migration: apoc
This commit is contained in:
		
							parent
							
								
									cbcaa180b3
								
							
						
					
					
						commit
						2de847f6f9
					
				
					 19 changed files with 314 additions and 0 deletions
				
			
		
							
								
								
									
										1
									
								
								servers/apoc/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								servers/apoc/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | |||
| server configuration for `apoc`. | ||||
							
								
								
									
										1
									
								
								servers/apoc/docker-compose.d/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								servers/apoc/docker-compose.d/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | |||
| This folder houses all docker-compose files | ||||
							
								
								
									
										13
									
								
								servers/apoc/docker-compose.d/custom/nginx/Dockerfile
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								servers/apoc/docker-compose.d/custom/nginx/Dockerfile
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,13 @@ | |||
| FROM nginx:alpine | ||||
| 
 | ||||
| RUN apk add \ | ||||
|     certbot \ | ||||
|     certbot-nginx | ||||
| 
 | ||||
| COPY content /usr/share/nginx/html | ||||
| COPY conf.d/ /etc/nginx/conf.d/ | ||||
| COPY nginx.conf /etc/nginx/nginx.conf | ||||
| 
 | ||||
| COPY entrypoint.sh /entrypoint | ||||
| ENTRYPOINT [ "sh", "/entrypoint" ] | ||||
| CMD [ "nginx", "-g", "daemon off;" ] | ||||
|  | @ -0,0 +1,17 @@ | |||
| server { | ||||
|     listen 80; | ||||
|     server_name apoc.ixvd.net; | ||||
| 
 | ||||
|     # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically! | ||||
| 
 | ||||
|     # default html page | ||||
|     location / { | ||||
|         root /usr/share/nginx/html; | ||||
|         index index.html index.htm; | ||||
|     } | ||||
| 
 | ||||
|     error_page   500 502 503 504  /50x.html; | ||||
|     location = /50x.html { | ||||
|         root /usr/share/nginx/html; | ||||
|     } | ||||
| } | ||||
							
								
								
									
										15
									
								
								servers/apoc/docker-compose.d/custom/nginx/conf.d/git.conf
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								servers/apoc/docker-compose.d/custom/nginx/conf.d/git.conf
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | |||
| server { | ||||
|     listen 80; | ||||
|     server_name git.ixvd.net; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_pass http://git:3000; | ||||
|         proxy_set_header Connection $http_connection; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_set_header X-Real-IP $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|         proxy_set_header X-Forwarded-Proto $scheme; | ||||
|         client_max_body_size 0; | ||||
|     } | ||||
| } | ||||
|  | @ -0,0 +1,20 @@ | |||
| server { | ||||
|     listen 80; | ||||
|     server_name my.ixvd.net; | ||||
| 
 | ||||
|     set_real_ip_from 0.0.0.0/0; | ||||
|     real_ip_header X-Real-IP; | ||||
|     real_ip_recursive on; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_pass http://keycloak; | ||||
| 
 | ||||
|         proxy_redirect off; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_set_header X-Real-IP $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header X-Forwarded-Proto $scheme; | ||||
|         proxy_set_header X-Forwarded-Port 443; | ||||
|     } | ||||
| 
 | ||||
| }; | ||||
|  | @ -0,0 +1,8 @@ | |||
| server { | ||||
|     listen 80; | ||||
|     server_name mail.ixvd.net; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_pass http://rainloop:8888$request_uri; | ||||
|     } | ||||
| } | ||||
|  | @ -0,0 +1,23 @@ | |||
| <!DOCTYPE html> | ||||
| <html> | ||||
| 
 | ||||
| <head> | ||||
|     <title>Welcome to nginx!</title> | ||||
|     <style> | ||||
|         html { | ||||
|             color-scheme: light dark; | ||||
|         } | ||||
| 
 | ||||
|         body { | ||||
|             width: 35em; | ||||
|             margin: 0 auto; | ||||
|             font-family: Tahoma, Verdana, Arial, sans-serif; | ||||
|         } | ||||
|     </style> | ||||
| </head> | ||||
| 
 | ||||
| <body> | ||||
|     <h1>Welcome to apoc!</h1> | ||||
| </body> | ||||
| 
 | ||||
| </html> | ||||
							
								
								
									
										28
									
								
								servers/apoc/docker-compose.d/custom/nginx/entrypoint.sh
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								servers/apoc/docker-compose.d/custom/nginx/entrypoint.sh
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,28 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| trap exit TERM | ||||
| 
 | ||||
| if [ -n "${CERTBOT_DOMAINS}" ]; then | ||||
|     echo "registering..." | ||||
|     if ! certbot show_account; then | ||||
|         certbot register -n \ | ||||
|             --agree-tos \ | ||||
|             -m "${CERTBOT_EMAIL}" | ||||
|     fi | ||||
| 
 | ||||
|     for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do | ||||
|         echo "requesting for $d..." | ||||
|         certbot --nginx -n --keep -d "$d" | ||||
|     done | ||||
| 
 | ||||
|     while :; do | ||||
|         echo "renewing domains..." | ||||
|         certbot --nginx --keep -n renew | ||||
|         sleep 12h & | ||||
|         wait $! | ||||
|     done & | ||||
| else | ||||
|     echo "skipping certbot due to no domains!" | ||||
| fi & | ||||
| 
 | ||||
| exec "$@" | ||||
							
								
								
									
										35
									
								
								servers/apoc/docker-compose.d/custom/nginx/nginx.conf
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								servers/apoc/docker-compose.d/custom/nginx/nginx.conf
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,35 @@ | |||
| 
 | ||||
| user  nginx; | ||||
| worker_processes  auto; | ||||
| 
 | ||||
| error_log  /var/log/nginx/error.log notice; | ||||
| pid        /var/run/nginx.pid; | ||||
| 
 | ||||
| 
 | ||||
| events { | ||||
|     worker_connections  1024; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| http { | ||||
|     include       /etc/nginx/mime.types; | ||||
|     default_type  application/octet-stream; | ||||
| 
 | ||||
|     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' | ||||
|                       '$status $body_bytes_sent "$http_referer" ' | ||||
|                       '"$http_user_agent" "$http_x_forwarded_for"'; | ||||
| 
 | ||||
|     # docker resolver and quad9; | ||||
|     resolver 127.0.0.11 9.9.9.9 ipv6=off; | ||||
| 
 | ||||
|     access_log  /var/log/nginx/access.log  main; | ||||
| 
 | ||||
|     sendfile        on; | ||||
|     #tcp_nopush     on; | ||||
| 
 | ||||
|     keepalive_timeout  65; | ||||
| 
 | ||||
|     #gzip  on; | ||||
| 
 | ||||
|     include /etc/nginx/conf.d/*.conf; | ||||
| } | ||||
							
								
								
									
										34
									
								
								servers/apoc/docker-compose.d/docker-compose.dms.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								servers/apoc/docker-compose.d/docker-compose.dms.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,34 @@ | |||
| version: '2.2' | ||||
| 
 | ||||
| services: | ||||
|   mailserver: | ||||
|     image: ghcr.io/docker-mailserver/docker-mailserver:latest | ||||
|     container_name: mailserver | ||||
|     # Provide the FQDN of your mail server here (Your DNS MX record should point to this value) | ||||
|     hostname: mail.ixvd.net | ||||
|     env_file: ../../env/mailserver.env | ||||
|     # More information about the mail-server ports: | ||||
|     # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/ | ||||
|     # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks. | ||||
|     ports: | ||||
|       - "25:25"    # SMTP  (explicit TLS => STARTTLS) | ||||
|       - "143:143"  # IMAP4 (explicit TLS => STARTTLS) | ||||
|       - "465:465"  # ESMTP (implicit TLS) | ||||
|       - "587:587"  # ESMTP (explicit TLS => STARTTLS) | ||||
|       - "993:993"  # IMAP4 (implicit TLS) | ||||
|     volumes: | ||||
|       - /srv/mailserver/data:/var/mail/ | ||||
|       - /srv/mailserver/config:/tmp/docker-mailserver/ | ||||
|       - /srv/mailserver/other/state:/var/mail-state/ | ||||
|       - /srv/mailserver/other/log/:/var/log/mail/ | ||||
|       - /etc/localtime:/etc/localtime:ro | ||||
|       - /srv/certbot/data/live/mail.ixvd.net:/etc/letsencrypt/live/mail.ixvd.net | ||||
|     restart: always | ||||
|     stop_grace_period: 1m | ||||
|     # Uncomment if using `ENABLE_FAIL2BAN=1`: | ||||
|     # cap_add: | ||||
|     #   - NET_ADMIN | ||||
|     healthcheck: | ||||
|       test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1" | ||||
|       timeout: 3s | ||||
|       retries: 0 | ||||
							
								
								
									
										19
									
								
								servers/apoc/docker-compose.d/docker-compose.git.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								servers/apoc/docker-compose.d/docker-compose.git.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,19 @@ | |||
| version: '2.2' | ||||
| services: | ||||
|   git: | ||||
|     image: codeberg.org/forgejo/forgejo:1.20 | ||||
|     container_name: git # IMPORTANT FOR SSH | ||||
|     restart: always | ||||
|     privileged: true | ||||
|     environment: | ||||
|       USER_UID: 1000 | ||||
|       USER_GID: 1002 | ||||
|     volumes: | ||||
|       - /srv/gitea/data:/data/git | ||||
|       - /srv/gitea/config:/data/gitea | ||||
|       - /srv/gitea/other/ssh:/data/ssh | ||||
|       - /etc/timezone:/etc/timezone:ro | ||||
|       - /etc/localtime:/etc/localtime:ro | ||||
|     networks: | ||||
|       - proxy | ||||
|       - internal | ||||
							
