add app ufw-docker

README.md

@@ -1,12 +1,12 @@
 # myos - Make Your Own Stack
 
-Docker paas based on docker compose files.
+Docker paas based on docker compose and make files.
 
 Make Your Own Stack provides common make targets to build and run docker projects.
 
 ## Disclaimer
 
-This is work in progress ;)
+This is beta software, use it at your own risks.
 
 ## Requirements
 
@@ -14,11 +14,13 @@ You need `docker`, `git` and `make`.
 
 ## Install
 
-* Include myos `include.mk` file adding the following lines to your project `Makefile` file.
+* Include MYOS file `make/include.mk` adding the following lines to your project file `Makefile`.
 
 ```
-MYOS                            ?= ../myos
+MYOS                                      ?= ../myos
-MYOS_REPOSITORY                 ?= https://github.com/aynicos/myos
+MYOS_REPOSITORY                           ?= $(patsubst %/$(APP),%/myos,$(APP_REPOSITORY))
+APP                                       ?= $(lastword $(subst /, ,$(APP_REPOSITORY)))
+APP_REPOSITORY                            ?= $(shell git config --get remote.origin.url 2>/dev/null)
 $(MYOS):
 	-@git clone $(MYOS_REPOSITORY) $(MYOS)
 -include $(MYOS)/make/include.mk
@@ -53,8 +55,8 @@ $ make host
 ```
 
 `make host` starts the stack `host` with docker host services :
-- consul (service discovery)
+- consul (service discovery) on host port 8500
-- fabio (load balancer)
+- fabio (load balancer) on host ports 80 and 443
 - registrator (docker/consul bridge)
 
 * Stop myos
@@ -89,10 +91,10 @@ Show called functions.
 $ make up VERBOSE=true
 ```
 
-* Show variable VARIABLE
+* Show variable USER
 
 ```shell
-$ make print-VARIABLE
+$ make print-USER
 ```
 
 #### Setup
@@ -156,6 +158,15 @@ $ docker volume rm $(hostname)
 $ make host SETUP_LETSENCRYPT=true
 ```
 
+* SETUP_UFW
+
+Control linux firewall rules with ufw.
+
+```
+$ echo SETUP_UFW=true >> .env
+$ make setup-ufw
+```
+
 ### Debug
 
