leo/server-origin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
leo 2024-08-08 06:01:49 +05:00
parent e44e9c3d9c
commit a475010975
25 changed files with 183 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env.dev
View File

@ -1,2 +0,0 @@
DOMAIN=corp.hm
CERT_RESOLVER=local

2
.env.prod
View File

@ -1,2 +0,0 @@
DOMAIN=checkerwars.com
CERT_RESOLVER=le

7
README.md Normal file
View File

@ -0,0 +1,7 @@
Init:
`sudo git clone git@rozenlab.com:leo/server-origin.git && cd server-origin && sudo install.sh DOMAIN_NAME`
`sudo git pull git@rozenlab.com:leo/server-origin.git`

4
backups.cfg Normal file
View File

@ -0,0 +1,4 @@
# /data/appdata/gitea
# /data/appdata/pgadmin
# /data/logs
/data

3
config/backups.list Normal file
View File

@ -0,0 +1,3 @@
# /sample/folder/
/data/appdata/gitea/
/data/projects/

2
config/cron.list Normal file
View File

@ -0,0 +1,2 @@
0 8 * * * ./data/backup/all.sh
# 0 9 * * * ./data/backup/remote-backup.sh

2
cron.cfg Normal file
View File

@ -0,0 +1,2 @@
0 8 * * * ./data/backup/all.sh
# 0 9 * * * ./data/backup/remote-backup.sh

7
deploy-traefik.sh
View File

@ -1,7 +0,0 @@
set -e
export DEBIAN_FRONTEND=noninteractive
sudo docker network create proxynet
sudo git clone https://git.rozenlab.com/leo/repo-server.git
echo "Traefik OK"

72
gitea.yml
View File

@ -1,72 +0,0 @@
services:
gitea:
image: gitea/gitea:1.22.0
container_name: gitea
env_file:
- ./secrets/vars.env
environment:
- APP_NAME="Gitea"
- USER_UID=1000
- USER_GID=1000
- USER=git
- RUN_MODE=prod
- DOMAIN=gitea.${DOMAIN}
- SSH_DOMAIN=gitea.${DOMAIN}
- HTTP_PORT=3000
- ROOT_URL=https://git.${DOMAIN}
- SSH_PORT=222
- SSH_LISTEN_PORT=22
- GITEA__cache__ENABLED=true
- GITEA__cache__ADAPTER=redis
- GITEA__cache__HOST=redis://gitea-cache:6379/0?pool_size=100&idle_timeout=180s
- GITEA__cache__ITEM_TTL=24h
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=postgres:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=${GITEA_DB_PW}
restart: always
networks:
- proxynet
depends_on:
gitea-cache:
condition: service_started
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`git.${DOMAIN}`)"
- "traefik.http.routers.gitea.entrypoints=https"
- "traefik.http.routers.gitea.service=gitea-service"
- "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
logging:
driver: "json-file"
options:
max-size: "1m"
volumes:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
gitea-cache:
container_name: gitea-cache
image: redis:7.2.5-alpine3.20
restart: always
networks:
- proxynet
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 15s
timeout: 3s
retries: 30
logging:
driver: "json-file"
options:
max-size: "1m"
networks:
proxynet:
external: true

14
init-db/init-database.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE USER checkers WITH ENCRYPTED PASSWORD '477iyetc44i2th6za8r7';
CREATE DATABASE checkers;
GRANT ALL PRIVILEGES ON DATABASE checkers TO checkers;
ALTER DATABASE checkers OWNER TO checkers;
CREATE USER gitea WITH ENCRYPTED PASSWORD 'irvjyvqp8c94e8tf2gq5';
CREATE DATABASE gitea;
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
ALTER DATABASE gitea OWNER TO gitea;
EOSQL

