msb-public
/
paopao-ce
mirror of https://github.com/rocboss/paopao-ce
1
0
Code Issues Projects Releases Wiki Activity

optimize configure for docker all in one environment

Browse Source
x/docker
Michael Li 6 months ago
parent 96ba45c489
commit 6e32e18f82
No known key found for this signature in database
11 changed files with 14 additions and 309 deletions
Show Stats Download Patch File Download Diff File

3
docker/build/finalize.sh
Unescape View File

@ -8,7 +8,6 @@ adduser -G paopao -H -D -g 'paopao User' paopao -h /data/paopao -s /bin/bash &&
echo "export PAOPAO_CUSTOM=${PAOPAO_CUSTOM}" >> /etc/profile
# Final cleaning
mv /app/docker/paopao-ce_config.yaml /app/config.yaml
mv /app/docker/config.yaml /app/config.yaml
rm -rf /app/docker/build
rm /app/docker/nsswitch.conf
rm /app/docker/README.md

16
docker/nsswitch.conf
Unescape View File

@ -1,16 +0,0 @@
# /etc/nsswitch.conf
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

144
docker/runtime/backup-init.sh
Unescape View File

@ -1,144 +0,0 @@
#!/usr/bin/env bash
set -e
BACKUP_PATH="/backup"
# Make sure that required directories exist
mkdir -p "${BACKUP_PATH}"
mkdir -p "/etc/crontabs"
chown git:git /backup
chmod 2770 /backup
# [string] BACKUP_INTERVAL Period expression
# [string] BACKUP_RETENTION Period expression
if [ -z "${BACKUP_INTERVAL}" ]; then
echo "Backup disabled: BACKUP_INTERVAL has not been found" 1>&2
exit 1
fi
if [ -z "${BACKUP_RETENTION}" ]; then
echo "Backup retention period is not defined, default to 7 days" 1>&2
BACKUP_RETENTION='7d'
fi
# Parse BACKUP_INTERVAL environment variable and generate appropriate cron expression. Backup cron task will be run as scheduled.
# Expected format: nu (n - number, u - unit) (eg. 3d means 3 days)
# Supported units: h - hours, d - days, M - months
parse_generate_cron_expression() {
CRON_EXPR_MINUTES="*"
CRON_EXPR_HOURS="*"
CRON_EXPR_DAYS="*"
CRON_EXPR_MONTHS="*"
# shellcheck disable=SC2001
TIME_INTERVAL=$(echo "${BACKUP_INTERVAL}" | sed -e 's/[hdM]$//')
# shellcheck disable=SC2001
TIME_UNIT=$(echo "${BACKUP_INTERVAL}" | sed -e 's/^[0-9]\+//')
if [ "${TIME_UNIT}" = "h" ]; then
if [ ! "${TIME_INTERVAL}" -le 23 ]; then
echo "Parse error: Time unit 'h' (hour) cannot be greater than 23" 1>&2
exit 1
fi
CRON_EXPR_MINUTES=0
CRON_EXPR_HOURS="*/${TIME_INTERVAL}"
elif [ "${TIME_UNIT}" = "d" ]; then
if [ ! "${TIME_INTERVAL}" -le 30 ]; then
echo "Parse error: Time unit 'd' (day) cannot be greater than 30" 1>&2
exit 1
fi
CRON_EXPR_MINUTES=0
CRON_EXPR_HOURS=0
CRON_EXPR_DAYS="*/${TIME_INTERVAL}"
elif [ "${TIME_UNIT}" = "M" ]; then
if [ ! "${TIME_INTERVAL}" -le 12 ]; then
echo "Parse error: Time unit 'M' (month) cannot be greater than 12" 1>&2
exit 1
fi
CRON_EXPR_MINUTES=0
CRON_EXPR_HOURS=0
CRON_EXPR_DAYS="1"
CRON_EXPR_MONTHS="*/${TIME_INTERVAL}"
else