 * Show docker compose yaml config
@@ -187,6 +198,9 @@ $ make doc
 $ make print-env_args
 ```
 
-## Status
+* Show user mail
+
+```shell
+$ make print-MAIL
+```
 
-Beta software, use it at your own risks.

make/apps/ansible/def.ansible.mk

@@ -34,9 +34,9 @@ ANSIBLE_SSH_USERNAME            ?= $(firstword $(SSH_USER))
 ANSIBLE_SERVER_NAME             ?= $(SERVER_NAME)
 ANSIBLE_USERNAME                ?= $(USER)
 ANSIBLE_VERBOSE                 ?= $(if $(DEBUG),-vvvv,$(if $(VERBOSE),-v))
-CMDARGS                         += ansible ansible-playbook
 DOCKER_RUN_OPTIONS_ANSIBLE      ?= -it $(if $(DOCKER_INTERNAL_DOCKER_HOST),--add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST))
 ENV_VARS                        += ANSIBLE_APP_LOAD ANSIBLE_APP_NAME ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_MYOS ANSIBLE_PLAYBOOK ANSIBLE_SSH_AUTHORIZED_KEYS ANSIBLE_SSH_BASTION_HOSTNAME ANSIBLE_SSH_BASTION_USERNAME ANSIBLE_SSH_PRIVATE_IP_RANGE ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_SSH_PUBLIC_HOSTS ANSIBLE_SSH_USERNAME ANSIBLE_USERNAME ANSIBLE_VERBOSE
+MAKECMDARGS                     += ansible ansible-playbook
 
 # function ansible: Call run ansible ANSIBLE_ARGS with arg 1
 define ansible

make/apps/aws/def.aws.mk

@@ -13,9 +13,9 @@ AWS_SECRET_ACCESS_KEY           := $(if $(AWS_CREDENTIALS),$(shell $(call conf,$
 AWS_SERVICE_NAME                ?= $(COMPOSE_SERVICE_NAME)
 AWS_SERVICE_VERSION             ?= $(BUILD_DATE)-$(VERSION)
 AWS_SNAP_DESCRIPTION            ?= $(AWS_SERVICE_NAME)-$(AWS_SERVICE_VERSION)-$(AWS_S3_FILENAME)
-CMDARGS                         += aws
 DOCKER_RUN_VOLUME               += -v $(HOME)/.aws:/home/$(USER)/.aws
 ENV_VARS                        += AWS_ACCESS_KEY_ID AWS_AMI_DESCRIPTION AWS_AMI_NAME AWS_DEFAULT_OUTPUT AWS_DEFAULT_REGION AWS_INSTANCE_ID AWS_PROFILE AWS_S3_BUCKET AWS_S3_KEY AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SNAP_DESCRIPTION AWS_SNAP_ID
+MAKECMDARGS                     += aws
 
 # function aws: Call run aws with arg 1
 define aws

make/apps/common.mk

@@ -156,7 +156,7 @@ restart: docker-compose-restart app-start ## Restart application
 # target run: Run command ARGS in a new docker SERVICE
 # on local host
 .PHONY: run
-run: SERVICE ?= $(DOCKER_SERVICE)
+run: SERVICE ?= $(or $(DOCKER_COMPOSE_SERVICE),$(DOCKER_SERVICE))
 run: ## Run a command in a new docker
 #ifneq (,$(filter $(ENV),$(ENV_DEPLOY)))
 #	$(call run,$(ARGS))

make/apps/def.docker.mk

@@ -1,5 +1,3 @@
-CMDARGS                         += docker-run docker-run-%
-COMPOSE_ARGS                    ?= --ansi auto
 COMPOSE_FILE                    ?= $(wildcard docker-compose.yml docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
 COMPOSE_FILE_$(ENV)             ?= true
 COMPOSE_FILE_DEBUG              ?= $(if $(DEBUG),true)
@@ -28,10 +26,13 @@ DOCKER_BUILD_TARGET             ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS))
 DOCKER_BUILD_TARGET_DEFAULT     ?= master
 DOCKER_BUILD_TARGETS            ?= $(ENV_DEPLOY)
 DOCKER_BUILD_VARS               ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
-DOCKER_COMPOSE                  ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
+DOCKER_COMPOSE                  ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1;}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
+DOCKER_COMPOSE_ARGS             ?= --ansi=auto
 DOCKER_COMPOSE_DOWN_OPTIONS     ?=
 DOCKER_COMPOSE_PROJECT_NAME     ?= $(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME)))
-DOCKER_COMPOSE_RUN_OPTIONS      ?= --rm
+DOCKER_COMPOSE_RUN_ENTRYPOINT   ?= $(patsubst %,--entrypoint=%,$(DOCKER_COMPOSE_ENTRYPOINT))
