commit bbfd70238cfa0bb9dc788bf71332a335aceebd9b Author: Ivan Schaller Date: Sat Apr 16 01:25:32 2022 +0200 init diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..0596318 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,110 @@ +################ +# docker build # +################ +kind: pipeline +type: docker +name: docker-build-amd64 + +platform: + os: linux + arch: amd64 + +trigger: + event: + - tag + +# anchors +cr_secrets: &cr_secrets + username: + from_secret: cr-dhub-username + password: + from_secret: cr-dhub-key + +docker_build: &docker_build + image: plugins/docker + pull: if-not-exists + group: build + +# build steps amd64 +steps: +- name: 'build and publish docker image' + <<: *docker_build + settings: + repo: olofvndrhr/flox-dockerized + dockerfile: Dockerfile.amd64 + auto_tag: true + auto_tag_suffix: linux-amd64 + <<: *cr_secrets + + +--- +kind: pipeline +type: docker +name: docker-build-arm64 + +platform: + os: linux + arch: arm64 + +trigger: + event: + - tag + +# anchors +cr_secrets: &cr_secrets + username: + from_secret: cr-dhub-username + password: + from_secret: cr-dhub-key + +docker_build: &docker_build + image: plugins/docker + pull: if-not-exists + group: build + +# build steps arm64 +steps: +- name: 'build and publish docker image' + <<: *docker_build + settings: + repo: olofvndrhr/flox-dockerized + dockerfile: Dockerfile.arm64 + auto_tag: true + auto_tag_suffix: linux-arm64 + <<: *cr_secrets + + +--- +kind: pipeline +type: docker +name: docker-publish-manifest + +platform: + os: linux + arch: amd64 + +trigger: + event: + - tag + +# anchors +cr_secrets: &cr_secrets + username: + from_secret: cr-dhub-username + password: + from_secret: cr-dhub-key + +# build steps +steps: +- name: 'publish manifest' + image: plugins/manifest + settings: + spec: manifest.tmpl + auto_tag: true + ignore_missing: true + <<: *cr_secrets + +depends_on: + - docker-build-amd64 + - docker-build-arm64 + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..adbb97d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +data/ \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..8f8b7d6 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + +## [1.0.0] - 2022-04-15 + +### Added + - Initial release + - Published docker image: https://hub.docker.com/r/olofvndrhr/flox-dockerized + + diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 new file mode 100644 index 0000000..7a9d6e2 --- /dev/null +++ b/Dockerfile.amd64 @@ -0,0 +1,73 @@ +FROM composer:1.10.17 AS composer + +# build flox +RUN \ + echo "**** building flox ****" && \ + apk add git && \ + git clone --branch master https://github.com/devfake/flox.git /build/flox && \ + cd /build/flox/backend && \ + composer install + +########################################### + +FROM cr.44net.ch/baseimages/debian-s6:1.3.1 + +# set version label +ARG BUILD_DATE +ARG VERSION +LABEL build_version="Version:- ${VERSION} Build-date:- ${BUILD_DATE}" +LABEL maintainer="Ivan Schaller" + +ARG db_path='/flox/backend/database/db.sqlite' + +COPY --from=composer /build/flox /app/flox + +# install packages +RUN \ + echo "**** installing base packages ****" && \ + apt-get update && \ + apt-get install -y --no-install-recommends \ + sqlite3 \ + php7.4 \ + php7.4-sqlite3 \ + php-fpm \ + php-xml \ + php-mbstring \ + php-bcmath \ + php-opcache \ + nginx \ + && \ + echo "**** prepare app ****" && \ + touch "/app${db_path}" && \ + cd /app/flox/backend && \ + php artisan flox:init --no-interaction "${db_path}" && \ + sed -i \ + -e 's,DB_CONNECTION=.*,DB_CONNECTION=sqlite,g' \ + -e 's,DB_DATABASE=.*,DB_DATABASE='"${db_path}"',g' \ + /app/flox/backend/.env && \ + echo "**** other preparation ****" && \ + mkdir -p mkdir -p /run/php/ && \ + touch /run/php/php7.4-fpm.sock && \ + sed -i \ + -e 's,user =.