diff --git a/docker/x2go/xfce-debian/.aliases b/docker/x2go/xfce-debian/.aliases new file mode 100644 index 0000000..a3c7d47 --- /dev/null +++ b/docker/x2go/xfce-debian/.aliases @@ -0,0 +1,4 @@ +l='ls -CF' +la='ls -A' +ll='ls -l' +vi='nvim' diff --git a/docker/x2go/xfce-debian/.bash_profile b/docker/x2go/xfce-debian/.bash_profile new file mode 100644 index 0000000..d0d41dc --- /dev/null +++ b/docker/x2go/xfce-debian/.bash_profile @@ -0,0 +1,19 @@ +# shellcheck shell=bash source=/dev/null +# ~/.bash_profile: executed by the command interpreter for bash login shell. + +# bash-completion +if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then + if [ "${BASH_VERSINFO[0]}" -gt 4 ] \ + || { [ "${BASH_VERSINFO[0]}" -eq 4 ] && [ "${BASH_VERSINFO[1]}" -ge 1 ] ;}; then + shopt -q progcomp && for file in \ + /{*/local,usr}/share/bash-completion/bash_completion \ + /etc/bash_completion; do + [ -r "$file" ] && . "$file" + done + fi + if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ]; then + . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" + fi +fi + +[ -f ~/.profile ] && . ~/.profile diff --git a/docker/x2go/xfce-debian/.bashrc b/docker/x2go/xfce-debian/.bashrc new file mode 100644 index 0000000..25cc177 --- /dev/null +++ b/docker/x2go/xfce-debian/.bashrc @@ -0,0 +1,75 @@ +# shellcheck shell=bash +# ~/.bashrc: executed by bash(1) for non-login shells. + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1024 +HISTFILESIZE=2048 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +[ "$PS1" ] || if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in + xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; + *) + ;; +esac + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' diff --git a/docker/x2go/xfce-debian/.dircolors_aliases b/docker/x2go/xfce-debian/.dircolors_aliases new file mode 100644 index 0000000..e578625 --- /dev/null +++ b/docker/x2go/xfce-debian/.dircolors_aliases @@ -0,0 +1,7 @@ +test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" +alias ls='ls --color=auto' +alias dir='dir --color=auto' +alias vdir='vdir --color=auto' +alias grep='grep --color=auto' +alias fgrep='fgrep --color=auto' +alias egrep='egrep --color=auto' diff --git a/docker/x2go/xfce-debian/.docker_aliases b/docker/x2go/xfce-debian/.docker_aliases new file mode 100644 index 0000000..f8b094b --- /dev/null +++ b/docker/x2go/xfce-debian/.docker_aliases @@ -0,0 +1,3 @@ +alias ctop='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest' +alias shellcheck='docker run --rm -v "$PWD/mnt" koalaman/shellcheck:stable' +alias trans='docker run -it soimort/translate-shell' diff --git a/docker/x2go/xfce-debian/.profile b/docker/x2go/xfce-debian/.profile new file mode 100644 index 0000000..2239784 --- /dev/null +++ b/docker/x2go/xfce-debian/.profile @@ -0,0 +1,37 @@ +# shellcheck shell=sh source=/dev/null +# ~/.profile: executed by the command interpreter for login shells. + +# source ~/.*aliases and ~/.*functions files +for source in aliases functions; do + for file in "$HOME"/.*"$source"; do + [ -f "$file" ] || continue + # remove $HOME/. prefix from file + file="${file#${HOME}/.}" + # remove _$source suffix from $file + command="${file%_$source}" + # source file if command exists, ie ~/.bash_aliases + command -v "$command" >/dev/null 2>&1 && . "${HOME}/.$file" + # remove $source suffix from $file, ie ~/.aliases + command="${file%$source}" + # source file if command empty, ie ~/.aliases + [ -z "$command" ] && . "${HOME}/.$file" + done +done + +# source ~/.*shrc +for file in "$HOME"/.*shrc; do + [ -f "$file" ] || continue + # remove $HOME/. prefix from file + file="${file#${HOME}/.}" + # source file if match current shell + [ "$(basename "${SHELL}")" = "${file%rc}" ] && . "${HOME}/.