Gitpod refinement and rollback of privileged defaults.
This commit is contained in:
parent
54cbbf2fb8
commit
156b1f8173
|
@ -0,0 +1,47 @@
|
|||
FROM gitpod/workspace-base:latest
|
||||
|
||||
### PHP ###
|
||||
USER root
|
||||
|
||||
ENV PHP_VERSION=8.0
|
||||
|
||||
RUN add-apt-repository -y ppa:ondrej/php \
|
||||
&& install-packages \
|
||||
php${PHP_VERSION}-cli php${PHP_VERSION}-gd \
|
||||
php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-bcmath \
|
||||
php${PHP_VERSION}-gmp php${PHP_VERSION}-mysqlnd php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl \
|
||||
php${PHP_VERSION}-redis php${PHP_VERSION}-maxminddb php${PHP_VERSION}-xdebug \
|
||||
mariadb-client \
|
||||
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
|
||||
|
||||
### Node.js ###
|
||||
USER gitpod
|
||||
ENV NODE_VERSION=16.10.0
|
||||
ENV TRIGGER_REBUILD=1
|
||||
RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | PROFILE=/dev/null bash \
|
||||
&& bash -c ". .nvm/nvm.sh \
|
||||
&& nvm install $NODE_VERSION \
|
||||
&& nvm alias default $NODE_VERSION \
|
||||
&& npm install -g typescript yarn node-gyp" \
|
||||
&& echo ". ~/.nvm/nvm-lazy.sh" >> /home/gitpod/.bashrc.d/50-node
|
||||
# above, we are adding the lazy nvm init to .bashrc, because one is executed on interactive shells, the other for non-interactive shells (e.g. plugin-host)
|
||||
COPY --chown=gitpod:gitpod nvm-lazy.sh /home/gitpod/.nvm/nvm-lazy.sh
|
||||
ENV PATH=$PATH:/home/gitpod/.nvm/versions/node/v${NODE_VERSION}/bin
|
||||
|
||||
### Docker ###
|
||||
USER root
|
||||
# https://docs.docker.com/engine/install/ubuntu/
|
||||
RUN curl -o /var/lib/apt/dazzle-marks/docker.gpg -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
||||
&& apt-key add /var/lib/apt/dazzle-marks/docker.gpg \
|
||||
&& add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
|
||||
&& install-packages docker-ce=5:19.03.15~3-0~ubuntu-focal docker-ce-cli=5:19.03.15~3-0~ubuntu-focal containerd.io
|
||||
|
||||
RUN curl -o /usr/local/bin/docker-compose -fsSL https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 \
|
||||
&& chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
### End ###
|
||||
|
||||
ENV AZURACAST_PUID=33333
|
||||
ENV AZURACAST_PGID=33333
|
||||
|
||||
USER gitpod
|
38
.gitpod.yml
38
.gitpod.yml
|
@ -1,12 +1,3 @@
|
|||
github :
|
||||
prebuilds :
|
||||
addCheck : false
|
||||
|
||||
vscode :
|
||||
extensions :
|
||||
- bmewburn.vscode-intelephense-client
|
||||
- editorconfig.editorconfig
|
||||
|
||||
tasks :
|
||||
- name : Docker Build
|
||||
init : |
|
||||
|
@ -23,3 +14,32 @@ tasks :
|
|||
make frontend-build
|
||||
command : |
|
||||
make frontend-bash
|
||||
|
||||
image :
|
||||
file : .gitpod.Dockerfile
|
||||
|
||||
ports :
|
||||
- port : 10080 # nginx-proxy
|
||||
visibility : public
|
||||
onOpen : open-preview
|
||||
- port : 10022 # SFTP
|
||||
visibility : private
|
||||
onOpen : ignore
