Compare commits
107 Commits
1.32.0-ls1
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
73938cb4a1 | ||
|
|
1d6a30144b | ||
|
2e59ae36c1 | ||
|
|
e72e9f6ed0 | ||
|
|
91d449259f | ||
|
|
dd17b24158 | ||
|
|
17f70e4a31 | ||
|
|
6619c4e0cd | ||
|
|
a06bea000c | ||
|
62401a38e7 | ||
|
|
acef819cc1 | ||
|
|
74828b1e8d | ||
|
|
7e1758fde0 | ||
|
|
e2731a1227 | ||
|
|
0a919148ff | ||
|
|
6fcd80b175 | ||
|
|
c9359819b6 | ||
|
|
ce32306873 | ||
|
|
9ce4ec598d | ||
|
|
9488a4fa1d | ||
|
|
3105c07c72 | ||
|
|
286e74c027 | ||
|
|
b909214614 | ||
|
|
70c66c5495 | ||
|
|
430308342f | ||
|
|
97222fbb25 | ||
|
|
b00bf6caf2 | ||
|
|
7dac282621 | ||
|
|
0c1936f8ec | ||
|
|
e5bb6e4a9d | ||
|
|
951fafd0b9 | ||
|
|
8a1793ac6b | ||
|
|
6ac90997ca | ||
|
94d9ec6ef1 | ||
|
|
8ca0f24782 | ||
|
|
4899670c70 | ||
|
|
b7fba5e404 | ||
|
|
605b7b8ad7 | ||
|
|
3a70f75402 | ||
|
|
28df27df1f | ||
|
|
dd96c54279 | ||
|
|
1f42ec3bd5 | ||
|
|
f5c2f5a154 | ||
|
|
637d304123 | ||
|
|
9bc38ff91c | ||
|
07a02d4641 | ||
|
|
635990d3ff | ||
|
|
d85216d876 | ||
|
03f58b3f2c | ||
|
|
823c4e8ff6 | ||
|
|
b7ad54dbfb | ||
|
|
11edbd85e3 | ||
|
|
7d12260681 | ||
|
|
a4b9e77d08 | ||
|
|
b5b950b1a9 | ||
|
|
83bc8a3bd7 | ||
|
|
b095dd7d50 | ||
|
|
fbb28ff5f7 | ||
|
|
0cc47e6922 | ||
|
|
3f9c403fd6 | ||
|
|
79f6dd4cb1 | ||
|
|
5683a3f232 | ||
|
|
f9f9b677d9 | ||
|
|
d838ef6d13 | ||
|
|
67e2691258 | ||
|
|
1a81ab0ef2 | ||
|
|
cc2380b2b6 | ||
|
|
ed104eb203 | ||
|
|
3bab8b6b77 | ||
|
|
0b038edb4a | ||
|
|
c7eba518d6 | ||
|
|
9e7ef6154d | ||
|
|
cba7e6703c | ||
|
|
b73f17181a | ||
|
|
01c28da51e | ||
|
|
0d92109b68 | ||
|
|
3ef896e611 | ||
|
|
e057a7ce0d | ||
|
|
db4e661126 | ||
|
|
c137a66726 | ||
|
|
7be5f1caec | ||
|
|
777fa62481 | ||
|
|
a95a0f639a | ||
|
|
c686dfee47 | ||
|
|
a91fe2b269 | ||
|
|
a184bb33ca | ||
|
|
38e1845e73 | ||
|
|
5e47b02496 | ||
|
|
f6438c4a66 | ||
|
|
72cb34675c | ||
|
|
ade05a74ae | ||
|
|
2244ff579f | ||
|
|
494d0a1141 | ||
|
|
ba54174830 | ||
|
|
db1f5f88ed | ||
|
|
f6529ad8fb | ||
|
|
b109deb4dd | ||
|
|
8938e296d9 | ||
|
|
46e5156c21 | ||
|
|
3980ee1ecf | ||
|
|
cf21b8c68e | ||
|
|
1771853341 | ||
|
|
c7d1a46026 | ||
|
|
3539bd10f0 | ||
|
|
86c3d8aa7b | ||
|
|
b642a82fb2 | ||
|
|
c81265ea4d |
@ -15,6 +15,6 @@ trim_trailing_whitespace = false
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
|
||||
[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
|
||||
[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
|
||||
indent_style = space
|
||||
indent_size = 4
|
||||
|
||||
12
.github/workflows/call_invalid_helper.yml
vendored
12
.github/workflows/call_invalid_helper.yml
vendored
@ -1,12 +0,0 @@
|
||||
name: Comment on invalid interaction
|
||||
on:
|
||||
issues:
|
||||
types:
|
||||
- labeled
|
||||
jobs:
|
||||
add-comment-on-invalid:
|
||||
if: github.event.label.name == 'invalid'
|
||||
permissions:
|
||||
issues: write
|
||||
uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
|
||||
secrets: inherit
|
||||
14
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file
14
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file
@ -0,0 +1,14 @@
|
||||
name: Issue & PR Tracker
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened,reopened,labeled,unlabeled]
|
||||
pull_request_target:
|
||||
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
|
||||
|
||||
jobs:
|
||||
manage-project:
|
||||
permissions:
|
||||
issues: write
|
||||
uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
|
||||
secrets: inherit
|
||||
13
.github/workflows/call_issues_cron.yml
vendored
Executable file
13
.github/workflows/call_issues_cron.yml
vendored
Executable file
@ -0,0 +1,13 @@
|
||||
name: Mark stale issues and pull requests
|
||||
on:
|
||||
schedule:
|
||||
- cron: '35 15 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
stale:
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
|
||||
secrets: inherit
|
||||
2
.github/workflows/external_trigger.yml
vendored
2
.github/workflows/external_trigger.yml
vendored
@ -18,7 +18,7 @@ jobs:
|
||||
fi
|
||||
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
|
||||
echo "**** Retrieving external version ****"
|
||||
EXT_RELEASE=$(echo '1.32.0')
|
||||
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
|
||||
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
|
||||
echo "**** Can't retrieve external version, exiting ****"
|
||||
FAILURE_REASON="Can't retrieve external version for swag branch master"
|
||||
|
||||
2
.github/workflows/greetings.yml
vendored
2
.github/workflows/greetings.yml
vendored
@ -8,6 +8,6 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/first-interaction@v1
|
||||
with:
|
||||
issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
|
||||
issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
|
||||
pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@ -2,7 +2,7 @@ name: Package Trigger Scheduler
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '03 5 * * 4'
|
||||
- cron: '1 3 * * 6'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
||||
10
.github/workflows/permissions.yml
vendored
Executable file
10
.github/workflows/permissions.yml
vendored
Executable file
@ -0,0 +1,10 @@
|
||||
name: Permission check
|
||||
on:
|
||||
pull_request_target:
|
||||
paths:
|
||||
- '**/run'
|
||||
- '**/finish'
|
||||
- '**/check'
|
||||
jobs:
|
||||
permission_check:
|
||||
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
|
||||
23
.github/workflows/stale.yml
vendored
23
.github/workflows/stale.yml
vendored
@ -1,23 +0,0 @@
|
||||
name: Mark stale issues and pull requests
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "30 1 * * *"
|
||||
|
||||
jobs:
|
||||
stale:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@v6.0.1
|
||||
with:
|
||||
stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
|
||||
stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
|
||||
stale-issue-label: 'no-issue-activity'
|
||||
stale-pr-label: 'no-pr-activity'
|
||||
days-before-stale: 30
|
||||
days-before-close: 365
|
||||
exempt-issue-labels: 'awaiting-approval,work-in-progress'
|
||||
exempt-pr-labels: 'awaiting-approval,work-in-progress'
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
119
Dockerfile
119
Dockerfile
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -46,62 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
acme==${CERTBOT_VERSION} \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -120,6 +113,7 @@ RUN \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
certbot-dns-google-domains \
|
||||
certbot-dns-he \
|
||||
certbot-dns-hetzner \
|
||||
certbot-dns-infomaniak \
|
||||
@ -141,6 +135,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -164,6 +159,8 @@ RUN \
|
||||
mkdir -p /defaults/fail2ban && \
|
||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||
echo "**** define allowipv6 to silence warning ****" && \
|
||||
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||
