commit e1f17da657483eccda53ba37343cdffeeb2fe95f
Author: KemoNine <kemonine@kemonine.info>
Date:   Thu Aug 6 18:22:05 2020 -0400

    Import sources for original repo

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e66e431
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,80 @@
+FROM ubuntu:latest
+
+# Don't bother us for selections during install
+ENV DEBIAN_FRONTEND="noninteractive"
+
+# We work off /opt, the *nix way
+WORKDIR /opt/
+
+# need to figure out if arm64/arm64 32bit multilib/arm
+COPY piframefleet/arch_detect.sh /opt/
+
+# Install and base setup all the things
+RUN apt update && apt upgrade -y && \
+  apt install -y python3 curl jq bash unzip nano git && \
+  ARCH=$(/opt/arch_detect.sh); \
+  echo "**** Detected arch: $ARCH ****" && \
+  S6_RELEASE=$(curl -sX GET "https://api.github.com/repos/just-containers/s6-overlay/tags" \
+	  | jq -r .[0].name); \
+  echo "**** s6-overlay release: ${S6_RELEASE} ****" && \
+  echo "**** Installing s6-overlay ****" && \
+  curl -L https://github.com/just-containers/s6-overlay/releases/latest/download/s6-overlay-${ARCH}.tar.gz \
+    -o /opt/s6-overlay.tar.gz && \
+  tar xzf /opt/s6-overlay.tar.gz -C / --exclude="./bin" && \
+  tar xzf /opt/s6-overlay.tar.gz -C /usr ./bin && \
+  echo "**** wireguard ****" && \ 
+  apt install -y build-essential ifupdown net-tools iproute2 iptables iputils-ping libc6 libelf-dev pkg-config && \
+  WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+	    | jq -r .[0].name); \
+  git clone https://git.zx2c4.com/wireguard-tools /opt/wireguard-tools && \
+  cd /opt/wireguard-tools && \
+  git checkout "${WIREGUARD_RELEASE}" && \
+  make -C src -j$(nproc) && \
+  make -C src install && \
+  cd /opt && \
+  echo "**** syncthing ****" && \
+  curl -s https://syncthing.net/release-key.txt | apt-key add - && \
+  echo "deb https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list && \
+  apt update && apt install -y syncthing && \
+  echo "**** rclone ****" && \
+  curl https://rclone.org/install.sh | bash && \
+  echo "**** filebrowser ****" && \
+  curl -fsSL https://filebrowser.org/get.sh | bash && \
+  echo "**** ansible ****" && \
+  apt install -y python3-apt sshpass ansible ansible-lint ansible-doc && \
+  echo "**** cleanup ****" && \
+  rm /opt/arch_detect.sh && \
+  rm /opt/s6-overlay.tar.gz && \
+  rm -rf /opt/wireguard-tools && \
+  apt remove --purge -y build-essential pkg-config libelf-dev unzip && \
+  apt autoremove --purge -y && \
+  rm -rf /var/lib/apt/lists/*
+
+# Copy the s6 related 'stuff' to the container
+ADD /piframefleet/root/ /
+
+# Ansible related 'stuff'
+VOLUME /opt/ansible
+
+# Wireguard related 'stuff'
+ENV ENABLE_WIREGUARD=false
+EXPOSE 51820/udp
+VOLUME /lib/modules
+VOLUME /opt/wireguard
+
+# SyncThing related 'stuff'
+ENV ENABLE_SYNCTHING=false
+EXPOSE 8384/tcp
+EXPOSE 22000/tcp
+VOLUME /opt/syncthing
+
+# FileBrowser related 'stuff'
+ENV ENABLE_FILEBROWSER=false
+EXPOSE 9191/tcp
+VOLUME /opt/filebrowser
+
+# General 'stuff'
+VOLUME /opt/pictures
+
+# Run s6-overlay as the init so we get services and similar
+ENTRYPOINT [ "/init" ]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c320314
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+# PiFrameFleet
+
+This is a basic Docker container setup for managing a fleet of PiFrames.
