add fail2ban as example container for testing purposes

Signed-off-by: Simon L <szaimen@e.mail.de>
2025-12-19 22:16:49 +00:00 · 2023-05-31 12:00:44 +02:00 · 2023-05-31 12:00:44 +02:00 · f221ab7655
commit f221ab7655
parent c320da2b0e
6 changed files with 41 additions and 3 deletions
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@ -23,3 +23,11 @@ jobs:
          sudo apt-get install python3-pip -y --no-install-recommends
          sudo pip3 install json-spec
          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
+          JSON_FILES="$(find ./community-containers -name '*.json')"
+          mapfile -t JSON_FILES <<< "$JSON_FILES"
+          for file in "${JSON_FILES[@]}"; do
+            json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
+          done
+          if grep "Exception: document does not validate with schema." ./json-validator.log; then
+            exit 1
+          fi
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@ -0,0 +1,26 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-fail2ban",
+            "display_name": "Fail2ban",
+            "image": "szaimen/aio-fail2ban",
+            "image_tag": "%AIO_CHANNEL%",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "cap_add": [
+                "NET_ADMIN",
+                "NET_RAW"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_nextcloud",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ]
+        }
+    ]
+}
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@ -0,0 +1 @@
+This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@ -0,0 +1 @@
+## This is a WIP and not working yet!
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@ -39,7 +39,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z ]+$"
+						"pattern": "^[A-Za-z 0-9]+$"
 					},
 					"environment": {
 						"type": "array",
@ -51,7 +51,7 @@
 					},
 					"container_name": {
 						"type": "string",
-						"pattern": "^nextcloud-aio-[a-z-]+$"
+						"pattern": "^nextcloud-aio-[a-z-0-9]+$"
 					},
 					"internal_port": {
 						"type": "string",
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -477,7 +477,9 @@ class DockerActionManager
        }

        // Disable arp spoofing
+        if (!in_array('NET_RAW', $capAdds, true)) {
            $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+        }

        if ($container->isApparmorUnconfined()) {
            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
				`@ -0,0 +1 @@`
				`This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.`