├── .dockerignore ├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── config.yml ├── dependabot.yml └── workflows │ ├── main.yml │ └── manual.yml ├── CHANGELOG.md ├── Dockerfile ├── LICENSE ├── LICENSES └── MIT ├── README.md ├── install ├── assets │ ├── defaults │ │ ├── 00-container │ │ ├── 02-permissions │ │ ├── 03-monitoring │ │ ├── 04-scheduling │ │ ├── 05-logging │ │ ├── 06-messaging │ │ └── 07-firewall │ └── functions │ │ └── 00-container └── etc │ ├── cont-init.d │ ├── 00-startup │ ├── 01-timezone │ ├── 02-permissions │ ├── 03-monitoring │ ├── 04-scheduling │ ├── 05-logging │ ├── 06-messaging │ ├── 07-firewall │ └── 99-container │ ├── fluent-bit │ ├── parsers.conf │ └── parsers.d │ │ └── .empty │ └── services.available │ ├── 03-monitoring │ └── run │ ├── 04-scheduling │ └── run │ ├── 05-logging │ └── run │ └── 07-firewall │ └── run └── zabbix_templates ├── zabbix_agent_container.xml └── zabbix_fail2ban.json /.dockerignore: -------------------------------------------------------------------------------- 1 | examples/ 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [tiredofit] 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: If something isn't working right.. 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | ### Summary 11 | 12 | 13 | 14 | 15 | ### Steps to reproduce 16 | 17 | 18 | 19 | 20 | ### What is the expected *correct* behavior? 21 | 22 | 23 | 24 | 25 | ### Relevant logs and/or screenshots 26 | 27 | 28 | 29 | ### Environment 30 | 31 | 32 | - Image version / tag: 33 | - Host OS: 34 | 35 |
36 | Any logs | docker-compose.yml 37 |
38 | 39 | 40 | 41 | ### Possible fixes 42 | 43 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea or feature 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | --- 11 | name: Feature Request 12 | about: Suggest an idea for this project 13 | 14 | --- 15 | 16 | **Description of the feature** 17 | 18 | 19 | **Benftits of feature** 20 | 21 | 22 | **Additional context** 23 | 24 | -------------------------------------------------------------------------------- /.github/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # Maintain dependencies for GitHub Actions 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" 8 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 7.10.31 2025-05-05 2 | 3 | ### Added 4 | - S6 overlay 3.20.3 5 | 6 | 7 | ## 7.10.30 2025-04-26 8 | 9 | ### Added 10 | - Zabbix Agent 7.2.6 11 | 12 | ### Changed 13 | - Restore Fluent-bit Building broken in 7.10.29 14 | 15 | 16 | ## 7.10.29 2025-02-24 17 | 18 | ### Added 19 | - Zabbix Agent 7.0.10 20 | 21 | 22 | ## 7.10.28 2025-01-21 23 | 24 | ### Added 25 | - Zabbix Agent 7.0.8 26 | 27 | 28 | ## 7.10.27 2024-12-11 29 | 30 | ### Changed 31 | - Fix for 7.10.26 32 | 33 | 34 | ## 7.10.26 2024-12-11 35 | 36 | ### Changed 37 | - Redo the mechanism to by default disable SSL for mysql checks 38 | 39 | 40 | ## 7.10.25 2024-12-09 41 | 42 | ### Added 43 | - Add --skip-ssl default to DB_MYSQLADMIN_ARGS environment variable for change in client defaults 44 | 45 | 46 | ## 7.10.24 2024-12-07 47 | 48 | ### Added 49 | - Alpine 3.21 support 50 | 51 | ### Changed 52 | - Stop building Zabbix Modern Agent for Alpine 3.11-3.14 53 | 54 | 55 | ## 7.10.23 2024-11-27 56 | 57 | ### Added 58 | - Downgrade to Zabbix Agent 7.0.5 59 | 60 | 61 | ## 7.10.22 2024-11-20 62 | 63 | ### Added 64 | - Zabbix Agent 7.0.6 65 | 66 | 67 | ## 7.10.21 2024-11-18 68 | 69 | ### Added 70 | - Fluent-Bit 3.2.1 71 | 72 | 73 | ## 7.10.20 2024-11-11 74 | 75 | ### Added 76 | - Fluent-Bit 3.2.0 77 | 78 | 79 | ## 7.10.19 2024-11-07 80 | 81 | ### Changed 82 | - Add patches to support GCC 14 with Fluent-Bit > 3.1.9 83 | 84 | 85 | ## 7.10.18 2024-11-04 86 | 87 | ### Added 88 | - Fluent-Bit 3.1.10 89 | 90 | 91 | ## 7.10.17 2024-10-22 92 | 93 | ### Added 94 | - Zabbix Agent 7.0.5 95 | 96 | 97 | ## 7.10.16 2024-10-13 98 | 99 | ### Added 100 | - S6 Overlay 3.2.0.2 101 | 102 | 103 | ## 7.10.15 2024-10-01 104 | 105 | ### Added 106 | - Fluent Bit 3.1.9 107 | 108 | 109 | ## 7.10.14 2024-09-24 110 | 111 | ### Added 112 | - Zabbix Agent 7.0.4 113 | 114 | 115 | ## 7.10.13 2024-09-16 116 | 117 | ### Added 118 | - Fluent-bit 3.1.8 119 | 120 | 121 | ## 7.10.12 2024-09-02 122 | 123 | ### Added 124 | - Fluent-bit 3.1.7 125 | 126 | 127 | ## 7.10.11 2024-08-22 128 | 129 | ### Changed 130 | - Allow for changing CONTAINER_USER and CONTAINER_GROUP names with hyphens in them 131 | 132 | 133 | ## 7.10.10 2024-08-19 134 | 135 | ### Added 136 | - Zabbix Agent 7.0.3 137 | 138 | 139 | ## 7.10.9 2024-08-14 140 | 141 | ### Added 142 | - Fluent-Bit 3.1.6 143 | 144 | 145 | ## 7.10.8 2024-08-11 146 | 147 | ### Added 148 | - Fluent-Bit 3.1.5 149 | 150 | 151 | ## 7.10.7 2024-07-29 152 | 153 | ### Added 154 | - Zabbix Agent 7.0.2 155 | 156 | 157 | ## 7.10.6 2024-07-25 158 | 159 | ### Added 160 | - Fluent-Bit 3.1.4 161 | 162 | 163 | ## 7.10.5 2024-07-22 164 | 165 | ### Added 166 | - Zabbix Agent 7.0.1 167 | 168 | 169 | ## 7.10.4 2024-07-17 170 | 171 | ### Added 172 | - Fluent-Bit 3.1.3 173 | 174 | 175 | ## 7.10.3 2024-07-12 176 | 177 | ### Added 178 | - Fluent-Bit 3.1.2 179 | - S6 Overlay 3.2.0 180 | 181 | 182 | ## 7.10.2 2024-07-10 183 | 184 | ### Added 185 | - Fluent-bit 3.1.1 186 | 187 | 188 | ## 7.10.1 2024-07-10 189 | 190 | ### Added 191 | - Fluent-bit 3.10 192 | 193 | 194 | ## 7.10.0 2024-07-05 195 | 196 | ### Added 197 | - Add host_override function 198 | 199 | 200 | ## 7.9.1 2024-06-26 201 | 202 | ### Changed 203 | - Tweak to print_start function solving unneccessary delays 204 | 205 | 206 | ## 7.9.0 2024-06-25 207 | 208 | ### Added 209 | - Add CONTAINER_PROCESS_RUNAWAY_DELAY environment variable to add a configurable (default 1) second delay in between restarting processes 210 | 211 | 212 | ## 7.8.35 2024-06-17 213 | 214 | ### Added 215 | - YQ 4.44.2 216 | 217 | 218 | ## 7.8.34 2024-06-11 219 | 220 | ### Added 221 | - Fluent Bit 3.0.7 222 | 223 | 224 | ## 7.8.33 2024-06-04 225 | 226 | ### Added 227 | - Zabbix Agent 7.0.0 228 | 229 | 230 | ## 7.8.32 2024-05-27 231 | 232 | ### Added 233 | - Fluent Bit 3.0.6 234 | 235 | 236 | ## 7.8.31 2024-05-23 237 | 238 | ### Added 239 | - Fluent-bit 3.0.5 240 | 241 | 242 | ## 7.8.30 2024-05-21 243 | 244 | ### Added 245 | - Zabbix Agent 6.4.15 246 | 247 | 248 | ## 7.8.29 2024-05-21 249 | 250 | ### Added 251 | - Fluent-bit 3.0.4 252 | 253 | 254 | ## 7.8.28 2024-04-27 255 | 256 | ### Added 257 | - Fluent-bit 3.0.3 258 | 259 | 260 | ## 7.8.27 2024-04-12 261 | 262 | ### Added 263 | - Fluent-bit 3.0.2 264 | 265 | 266 | ## 7.8.26 2024-04-04 267 | 268 | ### Added 269 | - Fluent-Bit 3.0.1 270 | 271 | 272 | ## 7.8.25 2024-03-25 273 | 274 | ### Added 275 | - Zabbix Agent 6.4.13 276 | 277 | 278 | ## 7.8.24 2024-03-21 279 | 280 | ### Added 281 | - Fluent-Bit 3.0.0 282 | 283 | 284 | ## 7.8.23 2024-02-26 285 | 286 | ### Added 287 | - Zabbix 6.4.12 288 | 289 | 290 | ## 7.8.22 2024-02-02 291 | 292 | ### Changed 293 | - Fix issue with creating blank files on startup 294 | 295 | 296 | ## 7.8.21 2024-02-01 297 | 298 | ### Added 299 | - Zabbix Agent 6.4.11 300 | 301 | 302 | ## 7.8.20 2023-12-13 303 | 304 | ### Added 305 | - Zabbix Agent 6.4.10 306 | 307 | 308 | ## 7.8.19 2023-12-08 309 | 310 | ### Changed 311 | - Fix issues with service_stop function 312 | 313 | 314 | ## 7.8.18 2023-12-05 315 | 316 | ### Changed 317 | - Mod service_stop function to not pass DONOTSTART when turning off a different service" 318 | 319 | 320 | ## 7.8.17 2023-11-09 321 | 322 | ### Added 323 | - Fluent-Bit 2.2.0 324 | 325 | 326 | ## 7.8.16 2023-11-08 327 | 328 | ### Added 329 | - Zabbix Agent 6.4.8 330 | 331 | 332 | ## 7.8.15 2023-11-06 333 | 334 | ### Added 335 | - S6 Overlay 3.16.0 336 | 337 | 338 | ## 7.8.14 2023-10-24 339 | 340 | ### Changed 341 | - Restore building Zabbix Agent 2 with Alpine Edge/3.19 342 | 343 | 344 | ## 7.8.13 2023-10-24 345 | 346 | ### Changed 347 | - Prepare for imminent Alpine 3.19 release 348 | 349 | 350 | ## 7.8.12 2023-09-28 351 | 352 | ### Added 353 | - Zabbix Agent 6.4.7 354 | - Fluent-bit 2.1.10 355 | - Add option for gzip compression for fluent-bit output/loki 356 | 357 | 358 | ## 7.8.7 2023-08-23 359 | 360 | ### Added 361 | - Zabbix Agent 6.4.6 362 | - Golang build 1.21.0 363 | - YQ 4.35.1 364 | - Add SMTP_FROM_OVERRIDE option (credit coolibre@github) 365 | 366 | 367 | ## 7.8.6 2023-07-28 368 | 369 | ### Added 370 | - Golang 1.20.6 build chain 371 | - YQ 4.34.2 372 | - Fluent-bit 2.1.8 373 | 374 | ### Changed 375 | - Modify db_ready routines to accomodate for MariaDB 11 binary name changes 376 | 377 | 378 | ## 7.8.5 2023-06-27 379 | 380 | ### Added 381 | - Zabbix Agent 6.4.4 382 | 383 | 384 | ## 7.8.4 2023-06-23 385 | 386 | ### Added 387 | - Fluent-Bit 2.1.6 388 | 389 | 390 | ## 7.8.3 2023-06-20 391 | 392 | ### Added 393 | - Fluent-Bit 2.1.5 394 | 395 | 396 | ## 7.8.2 2023-05-09 397 | 398 | ### Added 399 | - Introduce Alpine 3.18 400 | 401 | 402 | ## 7.8.1 2023-05-03 403 | 404 | ### Added 405 | - Golang 1.20.4 406 | 407 | ### Changed 408 | - Cleanup 409 | 410 | 411 | ## 7.8.0 2023-04-26 412 | 413 | ### Added 414 | - Introduce _FILE support for environment variables 415 | - Quiet down DEBUG MODE for "base image" services 416 | - Zabbix Agent 6.4.2 417 | - Fluent Bit 2.1.2 418 | 419 | 420 | ## 7.7.58 2023-04-21 421 | 422 | ### Added 423 | - FluentBit 2.1.1 424 | 425 | 426 | ## 7.7.57 2023-04-05 427 | 428 | ### Added 429 | - Go build 1.20.3 430 | - Fluent-bit 2.0.11 431 | 432 | 433 | ## 7.7.56 2023-04-03 434 | 435 | ### Added 436 | - S6 Overlay 3.14.2 437 | 438 | 439 | ## 7.7.55 2023-03-31 440 | 441 | ### Added 442 | - YQ 4.33.1 443 | - Zabbix Agent 6.4.1 444 | 445 | 446 | ## 7.7.54 2023-03-26 447 | 448 | ### Added 449 | - YQ v4.33.1 450 | 451 | 452 | ## 7.7.53 2023-03-16 453 | 454 | ### Added 455 | - Fluent-bit 2.0.10 456 | - Use Golang 1.20.1 for building again 457 | 458 | 459 | ## 7.7.52 2023-03-07 460 | 461 | ### Added 462 | - Zabbix Agent 6.4.0 463 | - Support upcoming Alpine 3.18 464 | - Remove .gitconfig from /root/ during package cleanup 465 | 466 | ### Changed 467 | - Drop vim and rely on busybox vi 468 | 469 | 470 | ## 7.7.51 2023-02-21 471 | 472 | ### Added 473 | - S6 Overlay 3.1.4.1 474 | 475 | 476 | ## 7.7.50 2023-02-20 477 | 478 | ### Added 479 | - YQ 4.31.1 480 | 481 | 482 | ## 7.7.49 2023-02-17 483 | 484 | ### Added 485 | - S6 Overlay 3.14.0 486 | 487 | 488 | ## 7.7.48 2023-02-15 489 | 490 | ### Changed 491 | - Additional doas fixes 492 | 493 | 494 | ## 7.7.46 2023-02-14 495 | 496 | ### Changed 497 | - Fix for grant_doas function saving to wrong location and set appropriate permissions 498 | 499 | 500 | ## 7.7.45 2023-02-06 501 | 502 | ### Added 503 | - Fluent-bit 2.0.9 504 | - Zabbix Agent 6.2.7 505 | - YQ 4.30.8 506 | - Go 1.20 build environment 507 | 508 | 509 | ## 7.7.44 2022-12-31 510 | 511 | ### Changed 512 | - Change to `service_` commands - New addition `service_list` and also `service_reset` to reset watchdog status to avoid having to restart container after triggered 513 | - `service_down` and `service_up` also take `all` argument to bring up or down all services 514 | 515 | 516 | ## 7.7.43 2022-12-23 517 | 518 | ### Added 519 | - Fluent-Bit 2.0.8 520 | 521 | 522 | ## 7.7.42 2022-12-22 523 | 524 | ### Changed 525 | - No need to even think about building yq for <3.10 526 | 527 | 528 | ## 7.7.41 2022-12-22 529 | 530 | ### Added 531 | - Start building yq package for variants that support building zabbix-agent2 - Warning, 'jq' will be removed in a future release 532 | - prepare_service on cont-init.d folders ingests variables differently 533 | 534 | 535 | ## 7.7.40 2022-12-12 536 | 537 | ### Added 538 | - Golang building 1.19.4 539 | 540 | ### Changed 541 | - Allow clone_git_repo to shallow clone and still perform git describe on tags 542 | 543 | 544 | ## 7.7.39 2022-12-11 545 | 546 | ### Added 547 | - Zabbix Agent 6.2.6 548 | 549 | 550 | ## 7.7.38 2022-12-05 551 | 552 | ### Changed 553 | - Fix for Zabbix volatile data permissions 554 | 555 | 556 | ## 7.7.37 2022-11-30 557 | 558 | ### Changed 559 | - Fix quoting issue with package remove 560 | 561 | 562 | ## 7.7.36 2022-11-29 563 | 564 | ### Changed 565 | - Quiet down package function 566 | 567 | 568 | ## 7.7.35 2022-11-29 569 | 570 | ### Changed 571 | - Handle better dependencies with package remove 572 | 573 | 574 | ## 7.7.34 2022-11-29 575 | 576 | ### Added 577 | - Introduce "package" function 578 | 579 | 580 | ## 7.7.33 2022-11-25 581 | 582 | ### Added 583 | - Fluent-bit 2.0.6 584 | 585 | 586 | ## 7.7.32 2022-11-22 587 | 588 | ### Added 589 | - Introduce Alpine 3.17 Using OpenSSL instead of LibreSSL 590 | 591 | 592 | ## 7.7.31 2022-11-11 593 | 594 | ### Added 595 | - Golang build 1.19.3 596 | - Fluent-bit 2.0.5 597 | 598 | 599 | ## 7.7.30 2022-11-08 600 | 601 | ### Added 602 | - Fluent-bit 2.0.4 603 | 604 | 605 | ## 7.7.29 2022-11-07 606 | 607 | ### Added 608 | - Zabbix Agent 6.2.4 609 | 610 | 611 | ## 7.7.28 2022-10-29 612 | 613 | ### Added 614 | - Fluent-Bit 2.0.3 615 | 616 | 617 | ## 7.7.27 2022-10-27 618 | 619 | ### Added 620 | - Fluent-bit 2.0.2 621 | 622 | 623 | ## 7.7.26 2022-10-25 624 | 625 | ### Added 626 | - Fluent-bit 2.0.0 627 | - Golang build environment 1.19.2 628 | 629 | 630 | ## 7.7.25 2022-10-04 631 | 632 | ### Changed 633 | - Death by if statements 634 | 635 | 636 | ## 7.7.24 2022-10-04 637 | 638 | ### Changed 639 | - For real, fix for clone_git_repo and .git urls 640 | 641 | 642 | ## 7.7.23 2022-10-03 643 | 644 | ### Changed 645 | - Final clone_git_repo modifications 646 | 647 | 648 | ## 7.7.22 2022-10-03 649 | 650 | ### Changed 651 | - Additional changes to clone_git_repo function 652 | 653 | 654 | ## 7.7.21 2022-10-01 655 | 656 | ### Added 657 | - Add custom_dir functionality for clone_git_repo 658 | 659 | 660 | ## 7.7.20 2022-10-01 661 | 662 | ### Changed 663 | - Start pulling submodules with clone_git_repo function 664 | 665 | 666 | ## 7.7.19 2022-10-01 667 | 668 | ### Changed 669 | - Tweak to update_templates function to allow wildcards 670 | 671 | 672 | ## 7.7.18 2022-09-29 673 | 674 | ### Added 675 | - Add bash to be default interpreter when building descendent images 676 | 677 | ### Changed 678 | - Refine clone_git_repo function 679 | 680 | 681 | ## 7.7.17 2022-09-29 682 | 683 | ### Changed 684 | - Add check for git for clone_git_repo 685 | 686 | 687 | ## 7.7.16 2022-09-29 688 | 689 | ### Added 690 | - Add gettext package 691 | 692 | 693 | ## 7.7.15.1 2022-09-29 694 | 695 | ### Changed 696 | - Fix for Alpine Edge not building 697 | 698 | 699 | ## 7.7.14 2022-09-29 700 | 701 | ### Added 702 | - Introduce clone_git_repo function for bandwidth and space saving purposes 703 | - Introduce install_template function for copying files with correct permissions 704 | - Introduce update_template to update tags in template files - Create templates tags like {{VALUE}} in your files to update 705 | 706 | 707 | ## 7.7.13 2022-09-29 708 | 709 | ### Added 710 | - Fluent-bit 1.9.9 711 | - Golang for building 1.19.1 712 | 713 | 714 | ## 7.7.12 2022-09-21 715 | 716 | ### Added 717 | - Zabbix Agent 6.2.3 718 | 719 | 720 | ## 7.7.11 2022-09-11 721 | 722 | ### Added 723 | - Fluent-bit 1.9.8 724 | 725 | 726 | ## 7.7.10 2022-09-05 727 | 728 | ### Fixed 729 | - MSMTP Configuration doesn't like all caps letters 730 | 731 | 732 | ## 7.7.9 2022-08-30 733 | 734 | ### Added 735 | - Zabbix Agent 6.2.2 736 | - S6 Overlay 3.1.2.1 737 | 738 | 739 | ## 7.7.8 2022-08-17 740 | 741 | ### Changed 742 | - Start taking over pid process of services.available scripts 743 | 744 | 745 | ## 7.7.7 2022-08-15 746 | 747 | ### Changed 748 | - Change to Fail2ban Group ID due to original gid not able to be used with LXC (credit: MariaWitch@github) 749 | 750 | 751 | ## 7.7.6 2022-08-12 752 | 753 | ### Changed 754 | - Make logrotate use /etc/logrotate.conf as master configuration 755 | 756 | 757 | ## 7.7.5 2022-08-11 758 | 759 | ### Added 760 | - Fluent-bit 1.9.7 761 | - Customizable compssion types for logrotate, now defaults to using zstd 762 | - Function for zcat to handle bz/xz/gz/zst 763 | 764 | ### Changed 765 | - Fix error when CRON_PERIOD exists as a default or environment variable 766 | 767 | 768 | ## 7.7.4 2022-08-06 769 | 770 | ### Added 771 | - Add third and fourth argument to custom_files function to change ownership post copy 772 | 773 | 774 | ## 7.7.3 2022-08-06 775 | 776 | ### Changed 777 | - Additional fix to custom_scripts function 778 | 779 | 780 | ## 7.7.2 2022-08-05 781 | 782 | ### Changed 783 | - Fix for custom_scripts function not firing properly 784 | 785 | 786 | ## 7.7.1 2022-08-05 787 | 788 | ### Changed 789 | - Fix CONTAINER_POST_INIT_COMMAND feature 790 | 791 | 792 | ## 7.7.0 2022-08-05 793 | 794 | ### Added 795 | - Firewall Support - Now have the capability of either loading an iptables.rules file or using environment variables to set individual IPTables rules inside the container 796 | - Fail2Ban Support - Along with above, embed fail2ban within the container rather than having it maintained downstream in many images. Drop your jails and filters in /etc/fail2ban/filters.d and /etc/fail2ban/jails.d 797 | - Go 1.19.0 build chain 798 | 799 | 800 | ## 7.6.27 2022-07-27 801 | 802 | ### Added 803 | - Add option to show application output on the final execution before the process runaway guard is activated 804 | 805 | 806 | ## 7.6.26 2022-07-27 807 | 808 | ### Changed 809 | - Quiet down dir_empty and dir_notempty functions 810 | 811 | 812 | ## 7.6.25 2022-07-26 813 | 814 | ### Added 815 | - Additional work related to 7.6.21 816 | 817 | 818 | ## 7.6.24 2022-07-25 819 | 820 | ### Changed 821 | - Bring to feature parity of tiredofit/debian 822 | 823 | 824 | ## 7.6.23 2022-07-25 825 | 826 | ### Added 827 | - Fluent-bit 1.9.6 828 | - Zabbix Agent 6.2.1 829 | 830 | 831 | ## 7.6.22 2022-07-18 832 | 833 | ### Changed 834 | - Further refinements to version lookup routines 835 | 836 | 837 | ## 7.6.21 2022-07-18 838 | 839 | ### Changed 840 | - Zabbix montioring defaults fix for Alpine Edge 841 | 842 | 843 | ## 7.6.20 2022-07-07 844 | 845 | ### Added 846 | - Zabbix Agent 6.2.0 847 | 848 | 849 | ## 7.6.19 2022-07-05 850 | 851 | ### Changed 852 | - Add blank /etc/fluent-bit/parsers.d directory 853 | 854 | 855 | ## 7.6.18 2022-07-05 856 | 857 | ### Changed 858 | - Fix issues relating to Fluent-Bit not parsing files properly due to logrotate shift 859 | 860 | 861 | ## 7.6.17 2022-07-04 862 | 863 | ### Changed 864 | - Add Version ARG for FROM command in Dockerfile 865 | 866 | 867 | ## 7.6.16 2022-06-29 868 | 869 | ### Added 870 | - Zabbix Agent 6.0.6 871 | - S6 Overlay 3.1.1.2 872 | 873 | 874 | ## 7.6.15 2022-06-24 875 | 876 | ### Added 877 | - Bring to parity with tiredofit/debian 878 | 879 | ### Changed 880 | - - Fix some issues with Pre Alpine 3.11 installations 881 | - - Fix issues with Alpine 3.5 bash version container initialization routines 882 | 883 | 884 | ## 7.6.11 2022-06-24 885 | 886 | ### Added 887 | - Add yaml package for running fluent-bit 888 | 889 | 890 | ## 7.6.10 2022-06-23 891 | 892 | ### Changed 893 | - Add yaml-dev package as a dependency for fluent-bit 894 | 895 | 896 | ## 7.6.9 2022-06-23 897 | 898 | ### Added 899 | - S6 Overlay 3.1.1.1 900 | - Fluent Bit 1.9.5 901 | 902 | 903 | ## 7.6.8 2022-06-22 904 | 905 | ### Changed 906 | - Rollback to S6 Overlay v3.1.0.1 907 | - Minor fix with logrotate directory handling 908 | 909 | 910 | ## 7.6.7 2022-06-17 911 | 912 | ### Added 913 | - S6 Overlay 3.1.1.0 914 | 915 | 916 | ## 7.6.6 2022-06-15 917 | 918 | ### Added 919 | - Fluent-bit 1.9.4 920 | 921 | 922 | ## 7.6.5 2022-06-03 923 | 924 | ### Added 925 | - Update init scripts to allow to run on Ubuntu 926 | 927 | 928 | ## 7.6.4 2022-06-01 929 | 930 | ### Added 931 | - Build with Golang 1.18.3 932 | 933 | 934 | ## 7.6.3 2022-05-30 935 | 936 | ### Added 937 | - Zabbix Agent 6.0.5 938 | 939 | 940 | ## 7.6.2 2022-05-24 941 | 942 | ### Added 943 | - Introduce Alpine 3.16 builds 944 | 945 | ### Changed 946 | - Change for bash prompt when working in container to show path 947 | 948 | 949 | ## 7.6.1 2022-05-03 950 | 951 | ### Changed 952 | - Zabbix Agent 6.0.4 953 | 954 | 955 | ## 7.6.0 2022-04-30 956 | 957 | ### Changed 958 | - Move /etc/logrotate.d assets to /assets/logrotate to avoid packages being upgraded auto adding more configuration 959 | 960 | 961 | ## 7.5.7 2022-04-05 962 | 963 | ### Changed 964 | - Additional fixes to support edge / 3.16 965 | 966 | 967 | ## 7.5.6 2022-04-05 968 | 969 | ### Added 970 | - Zabbix Agent 6.0.3 971 | - Fix for Fluent bit and Zabbix Agent not building on Alpine edge 972 | 973 | 974 | ## 7.5.5 2022-03-30 975 | 976 | ### Changed 977 | - Fix for Fluentbit compilation on 3.11+ 978 | 979 | 980 | ## 7.5.4 2022-03-23 981 | 982 | ### Added 983 | - Fluent-bit 1.8.15 984 | 985 | 986 | ## 7.5.2 2022-03-18 987 | 988 | ### Added 989 | - Fluent-bit 1.8.14 990 | 991 | 992 | ## 7.5.1 2022-03-16 993 | 994 | ### Added 995 | - Build Zabbix Agent with Go 1.18 996 | 997 | 998 | ## 7.5.0 2022-03-15 999 | 1000 | ### Added 1001 | - Introduce Container File Logging support 1002 | 1003 | 1004 | ## 7.4.2 2022-03-14 1005 | 1006 | ### Added 1007 | - Zabbix Agent 6.0.2 1008 | 1009 | ### Changed 1010 | - Patchup for the warm / cold container startup routines 1011 | 1012 | 1013 | ## 7.4.1 2022-03-11 1014 | 1015 | ### Added 1016 | - Add CONTAINER_PROCESS_RUNAWAY_PROTECTOR function to disable a service from restarting (X) amount of times and taking down a system 1017 | 1018 | 1019 | ## 7.4.0 2022-03-10 1020 | 1021 | ### Changed 1022 | - Change /tmp/.container to /tmp/.container 1023 | - Add logic to tell when a container was started and when it was warm started 1024 | 1025 | 1026 | ## 7.3.9 2022-03-08 1027 | 1028 | ### Added 1029 | - S6 Overlay 3.1.0.1 1030 | 1031 | 1032 | ## 7.3.8 2022-03-02 1033 | 1034 | ### Added 1035 | - Add CONTAINER_POST_INIT_SCRIPT and CONTAINER_POST_INIT_COMMAND environment variables to either execute scripts or commands at the very end of the container initialization process 1036 | 1037 | 1038 | ## 7.3.7 2022-03-02 1039 | 1040 | ### Added 1041 | - Fluent-bit 1.8.13 1042 | 1043 | 1044 | ## 7.3.6 2022-03-01 1045 | 1046 | ### Added 1047 | - Zabbix 6.0.1 1048 | - S6 Overlay 3.0.0.2-2 (3.0.10.0??) 1049 | - GoLang 1.17.7 for building 1050 | 1051 | 1052 | ## 7.3.5 2022-02-15 1053 | 1054 | ### Changed 1055 | - Add truefalse_onezero function 1056 | 1057 | 1058 | ## 7.3.4 2022-02-14 1059 | 1060 | ### Changed 1061 | - Fix breaking change on restricting downstream images relying on Zabbix sudo 1062 | 1063 | 1064 | ## 7.3.3 2022-02-14 1065 | 1066 | ### Added 1067 | - Zabbix Agent 6.0.0 1068 | 1069 | 1070 | ## 7.3.2 2022-02-11 1071 | 1072 | ### Changed 1073 | - Fix for cron logs not writing properly 1074 | 1075 | 1076 | ## 7.3.1 2022-02-10 1077 | 1078 | ### Changed 1079 | - Disable service timeout for images that take longer than 5 seconds to boot 1080 | 1081 | 1082 | ## 7.3.0 2022-02-07 1083 | 1084 | ### Added 1085 | - S6 Overlay 3.0.0.2 1086 | - FluentBit 1.7.12 1087 | - Zabbix Agent 5.4.10 1088 | - New functions (create_zabbix) for easier development 1089 | - doas package for eventual replacement of sudo 1090 | - Added new helpers on command line (service_up/service_down/changelog/version) 1091 | - Added banner showing image name and version upon startup 1092 | - Custom Bash Prompt when entering in container 1093 | 1094 | ### Changed 1095 | - Stop relying on /usr/bin/with-contenv - Instead use recommended /command/ folder as outlined in S6 overlay documentation 1096 | - Cleanup of code and allow for CaMeLCasE environment variables (specifically for var_true/var_false and others) 1097 | - Many optimizations and cleanup of scripts for pure modernization sake 1098 | 1099 | ### Removed 1100 | - Removed fix-attrs.d reliance due to deprecation by S6 Overlay 1101 | 1102 | ## 7.2.19 2022-01-20 1103 | 1104 | ### Changed 1105 | - Rework again db_ready command for MySQL / MariaDB 1106 | 1107 | 1108 | ## 7.2.18 2022-01-06 1109 | 1110 | ### Changed 1111 | - Change to db_ready mariadb command to accomodate for Percona / MySQL 5.7 + without needing PROCESS privileges 1112 | 1113 | 1114 | ## 7.2.17 2021-12-27 1115 | 1116 | ### Added 1117 | - Zabbix Agent 5.4.9 1118 | 1119 | 1120 | ## 7.2.16 2021-12-21 1121 | 1122 | ### Fixed 1123 | - Actually disable "messaging" via both environment variables 1124 | 1125 | ## 7.2.15 2021-12-21 1126 | 1127 | ### Added 1128 | - Add jq package 1129 | 1130 | 1131 | ## 7.2.14 2021-12-17 1132 | 1133 | ### Added 1134 | - Fluent-bit 1.8.11 1135 | 1136 | 1137 | ## 7.2.13 2021-12-15 1138 | 1139 | ### Changed 1140 | - Fix for 7.2.12 1141 | 1142 | 1143 | ## 7.2.12 2021-12-15 1144 | 1145 | ### Added 1146 | - Add fluentbit auto registration 1147 | 1148 | 1149 | ## 7.2.11 2021-12-15 1150 | 1151 | ### Changed 1152 | - Do the same for cleanup for Autoregister DNS_Name as Autoregister 1153 | 1154 | 1155 | ## 7.2.10 2021-12-13 1156 | 1157 | ### Added 1158 | - Add option to control autoregistration 1159 | - Add option to register via DNS instead of IP address for Zabbix Autoregistration 1160 | 1161 | 1162 | ## 7.2.9 2021-12-10 1163 | 1164 | ### Changed 1165 | - Fix for Zabbix Container OS detection 1166 | 1167 | 1168 | ## 7.2.8 2021-12-10 1169 | 1170 | ### Changed 1171 | - Tweak to Zabbix configuration folder permissions 1172 | 1173 | 1174 | ## 7.2.7 2021-12-08 1175 | 1176 | ### Changed 1177 | - Stop writing multiple HostMetaData strings in Zabbix configuration 1178 | 1179 | 1180 | ## 7.2.6 2021-12-06 1181 | 1182 | ### Changed 1183 | - Move Zabbix Autoregister to later in the boot process to ensure all scripts are complete 1184 | 1185 | 1186 | ## 7.2.5 2021-12-06 1187 | 1188 | ### Added 1189 | - Add zabbix_get to image 1190 | 1191 | 1192 | ## 7.2.4 2021-12-03 1193 | 1194 | ### Changed 1195 | - Fix for Docker build 1196 | 1197 | 1198 | ## 7.2.3 2021-12-03 1199 | 1200 | ### Added 1201 | - Introduce Autoregister support by parsing /etc/zabbix/zabbix_agent.conf.d/*.conf files looking for '# Autoregister =' - See README 1202 | 1203 | 1204 | ## 7.2.2 2021-12-03 1205 | 1206 | ### Changed 1207 | - Consolidate Zabbix container agent checks into one autogenerated file and add Autoregister header 1208 | - Tighten up security to Zabbix config and log folders 1209 | 1210 | 1211 | ## 7.2.1 2021-12-03 1212 | 1213 | ### Changed 1214 | - Move Zabbix Agent Pid and Socket to private directory 1215 | 1216 | 1217 | ## 7.2.0 2021-12-03 1218 | 1219 | ### Added 1220 | - Add Zabbix Agent PSK encryption support 1221 | 1222 | 1223 | ## 7.1.26 2021-11-29 1224 | 1225 | ### Added 1226 | - Zabbix Agent 5.4.8 1227 | - Go 1.17.3 1228 | 1229 | 1230 | ## 7.1.25 2021-11-25 1231 | 1232 | ### Changed 1233 | - Fix for Zabbix Agent OS checking 1234 | 1235 | 1236 | ## 7.1.24 2021-11-19 1237 | 1238 | ### Added 1239 | - Fluent-bit 1.8.10 1240 | 1241 | 1242 | ## 7.1.23 2021-10-28 1243 | 1244 | ### Changed 1245 | - Don't build go unless we absoutely have to 1246 | 1247 | 1248 | ## 7.1.22 2021-10-28 1249 | 1250 | ### Changed 1251 | - Compile go manually to continue installing Zabbix Agent 2 1252 | 1253 | 1254 | ## 7.1.21 2021-10-28 1255 | 1256 | ### Added 1257 | - Fluent-bit 1.8.9 1258 | - Zabbix Agent 5.4.7 1259 | 1260 | 1261 | ## 7.1.20 2021-10-28 1262 | 1263 | ### Changed 1264 | - Disable Time Formatting for Zabbix Fluent-bit parsing 1265 | 1266 | 1267 | ## 7.1.19 2021-10-22 1268 | 1269 | ### Added 1270 | - Added new features and defaults for Fluent-Bit Tail Input Plugin 1271 | 1272 | 1273 | ## 7.1.18 2021-10-13 1274 | 1275 | ### Added 1276 | - Zabbix Agent 5.4.5 1277 | - Fluent-Bit 1.8.8 1278 | 1279 | 1280 | ## 7.1.17 2021-09-23 1281 | 1282 | ### Changed 1283 | - Fix fluent-bit log parsing configuration 1284 | 1285 | 1286 | ## 7.1.16 2021-09-22 1287 | 1288 | ### Changed 1289 | - Revert back to Fluent bit 1.8.6 1290 | 1291 | 1292 | ## 7.1.15 2021-09-19 1293 | 1294 | ### Added 1295 | - Fluent-bit 1.8.7 1296 | 1297 | 1298 | ## 7.1.14 2021-09-05 1299 | 1300 | ### Changed 1301 | - Unmatched sed statement 1302 | 1303 | 1304 | ## 7.1.13 2021-09-05 1305 | 1306 | ### Changed 1307 | - Fix for multiple parsers being added to all configuration files in fluent-bit 1308 | 1309 | 1310 | ## 7.1.12 2021-09-04 1311 | 1312 | ### Changed 1313 | - Change syntax for create_logrotate 1314 | 1315 | 1316 | ## 7.1.11 2021-09-04 1317 | 1318 | ### Changed 1319 | - Fixes for create_logrotate function outputting unneccessary su's 1320 | - Fix for Zabbix Agent logrotate/fluent-bit config 1321 | 1322 | 1323 | ## 7.1.10 2021-09-03 1324 | 1325 | ### Changed 1326 | - Cleanup logrotate for fluentbit 1327 | 1328 | 1329 | ## 7.1.9 2021-09-03 1330 | 1331 | ### Changed 1332 | - Properly read wildcards as wildcards for configuration for fluent bit logortate 1333 | 1334 | 1335 | ## 7.1.8 2021-09-01 1336 | 1337 | ### Added 1338 | - Fluent-bit 1.8.6 1339 | 1340 | ### Changed 1341 | - Set SMTP_AUTO_FROM default to FALSE 1342 | - Quiet down a grep statement when looking for logs to parse with fluent-bit 1343 | 1344 | 1345 | ## 7.1.7 2021-08-31 1346 | 1347 | ### Changed 1348 | - Fix double slashes in logrotation paths if auto generated 1349 | 1350 | 1351 | ## 7.1.6 2021-08-31 1352 | 1353 | ### Changed 1354 | - Fix for Fluent-bit Zabbix Agent2 Parsing 1355 | 1356 | 1357 | ## 7.1.5 2021-08-30 1358 | 1359 | ### Added 1360 | - Fluent-bit 1.8.5 1361 | 1362 | 1363 | ## 7.1.4 2021-08-30 1364 | 1365 | ### Added 1366 | - Zabbix Agent 5.4.4 1367 | 1368 | 1369 | ## 7.1.3 2021-08-30 1370 | 1371 | ### Added 1372 | - Add Zabbix Agent (classic/modern) Log Shipping parsers for fluent-bit 1373 | 1374 | 1375 | ## 7.1.2 2021-08-30 1376 | 1377 | ### Changed 1378 | - Change references from 'edge' to 3.15 when looking at os-release 1379 | 1380 | 1381 | ## 7.1.1 2021-08-27 1382 | 1383 | ### Added 1384 | - Add TLS Verification for LOKI Output plugin (Logshipping/Fluent-bit) 1385 | 1386 | 1387 | ## 7.1.0 2021-08-25 1388 | 1389 | ### Added 1390 | - Fluent-Bit 1.8.3 - Only available for Alpine 3.11 and up 1391 | - Customize the amount of days logrotate retains archived logs 1392 | - New CONTAINER_NAME variable that is used for Monitoring and log shipping 1393 | - Auto configuration of output plugins for Fluent-Bit (NULL, LOKI, Forward/FluentD) 1394 | - Auto configuration of Log shipping for files already setup to use log rotation 1395 | - Multiple Parsers support for Log Shipping 1396 | - Add new log to ship via fluent-bit via environment variable 1397 | 1398 | ### Changed 1399 | - Change SMTP_TLS, SMTP_STARTTLS, SMTP_TLSCERTCHECK from "on/off" values to `TRUE|FALSE` 1400 | - Fix for MSMTP backend not properly accounting for legacy variables (ENABLE_SMTP) 1401 | 1402 | ## 7.0.3 2021-08-04 1403 | 1404 | ### Added 1405 | - Bring monitoring cont-init.d script up to parity with debian side for ease of codebase 1406 | 1407 | 1408 | ## 7.0.2 2021-07-26 1409 | 1410 | ### Changed 1411 | - Fix for Zabbix Agent 2 File Logging 1412 | 1413 | 1414 | ## 7.0.1 2021-07-25 1415 | 1416 | ### Added 1417 | - Zabbix Agent 5.4.3 1418 | 1419 | ### Changed 1420 | - Change the location where Zabbix Agent logs 1421 | 1422 | 1423 | ## 7.0.0 2021-07-05 1424 | 1425 | Major changes to this base image, reworking technical debt, creating consistency, and building hooks and expansion capabilities for future purposes. 