diff --git a/Dockerfile b/Dockerfile index 59c5898..af250ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,2 +1,28 @@ -FROM sutty/monit:latest +FROM alpine:3.10 MAINTAINER "f " + +# Install monit and remove default config +RUN apk add --no-cache tini monit && rm -f /etc/monitrc + +# Create directories +RUN install -dm 2750 -o root -g root /etc/monit.d +RUN install -dm 2750 -o root -g root /var/lib/monit + +# Install config. monit.conf~ will be activated after allow_networks +# runs. +COPY ./monitrc /etc/monitrc +COPY ./monit /etc/monit.d/monit.conf~ +COPY ./allow_networks.sh /usr/local/bin/allow_networks + +# Set permissions +RUN chmod 700 /etc/monitrc /etc/monit.d/monit.conf~ +RUN chmod 755 /usr/local/bin/allow_networks + +# Allow access to the web GUI +EXPOSE 2812 + +# Use tini as init +ENTRYPOINT ["/sbin/tini", "--"] + +# Run monit, it will take care of running services afterwards +CMD ["/usr/bin/monit"] diff --git a/allow_networks.sh b/allow_networks.sh new file mode 100644 index 0000000..103548b --- /dev/null +++ b/allow_networks.sh @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +# Everything's OK +test -f /etc/monit.d/monit.conf && exit 0 + +# Obtain current IP addresses +ip route \ + | grep "^[0-9]" \ + | cut -d " " -f 1 \ + | sed -re "s/^/ allow /" \ + >> /etc/monit.d/monit.conf~ + +# Put in place +mv /etc/monit.d/monit.conf~ /etc/monit.d/monit.conf + +# Reload config +monit reload diff --git a/monit b/monit new file mode 100644 index 0000000..7c190d9 --- /dev/null +++ b/monit @@ -0,0 +1,2 @@ +set httpd port 2812 + allow localhost diff --git a/monitrc b/monitrc new file mode 100644 index 0000000..c1e29a7 --- /dev/null +++ b/monitrc @@ -0,0 +1,14 @@ +set init +set daemon 60 +set logfile syslog facility log_daemon +set pidfile /run/monit.pid +set idfile /var/lib/monit/id +set statefile /var/lib/monit/state +set eventqueue basedir /var/lib/monit/events slots 100 + +check program allow_networks + with path "/usr/local/bin/allow_networks" + every 1 cycles + if status = 0 then unmonitor + +include /etc/monit.d/*.conf