fix certbot version

2023-01-09 20:13:24 +00:00 · 2023-01-09 20:13:24 +00:00 · 5b6084aad6
parent e89e552227
commit 5b6084aad6
6 changed files with 31 additions and 19 deletions
--- a/docker/certbot/Dockerfile
+++ b/docker/certbot/Dockerfile
@ -1,47 +1,58 @@
-# FROM certbot/certbot:latest as dist
-FROM python:3.8-alpine as dist
+FROM python:3.11-alpine as dist
 LABEL maintainer aynic.os <support+docker@asycn.io>
 ARG DOCKER_BUILD_DIR
+ARG CERTBOT_VERSION=1.32.0

 # RUN pip install \
 RUN apk --no-cache add --virtual .build-deps \
+        augeas-dev \
        build-base \
        libffi-dev \
 && pip install \
-        certbot \
+        acme==$CERTBOT_VERSION \
+        certbot==$CERTBOT_VERSION \
+#        certbot-apache \
        certbot-dns-azure \
 #        certbot-dns-bunny \
-#        certbot-dns-clouddns \
+        certbot-dns-clouddns \
        certbot-dns-cloudflare \
-#        certbot-dns-cloudxns \
+        certbot-dns-cloudxns \
        certbot-dns-digitalocean \
-#        certbot-dns-dnsmadeeasy \
-#        certbot-dns-dnsimple \
+        certbot-dns-dnsmadeeasy \
+        certbot-dns-dnsimple \
 #        certbot-dns-gehirn \
-#        certbot-dns-godaddy \
+        certbot-dns-godaddy \
        certbot-dns-google \
        certbot-dns-infomaniak \
 #        certbot-dns-inwx \
        certbot-dns-ispconfig \
-#        certbot-dns-lightsail \
+        certbot-dns-lightsail \
        certbot-dns-linode \
-#        certbot-dns-luadns \
-#        certbot-dns-njalla \
+        certbot-dns-luadns \
+        certbot-dns-njalla \
 #        certbot-dns-nsone \
        certbot-dns-ovh \
        certbot-dns-rfc2136 \
        certbot-dns-route53 \
 #        certbot-dns-sakuracloud \
        certbot-dns-standalone \
-#        certbot-dns-yandexcloud \
+        certbot-dns-yandexcloud \
 #        certbot-ext-auth future \
+        certbot-nginx \
        certbot-plugin-gandi \
        certbot-s3front \
-#        certbot_dns_duckdns \
-#        certbot_dns_porkbun \
+        certbot_dns_duckdns \
+        certbot_dns_porkbun \
 #        letsencrypt-pritunl \
 #        letsencrypt-proxmox \
- && apk del .build-deps
+ && runDeps="$( \
+    scanelf --needed --nobanner --recursive /usr \
+      | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+      | xargs -r apk info --installed \
+      | sort -u \
+  )" \
+ && apk del .build-deps \
+ && apk add --no-cache --virtual .run-deps $runDeps

 COPY ${DOCKER_BUILD_DIR}/certbot-renew /etc/periodic/daily/
 COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh
--- a/make/apps/def.build.mk
+++ b/make/apps/def.build.mk
@ -3,7 +3,7 @@ BUILD_DATE                      ?= $(shell TZ=UTC date "+%Y%m%dT%H%M%SZ" 2>/dev/
 BUILD_DESCRIPTION               ?= Lot of Love
 BUILD_DOCUMENTATION             ?= $(APP_REPOSITORY_URL)$(if $(wildcard README.md),/blob/$(COMMIT)/README.md)
 BUILD_ENV_VARS                  ?= APP BRANCH BUILD_DATE BUILD_STATUS COMMIT DEPLOY_HOOK_URL ENV UID USER VERSION
-BUILD_LABEL_VARS                ?= org.label-schema.% org.opencontainers.% os.my.%
+BUILD_LABEL_VARS                ?= org.opencontainers.% os.my.%
 BUILD_LABEL_ARGS                ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),$(var)='$($(var))'))
 BUILD_LICENSE                   ?= GPL-3.0
 BUILD_NAME                      ?= $(COMPOSE_SERVICE_NAME)-$(BUILD_SERVICE)
--- a/make/apps/docker.mk
+++ b/make/apps/docker.mk
@ -221,6 +221,7 @@ docker-run:

 # target docker-run-%: Call docker-run with image % and command ARGS
 .PHONY: docker-run-%
+docker-run-%: DOCKER_RUN_OPTIONS += -it
 docker-run-%: docker-build-%
 	$(eval command         := $(ARGS))
 	$(eval path            := $(patsubst %/,%,$*))
--- a/make/apps/myos/setup.mk
+++ b/make/apps/myos/setup.mk
@ -41,7 +41,7 @@ endif
 .PHONY: setup-ufw
 setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
 setup-ufw: DOCKER_RUN_NETWORK   :=
-setup-ufw: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
+setup-ufw: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host --restart always
 setup-ufw:
 ifeq ($(SETUP_UFW),true)
 	$(call app-install,$(SETUP_UFW_REPOSITORY))
--- a/stack/host/acme.mk
+++ b/stack/host/acme.mk
@ -1,3 +1,3 @@
 ENV_VARS                                  += HOST_ACME_POST_HOOK HOST_ACME_PRE_HOOK
-HOST_ACME_DOMAIN_PATH_VALID               ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z_\-\.]+\.[a-z0-9_\-\.\+\/]+$$/"'")
+HOST_ACME_DOMAIN_PATH_VALID               ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z\-]+\.[a-z0-9_\-\.\+\/]+$$/"'")
 HOST_ACME_POST_HOOK                       ?= [ "$(HOST_ACME_DOMAIN_PATH_VALID)" ] && cp fullchain.cer /host/certs/$${domain}-cert.pem 2>/dev/null && cp $${domain}.key /host/certs/$${domain}-key.pem
--- a/stack/host/host.mk
+++ b/stack/host/host.mk
@ -94,7 +94,7 @@ host-certbot-staging: host-docker-build-certbot
 # target host-docker-build-%: Build % docker
 .PHONY: host-docker-build-%
 host-docker-build-%:
-	$(call docker-build,docker/$*,host/$*:$(DOCKER_IMAGE_TAG))
+	$(call docker-build,docker/$*,$(HOST_DOCKER_REPOSITORY)/$*:$(DOCKER_IMAGE_TAG))

 # target host-docker-rebuild-%: Rebuild % docker
 .PHONY: host-docker-rebuild-%