Oliver/cc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working traefik

Browse Source
This commit is contained in:
Oliver
2025-08-30 09:53:31 +02:00
parent 9726dc0060
commit 86acea94b9
29 changed files with 378 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/README.md Normal file
View File

@@ -0,0 +1,9 @@
aaa-bbb-UUID
aaa = server
001 = manchester
002 = boston
bbb = image
001 = n8n
002 = ODOO_18
003 = ODOO_19

11
app/firewall
View File

@@ -1,11 +0,0 @@
#! ----------- install ufe
rex doas rc-update add ufw
rex doas rc-service ufw start
rex doas ufw default deny incoming
rex doas ufw default allow outgoing
rex doas ufw allow 80/tcp
rex doas ufw allow 443/tcp
rex doas ufw enable
rex doas ufw status verbose

1
app/host_vars/boston
View File

@@ -1 +0,0 @@
API_KEY=4lnZRkRB7ke0A2zkX0T

1
app/host_vars/london
View File

@@ -1 +0,0 @@
API_KEY=4h6lDzAOVksuCqmhEB3

1
app/host_vars/mumbai
View File

@@ -1 +0,0 @@
API_KEY=4SSJxWKmuwblhzd3F5L

1
app/host_vars/saopaulo
View File

@@ -1 +0,0 @@
API_KEY=7WxFrFAvQjVIJF1sLzl

4
app/hosts.all
View File

@@ -1,4 +0,0 @@
saopaulo
mumbai
boston
london

1
app/hosts.dev
View File

@@ -1 +0,0 @@
dev

20
app/onboarding
View File

@@ -3,16 +3,24 @@ template templates/hostname /etc/hostname
rex doas apk update
rex doas apk add bash doas openssh
rex doas apk add bash doas openssh linux-lts
### activate lts kerner
template templates/extlinux.conf /boot/extlinux.conf
rex doas chown root:root /boot/extlinux.conf
rex doas chmod 644 /boot/extlinux.conf
# ass swap file ????
# ------ disable root user and login
rex doas mkdir -p /4server
rex doas chmod 777 /4server
# ----- install nabula
echo "prsync nebula bin"
prsync -h "$hosts_file" -avz ./sbin/nebula /4server/nebula
prsync -h "/app/host_vars/hosts" -avz ./sbin/nebula /4server/nebula
rex doas mv /4server/nebula /usr/bin/
rex doas mkdir -p /etc/nebula
@@ -29,7 +37,7 @@ template templates/init.d/nebula /etc/init.d/nebula
rex doas chmod 0755 /etc/init.d/nebula
rex doas chown root:root /etc/init.d/nebula
rex doas rc-update add nebula default
rex doas rc-service nebula restart
### nebula restart must be last command
template templates/init.d/ping_service /etc/init.d/ping_service
rex doas chmod 0755 /etc/init.d/ping_service
@@ -53,6 +61,7 @@ rex doas chmod 700 /home/4server/.ssh
rex doas chmod 600 /home/4server/.ssh/authorized_keys
rex doas chown 4server:4server /home/4server/.ssh/authorized_keys
rex doas usermod -p Ne82Vrx8QfUdNHvLgct 4server
rex doas passwd -u 4server
@@ -61,8 +70,9 @@ rex doas passwd -u 4server
rex doas mkdir -p /etc/doas.d
rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"
rex "doas sh -c 'sed -i \"s/^#\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config'"
rex "doas sh -c 'sed -i \"s/^#\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config.d/50-cloud-init.conf'"
rex doas rc-service sshd restart
rex doas rc-service nebula restart
rex doas reboot

18
app/sbin/api
View File

@@ -15,7 +15,7 @@ from datetime import datetime
DB_PATH = "/4server/data/contracts.db"
BIN_PATH = "/4server/sbin"
API_KEY = os.getenv("API_KEY", "your-secret-api-key")
VERSION = "API: 0.0.6"
VERSION = "API: 0.0.7"
# FastAPI app
app = FastAPI()
@@ -65,19 +65,25 @@ def init_db():
def execute_db(query: str, params: tuple = (), fetch: bool = False):
conn = sqlite3.connect(DB_PATH)
conn.row_factory = sqlite3.Row # <-- Add this line
cursor = conn.cursor()
cursor.execute(query, params)
conn.commit()
data = cursor.fetchall() if fetch else None
conn.close()
if data and fetch:
return [dict(row) for row in data] # Convert each row to dict
return data
# ---------------------- Models ----------------------
class ContainerModel(BaseModel):
UUID: Optional[str] = None
email: str
expires: str
email: Optional[str] = None
expires: Optional[str] = None
tags: Optional[str] = None
env: Optional[str] = None
affiliate: Optional[str] = None
@@ -85,13 +91,13 @@ class ContainerModel(BaseModel):
history: Optional[str] = None
comment: Optional[str] = None
domains: Optional[str] = None
status: str
created: str
status: Optional[str] = None
created: Optional[str] = None
bump: Optional[str] = None
class ContainerIDRequest(BaseModel):
container_id: str
container_id: Optional[str] = None
class UpdateContainerRequest(ContainerModel):

BIN
app/sbin/nebula-cert Executable file
View File

Binary file not shown.

