From a2df8c85ef5216180141933ad680bbb48c97fa4c Mon Sep 17 00:00:00 2001
From: Sal Tijerina <r.sal.tijerina@gmail.com>
Date: Thu, 8 Aug 2019 17:25:07 -0500
Subject: [PATCH] Add QGIS

---
 Dockerfile                                   | 143 ++++++++++++++++++-
 Dockerfile.amd64                             |   8 +-
 image/etc/nginx/sites-enabled/default        |   9 +-
 image/etc/supervisor/conf.d/supervisord.conf |  19 +++
 image/startup.sh                             |  57 +++++---
 5 files changed, 211 insertions(+), 25 deletions(-)
 mode change 120000 => 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
deleted file mode 120000
index 0fc2233..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-Dockerfile.amd64
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..2a9585e
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,142 @@
+# Built with arch: amd64 flavor: lxde image: ubuntu:18.04 localbuild: 1
+#
+################################################################################
+# base system
+################################################################################
+
+FROM ubuntu:bionic as system
+
+# built-in packages
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt update \
+    && apt install -y --no-install-recommends software-properties-common curl apache2-utils \
+    && apt update \
+    && apt install -y --no-install-recommends --allow-unauthenticated \
+    supervisor nginx sudo net-tools zenity xz-utils \
+    dbus-x11 x11-utils alsa-utils \
+    mesa-utils libgl1-mesa-dri \
+    && apt autoclean -y \
+    && apt autoremove -y \
+    && rm -rf /var/lib/apt/lists/*
+# install debs error if combine together
+RUN add-apt-repository -y ppa:fcwu-tw/apps \
+    && apt update \
+    && apt install -y --no-install-recommends --allow-unauthenticated \
+    xvfb x11vnc=0.9.16-1 \
+    vim-tiny firefox chromium-browser ttf-ubuntu-font-family ttf-wqy-zenhei  \
+    && add-apt-repository -r ppa:fcwu-tw/apps \
+    && apt autoclean -y \
+    && apt autoremove -y \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN apt update \
+    && apt install -y --no-install-recommends --allow-unauthenticated \
+    lxde gtk2-engines-murrine gnome-themes-standard gtk2-engines-pixbuf gtk2-engines-murrine arc-theme \
+    && apt autoclean -y \
+    && apt autoremove -y \
+    && rm -rf /var/lib/apt/lists/*
+
+
+# Additional packages require ~600MB
+# libreoffice  pinta language-pack-zh-hant language-pack-gnome-zh-hant firefox-locale-zh-hant libreoffice-l10n-zh-tw
+
+# tini for subreap
+ARG TINI_VERSION=v0.18.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /bin/tini
+RUN chmod +x /bin/tini
+
+# ffmpeg
+# RUN apt update \
+#     && apt install -y --no-install-recommends --allow-unauthenticated \
+#         ffmpeg \
+#     && rm -rf /var/lib/apt/lists/* \
+#     && mkdir /usr/local/ffmpeg \
+#     && ln -s /usr/bin/ffmpeg /usr/local/ffmpeg/ffmpeg
+
+# python library
+COPY image/usr/local/lib/web/backend/requirements.txt /tmp/
+RUN apt-get update \
+    && dpkg-query -W -f='${Package}\n' > /tmp/a.txt \
+    && apt-get install -y python-pip python-dev build-essential \
+    && pip install setuptools wheel && pip install -r /tmp/requirements.txt \
+    && dpkg-query -W -f='${Package}\n' > /tmp/b.txt \
+    && apt-get remove -y `diff --changed-group-format='%>' --unchanged-group-format='' /tmp/a.txt /tmp/b.txt | xargs` \
+    && apt-get autoclean -y \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /var/cache/apt/* /tmp/a.txt /tmp/b.txt
+
+
+################################################################################
+# builder
+################################################################################
+FROM ubuntu:18.04 as builder
+
+
+RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/apt/sources.list;
+
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl ca-certificates gnupg patch
+
+# nodejs
+RUN curl -sL https://deb.nodesource.com/setup_8.x | bash - \
+    && apt-get install -y nodejs
+
+# yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
+    && apt-get update \
+    && apt-get install -y yarn
+
+# build frontend
+COPY web /src/web
+RUN cd /src/web \
+    && yarn \
+    && npm run build
+
+
+
+################################################################################
+# merge
+################################################################################
+FROM system
+# LABEL maintainer="fcwu.tw@gmail.com"
+
+COPY --from=builder /src/web/dist/ /usr/local/lib/web/frontend/
+
+# Install QGIS
+
+RUN apt update \
+    && apt install -y \
+    python3-pip \
+    python3-dev \
+    python3-setuptools \
+    dirmngr \
+    xterm \
+    && apt autoclean \
+    && apt autoremove \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN echo "deb     http://qgis.org/ubuntu bionic main" >> /etc/apt/sources.list
+RUN echo "deb-src http://qgis.org/ubuntu bionic main" >> /etc/apt/sources.list
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-key CAEB3DC3BDF7FB45
+
+RUN apt update && apt-get install -y qgis python3-qgis qgis-plugin-grass
+
+COPY image /
+EXPOSE 6080
+WORKDIR /root
+ENV HOME=/home/ubuntu \
+    SHELL=/bin/bash
+
+RUN groupadd --gid 816877 G-816877
+RUN useradd --uid 458981 --create-home --shell /bin/bash --user-group --groups G-816877,adm,sudo ubuntu && chown ubuntu:G-816877 /home/ubuntu
+RUN usermod -g G-816877 ubuntu
+RUN mkdir -p /home/ubuntu/.config/pcmanfm/LXDE/ && cp /usr/local/share/doro-lxde-wallpapers/desktop-items-0.conf /home/ubuntu/.config/pcmanfm/LXDE/ && chown -R ubuntu:G-816877 /home/ubuntu/.config
+COPY kill.py /
+# COPY /etc/pki/tls/certs/designsafe-exec-01.tacc.utexas.edu.cer /etc/nginx/ssl/
+# COPY /etc/pki/tls/private/designsafe-exec-01.tacc.utexas.edu.key /etc/nginx/ssl/
+# HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://127.0.0.1:6079/api/health
+ENTRYPOINT ["/startup.sh"]
\ No newline at end of file
diff --git a/Dockerfile.amd64 b/Dockerfile.amd64
index b9524f8..d7663dc 100644
--- a/Dockerfile.amd64
+++ b/Dockerfile.amd64
@@ -8,7 +8,7 @@ FROM ubuntu:18.04 as system
 
