Garbaye/services-garbaye
3
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

Commandes podman : invocation explicite container/image

Browse source
This commit is contained in:
Gitouche 2023-04-21 13:53:55 +02:00
parent 93c1f9cd8e
commit 69adeb772c
37 changed files with 95 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
_podman-common/00_status_container.sh
View file

@ -9,11 +9,11 @@ ensure_not_root
echo "Podman images status..."
for image in ${upstream_images} ; do
podman images ${image} | grep ${image} || echo Image ${image} not found.
podman image list ${image} | grep ${image} || echo Image ${image} not found.
done
echo
echo "Checking container status..."
podman ps -a | grep ${container_name} || echo container ${container_name} not found.
podman container list -a | grep ${container_name} || echo container ${container_name} not found.
echo
echo "Checking systemd unit status..."
systemctl --user status ${service_name}

2
_podman-common/00_status_pod.sh
View file

@ -9,7 +9,7 @@ ensure_not_root
echo "Podman images status..."
for image in ${upstream_images} ; do
podman images ${image} | grep ${image} || echo Image ${image} not found.
podman image list ${image} | grep ${image} || echo Image ${image} not found.
done
echo
echo "Checking pod status..."

4
_podman-common/40_stop_container.sh
View file

@ -21,10 +21,10 @@ if check_systemd_unit_exists ${service_name}; then
fi
fi
# Check if running through podman (no systemd), stop with podman stop , then exit
# Check if running through podman (no systemd), stop with podman container stop , then exit
if check_container_running ${container_name}; then
echo Container found running without systemd unit, stopping it now.
podman stop ${container_name}
podman container stop ${container_name}
exit 0
else
echo Container ${container_name} is not running.

2
_podman-common/40_stop_pod.sh
View file

@ -21,7 +21,7 @@ if check_systemd_unit_exists ${service_name}; then
fi
fi
# Check if running through podman (no systemd), stop with podman stop , then exit
# Check if running through podman (no systemd), stop with podman pod stop , then exit
if check_pod_running ${pod_name}; then
echo Pod found running without systemd unit, stopping it now.
podman pod stop ${pod_name}

2
_podman-common/80_destroy_container.sh
View file

@ -17,7 +17,7 @@ ${ABSDIR}/70_disable.sh
rm -f ${HOME}/.config/systemd/user/${service_name}
systemctl --user daemon-reload
podman rm ${container_name}
podman container rm ${container_name}
for volume in ${nonpersistent_volumes}; do
podman volume rm ${volume}

2
_podman-common/90_prune_container.sh
View file

@ -18,5 +18,5 @@ ensure_systemd_unit_not_exists ${service_name}
# remove images
for image in ${upstream_images} ; do
podman rmi -f $(podman images -a -q -- ${image}) || echo Image ${image} not found.
podman image rm -f $(podman image list -a -q -- ${image}) || echo Image ${image} not found.
done

2
_podman-common/90_prune_pod.sh
View file

@ -18,5 +18,5 @@ ensure_systemd_unit_not_exists ${service_name}
# remove images
for image in ${upstream_images} ; do
podman rmi -f $(podman images -a -q -- ${image}) || echo Image ${image} not found.
podman image rm -f $(podman image list -a -q -- ${image}) || echo Image ${image} not found.
done

4
functions.sh
View file

@ -311,9 +311,9 @@ oci_push_to_registry () {
if ! skopeo inspect --format "Image ${1} found on remote container registry." docker://${1}; then
if podman image exists ${1}; then
ensure_variables_are_defined "CONTAINER_REPO_USER CONTAINER_REPO_PASSWORD"
podman push --creds=${CONTAINER_REPO_USER}:${CONTAINER_REPO_PASSWORD} ${1} &&
podman image push --creds=${CONTAINER_REPO_USER}:${CONTAINER_REPO_PASSWORD} ${1} &&
podman image rm ${1} &&
podman pull ${1}
podman image pull ${1}
else
echo "Error : image ${1} does not exists"
exit 1

6
podman-framadate/10_install.sh
View file

@ -34,13 +34,13 @@ export listen_if
export listen_port
if ! podman image exists ${framadate_image}:${framadate_version}; then
podman pull ${framadate_image}:${framadate_version}
podman image pull ${framadate_image}:${framadate_version}
fi
podman pull ${mysql_image}:${mysql_version} &&
podman image pull ${mysql_image}:${mysql_version} &&
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for initialization to end... " &&
( podman logs -f framadate-app 2>&1 & ) | grep -q 'configured -- resuming normal operations' &&
( podman container logs -f framadate-app 2>&1 & ) | grep -q 'configured -- resuming normal operations' &&
echo "OK" &&
shred -u .env &&
podman pod stop ${pod_name}

