what a piece of commit…

This commit is contained in:
Adrian Amaglio 2023-09-07 19:50:05 +02:00
parent 90dd3bad64
commit f7ed1c51eb
53 changed files with 315 additions and 871 deletions

View File

@ -92,9 +92,3 @@
##- deploy_all ##- deploy_all
- name: shlago
hosts: shlago
become: yes
gather_facts: no
roles:
- ordiportables

View File

@ -17,7 +17,7 @@ fi
if [ -d "/docker/$1" ] ; then if [ -d "/docker/$1" ] ; then
service="$1" service="$1"
elif [ -d "$1" ] && [[ "$service" = /docker/* ]] ; then elif [ -d "$1" ] && [[ "$1" = /docker/* ]] ; then
service="$(basename "$1")" service="$(basename "$1")"
else else
die "/docker/$service not found" die "/docker/$service not found"
@ -30,9 +30,13 @@ fi
docker_service="$(echo "$service" | tr '.' '_')" docker_service="$(echo "$service" | tr '.' '_')"
driglibash_section_prefix="[$service] " driglibash_section_prefix="[$service] "
section "---------- Start -------------"
cd "/docker/$service" cd "/docker/$service"
[ -f .env ] && . .env
# Source and export env file
[ -f .env ] && set -a && . .env && set +a
############################################################################### ###############################################################################
@ -54,7 +58,7 @@ fi
if "$deploy" ; then if "$deploy" ; then
[ -x deploy.sh ] && ./deploy.sh [ -x deploy.sh ] && ./deploy.sh
[ -x deploy_http.sh ] && sudo -u www-data ./deploy_http.sh [ -x deploy_http.sh ] && sudo -u www-data bash -c ". '$DOCKER_DIR/.env' && . ./deploy_http.sh"
else else
[ -x undeploy.sh ] && ./undeploy.sh [ -x undeploy.sh ] && ./undeploy.sh
fi fi
@ -66,7 +70,6 @@ fi
# If there is a docker-compose file and it has services in it # If there is a docker-compose file and it has services in it
if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services' "/docker/$service/docker-compose.yml")" ] ; then if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services' "/docker/$service/docker-compose.yml")" ] ; then
section "-------------------- $service"
if $deploy ; then if $deploy ; then
section "Logging to registry" section "Logging to registry"
# XXX Login to docker registry # XXX Login to docker registry

View File

@ -4,7 +4,8 @@ driglibash_run_retry=true
. driglibash-base . driglibash-base
set -euo pipefail set -euo pipefail
run gen_env.sh # Already done at upload time ?
#run gen_env.sh
############################################################################### ###############################################################################
# Variables # Variables
@ -24,11 +25,12 @@ export dummy_cert_path="$certs_path/dummy"
# Path to this directory # Path to this directory
here="$(where 'follow_links')" here="$(where 'follow_links')"
# Ip4 address
#my_ip="$(resolv.sh "$(cat /etc/hostname)")"
my_ip="$(curl -4 ifconfig.me 2>/dev/null)"
[ -z "$my_ip" ] && yell "Unable to find my IP" && exit 1
###############################################################################
# Test system requirements
###############################################################################
[ ! -f /data/mounted ] && die "/data is not mounted"
############################################################################### ###############################################################################
# Nginx preparation # Nginx preparation
@ -63,21 +65,32 @@ run mkdir -p "$new_nginx_conf_path"
# Deploy services # Deploy services
############################################################################### ###############################################################################
if [ -f "/data/unmounted" ] || [ ! -f "/data/mounted" ] ; then
die "Error: /data is not mounted."
fi
section "Start docker" section "Start docker"
run systemctl start docker docker.socket run systemctl start docker docker.socket
section "Deploy mandatory services" section "Deploy mandatory services"
deploy_service.sh deployer.jean-cloud.org noreload deploy_service.sh deployer.jean-cloud.org noreload
for dir in /docker/* ; do while read line ; do
service="$(basename "$dir")" read -r service target <<<$(echo "$line")
# Ignore _ prefixed directories # Ignore _ prefixed directories
[ "${service::1}" == '_' ] && continue [ "${service::1}" == '_' ] && continue
[ ! -d "$dir" ] && continue
[[ "$(resolv.sh $service)" != *$my_ip* ]] && continue echo -n "$service -> "
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found"
# Check if service target is localhost
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
echo "Deploying"
deploy_service.sh "$service" "noreload" deploy_service.sh "$service" "noreload"
done done < /docker/services.txt
restart_nginx.sh restart_nginx.sh

View File

@ -0,0 +1,11 @@
#!/bin/bash
. driglibash-base
if [ "$#" -lt 1 ] ; then
die "Usage: $0 <nginx_conf_file>"
fi
file="$1"
grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' -e 's/;$//' | sort -u