$file" +done + +# set PATH to include user's bin +for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do + [ -d "$path" ] || continue + case ":${PATH}:" in + *:"$path":*) ;; + *) export PATH="${path}:$PATH" ;; + esac +done diff --git a/docker/x2go/xfce-debian/.shrc b/docker/x2go/xfce-debian/.shrc new file mode 100644 index 0000000..e8dbde1 --- /dev/null +++ b/docker/x2go/xfce-debian/.shrc @@ -0,0 +1,5 @@ +export EDITOR=nvim +export GIT_PS1_SHOWUPSTREAM=auto +export GIT_PS1_SHOWDIRTYSTATE=false +export GIT_PS1_HIDE_IF_PWD_IGNORED=true +export PAGER=less diff --git a/docker/x2go/xfce-debian/Dockerfile b/docker/x2go/xfce-debian/Dockerfile index e7c578f..07f158d 100644 --- a/docker/x2go/xfce-debian/Dockerfile +++ b/docker/x2go/xfce-debian/Dockerfile @@ -1,10 +1,12 @@ FROM danger89/xfcevdi_x2go as dist LABEL maintainer aynic.os ARG DOCKER_BUILD_DIR +ARG DOCKER_GID RUN apt-get update \ && apt-get -fy upgrade \ && apt-get -fy install \ + docker.io \ ecryptfs-utils \ fail2ban \ iptables \ @@ -12,10 +14,18 @@ RUN apt-get update \ libpam-script \ neovim \ python3-pip \ + sudo \ && pip install ssh-crypt \ && apt-get clean \ && rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* +RUN [ "$DOCKER_GID" -eq "$DOCKER_GID" ] 2>/dev/null \ + && if [ "$(getent group docker |awk -F: '{print $3}')" != "$DOCKER_GID" ]; then \ + sed -i 's/^docker:x:[0-9]\+:/docker:x:'$DOCKER_GID':/' /etc/group; \ + fi \ +|| true + + RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script \ && sed -i 's/LOGFILE=\/tmp/LOGFILE=\/var\/log/' /usr/share/libpam-script/logscript \ && for script in auth acct passwd ses_open ses_close; do \ @@ -23,8 +33,11 @@ RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script done \ && ln -s /usr/share/libpam-script /etc/pam-script -WORKDIR /app COPY ${DOCKER_BUILD_DIR}/*.sh /app/ +COPY ${DOCKER_BUILD_DIR}/issue.net /etc/ +COPY ${DOCKER_BUILD_DIR}/rc*.sh /etc/profile.d/ +COPY ${DOCKER_BUILD_DIR}/.*aliases ${DOCKER_BUILD_DIR}/.*profile ${DOCKER_BUILD_DIR}/.*rc /etc/skel/ +WORKDIR /app ARG SSH_PORT=22 CMD [] diff --git a/docker/x2go/xfce-debian/issue.net b/docker/x2go/xfce-debian/issue.net new file mode 100644 index 0000000..ac6adc1 --- /dev/null +++ b/docker/x2go/xfce-debian/issue.net @@ -0,0 +1,6 @@ +UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED + +You must have explicit, authorized permission to access or configure this device. +Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. +All activities performed on this device are logged and monitored. + diff --git a/docker/x2go/xfce-debian/rc.sh b/docker/x2go/xfce-debian/rc.sh new file mode 100644 index 0000000..87dd6a7 --- /dev/null +++ b/docker/x2go/xfce-debian/rc.sh @@ -0,0 +1,45 @@ +# shellcheck shell=sh +# file rc.sh: Call user defined functions +## author: Yann "aya" Autissier +## license: GPL +## version: 20220630 + +case $- in + # if this is an interactive shell + *i*) + # load user stuff from ~/.rc.d/* files + for file in "${HOME}"/.rc.d/*; do + # read files only + if [ -f "${file}" ]; then + func_name=$(basename "${file}") + func_args=$(cat "${file}") + # at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers + # func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found + while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do + # remove first char of func_name + func_name="${func_name#?}" + done + # call user function with args passed from the content of the file + command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}" + fi + done + # load user stuff from RC_* env vars + IFS="$(printf '%b_' '\n')"; IFS="${IFS%_}"; for line in $(printenv 2>/dev/null |awk '$0 ~ /^RC_[0-9A-Z_]*=/' |sort); do + func_name=$(printf '%s\n' "${line%%=*}" |awk '{print tolower(substr($0,4))}') + eval func_args=\$"${line%%=*}" + [ "${func_args}" = "false" ] && continue + [ "${func_args}" = "true" ] && unset func_args + # at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers + # func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found + while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do + # remove first char of func_name + func_name="${func_name#?