├── bitcasa ├── config │ └── run.sh ├── Dockerfile └── Makefile ├── sslh ├── Dockerfile └── Makefile ├── bin └── multi_entrypoint ├── dropbox ├── Dockerfile └── Makefile ├── nginx ├── Dockerfile ├── Makefile └── config │ └── nginx.conf ├── mysql ├── Dockerfile ├── README.md ├── Makefile └── config │ └── my.cnf ├── README.md ├── php-fcgi ├── Dockerfile ├── Makefile └── config │ └── php-fpm.conf ├── authorized_keys └── cloud-admin ├── phpmyadmin ├── config │ ├── php-fpm.conf │ ├── phpmyadmin-config.sh │ └── nginx.conf ├── Dockerfile └── Makefile ├── codebrowser ├── config │ ├── run.sh │ └── nginx.conf ├── Dockerfile └── Makefile ├── dunsparce └── Makefile ├── LICENSE ├── Makefile └── dunsparce.mk /bitcasa/config/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -u -m 4 | 5 | trap exit SIGCHLD 6 | 7 | sshd -D & 8 | wait 9 | -------------------------------------------------------------------------------- /sslh/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN apt-get update -qq && apt-get -y install sslh 4 | ENTRYPOINT sslh -f -u root -p 0.0.0.0:443 --ssh 172.17.42.1:22 --ssl 172.17.42.1:10443 5 | EXPOSE 443 6 | -------------------------------------------------------------------------------- /bin/multi_entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | Run() { 4 | ppid="${1}" 5 | command="${2}" 6 | 7 | bash -c "${2}" 8 | kill -9 "${1}" 9 | } 10 | 11 | for command in "${@}"; do 12 | Run "${ppid}" "${command}" & 13 | done 14 | wait 15 | -------------------------------------------------------------------------------- /dropbox/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN useradd --home-dir=/home/cloud-admin --create-home --uid=20601 --user-group --shell=/bin/bash cloud-admin 4 | ENTRYPOINT sudo --user=cloud-admin --login -- bash -c "~/.dropbox-dist/dropboxd" 5 | -------------------------------------------------------------------------------- /nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN apt-get update -qq && apt-get -y install nginx 4 | RUN id www-data 2>/dev/null || useradd --shell=/sbin/nologin www-data 5 | ADD config/nginx.conf /etc/nginx/nginx.conf 6 | EXPOSE 80 7 | EXPOSE 443 8 | CMD nginx 9 | -------------------------------------------------------------------------------- /mysql/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | ENV DEBIAN_FRONTEND noninteractive 4 | RUN useradd --shell=/sbin/nologin --uid=13306 mysql 5 | RUN apt-get update -qq && apt-get -y install mysql-client mysql-server 6 | ADD config/my.cnf /etc/mysql/my.cnf 7 | CMD mysqld_safe 8 | EXPOSE 3306 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | imos' container 2 | =============== 3 | 4 | Configurations for docker containers in imos' VPS servers. 5 | This is open to the public mainly for samples of docker configurations. 6 | 7 | 8 | Caveats 9 | ------- 10 | 11 | * Docker host's IP must be 172.17.42.1. 12 | * Docker host's hostname is used to create some directories. 13 | -------------------------------------------------------------------------------- /php-fcgi/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN useradd --home-dir=/home/cloud-guest --create-home --uid=20604 --user-group --shell=/sbin/nologin cloud-guest 4 | RUN apt-get update -qq && apt-get -y install php5-fpm 5 | ADD config/php-fpm.conf /etc/php-fpm.conf 6 | ENTRYPOINT php5-fpm --fpm-config=/etc/php-fpm.conf --nodaemonize 7 | EXPOSE 9000 8 | -------------------------------------------------------------------------------- /authorized_keys/cloud-admin: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMD0VJzjqpARL0Ae0FT+V3soazisvfWHdVoK10QCDKqU9dLHORSu72MuRiojaeR6dAPEbaVFrs0Ra9WpTDpFbn/Qq4oTe7mn06T84yeVtm2dHAjOjG+2OOsOKdjGEVO6JtH3pJStEz9E9ezFdJ+Alji/mVuqEpgZxM0xWr64sK5GJz8oifmerLEpXsRzDrm0CNbw6yUr46hOPzIfBRhgcUcya1IIU+2j1Vcpe70tbIfkswUKABAlqOD1rAUXSfnR+718RLPOka3jbVIm7NbCxqZQj+JkfEGoEZpPPtGShhgunb/Z2vg7x2M54Ux2sb1zYanPciKXYkNd1pQjXcP4PB root@dunsparce.sx9.jp 2 | -------------------------------------------------------------------------------- /phpmyadmin/config/php-fpm.