View File

@ -9,7 +9,6 @@ certs_path=/etc/letsencrypt/live
proxy_dir=/etc/nginx proxy_dir=/etc/nginx
cat > "$JC_ENV" <<EOF cat > "$JC_ENV" <<EOF
my_ip=$(resolv.sh "$(cat /etc/hostname)")
proxy_dir='$proxy_dir' proxy_dir='$proxy_dir'
nginx_conf_path='$proxy_dir/sites-enabled' nginx_conf_path='$proxy_dir/sites-enabled'
new_nginx_conf_path='$proxy_dir/new-sites-enabled' new_nginx_conf_path='$proxy_dir/new-sites-enabled'

View File

@ -20,6 +20,7 @@ privkey=''
. driglibash-args . driglibash-args
# Some SSH options # Some SSH options
ssh_opt='ssh' ssh_opt='ssh'
if [ -n "$privkey" ] ; then if [ -n "$privkey" ] ; then
@ -34,9 +35,16 @@ fi
cd "$dst" cd "$dst"
if [ -d .git ] ; then if [ -d .git ] ; then
git reset --hard HEAD && git pull --depth 1 --ff-only --rebase --config core.sshCommand="$ssh_opt" git fetch origin "$branch"
git submodule update --recursive --remote --recommend-shallow git checkout --force -B "$branch" "origin/$branch"
git reset --hard
git clean -qffdx
git submodule update --init --recursive --force --recommend-shallow
git submodule foreach git fetch
git submodule foreach git checkout --force -B "$branch" "origin/$branch"
git submodule foreach git reset --hard
git submodule foreach git clean -fdx
else else
git clone --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" . git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" .
fi fi

View File

@ -31,17 +31,14 @@ for file in "$nginx_sites_dir"* ; do
service_name="$(basename "$file")" service_name="$(basename "$file")"
# Getting just the domain names # Getting just the domain names
domains="$(grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' | cut -d ';' -f 1)" domains="$(extract_domain_nginx_conf.sh "$file")"
if [ -n "$domains" ] ; then if [ -n "$domains" ] ; then
# If using dummy cert, disabling it # If using dummy cert, disabling it
if [ "$(readlink "/etc/letsencrypt/live/$service_name/fullchain.pem")" = "/etc/letsencrypt/live/dummy/fullchain.pem" ] ; then if [ "$(readlink "/etc/letsencrypt/live/$service_name/fullchain.pem")" = "/etc/letsencrypt/live/dummy/fullchain.pem" ] ; then
rm -r "/etc/letsencrypt/live/$service_name" rm -r "/etc/letsencrypt/live/$service_name"
fi fi
# removing duplicates
domains="$(echo $domains | awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')"
echo "$domains" echo "$domains"
# adding -d before every domain # adding -d before every domain
domains="-d $(echo $domains | sed 's/ / -d /g')" domains="-d $(echo $domains | sed 's/ / -d /g')"

View File

@ -1,63 +0,0 @@
#!/bin/bash
# This script echo ipv4 addresses of a symbolic name.
# One IP per line
set -euo pipefail
########################### Helpers ###########################################
function yell {
echo "$@" >&2
}
function die {
yell "$@"
exit 1
}
function say {
if "$verbose" ; then
yell "$@"
fi
}
function resolv () {
if [ "$#" -ne 1 ] ; then
die "usage: $0 <name>"
fi
name="$1"
say "Querying $name"
while read line ; do
if [[ "$line" = *"is an alias for "* ]] ; then
resolv "$(echo "$line" | cut -d ' ' -f 6)"
elif [[ "$line" = *" has address "* ]] ; then
echo "$line" | cut -d ' ' -f 4
elif [[ "$line" = *" not found: "* ]] ; then
continue
elif [[ "$line" = *" has no A record" ]] ; then
continue
else
say "unmatched: $line"
fi
done <<< "$(host -W 2 -t A "$name" localhost)"
}
########################### Options ###########################################
verbose=false
if [ "$#" -gt 1 ] && [ "$1" = '-v' ] ; then
verbose=true
shift
fi
########################### arguments ##########################################
if [ "$#" -ne 1 ] ; then
die "Usage: $0 [options] <domain_name>
options : -v verbose"
fi
########################### script ############################################
resolv "$1"

View File

@ -0,0 +1,2 @@
#!/bin/bash
echo 0 > /sys/class/backlight/*/brightness

View File

@ -1,22 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.dahus.net. (
2023041900 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL (min before refresh)
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248
@ IN MX 10 mail.amaglio.fr.
mail IN A 91.216.107.37
imap IN CNAME mail.amaglio.fr.
pop IN CNAME mail.amaglio.fr.
smtp IN CNAME mail.amaglio.fr.

