Initial upload

root/defaults/nginx/dhparams.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----

root/defaults/nginx/nginx.conf.sample

@@ -0,0 +1,90 @@
+# #
+#   @project        thetvapp-docker
+#   @about          Nginx site-configs default configuration file
+#   @file           /root/defaults/nginx/nginx.conf.sample
+#   @repo           https://github.com/Aetherinox/thetvapp-docker
+#   @generated      2024-11-30
+# #
+
+user abc;
+
+# Set number of worker processes automatically based on number of CPU cores.
+include /config/nginx/worker_processes.conf;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /config/log/nginx/error.log;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Include files with config snippets into the root context.
+include /etc/nginx/conf.d/*.conf;
+
+events
+{
+    # The maximum number of simultaneous connections that can be opened by
+    # a worker process.
+    worker_connections 1024;
+}
+
+http
+{
+    # Includes mapping of file name extensions to MIME types of responses
+    # and defines the default type.
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Name servers used to resolve names of upstream servers into addresses.
+    # It's also needed when using tcpsocket and udpsocket in Lua modules.
+    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+    include /config/nginx/resolver.conf;
+
+    # Don't tell nginx version to the clients. Default is 'on'.
+    server_tokens off;
+
+    # Specifies the maximum accepted body size of a client request, as
+    # indicated by the request header Content-Length. If the stated content
+    # length is greater than this size, then the client receives the HTTP
+    # error code 413. Set to 0 to disable. Default is '1m'.
+    client_max_body_size 0;
+
+    # Sendfile copies data between one FD and other from within the kernel,
+    # which is more efficient than read() + write(). Default is off.
+    sendfile on;
+
+    # Causes nginx to attempt to send its HTTP response head in one packet,
+    # instead of using partial frames. Default is 'off'.
+    tcp_nopush on;
+
+    # all ssl related config moved to ssl.conf
+    # included in server blocks where listen 443 is defined
+
+    # Enable gzipping of responses.
+    #gzip on;
+
+    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+    gzip_vary on;
+
+    # Helper variable for proxying websockets.
+    map $http_upgrade $connection_upgrade
+    {
+        default upgrade;
+        '' close;
+    }
+
+    # Enable http2 by default for all servers
+    http2 on;
+
+    # Sets the path, format, and configuration for a buffered log write.
+    access_log /config/log/nginx/access.log;
+
+    # Includes virtual hosts configs.
+    include /etc/nginx/http.d/*.conf;
+    include /config/nginx/site-confs/*.conf;
+}
+
+daemon off;
+pid /run/nginx.pid;

root/defaults/nginx/site-confs/default.conf.sample

@@ -0,0 +1,81 @@
+# #
+#   @project        thetvapp-docker
+#   @about          Nginx site-configs default configuration file
+#   @file           /root/defaults/nginx/site-confs/default.conf
+#   @repo           https://github.com/Aetherinox/thetvapp-docker
+#   @generated      2024-11-30
+# #
+
+server
+{
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    server_name _;
+
+    include /config/nginx/ssl.conf;
+
+    set $root /app/www/public;
+    if (!-d /app/www/public)
+    {
+        set $root /config/www;
+    }
+
+    root $root;
+    index index.html index.htm index.php;
+
+    location /
+    {
+        # enable for basic auth
+        #auth_basic                 "Restricted";
+        #auth_basic_user_file       /config/nginx/.htpasswd;
+
+        # index > fancy
+        fancyindex                  on;
+        fancyindex_header           "/theme/header.html";
+        fancyindex_footer           "/theme/footer.html";
+        fancyindex_ignore           "theme";
+        fancyindex_time_format      "%m-%d-%Y %T";
+        fancyindex_name_length      255;
+        fancyindex_show_dotfiles    off;
+        fancyindex_hide_symlinks    on;
+        fancyindex_default_sort     name;
+
+        # index > auto
+    	autoindex_exact_size        off;
+    	autoindex_format            html;
+    	autoindex_localtime         on;
+
+        gzip on;
+        gzip_vary on;
+        gzip_types text/css text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
+        gzip_proxied any;
+        gzip_comp_level 1;
+        gzip_http_version 1.0;
+        gunzip on;
+        gzip_static on;
+
+        try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
+    }
+
+    location ~ ^(.+\.php)(.*)$
+    {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        if (!-f $document_root$fastcgi_script_name) { return 404; }
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht
+    {
+        deny all;
+    }
+}

