Gitpod refinement and rollback of privileged defaults.

2021-09-23 23:48:28 -05:00 · 2021-09-23 23:48:28 -05:00 · 156b1f8173
parent 54cbbf2fb8
commit 156b1f8173
7 changed files with 172 additions and 37 deletions
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@ -0,0 +1,47 @@
+FROM gitpod/workspace-base:latest
+
+### PHP ###
+USER root
+
+ENV PHP_VERSION=8.0
+
+RUN add-apt-repository -y ppa:ondrej/php \
+    && install-packages \
+      php${PHP_VERSION}-cli php${PHP_VERSION}-gd \
+      php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-bcmath \
+      php${PHP_VERSION}-gmp php${PHP_VERSION}-mysqlnd php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl \
+      php${PHP_VERSION}-redis php${PHP_VERSION}-maxminddb php${PHP_VERSION}-xdebug \
+      mariadb-client \
+    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
+
+### Node.js ###
+USER gitpod
+ENV NODE_VERSION=16.10.0
+ENV TRIGGER_REBUILD=1
+RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | PROFILE=/dev/null bash \
+    && bash -c ". .nvm/nvm.sh \
+        && nvm install $NODE_VERSION \
+        && nvm alias default $NODE_VERSION \
+        && npm install -g typescript yarn node-gyp" \
+    && echo ". ~/.nvm/nvm-lazy.sh"  >> /home/gitpod/.bashrc.d/50-node
+# above, we are adding the lazy nvm init to .bashrc, because one is executed on interactive shells, the other for non-interactive shells (e.g. plugin-host)
+COPY --chown=gitpod:gitpod nvm-lazy.sh /home/gitpod/.nvm/nvm-lazy.sh
+ENV PATH=$PATH:/home/gitpod/.nvm/versions/node/v${NODE_VERSION}/bin
+
+### Docker ###
+USER root
+# https://docs.docker.com/engine/install/ubuntu/
+RUN curl -o /var/lib/apt/dazzle-marks/docker.gpg -fsSL https://download.docker.com/linux/ubuntu/gpg \
+    && apt-key add /var/lib/apt/dazzle-marks/docker.gpg \
+    && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
+    && install-packages docker-ce=5:19.03.15~3-0~ubuntu-focal docker-ce-cli=5:19.03.15~3-0~ubuntu-focal containerd.io
+
+RUN curl -o /usr/local/bin/docker-compose -fsSL https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 \
+    && chmod +x /usr/local/bin/docker-compose
+
+### End ###
+
+ENV AZURACAST_PUID=33333
+ENV AZURACAST_PGID=33333
+
+USER gitpod
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -1,12 +1,3 @@
-github :
-  prebuilds :
-    addCheck : false
-
-vscode :
-  extensions :
-    - bmewburn.vscode-intelephense-client
-    - editorconfig.editorconfig
-
 tasks :
  - name : Docker Build
    init : |
@ -23,3 +14,32 @@ tasks :
      make frontend-build
    command : |
      make frontend-bash
+
+image :
+  file : .gitpod.Dockerfile
+
+ports :
+  - port : 10080 # nginx-proxy
+    visibility : public
+    onOpen : open-preview
+  - port : 10022 # SFTP
+    visibility : private
+    onOpen : ignore
+  - port : 13306 # MariaDB debug
+    visibility : private
+    onOpen : ignore
+  - port : 16379 #Redis debug
+    visibility : private
+    onOpen : ignore
+  - port : 8000-8500
+    visibility : public
+    onOpen : ignore
+
+github :
+  prebuilds :
+    addCheck : false
+
+vscode :
+  extensions :
+    - bmewburn.vscode-intelephense-client
+    - editorconfig.editorconfig
--- a/3
+++ b/3
@ -4,8 +4,7 @@ list:
 	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'

 install-cloud-ide:
-	cp docker-compose.sample.yml docker-compose.yml
-	cp docker-compose.cloudide.yml docker-compose.override.yml
+	cp docker-compose.cloudide.yml docker-compose.yml
 	cp dev.env .env
 	cp azuracast.dev.env azuracast.env

--- a/dev.env
+++ b/dev.env
@ -7,7 +7,4 @@ AZURACAST_HTTPS_PORT=443
 AZURACAST_SFTP_PORT=2022
 AZURACAST_STATION_PORTS=8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096

