├── 1 ├── .dockerignore ├── .github ├── FUNDING.yml ├── dependabot.yml └── workflows │ ├── main.yml │ └── manual.yml ├── CHANGELOG.md ├── Dockerfile ├── LICENSE ├── README.md └── install ├── assets ├── defaults │ ├── 00-container │ ├── 02-permissions │ ├── 03-monitoring │ ├── 04-scheduling │ ├── 05-logging │ ├── 06-messaging │ └── 07-firewall └── functions │ └── 00-container └── etc ├── cont-init.d ├── 00-startup ├── 01-timezone ├── 02-permissions ├── 03-monitoring ├── 04-scheduling ├── 05-logging ├── 06-messaging ├── 07-firewall └── 99-container ├── fluent-bit ├── parsers.conf └── parsers.d │ └── .empty └── services.available ├── 03-monitoring └── run ├── 04-scheduling └── run ├── 05-logging └── run └── 07-firewall └── run /1: -------------------------------------------------------------------------------- 1 | id: ‘dave2’: no such user 2 | id: ‘2’: no such user 3 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | examples/ 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [tiredofit] 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # Maintain dependencies for GitHub Actions 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" 8 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | ### Top Level Base Image (Debian) 2 | ### Dave Conroy > 3 | 4 | name: 'build' 5 | 6 | on: 7 | schedule: 8 | - cron: 1 0 * * 6 9 | push: 10 | paths: 11 | - '**' 12 | - '!README.md' 13 | jobs: 14 | bookworm: 15 | env: 16 | DISTRO_VARIANT: "bookworm" 17 | build_file: Dockerfile 18 | runs-on: ubuntu-latest 19 | steps: 20 | - name: Checkout 21 | uses: actions/checkout@v4 22 | 23 | - name: Prepare 24 | id: prep 25 | run: | 26 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 27 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 28 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 29 | else 30 | git_branch=${GITHUB_REF#refs/heads/} 31 | fi 32 | 33 | case "${git_branch}" in 34 | "main" | "master" ) 35 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 36 | image_latest=",${GITHUB_REPOSITORY}:latest" 37 | fi 38 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 39 | ;; 40 | "develop" ) 41 | branch_tag="${GITHUB_REPOSITORY}:develop" 42 | ;; 43 | esac 44 | fi 45 | 46 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 47 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 48 | fi 49 | 50 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 51 | image_tags=${branch_tag},${git_tag} 52 | else 53 | image_tags="${branch_tag}${git_tag}" 54 | fi 55 | 56 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 57 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 58 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 59 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 60 | - name: Label 61 | id: Label 62 | run: | 63 | image_name=${GITHUB_REPOSITORY/docker-/} 64 | if [ -f "${{ env.build_file }}" ] ; then 65 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 66 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 67 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 68 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 69 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 70 | 71 | if [ -f "CHANGELOG.md" ] ; then 72 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 73 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 74 | fi 75 | 76 | if [[ $GITHUB_REF == refs/tags/* ]]; then 77 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 78 | fi 79 | 80 | if [[ $GITHUB_REF == refs/heads/* ]]; then 81 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 82 | fi 83 | fi 84 | - name: Set up Docker Buildx 85 | id: buildx 86 | uses: docker/setup-buildx-action@v3 87 | 88 | - name: Set up QEMU 89 | uses: docker/setup-qemu-action@v2 90 | with: 91 | platforms: arm,arm64 92 | 93 | - name: Login to DockerHub 94 | if: github.event_name != 'pull_request' 95 | uses: docker/login-action@v3 96 | with: 97 | username: ${{ secrets.DOCKER_USERNAME }} 98 | password: ${{ secrets.DOCKER_PASSWORD }} 99 | 100 | - name: Login to GitHub Container Registry 101 | if: github.event_name != 'pull_request' 102 | uses: docker/login-action@v3 103 | with: 104 | registry: ghcr.io 105 | username: ${{ github.actor }} 106 | password: ${{ secrets.GITHUB_TOKEN }} 107 | 108 | - name: Build 109 | if: github.event_name != 'pull_request' 110 | uses: docker/build-push-action@v5 111 | with: 112 | builder: ${{ steps.buildx.outputs.name }} 113 | context: . 114 | file: ./${{ env.build_file }} 115 | platforms: linux/amd64,linux/arm64,linux/arm/v7 116 | push: true 117 | tags: ${{ steps.prep.outputs.container_images }} 118 | build-args: | 119 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 120 | 121 | - name: Update Docker Hub Information 122 | if: github.event_name != 'pull_request' 123 | uses: peter-evans/dockerhub-description@v3 124 | with: 125 | username: ${{ secrets.DOCKER_USERNAME }} 126 | password: ${{ secrets.DOCKER_PASSWORD }} 127 | repository: ${{ env.dockerhub_repo }} 128 | short-description: ${{ github.event.repository.description }} 129 | readme-filepath: ./README.md 130 | 131 | ### 132 | bullseye: 133 | env: 134 | DISTRO_VARIANT: "bullseye" 135 | build_file: Dockerfile 136 | runs-on: ubuntu-latest 137 | steps: 138 | - name: Checkout 139 | uses: actions/checkout@v4 140 | 141 | - name: Prepare 142 | id: prep 143 | run: | 144 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 145 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 146 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 147 | else 148 | git_branch=${GITHUB_REF#refs/heads/} 149 | fi 150 | 151 | case "${git_branch}" in 152 | "main" | "master" ) 153 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 154 | image_latest=",${GITHUB_REPOSITORY}:latest" 155 | fi 156 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 157 | ;; 158 | "develop" ) 159 | branch_tag="${GITHUB_REPOSITORY}:develop" 160 | ;; 161 | esac 162 | fi 163 | 164 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 165 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 166 | fi 167 | 168 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 169 | image_tags=${branch_tag},${git_tag} 170 | else 171 | image_tags="${branch_tag}${git_tag}" 172 | fi 173 | 174 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 175 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 176 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 177 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 178 | - name: Label 179 | id: Label 180 | run: | 181 | image_name=${GITHUB_REPOSITORY/docker-/} 182 | if [ -f "${{ env.build_file }}" ] ; then 183 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 184 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 185 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 186 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 187 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 188 | 189 | if [ -f "CHANGELOG.md" ] ; then 190 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 191 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 192 | fi 193 | 194 | if [[ $GITHUB_REF == refs/tags/* ]]; then 195 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 196 | fi 197 | 198 | if [[ $GITHUB_REF == refs/heads/* ]]; then 199 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 200 | fi 201 | fi 202 | - name: Set up Docker Buildx 203 | id: buildx 204 | uses: docker/setup-buildx-action@v3 205 | 206 | - name: Set up QEMU 207 | uses: docker/setup-qemu-action@v2 208 | with: 209 | platforms: arm,arm64 210 | 211 | - name: Login to DockerHub 212 | if: github.event_name != 'pull_request' 213 | uses: docker/login-action@v3 214 | with: 215 | username: ${{ secrets.DOCKER_USERNAME }} 216 | password: ${{ secrets.DOCKER_PASSWORD }} 217 | 218 | - name: Login to GitHub Container Registry 219 | if: github.event_name != 'pull_request' 220 | uses: docker/login-action@v3 221 | with: 222 | registry: ghcr.io 223 | username: ${{ github.actor }} 224 | password: ${{ secrets.GITHUB_TOKEN }} 225 | 226 | - name: Build 227 | if: github.event_name != 'pull_request' 228 | uses: docker/build-push-action@v5 229 | with: 230 | builder: ${{ steps.buildx.outputs.name }} 231 | context: . 232 | file: ./${{ env.build_file }} 233 | platforms: linux/amd64,linux/arm64,linux/arm/v7 234 | push: true 235 | tags: ${{ steps.prep.outputs.container_images }} 236 | build-args: | 237 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 238 | 239 | - name: Update Docker Hub Information 240 | if: github.event_name != 'pull_request' 241 | uses: peter-evans/dockerhub-description@v3 242 | with: 243 | username: ${{ secrets.DOCKER_USERNAME }} 244 | password: ${{ secrets.DOCKER_PASSWORD }} 245 | repository: ${{ env.dockerhub_repo }} 246 | short-description: ${{ github.event.repository.description }} 247 | readme-filepath: ./README.md 248 | 249 | buster: 250 | env: 251 | DISTRO_VARIANT: "buster" 252 | build_file: Dockerfile 253 | runs-on: ubuntu-latest 254 | steps: 255 | - name: Checkout 256 | uses: actions/checkout@v4 257 | 258 | - name: Prepare 259 | id: prep 260 | run: | 261 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 262 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 263 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 264 | else 265 | git_branch=${GITHUB_REF#refs/heads/} 266 | fi 267 | 268 | case "${git_branch}" in 269 | "main" | "master" ) 270 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 271 | image_latest=",${GITHUB_REPOSITORY}:latest" 272 | fi 273 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 274 | ;; 275 | "develop" ) 276 | branch_tag="${GITHUB_REPOSITORY}:develop" 277 | ;; 278 | esac 279 | fi 280 | 281 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 282 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 283 | fi 284 | 285 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 286 | image_tags=${branch_tag},${git_tag} 287 | else 288 | image_tags="${branch_tag}${git_tag}" 289 | fi 290 | 291 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 292 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 293 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 294 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 295 | - name: Label 296 | id: Label 297 | run: | 298 | image_name=${GITHUB_REPOSITORY/docker-/} 299 | if [ -f "${{ env.build_file }}" ] ; then 300 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 301 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 302 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 303 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 304 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 305 | 306 | if [ -f "CHANGELOG.md" ] ; then 307 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 308 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 309 | fi 310 | 311 | if [[ $GITHUB_REF == refs/tags/* ]]; then 312 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 313 | fi 314 | 315 | if [[ $GITHUB_REF == refs/heads/* ]]; then 316 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 317 | fi 318 | fi 319 | - name: Set up Docker Buildx 320 | id: buildx 321 | uses: docker/setup-buildx-action@v3 322 | 323 | - name: Set up QEMU 324 | uses: docker/setup-qemu-action@v2 325 | with: 326 | platforms: arm,arm64 327 | 328 | - name: Login to DockerHub 329 | if: github.event_name != 'pull_request' 330 | uses: docker/login-action@v3 331 | with: 332 | username: ${{ secrets.DOCKER_USERNAME }} 333 | password: ${{ secrets.DOCKER_PASSWORD }} 334 | 335 | - name: Login to GitHub Container Registry 336 | if: github.event_name != 'pull_request' 337 | uses: docker/login-action@v3 338 | with: 339 | registry: ghcr.io 340 | username: ${{ github.actor }} 341 | password: ${{ secrets.GITHUB_TOKEN }} 342 | 343 | - name: Build 344 | if: github.event_name != 'pull_request' 345 | uses: docker/build-push-action@v5 346 | with: 347 | builder: ${{ steps.buildx.outputs.name }} 348 | context: . 349 | file: ./${{ env.build_file }} 350 | platforms: linux/amd64,linux/arm64,linux/arm/v7 351 | push: true 352 | tags: ${{ steps.prep.outputs.container_images }} 353 | build-args: | 354 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 355 | 356 | - name: Update Docker Hub Information 357 | if: github.event_name != 'pull_request' 358 | uses: peter-evans/dockerhub-description@v3 359 | with: 360 | username: ${{ secrets.DOCKER_USERNAME }} 361 | password: ${{ secrets.DOCKER_PASSWORD }} 362 | repository: ${{ env.dockerhub_repo }} 363 | short-description: ${{ github.event.repository.description }} 364 | readme-filepath: ./README.md 365 | -------------------------------------------------------------------------------- /.github/workflows/manual.yml: -------------------------------------------------------------------------------- 1 | ### Top Level Base Image (Debian) 2 | ### Dave Conroy 3 | 4 | name: "manual_build_image" 5 | 6 | on: 7 | workflow_dispatch: 8 | inputs: 9 | Manual Build: 10 | description: 'Manual Build' 11 | required: false 12 | jobs: 13 | bookworm: 14 | env: 15 | DISTRO_VARIANT: "bookworm" 16 | build_file: Dockerfile 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Checkout 20 | uses: actions/checkout@v4 21 | 22 | - name: Prepare 23 | id: prep 24 | run: | 25 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 26 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 27 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 28 | else 29 | git_branch=${GITHUB_REF#refs/heads/} 30 | fi 31 | 32 | case "${git_branch}" in 33 | "main" | "master" ) 34 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 35 | image_latest=",${GITHUB_REPOSITORY}:latest" 36 | fi 37 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 38 | ;; 39 | "develop" ) 40 | branch_tag="${GITHUB_REPOSITORY}:develop" 41 | ;; 42 | esac 43 | fi 44 | 45 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 46 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 47 | fi 48 | 49 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 50 | image_tags=${branch_tag},${git_tag} 51 | else 52 | image_tags="${branch_tag}${git_tag}" 53 | fi 54 | 55 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 56 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 57 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 58 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 59 | - name: Label 60 | id: Label 61 | run: | 62 | image_name=${GITHUB_REPOSITORY/docker-/} 63 | if [ -f "${{ env.build_file }}" ] ; then 64 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 65 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 66 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 67 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 68 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 69 | 70 | if [ -f "CHANGELOG.md" ] ; then 71 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 72 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 73 | fi 74 | 75 | if [[ $GITHUB_REF == refs/tags/* ]]; then 76 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 77 | fi 78 | 79 | if [[ $GITHUB_REF == refs/heads/* ]]; then 80 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 81 | fi 82 | fi 83 | - name: Set up Docker Buildx 84 | id: buildx 85 | uses: docker/setup-buildx-action@v3 86 | 87 | - name: Set up QEMU 88 | uses: docker/setup-qemu-action@v2 89 | with: 90 | platforms: arm,arm64 91 | 92 | - name: Login to DockerHub 93 | if: github.event_name != 'pull_request' 94 | uses: docker/login-action@v3 95 | with: 96 | username: ${{ secrets.DOCKER_USERNAME }} 97 | password: ${{ secrets.DOCKER_PASSWORD }} 98 | 99 | - name: Login to GitHub Container Registry 100 | if: github.event_name != 'pull_request' 101 | uses: docker/login-action@v3 102 | with: 103 | registry: ghcr.io 104 | username: ${{ github.actor }} 105 | password: ${{ secrets.GITHUB_TOKEN }} 106 | 107 | - name: Build 108 | if: github.event_name != 'pull_request' 109 | uses: docker/build-push-action@v5 110 | with: 111 | builder: ${{ steps.buildx.outputs.name }} 112 | context: . 