fix set_memory for imaginary and move cap_add to containers.json

Signed-off-by: Simon L <[email protected]>
nextcloud · Mar 6, 2023 · 57b4180 · 57b4180
1 parent c54395a
commit 57b4180
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 2 deletions.
diff --git a/php/containers-schema.json b/php/containers-schema.json
@@ -21,6 +21,12 @@
 							"type": "string"
 						}
 					},
+					"cap_add": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
 					"depends_on": {
 						"type": "array",
 						"items": {

diff --git a/php/containers.json b/php/containers.json
@@ -318,6 +318,9 @@
       ],
       "devices": [
         "/dev/fuse"
+      ],
+      "cap_add": [
+        "SYS_ADMIN"
       ]
     },
     {
@@ -411,7 +414,10 @@
       "environment": [
         "TZ=%TIMEZONE%"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "cap_add": [
+        "CAP_SYS_NICE"
+      ]
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
@@ -23,6 +23,8 @@ class Container {
     private array $secrets;
     /** @var string[] */
     private array $devices;
+    /** @var string[] */
+    private array $capAdd;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -38,6 +40,7 @@ public function __construct(
         array $dependsOn,
         array $secrets,
         array $devices,
+        array $capAdd,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -52,6 +55,7 @@ public function __construct(
         $this->dependsOn = $dependsOn;
         $this->secrets = $secrets;
         $this->devices = $devices;
+        $this->capAdd = $capAdd;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -83,6 +87,10 @@ public function GetDevices() : array {
         return $this->devices;
     }
 
+    public function GetCapAdds() : array {
+        return $this->capAdd;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
@@ -213,6 +213,11 @@ private function GetDefinition(bool $latest): array
                 $devices = $entry['devices'];
             }
 
+            $capAdd = [];
+            if (isset($entry['cap_add'])) {
+                $capAdd = $entry['cap_add'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -226,6 +231,7 @@ private function GetDefinition(bool $latest): array
                 $dependsOn,
                 $secrets,
                 $devices,
+                $capAdd,
                 $this->container->get(DockerActionManager::class)
             );
         }

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
@@ -411,9 +411,13 @@ public function CreateContainer(Container $container) : void {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        $capAdds = $container->GetCapAdds();
+        if (count($capAdds) > 0) {
+            $requestBody['HostConfig']['CapAdd'] = $capAdds;
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
-            $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
 
             // Additional backup directories