1426 | 1427 | ### Added 1428 | - Log Shipping support, presently supporting Fluent Bit (x86_64 only) 1429 | - Zabbix Agent 5.4.2 1430 | - Zabbix Agent 2 (modern/go) included, 1 (classic/c) still remains 1431 | - Dyanmically add crontab entries via CRON_* environment variables 1432 | - Prefix container logs with Timestamp 1433 | - Process watchdog support should a process execute multiple times (hooks) 1434 | - Development functions for ease of use 1435 | 1436 | ### Changed 1437 | - Service Names, and order of execution 1438 | - db_ready and sanity_db functions take additional arguments 1439 | - Environment Variable names have changed, attempts have been made to ensure legacy variable names will still function but will be removed at a later date 1440 | - Rewrote permissions changing routines from scratch 1441 | 1442 | ## 6.1.3 2021-06-18 1443 | 1444 | ### Changed 1445 | - Revert Changes introduces by 6.1.2 - Use LibreSSL 1446 | 1447 | 1448 | ## 6.1.2 2021-06-17 1449 | 1450 | ### Changed 1451 | - Drop Libressl and reintroduce Openssl 1452 | 1453 | 1454 | ## 6.1.1 2021-06-16 1455 | 1456 | ### Added 1457 | - Introduce Alpine 3.14 variants 1458 | - Zabbix Agent 5.4.1 1459 | 1460 | 1461 | ## 6.1.0 2021-05-27 1462 | 1463 | ### Fixed 1464 | - Permissions adjustment script was broken on group assignment 1465 | 1466 | 1467 | ## 6.0.2 2021-05-18 1468 | 1469 | ### Added 1470 | - Zabbix Agent 5.4.0 1471 | 1472 | 1473 | ## 6.0.1 2021-05-10 1474 | 1475 | ### Changed 1476 | - Pin S6 as S6 Overlay gets deleted after certain packages get removed 1477 | 1478 | 1479 | ## 6.0.0 2021-05-09 1480 | 1481 | ### Changed 1482 | - Switched back to single branch for building all versions taking advantage of GitHub actions 1483 | - ENABLE_PERMISSIONS by default=TRUE 1484 | ### Removed 1485 | - MailHog SMTP Tester 1486 | 1487 | ## 5.2.1 2021-03-11 1488 | 1489 | ### Added 1490 | - S6 Overlay 2.2.0.3 1491 | - Zabbix Agent 5.2.5 1492 | 1493 | 1494 | ## 5.2.0 2021-01-21 1495 | 1496 | ### Added 1497 | - S6 Overlay 2.2.0.0 1498 | - Multi Arch Buidls offered on Docker Hub 1499 | 1500 | 1501 | ## 5.1.2 2020-12-28 1502 | 1503 | ### Added 1504 | - Zabbix Agent 5.2.3 1505 | 1506 | 1507 | ## 5.1.1 2020-11-14 1508 | 1509 | ### Added 1510 | - Zabbix Agent 5.2.1 1511 | - S6 Overlay 2.1.0.2 1512 | 1513 | 1514 | ## 5.1.0 2020-09-20 1515 | 1516 | ### Added 1517 | - Multiarch Support (x86_64, armhf, aarch64, ppc64le) 1518 | - S6 Overlay 2.1.0.0 1519 | 1520 | 1521 | ## 5.0.7 2020-08-25 1522 | 1523 | ### Changed 1524 | - Fixed Zabbix Agent warning 1525 | 1526 | 1527 | ## 5.0.6 2020-08-25 1528 | 1529 | ### Added 1530 | - Zabbix Agent 5.0.3 1531 | 1532 | 1533 | ## 5.0.5 2020-08-11 1534 | 1535 | ### Changed 1536 | - Fix for container startup check script 1537 | 1538 | 1539 | ## 5.0.4 2020-07-26 1540 | 1541 | ### Added 1542 | - Zabbix Agent 5.0.2 1543 | 1544 | 1545 | ## 5.0.3 2020-06-15 1546 | 1547 | ### Changed 1548 | - Fix broken db_ready command 1549 | 1550 | 1551 | ## 5.0.2 2020-06-15 1552 | 1553 | ### Changed 1554 | - Bugfixes and code cleanup 1555 | 1556 | 1557 | ## 5.0.1 2020-06-13 1558 | 1559 | ### Added 1560 | - Ability to disable logrotate 1561 | 1562 | 1563 | ## 5.0.0 2020-06-10 1564 | 1565 | ### Added 1566 | - Split Defaults and Functions into seperate files for cleanliness 1567 | - Additional functions to load defaults/functions per script 1568 | - Additional functions for checking if files/directories/sockets/ports are available before proceeding 1569 | - Cleanup Container functions file to satisy shellcheck 1570 | 1571 | ### Changed 1572 | - All /etc/s6/services files moved to /etc/services.available - Legacy images that have not been updated will still function but will always execute 1573 | 1574 | ## 4.5.2 2020-04-20 1575 | 1576 | ### Added 1577 | - DEBUG_MODE can now take `script_name` as argument for debugging 1578 | 1579 | ### Changed 1580 | - Rework container sanity check 1581 | 1582 | 1583 | ## 4.5.1 2020-04-17 1584 | 1585 | ### Added 1586 | - Additional functions for timesaving/avoiding errors 1587 | 1588 | ### Changed 1589 | - Rework variable helpers 1590 | - Allow ability to use service_stop outside of the main script 1591 | 1592 | ## 4.5.0 2020-04-16 1593 | 1594 | ### Added 1595 | - Add new function for Docker Secrets Support 1596 | - Add helper for checking if variables are TRUE or FALSE 1597 | 1598 | 1599 | ## 4.4.4 2020-03-16 1600 | 1601 | ### Changed 1602 | - Spelling mistake in 4.4.3 1603 | 1604 | 1605 | ## 4.4.3 2020-03-16 1606 | 1607 | ### Changed 1608 | - Patchup for Services that do not have initialization scripts 1609 | 1610 | 1611 | ## 4.4.2 2020-03-16 1612 | 1613 | ### Changed 1614 | - Change msmtp configuraiton file location 1615 | 1616 | 1617 | ## 4.4.1 2020-03-14 1618 | 1619 | ### Changed 1620 | - Fix when trying to disable Zabbix Monitoring throwing errors 1621 | 1622 | 1623 | ## 4.4.0 2020-03-04 1624 | 1625 | ### Added 1626 | - Added new functions for service starting and stopping 1627 | - Reworked how services are stopped and started to ensure nothing in services are executed until successful completion of init scripts. This bhas the potential of breaking all downstream images if they are not updated. 1628 | - Rewrote SMTP confgiuration 1629 | 1630 | 1631 | ## 4.3.0 2020-03-02 1632 | 1633 | ### Added 1634 | - New routine to cleanup /tmp/.container for users who only restart the container, not fully bring down and remove. 1635 | 1636 | 1637 | ## 4.2.0 2020-02-12 1638 | 1639 | ### Added 1640 | - Reworked Debug Mode to quiet down output on core services and cut down on unnecessary noise 1641 | - Reworked Container Initialization Check to clearly show which file hasn't successfully completed 1642 | 1643 | 1644 | ## 4.1.5 2020-01-11 1645 | 1646 | ### Changed 1647 | - Additional fix for check_service_initialized function to properly look for finished /etc/s6/services processes 1648 | 1649 | ## 4.1.4 2020-01-11 1650 | 1651 | ### Changed 1652 | - Fix for check_service_initialized function to properly look for finished /etc/s6/services processes 1653 | 1654 | ## 4.1.3 2020-01-10 1655 | 1656 | ### Changed 1657 | - Remove code showing $dirname erronously on process startup 1658 | 1659 | ## 4.1.2 2020-01-10 1660 | 1661 | ### Added 1662 | - Quiet down sudo error 1663 | - Zabbix 4.4.4 Agent 1664 | 1665 | 1666 | ## 4.1.1 2020-01-02 1667 | 1668 | ### Changed 1669 | - check_service_initialized was throwing false information 1670 | 1671 | 1672 | ## 4.1.0 2020-01-01 1673 | 1674 | ### Added 1675 | - Start splitting out Defaults into seperate /assets/functions/* files 1676 | 1677 | ### Changed 1678 | - Cleanup of Permissions Changing routines 1679 | 1680 | ## 4.0.1 2020-01-01 1681 | 1682 | ### Added 1683 | - New text output for Notices 1684 | 1685 | ### Changed 1686 | - Additional checks to ensure cont-init.d scripts have finished executing 1687 | 1688 | ## 4.0.0 2020-01-01 1689 | 1690 | ### Added 1691 | - Now relying on Container Level functions file 1692 | - Easier methods for displaying console output 1693 | - Colorized Prompts 1694 | - Cleaner Startup Routines 1695 | - Sanity Check to not start any processes until all startup scripts completed 1696 | 1697 | ### Changed 1698 | - When DEBUG_MODE set stop taking over SMTP functionality. Require DEBUG_SMTP=TRUE instead 1699 | 1700 | ## 3.9.3 2019-12-20 1701 | 1702 | ### Added 1703 | - Alpine 3.11 Base 1704 | 1705 | 1706 | ## 3.9.2 2019-08-23 1707 | 1708 | * Cleanup lines subversion. 1709 | 1710 | ## 3.9.1 2019-08-23 1711 | 1712 | * Cleanup variable. 1713 | 1714 | ## 3.9 2019-07-15 1715 | 1716 | * Add Busybox Extras 1717 | 1718 | ## 3.8.2 2019-04-06 1719 | 1720 | * S6 Overlay 1.22.1.0 1721 | 1722 | ## 3.8.1 2019-01-13 1723 | 1724 | * Cleanup Cache 1725 | 1726 | ## 3.8 2018-10-17 1727 | 1728 | * Force executible permissions on S6 Directories 1729 | 1730 | ## 3.7 2018-10-14 1731 | 1732 | * Bump Zabbix to 4.0 1733 | 1734 | ## 3.6 2018-09-19 1735 | 1736 | * Set +x on all descendents of /etc/s6/services 1737 | 1738 | ## 3.5 2018-07-27 1739 | 1740 | * Add TERM=xterm 1741 | 1742 | ## 3.4 2018-07-02 1743 | 1744 | * Revert back to using && \ instead of ; \ in Dockerfile 1745 | * Add ENABLE_GMAIL_SMTP environment variable thanks to @joeyberkovitz 1746 | 1747 | ## 3.3 2018-04-22 1748 | 1749 | * Update 01-permissions to quiet down if no UIDs changed. 1750 | * Refinements to MailHog, to always route through msmtp 1751 | 1752 | ## 3.2 2018-04-15 1753 | 1754 | * Update Zabbix UID/GID 1755 | 1756 | ## 3.1 2018-03-25 1757 | 1758 | * Update MailHog Test Server Startup 1759 | 1760 | ## 3.0 2018-03-14 1761 | 1762 | * Add 01-permissions script to support change uid & gid and add user to group: 1763 | * USER_= 1764 | * GROUP_= 1765 | * GROUP_ADD_= 1766 | * UID & GID in /etc/passwd & /etc/group will be modified. 1767 | * Old 01- 02- 03- scripts renamed after the new 01-permissions as 02- 03- 04- 1768 | 1769 | ## 2.18 2017-02-15 1770 | 1771 | * Update File Permissions for logrotate.d 1772 | 1773 | ## 2.17 2017-02-01 1774 | 1775 | * Init Scripts Update 1776 | * msmtp Update 1777 | 1778 | ## 2.16 2017-01-29 1779 | 1780 | * More Permissions Fixes 1781 | 1782 | ## 2.15 2017-01-29 1783 | 1784 | * Add Grep, sudo 1785 | * Fix Permissions 1786 | 1787 | ## 2.14 2017-01-29 1788 | 1789 | * Add Container Package Check 1790 | 1791 | ## 2.13 2017-01-28 1792 | 1793 | * Add zabbix-utils to edge 1794 | * Update S6 Overlay to 1.21.2.2 1795 | 1796 | ## 2.12 2017-01-28 1797 | 1798 | * Add Zabbix Check for Updated Packages 1799 | 1800 | ## 2.11 2017-12-24 1801 | 1802 | * Check for custom cron files in /assets/cron-custom/ on startup 1803 | 1804 | ## 2.10 2017-12-01 1805 | 1806 | * Update S6 overlay to 1.21.2.1 1807 | * Add Alpine 3.7 1808 | * Remove Alpine 3.2 1809 | 1810 | ## 2.9 2017-10-23 1811 | 1812 | * Update S6 overlay to 1.21.1.1 1813 | 1814 | ## 2.8 2017-09-27 1815 | 1816 | * Updated Alpine Edge to Zabbix-Agent Package as opposed to Compiling 1817 | * Quieted down service startup to avoid duplication 1818 | 1819 | ## 2.7 2017-09-26 1820 | 1821 | * Added more verbosity to services being enabled/disabled 1822 | 1823 | ## 2.6 2017-09-18 1824 | 1825 | * Add Alpine 3.2, 3.3 for legacy purposes 1826 | * Fix Scripts for checking enabling services 1827 | 1828 | ## 2.5 2017-09-02 1829 | 1830 | * Move to Zabbix 3.4.1 instead of compiling from TRUNK 1831 | 1832 | ## 2.4 2017-09-01 1833 | 1834 | * Update S6 Overlay to 1.2.0.0 1835 | 1836 | ## 2.3 2017-08-28 1837 | 1838 | * Added `DEBUG_SMTP` environment variable to trap SMTP messages accesible via port 8025 1839 | 1840 | ## 2.2 2017-08-27 1841 | 1842 | * Added MSMTP to be able to route mail to external hosts 1843 | 1844 | ## 2.1 2017-08-27 1845 | 1846 | * Added DEBUG_MODE environment variable 1847 | * Added TIMEZONE environment variable 1848 | * Added ENABLE_CRON, ENABLE_ZABBIX switches 1849 | * Built mechanisms to not start processes until container initialized 1850 | * Zabbix Agent Configuration can be controlled and adjusted via Environment Variables 1851 | * General Tidying Up 1852 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ALPINE_VERSION=3.21 2 | 3 | FROM docker.io/alpine:${ALPINE_VERSION} 4 | LABEL maintainer="Dave Conroy (github.com/tiredofit)" 5 | 6 | ARG GOLANG_VERSION=1.21.13 7 | ARG DOAS_VERSION 8 | ARG FLUENTBIT_VERSION 9 | ARG S6_OVERLAY_VERSION 10 | ARG YQ_VERSION 11 | ARG ZABBIX_VERSION 12 | 13 | ### Set defaults 14 | ENV FLUENTBIT_VERSION=${FLUENTBIT_VERSION:-"3.1.10"} \ 15 | S6_OVERLAY_VERSION=${S6_OVERLAY_VERSION:-"3.2.0.3"} \ 16 | YQ_VERSION=${YQ_VERSION:-"v4.44.2"} \ 17 | ZABBIX_VERSION=${ZABBIX_VERSION:-"7.2.6"} \ 18 | DOAS_VERSION=${DOAS_VERSION:-"v6.8.2"} \ 19 | DEBUG_MODE=FALSE \ 20 | TIMEZONE=Etc/GMT \ 21 | CONTAINER_ENABLE_SCHEDULING=TRUE \ 22 | CONTAINER_SCHEDULING_BACKEND=cron \ 23 | CONTAINER_ENABLE_MESSAGING=TRUE \ 24 | CONTAINER_MESSAGING_BACKEND=msmtp \ 25 | CONTAINER_ENABLE_MONITORING=TRUE \ 26 | CONTAINER_MONITORING_BACKEND=zabbix \ 27 | CONTAINER_ENABLE_LOGSHIPPING=FALSE \ 28 | S6_GLOBAL_PATH=/command:/usr/bin:/bin:/usr/sbin:sbin:/usr/local/bin:/usr/local/sbin \ 29 | S6_KEEP_ENV=1 \ 30 | S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ 31 | IMAGE_NAME="tiredofit/alpine" \ 32 | IMAGE_REPO_URL="https://github.com/tiredofit/docker-alpine/" 33 | 34 | ## Mono Repo workarounds 35 | RUN case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in \ 36 | "3.5" | "3.6" ) no_upx=true ;; \ 37 | *) busybox_extras="busybox-extras" ;; \ 38 | esac ; \ 39 | \ 40 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 41 | 3.11 | 3.12 | 3.13 | 3.14 | 3.15 | 3.16 | 3.17* | 3.18* | 3.19* | 3.20* | 3.21* | 3.22* | edge ) fluentbit_make=true ; echo "** Building Fluent Bit" ;; \ 42 | *) : ;; \ 43 | esac ; \ 44 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 45 | 3.15 | 3.16 | 3.17* | 3.18* | 3.19* | 3.20* | 3.21* | 3.22* | edge ) zabbix_args=" --enable-agent2 " ; zabbix_agent2=true ; echo "** Building Zabbix Agent 2" ;; \ 46 | *) : ;; \ 47 | esac ; \ 48 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 49 | 3.11 | 3.12 | 3.13 | 3.14 ) export GOLANG_VERSION=1.19.5 ; yq=false ;; \ 50 | *) : ;; \ 51 | esac ; \ 52 | \ 53 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 54 | 3.5 | 3.6 | 3.7 | 3.8 | 3.9 | 3.10 | 3.11 | 3.12 | 3.13 | 3.14 | 3.15 | 3.16 ) yq=false ;; \ 55 | *) : ;; \ 56 | esac ; \ 57 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 58 | 3.5 | 3.6 | 3.7 | 3.8 | 3.9 | 3.10 | 3.11 | 3.12 | 3.13 | 3.14 | 3.15 | 3.16 ) fts=fts ;; \ 59 | 3.17 | 3.18* | 3.19* | 3.20* | 3.21* ) fts=musl-fts ;; \ 60 | *) : ;; \ 61 | esac ; \ 62 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2 | cut -d _ -f 1)" in \ 63 | 3.5 | 3.6 | 3.7 | 3.8 | 3.9 | 3.10 | 3.11 | 3.12 | 3.13 | 3.14 | 3.15 | 3.16 ) alpine_ssl=libressl ;; \ 64 | 3.17* | 3.18* | 3.19* | 3.20* | 3.21* ) alpine_ssl=openssl ;; \ 65 | *) : ;; \ 66 | esac ; \ 67 | \ 68 | apkArch="$(apk --print-arch)" ; \ 69 | case "$apkArch" in \ 70 | x86_64) upx=upx ;; \ 71 | *) : ;; \ 72 | esac; \ 73 | \ 