Skip to content

Added unix ops to docker compose #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
KesterTan wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Added unix ops to docker compose #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
791281a
added unix ops to docker compose
KesterTan Apr 16, 2026
b78c3be
docker compose yml edit course path
Apr 20, 2026
2444b4c
update env template
KesterTan Apr 29, 2026
360690d
Merge branch 'permission-unixops' of https://github.com/autolab/docke…
KesterTan Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .env.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,7 @@ MYSQL_PASSWORD=password
# GITHUB
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# AWS
UNIX_OPS_SHARED_SECRET=
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Verify current secret interpolation guard in compose:"
rg -n '\$\{UNIX_OPS_SHARED_SECRET\??:?\?err\}' docker-compose.yml || true

echo
echo "Verify template default value:"
rg -n '^UNIX_OPS_SHARED_SECRET=' .env.template

Repository: autolab/docker

Length of output: 300

Use :?err guard to reject empty secrets, not just unset variables.

Line 35 sets UNIX_OPS_SHARED_SECRET= to empty. Docker Compose's ${UNIX_OPS_SHARED_SECRET?err} (lines 83, 112 in docker-compose.yml) only rejects unset variables, allowing empty values through. Change the guard from ?err to :?err to reject both unset and empty secrets.

Fix in .env.template:

-UNIX_OPS_SHARED_SECRET=
+UNIX_OPS_SHARED_SECRET=<REPLACE_WITH_STRONG_RANDOM_SECRET>

Fix in docker-compose.yml (lines 83, 112):

-- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET?err}
+- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET:?err}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
UNIX_OPS_SHARED_SECRET=
UNIX_OPS_SHARED_SECRET=<REPLACE_WITH_STRONG_RANDOM_SECRET>
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.env.template at line 35, Change the Docker Compose variable guard to reject
empty values: replace the occurrences of "${UNIX_OPS_SHARED_SECRET?err}" with
"${UNIX_OPS_SHARED_SECRET:?err}" so the expansion fails for both unset and empty
secrets, and update the .env.template to indicate that UNIX_OPS_SHARED_SECRET
must be non-empty (e.g., keep UNIX_OPS_SHARED_SECRET= but document/set a
placeholder) to ensure the new ":?err" guard behaves correctly.

AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Align host course path default with existing host-user convention.

Line 36 uses /home/ubuntu/..., while the same template (Line 8) uses /home/ec2-user/.... This mismatch can break host path resolution depending on deployment user.

🔧 Suggested fix 
-AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses
+AUTOLAB_HOST_COURSES_ROOT=/home/ec2-user/autolab-docker/Autolab/courses
🧰 Tools
🪛 dotenv-linter (4.0.0)

[warning] 36-36: [UnorderedKey] The AUTOLAB_HOST_COURSES_ROOT key should go before the UNIX_OPS_SHARED_SECRET key

(UnorderedKey)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.env.template at line 36, The AUTOLAB_HOST_COURSES_ROOT default uses
/home/ubuntu/... which mismatches the host-user convention used elsewhere;
update the AUTOLAB_HOST_COURSES_ROOT entry to use the same host user path as the
template (e.g., change the value to
/home/ec2-user/autolab-docker/Autolab/courses) so it aligns with other defaults
and avoids host path resolution issues; locate the AUTOLAB_HOST_COURSES_ROOT
line in .env.template and replace the host prefix accordingly.

29 changes: 29 additions & 0 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ services:
# Comment the below out to disable SSL (not recommended)
- ./nginx/app.conf:/etc/nginx/sites-enabled/webapp.conf

# The line below bridges the Docker Wall for filesystem permissions
- /etc/group:/etc/group:ro

# Uncomment the below to disable SSL (not recommended)
# - ./nginx/no-ssl-app.conf:/etc/nginx/sites-enabled/webapp.conf

Expand All @@ -76,6 +79,9 @@ services:
- SECRET_KEY_BASE
- LOCKBOX_MASTER_KEY
- DEVISE_SECRET_KEY
- UNIX_OPS_DELEGATE_URL=http://unixops:4000
- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET?err}
- AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses

mysql:
container_name: mysql
Expand All @@ -97,5 +103,28 @@ services:
- ./ssl/certbot/conf:/etc/letsencrypt
- ./ssl/certbot/www:/var/www/certbot

unixops:
container_name: unixops
build: ./Autolab
command: bundle exec ruby script/unix_ops_daemon.rb -p 4000
environment:
- RAILS_ENV=production
- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET?err}
- HOST_COURSES_PATH=/home/autolab/autolab-docker/Autolab/courses
user: "0:0"
privileged: true
cap_add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
- FSETID
- DAC_READ_SEARCH
volumes:
- ./Autolab:/home/app/webapp
- /etc:/etc:rw
- /home:/home:rw
- /var:/var:rw
volumes:
mysql-db: