From be9cb1ea30f1e781d883c21255faaec718ba4634 Mon Sep 17 00:00:00 2001
From: Yann Autissier <yann.autissier@gmail.com>
Date: Tue, 21 Mar 2023 10:06:08 +0100
Subject: [PATCH] ipfs network mode host

---
 docker/nginx/nginx.conf                       |  7 ++++++
 make/apps/myos/setup.mk                       |  9 +------
 make/apps/ufw.mk                              | 24 +++++++++++++++++--
 .../{volumes.www.yml => apache/php5.www.yml}  |  7 +-----
 stack/host/ipfs.mk                            |  4 ++--
 stack/host/ipfs.yml                           | 16 +++----------
 stack/host/{volumes.dns.yml => nginx.dns.yml} |  4 +---
 stack/host/nginx.www.yml                      | 10 ++++++++
 stack/host/php.dns.yml                        | 10 ++++++++
 stack/host/php.www.yml                        | 10 ++++++++
 stack/host/php.yml                            |  1 +
 stack/ipfs/ipfs.mk                            |  4 ++--
 stack/postgres/postgres.latest.yml            |  2 +-
 stack/postgres/postgres.yml                   |  1 +
 14 files changed, 72 insertions(+), 37 deletions(-)
 rename stack/host/{volumes.www.yml => apache/php5.www.yml} (62%)
 rename stack/host/{volumes.dns.yml => nginx.dns.yml} (77%)
 create mode 100644 stack/host/nginx.www.yml
 create mode 100644 stack/host/php.dns.yml
 create mode 100644 stack/host/php.www.yml

diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index 08dec26..6da33d2 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -7,3 +7,10 @@ map $host $host_dir {
   ~(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd};
   ~(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom};
 }
+
+set_real_ip_from  192.168.0.0/16;
+set_real_ip_from  172.16.0.0/12;
+set_real_ip_from  10.0.0.0/8;
+set_real_ip_from  2001:0db8::/32;
+real_ip_header    X-Forwarded-For;
+real_ip_recursive on;
diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk
index dd5bc81..d430a8d 100644
--- a/make/apps/myos/setup.mk
+++ b/make/apps/myos/setup.mk
@@ -39,14 +39,7 @@ endif
 
 # target setup-ufw: Install ufw-docker
 .PHONY: setup-ufw
-setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
-setup-ufw: DOCKER_RUN_NETWORK   :=
-setup-ufw: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
-setup-ufw:
+setup-ufw: ufw-install ufw-bootstrap ufw-build ufw-up
 ifeq ($(SETUP_UFW),true)
-	$(call app-install,$(SETUP_UFW_REPOSITORY))
-	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
-	$(call app-build)
-	$(call app-up)
 	$(call ufw-docker,install)
 endif
diff --git a/make/apps/ufw.mk b/make/apps/ufw.mk
index f43ba6c..aca70f7 100644
--- a/make/apps/ufw.mk
+++ b/make/apps/ufw.mk
@@ -3,6 +3,14 @@
 ufw:
 	$(call ufw,$(ARGS))
 
+# target ufw-bootstrap: Eval ufw-docker app variables
+ufw-bootstrap:
+	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
+
+# target ufw-build: Build ufw-docker docker
+ufw-build:
+	$(call app-build)
+
 # target ufw-delete: Fire ufw-update UFW_DELETE=true
 .PHONY: ufw-delete
 ufw-delete: UFW_DELETE := true
@@ -13,7 +21,18 @@ ufw-delete: ufw-update
 ufw-docker:
 	$(call ufw-docker,$(ARGS))
 
-# target ufw-docker: Call ufw and ufw-docker foreach service UFW_UPDATE
+# target ufw-install: Download ufw-docker application
+ufw-install:
+	$(call app-install,$(SETUP_UFW_REPOSITORY))
+
+# target ufw-up: Start ufw-docker docker
+ufw-up: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
+ufw-up: DOCKER_RUN_NETWORK   :=
+ufw-up: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
+ufw-up:
+	$(call app-up)
+
+# target ufw-update: Call ufw and ufw-docker foreach service UFW_UPDATE
 .PHONY: ufw-update
 ufw-update: debug-UFW_UPDATE
 	$(eval name := $(COMPOSE_PROJECT_NAME))
@@ -28,8 +47,9 @@ ufw-update: debug-UFW_UPDATE
 	  ) \
 	)
 
+# target ufw-%: Call ufw target for specific stack
 ## ex: ufw-host-update will update ufw rules for stack host
-.PHONY: stack-%
+.PHONY: ufw-%
 ufw-%:
 	$(eval stack   := $(subst -$(lastword $(subst -, ,$*)),,$*))
 	$(eval command := $(lastword $(subst -, ,$*)))
diff --git a/stack/host/volumes.www.yml b/stack/host/apache/php5.www.yml
similarity index 62%
rename from stack/host/volumes.www.yml
rename to stack/host/apache/php5.www.yml
index 42ba3b6..4f4d50b 100644
--- a/stack/host/volumes.www.yml
+++ b/stack/host/apache/php5.www.yml
@@ -6,12 +6,7 @@ services:
     - DOCUMENT_ROOT=/var/www
     volumes:
     - www:/var/www
-  nginx:
-    volumes:
-    - www:/var/www
-  php:
-    volumes:
-    - www:/var/www
 
