Working version

Not sure that I'd bet the bank that this is secure. It probably is. From what I can see, you have to be able to go in and do things as root.
2025-12-06 09:47:00 -05:00
parent 0d5dbcae2c
commit acbd740392
6 changed files with 76 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+garage/*
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -2,9 +2,9 @@
  "id": "com.jadud.garage",
  "title": "Garage",
  "version": "0.0.1",
-  "healthCheckPath": "/",
+  "healthCheckPath": "/health",
  "multiDomain": true,
-  "httpPort": 80,
+  "httpPort": 3900,
  "httpPorts": {
    "GARAGE_S3": {
      "title": "Garage S3 Server Domain",
@@ -23,14 +23,22 @@
      "description": "The domain name for the Garage web server",
      "containerPort": 3902,
      "defaultValue": "garage-web"
+    },
+    "GARAGE_ADMIN": {
+      "title": "Garage Admin API Domain",
+      "description": "The domain name for the Garage admin API",
+      "containerPort": 3903,
+      "defaultValue": "garage-admin"
    }
  },
  "addons": {
-    "localstorage": {}
+    "localstorage": {
+      "sqlite": {
+        "paths": ["/app/data/garage/meta/db.sqlite"],
+        "_documentation": "https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#:~:text=%3Cmetadata_dir%3E/db.sqlite"
+      }
+    }
  },
-  "runtimeDirs": [
-    "/app/code/garage"
-  ],
  "manifestVersion": 2,
  "icon": ""
 }
--- a/24
+++ b/24
@@ -1,17 +1,19 @@
-FROM cloudron/base:5.0.0 AS base
-
-# RUN apt-get update ; apt-get install -y \
-#   curl
-
-WORKDIR /app/bin
-ADD https://garagehq.deuxfleurs.fr/_releases/v2.1.0/aarch64-unknown-linux-musl/garage /app/bin/garage
+FROM cloudron/base:5.0.0

 # Garage wants these directories for storing stuff.
 # We want it here so that /app/data gets backed up.
 RUN mkdir -p /app/data/garage/data /app/data/garage/meta

-WORKDIR /app/data
-COPY garage.toml /app/data/garage.toml
+ADD https://garagehq.deuxfleurs.fr/_releases/v2.1.0/x86_64-unknown-linux-musl/garage /usr/bin/garage
+RUN chmod 755 /usr/bin/garage

-ADD start.bash /app/data/start.bash
-CMD [ "/app/data/start.bash" ]
+COPY garage.toml /garage/garage.toml
+# Create a symlink that will become dead; we'll fill it again 
+# with the startup script.
+RUN ln -s /app/data/garage.toml /etc/garage.toml
+
+COPY start.bash /garage/start.bash
+RUN chmod 755 /garage/start.bash
+
+
+CMD [ "/garage/start.bash" ]
--- a/README.md
+++ b/README.md
@@ -0,0 +1,12 @@
+
+may need to, at some point in the sequence, indicate where things are.
+I'm using a private registry.
+
+
+cloudron install --image <registry-domain>/<user>/com.jadud.garage:20251206-135933-1341d195f
+
+cloudron build
+cloudron update --app garage.<domain>
+
+
+mc alias set garage "https://garage.<domain>"  "<key-id>" "<secret>" --api S3v4
--- a/garage.toml
+++ b/garage.toml
@@ -1,21 +1,23 @@
-# There are many parameters
-# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
-
 metadata_dir = "/app/data/garage/meta"
-data_dir = "/app/data/garage/data"
+
+# https://garagehq.deuxfleurs.fr/documentation/operations/multi-hdd/
+data_dir = [
+    { path = "/app/data/garage/data", capacity = "1G"  },
+]
+
 db_engine = "sqlite"

 replication_factor = 1

+rpc_bind_addr = "[::]:3901"
+rpc_public_addr = "127.0.0.1:3901"
+rpc_secret_file = "/app/data/garage/rpc-secret"
+
 [s3_api]
 s3_region = "garage"
 api_bind_addr = "[::]:3900"
 root_domain = ".s3.garage.localhost"

-rpc_bind_addr = "[::]:3901"
-rpc_public_addr = "127.0.0.1:3901"
-rpc_secret = "$(openssl rand -hex 32)"
-
 [s3_web]
 bind_addr = "[::]:3902"
 root_domain = ".web.garage.localhost"
@@ -24,7 +26,7 @@ index = "index.html"
 # [k2v_api]
 # api_bind_addr = "[::]:3904"

-# [admin]
-# api_bind_addr = "[::]:3903"
-# admin_token = "$(openssl rand -base64 32)"
-# metrics_token = "$(openssl rand -base64 32)"
+[admin]
+api_bind_addr = "[::]:3903"
+admin_token = "$(openssl rand -base64 32)"
+metrics_token = "$(openssl rand -base64 32)"
--- a/start.bash
+++ b/start.bash
@@ -1,5 +1,25 @@
 #!/bin/bash

+# /app/data gets mounted by Cloudron.
+# Any files there at image creation time will disappear.
+# So, copy things in from elsewhere if they're needed at startup.
+
+# Make the working directories for garage. Files will get stored here.
+mkdir -p /app/data/garage/meta
+mkdir -p /app/data/garage/data
+
+# Copy the config in. This is symlinked from /etc.
+# FIXME: Don't do this every time.
+cp /garage/garage.toml /app/data/garage.toml
+
+# Generate an RPC secret file. This is used for clusters.
+# We don't have clusters, but garage wantses it.
+# It is precious to garage.
+openssl rand -hex 32 > /app/data/garage/rpc-secret
+chmod 600 /app/data/garage/rpc-secret
+
+# FIXME: Go back to info level.
 RUST_LOG=garage=debug
-chown -R cloudron:cloudron /app/data
-gosu cloudron:cloudron garage -c /app/data/garage.toml server
+# Chown the things and run.
+chown -R cloudron:cloudron /tmp/garage /app/data/garage
+gosu cloudron:cloudron /usr/bin/garage server