composes from root, going to fix secrets generator

2025-02-28 19:50:13 -05:00 · 2025-02-28 19:50:13 -05:00 · 905bd0b3a9
commit 905bd0b3a9
parent 90a4b48699
13 changed files with 143 additions and 166 deletions
--- a/bin/init.py
+++ b/bin/init.py
@ -55,29 +55,6 @@ def get_var(key):
            if confirm in ["y", "Y"]:
                return user_input

-def gen_sql_user(username, password, *databases):
-    """gen_sql_user creates the sql queries to add a user and db with perms"""
-
-    sql = f"CREATE USER IF NOT EXISTS {username} IDENTIFIED BY '{password}';\n"
-    for db in databases:
-        sql += f"CREATE DATABASE {db};\n"
-        sql += f"GRANT ALL PRIVILEGES ON {db} TO {username};\n"
-
-    print(sql)
-
-    return sql
-
-def gen_sql(sql):
-    """gen_sql creates an init.sql file to be run by the database on first launch"""
-
-    if sql == "":
-        return
-
-    subprocess.run(["mkdir", "-p", "mariadb/priv/initdb.d"])
-    f = open(f"mariadb/priv/initdb.d/init.sql", 'w')
-    f.write(sql)
-    f.close()
-
 def parse_env(env_file):
    """parse_env returns a dictionary of env vars parsed from the base file

@ -124,13 +101,9 @@ def config_service(service, force=False):
    :force: is an optional parameter to overwrite existing file
        default is False
    """
-    # setup directories
-
+    # setup directory
    subprocess.run(["mkdir", "-p", f"{service}/priv"])
-    priv_file = f"{service}/.env"
-
-
-
+    priv_file = f"{service}/priv/env"

    # prevent overwrite
    if os.path.isfile(priv_file) and not force:
@ -158,22 +131,6 @@ def main():
    for service in args.service:
        print(f"\nsetting up {service}...")
        c = config_service(service, args.force)
-        # create mariadb users/dbs
-        if service == "gitea":
-            username = c["GITEA__database__USER"]
-            password = c["GITEA__database__PASSWD"]
-            db = c["GITEA__database__NAME"]
-            sql += gen_sql_user(username, password, db)
-        elif service == "seafile":
-            username = c["SEAFILE_MYSQL_DB_USER"]
-            password = c["SEAFILE_MYSQL_DB_PASSWORD"]
-            dbs = ["ccnet_db", "seafile_db", "seahub_db"]
-            sql += gen_sql_user(username, password, *dbs)
-
-    gen_sql(sql)
-    # finalize sql
-    print("running mariadb to initialize users/dbs. Ctrl+c to cancel after database is setup")
-    subprocess.run(["docker", "compose", "-f", f"mariadb/compose.yml", "up"])

    print("success")

--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@ -7,12 +7,12 @@ seafile.keegandeppe.com {
 	reverse_proxy seafile
 }

-sea_noti.keegandeppe.com {
-	reverse_proxy seafile
+git.keegandeppe.com {
+	reverse_proxy gitea:3000
 }

-git.keegandeppe.com {
-	reverse_proxy gitea
+cal.keegandeppe.com {
+	reverse_proxy radicale:5232
 }

 resume.noa.fish {
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@ -9,15 +9,15 @@ services:
      - "443:443"
      - "443:443/udp"
    networks:
-      caddy-net
+      - caddy
    volumes:
-      - Caddyfile:/etc/caddy/Caddyfile
-      - website/public:/srv/keegan
-      - fish:/srv/fish
-      - volumes/data:/data
-      - volumes/config:/config
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./website/public:/srv/keegan
+      - ./fish:/srv/fish
+      - ./volumes/data:/data
+      - ./volumes/config:/config
  
 networks:
-  caddy-net:
+  caddy:
    external: false
    driver: bridge
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,18 +1,14 @@
 include:
  - gitea/docker-compose.yml
  - seafile/docker-compose.yml
-  - mariadb/docker-compose.yml
  - caddy/docker-compose.yml
+  - radicale/docker-compose.yml