View File

@ -1,30 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2020031104 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248
@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
collectif-arthadie.fr. IN CAA 0 issue "letsencrypt.org"
collectif-arthadie.fr. IN CAA 0 issuewild ";"
wordpress IN CNAME vandamme.jean-cloud.net.
www.wordpress IN CNAME vandamme.jean-cloud.net.
www IN CNAME vandamme.jean-cloud.net.
www.wordpress.collectif-arthadie.fr IN CAA 0 issue "letsencrypt.org"
www.wordpress.collectif-arthadie.fr IN CAA 0 issuewild ";"

View File

@ -1,16 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023042100 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL (min before refresh)
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 172.104.154.21
@ IN AAAA 2a01:7e01::f03c:92ff:fecf:e815

View File

@ -1,30 +0,0 @@
$TTL 604800
@ IN SOA tetede.jean-cloud.org. contact.jean-cloud.org. (
2023082700 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS max.jean-cloud.org.
@ IN NS tetede.jean-cloud.org.
; Mail config
@ 86400 IN MX 10 mail.etrevivant.net.
mail 21600 IN A 83.229.19.99
imap 86400 IN CNAME mail.etrevivant.net.
pop 86400 IN CNAME mail.etrevivant.net.
smtp 86400 IN CNAME mail.etrevivant.net.
@ 86400 IN TXT v=spf1 mx:etrevivant.net a:mail.etrevivant.net a:mailphp.lws-hosting.com -all
dkim._domainkey 86400 IN TXT v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8C8Xh049AFp+LuKVCUlwahtRFxO85rrJ0dE0idCfNAsI5Nlobf02gik8jesZ04clvZ0lxaM+L8IU50AKVHeFva83Y7LVJdeaXk14fO3gwQ1r/asNhzvg++88bfhSaLKD5M4Eid13mBrpsV3gP/MeGIzsty0AMUUNpDwe0otnv3wIDAQAB
_dmarc 86400 IN TXT v=DMARC1; p=quarantine;
; web
@ IN A 51.195.40.128
@ IN A 109.18.84.200
www IN A 51.195.40.128
www IN A 109.18.84.200

View File

@ -1,30 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023020400 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.jean-cloud.net.
@ IN NS ns1.he.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.195.40.128
@ IN AAAA 2001:41d0:701:1100::31f
; Resolving nameserver
ns1 IN A 51.255.33.248
ns2 IN A 172.104.154.21
tetede IN A 51.255.33.248
tetede IN AAAA 2001:41d0:701:1100::31f

View File

@ -1,19 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023040300 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.jean-cloud.net.
; Resolving nameserver
ns1 IN A 51.255.33.248
ns2 IN A 172.104.154.21
radiodemo IN CNAME montbonnot.jean-cloud.net

View File

@ -1,15 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023042100 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL (min before refresh)
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248

View File

@ -1,146 +0,0 @@
$TTL 604800
@ IN SOA tetede.jean-cloud.org. contact.jean-cloud.org. (
2023082700 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
;@ IN NS max.jean-cloud.org.
@ IN NS tetede.jean-cloud.org.
@ IN NS ns1.he.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248
@ IN A 109.18.84.200
@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
; Resolving nameserver
ns2 IN A 51.255.33.248
;ns1 IN A 82.65.204.254
;mail IN CNAME vandamme
webmail IN CNAME vandamme
vimbadmin IN CNAME vandamme
www IN CNAME jean-cloud.org.
; Naming nodes
vandamme IN A 51.255.33.248
local-adrian IN A 193.33.56.94
francois IN A 54.38.189.153
nougaro IN A 172.104.154.21
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
tetede IN AAAA 2001:41d0:701:1100::31f
tetede IN A 51.195.40.128
heart IN A 109.18.84.200
;max IN A 82.65.204.254
;max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
montbonnot IN A 188.114.97.2
montbonnot IN A 188.114.96.2
montbonnot IN AAAA 2a06:98c1:3120::2
montbonnot IN AAAA 2a06:98c1:3121::2
; services
nuage IN CNAME vandamme.jean-cloud.org.
www.nuage IN CNAME vandamme.jean-cloud.org.
calc.nuage IN CNAME vandamme.jean-cloud.org.
pad.nuage IN CNAME vandamme.jean-cloud.org.
feteducourt IN CNAME vandamme.jean-cloud.org.
www.feteducourt IN CNAME vandamme.jean-cloud.org.
feteducourt2020 IN CNAME vandamme.jean-cloud.org.
www.feteducourt2020 IN CNAME vandamme.jean-cloud.org.
git IN CNAME vandamme.jean-cloud.org.
www.git IN CNAME vandamme.jean-cloud.org.
wiki-cgr IN CNAME vandamme.jean-cloud.org.
www.wiki-cgr IN CNAME vandamme.jean-cloud.org.
parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
www.parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
cousinades IN CNAME vandamme.jean-cloud.org.
www.cousinades IN CNAME vandamme.jean-cloud.org.
cousinadesi2 IN CNAME vandamme.jean-cloud.org.
www.cousinades2 IN CNAME vandamme.jean-cloud.org.
velov IN CNAME vandamme.jean-cloud.org.
www.velov IN CNAME vandamme.jean-cloud.org.
registry IN CNAME vandamme.jean-cloud.org.
www.registry IN CNAME vandamme.jean-cloud.org.
inurbe IN CNAME vandamme.jean-cloud.org.
www.inurbe IN CNAME vandamme.jean-cloud.org.
gmx-webmail IN CNAME vandamme.jean-cloud.org.
www.gmx-webmail IN CNAME vandamme.jean-cloud.org.
rpnow IN CNAME vandamme.jean-cloud.org.
www.rpnow IN CNAME vandamme.jean-cloud.org.
test.rpnow IN CNAME vandamme.jean-cloud.org.
www.test.rpnow IN CNAME vandamme.jean-cloud.org.
lalis IN CNAME vandamme.jean-cloud.org.
www.lalis IN CNAME vandamme.jean-cloud.org.
metamorphose IN CNAME vandamme.jean-cloud.org.
www.metamorphose IN CNAME vandamme.jean-cloud.org.
static IN CNAME vandamme.jean-cloud.org.
www.static IN CNAME vandamme.jean-cloud.org.
;educloud IN CNAME tetede.jean-cloud.org.
;www.educloud IN CNAME tetede.jean-cloud.org.
;educloud2 IN CNAME tetede.jean-cloud.org.
;www.educloud2 IN CNAME tetede.jean-cloud.org.
copaines IN CNAME tetede.jean-cloud.org.
www.copaines IN CNAME tetede.jean-cloud.org.
wordpress.copaines IN CNAME tetede.jean-cloud.org.
www.wordpress.copaines IN CNAME tetede.jean-cloud.org.
feministesucl34 IN CNAME tetede.jean-cloud.org.
www.feministesucl34 IN CNAME tetede.jean-cloud.org.
wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
www.wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
tracker IN CNAME tetede.jean-cloud.org.
raplacgr IN CNAME tetede.jean-cloud.org.
nc-backup IN CNAME blatte.jean-cloud.org.
gypsy IN CNAME tetede.jean-cloud.org.
shlago.wireguard.jean-cloud.net IN CNAME tetede.jean-cloud.org.
lexicographe IN CNAME tetede.jean-cloud.org.
chahut IN CNAME max.jean-cloud.org.
www.chahut IN CNAME max.jean-cloud.org.
wordpress.chahut IN CNAME max.jean-cloud.org.
www.wordpress.chahut IN CNAME max.jean-cloud.org.
grapes.chahut IN CNAME max.jean-cloud.org.
louixel IN CNAME raku.jean-cloud.org.

