From 48a27ddf71700e424f5b06117ca599107ccd1314 Mon Sep 17 00:00:00 2001 From: Adrian Amaglio Date: Thu, 8 Jun 2023 09:34:51 +0200 Subject: [PATCH] update --- .../roles/deploy_all/files/bin/deployer.sh | 39 +++++++----- .../roles/deploy_all/files/bin/startwg.sh | 17 +++++ .../deploy_all/files/bind/db.jean-cloud.org | 2 +- .../deploy_all/files/bind/db.karnaval.fr | 3 +- .../deploy_all/files/bind/db.oma-radio.fr | 37 ++++++----- services/benevoles31.karnaval.fr/.env | 0 .../docker-compose.yml | 62 +++++++++++++++++++ .../benevoles31.karnaval.fr/nginx_server.conf | 55 ++++++++++++++++ services/jean-cloud.net/install.sh | 4 ++ .../lexicographe.jean-cloud.net/install.sh | 4 ++ .../docker-compose.yml | 22 +++---- .../wg-radiodemo.sh | 2 +- 12 files changed, 198 insertions(+), 49 deletions(-) create mode 100755 provisioning/roles/deploy_all/files/bin/startwg.sh create mode 100644 services/benevoles31.karnaval.fr/.env create mode 100755 services/benevoles31.karnaval.fr/docker-compose.yml create mode 100755 services/benevoles31.karnaval.fr/nginx_server.conf diff --git a/provisioning/roles/deploy_all/files/bin/deployer.sh b/provisioning/roles/deploy_all/files/bin/deployer.sh index 057798d..0d6e11e 100755 --- a/provisioning/roles/deploy_all/files/bin/deployer.sh +++ b/provisioning/roles/deploy_all/files/bin/deployer.sh @@ -24,6 +24,26 @@ function ipof { resolv.sh "$1" } +function jcservice { + if [ "$#" -ne 2 ] ; then + echo "usage: $0 " + echo "action is start/stop/reload/restart" + echo "service is a jc service name" + exit 1 + fi + action="$1" + service="$2" + if [ -f "/docker/$service/install.sh" ] ; then + section "Running install script" + . "/docker/$service/install.sh" + # Is $action a bash function? + if [ -n "$(LC_ALL=C type "$action" | head -n 1 | grep 'function')" ] ; then + "$action" + fi + unset -f start stop reload restart "$action" + fi +} + # Path to this directory here="$(where 'follow_links')" @@ -93,14 +113,8 @@ for dir in /docker/* ; do docker-compose down --rmi all --remove-orphans [ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR" fi - - # If there is an install script? - if [ -x "/docker/$service/install.sh" ] ; then - section "Running install script" - . "/docker/$service/install.sh" - stop - unset -f start stop reload restart - fi + + jcservice stop "$service" # TODO check for leftover wg interfaces continue @@ -123,14 +137,7 @@ for dir in /docker/* ; do run docker-compose up -d --remove-orphans fi - - # If there is an install script - if [ -f "/docker/$service/install.sh" ] ; then - section "Running install script" - . "/docker/$service/install.sh" - start - unset -f start stop reload restart - fi + jcservice start "$service" # If there is a wireguard vpn script diff --git a/provisioning/roles/deploy_all/files/bin/startwg.sh b/provisioning/roles/deploy_all/files/bin/startwg.sh new file mode 100755 index 0000000..48f7dcd --- /dev/null +++ b/provisioning/roles/deploy_all/files/bin/startwg.