root/defaults/nginx/ssl.conf.sample

@@ -0,0 +1,45 @@
+# #
+#   @project        thetvapp-docker
+#   @about          Nginx site-configs default configuration file
+#   @file           /root/defaults/nginx/ssl.conf.sample
+#   @repo           https://github.com/Aetherinox/thetvapp-docker
+#   @generated      2024-11-30
+# #
+
+### Mozilla Recommendations
+# generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7
+
+ssl_certificate /config/keys/cert.crt;
+ssl_certificate_key /config/keys/cert.key;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ssl_session_tickets off;
+
+# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+
+# HSTS (ngx_http_headers_module is required) (63072000 seconds)
+#add_header Strict-Transport-Security "max-age=63072000" always;
+
+# OCSP stapling
+#ssl_stapling on;
+#ssl_stapling_verify on;
+
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
+#ssl_trusted_certificate /config/keys/cert.crt;
+
+# Optional additional headers
+#add_header Cache-Control "no-transform" always;
+#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
+#add_header Permissions-Policy "interest-cohort=()" always;
+#add_header Referrer-Policy "same-origin" always;
+#add_header X-Content-Type-Options "nosniff" always;
+#add_header X-Frame-Options "SAMEORIGIN" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+#add_header X-XSS-Protection "1; mode=block" always;

root/defaults/www/index.html

@@ -0,0 +1,34 @@
+    <html>
+        <head>
+            <title>Welcome to our server</title>
+            <style>
+            body{
+                font-family: Helvetica, Arial, sans-serif;
+            }
+            .message{
+                width:330px;
+                padding:20px 40px;
+                margin:0 auto;
+                background-color:#f9f9f9;
+                border:1px solid #ddd;
+            }
+            center{
+                margin:40px 0;
+            }
+            h1{
+                font-size: 18px;
+                line-height: 26px;
+            }
+            p{
+                font-size: 12px;
+            }
+            </style>
+        </head>
+        <body>
+            <div class="message">
+                <h1>Welcome to our server</h1>
+                <p>The website is currently being setup under this address.</p>
+                <p>For help and support, please contact: <a href="me@example.com">me@example.com</a></p>
+            </div>
+        </body>
+    </html>

root/defaults/www/theme/footer.html

@@ -0,0 +1,22 @@
+     </div>
+    </div>
+  </div>
+
+  <footer class="footer navbar">
+    <div class="container">
+      <div class="col text-right text-muted text-small text-nowrap">
+        <small>
+	   <a href="https://github.com/dtankdempse/thetvapp-m3u">thetvapp hoster</a>.
+        </small>
+      </div>
+    </div>
+  </footer>
+
+  <script type="text/javascript">
+    generateBreadcrumbs();
+    generateList();
+  </script>
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.10.0/js/lightbox-plus-jquery.min.js"></script>
+</body>
+
+</html>

root/defaults/www/theme/header.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+  <title>File Browser</title>
+
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.10.0/css/lightbox.min.css">
+  <link rel="stylesheet" href="/theme/theme.css">
+
+  <script type="text/javascript" src="/theme/js/breadcrumbs.js"></script>
+  <script type="text/javascript" src="/theme/js/list.js"></script>
+</head>
+
+<body>
+  <div class="header">
+    <nav class="navbar sticky-top container">
+      <div class="navbar-brand">
+        <i class="fa fa-fw fa-files-o" aria-hidden="true"></i>
+        File Browser
+      </div>
+    </nav>
+  </div>
+
+  <div class="container">
+    <nav aria-label="breadcrumb">
+      <ol class="breadcrumb" id="breadcrumbs"/>
+    </nav>
+
+    <div class="row">
+      <div class="col">

