m/os-init
2
0
Fork 0
Code Issues Wiki Activity

Refactor docker and clean old apps

Browse Source
This commit is contained in:
MatMoul
2025-11-01 22:06:02 +01:00
parent 45afd634db
commit cad7c24295
6 changed files with 22 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
alpine/apps/docker/docker.sh
View File

@@ -1,5 +1,7 @@
#!/bin/dash #!/bin/dash
BASE_URL=${1}
mkdir /srv/stacks mkdir /srv/stacks
mkdir /srv/data mkdir /srv/data
@@ -13,3 +15,21 @@ apk add docker docker-cli-compose
rc-update add docker boot rc-update add docker boot
service docker start service docker start
InstStacks() {
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
"portainer" "" off \
"traefik" "" off \
"gitea" "" off 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
# shellcheck disable=SC3000-SC4000
wget "${BASE_URL}"/alpine/apps/docker/stacks/"${ITM//\"/}"/"${ITM//\"/}".sh
# shellcheck disable=SC3000-SC4000
sh ./"${ITM//\"/}".sh "${BASE_URL}"
done
fi
}
InstStacks

0
alpine/apps/portainer/compose.yaml → alpine/apps/docker/stacks/portainer/compose.yaml
View File

2
alpine/apps/portainer/portainer.sh → alpine/apps/docker/stacks/portainer/portainer.sh
View File

@@ -1,7 +1,5 @@
#!/bin/dash #!/bin/dash
# docker run -d --name="portainer" --restart=unless-stopped -p 8000:8000 -p 9000:9000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v /srv/portainer/data:/data portainer/portainer-ce
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
mkdir /srv/stacks/portainer mkdir /srv/stacks/portainer

4
alpine/apps/rancher/rancher.sh
View File

@@ -1,4 +0,0 @@
#!/bin/dash
mount --make-rshared /
docker run -d --name="rancher" --restart=unless-stopped -p 4080:80 -p 4443:443 --privileged rancher/rancher:latest