echo "**** copy proxy confs to /defaults ****" && \
|
||||
mkdir -p \
|
||||
/defaults/nginx/proxy-confs && \
|
||||
@ -176,14 +173,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
||||
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -46,62 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
acme==${CERTBOT_VERSION} \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -120,6 +113,7 @@ RUN \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
certbot-dns-google-domains \
|
||||
certbot-dns-he \
|
||||
certbot-dns-hetzner \
|
||||
certbot-dns-infomaniak \
|
||||
@ -141,6 +135,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -164,6 +159,8 @@ RUN \
|
||||
mkdir -p /defaults/fail2ban && \
|
||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||
echo "**** define allowipv6 to silence warning ****" && \
|
||||
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||
echo "**** copy proxy confs to /defaults ****" && \
|
||||
mkdir -p \
|
||||
/defaults/nginx/proxy-confs && \
|
||||
@ -176,14 +173,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
||||
119
Dockerfile.armhf
119
Dockerfile.armhf
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -46,62 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
acme==${CERTBOT_VERSION} \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -120,6 +113,7 @@ RUN \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
certbot-dns-google-domains \
|
||||
certbot-dns-he \
|
||||
certbot-dns-hetzner \
|
||||
certbot-dns-infomaniak \
|
||||
@ -141,6 +135,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -164,6 +159,8 @@ RUN \
|
||||
mkdir -p /defaults/fail2ban && \
|
||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||
echo "**** define allowipv6 to silence warning ****" && \
|
||||
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||
echo "**** copy proxy confs to /defaults ****" && \
|
||||
mkdir -p \
|
||||
/defaults/nginx/proxy-confs && \
|
||||
@ -176,14 +173,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
||||
108
Jenkinsfile
vendored
108
Jenkinsfile
vendored
@ -57,7 +57,7 @@ pipeline {
|
||||
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
|
||||
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
|
||||
env.PULL_REQUEST = env.CHANGE_ID
|
||||
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
|
||||
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
|
||||
}
|
||||
script{
|
||||
env.LS_RELEASE_NUMBER = sh(
|
||||
@ -100,18 +100,17 @@ pipeline {
|
||||
/* ########################
|
||||
External Release Tagging
|
||||
######################## */
|
||||
// If this is a custom command to determine version use that command
|
||||
stage("Set tag custom bash"){
|
||||
// If this is a pip release set the external tag to the pip version
|
||||
stage("Set ENV pip_version"){
|
||||
steps{
|
||||
script{
|
||||
env.EXT_RELEASE = sh(
|
||||
script: ''' echo '1.32.0' ''',
|
||||
script: '''curl -sL https://pypi.python.org/pypi/${EXT_PIP}/json |jq -r '. | .info.version' ''',
|
||||
returnStdout: true).trim()
|
||||
env.RELEASE_LINK = 'custom_command'
|
||||
env.RELEASE_LINK = 'https://pypi.python.org/pypi/' + env.EXT_PIP
|
||||
}
|
||||
}
|
||||
}
|
||||
// Sanitize the release tag and strip illegal docker or github characters
|
||||
} // Sanitize the release tag and strip illegal docker or github characters
|
||||
stage("Sanitize tag"){
|
||||
steps{
|
||||
script{
|
||||
@ -231,17 +230,14 @@ pipeline {
|
||||
}
|
||||
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
|
||||
docker run --rm \
|
||||
-e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
|
||||
-e FILE_NAME="shellcheck-result.xml" \
|
||||
-e MIMETYPE="text/xml" \
|
||||
-v ${WORKSPACE}:/mnt \
|
||||
-e SECRET_KEY=\"${S3_SECRET}\" \
|
||||
-e ACCESS_KEY=\"${S3_KEY}\" \
|
||||
-t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
|
||||
python /upload.py'''
|
||||
-v ${WORKSPACE}:/mnt \
|
||||
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
|
||||
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
|
||||
ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
|
||||
apk add --no-cache py3-pip && \
|
||||
pip install s3cmd && \
|
||||
s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -278,7 +274,7 @@ pipeline {
|
||||
echo "Jenkinsfile is up to date."
|
||||
fi
|
||||
# Stage 2 - Delete old templates
|
||||
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
|
||||
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
|
||||
for i in ${OLD_TEMPLATES}; do
|
||||
if [[ -f "${i}" ]]; then
|
||||
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
|
||||
@ -295,7 +291,7 @@ pipeline {
|
||||
git commit -m 'Bot Updating Templated Files'
|
||||
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
|
||||
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
echo "Deleting old templates"
|
||||
echo "Deleting old and deprecated templates"
|
||||
rm -Rf ${TEMPDIR}
|
||||
exit 0
|
||||
else
|
||||
@ -443,7 +439,8 @@ pipeline {
|
||||
}
|
||||
steps {
|
||||
echo "Running on node: ${NODE_NAME}"
|
||||
sh "docker build \
|
||||
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
|
||||
sh "docker buildx build \
|
||||
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
|
||||
--label \"org.opencontainers.image.authors=linuxserver.io\" \
|
||||
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
|
||||
@ -456,7 +453,7 @@ pipeline {
|
||||
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
|
||||
--label \"org.opencontainers.image.title=Swag\" \
|
||||
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
|
||||
--no-cache --pull -t ${IMAGE}:${META_TAG} \
|
||||
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
}
|
||||
}
|
||||
@ -473,7 +470,8 @@ pipeline {
|
||||
stage('Build X86') {
|
||||
steps {
|
||||
echo "Running on node: ${NODE_NAME}"
|
||||
sh "docker build \
|
||||
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
|
||||
sh "docker buildx build \
|
||||
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
|
||||
--label \"org.opencontainers.image.authors=linuxserver.io\" \
|
||||
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
|
||||
@ -486,7 +484,7 @@ pipeline {
|
||||
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
|
||||
--label \"org.opencontainers.image.title=Swag\" \
|
||||
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
|
||||
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
|
||||
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
}
|
||||
}
|
||||
@ -500,7 +498,8 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
'''
|
||||
sh "docker build \
|
||||
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
|
||||
sh "docker buildx build \
|
||||
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
|
||||
--label \"org.opencontainers.image.authors=linuxserver.io\" \
|
||||
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
|
||||
