Merge pull request #4073 from TDT-AG/pr/20200427-luci-app-dockerman

luci-app-dockerman: add package

3 files changed, 83 insertions, 0 deletions

diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua
new file mode 100644
index 0000000000..e8a2c0b7eb
--- /dev/null
+++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua
@@ -0,0 +1,20 @@
+require "luci.util"
+docker = require "luci.docker"
+uci = (require "luci.model.uci").cursor()
+dk = docker.new({socket_path = "/var/run/docker.sock"})
+
+if dk:_ping().code ~= 200 then return end
+containers_list = dk.containers:list({query = {all=true}}).body
+allowed_container = uci:get("dockerman", "local", "ac_allowed_container")
+
+if not allowed_container or next(allowed_container)==nil then return end
+allowed_ip = {}
+for i, v in ipairs(containers_list) do
+  for ii, vv in ipairs(allowed_container) do
+    if v.Id:sub(1,12) == vv and v.NetworkSettings and v.NetworkSettings.Networks and v.NetworkSettings.Networks.bridge and v.NetworkSettings.Networks.bridge.IPAddress then
+      print(v.NetworkSettings.Networks.bridge.IPAddress)
+      luci.util.exec("iptables -I DOCKER-MAN -d "..v.NetworkSettings.Networks.bridge.IPAddress.." -o docker0 -j RETURN")
+      table.remove(allowed_container, ii)
+    end
+  end
+end
diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua
new file mode 100644
index 0000000000..179868869b
--- /dev/null
+++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua
@@ -0,0 +1,52 @@
+require "luci.util"
+fs = require "nixio.fs"
+uci = (require "luci.model.uci").cursor()
+
+raw_file_dir = arg[1]
+
+raw_json_str = fs.readfile(raw_file_dir) or "[]"
+raw_json = luci.jsonc.parse(raw_json_str) or {}
+
+new_json = {}
+new_json["data-root"] = uci:get("dockerman", "local", "daemon_data_root")
+new_json["hosts"] = uci:get("dockerman", "local", "daemon_hosts") or {}
+new_json["registry-mirrors"] = uci:get("dockerman", "local", "daemon_registry_mirrors") or {}
+new_json["log-level"] = uci:get("dockerman", "local", "daemon_log_level")
+
+function comp(raw, new)
+  for k, v in pairs(new) do
+    if type(v) == "table" and raw[k] then
+      if #v == #raw[k] then
+        comp(raw[k], v)
+      else
+        changed = true
+      raw[k] = v
+      end
+    elseif raw[k] ~= v then
+      changed = true
+      raw[k] = v
+    end
+  end
+  for k, v in ipairs(new) do
+    if type(v) == "table" and raw[k] then
+      if #v == #raw[k] then
+        comp(raw[k], v)
+      else
+        changed = true
+      raw[k] = v
+      end
+    elseif raw[k] ~= v then
+      changed = true
+      raw[k] = v
+    end
+  end
+end
+comp(raw_json, new_json)
+if changed then
+  if next(raw_json["registry-mirrors"]) == nil then raw_json["registry-mirrors"] = nil end
+  if next(raw_json["hosts"]) == nil then raw_json["hosts"] = nil end
+  fs.writefile(raw_file_dir, luci.jsonc.stringify(raw_json, true):gsub("\\", ""))
+  os.exit(0)
+else
+  os.exit(1)
+end
diff --git a/applications/luci-app-dockerman/root/usr/share/rpcd/acl.d/luci-app-dockerman.json b/applications/luci-app-dockerman/root/usr/share/rpcd/acl.d/luci-app-dockerman.json
new file mode 100644
index 0000000000..ba1a10c609
--- /dev/null
+++ b/applications/luci-app-dockerman/root/usr/share/rpcd/acl.d/luci-app-dockerman.json
@@ -0,0 +1,11 @@
+{
+	"luci-app-dockerman": {
+		"description": "Grant UCI access for luci-app-dockerman",
+		"read": {
+			"uci": [ "dockerman" ]
+			},
+		"write": {
+			"uci": [ "dockerman" ]
+		}
+	}
+}