diff --git a/services/accent.jean-cloud.net/docker-compose.yml b/services/accent.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..6beb265 --- /dev/null +++ b/services/accent.jean-cloud.net/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3' +services: + app: + image: mirego/accent:v1.19.12 + depends_on: + - db + environment: + - DATABASE_URL=postgres://postgres@db:5432/accent_development + restart: "unless-stopped" + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '1' + memory: 200M + + db: + image: postgres:10.3 + environment: + - POSTGRES_DB=accent_development + volumes: + - $DATA_DIR/db:/var/lib/postgresql/data + restart: "unless-stopped" + networks: + default: + ipv4_address: $NET.101 + deploy: + resources: + limits: + cpus: '1' + memory: 300M + + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/backup-borg-client/backup_list.sh b/services/backup-borg-client/backup_list.sh new file mode 100755 index 0000000..a9bf588 --- /dev/null +++ b/services/backup-borg-client/backup_list.sh @@ -0,0 +1 @@ +#!/bin/bash diff --git a/services/backup-borg-client/deploy.sh b/services/backup-borg-client/deploy.sh new file mode 100755 index 0000000..69b2e26 --- /dev/null +++ b/services/backup-borg-client/deploy.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -euo pipefail + +pubkeyfile="/root/.ssh/authorized_keys" +separator="# backup-borg-begin DO NOT EDIT UNDER THIS LINE" +mkdir -p "$DATA_DIR/pubkeys" "$DATA_DIR/.ssh" + +# Create ssh key if not found +if [ ! -e "$DATA_DIR/.ssh/borg-client" ] ; then + ssh-keygen -f "$DATA_DIR/.ssh/borg-client" -C "SSH key for backup trigger" -P '' +fi + +# Remove separator and automated lines if found +if [ -n "$(grep "$separator" "$pubkeyfile")" ] ; then + sed -i "/$separator/,//d" "$pubkeyfile" +fi + +# Place separator back +echo "$separator" >> "$pubkeyfile" + +# Foreach borg server key +while read serverkey ; do + # Add authorized_keys line + echo "command=\"$DOCKER_DIR/script-sauvegarde.sh $serverkey\" $(cat "$DATA_DIR/pubkeys/$serverkey")" >> "$pubkeyfile" +done < <(ls "$DATA_DIR/pubkeys") diff --git a/services/backup-borg-client/script-sauvegarde.sh b/services/backup-borg-client/script-sauvegarde.sh new file mode 100755 index 0000000..8f6e4fb --- /dev/null +++ b/services/backup-borg-client/script-sauvegarde.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +. "$( cd -P "$( dirname "$0" )" && pwd )/.env" + +server="$1" +failed="" + +while IFS=';' read -r id username service target ; do + if [ ! -d "/data/$service" ] ; then + continue + fi + + echo " = = ===== = ===== $service ===== = ===== = =" + + # Create passfile if not exists + mkdir -p "$DATA_DIR/passphrase" + passfile="$DATA_DIR/passphrase/$service" + if [ ! -e "$passfile" ] ; then + LC_ALL=C tr -dc A-Za-z0-9 "$passfile" + fi + + # Borg variables + export BORG_REPO="backup-borg-server@127.0.0.1:/data/backup-borg-server/backups/$(hostname)/$service" + export BORG_PASSPHRASE="$(cat "$passfile")" + RSH='ssh -o StrictHostKeyChecking=no -p 12345' + + # Get specific backup files + cd "/data/$service" + BACKUP_LIST="$(ls -A)" + if [ -x "/docker/$service/backup_list.sh" ] ; then + BACKUP_LIST="$(/docker/$service/backup_list.sh)" + fi + if [ -z "$BACKUP_LIST" ] ; then + continue + fi + echo "--------------> $BACKUP_LIST" + + borg init --rsh "$RSH" --encryption repokey || true + borg create --rsh "$RSH" --list --filter=AMCE --stats --show-rc "::$(date +%Y%m%d%H%M)" $BACKUP_LIST + if [ "$?" -ne 0 ] ; then + failed="$failed $service" + fi + +done < <(grep -v '^#' /docker/services.csv) + +if [ -n "$failed" ] ; then + echo "FAILED" + echo "$failed" +fi diff --git a/services/backup-borg-server/deploy_user.sh b/services/backup-borg-server/deploy_user.sh new file mode 100755 index 0000000..e68562d --- /dev/null +++ b/services/backup-borg-server/deploy_user.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +sshkey=~/.ssh/borg-server +backup_dir="$DATA_DIR/backups" + +mkdir -p ~/.ssh "$backup_dir" + +if [ ! -e "$sshkey" ] ; then + ssh-keygen -q -C 'Borg server ssh key' -N '' -t rsa -f "$sshkey" <<&1 >/dev/null +fi + +echo -n "" > ~/.ssh/authorized_keys +chmod 600 ~/.ssh/authorized_keys + +# Foreach client +for client in raku.jean-cloud.org vandamme.jean-cloud.org ; do + # Generate key + clientkey="$(mktemp -d)" + ssh-keygen -q -N '' -t rsa -C 'Borg client ssh key' -f "$clientkey/id_rsa" <<&1 >/dev/null + cat > ~/.ssh/authorized_keys < /dev/null + ssh-add "$clientkey/id_rsa" + ssh -A -R localhost:12345:127.0.0.1:45985 "root@$client" -p 45985 -i "$sshkey" + + # Clean + kill "${SSH_AGENT_PID}" + rm -r "$clientkey" ~/.ssh/authorized_keys +done + + + + diff --git a/services/chiloe.eu/.env b/services/chiloe.eu/.env new file mode 100644 index 0000000..224f494 --- /dev/null +++ b/services/chiloe.eu/.env @@ -0,0 +1 @@ +SFTP_USER="chiloeRO" diff --git a/services/chiloe.eu/LINKS. DO NOT EDIT b/services/chiloe.eu/LINKS. DO NOT EDIT new file mode 100644 index 0000000..e69de29 diff --git a/services/chiloe.eu/deploy.sh b/services/chiloe.eu/deploy.sh new file mode 120000 index 0000000..e857506 --- /dev/null +++ b/services/chiloe.eu/deploy.sh @@ -0,0 +1 @@ +../sftp_jc/deploy.sh \ No newline at end of file diff --git a/services/copaines.jean-cloud.net/.env b/services/copaines.jean-cloud.net/.env new file mode 100644 index 0000000..78c00a5 --- /dev/null +++ b/services/copaines.jean-cloud.net/.env @@ -0,0 +1 @@ +SFTP_USER="copaines" diff --git a/services/copaines.jean-cloud.net/LINKS. DO NOT EDIT b/services/copaines.jean-cloud.net/LINKS. DO NOT EDIT new file mode 100644 index 0000000..e69de29 diff --git a/services/mux.radiodemo.oma-radio.fr/backup_list.sh b/services/mux.radiodemo.oma-radio.fr/backup_list.sh new file mode 100755 index 0000000..a9bf588 --- /dev/null +++ b/services/mux.radiodemo.oma-radio.fr/backup_list.sh @@ -0,0 +1 @@ +#!/bin/bash diff --git a/services/mux.radiodemo.oma-radio.fr/server.sh b/services/mux.radiodemo.oma-radio.fr/server.sh new file mode 100755 index 0000000..dbf589f --- /dev/null +++ b/services/mux.radiodemo.oma-radio.fr/server.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +echo "Content-type: text/html" +echo "" + +. .env + + +instance='' +since='' +until='' + +action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')" + +while IFS='=' read key value ; do + case "$key" in + instance) + instance="$value" + ;; + since) + since="$value" + ;; + until) + until="$value" + ;; + list) + docker-compose ps -a --format json + ;; + *) + exit 1 + esac +done < <(echo "$action") + +[ -z "$instance" ] && exit 2 +[ -z "$since" ] && exit 3 +[ -z "$until" ] && exit 4 + +echo docker-compose logs --since "$since" --until "$until" "$instance" +if [ "$?" -ne 0 ] ; then + echo failed +fi + diff --git a/services/raplacgr.jean-cloud.net/docker-compose.yml b/services/raplacgr.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..f0fd715 --- /dev/null +++ b/services/raplacgr.jean-cloud.net/docker-compose.yml @@ -0,0 +1,47 @@ +version: '3' +services: + web: + image: jeancloud/rapla + environment: + MYSQL_DATABASE: rapla_db + MYSQL_USER: rapla_db_user + MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT + MYSQL_HOST: db + volumes: + - /docker/raplacgr.jean-cloud.net/server.xml:/usr/local/tomcat/conf/server.xml + depends_on: + - db + restart: unless-stopped + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 300M + + db: + image: mysql:5.7 + environment: + MYSQL_DATABASE: rapla_db + MYSQL_USER: rapla_db_user + MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT + MYSQL_RANDOM_ROOT_PASSWORD: yes + volumes: + - /data/raplacgr.jean-cloud.net/db:/var/lib/mysql + restart: unless-stopped + networks: + default: + ipv4_address: $NET.101 + deploy: + resources: + limits: + cpus: '0.50' + memory: 300M + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/raplacgr.jean-cloud.net/nginx_server.conf b/services/raplacgr.jean-cloud.net/nginx_server.conf new file mode 100644 index 0000000..0ac0707 --- /dev/null +++ b/services/raplacgr.jean-cloud.net/nginx_server.conf @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name raplacgr.jean-cloud.net; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_pass http://$NET.100:8080/; + proxy_set_header Host raplacgr.jean-cloud.net; + proxy_set_header X-Forwarded-Proto https; + } +} diff --git a/services/raplacgr.jean-cloud.net/server.xml b/services/raplacgr.jean-cloud.net/server.xml new file mode 100644 index 0000000..17aded2 --- /dev/null +++ b/services/raplacgr.jean-cloud.net/server.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sftp_jc/deploy.sh b/services/sftp_jc/deploy.sh new file mode 100755 index 0000000..819f1e1 --- /dev/null +++ b/services/sftp_jc/deploy.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +chmod 700 "$SECRET_DIR/sftp.sshprivkey" diff --git a/services/sftp_jc/deploy_user.sh b/services/sftp_jc/deploy_user.sh new file mode 100755 index 0000000..f62604c --- /dev/null +++ b/services/sftp_jc/deploy_user.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +mkdir -p ~/.ssh +echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' > ~/.ssh/known_hosts +chmod 700 ~/.ssh/known_hosts + +rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user "$SFTP_USER" --sftp-port 2929 --sftp-key-file "$SECRET_DIR/sftp.sshprivkey" --sftp-known-hosts-file ~/.ssh/known_hosts :sftp:/public/ "$HTTP_DIR" diff --git a/services/sftp_jc/nginx_server.conf b/services/sftp_jc/nginx_server.conf new file mode 100755 index 0000000..fbdf825 --- /dev/null +++ b/services/sftp_jc/nginx_server.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE www.$JC_SERVICE; + + location / { + root $HTTP_DIR; + try_files $uri $uri/ =404; + } +}