From a6dcbdda8fb66393be7e12bd3a90b77c203987d1 Mon Sep 17 00:00:00 2001 From: Mike Crute Date: Tue, 21 Nov 2023 21:19:38 -0800 Subject: Remove old builds --- al2-wireguard/Dockerfile | 56 ------ al2-wireguard/Makefile | 25 --- al2-wireguard/entrypoint.sh | 18 -- auto-dvd-ripper/Dockerfile | 19 -- auto-dvd-ripper/Makefile | 23 --- auto-dvd-ripper/entrypoint.sh | 5 - auto-dvd-ripper/handbrake-1.0.7-r5.apk | Bin 326824 -> 0 bytes auto-dvd-ripper/rip_dvd.sh | 64 ------- awstats/Dockerfile | 66 ------- awstats/Makefile | 11 -- awstats/build.sh | 45 ----- bird/Dockerfile | 11 -- bird/Makefile | 17 -- bird/bird_common.conf | 90 ---------- bird/entrypoint.sh | 15 -- bitbucket/Dockerfile | 29 ---- bitbucket/Makefile | 12 -- bitbucket/entrypoint.sh | 13 -- bitbucket/su-exec | Bin 15752 -> 0 bytes bugzilla/Dockerfile | 144 --------------- bugzilla/Makefile | 20 --- bugzilla/binaries/Bright-Skin.tar.gz | Bin 128077 -> 0 bytes .../binaries/libpatchreader-perl_0.9.6-1_all.deb | Bin 11580 -> 0 bytes .../binaries/libtheschwartz-perl_1.12-1_all.deb | Bin 41112 -> 0 bytes bugzilla/etc/cron.d/bugzilla | 3 - bugzilla/etc/nginx/sites-available/bugzilla | 41 ----- bugzilla/etc/service/bugzilla/log/run | 3 - bugzilla/etc/service/bugzilla/run | 10 -- bugzilla/etc/service/cron/log/run | 3 - bugzilla/etc/service/cron/run | 3 - bugzilla/etc/service/nginx/log/run | 3 - bugzilla/etc/service/nginx/run | 3 - bugzilla/etc/service/syslog-ng/run | 3 - bugzilla/etc/syslog-ng/syslog-ng.conf | 6 - bugzilla/patches/answers.pl | 6 - bugzilla/patches/email_in.pl.patch | 11 -- bugzilla/sbin/sendmail | 104 ----------- bugzilla/usr/bin/bugzilla_fetch.py | 24 --- bugzilla/usr/bin/dumb-init | Bin 857208 -> 0 bytes bugzilla/usr/bin/su-exec | Bin 15752 -> 0 bytes bugzilla/usr/sbin/sendmail | 108 ------------ chrome/Dockerfile | 29 ---- chrome/run | 8 - datastudio/Dockerfile | 29 ---- datastudio/run | 30 ---- dropbox/Dockerfile | 19 -- dropbox/Makefile | 21 --- dropbox/dropbox-srv/log/run | 3 - dropbox/dropbox-srv/run | 3 - dropbox/entrypoint.sh | 37 ---- feh/Dockerfile | 12 -- feh/run | 9 - intellij-idea/Dockerfile | 31 ---- intellij-idea/Makefile | 17 -- intellij-idea/run | 28 --- irssi/Dockerfile | 27 --- irssi/Makefile | 5 - irssi/entrypoint.sh | 5 - irssi/run | 9 - mariadb/Dockerfile | 33 ---- mariadb/Makefile | 22 --- mariadb/docker-entrypoint.sh | 193 --------------------- mfi/Dockerfile | 39 ----- mfi/Makefile | 10 -- mosquitto/Dockerfile | 9 - mosquitto/Makefile | 20 --- mutt/Dockerfile | 16 -- mutt/Makefile | 2 - mutt/entrypoint.sh | 28 --- mutt/run | 40 ----- newsboat/Dockerfile | 13 -- newsboat/Makefile | 13 -- newsboat/entrypoint.sh | 31 ---- ping_tester/Dockerfile | 9 - ping_tester/Makefile | 11 -- ping_tester/ping_test.py | 103 ----------- psql/Dockerfile | 12 -- psql/run | 7 - s3cmd/Dockerfile | 22 --- s3cmd/run | 9 - skopeo/Dockerfile | 9 - skopeo/Makefile | 20 --- smokeping_prober/Dockerfile | 14 -- smokeping_prober/Makefile | 18 -- ssh-bastion/Dockerfile | 16 -- ssh-bastion/Makefile | 16 -- ssh-bastion/entrypoint.sh | 40 ----- ssh-bastion/etc/pam.d/sshd | 5 - ssh-bastion/etc/ssh/sshd_config | 101 ----------- strongswan/Dockerfile | 16 -- strongswan/Makefile | 14 -- strongswan/entrypoint.sh | 24 --- stund/Dockerfile | 15 -- stund/Makefile | 20 --- unifi-video/Dockerfile | 61 ------- unifi-video/Makefile | 39 ----- unifi-video/entrypoint.sh | 97 ----------- unifi-video/log4j2.json | 135 -------------- unifi-video/lsb_release | 13 -- unifi/.dockerignore | 1 - unifi/Dockerfile | 60 ------- unifi/Makefile | 38 ---- unifi/log4j.properties | 25 --- unifi/simplevisor.json | 53 ------ unifi/unifi-setup.sh | 69 -------- vlc/Dockerfile | 13 -- vlc/run | 9 - wekan/Dockerfile | 15 -- wekan/Makefile | 35 ---- wekan/simplevisor.json | 20 --- znc/Dockerfile | 11 -- znc/clientbuffer.so | Bin 47080 -> 0 bytes znc/entrypoint.sh | 5 - znc/push.so | Bin 169888 -> 0 bytes 114 files changed, 3005 deletions(-) delete mode 100644 al2-wireguard/Dockerfile delete mode 100644 al2-wireguard/Makefile delete mode 100755 al2-wireguard/entrypoint.sh delete mode 100644 auto-dvd-ripper/Dockerfile delete mode 100644 auto-dvd-ripper/Makefile delete mode 100755 auto-dvd-ripper/entrypoint.sh delete mode 100644 auto-dvd-ripper/handbrake-1.0.7-r5.apk delete mode 100755 auto-dvd-ripper/rip_dvd.sh delete mode 100644 awstats/Dockerfile delete mode 100644 awstats/Makefile delete mode 100755 awstats/build.sh delete mode 100644 bird/Dockerfile delete mode 100644 bird/Makefile delete mode 100644 bird/bird_common.conf delete mode 100755 bird/entrypoint.sh delete mode 100644 bitbucket/Dockerfile delete mode 100644 bitbucket/Makefile delete mode 100755 bitbucket/entrypoint.sh delete mode 100755 bitbucket/su-exec delete mode 100644 bugzilla/Dockerfile delete mode 100644 bugzilla/Makefile delete mode 100644 bugzilla/binaries/Bright-Skin.tar.gz delete mode 100644 bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb delete mode 100644 bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb delete mode 100644 bugzilla/etc/cron.d/bugzilla delete mode 100644 bugzilla/etc/nginx/sites-available/bugzilla delete mode 100755 bugzilla/etc/service/bugzilla/log/run delete mode 100755 bugzilla/etc/service/bugzilla/run delete mode 100755 bugzilla/etc/service/cron/log/run delete mode 100755 bugzilla/etc/service/cron/run delete mode 100755 bugzilla/etc/service/nginx/log/run delete mode 100755 bugzilla/etc/service/nginx/run delete mode 100755 bugzilla/etc/service/syslog-ng/run delete mode 100644 bugzilla/etc/syslog-ng/syslog-ng.conf delete mode 100644 bugzilla/patches/answers.pl delete mode 100644 bugzilla/patches/email_in.pl.patch delete mode 100755 bugzilla/sbin/sendmail delete mode 100755 bugzilla/usr/bin/bugzilla_fetch.py delete mode 100755 bugzilla/usr/bin/dumb-init delete mode 100755 bugzilla/usr/bin/su-exec delete mode 100755 bugzilla/usr/sbin/sendmail delete mode 100644 chrome/Dockerfile delete mode 100755 chrome/run delete mode 100644 datastudio/Dockerfile delete mode 100755 datastudio/run delete mode 100644 dropbox/Dockerfile delete mode 100644 dropbox/Makefile delete mode 100755 dropbox/dropbox-srv/log/run delete mode 100755 dropbox/dropbox-srv/run delete mode 100755 dropbox/entrypoint.sh delete mode 100644 feh/Dockerfile delete mode 100755 feh/run delete mode 100644 intellij-idea/Dockerfile delete mode 100644 intellij-idea/Makefile delete mode 100755 intellij-idea/run delete mode 100644 irssi/Dockerfile delete mode 100644 irssi/Makefile delete mode 100755 irssi/entrypoint.sh delete mode 100755 irssi/run delete mode 100644 mariadb/Dockerfile delete mode 100644 mariadb/Makefile delete mode 100755 mariadb/docker-entrypoint.sh delete mode 100644 mfi/Dockerfile delete mode 100644 mfi/Makefile delete mode 100644 mosquitto/Dockerfile delete mode 100644 mosquitto/Makefile delete mode 100644 mutt/Dockerfile delete mode 100644 mutt/Makefile delete mode 100755 mutt/entrypoint.sh delete mode 100755 mutt/run delete mode 100644 newsboat/Dockerfile delete mode 100644 newsboat/Makefile delete mode 100755 newsboat/entrypoint.sh delete mode 100644 ping_tester/Dockerfile delete mode 100644 ping_tester/Makefile delete mode 100755 ping_tester/ping_test.py delete mode 100644 psql/Dockerfile delete mode 100755 psql/run delete mode 100644 s3cmd/Dockerfile delete mode 100755 s3cmd/run delete mode 100644 skopeo/Dockerfile delete mode 100644 skopeo/Makefile delete mode 100644 smokeping_prober/Dockerfile delete mode 100644 smokeping_prober/Makefile delete mode 100644 ssh-bastion/Dockerfile delete mode 100644 ssh-bastion/Makefile delete mode 100755 ssh-bastion/entrypoint.sh delete mode 100644 ssh-bastion/etc/pam.d/sshd delete mode 100644 ssh-bastion/etc/ssh/sshd_config delete mode 100644 strongswan/Dockerfile delete mode 100644 strongswan/Makefile delete mode 100755 strongswan/entrypoint.sh delete mode 100644 stund/Dockerfile delete mode 100644 stund/Makefile delete mode 100644 unifi-video/Dockerfile delete mode 100644 unifi-video/Makefile delete mode 100755 unifi-video/entrypoint.sh delete mode 100644 unifi-video/log4j2.json delete mode 100755 unifi-video/lsb_release delete mode 100644 unifi/.dockerignore delete mode 100644 unifi/Dockerfile delete mode 100644 unifi/Makefile delete mode 100644 unifi/log4j.properties delete mode 100644 unifi/simplevisor.json delete mode 100755 unifi/unifi-setup.sh delete mode 100644 vlc/Dockerfile delete mode 100755 vlc/run delete mode 100644 wekan/Dockerfile delete mode 100644 wekan/Makefile delete mode 100644 wekan/simplevisor.json delete mode 100644 znc/Dockerfile delete mode 100755 znc/clientbuffer.so delete mode 100755 znc/entrypoint.sh delete mode 100755 znc/push.so diff --git a/al2-wireguard/Dockerfile b/al2-wireguard/Dockerfile deleted file mode 100644 index ca76f37..0000000 --- a/al2-wireguard/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -FROM amazonlinux:2 AS builder -LABEL maintainer="Mike Crute " - -ARG VERSION -ARG REGION - -RUN set -euxo pipefail; \ - echo "${REGION}" > /etc/yum/vars/awsregion; \ - amazon-linux-extras install -y kernel-ng; \ - yum install -y \ - libmnl-devel \ - libmnl-static \ - glibc-static \ - elfutils-libelf-devel \ - kernel-devel \ - pkgconfig \ - "@Development Tools" \ - ; \ - curl -Ls https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${VERSION}.tar.xz | tar -xJC /usr/src; \ - cd /usr/src/WireGuard-${VERSION}/src; \ - \ - make module; \ - make LDFLAGS="-static" tools - - -FROM amazonlinux:2 -LABEL maintainer="Mike Crute " - -ARG VERSION - -COPY --from=builder /usr/src/WireGuard-${VERSION}/ /tmp/WireGuard-${VERSION}/ - -RUN set -euxo pipefail; \ - yum install -y kmod; \ - \ - mkdir -p /opt/wireguard; \ - cp /tmp/WireGuard-${VERSION}/src/wireguard.ko /opt/wireguard; \ - \ - cd /tmp/WireGuard-${VERSION}/src; \ - \ - install -v -d "/usr/bin"; \ - install -v -d "/usr/share/man/man8"; \ - install -v -m 0755 tools/wg "/usr/bin/wg"; \ - install -v -m 0644 tools/man/wg.8 "/usr/share/man/man8/wg.8"; \ - \ - install -v -m 0700 -d "/etc/wireguard"; \ - install -v -m 0755 tools/wg-quick/linux.bash "/usr/bin/wg-quick"; \ - install -v -m 0644 tools/man/wg-quick.8 "/usr/share/man/man8/wg-quick.8"; \ - \ - yum clean all; \ - rm -rf /tmp/WireGuard-${VERSION} /var/cache/yum - -ADD entrypoint.sh / - -ENTRYPOINT [ "/entrypoint.sh" ] -CMD [ "sleep", "infinity" ] diff --git a/al2-wireguard/Makefile b/al2-wireguard/Makefile deleted file mode 100644 index 6b8a2d0..0000000 --- a/al2-wireguard/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -WG_VERSION=0.0.20191206 -FULL_VERSION="$(shell uname -r)-wg-$(WG_VERSION)" -IMAGE=docker.crute.me/al2-wireguard:$(FULL_VERSION) -LATEST=$(subst :$(FULL_VERSION),,$(IMAGE)):latest -REGION="us-west-2" - -all: - docker pull amazonlinux:2 - docker build \ - --build-arg=VERSION=$(WG_VERSION) \ - --build-arg=REGION=$(REGION) \ - -t $(IMAGE) . - -all-no-cache: - docker pull amazonlinux:2 - docker build \ - --no-cache \ - --build-arg=VERSION=$(WG_VERSION) \ - --build-arg=REGION=$(REGION) \ - -t $(IMAGE) . - -publish: - docker push $(IMAGE) - docker tag $(IMAGE) $(LATEST) - docker push $(LATEST) diff --git a/al2-wireguard/entrypoint.sh b/al2-wireguard/entrypoint.sh deleted file mode 100755 index 93f59de..0000000 --- a/al2-wireguard/entrypoint.