Add synapse and tt-rss; Fix gitea, grafana and webdis

Start basic diagram for services
2022-08-01 23:42:11 +02:00 · 2022-08-01 23:34:12 +02:00
14 changed files with 274 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 *.secret.env
+
+serguzim.net.png
--- a/diagram.py
+++ b/diagram.py
@ -0,0 +1,71 @@
+""" Diagram to visualize serguzim.net """
+
+from diagrams import Cluster, Diagram
+
+from diagrams.oci.compute import Container, OCIRegistry
+from diagrams.oci.storage import ObjectStorage
+
+from diagrams.onprem.ci import Droneci
+from diagrams.onprem.database import Influxdb, Postgresql
+from diagrams.onprem.monitoring import Grafana, Prometheus
+from diagrams.onprem.network import Caddy
+from diagrams.onprem.vcs import Gitea
+
+def add_to_groups(service, *groups):
+    """ Add a service to groups like 'db_users' """
+    for group in groups:
+        group.append(service)
+
+
+with Diagram("serguzim.net", show=False):
+
+    node002 = Cluster("node002.serguzim.net")
+    node004 = Cluster("node004.serguzim.net")
+
+    exoscale_objectstore = ObjectStorage("Exoscale Object Storage")
+
+    with node002:
+        services = []
+        db_users = []
+        objectstore_users = []
+
+        proxy = Caddy()
+
+        ci = Droneci("ci.serguzim.me")
+        add_to_groups(ci, services, db_users)
+
+        db_time = Influxdb("tick.serguzim.me")
+        add_to_groups(db_time, services, db_users)
+
+        db = Postgresql("db.serguzim.me")
+
+        graph = Grafana("graph.serguzim.me")
+        add_to_groups(graph, services, db_users)
+
+        mail = Container("mail.serguzim.me")
+        add_to_groups(mail, services)
+
+        matrix = Container("matrix.serguzim.me")
+        add_to_groups(matrix, services, db_users, objectstore_users)
+
+        prometheus = Prometheus("prometheus.serguzim.me")
+        add_to_groups(prometheus, services)
+
+        registry = OCIRegistry("registry.serguzim.me")
+        add_to_groups(registry , services, db_users, objectstore_users)
+
+        vcs = Gitea("git.serguzim.me")
+        add_to_groups(vcs, services, db_users)
+
+        db_users >> db
+        proxy >> services
+        objectstore_users >> exoscale_objectstore
+
+    with node004:
+        services = []
+
+        proxy = Caddy()
+        minecraft = Container("minecraft.serguzim.me")
+        add_to_groups(minecraft, services)
+
+        proxy >> services
--- a/gitea/.env
+++ b/gitea/.env
@ -4,12 +4,16 @@ GITEA__database__NAME="gitea"
 GITEA__database__USER="gitea"
 GITEA__database__PASSWD=""
 GITEA__database__SSL_MODE="verify-full"
+
 GITEA__repository__ENABLE_PUSH_CREATE_USER="true"
 GITEA__repository__ENABLE_PUSH_CREATE_ORG="true"
 GITEA__repository__DEFAULT_BRANCH="main"
+
 GITEA__cors__ENABLED="true"
 GITEA__cors__SCHEME="https"
+
 GITEA__ui__DEFAULT_THEME="arc-green"
+
 GITEA__server__DOMAIN="git.serguzim.me"
 GITEA__server__SSH_DOMAIN="git.serguzim.me"
 GITEA__server__SSH_PORT="22"
@ -17,22 +21,41 @@ GITEA__server__ROOT_URL="https://git.serguzim.me/"
 GITEA__server__OFFLINE_MODE="true"
 GITEA__server__LFS_JWT_SECRET=""
 GITEA__server__LFS_START_SERVER="true"
+
 GITEA__security__INSTALL_LOCK="true"
 GITEA__security__INTERNAL_TOKEN=""
 GITEA__security__SECRET_KEY=""
+
 GITEA__openid__ENABLE_OPENID_SIGNUP="true"
 GITEA__openid__ENABLE_OPENID_SIGNIN="false"
+
 GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION="true"
 GITEA__service__ENABLE_BASIC_AUTHENTICATION="false"
 GITEA__service__NO_REPLY_ADDRESS="discard.msrg.cc"
+
 GITEA__webhook__DELIVER_TIMEOUT="60"
+
 GITEA__mailer__ENABLED="true"
 GITEA__mailer__HOST="mail.serguzim.me:587"
 GITEA__mailer__FROM="Gitea <git@serguzim.me>"
 GITEA__mailer__USER="git@serguzim.me"
 GITEA__mailer__PASSWD=""
 GITEA__mailer__SEND_AS_PLAIN_TEXT="true"
+
 GITEA__picture__DISABLE_GRAVATAR="true"
+
 GITEA__oauth2__JWT_SECRET=""
+
 GITEA__metrics__ENABLED="true"
 GITEA__metrics__TOKEN=""
+
+GITEA__storage__STORAGE_TYPE="minio"
+GITEA__storage__MINIO_ENDPOINT="sos-de-fra-1.exo.io"
+GITEA__storage__MINIO_ACCESS_KEY_ID=""
+GITEA__storage__MINIO_SECRET_ACCESS_KEY=""
+GITEA__storage__MINIO_BUCKET="git.serguzim.me"
+GITEA__storage__MINIO_LOCATION="de-fra-1"
+GITEA__storage__MINIO_USE_SSL="true"
+
+GITEA__OTHER__SHOW_FOOTER_BRANDING="true"
+GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME="false"
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -2,7 +2,7 @@ version: "3"

 services:
  server:
-    image: gitea/gitea:1.16
+    image: gitea/gitea:1.17
    container_name: gitea
    env_file:
    - .env
--- a/monitoring/.env
