Updated to latest s6-overlay

2025-01-23 05:18:12 -05:00 · 2023-02-24 18:31:46 +10:00 · 2023-02-24 18:31:46 +10:00 · ecbc55f318
commit ecbc55f318
parent c288886fd4
28 changed files with 94 additions and 98 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -44,7 +44,7 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager

 # These acmesh vars are defined in the base image
 ENV SUPPRESS_NO_CONFIG_WARNING=1 \
-	S6_FIX_ATTRS_HIDDEN=1 \
+	S6_LOGGING=0 \
 	ACMESH_CONFIG_HOME=/data/.acme.sh/config \
 	ACMESH_HOME=/data/.acme.sh \
 	CERT_HOME=/data/.acme.sh/certs \
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -12,7 +12,6 @@ ENV GOPROXY=$GOPROXY \
 	GOPRIVATE=$GOPRIVATE \
 	S6_LOGGING=0 \
 	SUPPRESS_NO_CONFIG_WARNING=1 \
-	S6_FIX_ATTRS_HIDDEN=1 \
 	ACMESH_CONFIG_HOME=/data/.acme.sh/config \
 	ACMESH_HOME=/data/.acme.sh \
 	CERT_HOME=/data/.acme.sh/certs \
@ -35,12 +34,14 @@ RUN cd /usr \
 	&& curl -sL https://taskfile.dev/install.sh | sh \
 	&& cd /root

-COPY rootfs /
+COPY docker/rootfs /
 RUN rm -f /etc/nginx/conf.d/production.conf

 # s6 overlay
-RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
-	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
+COPY scripts/install-s6 /tmp/install-s6
+RUN /tmp/install-s6 && rm -rf /tmp/*
+#RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
+#	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /

 # Fix for golang dev:
 RUN chown -R 1000:1000 /opt/go
--- a/docker/rootfs/etc/cont-finish.d/.gitignore
+++ b/docker/rootfs/etc/cont-finish.d/.gitignore
@ -1,2 +0,0 @@
-*
-!.gitignore
--- a/docker/rootfs/etc/cont-init.d/10-nginx
+++ b/docker/rootfs/etc/cont-init.d/10-nginx
@ -1,18 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Create required folders
-mkdir -p /tmp/nginx/body \
-	/run/nginx \
-	/var/log/nginx \
-	/var/lib/nginx/cache/public \
-	/var/lib/nginx/cache/private \
-	/var/cache/nginx/proxy_temp \
-	/data/logs
-
-touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
-
-# Dynamically generate resolvers file
-echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)" ";" > /etc/nginx/conf.d/include/resolvers.conf
-
-# Fire off acme.sh wrapper script to "install" itself if required
-acme.sh -h > /dev/null 2>&1
--- a/docker/rootfs/etc/cont-init.d/20-adduser
+++ b/docker/rootfs/etc/cont-init.d/20-adduser
@ -1,33 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-PUID=${PUID:-911}
-PGID=${PGID:-911}
-
-groupmod -g 1000 users || exit 1
-useradd -u "${PUID}" -U -d /data -s /bin/false npmuser || exit 1
-usermod -G users npmuser || exit 1
-groupmod -o -g "$PGID" npmuser || exit 1
-
-echo "-------------------------------------
- _   _ ____  __  __
-| \ | |  _ \|  \/  |
-|  \| | |_) | |\/| |
-| |\  |  __/| |  | |
-|_| \_|_|   |_|  |_|
-------------------------------------
-User UID: $(id -u npmuser)
-User GID: $(id -g npmuser)
-------------------------------------
-"
-
-chown -R npmuser:npmuser /data
-chown -R npmuser:npmuser /run/nginx
-chown -R npmuser:npmuser /etc/nginx
-chown -R npmuser:npmuser /tmp/nginx
-chown -R npmuser:npmuser /var/cache/nginx
-chown -R npmuser:npmuser /var/lib/nginx
-chown -R npmuser:npmuser /var/log/nginx
-
-# Home for npmuser
-mkdir -p /tmp/npmuserhome
-chown -R npmuser:npmuser /tmp/npmuserhome
--- a/docker/rootfs/etc/fix-attrs.d/.gitignore
+++ b/docker/rootfs/etc/fix-attrs.d/.gitignore
@ -1,2 +0,0 @@
-*
-!.gitignore
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
@ -1,9 +1,7 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
+set -e

-RESET='\E[0m'
-YELLOW='\E[1;33m'
-
-echo -e "${YELLOW}Starting backend API ...${RESET}"
+echo "❯ Starting backend ..."

 if [ "$DEVELOPMENT" == "true" ]; then
 	HOME=/tmp/npmuserhome
@ -13,12 +11,8 @@ if [ "$DEVELOPMENT" == "true" ]; then
 	export HOME GOPATH
 	rm -rf /app/backend/.task
 	cd /app/backend || exit 1
-	s6-setuidgid npmuser task -w
+	exec s6-setuidgid npmuser task -w
 else
 	cd /app/bin || exit 1
-	while :
-	do
-		s6-setuidgid npmuser /app/bin/server
-		sleep 1
-	done
+	exec s6-setuidgid npmuser /app/bin/server
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
@ -1,4 +1,5 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
+set -e

