ecryptfs #14
10
.env.dist
10
.env.dist
|
@ -1 +1,9 @@
|
|||
DOCKER_SERVICE_1234_TAGS=urlprefix-astroport.${APP_DOMAIN}/
|
||||
DOCKER_IMAGES_MYOS=x2go:xfce-debian
|
||||
NODE_ASTROPORT_SERVICE_1234_TAGS=urlprefix-astroport.${DOMAIN}/
|
||||
NODE_VDI_ECRYPTERS=zen
|
||||
NODE_VDI_LANG=${LANG}
|
||||
NODE_VDI_PORT=45720
|
||||
NODE_VDI_SUDOERS=
|
||||
NODE_VDI_TZ=UTC
|
||||
NODE_VDI_USERS=zen
|
||||
UFW_UPDATE_ASTROPORT=1234 12245:12445/tcp
|
||||
|
|
1
12345.sh
1
12345.sh
|
@ -100,6 +100,7 @@ while true; do
|
|||
sed -i "s~_IPFSNODEID_~${IPFSNODEID}~g" ~/.zen/tmp/coucou/${MOATS}.myIP.http ## NODE PUBLISH HOSTED ${WHAT}'S JSON
|
||||
sed -i "s~_HOSTNAME_~$(hostname)~g" ~/.zen/tmp/coucou/${MOATS}.myIP.http ## HOSTNAME
|
||||
############### ############### ############### ###############
|
||||
|
||||
############################################################################
|
||||
## SERVE LANDING REDIRECT PAGE ~/.zen/tmp/coucou/${MOATS}.myIP.http on PORT 1234 (LOOP BLOCKING POINT)
|
||||
############################################################################
|
||||
|
|
3
Makefile
3
Makefile
|
@ -9,9 +9,6 @@ SHELL_FILES ?= $(wildcard .*/*.sh */*.sh */*/*.sh)
|
|||
|
||||
all: install tests
|
||||
|
||||
install:
|
||||
./install.sh
|
||||
|
||||
tests: shellcheck
|
||||
|
||||
shellcheck:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
FROM debian:bullseye as dist
|
||||
ARG DOCKER_REPOSITORY=aynicos
|
||||
FROM ${DOCKER_REPOSITORY}/x2go:xfce-debian as dist
|
||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||
ARG DOCKER_BUILD_DIR
|
||||
ARG DOCKER_MACHINE=x86_64
|
||||
|
@ -6,7 +7,7 @@ ARG DOCKER_SYSTEM=Linux
|
|||
|
||||
RUN apt-get update \
|
||||
&& apt-get -fy upgrade \
|
||||
&& apt-get -fy install \
|
||||
&& DEBIAN_FRONTEND=noninteractive apt-get -fy install \
|
||||
bash \
|
||||
bc \
|
||||
cron \
|
||||
|
@ -61,6 +62,7 @@ RUN apt-get update \
|
|||
vim-nox \
|
||||
wget \
|
||||
x11-utils \
|
||||
x2goserver \
|
||||
xclip \
|
||||
xz-utils \
|
||||
youtube-dl \
|
||||
|
@ -87,7 +89,7 @@ RUN set -x && buildDeps=' \
|
|||
&& chmod 0755 /usr/local/bin/jaklis \
|
||||
&& /usr/local/bin/jaklis --help >/dev/null \
|
||||
&& mkdir -p /usr/local/src/dpgpid \
|
||||
&& wget -qO - https://github.com/aynicos/dpgpid/archive/wip.tar.gz \
|
||||
&& wget -qO - https://github.com/aynicos/dpgpid/archive/master.tar.gz \
|
||||
|tar --strip-components 1 -C /usr/local/src/dpgpid -xzf - \
|
||||
&& pip3 install -r /usr/local/src/dpgpid/requirements.txt \
|
||||
&& ln -s /usr/local/src/dpgpid/keygen /usr/local/bin/keygen \
|
||||
|
@ -123,39 +125,51 @@ RUN chmod 600 /etc/ssmtp/ssmtp.conf
|
|||
EXPOSE 1234 12345
|
||||
|
||||
COPY install.sh /install.sh
|
||||
COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
CMD ["start"]
|
||||
COPY ${DOCKER_BUILD_DIR}/*.sh /app/
|
||||
CMD ["/app/astroport.sh", "start"]
|
||||
|
||||
FROM dist as master
|
||||
ARG DOCKER_BUILD_DIR
|
||||
ARG DOCKER_GID
|
||||
ARG GID
|
||||
ARG SHELL=/bin/bash
|
||||
ARG UID
|
||||
ARG USER
|
||||
ENV GID=${GID}
|
||||
ENV UID=${UID}
|
||||
ENV GID=${UID}
|
||||
ENV USER=zen
|
||||
|
||||
# If we provide a numeric UID
|
||||