2
podman-framadate/ci_build_images.sh
View file

@ -8,7 +8,7 @@ ensure_pwd_is_scriptdir
ensure_not_root
if ! podman image exists ${framadate_image}:${framadate_version}; then
podman build -t "${framadate_image}":"${framadate_version}" --build-arg=version="${framadate_version}" docker/
podman image build -t "${framadate_image}":"${framadate_version}" --build-arg=version="${framadate_version}" docker/
else
echo "Image ${framadate_image}:${framadate_version} already built"
fi

6
podman-gitea/10_install.sh
View file

@ -54,14 +54,14 @@ export sshlisten_port
if ! podman image exists ${gitea_image}:${gitea_version}; then
podman image pull ${gitea_image}:${gitea_version} || exit 1
fi
podman pull ${postgres_image}:${postgres_version} &&
podman image pull ${postgres_image}:${postgres_version} &&
# force refresh of app.ini
podman unshare rm -f `get_podman_volume_path ${datavolume}`/gitea/conf/app.ini
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for gitea to finish starting " &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'NewServer()' &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'NewServer()' &&
echo "OK" &&
podman exec --user 1000:1000 gitea gitea embedded extract --overwrite --destination /data/gitea/ 'templates/home.tmpl'
podman container exec --user 1000:1000 gitea gitea embedded extract --overwrite --destination /data/gitea/ 'templates/home.tmpl'
podman unshare sed -i '/{{.locale.Tr \"startpage.app_desc\"}}/,${s//Plateforme collaborative de projets libres./;b};$q1' `get_podman_volume_path ${datavolume}`/gitea/templates/home.tmpl &&
podman unshare sed -i '/{{.locale.Tr \"startpage.install\"}}/,${s//Qui peut avoir un compte ?/;b};$q1' `get_podman_volume_path ${datavolume}`/gitea/templates/home.tmpl &&
podman unshare sed -i '/{{.locale.Tr \"startpage.install_desc\" | Str2html}}/,${s//Tous ceux qui partagent de près ou de loin nos idées ou notre vision./;b};$q1' `get_podman_volume_path ${datavolume}`/gitea/templates/home.tmpl &&

4
podman-gitea/README.md
View file

@ -3,11 +3,11 @@
## Notes
Pour ajouter un utilisateur (premier compte admin ou si la création de comptes est désactivée) :
```
podman exec --user git gitea gitea admin user create --admin --username <name> --password <password> --email <email>
podman container exec --user git gitea gitea admin user create --admin --username <name> --password <password> --email <email>
```
Vérification de la bonne santé de l'instance, à faire après chaque mise à jour :
```
podman exec --user git gitea gitea doctor --all --log-file ""
podman container exec --user git gitea gitea doctor --all --log-file ""
```
[Config cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)

4
podman-gitea/ci_build-images.sh
View file

@ -19,8 +19,8 @@ if ! podman image exists ${gitea_image}:${gitea_version}; then
rm -rf ${buildfolder}
podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman images -a -q -- docker.io/library/golang)
podman image rm -f $(podman images -a -q -- docker.io/library/alpine)
podman image rm -f $(podman image list -a -q -- docker.io/library/golang)
podman image rm -f $(podman image list -a -q -- docker.io/library/alpine)
else
echo "Image ${gitea_image}:${gitea_version} already built"
fi

2
podman-hedgedoc/10_install.sh
View file

@ -85,7 +85,7 @@ if ! podman image exists ${database_image}:${database_version}; then
fi
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for hedgedoc to finish starting " &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'HTTP Server listening at ' &&
echo "OK" &&
podman pod stop ${pod_name} &&
echo Pod built and stopped. &&

2
podman-hedgedoc/README.md
View file

@ -1,5 +1,5 @@
# Créer un utilisateur
Une fois le service démarré exécuter la coammande suivante en remplaçant user@domain.tld par ládresse de l'utilisateur et définir un mot de passe :
```
podman exec --tty -i podman-hedgedoc_app bin/manage_users --add user@domain.tld
podman container exec --tty -i podman-hedgedoc_app bin/manage_users --add user@domain.tld
```

