From 156b1f8173b36b3ab7d2b105cf86957950d65772 Mon Sep 17 00:00:00 2001
From: "Buster \"Silver Eagle\" Neece" <buster@busterneece.com>
Date: Thu, 23 Sep 2021 23:48:28 -0500
Subject: [PATCH] Gitpod refinement and rollback of privileged defaults.

---
 .gitpod.Dockerfile                       | 47 +++++++++++++
 .gitpod.yml                              | 38 +++++++---
 Makefile                                 |  3 +-
 dev.env                                  |  3 -
 docker-compose.cloudide.yml              | 89 +++++++++++++++++++++---
 docker-compose.sample.yml                |  7 ++
 src/Installer/Command/InstallCommand.php | 22 +++---
 7 files changed, 172 insertions(+), 37 deletions(-)
 create mode 100644 .gitpod.Dockerfile

diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile
new file mode 100644
index 000000000..7d01bb778
--- /dev/null
+++ b/.gitpod.Dockerfile
@@ -0,0 +1,47 @@
+FROM gitpod/workspace-base:latest
+
+### PHP ###
+USER root
+
+ENV PHP_VERSION=8.0
+
+RUN add-apt-repository -y ppa:ondrej/php \
+    && install-packages \
+      php${PHP_VERSION}-cli php${PHP_VERSION}-gd \
+      php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-bcmath \
+      php${PHP_VERSION}-gmp php${PHP_VERSION}-mysqlnd php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl \
+      php${PHP_VERSION}-redis php${PHP_VERSION}-maxminddb php${PHP_VERSION}-xdebug \
+      mariadb-client \
+    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
+
+### Node.js ###
+USER gitpod
+ENV NODE_VERSION=16.10.0
+ENV TRIGGER_REBUILD=1
+RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | PROFILE=/dev/null bash \
+    && bash -c ". .nvm/nvm.sh \
+        && nvm install $NODE_VERSION \
+        && nvm alias default $NODE_VERSION \
+        && npm install -g typescript yarn node-gyp" \
+    && echo ". ~/.nvm/nvm-lazy.sh"  >> /home/gitpod/.bashrc.d/50-node
+# above, we are adding the lazy nvm init to .bashrc, because one is executed on interactive shells, the other for non-interactive shells (e.g. plugin-host)
+COPY --chown=gitpod:gitpod nvm-lazy.sh /home/gitpod/.nvm/nvm-lazy.sh
+ENV PATH=$PATH:/home/gitpod/.nvm/versions/node/v${NODE_VERSION}/bin
+
+### Docker ###
+USER root
+# https://docs.docker.com/engine/install/ubuntu/
+RUN curl -o /var/lib/apt/dazzle-marks/docker.gpg -fsSL https://download.docker.com/linux/ubuntu/gpg \
+    && apt-key add /var/lib/apt/dazzle-marks/docker.gpg \
+    && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
+    && install-packages docker-ce=5:19.03.15~3-0~ubuntu-focal docker-ce-cli=5:19.03.15~3-0~ubuntu-focal containerd.io
+
+RUN curl -o /usr/local/bin/docker-compose -fsSL https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 \
+    && chmod +x /usr/local/bin/docker-compose
+
+### End ###
+
+ENV AZURACAST_PUID=33333
+ENV AZURACAST_PGID=33333
+
+USER gitpod
diff --git a/.gitpod.yml b/.gitpod.yml
index a1bc91b5b..bac061fa5 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -1,12 +1,3 @@
-github :
-  prebuilds :
-    addCheck : false
-
-vscode :
-  extensions :
-    - bmewburn.vscode-intelephense-client
-    - editorconfig.editorconfig
-
 tasks :
   - name : Docker Build
     init : |
@@ -23,3 +14,32 @@ tasks :
       make frontend-build
     command : |
       make frontend-bash
+
+image :
+  file : .gitpod.Dockerfile
+
+ports :
+  - port : 10080 # nginx-proxy
+    visibility : public
+    onOpen : open-preview
+  - port : 10022 # SFTP
+    visibility : private
+    onOpen : ignore
+  - port : 13306 # MariaDB debug
+    visibility : private
+    onOpen : ignore
+  - port : 16379 #Redis debug
+    visibility : private
+    onOpen : ignore
+  - port : 8000-8500
+    visibility : public
+    onOpen : ignore
+
+github :
+  prebuilds :
+    addCheck : false
+
+vscode :
+  extensions :
+    - bmewburn.vscode-intelephense-client
+    - editorconfig.editorconfig
diff --git a/Makefile b/Makefile
index 867b6f3ce..4acb46b25 100644
--- a/Makefile
+++ b/Makefile
@@ -4,8 +4,7 @@ list:
 	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
 
 install-cloud-ide:
-	cp docker-compose.sample.yml docker-compose.yml
-	cp docker-compose.cloudide.yml docker-compose.override.yml
+	cp docker-compose.cloudide.yml docker-compose.yml
 	cp dev.env .env
 	cp azuracast.dev.env azuracast.env
 
diff --git a/dev.env b/dev.env
index c9bda2a36..d9477babf 100644
--- a/dev.env
+++ b/dev.env
@@ -7,7 +7,4 @@ AZURACAST_HTTPS_PORT=443
 AZURACAST_SFTP_PORT=2022
 AZURACAST_STATION_PORTS=8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096
 
-AZURACAST_PUID=1000
-AZURACAST_PGID=1000
-
 NGINX_TIMEOUT=1800
diff --git a/docker-compose.cloudide.yml b/docker-compose.cloudide.yml
index f83ddbddc..56b5a7194 100644
--- a/docker-compose.cloudide.yml
+++ b/docker-compose.cloudide.yml
@@ -1,29 +1,100 @@
 services :
   nginx_proxy :
+    container_name : nginx_proxy
+    image : "ghcr.io/azuracast/nginx_proxy:latest"
+    ports :
+      - '10080:80'
     volumes :
-      - ./util/local_ssl:/etc/nginx/certs
-      - /var/run/docker.sock:/tmp/docker.sock:ro
-
-  nginx_proxy_letsencrypt :
-    volumes :
+      - nginx_proxy_vhosts:/etc/nginx/vhost.d
       - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment :
+      DEFAULT_HOST : azuracast.local
+    depends_on :
+      - web
+    restart : always
 
   web :
+    container_name : azuracast_web
     build :
       context : .
+    ports :
+      - '10022:2022'
+    depends_on :
+      - mariadb
+      - stations
+      - redis
+    env_file : azuracast.env
+    environment :
+      AZURACAST_DC_REVISION : 12
+      AZURACAST_VERSION : latest
+      AZURACAST_SFTP_PORT : 2022
+      VIRTUAL_HOST : azuracast.local
+      PUID : ${AZURACAST_PUID:-1000}
+      PGID : ${AZURACAST_PGID:-1000}
     volumes :
-      - ./util/local_ssl:/etc/nginx/certs:ro
       - ./vendor:/var/azuracast/www/vendor
       - .:/var/azuracast/www
+      - www_uploads:/var/azuracast/uploads
+      - tmp_data:/var/azuracast/www_tmp
+      - station_data:/var/azuracast/stations
+      - shoutcast2_install:/var/azuracast/servers/shoutcast2
+      - geolite_install:/var/azuracast/geoip
+      - sftpgo_data:/var/azuracast/sftpgo/persist
+      - backups:/var/azuracast/backups
+    restart : always
+    logging : &default-logging
+      options :
+        max-size : "1m"
+        max-file : "5"
 
   mariadb :
+    container_name : azuracast_mariadb
+    image : "ghcr.io/azuracast/db:latest"
+    volumes :
+      - db_data:/var/lib/mysql
     ports :
-      - "127.0.0.1:3306:3306"
+      - "13306:3306"
+    env_file : azuracast.env
+    restart : always
+    logging : *default-logging
 
   redis :
+    container_name : azuracast_redis
+    image : "ghcr.io/azuracast/redis:latest"
     ports :
-      - "127.0.0.1:6379:6379"
+      - "16379:6379"
+    restart : always
+    logging : *default-logging
 
   stations :
+    container_name : azuracast_stations
+    image : "ghcr.io/azuracast/radio:latest"
+    environment :
+      PUID : ${AZURACAST_PUID:-1000}
+      PGID : ${AZURACAST_PGID:-1000}
+    ports :
+      - '8000:8000'
+      - '8005:8005'
+      - '8006:8006'
+      - '8010:8010'
+      - '8015:8015'
+      - '8016:8016'
     volumes :
-      - ./util/local_ssl:/etc/nginx/certs
+      - station_data:/var/azuracast/stations
+      - shoutcast2_install:/var/azuracast/servers/shoutcast2
+      - letsencrypt:/etc/nginx/certs
+      - tmp_data:/var/azuracast/www_tmp
+    init : true
+    restart : always
+    logging : *default-logging
+
+volumes :
+  nginx_proxy_vhosts : { }
+  db_data : { }
+  shoutcast2_install : { }
+  geolite_install : { }
+  sftpgo_data : { }
+  station_data : { }
+  www_uploads : { }
+  tmp_data : { }
+  backups : { }
diff --git a/docker-compose.sample.yml b/docker-compose.sample.yml
index 00d74122a..da2df8bf8 100644
--- a/docker-compose.sample.yml
+++ b/docker-compose.sample.yml
@@ -83,6 +83,10 @@ services :
       - frontend
       - backend
     restart : always
+    ulimits : &default-ulimits
+      nofile :
+        soft : 65536
+        hard : 65536
     logging : &default-logging
       options :
         max-size : "1m"
@@ -102,6 +106,8 @@ services :
   redis :
     container_name : azuracast_redis
     image : "ghcr.io/azuracast/redis:${AZURACAST_VERSION:-latest}"
+    sysctls :
+      net.core.somaxconn : 1024
     volumes :
       - redis_data:/data
     networks :
@@ -277,6 +283,7 @@ services :
       - backend
     init : true
     restart : always
+    ulimits : *default-ulimits
     logging : *default-logging
 
 networks :
diff --git a/src/Installer/Command/InstallCommand.php b/src/Installer/Command/InstallCommand.php
index 274f05c5f..f0a6786f0 100644
--- a/src/Installer/Command/InstallCommand.php
+++ b/src/Installer/Command/InstallCommand.php
@@ -333,20 +333,14 @@ class InstallCommand
 
         // Remove privileged-mode settings if not enabled.
         $enablePrivileged = $env->getAsBool('AZURACAST_COMPOSE_PRIVILEGED', true);
-        if ($enablePrivileged) {
-            $yaml['services']['redis']['sysctls'] = [
-                'net.core.somaxconn' => 1024,
-            ];
-
-            $ulimits = [
-                'nofile' => [
-                    'soft' => 65536,
-                    'hard' => 65536,
-                ],
-            ];
-
-            $yaml['services']['web']['ulimits'] = $ulimits;
-            $yaml['services']['stations']['ulimits'] = $ulimits;
+        if (!$enablePrivileged) {
+            foreach ($yaml['services'] as &$service) {
+                unset(
+                    $service['ulimits'],
+                    $service['sysctls']
+                );
+            }
+            unset($service);
         }
 
         $yamlRaw = Yaml::dump($yaml, PHP_INT_MAX);