diff --git a/docker-compose.aur-dev.yml b/docker-compose.aur-dev.yml index 62109deb..ab4ff124 100644 --- a/docker-compose.aur-dev.yml +++ b/docker-compose.aur-dev.yml @@ -3,7 +3,7 @@ version: "3.8" services: ca: volumes: - - cache:/cache + - data:/data memcached: restart: always @@ -23,13 +23,12 @@ services: volumes: - ${GIT_DATA_DIR}:/aurweb/aur.git - ./data:/aurweb/data - - cache:/cache smartgit: restart: always volumes: - ${GIT_DATA_DIR}:/aurweb/aur.git - - cache:/cache + - data:/data - smartgit_run:/var/run/smartgit cgit-php: @@ -48,7 +47,7 @@ services: - AURWEB_PHP_PREFIX=${AURWEB_PHP_PREFIX} - AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX} volumes: - - cache:/cache + - data:/data fastapi: restart: always @@ -60,13 +59,13 @@ services: - AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX} - PROMETHEUS_MULTIPROC_DIR=/tmp_prometheus volumes: - - cache:/cache + - data:/data nginx: restart: always volumes: - ${GIT_DATA_DIR}:/aurweb/aur.git - - cache:/cache + - data:/data - logs:/var/log/nginx - smartgit_run:/var/run/smartgit @@ -75,5 +74,5 @@ volumes: mariadb_data: {} # Share /var/lib/mysql git_data: {} # Share aurweb/aur.git smartgit_run: {} - cache: {} + data: {} logs: {} diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 7349ac66..eae12a92 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -8,17 +8,17 @@ services: ca: volumes: - - ./cache:/cache + - ./data:/data git: volumes: - git_data:/aurweb/aur.git - - ./cache:/cache + - ./data:/aurweb/data smartgit: volumes: - git_data:/aurweb/aur.git - - ./cache:/cache + - ./data:/data - smartgit_run:/var/run/smartgit depends_on: mariadb: @@ -26,7 +26,7 @@ services: php-fpm: volumes: - - ./cache:/cache + - ./data:/data - ./aurweb:/aurweb/aurweb - ./migrations:/aurweb/migrations - ./test:/aurweb/test @@ -37,7 +37,7 @@ services: fastapi: volumes: - - ./cache:/cache + - ./data:/data - ./aurweb:/aurweb/aurweb - ./migrations:/aurweb/migrations - ./test:/aurweb/test @@ -49,7 +49,7 @@ services: nginx: volumes: - git_data:/aurweb/aur.git - - ./cache:/cache + - ./data:/data - ./logs:/var/log/nginx - ./web/html:/aurweb/web/html - ./web/template:/aurweb/web/template diff --git a/docker-compose.yml b/docker-compose.yml index 26b7d62c..e3bfacdc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -276,7 +276,7 @@ services: mariadb_test: condition: service_healthy volumes: - - ./cache:/cache + - ./data:/data - ./aurweb:/aurweb/aurweb - ./migrations:/aurweb/migrations - ./test:/aurweb/test @@ -304,7 +304,7 @@ services: - /tmp volumes: - mariadb_test_run:/var/run/mysqld - - ./cache:/cache + - ./data:/data - ./aurweb:/aurweb/aurweb - ./migrations:/aurweb/migrations - ./test:/aurweb/test @@ -330,7 +330,7 @@ services: condition: service_healthy volumes: - mariadb_test_run:/var/run/mysqld - - ./cache:/cache + - ./data:/data - ./aurweb:/aurweb/aurweb - ./migrations:/aurweb/migrations - ./test:/aurweb/test diff --git a/docker/ca-entrypoint.sh b/docker/ca-entrypoint.sh index e95d267c..42d8bd14 100755 --- a/docker/ca-entrypoint.sh +++ b/docker/ca-entrypoint.sh @@ -1,58 +1,58 @@ #!