diff --git a/alpine-server-install.txt b/alpine-server-install.txt deleted file mode 100755 index 73798f4..0000000 --- a/alpine-server-install.txt +++ /dev/null @@ -1,677 +0,0 @@ -Alpine Linux Musl += (btrfs + gummiboot) >> Eventually - -Installation: -{ - # setup-alpine: >> Will be replaced eventually with manual install with btrfs and gummiboot, instead of default ext4 and grub. - { - \ - } - # reboot - $ doas vim /etc/apk/repositories: - { - > {v3.15/main} - > {v3.15/community} - > #{edge/main} - > #{edge/community} - > #{edge/testing} - } -} -Post install: -{ - # apk add git - # git clone https://git.bijl.us/luc/alpine-server.git - - ups(client): - { - # apk add nut build-base - # gcc alpine-server/config-files/ups.c -o /bin/ups - # gcc alpine-server/config-files/exec-ups.c -o /bin/exec-ups - # vim /etc/init.d/ups: - { - > #!/sbin/openrc-run - > name="ups" - > command="/bin/exec-ups" - } - # rc-update add ups - # rc-service ups start - } - - acf: - { - # apk add acf - $ setup-acf - # vim /etc/mini_httpd/mini_httpd.conf: - { - > port=444 - } - } - - rsnapshot: << May be substituted with duplicati! - { - # apk add rsnapshot - # cp /etc/rsnapshot.conf.default /etc/rsnapshot.conf - # vim /etc/rsnapshot.conf: - { - > snapshot_root /media/data/backup - - > retain daily 7 - > retain weekly 4 - > retain monthly 12 - - > backup /home/ localhost/ - > backup /etc/ localhost/ - > backup /usr/local/ /localhost - > backup /opt/ /localhost - > backup /var/lib/docker/ /localhost - } - # vim /etc/periodic/{*}/rsnapshot: - { - > #!/bin/sh - > exec /usr/bin/rsnapshot {*} - } - # chmod +x /etc/periodic/{*}/rsnapshot - # rc-update add crond - # rc-service crond start - } - - apk-autoupdate : << Does not work possibly. - { - # apk add apk-autoupdate - # vim /etc/periodic/weekly/apk-autoupdate: - { - > #!/bin/sh - > exec /usr/sbin/apk-autoupdate - } - } - - Samba: - { - # apk add samba - # vim /etc/samba/samba.conf: - { - > [global] - > allow insecure wide links = yes - > dos charset = cp866 - > unix charset = utf-8 - > workgroup = WORKGROUP - > server string = Samba Server - - > [home{user}] - > comment = homedir{user} - > valid_users = {user} - > path = /home/{user} - > browseable = yes - > writable = yes - } - # rc-update add samba - # rc-service samba start - } - - ssh: - { - # apk add openssh fail2ban - # rc-update add sshd - # rc-service sshd start - # rc-update add fail2ban - # rc-service fail2ban start - } - - Docker: - { - # apk add docker docker-compose - # addgroup docker - # rc-update add docker boot - # service docker start - - portainer: - { - # cp alpine-server/config-files/portainer.yml /opt/docker-compose.yml - $ cd /opt/ - $ docker-compose up -d - } - - traefik: - { - + Add stack << traefik.yml - } - - watchtower: - { - Image: containerrr/watchtower:latest - Volumes: - { - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock - } - Network: bridge - Environment: - { - WATCHTOWER_NOTIFICATION_EMAIL_FROM = info@{domain} - WATCHTOWER_NOTIFICATION_EMAIL_TO=user@{domain} - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.{domain} - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=465 - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=info - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD={passwd} - WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 - WATCHTOWER_NOTIFICATIONS=email - WATCHTOWER_SCHEDULE=0 0 0 * * 6 - WATCHTOWER_CLEANUP=true - WATCHTOWER_DEBUG=true - } - Restart: Unless-stopped - } - - duplicati: - { - Image: linuxserver/duplicati:latest - Ports: 8200:8200/tcp - Volumes: - { - /backups:/var/backups - /source:duplicati-source - local - /config:/opt/duplicati - /source/host_home:/home:ro - /source/host_etc:/etc:ro - /source/host_opt:/opt:ro - /source/host_usr_local:/usr/local:ro - } - Network: bridge - Environment: - { - PIUD=0 - PGID=0 - TZ=Europe/Amsterdam - } - Restart: Unless-stopped - } - - webserver: - { - Image: httpd:alpine - Volumes: - { - /usr/local/apache2/htdocs:/opt/{webserver}/html - /usr/local/apache2/conf:/opt/{webserver}/conf - /etc/httpd:/opt/{webserver}/httpd - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Labels: << traefik.labels - Restart: Unless-stopped - } - - postgres: - { - Image: postgres:alpine - Volumes: - { - /backup:/opt/postgres - /etc/localtime:/etc/localtime:ro - /var/lib/postgresql/data:postgres - local - } - Network: proxy - Environment: - { - POSTGRES_PASSWORD={passwd} - PGDATA=/var/lib/postgresql/data - } - Labels: com.centurylinklabs.watchtower.monitor-only: "true" - Restart: Unless-stopped - - Manual backup database: - { - $ docker exec -it postgres sh -c "pg_dump -U postgres -d {database} |gzip /backup/{database}.gz" - } - Manual reload database: - { - $ # docker exec -it postgres sh -c "gunzip -c {dbname.gz} | psql -U postgres -d {dbname}" - } - } - - postgresbackup: - { - Image: prodrigestivill/postgres-backup-local:alpine - Volumes: - { - /backups:/opt/postgresbackup - /var/lib/postgresql/data:postgresbackup - local - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Environment: - { - POSTGRES_HOST=postgres - POSTGRES_DB={db0,db1,...,db{n}} - POSTGRES_USER=postgres - POSTGRES_PASSWORD={passwd} - SCHEDULE=@daily - BACKUP_KEEP_DAYS=1 - BACKUP_KEEP_WEEKS=1 - BACKUP_KEEP_MONTHS=1 - BACKUP_DIR=/backups - } - Labels: com.centurylinklabs.watchtower.monitor-only: "true" - Restart: Unless-stopped - - Reload database: - { - # mv /opt/postgresbackup/{dbname.sql.gz} /opt/postgres - $ docker exec -it postgres sh -c "zcat /backup/{dbname.sql.gz} | psql -U postgres -d {dbname}" - } - } - - vaultwarden: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database vaultwarden; - } - - Image: vaultwarden/server:alpine - Volumes: - { - /data:/opt/vaultwarden/data - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Environment: - { - ADMIN_TOKEN={admin_token} >> Remove to disable admin page. - SIGNUPS_ALLOWED=true/false - DATABASE_URL=postgresql://postgres:{passwd}@postgres/vaultwarden - } - Labels: << traefik.labels - Restart: Unless-stopped - } - - gitea: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database gitea; - } - - Image: gitea/gitea:latest - Volumes: - { - /data:/opt/gitea - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - } - Network: proxy - Environment: - { - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=postgres - GITEA__database__NAME=gitea - GITEA__database__USER=postgres - GITEA__database__PASSWD={passwd} - USER=git - GITEA_CUSTOM=/data/gitea - } - Labels: << traefik.labels - Restart: Unless-stopped - } - - picoshare: - { - Image: mtlynch/picoshare:latest - Volumes: - { - /data:picoshare - local - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Environment: - { - PS_SHARED_SECRET={passwd} - } - Labels: << traefik.labels - Restart: Unless-stopped - } - - hedgedoc: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database hedgedoc; - } - - Image: quay.io/hedgedoc/hedgedoc:alpine - Volumes: - { - /hedgedoc/public/uploads:/opt/hedgedoc/uploads - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Environment: - { - CMD_DB_URL= postgres://postgres:{passwd}@postgres/hedgedoc - CMD_DOMAIN={domain} - CMD_PROTOCOL_USESSL=true - CMD_URL_ADDPORT=false - CMD_ALLOW_EMAIL_REGISTER=true - NODE_ENV=production - } - Labels: << traefik.labels - Restart: Unless-stopped - } - } - - matrix: - { - synapse: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database synapse with encoding='UTF8' lc_collate='C' lc_ctype='C' template=template0; - } - - $ docker run -it --rm --mount type=volume,src=synapse-data,dst=/data -e SYNAPSE_SERVER_NAME=matrix.{domain} -e SYNAPSE_REPORT_STATS=no matrixdotorg/synapse:latest generate - $ docker run -d --name synapse --mount type=volume,src=synapse-data,dst=/data matrixdotorg/synapse:latest - >> May be improved! - - Network: proxy - Labels: << traefik.labels - Restart: Unless-stopped - - # vim /var/lib/docker/volumes/synapse-data/_data/homeserver.yaml: - { - > server_name: "matrix.{domain}" - - > database: - > name: psycopg2 - > txn_limit: 10000 - > allow_unsafe_locale: false - > args: - > user: postgres - > password: "{passwd}" - > database: synapse - > host: postgres - > cp_min: 5 - > cp_max: 10 - - > enable_registration: true/false - > enable_registration_without_verification: true - - > app_server_config_files: - > - /data/mautrix/whatsapp/registration.yaml - > - /data/mautrix/signal/registration.yaml - } - } - - mautrix-whatsapp: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database mautrixwhatsapp; - } - - Image: dock.mau.dev/mautrix/whatsapp:latest - Volumes: - { - /data:/var/lib/docker/volumes/synapse-data/_data/mautrix/whatsapp - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Restart: Unless-stopped - - # vim /var/lib/docker/volumes/synapse-data/_data/mautrix/whatsapp/config.yaml: - { - > homeserver: - > address: http://synapse:8008 - > domain: matrix.{domain} - - > appservice: - > address: http://mautrix-whatsapp:29318 - > hostname: 0.0.0.0 - > port: 29318 - > - > database: - > type: postgres - > uri: postgres://postgres:{passwd}@postgres/mautrixwhatsapp?sslmode=disable - - > bridge: - > private_chat_portal_meta: true - > encryption: - > allow: true - > default: true - > - > permissions: - > "*": relay - > "matrix.{domain}": user - > "@admin:matrix.{domain}": admin - } - # vim /var/lib/docker/volumes/synapse-data/_data/mautrix/whatsapp/registration.yaml: - { - > url: http://mautrix-whatsapp:29318 - > regex: << matrix.{domain} - } - } - - mautrix-signal: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database mautrixsignal; - } - - Image: dock.mau.dev/mautrix/signal:latest - Volumes: - { - /data:/var/lib/docker/volumes/synapse-data/_data/mautrix/signal - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Restart: Unless-stopped - - # vim /var/lib/docker/volumes/synapse-data/_data/mautrix/whatsapp/config.yaml: - { - > homeserver: - > address: http://synapse:8008 - > domain: matrix.