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | ; Pid file 3 | pid = /var/run/php5-fpm.pid 4 | ; Error log file 5 | error_log = /var/log/php5-fpm.log 6 | 7 | 8 | [www] 9 | ; Unix user/group of processes 10 | user = www-data 11 | group = www-data 12 | 13 | listen = 9000 14 | 15 | ; Choose how the process manager will control the number of child processes. 16 | pm = ondemand 17 | pm.max_children = 5 18 | pm.process_idle_timeout = 10s; 19 | pm.status_path = /status.php 20 | -------------------------------------------------------------------------------- /mysql/README.md: -------------------------------------------------------------------------------- 1 | MySQL Container 2 | =============== 3 | 4 | Configure your MySQL data directory 5 | ----------------------------------- 6 | 7 | $ sudo make start 8 | $ sudo docker run --volume=/storage/mysql/data:/var/lib/mysql \ 9 | --rm --tty --interactive imos/mysql /bin/bash 10 | # mysql_install_db --datadir=/var/lib/mysql 11 | # mysqld_safe & 12 | # mysql -u root 13 | mysql> GRANT ALL PRIVILEGES ON *.* TO your_username@localhost 14 | IDENTIFIED BY 'your_password'; 15 | -------------------------------------------------------------------------------- /codebrowser/config/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -u 4 | 5 | find /code/src/ /code/build/flame-binary/ -name *.cpp -or -name *.cc | \ 6 | while read path; do 7 | sudo --user=cloud-admin -- \ 8 | /usr/local/codebrowser/bin/generator/codebrowser_generator \ 9 | -o /code/html -b /code/build \ 10 | -p code:/code/src -p code:/code/build/flame-binary \ 11 | -p include:/code/build/flame-library-binary/include "${path}" 12 | done 13 | sudo --user=cloud-admin -- \ 14 | /usr/local/codebrowser/bin/indexgenerator/codebrowser_indexgenerator \ 15 | /code/html -d /code/data 16 | -------------------------------------------------------------------------------- /phpmyadmin/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | ENV DEBIAN_FRONTEND noninteractive 4 | RUN apt-get update -qq && apt-get -y install nginx phpmyadmin php5-fpm 5 | RUN id www-data 2>/dev/null || useradd --shell=/sbin/nologin www-data 6 | ADD config/nginx.conf /etc/nginx/nginx.conf 7 | ADD config/php-fpm.conf /etc/php-fpm.conf 8 | ADD config/phpmyadmin-config.sh /var/tmp/phpmyadmin-config.sh 9 | RUN bash /var/tmp/phpmyadmin-config.sh > /etc/phpmyadmin/config.inc.php 10 | RUN rm /var/tmp/phpmyadmin-config.sh 11 | ENTRYPOINT php5-fpm --fpm-config=/etc/php-fpm.conf && nginx 12 | EXPOSE 80 13 | -------------------------------------------------------------------------------- /sslh/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | BIND_ADDRESS ?= 0.0.0.0 4 | BIND_PORT ?= 443 5 | 6 | SERVICE := sslh 7 | 8 | start: check 9 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 10 | docker build --tag=imos/$(SERVICE) .; \ 11 | docker run --env=MASTER_HOST=$$(hostname) \ 12 | --name=$(SERVICE) --hostname=$(SERVICE) \ 13 | --publish=$(BIND_ADDRESS):$(BIND_PORT):443 \ 14 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 15 | fi 16 | .PHONY: start 17 | 18 | stop: check 19 | -docker kill $(SERVICE) 2>/dev/null 20 | -docker rm $(SERVICE) 2>/dev/null 21 | .PHONY: stop 22 | 23 | check: 24 | test "$$(whoami)" = 'root' 25 | .PHONY: check 26 | -------------------------------------------------------------------------------- /bitcasa/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN useradd --home-dir=/home/cloud-admin --create-home --uid=20601 --user-group --shell=/bin/bash cloud-admin 4 | 5 | # Install Open SSH Server 6 | RUN apt-get update -qq && apt-get -y install openssh-server 7 | 8 | # Install Bitcasa 9 | RUN apt-get update -qq && apt-get -y install wget uuid-runtime fakeroot 10 | RUN echo "deb http://dist.bitcasa.com/release/apt debian main" > /etc/apt/sources.list.d/bitcasa-release.list 11 | RUN wget -O- http://dist.bitcasa.com/release/bitcasa-releases.gpg.key | apt-key add - 12 | RUN apt-get update -qq && fakeroot apt-get -y install bitcasa 13 | 14 | ADD config/run.sh /etc/run.sh 15 | EXPOSE 22 16 | CMD bash /etc/run.sh 17 | -------------------------------------------------------------------------------- /codebrowser/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Kentaro Imajo 3 | RUN apt-get update -qq && apt-get -y install cmake git clang llvm-dev libclang-dev 4 | RUN