74 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in \ 75 | "3.5" | "3.6") upx="" ;; \ 76 | esac ; \ 77 | \ 78 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in \ 79 | "3.5" | "3.6" | "3.7" | "3.8" ) build_doas=true ;; \ 80 | *) doas_package="doas" ;; \ 81 | esac ; \ 82 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in \ 83 | "3.5" | "3.8" ) zstd_packge="" ;; \ 84 | *) zstd_package=zstd ;; \ 85 | esac ; \ 86 | ## 87 | set -ex && \ 88 | apk update && \ 89 | apk upgrade && \ 90 | ### Add core utils 91 | apk add -t .base-rundeps \ 92 | acl \ 93 | ${alpine_ssl} \ 94 | bash \ 95 | bc \ 96 | ${busybox_extras} \ 97 | curl \ 98 | ${doas_package} \ 99 | fail2ban \ 100 | ${fts} \ 101 | git \ 102 | grep \ 103 | iptables \ 104 | iputils \ 105 | jq \ 106 | less \ 107 | libgcc \ 108 | $(apk search libssl1* -q) \ 109 | logrotate \ 110 | msmtp \ 111 | nano \ 112 | pcre \ 113 | s6 \ 114 | sudo \ 115 | tzdata \ 116 | yaml \ 117 | ${zstd_package} \ 118 | && \ 119 | \ 120 | apk add -t .golang-build-deps \ 121 | go \ 122 | musl-dev \ 123 | && \ 124 | \ 125 | apk add -t .zabbix-build-deps \ 126 | alpine-sdk \ 127 | autoconf \ 128 | automake \ 129 | binutils \ 130 | coreutils \ 131 | g++ \ 132 | openssl-dev \ 133 | make \ 134 | pcre-dev \ 135 | zlib-dev \ 136 | ${additional_packages} \ 137 | ${upx} \ 138 | && \ 139 | \ 140 | apk add -t .fluentbit-build-deps \ 141 | bison \ 142 | cmake \ 143 | flex \ 144 | ${fts}-dev \ 145 | linux-headers \ 146 | openssl-dev \ 147 | snappy-dev \ 148 | yaml-dev \ 149 | && \ 150 | \ 151 | apk add gettext && \ 152 | mv /usr/bin/envsubst /usr/local/bin/envsubst && \ 153 | cp -R /usr/share/zoneinfo/${TIMEZONE} /etc/localtime && \ 154 | echo "${TIMEZONE}" > /etc/timezone && \ 155 | \ 156 | ## Quiet down sudo 157 | echo "Set disable_coredump false" > /etc/sudo.conf && \ 158 | \ 159 | ### Build Doas 160 | if [ "$build_doas" = "true" ] ; then \ 161 | mkdir -p /usr/src/doas ; \ 162 | curl -sSL https://github.com/Duncaen/OpenDoas/archive/${DOAS_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/doas ; \ 163 | cd /usr/src/doas ; \ 164 | ./configure --prefix=/usr \ 165 | --enable-static \ 166 | --without-pam ; \ 167 | make ; \ 168 | make install ; \ 169 | fi ; \ 170 | \ 171 | ### Golang installation 172 | if [ "$zabbix_agent2" = "true" ] ; then \ 173 | mkdir -p /usr/src/golang ; \ 174 | curl -sSL https://dl.google.com/go/go${GOLANG_VERSION}.src.tar.gz | tar xvfz - --strip 1 -C /usr/src/golang ; \ 175 | cd /usr/src/golang/src/ ; \ 176 | ./make.bash 1>/dev/null ; \ 177 | export GOROOT=/usr/src/golang/ ; \ 178 | export PATH="/usr/src/golang/bin:$PATH" ; \ 179 | fi ; \ 180 | \ 181 | ### YQ compilation and install 182 | if [ "$yq" != "false" ] ; then \ 183 | git clone https://github.com/mikefarah/yq /usr/src/yq ;\ 184 | cd /usr/src/yq ;\ 185 | git checkout ${YQ_VERSION} ;\ 186 | go build ; \ 187 | cp -R yq /usr/local/bin ; \ 188 | fi ; \ 189 | \ 190 | ### Zabbix installation 191 | addgroup -g 10050 zabbix && \ 192 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix && \ 193 | mkdir -p /etc/zabbix && \ 194 | mkdir -p /etc/zabbix/zabbix_agentd.conf.d && \ 195 | mkdir -p /var/lib/zabbix && \ 196 | mkdir -p /var/lib/zabbix/enc && \ 197 | mkdir -p /var/lib/zabbix/modules && \ 198 | mkdir -p /var/lib/zabbix/run && \ 199 | mkdir -p /var/log/zabbix && \ 200 | chown --quiet -R zabbix:root /etc/zabbix && \ 201 | chown --quiet -R zabbix:root /var/lib/zabbix && \ 202 | chown --quiet -R zabbix:root /var/log/zabbix && \ 203 | chmod -R 770 /var/lib/zabbix/run && \ 204 | \ 205 | #### Zabbix compilation 206 | mkdir -p /usr/src/zabbix && \ 207 | curl -sSL https://github.com/zabbix/zabbix/archive/${ZABBIX_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/zabbix && \ 208 | cd /usr/src/zabbix && \ 209 | ./bootstrap.sh 1>/dev/null && \ 210 | export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ 211 | sed -i "s|CGO_CFLAGS=\"\${CGO_CFLAGS}\"| CGO_CFLAGS=\"-D_LARGEFILE64_SOURCE \${CGO_CFLAGS}\"|g" /usr/src/zabbix/src/go/Makefile.am && \ 212 | ./configure \ 213 | --prefix=/usr \ 214 | --silent \ 215 | --sysconfdir=/etc/zabbix \ 216 | --libdir=/usr/lib/zabbix \ 217 | --datadir=/usr/lib \ 218 | --enable-agent ${zabbix_args} \ 219 | --enable-ipv6 \ 220 | --with-openssl \ 221 | && \ 222 | make -j"$(nproc)" -s 1>/dev/null && \ 223 | cp src/zabbix_agent/zabbix_agentd /usr/sbin/zabbix_agentd && \ 224 | cp src/zabbix_get/zabbix_get /usr/sbin/zabbix_get && \ 225 | cp src/zabbix_sender/zabbix_sender /usr/sbin/zabbix_sender && \ 226 | if [ "$zabbix_agent2" = "true" ] ; then cp src/go/bin/zabbix_agent2 /usr/sbin/zabbix_agent2 ; fi ; \ 227 | strip /usr/sbin/zabbix_agentd && \ 228 | strip /usr/sbin/zabbix_get && \ 229 | strip /usr/sbin/zabbix_sender && \ 230 | if [ "$zabbix_agent2" = true ] ; then strip /usr/sbin/zabbix_agent2 ; fi ; \ 231 | if [ "$apkArch" = "x86_64" ] && [ "$no_upx" != "true" ]; then upx /usr/sbin/zabbix_agentd ; fi ; \ 232 | if [ "$apkArch" = "x86_64" ] && [ "$no_upx" != "true" ]; then upx /usr/sbin/zabbix_get ; fi ; \ 233 | if [ "$apkArch" = "x86_64" ] && [ "$no_upx" != "true" ]; then upx /usr/sbin/zabbix_sender ; fi ; \ 234 | if [ "$apkArch" = "x86_64" ] && [ "$zabbix_agent2" = "true" ] && [ "$no_upx" != "true" ]; then upx /usr/sbin/zabbix_agent2 ; fi ; \ 235 | rm -rf /usr/src/zabbix && \ 236 | \ 237 | ### Fluentbit compilation 238 | mkdir -p /usr/src/fluentbit && \ 239 | curl -sSL https://github.com/fluent/fluent-bit/archive/v${FLUENTBIT_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/fluentbit && \ 240 | cd /usr/src/fluentbit && \ 241 | curl -sSL https://gitlab.alpinelinux.org/alpine/aports/-/raw/master/testing/fluent-bit/chunkio-static-lib-fts.patch | patch -p1 && \ 242 | curl -sSL https://gitlab.alpinelinux.org/alpine/aports/-/raw/master/testing/fluent-bit/exclude-luajit.patch | patch -p1 && \ 243 | curl -sSL https://gitlab.alpinelinux.org/alpine/aports/-/raw/master/testing/fluent-bit/musl-strerror_r.patch | patch -p1 && \ 244 | \ 245 | cmake \ 246 | -DCMAKE_INSTALL_PREFIX=/usr \ 247 | -DCMAKE_INSTALL_LIBDIR=lib \ 248 | -DCMAKE_BUILD_TYPE=None \ 249 | -DFLB_AWS=No \ 250 | -DFLB_BACKTRACE=No \ 251 | -DFLB_CORO_STACK_SIZE=24576\ 252 | -DFLB_DEBUG=No \ 253 | -DFLB_EXAMPLES=No \ 254 | -DFLB_FILTER_AWS=No \ 255 | -DFLB_FILTER_ECS=No \ 256 | -DFLB_FILTER_NIGHTFALL=No \ 257 | -DFLB_FILTER_GEOIP2=No \ 258 | -DFLB_FILTER_KUBERNETES=No \ 259 | -DFLB_FILTER_TENSORFLOW=No \ 260 | -DFLB_FILTER_WASM=No \ 261 | -DFLB_HTTP_SERVER=Yes \ 262 | -DFLB_IN_CALYPTIA_FLEET=No \ 263 | -DFLB_IN_COLLECTD=No \ 264 | -DFLB_IN_CPU=No \ 265 | -DFLB_IN_DISK=No \ 266 | -DFLB_IN_DOCKER=No \ 267 | -DFLB_IN_DOCKER_EVENTS=No \ 268 | -DFLB_IN_EMITTER=Ywa \ 269 | -DFLB_IN_EXEC=Yes \ 270 | -DFLB_IN_EXEC_WASI=No \ 271 | -DFLB_IN_ELASTICSEARCH=No \ 272 | -DFLB_IN_HEALTH=No \ 273 | -DFLB_IN_KAFKA=No \ 274 | -DFLB_IN_KMSG=No \ 275 | -DFLB_IN_KUBERNETES_EVENTS=No \ 276 | -DFLB_IN_MEM=No \ 277 | -DFLB_IN_MQTT=No \ 278 | -DFLB_IN_NETIF=No \ 279 | -DFLB_IN_NGINX_EXPORTER_METRICS=No \ 280 | -DFLB_IN_NODE_EXPORTER_METRICS=No \ 281 | -DFLB_IN_OPENTELEMETRY=No \ 282 | -DFLB_IN_PODMAN_METRICS=No \ 283 | -DFLB_IN_PROCESS_EXPORTER_METRICS=No \ 284 | -DFLB_IN_PROC=No \ 285 | -DFLB_IN_PROMETHEUS_REMOTE_WRITE=Yes \ 286 | -DFLB_IN_PROMETHEUS_SCRAPE=No \ 287 | -DFLB_IN_SERIAL=No \ 288 | -DFLB_IN_SPLUNK=No \ 289 | -DFLB_IN_STATSD=No \ 290 | -DFLB_IN_SYSTEMD=No \ 291 | -DFLB_IN_SYSLOG=No \ 292 | -DFLB_IN_TCP=No \ 293 | -DFLB_IN_UDP=No \ 294 | -DFLB_IN_UNIX_SOCKET=No \ 295 | -DFLB_IN_THERMAL=No \ 296 | -DFLB_IN_WINLOG=No \ 297 | -DFLB_IN_WINDOWS_EXPORTER_METRICS=No \ 298 | -DFLB_IN_WINSTAT=No \ 299 | -DFLB_JEMALLOC=Yes \ 300 | -DFLB_LUAJIT=No \ 301 | -DFLB_PROCESSOR_OPENTELEMETRY_ENVELOPE=No \ 302 | -DFLB_PROCESSOR_SQL=No \ 303 | -DFLB_OUT_AZURE=No \ 304 | -DFLB_OUT_AZURE_BLOB=No \ 305 | -DFLB_OUT_AZURE_KUSTO=No \ 306 | -DFLB_OUT_AZURE_LOGS_INGESTION=No \ 307 | -DFLB_OUT_BIGQUERY=No \ 308 | -DFLB_OUT_CALYPTIA=No \ 309 | -DFLB_OUT_CHRONICLE=No \ 310 | -DFLB_OUT_CLOUDWATCH_LOGS=No \ 311 | -DFLB_OUT_COUNTER=No \ 312 | -DFLB_OUT_DATADOG=No \ 313 | -DFLB_OUT_ES=No \ 314 | -DFLB_OUT_FLOWCOUNTER=No \ 315 | -DFLB_OUT_GELF=No \ 316 | -DFLB_OUT_INFLUXDB=No \ 317 | -DFLB_OUT_KAFKA=No \ 318 | -DFLB_OUT_KAFKA_REST=No \ 319 | -DFLB_OUT_KINESIS_FIREHOSE=No \ 320 | -DFLB_OUT_KINESIS_STREAMS=No \ 321 | -DFLB_OUT_LIB=No \ 322 | -DFLB_OUT_LOGDNA=No \ 323 | -DFLB_OUT_NATS=No \ 324 | -DFLB_OUT_NRLOGS=No \ 325 | -DFLB_OUT_OPENSEARCH=No \ 326 | -DFLB_OUT_ORACLE_LOG_ANALYTICS=No \ 327 | -DFLB_OUT_OPENTELEMETRY=No \ 328 | -DFLB_OUT_PROMETHEUS_EXPORTER=No \ 329 | -DFLB_OUT_PROMETHEUS_REMOTE_WRITE=No \ 330 | -DFLB_OUT_PGSQL=No \ 331 | -DFLB_OUT_PLOT=No \ 332 | -DFLB_OUT_S3=No \ 333 | -DFLB_OUT_SKYWALKING=No \ 334 | -DFLB_OUT_SLACK=No \ 335 | -DFLB_OUT_SPLUNK=No \ 336 | -DFLB_OUT_STACKDRIVER=No \ 337 | -DFLB_OUT_TCP=No \ 338 | -DFLB_OUT_TD=No \ 339 | -DFLB_OUT_UDP=No \ 340 | -DFLB_OUT_VIVO_EXPORTER=No \ 341 | -DFLB_OUT_WEBSOCKET=No \ 342 | -DFLB_RELEASE=Yes \ 343 | -DFLB_SHARED_LIB=No \ 344 | -DFLB_SIGNV4=No \ 345 | -DFLB_SMALL=Yes \ 346 | -DFLB_TLS=Yes \ 347 | -DFLB_WASM=No \ 348 | . \ 349 | && \ 350 | \ 351 | if [ "$fluentbit_make" = "true" ] ; then if [ "$apkArch" = "x86_64" ] ; then make -j"$(nproc)" ; make install ; mv /usr/etc/fluent-bit /etc/fluent-bit ; mkdir -p /etc/fluent-bit/parsers.d; mkdir -p /etc/fluent-bit/conf.d ; strip /usr/bin/fluent-bit ; if [ "$apkArch" = "x86_64" ] && [ "$no_upx" != "true" ]; then upx /usr/bin/fluent-bit ; fi ; fi ; fi ;\ 352 | \ 353 | ### Promtail (Disabled) 354 | #git clone https://github.com/grafana/loki.git /usr/src/loki && \ 355 | #cd /usr/src/loki && \ 356 | #git checkout "${PROMTAIL_VERSION}" && \ 357 | #CGO_ENABLED=0 GOOS=linux GO111MODULE=on \ 358 | #go build -v -ldflags '-s -w' -o promtail ./clients/cmd/promtail && \ 359 | #mv promtail /usr/sbin && \ 360 | \ 361 | ### Fail2ban Configuration 362 | addgroup -g 65500 fail2ban && \ 363 | addgroup zabbix fail2ban && \ 364 | rm -rf /var/run/fail2ban && \ 365 | mkdir -p /var/run/fail2ban && \ 366 | chown -R root:fail2ban /var/run/fail2ban && \ 367 | setfacl -d -m g:fail2ban:rwx /var/run/fail2ban && \ 368 | find /etc/fail2ban/action.d/ -type f -not -name 'iptables*.conf' -delete && \ 369 | rm -rf /etc/fail2ban/filter.d && \ 370 | mkdir -p /etc/fail2ban/filter.d && \ 371 | rm -rf /etc/fail2ban/fail2ban.d && \ 372 | rm -rf /etc/fail2ban/jail.d/* && \ 373 | rm -rf /etc/fail2ban/paths* && \ 374 | \ 375 | ### Clean up 376 | mkdir -p /etc/logrotate.d && \ 377 | mkdir -p /etc/doas.d && \ 378 | apk del --purge \ 379 | .fluentbit-build-deps \ 380 | .golang-build-deps \ 381 | .zabbix-build-deps \ 382 | gettext \ 383 | && \ 384 | rm -rf /etc/*.apk.new && \ 385 | rm -rf /etc/logrotate.d/* && \ 386 | rm -rf /etc/doas.conf /etc/doas.d/* && \ 387 | rm -rf /root/.cache && \ 388 | rm -rf /root/go && \ 389 | rm -rf /tmp/* && \ 390 | rm -rf /usr/src/* && \ 391 | rm -rf /var/cache/apk/* && \ 392 | \ 393 | ### S6 overlay installation 394 | apkArch="$(apk --print-arch)" && \ 395 | case "$apkArch" in \ 396 | x86_64) s6Arch='x86_64' ;; \ 397 | armv7) s6Arch='armhf' ;; \ 398 | armhf) s6Arch='armhf' ;; \ 399 | aarch64) s6Arch='aarch64' ;; \ 400 | *) echo >&2 "Error: unsupported architecture ($apkArch)"; exit 1 ;; \ 401 | esac; \ 402 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz | tar xvpfJ - -C / && \ 403 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${s6Arch}.tar.xz | tar xvpfJ - -C / && \ 404 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz | tar xvpfJ - -C / && \ 405 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz | tar xvpfJ - -C / && \ 406 | mkdir -p /etc/cont-init.d && \ 407 | mkdir -p /etc/cont-finish.d && \ 408 | mkdir -p /etc/services.d && \ 409 | chown -R 0755 /etc/cont-init.d && \ 410 | chown -R 0755 /etc/cont-finish.d && \ 411 | chmod -R 0755 /etc/services.d && \ 412 | sed -i "s|echo|: # echo |g" /package/admin/s6-overlay/etc/s6-rc/scripts/cont-init && \ 413 | sed -i "s|echo|: # echo |g" /package/admin/s6-overlay/etc/s6-rc/scripts/cont-finish && \ 414 | sed -i "s|echo ' (no readiness notification)'|: # echo ' (no readiness notification)'|g" /package/admin/s6-overlay/etc/s6-rc/scripts/services-up && \ 415 | sed -i "s|s6-echo -n|: # s6-echo -n|g" /package/admin/s6-overlay/etc/s6-rc/scripts/services-up && \ 416 | sed -i "s|v=2|v=1|g" /package/admin/s6-overlay/etc/s6-linux-init/skel/rc.init && \ 417 | sed -i "s|v=2|v=1|g" /package/admin/s6-overlay/etc/s6-linux-init/skel/rc.shutdown 418 | 419 | ### Set Shell to Bash 420 | SHELL ["/bin/bash", "-c"] 421 | 422 | ### Networking configuration 423 | EXPOSE 2020/TCP 10050/TCP 424 | 425 | ### Entrypoint configuration 426 | ENTRYPOINT ["/init"] 427 | 428 | ### Add folders 429 | COPY install/ / 430 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2022 Dave Conroy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LICENSES/MIT: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2022 Dave Conroy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /install/assets/defaults/00-container: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | ### Set defaults 4 | CONTAINER_CUSTOM_PATH=${CONTAINER_CUSTOM_PATH:-"/assets/custom/"} 5 | CONTAINER_CUSTOM_SCRIPTS_PATH=${CONTAINER_CUSTOM_SCRIPTS_PATH:-"/assets/custom-scripts/"} 6 | CONTAINER_ENABLE_CUSTOM_BASH_PROMPT=${CONTAINER_ENABLE_CUSTOM_BASH_PROMPT:-"TRUE"} 7 | CONTAINER_ENABLE_DOCKER_SECRETS=${CONTAINER_ENABLE_DOCKER_SECRETS:-"TRUE"} 8 | CONTAINER_ENABLE_FAIL2BAN=${CONTAINER_ENABLE_FAIL2BAN:-"FALSE"} 9 | CONTAINER_ENABLE_FIREWALL=${CONTAINER_ENABLE_FIREWALL:-"FALSE"} 10 | CONTAINER_ENABLE_LOGROTATE=${CONTAINER_ENABLE_LOGROTATE:-"TRUE"} 11 | CONTAINER_ENABLE_LOGSHIPPING=${CONTAINER_ENABLE_LOGSHIPPING:-"FALSE"} 12 | CONTAINER_ENABLE_LOG_PREFIX=${CONTAINER_ENABLE_LOG_PREFIX:-"TRUE"} 13 | CONTAINER_ENABLE_MESSAGING=${CONTAINER_ENABLE_MESSAGING:-"TRUE"} 14 | CONTAINER_ENABLE_MONITORING=${CONTAINER_ENABLE_MONITORING:-"TRUE"} 15 | CONTAINER_ENABLE_PERMISSIONS=${CONTAINER_ENABLE_PERMISSIONS:-"TRUE"} 16 | CONTAINER_ENABLE_PROCESS_COUNTER=${CONTAINER_ENABLE_PROCESS_COUNTER:-"TRUE"} 17 | CONTAINER_ENABLE_PROCESS_HELPER=${CONTAINER_ENABLE_PROCESS_HELPER:-"TRUE"} 18 | CONTAINER_ENABLE_SCHEDULING=${CONTAINER_ENABLE_SCHEDULING:-"TRUE"} 19 | CONTAINER_FIREWALL_BACKEND=${CONTAINER_FIREWALL_BACKEND:-"iptables"} 20 | CONTAINER_LOGSHIPPING_BACKEND=${CONTAINER_LOGSHIPPING_BACKEND:-"fluent-bit"} 21 | CONTAINER_LOG_LEVEL=${CONTAINER_LOG_LEVEL:-"NOTICE"} 22 | CONTAINER_LOG_PREFIX_DATE_FMT=${CONTAINER_LOG_PREFIX_DATE_FMT:-"%Y-%m-%d"} 23 | CONTAINER_LOG_PREFIX_SEPERATOR=${CONTAINER_LOG_PREFIX_SEPERATOR:-"."} 24 | CONTAINER_LOG_PREFIX_TIME_FMT=${CONTAINER_LOG_PREFIX_TIME_FMT:-"%H:%M:%S"} 25 | CONTAINER_LOG_FILE_NAME=${CONTAINER_LOG_FILE_NAME:-"container.log"} 26 | CONTAINER_LOG_FILE_LEVEL=${CONTAINER_LOG_FILE_LEVEL:-"DEBUG"} 27 | CONTAINER_LOG_FILE_PATH=${CONTAINER_LOG_FILE_PATH:-"/var/log/container/"} 28 | CONTAINER_LOG_FILE_PREFIX_DATE_FMT=${CONTAINER_LOG_FILE_PREFIX_DATE_FMT:-"%Y-%m-%d"} 29 | CONTAINER_LOG_FILE_PREFIX_SEPERATOR=${CONTAINER_LOG_FILE_PREFIX_SEPERATOR:-"."