DEV Community: BinaryPatrick

Restart Unhealthy Docker Containers Automatically

BinaryPatrick — Sat, 19 Jul 2025 02:23:01 +0000

When using docker compose, I recently got into adding health checks for my containers. This helps a lot with startup, especially with dependednt containers, but I was under the impression if I had something like restart: always or restart: unless-stopped, it would automatically try and restart my container. That's just not the case so I looked for something that might.

The Watchtower Approach

There is a container you can user to monitor the other running containers and restart them if they are unhealthy. It's called autoheal by a dev named Will Farrell (no relation?). The only issue is that running a container to make sure my other containers are running seems a little like asking the kids to watch each other, and also, and maybe more importantly, I don't know Will, and his project isn't marked official. Other than a bunch of stars, like most OSS projects, you just never know what you're running of who it's coming from. It's kind of the catch 22 of open source, but when giving something access to the docker socket, I just want to be careful, so I decided to do something different.

Stack Overflow

The next bit of inspiration came from a stack overflow post. It's a bit down the page and not marked as "the answer" but it's like a gem in the ruff.

docker ps -q -f health=unhealthy | xargs --no-run-if-empty docker restart

Between the answer and the comments, there it is, exactly what I needed. Basically get the unhealthy container IDs and pipe them into a docker restart. The answer recomended cron, but that would have been too easy. Instead I made a systemd unit.

Service and Timer

Added to /home/${USER}/.config/systemd/user, I created my two systemd unit files. One is the server, and the second is a timer to trigger it. I also created a bash script file for the service to run. Three files for what could have been a single line in crontab, but hey, this is the right way, right?

mkdir -p /home/${USER}/.config/systemd/user
cd /home/${USER}/.config/systemd/user

cat <<EOF > restart-unhealthy.service
[Unit]
Description=Restart unhealthy docker containers
After=docker.service
Wants=docker.service

[Service]
Type=oneshot
ExecStart=/home/${USER}/.config/systemd/user/restart-unhealthy.sh
EOF

cat <<EOF > restart-unhealthy.timer
[Unit]
Description=Run docker unhealthy restart every 5 minutes
Requires=restart-unhealthy.service
After=docker.service
Wants=docker.service

[Timer]
OnCalendar=*:0/5
Persistent=true

[Install]
WantedBy=timers.target
EOF

cat <<EOF > restart-unhealthy.sh
#!/bin/bash
docker ps -q -f health=unhealthy | xargs --no-run-if-empty docker restart
EOF

chmod +x restart-unhealthy.sh

Now we can register everything and start the service timer.

systemctl --user daemon-reload
systemctl --user enable restart-unhealthy.timer
systemctl --user start restart-unhealthy.timer

Script

To make this easy, I created a gist that can be run from a script.

Always inspect the code that will be running on your machines. Just like I don't know Will, you don't know me.

curl -s https://gist.githubusercontent.com/binarypatrick/d4faffc2807c1e68ddf1229acb057582/raw | bash

Using Prune to Manage Backups

BinaryPatrick — Tue, 04 Jul 2023 03:55:23 +0000

Originally posted to binarypatrick.dev

Often times when using a tool like rsync to make backups you end up with lots of archives, and no way to keep them managed over time without a manual process. Prune is a simple tool that lets you remove prune archives in a folder, deleting any archives not matching the specified retention options. Any file type can be an archive and prune allows you to specify which files are in scope to be pruned.

https://github.com/BinaryPatrick/Prune

Install

To install Prune you can go to the releases page and download the latest release for your environment. You can also just clone the repo and compile it yourself with the steps in the readme. If you are running Linux on x64 you can also run the following commands to download and install Prune.

Don't just take my word for it. Always inspect the code that will be running on your machines, especially from an untrusted and unsigned source.

curl -s -o prune-install-linux-x64.sh https://raw.githubusercontent.com/BinaryPatrick/Prune/main/scripts/install-linux-x64.sh
chmod +x prune-install-linux-x64.sh
sudo ./prune-install-linux-x64.sh
rm prune-install-linux-x64.sh

Usage

Once it's installed, you should be able to run prune simply by typing in prune, but don't. Prune is designed to delete things, and you should always run it with --dry-run and --verbose until you're certain what will be pruned.

To use prune, you will need to provide a pruning path and some retention value. Keep in mind prune is not recursive, so it will only purge files directly in the path you give. Prune also uses last modified date, not created date to evaluate what files to keep and prune. This allows for incremental backups with updates to be properly evaluated. You must specify some level of retention for prune to run.

prune --path /home/patrick/test/ --keep-last 10 --dry-run --verbose

Example output:

You can also provide more file filtering using --prefix and --ext.

prune --path /home/patrick/test/ --keep-last 10 --prefix backup_ --ext tar.gz --dry-run --verbose

Finally you can scope in the exact retention you want using the different retention interval filters.

prune --path /home/patrick/test/ --keep-daily 7 --keep-weekly 2 --dry-run --verbose

So far I have tested this with Debian 12 and Raspbian and it runs great.

Happy pruning!

Bitwarden Automated Backup

BinaryPatrick — Tue, 27 Jun 2023 02:06:00 +0000

Crossposted from binarypatrick.dev

Introduction

The purpose of this backup process arose from a moment when I broke my phone. My phone was my lone source of MFA/2FA codes via the authenticator app, and I genuinely felt terror that I would be locked out of my Bitwarden account. After getting the phone working enough to log in and transfer my 2FA seed to another device, I decided to create this script to have a backup of my passwords locally.

Key requirements for this script are:

Key	Reasoning
Secure	The script must run securely and its resulting output must also be secure
Testable	An untested backup is not a backup
Automatic	It should ideally run without human intervention, rain or shine

Prerequisites

You will need unzip and cron simply to install the Bitwarden CLI.

sudo apt install unzip cron -y

Installing the Bitwarden CLI

Unfortunately it does not exist in the distro repo or flatpak. Though it is in snap, if you are interested in such things. I installed it manually through a handy script I wrote. It will make updating it manually later a bit easier it at least. Either way the CLI binary will need to be somewhere we can run it.

curl -L -o bw.zip "https://vault.bitwarden.com/download/?platform=linux&app=cli"
unzip bw.zip
sudo mv ./bw /usr/local/bin
rm bw.zip

Bitwarden User

Before we begin we will need to create a new user for running the script. This user will securely store the environment variables as well. Unfortunately even though we have the API key, Bitwarden still requires your vault password. I assume this is for actually decrypting the vault. To store them securely, I put them in the service user's ~/.bash_profile. This way only that user, and sudoers/root will have access and the job won't need to run as root. Obviously plaintext isn't ideal, but for the script to use it, it must be read somewhere. No amount of encryption would change that. Also note this machine should be isolated on your network from other services.

To create your user run the following:

sudo adduser \
   --system \
   --shell /bin/bash \
   --group \
   --disabled-password \
   --home /home/bitwarden \
   bitwarden

Bitwarden API Credentials

To get your API key log into your Bitwarden web vault. From the user menu in the upper right, go to Account Settings. Then on the left hand menu go to Security, then Keys in the top menu. This should bring you to Encryption Key Settings and at the bottom of the page API Key. Your account will only have one set of client ID/secret. Click View API Key to retrieve it. You'll need these values to add to the .bash_profile along with your vault password.

sudo touch /home/bitwarden/.bash_profile
sudo chmod 600 /home/bitwarden/.bash_profile
sudo nano /home/bitwarden/.bash_profile

export BW_CLIENTID="<your_client_id>"
export BW_CLIENTSECRET="<your_client_secret>"
export BW_PASSWORD="<your_vault_password"
export BW_NOTIFICATION_EMAIL="<your_notification_email_address>"

Setting up the Script

The script needs to be put somewhere the Bitwarden user can read it, and it needs to be set as executable.

