Add healthchecks and coder

caddy/.env

@@ -0,0 +1,3 @@
+ACME_CODER_USER=
+ACME_CODER_PASS=
+ACME_CODER_SUBD=

caddy/config/conf.002.d/coder.serguzim.me.conf

@@ -0,0 +1,12 @@
+coder.serguzim.me {
+	import default
+	reverse_proxy coder:7080
+}
+
+*.coder.serguzim.me {
+	import default
+
+	import acmedns {$ACMEDNS_CODER_USER} {$ACMEDNS_CODER_PASS} {$ACMEDNS_CODER_SUBD}
+
+	reverse_proxy coder:7080
+}

caddy/config/conf.002.d/msrg.cc.conf

@@ -1,6 +1,6 @@
 msrg.cc {
 	import default
-	header /.well-known/openpgpkey/* Access-Control-Allow-Origin *
+	header /.well-known/* Access-Control-Allow-Origin *
 
 	rewrite * /function/webpage-msrg-cc{uri}
 	reverse_proxy https://faas.serguzim.me {

caddy/config/snippets

@@ -17,3 +17,14 @@
 (default) {
 	encode zstd gzip
 }
+
+(acmedns) {
+	tls {
+		dns acmedns {
+			username {args.0}
+			password {args.1}
+			subdomain {args.2}
+			server_url https://acme.serguzim.me
+		}
+	}
+}

caddy/docker-compose.yml

@@ -12,6 +12,9 @@ services:
       - "443:443/udp"
       - "8008:8008"
       - "8448:8448"
+    env_file:
+      - .env
+      - .secret.env
     volumes:
       - ./config:/etc/caddy/
       - data:/data

coder/.env

@@ -0,0 +1,9 @@
+CODER_ADDRESS="0.0.0.0:7080"
+CODER_ACCESS_URL="https://coder.serguzim.me"
+CODER_WILDCARD_ACCESS_URL="*.coder.serguzim.me"
+
+CODER_PG_CONNECTION_URL="postgres://coder:xxxxxx@db.serguzim.me:5432/coder?sslmode=verify-full"
+
+CODER_OIDC_ISSUER_URL="https://auth.serguzim.me/application/o/coder-serguzim-me/"
+CODER_OIDC_CLIENT_ID=
+CODER_OIDC_CLIENT_SECRET=

coder/docker-compose.yml

@@ -0,0 +1,24 @@
+version: '3'
+services:
+  app:
+    image: ghcr.io/coder/coder:latest
+    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    ports:
+      - "7080:7080"
+    env_file:
+      - .env
+      - .secret.env
+    group_add:
+      - "972" # docker group on host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      apps:
+        aliases:
+          - coder
+
+networks:
+  apps:
+    external: true

healthcheck/.env

@@ -0,0 +1,15 @@
+USER_AGENT="healthcheck-bot for serguzim.net"
+
+HTTP_HC_UID=
+
+MATRIX_SERVER="https://matrix.msrg.cc"
+MATRIX_SERVER_FEDTESTER="msrg.cc"
+MATRIX_HC_UID=
+MATRIX_TOKEN=
+MATRIX_ROOM=
+
+MAIL_HC_UID=
+MAIL_HOST=mail.serguzim.me
+MAIL_PORT=587
+MAIL_USER=healthcheck@serguzim.me
+MAIL_PASS=

healthcheck/.gitignore

@@ -0,0 +1,2 @@
+/mailcheck.mail
+/msmtprc

healthcheck/Dockerfile

@@ -0,0 +1,7 @@
+FROM ubuntu
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt update -y \
+	&& apt install -y curl dnsutils msmtp gettext-base python3-pip python3-requests \
+	&& pip install matrix-nio

healthcheck/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3.7"
+
+x-common-elements:
+  &common-elements
+  build:
+    context: .
+  image: healthcheck
+  restart: never
+  env_file:
+    - .env
+    - .secret.env
+  volumes:
+    - ./:/opt
+
+services:
+  http:
+    <<: *common-elements
+    command: "/opt/http"
+  matrix:
+    <<: *common-elements
+    command: "/opt/matrix"
+  mail:
+    <<: *common-elements
+    command: "/opt/mail"
+
+networks:
+  default:
+    name: healthcheck
+    external: true

