From 73d9587e1d61d8e5a5c65c892722fccc515fe28d Mon Sep 17 00:00:00 2001 From: Oliver Date: Fri, 8 Aug 2025 18:22:58 -0300 Subject: [PATCH] docker --- alpine/.bashrc | 3 + app/etc/repositories | 3 + app/templates/docker-compose.yml | 41 +++++++++++++ app/templates/traefik.yaml | 101 +++++++++++++++++++++++++++++++ app/update | 26 +++++++- 5 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 app/etc/repositories create mode 100644 app/templates/docker-compose.yml create mode 100644 app/templates/traefik.yaml diff --git a/alpine/.bashrc b/alpine/.bashrc index 8c4ae6c..fba8c0e 100644 --- a/alpine/.bashrc +++ b/alpine/.bashrc @@ -5,6 +5,9 @@ echo "alias: set_prod" export hosts_file="/app/hosts.dev" +export PS1="\[\e[32m\]\h:\w\$\[\e[0m\] " +df -h . + set_prod() { export HOSTS_FILE="/app/hosts.all" echo "HOSTS_FILE set to: $HOSTS_FILE" diff --git a/app/etc/repositories b/app/etc/repositories new file mode 100644 index 0000000..a67f386 --- /dev/null +++ b/app/etc/repositories @@ -0,0 +1,3 @@ +http://alpinelinux.c3sl.ufpr.br/v3.22/main +http://alpinelinux.c3sl.ufpr.br/v3.22/community + diff --git a/app/templates/docker-compose.yml b/app/templates/docker-compose.yml new file mode 100644 index 0000000..59503a8 --- /dev/null +++ b/app/templates/docker-compose.yml @@ -0,0 +1,41 @@ +services: + + beedb: + image: postgres:16 + restart: always + environment: + - POSTGRES_DB=postgres + - POSTGRES_PASSWORD=deradmin + - POSTGRES_USER=deradmin1 + volumes: + - /OD8N/data/postgres:/var/lib/postgresql/data/ + - /OD8N/data/pg_backup/:/BACKUP/ + networks: + 4projects: + ipv4_address: 10.5.0.200 + + traefik: + image: docker.io/library/traefik:3.1 + container_name: traefik + ports: + - 80:80 + - 443:443 + #- 8080:8080 + volumes: + - /run/docker.sock:/run/docker.sock:ro + - /OD8N/config/traefik/etc:/etc/traefik + - /OD8N/data/traefik/certs:/certs + - /OD8N/data/traefik/traefik-logs:/var/log/traefik + networks: + - 4projects + restart: unless-stopped + +networks: + 4projects: + driver: bridge + ipam: + config: + - subnet: 10.5.0.0/16 + gateway: 10.5.0.1 + ip_range: 10.5.0.0/26 + diff --git a/app/templates/traefik.yaml b/app/templates/traefik.yaml new file mode 100644 index 0000000..06e9858 --- /dev/null +++ b/app/templates/traefik.yaml @@ -0,0 +1,101 @@ +global: + checkNewVersion: false + sendAnonymousUsage: false + +# -- (Optional) Change Log Level and Format here... +# - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL] +# - format [common, json, logfmt] +# log: +# level: ERROR +# format: common +# filePath: /var/log/traefik/traefik.log + +# -- (Optional) Enable Accesslog and change Format here... +# - format [common, json, logfmt] +accesslog: +# format: common + filePath: /var/log/traefik/access.log + +# -- (Optional) Enable API and Dashboard here, don't do in production +api: + dashboard: true + disableDashboardAd: true + insecure: true + +# -- Change EntryPoints here... +entryPoints: + web: + address: :80 + # -- (Optional) Redirect all HTTP to HTTPS + http: + redirections: + entryPoint: + to: websecure + scheme: https + websecure: + # http: + # middlewares: + # - crowdsec-bouncer@file + address: :443 + transport: + respondingTimeouts: + readTimeout: 0 + writeTimeout: 0 + idleTimeout: 42 + # -- (Optional) Add custom Entrypoint + # custom: + # address: :8080 + +# -- Configure your CertificateResolver here... +certificatesResolvers: +# staging: +# acme: +# email: your-email@example.com +# storage: /etc/traefik/certs/acme.json +# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" +# httpChallenge: +# entryPoint: web + + production: + acme: + email: oliver@odoo4projects.com + storage: /certs/acme.json + caServer: "https://acme-v02.api.letsencrypt.org/directory" + httpChallenge: + entryPoint: web + +# -- (Optional) Disable TLS Cert verification check +# serversTransport: +# insecureSkipVerify: true + +# -- (Optional) Overwrite Default Certificates +# tls: +# stores: +# default: +# defaultCertificate: +# certFile: /etc/traefik/certs/cert.pem +# keyFile: /etc/traefik/certs/cert-key.pem +# -- (Optional) Disable TLS version 1.0 and 1.1 +# options: +# default: +# minVersion: VersionTLS12 + +providers: + docker: + # -- (Optional) Enable this, if you want to expose all containers automatically + exposedByDefault: true + file: + directory: /etc/traefik + watch: true + + +http: + middlewares: + crowdsec-bouncer: + forwardauth: + address: http://bouncer-traefik:8080/api/v1/forwardAuth + trustForwardHeader: true + + + + diff --git a/app/update b/app/update index e0658ef..c9c03c0 100755 --- a/app/update +++ b/app/update @@ -1,16 +1,24 @@ #!/bin/bash +### SYSTEM SETUP ass doas mkdir -p /OD8N ass doas chmod 777 /OD8N ass mkdir -p /OD8N/data - +### PACKAGES +prsync -h "$hosts_file" -avz ./etc/repositories /OD8N/repositories +ass doas mv /OD8N/repositories /etc/apk/ ass doas apk update ass doas apk upgrade -ass doas apk add jq rsync mc vim +ass doas apk add jq rsync mc vim docker docker-compose htop linux-lts sqlite + +### own bins prsync -h "$hosts_file" -avz ./bin/OD8N/sbin/ /OD8N/sbin/ + +### API + #INSTALL API KEYS template templates/od8n /OD8N/od8n ./host_vars ass doas mv /OD8N/od8n /etc/od8n @@ -23,3 +31,17 @@ ass doas chown root:root /etc/init.d/od8n-api ass doas rc-update add od8n-api default ass doas rc-service od8n-api restart ass doas rc-update add od8n-api default + + +### Infrastructure +##### Docker +ass doas rc-service docker start +ass doas rc-update add docker boot + +ass mkdir /OD8N/config/ +template templates/traefik.yaml /OD8N/config/traefik.yaml ./host_vars + + +template templates/docker-compose.yml /OD8N/docker-compose.yml ./host_vars +ass doas docker-compose -f /OD8N/docker-compose.yml up -d +