Last active
May 16, 2023 16:22
-
-
Save aacater/6086b51732dfdd9a6ef0db6fa7d316d4 to your computer and use it in GitHub Desktop.
Dockerfile for BorgWarehouse
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM node:18-slim | |
| ARG USERNAME=borgwarehouse | |
| ARG USER_UID=1001 | |
| ARG USER_GID=$USER_UID | |
| ARG SUDO_LINE="$USERNAME ALL=(ALL) NOPASSWD: /usr/sbin/useradd,/bin/mkdir,/usr/bin/touch,/bin/chmod,/bin/chown,/bin/bash,/usr/bin/jc,/usr/bin/jq,/bin/sed,/bin/grep,/usr/bin/stat,/usr/bin/borg,/bin/echo,/usr/sbin/userdel,/usr/sbin/service" | |
| ENV DEBIAN_FRONTEND=noninteractive | |
| RUN apt update && apt install -y --no-install-recommends \ | |
| jc jq sudo borgbackup openssh-server openssl \ | |
| && rm -rf /var/lib/apt/lists/* /var/cache/apt | |
| RUN addgroup --gid $USER_GID $USERNAME \ | |
| && adduser --disabled-login --disabled-password --uid $USER_UID --ingroup $USERNAME --gecos BorgWarehouse $USERNAME \ | |
| && echo $SUDO_LINE > /etc/sudoers.d/10-$USERNAME \ | |
| && chmod 0440 /etc/sudoers.d/10-$USERNAME | |
| RUN echo -e "* * * * * root curl --request POST --url '$NEXTAUTH_URL/api/cronjob/checkStatus' --header 'Authorization: Bearer $CRONJOB_KEY' \n\ | |
| * * * * * root curl --request POST --url '$NEXTAUTH_URL/api/cronjob/getStorageUsed' --header 'Authorization: Bearer $CRONJOB_KEY' \ | |
| " > /etc/cron.d/borgwarehouse | |
| USER $USERNAME | |
| WORKDIR /app | |
| COPY --chown=$USER_UID:$USER_GID package*.json . | |
| RUN npm ci --only=production | |
| COPY --chown=$USER_UID:$USER_GID . . | |
| RUN chmod 700 /app/helpers/shells/* | |
| RUN npm run build | |
| EXPOSE 22 3000 | |
| VOLUME /app/config | |
| VOLUME /var/borgwarehouse | |
| COPY entrypoint.sh /entrypoint.sh | |
| ENTRYPOINT ["/entrypoint.sh"] | |
| CMD ["init"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| CONFIG_DIR="/app/config" | |
| sudo service ssh start &> /dev/null | |
| if [ ! -f "$CONFIG_DIR/users.json" ];then | |
| echo '[{"id":0,"email":"[email protected]","username":"admin","password":"$2a$12$20yqRnuaDBH6AE0EvIUcEOzqkuBtn1wDzJdw2Beg8w9S.vEqdso0a","roles":["admin"]}]' > "$CONFIG_DIR/users.json" | |
| fi | |
| if [ ! -f "$CONFIG_DIR/repo.json" ];then | |
| echo '[]' > "$CONFIG_DIR/repo.json" | |
| fi | |
| if [ "$1" == "init" ] ; then | |
| npm run start | |
| exit | |
| fi | |
| exec "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been digging the question and indeed the main problem that prevents me for the moment to propose a dockerfile is the persistence of unix users...
It is impossible to use a persistent mount on /etc/passwd or /etc/shadow files, UNIX does not support that, certainly for obvious security reasons.
I have not yet taken the time to think about how to overcome this problem. I have one or two ideas but it's not easy to do it without breaking changes.