{domain} - - > appservice: - > address: http://mautrix-signal:29328 - > hostname: 0.0.0.0 - > port: 29328 - > - > database: postgres://postgres:{passwd}@postgres/mautrixsignal - - > signal: - > socket_path: /data/signald/signald.sock - - > bridge: - > private_chat_portal_meta: true - > encryption: - > allow: true - > default: true - > - > permissions: - > "*": relay - > "matrix.{domain}": user - > "@admin:matrix.{domain}: admin - } - # vim /var/lib/docker/volumes/synapse-data/_data/mautrix/whatsapp/registration.yaml: - { - > url: http://mautrix-signal:29328 - > regex: << matrix.{domain} - } - } - - signald: - { - >> postgres database not yet available! (sqlite database) - - Image:docker.io/signald/signald:latest - Volumes: - { - /signald:/opt/matrix/mautrix-signal/signald - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Restart: Unless-stopped - } - - element: - { - Image: vectorim/element-web:latest - Volumes: - { - /app/config.json:/opt/matrix/element/config.json - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Labels: << traefik.labels - Restart: Unless-stopped - - # vim /opt/matrix/element/config.json: - { - { - "default_server_config": { - "m.homeserver": { - "base_url": "https://matrix.{domain}", - "server_name": "matrix.{domain}" - }, - "m.identity_server": { - "base_url": "https://vector.im" - } - }, - "disable_custom_urls": true, - "room_directory": { - "servers": ["matrix.org", "matrix.{domain}"] - }, - "default_theme": "dark" - } - } - } - } - - homeassistant: - { - mosquitto: - { - Image: eclipse-mosquitto:latest - Volumes: - { - /mosquitto/data:/opt/mosquitto/data - /mosquitto/log:/opt/mosquitto/log - /mosquitto/config:/opt/mosquitto/config - } - Network: - { - proxy - ipv4: 172.21.0.12 - } - Restart: Unless-stopped - - # vim /opt/mosquitto/config/password.txt: - { - > {username}:{passwd} - } - # vim /opt/mosquitto/config/mosquitto.conf: - { - > persistence true - > persistence_location /mosquitto/data - > log_dest file /mosquitto/log/mosquitto.log - - > listener 9001 - > listener 1883 - > connection_messages true - - > allow_anonymous false - > password_file /mosquitto/config/password.txt - } - } - - ecowitt: - { - Image: bachya/ecowitt2mqtt:latest - Ports: 8181:8181/tcp - Network: proxy - Environment: - { - COWITT2MQTT_MQTT_BROKER=mosquitto - ECOWITT2MQTT_MQTT_USERNAME={username} - ECOWITT2MQTT_MQTT_PASSWORD={passwd} - ECOWITT2MQTT_PORT=8181 - ECOWITT2MQTT_HASS_DISCOVERY=true - ECOWITT2MQTT_INPUT_UNIT_SYSTEM=imperial - ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM=metric - } - Restart: Unless-stopped - } - - esphome: - { - Image: esphome/esphome:latest - Ports: 6052:6052/tcp - Volumes: - { - /config:/opt/esphome - /etc/localtime:/etc/localtime:ro - } - Network: host - Environment: - { - USERNAME={username} - PASSWORD={passwd} - } - Restart: Unless-stopped - } - - homeassistant: - { - $ docker exec -it postgres /bin/bash - # psql -U postgres: - { - > create database homeassistant; - } - - Image: homeassistant - Volumes: - { - /config:/opt/homeassistant/config - /etc/localtime:/etc/localtime:ro - } - Network: proxy - Labels: << traefik.labels - Restart: Unless-stopped - - # vim /opt/homeassistant/config/configuration.yaml: - { - > python_script: - - > shell_command: - - > http: - > use_x_forwarded_for: true - > trusted_proxies: - > - 172.21.0.80 - - > panel_iframe: - > portainer: - > title: "Portainer" - > url: "http://{ip}:9000/#/containers" - > icon: mdi:docker - > require_admin: true - > esphome: - > title: "ESPHome" - > url: "http://{ip}:6052" - > icon: mdi:chip - > require_admin: true - - > recorder: - > db_url: postgresql://postgres:{passwd}@postgres/homeassistant - } - } - } -} \ No newline at end of file diff --git a/bin/checkpod b/bin/checkpod new file mode 100644 index 0000000..a00bc48 --- /dev/null +++ b/bin/checkpod @@ -0,0 +1,13 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 + +state=0 + +while [ $state == 0 ] +do + sleep 10 + $command pod inspect ${name}-pod | grep -q '"State": "Running"' || state=1 +done diff --git a/bin/dump b/bin/dump new file mode 100644 index 0000000..dfb9e8a --- /dev/null +++ b/bin/dump @@ -0,0 +1,23 @@ +#!/bin/sh + +command="/usr/bin/podman" + + +# Dumps databases + +postgres_databases="" + +for database in $postgres_databases +do + $command exec -it ${database}-pod-postgres sh -c "pg_dumpall -U postgres | gzip > /dump/${database}.sql.gz" +done + + +# Exports volumes + +volumes="" + +for volume in $volumes +do + $command volume export $volume --output /.volumes/${volume}.tar +done diff --git a/bin/load b/bin/load new file mode 100644 index 0000000..7ab81c5 --- /dev/null +++ b/bin/load @@ -0,0 +1,23 @@ +#!