From 05d6a33261aa62d045da29db1f7e6f35eba8a0b7 Mon Sep 17 00:00:00 2001
From: KemoNine <kemonine@kemonine.info>
Date: Sun, 2 Aug 2020 20:15:13 +0000
Subject: [PATCH] Initial setup of PiFrameFleet

---
 piframefleet/Dockerfile                       | 59 +++++++++++++++++++
 piframefleet/README.md                        |  5 ++
 piframefleet/arch_detect.sh                   | 20 +++++++
 piframefleet/root/etc/cont-init.d/30-config   | 45 ++++++++++++++
 piframefleet/root/etc/cont-init.d/99-welcome  | 20 +++++++
 .../root/etc/services.d/_service_control/run  | 20 +++++++
 .../root/etc/services.d/filebrowser/run       | 11 ++++
 .../root/etc/services.d/wireguard/run         | 20 +++++++
 piframefleet_build.sh                         |  4 ++
 piframefleet_run.sh                           | 26 ++++++++
 10 files changed, 230 insertions(+)
 create mode 100644 piframefleet/Dockerfile
 create mode 100644 piframefleet/README.md
 create mode 100755 piframefleet/arch_detect.sh
 create mode 100644 piframefleet/root/etc/cont-init.d/30-config
 create mode 100644 piframefleet/root/etc/cont-init.d/99-welcome
 create mode 100644 piframefleet/root/etc/services.d/_service_control/run
 create mode 100755 piframefleet/root/etc/services.d/filebrowser/run
 create mode 100644 piframefleet/root/etc/services.d/wireguard/run
 create mode 100755 piframefleet_build.sh
 create mode 100755 piframefleet_run.sh

diff --git a/piframefleet/Dockerfile b/piframefleet/Dockerfile
new file mode 100644
index 0000000..2475a17
--- /dev/null
+++ b/piframefleet/Dockerfile
@@ -0,0 +1,59 @@
+FROM alpine:latest
+
+WORKDIR /opt/
+
+# need to figure out if arm64/arm64 32bit multilib/arm
+COPY piframefleet/arch_detect.sh /opt/
+
+# Copy ansible samples -> /opt
+COPY ansible /opt/
+
+# Install and base setup all the things
+RUN apk upgrade --update --no-cache && \
+  apk add python3 curl jq bash unzip && \
+  ARCH=$(/opt/arch_detect.sh); \
+  echo "**** Detected arch: $ARCH ****" && \
+  S6_RELEASE=$(curl -sX GET "https://api.github.com/repos/just-containers/s6-overlay/tags" \
+	  | jq -r .[0].name); \
+  echo "**** s6-overlay release: ${S6_RELEASE} ****" && \
+  echo "**** Installing s6-overlay ****" && \
+  curl -L https://github.com/just-containers/s6-overlay/releases/latest/download/s6-overlay-${ARCH}.tar.gz \
+    -o /opt/s6-overlay.tar.gz && \
+  tar xzf /opt/s6-overlay.tar.gz -C / && \
+  echo "**** wireguard ****" && \
+  apk add wireguard-tools && \
+  echo "**** syncthing ****" && \
+  apk add syncthing && \
+  echo "**** rclone ****" && \
+  curl https://rclone.org/install.sh | bash && \
+  echo "**** filebrowser ****" && \
+  curl -fsSL https://filebrowser.org/get.sh | bash && \
+  echo "**** ansible ****" && \
+  apk add ansible ansible-lint ansible-doc && \
+  ansible-galaxy install githubixx.ansible_role_wireguard && \
+  echo "**** cleanup ****" && \
+  rm /opt/s6-overlay.tar.gz && \
+  rm -rf /var/cache/apk/*
+
+ADD /piframefleet/root/ /
+
+# Wireguard related 'stuff'
+ENV ENABLE_WIREGUARD=false
+EXPOSE 51820/udp
+VOLUME /lib/modules
+
+# SyncThing related 'stuff'
+ENV ENABLE_SYNCTHING=false
+EXPOSE 8384/tcp
+EXPOSE 22000/tcp
+
+# FileBrowser related 'stuff'
+ENV ENABLE_FILEBROWSER=false
+EXPOSE 9191/tcp
+VOLUME /opt/filebrowser
+
+# General 'stuff'
+VOLUME /opt/pictures
+
+# Run s6-overlay as the init so we get services and similar
+ENTRYPOINT [ "/init" ]
diff --git a/piframefleet/README.md b/piframefleet/README.md
new file mode 100644
index 0000000..c320314
--- /dev/null
+++ b/piframefleet/README.md
@@ -0,0 +1,5 @@
+# PiFrameFleet
+
+This is a basic Docker container setup for managing a fleet of PiFrames.
+
+This area of the code base is very much a work in progress and should **NOT** be used unless you're interested in submitting patches.
diff --git a/piframefleet/arch_detect.sh b/piframefleet/arch_detect.sh
new file mode 100755
index 0000000..8871f97
--- /dev/null
+++ b/piframefleet/arch_detect.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+python3 <<EOF
+from __future__ import print_function
+import platform
+processor = platform.machine()
+architecture = platform.architecture()
+if processor == 'aarch64':
+    # Mutli arch arm support is why this 32bit check is present
+    if '32bit' in architecture:
+        print('arm', end='')
+    else:
+        print('aarch64', end='')
+elif processor == 'x86 64' or processor == 'x86_64':
+    print('amd64', end='')
+elif processor == 'armv7l':
+    print('arm', end='')
+else:
+    print('armhf', end='')
+EOF
diff --git a/piframefleet/root/etc/cont-init.d/30-config b/piframefleet/root/etc/cont-init.d/30-config
new file mode 100644
index 0000000..f97dfd4
--- /dev/null
+++ b/piframefleet/root/etc/cont-init.d/30-config
@@ -0,0 +1,45 @@
+#!/usr/bin/with-contenv bash
+
+####################
+# WireGuard
+####################
+
+if [ "$ENABLE_WIREGUARD" = true ] ; then
+  ip link del dev test 2>/dev/null
+  if ip link add dev test type wireguard; then
+    echo "**** It seems the wireguard module is already active :) ****"
+    ip link del dev test
+  else
+    echo "**** The wireguard module is not active, please install wireguard on the host and activate the 'wg' kernel module ****"
+  fi
+fi
+
+####################
+# Pictures storage
+####################
+if [ ! -d "/opt/pictures" ]; then
+  mkdir /opt/pictures
+fi
+
+####################
+# FileBrowser
+####################
+if [ "$ENABLE_FILEBROWSER" = true ] ; then
+  if [ ! -d "/opt/filebrowser" ]; then
+    mkdir /opt/filebrowser
+  fi
+  FB_DB="/opt/filebrowser/pictures.db"
+  if [ ! -f "$FB_DB" ]; then
+    echo "**** Initial FileBrowser Config ****"
+    filebrowser -d $FB_DB \
+        config init 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --address 0.0.0.0 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --port 9191 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        config set --branding.name "PiFrameFleet - Pictures" 2>&1 > /dev/null
+    filebrowser -d $FB_DB \
+        users add admin password 2>&1 > /dev/null
+  fi
+fi
diff --git a/piframefleet/root/etc/cont-init.d/99-welcome b/piframefleet/root/etc/cont-init.d/99-welcome
new file mode 100644
index 0000000..8c98002
--- /dev/null
+++ b/piframefleet/root/etc/cont-init.d/99-welcome
@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+
+echo "
+-------------------------------------
+Welcome to PiFrameFleet
+This container includes the following
+  - WireGuard VPN
+  - Ansible
+  - SyncThing
+  - rclone
+  - FileBrowser (admin/password)
+-------------------------------------"
+echo "
+-------------------------------------
+Service Status
+  - WireGuard VPN : ${ENABLE_WIREGUARD}
+  - SyncThing : ${ENABLE_SYNCTHING}
+  - FileBrowser : ${ENABLE_FILEBROWSER}
+-------------------------------------
+"
diff --git a/piframefleet/root/etc/services.d/_service_control/run b/piframefleet/root/etc/services.d/_service_control/run
new file mode 100644
index 0000000..f3c69a0
--- /dev/null
+++ b/piframefleet/root/etc/services.d/_service_control/run
@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+
+# Only run the services control script (this one) once
+#    DO NOT IMMEDIATELY DOWN -- NEED TO TERM THE REST OF THE SERVICES FIRST
+s6-svc -o /var/run/s6/services/_service_control
+
+# s6-svc -od means to take down the service and flag it to run AT MOST once
+# Service run scripts should check for enablement and immediately exit for this to work well
+
+if [ "$ENABLE_WIREGUARD" = false ] ; then
+    s6-svc -od /var/run/s6/services/wireguard
+fi
+
+#if [ "$ENABLE_SYNCTHING" = false ] ; then
+#    s6-svc -od /var/run/s6/services/syncthing
+#fi
+
+if [ "$ENABLE_FILE_BROWSER" = false ] ; then
+    s6-svc -od /var/run/s6/services/filebrowser
+fi
diff --git a/piframefleet/root/etc/services.d/filebrowser/run b/piframefleet/root/etc/services.d/filebrowser/run
new file mode 100755
index 0000000..5fd51d5
--- /dev/null
+++ b/piframefleet/root/etc/services.d/filebrowser/run
@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bash
+
+if [ "$ENABLE_FILEBROWSER" = false ] ; then
+    exit
+fi
+
+/usr/local/bin/filebrowser \
+    -d /opt/filebrowser/pictures.db \
+    -r /opt/pictures \
+    --img-processors 1 \
+    --disable-thumbnails
diff --git a/piframefleet/root/etc/services.d/wireguard/run b/piframefleet/root/etc/services.d/wireguard/run
new file mode 100644
index 0000000..285d3d0
--- /dev/null
+++ b/piframefleet/root/etc/services.d/wireguard/run
@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+
+# Adapted from https://github.com/linuxserver/docker-wireguard
+
+if [ "$ENABLE_WIREGUARD" = false ] ; then
+    exit
+fi
+
+_term() {
+  echo "Caught SIGTERM signal!"
+  wg-quick down wg0
+}
+
+trap _term SIGTERM
+
+wg-quick up wg0
+
+sleep infinity &
+
+wait
diff --git a/piframefleet_build.sh b/piframefleet_build.sh
new file mode 100755
index 0000000..a0fa8a3
--- /dev/null
+++ b/piframefleet_build.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+git pull
+sudo docker build -t piframe/piframefleet:latest -f piframefleet/Dockerfile .
diff --git a/piframefleet_run.sh b/piframefleet_run.sh
new file mode 100755
index 0000000..12a7b76
--- /dev/null
+++ b/piframefleet_run.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+echo "**** Building latest PiFrameFleet container ****"
+$(pwd)/piframefleet_build.sh
+
+echo "**** Deleting Original Container ****"
+sudo docker rm -f piframefleet
+
+echo "**** Running PiFrameFleet ****"
+sudo docker run -it \
+    --restart unless-stopped \
+    --name piframefleet \
+    --cap-add=NET_ADMIN \
+    --cap-add=SYS_MODULE \
+    -e TZ=UTC \
+    -e ENABLE_WIREGUARD=true \
+    -e ENABLE_SYNCTHING=false \
+    -e ENABLE_FILEBROWSER=true \
+    -p 51820:51820/udp \
+    -p 8384:8384/tcp \
+    -p 22000:22000/tcp \
+    -p 9191:9191/tcp \
+    -v /lib/modules:/lib/modules:ro \
+    -v /var/piframefleet/filebrowser:/opt/filebrowser \
+    -v /var/piframefleet/pictures:/opt/pictures \
+    piframe/piframefleet:latest