clean

brave/rootfs/etc/cont-init.d/20-folders.sh

@@ -1,8 +1,83 @@
-#!/bin/bash
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+# shellcheck disable=SC2046
+set -e
 
-if [ ! -d /config ]; then
-    echo "Creating /config"
-    mkdir -p /config
+# Define user
+PUID=$(bashio::config "PUID")
+PGID=$(bashio::config "PGID")
+
+# Set user for microsoft edge if available
+if [ -f /usr/bin/microsoft-edge-real ]; then
+    chown "$PUID:$PGID" /usr/bin/microsoft-edge*
+    chmod +x /usr/bin/microsoft-edge*
 fi
 
-chown -R "$PUID:$PGID" /config
+# Check data location
+LOCATION=$(bashio::config 'data_location')
+
+if [[ "$LOCATION" = "null" || -z "$LOCATION" ]]; then
+    # Default location
+    LOCATION="/config/data_kde"
+else
+    # Check if config is located in an acceptable location
+    LOCATIONOK=""
+    for location in "/share" "/config" "/data" "/mnt"; do
+        if [[ "$LOCATION" == "$location"* ]]; then
+            LOCATIONOK=true
+        fi
+    done
+
+    if [ -z "$LOCATIONOK" ]; then
+        LOCATION="/config/data_kde"
+        bashio::log.fatal "Your data_location value can only be set in /share, /config or /data (internal to addon). It will be reset to the default location : $LOCATION"
+    fi
+fi
+
+# Set data location
+bashio::log.info "Setting data location to $LOCATION"
+
+# Correct home locations
+for file in /etc/s6-overlay/s6-rc.d/*/run; do
+    if [ "$(sed -n '1{/bash/p};q' "$file")" ]; then
+        sed -i "1a export HOME=$LOCATION" "$file"
+        sed -i "1a export FM_HOME=$LOCATION" "$file"
+    fi
+done
+
+# Correct home location
+for folders in /defaults /etc/cont-init.d /etc/services.d /etc/s6-overlay/s6-rc.d; do
+    if [ -d "$folders" ]; then
+        sed -i "s|/config/data_kde|$LOCATION|g" $(find "$folders" -type f) &> /dev/null || true
+    fi
+done
+
+#  Change user home
+sed -i "s|^\(abc:[^:]*:[^:]*:[^:]*:[^:]*:\)[^:]*|\1$LOCATION|" /etc/passwd
+#usermod --home "$LOCATION" abc || true
+
+# Add environment variables
+if [ -d /var/run/s6/container_environment ]; then printf "%s" "$LOCATION" > /var/run/s6/container_environment/HOME; fi
+if [ -d /var/run/s6/container_environment ]; then printf "%s" "$LOCATION" > /var/run/s6/container_environment/FM_HOME; fi
+{
+    printf "%s\n" "export HOME=\"$LOCATION\""
+    printf "%s\n" "export FM_HOME=\"$LOCATION\""
+} >> ~/.bashrc
+
+# Create folder
+echo "Creating $LOCATION"
+mkdir -p "$LOCATION"
+
+# Create cache
+mkdir -p /.cache
+chmod 755 /.cache
+if [ -d "/config/.cache" ]; then
+    cp -rf /config/.cache /.cache
+    rm -r /config/.cache
+fi
+ln -sf /config/.cache /.cache
+
+# Set ownership
+bashio::log.info "Setting ownership to $PUID:$PGID"
+chown -R "$PUID":"$PGID" "$LOCATION"
+chmod -R 700 "$LOCATION"

brave/rootfs/etc/cont-init.d/80-configuration.sh

@@ -3,6 +3,23 @@
 # shellcheck disable=SC2015
 set -e
 
+# Install specific apps
+if bashio::config.has_value 'additional_apps'; then
+    bashio::log.info "Installing additional apps :"
+    # hadolint ignore=SC2005
+    NEWAPPS=$(bashio::config 'additional_apps')
+    for packagestoinstall in ${NEWAPPS//,/ }; do
+        bashio::log.green "... $packagestoinstall"
+        if command -v "apk" &> /dev/null; then
+            apk add --no-cache "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found")
+        elif command -v "apt" &> /dev/null; then
+            apt-get install -yqq --no-install-recommends "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found")
+        elif command -v "pacman" &> /dev/null; then
+            pacman --noconfirm -S "$packagestoinstall" &> /dev/null || (bashio::log.fatal "Error : $packagestoinstall not found")
+        fi
+    done
+fi
+
 # Set TZ
 if bashio::config.has_value 'TZ'; then
     TIMEZONE=$(bashio::config 'TZ')
@@ -11,11 +28,45 @@ if bashio::config.has_value 'TZ'; then
     echo "$TIMEZONE" > /etc/timezone
 fi || (bashio::log.fatal "Error : $TIMEZONE not found. Here is a list of valid timezones : https://manpages.ubuntu.com/manpages/focal/man3/DateTime::TimeZone::Catalog.3pm.html")
 
