kdeppe/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

composes from root, going to fix secrets generator

Browse Source
This commit is contained in:
spinach 2025-02-28 19:50:13 -05:00
parent 90a4b48699
commit 905bd0b3a9
13 changed files with 143 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
bin/init.py
View File

@ -55,29 +55,6 @@ def get_var(key):
if confirm in ["y", "Y"]: if confirm in ["y", "Y"]:
return user_input return user_input
def gen_sql_user(username, password, *databases):
"""gen_sql_user creates the sql queries to add a user and db with perms"""
sql = f"CREATE USER IF NOT EXISTS {username} IDENTIFIED BY '{password}';\n"
for db in databases:
sql += f"CREATE DATABASE {db};\n"
sql += f"GRANT ALL PRIVILEGES ON {db} TO {username};\n"
print(sql)
return sql
def gen_sql(sql):
"""gen_sql creates an init.sql file to be run by the database on first launch"""
if sql == "":
return
subprocess.run(["mkdir", "-p", "mariadb/priv/initdb.d"])
f = open(f"mariadb/priv/initdb.d/init.sql", 'w')
f.write(sql)
f.close()
def parse_env(env_file): def parse_env(env_file):
"""parse_env returns a dictionary of env vars parsed from the base file """parse_env returns a dictionary of env vars parsed from the base file
@ -124,13 +101,9 @@ def config_service(service, force=False):
:force: is an optional parameter to overwrite existing file :force: is an optional parameter to overwrite existing file
default is False default is False
""" """
# setup directories # setup directory
subprocess.run(["mkdir", "-p", f"{service}/priv"]) subprocess.run(["mkdir", "-p", f"{service}/priv"])
priv_file = f"{service}/.env" priv_file = f"{service}/priv/env"
# prevent overwrite # prevent overwrite
if os.path.isfile(priv_file) and not force: if os.path.isfile(priv_file) and not force:
@ -158,22 +131,6 @@ def main():
for service in args.service: for service in args.service:
print(f"\nsetting up {service}...") print(f"\nsetting up {service}...")
c = config_service(service, args.force) c = config_service(service, args.force)
# create mariadb users/dbs
if service == "gitea":
username = c["GITEA__database__USER"]
password = c["GITEA__database__PASSWD"]
db = c["GITEA__database__NAME"]
sql += gen_sql_user(username, password, db)
elif service == "seafile":
username = c["SEAFILE_MYSQL_DB_USER"]
password = c["SEAFILE_MYSQL_DB_PASSWORD"]
dbs = ["ccnet_db", "seafile_db", "seahub_db"]
sql += gen_sql_user(username, password, *dbs)
gen_sql(sql)
# finalize sql
print("running mariadb to initialize users/dbs. Ctrl+c to cancel after database is setup")
subprocess.run(["docker", "compose", "-f", f"mariadb/compose.yml", "up"])
print("success") print("success")

8
caddy/Caddyfile
View File

@ -7,12 +7,12 @@ seafile.keegandeppe.com {
reverse_proxy seafile reverse_proxy seafile
} }
sea_noti.keegandeppe.com { git.keegandeppe.com {
reverse_proxy seafile reverse_proxy gitea:3000
} }
git.keegandeppe.com { cal.keegandeppe.com {
reverse_proxy gitea reverse_proxy radicale:5232
} }
resume.noa.fish { resume.noa.fish {

14
caddy/docker-compose.yml
View File

@ -9,15 +9,15 @@ services:
- "443:443" - "443:443"
- "443:443/udp" - "443:443/udp"
networks: networks:
caddy-net - caddy
volumes: volumes:
- Caddyfile:/etc/caddy/Caddyfile - ./Caddyfile:/etc/caddy/Caddyfile
- website/public:/srv/keegan - ./website/public:/srv/keegan
- fish:/srv/fish - ./fish:/srv/fish
- volumes/data:/data - ./volumes/data:/data
- volumes/config:/config - ./volumes/config:/config
networks: networks:
caddy-net: caddy:
external: false external: false
driver: bridge driver: bridge

22
docker-compose.yml
View File

@ -1,18 +1,14 @@
include: include:
- gitea/docker-compose.yml - gitea/docker-compose.yml
- seafile/docker-compose.yml - seafile/docker-compose.yml
- mariadb/docker-compose.yml
- caddy/docker-compose.yml - caddy/docker-compose.yml
- radicale/docker-compose.yml
networks: # networks:
gitea-net: # caddy:
external: false # external: false
seafile-net: # driver: bridge
external: false # # auth:
caddy: # # external: true
external: false # postgres:
driver: bridge # external: false
# auth:
# external: true
postgres:
external: false