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -# This needs the SYS_MODULES and NET_ADMIN capabilities -# -# /etc/wireguard should be mounted and include wg-quick configs -# -# /lib/modules/$(uname -r) should be mounted to same in container - -modprobe ip6_udp_tunnel -modprobe udp_tunnel - -insmod /opt/wireguard/wireguard.ko - -for i in /etc/wireguard/*; do - wg-quick up "$(basename ${i/.conf/})" -done - -exec "$@" diff --git a/auto-dvd-ripper/Dockerfile b/auto-dvd-ripper/Dockerfile deleted file mode 100644 index 5994cb7..0000000 --- a/auto-dvd-ripper/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -COPY handbrake-1.0.7-r5.apk /tmp/ - -RUN \ - echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories; \ - apk --no-cache add su-exec dumb-init sg3_utils; \ - apk --no-cache --allow-untrusted add /tmp/handbrake-1.0.7-r5.apk; \ - addgroup -g 1000 -S alpine; \ - adduser -u 1000 -S -H -D -G alpine alpine; \ - addgroup alpine cdrom; \ - rm -rf /root/.cache /tmp/*; - -ADD rip_dvd.sh /usr/bin/ -ADD entrypoint.sh / - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["/sbin/su-exec", "alpine", "/usr/bin/rip_dvd.sh"] diff --git a/auto-dvd-ripper/Makefile b/auto-dvd-ripper/Makefile deleted file mode 100644 index a8c34a7..0000000 --- a/auto-dvd-ripper/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com -IMAGE=auto-dvd-ripper:latest-alpine - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -d \ - --device /dev/cdrom \ - -v /mnt/Media:/mnt/Media \ - -v /var/log/ripper:/var/log/ripper \ - $(IMAGE) - -send: - docker save auto-dvd-ripper:latest-alpine | ssh alpine@snoopy docker load - -publish: - eval $$(aws ecr get-login --region us-west-2) - docker tag $(IMAGE) $(REPO)/$(IMAGE) - docker push $(REPO)/$(IMAGE) diff --git a/auto-dvd-ripper/entrypoint.sh b/auto-dvd-ripper/entrypoint.sh deleted file mode 100755 index 8b1a3e4..0000000 --- a/auto-dvd-ripper/entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -sg_raw /dev/cdrom ea 00 00 00 00 00 01 - -exec /usr/bin/dumb-init "$@" diff --git a/auto-dvd-ripper/handbrake-1.0.7-r5.apk b/auto-dvd-ripper/handbrake-1.0.7-r5.apk deleted file mode 100644 index c103667..0000000 Binary files a/auto-dvd-ripper/handbrake-1.0.7-r5.apk and /dev/null differ diff --git a/auto-dvd-ripper/rip_dvd.sh b/auto-dvd-ripper/rip_dvd.sh deleted file mode 100755 index 9bb79e0..0000000 --- a/auto-dvd-ripper/rip_dvd.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -exec 1> /var/log/ripper/ripper.log 2>&1 - -function handbrake_rip() { - TEMP_FILE="${1}.m4v" - - if [ -e "/mnt/Media/IncomingBackup/$TEMP_FILE" ]; then - TEMP_FILE="NewMovie-$(date +%s).m4v" - fi - - HandBrakeCLI --main-feature --native-language eng \ - -i /dev/cdrom -o "$TEMP_FILE" \ - --subtitle scan --subtitle-burned native - - cp "$TEMP_FILE" "/mnt/Media/Incoming/$TEMP_FILE" -} - -function dvdbackup_rip() { - dvdbackup -i /dev/cdrom -M -p - cp -r "${1}" "/mnt/Media/IncomingBackup/" -} - -function rip_dvd() { - # Make sure we have storage - if ! mount | grep /mnt/Media > /dev/null; then - email "Error: DVD Rip Failed" "Tried to rip but media wasn't mounted" - return 1 - fi - - # Make a temp directory and go there - TEMPDIR=$(mktemp -d) - echo $TEMPDIR - cd $TEMPDIR - - # Get title and language - HandBrakeCLI --scan -i /dev/cdrom > dvdinfo 2>&1 - - TITLE=$(egrep -o 'DVD Title:.*' dvdinfo | awk 'BEGIN { FS=": "; } { print $2 }') - LANGUAGE=$(grep -A 1 'audio tracks:' dvdinfo | sed -n 2p | awk '{ print $3 }') - - # Makeup something unique if the DVD doesn't have one - if [ -z "$TITLE" ]; then - TITLE="NewMovie-$(date +%s)" - fi - - trap "eject /dev/cdrom" ERR - - #dvdbackup_rip "$TITLE" - handbrake_rip "$TITLE" - - eject /dev/cdrom - cd /tmp && rm -rf "$TEMPDIR" -} - -while true; do - if ! blkid /dev/cdrom | grep 'TYPE=' >/dev/null; then - sleep 1 - else - echo "=============================== START DVD RIP ==============================" - rip_dvd - echo "============================== FINISH DVD RIP ==============================" - fi -done diff --git a/awstats/Dockerfile b/awstats/Dockerfile deleted file mode 100644 index 18a679a..0000000 --- a/awstats/Dockerfile +++ /dev/null @@ -1,66 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - - -# TODO: Is this really needed? -# apk add perl-net-ssleay - -RUN set -euxo pipefail; \ - # Install build dependencies - apk add --virtual .build-deps \ - build-base \ - git \ - perl-app-cpanminus \ - perl-dev \ - wget \ - ; \ - apk add \ - curl \ - ; \ - \ - # Install awstats - git clone https://github.com/eldy/awstats.git /opt/awstats; \ - cpanm -n Net::IP Net::DNS; \ - mkdir /etc/awstats; \ - \ - # Install MaxMind GeoIP2 library - apk add perl-net-ssleay; \ - cpanm -n \ - Data::Validate::IP \ - HTTP::Headers \ - HTTP::Request \ - HTTP::Response \ - HTTP::Status \ - JSON::MaybeXS \ - List::SomeUtils \ - LWP::Protocol::https \ - LWP::UserAgent \ - MaxMind::DB::Metadata \ - MaxMind::DB::Reader \ - Moo \ - Moo::Role \ - namespace::clean \ - Params::Validate \ - Path::Class \ - Sub::Quote \ - Test::Fatal \ - Test::Number::Delta \ - Throwable::Error \ - Try::Tiny URI \ - ; \ - \ - git clone https://github.com/maxmind/GeoIP2-perl.git /tmp/GeoIP2-perl; \ - cd /tmp/GeoIP2-perl; \ - perl Makefile.PL; \ - make all install; \ - mkdir /geoip; \ - rm -rf /tmp/GeoIP2-perl; \ - \ - # Cleanup - apk del .build-deps; \ - rm -rf /root/.cpanm/ /var/cache/apk/*; - -ADD main /serve -ADD build.sh /build - -CMD [ "/serve" ] diff --git a/awstats/Makefile b/awstats/Makefile deleted file mode 100644 index 52b3117..0000000 --- a/awstats/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -IMAGE=docker.crute.me/awstats:latest - -all: - docker pull alpine:edge - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -publish: - docker push $(IMAGE) diff --git a/awstats/build.sh b/awstats/build.sh deleted file mode 100755 index 816ae3b..0000000 --- a/awstats/build.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -set -euo pipefail - -# Validate environment variables -[ -z "$SITE_DOMAIN" ] && { echo "SITE_DOMAIN env variable required"; exit 1; } -[ -z "$SITE_ALIASES" ] && { echo "SITE_DOMAIN env variable required"; exit 1; } -[ -z "$GEOIP_LICENSE_KEY" ] && { echo "GEOIP_LICENSE_KEY env variable required"; exit 1; } - -# Create the config template -cat > /etc/awstats/awstats.${SITE_DOMAIN}.conf <> /etc/apk/repositories; \ - apk add --no-cache bird; - -ADD entrypoint.sh / -ADD bird_common.conf /etc - -ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/bird/Makefile b/bird/Makefile deleted file mode 100644 index e96c7b7..0000000 --- a/bird/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -IMAGE=docker.crute.me/bird:latest - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -d --net=host \ - --cap-add=NET_ADMIN \ - --name=bird \ - -v $PWD/bird:/srv/bird \ - $(IMAGE) - -publish: - docker push $(IMAGE) diff --git a/bird/bird_common.conf b/bird/bird_common.conf deleted file mode 100644 index 2f7f9ac..0000000 --- a/bird/bird_common.conf +++ /dev/null @@ -1,90 +0,0 @@ -protocol device { -}; - -function is_self_net() { - return net ~ OWNNETS; -}; - -function is_valid_network() { - return net ~ [ - 172.16.0.0/12+, - 192.168.0.0/16+, - 10.0.0.0/8+, - 100.64.0.0/10+, - 2000::/3+, - fd00::/8+ - ]; -}; - -protocol kernel { - ipv4 { - import none; - export filter { - if source = RTS_STATIC && proto != "vpnras_v4" && proto != "hack_v4" then reject; - krt_prefsrc = OWNIP4; - accept; - }; - }; -}; - -protocol kernel { - ipv6 { - import none; - export filter { - if source = RTS_STATIC && proto != "vpnras_v6" && proto != "hack_v6" then reject; - krt_prefsrc = OWNIP6; - accept; - }; - }; -}; - -template bgp v4peers { - local as OWNAS; - - ipv4 { - # this lines allows debugging filter rules - # filtered routes can be looked up in birdc using the "show route filtered" command - import keep filtered; - import filter { - # accept every subnet, except our own advertised subnet - # filtering is important, because some guys try to advertise routes like 0.0.0.0 - if is_valid_network() && !is_self_net() then { - accept; - } - reject; - }; - export filter { - if is_valid_network() then { - accept; - } - reject; - }; - import limit 1000 action block; - }; -}; - -template bgp v6peers { - local as OWNAS; - - ipv6 { - # this lines allows debugging filter rules - # filtered routes can be looked up in birdc using the "show route filtered" command - import keep filtered; - import filter { - # accept every subnet, except our own advertised subnet - # filtering is important, because some guys try to advertise routes like 0.0.0.0 - if is_valid_network() && !is_self_net() then { - accept; - } - reject; - }; - export filter { - if is_valid_network() then { - accept; - } - reject; - }; - import limit 1000 action block; - }; -}; - diff --git a/bird/entrypoint.sh b/bird/entrypoint.sh deleted file mode 100755 index 54aab0d..0000000 --- a/bird/entrypoint.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -PROFILE="$1" - -if [ -z "$PROFILE" ]; then - echo "Profile must be specified on the command line" - exit 1 -fi - -if [ ! -e "/srv/bird/${PROFILE}.conf" ]; then - echo "Profile '$PROFILE' does not exist" - exit 1 -fi - -exec /usr/sbin/bird -d -f -c /srv/bird/${PROFILE}.conf diff --git a/bitbucket/Dockerfile b/bitbucket/Dockerfile deleted file mode 100644 index 99d4ad8..0000000 --- a/bitbucket/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:16.04 -MAINTAINER Michael Crute - -ARG version=4.13.0 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y curl git openjdk-8-jdk && \ - useradd -r -M -d /srv/wiki -s /bin/nologin bitbucket && \ - curl -o /tmp/bitbucket.tar.gz \ - https://downloads.atlassian.com/software/stash/downloads/atlassian-bitbucket-${version}.tar.gz && \ - mkdir -p /opt/bitbucket && \ - tar -xvzf /tmp/bitbucket.tar.gz -C /opt/bitbucket --strip-components 1 && \ - chown -R bitbucket /opt/bitbucket - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -RUN sed -i 's/^JVM_MAXIMUM_MEMORY="768m"/JVM_MAXIMUM_MEMORY="512m"/' /opt/bitbucket/bin/setenv.sh -ADD entrypoint.sh / -ADD su-exec /usr/bin/ -ENV BITBUCKET_HOME /srv/bitbucket/data -ENV ES_HEAP_SIZE 512m -VOLUME "/srv/bitbucket" -ENTRYPOINT [ "/entrypoint.sh" ] -#CMD ["/opt/bitbucket/bin/start-bitbucket.sh", "-fg"] -CMD ["/opt/bitbucket/bin/start-webapp.sh", "-fg"] diff --git a/bitbucket/Makefile b/bitbucket/Makefile deleted file mode 100644 index 10ab4df..0000000 --- a/bitbucket/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -all: - docker build -t bitbucket . - -all-no-cache: - docker build --no-cache -t bitbucket . - -run: - docker run -d \ - -p 7990:7990 \ - -p 7999:7999 \ - -v /srv/bitbucket:/srv/bitbucket \ - bitbucket diff --git a/bitbucket/entrypoint.sh b/bitbucket/entrypoint.sh deleted file mode 100755 index bc3828f..0000000 --- a/bitbucket/entrypoint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -export PATH="/usr/bin:$PATH" - -if [ ! -d /srv/bitbucket/data ]; then - mkdir /srv/bitbucket/data - chown bitbucket /srv/bitbucket/data -fi - -umask 0027 -su-exec bitbucket "$@" diff --git a/bitbucket/su-exec b/bitbucket/su-exec deleted file mode 100755 index 940f452..0000000 Binary files a/bitbucket/su-exec and /dev/null differ diff --git a/bugzilla/Dockerfile b/bugzilla/Dockerfile deleted file mode 100644 index 8ebf911..0000000 --- a/bugzilla/Dockerfile +++ /dev/null @@ -1,144 +0,0 @@ -FROM ubuntu:16.04 -MAINTAINER Michael Crute -ARG bz_version - -ADD binaries/ /tmp/ -ADD patches/ /tmp/ - -RUN export DEBIAN_FRONTEND=noninteractive && \ - echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' > /etc/apt/apt.conf && \ - apt-get update && \ - -# Perl needs the UTF-8 locale - apt-get install -y locales && \ - locale-gen en_US.UTF-8 && \ - -# Install system dependencies - apt-get install -y \ - cron \ - nginx \ - patch \ - python-boto3 \ - runit \ - sudo \ - syslog-ng \ - && \ - -# Install Bugzilla dependencies - apt-get install -y \ - graphviz \ - libappconfig-perl \ - libauthen-radius-perl \ - libauthen-sasl-perl \ - libcache-memcached-fast-perl \ - libcgi-pm-perl \ - libchart-perl \ - libdaemon-generic-perl \ - libdate-calc-perl \ - libdatetime-perl \ - libdatetime-timezone-perl \ - libdbd-mysql-perl \ - libdbd-sqlite3-perl \ - libdbi-perl \ - libemail-mime-perl \ - libemail-reply-perl \ - libemail-sender-perl \ - libencode-detect-perl \ - libfile-copy-recursive-perl \ - libfile-mimeinfo-perl \ - libfile-slurp-perl \ - libfile-which-perl \ - libgd-graph-perl \ - libhtml-formattext-withlinks-perl \ - libhtml-scrubber-perl \ - libjson-rpc-perl \ - libmath-random-isaac-perl \ - libmath-random-isaac-xs-perl \ - libmime-tools-perl \ - libmodule-build-perl \ - libmoox-strictconstructor-perl \ - libnet-ldap-perl \ - libplack-perl \ - libsoap-lite-perl \ - libtemplate-perl \ - libtemplate-plugin-gd-perl \ - libtest-taint-perl \ - libtext-multimarkdown-perl \ - libtheschwartz-perl \ - liburi-db-perl \ - libxml-perl \ - libxml-twig-perl \ - perlmagick \ - python-sphinx \ - rst2pdf \ - && \ - - dpkg -i /tmp/libpatchreader-perl_0.9.6-1_all.deb && \ - dpkg -i /tmp/libtheschwartz-perl_1.12-1_all.deb && \ - -# Setup users and groups - groupadd -g 901 bugzilla && \ - usermod -a -G bugzilla www-data && \ - useradd -d /var/www/html/bugzilla -M -N -g bugzilla -G www-data -s /bin/bash -u 901 bugzilla && \ - -# Setup bugzilla app - curl -L -o "/tmp/release-${bz_version}.tar.gz" "https://github.com/bugzilla/bugzilla/archive/release-${bz_version}.tar.gz" && \ - mkdir -p /var/www/html && \ - tar -C /var/www/html/ -xvzf /tmp/release-${bz_version}.tar.gz && \ - ln -s /var/www/html/bugzilla-release-${bz_version} /var/www/html/bugzilla && \ - tar -C /var/www/html/bugzilla/skins/contrib/ -xvzf /tmp/Bright-Skin.tar.gz && \ - rm /etc/nginx/sites-enabled/default && \ - ln -s /etc/nginx/sites-available/bugzilla /etc/nginx/sites-enabled/bugzilla && \ - -# Run the initial setup -# -# The bugzilla user must have permissions to modify files in the release -# directory because checksetup.pl will change permissions so that the files are -# owned by that user. Without those permission changes running plack will fail -# with permission errors. Additionally, all checksetup.pl invocations must -# happen as the bugzilla user for permissions to be properly updated. - - chown -R bugzilla /var/www/html/bugzilla-release-${bz_version} && \ - - # First time creates the config file - cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \ - - # Second time does the real setup - cd /var/www/html/bugzilla && sudo -u bugzilla ./checksetup.pl /tmp/answers.pl && \ - -# Allow admin overrides - mkdir /srv/bugzilla && \ - - mv /var/www/html/bugzilla/localconfig /srv/bugzilla/localconfig && \ - ln -s /srv/bugzilla/localconfig /var/www/html/bugzilla/localconfig && \ - - mv /var/www/html/bugzilla/data/db /srv/bugzilla/ && \ - ln -s /srv/bugzilla/db /var/www/html/bugzilla/data/ && \ - - mv /var/www/html/bugzilla/data/attachments /srv/bugzilla/ && \ - ln -s /srv/bugzilla/attachments /var/www/html/bugzilla/data/ && \ - - mv /var/www/html/bugzilla/data/mining /srv/bugzilla/ && \ - ln -s /srv/bugzilla/mining /var/www/html/bugzilla/data/ && \ - - cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/ && \ - -# Enable voting extension - rm /var/www/html/bugzilla/extensions/Voting/disabled && \ - -# Patch the code - # Update the email_in script to lookup by email instead of assuming that - # usernames are the same as email addresses. - cd / && patch -p1 < /tmp/email_in.pl.patch && \ - -# Clean up - rm /etc/apt/apt.conf && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -ADD usr/ /usr/ -ADD etc/ /etc/ - -STOPSIGNAL SIGHUP -CMD [ "/usr/bin/dumb-init", "/usr/bin/runsvdir", "/etc/service" ] diff --git a/bugzilla/Makefile b/bugzilla/Makefile deleted file mode 100644 index f11a22d..0000000 --- a/bugzilla/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -IMAGE=bugzilla:latest -VERSION=5.1.1 -REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com - -all: - docker build --build-arg=bz_version=$(VERSION) -t $(IMAGE) . - -all-no-cache: - docker build --no-cache --build-arg=bz_version=$(VERSION) -t $(IMAGE) . - -run: - docker run -d \ - -p 9000:80 \ - -v /srv/bugzilla:/srv/bugzilla \ - $(IMAGE) - -publish: - eval $$(aws ecr get-login --region us-west-2) - docker tag $(IMAGE) $(REPO)/$(IMAGE) - docker push $(REPO)/$(IMAGE) diff --git a/bugzilla/binaries/Bright-Skin.tar.gz b/bugzilla/binaries/Bright-Skin.tar.gz deleted file mode 100644 index 3629fdf..0000000 Binary files a/bugzilla/binaries/Bright-Skin.tar.gz and /dev/null differ diff --git a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb b/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb deleted file mode 100644 index d6ea10c..0000000 Binary files a/bugzilla/binaries/libpatchreader-perl_0.9.6-1_all.deb and /dev/null differ diff --git a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb b/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb deleted file mode 100644 index b28a307..0000000 Binary files a/bugzilla/binaries/libtheschwartz-perl_1.12-1_all.deb and /dev/null differ diff --git a/bugzilla/etc/cron.d/bugzilla b/bugzilla/etc/cron.d/bugzilla deleted file mode 100644 index 8853366..0000000 --- a/bugzilla/etc/cron.d/bugzilla +++ /dev/null @@ -1,3 +0,0 @@ -5 0 * * * bugzilla cd /var/www/html/bugzilla && ./collectstats.pl -*/15 * * * * bugzilla cd /var/www/html/bugzilla && ./whine.pl -0 * * * * bugzilla cd /var/www/html/bugzilla && ./whineatnews.pl diff --git a/bugzilla/etc/nginx/sites-available/bugzilla b/bugzilla/etc/nginx/sites-available/bugzilla deleted file mode 100644 index d10798f..0000000 --- a/bugzilla/etc/nginx/sites-available/bugzilla +++ /dev/null @@ -1,41 +0,0 @@ -server { - root /var/www/html/bugzilla; - - autoindex off; - index index.cgi; - - location /attachments { return 403; } - location /Bugzilla { return 403; } - location /lib { return 403; } - location /template { return 403; } - location /contrib { return 403; } - location /t { return 403; } - location /xt { return 403; } - location /data { return 403; } - location /graphs { return 403; } - location ~ (\.pm|\.pl|\.psgi|\.tmpl|localconfig.*|cpanfile)$ { return 403; } - - location ~ ^/data/webdot/[^/]*\.png$ { } - location ~ ^/graphs/[^/]*\.(png|gif) { } - - location /rest { - rewrite ^/rest/(.*)$ rest.cgi?$1 last; - } - - location ~ \.(css|js)$ { - expires 1y; - add_header Cache-Control public; - } - - location ~ \.cgi$ { - include fastcgi_params; - fastcgi_param SERVER_NAME 'bugs.crute.me'; - fastcgi_param SCRIPT_NAME ''; - fastcgi_param PATH_INFO $uri; - fastcgi_param BZ_CACHE_CONTROL 1; - fastcgi_pass localhost:9090; - } - - gzip on; - gzip_types text/xml application/rdf+xml; -} diff --git a/bugzilla/etc/service/bugzilla/log/run b/bugzilla/etc/service/bugzilla/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/bugzilla/log/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -cat - diff --git a/bugzilla/etc/service/bugzilla/run b/bugzilla/etc/service/bugzilla/run deleted file mode 100755 index acf5287..0000000 --- a/bugzilla/etc/service/bugzilla/run +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -trap "cp /var/www/html/bugzilla/data/params.json /srv/bugzilla/params.json" EXIT - -cp /srv/bugzilla/params.json /var/www/html/bugzilla/data/params.json - -cd /var/www/html/bugzilla - -/usr/bin/su-exec bugzilla:bugzilla \ - /usr/bin/plackup -s FCGI --listen :9090 /var/www/html/bugzilla/app.psgi diff --git a/bugzilla/etc/service/cron/log/run b/bugzilla/etc/service/cron/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/cron/log/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -cat - diff --git a/bugzilla/etc/service/cron/run b/bugzilla/etc/service/cron/run deleted file mode 100755 index dd49bb6..0000000 --- a/bugzilla/etc/service/cron/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -/usr/sbin/cron -f -n diff --git a/bugzilla/etc/service/nginx/log/run b/bugzilla/etc/service/nginx/log/run deleted file mode 100755 index c37e560..0000000 --- a/bugzilla/etc/service/nginx/log/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -cat - diff --git a/bugzilla/etc/service/nginx/run b/bugzilla/etc/service/nginx/run deleted file mode 100755 index 0a99b49..0000000 --- a/bugzilla/etc/service/nginx/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -/usr/sbin/nginx -g 'daemon off; master_process on;' diff --git a/bugzilla/etc/service/syslog-ng/run b/bugzilla/etc/service/syslog-ng/run deleted file mode 100755 index c2b1cd1..0000000 --- a/bugzilla/etc/service/syslog-ng/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -/usr/sbin/syslog-ng -F --no-caps diff --git a/bugzilla/etc/syslog-ng/syslog-ng.conf b/bugzilla/etc/syslog-ng/syslog-ng.conf deleted file mode 100644 index 989fd46..0000000 --- a/bugzilla/etc/syslog-ng/syslog-ng.conf +++ /dev/null @@ -1,6 +0,0 @@ -@version: 3.5 - -options { flush-lines(0); use-dns(no); stats-freq(0); }; -source s_src { unix-dgram("/dev/log" so-rcvbuf(8192)); internal(); }; -destination d_stdout { pipe("/dev/stdout"); }; -log { source(s_src); destination(d_stdout); }; diff --git a/bugzilla/patches/answers.pl b/bugzilla/patches/answers.pl deleted file mode 100644 index 90b06af..0000000 --- a/bugzilla/patches/answers.pl +++ /dev/null @@ -1,6 +0,0 @@ -%answer = ( - 'ADMIN_LOGIN' => 'admin', - 'ADMIN_EMAIL' => 'admin@example.com', - 'ADMIN_PASSWORD' => 'password', - 'ADMIN_REALNAME' => 'Example Admin', -); diff --git a/bugzilla/patches/email_in.pl.patch b/bugzilla/patches/email_in.pl.patch deleted file mode 100644 index e2e5ba0..0000000 --- a/bugzilla/patches/email_in.pl.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/var/www/html/bugzilla-release-5.1.1//email_in.pl 2016-05-16 18:48:27.000000000 +0000 -+++ b/var/www/html/bugzilla-release-5.1.1//email_in.pl 2017-05-17 03:53:38.978805718 +0000 -@@ -509,7 +509,7 @@ - - my $username = $mail_fields->{'reporter'}; - --my $user = Bugzilla::User->check($username); -+my $user = new Bugzilla::User(Bugzilla::User::email_to_id($username, 1)); - Bugzilla->set_user($user); - - my ($bug, $comment); diff --git a/bugzilla/sbin/sendmail b/bugzilla/sbin/sendmail deleted file mode 100755 index db5abbd..0000000 --- a/bugzilla/sbin/sendmail +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/python - -import os -import re -import sys -import email -import boto3 -import socket -import argparse -from botocore.exceptions import NoRegionError - -# These are all the sendmail options we don't support but have to accept so we -# can ignore them without messing up the command line. -# -# Format is (argument, takes parameters) -IGNORED = ( - ("-4", False), ("-6", False), ("-au", True), ("-ap", True), - ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False), - ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False), - ("-bv", False), ("-bz", False), ("-C", True), ("-d", True), - ("-E", False), ("-h", True), ("-m", False), ("-M", True), - ("-N", True), ("-n", False), ("-oA", True), ("-oc", False), - ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True), - ("-of", False), ("-og", True), ("-oH", True), ("-oi", False), - ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True), - ("-or", True), ("-oS", True), ("-os", False), ("-oT", True), - ("-ot", False), ("-ou", True), ("-q", True), ("-R", True), - ("-v", False), ("-F", True), ("-t", True), -) - -# A rough approximation of an email address but should be good enough to pick -# emails out of a command line -SORTA_EMAIL = re.compile("\S+@\S+\.