Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into syslogize

send signals received by syslogize to the wrapped program.  this way we
can treat syslogize as we treated the program itself.

.gitlab-ci.yml

@@ -1,11 +0,0 @@
-stages:
-  - build
-
-build:
-  stage: build
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  script:
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest

.woodpecker.yml

@@ -4,13 +4,14 @@ pipeline:
     settings:
       registry: registry.nulo.in
       username: sutty
-      repo: registry.nulo.in/sutty/CHANGEME
+      repo: registry.nulo.in/sutty/monit
       tags:
       - ${ALPINE_VERSION}
       - latest
       build_args:
       - ALPINE_VERSION=${ALPINE_VERSION}
-      - BASE_IMAGE=registry.nulo.in/sutty/monit
+      - BASE_IMAGE=alpine
+      purge: false
     secrets:
     - docker_password
     when:
@@ -18,7 +19,7 @@ pipeline:
       event: push
 matrix:
   ALPINE_VERSION:
-  - 3.16.0
+  - 3.16.1
-  - 3.15.4
+  - 3.15.5
-  - 3.14.6
+  - 3.14.7
-  - 3.13.10
+  - 3.13.11

Dockerfile

@@ -1,4 +1,48 @@
 ARG ALPINE_VERSION=3.13.6
-ARG BASE_IMAGE=sutty/monit
+ARG BASE_IMAGE=alpine
+FROM ${BASE_IMAGE}:${ALPINE_VERSION} as build
+
+RUN apk add --no-cache tzdata
+
+COPY ./monitrc /etc/monitrc
+RUN chmod 600 /etc/monitrc
+
 FROM ${BASE_IMAGE}:${ALPINE_VERSION}
+ARG ALPINE_VERSION
 MAINTAINER "f <f@sutty.nl>"
+ENV EMAIL=monit@sutty.nl
+ENV EMAIL_FROM=monit@sutty.nl
+ENV MMONIT=mmmonit.athshe.sutty.nl
+ENV CREDENTIALS=mmmonit:mmmonit.athshe.sutty.nl
+
+# Locale
+ENV LANG="C.UTF-8"
+
+# Sutty's repository
+RUN echo ${ALPINE_VERSION} | cut -d . -f 1,2 | xargs -I {} echo https://alpine.sutty.nl/alpine/v{}/sutty | tee -a /etc/apk/repositories
+RUN wget https://alpine.sutty.nl/alpine/sutty.pub -O /etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub
+
+# Install monit and remove default config
+RUN apk add --no-cache tini monit knsupdate
+COPY --from=build /usr/share/zoneinfo/UTC /etc/localtime
+
+# Create directories
+RUN install -dm 2750 -o root -g root /etc/monit.d
+RUN install -dm 2750 -o root -g root /var/lib/monit
+
+# Install config
+COPY --from=build /etc/monitrc /etc/monitrc
+COPY ./nsupdate.sh /usr/local/bin/nsupdate
+COPY ./whatsmyip6.sh /usr/local/bin/whatsmyip6
+COPY ./syslogize.sh /usr/local/bin/syslogize
+COPY ./zeroconf.sh /usr/local/bin/zeroconf
+COPY ./zeroconf.conf /etc/zeroconf.conf
+
+# Allow access to the web GUI
+EXPOSE 2812
+
+# Use tini as init
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Run monit, it will take care of running services afterwards
+CMD ["/usr/bin/monit"]

monitrc

@@ -0,0 +1,20 @@
+set init
+set daemon 60
+set logfile syslog facility log_daemon
+set pidfile /run/monit.pid
+set idfile /var/lib/monit/id
+set statefile /var/lib/monit/state
+set eventqueue basedir /var/lib/monit/events slots 100
+set limits { programoutput: 1 MB }
+
+check program nsupdate
+  with path "/usr/local/bin/nsupdate"
+  every 1 cycle
+  if status = 0 then unmonitor
+
+check program zeroconf
+  with path "/usr/local/bin/zeroconf"
+  every 1 cycle
+  if status = 0 then unmonitor
+
+include /etc/monit.d/*.conf

nsupdate.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Registers the local IPv6 address to the DNS
+
+IP6="`whatsmyip6`"
+KNOT="${KNOT:-knot.${DOMAIN}}"
+
+test -z "${IP6}" && exit 1
+test -z "${DOMAIN}" && exit 1
+
+# Add a dot if the hostname contains the domain
+echo "${HOSTNAME}" | grep -q "\.${DOMAIN}$" && DOT="."
+
+knsupdate <<DNS
+server ${KNOT}
+zone ${DOMAIN}.
+origin ${DOMAIN}.
+ttl 60
+del ${HOSTNAME}${DOT} AAAA
+add ${HOSTNAME}${DOT} AAAA ${IP6}
+send
+quit
+DNS
+
+exit $?

syslogize.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+# A wrapper for programs that can't write to syslog.  Output and error
+# are sent to syslog.
+#
+# Use LOGGER environment variable to pass options to `logger`.  They'll
+# probably be system-dependent, so handle with care.
+#
+# Usage:
+#
+# LOGGER="-t program" syslogize program -o -p --tions argu ments
+#
+# daemonize /usr/local/bin/syslogize program
+
+if test $# -eq 0 ; then
+  grep "^#" $0 | grep -v /bin/sh | sed -re "s/^#\s*//" >&2
+
+  exit 1
+fi
+
+LOGGER="${LOGGER:--t $1}"
+
+propagate_signal () {
+  logger ${LOGGER} "Received $1 signal"
+  jobs -p | xargs kill -$1 
+}
+
+for signal in HUP INT QUIT USR1 USR2 TERM; do
+  trap "propagate_signal ${signal}" ${signal}
+done
+
+$@ 2>&1 | logger ${LOGGER} &
+
+wait $!

whatsmyip6.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ip address show ${1:-eth0} | grep inet6 | grep global | tr -s " "  | cut -d " " -f 3 | cut -d / -f 1

zeroconf.conf

@@ -0,0 +1,16 @@
+set mmonit http://@@MMONIT@@/collector
+set mailserver postfix port 25 using hostname @@HOSTNAME@@
+
+set alert @@EMAIL@@
+
+set mail-format {
+  from: Monit <@@EMAIL_FROM@@>
+  subject: $HOST
+  message: $ACTION $SERVICE -- $DATE: $DESCRIPTION.
+}
+
+set httpd port 2812
+  allow localhost
+  allow 172.0.0.0/8
+  allow "fd00:acab::/32"
+  allow @@CREDENTIALS@@

zeroconf.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+set -e
+
+test ! -f /etc/monit.d/zeroconf.conf || exit 0
+
+test -n "${EMAIL}"
+test -n "${EMAIL_FROM}"
+test -n "${MMONIT}"
+test -n "${CREDENTIALS}"
+
+sed -re "s/@@EMAIL@@/${EMAIL}/" \
+     -e "s/@@EMAIL_FROM@@/${EMAIL_FROM}/" \
+     -e "s/@@HOSTNAME@@/${EMAIL_FROM#*@}/" \
+     -e "s/@@MMONIT@@/${MMONIT}/" \
+     -e "s/@@CREDENTIALS@@/${CREDENTIALS}/" \
+     /etc/zeroconf.conf > /etc/monit.d/zeroconf.conf
+
+monit -t
+monit reload