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +if [ "$#" -ne 1 ] ; then + echo "Usage: $0 " + exit 1 +fi + +wgif="$1" + +if [ -z "$(ip a | grep "$wgif")" ] ; then + wg-quick up "$wgif" +else + wg syncconf "$wgif" <(wg-quick strip "$wgif") +fi + diff --git a/provisioning/roles/deploy_all/files/bind/db.jean-cloud.org b/provisioning/roles/deploy_all/files/bind/db.jean-cloud.org index efd16ce..2752757 100644 --- a/provisioning/roles/deploy_all/files/bind/db.jean-cloud.org +++ b/provisioning/roles/deploy_all/files/bind/db.jean-cloud.org @@ -33,7 +33,7 @@ gm3._domainkey 10800 IN CNAME gm3.gandimail.net. ; Website classics webmail 10800 IN CNAME webmail.gandi.net. -www 10800 IN CNAME jean-cloud.org. +www 10800 IN CNAME jean-cloud.net. ; Machines vandamme IN A 51.255.33.248 diff --git a/provisioning/roles/deploy_all/files/bind/db.karnaval.fr b/provisioning/roles/deploy_all/files/bind/db.karnaval.fr index 78761a8..09fc8c0 100644 --- a/provisioning/roles/deploy_all/files/bind/db.karnaval.fr +++ b/provisioning/roles/deploy_all/files/bind/db.karnaval.fr @@ -15,7 +15,8 @@ $TTL 604800 @ IN NS ns4.he.net. @ IN NS ns5.he.net. -@ IN A 51.178.80.171 +@ IN A 51.195.40.128 +@ IN AAAA 2001:41d0:701:1100::31f ; Resolving nameserver diff --git a/provisioning/roles/deploy_all/files/bind/db.oma-radio.fr b/provisioning/roles/deploy_all/files/bind/db.oma-radio.fr index 1a1b3ea..23fcb7a 100644 --- a/provisioning/roles/deploy_all/files/bind/db.oma-radio.fr +++ b/provisioning/roles/deploy_all/files/bind/db.oma-radio.fr @@ -1,6 +1,6 @@ $TTL 604800 @ IN SOA max.jean-cloud.org. contact.jean-cloud.org. ( - 2023052300 ; Serial + 2023060100 ; Serial 604800 ; Refresh 7200 ; Retry 2419200 ; Expire @@ -27,18 +27,17 @@ _submission._tcp IN SRV 0 0 465 ssl0.ovh.net. ; web @ IN A 51.255.33.248 -www IN CNAME vandamme.jean-cloud.net. +www IN CNAME vandamme.jean-cloud.org. -www.registry IN CNAME nougaro.jean-cloud.net. -registry IN CNAME nougaro.jean-cloud.net. -services IN CNAME nougaro.jean-cloud.net. +registry IN CNAME montbonnot.jean-cloud.org. + +radionimaitre IN CNAME tetede.jean-cloud.org. +www.radionimaitre IN CNAME tetede.jean-cloud.org. +paj IN CNAME nougaro.jean-cloud.org. +www.paj IN CNAME nougaro.jean-cloud.org. +radiodemo IN CNAME tetede.jean-cloud.org. +radiodemo-back IN CNAME montbonnot.jean-cloud.org. -radionimaitre IN CNAME tetede.jean-cloud.net. -www.radionimaitre IN CNAME tetede.jean-cloud.net. -paj IN CNAME nougaro.jean-cloud.net. -www.paj IN CNAME nougaro.jean-cloud.net. -radiodemo IN CNAME tetede.jean-cloud.net. -radiodemo-back IN CNAME montbonnot.jean-cloud.net. ;autoconfig IN SRV mailconfig.ovh.net. @@ -50,15 +49,15 @@ pop3 IN CNAME ssl0.ovh.net. stream.paj._ports IN TXT 9002 control.paj._ports IN TXT 9492 -pa1.studios IN CNAME tetede.jean-cloud.net. -montpellier1.studios IN CNAME tetede.jean-cloud.net. +pa1.studios IN CNAME tetede.jean-cloud.org. +montpellier1.studios IN CNAME tetede.jean-cloud.org. -npm IN CNAME vandamme.jean-cloud.net. -www.npm IN CNAME vandamme.jean-cloud.net. +npm IN CNAME vandamme.jean-cloud.org. +www.npm IN CNAME vandamme.jean-cloud.org. -static IN CNAME vandamme.jean-cloud.net. -www.static IN CNAME vandamme.jean-cloud.net. +static IN CNAME vandamme.jean-cloud.org. +www.static IN CNAME vandamme.jean-cloud.org. -discordbot IN CNAME vandamme.jean-cloud.net. -www.discordbot IN CNAME vandamme.jean-cloud.net. +discordbot IN CNAME vandamme.jean-cloud.org. +www.discordbot IN CNAME vandamme.jean-cloud.org. diff --git a/services/benevoles31.karnaval.fr/.env b/services/benevoles31.karnaval.fr/.env new file mode 100644 index 0000000..e69de29 diff --git