fix
This commit is contained in:
parent
c6a5e9cb00
commit
2b20a33133
|
@ -0,0 +1,4 @@
|
|||
l='ls -CF'
|
||||
la='ls -A'
|
||||
ll='ls -l'
|
||||
vi='nvim'
|
|
@ -0,0 +1,19 @@
|
|||
# shellcheck shell=bash source=/dev/null
|
||||
# ~/.bash_profile: executed by the command interpreter for bash login shell.
|
||||
|
||||
# bash-completion
|
||||
if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then
|
||||
if [ "${BASH_VERSINFO[0]}" -gt 4 ] \
|
||||
|| { [ "${BASH_VERSINFO[0]}" -eq 4 ] && [ "${BASH_VERSINFO[1]}" -ge 1 ] ;}; then
|
||||
shopt -q progcomp && for file in \
|
||||
/{*/local,usr}/share/bash-completion/bash_completion \
|
||||
/etc/bash_completion; do
|
||||
[ -r "$file" ] && . "$file"
|
||||
done
|
||||
fi
|
||||
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ]; then
|
||||
. "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -f ~/.profile ] && . ~/.profile
|
|
@ -0,0 +1,75 @@
|
|||
# shellcheck shell=bash
|
||||
# ~/.bashrc: executed by bash(1) for non-login shells.
|
||||
|
||||
# If not running interactively, don't do anything
|
||||
case $- in
|
||||
*i*) ;;
|
||||
*) return;;
|
||||
esac
|
||||
|
||||
# don't put duplicate lines or lines starting with space in the history.
|
||||
# See bash(1) for more options
|
||||
HISTCONTROL=ignoreboth
|
||||
|
||||
# append to the history file, don't overwrite it
|
||||
shopt -s histappend
|
||||
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
HISTSIZE=1024
|
||||
HISTFILESIZE=2048
|
||||
|
||||
# check the window size after each command and, if necessary,
|
||||
# update the values of LINES and COLUMNS.
|
||||
shopt -s checkwinsize
|
||||
|
||||
# If set, the pattern "**" used in a pathname expansion context will
|
||||
# match all files and zero or more directories and subdirectories.
|
||||
#shopt -s globstar
|
||||
|
||||
# make less more friendly for non-text input files, see lesspipe(1)
|
||||
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
|
||||
|
||||
# set variable identifying the chroot you work in (used in the prompt below)
|
||||
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
|
||||
debian_chroot=$(cat /etc/debian_chroot)
|
||||
fi
|
||||
|
||||
# set a fancy prompt (non-color, unless we know we "want" color)
|
||||
case "$TERM" in
|
||||
xterm-color|*-256color) color_prompt=yes;;
|
||||
esac
|
||||
|
||||
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||
# off by default to not distract the user: the focus in a terminal window
|
||||
# should be on the output of commands, not on the prompt
|
||||
#force_color_prompt=yes
|
||||
|
||||
if [ -n "$force_color_prompt" ]; then
|
||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
|
||||
# We have color support; assume it's compliant with Ecma-48
|
||||
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
|
||||
# a case would tend to support setf rather than setaf.)
|
||||
color_prompt=yes
|
||||
else
|
||||
color_prompt=
|
||||
fi
|
||||
fi
|
||||
|
||||
[ "$PS1" ] || if [ "$color_prompt" = yes ]; then
|
||||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
||||
else
|
||||
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
|
||||
fi
|
||||
unset color_prompt force_color_prompt
|
||||
|
||||
# If this is an xterm set the title to user@host:dir
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*)
|
||||
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# colored GCC warnings and errors
|
||||
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
|
|
@ -0,0 +1,7 @@
|
|||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||
alias ls='ls --color=auto'
|
||||
alias dir='dir --color=auto'
|
||||
alias vdir='vdir --color=auto'
|
||||
alias grep='grep --color=auto'
|
||||
alias fgrep='fgrep --color=auto'
|
||||
alias egrep='egrep --color=auto'
|
|
@ -0,0 +1,3 @@
|
|||
alias ctop='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'
|
||||
alias shellcheck='docker run --rm -v "$PWD/mnt" koalaman/shellcheck:stable'
|
||||
alias trans='docker run -it soimort/translate-shell'