+DOCKER_COMPOSE_RUN_OPTIONS      ?= --rm $(DOCKER_COMPOSE_RUN_ENTRYPOINT) $(DOCKER_COMPOSE_RUN_WORKDIR)
+DOCKER_COMPOSE_RUN_WORKDIR      ?= $(if $(DOCKER_COMPOSE_WORKDIR),-w $(DOCKER_COMPOSE_WORKDIR))
 DOCKER_COMPOSE_SERVICE_NAME     ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME))
 DOCKER_COMPOSE_UP_OPTIONS       ?= -d
 DOCKER_IMAGE_TAG                ?= $(if $(filter true,$(DEPLOY)),$(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION)),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
@@ -52,6 +53,7 @@ DOCKER_SERVICE                  ?= $(lastword $(DOCKER_SERVICES))
 DOCKER_SERVICES                 ?= $(eval IGNORE_DRYRUN := true)$(eval IGNORE_VERBOSE := true)$(shell $(call docker-compose,config --services) 2>/dev/null)$(eval IGNORE_DRYRUN := false)$(eval IGNORE_VERBOSE := false)
 DOCKER_SHELL                    ?= /bin/sh
 ENV_VARS                        += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
+MAKECMDARGS                     += docker-run docker-run-%
 
 ifeq ($(DRONE), true)
 APP_PATH_PREFIX                 := $(DRONE_BUILD_NUMBER)
@@ -83,14 +85,21 @@ endef
 # function docker-compose: Run docker-compose with arg 1
 define docker-compose
 	$(call INFO,docker-compose,$(1))
-	$(if $(DOCKER_RUN),$(call docker-build,$(MYOS)/docker/compose,docker/compose:$(COMPOSE_VERSION)))
+	$(if $(COMPOSE_FILE),
-	$(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1)))
+	  $(if $(DOCKER_COMPOSE),
+	    $(call env-exec,$(RUN) $(DOCKER_COMPOSE) $(DOCKER_COMPOSE_ARGS) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
+	  , $(if $(DOCKER_RUN),
+	      $(call docker-build,$(MYOS)/docker/compose,docker/compose:$(COMPOSE_VERSION))
+	      $(call docker-run,docker/compose:$(COMPOSE_VERSION) $(DOCKER_COMPOSE_ARGS),$(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
+	    , $(call env-exec,$(RUN) docker-compose $(DOCKER_COMPOSE_ARGS) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
+	    )
+	  )
+	)
 endef
 # function docker-compose-exec-sh: Run docker-compose-exec sh -c 'arg 2' in service 1
 define docker-compose-exec-sh
 	$(call INFO,docker-compose-exec-sh,$(1)$(comma) $(2))
-	$(if $(DOCKER_RUN),$(call docker-build,$(MYOS)/docker/compose,docker/compose:$(COMPOSE_VERSION)))
+	$(call docker-compose,exec -T $(1) sh -c '$(2)')
-	$(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) exec -T $(1) sh -c '$(2)'))
 endef
 # function docker-push: Push docker image
 define docker-push

make/apps/def.mk

@@ -17,11 +17,11 @@ APP_UPSTREAM_REPOSITORY         ?= $(or $(shell git config --get remote.upstream
 APP_URI                         ?= $(APP_HOST)/$(APP_PATH)
 APP_URIS                        ?= $(APP_URI)
 APP_URL                         ?= $(APP_SCHEME)://$(APP_URI)
-CMDARGS                         += exec exec:% exec@% run run:% run@%
 CONTEXT                         += APP APPS BRANCH DOMAIN VERSION RELEASE
 CONTEXT_DEBUG                   += APP_DIR APP_URL APP_REPOSITORY APP_UPSTREAM_REPOSITORY ENV_DEPLOY
 ENV_DEPLOY                      ?= $(patsubst origin/%,%,$(shell git rev-parse --symbolic --remotes=origin |sed '/origin\/HEAD/d' 2>/dev/null))
 ENV_VARS                        += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL CONSUL_HTTP_TOKEN $(if $(filter true,$(MOUNT_NFS)),NFS_CONFIG)
+MAKECMDARGS                     += exec exec:% exec@% run run:% run@%
 MOUNT_NFS                       ?= false
 NFS_CONFIG                      ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3
 NFS_HOST                        ?= host.docker.internal

make/apps/def.ufw.mk

@@ -1,4 +1,4 @@
-CMDARGS                         += ufw ufw-docker
+MAKECMDARGS                     += ufw ufw-docker
