tyrel
/
dockers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more

This commit is contained in:
Tyrel Souza 2023-01-26 21:03:03 +00:00
parent d7d7182eb3
commit a3479804d4
28 changed files with 9627 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
assembly Submodule

@ -0,0 +1 @@
Subproject commit 6f2e5724071da0df10a7c2a8cfd646701cc07ab6

3
docker-dev-container/.dockerignore Normal file
View File

@ -0,0 +1,3 @@
.idea
/workspace
!/workspace/.gitinclude

3
docker-dev-container/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
.idea
/workspace
!/workspace/.gitinclude

83
docker-dev-container/Dockerfile Normal file
View File

@ -0,0 +1,83 @@
ARG SSH_PASSWORD
FROM i386/ubuntu
ENV SSH_PASSWORD ${SSH_PASSWORD:-happymeal}
ENV DEBIAN_FRONTEND noninteractive
# Install OpenSSH Server, Git, etc...
RUN apt-get update -y && apt-get install -y openssh-server git curl
# SSH run dir
RUN mkdir /var/run/sshd
# Setup SSH Password
RUN echo "root:$SSH_PASSWORD" | chpasswd
RUN sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
# Install node.js
RUN apt-get update
RUN apt-get install -y build-essential
RUN apt-get install -y wget
# Vim stuff
RUN apt-get install -y vim
## Vim configurations
ADD vimrc /root/.vimrc
## Vundle
RUN git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
## Color Schemes
RUN mkdir -p /root/.vim/colors
RUN git clone https://github.com/NLKNguyen/papercolor-theme.git /tmp/theme1
RUN mv /tmp/theme1/colors/* /root/.vim/colors/.
## Install the vundle plugins
RUN vim +PluginInstall +qall
## YouCompleteMe
#RUN apt-get install -y build-essential cmake python-dev python3-dev
#RUN /root/.vim/bundle/YouCompleteMe/install.py --js-completer
## Create DIR for swap files
RUN mkdir -p /root/.vim/swap
RUN mkdir -p /root/.vim/backup
RUN mkdir -p /root/.vim/undo
# Locale
RUN apt-get install -y locales
RUN locale-gen en_US.UTF-8
RUN update-locale LANG=en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# tmux - terminal session multiplexer
RUN apt-get install -y tmux
ADD tmux.conf /root/.tmux.conf
RUN git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm
RUN /root/.tmux/plugins/tpm/scripts/install_plugins.sh
# neofetch - displays system info
RUN apt-get install -y neofetch
# zsh
RUN apt-get install -y zsh fonts-powerline
RUN chsh -s $(which zsh)
# Create workspace dir
RUN mkdir /root/workspace
WORKDIR /root/workspace
# Start script
ADD start.sh /root/.
CMD ["/root/start.sh"]