|
|
@ -0,0 +1,37 @@
|
|||
# shellcheck shell=sh source=/dev/null
|
||||
# ~/.profile: executed by the command interpreter for login shells.
|
||||
|
||||
# source ~/.*aliases and ~/.*functions files
|
||||
for source in aliases functions; do
|
||||
for file in "$HOME"/.*"$source"; do
|
||||
[ -f "$file" ] || continue
|
||||
# remove $HOME/. prefix from file
|
||||
file="${file#${HOME}/.}"
|
||||
# remove _$source suffix from $file
|
||||
command="${file%_$source}"
|
||||
# source file if command exists, ie ~/.bash_aliases
|
||||
command -v "$command" >/dev/null 2>&1 && . "${HOME}/.$file"
|
||||
# remove $source suffix from $file, ie ~/.aliases
|
||||
command="${file%$source}"
|
||||
# source file if command empty, ie ~/.aliases
|
||||
[ -z "$command" ] && . "${HOME}/.$file"
|
||||
done
|
||||
done
|
||||
|
||||
# source ~/.*shrc
|
||||
for file in "$HOME"/.*shrc; do
|
||||
[ -f "$file" ] || continue
|
||||
# remove $HOME/. prefix from file
|
||||
file="${file#${HOME}/.}"
|
||||
# source file if match current shell
|
||||
[ "$(basename "${SHELL}")" = "${file%rc}" ] && . "${HOME}/.$file"
|
||||
done
|
||||
|
||||
# set PATH to include user's bin
|
||||
for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do
|
||||
[ -d "$path" ] || continue
|
||||
case ":${PATH}:" in
|
||||
*:"$path":*) ;;
|
||||
*) export PATH="${path}:$PATH" ;;
|
||||
esac
|
||||
done
|
|
@ -0,0 +1,5 @@
|
|||
export EDITOR=nvim
|
||||
export GIT_PS1_SHOWUPSTREAM=auto
|
||||
export GIT_PS1_SHOWDIRTYSTATE=false
|
||||
export GIT_PS1_HIDE_IF_PWD_IGNORED=true
|
||||
export PAGER=less
|
|
@ -1,10 +1,12 @@
|
|||
FROM danger89/xfcevdi_x2go as dist
|
||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||
ARG DOCKER_BUILD_DIR
|
||||
ARG DOCKER_GID
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get -fy upgrade \
|
||||
&& apt-get -fy install \
|
||||
docker.io \
|
||||
ecryptfs-utils \
|
||||
fail2ban \
|
||||
iptables \
|
||||
|
@ -12,10 +14,18 @@ RUN apt-get update \
|
|||
libpam-script \
|
||||
neovim \
|
||||
python3-pip \
|
||||
sudo \
|
||||
&& pip install ssh-crypt \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/*
|
||||
|
||||
RUN [ "$DOCKER_GID" -eq "$DOCKER_GID" ] 2>/dev/null \
|
||||
&& if [ "$(getent group docker |awk -F: '{print $3}')" != "$DOCKER_GID" ]; then \
|
||||
sed -i 's/^docker:x:[0-9]\+:/docker:x:'$DOCKER_GID':/' /etc/group; \
|
||||
fi \
|
||||
|| true
|
||||
|
||||
|
||||
RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script \
|
||||
&& sed -i 's/LOGFILE=\/tmp/LOGFILE=\/var\/log/' /usr/share/libpam-script/logscript \
|
||||
&& for script in auth acct passwd ses_open ses_close; do \
|
||||
|
@ -23,8 +33,11 @@ RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script
|
|||
done \
|
||||
&& ln -s /usr/share/libpam-script /etc/pam-script
|
||||
|
||||
WORKDIR /app
|
||||
COPY ${DOCKER_BUILD_DIR}/*.sh /app/
|
||||
COPY ${DOCKER_BUILD_DIR}/issue.net /etc/
|
||||
COPY ${DOCKER_BUILD_DIR}/rc*.sh /etc/profile.d/
|
||||
COPY ${DOCKER_BUILD_DIR}/.*aliases ${DOCKER_BUILD_DIR}/.*profile ${DOCKER_BUILD_DIR}/.*rc /etc/skel/
|
||||
WORKDIR /app
|
||||
|
||||
ARG SSH_PORT=22
|
||||
CMD []
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
|
||||
|
||||
You must have explicit, authorized permission to access or configure this device.
|
||||
Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties.
|
||||
All activities performed on this device are logged and monitored.