|
||||
- port : 13306 # MariaDB debug
|
||||
visibility : private
|
||||
onOpen : ignore
|
||||
- port : 16379 #Redis debug
|
||||
visibility : private
|
||||
onOpen : ignore
|
||||
- port : 8000-8500
|
||||
visibility : public
|
||||
onOpen : ignore
|
||||
|
||||
github :
|
||||
prebuilds :
|
||||
addCheck : false
|
||||
|
||||
vscode :
|
||||
extensions :
|
||||
- bmewburn.vscode-intelephense-client
|
||||
- editorconfig.editorconfig
|
||||
|
|
3
Makefile
3
Makefile
|
@ -4,8 +4,7 @@ list:
|
|||
@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
|
||||
|
||||
install-cloud-ide:
|
||||
cp docker-compose.sample.yml docker-compose.yml
|
||||
cp docker-compose.cloudide.yml docker-compose.override.yml
|
||||
cp docker-compose.cloudide.yml docker-compose.yml
|
||||
cp dev.env .env
|
||||
cp azuracast.dev.env azuracast.env
|
||||
|
||||
|
|
3
dev.env
3
dev.env
|
@ -7,7 +7,4 @@ AZURACAST_HTTPS_PORT=443
|
|||
AZURACAST_SFTP_PORT=2022
|
||||
AZURACAST_STATION_PORTS=8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096
|
||||
|
||||
AZURACAST_PUID=1000
|
||||
AZURACAST_PGID=1000
|
||||
|
||||
NGINX_TIMEOUT=1800
|
||||
|
|
|
@ -1,29 +1,100 @@
|
|||
services :
|
||||
nginx_proxy :
|
||||
container_name : nginx_proxy
|
||||
image : "ghcr.io/azuracast/nginx_proxy:latest"
|
||||
ports :
|
||||
- '10080:80'
|
||||
volumes :
|
||||
- ./util/local_ssl:/etc/nginx/certs
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
nginx_proxy_letsencrypt :
|
||||
volumes :
|
||||
- nginx_proxy_vhosts:/etc/nginx/vhost.d
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment :
|
||||
DEFAULT_HOST : azuracast.local
|
||||
depends_on :
|
||||
- web
|
||||
restart : always
|
||||
|
||||
web :
|
||||
container_name : azuracast_web
|
||||
build :
|
||||
context : .
|
||||
ports :
|
||||
- '10022:2022'
|
||||
depends_on :
|
||||
- mariadb
|
||||
- stations
|
||||
- redis
|
||||
env_file : azuracast.env
|
||||
environment :
|
||||
AZURACAST_DC_REVISION : 12
|
||||
AZURACAST_VERSION : latest
|
||||
AZURACAST_SFTP_PORT : 2022
|
||||
VIRTUAL_HOST : azuracast.local
|
||||
PUID : ${AZURACAST_PUID:-1000}
|
||||
PGID : ${AZURACAST_PGID:-1000}
|
||||
volumes :
|
||||
- ./util/local_ssl:/etc/nginx/certs:ro
|
||||
- ./vendor:/var/azuracast/www/vendor
|
||||
- .:/var/azuracast/www
|
||||
- www_uploads:/var/azuracast/uploads
|
||||
- tmp_data:/var/azuracast/www_tmp
|
||||
- station_data:/var/azuracast/stations
|
||||
- shoutcast2_install:/var/azuracast/servers/shoutcast2
|
||||
- geolite_install:/var/azuracast/geoip
|
||||
- sftpgo_data:/var/azuracast/sftpgo/persist
|
||||
- backups:/var/azuracast/backups
|
||||
restart : always
|
||||
logging : &default-logging
|
||||
options :
|
||||
max-size : "1m"
|
||||
max-file : "5"
|
||||
|
||||
mariadb :
|
||||
container_name : azuracast_mariadb
|
||||
image : "ghcr.io/azuracast/db:latest"
|
||||
volumes :
|
||||
- db_data:/var/lib/mysql
|
||||
ports :
|
||||
- "127.0.0.1:3306:3306"
|
||||
- "13306:3306"
|
||||
env_file : azuracast.env
|
||||
restart : always
|
||||
logging : *default-logging
|
||||
|
||||
redis :
|
||||
container_name : azuracast_redis
|
||||
image : "ghcr.io/azuracast/redis:latest"
|
||||
ports :
|
||||
- "127.0.0.1:6379:6379"
|
||||
- "16379:6379"
|
||||
restart : always
|
||||
logging : *default-logging
|
||||
|
||||
stations :
|
||||
container_name : azuracast_stations
|
||||
image : "ghcr.io/azuracast/radio:latest"
|
||||
environment :
|
||||
PUID : ${AZURACAST_PUID:-1000}
|
||||
PGID : ${AZURACAST_PGID:-1000}
|
||||
ports :
|
||||
- '8000:8000'
|
||||
- '8005:8005'
|
||||
- '8006:8006'
|
||||
- '8010:8010'
|
||||
- '8015:8015'
|
||||
- '8016:8016'
|
||||
volumes :
|
||||
- ./util/local_ssl:/etc/nginx/certs
|
||||
- station_data:/var/azuracast/stations
|
||||
- shoutcast2_install:/var/azuracast/servers/shoutcast2
|
||||
- letsencrypt:/etc/nginx/certs
|
||||
- tmp_data:/var/azuracast/www_tmp
|
||||
init : true
|
||||
restart : always
|
||||
logging : *default-logging
|
||||
|
||||
volumes :
|
||||
nginx_proxy_vhosts : { }
|
||||
db_data : { }
|
||||
shoutcast2_install : { }
|
||||
geolite_install : { }
|
||||
sftpgo_data : { }
|
||||
station_data : { }
|
||||
www_uploads : { }
|
||||
tmp_data : { }
|
||||
backups : { }
|
||||
|
|
|
@ -83,6 +83,10 @@ services :
|
|||
- frontend
|
||||
- backend
|
||||
restart : always
|
||||
ulimits : &default-ulimits
|
||||
nofile :
|
||||
soft : 65536
|
||||
hard : 65536
|
||||
logging : &default-logging
|
||||
options :
|
||||
max-size : "1m"
|
||||
|
@ -102,6 +106,8 @@ services :
|
|||
redis :
|
||||
container_name : azuracast_redis
|
||||
image : "ghcr.io/azuracast/redis:${AZURACAST_VERSION:-latest}"
|
||||
sysctls :
|
||||
net.core.somaxconn : 1024
|
||||
volumes :
|
||||
- redis_data:/data
|
||||
networks :
|
||||
|
@ -277,6 +283,7 @@ services :
|
|||
- backend
|
||||
init : true
|
||||
restart : always
|
||||
ulimits : *default-ulimits
|
||||
logging : *default-logging
|
||||
|
||||
networks :
|
||||
|
|
|
@ -333,20 +333,14 @@ class InstallCommand
|
|||
|
||||
// Remove privileged-mode settings if not enabled.
|
||||
$enablePrivileged = $env->getAsBool('AZURACAST_COMPOSE_PRIVILEGED', true);
|
||||
if ($enablePrivileged) {
|
||||
$yaml['services']['redis']['sysctls'] = [
|
||||
'net.core.somaxconn' => 1024,
|
||||
];
|
||||
|
||||
$ulimits = [
|
||||
'nofile' => [
|
||||
'soft' => 65536,
|
||||
'hard' => 65536,
|
||||
],
|
||||
];
|
||||
|
||||
$yaml['services']['web']['ulimits'] = $ulimits;
|
||||
$yaml['services']['stations']['ulimits'] = $ulimits;
|
||||
if (!$enablePrivileged) {
|
||||
foreach ($yaml['services'] as &$service) {
|
||||
unset(
|
||||
$service['ulimits'],
|
||||
$service['sysctls']
|
||||
);
|
||||
}
|
||||
unset($service);
|
||||
}
|
||||
|
||||
$yamlRaw = Yaml::dump($yaml, PHP_INT_MAX);
|
||||
|
|
Loading…
Reference in New Issue