monit

Dockerfile

@@ -1,2 +1,28 @@
-FROM sutty/monit:latest
+FROM alpine:3.10
 MAINTAINER "f <f@sutty.nl>"
+
+# Install monit and remove default config
+RUN apk add --no-cache tini monit && rm -f /etc/monitrc
+
+# Create directories
+RUN install -dm 2750 -o root -g root /etc/monit.d
+RUN install -dm 2750 -o root -g root /var/lib/monit
+
+# Install config. monit.conf~ will be activated after allow_networks
+# runs.
+COPY ./monitrc /etc/monitrc
+COPY ./monit /etc/monit.d/monit.conf~
+COPY ./allow_networks.sh /usr/local/bin/allow_networks
+
+# Set permissions
+RUN chmod 700 /etc/monitrc /etc/monit.d/monit.conf~
+RUN chmod 755 /usr/local/bin/allow_networks
+
+# Allow access to the web GUI
+EXPOSE 2812
+
+# Use tini as init
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Run monit, it will take care of running services afterwards
+CMD ["/usr/bin/monit"]

allow_networks.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+# Everything's OK
+test -f /etc/monit.d/monit.conf && exit 0
+
+# Obtain current IP addresses
+ip route \
+  | grep "^[0-9]" \
+  | cut -d " " -f 1 \
+  | sed -re "s/^/  allow /" \
+  >> /etc/monit.d/monit.conf~
+
+# Put in place
+mv /etc/monit.d/monit.conf~ /etc/monit.d/monit.conf
+
+# Reload config
+monit reload

monit

@@ -0,0 +1,2 @@
+set httpd port 2812
+  allow localhost

monitrc

@@ -0,0 +1,14 @@
+set init
+set daemon 60
+set logfile syslog facility log_daemon
+set pidfile /run/monit.pid
+set idfile /var/lib/monit/id
+set statefile /var/lib/monit/state
+set eventqueue basedir /var/lib/monit/events slots 100
+
+check program allow_networks
+  with path "/usr/local/bin/allow_networks"
+  every 1 cycles
+  if status = 0 then unmonitor
+
+include /etc/monit.d/*.conf