REPO_BACKUP_SCRIPT=https://raw.githubusercontent.com/BinaryPatrick/BitwardenBackup/main/backup.sh
sudo curl -L -o /home/bitwarden/backup.sh $REPO_BACKUP_SCRIPT
sudo chown bitwarden /home/bitwarden/backup.sh
sudo chgrp bitwarden /home/bitwarden/backup.sh
sudo chmod 744 /home/bitwarden/backup.sh

The script also includes an email notification if the vault fails to unlock or authentication fails. You'll need to set up postfix to send email.

Adding to `crontab`

Now that the script is in place, we can add it to crontab. We need to do a little hand holding to make sure the crontab environment can see the bw binary, and will use the environment variables we configured. Also notice, our script requires an output directory to run. We'll set this to /home/bitwarden. Feel free to configure this to use a mounted share or something though. Remember the output is encrypted using the vault password so it is relatively safe to have on a restricted file share.

sudo su bitwarden
crontab -e

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
0 0 * * * BASH_ENV=/home/bitwarden/.bash_profile /bin/bash /home/bitwarden/backup.sh /home/bitwarden

Validate Decryption

An untested backup is no backup at all. Make sure to try and decrypt the file that is created using the decryption script once you have a backup. It should create a json file.

REPO_DECRYPTION_SCRIPT=https://raw.githubusercontent.com/BinaryPatrick/BitwardenBackup/main/decrypt.sh
sudo curl -L -o decrypt.sh $REPO_DECRYPTION_SCRIPT
sudo chmod +x decrypt.sh

When you run the script, pass the filename of the file you want to decrypt and you will be prompted for your vault password.

./decrypt.sh bw_export_xxxxxxxxxxxxxxx.enc

Resources

Start a SPA and it's API in one click

BinaryPatrick — Wed, 16 Jun 2021 19:25:43 +0000

I've been using start or jump scripts for a long time to start up my API and SPA at the same time. With project TYE on the horizon, I thought I would share more about my more simplistic, "poor man", implementation.

Notes

It is important to note, a lot of configuration information is specified ahead of time in different files to make this work. For ASP.Net, the ports are configured in the launch.json and for node, proxy information is set up in a proxy.config.json file. Below is a simple example of the proxy config I use most often to route api requests to the ASP.Net port. It is also good to remember both apps are running locally under localhost.

// proxy config
{
  "/api": {
    "target": "http://localhost:5000",
    "secure": false,
    "logLevel": "debug",
    "changeOrigin": false
  }
}

it's also important to declare the script you want node to run in scripts section of your package.json. Typically I use:

"start": "ng serve --proxy-config proxy.config.json"

Humble beginnings

For my first attempt at makin my start script, I created a batch file that started two scripts. One new Powershell window for dotnet watch run and another for npm run start. This had some hiccups initially. The windows would close if the Powershell stopped running, which was problematic for collecting errors. Also the command prompt window would linger. After a few iterations, I was able to solve those problems and landed on this:

cd ./src/api
start powershell.exe -NoExit dotnet watch run
cd ../spa
start powershell.exe -NoExit npm run start

Next evolution

This script worked well from ASP.Net Core 1.3 and Angular 2, all the way through today with .Net 5 and Angular 12. Recently though, I started to dabble in Powershell Core and Windows Terminal which led me to a more efficient approach to starting and managing my scripts.

wt --title "dotnet watch run" -d "./src/api" powershell -noExit "dotnet watch run"; --title "npm run start" -d "./src/spa/" powershell -noExit "npm run start"

With this one line, I can start a Windows Terminal with both scripts running in tabs. This allows me to keep both together and but also manage the window as one unit. The commands are similar, but the tabs are labeled, so I can quickly jump where I need to look. Also, this is far more expandable if I needed to run other startup scripts together in the future.