								
								
									
										36
									
								
								servers/apoc/docker-compose.d/docker-compose.keycloak.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								servers/apoc/docker-compose.d/docker-compose.keycloak.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,36 @@ | |||
| version: '2.2' | ||||
| 
 | ||||
| services: | ||||
|   keycloak: | ||||
|     build: custom/keycloak | ||||
|     command: start --optimized | ||||
|     env_file: | ||||
|       - /etc/ixvd/secrets/env/keycloak.env | ||||
|     depends_on: | ||||
|       - kcdb | ||||
|     environment: | ||||
|       KC_HOSTNAME: my.ixvd.net | ||||
|       KC_PROXY: edge | ||||
|       KC_HTTP_ENABLED: "true" | ||||
|       KC_HTTP_PORT: "80" | ||||
|       KC_DB: postgres | ||||
|       KC_DB_URL: jdbc:postgresql://kcdb:5432/keycloak | ||||
|       KC_DB_USERNAME: keycloak | ||||
|       KC_DB_PASSWORD: keycloak | ||||
|     networks: | ||||
|       - proxy | ||||
|       - keycloak | ||||
| 
 | ||||
|   kcdb: | ||||
|     image: postgres:16 | ||||
|     environment: | ||||
|       POSTGRES_USER: keycloak | ||||
|       POSTGRES_PASSWORD: keycloak | ||||
|       POSTGRES_DB: keycloak | ||||
|     volumes: | ||||
|       - /srv/keycloak/other/database:/var/lib/postgresql/data | ||||
|     networks: | ||||
|       - keycloak | ||||
| 
 | ||||
| networks: | ||||
|   keycloak: | ||||
							
								
								
									
										19
									
								
								servers/apoc/docker-compose.d/docker-compose.rainloop.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								servers/apoc/docker-compose.d/docker-compose.rainloop.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,19 @@ | |||
| version: '2.2' | ||||
| 
 | ||||
| services: | ||||
|   rainloop: | ||||
|     image: hardware/rainloop | ||||
|     container_name: rainloop | ||||
|     depends_on: | ||||
|       - mailserver | ||||
|     volumes: | ||||
|       - /srv/rainloop/data:/rainloop/data | ||||
|     networks: | ||||
|       - proxy | ||||
|       - internal | ||||
| 
 | ||||
| networks: | ||||
|   proxy: | ||||
|     external: true | ||||
|   internal: | ||||
|     external: true | ||||
							
								
								
									
										26
									
								
								servers/apoc/docker-compose.d/docker-compose.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								servers/apoc/docker-compose.d/docker-compose.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,26 @@ | |||
| # I'm very comfortable in this version, therefore it's the standard | ||||
| version: '2.2' | ||||
| 
 | ||||
| services: | ||||
|   # default nginx setup | ||||
|   nginx: | ||||
|     build: custom/nginx | ||||
|     environment: | ||||
|       CERTBOT_EMAIL: "webmaster@ixvd.net" | ||||
|       CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net" | ||||
|     volumes: | ||||
|       - /srv/certbot/data:/etc/letsencrypt | ||||
|       - /srv/certbot/other/www:/var/www/certbot | ||||
|     ports: | ||||
|       - 80:80 | ||||
|       - 443:443 | ||||
|     networks: | ||||
|       - proxy | ||||
| 
 | ||||
| # Here the default networks are defined | ||||
| networks: | ||||
|   proxy: | ||||
|     external: true | ||||
|   internal: | ||||
|     external: true | ||||
|    | ||||
							
								
								
									
										7
									
								
								servers/apoc/setup.d/00-setup-git.sh
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								servers/apoc/setup.d/00-setup-git.sh
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,7 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| if ! getent passwd git &>/dev/null; then | ||||
|     echo "creating git user..." | ||||
|     useradd -m git | ||||
|     usermod git -aG docker | ||||
| fi | ||||
							
								
								
									
										7
									
								
								servers/apoc/setup.d/10-apply-skel.sh
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								servers/apoc/setup.d/10-apply-skel.sh
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,7 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| echo "applying skel..." | ||||
| cp -r skel/. / | ||||
| 
 | ||||
| echo "ensuring /home/git/docker-shell a+x..." | ||||
| chmod a+x /home/git/docker-shell | ||||
							
								
								
									
										3
									
								
								servers/apoc/skel/etc/ssh/sshd_config.d/git.conf
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								servers/apoc/skel/etc/ssh/sshd_config.d/git.conf
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,3 @@ | |||
| Match User git | ||||
|   AuthorizedKeysCommandUser git | ||||
|   AuthorizedKeysCommand /usr/bin/docker exec -i git /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k  | ||||
							
								
								
									
										2
									
								
								servers/apoc/skel/home/git/docker-shell
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								servers/apoc/skel/home/git/docker-shell
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | |||
| #!/bin/sh | ||||
| /usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@" | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue