diff --git a/arpspoof/apparmor.txt b/arpspoof/apparmor.txt new file mode 100644 index 0000000..b634cbd --- /dev/null +++ b/arpspoof/apparmor.txt @@ -0,0 +1,66 @@ +#include + +profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + signal, + mount, + umount, + remount, + network udp, + network tcp, + network dgram, + network stream, + network inet, + network inet6, + network netlink raw, + network unix dgram, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + # capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /init ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /run/{,**} rwk, + /dev/tty rw, + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/fuse mrwkl, + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/nvme0 mrwkl, + /dev/nvme1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /tmp/** mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/arpspoof/config.json b/arpspoof/config.json new file mode 100644 index 0000000..61a72e0 --- /dev/null +++ b/arpspoof/config.json @@ -0,0 +1,98 @@ +{ + "arch": [ + "aarch64", + "amd64", + "armv7" + ], + "codenotary": "alexandrep.github@gmail.com", + "description": "block internet connection for local network devices", + "devices": [ + "/dev/dri", + "/dev/dri/card0", + "/dev/dri/card1", + "/dev/dri/renderD128", + "/dev/vchiq", + "/dev/video10", + "/dev/video11", + "/dev/video12", + "/dev/video13", + "/dev/video14", + "/dev/video15", + "/dev/video16", + "/dev/ttyUSB0", + "/dev/sda", + "/dev/sdb", + "/dev/sdc", + "/dev/sdd", + "/dev/sde", + "/dev/sdf", + "/dev/sdg", + "/dev/nvme", + "/dev/nvme0", + "/dev/nvme0n1", + "/dev/nvme0n1p1", + "/dev/nvme0n1p2", + "/dev/nvme0n1p3", + "/dev/nvme1n1", + "/dev/nvme1n1p1", + "/dev/nvme1n1p2", + "/dev/nvme1n1p3", + "/dev/nvme2n1", + "/dev/nvme2n1p1", + "/dev/nvme2n1p2", + "/dev/nvme2n3p3", + "/dev/mmcblk", + "/dev/fuse", + "/dev/sda1", + "/dev/sdb1", + "/dev/sdc1", + "/dev/sdd1", + "/dev/sde1", + "/dev/sdf1", + "/dev/sdg1", + "/dev/sda2", + "/dev/sdb2", + "/dev/sdc2", + "/dev/sdd2", + "/dev/sde2", + "/dev/sdf2", + "/dev/sdg2", + "/dev/sda3", + "/dev/sdb3", + "/dev/sda4", + "/dev/sdb4", + "/dev/sda5", + "/dev/sda6", + "/dev/sda7", + "/dev/sda8", + "/dev/nvme0", + "/dev/nvme1", + "/dev/nvme2" + ], + "host_network": true, + "image": "ghcr.io/alexbelgium/arpspoof-{arch}", + "map": [], + "name": "Arpspoof", + "options": { + "ROUTER_IP": "yourip" + }, + "ports": { + "7022/tcp": 7022 + }, + "ports_description": { + "7022/tcp": "web interface" + }, + "privileged": [ + "SYS_ADMIN", + "DAC_READ_SEARCH" + ], + "schema": { + "INTERFACE_NAME": "str?", + "ROUTER_IP": "str" + }, + "slug": "arpspoof", + "udev": true, + "url": "https://github.com/alexbelgium/hassio-addons/tree/master/arpspoof", + "version": "1.0.0-2", + "webui": "[PROTO:ssl]://[HOST]:[PORT:7022]" +} diff --git a/changedetection.io/Dockerfile b/changedetection.io/Dockerfile new file mode 100644 index 0000000..0300d74 --- /dev/null +++ b/changedetection.io/Dockerfile @@ -0,0 +1,113 @@ +#============================# +# ALEXBELGIUM'S DOCKERFILE # +#============================# +# _.------. +# _.-` ('>.-`"""-. +# '.--'` _'` _ .--.) +# -' '-.-';` ` +# ' - _.' ``'--. +# '---` .-'""` +# /` +#=== Home Assistant Addon ===# + +################# +# 1 Build Image # +################# + +ARG BUILD_FROM +ARG BUILD_VERSION +FROM ${BUILD_FROM} + +################## +# 2 Modify Image # +################## + +# Set S6 wait time +ENV S6_CMD_WAIT_FOR_SERVICES=1 \ + S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ + S6_SERVICES_GRACETIME=0 + +# Image specific modifications + +# Global LSIO modifications +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_lsio.sh" "/ha_lsio.sh" +ARG CONFIGLOCATION="/config/addons_config/changedetection.io" +RUN chmod 744 /ha_lsio.sh && if grep -qr "lsio" /etc; then /ha_lsio.sh "$CONFIGLOCATION"; fi && rm /ha_lsio.sh + +################## +# 3 Install apps # +################## + +# Add rootfs +COPY rootfs/ / + +# Uses /bin for compatibility purposes +# hadolint ignore=DL4005 +RUN if [ ! -f /bin/sh ] && [ -f /usr/bin/sh ]; then ln -s /usr/bin/sh /bin/sh; fi && \ + if [ ! -f /bin/bash ] && [ -f /usr/bin/bash ]; then ln -s /usr/bin/bash /bin/bash; fi + +# Modules +ARG MODULES="00-banner.sh 01-custom_script.sh 00-global_var.sh" + +# Automatic modules download +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automodules.sh" "/ha_automodules.sh" +RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh + +# Manual apps +ENV PACKAGES="" + +# Automatic apps & bashio +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh" +RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.sh + +################ +# 4 Entrypoint # +################ + +# Add entrypoint +ENV S6_STAGE2_HOOK=/ha_entrypoint.sh +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint.sh" "/ha_entrypoint.sh" + +# Entrypoint modifications +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint_modif.sh" "/ha_entrypoint_modif.sh" +RUN chmod 777 /ha_entrypoint.sh /ha_entrypoint_modif.sh && /ha_entrypoint_modif.sh && rm /ha_entrypoint_modif.sh + +#WORKDIR / +#ENTRYPOINT [ "/usr/bin/env" ] +#CMD [ "/ha_entrypoint.sh" ] +#SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +############ +# 5 Labels # +############ + +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION +ENV BUILD_VERSION="${BUILD_VERSION}" +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.title="${BUILD_NAME}" \ + org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ + org.opencontainers.image.vendor="Home Assistant Add-ons" \ + org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://github.com/alexbelgium" \ + org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ + org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} + +################# +# 6 Healthcheck # +#################