autoconf - fix folders

autoconf/Config.py

@@ -11,7 +11,7 @@ class Config :
 
 	def __jobs(self, type) :
 		utils.log("[*] Starting jobs (type = " + type + ") ...")
-		proc = subprocess.run(["/bin/su", "-c", "/opt/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True)
+		proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True)
 		stdout = proc.stdout.decode("ascii")
 		stderr = proc.stderr.decode("ascii")
 		if len(stdout) > 1 :
@@ -56,7 +56,7 @@ class Config :
 					f.write(k + "=" + v + "\n")
 
 			# Call the generator
-			proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True)
+			proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True)
 
 			# Print stdout/stderr
 			stdout = proc.stdout.decode("ascii")

autoconf/Dockerfile

@@ -3,20 +3,21 @@ FROM alpine
 COPY autoconf/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
     /tmp/dependencies.sh && \
-    rm -f /tmp/dependencies.sh
+    rm -f /tmp/dependencies.sh && \
+    mkdir /opt/bunkerized-nginx
 
-COPY gen/ /opt/gen
+COPY gen/ /opt/bunkerized-nginx/gen
-COPY entrypoint/ /opt/entrypoint
+COPY entrypoint/ /opt/bunkerized-nginx/entrypoint
-COPY confs/global/ /opt/confs/global
+COPY confs/global/ /opt/bunkerized-nginx/confs/global
-COPY confs/site/ /opt/confs/site
+COPY confs/site/ /opt/bunkerized-nginx/confs/site
-COPY scripts/ /opt/scripts
+COPY scripts/ /opt/bunkerized-nginx/scripts
-COPY settings.json /opt
+COPY settings.json /opt/bunkerized-nginx/
 COPY misc/cron /etc/crontabs/nginx
-COPY autoconf/* /opt/entrypoint/
+COPY autoconf/* /opt/bunkerized-nginx/entrypoint/
 
 COPY autoconf/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
+ENTRYPOINT ["/opt/bunkerized-nginx/entrypoint/entrypoint.sh"]

autoconf/entrypoint.sh

@@ -3,7 +3,7 @@
 echo "[*] Starting autoconf ..."
 
 # check permissions
-su -s "/opt/entrypoint/permissions.sh" nginx
+su -s "/opt/bunkerized-nginx/entrypoint/permissions.sh" nginx
 if [ "$?" -ne 0 ] ; then
 	exit 1
 fi
@@ -27,7 +27,7 @@ trap "trap_exit" TERM INT QUIT
 crond
 
 # run autoconf app
-/opt/entrypoint/app.py &
+/opt/bunkerized-nginx/entrypoint/app.py &
 pid="$!"
 
 # wait while app is up

autoconf/hooks/post_push

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64
-chmod +x manifest-tool
-
-VERSION=$(cat VERSION | tr -d '\n')
-if [ "$SOURCE_BRANCH" = "dev" ] ; then
-	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:dev
-elif [ "$SOURCE_BRANCH" = "master" ] ; then
-	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:${VERSION}
-	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:latest
-fi

autoconf/hooks/pre_build

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-# Register qemu-*-static for all supported processors except the
-# current one, but also remove all registered binfmt_misc before
-docker run --rm --privileged multiarch/qemu-user-static:register --reset

autoconf/prepare.sh

@@ -5,13 +5,17 @@ addgroup -g 101 nginx
 adduser -h /var/cache/nginx -g nginx -s /bin/sh -G nginx -D -H -u 101 nginx
 
 # prepare /opt
-chown -R root:nginx /opt
+chown root:nginx /opt
-find /opt -type f -exec chmod 0740 {} \;
+chmod 750 /opt
-find /opt -type d -exec chmod 0750 {} \;
+
-chmod ugo+x /opt/entrypoint/* /opt/scripts/*
+# prepare /opt/bunkerized-nginx
-chmod ugo+x /opt/gen/main.py
+chown -R root:nginx /opt/bunkerized-nginx
-chmod 770 /opt
+find /opt/bunkerized-nginx -type f -exec chmod 0740 {} \;
-chmod 440 /opt/settings.json
+find /opt/bunkerized-nginx -type d -exec chmod 0750 {} \;
+chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
+chmod ugo+x /opt/bunkerized-nginx/gen/main.py
+chmod 770 /opt/bunkerized-nginx
+chmod 440 /opt/bunkerized-nginx/settings.json
 
 # prepare /var/log
 ln -s /proc/1/fd/1 /var/log/jobs.log
@@ -29,16 +33,30 @@ mkdir /var/lib/letsencrypt
 chown root:nginx /var/lib/letsencrypt
 chmod 770 /var/lib/letsencrypt
 
-# prepare /cache
+# prepare /opt/bunkerized-nginx/cache
+ln -s /cache /opt/bunkerized-nginx/cache
 mkdir /cache
 chown root:nginx /cache
 chmod 770 /cache
 
 # prepare /acme-challenge
+ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
 mkdir /acme-challenge
 chown root:nginx /acme-challenge
 chmod 770 /acme-challenge
 
+# prepare /modsec-confs
+ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs
+mkdir /modsec-confs
+chown root:nginx /modsec-confs
+chmod 770 /modsec-confs
+
+# prepare /modsec-crs-confs
+ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs
+mkdir /modsec-crs-confs
+chown root:nginx /modsec-crs-confs
+chmod 770 /modsec-crs-confs
+
 # prepare /etc/crontabs/nginx
 chown root:nginx /etc/crontabs/nginx
 chmod 440 /etc/crontabs/nginx