12
podman-hedgedoc/ci_build-images.sh
View file

@ -14,22 +14,22 @@ if ! podman image exists ${hedgedoc_image}:${hedgedoc_version}; then
git clone --depth=1 https://github.com/hedgedoc/container ${buildfolder}/ && {
sed_in_place '^FROM --platform=$BUILDPLATFORM node' 'FROM --platform=$BUILDPLATFORM docker.io/library/node' ${buildfolder}/alpine/Dockerfile
sed_in_place "^FROM node" "FROM docker.io/library/node" ${buildfolder}/alpine/Dockerfile
podman pull docker.io/moby/buildkit:latest
podman run -d --name buildkitd --privileged docker.io/moby/buildkit:latest &&
podman image pull docker.io/moby/buildkit:latest
podman container run -d --name buildkitd --privileged docker.io/moby/buildkit:latest &&
my_buildctl --addr=podman-container://buildkitd build \
--frontend dockerfile.v0 \
--opt build-arg:VERSION=${hedgedoc_version/%-alpine/} \
--local context=${buildfolder}/ \
--local dockerfile=${buildfolder}/alpine/ \
--output type=oci,name="${hedgedoc_image}:${hedgedoc_version}" | \
podman load &&
podman rm --force buildkitd &&
podman rmi docker.io/moby/buildkit:latest
podman image load &&
podman container rm --force buildkitd &&
podman image rm docker.io/moby/buildkit:latest
}
rm -rf ${buildfolder}
podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman images -a -q -- docker.io/library/node)
podman image rm -f $(podman image list -a -q -- docker.io/library/node)
else
echo "Image ${hedgedoc_image}:${hedgedoc_version} already built"
fi

6
podman-jitsi/10_install.sh
View file

@ -67,9 +67,9 @@ export listen_port
podman-compose --pod-args "--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
# Wait for web to be up
( podman logs --tail=3 -f ${project_name}_web_1 2>&1 & ) | grep -q '^\[services.d\] done.$' &&
podman cp assets/welcome-background.png ${project_name}_web_1:/usr/share/jitsi-meet/images/welcome-background.png &&
podman exec -t ${project_name}_web_1 chmod 444 /usr/share/jitsi-meet/images/welcome-background.png &&
( podman container logs --tail=3 -f ${project_name}_web_1 2>&1 & ) | grep -q '^\[services.d\] done.$' &&
podman container cp assets/welcome-background.png ${project_name}_web_1:/usr/share/jitsi-meet/images/welcome-background.png &&
podman container exec -t ${project_name}_web_1 chmod 444 /usr/share/jitsi-meet/images/welcome-background.png &&
podman pod stop ${pod_name} && echo Pod built and stopped.
# cleanup

4
podman-jitsi/50_update.sh
View file

@ -10,7 +10,7 @@ ensure_not_root
ensure_pod_exists ${pod_name}
ensure_systemd_unit_exists ${service_name}
current_version=$(podman ps -a --format "{{.Image}}" | grep prosody | awk -F: '{print $NF}')
current_version=$(podman container list -a --format "{{.Image}}" | grep prosody | awk -F: '{print $NF}')
reinstall_please () {
for image in ${upstream_images}; do
@ -32,7 +32,7 @@ cleanup_images () {
case $yn in
Yes)
for image in ${upstream_images}; do
podman rmi ${image}:${current_version}
podman image rm ${image}:${current_version}
done
exit 0
;;

22
podman-jitsi/ci_build-images.sh
View file

@ -10,13 +10,13 @@ ensure_not_root
buildfolder=/tmp/docker-jitsi-meet-$$
build_base() {
podman pull docker.io/library/debian:bullseye-slim
podman image pull docker.io/library/debian:bullseye-slim
if ! podman image exists localhost/jitsi/base:${version}; then
podman build -t localhost/jitsi/base:${version} ${buildfolder}/base/ &&
podman image build -t localhost/jitsi/base:${version} ${buildfolder}/base/ &&
podman image tag localhost/jitsi/base:${version} localhost/jitsi/base:latest || exit -1
fi
if ! podman image exists localhost/jitsi/base-java:${version}; then
podman build -t localhost/jitsi/base-java:${version} ${buildfolder}/base-java &&
podman image build -t localhost/jitsi/base-java:${version} ${buildfolder}/base-java &&
podman image tag localhost/jitsi/base-java:${version} localhost/jitsi/base-java:latest || exit -1
fi
base_cleanup=true
@ -26,28 +26,28 @@ mkdir ${buildfolder} &&
curl -sSfL -- "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/${version}.tar.gz" | tar xz --strip-components 1 -C ${buildfolder}/ && {
if ! podman image exists git.garbaye.fr/garbaye/jitsi-jvb:${version}; then
build_base
podman build -t git.garbaye.fr/garbaye/jitsi-jvb:${version} ${buildfolder}/jvb/ || exit -1
podman image build -t git.garbaye.fr/garbaye/jitsi-jvb:${version} ${buildfolder}/jvb/ || exit -1
fi
if ! podman image exists git.garbaye.fr/garbaye/jitsi-jicofo:${version}; then
build_base
podman build -t git.garbaye.fr/garbaye/jitsi-jicofo:${version} ${buildfolder}/jicofo/ || exit -1
podman image build -t git.garbaye.fr/garbaye/jitsi-jicofo:${version} ${buildfolder}/jicofo/ || exit -1
fi
if ! podman image exists git.garbaye.fr/garbaye/jitsi-prosody:${version}; then
build_base
podman build -t git.garbaye.fr/garbaye/jitsi-prosody:${version} ${buildfolder}/prosody/ || exit -1
podman image build -t git.garbaye.fr/garbaye/jitsi-prosody:${version} ${buildfolder}/prosody/ || exit -1
fi
if ! podman image exists git.garbaye.fr/garbaye/jitsi-web:${version}; then
build_base
# Fix for aardvark-dns < 1.2.0
# cf. https://git.garbaye.fr/Garbaye/services-garbaye/issues/7
sed_in_place "resolver {{ .Env.NGINX_RESOLVER }};" "resolver {{ .Env.NGINX_RESOLVER }} ipv6=off;" ${buildfolder}/web/rootfs/defaults/nginx.conf
podman build -t git.garbaye.fr/garbaye/jitsi-web:${version} ${buildfolder}/web/ || exit -1
podman image build -t git.garbaye.fr/garbaye/jitsi-web:${version} ${buildfolder}/web/ || exit -1
fi
dangling_images=$(podman images -f "dangling=true" -q)
[ ! -z "${dangling_images}" ] && podman rmi -f ${dangling_images}
dangling_images=$(podman image list -f "dangling=true" -q)
[ ! -z "${dangling_images}" ] && podman image rm -f ${dangling_images}
if [ ! -z ${base_cleanup} ] ; then
podman rmi localhost/jitsi/base-java:${version} localhost/jitsi/base-java:latest
podman rmi localhost/jitsi/base:${version} localhost/jitsi/base:latest
podman image rm localhost/jitsi/base-java:${version} localhost/jitsi/base-java:latest
podman image rm localhost/jitsi/base:${version} localhost/jitsi/base:latest
fi
} ; rm -rf ${buildfolder}

4
podman-matrix/05_freshinstall.sh
View file

@ -19,8 +19,8 @@ podman image pull ${synapse_image}:${synapse_version} &&
podman image exists ${synapse_image}:${synapse_version} &&
podman volume create ${confvolume} &&
podman volume create ${dbvolume} &&
podman run -it --name ${container_name}-generate --mount type=volume,src=${confvolume},dst=/data -e SYNAPSE_SERVER_NAME=${GARBAYE_MATRIX_DOMAIN} -e SYNAPSE_REPORT_STATS=no ${synapse_image}:${synapse_version} generate &&
podman rm ${container_name}-generate &&
podman container run -it --name ${container_name}-generate --mount type=volume,src=${confvolume},dst=/data -e SYNAPSE_SERVER_NAME=${GARBAYE_MATRIX_DOMAIN} -e SYNAPSE_REPORT_STATS=no ${synapse_image}:${synapse_version} generate &&
podman container rm ${container_name}-generate &&
podman unshare sed -i -e "s|^#public_baseurl: https://example.com/$|public_baseurl: ${GARBAYE_MATRIX_URL}|g" `get_podman_volume_path ${confvolume}`/homeserver.yaml &&
podman unshare sed -z -i -e "s|database:\n name: sqlite3\n args:\n database: /data/homeserver.db|database:\n name: psycopg2\n args:\n user: synapse\n password: ${GARBAYE_MATRIX_POSTGRES_PASSWORD}\n database: synapse\n host: synapse-db\n port: 5432\n cp_min: 5\n cp_max: 10|g" `get_podman_volume_path ${confvolume}`/homeserver.yaml &&
podman unshare sed -i -e "s|^#enable_registration: false$|enable_registration: false|g" `get_podman_volume_path ${confvolume}`/homeserver.yaml &&

