Compare commits

..

55 commits

Author SHA1 Message Date
f
3034258f36 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into syslogize
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-07-19 18:49:33 -03:00
f
9c4de359fb alpine upgrades 2022-07-19 18:48:03 -03:00
f
75df2530e3 tag with the program name by default
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-06-04 17:40:00 -03:00
f
af44e95be9 propagate signals
send signals received by syslogize to the wrapped program.  this way we
can treat syslogize as we treated the program itself.
2022-06-04 17:38:44 -03:00
f
94583cdcca add to container
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-06-04 16:53:38 -03:00
f
9f2673b4e1 daemonize requires the full path 2022-06-04 16:53:04 -03:00
f
e38f6a1fe6 syslogize
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
a wrapper for sending output to syslog when the program doesn't support
it.  if adds syslogging support to daemonize as well.
2022-06-04 16:48:38 -03:00
f
5d2ad04336 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-05-29 21:05:42 -03:00
f
3f78ebd148 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-04-04 16:09:16 -03:00
f
e41a77ee7b cache prevents build if the version doesn't exist
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-29 10:15:29 -03:00
f
bbfa212002 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-03-28 19:07:55 -03:00
f
b198d36200 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-19 14:50:27 -03:00
f
45562a4354 Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista 2022-03-19 14:48:23 -03:00
f
1b72fdc8b0 credentials for mmmonit 2022-03-19 14:47:05 -03:00
f
03513b78ec less data
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-15 18:05:28 -03:00
f
8b674a10b9 we'll skip this version
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-14 18:34:42 -03:00
f
d4294d219a register to mmmonit with credentials 2022-03-14 18:34:00 -03:00
f
a615fdf509 default env
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-14 11:10:22 -03:00
f
c0531c8f3c bug introduced by b04c169a8e 2022-03-14 11:09:55 -03:00
f
4387534944 mmonit support
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-13 23:27:39 -03:00
f
b04c169a8e autoconfigure email
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-07 22:05:10 -03:00
f
7aa9fe6d10 fixes
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-03-07 19:59:50 -03:00
f
d27b839b0d verify config
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-03-07 19:55:25 -03:00
f
755c3c75d6 configurable email
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-07 18:59:28 -03:00
f
0c9ca5f55b don't cleanup after build
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
should allow woodpecker to reutilize the cache
2022-03-02 15:53:19 -03:00
f
ed9e013135 knot is always at knot.doma.in
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-03-01 18:34:11 -03:00
f
8c2c4aa4d8 cache and keep 3.13.6
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-02-15 15:06:19 -03:00
f
e5856e8865 remove previous records
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-01-20 17:17:18 -03:00
f
e546682b45 alpine upgrade
Some checks failed
continuous-integration/woodpecker the build failed
2021-11-24 20:36:39 -03:00
f
ba8955e7aa ensure there's an alert email
Some checks failed
continuous-integration/woodpecker the build failed
2021-10-09 13:45:05 -03:00
f
95b521eead container name
Some checks failed
continuous-integration/woodpecker the build failed
2021-10-04 13:27:59 -03:00
f
b0de70d3ef base image is alpine
Some checks failed
continuous-integration/woodpecker the build failed
2021-10-04 13:24:49 -03:00
f
d338528819 ensure utf-8 locale
Some checks failed
continuous-integration/woodpecker the build failed
2021-10-04 13:20:24 -03:00
f
eaeb0cd8b2 [skip ci] remove gitlab ci 2021-10-03 20:44:39 -03:00
f
30731652e3 add versioned repository 2021-10-03 20:42:17 -03:00
f
5c1bcb8bae Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista 2021-10-03 20:34:25 -03:00
f
d14e689473 Update to 3.13.6 because of OpenSSL CVEs 2021-09-07 12:56:05 -03:00
f
5402fd2529 alpine 3.13.5 2021-04-19 17:57:02 -03:00
f
fd82edc49f alpine 3.13.4 2021-04-01 16:56:52 -03:00
f
34b0a70b4f append dot if hostname contains domain 2021-04-01 16:56:20 -03:00
f
72e5499ab9 autonomous dns 2021-04-01 15:49:14 -03:00
f
45c8f985c7 openssl upgrade 2021-03-27 10:47:25 -03:00
f
8809e18b77 send emails 2021-03-27 10:47:17 -03:00
f
99ea5a001f alpine 3.13.1 2021-02-02 19:51:07 -03:00
f
e3735537be alpine 3.12.3 2020-12-26 13:09:32 -03:00
f
227097be6a the key needs to have an address and hash 2020-07-27 16:42:02 -03:00
f
642227d8a8 3.12 2020-07-18 20:00:59 -03:00
f
74c942a52a Get pubkeys 2020-06-01 18:19:22 -03:00
f
0c07a45bd5 Alpine 3.11.6 2020-06-01 12:54:38 -03:00
f
bf1ebc9d2d
upgrade to alpine 3.11
have to patch monit because their use of vfork() is incompatible with
musl
2019-12-20 18:22:00 -03:00
f
647adc5beb
3.9 2019-11-16 20:20:08 -03:00
f
afb9d7e18d
assume network is 172.0.0.0/8
in some cases, the allow_network script will crash monit during reload
and keep the container in a reboot loop
2019-11-16 15:38:17 -03:00
f
9f1d619fac
missing argument 2019-09-10 22:53:56 -03:00
f
75b15a65d9
alert 2019-09-10 21:11:06 -03:00
f
414a60c722
monit 2019-09-10 20:24:35 -03:00
9 changed files with 168 additions and 18 deletions