View File

@ -1,61 +0,0 @@
$TTL 604800
@ IN SOA tetede.jean-cloud.org. contact.jean-cloud.org. (
2023082700 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS max
@ IN NS tetede
@ IN A 109.18.84.200
@ IN A 51.255.33.248
; NS
;ns1 IN CNAME vandamme
;ns2 IN A 82.65.204.254
ns3 IN A 51.195.40.128
; Mails
@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
_imap._tcp 10800 IN SRV 0 0 0 .
_imaps._tcp 10800 IN SRV 0 1 993 mail.gandi.net.
_pop3._tcp 10800 IN SRV 0 0 0 .
_pop3s._tcp 10800 IN SRV 10 1 995 mail.gandi.net.
_submission._tcp 10800 IN SRV 0 1 465 mail.gandi.net.
gm1._domainkey 10800 IN CNAME gm1.gandimail.net.
gm2._domainkey 10800 IN CNAME gm2.gandimail.net.
gm3._domainkey 10800 IN CNAME gm3.gandimail.net.
; Website classics
webmail 10800 IN CNAME webmail.gandi.net.
www 10800 IN CNAME jean-cloud.net.
; Machines
vandamme IN A 51.255.33.248
nougaro IN A 172.104.154.21
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
tetede IN A 51.195.40.128
tetede IN AAAA 2001:41d0:701:1100::31f
heart IN A 109.18.84.200
max IN A 109.18.84.200
;max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
montbonnot IN A 188.114.97.2
montbonnot IN A 188.114.96.2
montbonnot IN AAAA 2a06:98c1:3120::2
montbonnot IN AAAA 2a06:98c1:3121::2
blatte IN A 10.98.1.2
;raku IN A 37.65.25.194
raku IN AAAA 2a02:842a:39a:4d01:b283:feff:fe4c:5dee

View File

@ -1,28 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023060100 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.jean-cloud.net.
@ IN NS ns1.he.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 213.186.33.40
;@ IN AAAA 2001:41d0:701:1100::31f
; Resolving nameserver
ns1 IN A 51.255.33.248
ns2 IN A 172.104.154.21
;benevoles IN CNAME max.jean-cloud.org.
;benevoles31 IN CNAME max.jean-cloud.org.