113 | file: ./${{ env.build_file }} 114 | platforms: linux/amd64,linux/arm64,linux/arm/v7 115 | push: true 116 | tags: ${{ steps.prep.outputs.container_images }} 117 | build-args: | 118 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 119 | 120 | - name: Update Docker Hub Information 121 | if: github.event_name != 'pull_request' 122 | uses: peter-evans/dockerhub-description@v3 123 | with: 124 | username: ${{ secrets.DOCKER_USERNAME }} 125 | password: ${{ secrets.DOCKER_PASSWORD }} 126 | repository: ${{ env.dockerhub_repo }} 127 | short-description: ${{ github.event.repository.description }} 128 | readme-filepath: ./README.md 129 | 130 | ### 131 | bullseye: 132 | env: 133 | DISTRO_VARIANT: "bullseye" 134 | build_file: Dockerfile 135 | runs-on: ubuntu-latest 136 | steps: 137 | - name: Checkout 138 | uses: actions/checkout@v4 139 | 140 | - name: Prepare 141 | id: prep 142 | run: | 143 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 144 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 145 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 146 | else 147 | git_branch=${GITHUB_REF#refs/heads/} 148 | fi 149 | 150 | case "${git_branch}" in 151 | "main" | "master" ) 152 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 153 | image_latest=",${GITHUB_REPOSITORY}:latest" 154 | fi 155 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 156 | ;; 157 | "develop" ) 158 | branch_tag="${GITHUB_REPOSITORY}:develop" 159 | ;; 160 | esac 161 | fi 162 | 163 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 164 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 165 | fi 166 | 167 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 168 | image_tags=${branch_tag},${git_tag} 169 | else 170 | image_tags="${branch_tag}${git_tag}" 171 | fi 172 | 173 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 174 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 175 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 176 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 177 | - name: Label 178 | id: Label 179 | run: | 180 | image_name=${GITHUB_REPOSITORY/docker-/} 181 | if [ -f "${{ env.build_file }}" ] ; then 182 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 183 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 184 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 185 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 186 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 187 | 188 | if [ -f "CHANGELOG.md" ] ; then 189 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 190 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 191 | fi 192 | 193 | if [[ $GITHUB_REF == refs/tags/* ]]; then 194 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 195 | fi 196 | 197 | if [[ $GITHUB_REF == refs/heads/* ]]; then 198 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 199 | fi 200 | fi 201 | - name: Set up Docker Buildx 202 | id: buildx 203 | uses: docker/setup-buildx-action@v3 204 | 205 | - name: Set up QEMU 206 | uses: docker/setup-qemu-action@v2 207 | with: 208 | platforms: arm,arm64 209 | 210 | - name: Login to DockerHub 211 | if: github.event_name != 'pull_request' 212 | uses: docker/login-action@v3 213 | with: 214 | username: ${{ secrets.DOCKER_USERNAME }} 215 | password: ${{ secrets.DOCKER_PASSWORD }} 216 | 217 | - name: Login to GitHub Container Registry 218 | if: github.event_name != 'pull_request' 219 | uses: docker/login-action@v3 220 | with: 221 | registry: ghcr.io 222 | username: ${{ github.actor }} 223 | password: ${{ secrets.GITHUB_TOKEN }} 224 | 225 | - name: Build 226 | if: github.event_name != 'pull_request' 227 | uses: docker/build-push-action@v5 228 | with: 229 | builder: ${{ steps.buildx.outputs.name }} 230 | context: . 231 | file: ./${{ env.build_file }} 232 | platforms: linux/amd64,linux/arm64,linux/arm/v7 233 | push: true 234 | tags: ${{ steps.prep.outputs.container_images }} 235 | build-args: | 236 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 237 | 238 | - name: Update Docker Hub Information 239 | if: github.event_name != 'pull_request' 240 | uses: peter-evans/dockerhub-description@v3 241 | with: 242 | username: ${{ secrets.DOCKER_USERNAME }} 243 | password: ${{ secrets.DOCKER_PASSWORD }} 244 | repository: ${{ env.dockerhub_repo }} 245 | short-description: ${{ github.event.repository.description }} 246 | readme-filepath: ./README.md 247 | 248 | buster: 249 | env: 250 | DISTRO_VARIANT: "buster" 251 | build_file: Dockerfile 252 | runs-on: ubuntu-latest 253 | steps: 254 | - name: Checkout 255 | uses: actions/checkout@v4 256 | 257 | - name: Prepare 258 | id: prep 259 | run: | 260 | if [[ "${GITHUB_REF}" == refs/heads/* ]]; then 261 | if [[ "${GITHUB_REF}" == refs/heads/*/* ]] ; then 262 | git_branch="${GITHUB_REPOSITORY/docker-/}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" 263 | else 264 | git_branch=${GITHUB_REF#refs/heads/} 265 | fi 266 | 267 | case "${git_branch}" in 268 | "main" | "master" ) 269 | if [ "${{ vars.LATEST }}" = "TRUE" ] || [ "${{ vars.LATEST }}" = "${DISTRO_VARIANT}" ]; then 270 | image_latest=",${GITHUB_REPOSITORY}:latest" 271 | fi 272 | branch_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT},${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-latest${image_latest}" 273 | ;; 274 | "develop" ) 275 | branch_tag="${GITHUB_REPOSITORY}:develop" 276 | ;; 277 | esac 278 | fi 279 | 280 | if [[ "${GITHUB_REF}" == refs/tags/* ]]; then 281 | git_tag="${GITHUB_REPOSITORY}:${DISTRO_VARIANT}-$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" 282 | fi 283 | 284 | if [ -n "${branch_tag}" ] && [ -n "${git_tag}" ]; then 285 | image_tags=${branch_tag},${git_tag} 286 | else 287 | image_tags="${branch_tag}${git_tag}" 288 | fi 289 | 290 | echo "dockerhub_repo=${GITHUB_REPOSITORY/docker-/}" >> $GITHUB_ENV 291 | dockerhub_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|docker.io/${GITHUB_REPOSITORY/docker-/}|g") 292 | ghcr_images=$(echo "${image_tags}" | sed "s|${GITHUB_REPOSITORY}|ghcr.io/${GITHUB_REPOSITORY}|g") 293 | echo "container_images=${dockerhub_images},${ghcr_images}" >> $GITHUB_OUTPUT 294 | - name: Label 295 | id: Label 296 | run: | 297 | image_name=${GITHUB_REPOSITORY/docker-/} 298 | if [ -f "${{ env.build_file }}" ] ; then 299 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" ${{ env.build_file }} 300 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_commit=\"${GITHUB_SHA}\"" ${{ env.build_file }} 301 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_committed_by=\"${GITHUB_ACTOR}\"" ${{ env.build_file }} 302 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" ${{ env.build_file }} 303 | sed -i "/FROM .*/a LABEL org.opencontainers.image.source https://github.com/${GITHUB_REPOSITORY}" ${{ env.build_file }} 304 | 305 | if [ -f "CHANGELOG.md" ] ; then 306 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" ${{ env.build_file }} 307 | mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md 308 | fi 309 | 310 | if [[ $GITHUB_REF == refs/tags/* ]]; then 311 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_tag=\"${GITHUB_REF#refs/tags/v}\"" ${{ env.build_file }} 312 | fi 313 | 314 | if [[ $GITHUB_REF == refs/heads/* ]]; then 315 | sed -i "/FROM .*/a LABEL tiredofit.${image_name}.git_branch=\"${GITHUB_REF#refs/heads/}\"" ${{ env.build_file }} 316 | fi 317 | fi 318 | - name: Set up Docker Buildx 319 | id: buildx 320 | uses: docker/setup-buildx-action@v3 321 | 322 | - name: Set up QEMU 323 | uses: docker/setup-qemu-action@v2 324 | with: 325 | platforms: arm,arm64 326 | 327 | - name: Login to DockerHub 328 | if: github.event_name != 'pull_request' 329 | uses: docker/login-action@v3 330 | with: 331 | username: ${{ secrets.DOCKER_USERNAME }} 332 | password: ${{ secrets.DOCKER_PASSWORD }} 333 | 334 | - name: Login to GitHub Container Registry 335 | if: github.event_name != 'pull_request' 336 | uses: docker/login-action@v3 337 | with: 338 | registry: ghcr.io 339 | username: ${{ github.actor }} 340 | password: ${{ secrets.GITHUB_TOKEN }} 341 | 342 | - name: Build 343 | if: github.event_name != 'pull_request' 344 | uses: docker/build-push-action@v5 345 | with: 346 | builder: ${{ steps.buildx.outputs.name }} 347 | context: . 348 | file: ./${{ env.build_file }} 349 | platforms: linux/amd64,linux/arm64,linux/arm/v7 350 | push: true 351 | tags: ${{ steps.prep.outputs.container_images }} 352 | build-args: | 353 | DEBIAN_VERSION=${{ env.DISTRO_VARIANT }} 354 | 355 | - name: Update Docker Hub Information 356 | if: github.event_name != 'pull_request' 357 | uses: peter-evans/dockerhub-description@v3 358 | with: 359 | username: ${{ secrets.DOCKER_USERNAME }} 360 | password: ${{ secrets.DOCKER_PASSWORD }} 361 | repository: ${{ env.dockerhub_repo }} 362 | short-description: ${{ github.event.repository.description }} 363 | readme-filepath: ./README.md 364 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 7.10.31 2025-05-05 2 | 3 | ### Added 4 | - S6 Overlay 3.20.3 5 | 6 | 7 | ## 7.10.30 2025-04-26 8 | 9 | ### Changed 10 | - Fix SERVICE_NAME insertion 11 | 12 | 13 | ## 7.10.29 2025-04-26 14 | 15 | ### Added 16 | - Zabbix Agent 7.2.6 17 | 18 | 19 | ## 7.10.28 2025-02-24 20 | 21 | ### Added 22 | - Zabbix Agent 7.0.10 23 | 24 | 25 | ## 7.10.27 2024-12-11 26 | 27 | ### Changed 28 | - Set db_ready function to use disable ssl for mysql checks by default 29 | 30 | 31 | ## 7.10.23 2024-12-05 32 | 33 | ### Added 34 | - Downgrade to Fluent-bit 3.1.10 35 | 36 | 37 | ## 7.10.22 2024-12-05 38 | 39 | ### Added 40 | - Rollback to Zabbix Agent 7.0.5 41 | 42 | 43 | ## 7.10.21 2024-11-20 44 | 45 | ### Added 46 | - Zabbix Agent 7.0.6 47 | 48 | 49 | ## 7.10.20 2024-11-18 50 | 51 | ### Added 52 | - Fluent-Bit 3.2.1 53 | 54 | 55 | ## 7.10.19 2024-11-11 56 | 57 | ### Added 58 | - Fluent-Bit 3.2.0 59 | 60 | 61 | ## 7.10.18 2024-11-04 62 | 63 | ### Added 64 | - Fluent-Bit 3.1.10 65 | 66 | 67 | ## 7.10.17 2024-10-22 68 | 69 | ### Added 70 | - Zabbix Agent 7.0.5 71 | 72 | 73 | ## 7.10.16 2024-10-13 74 | 75 | ### Added 76 | - S6 Overlay 3.2.0.2 77 | 78 | 79 | ## 7.10.15 2024-10-01 80 | 81 | ### Added 82 | - Fluent Bit 3.1.9 83 | 84 | 85 | ## 7.10.14 2024-09-24 86 | 87 | ### Added 88 | - Zabbix Agent 7.0.4 89 | 90 | 91 | ## 7.10.13 2024-09-16 92 | 93 | ### Added 94 | - Fluent-bit 3.1.8 95 | 96 | 97 | ## 7.10.12 2024-09-02 98 | 99 | ### Added 100 | - Fluent-bit 3.1.7 101 | 102 | 103 | ## 7.10.11 2024-08-22 104 | 105 | ### Changed 106 | - Allow for changing CONTAINER_USER or CONTAINER_GROUP names with hyphens in them 107 | 108 | 109 | ## 7.10.10 2024-08-19 110 | 111 | ### Added 112 | - Zabbix Agent 7.0.3 113 | 114 | 115 | ## 7.10.9 2024-08-15 116 | 117 | ### Added 118 | - Fluent-bit 3.1.6 119 | 120 | 121 | ## 7.10.8 2024-08-11 122 | 123 | ### Added 124 | - Fluent-Bit 3.1.5 125 | 126 | 127 | ## 7.10.7 2024-07-29 128 | 129 | ### Added 130 | - Zabbix Agent 7.0.2 131 | 132 | 133 | ## 7.10.6 2024-07-25 134 | 135 | ### Added 136 | - Fluent-Bit 3.1.4 137 | 138 | 139 | ## 7.10.5 2024-07-22 140 | 141 | ### Added 142 | - Zabbix Agent 7.0.1 143 | 144 | 145 | ## 7.10.4 2024-07-17 146 | 147 | ### Added 148 | - Fluent-bit 3.1.3 149 | - S6 Overlay 3.2.0.0 150 | 151 | 152 | ## 7.10.1 2024-07-11 153 | 154 | ### Added 155 | - Fluent-bit 3.1.1 156 | 157 | 158 | ## 7.10.0 2024-07-05 159 | 160 | ### Added 161 | - Add host_override function 162 | 163 | 164 | ## 7.9.1 2024-06-26 165 | 166 | ### Changed 167 | - Tweak print_start functions to avoid unnecessary process start delays 168 | 169 | 170 | ## 7.9.0 2024-06-25 171 | 172 | ### Added 173 | - Add CONTAINER_PROCESS_RUNAWAY_DELAY environment variable to add a configurable (default 1) second delay in between restarting processes 174 | 175 | 176 | ## 7.8.34 2024-06-11 177 | 178 | ### Added 179 | - Fluent Bit 3.0.7 180 | 181 | 182 | ## 7.8.33 2024-06-04 183 | 184 | ### Added 185 | - Zabbix Agent 7.0.0 186 | 187 | 188 | ## 7.8.32 2024-05-27 189 | 190 | ### Added 191 | - Fluent Bit 3.0.6 192 | 193 | 194 | ## 7.8.31 2024-05-23 195 | 196 | ### Added 197 | - Fluent-Bit 3.0.5 198 | 199 | 200 | ## 7.8.30 2024-05-21 201 | 202 | ### Added 203 | - Zabbix Agent 6.4.15 204 | 205 | 206 | ## 7.8.29 2024-05-21 207 | 208 | ### Added 209 | - Fluent-Bit 3.0.4 210 | 211 | 212 | ## 7.8.28 2024-04-27 213 | 214 | ### Added 215 | - Fluent-bit 3.0.3 216 | 217 | 218 | ## 7.8.27 2024-04-12 219 | 220 | ### Added 221 | - Fluent-bit 3.0.2 222 | 223 | 224 | ## 7.8.26 2024-04-04 225 | 226 | ### Added 227 | - Fluent-Bit 3.0.1 228 | 229 | 230 | ## 7.8.25 2024-03-25 231 | 232 | ### Added 233 | - Zabbix Agent 6.4.13 234 | 235 | 236 | ## 7.8.24 2024-03-21 237 | 238 | ### Added 239 | - Fluent-Bit 3.0.0 240 | 241 | 242 | ## 7.8.23 2024-02-26 243 | 244 | ### Added 245 | - Zabbix 6.4.12 246 | 247 | 248 | ## 7.8.22 2024-02-02 249 | 250 | ### Changed 251 | - Fix issue creating blank files on startup 252 | 253 | 254 | ## 7.8.21 2024-02-01 255 | 256 | ### Added 257 | - Zabbix Agent 6.4.11 258 | 259 | 260 | ## 7.8.20 2023-12-13 261 | 262 | ### Added 263 | - Zabbix Agent 6.4.10 264 | 265 | 266 | ## 7.8.17 2023-12-12 267 | 268 | ### Added 269 | - YQ 4.40.5 270 | - Fluent-bit 2.2.0 271 | 272 | ### Changed 273 | - Fix issue with service_down function bringing up services unintentionally 274 | 275 | 276 | ## 7.8.16 2023-12-05 277 | 278 | ### Changed 279 | - When using service_stop do not pass DONOTSTART to running script if $1 is different 280 | 281 | 282 | ## 7.8.15 2023-11-08 283 | 284 | ### Added 285 | - Golang 1.21.4 286 | - Zabbix Agent 6.4.8 287 | 288 | 289 | ## 7.8.14 2023-11-06 290 | 291 | ### Added 292 | - S6 Overlay 3.16.0 293 | 294 | 295 | ## 7.8.13 2023-10-08 296 | 297 | ### Changed 298 | - Change around Fluent-bit compression parameter 299 | 300 | 301 | ## 7.8.12 2023-09-28 302 | 303 | ### Added 304 | - Fluent-bit 2.1.10 305 | - Add option for gzip compression for fluent-bit output/loki 306 | 307 | 308 | ## 7.8.11 2023-09-26 309 | 310 | ### Added 311 | - Zabbix Agent 6.4.7 312 | 313 | 314 | ## 7.8.10 2023-09-22 315 | 316 | ### Changed 317 | - Fix Golang version issues 318 | 319 | ### Reverted 320 | - Remove stale busybox development routines 321 | 322 | 323 | ## 7.8.9 2023-08-23 324 | 325 | ### Added 326 | - Zabbix Agent 6.4.6 327 | - Go Build 1.21.0 328 | - YQ 4.35.1 329 | - Add SMTP_ALLOW_FROM override (credit to coolibre@github) 330 | 331 | 332 | ## 7.8.8 2023-07-28 333 | 334 | ### Added 335 | - Add 'libpcre3' package 336 | 337 | 338 | ## 7.8.7 2023-07-28 339 | 340 | ### Added 341 | - Golang build chain 1.20.6 342 | - YQ 4.34.2 343 | - Fluent-bit 2.1.8 344 | 345 | ### Changed 346 | - Change the db_ready function to accomodate the binary name change with MariaDB 11 clients 347 | 348 | 349 | ## 7.8.6 2023-06-27 350 | 351 | ### Added 352 | - Zabbix Agent 6.4.4 353 | 354 | 355 | ## 7.8.5 2023-06-23 356 | 357 | ### Added 358 | - Fluent Bit 2.1.6 359 | 360 | 361 | ## 7.8.4 2023-06-20 362 | 363 | ### Reverted 364 | - Stop using UPX to pack executibles 365 | 366 | 367 | ## 7.8.3 2023-06-20 368 | 369 | ### Added 370 | - Fluent-Bit 2.1.5 371 | 372 | 373 | ## 7.8.2 2023-06-16 374 | 375 | ### Changed 376 | - Fix issue with newer versions of fluent-bit not compiling due to a problem with node-exporter not respecting the fact we aren't building the systemd input 377 | 378 | 379 | ## 7.8.1 2023-05-03 380 | 381 | ### Added 382 | - GoLang 1.20.4 383 | 384 | ### Changed 385 | - Cleanup 386 | 387 | 388 | ## 7.8.0 2023-04-26 389 | 390 | ### Added 391 | - Introduce _FILE support for environment variables 392 | - Quiet down DEBUG_MODE for "base image" services 393 | - Zabbix Agent 6.4.2 394 | - Fluent-bit 2.1.2 395 | 396 | 397 | ## 7.7.59 2023-04-21 398 | 399 | ### Added 400 | - Fluent-Bit 2.1.1 401 | 402 | 403 | ## 7.7.58 2023-04-05 404 | 405 | ### Added 406 | - Go Build 1.20.3 407 | - Fluent-bit 2.0.11 408 | 409 | 410 | ## 7.7.57 2023-04-03 411 | 412 | ### Added 413 | - S6 Overlay 3.14.2 414 | 415 | 416 | ## 7.7.56 2023-03-31 417 | 418 | ### Added 419 | - Zabbix Agent 6.4.1 420 | - YQ 4.33.1 421 | 422 | 423 | ## 7.7.55 2023-03-26 424 | 425 | ### Added 426 | - YQ 4.33.1 427 | 428 | ### Changed 429 | - Fix issue with fluentbit version 430 | 431 | 432 | ## 7.7.54 2023-03-16 433 | 434 | ### Added 435 | - Fluent-bit 2.0.10 436 | - Use Golang 1.20.1 for building again 437 | 438 | 439 | ## 7.7.53 2023-03-07 440 | 441 | ### Added 442 | - Zabbix Agent 6.4.0 443 | 444 | 445 | ## 7.7.52 2023-02-21 446 | 447 | ### Added 448 | - S6 Overlay 3.1.4.1 449 | 450 | 451 | ## 7.7.51 2023-02-20 452 | 453 | ### Added 454 | - YQ 4.31.1 455 | 456 | 457 | ## 7.7.50 2023-02-17 458 | 459 | ### Added 460 | - S6 Overlay 3.1.4.0 461 | 462 | 463 | ## 7.7.49 2023-02-15 464 | 465 | ### Changed 466 | - Additional doas fixes 467 | 468 | 469 | ## 7.7.48 2023-02-15 470 | 471 | ### Changed 472 | - Fix S6 overlay verbosity hack which now throws errors due to a blank if statement 473 | 474 | 475 | ## 7.7.47 2023-02-14 476 | 477 | ### Changed 478 | - Fix for grant_doas function not saving to correct location and set proper permissions 479 | 480 | 481 | ## 7.7.46 2023-02-06 482 | 483 | ### Added 484 | - Fluent Bit version 2.0.9 485 | - S6 Overlay 3.1.3.0 486 | - Zabbix Agent 6.2.7 487 | - YQ 4.30.8 488 | - Go build environment 1.20 489 | 490 | 491 | ## 7.7.45 2022-12-31 492 | 493 | ### Changed 494 | - Change to `service_` commands - New addition `service_list` and also `service_reset` to reset watchdog status to avoid having to restart container after triggered 495 | - `service_down` and `service_up` also take `all` argument to bring up or down all services 496 | 497 | 498 | ## 7.7.44 2022-12-23 499 | 500 | ### Added 501 | - Fluent-bit 2.0.8 502 | 503 | 504 | ## 7.7.43 2022-12-22 505 | 506 | ### Added 507 | - Start building and including yq (presently 4.30.6) - Upcoming releases will remove jq 508 | - prepare_service function ingests variables much differently when called from /etc/cont-init.d 509 | 510 | 511 | ## 7.7.42 2022-12-12 512 | 513 | ### Changed 514 | - Fix extra ampersand in Dockerfile 515 | 516 | 517 | ## 7.7.41 2022-12-12 518 | 519 | ### Changed 520 | - Fix for optimized rm command 521 | 522 | 523 | ## 7.7.40 2022-12-12 524 | 525 | ### Added 526 | - Golang build environment 1.19.4 527 | 528 | ### Changed 529 | - Allow clone_git_repo to shallow clone and still perform git describe 530 | 531 | 532 | ## 7.7.39 2022-12-11 533 | 534 | ### Added 535 | - Zabbix Agent 6.2.6 536 | 537 | 538 | ## 7.7.38 2022-12-05 539 | 540 | ### Changed 541 | - Fix for Zabbix volatile data permissions 542 | 543 | 544 | ## 7.7.37 2022-11-30 545 | 546 | ### Changed 547 | - Fix quoting issue with package remove 548 | 549 | 550 | ## 7.7.36 2022-11-29 551 | 552 | ### Changed 553 | - Quiet down package function 554 | 555 | 556 | ## 7.7.35 2022-11-29 557 | 558 | ### Changed 559 | - Better handle package removals 560 | 561 | 562 | ## 7.7.32 2022-11-29 563 | 564 | ### Added 565 | - Introduce "package" function 566 | 567 | 568 | ## 7.7.31 2022-11-25 569 | 570 | ### Added 571 | - Fluent-bit 2.0.6 572 | 573 | 574 | ## 7.7.30 2022-11-11 575 | 576 | ### Added 577 | - Golang build environment 1.19.3 578 | - Fluent-bit 2.0.5 579 | 580 | 581 | ## 7.7.29 2022-11-08 582 | 583 | ### Added 584 | - Fluent-bit 2.0.4 585 | 586 | 587 | ## 7.7.28 2022-11-07 588 | 589 | ### Added 590 | - Zabbix Agent 6.2.4 591 | 592 | 593 | ## 7.7.27 2022-10-29 594 | 595 | ### Added 596 | - Fluent-Bit 2.0.3 597 | 598 | 599 | ## 7.7.26 2022-10-27 600 | 601 | ### Added 602 | - Fluent-bit 2.0.2 603 | 604 | 605 | ## 7.7.25 2022-10-25 606 | 607 | ### Added 608 | - Fluent-bit 2.0.0 609 | - Golang Build environment 1.19.2 610 | 611 | 612 | ## 7.7.24 2022-10-04 613 | 614 | ### Changed 615 | - Death by if statements 616 | 617 | 618 | ## 7.7.23 2022-10-04 619 | 620 | ### Changed 621 | - For real, fix for clone_git_repo and .git extensions 622 | 623 | 624 | ## 7.7.22 2022-10-03 625 | 626 | ### Changed 627 | - Final clone_git_repo modifications 628 | 629 | 630 | ## 7.7.21 2022-10-03 631 | 632 | ### Changed 633 | - Additional work on 'clone_git_repo' function 634 | 635 | 636 | ## 7.7.20 2022-10-01 637 | 638 | ### Added 639 | - Add custom_dir to clone_git_repo function 640 | 641 | 642 | ## 7.7.19 2022-10-01 643 | 644 | ### Changed 645 | - Start pulling submodules with clone_git_repo function 646 | 647 | 648 | ## 7.7.18 2022-10-01 649 | 650 | ### Changed 651 | - Tweak to update_templates function to allow wildcards 652 | 653 | 654 | ## 7.7.17 2022-09-29 655 | 656 | ### Added 657 | - Change default shell to /bin/bash when building descendent Dockerfiles 658 | 659 | ### Changed 660 | - Refine clone_git_repo function 661 | 662 | 663 | ## 7.7.16 2022-09-29 664 | 665 | ### Changed 666 | - Add check for git existence for clone_git_repo 667 | 668 | 669 | ## 7.7.15 2022-09-29 670 | 671 | ### Added 672 | - Add envsubst binary 673 | 674 | 675 | ## 7.7.14 2022-09-29 676 | 677 | ### Added 678 | - Introduce clone_git_repo function for bandwidth and space saving purposes 679 | - Introduce install_template function for copying files with correct permissions 680 | - Introduce update_template to update tags in template files - Create templates tags like {{VALUE}} in your files to update 681 | 682 | 683 | ## 7.7.13 2022-09-29 684 | 685 | ### Added 686 | - Fluent-bit 1.9.9 687 | - Golang for building 1.19.1 688 | 689 | 690 | ## 7.7.12 2022-09-21 691 | 692 | ### Added 693 | - Zabbix Agent 6.2.3 694 | 695 | 696 | ## 7.7.11 2022-09-11 697 | 698 | ### Added 699 | - Fluent-bit 1.9.8 700 | 701 | 702 | ## 7.7.10 2022-09-05 703 | 704 | ### Fixed 705 | - MSMTP Configuration doesn't like all caps letters 706 | 707 | 708 | ## 7.7.9 2022-08-30 709 | 710 | ### Added 711 | - Zabbix Agent 6.2.2 712 | - S6 Overlay 3.1.2.1 713 | - GO Build 1.19 714 | 715 | 716 | ## 7.7.8 2022-08-17 717 | 718 | ### Changed 719 | - Start taking over pid of services.avaialable scripts 720 | 721 | 722 | ## 7.7.7 2022-08-15 723 | 724 | ### Changed 725 | - Change Fail2ban gid to 65500 as LXC containers can't start on higher than 65535 726 | 727 | 728 | ## 7.7.6 2022-08-12 729 | 730 | ### Changed 731 | - Make logrotate use /etc/logrotate.conf as main configuration 732 | 733 | 734 | ## 7.7.5 2022-08-11 735 | 736 | ### Added 737 | - Fluent-bit 1.9.7 738 | - Customizable compssion types for logrotate, now defaults to using zstd 739 | - Function for zcat to handle bz/xz/gz/zst 740 | 741 | ### Changed 742 | - Fix error when CRON_PERIOD exists as a default or environment variable 743 | 744 | 745 | ## 7.7.4 2022-08-06 746 | 747 | ### Added 748 | - Add third and fourth argument to custom_files function to change ownership post copy 749 | 750 | 751 | ## 7.7.3 2022-08-06 752 | 753 | ### Changed 754 | - Additional fix to custom_scripts function 755 | 756 | 757 | ## 7.7.2 2022-08-05 758 | 759 | ### Changed 760 | - Fix for custom_scripts function not firing 761 | 762 | 763 | ## 7.7.1 2022-08-05 764 | 765 | ### Changed 766 | - Fix busted CONTAINER_POST_INIT_COMMAND feature 767 | 768 | 769 | ## 7.7.0 2022-08-05 770 | 771 | ### Added 772 | - Firewall Support - Now have the capability of either loading an iptables.rules file or using environment variables to set individual IPTables rules inside the container 773 | - Fail2Ban Support - Along with above, embed fail2ban within the container rather than having it maintained downstream in many images. Drop your jails and filters in /etc/fail2ban/filters.d and /etc/fail2ban/jails.d 774 | - Go 1.19.0 build chain 775 | 776 | 777 | ## 7.6.26 2022-07-27 778 | 779 | ### Added 780 | - Added option to show output of application on the final execution before process runaway guard is activated 781 | 782 | 783 | ## 7.6.25 2022-07-27 784 | 785 | ### Changed 786 | - Quiet down dir_empty and dir_notempty functions 787 | 788 | 789 | ## 7.6.24 2022-07-25 790 | 791 | ### Changed 792 | - Fix Process Watchdog in various situations from throwing an error about line 729 793 | 794 | 795 | ## 7.6.23 2022-07-25 796 | 797 | ### Added 798 | - Zabbix Agent 6.2.1 799 | - Fluent-bit 1.9.6 800 | 801 | 802 | ## 7.6.22 2022-07-18 803 | 804 | ### Added 805 | - Parity with tiredofit/alpine 7.6.22 806 | 807 | 808 | ## 7.6.21 2022-07-18 809 | 810 | ### Added 811 | - Version parity to tiredofit/alpine:7.6.21 812 | 813 | 814 | ## 7.6.20 2022-07-07 815 | 816 | ### Added 817 | - Zabbix Agent 6.2.0 818 | 819 | 820 | ## 7.6.19 2022-07-05 821 | 822 | ### Added 823 | - Add blank /etc/fluent-bit/parsers.d directory 824 | 825 | 826 | ## 7.6.18 2022-07-05 827 | 828 | ### Changed 829 | - Fix issues relating to Fluent-Bit not parsing configuration correctly due to logrotate shift 830 | 831 | 832 | ## 7.6.17 2022-07-04 833 | 834 | ### Changed 835 | - Add version ARG in FROM Dockerfile 836 | 837 | 838 | ## 7.6.16 2022-06-29 839 | 840 | ### Added 841 | - Zabbix Agent 6.0.6 842 | - S6 Overlay 3.1.1.2 843 | 844 | 845 | ## 7.6.15 2022-06-24 846 | 847 | ### Added 848 | - Bring to Parity with tiredofit/alpine 849 | 850 | 851 | ## 7.6.14 2022-06-24 852 | 853 | ### Added 854 | - Add libyaml-0-2 for runtime operations 855 | 856 | 857 | ## 7.6.13 2022-06-23 858 | 859 | ### Changed 860 | - Add libyaml-dev to properly compile fluent-bit 861 | 862 | 863 | ## 7.6.12 2022-06-23 864 | 865 | ### Added 866 | - S6 Overlay 3.1.1.1 867 | - Fluent-bit 1.9.5 868 | 869 | 870 | ## 7.6.11 2022-06-22 871 | 872 | ### Changed 873 | - Rollback to S6 Overlay 3.1.0.1 874 | 875 | 876 | ## 7.6.10 2022-06-17 877 | 878 | ### Added 879 | - S6 Overlay 3.1.1.0 880 | 881 | 882 | ## 7.6.9 2022-06-15 883 | 884 | ### Added 885 | - Fluent-bit 1.9.4 886 | 887 | 888 | ## 7.6.8 2022-06-05 889 | 890 | ### Reverted 891 | - Drop Jessie and Stretch Support 892 | 893 | 894 | ## 7.6.7 2022-06-05 895 | 896 | 897 | ## 7.6.6 2022-06-04 898 | 899 | ### Added 900 | - Strip 30mb from base image due to cleanup that occurs similar to debian:sim 901 | 902 | 903 | ## 7.6.5 2022-06-03 904 | 905 | ### Added 906 | - Add Ubuntu init script support 907 | 908 | 909 | ## 7.6.4 2022-06-01 910 | 911 | ### Added 912 | - Build with Golang 1.18.3 913 | 914 | 915 | ## 7.6.3 2022-05-30 916 | 917 | ### Added 918 | - Zabbix Agent 6.0.5 919 | 920 | 921 | ## 7.6.2 2022-05-24 922 | 923 | ### Changed 924 | - Change bash prompt to show pathname when working inside container 925 | 926 | 927 | ## 7.6.1 2022-05-03 928 | 929 | ### Changed 930 | - Zabbix Agent 6.0.4 931 | 932 | 933 | ## 7.6.0 2022-04-30 934 | 935 | ### Changed 936 | - Move /etc/logrotate.d assets to /assets/logrotate to avoid packages being upgraded auto adding more configuration 937 | 938 | 939 | ## 7.5.5 2022-04-05 940 | 941 | ### Added 942 | - Zabbix Agent 6.0.3 943 | 944 | 945 | ## 7.5.4 2022-03-23 946 | 947 | ### Added 948 | - Fluent-bit 1.8.15 949 | 950 | 951 | ## 7.5.3 2022-03-22 952 | 953 | ### Added 954 | - Add inetutils-ping package 955 | 956 | 957 | ## 7.5.2 2022-03-18 958 | 959 | ### Added 960 | - Fluent-bit 1.8.14 961 | 962 | 963 | ## 7.5.1 2022-03-16 964 | 965 | ### Added 966 | - Build Zabbix Agent with Go 1.18 967 | 968 | 969 | ## 7.5.0 2022-03-15 970 | 971 | ### Added 972 | - Introduce Container File Logging Support 973 | 974 | 975 | ## 7.4.2 2022-03-14 976 | 977 | ### Added 978 | - Zabbix Agent 6.0.2 979 | 980 | ### Changed 981 | - Patchup for missing folder for cold start notifications 982 | 983 | 984 | ## 7.4.1 2022-03-11 985 | 986 | ### Added 987 | - - Add CONTAINER_PROCESS_RUNAWAY_PROTECTOR function to disable a service from restarting (X) amount of times and taking down a system 988 | 989 | 990 | ## 7.4.0 2022-03-10 991 | 992 | ### Changed 993 | - Change /tmp/.container to /tmp/.container 994 | - Add logic to tell when a container was started and when it was warm started 995 | 996 | 997 | ## 7.3.9 2022-03-08 998 | 999 | ### Added 1000 | - S6 Overlay 3.1.0.1 1001 | 1002 | 1003 | ## 7.3.8 2022-03-02 1004 | 1005 | ### Added 1006 | - Add CONTAINER_POST_INIT_SCRIPT and CONTAINER_POST_INIT_COMMAND environment variables to either execute scripts or commands at the very end of the container initialization process 1007 | 1008 | 1009 | ## 7.3.7 2022-03-02 1010 | 1011 | ### Added 1012 | - Fluent-bit 1.8.13 1013 | 1014 | 1015 | ## 7.3.6 2022-03-01 1016 | 1017 | ### Added 1018 | - Zabbix Agent 6.0.1 1019 | - S6 Overlay 3.0.0.2-2 (3.0.10.0 ??) 1020 | - Golang 1.17.7 for building agents 1021 | 1022 | 1023 | ## 7.3.5 2022-02-15 1024 | 1025 | ### Added 1026 | - Add truefalse_onezero function 1027 | 1028 | 1029 | ## 7.3.4 2022-02-14 1030 | 1031 | ### Changed 1032 | - Fix downstream images relying on sudo for Zabbix 1033 | 1034 | 1035 | ## 7.3.3 2022-02-14 1036 | 1037 | ### Added 1038 | - Zabbix Agent 6.0.0 1039 | 1040 | 1041 | ## 7.3.2 2022-02-11 1042 | 1043 | ### Changed 1044 | - Fix for cron log directory not being created at startup 1045 | 1046 | 1047 | ## 7.3.1 2022-02-10 1048 | 1049 | ### Changed 1050 | - Fix for slower machines that timeout after 5 seconds of container configuration 1051 | 1052 | 1053 | ## 7.3.0 2022-02-07 1054 | 1055 | ### Added 1056 | - S6 Overlay 3.0.0.2 1057 | - FluentBit 1.7.12 1058 | - Zabbix Agent 5.4.10 1059 | - New functions (create_zabbix) for easier development 1060 | - doas package for eventual replacement of sudo 1061 | - Added new helpers on command line (service_up/service_down/changelog/version) 1062 | - Added banner showing image name and version upon startup 1063 | - Custom Bash Prompt when entering in container 1064 | 1065 | ### Changed 1066 | - Stop relying on /usr/bin/with-contenv - Instead use recommended /command/ folder as outlined in S6 overlay documentation 1067 | - Cleanup of code and allow for CaMeLCasE environment variables (specifically for var_true/var_false and others) 1068 | - Many optimizations and cleanup of scripts for pure modernization sake 1069 | 1070 | ### Removed 1071 | - Removed fix-attrs.d reliance due to deprecation by S6 Overlay 1072 | 1073 | 1074 | ## 7.2.19 2022-01-20 1075 | 1076 | ### Changed 1077 | - Rework again db_ready command for MySQL/MariaDB to properly support using 'root' 1078 | 1079 | 1080 | ## 7.2.18 2022-01-06 1081 | 1082 | ### Changed 1083 | - Change db_ready mariadb function to support Percona/MySQL 5.7+ without needing PROCESS privileges 1084 | 1085 | 1086 | ## 7.2.17 2021-12-27 1087 | 1088 | ### Added 1089 | - Zabbix Agent 5.4.9 1090 | 1091 | 1092 | ## 7.2.16 2021-12-21 1093 | 1094 | ### Fixed 1095 | - Actually disable "messaging" via both environment variables 1096 | 1097 | ## 7.2.15 2021-12-21 1098 | 1099 | ### Added 1100 | - Add jq package 1101 | 1102 | 1103 | ## 7.2.14 2021-12-17 1104 | 1105 | ### Added 1106 | - Fluent-bit 1.8.11 1107 | 1108 | 1109 | ## 7.2.13 2021-12-15 1110 | 1111 | ### Changed 1112 | - Fix for Dockerfile build for Zabbix Agent 2 1113 | - Fix for Zabbix Hostname Auto registration 1114 | 1115 | 1116 | ## 7.2.12 2021-12-15 1117 | 1118 | ### Added 1119 | - Add auto register for Fluentbit if enabled 1120 | 1121 | 1122 | ## 7.2.11 2021-12-15 1123 | 1124 | ### Changed 1125 | - Do the same cleanup for AUTOREGISTER_DNS as Autoregister 1126 | 1127 | 1128 | ## 7.2.10 2021-12-13 1129 | 1130 | ### Added 1131 | - Add switchable Zabbix Autoregistration capability 1132 | - Add Zabbix Autoregistration by DNS name instead of IP address capability 1133 | 1134 | 1135 | ## 7.2.9 2021-12-10 1136 | 1137 | ### Changed 1138 | - Fix for Zabbix Container OS detection 1139 | 1140 | 1141 | ## 7.2.8 2021-12-10 1142 | 1143 | ### Changed 1144 | - Cleanup permissions for root Zabbix configuration folder 1145 | 1146 | 1147 | ## 7.2.7 2021-12-08 1148 | 1149 | ### Changed 1150 | - Stop writing multiple HostMetadata keys in Zabbix configuration 1151 | 1152 | 1153 | ## 7.2.6 2021-12-06 1154 | 1155 | ### Changed 1156 | - Move Zabbix Autoregister to last to ensure proper parsing 1157 | 1158 | 1159 | ## 7.2.5 2021-12-06 1160 | 1161 | ### Added 1162 | - Add zabbix_get to image 1163 | 1164 | 1165 | ## 7.2.4 2021-12-03 1166 | 1167 | ### Changed 1168 | - Fix for Dockerfile build 1169 | 1170 | 1171 | ## 7.2.3 2021-12-03 1172 | 1173 | ### Added 1174 | - Introduce Zabbix Agent Autoregister support by parsing '/etc/zabbix/zabbix_agentd.conf.d/*.conf' looking for '# Autoregister=' string. See README" 1175 | 1176 | 1177 | ## 7.2.2 2021-12-03 1178 | 1179 | ### Changed 1180 | - Consolidate Zabbix Container Agent configuration into one file and introduce Autoregister header 1181 | - Tighten up permissions on Zabbix log and configuration areas 1182 | 1183 | 1184 | ## 7.2.1 2021-12-03 1185 | 1186 | ### Changed 1187 | - Move Zabbix Agent Socket and PidFile to private directory 1188 | 1189 | 1190 | ## 7.2.0 2021-12-03 1191 | 1192 | ### Added 1193 | - Add Zabbix Agent PSK Encryption 1194 | 1195 | 1196 | ## 7.1.26 2021-11-29 1197 | 1198 | ### Added 1199 | - Zabbix Agent 5.4.8 1200 | 1201 | 1202 | ## 7.1.25 2021-11-25 1203 | 1204 | ### Changed 1205 | - Fix for Zabbix agent OS checking 1206 | 1207 | 1208 | ## 7.1.22 2021-11-19 1209 | 1210 | ### Added 1211 | - Fluent-bit 1.8.10 1212 | 1213 | 1214 | ## 7.1.21 2021-10-28 1215 | 1216 | ### Added 1217 | - Fluent-bit 1.8.9 1218 | - Zabbix Agent 5.4.7 1219 | 1220 | 1221 | ## 7.1.20 2021-10-28 1222 | 1223 | ### Changed 1224 | - Disable time format parsing for Zabbix Agent with fluent-bit 1225 | 1226 | 1227 | ## 7.1.19 2021-10-22 1228 | 1229 | ### Added 1230 | - Added new features and defaults for Fluent-Bit Tail Input Plugin 1231 | 1232 | 1233 | ## 7.1.18 2021-10-13 1234 | 1235 | ### Added 1236 | - Zabbix Agent 5.4.5 1237 | - Fluent-Bit 1.8.8 1238 | - GoLang 1.17.2 for building Zabbix Agents 1239 | 1240 | 1241 | ## 7.1.17 2021-09-23 1242 | 1243 | ### Changed 1244 | - Fix fluent-bit parsing configuration 1245 | 1246 | 1247 | ## 7.1.15 2021-09-19 1248 | 1249 | ### Added 1250 | - Fluent-bit 1.8.7 1251 | 1252 | 1253 | ## 7.1.14 2021-09-05 1254 | 1255 | ### Changed 1256 | - Unmatched sed statement 1257 | 1258 | 1259 | ## 7.1.13 2021-09-05 1260 | 1261 | ### Changed 1262 | - Fix for multiple parsers appearing in all fluent-bit configurations 1263 | 1264 | 1265 | ## 7.1.12 2021-09-04 1266 | 1267 | ### Changed 1268 | - Change syntax for create_logrotate 1269 | 1270 | 1271 | ## 7.1.11 2021-09-04 1272 | 1273 | ### Changed 1274 | - Fix for create_logrotate function unneccessarily requesting su access 1275 | - Zabbix Agent Logrotate/Fluent bit configuration fix 1276 | 1277 | 1278 | ## 7.1.10 2021-09-03 1279 | 1280 | ### Changed 1281 | - Cleanup fluentbit logrotate name 1282 | 1283 | 1284 | ## 7.1.9 2021-09-03 1285 | 1286 | ### Changed 1287 | - Properly read wildcards as wildcards for fluentbit logrotate configuration 1288 | 1289 | 1290 | ## 7.1.8 2021-09-01 1291 | 1292 | ### Added 1293 | - Fluent-bit 1.8.6 1294 | 1295 | ### Changed 1296 | - Set SMTP_AUTO_FROM default to FALSE 1297 | - Quiet down some grep commands when auto generating fluent-bit configs 1298 | 1299 | 1300 | ## 7.1.7 2021-08-31 1301 | 1302 | ### Changed 1303 | - Fix double slashes in logrotate paths if auto generated 1304 | 1305 | 1306 | ## 7.1.6 2021-08-31 1307 | 1308 | ### Changed 1309 | - Fix for Zabbix Agent 2 fluent-bit parsing 1310 | 1311 | 1312 | ## 7.1.5 2021-08-30 1313 | 1314 | ### Added 1315 | - Fluent-bit 1.8.5 1316 | 1317 | 1318 | ## 7.1.4 2021-08-30 1319 | 1320 | ### Added 1321 | - Zabbix Agent 5.4.4 1322 | 1323 | 1324 | ## 7.1.3 2021-08-30 1325 | 1326 | ### Added 1327 | - Add Zabbix Agent (classic/modern) Log Shipping parsers for fluent-bit 1328 | 1329 | 1330 | ## 7.1.2 2021-08-30 1331 | 1332 | ### Changed 1333 | - Change references from 'edge' to 3.15 when looking at os-release 1334 | 1335 | 1336 | ## 7.1.1 2021-08-27 1337 | 1338 | ### Added 1339 | - Add TLS Verification for LOKI Output plugin (Logshipping/Fluent-bit) 1340 | 1341 | 1342 | ## 7.1.0 2021-08-25 1343 | 1344 | ### Added 1345 | - Fluent-Bit 1.8.3 - Only available for Alpine 3.11 and up 1346 | - Customize the amount of days logrotate retains archived logs 1347 | - New CONTAINER_NAME variable that is used for Monitoring and log shipping 1348 | - Auto configuration of output plugins for Fluent-Bit (NULL, LOKI, Forward/FluentD) 1349 | - Auto configuration of Log shipping for files already setup to use log rotation 1350 | - Multiple Parsers support for Log Shipping 1351 | - Add new log to ship via fluent-bit via environment variable 1352 | 1353 | ### Changed 1354 | - Change SMTP_TLS, SMTP_STARTTLS, SMTP_TLSCERTCHECK from "on/off" values to `TRUE|FALSE` 1355 | - Fix for MSMTP backend not properly accounting for legacy variables (ENABLE_SMTP) 1356 | 1357 | ## 7.0.3 2021-08-04 1358 | 1359 | ### Added 1360 | - Bring monitoring cont-init.d script up to parity with debian side for ease of codebase 1361 | 1362 | 1363 | ## 7.0.2 2021-07-26 1364 | 1365 | ### Changed 1366 | - Fix for Zabbix Agent 2 File Logging 1367 | 1368 | 1369 | ## 7.0.1 2021-07-25 1370 | 1371 | ### Added 1372 | - Zabbix Agent 5.4.3 1373 | 1374 | ### Changed 1375 | - Change the location where Zabbix Agent logs 1376 | 1377 | 1378 | ## 7.0.0 2021-07-05 1379 | 1380 | Major changes to this base image, reworking technical debt, creating consistency, and building hooks and expansion capabilities for future purposes. 