rilla
/
dockerfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

removed unused images

main
Ricard Illa 2022-08-16 11:44:14 +02:00
parent 4ff60951df
commit 23020b8398
No known key found for this signature in database
GPG Key ID: F69A672B72E54902
58 changed files with 0 additions and 1873 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ansible/Dockerfile
View File

@ -1,24 +0,0 @@
FROM alpine:3.12
RUN apk add --no-cache openssh python3 py3-pip && \
apk add --no-cache --virtual .build-deps \
gcc \
libffi-dev \
musl-dev \
openssl-dev \
python3-dev && \
pip install \
ansible==2.9 \
cryptography \
mitogen && \
apk del .build-deps
RUN apk add --no-cache openssl
COPY get_password.sh /usr/local/bin/get_password
RUN chmod +x /usr/local/bin/get_password
COPY ansible.cfg /etc/ansible/ansible.cfg
RUN mkdir -p /srv
WORKDIR /srv

10
ansible/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = ansible
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

528
ansible/ansible.cfg
View File

@ -1,528 +0,0 @@
# Example config file for ansible -- https://ansible.com/
# =======================================================
# Nearly all parameters can be overridden in ansible-playbook
# or with command line flags. Ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory, or /etc/ansible/ansible.cfg, whichever it
# finds first
# For a full list of available options, run ansible-config list or see the
# documentation: https://docs.ansible.com/ansible/latest/reference_appendices/config.html.
[defaults]
inventory = /etc/ansible/hosts.yml
interpreter_python = auto_silent
#library = ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
#module_utils = ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#forks = 5
#poll_interval = 0.001
#ask_pass = False
#transport = smart
strategy_plugins = /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linear
# Plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
#
#gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
#
#inject_facts_as_vars = True
# Paths to search for collections, colon separated
# collections_paths = ~/.ansible/collections:/usr/share/ansible/collections
# Paths to search for roles, colon separated
#roles_path = ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
# Host key checking is enabled by default
#host_key_checking = True
# You can only have one 'stdout' callback type enabled at a time. The default
# is 'default'. The 'yaml' or 'debug' stdout callback plugins are easier to read.
#
#stdout_callback = default
#stdout_callback = yaml
#stdout_callback = debug
# Ansible ships with some plugins that require whitelisting,
# this is done to avoid running all of a type by default.
# These setting lists those that you want enabled for your system.
# Custom plugins should not need this unless plugin author disables them
# by default.
#
# Enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# Default timeout for connection plugins
#timeout = 10
# Default user to use for playbooks if user is not specified
# Uses the connection plugin's default, normally the user currently executing Ansible,
# unless a different user is specified here.
#
#remote_user = root
# Logging is off by default unless this path is defined.
#log_path = /var/log/ansible.log
# Default module to use when running ad-hoc commands
#module_name = command
# Use this shell for commands executed under sudo.
# you may need to change this to /bin/bash in rare instances
# if sudo is constrained.
#
#executable = /bin/sh
# By default, variables from roles will be visible in the global variable
# scope. To prevent this, set the following option to True, and only
# tasks and handlers within the role will see the variables there
#
#private_role_vars = False
# List any Jinja2 extensions to enable here.
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# If set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line. This can also be
# an executable script that returns the vault password to stdout.
#
vault_password_file = /usr/local/bin/get_password
# Format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#
#ansible_managed = Ansible managed
# By default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#
#display_skipped_hosts = True
# By default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#
#display_args_to_stdout = False
# Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to change this behavior.
#
#error_on_undefined_vars = False
# Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# To disable these warnings, set the following value to False:
#
#system_warnings = True
# Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# To disable these warnings, set the following value to False:
#
#deprecation_warnings = True
# Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
#
#command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#become_plugins = /usr/share/ansible/plugins/become
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# Ansible will use the 'linear' strategy but you may want to try another one.
#strategy = linear
# By default, callbacks are not loaded for /bin/ansible. Enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#
#bin_ansible_callbacks = False
# Don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# Set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#
#cow_selection = default
#cow_selection = random
# When using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# Don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#
#nocolor = 1
# If set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#
#fact_caching = memory
# This option tells Ansible where to cache facts. The value is plugin dependent.
# For the jsonfile plugin, it should be a path to a local directory.
# For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#
#fact_caching_connection=/tmp
# retry files
# When a playbook fails a .retry file can be created that will be placed in ~/
# You can enable this feature by setting retry_files_enabled to True
# and you can change the location of the files by setting retry_files_save_path
#
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# Controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#
#allow_world_readable_tmpfiles = False
# Controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory variable.
#
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#
#max_diff_size = 104448
# Controls showing custom stats at the end, off by default
#show_custom_stats = False
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# List of enabled inventory plugins and the order in which they are used.
#enable_plugins = host_list, script, auto, yaml, ini, toml
# Ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'True' unparsed inventory sources become fatal errors, otherwise they are warnings.
#unparsed_is_failed = False
[privilege_escalation]
#become = False
#become_method = sudo
#become_ask_pass = False
## Connection Plugins ##
# Settings for each connection plugin go under a section titled '[[plugin_name]_connection]'
# To view available connection plugins, run ansible-doc -t connection -l
# To view available options for a connection plugin, run ansible-doc -t connection [plugin_name]
# https://docs.ansible.com/ansible/latest/plugins/connection.html
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty = False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%C
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
pipelining = True
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# If False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second.
#command_timeout = 30
## Become Plugins ##
# Settings for become plugins go under a section named '[[plugin_name]_become_plugin]'
# To view available become plugins, run ansible-doc -t become -l
# To view available options for a specific plugin, run ansible-doc -t become [plugin_name]
# https://docs.ansible.com/ansible/latest/plugins/become.html
[sudo_become_plugin]
#flags = -H -S -n
#user = root
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=fuse,nfs,vboxsf,ramfs,9p,vfat
# Set this to True to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = False
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
#always = False
# Set how many context lines to show in diff
#context = 3
[galaxy]
# Controls whether the display wheel is shown or not
#display_progress=
# Validate TLS certificates for Galaxy server
#ignore_certs = False
# Role or collection skeleton directory to use as a template for
# the init action in ansible-galaxy command
#role_skeleton=
# Patterns of files to ignore inside a Galaxy role or collection
# skeleton directory
#role_skeleton_ignore="^.git$", "^.*/.git_keep$"
# Galaxy Server URL
#server=https://galaxy.ansible.com
# A list of Galaxy servers to use when installing a collection.
#server_list=automation_hub, release_galaxy
# Server specific details which are mentioned in server_list
#[galaxy_server.automation_hub]
#url=https://cloud.redhat.com/api/automation-hub/
#auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
#token=my_ah_token
#
#[galaxy_server.release_galaxy]
#url=https://galaxy.ansible.com/
#token=my_token

3
ansible/get_password.sh
View File

@ -1,3 +0,0 @@
#!/bin/sh
[ -n "$VAULT_PASSWORD" ] && echo "$VAULT_PASSWORD"

56
archivebox/Dockerfile
View File

@ -1,56 +0,0 @@
FROM alpine:3.13
COPY entrypoint.sh /usr/local/bin/entrypoint
RUN apk add --no-cache --virtual .build-deps \
gcc \
python3-dev \
npm \
musl-dev && \
apk add --no-cache \
py3-pip \
python3 \
curl \
nodejs \
git \
chromium \
youtube-dl \
ripgrep \
wget && \
pip3 install --upgrade pip setuptools && \
pip3 install --upgrade archivebox && \
npm install -g 'git+https://github.com/ArchiveBox/ArchiveBox.git' && \
apk del .build-deps && \
addgroup --gid 10001 archivebox && \
adduser \
--uid 10000 \
--home /var/lib/archivebox \
--ingroup archivebox \
--disabled-password \
--shell /sbin/nologin \
archivebox && \
mkdir -p /data && \
mkdir -p /var/lib/archivebox/chromium_data/Default && \
touch /var/lib/archivebox/cookies.txt && \
chown -R archivebox /data /var/lib/archivebox && \
chmod +x /usr/local/bin/entrypoint
ENV IN_DOCKER=True \
CHROME_SANDBOX=False \
CHROME_BINARY="/usr/bin/chromium-browser" \
CHROME_USER_DATA_DIR="/var/lib/archivebox/chromium_data" \
COOKIES_FILE="/var/lib/archivebox/cookies.txt" \
USE_SINGLEFILE=True \
SINGLEFILE_BINARY="/usr/bin/single-file" \
USE_READABILITY=True \
READABILITY_BINARY="/usr/bin/readability-extractor" \
USE_MERCURY=True \
MERCURY_BINARY="/usr/bin/mercury-parser"
VOLUME /data
EXPOSE 8000
WORKDIR /data
USER archivebox
ENTRYPOINT ["/usr/local/bin/entrypoint"]
CMD ["server", "0.0.0.0:8000"]

10
archivebox/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = archivebox
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

5
archivebox/entrypoint.sh
View File

@ -1,5 +0,0 @@
#!/bin/sh
archivebox init
exec archivebox "$@"

6
backup/Dockerfile
View File

@ -1,6 +0,0 @@
FROM alpine:3.11
RUN apk --no-cache add squashfs-tools
COPY make_backup.sh /bin/make_backup
RUN chmod +x /bin/make_backup
CMD "/bin/make_backup"

15
backup/Makefile
View File

@ -1,15 +0,0 @@
IMG_NAME = backup
REGISTRY=registry.monotremata.xyz:443
IMG=$(REGISTRY)/$(IMG_NAME)
.PHONY: build build-nc tag push
build: Dockerfile make_backup.sh
docker build -t $(IMG) .
push: build
docker image push $(IMG)
build-nc: Dockerfile docker-entrypoint.sh sshd_config
docker build --no-cache -t $(IMG)

32
backup/make_backup.sh
View File

@ -1,32 +0,0 @@
#!/bin/sh
if [ -n "$EXCLUDE" ]; then
dirs=$( \
echo "${EXCLUDE}" | \
tr " " "\n" | \
awk -F' ' '{print "/src/"$0}' | \
tr "\n" " " \
)
exclude_opt="-e ${dirs}"
else
exclude_opt=""
fi
echo running:
echo mksquashfs \
/src \
"/dest/$(date +%F).sfs" \
-comp gzip \
-xattrs \
-progress \
-mem 512M \
${exclude_opt}
mksquashfs \
/src \
"/dest/$(date +%F).sfs" \
-comp gzip \
-xattrs \
-progress \
-mem 512M \
${exclude_opt}

34
buku/Dockerfile
View File

@ -1,34 +0,0 @@
# buku
FROM python:3.8-alpine3.11
ENV BUKUSERVER_PORT=5001
RUN apk add --no-cache --virtual .build-deps \
gcc \
openssl-dev \
musl-dev \
libffi-dev \
git && \
mkdir -p /usr/local/src && \
git clone https://github.com/jarun/buku /usr/local/src/buku && \
pip install -U --no-cache-dir \
pip \
gunicorn \
"/usr/local/src/buku[server]" && \
apk del .build-deps && \
rm -r /usr/local/src
RUN adduser -u 1006 -h /var/lib/buku -D buku && \
adduser -u 1001 -D syncthing && addgroup syncthing buku && \
mkdir -p /var/lib/buku/.local/share/buku && \
chown -R buku:buku /var/lib/buku && \
chown -R syncthing:buku /var/lib/buku/.local/share/buku && \
chmod '2775' /var/lib/buku/.local/share/buku && \
touch /var/lib/buku/.local/share/buku/bookmarks.db && chmod '664' /var/lib/buku/.local/share/buku/bookmarks.db
VOLUME /var/lib/buku/.local/share/buku
EXPOSE ${BUKUSERVER_PORT}
USER buku
ENTRYPOINT gunicorn --bind "0.0.0.0:${BUKUSERVER_PORT}" "bukuserver.server:create_app()"