 UFW_UPDATE                      ?= $(or $(SERVICE),$(DOCKER_SERVICES))
 
 ifeq ($(SETUP_UFW),true)

make/apps/docker.mk

@@ -118,10 +118,10 @@ docker-images-myos: MAKE_VARS += DOCKER_REPOSITORY STACK
 docker-images-myos:
 	$(foreach image,$(subst $(quote),,$(DOCKER_IMAGES_MYOS)),$(call make,docker-build-$(image),$(MYOS)))
 
-# target docker-images-rm: Call docker-image-rm-% target for DOCKER_REPOSITORY
+# target docker-images-rm: Remove docker images matching DOCKER_REPOSITORY
 .PHONY: docker-images-rm
 docker-images-rm:
-	$(call make,docker-images-rm-$(DOCKER_REPOSITORY)/)
+	docker images |awk '$$1 ~ /^$(subst /,\/,$(DOCKER_REPOSITORY)/)/ {print $$3}' |sort -u |while read image; do $(RUN) docker rmi -f $$image; done
 
 # target docker-images-rm-%: Remove docker images matching %
 .PHONY: docker-images-rm-%
@@ -226,7 +226,7 @@ docker-run-%: docker-build-%
 	$(eval path            := $(patsubst %/,%,$*))
 	$(eval image           := $(DOCKER_REPOSITORY)/$(lastword $(subst /, ,$(path)))$(if $(findstring :,$*),,:$(DOCKER_IMAGE_TAG)))
 	$(eval image_id        := $(shell docker images -q $(image) 2>/dev/null))
-	$(call docker-run,$(command),$(if $(image_id),$(image),$(path)))
+	$(call docker-run,$(if $(image_id),$(image),$(path)),$(command))
 
 # target docker-tag: Call docker-tag for each SERVICES
 .PHONY: docker-tag

make/apps/myos/def.mk

@@ -1,7 +1,7 @@
-CMDARGS                         += ssh-run
 COMPOSE_IGNORE_ORPHANS          := true
 ENV_VARS                        += COMPOSE_IGNORE_ORPHANS MYOS_TAGS_JSON
 HOME                            ?= /home/$(USER)
+MAKECMDARGS                     += ssh-run
 MYOS_TAGS_VARS                  ?= env user
 MYOS_TAGS_ARGS                  ?= $(foreach var,$(filter $(MYOS_TAGS_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),$(var)='$($(var))'))
 MYOS_TAGS_JSON                  ?= "{$(foreach var,$(filter $(MYOS_TAGS_VARS),$(MAKE_FILE_VARS)),$(if $($(var)), '$(var)': '$($(var))'$(comma))) }"

make/apps/myos/setup.mk

@@ -5,7 +5,7 @@
 .PHONY: setup-binfmt
 setup-binfmt:
 ifeq ($(SETUP_BINFMT),true)
-	$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
+	$(call docker-run,--privileged tonistiigi/binfmt,--install $(SETUP_BINFMT_ARCH))
 endif
 
 # target setup-docker-group: Call ansible to add user in docker group if needed
@@ -39,13 +39,13 @@ endif
 
 # target setup-ufw: Install ufw-docker
 .PHONY: setup-ufw
+setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
+setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
 setup-ufw:
 ifeq ($(SETUP_UFW),true)
 	$(call app-install,$(SETUP_UFW_REPOSITORY))
 	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
-	$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
 	$(call app-build)
-	$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
 	$(call app-up)
 	$(call ufw-docker,install)
 endif

make/apps/openstack/def.openstack.mk

@@ -1,5 +1,6 @@
-CMDARGS                         += openstack
 ENV_VARS                        += OS_AUTH_URL OS_TENANT_ID OS_TENANT_NAME OS_USERNAME OS_PASSWORD OS_REGION_NAME OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME
+MAKECMDARGS                     += openstack
+
 ifneq ($(DEBUG),)
 OPENSTACK_ARGS                  += --debug
 endif

make/apps/packer/def.packer.mk

@@ -1,7 +1,7 @@
-CMDARGS                         += packer
 DOCKER_RUN_OPTIONS_PACKER       ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) -v $(SSH_DIR):$(SSH_DIR)
 ENV_VARS                        += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG
 KVM_GID                         ?= $(call gid,kvm)
+MAKECMDARGS                     += packer
 PACKER_ARCH                     ?= $(PACKER_ALPINE_ARCH)