 # This service is DEVELOPMENT only.

@ -9,7 +10,7 @@ if [ "$DEVELOPMENT" == "true" ]; then
 	export HOME
 	cd /app/frontend || exit 1
 	s6-setuidgid npmuser yarn install
-	s6-setuidgid npmuser yarn start
+	exec s6-setuidgid npmuser yarn start
 else
 	exit 0
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@ -0,0 +1,5 @@
+#!/command/with-contenv bash
+set -e
+
+echo "❯ Starting nginx ..."
+exec s6-setuidgid npmuser nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
@ -0,0 +1,61 @@
+#!/command/with-contenv bash
+set -e
+
+DATA_PATH=/data
+PUID=${PUID:-911}
+PGID=${PGID:-911}
+
+# Ensure /data is mounted
+if [ ! -d "$DATA_PATH" ]; then
+	echo '--------------------------------------'
+	echo "ERROR: $DATA_PATH is not mounted! Check your docker configuration."
+	echo '--------------------------------------'
+	/run/s6/basedir/bin/halt
+	exit 1
+fi
+
+echo "❯ Checking folder structure ..."
+
+# Create required folders
+mkdir -p /tmp/nginx/body \
+	/run/nginx \
+	/var/log/nginx \
+	/var/lib/nginx/cache/public \
+	/var/lib/nginx/cache/private \
+	/var/cache/nginx/proxy_temp \
+	/data/logs
+touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
+# Dynamically generate resolvers file
+echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)" ";" > /etc/nginx/conf.d/include/resolvers.conf
+# Fire off acme.sh wrapper script to "install" itself if required
+acme.sh -h > /dev/null 2>&1
+
+# Add npmuser user
+echo "❯ Creating user ..."
+groupmod -g 1000 users || exit 1
+useradd -u "${PUID}" -U -d /data -s /bin/false npmuser || exit 1
+usermod -G users npmuser || exit 1
+groupmod -o -g "$PGID" npmuser || exit 1
+chown -R npmuser:npmuser /data
+chown -R npmuser:npmuser /run/nginx
+chown -R npmuser:npmuser /etc/nginx
+chown -R npmuser:npmuser /tmp/nginx
+chown -R npmuser:npmuser /var/cache/nginx
+chown -R npmuser:npmuser /var/lib/nginx
+chown -R npmuser:npmuser /var/log/nginx
+# Home for npmuser
+mkdir -p /tmp/npmuserhome
+chown -R npmuser:npmuser /tmp/npmuserhome
+
+echo
+echo "-------------------------------------
+ _   _ ____  __  __
+| \ | |  _ \|  \/  |
+|  \| | |_) | |\/| |
+| |\  |  __/| |  | |
+|_| \_|_|   |_|  |_|
+-------------------------------------
+User UID: $(id -u npmuser)
+User GID: $(id -g npmuser)
+-------------------------------------
+"
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
@ -0,0 +1 @@
+oneshot
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/prepare/script.sh
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
--- a/docker/rootfs/etc/services.d/backend/finish
+++ b/docker/rootfs/etc/services.d/backend/finish
@ -1,5 +0,0 @@
-#!/usr/bin/execlineb -S1
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services
--- a/docker/rootfs/etc/services.d/frontend/finish
+++ b/docker/rootfs/etc/services.d/frontend/finish
@ -1,5 +0,0 @@
-#!/usr/bin/execlineb -S1
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services
--- a/docker/rootfs/etc/services.d/nginx/finish
+++ b/docker/rootfs/etc/services.d/nginx/finish
@ -1,6 +0,0 @@
-#!/usr/bin/execlineb -S1
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services
-
--- a/docker/rootfs/etc/services.d/nginx/run
+++ b/docker/rootfs/etc/services.d/nginx/run
@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-exec s6-setuidgid npmuser nginx
--- a/scripts/install-s6
+++ b/scripts/install-s6
@ -8,8 +8,8 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'

-S6_OVERLAY_VERSION=2.2.0.3
-TARGETPLATFORM=$1
+S6_OVERLAY_VERSION=3.1.4.1
+TARGETPLATFORM=${1:unspecified}

 # Determine the correct binary file for the architecture given
 case $TARGETPLATFORM in
@ -22,14 +22,17 @@ case $TARGETPLATFORM in
 		;;

 	*)
-		S6_ARCH=amd64
+		S6_ARCH=x86_64
 		;;
 esac

 echo -e "${BLUE}❯ ${CYAN}Installing S6-overlay v${S6_OVERLAY_VERSION} for ${YELLOW}${TARGETPLATFORM} (${S6_ARCH})${RESET}"

-curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.gz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.gz"
-tar -xzf "/tmp/s6-overlay-${S6_ARCH}.tar.gz" -C /
-rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.gz"
+curl -L -o '/tmp/s6-overlay-noarch.tar.xz' "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz"
+curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.xz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz"
+tar -C / -Jxpf '/tmp/s6-overlay-noarch.tar.xz'
+tar -C / -Jxpf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"
+
+rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"

 echo -e "${BLUE}❯ ${GREEN}S6-overlay install Complete${RESET}"