Compare commits

..

No commits in common. "5373863a3e780469a3b6224d7364ab477e6c0b37" and "81c0797bd830ed1237cf406edc55a314db091e09" have entirely different histories.

14 changed files with 5 additions and 274 deletions

2
.gitignore vendored
View file

@ -1,3 +1 @@
*.secret.env *.secret.env
serguzim.net.png

View file

@ -1,71 +0,0 @@
""" Diagram to visualize serguzim.net """
from diagrams import Cluster, Diagram
from diagrams.oci.compute import Container, OCIRegistry
from diagrams.oci.storage import ObjectStorage
from diagrams.onprem.ci import Droneci
from diagrams.onprem.database import Influxdb, Postgresql
from diagrams.onprem.monitoring import Grafana, Prometheus
from diagrams.onprem.network import Caddy
from diagrams.onprem.vcs import Gitea
def add_to_groups(service, *groups):
""" Add a service to groups like 'db_users' """
for group in groups:
group.append(service)
with Diagram("serguzim.net", show=False):
node002 = Cluster("node002.serguzim.net")
node004 = Cluster("node004.serguzim.net")
exoscale_objectstore = ObjectStorage("Exoscale Object Storage")
with node002:
services = []
db_users = []
objectstore_users = []
proxy = Caddy()
ci = Droneci("ci.serguzim.me")
add_to_groups(ci, services, db_users)
db_time = Influxdb("tick.serguzim.me")
add_to_groups(db_time, services, db_users)
db = Postgresql("db.serguzim.me")
graph = Grafana("graph.serguzim.me")
add_to_groups(graph, services, db_users)
mail = Container("mail.serguzim.me")
add_to_groups(mail, services)
matrix = Container("matrix.serguzim.me")
add_to_groups(matrix, services, db_users, objectstore_users)
prometheus = Prometheus("prometheus.serguzim.me")
add_to_groups(prometheus, services)
registry = OCIRegistry("registry.serguzim.me")
add_to_groups(registry , services, db_users, objectstore_users)
vcs = Gitea("git.serguzim.me")
add_to_groups(vcs, services, db_users)
db_users >> db
proxy >> services
objectstore_users >> exoscale_objectstore
with node004:
services = []
proxy = Caddy()
minecraft = Container("minecraft.serguzim.me")
add_to_groups(minecraft, services)
proxy >> services

View file

@ -4,16 +4,12 @@ GITEA__database__NAME="gitea"
GITEA__database__USER="gitea" GITEA__database__USER="gitea"
GITEA__database__PASSWD="" GITEA__database__PASSWD=""
GITEA__database__SSL_MODE="verify-full" GITEA__database__SSL_MODE="verify-full"
GITEA__repository__ENABLE_PUSH_CREATE_USER="true" GITEA__repository__ENABLE_PUSH_CREATE_USER="true"
GITEA__repository__ENABLE_PUSH_CREATE_ORG="true" GITEA__repository__ENABLE_PUSH_CREATE_ORG="true"
GITEA__repository__DEFAULT_BRANCH="main" GITEA__repository__DEFAULT_BRANCH="main"
GITEA__cors__ENABLED="true" GITEA__cors__ENABLED="true"
GITEA__cors__SCHEME="https" GITEA__cors__SCHEME="https"
GITEA__ui__DEFAULT_THEME="arc-green" GITEA__ui__DEFAULT_THEME="arc-green"
GITEA__server__DOMAIN="git.serguzim.me" GITEA__server__DOMAIN="git.serguzim.me"
GITEA__server__SSH_DOMAIN="git.serguzim.me" GITEA__server__SSH_DOMAIN="git.serguzim.me"
GITEA__server__SSH_PORT="22" GITEA__server__SSH_PORT="22"
@ -21,41 +17,22 @@ GITEA__server__ROOT_URL="https://git.serguzim.me/"
GITEA__server__OFFLINE_MODE="true" GITEA__server__OFFLINE_MODE="true"
GITEA__server__LFS_JWT_SECRET="" GITEA__server__LFS_JWT_SECRET=""
GITEA__server__LFS_START_SERVER="true" GITEA__server__LFS_START_SERVER="true"
GITEA__security__INSTALL_LOCK="true" GITEA__security__INSTALL_LOCK="true"
GITEA__security__INTERNAL_TOKEN="" GITEA__security__INTERNAL_TOKEN=""
GITEA__security__SECRET_KEY="" GITEA__security__SECRET_KEY=""
GITEA__openid__ENABLE_OPENID_SIGNUP="true" GITEA__openid__ENABLE_OPENID_SIGNUP="true"
GITEA__openid__ENABLE_OPENID_SIGNIN="false" GITEA__openid__ENABLE_OPENID_SIGNIN="false"
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION="true" GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION="true"
GITEA__service__ENABLE_BASIC_AUTHENTICATION="false" GITEA__service__ENABLE_BASIC_AUTHENTICATION="false"
GITEA__service__NO_REPLY_ADDRESS="discard.msrg.cc" GITEA__service__NO_REPLY_ADDRESS="discard.msrg.cc"
GITEA__webhook__DELIVER_TIMEOUT="60" GITEA__webhook__DELIVER_TIMEOUT="60"
GITEA__mailer__ENABLED="true" GITEA__mailer__ENABLED="true"
GITEA__mailer__HOST="mail.serguzim.me:587" GITEA__mailer__HOST="mail.serguzim.me:587"
GITEA__mailer__FROM="Gitea <git@serguzim.me>" GITEA__mailer__FROM="Gitea <git@serguzim.me>"
GITEA__mailer__USER="git@serguzim.me" GITEA__mailer__USER="git@serguzim.me"
GITEA__mailer__PASSWD="" GITEA__mailer__PASSWD=""
GITEA__mailer__SEND_AS_PLAIN_TEXT="true" GITEA__mailer__SEND_AS_PLAIN_TEXT="true"
GITEA__picture__DISABLE_GRAVATAR="true" GITEA__picture__DISABLE_GRAVATAR="true"
GITEA__oauth2__JWT_SECRET="" GITEA__oauth2__JWT_SECRET=""
GITEA__metrics__ENABLED="true" GITEA__metrics__ENABLED="true"
GITEA__metrics__TOKEN="" GITEA__metrics__TOKEN=""
GITEA__storage__STORAGE_TYPE="minio"
GITEA__storage__MINIO_ENDPOINT="sos-de-fra-1.exo.io"
GITEA__storage__MINIO_ACCESS_KEY_ID=""
GITEA__storage__MINIO_SECRET_ACCESS_KEY=""
GITEA__storage__MINIO_BUCKET="git.serguzim.me"
GITEA__storage__MINIO_LOCATION="de-fra-1"
GITEA__storage__MINIO_USE_SSL="true"
GITEA__OTHER__SHOW_FOOTER_BRANDING="true"
GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME="false"

