" --force \
|| return 1
echo "Building ${REPO_URL}/${base}:${suite} for context ${build_dir}"
docker build --rm --force-rm -t "${REPO_URL}/${base}:${suite}" "${build_dir}" || return 1
# on successful build, push the image
echo " --- "
echo "Successfully built and pushed ${base}:${suite} with context ${build_dir}"
echo " --- "
# on successful build, push the image
echo " --- "
echo "Successfully built ${base}:${suite} with context ${build_dir}"
echo " --- "
# try push a few times because notary server sometimes returns 401 for
# absolutely no reason
n=0
until [ $n -ge 5 ]; do
docker push --disable-content-trust=false "${REPO_URL}/${base}:${suite}" && break
echo "Try #$n failed... sleeping for 15 seconds"
n=$((n+1))
sleep 15
done
# also push the tag latest for "stable" (chrome), "tools" (wireguard) or "3.5" tags for zookeeper
if [[ "$suite" == "stable" ]] || [[ "$suite" == "3.6" ]] || [[ "$suite" == "tools" ]]; then
docker tag "${REPO_URL}/${base}:${suite}" "${REPO_URL}/${base}:latest"
docker push --disable-content-trust=false "${REPO_URL}/${base}:latest"
fi
}
dofile() {
f=$1
image=${f%Dockerfile}
base=${image%%\/*}
build_dir=$(dirname "$f")
suite=${build_dir##*\/}
f=$1
image=${f%Dockerfile}
base=${image%%\/*}
build_dir=$(dirname "$f")
suite=${build_dir##*\/}
if [[ -z "$suite" ]] || [[ "$suite" == "$base" ]]; then
suite=latest
fi
if [[ -z "$suite" ]] || [[ "$suite" == "$base" ]]; then
suite=latest
fi
{
$SCRIPT build_and_push_kaniko "${base}" "${suite}" "${build_dir}"
} || {
# add to errors
echo "${base}:${suite}" >> "$ERRORS"
}
echo
echo
{
$SCRIPT build_and_push "${base}" "${suite}" "${build_dir}"
} || {
# add to errors
echo "${base}:${suite}" >> "$ERRORS"
}
prescript(){
cd "${DOCKERFILESPATH}"
rm -f errors
git pull
echo
echo
}
main(){
# get the dockerfiles
IFS=$'\n'
files=( $(find . -iname '*Dockerfile' | sed 's|./||' | sort) )
unset IFS
# get the dockerfiles
IFS=$'\n'
mapfile -t files < <(find -L . -iname '*Dockerfile' | sed 's|./||' | sort)
unset IFS
# build all dockerfiles
echo "Running in parallel with ${JOBS} jobs."
parallel --tag --verbose --ungroup -j"${JOBS}" "$SCRIPT" dofile "{1}" ::: "${files[@]}"
# build all dockerfiles
echo "Running in parallel with ${JOBS} jobs."
parallel --tag --verbose --ungroup -j"${JOBS}" "$SCRIPT" dofile "{1}" ::: "${files[@]}"
if [[ ! -f $ERRORS ]]; then
echo "No errors, hooray!"
else
echo "[ERROR] Some images did not build correctly, see below." >&2
echo "These images failed: $(cat "$ERRORS")" >&2
exit 1
fi
if [[ ! -f "$ERRORS" ]]; then
echo "No errors, hooray!"
else
echo "[ERROR] Some images did not build correctly, see below." >&2
echo "These images failed: $(cat "$ERRORS")" >&2
exit 1
fi
}
run(){
args=$@
f=$1
args=$*
f=$1
if [[ "$f" == "" ]]; then
main "$args"
else
$args
fi
if [[ "$f" == "" ]]; then
main "$args"
else
$args
fi
}
prescript
run $@
run "$@"
#prescript
dcleanup

7
config.json Normal file
View File

@@ -0,0 +1,7 @@
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "dWxlZW51Y2tzOjE2MjY5MGMzLTk3NzUtNDJkZC05MjQ0LWMxOWI3YmM1N2Q5ZA=="
}
}
}

