Compare commits

..

3 Commits

Author SHA1 Message Date
19e0dc9c2f big update 2024-06-15 17:59:53 +02:00
Adrian Amaglio
38b20cf49d and again and again 2024-04-18 16:22:32 +02:00
Adrian Amaglio
815965501b wow. much updates. wow. 2024-04-18 16:20:53 +02:00
81 changed files with 948 additions and 474 deletions

View File

@ -88,6 +88,7 @@ install="$install linux-image-amd64 console-data grub2 locales vim openssh-serve
debootstrap_done_marker="$mnt/etc/debootstrap_done" debootstrap_done_marker="$mnt/etc/debootstrap_done"
uefi_mountpoint=/boot/efi uefi_mountpoint=/boot/efi
dependancies="cryptsetup locales openssh-server wireguard-tools grub2"
############################################################################### ###############################################################################
# Actual script # Actual script
############################################################################### ###############################################################################
@ -178,13 +179,12 @@ fi
mount_misc mount_misc
section "Installing selected software" section "Installing selected software"
echo "$repos" >> "$mnt/etc/apt/sources.list" echo "$repos" >> "$mnt/etc/apt/sources.list"
run chroot "$mnt" <<EOF run chroot "$mnt" <<EOF
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update -q -y apt-get update -q -y
apt-get install -q -y cryptsetup $install apt-get install -q -y $install
EOF EOF
# TODO watershed ? # TODO watershed ?

View File

@ -10,5 +10,4 @@ montbonnot.jean-cloud.org
max.jean-cloud.org max.jean-cloud.org
tetede.jean-cloud.org tetede.jean-cloud.org
raku.jean-cloud.org raku.jean-cloud.org
vandamme.jean-cloud.org
izzo.jean-cloud.org izzo.jean-cloud.org

View File

@ -22,7 +22,7 @@ if [ -d "/docker/$1" ] ; then
elif [ -d "$1" ] && [[ "$1" = /docker/* ]] ; then elif [ -d "$1" ] && [[ "$1" = /docker/* ]] ; then
service="$(basename "$1")" service="$(basename "$1")"
else else
die "/docker/$service not found" die "service $1 not found"
fi fi
if [ ! -d "$new_nginx_conf_path" ] ; then if [ ! -d "$new_nginx_conf_path" ] ; then
@ -45,6 +45,8 @@ cd "/docker/$service"
# Source and export env file # Source and export env file
[ -f .env ] && set -a && . .env && set +a [ -f .env ] && set -a && . .env && set +a
[ -f "$SECRET_DIR/.env" ] && set -a && . "$SECRET_DIR/.env" && set +a
############################################################################### ###############################################################################
@ -126,13 +128,11 @@ fi
############################################################################### ###############################################################################
# If there is a wireguard vpn script # If there is a wireguard vpn script
for file in $( find "/docker/$service" -name "wg-*.sh") ; do for file in $( find "/docker/$service" -name "wgns-*.sh") ; do
section "Managing wg interface $(basename "$file")" section "Managing wg interface $(basename "$file")"
if [ -x "$file" ] ; then if [ -x "$file" ] ; then
wgnum="$(basename "$file")" wgif="$(basename "$file")"
wgnum="${wgnum:3:-3}" wgif="${wgif:5:-3}"
varname="WG_NAME_$wgnum"
wgif="${!varname}"
if [ -z "$wgif" ] ; then if [ -z "$wgif" ] ; then
echo "No wireguard name for $file" echo "No wireguard name for $file"
returncode=1 returncode=1
@ -140,13 +140,35 @@ for file in $( find "/docker/$service" -name "wg-*.sh") ; do
fi fi
"$file" $wgif > "/etc/wireguard/$wgif.conf" "$file" $wgif > "/etc/wireguard/$wgif.conf"
if "$deploy" ; then if "$deploy" ; then
run systemctl enable "wg-quick@$wgif" #run systemctl enable "wg-quick@$wgif"
run startwg.sh "$wgif" run managewg.sh start "$wgif"
[ "$?" -ne 0 ] && echo "Erreur wireguard" && returncode=1 [ "$?" -ne 0 ] && echo "Erreur wireguard" && returncode=1
else else
if [ -z "$(ip a | grep "$wgif")" ] ; then run managewg.sh stop "$wgif"
run wg-quick down "$wgif" fi
fi fi
done
# If there is a wireguard vpn template
for file in $( find "/docker/$service" -name "wg-*.sh") ; do
section "Creating wg iface $(basename "$file")"
if [ -x "$file" ] ; then
wgif="$(basename "$file")"
wgif="${wgif:3:-3}"
if [ -z "$wgif" ] ; then
echo "No wireguard name for $file"
returncode=1
continue
fi
#run template.sh "/docker/$service/.env" < "$file" > "/etc/wireguard/$wgif.conf"
"$file" $wgif > "/etc/wireguard/$wgif.conf"
if "$deploy" ; then
run systemctl enable "wg-quick@$wgif"
run startwg.sh start "$wgif"
[ "$?" -ne 0 ] && echo "Erreur wireguard" && returncode=1
else
run managewg.sh stop "$wgif"
fi fi
fi fi
done done

View File

@ -33,6 +33,7 @@ do
#line_in_file "HOME='/data/$service'" "$dir/.env" #line_in_file "HOME='/data/$service'" "$dir/.env"
line_in_file "NET='172.29.$id'" "$dir/.env" line_in_file "NET='172.29.$id'" "$dir/.env"
line_in_file "USER='$username'" "$dir/.env" line_in_file "USER='$username'" "$dir/.env"
line_in_file "JC_ID='$id'" "$dir/.env"
cert="$(findcert.sh "$service")" || true cert="$(findcert.sh "$service")" || true
if [ -n "$cert" ] ; then if [ -n "$cert" ] ; then

View File

@ -10,6 +10,10 @@ usage[b]="Branch of git repo"
varia[b]=branch varia[b]=branch
branch=master branch=master
usage[t]="Tog of git repo"
varia[t]=tag
tag=
usage[d]="Destination of clone" usage[d]="Destination of clone"
varia[d]=dst varia[d]=dst
dst='.' dst='.'
@ -58,10 +62,18 @@ fi
run mkdir -p "$dst" run mkdir -p "$dst"
run cd "$dst" run cd "$dst"
if [ -d .git ] ; then if [ -d .git ] ; then
run git fetch origin "$branch"
run git checkout --force -B "$branch" "origin/$branch" # Compute git branch and tag
run git reset --hard tagref=
if [ -n "$tag" ] ; then
tagref="tags/$tag"
fi
run git fetch origin "$branch" --tags
run git checkout --force $tagref -B "$branch"
run git reset --hard # TODO we can keep some files?
# Preserve existing files in some cases # Preserve existing files in some cases
if ! "$nonempty_target" ; then if ! "$nonempty_target" ; then
git clean -qffdx git clean -qffdx

