Update for FreeBSD migration.

.env.dist

@@ -0,0 +1 @@
+../.env.dist

.gitignore

@@ -4,3 +4,4 @@ vhost.d
 .env
 .cache
 .terraform.lock.hcl
+alpine.answers

Taskfile.yml

@@ -0,0 +1,82 @@
+---                                                                                                                               
+version: '3'                                                                                                                      
+                                                                                                                                  
+silent: false                                                                                                                      
+                                                                                                                                  
+vars:                                                                                                                             
+  CONFIG_PATHS: |                                                                                                                 
+    /zroot/vm/.templates/alpine.conf
+  SERVICES: "haproxy apache24 nginx plexmediaserver"                                                                              
+  SERVICE_PORTS: 80 443 22 32400                                                                                                  
+  command: 'echo $(whoami)@$(hostname -f)'                                                                                        
+                                                                                                                                  
+dotenv:                                                                                                                           
+  - .env   
+env:
+  GITLAB_PROJECT_ID: '{{ .stashapp_project_id }}'
+  GITLAB_PROJECT_SLUG: stashapp
+
+tasks:
+  default:
+    - task: services
+
+  run: ssh -tt "$stashapp_domain" '{{.command}}'
+  run-root: ssh -qtt "$stashapp_domain" 'su -l root -c "{{.command}}"'
+  host-run: ssh -tt "$stashbox_domain" '{{.command}}'
+  host-run-root: ssh -qtt "$stashbox_domain" 'su -l root -c "{{.command}}"'
+
+  exec:
+    - task: run
+      vars:
+        command: "{{.CLI_ARGS}}"
+  exec-root:
+    - task: run-root
+      vars:
+        command: "{{.CLI_ARGS}}"
+  exec-host:
+    - task: host-run
+      vars:
+        command: "{{.CLI_ARGS}}"
+  exec-host-root:
+    - task: host-run-root
+      vars:
+        command: "{{.CLI_ARGS}}"
+
+  services:
+    - task: run
+      vars:
+        command: docker ps
+  host-services:
+    - task: host-run-root
+      vars:
+        command: vm list
+
+  # Terraform
+  plan:
+    - task: tf
+      vars:
+        CLI_ARGS: plan
+  apply:
+    - task: tf
+      vars:
+        CLI_ARGS: apply
+  tf: source .env; terraform init; terraform {{.CLI_ARGS}}
+
+  # Utilities
+  printenv: source .env; printenv
+  path-update: echo scp "{{.local_path}}" "$stashapp_domain:{{.remote_path}}"
+  path-backup: scp "$stashapp_domain:{{.remote_path}}" "./.$(basename {{.remote_path}})-$(date +%s)" || echo "No file found."
+  path-diff:
+    - task: path-backup
+      vars:
+        remote_path: "{{.remote_path}}"
+    - diff "$(ls -c .$(basename {{.remote_path}})-*|head -n1)" "$(basename {{.remote_path}})" || [ "$?" == "1" ]
+  safe-update:
+    - task: path-backup
+      vars:
+        remote_path: "{{.remote_path}}"
+    - echo scp "$(basename {{.remote_path}})" "$stashapp_domain:{{.remote_path}}"
+    - task: path-diff
+      vars:
+        remote_path: "{{.remote_path}}"
+

alpine-lts.config

@@ -0,0 +1,11 @@
+loader="grub"
+cpu=2
+memory=8G
+network0_type="virtio-net"
+network0_switch="feed"
+disk0_type="nvme"
+disk0_name="disk0.img"
+grub_install0="linux /boot/vmlinuz-lts initrd=/boot/initramfs-lts alpine_dev=cdrom:iso9660 modules=loop,squashfs,sd-mod,usb-storage,sr-mod"
+grub_install1="initrd /boot/initramfs-lts"
+grub_run0="linux /boot/vmlinuz-lts root=/dev/vda3 modules=ext4"
+grub_run1="initrd /boot/initramfs-lts"

alpine-setup.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+cp /etc/apk/repositories /root/repositories.backup
+sed 's/^#\(.\+v3.19/community\)$/\1/' /etc/apk/repositories > /root/repositories.edited
+chmod 644 /root/repositories.edited
+mv /root/repositories.edited /etc/apk/repositories
+
+apk add --update \
+    git \
+    docker \
+    docker-compose
+
+service docker start
+rc-update add docker boot

dns.tf

@@ -6,48 +6,77 @@ terraform {
     }
   }
 
-  backend "http" {
+  backend "http" {}
-    address        = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app"
-    lock_address   = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock"
-    unlock_address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock"
-    lock_method    = "POST"
-    unlock_method  = "DELETE"
-    retry_wait_min = 5
-  }
 }
 
 provider "namecheap" {}
 
-variable "host-rproxy" {
+variable "stashbox_ip4_ext" {
   type    = string
-  default = "rprxy.saline.o4data.net."
+  default = "0.0.0.0"
 }
 