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
# shellcheck shell=sh
|
||||
# file rc.sh: Call user defined functions
|
||||
## author: Yann "aya" Autissier
|
||||
## license: GPL
|
||||
## version: 20220630
|
||||
|
||||
case $- in
|
||||
# if this is an interactive shell
|
||||
*i*)
|
||||
# load user stuff from ~/.rc.d/* files
|
||||
for file in "${HOME}"/.rc.d/*; do
|
||||
# read files only
|
||||
if [ -f "${file}" ]; then
|
||||
func_name=$(basename "${file}")
|
||||
func_args=$(cat "${file}")
|
||||
# at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers
|
||||
# func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found
|
||||
while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do
|
||||
# remove first char of func_name
|
||||
func_name="${func_name#?}"
|
||||
done
|
||||
# call user function with args passed from the content of the file
|
||||
command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}"
|
||||
fi
|
||||
done
|
||||
# load user stuff from RC_* env vars
|
||||
IFS="$(printf '%b_' '\n')"; IFS="${IFS%_}"; for line in $(printenv 2>/dev/null |awk '$0 ~ /^RC_[0-9A-Z_]*=/' |sort); do
|
||||
func_name=$(printf '%s\n' "${line%%=*}" |awk '{print tolower(substr($0,4))}')
|
||||
eval func_args=\$"${line%%=*}"
|
||||
[ "${func_args}" = "false" ] && continue
|
||||
[ "${func_args}" = "true" ] && unset func_args
|
||||
# at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers
|
||||
# func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found
|
||||
while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do
|
||||
# remove first char of func_name
|
||||
func_name="${func_name#?}"
|
||||
done
|
||||
# call user function with args passed from the value of the env var
|
||||
command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}"
|
||||
done
|
||||
unset IFS
|
||||
;;
|
||||
esac
|
||||
|
||||
# vim:ts=2:sw=2:sts=2:et
|
|
@ -0,0 +1,281 @@
|
|||
# shellcheck shell=sh
|
||||
# file rc_functions.sh: Define shell functions
|
||||
## author: Yann "aya" Autissier
|
||||
## license: GPL
|
||||
## version: 20220630
|
||||
|
||||
# function force: Run a command sine die
|
||||
force() {
|
||||
if [ $# -gt 0 ]; then
|
||||
while true; do
|
||||
"$@"
|
||||
sleep 1
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
# function force8: Run a command sine die if not already running
|
||||
force8() {
|
||||
if [ $# -gt 0 ]; then
|
||||
while true; do
|
||||
# awk expression to match $@
|
||||
[ "$(ps wwx -o args 2>/dev/null |awk -v field="${PS_X_FIELD:-1}" '
|
||||
BEGIN { nargs=split("'"$*"'",args); }
|
||||
# first field matched
|
||||
$field == args[1] {
|
||||
matched=1;
|
||||
# match following fields
|
||||
for (i=1;i<=NF-field;i++) {
|
||||
if ($(i+field) == args[i+1]) { matched++; }
|
||||
};
|
||||
# all fields matched
|
||||
if (matched == nargs) { found++; }
|
||||
}
|
||||
END { print found+0; }'
|
||||
)" = 0 ] && "$@"
|
||||
sleep 1
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
# function load_average; Print the current load average
|
||||
load_average() {
|
||||
uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}'
|
||||
}
|
||||
|
||||
# function process_count: Print number of "processes"/"running processes"/"D-state"
|
||||
process_count() {
|
||||
ps ax -o stat 2>/dev/null |awk '
|
||||
$1 ~ /R/ {process_running++};
|
||||
$1 ~ /D/ {process_dstate++};
|
||||
END { print NR-1"/"process_running+0"/"process_dstate+0; }'
|
||||
}
|
||||
|
||||
# function prompt_set: Export custom PROMPT_COMMAND
|
||||
prompt_set() {
|
||||
case "${TERM}" in
|
||||
screen*)
|
||||
ESCAPE_CODE_DCS="\033k"
|
||||
ESCAPE_CODE_ST="\033\\"
|
||||
;;
|
||||
linux*|xterm*|rxvt*)
|
||||
ESCAPE_CODE_DCS="\033]0;"
|
||||
ESCAPE_CODE_ST="\007"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
# in a screen
|
||||
if [ -n "${STY}" ]; then
|
||||
export PROMPT_COMMAND='printf\
|
||||
"${ESCAPE_CODE_DCS:-\033]0;}%s${ESCAPE_CODE_ST:-\007}"\
|
||||
"${PWD##*/}"'
|
||||
else
|
||||
export PROMPT_COMMAND='printf\
|
||||
"${ESCAPE_CODE_DCS:-\033]0;}%s@%s:%s${ESCAPE_CODE_ST:-\007}"\
|
||||
"${USER}"\
|
||||
"${HOSTNAME%%.*}"\
|
||||
"${PWD##*/}"'
|
||||
fi
|
||||
unset ESCAPE_CODE_DCS ESCAPE_CODE_ST
|
||||
}
|
||||
|
||||
# function ps1_set: Export custom PS1
|
||||
ps1_set() {
|
||||
case "$0" in
|
||||
*sh)
|
||||
COLOR_DGRAY="\[\033[1;30m\]"
|
||||
COLOR_RED="\[\033[01;31m\]"
|
||||
COLOR_GREEN="\[\033[01;32m\]"
|
||||
COLOR_BROWN="\[\033[0;33m\]"
|
||||
COLOR_YELLOW="\[\033[01;33m\]"
|
||||
COLOR_BLUE="\[\033[01;34m\]"
|
||||
COLOR_CYAN="\[\033[0;36m\]"
|
||||
COLOR_GRAY="\[\033[0;37m\]"
|
||||
COLOR_RESET="\[\033[0m\]"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
PS1_STATUS="\$?"