View File

@ -0,0 +1,64 @@
#!/bin/bash
set -euo pipefail
if [ "$#" -ne 2 ] ; then
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
exit 1
fi
action="$1"
wgif="$2"
# Command to exec in netns
run="ip netns exec $wgif"
start () {
echo "Starting $wgif"
# Create netns if needed
if ! ip netns | grep -q "$wgif" ; then
ip netns add "$wgif"
fi
# Create iface
if ! ip link | grep -q "$wgif" ; then
ip link add "$wgif" type wireguard
ip link set "$wgif" netns "$wgif"
fi
#$run wg-quick up "$wgif"
$run wg setconf "$wgif" "/etc/wireguard/$wgif.conf"
}
stop () {
echo "Stoping $wgif"
$run wg-quick down "$wgif" || true
}
reload () {
echo "Reloading $wgif"
$run wg syncconf "$wgif" <(wg-quick strip "$wgif")
}
case "$action" in
start)
if $run ip a | grep -q "$wgif" ; then
reload
else
start
fi
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
*)
echo "Invalid action $action"
;;
esac

View File

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
# Read all # Read all
# NC_SHARE_LINK_URL.* # NC_SHARE_LINK_URL.*
# NC_SHARE_LINK_PASSWORD.* # NC_SHARE_LINK_PASSWORD.*
@ -50,7 +49,7 @@ while IFS='=' read key value ; do
newname="${oldname:1}" newname="${oldname:1}"
path="$(dirname "$filename")" path="$(dirname "$filename")"
# And rename their references in md files # And rename their references in md files
find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \; find "$path" -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \;
mv "$path/$oldname" "$path/$newname" mv "$path/$oldname" "$path/$newname"
done < <(find -type d -name '.attachments.*') done < <(find -type d -name '.attachments.*')

View File

@ -2,16 +2,48 @@
set -euo pipefail set -euo pipefail
if [ "$#" -ne 1 ] ; then if [ "$#" -ne 2 ] ; then
echo "Usage: $0 <wgif>" echo "Usage: $0 <start|stop|reload|restart> <wgif>"
exit 1 exit 1
fi fi
wgif="$1" action="$1"
wgif="$2"
if [ -z "$(ip a | grep "$wgif")" ] ; then start () {
echo "Starting $wgif"
wg-quick up "$wgif" wg-quick up "$wgif"
else }
wg syncconf "$wgif" <(wg-quick strip "$wgif")
fi
stop () {
echo "Stoping $wgif"
wg-quick down "$wgif" || true
}
reload () {
echo "Reloading $wgif"
wg syncconf "$wgif" <(wg-quick strip $wgif)
}
case "$action" in
start)
if ip a | grep -q "$wgif" ; then
reload
else
start
fi
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
*)
echo "Invalid action $action"
;;
esac

View File

@ -0,0 +1,18 @@
#!/bin/bash
if [ "$#" -ne 1 ] ; then
echo "Usage: $0 <filename>"
exit 1
fi
keyfile="$1"
if [ ! -f "$keyfile" ] ; then
touch "$keyfile"
chmod 700 "$keyfile"
if [ -n "$(lsof "$keyfile")" ] ; then
echo "Error, key $keyfile is red"
exit 1
fi
wg genkey > "$keyfile"
fi

View File

@ -1,40 +0,0 @@
version: '3'
services:
app:
image: mirego/accent:v1.19.12
depends_on:
- db
environment:
- DATABASE_URL=postgres://postgres@db:5432/accent_development
restart: "unless-stopped"
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '1'
memory: 200M
db:
image: postgres:10.3
environment:
- POSTGRES_DB=accent_development
volumes:
- $DATA_DIR/db:/var/lib/postgresql/data
restart: "unless-stopped"
networks:
default:
ipv4_address: $NET.101
deploy:
resources:
limits:
cpus: '1'
memory: 300M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -0,0 +1,2 @@
GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/association-chahut.fr.git"

View File

@ -0,0 +1 @@
../hugo/deploy.sh

View File

@ -0,0 +1,21 @@
#!/bin/bash
set -euo pipefail
# Update git repo
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"
# Get remote content files
rclone_ncloud_publiclink.sh
# Invalid cache
#rm -rf "/tmp/hugo_cache_$USER"
cd themes/blist
npm install
cd ../..
npm install postcss-cli
# Build website
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo

View File

@ -0,0 +1,24 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'unsafe-inline'; img-src *; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -13,7 +13,7 @@ echo -n "" > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
# Foreach client # Foreach client
for client in raku.jean-cloud.org vandamme.jean-cloud.org ; do for client in raku.jean-cloud.org izzo.jean-cloud.org ; do
# Generate key # Generate key
clientkey="$(mktemp -d)" clientkey="$(mktemp -d)"
ssh-keygen -q -N '' -t rsa -C 'Borg client ssh key' -f "$clientkey/id_rsa" <<<y 2>&1 >/dev/null ssh-keygen -q -N '' -t rsa -C 'Borg client ssh key' -f "$clientkey/id_rsa" <<<y 2>&1 >/dev/null

View File

@ -5,6 +5,8 @@ services:
environment: environment:
UID: 33 UID: 33
MOUNT: / MOUNT: /
ports:
- "2229:2229"
volumes: volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- $DATA_DIR/app/assets:/usr/src/app/assets - $DATA_DIR/app/assets:/usr/src/app/assets

View File

@ -1,41 +0,0 @@
version: '3.1'
services:
wp:
image: wordpress:5-apache
restart: unless-stopped
env_file: $DATA_DIR/wordpress.env
volumes:
- $DATA_DIR/wordpress:/var/www/html
- /srv/http/$JC_SERVICE:/var/www/html/static
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db:
image: mariadb:10.11
restart: unless-stopped
env_file: $DATA_DIR/wordpress.env
volumes:
- $DATA_DIR/db:/var/lib/mysql
networks:
default:
ipv4_address: $NET.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,30 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE;
location / {
auth_basic "Mot de passe !";
auth_basic_user_file /data/$JC_SERVICE/pass.txt;
client_max_body_size 2G;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$NET.100;
proxy_redirect off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
location / {
root /srv/http/$JC_SERVICE;
try_files $uri $uri/ =404;
}
}

