From 77057284d30e14f01b3895d90fbc7828a1a70010 Mon Sep 17 00:00:00 2001
From: LePresidente <brian.alexander.munro@gmail.com>
Date: Wed, 26 Apr 2023 13:04:02 +0200
Subject: [PATCH] Added crowdsec to Nginx-Proxy-Manager

---
 .../dependencies.d/prepare                    |  0
 .../s6-rc.d/cs-crowdsec-bouncer/script.sh     | 33 +++++++++++++
 .../s6-rc.d/cs-crowdsec-bouncer/type          |  1 +
 .../s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up |  2 +
 .../nginx/dependencies.d/cs-crowdsec-bouncer  |  0
 docker/rootfs/etc/services.d/nginx/run        | 49 +++++++++++++++++++
 6 files changed, 85 insertions(+)
 create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/dependencies.d/prepare
 create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh
 create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/type
 create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up
 create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/cs-crowdsec-bouncer
 create mode 100644 docker/rootfs/etc/services.d/nginx/run

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/dependencies.d/prepare b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/dependencies.d/prepare
new file mode 100644
index 00000000..e69de29b
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh
new file mode 100644
index 00000000..e31ea21e
--- /dev/null
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh
@@ -0,0 +1,33 @@
+#!/command/with-contenv bash
+
+set -e # Exit immediately if a command exits with a non-zero status.
+
+mkdir -p /data/crowdsec/templates
+echo "Deploy Crowdsec Openresty Bouncer.." 
+sed -i 's|/defaults/crowdsec|/data/crowdsec|' /etc/nginx/conf.d/crowdsec_openresty.conf
+
+if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then
+    echo "Patch crowdsec-openresty-bouncer.conf .." 
+    sed "s/=.*//g" /data/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw
+    sed "s/=.*//g" /defaults/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec-openresty-bouncer.conf.raw
+    if grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw ; then
+        grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw > /tmp/config.newvals
+        cp /data/crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf.bak
+        grep -f /tmp/config.newvals /defaults/crowdsec/crowdsec-openresty-bouncer.conf >> /data/crowdsec/crowdsec-openresty-bouncer.conf
+    fi
+else
+    echo "Deploy new crowdsec-openresty-bouncer.conf .." 
+    cp /defaults/crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf    
+fi
+#Make sure the config location is where we get the config from instead of /default/
+sed -i 's|/defaults/crowdsec|/data/crowdsec|' /data/crowdsec/crowdsec-openresty-bouncer.conf
+echo "Deploy Crowdsec Templates .."
+#Make sure we only copy files that don't exist in /data/crowdsec.
+cd /defaults/crowdsec/templates/
+for file in *.html
+do
+  if [ ! -e "/data/crowdsec/templates/${file}" ]
+  then
+    cp -r "/defaults/crowdsec/templates/${file}" "/data/crowdsec/templates/"
+  fi
+done
\ No newline at end of file
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/type b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/type
new file mode 100644
index 00000000..bdd22a18
--- /dev/null
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/type
@@ -0,0 +1 @@
+oneshot
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up
new file mode 100644
index 00000000..f11a5a44
--- /dev/null
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up
@@ -0,0 +1,2 @@
+# shellcheck shell=bash
+/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/cs-crowdsec-bouncer b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/cs-crowdsec-bouncer
new file mode 100644
index 00000000..e69de29b
diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run
new file mode 100644
index 00000000..47ea60f9
--- /dev/null
+++ b/docker/rootfs/etc/services.d/nginx/run
@@ -0,0 +1,49 @@
+#!/usr/bin/with-contenv bash
+
+# Create required folders
+mkdir -p /tmp/nginx/body \
+	/run/nginx \
+	/var/log/nginx \
+	/data/nginx \
+	/data/custom_ssl \
+	/data/logs \
+	/data/access \
+	/data/nginx/default_host \
+	/data/nginx/default_www \
+	/data/nginx/proxy_host \
+	/data/nginx/redirection_host \
+	/data/nginx/stream \
+	/data/nginx/dead_host \
+	/data/nginx/temp \
+	/var/lib/nginx/cache/public \
+	/var/lib/nginx/cache/private \
+	/var/cache/nginx/proxy_temp
+
+touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
+chown root /tmp/nginx
+
+# Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
+# thanks @tfmm
+echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+
+# Generate dummy self-signed certificate.
+if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
+then
+	echo "Generating dummy SSL certificate..."
+	openssl req \
+		-new \
+		-newkey rsa:2048 \
+		-days 3650 \
+		-nodes \
+		-x509 \
+		-subj '/O=localhost/OU=localhost/CN=localhost' \
+		-keyout /data/nginx/dummykey.pem \
+		-out /data/nginx/dummycert.pem
+	echo "Complete"
+fi
+
+# Handle IPV6 settings
+/bin/handle-ipv6-setting /etc/nginx/conf.d
+/bin/handle-ipv6-setting /data/nginx
+
+exec nginx