commit bfe4e5041004a72fd700cc9967866614d4ccfa54 Author: Dominik Meyer Date: Fri Jan 12 11:12:27 2024 +0100 ADD: initial version diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..20268c8 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,82 @@ +kind: pipeline +type: kubernetes +name: build-amd64 +platform: + arch: amd64 +node_selector: + kubernetes.io/arch: amd64 + +volumes: +- name: fedhq-ca-crt + config_map: + name: fedhq-ca-crt + default_mode: 420 # same as 644 in octal, or u+w,a+r + optional: false + +steps: + - name: build amd64 + image: quay.io/buildah/stable + privileged: true + volumes: + - name: fedhq-ca-crt + path: /etc/ssl/certs2/ + commands: + - scripts/setupEnvironment.sh + - buildah bud --network host -t "registry.cloud.federationhq.de/fhem:latest-amd64" --arch amd64 . + - buildah push --all registry.cloud.federationhq.de/fhem:latest-amd64 +--- +kind: pipeline +type: kubernetes +name: build-arm64 +platform: + arch: arm64 +node_selector: + kubernetes.io/arch: arm64 + +volumes: +- name: fedhq-ca-crt + config_map: + name: fedhq-ca-crt + default_mode: 420 # same as 644 in octal, or u+w,a+r + optional: false + +steps: + - name: build arm64 + image: quay.io/buildah/stable + privileged: true + volumes: + - name: fedhq-ca-crt + path: /etc/ssl/certs2/ + commands: + - scripts/setupEnvironment.sh + - buildah bud --network host -t "registry.cloud.federationhq.de/fhem:latest-arm64" --arch arm64 . + - buildah push --all registry.cloud.federationhq.de/fhem:latest-arm64 +--- +kind: pipeline +type: kubernetes +name: push +node_selector: + kubernetes.io/arch: amd64 + +volumes: +- name: fedhq-ca-crt + config_map: + name: fedhq-ca-crt + default_mode: 420 # same as 644 in octal, or u+w,a+r + optional: false + +steps: + - name: push + image: quay.io/buildah/stable + privileged: true + volumes: + - name: fedhq-ca-crt + path: /etc/ssl/certs2/ + commands: + - scripts/setupEnvironment.sh + - buildah manifest create registry.cloud.federationhq.de/fhem:latest registry.cloud.federationhq.de/fhem:latest-arm64 registry.cloud.federationhq.de/fhem:latest-amd64 + - buildah manifest push registry.cloud.federationhq.de/fhem:latest docker://registry.cloud.federationhq.de/fhem:latest + - buildah manifest rm registry.cloud.federationhq.de/fhem:latest +depends_on: + - build-amd64 + - build-arm64 \ No newline at end of file diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..fbee0c3 --- /dev/null +++ b/Containerfile @@ -0,0 +1,280 @@ +FROM alpine as dummy +# first line ist just that docker can build it... buildah can do without this line ... + +# +# This image provides a more secure environment for running fhem than the +# vendor provided one. +# +# It does not rely on running apt-get update/upgrade within the container but +# it is expected that every night a new version is build updating fhem and all +# its dependencies. +# +LABEL maintainer="dmeyer@federationhq.de" +LABEL version="0.1" +LABEL build_date=$ARG{BUILD_DATE} +LABEL license="MIT" + + +# +# this image is only required for the build stage as it provides +# an easy way to drop build dependencies in the main image +# +FROM debian:bookworm-slim as builder + +# Ensure we have a build environment +RUN apt-get -q -y update && apt-get -q -y install git build-essential pkg-config libtool libusb-dev autoconf + +RUN cd /usr/src; git clone https://github.com/xypron/sispmctl.git +RUN cd /usr/src/sispmctl;./autogen.sh && ./configure --enable-webless +RUN cd /usr/src/sispmctl;make; ls -al + +RUN git clone https://github.com/fhem/fhem-mirror.git /fhem-src;cd /fhem-src;git checkout main + +# +# the main fhem image +# +FROM debian:bookworm-slim + +RUN apt-get -qy update +RUN apt-get -qy install tini bash tzdata ca-certificates curl gnupg locales jq nmap sqlite3 wget unzip mariadb-client i2c-tools + +# configure locales and tzdata +RUN sed -i '/de_DE.UTF-8/s/^# //g' /etc/locale.gen && locale-gen +ENV LANG de_DE.UTF-8 +ENV LANGUAGE de_DE:de +ENV LC_ALL de_DE.UTF-8 +RUN ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime +ENV TZ Europe/Berlin + +#install fhem dependencies from debian repository +RUN apt-get -qqy install --no-install-recommends \ + libdbd-sqlite3-perl \ + libarchive-extract-perl \ + libarchive-zip-perl \ + libcgi-pm-perl \ + libcpanel-json-xs-perl \ + libdbd-mariadb-perl \ + libdbd-mysql-perl \ + libdbd-pg-perl \ + libdbd-pgsql \ + libdbd-sqlite3 \ + libdbd-sqlite3-perl \ + libdbi-perl \ + libdevice-serialport-perl \ + libdevice-usb-perl \ + libgd-graph-perl \ + libgd-text-perl \ + libimage-imlib2-perl \ + libimage-info-perl \ + libimage-librsvg-perl \ + libio-all-perl \ + libio-file-withpath-perl \ + libio-interface-perl \ + libio-socket-inet6-perl \ + libjson-perl \ + libjson-pp-perl \ + libjson-xs-perl \ + liblist-moreutils-perl \ + libmail-gnupg-perl \ + libmail-imapclient-perl \ + libmail-sendmail-perl \ + libmime-base64-perl \ + libmime-lite-perl \ + libnet-server-perl \ + libsocket6-perl \ + libterm-readline-perl-perl \ + libtext-csv-perl \ + libtext-diff-perl \ + libtext-iconv-perl \ + libtimedate-perl \ + libutf8-all-perl \ + libwww-curl-perl \ + libwww-perl \ + libxml-libxml-perl \ + libxml-parser-lite-perl \ + libxml-parser-perl \ + libxml-simple-perl \ + libxml-stream-perl \ + libxml-treebuilder-perl \ + libxml-xpath-perl \ + libxml-xpathengine-perl \ + libyaml-libyaml-perl \ + libyaml-perl \ + perl-base \ + libalgorithm-merge-perl \ + libauthen-bitcard-perl \ + libauthen-captcha-perl \ + libauthen-cas-client-perl \ + libauthen-dechpwd-perl \ + libauthen-htpasswd-perl \ + libauthen-krb5-admin-perl \ + libauthen-krb5-perl \ + libauthen-krb5-simple-perl \ + libauthen-libwrap-perl \ + libauthen-ntlm-perl \ + libauthen-oath-perl \ + libauthen-pam-perl \ + libauthen-passphrase-perl \ + libauthen-radius-perl \ + libauthen-sasl-cyrus-perl \ + libauthen-sasl-perl \ + libauthen-sasl-saslprep-perl \ + libauthen-scram-perl \ + libauthen-simple-cdbi-perl \ + libauthen-simple-dbi-perl \ + libauthen-simple-dbm-perl \ + libauthen-simple-http-perl \ + libauthen-simple-kerberos-perl \ + libauthen-simple-ldap-perl \ + libauthen-simple-net-perl \ + libauthen-simple-pam-perl \ + libauthen-simple-passwd-perl \ + libauthen-simple-perl \ + libauthen-simple-radius-perl \ + libauthen-simple-smb-perl \ + libauthen-smb-perl \ + libauthen-tacacsplus-perl \ + libauthen-u2f-perl \ + libauthen-u2f-tester-perl \ + libclass-dbi-mysql-perl \ + libclass-isa-perl \ + libclass-loader-perl \ + libcommon-sense-perl \ + libconvert-base32-perl \ + libcpan-meta-yaml-perl \ + libcrypt-blowfish-perl \ + libcrypt-cast5-perl \ + libcrypt-cbc-perl \ + libcrypt-ciphersaber-perl \ + libcrypt-cracklib-perl \ + libcrypt-des-ede3-perl \ + libcrypt-des-perl \ + libcrypt-dh-gmp-perl \ + libcrypt-dh-perl \ + libcrypt-dsa-perl \ + libcrypt-ecb-perl \ + libcrypt-eksblowfish-perl \ + libcrypt-format-perl \ + libcrypt-gcrypt-perl \ + libcrypt-generatepassword-perl \ + libcrypt-hcesha-perl \ + libcrypt-jwt-perl \ + libcrypt-mysql-perl \ + libcrypt-openssl-bignum-perl \ + libcrypt-openssl-dsa-perl \ + libcrypt-openssl-ec-perl \ + libcrypt-openssl-pkcs10-perl \ + libcrypt-openssl-random-perl \ + libcrypt-openssl-rsa-perl \ + libcrypt-openssl-x509-perl \ + libcrypt-passwdmd5-perl \ + libcrypt-pbkdf2-perl \ + libcrypt-random-seed-perl \ + libcrypt-random-source-perl \ + libcrypt-rc4-perl \ + libcrypt-rijndael-perl \ + libcrypt-rsa-parse-perl \ + libcrypt-saltedhash-perl \ + libcrypt-simple-perl \ + libcrypt-smbhash-perl \ + libcrypt-smime-perl \ + libcrypt-ssleay-perl \ + libcrypt-twofish-perl \ + libcrypt-u2f-server-perl \ + libcrypt-unixcrypt-perl \ + libcrypt-unixcrypt-xs-perl \ + libcrypt-urandom-perl \ + libcrypt-util-perl \ + libcrypt-x509-perl \ + libcryptx-perl \ + libdata-dump-perl \ + libdatetime-format-strptime-perl \ + libdatetime-perl \ + libdevel-size-perl \ + libdigest-bcrypt-perl \ + libdigest-bubblebabble-perl \ + libdigest-crc-perl \ + libdigest-elf-perl \ + libdigest-hmac-perl \ + libdigest-jhash-perl \ + libdigest-md2-perl \ + libdigest-md4-perl \ + libdigest-md5-file-perl \ + libdigest-perl-md5-perl \ + libdigest-sha-perl \ + libdigest-sha3-perl \ + libdigest-ssdeep-perl \ + libdigest-whirlpool-perl \ + libdpkg-perl \ + libencode-perl \ + liberror-perl \ + libev-perl \ + libextutils-makemaker-cpanfile-perl \ + libfile-copy-recursive-perl \ + libfile-fcntllock-perl \ + libfinance-quote-perl \ + libgnupg-interface-perl \ + libhtml-strip-perl \ + libhtml-treebuilder-xpath-perl \ + libio-socket-inet6-perl \ + libio-socket-ip-perl \ + libio-socket-multicast-perl \ + libio-socket-portstate-perl \ + libio-socket-socks-perl \ + libio-socket-ssl-perl \ + libio-socket-timeout-perl \ + liblinux-inotify2-perl \ + libmath-round-perl \ + libmodule-pluggable-perl \ + libmojolicious-perl \ + libmoose-perl \ + libmoox-late-perl \ + libmp3-info-perl \ + libmp3-tag-perl \ + libnet-address-ip-local-perl \ + libnet-bonjour-perl \ + libnet-jabber-perl \ + libnet-oauth-perl \ + libnet-oauth2-perl \ + libnet-sip-perl \ + libnet-snmp-perl \ + libnet-ssleay-perl \ + libnet-telnet-perl \ + libnet-xmpp-perl \ + libnmap-parser-perl \ + librivescript-perl \ + librpc-xml-perl \ + libsnmp-perl \ + libsnmp-session-perl \ + libsoap-lite-perl \ + libsocket-perl \ + libswitch-perl \ + libsys-hostname-long-perl \ + libsys-statistics-linux-perl \ + libterm-readkey-perl \ + libterm-readline-perl-perl \ + libtime-period-perl \ + libtypes-path-tiny-perl \ + liburi-escape-xs-perl \ + perl + + +# install fhem dependencies from builder image +COPY --from=builder /usr/src/sispmctl/src/.libs/*.so* /usr/lib/ +COPY --from=builder /usr/src/sispmctl/src/.libs/sispmctl /usr/bin/ +COPY --from=builder /fhem-src/fhem /opt/fhem + +# update libraries +RUN ldconfig + +# fhem runs under the fhem user +RUN adduser -u 34342 --disabled-login fhem +RUN chown -R fhem:fhem /opt/fhem + +# add entrypoint and ensure executability +ADD scripts/entryPoint.sh /entryPoint.sh +RUN chmod +x /entryPoint.sh + +USER fhem + +ENTRYPOINT ["/usr/bin/tini", "--", "/entryPoint.sh"] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..681bf04 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 Dominik Meyer + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..911c2a4 --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# FHEM Home Automation System Container + +This repository contains the source code to build a container image for running the FHEM home automation system using Buildah. + +## Introduction + +FHEM (Flexible Home Automation) is a Perl server for home automation. It is used to automate tasks in the household like switching lamps, shutters, heating, etc. and to log events like temperature, humidity, power consumption. + +## Building the Container + +To build the container image, we will use Buildah, a tool that facilitates building OCI container images. + +```bash +buildah bud -t fhem . +``` + +This command builds the container image using the Containerfile in the current directory and tags the image as `fhem`. + +## Running the Container + +Once the image is built, you can run the FHEM container with the following command: + +```bash +podman run -d -p 8083:8083 fhem +``` + +This command runs the container in the background, mapping port 8083 in the container to port 8083 on the host machine. + +## Accessing FHEM + +Once the container is running, you can access the FHEM web interface by navigating to `http://localhost:8083/fhem` in your web browser. + +## License + +This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/scripts/entryPoint.sh b/scripts/entryPoint.sh new file mode 100755 index 0000000..2ff80a4 --- /dev/null +++ b/scripts/entryPoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +if [ -z ${USECONFIGDB} ]; then + CFG=/opt/fhem/fhem.cfg + +else + + CFG=configDB + + if [ -z ${CONFIG_DATABASE_ENGINE} ]; then + CONFIG_DATABASE_ENGINE=sqlite + + if [ -z ${CONFIG_DATABASE} ]; then + CONFIG_DATABASE="/opt/fhem/configDB.db" + fi + + fi + + if [ -z ${CONFIG_DATABASE} ]; then + echo "please provide CONFIG_DATABASE name" + exit 255 + fi + + if [ "${CONFIG_DATABASE_ENGINE}" == "sqlite" ]; then + echo "`cat < "SQLite:dbname=${CONFIG_DATABASE}", + user => "", + password => "" + ); + EOF + `" >> /opt/fhem/configDB.conf; + fi + +fi + +if [ -n "${USELOGDB}" ]; then + + if [ -z ${LOG_DATABASE_ENGINE} ]; then + LOG_DATABASE_ENGINE=sqlite + + if [ -z ${LOG_DATABASE} ]; then + LOG_DATABASE="/opt/fhem/logdb.db" + fi + + fi + + if [ -z ${LOG_DATABASE} ]; then + exit 255 + fi + + + if [ "${LOG_DATABASE_ENGINE}" == "sqlite" ]; then + echo "`cat < "SQLite:dbname=${LOG_DATABASE}", + user => "", + password => "" + ); + EOF + `" >> /opt/fhem/db.conf; + fi + +fi + +export FHEM_GLOBALATTR="nofork=1 updateInBackground=1 logfile=/dev/stdout" +cd /opt/fhem || exit 255 +./fhem.pl ${CFG} \ No newline at end of file diff --git a/scripts/setupEnvironment.sh b/scripts/setupEnvironment.sh new file mode 100755 index 0000000..2761ce0 --- /dev/null +++ b/scripts/setupEnvironment.sh @@ -0,0 +1,3 @@ +#!/bin/bash +cp /etc/ssl/certs2/federationHQ-CA.pem /etc/pki/ca-trust/source/anchors/ +update-ca-trust