From 4a51302b658605ce44f27346e78a917e6824ea62 Mon Sep 17 00:00:00 2001 From: Alexandre Date: Fri, 4 Aug 2023 19:52:58 +0200 Subject: [PATCH] revert https://github.com/alexbelgium/hassio-addons/issues/932#issuecomment-1665475039 --- webtop_kde/CHANGELOG.md | 58 --------- webtop_kde/Dockerfile | 94 +++++++++++++- webtop_kde/apparmor.txt | 70 ++++++++++ webtop_kde/build.json | 5 +- webtop_kde/config.json | 120 +++++++++++++++++- .../etc/cont-init.d/00-data_location.sh | 57 +++++++++ .../rootfs/etc/cont-init.d/20-folders.sh | 10 ++ .../etc/cont-init.d/80-configuration.sh | 61 +++++++++ .../rootfs/etc/cont-init.d/90-ingress.sh | 36 ++++++ .../rootfs/etc/nginx/includes/mime.types | 96 ++++++++++++++ .../etc/nginx/includes/proxy_params.conf | 15 +++ .../rootfs/etc/nginx/includes/resolver.conf | 1 + .../etc/nginx/includes/server_params.conf | 6 + .../rootfs/etc/nginx/includes/ssl_params.conf | 9 ++ .../rootfs/etc/nginx/includes/upstream.conf | 3 + webtop_kde/rootfs/etc/nginx/nginx.conf | 56 ++++++++ .../rootfs/etc/nginx/servers/ingress.conf | 18 +++ webtop_kde/rootfs/etc/services.d/nginx/finish | 8 ++ webtop_kde/rootfs/etc/services.d/nginx/run | 10 ++ webtop_kde/stats.png | Bin 1857 -> 1722 bytes webtop_kde/updater.json | 8 +- 21 files changed, 668 insertions(+), 73 deletions(-) create mode 100644 webtop_kde/apparmor.txt create mode 100644 webtop_kde/rootfs/etc/cont-init.d/00-data_location.sh create mode 100644 webtop_kde/rootfs/etc/cont-init.d/20-folders.sh create mode 100644 webtop_kde/rootfs/etc/cont-init.d/80-configuration.sh create mode 100644 webtop_kde/rootfs/etc/cont-init.d/90-ingress.sh create mode 100644 webtop_kde/rootfs/etc/nginx/includes/mime.types create mode 100644 webtop_kde/rootfs/etc/nginx/includes/proxy_params.conf create mode 100644 webtop_kde/rootfs/etc/nginx/includes/resolver.conf create mode 100644 webtop_kde/rootfs/etc/nginx/includes/server_params.conf create mode 100644 webtop_kde/rootfs/etc/nginx/includes/ssl_params.conf create mode 100644 webtop_kde/rootfs/etc/nginx/includes/upstream.conf create mode 100644 webtop_kde/rootfs/etc/nginx/nginx.conf create mode 100644 webtop_kde/rootfs/etc/nginx/servers/ingress.conf create mode 100644 webtop_kde/rootfs/etc/services.d/nginx/finish create mode 100644 webtop_kde/rootfs/etc/services.d/nginx/run diff --git a/webtop_kde/CHANGELOG.md b/webtop_kde/CHANGELOG.md index 179b88c5a..f0bfbdce0 100644 --- a/webtop_kde/CHANGELOG.md +++ b/webtop_kde/CHANGELOG.md @@ -1,232 +1,174 @@ -## 5.24.5 (23-07-2023) -- Update to latest version from linuxserver/docker-webtop -- Arm32v7 discontinued by linuxserver, latest working version pinned - ## 4.16-r0-ls95 (08-04-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls93 (31-03-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls92 (24-03-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls91 (18-03-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls90 (11-03-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls89 (25-02-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls88 (19-02-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls87 (11-02-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls86 (04-02-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls85 (14-01-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls84 (07-01-2023) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls83 (25-12-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls82 (25-12-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls81 (13-12-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls80 (06-12-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls79 (27-11-2022) - - Update to latest version from linuxserver/docker-webtop - WARNING : update to supervisor 2022.11 before installing ## 4.16-r0-ls78 (22-11-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls77 (14-11-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls76 (08-11-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls75 (25-10-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls74 (20-10-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls73 (18-10-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls72 (04-10-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls71 (27-09-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls70 (20-09-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls69 (09-09-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls68 (30-08-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls67 (16-08-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls66 (09-08-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls65 (04-08-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls64 (26-07-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls63 (19-07-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls62 (05-07-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls61 (21-06-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls60 (14-06-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls59 (06-06-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls58 (31-05-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls57 (24-05-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls56 (17-05-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls55 (10-05-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls54 (01-05-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls53 (26-04-2022) - - Update to latest version from linuxserver/docker-webtop - Fix custom timezone ## 4.16-r0-ls52 (19-04-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls51 (11-04-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls50 (05-04-2022) - - Update to latest version from linuxserver/docker-webtop - Devicetree feature removed as cause issue on some systems ## 4.16-r0-ls49 (27-03-2022) - - Update to latest version from linuxserver/docker-webtop - Add codenotary sign ## 4.16-r0-ls48 (22-03-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls47 (14-03-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls46 (06-03-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls45 (27-02-2022) - - Update to latest version from linuxserver/docker-webtop - Map device tree ## 4.16-r0-ls44 (20-02-2022) - - Update to latest version from linuxserver/docker-webtop ## 4.16-r0-ls43 (13-02-2022) - - Update to latest version from linuxserver/docker-webtop - New feature : addition of ingress - New feature : change password from addon options ## 4.16-r0-ls42 (07-02-2022) - - Update to latest version from linuxserver/docker-webtop - Option to enable rpi graphic drivers - Option to enable edge repositories - Code improvement ## 4.16-r0-ls40 (04-02-2022) - - Update to latest version from linuxserver/docker-webtop - Alpine KDE - To update, uninstall and reinstall diff --git a/webtop_kde/Dockerfile b/webtop_kde/Dockerfile index 5da037fb5..033cc6c5d 100644 --- a/webtop_kde/Dockerfile +++ b/webtop_kde/Dockerfile @@ -16,7 +16,99 @@ ARG BUILD_FROM ARG BUILD_VERSION -FROM ${BUILD_FROM} +FROM ${BUILD_FROM}alpine-kde + +################## +# 2 Modify Image # +################## + +# Set S6 wait time +ENV S6_CMD_WAIT_FOR_SERVICES=1 \ + S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ + S6_SERVICES_GRACETIME=0 + +# Allow UID and GID setting +# hadolint ignore=SC2015,DL4006,SC2013,SC2086 +RUN \ + # Change home folder location + usermod --home /share/webtop_kde abc \ + \ + # Correct error in upstream image + && for file in $(grep -srl "startwm " /etc); do sed -i 's/startwm /startwm.sh /g' $file; done \ + \ + # Update distribution + # hadolint ignore=DL3017 + && apk upgrade --no-cache + +# Global LSIO modifications +ARG CONFIGLOCATION="/share/webtop_kde" +# hadolint ignore=SC2015, SC2013, SC2086 +RUN \ + # Avoid custom-init.d duplications + for file in $(grep -sril 'Potential tampering with custom' /etc/cont-init.d /etc/services.d /etc/s6-overlay/s6-rc.d); do rm -f $file; done \ + \ + # Create new config folder if needed + && for file in $(grep -srl "PUID" /etc/cont-init.d /etc/s6-overlay/s6-rc.d); do sed -i "1a mkdir -p $CONFIGLOCATION" $file; done \ + \ + # Allow UID and GID setting + && for file in $(grep -srl "PUID" /etc/cont-init.d /etc/s6-overlay/s6-rc.d); do sed -i 's/bash/bashio/g' $file && sed -i '1a PUID="$(if bashio::config.has_value "PUID"; then bashio::config "PUID"; else echo "0"; fi)"' $file && sed -i '1a PGID="$(if bashio::config.has_value "PGID"; then bashio::config "PGID"; else echo "0"; fi)"' $file; done \ + \ + # Correct config location + && for file in $(grep -Esril "/config[ '\"/]|/config\$" /etc /defaults); do sed -Ei "s=(/config)+(/| |$|\"|\')=$CONFIGLOCATION\2=g" $file; done \ + \ + # Avoid chmod /config + && for file in /etc/services.d/*/* /etc/cont-init.d/* /etc/s6-overlay/s6-rc.d/*/*;do if [ -f $file ] && [[ ! -z $(awk '/chown.*abc:abc.*\\/,/.*\/config( |$)/{print FILENAME}' $file) ]] ; then sed -i "s|/config$|/data|g" $file; fi ;done \ + \ + # Docker mods addition + #&& if [ -f /docker-mods ]; then sed -i 's|bash|bashio|g' /docker-mods && sed -i "1a if bashio::config.has_value \"DOCKER_MODS\"; then DOCKER_MODS=\$(bashio::config \"DOCKER_MODS\"); fi" /docker-mods; fi \ + \ + # Replace lsiown if not found + && if [ ! -f /usr/bin/lsiown ]; then for file in $(grep -sril "lsiown" /etc); do sed -i "s|lsiown|chown|g" $file; done; fi + +################## +# 3 Install apps # +################## + +# Add rootfs +COPY rootfs/ / + +# Corrects permissions for s6 v3 +RUN if [ -d /etc/cont-init.d ]; then chmod -R 755 /etc/cont-init.d; fi && \ + if [ -d /etc/services.d ]; then chmod -R 755 /etc/services.d; fi && \ + if [ -f /entrypoint.sh ]; then chmod 755 /entrypoint.sh; fi + +# Modules +ARG MODULES="00-banner.sh 01-custom_script.sh 00-local_mounts.sh 00-smb_mounts.sh 90-dns_set.sh" + +# Automatic modules download +RUN if ! command -v bash >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && apt-get update && apt-get install -yqq --no-install-recommends ca-certificates || apk add --no-cache ca-certificates >/dev/null || true \ + && mkdir -p /etc/cont-init.d \ + && for scripts in $MODULES; do echo "$scripts" && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/$scripts" -o /etc/cont-init.d/"$scripts" && [ "$(sed -n '/\/bin/p;q' /etc/cont-init.d/"$scripts")" != "" ] || (echo "script failed to install $scripts" && exit 1); done \ + && chmod -R 755 /etc/cont-init.d + +# Manual apps +ENV PACKAGES="nginx engrampa" + +# Automatic apps & bashio +# hadolint ignore=SC2015 +RUN if ! command -v bash >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/automatic_packages.sh" --output /automatic_packages.sh \ + && chmod 777 /automatic_packages.sh \ + && eval /./automatic_packages.sh "${PACKAGES:-}" \ + && rm /automatic_packages.sh + +################ +# 4 Entrypoint # +################ + +#RUN chmod 777 /entrypoint.sh +#WORKDIR / +#ENTRYPOINT [ "/usr/bin/env" ] +#CMD [ "/entrypoint.sh" ] +#SHELL ["/bin/bash", "-o", "pipefail", "-c"] ############ # 5 Labels # diff --git a/webtop_kde/apparmor.txt b/webtop_kde/apparmor.txt new file mode 100644 index 000000000..a896c3c93 --- /dev/null +++ b/webtop_kde/apparmor.txt @@ -0,0 +1,70 @@ +#include + +profile webtop_kde_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + signal, + mount, + umount, + remount, + network udp, + network tcp, + network dgram, + network stream, + network inet, + network inet6, + network netlink raw, + network unix dgram, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /init ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /run/{,**} rwk, + /dev/tty rw, + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/fuse mrwkl, + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/nvme0 mrwkl, + /dev/nvme1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /udev/* mrwkl, + /tmp/** mrkwl, + /dev/fuse/** mrkwl, + /dev/** mrkwl, + /sys/firmware/** mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/webtop_kde/build.json b/webtop_kde/build.json index df949f830..5aa55ead0 100644 --- a/webtop_kde/build.json +++ b/webtop_kde/build.json @@ -1,7 +1,8 @@ { "build_from": { - "aarch64": "lscr.io/linuxserver/webtop:arm64v8-latest", - "amd64": "lscr.io/linuxserver/webtop:amd64-latest" + "aarch64": "lscr.io/linuxserver/webtop:arm64v8-", + "amd64": "lscr.io/linuxserver/webtop:amd64-", + "armv7": "lscr.io/linuxserver/webtop:arm32v7-" }, "codenotary": { "signer": "alexandrep.github@gmail.com" diff --git a/webtop_kde/config.json b/webtop_kde/config.json index 67c54ea45..3c4680f82 100644 --- a/webtop_kde/config.json +++ b/webtop_kde/config.json @@ -6,19 +6,125 @@ ], "codenotary": "alexandrep.github@gmail.com", "description": "Full linux desktop environment accessible via any modern web browser", + "devices": [ + "/dev/dri", + "/dev/dri/card0", + "/dev/dri/card1", + "/dev/dri/renderD128", + "/dev/vchiq", + "/dev/video10", + "/dev/video11", + "/dev/video12", + "/dev/video13", + "/dev/video14", + "/dev/video15", + "/dev/video16", + "/dev/ttyUSB0", + "/dev/dri", + "/dev/dri/card0", + "/dev/dri/card1", + "/dev/dri/renderD128", + "/dev/vchiq", + "/dev/video10", + "/dev/video11", + "/dev/video12", + "/dev/video13", + "/dev/video14", + "/dev/video15", + "/dev/video16", + "/dev/sda", + "/dev/sdb", + "/dev/sdc", + "/dev/sdd", + "/dev/sde", + "/dev/sdf", + "/dev/sdg", + "/dev/nvme", + "/dev/nvme0n1p1", + "/dev/nvme0n1p2", + "/dev/mmcblk", + "/dev/fuse", + "/dev/sda1", + "/dev/sdb1", + "/dev/sdc1", + "/dev/sdd1", + "/dev/sde1", + "/dev/sdf1", + "/dev/sdg1", + "/dev/sda2", + "/dev/sdb2", + "/dev/sdc2", + "/dev/sdd2", + "/dev/sde2", + "/dev/sdf2", + "/dev/sdg2", + "/dev/sda3", + "/dev/sdb3", + "/dev/sda4", + "/dev/sdb4", + "/dev/nvme0", + "/dev/nvme1", + "/dev/nvme2" + ], + "environment": { + "FM_HOME": "/share/webtop_kde", + "HOME": "/share/webtop_kde", + "PGID": "0", + "PUID": "0", + "TITLE": "Alpine KDE webtop", + "shm_size": "1gb" + }, + "host_dbus": true, "image": "ghcr.io/alexbelgium/webtop_kde-{arch}", + "ingress": true, "init": false, - "name": "Webtop XFCE", + "map": [ + "media:rw", + "share:rw", + "ssl" + ], + "name": "Webtop Alpine KDE", + "options": { + "DNS_server": "8.8.8.8", + "PGID": 0, + "PUID": 0, + "additional_apps": "engrampa,libreoffice", + "rpi_video_drivers": true + }, + "panel_icon": "mdi:monitor", "ports": { - "3000/tcp": null, - "3001/tcp": null + "3000/tcp": null }, "ports_description": { - "3000/tcp": "Web interface", - "3001/tcp": "https web interface" + "3000/tcp": "web interface" + }, + "privileged": [ + "SYS_ADMIN", + "DAC_READ_SEARCH", + "NET_ADMIN", + "SYS_MODULE", + "SYS_RESOURCE" + ], + "schema": { + "DNS_server": "str?", + "KEYBOARD": "list(da-dk-qwerty|de-de-qwertz|en-gb-qwerty|en-us-qwerty|es-es-qwerty|fr-ch-qwertz|fr-fr-azerty|it-it-qwerty|ja-jp-qwerty|pt-br-qwerty|sv-se-qwerty|tr-tr-qwerty)?", + "PASSWORD": "str?", + "PGID": "int", + "PUID": "int", + "TZ": "str?", + "additional_apps": "str?", + "cifsdomain": "str?", + "cifspassword": "str?", + "cifsusername": "str?", + "data_location": "str?", + "edge_repositories": "bool?", + "localdisks": "str?", + "networkdisks": "str?", + "rpi_video_drivers": "bool?" }, "slug": "webtop-kde", + "udev": true, "url": "https://github.com/alexbelgium/hassio-addons", - "version": "5.24.5-test13", + "version": "4.16-r0-ls95", "video": true -} \ No newline at end of file +} diff --git a/webtop_kde/rootfs/etc/cont-init.d/00-data_location.sh b/webtop_kde/rootfs/etc/cont-init.d/00-data_location.sh new file mode 100644 index 000000000..f2faaa38e --- /dev/null +++ b/webtop_kde/rootfs/etc/cont-init.d/00-data_location.sh @@ -0,0 +1,57 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +# shellcheck disable=SC2046 + +# Define user +PUID=$(bashio::config "PUID") +PGID=$(bashio::config "PGID") + +# Check data location +LOCATION=$(bashio::config 'data_location') + +if [[ "$LOCATION" = "null" || -z "$LOCATION" ]]; then + # Default location + LOCATION="/share/webtop_kde" +else + bashio::log.warning "Warning : a custom data location was selected, but the previous folder will NOT be copied. You need to do it manually" + + # Check if config is located in an acceptable location + LOCATIONOK="" + for location in "/share" "/config" "/data" "/mnt"; do + if [[ "$LOCATION" == "$location"* ]]; then + LOCATIONOK=true + fi + done + + if [ -z "$LOCATIONOK" ]; then + LOCATION=/config/addons_config/${HOSTNAME#*-} + bashio::log.fatal "Your data_location value can only be set in /share, /config or /data (internal to addon). It will be reset to the default location : $LOCATION" + fi + +fi + +# Set data location +bashio::log.info "Setting data location to $LOCATION" + +sed -i "1a export HOME=$LOCATION" /etc/s6-overlay/s6-rc.d/svc-web/run || true +sed -i "1a export FM_HOME=$LOCATION" /etc/s6-overlay/s6-rc.d/svc-web/run || true +sed -i "s|/share/webtop_kde|$LOCATION|g" $(find /defaults -type f) || true +sed -i "s|/share/webtop_kde|$LOCATION|g" $(find /etc/cont-init.d -type f) || true +sed -i "s|/share/webtop_kde|$LOCATION|g" $(find /etc/services.d -type f) || true +sed -i "s|/share/webtop_kde|$LOCATION|g" $(find /etc/s6-overlay/s6-rc.d -type f) || true +if [ -d /var/run/s6/container_environment ]; then printf "%s" "$LOCATION" > /var/run/s6/container_environment/HOME; fi +if [ -d /var/run/s6/container_environment ]; then printf "%s" "$LOCATION" > /var/run/s6/container_environment/FM_HOME; fi +{ + printf "%s" "HOME=\"$LOCATION\"" + printf "%s" "FM_HOME=\"$LOCATION\"" +} >> ~/.bashrc + +usermod --home "$LOCATION" abc + +# Create folder +echo "Creating $LOCATION" +mkdir -p "$LOCATION" + +# Set ownership +bashio::log.info "Setting ownership to $PUID:$PGID" +chown "$PUID":"$PGID" "$LOCATION" diff --git a/webtop_kde/rootfs/etc/cont-init.d/20-folders.sh b/webtop_kde/rootfs/etc/cont-init.d/20-folders.sh new file mode 100644 index 000000000..1dd6488e4 --- /dev/null +++ b/webtop_kde/rootfs/etc/cont-init.d/20-folders.sh @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash + +# Define home +HOME="/share/webtop_kde" +mkdir -p $HOME +chown -R abc:abc $HOME + +#adduser USERNAME +#useradd -m abc -p abc diff --git a/webtop_kde/rootfs/etc/cont-init.d/80-configuration.sh