@ -513,7 +512,7 @@ pipeline {
|
||||
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
|
||||
--label \"org.opencontainers.image.title=Swag\" \
|
||||
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
|
||||
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
|
||||
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
@ -534,7 +533,8 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
'''
|
||||
sh "docker build \
|
||||
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
|
||||
sh "docker buildx build \
|
||||
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
|
||||
--label \"org.opencontainers.image.authors=linuxserver.io\" \
|
||||
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
|
||||
@ -547,7 +547,7 @@ pipeline {
|
||||
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
|
||||
--label \"org.opencontainers.image.title=Swag\" \
|
||||
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
|
||||
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
|
||||
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
@ -576,26 +576,12 @@ pipeline {
|
||||
else
|
||||
LOCAL_CONTAINER=${IMAGE}:${META_TAG}
|
||||
fi
|
||||
if [ "${DIST_IMAGE}" == "alpine" ]; then
|
||||
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
|
||||
apk info -v > /tmp/package_versions.txt && \
|
||||
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
|
||||
chmod 777 /tmp/package_versions.txt'
|
||||
elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
|
||||
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
|
||||
apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
|
||||
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
|
||||
chmod 777 /tmp/package_versions.txt'
|
||||
elif [ "${DIST_IMAGE}" == "fedora" ]; then
|
||||
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
|
||||
rpm -qa > /tmp/package_versions.txt && \
|
||||
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
|
||||
chmod 777 /tmp/package_versions.txt'
|
||||
elif [ "${DIST_IMAGE}" == "arch" ]; then
|
||||
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
|
||||
pacman -Q > /tmp/package_versions.txt && \
|
||||
chmod 777 /tmp/package_versions.txt'
|
||||
fi
|
||||
touch ${TEMPDIR}/package_versions.txt
|
||||
docker run --rm \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
-v ${TEMPDIR}:/tmp \
|
||||
ghcr.io/anchore/syft:latest \
|
||||
${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
|
||||
NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
|
||||
echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
|
||||
if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
|
||||
@ -806,19 +792,19 @@ pipeline {
|
||||
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
|
||||
if [ "${CI}" == "false" ]; then
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
fi
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
|
||||
docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
|
||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
|
||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
|
||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
if [ -n "${SEMVER}" ]; then
|
||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||
@ -826,13 +812,13 @@ pipeline {
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||
fi
|
||||
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:amd64-latest
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-latest
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-latest
|
||||
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker push ${MANIFESTIMAGE}:amd64-latest
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-latest
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-latest
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
if [ -n "${SEMVER}" ]; then
|
||||
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||
@ -912,11 +898,11 @@ pipeline {
|
||||
"tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
|
||||
echo "Pushing New release for Tag"
|
||||
sh '''#! /bin/bash
|
||||
echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
|
||||
echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
|
||||
echo '{"tag_name":"'${META_TAG}'",\
|
||||
"target_commitish": "master",\
|
||||
"name": "'${META_TAG}'",\
|
||||
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
|
||||
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start
|
||||
printf '","draft": false,"prerelease": false}' >> releasebody.json
|
||||
paste -d'\\0' start releasebody.json > releasebody.json.done
|
||||
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
|
||||
@ -978,12 +964,12 @@ pipeline {
|
||||
sh 'echo "build aborted"'
|
||||
}
|
||||
else if (currentBuild.currentResult == "SUCCESS"){
|
||||
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
|
||||
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
|
||||
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
|
||||
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
|
||||
}
|
||||
else {
|
||||
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
|
||||
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
|
||||
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
|
||||
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
|
||||
}
|
||||
|
||||
19
README.md
Executable file → Normal file
19
README.md
Executable file → Normal file
@ -56,7 +56,7 @@ The architectures supported by this image are:
|
||||
| :----: | :----: | ---- |
|
||||
| x86-64 | ✅ | amd64-\<version tag\> |
|
||||
| arm64 | ✅ | arm64v8-\<version tag\> |
|
||||
| armhf| ✅ | arm32v7-\<version tag\> |
|
||||
| armhf | ✅ | arm32v7-\<version tag\> |
|
||||
|
||||
## Application Setup
|
||||
|
||||
@ -154,7 +154,7 @@ services:
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/London
|
||||
- TZ=Etc/UTC
|
||||
- URL=yourdomain.url
|
||||
- VALIDATION=http
|
||||
- SUBDOMAINS=www, #optional
|
||||
@ -181,7 +181,7 @@ docker run -d \
|
||||
--cap-add=NET_ADMIN \
|
||||
-e PUID=1000 \
|
||||
-e PGID=1000 \
|
||||
-e TZ=Europe/London \
|
||||
-e TZ=Etc/UTC \
|
||||
-e URL=yourdomain.url \
|
||||
-e VALIDATION=http \
|
||||
-e SUBDOMAINS=www, `#optional` \
|
||||
@ -197,6 +197,7 @@ docker run -d \
|
||||
-v /path/to/appdata/config:/config \
|
||||
--restart unless-stopped \
|
||||
lscr.io/linuxserver/swag:latest
|
||||
|
||||
```
|
||||
|
||||
## Parameters
|
||||
@ -209,12 +210,12 @@ Container images are configured using parameters passed at runtime (such as thos
|
||||
| `-p 80` | Http port (required for http validation and http -> https redirect) |
|
||||
| `-e PUID=1000` | for UserID - see below for explanation |
|
||||
| `-e PGID=1000` | for GroupID - see below for explanation |
|
||||
| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
|
||||
| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
|
||||
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
|
||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
||||
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
||||
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
||||
@ -335,6 +336,14 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **25.03.23:** - Fix renewal post hook.
|
||||
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
|
||||
* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
|
||||
* **02.03.23:** - Set permissions on crontabs during init.
|
||||
* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
|
||||
* **06.02.23:** - Add porkbun support back in.
|
||||
* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
|
||||
* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
|
||||
* **16.01.23:** - Remove nchan module because it keeps causing crashes.
|
||||
* **08.12.22:** - Revamp certbot init.
|
||||
* **03.12.22:** - Remove defunct cloudxns plugin.
|
||||
|
||||
@ -2,12 +2,7 @@
|
||||
|
||||
# jenkins variables
|
||||
project_name: docker-swag
|
||||
|
||||
# Pin certbot to 1.32.0 until plugin compatibility improves
|
||||
external_type: na
|
||||
custom_version_command: "echo '1.32.0'"
|
||||
|
||||
#external_type: pip_version
|
||||
external_type: pip_version
|
||||
release_type: stable
|
||||
release_tag: latest
|
||||
ls_branch: master
|
||||
|
||||
@ -1,228 +1,340 @@
|
||||
alpine-baselayout-3.2.0-r18
|
||||
alpine-keys-2.4-r1
|
||||
apache2-utils-2.4.54-r0
|
||||
apk-tools-2.12.7-r3
|
||||
apr-1.7.0-r1
|
||||
apr-util-1.6.1-r11
|
||||
argon2-libs-20190702-r1
|
||||
bash-5.1.16-r0
|
||||
brotli-libs-1.0.9-r5
|
||||
busybox-1.34.1-r7
|
||||
c-client-2007f-r13
|
||||
ca-certificates-20220614-r0
|
||||
ca-certificates-bundle-20220614-r0
|
||||
coreutils-9.0-r2
|
||||
curl-7.80.0-r5
|
||||
expat-2.5.0-r0
|
||||
fail2ban-0.11.2-r1
|
||||
freetype-2.11.1-r2
|
||||
gdbm-1.22-r0
|
||||
git-2.34.5-r0
|
||||
git-perl-2.34.5-r0
|
||||
gmp-6.2.1-r1
|
||||
gnupg-2.2.31-r2
|
||||
gnupg-dirmngr-2.2.31-r2
|
||||
gnupg-gpgconf-2.2.31-r2
|
||||
gnupg-utils-2.2.31-r2
|
||||
gnupg-wks-client-2.2.31-r2
|
||||
gnutls-3.7.1-r1
|
||||
gpg-2.2.31-r2
|
||||
gpg-agent-2.2.31-r2
|
||||
gpg-wks-server-2.2.31-r2
|
||||
gpgsm-2.2.31-r2
|
||||
gpgv-2.2.31-r2
|
||||
icu-libs-69.1-r1
|
||||
ip6tables-1.8.7-r1
|
||||
iptables-1.8.7-r1
|
||||
libacl-2.2.53-r0
|
||||
libassuan-2.5.5-r0
|
||||
libattr-2.5.1-r1
|
||||
libbsd-0.11.3-r1
|
||||
libbz2-1.0.8-r1
|
||||
libc-utils-0.7.2-r3
|
||||
libcap-2.61-r0
|
||||
libcrypto1.1-1.1.1s-r1
|
||||
libcurl-7.80.0-r5
|
||||
libedit-20210910.3.1-r0
|
||||
libevent-2.1.12-r4
|
||||
libffi-3.4.2-r1
|
||||
libgcc-10.3.1_git20211027-r0
|
||||
libgcrypt-1.9.4-r0
|
||||
libgd-2.3.2-r1
|
||||
libgpg-error-1.42-r1
|
||||
libice-1.0.10-r0
|
||||
libidn-1.38-r0
|
||||
libintl-0.21-r0
|
||||
libjpeg-turbo-2.1.2-r0
|
||||
libksba-1.6.3-r0
|
||||
libldap-2.6.2-r0
|
||||
libmaxminddb-1.6.0-r0
|
||||
libmcrypt-2.5.8-r9
|
||||
libmd-1.0.3-r0
|
||||
libmemcached-libs-1.0.18-r4
|
||||
libmnl-1.0.4-r2
|
||||
libnftnl-1.2.1-r0
|
||||
libpng-1.6.37-r1
|
||||
libpq-14.5-r0
|
||||
libproc-3.3.17-r0
|
||||
libretls-3.3.4-r3
|
||||
libsasl-2.1.28-r0
|
||||
libseccomp-2.5.2-r0
|
||||
libsm-1.2.3-r0
|
||||
libsodium-1.0.18-r0
|
||||
libssl1.1-1.1.1s-r1
|
||||
libstdc++-10.3.1_git20211027-r0
|
||||
libtasn1-4.18.0-r1
|
||||
libunistring-0.9.10-r1
|
||||
libuuid-2.37.4-r0
|
||||
libwebp-1.2.2-r0
|
||||
libx11-1.7.3.1-r0
|
||||
libxau-1.0.9-r0
|
||||
libxcb-1.14-r2
|
||||
libxdmcp-1.1.3-r0
|
||||
libxext-1.3.4-r0
|
||||
libxml2-2.9.14-r2
|
||||
libxpm-3.5.13-r0
|
||||
libxslt-1.1.35-r0
|
||||
libxt-1.2.1-r0
|
||||
libzip-1.8.0-r1
|
||||
linux-pam-1.5.2-r0
|
||||
logrotate-3.18.1-r4
|
||||
lz4-libs-1.9.3-r1
|
||||
memcached-1.6.12-r0
|
||||
mpdecimal-2.5.1-r1
|
||||
musl-1.2.2-r7
|
||||
musl-utils-1.2.2-r7
|
||||
nano-5.9-r0
|
||||
ncurses-libs-6.3_p20211120-r1
|
||||
ncurses-terminfo-base-6.3_p20211120-r1
|
||||
nettle-3.7.3-r0
|
||||
nghttp2-libs-1.46.0-r0
|
||||
nginx-1.20.2-r1
|
||||
nginx-mod-devel-kit-1.20.2-r1
|
||||
nginx-mod-http-brotli-1.20.2-r1
|
||||
nginx-mod-http-dav-ext-1.20.2-r1
|
||||
nginx-mod-http-echo-1.20.2-r1
|
||||
nginx-mod-http-fancyindex-1.20.2-r1
|
||||
nginx-mod-http-geoip2-1.20.2-r1
|
||||
nginx-mod-http-headers-more-1.20.2-r1
|
||||
nginx-mod-http-image-filter-1.20.2-r1
|
||||
nginx-mod-http-perl-1.20.2-r1
|
||||
nginx-mod-http-redis2-1.20.2-r1
|
||||
nginx-mod-http-set-misc-1.20.2-r1
|
||||
nginx-mod-http-upload-progress-1.20.2-r1
|
||||
nginx-mod-http-xslt-filter-1.20.2-r1
|
||||
nginx-mod-mail-1.20.2-r1
|
||||
nginx-mod-rtmp-1.20.2-r1
|
||||
nginx-mod-stream-1.20.2-r1
|
||||
nginx-mod-stream-geoip2-1.20.2-r1
|
||||
nginx-vim-1.20.2-r1
|
||||
npth-1.6-r1
|
||||
oniguruma-6.9.7.1-r0
|
||||
openssl-1.1.1s-r1
|
||||
p11-kit-0.24.0-r1
|
||||
pcre-8.45-r1
|
||||
pcre2-10.40-r0
|
||||
perl-5.34.0-r1
|
||||
perl-error-0.17029-r1
|
||||
perl-git-2.34.5-r0
|
||||
php8-8.0.25-r0
|
||||
php8-bcmath-8.0.25-r0
|
||||
php8-bz2-8.0.25-r0
|
||||
php8-common-8.0.25-r0
|
||||
php8-ctype-8.0.25-r0
|
||||
php8-curl-8.0.25-r0
|
||||
php8-dom-8.0.25-r0
|
||||
php8-exif-8.0.25-r0
|
||||
php8-fileinfo-8.0.25-r0
|
||||
php8-fpm-8.0.25-r0
|
||||
php8-ftp-8.0.25-r0
|
||||
php8-gd-8.0.25-r0
|
||||
php8-gmp-8.0.25-r0
|
||||
php8-iconv-8.0.25-r0
|
||||
php8-imap-8.0.25-r0
|
||||
php8-intl-8.0.25-r0
|
||||
php8-ldap-8.0.25-r0
|
||||
php8-mbstring-8.0.25-r0
|
||||
php8-mysqli-8.0.25-r0
|
||||
php8-mysqlnd-8.0.25-r0
|
||||
php8-opcache-8.0.25-r0
|
||||
php8-openssl-8.0.25-r0
|
||||
php8-pdo-8.0.25-r0
|
||||
php8-pdo_mysql-8.0.25-r0
|
||||
php8-pdo_odbc-8.0.25-r0
|
||||
php8-pdo_pgsql-8.0.25-r0
|
||||
php8-pdo_sqlite-8.0.25-r0
|
||||
php8-pear-8.0.25-r0
|
||||
php8-pecl-apcu-5.1.21-r0
|
||||
php8-pecl-igbinary-3.2.6-r0
|
||||
php8-pecl-mailparse-3.1.3-r0
|
||||
php8-pecl-mcrypt-1.0.4-r0
|
||||
php8-pecl-memcached-3.1.5-r1
|
||||
php8-pecl-redis-5.3.6-r0
|
||||
php8-pecl-xmlrpc-1.0.0_rc3-r0
|
||||
php8-pgsql-8.0.25-r0
|
||||
php8-phar-8.0.25-r0
|
||||
php8-posix-8.0.25-r0
|
||||
php8-session-8.0.25-r0
|
||||
php8-simplexml-8.0.25-r0
|
||||
php8-soap-8.0.25-r0
|
||||
php8-sockets-8.0.25-r0
|
||||
php8-sodium-8.0.25-r0
|
||||
php8-sqlite3-8.0.25-r0
|
||||
php8-tokenizer-8.0.25-r0
|
||||
php8-xml-8.0.25-r0
|
||||
php8-xmlreader-8.0.25-r0
|
||||
php8-xmlwriter-8.0.25-r0
|
||||
php8-xsl-8.0.25-r0
|
||||
php8-zip-8.0.25-r0
|
||||
pinentry-1.2.0-r0
|
||||
popt-1.18-r0
|
||||
procps-3.3.17-r0
|
||||
py3-appdirs-1.4.4-r2
|
||||
py3-asn1crypto-1.4.0-r1
|
||||
py3-cachecontrol-0.12.10-r0
|
||||
py3-certifi-2020.12.5-r1
|
||||
py3-cffi-1.14.5-r4
|
||||
py3-charset-normalizer-2.0.7-r0
|
||||
py3-colorama-0.4.4-r1
|
||||
py3-contextlib2-21.6.0-r1
|
||||
py3-cparser-2.20-r1
|
||||
py3-cryptography-3.3.2-r3
|
||||
py3-distlib-0.3.3-r0
|
||||
py3-distro-1.6.0-r0
|
||||
py3-future-0.18.2-r3
|
||||
py3-html5lib-1.1-r1
|
||||
py3-idna-3.3-r0
|
||||
py3-lockfile-0.12.2-r4
|
||||
py3-msgpack-1.0.2-r1
|
||||