echo "Parse error: BACKUP_INTERVAL expression is invalid" 1>&2
exit 1
fi
echo "${CRON_EXPR_MINUTES} ${CRON_EXPR_HOURS} ${CRON_EXPR_DAYS} ${CRON_EXPR_MONTHS} *"
}
# Parse BACKUP_RETENTION environment variable and generate appropriate find command expression.
# Expected format: nu (n - number, u - unit) (eg. 3d means 3 days)
# Supported units: m - minutes, d - days
parse_generate_retention_expression() {
FIND_TIME_EXPR='mtime'
# shellcheck disable=SC2001
TIME_INTERVAL=$(echo "${BACKUP_RETENTION}" | sed -e 's/[mhdM]$//')
# shellcheck disable=SC2001
TIME_UNIT=$(echo "${BACKUP_RETENTION}" | sed -e 's/^[0-9]\+//')
if [ "${TIME_UNIT}" = "m" ]; then
if [ "${TIME_INTERVAL}" -le 59 ]; then
echo "Warning: Minimal retention is 60m. Value set to 60m" 1>&2
TIME_INTERVAL=60
fi
FIND_TIME_EXPR="mmin"
elif [ "${TIME_UNIT}" = "h" ]; then
echo "Error: Unsupported expression - Try: eg. 120m for 2 hours." 1>&2
exit 1
elif [ "${TIME_UNIT}" = "d" ]; then
FIND_TIME_EXPR="mtime"
elif [ "${TIME_UNIT}" = "M" ]; then
echo "Error: Unsupported expression - Try: eg. 60d for 2 months." 1>&2
exit 1
else
echo "Parse error: BACKUP_RETENTION expression is invalid" 1>&2
exit 1
fi
echo "${FIND_TIME_EXPR} +${TIME_INTERVAL:-7}"
}
add_backup_cronjob() {
CRONTAB_USER="${1:-git}"
CRONTAB_FILE="/etc/crontabs/${CRONTAB_USER}"
CRONJOB_EXPRESSION="${2:-}"
CRONJOB_EXECUTOR="${3:-}"
CRONJOB_EXECUTOR_ARGUMENTS="${4:-}"
CRONJOB_TASK="${CRONJOB_EXPRESSION} /bin/sh ${CRONJOB_EXECUTOR} ${CRONJOB_EXECUTOR_ARGUMENTS}"
if [ -f "${CRONTAB_FILE}" ]; then
CRONJOB_EXECUTOR_COUNT=$(grep -c "${CRONJOB_EXECUTOR}" "${CRONTAB_FILE}" || exit 0)
if [ "${CRONJOB_EXECUTOR_COUNT}" != "0" ]; then
echo "Cron job already exists for ${CRONJOB_EXECUTOR}. Updating existing." 1>&2
CRONJOB_TASK=$(echo "{CRONJOB_TASK}" | sed 's/\//\\\//g' )
CRONJOB_EXECUTOR=$(echo "{CRONJOB_EXECUTOR}" | sed 's/\//\\\//g' )
sed -i "/${CRONJOB_EXECUTOR}/c\\${CRONJOB_TASK}" "${CRONTAB_FILE}"
return 0
fi
fi
# Finally append new line with cron task expression
echo "${CRONJOB_TASK}" >>"${CRONTAB_FILE}"
}
CRONTAB_USER=$(awk -v val="${PUID}" -F ":" '$3==val{print $1}' /etc/passwd)
# Up to this point, it was desirable that interpreter handles the command errors and halts execution upon any error.
# From now, we handle the errors our self.
set +e
RETENTION_EXPRESSION="$(parse_generate_retention_expression)"
if [ -z "${RETENTION_EXPRESSION}" ]; then
echo "Couldn't generate backup retention expression. Aborting backup setup" 1>&2
exit 1
fi
# Backup rotator cron will run every 5 minutes
add_backup_cronjob "${CRONTAB_USER}" "*/5 * * * *" "/app/gogs/docker/runtime/backup-rotator.sh" "'${BACKUP_PATH}' '${RETENTION_EXPRESSION}'"
add_backup_cronjob "${CRONTAB_USER}" "$(parse_generate_cron_expression)" "/app/gogs/docker/runtime/backup-job.sh" "'${BACKUP_PATH}'"