|
||||
PS1_COUNT="${COLOR_DGRAY}[\`
|
||||
case \"$PS1_STATUS\" in
|
||||
0)
|
||||
printf \"${COLOR_BLUE}${PS1_STATUS}\";;
|
||||
1)
|
||||
printf \"${COLOR_YELLOW}${PS1_STATUS}\";;
|
||||
*)
|
||||
printf \"${COLOR_RED}${PS1_STATUS}\";;
|
||||
esac
|
||||
type process_count >/dev/null 2>&1 && printf\
|
||||
\"${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
|
||||
\"\$(process_count 2>/dev/null)\"
|
||||
type user_count >/dev/null 2>&1 && printf\
|
||||
\"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
|
||||
\"\$(user_count 2>/dev/null)\"
|
||||
type load_average >/dev/null 2>&1 && printf\
|
||||
\"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
|
||||
\"\$(load_average 2>/dev/null)\"
|
||||
\`${COLOR_DGRAY}]${COLOR_RESET}"
|
||||
PS1_END="${COLOR_DGRAY}\$(
|
||||
if [ \"\$(id -u)\" = 0 ]; then
|
||||
printf \"#\";
|
||||
else
|
||||
printf \"\$\";
|
||||
fi
|
||||
)${COLOR_RESET}"
|
||||
PS1_GIT="\$(
|
||||
if type __git_ps1 >/dev/null 2>&1; then
|
||||
printf \"\$(__git_ps1 2>/dev/null \" (%s)\")\"
|
||||
else
|
||||
printf \"\$(BRANCH=\$(git rev-parse --abbrev-ref HEAD 2>/dev/null);\
|
||||
[ -n \"\${BRANCH}\" ] && printf \" (\${BRANCH})\")\"
|
||||
fi
|
||||
)"
|
||||
PS1_GIT="${COLOR_CYAN}${PS1_GIT}${COLOR_RESET}"
|
||||
PS1_HOSTNAME_COLOR="\`case \"\${ENV}${HOSTNAME%%.*}\" in
|
||||
*[Pp][Rr][0Oo][Dd]*|*[Pp][Rr][Dd]*)
|
||||
printf \"${COLOR_RED}\";;
|
||||
*)
|
||||
if [ -n \"\${ENV}\" ]; then
|
||||
printf \"${COLOR_YELLOW}\";
|
||||
else
|
||||
printf \"${COLOR_GREEN}\";
|
||||
fi;;
|
||||
esac\`"
|
||||
PS1_HOSTNAME="${PS1_HOSTNAME_COLOR}\$(hostname |sed 's/\..*//')${COLOR_RESET}"
|
||||
PS1_USER_COLOR="\$(
|
||||
if [ \"\$(id -u)\" = 0 ]; then
|
||||
printf \"${COLOR_RED}\";
|
||||
else
|
||||
printf \"${COLOR_BROWN}\";
|
||||
fi
|
||||
)"
|
||||
PS1_USER="${PS1_USER_COLOR}\$(id -nu):\$(id -u)${COLOR_RESET}"
|
||||
PS1_WORKDIR="${COLOR_GRAY}\$(
|
||||
pwd |sed 's|^'\${HOME}'\(/.*\)*$|~\1|'
|
||||
)${COLOR_RESET}"
|
||||
PS1="${PS1_COUNT}${PS1_USER}${COLOR_DGRAY}@${PS1_HOSTNAME}"
|
||||
PS1="${PS1}${COLOR_DGRAY}:${PS1_WORKDIR}${PS1_GIT}${PS1_END} "
|
||||
export 'PS1'
|
||||
unset PS1_COUNT PS1_END PS1_GIT PS1_HOSTNAME PS1_HOSTNAME_COLOR\
|
||||
PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR
|
||||
}
|
||||
|
||||
# function screen_attach: Attach existing screen session or Create a new one
|
||||
screen_attach() {
|
||||
command -v screen >/dev/null 2>&1 || return
|
||||
SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
|
||||
if [ -z "${STY}" ]; then
|
||||
# attach screen in tmux window 0 only ;)
|
||||
[ -n "${TMUX}" ] \
|
||||
&& [ "$(tmux list-window 2>/dev/null |awk '$NF == "(active)" {print $1}'\
|
||||
|sed 's/:$//')" != "0" ] \
|
||||
&& return
|
||||
printf 'Attaching screen.' && sleep 1\
|
||||
&& printf '.' && sleep 1\
|
||||
&& printf '.' && sleep 1
|
||||
exec screen -xRR -S "${SCREEN_SESSION}"
|
||||
fi
|
||||
unset SCREEN_SESSION
|
||||
}
|
||||
|
||||
# function screen_detach: Detach current screen session
|
||||
screen_detach() {
|
||||
screen -d
|
||||
}
|
||||
|
||||
# function ssh_add: Load all private keys in ~/.ssh/ to ssh agent
|
||||
ssh_add() {
|
||||
command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return
|
||||
SSH_AGENT_DIR="/tmp/ssh-$(id -u)"
|
||||
SSH_AGENT_SOCK="${SSH_AGENT_DIR}/agent@$(hostname |sed 's/\..*//')"
|
||||
# launch a new agent
|
||||
if [ -z "${SSH_AUTH_SOCK}" ]; then
|
||||
[ ! -d "${SSH_AGENT_DIR}" ] \
|
||||
&& mkdir -p "${SSH_AGENT_DIR}" 2>/dev/null\
|
||||
&& chmod 0700 "${SSH_AGENT_DIR}"
|
||||
# search for an already running agent
|
||||
if ps wwx -o args |awk '$1 ~ "ssh-agent$" && $3 == "'"${SSH_AGENT_SOCK}"'"' |wc -l |grep -q 0; then
|
||||
rm -f "${SSH_AGENT_SOCK}"
|
||||
ssh-agent -a "${SSH_AGENT_SOCK}" >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
# attach to agent
|
||||
export SSH_AUTH_SOCK="${SSH_AUTH_SOCK:-${SSH_AGENT_SOCK}}"
|
||||
# list private keys to add
|
||||
# shellcheck disable=SC2068
|
||||
for dir in ${@:-${HOME}/.ssh}; do
|
||||
if [ "${SSH_ADD_RECURSIVE:-}" = true ]; then
|
||||
GREP_RECURSIVE_FLAG="r"
|
||||
else
|
||||
GREP_RECURSIVE_CHAR="*"
|
||||
fi
|
||||
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
|
||||
done
|
||||
# shellcheck disable=SC2086
|
