add fail2ban as example container for testing purposes

szaimen · szaimen · commit f221ab7655ae · 2023-09-27T14:37:03.000+02:00
Signed-off-by: Simon L &lt;szaimen@e.mail.de&gt;
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
@@ -23,3 +23,11 @@ jobs:
           sudo apt-get install python3-pip -y --no-install-recommends
           sudo pip3 install json-spec
           json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
+          JSON_FILES="$(find ./community-containers -name '*.json')"
+          mapfile -t JSON_FILES <<< "$JSON_FILES"
+          for file in "${JSON_FILES[@]}"; do
+            json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
+          done
+          if grep "Exception: document does not validate with schema." ./json-validator.log; then
+            exit 1
+          fi
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
@@ -0,0 +1,26 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-fail2ban",
+            "display_name": "Fail2ban",
+            "image": "szaimen/aio-fail2ban",
+            "image_tag": "%AIO_CHANNEL%",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "cap_add": [
+                "NET_ADMIN",
+                "NET_RAW"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_nextcloud",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ]
+        }
+    ]
+}
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
@@ -0,0 +1 @@
+This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.
diff --git a/community-containers/readme.md b/community-containers/readme.md
@@ -0,0 +1 @@
+## This is a WIP and not working yet!
diff --git a/php/containers-schema.json b/php/containers-schema.json
@@ -39,7 +39,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z ]+$"
+						"pattern": "^[A-Za-z 0-9]+$"
 					},
 					"environment": {
 						"type": "array",
@@ -51,7 +51,7 @@
 					},
 					"container_name": {
 						"type": "string",
-						"pattern": "^nextcloud-aio-[a-z-]+$"
+						"pattern": "^nextcloud-aio-[a-z-0-9]+$"
 					},
 					"internal_port": {
 						"type": "string",
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
@@ -477,7 +477,9 @@ public function CreateContainer(Container $container) : void {
         }
 
         // Disable arp spoofing
-        $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+        if (!in_array('NET_RAW', $capAdds, true)) {
+            $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+        }
 
         if ($container->isApparmorUnconfined()) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.`
Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,9 @@ public function CreateContainer(Container $container) : void {`
`477`	`477`	`}`
`478`	`478`
`479`	`479`	`// Disable arp spoofing`
`480`		`- $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];`
	`480`	`+ if (!in_array('NET_RAW', $capAdds, true)) {`
	`481`	`+ $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];`
	`482`	`+ }`
`481`	`483`
`482`	`484`	`if ($container->isApparmorUnconfined()) {`
`483`	`485`	`$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];`