colin
/
clam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of git.nixc.us:colin/clam
ci/woodpecker/push/woodpecker Pipeline was successful Details
ci/woodpecker/cron/woodpecker Pipeline was successful Details

This commit is contained in:
Colin 2024-05-27 15:24:54 -04:00
parent 8bbd759b44 1e54d0ae30
commit d9ef711860
3 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.woodpecker.yml
View File

@ -29,6 +29,7 @@ steps:
name: deploy-new
when:
branch: main
event: push
# path:
# include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
image: woodpeckerci/plugin-docker-buildx
@ -69,6 +70,7 @@ steps:
name: cleanup-staging
when:
branch: main
event: push
# path:
# include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
image: woodpeckerci/plugin-docker-buildx
@ -93,7 +95,7 @@ steps:
- echo "Building application for staging branch"
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- echo compose build
- docker compose -f docker-compose.production.yml build
- docker compose -f docker-compose.production.yml build --no-cache
- docker compose -f docker-compose.production.yml push
when:
branch: main

20
README.md
View File

@ -1,4 +1,4 @@
<!-- # build:1 -->
<!-- # build:0 -->
# Known weaknesses and caveats
There is currently no significantly advanced validation except that it builds, and the packages it draws from are unlikely to break without us knowing. This doesn't validate the efficacy of the tools in this container yet; it may be something added later.
@ -29,12 +29,20 @@ then `nano /root/clam/docker-compose.yml`
version: '3.8'
services:
clam:
clamav:
image: git.nixc.us/colin/clam:production
read_only: true
volumes:
- /:/scan
- ./logs:/var/log/clamav
- ./quarantine:/quarantine
tmpfs:
- /tmp
deploy:
resources:
limits:
cpus: '0.50' # Limit to 50% of a CPU
memory: 512M # Limit to 512 megabytes
```
Put this container in the crontab
@ -47,7 +55,7 @@ Then add one of the below cron examples.
To run the job every Sunday at midnight:
```cron
0 0 * * 0 /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clamav
0 0 * * 0 /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clam
```
### Once Every Two Weeks
@ -55,7 +63,7 @@ To run the job every Sunday at midnight:
Cron does not natively support a bi-weekly schedule directly. However, you can achieve this by specifying two days of the month, such as the 1st and 15th:
```cron
0 0 1,15 * * /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clamav
0 0 1,15 * * /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clam
```
### Once a Month
@ -63,11 +71,11 @@ Cron does not natively support a bi-weekly schedule directly. However, you can a
To run the job on the first day of every month at midnight:
```cron
0 0 1 * * /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clamav
0 0 1 * * /usr/bin/docker compose -f /root/clam/docker-compose.yml up -d --pull --force-recreate clam
```
### Notes:
- Ensure that `/usr/bin/docker` is the correct path to your Docker binary. This path might vary depending on your system's configuration.
- Replace `/root/clam` with the actual directory path where your `docker-compose.yml` file is located.
- These cron jobs will pull the latest image and recreate the `clamav` container according to the specified schedule. Ensure that this behavior aligns with your maintenance and update policies.
- These cron jobs will pull the latest image and recreate the `clam` container according to the specified schedule. Ensure that this behavior aligns with your maintenance and update policies.

10
docker/clam/docker-entrypoint.sh
View File

@ -4,7 +4,15 @@ MODE=${1:-"scan"}
scan() {
echo "Running ClamAV scan..."
clamscan -r /scan --log=/var/log/clamav/clamav.log
SCAN_PRIORITY=${SCAN_PRIORITY:-low}
if [ "$SCAN_PRIORITY" = "low" ]; then
echo "Running scan in low priority mode."
nice -n 19 clamscan -r /scan --log=/var/log/clamav/clamav.log
else
echo "Running scan in full power mode."
clamscan -r /scan --log=/var/log/clamav/clamav.log
fi
}
report() {