Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

templating - prepare integration for autoconf

Browse Source
This commit is contained in:
bunkerity 2021-05-26 20:50:03 +02:00
parent a991b262ef
commit e2f02ee91e
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
6 changed files with 68 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
autoconf/AutoConf.py
View File

@ -1,7 +1,6 @@
from Config import Config from Config import Config
import utils import utils
import os import os
class AutoConf : class AutoConf :
def __init__(self, swarm, api) : def __init__(self, swarm, api) :

51
autoconf/Dockerfile
View File

@ -1,45 +1,26 @@
FROM nginx:stable-alpine AS builder FROM nginx:1.20.0-alpine AS builder
FROM alpine FROM alpine
COPY --from=builder /etc/nginx/ /opt/confs/nginx COPY --from=builder /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ COPY autoconf/dependencies.sh /tmp
pip3 install docker requests && \ RUN chmod +x /tmp/dependencies.sh && \
mkdir /opt/entrypoint && \ /tmp/dependencies.sh && \
mkdir -p /opt/confs/site && \ rm -f /tmp/dependencies.sh
mkdir -p /opt/confs/global && \
mkdir /opt/scripts && \
addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \
mkdir /var/lib/letsencrypt && \
chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt && \
mkdir /cache && \
chown root:nginx /cache && \
chmod 770 /cache && \
touch /var/log/jobs.log && \
chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY gen/ /opt/gen
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY entrypoint/ /opt/entrypoint
COPY scripts/* /opt/scripts/
COPY confs/site/ /opt/confs/site
COPY confs/global/ /opt/confs/global COPY confs/global/ /opt/confs/global
COPY entrypoint/* /opt/entrypoint/ COPY confs/site/ /opt/confs/site
COPY scripts/ /opt/scripts
COPY settings.json /opt
COPY misc/cron /etc/crontabs/nginx
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
COPY autoconf/prepare.sh /tmp
RUN chmod +x /tmp/prepare.sh && \
/tmp/prepare.sh && \
rm -f /tmp/prepare.sh
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

5
autoconf/dependencies.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
# install dependencies
apk add py3-pip bash certbot curl logrotate openssl
pip3 install docker requests jinja2

15
autoconf/entrypoint.sh
View File

@ -19,28 +19,19 @@ function trap_exit() {
echo "[*] Catched stop operation" echo "[*] Catched stop operation"
echo "[*] Stopping crond ..." echo "[*] Stopping crond ..."
pkill -TERM crond pkill -TERM crond
echo "[*] Stopping python3 ..." echo "[*] Stopping autoconf ..."
pkill -TERM python3 pkill -TERM python3
pkill -TERM tail
} }
trap "trap_exit" TERM INT QUIT trap "trap_exit" TERM INT QUIT
# remove old crontabs
echo "" > /etc/crontabs/root
# setup logrotate
touch /var/log/jobs.log
echo "0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
# start cron # start cron
crond crond
# run autoconf app # run autoconf app
/opt/entrypoint/app.py & /opt/entrypoint/app.py &
# display logs
tail -F /var/log/jobs.log &
pid="$!" pid="$!"
# wait while app is up
wait "$pid" wait "$pid"
# stop # stop

23
autoconf/misc/logrotate.conf
View File

@ -1,23 +0,0 @@
/var/log/*.log /var/log/letsencrypt/*.log {
# compress old files using gzip
compress
# rotate everyday
daily
# remove old logs after X days
maxage 7
rotate 7
# no errors if a file is missing
missingok
# disable mailing
nomail
# mininum size of a logfile before rotating
minsize 10M
# make a copy and truncate the files
copytruncate
}

44
autoconf/prepare.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/sh
# create nginx user
addgroup -g 101 nginx
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx
# prepare /opt
chown -R root:nginx /opt
find /opt -type f -exec chmod 0740 {} \;
find /opt -type d -exec chmod 0750 {} \;
chmod ugo+x /opt/entrypoint/* /opt/scripts/*
chmod ugo+x /opt/gen/main.py
chmod 770 /opt
chmod 440 /opt/settings.json
# prepare /var/log
ln -s /proc/1/fd/1 /var/log/jobs.log
mkdir /var/log/letsencrypt
chown nginx:nginx /var/log/letsencrypt
chmod 770 /var/log/letsencrypt
# prepare /etc/letsencrypt
mkdir /etc/letsencrypt
chown root:nginx /etc/letsencrypt
chmod 770 /etc/letsencrypt
# prepare /var/lib/letsencrypt
mkdir /var/lib/letsencrypt
chown root:nginx /var/lib/letsencrypt
chmod 770 /var/lib/letsencrypt
# prepare /cache
mkdir /cache
chown root:nginx /cache
chmod 770 /cache
# prepare /acme-challenge
mkdir /acme-challenge
chown root:nginx /acme-challenge
chmod 770 /acme-challenge
# prepare /etc/crontabs/nginx
chown root:nginx /etc/crontabs/nginx
chmod 440 /etc/crontabs/nginx