py3-ordered-set-4.0.2-r2
|
||||
py3-packaging-20.9-r1
|
||||
py3-parsing-2.4.7-r2
|
||||
py3-pep517-0.12.0-r0
|
||||
py3-pip-20.3.4-r1
|
||||
py3-progress-1.6-r0
|
||||
py3-requests-2.26.0-r1
|
||||
py3-retrying-1.3.3-r2
|
||||
py3-setuptools-52.0.0-r4
|
||||
py3-six-1.16.0-r0
|
||||
py3-toml-0.10.2-r2
|
||||
py3-tomli-1.2.2-r0
|
||||
py3-urllib3-1.26.7-r0
|
||||
py3-webencodings-0.5.1-r4
|
||||
python3-3.9.16-r0
|
||||
readline-8.1.1-r0
|
||||
s6-ipcserver-2.11.0.0-r0
|
||||
scanelf-1.3.3-r0
|
||||
shadow-4.8.1-r1
|
||||
skalibs-2.11.0.0-r0
|
||||
sqlite-libs-3.36.0-r0
|
||||
ssl_client-1.34.1-r7
|
||||
tzdata-2022f-r1
|
||||
unixodbc-2.3.9-r1
|
||||
utmps-0.1.0.3-r0
|
||||
whois-5.5.10-r0
|
||||
xz-5.2.5-r1
|
||||
xz-libs-5.2.5-r1
|
||||
zlib-1.2.12-r3
|
||||
zstd-libs-1.5.0-r0
|
||||
NAME VERSION TYPE
|
||||
ConfigArgParse 1.5.3 python
|
||||
PyJWT 2.6.0 python
|
||||
PyYAML 6.0 python
|
||||
acme 2.5.0 python
|
||||
alpine-baselayout 3.4.0-r0 apk
|
||||
alpine-baselayout-data 3.4.0-r0 apk
|
||||
alpine-keys 2.4-r1 apk
|
||||
alpine-release 3.17.3-r0 apk
|
||||
aom-libs 3.5.0-r0 apk
|
||||
apache2-utils 2.4.56-r0 apk
|
||||
apk-tools 2.12.10-r1 apk
|
||||
apr 1.7.2-r0 apk
|
||||
apr-util 1.6.3-r0 apk
|
||||
argon2-libs 20190702-r2 apk
|
||||
attrs 22.2.0 python
|
||||
azure-common 1.1.28 python
|
||||
azure-core 1.26.4 python
|
||||
azure-identity 1.12.0 python
|
||||
azure-mgmt-core 1.4.0 python
|
||||
azure-mgmt-dns 8.0.0 python
|
||||
bash 5.2.15-r0 apk
|
||||
beautifulsoup4 4.12.2 python
|
||||
boto3 1.26.109 python
|
||||
botocore 1.29.109 python
|
||||
brotli-libs 1.0.9-r9 apk
|
||||
bs4 0.0.1 python
|
||||
busybox 1.35.0 binary
|
||||
busybox 1.35.0-r29 apk
|
||||
busybox-binsh 1.35.0-r29 apk
|
||||
c-client 2007f-r14 apk
|
||||
ca-certificates 20220614-r4 apk
|
||||
ca-certificates-bundle 20220614-r4 apk
|
||||
cachetools 5.3.0 python
|
||||
certbot 2.5.0 python
|
||||
certbot-dns-acmedns 0.1.0 python
|
||||
certbot-dns-aliyun 2.0.0 python
|
||||
certbot-dns-azure 2.1.0 python
|
||||
certbot-dns-cloudflare 2.5.0 python
|
||||
certbot-dns-cpanel 0.4.0 python
|
||||
certbot-dns-desec 1.2.1 python
|
||||
certbot-dns-digitalocean 2.5.0 python
|
||||
certbot-dns-directadmin 1.0.3 python
|
||||
certbot-dns-dnsimple 2.5.0 python
|
||||
certbot-dns-dnsmadeeasy 2.5.0 python
|
||||
certbot-dns-dnspod 0.1.0 python
|
||||
certbot-dns-do 0.31.0 python
|
||||
certbot-dns-domeneshop 0.2.9 python
|
||||
certbot-dns-duckdns 1.3 python
|
||||
certbot-dns-dynu 0.0.4 python
|
||||
certbot-dns-gehirn 2.5.0 python
|
||||
certbot-dns-godaddy 0.2.2 python
|
||||
certbot-dns-google 2.5.0 python
|
||||
certbot-dns-google-domains 0.1.9 python
|
||||
certbot-dns-he 1.0.0 python
|
||||
certbot-dns-hetzner 2.0.0 python
|
||||
certbot-dns-infomaniak 0.2.1 python
|
||||
certbot-dns-inwx 2.2.0 python
|
||||
certbot-dns-ionos 2022.11.24 python
|
||||
certbot-dns-linode 2.5.0 python
|
||||
certbot-dns-loopia 1.0.1 python
|
||||
certbot-dns-luadns 2.5.0 python
|
||||
certbot-dns-netcup 1.2.0 python
|
||||
certbot-dns-njalla 1.0.0 python
|
||||
certbot-dns-nsone 2.5.0 python
|
||||
certbot-dns-ovh 2.5.0 python
|
||||
certbot-dns-porkbun 0.8 python
|
||||
certbot-dns-rfc2136 2.5.0 python
|
||||
certbot-dns-route53 2.5.0 python
|
||||
certbot-dns-sakuracloud 2.5.0 python
|
||||
certbot-dns-standalone 1.1 python
|
||||
certbot-dns-transip 0.5.2 python
|
||||
certbot-dns-vultr 1.0.3 python
|
||||
certbot-plugin-gandi 1.4.3 python
|
||||
certifi 2022.12.7 python
|
||||
cffi 1.15.1 python
|
||||
charset-normalizer 3.1.0 python
|
||||
cloudflare 2.11.1 python
|
||||
configobj 5.0.8 python
|
||||
coreutils 9.1-r0 apk
|
||||
cryptography 40.0.1 python
|
||||
curl 7.88.1-r1 apk
|
||||
dataclasses-json 0.5.7 python
|
||||
distro 1.8.0 python
|
||||
dns-lexicon 3.11.7 python
|
||||
dnslib 0.9.23 python
|
||||
dnspython 2.3.0 python
|
||||
domeneshop 0.4.3 python
|
||||
fail2ban 1.0.2 python
|
||||
fail2ban 1.0.2-r0 apk
|
||||
filelock 3.11.0 python
|
||||
fontconfig 2.14.1-r0 apk
|
||||
freetype 2.12.1-r0 apk
|
||||
future 0.18.3 python
|
||||
gdbm 1.23-r0 apk
|
||||
git 2.38.4-r1 apk
|
||||
git-perl 2.38.4-r1 apk
|
||||
gmp 6.2.1-r2 apk
|
||||
gnupg 2.2.40-r0 apk
|
||||
gnupg-dirmngr 2.2.40-r0 apk
|
||||
gnupg-gpgconf 2.2.40-r0 apk
|
||||
gnupg-utils 2.2.40-r0 apk
|
||||
gnupg-wks-client 2.2.40-r0 apk
|
||||
gnutls 3.7.8-r3 apk
|
||||
google-api-core 2.11.0 python
|
||||
google-api-python-client 2.84.0 python
|
||||
google-auth 2.17.2 python
|
||||
google-auth-httplib2 0.1.0 python
|
||||
googleapis-common-protos 1.59.0 python
|
||||
gpg 2.2.40-r0 apk
|
||||
gpg-agent 2.2.40-r0 apk
|
||||
gpg-wks-server 2.2.40-r0 apk
|
||||
gpgsm 2.2.40-r0 apk
|
||||
gpgv 2.2.40-r0 apk
|
||||
httplib2 0.22.0 python
|
||||
icu-data-en 72.1-r1 apk
|
||||
icu-libs 72.1-r1 apk
|
||||
idna 3.4 python
|
||||
importlib-metadata 6.2.0 python
|
||||
ip6tables 1.8.8-r2 apk
|
||||
iptables 1.8.8-r2 apk
|
||||
isodate 0.6.1 python
|
||||
jmespath 1.0.1 python
|
||||
josepy 1.13.0 python
|
||||
jq 1.6-r2 apk
|
||||
jsonlines 3.1.0 python
|
||||
jsonpickle 3.0.1 python
|
||||
libacl 2.3.1-r1 apk
|
||||
libassuan 2.5.5-r1 apk
|
||||
libattr 2.5.1-r2 apk
|
||||
libavif 0.11.1-r0 apk
|
||||
libbsd 0.11.7-r0 apk
|
||||
libbz2 1.0.8-r4 apk
|
||||
libc-utils 0.7.2-r3 apk
|
||||
libcrypto3 3.0.8-r3 apk
|
||||
libcurl 7.88.1-r1 apk
|
||||
libdav1d 1.0.0-r2 apk
|
||||
libedit 20221030.3.1-r0 apk
|
||||
libevent 2.1.12-r5 apk
|
||||
libexpat 2.5.0-r0 apk
|
||||
libffi 3.4.4-r0 apk
|
||||
libgcc 12.2.1_git20220924-r4 apk
|
||||
libgcrypt 1.10.1-r0 apk
|
||||
libgd 2.3.3-r3 apk
|
||||
libgpg-error 1.46-r1 apk
|
||||
libice 1.0.10-r1 apk
|
||||
libidn 1.41-r0 apk
|
||||
libintl 0.21.1-r1 apk
|
||||
libjpeg-turbo 2.1.4-r0 apk
|
||||
libksba 1.6.3-r0 apk
|
||||
libldap 2.6.3-r6 apk
|
||||
libmaxminddb-libs 1.7.1-r0 apk
|
||||
libmcrypt 2.5.8-r10 apk
|
||||
libmd 1.0.4-r0 apk
|
||||
libmemcached-libs 1.0.18-r5 apk
|
||||
libmnl 1.0.5-r0 apk
|
||||
libnftnl 1.2.4-r0 apk
|
||||
libpng 1.6.38-r0 apk
|
||||
libpq 15.2-r0 apk
|
||||
libproc 3.3.17-r2 apk
|
||||
libsasl 2.1.28-r3 apk
|
||||
libseccomp 2.5.4-r0 apk
|
||||
libsm 1.2.3-r1 apk
|
||||
libsodium 1.0.18-r2 apk
|
||||
libssl3 3.0.8-r3 apk
|
||||
libstdc++ 12.2.1_git20220924-r4 apk
|
||||
libtasn1 4.19.0-r0 apk
|
||||
libunistring 1.1-r0 apk
|
||||
libuuid 2.38.1-r1 apk
|
||||
libwebp 1.2.4-r1 apk
|
||||
libx11 1.8.4-r0 apk
|
||||
libxau 1.0.10-r0 apk
|
||||
libxcb 1.15-r0 apk
|
||||
libxdmcp 1.1.4-r0 apk
|
||||
libxext 1.3.5-r0 apk
|
||||
libxml2 2.10.3-r1 apk
|
||||
libxpm 3.5.15-r0 apk
|
||||
libxslt 1.1.37-r1 apk
|
||||
libxt 1.2.1-r0 apk
|
||||
libzip 1.9.2-r2 apk
|
||||
linux-pam 1.5.2-r1 apk
|
||||
logrotate 3.20.1-r3 apk
|
||||
loopialib 0.2.0 python
|
||||
lxml 4.9.2 python
|
||||
lz4-libs 1.9.4-r1 apk
|
||||
marshmallow 3.19.0 python
|
||||
marshmallow-enum 1.5.1 python
|
||||
