Gitpod refinement and rollback of privileged defaults.
This commit is contained in:
parent
54cbbf2fb8
commit
156b1f8173
|
@ -0,0 +1,47 @@
|
||||||
|
FROM gitpod/workspace-base:latest
|
||||||
|
|
||||||
|
### PHP ###
|
||||||
|
USER root
|
||||||
|
|
||||||
|
ENV PHP_VERSION=8.0
|
||||||
|
|
||||||
|
RUN add-apt-repository -y ppa:ondrej/php \
|
||||||
|
&& install-packages \
|
||||||
|
php${PHP_VERSION}-cli php${PHP_VERSION}-gd \
|
||||||
|
php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-bcmath \
|
||||||
|
php${PHP_VERSION}-gmp php${PHP_VERSION}-mysqlnd php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl \
|
||||||
|
php${PHP_VERSION}-redis php${PHP_VERSION}-maxminddb php${PHP_VERSION}-xdebug \
|
||||||
|
mariadb-client \
|
||||||
|
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
|
||||||
|
|
||||||
|
### Node.js ###
|
||||||
|
USER gitpod
|
||||||
|
ENV NODE_VERSION=16.10.0
|
||||||
|
ENV TRIGGER_REBUILD=1
|
||||||
|
RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | PROFILE=/dev/null bash \
|
||||||
|
&& bash -c ". .nvm/nvm.sh \
|
||||||
|
&& nvm install $NODE_VERSION \
|
||||||
|
&& nvm alias default $NODE_VERSION \
|
||||||
|
&& npm install -g typescript yarn node-gyp" \
|
||||||
|
&& echo ". ~/.nvm/nvm-lazy.sh" >> /home/gitpod/.bashrc.d/50-node
|
||||||
|
# above, we are adding the lazy nvm init to .bashrc, because one is executed on interactive shells, the other for non-interactive shells (e.g. plugin-host)
|
||||||
|
COPY --chown=gitpod:gitpod nvm-lazy.sh /home/gitpod/.nvm/nvm-lazy.sh
|
||||||
|
ENV PATH=$PATH:/home/gitpod/.nvm/versions/node/v${NODE_VERSION}/bin
|
||||||
|
|
||||||
|
### Docker ###
|
||||||
|
USER root
|
||||||
|
# https://docs.docker.com/engine/install/ubuntu/
|
||||||
|
RUN curl -o /var/lib/apt/dazzle-marks/docker.gpg -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
||||||
|
&& apt-key add /var/lib/apt/dazzle-marks/docker.gpg \
|
||||||
|
&& add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
|
||||||
|
&& install-packages docker-ce=5:19.03.15~3-0~ubuntu-focal docker-ce-cli=5:19.03.15~3-0~ubuntu-focal containerd.io
|
||||||
|
|
||||||
|
RUN curl -o /usr/local/bin/docker-compose -fsSL https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 \
|
||||||
|
&& chmod +x /usr/local/bin/docker-compose
|
||||||
|
|
||||||
|
### End ###
|
||||||
|
|
||||||
|
ENV AZURACAST_PUID=33333
|
||||||
|
ENV AZURACAST_PGID=33333
|
||||||
|
|
||||||
|
USER gitpod
|
38
.gitpod.yml
38
.gitpod.yml
|
@ -1,12 +1,3 @@
|
||||||
github :
|
|
||||||
prebuilds :
|
|
||||||
addCheck : false
|
|
||||||
|
|
||||||
vscode :
|
|
||||||
extensions :
|
|
||||||
- bmewburn.vscode-intelephense-client
|
|
||||||
- editorconfig.editorconfig
|
|
||||||
|
|
||||||
tasks :
|
tasks :
|
||||||
- name : Docker Build
|
- name : Docker Build
|
||||||
init : |
|
init : |
|
||||||
|
@ -23,3 +14,32 @@ tasks :
|
||||||
make frontend-build
|
make frontend-build
|
||||||
command : |
|
command : |
|
||||||
make frontend-bash
|
make frontend-bash
|
||||||
|
|
||||||
|
image :
|
||||||
|
file : .gitpod.Dockerfile
|
||||||
|
|
||||||
|
ports :
|
||||||
|
- port : 10080 # nginx-proxy
|
||||||
|
visibility : public
|
||||||
|
onOpen : open-preview
|
||||||
|
- port : 10022 # SFTP
|
||||||
|
visibility : private
|
||||||
|
onOpen : ignore
|
||||||
|
- port : 13306 # MariaDB debug
|
||||||
|
visibility : private
|
||||||
|
onOpen : ignore
|
||||||
|
- port : 16379 #Redis debug
|
||||||
|
visibility : private
|
||||||
|
onOpen : ignore
|
||||||
|
- port : 8000-8500
|
||||||
|
visibility : public
|
||||||