10
podman-matrix/10_install.sh
View file

@ -23,12 +23,12 @@ fi
if ! podman image pull ${synapse_image}:${synapse_version}; then
podman image pull ${synapse_image}:${synapse_version} || exit 1
fi
podman pull ${postgres_image}:${postgres_version} &&
podman image pull ${postgres_image}:${postgres_version} &&
if ! podman network exists ${project_name}_default; then
podman network create ${project_name}_default
fi
podman pod create --name ${pod_name} --infra=true --infra-name=${project_name}_infra --share='' &&
podman run -d --name ${db_container_name} --pod ${pod_name} --requires=${project_name}_infra --net ${project_name}_default \
podman container run -d --name ${db_container_name} --pod ${pod_name} --requires=${project_name}_infra --net ${project_name}_default \
--mount type=volume,src=${dbvolume},dst=/var/lib/postgresql/data/ \
-e POSTGRES_PASSWORD=${GARBAYE_MATRIX_POSTGRES_PASSWORD} \
-e POSTGRES_USER=${container_name} \
@ -36,12 +36,12 @@ podman run -d --name ${db_container_name} --pod ${pod_name} --requires=${project
-e POSTGRES_INITDB_ARGS="--encoding=UTF8 --locale=C" \
${postgres_image}:${postgres_version} &&
echo -n "Waiting for PostgreSQL to be ready... " &&
( podman logs -f synapse-db 2>&1 & ) | grep -q 'database system is ready to accept connections' &&
( podman container logs -f ${db_container_name} 2>&1 & ) | grep -q 'database system is ready to accept connections' &&
echo "OK." &&
podman run -d --name ${container_name} --pod ${pod_name} --requires=${project_name}_infra --net ${project_name}_default \
podman container run -d --name ${container_name} --pod ${pod_name} --requires=${project_name}_infra --net ${project_name}_default \
--mount type=volume,src=${confvolume},dst=/data --publish ${listen_if}:${listen_port}:8008 ${synapse_image}:${synapse_version} &&
echo -n "Waiting for background tasks to end... " &&
( podman logs -f synapse 2>&1 & ) | grep -q 'No more background updates to do' &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'No more background updates to do' &&
echo "OK." &&
podman pod stop ${pod_name} &&
echo "Done. Pod built and stopped."

4
podman-matrix/50_update.sh
View file

@ -11,7 +11,7 @@ ensure_pod_exists ${pod_name}
ensure_systemd_unit_exists ${service_name}
ensure_variables_are_defined "$envvars"
current_version=$(podman ps -a --format "{{.Image}}" | grep synapse | awk -F: '{print $NF}')
current_version=$(podman container list -a --format "{{.Image}}" | grep synapse | awk -F: '{print $NF}')
reinstall_please () {
for image in ${upstream_images}; do
@ -32,7 +32,7 @@ cleanup_images () {
select yn in "Yes" "No"; do
case $yn in
Yes)
podman rmi ${synapse_image}:${current_version}
podman image rm ${synapse_image}:${current_version}
exit 0
;;
No)

4
podman-matrix/README.md
View file

@ -1,11 +1,11 @@
# Matrix (Synapse)
## Créer un utilisateur après le ./30_start.sh
``` bash
podman exec -ti synapse register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
podman container exec -ti synapse register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
```
## Accéder à l'administration de l'instance pour gérer les utilisateurs, salons, medias...
``` bash
podman run --rm --rmi -p 8080:80 docker://awesometechnologies/synapse-admin
podman container run --rm --rmi -p 8080:80 docker://awesometechnologies/synapse-admin
```
Se connecter ensuite à l'interface web avec un compte disposant des permissions "admistrateur serveur" sur http://localhost:8080

10
podman-matrix/ci_build-images.sh
View file

@ -12,16 +12,16 @@ buildfolder=/tmp/synapse-$$
if ! podman image exists ${synapse_image}:${synapse_version}; then
mkdir ${buildfolder} &&
curl -sSfL -- "https://github.com/matrix-org/synapse/archive/refs/tags/${synapse_version}.tar.gz" | \tar xz --strip-components 1 -C ${buildfolder}/ && {
podman pull docker.io/moby/buildkit:latest
podman run -d --name buildkitd --privileged docker.io/moby/buildkit:latest &&
podman image pull docker.io/moby/buildkit:latest
podman container run -d --name buildkitd --privileged docker.io/moby/buildkit:latest &&
my_buildctl --addr=podman-container://buildkitd build \
--frontend dockerfile.v0 \
--local context=${buildfolder}/ \
--local dockerfile=${buildfolder}/docker/ \
--output type=oci,name="${synapse_image}:${synapse_version}" | \
podman load &&
podman rm --force buildkitd &&
podman rmi docker.io/moby/buildkit:latest
podman image load &&
podman container rm --force buildkitd &&
podman image rm docker.io/moby/buildkit:latest
}
rm -rf ${buildfolder}
else

