Set container parameters

2025-12-07 09:36:05 -08:00 · 2025-10-12 15:05:20 -04:00
parent be73e3a7f5
commit 1be91559d2
16 changed files with 301 additions and 182 deletions
--- a/install/debian12/install_dependencies.debian12.sh
+++ b/install/debian12/install_dependencies.debian12.sh
@@ -6,6 +6,15 @@ echo "---------------------------------------------------------"

 # ❗ IMPORTANT - if you modify this file modify the root Dockerfile as well ❗

+SCRIPT_DIR="$(cd -- "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
+REQUIREMENTS_FILE="${REPO_ROOT}/requirements.txt"
+
+if [[ ! -f "${REQUIREMENTS_FILE}" ]]; then
+    echo "requirements.txt not found at ${REQUIREMENTS_FILE}. Please ensure the repository root is available." >&2
+    exit 1
+fi
+
 # Check if script is run as root
 if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root. Please use 'sudo'." 
@@ -30,4 +39,4 @@ source /opt/venv/bin/activate
 update-alternatives --install /usr/bin/python python /usr/bin/python3 10

 #  install packages thru pip3
-pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git 
+pip3 install -r "${REQUIREMENTS_FILE}"
--- a/install/production-filesystem/build/init-nginx.sh
+++ b/install/production-filesystem/build/init-nginx.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 echo "Initializing nginx..."
-install -d -o netalertx -g netalertx -m 700 /app/run/tmp/client_body;
+install -d -o netalertx -g netalertx -m 700 ${SYSTEM_SERVICES_RUN_TMP}/client_body;
 echo "nginx initialized."
--- a/install/production-filesystem/entrypoint.sh
+++ b/install/production-filesystem/entrypoint.sh
@@ -3,6 +3,9 @@
 set -u

 bash /services/capcheck.sh
+bash /services/ramdisk-check.sh
+
+

 SERVICES=""
 FAILED_NAME=""
--- a/install/production-filesystem/services/config/nginx/conf.active/netalertx.conf
+++ b/install/production-filesystem/services/config/nginx/conf.active/netalertx.conf
@@ -107,7 +107,7 @@ http {
            # Set Cache-Control header to prevent caching on the first load
            add_header Cache-Control "no-store";
            fastcgi_pass unix:/services/run/php.sock;
-            include fastcgi_params;
+            include /services/config/nginx/fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
            fastcgi_connect_timeout 75;
--- a/install/production-filesystem/services/ramdisk-check.sh
+++ b/install/production-filesystem/services/ramdisk-check.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# ramdisk-check.sh - Verify critical paths are backed by ramdisk and warn on fallback storage.
+
+warn_if_not_ramdisk() {
+    path="$1"
+
+    if cat /proc/mounts| grep ${path} | grep -qE 'tmpfs|ramfs'; then
+        return 0
+    fi
+
+    cat >&2 <<EOF
+⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
+  ATTENTION: ${path} is not on a ramdisk.
+             Mount this folder inside the container as tmpfs or ramfs.
+
+  NetAlertX expects this location to live in memory for fast reads and writes.
+  Running it on disk will severely degrade performance for every user.
+
+  Fix: Please mount ${path} as tmpfs/ramfs.
+       eg.  --mount type=tmpfs,destination=${path}
+  Restart the container after adding the ramdisk mount.
+⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
+EOF
+    exit 1
+}
+
+warn_if_not_ramdisk "${NETALERTX_API}"
+warn_if_not_ramdisk "${NETALERTX_LOG}"
+
+if [ ! -f "${SYSTEM_NGINIX_CONFIG}/conf.active" ]; then
+    echo "Note: Using default listen address ${LISTEN_ADDR}:${PORT} (no ${SYSTEM_NGINIX_CONFIG}/conf.active override)."
+fi
--- a/install/production-filesystem/services/start-nginx.sh
+++ b/install/production-filesystem/services/start-nginx.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#! /bin/sh
+
 set -euo pipefail

 LOG_DIR=${NETALERTX_APP}
@@ -34,10 +35,10 @@ done

 TEMP_CONFIG_FILE=$(mktemp "${TMP_DIR}/netalertx.conf.XXXXXX")
 if envsubst '${LISTEN_ADDR} ${PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then
-	mv "${TEMP_CONFIG_FILE}" "${SYSTEM_NGINX_CONFIG_FILE}"
+	mv "${TEMP_CONFIG_FILE}" "${SYSTEM_NGINX_CONFIG_FILE}" 2>/dev/null || true
 else
 	echo "Note: Unable to write to ${SYSTEM_NGINX_CONFIG_FILE}. Using default configuration."
-	rm -f "${TEMP_CONFIG_FILE}"
+	rm -f "${TEMP_CONFIG_FILE}" 2>/dev/null || true
 fi

 trap cleanup EXIT
--- a/install/ubuntu24/install.sh
+++ b/install/ubuntu24/install.sh
@@ -15,6 +15,7 @@ echo "---------------------------------------------------------"
 INSTALL_DIR=/app
 INSTALL_SYSTEM_NAME=ubuntu24
 INSTALLER_DIR=${INSTALL_DIR}/install/$INSTALL_SYSTEM_NAME
+REQUIREMENTS_FILE=${INSTALL_DIR}/requirements.txt
 CONF_FILE=app.conf
 DB_FILE=app.db
 NGINX_CONF_FILE=netalertx.conf
@@ -153,7 +154,12 @@ echo
 python3 -m venv "${VENV_DIR}"
 source "${VENV_DIR}/bin/activate"

-pip3 install -r "${INSTALLER_DIR}/requirements.txt" || {  
+if [[ ! -f "${REQUIREMENTS_FILE}" ]]; then
+  echo "[INSTALL] requirements.txt not found at ${REQUIREMENTS_FILE}"  
+  exit 1  
+fi
+
+pip3 install -r "${REQUIREMENTS_FILE}" || {  
  echo "[INSTALL] Failed to install Python dependencies"  
  exit 1  
 }