51
gitserver/README.md
View File

@@ -1,51 +0,0 @@
# Docker-Gitserver
[Docker-Gitserver](https://hub.docker.com/r/uleenucks/gitserver) is a containerized [GIT](https://git-scm.com/) server.
## Requirements
- [Docker](https://www.docker.com/)
- [docker-compose](https://www.docker.com/products/docker-compose)
## Usage
### Starting server
For the initial start, just run the following:
`docker-compose up -d`
Remember the container id (refered to as `$container`),
it's printed as `Creating $container`.
### Starting without docker-compose
If you can't or don't want to use docker-compose, run
```
docker run -d --name git \
-p 22124:22 \
-v "${GIT_DATA}:/home/git/repositories" \
-e "PUBKEY=$(cat ~/.ssh/id_ed25519.pub)" \
uleenucks/gitserver:latest
```
### Stopping server
`docker-compose stop`
### Creating a repo on server
To create a new repo named `$open`, use the following:
#### Open a shell on the server
`docker exec -it $container sh`
The container name `$container` is printed on startup.
#### Create new repository on server
```
create_repo /home/git/repositories/open.git
```
This will create ``open.git`` as a new repository on your server
#### Connecting to your git repository
From any client do the following:
```
git remote add origin ssh://git@<fqdn>:22124/home/git/repositories/open.git
```

17
gitserver/docker-compose.yml
View File

@@ -1,17 +0,0 @@
# docker-compose.yml
version: '2'
services:
git:
container_name: git
restart: on-failure:5
image: uleenucks/gitserver
volumes:
- "gitdata:/home/git/repositories"
ports:
- "22124:22"
environment:
- "PUBKEY=$$(cat ~/.ssh/id_ed25519.pub)"
volumes:
gitdata:
driver: local

40
gitserver/gitserver/Dockerfile
View File

@@ -1,40 +0,0 @@
FROM alpine:3.18
LABEL maintainer.name="Uwe Hermann"\
maintainer.email="uh@uleenucks.de"
ENV HOME /root
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories \
&& echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories \
&& apk -U upgrade --no-cache --no-progress \
&& apk --no-cache --no-progress add \
bash \
git \
openssh \
&& sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config \
&& sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config \
&& echo -e "AllowUsers git\n" >> /etc/ssh/sshd_config \
&& echo -e "Port 22\n" >> /etc/ssh/sshd_config \
&& addgroup git \
&& adduser -D -S -s /usr/bin/git-shell -h /home/git -g git git \
&& mkdir -p /home/git/.ssh \
&& chown -R git:git /home/git \
&& passwd -u git \
&& git config --global init.defaultBranch main \
&& mkdir /home/git/repositories \
&& rm -rf /tmp/* /var/cache/apk/*
VOLUME /home/git/repositories
ENV HOME /home/git
EXPOSE 22
WORKDIR $HOME
ADD app /app
COPY ./start.sh /
COPY create_repo /usr/bin/create_repo
HEALTHCHECK CMD [ "/app/healthcheck.sh" ]
ENTRYPOINT [ "/start.sh" ]
CMD [ "/usr/sbin/sshd", "-D", "-e", "-f", "/etc/ssh/sshd_config" ]

7
gitserver/gitserver/app/healthcheck.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
if [ ! -f "/app/health" ]; then
printf 0 > "/app/health"
fi
exit "$(cat /app/health)"

14
gitserver/gitserver/create_repo
View File

@@ -1,14 +0,0 @@
#!/bin/bash
set -e
set -o pipefail
repo=$1
if [[ "$repo" != *.git ]]; then
repo="${repo}.git"
fi
echo "Creating $repo"
(
cd "$HOME"
git init --bare "$repo"
chown -R git:git "$repo"
)

73
gitserver/gitserver/start.sh
View File

@@ -1,73 +0,0 @@
#!/bin/sh
set -e
set -o pipefail
[ "$DEBUG" == 'true' ] && set -x
DAEMON=sshd
HOSTKEY=/etc/ssh/ssh_host_ed25519_key
# create the host key if not already created
if [ ! -f "${HOSTKEY}" ]; then
ssh-keygen -A
fi
mkdir -p ${HOME}/.ssh
source /etc/profile
[ "$PUBKEY" ] && echo "$PUBKEY" > ${HOME}/.ssh/authorized_keys
[ "$PUBKEY2" ] && echo "$PUBKEY2" >> ${HOME}/.ssh/authorized_keys
[ "$PUBKEY3" ] && echo "$PUBKEY3" >> ${HOME}/.ssh/authorized_keys
[ "$PUBKEY4" ] && echo "$PUBKEY4" >> ${HOME}/.ssh/authorized_keys
[ "$PUBKEY5" ] && echo "$PUBKEY5" >> ${HOME}/.ssh/authorized_keys
[ "$PUBKEY6" ] && echo "$PUBKEY6" >> ${HOME}/.ssh/authorized_keys
[ "$PUBKEY7" ] && echo "$PUBKEY7" >> ${HOME}/.ssh/authorized_keys
chown -R git:git ${HOME}
chmod -R 755 ${HOME}
# Fix permissions, if writable
if [ -w ${HOME}/.ssh ]; then
chown git:git ${HOME}/.ssh && chmod 700 ${HOME}/.ssh/
fi
if [ -w ${HOME}/.ssh/authorized_keys ]; then
chown git:git ${HOME}/.ssh/authorized_keys
chmod 600 ${HOME}/.ssh/authorized_keys
fi
# Warn if no config
if [ ! -e ${HOME}/.ssh/authorized_keys ]; then
echo "WARNING: No SSH authorized_keys found for git"
fi
# set the default shell
mkdir -p $HOME/git-shell-commands
cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s\n' "provide interactive shell access."
exit 128
EOF
chmod +x $HOME/git-shell-commands/no-interactive-login
stop() {
echo "Received SIGINT or SIGTERM. Shutting down $DAEMON"
# Get PID
pid=$(cat /var/run/$DAEMON/$DAEMON.pid)
# Set TERM
kill -SIGTERM "${pid}"
# Wait for exit
wait "${pid}"
# All done.
echo "Done."
}
echo "Running $@"
if [ "$(basename $1)" == "$DAEMON" ]; then
trap stop SIGINT SIGTERM
$@ &
pid="$!"
mkdir -p /var/run/$DAEMON && echo "${pid}" > /var/run/$DAEMON/$DAEMON.pid
wait "${pid}" && exit $?
else
exec "$@"
fi

90
libre-nginx/Dockerfile
View File

@@ -1,90 +0,0 @@
FROM alpine:3.18
LABEL maintainer.name="Uwe Hermann"\
maintainer.email="uh@uleenucks.de"
#COPY rootfs /
ENV NGINX_VERSION=1.21.4
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories \
&& echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories \
&& set -ex \
&& apk -U upgrade --no-cache --no-progress \
&& apk add --no-cache --no-progress \
ca-certificates \
libressl \
pcre \
zlib \
su-exec \
&& apk add --no-progress --no-cache --virtual .build-deps \
build-base \
linux-headers \
libressl-dev \
pcre-dev \
wget \
zlib-dev \
&& cd /tmp \
&& wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
&& tar xzf nginx-${NGINX_VERSION}.tar.gz \
&& cd /tmp/nginx-${NGINX_VERSION} \
&& wget -q https://github.com/nginx-modules/ngx_http_tls_dyn_size/raw/master/nginx__dynamic_tls_records_1.15.5%2B.patch -O dynamic_records.patch \
&& patch -p1 < dynamic_records.patch \
&& ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/tmp/nginx.pid \
--lock-path=/tmp/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-file-aio \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-pcre-jit \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_auth_request_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-stream_realip_module \
--without-http_ssi_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_geo_module \
--without-http_autoindex_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_empty_gif_module \
--without-http_browser_module \
&& make -j$(getconf _NPROCESSORS_ONLN) \
&& make install \
&& mkdir -p /var/cache/nginx \
&& strip -s /usr/sbin/nginx \
&& apk del .build-deps \
&& rm -rf /tmp/* /var/cache/apk/*
EXPOSE 8000 4430
COPY rootfs /
RUN chmod +x /usr/local/bin/run.sh
VOLUME /sites-enabled /conf.d /www /passwds /certs /var/log/nginx
CMD [ "run.sh" ]