/bin/sh + +command="/usr/bin/podman" + + +# Loads dumped databases + +postgres_databases="gitea" + +for database in $postgres_databases +do + exec $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres" +done + + +# Imports volumes + +volumes="gitea-pod-gitea-data" + +for volume in $volumes +do + exec $command volume import $volume /.volumes/${volume}.tar +done diff --git a/config-files/exec-ups.c b/config-files/exec-ups.c deleted file mode 100644 index 4f22c58..0000000 --- a/config-files/exec-ups.c +++ /dev/null @@ -1,8 +0,0 @@ -#include -#include - -int main() -{ - system("/bin/ups &"); - return 0; -} diff --git a/config-files/traefik.labels b/config-files/traefik.labels deleted file mode 100755 index 0aa0c60..0000000 --- a/config-files/traefik.labels +++ /dev/null @@ -1,6 +0,0 @@ -traefik.enable=true -traefik.http.routers..entrypoints={web,websecure,webfederation} -traefik.http.routers..rule=Host("") -traefik.http.routers..tls=true -traefik.http.routers..tls.certresolver={staging/production} -(optional) traefik.http.services..loadbalancer.server.port={port} \ No newline at end of file diff --git a/config-files/ups.c b/config-files/ups.c deleted file mode 100644 index e63070a..0000000 --- a/config-files/ups.c +++ /dev/null @@ -1,51 +0,0 @@ -#include -#include -#include -#include - -int main() -{ - unsigned int chargelim = 80; - unsigned int charge = 100; - - unsigned int voltagelim = 210; - unsigned int voltage = 240; - - - FILE *fp; - char path[1024]; - - while(charge > chargelim || voltage > voltagelim) - { - sleep(20); - fp = popen("/usr/bin/upsc ups@{domain} battery.charge 2>&1 |grep -v 'Init SSL'", "r"); - - if(fgets(path, sizeof(path), fp) != NULL) - { - charge = atoi(path); - pclose(fp); - } - else - { - pclose(fp); - system("poweroff"); - } - - fp = popen("/usr/bin/upsc ups@{domain} input.voltage 2>&1 |grep -v 'Init SSL'", "r"); - - if(fgets(path, sizeof(path), fp) != NULL) - { - voltage = atoi(path); - pclose(fp); - } - else - { - pclose(fp); - system("poweroff"); - } - } - - system("poweroff"); - - return 0; -} diff --git a/containerfiles/git-mkdocs-wiki/default.conf.env b/containerfiles/git-mkdocs-wiki/default.conf.env new file mode 100644 index 0000000..5111323 --- /dev/null +++ b/containerfiles/git-mkdocs-wiki/default.conf.env @@ -0,0 +1,15 @@ +server { + listen $PORT; + listen [::]:${PORT}; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50.html { + root /usr/share/nginx/html; + } +} \ No newline at end of file diff --git a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki new file mode 100644 index 0000000..e9a7dc5 --- /dev/null +++ b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki @@ -0,0 +1,10 @@ +#!/bin/sh + +exec 2>&1 +find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo +cd /mkdocs/repo && git pull + +for lang in $WIKI_LANG +do + mkdocs build -f /mkdocs/repo/config/${lang}/mkdocs.yml -d /usr/share/nginx/html/${lang} +done \ No newline at end of file diff --git a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile new file mode 100644 index 0000000..dbbf612 --- /dev/null +++ b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile @@ -0,0 +1,25 @@ +FROM nginx:alpine + +ENV PORT="80" +COPY default.conf.env /etc/nginx/conf.d/default.conf.env + +RUN apk add envsubst \ + && touch /docker-entrypoint.d/port.sh \ + && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \ + && chmod 776 /docker-entrypoint.d/port.sh + +RUN apk add git \ + && apk add mkdocs \ + && apk add mkdocs-material \ + && apk add py3-regex + +RUN mkdir /mkdocs +WORKDIR /mkdocs + +COPY root /etc/crontabs/root +COPY git-mkdocs-wiki /bin/git-mkdocs-wiki +RUN chmod 744 /bin/git-mkdocs-wiki + +RUN touch /docker-entrypoint.d/cron.sh \ + && echo "exec crond" > /docker-entrypoint.d/cron.sh \ + && chmod 776 /docker-entrypoint.d/cron.sh \ No newline at end of file diff --git a/dockerfile/git-mkdocs/scripts/root b/containerfiles/git-mkdocs-wiki/root similarity index 65% rename from dockerfile/git-mkdocs/scripts/root rename to containerfiles/git-mkdocs-wiki/root index 6379663..aace2f3 100644 --- a/dockerfile/git-mkdocs/scripts/root +++ b/containerfiles/git-mkdocs-wiki/root @@ -1,3 +1,3 @@ # do daily/weekly/monthly maintanance # min hour day month weekday command - * * * * * git-mkdocs \ No newline at end of file +* * * * * git-mkdocs-wiki \ No newline at end of file diff --git a/containerfiles/git-mkdocs/default.conf.env b/containerfiles/git-mkdocs/default.conf.env new file mode 100644 index 0000000..5111323 --- /dev/null +++ b/containerfiles/git-mkdocs/default.conf.env @@ -0,0 +1,15 @@ +server { + listen $PORT; + listen [::]:${PORT}; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50.html { + root /usr/share/nginx/html; + } +} \ No newline at end of file diff --git a/containerfiles/git-mkdocs/git-mkdocs b/containerfiles/git-mkdocs/git-mkdocs new file mode 100644 index 0000000..60a65d9 --- /dev/null +++ b/containerfiles/git-mkdocs/git-mkdocs @@ -0,0 +1,6 @@ +#!