}" + done + # call user function with args passed from the value of the env var + command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}" + done + unset IFS + ;; +esac + +# vim:ts=2:sw=2:sts=2:et diff --git a/docker/x2go/xfce-debian/rc_functions.sh b/docker/x2go/xfce-debian/rc_functions.sh new file mode 100644 index 0000000..f951e38 --- /dev/null +++ b/docker/x2go/xfce-debian/rc_functions.sh @@ -0,0 +1,281 @@ +# shellcheck shell=sh +# file rc_functions.sh: Define shell functions +## author: Yann "aya" Autissier +## license: GPL +## version: 20220630 + +# function force: Run a command sine die +force() { + if [ $# -gt 0 ]; then + while true; do + "$@" + sleep 1 + done + fi +} + +# function force8: Run a command sine die if not already running +force8() { + if [ $# -gt 0 ]; then + while true; do + # awk expression to match $@ + [ "$(ps wwx -o args 2>/dev/null |awk -v field="${PS_X_FIELD:-1}" ' + BEGIN { nargs=split("'"$*"'",args); } + # first field matched + $field == args[1] { + matched=1; + # match following fields + for (i=1;i<=NF-field;i++) { + if ($(i+field) == args[i+1]) { matched++; } + }; + # all fields matched + if (matched == nargs) { found++; } + } + END { print found+0; }' + )" = 0 ] && "$@" + sleep 1 + done + fi +} + +# function load_average; Print the current load average +load_average() { + uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}' +} + +# function process_count: Print number of "processes"/"running processes"/"D-state" +process_count() { + ps ax -o stat 2>/dev/null |awk ' + $1 ~ /R/ {process_running++}; + $1 ~ /D/ {process_dstate++}; + END { print NR-1"/"process_running+0"/"process_dstate+0; }' +} + +# function prompt_set: Export custom PROMPT_COMMAND +prompt_set() { + case "${TERM}" in + screen*) + ESCAPE_CODE_DCS="\033k" + ESCAPE_CODE_ST="\033\\" + ;; + linux*|xterm*|rxvt*) + ESCAPE_CODE_DCS="\033]0;" + ESCAPE_CODE_ST="\007" + ;; + *) + ;; + esac + # in a screen + if [ -n "${STY}" ]; then + export PROMPT_COMMAND='printf\ + "${ESCAPE_CODE_DCS:-\033]0;}%s${ESCAPE_CODE_ST:-\007}"\ + "${PWD##*/}"' + else + export PROMPT_COMMAND='printf\ + "${ESCAPE_CODE_DCS:-\033]0;}%s@%s:%s${ESCAPE_CODE_ST:-\007}"\ + "${USER}"\ + "${HOSTNAME%%.*}"\ + "${PWD##*/}"' + fi + unset ESCAPE_CODE_DCS ESCAPE_CODE_ST +} + +# function ps1_set: Export custom PS1 +ps1_set() { + case "$0" in + *sh) + COLOR_DGRAY="\[\033[1;30m\]" + COLOR_RED="\[\033[01;31m\]" + COLOR_GREEN="\[\033[01;32m\]" + COLOR_BROWN="\[\033[0;33m\]" + COLOR_YELLOW="\[\033[01;33m\]" + COLOR_BLUE="\[\033[01;34m\]" + COLOR_CYAN="\[\033[0;36m\]" + COLOR_GRAY="\[\033[0;37m\]" + COLOR_RESET="\[\033[0m\]" + ;; + *) + ;; + esac + + PS1_STATUS="\$?" + PS1_COUNT="${COLOR_DGRAY}[\` + case \"$PS1_STATUS\" in + 0) + printf \"${COLOR_BLUE}${PS1_STATUS}\";; + 1) + printf \"${COLOR_YELLOW}${PS1_STATUS}\";; + *) + printf \"${COLOR_RED}${PS1_STATUS}\";; + esac + type process_count >/dev/null 2>&1 && printf\ + \"${COLOR_DGRAY}|${COLOR_BLUE}%s\"\ + \"\$(process_count 2>/dev/null)\" + type user_count >/dev/null 2>&1 && printf\ + \"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\ + \"\$(user_count 2>/dev/null)\" + type load_average >/dev/null 2>&1 && printf\ + \"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\ + \"\$(load_average 2>/dev/null)\" + \`${COLOR_DGRAY}]${COLOR_RESET}" + PS1_END="${COLOR_DGRAY}\$( + if [ \"\$(id -u)\" = 0 ]; then + printf \"#\"; + else + printf \"\$\"; + fi + )${COLOR_RESET}" + PS1_GIT="\$( + if type __git_ps1 >/dev/null 2>&1; then + printf \"\$(__git_ps1 2>/dev/null \" (%s)\")\" + else + printf \"\$(BRANCH=\$(git rev-parse --abbrev-ref HEAD 2>/dev/null);\ + [ -n \"\${BRANCH}\" ] && printf \" (\${BRANCH})\")\" + fi + )" + PS1_GIT="${COLOR_CYAN}${PS1_GIT}${COLOR_RESET}" + PS1_HOSTNAME_COLOR="\`case \"\${ENV}${HOSTNAME%%.*}\" in + *[Pp][Rr][0Oo][Dd]*|*[Pp][Rr][Dd]*) + printf \"${COLOR_RED}\";; + *) + if [ -n \"\${ENV}\" ]; then + printf \"${COLOR_YELLOW}\"; + else + printf \"${COLOR_GREEN}\"; + fi;; + esac\`" + PS1_HOSTNAME="${PS1_HOSTNAME_COLOR}\$(hostname |sed 's/\..*//')${COLOR_RESET}" + PS1_USER_COLOR="\$( + if [ \"\$(id -u)\" = 0 ]; then + printf \"${COLOR_RED}\"; + else + printf \"${COLOR_BROWN}\"; + fi + )" + PS1_USER="${PS1_USER_COLOR}\$(id -nu):\$(id -u)${COLOR_RESET}" + PS1_WORKDIR="${COLOR_GRAY}\$( + pwd |sed 's|^'\${HOME}'\(/.