View File

@ -1,15 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023042100 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL (min before refresh)
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248

View File

@ -1,15 +0,0 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023042100 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL (min before refresh)
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ IN NS ns4.he.net.
@ IN NS ns5.he.net.
@ IN A 51.255.33.248

View File

@ -1,63 +0,0 @@
$TTL 604800
@ IN SOA tetede.jean-cloud.org. contact.jean-cloud.org. (
2023082700 ; Serial
604800 ; Refresh
7200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; NS
;@ IN NS max.jean-cloud.org.
@ IN NS tetede.jean-cloud.org.
; MAIL
@ IN MX 1 mx0.mail.ovh.net.
@ IN MX 5 mx1.mail.ovh.net.
@ IN MX 50 mx2.mail.ovh.net.
@ IN MX 100 mx3.mail.ovh.net.
@ IN MX 200 mx4.mail.ovh.net.
@ IN TXT "v=spf1 include:mx.ovh.com ~all"
_autodiscover._tcp IN SRV 0 0 443 mailconfig.ovh.net.
_imaps._tcp IN SRV 0 0 993 ssl0.ovh.net.
_submission._tcp IN SRV 0 0 465 ssl0.ovh.net.
; web
@ IN A 51.255.33.248
www IN CNAME vandamme.jean-cloud.org.
registry IN CNAME montbonnot.jean-cloud.org.
radionimaitre IN CNAME tetede.jean-cloud.org.
www.radionimaitre IN CNAME tetede.jean-cloud.org.
paj IN CNAME nougaro.jean-cloud.org.
www.paj IN CNAME nougaro.jean-cloud.org.
radiodemo IN CNAME tetede.jean-cloud.org.
radiodemo-back IN CNAME montbonnot.jean-cloud.org.
;autoconfig IN SRV mailconfig.ovh.net.
imap IN CNAME ssl0.ovh.net.
smtp IN CNAME ssl0.ovh.net.
mail IN CNAME ssl0.ovh.net.
pop3 IN CNAME ssl0.ovh.net.
stream.paj._ports IN TXT 9002
control.paj._ports IN TXT 9492
pa1.studios IN CNAME tetede.jean-cloud.org.
montpellier1.studios IN CNAME tetede.jean-cloud.org.
npm IN CNAME vandamme.jean-cloud.org.
www.npm IN CNAME vandamme.jean-cloud.org.
static IN CNAME vandamme.jean-cloud.org.
www.static IN CNAME vandamme.jean-cloud.org.
discordbot IN CNAME vandamme.jean-cloud.org.
www.discordbot IN CNAME vandamme.jean-cloud.org.

View File

@ -1,76 +0,0 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "oma-radio.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.oma-radio.fr";
};
zone "jean-cloud.net"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.jean-cloud.net";
};
zone "jean-cloud.org"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.jean-cloud.org";
};
zone "karnaval.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.karnaval.fr";
};
zone "amaglio.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.amaglio.fr";
};
zone "collectif-arthadie.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.collectif-arthadie.fr";
};
zone "gypsylyonfestival.com"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.gypsylyonfestival.com";
};
zone "hid"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.hid";
};
zone "compagnienouvelle.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.compagnienouvelle.fr";
};
zone "inurbe.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.inurbe.fr";
};
zone "leida.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.leida.fr";
};
zone "metamorphosemagazine.fr"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.metamorphosemagazine.fr";
};
zone "etrevivant.net"{
allow-update { none; }; # We are primary DNS
type master;
file "/etc/bind/db.etrevivant.net";
};

View File

@ -1,18 +0,0 @@
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on { any; };
listen-on-v6 { any; };
allow-update { none; };
allow-recursion { none; };
allow-recursion-on { none; };
recursion no;
notify yes;
allow-transfer {
none;
#216.218.133.2; 2001:470:600::2; //he.net
#172.104.154.21; 2a01:7e01::f03c:92ff:fecf:e815; // nougaro
};
};

View File

@ -18,19 +18,19 @@
command: gen_env.sh command: gen_env.sh
- name: Add bind conf #- name: Add bind conf
ansible.posix.synchronize: # ansible.posix.synchronize:
src: "{{ role_path }}/files/bind/" # src: "{{ role_path }}/files/bind/"
dest: "/etc/bind/" # dest: "/etc/bind/"
#
- name: make sure bind9 is started #- name: make sure bind9 is started
ansible.builtin.service: # ansible.builtin.service:
name: bind9 # name: bind9
state: started # state: started
- name: Reload service bind9, in all cases #- name: Reload service bind9, in all cases
ansible.builtin.service: # ansible.builtin.service:
name: bind9 # name: bind9
state: reloaded # state: reloaded
#- name: Start the deployer #- name: Start the deployer
# ansible.builtin.command: # ansible.builtin.command:

View File

@ -14,6 +14,16 @@
- "172.0.0.1 {{inventory_hostname}}" - "172.0.0.1 {{inventory_hostname}}"
- "::1 {{inventory_hostname}}" - "::1 {{inventory_hostname}}"
- name: Set shlago IP
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{item}}"
with_items:
- "172.0.0.1 shlago.jean-cloud.org"
- "::1 shlago.jean-cloud.org"
when: inventory_hostname in groups["shlago"]
- name: Show last changed password for security - name: Show last changed password for security
copy: copy:
dest: /etc/profile.d/user_last_passwd.sh dest: /etc/profile.d/user_last_passwd.sh