} 30 | CONTAINER_LOG_FILE_PREFIX_TIME_FMT=${CONTAINER_LOG_FILE_PREFIX_TIME_FMT:-"%H:%M:%S"} 31 | CONTAINER_MESSAGING_BACKEND=${CONTAINER_MESSAGING_BACKEND:-"msmtp"} 32 | CONTAINER_MONITORING_BACKEND=${CONTAINER_MONITORING_BACKEND:-"zabbix"} 33 | CONTAINER_NAME=${CONTAINER_NAME:-"$(hostname)"} 34 | CONTAINER_PROCESS_HELPER_DATE_FMT=${CONTAINER_PROCESS_HELPER_DATE_FMT:-"%Y-%m-%d"} 35 | CONTAINER_PROCESS_HELPER_PATH=${CONTAINER_PROCESS_HELPER_PATH:-"/assets/container/processhelper/"} 36 | CONTAINER_PROCESS_HELPER_SCRIPT=${CONTAINER_PROCESS_HELPER_SCRIPT:-"processhelper.sh"} 37 | CONTAINER_PROCESS_HELPER_TIME_FMT=${CONTAINER_PROCESS_HELPER_TIME_FMT:-"%H:%M:%S"} 38 | CONTAINER_PROCESS_RUNAWAY_PROTECTOR=${CONTAINER_PROCESS_RUNAWAY_PROTECTOR:-"TRUE"} 39 | CONTAINER_PROCESS_RUNAWAY_DELAY=${CONTAINER_PROCESS_RUNAWAY_DELAY:-"1"} 40 | CONTAINER_PROCESS_RUNAWAY_LIMIT=${CONTAINER_PROCESS_RUNAWAY_LIMIT:-"50"} 41 | CONTAINER_PROCESS_RUNAWAY_SHOW_OUTPUT_FINAL=${CONTAINER_PROCESS_RUNAWAY_SHOW_OUTPUT_FINAL:-"TRUE"} 42 | CONTAINER_SCHEDULING_BACKEND=${CONTAINER_SCHEDULING_BACKEND:-"cron"} 43 | CONTAINER_SCHEDULING_LOCATION=${CONTAINER_SCHEDULING_LOCATION:-"/assets/cron/"} 44 | CONTAINER_SKIP_SANITY_CHECK=${CONTAINER_SKIP_SANITY_CHECK:-"FALSE"} 45 | DEBUG_MODE=${DEBUG_MODE:-"FALSE"} 46 | PROCESS_NAME=${PROCESS_NAME:-"container"} 47 | # shellcheck disable=SC2034 48 | SCRIPTPATH="$(cd "$(dirname "$0")" >/dev/null 2>&1 || exit ; pwd -P)" 49 | -------------------------------------------------------------------------------- /install/assets/defaults/02-permissions: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | DEBUG_PERMISSIONS=${DEBUG_PERMISSIONS:-"FALSE"} 4 | -------------------------------------------------------------------------------- /install/assets/defaults/03-monitoring: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | ZABBIX_AGENT_LOG_FILE=${ZABBIX_AGENT_LOG_FILE:-"zabbix_agentd.log"} 4 | ZABBIX_AGENT_LOG_PATH=${ZABBIX_AGENT_LOG_PATH:-"/var/log/zabbix/agent/"} 5 | ZABBIX_ALLOW_ROOT=${ZABBIX_ALLOW_ROOT:-"1"} 6 | ZABBIX_BUFFER_SEND=${ZABBIX_BUFFER_SEND:-"5"} 7 | ZABBIX_BUFFER_SIZE=${ZABBIX_BUFFER_SIZE:-"100"} 8 | ZABBIX_CERT_PATH=${ZABBIX_CERT_PATH:-"/etc/zabbix/certs/"} 9 | ZABBIX_CONFIG_FILE=${ZABBIX_CONFIG_FILE:-"zabbix_agentd.conf"} 10 | ZABBIX_CONFIG_PATH=${ZABBIX_CONFIG_PATH:-"/etc/zabbix/"} 11 | ZABBIX_DEBUGLEVEL=${ZABBIX_DEBUGLEVEL:-"1"} 12 | ZABBIX_ENABLE_AUTOREGISTER=${ZABBIX_ENABLE_AUTOREGISTER:-"TRUE"} 13 | ZABBIX_ENABLE_AUTOREGISTER_DNS=${ZABBIX_ENABLE_AUTOREGISTER_DNS:-"TRUE"} 14 | ZABBIX_HOSTNAME=${ZABBIX_HOSTNAME:-"${CONTAINER_NAME}"} 15 | ZABBIX_LISTEN_IP=${ZABBIX_LISTEN_IP:-"0.0.0.0"} 16 | ZABBIX_LISTEN_PORT=${ZABBIX_LISTEN_PORT:-"10050"} 17 | ZABBIX_LOG_FILE_SIZE=${ZABBIX_LOG_FILE_SIZE:-"0"} 18 | ZABBIX_MAXLINES_SECOND=${ZABBIX_MAXLINES_SECOND:-"20"} 19 | ZABBIX_PID=${ZABBIX_PID:-"/var/lib/zabbix/run/zabbix-agent.pid"} 20 | ZABBIX_REFRESH_ACTIVE_CHECKS=${ZABBIX_REFRESH_ACTIVE_CHECKS:-"120"} 21 | ZABBIX_REMOTECOMMANDS_ALLOW=${ZABBIX_REMOTECOMMANDS_ALLOW:-"*"} 22 | ZABBIX_REMOTECOMMANDS_LOG=${ZABBIX_REMOTECOMMANDS_LOG:-"1"} 23 | ZABBIX_SERVER=${ZABBIX_SERVER:-"0.0.0.0/0"} 24 | ZABBIX_SERVER_ACTIVE=${ZABBIX_SERVER_ACTIVE:-"zabbix-proxy"} 25 | ZABBIX_SETUP_TYPE=${ZABBIX_SETUP_TYPE:-"AUTO"} 26 | ZABBIX_SOCKET=${ZABBIX_SOCKET:-"/var/lib/zabbix/run/zabbix-agent.sock"} 27 | ZABBIX_START_AGENTS=${ZABBIX_START_AGENTS:-"1"} 28 | ZABBIX_STATUS_PORT=${ZABBIX_STATUS_PORT:-"8050"} 29 | ZABBIX_USER=${ZABBIX_USER:-"zabbix"} 30 | ZABBIX_USER_DOAS=${ZABBIX_USER_DOAS:-"TRUE"} 31 | ZABBIX_USER_SUDO=${ZABBIX_USER_SUDO:-"TRUE"} 32 | ZABBIX_AGENT_TIMEOUT=${ZABBIX_AGENT_TIMEOUT:-"3"} 33 | 34 | 35 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 36 | case ${os} in 37 | "alpine" ) 38 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 39 | if [ "${osver}" -ge 15 ] || [ "$osver" = "edge" ] ; then 40 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"modern"} 41 | else 42 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"classic"} 43 | fi 44 | ;; 45 | "debian" | "ubuntu" ) 46 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"modern"} 47 | ;; 48 | esac 49 | -------------------------------------------------------------------------------- /install/assets/defaults/04-scheduling: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | SCHEDULING_LOG_TYPE=${SCHEDULING_LOG_TYPE:-"FILE"} 4 | SCHEDULING_LOG_LOCATION=${SCHEDULING_LOG_LOCATION:-"/var/log/cron/"} 5 | SCHEDULING_LOG_LEVEL=${SCHEDULING_LOG_LEVEL:-"8"} -------------------------------------------------------------------------------- /install/assets/defaults/05-logging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | FLUENTBIT_CONFIG_PARSERS=${FLUENTBIT_CONFIG_PARSERS:-"parsers.conf"} 4 | FLUENTBIT_CONFIG_PLUGINS=${FLUENTBIT_CONFIG_PLUGINS:-"plugins.conf"} 5 | FLUENTBIT_ENABLE_HTTP_SERVER=${FLUENTBIT_ENABLE_HTTP_SERVER:-"TRUE"} 6 | FLUENTBIT_ENABLE_STORAGE_METRICS=${FLUENTBIT_ENABLE_STORAGE_METRICS:-"TRUE"} 7 | FLUENTBIT_FLUSH_SECONDS=${FLUENTBIT_FLUSH_SECONDS:-"1"} 8 | FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE=${FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE:-"1M"} 9 | FLUENTBIT_FORWARD_BUFFER_MAX_SIZE=${FLUENTBIT_FORWARD_BUFFER_MAX_SIZE:-"6M"} 10 | FLUENTBIT_FORWARD_PORT=${FLUENTBIT_FORWARD_PORT:-"24224"} 11 | FLUENTBIT_GRACE_SECONDS=${FLUENTBIT_GRACE_SECONDS:-"1"} 12 | FLUENTBIT_HTTP_LISTEN_IP=${FLUENTBIT_HTTP_LISTEN_IP:-"0.0.0.0"} 13 | FLUENTBIT_HTTP_LISTEN_PORT=${FLUENTBIT_HTTP_LISTEN_PORT:-"2020"} 14 | FLUENTBIT_LOG_FILE=${FLUENTBIT_LOG_FILE:-"fluentbit.log"} 15 | FLUENTBIT_LOG_LEVEL=${FLUENTBIT_LOG_LEVEL:-"info"} 16 | FLUENTBIT_LOG_PATH=${FLUENTBIT_LOG_PATH:-"/var/log/fluentbit/"} 17 | FLUENTBIT_MODE=${FLUENTBIT_MODE:-"NORMAL"} 18 | FLUENTBIT_OUTPUT=${FLUENTBIT_OUTPUT:-"FORWARD"} 19 | FLUENTBIT_OUTPUT_FORWARD_HOST=${FLUENTBIT_OUTPUT_FORWARD_HOST:-"fluent-proxy"} 20 | FLUENTBIT_OUTPUT_FORWARD_TLS=${FLUENTBIT_OUTPUT_FORWARD_TLS:-"FALSE"} 21 | FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY=${FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY:-"FALSE"} 22 | FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP=${FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP:-"gzip"} 23 | FLUENTBIT_OUTPUT_LOKI_HOST=${FLUENTBIT_OUTPUT_LOKI_HOST:-"loki"} 24 | FLUENTBIT_OUTPUT_LOKI_PORT=${FLUENTBIT_OUTPUT_LOKI_PORT:-"3100"} 25 | FLUENTBIT_OUTPUT_LOKI_TLS=${FLUENTBIT_OUTPUT_LOKI_TLS:-"FALSE"} 26 | FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY=${FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY:-"FALSE"} 27 | FLUENTBIT_SETUP_TYPE=${FLUENTBIT_SETUP_TYPE:-"AUTO"} 28 | FLUENTBIT_STORAGE_BACKLOG_LIMIT=${FLUENTBIT_STORAGE_BACKLOG_LIMIT:-"5M"} 29 | FLUENTBIT_STORAGE_CHECKSUM=${FLUENTBIT_STORAGE_CHECKSUM:-"FALSE"} 30 | FLUENTBIT_STORAGE_PATH=${FLUENTBIT_STORAGE_PATH:-"/tmp/fluentbit/storage"} 31 | FLUENTBIT_STORAGE_SYNC=${FLUENTBIT_STORAGE_SYNC:-"normal"} 32 | FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE=${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE:-"32k"} 33 | FLUENTBIT_TAIL_BUFFER_MAX_SIZE=${FLUENTBIT_TAIL_BUFFER_MAX_SIZE:-"32k"} 34 | FLUENTBIT_TAIL_READ_FROM_HEAD=${FLUENTBIT_TAIL_READ_FROM_HEAD:-"FALSE"} 35 | FLUENTBIT_TAIL_SKIP_EMPTY_LINES=${FLUENTBIT_TAIL_SKIP_EMPTY_LINES:-"TRUE"} 36 | FLUENTBIT_TAIL_SKIP_LONG_LINES=${FLUENTBIT_TAIL_SKIP_LONG_LINES:-"TRUE"} 37 | FLUENTBIT_TAIL_DB_ENABLE=${FLUENTBIT_TAIL_DB_ENABLE:-"TRUE"} 38 | FLUENTBIT_TAIL_DB_SYNC=${FLUENTBIT_TAIL_DB_SYNC:-"normal"} 39 | FLUENTBIT_TAIL_DB_LOCK=${FLUENTBIT_TAIL_DB_LOCK:-"TRUE"} 40 | FLUENTBIT_TAIL_DB_JOURNAL_MODE=${FLUENTBIT_TAIL_DB_JOURNAL_MODE:-"WAL"} 41 | FLUENTBIT_TAIL_KEY_PATH_ENABLE=${FLUENTBIT_TAIL_KEY_PATH_ENABLE:-"TRUE"} 42 | FLUENTBIT_TAIL_KEY_PATH=${FLUENTBIT_TAIL_KEY_PATH:-"filename"} 43 | FLUENTBIT_TAIL_KEY_OFFSET_ENABLE=${FLUENTBIT_TAIL_KEY_OFFSET_ENABLE:-"FALSE"} 44 | FLUENTBIT_TAIL_KEY_OFFSET=${FLUENTBIT_TAIL_KEY_OFFSET:-"offset"} 45 | 46 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in 47 | "3.5" | "3.8" ) LOGROTATE_COMPRESSION_TYPE="gzip" ;; 48 | *) LOGROTATE_COMPRESSION_TYPE=${LOGROTATE_COMPRESSION_TYPE:-"zstd"} ;; 49 | esac 50 | 51 | LOGROTATE_COMPRESSION_VALUE=${LOGROTATE_COMPRESSION_VALUE:-"8"} 52 | LOGROTATE_RETAIN_DAYS=${LOGROTATE_RETAIN_DAYS:-"7"} 53 | LOGSHIPPING_AUTO_CONFIG_LOGROTATE=${LOGSHIPPING_AUTO_CONFIG_LOGROTATE:-"TRUE"} 54 | -------------------------------------------------------------------------------- /install/assets/defaults/06-messaging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | SMTP_AUTO_FROM=${SMTP_AUTO_FROM:-"FALSE"} 4 | SMTP_DOMAIN=${SMTP_DOMAIN:-"${IMAGE_NAME}"} 5 | SMTP_HOST=${SMTP_HOST:-"postfix-relay"} 6 | SMTP_MAILDOMAIN=${SMTP_MAILDOMAIN:-"local"} 7 | SMTP_PORT=${SMTP_PORT:-"25"} 8 | SMTP_STARTTLS=${SMTP_STARTTLS:-"FALSE"} 9 | SMTP_TLS=${SMTP_TLS:-"FALSE"} 10 | SMTP_TLSCERTCHECK=${SMTP_TLSCERTCHECK:-"FALSE"} -------------------------------------------------------------------------------- /install/assets/defaults/07-firewall: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | IPTABLES_RULES_PATH=${IPTABLES_RULES_PATH:-"/assets/iptables/"} 4 | IPTABLES_RULES_FILE=${IPTABLES_RULES_FILE:-"iptables.rules"} 5 | FAIL2BAN_BACKEND=${FAIL2BAN_BACKEND:-"AUTO"} 6 | FAIL2BAN_CONFIG_PATH=${FAIL2BAN_CONFIG_PATH:-"/etc/fail2ban/"} 7 | FAIL2BAN_DB_FILE=${FAIL2BAN_DB_FILE:-"fail2ban.sqlite3"} 8 | FAIL2BAN_DB_PATH=${FAIL2BAN_DB_PATH:-"/data/fail2ban/"} 9 | FAIL2BAN_DB_PURGE_AGE=${FAIL2BAN_DB_PURGE_AGE:-"86400"} 10 | FAIL2BAN_DB_TYPE=${FAIL2BAN_DB_TYPE:-"MEMORY"} 11 | FAIL2BAN_IGNORE_IP=${FAIL2BAN_IGNORE_IP:-"127.0.0.1/8 ::1 172.16.0.0/12 192.168.0.0/24"} 12 | FAIL2BAN_IGNORE_SELF=${FAIL2BAN_IGNORE_SELF:-"TRUE"} 13 | FAIL2BAN_LOG_PATH=${FAIL2BAN_LOG_PATH:-"/var/log/fail2ban/"} 14 | FAIL2BAN_LOG_FILE=${FAIL2BAN_LOG_FILE:-"fail2ban.log"} 15 | FAIL2BAN_LOG_LEVEL=${FAIL2BAN_LOG_LEVEL:-"INFO"} 16 | FAIL2BAN_LOG_TYPE=${FAIL2BAN_LOG_TYPE:-"FILE"} 17 | FAIL2BAN_MAX_RETRY=${FAIL2BAN_MAX_RETRY:-"5"} 18 | FAIL2BAN_STARTUP_DELAY=${FAIL2BAN_STARTUP_DELAY:-"15"} 19 | FAIL2BAN_TIME_BAN=${FAIL2BAN_TIME_BAN:-"10m"} 20 | FAIL2BAN_TIME_FIND=${FAIL2BAN_TIME_FIND:-"10m"} 21 | FAIL2BAN_USE_DNS=${FAIL2BAN_USE_DNS:-"warn"} 22 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/00-startup: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | chmod -f -R 0755 /assets/{defaults,functions} > /dev/null 2>&1 4 | chmod -f -R 0755 /etc/{cont-init.d,cont-finish.d,services.available} > /dev/null 2>&1 5 | source /assets/functions/00-container 6 | output_off 7 | PROCESS_NAME="container-init" 8 | showoff 9 | 10 | # Clean OS logroate directory 11 | rm -rf /etc/logrotate.d/* 12 | mkdir -p /assets/logrotate 13 | 14 | mkdir -p "${CONTAINER_LOG_FILE_PATH}" 15 | touch "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 16 | echo "** Container Name: ${CONTAINER_NAME} - Commencing Logging" >> "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 17 | create_logrotate container "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 18 | 19 | ### Routine to check if container has been restarted or not 20 | if [ -d "/tmp/.container" ] ; then 21 | print_notice "Detected Container that has been restarted - Cleaning '/tmp/.container' files" 22 | rm -rf /tmp/.container/* 23 | rm -rf /etc/services.d/* 24 | echo "$(date +%s) $(date +'%Y-%m-%d %H:%M:%S %Z') - Warm restart detected" >> /tmp/.container/container-restart 25 | else 26 | print_debug "Cold Container startup detected - Proceeding to initialize services normally" 27 | mkdir -p /tmp/.container/ 28 | echo "$(date +%s) $(date +'%Y-%m-%d %H:%M:%S %Z') - Container started" >> /tmp/.container/container-startup 29 | fi 30 | 31 | print_debug "Adding shortcuts to .bashrc" 32 | cat <> /root/.bashrc 33 | source /assets/functions/00-container 34 | alias env='with-contenv env | sort' 35 | 36 | service_down() { 37 | case "\${1}" in 38 | all ) 39 | echo "** Disabling all services" 40 | for service in /var/run/s6/legacy-services/* ; do 41 | echo "** Disabling s6 service '\$(basename \${service})'" 42 | s6-svc -d /var/run/s6/legacy-services/\$(basename \${service}) 43 | done 44 | ;; 45 | * ) 46 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 47 | echo "** Disabling s6 service '\$1'" 48 | s6-svc -d /var/run/s6/legacy-services/\$1 49 | fi 50 | ;; 51 | esac 52 | } 53 | 54 | service_list() { 55 | ls -1 /var/run/s6/legacy-services 56 | } 57 | 58 | service_reset() { 59 | case "\${1}" in 60 | all ) 61 | echo "** Resetting all services" 62 | for service in /var/run/s6/legacy-services/* ; do 63 | echo "** Reset s6 service '\$(basename \${service})'" 64 | rm -rf /tmp/.container/\$(basename \${service}) 65 | #s6-svc -u /var/run/s6/legacy-services/\$(basename \${service}) 66 | done 67 | ;; 68 | * ) 69 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 70 | echo "** Reset s6 service '\$1'" 71 | rm -rf /tmp/.container/\$1 72 | fi 73 | ;; 74 | esac 75 | } 76 | 77 | service_up() { 78 | case "\${1}" in 79 | all ) 80 | echo "** Enabling all services" 81 | for service in /var/run/s6/legacy-services/* ; do 82 | echo "** Enabling s6 service '\$(basename \${service})'" 83 | s6-svc -u /var/run/s6/legacy-services/\$(basename \${service}) 84 | done 85 | ;; 86 | * ) 87 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 88 | echo "** Enabling s6 service '\$1'" 89 | s6-svc -u /var/run/s6/legacy-services/\$1 90 | fi 91 | ;; 92 | esac 93 | } 94 | 95 | EOF 96 | 97 | ## Show last changelog version and details of current running image 98 | if [ -f "/assets/.changelogs/${IMAGE_NAME/\//_}.md" ] ; then 99 | changelogname="/assets/.changelogs/${IMAGE_NAME/\//_}.md" 100 | elif [ -f /assets/.changelogs/docker-${IMAGE_NAME/\//_}.md ] ; then 101 | changelogname="/assets/.changelogs/docker-${IMAGE_NAME/\//_}.md" 102 | else 103 | if [ -f /assets/.changelogs/tiredofit_docker-${IMAGE_NAME/\//_}.md ] ; then 104 | changelogname="/assets/.changelogs/tiredofit_docker-${IMAGE_NAME/\//_}.md" 105 | else 106 | strip_image_repo_url=$(echo ${IMAGE_REPO_URL%/} | sed "s#https://github.com/##g") 107 | if [ -f /assets/.changelogs/${strip_image_repo_url/\//_}.md ] ; then 108 | changelogname="/assets/.changelogs/${strip_image_repo_url/\//_}.md" 109 | fi 110 | fi 111 | fi 112 | 113 | ## Add Support to list all Changelogs known of all base images 114 | if [ -d "/assets/.changelogs" ] ; then 115 | cat <> /root/.bashrc 116 | image_version() { 117 | for clname in /assets/.changelogs/* ; do 118 | version=\$(head -n 1 \$clname | awk '{print \$2}') 119 | echo \"Image: $(basename \$clname) \$version\" 120 | done 121 | } 122 | 123 | EOF 124 | fi 125 | 126 | if [ -z "${changelogname// }" ] ; then 127 | print_debug "Not adding 'changelog' command to .bashrc as I can't detect what changelog it is" 128 | echo "image_changelog() { echo '** Sorry - I do not know what image this is. Check if there are changelogs in /assets/.changelogs';}" >> /root/.bashrc 129 | else 130 | print_debug "Adding 'changelog' command to .bashrc" 131 | echo "image_changelog() { echo \"** Showing the most recent version entry changelog for ${IMAGE_NAME} - See more at /assets/.changelogs\" ; awk '/^##/{p++} p==2{print; exit} p>=1' $changelogname | sed '\$d' ;}" >> /root/.bashrc 132 | fi 133 | 134 | ## Rewrite Bash Prompt 135 | if [ -n "${CONTAINER_CUSTOM_BASH_PROMPT}" ] ; then 136 | bash_prompt=${CONTAINER_CUSTOM_BASH_PROMPT} 137 | else 138 | image_version=$(get_image_version) 139 | if [ ! -z "${image_version// }" ] ; then 140 | bash_ver=":${image_version}" 141 | fi 142 | bash_prompt="[${IMAGE_NAME}${bash_ver} \\t \\w] $ " 143 | fi 144 | 145 | echo "export PS1=\"${bash_prompt/ /}\"" >> /root/.bashrc 146 | 147 | ## Add helper for reading compressed files 148 | cat <> /root/.bashrc 149 | zcat () { 150 | if [ -f "\$@" ] ; then 151 | case "\$@" in 152 | *.zst* ) $(which zstdcat) "\$@" ;; 153 | *.bz*) $(which zcat) "\$@" ;; 154 | *.gz*) $(which zcat) "\$@" ;; 155 | *.xz) $(which zcat) "\$@" ;; 156 | esac 157 | else 158 | echo "'\$@' is not a valid file!" 159 | fi 160 | } 161 | EOF 162 | 163 | host_override 164 | liftoff 165 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/01-timezone: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | PROCESS_NAME="timezone" 6 | 7 | ### Timezone setup 8 | if [ -n "${TIMEZONE}" ]; then 9 | set_timezone "${TIMEZONE}" 10 | fi 11 | 12 | liftoff 13 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/02-permissions: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | # shellcheck disable=SC2034 6 | PROCESS_NAME="permissions" 7 | 8 | ## Legacy 9 | if var_true "${ENABLE_PERMISSIONS}" ; then 10 | CONTAINER_ENABLE_PERMISSIONS=TRUE 11 | elif var_false "${ENABLE_PERMISSIONS}" ; then 12 | CONTAINER_ENABLE_PERMISSIONS=FALSE 13 | fi 14 | ## 15 | 16 | if var_true "${DEBUG_PERMISSIONS}" ; then 17 | CONTAINER_LOG_LEVEL="DEBUG" 18 | fi 19 | 20 | ### Enable or Disable permissions 21 | if var_true "${CONTAINER_ENABLE_PERMISSIONS}" ; then 22 | print_debug "Enabling permissions features" 23 | 24 | # change uid in /etc/passwd with the ones defined in Docker's environment settings 25 | unames="$(set -o posix ; set | sort | grep -e '^USER_' | sed "s|^USER_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n') " 26 | unames+="$(set -o posix ; set | sort | grep -e '^CONTAINER_USER_' | sed "s|^CONTAINER_USER_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n')" 27 | 28 | for upair in $unames; do 29 | uname=$(echo "${upair}" | cut -d = -f 1) 30 | uid=$(echo "${upair}" | cut -d = -f 2) 31 | if grep -e "^${uname}" /etc/passwd > /dev/null; then 32 | _userexists=true 33 | elif grep -e "^${uname/_/-}" /etc/passwd > /dev/null; then 34 | _userexists=true 35 | uname=${uname/_/-} 36 | fi 37 | if [ "${_userexists}" = true ] ; then 38 | ouid=$(grep -e "^${uname}" /etc/passwd | awk -F: '{print $3}') 39 | 40 | print_debug "Changing user '${u}' to uid '${uid}' from '${ouid}'" 41 | sed -i "s|${uname}:x:${ouid}:|${uname}:x:${uid}:|g" /etc/passwd 42 | fi 43 | done 44 | 45 | # Change gid in /etc/group and /etc/passwd with the ones defined in Docker's environment settings 46 | groups="$(set -o posix ; set | sort | grep -e '^GROUP_' | sed "s|^GROUP_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | sed '/add_.*/d' ) " 47 | groups+="$(set -o posix ; set | sort | grep -e '^CONTAINER_GROUP_' | sed "s|^CONTAINER_GROUP_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | sed '/add_.*/d' ) " 48 | 49 | for gpair in $groups; do 50 | gname=$(echo "${gpair}" | cut -d = -f 1) 51 | gid=$(echo "${gpair}" | cut -d = -f 2) 52 | if grep -e "^${gname}" /etc/group > /dev/null; then 53 | _groupexists=true 54 | elif grep -e "^${gname/_/-}" /etc/group > /dev/null; then 55 | _groupexists=true 56 | gname=${gname/_/-} 57 | fi 58 | 59 | if [ "${_groupexists}" = true ] ; then 60 | opgid=$(grep -e "^${gname}" /etc/passwd | awk -F: '{print $4}') 61 | og=$(grep -e "^${gname}" /etc/group | awk -F: '{print $1}') 62 | oggid=$(grep -e "^${gname}" /etc/group | awk -F: '{print $3}') 63 | print_debug "Changing group '${gname}' to gid '${gid}' from '${oggid}'" 64 | sed -i "s|\(.*\):\(.*\):\(.*\):${opgid}:|\1:\2:\3:${gid}:|g" /etc/passwd 65 | sed -i "s|${og}:x:${oggid}|${og}:x:${gid}|g" /etc/group 66 | fi 67 | done 68 | 69 | # Add users defined in Docker's environment settings to groups in /etc/group 70 | groupsadd="$(set -o posix ; set | sort | grep -e '^GROUP_ADD_' | sed 's|^GROUP_ADD_||g' | tr '[:upper:]' '[:lower:]' ) " 71 | groupsadd+="$(set -o posix ; set | sort | grep -e '^CONTAINER_GROUP_ADD_' | sed 's|^CONTAINER_GROUP_ADD_||g' | tr '[:upper:]' '[:lower:]' )" 72 | 73 | for gapair in $groupsadd; do 74 | gname=$(echo "${gapair}" | cut -d = -f1 ) 75 | if grep -e "^${gname}" /etc/group > /dev/null; then 76 | _groupexists=true 77 | elif grep -e "^${gname/_/-}" /etc/group > /dev/null; then 78 | _groupexists=true 79 | gname=${gname/_/-} 80 | fi 81 | 82 | if [ "${_groupexists}" = true ] ; then 83 | uta=$(echo ${gapair} | cut -d = -f2 | tr ',' '\n') 84 | for userstogroup in ${uta} ; do 85 | print_debug "Adding user '${userstogroup}' to '${gname}'" 86 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 87 | case ${os,,} in 88 | "alpine" ) 89 | silent addgroup ${userstogroup} ${gname} 90 | ;; 91 | "debian" | "ubuntu" ) 92 | silent usermod -a -G ${gname} ${userstogroup} 93 | ;; 94 | esac 95 | done 96 | fi 97 | done 98 | fi 99 | 100 | liftoff 101 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/03-monitoring: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | PROCESS_NAME="monitoring" 7 | 8 | ## Legacy 9 | if var_false "${ENABLE_ZABBIX}"; then CONTAINER_ENABLE_MONITORING=FALSE ; fi 10 | if var_true "${ENABLE_ZABBIX}"; then 11 | CONTAINER_ENABLE_MONITORING=TRUE 12 | CONTAINER_MONITORING_BACKEND=zabbix 13 | fi 14 | ## 15 | 16 | if var_true "${CONTAINER_ENABLE_MONITORING}" ; then 17 | case "${CONTAINER_MONITORING_BACKEND,,}" in 18 | "zabbix" ) 19 | print_debug "Using Zabbix Backend" 20 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 21 | if var_true "${DEBUG_MODE}" ; then 22 | ZABBIX_DEBUGLEVEL=4 23 | fi 24 | 25 | if var_true "${ZABBIX_USER_SUDO}" ; then 26 | grant_sudo zabbix 27 | fi 28 | 29 | if var_true "${ZABBIX_USER_DOAS}" ; then 30 | grant_doas zabbix 31 | fi 32 | 33 | if [ -n "${ZABBIX_ENCRYPT_PSK_ID}" ] || [ -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] || [ -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] ; then 34 | transform_file_var \ 35 | ZABBIX_ENCRYPT_PSK_ID \ 36 | ZABBIX_ENCRYPT_PSK_KEY 37 | 38 | print_debug "Zabbix Agent - Using PSK Encryption" 39 | if [ ! -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] && [ ! -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] ; then 40 | print_error "You've selected Zabbix Agent PSK Encryption but haven't supplied a file or a Key!" 41 | exit 1 42 | fi 43 | 44 | if [ ! -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] && [ -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] ; then 45 | print_debug "Zabbix Agent - Only have PSK via ENV Var (Automated creation of file)" 46 | # libressl/openssl rand -hex 32 = 256bit 47 | mkdir -p "${ZABBIX_CERT_PATH}" 48 | ZABBIX_ENCRYPT_PSK_FILE="zabbix_agent.psk" 49 | echo "${ZABBIX_ENCRYPT_PSK_KEY}" > "${ZABBIX_CERT_PATH}"/"${ZABBIX_ENCRYPT_PSK_FILE}" 50 | fi 51 | 52 | chmod -f 0600 "${ZABBIX_CERT_PATH}"/"${ZABBIX_ENCRYPT_PSK_FILE}" 53 | chown -f -R "${ZABBIX_USER}" "${ZABBIX_CERT_PATH}" 54 | tls_psk=$(cat< "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 70 | # Custom Generated Zabbix Agent configuration for version 1. If you want to use your own config set 'ZABBIX_SETUP_TYPE=MANUAL' 71 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 72 | 73 | AllowKey=system.run[${ZABBIX_REMOTECOMMANDS_ALLOW}] 74 | AllowRoot=${ZABBIX_ALLOW_ROOT} 75 | BufferSend=${ZABBIX_BUFFER_SEND} 76 | BufferSize=${ZABBIX_BUFFER_SIZE} 77 | DebugLevel=${ZABBIX_DEBUGLEVEL} 78 | Hostname=${ZABBIX_HOSTNAME} 79 | ListenIP=${ZABBIX_LISTEN_IP} 80 | ListenPort=${ZABBIX_LISTEN_PORT} 81 | LogFile=${ZABBIX_AGENT_LOG_PATH}/${ZABBIX_AGENT_LOG_FILE} 82 | LogFileSize=${ZABBIX_LOG_FILE_SIZE} 83 | LogRemoteCommands=${ZABBIX_REMOTECOMMANDS_LOG} 84 | MaxLinesPerSecond=${ZABBIX_MAXLINES_SECOND} 85 | Timeout=${ZABBIX_AGENT_TIMEOUT} 86 | PidFile=${ZABBIX_PID} 87 | RefreshActiveChecks=${ZABBIX_REFRESH_ACTIVE_CHECKS} 88 | Server=${ZABBIX_SERVER} 89 | ServerActive=${ZABBIX_SERVER_ACTIVE} 90 | StartAgents=${ZABBIX_START_AGENTS} 91 | User=${ZABBIX_USER} 92 | ${tls_psk} 93 | Include=${ZABBIX_CONFIG_PATH}/${ZABBIX_CONFIG_FILE}.d/*.conf 94 | EOF 95 | else 96 | print_debug "Skipping Configuring Zabbix classic Agent" 97 | fi 98 | ;; 99 | "2" | "m" | "n" | "modern" | "new" ) 100 | case ${os} in 101 | "alpine" ) 102 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 103 | if [ "${osver}" -ge 11 ] || [ "$osver" = "edge" ] || [ "$osver" = "17*" ]; then 104 | print_debug "We are using newer than Alpine 3.11 to be able to use the Zabbix Modern client.." 105 | else 106 | print_error "Sorry, Modern version not available for this images version (Alpine 3.11 + only)" 107 | exit 1 108 | fi 109 | ;; 110 | esac 111 | logship_version="modern" 112 | if [ "${ZABBIX_SETUP_TYPE,,}" = "auto" ] ; then 113 | print_debug "Configuring Zabbix modern Agent" 114 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 115 | # Custom Generated Zabbix Agent configuration for version 2 If you want to use your own config set 'ZABBIX_SETUP_TYPE=MANUAL' 116 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 117 | 118 | AllowKey=system.run[${ZABBIX_REMOTECOMMANDS_ALLOW}] 119 | BufferSend=${ZABBIX_BUFFER_SEND} 120 | BufferSize=${ZABBIX_BUFFER_SIZE} 121 | ControlSocket=${ZABBIX_SOCKET} 122 | DebugLevel=${ZABBIX_DEBUGLEVEL} 123 | Hostname=${ZABBIX_HOSTNAME} 124 | ListenPort=${ZABBIX_LISTEN_PORT} 125 | LogFile=${ZABBIX_AGENT_LOG_PATH}/${ZABBIX_AGENT_LOG_FILE} 126 | LogFileSize=${ZABBIX_LOG_FILE_SIZE} 127 | RefreshActiveChecks=${ZABBIX_REFRESH_ACTIVE_CHECKS} 128 | Server=${ZABBIX_SERVER} 129 | ServerActive=${ZABBIX_SERVER_ACTIVE} 130 | StatusPort=${ZABBIX_STATUS_PORT} 131 | Timeout=${ZABBIX_AGENT_TIMEOUT} 132 | PidFile=${ZABBIX_PID} 133 | ${tls_psk} 134 | Include=${ZABBIX_CONFIG_PATH}/${ZABBIX_CONFIG_FILE}.d/*.conf 135 | EOF 136 | else 137 | print_debug "Skipping Configuring Zabbix modern Agent" 138 | fi 139 | ;; 140 | esac 141 | 142 | if [ -n "${ZABBIX_REMOTECOMMANDS_DENY}" ]; then 143 | echo "DenyKey=system.run[${ZABBIX_REMOTECOMMANDS_DENY}]" >> "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 144 | fi 145 | 146 | print_debug "Zabbix Agent - Generating Collection Configuration" 147 | case ${os} in 148 | "alpine" ) 149 | updated_packages="UserParameter=packages.upgradable,doas apk update >/dev/null && apk version | sed '/Installed/d' | wc -l" 150 | ;; 151 | "debian" | "ubuntu" ) 152 | updated_packages="UserParameter=packages.upgradable,doas apt-get update >/dev/null && doas aptitude search '~U' | wc -l" 153 | ;; 154 | esac 155 | 156 | mkdir -p "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d 157 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-container_agent.conf 158 | # Zabbix Container Agent Configuration - Automatically Generated based on Operating System 159 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 160 | # Autoregister=toica 161 | 162 | ## Report on Container OS 163 | UserParameter=agent.os,grep "PRETTY_NAME" /etc/os-release | cut -d '"' -f2 164 | 165 | ## Report on packages that are available to be upgraded 166 | ${updated_packages} 167 | EOF 168 | 169 | mkdir -p "${ZABBIX_AGENT_LOG_PATH}" 170 | chown -R "${ZABBIX_USER}":root "${ZABBIX_AGENT_LOG_PATH}" 171 | chown -R "${ZABBIX_USER}":root "${ZABBIX_CONFIG_PATH}" 172 | chown -R "${ZABBIX_USER}":root /var/lib/zabbix 173 | chmod 775 "${ZABBIX_CONFIG_PATH}" 174 | create_logrotate zabbix-agent "${ZABBIX_AGENT_LOG_PATH}"/"${ZABBIX_AGENT_LOG_FILE}" zabbix-agent-${logship_version} "${ZABBIX_USER}" root 175 | print_notice "Container configured for monitoring with '${CONTAINER_MONITORING_BACKEND} ${ZABBIX_AGENT_TYPE}'" 176 | ;; 177 | * ) 178 | print_error "Unknown Monitoring Backend" 179 | exit 1 180 | ;; 181 | esac 182 | else 183 | service_stop "$(basename "$0")" 184 | fi 185 | 186 | liftoff 187 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/04-scheduling: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | PROCESS_NAME="scheduling" 7 | 8 | ## Legacy 9 | if var_false "${ENABLE_CRON}" ; then CONTAINER_ENABLE_SCHEDULING=FALSE ; fi 10 | if var_true "${ENABLE_CRON}" ; then 11 | CONTAINER_ENABLE_SCHEDULING=TRUE 12 | CONTAINER_SCHEDULING_BACKEND="cron" 13 | fi 14 | ## 15 | 16 | # this is where we want to scan for every crontab env var and write it to its own file and leave a note where it came from or if it was part of system variables 17 | ## in the services available section is where we will parse the actual folder and then prepare the crontab right away. might need to update the bash alias to reload cron easy 18 | if var_false "${CONTAINER_ENABLE_SCHEDULING}" ; then 19 | print_debug "Disabling Scheduling" 20 | service_stop "$(basename "$0")" 21 | else 22 | case "${CONTAINER_SCHEDULING_BACKEND,,}" in 23 | "cron" ) 24 | mkdir -p /tmp/.container/cron 25 | 26 | if [ "${SCHEDULING_LOG_TYPE,,}" = "file" ] ; then 27 | mkdir -p "${SCHEDULING_LOG_LOCATION}" 28 | touch "${SCHEDULING_LOG_LOCATION}"/cron.log 29 | create_logrotate cron "${SCHEDULING_LOG_LOCATION}"/cron.log 30 | fi 31 | 32 | if [ ! -d "${CONTAINER_SCHEDULING_LOCATION}" ]; then mkdir -p "${CONTAINER_SCHEDULING_LOCATION}" ; fi 33 | ## Docker Build and Runtime overrides 34 | cronenv=$(mktemp) 35 | set -o posix; set -f ; set | grep -E '^CRON_'| sed "s|CRON_||g" > ${cronenv} 36 | sed -i "/^PERIOD/d" "${cronenv}" 37 | while IFS= read -r cron_entry; do 38 | schedule_title="$(echo ${cron_entry} | cut -d = -f1 | tr '[:upper:]' '[:lower:]' )" 39 | schedule_value="$(echo ${cron_entry} | cut -d = -f2 )" 40 | schedule_value="$(echo ${schedule_value:1:-1})" 41 | if var_false "${schedule_value}" ; then 42 | print_debug "Disabling ${schedule_title} scheduled task" 43 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title}" 44 | # Nulled execution of command generated by Environment Variable defined in Image build, or Runtime argument 45 | # Entered Value: ${schedule} 46 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 47 | EOF 48 | else 49 | print_debug "Adding ${schedule_title} with to be parsed by ${CONTAINER_SCHEDULING_BACKEND}" 50 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title}" 51 | # Scheduled execution of command created automatically generated by Environment Variable defined in Image build, or Runtime argument 52 | # Entered Value: ${schedule} 53 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 54 | 55 | ${schedule_value} 56 | EOF 57 | fi 58 | done < ${cronenv} 59 | rm -rf $cronenv 60 | set +f 61 | unset cronenv schedules cron_entry schedule_value schedule_title 62 | unset "${!CRON_@}" 63 | 64 | ## Defaults 65 | for d in /assets/defaults/* ; do 66 | if [ "$d" != "/assets/defaults/00-container" ] ; then 67 | # shellcheck source=/assets/defaults/ 68 | output_off 69 | source $d 70 | output_on 71 | cronenv=$(mktemp) 72 | set -o posix; set -f ; set | grep -E '^CRON_'| sed "s|CRON_||g" > "${cronenv}" 73 | sed -i "/^PERIOD/d" "${cronenv}" 74 | while IFS= read -r cron_entry; do 75 | schedule_title="$(echo ${cron_entry} | cut -d = -f1 | tr '[:upper:]' '[:lower:]')" 76 | schedule_value="$(echo ${cron_entry} | cut -d = -f2 )" 77 | schedule_value="$(echo ${schedule_value:1:-1})" 78 | if [ ! -f "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title,,}" ] ; then 79 | print_debug "Adding $schedule_title with value $schedule_value to crontab" 80 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title,,}" 81 | # Scheduled execution of command taken from default file: '${d}' 82 | # Entered Value: ${schedule} 83 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 84 | 85 | ${schedule_value} 86 | EOF 87 | else 88 | print_debug "Skipping adding '${schedule_title}' as it already exists" 89 | fi 90 | done < "${cronenv}" 91 | rm -rf $cronenv 92 | set +f 93 | unset cronenv schedules cron_entry schedule_value schedule_title 94 | unset "${!CRON_@}" 95 | fi 96 | done 97 | print_notice "Container configured for scheduled tasks with 'cron'" 98 | ;; 99 | *) 100 | print_error "Unknown Scheduling Backend" 101 | exit 1 102 | ;; 103 | esac 104 | fi 105 | 106 | liftoff 107 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/05-logging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service 6 | PROCESS_NAME="logging" 7 | 8 | if var_true "${CONTAINER_ENABLE_LOGROTATE}" ; then 9 | print_debug "Enabling log rotation" 10 | case "${LOGROTATE_COMPRESSION_TYPE,,}" in 11 | bz* ) 12 | logrotate_compression=$(cat< /etc/logrotate.conf 44 | daily 45 | rotate ${LOGROTATE_RETAIN_DAYS} 46 | copytruncate 47 | dateext 48 | nomail 49 | notifempty 50 | ${logrotate_compression} 51 | include /etc/logrotate.d 52 | EOF 53 | 54 | chmod 0744 /etc/logrotate.conf 55 | mkdir -p "${CONTAINER_SCHEDULING_LOCATION}" 56 | cat < "${CONTAINER_SCHEDULING_LOCATION}"/logrotate 57 | # Hardcoded in image in /etc/cont-init.d/$(basename "$0") 58 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 59 | 60 | 59 23 * * * logrotate -f /etc/logrotate.conf >/dev/null 2>&1 61 | EOF 62 | fi 63 | 64 | if var_false "${CONTAINER_ENABLE_LOGSHIPPING}" ; then 65 | service_stop "$(basename "$0")" 66 | else 67 | case "${CONTAINER_LOGSHIPPING_BACKEND,,}" in 68 | "fluent-bit" | "fluentbit" ) 69 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 70 | case ${os,,} in 71 | "alpine" ) 72 | archit="$(apk --print-arch)" 73 | case "$archit" in 74 | x86_64) 75 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 76 | if [ "${osver}" -ge 11 ] || [ "$osver" = "edge" ] || [ "$osver" = "17*" ]; then 77 | : 78 | else 79 | print_error "Sorry this functionality is not available on < Alpine 3.11 releases" 80 | service_stop "$(basename "$0")" 81 | liftoff 82 | exit 0 83 | fi 84 | ;; 85 | *) 86 | print_error "Sorry this functionality is not available on ${archit} architecture" 87 | service_stop "$(basename "$0")" 88 | liftoff 89 | exit 90 | ;; 91 | esac 92 | ;; 93 | "debian" | "ubuntu" ) 94 | archit=$(dpkg --print-architecture) && \ 95 | case "$archit" in \ 96 | amd64) 97 | : 98 | ;; 99 | *) 100 | print_error "Sorry this functionality is not available on ${archit} architecture" 101 | service_stop "$(basename "$0")" 102 | liftoff 103 | exit 104 | ;; 105 | esac 106 | ;; 107 | esac 108 | 109 | if [ "${FLUENTBIT_SETUP_TYPE,,}" = "auto" ] ; then 110 | print_debug "[logship] Configuring Fluent-bit agent" 111 | truefalse_onoff FLUENTBIT_ENABLE_HTTP_SERVER 112 | truefalse_onoff FLUENTBIT_ENABLE_STORAGE_METRICS 113 | truefalse_onoff FLUENTBIT_STORAGE_CHECKSUM 114 | mkdir -p "${FLUENTBIT_STORAGE_PATH}" 115 | mkdir -p "${FLUENTBIT_LOG_PATH}" 116 | mkdir -p /etc/fluent-bit/conf.d 117 | cat < /etc/fluent-bit/conf.d/do_not_delete.conf 118 | # Don't delete this configuration file otherwise execution of fluent-bit will fail. It will not affect operation of your system or impact resources 119 | [INPUT] 120 | Name dummy 121 | Tag ignore 122 | 123 | [FILTER] 124 | Name grep 125 | Match ignore 126 | regex ignore ignore 127 | 128 | [OUTPUT] 129 | Name NULL 130 | Match ignore 131 | EOF 132 | 133 | if [ "$(ls -A /etc/fluent-bit/parsers.d/)" ]; then 134 | shopt -s nullglob 135 | for custom_parser in /etc/fluent-bit/parsers.d/*.conf ; do 136 | print_debug "[logship] Found additional parser for '$(echo "${custom_parser,,}" | sed "s|.conf||g")'" 137 | additional_parsers=$(echo "${additional_parsers}" ; cat< /etc/fluent-bit/fluent-bit.conf 146 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 147 | 148 | @INCLUDE conf.d/*.conf 149 | [SERVICE] 150 | daemon Off 151 | flush ${FLUENTBIT_FLUSH_SECONDS} 152 | grace ${FLUENTBIT_GRACE_SECONDS} 153 | http_listen ${FLUENTBIT_HTTP_LISTEN_IP} 154 | http_port ${FLUENTBIT_HTTP_LISTEN_PORT} 155 | http_server ${FLUENTBIT_ENABLE_HTTP_SERVER} 156 | log_file ${FLUENTBIT_LOG_PATH}/${FLUENTBIT_LOG_FILE} 157 | log_level ${FLUENTBIT_LOG_LEVEL} 158 | plugins_file ${FLUENTBIT_CONFIG_PLUGINS} 159 | storage.backlog.mem_limit ${FLUENTBIT_STORAGE_BACKLOG_LIMIT} 160 | storage.checksum ${FLUENTBIT_STORAGE_CHECKSUM} 161 | storage.metrics ${FLUENTBIT_ENABLE_STORAGE_METRICS} 162 | storage.path ${FLUENTBIT_STORAGE_PATH} 163 | storage.sync ${FLUENTBIT_STORAGE_SYNC} 164 | parsers_file ${FLUENTBIT_CONFIG_PARSERS} 165 | ${additional_parsers} 166 | EOF 167 | 168 | ##### Input Plugins 169 | case "${FLUENTBIT_MODE,,}" in 170 | "normal" ) 171 | print_debug "[logship] Configuring Fluent-Bit for Normal/Client mode" 172 | 173 | ### Config Setup 174 | if var_true "${FLUENTBIT_TAIL_KEY_PATH_ENABLE}" ; then 175 | tail_key_path=" Path_Key ${FLUENTBIT_TAIL_KEY_PATH}" 176 | fi 177 | 178 | if var_true "${FLUENTBIT_TAIL_KEY_OFFSET_ENABLE}" ; then 179 | tail_key_offset=" Offset_Key ${FLUENTBIT_TAIL_KEY_OFFSET}" 180 | fi 181 | 182 | if [ -n "${FLUENTBIT_TAIL_IGNORE_OLDER}" ] ; then 183 | tail_ignore_older=" Ignore_Older ${FLUENTBIT_TAIL_IGNORE_OLDER}" 184 | fi 185 | 186 | truefalse_onoff FLUENTBIT_TAIL_SKIP_EMPTY_LINES 187 | truefalse_onoff FLUENTBIT_TAIL_SKIP_LONG_LINES 188 | 189 | #### Override by Environment Variables 190 | logshipenv=$(mktemp) 191 | set -o posix; set -f ; set | grep -E '^LOGSHIP_'| sed "s|LOGSHIP_||g" > "${logshipenv}" 192 | while IFS= read -r logship_entry; do 193 | logship_title="$(echo "${logship_entry}" | cut -d = -f1 | tr '[:upper:]' '[:lower:]' )" 194 | logship_value="$(echo "${logship_entry}" | cut -d = -f2 )" 195 | logship_value="$(echo "${logship_value:1:-1}")" 196 | if var_false "${logship_value}" ; then 197 | print_debug "[logship] Disabling ${logship_title} Log Shipping" 198 | cat < "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 199 | # Nulled Log Monitoring of ${logship_title} generated by Environment Variable defined in Image build, or Runtime argument 200 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 201 | EOF 202 | if [ -f "/assets/logrotate/${logship_title,,}" ] ; then 203 | print_debug "[logship] Setting Logrotate value to skip for /assets/logrotate/${logship_title,,}" 204 | sed -i "# logship: .*|# logship: ignore" 205 | fi 206 | else 207 | print_debug "[logship] Adding ${logship_title} with to be parsed by ${CONTAINER_LOGSHIPPING_BACKEND}" 208 | if var_true "${FLUENTBIT_TAIL_DB_ENABLE}" ; then 209 | tail_db=$(cat< "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 218 | # Log File Monitoring created automatically generated by Environment Variable defined in Image build, or Runtime argument 219 | # Entered Value: ${logship_value} 220 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 221 | 222 | [INPUT] 223 | Name tail 224 | Path ${logship_value} 225 | Tag ${logship_title,,} 226 | Buffer_Chunk_Size ${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE} 227 | Buffer_Max_Size ${FLUENTBIT_TAIL_BUFFER_MAX_SIZE} 228 | Read_from_Head ${FLUENTBIT_TAIL_READ_FROM_HEAD} 229 | Skip_Empty_Lines ${FLUENTBIT_TAIL_SKIP_EMPTY_LINES} 230 | Skip_Long_Lines ${FLUENTBIT_TAIL_SKIP_LONG_LINES} 231 | ${tail_key_path} 232 | ${tail_db} 233 | ${tail_ignore_older} 234 | ${tail_key_offset} 235 | 236 | [FILTER] 237 | Name record_modifier 238 | Match ${logship_title,,} 239 | Record hostname $(hostname) 240 | Record container_name ${CONTAINER_NAME} 241 | Record product ${logship_title,,} 242 | 243 | EOF 244 | fi 245 | done < "${logshipenv}" 246 | rm -rf "$logshipenv" 247 | set +f 248 | unset logshipenv logship_entry logship_value logship_title db 249 | unset "${!LOGSHIP_@}" 250 | 251 | ## Defaults 252 | for d in /assets/defaults/* ; do 253 | if [ "$d" != "/assets/defaults/00-container" ] ; then 254 | # shellcheck source=/assets/defaults/ 255 | source "$d" 256 | logshipenv=$(mktemp) 257 | set -o posix; set -f ; set | grep -E '^LOGSHIP_'| sed "s|LOGSHIP_||g" > "${logshipenv}" 258 | while IFS= read -r logship_entry; do 259 | logship_title="$(echo "${logship_entry}" | cut -d = -f1 | tr '[:upper:]' '[:lower:]')" 260 | logship_value="$(echo "${logship_entry}" | cut -d = -f2 )" 261 | logship_value="$(echo "${logship_value:1:-1}")" 262 | 263 | if var_true "${FLUENTBIT_TAIL_DB_ENABLE}" ; then 264 | tail_db=$(cat< "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 275 | # Log File Shipping created automatically generated by reading through defaults in /assets/defaults/* 276 | # Entered Value: ${logship_value} 277 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 278 | 279 | [INPUT] 280 | Name tail 281 | Path ${logship_value} 282 | Tag ${CONTAINER_NAME}_${logship_title,,} 283 | Buffer_Chunk_Size ${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE} 284 | Buffer_Max_Size ${FLUENTBIT_TAIL_BUFFER_MAX_SIZE} 285 | Read_from_Head ${FLUENTBIT_TAIL_READ_FROM_HEAD} 286 | Skip_Empty_Lines ${FLUENTBIT_TAIL_SKIP_EMPTY_LINES} 287 | Skip_Long_Lines ${FLUENTBIT_TAIL_SKIP_LONG_LINES} 288 | ${tail_key_path} 289 | ${tail_db} 290 | ${tail_ignore_older} 291 | ${tail_key_offset} 292 | EOF 293 | else 294 | print_debug "[logship] Skipping adding ${logship_title} as it already exists" 295 | fi 296 | done < "${logshipenv}" 297 | rm -rf "$logshipenv" 298 | set +f 299 | unset logshipenv logship_entry logship_value logship_title 300 | unset "${!LOGSHIP_@}" 301 | fi 302 | done 303 | ;; 304 | "proxy" | "forward" ) 305 | print_debug "[logship] Configuring Fluent-Bit for Proxy/Forwarding Mode" 306 | cat < /etc/fluent-bit/conf.d/in_forward.conf 307 | [INPUT] 308 | Name forward 309 | Listen 0.0.0.0 310 | Port ${FLUENTBIT_FORWARD_PORT} 311 | Buffer_Chunk_Size ${FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE} 312 | Buffer_Max_Size ${FLUENTBIT_FORWARD_BUFFER_MAX_SIZE} 313 | EOF 314 | ;; 315 | esac 316 | 317 | ##### Output Plugins 318 | case "${FLUENTBIT_OUTPUT,,}" in 319 | "loki" ) 320 | transform_file_var \ 321 | FLUENTBIT_OUTPUT_LOKI_HOST \ 322 | FLUENTBIT_OUTPUT_LOKI_PORT \ 323 | FLUENTBIT_OUTPUT_LOKI_USER \ 324 | FLUENTBIT_OUTPUT_LOKI_PASS \ 325 | FLUENTBIT_OUTPUT_LOKI_TENANT_ID 326 | 327 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_USER}" ] ; then 328 | loki_user=" http_user ${FLUENTBIT_OUTPUT_LOKI_USER}" 329 | fi 330 | 331 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_PASS}" ] ; then 332 | loki_pass=" http_passwd ${FLUENTBIT_OUTPUT_LOKI_PASS}" 333 | fi 334 | 335 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_TENANT_ID}" ] ; then 336 | loki_tenant_id=" tenant_id ${FLUENTBIT_OUTPUT_LOKI_TENANT_ID}" 337 | fi 338 | 339 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_TLS 340 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY 341 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP 342 | 343 | cat < /etc/fluent-bit/conf.d/out_loki.conf 344 | ## Auto generated LOKI Output plugin for Fluent Bit 345 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 346 | 347 | [OUTPUT] 348 | name loki 349 | match * 350 | host ${FLUENTBIT_OUTPUT_LOKI_HOST} 351 | port ${FLUENTBIT_OUTPUT_LOKI_PORT} 352 | tls ${FLUENTBIT_OUTPUT_LOKI_TLS,,} 353 | tls.verify ${FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY,,} 354 | compress ${FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP,,} 355 | labels logshipper=${CONTAINER_NAME} 356 | Label_keys \$hostname,\$container_name,\$product 357 | ${loki_user} 358 | ${loki_pass} 359 | ${loki_tenant_id} 360 | 361 | EOF 362 | ;; 363 | "fluentd" | "forward" ) 364 | truefalse_onoff FLUENTBIT_OUTPUT_FORWARD_TLS 365 | truefalse_onoff FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY 366 | if [ ! -z "${FLUENTBIT_OUTPUT_FORWARD_SECRET}" ] ; then 367 | forward_secret=" Shared_Key ${FLUENTBIT_OUTPUT_FORWARD_SECRET}" 368 | fi 369 | transform_file_var FLUENTBIT_OUTPUT_FORWARD_HOST 370 | cat < /etc/fluent-bit/conf.d/out_forward.conf 371 | ## Auto generated FluentD Forward Output plugin for Fluent Bit 372 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 373 | 374 | [OUTPUT] 375 | Name forward 376 | Match * 377 | Host ${FLUENTBIT_OUTPUT_FORWARD_HOST} 378 | Port ${FLUENTBIT_FORWARD_PORT} 379 | Self_Hostname ${CONTAINER_NAME} 380 | tls ${FLUENTBIT_OUTPUT_FORWARD_TLS,,} 381 | tls.verify ${FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY,,} 382 | ${forward_secret} 383 | EOF 384 | ;; 385 | "null" ) 386 | cat < /etc/fluent-bit/conf.d/out_null.conf 387 | ## Auto generated NULL Output plugin for Fluent Bit 388 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 389 | 390 | [OUTPUT] 391 | Name null 392 | Match * 393 | EOF 394 | ;; 395 | esac 396 | else 397 | print_notice "[logship] Not auto configuring Fluent-Bit. Drop configuration files in /etc/fluent-bit/conf.d" 398 | cat < /etc/fluent-bit/fluent-bit.conf 399 | ## This configuration file allows you to put your own configuration in /etc/fluent-bit/conf.d - Don't delete or it will fail :) 400 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 401 | @INCLUDE conf.d/*.conf 402 | EOF 403 | fi 404 | create_logrotate fluentbit "${FLUENTBIT_LOG_PATH}"/"${FLUENTBIT_LOG_FILE}" 405 | if var_true "${CONTAINER_ENABLE_MONITORING}" && [ "${CONTAINER_MONITORING_BACKEND,,}" = "zabbix" ]; then 406 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-fluentbit.conf 407 | # Zabbix Fluentbit Configuration - Automatically generated based on container startup options 408 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 409 | # Autoregister=fluentbit 410 | EOF 411 | fi 412 | print_notice "Container configured to ship logs via '${CONTAINER_LOGSHIPPING_BACKEND}'" 413 | ;; 414 | *) 415 | print_error "[logship] Unknown Log Shipping Backend" 416 | exit 1 417 | ;; 418 | esac 419 | 420 | fi 421 | 422 | liftoff 423 | output_on 424 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/06-messaging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | # shellcheck disable=SC2034 7 | PROCESS_NAME="messaging" 8 | 9 | output_off 10 | 11 | ## Legacy 12 | if var_false "${ENABLE_SMTP}"; then CONTAINER_ENABLE_MESSAGING=FALSE ; fi 13 | if var_true "${ENABLE_SMTP}"; then 14 | CONTAINER_ENABLE_MESSAGING=TRUE 15 | CONTAINER_MESSAGING_BACKEND=msmtp 16 | fi 17 | ## 18 | 19 | if var_true "${CONTAINER_ENABLE_MESSAGING}" ; then 20 | case "${CONTAINER_MESSAGING_BACKEND,,}" in 21 | "msmtp" ) 22 | rm -f /usr/sbin/sendmail 23 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 24 | truefalse_onoff SMTP_TLS lower 25 | truefalse_onoff SMTP_STARTTLS