memcached 1.6.17 binary
|
||||
memcached 1.6.17-r0 apk
|
||||
mock 5.0.1 python
|
||||
mpdecimal 2.5.1-r1 apk
|
||||
msal 1.21.0 python
|
||||
msal-extensions 1.0.0 python
|
||||
msrest 0.7.1 python
|
||||
musl 1.2.3-r4 apk
|
||||
musl-utils 1.2.3-r4 apk
|
||||
mypy-extensions 1.0.0 python
|
||||
nano 7.0-r0 apk
|
||||
ncurses-libs 6.3_p20221119-r0 apk
|
||||
ncurses-terminfo-base 6.3_p20221119-r0 apk
|
||||
netcat-openbsd 1.130-r4 apk
|
||||
nettle 3.8.1-r0 apk
|
||||
nghttp2-libs 1.51.0-r0 apk
|
||||
nginx 1.22.1-r0 apk
|
||||
nginx-mod-devel-kit 1.22.1-r0 apk
|
||||
nginx-mod-http-brotli 1.22.1-r0 apk
|
||||
nginx-mod-http-dav-ext 1.22.1-r0 apk
|
||||
nginx-mod-http-echo 1.22.1-r0 apk
|
||||
nginx-mod-http-fancyindex 1.22.1-r0 apk
|
||||
nginx-mod-http-geoip2 1.22.1-r0 apk
|
||||
nginx-mod-http-headers-more 1.22.1-r0 apk
|
||||
nginx-mod-http-image-filter 1.22.1-r0 apk
|
||||
nginx-mod-http-perl 1.22.1-r0 apk
|
||||
nginx-mod-http-redis2 1.22.1-r0 apk
|
||||
nginx-mod-http-set-misc 1.22.1-r0 apk
|
||||
nginx-mod-http-upload-progress 1.22.1-r0 apk
|
||||
nginx-mod-http-xslt-filter 1.22.1-r0 apk
|
||||
nginx-mod-mail 1.22.1-r0 apk
|
||||
nginx-mod-rtmp 1.22.1-r0 apk
|
||||
nginx-mod-stream 1.22.1-r0 apk
|
||||
nginx-mod-stream-geoip2 1.22.1-r0 apk
|
||||
nginx-vim 1.22.1-r0 apk
|
||||
npth 1.6-r2 apk
|
||||
oauth2client 4.1.3 python
|
||||
oauthlib 3.2.2 python
|
||||
oniguruma 6.9.8-r0 apk
|
||||
openssl 3.0.8-r3 apk
|
||||
p11-kit 0.24.1-r1 apk
|
||||
packaging 23.0 python
|
||||
parsedatetime 2.6 python
|
||||
pcre 8.45-r2 apk
|
||||
pcre2 10.42-r0 apk
|
||||
perl 5.36.0-r0 apk
|
||||
perl-error 0.17029-r1 apk
|
||||
perl-git 2.38.4-r1 apk
|
||||
php-cli 8.1.17 binary
|
||||
php-fpm 8.1.17 binary
|
||||
php81 8.1.17-r0 apk
|
||||
php81-bcmath 8.1.17-r0 apk
|
||||
php81-bz2 8.1.17-r0 apk
|
||||
php81-common 8.1.17-r0 apk
|
||||
php81-ctype 8.1.17-r0 apk
|
||||
php81-curl 8.1.17-r0 apk
|
||||
php81-dom 8.1.17-r0 apk
|
||||
php81-exif 8.1.17-r0 apk
|
||||
php81-fileinfo 8.1.17-r0 apk
|
||||
php81-fpm 8.1.17-r0 apk
|
||||
php81-ftp 8.1.17-r0 apk
|
||||
php81-gd 8.1.17-r0 apk
|
||||
php81-gmp 8.1.17-r0 apk
|
||||
php81-iconv 8.1.17-r0 apk
|
||||
php81-imap 8.1.17-r0 apk
|
||||
php81-intl 8.1.17-r0 apk
|
||||
php81-ldap 8.1.17-r0 apk
|
||||
php81-mbstring 8.1.17-r0 apk
|
||||
php81-mysqli 8.1.17-r0 apk
|
||||
php81-mysqlnd 8.1.17-r0 apk
|
||||
php81-opcache 8.1.17-r0 apk
|
||||
php81-openssl 8.1.17-r0 apk
|
||||
php81-pdo 8.1.17-r0 apk
|
||||
php81-pdo_mysql 8.1.17-r0 apk
|
||||
php81-pdo_odbc 8.1.17-r0 apk
|
||||
php81-pdo_pgsql 8.1.17-r0 apk
|
||||
php81-pdo_sqlite 8.1.17-r0 apk
|
||||
php81-pear 8.1.17-r0 apk
|
||||
php81-pecl-apcu 5.1.22-r0 apk
|
||||
php81-pecl-igbinary 3.2.12-r0 apk
|
||||
php81-pecl-mailparse 3.1.4-r0 apk
|
||||
php81-pecl-mcrypt 1.0.6-r0 apk
|
||||
php81-pecl-memcached 3.2.0-r0 apk
|
||||
php81-pecl-redis 5.3.7-r0 apk
|
||||
php81-pecl-xmlrpc 1.0.0_rc3-r0 apk
|
||||
php81-pgsql 8.1.17-r0 apk
|
||||
php81-phar 8.1.17-r0 apk
|
||||
php81-posix 8.1.17-r0 apk
|
||||
php81-session 8.1.17-r0 apk
|
||||
php81-simplexml 8.1.17-r0 apk
|
||||
php81-soap 8.1.17-r0 apk
|
||||
php81-sockets 8.1.17-r0 apk
|
||||
php81-sodium 8.1.17-r0 apk
|
||||
php81-sqlite3 8.1.17-r0 apk
|
||||
php81-tokenizer 8.1.17-r0 apk
|
||||
php81-xml 8.1.17-r0 apk
|
||||
php81-xmlreader 8.1.17-r0 apk
|
||||
php81-xmlwriter 8.1.17-r0 apk
|
||||
php81-xsl 8.1.17-r0 apk
|
||||
php81-zip 8.1.17-r0 apk
|
||||
pinentry 1.2.1-r0 apk
|
||||
pip 23.0.1 python
|
||||
pkb-client 1.2 python
|
||||
popt 1.19-r0 apk
|
||||
portalocker 2.7.0 python
|
||||
procps 3.3.17-r2 apk
|
||||
protobuf 4.22.1 python
|
||||
publicsuffixlist 0.9.3 python
|
||||
pyOpenSSL 23.1.1 python
|
||||
pyRFC3339 1.1 python
|
||||
pyacmedns 0.4 python
|
||||
pyasn1 0.4.8 python
|
||||
pyasn1-modules 0.2.8 python
|
||||
pycparser 2.21 python
|
||||
pyparsing 3.0.9 python
|
||||
python 3.10.11 binary
|
||||
python-dateutil 2.8.2 python
|
||||
python-digitalocean 1.17.0 python
|
||||
python-transip 0.6.0 python
|
||||
python3 3.10.11-r0 apk
|
||||
pytz 2023.3 python
|
||||
readline 8.2.0-r0 apk
|
||||
requests 2.28.2 python
|
||||
requests-file 1.5.1 python
|
||||
requests-mock 1.10.0 python
|
||||
requests-oauthlib 1.3.1 python
|
||||
rsa 4.9 python
|
||||
s3transfer 0.6.0 python
|
||||
scanelf 1.3.5-r1 apk
|
||||
setuptools 65.5.0 python
|
||||
shadow 4.13-r0 apk
|
||||
six 1.16.0 python
|
||||
skalibs 2.12.0.1-r0 apk
|
||||
soupsieve 2.4 python
|
||||
sqlite-libs 3.40.1-r0 apk
|
||||
ssl_client 1.35.0-r29 apk
|
||||
tiff 4.4.0-r3 apk
|
||||
tldextract 3.4.0 python
|
||||
typing-inspect 0.8.0 python
|
||||
typing_extensions 4.5.0 python
|
||||
tzdata 2023c-r0 apk
|
||||
unixodbc 2.3.11-r0 apk
|
||||
uritemplate 4.1.1 python
|
||||
urllib3 1.26.15 python
|
||||
utmps-libs 0.1.2.0-r1 apk
|
||||
wheel 0.40.0 python
|
||||
whois 5.5.14-r0 apk
|
||||
xz 5.2.9-r0 apk
|
||||
xz-libs 5.2.9-r0 apk
|
||||
zipp 3.15.0 python
|
||||
zlib 1.2.13-r0 apk
|
||||
zope.interface 6.0 python
|
||||
zstd-libs 1.5.5-r0 apk
|
||||
|
||||
10
readme-vars.yml
Executable file → Normal file
10
readme-vars.yml
Executable file → Normal file
@ -51,7 +51,7 @@ opt_param_usage_include_env: true
|
||||
opt_param_env_vars:
|
||||
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
|
||||
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
|
||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||
@ -154,6 +154,14 @@ app_setup_block: |
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "25.03.23:", desc: "Fix renewal post hook." }
|
||||
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
|
||||
- { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
|
||||
- { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
|
||||
- { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
|
||||
- { date: "06.02.23:", desc: "Add porkbun support back in." }
|
||||
- { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
|
||||
- { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
|
||||
- { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
|
||||
- { date: "08.12.22:", desc: "Revamp certbot init."}
|
||||
- { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
|
||||
|
||||
4
root/defaults/dns-conf/google-domains.ini
Normal file
4
root/defaults/dns-conf/google-domains.ini
Normal file
@ -0,0 +1,4 @@
|
||||
# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
|
||||
# Replace with your value
|
||||
dns_google_domains_access_token = abcdef
|
||||
dns_google_domains_zone = example.com
|
||||
@ -1,3 +1,5 @@
|
||||
# Recommended PROPAGATION value in environment for netcup is 900
|
||||
|
||||
dns_netcup_customer_id = 123456
|
||||
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
|
||||
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
|
||||
# Replace with your values
|
||||
[default]
|
||||
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
|