\S+") - -if os.path.exists("/etc/mailname"): - with open("/etc/mailname", "r") as fp: - MAIL_DOMAIN = fp.read().strip() -else: - MAIL_DOMAIN = socket.getfqdn() - -# Configuration comes from the environment or metadata service -try: - client = boto3.client("ses") -except NoRegionError: - boto3.setup_default_session(region_name="us-west-2") - client = boto3.client("ses") - - - -def parse_args(): - parser = argparse.ArgumentParser(add_help=False) - parser.add_argument("-V", action="store_true", dest="display_version") - parser.add_argument("-f", nargs=1, dest="sender_addr") - parser.add_argument("-r", nargs=1, dest="sender_addr") - - for arg, nargs in IGNORED: - parser.add_argument(arg, nargs="?" if nargs else None) - - opts, args = parser.parse_known_args() - addresses = [a for a in args if SORTA_EMAIL.match(a)] - - return opts, addresses - - -def main(): - opts, addresses = parse_args() - - if opts.display_version: - print("SES raw mail sender (definitely not sendmail)") - sys.exit(0) - - try: - sender = opts.sender_addr[0] - except (IndexError, TypeError): - sender = None - - msg = email.message_from_string(sys.stdin.read().encode("us-ascii")) - - # Fix up cron emails - if 'Cron Daemon' in msg.get("From"): - msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN)) - - ses_args = {"RawMessage": {"Data": msg.as_string()}} - - if sender and not SORTA_EMAIL.match(sender): - raise Exception("Sender email does not look like an email") - - if sender: - ses_args["Source"] = sender - - if addresses: - ses_args["Destinations"] = addresses - - client.send_raw_email(**ses_args) - - -if __name__ == "__main__": - try: - main() - sys.exit(0) - except Exception as e: - print("Error during sending:") - print(e) - sys.exit(1) diff --git a/bugzilla/usr/bin/bugzilla_fetch.py b/bugzilla/usr/bin/bugzilla_fetch.py deleted file mode 100755 index b4a9805..0000000 --- a/bugzilla/usr/bin/bugzilla_fetch.py +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env python - -import boto3 -import subprocess - - -client = boto3.client("s3") -bucket = "mcrute-bugs-emails" -email_bin = "/var/www/html/bugzilla/email_in.pl" -items = client.list_objects_v2(Bucket=bucket) - - -for item in items["Contents"]: - key = item["Key"] - - if key == "AMAZON_SES_SETUP_NOTIFICATION": - continue - - body = client.get_object(Bucket=bucket, Key=key)["Body"] - - cmd = subprocess.Popen([email_bin], stdin=subprocess.PIPE) - cmd.communicate(body.read()) - - client.delete_object(Bucket=bucket, Key=key) diff --git a/bugzilla/usr/bin/dumb-init b/bugzilla/usr/bin/dumb-init deleted file mode 100755 index 4a41698..0000000 Binary files a/bugzilla/usr/bin/dumb-init and /dev/null differ diff --git a/bugzilla/usr/bin/su-exec b/bugzilla/usr/bin/su-exec deleted file mode 100755 index 940f452..0000000 Binary files a/bugzilla/usr/bin/su-exec and /dev/null differ diff --git a/bugzilla/usr/sbin/sendmail b/bugzilla/usr/sbin/sendmail deleted file mode 100755 index 69e5816..0000000 --- a/bugzilla/usr/sbin/sendmail +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/python - -import os -import re -import sys -import email -import boto3 -import socket -import argparse -from botocore.exceptions import NoRegionError - -# These are all the sendmail options we don't support but have to accept so we -# can ignore them without messing up the command line. -# -# Format is (argument, takes parameters) -IGNORED = ( - ("-4", False), ("-6", False), ("-au", True), ("-ap", True), - ("-am", True), ("-ba", False), ("-bd", False), ("-bi", False), - ("-bm", False), ("-bp", False), ("-bs", False), ("-bt", False), - ("-bv", False), ("-bz", False), ("-C", True), ("-d", True), - ("-E", False), ("-h", True), ("-m", False), ("-M", True), - ("-N", True), ("-n", False), ("-oA", True), ("-oc", False), - ("-od", True), ("-oD", False), ("-oe", False), ("-oF", True), - ("-of", False), ("-og", True), ("-oH", True), ("-oi", False), - ("-oL", True), ("-om", False), ("-oo", False), ("-oQ", True), - ("-or", True), ("-oS", True), ("-os", False), ("-oT", True), - ("-ot", False), ("-ou", True), ("-q", True), ("-R", True), - ("-v", False), ("-F", True), ("-t", True), -) - -# A rough approximation of an email address but should be good enough to pick -# emails out of a command line -SORTA_EMAIL = re.compile("\S+@\S+\.\S+") - -if os.path.exists("/etc/mailname"): - with open("/etc/mailname", "r") as fp: - MAIL_DOMAIN = fp.read().strip() -else: - MAIL_DOMAIN = socket.getfqdn() - -# Configuration comes from the environment or metadata service -try: - client = boto3.client("ses") -except NoRegionError: - # TODO: Handle this better - boto3.setup_default_session( - aws_access_key_id="AKIAJSJZAZDLGRZVT6ZQ", - aws_secret_access_key="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", - region_name="us-west-2") - client = boto3.client("ses") - - - -def parse_args(): - parser = argparse.ArgumentParser(add_help=False) - parser.add_argument("-V", action="store_true", dest="display_version") - parser.add_argument("-f", nargs=1, dest="sender_addr") - parser.add_argument("-r", nargs=1, dest="sender_addr") - - for arg, nargs in IGNORED: - parser.add_argument(arg, nargs="?" if nargs else None) - - opts, args = parser.parse_known_args() - addresses = [a for a in args if SORTA_EMAIL.match(a)] - - return opts, addresses - - -def main(): - opts, addresses = parse_args() - - if opts.display_version: - print("SES raw mail sender (definitely not sendmail)") - sys.exit(0) - - try: - sender = opts.sender_addr[0] - except (IndexError, TypeError): - sender = None - - msg = email.message_from_string(sys.stdin.read().encode("us-ascii")) - - # Fix up cron emails - if 'Cron Daemon' in msg.get("From"): - msg.replace_header("From", "cron-no-reply@{}".format(MAIL_DOMAIN)) - - ses_args = {"RawMessage": {"Data": msg.as_string()}} - - if sender and not SORTA_EMAIL.match(sender): - raise Exception("Sender email does not look like an email") - - if sender: - ses_args["Source"] = sender - - if addresses: - ses_args["Destinations"] = addresses - - client.send_raw_email(**ses_args) - - -if __name__ == "__main__": - try: - main() - sys.exit(0) - except Exception as e: - print("Error during sending:") - print(e) - sys.exit(1) diff --git a/chrome/Dockerfile b/chrome/Dockerfile deleted file mode 100644 index ef07d5b..0000000 --- a/chrome/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:14.04 - -# TODO: Bridge kerberos credentials -# TODO: Add infosec CAs - -RUN \ - export DEBIAN_FRONTEND=noninteractive && \ - sed 's/main$/main universe/' -i /etc/apt/sources.list && \ - apt-get update && \ - apt-get install -y curl && \ - curl -s https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \ - sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' && \ - apt-get update && \ - apt-get install -y google-chrome-stable && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -RUN mkdir -p /home/crutem && \ - echo "crutem:x:1677955:1677955:Developer,,,:/home/crutem:/bin/bash" >> /etc/passwd && \ - echo "crutem:x:1677955:" >> /etc/group && \ - echo "crutem ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/crutem && \ - chmod 0440 /etc/sudoers.d/crutem && \ - chown crutem:crutem -R /home/crutem - -USER crutem -ENV HOME /home/crutem -WORKDIR /home/crutem -CMD /usr/bin/google-chrome diff --git a/chrome/run b/chrome/run deleted file mode 100755 index 2f8b96d..0000000 --- a/chrome/run +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -docker run -ti --rm --net=host \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - chrome diff --git a/datastudio/Dockerfile b/datastudio/Dockerfile deleted file mode 100644 index ca4b092..0000000 --- a/datastudio/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y apt-utils runit curl - -RUN \ - groupadd -g 1677955 crutem && \ - useradd -m -d /home/crutem -g crutem -u 1677955 crutem - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y openjdk-8-jdk && \ - cd /tmp && \ - curl -O http://www.aquafold.com/download/v17.0.0/linux/ads-linux-x64-17.0.10.tar.gz && \ - tar -xvzf ads-linux-x64-17.0.10.tar.gz && \ - mv datastudio /usr/local - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -USER crutem -ENV LANG C.UTF-8 -ENV HOME /home/crutem -WORKDIR /home/crutem - -CMD ["/usr/local/datastudio/datastudio-bundled.sh"] diff --git a/datastudio/run b/datastudio/run deleted file mode 100755 index ec07fb9..0000000 --- a/datastudio/run +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -if [ -z "$DISPLAY" ]; then - echo "\$DISPLAY is not set" - DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) - - if [ "${#DISPLAYS[@]}" = 0 ]; then - echo "No X11 ports available" - exit 1 - fi - - if [ "${#DISPLAYS[@]}" > 1 ]; then - echo "More than 1 X11 port available. Which one do you want?" - for i in "${DISPLAYS[@]}"; do - echo "export DISPLAY=\"$i\"" - done - exit 1 - else - export DISPLAY="${DISPLAYS[0]}" - fi -fi - -docker run -ti --rm --net=host \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - -v $HOME/share:$HOME/share \ - -v $HOME/.datastudio:$HOME/.datastudio \ - datastudio "$@" diff --git a/dropbox/Dockerfile b/dropbox/Dockerfile deleted file mode 100644 index 7e6ff2b..0000000 --- a/dropbox/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM frolvlad/alpine-glibc:latest -LABEL maintainer="Mike Crute " - -RUN set -eu -o pipefail; \ - apk --no-cache add dumb-init runit su-exec; \ - wget -O /tmp/dropbox.tar.gz https://www.dropbox.com/download?plat=lnx.x86_64; \ - mkdir -p /opt/dropbox; \ - tar -C /opt/dropbox/ --strip-components=1 -xf /tmp/dropbox.tar.gz; \ - rm -rf /tmp/*; - -ADD entrypoint.sh / -ADD dropbox-srv/ /opt/dropbox-srv - -ENTRYPOINT [ "/entrypoint.sh" ] - -# Dropbox is a persnickety process that will die without error for no obvious -# reason. Run it with runsv so that it will get restarted when it does die -# instead of killing the whole container.. -CMD [ "/sbin/runsv", "/opt/dropbox-srv" ] diff --git a/dropbox/Makefile b/dropbox/Makefile deleted file mode 100644 index 817e869..0000000 --- a/dropbox/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com -IMAGE=dropbox:latest-alpine - -all: - docker build \ - -t $(IMAGE) . - -all-no-cache: - docker build \ - --no-cache \ - -t $(IMAGE) . - -run: - docker run \ - -v /home/mcrute/Dropbox:/home/mcrute/Dropbox \ - $(IMAGE) - -publish: - eval $$(aws ecr get-login --region us-west-2) - docker tag $(IMAGE) $(REPO)/$(IMAGE) - docker push $(REPO)/$(IMAGE) diff --git a/dropbox/dropbox-srv/log/run b/dropbox/dropbox-srv/log/run deleted file mode 100755 index 6193824..0000000 --- a/dropbox/dropbox-srv/log/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -cat - diff --git a/dropbox/dropbox-srv/run b/dropbox/dropbox-srv/run deleted file mode 100755 index fd5ac2b..0000000 --- a/dropbox/dropbox-srv/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/opt/dropbox/dropboxd diff --git a/dropbox/entrypoint.sh b/dropbox/entrypoint.sh deleted file mode 100755 index 596cac6..0000000 --- a/dropbox/entrypoint.