Add nginx to apparmor

3dprinter-octoprint/apparmor.txt

@@ -27,31 +27,35 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
   # Access to options.json and other files within your addon
   /data/** rw,
 
+  # nginx
+  /var/lib/nginx/** ix,
+  /var/log/nginx/** rw,
+
   # Start new profile for service
   # /usr/bin/my_program cx -> my_program,
 
-  profile my_program flags=(attach_disconnected,mediate_deleted) {
-    #include <abstractions/base>
-
-    # Receive signals from S6-Overlay
-    signal (receive) peer=*_example,
-
-    # Access to options.json and other files within your addon
-    /data/** rw,
-
-    # Access to mapped volumes specified in config.json
-    /share/** rw,
-
-    # Access required for service functionality
-    # Note: List was built by doing the following:
-    # 1. Add what is obviously needed based on what is in the script
-    # 2. Add `complain` as a flag to this profile temporarily and run the addon
-    # 3. Review the audit log with `journalctl _TRANSPORT="audit" -g 'apparmor="ALLOWED"'` and add other access as needed
-    # Remember to remove the `complain` flag when you are done
-    # /usr/bin/my_program r,
-    /bin/bash rix,
-    /bin/echo ix,
-    /etc/passwd r,
-    /dev/tty rw,
-  }
+  # profile my_program flags=(attach_disconnected,mediate_deleted) {
+  #   #include <abstractions/base>
+  # 
+  #   # Receive signals from S6-Overlay
+  #   signal (receive) peer=*_example,
+  # 
+  #   # Access to options.json and other files within your addon
+  #   /data/** rw,
+  # 
+  #   # Access to mapped volumes specified in config.json
+  #   /share/** rw,
+  # 
+  #   # Access required for service functionality
+  #   # Note: List was built by doing the following:
+  #   # 1. Add what is obviously needed based on what is in the script
+  #   # 2. Add `complain` as a flag to this profile temporarily and run the addon
+  #   # 3. Review the audit log with `journalctl _TRANSPORT="audit" -g 'apparmor="ALLOWED"'` and add other access as needed
+  #   # Remember to remove the `complain` flag when you are done
+  #   # /usr/bin/my_program r,
+  #   /bin/bash rix,
+  #   /bin/echo ix,
+  #   /etc/passwd r,
+  #   /dev/tty rw,
+  # }
 }

3dprinter-octoprint/config.yaml

@@ -1,5 +1,5 @@
 name: "3DPrinter-OctoPrint"
-version: "2022.6.022"
+version: "2022.6.023"
 slug: "3dprinter-octoprint"
 description: "New instance of OctoPrint"
 url: "https://github.com/fredrikbaberg/home-assistant-addons/tree/main/3dprinter-octoprint"

3dprinter-octoprint/rootfs/etc/services.d/nginx/finish

@@ -1,6 +1,6 @@
 #!/usr/bin/env bashio
 # ==============================================================================
-# Take down the S6 supervision tree when example fails
+# Take down the S6 supervision tree when proxy fails
 # s6-overlay docs: https://github.com/just-containers/s6-overlay
 # ==============================================================================
 

3dprinter-octoprint/rootfs/etc/services.d/octoprint/finish

@@ -1,6 +1,6 @@
 #!/usr/bin/env bashio
 # ==============================================================================
-# Take down the S6 supervision tree when example fails
+# Take down the S6 supervision tree when octoprint fails
 # s6-overlay docs: https://github.com/just-containers/s6-overlay
 # ==============================================================================