2
env
View File

@ -1,2 +0,0 @@
## Global Settings
TIME_ZONE="America/New_York"

33
gitea/docker-compose.yml
View File

@ -1,29 +1,40 @@
services: services:
gitea: gitea:
image: gitea/gitea:latest-rootless image: gitea/gitea:1.23
restart: unless-stopped restart: unless-stopped
env_file: "priv/env" env_file: "priv/env"
environment:
- USER_UID=106
- USER_GID=112
networks: networks:
- gitea-net - gitea
- caddy-net - caddy
volumes: volumes:
- ./volumes/gitea/data:/var/lib/gitea - ./volumes/gitea:/data
- ./volumes/gitea/config:/etc/gitea
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
# allows ssh pushing via locally stored keys # allows ssh pushing via locally stored keys
- /home/git/.ssh:/data/git/.ssh - /home/git/.ssh:/data/git/.ssh
ports: # ports:
- "127.0.0.1:2222:22" # - "127.0.0.1:2222:22"
# - "3000:3000"
depends_on: depends_on:
db: - postgres-gitea
condition: service_healthy
postgres-gitea:
image: postgres:17
restart: always
env_file: "priv/env"
networks:
- gitea
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
networks: networks:
gitea-net: gitea:
external: false external: false
caddy-net: caddy:
external: false external: false
driver: bridge driver: bridge

9
gitea/env
View File

@ -1,6 +1,11 @@
## Gitea Settings ## Gitea Settings
GITEA__database__DB_TYPE="mysql" GITEA__database__DB_TYPE="postgres"
GITEA__database__HOST="mariadb" GITEA__database__HOST="postgres-gitea"
GITEA__database__NAME="gitea" GITEA__database__NAME="gitea"
GITEA__database__USER="gitea" GITEA__database__USER="gitea"
GITEA__database__PASSWD="" GITEA__database__PASSWD=""
## Postgresql Settings
POSTGRES_USER="$GITEA__database__USER"
POSTGRES_PASSWORD="$GITEA__database__PASSWD"
POSTGRES_DB="$GITEA__database__NAME"

30
mariadb/docker-compose.yml
View File

@ -1,30 +0,0 @@
services:
mariadb:
image: mariadb:10.11
container_name: mariadb
env_file: "priv/env"
volumes:
- ./volumes/mariadb/db:/var/lib/mysql
- ./priv/initdb.d:/config/initdb.d
networks:
- gitea-net
- seafile-net
healthcheck:
test:
[
"CMD",
"/usr/local/bin/healthcheck.sh",
"--connect",
"--mariadbupgrade",
"--innodb_initialized",
]
interval: 20s
start_period: 30s
timeout: 5s
retries: 10
networks:
gitea-net:
external: false
seafile-net:
external: false

4
mariadb/env
View File

@ -1,4 +0,0 @@
## Mariadb Settings
MYSQL_ROOT_PASSWORD=""
MYSQL_LOG_CONSOLE="true"
MARIADB_AUTO_UPGRADE=1

26
radicale/docker-compose.yml Normal file
View File

@ -0,0 +1,26 @@
services:
radicale:
image: tomsquest/docker-radicale
container_name: radicale
restart: unless-stopped
init: true
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
- CHOWN
- KILL
volumes:
- ./volumes/data:/data
- ./volumes/config:/config:ro
networks:
- caddy
networks:
caddy:
external: false
driver: bridge

2
readme.md
View File

@ -2,5 +2,5 @@
Originally I was going to use a single main database container and build everything off of that. Originally I was going to use a single main database container and build everything off of that.
But you know what, this ends up being far more trouble than it seems to be worth. But you know what, this ends up being far more trouble than it seems to be worth.
If performance becomes an issue, I will revert back to this commit but for now, goodnight my sweet prince.
So instead I will couple each service with its own database and write environment vars there