b/webtop_kde/rootfs/etc/cont-init.d/80-configuration.sh new file mode 100644 index 000000000..592817b44 --- /dev/null +++ b/webtop_kde/rootfs/etc/cont-init.d/80-configuration.sh @@ -0,0 +1,61 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +# shellcheck disable=SC2015 + +# Add Edge repositories +if bashio::config.true 'edge_repositories'; then + bashio::log.info "Changing app repositories to edge" + { echo "https://dl-cdn.alpinelinux.org/alpine/edge/community"; + echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing"; + echo "https://dl-cdn.alpinelinux.org/alpine/edge/main"; } > /etc/apk/repositories +fi + +# Install rpi video drivers +if bashio::config.true 'rpi_video_drivers'; then + bashio::log.info "Installing Rpi graphic drivers" + apk add --no-cache mesa-dri-vc4 mesa-dri-swrast mesa-gbm xf86-video-fbdev >/dev/null && bashio::log.green "... done" || + bashio::log.red "... not successful. Are you on a rpi?" +fi + +# Fix mate software center +if [ -f /usr/lib/dbus-1.0/dbus-daemon-launch-helper ]; then + echo "Allow software center" + chmod u+s /usr/lib/dbus-1.0/dbus-daemon-launch-helper + service dbus restart +fi + +# Install specific apps +if bashio::config.has_value 'additional_apps'; then + bashio::log.info "Installing additional apps :" + # hadolint ignore=SC2005 + NEWAPPS=$(bashio::config 'additional_apps') + for APP in ${NEWAPPS//,/ }; do + bashio::log.green "... $APP" + # shellcheck disable=SC2015 + apk add --no-cache "$APP" >/dev/null || bashio::log.red "... not successful, please check package name" + done +fi + +# Set TZ +if bashio::config.has_value 'TZ'; then + TIMEZONE=$(bashio::config 'TZ') + bashio::log.info "Setting timezone to $TIMEZONE" + ln -snf /usr/share/zoneinfo/"$TIMEZONE" /etc/localtime && echo "$TIMEZONE" >/etc/timezone +fi + +# Set keyboard +if bashio::config.has_value 'KEYBOARD'; then + KEYBOARD=$(bashio::config 'KEYBOARD') + bashio::log.info "Setting keyboard to $KEYBOARD" + sed -i "1a export KEYBOARD=$KEYBOARD" /etc/s6-overlay/s6-rc.d/svc-web/run + if [ -d /var/run/s6/container_environment ]; then printf "%s" "$KEYBOARD" > /var/run/s6/container_environment/KEYBOARD; fi + printf "%s" "KEYBOARD=\"$KEYBOARD\"" >> ~/.bashrc +fi + +# Set password +if bashio::config.has_value 'PASSWORD'; then + bashio::log.info "Setting password to the value defined in options" + PASSWORD=$(bashio::config 'PASSWORD') + passwd -d abc + echo -e "$PASSWORD\n$PASSWORD" | passwd abc +fi diff --git a/webtop_kde/rootfs/etc/cont-init.d/90-ingress.sh b/webtop_kde/rootfs/etc/cont-init.d/90-ingress.sh new file mode 100644 index 000000000..7abd4dc69 --- /dev/null +++ b/webtop_kde/rootfs/etc/cont-init.d/90-ingress.sh @@ -0,0 +1,36 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash + +################# +# NGINX SETTING # +################# +declare port +declare certfile +declare ingress_interface +declare ingress_port +declare keyfile + +port=$(bashio::addon.port 80) +if bashio::var.has_value "${port}"; then + bashio::config.require.ssl + + if bashio::config.true 'ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') + + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf + sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf + + else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf + fi +fi + +ingress_port=$(bashio::addon.ingress_port) +ingress_interface=$(bashio::addon.ip_address) +sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf +sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf + +# Implement SUBFOLDER value +sed -i "1a SUBFOLDER=$(bashio::addon.ingress_url)" /etc/s6-overlay/s6-rc.d/svc-autostart/run diff --git a/webtop_kde/rootfs/etc/nginx/includes/mime.types b/webtop_kde/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..7c7cdef2d --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/webtop_kde/rootfs/etc/nginx/includes/proxy_params.conf b/webtop_kde/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..1990d4959 --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/webtop_kde/rootfs/etc/nginx/includes/resolver.conf b/webtop_kde/rootfs/etc/nginx/includes/resolver.conf new file mode 100644 index 000000000..70f4982b9 --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/resolver.conf @@ -0,0 +1 @@ +resolver 127.0.0.11 ipv6=off; diff --git a/webtop_kde/rootfs/etc/nginx/includes/server_params.conf b/webtop_kde/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..09c06543e --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,6 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; diff --git a/webtop_kde/rootfs/etc/nginx/includes/ssl_params.conf b/webtop_kde/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..6f1500599 --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/webtop_kde/rootfs/etc/nginx/includes/upstream.conf b/webtop_kde/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..b292326bd --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:8080; +} diff --git a/webtop_kde/rootfs/etc/nginx/nginx.conf b/webtop_kde/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..7e5bc6f7c --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,56 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to Hass.io add-on log. +error_log /proc/1/fd/1 error; + +# Load allowed environment vars +env HASSIO_TOKEN; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + log_format hassio '[$time_local] $status ' + '$http_x_forwarded_for($remote_addr) ' + '$request ($http_user_agent)'; + + access_log /proc/1/fd/1 hassio; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/resolver.conf; + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} diff --git a/webtop_kde/rootfs/etc/nginx/servers/ingress.conf b/webtop_kde/rootfs/etc/nginx/servers/ingress.conf new file mode 100644 index 000000000..bfce50bb0 --- /dev/null +++ b/webtop_kde/rootfs/etc/nginx/servers/ingress.conf @@ -0,0 +1,18 @@ +server { + listen %%interface%%:%%port%% default_server; + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + client_max_body_size 0; + server_name webtop.*; + + location / { + add_header Access-Control-Allow-Origin *; + proxy_pass http://127.0.0.1:3000; + proxy_buffering off; + proxy_read_timeout 30; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + } +} + diff --git a/webtop_kde/rootfs/etc/services.d/nginx/finish b/webtop_kde/rootfs/etc/services.d/nginx/finish new file mode 100644 index 000000000..444240135 --- /dev/null +++ b/webtop_kde/rootfs/etc/services.d/nginx/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/webtop_kde/rootfs/etc/services.d/nginx/run b/webtop_kde/rootfs/etc/services.d/nginx/run new file mode 100644 index 000000000..7e55c9ca6 --- /dev/null +++ b/webtop_kde/rootfs/etc/services.d/nginx/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== + +# Wait for transmission to become available +bashio::net.wait_for 3000 localhost 900 + +bashio::log.info "Starting NGinx..." + +exec nginx diff --git a/webtop_kde/stats.png b/webtop_kde/stats.png index 84d02d278e3826f5f0ba8a90de727de5956dff7b..c9ce82a35924757399a06524376b2452f621bded 100644 GIT binary patch delta 1697 zcmV;S244BW4!RAH8Gi!+0019Did_Hz0V7aMR7L;){{R30prD}t0002M004mhzySXM z?(V=q0LaJyL22Rtz#ssCK)`_iFkpa-002OM0RMphfB)2_Dk}f~06^f-0000Q8X7Y* zGfhoRW@cu8e}9>onX|LAz`(%F%*^HG<^TWx@G>%x?vSn6=6~>2@ZkUd?