View file

@ -1,11 +0,0 @@
stages:
- build
build:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest

View file

@ -4,13 +4,14 @@ pipeline:
settings:
registry: registry.nulo.in
username: sutty
repo: registry.nulo.in/sutty/CHANGEME
repo: registry.nulo.in/sutty/monit
tags:
- ${ALPINE_VERSION}
- latest
build_args:
- ALPINE_VERSION=${ALPINE_VERSION}
- BASE_IMAGE=registry.nulo.in/sutty/monit
- BASE_IMAGE=alpine
purge: false
secrets:
- docker_password
when:
@ -18,7 +19,7 @@ pipeline:
event: push
matrix:
ALPINE_VERSION:
- 3.16.0
- 3.15.4
- 3.14.6
- 3.13.10
- 3.16.1
- 3.15.5
- 3.14.7
- 3.13.11

View file

@ -1,4 +1,48 @@
ARG ALPINE_VERSION=3.13.6
ARG BASE_IMAGE=sutty/monit
ARG BASE_IMAGE=alpine
FROM ${BASE_IMAGE}:${ALPINE_VERSION} as build
RUN apk add --no-cache tzdata
COPY ./monitrc /etc/monitrc
RUN chmod 600 /etc/monitrc
FROM ${BASE_IMAGE}:${ALPINE_VERSION}
ARG ALPINE_VERSION
MAINTAINER "f <f@sutty.nl>"
ENV EMAIL=monit@sutty.nl
ENV EMAIL_FROM=monit@sutty.nl
ENV MMONIT=mmmonit.athshe.sutty.nl
ENV CREDENTIALS=mmmonit:mmmonit.athshe.sutty.nl
# Locale
ENV LANG="C.UTF-8"
# Sutty's repository
RUN echo ${ALPINE_VERSION} | cut -d . -f 1,2 | xargs -I {} echo https://alpine.sutty.nl/alpine/v{}/sutty | tee -a /etc/apk/repositories
RUN wget https://alpine.sutty.nl/alpine/sutty.pub -O /etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub
# Install monit and remove default config
RUN apk add --no-cache tini monit knsupdate
COPY --from=build /usr/share/zoneinfo/UTC /etc/localtime
# Create directories
RUN install -dm 2750 -o root -g root /etc/monit.d
RUN install -dm 2750 -o root -g root /var/lib/monit
# Install config
COPY --from=build /etc/monitrc /etc/monitrc
COPY ./nsupdate.sh /usr/local/bin/nsupdate
COPY ./whatsmyip6.sh /usr/local/bin/whatsmyip6
COPY ./syslogize.sh /usr/local/bin/syslogize
COPY ./zeroconf.sh /usr/local/bin/zeroconf
COPY ./zeroconf.conf /etc/zeroconf.conf
# Allow access to the web GUI
EXPOSE 2812
# Use tini as init
ENTRYPOINT ["/sbin/tini", "--"]
# Run monit, it will take care of running services afterwards
CMD ["/usr/bin/monit"]

20
monitrc Normal file
View file

@ -0,0 +1,20 @@
set init
set daemon 60
set logfile syslog facility log_daemon
set pidfile /run/monit.pid
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set eventqueue basedir /var/lib/monit/events slots 100
set limits { programoutput: 1 MB }
check program nsupdate
with path "/usr/local/bin/nsupdate"
every 1 cycle
if status = 0 then unmonitor
check program zeroconf
with path "/usr/local/bin/zeroconf"
every 1 cycle
if status = 0 then unmonitor
include /etc/monit.d/*.conf

25
nsupdate.sh Executable file
View file

@ -0,0 +1,25 @@
#!/bin/sh
# Registers the local IPv6 address to the DNS
IP6="`whatsmyip6`"
KNOT="${KNOT:-knot.${DOMAIN}}"
test -z "${IP6}" && exit 1
test -z "${DOMAIN}" && exit 1
# Add a dot if the hostname contains the domain
echo "${HOSTNAME}" | grep -q "\.${DOMAIN}$" && DOT="."
knsupdate <<DNS
server ${KNOT}
zone ${DOMAIN}.
origin ${DOMAIN}.
ttl 60
del ${HOSTNAME}${DOT} AAAA
add ${HOSTNAME}${DOT} AAAA ${IP6}
send
quit
DNS
exit $?

33
syslogize.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
# A wrapper for programs that can't write to syslog. Output and error
# are sent to syslog.
#
# Use LOGGER environment variable to pass options to `logger`. They'll
# probably be system-dependent, so handle with care.
#
# Usage:
#
# LOGGER="-t program" syslogize program -o -p --tions argu ments
#
# daemonize /usr/local/bin/syslogize program
if test $# -eq 0 ; then
grep "^#" $0 | grep -v /bin/sh | sed -re "s/^#\s*//" >&2
exit 1
fi
LOGGER="${LOGGER:--t $1}"
propagate_signal () {
logger ${LOGGER} "Received $1 signal"
jobs -p | xargs kill -$1
}
for signal in HUP INT QUIT USR1 USR2 TERM; do
trap "propagate_signal ${signal}" ${signal}
done
$@ 2>&1 | logger ${LOGGER} &
wait $!

3
whatsmyip6.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/sh
ip address show ${1:-eth0} | grep inet6 | grep global | tr -s " " | cut -d " " -f 3 | cut -d / -f 1

16
zeroconf.conf Normal file
View file

@ -0,0 +1,16 @@
set mmonit http://@@MMONIT@@/collector
set mailserver postfix port 25 using hostname @@HOSTNAME@@
set alert @@EMAIL@@
set mail-format {
from: Monit <@@EMAIL_FROM@@>
subject: $HOST
message: $ACTION $SERVICE -- $DATE: $DESCRIPTION.
}
set httpd port 2812
allow localhost
allow 172.0.0.0/8
allow "fd00:acab::/32"
allow @@CREDENTIALS@@

19
zeroconf.sh Executable file
View file

@ -0,0 +1,19 @@
#!/bin/sh
set -e
test ! -f /etc/monit.d/zeroconf.conf || exit 0
test -n "${EMAIL}"
test -n "${EMAIL_FROM}"
test -n "${MMONIT}"
test -n "${CREDENTIALS}"
sed -re "s/@@EMAIL@@/${EMAIL}/" \
-e "s/@@EMAIL_FROM@@/${EMAIL_FROM}/" \
-e "s/@@HOSTNAME@@/${EMAIL_FROM#*@}/" \
-e "s/@@MMONIT@@/${MMONIT}/" \
-e "s/@@CREDENTIALS@@/${CREDENTIALS}/" \
/etc/zeroconf.conf > /etc/monit.d/zeroconf.conf
monit -t
monit reload