 
 
-RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/apt/sources.list; 
+RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/apt/sources.list;
 
 
 # built-in packages
@@ -40,8 +40,8 @@ RUN apt update \
     && apt autoclean -y \
     && apt autoremove -y \
     && rm -rf /var/lib/apt/lists/*
- 
- 
+
+
 # Additional packages require ~600MB
 # libreoffice  pinta language-pack-zh-hant language-pack-gnome-zh-hant firefox-locale-zh-hant libreoffice-l10n-zh-tw
 
@@ -78,7 +78,7 @@ RUN apt-get update \
 FROM ubuntu:18.04 as builder
 
 
-RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/apt/sources.list; 
+RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/apt/sources.list;
 
 
 RUN apt-get update \
diff --git a/image/etc/nginx/sites-enabled/default b/image/etc/nginx/sites-enabled/default
index 07a8170..168264a 100644
--- a/image/etc/nginx/sites-enabled/default
+++ b/image/etc/nginx/sites-enabled/default
@@ -4,8 +4,11 @@ server {
 
     #_SSL_PORT_#listen 443 ssl default_server;
     #_SSL_PORT_#listen [::]:443 ssl default_server ipv6only=on;
-    #_SSL_PORT_#ssl_certificate /etc/nginx/ssl/nginx.crt;
-    #_SSL_PORT_#ssl_certificate_key /etc/nginx/ssl/nginx.key;
+    #_SSL_PORT_#ssl_certificate /etc/nginx/ssl/designsafe-exec-01.tacc.utexas.edu.cer;
+    #_SSL_PORT_#ssl_certificate_key /etc/nginx/ssl/designsafe-exec-01.tacc.utexas.edu.key;
+    # ssl on;
+    # ssl_certificate /etc/nginx/ssl/designsafe-exec-01.tacc.utexas.edu.cer;
+    # ssl_certificate_key /etc/nginx/ssl/designsafe-exec-01.tacc.utexas.edu.key;
 
     #_HTTP_PASSWORD_#auth_basic "Private Property";
     #_HTTP_PASSWORD_#auth_basic_user_file /etc/nginx/.htpasswd;
@@ -43,4 +46,4 @@ server {
         proxy_pass http://127.0.0.1:6081;
         max_ranges 0;
     }
-}
+}
\ No newline at end of file
diff --git a/image/etc/supervisor/conf.d/supervisord.conf b/image/etc/supervisor/conf.d/supervisord.conf
index 2b538da..26c2e66 100644
--- a/image/etc/supervisor/conf.d/supervisord.conf
+++ b/image/etc/supervisor/conf.d/supervisord.conf
@@ -51,9 +51,28 @@ stopsignal=KILL
 [program:x11vnc]
 priority=20
 command=x11vnc -display :1 -xkb -forever -shared -repeat
+stdout_logfile=/var/log/x11vnc.log
 
 [program:novnc]
 priority=25
 directory=/usr/local/lib/web/frontend/static/novnc
 command=bash /usr/local/lib/web/frontend/static/novnc/utils/launch.sh --listen 6081
 stopasgroup=true
+stdout_logfile=/var/log/novnc.log
+
+[program:qgis]
+priority=35
+directory=/home/ubuntu/mydata
+command=xterm -r -ls -geometry 80x24+10+10 -title '*** Exit this window to kill your QGIS session ***' -e '/usr/bin/qgis --nologo'
+user=ubuntu
+autostart=true
+autorestart=false
+stopsignal=QUIT
+environment=DISPLAY=":1",HOME="/home/ubuntu"
+stdout_logfile=/var/log/qgis.log
+redirect_stderr=true
+
+[eventlistener:exit]
+command=/kill.py
+process_name=qgis
+events=PROCESS_STATE_EXITED
diff --git a/image/startup.sh b/image/startup.sh
index 875519d..6a1ee92 100755
--- a/image/startup.sh
+++ b/image/startup.sh
@@ -20,27 +20,50 @@ if [ -n "$RESOLUTION" ]; then
     sed -i "s/1024x768/$RESOLUTION/" /usr/local/bin/xvfb.sh
 fi
 
-USER=${USER:-root}
-HOME=/root
-if [ "$USER" != "root" ]; then
-    echo "* enable custom user: $USER"
-    useradd --create-home --shell /bin/bash --user-group --groups adm,sudo $USER
-    if [ -z "$PASSWORD" ]; then
-        echo "  set default password to \"ubuntu\""
-        PASSWORD=ubuntu
-    fi
-    HOME=/home/$USER
-    echo "$USER:$PASSWORD" | chpasswd
-    cp -r /root/{.gtkrc-2.0,.asoundrc} ${HOME}
-    [ -d "/dev/snd" ] && chgrp -R adm /dev/snd
-fi
+PASSWORD=designsafeubuntu1234!!
+USER="ubuntu"
+echo "$USER:$PASSWORD" | chpasswd
+HOME=/home/$USER
+cp -r /root/{.gtkrc-2.0,.asoundrc} ${HOME}
+[ -d "/dev/snd" ] && chgrp -R adm /dev/snd
+chown -R $USER:$USER $HOME/.[^.]*
+
+# USER="ubuntu"
+# GROUP="G-816877"
+# PASSWORD=designsafeubuntu1234!!
+# USER=${USER:-root}
+# HOME=/root
+# if [ "$USER" != "root" ]; then
+#     echo "* enable custom user: $USER"
+#     groupadd --gid 816877 G-816877
+#     useradd --uid 458981 --create-home --shell /bin/bash --user-group --groups G-816877,adm,sudo $USER
+#     usermod -g G-816877 ubuntu
+#     if [ -z "$PASSWORD" ]; then
+#         echo "  set default password to \"ubuntu\""
+#         PASSWORD=ubuntu
+#     fi
+#     HOME=/home/$USER
+#     echo "$USER:$PASSWORD" | chpasswd
+#     cp -r /root/{.gtkrc-2.0,.asoundrc} ${HOME}
+#     [ -d "/dev/snd" ] && chgrp -R adm /dev/snd
+# fi
 sed -i "s|%USER%|$USER|" /etc/supervisor/conf.d/supervisord.conf
 sed -i "s|%HOME%|$HOME|" /etc/supervisor/conf.d/supervisord.conf
 
 # home folder
-mkdir -p $HOME/.config/pcmanfm/LXDE/
-ln -sf /usr/local/share/doro-lxde-wallpapers/desktop-items-0.conf $HOME/.config/pcmanfm/LXDE/
-chown -R $USER:$USER $HOME
+# mkdir -p $HOME/.config/pcmanfm/LXDE/
+# ln -sf /usr/local/share/doro-lxde-wallpapers/desktop-items-0.conf $HOME/.config/pcmanfm/LXDE/
+# chown -R $USER:$USER $HOME
+
+# home folder, exclude recursive chown of mydata, community, projects, published, and public data
+# shopt -s extglob
+# chown $USER:$GROUP $HOME
+# cd $HOME
+# echo `pwd`
+# echo `ls -alGF`
+# chown -R $USER:$GROUP !(mydata|public|community|projects|published)
+# shopt -u extglob
+# cd /root
 
 # nginx workers
 sed -i 's|worker_processes .*|worker_processes 1;|' /etc/nginx/nginx.conf