a/services/benevoles31.karnaval.fr/docker-compose.yml b/services/benevoles31.karnaval.fr/docker-compose.yml new file mode 100755 index 0000000..dbb357a --- /dev/null +++ b/services/benevoles31.karnaval.fr/docker-compose.yml @@ -0,0 +1,62 @@ +version: '3' +services: + app: + image: jeancloud/site-benevole:dev-karna-debian + environment: + UID: 33 + MOUNT: / + volumes: + - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi + - $DATA_DIR/assets:/usr/src/app/assets + - $DATA_DIR/media:/usr/src/app/media + - $DATA_DIR/local_settings.py:/usr/src/app/site_benevole/local_settings.py + restart: unless-stopped + networks: + default: + ipv4_address: 172.16.17.100 + + redis: + image: redis + db: + image: postgres:9.6-alpine + env_file: $DATA_DIR/postgres.env + environment: + POSTGRES_USER: benevoles + POSTGRES_DB: benevoles + volumes: + - $DATA_DIR/db:/var/lib/postgresql/data + networks: + default: + ipv4_address: 172.16.17.101 + # app2: + # image: jeancloud/site-benevole:dev-karna-debian + # environment: + # UID: 33 + # MOUNT: / + # volumes: + # - /tmp/uwsgi/app2/$JC_SERVICE:/tmp/uwsgi + # - $DATA_DIR/app2/assets:/usr/src/app/assets + # - $DATA_DIR/app2/media:/usr/src/app/media + # - $DATA_DIR/app2/local_settings.py:/usr/src/app/site_benevole/local_settings.py + # restart: unless-stopped + # networks: + # default: + # ipv4_address: 172.29.17.110 + # + # db2: + # image: postgres:9.6-alpine + # env_file: $DATA_DIR/postgres.env + # environment: + # POSTGRES_USER: benevoles + # POSTGRES_DB: benevoles + # volumes: + # - $DATA_DIR/db2:/var/lib/postgresql/data + # networks: + # default: + # ipv4_address: 172.29.17.111 + +networks: + default: + ipam: + config: + - subnet: 172.16.17.0/24 diff --git a/services/benevoles31.karnaval.fr/nginx_server.conf b/services/benevoles31.karnaval.fr/nginx_server.conf new file mode 100755 index 0000000..3742ec2 --- /dev/null +++ b/services/benevoles31.karnaval.fr/nginx_server.conf @@ -0,0 +1,55 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; + server_name $JC_SERVICE benevoles.karnaval.fr; + + root $DATA_DIR/assets; + + gzip on; + gzip_static on; + gzip_types application/javascript image/* text/css application/font-woff application/font-woff2; + gunzip on; + + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_buffer_size 4k; + client_max_body_size 4M; + + location / { + include uwsgi_params; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi.sock; + } + + location = /favicon.ico { + root $DATA_DIR/assets/; + } + location = /favicon-admin.ico { + root $DATA_DIR/assets/; + } + + location /assets/ { + alias $DATA_DIR/assets/; + access_log off; + sendfile on; + tcp_nopush on; + sendfile_max_chunk 1m; + keepalive_timeout 65; + location ~* \.(jpg|jpeg|png|gif|ico|woff|woff2)$ { + access_log off; + expires 5d; + } + } + + location /media/ { + alias $DATA_DIR/media/; + access_log off; + sendfile on; + tcp_nopush on; + sendfile_max_chunk 1m; + keepalive_timeout 65; + } + + +} diff --git a/services/jean-cloud.net/install.sh b/services/jean-cloud.net/install.sh index 876157c..2095e56 100755 --- a/services/jean-cloud.net/install.sh +++ b/services/jean-cloud.net/install.sh @@ -9,3 +9,7 @@ start() { restart () { start } + +stop () { + : +} diff --git a/services/lexicographe.jean-cloud.net/install.sh b/services/lexicographe.jean-cloud.net/install.sh