Add lsio-inspired alpine pixelfed image

pixelfed/alpine/base/Dockerfile.arm64v8

@@ -0,0 +1,103 @@
+FROM lsiobase/alpine:arm64v8-3.11
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG PIXELFED_RELEASE
+LABEL build_version="Build version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="asonix"
+
+# environment settings
+ENV PIXELFED_PATH="/srv/www/pixelfed"
+
+RUN \
+ echo "**** install runtime packages ****" && \
+ apk add --no-cache --upgrade \
+        apache2-utils \
+        curl \
+        ffmpeg \
+        git \
+        imagemagick \
+        jpegoptim \
+        libressl3.0-libssl \
+        libxml2 \
+        nano \
+        openssl \
+        optipng \
+        php7 \
+        php7-bcmath \
+        php7-ctype \
+        php7-curl \
+        php7-dom \
+        php7-exif \
+        php7-fileinfo \
+        php7-fpm \
+        php7-gd \
+        php7-iconv \
+        php7-imagick \
+        php7-intl \
+        php7-json \
+        php7-mbstring \
+        php7-openssl \
+        php7-pcntl \
+        php7-pdo_pgsql \
+        php7-pgsql \
+        php7-phar \
+        php7-posix \
+        php7-session \
+        php7-simplexml \
+        php7-tokenizer \
+        php7-xml \
+        php7-xmlwriter \
+        php7-zip \
+        php7-zlib \
+        pngquant \
+        rsync \
+        sudo \
+        tar \
+        unzip && \
+ echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php7/php-fpm.conf
+
+# install composer
+RUN \
+ echo "**** install composer ****" && \
+ set -ex; \
+ SIGNATURE="$(curl https://composer.github.io/installer.sig)"; \
+ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"; \
+ SIG="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"; \
+ test "$SIGNATURE" = "$SIG"; \
+ php composer-setup.php --install-dir /usr/local/bin --filename=composer; \
+ echo "**** cleanup ****" && \
+ rm composer-setup.php
+
+# install pixelfed
+RUN \
+ echo "**** download pixelfed ****" && \
+ curl -o /app/pixelfed.tar.gz -L \
+        "https://github.com/pixelfed/pixelfed/archive/${PIXELFED_RELEASE}.tar.gz" && \
+ echo "**** install pixelfed ****" && \
+ mkdir -p "${PIXELFED_PATH}" && \
+ tar zxf /app/pixelfed.tar.gz -C "${PIXELFED_PATH}" --strip-components=1 && \
+ chown abc:abc -R "${PIXELFED_PATH}" && \
+ echo "**** cleanup ****" && \
+ rm /app/pixelfed.tar.gz
+
+# prepare pixelfed
+WORKDIR /srv/www/pixelfed
+USER abc
+RUN \
+ echo "**** prepare pixelfed ****" && \
+ composer install \
+        --no-ansi \
+        --no-interaction \
+        --optimize-autoloader \
+        --no-scripts \
+        --no-progress && \
+ cp -r storage storage-default
+WORKDIR /
+USER root
+
+# copy local files
+COPY root/ /
+
+VOLUME /srv/www/pixelfed/storage

pixelfed/alpine/base/root/defaults/pixelfed-perms.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+pfpath="${PIXELFED_PATH}"
+htuser='abc'
+htgroup='abc'
+rootuser='root'
+
+printf "chmod Files and Directories\n"
+find ${pfpath}/ -type f -print0 | xargs -0 chmod 0640
+find ${pfpath}/ -type d -print0 | xargs -0 chmod 0750
+
+printf "chown Directories\n"
+chown -R ${rootuser}:${htgroup} ${pfpath}/
+chown -R ${htuser}:${htgroup} ${pfpath}/app/
+chown -R ${htuser}:${htgroup} ${pfpath}/bootstrap/
+chown -R ${htuser}:${htgroup} ${pfpath}/config/
+chown -R ${htuser}:${htgroup} ${pfpath}/public/
+chown -R ${htuser}:${htgroup} ${pfpath}/resources/
+chown -R ${htuser}:${htgroup} ${pfpath}/routes/
+chown -R ${htuser}:${htgroup} ${pfpath}/storage/
+
+chmod +x ${pfpath}/artisan
+
+printf "chmod/chown .htaccess\n"
+if [ -f ${pfpath}/public/.htaccess ]
+ then
+  chmod 0644 ${pfpath}/public/.htaccess
+  chown ${rootuser}:${htgroup} ${pfpath}/.htaccess
+fi

