From ab57b9d03c8766b296126475f2796b5d31a8e130 Mon Sep 17 00:00:00 2001
From: dave <dave_gitlab@davepedu.com>
Date: Thu, 26 May 2016 20:14:27 -0700
Subject: [PATCH] general improvements

---
 Dockerfile      | 19 ++++++++++--------
 README.md       | 16 ++++++++++------
 cron.conf       |  1 -
 crontab         |  2 +-
 default         |  8 ++++----
 nginx.conf      |  1 -
 pisg.py         | 28 ++++++++++++++-------------
 sshd.conf       |  1 -
 start           | 51 +++++++++++++++++++++++++++++++++++--------------
 supervisor.conf |  1 -
 znc.conf        |  5 +++--
 11 files changed, 81 insertions(+), 52 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 14ace77..b822acd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,17 @@
-FROM ubuntu:14.04
-MAINTAINER Dave P
+FROM ubuntu:trusty
+
+#RUN echo 'Acquire::http::Proxy "http://172.17.0.3:3128";' > /etc/apt/apt.conf
 
 # Admin user
-RUN useradd --create-home --groups sudo admin ; echo "admin:admin" | chpasswd ; locale-gen en
+RUN useradd --create-home --groups sudo admin ; echo "admin:admin" | chpasswd ; locale-gen en_US en_US.UTF-8
 # ZNC user
 RUN useradd --create-home znc ; echo "znc:znc" | chpasswd 
 
 # Install sshd, znc, znc extras, nginx, pisg
-RUN mkdir /var/run/sshd ; apt-get update ; apt-get install -y supervisor vim openssh-server znc znc-python znc-dev dpkg-dev pisg nginx-full irssi screen
+RUN mkdir /var/run/sshd ; apt-get update ; apt-get install -y supervisor vim openssh-server znc znc-python znc-dev dpkg-dev pisg nginx-full irssi screen ; rm /etc/ssh/ssh_host_* ; mkdir /etc/ssh/keys ; sed -i -E 's/HostKey \/etc\/ssh\//HostKey \/etc\/ssh\/keys\//' /etc/ssh/sshd_config
 
 # Get ZNC source
-RUN su -c 'cd /home/znc ; apt-get source znc' znc
+RUN su -c 'cd /home/znc ; apt-get source znc' znc ; mkdir /srv/znc ; chown znc:znc /srv/znc
 
 # Set nginx workers to a low number
 RUN sed -i -e"s/^worker_processes\s*4/worker_processes 1/" /etc/nginx/nginx.conf
@@ -22,9 +23,8 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 COPY default /etc/nginx/sites-available/default
 
 # Install pisg stuff for log generation
-RUN su -c 'mkdir /home/znc/pisg /home/znc/pisg/cache /home/znc/pisg/output /home/znc/pisg/output/.pub' znc
-COPY pisg.py /home/znc/pisg/
-RUN chmod +x /home/znc/pisg/pisg.py ; chown znc /home/znc/pisg/pisg.py
+COPY pisg.py /usr/local/bin/pisg.py
+RUN chmod +x /usr/local/bin/pisg.py
 
 # Install crontab
 COPY crontab /tmp/
@@ -40,8 +40,11 @@ COPY sshd.conf /etc/supervisor/conf.d/sshd.conf
 COPY start /start
 RUN chmod +x /start
 
+VOLUME ["/srv/znc", "/etc/ssh/keys"]
+
 # ssh
 EXPOSE 22
 # nginx
 EXPOSE 80
 
+ENTRYPOINT ["/start"]
diff --git a/README.md b/README.md
index ff187e5..c1f1406 100644
--- a/README.md
+++ b/README.md
@@ -8,13 +8,17 @@ Setup
 
 **General steps:**
 
-* Install docker
-* Clone this repo, cd in
-* Load it as a template: `sudo docker build -t znc .`
-* Start a new container: `sudo docker run -it -p 666:22 -p 4421:4421 -p 80:80 znc /start`
+
+* Build image: `docker build -t znc .`
+* Run container: `docker run -it -p 8022:22 -p 6667:6667 -p 80:80 znc /start`
 * Configure znc
-* Find the new container in your list: `sudo docker ps -a`
-* Run it in the background: `sudo docker start mycontainerid`
+* Find the new container in your list: `docker ps -a`
+* Run it in the background: `docker start mycontainer`
+
+If you wish to preserve data outside the container, mount:
+
+* `-v /host/znc/ssh_keys:/etc/ssh/keys`
+* `-v /host/znc/zncdata:/srv/znc`
 
 When you first run the image, you'll be presented with two ways to configure znc: 
 
diff --git a/cron.conf b/cron.conf
index 3b2d683..75c0110 100644
--- a/cron.conf
+++ b/cron.conf
@@ -1,4 +1,3 @@
 [program:cron]
 command=/usr/sbin/cron -f
 autorestart=true
-
diff --git a/crontab b/crontab
index 1f865be..2950e13 100644
--- a/crontab
+++ b/crontab
@@ -1,2 +1,2 @@
-0 3 * * * /home/znc/pisg/pisg.py
+0 3 * * * /usr/local/bin/pisg.py
 
diff --git a/default b/default
index 778700c..a59fa0d 100644
--- a/default
+++ b/default
@@ -1,9 +1,9 @@
-limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
+limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
 
 server {
     listen 80 default_server;
     listen [::]:80 default_server ipv6only=on;
-    root /home/znc/pisg/output;
+    root /srv/znc/caches/pisg-web;
     index index.html index.htm;
     server_name localhost;
     location / {
@@ -11,11 +11,11 @@ server {
         autoindex on;
         try_files $uri $uri/ =404;
         auth_basic "Restricted";
-        auth_basic_user_file /etc/nginx/htpasswd;
+        auth_basic_user_file /srv/znc/caches/nginx/htpasswd;
     }
     location /pub/ {
         autoindex off;
-        alias /home/znc/pisg/output/.pub/;
+        alias /srv/znc/caches/pisg-web/pub/;
     }
     location /gfx/ {
         alias /usr/share/pisg/gfx/;
diff --git a/nginx.conf b/nginx.conf
index eb73b43..f23de88 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,4 +1,3 @@
 [program:nginx]
 command=/usr/sbin/nginx
 autorestart=true
-
diff --git a/pisg.py b/pisg.py
index cc9f789..644a79e 100755
--- a/pisg.py
+++ b/pisg.py
@@ -2,6 +2,7 @@
 import subprocess
 from os import listdir,unlink,chdir,mkdir
 from os.path import exists
+from os.path import join as pj
 from sys import exit
 from random import randint
 
@@ -10,7 +11,9 @@ class logfile:
         self.username = username
         self.network = network
         self.channel = channel
-        self.path = "/home/znc/.znc/users/%s/moddata/log/%s_%s" % (self.username, self.network, self.channel)
+        self.path = "/srv/znc/users/%s/moddata/log/%s_%s" % (self.username, self.network, self.channel)
+        self.pisg_pub = "/srv/znc/caches/pisg-web"
+        self.pisg_cache = "/srv/znc/caches/pisg"
     
     def __str__(self):
         return "<logfile username=%s network=%s channel=%s path=%s>" % (self.username, self.network, self.channel, self.path)
@@ -31,22 +34,21 @@ class logfile:
 <set PicLocation="/gfx">
 <set UserPics="1">
 <set ActiveNicks="50">
-<set CacheDir="/home/znc/pisg/cache">
-<set FoulWords="shit piss fuck cunt cocksucker motherfucker tits fag faggot nigger">
+<set CacheDir="%(pisgcache)s">
 <set UrlHistory="25">
 
 <channel="%(channel)s">
    Logfile = "%(logdir)s_*.log"
    Format = "energymech"
    Network = "%(network)s"
-   OutputFile = "/home/znc/pisg/output/%(username)s/%(network)s/%(channel)s.html"
-</channel>""" % {"logdir":self.path, "network":self.network, "channel":self.channel, "username":self.username}
+   OutputFile = "%(pisgpub)s/%(username)s/%(network)s/%(channel)s.html"
+</channel>""" % {"logdir":self.path, "network":self.network, "channel":self.channel, "username":self.username, "pisgpub":self.pisg_pub, "pisgcache": self.pisg_cache}
     
     def run_pisg(self):
-        if not exists("/home/znc/pisg/output/%s" % self.username):
-            mkdir("/home/znc/pisg/output/%s" % self.username)
-        if not exists("/home/znc/pisg/output/%s/%s" % (self.username, self.network)):
-            mkdir("/home/znc/pisg/output/%s/%s" % (self.username, self.network))
+        if not exists(pj(self.pisg_pub, self.username)):
+            mkdir(pj(self.pisg_pub, self.username))
+        if not exists(pj(self.pisg_pub, self.username, self.network)):
+            mkdir(pj(self.pisg_pub, self.username, self.network))
         configname = "config.%s" % str(randint(0,10000))
         open(configname, "w").write(self.generate_config())
         proc = subprocess.Popen(['pisg',"-co", configname], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -54,15 +56,15 @@ class logfile:
         unlink(configname)
 
 if __name__ == "__main__":
-    chdir("/home/znc/pisg")
+    chdir("/srv/znc/caches/tmp")
     logs = []
-    for user in listdir("/home/znc/.znc/users/"):
-        if not exists("/home/znc/.znc/users/%s/moddata/log/" % user):
+    for user in listdir("/srv/znc/users/"):
+        if not exists("/srv/znc/users/%s/moddata/log/" % user):
             continue
         
         networks = {}
         
-        for fname in listdir("/home/znc/.znc/users/%s/moddata/log/" % user):
+        for fname in listdir("/srv/znc/users/%s/moddata/log/" % user):
             network, parts = fname.split("_", 1)
             if not network in networks:
                 networks[network]=[]
diff --git a/sshd.conf b/sshd.conf
index 3ae0dda..161e1c8 100644
--- a/sshd.conf
+++ b/sshd.conf
@@ -1,4 +1,3 @@
 [program:sshd]
 command=/usr/sbin/sshd -D
 autorestart=true
-
diff --git a/start b/start
index e0e7541..16fb9c8 100755
--- a/start
+++ b/start
@@ -3,11 +3,18 @@
 # Cleanly kill supervisor when container is stopped
 trap 'kill $(jobs -p)' EXIT
 
-if [ ! -f /home/admin/znc_configured ]; then
-    echo "Welcome! I need to ask you a few questions to configure this ZNC instance for your liking. First, press enter choose and choose a time zone."
-    read
+function build_modules {
+    echo "Building modules..."
+    cd /srv/znc/module-source/c
+    znc-buildmod *.cpp
+    mv *.so /usr/lib/znc/
+}
+
+if [ ! -f /srv/znc/configs/znc.conf ]; then
+    #echo "Welcome! I need to ask you a few questions to configure this ZNC instance for your liking. First, press enter choose and choose a time zone."
+    #read
     
-    dpkg-reconfigure tzdata
+    #dpkg-reconfigure tzdata
     
     if [ ! -f /znc.tar.gz ]; then
         echo "If you want to load data from and existing znc instance create a tar.gz archive containing only the .znc directory and place it in the root of this container as znc.tar.gz."
@@ -17,20 +24,19 @@ if [ ! -f /home/admin/znc_configured ]; then
     fi
     
     if [ -f /znc.tar.gz ]; then
-        su -c "cd /home/znc ; tar zxvf /znc.tar.gz " znc
+        su -c "cd /srv ; tar zxvf /znc.tar.gz " znc
         rm /znc.tar.gz
         echo "Extracted znc data"
-        if [ ! -d /home/znc/.znc ]; then
-            echo ".znc was not in the archive! Aborted"
+        if [ ! -d /srv/znc ]; then
+            echo "'znc' was not in the archive! Aborted"
             exit 1
         fi
-        chown -R znc /home/znc/.znc
-        chgrp -R znc /home/znc/.znc
-        chmod -R 700 /home/znc/.znc
+        chown -R znc:znc /srv/znc
+        chmod -R 700 /srv/znc
         echo "ZNC settings loaded successfully."
     else
         echo "Configure ZNC to your liking now. Remember to choose NO when asked to launch znc!!"
-        su -c "/usr/bin/znc --makeconf" znc
+        su -c "/usr/bin/znc --makeconf --datadir /srv/znc" znc
         echo "ZNC configured successfully."
     fi
     
@@ -56,11 +62,14 @@ if [ ! -f /home/admin/znc_configured ]; then
         break
     done
     
-    printf "$ng_username:$(openssl passwd -crypt $ng_password)\n" > /etc/nginx/htpasswd
+    mkdir -p /srv/znc/caches/tmp /srv/znc/caches/pisg /srv/znc/caches/pisg-web/pub /srv/znc/caches/nginx
+    chown znc:znc /srv/znc/caches
     
-    touch /home/admin/znc_configured
+    printf "$ng_username:$(openssl passwd -crypt $ng_password)\n" > /srv/znc/caches/nginx/htpasswd
     
-    echo "Now, run docker start <containerid> run znc in the background."
+    build_modules
+    
+    echo "Now, start a new container with the same volumes using -d."
     
     echo -n "Do you want to make any other changes inside this container? (y/N): "
     read domore
@@ -72,4 +81,18 @@ if [ ! -f /home/admin/znc_configured ]; then
     exit
 fi
 
+# we probably want this dir to persist...
+if [ ! -f "/etc/ssh/keys/ssh_host_rsa_key" ]; then
+  # Regen keys
+  ssh-keygen -A
+
+  # Move keys to keys dir
+  mv /etc/ssh/ssh_host_* /etc/ssh/keys/
+fi
+
+mkdir -p /srv/znc/caches/tmp /srv/znc/caches/pisg /srv/znc/caches/pisg-web/pub /srv/znc/caches/nginx
+chown znc:znc /srv/znc/caches
+
+build_modules
+
 supervisord
diff --git a/supervisor.conf b/supervisor.conf
index 3fb016d..54296b8 100644
--- a/supervisor.conf
+++ b/supervisor.conf
@@ -1,3 +1,2 @@
 [supervisord]
 nodaemon=true
-
diff --git a/znc.conf b/znc.conf
index 960a493..b8a2fab 100644
--- a/znc.conf
+++ b/znc.conf
@@ -1,4 +1,5 @@
 [program:znc]
-command=su -c "/usr/bin/znc --foreground" znc
+command=/usr/bin/znc --foreground --datadir /srv/znc
+user=znc
+env=HOME=/home/znc
 autorestart=true
-