40
docker/runtime/backup-job.sh
Unescape View File

@ -1,40 +0,0 @@
#!/usr/bin/env sh
execute_backup_job() {
BACKUP_ARG_PATH="${1:-}"
BACKUP_ARG_CONFIG="${BACKUP_ARG_CONFIG:-}"
BACKUP_ARG_EXCLUDE_REPOS="${BACKUP_ARG_EXCLUDE_REPOS:-}"
BACKUP_EXTRA_ARGS="${BACKUP_EXTRA_ARGS:-}"
cd "/app/gogs" || exit 1
BACKUP_ARGS="--target=${BACKUP_ARG_PATH}"
if [ -n "${BACKUP_ARG_CONFIG}" ]; then
BACKUP_ARGS="${BACKUP_ARGS} --config=${BACKUP_ARG_CONFIG}"
fi
if [ -n "${BACKUP_ARG_EXCLUDE_REPOS}" ]; then
BACKUP_ARGS="${BACKUP_ARGS} --exclude-repos=${BACKUP_ARG_EXCLUDE_REPOS}"
fi
if [ -n "${BACKUP_EXTRA_ARGS}" ]; then
BACKUP_ARGS="${BACKUP_ARGS} ${BACKUP_EXTRA_ARGS}"
fi
# NOTE: We actually need word splitting to be able to pass multiple arguments.
# shellcheck disable=SC2086
./gogs backup ${BACKUP_ARGS} || echo "Error: Backup job returned non-successful code." && exit 1
}
main() {
BACKUP_PATH="${1:-}"
if [ -z "${BACKUP_PATH}" ]; then
echo "Required argument missing BACKUP_PATH" 1>&2
exit 1
fi
execute_backup_job "${BACKUP_PATH}"
}
main "$@"

28
docker/runtime/backup-rotator.sh
Unescape View File

@ -1,28 +0,0 @@
#!/usr/bin/env sh
# This is very simple, yet effective backup rotation script.
# Using find command, all files that are older than BACKUP_RETENTION_DAYS are accumulated and deleted using rm.
main() {
BACKUP_PATH="${1:-}"
FIND_EXPRESSION="${2:-mtime +7}"
if [ -z "${BACKUP_PATH}" ]; then
echo "Error: Required argument missing BACKUP_PATH" 1>&2
exit 1
fi
if [ "$(realpath "${BACKUP_PATH}")" = "/" ]; then
echo "Error: Dangerous BACKUP_PATH: /" 1>&2
exit 1
fi
if [ ! -d "${BACKUP_PATH}" ]; then
echo "Error: BACKUP_PATH doesn't exist or is not a directory" 1>&2
exit 1
fi
# shellcheck disable=SC2086
find "${BACKUP_PATH}/" -type f -name "gogs-backup-*.zip" -${FIND_EXPRESSION} -print -exec rm "{}" +
}
main "$@"

4
docker/s6/.s6-svscan/finish
Unescape View File

@ -1,5 +1,3 @@
#!/bin/sh
# Cleanup SOCAT services and s6 event folder
rm -rf "$(find /app/docker/s6/ -name 'event')"
rm -rf /app/docker/s6/SOCAT_*
# do nothing now

2
docker/s6/meilisearch/run
Unescape View File

@ -5,4 +5,4 @@ if test -f ./setup; then
source ./setup
fi
exec gosu paopao /bin/meilisearch
exec gosu ${USER} /bin/meilisearch

2
docker/s6/paopao-ce/run
Unescape View File

@ -5,4 +5,4 @@ if test -f ./setup; then
source ./setup
fi
exec gosu paopao /app/paopao serve
exec gosu ${USER} /app/paopao serve

15
docker/sshd_config
Unescape View File

@ -1,15 +0,0 @@
Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Protocol 2
LogLevel INFO
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key
HostKey /data/ssh/ssh_host_ed25519_key
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitUserEnvironment yes
AllowUsers paopao