1381 | 1382 | ### Added 1383 | - Log Shipping support, presently supporting Fluent Bit (x86_64 only) 1384 | - Zabbix Agent 5.4.2 1385 | - Zabbix Agent 2 (modern/go) included, 1 (classic/c) still remains 1386 | - Dyanmically add crontab entries via CRON_* environment variables 1387 | - Prefix container logs with Timestamp 1388 | - Process watchdog support should a process execute multiple times (hooks) 1389 | - Development functions for ease of use 1390 | 1391 | ### Changed 1392 | - Service Names, and order of execution 1393 | - db_ready and sanity_db functions take additional arguments 1394 | - Environment Variable names have changed, attempts have been made to ensure legacy variable names will still function but will be removed at a later date 1395 | - Rewrote permissions changing routines from scratch 1396 | 1397 | ## 6.1.3 2021-07-19 1398 | 1399 | ### Changed 1400 | - Change from Debian cron to Busybox cron 1401 | 1402 | 1403 | ## 6.1.2 2021-05-18 1404 | 1405 | ### Added 1406 | - Zabbix Agent 5.4.0 1407 | 1408 | 1409 | ## 6.1.1 2021-05-18 1410 | 1411 | ### Added 1412 | - Add bullseye builds 1413 | - Zabbix Agent 5.2.6 1414 | 1415 | 1416 | ## 6.1.0 2021-05-01 1417 | 1418 | ### Added 1419 | - Start compiling Zabbix Agent due to too many issues with repositories and multi arch 1420 | 1421 | 1422 | ## 6.0.4 2021-05-01 1423 | 1424 | ### Reverted 1425 | - Remove routine that inserts (distrib)-backports. Was causing too many problems for debian/buster with SSL 1426 | 1427 | 1428 | ## 6.0.3 2021-04-20 1429 | 1430 | ### Changed 1431 | - FIx for 05-smtp initialization not allowing SMTP_AUTO_FROM 1432 | 1433 | 1434 | ## 6.0.2 2021-04-16 1435 | 1436 | ### Added 1437 | - Add apt-utils package 1438 | 1439 | ### Changed 1440 | - Don't install zstd for Debian Jessie as it's breaking CI/CD 1441 | 1442 | 1443 | ## 6.0.1 2021-04-16 1444 | 1445 | ### Added 1446 | - Add zstd to core applications 1447 | 1448 | ### Changed 1449 | - Core folder permission sanity check 1450 | 1451 | 1452 | ## 6.0.0 2021-03-29 1453 | 1454 | ### Added 1455 | - Multi Arch Builds (amd64,arm,arm64) 1456 | 1457 | ### Changed 1458 | - Zabbix Agent now pulls from backports if possible, no longer installs from official Zabbix repository due to lack of multiarch capability 1459 | - Switched back to single branch for building all versions taking advantage of GitHub actions 1460 | - ENABLE_PERMISSIONS by default=TRUE 1461 | 1462 | ### Removed 1463 | - MailHog SMTP Tester 1464 | 1465 | 1466 | ## 5.1.2 2021-03-14 1467 | 1468 | ### Added 1469 | - S6 Overlay 2.2.0.3 1470 | 1471 | 1472 | ## 5.1.1 2021-01-04 1473 | 1474 | ### Changed 1475 | - Fix Group ID altering function 1476 | 1477 | 1478 | ## 5.1.0 2020-11-14 1479 | 1480 | ### Added 1481 | - S6 Overlay 2.1.0.2 1482 | - Zabbix Agent 5.2 1483 | 1484 | 1485 | ## 5.0.11 2020-09-15 1486 | 1487 | ### Added 1488 | - Add LOGROTATE_FORCE environment variable 1489 | 1490 | 1491 | ## 5.0.10 2020-08-25 1492 | 1493 | ### Changed 1494 | - Fix warning with Zabbix Agent 1495 | 1496 | 1497 | ## 5.0.9 2020-08-15 1498 | 1499 | ### Changed 1500 | - Reapply SMTP_FROM statement 1501 | 1502 | 1503 | ## 5.0.8 2020-08-11 1504 | 1505 | ### Changed 1506 | - Fix container startup routine check 1507 | 1508 | 1509 | ## 5.0.7 2020-08-01 1510 | 1511 | ### Added 1512 | - Add dos2unix tool 1513 | - Add SMTP_FROM environment variable to solve missing from address mail errors with msmtp 1514 | 1515 | 1516 | ## 5.0.6 2020-06-15 1517 | 1518 | ### Changed 1519 | - Fix broken db_ready function 1520 | 1521 | 1522 | ## 5.0.5 2020-06-15 1523 | 1524 | ### Changed 1525 | - Bugfixes and code cleanup 1526 | 1527 | 1528 | ## 5.0.4 2020-06-13 1529 | 1530 | ### Added 1531 | - Ability to disable logrotate 1532 | 1533 | 1534 | ## 5.0.3 2020-06-11 1535 | 1536 | ### Changed 1537 | - Change logrotate to be called from absolute path in cron 1538 | 1539 | 1540 | ## 5.0.2 2020-06-11 1541 | 1542 | ### Changed 1543 | - Delete /etc/logrotate.d/ contents 1544 | 1545 | 1546 | ## 5.0.1 2020-06-11 1547 | 1548 | ### Added 1549 | - Added netcat-openbsd package 1550 | 1551 | 1552 | ## 5.0.0 2020-06-10 1553 | 1554 | ### Added 1555 | - Split Defaults and Functions into seperate files for cleanliness 1556 | - Additional functions to load defaults/functions per script 1557 | - Additional functions for checking if files/directories/sockets/ports are available before proceeding 1558 | - Cleanup Container functions file to satisy shellcheck 1559 | 1560 | ### Changed 1561 | - All /etc/s6/services files moved to /etc/services.available - Legacy images that have not been updated will still function but will always execute 1562 | 1563 | 1564 | ## 4.6.1 2020-06-08 1565 | 1566 | ### Added 1567 | - Zabbix Agent 5.0.x 1568 | 1569 | 1570 | ## 4.6.0 2020-06-06 1571 | 1572 | ### Added 1573 | - S6 Overlay 2.0.0.1 1574 | 1575 | ### Changed 1576 | - Timezone changed to `Etc/GMT` 1577 | - Default mail domain changed to non internet-domain 'local' 1578 | 1579 | ## 4.5.0 2020-05-01 1580 | 1581 | ### Added 1582 | - Update to latest functions 1583 | 1584 | 1585 | ## 4.4.4 2020-03-16 1586 | 1587 | ### Changed 1588 | - Spelling mistake in 4.4.3 1589 | 1590 | 1591 | ## 4.4.3 2020-03-16 1592 | 1593 | ### Changed 1594 | - Patchup for Services that do not have initialization scripts 1595 | 1596 | 1597 | ## 4.4.2 2020-03-16 1598 | 1599 | ### Changed 1600 | - Change msmtp configuraiton file location 1601 | 1602 | 1603 | ## 4.4.1 2020-03-14 1604 | 1605 | ### Changed 1606 | - Fix when trying to disable Zabbix Monitoring throwing errors 1607 | 1608 | 1609 | ## 4.4.0 2020-03-04 1610 | 1611 | ### Added 1612 | - Added new functions for service starting and stopping 1613 | - Reworked how services are stopped and started to ensure nothing in services are executed until successful completion of init scripts. This bhas the potential of breaking all downstream images if they are not updated. 1614 | - Rewrote SMTP confgiuration 1615 | 1616 | 1617 | ## 4.3.0 2020-03-02 1618 | 1619 | ### Added 1620 | - New routine to cleanup /tmp/.container for users who only restart the container, not fully bring down and remove. 1621 | 1622 | 1623 | ## 4.2.0 2020-02-12 1624 | 1625 | ### Added 1626 | - Reworked Debug Mode to quiet down output on core services and cut down on unnecessary noise 1627 | - Reworked Container Initialization Check to clearly show which file hasn't successfully completed 1628 | 1629 | 1630 | ## 4.1.5 2020-01-11 1631 | 1632 | ### Changed 1633 | - Additional fix for check_service_initialized function to properly look for finished /etc/s6/services processes 1634 | 1635 | ## 4.1.4 2020-01-11 1636 | 1637 | ### Changed 1638 | - Fix for check_service_initialized function to properly look for finished /etc/s6/services processes 1639 | 1640 | ## 4.1.3 2020-01-10 1641 | 1642 | ### Changed 1643 | - Remove code showing $dirname erronously on process startup 1644 | 1645 | ## 4.1.2 2020-01-10 1646 | 1647 | ### Added 1648 | - Quiet down sudo error 1649 | - Zabbix 4.4.4 Agent 1650 | 1651 | 1652 | ## 4.1.1 2020-01-02 1653 | 1654 | ### Changed 1655 | - check_service_initialized was throwing false information 1656 | 1657 | 1658 | ## 4.1.0 2020-01-01 1659 | 1660 | ### Added 1661 | - Start splitting out Defaults into seperate /assets/functions/* files 1662 | 1663 | ### Changed 1664 | - Cleanup of Permissions Changing routines 1665 | 1666 | ## 4.0.1 2020-01-01 1667 | 1668 | ### Added 1669 | - New text output for Notices 1670 | 1671 | ### Changed 1672 | - Additional checks to ensure cont-init.d scripts have finished executing 1673 | 1674 | ## 4.0.0 2020-01-01 1675 | 1676 | ### Added 1677 | - Now relying on Container Level functions file 1678 | - Easier methods for displaying console output 1679 | - Colorized Prompts 1680 | - Cleaner Startup Routines 1681 | - Sanity Check to not start any processes until all startup scripts completed 1682 | 1683 | ### Changed 1684 | - When DEBUG_MODE set stop taking over SMTP functionality. Require DEBUG_SMTP=TRUE instead 1685 | 1686 | ## 3.9.3 2019-12-20 1687 | 1688 | ### Added 1689 | - Alpine 3.11 Base 1690 | 1691 | 1692 | ## 3.9.2 2019-08-23 1693 | 1694 | * Cleanup lines subversion. 1695 | 1696 | ## 3.9.1 2019-08-23 1697 | 1698 | * Cleanup variable. 1699 | 1700 | ## 3.9 2019-07-15 1701 | 1702 | * Add Busybox Extras 1703 | 1704 | ## 3.8.2 2019-04-06 1705 | 1706 | * S6 Overlay 1.22.1.0 1707 | 1708 | ## 3.8.1 2019-01-13 1709 | 1710 | * Cleanup Cache 1711 | 1712 | ## 3.8 2018-10-17 1713 | 1714 | * Force executible permissions on S6 Directories 1715 | 1716 | ## 3.7 2018-10-14 1717 | 1718 | * Bump Zabbix to 4.0 1719 | 1720 | ## 3.6 2018-09-19 1721 | 1722 | * Set +x on all descendents of /etc/s6/services 1723 | 1724 | ## 3.5 2018-07-27 1725 | 1726 | * Add TERM=xterm 1727 | 1728 | ## 3.4 2018-07-02 1729 | 1730 | * Revert back to using && \ instead of ; \ in Dockerfile 1731 | * Add ENABLE_GMAIL_SMTP environment variable thanks to @joeyberkovitz 1732 | 1733 | ## 3.3 2018-04-22 1734 | 1735 | * Update 01-permissions to quiet down if no UIDs changed. 1736 | * Refinements to MailHog, to always route through msmtp 1737 | 1738 | ## 3.2 2018-04-15 1739 | 1740 | * Update Zabbix UID/GID 1741 | 1742 | ## 3.1 2018-03-25 1743 | 1744 | * Update MailHog Test Server Startup 1745 | 1746 | ## 3.0 2018-03-14 1747 | 1748 | * Add 01-permissions script to support change uid & gid and add user to group: 1749 | * USER_= 1750 | * GROUP_= 1751 | * GROUP_ADD_= 1752 | * UID & GID in /etc/passwd & /etc/group will be modified. 1753 | * Old 01- 02- 03- scripts renamed after the new 01-permissions as 02- 03- 04- 1754 | 1755 | ## 2.18 2017-02-15 1756 | 1757 | * Update File Permissions for logrotate.d 1758 | 1759 | ## 2.17 2017-02-01 1760 | 1761 | * Init Scripts Update 1762 | * msmtp Update 1763 | 1764 | ## 2.16 2017-01-29 1765 | 1766 | * More Permissions Fixes 1767 | 1768 | ## 2.15 2017-01-29 1769 | 1770 | * Add Grep, sudo 1771 | * Fix Permissions 1772 | 1773 | ## 2.14 2017-01-29 1774 | 1775 | * Add Container Package Check 1776 | 1777 | ## 2.13 2017-01-28 1778 | 1779 | * Add zabbix-utils to edge 1780 | * Update S6 Overlay to 1.21.2.2 1781 | 1782 | ## 2.12 2017-01-28 1783 | 1784 | * Add Zabbix Check for Updated Packages 1785 | 1786 | ## 2.11 2017-12-24 1787 | 1788 | * Check for custom cron files in /assets/cron-custom/ on startup 1789 | 1790 | ## 2.10 2017-12-01 1791 | 1792 | * Update S6 overlay to 1.21.2.1 1793 | * Add Alpine 3.7 1794 | * Remove Alpine 3.2 1795 | 1796 | ## 2.9 2017-10-23 1797 | 1798 | * Update S6 overlay to 1.21.1.1 1799 | 1800 | ## 2.8 2017-09-27 1801 | 1802 | * Updated Alpine Edge to Zabbix-Agent Package as opposed to Compiling 1803 | * Quieted down service startup to avoid duplication 1804 | 1805 | ## 2.7 2017-09-26 1806 | 1807 | * Added more verbosity to services being enabled/disabled 1808 | 1809 | ## 2.6 2017-09-18 1810 | 1811 | * Add Alpine 3.2, 3.3 for legacy purposes 1812 | * Fix Scripts for checking enabling services 1813 | 1814 | ## 2.5 2017-09-02 1815 | 1816 | * Move to Zabbix 3.4.1 instead of compiling from TRUNK 1817 | 1818 | ## 2.4 2017-09-01 1819 | 1820 | * Update S6 Overlay to 1.2.0.0 1821 | 1822 | ## 2.3 2017-08-28 1823 | 1824 | * Added `DEBUG_SMTP` environment variable to trap SMTP messages accesible via port 8025 1825 | 1826 | ## 2.2 2017-08-27 1827 | 1828 | * Added MSMTP to be able to route mail to external hosts 1829 | 1830 | ## 2.1 2017-08-27 1831 | 1832 | * Added DEBUG_MODE environment variable 1833 | * Added TIMEZONE environment variable 1834 | * Added ENABLE_CRON, ENABLE_ZABBIX switches 1835 | * Built mechanisms to not start processes until container initialized 1836 | * Zabbix Agent Configuration can be controlled and adjusted via Environment Variables 1837 | * General Tidying Up 1838 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | ARG DEBIAN_VERSION=bookworm 2 | 3 | FROM docker.io/debian:${DEBIAN_VERSION} 4 | LABEL maintainer="Dave Conroy (github.com/tiredofit)" 5 | 6 | ARG GOLANG_VERSION=1.24.2 7 | ARG DOAS_VERSION 8 | ARG FLUENTBIT_VERSION 9 | ARG S6_OVERLAY_VERSION 10 | ARG YQ_VERSION 11 | ARG ZABBIX_VERSION 12 | 13 | ENV FLUENTBIT_VERSION=${FLUENTBIT_VERSION:-"3.1.10"} \ 14 | S6_OVERLAY_VERSION=${S6_OVERLAY_VERSION:-"3.2.0.3"} \ 15 | YQ_VERSION=${YQ_VERSION:-"v4.44.1"} \ 16 | ZABBIX_VERSION=${ZABBIX_VERSION:-"7.2.6"} \ 17 | DOAS_VERSION=${DOAS_VERSION:-"v6.8.2"} \ 18 | DEBUG_MODE=FALSE \ 19 | TIMEZONE=Etc/GMT \ 20 | CONTAINER_ENABLE_SCHEDULING=TRUE \ 21 | CONTAINER_SCHEDULING_BACKEND=cron \ 22 | CONTAINER_ENABLE_MESSAGING=TRUE \ 23 | CONTAINER_MESSAGING_BACKEND=msmtp \ 24 | CONTAINER_ENABLE_MONITORING=TRUE \ 25 | CONTAINER_MONITORING_BACKEND=zabbix \ 26 | CONTAINER_ENABLE_LOGSHIPPING=FALSE \ 27 | DEBIAN_FRONTEND=noninteractive \ 28 | S6_GLOBAL_PATH=/command:/usr/bin:/bin:/usr/sbin:sbin:/usr/local/bin:/usr/local/sbin \ 29 | S6_KEEP_ENV=1 \ 30 | S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ 31 | IMAGE_NAME="tiredofit/debian" \ 32 | IMAGE_REPO_URL="https://github.com/tiredofit/docker-debian/" 33 | 34 | RUN debArch=$(dpkg --print-architecture) && \ 35 | case "$debArch" in \ 36 | amd64) fluentbit='true' ; FLUENTBIT_BUILD_DEPS="bison cmake flex libssl-dev libsasl2-dev libsystemd-dev libyaml-dev pkg-config zlib1g-dev " ;; \ 37 | *) : ;; \ 38 | esac; \ 39 | set -ex && \ 40 | apt-get update && \ 41 | apt-get upgrade -y && \ 42 | ZABBIX_BUILD_DEPS=' \ 43 | autoconf \ 44 | automake \ 45 | autotools-dev\ 46 | build-essential \ 47 | g++ \ 48 | pkg-config \ 49 | libpcre3-dev \ 50 | libssl-dev \ 51 | zlib1g-dev \ 52 | ' && \ 53 | apt-get install -y --no-install-recommends \ 54 | apt-transport-https \ 55 | apt-utils \ 56 | acl \ 57 | aptitude \ 58 | bash \ 59 | busybox-static \ 60 | ca-certificates \ 61 | curl \ 62 | dirmngr \ 63 | dos2unix \ 64 | fail2ban \ 65 | gettext \ 66 | gnupg \ 67 | git \ 68 | inetutils-ping \ 69 | iptables \ 70 | jq \ 71 | less \ 72 | libpcre3 \ 73 | libyaml-0-2 \ 74 | logrotate \ 75 | msmtp \ 76 | nano \ 77 | net-tools \ 78 | netcat-openbsd \ 79 | procps \ 80 | sudo \ 81 | tzdata \ 82 | zstd \ 83 | ${ZABBIX_BUILD_DEPS} ${FLUENTBIT_BUILD_DEPS} \ 84 | && \ 85 | \ 86 | mv /usr/bin/envsubst /usr/local/bin && \ 87 | rm -rf /usr/bin/crontab && \ 88 | rm -rf /usr/sbin/cron && \ 89 | ln -s /bin/busybox /usr/sbin/crontab && \ 90 | ln -s /bin/busybox /usr/sbin/crond && \ 91 | mkdir -p /usr/local/go && \ 92 | echo "Downloading Go ${GOLANG_VERSION}..." && \ 93 | curl -sSLk https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz | tar xvfz - --strip 1 -C /usr/local/go && \ 94 | ln -sf /usr/local/go/bin/go /usr/local/bin/ && \ 95 | ln -sf /usr/local/go/bin/godoc /usr/local/bin/ && \ 96 | ln -sf /usr/local/go/bin/gfmt /usr/local/bin/ && \ 97 | \ 98 | rm -rf /etc/timezone && \ 99 | ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime && \ 100 | echo "${TIMEZONE}" > /etc/timezone && \ 101 | dpkg-reconfigure -f noninteractive tzdata && \ 102 | \ 103 | ### Build Doas 104 | mkdir -p /usr/src/doas && \ 105 | curl -sSLk https://github.com/Duncaen/OpenDoas/archive/${DOAS_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/doas && \ 106 | cd /usr/src/doas && \ 107 | ./configure --prefix=/usr \ 108 | --enable-static \ 109 | --without-pam \ 110 | && \ 111 | make && \ 112 | make install && \ 113 | mkdir -p /etc/doas.d && \ 114 | \ 115 | ## yq Install 116 | git clone https://github.com/mikefarah/yq /usr/src/yq && \ 117 | cd /usr/src/yq && \ 118 | git checkout ${YQ_VERSION} && \ 119 | go build && \ 120 | cp -R yq /usr/local/bin && \ 121 | ## Zabbix Agent Install 122 | addgroup --gid 10050 zabbix && \ 123 | adduser --uid 10050 \ 124 | --gid 10050 \ 125 | --gecos "Zabbix Agent" \ 126 | --home /dev/null \ 127 | --no-create-home \ 128 | --shell /sbin/nologin \ 129 | --disabled-login \ 130 | --disabled-password \ 131 | zabbix \ 132 | && \ 133 | mkdir -p /etc/zabbix && \ 134 | mkdir -p /var/lib/zabbix && \ 135 | mkdir -p /var/lib/zabbix/enc && \ 136 | mkdir -p /var/lib/zabbix/modules && \ 137 | mkdir -p /var/lib/zabbix/run && \ 138 | mkdir -p /etc/zabbix/zabbix_agentd.conf.d && \ 139 | chown --quiet -R zabbix:root /var/lib/zabbix && \ 140 | chmod -R 770 /var/lib/zabbix/run && \ 141 | rm -rf /etc/zabbix/zabbix-agentd.conf.d/* && \ 142 | mkdir -p /usr/src/zabbix && \ 143 | curl -sSLk https://github.com/zabbix/zabbix/archive/${ZABBIX_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/zabbix && \ 144 | cd /usr/src/zabbix && \ 145 | sed -i "s|{ZABBIX_REVISION}|${ZABBIX_VERSION}|g" include/version.h && \ 146 | ./bootstrap.sh 1>/dev/null && \ 147 | export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ 148 | ./configure \ 149 | --prefix=/usr \ 150 | --silent \ 151 | --sysconfdir=/etc/zabbix \ 152 | --libdir=/usr/lib/zabbix \ 153 | --datadir=/usr/lib \ 154 | --enable-agent \ 155 | --enable-agent2 \ 156 | --enable-ipv6 \ 157 | --with-openssl && \ 158 | make -j"$(nproc)" -s 1>/dev/null && \ 159 | cp src/zabbix_agent/zabbix_agentd /usr/sbin/zabbix_agentd && \ 160 | cp src/zabbix_get/zabbix_get /usr/sbin/zabbix_get && \ 161 | cp src/zabbix_sender/zabbix_sender /usr/sbin/zabbix_sender && \ 162 | cp src/go/bin/zabbix_agent2 /usr/sbin/zabbix_agent2 && \ 163 | strip /usr/sbin/zabbix_agentd && \ 164 | strip /usr/sbin/zabbix_get && \ 165 | strip /usr/sbin/zabbix_sender && \ 166 | strip /usr/sbin/zabbix_agent2 && \ 167 | mkdir -p /etc/zabbix/zabbix_agentd.conf.d && \ 168 | mkdir -p /var/log/zabbix && \ 169 | chown -R zabbix:root /var/log/zabbix && \ 170 | chown --quiet -R zabbix:root /etc/zabbix && \ 171 | rm -rf /usr/src/zabbix && \ 172 | \ 173 | ### Fluentbit compilation 174 | mkdir -p /usr/src/fluentbit && \ 175 | curl -sSLk https://github.com/fluent/fluent-bit/archive/v${FLUENTBIT_VERSION}.tar.gz | tar xfz - --strip 1 -C /usr/src/fluentbit && \ 176 | cd /usr/src/fluentbit && \ 177 | cmake \ 178 | -DCMAKE_INSTALL_PREFIX=/usr \ 179 | -DCMAKE_INSTALL_LIBDIR=lib \ 180 | -DCMAKE_BUILD_TYPE=None \ 181 | -DFLB_AWS=No \ 182 | -DFLB_BACKTRACE=No \ 183 | -DFLB_DEBUG=No \ 184 | -DFLB_EXAMPLES=No \ 185 | -DFLB_FILTER_AWS=No \ 186 | -DFLB_FILTER_KUBERNETES=No \ 187 | -DFLB_HTTP_SERVER=Yes \ 188 | -DFLB_IN_COLLECTD=No \ 189 | -DFLB_IN_CPU=No \ 190 | -DFLB_IN_DOCKER=No \ 191 | -DFLB_IN_DOCKER_EVENTS=No \ 192 | -DFLB_IN_KMSG=No \ 193 | -DFLB_IN_MEM=No \ 194 | -DFLB_IN_MQTT=No \ 195 | -DFLB_IN_NETIF=No \ 196 | -DFLB_IN_SERIAL=No \ 197 | -DFLB_IN_SYSTEMD=Yes \ 198 | -DFLB_IN_TCP=No \ 199 | -DFLB_IN_THERMAL=No \ 200 | -DFLB_IN_WINLOG=No \ 201 | -DFLB_IN_WINSTAT=No \ 202 | -DFLB_JEMALLOC=Yes \ 203 | -DFLB_LUAJIT=No \ 204 | -DFLB_OUT_AZURE=No \ 205 | -DFLB_OUT_AZURE_BLOB=No \ 206 | -DFLB_OUT_BIGQUERY=No \ 207 | -DFLB_OUT_CALYPTIA=No \ 208 | -DFLB_OUT_CLOUDWATCH_LOGS=No \ 209 | -DFLB_OUT_COUNTER=No \ 210 | -DFLB_OUT_DATADOG=No \ 211 | -DFLB_OUT_GELF=No \ 212 | -DFLB_OUT_INFLUXDB=No \ 213 | -DFLB_OUT_KAFKA=No \ 214 | -DFLB_OUT_KAFKA_REST=No \ 215 | -DFLB_OUT_KINESIS_FIREHOSE=No \ 216 | -DFLB_OUT_KINESIS_STREAMS=No \ 217 | -DFLB_OUT_LOGDNA=No \ 218 | -DFLB_OUT_NATS=No \ 219 | -DFLB_OUT_NRLOGS=No \ 220 | -DFLB_OUT_PGSQL=No \ 221 | -DFLB_OUT_S3=No \ 222 | -DFLB_OUT_SLACK=No \ 223 | -DFLB_OUT_SPLUNK=No \ 224 | -DFLB_OUT_STACKDRIVER=No \ 225 | -DFLB_OUT_TCP=No \ 226 | -DFLB_OUT_TD=No \ 227 | -DFLB_RELEASE=Yes \ 228 | -DFLB_SHARED_LIB=Off \ 229 | -DFLB_SIGNV4=No \ 230 | -DFLB_SMALL=Yes \ 231 | . && \ 232 | if [ "$debArch" = "amd64" ] ; then make -j"$(nproc)" ; make install ; mv /usr/etc/fluent-bit /etc/fluent-bit ; strip /usr/bin/fluent-bit ; fi ; \ 233 | \ 234 | ### Fail2ban Configuration 235 | groupadd -g 65500 fail2ban && \ 236 | # usermod -a -G fail2ban zabbix && \ 237 | rm -rf /var/run/fail2ban && \ 238 | mkdir -p /var/run/fail2ban && \ 239 | # chown -R root:fail2ban /var/run/fail2ban && \ 240 | # setfacl -d -m g:fail2ban:rwx /var/run/fail2ban && \ 241 | find /etc/fail2ban/action.d/ -type f -not -name 'iptables*.conf' -delete && \ 242 | rm -rf /etc/fail2ban/filter.d && \ 243 | mkdir -p /etc/fail2ban/filter.d && \ 244 | rm -rf /etc/fail2ban/fail2ban.d \ 245 | /etc/fail2ban/jail.d/* \ 246 | /etc/fail2ban/paths* \ 247 | && \ 248 | \ 249 | ### S6 installation 250 | debArch=$(dpkg --print-architecture) && \ 251 | case "$debArch" in \ 252 | amd64) s6Arch='x86_64' ;; \ 253 | armel) s6Arch='armhf' ;; \ 254 | armhf) s6Arch='armhf' ;; \ 255 | arm64) s6Arch='aarch64' ;; \ 256 | *) echo >&2 "Error: unsupported architecture ($debArch)"; exit 1 ;; \ 257 | esac; \ 258 | curl -sSLk https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz | tar xvpfJ - -C / && \ 259 | curl -sSLk https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${s6Arch}.tar.xz | tar xvpfJ - -C / && \ 260 | curl -sSLk https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz | tar xvpfJ - -C / && \ 261 | curl -sSLk https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz | tar xvpfJ - -C / && \ 262 | mkdir -p /etc/cont-init.d && \ 263 | mkdir -p /etc/cont-finish.d && \ 264 | mkdir -p /etc/services.d && \ 265 | chown -R 0755 /etc/cont-init.d && \ 266 | chown -R 0755 /etc/cont-finish.d && \ 267 | chmod -R 0755 /etc/services.d && \ 268 | sed -i "s|echo|: # echo |g" /package/admin/s6-overlay/etc/s6-rc/scripts/cont-init && \ 269 | sed -i "s|echo|: # echo |g" /package/admin/s6-overlay/etc/s6-rc/scripts/cont-finish && \ 270 | sed -i "s|echo ' (no readiness notification)'|: # echo ' (no readiness notification)'|g" /package/admin/s6-overlay/etc/s6-rc/scripts/services-up && \ 271 | sed -i "s|s6-echo -n|: # s6-echo -n|g" /package/admin/s6-overlay/etc/s6-rc/scripts/services-up && \ 272 | sed -i "s|v=2|v=1|g" /package/admin/s6-overlay/etc/s6-linux-init/skel/rc.init && \ 273 | sed -i "s|v=2|v=1|g" /package/admin/s6-overlay/etc/s6-linux-init/skel/rc.shutdown && \ 274 | \ 275 | ### Cleanup 276 | mkdir -p /assets/cron && \ 277 | apt-get purge -y ${BUSYBOX_BUILD_DEPS} ${ZABBIX_BUILD_DEPS} ${FLUENTBIT_BUILD_DEPS} gettext && \ 278 | apt-get autoremove -y && \ 279 | apt-get clean -y && \ 280 | rm -rf \ 281 | /etc/logrotate.d/* \ 282 | /root/.cache \ 283 | /root/.gnupg \ 284 | /root/go \ 285 | /usr/local/bin/go* \ 286 | /usr/local/go \ 287 | /usr/share/doc/* \ 288 | /usr/share/doc/kde/HTML/*/* \ 289 | /usr/share/gnome/help/*/* \ 290 | /usr/share/info/* \ 291 | /usr/share/linda/* \ 292 | /usr/share/lintian/overrides/* \ 293 | /usr/share/locale/* \ 294 | /usr/share/man/* \ 295 | /usr/share/omf/*/*-*.emf \ 296 | /usr/src/* \ 297 | /var/lib/apt/lists/* \ 298 | /var/log/* 299 | 300 | SHELL ["/bin/bash", "-c"] 301 | EXPOSE 2020/TCP 10050/TCP 302 | COPY install / 303 | ENTRYPOINT ["/init"] 304 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2022 Dave Conroy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /install/assets/defaults/00-container: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | ### Set defaults 4 | CONTAINER_CUSTOM_PATH=${CONTAINER_CUSTOM_PATH:-"/assets/custom/"} 5 | CONTAINER_CUSTOM_SCRIPTS_PATH=${CONTAINER_CUSTOM_SCRIPTS_PATH:-"/assets/custom-scripts/"} 6 | CONTAINER_ENABLE_CUSTOM_BASH_PROMPT=${CONTAINER_ENABLE_CUSTOM_BASH_PROMPT:-"TRUE"} 7 | CONTAINER_ENABLE_DOCKER_SECRETS=${CONTAINER_ENABLE_DOCKER_SECRETS:-"TRUE"} 8 | CONTAINER_ENABLE_FAIL2BAN=${CONTAINER_ENABLE_FAIL2BAN:-"FALSE"} 9 | CONTAINER_ENABLE_FIREWALL=${CONTAINER_ENABLE_FIREWALL:-"FALSE"} 10 | CONTAINER_ENABLE_LOGROTATE=${CONTAINER_ENABLE_LOGROTATE:-"TRUE"} 11 | CONTAINER_ENABLE_LOGSHIPPING=${CONTAINER_ENABLE_LOGSHIPPING:-"FALSE"} 12 | CONTAINER_ENABLE_LOG_PREFIX=${CONTAINER_ENABLE_LOG_PREFIX:-"TRUE"} 13 | CONTAINER_ENABLE_MESSAGING=${CONTAINER_ENABLE_MESSAGING:-"TRUE"} 14 | CONTAINER_ENABLE_MONITORING=${CONTAINER_ENABLE_MONITORING:-"TRUE"} 15 | CONTAINER_ENABLE_PERMISSIONS=${CONTAINER_ENABLE_PERMISSIONS:-"TRUE"} 16 | CONTAINER_ENABLE_PROCESS_COUNTER=${CONTAINER_ENABLE_PROCESS_COUNTER:-"TRUE"} 17 | CONTAINER_ENABLE_PROCESS_HELPER=${CONTAINER_ENABLE_PROCESS_HELPER:-"TRUE"} 18 | CONTAINER_ENABLE_SCHEDULING=${CONTAINER_ENABLE_SCHEDULING:-"TRUE"} 19 | CONTAINER_FIREWALL_BACKEND=${CONTAINER_FIREWALL_BACKEND:-"iptables"} 20 | CONTAINER_LOGSHIPPING_BACKEND=${CONTAINER_LOGSHIPPING_BACKEND:-"fluent-bit"} 21 | CONTAINER_LOG_LEVEL=${CONTAINER_LOG_LEVEL:-"NOTICE"} 22 | CONTAINER_LOG_PREFIX_DATE_FMT=${CONTAINER_LOG_PREFIX_DATE_FMT:-"%Y-%m-%d"} 23 | CONTAINER_LOG_PREFIX_SEPERATOR=${CONTAINER_LOG_PREFIX_SEPERATOR:-"."} 24 | CONTAINER_LOG_PREFIX_TIME_FMT=${CONTAINER_LOG_PREFIX_TIME_FMT:-"%H:%M:%S"} 25 | CONTAINER_LOG_FILE_NAME=${CONTAINER_LOG_FILE_NAME:-"container.log"} 26 | CONTAINER_LOG_FILE_LEVEL=${CONTAINER_LOG_FILE_LEVEL:-"DEBUG"} 27 | CONTAINER_LOG_FILE_PATH=${CONTAINER_LOG_FILE_PATH:-"/var/log/container/"} 28 | CONTAINER_LOG_FILE_PREFIX_DATE_FMT=${CONTAINER_LOG_FILE_PREFIX_DATE_FMT:-"%Y-%m-%d"} 29 | CONTAINER_LOG_FILE_PREFIX_SEPERATOR=${CONTAINER_LOG_FILE_PREFIX_SEPERATOR:-"."} 30 | CONTAINER_LOG_FILE_PREFIX_TIME_FMT=${CONTAINER_LOG_FILE_PREFIX_TIME_FMT:-"%H:%M:%S"} 31 | CONTAINER_MESSAGING_BACKEND=${CONTAINER_MESSAGING_BACKEND:-"msmtp"} 32 | CONTAINER_MONITORING_BACKEND=${CONTAINER_MONITORING_BACKEND:-"zabbix"} 33 | CONTAINER_NAME=${CONTAINER_NAME:-"$(hostname)"} 34 | CONTAINER_PROCESS_HELPER_DATE_FMT=${CONTAINER_PROCESS_HELPER_DATE_FMT:-"%Y-%m-%d"} 35 | CONTAINER_PROCESS_HELPER_PATH=${CONTAINER_PROCESS_HELPER_PATH:-"/assets/container/processhelper/"} 36 | CONTAINER_PROCESS_HELPER_SCRIPT=${CONTAINER_PROCESS_HELPER_SCRIPT:-"processhelper.sh"} 37 | CONTAINER_PROCESS_HELPER_TIME_FMT=${CONTAINER_PROCESS_HELPER_TIME_FMT:-"%H:%M:%S"} 38 | CONTAINER_PROCESS_RUNAWAY_PROTECTOR=${CONTAINER_PROCESS_RUNAWAY_PROTECTOR:-"TRUE"} 39 | CONTAINER_PROCESS_RUNAWAY_DELAY=${CONTAINER_PROCESS_RUNAWAY_DELAY:-"1"} 40 | CONTAINER_PROCESS_RUNAWAY_LIMIT=${CONTAINER_PROCESS_RUNAWAY_LIMIT:-"50"} 41 | CONTAINER_PROCESS_RUNAWAY_SHOW_OUTPUT_FINAL=${CONTAINER_PROCESS_RUNAWAY_SHOW_OUTPUT_FINAL:-"TRUE"} 42 | CONTAINER_SCHEDULING_BACKEND=${CONTAINER_SCHEDULING_BACKEND:-"cron"} 43 | CONTAINER_SCHEDULING_LOCATION=${CONTAINER_SCHEDULING_LOCATION:-"/assets/cron/"} 44 | CONTAINER_SKIP_SANITY_CHECK=${CONTAINER_SKIP_SANITY_CHECK:-"FALSE"} 45 | DEBUG_MODE=${DEBUG_MODE:-"FALSE"} 46 | PROCESS_NAME=${PROCESS_NAME:-"container"} 47 | # shellcheck disable=SC2034 48 | SCRIPTPATH="$(cd "$(dirname "$0")" >/dev/null 2>&1 || exit ; pwd -P)" 49 | -------------------------------------------------------------------------------- /install/assets/defaults/02-permissions: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | DEBUG_PERMISSIONS=${DEBUG_PERMISSIONS:-"FALSE"} 4 | -------------------------------------------------------------------------------- /install/assets/defaults/03-monitoring: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | ZABBIX_AGENT_LOG_FILE=${ZABBIX_AGENT_LOG_FILE:-"zabbix_agentd.log"} 4 | ZABBIX_AGENT_LOG_PATH=${ZABBIX_AGENT_LOG_PATH:-"/var/log/zabbix/agent/"} 5 | ZABBIX_ALLOW_ROOT=${ZABBIX_ALLOW_ROOT:-"1"} 6 | ZABBIX_BUFFER_SEND=${ZABBIX_BUFFER_SEND:-"5"} 7 | ZABBIX_BUFFER_SIZE=${ZABBIX_BUFFER_SIZE:-"100"} 8 | ZABBIX_CERT_PATH=${ZABBIX_CERT_PATH:-"/etc/zabbix/certs/"} 9 | ZABBIX_CONFIG_FILE=${ZABBIX_CONFIG_FILE:-"zabbix_agentd.conf"} 10 | ZABBIX_CONFIG_PATH=${ZABBIX_CONFIG_PATH:-"/etc/zabbix/"} 11 | ZABBIX_DEBUGLEVEL=${ZABBIX_DEBUGLEVEL:-"1"} 12 | ZABBIX_ENABLE_AUTOREGISTER=${ZABBIX_ENABLE_AUTOREGISTER:-"TRUE"} 13 | ZABBIX_ENABLE_AUTOREGISTER_DNS=${ZABBIX_ENABLE_AUTOREGISTER_DNS:-"TRUE"} 14 | ZABBIX_HOSTNAME=${ZABBIX_HOSTNAME:-"${CONTAINER_NAME}"} 15 | ZABBIX_LISTEN_IP=${ZABBIX_LISTEN_IP:-"0.0.0.0"} 16 | ZABBIX_LISTEN_PORT=${ZABBIX_LISTEN_PORT:-"10050"} 17 | ZABBIX_LOG_FILE_SIZE=${ZABBIX_LOG_FILE_SIZE:-"0"} 18 | ZABBIX_MAXLINES_SECOND=${ZABBIX_MAXLINES_SECOND:-"20"} 19 | ZABBIX_PID=${ZABBIX_PID:-"/var/lib/zabbix/run/zabbix-agent.pid"} 20 | ZABBIX_REFRESH_ACTIVE_CHECKS=${ZABBIX_REFRESH_ACTIVE_CHECKS:-"120"} 21 | ZABBIX_REMOTECOMMANDS_ALLOW=${ZABBIX_REMOTECOMMANDS_ALLOW:-"*"} 22 | ZABBIX_REMOTECOMMANDS_LOG=${ZABBIX_REMOTECOMMANDS_LOG:-"1"} 23 | ZABBIX_SERVER=${ZABBIX_SERVER:-"0.0.0.0/0"} 24 | ZABBIX_SERVER_ACTIVE=${ZABBIX_SERVER_ACTIVE:-"zabbix-proxy"} 25 | ZABBIX_SETUP_TYPE=${ZABBIX_SETUP_TYPE:-"AUTO"} 26 | ZABBIX_SOCKET=${ZABBIX_SOCKET:-"/var/lib/zabbix/run/zabbix-agent.sock"} 27 | ZABBIX_START_AGENTS=${ZABBIX_START_AGENTS:-"1"} 28 | ZABBIX_STATUS_PORT=${ZABBIX_STATUS_PORT:-"8050"} 29 | ZABBIX_USER=${ZABBIX_USER:-"zabbix"} 30 | ZABBIX_USER_DOAS=${ZABBIX_USER_DOAS:-"TRUE"} 31 | ZABBIX_USER_SUDO=${ZABBIX_USER_SUDO:-"TRUE"} 32 | 33 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 34 | case ${os} in 35 | "alpine" ) 36 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 37 | if [ "${osver}" -ge 11 ] || [ "$osver" = "edge" ] ; then 38 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"modern"} 39 | else 40 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"classic"} 41 | fi 42 | ;; 43 | "debian" | "ubuntu" ) 44 | ZABBIX_AGENT_TYPE=${ZABBIX_AGENT_TYPE:-"modern"} 45 | ;; 46 | esac 47 | -------------------------------------------------------------------------------- /install/assets/defaults/04-scheduling: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | SCHEDULING_LOG_TYPE=${SCHEDULING_LOG_TYPE:-"FILE"} 4 | SCHEDULING_LOG_LOCATION=${SCHEDULING_LOG_LOCATION:-"/var/log/cron/"} 5 | SCHEDULING_LOG_LEVEL=${SCHEDULING_LOG_LEVEL:-"8"} -------------------------------------------------------------------------------- /install/assets/defaults/05-logging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | FLUENTBIT_CONFIG_PARSERS=${FLUENTBIT_CONFIG_PARSERS:-"parsers.conf"} 4 | FLUENTBIT_CONFIG_PLUGINS=${FLUENTBIT_CONFIG_PLUGINS:-"plugins.conf"} 5 | FLUENTBIT_ENABLE_HTTP_SERVER=${FLUENTBIT_ENABLE_HTTP_SERVER:-"TRUE"} 6 | FLUENTBIT_ENABLE_STORAGE_METRICS=${FLUENTBIT_ENABLE_STORAGE_METRICS:-"TRUE"} 7 | FLUENTBIT_FLUSH_SECONDS=${FLUENTBIT_FLUSH_SECONDS:-"1"} 8 | FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE=${FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE:-"1M"} 9 | FLUENTBIT_FORWARD_BUFFER_MAX_SIZE=${FLUENTBIT_FORWARD_BUFFER_MAX_SIZE:-"6M"} 10 | FLUENTBIT_FORWARD_PORT=${FLUENTBIT_FORWARD_PORT:-"24224"} 11 | FLUENTBIT_GRACE_SECONDS=${FLUENTBIT_GRACE_SECONDS:-"1"} 12 | FLUENTBIT_HTTP_LISTEN_IP=${FLUENTBIT_HTTP_LISTEN_IP:-"0.0.0.0"} 13 | FLUENTBIT_HTTP_LISTEN_PORT=${FLUENTBIT_HTTP_LISTEN_PORT:-"2020"} 14 | FLUENTBIT_LOG_FILE=${FLUENTBIT_LOG_FILE:-"fluentbit.log"} 15 | FLUENTBIT_LOG_LEVEL=${FLUENTBIT_LOG_LEVEL:-"info"} 16 | FLUENTBIT_LOG_PATH=${FLUENTBIT_LOG_PATH:-"/var/log/fluentbit/"} 17 | FLUENTBIT_MODE=${FLUENTBIT_MODE:-"NORMAL"} 18 | FLUENTBIT_OUTPUT=${FLUENTBIT_OUTPUT:-"FORWARD"} 19 | FLUENTBIT_OUTPUT_FORWARD_HOST=${FLUENTBIT_OUTPUT_FORWARD_HOST:-"fluent-proxy"} 20 | FLUENTBIT_OUTPUT_FORWARD_TLS=${FLUENTBIT_OUTPUT_FORWARD_TLS:-"FALSE"} 21 | FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY=${FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY:-"FALSE"} 22 | FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP=${FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP:-"gzip"} 23 | FLUENTBIT_OUTPUT_LOKI_HOST=${FLUENTBIT_OUTPUT_LOKI_HOST:-"loki"} 24 | FLUENTBIT_OUTPUT_LOKI_PORT=${FLUENTBIT_OUTPUT_LOKI_PORT:-"3100"} 25 | FLUENTBIT_OUTPUT_LOKI_TLS=${FLUENTBIT_OUTPUT_LOKI_TLS:-"FALSE"} 26 | FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY=${FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY:-"FALSE"} 27 | FLUENTBIT_SETUP_TYPE=${FLUENTBIT_SETUP_TYPE:-"AUTO"} 28 | FLUENTBIT_STORAGE_BACKLOG_LIMIT=${FLUENTBIT_STORAGE_BACKLOG_LIMIT:-"5M"} 29 | FLUENTBIT_STORAGE_CHECKSUM=${FLUENTBIT_STORAGE_CHECKSUM:-"FALSE"} 30 | FLUENTBIT_STORAGE_PATH=${FLUENTBIT_STORAGE_PATH:-"/tmp/fluentbit/storage"} 31 | FLUENTBIT_STORAGE_SYNC=${FLUENTBIT_STORAGE_SYNC:-"normal"} 32 | FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE=${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE:-"32k"} 33 | FLUENTBIT_TAIL_BUFFER_MAX_SIZE=${FLUENTBIT_TAIL_BUFFER_MAX_SIZE:-"32k"} 34 | FLUENTBIT_TAIL_READ_FROM_HEAD=${FLUENTBIT_TAIL_READ_FROM_HEAD:-"FALSE"} 35 | FLUENTBIT_TAIL_SKIP_EMPTY_LINES=${FLUENTBIT_TAIL_SKIP_EMPTY_LINES:-"TRUE"} 36 | FLUENTBIT_TAIL_SKIP_LONG_LINES=${FLUENTBIT_TAIL_SKIP_LONG_LINES:-"TRUE"} 37 | FLUENTBIT_TAIL_DB_ENABLE=${FLUENTBIT_TAIL_DB_ENABLE:-"TRUE"} 38 | FLUENTBIT_TAIL_DB_SYNC=${FLUENTBIT_TAIL_DB_SYNC:-"normal"} 39 | FLUENTBIT_TAIL_DB_LOCK=${FLUENTBIT_TAIL_DB_LOCK:-"TRUE"} 40 | FLUENTBIT_TAIL_DB_JOURNAL_MODE=${FLUENTBIT_TAIL_DB_JOURNAL_MODE:-"WAL"} 41 | FLUENTBIT_TAIL_KEY_PATH_ENABLE=${FLUENTBIT_TAIL_KEY_PATH_ENABLE:-"TRUE"} 42 | FLUENTBIT_TAIL_KEY_PATH=${FLUENTBIT_TAIL_KEY_PATH:-"filename"} 43 | FLUENTBIT_TAIL_KEY_OFFSET_ENABLE=${FLUENTBIT_TAIL_KEY_OFFSET_ENABLE:-"FALSE"} 44 | FLUENTBIT_TAIL_KEY_OFFSET=${FLUENTBIT_TAIL_KEY_OFFSET:-"offset"} 45 | 46 | case "$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 1,2)" in 47 | "3.5" | "3.8" ) LOGROTATE_COMPRESSION_TYPE="gzip" ;; 48 | *) LOGROTATE_COMPRESSION_TYPE=${LOGROTATE_COMPRESSION_TYPE:-"zstd"} ;; 49 | esac 50 | 51 | LOGROTATE_COMPRESSION_VALUE=${LOGROTATE_COMPRESSION_VALUE:-"8"} 52 | LOGROTATE_RETAIN_DAYS=${LOGROTATE_RETAIN_DAYS:-"7"} 53 | LOGSHIPPING_AUTO_CONFIG_LOGROTATE=${LOGSHIPPING_AUTO_CONFIG_LOGROTATE:-"TRUE"} 54 | -------------------------------------------------------------------------------- /install/assets/defaults/06-messaging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | SMTP_AUTO_FROM=${SMTP_AUTO_FROM:-"FALSE"} 4 | SMTP_DOMAIN=${SMTP_DOMAIN:-"docker"} 5 | SMTP_HOST=${SMTP_HOST:-"postfix-relay"} 6 | SMTP_MAILDOMAIN=${SMTP_MAILDOMAIN:-"local"} 7 | SMTP_PORT=${SMTP_PORT:-"25"} 8 | SMTP_STARTTLS=${SMTP_STARTTLS:-"FALSE"} 9 | SMTP_TLS=${SMTP_TLS:-"FALSE"} 10 | SMTP_TLSCERTCHECK=${SMTP_TLSCERTCHECK:-"FALSE"} -------------------------------------------------------------------------------- /install/assets/defaults/07-firewall: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | IPTABLES_RULES_PATH=${IPTABLES_RULES_PATH:-"/assets/iptables/"} 4 | IPTABLES_RULES_FILE=${IPTABLES_RULES_FILE:-"iptables.rules"} 5 | FAIL2BAN_BACKEND=${FAIL2BAN_BACKEND:-"AUTO"} 6 | FAIL2BAN_CONFIG_PATH=${FAIL2BAN_CONFIG_PATH:-"/etc/fail2ban/"} 7 | FAIL2BAN_DB_FILE=${FAIL2BAN_DB_FILE:-"fail2ban.sqlite3"} 8 | FAIL2BAN_DB_PATH=${FAIL2BAN_DB_PATH:-"/data/fail2ban/"} 9 | FAIL2BAN_DB_PURGE_AGE=${FAIL2BAN_DB_PURGE_AGE:-"86400"} 10 | FAIL2BAN_DB_TYPE=${FAIL2BAN_DB_TYPE:-"MEMORY"} 11 | FAIL2BAN_IGNORE_IP=${FAIL2BAN_IGNORE_IP:-"127.0.0.1/8 ::1 172.16.0.0/12 192.168.0.0/24"} 12 | FAIL2BAN_IGNORE_SELF=${FAIL2BAN_IGNORE_SELF:-"TRUE"} 13 | FAIL2BAN_LOG_PATH=${FAIL2BAN_LOG_PATH:-"/var/log/fail2ban/"} 14 | FAIL2BAN_LOG_FILE=${FAIL2BAN_LOG_FILE:-"fail2ban.log"} 15 | FAIL2BAN_LOG_LEVEL=${FAIL2BAN_LOG_LEVEL:-"INFO"} 16 | FAIL2BAN_LOG_TYPE=${FAIL2BAN_LOG_TYPE:-"FILE"} 17 | FAIL2BAN_MAX_RETRY=${FAIL2BAN_MAX_RETRY:-"5"} 18 | FAIL2BAN_STARTUP_DELAY=${FAIL2BAN_STARTUP_DELAY:-"15"} 19 | FAIL2BAN_TIME_BAN=${FAIL2BAN_TIME_BAN:-"10m"} 20 | FAIL2BAN_TIME_FIND=${FAIL2BAN_TIME_FIND:-"10m"} 21 | FAIL2BAN_USE_DNS=${FAIL2BAN_USE_DNS:-"warn"} 22 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/00-startup: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | chmod -f -R 0755 /assets/{defaults,functions} > /dev/null 2>&1 4 | chmod -f -R 0755 /etc/{cont-init.d,cont-finish.d,services.available} > /dev/null 2>&1 5 | source /assets/functions/00-container 6 | output_off 7 | PROCESS_NAME="container-init" 8 | showoff 9 | 10 | # Clean OS logroate directory 11 | rm -rf /etc/logrotate.d/* 12 | mkdir -p /assets/logrotate 13 | 14 | mkdir -p "${CONTAINER_LOG_FILE_PATH}" 15 | touch "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 16 | echo "** Container Name: ${CONTAINER_NAME} - Commencing Logging" >> "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 17 | create_logrotate container "${CONTAINER_LOG_FILE_PATH}"/"${CONTAINER_LOG_FILE_NAME}" 18 | 19 | ### Routine to check if container has been restarted or not 20 | if [ -d "/tmp/.container" ] ; then 21 | print_notice "Detected Container that has been restarted - Cleaning '/tmp/.container' files" 22 | rm -rf /tmp/.container/* 23 | rm -rf /etc/services.d/* 24 | echo "$(date +%s) $(date +'%Y-%m-%d %H:%M:%S %Z') - Warm restart detected" >> /tmp/.container/container-restart 25 | else 26 | print_debug "Cold Container startup detected - Proceeding to initialize services normally" 27 | mkdir -p /tmp/.container/ 28 | echo "$(date +%s) $(date +'%Y-%m-%d %H:%M:%S %Z') - Container started" >> /tmp/.container/container-startup 29 | fi 30 | 31 | print_debug "Adding shortcuts to .bashrc" 32 | cat <> /root/.bashrc 33 | source /assets/functions/00-container 34 | alias env='with-contenv env | sort' 35 | 36 | service_down() { 37 | case "\${1}" in 38 | all ) 39 | echo "** Disabling all services" 40 | for service in /var/run/s6/legacy-services/* ; do 41 | echo "** Disabling s6 service '\$(basename \${service})'" 42 | s6-svc -d /var/run/s6/legacy-services/\$(basename \${service}) 43 | done 44 | ;; 45 | * ) 46 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 47 | echo "** Disabling s6 service '\$1'" 48 | s6-svc -d /var/run/s6/legacy-services/\$1 49 | fi 50 | ;; 51 | esac 52 | } 53 | 54 | service_list() { 55 | ls -1 /var/run/s6/legacy-services 56 | } 57 | 58 | service_reset() { 59 | case "\${1}" in 60 | all ) 61 | echo "** Resetting all services" 62 | for service in /var/run/s6/legacy-services/* ; do 63 | echo "** Reset s6 service '\$(basename \${service})'" 64 | rm -rf /tmp/.container/\$(basename \${service}) 65 | #s6-svc -u /var/run/s6/legacy-services/\$(basename \${service}) 66 | done 67 | ;; 68 | * ) 69 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 70 | echo "** Reset s6 service '\$1'" 71 | rm -rf /tmp/.container/\$1 72 | fi 73 | ;; 74 | esac 75 | } 76 | 77 | service_up() { 78 | case "\${1}" in 79 | all ) 80 | echo "** Enabling all services" 81 | for service in /var/run/s6/legacy-services/* ; do 82 | echo "** Enabling s6 service '\$(basename \${service})'" 83 | s6-svc -u /var/run/s6/legacy-services/\$(basename \${service}) 84 | done 85 | ;; 86 | * ) 87 | if [ -d "/var/run/s6/legacy-services/\$1" ] ; then 88 | echo "** Enabling s6 service '\$1'" 89 | s6-svc -u /var/run/s6/legacy-services/\$1 90 | fi 91 | ;; 92 | esac 93 | } 94 | 95 | EOF 96 | 97 | ## Show last changelog version and details of current running image 98 | if [ -f "/assets/.changelogs/${IMAGE_NAME/\//_}.md" ] ; then 99 | changelogname="/assets/.changelogs/${IMAGE_NAME/\//_}.md" 100 | elif [ -f /assets/.changelogs/docker-${IMAGE_NAME/\//_}.md ] ; then 101 | changelogname="/assets/.changelogs/docker-${IMAGE_NAME/\//_}.md" 102 | else 103 | if [ -f /assets/.changelogs/tiredofit_docker-${IMAGE_NAME/\//_}.md ] ; then 104 | changelogname="/assets/.changelogs/tiredofit_docker-${IMAGE_NAME/\//_}.md" 105 | else 106 | strip_image_repo_url=$(echo ${IMAGE_REPO_URL%/} | sed "s#https://github.com/##g") 107 | if [ -f /assets/.changelogs/${strip_image_repo_url/\//_}.md ] ; then 108 | changelogname="/assets/.changelogs/${strip_image_repo_url/\//_}.md" 109 | fi 110 | fi 111 | fi 112 | 113 | ## Add Support to list all Changelogs known of all base images 114 | if [ -d "/assets/.changelogs" ] ; then 115 | cat <> /root/.bashrc 116 | image_version() { 117 | for clname in /assets/.changelogs/* ; do 118 | version=\$(head -n 1 \$clname | awk '{print \$2}') 119 | echo \"Image: $(basename \$clname) \$version\" 120 | done 121 | } 122 | 123 | EOF 124 | fi 125 | 126 | if [ -z "${changelogname// }" ] ; then 127 | print_debug "Not adding 'changelog' command to .bashrc as I can't detect what changelog it is" 128 | echo "image_changelog() { echo '** Sorry - I do not know what image this is. Check if there are changelogs in /assets/.changelogs';}" >> /root/.bashrc 129 | else 130 | print_debug "Adding 'changelog' command to .bashrc" 131 | echo "image_changelog() { echo \"** Showing the most recent version entry changelog for ${IMAGE_NAME} - See more at /assets/.changelogs\" ; awk '/^##/{p++} p==2{print; exit} p>=1' $changelogname | sed '\$d' ;}" >> /root/.bashrc 132 | fi 133 | 134 | ## Rewrite Bash Prompt 135 | if [ -n "${CONTAINER_CUSTOM_BASH_PROMPT}" ] ; then 136 | bash_prompt=${CONTAINER_CUSTOM_BASH_PROMPT} 137 | else 138 | image_version=$(get_image_version) 139 | if [ ! -z "${image_version// }" ] ; then 140 | bash_ver=":${image_version}" 141 | fi 142 | bash_prompt="[${IMAGE_NAME}${bash_ver} \\t \\w] $ " 143 | fi 144 | 145 | echo "export PS1=\"${bash_prompt/ /}\"" >> /root/.bashrc 146 | 147 | ## Add helper for reading compressed files 148 | cat <> /root/.bashrc 149 | zcat () { 150 | if [ -f "\$@" ] ; then 151 | case "\$@" in 152 | *.zst* ) $(which zstdcat) "\$@" ;; 153 | *.bz*) $(which zcat) "\$@" ;; 154 | *.gz*) $(which zcat) "\$@" ;; 155 | *.xz) $(which zcat) "\$@" ;; 156 | esac 157 | else 158 | echo "'\$@' is not a valid file!" 159 | fi 160 | } 161 | EOF 162 | 163 | host_override 164 | liftoff 165 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/01-timezone: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | PROCESS_NAME="timezone" 6 | 7 | ### Timezone setup 8 | if [ -n "${TIMEZONE}" ]; then 9 | set_timezone "${TIMEZONE}" 10 | fi 11 | 12 | liftoff 13 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/02-permissions: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | # shellcheck disable=SC2034 6 | PROCESS_NAME="permissions" 7 | 8 | ## Legacy 9 | if var_true "${ENABLE_PERMISSIONS}" ; then 10 | CONTAINER_ENABLE_PERMISSIONS=TRUE 11 | elif var_false "${ENABLE_PERMISSIONS}" ; then 12 | CONTAINER_ENABLE_PERMISSIONS=FALSE 13 | fi 14 | ## 15 | 16 | if var_true "${DEBUG_PERMISSIONS}" ; then 17 | CONTAINER_LOG_LEVEL="DEBUG" 18 | fi 19 | 20 | ### Enable or Disable permissions 21 | if var_true "${CONTAINER_ENABLE_PERMISSIONS}" ; then 22 | print_debug "Enabling permissions features" 23 | 24 | # change uid in /etc/passwd with the ones defined in Docker's environment settings 25 | unames="$(set -o posix ; set | sort | grep -e '^USER_' | sed "s|^USER_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n') " 26 | unames+="$(set -o posix ; set | sort | grep -e '^CONTAINER_USER_' | sed "s|^CONTAINER_USER_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n')" 27 | 28 | for upair in $unames; do 29 | uname=$(echo $upair | cut -d = -f 1) 30 | uid=$(echo $upair | cut -d = -f 2) 31 | if grep -e "^${uname}" /etc/passwd > /dev/null; then 32 | _userexists=true 33 | elif grep -e "^${uname/_/-}" /etc/passwd > /dev/null; then 34 | _userexists=true 35 | uname=${uname/_/-} 36 | fi 37 | if [ "${_userexists}" = true ] ; then 38 | ouid=$(grep -e "^${uname}" /etc/passwd | awk -F: '{print $3}') 39 | 40 | print_debug "Changing user '${u}' to uid '${uid}' from '${ouid}'" 41 | sed -i "s|${uname}:x:${ouid}:|${uname}:x:${uid}:|g" /etc/passwd 42 | fi 43 | done 44 | 45 | # Change gid in /etc/group and /etc/passwd with the ones defined in Docker's environment settings 46 | groups="$(set -o posix ; set | sort | grep -e '^GROUP_' | sed "s|^GROUP_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | sed '/add_.*/d' ) " 47 | groups+="$(set -o posix ; set | sort | grep -e '^CONTAINER_GROUP_' | sed "s|^CONTAINER_GROUP_||g" | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | sed '/add_.*/d' ) " 48 | 49 | for gpair in $groups; do 50 | gname=$(echo $gpair | cut -d = -f 1) 51 | gid=$(echo $gpair | cut -d = -f 2) 52 | if grep -e "^${gname}" /etc/group > /dev/null; then 53 | _groupexists=true 54 | elif grep -e "^${gname/_/-}" /etc/group > /dev/null; then 55 | _groupexists=true 56 | gname=${gname/_/-} 57 | fi 58 | 59 | if [ "${_groupexists}" = true ] ; then 60 | opu=$(grep -e "^${gname}" /etc/passwd | awk -F: '{print $1}') 61 | opuid=$(grep -e "^${gname}" /etc/passwd | awk -F: '{print $3}') 62 | opgid=$(grep -e "^${gname}" /etc/passwd | awk -F: '{print $4}') 63 | og=$(grep -e "^${gname}" /etc/group | awk -F: '{print $1}') 64 | oggid=$(grep -e "^${gname}" /etc/group | awk -F: '{print $3}') 65 | 66 | print_debug "Changing group '${gname}' to gid '${gid}' from '${oggid}'" 67 | sed -i "s|\(.*\):\(.*\):\(.*\):${opgid}:|\1:\2:\3:${gid}:|g" /etc/passwd 68 | sed -i "s|${og}:x:${oggid}|${og}:x:${gid}|g" /etc/group 69 | fi 70 | done 71 | 72 | # Add users defined in Docker's environment settings to groups in /etc/group 73 | groupsadd="$(set -o posix ; set | sort | grep -e '^GROUP_ADD_' | sed 's|^GROUP_ADD_||g' | tr '[:upper:]' '[:lower:]' ) " 74 | groupsadd+="$(set -o posix ; set | sort | grep -e '^CONTAINER_GROUP_ADD_' | sed 's|^CONTAINER_GROUP_ADD_||g' | tr '[:upper:]' '[:lower:]' )" 75 | 76 | for gau in $groupsadd; do 77 | gname=$(echo ${gau} | cut -d = -f1 ) 78 | if grep -e "^${gname}" /etc/group > /dev/null; then 79 | _groupexists=true 80 | elif grep -e "^${gname/_/-}" /etc/group > /dev/null; then 81 | _groupexists=true 82 | gname=${gname/_/-} 83 | fi 84 | 85 | if [ "${_groupexists}" = true ] ; then 86 | uta=$(echo ${gau} | cut -d = -f2 | tr ',' '\n') 87 | 88 | for userstogroup in ${uta} ; do 89 | print_debug "Adding user '${userstogroup}' to '${gname}'" 90 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 91 | case ${os,,} in 92 | "alpine" ) 93 | silent addgroup ${userstogroup} ${gname} 94 | ;; 95 | "debian" | "ubuntu" ) 96 | silent usermod -a -G ${gname} ${userstogroup} 97 | ;; 98 | esac 99 | done 100 | fi 101 | done 102 | fi 103 | 104 | liftoff 105 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/03-monitoring: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | PROCESS_NAME="monitoring" 7 | 8 | ## Legacy 9 | if var_false "${ENABLE_ZABBIX}"; then CONTAINER_ENABLE_MONITORING=FALSE ; fi 10 | if var_true "${ENABLE_ZABBIX}"; then 11 | CONTAINER_ENABLE_MONITORING=TRUE 12 | CONTAINER_MONITORING_BACKEND=zabbix 13 | fi 14 | ## 15 | 16 | if var_true "${CONTAINER_ENABLE_MONITORING}" ; then 17 | case "${CONTAINER_MONITORING_BACKEND,,}" in 18 | "zabbix" ) 19 | print_debug "Using Zabbix Backend" 20 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 21 | if var_true "${DEBUG_MODE}" ; then 22 | ZABBIX_DEBUGLEVEL=4 23 | fi 24 | 25 | if var_true "${ZABBIX_USER_SUDO}" ; then 26 | grant_sudo zabbix 27 | fi 28 | 29 | if var_true "${ZABBIX_USER_DOAS}" ; then 30 | grant_doas zabbix 31 | fi 32 | 33 | if [ -n "${ZABBIX_ENCRYPT_PSK_ID}" ] || [ -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] || [ -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] ; then 34 | transform_file_var \ 35 | ZABBIX_ENCRYPT_PSK_ID \ 36 | ZABBIX_ENCRYPT_PSK_KEY 37 | 38 | print_debug "Zabbix Agent - Using PSK Encryption" 39 | if [ ! -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] && [ ! -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] ; then 40 | print_error "You've selected Zabbix Agent PSK Encryption but haven't supplied a file or a Key!" 41 | exit 1 42 | fi 43 | 44 | if [ ! -n "${ZABBIX_ENCRYPT_PSK_FILE}" ] && [ -n "${ZABBIX_ENCRYPT_PSK_KEY}" ] ; then 45 | print_debug "Zabbix Agent - Only have PSK via ENV Var (Automated creation of file)" 46 | # libressl/openssl rand -hex 32 = 256bit 47 | mkdir -p "${ZABBIX_CERT_PATH}" 48 | ZABBIX_ENCRYPT_PSK_FILE="zabbix_agent.psk" 49 | echo "${ZABBIX_ENCRYPT_PSK_KEY}" > "${ZABBIX_CERT_PATH}"/"${ZABBIX_ENCRYPT_PSK_FILE}" 50 | fi 51 | 52 | chmod -f 0600 "${ZABBIX_CERT_PATH}"/"${ZABBIX_ENCRYPT_PSK_FILE}" 53 | chown -f -R "${ZABBIX_USER}" "${ZABBIX_CERT_PATH}" 54 | tls_psk=$(cat< "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 70 | # Custom Generated Zabbix Agent configuration for version 1. If you want to use your own config set 'ZABBIX_SETUP_TYPE=MANUAL' 71 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 72 | 73 | AllowKey=system.run[${ZABBIX_REMOTECOMMANDS_ALLOW}] 74 | AllowRoot=${ZABBIX_ALLOW_ROOT} 75 | BufferSend=${ZABBIX_BUFFER_SEND} 76 | BufferSize=${ZABBIX_BUFFER_SIZE} 77 | DebugLevel=${ZABBIX_DEBUGLEVEL} 78 | Hostname=${ZABBIX_HOSTNAME} 79 | ListenIP=${ZABBIX_LISTEN_IP} 80 | ListenPort=${ZABBIX_LISTEN_PORT} 81 | LogFile=${ZABBIX_AGENT_LOG_PATH}/${ZABBIX_AGENT_LOG_FILE} 82 | LogFileSize=${ZABBIX_LOG_FILE_SIZE} 83 | LogRemoteCommands=${ZABBIX_REMOTECOMMANDS_LOG} 84 | MaxLinesPerSecond=${ZABBIX_MAXLINES_SECOND} 85 | PidFile=${ZABBIX_PID} 86 | RefreshActiveChecks=${ZABBIX_REFRESH_ACTIVE_CHECKS} 87 | Server=${ZABBIX_SERVER} 88 | ServerActive=${ZABBIX_SERVER_ACTIVE} 89 | StartAgents=${ZABBIX_START_AGENTS} 90 | User=${ZABBIX_USER} 91 | ${tls_psk} 92 | Include=${ZABBIX_CONFIG_PATH}/${ZABBIX_CONFIG_FILE}.d/*.conf 93 | EOF 94 | else 95 | print_debug "Skipping Configuring Zabbix classic Agent" 96 | fi 97 | ;; 98 | "2" | "m" | "n" | "modern" | "new" ) 99 | case ${os} in 100 | "alpine" ) 101 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 102 | if [ "${osver}" -ge 11 ] || [ "$osver" = "edge" ] || [ "$osver" = "17*" ]; then 103 | print_debug "We are using newer than Alpine 3.11 to be able to use the Zabbix Modern client.." 