adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

big 2023 update

Browse Source
This commit is contained in:
Adrian Amaglio 2024-01-02 17:50:14 +01:00
parent ebd00ff587
commit 6d2869ea04
184 changed files with 6987 additions and 671 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
old_services/_monitoring/blackbox-targets.yml Normal file
View File

@ -0,0 +1,50 @@
- targets:
- amaglio.fr
- www.amaglio.fr
- collectif-arthadie.fr
- www.collectif-arthadie.fr
- copaines.jean-cloud.net
- www.copaines.jean-cloud.net
- cousinades.jean-cloud.net
- www.cousinades.jean-cloud.net
- feteducourt2020.jean-cloud.net
- www.feteducourt2020.jean-cloud.net
- feteducourt.jean-cloud.net
- www.feteducourt.jean-cloud.net
- git.jean-cloud.net
- www.git.jean-cloud.net
- gmx-webmail.jean-cloud.net
- www.gmx-webmail.jean-cloud.net
- inurbe.fr
- www.inurbe.fr
- jean-cloud.net
- www.jean-cloud.net
- lalis.fr
- leida.fr
- www.leida.fr
- metamorphosemagazine.fr
- nuage.jean-cloud.net
- www.nuage.jean-cloud.net
- oma-radio.fr
- www.oma-radio.fr
- paj.oma-radio.fr
- www.paj.oma-radio.fr
- grafana.jean-cloud.net
- www.grafana.jean-cloud.net
- radionimaitre.oma-radio.fr
- www.radionimaitre.oma-radio.fr
- registry.oma-radio.fr
- rpnow.jean-cloud.net
- www.rpnow.jean-cloud.net
- test.rpnow.jean-cloud.net
- www.test.rpnow.jean-cloud.net
- static.oma-radio.fr
- www.static.oma-radio.fr
- static.jean-cloud.net
- www.static.jean-cloud.net
- velov.jean-cloud.net
- www.velov.jean-cloud.net
- wiki-cgr.jean-cloud.net
- www.wiki-cgr.jean-cloud.net
- parsoid-wiki-cgr.jean-cloud.net
- www.parsoid-wiki-cgr.jean-cloud.net

56
old_services/_monitoring/create_monitoring_list.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# Nginx configs
nginx_dir=/data/proxy/sites-enabled/
# The blackbox target file as it will be read by prometheus
blackbox=/data/$(cat /etc/hostname)/public/blackbox-targets.yml
echo '- targets:' > "$blackbox"
for file in "$nginx_dir"/* ; do
echo '-------------------------'
file="$file"
if [ ! -f "$file" ] ; then continue ; fi
echo "$file"
service_name="$(basename "$file")"
# Getting just the domain names
domains="$(grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' | cut -d ';' -f 1)"
if [ -n "$domains" ] ; then
# removing duplicates
domains="$(echo $domains | awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')"
for domain in $domains ; do
echo " - $domain" >> "$blackbox"
done
fi
done
ls /etc/letsencrypt/live/*000* &> /dev/null
if [ "$?" -eq 0 ] ; then
echo " ---------------------------------------------------------------------------------------------"
echo "Bad certs detected in letsencrypt dir. Nginx conf wont work…"
echo "rm -r /etc/letsencrypt/live/*000* /etc/letsencrypt/archive/*000* /etc/letsencrypt/renewal/*000*"
echo " ---------------------------------------------------------------------------------------------"
fi
docker exec -it proxy_reverse-proxy_1 nginx -t
code="$?"
if [ "$code" -ne 0 ] ; then
echo "Nginx test error, cant reloat it"
exit 1
fi
docker exec -it proxy_reverse-proxy_1 nginx -s reload
code="$?"
if [ "$code" -ne 0 ] ; then
echo "Nginx reload error, GENERAL ALEEEEEEEEERT!!!!!"
exit 1
fi
echo "Done. No error detected."

80
old_services/_monitoring/docker-compose.yml Normal file
View File

@ -0,0 +1,80 @@
version: '3.7'
services:
prometheus:
restart: unless-stopped
image: prom/prometheus
volumes:
- /docker/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
- /data/monitoring/blackbox-targets.yml:/etc/prometheus/blackbox-targets.yml
- type: bind
source: /data/monitoring/data
target: /prometheus
depends_on:
- cadvisor
networks:
default:
ipv4_address: 172.29.1.6
grafana:
restart: unless-stopped
image: grafana/grafana
volumes:
- /docker/monitoring/grafana.ini:/etc/grafana/grafana.ini
- /data/monitoring/grafana/data:/var/lib/grafana
networks:
default:
ipv4_address: 172.29.1.2
blackbox_exporter:
restart: unless-stopped
image: prom/blackbox-exporter
dns: 9.9.9.9
restart: always
volumes:
- /data/monitoring/blackbox-targets.yml:/config/blackbox-config.yml
networks:
default:
ipv4_address: 172.29.1.3
#icecast_exporter:
# image: markuslindenberg/icecast_exporter
# command: -icecast.scrape-uri http://listen.oma-radio.fr/status-json.xsl
cadvisor:
restart: unless-stopped
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
ports:
- 8080:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
depends_on:
- redis
networks:
default:
ipv4_address: 172.29.1.4
redis:
image: redis:latest
networks:
default:
ipv4_address: 172.29.1.5
node-exporter:
restart: unless-stopped
image: quay.io/prometheus/node-exporter:latest
volumes:
- /:/rootfs:ro
command:
- '--path.rootfs=/rootfs'
networks:
default:
ipv4_address: 172.29.1.7
networks:
default:
ipam:
config:
- subnet: 172.29.1.0/24

13
old_services/_monitoring/grafana.ini Normal file
View File

@ -0,0 +1,13 @@
[smtp]
enabled = true
host = mail.gandi.net:587
user = nepasrepondre@jean-cloud.org
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = ZMTX9B6VgsVvdbXSzC7Zp4ASj6DU6q22Zi7KnjXtGYHE7WmJBM3pkhW9Rcdx
;skip_verify = false
from_address = nepasrepondre@jean-cloud.org
from_name = Grafana
# EHLO identity in SMTP dialog (defaults to instance_name)
;ehlo_identity = dashboard.example.com

326
old_services/_monitoring/grafana_dashboards/alerts_server_status.json Normal file
View File

@ -0,0 +1,326 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Monitor and set alerts for all the pings to your servers using blackbox exporter and prometheus.",
"editable": true,
"gnetId": 5990,
"graphTooltip": 0,
"id": 3,
"iteration": 1629329153476,
"links": [],
"panels": [
{
"alert": {
"alertRuleTags": {},
"conditions": [
{
"evaluator": {
"params": [
1
],
"type": "lt"
},
"operator": {
"type": "and"
},
"query": {
"params": [
"A",
"5m",
"now"
]
},
"reducer": {
"params": [],
"type": "sum"
},
"type": "query"
}
],
"executionErrorState": "alerting",
"for": "0m",
"frequency": "60s",
"handler": 1,
"message": "Server does not respond to ping!",
"name": "Server Status alert",
"noDataState": "no_data",
"notifications": []
},
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.6",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "probe_success{job=\"ping\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{instance}}",
"refId": "A"
}
],
"thresholds": [
{
"colorMode": "critical",
"fill": true,
"line": true,
"op": "lt",
"value": 1,
"visible": true
}
],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Server Status",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"decimals": 0,
"format": "none",
"label": "OK",
"logBase": 1,
"max": "1",
"min": "0",
"show": true
},
{
"decimals": null,
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"text": "NOK"
},
"1": {
"text": "OK"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#d44a3a",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 1
},
{
"color": "#299c46",
"value": 1
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 6,
"x": 0,
"y": 8
},
"id": 2,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"repeat": "node",
"repeatDirection": "h",
"targets": [
{
"expr": "probe_success{instance=~\"$node\"}",
"format": "time_series",
"instant": false,
"interval": "",
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"title": "$node",
"type": "stat"
}
],
"schemaVersion": 30,
"style": "dark",
"tags": [
"alerts",
"linux",
"windows"
],
"templating": {
"list": [
{
"allValue": null,
"current": {
"selected": false,
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "",
"description": null,
"error": null,
"hide": 0,
"includeAll": true,
"label": "node",
"multi": true,
"name": "node",
"options": [],
"query": {
"query": "label_values(probe_success{job=\"ping\"}, instance) ",
"refId": "Prometheus-node-Variable-Query"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-24h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Alerts - Server Status",
"uid": "pbHjqZzmk",
"version": 3
}

903
old_services/_monitoring/grafana_dashboards/blackbox_overview.json Normal file
View File

