migrate: ntfy + gatus

2023-10-20 04:24:09 +02:00 · 2023-10-20 04:24:09 +02:00 · b388105fb0
commit b388105fb0
parent 0a1257b223
16 changed files with 397 additions and 0 deletions
--- a/servers/link/README.md
+++ b/servers/link/README.md
@ -0,0 +1 @@
+server configuration for `link`.
--- a/servers/link/docker-compose.d/README.md
+++ b/servers/link/docker-compose.d/README.md
@ -0,0 +1 @@
+This folder houses all docker-compose files
--- a/servers/link/docker-compose.d/custom/gatus/Dockerfile
+++ b/servers/link/docker-compose.d/custom/gatus/Dockerfile
@ -0,0 +1,3 @@
+FROM twinproduction/gatus:v5.4.0
+
+COPY ./config.yaml /config/config.yaml
--- a/servers/link/docker-compose.d/custom/gatus/config.yaml
+++ b/servers/link/docker-compose.d/custom/gatus/config.yaml
@ -0,0 +1,213 @@
+ui:
+  title: "IXVD - Status Page"
+  header: "IXVD's Status Page"
+  description: "This is the status page for IXVD. Here you can check what's going on!"
+  buttons:
+    - name: Home
+      link: "https://ixvd.net"
+    - name: Issues
+      link: "https://git.ixvd.net/ixvd/hub/issues"
+
+alerting:
+  ntfy:
+    url: "https://push.ixvd.net"
+    topic: "alerts"
+    default-alert:
+      failure-threshold: 3
+      send-on-resolved: true
+
+x-default-endpoint: &default
+  interval: 10m
+  group: misc
+  ui: &default-ui
+    hide-url: true
+  conditions: &default-conditions
+    - "[CONNECTED] == true"
+
+x-http-endpoint: &default-http
+  <<: *default
+  group: http
+  conditions: &default-http-conditions
+    - "[STATUS] == 200"
+
+x-icmp-endpoint: &default-icmp
+    <<: *default
+    group: icmp
+
+endpoints:
+
+  # SERVERS #
+
+  - name: link
+    <<: *default-icmp
+    group: servers
+    url: "icmp://link.ixvd.net"
+
+  - name: keymaker
+    <<: *default-icmp
+    group: servers
+    url: "icmp://keymaker.ixvd.net"
+
+  - name: apoc
+    <<: *default-icmp
+    group: servers
+    url: "icmp://apoc.ixvd.net"
+
+  - name: kid
+    <<: *default-icmp
+    group: servers
+    url: "icmp://kid.ixvd.net"
+
+  - name: mouse
+    <<: *default-icmp
+    group: servers
+    url: "icmp://mouse.ixvd.net"
+
+  # CLOUD #
+
+  - name: cryptpad
+    <<: *default-http
+    group: cloud
+    url: "https://pad.ixvd.net"
+
+  - name: "cryptpad sandbox"
+    <<: *default-http
+    group: cloud
+    url: "https://pad.sandbox.neo.ixvd.net"
+    ui:
+      hide-hostname: true
+
+  - name: microbin
+    <<: *default-http
+    group: cloud
+    url: "https://bin.ixvd.net"
+
+  # DEVOPS #
+
+  - name: gitea
+    <<: *default-http
+    group: devops
+    url: "https://git.ixvd.net"
+
+  - name: woodpecker
+    <<: *default-http
+    group: devops
+    url: "https://ci.ixvd.net"
+
+  - name: grafana
+    <<: *default-http
+    group: devops
+    url: "https://grafana.neo.faulty.nl"
+
+  # UTILS #
+
+  - name: shlink
+    <<: *default
+    group: utils
+    url: "tcp://via.ixvd.net:80"
+
+  - name: ntfy
+    <<: *default-http
+    group: utils
+    url: "https://push.ixvd.net"
+
+  - name: speedtest
+    <<: *default-http
+    group: utils
+    url: "https://neo.ixvd.net"
+
+  - name: searx
+    <<: *default-http
+    group: utils
+    url: "https://search.faulty.nl"
+    ui:
+      hide-hostname: true
+
+  - name: libretranslate
+    <<: *default-http
+    group: utils
+    url: "https://translate.ixvd.net"
+
+  - name: pgadmin
+    <<: *default-http
+    group: utils
+    url: "https://pgadmin.neo.ixvd.net"
+
+  # SOCIAL #
+
+  - name: matrix
+    <<: *default-http
+    group: social
+    url: "https://matrix.neo.ixvd.net/_matrix/client/versions"