/bin/bash set -eou pipefail -if [ -f /cache/ca.root.pem ]; then +if [ -f /data/ca.root.pem ]; then echo "Already have certs, skipping." exit 0 fi # Generate a new 2048-bit RSA key for the Root CA. -openssl genrsa -des3 -out /cache/ca.key -passout pass:devca 2048 +openssl genrsa -des3 -out /data/ca.key -passout pass:devca 2048 # Request and self-sign a new Root CA certificate, using # the RSA key. Output Root CA PEM-format certificate and key: -# /cache/ca.root.pem and /cache/ca.key.pem +# /data/ca.root.pem and /data/ca.key.pem openssl req -x509 -new -nodes -sha256 -days 1825 \ -passin pass:devca \ -subj "/C=US/ST=California/L=Authority/O=aurweb/CN=localhost" \ - -in /cache/ca.key -out /cache/ca.root.pem -keyout /cache/ca.key.pem + -in /data/ca.key -out /data/ca.root.pem -keyout /data/ca.key.pem # Generate a new 2048-bit RSA key for a localhost server. -openssl genrsa -out /cache/localhost.key 2048 +openssl genrsa -out /data/localhost.key 2048 # Generate a Certificate Signing Request (CSR) for the localhost server # using the RSA key we generated above. -openssl req -new -key /cache/localhost.key -passout pass:devca \ +openssl req -new -key /data/localhost.key -passout pass:devca \ -subj "/C=US/ST=California/L=Server/O=aurweb/CN=localhost" \ - -out /cache/localhost.csr + -out /data/localhost.csr # Get our CSR signed by our Root CA PEM-formatted certificate and key -# to produce a fresh /cache/localhost.cert.pem PEM-formatted certificate. -openssl x509 -req -in /cache/localhost.csr \ - -CA /cache/ca.root.pem -CAkey /cache/ca.key.pem \ +# to produce a fresh /data/localhost.cert.pem PEM-formatted certificate. +openssl x509 -req -in /data/localhost.csr \ + -CA /data/ca.root.pem -CAkey /data/ca.key.pem \ -CAcreateserial \ - -out /cache/localhost.cert.pem \ + -out /data/localhost.cert.pem \ -days 825 -sha256 \ -passin pass:devca \ -extfile /docker/localhost.ext -# Convert RSA key to a PEM-formatted key: /cache/localhost.key.pem -openssl rsa -in /cache/localhost.key -text > /cache/localhost.key.pem +# Convert RSA key to a PEM-formatted key: /data/localhost.key.pem +openssl rsa -in /data/localhost.key -text > /data/localhost.key.pem # At the end here, our notable certificates and keys are: -# - /cache/ca.root.pem -# - /cache/ca.key.pem -# - /cache/localhost.key.pem -# - /cache/localhost.cert.pem +# - /data/ca.root.pem +# - /data/ca.key.pem +# - /data/localhost.key.pem +# - /data/localhost.cert.pem # # When running a server which uses the localhost certificate, a chain # should be used, starting with localhost.cert.pem: -# - cat /cache/localhost.cert.pem /cache/ca.root.pem > localhost.chain.pem +# - cat /data/localhost.cert.pem /data/ca.root.pem > localhost.chain.pem # # The Root CA (ca.root.pem) should be imported into browsers or # ca-certificates on machines wishing to verify localhost. # -chmod 666 /cache/* +chmod 666 /data/* exec "$@" diff --git a/docker/cgit-entrypoint.sh b/docker/cgit-entrypoint.sh index f9ca86c0..a44675e2 100755 --- a/docker/cgit-entrypoint.sh +++ b/docker/cgit-entrypoint.sh @@ -1,7 +1,7 @@ #!/bin/bash set -eou pipefail -mkdir -p /var/cache/cgit +mkdir -p /var/data/cgit cp -vf conf/cgitrc.proto /etc/cgitrc sed -ri "s|clone-prefix=.*|clone-prefix=${CGIT_CLONE_PREFIX}|" /etc/cgitrc diff --git a/docker/nginx-entrypoint.sh b/docker/nginx-entrypoint.sh index a58e67b7..6b9a6954 100755 --- a/docker/nginx-entrypoint.sh +++ b/docker/nginx-entrypoint.sh @@ -5,8 +5,8 @@ set -eou pipefail # user customization of the certificates that FastAPI uses. # Otherwise, fallback to localhost.{cert,key}.pem, generated by `ca`. -CERT=/cache/production.cert.pem -KEY=/cache/production.key.pem +CERT=/data/production.cert.pem +KEY=/data/production.key.pem DEST_CERT=/etc/ssl/certs/web.cert.pem DEST_KEY=/etc/ssl/private/web.key.pem @@ -15,8 +15,8 @@ if [ -f "$CERT" ]; then cp -vf "$CERT" "$DEST_CERT" cp -vf "$KEY" "$DEST_KEY" else - cat /cache/localhost.cert.pem /cache/ca.root.pem > "$DEST_CERT" - cp -vf /cache/localhost.key.pem "$DEST_KEY" + cat /data/localhost.cert.pem /data/ca.root.pem > "$DEST_CERT" + cp -vf /data/localhost.key.pem "$DEST_KEY" fi cp -vf /docker/config/nginx.conf /etc/nginx/nginx.conf diff --git a/docker/scripts/run-fastapi.sh b/docker/scripts/run-fastapi.sh index effc7fe4..ac54aedc 100755 --- a/docker/scripts/run-fastapi.sh +++ b/docker/scripts/run-fastapi.sh @@ -1,15 +1,15 @@ #!/bin/bash -CERT=/cache/localhost.cert.pem -KEY=/cache/localhost.key.pem +CERT=/data/localhost.cert.pem +KEY=/data/localhost.key.pem # If production.{cert,key}.pem exists, prefer them. This allows # user customization of the certificates that FastAPI uses. -if [ -f /cache/production.cert.pem ]; then - CERT=/cache/production.cert.pem +if [ -f /data/production.cert.pem ]; then + CERT=/data/production.cert.pem fi -if [ -f /cache/production.key.pem ]; then - KEY=/cache/production.key.pem +if [ -f /data/production.key.pem ]; then + KEY=/data/production.key.pem fi # By default, set FASTAPI_WORKERS to 2. In production, this should diff --git a/docker/scripts/run-nginx.sh b/docker/scripts/run-nginx.sh index 7780dae8..6ece3303 100755 --- a/docker/scripts/run-nginx.sh +++ b/docker/scripts/run-nginx.sh @@ -8,7 +8,7 @@ echo " (cgit) : https://localhost:8444/cgit/" echo " - PHP : https://localhost:8443/" echo " (cgit) : https://localhost:8443/cgit/" echo -echo " Note: Copy root CA (./cache/ca.root.pem) to ca-certificates or browser." +echo " Note: Copy root CA (./data/ca.root.pem) to ca-certificates or browser." echo echo " Thanks for using aurweb!" echo diff --git a/docker/scripts/run-pytests.sh b/docker/scripts/run-pytests.sh index b8f695df..2eadee42 100755 --- a/docker/scripts/run-pytests.sh +++ b/docker/scripts/run-pytests.sh @@ -32,10 +32,10 @@ pytest if [ $COVERAGE -eq 1 ]; then make -C test coverage - # /cache is mounted as a volume. Copy coverage into it. + # /data is mounted as a volume. Copy coverage into it. # Users can then sanitize the coverage locally in their - # aurweb root directory: ./util/fix-coverage ./cache/.coverage - rm -f /cache/.coverage - cp -v .coverage /cache/.coverage - chmod 666 /cache/.coverage + # aurweb root directory: ./util/fix-coverage ./data/.coverage + rm -f /data/.coverage + cp -v .coverage /data/.coverage + chmod 666 /data/.coverage fi diff --git a/docker/scripts/run-tests.sh b/docker/scripts/run-tests.sh index 45c7835f..a726c957 100755 --- a/docker/scripts/run-tests.sh +++ b/docker/scripts/run-tests.sh @@ -14,12 +14,12 @@ bash $dir/run-pytests.sh --no-coverage make -C test coverage -# /cache is mounted as a volume. Copy coverage into it. +# /data is mounted as a volume. Copy coverage into it. # Users can then sanitize the coverage locally in their -# aurweb root directory: ./util/fix-coverage ./cache/.coverage -rm -f /cache/.coverage -cp -v .coverage /cache/.coverage -chmod 666 /cache/.coverage +# aurweb root directory: ./util/fix-coverage ./data/.coverage +rm -f /data/.coverage +cp -v .coverage /data/.coverage +chmod 666 /data/.coverage # Run flake8 and isort checks. for dir in aurweb test migrations; do