46
libre-nginx/README.md
View File

@@ -1,46 +0,0 @@
## uleenucks/libre-nginx
![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
#### What is this?
This is nginx statically linked against LibreSSL
#### Features
- Based on Alpine Linux.
- nginx built against **LibreSSL**
- **TLS 1.3** patch : use of TLS 1.3 DRAFT is enforced (haven't found another way yet).
- Built using hardening gcc flags.
- Dynamic TLS records patch (cloudflare).
- TTP/2 (+NPN) support.
- Brotli compression support (and configured).
- AIO Threads support.
- No unnessary modules (except fastcgi).
- PCRE-jit enabled.
- Strong configurations included.
- Anonymous webserver signature (headers-more).
#### Notes
- It is required to change the `listen` directive to 8000/4430 instead of 80/443.
- Linux 3.17+, and the latest Docker stable are recommended.
#### Volumes
- **/sites-enabled** : vhosts files (*.conf)
- **/conf.d** : additional configuration files
- **/certs** : SSL/TLS certificates
- **/var/log/nginx** : nginx logs
- **/passwds** : authentication files
- **/www** : put your websites there
#### Build-time variables
- **NGINX_VERSION** : version of nginx
- **GPG_NGINX** : fingerprint of signing key package
- **BUILD_CORES** : number of cores used during compilation
#### How to use it?
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.
- `ssl_params` : Provides a nice balance between compatibility and security.
- `headers_params` : HSTS (+ preload), XSS protection, etc.
- `proxy_params` : use with `proxy_pass`.

6
libre-nginx/rootfs/etc/nginx/conf/headers_params
View File

@@ -1,6 +0,0 @@
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src 'none'; img-src 'self'; style-src 'self'; font-src 'self'; frame-src 'none'; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; form-action 'none'";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header 'Referrer-Policy' 'strict-origin';

6
libre-nginx/rootfs/etc/nginx/conf/proxy_params
View File

@@ -1,6 +0,0 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;

7
libre-nginx/rootfs/etc/nginx/conf/ssl_params
View File

@@ -1,7 +0,0 @@
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;

67
libre-nginx/rootfs/etc/nginx/nginx.conf
View File

@@ -1,67 +0,0 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
pcre_jit on;
events {
worker_connections 2048;
use epoll;
}
http {
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 128;
limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
limit_req zone=allips burst=150 nodelay;
ssl_dyn_rec_enable on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log crit;
fastcgi_temp_path /tmp/fastcgi 1 2;
proxy_temp_path /tmp/proxy 1 2;
client_body_temp_path /tmp/client_body 1 2;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
aio threads;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
include /sites-enabled/*.conf;
}

3
libre-nginx/rootfs/usr/local/bin/run.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
chmod -R 700 /certs
exec nginx

4
postgres-backup/app/backup.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck source=/dev/null
. /app/includes.sh
function clear_dir() {
@@ -19,8 +20,7 @@ function backup_init() {
function backup_db_postgresql() {
echo "backup postgresql database"
pg_dump -Fc -h "${POSTGRES_HOST}" -p "${POSTGRES_PORT}" -d "${POSTGRES_DB}" -U "${POSTGRES_USER}" -f "${BACKUP_FILE_DB_POSTGRESQL}"
if [[ $? != 0 ]]; then
if ! pg_dump -Fc -h "${POSTGRES_HOST}" -p "${POSTGRES_PORT}" -d "${POSTGRES_DB}" -U "${POSTGRES_USER}" -f "${BACKUP_FILE_DB_POSTGRESQL}"; then
echo "backup postgresql database failed"
exit 1

4
postgres-backup/app/entrypoint.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck source=/dev/null
. /app/includes.sh
# restore
@@ -14,7 +15,8 @@ if [[ "$1" == "restore" ]]; then
fi
function configure_cron() {
local FIND_CRON_COUNT="$(grep -c 'backup.sh' "${CRON_CONFIG_FILE}" 2> /dev/null)"
local FIND_CRON_COUNT
FIND_CRON_COUNT="$(grep -c 'backup.sh' "${CRON_CONFIG_FILE}" 2> /dev/null)"
if [[ "${FIND_CRON_COUNT}" -eq 0 ]]; then
echo "${CRON} bash /app/backup.sh" >> "${CRON_CONFIG_FILE}"
fi