View File

@ -1,32 +0,0 @@
version: '2'
services:
coldcms:
image: coldcms/coldcms-backend:latest
volumes:
- $DATA_DIR/coldcms:/srv/build
- $DATA_DIR/db:/var/db
environment:
- DJANGO_SETTINGS_MODULE=coldcms.settings
- DB_URL=sqlite:////var/db/database.sqlite3
- BUILD_DIR=/srv/build
- STATIC_ROOT=/srv/build/static/
- ALLOWED_HOSTS=$JC_SERVICE
- SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
restart: unless-stopped
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,55 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
add_header Strict-Transport-Security "max-age=31536000";
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
gzip_min_length 1000;
gzip_proxied no-cache no-store private expired auth;
gzip_vary on;
root $HTTP_DIR;
location / {
set $try_files_value '';
if ($request_method = GET){
set $try_files_value $uri/;
}
gzip_static on;
try_files $try_files_value @uwsgi_backend;
}
location @uwsgi_backend {
uwsgi_pass $NET.100:8000;
include uwsgi_params;
client_max_body_size 20m;
}
location /media/ {
gzip_static on;
expires 100d;
add_header Cache-Control public;
access_log off;
}
location /static/ {
gzip_static on;
expires 100d;
add_header Cache-Control public;
access_log off;
}
location /admin/ {
uwsgi_pass $NET.100:8000;
include uwsgi_params;
client_max_body_size 20m;
}
}

View File

@ -3,7 +3,7 @@ version: '3.1'
services: services:
wp: wp:
image: wordpress:5.3-apache image: wordpress:6.5-apache
restart: unless-stopped restart: unless-stopped
env_file: /data/collectif-arthadie.fr/env env_file: /data/collectif-arthadie.fr/env
environment: environment:
@ -19,8 +19,8 @@ services:
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' cpus: '1'
memory: 100M memory: 500M
db: db:
image: mariadb:10.4 image: mariadb:10.4

View File

@ -0,0 +1,24 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/collectifkarafon.wixsite.com/;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index monsite.html;
try_files $uri $uri/ =404;
}
}

View File

@ -1 +1 @@
DATA_DIR=/data/compagnienouvelle.fr SFTP_USER=compagnienouvelle.frRO

View File

@ -0,0 +1 @@
../sftp_jc/deploy.sh

View File

@ -0,0 +1 @@
../sftp_jc/deploy_user.sh

View File

@ -1,43 +0,0 @@
version: '3.1'
services:
wp:
image: wordpress:5-apache
restart: unless-stopped
env_file: $DATA_DIR/wordpress.env
environment:
TZ: Europe/Paris
volumes:
- $DATA_DIR/wordpress:/var/www/html
- $DATA_DIR/static:/var/www/html/static
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db:
image: mariadb:10.7
restart: unless-stopped
environment:
TZ: Europe/Paris
volumes:
- $DATA_DIR/db:/var/lib/mysql
networks:
default:
ipv4_address: $NET.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,30 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name wordpress.compagnienouvelle.fr www.wordpress.compagnienouvelle.fr;
location / {
auth_basic "Mot de passe !";
auth_basic_user_file /data/compagnienouvelle.fr/pass.txt;
client_max_body_size 2G;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$NET.100;
proxy_redirect off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name compagnienouvelle.fr www.compagnienouvelle.fr;
location / {
root /data/compagnienouvelle.fr/static;
try_files $uri $uri/ =404;
}
}

View File

@ -0,0 +1 @@
../sftp_jc/nginx_server.conf

View File

@ -1,58 +0,0 @@
[class-ss-plugin.php:232] Received request to start generating a static archive
[class-ss-archive-creation-job.php:61] Starting a job; no job is presently running
[class-ss-archive-creation-job.php:62] Here's our task list: setup, fetch_urls, transfer_files_locally, wrapup
[class-ss-archive-creation-job.php:76] Pushing first task to queue: setup
[class-ss-archive-creation-job.php:105] Current task: setup
[class-ss-archive-creation-job.php:120] Performing task: setup
[class-ss-task.php:38] Status message: [setup] Mise en place
[class-ss-setup-task.php:23] Creating archive directory: /var/www/html/wp-content/plugins/simply-static/static-files/simply-static-1-1603638186/
[class-ss-setup-task.php:57] Adding origin URL to queue: https://wordpress.mysite.com/
[class-ss-setup-task.php:68] Adding additional URL to queue: https://wordpress.mysite.com/wp-includes/js/wp-emoji-release.min.js
[class-ss-setup-task.php:99] Adding files from directory: /var/www/html/wp-content/uploads/
[class-ss-archive-creation-job.php:142] We've found our next task: fetch_urls
[class-ss-archive-creation-job.php:105] Current task: fetch_urls
[class-ss-archive-creation-job.php:120] Performing task: fetch_urls
[class-ss-fetch-urls-task.php:37] Total pages: 2; Pages remaining: 2
[class-ss-fetch-urls-task.php:40] URL: https://wordpress.mysite.com/
[class-ss-fetch-urls-task.php:50] URL is not being excluded
[class-ss-url-fetcher.php:85] Fetching URL and saving it to: /tmp/5f9593ab13a6a-QXn1T1.tmp
[class-ss-url-fetcher.php:89] Filesize: 26432 bytes
[class-ss-url-fetcher.php:104] http_status_code: 200 | content_type: text/html; charset=UTF-8
[class-ss-url-fetcher.php:180] New filename for static page: index.html
[class-ss-url-fetcher.php:120] Renaming temp file from /tmp/5f9593ab13a6a-QXn1T1.tmp to /var/www/html/wp-content/plugins/simply-static/static-files/simply-static-1-1603638186/index.html
[class-ss-fetch-urls-task.php:99] Extracting URLs and replacing URLs in the static file
[class-ss-fetch-urls-task.php:106] Adding 0 URLs to the queue
[class-ss-fetch-urls-task.php:117] We're saving this URL; keeping the static file
[class-ss-fetch-urls-task.php:40] URL: https://wordpress.mysite.com/wp-includes/js/wp-emoji-release.min.js
[class-ss-fetch-urls-task.php:50] URL is not being excluded
[class-ss-url-fetcher.php:85] Fetching URL and saving it to: /tmp/5f9593ab2d225-A0zDVK.tmp
[class-ss-url-fetcher.php:89] Filesize: 14246 bytes
[class-ss-url-fetcher.php:104] http_status_code: 200 | content_type: application/javascript
[class-ss-url-fetcher.php:180] New filename for static page: wp-includes/js/wp-emoji-release.min.js
[class-ss-url-fetcher.php:120] Renaming temp file from /tmp/5f9593ab2d225-A0zDVK.tmp to /var/www/html/wp-content/plugins/simply-static/static-files/simply-static-1-1603638186/wp-includes/js/wp-emoji-release.min.js
[class-ss-fetch-urls-task.php:99] Extracting URLs and replacing URLs in the static file
[class-ss-fetch-urls-task.php:106] Adding 0 URLs to the queue
[class-ss-fetch-urls-task.php:117] We're saving this URL; keeping the static file
[class-ss-task.php:38] Status message: [fetch_urls] 0 pages/fichiers sur 2 générés
[class-ss-archive-creation-job.php:147] We're not done with the fetch_urls task yet
[class-ss-archive-creation-job.php:105] Current task: fetch_urls
[class-ss-archive-creation-job.php:120] Performing task: fetch_urls
[class-ss-fetch-urls-task.php:37] Total pages: 2; Pages remaining: 0
[class-ss-task.php:38] Status message: [fetch_urls] 2 pages/fichiers sur 2 générés
[class-ss-archive-creation-job.php:142] We've found our next task: transfer_files_locally
[class-ss-archive-creation-job.php:105] Current task: transfer_files_locally
[class-ss-archive-creation-job.php:120] Performing task: transfer_files_locally
[class-ss-transfer-files-locally-task.php:64] Total pages: 2; Pages remaining: 2
[class-ss-archive-creation-job.php:147] We're not done with the transfer_files_locally task yet
[class-ss-archive-creation-job.php:105] Current task: transfer_files_locally
[class-ss-archive-creation-job.php:120] Performing task: transfer_files_locally
[class-ss-transfer-files-locally-task.php:64] Total pages: 2; Pages remaining: 0
[class-ss-task.php:38] Status message: [transfer_files_locally] 2 fichiers sur 2 copiés
[class-ss-archive-creation-job.php:142] We've found our next task: wrapup
[class-ss-archive-creation-job.php:105] Current task: wrapup
[class-ss-archive-creation-job.php:120] Performing task: wrapup
[class-ss-wrapup-task.php:13] Deleting temporary files
[class-ss-task.php:38] Status message: [wrapup] Fin du processus
[class-ss-archive-creation-job.php:138] This task is done and there are no more tasks, time to complete the job
[class-ss-archive-creation-job.php:161] Completing the job
[class-ss-archive-creation-job.php:271] Status message: [done] Effectué ! Fini en 00:00:01