||||
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
||||
; aws_access_key_id=AKIAIOSFODNN7EXAMPLE
|
||||
; aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
||||
|
||||
@ -5,11 +5,11 @@
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
||||
if pgrep -f "s6-supervise nginx" >/dev/null; then
|
||||
s6-svc -u /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
|
||||
s6-svc -u /run/service/svc-nginx
|
||||
fi
|
||||
else
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -h /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -h /run/service/svc-nginx
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -d /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -d /run/service/svc-nginx
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -1,15 +1,29 @@
|
||||
## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||
|
||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||
auth_request /authelia/api/verify;
|
||||
auth_request_set $target_url $scheme://$http_host$request_uri;
|
||||
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
|
||||
error_page 401 = @authelia_proxy_signin;
|
||||
|
||||
## Translate response headers from Authelia into variables
|
||||
auth_request_set $user $upstream_http_remote_user;
|
||||
auth_request_set $groups $upstream_http_remote_groups;
|
||||
auth_request_set $name $upstream_http_remote_name;
|
||||
auth_request_set $email $upstream_http_remote_email;
|
||||
auth_request_set $authorization $upstream_http_authorization;
|
||||
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
|
||||
|
||||
## Inject the response header variables into the request made to the actual upstream
|
||||
proxy_set_header Remote-User $user;
|
||||
proxy_set_header Remote-Groups $groups;
|
||||
proxy_set_header Remote-Name $name;
|
||||
proxy_set_header Remote-Email $email;
|
||||
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
|
||||
proxy_set_header Authorization $authorization;
|
||||
proxy_set_header Proxy-Authorization $proxy_authorization;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
@ -1,50 +1,55 @@
|
||||
## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||
|
||||
# location for authelia subfolder requests
|
||||
location ^~ /authelia {
|
||||
auth_request off; # requests to this subfolder must be accessible without authentication
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
}
|
||||
|
||||
# location for authelia auth requests
|
||||
location = /authelia/api/verify {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
# Timeout if the real server is dead
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
||||
|
||||
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
|
||||
# Provide either X-Original-URL and X-Forwarded-Proto or
|
||||
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
|
||||
# Those headers will be used by Authelia to deduce the target url of the user.
|
||||
# Basic Proxy Config
|
||||
client_body_buffer_size 128k;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Method $request_method;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header X-Forwarded-Uri $request_uri;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_redirect http:// $scheme://;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_cache_bypass $cookie_session;
|
||||
proxy_no_cache $cookie_session;
|
||||
proxy_buffers 4 32k;
|
||||
|
||||
# Advanced Proxy Config
|
||||
send_timeout 5m;
|
||||
proxy_read_timeout 240;
|
||||
proxy_send_timeout 240;
|
||||
proxy_connect_timeout 240;
|
||||
}
|
||||
|
||||
# Virtual location for authelia 401 redirects
|
||||
location @authelia_proxy_signin {
|
||||
internal;
|
||||
|
||||
## Set the $target_url variable based on the original request.
|
||||
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
## Set $authelia_backend to route requests to the current domain by default
|
||||
set $authelia_backend $http_host;
|
||||
## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
|
||||
## To use authelia on a separate subdomain:
|
||||
## * comment the $authelia_backend line above
|
||||
## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
|
||||
## * make sure that your dns has a cname set for authelia
|
||||
## * uncomment the $authelia_backend line below and change example.com to your domain
|
||||
## * restart the swag container
|
||||
#set $authelia_backend authelia.example.com;
|
||||
|
||||
return 302 https://$authelia_backend/authelia/?rd=$target_url;
|
||||
}
|
||||
|
||||
26
root/defaults/nginx/authentik-location.conf.sample
Normal file
26
root/defaults/nginx/authentik-location.conf.sample
Normal file
@ -0,0 +1,26 @@
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
|
||||
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
||||
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
|
||||
|
||||
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
|
||||
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
|
||||
error_page 401 = @goauthentik_proxy_signin;
|
||||
|
||||
## Translate response headers from Authentik into variables
|
||||
auth_request_set $authentik_username $upstream_http_x_authentik_username;
|
||||
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
|
||||
auth_request_set $authentik_email $upstream_http_x_authentik_email;
|
||||
auth_request_set $authentik_name $upstream_http_x_authentik_name;
|
||||
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
|
||||
|
||||
## Inject the response header variables into the request made to the actual upstream
|
||||
proxy_set_header X-authentik-username $authentik_username;
|
||||
proxy_set_header X-authentik-groups $authentik_groups;
|
||||
proxy_set_header X-authentik-email $authentik_email;
|
||||
proxy_set_header X-authentik-name $authentik_name;
|
||||
proxy_set_header X-authentik-uid $authentik_uid;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
45
root/defaults/nginx/authentik-server.conf.sample
Normal file
45
root/defaults/nginx/authentik-server.conf.sample
Normal file
@ -0,0 +1,45 @@
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
||||
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
||||
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
|
||||
|
||||
# location for authentik subfolder requests
|
||||
location ^~ /outpost.goauthentik.io {
|
||||
auth_request off; # requests to this subfolder must be accessible without authentication
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authentik authentik-server;
|
||||
proxy_pass http://$upstream_authentik:9000;
|
||||
}
|
||||
|
||||
# location for authentik auth requests
|
||||
location = /outpost.goauthentik.io/auth/nginx {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authentik authentik-server;
|
||||
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
}
|
||||
|
||||
# Virtual location for authentik 401 redirects
|
||||
location @goauthentik_proxy_signin {
|
||||
internal;