+
+This area of the code base is very much a work in progress and should **NOT** be used unless you're interested in submitting patches.
diff --git a/arch_detect.sh b/arch_detect.sh
new file mode 100755
index 0000000..8871f97
--- /dev/null
+++ b/arch_detect.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+python3 <<EOF
+from __future__ import print_function
+import platform
+processor = platform.machine()
+architecture = platform.architecture()
+if processor == 'aarch64':
+    # Mutli arch arm support is why this 32bit check is present
+    if '32bit' in architecture:
+        print('arm', end='')
+    else:
+        print('aarch64', end='')
+elif processor == 'x86 64' or processor == 'x86_64':
+    print('amd64', end='')
+elif processor == 'armv7l':
+    print('arm', end='')
+else:
+    print('armhf', end='')
+EOF
diff --git a/piframefleet_build.sh b/piframefleet_build.sh
new file mode 100755
index 0000000..18b4d2e
--- /dev/null
+++ b/piframefleet_build.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+git pull
+sudo docker build -t piframe/piframefleet:latest -f Dockerfile .
diff --git a/piframefleet_run.sh b/piframefleet_run.sh
new file mode 100755
index 0000000..8162457
--- /dev/null
+++ b/piframefleet_run.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+echo "**** Building latest PiFrameFleet container ****"
+$(pwd)/piframefleet_build.sh
+
+echo "**** Deleting Original Container ****"
+sudo docker rm -f piframefleet
+
+echo "**** Running PiFrameFleet ****"
+sudo docker run -it \
+    --restart unless-stopped \
+    --name piframefleet \
+    --cap-add=NET_ADMIN \
+    --cap-add=SYS_MODULE \
+    -e TZ=UTC \
+    -e ENABLE_WIREGUARD=true \
+    -e ENABLE_SYNCTHING=true \
+    -e ENABLE_FILEBROWSER=true \
+    -p 51821:51821/udp \
+    -p 8384:8384/tcp \
+    -p 22000:22000/tcp \
+    -p 9191:9191/tcp \
+    -v /lib/modules:/lib/modules:ro \
+    -v /var/piframefleet/syncthing:/opt/syncthing \
+    -v /var/piframefleet/filebrowser:/opt/filebrowser \
+    -v /var/piframefleet/wireguard:/opt/wireguard \
+    -v /var/piframefleet/ansible:/opt/ansible \
+    -v /var/piframefleet/pictures:/opt/pictures \
+    piframe/piframefleet:latest
diff --git a/root/etc/cont-init.d/00-welcome b/root/etc/cont-init.d/00-welcome
new file mode 100755
index 0000000..660819f
--- /dev/null
+++ b/root/etc/cont-init.d/00-welcome
@@ -0,0 +1,28 @@
+#!/usr/bin/with-contenv bash
+
+echo "
+-------------------------------------
+Welcome to PiFrameFleet
+This container includes the following
+  - WireGuard VPN
+  - Ansible
+  - SyncThing
+  - rclone
+  - FileBrowser (admin/password)
+-------------------------------------"
+echo "
+-------------------------------------
+Service Status
+  - WireGuard VPN : ${ENABLE_WIREGUARD}
+  - SyncThing : ${ENABLE_SYNCTHING}
+  - FileBrowser : ${ENABLE_FILEBROWSER}
+-------------------------------------
+"
+if [ -f "/opt/ansible/ssh.key" ] ; then
+echo "
+-------------------------------------
+Ansible SSH Key"
+cat /opt/ansible/ssh.key.pub
+echo "-------------------------------------
+"
+fi
diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config
new file mode 100755
index 0000000..cca0e8c
--- /dev/null
+++ b/root/etc/cont-init.d/30-config
@@ -0,0 +1,88 @@
+#!/usr/bin/with-contenv bash
+
+####################
+# Pictures storage
+####################
+if [ ! -d "/opt/pictures" ] ; then
+  mkdir /opt/pictures
+fi
+
+####################
+# Ansible
+####################
+if [ ! -d "/opt/ansible" ] ; then
+  mkdir /opt/ansible
+fi
+if [ ! -d "/opt/ansible/.git" ] ; then
+  git clone https://git.kemonine.info/PiFrame/ansible.git /opt/ansible/
+else
+  cd /opt/ansible
+  git pull
+fi
+if [ ! -f "/opt/ansible/ssh.key" ] ; then
+  ssh-keygen -t rsa -b 4096 -f /opt/ansible/ssh.key -N ''
+  echo "
+-------------------------------------
+Ansible SSH Key"
+cat /opt/ansible/ssh.key.pub
+echo "-------------------------------------
+"
+fi
+
+####################
+# WireGuard
+####################
+if [ "$ENABLE_WIREGUARD" = true ] ; then
+  ip link del dev test 2>/dev/null
+  if ip link add dev test type wireguard; then
