Compare commits

..

No commits in common. "29ba3f00716363166035a8d45ac10f13ce92e58a" and "5a5b3f35e34caccae5fbe0d3beccc63664d8f42b" have entirely different histories.

11 changed files with 135 additions and 319 deletions

View File

@ -1,65 +0,0 @@
resolver="1.1.1.1"
gitlab_url="https://gitlab.com"
gitlab_api_key="xxx"
gitlab_user="xxx"
namecheap_user="xxx"
namecheap_api_key="xxx"
namecheap_sandbox_mode="false"
stashbox_project_id=1
stashbox_domain="web.stashbox"
stashbox_plex_domain="plex.stashbox"
stashbox_web_ip="fe80::dad:db"
stashbox_rpx_ip="fe80::dad:feed"
stashbox_ip4_ext="0.0.0.0"
stashbox_ip4_int="127.0.0.1"
stashbox_stash_root="/data"
stashbox_webdoc_root="/data/documents/web/stashbox"
stashbox_webtheme_root="/data/documents/web/stashbox/theme"
stashapp_project_id=2
stashapp_domain="app.stashbox"
stashapp_notes_domain="notes.stashbox"
stashapp_filestash_domain="browse.stashbox"
stashapp_archivebox_domain="clippings.stashbox"
stashapp_ip="fe80::dad:beef"
stashapp_ip4_ext="$stashbox_ip4_ext"
stashapp_ip4_int="$stashbox_ip4_int"
stashapp_sonic_pw="xxx"
stashapp_trilium_image="zadam/trilium"
stashapp_archivebox_image="archivebox/archivebox:master"
stashapp_filestash_image="machines/filestash"
stashapp_onlyoffice_image="onlyoffice/documentserver"
stashapp_sonic_image="valeriansaliou/sonic:v1.3.0"
stashapp_proxy_image="nginxproxy/nginx-proxy"
stashapp_acme_image="nginxproxy/acme-companion"
export NAMECHEAP_USER_NAME="$namecheap_user"
export NAMECHEAP_API_USER="$namecheap_user"
export NAMECHEAP_API_KEY="$namecheap_api_key"
export NAMECHEAP_USE_SANDBOX="$namecheap_sandbox_mode"
export TF_HTTP_USERNAME="$gitlab_user"
export TF_HTTP_PASSWORD="$gitlab_api_key"
export TF_HTTP_ADDRESS="$gitlab_url/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$GITLAB_PROJECT_SLUG"
export TF_HTTP_LOCK_ADDRESS="$gitlab_url/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$GITLAB_PROJECT_SLUG/lock"
export TF_HTTP_UNLOCK_ADDRESS="$gitlab_url/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$GITLAB_PROJECT_SLUG/lock"
export TF_HTTP_LOCK_METHOD="POST"
export TF_HTTP_UNLOCK_METHOD="DELETE"
export TF_HTTP_RETRY_WAIT_MIN="5"
export TF_VAR_stashbox_domain="$stashbox_domain"
export TF_VAR_stashbox_web_addr="$stashbox_web_ip"
export TF_VAR_stashbox_feed_addr="$stashbox_rpx_ip"
export TF_VAR_stashapp_addr="$stashapp_ip"
export TF_VAR_stashbox_ip4_ext="$stashapp_ip4_ext"
export TF_VAR_stashapp_domain="$stashapp_domain"
export TF_VAR_stashapp_notes_domain="$stashapp_notes_domain"

1
.gitignore vendored
View File

@ -4,4 +4,3 @@ vhost.d
.env
.cache
.terraform.lock.hcl
alpine.answers

View File

@ -1,82 +0,0 @@
---
version: '3'
silent: false
vars:
CONFIG_PATHS: |
/zroot/vm/.templates/alpine.conf
SERVICES: "haproxy apache24 nginx plexmediaserver"
SERVICE_PORTS: 80 443 22 32400
command: 'echo $(whoami)@$(hostname -f)'
dotenv:
- .env
env:
GITLAB_PROJECT_ID: '{{ .stashapp_project_id }}'
GITLAB_PROJECT_SLUG: stashapp
tasks:
default:
- task: services
run: ssh -tt "$stashapp_domain" '{{.command}}'
run-root: ssh -qtt "$stashapp_domain" 'su -l root -c "{{.command}}"'
host-run: ssh -tt "$stashbox_domain" '{{.command}}'
host-run-root: ssh -qtt "$stashbox_domain" 'su -l root -c "{{.command}}"'
exec:
- task: run
vars:
command: "{{.CLI_ARGS}}"
exec-root:
- task: run-root
vars:
command: "{{.CLI_ARGS}}"
exec-host:
- task: host-run
vars:
command: "{{.CLI_ARGS}}"
exec-host-root:
- task: host-run-root
vars:
command: "{{.CLI_ARGS}}"
services:
- task: run
vars:
command: docker ps
host-services:
- task: host-run-root
vars:
command: vm list
# Terraform
plan:
- task: tf
vars:
CLI_ARGS: plan
apply:
- task: tf
vars:
CLI_ARGS: apply
tf: source .env; terraform init; terraform {{.CLI_ARGS}}
# Utilities
printenv: source .env; printenv
path-update: echo scp "{{.local_path}}" "$stashapp_domain:{{.remote_path}}"
path-backup: scp "$stashapp_domain:{{.remote_path}}" "./.$(basename {{.remote_path}})-$(date +%s)" || echo "No file found."
path-diff:
- task: path-backup
vars:
remote_path: "{{.remote_path}}"
- diff "$(ls -c .$(basename {{.remote_path}})-*|head -n1)" "$(basename {{.remote_path}})" || [ "$?" == "1" ]
safe-update:
- task: path-backup
vars:
remote_path: "{{.remote_path}}"
- echo scp "$(basename {{.remote_path}})" "$stashapp_domain:{{.remote_path}}"
- task: path-diff
vars:
remote_path: "{{.remote_path}}"