View File

@ -1,15 +1,11 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -u
. driglibash-base . driglibash-base
here="$(where)"
# For some variables # For some variables
. /etc/jeancloud.env . /etc/jeancloud.env
set -a
. "$here/.env"
set +a
# Test secret presence # Test secret presence
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1 [ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
@ -17,24 +13,13 @@ set +a
export workdir="$(mktemp -d)" export workdir="$(mktemp -d)"
mkdir -p "$workdir/{work,logs}" mkdir -p "$workdir/{work,logs}"
# If there is some args, populate a fake service file
if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
servicefile="$(mktemp)"
for service in "$@" ; do
echo "$service _" >> "$servicefile"
done
fi
echo "Renew existing certs" echo "Renew existing certs"
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir" certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir" || true
echo "For each service, read all possible domains" echo "For each service, read all possible domains"
while IFS=';' read -r id username service target ; do while IFS=';' read -r id username service target ; do
# TODO remove if [ -z "$service" ] ; then continue ; fi
[ "$service" = collectif-arthadie.fr ] && continue
# remove dummy cert
dummy_cert.sh "$service" remove || true
if [ -d "$DATA_DIR/certs/live/$service" ] ; then if [ -d "$DATA_DIR/certs/live/$service" ] ; then
#echo "Already exists, thats a job for renew : $service" #echo "Already exists, thats a job for renew : $service"
@ -42,12 +27,12 @@ while IFS=';' read -r id username service target ; do
fi fi
# acme # acme
"$here/acme-dns.sh" "$service" "$workdir" "$DOCKER_DIR/acme-dns.sh" "$service" "$workdir"
done < <(grep -v '^#' "$servicefile") done < <(grep -v '^#' "$servicefile")
echo "Push certs to other servers" echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') vandamme nougaro ; do for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') nougaro tetede montbonnot max raku izzo ; do
server="$srv.jean-cloud.org" server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue [ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server" echo "-- $server"

View File

@ -1,8 +0,0 @@
#!/bin/bash
set -euo pipefail
. driglibash-base
here="$(where)"
sudo -u certs bash -c "$here/run_as.sh $@"

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -0,0 +1 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/gaia

View File

@ -0,0 +1,5 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"

View File

@ -0,0 +1,13 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
location / {
add_header Content-language fr;
root $HTTP_DIR/src;
index index.html;
try_files $uri $uri/ =404;
}
}

View File

@ -1 +0,0 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs

View File

@ -1,3 +0,0 @@
#!/bin/bash
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -1,35 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name grapes.chahut.jean-cloud.net;
root $HTTP_DIR;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
#add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
auth_basic "Mot de passe !";
auth_basic_user_file $DATA_DIR/pass.txt;
location / {
index index.html;
try_files $uri $uri/ =404;
}
location /projects {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$NET.100:3000;
proxy_redirect off;
}
}

View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate $http_certs_dir/inurbe.fr/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $http_certs_dir/inurbe.fr/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE; server_name $JC_SERVICE www.$JC_SERVICE;
location / { location / {

View File

@ -1 +0,0 @@
../pelican/backup_list.sh

View File

@ -0,0 +1,32 @@
#!/bin/bash
wgif=omaLyon1
ip=10.100.100.254
run="ip netns exec $wgif"
# Create netns if needed
if ! ip netns | grep -q "$wgif" ; then
ip netns add "$wgif"
fi
# Create iface
if ! $run ip link | grep -q "$wgif" ; then
ip link add "$wgif" type wireguard
ip link set "$wgif" netns "$wgif"
fi
# Set ip
if ! $run ip -4 -o a | grep -q "$ip" ; then
$run ip a add "$ip" dev "$wgif"
fi
# Set route
if ! $run ip -4 -o r | grep -q "default dev $wgif" ; then
$run ip r add default dev "$wgif"
fi
# Up iface
$run ip link set up dev "$wgif"
# Load config
$run wg setconf "$wgif" "/etc/wireguard/$wgif.conf"

View File

@ -0,0 +1,30 @@
#!/bin/bash
set -euo pipefail
. .env
wgif="$1"
echo "
[Interface]
PrivateKey = $(cat $DATA_DIR/$wgif.wgprivatekey)
ListenPort = $((51800+$JC_ID))
#Address = 10.100.100.254/32
[Peer] # Adrian
PublicKey = p4/km7Rtl5IgYGw8OPIyE0/f8UoRbcMJwkVJ0Zyv/C8=
AllowedIPs = 10.100.100.253/32
[Peer] # Nico
PublicKey = jsXBs8tZn1sWT73xx3DWEdGAWv6SjfQ2TAxX+8pL6mU=
AllowedIPs = 10.100.100.252/32
[Peer] # Passerelle
PublicKey = ZTKOW5DE8jPO8oMh5hAw/c1MQSlUaVxInMPz9Zdwzwo=
AllowedIPs = 10.100.100.0/24,192.168.100.0/24
[Peer] # Debug
PublicKey = K9IpoUbjyN+42y0YG3OIwAPRBZcd92GnKfbYEj3RZ18=
AllowedIPs = 10.100.100.21/32
"