-networks:
-  gitea-net:
-    external: false
-  seafile-net:
-    external: false
-  caddy:
-    external: false
-    driver: bridge
-  # auth:
-  #   external: true
-  postgres:
-    external: false
+# networks:
+#   caddy:
+#     external: false
+#     driver: bridge
+#   # auth:
+#   #   external: true
+#   postgres:
+#     external: false
--- a/2
+++ b/2
@ -1,2 +0,0 @@
-## Global Settings
-TIME_ZONE="America/New_York"
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -1,29 +1,40 @@
 services:

  gitea:
-    image: gitea/gitea:latest-rootless
+    image: gitea/gitea:1.23
    restart: unless-stopped
    env_file: "priv/env"
+    environment:
+      - USER_UID=106
+      - USER_GID=112
    networks:
-      - gitea-net
-      - caddy-net
+      - gitea
+      - caddy
    volumes:
-      - ./volumes/gitea/data:/var/lib/gitea
-      - ./volumes/gitea/config:/etc/gitea
+      - ./volumes/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
        # allows ssh pushing via locally stored keys
      - /home/git/.ssh:/data/git/.ssh
-    ports:
-      - "127.0.0.1:2222:22"
+        # ports:
+      # - "127.0.0.1:2222:22"
+      # - "3000:3000"
    depends_on:
-      db:
-        condition: service_healthy
+      - postgres-gitea
+
+  postgres-gitea:
+    image: postgres:17
+    restart: always
+    env_file: "priv/env"
+    networks:
+      - gitea
+    volumes:
+      - ./volumes/postgres:/var/lib/postgresql/data

 networks:
-  gitea-net:
+  gitea:
    external: false
-  caddy-net:
+  caddy:
    external: false
    driver: bridge

--- a/gitea/env
+++ b/gitea/env
@ -1,6 +1,11 @@
 ## Gitea Settings
-GITEA__database__DB_TYPE="mysql"
-GITEA__database__HOST="mariadb"
+GITEA__database__DB_TYPE="postgres"
+GITEA__database__HOST="postgres-gitea"
 GITEA__database__NAME="gitea"
 GITEA__database__USER="gitea"
 GITEA__database__PASSWD=""
+
+## Postgresql Settings
+POSTGRES_USER="$GITEA__database__USER"
+POSTGRES_PASSWORD="$GITEA__database__PASSWD"
+POSTGRES_DB="$GITEA__database__NAME"
--- a/mariadb/docker-compose.yml
+++ b/mariadb/docker-compose.yml
@ -1,30 +0,0 @@
-services:
-  mariadb:
-    image: mariadb:10.11
-    container_name: mariadb
-    env_file: "priv/env"
-    volumes:
-      - ./volumes/mariadb/db:/var/lib/mysql
-      - ./priv/initdb.d:/config/initdb.d
-    networks:
-      - gitea-net
-      - seafile-net
-    healthcheck:
-      test:
-        [
-          "CMD",
-          "/usr/local/bin/healthcheck.sh",
-          "--connect",
-          "--mariadbupgrade",
-          "--innodb_initialized",
-        ]
-      interval: 20s
-      start_period: 30s
-      timeout: 5s
-      retries: 10
-
-networks:
-  gitea-net:
-    external: false
-  seafile-net:
-    external: false
--- a/mariadb/env
+++ b/mariadb/env
@ -1,4 +0,0 @@
-## Mariadb Settings
-MYSQL_ROOT_PASSWORD=""
-MYSQL_LOG_CONSOLE="true"
-MARIADB_AUTO_UPGRADE=1
--- a/radicale/docker-compose.yml
+++ b/radicale/docker-compose.yml
@ -0,0 +1,26 @@
+services:
+  radicale:
+    image: tomsquest/docker-radicale
+    container_name: radicale
+    restart: unless-stopped
+    init: true
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - CHOWN
+      - KILL
+    volumes:
+      - ./volumes/data:/data
+      - ./volumes/config:/config:ro
+    networks:
+      - caddy
+
+networks:
+  caddy:
+    external: false
+    driver: bridge
--- a/readme.md
+++ b/readme.md
@ -2,5 +2,5 @@

 Originally I was going to use a single main database container and build everything off of that.
 But you know what, this ends up being far more trouble than it seems to be worth.
-If performance becomes an issue, I will revert back to this commit but for now, goodnight my sweet prince.

