diff --git a/bin/init.py b/bin/init.py index 6907657..15b90e7 100755 --- a/bin/init.py +++ b/bin/init.py @@ -55,29 +55,6 @@ def get_var(key): if confirm in ["y", "Y"]: return user_input -def gen_sql_user(username, password, *databases): - """gen_sql_user creates the sql queries to add a user and db with perms""" - - sql = f"CREATE USER IF NOT EXISTS {username} IDENTIFIED BY '{password}';\n" - for db in databases: - sql += f"CREATE DATABASE {db};\n" - sql += f"GRANT ALL PRIVILEGES ON {db} TO {username};\n" - - print(sql) - - return sql - -def gen_sql(sql): - """gen_sql creates an init.sql file to be run by the database on first launch""" - - if sql == "": - return - - subprocess.run(["mkdir", "-p", "mariadb/priv/initdb.d"]) - f = open(f"mariadb/priv/initdb.d/init.sql", 'w') - f.write(sql) - f.close() - def parse_env(env_file): """parse_env returns a dictionary of env vars parsed from the base file @@ -124,13 +101,9 @@ def config_service(service, force=False): :force: is an optional parameter to overwrite existing file default is False """ - # setup directories - + # setup directory subprocess.run(["mkdir", "-p", f"{service}/priv"]) - priv_file = f"{service}/.env" - - - + priv_file = f"{service}/priv/env" # prevent overwrite if os.path.isfile(priv_file) and not force: @@ -158,22 +131,6 @@ def main(): for service in args.service: print(f"\nsetting up {service}...") c = config_service(service, args.force) - # create mariadb users/dbs - if service == "gitea": - username = c["GITEA__database__USER"] - password = c["GITEA__database__PASSWD"] - db = c["GITEA__database__NAME"] - sql += gen_sql_user(username, password, db) - elif service == "seafile": - username = c["SEAFILE_MYSQL_DB_USER"] - password = c["SEAFILE_MYSQL_DB_PASSWORD"] - dbs = ["ccnet_db", "seafile_db", "seahub_db"] - sql += gen_sql_user(username, password, *dbs) - - gen_sql(sql) - # finalize sql - print("running mariadb to initialize users/dbs. Ctrl+c to cancel after database is setup") - subprocess.run(["docker", "compose", "-f", f"mariadb/compose.yml", "up"]) print("success") diff --git a/caddy/Caddyfile b/caddy/Caddyfile index 3e31218..7ef2f96 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -7,12 +7,12 @@ seafile.keegandeppe.com { reverse_proxy seafile } -sea_noti.keegandeppe.com { - reverse_proxy seafile +git.keegandeppe.com { + reverse_proxy gitea:3000 } -git.keegandeppe.com { - reverse_proxy gitea +cal.keegandeppe.com { + reverse_proxy radicale:5232 } resume.noa.fish { diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml index 8067812..0bad524 100644 --- a/caddy/docker-compose.yml +++ b/caddy/docker-compose.yml @@ -9,15 +9,15 @@ services: - "443:443" - "443:443/udp" networks: - caddy-net + - caddy volumes: - - Caddyfile:/etc/caddy/Caddyfile - - website/public:/srv/keegan - - fish:/srv/fish - - volumes/data:/data - - volumes/config:/config + - ./Caddyfile:/etc/caddy/Caddyfile + - ./website/public:/srv/keegan + - ./fish:/srv/fish + - ./volumes/data:/data + - ./volumes/config:/config networks: - caddy-net: + caddy: external: false driver: bridge diff --git a/docker-compose.yml b/docker-compose.yml index 7811c22..cb31c0a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,18 +1,14 @@ include: - gitea/docker-compose.yml - seafile/docker-compose.yml - - mariadb/docker-compose.yml - caddy/docker-compose.yml + - radicale/docker-compose.yml -networks: - gitea-net: - external: false - seafile-net: - external: false - caddy: - external: false - driver: bridge - # auth: - # external: true - postgres: - external: false +# networks: +# caddy: +# external: false +# driver: bridge +# # auth: +# # external: true +# postgres: +# external: false diff --git a/env b/env deleted file mode 100644 index 