+    echo "**** It seems the wireguard module is already active :) ****"
+    ip link del dev test
+  else
+    echo "**** The wireguard module is not active, please install wireguard on the host and activate the 'wg' kernel module ****"
+  fi
+  if [ ! -d "/opt/wireguard" ] ; then
+    mkdir /opt/wireguard
+  fi
+fi
+
+####################
+# syncthing
+####################
+if [ "$ENABLE_SYNCTHING" = true ] ; then
+  if [ ! -d "/opt/syncthing" ]; then
+    mkdir /opt/syncthing
+  fi
+  ST_CONF="/opt/syncthing/config.xml"
+  if [ ! -f "$ST_CONF" ]; then
+    echo "**** Initial Syncthing Config ****"
+    /usr/bin/syncthing -generate /opt/syncthing
+    sed -i 's/<address>127.0.0.1:8384<\/address>/<address>0.0.0.0:8384<\/address>/g' /opt/syncthing/config.xml
+    sed -i 's/<folder id="default" label="Default Folder" path="\/root\/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">/<folder id="piframe-pictures" label="PiFrameFleet Pictures" path="\/opt\/pictures" type="sendonly" rescanIntervalS="86400" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">/g' /opt/syncthing/config.xml
+    if [ -d "/root/Sync" ]; then
+      rm -r /root/Sync
+    fi
+  fi
+fi
+
+####################
+# FileBrowser
+####################
+if [ "$ENABLE_FILEBROWSER" = true ] ; then
+  if [ ! -d "/opt/filebrowser" ]; then
+    mkdir /opt/filebrowser
+  fi
+  FB_DB="/opt/filebrowser/pictures.db"
+  if [ ! -f "$FB_DB" ]; then
+    echo "**** Initial FileBrowser Config ****"
+    filebrowser -d $FB_DB \
+        config init 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --address 0.0.0.0 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --port 9191 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --branding.name "PiFrameFleet - Pictures" 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        users add admin password 2>&1 > /dev/null
+  fi
+fi
diff --git a/root/etc/services.d/_service_control/run b/root/etc/services.d/_service_control/run
new file mode 100755
index 0000000..f3c69a0
--- /dev/null
+++ b/root/etc/services.d/_service_control/run
@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+
+# Only run the services control script (this one) once
+#    DO NOT IMMEDIATELY DOWN -- NEED TO TERM THE REST OF THE SERVICES FIRST
+s6-svc -o /var/run/s6/services/_service_control
+
+# s6-svc -od means to take down the service and flag it to run AT MOST once
+# Service run scripts should check for enablement and immediately exit for this to work well
+
+if [ "$ENABLE_WIREGUARD" = false ] ; then
+    s6-svc -od /var/run/s6/services/wireguard
+fi
+
+#if [ "$ENABLE_SYNCTHING" = false ] ; then
+#    s6-svc -od /var/run/s6/services/syncthing
+#fi
+
+if [ "$ENABLE_FILE_BROWSER" = false ] ; then
+    s6-svc -od /var/run/s6/services/filebrowser
+fi
diff --git a/root/etc/services.d/filebrowser/run b/root/etc/services.d/filebrowser/run
new file mode 100755
index 0000000..5fd51d5
--- /dev/null
+++ b/root/etc/services.d/filebrowser/run
@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bash
+
+if [ "$ENABLE_FILEBROWSER" = false ] ; then
+    exit
+fi
+
+/usr/local/bin/filebrowser \
+    -d /opt/filebrowser/pictures.db \
+    -r /opt/pictures \
+    --img-processors 1 \
+    --disable-thumbnails
diff --git a/root/etc/services.d/syncthing/run b/root/etc/services.d/syncthing/run
new file mode 100755
index 0000000..de65091
--- /dev/null
+++ b/root/etc/services.d/syncthing/run
@@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv bash
+
+if [ "$ENABLE_SYNCTHING" = false ] ; then
+    exit
+fi
+
+/usr/bin/syncthing \
+    -home="/opt/syncthing" \
+    -no-browser
diff --git a/root/etc/services.d/wireguard/run b/root/etc/services.d/wireguard/run
new file mode 100755
index 0000000..4767f09
--- /dev/null
+++ b/root/etc/services.d/wireguard/run
@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+
+# Adapted from https://github.com/linuxserver/docker-wireguard
+
+if [ "$ENABLE_WIREGUARD" = false ] ; then
+    exit
+fi
+
+_term() {
+  echo "Caught SIGTERM signal!"
+  wg-quick down /opt/wireguard/wg0.conf
+}
+
+trap _term SIGTERM
+
+wg-quick up /opt/wireguard/wg0.conf
+
+sleep infinity &
+
+wait