View File

@ -1 +1,3 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/metamorphose GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/metamorphose
GIT_SOURCE_BRANCH=master

View File

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO" git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"

View File

@ -1 +0,0 @@
version: '3'

View File

@ -0,0 +1,13 @@
#!/bin/bash
if [ ! -d venv ] ; then
virtualenv venv
fi
. venv/bin/activate
git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
pip install -r requirements.txt

View File

@ -1,9 +1,16 @@
version: '3' version: '3'
services: services:
json_server:
image: jeancloud/json-server bot:
image: jeancloud/mutubot:1
restart: unless-stopped
env_file:
- $DATA_DIR/.env
environment:
TZ: Europe/Paris
volumes: volumes:
- "$DATA_DIR:/usr/lib/json-server" - $DATA_DIR/guilds.yml:/usr/src/app/guilds.yml
networks: networks:
default: default:
ipv4_address: $NET.100 ipv4_address: $NET.100
@ -12,8 +19,10 @@ services:
limits: limits:
cpus: '0.50' cpus: '0.50'
memory: 100M memory: 100M
networks: networks:
default: default:
ipam: ipam:
config: config:
- subnet: $NET.0/24 - subnet: $NET.0/24

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -8,6 +8,7 @@ services:
environment: environment:
OMA_CONFIG_Client1Host: $NET.108 OMA_CONFIG_Client1Host: $NET.108
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_Pige: on
volumes: volumes:
- $SOUNDBASE_DIR/pige:/app/pige - $SOUNDBASE_DIR/pige:/app/pige
ports: ports:
@ -73,6 +74,11 @@ services:
networks: networks:
default: default:
ipv4_address: $NET.108 ipv4_address: $NET.108
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
#radioking: #radioking:
# image: jeancloud/liquidsoap:1.3.7 # image: jeancloud/liquidsoap:1.3.7

View File

@ -42,14 +42,14 @@ end
# Exaustive integrity check # Exaustive integrity check
def clean_and_check_all () def clean_and_check_all ()
list.iter(clean_if_old, file.ls("/soundbase/pige/")) #list.iter(clean_if_old, file.ls("/soundbase/pige/"))
list.iter(clean_and_check, file.ls("/soundbase/pige/")) list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end end
# Mux # Mux
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("LIQUIDSOAP_SOURCE_PASSWORD"))) input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
# Direct mp3 # Direct mp3
output.icecast( output.icecast(

View File

@ -0,0 +1,4 @@
#!/bin/bash
format="$(grep -oP "^[[:space:]]*log_format main '\K[^;]*(?=';$)" nginx.conf | sed 's/"/\\\\"/g')"
echo "$format"
sed -e "s/%HOST%/$(hostname)/g" -e "s/%FORMAT%/$format/g" exporter_config_template.yml > exporter_config.yml

View File

@ -0,0 +1,25 @@
version: '3'
services:
exporter:
image: quay.io/martinhelmich/prometheus-nginxlog-exporter:v1
volumes:
- /var/log/nginx:/var/log/nginx
- exporter_config.yml:/etc/exporter_config.yml
command: ["/etc/exporter_config.yml"]
restart: unless-stopped
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -0,0 +1,17 @@
listen:
port: 4040
address: "localhost"
metrics_endpoint: "/metrics"
namespaces:
- name: nginx
format: "%FORMAT%"
source:
files:
- /var/log/nginx/access.log
metrics_override:
- from: server_name
labels:
host: %HOST%
environment: "production"
histogram_buckets: [.001, .01, .1, .5, 1, 5, 10]

View File

@ -9,7 +9,7 @@ set -a
set +a set +a
# Do not run if primary exists # Do not run if primary exists
[ -d "$DATA_DIR/keys" ] && echo 'ns1 found on this host. Aborting.' && exit 0 [ -d "$DATA_DIR/keys" ] && echo 'ns1 found on this host. Aborting.' && exit 1
export keydir="" export keydir=""
runthis secondary runthis secondary

View File

@ -27,6 +27,8 @@ primary_ips=""
# IP of secondary servers (for zone transfer) # IP of secondary servers (for zone transfer)
# master.retzo.net # master.retzo.net
secondary_ips="159.69.124.127;2a01:4f8:c17:d8f2::1;" secondary_ips="159.69.124.127;2a01:4f8:c17:d8f2::1;"
# tetede
secondary_ips="${secondary_ips}51.195.40.128;"
# NS name # NS name
default_dns_name="ns.jean-cloud.org." default_dns_name="ns.jean-cloud.org."
@ -39,8 +41,8 @@ runthis () {
fi fi
prepare prepare
primary_ips="$primary_ips$(fakeresolve_ip_list tetede)" primary_ips="$primary_ips$(fakeresolve_ip_list izzo)"
secondary_ips="$secondary_ips$(fakeresolve_ip_list shlago)" secondary_ips="$secondary_ips$(fakeresolve_ip_list ns)"
line_in_file "primary_ips=\"$primary_ips\"" "$DOCKER_DIR/.env" line_in_file "primary_ips=\"$primary_ips\"" "$DOCKER_DIR/.env"
line_in_file "secondary_ips=\"$secondary_ips\"" "$DOCKER_DIR/.env" line_in_file "secondary_ips=\"$secondary_ips\"" "$DOCKER_DIR/.env"
@ -55,6 +57,7 @@ runthis () {
} }
main () { main () {
aa-disable /etc/apparmor.d/usr.sbin.named
runthis primary runthis primary
} }