109
install.sh Normal file
View File

@ -0,0 +1,109 @@
#!/bin/bash
#SECRETS_STORE=/data/secrets/secrets.env
GIT_SSH_DOMAIN=rozenlab.com
GIT_USER=leo
PGUSER=admin
PGDATABASE=postgres
LETSENCRYPT_EMAIL=426742@gmail.com
TRAEFIKLOGLEVEL=DEBUG # / INFO / ERROR
ADMINEMAIL=426742@gmail.com
STARTDIR=server-origin
SSHPORT=2525
if [ "$(id -u)" != "0" ]; then
echo "This script requires superuser rights. Running with sudo..."
exec sudo "$0" "$@"
fi
if [ -z "$1" ]; then
echo "Please provide the DOMAIN_NAME as an argument"
exit 1
fi
#if [ -f $SECRETS_STORE ]; then
# source $SECRETS_STORE
#fi
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
set -e
export DEBIAN_FRONTEND=noninteractive
$DOMAIN=$1
#$SERVER_TYPE=dev
mkdir -p /data
chown usradmin:usradmin /data
chmod 770 /data
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/utils.git
cd /data/utils
#bash init-server.sh
bash init-docker.sh
docker network create proxynet
# SSH config:
#bash ssh-port.sh $SSHPORT
#ssh-keygen -t ed25519 -C "$ADMINEMAIL"
bash cron-list.sh
# create global environment vars:
bash global-env.sh SERVER_DOMAIN $DOMAIN
bash global-env.sh POSTGRES_USER $PGUSER
bash global-env.sh POSTGRES_DB $PGDATABASE
bash global-env.sh TRAEFIK_LOG_LEVEL $TRAEFIKLOGLEVEL
bash global-env.sh ADMIN_EMAIL $ADMINEMAIL
bash global-env.sh SRV_START_DIR $STARTDIR
#bash global-env.sh SERVER_TYPE $SERVER_TYPE
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/backup.git
cd /data/utils
#bash env-gen.sh LE_EMAIL "$LETSENCRYPT_EMAIL"
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/traefik.git
cd traefik
sudo docker compose up -d
cd /data/utils
bash env-gen.sh POSTGRES_PASSWORD
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/postgres.git
cd postgres
sudo docker compose up -d
# pgadmin install:
mkdir -p /data/appdata/pgadmin
chown -R 5050:5050 /data/appdata/pgadmin
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/pgadmin.git
cd pgadmin
sudo docker compose up -d
ln -s /data/blog-frontend/main /data/www
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/nginx-main.git
cd nginx-main
sudo docker compose up -d
cd /data
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/gitea.git
cd gitea
cd /data/utils
bash env-gen.sh GITEA__database__PASSWD
bash init-db.sh gitea $GITEA__database__PASSWD
sudo docker compose up -d
trap - EXIT
echo "Install server-origin complete"

16
nginx.yml
View File

@ -1,16 +0,0 @@
services:
nginx:
container_name: nginx
image: nginx:1.27.0-alpine3.19
restart: always
networks:
- proxynet
labels:
- "traefik.enable=true"
- "traefik.http.routers.nginx.rule=Host(`${DOMAIN}`)"
volumes:
- ./www/main:/usr/share/nginx/html
networks:
proxynet:
external: true

25
pgadmin.yml
View File

@ -1,25 +0,0 @@
services:
pgadmin:
container_name: pgadmin
image: dpage/pgadmin4:8.6
restart: always
networks:
- proxynet
user: '$UID:$GID'
env_file:
- ./secrets/vars.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${DOMAIN}`)"
- "traefik.http.routers.pgadmin.middlewares=pgadmin-auth"
- "traefik.http.middlewares.pgadmin-auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
environment:
PGADMIN_CONFIG_SERVER_MODE: 'False'
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
volumes:
- ./data/pgadmin:/var/lib/pgadmin
- ./secrets/httpauth:/httpauth
networks:
proxynet:
external: true

33
postgres.yml
View File

@ -1,33 +0,0 @@
services:
postgres:
container_name: postgres
image: postgres:16.3-alpine3.19
restart: always
networks:
- proxynet
env_file:
- ./secrets/vars.env
environment:
PG_DATA: /var/lib/postgresql/data
POSTGRES_USER: admin
POSTGRES_DB: postgres
volumes:
- ./data/pgdata:/var/lib/postgresql/data
- ./init-db/init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.postgresql.rule=HostSNI(`*`)"
- "traefik.tcp.services.postgresql.loadbalancer.server.port=5432"
- "traefik.tcp.routers.postgresql.entrypoints=postgres"
initContainers:
container_name: volume-permissions
image: busybox:1.36.1-glibc
command: >
sh -c "chmod 755 /init-db/init-database.sh"
volumes:
- ./init-db:/init-db
networks:
proxynet:
external: true

21
run-checkerwars.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
if [ "$(id -u)" != "0" ]; then
echo -e "\033[31mThis script requires superuser rights.\033[0m"
exit 0
fi
DEV_ENV="/data/secrets/dev.env"
INSTALL_DIR="/data/install"
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
set -e
export DEBIAN_FRONTEND=noninteractive
source $DEV_ENV
bash $INSTALL_DIR/remote.sh $SERVER_BEGETCW_HOST $SERVER_BEGETCW_PASSWORD
trap - ERR
echo "server-origin install complete"