||||
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
||||
[ -r "${file}" ] || continue
|
||||
# add private key to agent
|
||||
ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null || ssh-add "${file}"
|
||||
done
|
||||
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS
|
||||
}
|
||||
|
||||
# function ssh_del: removes all private keys in ~/.ssh/ from ssh agent
|
||||
ssh_del() {
|
||||
command -v ssh-add >/dev/null 2>&1 || return
|
||||
# attach to agent
|
||||
if [ -z "${SSH_AUTH_SOCK}" ]; then
|
||||
return
|
||||
fi
|
||||
# list private keys to del
|
||||
# shellcheck disable=SC2068
|
||||
for dir in ${@:-${HOME}/.ssh}; do
|
||||
if [ "${SSH_DEL_RECURSIVE:-}" = true ]; then
|
||||
GREP_RECURSIVE_FLAG="r"
|
||||
else
|
||||
GREP_RECURSIVE_CHAR="*"
|
||||
fi
|
||||
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
|
||||
done
|
||||
# shellcheck disable=SC2086
|
||||
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
||||
[ -r "${file}" ] || continue
|
||||
# remove private key from agent
|
||||
ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null && ssh-add -d "${file}"
|
||||
done
|
||||
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS
|
||||
}
|
||||
|
||||
# function tmux_attach: Attach existing tmux session or Create a new one
|
||||
tmux_attach() {
|
||||
command -v tmux >/dev/null 2>&1 || return
|
||||
TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
|
||||
# do not attach tmux in screen ;)
|
||||
if [ -z "${TMUX}" -a -z "${STY}" ]; then
|
||||
printf 'Attaching tmux.' && sleep 1\
|
||||
&& printf '.' && sleep 1\
|
||||
&& printf '.' && sleep 1
|
||||
exec tmux -L"${TMUX_SESSION}" new-session -A -s"${TMUX_SESSION}"
|
||||
fi
|
||||
unset TMUX_SESSION
|
||||
}
|
||||
|
||||
# function tmux_detach: Detach current tmux session
|
||||
tmux_detach() {
|
||||
tmux detach
|
||||
}
|
||||
|
||||
# function user_count: Print number of "users sessions"/"users"/"logged users"
|
||||
user_count() {
|
||||
ps ax -o pid,user,tty,comm 2>/dev/null |awk '
|
||||
$3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; };
|
||||
$1 ~ /^[0-9]+$/ { count[$2]++; }
|
||||
END {
|
||||
for (uc in count) { c = c" "uc; }; users_count=split(c,v," ");
|
||||
for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ");
|
||||
print users_sessions+0"/"users_count+0"/"users_logged+0;
|
||||
}'
|
||||
}
|
|
@ -8,11 +8,12 @@ for user in ${USERS:-${USER:-user}}; do
|
|||
&& mkdir -p "/home/${user}" \
|
||||
&& chown "${user}" "/home/${user}" \
|
||||
&& chmod 0750 "/home/${user}"
|
||||
for file in .bash_logout .bashrc .profile; do
|
||||
[ ! -f "/home/${user}/${file}" ] \
|
||||
for file in .aliases .bash_aliases .bash_profile .bashrc .dircolors_aliases .docker_aliases .profile .sh_aliases .sh_profile .shrc; do \
|
||||
[ -f "/etc/skel/${file}" ] && [ ! -f "/home/${user}/${file}" ] \
|
||||
&& cp "/etc/skel/${file}" "/home/${user}" \
|
||||
&& chown "${user}" "/home/${user}/${file}"
|
||||
done
|
||||
usermod -a -G docker "${user}"
|
||||
usermod -a -G x2gouser "${user}"
|
||||
mkdir -p "/home/${user}/.ssh"
|
||||
keys=$(su "${user}" /app/authorized_keys.sh 2>/dev/null) \
|
||||
|
|
|
@ -25,7 +25,7 @@ NODE_GID ?= 100
|
|||
NODE_UID ?= 123
|
||||
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
|
||||
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
|
||||
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(USER_COMPOSE_PROJECT_NAME))
|
||||
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
|
||||
USER_DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG}
|
||||
USER_DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME)
|
||||
USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER)))
|
||||
|
|
14
make/def.mk
14
make/def.mk
|
@ -68,7 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
|
|||
GIT_USER ?= $(USER)
|
||||
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
|
||||
GROUP ?= $(shell id -ng 2>/dev/null)
|
||||
HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
|
||||
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
|
||||
IGNORE_DRYRUN ?= false
|
||||
IGNORE_VERBOSE ?= false
|
||||
INSTALL ?= $(RUN) $(SUDO) $(subst &&,&& $(RUN) $(SUDO),$(INSTALL_CMD))
|
||||
|
@ -170,14 +170,16 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