View File

@ -1,11 +0,0 @@
loader="grub"
cpu=2
memory=8G
network0_type="virtio-net"
network0_switch="feed"
disk0_type="nvme"
disk0_name="disk0.img"
grub_install0="linux /boot/vmlinuz-lts initrd=/boot/initramfs-lts alpine_dev=cdrom:iso9660 modules=loop,squashfs,sd-mod,usb-storage,sr-mod"
grub_install1="initrd /boot/initramfs-lts"
grub_run0="linux /boot/vmlinuz-lts root=/dev/vda3 modules=ext4"
grub_run1="initrd /boot/initramfs-lts"

View File

@ -1,14 +0,0 @@
#!/usr/bin/env bash
cp /etc/apk/repositories /root/repositories.backup
sed 's/^#\(.\+v3.19/community\)$/\1/' /etc/apk/repositories > /root/repositories.edited
chmod 644 /root/repositories.edited
mv /root/repositories.edited /etc/apk/repositories
apk add --update \
git \
docker \
docker-compose
service docker start
rc-update add docker boot

81
dns.tf
View File

@ -6,77 +6,48 @@ terraform {
}
}
backend "http" {}
backend "http" {
address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app"
lock_address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock"
unlock_address = "https://asciireactor.com/api/v4/projects/131/terraform/state/library-app/lock"
lock_method = "POST"
unlock_method = "DELETE"
retry_wait_min = 5
}
}
provider "namecheap" {}
variable "stashbox_ip4_ext" {
variable "host-rproxy" {
type = string
default = "0.0.0.0"
default = "rprxy.saline.o4data.net."
}
variable "stashbox_domain" {
type = string
default = "web.stash"
}
variable "stashapp_addr" {
type = string
default = "::2"
}
variable "stashapp_domain" {
type = string
default = "app.stash"
}
variable "stashapp_notes_domain" {
type = string
default = "notes.stash"
}
resource "namecheap_domain_records" "stash" {
domain = var.stashbox_domain
resource "namecheap_domain_records" "othonotes" {
domain = "othonotes.com"
record {
hostname = "app"
address = var.stashapp_addr
type = "AAAA"
ttl = 1799
hostname = "@"
address = var.host-rproxy
type = "ALIAS"
ttl = 300
}
record {
hostname = "app"
address = var.stashbox_ip4_ext
type = "A"
ttl = 1799
hostname = "www"
address = "othonotes.com."
type = "CNAME"
}
}
resource "namecheap_domain_records" "othostash" {
domain = "othostash.com"
record {
hostname = "clippings"
address = var.stashapp_domain
hostname = "websites"
address = var.host-rproxy
type = "CNAME"
}
record {
hostname = "browse"
address = var.stashapp_domain
address = var.host-rproxy
type = "CNAME"
}
}
# resource "namecheap_domain_records" "notes" {
# domain = var.stashapp_notes_domain
# record {
# hostname = "www"
# address = var.stashapp_addr
# type = "AAAA"
# }
# record {
# hostname = "www"
# address = var.stashbox_ip4_ext
# type = "A"
# }
# record {
# hostname = "@"
# type = "CNAME"
# address = "www.${var.stashapp_notes_domain}"
# }
# }