@ -0,0 +1,903 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "Prometheus",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Fork of https://grafana.com/grafana/dashboards/5345 which uses 'instance' instead of 'target' label",
"editable": true,
"gnetId": 11175,
"graphTooltip": 0,
"id": 2,
"iteration": 1629329057681,
"links": [],
"panels": [
{
"collapsed": false,
"datasource": null,
"fieldConfig": {
"defaults": {},
"overrides": []
},
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 15,
"panels": [],
"repeat": "targets",
"title": "$targets UP/DOWN Status",
"type": "row"
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"text": "DOWN"
},
"1": {
"text": "UP"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#d44a3a",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 1
},
{
"color": "#299c46",
"value": 1
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 24,
"x": 0,
"y": 1
},
"id": 2,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"repeat": null,
"repeatDirection": "h",
"targets": [
{
"expr": "probe_success{instance=~\"$targets\"}",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "$targets",
"type": "stat"
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"text": "NO"
},
"1": {
"text": "YES"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#d44a3a",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 0
},
{
"color": "#299c46",
"value": 1
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 6,
"x": 0,
"y": 3
},
"id": 18,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"repeatDirection": "h",
"targets": [
{
"expr": "probe_http_ssl{instance=~\"$targets\"}",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "SSL",
"type": "stat"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 6,
"w": 9,
"x": 6,
"y": 3
},
"hiddenSeries": false,
"id": 17,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.6",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "probe_duration_seconds{instance=~\"$targets\"}",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"legendFormat": "seconds",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Probe Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 6,
"w": 9,
"x": 15,
"y": 3
},
"hiddenSeries": false,
"id": 21,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.6",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "probe_dns_lookup_time_seconds{instance=~\"$targets\"}",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"legendFormat": "seconds",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "DNS Lookup",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"decimals": 2,
"mappings": [
{
"options": {
"0": {
"text": "NO"
},
"1": {
"text": "YES"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#d44a3a",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 0
},
{
"color": "#299c46",
"value": 1209600
}
]
},
"unit": "dtdurations"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 6,
"x": 0,
"y": 5
},
"id": 19,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"repeatDirection": "h",
"targets": [
{
"expr": "probe_ssl_earliest_cert_expiry{instance=~\"$targets\"}-time()",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "SSL Cert Expiry",
"type": "stat"
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"decimals": 0,
"mappings": [
{
"options": {
"0": {
"text": "NO"
},
"1": {
"text": "YES"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#299c46",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 200
},
{
"color": "#d44a3a",
"value": 299
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 6,
"x": 0,
"y": 7
},
"id": 20,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"repeatDirection": "h",
"targets": [
{
"expr": "probe_http_status_code{instance=~\"$targets\"}",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "HTTP Status Code",
"type": "stat"
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 12,
"x": 0,
"y": 9
},
"id": 23,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"targets": [
{
"expr": "avg(probe_duration_seconds{instance=~\"$targets\"})",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Average Probe Duration",
"type": "stat"
},
{
"cacheTimeout": null,
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": []
},
"gridPos": {
"h": 2,
"w": 12,
"x": 12,
"y": 9
},
"id": 24,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.6",
"targets": [
{
"expr": "avg(probe_dns_lookup_time_seconds{instance=~\"$targets\"})",
"format": "time_series",
"interval": "$interval",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Average DNS Lookup",
"type": "stat"
}
],
"refresh": "1m",
"schemaVersion": 30,
"style": "dark",
"tags": [
"blackbox",
"prometheus"
],
"templating": {
"list": [
{
"auto": true,
"auto_count": 10,
"auto_min": "10s",
"current": {
"selected": false,
"text": "auto",
"value": "$__auto_interval_interval"
},
"description": null,
"error": null,
"hide": 0,
"label": "Interval",
"name": "interval",
"options": [
{
"selected": true,
"text": "auto",
"value": "$__auto_interval_interval"
},
{
"selected": false,
"text": "5s",
"value": "5s"
},
{
"selected": false,
"text": "10s",
"value": "10s"
},
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": false,
"text": "1m",
"value": "1m"
},
{
"selected": false,
"text": "10m",
"value": "10m"
},
{
"selected": false,
"text": "30m",
"value": "30m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
},
{
"selected": false,
"text": "6h",
"value": "6h"
},
{
"selected": false,
"text": "12h",
"value": "12h"
},
{
"selected": false,
"text": "1d",
"value": "1d"
},
{
"selected": false,
"text": "7d",
"value": "7d"
},
{
"selected": false,
"text": "14d",
"value": "14d"
},
{
"selected": false,
"text": "30d",
"value": "30d"
}
],
"query": "5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
"refresh": 2,
"skipUrlSync": false,
"type": "interval"
},
{
"allValue": null,
"current": {
"selected": false,
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "label_values(probe_success, instance)",
"description": null,
"error": null,
"hide": 0,
"includeAll": true,
"label": null,
"multi": true,
"name": "targets",
"options": [],
"query": {
"query": "label_values(probe_success, instance)",
"refId": "Prometheus-targets-Variable-Query"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Blackbox Exporter Overview",
"uid": "xtkCtBkiz",
"version": 1
}

2490
old_services/_monitoring/grafana_dashboards/cadvisor_node_exporter.json Normal file
View File

File diff suppressed because it is too large Load Diff

12
old_services/_monitoring/installer.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
if [ "$1" = "uninstall" ] ; then
echo ""
else # Installation procedure below
mkdir -p /data/monitoring/grafana /data/monitoring/data
chown 472:472 /data/monitoring/grafana -R
chown nobody:nogroup -R /data/monitoring/data
fi

20
old_services/_monitoring/nginx_server.conf Normal file
View File

@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/monitoring/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/monitoring/privkey.pem;
server_name grafana.jean-cloud.net www.grafana.jean-cloud.net;
location / {
#if ($remote_addr != "193.33.56.94") { return 503; }
client_max_body_size 2G;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://172.29.1.2:3000/;
proxy_redirect off;
}
}

97
old_services/_monitoring/prometheus.yml Normal file
View File

@ -0,0 +1,97 @@
# my global config
global:
scrape_interval: 60s
evaluation_interval: 60s
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'codelab-monitor'
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first.rules"
# - "second.rules"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'node-exporter'
metrics_path: /metrics
static_configs:
- targets:
- 'node-exporter:9100'
#- job_name: 'docker-exporter'
# metrics_path: /docker
# basic_auth:
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
# file_sd_configs:
# - files: ['/etc/prometheus/nodes.yml']
#- job_name: 'docker-official'
# metrics_path: /docker-official
# basic_auth:
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
# file_sd_configs:
# - files: ['/etc/prometheus/nodes.yml']
- job_name: cadvisor
scrape_interval: 30s
static_configs:
- targets:
- cadvisor:8080
- job_name: 'ping'
metrics_path: /probe
params:
module: [http_2xx]
file_sd_configs:
- files: ['/etc/prometheus/blackbox-targets.yml']
relabel_configs:
- source_labels: [__address__]
regex: (.*)(:80)?
target_label: __param_target
- source_labels: [__param_target]
regex: (.*)
target_label: instance
replacement: ${1}
- source_labels: []
regex: .*
target_label: __address__
replacement: blackbox_exporter:9115
- job_name: 'ssh_ping'
metrics_path: /probe
params:
module: [ssh_banner]
static_configs:
- targets:
- vandamme.jean-cloud.net
- tetede.jean-cloud.net
- carcasse.jean-cloud.net
- nougaro.jean-cloud.net
relabel_configs:
# Ensure port is 2222, pass as URL parameter
- source_labels: [__address__]
regex: (.*?)(:.*)?
replacement: ${1}:2222
target_label: __param_target
# Make instance label the target
- source_labels: [__param_target]
target_label: instance
# Actually talk to the blackbox exporter though
- target_label: __address__
replacement: 127.0.0.1:9115
#- job_name: 'icecast'
# static_configs:
# - targets: ['icecast_exporter:9146']

8
old_services/discordbot.oma-radio.fr/docker-compose.yml Normal file
View File

@ -0,0 +1,8 @@
version: '3'
services:
bot:
image: registry.oma-radio.fr/discord-bot:3.0.0
env_file:
- /data/discordbot.oma-radio.fr/environ
restart: unless-stopped

11
old_services/educbot.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,11 @@
version: '3'
services:
bot:
image: jeancloud/educbot:1.0
environment:
WS_PORT: 8080
EXT_WS_PORT: 7878
DISCORD_TOKEN: NjkxOTUzMDQzMDcxMzAzNzIy.Xnnhng.pYBFO2ogooVs2AyYz8Pk6AKhMoo
BOT_USERNAME: Educ-Bot
restart: unless-stopped

33
old_services/educbot.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,33 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 7878 ssl;
listen [::]:7878 ssl;
ssl_certificate /etc/letsencrypt/live/educbot.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/educbot.jean-cloud.net/privkey.pem;
location / {
proxy_pass http://bot.educbotjean-cloudnet.docker:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 120s;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/educbot.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/educbot.jean-cloud.net/privkey.pem;
server_name educbot.jean-cloud.net www.educbot.jean-cloud.net;
root /data/educbot.jean-cloud.net/public;
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

40
old_services/educloud.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,40 @@
version: '3'
services:
db:
image: postgres:11-alpine
restart: unless-stopped
volumes:
- /data/educloud.jean-cloud.net/db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=toDEzbjoTLBCugi9MrDMq9hYAtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKa
nextcloud1:
image: nextcloud:20-fpm-alpine
restart: unless-stopped
volumes:
- /data/educloud.jean-cloud.net/app1:/var/www/html
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud1
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=toDEzbjoTLBCugi9MrDMq9hYAtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKa
- NEXTCLOUD_ADMIN_USER=admin
- NEXTCLOUD_ADMIN_PASSWORD=toDEzbjoTLBCugi9MrDMq9hYAtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKa
depends_on:
- db
nextcloud2:
image: nextcloud:20-fpm-alpine
restart: unless-stopped
volumes:
- /data/educloud.jean-cloud.net/app2:/var/www/html
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud2
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=toDEzbjoTLBCugi9MrDMq9hYAtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKa
- NEXTCLOUD_ADMIN_USER=admin
- NEXTCLOUD_ADMIN_PASSWORD=toDEzbjoTLBCugi9MrDMq9hYAtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKa
depends_on:
- db

193
old_services/educloud.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,193 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/educloud.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/educloud.jean-cloud.net/privkey.pem;
server_name educloud.jean-cloud.net www.educloud.jean-cloud.net;
root /data/educloud.jean-cloud.net/app1;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Frame-Options "SAMEORIGIN";
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
#location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass nextcloud1.educloudjean-cloudnet.docker:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/educloud.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/educloud.jean-cloud.net/privkey.pem;
server_name educloud2.jean-cloud.net www.educloud2.jean-cloud.net;
root /data/educloud.jean-cloud.net/app2;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Frame-Options "SAMEORIGIN";
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
#location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass nextcloud2.educloudjean-cloudnet.docker:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