87
docker-dev-container/README.md Normal file
View File

@ -0,0 +1,87 @@
# docker-dev-container
A containerized development environment.
## Features
- zsh (OhMyZsh)
- git
- fzf with keybindings
- `alt c` for fuzzy directory search + cd
- `ctrl t` for fuzzy file path search + paste
- `ctrl r` for fuzzy history search
- vim 8 customized with plugins and some other configured defaults (see [vimrc](./vimrc))
- `ctrl o` File Browser (NERDTree)
- `ctrl p` File quick open (ctrlp)
- `ctrl n` Multi-cursor (vim-multiple-cursors)
- Auto-format (vim-prettier)
- ~~Auto-complete (YouCompleteMe)~~
- Syntax checking (syntastic)
- Mosh - mobile shell eliminates ssh disconnects over unstable networks
- tmux with some light configurations (see [tmux](./tmux.conf))
- node.js and yarn
- devops/cloud tools
- Ansible
- Terraform
- kubectl
- k9s -- Terminal UI for k8s
- AWS CLI
- doctl -- DigitalOcean's CLI tool
## Quick Start
### Connecting via docker-compose
- mounts (read-only) `${SSH_DIR}`, defaults to `~/.ssh`
- mounts `${WORKSPACE_DIR}`, defaults to `./workspace`
- mounts various config folders under `./workspace` into home:
- `.config`
- `.kube`
- `.aws`
```shell
docker-compose up -d
docker-compose exec workspace zsh
```
### Connecting via SSH
```shell script
# Start the container
docker run -d -e SSH_PASSWORD="supersecret" -p 2233:22 ronalddddd/dev-container
# Shell into it
ssh root@localhost -p 2233
```
### Connecting via Mosh
```shell script
mosh root@localhost -p 6000 --ssh="ssh -p 1234"
```
## Advanced Usages
- SSH into it using your private key by setting the environment variable `DEVELOPER_PUBLIC_KEY`
- Mount a project folder to `/projects` (so you don't lose your work :)
- Mount a `.ssh` folder with required credentials
- `authorized_keys` file for logging in
- Private keys for accessing remote repositories, etc...
- Expose SSH port
- Expose Mosh port range (UDP 6000 to 6100)
## What is Mosh?
> Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.
> keeps the session alive if the client goes to sleep and wakes up later, or temporarily loses its Internet connection
- getting a mosh client: https://mosh.org/#getting
- you need to expose one or more UDP ports in the 6000 to 6100 range for
mosh clients to connect
## Screenshots
### Vim
![Screenshot of vim running in a tmux session](./screenshot.jpeg)

BIN
docker-dev-container/screenshot.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 625 KiB

6
docker-dev-container/start.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
mkdir -p /${HOME}/.ssh
echo "root:$SSH_PASSWORD" | chpasswd
echo "${DEVELOPER_PUBLIC_KEY}" >> /${HOME}/.ssh/authorized_keys
/usr/sbin/sshd -D

6
docker-dev-container/tags Normal file
View File

@ -0,0 +1,6 @@
!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/
!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/
!_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/
!_TAG_PROGRAM_NAME Exuberant Ctags //
!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/
!_TAG_PROGRAM_VERSION 5.9~svn20110310 //

23
docker-dev-container/tmux.conf Normal file
View File

@ -0,0 +1,23 @@
new-session
# Start windows and panes at 1, not 0
set -g base-index 1
set -g pane-base-index 1
set-option -g status-position top
set-option -g repeat-time 0
# Removes ESC delay
set -sg escape-time 0
# List of plugins
set -g @tpm_plugins ' \
arcticicestudio/nord-tmux \
tmux-plugins/tpm \
tmux-plugins/tmux-sensible \
tmux-plugins/tmux-prefix-highlight \
'
# Initialize TMUX plugin manager
run '~/.tmux/plugins/tpm/tpm'

