From 9f659e8d6257744c18c7f77d5fe58e6c51dccb16 Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 24 Dec 2024 18:27:29 +0000 Subject: [PATCH 1/2] Rebase to 3.21 --- Dockerfile | 6 ++-- Dockerfile.aarch64 | 6 ++-- README.md | 17 ++++++---- readme-vars.yml | 9 ++--- .../s6-overlay/s6-rc.d/init-nzbget-config/run | 33 +++++++++++-------- root/etc/s6-overlay/s6-rc.d/svc-nzbget/run | 15 ++++++--- 6 files changed, 50 insertions(+), 36 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8cac8d..220708f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM ghcr.io/linuxserver/unrar:latest AS unrar -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage # set NZBGET version ARG NZBGET_RELEASE @@ -58,7 +58,7 @@ RUN \ curl -o /app/nzbget/cacert.pem -L "https://curl.se/ca/cacert.pem" # Runtime Stage -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 # set version label ARG BUILD_DATE @@ -85,7 +85,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ \ apprise \ pynzb \ requests && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 5d5792f..cb17647 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -2,7 +2,7 @@ FROM ghcr.io/linuxserver/unrar:arm64v8-latest AS unrar -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 AS buildstage # set NZBGET version ARG NZBGET_RELEASE @@ -58,7 +58,7 @@ RUN \ curl -o /app/nzbget/cacert.pem -L "https://curl.se/ca/cacert.pem" # Runtime Stage -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 # set version label ARG BUILD_DATE @@ -83,7 +83,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ \ apprise \ pynzb \ requests && \ diff --git a/README.md b/README.md index f11c412..ee3ed5f 100644 --- a/README.md +++ b/README.md @@ -74,12 +74,6 @@ Webui can be found at `:6789` and the default login details (change ASA To allow scheduling, from the webui set the time correction value in settings/logging. -You can add an additional mount point for intermediate unpacking folder with:- - -`-v /path/to/nzbget/intermediate:/intermediate` - -for example, and changing the setting for InterDir in the PATHS tab of settings to `/intermediate` - ### Media folders We have set `/downloads` as a ***optional path***, this is because it is the easiest way to get started. While easy to use, it has some drawbacks. Mainly losing the ability to atomic move (TL;DR instant file moves, rather than copy+delete) files while processing content. @@ -88,6 +82,14 @@ Use the optional paths if you don't understand, or don't want hardlinks/atomic m The folks over at servarr.com wrote a good [write-up](https://wiki.servarr.com/docker-guide#consistent-and-well-planned-paths) on how to get started with this. +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -148,6 +150,8 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e NZBGET_PASS=tegbzn6789` | Specify the password for web authentication. | | `-v /config` | Persistent config | | `-v /downloads` | Location of downloads on disk. | +| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -311,5 +315,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **27.05.24:** - Rebase to Alpine 3.21. * **27.05.24:** - Rebase to Alpine 3.20. * **09.05.24:** - Revive image based on the fork from https://github.com/nzbgetcom/nzbget diff --git a/readme-vars.yml b/readme-vars.yml index 002e989..beb2ef4 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -34,6 +34,8 @@ opt_param_usage_include_env: true opt_param_env_vars: - {env_var: "NZBGET_USER", env_value: "nzbget", desc: "Specify the user for web authentication."} - {env_var: "NZBGET_PASS", env_value: "tegbzn6789", desc: "Specify the password for web authentication."} +readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -43,12 +45,6 @@ app_setup_block: | To allow scheduling, from the webui set the time correction value in settings/logging. - You can add an additional mount point for intermediate unpacking folder with:- - - `-v /path/to/nzbget/intermediate:/intermediate` - - for example, and changing the setting for InterDir in the PATHS tab of settings to `/intermediate` - ### Media folders We have set `/downloads` as a ***optional path***, this is because it is the easiest way to get started. While easy to use, it has some drawbacks. Mainly losing the ability to atomic move (TL;DR instant file moves, rather than copy+delete) files while processing content. @@ -101,5 +97,6 @@ init_diagram: | "nzbget:testing" <- Base Images # changelog changelogs: + - {date: "27.05.24:", desc: "Rebase to Alpine 3.21."} - {date: "27.05.24:", desc: "Rebase to Alpine 3.20."} - {date: "09.05.24:", desc: "Revive image based on the fork from https://github.com/nzbgetcom/nzbget"} diff --git a/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run b/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run index d530339..99738f4 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run @@ -1,7 +1,17 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -if [[ ! -d /downloads ]]; then +# check if config file exists in /config +if [[ ! -f /config/nzbget.conf ]]; then + cp /app/nzbget/share/nzbget/nzbget.conf /config/nzbget.conf +fi + +# Warn if /downloads is the MainDir and isn't mounted +if ! grep -qe ' /downloads ' /proc/mounts && grep -qe 'MainDir=/downloads' /config/nzbget.conf; then + echo "********************************************* WARNING *********************************************" + echo " Your MainDir is set to /downloads in /config/nzbget.conf but /downloads is not a mounted folder " + echo " This may result in data loss when your container is updated " + echo "***************************************************************************************************" mkdir -p /downloads fi @@ -10,18 +20,13 @@ if [[ -f /downloads/nzbget.lock ]]; then rm /downloads/nzbget.lock fi -# check if config file exists in /config -if [[ ! -f /config/nzbget.conf ]]; then - cp /app/nzbget/share/nzbget/nzbget.conf /config/nzbget.conf -fi +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown abc:abc \ + /downloads -# permissions -lsiown abc:abc \ - /downloads + lsiown -R abc:abc \ + /config -lsiown -R abc:abc \ - /app/nzbget \ - /config - -chmod u+rw \ - /config/nzbget.conf + chmod u+rw \ + /config/nzbget.conf +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-nzbget/run b/root/etc/s6-overlay/s6-rc.d/svc-nzbget/run index 96137e8..224742d 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-nzbget/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-nzbget/run @@ -11,7 +11,14 @@ if [[ ${NZBGET_PASS} && ${NZBGET_PASS-x} ]]; then OPTIONS+="-o ControlPassword=${NZBGET_PASS} " fi -exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 6789" \ - s6-setuidgid abc /app/nzbget/nzbget -s -c /config/nzbget.conf \ - -o OutputMode=log ${OPTIONS} +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 6789" \ + s6-setuidgid abc /app/nzbget/nzbget -s -c /config/nzbget.conf \ + -o OutputMode=log ${OPTIONS} +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 6789" \ + /app/nzbget/nzbget -s -c /config/nzbget.conf \ + -o OutputMode=log ${OPTIONS} +fi From 6e68f2d3b57076d3fe4ce7597761e054f124bd6d Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 24 Dec 2024 18:38:02 +0000 Subject: [PATCH 2/2] Move all config to /config --- Dockerfile | 6 +++--- Dockerfile.aarch64 | 6 +++--- README.md | 2 +- readme-vars.yml | 2 +- .../s6-overlay/s6-rc.d/init-nzbget-config/run | 19 ++++++------------- 5 files changed, 14 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index 220708f..00abf1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ RUN \ rm -rf /app/nzbget/bin/ && \ rm -rf /app/nzbget/etc/ && \ sed -i \ - -e "s|^MainDir=.*|MainDir=/downloads|g" \ + -e "s|^MainDir=.*|MainDir=/config|g" \ -e "s|^ScriptDir=.*|ScriptDir=$\{MainDir\}/scripts|g" \ -e "s|^WebDir=.*|WebDir=$\{AppDir\}/webui|g" \ -e "s|^ConfigTemplate=.*|ConfigTemplate=$\{AppDir\}/webui/nzbget.conf.template|g" \ @@ -45,8 +45,8 @@ RUN \ -e "s|^SevenZipCmd=.*|SevenZipCmd=7z|g" \ -e "s|^CertStore=.*|CertStore=$\{AppDir\}/cacert.pem|g" \ -e "s|^CertCheck=.*|CertCheck=yes|g" \ - -e "s|^DestDir=.*|DestDir=$\{MainDir\}/completed|g" \ - -e "s|^InterDir=.*|InterDir=$\{MainDir\}/intermediate|g" \ + -e "s|^DestDir=.*|DestDir=/downloads/completed|g" \ + -e "s|^InterDir=.*|InterDir=/downloads/intermediate|g" \ -e "s|^LogFile=.*|LogFile=$\{MainDir\}/nzbget.log|g" \ -e "s|^AuthorizedIP=.*|AuthorizedIP=127.0.0.1|g" \ /app/nzbget/share/nzbget/nzbget.conf && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index cb17647..e523377 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -37,7 +37,7 @@ RUN \ rm -rf /app/nzbget/bin/ && \ rm -rf /app/nzbget/etc/ && \ sed -i \ - -e "s|^MainDir=.*|MainDir=/downloads|g" \ + -e "s|^MainDir=.*|MainDir=/config|g" \ -e "s|^ScriptDir=.*|ScriptDir=$\{MainDir\}/scripts|g" \ -e "s|^WebDir=.*|WebDir=$\{AppDir\}/webui|g" \ -e "s|^ConfigTemplate=.*|ConfigTemplate=$\{AppDir\}/webui/nzbget.conf.template|g" \ @@ -45,8 +45,8 @@ RUN \ -e "s|^SevenZipCmd=.*|SevenZipCmd=7z|g" \ -e "s|^CertStore=.*|CertStore=$\{AppDir\}/cacert.pem|g" \ -e "s|^CertCheck=.*|CertCheck=yes|g" \ - -e "s|^DestDir=.*|DestDir=$\{MainDir\}/completed|g" \ - -e "s|^InterDir=.*|InterDir=$\{MainDir\}/intermediate|g" \ + -e "s|^DestDir=.*|DestDir=/downloads/completed|g" \ + -e "s|^InterDir=.*|InterDir=/downloads/intermediate|g" \ -e "s|^LogFile=.*|LogFile=$\{MainDir\}/nzbget.log|g" \ -e "s|^AuthorizedIP=.*|AuthorizedIP=127.0.0.1|g" \ /app/nzbget/share/nzbget/nzbget.conf && \ diff --git a/README.md b/README.md index ee3ed5f..56bab0e 100644 --- a/README.md +++ b/README.md @@ -315,6 +315,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **27.05.24:** - Rebase to Alpine 3.21. +* **27.05.24:** - Rebase to Alpine 3.21. Move MainDir to /config, leave default DestDir/InterDir as /downloads. * **27.05.24:** - Rebase to Alpine 3.20. * **09.05.24:** - Revive image based on the fork from https://github.com/nzbgetcom/nzbget diff --git a/readme-vars.yml b/readme-vars.yml index beb2ef4..b5fa22d 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -97,6 +97,6 @@ init_diagram: | "nzbget:testing" <- Base Images # changelog changelogs: - - {date: "27.05.24:", desc: "Rebase to Alpine 3.21."} + - {date: "27.05.24:", desc: "Rebase to Alpine 3.21. Move MainDir to /config, leave default DestDir/InterDir as /downloads."} - {date: "27.05.24:", desc: "Rebase to Alpine 3.20."} - {date: "09.05.24:", desc: "Revive image based on the fork from https://github.com/nzbgetcom/nzbget"} diff --git a/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run b/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run index 99738f4..35180d4 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-nzbget-config/run @@ -6,23 +6,16 @@ if [[ ! -f /config/nzbget.conf ]]; then cp /app/nzbget/share/nzbget/nzbget.conf /config/nzbget.conf fi -# Warn if /downloads is the MainDir and isn't mounted -if ! grep -qe ' /downloads ' /proc/mounts && grep -qe 'MainDir=/downloads' /config/nzbget.conf; then - echo "********************************************* WARNING *********************************************" - echo " Your MainDir is set to /downloads in /config/nzbget.conf but /downloads is not a mounted folder " - echo " This may result in data loss when your container is updated " - echo "***************************************************************************************************" - mkdir -p /downloads -fi - # delete lock file if found -if [[ -f /downloads/nzbget.lock ]]; then - rm /downloads/nzbget.lock +if [[ -f /config/nzbget.lock ]]; then + rm /config/nzbget.lock fi if [[ -z ${LSIO_NON_ROOT_USER} ]]; then - lsiown abc:abc \ - /downloads + if grep -qe ' /downloads ' /proc/mounts; then + lsiown abc:abc \ + /downloads + fi lsiown -R abc:abc \ /config