mkdir -p /usr/local/codebrowser/src /usr/local/codebrowser/bin 5 | RUN git clone -b 1.6 --depth=1 https://github.com/woboq/woboq_codebrowser.git /usr/local/codebrowser/src 6 | RUN cd /usr/local/codebrowser/bin && cmake -DLLVM_CONFIG_EXECUTABLE=/usr/bin/llvm-config -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release /usr/local/codebrowser/src && make -j 8 7 | RUN useradd --home-dir=/home/cloud-admin --create-home --uid=20601 --user-group --shell=/bin/bash cloud-admin 8 | ADD config/run.sh /etc/run.sh 9 | CMD bash /etc/run.sh 10 | -------------------------------------------------------------------------------- /phpmyadmin/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | BIND_ADDRESS ?= 0.0.0.0 4 | BIND_PORT ?= 8001 5 | 6 | SERVICE := phpmyadmin 7 | 8 | start: check 9 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 10 | docker build --tag=imos/$(SERVICE) .; \ 11 | docker rm --force $(SERVICE) 2>/dev/null || true; \ 12 | docker run \ 13 | --name=$(SERVICE) --hostname=$(SERVICE) \ 14 | --publish=$(BIND_ADDRESS):$(BIND_PORT):80 \ 15 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 16 | fi 17 | .PHONY: start 18 | 19 | stop: check 20 | -docker kill $(SERVICE) 2>/dev/null 21 | -docker rm --force $(SERVICE) 2>/dev/null 22 | .PHONY: stop 23 | 24 | check: 25 | test "$$(whoami)" = 'root' 26 | .PHONY: check 27 | -------------------------------------------------------------------------------- /phpmyadmin/config/phpmyadmin-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cat <<'EOM' 4 | /dev/null 2>/dev/null; then \ 8 | docker build --tag=imos/$(SERVICE) .; \ 9 | docker rm --force $(SERVICE) 2>/dev/null || true; \ 10 | docker run \ 11 | --name=$(SERVICE) --hostname=$(SERVICE) \ 12 | --publish=$(BIND_ADDRESS):$(BIND_PORT):80 \ 13 | --volume=/storage/code/src:/code/src:ro \ 14 | --volume=/storage/code/build:/code/build:rw \ 15 | --volume=/storage/dunsparce/www/code/html:/code/html:rw \ 16 | --memory=$(MEMORY) --cpu-shares=$(CPU) imos/$(SERVICE); \ 17 | fi 18 | .PHONY: start 19 | 20 | stop: check 21 | -docker kill $(SERVICE) 2>/dev/null 22 | -docker rm --force $(SERVICE) 2>/dev/null 23 | .PHONY: stop 24 | 25 | check: 26 | test "$$(whoami)" = 'root' 27 | .PHONY: check 28 | -------------------------------------------------------------------------------- /php-fcgi/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | BIND_ADDRESS ?= 172.17.42.1 4 | BIND_PORT ?= 9000 5 | 6 | SERVICE := php-fcgi 7 | 8 | start: check 9 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 10 | docker build --tag=imos/$(SERVICE) .; \ 11 | mkdir -p /cloud/rw/$$(hostname --short)/www; \ 12 | docker rm --force $(SERVICE) 2>/dev/null || true; \ 13 | docker run \ 14 | --name=$(SERVICE) --hostname=$(SERVICE) \ 15 | --volume=/cloud/ro/$$(hostname --short)/www:/www:ro \ 16 | --publish=$(BIND_ADDRESS):$(BIND_PORT):9000 \ 17 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 18 | fi 19 | .PHONY: start 20 | 21 | stop: check 22 | -docker kill $(SERVICE) 2>/dev/null 23 | -docker rm --force $(SERVICE) 2>/dev/null 24 | .PHONY: stop 25 | 26 | check: 27 | test "$$(whoami)" = 'root' 28 | .PHONY: check 29 | -------------------------------------------------------------------------------- /nginx/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | BIND_ADDRESS1 ?= 0.0.0.0 4 | BIND_PORT1 ?= 80 5 | BIND_ADDRESS2 ?= 0.0.0.0 6 | BIND_PORT2 ?= 10443 7 | 8 | SERVICE := nginx 9 | 10 | start: check 11 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 12 | docker build --tag=imos/$(SERVICE) .; \ 13 | mkdir -p /cloud/rw/$$(hostname --short)/www; \ 14 | docker rm --force $(SERVICE) 2>/dev/null || true; \ 15 | docker run \ 16 | --name=$(SERVICE) --hostname=$(SERVICE) \ 17 | --volume=/cloud/ro/$$(hostname --short)/www:/www:ro \ 18 | --volume=/storage/secret/imoz.jp:/secret:ro \ 19 | --publish=$(BIND_ADDRESS1):$(BIND_PORT1):80 \ 20 | --publish=$(BIND_ADDRESS2):$(BIND_PORT2):443 \ 21 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 22 | fi 23 | .PHONY: start 24 | 25 | stop: check 26 | -docker kill $(SERVICE) 2>/dev/null 27 | -docker rm --force $(SERVICE) 2>/dev/null 28 | .PHONY: stop 29 | 30 | check: 31 | test "$$(whoami)" = 'root' 32 | .PHONY: check 33 | -------------------------------------------------------------------------------- /dunsparce/Makefile: -------------------------------------------------------------------------------- 1 | DISK ?= 100G 2 | 3 | SERVICE := dunsparce 4 | 5 | start: check 6 | if ! mountpoint -q /storage/$(SERVICE); then \ 7 | resize2fs /storage/$(SERVICE)/image.dmg $(DISK); \ 8 | mount --types=auto --options=loop \ 9 | /storage/$(SERVICE)/image.dmg /storage/$(SERVICE); \ 10 | fi 11 | if ! mountpoint -q /cloud/rw/$(SERVICE); then \ 12 | mkdir -p /cloud/rw/$(SERVICE); \ 13 | mount --bind /storage/$(SERVICE) /cloud/rw/$(SERVICE); \ 14 | fi 15 | if ! mountpoint -q /cloud/ro/$(SERVICE); then \ 16 | mkdir -p /cloud/ro/$(SERVICE); \ 17 | mount --bind /storage/$(SERVICE) /cloud/ro/$(SERVICE); \ 18 | mount -o remount,ro /cloud/ro/$(SERVICE); \ 19 | fi 20 | .PHONY: start 21 | 22 | stop: check 23 | -for mode in ro rw; do \ 24 | fuser --kill /cloud/$$mode/$(SERVICE); \ 25 | umount -f /cloud/$$mode/$(SERVICE); \ 26 | done 27 | -fuser --kill /storage/$(SERVICE) 28 | -umount -f /storage/$(SERVICE) 29 | # rm -rf /cloud 30 | .PHONY: stop 31 | 32 | check: 33 | test "$$(whoami)" = 'root' 34 | .PHONY: check 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Kentaro IMAJO 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /codebrowser/config/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | pid /run/nginx.pid; 4 | 5 | # Required for docker. 6 | daemon off; 7 | 8 | events { 9 | worker_connections 768; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | tcp_nopush on; 15 | tcp_nodelay on; 16 | keepalive_timeout 65; 17 | types_hash_max_size 2048; 18 | 19 | include /etc/nginx/mime.types; 20 | default_type application/octet-stream; 21 | 22 | access_log /var/log/nginx/access.log; 23 | error_log /var/log/nginx/error.log; 24 | 25 | gzip on; 26 | gzip_disable "msie6"; 27 | 28 | server { 29 | listen 80 default_server; 30 | listen [::]:80 default_server ipv6only=on; 31 | 32 | root /codebrowser/html; 33 | index index.html index.htm index.php; 34 | 35 | # Make site accessible from http://localhost/ 36 | server_name localhost; 37 | 38 | fastcgi_index index.php; 39 | 40 | location /codebrowser/data { 41 | alias /usr/local/codebrowser/src/data; 42 | } 43 | 44 | location /data { 45 | alias /usr/local/codebrowser/src/data; 46 | } 47 | 48 | location / { 49 | try_files $uri $uri/ =404; 50 | autoindex on; 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /phpmyadmin/config/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | pid /run/nginx.pid; 4 | 5 | # Required for docker. 6 | daemon off; 7 | 8 | events { 9 | worker_connections 768; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | tcp_nopush on; 15 | tcp_nodelay on; 16 | keepalive_timeout 65; 17 | types_hash_max_size 2048; 18 | 19 | include /etc/nginx/mime.types; 20 | default_type application/octet-stream; 21 | 22 | access_log /var/log/nginx/access.log; 23 | error_log /var/log/nginx/error.log; 24 | 25 | gzip on; 26 | gzip_disable "msie6"; 27 | 28 | server { 29 | listen 80 default_server; 30 | listen [::]:80 default_server ipv6only=on; 31 | 32 | root /usr/share/phpmyadmin; 33 | index index.html index.htm index.php; 34 | 35 | # Make site accessible from http://localhost/ 36 | server_name localhost; 37 | 38 | fastcgi_index index.php; 39 | 40 | location / { 41 | try_files $uri $uri/ =404; 42 | autoindex on; 43 | } 44 | 45 | location ~ \.php$ { 46 | include fastcgi_params; 47 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 48 | fastcgi_pass 127.0.0.1:9000; 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /dropbox/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | DISK ?= 5G 4 | 5 | SERVICE := dropbox 6 | 7 | start: check 8 | if ! mountpoint -q /storage/$(SERVICE); then \ 9 | e2fsck -y -f /storage/$(SERVICE)/image.dmg; \ 10 | resize2fs /storage/$(SERVICE)/image.dmg $(DISK); \ 11 | mount -t auto -o loop /storage/$(SERVICE)/image.dmg /storage/$(SERVICE); \ 12 | fi 13 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 14 | docker build --tag=imos/$(SERVICE) .; \ 15 | docker run \ 16 | --name=$(SERVICE) --hostname=$(SERVICE) \ 17 | --volume=/storage/$(SERVICE):/home/cloud-admin \ 18 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 19 | fi 20 | .PHONY: start 21 | 22 | stop: check 23 | -docker kill $(SERVICE) 2>/dev/null 24 | -docker rm $(SERVICE) 2>/dev/null 25 | -fuser --kill /storage/$(SERVICE) 2>/dev/null 26 | -umount -f /storage/$(SERVICE) 2>/dev/null 27 | .PHONY: stop 28 | 29 | defrag: check 30 | -e4defrag -c /storage/$(SERVICE)/image.dmg 31 | -e2fsck -y -f /storage/$(SERVICE)/image.dmg 32 | -resize2fs -M /storage/$(SERVICE)/image.dmg 33 | .PHONY: defrag 34 | 35 | backup: check 36 | xz --stdout --compress /storage/$(SERVICE)/image.dmg \ 37 | > /storage/$(SERVICE).dmg.xz 38 | .PHONY: backup 39 | 40 | check: 41 | test "$$(whoami)" = 'root' 42 | .PHONY: check 43 | -------------------------------------------------------------------------------- /bitcasa/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | DISK ?= 20G 4 | 5 | SERVICE := bitcasa 6 | 7 | start: check 8 | if ! mountpoint -q /storage/$(SERVICE); then \ 9 | e2fsck -y -f /storage/$(SERVICE)/image.dmg; \ 10 | resize2fs /storage/$(SERVICE)/image.dmg $(DISK); \ 11 | mount -t auto -o loop /storage/$(SERVICE)/image.dmg /storage/$(SERVICE); \ 12 | fi 13 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 14 | docker build --tag=imos/$(SERVICE) .; \ 15 | docker run \ 16 | --name=$(SERVICE) --hostname=$(SERVICE) --privileged \ 17 | --volume=/storage/$(SERVICE):/bitcasa \ 18 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 19 | fi 20 | .PHONY: start 21 | 22 | stop: check 23 | -docker kill $(SERVICE) 2>/dev/null 24 | -docker rm $(SERVICE) 2>/dev/null 25 | -fuser --kill /storage/$(SERVICE) 2>/dev/null 26 | -umount -f /storage/$(SERVICE) 2>/dev/null 27 | .PHONY: stop 28 | 29 | defrag: check 30 | -e4defrag -c /storage/$(SERVICE)/image.dmg 31 | -e2fsck -y -f /storage/$(SERVICE)/image.dmg 32 | -resize2fs -M /storage/$(SERVICE)/image.dmg 33 | .PHONY: defrag 34 | 35 | backup: check 36 | xz --stdout --compress /storage/$(SERVICE)/image.dmg \ 37 | > /storage/$(SERVICE).dmg.xz 38 | .PHONY: backup 39 | 40 | check: 41 | test "$$(whoami)" = 'root' 42 | .PHONY: check 43 | -------------------------------------------------------------------------------- /mysql/Makefile: -------------------------------------------------------------------------------- 1 | CPU ?= 100 2 | MEMORY ?= 100M 3 | DISK ?= 10G 4 | BIND_ADDRESS ?= 172.17.42.1 5 | BIND_PORT ?= 3306 6 | 7 | SERVICE := mysql 8 | 9 | start: check 10 | if ! mountpoint -q /storage/$(SERVICE); then \ 11 | if [ ! -f /storage/$(SERVICE)/image.dmg ]; then \ 12 | mkdir -p /storage/$(SERVICE); \ 13 | truncate --size=1g /storage/$(SERVICE)/image.dmg; \ 14 | yes | mkfs -t ext4 /storage/$(SERVICE)/image.dmg; \ 15 | fi; \ 16 | resize2fs /storage/$(SERVICE)/image.dmg $(DISK); \ 17 | mount --types=auto --options=loop \ 18 | /storage/$(SERVICE)/image.dmg /storage/$(SERVICE); \ 19 | fi 20 | if mountpoint -q /storage/$(SERVICE); then \ 21 | mkdir -p /storage/$(SERVICE)/data; \ 22 | chown 13306 /storage/$(SERVICE)/data; \ 23 | fi 24 | if ! docker top $(SERVICE) >/dev/null 2>/dev/null; then \ 25 | docker build --tag=imos/$(SERVICE) .; \ 26 | docker rm --force $(SERVICE) 2>/dev/null || true; \ 27 | docker run \ 28 | --name=$(SERVICE) --hostname=$(SERVICE) \ 29 | --volume=/storage/mysql/data:/var/lib/mysql \ 30 | --publish=$(BIND_ADDRESS):$(BIND_PORT):3306 \ 31 | --memory=$(MEMORY) --cpu-shares=$(CPU) --detach imos/$(SERVICE); \ 32 | fi 33 | .PHONY: start 34 | 35 | stop: check 36 | -docker kill $(SERVICE) 2>/dev/null 37 | -docker rm --force $(SERVICE) 2>/dev/null 38 | -fuser --kill /storage/$(SERVICE) 39 | -umount -f /storage/$(SERVICE) 40 | .PHONY: stop 41 | 42 | check: 43 | test "$$(whoami)" = 'root' 44 | .PHONY: check 45 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | USERS := cloud-admin cloud-user cloud-family cloud-guest 2 | 3 | start: 4 | make --file=$$(hostname --short).mk start 5 | .PHONY: start 6 | 7 | stop: 8 | make --file=$$(hostname --short).mk stop 9 | .PHONY: stop 10 | 11 | restart: stop 12 | make --file=$$(hostname --short).mk start 13 | .PHONY: restart 14 | 15 | %-start: 16 | make --file=$$(hostname --short).mk $*-poststart 17 | .PHONY: %-start 18 | 19 | %-stop: 20 | make --file=$$(hostname --short).mk $*-poststop 21 | .PHONY: %-stop 22 | 23 | %-restart: %-stop 24 | make --file=$$(hostname --short).mk $*-poststart 25 | .PHONY: %-restart 26 | 27 | install: 28 | id cloud-admin || useradd --home-dir=/home/cloud-admin --create-home \ 29 | --uid=20601 --user-group --shell=/bin/bash cloud-admin 30 | id cloud-user || useradd --home-dir=/home/cloud-user --create-home \ 31 | --uid=20602 --user-group --shell=/sbin/nologin cloud-user 32 | id cloud-family || useradd --home-dir=/home/cloud-family --create-home \ 33 | --uid=20603 --user-group --shell=/sbin/nologin cloud-family 34 | id cloud-guest || useradd --home-dir=/home/cloud-guest --create-home \ 35 | --uid=20604 --user-group --shell=/sbin/nologin cloud-guest 36 | usermod --groups=cloud-family,cloud-user,cloud-guest cloud-user 37 | usermod --groups=cloud-guest,cloud-family cloud-family 38 | for user in $(USERS); do \ 39 | mkdir -p /home/$${user}/.ssh; \ 40 | cp authorized_keys/$${user} \ 41 | /home/$${user}/.ssh/authorized_keys 2>/dev/null || true; \ 42 | done 43 | .PHONY: install 44 | 45 | uninstall: 46 | for user in $(USERS); do \ 47 | userdel --force --remove $${user}; \ 48 | groupdel $${user}; \ 49 | done 50 | .PHONY: uninstall 51 | -------------------------------------------------------------------------------- /dunsparce.mk: -------------------------------------------------------------------------------- 1 | SERVICES := dunsparce dropbox nginx sslh php-fcgi phpmyadmin mysql 2 | 3 | start: check $(addsuffix -poststart, $(SERVICES)) 4 | .PHONY: start 5 | 6 | stop: check $(addsuffix -poststop, $(SERVICES)) 7 | .PHONY: stop 8 | 9 | check: 10 | test "$$(whoami)" = 'root' 11 | .PHONY: check 12 | 13 | # Kill services using /cloud. 14 | dunsparce-prestop: dropbox-poststop nginx-poststop php-fcgi-poststop 15 | .PHONY: dunsparce-prestop 16 | 17 | dropbox-poststart: dropbox-start dunsparce-poststart 18 | for year in 2013 2014; do for mode in rw ro; do \ 19 | mkdir -p /cloud/$$mode/dropbox/icfpc/$$year; \ 20 | { sshfs \ 21 | -o "IdentityFile=/root/.ssh/Dunsparce.pem,nonempty" \ 22 | -o "default_permissions,allow_other" \ 23 | -o "uid=$$(id -u cloud-family),gid=$$(id -g cloud-family)" \ 24 | -o "umask=007,$$mode" \ 25 | cloud-admin@localhost:/storage/dropbox/Dropbox/icfpc/$$year \ 26 | /cloud/$$mode/dropbox/icfpc/$$year & } ; \ 27 | done; done; wait 28 | .PHONY: dropbox-poststart 29 | 30 | dropbox-prestop: 31 | -for year in 2014 2013; do for mode in ro rw; do \ 32 | { fuser --kill /cloud/$$mode/dropbox/icfpc/$$year & } ; \ 33 | done; done; wait 34 | -for year in 2014 2013; do for mode in ro rw; do \ 35 | { umount -f /cloud/$$mode/dropbox/icfpc/$$year & } ; \ 36 | done; done; wait 37 | .PHONY: dropbox-prestop 38 | 39 | # /cloud/ro/dunsparce/www must be mounted beforehand. 40 | nginx-prestart: dunsparce-poststart 41 | .PHONY: nginx-prestart 42 | 43 | # /cloud/ro/dunsparce/www must be mounted beforehand. 44 | php-fcgi-prestart: dunsparce-poststart 45 | .PHONY: php-fcgi-prestart 46 | 47 | %-prestart: %/Makefile 48 | -@: 49 | .PHONY: %-prestart 50 | 51 | %-start: %-prestart 52 | cd $*; make start 53 | .PHONY: %-start 54 | 55 | %-poststart: %-start 56 | -@: 57 | .PHONY: %-poststart 58 | 59 | %-prestop: %/Makefile 60 | -@: 61 | .PHONY: %-prestop 62 | 63 | %-stop: %-prestop 64 | cd $*; make stop 65 | .PHONY: %-stop 66 | 67 | %-poststop: %-stop 68 | -@: 69 | .PHONY: %-poststop 70 | -------------------------------------------------------------------------------- /mysql/config/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = 3306 3 | socket = /var/run/mysqld/mysqld.sock 4 | 5 | [mysqld_safe] 6 | socket = /var/run/mysqld/mysqld.sock 7 | nice = 0 8 | 9 | [mysqld] 10 | user = mysql 11 | pid-file = /var/run/mysqld/mysqld.pid 12 | socket = /var/run/mysqld/mysqld.sock 13 | bind-address = 0.0.0.0 14 | port = 3306 15 | basedir = /usr 16 | datadir = /var/lib/mysql 17 | tmpdir = /tmp 18 | lc-messages-dir = /usr/share/mysql 19 | skip-external-locking 20 | 21 | # 22 | # * Fine Tuning 23 | # 24 | key_buffer = 16M 25 | max_allowed_packet = 16M 26 | thread_stack = 192K 27 | thread_cache_size = 8 28 | # This replaces the startup script and checks MyISAM tables if needed 29 | # the first time they are touched 30 | myisam-recover = BACKUP 31 | #max_connections = 100 32 | #table_cache = 64 33 | #thread_concurrency = 10 34 | # 35 | # * Query Cache Configuration 36 | # 37 | query_cache_limit = 1M 38 | query_cache_size = 16M 39 | # 40 | # * Logging and Replication 41 | # 42 | # Both location gets rotated by the cronjob. 