18
old_services/educloud.jean-cloud.net/readme.md Executable file
View File

@ -0,0 +1,18 @@
mdp admin
Cest cool de laisser un client qui possède toute linstance choisir son mdp mais on va le mettre dans le dockerfile nous-même pour une instance partagée.
dockerfile
cest con de faire tourner un apache pour rien, on va configurer nginx pour quil travaille avec le conteneur fpm.
Les images de nextcloud sont toutes cassées… Il faut faire gaffe en les manipulant. (ça a lair mieux avec la v16)
Utiliser lapp theming pour customiser un peu tout ça…
## Procédure de mise à jour
- Sauvegarde des data + db
- Maintenance mode on
- save data & db (quicker)
- upgrade
- test
- Maintenance mode off or fix or rollback

7
old_services/garradin.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,7 @@
version: '3.5'
services:
php:
image: php:7.2-fpm-alpine
volumes:
- /data/garradin.jean-cloud.net/garradin-0.9.8.1:/usr/src/app

27
old_services/garradin.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,27 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/garradin.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/garradin.jean-cloud.net/privkey.pem;
server_name garradin.jean-cloud.net www.garradin.jean-cloud.net;
root /data/garradin.jean-cloud.net/garradin-0.9.8.1/www;
location / {
index index.php /_route.php;
try_files $uri $uri/ index.php /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php.garradinjean-cloudnet.docker:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTP_HOST $host;
fastcgi_param DOCUMENT_ROOT /usr/src/app/www;
}
}

17
old_services/git-cd.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,17 @@
version: '3'
services:
app:
image: registry.jean-cloud.net/git-cd
environment:
MONGO_HOST: db
CREATE_HOOK_PASS: aZgL2Xee2x8hAx55dB8eBBKvDD6kcPnKAp5tBhV5vbv44cCyhMRd64nZPh2fHWgwvDCBZtvguNHG5tuCe9TiUiWZ2fdPtZYdKSSL6aZwhBjQm
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /data:/data # for docker-compose
depends_on:
- db
db:
image: mongo:4.2
volumes:
- /data/git-ca.jean-cloud.net/db:/data/db

12
old_services/git-cd.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,12 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/git-cd.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git-cd.jean-cloud.net/privkey.pem;
server_name git-cd.jean-cloud.net www.git-cd.jean-cloud.net;
location / {
proxy_pass http://app.git-cdjean-cloudnet.docker;
}
}

6
old_services/latex.jean-cloud.net/Dockerfile Executable file
View File

@ -0,0 +1,6 @@
FROM sharelatex/sharelatex
RUN apt update
RUN apt install -y texlive-full
COPY ./enable_glossary_latexmk /var/www/.latexmkrc

60
old_services/latex.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,60 @@
# To create users:
# cd /var/www/sharelatex
# grunt user:create-admin
version: '3'
services:
latex_jean-cloud_net:
restart: unless-stopped
image: sharelatex/sharelatex
#image: jeancloud/sharelatex:full
#build: .
depends_on:
- mongo
- redis
privileged: true
networks:
- default
- ingress
volumes:
- /data/latex.jean-cloud.net/sharelatex:/var/lib/sharelatex
environment:
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
SHARELATEX_REDIS_HOST: redis
SHARELATEX_APP_NAME: latex.jean-cloud.net
## Set for SSL via nginx-proxy
#VIRTUAL_HOST: 103.112.212.22
SHARELATEX_SITE_URL: https://latex.jean-cloud.net
SHARELATEX_NAV_TITLE: L'editeur latex de jean-cloud
# SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png
SHARELATEX_ADMIN_EMAIL: contact@jean-cloud.org
SHARELATEX_LEFT_FOOTER: '[{"text": "Editeur latex en ligne <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"},{"text": "Heberge par <a href=\"https://jean-cloud.net\">jean-cloud</a>, <a href=\"\">CGU</a>"} ]'
# SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
SHARELATEX_EMAIL_FROM_ADDRESS: "nepasrepondre@jean-cloud.org"
SHARELATEX_EMAIL_SMTP_HOST: "mail.gandi.net"
SHARELATEX_EMAIL_SMTP_PORT: "465"
SHARELATEX_EMAIL_SMTP_SECURE: "true"
SHARELATEX_EMAIL_SMTP_USER: "nepasrepondre@jean-cloud.org"
SHARELATEX_EMAIL_SMTP_PASS: ""
SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: "true"
SHARELATEX_EMAIL_SMTP_IGNORE_TLS: "false"
SHARELATEX_CUSTOM_EMAIL_FOOTER: '<div><a href="https://jean-cloud.net">Jean-Cloud</a></div>'
mongo:
restart: unless-stopped
image: mongo
volumes:
- /data/latex.jean-cloud.net/mongo:/data/db
redis:
restart: unless-stopped
image: redis
volumes:
- /data/latex.jean-cloud.net/redis:/data
networks:
ingress:
external: true

15
old_services/latex.jean-cloud.net/enable_glossary_latexmk Executable file
View File

@ -0,0 +1,15 @@
add_cus_dep('glo', 'gls', 0, 'run_makeglossaries');
add_cus_dep('acn', 'acr', 0, 'run_makeglossaries');
sub run_makeglossaries {
if ( $silent ) {
system "makeglossaries -q '$_[0]'";
}
else {
system "makeglossaries '$_[0]'";
};
}
push @generated_exts, 'glo', 'gls', 'glg';
push @generated_exts, 'acn', 'acr', 'alg';
$clean_ext .= ' %R.ist %R.xdy';

12
old_services/latex.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,12 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/latex.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/latex.jean-cloud.net/privkey.pem;
server_name latex.jean-cloud.net www.latex.jean-cloud.net git.latex.jean-cloud.net www.git.latex.jean-cloud.net;
location / {
client_max_body_size 10M;
proxy_pass http://latex_jean-cloud_net;
}
}

1
old_services/latex.jean-cloud.net/todos Executable file
View File

@ -0,0 +1 @@
Faire une image docker parce que là cest le bordel…

39
old_services/node_metrics/docker-compose.yml Normal file
View File

@ -0,0 +1,39 @@
version: '3'
services:
# Port 9100
node-exporter:
image: quay.io/prometheus/node-exporter
volumes:
#- /:/host:ro,rslave # Cest vraiment un peu nul
- /proc:/host/proc:ro,rslave
- /sys:/host/sys:ro,rslave
- /dev:/host/dev:ro,rslave
#command: ["path.rootfs=/host"]
networks:
- ingress
# Port 8081
docker-exporter:
image: cdewitt/docker-stats-exporter
networks:
- ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Pas besoin vu quon a le reste et que USE_PSEUDO_FILES est à True. BEN SI…………
- /sys/fs/cgroup:/rootfs/sys/fs/cgroup:ro
- /proc:/rootfs/proc:ro
environment:
PROC_DIRECTORY: /rootfs/proc
CGROUP_DIRECTORY: /rootfs/sys/fs/cgroup
USE_PSEUDO_FILES: "True"
docker-metrics-proxy:
image: nginx
volumes:
- /var/run/docker-metrics.sock:/var/run/docker-metrics.sock
networks:
ingress:
external: true

29
old_services/node_metrics/nginx_server.conf Executable file
View File

@ -0,0 +1,29 @@
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/node_metrics/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/node_metrics/privkey.pem;
server_name vandamme.jean-cloud.net www.vandamme.jean-cloud.net;
location /node {
proxy_pass http://node-exporter:9100/metrics;
auth_basic "Restricted area";
auth_basic_user_file /data/node_metrics/htpasswd;
}
location /docker {
proxy_pass http://docker-exporter:8081/metrics;
auth_basic "Restricted area";
auth_basic_user_file /data/node_metrics/htpasswd;
}
location /docker-official {
proxy_pass http://unix:/var/run/docker-metrics.sock:/metrics;
auth_basic "Restricted area";
auth_basic_user_file /data/node_metrics/htpasswd;
}
location / {
proxy_pass https://jean-cloud.net/404;
}
}

9
old_services/nsslave.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,9 @@
version: '3'
services:
dns:
image: resystit/bind9
ports:
- 53:53/tcp
- 53:53/udp
volumes:
- /data/nsslave.jean-cloud.org:/etc/bind

11
old_services/pybox.jean-cloud.net/docker-compose.yml Normal file
View File

@ -0,0 +1,11 @@
version: '3'
services:
app:
image: jeancloud/pythonsandbox:latest
volumes:
- /data/pybox.jean-cloud.net/config:/app/config
- /data/pybox.jean-cloud.net/production_eleves:/app/python_app/modules
ports:
- "22045:22"
restart: "unless-stopped"

16
old_services/pybox.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/pybox.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pybox.jean-cloud.net/privkey.pem;
server_name pybox.jean-cloud.net www.pybox.jean-cloud.net;
location / {
proxy_pass http://app.pyboxjean-cloudnet.docker;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
}
}

25
old_services/radiodemo.oma-radio.fr.classic/.env Normal file
View File

@ -0,0 +1,25 @@
NET=172.29.0
TELECOM=.101
MUX=.100
ICECAST=.110
WEBSERVER=.105
SYSTEM_API=.107
TZ=Europe/Paris
OMA_DOCKER_VERSION=dev
WEBSOCKET_PORT=2004
WEBSOCKET_CLEAR_PORT=4004
TELECOM_SERVER_PORT=3494
MUX_SERVER_PORT=9004
RADIO_NAME_SIMPLE=radiodemo
OMA_CONFIG_NomRadio=radiodemo
OMA_CONFIG_LogLevel=8
RADIO_NAME_PRETTY="Radio Démo"
RADIO_HOST=radiodemo.oma-radio.fr
COMPOSE_NAME=radiodemooma-radiofr
DOCKER_INSTANCES_PREFIX=radiodemooma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
DATA_DIR=/data/radiodemo.oma-radio.fr
SOUNDBASE_DIR=/data/radiodemo.oma-radio.fr/core/radioDemo
USE_SSL=true
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.5.0
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1