131
docker-dev-container/vimrc Normal file
View File

@ -0,0 +1,131 @@
set nocompatible " be iMproved, required
filetype off " required
" set the runtime path to include Vundle and initialize
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
" alternatively, pass a path where Vundle should install plugins
"call vundle#begin('~/some/path/here')
" let Vundle manage Vundle, required
Plugin 'VundleVim/Vundle.vim'
" NERDTree file browser
Plugin 'scrooloose/nerdtree'
" Fuzzy file open/finder
Plugin 'kien/ctrlp.vim'
" Multi-cursor
Plugin 'terryma/vim-multiple-cursors'
" git wrapper
Plugin 'tpope/vim-fugitive'
" Syntax and Auto-complete stuff
Plugin 'jiangmiao/auto-pairs'
Plugin 'vim-syntastic/syntastic'
"Plugin 'Valloric/YouCompleteMe'
" Themes and stuff
Plugin 'joshdick/onedark.vim'
Plugin 'vim-airline/vim-airline'
Plugin 'vim-airline/vim-airline-themes'
" HTML shortcuts
Plugin 'rstacruz/sparkup'
" Prettier
Plugin 'prettier/vim-prettier'
" TypeScript
" Syntax Highlighting
Plugin 'leafgarland/typescript-vim'
" Code completion, navigate, show where symbol is referenced, etc...
Plugin 'Quramy/tsuquyomi'
" Syntax Highlighting for template strings
Plugin 'Quramy/vim-js-pretty-template'
" All of your Plugins must be added before the following line
call vundle#end() " required
filetype plugin indent on " required
" To ignore plugin indent changes, instead use:
"filetype plugin on
"
" Brief help
" :PluginList - lists configured plugins
" :PluginInstall - installs plugins; append `!` to update or just :PluginUpdate
" :PluginSearch foo - searches for foo; append `!` to refresh local cache
" :PluginClean - confirms removal of unused plugins; append `!` to auto-approve removal
"
" see :h vundle for more details or wiki for FAQ
" Put your non-Plugin stuff after this line
" Encoding
set encoding=utf-8
" Cursor
autocmd InsertEnter * set cul
autocmd InsertLeave * set nocul
" Line numbers
set relativenumber
set number
" Whitespace stuff
set nowrap
set tabstop=2
set shiftwidth=2
set softtabstop=2
set expandtab
set list listchars=tab:\ \ ,trail
" Searching
set hlsearch
set incsearch
set ignorecase
set smartcase
" Tab completion
set wildmode=list:longest,list:full
set wildignore+=*.o,*.obj,.git,*.rbc,*.class,.svn,vendor/gems/*
" Directories for swp files
set directory=~/.vim/swap//
set backupdir=~/.vim/backup//
set backupdir=~/.vim/undo//
" Color Scheme
set t_Co=256
set background=dark
colorscheme PaperColor
let g:airline_theme='papercolor'
" Syntastic
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_javascript_checkers = ['eslint']
let g:syntastic_javascript_eslint_exe = 'eslint .'
" Key Mappings
" NERDTree Hotkey
map <silent> <C-o> :NERDTreeFocus<CR>
" CtrlP
let g:ctrlp_custom_ignore = 'node_modules\|DS_Store\|git'
" Auto file reload
" Triger `autoread` when files changes on disk
" https://unix.stackexchange.com/questions/149209/refresh-changed-content-of-file-opened-in-vim/383044#383044
" https://vi.stackexchange.com/questions/13692/prevent-focusgained-autocmd-running-in-command-line-editing-mode
autocmd FocusGained,BufEnter,CursorHold,CursorHoldI * if mode() != 'c' | checktime | endif
" Notification after file change
" https://vi.stackexchange.com/questions/13091/autocmd-event-for-autoread
autocmd FileChangedShellPost *
\ echohl WarningMsg | echo "File changed on disk. Buffer reloaded." | echohl None

5
grocy-docker/.dockerignore Normal file
View File

@ -0,0 +1,5 @@
.git
.vscode
.DS_store
Dockerfile-grocy
Dockerfile-grocy-nginx

1
grocy-docker/.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
Dockerfile-* linguist-language=Dockerfile

28
grocy-docker/.github/workflows/build-docker.yml vendored Normal file
View File

@ -0,0 +1,28 @@
name: Docker Image CI
on:
push:
tags:
- 'v*'
jobs:
build_and_push_latest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build docker-compose latest
run: GITHUB_API_TOKEN='${{ secrets.GITHUB_TOKEN }}' docker-compose build
- name: Push latest image
run: GITHUB_API_TOKEN='${{ secrets.GITHUB_TOKEN }}' docker-compose build
- name: Build docker-compose tag
run: GITHUB_API_TOKEN='${{ secrets.GITHUB_TOKEN }}' GROCY_IMAGE_TAG="$(git describe --abbrev=0 --tags)" docker-compose build
- name: Push tag
run: docker-compose push

1
grocy-docker/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
node_modules

98
grocy-docker/CHANGELOG.md Normal file
View File

@ -0,0 +1,98 @@
# Changelog
## [v3.0.0-2] - 2021-01-02
### Added
- Docker Hub container upload automation using GitHub Actions
### Changed
- Supply PHP EXIF and LDAP library dependencies at build-time
- [Minor] Update snyk vulnerability scan
- [Minor] Refresh package-lock.json version, and remove container version suffix
- Run vulnerability scans using 'latest' container image tag
## [v3.0.0-1] - 2020-12-22
### Changed
- Upgrade to grocy release v3.0.0
## [v2.7.1-5] - 2020-12-22
### Changed
- Rebuild container images with new Alpine 3.12.3 release
## [v2.7.1-4] - 2020-09-02
### Changed
- Perform `apk update` prior to Alpine Linux package installation
- Rebuild container images with new Alpine 3.12.0 release
## [v2.7.1-3] - 2020-04-27
### Changed
- Rebuild container images with new Alpine 3.11.6 release
## [v2.7.1-2] - 2020-04-21
### Changed
- Rebuild nginx image with new Alpine 'openssl' package
- Was: 'OpenSSL 1.1.1d 10 Sep 2019'
- Now: 'OpenSSL 1.1.1g 21 Apr 2020 (Library: OpenSSL 1.1.1d 10 Sep 2019)'
## [v2.7.1-1] - 2020-04-18
### Added
- Upgrade to grocy release v2.7.1
## [v2.7.0-1] - 2020-04-17
### Added
- Upgrade to grocy release v2.7.0
## [v2.6.2-4] - 2020-04-07
### Removed
- Shared 'www-static' volume
## [v2.6.2-3] - 2020-04-06
### Changed
- Introduced a handful of Docker Hub image best-practices
## [v2.6.2-2] - 2020-04-04
### Changed
- Pull in upstream grocy v2.6.2 fix
## [v2.6.2-1] - 2020-04-04
### Changed
- Ensure that the application is bound to 127.0.0.1 by default
## [v2.6.2] - 2020-04-03
### Added
- Upgrade to grocy release v2.6.2
- Support for GitHub API tokens at build-time
- Log volumes added for grocy and nginx
- Optional support for OCI image builds
### Changed
- Breaking change: Image names are now: grocy/nginx, grocy/grocy
- Breaking change: Application database volume contents and name updated
- Image filesystems are read-only

89
grocy-docker/Dockerfile-grocy Normal file
View File

@ -0,0 +1,89 @@
FROM alpine:3.12.3
LABEL maintainer "Talmai Oliveira <to@talm.ai>, James Addison <jay@jp-hosting.net>"
ARG GROCY_VERSION
# Optionally authenticate with GitHub using an API token
#
# This can reduce instances of download rate limiting by GitHub
# https://developer.github.com/v3/#rate-limiting
#
# This value is *not* assigned to a variable using the ENV instruction,
# since those variables are persisted in the resulting image and could leak
# developer credentials
# https://docs.docker.com/engine/reference/builder/#env
ARG GITHUB_API_TOKEN
# ensure www-data user exists
RUN set -eux; \
addgroup -g 82 -S www-data; \
adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/lighttpd/lighttpd.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install?h=3.9-stable
# Install build-time dependencies
RUN apk update && \
apk add --no-cache \
composer \
git \
gnupg \
wget
# Install system dependencies
RUN apk add --no-cache \
php7-ctype \
php7-fpm \
php7-exif \
php7-fileinfo \
php7-gd \
php7-iconv \
php7-json \
php7-ldap \
php7-pdo_sqlite \
php7-simplexml \
php7-tokenizer
# Configure directory permissions
RUN chown www-data /var/log/php7 && \
mkdir /var/www && \
chown www-data /var/www
COPY docker_grocy/www.conf /etc/php7/php-fpm.d/zz-docker.conf
# Install application dependencies (unprivileged)
USER www-data
WORKDIR /var/www
# Extract application release package
ENV GROCY_RELEASE_KEY_URI="https://berrnd.de/data/Bernd_Bestel.asc"
RUN set -o pipefail && \
export GNUPGHOME=$(mktemp -d) && \
wget ${GROCY_RELEASE_KEY_URI} -O - | gpg --batch --import && \
git clone --branch ${GROCY_VERSION} --config advice.detachedHead=false --depth 1 "https://github.com/grocy/grocy.git" . && \
git verify-commit ${GROCY_VERSION} && \
rm -rf ${GNUPGHOME} && \
mkdir data/viewcache && \
cp config-dist.php data/config.php
# Install application dependencies
RUN COMPOSER_OAUTH=${GITHUB_API_TOKEN:+"\"github.com\": \"${GITHUB_API_TOKEN}\""} && \
COMPOSER_AUTH="{\"github-oauth\": { ${COMPOSER_OAUTH} }}" composer install --no-interaction --no-dev --optimize-autoloader && \
composer clear-cache
# Remove build-time dependencies (privileged)
USER root
RUN apk del \
composer \
git \
gnupg \
wget
VOLUME ["/var/www/data"]
EXPOSE 9000
USER www-data
CMD ["php-fpm7"]

73
grocy-docker/Dockerfile-grocy-nginx Normal file
View File

@ -0,0 +1,73 @@
FROM alpine:3.12.3
LABEL maintainer "Talmai Oliveira <to@talm.ai>, James Addison <jay@jp-hosting.net>"
ARG GROCY_VERSION
# Install build-time dependencies
RUN apk add --no-cache \
openssl \
git \
gnupg \
wget \
yarn
# Install system dependencies
RUN apk update && \
apk add --no-cache \
nginx
# Generate TLS certificates
RUN openssl req \
-x509 \
-newkey rsa:2048 \
-keyout /etc/ssl/private/grocy-nginx.key \
-out /etc/ssl/private/grocy-nginx.crt \
-days 365 \
-nodes \
-subj /CN=localhost && \
chown nginx /etc/ssl/private/grocy-nginx.key && \
chown nginx /etc/ssl/private/grocy-nginx.crt
# Configure directory permissions
RUN chown -R nginx /var/log/nginx && \
rm -rf /var/www/localhost && \
chown nginx /var/www
COPY docker_nginx/nginx.conf /etc/nginx/nginx.conf
COPY docker_nginx/common.conf /etc/nginx/common.conf
COPY docker_nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
COPY docker_nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf
# Install application dependencies (unprivileged)
USER nginx
WORKDIR /var/www
# Extract application release package
ENV GROCY_RELEASE_KEY_URI="https://berrnd.de/data/Bernd_Bestel.asc"
RUN set -o pipefail && \
export GNUPGHOME=$(mktemp -d) && \
wget ${GROCY_RELEASE_KEY_URI} -O - | gpg --batch --import && \
git clone --branch ${GROCY_VERSION} --config advice.detachedHead=false --depth 1 "https://github.com/grocy/grocy.git" . && \
git verify-commit ${GROCY_VERSION} && \
rm -rf ${GNUPGHOME}
# Install application dependencies
RUN yarn install --modules-folder /var/www/public/node_modules --production && \
yarn cache clean
# Remove build-time dependencies (privileged)
USER root
RUN apk del \
openssl \
git \
gnupg \
wget \
yarn
VOLUME ["/var/log/nginx"]
EXPOSE 8080 8443
USER nginx
CMD ["nginx", "-g", "daemon off;"]

21
grocy-docker/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

38
grocy-docker/Makefile Normal file
View File

@ -0,0 +1,38 @@
.PHONY: build pod grocy nginx
GROCY_VERSION = v3.0.0
IMAGE_COMMIT := $(shell git rev-parse --short HEAD)
IMAGE_TAG := $(strip $(if $(shell git status --porcelain --untracked-files=no), "${IMAGE_COMMIT}-dirty", "${IMAGE_COMMIT}"))
build: pod grocy nginx
podman run \
--add-host grocy:127.0.0.1 \
--detach \
--env-file grocy.env \
--name grocy \
--pod grocy-pod \
--read-only \
--volume /var/log/php7 \
--volume app-db:/var/www/data \
grocy:${IMAGE_TAG}
podman run \
--add-host grocy:127.0.0.1 \
--detach \
--name nginx \
--pod grocy-pod \
--read-only \
--tmpfs /tmp \
--volume /var/log/nginx \
nginx:${IMAGE_TAG}
pod:
podman pod rm -f grocy-pod || true
podman pod create --name grocy-pod --publish 127.0.0.1:8080:8080
grocy:
podman image exists $@:${IMAGE_TAG} || buildah bud --build-arg GITHUB_API_TOKEN=${GITHUB_API_TOKEN} --build-arg GROCY_VERSION=${GROCY_VERSION} -f Dockerfile-grocy -t $@:${IMAGE_TAG} .
podman tag $@:${IMAGE_TAG} $@:latest
nginx:
podman image exists $@:${IMAGE_TAG} || buildah bud --build-arg GROCY_VERSION=${GROCY_VERSION} -f Dockerfile-grocy-nginx -t $@:${IMAGE_TAG} .
podman tag $@:${IMAGE_TAG} $@:latest

76
grocy-docker/README.md Normal file
View File

@ -0,0 +1,76 @@
# grocy-docker
ERP beyond your fridge - now containerized!
This repository includes container build infrastructure for [grocy](https://github.com/grocy/grocy).
[![Docker Pulls](https://img.shields.io/docker/pulls/grocy/grocy.svg)](https://hub.docker.com/r/grocy/grocy/)
[![Docker Stars](https://img.shields.io/docker/stars/grocy/grocy.svg)](https://hub.docker.com/r/grocy/grocy/)
## Prerequisites
Follow [these instructions](https://docs.docker.com/install/) to get Docker running on your server.
## Quickstart
To get started using pre-built [Docker Hub grocy images](https://hub.docker.com/u/grocy), run the following commands:
```sh
docker-compose pull
docker-compose up
```
The grocy application should now be accessible locally to the server:
- [http://localhost](http://localhost)
- [https://localhost](https://localhost)
Since the images contain self-signed certificates, your browser may display a warning when visiting the HTTPS URL.
### Configuration
The grocy application reads configuration settings from environment variables prefixed by `GROCY_`.
Runtime environment variables are read by `docker-compose` from the [grocy.env](grocy.env) file in this directory.
The default login credentials are username `admin` and password `admin`; please change these before providing end-user access to your deployment.
#### Demo Mode
To run the container in demo mode, override the `GROCY_MODE` environment variable at application run-time:
```sh
GROCY_MODE=demo docker-compose up
```
### Build
#### Docker Images
```sh
docker-compose build
```
Note: if you experience build failures as a result of GitHub API [rate limiting](https://developer.github.com/v3/#rate-limiting), you may optionally provide a GitHub API key (preferably restricted to `read:packages` scope) at build-time:
```sh
GITHUB_API_TOKEN='your-token-here' docker-compose build
```
### Vulnerability Scans
Support is provided for running image vulnerability scans using the [snyk](https://www.npmjs.com/package/snyk) CLI tool.
This requires authentication with [Snyk](https://snyk.io/) during the vulnerability scanning process.
You can read more about Snyk's vulnerability database [here](https://support.snyk.io/hc/en-us/articles/360003968978-How-efficient-is-our-Vulnerability-Database-).
To perform a vulnerability scan, use the following command:
```sh
npm run test
```
#### OCI Images
Optional support for building [opencontainer](https://www.opencontainers.org/) images is available via the [Makefile](Makefile) provided.