104 | else 105 | print_error "Sorry, Modern version not available for this images version (Alpine 3.11 + only)" 106 | exit 1 107 | fi 108 | ;; 109 | esac 110 | logship_version="modern" 111 | if [ "${ZABBIX_SETUP_TYPE,,}" = "auto" ] ; then 112 | print_debug "Configuring Zabbix modern Agent" 113 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 114 | # Custom Generated Zabbix Agent configuration for version 2 If you want to use your own config set 'ZABBIX_SETUP_TYPE=MANUAL' 115 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 116 | 117 | AllowKey=system.run[${ZABBIX_REMOTECOMMANDS_ALLOW}] 118 | BufferSend=${ZABBIX_BUFFER_SEND} 119 | BufferSize=${ZABBIX_BUFFER_SIZE} 120 | ControlSocket=${ZABBIX_SOCKET} 121 | DebugLevel=${ZABBIX_DEBUGLEVEL} 122 | Hostname=${ZABBIX_HOSTNAME} 123 | ListenPort=${ZABBIX_LISTEN_PORT} 124 | LogFile=${ZABBIX_AGENT_LOG_PATH}/${ZABBIX_AGENT_LOG_FILE} 125 | LogFileSize=${ZABBIX_LOG_FILE_SIZE} 126 | RefreshActiveChecks=${ZABBIX_REFRESH_ACTIVE_CHECKS} 127 | Server=${ZABBIX_SERVER} 128 | ServerActive=${ZABBIX_SERVER_ACTIVE} 129 | StatusPort=${ZABBIX_STATUS_PORT} 130 | PidFile=${ZABBIX_PID} 131 | ${tls_psk} 132 | Include=${ZABBIX_CONFIG_PATH}/${ZABBIX_CONFIG_FILE}.d/*.conf 133 | EOF 134 | else 135 | print_debug "Skipping Configuring Zabbix modern Agent" 136 | fi 137 | ;; 138 | esac 139 | 140 | if [ -n "${ZABBIX_REMOTECOMMANDS_DENY}" ]; then 141 | echo "DenyKey=system.run[${ZABBIX_REMOTECOMMANDS_DENY}]" >> "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}" 142 | fi 143 | 144 | print_debug "Zabbix Agent - Generating Collection Configuration" 145 | case ${os} in 146 | "alpine" ) 147 | updated_packages="UserParameter=packages.upgradable,doas apk update >/dev/null && apk version | sed '/Installed/d' | wc -l" 148 | ;; 149 | "debian" | "ubuntu" ) 150 | updated_packages="UserParameter=packages.upgradable,doas apt-get update >/dev/null && doas aptitude search '~U' | wc -l" 151 | ;; 152 | esac 153 | 154 | mkdir -p "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d 155 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-container_agent.conf 156 | # Zabbix Container Agent Configuration - Automatically Generated based on Operating System 157 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 158 | # Autoregister=toica 159 | 160 | ## Report on Container OS 161 | UserParameter=agent.os,grep "PRETTY_NAME" /etc/os-release | cut -d '"' -f2 162 | 163 | ## Report on packages that are available to be upgraded 164 | ${updated_packages} 165 | EOF 166 | 167 | mkdir -p "${ZABBIX_AGENT_LOG_PATH}" 168 | chown -R "${ZABBIX_USER}":root "${ZABBIX_AGENT_LOG_PATH}" 169 | chown -R "${ZABBIX_USER}":root "${ZABBIX_CONFIG_PATH}" 170 | chown -R "${ZABBIX_USER}":root /var/lib/zabbix 171 | chmod 775 "${ZABBIX_CONFIG_PATH}" 172 | create_logrotate zabbix-agent "${ZABBIX_AGENT_LOG_PATH}"/"${ZABBIX_AGENT_LOG_FILE}" zabbix-agent-${logship_version} "${ZABBIX_USER}" root 173 | print_notice "Container configured for monitoring with '${CONTAINER_MONITORING_BACKEND} ${ZABBIX_AGENT_TYPE}'" 174 | ;; 175 | * ) 176 | print_error "Unknown Monitoring Backend" 177 | exit 1 178 | ;; 179 | esac 180 | else 181 | service_stop "$(basename "$0")" 182 | fi 183 | 184 | liftoff 185 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/04-scheduling: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | PROCESS_NAME="scheduling" 7 | 8 | 9 | 10 | ## Legacy 11 | if var_false "${ENABLE_CRON}" ; then CONTAINER_ENABLE_SCHEDULING=FALSE ; fi 12 | if var_true "${ENABLE_CRON}" ; then 13 | CONTAINER_ENABLE_SCHEDULING=TRUE 14 | CONTAINER_SCHEDULING_BACKEND="cron" 15 | fi 16 | ## 17 | 18 | # this is where we want to scan for every crontab env var and write it to its own file and leave a note where it came from or if it was part of system variables 19 | ## in the services available section is where we will parse the actual folder and then prepare the crontab right away. might need to update the bash alias to reload cron easy 20 | if var_false "${CONTAINER_ENABLE_SCHEDULING}" ; then 21 | print_debug "Disabling Scheduling" 22 | service_stop "$(basename "$0")" 23 | else 24 | case "${CONTAINER_SCHEDULING_BACKEND,,}" in 25 | "cron" ) 26 | mkdir -p /tmp/.container/cron 27 | 28 | if [ "${SCHEDULING_LOG_TYPE,,}" = "file" ] ; then 29 | mkdir -p "${SCHEDULING_LOG_LOCATION}" 30 | touch "${SCHEDULING_LOG_LOCATION}"/cron.log 31 | create_logrotate cron "${SCHEDULING_LOG_LOCATION}"/cron.log 32 | fi 33 | 34 | if [ ! -d "${CONTAINER_SCHEDULING_LOCATION}" ]; then mkdir -p "${CONTAINER_SCHEDULING_LOCATION}" ; fi 35 | ## Docker Build and Runtime overrides 36 | cronenv=$(mktemp) 37 | set -o posix; set -f ; set | grep -E '^CRON_'| sed "s|CRON_||g" > ${cronenv} 38 | sed -i "/^PERIOD/d" "${cronenv}" 39 | while IFS= read -r cron_entry; do 40 | schedule_title="$(echo ${cron_entry} | cut -d = -f1 | tr '[:upper:]' '[:lower:]' )" 41 | schedule_value="$(echo ${cron_entry} | cut -d = -f2 )" 42 | schedule_value="$(echo ${schedule_value:1:-1})" 43 | if var_false "${schedule_value}" ; then 44 | print_debug "Disabling ${schedule_title} scheduled task" 45 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title}" 46 | # Nulled execution of command generated by Environment Variable defined in Image build, or Runtime argument 47 | # Entered Value: ${schedule} 48 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 49 | EOF 50 | else 51 | print_debug "Adding ${schedule_title} with to be parsed by ${CONTAINER_SCHEDULING_BACKEND}" 52 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title}" 53 | # Scheduled execution of command created automatically generated by Environment Variable defined in Image build, or Runtime argument 54 | # Entered Value: ${schedule} 55 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 56 | 57 | ${schedule_value} 58 | EOF 59 | fi 60 | done < ${cronenv} 61 | rm -rf $cronenv 62 | set +f 63 | unset cronenv schedules cron_entry schedule_value schedule_title 64 | unset "${!CRON_@}" 65 | 66 | ## Defaults 67 | for d in /assets/defaults/* ; do 68 | if [ "$d" != "/assets/defaults/00-container" ] ; then 69 | # shellcheck source=/assets/defaults/ 70 | output_off 71 | source $d 72 | output_on 73 | cronenv=$(mktemp) 74 | set -o posix; set -f ; set | grep -E '^CRON_'| sed "s|CRON_||g" > "${cronenv}" 75 | sed -i "/^PERIOD/d" "${cronenv}" 76 | while IFS= read -r cron_entry; do 77 | schedule_title="$(echo ${cron_entry} | cut -d = -f1 | tr '[:upper:]' '[:lower:]')" 78 | schedule_value="$(echo ${cron_entry} | cut -d = -f2 )" 79 | schedule_value="$(echo ${schedule_value:1:-1})" 80 | if [ ! -f "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title,,}" ] ; then 81 | print_debug "Adding $schedule_title with value $schedule_value to crontab" 82 | cat < "${CONTAINER_SCHEDULING_LOCATION}/${schedule_title,,}" 83 | # Scheduled execution of command taken from default file: '${d}' 84 | # Entered Value: ${schedule} 85 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 86 | 87 | ${schedule_value} 88 | EOF 89 | else 90 | print_debug "Skipping adding '${schedule_title}' as it already exists" 91 | fi 92 | done < "${cronenv}" 93 | rm -rf $cronenv 94 | set +f 95 | unset cronenv schedules cron_entry schedule_value schedule_title 96 | unset "${!CRON_@}" 97 | fi 98 | done 99 | print_notice "Container configured for scheduled tasks with 'cron'" 100 | ;; 101 | *) 102 | print_error "Unknown Scheduling Backend" 103 | exit 1 104 | ;; 105 | esac 106 | fi 107 | 108 | liftoff 109 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/05-logging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service 6 | PROCESS_NAME="logging" 7 | 8 | 9 | if var_true "${CONTAINER_ENABLE_LOGROTATE}" ; then 10 | print_debug "Enabling log rotation" 11 | case "${LOGROTATE_COMPRESSION_TYPE,,}" in 12 | bz* ) 13 | logrotate_compression=$(cat< /etc/logrotate.conf 45 | daily 46 | rotate ${LOGROTATE_RETAIN_DAYS} 47 | copytruncate 48 | dateext 49 | nomail 50 | notifempty 51 | ${logrotate_compression} 52 | include /etc/logrotate.d 53 | EOF 54 | 55 | chmod 0744 /etc/logrotate.conf 56 | mkdir -p "${CONTAINER_SCHEDULING_LOCATION}" 57 | cat < "${CONTAINER_SCHEDULING_LOCATION}"/logrotate 58 | # Hardcoded in image in /etc/cont-init.d/$(basename "$0") 59 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 60 | 61 | 59 23 * * * logrotate -f /etc/logrotate.conf >/dev/null 2>&1 62 | EOF 63 | fi 64 | 65 | if var_false "${CONTAINER_ENABLE_LOGSHIPPING}" ; then 66 | service_stop "$(basename "$0")" 67 | else 68 | case "${CONTAINER_LOGSHIPPING_BACKEND,,}" in 69 | "fluent-bit" | "fluentbit" ) 70 | os=$(cat /etc/os-release |grep ^ID= | cut -d = -f2) 71 | case ${os,,} in 72 | "alpine" ) 73 | archit="$(apk --print-arch)" 74 | case "$archit" in 75 | x86_64) 76 | osver=$(cat /etc/os-release | grep VERSION_ID | cut -d = -f 2 | cut -d . -f 2 | cut -d _ -f 1) 77 | if [ "${osver}" -ge 11 ] || [ "$osver" = "edge" ] || [ "$osver" = "17*" ]; then 78 | : 79 | else 80 | print_error "Sorry this functionality is not available on < Alpine 3.11 releases" 81 | service_stop "$(basename "$0")" 82 | liftoff 83 | exit 0 84 | fi 85 | ;; 86 | *) 87 | print_error "Sorry this functionality is not available on ${archit} architecture" 88 | service_stop "$(basename "$0")" 89 | liftoff 90 | exit 91 | ;; 92 | esac 93 | ;; 94 | "debian" | "ubuntu" ) 95 | archit=$(dpkg --print-architecture) && \ 96 | case "$archit" in \ 97 | amd64) 98 | : 99 | ;; 100 | *) 101 | print_error "Sorry this functionality is not available on ${archit} architecture" 102 | service_stop "$(basename "$0")" 103 | liftoff 104 | exit 105 | ;; 106 | esac 107 | ;; 108 | esac 109 | 110 | if [ "${FLUENTBIT_SETUP_TYPE,,}" = "auto" ] ; then 111 | print_debug "[logship] Configuring Fluent-bit agent" 112 | truefalse_onoff FLUENTBIT_ENABLE_HTTP_SERVER 113 | truefalse_onoff FLUENTBIT_ENABLE_STORAGE_METRICS 114 | truefalse_onoff FLUENTBIT_STORAGE_CHECKSUM 115 | mkdir -p "${FLUENTBIT_STORAGE_PATH}" 116 | mkdir -p "${FLUENTBIT_LOG_PATH}" 117 | mkdir -p /etc/fluent-bit/conf.d 118 | cat < /etc/fluent-bit/conf.d/do_not_delete.conf 119 | # Don't delete this configuration file otherwise execution of fluent-bit will fail. It will not affect operation of your system or impact resources 120 | [INPUT] 121 | Name dummy 122 | Tag ignore 123 | 124 | [FILTER] 125 | Name grep 126 | Match ignore 127 | regex ignore ignore 128 | 129 | [OUTPUT] 130 | Name NULL 131 | Match ignore 132 | EOF 133 | 134 | if [ "$(ls -A /etc/fluent-bit/parsers.d/)" ]; then 135 | shopt -s nullglob 136 | for custom_parser in /etc/fluent-bit/parsers.d/*.conf ; do 137 | print_debug "[logship] Found additional parser for '$(echo "${custom_parser,,}" | sed "s|.conf||g")'" 138 | additional_parsers=$(echo "${additional_parsers}" ; cat< /etc/fluent-bit/fluent-bit.conf 147 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 148 | 149 | @INCLUDE conf.d/*.conf 150 | [SERVICE] 151 | daemon Off 152 | flush ${FLUENTBIT_FLUSH_SECONDS} 153 | grace ${FLUENTBIT_GRACE_SECONDS} 154 | http_listen ${FLUENTBIT_HTTP_LISTEN_IP} 155 | http_port ${FLUENTBIT_HTTP_LISTEN_PORT} 156 | http_server ${FLUENTBIT_ENABLE_HTTP_SERVER} 157 | log_file ${FLUENTBIT_LOG_PATH}/${FLUENTBIT_LOG_FILE} 158 | log_level ${FLUENTBIT_LOG_LEVEL} 159 | plugins_file ${FLUENTBIT_CONFIG_PLUGINS} 160 | storage.backlog.mem_limit ${FLUENTBIT_STORAGE_BACKLOG_LIMIT} 161 | storage.checksum ${FLUENTBIT_STORAGE_CHECKSUM} 162 | storage.metrics ${FLUENTBIT_ENABLE_STORAGE_METRICS} 163 | storage.path ${FLUENTBIT_STORAGE_PATH} 164 | storage.sync ${FLUENTBIT_STORAGE_SYNC} 165 | parsers_file ${FLUENTBIT_CONFIG_PARSERS} 166 | ${additional_parsers} 167 | EOF 168 | 169 | ##### Input Plugins 170 | case "${FLUENTBIT_MODE,,}" in 171 | "normal" ) 172 | print_debug "[logship] Configuring Fluent-Bit for Normal/Client mode" 173 | 174 | ### Config Setup 175 | if var_true "${FLUENTBIT_TAIL_KEY_PATH_ENABLE}" ; then 176 | tail_key_path=" Path_Key ${FLUENTBIT_TAIL_KEY_PATH}" 177 | fi 178 | 179 | if var_true "${FLUENTBIT_TAIL_KEY_OFFSET_ENABLE}" ; then 180 | tail_key_offset=" Offset_Key ${FLUENTBIT_TAIL_KEY_OFFSET}" 181 | fi 182 | 183 | if [ -n "${FLUENTBIT_TAIL_IGNORE_OLDER}" ] ; then 184 | tail_ignore_older=" Ignore_Older ${FLUENTBIT_TAIL_IGNORE_OLDER}" 185 | fi 186 | 187 | truefalse_onoff FLUENTBIT_TAIL_SKIP_EMPTY_LINES 188 | truefalse_onoff FLUENTBIT_TAIL_SKIP_LONG_LINES 189 | 190 | #### Override by Environment Variables 191 | logshipenv=$(mktemp) 192 | set -o posix; set -f ; set | grep -E '^LOGSHIP_'| sed "s|LOGSHIP_||g" > "${logshipenv}" 193 | while IFS= read -r logship_entry; do 194 | logship_title="$(echo "${logship_entry}" | cut -d = -f1 | tr '[:upper:]' '[:lower:]' )" 195 | logship_value="$(echo "${logship_entry}" | cut -d = -f2 )" 196 | logship_value="$(echo "${logship_value:1:-1}")" 197 | if var_false "${logship_value}" ; then 198 | print_debug "[logship] Disabling ${logship_title} Log Shipping" 199 | cat < "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 200 | # Nulled Log Monitoring of ${logship_title} generated by Environment Variable defined in Image build, or Runtime argument 201 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 202 | EOF 203 | if [ -f "/assets/logrotate/${logship_title,,}" ] ; then 204 | print_debug "[logship] Setting Logrotate value to skip for /assets/logrotate/${logship_title,,}" 205 | sed -i "# logship: .*|# logship: ignore" 206 | fi 207 | else 208 | print_debug "[logship] Adding ${logship_title} with to be parsed by ${CONTAINER_LOGSHIPPING_BACKEND}" 209 | if var_true "${FLUENTBIT_TAIL_DB_ENABLE}" ; then 210 | tail_db=$(cat< "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 219 | # Log File Monitoring created automatically generated by Environment Variable defined in Image build, or Runtime argument 220 | # Entered Value: ${logship_value} 221 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 222 | 223 | [INPUT] 224 | Name tail 225 | Path ${logship_value} 226 | Tag ${logship_title,,} 227 | Buffer_Chunk_Size ${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE} 228 | Buffer_Max_Size ${FLUENTBIT_TAIL_BUFFER_MAX_SIZE} 229 | Read_from_Head ${FLUENTBIT_TAIL_READ_FROM_HEAD} 230 | Skip_Empty_Lines ${FLUENTBIT_TAIL_SKIP_EMPTY_LINES} 231 | Skip_Long_Lines ${FLUENTBIT_TAIL_SKIP_LONG_LINES} 232 | ${tail_key_path} 233 | ${tail_db} 234 | ${tail_ignore_older} 235 | ${tail_key_offset} 236 | 237 | [FILTER] 238 | Name record_modifier 239 | Match ${logship_title,,} 240 | Record hostname $(hostname) 241 | Record container_name ${CONTAINER_NAME} 242 | Record product ${logship_title,,} 243 | 244 | EOF 245 | fi 246 | done < "${logshipenv}" 247 | rm -rf "$logshipenv" 248 | set +f 249 | unset logshipenv logship_entry logship_value logship_title db 250 | unset "${!LOGSHIP_@}" 251 | 252 | ## Defaults 253 | for d in /assets/defaults/* ; do 254 | if [ "$d" != "/assets/defaults/00-container" ] ; then 255 | # shellcheck source=/assets/defaults/ 256 | source "$d" 257 | logshipenv=$(mktemp) 258 | set -o posix; set -f ; set | grep -E '^LOGSHIP_'| sed "s|LOGSHIP_||g" > "${logshipenv}" 259 | while IFS= read -r logship_entry; do 260 | logship_title="$(echo "${logship_entry}" | cut -d = -f1 | tr '[:upper:]' '[:lower:]')" 261 | logship_value="$(echo "${logship_entry}" | cut -d = -f2 )" 262 | logship_value="$(echo "${logship_value:1:-1}")" 263 | 264 | if var_true "${FLUENTBIT_TAIL_DB_ENABLE}" ; then 265 | tail_db=$(cat< "/etc/fluent-bit/conf.d/in_tail_${logship_title,,}.conf" 276 | # Log File Shipping created automatically generated by reading through defaults in /assets/defaults/* 277 | # Entered Value: ${logship_value} 278 | # Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 279 | 280 | [INPUT] 281 | Name tail 282 | Path ${logship_value} 283 | Tag ${CONTAINER_NAME}_${logship_title,,} 284 | Buffer_Chunk_Size ${FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE} 285 | Buffer_Max_Size ${FLUENTBIT_TAIL_BUFFER_MAX_SIZE} 286 | Read_from_Head ${FLUENTBIT_TAIL_READ_FROM_HEAD} 287 | Skip_Empty_Lines ${FLUENTBIT_TAIL_SKIP_EMPTY_LINES} 288 | Skip_Long_Lines ${FLUENTBIT_TAIL_SKIP_LONG_LINES} 289 | ${tail_key_path} 290 | ${tail_db} 291 | ${tail_ignore_older} 292 | ${tail_key_offset} 293 | EOF 294 | else 295 | print_debug "[logship] Skipping adding ${logship_title} as it already exists" 296 | fi 297 | done < "${logshipenv}" 298 | rm -rf "$logshipenv" 299 | set +f 300 | unset logshipenv logship_entry logship_value logship_title 301 | unset "${!LOGSHIP_@}" 302 | fi 303 | done 304 | ;; 305 | "proxy" | "forward" ) 306 | print_debug "[logship] Configuring Fluent-Bit for Proxy/Forwarding Mode" 307 | cat < /etc/fluent-bit/conf.d/in_forward.conf 308 | [INPUT] 309 | Name forward 310 | Listen 0.0.0.0 311 | Port ${FLUENTBIT_FORWARD_PORT} 312 | Buffer_Chunk_Size ${FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE} 313 | Buffer_Max_Size ${FLUENTBIT_FORWARD_BUFFER_MAX_SIZE} 314 | EOF 315 | ;; 316 | esac 317 | 318 | ##### Output Plugins 319 | case "${FLUENTBIT_OUTPUT,,}" in 320 | "loki" ) 321 | transform_file_var \ 322 | FLUENTBIT_OUTPUT_LOKI_HOST \ 323 | FLUENTBIT_OUTPUT_LOKI_PORT \ 324 | FLUENTBIT_OUTPUT_LOKI_USER \ 325 | FLUENTBIT_OUTPUT_LOKI_PASS \ 326 | FLUENTBIT_OUTPUT_LOKI_TENANT_ID 327 | 328 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_USER}" ] ; then 329 | loki_user=" http_user ${FLUENTBIT_OUTPUT_LOKI_USER}" 330 | fi 331 | 332 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_PASS}" ] ; then 333 | loki_pass=" http_passwd ${FLUENTBIT_OUTPUT_LOKI_PASS}" 334 | fi 335 | 336 | if [ -n "${FLUENTBIT_OUTPUT_LOKI_TENANT_ID}" ] ; then 337 | loki_tenant_id=" tenant_id ${FLUENTBIT_OUTPUT_LOKI_TENANT_ID}" 338 | fi 339 | 340 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_TLS 341 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY 342 | truefalse_onoff FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP 343 | 344 | cat < /etc/fluent-bit/conf.d/out_loki.conf 345 | ## Auto generated LOKI Output plugin for Fluent Bit 346 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 347 | 348 | [OUTPUT] 349 | name loki 350 | match * 351 | host ${FLUENTBIT_OUTPUT_LOKI_HOST} 352 | port ${FLUENTBIT_OUTPUT_LOKI_PORT} 353 | tls ${FLUENTBIT_OUTPUT_LOKI_TLS,,} 354 | tls.verify ${FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY,,} 355 | compress ${FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP,,} 356 | labels logshipper=${CONTAINER_NAME} 357 | Label_keys \$hostname,\$container_name,\$product 358 | ${loki_user} 359 | ${loki_pass} 360 | ${loki_tenant_id} 361 | 362 | EOF 363 | ;; 364 | "fluentd" | "forward" ) 365 | truefalse_onoff FLUENTBIT_OUTPUT_FORWARD_TLS 366 | truefalse_onoff FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY 367 | if [ ! -z "${FLUENTBIT_OUTPUT_FORWARD_SECRET}" ] ; then 368 | forward_secret=" Shared_Key ${FLUENTBIT_OUTPUT_FORWARD_SECRET}" 369 | fi 370 | transform_file_var FLUENTBIT_OUTPUT_FORWARD_HOST 371 | cat < /etc/fluent-bit/conf.d/out_forward.conf 372 | ## Auto generated FluentD Forward Output plugin for Fluent Bit 373 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 374 | 375 | [OUTPUT] 376 | Name forward 377 | Match * 378 | Host ${FLUENTBIT_OUTPUT_FORWARD_HOST} 379 | Port ${FLUENTBIT_FORWARD_PORT} 380 | Self_Hostname ${CONTAINER_NAME} 381 | tls ${FLUENTBIT_OUTPUT_FORWARD_TLS,,} 382 | tls.verify ${FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY,,} 383 | ${forward_secret} 384 | EOF 385 | ;; 386 | "null" ) 387 | cat < /etc/fluent-bit/conf.d/out_null.conf 388 | ## Auto generated NULL Output plugin for Fluent Bit 389 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 390 | 391 | [OUTPUT] 392 | Name null 