|
||||
|
||||
## Set the $target_url variable based on the original request.
|
||||
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
||||
|
||||
## Include the Set-Cookie header if present.
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
## Set $authentik_backend to route requests to the current domain by default
|
||||
set $authentik_backend $http_host;
|
||||
return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
|
||||
}
|
||||
@ -1,4 +1,4 @@
|
||||
## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
|
||||
|
||||
# Timeout if the real server is dead
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
||||
@ -25,11 +25,13 @@ proxy_set_header Host $host;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Method $request_method;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-Uri $request_uri;
|
||||
proxy_set_header X-Original-Method $request_method;
|
||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||
|
||||
# redirect all traffic to https
|
||||
server {
|
||||
@ -29,6 +29,9 @@ server {
|
||||
# enable for Authelia (requires authelia-location.conf in the location block)
|
||||
#include /config/nginx/authelia-server.conf;
|
||||
|
||||
# enable for Authentik (requires authentik-location.conf in the location block)
|
||||
#include /config/nginx/authentik-server.conf;
|
||||
|
||||
location / {
|
||||
# enable for basic auth
|
||||
#auth_basic "Restricted";
|
||||
@ -40,6 +43,9 @@ server {
|
||||
# enable for Authelia (requires authelia-server.conf in the server block)
|
||||
#include /config/nginx/authelia-location.conf;
|
||||
|
||||
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||
#include /config/nginx/authentik-location.conf;
|
||||
|
||||
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
|
||||
}
|
||||
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
# copy crontabs if needed
|
||||
if [[ ! -f /config/crontabs/root ]]; then
|
||||
cp /etc/crontabs/root /config/crontabs/
|
||||
fi
|
||||
|
||||
# import user crontabs
|
||||
rm /etc/crontabs/*
|
||||
cp /config/crontabs/* /etc/crontabs/
|
||||
0
root/etc/crontabs/abc
Normal file
0
root/etc/crontabs/abc
Normal file
17
root/etc/cont-init.d/50-certbot → root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
Normal file → Executable file
17
root/etc/cont-init.d/50-certbot → root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
Normal file → Executable file
@ -24,19 +24,24 @@ for i in "${SANED_VARS[@]}"; do
|
||||
done
|
||||
|
||||
# check to make sure DNSPLUGIN is selected if dns validation is used
|
||||
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
|
||||
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
|
||||
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
|
||||
sleep infinity
|
||||
fi
|
||||
|
||||
# copy dns default configs
|
||||
cp -n /defaults/dns-conf/* /config/dns-conf/
|
||||
chown -R abc:abc /config/dns-conf
|
||||
lsiown -R abc:abc /config/dns-conf
|
||||
|
||||
# copy default renewal hooks
|
||||
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
|
||||
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
|
||||
chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
||||
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
||||
|
||||
# replace nginx service location in renewal hooks
|
||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
|
||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
|
||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
|
||||
|
||||
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
|
||||
if [[ -f "/config/donoteditthisfile.conf" ]]; then
|
||||
@ -136,6 +141,10 @@ else
|
||||
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
|
||||
fi
|
||||
|
||||
# cleanup unused csr and keys folders
|
||||
rm -rf /etc/letsencrypt/csr
|
||||
rm -rf /etc/letsencrypt/keys
|
||||
|
||||
# checking for changes in cert variables, revoking certs if necessary
|
||||
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
||||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
|
||||
@ -265,7 +274,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then
|
||||
DNSCREDENTIALSPARAM=""
|
||||
fi
|
||||
# plugins that don't support setting propagation
|
||||
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
|
||||
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
||||
PROPAGATIONPARAM=""
|
||||
fi
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-certbot-config/run
|
||||
38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
Executable file
38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
Executable file
@ -0,0 +1,38 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
# make folders
|
||||
mkdir -p \
|
||||
/config/crontabs
|
||||
|
||||
## root
|
||||
# if crontabs do not exist in config
|
||||
if [[ ! -f /config/crontabs/root ]]; then
|
||||
# copy crontab from system
|
||||
if crontab -l -u root; then
|
||||
crontab -l -u root >/config/crontabs/root
|
||||
fi
|
||||
|
||||
# if crontabs still do not exist in config (were not copied from system)
|
||||
# copy crontab from included defaults (using -n, do not overwrite an existing file)
|
||||
cp -n /etc/crontabs/root /config/crontabs/
|
||||
fi
|
||||
# set permissions and import user crontabs
|
||||
lsiown root:root /config/crontabs/root
|
||||
crontab -u root /config/crontabs/root
|
||||
|
||||
## abc
|
||||
# if crontabs do not exist in config
|
||||
if [[ ! -f /config/crontabs/abc ]]; then
|
||||
# copy crontab from system
|
||||
if crontab -l -u abc; then
|
||||
crontab -l -u abc >/config/crontabs/abc
|
||||
fi
|
||||
|
||||
# if crontabs still do not exist in config (were not copied from system)
|
||||
# copy crontab from included defaults (using -n, do not overwrite an existing file)
|
||||
cp -n /etc/crontabs/abc /config/crontabs/
|
||||
fi
|
||||
# set permissions and import user crontabs
|
||||
lsiown abc:abc /config/crontabs/abc
|
||||
crontab -u abc /config/crontabs/abc
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
|
||||
0
root/etc/cont-init.d/42-fail2ban → root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
Normal file → Executable file
0
root/etc/cont-init.d/42-fail2ban → root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
|
||||
0
root/etc/cont-init.d/40-folders → root/etc/s6-overlay/s6-rc.d/init-folders-config/run
Normal file → Executable file
0
root/etc/cont-init.d/40-folders → root/etc/s6-overlay/s6-rc.d/init-folders-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-folders-config/run
|
||||
8
root/etc/cont-init.d/45-nginx → root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
Normal file → Executable file
8
root/etc/cont-init.d/45-nginx → root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
Normal file → Executable file
@ -14,6 +14,14 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
|
||||
cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
|
||||
fi
|
||||
|
||||
# copy authentik config files if they don't exist
|
||||
if [[ ! -f /config/nginx/authentik-location.conf ]]; then
|
||||
cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
|
||||
fi
|
||||
if [[ ! -f /config/nginx/authentik-server.conf ]]; then
|
||||
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
|
||||
fi
|
||||
|
||||
# copy old ldap config file to new location
|
||||
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
|
||||
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-nginx-config/run
|
||||
0
root/etc/cont-init.d/70-outdated → root/etc/s6-overlay/s6-rc.d/init-outdated-config/run
Normal file → Executable file
0
root/etc/cont-init.d/70-outdated → root/etc/s6-overlay/s6-rc.d/init-outdated-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-outdated-config/run
|
||||
2
root/etc/cont-init.d/55-permissions → root/etc/s6-overlay/s6-rc.d/init-permissions-config/run
Normal file → Executable file
2
root/etc/cont-init.d/55-permissions → root/etc/s6-overlay/s6-rc.d/init-permissions-config/run
Normal file → Executable file
@ -2,7 +2,7 @@
|
||||
# shellcheck shell=bash
|
||||
|
||||
# permissions
|
||||
chown -R abc:abc \
|
||||
lsiown -R abc:abc \
|
||||
/config
|
||||
chmod -R 0644 /etc/logrotate.d
|
||||
chmod -R +r /config/log
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-permissions-config/run
|
||||
0
root/etc/cont-init.d/60-renew → root/etc/s6-overlay/s6-rc.d/init-renew/run
Normal file → Executable file
0
root/etc/cont-init.d/60-renew → root/etc/s6-overlay/s6-rc.d/init-renew/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-renew/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-renew/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-renew/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-renew/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-renew/run
|
||||
0
root/etc/cont-init.d/31-require-url → root/etc/s6-overlay/s6-rc.d/init-require-url/run
Normal file → Executable file
0
root/etc/cont-init.d/31-require-url → root/etc/s6-overlay/s6-rc.d/init-require-url/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-require-url/run
|
||||
0
root/etc/cont-init.d/41-samples → root/etc/s6-overlay/s6-rc.d/init-samples-config/run
Normal file → Executable file
0
root/etc/cont-init.d/41-samples → root/etc/s6-overlay/s6-rc.d/init-samples-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-samples-config/run
|
||||
0
root/etc/cont-init.d/30-test-run → root/etc/s6-overlay/s6-rc.d/init-test-run/run
Normal file → Executable file
0
root/etc/cont-init.d/30-test-run → root/etc/s6-overlay/s6-rc.d/init-test-run/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
||||
1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-test-run/run
|
||||
0
root/etc/services.d/fail2ban/run → root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run
Normal file → Executable file
0
root/etc/services.d/fail2ban/run → root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
Normal file
@ -0,0 +1 @@
|
||||
longrun
|
||||
Loading…
Reference in New Issue
Block a user