RUN [ "$UID" -eq "$UID" ] 2>/dev/null \
|
||||
# Remove user with $UID if it is not our $USER
|
||||
&& if [ "$(getent passwd $UID |awk -F: '{print $1}')" != "$USER" ]; then \
|
||||
sed -i '/^'$(getent passwd $UID |awk -F: '{print $1}')':x:'$UID':/d' /etc/passwd; \
|
||||
sed -i '/^'$(getent group $GID |awk -F: '{print $1}')':x:'$GID':/d' /etc/group; \
|
||||
fi \
|
||||
# Force $UID if our $USER already exists
|
||||
&& sed -i 's/^'$USER':x:[0-9]\+:[0-9]\+:/'$USER':x:'$UID':'$GID':/' /etc/passwd \
|
||||
&& sed -i 's/^'$USER':x:[0-9]\+:/'$USER':x:'$GID':/' /etc/group \
|
||||
# Create $USER if it does not exist
|
||||
&& if [ "$(getent passwd $UID)" = "" ]; then \
|
||||
echo "$USER:x:$UID:$GID::/home/$USER:$SHELL" >> /etc/passwd; \
|
||||
echo "$USER:\!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \
|
||||
echo "$USER:x:$GID:" >> /etc/group; \
|
||||
fi \
|
||||
&& mkdir -p /home/$USER \
|
||||
&& chown $UID:$GID /home/$USER \
|
||||
|| true
|
||||
RUN if [ "${UID}" -eq "${UID}" ] 2>/dev/null; then \
|
||||
# Force $UID of $USER if it exists
|
||||
if [ "$(awk -F: '$1 == "'"${USER}"'" {print $3}' /etc/passwd)" != "${UID}" ]; then \
|
||||
sed -i 's/^\('"${USER}"':x\):[0-9]\+:/\1:'"${UID}"':/' /etc/passwd; \
|
||||
fi; \
|
||||
# Create $USER if $UID does not exist
|
||||
if [ "$(awk -F: '$3 == "'"${UID}"'" {print $1}' /etc/passwd)" = "" ]; then \
|
||||
echo "${USER}:x:${UID}:${GID:-${UID}}::/home/${USER}:${SHELL:-/bin/sh}" >> /etc/passwd; \
|
||||
echo "${USER}:\!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \
|
||||
mkdir -p /home/"${USER}"; \
|
||||
fi; \
|
||||
chown "${UID}" $(awk -F: '$1 == "'"${USER}"'" {print $(NF-1)}' /etc/passwd); \
|
||||
fi
|
||||
|
||||
# If we provide a numeric GID
|
||||
RUN if [ "${GID}" -eq "${GID}" ] 2>/dev/null; then \
|
||||
# Force $GID of $GROUP if it already exists
|
||||
if [ "$(awk -F: '$1 == "'"${GROUP}"'" {print $3}' /etc/group)" != "${GID}" ]; then \
|
||||
sed -i 's/^\('"${GROUP}"':x\):[0-9]\+:/\1:'"${GID}"':/' /etc/group; \
|
||||
fi; \
|
||||
# Create $GROUP if $GID does not exist
|
||||
if [ "$(awk -F: '$3 == "'"${GID}"'" {print $1}' /etc/group)" = "" ]; then \
|
||||
echo "${GROUP}:x:${GID}:" >> /etc/group; \
|
||||
fi; \
|
||||
# Force $GID of $USER if it exists
|
||||
if [ "$(awk -F: '$1 == "'"${USER}"'" {print $4}' /etc/passwd)" != "${GID}" ]; then \
|
||||
sed -i 's/^\('"${USER}"':x:[0-9]\+\):[0-9]\+:/\1:'"${GID}"':/' /etc/passwd; \
|
||||
fi; \
|
||||
chgrp "${GID}" $(awk -F: '$1 == "'"${USER}"'" {print $(NF-1)}' /etc/passwd); \
|
||||
fi
|
||||
|
||||
## sudo
|
||||
RUN echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" > "/etc/sudoers.d/$USER"
|
||||
|
@ -164,14 +178,15 @@ RUN echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" > "/etc/sudoers.d/$USER"
|
|||
RUN echo "$USER:support@g1sms.fr:mail.asycn.io:587" >> /etc/ssmtp/revaliases
|
||||
|
||||
# config crontab
|
||||
RUN echo "SHELL=/bin/bash" > /var/spool/cron/crontabs/$USER \
|
||||
&& echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> /var/spool/cron/crontabs/$USER \
|
||||
&& echo "12 20 * * * /bin/bash /home/zen/.zen/20h12.process.sh > /tmp/20h12.log 2>&1" >> /var/spool/cron/crontabs/$USER \