8
podman-ntfy/10_install.sh
View file

@ -19,13 +19,13 @@ if ! podman image exists ${ntfy_image}:${ntfy_version}; then
podman image pull ${ntfy_image}:${ntfy_version} || exit 1
fi
podman run --name ${container_name} \
podman container run --name ${container_name} \
-p ${listen_if}:${listen_port}:8080 \
-e TZ='Europe/Paris' \
-v ${ntfy_data_volume}:/var/lib/ntfy:Z \
-d ${ntfy_image}:${ntfy_version} serve \
--listen-http :8080 --base-url ${GARBAYE_NTFY_BASE_URL} &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'INFO Listening on' &&
podman cp config/server.yml ${container_name}:/etc/ntfy/server.yml &&
podman stop ${container_name} &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'INFO Listening on' &&
podman container cp config/server.yml ${container_name}:/etc/ntfy/server.yml &&
podman container stop ${container_name} &&
echo Container ${container_name} successfully built and stopped.

2
podman-ntfy/50_update.sh
View file

@ -31,7 +31,7 @@ cleanup_images () {
select yn in "Yes" "No"; do
case $yn in
Yes)
podman rmi ${current_image}:${current_version}
podman image rm ${current_image}:${current_version}
exit 0
;;
No)

10
podman-ntfy/README.md
View file

@ -1,24 +1,24 @@
# Utilisateurs et Permissions (ACL)
Documentation pour la gestion des [utilisateurs](https://docs.ntfy.sh/config/#users-and-roles) et [permissions](https://docs.ntfy.sh/config/#access-control-list-acl).
Pour lancer ntfy en interactif dans l'environnement `podman`, préfixer les commandes par `podman exec -it podman-ntfy` :
Pour lancer ntfy en interactif dans l'environnement `podman`, préfixer les commandes par `podman container exec -it podman-ntfy` :
```
$ podman exec -it podman-ntfy ntfy access
$ podman container exec -it podman-ntfy ntfy access
user * (anonymous)
- no topic-specific permissions
- read-write access to all (other) topics (server config)
$ podman exec -it podman-ntfy ntfy user add didier
$ podman container exec -it podman-ntfy ntfy user add didier
user didier added with role user
$ podman exec -it podman-ntfy ntfy access didier prefix_* rw
$ podman container exec -it podman-ntfy ntfy access didier prefix_* rw
granted read-write access to topic prefix_*
user didier (user)
- read-write access to topic prefix_*
$ podman exec -it podman-ntfy ntfy access everyone prefix_* deny
$ podman container exec -it podman-ntfy ntfy access everyone prefix_* deny
revoked all access to topic prefix_*
user * (anonymous)

6
podman-ntfy/ci_build-images.sh
View file

@ -8,11 +8,11 @@ ensure_pwd_is_scriptdir
ensure_not_root
if ! podman image exists ${ntfy_image}:${ntfy_version}; then
TMPDIR=${HOME} podman build -t "${ntfy_image}:${ntfy_version}" docker/ --build-arg NTFY_VERSION=${ntfy_version} || exit 1
TMPDIR=${HOME} podman image build -t "${ntfy_image}:${ntfy_version}" docker/ --build-arg NTFY_VERSION=${ntfy_version} || exit 1
podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman images -a -q -- docker.io/library/golang)
podman image rm -f $(podman images -a -q -- docker.io/library/alpine)
podman image rm -f $(podman image list -a -q -- docker.io/library/golang)
podman image rm -f $(podman image list -a -q -- docker.io/library/alpine)
else
echo "Image ${ntfy_image}:${ntfy_version} already built"
fi

6
podman-peerjs/10_install.sh
View file

@ -12,7 +12,7 @@ ensure_container_not_exists ${container_name}
if ! podman image exists ${upstream_images}:${version}; then
podman image pull ${upstream_images}:${version} || exit 1
fi
podman run --name ${container_name} --user nobody -p ${listen_if}:${listen_port}:9000 -d ${upstream_images}:${version} --port 9000 --path /myapp &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'Started PeerServer' &&
podman stop ${container_name} &&
podman container run --name ${container_name} --user nobody -p ${listen_if}:${listen_port}:9000 -d ${upstream_images}:${version} --port 9000 --path /myapp &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'Started PeerServer' &&
podman container stop ${container_name} &&
echo Container ${container_name} successfully built and stopped.

4
podman-peerjs/50_update.sh
View file

@ -20,7 +20,7 @@ fi
echo Rebuilding container ${container_name} with image ${upstream_imageversion}
# pull first for minimal downtime
podman pull ${upstream_images}:${version} &&
podman image pull ${upstream_images}:${version} &&
${ABSDIR}/40_stop.sh &&
${ABSDIR}/80_destroy.sh &&
@ -28,6 +28,6 @@ ${ABSDIR}/10_install.sh &&
${ABSDIR}/20_enable.sh &&
${ABSDIR}/30_start.sh &&
podman rmi ${current_imageversion} &&
podman image rm ${current_imageversion} &&
${ABSDIR}/00_status.sh

4
podman-peerjs/ci_build-images.sh
View file

@ -12,13 +12,13 @@ buildfolder=/tmp/peerjs-server-$$
if ! podman image exists ${upstream_images}:${version}; then
mkdir ${buildfolder} &&
curl -sSfL -- "https://github.com/peers/peerjs-server/archive/refs/tags/v${version}.tar.gz" | \tar xz --strip-components 1 -C ${buildfolder}/ &&
podman build \
podman image build \
--label org.opencontainers.image.description='PeerServer helps establishing connections between PeerJS clients. Data is not proxied through the server.' \
--label org.opencontainers.image.source='https://github.com/peers/peerjs-server' \
--label org.opencontainers.image.title='PeerServer' \
--label org.opencontainers.image.url='https://peerjs.com' \
-t ${upstream_images}:${version} ${buildfolder}/ &&
podman image rm -f $(podman images -a -q -- docker.io/library/node) &&
podman image rm -f $(podman image list -a -q -- docker.io/library/node) &&
rm -rf ${buildfolder}
else
echo "Image ${upstream_images}:${version} already built"

6
podman-privatebin/10_install.sh
View file

@ -20,13 +20,13 @@ podman volume create ${tmp_volume} &&
podman volume create ${varlibnginxtmp_volume} &&
podman unshare chown -R 65534:82 `get_podman_volume_path ${run_volume}` &&
podman unshare chown -R 65534:82 `get_podman_volume_path ${varlibnginxtmp_volume}` &&
podman run -d --read-only --restart=always --name ${container_name} \
podman container run -d --read-only --restart=always --name ${container_name} \
-p ${listen_if}:${listen_port}:8080 \
-v ${run_volume}:/run:Z \
-v ${tmp_volume}:/tmp:Z \
-v ${srvdata_volume}:/srv/data:Z \
-v ${varlibnginxtmp_volume}:/var/lib/nginx/tmp:Z \
"${privatebin_image}":"${privatebin_version}" &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'NOTICE: ready to handle connections' &&
podman stop ${container_name} &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'NOTICE: ready to handle connections' &&
podman container stop ${container_name} &&
echo Container ${container_name} successfully built and stopped.

2
podman-privatebin/ci_build_images.sh
View file

@ -10,7 +10,7 @@ ensure_not_root
if ! podman image exists ${privatebin_image}:${privatebin_version}; then
git clone -b ${privatebin_version} --depth=1 https://github.com/PrivateBin/docker-nginx-fpm-alpine &&
sed -i "s#mv cfg lib tpl vendor /srv#mv cfg lib tpl vendor /srv \&\& sed -i \\'/Content-Security-Policy\\\|X-XSS-Protection\\\|X-Frame-Options\\\|X-Content-Type-Options/d\\' /srv/lib/Controller.php#" docker-nginx-fpm-alpine/Dockerfile &&
podman build -t "${privatebin_image}":"${privatebin_version}" docker-nginx-fpm-alpine &&
podman image build -t "${privatebin_image}":"${privatebin_version}" docker-nginx-fpm-alpine &&
rm -rf docker-nginx-fpm-alpine
else
echo "Image ${privatebin_image}:${privatebin_version} already built"

6
podman-seafile/10_install.sh
View file

@ -38,8 +38,8 @@ export listen_port