43 | # Be aware that this log type is a performance killer. 44 | # As of 5.1 you can enable the log at runtime! 45 | #general_log_file = /var/log/mysql/mysql.log 46 | #general_log = 1 47 | # 48 | # Error log - should be very few entries. 49 | # 50 | log_error = /var/log/mysql/error.log 51 | # 52 | # Here you can see queries with especially long duration 53 | #log_slow_queries = /var/log/mysql/mysql-slow.log 54 | #long_query_time = 2 55 | #log-queries-not-using-indexes 56 | # 57 | # The following can be used as easy to replay backup logs or for replication. 58 | # note: if you are setting up a replication slave, see README.Debian about 59 | # other settings you may need to change. 60 | #server-id = 1 61 | #log_bin = /var/log/mysql/mysql-bin.log 62 | expire_logs_days = 10 63 | max_binlog_size = 100M 64 | #binlog_do_db = include_database_name 65 | #binlog_ignore_db = include_database_name 66 | 67 | 68 | [mysqldump] 69 | quick 70 | quote-names 71 | max_allowed_packet = 16M 72 | 73 | [mysql] 74 | #no-auto-rehash # faster start of mysql but no tab completition 75 | 76 | [isamchk] 77 | key_buffer = 16M 78 | 79 | # 80 | # * IMPORTANT: Additional settings that can override those from this file! 81 | # The files must end with '.cnf', otherwise they'll be ignored. 82 | # 83 | !includedir /etc/mysql/conf.d/ 84 | -------------------------------------------------------------------------------- /nginx/config/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 4; 3 | pid /run/nginx.pid; 4 | 5 | # Required for docker. 6 | daemon off; 7 | 8 | events { 9 | worker_connections 768; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | tcp_nopush on; 15 | tcp_nodelay on; 16 | keepalive_timeout 65; 17 | types_hash_max_size 2048; 18 | 19 | include /etc/nginx/mime.types; 20 | default_type application/octet-stream; 21 | 22 | access_log /var/log/nginx/access.log; 23 | error_log /var/log/nginx/error.log; 24 | 25 | gzip on; 26 | gzip_disable "msie6"; 27 | 28 | include /etc/nginx/conf.d/*.conf; 29 | 30 | server { 31 | listen 80 default_server; 32 | listen [::]:80 default_server ipv6only=on; 33 | 34 | root /www/default; 35 | index index.html index.htm index.php; 36 | 37 | # Make site accessible from http://localhost/ 38 | server_name localhost; 39 | 40 | fastcgi_index index.php; 41 | 42 | location ^~ /downloads/ { 43 | root /www; 44 | break; 45 | } 46 | 47 | location ~ \.php$ { 48 | include fastcgi_params; 49 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 50 | fastcgi_pass 172.17.42.1:9000; 51 | } 52 | 53 | location / { 54 | try_files $uri $uri/ =404; 55 | } 56 | } 57 | 58 | server { 59 | listen 443 default_server; 60 | 61 | server_name imoz.jp; 62 | ssl on; 63 | ssl_certificate /secret/imoz.jp.crt; 64 | ssl_certificate_key /secret/imoz.jp.key; 65 | ssl_protocols SSLv3 TLSv1; 66 | ssl_ciphers HIGH:!ADH:!MD5; 67 | 68 | root /www/default; 69 | index index.html index.htm index.php; 70 | 71 | # Make site accessible from http://localhost/ 72 | server_name localhost; 73 | 74 | fastcgi_index index.php; 75 | 76 | # Priorities of location directives: =, ^~, ~, none (prefix matching). 77 | 78 | location ^~ /phpmyadmin/ { 79 | auth_basic "Authentication for phpMyAdmin"; 80 | auth_basic_user_file /secret/htpasswd; 81 | proxy_buffering off; 82 | rewrite ^/phpmyadmin/(.