diff --git a/.env.dist b/.env.dist new file mode 120000 index 0000000..4e779e1 --- /dev/null +++ b/.env.dist @@ -0,0 +1 @@ +../.env.dist \ No newline at end of file diff --git a/.gitignore b/.gitignore index 12a24fb..8446df1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ vhost.d .env .cache .terraform.lock.hcl +alpine.answers \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..c417619 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,82 @@ +--- +version: '3' + +silent: false + +vars: + CONFIG_PATHS: | + /zroot/vm/.templates/alpine.conf + SERVICES: "haproxy apache24 nginx plexmediaserver" + SERVICE_PORTS: 80 443 22 32400 + command: 'echo $(whoami)@$(hostname -f)' + +dotenv: + - .env +env: + GITLAB_PROJECT_ID: '{{ .stashapp_project_id }}' + GITLAB_PROJECT_SLUG: stashapp + +tasks: + default: + - task: services + + run: ssh -tt "$stashapp_domain" '{{.command}}' + run-root: ssh -qtt "$stashapp_domain" 'su -l root -c "{{.command}}"' + host-run: ssh -tt "$stashbox_domain" '{{.command}}' + host-run-root: ssh -qtt "$stashbox_domain" 'su -l root -c "{{.command}}"' + + exec: + - task: run + vars: + command: "{{.CLI_ARGS}}" + exec-root: + - task: run-root + vars: + command: "{{.CLI_ARGS}}" + exec-host: + - task: host-run + vars: + command: "{{.CLI_ARGS}}" + exec-host-root: + - task: host-run-root + vars: + command: "{{.CLI_ARGS}}" + + services: + - task: run + vars: + command: docker ps + host-services: + - task: host-run-root + vars: + command: vm list + + # Terraform + plan: + - task: tf + vars: + CLI_ARGS: plan + apply: + - task: tf + vars: + CLI_ARGS: apply + tf: source .env; terraform init; terraform {{.CLI_ARGS}} + + # Utilities + printenv: source .env; printenv + path-update: echo scp "{{.local_path}}" "$stashapp_domain:{{.remote_path}}" + path-backup: scp "$stashapp_domain:{{.remote_path}}" "./.$(basename {{.remote_path}})-$(date +%s)" || echo "No file found." + path-diff: + - task: path-backup + vars: + remote_path: "{{.remote_path}}" + - diff "$(ls -c .$(basename {{.remote_path}})-*|head -n1)" "$(basename {{.remote_path}})" || [ "$?" == "1" ] + safe-update: + - task: path-backup + vars: + remote_path: "{{.remote_path}}" + - echo scp "$(basename {{.remote_path}})" "$stashapp_domain:{{.remote_path}}" + - task: path-diff + vars: + remote_path: "{{.remote_path}}" + diff --git a/alpine-lts.config b/alpine-lts.config new file mode 100644 index 0000000..3e1330c --- /dev/null +++ b/alpine-lts.config @@ -0,0 +1,11 @@ +loader="grub" +cpu=2 +memory=8G +network0_type="virtio-net" +network0_switch="feed" +disk0_type="nvme" +disk0_name="disk0.img" +grub_install0="linux /boot/vmlinuz-lts initrd=/boot/initramfs-lts alpine_dev=cdrom:iso9660 modules=loop,squashfs,sd-mod,usb-storage,sr-mod" +grub_install1="initrd /boot/initramfs-lts" +grub_run0="linux /boot/vmlinuz-lts root=/dev/vda3 modules=ext4" +grub_run1="initrd /boot/initramfs-lts" diff --git a/alpine-setup.sh b/alpine-setup.sh new file mode 100644 index 0000000..7caf3a7 --- /dev/null +++ b/alpine-setup.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +cp /etc/apk/repositories /root/repositories.backup +sed 's/^#\(.\+v3.19/community\)$/\1/' /etc/apk/repositories > /root/repositories.edited +chmod 644 /root/repositories.edited +mv /root/repositories.edited /etc/apk/repositories + +apk add --update \ + git \ + docker \ + docker-compose + +service docker start +rc-update add docker boot diff --git a/dns.tf b/dns.tf index dd7ec3e..301dfa2 100644 --- a/dns.tf +++ b/dns.tf @@ -6,48 +6,77 @@ terraform { } } - backend "http" { - address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app" - lock_address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock" - unlock_address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock" - lock_method = "POST" - unlock_method = "DELETE" - retry_wait_min = 5 - } + backend "http" {} } provider "namecheap" {} -variable "host-rproxy" { +variable "stashbox_ip4_ext" { type = string - default = "rprxy.saline.o4data.net." + default = "0.0.0.0" } -resource "namecheap_domain_records" "othonotes" { - domain = "othonotes.com" - record { - hostname = "@" - address = var.host-rproxy - type = "ALIAS" - ttl = 300 - } - record { - hostname = "www" - address = "othonotes.com." - type = "CNAME" - } +variable "stashbox_domain" { + type = string + default = "web.stash" } -resource "namecheap_domain_records" "othostash" { - domain = "othostash.com" +variable "stashapp_addr" { + type = string + default = "::2" +} + +variable "stashapp_domain" { + type = string + default = "app.stash" +} + +variable "stashapp_notes_domain" { + type = string + default = "notes.stash" +} + +resource "namecheap_domain_records" "stash" { + domain = var.stashbox_domain record { - hostname = "websites" - address = var.host-rproxy + hostname = "app" + address = var.stashapp_addr + type = "AAAA" + ttl = 1799 + } + record { + hostname = "app" + address = var.stashbox_ip4_ext + type = "A" + ttl = 1799 + } + record { + hostname = "clippings" + address = var.stashapp_domain type = "CNAME" } record { hostname = "browse" - address = var.host-rproxy + address = var.stashapp_domain type = "CNAME" } } + +# resource "namecheap_domain_records" "notes" { +# domain = var.stashapp_notes_domain +# record { +# hostname = "www" +# address = var.stashapp_addr +# type = "AAAA" +# } +# record { +# hostname = "www" +# address = var.stashbox_ip4_ext +# type = "A" +# } +# record { +# hostname = "@" +# type = "CNAME" +# address = "www.${var.stashapp_notes_domain}" +# } +# } diff --git a/docker-compose.yml b/docker-compose.yml index 74d33d2..6d7bcd0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,82 +14,8 @@ networks: external: false services: - trilium: - image: zadam/trilium - container_name: trilium - restart: always - environment: - - VIRTUAL_PORT=8080 - - VIRTUAL_HOST=${notebook_domain_list} - - LETSENCRYPT_HOST=${notebook_domain_list} - - TRILIUM_DATA_DIR=/home/node/data - volumes: - - ./.data/trilium:/home/node/data - networks: - - proxy - - filestash: - container_name: filestash - image: machines/filestash - restart: always - environment: - - VIRTUAL_PORT=8334 - - VIRTUAL_HOST=${filemanager_domain} - - LETSENCRYPT_HOST=${filemanager_domain} - - APPLICATION_URL=${filemanager_domain} - - ONLYOFFICE_URL=http://onlyoffice - volumes: - - .data/filestash:/app/data - networks: - - proxy - - onlyoffice - - onlyoffice: - container_name: onlyoffice - image: onlyoffice/documentserver - restart: always - networks: - - onlyoffice - security_opt: - - seccomp:unconfined - - - archivebox: - image: ${DOCKER_IMAGE:-archivebox/archivebox:master} - container_name: archivebox - command: server --quick-init 0.0.0.0:8000 - environment: - - VIRTUAL_PORT=8000 - - VIRTUAL_HOST=${webarchive_domain_list} - - LETSENCRYPT_HOST=${webarchive_domain_list} - - MEDIA_MAX_SIZE=750m - - SEARCH_BACKEND_ENGINE=sonic - - SEARCH_BACKEND_HOST_NAME=sonic - - SEARCH_BACKEND_PASSWORD=${pw_sonic} - volumes: - - ./.data/archivebox:/data - networks: - - proxy - - archivebox - - sonic: - image: valeriansaliou/sonic:v1.3.0 - container_name: sonic - expose: - - 1491 - environment: - - SEARCH_BACKEND_PASSWORD=${pw_sonic} - volumes: - - ./sonic.cfg:/etc/sonic.cfg:ro - - sonic:/var/lib/sonic/store - networks: - - archivebox - -####################################3 -## nginx proxy - nginx-proxy: - image: nginxproxy/nginx-proxy + image: ${stashapp_rproxy_image} container_name: nginx-proxy restart: always ports: @@ -104,9 +30,8 @@ services: - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy - letsencrypt-companion: - image: nginxproxy/acme-companion + image: ${stashapp_acme_image} container_name: acme-companion restart: always volumes: @@ -119,3 +44,74 @@ services: - proxy depends_on: - nginx-proxy + trilium: + image: ${stashapp_trilium_image} + container_name: trilium + restart: always + environment: + - VIRTUAL_PORT=8080 + - VIRTUAL_HOST="${notes_domain},www.${notes_domain}" + - LETSENCRYPT_HOST="${notes_domain},www.${notes_domain}" + - TRILIUM_DATA_DIR=/home/node/data + volumes: + - ./.data/trilium:/home/node/data + networks: + - proxy + + filestash: + image: ${stashapp_filestash_image} + container_name: filestash + restart: always + environment: + - VIRTUAL_PORT=8334 + - VIRTUAL_HOST=${browse_domain} + - LETSENCRYPT_HOST=${browse_domain} + - APPLICATION_URL=${browse_domain} + - ONLYOFFICE_URL=http://onlyoffice + volumes: + - .data/filestash:/app/data + networks: + - proxy + - onlyoffice + + onlyoffice: + image: ${stashapp_onlyoffice_image} + container_name: onlyoffice + restart: always + networks: + - onlyoffice + security_opt: + - seccomp:unconfined + + + archivebox: + image: ${stashapp_archivebox_image} + container_name: archivebox + command: server --quick-init 0.0.0.0:8000 + environment: + - VIRTUAL_PORT=8000 + - VIRTUAL_HOST="${clippings_domain},www.${clippings_domain}" + - LETSENCRYPT_HOST="${clippings_domain},www.${clippings_domain}" + - MEDIA_MAX_SIZE=750m + - SEARCH_BACKEND_ENGINE=sonic + - SEARCH_BACKEND_HOST_NAME=sonic + - SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw} + volumes: + - ./.data/archivebox:/data + networks: + - proxy + - archivebox + + sonic: + image: ${stashapp_sonic_image} + container_name: sonic + expose: + - 1491 + environment: + - SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw} + volumes: + - ./sonic.cfg:/etc/sonic.cfg:ro + - sonic:/var/lib/sonic/store + networks: + - archivebox + diff --git a/vhost.d/default b/vhost.d/default deleted file mode 100644 index 5e59aa4..0000000 --- a/vhost.d/default +++ /dev/null @@ -1,10 +0,0 @@ -## Start of configuration add by letsencrypt container -location ^~ /.well-known/acme-challenge/ { - auth_basic off; - auth_request off; - allow all; - root /usr/share/nginx/html; - try_files $uri =404; - break; -} -## End of configuration add by letsencrypt container diff --git a/vhost.d/othonotes.com b/vhost.d/othonotes.com deleted file mode 100644 index 44d7e50..0000000 --- a/vhost.d/othonotes.com +++ /dev/null @@ -1,11 +0,0 @@ -## Start of configuration add by letsencrypt container -location ^~ /.well-known/acme-challenge/ { - auth_basic off; - auth_request off; - allow all; - root /usr/share/nginx/html; - try_files $uri =404; - break; -} -## End of configuration add by letsencrypt container -#client_max_body_size 10G diff --git a/vhost.d/www.othonotes.com b/vhost.d/www.othonotes.com deleted file mode 100644 index 44d7e50..0000000 --- a/vhost.d/www.othonotes.com +++ /dev/null @@ -1,11 +0,0 @@ -## Start of configuration add by letsencrypt container -location ^~ /.well-known/acme-challenge/ { - auth_basic off; - auth_request off; - allow all; - root /usr/share/nginx/html; - try_files $uri =404; - break; -} -## End of configuration add by letsencrypt container -#client_max_body_size 10G diff --git a/vm-setup.sh b/vm-setup.sh new file mode 100644 index 0000000..a3cb42f --- /dev/null +++ b/vm-setup.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +## For FreeBSD with vm-bhyve and ZFS. + +zfs create data/vm +vm datastore add stashvm zfs:data/vm +vm create -d stashvm -t alpine -s 1T -m 8G -c 2 stashapp +## Add `vm_list="stashapp"` to rc.conf. + +vm switch create feed +vm switch add feed re1 +## Update network in /data/vm/stashapp/stashapp.conf + +## Change disk type to "nvme" in stashapp.conf + +vm install stashapp /zroot/vm/.iso/alpine-standard-3.19.1-x86_64.iso +vm console stashapp +