Updates to include rtty, munin, monit, etc

This commit is contained in:
KemoNine 2020-08-08 21:08:40 -04:00
parent 3311ca094d
commit fbe65cc9d9
15 changed files with 439 additions and 110 deletions

View file

@ -1,35 +1,52 @@
FROM ubuntu:latest
# General 'stuff'
VOLUME /opt/pictures
VOLUME /opt/misc
ENV CONFIG_NOTIFY_EMAIL=user@domain.tld
ENV CONFIG_NOTIFY_SMTP_SERVER=mail.domain.tld
ENV CONFIG_NOTIFY_SMTP_USER=user@domain.tld
ENV CONFIG_NOTIFY_SMTP_PASS=apassword
# Ansible related 'stuff'
VOLUME /opt/ansible
# rtty 'stuff'
ENV CONFIG_RTTY_USER=admin
ENV CONFIG_RTTY_PASS=apassword
EXPOSE 5913
VOLUME /opt/rtty
# Monit related 'stuff'
ENV MONIT_CONFIG_USER=admin
ENV MONIT_CONFIG_PASS=apassword
ENV CONFIG_MONIT_USER=admin
ENV CONFIG_MONIT_PASS=apassword
EXPOSE 2812/tcp
EXPOSE 2811/tcp
VOLUME /opt/monit
VOLUME /opt/monit-dashboard
# Wireguard related 'stuff'
ENV ENABLE_WIREGUARD=false
EXPOSE 51820/udp
VOLUME /lib/modules
VOLUME /opt/wireguard
# SyncThing related 'stuff'
ENV ENABLE_SYNCTHING=false
EXPOSE 8384/tcp
EXPOSE 22000/tcp
VOLUME /opt/syncthing
# FileBrowser related 'stuff'
ENV ENABLE_FILEBROWSER=false
EXPOSE 9191/tcp
VOLUME /opt/filebrowser
# General 'stuff'
VOLUME /opt/pictures
# Munin related 'stuff'
VOLUME /opt/munin
EXPOSE 2813
# Dashboard related 'stuff'
VOLUME /opt/dashboard
EXPOSE 80
EXPOSE 443
# Run s6-overlay as the init so we get services and similar
ENTRYPOINT [ "/init" ]
@ -44,8 +61,10 @@ WORKDIR /opt/
COPY arch_detect.sh /opt/
# Install and base setup all the things
# The shell has to be bash for asdf to work properly - its needed for rtty and rttys
SHELL ["/bin/bash", "-c"]
RUN apt update && apt upgrade -y && \
apt install -y python3 curl jq bash unzip nano git && \
apt install -y python3 curl jq bash unzip nano git tmux htop iotop nload && \
ARCH=$(/opt/arch_detect.sh); \
echo "**** Detected arch: $ARCH ****" && \
S6_RELEASE=$(curl -sX GET "https://api.github.com/repos/just-containers/s6-overlay/tags" \
@ -71,6 +90,33 @@ RUN apt update && apt upgrade -y && \
curl https://bootstrap.pypa.io/get-pip.py -o /opt/get-pip.py && \
python2 /opt/get-pip.py && \
pip install setuptools==40.8.0 xmltodict==0.11.0 requests==2.21.0 xlsxwriter==1.3.2 web.py==0.51 && \
echo "**** munin related ****" && \
apt install -y munin lighttpd && \
echo "**** rtty related ****" && \
apt install -y libev4 build-essential cmake libev-dev libssl-dev && \
if [ ! -d "/opt/rtty_build" ] ; then mkdir /opt/rtty_build; fi && \
cd /opt/rtty_build && \
mkdir rtty && \
cd rtty && \
git clone --recursive https://github.com/zhaojh329/rtty.git . && \
mkdir build && cd build && \
cmake .. && make install && \
cd /opt && \
mkdir /opt/rtty_build/rttys && \
cd /opt/rtty_build/rttys && \
git clone https://github.com/zhaojh329/rttys.git . && \
git checkout $(git rev-list --tags --max-count=1) && \
git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.8.0-rc1 && \
. $HOME/.asdf/asdf.sh && \
asdf update && \
asdf plugin add golang && \
asdf install golang latest && \
asdf global golang $(asdf latest golang) && \
go get -u github.com/zhaojh329/rttys && \
cp ~/.asdf/installs/golang/$(asdf latest golang)/packages/bin/rttys /usr/local/bin/ && \
cd /opt && \
echo "**** dashbaord related ****" && \
apt install -y lighttpd && \
echo "**** syncthing ****" && \
curl -s https://syncthing.net/release-key.txt | apt-key add - && \
echo "deb https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list && \
@ -81,12 +127,16 @@ RUN apt update && apt upgrade -y && \
curl -fsSL https://filebrowser.org/get.sh | bash && \
echo "**** ansible ****" && \
apt install -y python3-apt sshpass ansible ansible-lint ansible-doc && \
echo "**** misc ****" && \
apt install -y msmtp msmtp-mta ca-certificates && \
echo "**** cleanup ****" && \
rm /opt/arch_detect.sh && \
rm /opt/s6-overlay.tar.gz && \
rm -rf /opt/wireguard-tools && \
rm -rf /opt/rtty_build && \
rm -rf ~/.asdf && \
rm /opt/get-pip.py && \
apt remove --purge -y build-essential pkg-config libelf-dev unzip && \
apt remove --purge -y build-essential cmake pkg-config libelf-dev libev-dev libssl-dev unzip && \
apt autoremove --purge -y && \
rm -rf /var/lib/apt/lists/*

View file

@ -13,23 +13,35 @@ sudo docker run -it \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e TZ=UTC \
-e MONIT_CONFIG_USER=admin \
-e MONIT_CONFIG_PASS=apassword \
-e ENABLE_WIREGUARD=true \
-e ENABLE_SYNCTHING=true \
-e ENABLE_FILEBROWSER=true \
-e CONFIG_NOTIFY_EMAIL=user@domain.tld \
-e CONFIG_NOTIFY_SMTP_SERVER=email.domain.tld \
-e CONFIG_NOTIFY_SMTP_USER=user@domain.tld \
-e CONFIG_NOTIFY_SMTP_PASS=apassword \
-e CONFIG_RTTY_USER=admin \
-e CONFIG_RTTY_PASS=apassword \
-e CONFIG_MONIT_USER=admin \
-e CONFIG_MONIT_PASS=apassword \
-p 9080:80/tcp \
-p 9445:443/tcp \
-p 51821:51821/udp \
-p 8384:8384/tcp \
-p 22000:22000/tcp \
-p 9191:9191/tcp \
-p 2812:2812/tcp \
-p 2811:2811/tcp \
-p 2813:2813/tcp \
-p 5912:5912/tcp \
-p 5913:5913/tcp \
-v /lib/modules:/lib/modules:ro \
-v /var/piframefleet/syncthing:/opt/syncthing \
-v /var/piframefleet/filebrowser:/opt/filebrowser \
-v /var/piframefleet/wireguard:/opt/wireguard \
-v /var/piframefleet/pictures:/opt/pictures \
-v /var/piframefleet/misc:/opt/misc \
-v /var/piframefleet/ansible:/opt/ansible \
-v /var/piframefleet/rtty:/opt/rtty \
-v /var/piframefleet/monit:/opt/monit \
-v /var/piframefleet/monit-dashboard:/opt/monit-dashboard \
-v /var/piframefleet/pictures:/opt/pictures \
-v /var/piframefleet/wireguard:/opt/wireguard \
-v /var/piframefleet/syncthing:/opt/syncthing \
-v /var/piframefleet/filebrowser:/opt/filebrowser \
-v /var/piframefleet/munin:/opt/munin \
-v /var/piframefleet/dashboard:/opt/dashboard \
piframe/piframefleet:latest

View file

@ -8,18 +8,13 @@ This container includes the following
- Ansible
- Monit
- Monit-Dashboard
- Munin
- General dashboard of links
- Web terminals
- SyncThing
- rclone
- FileBrowser (admin/password)
- FileBrowser
-------------------------------------"
echo "
-------------------------------------
Service Status
- WireGuard VPN : ${ENABLE_WIREGUARD}
- SyncThing : ${ENABLE_SYNCTHING}
- FileBrowser : ${ENABLE_FILEBROWSER}
-------------------------------------
"
if [ -f "/opt/ansible/ssh.key" ] ; then
echo "
-------------------------------------