View File

@ -1,29 +0,0 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -1,7 +0,0 @@
---
# tasks file for ordiportables
- name: Prevent suspend on lid close
ansible.builtin.lineinfile:
path: /etc/systemd/logind.conf
line: HandleLidSwitch=ignore

View File

@ -6,28 +6,38 @@ Contient des scripts sh pour installer debian sur un disque dur. Qui ira ensuite
## Dossier provisioning ## Dossier provisioning
Contient Contient
- des rôles ansible pour configurer les serveurs - des rôles ansible pour configurer les serveurs
- un rôle ansible pour envoyer les services sur les serveurs - un rôle ansible pour envoyer les services sur les serveurs (rsync bête)
- des scripts maisons à envoyer sur les serveurs - des scripts maisons à envoyer sur les serveurs
- la conf DNS à envoyer sur les serveurs
## Dossier services ## Dossier services
Les services à faire tourner. Les services à faire tourner.
## scripts Chaque service qui tourne sur jean-cloud est composé :
Le script deployer.sh va pour chaque service - `deploy.sh` dun script dinstallation
- Démarrer docker-compose si besoin - `docker-compose.yaml` dun fichier docker-compose
- Copier le fichier nginx.conf dans sites-enabled si besoin (en remplaçant certaines variables) (en créant un faux certificat ssl si besoin) - `nginx_server.conf` dun fichier de conf nginx
- Démarrer et activer une interface wg si un fichier `wg-*.conf` est présent. - `deploy_http.sh` dun script de déploiement web (qui est exécuté avec lutilisateur www-data et peut être exécuté par le serveur web lui-même)
- Exécuter le script deploy.sh du service sil existe - `wg-*.sh` Script qui génère une config wireguard pour linterface *
- Exécuter le script deploy_http.sh en tant que www-data sil existe. Ce script peut également être éxécuter par nginx pour mettre à jour le site web.
Chaque élément est facultatif.
Chaque élément est éxécuté, démarré ou installé dans lordre par `deploy_service.sh`
## scripts
dans `provisioning/roles/deploy_all/files/bin`
-`deployall.sh` va pour chaque service vérifier sil doit tourner sur la machine actuelle et lance le `deploy_service.sh` si cest le cas.
- `letsencrypt.sh` va renouveler tous les certificats dont nginx a besoin (il va lire dans /etc/nginx/sites-enabled).
- `git_update.sh` récupère une copie à jour dun dépôt git (fait un clone ou pull en fonction des besoins) et sassure de ne pas garder tout lhistorique du dépôt.
Le script letsencrypt.sh va renouveler tous les certificats dont le serveur a besoin (il va lire dans /etc/nginx/sites-enabled).
## Variables ## Variables
Le script deployer.sh crée les variables Les scripts ont accès aux variables suivantes :
- DATA_DIR : là où sauvegarder des données - `DATA_DIR` : là où sauvegarder des données.
- DOCKER_DIR : dossier contenant les fichiers de déploiement du service - `DOCKER_DIR` : dossier contenant les fichiers de déploiement du service.
- HTTP_DIR : là où mettre les fichiers web si ils sont statiques. Ce dossier peut être détruit à tout moment, il nest pas sauvegardé. - `HTTP_DIR` : là où mettre les fichiers web si ils sont statiques. Ce dossier peut être détruit à tout moment, il nest pas sauvegardé.
- JC_SERVICE : le nom du dossier service. Correspond souvent à ladresse du service. - `JC_SERVICE` : le nom du dossier service. Correspond souvent à ladresse du service.
Ces variables sont ajoutées au ficher .env du service. (écrasées si existantes donc). Ces variables sont ajoutées au ficher .env du service par le script `gen_env.sh`.

View File

@ -3,7 +3,7 @@ server {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/cousinades2.jean-cloud.net/fullchain.pem; ssl_certificate /etc/letsencrypt/live/cousinades2.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cousinades2.jean-cloud.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/cousinades2.jean-cloud.net/privkey.pem;
server_name cousinades2.jean-cloud.org www.cousinades2.jean-cloud.org; server_name cousinades2.jean-cloud.net www.cousinades2.jean-cloud.net;
index index.php; index index.php;
root /data/cousinades2.jean-cloud.net/public; root /data/cousinades2.jean-cloud.net/public;

View File

@ -3,7 +3,7 @@ limit_req_zone global zone=deployer_limit:100k rate=3r/m;
server { server {
listen 443; listen 443;
listen [::]:443; listen [::]:443;
server_name $SERVER_HOST; server_name $JC_SERVICE;
ssl_certificate /etc/letsencrypt/live/deployer.jean-cloud.org/fullchain.pem; ssl_certificate /etc/letsencrypt/live/deployer.jean-cloud.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/deployer.jean-cloud.org/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/deployer.jean-cloud.org/privkey.pem;
location / { location / {