233
old_services/radiodemo.oma-radio.fr.classic/docker-compose.yml Normal file
View File

@ -0,0 +1,233 @@
version: '3'
services:
ambre_mux:
image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Host: $NET$ICECAST
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
restart: unless-stopped
networks:
default:
ipv4_address: $NET$MUX
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET$TELECOM
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
anthracite_jukebox:
image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_Client1Host: $NET$MUX
volumes:
- $SOUNDBASE_DIR:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
restart: unless-stopped
networks:
default:
ipv4_address: $NET.102
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
azurite_jukebox_simulator:
image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.103
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
# aventurine_transcode:
# image: registry.oma-radio.fr/transcode:$OMA_DOCKER_VERSION
# env_file: .env
# restart: unless-stopped
agate_importer:
image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.104
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
amarante_webserver:
image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_PigeTxtLoadFic: off
restart: unless-stopped
ports:
- $WEBSOCKET_CLEAR_PORT:9000
volumes:
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET$WEBSERVER
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
rubis_base_mg:
image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.106
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
system_api:
image: registry.oma-radio.fr/system-api:dev
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /api
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
transcode:
image: registry.oma-radio.fr/liquidsoap:1.3.7
env_file: .env
volumes:
- ./transcode.liq:/transcode.liq
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
#radioking:
# image: registry.oma-radio.fr/liquidsoap:1.3.7
# env_file: .env
# volumes:
# - ./radioking.liq:/radioking.liq
# command: /radioking.liq
# restart: unless-stopped
# networks:
# default:
# ipv4_address: $NET.111
#ammolite_mp3_addon:
# image: registry.oma-radio.fr/mp3addon:$OMA_DOCKER_VERSION
# env_file: .env
# environment:
# OMA_CONFIG_TelecommandeHost: $NET.101
# OMA_CONFIG_PigePrefix: /opt
# restart: unless-stopped
# volumes:
# - $SOUNDBASE_DIR:/app/soundbase
# networks:
# default:
# ipv4_address: $NET.109
# deploy:
# resources:
# limits:
# cpus: '0.05'
# doxy:
# image: qnib/doxy
# volumes:
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
# - /var/run/docker.sock:/var/run/docker.sock
# environment:
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
icecast:
image: registry.oma-radio.fr/icecast:alpine-2.4.0
restart: unless-stopped
environment:
# echo -n "source:pass" | base64
ICECAST_SOURCE_PASSWORD: JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
ICECAST_ADMIN_PASSWORD: STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
ICECAST_RELAY_PASSWORD: r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
ICECAST_ADMIN_USERNAME: admin
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
ICECAST_LOCATION: Rhône-Alpes
TZ: Europe/Paris
healthcheck:
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 5m0s
timeout: 10s
retries: 3
start_period: 1m0s
networks:
default:
ipv4_address: $NET$ICECAST
networks:
default:
ipam:
config:
- subnet: $NET.0/24

20
old_services/radiodemo.oma-radio.fr.classic/generate_nat.sh Executable file
View File

@ -0,0 +1,20 @@
function extract_ports_from_compose {
if [ "$#" -ne 1 ] ; then
echo "function extract_ports_from_dockerfile needs 1 parameter : docker-compose file" >&2
exit 1
fi
ports=false
while read line ; do
if [ "$line" = 'ports:' ] ; then
ports=true
elif "$ports" ; then
if [[ "$line" != -* ]] ; then
ports=false
else
echo $line | tr -d ' ' | tail -c +2
fi
fi
done < docker-compose.yml
}
extract_ports_from_compose docker-compose.yml | ../_deployer/template.sh .env

29
old_services/radiodemo.oma-radio.fr.classic/icecast.liq Normal file
View File

@ -0,0 +1,29 @@
#!/usr/bin/liquidsoap
# Mux
input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f"))
# Direct mp3
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
output.icecast(
%vorbis(samplerate=44100, channels=1, quality=0.2),
mount="/direct.ogg",
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), '/archives/%Y-%m-%d-%Y-%m-%d-%H_%M_%S.%s.ogg', input1, reopen_when={0s}, reopen_delay=60.0)

17
old_services/radiodemo.oma-radio.fr.classic/installer.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
. /bin/driglibash-base
if [ "$1" = "uninstall" ] ; then
echo "Uninstalling"
else # Installation procedure below
echo "Installing"
if [ -L /data/soundbase.oma-radio.fr/data/radiodemo ] ; then
run ln -s /data/soundbase.oma-radio.fr/data/radiodemo /data/radiodemo.oma-radio.fr/soundbase
fi
fi

244
old_services/radiodemo.oma-radio.fr.classic/nginx_server.conf Normal file
View File

@ -0,0 +1,244 @@
# Parameters:
# radio name
# file path
# ws port (local)
# wss port (open)
# upload service port
# ssl certs location
# TODO
# /speedtest-down returns random data
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
# /speedtest-up just eat everything it can
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen $WEBSOCKET_PORT ssl;
listen [::]:$WEBSOCKET_PORT ssl;
ssl_certificate /etc/letsencrypt/live/$RADIO_HOST/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$RADIO_HOST/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:$WEBSOCKET_CLEAR_PORT;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $RADIO_HOST;
ssl_certificate /etc/letsencrypt/live/$RADIO_HOST/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$RADIO_HOST/privkey.pem;
root $SOUNDBASE_DIR/website;
index index.html;
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
location = /direct.ogg {
proxy_pass http://172.29.0.110:8000/direct.ogg;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location = /direct.mp3 {
proxy_pass http://172.29.0.110:8000/direct.mp3;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location = /api { rewrite ^ /api/; }
location ~ /api/pigeindex(/.*) {
include uwsgi_params;
uwsgi_param PATH_INFO "/pigeindex$1";
uwsgi_param SCRIPT_NAME /api;
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
client_max_body_size 0;
uwsgi_connect_timeout 6000;
uwsgi_send_timeout 6000;
uwsgi_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
if_modified_since off;
expires off;
etag off;
}
location ~ /api(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /api;
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
if_modified_since off;
expires off;
etag off;
}
location /pige{
alias $SOUNDBASE_DIR/pige;
try_files $uri $uri/ =404;
}
location /pigeMp3{
alias $SOUNDBASE_DIR/pigeMp3;
try_files $uri $uri/ =404;
}
location /png {
alias $SOUNDBASE_DIR/png;
try_files $uri $uri/ =404;
}
location /webpL {
alias $SOUNDBASE_DIR/webpL;
try_files $uri $uri/ =404;
}
location /webpH {
alias $SOUNDBASE_DIR/webpH;
try_files $uri $uri/ =404;
}
location /ogg {
alias $SOUNDBASE_DIR/ogg;
try_files $uri $uri/ =404;
}
location /txt {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/txt;
try_files $uri $uri/ =404;
}
location /wavM {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/wavM;
try_files $uri $uri/ =404;
}
location /import {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/import;
try_files $uri $uri/ =404;
}
location /export {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/export;
try_files $uri $uri/ =404;
}
location /wav {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/wav;
try_files $uri $uri/ =404;
}
location /fiches {
alias $SOUNDBASE_DIR/fiches;
try_files $uri $uri/ =404;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
if_modified_since off;
expires off;
etag off;
}
location /prg {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/prg;
try_files $uri $uri/ =404;
}
location /listes {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $SOUNDBASE_DIR/listes;
try_files $uri $uri/ =404;
}
location /statique {
alias $SOUNDBASE_DIR/statique;
try_files $uri $uri/ =404;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
if_modified_since off;
expires off;
etag off;
}
# Admin interface
location /manager {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
try_files $uri $uri/ =404;
}
location = /favicon.ico {
return 301 /favicon.webp;
}
# for js, css, html — dynamic site, players
location / {
try_files $uri $uri/ =404;
add_header Cache-Control 'public must-revalidate';
add_header Access-Control-Allow-Origin https://radio.karnaval.fr;
}
}

11
old_services/radiodemo.oma-radio.fr.classic/pige.liq Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/liquidsoap
input = mksafe(input.http("https://radiodemo.oma-radio.fr/direct.ogg"))
#blank = single("/secours.ogg")
#input = fallback(track_sensitive=false, [input, blank])
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/direct.mp3",
# host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
# input)
output.file(%vorbis(samplerate=44100, channels=1, quality=0.5), '/archive/%Y-%m-%d/%Y-%m-%d-%H_%M_%S.mp3', input, reopen_when={0s})

7
old_services/radiodemo.oma-radio.fr.classic/radioking.liq Normal file
View File

@ -0,0 +1,7 @@
input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3"))
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/test355",
host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl",
input)

11
old_services/radiodemo.oma-radio.fr.classic/transcode.liq Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/liquidsoap
input = mksafe(input.http("http://icecast:8000/direct.ogg"))
#blank = single("/secours.ogg")
#input = fallback(track_sensitive=false, [input, blank])
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input)

33
old_services/team.jean-cloud.net/.env Normal file
View File

@ -0,0 +1,33 @@
DATA_DIR=/data/team.jean-cloud.net
subnet=172.29.18
# Domain of service
DOMAIN=team.jean-cloud.net
# Container settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Paris
## Bleve index (inside the container)
MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
## it if you know what you're doing.
## See https://github.com/mattermost/docker/issues/18
MATTERMOST_CONTAINER_READONLY=false
## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant
## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host
## or for using it behind another existing reverse proxy.
APP_PORT=8065
## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
## https://docs.mattermost.com/administration/config-settings.html
## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
## the system console as well and settings set with env variables will be greyed out.
## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml)
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