View file

@ -7,6 +7,93 @@ if [ ! -d "/opt/pictures" ] ; then
mkdir /opt/pictures
fi
####################
# Email notifications
####################
if [ ! -d "/opt/misc" ] ; then
mkdir /opt/misc
fi
if [ ! -f "/opt/misc/msmtp.log" ] ; then
touch /opt/misc/msmtp.log
chown root: /opt/misc/msmtp.log
chmod 666 /opt/misc/msmtp.log
fi
if [ ! -f "/opt/misc/aliases" ] ; then
cat > /opt/misc/aliases <<EOF
# Example aliases file
# Send root to Joe and Jane
root: $CONFIG_NOTIFY_EMAIL
# Send cron to Mark
cron: $CONFIG_NOTIFY_EMAIL
# Send everything else to admin
default: $CONFIG_NOTIFY_EMAIL
EOF
fi
if [ ! -f "/opt/misc/msmtprc" ] ; then
cat > /opt/misc/msmtprc <<EOF
# Accounts will inherit settings from this section
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /opt/misc/msmtp.log
from $CONFIG_NOTIFY_SMTP_USER
keepbcc on
account piframe
host $CONFIG_NOTIFY_SMTP_SERVER
port 587
auth on
user $CONFIG_NOTIFY_SMTP_USER
password $CONFIG_NOTIFY_SMTP_PASS
# Set a default account
account default : piframe
aliases /etc/aliases
EOF
fi
ln -sf /opt/misc/aliases /etc/aliases
ln -sf /opt/misc/msmtprc /etc/msmtprc
####################
# rtty
####################
if [ ! -d "/opt/rtty" ] ; then
mkdir /opt/rtty
fi
if [ ! -f "/opt/rtty/rttys.conf" ] ; then
cat > /opt/rtty/rttys.conf <<EOF
#addr-dev: :5912
#addr-user: :5913
# Auth for http
http-username: ${CONFIG_RTTY_USER}
http-password: ${CONFIG_RTTY_PASS}
#ssl-cert: /etc/rttys/rttys.crt
#ssl-key: /etc/rttys/rttys.key
#base-url: /
#token: a1d4cdb1a3cd6a0e94aa3599afcddcf5
# font-size: 16
# No login required to connect device.
# Values can be device IDs separated by spaces,
# or a "*" indicates that all devices do not require login
# http://localhost:5913/connect/rtty1
#white-list: "*"
#white-list: rtty1 rtty2
EOF
fi
####################
# Ansible
####################
@ -47,18 +134,18 @@ set eventqueue
set httpd port 2812 and
use address 0.0.0.0
allow ${MONIT_CONFIG_USER}:${MONIT_CONFIG_PASS}
allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS}
include /opt/monit/conf.d/*
EOF
chmod 600 /opt/monit/monitrc
fi
if [ ! -f "/opt/monit/conf.d/picturesfs" ] ; then
cat > /opt/monit/conf.d/picturesfs <<EOF
check filesystem rootfs with path /opt/pictures
check filesystem picturesfs with path /opt/pictures
if space usage > 80% then alert
EOF
fi
fi
####################
# Monit dashboard
@ -81,38 +168,237 @@ cat > conf/servers.json <<EOF
{
"dispatcher": {
"url": "http://127.0.0.1:2812",
"user": "${MONIT_CONFIG_USER}",
"passwd": "${MONIT_CONFIG_PASS}"
"user": "${CONFIG_MONIT_USER}",
"passwd": "${CONFIG_MONIT_PASS}"
}
}
EOF
fi
cd /opt
####################
# Munin
####################
if [ ! -d "/opt/munin" ] ; then
mkdir /opt/munin
fi
if [ ! -f "/opt/munin/munin.conf" ] ; then
cat > /opt/munin/munin.conf <<EOF
dbdir /opt/munin/db
htmldir /opt/munin/www
logdir /opt/munin/log
rundir /opt/munin/run
cgitmpdir /opt/munin/cgi-tmp
graph_strategy cron
html_strategy cron
[dispatcher]
address 127.0.0.1
use_node_name yes
EOF
fi
if [ ! -f "/opt/munin/munin-node.conf" ] ; then
cat > /opt/munin/munin-node.conf <<EOF
log_level 4
log_file /opt/munin/log/munin-node.log
pid_file /opt/munin/munin-node.pid
background 0
setsid 0
user munin
group munin
# Regexps for files to ignore
ignore_file [\#~]\$
ignore_file DEADJOE\$
ignore_file \.bak\$
ignore_file %\$
ignore_file \.dpkg-(tmp|new|old|dist)\$
ignore_file \.rpm(save|new)\$
ignore_file \.pod\$
allow ^127\.0\.0\.1\$
allow ^::1\$
host 127.0.0.1
port 4949
EOF
fi
rm /etc/munin/munin-node.conf
ln -sf /opt/munin/munin-node.conf /etc/munin/munin-node.conf
rm /etc/munin/munin.conf
ln -sf /opt/munin/munin.conf /etc/munin/munin.conf
if [ ! -d "/opt/munin/log" ] ; then
mkdir /opt/munin/log
chown munin: /opt/munin/log
fi
if [ ! -d "/opt/munin/run" ] ; then
mkdir /opt/munin/run
chown munin: /opt/munin/run
fi
if [ ! -d "/opt/munin/db" ] ; then
mkdir /opt/munin/db
chown munin: /opt/munin/db
fi
if [ ! -d "/opt/munin/www" ] ; then
mkdir /opt/munin/www
fi
chown munin: /opt/munin/www
if [ ! -d "/opt/munin/cgi-tmp" ] ; then
mkdir /opt/munin/cgi-tmp
chown munin: /opt/munin/cgi-tmp
fi
if [ ! -f "/opt/munin/log/munin-update.log" ] ; then
touch /opt/munin/log/munin-update.log
chown munin: /opt/munin/log/munin-update.log
fi