|
onOpen : ignore
|
||||||
|
|
||||||
|
github :
|
||||||
|
prebuilds :
|
||||||
|
addCheck : false
|
||||||
|
|
||||||
|
vscode :
|
||||||
|
extensions :
|
||||||
|
- bmewburn.vscode-intelephense-client
|
||||||
|
- editorconfig.editorconfig
|
||||||
|
|
3
Makefile
3
Makefile
|
@ -4,8 +4,7 @@ list:
|
||||||
@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
|
@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
|
||||||
|
|
||||||
install-cloud-ide:
|
install-cloud-ide:
|
||||||
cp docker-compose.sample.yml docker-compose.yml
|
cp docker-compose.cloudide.yml docker-compose.yml
|
||||||
cp docker-compose.cloudide.yml docker-compose.override.yml
|
|
||||||
cp dev.env .env
|
cp dev.env .env
|
||||||
cp azuracast.dev.env azuracast.env
|
cp azuracast.dev.env azuracast.env
|
||||||
|
|
||||||
|
|
3
dev.env
3
dev.env
|
@ -7,7 +7,4 @@ AZURACAST_HTTPS_PORT=443
|
||||||
AZURACAST_SFTP_PORT=2022
|
AZURACAST_SFTP_PORT=2022
|
||||||
AZURACAST_STATION_PORTS=8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096
|
AZURACAST_STATION_PORTS=8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096
|
||||||
|
|
||||||
AZURACAST_PUID=1000
|
|
||||||
AZURACAST_PGID=1000
|
|
||||||
|
|
||||||
NGINX_TIMEOUT=1800
|
NGINX_TIMEOUT=1800
|
||||||
|
|
|
@ -1,29 +1,100 @@
|
||||||
services :
|
services :
|
||||||
nginx_proxy :
|
nginx_proxy :
|
||||||
|
container_name : nginx_proxy
|
||||||
|
image : "ghcr.io/azuracast/nginx_proxy:latest"
|
||||||
|
ports :
|
||||||
|
- '10080:80'
|
||||||
volumes :
|
volumes :
|
||||||
- ./util/local_ssl:/etc/nginx/certs
|
- nginx_proxy_vhosts:/etc/nginx/vhost.d
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
|
|
||||||
nginx_proxy_letsencrypt :
|
|
||||||
volumes :
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
environment :
|
||||||
|
DEFAULT_HOST : azuracast.local
|
||||||
|
depends_on :
|
||||||
|
- web
|
||||||
|
restart : always
|
||||||
|
|
||||||
web :
|
web :
|
||||||
|
container_name : azuracast_web
|
||||||
build :
|
build :
|
||||||
context : .
|
context : .
|
||||||
|
ports :
|
||||||
|
- '10022:2022'
|
||||||
|
depends_on :
|
||||||
|
- mariadb
|
||||||
|
- stations
|
||||||
|
- redis
|
||||||
|
env_file : azuracast.env
|
||||||
|
environment :
|
||||||
|
AZURACAST_DC_REVISION : 12
|
||||||
|
AZURACAST_VERSION : latest
|
||||||
|
AZURACAST_SFTP_PORT : 2022
|
||||||
|
VIRTUAL_HOST : azuracast.local
|
||||||
|
PUID : ${AZURACAST_PUID:-1000}
|
||||||
|
PGID : ${AZURACAST_PGID:-1000}
|
||||||
volumes :
|
volumes :
|
||||||
- ./util/local_ssl:/etc/nginx/certs:ro
|
|
||||||
- ./vendor:/var/azuracast/www/vendor
|
- ./vendor:/var/azuracast/www/vendor
|
||||||
- .:/var/azuracast/www
|
- .:/var/azuracast/www
|
||||||
|
- www_uploads:/var/azuracast/uploads
|
||||||
|
- tmp_data:/var/azuracast/www_tmp
|
||||||
|
- station_data:/var/azuracast/stations
|
||||||
|
- shoutcast2_install:/var/azuracast/servers/shoutcast2
|
||||||
|
- geolite_install:/var/azuracast/geoip
|
||||||
|
- sftpgo_data:/var/azuracast/sftpgo/persist
|
||||||
|
- backups:/var/azuracast/backups
|
||||||
|
restart : always
|
||||||
|
logging : &default-logging
|
||||||
|
options :
|
||||||
|
max-size : "1m"
|
||||||
|
max-file : "5"
|
||||||
|
|
||||||
mariadb :
|
mariadb :
|
||||||
|
container_name : azuracast_mariadb
|
||||||
|
image : "ghcr.io/azuracast/db:latest"
|
||||||
|
volumes :
|
||||||
|
- db_data:/var/lib/mysql
|
||||||
ports :
|
ports :
|
||||||
- "127.0.0.1:3306:3306"
|
- "13306:3306"
|
||||||
|
env_file : azuracast.env
|
||||||
|
restart : always
|
||||||
|
logging : *default-logging
|
||||||