healthcheck/http

@@ -0,0 +1,47 @@
+#!/usr/bin/sh
+
+set -e
+cd /opt/ || exit
+
+hc_url="https://hc-ping.com/$HTTP_HC_UID"
+error=""
+
+alias curl_hc='curl -LA "$USER_AGENT" --retry 3'
+
+check_url ()
+{
+	url="https://$1"
+    echo "checking url $url ..."
+    dig A "$1" >/dev/null
+    if curl_hc -sSf "$url" >/dev/null 2>&1
+    then
+		echo "... good"
+	else
+        result=$(curl -Lv "$url" 2>&1)
+		error=$(printf "%s\n==========\n%s:\n%s" "$error" "$url" "$result")
+		echo "... bad"
+    fi
+}
+
+check_url "analytics.serguzim.me"
+check_url "auth.serguzim.me"
+check_url "ci.serguzim.me"
+check_url "cloud.serguzim.me"
+check_url "git.serguzim.me"
+check_url "graph.serguzim.me"
+check_url "hook.serguzim.me"
+check_url "mail.serguzim.me"
+check_url "msrg.cc"
+check_url "prometheus.serguzim.me/-/healthy"
+check_url "registry.serguzim.me"
+check_url "rss.serguzim.me"
+check_url "serguzim.me"
+check_url "wiki.serguzim.me"
+check_url "www.reitanlage-oranienburg.de"
+
+if [ "$error" = "" ]
+then
+    curl_hc "$hc_url" >/dev/null 2>&1
+else
+	curl_hc --data-raw "$error" "$hc_url/fail" >/dev/null 2>&1
+fi

healthcheck/mail

@@ -0,0 +1,9 @@
+#!/usr/bin/sh
+
+set -e
+cd /opt/ || exit
+
+envsubst < template.msmtprc > msmtprc
+envsubst < mailcheck.template.mail > mailcheck.mail
+
+msmtp -C /opt/msmtprc -a default "$MAIL_HC_UID@hc-ping.com" < /opt/mailcheck.mail

healthcheck/mailcheck.template.mail

@@ -0,0 +1,5 @@
+To: ${MAIL_HC_UID}@hc-ping.com
+From: ${MAIL_USER}
+Subject: Healthcheck
+
+Mailserver alive

healthcheck/matrix

@@ -0,0 +1,55 @@
+#!/usr/bin/python3
+
+import datetime
+import os
+import requests
+import sys
+
+import asyncio
+from nio import AsyncClient, RoomMessageNotice
+
+healthcheck_url = "https://hc-ping.com/" + os.environ['MATRIX_HC_UID']
+
+def send_ping(success, msg=""):
+    url = healthcheck_url
+    if not success:
+        url += "/fail"
+
+    requests.get(url, data=msg, headers={'user-agent': os.environ['USER_AGENT']})
+
+async def main():
+    try:
+        client = AsyncClient(os.environ['MATRIX_SERVER'])
+        client.access_token = os.environ['MATRIX_TOKEN']
+        client.device_id = os.environ['USER_AGENT']
+        await client.room_send(
+            room_id = os.environ['MATRIX_ROOM'],
+            message_type = "m.room.message",
+            content = {
+                "msgtype": "m.text",
+                "body": "!ping"
+            }
+        )
+    except Exception as e:
+        print(e)
+
+        print("exception during login or sending")
+        send_ping(False)
+        sys.exit(1)
+    await client.close()
+
+    url = "https://federationtester.matrix.org/api/report?server_name=" \
+        + os.environ['MATRIX_SERVER_FEDTESTER']
+    resp = requests.get(url)
+    data = resp.json() # Check the JSON Response Content documentation below
+    if data["FederationOK"] != True:
+        send_ping(False)
+        sys.exit(1)
+
+    requests.get(url=healthcheck_url)
+    send_ping(True)
+    sys.exit(0)
+
+
+
+asyncio.new_event_loop().run_until_complete(main())

healthcheck/template.msmtprc

@@ -0,0 +1,13 @@
+defaults
+auth on
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+logfile /tmp/msmtp.log
+
+account default
+host ${MAIL_HOST}
+port ${MAIL_PORT}
+tls_starttls on
+from ${MAIL_USER}
+user ${MAIL_USER}
+password ${MAIL_PASS}