72
seafile/docker-compose.yml
View File

@ -1,62 +1,54 @@
services: services:
mariadb:
image: mariadb:10.11
container_name: mariadb
env_file: "priv/env"
volumes:
- ./volumes/mariadb/db:/var/lib/mysql
networks:
- seafile
healthcheck:
test:
[
"CMD",
"/usr/local/bin/healthcheck.sh",
"--connect",
"--mariadbupgrade",
"--innodb_initialized",
]
interval: 20s
start_period: 30s
timeout: 5s
retries: 10
memcached: memcached:
image: memcached:1.6.29 image: memcached:1.6.29
container_name: seafile-memcached container_name: seafile-memcached
entrypoint: memcached -m 256 entrypoint: memcached -m 256
networks: networks:
- seafile-net - seafile
# notification-server:
# image: seafileltd/notification-server:12.0-latest
# container_name: seafile-notification-server
# restart: unless-stopped
# volumes:
# - volumes/seafile/noti:/shared
# environment:
# - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
# - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
# - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
# - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
# - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
# - JWT_PRIVATE_KEY=${SEAFILE_JWT_PRIVATE_KEY:?Variable is not set or empty}
# - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
# - NOTIFICATION_SERVER_LOG_LEVEL=${NOTIFICATION_SERVER_LOG_LEVEL:-info}
# labels:
# caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
# caddy.@ws.0_header: "Connection *Upgrade*"
# caddy.@ws.1_header: "Upgrade websocket"
# caddy.0_reverse_proxy: "@ws {{upstreams 8083}}"
# caddy.1_handle_path: "/notification*"
# caddy.1_handle_path.0_rewrite: "* {uri}"
# caddy.1_handle_path.1_reverse_proxy: "{{upstreams 8083}}"
# depends_on:
# db:
# condition: service_healthy
# networks:
# - seafile-net
seafile: seafile:
image: seafileltd/seafile-mc:12.0-latest image: seafileltd/seafile-mc:12.0-latest
container_name: seafile container_name: seafile
volumes: volumes:
# - /opt/seafile-mysql:/shared - ./volumes/seafile:/shared
- seafile-vol:/shared
env_file: "priv/env" env_file: "priv/env"
depends_on: depends_on:
db: mariadb:
condition: service_healthy condition: service_healthy
memcached: memcached:
condition: service_started condition: service_started
labels:
caddy: "https://seafile.keegandeppe.com"
caddy.reverse_proxy: "{{upstreams 80}}"
networks: networks:
- seafile-net - seafile
- caddy-net - caddy
volumes:
seafile-vol:
networks: networks:
seafile-net: seafile:
external: false external: false
caddy-net: caddy:
external: false external: false
driver: bridge driver: bridge

40
seafile/env
View File

@ -1,20 +1,46 @@
## Mariadb Settings
MYSQL_ROOT_PASSWORD=""
MYSQL_LOG_CONSOLE="true"
MARIADB_AUTO_UPGRADE=1
## Seafile Settings ## Seafile Settings
# COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml' # COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'
# COMPOSE_PATH_SEPARATOR=',' # COMPOSE_PATH_SEPARATOR=','
SEAFILE_VOLUME=volume/seafile/data TIME_ZONE="America/New_York"
SEAFILE_CADDY_VOLUME=volume/caddy/data
SEAFILE_MYSQL_DB_HOST="mariadb" SEAFILE_VOLUME="volumes/seafile/data"
SEAFILE_MYSQL_DB_USER="seafile" SEAFILE_CADDY_VOLUME="volumes/caddy/data"
SEAFILE_MYSQL_DB_PASSWORD=""
SEAFILE_JWT_PRIVATE_KEY="" DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD"
DB_HOST="mariadb"
DB_USER="seafile"
DB_PASSWORD=""
JWT_PRIVATE_KEY=""
SEAFILE_SERVER_HOSTNAME=""
SEAFILE_SERVER_PROTOCOL="https" SEAFILE_SERVER_PROTOCOL="https"
SEAFILE_SERVER_HOSTNAME=""
INIT_SEAFILE_ADMIN_EMAIL="" INIT_SEAFILE_ADMIN_EMAIL=""
INIT_SEAFILE_ADMIN_PASSWORD="" INIT_SEAFILE_ADMIN_PASSWORD=""
ENABLE_SEADOC=false ENABLE_SEADOC=false
# SEAFILE_VOLUME="volumes/seafile/data"
# SEAFILE_CADDY_VOLUME="volumes/caddy/data"
# DB_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD"
# SEAFILE_MYSQL_DB_HOST="mariadb"
# SEAFILE_MYSQL_DB_USER="seafile"
# SEAFILE_MYSQL_DB_PASSWORD=""
# SEAFILE_JWT_PRIVATE_KEY=""
# SEAFILE_SERVER_HOSTNAME=""
# SEAFILE_SERVER_PROTOCOL="https"
# INIT_SEAFILE_ADMIN_EMAIL=""
# INIT_SEAFILE_ADMIN_PASSWORD=""
# ENABLE_SEADOC=false