*\)*$|~\1|' + )${COLOR_RESET}" + PS1="${PS1_COUNT}${PS1_USER}${COLOR_DGRAY}@${PS1_HOSTNAME}" + PS1="${PS1}${COLOR_DGRAY}:${PS1_WORKDIR}${PS1_GIT}${PS1_END} " + export 'PS1' + unset PS1_COUNT PS1_END PS1_GIT PS1_HOSTNAME PS1_HOSTNAME_COLOR\ + PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR +} + +# function screen_attach: Attach existing screen session or Create a new one +screen_attach() { + command -v screen >/dev/null 2>&1 || return + SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')" + if [ -z "${STY}" ]; then + # attach screen in tmux window 0 only ;) + [ -n "${TMUX}" ] \ + && [ "$(tmux list-window 2>/dev/null |awk '$NF == "(active)" {print $1}'\ + |sed 's/:$//')" != "0" ] \ + && return + printf 'Attaching screen.' && sleep 1\ + && printf '.' && sleep 1\ + && printf '.' && sleep 1 + exec screen -xRR -S "${SCREEN_SESSION}" + fi + unset SCREEN_SESSION +} + +# function screen_detach: Detach current screen session +screen_detach() { + screen -d +} + +# function ssh_add: Load all private keys in ~/.ssh/ to ssh agent +ssh_add() { + command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return + SSH_AGENT_DIR="/tmp/ssh-$(id -u)" + SSH_AGENT_SOCK="${SSH_AGENT_DIR}/agent@$(hostname |sed 's/\..*//')" + # launch a new agent + if [ -z "${SSH_AUTH_SOCK}" ]; then + [ ! -d "${SSH_AGENT_DIR}" ] \ + && mkdir -p "${SSH_AGENT_DIR}" 2>/dev/null\ + && chmod 0700 "${SSH_AGENT_DIR}" + # search for an already running agent + if ps wwx -o args |awk '$1 ~ "ssh-agent$" && $3 == "'"${SSH_AGENT_SOCK}"'"' |wc -l |grep -q 0; then + rm -f "${SSH_AGENT_SOCK}" + ssh-agent -a "${SSH_AGENT_SOCK}" >/dev/null 2>&1 + fi + fi + # attach to agent + export SSH_AUTH_SOCK="${SSH_AUTH_SOCK:-${SSH_AGENT_SOCK}}" + # list private keys to add + # shellcheck disable=SC2068 + for dir in ${@:-${HOME}/.ssh}; do + if [ "${SSH_ADD_RECURSIVE:-}" = true ]; then + GREP_RECURSIVE_FLAG="r" + else + GREP_RECURSIVE_CHAR="*" + fi + SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")" + done + # shellcheck disable=SC2086 + printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do + [ -r "${file}" ] || continue + # add private key to agent + ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null || ssh-add "${file}" + done + unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS +} + +# function ssh_del: removes all private keys in ~/.ssh/ from ssh agent +ssh_del() { + command -v ssh-add >/dev/null 2>&1 || return + # attach to agent + if [ -z "${SSH_AUTH_SOCK}" ]; then + return + fi + # list private keys to del + # shellcheck disable=SC2068 + for dir in ${@:-${HOME}/.ssh}; do + if [ "${SSH_DEL_RECURSIVE:-}" = true ]; then + GREP_RECURSIVE_FLAG="r" + else + GREP_RECURSIVE_CHAR="*" + fi + SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")" + done + # shellcheck disable=SC2086 + printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do + [ -r "${file}" ] || continue + # remove private key from agent + ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null && ssh-add -d "${file}" + done + unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS +} + +# function tmux_attach: Attach existing tmux session or Create a new one +tmux_attach() { + command -v tmux >/dev/null 2>&1 || return + TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')" + # do not attach tmux in screen ;) + if [ -z "${TMUX}" -a -z "${STY}" ]; then + printf 'Attaching tmux.' && sleep 1\ + && printf '.' && sleep 1\ + && printf '.' && sleep 1 + exec tmux -L"${TMUX_SESSION}" new-session -A -s"${TMUX_SESSION}" + fi + unset TMUX_SESSION +} + +# function tmux_detach: Detach current tmux session +tmux_detach() { + tmux detach +} + +# function user_count: Print number of "users sessions"/"users"/"logged users" +user_count() { + ps ax -o pid,user,tty,comm 2>/dev/null |awk ' + $3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; }; + $1 ~ /^[0-9]+$/ { count[$2]++; } + END { + for (uc in count) { c = c" "uc; }; users_count=split(c,v," "); + for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," "); + print