|
|||
# macro RESU: Print USER associated to MAIL
|
||||
RESU = \
|
||||
$(if $(findstring @,$(MAIL)), \
|
||||
$(eval user := $(subst +,,$(subst -,,$(subst .,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}')))))) \
|
||||
$(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \
|
||||
$(if $(domain), \
|
||||
$(eval mail := $(MAIL)) \
|
||||
$(eval niamod := $(subst $(space),_,$(strip $(call reverse,$(subst .,$(space),$(domain)))))) \
|
||||
$(eval resu := $(niamod)_$(user)) \
|
||||
$(eval resu_path := $(subst _,/,$(niamod))/$(user)) \
|
||||
$(resu) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
|
||||
$(eval resu_niamod := $(niamod).$(resu)) \
|
||||
$(eval resu_path := $(subst .,/,$(resu_niamod))) \
|
||||
$(eval user_domain := $(user).$(domain)) \
|
||||
$(resu_niamod) \
|
||||
, $(USER) \
|
||||
) \
|
||||
, $(USER) \
|
||||
|
|
|
@ -2,7 +2,6 @@ CMDARGS += user-exec user-exec:% user-exec@% user-run us
|
|||
ENV_VARS += USER_DOMAIN user_domain
|
||||
USER_DOMAIN ?= $(USER).$(DOMAIN)
|
||||
User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
|
||||
user_domain ?= $(user).$(domain)
|
||||
|
||||
# target start-stack-User: Fire ssh-add
|
||||
.PHONY: start-stack-User
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
USER_MYOS_RC_PROMPT_SET=true
|
||||
USER_MYOS_RC_PS1_SET=true
|
||||
USER_MYOS_RC_SCREEN_ATTACH=true
|
||||
USER_MYOS_RC_SOURCE=/etc/profile.d/rc_functions.sh
|
||||
USER_MYOS_RC_SSH_ADD=true
|
||||
USER_MYOS_RC_TMUX_ATTACH=false
|
|
@ -20,12 +20,12 @@ services:
|
|||
container_name: ${USER_DOCKER_NAME}
|
||||
environment:
|
||||
- ENV=${ENV}
|
||||
- RC_00_SOURCE=${USER_MYOS_RC_SOURCE}
|
||||
- RC_01_PS1_SET=${USER_MYOS_RC_PS1_SET}
|
||||
- RC_02_PROMPT_SET=${USER_MYOS_RC_PROMPT_SET}
|
||||
- RC_03_SSH_ADD=${USER_MYOS_RC_SSH_ADD}
|
||||
- RC_04_TMUX_ATTACH=${USER_MYOS_RC_TMUX_ATTACH}
|
||||
- RC_05_SCREEN_ATTACH=${USER_MYOS_RC_SCREEN_ATTACH}
|
||||
- RC_00_SOURCE=${USER_RC_SOURCE:-/etc/profile.d/rc_functions.sh}
|
||||
- RC_01_PS1_SET=${USER_RC_PS1_SET:-true}
|
||||
- RC_02_PROMPT_SET=${USER_RC_PROMPT_SET:-true}
|
||||
- RC_03_SSH_ADD=${USER_RC_SSH_ADD:-true}
|
||||
- RC_04_TMUX_ATTACH=${USER_RC_TMUX_ATTACH:-false}
|
||||
- RC_05_SCREEN_ATTACH=${USER_RC_SCREEN_ATTACH:-true}
|
||||
- SHELL=${DOCKER_SHELL}
|
||||
image: ${USER_DOCKER_IMAGE}
|
||||
networks:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(USER_DOMAIN)", "http://ipfs.localhost:8080"]
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain)/api
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-ipns.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipns.$(USER_DOMAIN)/user/$(user_domain)
|
||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"]
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/
|
||||
|
|
|
@ -90,6 +90,7 @@ services:
|
|||
|
||||
volumes:
|
||||
ipfs:
|
||||
name: ${USER_DOCKER_VOLUME}_ipfs
|
||||
|
||||
networks:
|
||||
private:
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
NODE_CONSUL_ACL_TOKENS_MASTER=01234567-89AB-CDEF-0123-456789ABCDEF
|
||||
NODE_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
||||
NODE_CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${DOMAIN}/
|
||||
NODE_FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${DOMAIN}/
|
||||
NODE_SSH_PORT=${SSH_PORT}
|
||||
NODE_SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS}
|
||||
UFW_UPDATE_certbot=53/udp
|
||||
UFW_UPDATE_consul=8500
|
||||
UFW_DOCKER_fabio=80 443
|
|
@ -1,2 +0,0 @@
|
|||
NODE_RESTIC_REPOSITORY=
|
||||
NODE_RESTIC_PASSWORD=
|
|
@ -8,12 +8,10 @@ services:
|
|||
BACKUP_CRON: "30 3 * * *"
|
||||
RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY}
|
||||
RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD}
|
||||
RESTIC_BACKUP_SOURCES: /var/lib/docker/volumes
|
||||
RESTIC_BACKUP_TAGS: docker-volumes
|
||||
RESTIC_FORGET_ARGS: --prune --keep-last 14 --keep-daily 1
|
||||
TZ: Europe/Paris
|
||||
networks:
|
||||
- private
|
||||
RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes}
|
||||
RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes}
|
||||
RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1}
|
||||
TZ: ${NODE_TZ:-${TZ}}
|
||||
volumes:
|
||||
- restic:/root/.config
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes:ro
|
