eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

add fail2ban as example container for testing purposes

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-05-31 12:00:44 +02:00
parent c320da2b0e
commit f221ab7655
6 changed files with 41 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/json-validator.yml vendored
View file

@ -23,3 +23,11 @@ jobs:
sudo apt-get install python3-pip -y --no-install-recommends sudo apt-get install python3-pip -y --no-install-recommends
sudo pip3 install json-spec sudo pip3 install json-spec
json validate --schema-file=php/containers-schema.json --document-file=php/containers.json json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
JSON_FILES="$(find ./community-containers -name '*.json')"
mapfile -t JSON_FILES <<< "$JSON_FILES"
for file in "${JSON_FILES[@]}"; do
json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
done
if grep "Exception: document does not validate with schema." ./json-validator.log; then
exit 1
fi

26
community-containers/fail2ban/fail2ban.json Normal file
View file

@ -0,0 +1,26 @@
{
"aio_services_v1": [
{
"container_name": "nextcloud-aio-fail2ban",
"display_name": "Fail2ban",
"image": "szaimen/aio-fail2ban",
"image_tag": "%AIO_CHANNEL%",
"internal_port": "host",
"restart": "unless-stopped",
"cap_add": [
"NET_ADMIN",
"NET_RAW"
],
"environment": [
"TZ=%TIMEZONE%"
],
"volumes": [
{
"source": "nextcloud_aio_nextcloud",
"destination": "/nextcloud",
"writeable": false
}
]
}
]
}

1
community-containers/fail2ban/readme.md Normal file
View file

@ -0,0 +1 @@
This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.

1
community-containers/readme.md Normal file
View file

@ -0,0 +1 @@
## This is a WIP and not working yet!

4
php/containers-schema.json
View file

@ -39,7 +39,7 @@
}, },
"display_name": { "display_name": {
"type": "string", "type": "string",
"pattern": "^[A-Za-z ]+$" "pattern": "^[A-Za-z 0-9]+$"
}, },
"environment": { "environment": {
"type": "array", "type": "array",
@ -51,7 +51,7 @@
}, },
"container_name": { "container_name": {
"type": "string", "type": "string",
"pattern": "^nextcloud-aio-[a-z-]+$" "pattern": "^nextcloud-aio-[a-z-0-9]+$"
}, },
"internal_port": { "internal_port": {
"type": "string", "type": "string",

2
php/src/Docker/DockerActionManager.php
View file

@ -477,7 +477,9 @@ class DockerActionManager
} }
// Disable arp spoofing // Disable arp spoofing
if (!in_array('NET_RAW', $capAdds, true)) {
$requestBody['HostConfig']['CapDrop'] = ['NET_RAW']; $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
}
if ($container->isApparmorUnconfined()) { if ($container->isApparmorUnconfined()) {
$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"]; $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];