10
buku/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = buku
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

19
ddclient/Dockerfile
View File

@ -1,19 +0,0 @@
FROM alpine:3.12
ENV VERSION 3.9.1
ENV DL_URL https://github.com/ddclient/ddclient/archive/v${VERSION}.tar.gz
#ENV PERL_MM_USE_DEFAULT 1
RUN apk add --no-cache \
curl make wget \
perl perl-utils perl-test-taint perl-netaddr-ip perl-net-ip \
perl-yaml perl-log-log4perl perl-io-socket-ssl && \
curl -L http://cpanmin.us | perl - Data::Validate::IP && \
tmp=$(mktemp -d) && \
curl -L "${DL_URL}" --output "${tmp}/ddclient.tar.gz" && \
tar -xzf "${tmp}/ddclient.tar.gz" -C "${tmp}" && \
cp "${tmp}/ddclient-${VERSION}/ddclient" /usr/bin/ddclient && \
rm -r "${tmp}" && \
mkdir -p /etc/ddclient /var/cache/ddclient
CMD ["/usr/bin/ddclient", "-foreground"]

10
ddclient/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = ddclient
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

33
dendrite/Dockerfile
View File

@ -1,33 +0,0 @@
FROM golang:1.16.3-alpine3.13 AS builder
RUN apk --no-cache add git build-base && \
mkdir -p /build && \
git clone https://github.com/matrix-org/dendrite /build/dendrite && \
mkdir -p /build/bin && \
cd /build/dendrite && \
go build -trimpath -o /build/bin/ ./cmd/dendrite-monolith-server && \
go build -trimpath -o /build/bin/ ./cmd/goose && \
go build -trimpath -o /build/bin/ ./cmd/create-account && \
go build -trimpath -o /build/bin/ ./cmd/generate-keys
FROM alpine:3.13
COPY --from=builder /build/bin/* /usr/local/bin/
COPY entrypoint.sh /usr/local/bin/entrypoint
RUN chmod +x /usr/local/bin/entrypoint && \
addgroup --gid 10001 dendrite && \
adduser \
--uid 10000 \
--home /var/lib/dendrite \
--ingroup dendrite \
--disabled-password \
--shell /sbin/nologin \
dendrite && \
mkdir -p /var/log/dendrite /var/dendrite/media && \
chown -R dendrite:dendrite /var/log/dendrite /var/dendrite
WORKDIR /etc/dendrite
USER dendrite
ENTRYPOINT ["/usr/local/bin/entrypoint"]

10
dendrite/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = dendrite
.PHONY: build build-nc
build: Dockerfile entrypoint.sh
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile entrypoint.sh
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

4
dendrite/entrypoint.sh
View File

@ -1,4 +0,0 @@
#!/bin/sh
sleep 5
exec /usr/local/bin/dendrite-monolith-server -config /etc/dendrite/dendrite.yaml "$@"

22
filite/Dockerfile
View File

@ -1,22 +0,0 @@
FROM alpine:3.13
RUN apk add --no-cache --virtual .build-deps cargo && \
apk add --no-cache libgcc && \
cargo install filite && \
apk del .build-deps && \
mv /root/.cargo/bin/filite /usr/local/bin/filite && \
rm -r /root/.cargo && \
addgroup \
--gid 10001 \
filite && \
adduser \
--uid 10000 \
--home /var/lib/filite \
--ingroup filite \
--disabled-password \
--shell /sbin/nologin \
filite
WORKDIR /var/lib/filite
USER filite
ENTRYPOINT ["/usr/local/bin/filite"]

10
filite/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = filite
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

12
git-daemon/Dockerfile
View File

@ -1,12 +0,0 @@
FROM alpine:3.12
RUN apk --no-cache add \
fcgiwrap \
spawn-fcgi \
git-daemon
COPY entrypoint /usr/local/bin/entrypoint
RUN chmod +x /usr/local/bin/entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint"]
CMD "daemon"

10
git-daemon/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = git-daemon
.PHONY: build build-nc
build: Dockerfile entrypoint
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile entrypoint
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

17
git-daemon/entrypoint
View File

@ -1,17 +0,0 @@
#!/bin/sh
case $1 in
daemon)
[ -n "$REPOS_DIR" ] && [ -d "$REPOS_DIR" ] && \
exec git daemon \
--reuseaddr \
--base-path=/var/lib/git/repositories \
/var/lib/git/repositories
;;
fcgi)
FCGI_PORT=${FCGI_PORT:-9000}
exec spawn-fcgi -p "${FCGI_PORT}" -n /usr/bin/fcgiwrap
;;
*)
exec "$@"
esac

41
gitolite-pystagit/Dockerfile
View File

@ -1,41 +0,0 @@
FROM alpine:3.13
RUN apk add --no-cache \
gitolite \
libgit2 \
openssh-server \
python3 \
su-exec && \
apk add --no-cache --virtual .build-deps \
gcc \
libffi-dev \
libgit2-dev \
musl-dev \
py3-pip \
python3-dev && \
git clone https://github.com/gthar/pystagit.git /tmp/pystagit && \
pip install /tmp/pystagit && \
rm -r /tmp/pystagit && \
apk del .build-deps && \
passwd -u git && \
mkdir -p /opt/gitolite-local/hooks/common
COPY sshd_config /etc/ssh/sshd_config
COPY gitolite.rc /var/lib/git/.gitolite.rc
COPY bin/. /usr/local/bin/
COPY local_code/. /opt/gitolite-local/
RUN chown -R git:git /var/lib/git && \
chmod +x \
/usr/local/bin/entrypoint \
/usr/local/bin/build-pystagit-index \
/usr/local/bin/build-pystagit-repo \
/usr/local/bin/build-pystagit-repos \
/opt/gitolite-local/hooks/common/post-receive \
/opt/gitolite-local/triggers/build-pystagit-index \
/opt/gitolite-local/triggers/build-pystagit-repo \
/opt/gitolite-local/triggers/build-pystagit-repos
ENTRYPOINT ["/usr/local/bin/entrypoint"]
CMD ["/usr/sbin/sshd", "-D", "-e"]