View file

@ -2,7 +2,7 @@ version: "3"
services: services:
server: server:
image: gitea/gitea:1.17 image: gitea/gitea:1.16
container_name: gitea container_name: gitea
env_file: env_file:
- .env - .env

View file

@ -8,9 +8,10 @@ services:
- .env - .env
- .secret.env - .secret.env
volumes: volumes:
- grafana-data:/var/lib/grafana/ - data:/var/lib/grafana/
user: "104" user: "104"
ports: ports:
- 3001:3000/tcp - 3001:3000/tcp
volumes: volumes:
grafana-data: data:

View file

@ -1,2 +0,0 @@
/secrets.yaml
msrg.cc.signing.key

View file

@ -1,74 +0,0 @@
# https://matrix-org.github.io/synapse/latest/usage/configuration/index.html
server_name: "msrg.cc"
pid_file: /data/homeserver.pid
public_baseurl: https://matrix.msrg.cc/
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names:
- client
- federation
- metrics
compress: false
admin_contact: "mailto:tobias@msrg.cc"
acme:
enabled: false
database:
name: "psycopg2"
args:
user: "synapse"
#password: ""
database: "synapse"
host: "node002.serguzim.me"
cp_min: 5
cp_max: 10
log_config: "/data/msrg.cc.log.config"
media_store_path: "/media_store"
max_upload_size: 500M
enable_registration: false
enable_metrics: true
report_stats: true
#macaroon_secret_key: ""
#form_secret: ""
signing_key_path: "/data/msrg.cc.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true
oidc_providers:
- idp_id: "auth_serguzim_me"
idp_name: "auth.serguzim.me"
issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
#client_id: ""
#client_secret: ""
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
email:
smtp_host: mail.serguzim.me
smtp_port: 587
smtp_user: "matrix@serguzim.me"
#smtp_pass: ""
require_transport_security: true
notif_from: "Matrix <matrix@serguzim.me>"
# vim:ft=yaml

View file

@ -1,22 +0,0 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
handlers: [console]
disable_existing_loggers: false

View file

@ -1,24 +0,0 @@
version: '3'
services:
synapse:
image: docker.io/matrixdotorg/synapse:latest
restart: always
environment:
- SYNAPSE_CONFIG_PATH=/data/
volumes:
- ./data:/data
- media_store:/media_store
ports:
- 8008:8008/tcp
synapse-admin:
image: awesometechnologies/synapse-admin:latest
restart: always
ports:
- "8009:80"
restart: always
volumes:
media_store:

View file

@ -1,17 +0,0 @@
TTRSS_DB_USER=tinytinyrss
TTRSS_DB_NAME=tinytinyrss
TTRSS_DB_PASS=
TTRSS_DB_TYPE=pgsql
TTRSS_DB_HOST=db.serguzim.me
TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/
# You can customize other config.php defines by setting overrides here.
# See app/Dockerfile for complete list. Examples:
# TTRSS_PLUGINS=auth_remote
# TTRSS_SINGLE_USER_MODE=true
# TTRSS_SESSION_COOKIE_LIFETIME=2592000
# TTRSS_FORCE_ARTICLE_PURGE=30
# etc, etc.
HTTP_PORT=8280

View file

@ -1,35 +0,0 @@
version: '3'
services:
app:
image: cthulhoo/ttrss-fpm-pgsql-static
restart: always
env_file:
- .env
- .secret.env
volumes:
- app:/var/www/html
updater:
image: cthulhoo/ttrss-fpm-pgsql-static
restart: always
env_file:
- .env
volumes:
- app:/var/www/html
depends_on:
- app
command: /opt/tt-rss/updater.sh
web-nginx:
image: cthulhoo/ttrss-web-nginx
restart: always
ports:
- ${HTTP_PORT}:80
volumes:
- app:/var/www/html:ro
depends_on:
- app
volumes:
app:

View file

@ -4,7 +4,7 @@ services:
restart: always restart: always
command: /usr/local/bin/webdis /config/webdis.json command: /usr/local/bin/webdis /config/webdis.json
volumes: volumes:
- ./webdis.json:/config/webdis.json - ./:/config
networks: networks:
- shared - shared
depends_on: depends_on: