Merge remote-tracking branch 'origin/master' into 2.0.X

# Conflicts: # docker/debian-base.dockerfile # package-lock.json # package.json # server/database.js # src/router.js
2025-08-08 12:07:31 +08:00 · 2023-07-30 19:15:09 +08:00
parent ccc39b9516 6413d4cbdf
commit a0bd4b248b
115 changed files with 2008 additions and 890 deletions
--- a/docker/debian-base.dockerfile
+++ b/docker/debian-base.dockerfile
@@ -2,13 +2,35 @@
 FROM node:18-bullseye-slim AS base2-slim
 ARG TARGETPLATFORM

-RUN apt update && \
-    apt --yes --no-install-recommends install python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \
-        sqlite3 iputils-ping util-linux dumb-init git curl ca-certificates && \
-    pip3 --no-cache-dir install apprise==1.4.0 && \
+WORKDIR /app
+
+# Specify --no-install-recommends to skip unused dependencies, make the base much smaller!
+# python3* = apprise's dependencies
+# sqlite3 = for debugging
+# iputils-ping = for ping
+# util-linux = for setpriv (Should be dropped in 2.0.0?)
+# dumb-init = avoid zombie processes (#480)
+# curl = for debugging
+# ca-certificates = keep the cert up-to-date
+# sudo = for start service nscd with non-root user
+# nscd = for better DNS caching
+# (pip) apprise = for notifications
+RUN apt-get update && \
+    apt-get --yes --no-install-recommends install  \
+        python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \
+        sqlite3  \
+        iputils-ping  \
+        util-linux  \
+        dumb-init  \
+        curl  \
+        ca-certificates \
+        sudo \
+        nscd && \
+    pip3 --no-cache-dir install apprise==1.4.5 && \
    rm -rf /var/lib/apt/lists/* && \
    apt --yes autoremove

+
 # Install cloudflared
 RUN curl https://pkg.cloudflare.com/cloudflare-main.gpg --output /usr/share/keyrings/cloudflare-main.gpg && \
    echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bullseye main' | tee /etc/apt/sources.list.d/cloudflared.list && \
@@ -18,6 +40,11 @@ RUN curl https://pkg.cloudflare.com/cloudflare-main.gpg --output /usr/share/keyr
    rm -rf /var/lib/apt/lists/* && \
    apt --yes autoremove

+# For nscd
+COPY ./docker/etc/nscd.conf /etc/nscd.conf
+COPY ./docker/etc/sudoers /etc/sudoers
+
+
 # Full Base Image
 # MariaDB, Chromium and fonts
 # Not working for armv7, so use the older version (10.5) of MariaDB from the debian repo
@@ -30,5 +57,3 @@ RUN apt update && \
    rm -rf /var/lib/apt/lists/* && \
    apt --yes autoremove && \
    chown -R node:node /var/lib/mysql
-
-
--- a/docker/etc/nscd.conf
+++ b/docker/etc/nscd.conf
@@ -0,0 +1,90 @@
+#
+# /etc/nscd.conf
+#
+# An example Name Service Cache config file.  This file is needed by nscd.
+#
+# Legal entries are:
+#
+#       logfile                 <file>
+#       debug-level             <level>
+#       threads                 <initial #threads to use>
+#       max-threads             <maximum #threads to use>
+#       server-user             <user to run server as instead of root>
+#               server-user is ignored if nscd is started with -S parameters
+#       stat-user               <user who is allowed to request statistics>
+#       reload-count            unlimited|<number>
+#       paranoia                <yes|no>
+#       restart-interval        <time in seconds>
+#
+#       enable-cache            <service> <yes|no>
+#       positive-time-to-live   <service> <time in seconds>
+#       negative-time-to-live   <service> <time in seconds>
+#       suggested-size          <service> <prime number>
+#       check-files             <service> <yes|no>
+#       persistent              <service> <yes|no>
+#       shared                  <service> <yes|no>
+#       max-db-size             <service> <number bytes>
+#       auto-propagate          <service> <yes|no>
+#
+# Currently supported cache names (services): passwd, group, hosts, services
+#
+
+
+#       logfile                 /var/log/nscd.log
+#       threads                 4
+#       max-threads             32
+#        server-user             node
+#       stat-user               somebody
+        debug-level             0
+#       reload-count            5
+        paranoia                no
+#       restart-interval        3600
+
+        enable-cache            passwd          no
+        positive-time-to-live   passwd          600
+        negative-time-to-live   passwd          20
+        suggested-size          passwd          211
+        check-files             passwd          yes
+        persistent              passwd          yes
+        shared                  passwd          yes
+        max-db-size             passwd          33554432
+        auto-propagate          passwd          yes
+
+        enable-cache            group           no
+        positive-time-to-live   group           3600
+        negative-time-to-live   group           60
+        suggested-size          group           211
+        check-files             group           yes
+        persistent              group           yes
+        shared                  group           yes
+        max-db-size             group           33554432
+        auto-propagate          group           yes
+
+        enable-cache            hosts           yes
+        positive-time-to-live   hosts           3600
+        negative-time-to-live   hosts           20
+        suggested-size          hosts           211
+        check-files             hosts           yes
+        persistent              hosts           yes
+# Set shared to "no" to display stats in `nscd -g`
+# Read more: https://stackoverflow.com/questions/40429245/nscdcentos7curl-0-dns-cache-hit-rate
+        shared                  hosts           no
+        max-db-size             hosts           33554432
+
+        enable-cache            services        no
+        positive-time-to-live   services        28800
+        negative-time-to-live   services        20
+        suggested-size          services        211
+        check-files             services        yes
+        persistent              services        yes
+        shared                  services        yes
+        max-db-size             services        33554432
+
+        enable-cache            netgroup        no
+        positive-time-to-live   netgroup        28800
+        negative-time-to-live   netgroup        20
+        suggested-size          netgroup        211
+        check-files             netgroup        yes
+        persistent              netgroup        yes
+        shared                  netgroup        yes
+        max-db-size             netgroup        33554432
--- a/docker/etc/sudoers
+++ b/docker/etc/sudoers
@@ -0,0 +1,31 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults        env_reset
+Defaults        mail_badpass
+Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root    ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo   ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+
+# Allow `node` to control service (mainly for nscd)
+node ALL=(root) NOPASSWD: /usr/sbin/nscdservice
+node ALL=(root) NOPASSWD: /usr/sbin/service