393 | Match * 394 | EOF 395 | ;; 396 | esac 397 | else 398 | print_notice "[logship] Not auto configuring Fluent-Bit. Drop configuration files in /etc/fluent-bit/conf.d" 399 | cat < /etc/fluent-bit/fluent-bit.conf 400 | ## This configuration file allows you to put your own configuration in /etc/fluent-bit/conf.d - Don't delete or it will fail :) 401 | ## Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 402 | @INCLUDE conf.d/*.conf 403 | EOF 404 | fi 405 | create_logrotate fluentbit "${FLUENTBIT_LOG_PATH}"/"${FLUENTBIT_LOG_FILE}" 406 | if var_true "${CONTAINER_ENABLE_MONITORING}" && [ "${CONTAINER_MONITORING_BACKEND,,}" = "zabbix" ]; then 407 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-fluentbit.conf 408 | # Zabbix Fluentbit Configuration - Automatically generated based on container startup options 409 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 410 | # Autoregister=fluentbit 411 | EOF 412 | fi 413 | print_notice "Container configured to ship logs via '${CONTAINER_LOGSHIPPING_BACKEND}'" 414 | ;; 415 | *) 416 | print_error "[logship] Unknown Log Shipping Backend" 417 | exit 1 418 | ;; 419 | esac 420 | 421 | fi 422 | 423 | liftoff 424 | output_on 425 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/06-messaging: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service single 6 | # shellcheck disable=SC2034 7 | PROCESS_NAME="messaging" 8 | 9 | output_off 10 | 11 | ## Legacy 12 | if var_false "${ENABLE_SMTP}"; then CONTAINER_ENABLE_MESSAGING=FALSE ; fi 13 | if var_true "${ENABLE_SMTP}"; then 14 | CONTAINER_ENABLE_MESSAGING=TRUE 15 | CONTAINER_MESSAGING_BACKEND=msmtp 16 | fi 17 | ## 18 | 19 | if var_true "${CONTAINER_ENABLE_MESSAGING}" ; then 20 | case "${CONTAINER_MESSAGING_BACKEND,,}" in 21 | "msmtp" ) 22 | rm -f /usr/sbin/sendmail 23 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 24 | truefalse_onoff SMTP_TLS lower 25 | truefalse_onoff SMTP_STARTTLS lower 26 | truefalse_onoff SMTP_TLSCERTCHECK lower 27 | transform_file_var \ 28 | SMTP_HOST \ 29 | SMTP_PORT \ 30 | SMTP_USER \ 31 | SMTP_PASS 32 | 33 | echo "### Automatically generated on container start. See documentation on how to set!" > /etc/msmtprc 34 | { 35 | echo "account default " 36 | echo "host ${SMTP_HOST}" 37 | echo "port ${SMTP_PORT}" 38 | echo "domain ${SMTP_DOMAIN}" 39 | if [ -n "$SMTP_FROM" ]; then echo "from ${SMTP_FROM}"; fi 40 | echo "maildomain ${SMTP_MAILDOMAIN}" 41 | if [ -n "$SMTP_AUTHENTICATION" ]; then echo "auth ${SMTP_AUTHENTICATION}"; fi 42 | if [ -n "$SMTP_USER" ]; then echo "user ${SMTP_USER}"; fi 43 | if [ -n "$SMTP_PASS" ]; then echo "password ${SMTP_PASS}"; fi 44 | echo "tls ${SMTP_TLS}" 45 | echo "tls_starttls ${SMTP_STARTTLS}" 46 | echo "tls_certcheck ${SMTP_TLSCERTCHECK}" 47 | if [ -n "$SMTP_ALLOW_FROM_OVERRIDE" ]; then echo "allow_from_override ${SMTP_ALLOW_FROM_OVERRIDE}"; fi 48 | ### Gmail Specific SMTP Config 49 | if var_true "${ENABLE_SMTP_GMAIL}" || var_true "${SMTP_AUTO_FROM}"; then echo "auto_from on"; fi 50 | } >> /etc/msmtprc 51 | 52 | print_notice "Container configured to route mail via SMTP to '${SMTP_HOST}'" 53 | ;; 54 | *) 55 | print_error "Unknown messaging backend" 56 | exit 1 57 | ;; 58 | esac 59 | else 60 | : 61 | fi 62 | 63 | liftoff 64 | 65 | output_on 66 | -------------------------------------------------------------------------------- /install/etc/cont-init.d/07-firewall: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/functions/00-container 4 | output_off 5 | prepare_service 6 | # shellcheck disable=SC2034 7 | PROCESS_NAME="firewall" 8 | 9 | firewall_command=$(which "${CONTAINER_FIREWALL_BACKEND,,}") 10 | 11 | if var_true "${CONTAINER_ENABLE_FIREWALL}" ; then 12 | print_notice "Container configured for firewall with '${CONTAINER_FIREWALL_BACKEND}'" 13 | case "${CONTAINER_FIREWALL_BACKEND,,}" in 14 | "iptables" ) 15 | if [ -f "${IPTABLES_RULES_PATH}"/"${IPTABLES_RULES_FILE}" ]; then 16 | print_notice "Found custom iptables.rules file" 17 | silent iptables-restore "${IPTABLES_RULES_PATH}"/"${IPTABLES_RULES_FILE}" 18 | fi 19 | ;; 20 | *) 21 | print_error "Unknown firewall backend" 22 | exit 1 23 | ;; 24 | esac 25 | 26 | set -o posix 27 | set -f 28 | if printenv | grep -q "^FIREWALL_RULE" ; then 29 | print_debug "Found existence of FIREWALL_RULE environment variables" 30 | firewallenv=$(mktemp) 31 | printenv | sort | grep '^FIREWALL_RULE_[0-9][0-9]*' | sed "s|FIREWALL_RULE_||g" > ${firewallenv} 32 | cat ${firewallenv} 33 | while IFS= read -r firewall_entry; do 34 | rule_number="$(echo ${firewall_entry} | cut -d = -f1 )" 35 | rule_value="$(echo ${firewall_entry} | cut -d = -f2 )" 36 | print_debug "Adding Rule Number: ${rule_number} with to be parsed by ${CONTAINER_FIREWALL_BACKEND}" 37 | silent "${firewall_command}" ${rule_value} 38 | done < "${firewallenv}" 39 | rm -rf "${firewallenv}" 40 | set +f 41 | unset rule_number rule_value 42 | unset "${!FIREWALL_RULE_RULE_@}" 43 | fi 44 | 45 | if var_true "${CONTAINER_ENABLE_FAIL2BAN}" ; then 46 | print_notice "Container configured to block hosts via 'fail2ban'" 47 | print_debug "Fail2ban: Configure Logging" 48 | mkdir -p "${FAIL2BAN_LOG_PATH}" 49 | touch "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" 50 | 51 | print_debug "Fail2ban: Configuring Filesystem" 52 | if [ "${FAIL2BAN_CONFIG_PATH}" != "/etc/fail2ban/" ]; then 53 | echo "not /etc/fail2ban" 54 | print_debug "Fail2ban: Creating Config Dir" 55 | mkdir -p "${FAIL2BAN_CONFIG_PATH}" 56 | silent cp -R /etc/fail2ban/* "${FAIL2BAN_CONFIG_PATH}" 57 | print_debug "Fail2ban: Linking Config to Persistent Storage" 58 | rm -rf /etc/fail2ban 59 | ln -sf "${FAIL2BAN_CONFIG_PATH}" /etc/fail2ban 60 | fi 61 | 62 | mkdir -p /etc/fail2ban/filter.d 63 | mkdir -p /etc/fail2ban/jail.d 64 | 65 | print_debug "Fail2ban: Creating Data Dir" 66 | case "${FAIL2BAN_DB_TYPE,,}" in 67 | file ) 68 | fail2ban_db="${FAIL2BAN_DB_PATH}/${FAIL2BAN_DB_FILE}" 69 | mkdir -p "${FAIL2BAN_DB_PATH}" 70 | ;; 71 | memory ) 72 | fail2ban_db=":memory:" 73 | ;; 74 | none ) 75 | fail2ban_db="None" 76 | ;; 77 | esac 78 | 79 | case "${FAIL2BAN_LOG_TYPE,,}" in 80 | file ) 81 | print_debug "Fail2ban: Creating Log Directory" 82 | mkdir -p "${FAIL2BAN_LOG_PATH}" 83 | touch "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" 84 | create_logrotate fail2ban "${FAIL2BAN_LOG_PATH}"/"${FAIL2BAN_LOG_FILE}" none 85 | ;; 86 | console ) 87 | FAIL2BAN_LOG_FILE="STDOUT" 88 | ;; 89 | esac 90 | 91 | print_debug "Fail2Ban: Creating Default Jail Configuration" 92 | cat < "${FAIL2BAN_CONFIG_PATH}"/jail.conf 93 | ## Custom Generated Fail2ban jail.conf Configuration! Do not edit, instead set ENV Vars 94 | ## Last Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 95 | 96 | [DEFAULT] 97 | ignorself = ${FAIL2BAN_IGNORE_SELF} 98 | ignoreip = ${FAIL2BAN_IGNORE_IP} 99 | ignorecommand = 100 | bantime = ${FAIL2BAN_TIME_BAN} 101 | findtime = ${FAIL2BAN_TIME_FIND} 102 | maxretry = ${FAIL2BAN_MAX_RETRY} 103 | backend = ${FAIL2BAN_BACKEND} 104 | 105 | # "usedns" specifies if jails should trust hostnames in logs, 106 | # warn when DNS lookups are performed, or ignore all hostnames in logs 107 | # 108 | # yes: if a hostname is encountered, a DNS lookup will be performed. 109 | # warn: if a hostname is encountered, a DNS lookup will be performed, 110 | # but it will be logged as a warning. 111 | # no: if a hostname is encountered, will not be used for banning, 112 | # but it will be logged as info. 113 | # raw: use raw value (no hostname), allow use it for no-host filters/actions (example user) 114 | usedns = ${FAIL2BAN_USE_DNS} 115 | 116 | logencoding = auto 117 | enabled = false 118 | mode = normal 119 | filter = %(__name__)s[mode=%(mode)s] 120 | destemail = root@localhost 121 | sender = root@ 122 | mta = sendmail 123 | protocol = tcp 124 | chain = 125 | port = 0:65535 126 | fail2ban_agent = Fail2Ban/%(fail2ban_version)s 127 | banaction = iptables-multiport 128 | banaction_allports = iptables-allports 129 | action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 130 | action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 131 | %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] 132 | action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 133 | %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 134 | action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 135 | xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] 136 | action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] 137 | %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 138 | action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] 139 | action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] 140 | action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] 141 | action_abuseipdb = abuseipdb 142 | action = %(action_)s 143 | EOF 144 | 145 | print_debug "Fail2ban: Configuring main config file" 146 | cat < "${FAIL2BAN_CONFIG_PATH}"/fail2ban.conf 147 | ## Custom Generated fail2ban.conf Configuration! Do not edit, instead set ENV Vars 148 | ## Last Generated on $(TZ=${TIMEZONE} date +'%Y-%m-%d %H:%M:%S %Z') 149 | 150 | [Definition] 151 | loglevel = ${FAIL2BAN_LOG_LEVEL} 152 | logtarget = ${FAIL2BAN_LOG_PATH}/${FAIL2BAN_LOG_FILE} 153 | syslogsocket = auto 154 | socket = /var/run/fail2ban/fail2ban.sock 155 | pidfile = /var/run/fail2ban/fail2ban.pid 156 | dbfile = ${fail2ban_db} 157 | dbpurgeage = ${FAIL2BAN_DB_PURGE_AGE} 158 | EOF 159 | 160 | if [ -d "${FAIL2BAN_CONFIG_PATH}"/jail.d ] && dir_notempty ; then 161 | for fail2ban_file in "${FAIL2BAN_CONFIG_PATH}"/jail.d/*.conf ; do 162 | if [ ! -d "$fail2ban_file" ] ; then 163 | print_debug "Substituting Environment Variables for: '${fail2ban_file}'" 164 | fail2ban_tmpfile=$(mktemp) 165 | cp --attributes-only --preserve "${fail2ban_file}" "${fail2ban_tmpfile}" 166 | cat "$fail2ban_file}" | envsubst > "${fail2ban_tmpfile}" && mv "${fail2ban_tmpfile}" "${fail2ban_file}" 167 | fi 168 | done 169 | fi 170 | 171 | if var_true "${CONTAINER_ENABLE_MONITORING}" && [ "${CONTAINER_MONITORING_BACKEND,,}" = "zabbix" ]; then 172 | cat < "${ZABBIX_CONFIG_PATH}"/"${ZABBIX_CONFIG_FILE}".d/tiredofit-fail2ban.conf 173 | # Zabbix Fail2ban Configuration - Automatically generated based on container startup options 174 | # Find Companion Zabbix Server Templates at https://github.com/tiredofit/docker-alpine or https://github.com/tiredofit/docker-debian 175 | # Autoregister=fail2ban 176 | 177 | UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+' 178 | UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/' 179 | UserParameter=fail2ban.version,fail2ban-server -V | head -n1 | awk '{print $2}' | sed "s|v||" 180 | EOF 181 | fi 182 | else 183 | service_stop "$(basename "$0")" 184 | fi 185 | else 186 | service_stop "$(basename "$0")" 187 | fi 188 | 189 | liftoff 190 | output_on -------------------------------------------------------------------------------- /install/etc/cont-init.d/99-container: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | source /assets/defaults/00-container 4 | source /assets/functions/00-container 5 | output_off 6 | PROCESS_NAME="container" 7 | 8 | if var_false "${CONTAINER_SKIP_SANITY_CHECK}" ; then 9 | 10 | 11 | ### Final sanity check to make sure all scripts have executed and initialized properly, otherwise stop 12 | files_init=$(find /etc/cont-init.d/ -maxdepth 1 -type f | wc -l) 13 | files_init=$(( $files_init-1 )) 14 | declare -a files_init_name 15 | declare -a length_of_files_init_name 16 | for f in /etc/cont-init.d/*; do 17 | files_init_name[length_of_files_init_name + 1]=filename 18 | files_init_name[${#files_init_name[@]}+1]=$(echo "$f" | sed "s#filename##g" | sed "s#/etc/cont-init.d/##g" | sed "s#99-container##g" ); 19 | done 20 | 21 | init_complete=$(find /tmp/.container/*-init -maxdepth 1 -type f | wc -l) 22 | declare -a init_complete_name 23 | declare -a length_of_init_complete_name 24 | for f in /tmp/.container/*-init; do 25 | init_complete_name[length_of_init_complete_name + 1]=filename 26 | init_complete_name[${#init_complete_name[@]}+1]=$(echo "$f" | sed "s#filename##g" | sed "s#/tmp/.container/##g" | sed "s#-init##g"); 27 | done 28 | 29 | uninitialized_scripts=() 30 | for i in "${files_init_name[@]}"; do 31 | skip= 32 | for j in "${init_complete_name[@]}"; do 33 | [[ $i == "$j" ]] && { skip=1; break; } 34 | done 35 | [[ -n $skip ]] || uninitialized_scripts+=("$i") 36 | done 37 | declare uninitialized_scripts 38 | 39 | if [ $files_init != "$init_complete" ]; then 40 | if [ "$init_complete" -gt "$files_init" ] ; then 41 | : 42 | else 43 | if [ -n "${IMAGE_NAME}" ] ; then 44 | if [ -f "/assets/.changelogs/${IMAGE_NAME/\//_}.md" ] ; then 45 | image_version=$(head -n1 /assets/.changelogs/"${IMAGE_NAME/\//_}".md | awk '{print $2}') 46 | elif [ -f /assets/.changelogs/docker-"${IMAGE_NAME/\//_}".md ] ; then 47 | image_version=$(head -n1 /assets/.changelogs/docker-"${IMAGE_NAME/\//_}".md | awk '{print $2}') 48 | else 49 | if [ -f /assets/.changelogs/tiredofit_docker-"${IMAGE_NAME/\//_}".md ] ; then 50 | image_version=$(head -n1 /assets/.changelogs/tiredofit_docker-"${IMAGE_NAME/\//_}".md | awk '{print $2}') 51 | fi 52 | fi 53 | 54 | image_string="Image: ${IMAGE_NAME}" 55 | 56 | if [ -n "${image_version}" ] ; then 57 | image_string="${image_string} | Version ${image_version} Type 'changelog' for details" 58 | fi 59 | 60 | image_string="${image_string}" 61 | 62 | if [ -n "${IMAGE_REPO_URL}" ] ; then 63 | image_url="Repository/Issues/Support: ${IMAGE_REPO_URL}" 64 | fi 65 | fi 66 | echo "**********************************************************************************************************************" 67 | echo "**********************************************************************************************************************" 68 | echo "**** ****" 69 | echo "**** ERROR - Some initialization scripts haven't completed - All services are now halted ****" 70 | echo "**** - The following scripts in '/etc/cont-init.d' did not pass their completion check ****" 71 | echo "**** ****" 72 | echo "**********************************************************************************************************************" 73 | echo "**********************************************************************************************************************" 74 | echo "" 75 | echo "${uninitialized_scripts[@]}" | tr ' ' '\n' | uniq -u 76 | echo "" 77 | echo "**********************************************************************************************************************" 78 | echo "**********************************************************************************************************************" 79 | echo "**** ****" 80 | echo "**** This could have happened for a variety of reasons. Please make sure you have followed the README ****" 81 | echo "**** relating to this image and have proper configuration such as environment variables and volumes set ****" 82 | echo "**** ****" 83 | echo "**** If you feel that you have encountered a bug, please submit an issue on the revision control system ****" 84 | echo "**** and provide full debug logs by setting the environment variable 'DEBUG_MODE=TRUE' ****" 85 | echo "**** ****" 86 | echo "**********************************************************************************************************************" 87 | echo "**********************************************************************************************************************" 88 | echo "" 89 | echo "$image_string" 90 | echo "$image_url" 91 | exit 1 92 | fi 93 | fi 94 | output_on 95 | fi 96 | 97 | for services in /etc/services.available/*/ 98 | do 99 | service=${services%*/} 100 | if [ -f "/tmp/.container/${service##*/}-init" ]; then 101 | if grep -q "DONOTSTART" "/tmp/.container/${service##*/}-init"; then 102 | print_debug "Skipping '${service##*/}' service for startup routines" 103 | else 104 | print_debug "Getting ready to start '${service##*/}' service" 105 | ln -sf "${service}" /etc/services.d 106 | fi 107 | else 108 | print_debug "No Initialization Script Found - Getting ready to start '${service##*/}' service" 109 | ln -sf "${service}" /etc/services.d 110 | fi 111 | done 112 | 113 | if [ -n "${CONTAINER_POST_INIT_SCRIPT}" ] ; then 114 | print_debug "Found Post Init Scripts" 115 | post_scripts=$(echo "${CONTAINER_POST_INIT_SCRIPT}" | tr "," "\n") 116 | for post_script in $post_scripts 117 | do 118 | if [ -f "${post_script}" ] ; then 119 | print_debug "Executing post init script '${post_script}'" 120 | chmod +x "${post_script}" 121 | "${post_script}" 122 | else 123 | print_error "Tried to run post script '${post_script}' but it does not exist!" 124 | fi 125 | done 126 | fi 127 | 128 | if [ -n "${CONTAINER_POST_INIT_COMMAND}" ] ; then 129 | print_debug "Found Post Init Command" 130 | post_commands=$(echo "${CONTAINER_POST_INIT_COMMAND}" | tr "," "\n") 131 | for post_command in "${post_commands}" 132 | do 133 | print_debug "Executing post init command '${post_command}'" 134 | eval "${post_command}" 135 | done 136 | fi 137 | 138 | liftoff 139 | output_on -------------------------------------------------------------------------------- /install/etc/fluent-bit/parsers.conf: -------------------------------------------------------------------------------- 1 | [PARSER] 2 | Name fluentbit 3 | Format regex 4 | Regex ^\[(?