-resource "namecheap_domain_records" "othonotes" {
+variable "stashbox_domain" {
-  domain = "othonotes.com"
+  type    = string
-  record {
+  default = "web.stash"
-    hostname = "@"
-    address  = var.host-rproxy
-    type     = "ALIAS"
-    ttl      = 300
-  }
-  record {
-    hostname = "www"
-    address  = "othonotes.com."
-    type     = "CNAME"
-  }
 }
 
-resource "namecheap_domain_records" "othostash" {
+variable "stashapp_addr" {
-  domain = "othostash.com"
+  type    = string
+  default = "::2"
+}
+
+variable "stashapp_domain" {
+  type    = string
+  default = "app.stash"
+}
+
+variable "stashapp_notes_domain" {
+  type    = string
+  default = "notes.stash"
+}
+
+resource "namecheap_domain_records" "stash" {
+  domain = var.stashbox_domain
   record {
-    hostname = "websites"
+    hostname = "app"
-    address  = var.host-rproxy
+    address  = var.stashapp_addr
+    type     = "AAAA"
+    ttl      = 1799
+  }
+  record {
+    hostname = "app"
+    address  = var.stashbox_ip4_ext
+    type     = "A"
+    ttl      = 1799
+  }
+  record {
+    hostname = "clippings"
+    address  = var.stashapp_domain
     type     = "CNAME"
   }
   record {
     hostname = "browse"
-    address  = var.host-rproxy
+    address  = var.stashapp_domain
     type     = "CNAME"
   }
 }
+
+# resource "namecheap_domain_records" "notes" {
+#   domain = var.stashapp_notes_domain
+#   record {
+#     hostname = "www"
+#     address  = var.stashapp_addr
+#     type     = "AAAA"
+#   }
+#   record {
+#     hostname = "www"
+#     address  = var.stashbox_ip4_ext
+#     type     = "A"
+#   }
+#   record {
+#     hostname = "@"
+#     type     = "CNAME"
+#     address  = "www.${var.stashapp_notes_domain}"
+#   }
+# }