*,user = abc,g' \ + -e 's,group =.*,group = abc,g' \ + -e 's,listen.owner =.*,listen.owner = abc,g' \ + -e 's,listen.group =.*,listen.group = abc,g' \ + /etc/php/7.4/fpm/pool.d/www.conf && \ + chown -R abc:abc /app/flox && \ + echo "**** cleanup ****" && \ + apt-get purge --auto-remove -y && \ + apt-get clean && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* + + +# copy files to container +COPY rootfs / + +WORKDIR /flox + +EXPOSE 8080 + diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 new file mode 100644 index 0000000..7a9d6e2 --- /dev/null +++ b/Dockerfile.arm64 @@ -0,0 +1,73 @@ +FROM composer:1.10.17 AS composer + +# build flox +RUN \ + echo "**** building flox ****" && \ + apk add git && \ + git clone --branch master https://github.com/devfake/flox.git /build/flox && \ + cd /build/flox/backend && \ + composer install + +########################################### + +FROM cr.44net.ch/baseimages/debian-s6:1.3.1 + +# set version label +ARG BUILD_DATE +ARG VERSION +LABEL build_version="Version:- ${VERSION} Build-date:- ${BUILD_DATE}" +LABEL maintainer="Ivan Schaller" + +ARG db_path='/flox/backend/database/db.sqlite' + +COPY --from=composer /build/flox /app/flox + +# install packages +RUN \ + echo "**** installing base packages ****" && \ + apt-get update && \ + apt-get install -y --no-install-recommends \ + sqlite3 \ + php7.4 \ + php7.4-sqlite3 \ + php-fpm \ + php-xml \ + php-mbstring \ + php-bcmath \ + php-opcache \ + nginx \ + && \ + echo "**** prepare app ****" && \ + touch "/app${db_path}" && \ + cd /app/flox/backend && \ + php artisan flox:init --no-interaction "${db_path}" && \ + sed -i \ + -e 's,DB_CONNECTION=.*,DB_CONNECTION=sqlite,g' \ + -e 's,DB_DATABASE=.*,DB_DATABASE='"${db_path}"',g' \ + /app/flox/backend/.env && \ + echo "**** other preparation ****" && \ + mkdir -p mkdir -p /run/php/ && \ + touch /run/php/php7.4-fpm.sock && \ + sed -i \ + -e 's,user =.*,user = abc,g' \ + -e 's,group =.*,group = abc,g' \ + -e 's,listen.owner =.*,listen.owner = abc,g' \ + -e 's,listen.group =.*,listen.group = abc,g' \ + /etc/php/7.4/fpm/pool.d/www.conf && \ + chown -R abc:abc /app/flox && \ + echo "**** cleanup ****" && \ + apt-get purge --auto-remove -y && \ + apt-get clean && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* + + +# copy files to container +COPY rootfs / + +WORKDIR /flox + +EXPOSE 8080 + diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..d3e5d1a --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,19 @@ +The MIT License (MIT) + +Copyright (c) 2015 devfake + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..fc2cd11 --- /dev/null +++ b/README.md @@ -0,0 +1,91 @@ +# flox-dockerized + +[![Build Status](https://drone.44net.ch/api/badges/olofvndrhr/flox-dockerized/status.svg)](https://drone.44net.ch/olofvndrhr/flox-dockerized) + +### This is a docker container for the flox watchlist. Be sure to check out the original project: https://github.com/devfake/flox + +>Flox is a self hosted Movie, Series and Animes watch list. It's build on top of Laravel and Vue.js and uses [The Movie Database](https://www.themoviedb.org/) API. +The rating based on an 3-Point system for `good`, `medium` and `bad`. + +>### [Try live demo](https://flox-demo.pyxl.dev) and [login](https://flox-demo.pyxl.dev/login) with `demo / demo` to add new stuff or change ratings. + +drawing + +--- + +## Running the container + +> This image is available for arm64 and amd64. The right version for you system will automatically be pulled. + +This container only exposes port 80/tcp. It is advised to run this configuration through a reverse proxy providing SSL if the service will be exposed over the internet. Data +is saved in