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -set -e - -DATA_DIR="/srv/dropbox/data" -CFG_DIR="/srv/dropbox/config" -USERNAME="dropbox" - -# Default UID/GID to owner of the data directory -USER_UID=${USER_UID:-$(stat -L -c "%u" $DATA_DIR)} -USER_GID=${USER_GID:-$(stat -L -c "%u" $DATA_DIR)} - -if [ "$USER_GID" = 0 -o "$USER_GID" = 0 ]; then - echo "User UID/GID could not be discovered, is $DATA_DIR mounted?" - exit 1 -fi - -# Create the user and group -addgroup -g ${USER_GID} -S ${USERNAME} -adduser -u ${USER_UID} -h /home/${USERNAME} -D -G ${USERNAME} ${USERNAME} - -ln -s /srv/dropbox/data /home/${USERNAME}/Dropbox -ln -s /srv/dropbox/config /home/${USERNAME}/.dropbox - -# Allow runsv to write its superisory files for the main process -mkdir /opt/dropbox-srv/supervise -chown dropbox:dropbox /opt/dropbox-srv/supervise - -# Allow runsv to write its superisory files for the log process -mkdir /opt/dropbox-srv/log/supervise -chown dropbox:dropbox /opt/dropbox-srv/log/supervise - -if [ "$@" == "/bin/sh" ]; then - exec "$@" -else - exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} "$@" -fi diff --git a/feh/Dockerfile b/feh/Dockerfile deleted file mode 100644 index f23483a..0000000 --- a/feh/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y apt-utils feh - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -ENTRYPOINT [ "/usr/bin/feh" ] diff --git a/feh/run b/feh/run deleted file mode 100755 index 1ecca1d..0000000 --- a/feh/run +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -docker run -ti --rm --net=host \ - -w `pwd` \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - -v `pwd`:`pwd`:ro \ - feh "$@" diff --git a/intellij-idea/Dockerfile b/intellij-idea/Dockerfile deleted file mode 100644 index 3da5b0d..0000000 --- a/intellij-idea/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -FROM ubuntu:16.04 - -ARG idea_version - -RUN export DEBIAN_FRONTEND=noninteractive && \ -# Get core requirements - apt-get update && \ - apt-get install -y apt-utils curl && \ - -# Setup user account - groupadd -g 1677955 crutem && \ - useradd -m -d /home/crutem -g crutem -u 1677955 crutem && \ - -# Install software - apt-get update && \ - apt-get install -y openjdk-8-jdk && \ - mkdir -p /usr/local/idea && \ - cd /tmp && \ - curl -LO https://download.jetbrains.com/idea/ideaIU-${idea_version}.tar.gz && \ - tar -C /usr/local/idea --strip-components=1 -xvzf ideaIU-${idea_version}.tar.gz && \ - -# Cleanup - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -USER crutem -ENV LANG C.UTF-8 -WORKDIR /home/crutem - -CMD ["/usr/local/idea/bin/idea.sh"] diff --git a/intellij-idea/Makefile b/intellij-idea/Makefile deleted file mode 100644 index 598366f..0000000 --- a/intellij-idea/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -IMAGE=intellij-idea:latest -VERSION=2017.1.4 -REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com - -all: - docker build --build-arg=idea_version=$(VERSION) -t $(IMAGE) . - -all-no-cache: - docker build --no-cache --build-arg=idea_version=$(VERSION) -t $(IMAGE) . - -run: - ./run - -publish: - eval $$(aws ecr get-login --region us-west-2) - docker tag $(IMAGE) $(REPO)/$(IMAGE) - docker push $(REPO)/$(IMAGE) diff --git a/intellij-idea/run b/intellij-idea/run deleted file mode 100755 index 9b8a576..0000000 --- a/intellij-idea/run +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -if [ -z "$DISPLAY" ]; then - echo "\$DISPLAY is not set" - DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) - - if [ "${#DISPLAYS[@]}" = 0 ]; then - echo "No X11 ports available" - exit 1 - fi - - if [ "${#DISPLAYS[@]}" > 1 ]; then - echo "More than 1 X11 port available. Which one do you want?" - for i in "${DISPLAYS[@]}"; do - echo "export DISPLAY=\"$i\"" - done - exit 1 - else - export DISPLAY="${DISPLAYS[0]}" - fi -fi - -docker run -ti --rm --net=host \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME:$HOME \ - intellij-idea "$@" diff --git a/irssi/Dockerfile b/irssi/Dockerfile deleted file mode 100644 index 3eb23fd..0000000 --- a/irssi/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y apt-utils runit - -RUN \ - groupadd -g 1677955 crutem && \ - useradd -m -d /home/crutem -g crutem -u 1677955 crutem - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get install -y irssi-plugin-xmpp bitlbee-libpurple pidgin-sipe - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -USER crutem -ENV LANG C.UTF-8 -ENV HOME /home/crutem -WORKDIR /home/crutem - -COPY entrypoint.sh /entrypoint.sh - -ENTRYPOINT [ "/entrypoint.sh" ] -CMD ["irssi"] diff --git a/irssi/Makefile b/irssi/Makefile deleted file mode 100644 index 9e654a8..0000000 --- a/irssi/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -all: - docker build -t irssi . - -all-no-cache: - docker build --no-cache -t irssi . diff --git a/irssi/entrypoint.sh b/irssi/entrypoint.sh deleted file mode 100755 index 0b7dce7..0000000 --- a/irssi/entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -/usr/sbin/bitlbee -P ~/.bitlbee/pid -d ~/.bitlbee/ -c ~/.bitlbee/bitlbee.conf & - -exec "$@" diff --git a/irssi/run b/irssi/run deleted file mode 100755 index 231b870..0000000 --- a/irssi/run +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -docker run -ti --rm \ - -e TERM \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/.irssi:$HOME/.irssi \ - -v $HOME/.bitlbee:$HOME/.bitlbee \ - -v $HOME/.exchange.pass:$HOME/.exchange.pass \ - irssi diff --git a/mariadb/Dockerfile b/mariadb/Dockerfile deleted file mode 100644 index 73b1d05..0000000 --- a/mariadb/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -# vim:set ft=dockerfile: -FROM alpine:latest - -RUN \ - addgroup -S mysql \ - && adduser -S -h /var/lib/mysql -H -D -G mysql mysql \ - && mkdir /docker-entrypoint-initdb.d \ - && apk --no-cache add \ - bash \ - mariadb \ - mariadb-client \ - pwgen \ - socat \ - su-exec \ - tzdata \ - # comment out any "user" entires in the MySQL config - # ("docker-entrypoint.sh" or "--user" will handle user switching) - && sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf \ - # increase innodb buffer pool size - && sed -i 's/^#innodb_buffer_pool_size = 16M/innodb_buffer_pool_size = 30M/' /etc/mysql/my.cnf \ - # purge and re-create /var/lib/mysql with appropriate ownership - && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /run/mysqld \ - && chown -R mysql:mysql /var/lib/mysql /run/mysqld \ - # ensure that /run/mysqld (used for socket and lock files) is writable - # regardless of the UID our mysqld instance ends up having at runtime - && chmod 777 /run/mysqld \ - # don't reverse lookup hostnames, they are usually another container - && sed -i 's/\[mysqld\]/[mysqld]\nskip-host-cache/' /etc/mysql/my.cnf - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] -CMD ["mysqld"] - diff --git a/mariadb/Makefile b/mariadb/Makefile deleted file mode 100644 index 1e5ecfb..0000000 --- a/mariadb/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -IMAGE=mariadb:latest-alpine -VERSION=5.1.1 -REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -d \ - -e MYSQL_RANDOM_ROOT_PASSWORD=yes \ - -e MYSQL_ROOT_HOST=% \ - -p 3306:3306 \ - -v /srv/mysql:/var/lib/mysql \ - $(IMAGE) - -publish: - eval $$(aws ecr get-login --region us-west-2) - docker tag $(IMAGE) $(REPO)/$(IMAGE) - docker push $(REPO)/$(IMAGE) diff --git a/mariadb/docker-entrypoint.sh b/mariadb/docker-entrypoint.sh deleted file mode 100755 index 8242a6f..0000000 --- a/mariadb/docker-entrypoint.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# From https://github.com/docker-library/mariadb/blob/1037a0b7ab09343e011826078fbdffb0bf465fc3/10.3/docker-entrypoint.sh -# Modified to use su-exec instead of gosu, otherwise unmodified -set -eo pipefail -shopt -s nullglob - -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - - $errors - EOM - exit 1 - fi -} - -# Fetch value from server config -# We use mysqld --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }' -} - -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" - mkdir -p "$DATADIR" - chown -R mysql:mysql "$DATADIR" - exec su-exec mysql "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" - # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi - - mkdir -p "$DATADIR" - - echo 'Initializing database' - mysql_install_db --datadir="$DATADIR" --rpm - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {60..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi - - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; - EOSQL - - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi - - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - - echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" - fi - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/mfi/Dockerfile b/mfi/Dockerfile deleted file mode 100644 index 35a160f..0000000 --- a/mfi/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM ubuntu:14.04 -MAINTAINER Michael Crute - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y curl software-properties-common - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get install -y sudo psmisc mongodb-server openjdk-7-jre-headless jsvc && \ - apt-add-repository -y "deb http://dl.ubnt.com/mfi/distros/deb/ubuntu ubuntu ubiquiti" && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 && \ - apt-get update && \ - apt-get install -y mfi - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -# Inform Port -EXPOSE 6080 -# HTTPS Web UI & API -EXPOSE 6443 - -VOLUME "/var/lib/mfi" -VOLUME "/var/log/mifi" - -CMD [ \ - "/usr/bin/jsvc", "-nodetach", \ - "-home", "/usr/lib/jvm/java-7-openjdk-amd64", \ - "-cp", "/usr/share/java/commons-daemon.jar:/usr/lib/mfi/lib/ace.jar", \ - "-pidfile", "/var/run/mfi/mfi.pid", \ - "-procname", "mfi", \ - "-outfile", "SYSLOG", \ - "-errfile", "SYSLOG", \ - "-Djava.awt.headless=true", \ - "-Xmx1024M", \ - "com.ubnt.ace.Launcher" \ -] diff --git a/mfi/Makefile b/mfi/Makefile deleted file mode 100644 index 8a91d23..0000000 --- a/mfi/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -all: - docker build -t mfi . - -run: - docker run -d --privileged \ - -p 6080:6080 \ - -p 6443:6443 \ - -v /srv/mfi:/var/lib/mfi \ - -v /var/log/docker/mfi:/var/log/mfi \ - mfi diff --git a/mosquitto/Dockerfile b/mosquitto/Dockerfile deleted file mode 100644 index 3ed038b..0000000 --- a/mosquitto/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -RUN set -euxo pipefail; \ - apk add --no-cache \ - mosquitto \ - ; - -CMD [ "/usr/sbin/mosquitto", "-v" ] diff --git a/mosquitto/Makefile b/mosquitto/Makefile deleted file mode 100644 index 5f50baf..0000000 --- a/mosquitto/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -IMAGE=docker.crute.me/mosquitto:latest - -all: - docker pull alpine:edge - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -d --net=host \ - -p 53:53/tcp \ - -p 53:53/udp \ - -p 953:953 \ - -v /home/mcrute/tmp/bind/conf:/etc/bind \ - -v /home/mcrute/tmp/bind/cache:/var/cache/bind \ - $(IMAGE) - -publish: - docker push $(IMAGE) diff --git a/mutt/Dockerfile b/mutt/Dockerfile deleted file mode 100644 index 214a770..0000000 --- a/mutt/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM alpine:edge - -RUN \ - echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories; \ - apk --no-cache add \ - su-exec \ - neomutt \ - elinks \ - vim \ - feh \ - perl-data-ical \ - perl-text-autoformat; - -ADD entrypoint.sh / -ENTRYPOINT [ "/entrypoint.sh" ] -CMD ["neomutt", "-F", "/home/mutt/.mutt/muttrc"] diff --git a/mutt/Makefile b/mutt/Makefile deleted file mode 100644 index 6b302f6..0000000 --- a/mutt/Makefile +++ /dev/null @@ -1,2 +0,0 @@ -all: - docker build -t docker.crute.me/mutt:latest . diff --git a/mutt/entrypoint.sh b/mutt/entrypoint.sh deleted file mode 100755 index 3196629..0000000 --- a/mutt/entrypoint.