ci

2023-11-19 23:00:03 +01:00 · 2023-11-19 23:00:03 +01:00 · 3ec3db37e0
commit 3ec3db37e0
parent feb564d4a0
9 changed files with 322 additions and 126 deletions
--- a/.npmrc
+++ b/.npmrc
@ -0,0 +1,4 @@
+audit=false
+fund=false
+update-notifier=false
+package-lock=true
--- a/.woodpecker/base.yaml
+++ b/.woodpecker/base.yaml
@ -0,0 +1,42 @@
+when:
+  event: [push, deployment, manual, cron]
+
+labels:
+  platform: linux/amd64
+
+variables:
+  - &node_image 'node:14-bullseye'
+  - &buildx_image 'woodpeckerci/plugin-docker-buildx:2.2.1'
+
+steps:
+  prepare-npm:
+    image: *node_image
+    secrets:
+      - npmconf
+    commands:
+      - git config --add safe.directory '*'
+      - if [ "$${NPMCONF:-}" != "" ]; then echo "$${NPMCONF}" >> "$${HOME}/.npmrc"; fi
+      - npm ci
+      - npx browserslist@latest --update-db
+
+  build-npm:
+    image: *node_image
+    commands:
+      - bash ./scripts/build.sh web rel
+
+  build-docker:
+    image: *buildx_image
+    pull: true
+    settings:
+      platforms: linux/amd64
+      dockerfile: docker/Dockerfile.ci
+      context: .
+      registry:
+        from_secret: registry_domain
+      tag: latest
+      repo:
+        from_secret: target_image_name
+      password:
+        from_secret: registry_token
+      username:
+        from_secret: registry_user
--- a/docker/Dockerfile.base
+++ b/docker/Dockerfile.base
@ -0,0 +1,17 @@
+FROM nginx:mainline-alpine
+
+COPY ./files/default.conf /etc/nginx/conf.d/default.conf
+COPY ./files/nginx.conf /etc/nginx/nginx.conf
+COPY ./files/entrypoint.sh /
+
+RUN apk update --no-cache && apk upgrade --no-cache \
+    && apk add --no-cache openssl tzdata \
+    && mkdir -p /var/www/TeaWeb /etc/ssl/certs \
+    && chmod +x /entrypoint.sh
+
+ENV TZ="Europe/Berlin"
+
+EXPOSE 80 443
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]
--- a/docker/Dockerfile.ci
+++ b/docker/Dockerfile.ci
@ -0,0 +1,19 @@
+FROM nginx:mainline-alpine
+
+COPY ./docker/files/default.conf /etc/nginx/conf.d/default.conf
+COPY ./docker/files/nginx.conf /etc/nginx/nginx.conf
+COPY ./docker/files/entrypoint.sh /
+
+RUN apk update --no-cache && apk upgrade --no-cache \
+    && apk add --no-cache openssl tzdata \
+    && mkdir -p /var/www/TeaWeb /etc/ssl/certs \
+    && chmod +x /entrypoint.sh
+
+ENV TZ="Europe/Berlin"
+
+EXPOSE 80 443
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]
+
+COPY ./dist/ /var/www/TeaWeb/
--- a/docker/default.conf
+++ b/docker/default.conf
@ -0,0 +1,36 @@
+server {
+    listen       80;
+    server_name  _;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 default_server ssl http2;
+    server_name  _;
+
+    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_certificate     /etc/ssl/certs/tea_bundle.crt;
+    ssl_certificate_key /etc/ssl/certs/tea.key;
+    ssl_session_cache   shared:MozSSL:10m;
+    ssl_session_timeout 1d;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        root   /var/www/TeaWeb;
+        index  index.html;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    gzip          off;
+}
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+set -e
+
+gen_self_signed() {
+  echo "[WRN] No certificates found, generating self signed cert with key"
+  openssl req -x509 -nodes -days 1780 -newkey rsa:4096 \
+    -keyout /etc/ssl/certs/tea.key \
+    -out /etc/ssl/certs/tea_bundle.crt \
+    -subj "/C=DE/ST=Berlin/L=Germany/O=TeaSpeak/OU=TeaWeb/CN=localhost/emailAddress=noreply@teaspeak.de"
+}
+
+gen_diffie_hellman() {
+  echo "[INF] No Diffie-Hellman pem found, generating new with 2048 byte"
+  openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+}
+
+if [ "$1" = "nginx" ]; then
+  if [ ! -f /etc/ssl/certs/tea.key ] && [ ! -f /etc/ssl/certs/tea_bundle.crt ]; then
+    gen_self_signed
+  elif [ ! -f /etc/ssl/certs/tea.key ] || [ ! -f /etc/ssl/certs/tea_bundle.crt ]; then
+    echo "[ERR] Only found a key or crt-bundle file but both files are REQUIRED!"
+    exit 1
+  fi
+  if [ ! -f /etc/ssl/certs/dhparam.pem ]; then
+    gen_diffie_hellman
+  fi
+fi
+
+exec "$@"
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@ -0,0 +1,32 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    server_tokens      off;
+    keepalive_timeout  75;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/shared/js/settings.ts
+++ b/shared/js/settings.ts
@ -408,12 +408,12 @@ export class Settings {
    static readonly KEY_FLAG_CONNECT_DEFAULT: ValuedRegistryKey<boolean> = {
        key: "connect_default",
        valueType: "boolean",
-        defaultValue: false
+        defaultValue: true
    };
    static readonly KEY_CONNECT_ADDRESS: ValuedRegistryKey<string> = {
        key: "connect_address",
        valueType: "string",
-        defaultValue: undefined
+        defaultValue: "tea.lp.kle.li"
    };
    static readonly KEY_CONNECT_PROFILE: ValuedRegistryKey<string> = {
        key: "connect_profile",
@ -448,7 +448,7 @@ export class Settings {

    static readonly KEY_CONNECT_NO_DNSPROXY: ValuedRegistryKey<boolean> = {
        key: "connect_no_dnsproxy",
-        defaultValue: false,
+        defaultValue: true,
        valueType: "boolean",
    };

--- a/web/app/dns/resolver.ts
+++ b/web/app/dns/resolver.ts
@ -26,6 +26,20 @@ class LocalhostResolver implements DNSResolveMethod {

 }

+class FakeResolver implements DNSResolveMethod {
+    name(): string {
+        return "fake resolver";
+    }
+
+    async resolve(address: DNSAddress): Promise<DNSAddress | undefined> {
+        return {
+            hostname: "tea.lp.kle.li",
+            port: address.port
+        }
+    }
+
+}
+
 class IPResolveMethod implements DNSResolveMethod {
    readonly v6: boolean;

@ -309,6 +323,7 @@ class TeaSpeakDNSResolve {
    }
 }

+const kResolverFake = new FakeResolver();
 const kResolverLocalhost = new LocalhostResolver();

 const kResolverIpV4 = new IPResolveMethod(false);
@ -327,7 +342,9 @@ export async function resolveTeaSpeakServerAddress(address: DNSAddress, _options

        const resolver = new TeaSpeakDNSResolve(address);

-        resolver.registerResolver(kResolverLocalhost);
+        resolver.registerResolver(kResolverFake);
+
+        resolver.registerResolver(kResolverLocalhost, kResolverFake);

        resolver.registerResolver(resolverSrvTS, kResolverLocalhost);
        resolver.registerResolver(resolverSrvTS3, kResolverLocalhost);