View File

@ -1,18 +1,14 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
. /docker/etrevivant.net/.env . "$DATA_DIR/.env"
. /data/etrevivant.net/.env
webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')" webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')"
webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')" webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')"
webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")" webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH"
cd "$HTTP_DIR" cd "$HTTP_DIR"
if [ -d .git ] ; then
git reset --hard origin/master
git pull --depth 1 --rebase
else
git clone --single-branch --depth 1 "$GIT_SOURCE_REPO" .
fi
rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: content/
hugo hugo

View File

@ -1,6 +0,0 @@
#!/bin/bash
set -euo pipefail
mkdir -p "$HTTP_DIR"
chown www-data:www-data "$HTTP_DIR"
sudo -u www-data git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -0,0 +1,3 @@
#!/bin/bash
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
podman run -i --rm -e GIT_SOURCE_REPO='https://git.jean-cloud.net/adrian/jean-cloud_website' -v "$HTTP_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder docker run -u 33 --rm -e GIT_SOURCE_REPO='https://git.jean-cloud.net/adrian/jean-cloud_website' -v "$HTTP_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder

View File

@ -0,0 +1,24 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/karnaval.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/karnaval.fr/privkey.pem;
server_name karnaval.fr www.karnaval.fr;
root $HTTP_DIR/;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; img-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.karnaval.fr';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

View File

@ -1,2 +0,0 @@
FROM php:7.2-fpm-alpine
RUN docker-php-ext-install mysqli

View File

@ -1,22 +0,0 @@
version: '3'
services:
php:
image: php:7.2-fpm-alpine
build: .
volumes:
- /data/lalis.fr:/usr/src/app
restart: unless-stopped
networks:
default:
ipv4_address: 172.29.11.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: 172.29.11.0/24

View File

@ -1,24 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/lalis.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lalis.fr/privkey.pem;
server_name lalis.fr lalis.jean-cloud.net www.lalis.jean-cloud.net;
root /data/lalis.fr;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 172.29.11.100:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$HTTP_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder docker run -u 33 --rm --env-file "$DATA_DIR/.env" -v "$HTTP_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder

View File

@ -1,2 +1,4 @@
#!/bin/bash #!/bin/bash
# Ce script sert à lister les IPs du répertoire courant (donc des services docker) pour savoir quels réseaux sont encore disponibles.
# On part du principe que chaque service a un réseau /24 dédié
grep -ho '172.29.[^.]\+' . -r | sort -u grep -ho '172.29.[^.]\+' . -r | sort -u

View File

@ -0,0 +1 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/metamorphose

View File

@ -0,0 +1,4 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -1,12 +1,12 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/meta-morpho.se/fullchain.pem; ssl_certificate /etc/letsencrypt/live/metamorphosemagazine.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meta-morpho.se/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/metamorphosemagazine.fr/privkey.pem;
server_name metamorphosemagazine.fr; server_name metamorphosemagazine.fr;
location / { location / {
add_header Content-language fr; add_header Content-language fr;
root /data/meta-morpho.se/src; root $HTTP_DIR/src;
index index.html; index index.html;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }

View File

@ -0,0 +1,125 @@
#!/bin/bash
. driglibash-base
set -euo pipefail
# Working variables
debian_bind_workdir="/var/cache/bind"
debian_bind_confdir="/etc/bind"
keydir="$DATA_DIR/keys"
# Install dependencies
apt install -y bind9 &>/dev/null
# Create Directories
mkdir -p "$keydir"
chown bind:bind "$keydir" -R
chown bind:bind "$debian_bind_confdir" -R
# Empty bind dir if it is not our git repo
if [ ! -d "$debian_bind_confdir/.git" ] ; then
echo "lets delete $debian_bind_confdir"
rm -rf "$debian_bind_confdir/"{*,.*}
fi
# Sync the git repo
sudo -u bind git_update.sh -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind
sudo -u bind git status
### Generate zones from service directory ###
servicefile="/docker/services.txt"
# Function that simulate a DNS resolve by reading bind zone file
# Returns all the record line:
# @ IN A X.X.X.X
fakeresolve () {
if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve <name>"
fi
name="$1"
zonefile="$debian_bind_confdir/db.jean-cloud.org"
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
}
# Function that add DNS record in the right file
addbindline () {
if [ "$#" -ne 2 ] ; then
die "Usage: addbindline <name> <target_cname>"
fi
name="$1"
target="$2"
# extract the truc.com part
domain="$(echo "$name" | grep -o '[^\.]\+\.[^\.]\+$' || true)"
[ -z "$domain" ] && return 0
# extract the subdomain part (www)
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
# bind DB file
bindfile="$debian_bind_confdir/db.$domain"
if [ -z "$shortname" ] ; then
# CNAME are forbiden for empty shortnames, so we must resolve the target IPs
while read line ; do
line_in_file "$line" "$bindfile"
done < <(fakeresolve "$target")
else
line_in_file "$shortname IN CNAME $target." "$bindfile"
fi
#XXX Add CAA records
}
autoconf_separator=";;; Autogeneration. Do not write under this line! ;;;"
echo 'Prepare bind: Remove autogenerated part from bind conf files'
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
echo 'Put the separator back'
for file in $( ls "$debian_bind_confdir"/db.* | grep -v '.signed$\|.jbk$\|.jnl$') ; do
echo "$autoconf_separator" >> "$file"
done
for file in "$debian_bind_confdir"/db.* ; do
domain="$(basename "$file" | sed 's/db.//')"
# TODO fill header too?
# If no NS record in the db file
if [ -z "$(grep '[^;].*IN.*NS' "$file")" ] ; then
echo -e "@ IN NS ns.jean-cloud.org\n" >> "$file"
fi
echo -n "
zone '$domain' {
allow-update { none; };
type master;
file \"$file\";
};" >> "$debian_bind_confdir/named.conf.local"
done
echo 'Find every used domain and add them to bind db'
while read line ; do
read -r service target <<<$(echo "$line")
addbindline "$service" "$target"
nginxfile="/docker/$service/nginx_server.conf"
if [ -f "$nginxfile" ] ; then
for name in $(extract_domain_nginx_conf.sh "$nginxfile" | template.sh "/docker/$service/.env") ; do
addbindline "$name" "$target"
done
fi
done <"$servicefile"
echo 'Restart bind9'
systemctl restart bind9