56
old_services/team.jean-cloud.net/docker-compose.yml Executable file
View File

@ -0,0 +1,56 @@
version: '3'
services:
db:
image: postgres:11-alpine
restart: unless-stopped
volumes:
- "$DATA_DIR/db:/var/lib/postgresql/data"
env_file:
- .env
- "$DATA_DIR/.env"
networks:
default:
ipv4_address: $subnet.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
mattermost:
ports:
- 8443:8443/udp
image: mattermost/mattermost-team-edition:7.10
volumes:
- "$DATA_DIR/app:/var/www/html"
environment:
- $DATA_DIR/app/config:/mattermost/config:rw
- $DATA_DIR/app/data:/mattermost/data:rw
- $DATA_DIR/app/plugins:/mattermost/plugins:rw
- $DATA_DIR/app/client_plugins:/mattermost/client/plugins:rw
- $DATA_DIR/app/bleve-indexes:/mattermost/bleve-indexes:rw
env_file:
- .env
- "$DATA_DIR/.env"
tmpfs:
- /tmp
depends_on:
- db
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
default:
ipv4_address: $subnet.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 1000M
networks:
default:
ipam:
config:
- subnet: $subnet.0/24

1
old_services/team.jean-cloud.net/maintenance.sh Normal file
View File

@ -0,0 +1 @@
docker-compose exec -u www-data nextcloud php occ maintenance:mode --on

76
old_services/team.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,76 @@
# inspiré de
# https://github.com/mattermost/docker/blob/main/nginx/conf.d/default.conf
# proxy cache
proxy_cache_path /var/cache/mmcache levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/team.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/team.jean-cloud.net/privkey.pem;
server_name team.jean-cloud.net;
limit_req zone=defaultlimit burst=500 nodelay;
## security headers
# https://securityheaders.com/
# https://scotthelme.co.uk/tag/security-headers/
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Permissions-Policy "interest-cohort=()";
# disable Google bots from indexing this site
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Early-Data $ssl_early_data;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_pass http://$subnet.100:8065;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Early-Data $ssl_early_data;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://$subnet.100:8065;
}
}

18
old_services/team.jean-cloud.net/readme.md Executable file
View File

@ -0,0 +1,18 @@
mdp admin
Cest cool de laisser un client qui possède toute linstance choisir son mdp mais on va le mettre dans le dockerfile nous-même pour une instance partagée.
dockerfile
cest con de faire tourner un apache pour rien, on va configurer nginx pour quil travaille avec le conteneur fpm.
Les images de nextcloud sont toutes cassées… Il faut faire gaffe en les manipulant. (ça a lair mieux avec la v16)
Utiliser lapp theming pour customiser un peu tout ça…
## Procédure de mise à jour
- Sauvegarde des data + db
- Maintenance mode on
- save data & db (quicker)
- upgrade
- test
- Maintenance mode off or fix or rollback

7
old_services/tracker.jean-cloud.net/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '3'
services:
tracker:
image: lednerb/opentracker-docker
ports:
- 6969:1337/udp
- 6969:1337

50
old_services/wordpress.inurbe.fr/docker-compose.yml Normal file
View File

@ -0,0 +1,50 @@
version: '3.1'
services:
wp:
image: wordpress:5.4-apache
restart: unless-stopped
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wpdbuser
WORDPRESS_DB_PASSWORD: 7VPD3XEMzMjPrySpVwmfdmoYZG4rsxX556WzhQHjmzGdViiFPd9D9tjfXaHDCbdZzMPVvrNcW2wxdtfGFMfTwfiFPXjX6XSzxgMFKoXtEnTKaKjmJrKGn6QcNoo7
WORDPRESS_DB_NAME: wpdb
#WORDPRESS_CONFIG_EXTRA: "define( 'WP_HOME', 'https://collectif-arthadie.fr/wordpress' ); define( 'WP_SITEURL', 'https://collectif-arthadie.fr/wordpress' );"
volumes:
- /data/inurbe.fr/wordpress:/var/www/html
- /data/inurbe.fr/static:/var/www/html/static
networks:
default:
ipv4_address: 172.16.15.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db:
image: mariadb:10.4
restart: unless-stopped
environment:
MYSQL_DATABASE: wpdb
MYSQL_USER: wpdbuser
MYSQL_PASSWORD: 7VPD3XEMzMjPrySpVwmfdmoYZG4rsxX556WzhQHjmzGdViiFPd9D9tjfXaHDCbdZzMPVvrNcW2wxdtfGFMfTwfiFPXjX6XSzxgMFKoXtEnTKaKjmJrKGn6QcNoo7
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
volumes:
- /data/inurbe.fr/db:/var/lib/mysql
networks:
default:
ipv4_address: 172.16.15.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: 172.16.15.0/24

16
old_services/wordpress.inurbe.fr/nginx_server.conf Executable file
View File

@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/inurbe.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/inurbe.fr/privkey.pem;
server_name wordpress.inurbe.fr www.wordpress.inurbe.fr;
location / {
client_max_body_size 2G;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://172.16.15.100;
proxy_redirect off;
}
}

1
provisioning/inventory.ini
View File

@ -10,3 +10,4 @@ montbonnot.jean-cloud.org
max.jean-cloud.org max.jean-cloud.org
tetede.jean-cloud.org tetede.jean-cloud.org
raku.jean-cloud.org raku.jean-cloud.org
#vandamme.jean-cloud.org

5
provisioning/roles/deploy_all/files/bin/Makefile Normal file
View File

@ -0,0 +1,5 @@
all: deploy_as compose_logs
deploy_as: deploy_as.c
compose_logs: compose_logs.c

BIN
provisioning/roles/deploy_all/files/bin/compose_logs Executable file
View File

Binary file not shown.

116
provisioning/roles/deploy_all/files/bin/compose_logs.c Normal file
View File

@ -0,0 +1,116 @@
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#define VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_"
#define COMPOSE "/usr/local/bin/docker-compose"
/* Just check only allowed chars are present */
int validate (char *s) {
for (int i=0; i<strlen(s); i++){
int found = 0;
for (int j=0; j<strlen(VALID_CHARS); j++) {
if ( s[i] == VALID_CHARS[j] ) {
found = 1;
break;
}
}
if (!found) {
return 1;
}
}
return 0;
}
void usage () {
printf("Usage: compose_logs <compose_dir> <instance>|list <since> <until>\n");
}
int is_line_in_file (char* l, char* filename) {
FILE * fp;
char * line = NULL;
size_t len = 0;
ssize_t read;
fp = fopen(filename, "r");
if (fp == NULL) {
return 1;
}
while ((read = getline(&line, &len, fp)) != -1) {
if (line[len-1] == '\n') {
line[len-1] = '\0';
}
printf("Retrieved line of length %zu:\n", read);
printf("len(l)=%zu\n", strlen(l));
printf("mdr %d\n", '\n');
for (int i=0; i<len; i++) {
printf("lol l %d : %d\n", i, l[i]);
printf("lol line %d : %d\n", i, line[i]);
}
printf("%s", line);
if (strcmp(line, l) == 0) {
free(line);
fclose(fp);
return 0;
}
}
fclose(fp);
if (line)
free(line);
return 1;
}
/* Main program. */
int
main (int argc, char* argv[])
{
if (argc < 3 ) {
usage();
exit(1);
}
/* Chdir */
if (chdir(argv[1]) != 0) {
printf("chdir() to /usr failed");
exit(1);
}
if (validate(argv[2]) != 0) {
printf("Bad service name\n");
exit(1);
}
if (is_line_in_file("33", "allow_docker_logs") != 0) {
printf("unauthorized\n");
exit(1);
}
/* List mode */
if (strcmp(argv[2],"list") == 0) {
if (execl(COMPOSE, COMPOSE, "ps", "--format", "json", (char *)NULL) == -1) {
printf("Error exec docker-compose ps\n");
printf("%s\n", strerror(errno));
exit(1);
}
/* log mode */
} else {
if (argc < 5 ) {
usage();
exit(1);
}
if (execl(COMPOSE, COMPOSE, "logs", argv[2], "--since", argv[3], "--until", argv[4], (char *)NULL) == -1) {
printf("Error exec docker-compose logs\n");
printf("%s\n", strerror(errno));
exit(1);
}
}
}

100
provisioning/roles/deploy_all/files/bin/deploy_as.c Normal file
View File

@ -0,0 +1,100 @@
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#include <errno.h>
#include <sys/stat.h>
/* Valid chars in service name */
#define VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_"
#define DEPLOY_AS_SH "/usr/local/bin/deploy_user.sh"
/* Translate username to uid/gid */
struct passwd * getUid(char *name) {
struct passwd *p;
if ((p = getpwnam(name)) == NULL) {
printf("Error: User '%s' not found.\n", name);
exit(1);
}
return p;
}
/* Run deploy as user */
int runServiceDeployment(char *service) {
/* Set uid and gid */
struct passwd *p = getUid(service);
setgid(p->pw_gid);
setuid(p->pw_uid);
/* Check if executable exists */
if ( access( DEPLOY_AS_SH, F_OK ) == -1 ) {
printf("No such file: %s\n", DEPLOY_AS_SH);
exit(1);
}
/* Stat executable */
struct stat sb;
if (stat(DEPLOY_AS_SH, &sb) != 0) {
printf("cant stat file: %s\n", DEPLOY_AS_SH);
exit(1);
}
/* Test if file is executable */
if ( ! (sb.st_mode & S_IXUSR )) {
printf("Not executable: %s\n", DEPLOY_AS_SH);
exit(1);
}
/* Test if regular file */
if (! S_ISREG(sb.st_mode)) {
printf("Not a regular file: %s\n", DEPLOY_AS_SH);
exit(1);
}
/* Execute DEPLOY_AS_SH */
if (execl("/bin/bash", "--noediting", "--noprofile", "--norc", "--", DEPLOY_AS_SH, service, (char *)NULL) == -1) {
printf("Error exec %s\n", DEPLOY_AS_SH);
printf("%s\n", strerror(errno));
exit(1);
}
return 0;
}
/* Just check only allowed chars are present */
int validate (char *s) {
for (int i=0; i<strlen(s); i++){
int found = 0;
for (int j=0; j<strlen(VALID_CHARS); j++) {
if ( s[i] == VALID_CHARS[j] ) {
found = 1;
break;
}
}
if (!found) {
return 1;
}
}
return 0;
}
int main(int argc, char *argv[] )
{
if ( argc != 2) {
printf("usage: %s <service-name>\n",argv[0]);
exit(1);
}
if (validate(argv[1]) != 0) {
printf("Bad service name\n");
exit(1);
}
runServiceDeployment(argv[1]);
return 0;
}