the container at `/flox`. + +To use the container you will need to set the env variable `tmdb_api_key` with your own [TheMovieDatabase API key](https://developers.themoviedb.org/3/getting-started/introduction). It is also recommended that you set `flox_admin_pass`. On first startup you also need to set `flox_db_init` to `true`. + +--- + +### An minimal configuration example would be: +```bash +# with docker run +cd +docker run -p '80:80' --volume '//:/flox/' -e tmdb_api_key= -e flox_db_init=true --name flox olofvndrhr:flox-dockerized:latest +``` + +```bash +# with docker-compose (be sure to check all environment variables and change when neccesary) +cd +nano docker-compose.yml # set tmdb_api_key & flox_db_init +docker-compose pull +docker-compose up -d +``` +In order to create an admin user you will need to run an initial migration. This can be done by running the container once with the environment variable `flox_db_init=true`. +If the env variables `flox_username` and `flox_password` are not set, the default login is: `admin:admin`. + +You can then connect to [http://localhost](http://localhost) to access the application. +If you mounted the data directory, all changes will be saved through container recreation. + +In the data directory is a file called `.lock`. This file controls whether or not to "reset" all application data. So don't remove the file unless you want to reset you installation. +The removed data will still be available in the running container in the directory `/tmp/flox` until you remove the container. After a reset you need to start the container with `flox_db_init=true` again. + +--- + +## Supportet environment variables + +| Name | Description | +|--|--| +| tmdb_api_key | **(required)** The TMDB API key to use - required for startup *(https://developers.themoviedb.org/3/getting-started/introduction)* | +| flox_db_init | **(required)** Run db initialization at container startup *(default: false)* | +| flox_app_url | The url you will be hosting the app on *(default: http://localhost)* | +| flox_username | Inital username. Will not be overwritten after the initialization | +| flox_password | Initial password. Will not be overwritten after the initialization| +| flox_client_uri | The relative path you are hosting on *(default: /)* | +| flox_timezone | The timezone flox is running in *(default: UTC)* | +| flox_daily_reminder_time | The daily reminder time *(default: 10:00)* | +| flox_weekly_reminder_time | The weekly reminder time *(default: 20:00)* | +| puid | Unix user id to run the container as (default 4444) | +| pgid | Unix group id to run the container as (default 4444) | +| flox_mail_driver | Mail driver (most likely smtp) | +| flox_mail_host | Hostname of the mail server | +| flox_mail_port | Port of the mail server (smtp port) | +| flox_mail_from | Email address from which flox sends the mails | +| flox_mail_username | User name on the mail server | +| flox_mail_password | User password | +| flox_mail_encryption | Encryption type (tls,ssl,none) | + +--- + +## Contribution + +Like this project? Want to contribute? Awesome! Feel free to open some pull requests or just open an issue. + + +## Changelogs + +Changelogs can be found [here](https://github.com/olofvndrhr/flox-dockerized/blob/master/CHANGELOG.md). But they may be not fully detailled. + + +## License + +Flox is published under the MIT license. See LICENSE for more information. All credits to [devfake](https://github.com/devfake/flox/releases) + + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..2921c12 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,27 @@ +version: "3" +services: + + flox: + image: olofvndrhr/flox-dockerized:latest + container_name: flox-watchlist + restart: unless-stopped + security_opt: + - no-new-privileges:true + ports: + - 80:80 + networks: + - appnet + volumes: + - ./data/:/flox/ + environment: + - TZ=Europe/Zurich + - PUID=4444 # custom userid + - PGID=4444 # custom groupid + - tmdb_api_key= # (required) The TMDB API key to use + - flox_init=true # run db initialization at container startup + +networks: + appnet: + name: appnet + driver: bridge + diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..dc7b4cf --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,20 @@ +image: olofvndrhr/flox-dockerized:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}dev{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} + - "latest" +{{/if}} +manifests: + - + image: olofvndrhr/flox-dockerized:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{else}}dev-{{/if}}linux-amd64 + platform: + architecture: amd64 + os: linux + - + image: olofvndrhr/flox-dockerized:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{else}}dev-{{/if}}linux-arm64 + platform: + architecture: arm64 + os: linux + variant: v8 diff --git a/rootfs/etc/cont-init.d/20-setenv b/rootfs/etc/cont-init.d/20-setenv new file mode 100644 index 0000000..3005828 --- /dev/null +++ b/rootfs/etc/cont-init.d/20-setenv @@ -0,0 +1,22 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# set all env variables for further use. if variable is unset, it will have the defaults on the right side after ":=" + +# custom env vars +: "${tmdb_api_key:=}" +: "${flox_app_url:=http://localhost}" +: "${flox_client_uri:=/}" +: "${flox_init:=false}" +: "${flox_username:=admin}" +: "${flox_password:=admin}" +: "${flox_timezone:=UTC}" +: "${flox_daily_reminder_time:=10:00}" +: "${flox_weekly_reminder_time:=20:00}" +: "${flox_mail_driver:=}" +: "${flox_mail_host:=}" +: "${flox_mail_port:=}" +: "${flox_mail_from:=}" +: "${flox_mail_username:=}" +: "${flox_mail_password:=}" +: "${flox_mail_encryption:=}" diff --git a/rootfs/etc/cont-init.d/50-init b/rootfs/etc/cont-init.d/50-init new file mode 100644 index 0000000..415cd0b --- /dev/null +++ b/rootfs/etc/cont-init.d/50-init @@ -0,0 +1,20 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + + +# check if lock file is present +if [[ ! -f /flox/.lock ]]; then + printf 'Copying files to bind mount path\n' + # move app to permanent path + rsync --archive --delete --backup --backup-dir=/tmp /app/flox/ /flox + + # create lock file to prevent overwriting existing files + touch /flox/.lock + chmod 600 /flox/.lock +else + printf 'Lock file present. Not copying files\n' +fi + diff --git a/rootfs/etc/cont-init.d/51-prepare b/rootfs/etc/cont-init.d/51-prepare new file mode 100644 index 0000000..84d803b --- /dev/null +++ b/rootfs/etc/cont-init.d/51-prepare @@ -0,0 +1,23 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + +# set db connection options +sed -i \ + -e 's,^TMDB_API_KEY=.*,TMDB_API_KEY='"${tmdb_api_key}"',g' \ + -e 's,^APP_URL=.*,APP_URL='"${flox_app_url}"',g' \ + -e 's,^CLIENT_URI=.*,CLIENT_URI='"${flox_client_uri}"',g' \ + -e 's,^TIMEZONE=.*,TIMEZONE='"${flox_timezone}"',g' \ + -e 's,^DAILY_REMINDER_TIME=.*,DAILY_REMINDER_TIME='"${flox_daily_reminder_time}"',g' \ + -e 's,^WEEKLY_REMINDER_TIME=.*,WEEKLY_REMINDER_TIME='"${flox_weekly_reminder_time}"',g' \ + -e 's,^MAIL_DRIVER=.*,MAIL_DRIVER='"${flox_mail_driver}"',g' \ + -e 's,^MAIL_HOST=.*,MAIL_HOST='"${flox_mail_host}"',g' \ + -e 's,^MAIL_PORT=.*,MAIL_PORT='"${flox_mail_port}"',g' \ + -e 's,^MAIL_FROM=.*,MAIL_FROM='"${flox_mail_from}"',g' \ + -e 's,^MAIL_USERNAME=.*,MAIL_USERNAME='"${flox_mail_username}"',g' \ + -e 's,^MAIL_PASSWORD=.*,MAIL_PASSWORD='"${flox_mail_password}"',g' \ + -e 's,^MAIL_ENCRYPTION=.