+
+  - name: firefish
+    <<: *default-http
+    group: social
+    url: "https://fedi.ixvd.net"
+
+  - name: invidious
+    <<: *default-http
+    group: social
+    url: "https://yt.ixvd.net"
+
+  - name: cinny
+    <<: *default-http
+    group: social
+    url: "https://cinny.neo.ixvd.net"
+
+  # GAMES #
+
+  - name: velocity
+    <<: *default
+    group: games
+    url: "tcp://ixvd.net:25565"
+    ui:
+      hide-url: true
+
+  # AUTH #
+
+  - name: keycloak
+    <<: *default-http
+    group: auth
+    url: "https://my.ixvd.net"
+
+  # internal #
+
+  - name: proxy
+    <<: *default-icmp
+    group: internal
+    url: "icmp://nginx"
+    ui:
+      hide-url: true
+
+  # mail #
+
+  - name: webmail
+    <<: *default-http
+    group: mail
+    url: "https://mail.ixvd.net"
+    ui:
+      hide-hostname: true
+
+  - name: imap
+    <<: *default
+    group: mail
+    url: "tcp://mail.ixvd.net:993"
+    ui:
+      hide-url: true
+
+  - name: smtp
+    <<: *default
+    group: mail
+    url: "tcp://mail.ixvd.net:465"
+    ui:
+      hide-url: true
+
+  # personal #
+
+  - name: home
+    <<: *default-http
+    group: personal
+    url: "https://home.famslof.nl"
+    ui:
+      hide-hostname: true
--- a/servers/link/docker-compose.d/custom/nginx/Dockerfile
+++ b/servers/link/docker-compose.d/custom/nginx/Dockerfile
@ -0,0 +1,13 @@
+FROM nginx:alpine
+
+RUN apk add \
+    certbot \
+    certbot-nginx
+
+COPY content /usr/share/nginx/html
+COPY conf.d/ /etc/nginx/conf.d/
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /entrypoint
+ENTRYPOINT [ "sh", "/entrypoint" ]
+CMD [ "nginx", "-g", "daemon off;" ]
--- a/servers/link/docker-compose.d/custom/nginx/conf.d/default.conf
+++ b/servers/link/docker-compose.d/custom/nginx/conf.d/default.conf
@ -0,0 +1,17 @@
+server {
+    listen 80;
+    server_name link.ixvd.net;
+
+    # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
+
+    # default html page
+    location / {
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+}
--- a/servers/link/docker-compose.d/custom/nginx/conf.d/gatus.conf
+++ b/servers/link/docker-compose.d/custom/nginx/conf.d/gatus.conf
@ -0,0 +1,8 @@
+server {
+    listen 80;
+    server_name s.ixvd.net;
+
+    location / {
+        proxy_pass http://gatus:8080$request_uri;
+    }
+}
--- a/servers/link/docker-compose.d/custom/nginx/conf.d/ntfy.conf
+++ b/servers/link/docker-compose.d/custom/nginx/conf.d/ntfy.conf
@ -0,0 +1,8 @@
+server {
+    listen 80;
+    server_name push.ixvd.net;
+
+    location / {
+        proxy_pass http://ntfy$request_uri;
+    }
+}
--- a/servers/link/docker-compose.d/custom/nginx/content/index.html
+++ b/servers/link/docker-compose.d/custom/nginx/content/index.html
@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Welcome to nginx!</title>
+    <style>
+        html {
+            color-scheme: light dark;
+        }
+
+        body {
+            width: 35em;
+            margin: 0 auto;
+            font-family: Tahoma, Verdana, Arial, sans-serif;
+        }
+    </style>
+</head>
+
+<body>
+    <h1>Welcome to nginx!</h1>
+    <hr/>
+    <span>If you're seeing this, it means the admin was too lazy to remove this page.</span><br/>
+    <span>Expected something here? contact the admin: webmaster@ixvd.net</span>
+</body>
+
+</html>
--- a/servers/link/docker-compose.d/custom/nginx/entrypoint.sh
+++ b/servers/link/docker-compose.d/custom/nginx/entrypoint.sh
@ -0,0 +1,21 @@
+#!/bin/sh
+
+trap exit TERM
+
+if [ -n "${CERTBOT_DOMAINS}" ]; then
+    echo "registering..."
+    certbot --nginx -n --keep --agree-tos \
+        -m "${CERTBOT_EMAIL}" \
+        -d "${CERTBOT_DOMAINS}"
+
+    while :; do
+        echo "renewing domains..."
+        certbot --nginx --keep -n renew
+        sleep 12h &
+        wait $!
+    done &
+else
+    echo "skipping certbot due to no domains!"
+fi &
+
+exec "$@"
--- a/servers/link/docker-compose.d/custom/nginx/nginx.conf
+++ b/servers/link/docker-compose.d/custom/nginx/nginx.conf
@ -0,0 +1,34 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    
+    resolver 127.0.0.11 9.9.9.9 ipv6=off;
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/servers/link/docker-compose.d/custom/ntfy/Dockerfile
+++ b/servers/link/docker-compose.d/custom/ntfy/Dockerfile
@ -0,0 +1,3 @@
+FROM binwiederhier/ntfy
+
+COPY ./server.yml /etc/ntfy/server.yml
--- a/servers/link/docker-compose.d/custom/ntfy/server.yml
+++ b/servers/link/docker-compose.d/custom/ntfy/server.yml
@ -0,0 +1,6 @@
+base-url: "https://push.ixvd.net"
+listen-http: ":80"
+
+auth-file: "/var/cache/ntfy/auth.db"
+cache-file: "/var/cache/ntfy/cache.db"
+attachment-cache-dir: "/var/cache/ntfy/attachments"
--- a/servers/link/docker-compose.d/docker-compose.gatus.yml
+++ b/servers/link/docker-compose.d/docker-compose.gatus.yml
@ -0,0 +1,6 @@
+version: '2.2'
+services:
+  gatus:
+    build: custom/gatus
+    networks:
+      - proxy
--- a/servers/link/docker-compose.d/docker-compose.ntfy.yml
+++ b/servers/link/docker-compose.d/docker-compose.ntfy.yml
@ -0,0 +1,11 @@
+version: '2.2'
+services:
+  ntfy:
+    build: custom/ntfy
+    container_name: ntfy
+    command:
+      - serve
+    volumes:
+      - /srv/ntfy/data:/var/cache/ntfy
+    networks:
+      - proxy
--- a/servers/link/docker-compose.d/docker-compose.yml
+++ b/servers/link/docker-compose.d/docker-compose.yml
@ -0,0 +1,26 @@
+# I'm very comfortable in this version, therefore it's the standard
+version: '2.2'
+
+services:
+  # default nginx setup
+  nginx:
+    build: custom/nginx
+    environment:
+      CERTBOT_EMAIL: "webmaster@ixvd.net"
+      # CERTBOT_DOMAINS: "link.ixvd.net,push.ixvd.net"
+    volumes:
+      - /srv/certbot/data:/etc/letsencrypt
+      - /srv/certbot/other/www:/var/www/certbot
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - proxy
+
+# Here the default networks are defined
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+