|
|
||||||
redis :
|
redis :
|
||||||
|
container_name : azuracast_redis
|
||||||
|
image : "ghcr.io/azuracast/redis:latest"
|
||||||
ports :
|
ports :
|
||||||
- "127.0.0.1:6379:6379"
|
- "16379:6379"
|
||||||
|
restart : always
|
||||||
|
logging : *default-logging
|
||||||
|
|
||||||
stations :
|
stations :
|
||||||
|
container_name : azuracast_stations
|
||||||
|
image : "ghcr.io/azuracast/radio:latest"
|
||||||
|
environment :
|
||||||
|
PUID : ${AZURACAST_PUID:-1000}
|
||||||
|
PGID : ${AZURACAST_PGID:-1000}
|
||||||
|
ports :
|
||||||
|
- '8000:8000'
|
||||||
|
- '8005:8005'
|
||||||
|
- '8006:8006'
|
||||||
|
- '8010:8010'
|
||||||
|
- '8015:8015'
|
||||||
|
- '8016:8016'
|
||||||
volumes :
|
volumes :
|
||||||
- ./util/local_ssl:/etc/nginx/certs
|
- station_data:/var/azuracast/stations
|
||||||
|
- shoutcast2_install:/var/azuracast/servers/shoutcast2
|
||||||
|
- letsencrypt:/etc/nginx/certs
|
||||||
|
- tmp_data:/var/azuracast/www_tmp
|
||||||
|
init : true
|
||||||
|
restart : always
|
||||||
|
logging : *default-logging
|
||||||
|
|
||||||
|
volumes :
|
||||||
|
nginx_proxy_vhosts : { }
|
||||||
|
db_data : { }
|
||||||
|
shoutcast2_install : { }
|
||||||
|
geolite_install : { }
|
||||||
|
sftpgo_data : { }
|
||||||
|
station_data : { }
|
||||||
|
www_uploads : { }
|
||||||
|
tmp_data : { }
|
||||||
|
backups : { }
|
||||||
|
|
|
@ -83,6 +83,10 @@ services :
|
||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
restart : always
|
restart : always
|
||||||
|
ulimits : &default-ulimits
|
||||||
|
nofile :
|
||||||
|
soft : 65536
|
||||||
|
hard : 65536
|
||||||
logging : &default-logging
|
logging : &default-logging
|
||||||
options :
|
options :
|
||||||
max-size : "1m"
|
max-size : "1m"
|
||||||
|
@ -102,6 +106,8 @@ services :
|
||||||
redis :
|
redis :
|
||||||
container_name : azuracast_redis
|
container_name : azuracast_redis
|
||||||
image : "ghcr.io/azuracast/redis:${AZURACAST_VERSION:-latest}"
|
image : "ghcr.io/azuracast/redis:${AZURACAST_VERSION:-latest}"
|
||||||
|
sysctls :
|
||||||
|
net.core.somaxconn : 1024
|
||||||
volumes :
|
volumes :
|
||||||
- redis_data:/data
|
- redis_data:/data
|
||||||
networks :
|
networks :
|
||||||
|
@ -277,6 +283,7 @@ services :
|
||||||
- backend
|
- backend
|
||||||
init : true
|
init : true
|
||||||
restart : always
|
restart : always
|
||||||
|
ulimits : *default-ulimits
|
||||||
logging : *default-logging
|
logging : *default-logging
|
||||||
|
|
||||||
networks :
|
networks :
|
||||||
|
|
|
@ -333,20 +333,14 @@ class InstallCommand
|
||||||
|
|
||||||
// Remove privileged-mode settings if not enabled.
|
// Remove privileged-mode settings if not enabled.
|
||||||
$enablePrivileged = $env->getAsBool('AZURACAST_COMPOSE_PRIVILEGED', true);
|
$enablePrivileged = $env->getAsBool('AZURACAST_COMPOSE_PRIVILEGED', true);
|
||||||
if ($enablePrivileged) {
|
if (!$enablePrivileged) {
|
||||||
$yaml['services']['redis']['sysctls'] = [
|
foreach ($yaml['services'] as &$service) {
|
||||||
'net.core.somaxconn' => 1024,
|
unset(
|
||||||
];
|
$service['ulimits'],
|
||||||
|
$service['sysctls']
|
||||||
$ulimits = [
|
);
|
||||||
'nofile' => [
|
}
|
||||||
'soft' => 65536,
|
unset($service);
|
||||||
'hard' => 65536,
|
|
||||||
],
|
|
||||||
];
|
|
||||||
|
|
||||||
$yaml['services']['web']['ulimits'] = $ulimits;
|
|
||||||
$yaml['services']['stations']['ulimits'] = $ulimits;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$yamlRaw = Yaml::dump($yaml, PHP_INT_MAX);
|
$yamlRaw = Yaml::dump($yaml, PHP_INT_MAX);
|
||||||
|
|
Loading…
Reference in New Issue