users_sessions+0"/"users_count+0"/"users_logged+0; + }' +} diff --git a/docker/x2go/xfce-debian/setup_users.sh b/docker/x2go/xfce-debian/setup_users.sh index 97958eb..38445ef 100755 --- a/docker/x2go/xfce-debian/setup_users.sh +++ b/docker/x2go/xfce-debian/setup_users.sh @@ -8,11 +8,12 @@ for user in ${USERS:-${USER:-user}}; do && mkdir -p "/home/${user}" \ && chown "${user}" "/home/${user}" \ && chmod 0750 "/home/${user}" - for file in .bash_logout .bashrc .profile; do - [ ! -f "/home/${user}/${file}" ] \ + for file in .aliases .bash_aliases .bash_profile .bashrc .dircolors_aliases .docker_aliases .profile .sh_aliases .sh_profile .shrc; do \ + [ -f "/etc/skel/${file}" ] && [ ! -f "/home/${user}/${file}" ] \ && cp "/etc/skel/${file}" "/home/${user}" \ && chown "${user}" "/home/${user}/${file}" done + usermod -a -G docker "${user}" usermod -a -G x2gouser "${user}" mkdir -p "/home/${user}/.ssh" keys=$(su "${user}" /app/authorized_keys.sh 2>/dev/null) \ diff --git a/make/def.docker.mk b/make/def.docker.mk index bdfe8a6..32d71cd 100644 --- a/make/def.docker.mk +++ b/make/def.docker.mk @@ -25,7 +25,7 @@ NODE_GID ?= 100 NODE_UID ?= 123 RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME))) USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU)) -USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(USER_COMPOSE_PROJECT_NAME)) +USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME))) USER_DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG} USER_DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME) USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER))) diff --git a/make/def.mk b/make/def.mk index 41b8077..6d0caa5 100644 --- a/make/def.mk +++ b/make/def.mk @@ -68,7 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO GIT_USER ?= $(USER) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) GROUP ?= $(shell id -ng 2>/dev/null) -HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//') +HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//')) IGNORE_DRYRUN ?= false IGNORE_VERBOSE ?= false INSTALL ?= $(RUN) $(SUDO) $(subst &&,&& $(RUN) $(SUDO),$(INSTALL_CMD)) @@ -170,14 +170,16 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \ # macro RESU: Print USER associated to MAIL RESU = \ $(if $(findstring @,$(MAIL)), \ - $(eval user := $(subst +,,$(subst -,,$(subst .,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}')))))) \ + $(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \ $(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \ $(if $(domain), \ $(eval mail := $(MAIL)) \ - $(eval niamod := $(subst $(space),_,$(strip $(call reverse,$(subst .,$(space),$(domain)))))) \ - $(eval resu := $(niamod)_$(user)) \ - $(eval resu_path := $(subst _,/,$(niamod))/$(user)) \ - $(resu) \ + $(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \ + $(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \ + $(eval resu_niamod := $(niamod).$(resu)) \ + $(eval resu_path := $(subst .,/,$(resu_niamod))) \ + $(eval user_domain := $(user).$(domain)) \ + $(resu_niamod) \ , $(USER) \ ) \ , $(USER) \ diff --git a/stack/User.mk b/stack/User.mk index 5f06b42..6b04204 100644 --- a/stack/User.mk +++ b/stack/User.mk @@ -2,7 +2,6 @@ CMDARGS += user-exec user-exec:% user-exec@% user-run us ENV_VARS += USER_DOMAIN user_domain USER_DOMAIN ?= $(USER).$(DOMAIN) User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml))) -user_domain ?= $(user).$(domain) # target start-stack-User: Fire ssh-add .PHONY: start-stack-User diff --git a/stack/User/.env.dist b/stack/User/.env.dist deleted file mode 100644 index a1a5832..0000000 --- a/stack/User/.env.dist +++ /dev/null @@ -1,6 +0,0 @@ -USER_MYOS_RC_PROMPT_SET=true -USER_MYOS_RC_PS1_SET=true -USER_MYOS_RC_SCREEN_ATTACH=true -USER_MYOS_RC_SOURCE=/etc/profile.d/rc_functions.sh -USER_MYOS_RC_SSH_ADD=true -USER_MYOS_RC_TMUX_ATTACH=false diff --git a/stack/User/User.yml b/stack/User/User.yml index 4804974..761281a 100644 --- a/stack/User/User.yml +++ b/stack/User/User.yml @@ -20,12 +20,12 @@ services: container_name: ${USER_DOCKER_NAME} environment: - ENV=${ENV} - - RC_00_SOURCE=${USER_MYOS_RC_SOURCE} - - RC_01_PS1_SET=${USER_MYOS_RC_PS1_SET} - - RC_02_PROMPT_SET=${USER_MYOS_RC_PROMPT_SET} - - RC_03_SSH_ADD=${USER_MYOS_RC_SSH_ADD} - - RC_04_TMUX_ATTACH=${USER_MYOS_RC_TMUX_ATTACH} - - RC_05_SCREEN_ATTACH=${USER_MYOS_RC_SCREEN_ATTACH} + - RC_00_SOURCE=${USER_RC_SOURCE:-/etc/profile.d/rc_functions.sh} + - RC_01_PS1_SET=${USER_RC_PS1_SET:-true} + - RC_02_PROMPT_SET=${USER_RC_PROMPT_SET:-true} + - RC_03_SSH_ADD=${USER_RC_SSH_ADD:-true} + - RC_04_TMUX_ATTACH=${USER_RC_TMUX_ATTACH:-false} + - RC_05_SCREEN_ATTACH=${USER_RC_SCREEN_ATTACH:-true} - SHELL=${DOCKER_SHELL} image: ${USER_DOCKER_IMAGE} networks: diff --git a/stack/User/ipfs.mk b/stack/User/ipfs.mk index c7c0150..8a64507 100644 --- a/stack/User/ipfs.mk +++ b/stack/User/ipfs.mk @@ -1,4 +1,4 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS -USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(USER_DOMAIN)", "http://ipfs.localhost:8080"] -USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain)/api -USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-ipns.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipns.$(USER_DOMAIN)/user/$(user_domain) +USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"] +USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/ +USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/ diff --git a/stack/User/ipfs.yml b/stack/User/ipfs.yml index d4b8fd1..60390d8 100644 --- a/stack/User/ipfs.yml +++ b/stack/User/ipfs.yml @@ -90,6 +90,7 @@ services: volumes: ipfs: + name: ${USER_DOCKER_VOLUME}_ipfs networks: private: diff --git a/stack/node/.env.dist b/stack/node/.env.dist deleted file mode 100644 index 01d34b2..0000000 --- a/stack/node/.env.dist +++ /dev/null @@ -1,9 +0,0 @@ -NODE_CONSUL_ACL_TOKENS_MASTER=01234567-89AB-CDEF-0123-456789ABCDEF -NODE_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF -NODE_CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${DOMAIN}/ -NODE_FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${DOMAIN}/ -NODE_SSH_PORT=${SSH_PORT} -NODE_SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS} -UFW_UPDATE_certbot=53/udp -UFW_UPDATE_consul=8500 -UFW_DOCKER_fabio=80 443 diff --git a/stack/node/backup/.env.dist b/stack/node/backup/.env.dist deleted file mode 100644 index 5575c8e..0000000 --- a/stack/node/backup/.env.dist +++ /dev/null @@ -1,2 +0,0 @@ -NODE_RESTIC_REPOSITORY= -NODE_RESTIC_PASSWORD= diff --git a/stack/node/backup/restic.yml b/stack/node/backup/restic.yml index 6243944..becd586 100644 --- a/stack/node/backup/restic.yml +++ b/stack/node/backup/restic.yml @@ -8,12 +8,10 @@ services: BACKUP_CRON: "30 3 * * *" RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY} RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD} - RESTIC_BACKUP_SOURCES: /var/lib/docker/volumes - RESTIC_BACKUP_TAGS: docker-volumes - RESTIC_FORGET_ARGS: --prune --keep-last 14 --keep-daily 1 - TZ: Europe/Paris - networks: - - private + RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes} + RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes} + RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1} + TZ: ${NODE_TZ:-${TZ}} volumes: - restic:/root/.config - /var/lib/docker/volumes:/var/lib/docker/volumes:ro @@ -21,7 +19,3 @@ services: volumes: restic: -networks: - private: - external: true - name: ${DOCKER_NETWORK_PRIVATE} diff --git a/stack/node/certbot.mk b/stack/node/certbot.mk new file mode 100644 index 0000000..316403d --- /dev/null +++ b/stack/node/certbot.mk @@ -0,0 +1 @@ +NODE_CERTBOT_UFW_UPDATE ?= 53/udp diff --git a/stack/node/consul.mk b/stack/node/consul.mk new file mode 100644 index 0000000..26056e2 --- /dev/null +++ b/stack/node/consul.mk @@ -0,0 +1,5 @@ +ENV_VARS += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS +NODE_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef +NODE_CONSUL_HTTP_TOKEN ?= $(NODE_CONSUL_ACL_TOKENS_MASTER) +NODE_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/ +NODE_CONSUL_UFW_UPDATE ?