moved config steps into separate scripts

rootfs/app/entrypoint.sh.d/10_user.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+echo "# Creating user and group"
+
+RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
+
+addgroup -g "${PGID}" "${GROUPNAME}"
+addgroup nginx "${GROUPNAME}"
+adduser -DH -h "${PATH_WEBROOT}" -G "${GROUPNAME}" -u "${PUID}" "${USERNAME}"
+printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | passwd "${USERNAME}"
+echo "password for the user \"${USERNAME}\" is: ${RANDOMPWD}"

rootfs/app/entrypoint.sh.d/90_chown_webroot.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+echo "# chowning ${PATH_WEBROOT} to ${PUID}:${GROUPNAME}..."
+
+chown "${PUID}:${GROUPNAME}" "${PATH_WEBROOT}" -R
+find "${PATH_WEBROOT}" -type d -exec chmod 0755 {} \;
+find "${PATH_WEBROOT}" -type f -exec chmod 0644 {} \;

rootfs/app/entrypoint.sh.d/90_logs.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+echo "# Configuring logrotate"
+
+# make sure path exists
+mkdir -p "${PATH_LOGS}"
+chown -R "${USERNAME}:${GROUPNAME}" "${PATH_LOGS}"
+
+# configure logrotate
+cat >/etc/logrotate.d/nginx <<EOF
+${PATH_LOGS}/nginx-access.log {
+    missingok
+    daily
+    rotate ${LOG_DAYS}
+    compress
+    delaycompress
+    sharedscripts
+    su ${USERNAME} ${GROUPNAME}
+    postrotate
+        /usr/sbin/nginx -s reopen
+        nice -n 19 /usr/bin/goaccess ${PATH_LOGS}/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output ${PATH_STATS}/index.html --log-format COMBINED --tz="${TZ}" --db-path=${PATH_STATSDB} --persist --restore 
+    endscript
+}
+EOF

rootfs/app/entrypoint.sh.d/90_nginx.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+echo "# Configuring nginx"
+
+cat > /etc/nginx/conf.d/user.conf <<EOF
+user ${USERNAME} ${GROUPNAME};
+EOF
+
+# fix permissions for upload
+chown "${USERNAME}" /var/lib/nginx /var/lib/nginx/tmp
+
+cat >"/etc/nginx/custom.d/post_size.conf" <<EOF
+client_max_body_size ${POSTSIZE};
+EOF
+
+cat >"/etc/nginx/conf.d/errorlog.conf" <<EOF
+# Configures default error logger.
+error_log ${PATH_LOGS}/nginx-error.log warn;
+EOF
+
+cat >"/etc/nginx/httpd.d/accesslog.conf" <<EOF
+# Sets the path, format, and configuration for a buffered log write.
+access_log ${PATH_LOGS}/nginx-access.log main;
+EOF

rootfs/app/entrypoint.sh.d/90_php.sh

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+echo "# Configuring PHP"
+
+# set php config
+case "${PHP}" in
+  "php84"|"php83"|"php82")
+    cat >"/etc/${PHP}/php-fpm.d/www.conf" <<EOF
+[www]
+user = ${USERNAME}
+group = ${GROUPNAME}
+listen = 127.0.0.1:9000
+pm = dynamic
+pm.max_children = ${FPM_MAX_CHILDREN}
+pm.start_servers = ${FPM_START_SERVERS}
+pm.min_spare_servers = ${FPM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${FPM_MAX_SPARE_SERVERS}
+EOF
+    cat >"/etc/${PHP}/conf.d/post_size.ini" <<EOF
+upload_max_size = ${POSTSIZE}
+post_max_size = ${POSTSIZE}
+upload_max_filesize = ${POSTSIZE}    
+upload_tmp_dir = /tmp
+EOF
+    ;;
+    *) ;;
+esac
+
+case "${PHP}" in
+    "php84") 
+      cp /app/nginx/php84.conf /etc/nginx/custom.d/
+      cp /app/nginx/default_php.conf /etc/nginx/http.d/default.conf
+      ;;
+    "php83") 
+      cp /app/nginx/php83.conf /etc/nginx/custom.d/
+      cp /app/nginx/default_php.conf /etc/nginx/http.d/default.conf
+      ;;
+    "php82")
+      cp /app/nginx/php82.conf /etc/nginx/custom.d/
+      cp /app/nginx/default_php.conf /etc/nginx/http.d/default.conf
+      ;;
+    *)
+      cp /app/nginx/default_nophp.conf /etc/nginx/http.d/default.conf
+      ;;
+esac

rootfs/app/entrypoint.sh.d/90_ssh.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+echo "# Configuring ssh"
+
+for keytype in ecdsa rsa ed25519 ; do
+  if [ ! -r "/ssh/ssh_host_${keytype}_key" ] ; then
+    /usr/bin/ssh-keygen -t "${keytype}" -f "/ssh/ssh_host_${keytype}_key" -N ""
+  fi
+  chmod 0600 "/ssh/ssh_host_${keytype}_key"
+  chmod 0644 "/ssh/ssh_host_${keytype}_key.pub"
+done
+
+# set authorized_keys permissions
+if [ -f /ssh/authorized_keys ] ; then
+  chmod 0600 /ssh/authorized_keys
+  chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
+fi
+
+chmod 0700 "${PATH_WEBROOT}/.ssh"

rootfs/app/entrypoint.sh.d/90_stats.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+echo "# Configuring stats"
+
+# make sure paths exists
+mkdir -p "${PATH_AUTH}" "${PATH_STATS}" "${PATH_STATSDB}"
+touch "${PATH_AUTH}/stats"
+chown -R "${USERNAME}:${GROUPNAME}" "${PATH_AUTH}" "${PATH_STATS}" "${PATH_STATSDB}"
+
+# stats endpoint
+cat > /etc/nginx/http.d/stats.conf <<EOF
+server {
+    listen ${STATS_PORT} default_server;
+    listen [::]:${STATS_PORT} default_server;
+    root ${PATH_STATS};
+
+    location = / {
+        index index.html;
+        try_files /index.html =404;
+    }
+
+    location /index.html {
+        try_files /index.html =404;
+    }
+
+    location / {
+        return 404;
+    }
+
+    auth_basic "Restricted area";
+    auth_basic_user_file ${PATH_AUTH}/stats;
+}
+EOF

rootfs/app/entrypoint.sh.d/90_webdav.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+echo "# Configuring webdav"
+
+cat > /etc/nginx/http.d/webdav.conf <<EOF
+server {
+    listen ${WEBDAV_PORT} default_server;
+    listen [::]:${WEBDAV_PORT} default_server;
+    root ${PATH_WEBROOT};
+
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        dav_methods             PUT DELETE MKCOL COPY MOVE;
+        dav_ext_methods         PROPFIND OPTIONS;
+        create_full_put_path    on;
+        dav_access              user:rw;
+    }
+
+    auth_basic "Restricted area";
+    auth_basic_user_file ${PATH_AUTH}/webdav;
+}
+EOF
+
+# authentication
+mkdir -p "${PATH_AUTH}"
+touch "${PATH_AUTH}/webdav"
+chown -R "${USERNAME}:${GROUPNAME}" "${PATH_AUTH}"