root/defaults/www/theme/js/breadcrumbs.js

@@ -0,0 +1,9 @@
+/*!
+ *
+ * This file is part of the nginx-fancyindex-flat-theme, licensed under the GNU
+ * General Public License. See the LICENSE file for details.
+ *
+ * Copyright (C)
+ *  2018-2024 Alexander Haase <ahaase@alexhaase.de>
+ */
+function generateBreadcrumbs(){for(var e,a,n,r=window.location.pathname.replace(/\/$/,"").split("/"),t="",c="",o=0;o<r.length;o++)c+=r[o]+"/",t+=(e=0==o?"Home":decodeURIComponent(r[o]),a=c,'<li class="breadcrumb-item'+((n=o==r.length-1)?' active aria-current="page':"")+'">'+(n?"":'<a href="'+a+'">')+e+(n?"":"</a>"));document.getElementById("breadcrumbs").innerHTML=t}

root/defaults/www/theme/js/list.js

@@ -0,0 +1,9 @@
+/*!
+ *
+ * This file is part of the nginx-fancyindex-flat-theme, licensed under the GNU
+ * General Public License. See the LICENSE file for details.
+ *
+ * Copyright (C)
+ *  2018-2024 Alexander Haase <ahaase@alexhaase.de>
+ */
+function generateList(){function e(e){return'<i class="fa fa-fw '+function(e){switch(e){case"folder":return"fa-folder";case"archive":case"audio":case"code":case"excel":case"image":case"pdf":case"powerpoint":case"text":case"video":case"word":return"fa-file-"+e+"-o";default:return"fa-file-o"}}(e)+'" aria-hidden="true"></i>'}var a=document.getElementById("list");a.removeAttribute("cellpadding"),a.removeAttribute("cellspacing"),a.classList.add("table","table-sm","table-hover","text-nowrap"),a.tHead.children[0].classList.add("d-none","d-md-table-row"),"/"!=window.location.pathname&&a.deleteRow(1);for(var s,c=0;s=a.rows[c];c++)filetype=function(e){if(e.endsWith("/"))return"folder";switch(e.split(".").pop().toLowerCase()){case"txt":return"text";case"pdf":return"pdf";case"bmp":case"gif":case"jpeg":case"jpg":case"png":case"tif":case"tiff":return"image";case"aac":case"aiff":case"m4a":case"mp3":case"ogg":case"opus":case"wav":return"audio";case"amv":case"avi":case"flv":case"m4v":case"mkv":case"mov":case"mp4":case"m4p":case"mpeg":case"mpg":case"ogv":case"vob":case"webm":case"wmv":return"video";case"7z":case"a":case"apk":case"ar":case"bin":case"bz2":case"cab":case"dmg":case"gz":case"iso":case"jar":case"lz":case"lzma":case"lzo":case"pak":case"partimg":case"rar":case"s7z":case"tar":case"tbz2":case"tgz":case"tlz":case"txz":case"xz":case"zip":return"archive";case"doc":case"docx":case"odt":case"rtf":return"word";case"csv":case"ods":case"xls":case"xlsx":return"excel";case"odp":case"ppt":case"pptx":return"powerpoint";case"c":case"class":case"cpp":case"cs":case"h":case"hpp":case"hxx":case"java":case"py":case"sh":case"swift":case"vb":return"code"}}(s.cells[0].children[0].innerHTML),s.insertCell(0).innerHTML=0<c?e(filetype):"",s.cells[0].classList.add("col-auto"),s.cells[1].classList.add("col","filename"),s.cells[2].classList.add("col-auto","d-none","d-md-table-cell"),s.cells[3].classList.add("col-auto","d-none","d-md-table-cell"),"image"==filetype&&s.cells[1].children[0].setAttribute("data-lightbox","roadtrip")}

root/defaults/www/theme/theme.css

@@ -0,0 +1,9 @@
+/*!
+ * This file is part of the nginx-fancyindex-flat-theme (licensed under the GPL
+ * license) and uses Twitter Bootstrap (v4) (licensed under the MIT license).
+ *
+ * Copyright (C)
+ *  2018-2024 Alexander Haase <ahaase@alexhaase.de>
+ *
+ * See the LICENSE file for details.
+ */body{background-color:#f8f9fa;padding-bottom:20px}@media (prefers-color-scheme:dark){body{background-color:#343a40;color:#fff}}.breadcrumb{background-color:transparent;padding-left:35px}.breadcrumb .breadcrumb-item a{color:#4caf50}html{position:relative;min-height:100%}.footer{position:absolute;bottom:0;width:100%;margin-bottom:0}.footer a,.footer a:focus,.footer a:hover{color:#4caf50}.header{background-color:#4caf50;color:#fff;min-height:24px}.header .navbar-brand{padding:0 8px;font-size:16px;line-height:24px;height:24px}#list a,#list a:focus,#list a:hover{color:#000}#list colgroup{display:none}#list .filename{word-break:break-all;white-space:normal}@media (prefers-color-scheme:dark){#list a,#list a:focus,#list a:hover{color:#fff}}

root/etc/logrotate.d/nginx

@@ -0,0 +1,14 @@
+/config/log/nginx/*.log {
+        weekly
+        rotate 14
+        compress
+        delaycompress
+        nodateext
+        notifempty
+        missingok
+        sharedscripts
+        postrotate
+                s6-svc -1 /run/service/svc-nginx
+        endscript
+        su abc abc
+}

root/etc/logrotate.d/php-fpm

@@ -0,0 +1,14 @@
+/config/log/php/*.log {
+        rotate 7
+        weekly
+        missingok
+        notifempty
+        delaycompress
+        compress
+        nodateext
+        sharedscripts
+        postrotate
+                s6-svc -t /run/service/svc-php-fpm
+        endscript
+        su abc abc
+}

root/etc/nginx/nginx.conf

@@ -0,0 +1 @@
+include /config/nginx/nginx.conf;

root/etc/s6-overlay/s6-rc.d/ci-service-check/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/ci-service-check/up

@@ -0,0 +1 @@
+echo -e " Core         : Completed loading container"

root/etc/s6-overlay/s6-rc.d/init-adduser/branding

@@ -0,0 +1,9 @@
+───────────────────────────────────────────────────────────────
+                  TheTvApp Docker Container
+───────────────────────────────────────────────────────────────
+  This container automatically downloads the m3u8 and xml
+  guide data from
+        - https://github.com/dtankdempse/thetvapp-m3u
+
+  Once the data is downloaded, you can access the files from
+  the container's webserver.

root/etc/s6-overlay/s6-rc.d/init-adduser/run

@@ -0,0 +1,37 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+PUID=${PUID:-911}
+PGID=${PGID:-911}
+
+if [[ -z ${AETHERX_READ_ONLY_FS} ]] && [[ -z ${AETHERX_NON_ROOT_USER} ]]; then
+    groupmod -o -g "$PGID" abc
+    usermod -o -u "$PUID" abc
+fi
+
+if { [[ -z ${AETHERX_READ_ONLY_FS} ]] && [[ -z ${AETHERX_NON_ROOT_USER} ]]; } || [[ ! ${LSIO_FIRST_PARTY} = "true" ]]; then
+    cat /etc/s6-overlay/s6-rc.d/init-adduser/branding
+else
+    cat /run/branding
+fi
+
+if [[ -z ${AETHERX_NON_ROOT_USER} ]]; then
+echo "
+        User ID ........... $(id -u abc)
+        Group ID .......... $(id -g abc)"
+else
+echo "
+        User ID ........... $(stat /run -c %u)
+        Group ID .......... $(stat /run -c %g)"
+fi
+echo "
+        Port HTTP ......... $(echo $PORT_HTTP)
+        Port HTTPS ........ $(echo $PORT_HTTPS)"
+
+echo '───────────────────────────────────────────────────────────────'
+
+if [[ -z ${AETHERX_READ_ONLY_FS} ]] && [[ -z ${AETHERX_NON_ROOT_USER} ]]; then
+    lsiown abc:abc /app
+    lsiown abc:abc /config
+    lsiown abc:abc /defaults
+fi

root/etc/s6-overlay/s6-rc.d/init-adduser/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-adduser/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-adduser/run

root/etc/s6-overlay/s6-rc.d/init-config-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-config-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the downstream image init process