*) /$1 break; 83 | proxy_pass http://172.17.42.1:8001; 84 | proxy_redirect http://172.17.42.1:8001/ 85 | https://$host/phpmyadmin/; 86 | proxy_redirect default; 87 | break; 88 | } 89 | 90 | location ^~ /code/ { 91 | auth_basic "Authentication for Codebrowser"; 92 | auth_basic_user_file /secret/htpasswd; 93 | root /www; 94 | break; 95 | } 96 | 97 | location ^~ /downloads/ { 98 | root /www; 99 | break; 100 | } 101 | 102 | location ~ \.php$ { 103 | include fastcgi_params; 104 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 105 | fastcgi_pass 172.17.42.1:9000; 106 | } 107 | 108 | location / { 109 | try_files $uri $uri/ =404; 110 | } 111 | } 112 | } 113 | -------------------------------------------------------------------------------- /php-fcgi/config/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;; 2 | ; Global Options ; 3 | ;;;;;;;;;;;;;;;;;; 4 | 5 | [global] 6 | ; Pid file 7 | ; Note: the default prefix is /var 8 | ; Default Value: none 9 | pid = /var/run/php5-fpm.pid 10 | 11 | ; Error log file 12 | ; If it's set to "syslog", log is sent to syslogd instead of being written 13 | ; in a local file. 14 | ; Note: the default prefix is /var 15 | ; Default Value: log/php-fpm.log 16 | error_log = /var/log/php5-fpm.log 17 | 18 | 19 | ; Start a new pool named 'www'. 20 | ; the variable $pool can we used in any directive and will be replaced by the 21 | ; pool name ('www' here) 22 | [www] 23 | 24 | ; Unix user/group of processes 25 | ; Note: The user is mandatory. If the group is not set, the default user's group 26 | ; will be used. 27 | user = cloud-guest 28 | group = cloud-guest 29 | 30 | listen = 9000 31 | 32 | ; Choose how the process manager will control the number of child processes. 33 | ; Possible Values: 34 | ; static - a fixed number (pm.max_children) of child processes; 35 | ; dynamic - the number of child processes are set dynamically based on the 36 | ; following directives. With this process management, there will be 37 | ; always at least 1 children. 38 | ; pm.max_children - the maximum number of children that can 39 | ; be alive at the same time. 40 | ; pm.start_servers - the number of children created on startup. 41 | ; pm.min_spare_servers - the minimum number of children in 'idle' 42 | ; state (waiting to process). If the number 43 | ; of 'idle' processes is less than this 44 | ; number then some children will be created. 45 | ; pm.max_spare_servers - the maximum number of children in 'idle' 46 | ; state (waiting to process). If the number 47 | ; of 'idle' processes is greater than this 48 | ; number then some children will be killed. 49 | ; ondemand - no children are created at startup. Children will be forked when 50 | ; new requests will connect. The following parameter are used: 51 | ; pm.max_children - the maximum number of children that 52 | ; can be alive at the same time. 53 | ; pm.process_idle_timeout - The number of seconds after which 54 | ; an idle process will be killed. 55 | ; Note: This value is mandatory. 56 | pm = dynamic 57 | 58 | ; The number of child processes to be created when pm is set to 'static' and the 59 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 60 | ; This value sets the limit on the number of simultaneous requests that will be 61 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 62 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 63 | ; CGI. The below defaults are based on a server without much resources. Don't 64 | ; forget to tweak pm.* to fit your needs. 65 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 66 | ; Note: This value is mandatory. 67 | pm.max_children = 5 68 | 69 | ; The number of child processes created on startup. 70 | ; Note: Used only when pm is set to 'dynamic' 71 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 72 | pm.start_servers = 2 73 | 74 | ; The desired minimum number of idle server processes. 75 | ; Note: Used only when pm is set to 'dynamic' 76 | ; Note: Mandatory when pm is set to 'dynamic' 77 | pm.min_spare_servers = 1 78 | 79 | ; The desired maximum number of idle server processes. 80 | ; Note: Used only when pm is set to 'dynamic' 81 | ; Note: Mandatory when pm is set to 'dynamic' 82 | pm.max_spare_servers = 3 83 | 84 | ; The number of seconds after which an idle process will be killed. 85 | ; Note: Used only when pm is set to 'ondemand' 86 | ; Default Value: 10s 87 | ;pm.process_idle_timeout = 10s; 88 | 89 | ; The URI to view the FPM status page. If this value is not set, no URI will be 90 | ; recognized as a status page. 91 | pm.status_path = /status.php 92 | --------------------------------------------------------------------------------