0a110b1..0000000 --- a/env +++ /dev/null @@ -1,2 +0,0 @@ -## Global Settings -TIME_ZONE="America/New_York" diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 7b370c5..e3ed785 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,29 +1,40 @@ services: gitea: - image: gitea/gitea:latest-rootless + image: gitea/gitea:1.23 restart: unless-stopped env_file: "priv/env" + environment: + - USER_UID=106 + - USER_GID=112 networks: - - gitea-net - - caddy-net + - gitea + - caddy volumes: - - ./volumes/gitea/data:/var/lib/gitea - - ./volumes/gitea/config:/etc/gitea + - ./volumes/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro # allows ssh pushing via locally stored keys - /home/git/.ssh:/data/git/.ssh - ports: - - "127.0.0.1:2222:22" + # ports: + # - "127.0.0.1:2222:22" + # - "3000:3000" depends_on: - db: - condition: service_healthy + - postgres-gitea + + postgres-gitea: + image: postgres:17 + restart: always + env_file: "priv/env" + networks: + - gitea + volumes: + - ./volumes/postgres:/var/lib/postgresql/data networks: - gitea-net: + gitea: external: false - caddy-net: + caddy: external: false driver: bridge diff --git a/gitea/env b/gitea/env index ac19ebc..3e3fd30 100644 --- a/gitea/env +++ b/gitea/env @@ -1,6 +1,11 @@ ## Gitea Settings -GITEA__database__DB_TYPE="mysql" -GITEA__database__HOST="mariadb" +GITEA__database__DB_TYPE="postgres" +GITEA__database__HOST="postgres-gitea" GITEA__database__NAME="gitea" GITEA__database__USER="gitea" GITEA__database__PASSWD="" + +## Postgresql Settings +POSTGRES_USER="$GITEA__database__USER" +POSTGRES_PASSWORD="$GITEA__database__PASSWD" +POSTGRES_DB="$GITEA__database__NAME" diff --git a/mariadb/docker-compose.yml b/mariadb/docker-compose.yml deleted file mode 100644 index ab80d17..0000000 --- a/mariadb/docker-compose.yml +++ /dev/null @@ -1,30 +0,0 @@ -services: - mariadb: - image: mariadb:10.11 - container_name: mariadb - env_file: "priv/env" - volumes: - - ./volumes/mariadb/db:/var/lib/mysql - - ./priv/initdb.d:/config/initdb.d - networks: - - gitea-net - - seafile-net - healthcheck: - test: - [ - "CMD", - "/usr/local/bin/healthcheck.sh", - "--connect", - "--mariadbupgrade", - "--innodb_initialized", - ] - interval: 20s - start_period: 30s - timeout: 5s - retries: 10 - -networks: - gitea-net: - external: false - seafile-net: - external: false diff --git a/mariadb/env b/mariadb/env deleted file mode 100644 index 79b7448..0000000 --- a/mariadb/env +++ /dev/null @@ -1,4 +0,0 @@ -## Mariadb Settings -MYSQL_ROOT_PASSWORD="" -MYSQL_LOG_CONSOLE="true" -MARIADB_AUTO_UPGRADE=1 diff --git a/radicale/docker-compose.yml b/radicale/docker-compose.yml new file mode 100644 index 0000000..097d992 --- /dev/null +++ b/radicale/docker-compose.yml @@ -0,0 +1,26 @@ +services: + radicale: + image: tomsquest/docker-radicale + container_name: radicale + restart: unless-stopped + init: true + read_only: true + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - SETUID + - SETGID + - CHOWN + - KILL + volumes: + - ./volumes/data:/data + - ./volumes/config:/config:ro + networks: + - caddy + +networks: + caddy: + external: false + driver: bridge diff --git a/readme.md b/readme.md index 0e2ae99..bab113b 100644 --- a/readme.md +++ b/readme.md @@ -2,5 +2,5 @@ Originally I was going to use a single main database container and build everything off of that. But you know what, this ends up being far more trouble than it seems to be worth. -If performance becomes an issue, I will revert back to this commit but for now, goodnight my sweet prince. +So instead I will couple each service with its own database and write environment vars there diff --git a/seafile/docker-compose.yml b/seafile/docker-compose.yml index ff6fd6f..2d81ae3 100644 --- a/seafile/docker-compose.yml +++ b/seafile/docker-compose.yml @@ -1,62 +1,54 @@ services: + mariadb: + image: mariadb:10.11 + container_name: mariadb + env_file: "priv/env" + volumes: + - ./volumes/mariadb/db:/var/lib/mysql + networks: + - seafile + healthcheck: + test: + [ + "CMD", + "/usr/local/bin/healthcheck.sh", + "--connect", + "--mariadbupgrade", + "--innodb_initialized", + ] + interval: 20s + start_period: 30s + timeout: 5s + retries: 10 + memcached: image: memcached:1.6.29 container_name: seafile-memcached entrypoint: memcached -m 256 networks: - - seafile-net - - # notification-server: - # image: seafileltd/notification-server:12.0-latest - # container_name: seafile-notification-server - # restart: unless-stopped - # volumes: - # - volumes/seafile/noti:/shared - # environment: - # - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db} - # - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile} - # - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty} - # - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db} - # - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db} - # - JWT_PRIVATE_KEY=${SEAFILE_JWT_PRIVATE_KEY:?Variable is not set or empty} - # - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false} - # - NOTIFICATION_SERVER_LOG_LEVEL=${NOTIFICATION_SERVER_LOG_LEVEL:-info} - # labels: - # caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} - # caddy.@ws.0_header: "Connection *Upgrade*" - # caddy.@ws.1_header: "Upgrade websocket" - # caddy.0_reverse_proxy: "@ws {{upstreams 8083}}" - # caddy.1_handle_path: "/notification*" - # caddy.1_handle_path.0_rewrite: "* {uri}" - # caddy.1_handle_path.1_reverse_proxy: "{{upstreams 8083}}" - # depends_on: - # db: - # condition: service_healthy - # networks: - # - seafile-net + - seafile seafile: image: seafileltd/seafile-mc:12.0-latest container_name: seafile volumes: - # - /opt/seafile-mysql:/shared - - seafile-vol:/shared + - ./volumes/seafile:/shared env_file: "priv/env" depends_on: - db: + mariadb: condition: service_healthy memcached: condition: service_started + labels: + caddy: "https://seafile.keegandeppe.com" + caddy.reverse_proxy: "{{upstreams 80}}" networks: - - seafile-net - - caddy-net - -volumes: - seafile-vol: + - seafile + - caddy networks: - seafile-net: + seafile: external: false - caddy-net: + caddy: external: false driver: bridge diff --git a/seafile/env b/seafile/env index adc9614..e69d48a 100644 --- a/seafile/env +++ b/seafile/env @@ -1,20 +1,46 @@ +## Mariadb Settings +MYSQL_ROOT_PASSWORD="" +MYSQL_LOG_CONSOLE="true" +MARIADB_AUTO_UPGRADE=1 + ## Seafile Settings # COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml' # COMPOSE_PATH_SEPARATOR=',' -SEAFILE_VOLUME=volume/seafile/data -SEAFILE_CADDY_VOLUME=volume/caddy/data +TIME_ZONE="America/New_York" -SEAFILE_MYSQL_DB_HOST="mariadb" -SEAFILE_MYSQL_DB_USER="seafile" -SEAFILE_MYSQL_DB_PASSWORD="" +SEAFILE_VOLUME="volumes/seafile/data" +SEAFILE_CADDY_VOLUME="volumes/caddy/data" -SEAFILE_JWT_PRIVATE_KEY="" +DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD" +DB_HOST="mariadb" +DB_USER="seafile" +DB_PASSWORD="" + +JWT_PRIVATE_KEY="" -SEAFILE_SERVER_HOSTNAME="" SEAFILE_SERVER_PROTOCOL="https" +SEAFILE_SERVER_HOSTNAME="" INIT_SEAFILE_ADMIN_EMAIL="" INIT_SEAFILE_ADMIN_PASSWORD="" ENABLE_SEADOC=false + +# SEAFILE_VOLUME="volumes/seafile/data" +# SEAFILE_CADDY_VOLUME="volumes/caddy/data" + +# DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD" +# SEAFILE_MYSQL_DB_HOST="mariadb" +# SEAFILE_MYSQL_DB_USER="seafile" +# SEAFILE_MYSQL_DB_PASSWORD="" + +# SEAFILE_JWT_PRIVATE_KEY="" + +# SEAFILE_SERVER_HOSTNAME="" +# SEAFILE_SERVER_PROTOCOL="https" + +# INIT_SEAFILE_ADMIN_EMAIL="" +# INIT_SEAFILE_ADMIN_PASSWORD="" + +# ENABLE_SEADOC=false