+So instead I will couple each service with its own database and write environment vars there
--- a/seafile/docker-compose.yml
+++ b/seafile/docker-compose.yml
@ -1,62 +1,54 @@
 services:
+  mariadb:
+    image: mariadb:10.11
+    container_name: mariadb
+    env_file: "priv/env"
+    volumes:
+      - ./volumes/mariadb/db:/var/lib/mysql
+    networks:
+      - seafile
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "/usr/local/bin/healthcheck.sh",
+          "--connect",
+          "--mariadbupgrade",
+          "--innodb_initialized",
+        ]
+      interval: 20s
+      start_period: 30s
+      timeout: 5s
+      retries: 10
+
  memcached:
    image: memcached:1.6.29
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
-      - seafile-net
-
-  # notification-server:
-  #   image: seafileltd/notification-server:12.0-latest
-  #   container_name: seafile-notification-server
-  #   restart: unless-stopped
-  #   volumes:
-  #     - volumes/seafile/noti:/shared
-  #   environment:
-  #     - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
-  #     - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
-  #     - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
-  #     - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
-  #     - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
-  #     - JWT_PRIVATE_KEY=${SEAFILE_JWT_PRIVATE_KEY:?Variable is not set or empty}
-  #     - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
-  #     - NOTIFICATION_SERVER_LOG_LEVEL=${NOTIFICATION_SERVER_LOG_LEVEL:-info}
-  #   labels:
-  #     caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
-  #     caddy.@ws.0_header: "Connection *Upgrade*"
-  #     caddy.@ws.1_header: "Upgrade websocket"
-  #     caddy.0_reverse_proxy: "@ws {{upstreams 8083}}"
-  #     caddy.1_handle_path: "/notification*"
-  #     caddy.1_handle_path.0_rewrite: "* {uri}"
-  #     caddy.1_handle_path.1_reverse_proxy: "{{upstreams 8083}}"
-  #   depends_on:
-  #     db:
-  #       condition: service_healthy
-  #   networks:
-  #     - seafile-net
+      - seafile
          
  seafile:
    image: seafileltd/seafile-mc:12.0-latest
    container_name: seafile
    volumes:
-      # - /opt/seafile-mysql:/shared
-      - seafile-vol:/shared
+      - ./volumes/seafile:/shared
    env_file: "priv/env"
    depends_on:
-      db:
+      mariadb:
        condition: service_healthy
      memcached:
        condition: service_started
+    labels:
+      caddy: "https://seafile.keegandeppe.com"
+      caddy.reverse_proxy: "{{upstreams 80}}"
    networks:
-      - seafile-net
-      - caddy-net
-
-volumes:
-  seafile-vol:
+      - seafile
+      - caddy

 networks:
-  seafile-net:
+  seafile:
    external: false
-  caddy-net:
+  caddy:
    external: false
    driver: bridge
--- a/seafile/env
+++ b/seafile/env
@ -1,20 +1,46 @@
+## Mariadb Settings
+MYSQL_ROOT_PASSWORD=""
+MYSQL_LOG_CONSOLE="true"
+MARIADB_AUTO_UPGRADE=1
+
 ## Seafile Settings
 # COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'
 # COMPOSE_PATH_SEPARATOR=','

-SEAFILE_VOLUME=volume/seafile/data
-SEAFILE_CADDY_VOLUME=volume/caddy/data
+TIME_ZONE="America/New_York"

-SEAFILE_MYSQL_DB_HOST="mariadb"
-SEAFILE_MYSQL_DB_USER="seafile"
-SEAFILE_MYSQL_DB_PASSWORD=""
+SEAFILE_VOLUME="volumes/seafile/data"
+SEAFILE_CADDY_VOLUME="volumes/caddy/data"

-SEAFILE_JWT_PRIVATE_KEY=""
+DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD"
+DB_HOST="mariadb"
+DB_USER="seafile"
+DB_PASSWORD=""
+
+JWT_PRIVATE_KEY=""

-SEAFILE_SERVER_HOSTNAME=""
 SEAFILE_SERVER_PROTOCOL="https"
+SEAFILE_SERVER_HOSTNAME=""

 INIT_SEAFILE_ADMIN_EMAIL=""
 INIT_SEAFILE_ADMIN_PASSWORD=""

 ENABLE_SEADOC=false
+
+# SEAFILE_VOLUME="volumes/seafile/data"
+# SEAFILE_CADDY_VOLUME="volumes/caddy/data"
+
+# DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD"
+# SEAFILE_MYSQL_DB_HOST="mariadb"
+# SEAFILE_MYSQL_DB_USER="seafile"
+# SEAFILE_MYSQL_DB_PASSWORD=""
+
+# SEAFILE_JWT_PRIVATE_KEY=""
+
+# SEAFILE_SERVER_HOSTNAME=""
+# SEAFILE_SERVER_PROTOCOL="https"
+
+# INIT_SEAFILE_ADMIN_EMAIL=""
+# INIT_SEAFILE_ADMIN_PASSWORD=""
+
+# ENABLE_SEADOC=false