View File

@ -14,8 +14,82 @@ networks:
external: false
services:
trilium:
image: zadam/trilium
container_name: trilium
restart: always
environment:
- VIRTUAL_PORT=8080
- VIRTUAL_HOST=${notebook_domain_list}
- LETSENCRYPT_HOST=${notebook_domain_list}
- TRILIUM_DATA_DIR=/home/node/data
volumes:
- ./.data/trilium:/home/node/data
networks:
- proxy
filestash:
container_name: filestash
image: machines/filestash
restart: always
environment:
- VIRTUAL_PORT=8334
- VIRTUAL_HOST=${filemanager_domain}
- LETSENCRYPT_HOST=${filemanager_domain}
- APPLICATION_URL=${filemanager_domain}
- ONLYOFFICE_URL=http://onlyoffice
volumes:
- .data/filestash:/app/data
networks:
- proxy
- onlyoffice
onlyoffice:
container_name: onlyoffice
image: onlyoffice/documentserver
restart: always
networks:
- onlyoffice
security_opt:
- seccomp:unconfined
archivebox:
image: ${DOCKER_IMAGE:-archivebox/archivebox:master}
container_name: archivebox
command: server --quick-init 0.0.0.0:8000
environment:
- VIRTUAL_PORT=8000
- VIRTUAL_HOST=${webarchive_domain_list}
- LETSENCRYPT_HOST=${webarchive_domain_list}
- MEDIA_MAX_SIZE=750m
- SEARCH_BACKEND_ENGINE=sonic
- SEARCH_BACKEND_HOST_NAME=sonic
- SEARCH_BACKEND_PASSWORD=${pw_sonic}
volumes:
- ./.data/archivebox:/data
networks:
- proxy
- archivebox
sonic:
image: valeriansaliou/sonic:v1.3.0
container_name: sonic
expose:
- 1491
environment:
- SEARCH_BACKEND_PASSWORD=${pw_sonic}
volumes:
- ./sonic.cfg:/etc/sonic.cfg:ro
- sonic:/var/lib/sonic/store
networks:
- archivebox
####################################3
## nginx proxy
nginx-proxy:
image: ${stashapp_proxy_image}
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
restart: always
ports:
@ -30,8 +104,9 @@ services:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy
letsencrypt-companion:
image: ${stashapp_acme_image}
image: nginxproxy/acme-companion
container_name: acme-companion
restart: always
volumes:
@ -44,74 +119,3 @@ services:
- proxy
depends_on:
- nginx-proxy
trilium:
image: ${stashapp_trilium_image}
container_name: trilium
restart: always
environment:
- VIRTUAL_PORT=8080
- VIRTUAL_HOST=${stashapp_notes_domain},www.${stashapp_notes_domain}
- LETSENCRYPT_HOST=${stashapp_notes_domain},www.${stashapp_notes_domain}
- TRILIUM_DATA_DIR=/home/node/data
volumes:
- ./.data/trilium:/home/node/data
networks:
- proxy
filestash:
image: ${stashapp_filestash_image}
container_name: filestash
restart: always
environment:
- VIRTUAL_PORT=8334
- VIRTUAL_HOST=${stashapp_filestash_domain}
- LETSENCRYPT_HOST=${stashapp_filestash_domain}
- APPLICATION_URL=${stashapp_filestash_domain}
- ONLYOFFICE_URL=http://onlyoffice
volumes:
- .data/filestash:/app/data
networks:
- proxy
- onlyoffice
onlyoffice:
image: ${stashapp_onlyoffice_image}
container_name: onlyoffice
restart: always
networks:
- onlyoffice
security_opt:
- seccomp:unconfined
archivebox:
image: ${stashapp_archivebox_image}
container_name: archivebox
command: server --quick-init 0.0.0.0:8000
environment:
- VIRTUAL_PORT=8000
- VIRTUAL_HOST=${stashapp_archivebox_domain}
- LETSENCRYPT_HOST=${stashapp_archivebox_domain}
- MEDIA_MAX_SIZE=750m
- SEARCH_BACKEND_ENGINE=sonic
- SEARCH_BACKEND_HOST_NAME=sonic
- SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw}
volumes:
- ./.data/archivebox:/data
networks:
- proxy
- archivebox
sonic:
image: ${stashapp_sonic_image}
container_name: sonic
expose:
- 1491
environment:
- SEARCH_BACKEND_PASSWORD=${stashapp_sonic_pw}
volumes:
- ./sonic.cfg:/etc/sonic.cfg:ro
- sonic:/var/lib/sonic/store
networks:
- archivebox

10
vhost.d/default Normal file
View File

@ -0,0 +1,10 @@
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container

11
vhost.d/othonotes.com Normal file
View File

@ -0,0 +1,11 @@
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
#client_max_body_size 10G

11
vhost.d/www.othonotes.com Normal file
View File

@ -0,0 +1,11 @@
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
#client_max_body_size 10G

View File

@ -1,18 +0,0 @@
#!/usr/bin/env sh
## For FreeBSD with vm-bhyve and ZFS.
zfs create data/vm
vm datastore add stashvm zfs:data/vm
vm create -d stashvm -t alpine -s 1T -m 8G -c 2 stashapp
## Add `vm_list="stashapp"` to rc.conf.
vm switch create feed
vm switch add feed re1
## Update network in /data/vm/stashapp/stashapp.conf
## Change disk type to "nvme" in stashapp.conf
vm install stashapp /zroot/vm/.iso/alpine-standard-3.19.1-x86_64.iso
vm console stashapp