10
postgres-backup/app/includes.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck disable=SC2034
ENV_FILE="/.env"
CRON_CONFIG_FILE="${HOME}/crontabs"
BACKUP_DIR="/backups/tmp"
@@ -35,6 +36,7 @@ function check_dir_exist() {
# Arguments:
# None
########################################
# shellcheck disable=SC2153
function configure_postgresql() {
echo "${POSTGRES_HOST}:${POSTGRES_PORT}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > ~/.pgpass
chmod 0600 ~/.pgpass
@@ -49,11 +51,13 @@ function configure_postgresql() {
# Reference:
# https://gist.github.com/judy2k/7656bfe3b322d669ef75364a46327836#gistcomment-3632918
########################################
# shellcheck source=/dev/null
# shellcheck disable=SC2012
function export_env_file() {
if [[ -f "${ENV_FILE}" ]]; then
echo "find \"${ENV_FILE}\" file and export variables"
set -a
source <(cat "${ENV_FILE}" | sed -e '/^#/d;/^\s*$/d' -e 's/\(\w*\)[ \t]*=[ \t]*\(.*\)/DOTENV_\1=\2/')
source <(sed -e '/^#/d;/^\s*$/d' -e 's/\(\w*\)[ \t]*=[ \t]*\(.*\)/DOTENV_\1=\2/' "${ENV_FILE}")
set +a
fi
}
@@ -123,7 +127,8 @@ function init_env() {
# TIMEZONE
get_env TIMEZONE
local TIMEZONE_MATCHED_COUNT=$(ls "/usr/share/zoneinfo/${TIMEZONE}" 2> /dev/null | wc -l)
local TIMEZONE_MATCHED_COUNT
TIMEZONE_MATCHED_COUNT=$(find "/usr/share/zoneinfo" -type f -iname "${TIMEZONE}" 2> /dev/null | wc -l)
if [[ "${TIMEZONE_MATCHED_COUNT}" -ne 1 ]]; then
TIMEZONE="UTC"
fi
@@ -143,6 +148,7 @@ function init_env() {
echo "========================================"
}
# shellcheck disable=SC2034
function init_env_db() {
DB_TYPE="POSTGRESQL"

5
powershell-azure/Dockerfile
View File

@@ -1,5 +0,0 @@
FROM uleenucks/powershell
RUN pwsh -c "Install-Module -Name AzureRM.NetCore"
# Import-Module -Name AzureRM
ENTRYPOINT [ "pwsh" ]

24
powershell/Dockerfile
View File

@@ -1,24 +0,0 @@
FROM debian:bullseye-slim
LABEL maintainer.name="Uwe Hermann"\
maintainer.email="uh@uleenucks.de"
RUN apt-get update && apt-get install -y -q --no-install-recommends \
curl \
ca-certificates \
apt-transport-https \
gnupg2
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-bullseye-prod bullseye main" > /etc/apt/sources.list.d/microsoft.list
RUN apt-get update && apt-get install -y -q --no-install-recommends \
powershell \
&& apt-get purge -y -q \
ca-certificates \
curl \
apt-transport-https \
gnupg2 \
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
ENTRYPOINT [ "/usr/bin/pwsh" ]

24
shellcheck.sh Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
set -e
set -o pipefail
ERRORS=()
# find all executables and run `shellcheck`
for f in $(find . -type f -not -iwholename '*.git*' -not -name "Dockerfile" | sort -u); do
if file "$f" | grep --quiet shell; then
{
shellcheck "$f" && echo "[OK]: sucessfully linted $f"
} || {
# add to errors
ERRORS+=("$f")
}
fi
done
if [ ${#ERRORS[@]} -eq 0 ]; then
echo "No errors, hooray"
else
echo "These files failed shellcheck: ${ERRORS[*]}"
exit 1
fi

5
test.sh
View File

@@ -5,8 +5,8 @@ set -o pipefail
# this is kind of an expensive check, so let's not do this twice if we
# are running more than one validate bundlescript
VALIDATE_REPO='https://github.com/uleenucks/dockerfiles.git'
VALIDATE_BRANCH='master'
VALIDATE_REPO='https://gitea.uleenucks.de/uleenucks/dockerfiles.git'
VALIDATE_BRANCH='main'
VALIDATE_HEAD="$(git rev-parse --verify HEAD)"
@@ -25,6 +25,7 @@ validate_diff() {
# get the dockerfiles changed
IFS=$'\n'
# shellcheck disable=SC2207
files=( $(validate_diff --name-only -- '*Dockerfile') )
unset IFS

