jadudm/cloudron-garage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working version

Browse Source 
Not sure that I'd bet the bank that this is secure.

It probably is. From what I can see, you have to be able to go in and do
things as root.
This commit is contained in:
Matt Jadud
2025-12-06 09:47:00 -05:00
parent 0d5dbcae2c
commit acbd740392
6 changed files with 76 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
garage/*

20
CloudronManifest.json
View File

@@ -2,9 +2,9 @@
"id": "com.jadud.garage", "id": "com.jadud.garage",
"title": "Garage", "title": "Garage",
"version": "0.0.1", "version": "0.0.1",
"healthCheckPath": "/", "healthCheckPath": "/health",
"multiDomain": true, "multiDomain": true,
"httpPort": 80, "httpPort": 3900,
"httpPorts": { "httpPorts": {
"GARAGE_S3": { "GARAGE_S3": {
"title": "Garage S3 Server Domain", "title": "Garage S3 Server Domain",
@@ -23,14 +23,22 @@
"description": "The domain name for the Garage web server", "description": "The domain name for the Garage web server",
"containerPort": 3902, "containerPort": 3902,
"defaultValue": "garage-web" "defaultValue": "garage-web"
},
"GARAGE_ADMIN": {
"title": "Garage Admin API Domain",
"description": "The domain name for the Garage admin API",
"containerPort": 3903,
"defaultValue": "garage-admin"
} }
}, },
"addons": { "addons": {
"localstorage": {} "localstorage": {
"sqlite": {
"paths": ["/app/data/garage/meta/db.sqlite"],
"_documentation": "https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#:~:text=%3Cmetadata_dir%3E/db.sqlite"
}
}
}, },
"runtimeDirs": [
"/app/code/garage"
],
"manifestVersion": 2, "manifestVersion": 2,
"icon": "" "icon": ""
} }

24
Dockerfile
View File

@@ -1,17 +1,19 @@
FROM cloudron/base:5.0.0 AS base FROM cloudron/base:5.0.0
# RUN apt-get update ; apt-get install -y \
# curl
WORKDIR /app/bin
ADD https://garagehq.deuxfleurs.fr/_releases/v2.1.0/aarch64-unknown-linux-musl/garage /app/bin/garage
# Garage wants these directories for storing stuff. # Garage wants these directories for storing stuff.
# We want it here so that /app/data gets backed up. # We want it here so that /app/data gets backed up.
RUN mkdir -p /app/data/garage/data /app/data/garage/meta RUN mkdir -p /app/data/garage/data /app/data/garage/meta
WORKDIR /app/data ADD https://garagehq.deuxfleurs.fr/_releases/v2.1.0/x86_64-unknown-linux-musl/garage /usr/bin/garage
COPY garage.toml /app/data/garage.toml RUN chmod 755 /usr/bin/garage
ADD start.bash /app/data/start.bash COPY garage.toml /garage/garage.toml
CMD [ "/app/data/start.bash" ] # Create a symlink that will become dead; we'll fill it again
# with the startup script.
RUN ln -s /app/data/garage.toml /etc/garage.toml
COPY start.bash /garage/start.bash
RUN chmod 755 /garage/start.bash
CMD [ "/garage/start.bash" ]

12
README.md Normal file
View File

@@ -0,0 +1,12 @@
may need to, at some point in the sequence, indicate where things are.
I'm using a private registry.
cloudron install --image <registry-domain>/<user>/com.jadud.garage:20251206-135933-1341d195f
cloudron build
cloudron update --app garage.<domain>
mc alias set garage "https://garage.<domain>" "<key-id>" "<secret>" --api S3v4

26
garage.toml
View File

@@ -1,21 +1,23 @@
# There are many parameters
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
metadata_dir = "/app/data/garage/meta" metadata_dir = "/app/data/garage/meta"
data_dir = "/app/data/garage/data"
# https://garagehq.deuxfleurs.fr/documentation/operations/multi-hdd/
data_dir = [
{ path = "/app/data/garage/data", capacity = "1G" },
]
db_engine = "sqlite" db_engine = "sqlite"
replication_factor = 1 replication_factor = 1
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "127.0.0.1:3901"
rpc_secret_file = "/app/data/garage/rpc-secret"
[s3_api] [s3_api]
s3_region = "garage" s3_region = "garage"
api_bind_addr = "[::]:3900" api_bind_addr = "[::]:3900"
root_domain = ".s3.garage.localhost" root_domain = ".s3.garage.localhost"
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "127.0.0.1:3901"
rpc_secret = "$(openssl rand -hex 32)"
[s3_web] [s3_web]
bind_addr = "[::]:3902" bind_addr = "[::]:3902"
root_domain = ".web.garage.localhost" root_domain = ".web.garage.localhost"
@@ -24,7 +26,7 @@ index = "index.html"
# [k2v_api] # [k2v_api]
# api_bind_addr = "[::]:3904" # api_bind_addr = "[::]:3904"
# [admin] [admin]
# api_bind_addr = "[::]:3903" api_bind_addr = "[::]:3903"
# admin_token = "$(openssl rand -base64 32)" admin_token = "$(openssl rand -base64 32)"
# metrics_token = "$(openssl rand -base64 32)" metrics_token = "$(openssl rand -base64 32)"

24
start.bash
View File

@@ -1,5 +1,25 @@
#!/bin/bash #!/bin/bash
# /app/data gets mounted by Cloudron.
# Any files there at image creation time will disappear.
# So, copy things in from elsewhere if they're needed at startup.
# Make the working directories for garage. Files will get stored here.
mkdir -p /app/data/garage/meta
mkdir -p /app/data/garage/data
# Copy the config in. This is symlinked from /etc.
# FIXME: Don't do this every time.
cp /garage/garage.toml /app/data/garage.toml
# Generate an RPC secret file. This is used for clusters.
# We don't have clusters, but garage wantses it.
# It is precious to garage.
openssl rand -hex 32 > /app/data/garage/rpc-secret
chmod 600 /app/data/garage/rpc-secret
# FIXME: Go back to info level.
RUST_LOG=garage=debug RUST_LOG=garage=debug
chown -R cloudron:cloudron /app/data # Chown the things and run.
gosu cloudron:cloudron garage -c /app/data/garage.toml server chown -R cloudron:cloudron /tmp/garage /app/data/garage
gosu cloudron:cloudron /usr/bin/garage server