16
gitolite-pystagit/Makefile
View File

@ -1,16 +0,0 @@
USERNAME = rilla
IMG_NAME = gitolite-pystagit
.PHONY: build build-nc
BIN=$(wildcard bin/*)
HOOKS=$(wildcard local_code/hooks/*)
TRIGGERS=$(wildcard local_code/triggers/*)
DEPS=Dockerfile $(BIN) $(HOOKS) $(TRIGGERS) gitolite.rc sshd_config
build: $(DEPS)
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: $(DEPS)
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

29
gitolite-pystagit/bin/build-pystagit-index
View File

@ -1,29 +0,0 @@
#!/bin/sh
set -e
PYSTAGIT_BASE="${PYSTAGIT_BASE:-/var/lib/git/pystagit}"
GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}"
mk_index () {
gitolite list-phy-repos | \
gitolite access % pystagit R any | \
awk \
-F'\t' \
-v d="${GL_REPO_BASE}" \
'{if ($3 !~ "DENIED") print d"/"$1".git"}' | \
xargs -r /usr/bin/pystagit-index > \
"${1}/index.html" && \
chmod 644 "${1}/index.html"
}
# shellcheck disable=SC1091
[ -f /etc/env ] && . /etc/env
if [ -n "${SITES}" ]; then
for site in ${SITES}; do
mk_index "${PYSTAGIT_BASE}-${site}"
done
else
mk_index "${PYSTAGIT_BASE}"
fi

75
gitolite-pystagit/bin/build-pystagit-repo
View File

@ -1,75 +0,0 @@
#!/bin/sh
set -e
[ -z "${1}" ] && exit
PYSTAGIT_BASE="${PYSTAGIT_BASE:-/var/lib/git/pystagit}"
GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}"
# shellcheck disable=SC1091
[ -f /etc/env ] && . /etc/env
run_pystagit () {
repo_dir="${GL_REPO_BASE}/${1}.git"
if [ -n "${2}" ]; then
out_dir="${PYSTAGIT_BASE}-${2}/${1}"
else
out_dir="${PYSTAGIT_BASE}/${1}"
fi
mkdir -p "${out_dir}" && \
chmod 755 "${out_dir}" && \
cd "${out_dir}" && \
/usr/bin/pystagit "${repo_dir}" && \
if [ -f about.html ]; then
ln -sf about.html index.html
else
ln -sf log.html index.html
fi
}
set_url () {
url_file="${GL_REPO_BASE}/${1}.git/url"
if [ -n "${2}" ]; then
echo "${2}/${1}" > "${url_file}"
else
echo "url not set"
rm -f "${url_file}"
fi
}
set_owner () {
owner_file="${GL_REPO_BASE}/${1}.git/owner"
if owner=$(gitolite git-config "${1}" gitweb.owner); then
echo "setting owner for '${1}'"
echo "${owner}" > "${owner_file}"
else
echo "usetting owner for '${1}'"
rm -f "${owner_file}"
fi
}
echo "running pystagit for '${1}'"
if gitolite access "${1}" pystagit R any; then
set_owner "${1}"
if [ -n "${SITES}" ]; then
_i=1
for site in ${SITES}; do
url=$(printf "%s" "${URLS}" | cut -d " " -f "$_i")
set_url "${1}" "${url}"
run_pystagit "${1}" "${site}"
_i=$((_i+1))
done
else
url=$(printf "%s" "${URLS}" | cut -d " " -f 1)
set_url "${1}" "${url}"
run_pystagit "${1}" ""
fi
else
rm -rf "${PYSTAGIT_BASE}"*"/${1}.git"
fi

7
gitolite-pystagit/bin/build-pystagit-repos
View File

@ -1,7 +0,0 @@
#!/bin/sh
set -e
for repo in $(gitolite list-phy-repos); do
/usr/local/bin/build-pystagit-repo "${repo}"
done

49
gitolite-pystagit/bin/entrypoint
View File

@ -1,49 +0,0 @@
#!/bin/sh
set -e
su-exec git env | awk -F"=" '{ print $1"=\""$2"\"" }' > /etc/env
for algorithm in rsa dsa ecdsa ed25519; do
keyfile="/etc/ssh/keys/ssh_host_${algorithm}_key"
[ -f "$keyfile" ] || \
ssh-keygen -q -N '' -f "$keyfile" -t "$algorithm"
done
BASE_DIR=/var/lib/git
echo "fixing permissions..."
mkdir -p \
"${BASE_DIR}/.gitolite/conf" \
"${BASE_DIR}/.gitolite/hooks" \
"${BASE_DIR}/.gitolite/keydir" \
"${BASE_DIR}/.gitolite/logs"
chown -R git:git \
"${BASE_DIR}/.gitolite" \
"${BASE_DIR}/.ssh" \
"${BASE_DIR}/pystagit"* \
"${BASE_DIR}/repositories"
if [ ! -f "${BASE_DIR}/.ssh/authorized_keys" ]; then
if [ -z "$SSH_KEY" ]; then
echo "SSH_KEY needs to be set"
exit 1
fi
SSH_KEY_NAME=${SSH_KEY_NAME:-admin}
echo "$SSH_KEY" > "/tmp/${SSH_KEY_NAME}.pub"
echo "gitolite's initial setup"
su-exec git gitolite setup -pk "/tmp/${SSH_KEY_NAME}.pub"
rm "/tmp/${SSH_KEY_NAME}.pub"
else
# stuff is already set up, but check the setup anyway
echo "gitolite's sanity setup"
su-exec git gitolite setup
fi
echo "building static site"
su-exec git build-pystagit-repos
su-exec git build-pystagit-index
echo "gitolite is ready,starting sshd"
exec "$@"