View File

@ -21,11 +21,12 @@ prepare () {
fi fi
echo 'Sync the git repo' echo 'Sync the git repo'
run sudo -u bind git_update.sh -N -b main -i "$SECRET_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git' run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind cd /etc/bind
echo 'Prepare bind: Remove autogenerated part from bind conf files' echo 'Prepare bind: Remove autogenerated part from bind conf files'
rm /etc/bind/*.jnl &>/dev/null || true
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/* sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
echo 'Put the separator back' echo 'Put the separator back'
@ -39,12 +40,12 @@ restart () {
echo 'Check named conf' echo 'Check named conf'
run named-checkconf "$debian_bind_confdir/named.conf" run named-checkconf "$debian_bind_confdir/named.conf"
for db_file in $(list_db_files) ; do for db_file in $(list_db_files) ; do
domain="${db_file:3}" domain="$(basename "$db_file")"
domain="${domain:3}"
run named-checkzone "$domain" "$db_file" run named-checkzone "$domain" "$db_file"
done done
echo 'Restart named' echo 'Restart named'
rm /etc/bind/*.jnl || true
systemctl restart named systemctl restart named
} }
@ -139,15 +140,14 @@ create_primary_files () {
sed -i "s/\(@ SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file" sed -i "s/\(@ SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file"
# Add this dns server if not present # Add this dns server if not present
if [ -z "$(grep '[^;].*(IN)?.*NS.*$default_dns_name' "$new_db_file")" ] ; then if ! grep -q '[^;].*(IN)?.*NS.*' "$new_db_file" ; then
echo "@ NS $default_dns_name" >> "$new_db_file" cat default_ns >> "$new_db_file"
fi fi
# Add DS record # Add DS record
if [ -n "$(ls "$DATA_DIR/keys/K$domain"*.key)" ] ; then #if [ -n "$(ls "$DATA_DIR/keys/K$domain"*.key)" ] ; then
echo ""
#dnssec-dsfromkey "$DATA_DIR/keys/K$domain"*.key | sed "s/${domain}./@/" >> "$new_db_file" #dnssec-dsfromkey "$DATA_DIR/keys/K$domain"*.key | sed "s/${domain}./@/" >> "$new_db_file"
fi #fi
# Populate named.conf.local # Populate named.conf.local
cat >> "$debian_bind_confdir/named.conf.local" <<-EOF cat >> "$debian_bind_confdir/named.conf.local" <<-EOF

View File

@ -87,6 +87,21 @@ services:
cpus: '0.50' cpus: '0.50'
memory: 2000M memory: 2000M
collabora:
image: collabora/code
environment:
- "dictionaries=fr"
- "server_name=office.nuage.jean-cloud.net"
restart: unless-stopped
networks:
default:
ipv4_address: $NET.106
deploy:
resources:
limits:
cpus: '1'
memory: 2000M
networks: networks:
default: default:
ipam: ipam:

View File

@ -24,7 +24,7 @@ server {
ssl_certificate_key $JC_CERT/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
limit_req zone=defaultlimit burst=500 nodelay; #limit_req zone=defaultlimit burst=500 nodelay;
# Prevent nginx HTTP Server Detection # Prevent nginx HTTP Server Detection
server_tokens off; server_tokens off;
@ -76,8 +76,7 @@ server {
# only for Nextcloud like below: # only for Nextcloud like below:
include mime.types; include mime.types;
types { types {
text/javascript js mjs; text/javascript mjs;
application/wasm wasm;
} }
# Specify how to handle directories -- specifying `/index.php$request_uri` # Specify how to handle directories -- specifying `/index.php$request_uri`
@ -263,3 +262,29 @@ server {
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
} }
} }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name office.nuage.jean-cloud.net;
location / {
proxy_pass https://$NET.106:9980;
proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
proxy_set_header Host $host;
proxy_pass_header Server;
# Note you might want to pass these headers etc too.
#proxy_set_header X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
#proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -1 +0,0 @@
../hugo/deploy.sh

View File

@ -0,0 +1,2 @@
#!/bin/bash
apt install -y hugo

View File

@ -1 +0,0 @@
../hugo/deploy_user.sh

View File

@ -0,0 +1,16 @@
#!/bin/bash
set -euo pipefail
# Update git repo
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"
# Get remote content files
rclone_ncloud_publiclink.sh
# Invalid cache
#rm -rf "/tmp/hugo_cache_$USER"
# Build website
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo

View File

@ -1 +0,0 @@
../hugo/nginx_server.conf

View File

@ -0,0 +1,24 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/; img-src 'self'; font-src 'self' https://cdn.jsdelivr.net/; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

View File

@ -0,0 +1,4 @@
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
RADIO_HOST=mux.radiodemo.oma-radio.fr
USE_SSL=true
WEBSOCKET_PORT=2004

View File

@ -0,0 +1,2 @@
gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

View File

@ -0,0 +1 @@
../hugo/deploy_user.sh

View File

@ -0,0 +1,26 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
location /manager {
return 301 $scheme://mux.$JC_SERVICE/manager;
}
}

View File

@ -1,22 +1,19 @@
# This is not real CSV. Do not put separator in a field, even escaped # This is not real CSV. Do not put separator in a field, even escaped
# ID ; username ; service name ; server name # ID ; username ; service name ; server name
1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org 1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org
2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org #2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org
3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org 3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org
4;chahut.jean-cloud.net;chahut.jean-cloud.net;max.jean-cloud.org
5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org 5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org
#6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org 7;collectif-arthadie.fr;collectif-arthadie.fr;izzo.jean-cloud.org
7;collectif-arthadie.fr;collectif-arthadie.fr;vandamme.jean-cloud.org 8;compagnienouvelle.fr;compagnienouvelle.fr;shlago.jean-cloud.org
8;compagnienouvelle.fr;compagnienouvelle.fr;nougaro.jean-cloud.org 9;copaines.jean-cloud.net;copaines.jean-cloud.net;shlago.jean-cloud.org
9;copaines.jean-cloud.net;copaines.jean-cloud.net;max.jean-cloud.org
11;deployer.jean-cloud.org;deployer.jean-cloud.org;shlago.jean-cloud.org 11;deployer.jean-cloud.org;deployer.jean-cloud.org;shlago.jean-cloud.org
12;dnscerts.jean-cloud.org;dnscerts.jean-cloud.org;max.jean-cloud.org 12;dnscerts.jean-cloud.org;dnscerts.jean-cloud.org;montbonnot.jean-cloud.org
13;etrevivant.net;etrevivant.net;shlago.jean-cloud.org 13;etrevivant.net;etrevivant.net;shlago.jean-cloud.org
14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none 14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none
15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org 15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org
16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org 16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org
17;git.jean-cloud.net;git.jean-cloud.net;izzo.jean-cloud.org 17;git.jean-cloud.net;git.jean-cloud.net;izzo.jean-cloud.org
#18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org 20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org
21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org 21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org
22;leida.fr;leida.fr;shlago.jean-cloud.org 22;leida.fr;leida.fr;shlago.jean-cloud.org
@ -24,8 +21,8 @@
24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org 24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org
25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org 25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org
26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org 26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org
27;ns.jean-cloud.org;ns.jean-cloud.org;shlago.jean-cloud.org 27;ns.jean-cloud.org;ns.jean-cloud.org;nowhere
28;ns1.jean-cloud.org;ns1.jean-cloud.org;tetede.jean-cloud.org 28;ns1.jean-cloud.org;ns1.jean-cloud.org;izzo.jean-cloud.org
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org 29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org 30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org 31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
@ -33,7 +30,7 @@
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org 33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org 34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org 35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;tetede.jean-cloud.org 36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org 37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org 38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org 39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org
@ -41,7 +38,7 @@
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org 41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org 42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org 43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;max.jean-cloud.org 44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org 45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org 46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
47;backup-borg-server;backup-borg-server;montbonnot.jean-cloud.org 47;backup-borg-server;backup-borg-server;montbonnot.jean-cloud.org
@ -50,5 +47,11 @@
50;monitoring.jean-cloud.net;monitoring.jean-cloud.net;montbonnot.jean-cloud.org 50;monitoring.jean-cloud.net;monitoring.jean-cloud.net;montbonnot.jean-cloud.org
51;benevoles32.karnaval.fr;benevoles32.karnaval.fr;izzo.jean-cloud.org 51;benevoles32.karnaval.fr;benevoles32.karnaval.fr;izzo.jean-cloud.org
52;nginx_exporter;nginx_exporter;shlago.jean-cloud.org 52;nginx_exporter;nginx_exporter;shlago.jean-cloud.org
53;benevoles.karnaval.fr;benevoles.karnaval.fr;izzo.jean-cloud.org #54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org
54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org 55;gaia.jean-cloud.net;gaia.jean-cloud.net;shlago.jean-cloud.org
56;association-chahut.fr;association-chahut.fr;izzo.jean-cloud.org
57;mutubot.jean-cloud.net;mutubot.jean-cloud.net;izzo.jean-cloud.org
59;lyon1.studios.oma-radio.fr;lyon1.studios.oma-radio.fr;izzo.jean-cloud.org
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org