1
secrets/httpauth/usersfile.htpasswd
View File

@ -1 +0,0 @@
admin:$apr1$yqPJkrsT$3QLU4eis81kl81STzRmQK/

44
secrets/letsencrypt/acme.json
View File

File diff suppressed because one or more lines are too long

23
secrets/selfsigned/selfsigned.crt
View File

@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIUYxNh6S3Y0G/QO+A+l/Cuj9H4HcswDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
ZXcgWW9yazEMMAoGA1UECgwDTEVPMQwwCgYDVQQLDANMZW8xDDAKBgNVBAMMA0xl
bzEfMB0GCSqGSIb3DQEJARYQNDI2NzQyQGdtYWlsLmNvbTAeFw0yNDA1MzExODU0
MjRaFw0yNzAyMjQxODU0MjRaME4xCzAJBgNVBAYTAkNBMQ0wCwYDVQQIDAROb25l
MQswCQYDVQQHDAJOQjENMAsGA1UECgwETm9uZTEUMBIGA1UEAwwLY3dzZXJ2ZXIu
aG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5S01nzA7rE+ZGVoX
OKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV53oq
+yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKgN9+c
7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRdm8C3
K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g2kz1
fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW5B4P
kg8RAgMBAAGjgYEwfzAfBgNVHSMEGDAWgBR7tnajbyUDVGrenFewhqX6XqkUrTAJ
BgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAlBgNVHREEHjAcggtjd3NlcnZlci5obYIN
Ki5jd3NlcnZlci5obTAdBgNVHQ4EFgQUZNPvtUIP2wdNdguNWyTnte8KecwwDQYJ
KoZIhvcNAQELBQADggEBAEfzFLDMTbeaDDMesshTur6xUwfMr9jzcU6BMlZ8vaRt
6zqlBH9zV5tkyAaiiyjHIKU7NIh3KGhm+XdqOGOSl11jX/X09mw792lrCemmzHeC
xhEoVetBsyRPs2ie/uzWkCV6wrq9MYAz8T0DeiJfW6uVy61Jg1JtOCbdWp5wBkco
pp8ZNIV2LBwoo7YXbGGN0zO6ozoUwOjNazV+Zytog35W8MOv5XPuZBxDE0UR+Bba
eiquGSRlfNcWDRxvEZDciLqxgv283+XdglxcCwVcXg+Qk1Tul7BSM4rI0W9B3ox3
3Y2AhMKxqpJEpXa4yu6w4qW/fc54zVQsJbEfNgMRJ4g=
-----END CERTIFICATE-----

28
secrets/selfsigned/selfsigned.key
View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCj5S01nzA7rE+Z
GVoXOKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV
53oq+yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKg
N9+c7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRd
m8C3K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g
2kz1fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW
5B4Pkg8RAgMBAAECggEAEAcUcb78j4ldS2KQTd8LRExkJhfBHy6kEp7FhRxepfWS
7clc/ZVUiC15EYtIii2T4o2tYvc7uq4kUUAO0W83kM5aa9iPSq3BvRZ579TkdtJc
o6LOajWKrRI6zabhJSuphzV5D2oG9TqrxCFSq9zzKNZMv3DrfudZt1TWB3cMxaVx
poPh+wceJgOC0EtfGU/HaNbZY6eRawH4YmjhILTwt2q2tdKXy+b/FbKRzGbGp1cE
IdnyAbP4rjEarcf0w4DH68jZ2nPAj/Yfx9sZETZqXakIXoo0TKz1cRGfbBis2qCn
ZGhosi3ru/oE0faL8DoZMAeIYWZDuWj0eObT4vhTQQKBgQDkbCXmXxvY/Mq/6Qu9
nri3v1gqkmccMFq+QSogLmV4n97pRN+99x1e4MVruejUl/VDybjI0aCdGAaAXREr
BBwefleqWZ1SRATee8bkftoYefpddK62wMDk6AFOHMbC3ZDcr+MVcOIpjNf8cwys
2Q0N67RUN791ZtoArAfS8KNyGQKBgQC3rq+Eh4zLo7Wr+FZJLnT6FyqvRd1QXaLM
ihRBw5wHZ9imGJksCVrwWDmViyTh9cRTxhysNi7WUDYWcs2/1iNzpVMMmr6Zakbk
8oqu864DQyVSafCzFexsg2zf2HFZ62S+fmnyjBnNi0LioiF5Ocqq81+6KvPnjfKx
kFiG9vrTuQKBgCjc3/rSUN0EfBDQ0/TcDBdy94bGIgP88n7OkYaoRibKEsqQM6Z8
KpjqhOa8n1ZIyOuTjqb+OUlhHuifvY6AcbdSysQCvA4XdPeIFRCTUNjIGW3WjdrL
qLZKetFKfJQnpt6T6H/RbeQY+hqDSmUxfxBadiwKvQl3mNA99jhaLCMhAoGAA9ZB
UlpmhYZ48Auy+bpftS2wtZKXCeu6z9z+iVUluD3iF64h3PqhDK47HbWXYqT4oetc
g/hpyA5K4vMo+x3lBbBpaLT+0EOZEYVDgl4Sv3yyleMipQsLMkUYjCCAVamGJDiN
zARDMbj7/7H1UwvzANkuobvt9mNPs4fZYZBdMvkCgYEA0F7UjhiE05p9B/o4RIzi
mNSfvOW1sQRnMnlbSdaTgPpB3IogzxidfzDIFkDzNoiL4xrgppBMWIsSxrMXVeJf
K6cOtYG7Q+chOut/9RkefQZBuz+PTcGYlMxGGfeUM8JMK+Stx3LT/K9bHb+BQtK0
8cb4frLS5SNja/8nc0aa7oM=
-----END PRIVATE KEY-----