if [ ! -f "/opt/munin/lighttpd-munin.conf" ] ; then
cat > /opt/munin/lighttpd-munin.conf <<EOF
server.username = "munin"
server.groupname = "munin"
server.document-root = "/opt/munin/www"
server.port = 2813
server.errorlog = "/dev/stdout"
accesslog.filename = "/dev/stdout"
dir-listing.activate = "disable"
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_rewrite",
"mod_redirect",
"mod_cgi",
"mod_fastcgi",
"mod_auth",
"mod_authn_file",
)
server.pid-file = "/run/lighttpd-munin.pid"
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )
url.redirect += ( "^/*$" => "/munin/" )
\$HTTP["url"] =~ "/munin-cgi/munin-cgi-graph" {
alias.url += ( "/munin-cgi/munin-cgi-graph" => "/usr/lib/munin/cgi/munin-cgi-graph" )
cgi.assign = ( "" => "" )
}
alias.url += ( "/munin/static" => "/etc/munin/static" )
alias.url += ( "/munin" => "/opt/munin/www" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
EOF
fi
munin-node-configure --shell
s6-svc -r /var/run/s6/munin-node
# Prime the munin values so there isn't a 404 on initial view of page
su - munin --shell=/bin/bash /usr/bin/munin-cron
####################
# Dashboard
####################
if [ ! -d "/opt/dashboard" ] ; then
mkdir /opt/dashboard
fi
if [ ! -f "/opt/dashboard/lighttpd.conf" ] ; then
cat > /opt/dashboard/lighttpd.conf <<EOF
server.username = "www-data"
server.groupname = "www-data"
server.document-root = "/opt/dashboard/www"
server.port = 80
server.errorlog = "/dev/stdout"
accesslog.filename = "/dev/stdout"
dir-listing.activate = "disable"
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_rewrite",
"mod_redirect",
"mod_cgi",
"mod_fastcgi",
"mod_auth",
"mod_authn_file",
)
server.pid-file = "/run/lighttpd.pid"
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
EOF
fi
if [ ! -d "/opt/dashboard/wwww" ] ; then
mkdir /opt/dashboard/www
chown www-data /opt/dashboard/www
fi
if [ ! -f "/opt/dashboard/www/index.html" ] ; then
cat > /opt/dashboard/www/index.html <<EOF
<html>
<head>
<title>PiFrameFleet</title>
</head>
<body>
<p><a href="http://127.0.0.1:5913">Command Line</a></p>
<p><a href="http://127.0.0.1:2811">Monit Monitoring</a></p>
<p><a href="http://127.0.0.1:2813">Munin Monitoring</a></p>
<p><a href="http://127.0.0.1:8384">Syncthing Admin Interface</a></p>
<p><a href="http://127.0.0.1:9191">Picture File Browser</a></p>
</body>
</html>
EOF
chown www-data /opt/dashboard/www/index.html
fi
####################
# WireGuard
####################
if [ "$ENABLE_WIREGUARD" = true ] ; then
ip link del dev test 2>/dev/null
if ip link add dev test type wireguard; then
ip link del dev test 2>/dev/null
if ip link add dev test type wireguard; then
echo "**** It seems the wireguard module is already active :) ****"
ip link del dev test
else
else
echo "**** The wireguard module is not active, please install wireguard on the host and activate the 'wg' kernel module ****"
fi
if [ ! -d "/opt/wireguard" ] ; then
fi
if [ ! -d "/opt/wireguard" ] ; then
mkdir /opt/wireguard
fi
fi
####################
# syncthing
####################
if [ "$ENABLE_SYNCTHING" = true ] ; then
if [ ! -d "/opt/syncthing" ]; then
if [ ! -d "/opt/syncthing" ]; then
mkdir /opt/syncthing
fi
ST_CONF="/opt/syncthing/config.xml"
if [ ! -f "$ST_CONF" ]; then
fi
ST_CONF="/opt/syncthing/config.xml"
if [ ! -f "$ST_CONF" ]; then
echo "**** Initial Syncthing Config ****"
/usr/bin/syncthing -generate /opt/syncthing
sed -i 's/<address>127.0.0.1:8384<\/address>/<address>0.0.0.0:8384<\/address>/g' /opt/syncthing/config.xml
@ -120,18 +406,16 @@ if [ "$ENABLE_SYNCTHING" = true ] ; then
if [ -d "/root/Sync" ]; then
rm -r /root/Sync
fi
fi
fi
####################
# FileBrowser
####################
if [ "$ENABLE_FILEBROWSER" = true ] ; then
if [ ! -d "/opt/filebrowser" ]; then
if [ ! -d "/opt/filebrowser" ]; then
mkdir /opt/filebrowser
fi
FB_DB="/opt/filebrowser/pictures.db"
if [ ! -f "$FB_DB" ]; then
fi
FB_DB="/opt/filebrowser/pictures.db"
if [ ! -f "$FB_DB" ]; then
echo "**** Initial FileBrowser Config ****"
filebrowser -d $FB_DB \
config init 2>&1 > /dev/null
@ -143,5 +427,4 @@ if [ "$ENABLE_FILEBROWSER" = true ] ; then
config set --branding.name "PiFrameFleet - Pictures" 2>&1 > /dev/null
filebrowser -d $FB_DB \
users add admin password 2>&1 > /dev/null
fi
fi