214
gitolite-pystagit/gitolite.rc
View File

@ -1,214 +0,0 @@
# configuration variables for gitolite
# This file is in perl syntax. But you do NOT need to know perl to edit it --
# just mind the commas, use single quotes unless you know what you're doing,
# and make sure the brackets and braces stay matched up!
# (Tip: perl allows a comma after the last item in a list also!)
# HELP for commands can be had by running the command with "-h".
# HELP for all the other FEATURES can be found in the documentation (look for
# "list of non-core programs shipped with gitolite" in the master index) or
# directly in the corresponding source file.
%RC = (
# ------------------------------------------------------------------
# default umask gives you perms of '0700'; see the rc file docs for
# how/why you might change this
UMASK => 0077,
# look for "git-config" in the documentation
GIT_CONFIG_KEYS => 'gitweb.description gitweb.owner',
# comment out if you don't need all the extra detail in the logfile
LOG_EXTRA => 1,
# logging options
# 1. leave this section as is for 'normal' gitolite logging (default)
# 2. uncomment this line to log ONLY to syslog:
# LOG_DEST => 'syslog',
# 3. uncomment this line to log to syslog and the normal gitolite log:
# LOG_DEST => 'syslog,normal',
# 4. prefixing "repo-log," to any of the above will **also** log just the
# update records to "gl-log" in the bare repo directory:
# LOG_DEST => 'repo-log,normal',
# LOG_DEST => 'repo-log,syslog',
# LOG_DEST => 'repo-log,syslog,normal',
# syslog 'facility': defaults to 'local0', uncomment if needed. For example:
# LOG_FACILITY => 'local4',
# roles. add more roles (like MANAGER, TESTER, ...) here.
# WARNING: if you make changes to this hash, you MUST run 'gitolite
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
ROLES => {
READERS => 1,
WRITERS => 1,
},
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
# CACHE => 'Redis',
# ------------------------------------------------------------------
# rc variables used by various features
# the 'info' command prints this as additional info, if it is set
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
# the CpuTime feature uses these
# display user, system, and elapsed times to user after each git operation
# DISPLAY_CPU_TIME => 1,
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
# CPU_TIME_WARN_LIMIT => 0.1,
# the Mirroring feature needs this
# HOSTNAME => "foo",
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
# CACHE_TTL => 600,
# ------------------------------------------------------------------
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
LOCAL_CODE => "/opt/gitolite-local",
#LOCAL_CODE => "$ENV{HOME}/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
#POST_COMPILE => [],
POST_COMPILE => [
'build-pystagit-repos',
'build-pystagit-index'
],
POST_CREATE => [
'build-pystagit-repo',
'build-pystagit-index'
],
# List of commands and features to enable
ENABLE => [
# COMMANDS
# These are the commands enabled by default
'help',
'desc',
'info',
'perms',
'writable',
# Uncomment or add new commands here.
# 'create',
# 'fork',
# 'mirror',
# 'readme',
# 'sskm',
# 'D',
# These FEATURES are enabled by default.
# essential (unless you're using smart-http mode)
'ssh-authkeys',
# creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
'git-config',
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
'daemon',
# creates projects.list file; if you don't use gitweb, comment this out
#'gitweb',
# These FEATURES are disabled by default; uncomment to enable. If you
# need to add new ones, ask on the mailing list :-)
# user-visible behaviour
# prevent wild repos auto-create on fetch/clone
# 'no-create-on-read',
# no auto-create at all (don't forget to enable the 'create' command!)
# 'no-auto-create',
# access a repo by another (possibly legacy) name
# 'Alias',
# give some users direct shell access. See documentation in
# sts.html for details on the following two choices.
# "Shell $ENV{HOME}/.gitolite.shell-users",
# 'Shell alice bob',
# set default roles from lines like 'option default.roles-1 = ...', etc.
# 'set-default-roles',
# show more detailed messages on deny
# 'expand-deny-messages',
# show a message of the day
# 'Motd',
# system admin stuff
# enable mirroring (don't forget to set the HOSTNAME too!)
# 'Mirroring',
# allow people to submit pub files with more than one key in them
# 'ssh-authkeys-split',
# selective read control hack
# 'partial-copy',
# manage local, gitolite-controlled, copies of read-only upstream repos
# 'upstream',
# updates 'description' file instead of 'gitweb.description' config item
'cgit',
# allow repo-specific hooks to be added
#'repo-specific-hooks',
# performance, logging, monitoring...
# be nice
# 'renice 10',
# log CPU times (user, system, cumulative user, cumulative system)
# 'CpuTime',
# syntactic_sugar for gitolite.conf and included files
# allow backslash-escaped continuation lines in gitolite.conf
# 'continuation-lines',
# create implicit user groups from directory names in keydir/
# 'keysubdirs-as-groups',
# allow simple line-oriented macros
'macros',
# Kindergarten mode
# disallow various things that sensible people shouldn't be doing anyway
# 'Kindergarten',
],
);
# ------------------------------------------------------------------------------
# per perl rules, this should be the last line in such a file:
1;
# Local variables:
# mode: perl
# End:
# vi: ft=perl

7
gitolite-pystagit/local_code/hooks/common/post-receive
View File

@ -1,7 +0,0 @@
#!/bin/sh
set -e
[ -n "${GL_REPO}" ] && \
/usr/local/bin/build-pystagit-repo "${GL_REPO}" &&
/usr/local/bin/build-pystagit-index