18
provisioning/roles/deploy_all/files/bin/deploy_service.sh
View File

@ -29,7 +29,9 @@ if [ ! -d "$new_nginx_conf_path" ] ; then
die "Cant deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first" die "Cant deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first"
fi fi
IFS=';' read uid username _ server < <(grep ";$service;" /docker/services.csv) IFS=';' read id username _ server < <(grep ";$service;" /docker/services.csv)
uid=$(($services_uid_start + $id))
docker_service="$(echo "$service" | tr '.' '_')" docker_service="$(echo "$service" | tr '.' '_')"
driglibash_section_prefix="[$service] " driglibash_section_prefix="[$service] "
@ -48,8 +50,13 @@ cd "/docker/$service"
if "$deploy" ; then if "$deploy" ; then
run mkdir -p "$DATA_DIR" "$HTTP_DIR" run mkdir -p "$DATA_DIR" "$HTTP_DIR"
# Try running podman as non-root first… run chown $uid "$DATA_DIR"
run chmod 751 "$DATA_DIR"
run chown $uid:www-data -R "$HTTP_DIR" run chown $uid:www-data -R "$HTTP_DIR"
if [ -d "$SECRET_DIR" ] ; then
run chown $uid "$SECRET_DIR" -R
run chmod 751 "$SECRET_DIR" -R
fi
else else
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR" [ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
fi fi
@ -158,12 +165,7 @@ if [ "$noreload" == false ] ; then
fi fi
section "Cleaning" section "Cleaning"
if [ -z "$(ls -A "$DATA_DIR")" ] ; then rmdir "$DATA_DIR" "$HTTP_DIR" 2>/dev/null || true
run rmdir "$DATA_DIR"
fi
if [ -z "$(ls -A "$HTTP_DIR")" ] ; then
run rmdir "$HTTP_DIR"
fi
clean clean
exit "$returncode" exit "$returncode"

23
provisioning/roles/deploy_all/files/bin/deploy_user.sh
View File

@ -1,5 +1,4 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
if [ "$#" -ne 1 ] || [ -z "$1" ] ; then if [ "$#" -ne 1 ] || [ -z "$1" ] ; then
@ -10,17 +9,25 @@ fi
service="$1" service="$1"
user_file="/docker/$service/deploy_user.sh" user_file="/docker/$service/deploy_user.sh"
env_file="/docker/$service/.env"
if [ ! -f "$user_file" ] ; then if [ ! -f "$user_file" ] ; then
echo "No such file: $user_file" echo "No such file: $user_file"
exit 1 exit 1
fi fi
if [ -f "$env_file" ] ; then unset XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS
set -a
source "$env_file"
set +a
fi
"$user_file" # Source env_files
env_files="/docker/$service/.env /data/secrets/$service/.env /data/$service/.env"
set -a
export HOME="/data/$service/"
for file in $env_files ; do
if [ -f "$file" ] ; then
. "$file"
fi
done
set +a
# Source/exec the user deploy file
cd "/docker/$service"
. "$user_file"

12
provisioning/roles/deploy_all/files/bin/deployall.sh
View File

@ -57,18 +57,17 @@ run mkdir -p "$new_nginx_conf_path"
section "Start docker" section "Start docker"
run systemctl start docker docker.socket run systemctl start docker docker.socket
section "Deploy mandatory services" #section "Deploy mandatory services"
deploy_service.sh deployer.jean-cloud.org noreload #deploy_service.sh deployer.jean-cloud.org noreload
# List of failed services # List of failed services
failed="" failed=""
while read line ; do while IFS=';' read -r id username service target
read -r service target <<<$(echo "$line") do
# Ignore _ and # prefixed services # Ignore _ and # prefixed services
[ "${service::1}" == '_' ] && continue [ "${service::1}" == '_' ] && continue
[ "${service::1}" == '#' ] && continue
echo -n "$service -> " echo -n "$service -> "
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found" [ ! -d "/docker/$service" ] && die "/docker/$service directory not found"
@ -78,11 +77,12 @@ while read line ; do
echo "Deploying" echo "Deploying"
deploy_service.sh "$service" "noreload" deploy_service.sh "$service" "noreload"
if [ "$?" -ne 0 ] ; then if [ "$?" -ne 0 ] ; then
failed="$failed $service" failed="$failed $service"
fi fi
done < <(grep -v '^[[:blank:]]*#' /docker/services.txt) done < <(grep -v '^#' /docker/services.csv)
restart_nginx.sh restart_nginx.sh

25
provisioning/roles/deploy_all/files/bin/gen_env.sh
View File

@ -17,21 +17,26 @@ dns_certs_path='$dns_certs_path'
http_certs_path='$http_certs_path' http_certs_path='$http_certs_path'
dummy_cert_path='$http_certs_path/dummy' dummy_cert_path='$http_certs_path/dummy'
servicefile=/docker/services.txt servicefile=/docker/services.txt
services_uid_start=2000
EOF EOF
for dir in /docker/* ; do while IFS=';' read -r id username service server
service="$(basename "$dir")" do
dir="/docker/$service"
[ ! -d "$dir" ] && continue [ ! -d "$dir" ] && continue
line_in_file "HTTP_DIR='/srv/http/$service'" "/docker/$service/.env" line_in_file "HTTP_DIR='/srv/http/$service'" "$dir/.env"
line_in_file "DATA_DIR='/data/$service'" "/docker/$service/.env" line_in_file "DATA_DIR='/data/$service'" "$dir/.env"
line_in_file "SECRET_DIR='/data/secrets/$service'" "/docker/$service/.env" line_in_file "SECRET_DIR='/data/secrets/$service'" "$dir/.env"
line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env" line_in_file "DOCKER_DIR='$dir'" "$dir/.env"
line_in_file "JC_SERVICE='$service'" "/docker/$service/.env" line_in_file "JC_SERVICE='$service'" "$dir/.env"
line_in_file "HOME='/docker/$service'" "/docker/$service/.env" #line_in_file "HOME='/data/$service'" "$dir/.env"
line_in_file "NET='172.29.$id'" "$dir/.env"
line_in_file "USER='$username'" "$dir/.env"
cert="$(findcert.sh "$service")" || true cert="$(findcert.sh "$service")" || true
if [ -n "$cert" ] ; then if [ -n "$cert" ] ; then
line_in_file "JC_CERT='$cert'" "/docker/$service/.env" line_in_file "JC_CERT='$cert'" "$dir/.env"
fi fi
done done < <(grep -v '^#' /docker/services.csv)

10
provisioning/roles/deploy_all/files/bin/git_update.sh
View File

@ -26,6 +26,10 @@ usage[K]="Remote host key file (known_hosts) for ssh connections"
varia[K]=hostkeyfile varia[K]=hostkeyfile
hostkeyfile='' hostkeyfile=''
usage[H]="Use real home dir"
varia[H]=use_home
use_home=false
. driglibash-args . driglibash-args
@ -45,6 +49,12 @@ if [ -z "$repo" ] ; then
die "$0: Empty repo given\n$summary" die "$0: Empty repo given\n$summary"
fi fi
if [ ! $use_home ] ; then
set -a
export HOME=/dev/null
set +a
fi
run mkdir -p "$dst" run mkdir -p "$dst"
run cd "$dst" run cd "$dst"

20
provisioning/roles/deploy_all/files/bin/init.sh
View File

@ -1,13 +1,21 @@
#!/bin/bash #!/bin/bash
while IFS=';' read -r uid username service server set -euo pipefail
. /etc/jeancloud.env
while IFS=';' read -r id username service server
do do
home="/data/$service" home="/data/$service"
uid="$(( $services_uid_start + $id ))"
if [ -z "$(grep "^$username:" /etc/passwd)" ] ; then if [ -z "$(grep "^$username:" /etc/passwd)" ] ; then
useradd -m -U -r -d "$home" "$username" useradd -M -U -u $uid -d "$home" "$username"
fi fi
# Do not touch the group, it can be set to something useful
chown "$username" "$home"
chmod 770 "$home"
done < <(grep -v '^#' /docker/services.csv) done < <(grep -v '^#' /docker/services.csv)
apt install -y make
cd /usr/local/bin
make
chown root:root deploy_as
chmod u+s deploy_as