||||
|
@ -21,7 +19,3 @@ services:
|
|||
volumes:
|
||||
restic:
|
||||
|
||||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
NODE_CERTBOT_UFW_UPDATE ?= 53/udp
|
|
@ -0,0 +1,5 @@
|
|||
ENV_VARS += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS
|
||||
NODE_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
|
||||
NODE_CONSUL_HTTP_TOKEN ?= $(NODE_CONSUL_ACL_TOKENS_MASTER)
|
||||
NODE_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/
|
||||
NODE_CONSUL_UFW_UPDATE ?= 8500
|
|
@ -0,0 +1,3 @@
|
|||
ENV_VARS += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS
|
||||
NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/
|
||||
NODE_EXPORTER_NODE_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/
|
|
@ -1,2 +0,0 @@
|
|||
NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS=urlprefix-exporter-cadvisor.${DOMAIN}/
|
||||
NODE_EXPORTER_NODE_SERVICE_9100_TAGS=urlprefix-exporter-node.${DOMAIN}/
|
|
@ -0,0 +1,3 @@
|
|||
ENV_VARS += NODE_FABIO_SERVICE_9998_TAGS
|
||||
NODE_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/
|
||||
NODE_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
|
|
@ -0,0 +1,6 @@
|
|||
# ENV_VARS += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK
|
||||
NODE_MAILSERVER_ENABLE_MANAGESIEVE ?= 1
|
||||
NODE_MAILSERVER_SPOOF_PROTECTION ?= 1
|
||||
NODE_MAILSERVER_SSL_TYPE ?= letsencrypt
|
||||
NODE_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0
|
||||
NODE_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp
|
|
@ -1,5 +0,0 @@
|
|||
NODE_MAILSERVER_ENABLE_MANAGESIEVE=1
|
||||
NODE_MAILSERVER_SPOOF_PROTECTION=1
|
||||
NODE_MAILSERVER_SSL_TYPE=letsencrypt
|
||||
NODE_MAILSERVER_UPDATE_CHECK=0
|
||||
UFW_DOCKER_mailserver=25 465 587 993
|
|
@ -15,13 +15,13 @@ services:
|
|||
- ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1}
|
||||
- ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-}
|
||||
- POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-}
|
||||
- ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-1}
|
||||
- ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
|
||||
- UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
|
||||
- PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none}
|
||||
- TZ=${NODE_MAILSERVER_TZ:-}
|
||||
- TZ=${NODE_MAILSERVER_TZ:-${TZ}}
|
||||
- NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-}
|
||||
- TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-}
|
||||
- SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-}
|
||||
- SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1}
|
||||
- ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0}
|
||||
- ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-}
|
||||
- ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0}
|
||||
|
@ -30,10 +30,10 @@ services:
|
|||
- ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0}
|
||||
- ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0}
|
||||
- FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
|
||||
- ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-}
|
||||
- ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1}
|
||||
- POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce}
|
||||
- SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-}
|
||||
- SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-}
|
||||
- SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt}
|
||||
- SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-}
|
||||
- SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-}
|
||||
- SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-}
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
ENV_VARS += NODE_PORTAINER_SERVICE_9000_TAGS
|
||||
NODE_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/
|
|
@ -1 +0,0 @@
|
|||
NODE_PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/
|
|
@ -1,7 +0,0 @@
|
|||
NODE_VDI_ECRYPTERS=${USER}
|
||||
NODE_VDI_LANG=${LANG}
|
||||
NODE_VDI_PORT=${SSH_PORT}
|
||||
NODE_VDI_SUDOERS=
|
||||
NODE_VDI_TZ=UTC
|
||||
NODE_VDI_USERS=${USER}
|
||||
UFW_DOCKER_vdi=${SSH_PORT}
|
|
@ -5,7 +5,7 @@ services:
|
|||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/x2go/xfce-debian
|
||||
- SSH_PORT=${NODE_VDI_PORT:-22}
|
||||
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
|
||||
context: ../..