if ! podman image exists ${seafile_image}:${seafile_release}; then
podman image pull ${seafile_image}:${seafile_release} || exit 1
fi
podman pull docker.io/library/memcached:${memcached_release} &&
podman pull docker.io/library/mariadb:${mariadb_release} &&
podman image pull docker.io/library/memcached:${memcached_release} &&
podman image pull docker.io/library/mariadb:${mariadb_release} &&
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for seahub_settings.py " &&
while [ ! -e `get_podman_volume_path ${datavolume}`/seafile/conf/seahub_settings.py ]; do
@ -48,7 +48,7 @@ while [ ! -e `get_podman_volume_path ${datavolume}`/seafile/conf/seahub_settings
done && echo "OK" &&
sed -i -e "s|^FILE_SERVER_ROOT = \"http://${GARBAYE_SEAFILE_SERVER_HOSTNAME}/seafhttp\"|FILE_SERVER_ROOT = \"https://${GARBAYE_SEAFILE_SERVER_HOSTNAME}/seafhttp\"\nEMAIL_USE_TLS = False\nEMAIL_HOST = '${GARBAYE_SEAFILE_SMTP_SERVER}'\nEMAIL_HOST_USER = ''\nEMAIL_HOST_PASSWORD = ''\nEMAIL_PORT = 25\nDEFAULT_FROM_EMAIL = 'noreply@seafile.garbaye.fr'\nSERVER_EMAIL = 'noreply@seafile.garbaye.fr'|g" `get_podman_volume_path ${datavolume}`/seafile/conf/seahub_settings.py &&
echo -n "Waiting for seahub to finish starting " &&
( podman logs -f seafile 2>&1 & ) | grep -q 'Seahub is started' &&
( podman container logs -f seafile 2>&1 & ) | grep -q 'Seahub is started' &&
echo "OK" &&
podman pod stop ${pod_name} &&
echo Pod built and stopped. &&

4
podman-seafile/ci_build-images.sh
View file

@ -18,10 +18,10 @@ if ! podman image exists ${seafile_image}:${seafile_release}; then
sed_in_place " -i https://pypi.tuna.tsinghua.edu.cn/simple/" " " ${buildfolder}/image/seafile_${seafile_release%.*}/Dockerfile &&
sed_in_place 'wget https://seafile-downloads.oss-cn-shanghai.aliyuncs.com' 'wget -q https://download.seadrive.org' ${buildfolder}/image/seafile_${seafile_release%.*}/Dockerfile &&
sed_in_place 'tar -zxvf' 'tar -zxf' ${buildfolder}/image/seafile_${seafile_release%.*}/Dockerfile &&
podman build -t ${seafile_image}:${seafile_release} \
podman image build -t ${seafile_image}:${seafile_release} \
-f ${buildfolder}/image/seafile_${seafile_release%.*}/Dockerfile \
${buildfolder} &&
podman rmi -f $(podman images -a -q -- phusion/baseimage)
podman image rm -f $(podman image list -a -q -- phusion/baseimage)
rm -rf ${buildfolder}
else
echo "Image ${seafile_image}:${seafile_release} already built"

2
podman-vaultwarden/10_install.sh
View file

@ -55,7 +55,7 @@ if ! podman image exists ${database_image}:${database_version}; then
fi
podman-compose --pod-args="--infra=true --infra-name=${project_name}_infra --share=" --podman-run-args "--requires=${project_name}_infra --env-file .env" up -d &&
echo -n "Waiting for vaultwarden to finish starting " &&
( podman logs -f ${container_name} 2>&1 & ) | grep -q 'Rocket has launched from ' &&
( podman container logs -f ${container_name} 2>&1 & ) | grep -q 'Rocket has launched from ' &&
echo "OK" &&
podman pod stop ${pod_name} &&
echo Pod built and stopped. &&

6
podman-vaultwarden/ci_build-images.sh
View file

@ -20,9 +20,9 @@ if ! podman image exists ${vaultwarden_image}:${vaultwarden_version}; then
rm -rf ${buildfolder}
podman image prune -a -f --filter dangling=true
podman image prune -a -f --filter intermediate=true
podman image rm -f $(podman images -a -q -- vaultwarden/web-vault)
podman image rm -f $(podman images -a -q -- docker.io/blackdex/rust-musl)
podman image rm -f $(podman images -a -q -- dockerio/library/alpine)
podman image rm -f $(podman image list -a -q -- vaultwarden/web-vault)
podman image rm -f $(podman image list -a -q -- docker.io/blackdex/rust-musl)
podman image rm -f $(podman image list -a -q -- dockerio/library/alpine)
else
echo "Image ${vaultwarden_image}:${vaultwarden_version} already built"
fi