|
||||
&& chown $USER /var/spool/cron/crontabs/$USER
|
||||
RUN echo "SHELL=/bin/bash" > "/var/spool/cron/crontabs/$USER" \
|
||||
&& echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> "/var/spool/cron/crontabs/$USER" \
|
||||
&& echo "12 20 * * * /bin/bash /home/zen/.zen/Astroport.ONE/20h12.process.sh > /tmp/20h12.log 2>&1" >> "/var/spool/cron/crontabs/$USER" \
|
||||
&& chown "$USER" "/var/spool/cron/crontabs/$USER"
|
||||
|
||||
HEALTHCHECK CMD [ $(ps aux |grep 'nc -l -p' |wc -l) -lt 199 ] && echo -n OK
|
||||
USER $USER
|
||||
ENV SHELL=${SHELL}
|
||||
WORKDIR /home/$USER
|
||||
|
||||
RUN mkdir ~/.zen ~/.zen/tmp ~/astroport
|
||||
VOLUME "/home/$USER/.ipfs"
|
||||
VOLUME "/home/$USER/.zen"
|
||||
VOLUME "/home/$USER/Astroport"
|
||||
|
||||
WORKDIR "/home/$USER"
|
|
@ -0,0 +1,40 @@
|
|||
#!/usr/bin/env sh
|
||||
[ -n "${DEBUG}" ] && set -x
|
||||
set -euo errexit
|
||||
|
||||
ASTROPORT_DIR=/home/zen/.zen/Astroport.ONE
|
||||
ASTROPORT_REPO=https://git.p2p.legal/qo-op/Astroport.ONE.git
|
||||
|
||||
cron() {
|
||||
sudo service cron start
|
||||
}
|
||||
|
||||
log() {
|
||||
tail -F /var/log/fail2ban.log /var/log/syslog /var/log/auth.log /var/log/pam-script.log >&2
|
||||
}
|
||||
|
||||
zen() {
|
||||
rm -rf /home/zen/.zen/tmp \
|
||||
&& mkdir -p /dev/shm/tmp \
|
||||
&& ln -s /dev/shm/tmp /home/zen/.zen/tmp
|
||||
[ -d "$ASTROPORT_DIR" ] && cd "$ASTROPORT_DIR" && git pull -q || git clone -q "$ASTROPORT_REPO" "$ASTROPORT_DIR"
|
||||
}
|
||||
|
||||
case "${1:-${cmd:-start}}" in
|
||||
|
||||
start)
|
||||
cron
|
||||
log &
|
||||
zen
|
||||
exec "$ASTROPORT_DIR/start.sh"
|
||||
;;
|
||||
|
||||
install)
|
||||
exec /install.sh
|
||||
;;
|
||||
|
||||
*)
|
||||
exec "$@"
|
||||
;;
|
||||
|
||||
esac
|
|
@ -1,20 +1,23 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
docker:
|
||||
astroport:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_REPOSITORY=${DOCKER_REPOSITORY}
|
||||
- GID=${NODE_GID}
|
||||
- UID=${NODE_UID}
|
||||
container_name: ${COMPOSE_PROJECT_NAME}-astroport
|
||||
environment:
|
||||
- ENV=${ENV}
|
||||
- SHELL=${DOCKER_SHELL}
|
||||
image: ${DOCKER_REPOSITORY}/docker:${DOCKER_IMAGE_TAG}
|
||||
image: ${DOCKER_REPOSITORY}/astroport:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_1234_CHECK_HTTP=/
|
||||
- SERVICE_1234_NAME=${COMPOSE_SERVICE_NAME}-docker-1234
|
||||
- SERVICE_1234_TAGS=${DOCKER_SERVICE_1234_TAGS}
|
||||
- SERVICE_1234_CHECK_HTTP=/test
|
||||
- SERVICE_1234_NAME=${COMPOSE_SERVICE_NAME}-astroport-1234
|
||||
- SERVICE_1234_TAGS=${NODE_ASTROPORT_SERVICE_1234_TAGS}
|
||||
|
||||
networks:
|
||||
private:
|
||||
volumes:
|
||||
ipfs:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
name: ${COMPOSE_SERVICE_NAME}_ipfs
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
version: '3.8'
|
||||
|
||||
services:
|
||||
astroport:
|
||||
build:
|
||||
args:
|
||||
- SSH_PORT=${NODE_VDI_PORT:-22}
|
||||
cap_add:
|
||||
- IPC_LOCK # ecryptfs
|
||||
- NET_ADMIN # iptables
|
||||
- NET_RAW # iptables
|
||||
- SYS_ADMIN # ecryptfs
|
||||
environment:
|
||||
- DEBUG=${VDI_DEBUG:-}
|
||||
- ECRYPTERS=${NODE_VDI_ECRYPTERS:-}
|
||||
- LANG=${NODE_VDI_LANG:-}
|
||||
- SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
|
||||
- SSH_PORT=${NODE_VDI_PORT:-22}
|
||||
- SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS:-}
|
||||
- SUDOERS=${NODE_VDI_SUDOERS:-}
|
||||
security_opt:
|
||||
- apparmor=unconfined # ecryptfs
|
||||
- seccomp=unconfined # ecryptfs
|
||||
tty: true
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/default/console-setup:/etc/default/console-setup:ro
|
||||
- /etc/default/keyboard:/etc/default/keyboard:ro
|
||||
- home:/home:delegated
|
||||
- shared:/shared:cached
|
||||
- shm:/dev/shm:delegated
|
||||
|
||||
volumes:
|
||||
home:
|
||||
shared:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /mnt/shared
|
||||
o: bind
|
||||
shm:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: tmpfs
|
||||
device: tmpfs
|
||||
o: mode=1777,size=2147483648 # 2GB
|
|
@ -1,36 +1,23 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
docker:
|
||||
astroport:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker
|
||||
- GID=${GID}
|
||||
- DOCKER_BUILD_DIR=docker/astroport
|
||||
- IPFS_VERSION=${IPFS_VERSION:-0.16.0}
|
||||
- UID=${UID}
|
||||
context: ../
|
||||
dockerfile: docker/Dockerfile
|
||||
dockerfile: docker/astroport/Dockerfile
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
||||
tty: true
|
||||
user: ${UID}:${GID}
|
||||
volumes:
|
||||
- data:/home/zen/astroport:cached
|
||||
- data:/home/zen/Astroport:cached
|
||||
- ipfs:/home/zen/.ipfs:cached,ro
|
||||
- zen:/home/zen/.zen:delegated
|
||||
working_dir: /home/zen/.zen
|
||||
working_dir: /home/zen
|
||||
|
||||
volumes:
|
||||
data:
|
||||
ipfs:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: ${HOME}/.ipfs
|
||||
o: bind
|
||||
zen:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: ${HOME}/.zen
|
||||
o: bind
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
#!/usr/bin/env sh
|
||||
set -euo errexit
|
||||
|
||||
# Print a debug message if debug mode is on ($DEBUG is not empty)
|
||||
# @param message
|
||||
debug_msg ()
|
||||
{
|
||||
if [ -n "${DEBUG:-}" -a "${DEBUG:-}" != "false" ]; then
|
||||
echo "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
mkdir -p /home/zen/.zen/tmp
|
||||
SOURCE_DIR="/home/zen/.zen/Astroport.ONE"
|
||||
[ -d "$SOURCE_DIR" ] && cd "$SOURCE_DIR" && git pull -q || git clone -q https://git.p2p.legal/qo-op/Astroport.ONE.git "$SOURCE_DIR"
|
||||
cd "$SOURCE_DIR"
|
||||
|
||||
sudo -n /usr/sbin/cron -L/dev/stdout
|
||||
|
||||
case "${1:-${cmd:-start}}" in
|
||||
|
||||
start)
|
||||
debug_msg "Starting $SOURCE_DIR/start.sh ..."
|
||||
exec "$SOURCE_DIR"/start.sh
|
||||
;;
|
||||
|
||||
install)
|
||||
debug_msg "Installing..."
|
||||
exec /install.sh
|
||||
;;
|
||||
|
||||
*)
|
||||
debug_msg "Exec: $@"
|
||||
exec "$@"
|
||||
;;
|
||||
|
||||
esac
|
|
@ -0,0 +1,12 @@
|
|||
COMPOSE_FILE_VDI := true
|
||||
COMPOSE_PROJECT_NAME := $(HOSTNAME)
|
||||
MAKE_VARS += NODE_VDI_PORT node
|
||||
SERVICE := astroport
|
||||
SSH_PORT := $(NODE_VDI_PORT)
|
||||
SSH_PUBLIC_HOSTS += git.p2p.legal
|
||||
STACK := node
|
||||
UFW_UPDATE := $(SERVICE)
|
||||
node := node/ipfs
|
||||
|
||||
bootstrap-stack: myos-node
|
||||
|
Loading…
Reference in New Issue