+++ b/monitoring/.env
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@ -8,10 +8,9 @@ services:
      - .env
      - .secret.env
    volumes:
-      - data:/var/lib/grafana/
+      - grafana-data:/var/lib/grafana/
    user: "104"
    ports:
      - 3001:3000/tcp
-
 volumes:
-  data:
+  grafana-data:
--- a/synapse/data/.gitignore
+++ b/synapse/data/.gitignore
@ -0,0 +1,2 @@
+/secrets.yaml
+msrg.cc.signing.key
--- a/synapse/data/homeserver.yaml
+++ b/synapse/data/homeserver.yaml
@ -0,0 +1,74 @@
+# https://matrix-org.github.io/synapse/latest/usage/configuration/index.html
+
+server_name: "msrg.cc"
+pid_file: /data/homeserver.pid
+public_baseurl: https://matrix.msrg.cc/
+allow_public_rooms_without_auth: true
+allow_public_rooms_over_federation: true
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names:
+        - client
+        - federation
+        - metrics
+        compress: false
+
+admin_contact: "mailto:tobias@msrg.cc"
+
+acme:
+    enabled: false
+
+database:
+ name: "psycopg2"
+ args:
+   user: "synapse"
+   #password: ""
+   database: "synapse"
+   host: "node002.serguzim.me"
+   cp_min: 5
+   cp_max: 10
+
+log_config: "/data/msrg.cc.log.config"
+media_store_path: "/media_store"
+max_upload_size: 500M
+enable_registration: false
+enable_metrics: true
+report_stats: true
+
+#macaroon_secret_key: ""
+#form_secret: ""
+signing_key_path: "/data/msrg.cc.signing.key"
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+suppress_key_server_warning: true
+
+oidc_providers:
+  - idp_id: "auth_serguzim_me"
+    idp_name: "auth.serguzim.me"
+    issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
+    #client_id: ""
+    #client_secret: ""
+    scopes:
+      - "openid"
+      - "profile"
+      - "email"
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+
+email:
+  smtp_host: mail.serguzim.me
+  smtp_port: 587
+  smtp_user: "matrix@serguzim.me"
+  #smtp_pass: ""
+  require_transport_security: true
+  notif_from: "Matrix <matrix@serguzim.me>"
+
+# vim:ft=yaml
--- a/synapse/data/msrg.cc.log.config
+++ b/synapse/data/msrg.cc.log.config
@ -0,0 +1,22 @@
+version: 1
+
+formatters:
+  precise:
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+root:
+    level: INFO
+    handlers: [console]
+
+disable_existing_loggers: false
--- a/synapse/docker-compose.yml
+++ b/synapse/docker-compose.yml
@ -0,0 +1,24 @@
+version: '3'
+
+services:
+
+  synapse:
+    image: docker.io/matrixdotorg/synapse:latest
+    restart: always
+    environment:
+      - SYNAPSE_CONFIG_PATH=/data/
+    volumes:
+      - ./data:/data
+      - media_store:/media_store
+    ports:
+      - 8008:8008/tcp
+
+  synapse-admin:
+    image: awesometechnologies/synapse-admin:latest
+    restart: always
+    ports:
+      - "8009:80"
+    restart: always
+
+volumes:
+  media_store:
--- a/tt-rss/.env
+++ b/tt-rss/.env
@ -0,0 +1,17 @@
+TTRSS_DB_USER=tinytinyrss
+TTRSS_DB_NAME=tinytinyrss
+TTRSS_DB_PASS=
+TTRSS_DB_TYPE=pgsql
+TTRSS_DB_HOST=db.serguzim.me
+
+TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/
+
+# You can customize other config.php defines by setting overrides here.
+# See app/Dockerfile for complete list. Examples:
+# TTRSS_PLUGINS=auth_remote
+# TTRSS_SINGLE_USER_MODE=true
+# TTRSS_SESSION_COOKIE_LIFETIME=2592000
+# TTRSS_FORCE_ARTICLE_PURGE=30
+# etc, etc.
+
+HTTP_PORT=8280
--- a/tt-rss/docker-compose.yml
+++ b/tt-rss/docker-compose.yml
@ -0,0 +1,35 @@
+version: '3'
+
+services:
+  app:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: always
+    env_file:
+      - .env
+      - .secret.env
+    volumes:
+      - app:/var/www/html
+
+  updater:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: always
+    env_file:
+      - .env
+    volumes:
+      - app:/var/www/html
+    depends_on:
+      - app
+    command: /opt/tt-rss/updater.sh
+
+  web-nginx:
+    image: cthulhoo/ttrss-web-nginx
+    restart: always
+    ports:
+      - ${HTTP_PORT}:80
+    volumes:
+      - app:/var/www/html:ro
+    depends_on:
+      - app
+
+volumes:
+  app:
--- a/webdis/docker-compose.yml
+++ b/webdis/docker-compose.yml
@ -4,7 +4,7 @@ services:
    restart: always
    command: /usr/local/bin/webdis /config/webdis.json
    volumes:
-      - ./:/config
+      - ./webdis.json:/config/webdis.json
    networks:
      - shared
    depends_on:
--- a/webdis/webdis.json
+++ b/webdis/webdis.json
Author	SHA1	Message	Date
Tobias Reisinger	5373863a3e	Add synapse and tt-rss; Fix gitea, grafana and webdis	2022-08-01 23:42:11 +02:00
Tobias Reisinger	bf0f991b49	Start basic diagram for services	2022-08-01 23:34:12 +02:00