ixvd/neb
ixvd/neb
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

migration: apoc

Browse source
This commit is contained in:
Strix 2023-10-20 15:50:35 +02:00
parent cbcaa180b3
commit 2de847f6f9
No known key found for this signature in database
GPG key ID: 49B2E37B8915B774
19 changed files with 314 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
servers/apoc/README.md Normal file
View file

@ -0,0 +1 @@
server configuration for `apoc`.

1
servers/apoc/docker-compose.d/README.md Normal file
View file

@ -0,0 +1 @@
This folder houses all docker-compose files

13
servers/apoc/docker-compose.d/custom/nginx/Dockerfile Normal file
View file

@ -0,0 +1,13 @@
FROM nginx:alpine
RUN apk add \
certbot \
certbot-nginx
COPY content /usr/share/nginx/html
COPY conf.d/ /etc/nginx/conf.d/
COPY nginx.conf /etc/nginx/nginx.conf
COPY entrypoint.sh /entrypoint
ENTRYPOINT [ "sh", "/entrypoint" ]
CMD [ "nginx", "-g", "daemon off;" ]

17
servers/apoc/docker-compose.d/custom/nginx/conf.d/default.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 80;
server_name apoc.ixvd.net;
# SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
# default html page
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

15
servers/apoc/docker-compose.d/custom/nginx/conf.d/git.conf Normal file
View file

@ -0,0 +1,15 @@
server {
listen 80;
server_name git.ixvd.net;
location / {
proxy_pass http://git:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}

20
servers/apoc/docker-compose.d/custom/nginx/conf.d/keycloak.conf Normal file
View file

@ -0,0 +1,20 @@
server {
listen 80;
server_name my.ixvd.net;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
proxy_pass http://keycloak;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
}
};

8
servers/apoc/docker-compose.d/custom/nginx/conf.d/rainloop.conf Normal file
View file

@ -0,0 +1,8 @@
server {
listen 80;
server_name mail.ixvd.net;
location / {
proxy_pass http://rainloop:8888$request_uri;
}
}

23
servers/apoc/docker-compose.d/custom/nginx/content/index.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html {
color-scheme: light dark;
}
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to apoc!</h1>
</body>
</html>

28
servers/apoc/docker-compose.d/custom/nginx/entrypoint.sh Normal file
View file

@ -0,0 +1,28 @@
#!/bin/sh
trap exit TERM
if [ -n "${CERTBOT_DOMAINS}" ]; then
echo "registering..."
if ! certbot show_account; then
certbot register -n \
--agree-tos \
-m "${CERTBOT_EMAIL}"
fi
for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
echo "requesting for $d..."
certbot --nginx -n --keep -d "$d"
done
while :; do
echo "renewing domains..."
certbot --nginx --keep -n renew
sleep 12h &
wait $!
done &
else
echo "skipping certbot due to no domains!"
fi &
exec "$@"

35
servers/apoc/docker-compose.d/custom/nginx/nginx.conf Normal file
View file

@ -0,0 +1,35 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# docker resolver and quad9;
resolver 127.0.0.11 9.9.9.9 ipv6=off;
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

34
servers/apoc/docker-compose.d/docker-compose.dms.yml Normal file
View file

@ -0,0 +1,34 @@
version: '2.2'
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.ixvd.net
env_file: ../../env/mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
# To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- /srv/mailserver/data:/var/mail/
- /srv/mailserver/config:/tmp/docker-mailserver/
- /srv/mailserver/other/state:/var/mail-state/
- /srv/mailserver/other/log/:/var/log/mail/
- /etc/localtime:/etc/localtime:ro
- /srv/certbot/data/live/mail.ixvd.net:/etc/letsencrypt/live/mail.ixvd.net
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
# cap_add:
# - NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0

19
servers/apoc/docker-compose.d/docker-compose.git.yml Normal file
View file

@ -0,0 +1,19 @@
version: '2.2'
services:
git:
image: codeberg.org/forgejo/forgejo:1.20
container_name: git # IMPORTANT FOR SSH
restart: always
privileged: true
environment:
USER_UID: 1000
USER_GID: 1002
volumes:
- /srv/gitea/data:/data/git
- /srv/gitea/config:/data/gitea
- /srv/gitea/other/ssh:/data/ssh
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- proxy
- internal

36
servers/apoc/docker-compose.d/docker-compose.keycloak.yml Normal file
View file

@ -0,0 +1,36 @@
version: '2.2'
services:
keycloak:
build: custom/keycloak
command: start --optimized
env_file:
- /etc/ixvd/secrets/env/keycloak.env
depends_on:
- kcdb
environment:
KC_HOSTNAME: my.ixvd.net
KC_PROXY: edge
KC_HTTP_ENABLED: "true"
KC_HTTP_PORT: "80"
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://kcdb:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
networks:
- proxy
- keycloak
kcdb:
image: postgres:16
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
POSTGRES_DB: keycloak
volumes:
- /srv/keycloak/other/database:/var/lib/postgresql/data
networks:
- keycloak
networks:
keycloak:

19
servers/apoc/docker-compose.d/docker-compose.rainloop.yml Normal file
View file

@ -0,0 +1,19 @@
version: '2.2'
services:
rainloop:
image: hardware/rainloop
container_name: rainloop
depends_on:
- mailserver
volumes:
- /srv/rainloop/data:/rainloop/data
networks:
- proxy
- internal
networks:
proxy:
external: true
internal:
external: true

26
servers/apoc/docker-compose.d/docker-compose.yml Normal file
View file

@ -0,0 +1,26 @@
# I'm very comfortable in this version, therefore it's the standard
version: '2.2'
services:
# default nginx setup
nginx:
build: custom/nginx
environment:
CERTBOT_EMAIL: "webmaster@ixvd.net"
CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net"
volumes:
- /srv/certbot/data:/etc/letsencrypt
- /srv/certbot/other/www:/var/www/certbot
ports:
- 80:80
- 443:443
networks:
- proxy
# Here the default networks are defined
networks:
proxy:
external: true
internal:
external: true

7
servers/apoc/setup.d/00-setup-git.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/sh
if ! getent passwd git &>/dev/null; then
echo "creating git user..."
useradd -m git
usermod git -aG docker
fi

7
servers/apoc/setup.d/10-apply-skel.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/sh
echo "applying skel..."
cp -r skel/. /
echo "ensuring /home/git/docker-shell a+x..."
chmod a+x /home/git/docker-shell

3
servers/apoc/skel/etc/ssh/sshd_config.d/git.conf Normal file
View file

@ -0,0 +1,3 @@
Match User git
AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/bin/docker exec -i git /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k

2
servers/apoc/skel/home/git/docker-shell Normal file
View file

@ -0,0 +1,2 @@
#!/bin/sh
/usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"