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -set -e - -export TERM=${TERM:-xterm-256color} -export BROWSER=${DOCKER_BROWSER:-elinks} -export EDITOR=${DOCKER_EDITOR:-vim} - -USERNAME="mutt" -DATA_DIR="/home/mutt/Mail" - -# Default UID/GID to owner of the data directory -PROG_UID=${PROG_UID:-$(stat -L -c "%u" $DATA_DIR)} -PROG_GID=${PROG_GID:-$(stat -L -c "%u" $DATA_DIR)} - -if [ "$PROG_GID" = 0 -o "$PROG_GID" = 0 ]; then - echo "Set PROG_UID and PROG_GID in environment" - exit 1 -else - echo "UID/GID: $PROG_UID $PROG_GID" -fi - -# Create the user and group -addgroup -g ${PROG_GID} -S ${USERNAME} -adduser -u ${PROG_UID} -S -h /home/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} - -# Allow running a shell in the container -/sbin/su-exec ${USERNAME} "$@" diff --git a/mutt/run b/mutt/run deleted file mode 100755 index 00b7085..0000000 --- a/mutt/run +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -X11_MANDATORY=0 - -if [ -z "$DISPLAY" ]; then - echo "\$DISPLAY is not set" - DISPLAYS=( $(netstat -lnt | awk '/127.0.0.1:60/ { split($4,a,":"); print "localhost:" substr(a[2],3) ".0" }') ) - - if [ "${#DISPLAYS[@]}" = 0 ]; then - echo "No X11 ports available" - if [ $X11_MANDATORY = 1 ]; then - exit 1 - fi - fi - - if [ "${#DISPLAYS[@]}" -gt 1 ]; then - echo "More than 1 X11 port available. Which one do you want?" - for i in "${DISPLAYS[@]}"; do - echo "export DISPLAY=\"$i\"" - done - exit 1 - else - export DISPLAY="${DISPLAYS[0]}" - fi -fi - -docker run -ti --rm --net=host \ - -e TERM \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/bin:$HOME/bin \ - -v $HOME/.vim:$HOME/.vim \ - -v $HOME/.vimrc:$HOME/.vimrc \ - -v $HOME/amazon-bin:$HOME/amazon-bin:ro \ - -v $HOME/.mutt:$HOME/.mutt \ - -v $HOME/share:$HOME/share \ - -v $HOME/.exchange.pass:$HOME/.exchange.pass \ - mutt diff --git a/newsboat/Dockerfile b/newsboat/Dockerfile deleted file mode 100644 index e15f4ef..0000000 --- a/newsboat/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -RUN \ - apk add --no-cache \ - curl \ - su-exec \ - newsboat \ - ; - -ADD entrypoint.sh / -ENTRYPOINT [ "/entrypoint.sh" ] -CMD [ "/usr/bin/newsboat" ] diff --git a/newsboat/Makefile b/newsboat/Makefile deleted file mode 100644 index b2f9907..0000000 --- a/newsboat/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -IMAGE=docker.crute.me/newsboat:latest - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -ti --detach-keys ctrl-@ $(IMAGE) - -publish: - docker push $(IMAGE) diff --git a/newsboat/entrypoint.sh b/newsboat/entrypoint.sh deleted file mode 100755 index 0e308cf..0000000 --- a/newsboat/entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -HOME_DIR="/home/newsboat/.newsboat" -URLS_FILE="${HOME_DIR}/urls" - -# No point starting if they don't have config, also we don't -# want to store the actual user data in the container so force -# a mount. -if [ ! -d $HOME_DIR ]; then - echo "Mount your newsboat config to /home/newsboat/.newsboat" - exit 1 -fi - -# Also force a urls file because this newsboat will just fail -# anyhow without it. -if [ ! -f $URLS_FILE ]; then - echo "Create a urls file in your newsboat config first" - exit 1 -fi - -# Allow users to specify the UID/GID in the environment but -# default these to the existing owner of the files in their -# mounted config, which should be sane. -UID=${UID:-$(stat -c "%u" $URLS_FILE)} -GID=${GID:-$(stat -c "%u" $URLS_FILE)} - -# Create the user and group -addgroup -g ${GID} -S newsboat -adduser -u ${UID} -S -h /home/newsboat -H -D -G newsboat newsboat - -/sbin/su-exec newsboat "$@" diff --git a/ping_tester/Dockerfile b/ping_tester/Dockerfile deleted file mode 100644 index 702b596..0000000 --- a/ping_tester/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM alpine:latest - -RUN set -euxo pipefail; \ - apk --no-cache add python3; \ - python3 -m pip install boto3; - -COPY ping_test.py /usr/bin/ - -ENTRYPOINT [ "/usr/bin/ping_test.py" ] diff --git a/ping_tester/Makefile b/ping_tester/Makefile deleted file mode 100644 index 8e15cbe..0000000 --- a/ping_tester/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -IMAGE=docker.crute.me/ping_tester:latest - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -publish: - docker push $(IMAGE) - diff --git a/ping_tester/ping_test.py b/ping_tester/ping_test.py deleted file mode 100755 index f6b7238..0000000 --- a/ping_tester/ping_test.py +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/env python3 - -import os -import re -import sys -import boto3 -import subprocess -from datetime import datetime - - -def main(sample_count=5): - try: - _, from_location, to_location, hostname = sys.argv - except ValueError: - print("usage: {} ".format( - os.path.basename(sys.argv[0]))) - sys.exit(1) - - client = boto3.client("cloudwatch") - now = datetime.now() - - patt = re.compile( - "round-trip min/avg/max = " - "(?P[0-9]+\.[0-9]+)/(?P[0-9]+\.[0-9]+)/" - "(?P[0-9]+\.[0-9]+) (?P.*)") - - out = subprocess.run( - ["ping", "-c", str(sample_count), hostname], - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - - # Prevent failing with an error if the ping fails - match = patt.search(out.stdout.decode("us-ascii")) - if not match: - return 1 - - val = match.groupdict() - - client.put_metric_data( - Namespace="VPNLatency", - MetricData=[ - { - "MetricName": "PingRTT", - "Dimensions": [ - { - "Name": "From Location", - "Value": from_location, - }, - { - "Name": "To Location", - "Value": to_location, - } - ], - "Timestamp": now, - "StatisticValues": { - "SampleCount": sample_count, - "Sum": float(val["avg"]) * sample_count, - "Minimum": float(val["min"]), - "Maximum": float(val["max"]), - }, - "Unit": "Milliseconds" - }, - { - "MetricName": "PingRTT", - "Dimensions": [ - { - "Name": "From Location", - "Value": from_location, - }, - ], - "Timestamp": now, - "StatisticValues": { - "SampleCount": sample_count, - "Sum": float(val["avg"]) * sample_count, - "Minimum": float(val["min"]), - "Maximum": float(val["max"]), - }, - "Unit": "Milliseconds" - }, - { - "MetricName": "PingRTT", - "Dimensions": [ - { - "Name": "To Location", - "Value": to_location, - } - ], - "Timestamp": now, - "StatisticValues": { - "SampleCount": sample_count, - "Sum": float(val["avg"]) * sample_count, - "Minimum": float(val["min"]), - "Maximum": float(val["max"]), - }, - "Unit": "Milliseconds" - }, - ] - ) - - return 0 - - -if __name__ == "__main__": - sys.exit(main()) diff --git a/psql/Dockerfile b/psql/Dockerfile deleted file mode 100644 index eee7712..0000000 --- a/psql/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \ - apt-get update && \ - apt-get install -y postgresql-client && \ -# Cleanup - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -ENTRYPOINT [ "/usr/bin/psql" ] diff --git a/psql/run b/psql/run deleted file mode 100755 index a14f7c6..0000000 --- a/psql/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -docker run -ti --rm --detach-keys=ctrl-@ \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/share:$HOME/share \ - -v $HOME/.psqlrc:$HOME/.psqlrc \ - psql "$@" diff --git a/s3cmd/Dockerfile b/s3cmd/Dockerfile deleted file mode 100644 index 7962dcb..0000000 --- a/s3cmd/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y apt-utils s3cmd ca-certificates - -RUN \ - groupadd -g 1677955 crutem && \ - useradd -m -d /home/crutem -g crutem -u 1677955 crutem - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -USER crutem -ENV LANG C.UTF-8 -ENV BROWSER elinks -ENV HOME /home/crutem -WORKDIR /home/crutem - -ENTRYPOINT ["/usr/bin/s3cmd"] diff --git a/s3cmd/run b/s3cmd/run deleted file mode 100755 index de2e9de..0000000 --- a/s3cmd/run +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -docker run -i --rm \ - -w `pwd` \ - -v `pwd`:`pwd` \ - -v /usr/share/zoneinfo/America/Los_Angeles:/etc/localtime:ro \ - -v $HOME/share:$HOME/share \ - -v $HOME/.s3cfg:$HOME/.s3cfg \ - s3cmd "$@" diff --git a/skopeo/Dockerfile b/skopeo/Dockerfile deleted file mode 100644 index 5a7b0a3..0000000 --- a/skopeo/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -RUN set -euxo pipefail; \ - apk add --no-cache \ - skopeo \ - ; - -ENTRYPOINT [ "/usr/bin/skopeo" ] diff --git a/skopeo/Makefile b/skopeo/Makefile deleted file mode 100644 index 28e15d5..0000000 --- a/skopeo/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -IMAGE=docker.crute.me/skopeo:latest - -all: - docker pull alpine:edge - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run -d --net=host \ - -p 53:53/tcp \ - -p 53:53/udp \ - -p 953:953 \ - -v /home/mcrute/tmp/bind/conf:/etc/bind \ - -v /home/mcrute/tmp/bind/cache:/var/cache/bind \ - $(IMAGE) - -publish: - docker push $(IMAGE) diff --git a/smokeping_prober/Dockerfile b/smokeping_prober/Dockerfile deleted file mode 100644 index 0e8fe47..0000000 --- a/smokeping_prober/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM golang:latest AS builder -LABEL maintainer="Mike Crute " - -RUN set -eux; \ - cd /tmp; \ - go version; \ - git clone https://github.com/SuperQ/smokeping_prober.git; \ - cd smokeping_prober; \ - CGO_ENABLED=0 go build -o smokeping_prober *.go - - -FROM alpine:latest -COPY --from=builder /tmp/smokeping_prober/smokeping_prober /smokeping_prober -ENTRYPOINT [ "/smokeping_prober" ] diff --git a/smokeping_prober/Makefile b/smokeping_prober/Makefile deleted file mode 100644 index 2f2de74..0000000 --- a/smokeping_prober/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -VERSION=0.3.0 -IMAGE=docker.crute.me/smokeping-prober:$(VERSION) -LATEST=$(subst :$(VERSION),,$(IMAGE)):latest - -all: - docker pull golang:latest - docker pull alpine:latest - docker build -t $(IMAGE) . - -all-no-cache: - docker build \ - --no-cache \ - -t $(IMAGE) . - -publish: - docker push $(IMAGE) - docker tag $(IMAGE) $(LATEST) - docker push $(LATEST) diff --git a/ssh-bastion/Dockerfile b/ssh-bastion/Dockerfile deleted file mode 100644 index 2539c7b..0000000 --- a/ssh-bastion/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -RUN \ - apk add --no-cache \ - openssh-server-pam \ - google-authenticator \ - && cp /etc/ssh/sshd_config /etc/ssh/sshd_config.alpine \ - && mkdir /var/run/sshd \ - && chmod 700 /var/run/sshd - -ADD etc/ /etc/ -ADD entrypoint.sh / - -ENTRYPOINT [ "/entrypoint.sh" ] -CMD [ "/usr/sbin/sshd", "-D", "-e" ] diff --git a/ssh-bastion/Makefile b/ssh-bastion/Makefile deleted file mode 100644 index b38c4f4..0000000 --- a/ssh-bastion/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -IMAGE=docker.crute.me/ssh-bastion:latest - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - docker run \ - -p 4321:4321 \ - -v /home/mcrute/tmp/ssh:/srv/ssh \ - $(IMAGE) - -publish: - docker push $(IMAGE) diff --git a/ssh-bastion/entrypoint.sh b/ssh-bastion/entrypoint.sh deleted file mode 100755 index f48a3c3..0000000 --- a/ssh-bastion/entrypoint.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -if [ ! -d /srv/ssh/hostkeys ]; then - echo "No host keys found... generating" - mkdir -p /srv/ssh/hostkeys - - ssh-keygen -f /srv/ssh/hostkeys/rsa_key -N '' -t rsa - ssh-keygen -f /srv/ssh/hostkeys/ed25519_key -N '' -t ed25519 - ssh-keygen -f /srv/ssh/hostkeys/ecdsa_key -N '' -t ecdsa - - rm *.pub -fi - -if [ ! -d /srv/ssh/users ]; then - echo "No users directory found... creating" - mkdir -p /srv/ssh/users -fi - -for path in /srv/ssh/users/*; do - user=$(basename $path) - if [ "$user" = "*" ]; then - break - fi - - if getent passwd $user 2>&1 >/dev/null; then - echo "User $user already exists" - continue - fi - - uid=$(cat /srv/ssh/users/$user/uid) - if [[ -z "$uid" ]]; then - echo "No UID for $user" - exit 1 - fi - - echo "Creating user ${user}(${uid})" - adduser -DH -s /sbin/nologin -u $uid $user -done - -exec "$@" diff --git a/ssh-bastion/etc/pam.d/sshd b/ssh-bastion/etc/pam.d/sshd deleted file mode 100644 index b0f90a4..0000000 --- a/ssh-bastion/etc/pam.d/sshd +++ /dev/null @@ -1,5 +0,0 @@ -account include base-account - -auth required pam_google_authenticator.so secret=/srv/ssh/users/${USER}/totp user=root no_strict_owner - -session required pam_unix.so diff --git a/ssh-bastion/etc/ssh/sshd_config b/ssh-bastion/etc/ssh/sshd_config deleted file mode 100644 index fbe71c6..0000000 --- a/ssh-bastion/etc/ssh/sshd_config +++ /dev/null @@ -1,101 +0,0 @@ -# vim:set ft=sshdconfig - -HostKey /srv/ssh/hostkeys/rsa_key -HostKey /srv/ssh/hostkeys/ed25519_key - -# By default SSH attempts to chdir to the logged-in user's home directory. The -# vast majority of users won't have a home directory on the machine, so -# suppress the warning with a chroot. -ChrootDirectory / - -# No users will have home directories and all configs are under control of the -# admin who mounts them from outside of this docker container so there is no -# need to check modes and in-fact enabling this will cause failures. -StrictModes no - -Protocol 2 - -# Bind a port above 1024 so we can run ssh as an unpriviledged user -Port 4321 - -SyslogFacility AUTH -LogLevel INFO -PidFile /var/run/sshd.pid - -PubkeyAuthentication yes -HostbasedAuthentication no -IgnoreRhosts yes -PasswordAuthentication no -PermitEmptyPasswords no -AuthorizedKeysFile /srv/ssh/users/%u/ssh - -UsePAM yes -PermitRootLogin no -ChallengeResponseAuthentication yes -AuthenticationMethods publickey,keyboard-interactive:pam - -# Limit the number of authentication attemps per connection. SSH will log -# failues once attempts reach half this number so this should also log all -# authentication failures as well. -PermitTTY no -MaxAuthTries 2 -ForceCommand /usr/bin/nologin - -# This turns off reverse lookups of the originating host which hang sshd on DNS -# timeouts when DNS is down. This also breaks "from=" lines in authorizd_keys -# files which must be converted to dotted quad ip addrs. -UseDNS no - -# By default SSH doesn't accept any environment variables from the client. But -# we use this specific variable to pass robot user authentication tokens into -# the system. -AcceptEnv LANG LC_* - -# Disconnect after this period of time if the user hasn't provided a correct -# password. -LoginGraceTime 120 - -# Disconnect dead sessions after 30 minutes of inactivity. The server will send -# a keepalive every minutes and tolerate up to 30 failures before terminating -# the session. -ClientAliveInterval 60 -ClientAliveCountMax 30 - -# Don't use TCP keepalives to prevent connections from dying when a temporary -# routing issue occurs. -TCPKeepAlive no - -# Allow up to 100 simultaneous unauthenticated connections. Any connections -# beyond that limit will be dropped. -MaxStartups 100 - -# The maxiumum number of sessions which can be served on one multi-plexing -# connection. ssh does not fail gracefully when this number is exceeded, so we -# keep it high. -MaxSessions 100 - -X11Forwarding no -PrintMotd no - -# Used hardened crypto algorithms -# -# Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html -# And also: https://access.redhat.com/discussions/3121481 -# And also: https://infosec.mozilla.org/guidelines/openssh -# Validated by: https://sshcheck.com/ -KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 -Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com -HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com -# These may be needed for older ssh clients but use SHA1 so are discouraged -#HostKeyAlgorithms ssh-rsa,ssh-rsa-cert-v01@openssh.com - -# Enable gateway ports for phone-home bastions so that administrators can -# connect back to the forwarded ports without needing ssh access to the bastion -# host itself. Also locks down what can be forwarded and to where. -Match user phonehome - GatewayPorts yes - AuthenticationMethods publickey - AllowTcpForwarding remote - PermitOpen none -Match all diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile deleted file mode 100644 index 630446b..0000000 --- a/strongswan/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM alpine:edge -LABEL maintainer="Mike Crute " - -RUN set -euxo pipefail; \ - apk add --no-cache \ - strongswan \ - ; \ - rm /etc/ipsec.conf; \ - echo ": RSA vpn.pem" > /etc/ipsec.secrets - -ADD crute-root.pem /etc/ipsec.d/cacerts/ -ADD vpn-g1.pem /etc/ipsec.d/cacerts/ -ADD entrypoint.sh / - -ENTRYPOINT [ "/entrypoint.sh" ] -CMD [ "/usr/sbin/ipsec", "start", "--nofork" ] diff --git a/strongswan/Makefile b/strongswan/Makefile deleted file mode 100644 index 7913802..0000000 --- a/strongswan/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -IMAGE=docker.crute.me/strongswan:latest - -all: - docker build -t $(IMAGE) . - -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -run: - @echo "Not configured" - @exit 1 - -publish: - docker push $(IMAGE) diff --git a/strongswan/entrypoint.sh b/strongswan/entrypoint.sh deleted file mode 100755 index 22dff19..0000000 --- a/strongswan/entrypoint.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -if [ ! -f "/config/vpn-cert.pem" ]; then - echo "Missing VPN server cert at '/config/vpn-cert.pem'" - exit 1 -fi -cp /config/vpn-cert.pem /etc/ipsec.d/certs/vpn.pem -chmod 444 /etc/ipsec.d/certs/vpn.pem - -if [ ! -f "/config/vpn-key.pem" ]; then - echo "Missing VPN server key at '/config/vpn-key.pem'" - exit 1 -fi -cp /config/vpn-key.pem /etc/ipsec.d/private/vpn.pem -chmod 400 /etc/ipsec.d/private/vpn.pem - -if [ ! -f "/config/ipsec.conf" ]; then - echo "Missing VPN server config at '/config/ipsec.conf'" - exit 1 -fi -cp /config/ipsec.conf /etc/ipsec.conf -chmod 444 /etc/ipsec.conf - -exec "$@" diff --git a/stund/Dockerfile b/stund/Dockerfile deleted file mode 100644 index 962ecb6..0000000 --- a/stund/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM alpine:latest -LABEL maintainer="Mike Crute " - -RUN set -euxo pipefail; \ - apk add --no-cache \ - dumb-init \ - su-exec \ - libnice; \ - adduser -SDH stun - -CMD [ \ - "/usr/bin/dumb-init", "-c", \ - "/sbin/su-exec", "stun", \ - "/usr/bin/stund", "-4" \ -] diff --git a/stund/Makefile b/stund/Makefile deleted file mode 100644 index a0fa40d..0000000 --- a/stund/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -VERSION=latest -IMAGE=docker.crute.me/stund - -all: - docker build -t $(IMAGE):$(VERSION) . - -all-no-cache: - docker build \ - --no-cache \ - -t $(IMAGE):$(VERSION) . - -run: - docker run -d \ - -p 3478:3478/udp \ - $(IMAGE):$(VERSION) - -publish: - docker push $(IMAGE):$(VERSION) - docker tag $(IMAGE):$(VERSION) $(IMAGE):latest - docker push $(IMAGE):latest diff --git a/unifi-video/Dockerfile b/unifi-video/Dockerfile deleted file mode 100644 index ae584b0..0000000 --- a/unifi-video/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -FROM frolvlad/alpine-java:jre8-slim -LABEL maintainer="Mike Crute " - -ARG dl_url - -ADD lsb_release /usr/bin -ADD log4j2.json /tmp - -RUN \ - # Validate required arguments were passed - test -z "${dl_url}" && { echo -e "\033[31mMissing build parameter 'dl_url'\033[39m"; exit 1; }; \ - \ - # Install build and run dependencies - apk add --no-cache --virtual .build-deps \ - binutils \ - ca-certificates \ - curl \ - && apk add --no-cache \ - dumb-init \ - libcap \ - mongodb \ - su-exec \ - \ - # Fetch the Unifi package - && cd /tmp \ - && curl -s -o unifi_video.deb "${dl_url}" \ - \ - # Unpack the debian package and "install" it - && ar x unifi_video.deb \ - && mkdir debian \ - && tar -C debian -xzf control.tar.gz \ - && tar -xzf data.tar.gz \ - && rm -rf usr/share usr/sbin \ - && mv usr/lib/unifi-video /usr/lib \ - \ - # Create directories and link everything together - && mkdir -p /var/lib/unifi-video /var/log/unifi-video /var/run/unifi-video \ - && ln -sf /usr/bin/mongod /usr/lib/unifi-video/bin/mongod \ - && ln -sf /var/lib/unifi-video /usr/lib/unifi-video/data \ - && ln -sf /var/log/unifi-video /usr/lib/unifi-video/logs \ - && ln -sf /var/run/unifi-video /usr/lib/unifi-video/run \ - \ - # Create Tomcat directories - && mkdir -p /usr/lib/unifi-video/conf/Catalina \ - && mkdir -p /usr/lib/unifi-video/work \ - \ - # Write out version file - && VERSIG=$(awk '/^VERSIG/ { split($1, a, "="); print a[2]; }' debian/postinst) \ - && echo "NVR.x86_64.${VERSIG}" > /etc/discovery.version \ - \ - # Install our customizations - && mv /tmp/log4j2.json /usr/lib/unifi-video \ - \ - # Cleanup - && apk del .build-deps \ - && rm -rf /tmp/* - -ADD entrypoint.sh / - -STOPSIGNAL SIGTERM -ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/unifi-video/Makefile b/unifi-video/Makefile deleted file mode 100644 index 1b8fde4..0000000 --- a/unifi-video/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -VERSION=3.10.13 -IMAGE=docker.crute.me/unifi-video -DL_URL="https://dl.ubnt.com/firmwares/ufv/v$(VERSION)/unifi-video.Ubuntu16.04_amd64.v$(VERSION).deb" - -all: - docker pull frolvlad/alpine-java:jre8-slim - docker build \ - --build-arg=dl_url=$(DL_URL) \ - -t $(IMAGE):$(VERSION) . - -all-no-cache: - docker build \ - --no-cache \ - --build-arg=dl_url=$(DL_URL) \ - -t $(IMAGE):$(VERSION) . - -run: - # 6666 - Inbound Camera Streams - # 7080 - HTTP Web UI - # 7442 - Camera Management - # 7443 - HTTPS Web UI - # 7445 - Video Over HTTP - # 7446 - Video Over HTTPS - # 7447 - RTSP via Controller - docker run \ - -p 6666:6666 \ - -p 7080:7080 \ - -p 7442:7442 \ - -p 7443:7443 \ - -p 7445:7445 \ - -p 7446:7446 \ - -p 7447:7447 \ - -v /home/mcrute/tmp/unifi-data:/var/lib/unifi-video \ - $(IMAGE):$(VERSION) - -publish: - docker push $(IMAGE):$(VERSION) - docker tag $(IMAGE):$(VERSION) $(IMAGE):latest - docker push $(IMAGE):latest diff --git a/unifi-video/entrypoint.sh b/unifi-video/entrypoint.sh deleted file mode 100755 index 7b1e7b1..0000000 --- a/unifi-video/entrypoint.sh +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/sh - -set -e - -USERNAME="unifi-video" -BASEDIR="/usr/lib/unifi-video" -DATA_DIR="${BASEDIR}/data" - -# Default UID/GID to owner of the data directory -UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)} -UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)} - -if [ "$UNIFI_UID" = 0 -o "$UNIFI_GID" = 0 ]; then - echo "Set UNIFI_UID and UNIFI_GID in environment" - exit 1 -else - echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID" -fi - -cd ${BASEDIR} - -# Create the user and group if they don't exist -if ! grep "^${USERNAME}:" /etc/group &>/dev/null; then - addgroup -g ${UNIFI_GID} -S ${USERNAME} -fi -if ! grep "^${USERNAME}:" /etc/passwd &>/dev/null; then - adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} -fi - -mkdir -p /var/log/mongodb/logs - -# Update permissions on the root directories -chown -R ${USERNAME}:${USERNAME} \ - /var/run/unifi-video \ - /var/log/unifi-video \ - /var/lib/unifi-video \ - /var/log/mongodb/logs - -chown -R ${USERNAME}:${USERNAME} \ - /usr/lib/unifi-video/conf/evostream \ - /usr/lib/unifi-video/webapps \ - /usr/lib/unifi-video/conf/Catalina \ - /usr/lib/unifi-video/work - -# But do not let the unifi user write the ROOT WAR -chown root:root /usr/lib/unifi-video/webapps/ROOT.war - -# Setup tmpfs if the user mounted it -TMPFS_ARG= -TMPFS_DIR="/var/cache/unifi-video" -if [ -d $TMPFS_DIR ]; then - TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}" - chown ${USERNAME} ${TMPFS_DIR} - chmod -R 0700 ${TMPFS_DIR} -fi - -# Do the base setup and migrate files -if [ ! -f "${DATA_DIR}/system.properties" ]; then - cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties" -fi - -if [ -f "${DATA_DIR}/truststore" ]; then - rm -f "${DATA_DIR}/truststore" -fi - -if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then - cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore" -fi - -chown -h ${USERNAME}:${USERNAME} \ - "${DATA_DIR}" \ - "${DATA_DIR}/system.properties" \ - "${DATA_DIR}/ufv-truststore" - -# Cleanup mongodb lock file if it exists otherwise the controller will freeze -# forever trying to start Mongo -[ -f data/db/mongod.lock ] && rm data/db/mongod.lock - -# Allow running a shell in the container -if [ ! -z "$@" ]; then - /sbin/su-exec ${USERNAME} "$@" -else - # Replace the current process with a scoped-down controller. The java app - # is designed to do its own job control but it has to run with an init - # system or it doesn't get the signals from docker. - exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/jre/bin/java \ - -cp ${BASEDIR}/lib/airvision.jar \ - -Dlog4j.configurationFile=${BASEDIR}/log4j2.json \ - ${TMPFS_ARG} \ - -Djava.library.path=${BASEDIR}/lib \ - -Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \ - -Djava.security.egd=file:/dev/urandom \ - -Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \ - -Djava.awt.headless=true \ - -Dfile.encoding=UTF-8 \ - com.ubnt.airvision.Main start -fi diff --git a/unifi-video/log4j2.json b/unifi-video/log4j2.json deleted file mode 100644 index 6e0270c..0000000 --- a/unifi-video/log4j2.json +++ /dev/null @@ -1,135 +0,0 @@ -{ - "configuration": { - "name": "Release", - - "properties": { - "property": { - "name": "fileAppenderLayout", - "value": "%d{UNIX}.%d{SSS} %d{yyyy-MM-dd HH:mm:ss.SSS/zzz}: %-6p %m in %t%n" - } - }, - - "appenders": { - "appender": [ - { - "type": "Console", - "name": "STDOUT", - "patternLayout": { "pattern": "${fileAppenderLayout}" }, - "thresholdFilter": { "level": "trace" } - } - ] - }, - - "loggers": { - "root": { - "level": "warn", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - "logger": [ - { "name": "uv", "level": "INFO" }, - { "name": "com.ubnt", "level": "off" }, - { "name": "org.apache.commons.httpclient", "level": "error" }, - { "name": "com.mongodb", "level": "error" }, - { "name": "javax.jmdns", "level": "fatal" }, - { "name": "net.schmizz", "level": "fatal" }, - { "name": "org.apache.catalina.startup.Catalina", "level": "error" }, - { "name": "org.apache.catalina.startup.DigesterFactory", "level": "error" }, - { "name": "org.apache.tomcat.util.digester.Digester", "level": "error" }, - { "name": "org.atmosphere.cpr.SessionSupport", "level": "error" }, - { - "name": "uv.service.recording", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.recording.sync", - "level": "debug", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.recording.segments", - "level": "debug", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.connection", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.purge", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.motion", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.stream", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.comm.ems", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.comm.camera", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.comm.sso", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.dbMigration", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.service.hls", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - }, - { - "name": "uv.login", - "level": "info", "additivity": "false", - "AppenderRef": [ - { "ref": "STDOUT" } - ] - } - ] - } - } -} diff --git a/unifi-video/lsb_release b/unifi-video/lsb_release deleted file mode 100755 index 2edb739..0000000 --- a/unifi-video/lsb_release +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# -# Stub called by the controller to do software update checks. Absence causes -# failure. Since we're running alpine but UBNT doesn't know what that is just -# lie and say we're Ubuntu -# - -cat < checksums.txt \ - && sha256sum -sc checksums.txt \ - \ - # Unpack the debian package and "install" it - && ar x unifi_sysvinit_all.deb \ - && tar -xJf data.tar.xz \ - && rm usr/lib/unifi/bin/unifi.init \ - && mv usr/lib/unifi /usr/lib \ - \ - # Create directories and link everything together - && mkdir -p /var/lib/unifi /var/log/unifi /var/run/unifi \ - && ln -sf /usr/bin/mongod /usr/lib/unifi/bin/mongod \ - && ln -sf /var/lib/unifi /usr/lib/unifi/data \ - && ln -sf /var/log/unifi /usr/lib/unifi/logs \ - && ln -sf /var/run/unifi /usr/lib/unifi/run \ - \ - # Install our customizations - && mv /tmp/log4j.properties /usr/lib/unifi \ - \ - # Cleanup - && apk del .build-deps \ - && rm -rf /tmp/* - -ADD unifi-setup.sh / -ADD simplevisor.json / -ADD simplevisor / - -STOPSIGNAL SIGTERM -ENTRYPOINT [ "/simplevisor" ] diff --git a/unifi/Makefile b/unifi/Makefile deleted file mode 100644 index 36f0327..0000000 --- a/unifi/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -VERSION=8.0.7 -VERSION_SUFFIX=-7a3d06144a -VERSION_TAG=$(VERSION)-0 -IMAGE=docker.crute.me/unifi:$(VERSION_TAG) -LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest - -DEB_VERSION="$(VERSION)$(VERSION_SUFFIX)" -CHECKSUM="4221d7a0f8ce66c58a4f71b70ba6f32e16310429d3fe8165bf0f47bbdb6401a6" - -all: - docker pull alpine:latest - docker build \ - --no-cache \ - --build-arg=deb_version=$(DEB_VERSION) \ - --build-arg=checksum=$(CHECKSUM) \ - -t $(IMAGE) . - -all-no-cache: - docker build \ - --no-cache \ - --build-arg=deb_version=$(DEB_VERSION) \ - --build-arg=checksum=$(CHECKSUM) \ - -t $(IMAGE) . - -run: - docker run -d \ - -e UNIFI_UID=1001 \ - -e UNIFI_GID=1001 \ - -p 8080:8080 \ - -p 8443:8443 \ - $(IMAGE) - -publish: - docker push $(IMAGE) - -publish-prod: - docker tag $(IMAGE) $(LATEST) - docker push $(LATEST) diff --git a/unifi/log4j.properties b/unifi/log4j.properties deleted file mode 100644 index 643c623..0000000 --- a/unifi/log4j.properties +++ /dev/null @@ -1,25 +0,0 @@ -log4j.rootLogger=INFO,server_log - -log4j.appender.server_log=org.apache.log4j.ConsoleAppender -log4j.appender.server_log.layout=org.apache.log4j.PatternLayout -log4j.appender.server_log.layout.ConversionPattern=[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n - -log4j.logger.java=INFO -log4j.logger.javax=INFO -log4j.logger.javax.jmdns=INFO -log4j.logger.sun=INFO -log4j.logger.org.apache=INFO -log4j.logger.httpclient.wire=INFO -log4j.logger.net.schmizz=INFO -log4j.logger.com.codahale=INFO -log4j.logger.org.apache.jasper=INFO -log4j.logger.org.apache.tomcat=INFO -log4j.logger.org.apache.commons=INFO -log4j.logger.org.apache.catalina=INFO - -log4j.logger.org.springframework=INFO -log4j.logger.de.javawi.jstun=INFO -log4j.logger.com.mongodb=INFO - -log4j.logger.com.ubnt=INFO -log4j.logger.com.ubiquiti=INFO diff --git a/unifi/simplevisor.json b/unifi/simplevisor.json deleted file mode 100644 index 566c872..0000000 --- a/unifi/simplevisor.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "env": { - "pass": [ - "PATH", - "HOSTNAME", - "SHLVL", - "HOME", - "PWD", - - "UNIFI_UID", - "UNIFI_GID", - - "MONGO_URL", - "MONGO_STATS_URL" - ], - "vault-replace": [ - "MONGO_USER", - "MONGO_PASSWORD" - ], - "vault-template": [ - "MONGO_URL", - "MONGO_STATS_URL" - ] - }, - "jobs": { - "init": [ - { - "cmd": ["/unifi-setup.sh"], - "run-as": "root" - } - ], - "main": [ - { - "cmd": [ - "/usr/lib/jvm/default-jvm/bin/java", - "-cp", "/usr/lib/unifi/lib/ace.jar", - "-Dlog4j.configuration=file:/usr/lib/unifi/log4j.properties", - "-Dlog4j2.formatMsgNoLookups=true", - "-Dunifi.datadir=/usr/lib/unifi/data", - "-Dunifi.logdir=/usr/lib/unifi/logs", - "-Dunifi.rundir=/usr/lib/unifi/run", - "-Xmx1024M", - "-Djava.awt.headless=true", - "-Dorg.xerial.snappy.use.systemlib=true", - "-Dfile.encoding=UTF-8", - "--add-opens=java.base/java.time=ALL-UNNAMED", - "com.ubnt.ace.Launcher", "start" - ], - "run-as": "unifi" - } - ] - } -} diff --git a/unifi/unifi-setup.sh b/unifi/unifi-setup.sh deleted file mode 100755 index 86153b5..0000000 --- a/unifi/unifi-setup.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh - -set -e - -USERNAME="unifi" -BASEDIR="/usr/lib/unifi" -DATA_DIR="${BASEDIR}/data" - -# Default UID/GID to owner of the data directory -UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)} -UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)} - -if [ "$UNIFI_GID" = 0 -o "$UNIFI_GID" = 0 ]; then - echo "Set UNIFI_UID and UNIFI_GID in environment" - exit 1 -else - echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID" -fi - -cd ${BASEDIR} - -# Create the user and group -if ! getent group ${USERNAME} > /dev/null 2>&1; then - addgroup -g ${UNIFI_GID} -S ${USERNAME} -fi -if ! getent passwd ${USERNAME} > /dev/null 2>&1; then - adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME} -fi - -# Update permissions on the root directories -chown -R ${USERNAME}:${USERNAME} \ - /var/lib/unifi \ - /var/log/unifi \ - /var/run/unifi \ - /usr/lib/unifi/dl - -ln -s /var/log/unifi /logs - -# Cleanup mongodb lock file if it exists otherwise the controller will freeze -# forever trying to start Mongo -[ -f data/db/mongod.lock ] && rm data/db/mongod.lock - -if [ -n "$MONGO_URL" ]; then - echo "Using external mongodb instance" - echo "db.mongo.local=false" >> /var/lib/unifi/system.properties - echo "db.mongo.uri=${MONGO_URL}" >> /var/lib/unifi/system.properties - echo "statdb.mongo.uri=${MONGO_STATS_URL}" >> /var/lib/unifi/system.properties - echo "unifi.db.name=${MONGO_DB_NAME:-ace}" >> /var/lib/unifi/system.properties - echo "statdb.db.name=${MONGO_STATS_DB_NAME:-ace_stat}" >> /var/lib/unifi/system.properties -fi - -# If this is set that the controller will start with no settings and will run -# the setup. -# -# WARNING! If this is set on a live database then the controller will delete -# all data and start fresh. -if [ -z "$START_DEFAULT" ]; then - echo "is_default=false" >> /var/lib/unifi/system.properties -fi - -# Replace the current process with a scoped-down controller. The java app -# is designed to do its own job control but it has to run with an init -# system or it doesn't get the signals from docker. -# -# Use the snappy native library installed with apk because the bundled on -# is built against libc which is not available in Alpine. Without this -# inform will fail with a decompression library error. - -# NOTE: This has been migrated to simplevisor.json diff --git a/vlc/Dockerfile b/vlc/Dockerfile deleted file mode 100644 index 2c7f50d..0000000 --- a/vlc/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM ubuntu:16.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ -# sed -i 's/archive.ubuntu.com/us-west-2.ec2.archive.ubuntu.com/' /etc/apt/sources.list && \ - apt-get update && \ - apt-get install -y apt-utils vlc - -RUN \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* - -ENTRYPOINT [ "/usr/bin/vlc" ] diff --git a/vlc/run b/vlc/run deleted file mode 100755 index 7a4004c..0000000 --- a/vlc/run +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -docker run -ti --rm --net=host \ - -w `pwd` \ - -e DISPLAY \ - -e XAUTHORITY=$HOME/.Xauthority \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - -v `pwd`:`pwd`:ro \ - vlc "$@" diff --git a/wekan/Dockerfile b/wekan/Dockerfile deleted file mode 100644 index 4d810d9..0000000 --- a/wekan/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM quay.io/wekan/wekan:v6.28 -LABEL maintainer="Mike Crute " - -USER root - -RUN set -eux; \ - \ - mkdir -p /etc/ssl/certs; - -ADD /simplevisor /simplevisor -ADD /simplevisor.json /simplevisor.json -ADD /isrgrootx1.pem /etc/ssl/certs/isrgrootx1.pem -ADD /isrg-root-x1-cross-signed.pem /etc/ssl/certs/isrg-root-x1-cross-signed.pem - -CMD [ "/simplevisor" ] diff --git a/wekan/Makefile b/wekan/Makefile deleted file mode 100644 index 0a6d096..0000000 --- a/wekan/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -VERSION=6.28 -VERSION_TAG=$(VERSION) -IMAGE=docker.crute.me/wekan:$(VERSION_TAG) -LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest - -.PHONY: all -all: - sed -i "s#^FROM .*#FROM quay.io/wekan/wekan:v$(VERSION)#" Dockerfile - curl -O https://letsencrypt.org/certs/isrgrootx1.pem - curl -O https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem - docker pull quay.io/wekan/wekan:v$(VERSION) - docker build -t $(IMAGE) . - -.PHONY: all-no-cache -all-no-cache: - docker build --no-cache -t $(IMAGE) . - -.PHONY: run -run: - docker run -d \ - -p 9110:9000 \ - -p 9111:9001 \ - -v /srv/code:/srv/code \ - $(IMAGE) - -.PHONY: publish -publish: - docker push $(IMAGE) - docker tag $(IMAGE) $(LATEST) - docker push $(LATEST) - - -.PHONY: clean -clean: - rm -f isrg-root-x1-cross-signed.pem isrgrootx1.pem || true diff --git a/wekan/simplevisor.json b/wekan/simplevisor.json deleted file mode 100644 index 55dd77a..0000000 --- a/wekan/simplevisor.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "env": { - "pass-all": true, - "vault-replace": [ - "MONGO_USER", - "MONGO_PASSWORD" - ], - "vault-template": [ - "MONGO_URL" - ] - }, - "jobs": { - "main": [ - { - "cmd": ["/bin/bash", "-c", "ulimit -s 65500; exec node --stack-size=65500 /build/main.js"], - "run-as": "wekan" - } - ] - } -} diff --git a/znc/Dockerfile b/znc/Dockerfile deleted file mode 100644 index 9e7f4f7..0000000 --- a/znc/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM alpine:latest - -RUN set -euxo pipefail; \ - apk add --no-cache znc znc-extra su-exec; - -COPY push.so /usr/lib/znc/push.so -COPY clientbuffer.so /usr/lib/znc/clientbuffer.so -COPY entrypoint.sh /entrypoint.sh - -ENTRYPOINT [ "/entrypoint.sh" ] -CMD [ "znc", "-f" ] diff --git a/znc/clientbuffer.so b/znc/clientbuffer.so deleted file mode 100755 index 3dcdf32..0000000 Binary files a/znc/clientbuffer.so and /dev/null differ diff --git a/znc/entrypoint.sh b/znc/entrypoint.sh deleted file mode 100755 index 8c3f5a9..0000000 --- a/znc/entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -chown -R znc:znc /var/lib/znc/.znc - -/sbin/su-exec znc "$@" diff --git a/znc/push.so b/znc/push.so deleted file mode 100755 index 9443c5f..0000000 Binary files a/znc/push.so and /dev/null differ -- cgit v1.2.3