pixelfed/alpine/base/root/etc/cont-init.d/50-install

@@ -0,0 +1,13 @@
+#!/usr/bin/with-contenv bash
+
+# prepare app
+pushd "${PIXELFED_PATH}"
+pixelfed rsync -rog storage-default/* storage/
+pixelfed php artisan storage:link
+pixelfed php artisan config:cache
+pixelfed php artisan horizon:install
+pixelfed php artisan horizon:assets
+pixelfed php artisan route:cache
+pixelfed php artisan view:cache
+pixelfed php artisan optimize
+popd

pixelfed/alpine/base/root/usr/bin/pixelfed

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+COMMAND=pixelfed-$1
+
+if which $COMMAND; then
+	$COMMAND "${@:2}"
+else
+	pixelfed-run "${@:1}"
+fi

pixelfed/alpine/base/root/usr/bin/pixelfed-garbage

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -xe
+
+cd /srv/www/pixelfed
+
+pixelfed php artisan media:optimize
+pixelfed php artisan media:gc
+pixelfed php artisan horizon:snapshot
+pixelfed php artisan story:gc

pixelfed/alpine/base/root/usr/bin/pixelfed-horizon

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+cd /srv/www/pixelfed
+pixelfed php artisan horizon

pixelfed/alpine/base/root/usr/bin/pixelfed-run

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+sudo -u abc "$@"

pixelfed/alpine/build.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+BUILD_DATE=$(date)
+VERSION=$1
+PIXELFED_RELEASE=$2
+
+function require() {
+	if [ "$1" = "" ]; then
+		echo "input '$2' required"
+		print_help
+		exit 1
+	fi
+}
+
+function print_help() {
+	echo "build.sh"
+	echo ""
+	echo "Usage:"
+	echo "	build.sh [version] [pixelfed_release]"
+	echo ""
+	echo "Args:"
+	echo "	version: The version of the current container"
+	echo "	pixelfed_release: The release of pixelfed to include"
+}
+
+function build_image() {
+    IMAGE=$1
+    ARCH=$2
+
+    docker build \
+        --pull \
+        --no-cache \
+        --build-arg BUILD_DATE="${BUILD_DATE}" \
+        --build-arg PIXELFED_RELEASE="${PIXELFED_RELEASE}" \
+        --build-arg VERSION="${VERSION}" \
+        -f "Dockerfile.${ARCH}" \
+        -t "${IMAGE}:${PIXELFED_RELEASE}-${VERSION}-${ARCH}" \
+        -t "${IMAGE}:latest-${ARCH}" \
+        -t "${IMAGE}:latest" \
+        .
+
+    docker push "${IMAGE}:${PIXELFED_RELEASE}-${VERSION}-${ARCH}"
+    docker push "${IMAGE}:latest-${ARCH}"
+    docker push "${IMAGE}:latest"
+}
+
+require "$VERSION" "version"
+require "$PIXELFED_RELEASE" "pixelfed release"
+
+set -xe
+
+# pushd base
+# build_image asonix/pixelfed-base arm64v8
+# popd
+
+# pushd horizon
+# build_image asonix/pixelfed-horizon arm64v8
+# popd
+
+pushd garbage
+build_image asonix/pixelfed-garbage arm64v8
+popd
+
+pushd web
+build_image asonix/pixelfed arm64v8
+popd

pixelfed/alpine/garbage/Dockerfile.arm64v8

@@ -0,0 +1,13 @@
+FROM asonix/pixelfed-base:latest-arm64v8
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG PIXELFED_RELEASE
+LABEL build_version="Build version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="asonix"
+
+# copy local files
+COPY root/ /
+
+VOLUME /srv/www/pixelfed/storage

pixelfed/alpine/garbage/root/etc/services.d/pixelfed-garbase/run

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec /usr/bin/pixelfed-garbage

pixelfed/alpine/horizon/Dockerfile.arm64v8

@@ -0,0 +1,13 @@
+FROM asonix/pixelfed-base:latest-arm64v8
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG PIXELFED_RELEASE
+LABEL build_version="Build version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="asonix"
+
+# copy local files
+COPY root/ /
+
+VOLUME /srv/www/pixelfed/storage

pixelfed/alpine/horizon/root/etc/services.d/pixelfed-horizon/run

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec /usr/bin/pixelfed-horizon

pixelfed/alpine/web/Dockerfile.arm64v8

@@ -0,0 +1,31 @@
+FROM asonix/pixelfed-base:latest-arm64v8
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG PIXELFED_RELEASE
+LABEL build_version="Build version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="asonix"
+
+# environment settings
+ENV PIXELFED_PATH="/srv/www/pixelfed"
+
+RUN \
+ echo "**** install runtime packages ****" && \
+ apk add --no-cache --upgrade \
+        logrotate \
+        nginx && \
+ echo "**** configure nginx ****" && \
+ echo 'fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> \
+        /etc/nginx/fastcgi_params && \
+ rm -f /etc/nginx/conf.d/default.conf && \
+ echo "**** fix logrotate ****" && \
+ sed -i "s#/var/log/messages {}.*# #g" /etc/logrotate.conf && \
+ sed -i 's#/usr/sbin/logrotate /etc/logrotate.conf#/usr/sbin/logrotate /etc/logrotate.conf -s /config/log/logrotate.status#g' \
+        /etc/periodic/daily/logrotate
+
+# copy local files
+COPY root/ /
+
+EXPOSE 80
+VOLUME /srv/www/pixelfed/storage

pixelfed/alpine/web/root/defaults/default

@@ -0,0 +1,59 @@
+upstream php-handler {
+    server 127.0.0.1:9000;
+}
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy no-referrer;
+    fastcgi_hide_header X-Powered-By;
+
+    root /srv/www/pixelfed/public;
+    client_max_body_size 10G;
+    fastcgi_buffers 64 4K;
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    index index.html index.htm index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_index index.php;
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        try_files $fastcgi_script_name =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param HTTPS on;
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

pixelfed/alpine/web/root/defaults/nginx.conf

@@ -0,0 +1,101 @@
+## Version 2018/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf
+
+user abc;
+worker_processes 4;
+pid /run/nginx.pid;
+include /etc/nginx/modules/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	client_max_body_size 0;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /config/log/nginx/access.log;
+	error_log /config/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	#include /etc/nginx/naxsi_core.rules;
+
+	##
+	# nginx-passenger config
+	##
+	# Uncomment it if you installed nginx-passenger
+	##
+
+	#passenger_root /usr;
+	#passenger_ruby /usr/bin/ruby;
+
+	##
+	# Virtual Host Configs
+	##
+	include /etc/nginx/conf.d/*.conf;
+	include /config/nginx/site-confs/*;
+  
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
+daemon off;

pixelfed/alpine/web/root/defaults/pixelfed-perms.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+pfpath="${PIXELFED_PATH}"
+htuser='abc'
+htgroup='abc'
+rootuser='root'
+
+printf "chmod Files and Directories\n"
+find ${pfpath}/ -type f -print0 | xargs -0 chmod 0640
+find ${pfpath}/ -type d -print0 | xargs -0 chmod 0750
+
+printf "chown Directories\n"
+chown -R ${rootuser}:${htgroup} ${pfpath}/
+chown -R ${htuser}:${htgroup} ${pfpath}/app/
+chown -R ${htuser}:${htgroup} ${pfpath}/bootstrap/
+chown -R ${htuser}:${htgroup} ${pfpath}/config/
+chown -R ${htuser}:${htgroup} ${pfpath}/public/
+chown -R ${htuser}:${htgroup} ${pfpath}/resources/
+chown -R ${htuser}:${htgroup} ${pfpath}/routes/
+chown -R ${htuser}:${htgroup} ${pfpath}/storage/
+
+chmod +x ${pfpath}/artisan
+
+printf "chmod/chown .htaccess\n"
+if [ -f ${pfpath}/public/.htaccess ]
+ then
+  chmod 0644 ${pfpath}/public/.htaccess
+  chown ${rootuser}:${htgroup} ${pfpath}/.htaccess
+fi