= 8500 diff --git a/stack/node/exporter.mk b/stack/node/exporter.mk new file mode 100644 index 0000000..9a058e9 --- /dev/null +++ b/stack/node/exporter.mk @@ -0,0 +1,3 @@ +ENV_VARS += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS +NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/ +NODE_EXPORTER_NODE_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/ diff --git a/stack/node/exporter/.env.dist b/stack/node/exporter/.env.dist deleted file mode 100644 index 2e74efd..0000000 --- a/stack/node/exporter/.env.dist +++ /dev/null @@ -1,2 +0,0 @@ -NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS=urlprefix-exporter-cadvisor.${DOMAIN}/ -NODE_EXPORTER_NODE_SERVICE_9100_TAGS=urlprefix-exporter-node.${DOMAIN}/ diff --git a/stack/node/fabio.mk b/stack/node/fabio.mk new file mode 100644 index 0000000..54d4567 --- /dev/null +++ b/stack/node/fabio.mk @@ -0,0 +1,3 @@ +ENV_VARS += NODE_FABIO_SERVICE_9998_TAGS +NODE_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/ +NODE_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp diff --git a/stack/node/mail.mk b/stack/node/mail.mk new file mode 100644 index 0000000..0382422 --- /dev/null +++ b/stack/node/mail.mk @@ -0,0 +1,6 @@ +# ENV_VARS += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK +NODE_MAILSERVER_ENABLE_MANAGESIEVE ?= 1 +NODE_MAILSERVER_SPOOF_PROTECTION ?= 1 +NODE_MAILSERVER_SSL_TYPE ?= letsencrypt +NODE_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0 +NODE_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp diff --git a/stack/node/mail/.env.dist b/stack/node/mail/.env.dist deleted file mode 100644 index 57eb802..0000000 --- a/stack/node/mail/.env.dist +++ /dev/null @@ -1,5 +0,0 @@ -NODE_MAILSERVER_ENABLE_MANAGESIEVE=1 -NODE_MAILSERVER_SPOOF_PROTECTION=1 -NODE_MAILSERVER_SSL_TYPE=letsencrypt -NODE_MAILSERVER_UPDATE_CHECK=0 -UFW_DOCKER_mailserver=25 465 587 993 diff --git a/stack/node/mail/mailserver.yml b/stack/node/mail/mailserver.yml index f1d9665..3fae08a 100644 --- a/stack/node/mail/mailserver.yml +++ b/stack/node/mail/mailserver.yml @@ -15,13 +15,13 @@ services: - ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1} - ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-} - POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-} - - ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-1} + - ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0} - UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d} - PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none} - - TZ=${NODE_MAILSERVER_TZ:-} + - TZ=${NODE_MAILSERVER_TZ:-${TZ}} - NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-} - TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-} - - SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-} + - SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1} - ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0} - ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-} - ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0} @@ -30,10 +30,10 @@ services: - ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0} - ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0} - FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop} - - ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-} + - ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1} - POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce} - SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-} - - SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-} + - SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt} - SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-} - SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-} - SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-} diff --git a/stack/node/portainer.mk b/stack/node/portainer.mk new file mode 100644 index 0000000..87f8745 --- /dev/null +++ b/stack/node/portainer.mk @@ -0,0 +1,2 @@ +ENV_VARS += NODE_PORTAINER_SERVICE_9000_TAGS +NODE_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/ diff --git a/stack/node/portainer/portainer.yml b/stack/node/portainer.yml similarity index 100% rename from stack/node/portainer/portainer.yml