72
provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh
View File

@ -1,31 +1,59 @@
#!/bin/bash #!/bin/bash
. driglibash-base
set -euo pipefail set -euo pipefail
[ "$#" -ne 1 ] && die "Usage: $0 <dest_directory>" # Read all
dest_dir="$1" # NC_SHARE_LINK_URL.*
[ -z "$dest_dir" ] && die "Arg 'dest_directory' should not be empty." # NC_SHARE_LINK_PASSWORD.*
# NC_SHARE_LINK_DESTINATION.*
# With .* equals
while IFS='=' read key value ; do
# suffix of sharer link
name="${key#NC_SHARE_LINK_URL}"
echo "Rcloning $name..."
# Get content from nextcloud password_varname="NC_SHARE_LINK_PASSWORD$name"
webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')" destination_varname="NC_SHARE_LINK_DESTINATION$name"
webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')"
webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
rclone sync --config=/notfound --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$dest_dir" # Empty by default
url="${!key}"
password="${!password_varname:-}"
destination="${!destination_varname:-}"
# Go to website # Ensure we have a link
cd "$dest_dir" if [ -z "$url" ] ; then
echo "env var NC_SHARE_LINK_URL$name is empty."
exit 1
fi
# Rename .attachement dirs created by nextcloud # Ensure we have a destination
while read filename ; do if [ -z "$destination" ] ; then
oldname="$(basename "$filename")" echo "env var NC_SHARE_LINK_DESTINATION$name is empty."
newname="${oldname:1}" exit 1
path="$(dirname "$filename")" elif [ ! -d "$destination" ] ; then
# And rename their references in md files mkdir "$destination"
find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \; fi
mv "$path/$oldname" "$path/$newname"
done < <(find -type d -name '.attachments.*')
# Get content from nextcloud
webdav_url="$(echo "$url" | sed 's#/s/.*#/public.php/webdav/#')"
webdav_user="$(echo "$url" |sed 's#.*/s/##')"
webdav_pass="$(rclone obscure "$password")"
rclone sync --config=/notfound --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$destination"
# Go to website
cd "$destination"
# Rename .attachement dirs created by nextcloud
while read filename ; do
oldname="$(basename "$filename")"
newname="${oldname:1}"
path="$(dirname "$filename")"
# And rename their references in md files
find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \;
mv "$path/$oldname" "$path/$newname"
done < <(find -type d -name '.attachments.*')
cd - &>/dev/null
echo "Rcloning done!"
done < <(env | grep ^NC_SHARE_LINK_URL )

BIN
provisioning/roles/deploy_all/files/secrets.volume Normal file
View File

Binary file not shown.

2
provisioning/roles/deploy_all/tasks/main.yml
View File

@ -15,6 +15,7 @@
delete: true delete: true
archive: false archive: false
recursive: true recursive: true
copy_links: true # This allows some bidouillage on the server
- name: Add binaries - name: Add binaries
@ -32,6 +33,7 @@
delete: true delete: true
archive: false archive: false
recursive: true recursive: true
copy_links: true # This allows some bidouillage on the server
#- name: Add bind conf #- name: Add bind conf
# ansible.posix.synchronize: # ansible.posix.synchronize:

2
readme.md
View File

@ -1,5 +1,6 @@
# Services Jean-Cloud # Services Jean-Cloud
## Dossier installing ## Dossier installing
Contient des scripts sh pour installer debian sur un disque dur. Qui ira ensuite se brancher dans un ordi :) Contient des scripts sh pour installer debian sur un disque dur. Qui ira ensuite se brancher dans un ordi :)
@ -13,6 +14,7 @@ Contient
Les services à faire tourner. Les services à faire tourner.
Chaque service qui tourne sur jean-cloud est composé : Chaque service qui tourne sur jean-cloud est composé :
- Un uid et username pour des questions de droits
- `deploy.sh` dun script dinstallation - `deploy.sh` dun script dinstallation
- `docker-compose.yaml` dun fichier docker-compose - `docker-compose.yaml` dun fichier docker-compose
- `nginx_server.conf` dun fichier de conf nginx - `nginx_server.conf` dun fichier de conf nginx

8
services/_proxy/nginx.conf
View File

@ -12,6 +12,7 @@ http {
## ##
# Basic Settings # Basic Settings
## ##
charset utf-8;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
@ -34,11 +35,10 @@ http {
## ##
# Logging Settings # Logging Settings
## ##
access_log /var/log/nginx/access.log; log_format main '$time_local $remote_addr $status $host $request $bytes_sent'
error_log /var/log/nginx/error.log;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"'; '"$http_referer" "$http_user_agent" "$gzip_ratio"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
## ##
# Gzip Settings # Gzip Settings

55
services/amaglio.fr/docker-compose.yml
View File

@ -1,55 +0,0 @@
version: '3'
services:
roundcube:
image: roundcube/roundcubemail:1.4.x-apache
restart: "unless-stopped"
depends_on:
- db
volumes:
- /data/amaglio.fr/app/plugins/enigma/home:/var/www/html/plugins/enigma/home
- /data/amaglio.fr/app/config/config.inc.php:/var/www/html/config/config.inc.php
- /data/amaglio.fr/app/enigma_pgp_homedir:/data/enigma_pgp_homedir
env_file: /data/amaglio.fr/env
environment:
ROUNDCUBEMAIL_DB_TYPE: pgsql
ROUNDCUBEMAIL_DB_HOST: db
ROUNDCUBEMAIL_DB_USER: postgres
ROUNDCUBEMAIL_DB_NAME: postgres
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 25M
# imap server
ROUNDCUBEMAIL_DEFAULT_HOST: ssl://mail20.lwspanel.com
ROUNDCUBEMAIL_DEFAULT_PORT: 993
ROUNDCUBEMAIL_SMTP_SERVER: tls://mail20.lwspanel.com
ROUNDCUBEMAIL_SMTP_PORT: 587
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,enigma,attachment_reminder
networks:
default:
ipv4_address: 172.29.5.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db:
# https://hub.docker.com/_/postgres?tab=description
image: postgres:9.6-alpine
restart: "unless-stopped"
env_file: /data/amaglio.fr/env
volumes:
- /data/amaglio.fr/db:/var/lib/postgresql/data
networks:
default:
ipv4_address: 172.29.5.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: 172.29.5.0/24

40
services/amaglio.fr/nginx_server.conf
View File

@ -1,40 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name amaglio.fr www.amaglio.fr;
# root /data/amaglio.fr/app;
#
client_max_body_size 1024M;
charset utf-8;
#
# index index.php;
#
# location ~ ^/roundcube/(bin|SQL|config|temp|logs)/ {
# deny all;
# }
#
# location ~ /roundcube/\.(js|css|png|jpg|jpeg|gif|ico)$ {
# expires max;
# log_not_found off;
# }
#
location / {
proxy_pass http://172.29.5.100;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
#
# location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.*)$;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_pass amaglio.fr:9000;
# fastcgi_index index.php;
# }
}

10
services/benevoles31.karnaval.fr/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
default: default:
ipv4_address: 172.16.17.100 ipv4_address: $NET.100
#redis: #redis:
# image: redis # image: redis
@ -27,7 +27,7 @@ services:
- $DATA_DIR/db:/var/lib/postgresql/data - $DATA_DIR/db:/var/lib/postgresql/data
networks: networks:
default: default:
ipv4_address: 172.16.17.101 ipv4_address: $NET.101
# app2: # app2:
# image: jeancloud/site-benevole:dev-karna-debian # image: jeancloud/site-benevole:dev-karna-debian
# environment: # environment:
@ -41,7 +41,7 @@ services:
# restart: unless-stopped # restart: unless-stopped
# networks: # networks:
# default: # default:
# ipv4_address: 172.29.17.110 # ipv4_address: $NET.110
# #
# db2: # db2:
# image: postgres:9.6-alpine # image: postgres:9.6-alpine
@ -53,10 +53,10 @@ services:
# - $DATA_DIR/db2:/var/lib/postgresql/data # - $DATA_DIR/db2:/var/lib/postgresql/data
# networks: # networks:
# default: # default:
# ipv4_address: 172.29.17.111 # ipv4_address: $NET.111
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.16.17.0/24 - subnet: $NET.0/24

1
services/builder.rimarima.fr/.env Normal file
View File

@ -0,0 +1 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/rimarima

4
services/builder.rimarima.fr/deploy.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
chown $UID:www-data "$SECRET_DIR/user.htpasswd"
chmod 740 "$SECRET_DIR/user.htpasswd"

13
services/builder.rimarima.fr/deploy_http.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash
set -euo pipefail
set -a
. "$SECRET_DIR/.env"
set +a
git_update.sh -d "$HTTP_DIR" -b main "https://git.jean-cloud.net/adrian/rimarima"
rclone_ncloud_publiclink.sh "$HTTP_DIR/content"
podman build . -f hugobuilder.dockerfile -t $JC_SERVICE/builder
podman run --rm -v $HTTP_DIR:/srv $JC_SERVICE/builder

1
services/builder.rimarima.fr/deploy_user.sh Symbolic link
View File

@ -0,0 +1 @@
../hugo/deploy_user.sh

14
services/builder.rimarima.fr/server.sh
View File

@ -3,14 +3,10 @@
echo "Content-type: text/html" echo "Content-type: text/html"
echo "" echo ""
. .env
action="$(echo "$DOCUMENT_URI" | tr -d '/\;!&<>?#[]()"*')" action="$(echo "$DOCUMENT_URI" | tr -d '/\;!&<>?#[]()"*')"
set -a echo '<pre>'
. .env deploy_as "$JC_SERVICE"
set +a echo '</pre>'
"./deploy_http.sh" 2>&1
ret="$?"
if [ "$ret" -ne 0 ] ; then
echo 'Error'
fi

8
services/chahut.jean-cloud.net/docker-compose.yml
View File

@ -11,7 +11,7 @@ services:
- /srv/http/$JC_SERVICE:/var/www/html/static - /srv/http/$JC_SERVICE:/var/www/html/static
networks: networks:
default: default:
ipv4_address: 172.29.18.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -26,16 +26,16 @@ services:
- $DATA_DIR/db:/var/lib/mysql - $DATA_DIR/db:/var/lib/mysql
networks: networks:
default: default:
ipv4_address: 172.29.18.101 ipv4_address: $NET.101
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' cpus: '0.50'
memory: 100M memory: 300M
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.18.0/24 - subnet: $NET.0/24

2
services/chahut.jean-cloud.net/nginx_server.conf
View File

@ -11,7 +11,7 @@ server {
#proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://172.29.18.100; proxy_pass http://$NET.100;
proxy_redirect off; proxy_redirect off;
} }
} }

2
services/chiloe.eu/deploy_http.sh → services/chiloe.eu/deploy_user.sh
View File