1 # This is not real CSV. Do not put separator in a field, even escaped
2 # ID ; username ; service name ; server name
3 1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org
4 2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org #2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org
5 3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org
4;chahut.jean-cloud.net;chahut.jean-cloud.net;max.jean-cloud.org
6 5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org
7 #6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org 7;collectif-arthadie.fr;collectif-arthadie.fr;izzo.jean-cloud.org
8 7;collectif-arthadie.fr;collectif-arthadie.fr;vandamme.jean-cloud.org 8;compagnienouvelle.fr;compagnienouvelle.fr;shlago.jean-cloud.org
9 8;compagnienouvelle.fr;compagnienouvelle.fr;nougaro.jean-cloud.org 9;copaines.jean-cloud.net;copaines.jean-cloud.net;shlago.jean-cloud.org
9;copaines.jean-cloud.net;copaines.jean-cloud.net;max.jean-cloud.org
10 11;deployer.jean-cloud.org;deployer.jean-cloud.org;shlago.jean-cloud.org
11 12;dnscerts.jean-cloud.org;dnscerts.jean-cloud.org;max.jean-cloud.org 12;dnscerts.jean-cloud.org;dnscerts.jean-cloud.org;montbonnot.jean-cloud.org
12 13;etrevivant.net;etrevivant.net;shlago.jean-cloud.org
13 14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none
14 15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org
15 16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org
16 17;git.jean-cloud.net;git.jean-cloud.net;izzo.jean-cloud.org
#18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
17 20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org
18 21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org
19 22;leida.fr;leida.fr;shlago.jean-cloud.org
21 24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org
22 25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org
23 26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org
24 27;ns.jean-cloud.org;ns.jean-cloud.org;shlago.jean-cloud.org 27;ns.jean-cloud.org;ns.jean-cloud.org;nowhere
25 28;ns1.jean-cloud.org;ns1.jean-cloud.org;tetede.jean-cloud.org 28;ns1.jean-cloud.org;ns1.jean-cloud.org;izzo.jean-cloud.org
26 29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
27 30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
28 31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
30 33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
31 34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
32 35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
33 36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;tetede.jean-cloud.org 36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
34 37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
35 38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
36 39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org
38 41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
39 42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
40 43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
41 44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;max.jean-cloud.org 44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
42 45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
43 46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
44 47;backup-borg-server;backup-borg-server;montbonnot.jean-cloud.org
47 50;monitoring.jean-cloud.net;monitoring.jean-cloud.net;montbonnot.jean-cloud.org
48 51;benevoles32.karnaval.fr;benevoles32.karnaval.fr;izzo.jean-cloud.org
49 52;nginx_exporter;nginx_exporter;shlago.jean-cloud.org
50 53;benevoles.karnaval.fr;benevoles.karnaval.fr;izzo.jean-cloud.org #54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org
51 54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org 55;gaia.jean-cloud.net;gaia.jean-cloud.net;shlago.jean-cloud.org
52 56;association-chahut.fr;association-chahut.fr;izzo.jean-cloud.org
53 57;mutubot.jean-cloud.net;mutubot.jean-cloud.net;izzo.jean-cloud.org
54 59;lyon1.studios.oma-radio.fr;lyon1.studios.oma-radio.fr;izzo.jean-cloud.org
55 60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
56 61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
57 62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org

View File

@ -11,6 +11,7 @@ services:
- $DATA_DIR/home:/home - $DATA_DIR/home:/home
- $DATA_DIR/home/leida/public:/home/leidaRO/public:ro - $DATA_DIR/home/leida/public:/home/leidaRO/public:ro
- $DATA_DIR/home/chiloe/public:/home/chiloeRO/public:ro - $DATA_DIR/home/chiloe/public:/home/chiloeRO/public:ro
- $DATA_DIR/home/compagnienouvelle.fr/public:/home/compagnienouvelle.frRO/public:ro
ports: ports:
- '2929:22' - '2929:22'

View File

@ -19,6 +19,6 @@ DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
DOCKER_INSTANCES_SUFIX=-1 DOCKER_INSTANCES_SUFIX=-1
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
USE_SSL=true USE_SSL=true
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1 MANAGER_VERSION=3.0.0
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1 PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
RADIO_HOST=radiodemo.oma-radio.fr RADIO_HOST=radiodemo.oma-radio.fr

View File

@ -1,3 +1,8 @@
#!/bin/bash #!/bin/bash
git_update.sh -b dev -i "$DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git apt install -y nodejs npm
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
#cd /app
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
#npm update
#EOF

View File

@ -6,6 +6,9 @@ services:
environment: environment:
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
OMA_CONFIG_Client2: off
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
OMA_CONFIG_Client2Port: 9003
volumes: volumes:
- $SOUNDBASE_DIR:/app/soundBase - $SOUNDBASE_DIR:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
@ -75,6 +78,7 @@ services:
system_api: system_api:
image: jeancloud/system-api:dev image: jeancloud/system-api:dev
env_file: .env env_file: .env
environment:
UID: 33 UID: 33
SOUNDBASE_PATH: /soundbase SOUNDBASE_PATH: /soundbase
MOUNT: /api MOUNT: /api