 PACKER_BOOT_WAIT                ?= 24s
 PACKER_BUILD_ARGS               ?= -on-error=cleanup $(foreach var,$(PACKER_BUILD_VARS),$(if $($(var)),-var $(var)='$($(var))'))

make/apps/terraform/def.terraform.mk

@@ -1,4 +1,4 @@
-CMDARGS                         += terraform
+MAKECMDARGS                     += terraform
 
 define terraform
 	$(RUN) $(call run,terraform $(1),hashicorp/)

make/apps/ufw.mk

@@ -16,12 +16,14 @@ ufw-docker:
 # target ufw-docker: Call ufw and ufw-docker foreach service UFW_UPDATE
 .PHONY: ufw-update
 ufw-update: debug-UFW_UPDATE
-	$(eval name := $(DOCKER_COMPOSE_PROJECT_NAME))
+	$(eval name := $(COMPOSE_PROJECT_NAME))
-	$(foreach update,$(UFW_UPDATE), \
+	$(foreach UPDATE,$(call UPPERCASE,$(UFW_UPDATE)), \
-	  $(foreach port,$(UFW_DOCKER_$(update)) $(UFW_DOCKER_$(name)-$(update)), \
+	  $(eval ufw_update := $($(if $(filter host,$(firstword $(subst /, ,$(STACK)))),HOST_)$(UPDATE)_UFW_UPDATE)) \
-		  $(call ufw-docker,$(if $(UFW_DELETE),delete) allow $(name)-$(update) $(port) ||:) \
+	  $(eval ufw_docker := $($(if $(filter host,$(firstword $(subst /, ,$(STACK)))),HOST_)$(UPDATE)_UFW_DOCKER)) \
+	  $(foreach port,$(ufw_docker), \
+	    $(call ufw-docker,$(if $(UFW_DELETE),delete) allow $(name)-$(call LOWERCASE,$(UPDATE)) $(port) ||:) \
 	  ) \
-	  $(foreach port,$(UFW_UPDATE_$(update)) $(UFW_UPDATE_$(name)-$(update)), \
+	  $(foreach port,$(ufw_update), \
 	    $(call ufw,$(if $(UFW_DELETE),delete) allow $(port)) \
 	  ) \
 	)

make/def.app.mk

@@ -1,4 +1,4 @@
-CMDARGS                         += app-%-exec app-%-run
+MAKECMDARGS                     += app-%-exec app-%-run
 
 # function app-attach: Call docker-attach for each Dockerfile in dir 1
 define app-attach
@@ -128,7 +128,7 @@ define app-run
 	$(foreach dockerfile,$(DOCKER_FILE),
 	  $(call app-docker,$(dockerfile))
 	  $(if $(shell docker images -q $(DOCKER_IMAGE) 2>/dev/null),
-	    $(call docker-run,$(args))
+	    $(call docker-run,$(DOCKER_IMAGE),$(args))
 	  , $(call ERROR,Unable to find docker image,$(DOCKER_IMAGE))
 	  )
 	)

make/def.docker.mk

@@ -9,13 +9,15 @@ DOCKER_NETWORK_PRIVATE          ?= $(USER)-$(ENV)
 DOCKER_NETWORK_PUBLIC           ?= $(HOSTNAME)
 # DOCKER_RUN: if empty, run system command, else run it in a docker
 DOCKER_RUN                      ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER))
+DOCKER_RUN_ENTRYPOINT           ?= $(patsubst %,--entrypoint=%,$(DOCKER_ENTRYPOINT))
 DOCKER_RUN_LABELS               ?= $(patsubst %,-l %,$(DOCKER_LABELS))
-# DOCKER_RUN_OPTIONS: default options of `docker run` command
+DOCKER_RUN_NETWORK              += --network $(DOCKER_NETWORK)
-DOCKER_RUN_OPTIONS              += --rm --network $(DOCKER_NETWORK)
+DOCKER_RUN_OPTIONS              += --rm
-# DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes
+DOCKER_RUN_VOLUME               ?= $(patsubst %,-v %,$(DOCKER_VOLUME))
-DOCKER_RUN_VOLUME               += -v /var/run/docker.sock:/var/run/docker.sock
+DOCKER_RUN_WORKDIR              ?= $(if $(DOCKER_WORKDIR),-w $(DOCKER_WORKDIR))
-DOCKER_RUN_WORKDIR              ?= -w $(PWD)
 DOCKER_SYSTEM                   ?= $(shell docker run --rm alpine uname -s 2>/dev/null)
+DOCKER_VOLUME                   ?= /var/run/docker.sock:/var/run/docker.sock
+DOCKER_WORKDIR                  ?= $(PWD)
 ENV_VARS                        += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM HOST_COMPOSE_PROJECT_NAME HOST_COMPOSE_SERVICE_NAME HOST_DOCKER_REPOSITORY HOST_DOCKER_VOLUME HOST_GID HOST_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME
 HOST_COMPOSE_PROJECT_NAME       ?= $(HOSTNAME)
 HOST_COMPOSE_SERVICE_NAME       ?= $(subst _,-,$(HOST_COMPOSE_PROJECT_NAME))