-for env_var in CUSTOM_USER PASSWORD DRI_NODE DRINODE; do
-    if bashio::config.has_value "${env_var}"; then
-        bashio::log.info "Setting ${env_var} from add-on configuration"
-        if [ -d /var/run/s6/container_environment ]; then
-            printf "%s" "$(bashio::config "${env_var}")" > "/var/run/s6/container_environment/${env_var}"
-        fi
+# Set keyboard
+if bashio::config.has_value 'KEYBOARD'; then
+    KEYBOARD=$(bashio::config 'KEYBOARD')
+    bashio::log.info "Setting keyboard to $KEYBOARD"
+    if [ -d /var/run/s6/container_environment ]; then printf "%s" "$KEYBOARD" > /var/run/s6/container_environment/KEYBOARD; fi
+    printf "%s\n" "KEYBOARD=\"$KEYBOARD\"" >> ~/.bashrc
+fi || true
+
+# Set password
+if bashio::config.has_value 'PASSWORD'; then
+    bashio::log.info "Setting password to the value defined in options"
+    PASSWORD=$(bashio::config 'PASSWORD')
+    passwd -d abc
+    echo -e "$PASSWORD\n$PASSWORD" | passwd abc
+elif ! bashio::config.has_value 'PASSWORD' && [[ -n "$(bashio::addon.port "3000")" ]] && [[ -n $(bashio::addon.port "3001") ]]; then
+    bashio::log.warning "SEVERE RISK IDENTIFIED"
+    bashio::log.warning "You are opening an external port but your password is not defined"
+    bashio::log.warning "You risk being hacked ! Please disable the external ports, or use a password"
+fi
+
+# Set password
+if bashio::config.true 'install_ms_edge'; then
+    bashio::log.info "Adding microsoft edge"
+    # Install edge
+    apt-get update
+    echo "**** install edge ****"
+    apt-get install --no-install-recommends -y ca-certificates
+    if [ -z ${EDGE_VERSION+x} ]; then
+        EDGE_VERSION=$(curl -sL https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-stable/ \
+            | awk -F'(<a href="microsoft-edge-stable_|_amd64.deb\")' '/href=/ {print $2}' | sort --version-sort | tail -1)
     fi
-done
+    curl -o /tmp/edge.deb -L "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-stable/microsoft-edge-stable_${EDGE_VERSION}_amd64.deb"
+    dpkg -I /tmp/edge.deb
+    apt-get install --no-install-recommends -y /tmp/edge.deb
+    echo "**** edge docker tweaks ****"
+    if [ -f /usr/bin/microsoft-edge-stable ]; then
+        mv /usr/bin/microsoft-edge-stable /usr/bin/microsoft-edge-real
+    else
+        mv /usr/bin/microsoft-edge /usr/bin/microsoft-edge-real
+    fi
+    mv /helpers/microsoft-edge-stable /usr/bin/
+fi

brave/rootfs/etc/cont-init.d/90-ingress.sh

@@ -2,28 +2,28 @@
 # shellcheck shell=bash
 set -e
 
-declare ingress_user
-declare ingress_interface
-declare ingress_port
-
-ingress_user='admin'
-if bashio::config.has_value 'ingress_user'; then
-    ingress_user=$(bashio::config 'ingress_user')
-fi
-
-ingress_port=$(bashio::addon.ingress_port)
-ingress_interface=$(bashio::addon.ip_address)
-
-sed -i "s/%%ingress_user%%/${ingress_user}/g" /etc/nginx/servers/ingress.conf
-sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
-sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
-sed -i "s|%%UIPATH%%|$(bashio::addon.ingress_entry)|g" /etc/nginx/servers/ingress.conf
-
+# nginx Path
+NGINX_CONFIG=/etc/nginx/sites-available/ingress.conf
 SUBFOLDER="$(bashio::addon.ingress_entry)"
-if [[ -n "${SUBFOLDER}" && "${SUBFOLDER}" != "/" ]]; then
-    [[ "${SUBFOLDER}" == */ ]] || SUBFOLDER="${SUBFOLDER}/"
-fi
 
-if [ -d /var/run/s6/container_environment ]; then
-    printf "%s" "${SUBFOLDER}" > /var/run/s6/container_environment/SUBFOLDER
-fi
+# Copy template
+cp /defaults/default.conf "${NGINX_CONFIG}"
+# Remove ssl part
+awk -v n=4 '/server/{n--}; n > 0' "${NGINX_CONFIG}" > tmpfile
+mv tmpfile "${NGINX_CONFIG}"
+
+# Remove ipv6
+sed -i '/listen \[::\]/d' "${NGINX_CONFIG}"
+# Add ingress parameters
+sed -i "s|3000|$(bashio::addon.ingress_port)|g" "${NGINX_CONFIG}"
+sed -i '/proxy_buffering/a proxy_set_header Accept-Encoding "";' "${NGINX_CONFIG}"
+sed -i '/proxy_buffering/a sub_filter_once off;' "${NGINX_CONFIG}"
+sed -i '/proxy_buffering/a sub_filter_types *;' "${NGINX_CONFIG}"
+sed -i '/proxy_buffering/a sub_filter "vnc/index.html?autoconnect" "vnc/index.html?path=%%path%%/websockify?autoconnect";' "${NGINX_CONFIG}"
+sed -i "s|%%path%%|${SUBFOLDER:1}|g" "${NGINX_CONFIG}"
+
+# Correct image
+sed -i "s|SUBFOLDERwebsockify|/websockify|g" "${NGINX_CONFIG}"
+
+# Enable ingress
+cp "${NGINX_CONFIG}" /etc/nginx/sites-enabled

brave/rootfs/etc/cont-init.d/90-ssl.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+if bashio::config.true 'use_own_certs'; then
+    bashio::log.green "Using referenced ssl certificates to connect with https. Please remember to open the ssl port in the addon options"
+    CERTFILE="$(bashio::config 'certfile')"
+    KEYFILE="$(bashio::config 'keyfile')"
+    NGINX_CONFIG="/defaults/default.conf"
+
+    #Check if files exist
+    echo "... checking if referenced files exist"
+    if [ -f /ssl/"$CERTFILE" ] && [ -f /ssl/"$KEYFILE" ]; then
+        # Add ssl file
+        sed -i "s|/config/data/ssl/cert.pem|/ssl/$CERTFILE|g" "$NGINX_CONFIG"
+        sed -i "s|/config/data/ssl/cert.key|/ssl/$KEYFILE|g" "$NGINX_CONFIG"
+        echo "... done"
+    else
+        bashio::log.warning "...  certificate /ssl/$CERTFILE and /ssl/$KEYFILE and not found, using self-generated certificates"
+    fi
+
+fi

brave/rootfs/etc/nginx/includes/upstream.conf

@@ -1,3 +1,3 @@
 upstream backend {
-    server 127.0.0.1:3001;
+    server 127.0.0.1:8080;
 }

brave/rootfs/etc/nginx/nginx.conf

@@ -1,56 +0,0 @@
-# Run nginx in foreground.
-# daemon off;
-
-# This is run inside Docker.
-user root;
-
-# Pid storage location.
-pid /var/run/nginx.pid;
-
-# Set number of worker processes.
-worker_processes 1;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
-pcre_jit on;
-
-# Write error log to Hass.io add-on log.
-error_log /proc/1/fd/1 error;
-
-# Load allowed environment vars
-env HASSIO_TOKEN;
-
-# Load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
-# Max num of simultaneous connections by a worker process.
-events {
-    worker_connections 512;
-}
-
-http {
-    include /etc/nginx/includes/mime.types;
-
-    log_format hassio '[$time_local] $status '
-                        '$http_x_forwarded_for($remote_addr) '
-                        '$request ($http_user_agent)';
-
-    access_log              /proc/1/fd/1 hassio;
-    client_max_body_size    4G;
-    default_type            application/octet-stream;
-    gzip                    on;
-    keepalive_timeout       65;
-    sendfile                on;
-    server_tokens           off;
-    tcp_nodelay             on;
-    tcp_nopush              on;
-
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
-
-    include /etc/nginx/includes/resolver.conf;
-    include /etc/nginx/includes/upstream.conf;
-
-    include /etc/nginx/servers/*.conf;
-}

brave/rootfs/etc/nginx/servers/ingress.conf

@@ -1,18 +0,0 @@
-server {
-    listen %%interface%%:%%port%% default_server;
-    include /etc/nginx/includes/server_params.conf;
-    include /etc/nginx/includes/proxy_params.conf;
-    client_max_body_size 0;
-
-    location / {
-       allow   172.30.32.2;
-       deny    all;
-       proxy_set_header X-WebAuth-User %%ingress_user%%;
-       proxy_set_header X-Script-Name %%UIPATH%%;
-
-       proxy_buffering off;
-       proxy_ssl_verify off;
-       proxy_ssl_server_name on;
-       proxy_pass https://backend;
-    }
-}

brave/rootfs/etc/services.d/nginx/finish

@@ -1,8 +0,0 @@
-#!/usr/bin/execlineb -S0
-# ==============================================================================
-# Take down the S6 supervision tree when Nginx fails
-# ==============================================================================
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services

brave/rootfs/etc/services.d/nginx/run

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# shellcheck shell=bash
-set -e
-# ==============================================================================
-
-bashio::net.wait_for 3001 localhost 900
-
-bashio::log.info "Starting NGinx..."
-
-exec nginx