58
docker/start.sh
Unescape View File

@ -1,45 +1,15 @@
#!/bin/sh
create_socat_links() {
# Bind linked docker container to localhost socket using socat
USED_PORT="3000:22"
while read -r NAME ADDR PORT; do
if test -z "$NAME$ADDR$PORT"; then
continue
elif echo "$USED_PORT" | grep -E "(^|:)$PORT($|:)" > /dev/null; then
echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
else
SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
mkdir -p "${SERV_FOLDER}"
CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
# shellcheck disable=SC2039,SC3037
echo -e "#!/bin/sh\nexec $CMD" > "${SERV_FOLDER}"/run
chmod +x "${SERV_FOLDER}"/run
USED_PORT="${USED_PORT}:${PORT}"
echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
fi
done << EOT
$(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
EOT
}
cleanup() {
# Cleanup SOCAT services and s6 event folder
# On start and on shutdown in case container has been killed
rm -rf "$(find /app/gogs/docker/s6/ -name 'event')"
rm -rf /app/gogs/docker/s6/SOCAT_*
}
create_volume_subfolder() {
# only change ownership if needed, if using an nfs mount this could be expensive
if [ "$USER:$USER" != "$(stat /data -c '%U:%G')" ]
if [ "$USER:$USER" != "$(stat /app -c '%U:%G')" ]
then
# Modify the owner of /data dir, make $USER(git) user have permission to create sub-dir in /data.
chown -R "$USER:$USER" /data
# Modify the owner of /app dir, make $USER(paopao) user have permission to create sub-dir in /app.
chown -R "$USER:$USER" /app
fi
# Create VOLUME subfolder
for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
for f in /app/custom /app/meili_data; do
if ! test -d $f; then
gosu "$USER" mkdir -p $f
fi
@ -47,7 +17,7 @@ create_volume_subfolder() {
}
setids() {
export USER=git
export USER=paopao
PUID=${PUID:-1000}
PGID=${PGID:-1000}
groupmod -o -g "$PGID" $USER
@ -55,26 +25,8 @@ setids() {
}
setids
cleanup
create_volume_subfolder
LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
if [ "$LINK" = "false" ] || [ "$LINK" = "0" ]; then
echo "init:socat | Will not try to create socat links as requested" 1>&2
else
create_socat_links
fi
CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]')
if [ "$CROND" = "true" ] || [ "$CROND" = "1" ]; then
echo "init:crond | Cron Daemon (crond) will be run as requested by s6" 1>&2
rm -f /app/gogs/docker/s6/crond/down
/bin/sh /app/gogs/docker/runtime/backup-init.sh "${PUID}"
else
# Tell s6 not to run the crond service
touch /app/gogs/docker/s6/crond/down
fi
# Exec CMD or S6 by default if nothing present
if [ $# -gt 0 ];then
exec "$@"

11
scripts/docker/Dockerfile.allinone-runner
Unescape View File

@ -8,8 +8,7 @@ RUN apk update --quiet \
ca-certificates \
libgcc \
curl \
s6 \
socat
s6
&& update-ca-certificates
WORKDIR /app
@ -23,14 +22,14 @@ COPY --from-meilisearch /bin/meilitool /bin/meilitool
# going to symlink the meilisearch binary in the path to `/meilisearch`
RUN ln -s /bin/meilisearch /meilisearch
ENV MEILI_DB_PATH=/meili_data
VOLUME ["/meili_data"]
ENV MEILI_DB_PATH=/app/meili_data
VOLUME ["/app/meili_data"]
RUN ./docker/build/finalize.sh
# Configure Docker Container
VOLUME ["/meili_data", "/app/custom"]
EXPOSE 8008 7700/tcp
VOLUME ["/app/meili_data", "/app/custom"]
EXPOSE 7700/tcp 6379 8008
HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD ps -ef | grep paopao || exit 1
ENTRYPOINT ["/app/docker/start.sh"]
CMD ["/bin/s6-svscan", "/app/docker/s6/"]

Write Preview
Loading…
Cancel
Save