View file

@ -1,20 +0,0 @@
#!/usr/bin/with-contenv bash
# Only run the services control script (this one) once
# DO NOT IMMEDIATELY DOWN -- NEED TO TERM THE REST OF THE SERVICES FIRST
s6-svc -o /var/run/s6/services/_service_control
# s6-svc -od means to take down the service and flag it to run AT MOST once
# Service run scripts should check for enablement and immediately exit for this to work well
if [ "$ENABLE_WIREGUARD" = false ] ; then
s6-svc -od /var/run/s6/services/wireguard
fi
if [ "$ENABLE_SYNCTHING" = false ] ; then
s6-svc -od /var/run/s6/services/syncthing
fi
if [ "$ENABLE_FILE_BROWSER" = false ] ; then
s6-svc -od /var/run/s6/services/filebrowser
fi

6
root/etc/services.d/cron/run Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/with-contenv sh
# this line here is what we should have to get rid of the hard link error
touch /etc/crontab /etc/cron.*/*
cron -f

View file

@ -0,0 +1,3 @@
#!/usr/bin/with-contenv bash
/usr/sbin/lighttpd -D -f /opt/dashboard/lighttpd.conf

View file

@ -1,9 +1,5 @@
#!/usr/bin/with-contenv bash
if [ "$ENABLE_FILEBROWSER" = false ] ; then
exit
fi
/usr/local/bin/filebrowser \
-d /opt/filebrowser/pictures.db \
-r /opt/pictures \

View file

@ -1,9 +1,5 @@
#!/usr/bin/with-contenv bash
if [ ! -f "/opt/monit/monitrc" ] ; then
exit
fi
cd /opt/monit
/usr/bin/monit -I \
-c /opt/monit/monitrc

View file

@ -0,0 +1,3 @@
#!/usr/bin/with-contenv bash
/usr/sbin/lighttpd -D -f /opt/munin/lighttpd-munin.conf

View file

@ -0,0 +1,3 @@
#!/usr/bin/with-contenv bash
/usr/sbin/munin-node

6
root/etc/services.d/rtty/run Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/with-contenv bash
/usr/local/bin/rtty \
-f root \
-I "dispatch" \
-a

4
root/etc/services.d/rttys/run Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/with-contenv bash
/usr/local/bin/rttys \
-conf /opt/rtty/rttys.conf

View file

@ -1,9 +1,5 @@
#!/usr/bin/with-contenv bash
if [ "$ENABLE_SYNCTHING" = false ] ; then
exit
fi
/usr/bin/syncthing \
-home="/opt/syncthing" \
-no-browser

View file

@ -2,10 +2,6 @@
# Adapted from https://github.com/linuxserver/docker-wireguard
if [ "$ENABLE_WIREGUARD" = false ] ; then
exit
fi
_term() {
echo "Caught SIGTERM signal!"
wg-quick down /opt/wireguard/wg0.conf