From 1202a8c1a038c08a525ab3c8203fb85b1838c4c4 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 20:31:04 -0400 Subject: [PATCH 1/7] remove chown --- scripts/services/Mistborn-base.service | 2 +- scripts/services/Mistborn-bitwarden.service | 2 +- scripts/services/Mistborn-homeassistant.service | 2 +- scripts/services/Mistborn-jellyfin.service | 2 +- scripts/services/Mistborn-nextcloud.service | 2 +- scripts/services/Mistborn-onlyoffice.service | 2 +- scripts/services/Mistborn-raspap.service | 2 +- scripts/services/Mistborn-rocketchat.service | 2 +- scripts/services/Mistborn-syncthing.service | 2 +- scripts/services/Mistborn-tor.service | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index c1a1929..7ba4bd6 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down -ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build ExecStartPre=/bin/systemctl stop systemd-resolved ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 32d505b..3653b5c 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index 65170b4..3281da7 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index d7c4a58..6f2b67a 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index 1556361..3324467 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 0c68952..521394c 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service index 80169c0..83d4b92 100644 --- a/scripts/services/Mistborn-raspap.service +++ b/scripts/services/Mistborn-raspap.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index eaa8c53..779c952 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index 3127e9d..fb9c3e7 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP # Start container when unit is started diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index a111822..d940e1b 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build From fb2d8693bff59736baebd509f61cf525e0dbd6d1 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 20:36:58 -0400 Subject: [PATCH 2/7] adding gitlab-ci --- .gitlab-ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..72ab85f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,22 @@ +image: docker:latest + +services: + - docker:dind + +variables: + GIT_SUBMODULE_STRATEGY: "recursive" + +before_script: + - apk add docker-compose + - docker info + - docker-compose --version + +#include: +# - template: Code-Quality.gitlab-ci.yml + +test: + stage: test + script: + - docker-compose -f base.yml pull + - docker-compose -f base.yml build + From 835dbd24a38ff11863390cc8316d623a4a8685c5 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 20:40:39 -0400 Subject: [PATCH 3/7] gen prod env --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72ab85f..8612de5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,7 @@ before_script: test: stage: test script: + - scripts/subinstallers/gen_prod_env.sh "default_password" - docker-compose -f base.yml pull - docker-compose -f base.yml build From 58a71b7fac1d2f424de31051337a99fc7ee51cb5 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 20:46:21 -0400 Subject: [PATCH 4/7] build only --- .gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8612de5..48e09ec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,6 +18,5 @@ test: stage: test script: - scripts/subinstallers/gen_prod_env.sh "default_password" - - docker-compose -f base.yml pull - docker-compose -f base.yml build From 30df776259060b4b5707acedd6449629b9670303 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 20:54:35 -0400 Subject: [PATCH 5/7] www-data for nextcloud --- scripts/services/Mistborn-base.service | 2 +- scripts/services/Mistborn-bitwarden.service | 2 +- scripts/services/Mistborn-homeassistant.service | 2 +- scripts/services/Mistborn-jellyfin.service | 2 +- scripts/services/Mistborn-nextcloud.service | 4 ++-- scripts/services/Mistborn-onlyoffice.service | 2 +- scripts/services/Mistborn-raspap.service | 2 +- scripts/services/Mistborn-rocketchat.service | 2 +- scripts/services/Mistborn-syncthing.service | 2 +- scripts/services/Mistborn-tor.service | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index 7ba4bd6..c1a1929 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down -#ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build ExecStartPre=/bin/systemctl stop systemd-resolved ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 3653b5c..32d505b 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index 3281da7..65170b4 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index 6f2b67a..d7c4a58 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index 3324467..0b70d42 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -5,12 +5,12 @@ After=Mistborn-base.service [Service] Restart=always -User=root +User=www-data Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 521394c..0c68952 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service index 83d4b92..80169c0 100644 --- a/scripts/services/Mistborn-raspap.service +++ b/scripts/services/Mistborn-raspap.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index 779c952..eaa8c53 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index fb9c3e7..3127e9d 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP # Start container when unit is started diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index d940e1b..a111822 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build From e3eb14d9e298c6305325f10c1051690fb4cab895 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 21:35:11 -0400 Subject: [PATCH 6/7] remove chown --- scripts/services/Mistborn-base.service | 2 +- scripts/services/Mistborn-bitwarden.service | 2 +- scripts/services/Mistborn-homeassistant.service | 2 +- scripts/services/Mistborn-jellyfin.service | 2 +- scripts/services/Mistborn-nextcloud.service | 2 +- scripts/services/Mistborn-onlyoffice.service | 2 +- scripts/services/Mistborn-raspap.service | 2 +- scripts/services/Mistborn-rocketchat.service | 2 +- scripts/services/Mistborn-syncthing.service | 2 +- scripts/services/Mistborn-tor.service | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index c1a1929..7ba4bd6 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down -ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build ExecStartPre=/bin/systemctl stop systemd-resolved ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 32d505b..3653b5c 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index 65170b4..3281da7 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index d7c4a58..6f2b67a 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index 0b70d42..61992cd 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 0c68952..521394c 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service index 80169c0..83d4b92 100644 --- a/scripts/services/Mistborn-raspap.service +++ b/scripts/services/Mistborn-raspap.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index eaa8c53..779c952 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index 3127e9d..fb9c3e7 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP # Start container when unit is started diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index a111822..d940e1b 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ +#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build From 7129c39eee15242088a7c3c3186b44c5b2373095 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Mon, 9 Mar 2020 23:05:38 -0400 Subject: [PATCH 7/7] removing chown line --- scripts/services/Mistborn-base.service | 2 +- scripts/services/Mistborn-bitwarden.service | 2 +- scripts/services/Mistborn-homeassistant.service | 2 +- scripts/services/Mistborn-jellyfin.service | 2 +- scripts/services/Mistborn-nextcloud.service | 2 +- scripts/services/Mistborn-onlyoffice.service | 2 +- scripts/services/Mistborn-raspap.service | 2 +- scripts/services/Mistborn-rocketchat.service | 2 +- scripts/services/Mistborn-syncthing.service | 2 +- scripts/services/Mistborn-tor.service | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index 7ba4bd6..f8ff21a 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down -#ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ + ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build ExecStartPre=/bin/systemctl stop systemd-resolved ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 3653b5c..49c144d 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index 3281da7..f1a0d4d 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index 6f2b67a..86d1315 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index 61992cd..6a9302c 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 521394c..421912e 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service index 83d4b92..2f3faec 100644 --- a/scripts/services/Mistborn-raspap.service +++ b/scripts/services/Mistborn-raspap.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index 779c952..e99e307 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index fb9c3e7..9dcfbbf 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP # Start container when unit is started diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index d940e1b..c67fb85 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -#ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build