|
||||
dockerfile: docker/x2go/xfce-debian/Dockerfile
|
||||
cap_add:
|
||||
|
@ -17,14 +17,14 @@ services:
|
|||
cpus: 0.5
|
||||
environment:
|
||||
- DEBUG=${VDI_DEBUG:-}
|
||||
- ECRYPTERS=${NODE_VDI_ECRYPTERS:-}
|
||||
- LANG=${NODE_VDI_LANG:-}
|
||||
- SSH_PORT=${NODE_VDI_PORT:-22}
|
||||
- ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}}
|
||||
- LANG=${NODE_VDI_LANG:-C.UTF-8}
|
||||
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
|
||||
- SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
|
||||
- SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-}
|
||||
- SUDOERS=${NODE_VDI_SUDOERS:-}
|
||||
- SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
|
||||
- SUDOERS=${NODE_VDI_SUDOERS:-${USER}}
|
||||
- TZ=${NODE_VDI_TZ:-}
|
||||
- USERS=${NODE_VDI_USERS:-}
|
||||
- USERS=${NODE_VDI_USERS:-${USER}}
|
||||
image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
|
||||
networks:
|
||||
- public
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
|
||||
NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
|
||||
NODE_VSFTPD_S3_FTPD_USERS=ftpuser::ftppass::ftpbucket
|
|
@ -13,8 +13,8 @@ services:
|
|||
devices:
|
||||
- /dev/fuse
|
||||
environment:
|
||||
- AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID}
|
||||
- AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY}
|
||||
- AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
|
||||
- AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
|
||||
- DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE}
|
||||
- FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST}
|
||||
- FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS}
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
VDI_ECRYPTERS=
|
||||
VDI_LANG=${LANG}
|
||||
VDI_PORT=8260
|
||||
VDI_SUDOERS=
|
||||
VDI_TZ=UTC
|
||||
VDI_USERS=${USER}
|
|
@ -0,0 +1,4 @@
|
|||
VDI_LANG ?= C.UTF-8
|
||||
VDI_PORT ?= 123
|
||||
VDI_TZ ?= UTC
|
||||
VDI_USERS ?= $(USER)
|
|
@ -5,7 +5,8 @@ services:
|
|||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/x2go/xfce-debian
|
||||
- SSH_PORT=${VDI_PORT:-22}
|
||||
- DOCKER_GID=${DOCKER_GID:-}
|
||||
- SSH_PORT=${SSH_PORT:-22}
|
||||
context: ../..
|
||||
dockerfile: docker/x2go/xfce-debian/Dockerfile
|
||||
cap_add:
|
||||
|
@ -18,7 +19,7 @@ services:
|
|||
- DEBUG=${VDI_DEBUG:-}
|
||||
- ECRYPTERS=${VDI_ECRYPTERS:-}
|
||||
- LANG=${VDI_LANG:-}
|
||||
- SSH_PORT=${VDI_PORT:-22}
|
||||
- SSH_PORT=${SSH_PORT:-22}
|
||||
- SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS:-}
|
||||
- SUDOERS=${VDI_SUDOERS:-}
|
||||
- TZ=${VDI_TZ:-}
|
||||
|
@ -28,7 +29,7 @@ services:
|
|||
- private
|
||||
- public
|
||||
ports:
|
||||
- ${SSH_PORT}
|
||||
- ${VDI_PORT}:${SSH_PORT}
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- apparmor=unconfined # ecryptfs
|
Loading…
Reference in New Issue