Originally posted to https://patrickmoore.dev/autostart-api-spa-app/

Adding Build Versions in Angular

BinaryPatrick — Fri, 05 Mar 2021 04:22:25 +0000

Have you ever found yourself wondering which version of an SPA is running when you pull up your site? This was a problem I wanted to answer in my Angular SPA. Utilizing the npm version command in my build pipeline, I was able to include my pipeline build number in my app, significantly decreased troubleshooting time and version confusion.

Some considerations

Keep in mind, your build version numbers will need to be compliant with normalized SEMVER2 to be valid for NPM.

Instructions

Step 1 - Adding node types to Angular

In your tsconfig.app.json file, add node to the types array. If there is not a already types array, add it under compilerOptions in the json root.

{
  "compilerOptions": {
    "types": ["node"]
  }
}

Step 2 - Adding environment variables

Find your environment constant in src/environments. You should see two files, one for prod, environment.prod.ts, and one for not-prod, environment.ts. In production, I keep it simple and add the appVersion variable without any changes.

export const environment = {
  appVersion: require('../../package.json').version,
  production: true,
  base: 'area',
};

In the non-production environment though, I like to add a dev tag.

appVersion: require('../../package.json').version + '--dev';

This helps me remember if I'm in a non production environment, because there is nothing worse than troubleshooting a problem in the wrong environment.

Step 3 - Adding the version to an Angular component

Likewise this is easier than it sounds. Now that the node types and version variable are available, they just need to be accessed and displayed somewhere in the app. I prefer to add this to the bootstrapped component, which is usually AppComponent. This best way I've found to do this is with a host binding.

Note: You do not need to specify prod vs non-prod in your environment import. When Angular builds, it will use the production environment if the --prod build flag is used.

import { Component, HostBinding } from '@angular/core';
import { environment } from 'src/environments/environment';

@Component({
  ...
})
export class AppComponent {
  @HostBinding('attr.app-version') appVersionAttr = environment.appVersion;
}

Step 5 - Adding `npm version` to your pipeline

If your pipeline stack offers automatically created version numbers, just make sure they are compliant with normalized SEMVER2. Once you have add a task in your pipeline to run the npm command

npm version $(build.buildNumber)

The build variable above is for Azure Devops specifically. Your pipeline stack may differ.

Last Thoughts

Now that you've added a version number, build, build, build and check the check your work. You should see an html attribute on whatever html element you added the host binding to. For me it looks like this:

<app-root app-version="3.1.28-master"></app-root>

Originally posted to https://patrickmoore.dev/angular-build-versioning

Machine Learning Tutorial

BinaryPatrick — Tue, 18 Sep 2018 02:55:36 +0000

I've been scouring the internet looking for a good, recent tutorial on machine learning. The type of machine learning I want to do is neural network classification with a spreadsheet's worth of values, similar to predicting bank loan defaults.

Anyone know of any good tutorials, specifically using a recent version of Python 3?

What does good onboarding look like?

BinaryPatrick — Sat, 14 Jul 2018 14:44:46 +0000

On Monday, two new developers start at our company. We only have two developers now, so this is a big increase for us. I've been thinking over the past two weeks what would be the best way to bring these new people into our organization, with our limited culture, and how to grow the culture with them moving forward.

What does a good on onboarding process look like? Are there any specifics it should or should not have?

The best Easter Egg you ever did leave

BinaryPatrick — Sun, 13 May 2018 07:15:28 +0000

Where I work, a developer left an Easter Egg long ago where if you came to our ERP self service dashboard by way of 302 and had an expired SSO cookie, you'd be greeted by a little page saying "Dude, you got no cookie." Luckily it was a rare occurrence, and flew under the radar for a long long time.

Recently I reimplemented that middleware component. Part of the project requirement was removing that message. To keep the spirit of the Easter egg alive though, I have Dude you have no cookie written to the console instead. I feel good about what I've done. I think Easter Eggs in code are an important part of the job.

Does anyone have a story about an Easter Egg they've written or found that was particularly delightful?