5
secrets/vars.env
View File

@ -1,5 +0,0 @@
POSTGRES_PASSWORD=5w5oaorg63mhrn7ybm8t
PGADMIN_DEFAULT_EMAIL=426742@gmail.com
PGADMIN_DEFAULT_PASSWORD=upu9s546b8ndyoeq4v3d
LE_EMAIL=426742@gmail.com
GITEA_DB_PW=irvjyvqp8c94e8tf2gq5

30
start.sh
View File

@ -2,28 +2,22 @@
set -e set -e
if [ -z "$1" ]; then echo "Start all..."
echo "Please provide the environment type as an argument"
exit 1
fi
ENV_TYPE="$1" # dev / prod # traefik run:
sudo docker start traefik
echo "Start server on environment $ENV_TYPE..." # postgres run:
sudo docker start postgres
#Traefik run: # pgadmin run:
sudo docker compose --env-file .env.$ENV_TYPE -f traefik.yml up -d sudo docker start pgadmin
#Gitea run: # nginx-main run:
sudo docker compose --env-file .env.$ENV_TYPE -f gitea.yml up -d sudo docker start nginx-main
#Postgres run: # gitea run:
sudo docker compose -f postgres.yml up -d sudo docker start gitea
#Pgadmin run:
sudo docker compose --env-file .env.$ENV_TYPE -f pgadmin.yml up -d
#Nginx run: echo "All containers successfully started
sudo docker compose --env-file .env.$ENV_TYPE -f nginx.yml up -d
echo "All successfully started to environment $ENV_TYPE."

23
stop.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
set -e
echo "Stop all..."
# traefik run:
sudo docker stop traefik
# postgres run:
sudo docker stop postgres
# pgadmin run:
sudo docker stop pgadmin
# nginx-main run:
sudo docker stop nginx-main
# gitea run:
sudo docker stop gitea
echo "All containers successfully stopped

69
traefik.yml
View File

@ -1,69 +0,0 @@
services:
traefik:
container_name: traefik
image: traefik:v3.0.1
restart: always
networks:
- proxynet
env_file:
- ./secrets/vars.env
command:
- "--providers.file.filename=/traefik/certs.yml"
- "--api.insecure=false"
- "--api.dashboard=true"
- "--providers.docker"
- "--log.level=DEBUG"
- '--log=true'
#- "--log.level=INFO"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.network=repo-server_proxynet"
#Entrypoints:
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--entrypoints.postgres.address=:5432"
- "--entrypoints.http.http.redirections.entrypoint.to=https"
- "--entrypoints.http.http.redirections.entrypoint.scheme=https"
#SSL Let's Encrypt:
- "--entrypoints.https.http.tls.certResolver=${CERT_RESOLVER}"
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=${LE_EMAIL}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
#Dashboard secure:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.dashboard.entrypoints=https"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
ports:
- "80:80"
- "443:443"
- "5432:5432"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./secrets/letsencrypt:/letsencrypt
- ./secrets/httpauth:/httpauth
- ./traefik/certs.yml:/traefik/certs.yml
- ./secrets/selfsigned:/secrets/selfsigned
logging:
driver: "json-file"
options:
max-size: "1m"
initContainers:
container_name: volume-permissions
image: busybox:1.36.1-glibc
command: >
sh -c "touch /letsencrypt/acme.json &&
chmod -Rv 600 /letsencrypt/* &&
chown 65532:65532 /letsencrypt/acme.json"
volumes:
- ./secrets/letsencrypt:/letsencrypt
networks:
proxynet:
driver: bridge
external: false

4
traefik/certs.yml
View File

@ -1,4 +0,0 @@
tls:
certificates:
- certFile: "/secrets/selfsigned/selfsigned.crt"
keyFile: "/secrets/selfsigned/selfsigned.key"

10
www/main/index.html
View File

@ -1,10 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Docker Nginx</title>
</head>
<body>
<h2>Hello from Nginx container</h2>
</body>
</html>