/bin/sh + +exec 2>&1 +find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo +cd /mkdocs/repo && git pull +exec mkdocs build -f /mkdocs/repo/mkdocs.yml -d /usr/share/nginx/html \ No newline at end of file diff --git a/containerfiles/git-mkdocs/git-mkdocs.containerfile b/containerfiles/git-mkdocs/git-mkdocs.containerfile new file mode 100644 index 0000000..1d02ab4 --- /dev/null +++ b/containerfiles/git-mkdocs/git-mkdocs.containerfile @@ -0,0 +1,25 @@ +FROM nginx:alpine + +ENV PORT="80" +COPY default.conf.env /etc/nginx/conf.d/default.conf.env + +RUN apk add envsubst \ + && touch /docker-entrypoint.d/port.sh \ + && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \ + && chmod 776 /docker-entrypoint.d/port.sh + +RUN apk add git \ + && apk add mkdocs \ + && apk add mkdocs-material \ + && apk add py3-regex + +RUN mkdir /mkdocs +WORKDIR /mkdocs + +COPY root /etc/crontabs/root +COPY git-mkdocs /bin/git-mkdocs +RUN chmod 744 /bin/git-mkdocs + +RUN touch /docker-entrypoint.d/cron.sh \ + && echo "exec crond" > /docker-entrypoint.d/cron.sh \ + && chmod 776 /docker-entrypoint.d/cron.sh \ No newline at end of file diff --git a/containerfiles/git-mkdocs/root b/containerfiles/git-mkdocs/root new file mode 100644 index 0000000..d260f99 --- /dev/null +++ b/containerfiles/git-mkdocs/root @@ -0,0 +1,3 @@ +# do daily/weekly/monthly maintanance +# min hour day month weekday command +* * * * * git-mkdocs \ No newline at end of file diff --git a/docker-compose/base.yaml b/docker-compose/base.yaml deleted file mode 100644 index c2f2a6f..0000000 --- a/docker-compose/base.yaml +++ /dev/null @@ -1,34 +0,0 @@ -version: '3.0' - -services: - portainer: - container_name: portainer - image: portainer/portainer-ce:alpine - network_mode: bridge - ports: - - "9000:9000/tcp" - volumes: - - /etc/localtime/:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock - - ~/docker/portainer:/data - restart: always - - watchtower: - container_name: watchtower - image: containrrr/watchtower:latest - network_mode: bridge - volumes: - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock - environment: - WATCHTOWER_NOTIFICATION_EMAIL_FROM = info@{domain} - WATCHTOWER_NOTIFICATION_EMAIL_TO=user@{domain} - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.{domain} - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=465 - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=info - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD={passwd} - WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 - WATCHTOWER_NOTIFICATIONS=email - WATCHTOWER_SCHEDULE=0 0 0 * * 6 - WATCHTOWER_CLEANUP=true - restart: unless-stopped \ No newline at end of file diff --git a/docker-compose/traefik.yaml b/docker-compose/traefik.yaml deleted file mode 100755 index 4c4b721..0000000 --- a/docker-compose/traefik.yaml +++ /dev/null @@ -1,45 +0,0 @@ -version: '3.0' - -services: - traefik: - container_name: traefik - image: traefik:latest - command: - #- --api.insecure=true - #- --api.dashboard=true - - --providers.docker=true - - --providers.docker.exposedByDefault=false - - --providers.docker.network=proxy - - - --entryPoints.web.address=:80 - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - - --entryPoints.websecure.address=:443 - - --entryPoints.webfederation.address=:8448 - - - --certificatesresolvers.staging.acme.email={email} - - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme.json - - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory - - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web - - - --certificatesresolvers.production.acme.email={email} - - --certificatesresolvers.production.acme.storage=/ssl-certs/acme.json - - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory - - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web - networks: - proxy: - ipv4_address: 172.21.0.80 - ports: - - "80:80" - - "443:443" - #- "8080:8080" - - "8448:8448" - volumes: - - /etc/localtime:/etc/localtime:ro - - /opt/traefik/ssl-certs:/ssl-certs - - /var/run/docker.sock:/var/run/docker.sock:ro - restart: unless-stopped - -networks: - proxy: - external: true \ No newline at end of file diff --git a/dockerfile/git-mkdocs/dev-mkdocs.dockerfile b/dockerfile/git-mkdocs/dev-mkdocs.dockerfile deleted file mode 100644 index 005a553..0000000 --- a/dockerfile/git-mkdocs/dev-mkdocs.dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3-alpine - -ARG USER=1001 - -RUN adduser -h /usr/src/mkdocs -D -u $USER mkdocs - -USER mkdocs -RUN mkdir -p /usr/src/mkdocs/build -WORKDIR /usr/src/mkdocs/build - -RUN pip install --upgrade pip - -RUN pip install pymdown-extensions \ -&& pip install mkdocs \ -&& pip install mkdocs-material \ No newline at end of file diff --git a/dockerfile/git-mkdocs/git-mkdocs.dockerfile b/dockerfile/git-mkdocs/git-mkdocs.dockerfile deleted file mode 