-AZURACAST_PUID=1000
-AZURACAST_PGID=1000
-
 NGINX_TIMEOUT=1800
--- a/docker-compose.cloudide.yml
+++ b/docker-compose.cloudide.yml
@ -1,29 +1,100 @@
 services :
  nginx_proxy :
+    container_name : nginx_proxy
+    image : "ghcr.io/azuracast/nginx_proxy:latest"
+    ports :
+      - '10080:80'
    volumes :
-      - ./util/local_ssl:/etc/nginx/certs
-      - /var/run/docker.sock:/tmp/docker.sock:ro
-
-  nginx_proxy_letsencrypt :
-    volumes :
+      - nginx_proxy_vhosts:/etc/nginx/vhost.d
      - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment :
+      DEFAULT_HOST : azuracast.local
+    depends_on :
+      - web
+    restart : always

  web :
+    container_name : azuracast_web
    build :
      context : .
+    ports :
+      - '10022:2022'
+    depends_on :
+      - mariadb
+      - stations
+      - redis
+    env_file : azuracast.env
+    environment :
+      AZURACAST_DC_REVISION : 12
+      AZURACAST_VERSION : latest
+      AZURACAST_SFTP_PORT : 2022
+      VIRTUAL_HOST : azuracast.local
+      PUID : ${AZURACAST_PUID:-1000}
+      PGID : ${AZURACAST_PGID:-1000}
    volumes :
-      - ./util/local_ssl:/etc/nginx/certs:ro
      - ./vendor:/var/azuracast/www/vendor
      - .:/var/azuracast/www
+      - www_uploads:/var/azuracast/uploads
+      - tmp_data:/var/azuracast/www_tmp
+      - station_data:/var/azuracast/stations
+      - shoutcast2_install:/var/azuracast/servers/shoutcast2
+      - geolite_install:/var/azuracast/geoip
+      - sftpgo_data:/var/azuracast/sftpgo/persist
+      - backups:/var/azuracast/backups
+    restart : always
+    logging : &default-logging
+      options :
+        max-size : "1m"
+        max-file : "5"

  mariadb :
+    container_name : azuracast_mariadb
+    image : "ghcr.io/azuracast/db:latest"
+    volumes :
+      - db_data:/var/lib/mysql
    ports :
-      - "127.0.0.1:3306:3306"
+      - "13306:3306"
+    env_file : azuracast.env
+    restart : always
+    logging : *default-logging

  redis :
+    container_name : azuracast_redis
+    image : "ghcr.io/azuracast/redis:latest"
    ports :
-      - "127.0.0.1:6379:6379"
+      - "16379:6379"
+    restart : always
+    logging : *default-logging

  stations :
+    container_name : azuracast_stations
+    image : "ghcr.io/azuracast/radio:latest"
+    environment :
+      PUID : ${AZURACAST_PUID:-1000}
+      PGID : ${AZURACAST_PGID:-1000}
+    ports :
+      - '8000:8000'
+      - '8005:8005'
+      - '8006:8006'
+      - '8010:8010'
+      - '8015:8015'
+      - '8016:8016'
    volumes :
-      - ./util/local_ssl:/etc/nginx/certs
+      - station_data:/var/azuracast/stations
+      - shoutcast2_install:/var/azuracast/servers/shoutcast2
+      - letsencrypt:/etc/nginx/certs
+      - tmp_data:/var/azuracast/www_tmp
+    init : true
+    restart : always
+    logging : *default-logging
+
+volumes :
+  nginx_proxy_vhosts : { }
+  db_data : { }
+  shoutcast2_install : { }
+  geolite_install : { }
+  sftpgo_data : { }
+  station_data : { }
+  www_uploads : { }
+  tmp_data : { }
+  backups : { }
--- a/docker-compose.sample.yml
+++ b/docker-compose.sample.yml
@ -83,6 +83,10 @@ services :
      - frontend
      - backend
    restart : always
+    ulimits : &default-ulimits
+      nofile :
+        soft : 65536
+        hard : 65536
    logging : &default-logging
      options :
        max-size : "1m"
@ -102,6 +106,8 @@ services :
  redis :
    container_name : azuracast_redis
    image : "ghcr.io/azuracast/redis:${AZURACAST_VERSION:-latest}"
+    sysctls :
+      net.core.somaxconn : 1024
    volumes :
      - redis_data:/data
    networks :
@ -277,6 +283,7 @@ services :
      - backend
    init : true
    restart : always
+    ulimits : *default-ulimits
    logging : *default-logging

 networks :
--- a/src/Installer/Command/InstallCommand.php
+++ b/src/Installer/Command/InstallCommand.php
@ -333,20 +333,14 @@ class InstallCommand

        // Remove privileged-mode settings if not enabled.
        $enablePrivileged = $env->getAsBool('AZURACAST_COMPOSE_PRIVILEGED', true);
-        if ($enablePrivileged) {
-            $yaml['services']['redis']['sysctls'] = [
-                'net.core.somaxconn' => 1024,
-            ];
-
-            $ulimits = [
-                'nofile' => [
-                    'soft' => 65536,
-                    'hard' => 65536,
-                ],
-            ];
-
-            $yaml['services']['web']['ulimits'] = $ulimits;
-            $yaml['services']['stations']['ulimits'] = $ulimits;
+        if (!$enablePrivileged) {
+            foreach ($yaml['services'] as &$service) {
+                unset(
+                    $service['ulimits'],
+                    $service['sysctls']
+                );
+            }
+            unset($service);
        }

        $yamlRaw = Yaml::dump($yaml, PHP_INT_MAX);