%jg_w!yFN z?*G>S0RI30WB>sFej3}%{{a60&e8uAlmCBE z@PL5-MF9GMa_N?O@aBxYw`;hD3-$HfpnxF%r2y`N?vw!2-Jso&P(W2{FMt#PfD{yf zKoo#LfPi4YfH`3QfPeu1fI$DCK>wg%|DbUHz`+0ifdBu%&9|QL|L~x;&B6b{&A_mH z|3IMsAilo70G@MhT!{aXAs2rIJxN4CRCt{2oe7qsAQS-Ma=HJJW^9*eWc#dNsd_Wr zZR;0I2@;l$F#rGn0000000000m9eLZ8tvkJAa ztMcXFu6O-rkD|TmJ`RP)vzk0quiNJMr7>sUD1Qk@t-e`4s`u{^r?P*K_E)ps0T#^w z00000005wfZ>JSwPP4F&KJLAeFadTSiA4H5*spJ-&%$}U=_1|2vk+PLG~~)kePNxE z8(vyfmBbIaugL^+ zP<#@QkUURw5$R5F2alEX@;aH7j>k!<}^<;w@&{(n|B}5 zm681zzd%FoK~ynrA|;(?x+ZEVk2K_de{nP{t9HXe3iXu7p6RY_*MLjC{D701$|J4! zpXz-t=t%EOUFBk5o}tyMS%NFImB$)#w_|9w;32i27ab=iO0EzxE?9Rk!Z<|fv9 z=Plb{S}2!Q?^!2-e3}$iqrLM$>s_$s3F*~nUbQbsCQ+Qb-RXO8LJ#FaUyP?W zrjK*kBnpG{rgVRDE?VJYwYp=QQL- zGNNi<;F&&-LCSN6R_TVV!>D3zq(iGLRj$QA<+7nw|0sW3{d~Qgk;=srBPr=M7+TDY zY}Km2ddIqi!ODfYXvo!Iv~w0abZ2zczQAIKz9>-6Vu#MCa4uZzP<-UvXsFs3=!Wfv z7Uj~;8Tm_dgPE^18vG_$Tdfw@>t(HCA|=h%7yRK z>3f%vnSR@5Xf++J%4IWW4ARrlt6b`fnKNnB`S`SEh!#6+Pje)JiAR%3M>E+|;nAU)-de1n?2C@~= zyhje(`e-N}+gfQN9o@RAFCE?LVU%q`kUk-zzW3q-K?R~!tK~<61}NzhB3!j9J_#r! z-FaFR>wC4I&EP_*;Ng+z?8M75U6yS}?71wpy5#)C z?`PX5yzhIgy*vcgecnvmqOXTXqMhL>iRXXD)yTFd?ZQh=40mQcdf}dz@N_#^bKYFf z8h&$s2@Y*0h9@OnnCv~krpMo7ZP6tQlFqqs*V*>hd8;O_o6$_{_sGxTiP72NuDJVY zBwkzrM@QfGC(U7~A^Pf8@^``ff&7@2C4Npnj5$DfE2)7y-&qIV*qu8Fo9%h00000NkvXXu0mjf7>aCW delta 1835 zcmYL~2~g8l9>)W8iHJ=QngRj|wOuHpP{a}>5JF*#j3PlU6}c3MqZCP4NhAaRAPWIQ zg`ovJYLG5RI0^#A{KKg>9CF33HV7nu2`mede>id&LdZrtJ3DXYz2Cg+_xZm0zW2I6 zeu^lw-D3=c!5Z{y-ainHtO3)lkf4A_+RU0*oL=i~!T3E_FU#r7ar}0s;^*)!tNbyd z+hn*~YHFv$@Pplqhj{{H!f{Ll%n^bW;b0O312i#&|7$;VHDeTlK>VPZmwb?9`m+RbKRBFJ6A>HJCyHQKAKBC;q`xjKY>1g5DG!e zPe$)#2}UC}>WStX_6g-7^F~gwJQmI{YrO*mU~|B#2E<$l>RD?0ezv3}cEmPUKjL-b zhg9Q_+fryQlHJYfOOC1(2+x%uih4j6Ze3wM9XdW3C#s1QiTOLv!Qj5Ijd!gTV|S@z zv?M|wD4uJ5O6w##K+X@>O0pu?y_96FAP=c(Q2u1=B&1hc%fr!HT1y(^2p*ZPaOgC@Mj8DH>|Ljbq^) zArDvefq66oymoj_%Uog{B2caL395_|VaisSlC;{mVFHa>xe8PwC0M@M7cHn=OhafrWP!hH9kOfKsM1~?u={vSf;q+9YzQ?4A z00YKpwt9^b6~2{NOd#5Yh_T{uYr>|H(LhQVj|xa5266e~?^Fw2p;gLSGS$-R z;fn1xd!u}SK9)shW}m|%JqL5h`Dsti^qmn^6>Sy%#Q&&rRiVgP2sx#@n&s?~*OGZ- z1OEk-E;Jg+ZUlQK(2lY?340xwF_9oTc4zua&l_wx;&WYsZyiGz;8@zw`^sI^my#o z$=njp$fV0JQ{qHnEh2Fs>hK>fHfjr~X777ZV!z0MmyJA{fUe1VonX9BV4#q=L5YpG z4Hsn5yt|&&0|q{5xeq5-yFduev$m7hBWmQ>LBFQjNn%0Y!>c~jVLz4PuVgsu?||hm zqPSd`ac4UE#D4V?_MgV6Tzz4wt|f8O-SiH`y7;G47$@c{SG8{lifU;pPWviB6l@=j zqJHEssfrVQ*0P{#Cwf6F@zLJTMSCY@5@hu z2j7h_t&bFG6=dsx#2{c^HmsZMH$PVP88j`gxu@C}Rc9K{rG#}kFK#9t<{FX1&Z~wt zMzBP|Yz*XsD5Ad{^;^w`1i5sWgiTc#o(1|T(d>MK%~6Ha{R@Zz!udK9vjjBx@s^e{ z)fo5}34ZV~X^2X&tu;H=TkNixwV^VodvEuwIX~fRGXZo0&m<#4)G1Cy!pLw7b(Anr zwPaG3zSN%<_lsI$eKu~BtBWgbz-wmYwtm0Gp6<`z+76c|XWrR4KA|6vN5_seHLr$= zFJ#_HQVqqUDDr;$o_}g&Jy$e~%1p0p+FC+8K-1;hdoZVmJjI@NNAn_fUVU$uyu5Y) z_~AUjzZu&XTc2|h+znd`J1aO?my`B6{>FbC;S))JglM~n;rYE@k0b2ZGgf!>%=MX= zlI&Y@kgbis>;?E=(J$_AYi|oq*WZ#BR%Mp?NqJuHW}Vh#1Be638nfP{vgZlBDw6xE z3p)4td?&qaX8G98*I93>df;6B+CW!<;0>^}!Jl036{M}1^^(e_<3BMY$?NGH=(_?H z9ykt&q|bzxGn;8Da2R}}L{j+ng{RKH+J`)_NclHobvmFw$v7C<0ni%$wR7U^HWNEM z;REyL7T~)Cdl)OyRynLrl3u-!uvCGAp(N1EQCLb0G>RY|fjZt-Sz|EkPuAgd-)R2R UGvj@RZxI&qx6?tb-z47rFN0XiS^xk5 diff --git a/webtop_kde/updater.json b/webtop_kde/updater.json index 380c8cefe..d6a1344f2 100644 --- a/webtop_kde/updater.json +++ b/webtop_kde/updater.json @@ -1,11 +1,9 @@ { - "dockerhub_list_size": 10, - "github_beta": true, - "github_tagfilter": "alpine-kde-", - "last_update": "23-07-2023", + "github_fulltag": "true", + "last_update": "08-04-2023", "repository": "alexbelgium/hassio-addons", "slug": "webtop_kde", "source": "github", "upstream_repo": "linuxserver/docker-webtop", - "upstream_version": "5.24.5" + "upstream_version": "4.16-r0-ls95" }