docker-compose.yml

@@ -14,82 +14,8 @@ networks:
     external: false
 
 services:
-  trilium:
-    image: zadam/trilium
-    container_name: trilium
-    restart: always
-    environment:                    
-      - VIRTUAL_PORT=8080
-      - VIRTUAL_HOST=${notebook_domain_list}
-      - LETSENCRYPT_HOST=${notebook_domain_list}
-      - TRILIUM_DATA_DIR=/home/node/data
-    volumes:
-      - ./.data/trilium:/home/node/data
-    networks:
-      - proxy
-
-  filestash:
-    container_name: filestash
-    image: machines/filestash
-    restart: always
-    environment:
-      - VIRTUAL_PORT=8334
-      - VIRTUAL_HOST=${filemanager_domain}
-      - LETSENCRYPT_HOST=${filemanager_domain}
-      - APPLICATION_URL=${filemanager_domain}
-      - ONLYOFFICE_URL=http://onlyoffice
-    volumes:
-      - .data/filestash:/app/data
-    networks:
-      - proxy
-      - onlyoffice
-
-  onlyoffice:
-    container_name: onlyoffice
-    image: onlyoffice/documentserver
-    restart: always
-    networks:
-      - onlyoffice
-    security_opt:
-      - seccomp:unconfined
-
-
-  archivebox:
-    image: ${DOCKER_IMAGE:-archivebox/archivebox:master}
-    container_name: archivebox
-    command: server --quick-init 0.0.0.0:8000
-    environment:
-      - VIRTUAL_PORT=8000
-      - VIRTUAL_HOST=${webarchive_domain_list}
-      - LETSENCRYPT_HOST=${webarchive_domain_list}
-      - MEDIA_MAX_SIZE=750m
-      - SEARCH_BACKEND_ENGINE=sonic
-      - SEARCH_BACKEND_HOST_NAME=sonic
-      - SEARCH_BACKEND_PASSWORD=${pw_sonic}
-    volumes:
-      - ./.data/archivebox:/data
-    networks:
-      - proxy
-      - archivebox
-
-  sonic:
-    image: valeriansaliou/sonic:v1.3.0
-    container_name: sonic
-    expose:
-      - 1491
-    environment:
-      - SEARCH_BACKEND_PASSWORD=${pw_sonic}
-    volumes:
-      - ./sonic.cfg:/etc/sonic.cfg:ro
-      - sonic:/var/lib/sonic/store
-    networks:
-      - archivebox
-
-####################################3
-## nginx proxy
-
   nginx-proxy:
-    image: nginxproxy/nginx-proxy
+    image: ${stashapp_rproxy_image}
     container_name: nginx-proxy
     restart: always
     ports:
@@ -104,9 +30,8 @@ services:
       - /var/run/docker.sock:/tmp/docker.sock:ro
     networks:
       - proxy
-
   letsencrypt-companion:
-    image: nginxproxy/acme-companion
+    image: ${stashapp_acme_image}
     container_name: acme-companion
     restart: always
     volumes:
@@ -119,3 +44,74 @@ services:
       - proxy
     depends_on:
       - nginx-proxy
+  trilium:
+    image: ${stashapp_trilium_image}
+    container_name: trilium
+    restart: always
+    environment:                    
+      - VIRTUAL_PORT=8080
+      - VIRTUAL_HOST="${notes_domain},www.${notes_domain}"
+      - LETSENCRYPT_HOST="${notes_domain},www.${notes_domain}"
+      - TRILIUM_DATA_DIR=/home/node/data
+    volumes:
+      - ./.data/trilium:/home/node/data
+    networks:
+      - proxy
+
+  filestash:
+    image: ${stashapp_filestash_image}
+    container_name: filestash
+    restart: always
+    environment:
+      - VIRTUAL_PORT=8334
+      - VIRTUAL_HOST=${browse_domain}
+      - LETSENCRYPT_HOST=${browse_domain}
+      - APPLICATION_URL=${browse_domain}
+      - ONLYOFFICE_URL=http://onlyoffice
+    volumes:
+      - .data/filestash:/app/data
+    networks:
+      - proxy
+      - onlyoffice
+
+  onlyoffice:
+    image: ${stashapp_onlyoffice_image}
+    container_name: onlyoffice
+    restart: always
+    networks:
+      - onlyoffice
+    security_opt:
+      - seccomp:unconfined
+
+
+  archivebox:
+    image: ${stashapp_archivebox_image}
+    container_name: archivebox
+    command: server --quick-init 0.0.0.0:8000
+    environment:
+      - VIRTUAL_PORT=8000
+      - VIRTUAL_HOST="${clippings_domain},www.${clippings_domain}"
+      - LETSENCRYPT_HOST="${clippings_domain},www.${clippings_domain}"
+      - MEDIA_MAX_SIZE=750m
+      - SEARCH_BACKEND_ENGINE=sonic
+      - SEARCH_BACKEND_HOST_NAME=sonic
+      - SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw}
+    volumes:
+      - ./.data/archivebox:/data
+    networks:
+      - proxy
+      - archivebox
+
+  sonic:
+    image: ${stashapp_sonic_image}
+    container_name: sonic
+    expose:
+      - 1491
+    environment:
+      - SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw}
+    volumes:
+      - ./sonic.cfg:/etc/sonic.cfg:ro
+      - sonic:/var/lib/sonic/store
+    networks:
+      - archivebox
+

vhost.d/default

@@ -1,10 +0,0 @@
-## Start of configuration add by letsencrypt container
-location ^~ /.well-known/acme-challenge/ {
-    auth_basic off;
-    auth_request off;
-    allow all;
-    root /usr/share/nginx/html;
-    try_files $uri =404;
-    break;
-}
-## End of configuration add by letsencrypt container

vhost.d/othonotes.com

@@ -1,11 +0,0 @@
-## Start of configuration add by letsencrypt container
-location ^~ /.well-known/acme-challenge/ {
-    auth_basic off;
-    auth_request off;
-    allow all;
-    root /usr/share/nginx/html;
-    try_files $uri =404;
-    break;
-}
-## End of configuration add by letsencrypt container
-#client_max_body_size 10G

vhost.d/www.othonotes.com

@@ -1,11 +0,0 @@
-## Start of configuration add by letsencrypt container
-location ^~ /.well-known/acme-challenge/ {
-    auth_basic off;
-    auth_request off;
-    allow all;
-    root /usr/share/nginx/html;
-    try_files $uri =404;
-    break;
-}
-## End of configuration add by letsencrypt container
-#client_max_body_size 10G

vm-setup.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+
+## For FreeBSD with vm-bhyve and ZFS.
+
+zfs create data/vm
+vm datastore add stashvm zfs:data/vm
+vm create -d stashvm -t alpine -s 1T -m 8G -c 2 stashapp
+## Add `vm_list="stashapp"` to rc.conf.
+
+vm switch create feed
+vm switch add feed re1
+## Update network in /data/vm/stashapp/stashapp.conf
+
+## Change disk type to "nvme" in stashapp.conf
+
+vm install stashapp /zroot/vm/.iso/alpine-standard-3.19.1-x86_64.iso
+vm console stashapp
+