10
vaultwarden-backup/app/backup.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck source=/dev/null
. /app/includes.sh
function clear_dir() {
@@ -25,8 +26,7 @@ function backup_init() {
function backup_db_postgresql() {
echo "backup vaultwarden postgresql database"
pg_dump -Fc -h "${POSTGRES_HOST}" -p "${POSTGRES_PORT}" -d "${POSTGRES_DB}" -U "${POSTGRES_USER}" -f "${BACKUP_FILE_DB_POSTGRESQL}"
if [[ $? != 0 ]]; then
if ! pg_dump -Fc -h "${POSTGRES_HOST}" -p "${POSTGRES_PORT}" -d "${POSTGRES_DB}" -U "${POSTGRES_USER}" -f "${BACKUP_FILE_DB_POSTGRESQL}" ; then
echo "backup vaultwarden postgresql database failed"
exit 1
@@ -46,8 +46,10 @@ function backup_config() {
function backup_rsakey() {
echo "backup vaultwarden rsakey"
local FIND_RSAKEY=$(find "${DATA_RSAKEY_DIRNAME}" -name "${DATA_RSAKEY_BASENAME}*" | xargs -I {} basename {})
local FIND_RSAKEY_COUNT=$(echo "${FIND_RSAKEY}" | wc -l)
local FIND_RSAKEY
FIND_RSAKEY=$(find "${DATA_RSAKEY_DIRNAME}" -name "${DATA_RSAKEY_BASENAME}*" -exec basename {} +)
local FIND_RSAKEY_COUNT
FIND_RSAKEY_COUNT=$(echo "${FIND_RSAKEY}" | wc -l)
if [[ "${FIND_RSAKEY_COUNT}" -gt 0 ]]; then
echo "${FIND_RSAKEY}" | tar -c -C "${DATA_RSAKEY_DIRNAME}" -f "${BACKUP_FILE_RSAKEY}" -T -

4
vaultwarden-backup/app/entrypoint.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck source=/dev/null
. /app/includes.sh
# restore
@@ -14,7 +15,8 @@ if [[ "$1" == "restore" ]]; then
fi
function configure_cron() {
local FIND_CRON_COUNT="$(grep -c 'backup.sh' "${CRON_CONFIG_FILE}" 2> /dev/null)"
local FIND_CRON_COUNT
FIND_CRON_COUNT="$(grep -c 'backup.sh' "${CRON_CONFIG_FILE}" 2> /dev/null)"
if [[ "${FIND_CRON_COUNT}" -eq 0 ]]; then
echo "${CRON} bash /app/backup.sh" >> "${CRON_CONFIG_FILE}"
fi

8
vaultwarden-backup/app/includes.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
# shellcheck disable=SC2034
ENV_FILE="/.env"
CRON_CONFIG_FILE="${HOME}/crontabs"
BACKUP_DIR="/backups/tmp"
@@ -35,6 +36,7 @@ function check_dir_exist() {
# Arguments:
# None
########################################
# shellcheck disable=SC2153
function configure_postgresql() {
echo "${POSTGRES_HOST}:${POSTGRES_PORT}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > ~/.pgpass
chmod 0600 ~/.pgpass
@@ -49,11 +51,12 @@ function configure_postgresql() {
# Reference:
# https://gist.github.com/judy2k/7656bfe3b322d669ef75364a46327836#gistcomment-3632918
########################################
# shellcheck source=/dev/null
function export_env_file() {
if [[ -f "${ENV_FILE}" ]]; then
echo "find \"${ENV_FILE}\" file and export variables"
set -a
source <(cat "${ENV_FILE}" | sed -e '/^#/d;/^\s*$/d' -e 's/\(\w*\)[ \t]*=[ \t]*\(.*\)/DOTENV_\1=\2/')
source <(sed -e '/^#/d;/^\s*$/d' -e 's/\(\w*\)[ \t]*=[ \t]*\(.*\)/DOTENV_\1=\2/' "${ENV_FILE}")
set +a
fi
}
@@ -124,7 +127,8 @@ function init_env() {
# TIMEZONE
get_env TIMEZONE
local TIMEZONE_MATCHED_COUNT=$(ls "/usr/share/zoneinfo/${TIMEZONE}" 2> /dev/null | wc -l)
local TIMEZONE_MATCHED_COUNT
TIMEZONE_MATCHED_COUNT=$(find "/usr/share/zoneinfo" -type f -iname "${TIMEZONE}" 2> /dev/null | wc -l)
if [[ "${TIMEZONE_MATCHED_COUNT}" -ne 1 ]]; then
TIMEZONE="UTC"
fi