@ -1,5 +1,3 @@
#!/bin/bash #!/bin/bash
set -euo pipefail
. "$SECRET_DIR/.env"
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR" rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"

4
services/coldcms.chahut.jean-cloud.net/docker-compose.yml
View File

@ -17,7 +17,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
default: default:
ipv4_address: 172.29.20.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -29,4 +29,4 @@ networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.20.0/24 - subnet: $NET.0/24

4
services/coldcms.chahut.jean-cloud.net/nginx_server.conf
View File

@ -27,7 +27,7 @@ server {
location @uwsgi_backend { location @uwsgi_backend {
uwsgi_pass 172.29.20.100:8000; uwsgi_pass $NET.100:8000;
include uwsgi_params; include uwsgi_params;
client_max_body_size 20m; client_max_body_size 20m;
} }
@ -47,7 +47,7 @@ server {
} }
location /admin/ { location /admin/ {
uwsgi_pass 172.29.20.100:8000; uwsgi_pass $NET.100:8000;
include uwsgi_params; include uwsgi_params;
client_max_body_size 20m; client_max_body_size 20m;
} }

8
services/collectif-arthadie.fr/docker-compose.yml
View File

@ -15,7 +15,7 @@ services:
- /data/collectif-arthadie.fr/static:/var/www/html/static - /data/collectif-arthadie.fr/static:/var/www/html/static
networks: networks:
default: default:
ipv4_address: 172.29.6.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -34,16 +34,16 @@ services:
- /data/collectif-arthadie.fr/db:/var/lib/mysql - /data/collectif-arthadie.fr/db:/var/lib/mysql
networks: networks:
default: default:
ipv4_address: 172.29.6.101 ipv4_address: $NET.101
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' cpus: '0.50'
memory: 100M memory: 300M
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.6.0/24 - subnet: $NET.0/24

2
services/collectif-arthadie.fr/nginx_server.conf
View File

@ -9,7 +9,7 @@ server {
#proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://172.29.6.100; proxy_pass http://$NET.100;
proxy_redirect off; proxy_redirect off;
} }
} }

8
services/compagnienouvelle.fr/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
- $DATA_DIR/static:/var/www/html/static - $DATA_DIR/static:/var/www/html/static
networks: networks:
default: default:
ipv4_address: 172.29.7.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -28,16 +28,16 @@ services:
- $DATA_DIR/db:/var/lib/mysql - $DATA_DIR/db:/var/lib/mysql
networks: networks:
default: default:
ipv4_address: 172.29.7.101 ipv4_address: $NET.101
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' cpus: '0.50'
memory: 100M memory: 300M
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.7.0/24 - subnet: $NET.0/24

2
services/compagnienouvelle.fr/nginx_server.conf
View File

@ -11,7 +11,7 @@ server {
#proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://172.29.7.100; proxy_pass http://$NET.100;
proxy_redirect off; proxy_redirect off;
} }
} }

3
services/copaines.jean-cloud.net/deploy.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
chmod 700 "$SECRET_DIR/sftp.sshprivkey"

2
services/copaines.jean-cloud.net/deploy_http.sh → services/copaines.jean-cloud.net/deploy_user.sh
View File

@ -1,3 +1,5 @@
#!/bin/bash #!/bin/bash
mkdir -p ~/.ssh
echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' >> ~/.ssh/known_hosts echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' >> ~/.ssh/known_hosts
chmod 700 ~/.ssh/known_hosts
scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 copaines@sftp.jean-cloud.net:public/* "$HTTP_DIR" scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 copaines@sftp.jean-cloud.net:public/* "$HTTP_DIR"

6
services/cousinades.jean-cloud.net/docker-compose.yml
View File

@ -7,7 +7,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
default: default:
ipv4_address: 172.29.4.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -21,7 +21,7 @@ services:
- /data/cousinades.jean-cloud.net/db:/var/lib/postgresql/data - /data/cousinades.jean-cloud.net/db:/var/lib/postgresql/data
networks: networks:
default: default:
ipv4_address: 172.29.4.101 ipv4_address: $NET.101
deploy: deploy:
resources: resources:
limits: limits:
@ -32,4 +32,4 @@ networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.4.0/24 - subnet: $NET.0/24

2
services/cousinades.jean-cloud.net/nginx_server.conf
View File

@ -16,7 +16,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 172.29.4.100:9000; fastcgi_pass $NET.100:9000;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name;

16
services/dnscerts.jean-cloud.org/run_as.sh
View File

@ -14,8 +14,8 @@ set +a
# Test secret presence # Test secret presence
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1 [ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
export tmp="$(mktemp -d)" export workdir="$(mktemp -d)"
mkdir -p "$tmp/{work,logs}" mkdir -p "$workdir/{work,logs}"
# If there is some args, populate a fake service file # If there is some args, populate a fake service file
if [ "$#" -ge 1 ] && [ -n "$1" ] ; then if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
@ -25,6 +25,9 @@ if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
done done
fi fi
echo "Renew existing certs"
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir"
echo "For each service, read all possible domains" echo "For each service, read all possible domains"
while read line ; do while read line ; do
read -r service target < <(echo "$line") read -r service target < <(echo "$line")
@ -35,15 +38,18 @@ while read line ; do
# remove dummy cert # remove dummy cert
dummy_cert.sh "$service" remove || true dummy_cert.sh "$service" remove || true
[ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue if [ -d "$DATA_DIR/certs/live/$service" ] ; then
#echo "Already exists, thats a job for renew : $service"
continue
fi
# acme # acme
"$here/acme-dns.sh" "$service" "$tmp" "$here/acme-dns.sh" "$service" "$workdir"
done < "$servicefile" done < "$servicefile"
echo "Push certs to other servers" echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') vandamme nougaro ; do
server="$srv.jean-cloud.org" server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue [ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server" echo "-- $server"

2
services/etrevivant.net/.env
View File

@ -1,2 +1,2 @@
GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/etrevivant" GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/etrevivant"
CLOUD_LOCAL_PATH=content GIT_SOURCE_BRANCH=master

1
services/etrevivant.net/deploy.sh Symbolic link
View File

@ -0,0 +1 @@
../hugo/deploy.sh

8
services/etrevivant.net/deploy_http.sh
View File

@ -1,8 +0,0 @@
#!/bin/bash
set -euo pipefail
set -a
. "$SECRET_DIR/.env"
set +a
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
hugo_rclone.sh "$HTTP_DIR"

1
services/etrevivant.net/deploy_user.sh Symbolic link
View File

@ -0,0 +1 @@
../hugo/deploy_user.sh

22
services/etrevivant.net/nginx_server.conf
View File

@ -1,22 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public/;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

1
services/etrevivant.net/nginx_server.conf Symbolic link
View File

@ -0,0 +1 @@
../hugo/nginx_server.conf

0
services/feministesucl34.communisteslibertaires.org/deploy_http.sh → services/feministesucl34.communisteslibertaires.org/deploy_user.sh
View File

0
services/feteducourt.jean-cloud.net/deploy_http.sh → services/feteducourt.jean-cloud.net/deploy_user.sh
View File

0
services/feteducourt2020.jean-cloud.net/deploy_http.sh → services/feteducourt2020.jean-cloud.net/deploy_user.sh
View File

22
services/git.jean-cloud.net/docker-compose.yml
View File

@ -1,7 +1,7 @@
version: '3' version: '3'
services: services:
gitea: gitea:
image: gitea/gitea:1.9.1 image: gitea/gitea:1.21
depends_on: depends_on:
- db - db
volumes: volumes:
@ -11,31 +11,23 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
default: default:
ipv4_address: 172.29.10.100 ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db: db:
# https://hub.docker.com/_/postgres?tab=description image: postgres:16-alpine
image: postgres:9.6-alpine
volumes: volumes:
- /data/git.jean-cloud.net/db:/var/lib/postgresql/data - /data/git.jean-cloud.net/db:/var/lib/postgresql/data
networks: networks:
default: default:
ipv4_address: 172.29.10.101 ipv4_address: $NET.101
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' cpus: '1'
memory: 100M memory: 300M
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: 172.29.10.0/24 - subnet: $NET.0/24

5
services/git.jean-cloud.net/nginx_server.conf
View File

@ -3,10 +3,11 @@ server {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name git.jean-cloud.net www.git.jean-cloud.net; server_name $JC_SERVICE www.$JC_SERVICE;
limit_req zone=defaultlimit burst=20 nodelay;
location / { location / {
client_max_body_size 5G; client_max_body_size 5G;
proxy_pass http://172.29.10.100:3000; proxy_pass http://$NET.100:3000;
} }
} }

1
services/grapes.chahut.jean-cloud.net/.env
View File

@ -1,2 +1 @@
JC_NET=172.29.19
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs

0
services/grapes.chahut.jean-cloud.net/deploy_http.sh → services/grapes.chahut.jean-cloud.net/deploy_user.sh
View File

4
services/grapes.chahut.jean-cloud.net/docker-compose.yml
View File

@ -6,7 +6,7 @@ services:
- "$DATA_DIR:/usr/lib/json-server" - "$DATA_DIR:/usr/lib/json-server"
networks: networks:
default: default:
ipv4_address: $JC_NET.100 ipv4_address: $NET.100
deploy: deploy:
resources: resources:
limits: limits:
@ -16,4 +16,4 @@ networks:
default: default:
ipam: ipam:
config: config:
- subnet: $JC_NET.0/24 - subnet: $NET.0/24

2
services/grapes.chahut.jean-cloud.net/nginx_server.conf
View File

@ -28,7 +28,7 @@ server {
location /projects { location /projects {
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$JC_NET.100:3000; proxy_pass http://$NET.100:3000;
proxy_redirect off; proxy_redirect off;
} }

Some files were not shown because too many files have changed in this diff Show More