index ba38b0e..1e14f13 100755 --- a/services/lexicographe.jean-cloud.net/install.sh +++ b/services/lexicographe.jean-cloud.net/install.sh @@ -10,3 +10,7 @@ start() { restart () { start } + +stop () { + : +} diff --git a/services/radiodemo-back.oma-radio.fr/docker-compose.yml b/services/radiodemo-back.oma-radio.fr/docker-compose.yml index 6ba6576..1cb2b2b 100644 --- a/services/radiodemo-back.oma-radio.fr/docker-compose.yml +++ b/services/radiodemo-back.oma-radio.fr/docker-compose.yml @@ -1,7 +1,7 @@ version: '3' services: ambre_mux: - image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION + image: jeancloud/mux:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_Client1Host: $NET.108 @@ -22,7 +22,7 @@ services: saphir_telecom_server: - image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION + image: jeancloud/telecom-server:$OMA_DOCKER_VERSION env_file: .env ports: - $TELECOM_SERVER_PORT:3490 @@ -37,7 +37,7 @@ services: memory: 100M anthracite_jukebox: - image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION + image: jeancloud/jukebox:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -56,7 +56,7 @@ services: memory: 100M azurite_jukebox_simulator: - image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION + image: jeancloud/jukebox-simulator:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -73,13 +73,13 @@ services: memory: 100M # aventurine_transcode: - # image: registry.oma-radio.fr/transcode:$OMA_DOCKER_VERSION + # image: jeancloud/transcode:$OMA_DOCKER_VERSION # env_file: .env # restart: unless-stopped agate_importer: - image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION + image: jeancloud/baseimport:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -96,7 +96,7 @@ services: memory: 500M amarante_webserver: - image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION + image: jeancloud/webserver:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -114,7 +114,7 @@ services: memory: 100M rubis_base_mg: - image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION + image: jeancloud/base-mg:$OMA_DOCKER_VERSION env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -132,7 +132,7 @@ services: system_api: - image: registry.oma-radio.fr/system-api:dev + image: jeancloud/system-api:dev env_file: .env environment: OMA_CONFIG_TelecommandeHost: $NET$TELECOM @@ -167,7 +167,7 @@ services: ipv4_address: $NET.108 #radioking: - # image: registry.oma-radio.fr/liquidsoap:1.3.7 + # image: jeancloud/liquidsoap:1.3.7 # env_file: .env # volumes: # - ./radioking.liq:/radioking.liq @@ -178,7 +178,7 @@ services: # ipv4_address: $NET.111 #ammolite_mp3_addon: - # image: registry.oma-radio.fr/mp3addon:$OMA_DOCKER_VERSION + # image: jeancloud/mp3addon:$OMA_DOCKER_VERSION # env_file: .env # environment: # OMA_CONFIG_TelecommandeHost: $NET.101 diff --git a/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh b/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh index 30a979a..d4f9bf7 100755 --- a/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh +++ b/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh @@ -4,7 +4,7 @@ set -euo pipefail . .env -[ -f "$DATA_DIR/privatekey" ] || echo 'No privatekey found' && exit 1 +[ -f "$DATA_DIR/privatekey" ] || { echo 'No privatekey found' && exit 1 ; } echo " [Interface]