lower 26 | truefalse_onoff SMTP_TLSCERTCHECK lower 27 | transform_file_var \ 28 | SMTP_HOST \ 29 | SMTP_PORT \ 30 | SMTP_USER \ 31 | SMTP_PASS 32 | 33 | echo "### Automatically generated on container start. See documentation on how to set!" > /etc/msmtprc 34 | { 35 | echo "account default " 36 | echo "host ${SMTP_HOST}" 37 | echo "port ${SMTP_PORT}" 38 | echo "domain ${SMTP_DOMAIN}" 39 | if [ -n "$SMTP_FROM" ]; then echo "from ${SMTP_FROM}"; fi 40 | echo "maildomain ${SMTP_MAILDOMAIN}" 41 | if [ -n "$SMTP_AUTHENTICATION" ]; then echo "auth ${SMTP_AUTHENTICATION}"; fi 42 | if [ -n "$SMTP_USER" ]; then echo "user ${SMTP_USER}"; fi 43 | if [ -n "$SMTP_PASS" ]; then echo "password ${SMTP_PASS}"; fi 44 | echo "tls ${SMTP_TLS}" 45 | echo "tls_starttls ${SMTP_STARTTLS}" 46 | echo "tls_certcheck ${SMTP_TLSCERTCHECK}" 47 | if [ -n "$SMTP_ALLOW_FROM_OVERRIDE" ]; then echo "allow_from_override ${SMTP_ALLOW_FROM_OVERRIDE}"; fi 48 | ### Gmail Specific SMTP Config 49 | if var_true "${ENABLE_SMTP_GMAIL}" || var_true "${SMTP_AUTO_FROM}"; then echo "auto_from on"; fi 50 | } >> /etc/msmtprc 51 | 52 | print_notice "Container configured to route mail via SMTP to '${SMTP_HOST}'" 53 | ;; 54 | *) 55 | print_error "Unknown messaging backend" 56 | exit 1 57 | ;; 58 | esac 59 | else 60 | : 61 | fi 62 | 63 | liftoff 64 | 65 | output_on 66 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/07-firewall: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service 6 | # shellcheck disable=SC2034 7 | PROCESS_NAME="firewall" 8 | 9 | firewall_command=$(which "${CONTAINER_FIREWALL_BACKEND,,}") 10 | 11 | if var_true "${CONTAINER_ENABLE_FIREWALL}" ; then 12 | print_notice "Container configured for firewall with '${CONTAINER_FIREWALL_BACKEND}'" 13 | case "${CONTAINER_FIREWALL_BACKEND,,}" in 14 | "iptables" ) 15 | if [ -f "${IPTABLES_RULES_PATH}"/"${IPTABLES_RULES_FILE}" ]; then 16 | print_notice "Found custom iptables.rules file" 17 | silent iptables-restore "${IPTABLES_RULES_PATH}"/"${IPTABLES_RULES_FILE}" 18 | fi 19 | ;; 20 | *) 21 | print_error "Unknown firewall backend" 22 | exit 1 23 | ;; 24 | esac 25 | 26 | set -o posix 27 | set -f 28 | if printenv | grep -q "^FIREWALL_RULE" ; then 29 | print_debug "Found existence of FIREWALL_RULE environment variables" 30 | firewallenv=$(mktemp) 31 | printenv | sort | grep '^FIREWALL_RULE_[0-9][0-9]*' | sed "s|FIREWALL_RULE_||g" > ${firewallenv} 32 | cat ${firewallenv} 33 | while IFS= read -r firewall_entry; do 34 | rule_number="$(echo ${firewall_entry} | cut -d = -f1 )" 35 | rule_value="$(echo ${firewall_entry} | cut -d = -f2 )" 36 | print_debug "Adding Rule Number: ${rule_number} with to be parsed by ${CONTAINER_FIREWALL_BACKEND}" 37 | silent "${firewall_command}" ${rule_value} 38 | done < "${firewallenv}" 39 | rm -rf "${firewallenv}" 40 | set +f 41 | unset rule_number rule_value 42 | unset "${!FIREWALL_RULE_RULE_@}" 43 | fi 44 | 45 | if var_true "${CONTAINER_ENABLE_FAIL2BAN}" ; then 46 | print_notice "Container configured to block hosts via 'fail2ban'" 47 | print_debug "Fail2ban: Configure Logging" 48 | mkdir -p "${FAIL2BAN_LOG_PATH}" 49 | touch "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" 50 | 51 | print_debug "Fail2ban: Configuring Filesystem" 52 | if [ "${FAIL2BAN_CONFIG_PATH}" != "/etc/fail2ban/" ]; then 53 | echo "not /etc/fail2ban" 54 | print_debug "Fail2ban: Creating Config Dir" 55 | mkdir -p "${FAIL2BAN_CONFIG_PATH}" 56 | silent cp -R /etc/fail2ban/* "${FAIL2BAN_CONFIG_PATH}" 57 | print_debug "Fail2ban: Linking Config to Persistent Storage" 58 | rm -rf /etc/fail2ban 59 | ln -sf "${FAIL2BAN_CONFIG_PATH}" /etc/fail2ban 60 | fi 61 | 62 | mkdir -p /etc/fail2ban/filter.d 63 | mkdir -p /etc/fail2ban/jail.d 64 | 65 | print_debug "Fail2ban: Creating Data Dir" 66 | case "${FAIL2BAN_DB_TYPE,,}" in 67 | file ) 68 | fail2ban_db="${FAIL2BAN_DB_PATH}/${FAIL2BAN_DB_FILE}" 69 | mkdir -p "${FAIL2BAN_DB_PATH}" 70 | ;; 71 | memory ) 72 | fail2ban_db=":memory:" 73 | ;; 74 | none ) 75 | fail2ban_db="None" 76 | ;; 77 | esac 78 | 79 | case "${FAIL2BAN_LOG_TYPE,,}" in 80 | file ) 81 | print_debug "Fail2ban: Creating Log Directory" 82 | mkdir -p "${FAIL2BAN_LOG_PATH}" 83 | touch "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" 84 | create_logrotate fail2ban "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" none 85 | ;; 86 | console ) 87 | FAIL2BAN_LOG_FILE="STDOUT" 88 | ;; 89 | esac 90 | 91 | print_debug "Fail2Ban: Creating Default Jail Configuration" 92 | cat < "${FAIL2BAN_CONFIG_PATH}"/jail.conf 93 | ## Custom Generated Fail2ban jail.conf Configuration! Do not edit, instead set ENV Vars 94 | ## Last Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 95 | 96 | [DEFAULT] 97 | ignorself = ${FAIL2BAN_IGNORE_SELF} 98 | ignoreip = ${FAIL2BAN_IGNORE_IP} 99 | ignorecommand = 100 | bantime = ${FAIL2BAN_TIME_BAN} 101 | findtime = ${FAIL2BAN_TIME_FIND} 102 | maxretry = ${FAIL2BAN_MAX_RETRY} 103 | backend = ${FAIL2BAN_BACKEND} 104 | 105 | # "usedns" specifies if jails should trust hostnames in logs, 106 | # warn when DNS lookups are performed, or ignore all hostnames in logs 107 | # 108 | # yes: if a hostname is encountered, a DNS lookup will be performed. 109 | # warn: if a hostname is encountered, a DNS lookup will be performed, 110 | # but it will be logged as a warning. 111 | # no: if a hostname is encountered, will not be used for banning, 112 | # but it will be logged as info. 113 | # raw: use raw value (no hostname), allow use it for no-host filters/actions (example user) 114 | usedns = ${FAIL2BAN_USE_DNS} 115 | 116 | logencoding = auto 117 | enabled = false 118 | mode = normal 119 | filter = %(__name__)s[mode=%(mode)s] 120 | destemail = root@localhost 121 | sender = root@ 122 | mta = sendmail 123 | protocol = tcp 124 | chain = 125 | port = 0:65535 126 | fail2ban_agent = Fail2Ban/%(fail2ban_version)s 127 | banaction = iptables-multiport 128 | banaction_allports = iptables-allports 129 | action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 130 | action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 131 | %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] 132 | action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 133 | %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 134 | action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 135 | xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] 136 | action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] 137 | %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 138 | action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] 139 | action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] 140 | action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] 141 | action_abuseipdb = abuseipdb 142 | action = %(action_)s 143 | EOF 144 | 145 | print_debug "Fail2ban: Configuring main config file" 146 | cat < "${FAIL2BAN_CONFIG_PATH}"/fail2ban.conf 147 | ## Custom Generated fail2ban.conf Configuration! Do not edit, instead set ENV Vars 148 | ## Last Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 149 | 150 | [Definition] 151 | loglevel = ${FAIL2BAN_LOG_LEVEL} 152 | logtarget = ${FAIL2BAN_LOG_PATH}/${FAIL2BAN_LOG_FILE} 153 | syslogsocket = auto 154 | socket = /var/run/fail2ban/fail2ban.sock 155 | pidfile = /var/run/fail2ban/fail2ban.pid 156 | dbfile = ${fail2ban_db} 157 | dbpurgeage = ${FAIL2BAN_DB_PURGE_AGE} 158 | EOF 159 | 160 | if [ -d "${FAIL2BAN_CONFIG_PATH}"/jail.d ] && dir_notempty ; then 161 | for fail2ban_file in "${FAIL2BAN_CONFIG_PATH}"/jail.d/*.conf ; do 162 | if [ ! -d "$fail2ban_file" ] ; then 163 | print_debug "Substituting Environment Variables for: '${fail2ban_file}'" 164 | fail2ban_tmpfile=$(mktemp) 165 | cp --attributes-only --preserve "${fail2ban_file}" "${fail2ban_tmpfile}" 166 | cat "$fail2ban_file}" | envsubst > "${fail2ban_tmpfile}" && mv "${fail2ban_tmpfile}" "${fail2ban_file}" 167 | fi 168 | done 169 | fi 170 | 171 | if var_true "${CONTAINER_ENABLE_MONITORING}" && [ "${CONTAINER_MONITORING_BACKEND,,}" = "zabbix" ]; then 172 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-fail2ban.conf 173 | # Zabbix Fail2ban Configuration - Automatically generated based on container startup options 174 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 175 | # Autoregister=fail2ban 176 | 177 | UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+' 178 | UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/' 179 | UserParameter=fail2ban.version,fail2ban-server -V | head -n1 | awk '{print $2}' | sed "s|v||" 180 | EOF 181 | fi 182 | else 183 | service_stop "$(basename "$0")" 184 | fi 185 | else 186 | service_stop "$(basename "$0")" 187 | fi 188 | 189 | liftoff 190 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/99-container: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/defaults/00-container 4 | source /assets/functions/00-container 5 | output_off 6 | PROCESS_NAME="container" 7 | 8 | if var_false "${CONTAINER_SKIP_SANITY_CHECK}" ; then 9 | 10 | 11 | ### Final sanity check to make sure all scripts have executed and initialized properly, otherwise stop 12 | files_init=$(find /etc/cont-init.d/ -maxdepth 1 -type f | wc -l) 13 | files_init=$(( $files_init-1 )) 14 | declare -a files_init_name 15 | declare -a length_of_files_init_name 16 | for f in /etc/cont-init.d/*; do 17 | files_init_name[length_of_files_init_name + 1]=filename 18 | files_init_name[${#files_init_name[@]}+1]=$(echo "$f" | sed "s#filename##g" | sed "s#/etc/cont-init.d/##g" | sed "s#99-container##g" ); 19 | done 20 | 21 | init_complete=$(find /tmp/.container/*-init -maxdepth 1 -type f | wc -l) 22 | declare -a init_complete_name 23 | declare -a length_of_init_complete_name 24 | for f in /tmp/.container/*-init; do 25 | init_complete_name[length_of_init_complete_name + 1]=filename 26 | init_complete_name[${#init_complete_name[@]}+1]=$(echo "$f" | sed "s#filename##g" | sed "s#/tmp/.container/##g" | sed "s#-init##g"); 27 | done 28 | 29 | uninitialized_scripts=() 30 | for i in "${files_init_name[@]}"; do 31 | skip= 32 | for j in "${init_complete_name[@]}"; do 33 | [[ $i == "$j" ]] && { skip=1; break; } 34 | done 35 | [[ -n $skip ]] || uninitialized_scripts+=("$i") 36 | done 37 | declare uninitialized_scripts 38 | 39 | if [ $files_init != "$init_complete" ]; then 40 | if [ "$init_complete" -gt "$files_init" ] ; then 41 | : 42 | else 43 | if [ -n "${IMAGE_NAME}" ] ; then 44 | if [ -f "/assets/.changelogs/${IMAGE_NAME/\//_}.md" ] ; then 45 | image_version=$(head -n1 /assets/.changelogs/"${IMAGE_NAME/\//_}".md | awk '{print $2}') 46 | elif [ -f /assets/.changelogs/docker-"${IMAGE_NAME/\//_}".md ] ; then 47 | image_version=$(head -n1 /assets/.changelogs/docker-"${IMAGE_NAME/\//_}".md | awk '{print $2}') 48 | else 49 | if [ -f /assets/.changelogs/tiredofit_docker-"${IMAGE_NAME/\//_}".md ] ; then 50 | image_version=$(head -n1 /assets/.changelogs/tiredofit_docker-"${IMAGE_NAME/\//_}".md | awk '{print $2}') 51 | fi 52 | fi 53 | 54 | image_string="Image: ${IMAGE_NAME}" 55 | 56 | if [ -n "${image_version}" ] ; then 57 | image_string="${image_string} | Version ${image_version} Type 'changelog' for details" 58 | fi 59 | 60 | image_string="${image_string}" 61 | 62 | if [ -n "${IMAGE_REPO_URL}" ] ; then 63 | image_url="Repository/Issues/Support: ${IMAGE_REPO_URL}" 64 | fi 65 | fi 66 | echo "**********************************************************************************************************************" 67 | echo "**********************************************************************************************************************" 68 | echo "**** ****" 69 | echo "**** ERROR - Some initialization scripts haven't completed - All services are now halted ****" 70 | echo "**** - The following scripts in '/etc/cont-init.d' did not pass their completion check ****" 71 | echo "**** ****" 72 | echo "**********************************************************************************************************************" 73 | echo "**********************************************************************************************************************" 74 | echo "" 75 | echo "${uninitialized_scripts[@]}" | tr ' ' '\n' | uniq -u 76 | echo "" 77 | echo "**********************************************************************************************************************" 78 | echo "**********************************************************************************************************************" 79 | echo "**** ****" 80 | echo "**** This could have happened for a variety of reasons. Please make sure you have followed the README ****" 81 | echo "**** relating to this image and have proper configuration such as environment variables and volumes set ****" 82 | echo "**** ****" 83 | echo "**** If you feel that you have encountered a bug, please submit an issue on the revision control system ****" 84 | echo "**** and provide full debug logs by setting the environment variable 'DEBUG_MODE=TRUE' ****" 85 | echo "**** ****" 86 | echo "**********************************************************************************************************************" 87 | echo "**********************************************************************************************************************" 88 | echo "" 89 | echo "$image_string" 90 | echo "$image_url" 91 | exit 1 92 | fi 93 | fi 94 | output_on 95 | fi 96 | 97 | for services in /etc/services.available/*/ 98 | do 99 | service=${services%*/} 100 | if [ -f "/tmp/.container/${service##*/}-init" ]; then 101 | if grep -q "DONOTSTART" "/tmp/.container/${service##*/}-init"; then 102 | print_debug "Skipping '${service##*/}' service for startup routines" 103 | else 104 | print_debug "Getting ready to start '${service##*/}' service" 105 | ln -sf "${service}" /etc/services.d 106 | fi 107 | else 108 | print_debug "No Initialization Script Found - Getting ready to start '${service##*/}' service" 109 | ln -sf "${service}" /etc/services.d 110 | fi 111 | done 112 | 113 | if [ -n "${CONTAINER_POST_INIT_SCRIPT}" ] ; then 114 | print_debug "Found Post Init Scripts" 115 | post_scripts=$(echo "${CONTAINER_POST_INIT_SCRIPT}" | tr "," "\n") 116 | for post_script in $post_scripts 117 | do 118 | if [ -f "${post_script}" ] ; then 119 | print_debug "Executing post init script '${post_script}'" 120 | chmod +x "${post_script}" 121 | "${post_script}" 122 | else 123 | print_error "Tried to run post script '${post_script}' but it does not exist!" 124 | fi 125 | done 126 | fi 127 | 128 | if [ -n "${CONTAINER_POST_INIT_COMMAND}" ] ; then 129 | print_debug "Found Post Init Command" 130 | post_commands=$(echo "${CONTAINER_POST_INIT_COMMAND}" | tr "," "\n") 131 | for post_command in "${post_commands}" 132 | do 133 | print_debug "Executing post init command '${post_command}'" 134 | eval "${post_command}" 135 | done 136 | fi 137 | 138 | liftoff 139 | output_on -------------------------------------------------------------------------------- /install/etc/fluent-bit/parsers.conf: -------------------------------------------------------------------------------- 1 | [PARSER] 2 | Name fluentbit 3 | Format regex 4 | Regex ^\[(?