From 254f89cb2035b298ac55282da6443458c5efb964 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Fri, 16 Jan 2026 18:50:08 +0000 Subject: [PATCH] symlink --- browser_brave/Dockerfile | 132 +----------------- browser_brave/apparmor.txt | 72 +--------- browser_brave/rootfs | 1 + .../rootfs/etc/cont-init.d/20-folders.sh | 23 --- .../etc/cont-init.d/80-configuration.sh | 49 ------- .../rootfs/etc/cont-init.d/90-ingress.sh | 29 ---- .../rootfs/etc/cont-init.d/90-ssl.sh | 22 --- .../rootfs/etc/nginx/includes/mime.types | 96 ------------- .../etc/nginx/includes/proxy_params.conf | 15 -- .../rootfs/etc/nginx/includes/resolver.conf | 1 - .../etc/nginx/includes/server_params.conf | 6 - .../rootfs/etc/nginx/includes/ssl_params.conf | 9 -- .../rootfs/etc/nginx/includes/upstream.conf | 3 - 13 files changed, 3 insertions(+), 455 deletions(-) mode change 100644 => 120000 browser_brave/Dockerfile mode change 100644 => 120000 browser_brave/apparmor.txt create mode 120000 browser_brave/rootfs delete mode 100755 browser_brave/rootfs/etc/cont-init.d/20-folders.sh delete mode 100755 browser_brave/rootfs/etc/cont-init.d/80-configuration.sh delete mode 100755 browser_brave/rootfs/etc/cont-init.d/90-ingress.sh delete mode 100755 browser_brave/rootfs/etc/cont-init.d/90-ssl.sh delete mode 100644 browser_brave/rootfs/etc/nginx/includes/mime.types delete mode 100644 browser_brave/rootfs/etc/nginx/includes/proxy_params.conf delete mode 100644 browser_brave/rootfs/etc/nginx/includes/resolver.conf delete mode 100644 browser_brave/rootfs/etc/nginx/includes/server_params.conf delete mode 100644 browser_brave/rootfs/etc/nginx/includes/ssl_params.conf delete mode 100644 browser_brave/rootfs/etc/nginx/includes/upstream.conf diff --git a/browser_brave/Dockerfile b/browser_brave/Dockerfile deleted file mode 100644 index d7db663ba..000000000 --- a/browser_brave/Dockerfile +++ /dev/null @@ -1,131 +0,0 @@ -#============================# -# ALEXBELGIUM'S DOCKERFILE # -#============================# -# _.------. -# _.-` ('>.-`"""-. -# '.--'` _'` _ .--.) -# -' '-.-';` ` -# ' - _.' ``'--. -# '---` .-'""` -# /` -#=== Home Assistant Addon ===# - -################# -# 1 Build Image # -################# - -ARG BUILD_FROM -ARG BUILD_VERSION -FROM ${BUILD_FROM} - -################## -# 2 Modify Image # -################## - -# Set S6 wait time -ENV S6_CMD_WAIT_FOR_SERVICES=1 \ - S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ - S6_SERVICES_GRACETIME=0 - -USER root - -# load volume -VOLUME [ "/sys/fs/cgroup" ] - -# Set shell -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# Allow UID and GID setting -# hadolint ignore=SC2015,DL4006,SC2013,SC2086 -RUN \ - # Change home folder location - usermod --home /config abc && \ - \ - # Set +e - if [[ -d /etc/services.d ]] && ls /etc/services.d/*/run 1> /dev/null 2>&1; then sed -i "1a set +e" /etc/services.d/*/run; fi - -# Modify commands -RUN sed -i '/no-first-run/a\ --no-default-browser-check --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9221 --disable-background-networking --disable-sync \\' /usr/bin/wrapped-* - -# Global LSIO modifications -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_lsio.sh" "/ha_lsio.sh" -ARG CONFIGLOCATION="/config" -RUN chmod 744 /ha_lsio.sh && if grep -qr "lsio" /etc; then /ha_lsio.sh "$CONFIGLOCATION"; fi && rm /ha_lsio.sh - -################## -# 3 Install apps # -################## - -# Add rootfs -COPY rootfs/ / - -# Uses /bin for compatibility purposes -# hadolint ignore=DL4005 -RUN if [ ! -f /bin/sh ] && [ -f /usr/bin/sh ]; then ln -s /usr/bin/sh /bin/sh; fi && \ - if [ ! -f /bin/bash ] && [ -f /usr/bin/bash ]; then ln -s /usr/bin/bash /bin/bash; fi - -# Modules -ARG MODULES="00-banner.sh 01-custom_script.sh 00-local_mounts.sh 00-smb_mounts.sh 90-dns_set.sh" - -# Automatic modules download -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automodules.sh" "/ha_automodules.sh" -RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh - -# Manual apps -ENV PACKAGES="nginx