99 lines
3.8 KiB
Docker
99 lines
3.8 KiB
Docker
FROM alpine:edge
|
|
|
|
EXPOSE 22 80 443
|
|
|
|
# 1. common tools
|
|
# 2. programing languages
|
|
# 3. icinga2 stuff
|
|
# 4. letsencrypt deps
|
|
ENV POSTGRES_VERSION=9.5.2-r1
|
|
RUN apk add --no-cache --update \
|
|
bind-tools tcpdump openssh lsof curl wget git mercurial strace tmux vim rsync htop bash openssl \
|
|
ruby python go build-base \
|
|
nginx postgresql==$POSTGRES_VERSION icinga2 icinga2-bash-completion icingaweb2 icingaweb2-bash-completion nagios-plugins \
|
|
py-requests py-setuptools && \
|
|
mkdir -p /run/nginx
|
|
|
|
# sshd
|
|
RUN /usr/bin/ssh-keygen -A && \
|
|
sed -i -e "s!/root:/bin/ash!/root/:bin/bash!" /etc/passwd
|
|
|
|
## temporary keys until letsencrypt certificate is generated
|
|
RUN mkdir -p /etc/ssl/letsencrypt/nginx /etc/ssl/letsencrypt/influxdb && \
|
|
cd /etc/ssl/letsencrypt && \
|
|
openssl req -subj "/C=DE/ST=Saxony/L=Dresden/O=Evenet/OU=IT Department/CN=higgsboson.tk" \
|
|
-nodes -x509 -newkey rsa:2048 -keyout nginx/key.pem -out nginx/fullchain.pem -days 5 && \
|
|
cat nginx/key.pem nginx/fullchain.pem > influxdb/combined.pem
|
|
|
|
## S6 supervisor
|
|
RUN curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v1.17.2.0/s6-overlay-amd64.tar.gz | tar -xzf - -C /
|
|
ENTRYPOINT ["/init"]
|
|
|
|
ENV INFLUXDB_VERSION=0.12.2
|
|
## Influxdb
|
|
RUN export GOPATH=/tmp/go \
|
|
&& mkdir -p /etc/influxdb/ $GOPATH/src/github.com/influxdata \
|
|
&& curl -sSL https://github.com/influxdata/influxdb/archive/v${INFLUXDB_VERSION}.tar.gz | tar -xzf - -C /tmp \
|
|
&& mv /tmp/influxdb-* $GOPATH/src/github.com/influxdata/influxdb \
|
|
&& cd $GOPATH/src/github.com/influxdata/influxdb \
|
|
&& go get github.com/sparrc/gdm \
|
|
&& export PATH=$GOPATH/bin:$PATH \
|
|
&& gdm restore \
|
|
&& go install ./... \
|
|
&& cp $GOPATH/bin/influx* /usr/bin/ \
|
|
&& rm -rf $GOPATH \
|
|
&& addgroup -g 1001 influxdb \
|
|
&& adduser -h /var/lib/influxdb -u 1001 -G influxdb -D influxdb \
|
|
&& mkdir -p /backup/influxdb
|
|
|
|
## Grafana
|
|
RUN apk add --no-cache nodejs \
|
|
&& export GOPATH=/tmp/go \
|
|
&& mkdir -p /opt/grafana/conf $GOPATH/src/github.com/grafana/ \
|
|
&& curl -sSL https://github.com/grafana/grafana/archive/v3.0.0-beta6.tar.gz | tar -xzf - -C /tmp \
|
|
&& mv /tmp/grafana-* $GOPATH/src/github.com/grafana/grafana \
|
|
&& cd $GOPATH/src/github.com/grafana/grafana \
|
|
&& npm install \
|
|
&& npm install -g grunt-cli \
|
|
&& grunt \
|
|
&& npm uninstall -g grunt-cli \
|
|
&& apk del --purge nodejs \
|
|
&& go run build.go setup \
|
|
&& $GOPATH/bin/godep restore \
|
|
&& go run build.go build \
|
|
&& mkdir -p /usr/share/grafana/conf \
|
|
&& cp -a bin/grafana-server bin/grafana-cli /usr/bin/ \
|
|
&& cp -ra public_gen /usr/share/grafana/public \
|
|
&& cp conf/sample.ini /etc/grafana.ini \
|
|
&& cp conf/defaults.ini /usr/share/grafana/conf/defaults.ini \
|
|
&& rm -rf $GOPATH /root/.npm* \
|
|
&& addgroup -g 1002 grafana \
|
|
&& adduser -h /usr/share/grafana -u 1002 -G grafana -D grafana
|
|
|
|
## simp_le
|
|
RUN apk --no-cache add libffi-dev python-dev openssl-dev && \
|
|
curl -sSL https://github.com/kuba/simp_le/archive/master.tar.gz | tar -xzf - -C /tmp && \
|
|
cd /tmp/simp_le-master && \
|
|
python ./setup.py install && \
|
|
rm -rf /tmp/simp_le-master && apk del git py-pip libffi-dev python-dev openssl-dev && \
|
|
echo "3 10 * * * /usr/bin/update-certs" >> /etc/crontabs/root
|
|
|
|
## postgres
|
|
RUN mkdir -p /backup/postgresql /var/lib/postgresql/data
|
|
|
|
RUN icinga2 feature enable ido-pgsql graphite api checker command notification perfdata
|
|
|
|
VOLUME ["/var/lib/influxdb/data", \
|
|
"/var/lib/influxdb/meta", \
|
|
"/var/lib/postgresql/", \
|
|
"/var/lib/grafana", \
|
|
"/etc/icinga2", \
|
|
"/var/lib/icinga2", \
|
|
"/etc/icingaweb2", \
|
|
"/usr/share/icingaweb2", \
|
|
"/etc/ssmtp", \
|
|
"/backup"]
|
|
ADD . /
|
|
RUN chown 400 /etc/secrets && . /etc/secrets && \
|
|
sed -i -e "s/admin_password = replaceme/admin_password = $GRAFANA_PASSWORD/" /etc/grafana.ini
|