View File

@ -1,27 +0,0 @@
version: '3'
services:
registry:
restart: 'unless-stopped'
image: registry:2
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /data/registry.jean-cloud.net/data:/var/lib/registry
- /data/registry.jean-cloud.net/auth:/auth # htpasswd -Bbn admin password
networks:
default:
ipv4_address: 172.29.12.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: 172.29.12.0/24

View File

@ -1,18 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/registry.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/registry.jean-cloud.net/privkey.pem;
server_name registry.jean-cloud.net www.registry.jean-cloud.net;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
location / {
proxy_pass http://172.29.12.100:5000/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}

34
services/services.txt Normal file
View File

@ -0,0 +1,34 @@
benevoles31.karnaval.fr max.jean-cloud.org
chahut.jean-cloud.net max.jean-cloud.org
collectif-arthadie.fr vandamme.jean-cloud.org
compagnienouvelle.fr max.jean-cloud.org
copaines.jean-cloud.net max.jean-cloud.org
cousinades2.jean-cloud.net max.jean-cloud.org
cousinades.jean-cloud.net max.jean-cloud.org
etrevivant.net shlago.jean-cloud.org
feministesucl34.jean-cloud.net tetede.jean-cloud.org
feteducourt2020.jean-cloud.net tetede.jean-cloud.org
feteducourt.jean-cloud.net tetede.jean-cloud.org
grapes.chahut.jean-cloud.net max.jean-cloud.org
gypsylyonfestival.com max.jean-cloud.org
metamorphosemagazine.fr shlago.jean-cloud.org
inurbe.fr max.jean-cloud.org
jean-cloud.net shlago.jean-cloud.org
lexicographe.jean-cloud.net shlago.jean-cloud.org
nc-backup.jean-cloud.net raku.jean-cloud.org
pa1.studios.oma-radio.fr tetede.jean-cloud.org
raplacgr.jean-cloud.net tetede.jean-cloud.org
velov.jean-cloud.net shlago.jean-cloud.org
radionimaitre.oma-radio.fr tetede.jean-cloud.org
paj.oma-radio.fr nougaro.jean-cloud.org
radiodemo.oma-radio.fr tetede.jean-cloud.org
radiodemo-back.oma-radio.fr montbonnot.jean-cloud.org
pa1.studios.oma-radio.fr tetede.joun-cloud.org
leida.fr shlago.jean-cloud.org
deployer.jean-cloud.org shlago.jean-cloud.org
ns1.jean-cloud.org raku.jean-cloud.org
git.jean-cloud.net vandamme.jean-cloud.org
nuage.jean-cloud.net vandamme.jean-cloud.org
rpnow.jean-cloud.net vandamme.jean-cloud.org
wiki-cgr.jean-cloud.net vandamme.jean-cloud.org
_ssh vandamme.jean-cloud.org

View File

@ -1,15 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/static.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/static.jean-cloud.net/privkey.pem;
server_name static.oma-radio.fr www.static.oma-radio.fr static.jean-cloud.net www.static.jean-cloud.net;
root /data/static.jean-cloud.net/public/;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET';
index index.html;
try_files $uri $uri/ =404;
}
}

View File

@ -0,0 +1 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/velov

View File

@ -0,0 +1,3 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -4,7 +4,7 @@ server {
ssl_certificate /etc/letsencrypt/live/velov.jean-cloud.net/fullchain.pem; ssl_certificate /etc/letsencrypt/live/velov.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/velov.jean-cloud.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/velov.jean-cloud.net/privkey.pem;
server_name velov.jean-cloud.net www.velov.jean-cloud.net; server_name velov.jean-cloud.net www.velov.jean-cloud.net;
root /data/velov.jean-cloud.net; root $HTTP_DIR;
index index.php; index index.php;