100644 index c077cb1..0000000 --- a/dockerfile/git-mkdocs/git-mkdocs.dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM nginx:alpine - -RUN apk add git \ - && apk add python3 py3-pip - -ENV GIT_REPO_URL='' \ - GIT_REPO_NAME='' - -RUN mkdir /mkdocs -WORKDIR /mkdocs - -RUN pip install --upgrade pip - -RUN pip install pymdown-extensions \ - && pip install mkdocs \ - && pip install mkdocs-material - -COPY root /etc/crontabs/root -COPY git-mkdocs /bin/git-mkdocs -RUN chmod 744 /bin/git-mkdocs - -RUN touch /docker-entrypoint.d/cron.sh \ - && echo "exec crond" > /docker-entrypoint.d/cron.sh \ - && chmod 776 /docker-entrypoint.d/cron.sh \ No newline at end of file diff --git a/dockerfile/git-mkdocs/scripts/git-mkdocs b/dockerfile/git-mkdocs/scripts/git-mkdocs deleted file mode 100644 index 5bff5a5..0000000 --- a/dockerfile/git-mkdocs/scripts/git-mkdocs +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -git clone $GIT_REPO_URL -cd /mkdocs/$GIT_REPO_NAME -git pull -mkdocs build -f /mkdocs/$GIT_REPO_NAME/mkdocs.yml -d /usr/share/nginx/html \ No newline at end of file diff --git a/pods/bitwarden/bitwarden-pod.yml b/pods/bitwarden/bitwarden-pod.yml new file mode 100644 index 0000000..61572dd --- /dev/null +++ b/pods/bitwarden/bitwarden-pod.yml @@ -0,0 +1,60 @@ +apiversion: v1 +kind: Pod +metadata: + name: bitwarden-pod + annotations: + io.podman.annotations.infra.name: bitwarden-pod-infra +spec: + containers: + - name: vaultwarden + image: docker.io/vaultwarden/server:alpine + env: + - name: SIGNUPS_ALLOWED + value: false + - name: DATABASE_URL + value: "postgresql://postgres:@bitwarden-pod-postgres/vaultwarden" + - name: ROCKET_PORT + value: 3000 + ports: + - containerport: 3000 + hostport: 1080 + protocol: TCP + volumemounts: + - mountpath: /data + name: vaultwarden-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: bitwarden-secrets + key: postgres-password + volumemounts: + - mountpath: /dump + name: postgres-dump + - mountpath: /var/lib/postgresql/data + name: postgres-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - persistentvolumeclaim: + claimname: bitwarden-pod-vaultwarden-data + name: vaultwarden-data + - hostpath: + path: /.dump/bitwarden + type: Directory + name: postgres-dump + - persistentvolumeclaim: + claimname: bitwarden-pod-postgres-data + name: postgres-data + - hostPath: + path: /etc/localtime + type: File + name: localtime \ No newline at end of file diff --git a/pods/bitwarden/bitwarden-secrets.yml b/pods/bitwarden/bitwarden-secrets.yml new file mode 100644 index 0000000..091a46c --- /dev/null +++ b/pods/bitwarden/bitwarden-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: bitwarden-secrets \ No newline at end of file diff --git a/pods/git/git-pod.yml b/pods/git/git-pod.yml new file mode 100644 index 0000000..8f6e9ad --- /dev/null +++ b/pods/git/git-pod.yml @@ -0,0 +1,101 @@ +apiversion: v1 +kind: Pod +metadata: + name: git-pod + annotations: + io.podman.annotations.infra.name: git-pod-infra +spec: + containers: + - name: gitea + image: docker.io/gitea/gitea:latest + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: GITEA__database__HOST + value: "git-pod-postgres" + - name: GITEA__database__USER + value: "postgres" + - name: GITEA__database__PASSWD + valuefrom: + secretkeyref: + name: git-secrets + key: postgres-password + - name: GITEA__database__NAME + value: "gitea" + ports: + - containerport: 3000 + hostport: 2080 + protocol: TCP + volumemounts: + - mountpath: /data + name: gitea-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: documentation + image: git-mkdocs:latest + env: + - name: GIT_REPO_URL + value: "https://git.bijl.us/lnco/documentation.git" + - name: PORT + value: 3100 + - containerport: 3100 + hostport: 2180 + protocol: TCP + volumemounts: + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: wiki + image: git-mkdocs-wiki:latest + env: + - name: GIT_REPO_URL + value: "https://git.bijl.us/luc/mathematics-physics-wiki.git" + - name: WIKI_LANG + value: "en nl" + - name: PORT + value: 3200 + - containerport: 3200 + hostport: 2280 + protocol: TCP + volumemounts: + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: git-secrets + key: postgres-password + volumemounts: + - mountpath: /dump + name: postgres-dump + - mountpath: /var/lib/postgresql/data + name: postgres-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - persistentvolumeclaim: + claimname: git-pod-gitea-data + name: gitea-data + - hostpath: + path: /.dump/git + type: Directory + name: postgres-dump + - persistentvolumeclaim: + claimname: git-pod-postgres-data + name: postgres-data + - hostpath: + path: /etc/localtime + type: File + name: localtime diff --git a/pods/git/git-secrets.yml b/pods/git/git-secrets.yml new file mode 100644 index 0000000..5dba2b0 --- /dev/null +++ b/pods/git/git-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: git-secrets \ No newline at end of file diff --git a/pods/matrix/matrix-pod.yml b/pods/matrix/matrix-pod.yml new file mode 100644 index 0000000..8744339 --- /dev/null +++ b/pods/matrix/matrix-pod.yml @@ -0,0 +1,129 @@ +apiversion: v1 +kind: Pod +metadata: + name: matrix-pod + annotations: + io.podman.annotations.infra.name: matrix-pod-infra +spec: + containers: + - name: dendrite + image: matrixdotorg/dendrite-monolith:latest + ports: + - containerport: 8008 + hostport: 3080 + protocol: TCP + - containerport: 8448 + hostport: 8448 + protocol: TCP + volumemounts: + - mountpath: /etc/dendrite + name: dendrite-config + - mountpath: /var/dendrite/media + name: dendrite-media + - mountpath: /var/dendrite/jetstream + name: dendrite-jetstream + - mountpath: /var/dendrite/searchindex + name: dendrite-searchindex + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: mautrix-whatsapp + image: dock.mau.dev/mautrix/whatsapp:latest + command: + - /usr/bin/mautrix-whatsapp + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - mountpath: /data + name: mautrix-whatsapp-config + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: mautrix-signal + image: dock.mau.dev/mautrix/signal:latest + command: + - /usr/bin/mautrix-signal + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - mountpath: /data + name: mautrix-signal-config + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: element + image: vectorim/element-web:latest + ports: + - containerport: 80 + hostport: 3180 + protocol: TCP + volumemounts: + - mountpath: /app/config.json + name: element-config + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: matrix-secrets + key: postgres-password + volumemounts: + - mountpath: /dump + name: postgres-dump + - mountpath: /var/lib/postgresql/data + name: postgres-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - hostpath: + path: /.config/pods/matrix/dendrite-config + type: Directory + name: dendrite-config + - persistentvolumeclaim: + claimname: matrix-pod-dendrite-media + name: dendrite-media + - persistentvolumeclaim: + claimname: matrix-pod-dendrite-jetstream + name: dendrite-jetstream + - persistentvolumeclaim: + claimname: matrix-pod-dendrite-searchindex + name: dendrite-searchindex + - hostpath: + path: /.config/pods/matrix/mautrix-whatsapp-config + type: Directory + name: mautrix-whatsapp-config + - hostpath: + path: /.config/pods/matrix/mautrix-signal-config + type: Directory + name: mautrix-signal-config + - hostpath: + path: /.config/pods/matrix/element-config/config.json + type: File + name: element-config + - hostpath: + path: /.dump/matrix + type: Directory + name: postgres-dump + - persistentvolumeclaim: + claimname: matrix-pod-postgres-data + name: postgres-data + - hostpath: + path: /etc/localtime + type: File + name: localtime diff --git a/pods/matrix/matrix-secrets.yml b/pods/matrix/matrix-secrets.yml new file mode 100644 index 0000000..101a814 --- /dev/null +++ b/pods/matrix/matrix-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: matrix-secrets \ No newline at end of file diff --git a/pods/notes/notes-pod.yml b/pods/notes/notes-pod.yml new file mode 100644 index 0000000..7efdd4b --- /dev/null +++ b/pods/notes/notes-pod.yml @@ -0,0 +1,73 @@ +apiversion: v1 +kind: Pod +metadata: + name: notes-pod + annotations: + io.podman.annotations.infra.name: notes-pod-infra +spec: + containers: + - name: hedgedoc + image: quay.io/hedgedoc/hedgedoc:alpine + env: + - name: CMD_DB_URL + valuefrom: + secretkeyref: + name: notes-secrets + key: postgres-url + - name: CMD_ALLOW_EMAIL_REGISTER + value: true + - name: CMD_DOMAIN + value: "notes.bijl.us" + - name: CMD_PROTOCOL_USESSL + value: true + - name: CMD_URL_ADDPORT + value: false + - name: NODE_ENV + value: production + - name: CMD_IMAGE_UPLOAD_TYPE + value: filesystem + - name: UPLOADS_MODE + value: 0700 + ports: + - containerport: 3000 + hostport: 4080 + protocol: TCP + volumemounts: + - mountpath: /hedgedoc/public/uploads + name: hedgedoc-uploads + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: notes-secrets + key: postgres-password + volumemounts: + - mountpath: /dump + name: postgres-dump + - mountpath: /var/lib/postgresql/data + name: postgres-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - persistentvolumeclaim: + claimname: notes-pod-hedgedoc-uploads + name: hedgedoc-uploads + - hostpath: + path: /.dump/notes + type: Directory + name: postgres-dump + - persistentvolumeclaim: + claimname: notes-pod-postgres-data + name: postgres-data + - hostPath: + path: /etc/localtime + type: File + name: localtime \ No newline at end of file diff --git a/pods/notes/notes-secrets.yml b/pods/notes/notes-secrets.yml new file mode 100644 index 0000000..00140de --- /dev/null +++ b/pods/notes/notes-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: notes-secrets \ No newline at end of file diff --git a/pods/share/share-pod.yml b/pods/share/share-pod.yml new file mode 100644 index 0000000..b4da767 --- /dev/null +++ b/pods/share/share-pod.yml @@ -0,0 +1,34 @@ +apiversion: v1 +kind: Pod +metadata: + name: share-pod + annotations: + io.podman.annotations.infra.name: share-pod-infra +spec: + containers: + - name: picoshare + image: docker.io/mtlynch/picoshare:latest + env: + - name: PS_SHARED_SECRET + value: "" + - name: PORT + value: 3000 + ports: + - containerport: 3000 + hostport: 5080 + protocol: TCP + volumemounts: + - mountpath: /data + name: picoshare-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - persistentvolumeclaim: + claimname: share-pod-picoshare-data + name: picoshare-data + - hostPath: + path: /etc/localtime + type: File + name: localtime \ No newline at end of file diff --git a/pods/smarthome/smarthome-pod.yml b/pods/smarthome/smarthome-pod.yml new file mode 100644 index 0000000..59272b4 --- /dev/null +++ b/pods/smarthome/smarthome-pod.yml @@ -0,0 +1,171 @@ +apiversion: v1 +kind: Pod +metadata: + name: smarthome-pod + annotations: + io.podman.annotations.infra.name: smarthome-pod-infra + run.oci.keep_original_groups: 1 +spec: + containers: + - name: home-assistant + image: ghcr.io/home-assistant/home-assistant:latest + ports: + - containerport: 3000 + hostport: 6080 + protocol: TCP + volumemounts: + - mountpath: /config + name: home-assistant-config + - mountpath: /dev/ttyUSB0 + name: home-assistant-usb0 + - mountpath: /dev/ttyUSB1 + name: home-assistant-usb1 + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: mosquitto + image: docker.io/eclipse-mosquitto:latest + ports: + - containerport: 1883 + hostport: 1883 + protocol: TCP + volumemounts: + - mountpath: /mosquitto/config + name: mosquitto-config + - mountpath: /mosquitto/data + name: mosquitto-data + - mountpath: /mosquitto/log + name: mosquitto-log + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: esphome + image: docker.io/esphome/esphome:stable + env: + - name: USERNAME + value: "" + - name: PASSWORD + value: "" + ports: + - containerport: 6052 + hostport: 6052 + protocol: TCP + volumemounts: + - mountpath: /config + name: esphome-config + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: ecowitt + image: docker.io/bachya/ecowitt2mqtt:latest + env: + - name: ECOWITT2MQTT_MQTT_BROKER + value: "smarthome-pod-mosquitto" + - name: ECOWITT2MQTT_MQTT_USERNAME + value: "" + - name: ECOWITT2MQTT_MQTT_PASSWORD + value: "" + - name: ECOWITT2MQTT_PORT + value: 8181 + - name: ECOWITT2MQTT_HASS_DISCOVERY + value: true + - name: ECOWITT2MQTT_INPUT_UNIT_SYSTEM + value: "imperial" + - name: ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM + value: "metric" + - name: ECOWITT2MQTT_PRECISION + value: 1 + ports: + - containerport: 8181 + hostport: 8181 + protocol: TCP + volumemounts: + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: volvo + image: ghcr.io/dielee/volvo2mqtt:latest + env: + - name: CONF_updateInterval + value: 300 + - name: CONF_babelLocale + value: "nl" + - name: CONF_mqtt + valuefrom: + secretkeyref: + name: smarthome-secrets + key: volvo-mosquitto + - name: CONF_volvoData + valuefrom: + secretkeyref: + name: smarthome-secrets + key: volvo-url + volumemounts: + - mountpath: /volvoAAOS2mqtt + name: volvo-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: smarthome-secrets + key: postgres-password + volumemounts: + - mountpath: /dump + name: postgres-dump + - mountpath: /var/lib/postgresql/data + name: postgres-data + - mountpath: /etc/localtime + name: localtime + readonly: true + + volumes: + - hostpath: + path: /.config/pods/smarthome/home-assistant-config + type: Directory + name: home-assistant-config + - hostpath: + path: /dev/ttyUSB0 + type: File + name: home-assistant-usb0 + - hostpath: + path: /dev/ttyUSB1 + type: File + name: home-assistant-usb1 + - hostpath: + path: /.config/pods/smarthome/mosquitto-config + type: Directory + name: mosquitto-config + - persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-data + name: mosquitto-data + - persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-log + name: mosquitto-log + - hostpath: + path: /.config/pods/smarthome/esphome-config + type: Directory + name: esphome-config + - persistentvolumeclaim: + claimname: smarthome-pod-volvo-data + name: volvo-data + - hostpath: + path: /.dump/smarthome + type: Directory + name: postgres-dump + - persistentvolumeclaim: + claimname: smarthome-pod-postgres-data + name: postgres-data + - hostpath: + path: /etc/localtime + type: File + name: localtime diff --git a/pods/smarthome/smarthome-secrets.yml b/pods/smarthome/smarthome-secrets.yml new file mode 100644 index 0000000..109b448 --- /dev/null +++ b/pods/smarthome/smarthome-secrets.yml @@ -0,0 +1,9 @@ +apiversion: v1 +data: + volvo-mosquitto: + volvo-url: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: smarthome-secrets \ No newline at end of file