pixelfed/alpine/web/root/etc/cont-init.d/20-config

@@ -0,0 +1,41 @@
+#!/usr/bin/with-contenv bash
+
+# make our folders
+mkdir -p \
+	/config/{nginx/site-confs,www,log/nginx,keys,log/php,php} \
+	/run \
+	/var/lib/nginx/tmp/client_body \
+	/var/tmp/nginx
+
+# copy config files
+[[ ! -f /config/nginx/nginx.conf ]] && \
+	cp /defaults/nginx.conf /config/nginx/nginx.conf
+[[ ! -f /config/nginx/site-confs/default ]] && \
+	cp /defaults/default /config/nginx/site-confs/default
+[[ $(find /config/www -type f | wc -l) -eq 0 ]] && \
+	cp /defaults/index.html /config/www/index.html
+
+# create local php.ini if it doesn't exist, set local timezone
+[[ ! -f /config/php/php-local.ini ]] && \
+	printf "; Edit this file to override php.ini directives and restart the container\\n\\ndate.timezone = %s\\n" "$TZ" > /config/php/php-local.ini
+# copy user php-local.ini to image
+cp /config/php/php-local.ini /etc/php7/conf.d/php-local.ini
+#fix php-fpm log location
+sed -i "s#;error_log = log/php7/error.log.*#error_log = /config/log/php/error.log#g" /etc/php7/php-fpm.conf
+#fix php-fpm user
+sed -i "s#user = nobody.*#user = abc#g" /etc/php7/php-fpm.d/www.conf
+sed -i "s#group = nobody.*#group = abc#g" /etc/php7/php-fpm.d/www.conf
+# create override for www.conf if it doesn't exist
+[[ ! -f /config/php/www2.conf ]] && \
+	printf "; Edit this file to override www.conf and php-fpm.conf directives and restart the container\\n\\n; Pool name\\n[www]\\n\\n" > /config/php/www2.conf
+# copy user www2.conf to image
+cp /config/php/www2.conf /etc/php7/php-fpm.d/www2.conf
+
+# permissions
+chown -R abc:abc \
+	/config \
+	/var/lib/nginx \
+	/var/tmp/nginx
+chmod -R g+w \
+	/config/{nginx,www}
+chmod -R 644 /etc/logrotate.d

pixelfed/alpine/web/root/etc/cont-init.d/40-config

@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bash
+
+# permissions
+chown abc:abc \
+	/config
+chown -R abc:abc  \
+	/var/lib/nginx

pixelfed/alpine/web/root/etc/cont-init.d/50-install

@@ -0,0 +1,13 @@
+#!/usr/bin/with-contenv bash
+
+# prepare app
+pushd "${PIXELFED_PATH}"
+pixelfed rsync -rog storage-default/* storage/
+pixelfed php artisan storage:link
+pixelfed php artisan config:cache
+pixelfed php artisan horizon:install
+pixelfed php artisan horizon:assets
+pixelfed php artisan route:cache
+pixelfed php artisan view:cache
+pixelfed php artisan optimize
+popd

pixelfed/alpine/web/root/etc/logrotate.d/nginx

@@ -0,0 +1,14 @@
+/config/log/nginx/*.log {
+        weekly
+        rotate 14
+        compress
+        delaycompress
+        nodateext
+        notifempty
+        missingok
+        sharedscripts
+        postrotate
+                s6-svc -h /var/run/s6/services/nginx
+        endscript
+        su abc abc
+}

pixelfed/alpine/web/root/etc/logrotate.d/php-fpm7

@@ -0,0 +1,14 @@
+/config/log/php/*.log {
+        rotate 7
+        weekly
+        missingok
+        notifempty
+        delaycompress
+        compress
+        nodateext
+        sharedscripts
+        postrotate
+                s6-svc -t /var/run/s6/services/php-fpm
+        endscript
+        su abc abc
+}

pixelfed/alpine/web/root/etc/services.d/nginx/run

@@ -0,0 +1,2 @@
+#!/usr/bin/with-contenv bash
+exec /usr/sbin/nginx -c /config/nginx/nginx.conf

pixelfed/alpine/web/root/etc/services.d/php-fpm/run

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec /usr/sbin/php-fpm7 -F