@@ -57,10 +59,10 @@ ifneq ($(DOCKER_RUN),)
 
 DOCKER_SSH_AUTH                 := -e SSH_AUTH_SOCK=/tmp/ssh-agent/socket -v $(USER_DOCKER_VOLUME):/tmp/ssh-agent
 
-# function docker-run: Run docker image 2 with arg 1
+# function docker-run: Run docker image 1 with arg 2
 define docker-run
 	$(call INFO,docker-run,$(1)$(comma) $(2))
-	$(call run,$(or $(2),$(DOCKER_IMAGE)) $(1))
+	$(call run,$(or $(1),$(DOCKER_IMAGE)) $(2))
 endef
 ifeq ($(DRONE), true)
 # function exec DRONE=true: Run DOCKER_IMAGE with arg 1
@@ -84,21 +86,21 @@ define run
 	    $(call ERROR,Found already running docker,$(DOCKER_RUN_NAME))
 	  )
 	)
-	$(RUN) docker run $(DOCKER_ENV_ARGS) $(DOCKER_RUN_LABELS) $(DOCKER_RUN_OPTIONS) $(DOCKER_RUN_VOLUME) $(DOCKER_RUN_WORKDIR) $(DOCKER_SSH_AUTH) $(DOCKER_RUN_NAME) $(2)$(1)
+	$(RUN) docker run $(DOCKER_ENV_ARGS) $(DOCKER_RUN_ENTRYPOINT) $(DOCKER_RUN_LABELS) $(DOCKER_RUN_NAME) $(DOCKER_RUN_NETWORK) $(DOCKER_RUN_OPTIONS) $(DOCKER_RUN_VOLUME) $(DOCKER_RUN_WORKDIR) $(DOCKER_SSH_AUTH) $(2)$(1)
 endef
 
 else
 
 SHELL                           := /bin/bash
-# function docker-run DOCKER=false: Run docker image 2 with arg 1
+# function docker-run DOCKER=false: Run docker image 1 with arg 2
 define docker-run
 	$(call INFO,docker-run,$(1)$(comma) $(2))
 	$(if $(DOCKER_RUN_NAME),
 	  $(if $(call docker-running,^$(DOCKER_RUN_NAME)$$),
 	    $(call ERROR,Found already running docker,$(DOCKER_RUN_NAME))
-		)
+	  )
 	)
-	$(RUN) docker run $(DOCKER_ENV_ARGS) $(DOCKER_RUN_LABELS) $(DOCKER_RUN_OPTIONS) $(DOCKER_RUN_VOLUME) $(DOCKER_RUN_WORKDIR) $(DOCKER_RUN_NAME) $(or $(2),$(DOCKER_IMAGE)) $(1)
+	$(RUN) docker run $(DOCKER_ENV_ARGS) $(DOCKER_RUN_ENTRYPOINT) $(DOCKER_RUN_LABELS) $(DOCKER_RUN_NAME) $(DOCKER_RUN_NETWORK) $(DOCKER_RUN_OPTIONS) $(DOCKER_RUN_VOLUME) $(DOCKER_RUN_WORKDIR) $(or $(1),$(DOCKER_IMAGE)) $(2)
 endef
 # function exec DOCKER=false: Call env-exec with arg 1 or SHELL
 define exec

make/def.mk

@@ -16,7 +16,6 @@ CMD_APK_INSTALL                 ?= $(if $(shell type -p apk),apk --no-cache --up
 CMD_APK_REMOVE                  ?= $(if $(shell type -p apk),apk --no-cache del)
 CMD_APT_INSTALL                 ?= $(if $(shell type -p apt-get),apt-get update && apt-get -fy install)
 CMD_APT_REMOVE                  ?= $(if $(shell type -p apt-get),apt-get -fy remove)
-CMDARGS                         ?= apps-install install-app
 COLOR_BLUE                      ?= \033[01;34m
 COLOR_BROWN                     ?= \033[33m
 COLOR_CYAN                      ?= \033[36m
@@ -90,6 +89,7 @@ MAKE_TARGETS                    ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -q
 MAKE_UNIXTIME_START             := $(shell date -u +'%s' 2>/dev/null)
 MAKE_UNIXTIME_CURRENT            = $(shell date -u "+%s" 2>/dev/null)
 MAKE_VARS                       ?= ENV
+MAKECMDARGS                     ?= apps-install install-app
 MONOREPO                        ?= $(if $(filter myos,$(MYOS)),$(notdir $(CURDIR)),$(if $(APP),$(notdir $(realpath $(CURDIR)/..))))
 MONOREPO_DIR                    ?= $(if $(MONOREPO),$(if $(filter myos,$(MYOS)),$(realpath $(CURDIR)),$(if $(APP),$(realpath $(CURDIR)/..))))
 MYOS                            ?= $(if $(filter $(MAKE_DIR),$(call pop,$(MAKE_DIR))),.,$(call pop,$(MAKE_DIR)))

make/end.mk

@@ -1,5 +1,5 @@
-# Accept arguments for CMDARGS targets and turn them into do-nothing targets
+# Accept arguments for MAKECMDARGS targets and turn them into do-nothing targets
-ifneq ($(filter $(CMDARGS),$(firstword $(MAKECMDGOALS))),)
+ifneq ($(filter $(MAKECMDARGS),$(firstword $(MAKECMDGOALS))),)
 ARGS                            := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
 ARGS                            := $(subst :,\:,$(ARGS))
 ARGS                            := $(subst &,\&,$(ARGS))

make/env.mk

@@ -10,7 +10,7 @@
 ## it removes file .env
 .PHONY: .env-clean
 .env-clean:
-	rm -i .env || true
+	$(RUN) rm -$(if $(FORCE),f,i) .env || true
 
 # target .env-update: Update file ENV_FILE
 ## it updates file ENV_FILE with missing values from file ENV_DIST

make/monorepo/def.mk

@@ -1,6 +1,6 @@
-CMDARGS                         += copy master-tag release release-check release-create release-finish subrepo-push subrepo-update
 CONTEXT                         += APPS DOMAIN RELEASE
 DIRS                            ?= $(CONFIG) $(MAKE_DIR) $(SHARED)
+MAKECMDARGS                     += copy master-tag release release-check release-create release-finish subrepo-push subrepo-update
 RELEASE_UPGRADE                 ?= $(filter v%, $(shell git tag -l 2>/dev/null |sort -V |awk '/$(RELEASE)/,0'))
 RELEASE_VERSION                 ?= $(firstword $(subst -, ,$(VERSION)))
 SUBREPOS                        ?= $(filter subrepo/%, $(shell git remote 2>/dev/null))

make/myos.mk

@@ -1,6 +1,10 @@
 ##
 # MYOS
 
+# target myos: Call host target in MYOS folder
+.PHONY: myos
+myos: myos-host
+
 # target myos-%: Call % target in MYOS folder
 .PHONY: myos-%
 myos-%: ;

stack/User/User.mk

@@ -1,5 +1,5 @@
-CMDARGS                         += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
 ENV_VARS                        += USER_DOMAIN user_domain
+MAKECMDARGS                     += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
 USER_DOMAIN                     ?= $(USER).$(DOMAIN)
 User                            ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
 

stack/elastic/elasticsearch.yml

@@ -35,6 +35,7 @@ services:
     volumes:
     - elasticsearch:/usr/share/elasticsearch/data
     restart: always
+
 volumes:
   elasticsearch:
 

stack/host/host.mk

@@ -1,7 +1,7 @@
-CMDARGS                         += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
-host                            ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
 ENV_VARS                        += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
+MAKECMDARGS                     += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
 SETUP_LETSENCRYPT               ?=
+host                            ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
 
 # target bootstrap-stack-host: Fire host-certbot host-ssl-certs
 .PHONY: bootstrap-stack-host

stack/host/ipfs.mk

@@ -2,3 +2,4 @@ ENV_VARS                                  += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGI
 HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN      ?= ["https://ipfs.$(DOMAIN)"]
 HOST_IPFS_SERVICE_5001_TAGS               ?= urlprefix-ipfs.$(DOMAIN)/api
 HOST_IPFS_SERVICE_8080_TAGS               ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/
+HOST_IPFS_UFW_DOCKER                      ?= 4001/tcp 4001/udp 8080

stack/ipfs/ipfs.mk

@@ -4,8 +4,8 @@ IPFS_PROFILE                              ?= $(if $(filter-out amd64 x86_64,$(MA
 IPFS_SERVICE_5001_TAGS                    ?= urlprefix-ipfs.$(APP_DOMAIN)/api
 IPFS_SERVICE_8080_CHECK_HTTP              ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
 IPFS_SERVICE_8080_TAGS                    ?= urlprefix-ipfs.$(APP_DOMAIN)/,urlprefix-*.ipfs.$(APP_DOMAIN),urlprefix-ipns.$(APP_DOMAIN)/,urlprefix-*.ipns.$(APP_DOMAIN)/
+IPFS_UFW_DOCKER                           ?= 4001/tcp 4001/udp 8080
 IPFS_VERSION                              ?= 0.16.0
-UFW_DOCKER_IPFS                           ?= 4001/tcp 4001/udp 8080
 
 .PHONY: bootstrap-stack-ipfs
 bootstrap-stack-ipfs: ~/.ipfs setup-sysctl