*,MAIL_ENCRYPTION='"${flox_mail_encryption}"',g' \ + /flox/backend/.env + diff --git a/rootfs/etc/cont-init.d/52-migrate b/rootfs/etc/cont-init.d/52-migrate new file mode 100644 index 0000000..0aeae45 --- /dev/null +++ b/rootfs/etc/cont-init.d/52-migrate @@ -0,0 +1,15 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + + +if [[ "${flox_init,,}" == "true" ]]; then + # init db + php /flox/backend/artisan flox:db --no-interaction "${flox_username}" "${flox_password}" #>/dev/null +else + # migrate db + php /flox/backend/artisan migrate #>/dev/null +fi + diff --git a/rootfs/etc/cont-init.d/80-fix-perms b/rootfs/etc/cont-init.d/80-fix-perms new file mode 100644 index 0000000..0eed7f0 --- /dev/null +++ b/rootfs/etc/cont-init.d/80-fix-perms @@ -0,0 +1,15 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + +app_path='/flox/' + +# fix permissions +find "${app_path}" -type d -not -perm 775 -exec chmod 775 '{}' \+ +find "${app_path}" -type f -not -perm 664 -exec chmod 664 '{}' \+ + +find "${app_path}" -not -user abc -exec chown abc '{}' \+ +find "${app_path}" -not -group abc -exec chown :abc '{}' \+ + diff --git a/rootfs/etc/cron.d/flox b/rootfs/etc/cron.d/flox new file mode 100644 index 0000000..1490906 --- /dev/null +++ b/rootfs/etc/cron.d/flox @@ -0,0 +1 @@ +* * * * * php /flox/backend/artisan schedule:run >> /dev/null 2>&1 \ No newline at end of file diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf new file mode 100644 index 0000000..e415226 --- /dev/null +++ b/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,36 @@ +user abc; +daemon off; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { +worker_connections 768; +# multi_accept on; +} + +http { + +sendfile on; +tcp_nopush on; +types_hash_max_size 2048; +# server_tokens off; + +# server_names_hash_bucket_size 64; +# server_name_in_redirect off; + +include /etc/nginx/mime.types; +default_type application/octet-stream; + +ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE +ssl_prefer_server_ciphers on; + +access_log /var/log/nginx/access.log; +error_log /var/log/nginx/error.log; + +gzip on; + + +include /etc/nginx/conf.d/*.conf; +include /etc/nginx/sites-enabled/*; +} diff --git a/rootfs/etc/nginx/sites-enabled/default b/rootfs/etc/nginx/sites-enabled/default new file mode 100644 index 0000000..470c733 --- /dev/null +++ b/rootfs/etc/nginx/sites-enabled/default @@ -0,0 +1,23 @@ +server { + listen 80 default_server; + + server_name localhost; + + root /flox/public/; + index index.php; + + client_max_body_size 64M; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/rootfs/etc/services.d/flox-worker/run b/rootfs/etc/services.d/flox-worker/run new file mode 100644 index 0000000..e576556 --- /dev/null +++ b/rootfs/etc/services.d/flox-worker/run @@ -0,0 +1,7 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + +exec php /flox/backend/artisan queue:work --tries=3 diff --git a/rootfs/etc/services.d/nginx/run b/rootfs/etc/services.d/nginx/run new file mode 100644 index 0000000..0247f5c --- /dev/null +++ b/rootfs/etc/services.d/nginx/run @@ -0,0 +1,7 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + +exec nginx diff --git a/rootfs/etc/services.d/php-fpm/run b/rootfs/etc/services.d/php-fpm/run new file mode 100644 index 0000000..ff5c21f --- /dev/null +++ b/rootfs/etc/services.d/php-fpm/run @@ -0,0 +1,7 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# source env variables +source /etc/cont-init.d/20-setenv + +exec php-fpm7.4 --nodaemonize diff --git a/rootfs/etc/usr/local/etc/php/conf.d/uploads.ini b/rootfs/etc/usr/local/etc/php/conf.d/uploads.ini new file mode 100644 index 0000000..7fc73c5 --- /dev/null +++ b/rootfs/etc/usr/local/etc/php/conf.d/uploads.ini @@ -0,0 +1,5 @@ +file_uploads = On +memory_limit = 64M +upload_max_filesize = 64M +post_max_size = 64M +max_execution_time = 600