3
gitolite-pystagit/local_code/triggers/build-pystagit-index
View File

@ -1,3 +0,0 @@
#!/bin/sh
/usr/local/bin/build-pystagit-index

5
gitolite-pystagit/local_code/triggers/build-pystagit-repo
View File

@ -1,5 +0,0 @@
#!/bin/sh
set -e
[ -n "$2" ] && /usr/local/bin/build-pystagit-repo "$2"

3
gitolite-pystagit/local_code/triggers/build-pystagit-repos
View File

@ -1,3 +0,0 @@
#!/bin/sh
/usr/local/bin/build-pystagit-repos

23
gitolite-pystagit/sshd_config
View File

@ -1,23 +0,0 @@
Port 22
Protocol 2
PermitRootLogin no
AllowUsers git
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
HostKey /etc/ssh/keys/ssh_host_rsa_key
HostKey /etc/ssh/keys/ssh_host_dsa_key
HostKey /etc/ssh/keys/ssh_host_ecdsa_key
HostKey /etc/ssh/keys/ssh_host_ed25519_key
X11Forwarding no
PrintMotd no
ClientAliveInterval 300
ClientAliveCountMax 2
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512

36
gitolite/Dockerfile
View File

@ -1,36 +0,0 @@
FROM alpine:3.14
RUN apk add --update --no-cache \
docker-compose \
docker \
git \
openssh-server \
perl \
shadow \
su-exec
RUN adduser -h /var/lib/git -D git && \
adduser git docker && \
mkdir -p /var/lib/git/local/hooks && \
chown -R git:git /var/lib/git && \
usermod -p '*' git && \
passwd -u git
RUN mkdir -p /usr/local/src && \
git clone https://github.com/sitaramc/gitolite /usr/local/src/gitolite && \
/usr/local/src/gitolite/install -ln /usr/local/bin
RUN mkdir -p /opt/docker-services
COPY sshd_config /etc/ssh/sshd_config
VOLUME /etc/ssh/keys
VOLUME /var/lib/git
COPY docker-entrypoint.sh /entrypoint
RUN chmod +x /entrypoint
ENTRYPOINT ["/entrypoint"]
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D", "-e"]

14
gitolite/Makefile
View File

@ -1,14 +0,0 @@
IMG_NAME = gitolite
REGISTRY=registry.monotremata.xyz:443
IMG=$(REGISTRY)/$(IMG_NAME)
.PHONY: build build-nc push
build: Dockerfile docker-entrypoint.sh sshd_config
docker build -t $(IMG) .
push: build
docker image push $(IMG)
build-nc: Dockerfile docker-entrypoint.sh sshd_config
docker build --no-cache -t $(IMG) .

41
gitolite/docker-entrypoint.sh
View File

@ -1,41 +0,0 @@
#!/bin/sh
set -xe
[ -n "$DOCKER_GID" ] && groupmod -g "${DOCKER_GID}" docker
for algorithm in rsa dsa ecdsa ed25519
do
keyfile="/etc/ssh/keys/ssh_host_${algorithm}_key"
[ -f "$keyfile" ] || ssh-keygen -q -N '' -f "$keyfile" -t "$algorithm"
done
BASE_DIR=/var/lib/git
echo "fixing gitolite's permissions..."
find "${BASE_DIR}" \
-not -path "${BASE_DIR}/.gitolite.rc" \
-and -not -path "${BASE_DIR}/local/hooks/repo-specific*" \
-exec chown git:git {} \;
if [ ! -f "${BASE_DIR}/.ssh/authorized_keys" ]
then
if [ -n "$SSH_KEY" ]
then
[ -n "$SSH_KEY_NAME" ] || SSH_KEY_NAME="admin"
echo "$SSH_KEY" > "/tmp/${SSH_KEY_NAME}.pub"
echo "gitolite's initial setup"
su-exec git gitolite setup -pk "/tmp/${SSH_KEY_NAME}.pub"
rm "/tmp/${SSH_KEY_NAME}.pub"
else
echo "SSH_KEY needs to be set"
exit 1
fi
else
# stuff is already set up, but check the setup anyway
echo "gitolite's sanity setup"
su-exec git gitolite setup
fi
echo "gitolite is ready,starting sshd"
exec "$@"

23
gitolite/sshd_config
View File

@ -1,23 +0,0 @@
Port 22
Protocol 2
PermitRootLogin no
AllowUsers git
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
HostKey /etc/ssh/keys/ssh_host_rsa_key
HostKey /etc/ssh/keys/ssh_host_dsa_key
HostKey /etc/ssh/keys/ssh_host_ecdsa_key
HostKey /etc/ssh/keys/ssh_host_ed25519_key
X11Forwarding no
PrintMotd no
ClientAliveInterval 300
ClientAliveCountMax 2
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512

15
nfs-server/Dockerfile
View File

@ -1,15 +0,0 @@
FROM alpine:3.13
COPY entrypoint.sh /usr/local/bin/entrypoint
RUN apk add --no-cache nfs-utils && \
rm /etc/idmapd.conf /etc/exports && \
mkdir -p /var/lib/nfs/rpc_pipefs /var/lib/nfs/v4recovery && \
echo "rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0" >> /etc/fstab && \
echo "nfsd /proc/fs/nfsd nfsd defaults 0 0" >> /etc/fstab && \
chmod +x /usr/local/bin/entrypoint
EXPOSE 2049
ENTRYPOINT ["/usr/local/bin/entrypoint"]

10
nfs-server/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = nfs-server
.PHONY: build build-nc
build: Dockerfile entrypoint.sh
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile entrypoint.sh
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