View File

@ -114,6 +114,7 @@ server {
# Admin interface # Admin interface
location /manager { location /manager {
alias $HTTP_DIR/manager/dist;
auth_basic "Entrez votre identifiant et mot de passe"; auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;

View File

@ -0,0 +1,24 @@
NET=10.29.0
TELECOM=.101
ICECAST=.110
WEBSERVER=.105
SYSTEM_API=.107
TZ=Europe/Paris
OMA_DOCKER_VERSION=dev
WEBSOCKET_PORT=2004
TELECOM_SERVER_PORT=3494
OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr
OMA_CONFIG_TelecommandePort=3494
MUX_SERVER_PORT=9004
RADIO_NAME_SIMPLE=radiodemo
OMA_CONFIG_NomRadio=radiodemo
OMA_CONFIG_LogLevel=8
RADIO_NAME_PRETTY="Radio Démo"
COMPOSE_NAME=soundbaseradiodemooma-radiofr
DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
USE_SSL=true
MANAGER_VERSION=3.0.0
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
RADIO_HOST=radiodemo.oma-radio.fr

View File

@ -0,0 +1,8 @@
#!/bin/bash
apt install -y nodejs npm
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
#cd /app
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
#npm update
#EOF

View File

@ -0,0 +1,36 @@
#!/bin/bash
#if [ -d "$DATA_DIR/core" ] ; then
# git_update.sh -b dev -i "$DATA_DIR/gitlab-deploy.sshprivkey" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git
#fi
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
mkdir -p "$HTTP_DIR/manager"
git_update.sh -b 'v3' -i "$SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
cd "$HTTP_DIR/manager"
npm install
#npm audit fix
npm run build
#semver_prefix="3."
## Get available versions
#json="$(curl 'https://gitlab.com/api/v4/projects/omaradio%2Fsingle-manager/packages?order_by=version&sort=desc&package_name=manager&status=default' )"
#
## Get the latest one
#latest="$(echo "$json" | grep -Po '"version":"\K'"$semver_prefix"'[^"]+"' | tr -d '"' | sort -g | tail -n 1)"
#if [ -z "$latest" ] ; then
# echo "Version is empty"
# exit 1
#fi
#
## Get associated link
#link="$(echo "$json" | jq ".[] | select(.version? | match(\"$latest\")) | ._links.web_path" | sed -e 's/^"//' -e 's/"$//')"
#if [ -z "$link" ] ; then
# echo "Link is empty"
# exit 1
#fi
#
#cd "$HTTP_DIR"
#wget https://gitlab.com/omaradio/single-manager/-/package_files/117195410/download -O - | tar xz

View File

@ -0,0 +1,130 @@
version: '3'
services:
anthracite_jukebox:
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
OMA_CONFIG_Client2: off
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
OMA_CONFIG_Client2Port: 9003
volumes:
- $SOUNDBASE_DIR:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
restart: unless-stopped
networks:
default:
ipv4_address: $NET.102
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
azurite_jukebox_simulator:
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
env_file: .env
volumes:
- $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.103
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
# aventurine_transcode:
# image: jeancloud/transcode:$OMA_DOCKER_VERSION
# env_file: .env
# restart: unless-stopped
agate_importer:
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
env_file: .env
volumes:
- $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.104
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
rubis_base_mg:
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
env_file: .env
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.106
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
system_api:
image: jeancloud/system-api:dev
env_file: .env
environment:
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /api
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
#ammolite_mp3_addon:
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
# env_file: .env
# environment:
# OMA_CONFIG_PigePrefix: /opt
# restart: unless-stopped
# volumes:
# - $SOUNDBASE_DIR:/app/soundbase
# networks:
# default:
# ipv4_address: $NET.109
# deploy:
# resources:
# limits:
# cpus: '0.05'
# doxy:
# image: qnib/doxy
# volumes:
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
# - /var/run/docker.sock:/var/run/docker.sock
# environment:
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -0,0 +1,20 @@
function extract_ports_from_compose {
if [ "$#" -ne 1 ] ; then
echo "function extract_ports_from_dockerfile needs 1 parameter : docker-compose file" >&2
exit 1
fi
ports=false
while read line ; do
if [ "$line" = 'ports:' ] ; then
ports=true
elif "$ports" ; then
if [[ "$line" != -* ]] ; then
ports=false
else
echo $line | tr -d ' ' | tail -c +2
fi
fi
done < docker-compose.yml
}
extract_ports_from_compose docker-compose.yml | ../_deployer/template.sh .env

View File

@ -0,0 +1,122 @@
# Parameters:
# radio name
# file path
# ws port (local)
# wss port (open)
# upload service port
# ssl certs location
# TODO
# /speedtest-down returns random data
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
# /speedtest-up just eat everything it can
server {
listen 80;
listen [::]:80;
server_name $JC_SERVICE;
root $SOUNDBASE_DIR/website;
index index.html;
location ~ /api(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /api;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /pige{
alias $SOUNDBASE_DIR/pige;
try_files $uri $uri/ =404;
}
location /png {
alias $SOUNDBASE_DIR/png;
try_files $uri $uri/ =404;
}
location /webpL {
alias $SOUNDBASE_DIR/webpL;
try_files $uri $uri/ =404;
}
location /webpH {
alias $SOUNDBASE_DIR/webpH;
try_files $uri $uri/ =404;
}
location /ogg {
alias $SOUNDBASE_DIR/ogg;
try_files $uri $uri/ =404;
}
location /txt {
alias $SOUNDBASE_DIR/txt;
try_files $uri $uri/ =404;
}
location /wavM {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/wavM;
try_files $uri $uri/ =404;
}
location /import {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/import;
try_files $uri $uri/ =404;
}
location /export {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/export;
try_files $uri $uri/ =404;
}
location /wav {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/wav;
try_files $uri $uri/ =404;
}
location /fic {
alias $SOUNDBASE_DIR/fic;
try_files $uri $uri/ =404;
}
location /prg {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/prg;
try_files $uri $uri/ =404;
}
location /lst {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/lst;
try_files $uri $uri/ =404;
}
location /statique {
alias $SOUNDBASE_DIR/statique;
try_files $uri $uri/ =404;
}
# Admin interface
location /manager {
alias $HTTP_DIR/manager/dist;
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
try_files $uri $uri/ =404;
}
}

View File

@ -0,0 +1,20 @@
#!/bin/bash
set -euo pipefail
. .env
[ -f "$DATA_DIR/soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
echo "
[Interface]
PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey")
Address = 10.29.60.1/32
ListenPort = 55860
[Peer]
PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ=
AllowedIPs = 10.29.60.254/32
Endpoint = mux.radiokipik.org:55825
PersistentKeepalive = 30
"