266
alpine/apps/traefik/traefik.sh
View File

@@ -1,266 +0,0 @@
#!/bin/dash
RELEASE=2.6.3
ACMEACCOUNT=@gmail.com
main() {
TraefikConfig
TraefikEtcCertsSelfsigned
TraefikEtcServices
TraefikEtcConfig
TraefikEtcIptable
TraefikBinUpdateTraefik
TraefikService
}
TraefikConfig() {
RELEASE=$(whiptail --title "Release" --inputbox "" 0 30 "${RELEASE}" 3>&1 1>&2 2>&3)
ACMEACCOUNT=$(whiptail --title "ACME Account" --inputbox "" 0 30 "${ACMEACCOUNT}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
TraefikEtcCertsSelfsigned() {
mkdir -p /etc/traefik/certs
openssl ecparam -name secp256r1 -genkey -out /etc/traefik/certs/self.key
openssl req -new -x509 -key /etc/traefik/certs/self.key -sha256 -nodes -out /etc/traefik/certs/self.crt -days 3650
}
TraefikEtcServices() {
mkdir -p /etc/traefik/services
TraefikEtcServicesShared
TraefikEtcServicesDefault
}
TraefikEtcServicesShared() {
cat >> /etc/traefik/services/_shared.yaml << "EOF"
tls:
stores:
default:
defaultCertificate:
certFile: "/etc/traefik/certs/self.crt"
keyFile: "/etc/traefik/certs/self.key"
options:
default:
minVersion: "VersionTLS12"
# sniStrict: true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
mintls13:
minVersion: "VersionTLS13"
http:
middlewares:
to-https:
redirectScheme:
scheme: "https"
permanent: true
to-no-www:
redirectRegex:
regex: "^https://www.(.*)"
replacement: "https://${1}"
permanent: true
hsts-min:
headers:
sslRedirect: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
hsts_light:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
hsts:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
referrerPolicy: "origin-when-cross-origin"
hsts-strict:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
contentSecurityPolicy: "script-src 'self'"
referrerPolicy: "origin-when-cross-origin"
services:
dummy:
loadBalancer:
servers:
- url: "https://127.0.0.1:2"
# matomo:
# loadBalancer:
# servers:
# - url: "https://x.x.x.x:xxx"
EOF
}
TraefikEtcServicesDefault() {
cat >> /etc/traefik/services/_default.yaml << "EOF"
http:
routers:
_default:
entryPoints:
- http
rule: "PathPrefix(`/`)"
# priority: 100
# service: _default-matomo
service: _default
_default-secure:
entryPoints:
- https
rule: "PathPrefix(`/`)"
# priority: 100
# service: _default-matomo
service: _default
tls: {}
services:
# _default-matomo:
# mirroring:
# service: _default
# maxBodySize: 1024
# mirrors:
# - name: matomo
# percent: 100
_default:
loadBalancer:
servers:
- url: https://127.0.0.1:2
EOF
}
TraefikEtcConfig() {
cat >> /etc/traefik/traefik.yaml << "EOF"
entryPoints:
http:
address: ":80"
https:
address: ":443"
traefik:
address: ":8099"
api:
dashboard: true
insecure: true
serversTransport:
insecureSkipVerify: true
providers:
file:
directory: "/etc/traefik/services/"
watch: true
certificatesResolvers:
acmev2:
acme:
email: "X{ACMEACCOUNT}"
caserver: "https://acme-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/certs/acmev2.json"
keyType: "EC384"
tlsChallenge: {}
acmev2-staging:
acme:
email: "X{ACMEACCOUNT}"
caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/certs/acmev2-staging.json"
keyType: "EC384"
tlsChallenge: {}
EOF
# sed -i /X{ACMEACCOUNT}/${ACMEACCOUNT}/g /etc/traefik/traefik.yaml
}
TraefikEtcIptable() {
if [ -f "/etc/iptables/rules-save" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules-save
iptables-restore /etc/iptables/rules-save
fi
}
TraefikBinUpdateTraefik() {
cat >> /usr/local/bin/update-traefik << "EOF"
#!/bin/ash
if [[ -z ${1} ]]; then
echo "update-traefik version"
echo "version : x.x.x"
exit 1
fi
version=${1}
mkdir -p /tmp/traefik
cd /tmp/traefik
wget https://github.com/traefik/traefik/releases/download/v${version}/traefik_v${version}_linux_amd64.tar.gz
tar -xf traefik_v${version}_linux_amd64.tar.gz
systemctl stop traefik
cp traefik /usr/local/bin
systemctl start traefik
cd
rm -R /tmp/traefik
EOF
chmod 755 /usr/local/bin/update-traefik
update-traefik "${RELEASE}"
}
TraefikService() {
cat >> /etc/init.d/traefik << "EOF"
#!/sbin/openrc-run
name="traefik"
command="/usr/local/bin/traefik"
command_args="-configFile /etc/traefik/traefik.yaml"
command_background=true
pidfile=/run/traefik.pid
depend() {
need net
}
EOF
chmod 755 /etc/init.d/traefik
rc-update add traefik boot
service traefik start
}
main

7
alpine/init.sh
View File

@@ -1,6 +1,6 @@
#!/bin/dash #!/bin/dash
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main BASE_URL=${1}
showHelp() { showHelp() {
echo "alpine.sh" echo "alpine.sh"
@@ -133,12 +133,9 @@ IssueSetContent() {
InstApps() { InstApps() {
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \ SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
"traefik" "" off \
"gitea" "" off \ "gitea" "" off \
"gitea-act_runner" "" off\ "gitea-act_runner" "" off\
"docker" "" off \ "docker" "" off 3>&1 1>&2 2>&3)
"portainer" "" off \
"rancher" "" off 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "${?}" = "0" ]; then if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do for ITM in ${SEL}; do