rename to stack/node/portainer.yml diff --git a/stack/node/portainer/.env.dist b/stack/node/portainer/.env.dist deleted file mode 100644 index 6a3266c..0000000 --- a/stack/node/portainer/.env.dist +++ /dev/null @@ -1 +0,0 @@ -NODE_PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/ diff --git a/stack/node/vdi/.env.dist b/stack/node/vdi/.env.dist deleted file mode 100644 index 8b85b85..0000000 --- a/stack/node/vdi/.env.dist +++ /dev/null @@ -1,7 +0,0 @@ -NODE_VDI_ECRYPTERS=${USER} -NODE_VDI_LANG=${LANG} -NODE_VDI_PORT=${SSH_PORT} -NODE_VDI_SUDOERS= -NODE_VDI_TZ=UTC -NODE_VDI_USERS=${USER} -UFW_DOCKER_vdi=${SSH_PORT} diff --git a/stack/node/vdi/vdi.yml b/stack/node/vdi/vdi.yml index 62c4616..2f1e093 100644 --- a/stack/node/vdi/vdi.yml +++ b/stack/node/vdi/vdi.yml @@ -5,7 +5,7 @@ services: build: args: - DOCKER_BUILD_DIR=docker/x2go/xfce-debian - - SSH_PORT=${NODE_VDI_PORT:-22} + - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} context: ../.. dockerfile: docker/x2go/xfce-debian/Dockerfile cap_add: @@ -17,14 +17,14 @@ services: cpus: 0.5 environment: - DEBUG=${VDI_DEBUG:-} - - ECRYPTERS=${NODE_VDI_ECRYPTERS:-} - - LANG=${NODE_VDI_LANG:-} - - SSH_PORT=${NODE_VDI_PORT:-22} + - ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}} + - LANG=${NODE_VDI_LANG:-C.UTF-8} + - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-} - - SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-} - - SUDOERS=${NODE_VDI_SUDOERS:-} + - SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}} + - SUDOERS=${NODE_VDI_SUDOERS:-${USER}} - TZ=${NODE_VDI_TZ:-} - - USERS=${NODE_VDI_USERS:-} + - USERS=${NODE_VDI_USERS:-${USER}} image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG} networks: - public diff --git a/stack/node/vsftpd/.env.dist b/stack/node/vsftpd/.env.dist deleted file mode 100644 index 6f50dae..0000000 --- a/stack/node/vsftpd/.env.dist +++ /dev/null @@ -1,3 +0,0 @@ -NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -NODE_VSFTPD_S3_FTPD_USERS=ftpuser::ftppass::ftpbucket diff --git a/stack/node/vsftpd/s3.yml b/stack/node/vsftpd/s3.yml index 7df5050..ceb751c 100644 --- a/stack/node/vsftpd/s3.yml +++ b/stack/node/vsftpd/s3.yml @@ -13,8 +13,8 @@ services: devices: - /dev/fuse environment: - - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID} - - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY} + - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}} + - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}} - DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE} - FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST} - FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS} diff --git a/stack/x2go/.env.dist b/stack/x2go/.env.dist deleted file mode 100644 index 1ea20dd..0000000 --- a/stack/x2go/.env.dist +++ /dev/null @@ -1,6 +0,0 @@ -VDI_ECRYPTERS= -VDI_LANG=${LANG} -VDI_PORT=8260 -VDI_SUDOERS= -VDI_TZ=UTC -VDI_USERS=${USER} diff --git a/stack/x2go/vdi.mk b/stack/x2go/vdi.mk new file mode 100644 index 0000000..a4f3179 --- /dev/null +++ b/stack/x2go/vdi.mk @@ -0,0 +1,4 @@ +VDI_LANG ?= C.UTF-8 +VDI_PORT ?= 123 +VDI_TZ ?= UTC +VDI_USERS ?= $(USER) diff --git a/stack/x2go/xfce_debian.yml b/stack/x2go/vdi.yml similarity index 90% rename from stack/x2go/xfce_debian.yml rename to stack/x2go/vdi.yml index 865d90d..6f36872 100644 --- a/stack/x2go/xfce_debian.yml +++ b/stack/x2go/vdi.yml @@ -5,7 +5,8 @@ services: build: args: - DOCKER_BUILD_DIR=docker/x2go/xfce-debian - - SSH_PORT=${VDI_PORT:-22} + - DOCKER_GID=${DOCKER_GID:-} + - SSH_PORT=${SSH_PORT:-22} context: ../.. dockerfile: docker/x2go/xfce-debian/Dockerfile cap_add: @@ -18,7 +19,7 @@ services: - DEBUG=${VDI_DEBUG:-} - ECRYPTERS=${VDI_ECRYPTERS:-} - LANG=${VDI_LANG:-} - - SSH_PORT=${VDI_PORT:-22} + - SSH_PORT=${SSH_PORT:-22} - SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS:-} - SUDOERS=${VDI_SUDOERS:-} - TZ=${VDI_TZ:-} @@ -28,7 +29,7 @@ services: - private - public ports: - - ${SSH_PORT} + - ${VDI_PORT}:${SSH_PORT} restart: unless-stopped security_opt: - apparmor=unconfined # ecryptfs