change(docker): use ./data instead of ./cache

For the `git` service, ./data is always used to provide an
optional overriding of ssh host keys. In aur-dev production
containers, most services which use the data mount use an
internal Docker `data` volume instead.

Signed-off-by: Kevin Morris <kevr@0cost.org>

docker-compose.aur-dev.yml

@@ -3,7 +3,7 @@ version: "3.8"
 services:
   ca:
     volumes:
-      - cache:/cache
+      - data:/data
 
   memcached:
     restart: always
@@ -23,13 +23,12 @@ services:
     volumes:
       - ${GIT_DATA_DIR}:/aurweb/aur.git
       - ./data:/aurweb/data
-      - cache:/cache
 
   smartgit:
     restart: always
     volumes:
       - ${GIT_DATA_DIR}:/aurweb/aur.git
-      - cache:/cache
+      - data:/data
       - smartgit_run:/var/run/smartgit
 
   cgit-php:
@@ -48,7 +47,7 @@ services:
       - AURWEB_PHP_PREFIX=${AURWEB_PHP_PREFIX}
       - AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX}
     volumes:
-      - cache:/cache
+      - data:/data
 
   fastapi:
     restart: always
@@ -60,13 +59,13 @@ services:
       - AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX}
       - PROMETHEUS_MULTIPROC_DIR=/tmp_prometheus
     volumes:
-      - cache:/cache
+      - data:/data
 
   nginx:
     restart: always
     volumes:
       - ${GIT_DATA_DIR}:/aurweb/aur.git
-      - cache:/cache
+      - data:/data
       - logs:/var/log/nginx
       - smartgit_run:/var/run/smartgit
 
@@ -75,5 +74,5 @@ volumes:
   mariadb_data: {} # Share /var/lib/mysql
   git_data: {} # Share aurweb/aur.git
   smartgit_run: {}
-  cache: {}
+  data: {}
   logs: {}

docker-compose.override.yml

@@ -8,17 +8,17 @@ services:
 
   ca:
     volumes:
-      - ./cache:/cache
+      - ./data:/data
 
   git:
     volumes:
       - git_data:/aurweb/aur.git
-      - ./cache:/cache
+      - ./data:/aurweb/data
 
   smartgit:
     volumes:
       - git_data:/aurweb/aur.git
-      - ./cache:/cache
+      - ./data:/data
       - smartgit_run:/var/run/smartgit
     depends_on:
       mariadb:
@@ -26,7 +26,7 @@ services:
 
   php-fpm:
     volumes:
-      - ./cache:/cache
+      - ./data:/data
       - ./aurweb:/aurweb/aurweb
       - ./migrations:/aurweb/migrations
       - ./test:/aurweb/test
@@ -37,7 +37,7 @@ services:
 
   fastapi:
     volumes:
-      - ./cache:/cache
+      - ./data:/data
       - ./aurweb:/aurweb/aurweb
       - ./migrations:/aurweb/migrations
       - ./test:/aurweb/test
@@ -49,7 +49,7 @@ services:
   nginx:
     volumes:
       - git_data:/aurweb/aur.git
-      - ./cache:/cache
+      - ./data:/data
       - ./logs:/var/log/nginx
       - ./web/html:/aurweb/web/html
       - ./web/template:/aurweb/web/template

docker-compose.yml

@@ -276,7 +276,7 @@ services:
       mariadb_test:
         condition: service_healthy
     volumes:
-      - ./cache:/cache
+      - ./data:/data
       - ./aurweb:/aurweb/aurweb
       - ./migrations:/aurweb/migrations
       - ./test:/aurweb/test
@@ -304,7 +304,7 @@ services:
       - /tmp
     volumes:
       - mariadb_test_run:/var/run/mysqld
-      - ./cache:/cache
+      - ./data:/data
       - ./aurweb:/aurweb/aurweb
       - ./migrations:/aurweb/migrations
       - ./test:/aurweb/test
@@ -330,7 +330,7 @@ services:
         condition: service_healthy
     volumes:
       - mariadb_test_run:/var/run/mysqld
-      - ./cache:/cache
+      - ./data:/data
       - ./aurweb:/aurweb/aurweb
       - ./migrations:/aurweb/migrations
       - ./test:/aurweb/test

docker/ca-entrypoint.sh

@@ -1,58 +1,58 @@
 #!/bin/bash
 set -eou pipefail
 
-if [ -f /cache/ca.root.pem ]; then
+if [ -f /data/ca.root.pem ]; then
     echo "Already have certs, skipping."
     exit 0
 fi
 
 # Generate a new 2048-bit RSA key for the Root CA.
-openssl genrsa -des3 -out /cache/ca.key -passout pass:devca 2048
+openssl genrsa -des3 -out /data/ca.key -passout pass:devca 2048
 
 # Request and self-sign a new Root CA certificate, using
 # the RSA key. Output Root CA PEM-format certificate and key:
-# /cache/ca.root.pem and /cache/ca.key.pem
+# /data/ca.root.pem and /data/ca.key.pem
 openssl req -x509 -new -nodes -sha256 -days 1825 \
     -passin pass:devca \
     -subj "/C=US/ST=California/L=Authority/O=aurweb/CN=localhost" \
-    -in /cache/ca.key -out /cache/ca.root.pem -keyout /cache/ca.key.pem
+    -in /data/ca.key -out /data/ca.root.pem -keyout /data/ca.key.pem
 
 # Generate a new 2048-bit RSA key for a localhost server.
-openssl genrsa -out /cache/localhost.key 2048
+openssl genrsa -out /data/localhost.key 2048
 
 # Generate a Certificate Signing Request (CSR) for the localhost server
 # using the RSA key we generated above.
-openssl req -new -key /cache/localhost.key -passout pass:devca \
+openssl req -new -key /data/localhost.key -passout pass:devca \
     -subj "/C=US/ST=California/L=Server/O=aurweb/CN=localhost" \
-    -out /cache/localhost.csr
+    -out /data/localhost.csr
 
 # Get our CSR signed by our Root CA PEM-formatted certificate and key
-# to produce a fresh /cache/localhost.cert.pem PEM-formatted certificate.
-openssl x509 -req -in /cache/localhost.csr \
-    -CA /cache/ca.root.pem -CAkey /cache/ca.key.pem \
+# to produce a fresh /data/localhost.cert.pem PEM-formatted certificate.
+openssl x509 -req -in /data/localhost.csr \
+    -CA /data/ca.root.pem -CAkey /data/ca.key.pem \
     -CAcreateserial \
-    -out /cache/localhost.cert.pem \
+    -out /data/localhost.cert.pem \
     -days 825 -sha256 \
     -passin pass:devca \
     -extfile /docker/localhost.ext
 
-# Convert RSA key to a PEM-formatted key: /cache/localhost.key.pem
-openssl rsa -in /cache/localhost.key -text > /cache/localhost.key.pem
+# Convert RSA key to a PEM-formatted key: /data/localhost.key.pem
+openssl rsa -in /data/localhost.key -text > /data/localhost.key.pem
 
 # At the end here, our notable certificates and keys are:
-#   - /cache/ca.root.pem
-#   - /cache/ca.key.pem
-#   - /cache/localhost.key.pem
-#   - /cache/localhost.cert.pem
+#   - /data/ca.root.pem
+#   - /data/ca.key.pem
+#   - /data/localhost.key.pem
+#   - /data/localhost.cert.pem
 #
 # When running a server which uses the localhost certificate, a chain
 # should be used, starting with localhost.cert.pem:
-#   - cat /cache/localhost.cert.pem /cache/ca.root.pem > localhost.chain.pem
+#   - cat /data/localhost.cert.pem /data/ca.root.pem > localhost.chain.pem
 #
 # The Root CA (ca.root.pem) should be imported into browsers or
 # ca-certificates on machines wishing to verify localhost.
 #
 
-chmod 666 /cache/*
+chmod 666 /data/*
 
 exec "$@"

docker/cgit-entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -eou pipefail
 
-mkdir -p /var/cache/cgit
+mkdir -p /var/data/cgit
 
 cp -vf conf/cgitrc.proto /etc/cgitrc
 sed -ri "s|clone-prefix=.*|clone-prefix=${CGIT_CLONE_PREFIX}|" /etc/cgitrc

docker/nginx-entrypoint.sh

@@ -5,8 +5,8 @@ set -eou pipefail
 # user customization of the certificates that FastAPI uses.
 # Otherwise, fallback to localhost.{cert,key}.pem, generated by `ca`.
 
-CERT=/cache/production.cert.pem
-KEY=/cache/production.key.pem
+CERT=/data/production.cert.pem
+KEY=/data/production.key.pem
 
 DEST_CERT=/etc/ssl/certs/web.cert.pem
 DEST_KEY=/etc/ssl/private/web.key.pem
@@ -15,8 +15,8 @@ if [ -f "$CERT" ]; then
     cp -vf "$CERT" "$DEST_CERT"
     cp -vf "$KEY" "$DEST_KEY"
 else
-    cat /cache/localhost.cert.pem /cache/ca.root.pem > "$DEST_CERT"
-    cp -vf /cache/localhost.key.pem "$DEST_KEY"
+    cat /data/localhost.cert.pem /data/ca.root.pem > "$DEST_CERT"
+    cp -vf /data/localhost.key.pem "$DEST_KEY"
 fi
 
 cp -vf /docker/config/nginx.conf /etc/nginx/nginx.conf

docker/scripts/run-fastapi.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 
-CERT=/cache/localhost.cert.pem
-KEY=/cache/localhost.key.pem
+CERT=/data/localhost.cert.pem
+KEY=/data/localhost.key.pem
 
 # If production.{cert,key}.pem exists, prefer them. This allows
 # user customization of the certificates that FastAPI uses.
-if [ -f /cache/production.cert.pem ]; then
-    CERT=/cache/production.cert.pem
+if [ -f /data/production.cert.pem ]; then
+    CERT=/data/production.cert.pem
 fi
-if [ -f /cache/production.key.pem ]; then
-    KEY=/cache/production.key.pem
+if [ -f /data/production.key.pem ]; then
+    KEY=/data/production.key.pem
 fi
 
 # By default, set FASTAPI_WORKERS to 2. In production, this should

docker/scripts/run-nginx.sh

@@ -8,7 +8,7 @@ echo "     (cgit) : https://localhost:8444/cgit/"
 echo "  - PHP     : https://localhost:8443/"
 echo "     (cgit) : https://localhost:8443/cgit/"
 echo
-echo " Note: Copy root CA (./cache/ca.root.pem) to ca-certificates or browser."
+echo " Note: Copy root CA (./data/ca.root.pem) to ca-certificates or browser."
 echo
 echo " Thanks for using aurweb!"
 echo

docker/scripts/run-pytests.sh

@@ -32,10 +32,10 @@ pytest
 if [ $COVERAGE -eq 1 ]; then
     make -C test coverage
 
-    # /cache is mounted as a volume. Copy coverage into it.
+    # /data is mounted as a volume. Copy coverage into it.
     # Users can then sanitize the coverage locally in their
-    # aurweb root directory: ./util/fix-coverage ./cache/.coverage
-    rm -f /cache/.coverage
-    cp -v .coverage /cache/.coverage
-    chmod 666 /cache/.coverage
+    # aurweb root directory: ./util/fix-coverage ./data/.coverage
+    rm -f /data/.coverage
+    cp -v .coverage /data/.coverage
+    chmod 666 /data/.coverage
 fi

docker/scripts/run-tests.sh

@@ -14,12 +14,12 @@ bash $dir/run-pytests.sh --no-coverage
 
 make -C test coverage
 
-# /cache is mounted as a volume. Copy coverage into it.
+# /data is mounted as a volume. Copy coverage into it.
 # Users can then sanitize the coverage locally in their
-# aurweb root directory: ./util/fix-coverage ./cache/.coverage
-rm -f /cache/.coverage
-cp -v .coverage /cache/.coverage
-chmod 666 /cache/.coverage
+# aurweb root directory: ./util/fix-coverage ./data/.coverage
+rm -f /data/.coverage
+cp -v .coverage /data/.coverage
+chmod 666 /data/.coverage
 
 # Run flake8 and isort checks.
 for dir in aurweb test migrations; do