6
grocy-docker/docker_grocy/www.conf Normal file
View File

@ -0,0 +1,6 @@
[global]
daemonize = no
[www]
clear_env = no
listen = 9000

20
grocy-docker/docker_nginx/common.conf Normal file
View File

@ -0,0 +1,20 @@
charset utf-8;
location / {
try_files $uri /index.php$is_args$query_string;
}
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
fastcgi_pass grocy:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}

8
grocy-docker/docker_nginx/conf.d/default.conf Normal file
View File

@ -0,0 +1,8 @@
server {
listen 8080 default_server;
server_name _;
root /var/www/public; # see: volumes_from
include /etc/nginx/common.conf;
}

11
grocy-docker/docker_nginx/conf.d/ssl.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 8443 ssl;
server_name _;
root /var/www/public; # see: volumes_from
ssl_certificate /etc/ssl/private/grocy-nginx.crt;
ssl_certificate_key /etc/ssl/private/grocy-nginx.key;
include /etc/nginx/common.conf;
}

33
grocy-docker/docker_nginx/nginx.conf Normal file
View File

@ -0,0 +1,33 @@
worker_processes auto;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
# Basic mime type configuration
include mime.types;
default_type application/octet-stream;
# Configuration related to client connections and content upload
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 50M;
# Write nginx temporary files to /tmp in order to run in rootless configuration
# See: https://hub.docker.com/_/nginx/
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Enable compression for application content
gzip on;
gzip_types application/javascript application/json application/octet-stream application/pdf font/woff font/woff2 image/gif image/jpeg image/png image/webp image/x-icon text/css;
include /etc/nginx/conf.d/*.conf;
}

41
grocy-docker/grocy.env Normal file
View File

@ -0,0 +1,41 @@
# Grocy Environment Variables
# These environment variables affect PHP and the grocy application
# For a full list of grocy settings, see config-dist.php in the main grocy repo:
#
# https://github.com/grocy/grocy/blob/master/config-dist.php
#
# Grocy application settings must be prefixed with 'GROCY_'.
#
# For example, if we'd like to configure grocy to use Euros (EUR):
#
# Setting('CURRENCY', 'USD');
#
# Then we would set GROCY_CURRENCY=EUR
## User-supplied Variables
# These are environment variables that may be supplied by the user
# No values are supplied for these as part of this distribution
# When you're ready to deploy grocy in production, set GROCY_MODE=production
# to enable user authentication
GROCY_MODE
## Distribution-supplied Variables
# These are 'sensible defaults' provided as part of the grocy-docker
# distribution.
# GROCY_CULTURE configures localization of the grocy application
# Supported locales: https://github.com/grocy/grocy/tree/master/localization
GROCY_CULTURE=en
# PHP Environment variables
MAX_UPLOAD=50M
PHP_MAX_FILE_UPLOAD=200
PHP_MAX_POST=100M
PHP_MEMORY_LIMIT=512M

8700
grocy-docker/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

35
grocy-docker/package.json Normal file
View File

@ -0,0 +1,35 @@
{
"name": "grocy-docker",
"version": "3.0.0",
"description": "ERP beyond your fridge - now containerized",
"main": ".",
"scripts": {
"build": "docker-compose build",
"test": "npm run build && npm run test:grocy && npm run test:nginx",
"test:grocy": "npx snyk test --docker grocy/grocy:latest --file=Dockerfile-grocy-nginx",
"test:nginx": "npx snyk test --docker grocy/nginx:latest --file=Dockerfile-grocy-nginx"
},
"repository": {
"type": "git",
"url": "git+https://github.com/grocy/grocy-docker.git"
},
"keywords": [
"self-hosted",
"food",
"home",
"erp",
"groceries",
"ownyourdata",
"docker",
"grocy"
],
"author": "Talmai Oliveira <to@talm.ai>, James Addison <jay@jp-hosting.net>",
"license": "MIT",
"bugs": {
"url": "https://github.com/grocy/grocy-docker/issues"
},
"homepage": "https://github.com/grocy/grocy-docker#readme",
"devDependencies": {
"snyk": "^1.437.3"
}
}