72
nfs-server/entrypoint.sh
View File

@ -1,72 +0,0 @@
#!/bin/sh
NTHREADS=${NTHREADS:=1}
stop () {
echo "un-exporting filesystems"
/usr/sbin/exportfs -uav
echo "terminating nfsd"
/usr/sbin/rpc.nfsd 0
echo "killing pids"
pid1=$(pidof rpc.nfsd)
pid2=$(pidof rpc.mountd)
pid3=$(pidof rpc.rpcbind)
kill -TERM "$pid1" "$pid2" "$pid3"
echo "un-mounting /var/lib/nfs/rpc_pipefs"
umount /var/lib/nfs/rpc_pipefs
echo "un-mounting /proc/nfs/nfsd"
umount /proc/fs/nfsd
exit 0
}
boot () {
echo "mounting /var/lib/nfs/rpc_pipefs"
/bin/mount -t rpc_pipefs /var/lib/nfs/rpc_pipefs
echo "mounting /proc/fs/nfsd"
/bin/mount -t nfsd /proc/fs/nfsd
echo "starting rpcbind"
/sbin/rpcbind -sw
/sbin/rpcinfo
echo "exporting filesystems"
/usr/sbin/exportfs -ar
cat /etc/exports
echo "starting mountd"
/usr/sbin/rpc.mountd \
--port 32767 \
--nfs-version 4 \
--no-nfs-version 2 \
--no-nfs-version 3
echo "starting nfsd"
/usr/sbin/rpc.nfsd \
--tcp \
--udp \
--port 2049 \
--nfs-version 4 \
--no-nfs-version 2 \
--no-nfs-version 3 \
"${NTHREADS}"
echo "terminating rpcbind"
pid=$(pidof rpcbind)
[ -n "$pid" ] && kill "$pid"
echo "ready"
}
trap stop TERM INT
boot
while :; do
sleep 2073600 &
wait
done

15
opensmtpd/Dockerfile
View File

@ -1,15 +0,0 @@
FROM alpine:3.14
RUN apk add --update --no-cache \
opensmtpd \
opensmtpd-extras \
rspamd \
opensmtpd-filter-rspamd && \
adduser \
-h /var/vmail \
-s /sbin/nologin \
-u 2000 \
-S -D \
vmail
CMD ["smtpd", "-d"]

10
opensmtpd/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = opensmtpd
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

20
rss-bridge/Dockerfile
View File

@ -1,20 +0,0 @@
FROM alpine:3.14
RUN apk add --no-cache \
git su-exec nginx php7 php7-fpm \
php7-curl php7-json php7-mbstring php7-openssl php7-pecl-memcached \
php7-simplexml php7-sqlite3 php7-xml && \
sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf && \
mkdir -p /var/www && \
git clone https://github.com/RSS-Bridge/rss-bridge /var/www/rss-bridge && \
adduser -D -h /var/www/rss-bridge rssbridge && \
chown -R rssbridge:rssbridge \
/var/www/rss-bridge \
/var/log/php7
WORKDIR /var/www/rss-bridge
COPY entrypoint.sh /entrypoint
RUN chmod 700 /entrypoint
ENTRYPOINT ["/entrypoint"]
CMD ["rss-bridge"]

15
rss-bridge/Makefile
View File

@ -1,15 +0,0 @@
IMG_NAME = rss-bridge
REGISTRY=registry.monotremata.xyz:443
IMG=$(REGISTRY)/$(IMG_NAME)
.PHONY: build build-nc push
build: Dockerfile
docker build -t $(IMG) .
push: build
docker image push $(IMG)
build-nc: Dockerfile
docker build --no-cache -t $(IMG) .

14
rss-bridge/entrypoint.sh
View File

@ -1,14 +0,0 @@
#!/bin/sh
set -ex
case $1 in
rss-bridge)
exec su-exec rssbridge php-fpm7 -F
;;
nginx)
exec nginx -g 'daemon off;'
;;
*)
exec su-exec rssbridge "$@"
esac

17
sassc/Dockerfile
View File

@ -1,17 +0,0 @@
FROM alpine:3.13
RUN apk add --update --no-cache sassc && \
addgroup \
--gid 10001 \
sassc && \
adduser \
--uid 10000 \
--home /data \
--ingroup sassc \
--disabled-password \
--shell /sbin/nologin \
sassc
WORKDIR /data
USER sassc
ENTRYPOINT ["sassc"]

10
sassc/Makefile
View File

@ -1,10 +0,0 @@
USERNAME = rilla
IMG_NAME = sassc
.PHONY: build build-nc
build: Dockerfile
docker build -t $(USERNAME)/$(IMG_NAME) .
build-nc: Dockerfile
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

29
syncthing/Dockerfile
View File

@ -1,29 +0,0 @@
# syncthing
FROM alpine:3.15
ARG TARGETPLATFORM
ENV VERSION v1.20.1
RUN addgroup --gid 10001 syncthing && \
adduser \
--uid 10000 \
--home /var/lib/syncthing \
--ingroup syncthing \
--disabled-password \
--shell /sbin/nologin \
syncthing && \
mkdir -p /data && chown -R syncthing:syncthing /data && \
cd /tmp && \
ARCH=$(echo "$TARGETPLATFORM" | sed 's/\//-/') && \
RELEASE="syncthing-${ARCH}-${VERSION}" && \
URI="https://github.com/syncthing/syncthing/releases/download/${VERSION}/${RELEASE}.tar.gz" && \
echo "$URI" && \
wget "${URI}" && \
tar -xzf "${RELEASE}.tar.gz" && \
cp "/tmp/${RELEASE}/syncthing" /usr/local/bin/syncthing && \
rm -r "/tmp/${RELEASE}" "/tmp/${RELEASE}.tar.gz"
VOLUME /data /var/lib/syncthing
USER syncthing
CMD ["/usr/local/bin/syncthing", "-home=/var/lib/syncthing"]

31
syncthing/Makefile
View File

@ -1,31 +0,0 @@
IMG_NAME = syncthing
REGISTRY=registry.monotremata.xyz
IMG=$(REGISTRY)/$(IMG_NAME)
PLATFORMS=linux/amd64,linux/arm64
.PHONY: build build-nc buildx push
hw=$(shell uname -m)
ifeq ($(hw), x86_64)
TARGETPLATFORM=linux/amd64
else ifeq ($(hw), aarch64)
TARGETPLATFORM=linux/arm64
else
TARGETPLATFORM=linux/$(hw)
endif
build: Dockerfile
docker build -t $(IMG) --build-arg TARGETPLATFORM=$(TARGETPLATFORM) .
buildx: Dockerfile
docker buildx build \
--platform $(PLATFORMS) \
--tag $(IMG) \
--push \
.
push: build
docker image push $(IMG)
build-nc: Dockerfile
docker build --no-cache -t $(IMG) --build-arg ARCH=$(ARCH) .

25
vdirsyncer/Dockerfile
View File

@ -1,25 +0,0 @@
FROM alpine:3.14
RUN apk add --no-cache python3 py3-pip su-exec && \
pip3 install --upgrade pip && \
pip3 install vdirsyncer vdirsyncer[google] requests_oauthlib && \
addgroup --gid 10001 vdirsyncer && \
adduser \
--empty-password \
--home /var/lib/vdirsyncer \
--uid 10000 \
--ingroup vdirsyncer \
vdirsyncer && \
mkdir -p /var/lib/vdirsyncer/status /var/lib/vdirsyncer/tokens && \
touch /var/lib/vdirsyncer/config && \
chown -R vdirsyncer:vdirsyncer /var/lib/vdirsyncer
COPY crontab /crontab
COPY entrypoint.sh /entrypoint
COPY do_sync.sh /do_sync
RUN chmod +x /entrypoint /do_sync
ENTRYPOINT ["/entrypoint"]
CMD ["task"]
ENV VDIRSYNCER_CONFIG /var/lib/vdirsyncer/config

20
vdirsyncer/Makefile
View File

@ -1,20 +0,0 @@
IMG_NAME = vdirsyncer
USERNAME = rilla
REGISTRY=registry.monotremata.xyz:443
LOCAL_IMG=$(USERNAME)/$(IMG_NAME)
REGISTRY_IMG=$(REGISTRY)/$(IMG_NAME)
.PHONY: build build-nc tag push
build: Dockerfile entrypoint.sh crontab do_sync.sh
docker build -t $(USERNAME)/$(IMG_NAME) .
tag: build
docker image tag $(LOCAL_IMG) $(REGISTRY_IMG)
push: tag
docker image push $(REGISTRY_IMG)
build-nc: Dockerfile entrypoint.sh crontab do_sync.sh
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .

1
vdirsyncer/crontab
View File

@ -1 +0,0 @@
*/15 * * * * /do_sync

4
vdirsyncer/do_sync.sh
View File

@ -1,4 +0,0 @@
#!/bin/sh
export VDIRSYNCER_CONFIG=/var/lib/vdirsyncer/config
vdirsyncer discover && vdirsyncer sync

25
vdirsyncer/entrypoint.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
mkdir -p /var/lib/vdirsyncer/tokens /var/lib/vdirsyncer/status
chown -R vdirsyncer:vdirsyncer \
/var/lib/vdirsyncer/tokens \
/var/lib/vdirsyncer/status
export VDIRSYNCER_CONFIG=/var/lib/vdirsyncer/config
case $1 in
discover)
exec su-exec vdirsyncer vdirsyncer "$@"
;;
sync)
exec su-exec vdirsyncer vdirsyncer "$@"
;;
task)
su-exec vdirsyncer vdirsyncer discover && \
/usr/bin/crontab -u vdirsyncer /crontab && \
exec /usr/sbin/crond -f -L /dev/stdout
;;
*)
exec "$@"
;;
esac

31
xandikos/Dockerfile
View File

@ -1,31 +0,0 @@
FROM alpine:3.14
RUN apk add --no-cache \
git \
python3 \
su-exec && \
apk add --no-cache --virtual .build-deps \
gcc \
musl-dev \
py3-pip \
python3-dev && \
pip3 install --upgrade pip && \
pip3 install \
aiohttp \
icalendar \
dulwich>=0.19.1 \
defusedxml \
jinja2 \
multidict \
prometheus-client && \
# apk del .build-deps && \
mkdir -p /opt && \
git clone https://github.com/jelmer/xandikos /opt/xandikos && \
adduser -D -h /var/lib/xandikos xandikos && \
mkdir -p /var/lib/xandikos/data && \
chown -R xandikos:xandikos /var/lib/xandikos
COPY entrypoint.sh /entrypoint
RUN chmod +x /entrypoint
ENTRYPOINT ["/entrypoint"]
CMD ["xandikos"]

15
xandikos/Makefile
View File

@ -1,15 +0,0 @@
IMG_NAME = xandikos
REGISTRY=registry.monotremata.xyz:443
IMG=$(REGISTRY)/$(IMG_NAME)
.PHONY: build build-nc push
build: Dockerfile entrypoint.sh
docker build -t $(IMG) .
push: build
docker image push $(IMG)
build-nc: Dockerfile entrypoint.sh
docker build --no-cache -t $(IMG) .

28
xandikos/entrypoint.sh
View File

@ -1,28 +0,0 @@
#!/bin/sh
set -xe
PORT=${PORT:-8000}
ROUTE_PREFIX=${ROUTE_PREFIX:-/}
current_user_principal="/user"
chown -R xandikos:xandikos /var/lib/xandikos
case $1 in
xandikos)
cd /opt/xandikos
exec su-exec xandikos python3 -m xandikos.web \
--port="${PORT}" \
--listen-address='0.0.0.0' \
-d /var/lib/xandikos/data \
--current-user-principal="${current_user_principal}" \
--route-prefix "${ROUTE_PREFIX}" \
--autocreate \
--defaults
;;
*)
exec "$@"
;;
esac