 volumes:
   www:
+
diff --git a/stack/host/ipfs.mk b/stack/host/ipfs.mk
index 6073b4b..263b2d9 100644
--- a/stack/host/ipfs.mk
+++ b/stack/host/ipfs.mk
@@ -6,5 +6,5 @@ HOST_IPFS_SERVICE_5001_PATH               ?= api/
 HOST_IPFS_SERVICE_5001_TAGS               ?= $(call tagprefix,HOST_IPFS,5001)
 HOST_IPFS_SERVICE_8080_ENVS               ?= host
 HOST_IPFS_SERVICE_8080_TAGS               ?= $(call urlprefix,,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS))
-HOST_IPFS_SERVICE_8080_URIS               ?= $(call uriprefix,*ipfs *ipns)
-HOST_IPFS_UFW_DOCKER                      ?= 4001/tcp 4001/udp 8080
+HOST_IPFS_SERVICE_8080_URIS               ?= $(call uriprefix,ipfs *.ipns)
+HOST_IPFS_UFW_UPDATE                      ?= 4001/tcp 4001/udp 8080
diff --git a/stack/host/ipfs.yml b/stack/host/ipfs.yml
index 339d2b0..dc27012 100644
--- a/stack/host/ipfs.yml
+++ b/stack/host/ipfs.yml
@@ -61,6 +61,8 @@ services:
     - IPFS_SWARM_RELAYCLIENT_ENABLED=${HOST_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
     - IPFS_SWARM_RELAYSERVICE_ENABLED=${HOST_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
     - IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${HOST_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
+    healthcheck:
+      timeout: 5s
     image: ${HOST_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
     labels:
     - SERVICE_4001_CHECK_TCP=true
@@ -73,27 +75,15 @@ services:
     - SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-8080
     - SERVICE_8080_TAGS=${HOST_IPFS_SERVICE_8080_TAGS:-}
     - SERVICE_8081_IGNORE=true
-    networks:
-    - public
-    ports:
-    - 4001:4001/tcp
-    - 4001:4001/udp
-    - 5001:5001/tcp
-    - 8080:8080/tcp
+    network_mode: host
     restart: always
     ulimits:
       nofile:
         soft: 65536
         hard: 65536
     volumes:
-    - home:/home:delegated
     - ipfs:/data/ipfs:delegated
 
 volumes:
-  home:
   ipfs:
 
-networks:
-  public:
-    external: true
-    name: ${DOCKER_NETWORK_PUBLIC}
diff --git a/stack/host/volumes.dns.yml b/stack/host/nginx.dns.yml
similarity index 77%
rename from stack/host/volumes.dns.yml
rename to stack/host/nginx.dns.yml
index 1cd9221..625c746 100644
--- a/stack/host/volumes.dns.yml
+++ b/stack/host/nginx.dns.yml
@@ -6,9 +6,7 @@ services:
     - DEFAULT=default_dns
     volumes:
     - dns:/dns
-  php:
-    volumes:
-    - dns:/dns
 
 volumes:
   dns:
+
diff --git a/stack/host/nginx.www.yml b/stack/host/nginx.www.yml
new file mode 100644
index 0000000..16c0639
--- /dev/null
+++ b/stack/host/nginx.www.yml
@@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  nginx:
+    volumes:
+    - www:/var/www
+
+volumes:
+  www:
+
diff --git a/stack/host/php.dns.yml b/stack/host/php.dns.yml
new file mode 100644
index 0000000..954878e
--- /dev/null
+++ b/stack/host/php.dns.yml
@@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  php:
+    volumes:
+    - dns:/dns
+
+volumes:
+  dns:
+
diff --git a/stack/host/php.www.yml b/stack/host/php.www.yml
new file mode 100644
index 0000000..b41c618
--- /dev/null
+++ b/stack/host/php.www.yml
@@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  php:
+    volumes:
+    - www:/var/www
+
+volumes:
+  www:
+
diff --git a/stack/host/php.yml b/stack/host/php.yml
index f74418d..1e24b1d 100644
--- a/stack/host/php.yml
+++ b/stack/host/php.yml
@@ -13,6 +13,7 @@ services:
     image: php:fpm-alpine
     networks:
     - public
+    restart: always
 
 networks:
   public:
diff --git a/stack/ipfs/ipfs.mk b/stack/ipfs/ipfs.mk
index 40625f7..ec63a54 100644
--- a/stack/ipfs/ipfs.mk
+++ b/stack/ipfs/ipfs.mk
@@ -5,8 +5,8 @@ IPFS_SERVICE_NAME                         ?= ipfs
 IPFS_SERVICE_5001_PATH                    ?= api/
 IPFS_SERVICE_5001_TAGS                    ?= $(call tagprefix,ipfs,5001)
 IPFS_SERVICE_8080_CHECK_HTTP              ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
-IPFS_SERVICE_8080_TAGS                    ?= $(call tagprefix,ipfs,8080)
-IPFS_SERVICE_8080_URIS                    ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
+IPFS_SERVICE_8080_TAGS                    ?= $(call urlprefix,,,$(IPFS_SERVICE_8080_URIS))
+IPFS_SERVICE_8080_URIS                    ?= $(call uriprefix,ipfs *.ipns)
 IPFS_VERSION                              ?= 0.16.0
 
 .PHONY: bootstrap-stack-ipfs
diff --git a/stack/postgres/postgres.latest.yml b/stack/postgres/postgres.latest.yml
index b0a4759..557d067 100644
--- a/stack/postgres/postgres.latest.yml
+++ b/stack/postgres/postgres.latest.yml
@@ -2,4 +2,4 @@ version: '3.6'
 
 services:
   postgres:
-    image: postgres:latest
+    image: postgres:alpine
diff --git a/stack/postgres/postgres.yml b/stack/postgres/postgres.yml
index b2f3f14..e0a5348 100644
--- a/stack/postgres/postgres.yml
+++ b/stack/postgres/postgres.yml
@@ -4,6 +4,7 @@ services:
   postgres:
     environment:
     - POSTGRES_DB=${POSTGRES_DB:-postgres}
+    - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
     - POSTGRES_USER=${POSTGRES_USER:-postgres}
     labels: