aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Crute <mike@crute.us>2023-11-21 21:19:38 -0800
committerMike Crute <mike@crute.us>2023-11-21 21:19:38 -0800
commita6dcbdda8fb66393be7e12bd3a90b77c203987d1 (patch)
tree5be553d205eb689837f6a7972e46880c73681421
parentaad62a8b259005cb8353d6a7b4a3f60c85803d1f (diff)
downloaddockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.tar.bz2
dockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.tar.xz
dockerfiles-a6dcbdda8fb66393be7e12bd3a90b77c203987d1.zip
Remove old builds
Diffstat
-rw-r--r--al2-wireguard/Dockerfile56
-rw-r--r--al2-wireguard/Makefile25
-rwxr-xr-xal2-wireguard/entrypoint.sh18
-rw-r--r--auto-dvd-ripper/Dockerfile19
-rw-r--r--auto-dvd-ripper/Makefile23
-rwxr-xr-xauto-dvd-ripper/entrypoint.sh5
-rw-r--r--auto-dvd-ripper/handbrake-1.0.7-r5.apkbin326824 -> 0 bytes
-rwxr-xr-xauto-dvd-ripper/rip_dvd.sh64
-rw-r--r--awstats/Dockerfile66
-rw-r--r--awstats/Makefile11
-rwxr-xr-xawstats/build.sh45
-rw-r--r--bird/Dockerfile11
-rw-r--r--bird/Makefile17
-rw-r--r--bird/bird_common.conf90
-rwxr-xr-xbird/entrypoint.sh15
-rw-r--r--bitbucket/Dockerfile29
-rw-r--r--bitbucket/Makefile12
-rwxr-xr-xbitbucket/entrypoint.sh13
-rwxr-xr-xbitbucket/su-execbin15752 -> 0 bytes
-rw-r--r--bugzilla/Dockerfile144
-rw-r--r--bugzilla/Makefile20
-rw-r--r--bugzilla/binaries/Bright-Skin.tar.gzbin128077 -> 0 bytes
-rw-r--r--bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.debbin11580 -> 0 bytes
-rw-r--r--bugzilla/binaries/libtheschwartz-perl_1.12-1_all.debbin41112 -> 0 bytes
-rw-r--r--bugzilla/etc/cron.d/bugzilla3
-rw-r--r--bugzilla/etc/nginx/sites-available/bugzilla41
-rwxr-xr-xbugzilla/etc/service/bugzilla/log/run3
-rwxr-xr-xbugzilla/etc/service/bugzilla/run10
-rwxr-xr-xbugzilla/etc/service/cron/log/run3
-rwxr-xr-xbugzilla/etc/service/cron/run3
-rwxr-xr-xbugzilla/etc/service/nginx/log/run3
-rwxr-xr-xbugzilla/etc/service/nginx/run3
-rwxr-xr-xbugzilla/etc/service/syslog-ng/run3
-rw-r--r--bugzilla/etc/syslog-ng/syslog-ng.conf6
-rw-r--r--bugzilla/patches/answers.pl6
-rw-r--r--bugzilla/patches/email_in.pl.patch11
-rwxr-xr-xbugzilla/sbin/sendmail104
-rwxr-xr-xbugzilla/usr/bin/bugzilla_fetch.py24
-rwxr-xr-xbugzilla/usr/bin/dumb-initbin857208 -> 0 bytes
-rwxr-xr-xbugzilla/usr/bin/su-execbin15752 -> 0 bytes
-rwxr-xr-xbugzilla/usr/sbin/sendmail108
-rw-r--r--chrome/Dockerfile29
-rwxr-xr-xchrome/run8
-rw-r--r--datastudio/Dockerfile29
-rwxr-xr-xdatastudio/run30
-rw-r--r--dropbox/Dockerfile19
-rw-r--r--dropbox/Makefile21
-rwxr-xr-xdropbox/dropbox-srv/log/run3
-rwxr-xr-xdropbox/dropbox-srv/run3
-rwxr-xr-xdropbox/entrypoint.sh37
-rw-r--r--feh/Dockerfile12
-rwxr-xr-xfeh/run9
-rw-r--r--intellij-idea/Dockerfile31
-rw-r--r--intellij-idea/Makefile17
-rwxr-xr-xintellij-idea/run28
-rw-r--r--irssi/Dockerfile27
-rw-r--r--irssi/Makefile5
-rwxr-xr-xirssi/entrypoint.sh5
-rwxr-xr-xirssi/run9
-rw-r--r--mariadb/Dockerfile33
-rw-r--r--mariadb/Makefile22
-rwxr-xr-xmariadb/docker-entrypoint.sh193
-rw-r--r--mfi/Dockerfile39
-rw-r--r--mfi/Makefile10
-rw-r--r--mosquitto/Dockerfile9
-rw-r--r--mosquitto/Makefile20
-rw-r--r--mutt/Dockerfile16
-rw-r--r--mutt/Makefile2
-rwxr-xr-xmutt/entrypoint.sh28
-rwxr-xr-xmutt/run40
-rw-r--r--newsboat/Dockerfile13
-rw-r--r--newsboat/Makefile13
-rwxr-xr-xnewsboat/entrypoint.sh31
-rw-r--r--ping_tester/Dockerfile9
-rw-r--r--ping_tester/Makefile11
-rwxr-xr-xping_tester/ping_test.py103
-rw-r--r--psql/Dockerfile12
-rwxr-xr-xpsql/run7
-rw-r--r--s3cmd/Dockerfile22
-rwxr-xr-xs3cmd/run9
-rw-r--r--skopeo/Dockerfile9
-rw-r--r--skopeo/Makefile20
-rw-r--r--smokeping_prober/Dockerfile14
-rw-r--r--smokeping_prober/Makefile18
-rw-r--r--ssh-bastion/Dockerfile16
-rw-r--r--ssh-bastion/Makefile16
-rwxr-xr-xssh-bastion/entrypoint.sh40
-rw-r--r--ssh-bastion/etc/pam.d/sshd5
-rw-r--r--ssh-bastion/etc/ssh/sshd_config101
-rw-r--r--strongswan/Dockerfile16
-rw-r--r--strongswan/Makefile14
-rwxr-xr-xstrongswan/entrypoint.sh24
-rw-r--r--stund/Dockerfile15
-rw-r--r--stund/Makefile20
-rw-r--r--unifi-video/Dockerfile61
-rw-r--r--unifi-video/Makefile39
-rwxr-xr-xunifi-video/entrypoint.sh97
-rw-r--r--unifi-video/log4j2.json135
-rwxr-xr-xunifi-video/lsb_release13
-rw-r--r--unifi/.dockerignore1
-rw-r--r--unifi/Dockerfile60
-rw-r--r--unifi/Makefile38
-rw-r--r--unifi/log4j.properties25
-rw-r--r--unifi/simplevisor.json53
-rwxr-xr-xunifi/unifi-setup.sh69
-rw-r--r--vlc/Dockerfile13
-rwxr-xr-xvlc/run9
-rw-r--r--wekan/Dockerfile15
-rw-r--r--wekan/Makefile35
-rw-r--r--wekan/simplevisor.json20
-rw-r--r--znc/Dockerfile11
-rwxr-xr-xznc/clientbuffer.sobin47080 -> 0 bytes
-rwxr-xr-xznc/entrypoint.sh5
-rwxr-xr-xznc/push.sobin169888 -> 0 bytes
114 files changed, 0 insertions, 3005 deletions
diff --git a/al2-wireguard/Dockerfile b/al2-wireguard/Dockerfile
deleted file mode 100644
index ca76f37..0000000
--- a/al2-wireguard/Dockerfile
+++ /dev/null
@@ -1,56 +0,0 @@
1FROM amazonlinux:2 AS builder
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4ARG VERSION
5ARG REGION
6
7RUN set -euxo pipefail; \
8 echo "${REGION}" > /etc/yum/vars/awsregion; \
9 amazon-linux-extras install -y kernel-ng; \
10 yum install -y \
11 libmnl-devel \
12 libmnl-static \
13 glibc-static \
14 elfutils-libelf-devel \
15 kernel-devel \
16 pkgconfig \
17 "@Development Tools" \
18 ; \
19 curl -Ls https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${VERSION}.tar.xz | tar -xJC /usr/src; \
20 cd /usr/src/WireGuard-${VERSION}/src; \
21 \
22 make module; \
23 make LDFLAGS="-static" tools
24
25
26FROM amazonlinux:2
27LABEL maintainer="Mike Crute <mike@crute.us>"
28
29ARG VERSION
30
31COPY --from=builder /usr/src/WireGuard-${VERSION}/ /tmp/WireGuard-${VERSION}/
32
33RUN set -euxo pipefail; \
34 yum install -y kmod; \
35 \
36 mkdir -p /opt/wireguard; \
37 cp /tmp/WireGuard-${VERSION}/src/wireguard.ko /opt/wireguard; \
38 \
39 cd /tmp/WireGuard-${VERSION}/src; \
40 \
41 install -v -d "/usr/bin"; \
42 install -v -d "/usr/share/man/man8"; \
43 install -v -m 0755 tools/wg "/usr/bin/wg"; \
44 install -v -m 0644 tools/man/wg.8 "/usr/share/man/man8/wg.8"; \
45 \
46 install -v -m 0700 -d "/etc/wireguard"; \
47 install -v -m 0755 tools/wg-quick/linux.bash "/usr/bin/wg-quick"; \
48 install -v -m 0644 tools/man/wg-quick.8 "/usr/share/man/man8/wg-quick.8"; \
49 \
50 yum clean all; \
51 rm -rf /tmp/WireGuard-${VERSION} /var/cache/yum
52
53ADD entrypoint.sh /
54
55ENTRYPOINT [ "/entrypoint.sh" ]
56CMD [ "sleep", "infinity" ]
diff --git a/al2-wireguard/Makefile b/al2-wireguard/Makefile
deleted file mode 100644
index 6b8a2d0..0000000
--- a/al2-wireguard/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
1WG_VERSION=0.0.20191206
2FULL_VERSION="$(shell uname -r)-wg-$(WG_VERSION)"
3IMAGE=docker.crute.me/al2-wireguard:$(FULL_VERSION)
4LATEST=$(subst :$(FULL_VERSION),,$(IMAGE)):latest
5REGION="us-west-2"
6
7all:
8 docker pull amazonlinux:2
9 docker build \
10 --build-arg=VERSION=$(WG_VERSION) \
11 --build-arg=REGION=$(REGION) \
12 -t $(IMAGE) .
13
14all-no-cache:
15 docker pull amazonlinux:2
16 docker build \
17 --no-cache \
18 --build-arg=VERSION=$(WG_VERSION) \
19 --build-arg=REGION=$(REGION) \
20 -t $(IMAGE) .
21
22publish:
23 docker push $(IMAGE)
24 docker tag $(IMAGE) $(LATEST)
25 docker push $(LATEST)
diff --git a/al2-wireguard/entrypoint.sh b/al2-wireguard/entrypoint.sh
deleted file mode 100755
index 93f59de..0000000
--- a/al2-wireguard/entrypoint.sh
+++ /dev/null
@@ -1,18 +0,0 @@
1#!/bin/sh
2
3# This needs the SYS_MODULES and NET_ADMIN capabilities
4#
5# /etc/wireguard should be mounted and include wg-quick configs
6#
7# /lib/modules/$(uname -r) should be mounted to same in container
8
9modprobe ip6_udp_tunnel
10modprobe udp_tunnel
11
12insmod /opt/wireguard/wireguard.ko
13
14for i in /etc/wireguard/*; do
15 wg-quick up "$(basename ${i/.conf/})"
16done
17
18exec "$@"
diff --git a/auto-dvd-ripper/Dockerfile b/auto-dvd-ripper/Dockerfile
deleted file mode 100644
index 5994cb7..0000000
--- a/auto-dvd-ripper/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4COPY handbrake-1.0.7-r5.apk /tmp/
5
6RUN \
7 echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories; \
8 apk --no-cache add su-exec dumb-init sg3_utils; \
9 apk --no-cache --allow-untrusted add /tmp/handbrake-1.0.7-r5.apk; \
10 addgroup -g 1000 -S alpine; \
11 adduser -u 1000 -S -H -D -G alpine alpine; \
12 addgroup alpine cdrom; \
13 rm -rf /root/.cache /tmp/*;
14
15ADD rip_dvd.sh /usr/bin/
16ADD entrypoint.sh /
17
18ENTRYPOINT ["/entrypoint.sh"]
19CMD ["/sbin/su-exec", "alpine", "/usr/bin/rip_dvd.sh"]
diff --git a/auto-dvd-ripper/Makefile b/auto-dvd-ripper/Makefile
deleted file mode 100644
index a8c34a7..0000000
--- a/auto-dvd-ripper/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
1REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
2IMAGE=auto-dvd-ripper:latest-alpine
3
4all:
5 docker build -t $(IMAGE) .
6
7all-no-cache:
8 docker build --no-cache -t $(IMAGE) .
9
10run:
11 docker run -d \
12 --device /dev/cdrom \
13 -v /mnt/Media:/mnt/Media \
14 -v /var/log/ripper:/var/log/ripper \
15 $(IMAGE)
16
17send:
18 docker save auto-dvd-ripper:latest-alpine | ssh alpine@snoopy docker load
19
20publish:
21 eval $$(aws ecr get-login --region us-west-2)
22 docker tag $(IMAGE) $(REPO)/$(IMAGE)
23 docker push $(REPO)/$(IMAGE)
diff --git a/auto-dvd-ripper/entrypoint.sh b/auto-dvd-ripper/entrypoint.sh
deleted file mode 100755
index 8b1a3e4..0000000
--- a/auto-dvd-ripper/entrypoint.sh
+++ /dev/null
@@ -1,5 +0,0 @@
1#!/bin/sh
2
3sg_raw /dev/cdrom ea 00 00 00 00 00 01
4
5exec /usr/bin/dumb-init "$@"
diff --git a/auto-dvd-ripper/handbrake-1.0.7-r5.apk b/auto-dvd-ripper/handbrake-1.0.7-r5.apk
deleted file mode 100644
index c103667..0000000
--- a/auto-dvd-ripper/handbrake-1.0.7-r5.apk
+++ /dev/null
Binary files differ
diff --git a/auto-dvd-ripper/rip_dvd.sh b/auto-dvd-ripper/rip_dvd.sh
deleted file mode 100755
index 9bb79e0..0000000
--- a/auto-dvd-ripper/rip_dvd.sh
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3exec 1> /var/log/ripper/ripper.log 2>&1
4
5function handbrake_rip() {
6 TEMP_FILE="${1}.m4v"
7
8 if [ -e "/mnt/Media/IncomingBackup/$TEMP_FILE" ]; then
9 TEMP_FILE="NewMovie-$(date +%s).m4v"
10 fi
11
12 HandBrakeCLI --main-feature --native-language eng \
13 -i /dev/cdrom -o "$TEMP_FILE" \
14 --subtitle scan --subtitle-burned native
15
16 cp "$TEMP_FILE" "/mnt/Media/Incoming/$TEMP_FILE"
17}
18
19function dvdbackup_rip() {
20 dvdbackup -i /dev/cdrom -M -p
21 cp -r "${1}" "/mnt/Media/IncomingBackup/"
22}
23
24function rip_dvd() {
25 # Make sure we have storage
26 if ! mount | grep /mnt/Media > /dev/null; then
27 email "Error: DVD Rip Failed" "Tried to rip but media wasn't mounted"
28 return 1
29 fi
30
31 # Make a temp directory and go there
32 TEMPDIR=$(mktemp -d)
33 echo $TEMPDIR
34 cd $TEMPDIR
35
36 # Get title and language
37 HandBrakeCLI --scan -i /dev/cdrom > dvdinfo 2>&1
38
39 TITLE=$(egrep -o 'DVD Title:.*' dvdinfo | awk 'BEGIN { FS=": "; } { print $2 }')
40 LANGUAGE=$(grep -A 1 'audio tracks:' dvdinfo | sed -n 2p | awk '{ print $3 }')
41
42 # Makeup something unique if the DVD doesn't have one
43 if [ -z "$TITLE" ]; then
44 TITLE="NewMovie-$(date +%s)"
45 fi
46
47 trap "eject /dev/cdrom" ERR
48
49 #dvdbackup_rip "$TITLE"
50 handbrake_rip "$TITLE"
51
52 eject /dev/cdrom
53 cd /tmp && rm -rf "$TEMPDIR"
54}
55
56while true; do
57 if ! blkid /dev/cdrom | grep 'TYPE=' >/dev/null; then
58 sleep 1
59 else
60 echo "=============================== START DVD RIP =============================="
61 rip_dvd
62 echo "============================== FINISH DVD RIP =============================="
63 fi
64done
diff --git a/awstats/Dockerfile b/awstats/Dockerfile
deleted file mode 100644
index 18a679a..0000000
--- a/awstats/Dockerfile
+++ /dev/null
@@ -1,66 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4
5# TODO: Is this really needed?
6# apk add perl-net-ssleay
7
8RUN set -euxo pipefail; \
9 # Install build dependencies
10 apk add --virtual .build-deps \
11 build-base \
12 git \
13 perl-app-cpanminus \
14 perl-dev \
15 wget \
16 ; \
17 apk add \
18 curl \
19 ; \
20 \
21 # Install awstats
22 git clone https://github.com/eldy/awstats.git /opt/awstats; \
23 cpanm -n Net::IP Net::DNS; \
24 mkdir /etc/awstats; \
25 \
26 # Install MaxMind GeoIP2 library
27 apk add perl-net-ssleay; \
28 cpanm -n \
29 Data::Validate::IP \
30 HTTP::Headers \
31 HTTP::Request \
32 HTTP::Response \
33 HTTP::Status \
34 JSON::MaybeXS \
35 List::SomeUtils \
36 LWP::Protocol::https \
37 LWP::UserAgent \
38 MaxMind::DB::Metadata \
39 MaxMind::DB::Reader \
40 Moo \
41 Moo::Role \
42 namespace::clean \
43 Params::Validate \
44 Path::Class \
45 Sub::Quote \
46 Test::Fatal \
47 Test::Number::Delta \
48 Throwable::Error \
49 Try::Tiny URI \
50 ; \
51 \
52 git clone https://github.com/maxmind/GeoIP2-perl.git /tmp/GeoIP2-perl; \
53 cd /tmp/GeoIP2-perl; \
54 perl Makefile.PL; \
55 make all install; \
56 mkdir /geoip; \
57 rm -rf /tmp/GeoIP2-perl; \
58 \
59 # Cleanup
60 apk del .build-deps; \
61 rm -rf /root/.cpanm/ /var/cache/apk/*;
62
63ADD main /serve
64ADD build.sh /build
65
66CMD [ "/serve" ]
diff --git a/awstats/Makefile b/awstats/Makefile
deleted file mode 100644
index 52b3117..0000000
--- a/awstats/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1IMAGE=docker.crute.me/awstats:latest
2
3all:
4 docker pull alpine:edge
5 docker build -t $(IMAGE) .
6
7all-no-cache:
8 docker build --no-cache -t $(IMAGE) .
9
10publish:
11 docker push $(IMAGE)
diff --git a/awstats/build.sh b/awstats/build.sh
deleted file mode 100755
index 816ae3b..0000000
--- a/awstats/build.sh
+++ /dev/null
@@ -1,45 +0,0 @@
1#!/bin/sh
2
3set -euo pipefail
4
5# Validate environment variables
6[ -z "$SITE_DOMAIN" ] && { echo "SITE_DOMAIN env variable required"; exit 1; }
7[ -z "$SITE_ALIASES" ] && { echo "SITE_DOMAIN env variable required"; exit 1; }
8[ -z "$GEOIP_LICENSE_KEY" ] && { echo "GEOIP_LICENSE_KEY env variable required"; exit 1; }
9
10# Create the config template
11cat > /etc/awstats/awstats.${SITE_DOMAIN}.conf <<EOF
12LogFile="/input/${SITE_DOMAIN}.log"
13DirData="/output"
14LogFormat = "%virtualname %host - %other %time1 %methodurl %code %bytesd %refererquot %uaquot"
15SiteDomain="${SITE_DOMAIN}"
16HostAliases="${SITE_DOMAIN} ${SITE_ALIASES}"
17#ShowScreenSizeStats=1
18DefaultFile="index.html default.html"
19AllowFullYearView=3
20
21LoadPlugin="ipv6"
22# Should be enabled for build only
23LoadPlugin="geoip2 /geoip/GeoLite2-Country.mmdb"
24LoadPlugin="geoip2_city /geoip/GeoLite2-City.mmdb"
25
26#ExtraSectionName1="Redirected Hit"
27#ExtraSectionCodeFilter1="302"
28#ExtraSectionCondition1="URL,\/offsite"
29#ExtraSectionFirstColumnTitle1="Url"
30#ExtraSectionFirstColumnValues1="QUERY_STRING,url=([^&]+)"
31#ExtraSectionStatTypes1=HL
32#MaxNbOfExtra1=500
33#MinHitExtra1=1
34#ExtraSectionAddSumRow1=1
35EOF
36
37# Download and setup GeoIP Databases
38curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp
39curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp
40curl -s "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&suffix=tar.gz&license_key=${GEOIP_LICENSE_KEY}" | tar -xz -C /tmp
41
42find /tmp -name '*.mmdb' -exec cp '{}' /geoip/ \;
43rm -rf /tmp/GeoLite2*
44
45/opt/awstats/wwwroot/cgi-bin/awstats.pl -config=${SITE_DOMAIN} -update -dir=/output
diff --git a/bird/Dockerfile b/bird/Dockerfile
deleted file mode 100644
index c8dfd65..0000000
--- a/bird/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -euxo pipefail; \
5 echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories; \
6 apk add --no-cache bird;
7
8ADD entrypoint.sh /
9ADD bird_common.conf /etc
10
11ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/bird/Makefile b/bird/Makefile
deleted file mode 100644
index e96c7b7..0000000
--- a/bird/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1IMAGE=docker.crute.me/bird:latest
2
3all:
4 docker build -t $(IMAGE) .
5
6all-no-cache:
7 docker build --no-cache -t $(IMAGE) .
8
9run:
10 docker run -d --net=host \
11 --cap-add=NET_ADMIN \
12 --name=bird \
13 -v $PWD/bird:/srv/bird \
14 $(IMAGE)
15
16publish:
17 docker push $(IMAGE)
diff --git a/bird/bird_common.conf b/bird/bird_common.conf
deleted file mode 100644
index 2f7f9ac..0000000
--- a/bird/bird_common.conf
+++ /dev/null
@@ -1,90 +0,0 @@
1protocol device {
2};
3
4function is_self_net() {
5 return net ~ OWNNETS;
6};
7
8function is_valid_network() {
9 return net ~ [
10 172.16.0.0/12+,
11 192.168.0.0/16+,
12 10.0.0.0/8+,
13 100.64.0.0/10+,
14 2000::/3+,
15 fd00::/8+
16 ];
17};
18
19protocol kernel {
20 ipv4 {
21 import none;
22 export filter {
23 if source = RTS_STATIC && proto != "vpnras_v4" && proto != "hack_v4" then reject;
24 krt_prefsrc = OWNIP4;
25 accept;
26 };
27 };
28};
29
30protocol kernel {
31 ipv6 {
32 import none;
33 export filter {
34 if source = RTS_STATIC && proto != "vpnras_v6" && proto != "hack_v6" then reject;
35 krt_prefsrc = OWNIP6;
36 accept;
37 };
38 };
39};
40
41template bgp v4peers {
42 local as OWNAS;
43
44 ipv4 {
45 # this lines allows debugging filter rules
46 # filtered routes can be looked up in birdc using the "show route filtered" command
47 import keep filtered;
48 import filter {
49 # accept every subnet, except our own advertised subnet
50 # filtering is important, because some guys try to advertise routes like 0.0.0.0
51 if is_valid_network() && !is_self_net() then {
52 accept;
53 }
54 reject;
55 };
56 export filter {
57 if is_valid_network() then {
58 accept;
59 }
60 reject;
61 };
62 import limit 1000 action block;
63 };
64};
65
66template bgp v6peers {
67 local as OWNAS;
68
69 ipv6 {
70 # this lines allows debugging filter rules
71 # filtered routes can be looked up in birdc using the "show route filtered" command
72 import keep filtered;
73 import filter {
74 # accept every subnet, except our own advertised subnet
75 # filtering is important, because some guys try to advertise routes like 0.0.0.0
76 if is_valid_network() && !is_self_net() then {
77 accept;
78 }
79 reject;
80 };
81 export filter {
82 if is_valid_network() then {
83 accept;
84 }
85 reject;
86 };
87 import limit 1000 action block;
88 };
89};
90
diff --git a/bird/entrypoint.sh b/bird/entrypoint.sh
deleted file mode 100755
index 54aab0d..0000000
--- a/bird/entrypoint.sh
+++ /dev/null
@@ -1,15 +0,0 @@
1#!/bin/sh
2
3PROFILE="$1"
4
5if [ -z "$PROFILE" ]; then
6 echo "Profile must be specified on the command line"
7 exit 1
8fi
9
10if [ ! -e "/srv/bird/${PROFILE}.conf" ]; then
11 echo "Profile '$PROFILE' does not exist"
12 exit 1
13fi
14
15exec /usr/sbin/bird -d -f -c /srv/bird/${PROFILE}.conf
diff --git a/bitbucket/Dockerfile b/bitbucket/Dockerfile
deleted file mode 100644
index 99d4ad8..0000000
--- a/bitbucket/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
1FROM ubuntu:16.04
2MAINTAINER Michael Crute <mike@crute.us>
3
4ARG version=4.13.0
5
6RUN export DEBIAN_FRONTEND=noninteractive && \
7 apt-get update && \
8 apt-get install -y curl git openjdk-8-jdk && \
9 useradd -r -M -d /srv/wiki -s /bin/nologin bitbucket && \
10 curl -o /tmp/bitbucket.tar.gz \
11 https://downloads.atlassian.com/software/stash/downloads/atlassian-bitbucket-${version}.tar.gz && \
12 mkdir -p /opt/bitbucket && \
13 tar -xvzf /tmp/bitbucket.tar.gz -C /opt/bitbucket --strip-components 1 && \
14 chown -R bitbucket /opt/bitbucket
15
16RUN \
17 apt-get clean && \
18 rm -rf /var/lib/apt/lists/* && \
19 rm -rf /tmp/*
20
21RUN sed -i 's/^JVM_MAXIMUM_MEMORY="768m"/JVM_MAXIMUM_MEMORY="512m"/' /opt/bitbucket/bin/setenv.sh
22ADD entrypoint.sh /
23ADD su-exec /usr/bin/
24ENV BITBUCKET_HOME /srv/bitbucket/data
25ENV ES_HEAP_SIZE 512m
26VOLUME "/srv/bitbucket"
27ENTRYPOINT [ "/entrypoint.sh" ]
28#CMD ["/opt/bitbucket/bin/start-bitbucket.sh", "-fg"]
29CMD ["/opt/bitbucket/bin/start-webapp.sh", "-fg"]
diff --git a/bitbucket/Makefile b/bitbucket/Makefile
deleted file mode 100644
index 10ab4df..0000000
--- a/bitbucket/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
1all:
2 docker build -t bitbucket .
3
4all-no-cache:
5 docker build --no-cache -t bitbucket .
6
7run:
8 docker run -d \
9 -p 7990:7990 \
10 -p 7999:7999 \
11 -v /srv/bitbucket:/srv/bitbucket \
12 bitbucket
diff --git a/bitbucket/entrypoint.sh b/bitbucket/entrypoint.sh
deleted file mode 100755
index bc3828f..0000000
--- a/bitbucket/entrypoint.sh
+++ /dev/null
@@ -1,13 +0,0 @@
1#!/bin/bash
2
3set -e
4
5export PATH="/usr/bin:$PATH"
6
7if [ ! -d /srv/bitbucket/data ]; then
8 mkdir /srv/bitbucket/data
9 chown bitbucket /srv/bitbucket/data
10fi
11
12umask 0027
13su-exec bitbucket "$@"
diff --git a/bitbucket/su-exec b/bitbucket/su-exec
deleted file mode 100755
index 940f452..0000000
--- a/bitbucket/su-exec
+++ /dev/null
Binary files differ
diff --git a/bugzilla/Dockerfile b/bugzilla/Dockerfile
deleted file mode 100644
index 8ebf911..0000000
--- a/bugzilla/Dockerfile
+++ /dev/null
@@ -1,144 +0,0 @@
1FROM ubuntu:16.04
2MAINTAINER Michael Crute <mike@crute.us>
3ARG bz_version
4
5ADD binaries/ /tmp/
6ADD patches/ /tmp/
7
8RUN export DEBIAN_FRONTEND=noninteractive && \
9 echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' > /etc/apt/apt.conf && \
10 apt-get update && \
11
12# Perl needs the UTF-8 locale
13 apt-get install -y locales && \
14 locale-gen en_US.UTF-8 && \
15
16# Install system dependencies
17 apt-get install -y \
18 cron \
19 nginx \
20 patch \
21 python-boto3 \
22 runit \
23 sudo \
24 syslog-ng \
25 && \
26
27# Install Bugzilla dependencies
28 apt-get install -y \
29 graphviz \
30 libappconfig-perl \
31 libauthen-radius-perl \
32 libauthen-sasl-perl \
33 libcache-memcached-fast-perl \
34 libcgi-pm-perl \
35 libchart-perl \
36 libdaemon-generic-perl \
37 libdate-calc-perl \
38 libdatetime-perl \
39 libdatetime-timezone-perl \
40 libdbd-mysql-perl \
41 libdbd-sqlite3-perl \
42 libdbi-perl \
43 libemail-mime-perl \
44 libemail-reply-perl \
45 libemail-sender-perl \
46 libencode-detect-perl \
47 libfile-copy-recursive-perl \
48 libfile-mimeinfo-perl \
49 libfile-slurp-perl \
50 libfile-which-perl \
51 libgd-graph-perl \
52 libhtml-formattext-withlinks-perl \
53 libhtml-scrubber-perl \
54 libjson-rpc-perl \
55 libmath-random-isaac-perl \
56 libmath-random-isaac-xs-perl \
57 libmime-tools-perl \
58 libmodule-build-perl \
59 libmoox-strictconstructor-perl \
60 libnet-ldap-perl \
61 libplack-perl \
62 libsoap-lite-perl \
63 libtemplate-perl \
64 libtemplate-plugin-gd-perl \
65 libtest-taint-perl \
66 libtext-multimarkdown-perl \
67 libtheschwartz-perl \
68 liburi-db-perl \
69 libxml-perl \
70 libxml-twig-perl \
71 perlmagick \
72 python-sphinx \
73 rst2pdf \
74 && \
75
76 dpkg -i /tmp/libpatchreader-perl_0.9.6-1_all.deb && \
77 dpkg -i /tmp/libtheschwartz-perl_1.12-1_all.deb && \
78
79# Setup users and groups
80 groupadd -g 901 bugzilla && \
81 usermod -a -G bugzilla www-data && \
82 useradd -d /var/www/html/bugzilla -M -N -g bugzilla -G www-data -s /bin/bash -u 901 bugzilla && \
83
84# Setup bugzilla app
85 curl -L -o "/tmp/release-${bz_version}.tar.gz" "https://github.com/bugzilla/bugzilla/archive/release-${bz_version}.tar.gz" && \
86 mkdir -p /var/www/html && \
87 tar -C /var/www/html/ -xvzf /tmp/release-${bz_version}.tar.gz && \
88 ln -s /var/www/html/bugzilla-release-${bz_version} /var/www/html/bugzilla && \
89 tar -C /var/www/html/bugzilla/skins/contrib/ -xvzf /tmp/Bright-Skin.tar.gz && \
90 rm /etc/nginx/sites-enabled/default && \
91 ln -s /etc/nginx/sites-available/bugzilla /etc/nginx/sites-enabled/bugzilla && \
92
93# Run the initial setup
94#
95# The bugzilla user must have permissions to modify files in the release
96# directory because checksetup.pl will change permissions so that the files are
97# owned by that user. Without those permission changes running plack will fail
98# with permission errors. Additionally, all checksetup.pl invocations must
99# happen as the bugzilla user for permissions to be properly updated.
100
101 chown -R bugzilla /var/www/html/bugzilla-release-${bz_version} && \
102
103 # First time creates the config file
104 cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \
105
106 # Second time does the real setup
107 cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \
108
109# Allow admin overrides
110 mkdir /srv/bugzilla && \
111
112 mv /var/www/html/bugzilla/localconfig /srv/bugzilla/localconfig && \
113 ln -s /srv/bugzilla/localconfig /var/www/html/bugzilla/localconfig && \
114
115 mv /var/www/html/bugzilla/data/db /srv/bugzilla/ && \
116 ln -s /srv/bugzilla/db /var/www/html/bugzilla/data/ && \
117
118 mv /var/www/html/bugzilla/data/attachments /srv/bugzilla/ && \
119 ln -s /srv/bugzilla/attachments /var/www/html/bugzilla/data/ && \
120
121 mv /var/www/html/bugzilla/data/mining /srv/bugzilla/ && \
122 ln -s /srv/bugzilla/mining /var/www/html/bugzilla/data/ && \
123
124 cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/ && \
125
126# Enable voting extension
127 rm /var/www/html/bugzilla/extensions/Voting/disabled && \
128
129# Patch the code
130 # Update the email_in script to lookup by email instead of assuming that
131 # usernames are the same as email addresses.
132 cd / && patch -p1 < /tmp/email_in.pl.patch && \
133
134# Clean up
135 rm /etc/apt/apt.conf && \
136 apt-get clean && \
137 rm -rf /var/lib/apt/lists/* && \
138 rm -rf /tmp/*
139
140ADD usr/ /usr/
141ADD etc/ /etc/
142
143STOPSIGNAL SIGHUP
144CMD [ "/usr/bin/dumb-init", "/usr/bin/runsvdir", "/etc/service" ]
diff --git a/bugzilla/Makefile b/bugzilla/Makefile
deleted file mode 100644
index f11a22d..0000000
--- a/bugzilla/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
1IMAGE=bugzilla:latest
2VERSION=5.1.1
3REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
4
5all:
6 docker build --build-arg=bz_version=$(VERSION) -t $(IMAGE) .
7
8all-no-cache:
9 docker build --no-cache --build-arg=bz_version=$(VERSION) -t $(IMAGE) .
10
11run:
12 docker run -d \
13 -p 9000:80 \
14 -v /srv/bugzilla:/srv/bugzilla \
15 $(IMAGE)
16
17publish:
18 eval $$(aws ecr get-login --region us-west-2)
19 docker tag $(IMAGE) $(REPO)/$(IMAGE)
20 docker push $(REPO)/$(IMAGE)
diff --git a/bugzilla/binaries/Bright-Skin.tar.gz b/bugzilla/binaries/Bright-Skin.tar.gz
deleted file mode 100644
index 3629fdf..0000000
--- a/bugzilla/binaries/Bright-Skin.tar.gz
+++ /dev/null
Binary files differ
diff --git a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb b/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb
deleted file mode 100644
index d6ea10c..0000000
--- a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb
+++ /dev/null
Binary files differ
diff --git a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb b/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb
deleted file mode 100644
index b28a307..0000000
--- a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb
+++ /dev/null
Binary files differ
diff --git a/bugzilla/etc/cron.d/bugzilla b/bugzilla/etc/cron.d/bugzilla
deleted file mode 100644
index 8853366..0000000
--- a/bugzilla/etc/cron.d/bugzilla
+++ /dev/null
@@ -1,3 +0,0 @@
15 0 * * * bugzilla cd /var/www/html/bugzilla && ./collectstats.pl
2*/15 * * * * bugzilla cd /var/www/html/bugzilla && ./whine.pl
30 * * * * bugzilla cd /var/www/html/bugzilla && ./whineatnews.pl
diff --git a/bugzilla/etc/nginx/sites-available/bugzilla b/bugzilla/etc/nginx/sites-available/bugzilla
deleted file mode 100644
index d10798f..0000000
--- a/bugzilla/etc/nginx/sites-available/bugzilla
+++ /dev/null
@@ -1,41 +0,0 @@
1server {
2 root /var/www/html/bugzilla;
3
4 autoindex off;
5 index index.cgi;
6
7 location /attachments { return 403; }
8 location /Bugzilla { return 403; }
9 location /lib { return 403; }
10 location /template { return 403; }
11 location /contrib { return 403; }
12 location /t { return 403; }
13 location /xt { return 403; }
14 location /data { return 403; }
15 location /graphs { return 403; }
16 location ~ (\.pm|\.pl|\.psgi|\.tmpl|localconfig.*|cpanfile)$ { return 403; }
17
18 location ~ ^/data/webdot/[^/]*\.png$ { }
19 location ~ ^/graphs/[^/]*\.(png|gif) { }
20
21 location /rest {
22 rewrite ^/rest/(.*)$ rest.cgi?$1 last;
23 }
24
25 location ~ \.(css|js)$ {
26 expires 1y;
27 add_header Cache-Control public;
28 }
29
30 location ~ \.cgi$ {
31 include fastcgi_params;
32 fastcgi_param SERVER_NAME 'bugs.crute.me';
33 fastcgi_param SCRIPT_NAME '';
34 fastcgi_param PATH_INFO $uri;
35 fastcgi_param BZ_CACHE_CONTROL 1;
36 fastcgi_pass localhost:9090;
37 }
38
39 gzip on;
40 gzip_types text/xml application/rdf+xml;
41}
diff --git a/bugzilla/etc/service/bugzilla/log/run b/bugzilla/etc/service/bugzilla/log/run
deleted file mode 100755
index c37e560..0000000
--- a/bugzilla/etc/service/bugzilla/log/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3cat -
diff --git a/bugzilla/etc/service/bugzilla/run b/bugzilla/etc/service/bugzilla/run
deleted file mode 100755
index acf5287..0000000
--- a/bugzilla/etc/service/bugzilla/run
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/bash
2
3trap "cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/params.json" EXIT
4
5cp /srv/bugzilla/params.json /var/www/html/bugzilla/data/params.json
6
7cd /var/www/html/bugzilla
8
9/usr/bin/su-exec bugzilla:bugzilla \
10 /usr/bin/plackup -s FCGI --listen :9090 /var/www/html/bugzilla/app.psgi
diff --git a/bugzilla/etc/service/cron/log/run b/bugzilla/etc/service/cron/log/run
deleted file mode 100755
index c37e560..0000000
--- a/bugzilla/etc/service/cron/log/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3cat -
diff --git a/bugzilla/etc/service/cron/run b/bugzilla/etc/service/cron/run
deleted file mode 100755
index dd49bb6..0000000
--- a/bugzilla/etc/service/cron/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3/usr/sbin/cron -f -n
diff --git a/bugzilla/etc/service/nginx/log/run b/bugzilla/etc/service/nginx/log/run
deleted file mode 100755
index c37e560..0000000
--- a/bugzilla/etc/service/nginx/log/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3cat -
diff --git a/bugzilla/etc/service/nginx/run b/bugzilla/etc/service/nginx/run
deleted file mode 100755
index 0a99b49..0000000
--- a/bugzilla/etc/service/nginx/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3/usr/sbin/nginx -g 'daemon off; master_process on;'
diff --git a/bugzilla/etc/service/syslog-ng/run b/bugzilla/etc/service/syslog-ng/run
deleted file mode 100755
index c2b1cd1..0000000
--- a/bugzilla/etc/service/syslog-ng/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/bash
2
3/usr/sbin/syslog-ng -F --no-caps
diff --git a/bugzilla/etc/syslog-ng/syslog-ng.conf b/bugzilla/etc/syslog-ng/syslog-ng.conf
deleted file mode 100644
index 989fd46..0000000
--- a/bugzilla/etc/syslog-ng/syslog-ng.conf
+++ /dev/null
@@ -1,6 +0,0 @@
1@version: 3.5
2
3options { flush-lines(0); use-dns(no); stats-freq(0); };
4source s_src { unix-dgram("/dev/log" so-rcvbuf(8192)); internal(); };
5destination d_stdout { pipe("/dev/stdout"); };
6log { source(s_src); destination(d_stdout); };
diff --git a/bugzilla/patches/answers.pl b/bugzilla/patches/answers.pl
deleted file mode 100644
index 90b06af..0000000
--- a/bugzilla/patches/answers.pl
+++ /dev/null
@@ -1,6 +0,0 @@
1%answer = (
2 'ADMIN_LOGIN' => 'admin',
3 'ADMIN_EMAIL' => 'admin@example.com',
4 'ADMIN_PASSWORD' => 'password',
5 'ADMIN_REALNAME' => 'Example Admin',
6);
diff --git a/bugzilla/patches/email_in.pl.patch b/bugzilla/patches/email_in.pl.patch
deleted file mode 100644
index e2e5ba0..0000000
--- a/bugzilla/patches/email_in.pl.patch
+++ /dev/null
@@ -1,11 +0,0 @@
1--- a/var/www/html/bugzilla-release-5.1.1//email_in.pl 2016-05-16 18:48:27.000000000 +0000
2+++ b/var/www/html/bugzilla-release-5.1.1//email_in.pl 2017-05-17 03:53:38.978805718 +0000
3@@ -509,7 +509,7 @@
4
5 my $username = $mail_fields->{'reporter'};
6
7-my $user = Bugzilla::User->check($username);
8+my $user = new Bugzilla::User(Bugzilla::User::email_to_id($username, 1));
9 Bugzilla->set_user($user);
10
11 my ($bug, $comment);
diff --git a/bugzilla/sbin/sendmail b/bugzilla/sbin/sendmail
deleted file mode 100755
index db5abbd..0000000
--- a/bugzilla/sbin/sendmail
+++ /dev/null
@@ -1,104 +0,0 @@
1#!/usr/bin/python
2
3import os
4import re
5import sys
6import email
7import boto3
8import socket
9import argparse
10from botocore.exceptions import NoRegionError
11
12# These are all the sendmail options we don't support but have to accept so we
13# can ignore them without messing up the command line.
14#
15# Format is (argument, takes parameters)
16IGNORED = (
17 ("-4", False), ("-6", False), ("-au", True), ("-ap", True),
18 ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False),
19 ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False),
20 ("-bv", False), ("-bz", False), ("-C", True), ("-d", True),
21 ("-E", False), ("-h", True), ("-m", False), ("-M", True),
22 ("-N", True), ("-n", False), ("-oA", True), ("-oc", False),
23 ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True),
24 ("-of", False), ("-og", True), ("-oH", True), ("-oi", False),
25 ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True),
26 ("-or", True), ("-oS", True), ("-os", False), ("-oT", True),
27 ("-ot", False), ("-ou", True), ("-q", True), ("-R", True),
28 ("-v", False), ("-F", True), ("-t", True),
29)
30
31# A rough approximation of an email address but should be good enough to pick
32# emails out of a command line
33SORTA_EMAIL = re.compile("\S+@\S+\.\S+")
34
35if os.path.exists("/etc/mailname"):
36 with open("/etc/mailname", "r") as fp:
37 MAIL_DOMAIN = fp.read().strip()
38else:
39 MAIL_DOMAIN = socket.getfqdn()
40
41# Configuration comes from the environment or metadata service
42try:
43 client = boto3.client("ses")
44except NoRegionError:
45 boto3.setup_default_session(region_name="us-west-2")
46 client = boto3.client("ses")
47
48
49
50def parse_args():
51 parser = argparse.ArgumentParser(add_help=False)
52 parser.add_argument("-V", action="store_true", dest="display_version")
53 parser.add_argument("-f", nargs=1, dest="sender_addr")
54 parser.add_argument("-r", nargs=1, dest="sender_addr")
55
56 for arg, nargs in IGNORED:
57 parser.add_argument(arg, nargs="?" if nargs else None)
58
59 opts, args = parser.parse_known_args()
60 addresses = [a for a in args if SORTA_EMAIL.match(a)]
61
62 return opts, addresses
63
64
65def main():
66 opts, addresses = parse_args()
67
68 if opts.display_version:
69 print("SES raw mail sender (definitely not sendmail)")
70 sys.exit(0)
71
72 try:
73 sender = opts.sender_addr[0]
74 except (IndexError, TypeError):
75 sender = None
76
77 msg = email.message_from_string(sys.stdin.read().encode("us-ascii"))
78
79 # Fix up cron emails
80 if 'Cron Daemon' in msg.get("From"):
81 msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN))
82
83 ses_args = {"RawMessage": {"Data": msg.as_string()}}
84
85 if sender and not SORTA_EMAIL.match(sender):
86 raise Exception("Sender email does not look like an email")
87
88 if sender:
89 ses_args["Source"] = sender
90
91 if addresses:
92 ses_args["Destinations"] = addresses
93
94 client.send_raw_email(**ses_args)
95
96
97if __name__ == "__main__":
98 try:
99 main()
100 sys.exit(0)
101 except Exception as e:
102 print("Error during sending:")
103 print(e)
104 sys.exit(1)
diff --git a/bugzilla/usr/bin/bugzilla_fetch.py b/bugzilla/usr/bin/bugzilla_fetch.py
deleted file mode 100755
index b4a9805..0000000
--- a/bugzilla/usr/bin/bugzilla_fetch.py
+++ /dev/null
@@ -1,24 +0,0 @@
1#!/usr/bin/env python
2
3import boto3
4import subprocess
5
6
7client = boto3.client("s3")
8bucket = "mcrute-bugs-emails"
9email_bin = "/var/www/html/bugzilla/email_in.pl"
10items = client.list_objects_v2(Bucket=bucket)
11
12
13for item in items["Contents"]:
14 key = item["Key"]
15
16 if key == "AMAZON_SES_SETUP_NOTIFICATION":
17 continue
18
19 body = client.get_object(Bucket=bucket, Key=key)["Body"]
20
21 cmd = subprocess.Popen([email_bin], stdin=subprocess.PIPE)
22 cmd.communicate(body.read())
23
24 client.delete_object(Bucket=bucket, Key=key)
diff --git a/bugzilla/usr/bin/dumb-init b/bugzilla/usr/bin/dumb-init
deleted file mode 100755
index 4a41698..0000000
--- a/bugzilla/usr/bin/dumb-init
+++ /dev/null
Binary files differ
diff --git a/bugzilla/usr/bin/su-exec b/bugzilla/usr/bin/su-exec
deleted file mode 100755
index 940f452..0000000
--- a/bugzilla/usr/bin/su-exec
+++ /dev/null
Binary files differ
diff --git a/bugzilla/usr/sbin/sendmail b/bugzilla/usr/sbin/sendmail
deleted file mode 100755
index 69e5816..0000000
--- a/bugzilla/usr/sbin/sendmail
+++ /dev/null
@@ -1,108 +0,0 @@
1#!/usr/bin/python
2
3import os
4import re
5import sys
6import email
7import boto3
8import socket
9import argparse
10from botocore.exceptions import NoRegionError
11
12# These are all the sendmail options we don't support but have to accept so we
13# can ignore them without messing up the command line.
14#
15# Format is (argument, takes parameters)
16IGNORED = (
17 ("-4", False), ("-6", False), ("-au", True), ("-ap", True),
18 ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False),
19 ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False),
20 ("-bv", False), ("-bz", False), ("-C", True), ("-d", True),
21 ("-E", False), ("-h", True), ("-m", False), ("-M", True),
22 ("-N", True), ("-n", False), ("-oA", True), ("-oc", False),
23 ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True),
24 ("-of", False), ("-og", True), ("-oH", True), ("-oi", False),
25 ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True),
26 ("-or", True), ("-oS", True), ("-os", False), ("-oT", True),
27 ("-ot", False), ("-ou", True), ("-q", True), ("-R", True),
28 ("-v", False), ("-F", True), ("-t", True),
29)
30
31# A rough approximation of an email address but should be good enough to pick
32# emails out of a command line
33SORTA_EMAIL = re.compile("\S+@\S+\.\S+")
34
35if os.path.exists("/etc/mailname"):
36 with open("/etc/mailname", "r") as fp:
37 MAIL_DOMAIN = fp.read().strip()
38else:
39 MAIL_DOMAIN = socket.getfqdn()
40
41# Configuration comes from the environment or metadata service
42try:
43 client = boto3.client("ses")
44except NoRegionError:
45 # TODO: Handle this better
46 boto3.setup_default_session(
47 aws_access_key_id="AKIAJSJZAZDLGRZVT6ZQ",
48 aws_secret_access_key="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",
49 region_name="us-west-2")
50 client = boto3.client("ses")
51
52
53
54def parse_args():
55 parser = argparse.ArgumentParser(add_help=False)
56 parser.add_argument("-V", action="store_true", dest="display_version")
57 parser.add_argument("-f", nargs=1, dest="sender_addr")
58 parser.add_argument("-r", nargs=1, dest="sender_addr")
59
60 for arg, nargs in IGNORED:
61 parser.add_argument(arg, nargs="?" if nargs else None)
62
63 opts, args = parser.parse_known_args()
64 addresses = [a for a in args if SORTA_EMAIL.match(a)]
65
66 return opts, addresses
67
68
69def main():
70 opts, addresses = parse_args()
71
72 if opts.display_version:
73 print("SES raw mail sender (definitely not sendmail)")
74 sys.exit(0)
75
76 try:
77 sender = opts.sender_addr[0]
78 except (IndexError, TypeError):
79 sender = None
80
81 msg = email.message_from_string(sys.stdin.read().encode("us-ascii"))
82
83 # Fix up cron emails
84 if 'Cron Daemon' in msg.get("From"):
85 msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN))
86
87 ses_args = {"RawMessage": {"Data": msg.as_string()}}
88
89 if sender and not SORTA_EMAIL.match(sender):
90 raise Exception("Sender email does not look like an email")
91
92 if sender:
93 ses_args["Source"] = sender
94
95 if addresses:
96 ses_args["Destinations"] = addresses
97
98 client.send_raw_email(**ses_args)
99
100
101if __name__ == "__main__":
102 try:
103 main()
104 sys.exit(0)
105 except Exception as e:
106 print("Error during sending:")
107 print(e)
108 sys.exit(1)
diff --git a/chrome/Dockerfile b/chrome/Dockerfile
deleted file mode 100644
index ef07d5b..0000000
--- a/chrome/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
1FROM ubuntu:14.04
2
3# TODO: Bridge kerberos credentials
4# TODO: Add infosec CAs
5
6RUN \
7 export DEBIAN_FRONTEND=noninteractive && \
8 sed 's/main$/main universe/' -i /etc/apt/sources.list && \
9 apt-get update && \
10 apt-get install -y curl && \
11 curl -s https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
12 sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' && \
13 apt-get update && \
14 apt-get install -y google-chrome-stable && \
15 apt-get clean && \
16 rm -rf /var/lib/apt/lists/* && \
17 rm -rf /tmp/*
18
19RUN mkdir -p /home/crutem && \
20 echo "crutem:x:1677955:1677955:Developer,,,:/home/crutem:/bin/bash" >> /etc/passwd && \
21 echo "crutem:x:1677955:" >> /etc/group && \
22 echo "crutem ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/crutem && \
23 chmod 0440 /etc/sudoers.d/crutem && \
24 chown crutem:crutem -R /home/crutem
25
26USER crutem
27ENV HOME /home/crutem
28WORKDIR /home/crutem
29CMD /usr/bin/google-chrome
diff --git a/chrome/run b/chrome/run
deleted file mode 100755
index 2f8b96d..0000000
--- a/chrome/run
+++ /dev/null
@@ -1,8 +0,0 @@
1#!/bin/bash
2
3docker run -ti --rm --net=host \
4 -e DISPLAY \
5 -e XAUTHORITY=$HOME/.Xauthority \
6 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
7 -v $HOME/.Xauthority:$HOME/.Xauthority:ro \
8 chrome
diff --git a/datastudio/Dockerfile b/datastudio/Dockerfile
deleted file mode 100644
index ca4b092..0000000
--- a/datastudio/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4 apt-get update && \
5 apt-get install -y apt-utils runit curl
6
7RUN \
8 groupadd -g 1677955 crutem && \
9 useradd -m -d /home/crutem -g crutem -u 1677955 crutem
10
11RUN export DEBIAN_FRONTEND=noninteractive && \
12 apt-get update && \
13 apt-get install -y openjdk-8-jdk && \
14 cd /tmp && \
15 curl -O http://www.aquafold.com/download/v17.0.0/linux/ads-linux-x64-17.0.10.tar.gz && \
16 tar -xvzf ads-linux-x64-17.0.10.tar.gz && \
17 mv datastudio /usr/local
18
19RUN \
20 apt-get clean && \
21 rm -rf /var/lib/apt/lists/* && \
22 rm -rf /tmp/*
23
24USER crutem
25ENV LANG C.UTF-8
26ENV HOME /home/crutem
27WORKDIR /home/crutem
28
29CMD ["/usr/local/datastudio/datastudio-bundled.sh"]
diff --git a/datastudio/run b/datastudio/run
deleted file mode 100755
index ec07fb9..0000000
--- a/datastudio/run
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/bash
2
3if [ -z "$DISPLAY" ]; then
4 echo "\$DISPLAY is not set"
5 DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') )
6
7 if [ "${#DISPLAYS[@]}" = 0 ]; then
8 echo "No X11 ports available"
9 exit 1
10 fi
11
12 if [ "${#DISPLAYS[@]}" > 1 ]; then
13 echo "More than 1 X11 port available. Which one do you want?"
14 for i in "${DISPLAYS[@]}"; do
15 echo "export DISPLAY=\"$i\""
16 done
17 exit 1
18 else
19 export DISPLAY="${DISPLAYS[0]}"
20 fi
21fi
22
23docker run -ti --rm --net=host \
24 -e DISPLAY \
25 -e XAUTHORITY=$HOME/.Xauthority \
26 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
27 -v $HOME/.Xauthority:$HOME/.Xauthority:ro \
28 -v $HOME/share:$HOME/share \
29 -v $HOME/.datastudio:$HOME/.datastudio \
30 datastudio "$@"
diff --git a/dropbox/Dockerfile b/dropbox/Dockerfile
deleted file mode 100644
index 7e6ff2b..0000000
--- a/dropbox/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
1FROM frolvlad/alpine-glibc:latest
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -eu -o pipefail; \
5 apk --no-cache add dumb-init runit su-exec; \
6 wget -O /tmp/dropbox.tar.gz https://www.dropbox.com/download?plat=lnx.x86_64; \
7 mkdir -p /opt/dropbox; \
8 tar -C /opt/dropbox/ --strip-components=1 -xf /tmp/dropbox.tar.gz; \
9 rm -rf /tmp/*;
10
11ADD entrypoint.sh /
12ADD dropbox-srv/ /opt/dropbox-srv
13
14ENTRYPOINT [ "/entrypoint.sh" ]
15
16# Dropbox is a persnickety process that will die without error for no obvious
17# reason. Run it with runsv so that it will get restarted when it does die
18# instead of killing the whole container..
19CMD [ "/sbin/runsv", "/opt/dropbox-srv" ]
diff --git a/dropbox/Makefile b/dropbox/Makefile
deleted file mode 100644
index 817e869..0000000
--- a/dropbox/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
1REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
2IMAGE=dropbox:latest-alpine
3
4all:
5 docker build \
6 -t $(IMAGE) .
7
8all-no-cache:
9 docker build \
10 --no-cache \
11 -t $(IMAGE) .
12
13run:
14 docker run \
15 -v /home/mcrute/Dropbox:/home/mcrute/Dropbox \
16 $(IMAGE)
17
18publish:
19 eval $$(aws ecr get-login --region us-west-2)
20 docker tag $(IMAGE) $(REPO)/$(IMAGE)
21 docker push $(REPO)/$(IMAGE)
diff --git a/dropbox/dropbox-srv/log/run b/dropbox/dropbox-srv/log/run
deleted file mode 100755
index 6193824..0000000
--- a/dropbox/dropbox-srv/log/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/sh
2
3cat -
diff --git a/dropbox/dropbox-srv/run b/dropbox/dropbox-srv/run
deleted file mode 100755
index fd5ac2b..0000000
--- a/dropbox/dropbox-srv/run
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/sh
2
3/opt/dropbox/dropboxd
diff --git a/dropbox/entrypoint.sh b/dropbox/entrypoint.sh
deleted file mode 100755
index 596cac6..0000000
--- a/dropbox/entrypoint.sh
+++ /dev/null
@@ -1,37 +0,0 @@
1#!/bin/sh
2
3set -e
4
5DATA_DIR="/srv/dropbox/data"
6CFG_DIR="/srv/dropbox/config"
7USERNAME="dropbox"
8
9# Default UID/GID to owner of the data directory
10USER_UID=${USER_UID:-$(stat -L -c "%u" $DATA_DIR)}
11USER_GID=${USER_GID:-$(stat -L -c "%u" $DATA_DIR)}
12
13if [ "$USER_GID" = 0 -o "$USER_GID" = 0 ]; then
14 echo "User UID/GID could not be discovered, is $DATA_DIR mounted?"
15 exit 1
16fi
17
18# Create the user and group
19addgroup -g ${USER_GID} -S ${USERNAME}
20adduser -u ${USER_UID} -h /home/${USERNAME} -D -G ${USERNAME} ${USERNAME}
21
22ln -s /srv/dropbox/data /home/${USERNAME}/Dropbox
23ln -s /srv/dropbox/config /home/${USERNAME}/.dropbox
24
25# Allow runsv to write its superisory files for the main process
26mkdir /opt/dropbox-srv/supervise
27chown dropbox:dropbox /opt/dropbox-srv/supervise
28
29# Allow runsv to write its superisory files for the log process
30mkdir /opt/dropbox-srv/log/supervise
31chown dropbox:dropbox /opt/dropbox-srv/log/supervise
32
33if [ "$@" == "/bin/sh" ]; then
34 exec "$@"
35else
36 exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} "$@"
37fi
diff --git a/feh/Dockerfile b/feh/Dockerfile
deleted file mode 100644
index f23483a..0000000
--- a/feh/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4 apt-get update && \
5 apt-get install -y apt-utils feh
6
7RUN \
8 apt-get clean && \
9 rm -rf /var/lib/apt/lists/* && \
10 rm -rf /tmp/*
11
12ENTRYPOINT [ "/usr/bin/feh" ]
diff --git a/feh/run b/feh/run
deleted file mode 100755
index 1ecca1d..0000000
--- a/feh/run
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/bash
2
3docker run -ti --rm --net=host \
4 -w `pwd` \
5 -e DISPLAY \
6 -e XAUTHORITY=$HOME/.Xauthority \
7 -v $HOME/.Xauthority:$HOME/.Xauthority:ro \
8 -v `pwd`:`pwd`:ro \
9 feh "$@"
diff --git a/intellij-idea/Dockerfile b/intellij-idea/Dockerfile
deleted file mode 100644
index 3da5b0d..0000000
--- a/intellij-idea/Dockerfile
+++ /dev/null
@@ -1,31 +0,0 @@
1FROM ubuntu:16.04
2
3ARG idea_version
4
5RUN export DEBIAN_FRONTEND=noninteractive && \
6# Get core requirements
7 apt-get update && \
8 apt-get install -y apt-utils curl && \
9
10# Setup user account
11 groupadd -g 1677955 crutem && \
12 useradd -m -d /home/crutem -g crutem -u 1677955 crutem && \
13
14# Install software
15 apt-get update && \
16 apt-get install -y openjdk-8-jdk && \
17 mkdir -p /usr/local/idea && \
18 cd /tmp && \
19 curl -LO https://download.jetbrains.com/idea/ideaIU-${idea_version}.tar.gz && \
20 tar -C /usr/local/idea --strip-components=1 -xvzf ideaIU-${idea_version}.tar.gz && \
21
22# Cleanup
23 apt-get clean && \
24 rm -rf /var/lib/apt/lists/* && \
25 rm -rf /tmp/*
26
27USER crutem
28ENV LANG C.UTF-8
29WORKDIR /home/crutem
30
31CMD ["/usr/local/idea/bin/idea.sh"]
diff --git a/intellij-idea/Makefile b/intellij-idea/Makefile
deleted file mode 100644
index 598366f..0000000
--- a/intellij-idea/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1IMAGE=intellij-idea:latest
2VERSION=2017.1.4
3REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
4
5all:
6 docker build --build-arg=idea_version=$(VERSION) -t $(IMAGE) .
7
8all-no-cache:
9 docker build --no-cache --build-arg=idea_version=$(VERSION) -t $(IMAGE) .
10
11run:
12 ./run
13
14publish:
15 eval $$(aws ecr get-login --region us-west-2)
16 docker tag $(IMAGE) $(REPO)/$(IMAGE)
17 docker push $(REPO)/$(IMAGE)
diff --git a/intellij-idea/run b/intellij-idea/run
deleted file mode 100755
index 9b8a576..0000000
--- a/intellij-idea/run
+++ /dev/null
@@ -1,28 +0,0 @@
1#!/bin/bash
2
3if [ -z "$DISPLAY" ]; then
4 echo "\$DISPLAY is not set"
5 DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') )
6
7 if [ "${#DISPLAYS[@]}" = 0 ]; then
8 echo "No X11 ports available"
9 exit 1
10 fi
11
12 if [ "${#DISPLAYS[@]}" > 1 ]; then
13 echo "More than 1 X11 port available. Which one do you want?"
14 for i in "${DISPLAYS[@]}"; do
15 echo "export DISPLAY=\"$i\""
16 done
17 exit 1
18 else
19 export DISPLAY="${DISPLAYS[0]}"
20 fi
21fi
22
23docker run -ti --rm --net=host \
24 -e DISPLAY \
25 -e XAUTHORITY=$HOME/.Xauthority \
26 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
27 -v $HOME:$HOME \
28 intellij-idea "$@"
diff --git a/irssi/Dockerfile b/irssi/Dockerfile
deleted file mode 100644
index 3eb23fd..0000000
--- a/irssi/Dockerfile
+++ /dev/null
@@ -1,27 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4 apt-get update && \
5 apt-get install -y apt-utils runit
6
7RUN \
8 groupadd -g 1677955 crutem && \
9 useradd -m -d /home/crutem -g crutem -u 1677955 crutem
10
11RUN export DEBIAN_FRONTEND=noninteractive && \
12 apt-get install -y irssi-plugin-xmpp bitlbee-libpurple pidgin-sipe
13
14RUN \
15 apt-get clean && \
16 rm -rf /var/lib/apt/lists/* && \
17 rm -rf /tmp/*
18
19USER crutem
20ENV LANG C.UTF-8
21ENV HOME /home/crutem
22WORKDIR /home/crutem
23
24COPY entrypoint.sh /entrypoint.sh
25
26ENTRYPOINT [ "/entrypoint.sh" ]
27CMD ["irssi"]
diff --git a/irssi/Makefile b/irssi/Makefile
deleted file mode 100644
index 9e654a8..0000000
--- a/irssi/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
1all:
2 docker build -t irssi .
3
4all-no-cache:
5 docker build --no-cache -t irssi .
diff --git a/irssi/entrypoint.sh b/irssi/entrypoint.sh
deleted file mode 100755
index 0b7dce7..0000000
--- a/irssi/entrypoint.sh
+++ /dev/null
@@ -1,5 +0,0 @@
1#!/bin/bash
2
3/usr/sbin/bitlbee -P ~/.bitlbee/pid -d ~/.bitlbee/ -c ~/.bitlbee/bitlbee.conf &
4
5exec "$@"
diff --git a/irssi/run b/irssi/run
deleted file mode 100755
index 231b870..0000000
--- a/irssi/run
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/bash
2
3docker run -ti --rm \
4 -e TERM \
5 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
6 -v $HOME/.irssi:$HOME/.irssi \
7 -v $HOME/.bitlbee:$HOME/.bitlbee \
8 -v $HOME/.exchange.pass:$HOME/.exchange.pass \
9 irssi
diff --git a/mariadb/Dockerfile b/mariadb/Dockerfile
deleted file mode 100644
index 73b1d05..0000000
--- a/mariadb/Dockerfile
+++ /dev/null
@@ -1,33 +0,0 @@
1# vim:set ft=dockerfile:
2FROM alpine:latest
3
4RUN \
5 addgroup -S mysql \
6 && adduser -S -h /var/lib/mysql -H -D -G mysql mysql \
7 && mkdir /docker-entrypoint-initdb.d \
8 && apk --no-cache add \
9 bash \
10 mariadb \
11 mariadb-client \
12 pwgen \
13 socat \
14 su-exec \
15 tzdata \
16 # comment out any "user" entires in the MySQL config
17 # ("docker-entrypoint.sh" or "--user" will handle user switching)
18 && sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf \
19 # increase innodb buffer pool size
20 && sed -i 's/^#innodb_buffer_pool_size = 16M/innodb_buffer_pool_size = 30M/' /etc/mysql/my.cnf \
21 # purge and re-create /var/lib/mysql with appropriate ownership
22 && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /run/mysqld \
23 && chown -R mysql:mysql /var/lib/mysql /run/mysqld \
24 # ensure that /run/mysqld (used for socket and lock files) is writable
25 # regardless of the UID our mysqld instance ends up having at runtime
26 && chmod 777 /run/mysqld \
27 # don't reverse lookup hostnames, they are usually another container
28 && sed -i 's/\[mysqld\]/[mysqld]\nskip-host-cache/' /etc/mysql/my.cnf
29
30COPY docker-entrypoint.sh /usr/local/bin/
31ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
32CMD ["mysqld"]
33
diff --git a/mariadb/Makefile b/mariadb/Makefile
deleted file mode 100644
index 1e5ecfb..0000000
--- a/mariadb/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
1IMAGE=mariadb:latest-alpine
2VERSION=5.1.1
3REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
4
5all:
6 docker build -t $(IMAGE) .
7
8all-no-cache:
9 docker build --no-cache -t $(IMAGE) .
10
11run:
12 docker run -d \
13 -e MYSQL_RANDOM_ROOT_PASSWORD=yes \
14 -e MYSQL_ROOT_HOST=% \
15 -p 3306:3306 \
16 -v /srv/mysql:/var/lib/mysql \
17 $(IMAGE)
18
19publish:
20 eval $$(aws ecr get-login --region us-west-2)
21 docker tag $(IMAGE) $(REPO)/$(IMAGE)
22 docker push $(REPO)/$(IMAGE)
diff --git a/mariadb/docker-entrypoint.sh b/mariadb/docker-entrypoint.sh
deleted file mode 100755
index 8242a6f..0000000
--- a/mariadb/docker-entrypoint.sh
+++ /dev/null
@@ -1,193 +0,0 @@
1#!/bin/bash
2# From https://github.com/docker-library/mariadb/blob/1037a0b7ab09343e011826078fbdffb0bf465fc3/10.3/docker-entrypoint.sh
3# Modified to use su-exec instead of gosu, otherwise unmodified
4set -eo pipefail
5shopt -s nullglob
6
7# if command starts with an option, prepend mysqld
8if [ "${1:0:1}" = '-' ]; then
9 set -- mysqld "$@"
10fi
11
12# skip setup if they want an option that stops mysqld
13wantHelp=
14for arg; do
15 case "$arg" in
16 -'?'|--help|--print-defaults|-V|--version)
17 wantHelp=1
18 break
19 ;;
20 esac
21done
22
23# usage: file_env VAR [DEFAULT]
24# ie: file_env 'XYZ_DB_PASSWORD' 'example'
25# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
26# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
27file_env() {
28 local var="$1"
29 local fileVar="${var}_FILE"
30 local def="${2:-}"
31 if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
32 echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
33 exit 1
34 fi
35 local val="$def"
36 if [ "${!var:-}" ]; then
37 val="${!var}"
38 elif [ "${!fileVar:-}" ]; then
39 val="$(< "${!fileVar}")"
40 fi
41 export "$var"="$val"
42 unset "$fileVar"
43}
44
45_check_config() {
46 toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
47 if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
48 cat >&2 <<-EOM
49
50 ERROR: mysqld failed while attempting to check config
51 command was: "${toRun[*]}"
52
53 $errors
54 EOM
55 exit 1
56 fi
57}
58
59# Fetch value from server config
60# We use mysqld --verbose --help instead of my_print_defaults because the
61# latter only show values present in config files, and not server defaults
62_get_config() {
63 local conf="$1"; shift
64 "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }'
65}
66
67# allow the container to be started with `--user`
68if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
69 _check_config "$@"
70 DATADIR="$(_get_config 'datadir' "$@")"
71 mkdir -p "$DATADIR"
72 chown -R mysql:mysql "$DATADIR"
73 exec su-exec mysql "$BASH_SOURCE" "$@"
74fi
75
76if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
77 # still need to check config, container may have started with --user
78 _check_config "$@"
79 # Get config
80 DATADIR="$(_get_config 'datadir' "$@")"
81
82 if [ ! -d "$DATADIR/mysql" ]; then
83 file_env 'MYSQL_ROOT_PASSWORD'
84 if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
85 echo >&2 'error: database is uninitialized and password option is not specified '
86 echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
87 exit 1
88 fi
89
90 mkdir -p "$DATADIR"
91
92 echo 'Initializing database'
93 mysql_install_db --datadir="$DATADIR" --rpm
94 echo 'Database initialized'
95
96 SOCKET="$(_get_config 'socket' "$@")"
97 "$@" --skip-networking --socket="${SOCKET}" &
98 pid="$!"
99
100 mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
101
102 for i in {60..0}; do
103 if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
104 break
105 fi
106 echo 'MySQL init process in progress...'
107 sleep 1
108 done
109 if [ "$i" = 0 ]; then
110 echo >&2 'MySQL init process failed.'
111 exit 1
112 fi
113
114 if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
115 # sed is for https://bugs.mysql.com/bug.php?id=20545
116 mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
117 fi
118
119 if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
120 export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
121 echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
122 fi
123
124 rootCreate=
125 # default root to listen for connections from anywhere
126 file_env 'MYSQL_ROOT_HOST' '%'
127 if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
128 # no, we don't care if read finds a terminating character in this heredoc
129 # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
130 read -r -d '' rootCreate <<-EOSQL || true
131 CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
132 GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
133 EOSQL
134 fi
135
136 "${mysql[@]}" <<-EOSQL
137 -- What's done in this file shouldn't be replicated
138 -- or products like mysql-fabric won't work
139 SET @@SESSION.SQL_LOG_BIN=0;
140
141 DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
142 SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
143 GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
144 ${rootCreate}
145 DROP DATABASE IF EXISTS test ;
146 FLUSH PRIVILEGES ;
147 EOSQL
148
149 if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
150 mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
151 fi
152
153 file_env 'MYSQL_DATABASE'
154 if [ "$MYSQL_DATABASE" ]; then
155 echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
156 mysql+=( "$MYSQL_DATABASE" )
157 fi
158
159 file_env 'MYSQL_USER'
160 file_env 'MYSQL_PASSWORD'
161 if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
162 echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
163
164 if [ "$MYSQL_DATABASE" ]; then
165 echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
166 fi
167
168 echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
169 fi
170
171 echo
172 for f in /docker-entrypoint-initdb.d/*; do
173 case "$f" in
174 *.sh) echo "$0: running $f"; . "$f" ;;
175 *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
176 *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
177 *) echo "$0: ignoring $f" ;;
178 esac
179 echo
180 done
181
182 if ! kill -s TERM "$pid" || ! wait "$pid"; then
183 echo >&2 'MySQL init process failed.'
184 exit 1
185 fi
186
187 echo
188 echo 'MySQL init process done. Ready for start up.'
189 echo
190 fi
191fi
192
193exec "$@"
diff --git a/mfi/Dockerfile b/mfi/Dockerfile
deleted file mode 100644
index 35a160f..0000000
--- a/mfi/Dockerfile
+++ /dev/null
@@ -1,39 +0,0 @@
1FROM ubuntu:14.04
2MAINTAINER Michael Crute <mike@crute.us>
3
4RUN export DEBIAN_FRONTEND=noninteractive && \
5 apt-get update && \
6 apt-get install -y curl software-properties-common
7
8RUN export DEBIAN_FRONTEND=noninteractive && \
9 apt-get install -y sudo psmisc mongodb-server openjdk-7-jre-headless jsvc && \
10 apt-add-repository -y "deb http://dl.ubnt.com/mfi/distros/deb/ubuntu ubuntu ubiquiti" && \
11 apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 && \
12 apt-get update && \
13 apt-get install -y mfi
14
15RUN \
16 apt-get clean && \
17 rm -rf /var/lib/apt/lists/* && \
18 rm -rf /tmp/*
19
20# Inform Port
21EXPOSE 6080
22# HTTPS Web UI & API
23EXPOSE 6443
24
25VOLUME "/var/lib/mfi"
26VOLUME "/var/log/mifi"
27
28CMD [ \
29 "/usr/bin/jsvc", "-nodetach", \
30 "-home", "/usr/lib/jvm/java-7-openjdk-amd64", \
31 "-cp", "/usr/share/java/commons-daemon.jar:/usr/lib/mfi/lib/ace.jar", \
32 "-pidfile", "/var/run/mfi/mfi.pid", \
33 "-procname", "mfi", \
34 "-outfile", "SYSLOG", \
35 "-errfile", "SYSLOG", \
36 "-Djava.awt.headless=true", \
37 "-Xmx1024M", \
38 "com.ubnt.ace.Launcher" \
39]
diff --git a/mfi/Makefile b/mfi/Makefile
deleted file mode 100644
index 8a91d23..0000000
--- a/mfi/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1all:
2 docker build -t mfi .
3
4run:
5 docker run -d --privileged \
6 -p 6080:6080 \
7 -p 6443:6443 \
8 -v /srv/mfi:/var/lib/mfi \
9 -v /var/log/docker/mfi:/var/log/mfi \
10 mfi
diff --git a/mosquitto/Dockerfile b/mosquitto/Dockerfile
deleted file mode 100644
index 3ed038b..0000000
--- a/mosquitto/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -euxo pipefail; \
5 apk add --no-cache \
6 mosquitto \
7 ;
8
9CMD [ "/usr/sbin/mosquitto", "-v" ]
diff --git a/mosquitto/Makefile b/mosquitto/Makefile
deleted file mode 100644
index 5f50baf..0000000
--- a/mosquitto/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
1IMAGE=docker.crute.me/mosquitto:latest
2
3all:
4 docker pull alpine:edge
5 docker build -t $(IMAGE) .
6
7all-no-cache:
8 docker build --no-cache -t $(IMAGE) .
9
10run:
11 docker run -d --net=host \
12 -p 53:53/tcp \
13 -p 53:53/udp \
14 -p 953:953 \
15 -v /home/mcrute/tmp/bind/conf:/etc/bind \
16 -v /home/mcrute/tmp/bind/cache:/var/cache/bind \
17 $(IMAGE)
18
19publish:
20 docker push $(IMAGE)
diff --git a/mutt/Dockerfile b/mutt/Dockerfile
deleted file mode 100644
index 214a770..0000000
--- a/mutt/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
1FROM alpine:edge
2
3RUN \
4 echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories; \
5 apk --no-cache add \
6 su-exec \
7 neomutt \
8 elinks \
9 vim \
10 feh \
11 perl-data-ical \
12 perl-text-autoformat;
13
14ADD entrypoint.sh /
15ENTRYPOINT [ "/entrypoint.sh" ]
16CMD ["neomutt", "-F", "/home/mutt/.mutt/muttrc"]
diff --git a/mutt/Makefile b/mutt/Makefile
deleted file mode 100644
index 6b302f6..0000000
--- a/mutt/Makefile
+++ /dev/null
@@ -1,2 +0,0 @@
1all:
2 docker build -t docker.crute.me/mutt:latest .
diff --git a/mutt/entrypoint.sh b/mutt/entrypoint.sh
deleted file mode 100755
index 3196629..0000000
--- a/mutt/entrypoint.sh
+++ /dev/null
@@ -1,28 +0,0 @@
1#!/bin/sh
2
3set -e
4
5export TERM=${TERM:-xterm-256color}
6export BROWSER=${DOCKER_BROWSER:-elinks}
7export EDITOR=${DOCKER_EDITOR:-vim}
8
9USERNAME="mutt"
10DATA_DIR="/home/mutt/Mail"
11
12# Default UID/GID to owner of the data directory
13PROG_UID=${PROG_UID:-$(stat -L -c "%u" $DATA_DIR)}
14PROG_GID=${PROG_GID:-$(stat -L -c "%u" $DATA_DIR)}
15
16if [ "$PROG_GID" = 0 -o "$PROG_GID" = 0 ]; then
17 echo "Set PROG_UID and PROG_GID in environment"
18 exit 1
19else
20 echo "UID/GID: $PROG_UID $PROG_GID"
21fi
22
23# Create the user and group
24addgroup -g ${PROG_GID} -S ${USERNAME}
25adduser -u ${PROG_UID} -S -h /home/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
26
27# Allow running a shell in the container
28/sbin/su-exec ${USERNAME} "$@"
diff --git a/mutt/run b/mutt/run
deleted file mode 100755
index 00b7085..0000000
--- a/mutt/run
+++ /dev/null
@@ -1,40 +0,0 @@
1#!/bin/bash
2
3X11_MANDATORY=0
4
5if [ -z "$DISPLAY" ]; then
6 echo "\$DISPLAY is not set"
7 DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') )
8
9 if [ "${#DISPLAYS[@]}" = 0 ]; then
10 echo "No X11 ports available"
11 if [ $X11_MANDATORY = 1 ]; then
12 exit 1
13 fi
14 fi
15
16 if [ "${#DISPLAYS[@]}" -gt 1 ]; then
17 echo "More than 1 X11 port available. Which one do you want?"
18 for i in "${DISPLAYS[@]}"; do
19 echo "export DISPLAY=\"$i\""
20 done
21 exit 1
22 else
23 export DISPLAY="${DISPLAYS[0]}"
24 fi
25fi
26
27docker run -ti --rm --net=host \
28 -e TERM \
29 -e DISPLAY \
30 -e XAUTHORITY=$HOME/.Xauthority \
31 -v $HOME/.Xauthority:$HOME/.Xauthority:ro \
32 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
33 -v $HOME/bin:$HOME/bin \
34 -v $HOME/.vim:$HOME/.vim \
35 -v $HOME/.vimrc:$HOME/.vimrc \
36 -v $HOME/amazon-bin:$HOME/amazon-bin:ro \
37 -v $HOME/.mutt:$HOME/.mutt \
38 -v $HOME/share:$HOME/share \
39 -v $HOME/.exchange.pass:$HOME/.exchange.pass \
40 mutt
diff --git a/newsboat/Dockerfile b/newsboat/Dockerfile
deleted file mode 100644
index e15f4ef..0000000
--- a/newsboat/Dockerfile
+++ /dev/null
@@ -1,13 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN \
5 apk add --no-cache \
6 curl \
7 su-exec \
8 newsboat \
9 ;
10
11ADD entrypoint.sh /
12ENTRYPOINT [ "/entrypoint.sh" ]
13CMD [ "/usr/bin/newsboat" ]
diff --git a/newsboat/Makefile b/newsboat/Makefile
deleted file mode 100644
index b2f9907..0000000
--- a/newsboat/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
1IMAGE=docker.crute.me/newsboat:latest
2
3all:
4 docker build -t $(IMAGE) .
5
6all-no-cache:
7 docker build --no-cache -t $(IMAGE) .
8
9run:
10 docker run -ti --detach-keys ctrl-@ $(IMAGE)
11
12publish:
13 docker push $(IMAGE)
diff --git a/newsboat/entrypoint.sh b/newsboat/entrypoint.sh
deleted file mode 100755
index 0e308cf..0000000
--- a/newsboat/entrypoint.sh
+++ /dev/null
@@ -1,31 +0,0 @@
1#!/bin/sh
2
3HOME_DIR="/home/newsboat/.newsboat"
4URLS_FILE="${HOME_DIR}/urls"
5
6# No point starting if they don't have config, also we don't
7# want to store the actual user data in the container so force
8# a mount.
9if [ ! -d $HOME_DIR ]; then
10 echo "Mount your newsboat config to /home/newsboat/.newsboat"
11 exit 1
12fi
13
14# Also force a urls file because this newsboat will just fail
15# anyhow without it.
16if [ ! -f $URLS_FILE ]; then
17 echo "Create a urls file in your newsboat config first"
18 exit 1
19fi
20
21# Allow users to specify the UID/GID in the environment but
22# default these to the existing owner of the files in their
23# mounted config, which should be sane.
24UID=${UID:-$(stat -c "%u" $URLS_FILE)}
25GID=${GID:-$(stat -c "%u" $URLS_FILE)}
26
27# Create the user and group
28addgroup -g ${GID} -S newsboat
29adduser -u ${UID} -S -h /home/newsboat -H -D -G newsboat newsboat
30
31/sbin/su-exec newsboat "$@"
diff --git a/ping_tester/Dockerfile b/ping_tester/Dockerfile
deleted file mode 100644
index 702b596..0000000
--- a/ping_tester/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
1FROM alpine:latest
2
3RUN set -euxo pipefail; \
4 apk --no-cache add python3; \
5 python3 -m pip install boto3;
6
7COPY ping_test.py /usr/bin/
8
9ENTRYPOINT [ "/usr/bin/ping_test.py" ]
diff --git a/ping_tester/Makefile b/ping_tester/Makefile
deleted file mode 100644
index 8e15cbe..0000000
--- a/ping_tester/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1IMAGE=docker.crute.me/ping_tester:latest
2
3all:
4 docker build -t $(IMAGE) .
5
6all-no-cache:
7 docker build --no-cache -t $(IMAGE) .
8
9publish:
10 docker push $(IMAGE)
11
diff --git a/ping_tester/ping_test.py b/ping_tester/ping_test.py
deleted file mode 100755
index f6b7238..0000000
--- a/ping_tester/ping_test.py
+++ /dev/null
@@ -1,103 +0,0 @@
1#!/usr/bin/env python3
2
3import os
4import re
5import sys
6import boto3
7import subprocess
8from datetime import datetime
9
10
11def main(sample_count=5):
12 try:
13 _, from_location, to_location, hostname = sys.argv
14 except ValueError:
15 print("usage: {} <this_location> <to_location> <hostname>".format(
16 os.path.basename(sys.argv[0])))
17 sys.exit(1)
18
19 client = boto3.client("cloudwatch")
20 now = datetime.now()
21
22 patt = re.compile(
23 "round-trip min/avg/max = "
24 "(?P<min>[0-9]+\.[0-9]+)/(?P<avg>[0-9]+\.[0-9]+)/"
25 "(?P<max>[0-9]+\.[0-9]+) (?P<unit>.*)")
26
27 out = subprocess.run(
28 ["ping", "-c", str(sample_count), hostname],
29 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
30
31 # Prevent failing with an error if the ping fails
32 match = patt.search(out.stdout.decode("us-ascii"))
33 if not match:
34 return 1
35
36 val = match.groupdict()
37
38 client.put_metric_data(
39 Namespace="VPNLatency",
40 MetricData=[
41 {
42 "MetricName": "PingRTT",
43 "Dimensions": [
44 {
45 "Name": "From Location",
46 "Value": from_location,
47 },
48 {
49 "Name": "To Location",
50 "Value": to_location,
51 }
52 ],
53 "Timestamp": now,
54 "StatisticValues": {
55 "SampleCount": sample_count,
56 "Sum": float(val["avg"]) * sample_count,
57 "Minimum": float(val["min"]),
58 "Maximum": float(val["max"]),
59 },
60 "Unit": "Milliseconds"
61 },
62 {
63 "MetricName": "PingRTT",
64 "Dimensions": [
65 {
66 "Name": "From Location",
67 "Value": from_location,
68 },
69 ],
70 "Timestamp": now,
71 "StatisticValues": {
72 "SampleCount": sample_count,
73 "Sum": float(val["avg"]) * sample_count,
74 "Minimum": float(val["min"]),
75 "Maximum": float(val["max"]),
76 },
77 "Unit": "Milliseconds"
78 },
79 {
80 "MetricName": "PingRTT",
81 "Dimensions": [
82 {
83 "Name": "To Location",
84 "Value": to_location,
85 }
86 ],
87 "Timestamp": now,
88 "StatisticValues": {
89 "SampleCount": sample_count,
90 "Sum": float(val["avg"]) * sample_count,
91 "Minimum": float(val["min"]),
92 "Maximum": float(val["max"]),
93 },
94 "Unit": "Milliseconds"
95 },
96 ]
97 )
98
99 return 0
100
101
102if __name__ == "__main__":
103 sys.exit(main())
diff --git a/psql/Dockerfile b/psql/Dockerfile
deleted file mode 100644
index eee7712..0000000
--- a/psql/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4 sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \
5 apt-get update && \
6 apt-get install -y postgresql-client && \
7# Cleanup
8 apt-get clean && \
9 rm -rf /var/lib/apt/lists/* && \
10 rm -rf /tmp/*
11
12ENTRYPOINT [ "/usr/bin/psql" ]
diff --git a/psql/run b/psql/run
deleted file mode 100755
index a14f7c6..0000000
--- a/psql/run
+++ /dev/null
@@ -1,7 +0,0 @@
1#!/bin/bash
2
3docker run -ti --rm --detach-keys=ctrl-@ \
4 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
5 -v $HOME/share:$HOME/share \
6 -v $HOME/.psqlrc:$HOME/.psqlrc \
7 psql "$@"
diff --git a/s3cmd/Dockerfile b/s3cmd/Dockerfile
deleted file mode 100644
index 7962dcb..0000000
--- a/s3cmd/Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4 apt-get update && \
5 apt-get install -y apt-utils s3cmd ca-certificates
6
7RUN \
8 groupadd -g 1677955 crutem && \
9 useradd -m -d /home/crutem -g crutem -u 1677955 crutem
10
11RUN \
12 apt-get clean && \
13 rm -rf /var/lib/apt/lists/* && \
14 rm -rf /tmp/*
15
16USER crutem
17ENV LANG C.UTF-8
18ENV BROWSER elinks
19ENV HOME /home/crutem
20WORKDIR /home/crutem
21
22ENTRYPOINT ["/usr/bin/s3cmd"]
diff --git a/s3cmd/run b/s3cmd/run
deleted file mode 100755
index de2e9de..0000000
--- a/s3cmd/run
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/bash
2
3docker run -i --rm \
4 -w `pwd` \
5 -v `pwd`:`pwd` \
6 -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \
7 -v $HOME/share:$HOME/share \
8 -v $HOME/.s3cfg:$HOME/.s3cfg \
9 s3cmd "$@"
diff --git a/skopeo/Dockerfile b/skopeo/Dockerfile
deleted file mode 100644
index 5a7b0a3..0000000
--- a/skopeo/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -euxo pipefail; \
5 apk add --no-cache \
6 skopeo \
7 ;
8
9ENTRYPOINT [ "/usr/bin/skopeo" ]
diff --git a/skopeo/Makefile b/skopeo/Makefile
deleted file mode 100644
index 28e15d5..0000000
--- a/skopeo/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
1IMAGE=docker.crute.me/skopeo:latest
2
3all:
4 docker pull alpine:edge
5 docker build -t $(IMAGE) .
6
7all-no-cache:
8 docker build --no-cache -t $(IMAGE) .
9
10run:
11 docker run -d --net=host \
12 -p 53:53/tcp \
13 -p 53:53/udp \
14 -p 953:953 \
15 -v /home/mcrute/tmp/bind/conf:/etc/bind \
16 -v /home/mcrute/tmp/bind/cache:/var/cache/bind \
17 $(IMAGE)
18
19publish:
20 docker push $(IMAGE)
diff --git a/smokeping_prober/Dockerfile b/smokeping_prober/Dockerfile
deleted file mode 100644
index 0e8fe47..0000000
--- a/smokeping_prober/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
1FROM golang:latest AS builder
2LABEL maintainer="Mike Crute <mike@pomonaconsulting.com>"
3
4RUN set -eux; \
5 cd /tmp; \
6 go version; \
7 git clone https://github.com/SuperQ/smokeping_prober.git; \
8 cd smokeping_prober; \
9 CGO_ENABLED=0 go build -o smokeping_prober *.go
10
11
12FROM alpine:latest
13COPY --from=builder /tmp/smokeping_prober/smokeping_prober /smokeping_prober
14ENTRYPOINT [ "/smokeping_prober" ]
diff --git a/smokeping_prober/Makefile b/smokeping_prober/Makefile
deleted file mode 100644
index 2f2de74..0000000
--- a/smokeping_prober/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1VERSION=0.3.0
2IMAGE=docker.crute.me/smokeping-prober:$(VERSION)
3LATEST=$(subst :$(VERSION),,$(IMAGE)):latest
4
5all:
6 docker pull golang:latest
7 docker pull alpine:latest
8 docker build -t $(IMAGE) .
9
10all-no-cache:
11 docker build \
12 --no-cache \
13 -t $(IMAGE) .
14
15publish:
16 docker push $(IMAGE)
17 docker tag $(IMAGE) $(LATEST)
18 docker push $(LATEST)
diff --git a/ssh-bastion/Dockerfile b/ssh-bastion/Dockerfile
deleted file mode 100644
index 2539c7b..0000000
--- a/ssh-bastion/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN \
5 apk add --no-cache \
6 openssh-server-pam \
7 google-authenticator \
8 && cp /etc/ssh/sshd_config /etc/ssh/sshd_config.alpine \
9 && mkdir /var/run/sshd \
10 && chmod 700 /var/run/sshd
11
12ADD etc/ /etc/
13ADD entrypoint.sh /
14
15ENTRYPOINT [ "/entrypoint.sh" ]
16CMD [ "/usr/sbin/sshd", "-D", "-e" ]
diff --git a/ssh-bastion/Makefile b/ssh-bastion/Makefile
deleted file mode 100644
index b38c4f4..0000000
--- a/ssh-bastion/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1IMAGE=docker.crute.me/ssh-bastion:latest
2
3all:
4 docker build -t $(IMAGE) .
5
6all-no-cache:
7 docker build --no-cache -t $(IMAGE) .
8
9run:
10 docker run \
11 -p 4321:4321 \
12 -v /home/mcrute/tmp/ssh:/srv/ssh \
13 $(IMAGE)
14
15publish:
16 docker push $(IMAGE)
diff --git a/ssh-bastion/entrypoint.sh b/ssh-bastion/entrypoint.sh
deleted file mode 100755
index f48a3c3..0000000
--- a/ssh-bastion/entrypoint.sh
+++ /dev/null
@@ -1,40 +0,0 @@
1#!/bin/sh
2
3if [ ! -d /srv/ssh/hostkeys ]; then
4 echo "No host keys found... generating"
5 mkdir -p /srv/ssh/hostkeys
6
7 ssh-keygen -f /srv/ssh/hostkeys/rsa_key -N '' -t rsa
8 ssh-keygen -f /srv/ssh/hostkeys/ed25519_key -N '' -t ed25519
9 ssh-keygen -f /srv/ssh/hostkeys/ecdsa_key -N '' -t ecdsa
10
11 rm *.pub
12fi
13
14if [ ! -d /srv/ssh/users ]; then
15 echo "No users directory found... creating"
16 mkdir -p /srv/ssh/users
17fi
18
19for path in /srv/ssh/users/*; do
20 user=$(basename $path)
21 if [ "$user" = "*" ]; then
22 break
23 fi
24
25 if getent passwd $user 2>&1 >/dev/null; then
26 echo "User $user already exists"
27 continue
28 fi
29
30 uid=$(cat /srv/ssh/users/$user/uid)
31 if [[ -z "$uid" ]]; then
32 echo "No UID for $user"
33 exit 1
34 fi
35
36 echo "Creating user ${user}(${uid})"
37 adduser -DH -s /sbin/nologin -u $uid $user
38done
39
40exec "$@"
diff --git a/ssh-bastion/etc/pam.d/sshd b/ssh-bastion/etc/pam.d/sshd
deleted file mode 100644
index b0f90a4..0000000
--- a/ssh-bastion/etc/pam.d/sshd
+++ /dev/null
@@ -1,5 +0,0 @@
1account include base-account
2
3auth required pam_google_authenticator.so secret=/srv/ssh/users/${USER}/totp user=root no_strict_owner
4
5session required pam_unix.so
diff --git a/ssh-bastion/etc/ssh/sshd_config b/ssh-bastion/etc/ssh/sshd_config
deleted file mode 100644
index fbe71c6..0000000
--- a/ssh-bastion/etc/ssh/sshd_config
+++ /dev/null
@@ -1,101 +0,0 @@
1# vim:set ft=sshdconfig
2
3HostKey /srv/ssh/hostkeys/rsa_key
4HostKey /srv/ssh/hostkeys/ed25519_key
5
6# By default SSH attempts to chdir to the logged-in user's home directory. The
7# vast majority of users won't have a home directory on the machine, so
8# suppress the warning with a chroot.
9ChrootDirectory /
10
11# No users will have home directories and all configs are under control of the
12# admin who mounts them from outside of this docker container so there is no
13# need to check modes and in-fact enabling this will cause failures.
14StrictModes no
15
16Protocol 2
17
18# Bind a port above 1024 so we can run ssh as an unpriviledged user
19Port 4321
20
21SyslogFacility AUTH
22LogLevel INFO
23PidFile /var/run/sshd.pid
24
25PubkeyAuthentication yes
26HostbasedAuthentication no
27IgnoreRhosts yes
28PasswordAuthentication no
29PermitEmptyPasswords no
30AuthorizedKeysFile /srv/ssh/users/%u/ssh
31
32UsePAM yes
33PermitRootLogin no
34ChallengeResponseAuthentication yes
35AuthenticationMethods publickey,keyboard-interactive:pam
36
37# Limit the number of authentication attemps per connection. SSH will log
38# failues once attempts reach half this number so this should also log all
39# authentication failures as well.
40PermitTTY no
41MaxAuthTries 2
42ForceCommand /usr/bin/nologin
43
44# This turns off reverse lookups of the originating host which hang sshd on DNS
45# timeouts when DNS is down. This also breaks "from=" lines in authorizd_keys
46# files which must be converted to dotted quad ip addrs.
47UseDNS no
48
49# By default SSH doesn't accept any environment variables from the client. But
50# we use this specific variable to pass robot user authentication tokens into
51# the system.
52AcceptEnv LANG LC_*
53
54# Disconnect after this period of time if the user hasn't provided a correct
55# password.
56LoginGraceTime 120
57
58# Disconnect dead sessions after 30 minutes of inactivity. The server will send
59# a keepalive every minutes and tolerate up to 30 failures before terminating
60# the session.
61ClientAliveInterval 60
62ClientAliveCountMax 30
63
64# Don't use TCP keepalives to prevent connections from dying when a temporary
65# routing issue occurs.
66TCPKeepAlive no
67
68# Allow up to 100 simultaneous unauthenticated connections. Any connections
69# beyond that limit will be dropped.
70MaxStartups 100
71
72# The maxiumum number of sessions which can be served on one multi-plexing
73# connection. ssh does not fail gracefully when this number is exceeded, so we
74# keep it high.
75MaxSessions 100
76
77X11Forwarding no
78PrintMotd no
79
80# Used hardened crypto algorithms
81#
82# Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html
83# And also: https://access.redhat.com/discussions/3121481
84# And also: https://infosec.mozilla.org/guidelines/openssh
85# Validated by: https://sshcheck.com/
86KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
87Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
88MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
89HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com
90# These may be needed for older ssh clients but use SHA1 so are discouraged
91#HostKeyAlgorithms ssh-rsa,ssh-rsa-cert-v01@openssh.com
92
93# Enable gateway ports for phone-home bastions so that administrators can
94# connect back to the forwarded ports without needing ssh access to the bastion
95# host itself. Also locks down what can be forwarded and to where.
96Match user phonehome
97 GatewayPorts yes
98 AuthenticationMethods publickey
99 AllowTcpForwarding remote
100 PermitOpen none
101Match all
diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile
deleted file mode 100644
index 630446b..0000000
--- a/strongswan/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -euxo pipefail; \
5 apk add --no-cache \
6 strongswan \
7 ; \
8 rm /etc/ipsec.conf; \
9 echo ": RSA vpn.pem" > /etc/ipsec.secrets
10
11ADD crute-root.pem /etc/ipsec.d/cacerts/
12ADD vpn-g1.pem /etc/ipsec.d/cacerts/
13ADD entrypoint.sh /
14
15ENTRYPOINT [ "/entrypoint.sh" ]
16CMD [ "/usr/sbin/ipsec", "start", "--nofork" ]
diff --git a/strongswan/Makefile b/strongswan/Makefile
deleted file mode 100644
index 7913802..0000000
--- a/strongswan/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
1IMAGE=docker.crute.me/strongswan:latest
2
3all:
4 docker build -t $(IMAGE) .
5
6all-no-cache:
7 docker build --no-cache -t $(IMAGE) .
8
9run:
10 @echo "Not configured"
11 @exit 1
12
13publish:
14 docker push $(IMAGE)
diff --git a/strongswan/entrypoint.sh b/strongswan/entrypoint.sh
deleted file mode 100755
index 22dff19..0000000
--- a/strongswan/entrypoint.sh
+++ /dev/null
@@ -1,24 +0,0 @@
1#!/bin/sh
2
3if [ ! -f "/config/vpn-cert.pem" ]; then
4 echo "Missing VPN server cert at '/config/vpn-cert.pem'"
5 exit 1
6fi
7cp /config/vpn-cert.pem /etc/ipsec.d/certs/vpn.pem
8chmod 444 /etc/ipsec.d/certs/vpn.pem
9
10if [ ! -f "/config/vpn-key.pem" ]; then
11 echo "Missing VPN server key at '/config/vpn-key.pem'"
12 exit 1
13fi
14cp /config/vpn-key.pem /etc/ipsec.d/private/vpn.pem
15chmod 400 /etc/ipsec.d/private/vpn.pem
16
17if [ ! -f "/config/ipsec.conf" ]; then
18 echo "Missing VPN server config at '/config/ipsec.conf'"
19 exit 1
20fi
21cp /config/ipsec.conf /etc/ipsec.conf
22chmod 444 /etc/ipsec.conf
23
24exec "$@"
diff --git a/stund/Dockerfile b/stund/Dockerfile
deleted file mode 100644
index 962ecb6..0000000
--- a/stund/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
1FROM alpine:latest
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4RUN set -euxo pipefail; \
5 apk add --no-cache \
6 dumb-init \
7 su-exec \
8 libnice; \
9 adduser -SDH stun
10
11CMD [ \
12 "/usr/bin/dumb-init", "-c", \
13 "/sbin/su-exec", "stun", \
14 "/usr/bin/stund", "-4" \
15]
diff --git a/stund/Makefile b/stund/Makefile
deleted file mode 100644
index a0fa40d..0000000
--- a/stund/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
1VERSION=latest
2IMAGE=docker.crute.me/stund
3
4all:
5 docker build -t $(IMAGE):$(VERSION) .
6
7all-no-cache:
8 docker build \
9 --no-cache \
10 -t $(IMAGE):$(VERSION) .
11
12run:
13 docker run -d \
14 -p 3478:3478/udp \
15 $(IMAGE):$(VERSION)
16
17publish:
18 docker push $(IMAGE):$(VERSION)
19 docker tag $(IMAGE):$(VERSION) $(IMAGE):latest
20 docker push $(IMAGE):latest
diff --git a/unifi-video/Dockerfile b/unifi-video/Dockerfile
deleted file mode 100644
index ae584b0..0000000
--- a/unifi-video/Dockerfile
+++ /dev/null
@@ -1,61 +0,0 @@
1FROM frolvlad/alpine-java:jre8-slim
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4ARG dl_url
5
6ADD lsb_release /usr/bin
7ADD log4j2.json /tmp
8
9RUN \
10 # Validate required arguments were passed
11 test -z "${dl_url}" && { echo -e "\033[31mMissing build parameter 'dl_url'\033[39m"; exit 1; }; \
12 \
13 # Install build and run dependencies
14 apk add --no-cache --virtual .build-deps \
15 binutils \
16 ca-certificates \
17 curl \
18 && apk add --no-cache \
19 dumb-init \
20 libcap \
21 mongodb \
22 su-exec \
23 \
24 # Fetch the Unifi package
25 && cd /tmp \
26 && curl -s -o unifi_video.deb "${dl_url}" \
27 \
28 # Unpack the debian package and "install" it
29 && ar x unifi_video.deb \
30 && mkdir debian \
31 && tar -C debian -xzf control.tar.gz \
32 && tar -xzf data.tar.gz \
33 && rm -rf usr/share usr/sbin \
34 && mv usr/lib/unifi-video /usr/lib \
35 \
36 # Create directories and link everything together
37 && mkdir -p /var/lib/unifi-video /var/log/unifi-video /var/run/unifi-video \
38 && ln -sf /usr/bin/mongod /usr/lib/unifi-video/bin/mongod \
39 && ln -sf /var/lib/unifi-video /usr/lib/unifi-video/data \
40 && ln -sf /var/log/unifi-video /usr/lib/unifi-video/logs \
41 && ln -sf /var/run/unifi-video /usr/lib/unifi-video/run \
42 \
43 # Create Tomcat directories
44 && mkdir -p /usr/lib/unifi-video/conf/Catalina \
45 && mkdir -p /usr/lib/unifi-video/work \
46 \
47 # Write out version file
48 && VERSIG=$(awk '/^VERSIG/ { split($1, a, "="); print a[2]; }' debian/postinst) \
49 && echo "NVR.x86_64.${VERSIG}" > /etc/discovery.version \
50 \
51 # Install our customizations
52 && mv /tmp/log4j2.json /usr/lib/unifi-video \
53 \
54 # Cleanup
55 && apk del .build-deps \
56 && rm -rf /tmp/*
57
58ADD entrypoint.sh /
59
60STOPSIGNAL SIGTERM
61ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/unifi-video/Makefile b/unifi-video/Makefile
deleted file mode 100644
index 1b8fde4..0000000
--- a/unifi-video/Makefile
+++ /dev/null
@@ -1,39 +0,0 @@
1VERSION=3.10.13
2IMAGE=docker.crute.me/unifi-video
3DL_URL="https://dl.ubnt.com/firmwares/ufv/v$(VERSION)/unifi-video.Ubuntu16.04_amd64.v$(VERSION).deb"
4
5all:
6 docker pull frolvlad/alpine-java:jre8-slim
7 docker build \
8 --build-arg=dl_url=$(DL_URL) \
9 -t $(IMAGE):$(VERSION) .
10
11all-no-cache:
12 docker build \
13 --no-cache \
14 --build-arg=dl_url=$(DL_URL) \
15 -t $(IMAGE):$(VERSION) .
16
17run:
18 # 6666 - Inbound Camera Streams
19 # 7080 - HTTP Web UI
20 # 7442 - Camera Management
21 # 7443 - HTTPS Web UI
22 # 7445 - Video Over HTTP
23 # 7446 - Video Over HTTPS
24 # 7447 - RTSP via Controller
25 docker run \
26 -p 6666:6666 \
27 -p 7080:7080 \
28 -p 7442:7442 \
29 -p 7443:7443 \
30 -p 7445:7445 \
31 -p 7446:7446 \
32 -p 7447:7447 \
33 -v /home/mcrute/tmp/unifi-data:/var/lib/unifi-video \
34 $(IMAGE):$(VERSION)
35
36publish:
37 docker push $(IMAGE):$(VERSION)
38 docker tag $(IMAGE):$(VERSION) $(IMAGE):latest
39 docker push $(IMAGE):latest
diff --git a/unifi-video/entrypoint.sh b/unifi-video/entrypoint.sh
deleted file mode 100755
index 7b1e7b1..0000000
--- a/unifi-video/entrypoint.sh
+++ /dev/null
@@ -1,97 +0,0 @@
1#!/bin/sh
2
3set -e
4
5USERNAME="unifi-video"
6BASEDIR="/usr/lib/unifi-video"
7DATA_DIR="${BASEDIR}/data"
8
9# Default UID/GID to owner of the data directory
10UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)}
11UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)}
12
13if [ "$UNIFI_UID" = 0 -o "$UNIFI_GID" = 0 ]; then
14 echo "Set UNIFI_UID and UNIFI_GID in environment"
15 exit 1
16else
17 echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID"
18fi
19
20cd ${BASEDIR}
21
22# Create the user and group if they don't exist
23if ! grep "^${USERNAME}:" /etc/group &>/dev/null; then
24 addgroup -g ${UNIFI_GID} -S ${USERNAME}
25fi
26if ! grep "^${USERNAME}:" /etc/passwd &>/dev/null; then
27 adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
28fi
29
30mkdir -p /var/log/mongodb/logs
31
32# Update permissions on the root directories
33chown -R ${USERNAME}:${USERNAME} \
34 /var/run/unifi-video \
35 /var/log/unifi-video \
36 /var/lib/unifi-video \
37 /var/log/mongodb/logs
38
39chown -R ${USERNAME}:${USERNAME} \
40 /usr/lib/unifi-video/conf/evostream \
41 /usr/lib/unifi-video/webapps \
42 /usr/lib/unifi-video/conf/Catalina \
43 /usr/lib/unifi-video/work
44
45# But do not let the unifi user write the ROOT WAR
46chown root:root /usr/lib/unifi-video/webapps/ROOT.war
47
48# Setup tmpfs if the user mounted it
49TMPFS_ARG=
50TMPFS_DIR="/var/cache/unifi-video"
51if [ -d $TMPFS_DIR ]; then
52 TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}"
53 chown ${USERNAME} ${TMPFS_DIR}
54 chmod -R 0700 ${TMPFS_DIR}
55fi
56
57# Do the base setup and migrate files
58if [ ! -f "${DATA_DIR}/system.properties" ]; then
59 cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties"
60fi
61
62if [ -f "${DATA_DIR}/truststore" ]; then
63 rm -f "${DATA_DIR}/truststore"
64fi
65
66if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then
67 cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore"
68fi
69
70chown -h ${USERNAME}:${USERNAME} \
71 "${DATA_DIR}" \
72 "${DATA_DIR}/system.properties" \
73 "${DATA_DIR}/ufv-truststore"
74
75# Cleanup mongodb lock file if it exists otherwise the controller will freeze
76# forever trying to start Mongo
77[ -f data/db/mongod.lock ] && rm data/db/mongod.lock
78
79# Allow running a shell in the container
80if [ ! -z "$@" ]; then
81 /sbin/su-exec ${USERNAME} "$@"
82else
83 # Replace the current process with a scoped-down controller. The java app
84 # is designed to do its own job control but it has to run with an init
85 # system or it doesn't get the signals from docker.
86 exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/jre/bin/java \
87 -cp ${BASEDIR}/lib/airvision.jar \
88 -Dlog4j.configurationFile=${BASEDIR}/log4j2.json \
89 ${TMPFS_ARG} \
90 -Djava.library.path=${BASEDIR}/lib \
91 -Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \
92 -Djava.security.egd=file:/dev/urandom \
93 -Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \
94 -Djava.awt.headless=true \
95 -Dfile.encoding=UTF-8 \
96 com.ubnt.airvision.Main start
97fi
diff --git a/unifi-video/log4j2.json b/unifi-video/log4j2.json
deleted file mode 100644
index 6e0270c..0000000
--- a/unifi-video/log4j2.json
+++ /dev/null
@@ -1,135 +0,0 @@
1{
2 "configuration": {
3 "name": "Release",
4
5 "properties": {
6 "property": {
7 "name": "fileAppenderLayout",
8 "value": "%d{UNIX}.%d{SSS} %d{yyyy-MM-dd HH:mm:ss.SSS/zzz}: %-6p %m in %t%n"
9 }
10 },
11
12 "appenders": {
13 "appender": [
14 {
15 "type": "Console",
16 "name": "STDOUT",
17 "patternLayout": { "pattern": "${fileAppenderLayout}" },
18 "thresholdFilter": { "level": "trace" }
19 }
20 ]
21 },
22
23 "loggers": {
24 "root": {
25 "level": "warn",
26 "AppenderRef": [
27 { "ref": "STDOUT" }
28 ]
29 },
30 "logger": [
31 { "name": "uv", "level": "INFO" },
32 { "name": "com.ubnt", "level": "off" },
33 { "name": "org.apache.commons.httpclient", "level": "error" },
34 { "name": "com.mongodb", "level": "error" },
35 { "name": "javax.jmdns", "level": "fatal" },
36 { "name": "net.schmizz", "level": "fatal" },
37 { "name": "org.apache.catalina.startup.Catalina", "level": "error" },
38 { "name": "org.apache.catalina.startup.DigesterFactory", "level": "error" },
39 { "name": "org.apache.tomcat.util.digester.Digester", "level": "error" },
40 { "name": "org.atmosphere.cpr.SessionSupport", "level": "error" },
41 {
42 "name": "uv.service.recording",
43 "level": "info", "additivity": "false",
44 "AppenderRef": [
45 { "ref": "STDOUT" }
46 ]
47 },
48 {
49 "name": "uv.service.recording.sync",
50 "level": "debug", "additivity": "false",
51 "AppenderRef": [
52 { "ref": "STDOUT" }
53 ]
54 },
55 {
56 "name": "uv.service.recording.segments",
57 "level": "debug", "additivity": "false",
58 "AppenderRef": [
59 { "ref": "STDOUT" }
60 ]
61 },
62 {
63 "name": "uv.service.connection",
64 "level": "info", "additivity": "false",
65 "AppenderRef": [
66 { "ref": "STDOUT" }
67 ]
68 },
69 {
70 "name": "uv.purge",
71 "level": "info", "additivity": "false",
72 "AppenderRef": [
73 { "ref": "STDOUT" }
74 ]
75 },
76 {
77 "name": "uv.service.motion",
78 "level": "info", "additivity": "false",
79 "AppenderRef": [
80 { "ref": "STDOUT" }
81 ]
82 },
83 {
84 "name": "uv.stream",
85 "level": "info", "additivity": "false",
86 "AppenderRef": [
87 { "ref": "STDOUT" }
88 ]
89 },
90 {
91 "name": "uv.comm.ems",
92 "level": "info", "additivity": "false",
93 "AppenderRef": [
94 { "ref": "STDOUT" }
95 ]
96 },
97 {
98 "name": "uv.comm.camera",
99 "level": "info", "additivity": "false",
100 "AppenderRef": [
101 { "ref": "STDOUT" }
102 ]
103 },
104 {
105 "name": "uv.comm.sso",
106 "level": "info", "additivity": "false",
107 "AppenderRef": [
108 { "ref": "STDOUT" }
109 ]
110 },
111 {
112 "name": "uv.service.dbMigration",
113 "level": "info", "additivity": "false",
114 "AppenderRef": [
115 { "ref": "STDOUT" }
116 ]
117 },
118 {
119 "name": "uv.service.hls",
120 "level": "info", "additivity": "false",
121 "AppenderRef": [
122 { "ref": "STDOUT" }
123 ]
124 },
125 {
126 "name": "uv.login",
127 "level": "info", "additivity": "false",
128 "AppenderRef": [
129 { "ref": "STDOUT" }
130 ]
131 }
132 ]
133 }
134 }
135}
diff --git a/unifi-video/lsb_release b/unifi-video/lsb_release
deleted file mode 100755
index 2edb739..0000000
--- a/unifi-video/lsb_release
+++ /dev/null
@@ -1,13 +0,0 @@
1#!/bin/sh
2#
3# Stub called by the controller to do software update checks. Absence causes
4# failure. Since we're running alpine but UBNT doesn't know what that is just
5# lie and say we're Ubuntu
6#
7
8cat <<EOF
9Distributor ID: Ubuntu
10Description: Ubuntu 16.04.3 LTS
11Release: 16.04
12Codename: xenial
13EOF
diff --git a/unifi/.dockerignore b/unifi/.dockerignore
deleted file mode 100644
index f3c7a7c..0000000
--- a/unifi/.dockerignore
+++ /dev/null
@@ -1 +0,0 @@
1Makefile
diff --git a/unifi/Dockerfile b/unifi/Dockerfile
deleted file mode 100644
index b04fd2d..0000000
--- a/unifi/Dockerfile
+++ /dev/null
@@ -1,60 +0,0 @@
1FROM alpine:edge
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4# TODO: Move all the unpacking stuff to the Makefile
5
6ARG deb_version
7ARG checksum
8
9ADD log4j.properties /tmp/
10
11RUN set -euxo pipefail; \
12 # Validate required arguments were passed
13 test -z "${deb_version}" && { echo -e "\033[31mMissing build parameter 'deb_version'\033[39m"; exit 1; }; \
14 test -z "${checksum}" && { echo -e "\033[31mMissing build parameter 'checksum'\033[39m"; exit 1; }; \
15 \
16 # Install build and run dependencies
17 apk add --no-cache --virtual .build-deps \
18 binutils \
19 ca-certificates \
20 curl \
21 && apk add --no-cache \
22 dumb-init \
23 java-snappy \
24 libcap \
25 nss \
26 openjdk17-jre-headless \
27 su-exec \
28 \
29 # Fetch the Unifi package and validate the checksum before unpacking
30 && cd /tmp \
31 && curl -sO "https://dl.ui.com/unifi/${deb_version}/unifi_sysvinit_all.deb" \
32 && echo "${checksum} *unifi_sysvinit_all.deb" > checksums.txt \
33 && sha256sum -sc checksums.txt \
34 \
35 # Unpack the debian package and "install" it
36 && ar x unifi_sysvinit_all.deb \
37 && tar -xJf data.tar.xz \
38 && rm usr/lib/unifi/bin/unifi.init \
39 && mv usr/lib/unifi /usr/lib \
40 \
41 # Create directories and link everything together
42 && mkdir -p /var/lib/unifi /var/log/unifi /var/run/unifi \
43 && ln -sf /usr/bin/mongod /usr/lib/unifi/bin/mongod \
44 && ln -sf /var/lib/unifi /usr/lib/unifi/data \
45 && ln -sf /var/log/unifi /usr/lib/unifi/logs \
46 && ln -sf /var/run/unifi /usr/lib/unifi/run \
47 \
48 # Install our customizations
49 && mv /tmp/log4j.properties /usr/lib/unifi \
50 \
51 # Cleanup
52 && apk del .build-deps \
53 && rm -rf /tmp/*
54
55ADD unifi-setup.sh /
56ADD simplevisor.json /
57ADD simplevisor /
58
59STOPSIGNAL SIGTERM
60ENTRYPOINT [ "/simplevisor" ]
diff --git a/unifi/Makefile b/unifi/Makefile
deleted file mode 100644
index 36f0327..0000000
--- a/unifi/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
1VERSION=8.0.7
2VERSION_SUFFIX=-7a3d06144a
3VERSION_TAG=$(VERSION)-0
4IMAGE=docker.crute.me/unifi:$(VERSION_TAG)
5LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest
6
7DEB_VERSION="$(VERSION)$(VERSION_SUFFIX)"
8CHECKSUM="4221d7a0f8ce66c58a4f71b70ba6f32e16310429d3fe8165bf0f47bbdb6401a6"
9
10all:
11 docker pull alpine:latest
12 docker build \
13 --no-cache \
14 --build-arg=deb_version=$(DEB_VERSION) \
15 --build-arg=checksum=$(CHECKSUM) \
16 -t $(IMAGE) .
17
18all-no-cache:
19 docker build \
20 --no-cache \
21 --build-arg=deb_version=$(DEB_VERSION) \
22 --build-arg=checksum=$(CHECKSUM) \
23 -t $(IMAGE) .
24
25run:
26 docker run -d \
27 -e UNIFI_UID=1001 \
28 -e UNIFI_GID=1001 \
29 -p 8080:8080 \
30 -p 8443:8443 \
31 $(IMAGE)
32
33publish:
34 docker push $(IMAGE)
35
36publish-prod:
37 docker tag $(IMAGE) $(LATEST)
38 docker push $(LATEST)
diff --git a/unifi/log4j.properties b/unifi/log4j.properties
deleted file mode 100644
index 643c623..0000000
--- a/unifi/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
1log4j.rootLogger=INFO,server_log
2
3log4j.appender.server_log=org.apache.log4j.ConsoleAppender
4log4j.appender.server_log.layout=org.apache.log4j.PatternLayout
5log4j.appender.server_log.layout.ConversionPattern=[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n
6
7log4j.logger.java=INFO
8log4j.logger.javax=INFO
9log4j.logger.javax.jmdns=INFO
10log4j.logger.sun=INFO
11log4j.logger.org.apache=INFO
12log4j.logger.httpclient.wire=INFO
13log4j.logger.net.schmizz=INFO
14log4j.logger.com.codahale=INFO
15log4j.logger.org.apache.jasper=INFO
16log4j.logger.org.apache.tomcat=INFO
17log4j.logger.org.apache.commons=INFO
18log4j.logger.org.apache.catalina=INFO
19
20log4j.logger.org.springframework=INFO
21log4j.logger.de.javawi.jstun=INFO
22log4j.logger.com.mongodb=INFO
23
24log4j.logger.com.ubnt=INFO
25log4j.logger.com.ubiquiti=INFO
diff --git a/unifi/simplevisor.json b/unifi/simplevisor.json
deleted file mode 100644
index 566c872..0000000
--- a/unifi/simplevisor.json
+++ /dev/null
@@ -1,53 +0,0 @@
1{
2 "env": {
3 "pass": [
4 "PATH",
5 "HOSTNAME",
6 "SHLVL",
7 "HOME",
8 "PWD",
9
10 "UNIFI_UID",
11 "UNIFI_GID",
12
13 "MONGO_URL",
14 "MONGO_STATS_URL"
15 ],
16 "vault-replace": [
17 "MONGO_USER",
18 "MONGO_PASSWORD"
19 ],
20 "vault-template": [
21 "MONGO_URL",
22 "MONGO_STATS_URL"
23 ]
24 },
25 "jobs": {
26 "init": [
27 {
28 "cmd": ["/unifi-setup.sh"],
29 "run-as": "root"
30 }
31 ],
32 "main": [
33 {
34 "cmd": [
35 "/usr/lib/jvm/default-jvm/bin/java",
36 "-cp", "/usr/lib/unifi/lib/ace.jar",
37 "-Dlog4j.configuration=file:/usr/lib/unifi/log4j.properties",
38 "-Dlog4j2.formatMsgNoLookups=true",
39 "-Dunifi.datadir=/usr/lib/unifi/data",
40 "-Dunifi.logdir=/usr/lib/unifi/logs",
41 "-Dunifi.rundir=/usr/lib/unifi/run",
42 "-Xmx1024M",
43 "-Djava.awt.headless=true",
44 "-Dorg.xerial.snappy.use.systemlib=true",
45 "-Dfile.encoding=UTF-8",
46 "--add-opens=java.base/java.time=ALL-UNNAMED",
47 "com.ubnt.ace.Launcher", "start"
48 ],
49 "run-as": "unifi"
50 }
51 ]
52 }
53}
diff --git a/unifi/unifi-setup.sh b/unifi/unifi-setup.sh
deleted file mode 100755
index 86153b5..0000000
--- a/unifi/unifi-setup.sh
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3set -e
4
5USERNAME="unifi"
6BASEDIR="/usr/lib/unifi"
7DATA_DIR="${BASEDIR}/data"
8
9# Default UID/GID to owner of the data directory
10UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)}
11UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)}
12
13if [ "$UNIFI_GID" = 0 -o "$UNIFI_GID" = 0 ]; then
14 echo "Set UNIFI_UID and UNIFI_GID in environment"
15 exit 1
16else
17 echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID"
18fi
19
20cd ${BASEDIR}
21
22# Create the user and group
23if ! getent group ${USERNAME} > /dev/null 2>&1; then
24 addgroup -g ${UNIFI_GID} -S ${USERNAME}
25fi
26if ! getent passwd ${USERNAME} > /dev/null 2>&1; then
27 adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
28fi
29
30# Update permissions on the root directories
31chown -R ${USERNAME}:${USERNAME} \
32 /var/lib/unifi \
33 /var/log/unifi \
34 /var/run/unifi \
35 /usr/lib/unifi/dl
36
37ln -s /var/log/unifi /logs
38
39# Cleanup mongodb lock file if it exists otherwise the controller will freeze
40# forever trying to start Mongo
41[ -f data/db/mongod.lock ] && rm data/db/mongod.lock
42
43if [ -n "$MONGO_URL" ]; then
44 echo "Using external mongodb instance"
45 echo "db.mongo.local=false" >> /var/lib/unifi/system.properties
46 echo "db.mongo.uri=${MONGO_URL}" >> /var/lib/unifi/system.properties
47 echo "statdb.mongo.uri=${MONGO_STATS_URL}" >> /var/lib/unifi/system.properties
48 echo "unifi.db.name=${MONGO_DB_NAME:-ace}" >> /var/lib/unifi/system.properties
49 echo "statdb.db.name=${MONGO_STATS_DB_NAME:-ace_stat}" >> /var/lib/unifi/system.properties
50fi
51
52# If this is set that the controller will start with no settings and will run
53# the setup.
54#
55# WARNING! If this is set on a live database then the controller will delete
56# all data and start fresh.
57if [ -z "$START_DEFAULT" ]; then
58 echo "is_default=false" >> /var/lib/unifi/system.properties
59fi
60
61# Replace the current process with a scoped-down controller. The java app
62# is designed to do its own job control but it has to run with an init
63# system or it doesn't get the signals from docker.
64#
65# Use the snappy native library installed with apk because the bundled on
66# is built against libc which is not available in Alpine. Without this
67# inform will fail with a decompression library error.
68
69# NOTE: This has been migrated to simplevisor.json
diff --git a/vlc/Dockerfile b/vlc/Dockerfile
deleted file mode 100644
index 2c7f50d..0000000
--- a/vlc/Dockerfile
+++ /dev/null
@@ -1,13 +0,0 @@
1FROM ubuntu:16.04
2
3RUN export DEBIAN_FRONTEND=noninteractive && \
4# sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \
5 apt-get update && \
6 apt-get install -y apt-utils vlc
7
8RUN \
9 apt-get clean && \
10 rm -rf /var/lib/apt/lists/* && \
11 rm -rf /tmp/*
12
13ENTRYPOINT [ "/usr/bin/vlc" ]
diff --git a/vlc/run b/vlc/run
deleted file mode 100755
index 7a4004c..0000000
--- a/vlc/run
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/bash
2
3docker run -ti --rm --net=host \
4 -w `pwd` \
5 -e DISPLAY \
6 -e XAUTHORITY=$HOME/.Xauthority \
7 -v $HOME/.Xauthority:$HOME/.Xauthority:ro \
8 -v `pwd`:`pwd`:ro \
9 vlc "$@"
diff --git a/wekan/Dockerfile b/wekan/Dockerfile
deleted file mode 100644
index 4d810d9..0000000
--- a/wekan/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
1FROM quay.io/wekan/wekan:v6.28
2LABEL maintainer="Mike Crute <mike@crute.us>"
3
4USER root
5
6RUN set -eux; \
7 \
8 mkdir -p /etc/ssl/certs;
9
10ADD /simplevisor /simplevisor
11ADD /simplevisor.json /simplevisor.json
12ADD /isrgrootx1.pem /etc/ssl/certs/isrgrootx1.pem
13ADD /isrg-root-x1-cross-signed.pem /etc/ssl/certs/isrg-root-x1-cross-signed.pem
14
15CMD [ "/simplevisor" ]
diff --git a/wekan/Makefile b/wekan/Makefile
deleted file mode 100644
index 0a6d096..0000000
--- a/wekan/Makefile
+++ /dev/null
@@ -1,35 +0,0 @@
1VERSION=6.28
2VERSION_TAG=$(VERSION)
3IMAGE=docker.crute.me/wekan:$(VERSION_TAG)
4LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest
5
6.PHONY: all
7all:
8 sed -i "s#^FROM .*#FROM quay.io/wekan/wekan:v$(VERSION)#" Dockerfile
9 curl -O https://letsencrypt.org/certs/isrgrootx1.pem
10 curl -O https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem
11 docker pull quay.io/wekan/wekan:v$(VERSION)
12 docker build -t $(IMAGE) .
13
14.PHONY: all-no-cache
15all-no-cache:
16 docker build --no-cache -t $(IMAGE) .
17
18.PHONY: run
19run:
20 docker run -d \
21 -p 9110:9000 \
22 -p 9111:9001 \
23 -v /srv/code:/srv/code \
24 $(IMAGE)
25
26.PHONY: publish
27publish:
28 docker push $(IMAGE)
29 docker tag $(IMAGE) $(LATEST)
30 docker push $(LATEST)
31
32
33.PHONY: clean
34clean:
35 rm -f isrg-root-x1-cross-signed.pem isrgrootx1.pem || true
diff --git a/wekan/simplevisor.json b/wekan/simplevisor.json
deleted file mode 100644
index 55dd77a..0000000
--- a/wekan/simplevisor.json
+++ /dev/null
@@ -1,20 +0,0 @@
1{
2 "env": {
3 "pass-all": true,
4 "vault-replace": [
5 "MONGO_USER",
6 "MONGO_PASSWORD"
7 ],
8 "vault-template": [
9 "MONGO_URL"
10 ]
11 },
12 "jobs": {
13 "main": [
14 {
15 "cmd": ["/bin/bash", "-c", "ulimit -s 65500; exec node --stack-size=65500 /build/main.js"],
16 "run-as": "wekan"
17 }
18 ]
19 }
20}
diff --git a/znc/Dockerfile b/znc/Dockerfile
deleted file mode 100644
index 9e7f4f7..0000000
--- a/znc/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
1FROM alpine:latest
2
3RUN set -euxo pipefail; \
4 apk add --no-cache znc znc-extra su-exec;
5
6COPY push.so /usr/lib/znc/push.so
7COPY clientbuffer.so /usr/lib/znc/clientbuffer.so
8COPY entrypoint.sh /entrypoint.sh
9
10ENTRYPOINT [ "/entrypoint.sh" ]
11CMD [ "znc", "-f" ]
diff --git a/znc/clientbuffer.so b/znc/clientbuffer.so
deleted file mode 100755
index 3dcdf32..0000000
--- a/znc/clientbuffer.so
+++ /dev/null
Binary files differ
diff --git a/znc/entrypoint.sh b/znc/entrypoint.sh
deleted file mode 100755
index 8c3f5a9..0000000
--- a/znc/entrypoint.sh
+++ /dev/null
@@ -1,5 +0,0 @@
1#!/bin/sh
2
3chown -R znc:znc /var/lib/znc/.znc
4
5/sbin/su-exec znc "$@"
diff --git a/znc/push.so b/znc/push.so
deleted file mode 100755
index 9443c5f..0000000
--- a/znc/push.so
+++ /dev/null
Binary files differ
© 2015 Mike Crute