root/etc/s6-overlay/s6-rc.d/init-crontab-config/run

@@ -0,0 +1,44 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+for cron_user in abc root; do
+    if [[ -z ${AETHERX_READ_ONLY_FS} ]] && [[ -z ${AETHERX_NON_ROOT_USER} ]]; then
+        if [[ -f "/etc/crontabs/${cron_user}" ]]; then
+            lsiown "${cron_user}":"${cron_user}" "/etc/crontabs/${cron_user}"
+            crontab -u "${cron_user}" "/etc/crontabs/${cron_user}"
+        fi
+    fi
+
+    if [[ -f "/defaults/crontabs/${cron_user}" ]]; then
+        mkdir -p /config/crontabs
+
+        # #
+        #   if crontabs do not exist in config
+        # #
+
+        if [[ ! -f "/config/crontabs/${cron_user}" ]]; then
+
+            # #
+            #   copy crontab from system
+            # #
+        
+            if crontab -l -u "${cron_user}" >/dev/null 2>&1; then
+                crontab -l -u "${cron_user}" >"/config/crontabs/${cron_user}"
+            fi
+
+            # #
+            #   if crontabs still do not exist in config (were not copied from system)
+            #   copy crontab from image defaults (using -n, do not overwrite an existing file)
+            # #
+
+            cp -n "/defaults/crontabs/${cron_user}" /config/crontabs/
+        fi
+
+        # #
+        #   set perms and import user crontabs
+        # #
+
+        lsiown "${cron_user}":"${cron_user}" "/config/crontabs/${cron_user}"
+        crontab -u "${cron_user}" "/config/crontabs/${cron_user}"
+    fi
+done

root/etc/s6-overlay/s6-rc.d/init-crontab-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-crontab-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-crontab-config/run

root/etc/s6-overlay/s6-rc.d/init-custom-files/run

@@ -0,0 +1,22 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# Directories
+SCRIPTS_DIR="/custom-cont-init.d"
+
+# Make sure custom init directory exists and has files in it
+if [[ -e "${SCRIPTS_DIR}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]]; then
+    echo -e " Loader       : Custom files found, loading them ..."
+    for SCRIPT in "${SCRIPTS_DIR}"/*; do
+        NAME="$(basename "${SCRIPT}")"
+        if [[ -f "${SCRIPT}" ]]; then
+            echo -e " Loader       : Executing ..."
+            /bin/bash "${SCRIPT}"
+            echo -e " Loader       : ${NAME}: Exited $?"
+        elif [[ ! -f "${SCRIPT}" ]]; then
+            echo -e " Loader       : ${NAME}: Not a valid file"
+        fi
+    done
+else
+    echo -e " Loader       : No custom files found, skipping..."
+fi

root/etc/s6-overlay/s6-rc.d/init-custom-files/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-custom-files/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-custom-files/run

root/etc/s6-overlay/s6-rc.d/init-envfile/run

@@ -0,0 +1,19 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
+    for FILENAME in /run/s6/container_environment/FILE__*; do
+            SECRETFILE=$(cat "${FILENAME}")
+            if [[ -f ${SECRETFILE} ]]; then
+                FILESTRIP=${FILENAME//FILE__/}
+                if [[ $(tail -n1 "${SECRETFILE}" | wc -l) != 0 ]]; then
+                    echo "[env-init] Your secret: ${FILENAME##*/}"
+                    echo "           contains a trailing newline and may not work as expected"
+                fi
+                cat "${SECRETFILE}" >"${FILESTRIP}"
+                echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
+            else
+                echo "[env-init] cannot find secret in ${FILENAME##*/}"
+            fi
+    done
+fi

root/etc/s6-overlay/s6-rc.d/init-envfile/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-envfile/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-envfile/run

root/etc/s6-overlay/s6-rc.d/init-folders/run

@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# make folders
+mkdir -p \
+    /config/{keys,php,www} \
+    /config/log/{nginx,php} \
+    /config/nginx/site-confs \
+    /run \
+    /var/lib/nginx/tmp/client_body \
+    /var/tmp/nginx

root/etc/s6-overlay/s6-rc.d/init-folders/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-folders/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-folders/run

root/etc/s6-overlay/s6-rc.d/init-keygen/run

@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# #
+#   @project        thetvapp-docker
+#   @about          Manages self-signed ssl certificates
+#   @file           /root/etc/s6-overlay/s6-rc.d/init-keygen/run
+#   @repo           https://github.com/Aetherinox/thetvapp-docker
+# #
+
+SUBJECT="/C=US/ST=CA/L=NA/O=thetvapp-docker/OU=Aetherinox TheTvApp/CN=*"
+if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
+    echo -e " SSL          : Using existing keys found in /config/keys"
+else
+    echo -e " SSL          : Generating self-signed keys in folder/config/keys. Replace if needed."
+    rm -f \
+        /config/keys/cert.key \
+        /config/keys/cert.crt || true
+    openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
+fi

root/etc/s6-overlay/s6-rc.d/init-keygen/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-keygen/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-keygen/run

root/etc/s6-overlay/s6-rc.d/init-migrations/run

@@ -0,0 +1,39 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+MIGRATIONS_DIR="/migrations"
+MIGRATIONS_HISTORY="/config/.migrations"
+
+echo -e " Migrations   : Started"
+
+if [[ ! -d ${MIGRATIONS_DIR} ]]; then
+    echo -e " Migrations   : No migrations found"
+    exit
+fi
+
+for MIGRATION in $(find ${MIGRATIONS_DIR}/* | sort -n); do
+    NAME="$(basename "${MIGRATION}")"
+    if [[ -f ${MIGRATIONS_HISTORY} ]] && grep -Fxq "${NAME}" ${MIGRATIONS_HISTORY}; then
+        echo -e " Migrations   : ${NAME} › Skipped"
+        continue
+    fi
+
+    echo -e " Migrations   : ${NAME} › Executing"
+    chmod +x "${MIGRATION}"
+
+    # #
+    #   Execute migration script in a subshell to prevent it from modifying the current environment
+    # #
+
+    ("${MIGRATION}")
+    EXIT_CODE=$?
+    if [[ ${EXIT_CODE} -ne 0 ]]; then
+        echo -e " Migrations   : ${NAME} › Failed with exit code ${EXIT_CODE}"
+        exit "${EXIT_CODE}"
+    fi
+
+    echo "${NAME}" >>${MIGRATIONS_HISTORY}
+    echo -e " Migrations   : ${NAME} › Success"
+done
+
+echo -e " Migrations   : Complete"

root/etc/s6-overlay/s6-rc.d/init-migrations/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-migrations/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-migrations/run

root/etc/s6-overlay/s6-rc.d/init-mods-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-mods-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the mod init process

root/etc/s6-overlay/s6-rc.d/init-mods-package-install/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-mods-package-install/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-mods-package-install/run

root/etc/s6-overlay/s6-rc.d/init-nginx-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-nginx-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the nginx base init process

root/etc/s6-overlay/s6-rc.d/init-nginx/run

@@ -0,0 +1,108 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# #
+#   precreate log files
+# #
+
+for file in /config/log/nginx/access.log /config/log/nginx/error.log; do
+    if [[ ! -f "${file}" ]]; then
+        touch "${file}"
+    fi
+done
+
+# #
+#   copy default config files if they don't exist
+# #
+
+if [[ ! -f /config/nginx/nginx.conf ]]; then
+    cp /defaults/nginx/nginx.conf.sample /config/nginx/nginx.conf
+fi
+
+if [[ ! -f /config/nginx/ssl.conf ]]; then
+    cp /defaults/nginx/ssl.conf.sample /config/nginx/ssl.conf
+fi
+
+if [[ ! -f /config/nginx/site-confs/default.conf ]]; then
+    cp /defaults/nginx/site-confs/default.conf.sample /config/nginx/site-confs/default.conf
+fi
+
+# #
+#   force nginx.conf to include site-confs/*.conf instead of site-confs/*
+# #
+
+sed -i -E "s#^(\s*)include /config/nginx/site-confs/\*;#\1include /config/nginx/site-confs/\*.conf;#" /config/nginx/nginx.conf
+
+# #
+#   copy index.html if no index file exists
+# #
+
+INDEX_EXISTS=false
+for file in /config/www/index.*; do
+    if [[ -e "${file}" ]]; then
+        INDEX_EXISTS=true
+        break
+    fi
+done
+
+THEME_EXISTS=false
+for file in /config/www/theme/*; do
+    if [[ -e "${file}" ]]; then
+        THEME_EXISTS=true
+        break
+    fi
+done
+
+# dont add an index, we want fancy indexing
+# if [[ ${INDEX_EXISTS} == false ]] && grep -Eq '^\s*index[^#]*index\.html' /config/nginx/**/*.conf; then
+#     cp /defaults/www/index.html /config/www/index.html
+# fi
+
+if [[ ${THEME_EXISTS} == false ]]; then
+    cp -r /defaults/www/theme /config/www/
+fi
+
+# #
+#   copy pre-generated dhparams or generate if needed
+# #
+
+if [[ ! -f /config/nginx/dhparams.pem ]]; then
+    cp /defaults/nginx/dhparams.pem /config/nginx/dhparams.pem
+fi
+
+if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
+    curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
+fi
+
+# #
+#   Set resolver, ignore ipv6 addresses
+# #
+
+touch /config/nginx/resolver.conf
+if ! grep -q 'resolver' /config/nginx/resolver.conf; then
+    RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
+    for i in ${RESOLVERRAW}; do
+        if [[ "$(awk -F ':' '{print NF-1}' <<<"${i}")" -le 2 ]]; then
+            RESOLVER="${RESOLVER} ${i}"
+        fi
+    done
+
+    if [[ -z "${RESOLVER}" ]]; then
+        RESOLVER="127.0.0.11"
+    fi
+
+    echo "[ Resolver ]: Setting to ${RESOLVER}"
+    RESOLVEROUTPUT="# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;"
+    echo -e "${RESOLVEROUTPUT}" >/config/nginx/resolver.conf
+fi
+
+# #
+#   Set worker_processes
+# #
+
+touch /config/nginx/worker_processes.conf
+if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
+    WORKER_PROCESSES=$(nproc)
+    echo "[ Worker   ]: Setting worker_processes to ${WORKER_PROCESSES}"
+    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" >/config/nginx/worker_processes.conf
+fi

root/etc/s6-overlay/s6-rc.d/init-nginx/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-nginx/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run

root/etc/s6-overlay/s6-rc.d/init-os-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-os-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the mod init process

root/etc/s6-overlay/s6-rc.d/init-permissions/run

@@ -0,0 +1,25 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# permissions
+lsiown -R abc:abc \
+    /var/lib/nginx \
+    /var/tmp/nginx
+
+lsiown -R abc:abc \
+    /config/keys \
+    /config/log \
+    /config/nginx \
+    /config/php
+
+lsiown abc:abc \
+    /config/www
+
+chmod -R g+w \
+    /config/nginx
+
+chmod -R 644 /etc/logrotate.d
+
+if [[ -f "/config/log/logrotate.status" ]]; then
+    chmod 600 /config/log/logrotate.status
+fi

root/etc/s6-overlay/s6-rc.d/init-permissions/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-permissions/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permissions/run

root/etc/s6-overlay/s6-rc.d/init-php/run

@@ -0,0 +1,28 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# precreate log files
+if [[ ! -f /config/log/php/error.log ]]; then
+    touch /config/log/php/error.log
+fi
+
+# set default timezone
+printf "date.timezone = %s\\n" "${TZ:-UTC}" >/etc/php83/conf.d/30_timezone.ini
+
+# create local php.ini if it doesn't exist, set local timezone
+if [[ ! -f /config/php/php-local.ini ]]; then
+    printf "; Edit this file to override php.ini directives\\n\\n" >/config/php/php-local.ini
+fi
+
+# symlink user php-local.ini to image
+rm -rf /etc/php83/conf.d/php-local.ini
+rm -rf /etc/php83/conf.d/zzz_php-local.ini
+ln -s /config/php/php-local.ini /etc/php83/conf.d/zzz_php-local.ini
+
+# create override for www.conf if it doesn't exist
+if [[ ! -f /config/php/www2.conf ]]; then
+    printf "; Edit this file to override www.conf and php-fpm.conf directives and restart the container\\n\\n; Pool name\\n[www]\\n\\n" >/config/php/www2.conf
+fi
+
+# copy user www2.conf to image
+cp /config/php/www2.conf /etc/php83/php-fpm.d/www2.conf

root/etc/s6-overlay/s6-rc.d/init-php/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-php/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-php/run

root/etc/s6-overlay/s6-rc.d/init-samples/run

@@ -0,0 +1,28 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# #
+#   @project        thetvapp-docker
+#   @about          Manages sample files such as nginx
+#   @file           /root/etc/s6-overlay/s6-rc.d/init-samples/run
+#   @repo           https://github.com/Aetherinox/thetvapp-docker
+# #
+
+# remove old samples
+find /config/nginx/ \
+    -name "*.conf.sample" \
+    -type f \
+    -delete
+
+# copy new samples
+find /defaults/nginx/ \
+    -maxdepth 3 \
+    -name "*.conf.sample" \
+    -type f \
+    -exec cp "{}" /config/nginx/ \;
+
+find /defaults/nginx/site-confs/ \
+    -maxdepth 1 \
+    -name "*.conf.sample" \
+    -type f \
+    -exec cp "{}" /config/nginx/site-confs/ \;

root/etc/s6-overlay/s6-rc.d/init-samples/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-samples/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-samples/run

root/etc/s6-overlay/s6-rc.d/init-services/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-services/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it just signals that services can start

root/etc/s6-overlay/s6-rc.d/init-version-checks/run

@@ -0,0 +1,36 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# detect nginx configs with dates not matching the provided sample files
+active_confs=$(find /config/nginx/ -name "*.conf" -type f 2>/dev/null)
+
+for i in ${active_confs}; do
+    if [ -f "${i}.sample" ]; then
+        if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}")" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample")" ]; then
+            active_confs_changed="│ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}" | tr / -)") │ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample" | tr / -)") │ $(printf '%-70s' "${i}") │\n${active_confs_changed}"
+        fi
+    fi
+done
+
+if [ -n "${active_confs_changed}" ]; then
+    echo "**** The following active confs have different version dates than the samples that are shipped. ****"
+    echo "**** This may be due to user customization or an update to the samples. ****"
+    echo "**** You should compare the following files to the samples in the same folder and update them. ****"
+    echo "**** Use the link at the top of the file to view the changelog. ****"
+    echo "┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐"
+    echo "│  old date  │  new date  │ path                                                                   │"
+    echo "├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤"
+    echo -e "${active_confs_changed%%\\n}"
+    echo "└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘"
+fi
+
+# detect site-confs with wrong extension
+site_confs_wrong_ext=$(find /config/nginx/site-confs/ -type f -not -name "*.conf" -not -name "*.conf.sample" 2>/dev/null)
+
+if [ -n "${site_confs_wrong_ext}" ]; then
+    echo "**** The following site-confs have extensions other than .conf ****"
+    echo "**** This may be due to user customization. ****"
+    echo "**** You should review the files and rename them to use the .conf extension or remove them. ****"
+    echo "**** nginx.conf will only include site-confs with the .conf extension. ****"
+    echo -e "${site_confs_wrong_ext}"
+fi

root/etc/s6-overlay/s6-rc.d/init-version-checks/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-version-checks/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-version-checks/run

root/etc/s6-overlay/s6-rc.d/svc-cron/run

@@ -0,0 +1,15 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if builtin command -v crontab >/dev/null 2>&1 && [[ -n "$(crontab -l -u abc 2>/dev/null || true)" || -n "$(crontab -l -u root 2>/dev/null || true)" ]]; then
+    if builtin command -v busybox >/dev/null 2>&1 && [[ $(busybox || true) =~ [[:space:]](crond)([,]|$) ]]; then
+        exec busybox crond -f -S -l 5
+    elif [[ -f /usr/bin/apt ]] && [[ -f /usr/sbin/cron ]]; then
+        exec /usr/sbin/cron -f -L 5
+    else
+        echo "**** cron not found ****"
+        sleep infinity
+    fi
+else
+    sleep infinity
+fi

root/etc/s6-overlay/s6-rc.d/svc-cron/type

@@ -0,0 +1 @@
+longrun

root/etc/s6-overlay/s6-rc.d/svc-nginx/run

@@ -0,0 +1,16 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if pgrep -f "[n]ginx:" >/dev/null; then
+    echo "Zombie nginx processes detected, sending SIGTERM"
+    pkill -ef [n]ginx:
+    sleep 1
+fi
+
+if pgrep -f "[n]ginx:" >/dev/null; then
+    echo "Zombie nginx processes still active, sending SIGKILL"
+    pkill -9 -ef [n]ginx:
+    sleep 1
+fi
+
+exec /usr/sbin/nginx

root/etc/s6-overlay/s6-rc.d/svc-nginx/type

@@ -0,0 +1 @@
+longrun

root/etc/s6-overlay/s6-rc.d/svc-php-fpm/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+exec /usr/sbin/php-fpm83 -F

root/etc/s6-overlay/s6-rc.d/svc-php-fpm/type

@@ -0,0 +1 @@
+longrun