engrampa kwalletmanager" - -# Automatic apps & bashio -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh" -RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.sh - -################ -# 4 Entrypoint # -################ - -# Add entrypoint -ENV S6_STAGE2_HOOK=/ha_entrypoint.sh -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint.sh" "/ha_entrypoint.sh" -RUN chmod 777 /ha_entrypoint.sh - -# Standalone bashio command -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/bashio-standalone.sh" "/.bashio-standalone.sh" -RUN chmod 777 /.bashio-standalone.sh - -#WORKDIR / -ENTRYPOINT [ "/usr/bin/env" ] -CMD [ "/ha_entrypoint.sh" ] - -############ -# 5 Labels # -############ - -ARG BUILD_ARCH -ARG BUILD_DATE -ARG BUILD_DESCRIPTION -ARG BUILD_NAME -ARG BUILD_REF -ARG BUILD_REPOSITORY -ARG BUILD_VERSION -ENV BUILD_VERSION="${BUILD_VERSION}" -LABEL \ - io.hass.name="${BUILD_NAME}" \ - io.hass.description="${BUILD_DESCRIPTION}" \ - io.hass.arch="${BUILD_ARCH}" \ - io.hass.type="addon" \ - io.hass.version=${BUILD_VERSION} \ - maintainer="alexbelgium (https://github.com/alexbelgium)" \ - org.opencontainers.image.title="${BUILD_NAME}" \ - org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ - org.opencontainers.image.vendor="Home Assistant Add-ons" \ - org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ - org.opencontainers.image.licenses="MIT" \ - org.opencontainers.image.url="https://github.com/alexbelgium" \ - org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ - org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ - org.opencontainers.image.created=${BUILD_DATE} \ - org.opencontainers.image.revision=${BUILD_REF} \ - org.opencontainers.image.version=${BUILD_VERSION} - -#################### -# 6 HealthcheckNOT # -#################### diff --git a/browser_brave/Dockerfile b/browser_brave/Dockerfile new file mode 120000 index 000000000..80ffe51e2 --- /dev/null +++ b/browser_brave/Dockerfile @@ -0,0 +1 @@ +../browser_chromium/Dockerfile \ No newline at end of file diff --git a/browser_brave/apparmor.txt b/browser_brave/apparmor.txt deleted file mode 100644 index d4fca2a2d..000000000 --- a/browser_brave/apparmor.txt +++ /dev/null @@ -1,71 +0,0 @@ -#include - -profile brave_addon flags=(attach_disconnected,mediate_deleted) { - #include - - capability, - file, - signal, - mount, - umount, - remount, - network udp, - network tcp, - network dgram, - network stream, - network inet, - network inet6, - network netlink raw, - network unix dgram, - - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, - -# S6-Overlay - /init ix, - /run/{s6,s6-rc*,service}/** ix, - /package/** ix, - /command/** ix, - /run/{,**} rwk, - /dev/tty rw, - /bin/** ix, - /usr/bin/** ix, - /usr/lib/bashio/** ix, - /etc/s6/** rix, - /run/s6/** rix, - /etc/services.d/** rwix, - /etc/cont-init.d/** rwix, - /etc/cont-finish.d/** rwix, - /init rix, - /var/run/** mrwkl, - /var/run/ mrwkl, - /dev/i2c-1 mrwkl, - # Files required - /dev/fuse mrwkl, - /dev/sda1 mrwkl, - /dev/sdb1 mrwkl, - /dev/nvme0 mrwkl, - /dev/nvme0n1 mrwkl, - /dev/nvme1 mrwkl, - /dev/mmcblk0p1 mrwkl, - /dev/* mrwkl, - /udev/* mrwkl, - /tmp/** mrkwl, - /dev/fuse/** mrkwl, - /dev/** mrkwl, - /sys/firmware/** mrkwl, - - # Data access - /data/** rw, - - # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container - ptrace (trace,read) peer=docker-default, - - # docker daemon confinement requires explict allow rule for signal - signal (receive) set=(kill,term) peer=/usr/bin/docker, - -} diff --git a/browser_brave/apparmor.txt b/browser_brave/apparmor.txt new file mode 120000 index 000000000..6513b47ed --- /dev/null +++ b/browser_brave/apparmor.txt @@ -0,0 +1 @@ +../browser_chromium/apparmor.txt \ No newline at end of file diff --git a/browser_brave/rootfs b/browser_brave/rootfs new file mode 120000 index 000000000..0121d388f --- /dev/null +++ b/browser_brave/rootfs @@ -0,0 +1 @@ +../browser_chromium/rootfs \ No newline at end of file diff --git a/browser_brave/rootfs/etc/cont-init.d/20-folders.sh b/browser_brave/rootfs/etc/cont-init.d/20-folders.sh deleted file mode 100755 index 8b0a45490..000000000 --- a/browser_brave/rootfs/etc/cont-init.d/20-folders.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -# shellcheck disable=SC2046 -set -e - -# Define user -PUID=$(bashio::config "PUID") -PGID=$(bashio::config "PGID") - - -# Create cache -mkdir -p /.cache -chmod 755 /.cache -if [ -d "/config/.cache" ]; then - cp -rf /config/.cache /.cache - rm -r /config/.cache -fi -ln -sf /config/.cache /.cache - -# Set ownership -bashio::log.info "Setting ownership to $PUID:$PGID" -chown -R "$PUID":"$PGID" /config -chmod -R 700 /config diff --git a/browser_brave/rootfs/etc/cont-init.d/80-configuration.sh b/browser_brave/rootfs/etc/cont-init.d/80-configuration.sh deleted file mode 100755 index e45f6d8e8..000000000 --- a/browser_brave/rootfs/etc/cont-init.d/80-configuration.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -# shellcheck disable=SC2015 -set -e - -# Install specific apps -if bashio::config.has_value 'additional_apps'; then - bashio::log.info "Installing additional apps :" - # hadolint ignore=SC2005 - NEWAPPS=$(bashio::config 'additional_apps') - for packagestoinstall in ${NEWAPPS//,/ }; do - bashio::log.green "... $packagestoinstall" - if command -v "apk" &> /dev/null; then - apk add --no-cache "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found") - elif command -v "apt" &> /dev/null; then - apt-get install -yqq --no-install-recommends "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found") - elif command -v "pacman" &> /dev/null; then - pacman --noconfirm -S "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found") - fi - done -fi - -# Set TZ -if bashio::config.has_value 'TZ'; then - TIMEZONE=$(bashio::config 'TZ') - bashio::log.info "Setting timezone to $TIMEZONE" - ln -snf /usr/share/zoneinfo/"$TIMEZONE" /etc/localtime - echo "$TIMEZONE" > /etc/timezone -fi || (bashio::log.fatal "Error : $TIMEZONE not found. Here is a list of valid timezones : https://manpages.ubuntu.com/manpages/focal/man3/DateTime::TimeZone::Catalog.3pm.html") - -# Set keyboard -if bashio::config.has_value 'KEYBOARD'; then - KEYBOARD=$(bashio::config 'KEYBOARD') - bashio::log.info "Setting keyboard to $KEYBOARD" - if [ -d /var/run/s6/container_environment ]; then printf "%s" "$KEYBOARD" > /var/run/s6/container_environment/KEYBOARD; fi - printf "%s\n" "KEYBOARD=\"$KEYBOARD\"" >> ~/.bashrc -fi || true - -# Set password -if bashio::config.has_value 'PASSWORD'; then - bashio::log.info "Setting password to the value defined in options" - PASSWORD=$(bashio::config 'PASSWORD') - passwd -d abc - echo -e "$PASSWORD\n$PASSWORD" | passwd abc -elif ! bashio::config.has_value 'PASSWORD' && [[ -n "$(bashio::addon.port "3000")" ]] && [[ -n $(bashio::addon.port "3001") ]]; then - bashio::log.warning "SEVERE RISK IDENTIFIED" - bashio::log.warning "You are opening an external port but your password is not defined" - bashio::log.warning "You risk being hacked ! Please disable the external ports, or use a password" -fi diff --git a/browser_brave/rootfs/etc/cont-init.d/90-ingress.sh b/browser_brave/rootfs/etc/cont-init.d/90-ingress.sh deleted file mode 100755 index be3fc009e..000000000 --- a/browser_brave/rootfs/etc/cont-init.d/90-ingress.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -set -e - -# nginx Path -NGINX_CONFIG=/etc/nginx/sites-available/ingress.conf -SUBFOLDER="$(bashio::addon.ingress_entry)/" - -# Copy template -cp /defaults/default.conf "${NGINX_CONFIG}" -# Remove ssl part -awk -v n=4 '/server/{n--}; n > 0' "${NGINX_CONFIG}" > tmpfile -mv tmpfile "${NGINX_CONFIG}" - -# Remove ipv6 -sed -i '/listen \[::\]/d' "${NGINX_CONFIG}" -# Add ingress parameters -sed -i "s|3000|$(bashio::addon.ingress_port)|g" "${NGINX_CONFIG}" -sed -i "s|CWS|8082|g" "${NGINX_CONFIG}" -sed -i '/proxy_buffering/a proxy_set_header Accept-Encoding "";' "${NGINX_CONFIG}" -sed -i '/proxy_buffering/a sub_filter_once off;' "${NGINX_CONFIG}" -sed -i '/proxy_buffering/a sub_filter_types *;' "${NGINX_CONFIG}" -sed -i '/proxy_buffering/a sub_filter "vnc/index.html?autoconnect" "vnc/index.html?path=%%path%%websockify?autoconnect";' "${NGINX_CONFIG}" -sed -i "s|location SUBFOLDER|location /|g" "${NGINX_CONFIG}" -sed -i "s|%%path%%|${SUBFOLDER}|g" "${NGINX_CONFIG}" -sed -i "s|SUBFOLDER|${SUBFOLDER}|g" "${NGINX_CONFIG}" - -# Enable ingress -cp "${NGINX_CONFIG}" /etc/nginx/sites-enabled diff --git a/browser_brave/rootfs/etc/cont-init.d/90-ssl.sh b/browser_brave/rootfs/etc/cont-init.d/90-ssl.sh deleted file mode 100755 index b054edbd3..000000000 --- a/browser_brave/rootfs/etc/cont-init.d/90-ssl.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -set -e - -if bashio::config.true 'use_own_certs'; then - bashio::log.green "Using referenced ssl certificates to connect with https. Please remember to open the ssl port in the addon options" - CERTFILE="$(bashio::config 'certfile')" - KEYFILE="$(bashio::config 'keyfile')" - NGINX_CONFIG="/defaults/default.conf" - - #Check if files exist - echo "... checking if referenced files exist" - if [ -f /ssl/"$CERTFILE" ] && [ -f /ssl/"$KEYFILE" ]; then - # Add ssl file - sed -i "s|/config/ssl/cert.pem|/ssl/$CERTFILE|g" "$NGINX_CONFIG" - sed -i "s|/config/ssl/cert.key|/ssl/$KEYFILE|g" "$NGINX_CONFIG" - echo "... done" - else - bashio::log.warning "... certificate /ssl/$CERTFILE and /ssl/$KEYFILE and not found, using self-generated certificates" - fi - -fi diff --git a/browser_brave/rootfs/etc/nginx/includes/mime.types b/browser_brave/rootfs/etc/nginx/includes/mime.types deleted file mode 100644 index 7c7cdef2d..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/mime.types +++ /dev/null @@ -1,96 +0,0 @@ -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/browser_brave/rootfs/etc/nginx/includes/proxy_params.conf b/browser_brave/rootfs/etc/nginx/includes/proxy_params.conf deleted file mode 100644 index 1990d4959..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/proxy_params.conf +++ /dev/null @@ -1,15 +0,0 @@ -proxy_http_version 1.1; -proxy_ignore_client_abort off; -proxy_read_timeout 86400s; -proxy_redirect off; -proxy_send_timeout 86400s; -proxy_max_temp_file_size 0; - -proxy_set_header Accept-Encoding ""; -proxy_set_header Connection $connection_upgrade; -proxy_set_header Host $http_host; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-NginX-Proxy true; -proxy_set_header X-Real-IP $remote_addr; diff --git a/browser_brave/rootfs/etc/nginx/includes/resolver.conf b/browser_brave/rootfs/etc/nginx/includes/resolver.conf deleted file mode 100644 index 70f4982b9..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/resolver.conf +++ /dev/null @@ -1 +0,0 @@ -resolver 127.0.0.11 ipv6=off; diff --git a/browser_brave/rootfs/etc/nginx/includes/server_params.conf b/browser_brave/rootfs/etc/nginx/includes/server_params.conf deleted file mode 100644 index 09c06543e..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/server_params.conf +++ /dev/null @@ -1,6 +0,0 @@ -root /dev/null; -server_name $hostname; - -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; -add_header X-Robots-Tag none; diff --git a/browser_brave/rootfs/etc/nginx/includes/ssl_params.conf b/browser_brave/rootfs/etc/nginx/includes/ssl_params.conf deleted file mode 100644 index 6f1500599..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/ssl_params.conf +++ /dev/null @@ -1,9 +0,0 @@ -ssl_protocols TLSv1.2; -ssl_prefer_server_ciphers on; -ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; -ssl_ecdh_curve secp384r1; -ssl_session_timeout 10m; -ssl_session_cache shared:SSL:10m; -ssl_session_tickets off; -ssl_stapling on; -ssl_stapling_verify on; diff --git a/browser_brave/rootfs/etc/nginx/includes/upstream.conf b/browser_brave/rootfs/etc/nginx/includes/upstream.conf deleted file mode 100644 index b292326bd..000000000 --- a/browser_brave/rootfs/etc/nginx/includes/upstream.conf +++ /dev/null @@ -1,3 +0,0 @@ -upstream backend { - server 127.0.0.1:8080; -}