183
app/sbin/start/ODOO_18 Executable file
View File

@@ -0,0 +1,183 @@
#/bin/bash
echo "Start container ODOO_18: $UUID""
export PATH=/4SERVER/sbin:$PATH
SERVER_IP=$( ip -4 addr show eth0 | awk '/inet/ {print $2}' | cut -d/ -f1 )
echo "SERVER_IP $SERVER_IP"
if [ -z "$1" ]; then
exit 0
else
BASEURL="/4SERVER/data/$1/"
fi
DOMAIN="$UUID.odoo4projects.com $DOMAIN"
CLIENT_DOMAIN=$(cat ${BASEURL}etc/domain)
echo "CLIENT_DOMAIN: $CLIENT_DOMAIN"
echo ""
if [[ -n "$CLIENT_DOMAIN" ]]; then
DOMAIN+=" www.$CLIENT_DOMAIN $CLIENT_DOMAIN"
fi
echo "Domains: $DOMAIN"
NEW=0
if [ ! -d "$BASEURL" ]; then
echo "NEW CLIENT !!!"
echo "Wait for DNS to update"
WAIT=true
START_TIME=$(date +%s)
while $WAIT; do
nslookup "$1.odoo4projects.com" > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Domain $DOMAIN resolved successfully."
WAIT=false
fi
CURRENT_TIME=$(date +%s)
ELAPSED_TIME=$((CURRENT_TIME - START_TIME))
if [ $ELAPSED_TIME -ge 120 ]; then
echo "Timeout reached. Domain $DOMAIN could not be resolved."
WAIT=false
fi
sleep 5
done
NEW=1
fi
echo "Get valid DNS entries:"
filtered_domains=""
for domain in $DOMAIN; do
nslookup_output=$(nslookup "$domain" 2>/dev/null)
status=$?
echo "DOMAIN: $domain $status"
if [[ $status -eq 0 ]]; then
#ns_ip=$(echo "$nslookup_output" | grep 'Address:' | tail -n1 | awk '{print $2}')
ns_ip=$(echo "$nslookup_output" | grep -Eo 'Address: ([0-9]{1,3}\.){3}[0-9]{1,3}' | awk '{print $2}' | tail -n1)
echo "NS IP $ns_ip"
if [[ "$ns_ip" == "$SERVER_IP" ]]; then
filtered_domains+=" $domain"
echo "Domain added $filtered_domains"
fi
else
echo "Failed to nslookup $domain -- $ns_ip"
fi
done
filtered_domains=$(echo "$filtered_domains" | xargs)
echo "Filtered domains: $filtered_domains"
DOMAIN_LABEL=""
for domain in $filtered_domains; do
if [ -z "$DOMAIN_LABEL" ]; then
DOMAIN_LABEL="traefik.http.routers.$1.rule=Host(\`$domain\`)"
else
DOMAIN_LABEL+=" || Host(\`$domain\`)"
fi
done
echo $DOMAIN_LABEL
echo "end domains"
exit 0
echo "BASEURL: $BASEURL"
PORT=$((CONTRACT_ID + 2200))
echo "CREATING PORT $PORT"
UUID="${1:-default}"
DATA_DIR="${BASEURL}odoo/"
CUSTOM_DIR="${BASEURL}git/$UUID/custom/"
ENTERPRISE_DIR="${BASEURL}git/$UUID/enterprise/"
LOGS_DIR="${BASEURL}logs/"
CONFIG_DIR="${BASEURL}config/"
CC_DIR="${BASEURL}cc/"
BACKUP_DIR="/BACKUP/$1"
GIT_DIR="${BASEURL}git-server/"
ETC_DIR="${BASEURL}etc/"
INSTALL_DIR="${BASEURL}install/"
SSH_DIR="${BASEURL}.ssh/"
HUGO_DIR="${BASEURL}git-server/local/hugo"
log restoreODOO "DOMAIN_LABEL $DOMAIN_LABEL"
log restoreODOO "CREATING CONTAINER $UUID"
echo "Stopping and Deleting Contianer"
d stop $UUID
d container rm $UUID
echo "Done Stopping & Deleting containers Errors above are OK"
EXTRA_DOCKER_PARAMETER=""
if [ -d "$HUGO_DIR" ]; then
EXTRA_DOCKER_PARAMETER="-v $HUGO_DIR:/mnt/hugo"
fi
echo "******************"
echo $EXTRA_DOCKER_PARAMETER
echo $HUGO_DIR
echo ***********************""
# start container - check done in checkContractsBee
sudo docker run -d --name "$UUID" \
--network docker-compose_4projects \
--restart=always \
$EXTRA_DOCKER_PARAMETER \
-v "$DATA_DIR/odoo-web-data:/var/lib/odoo" \
-v "$CUSTOM_DIR:/mnt/addons/custom" \
-v "$ENTERPRISE_DIR:/mnt/addons/enterprise" \
-v "$LOGS_DIR:/mnt/logs" \
-v "$CC_DIR:/mnt/cc" \
-v "$BACKUP_DIR:/mnt/backup" \
-v "$CONFIG_DIR:/etc/odoo" \
-v "$GIT_DIR:/git-server" \
-v "$ETC_DIR:/mnt/etc" \
-v "$INSTALL_DIR:/mnt/install" \
-v "$SSH_DIR:/etc/sshkey" \
-p "$PORT:22" \
-e HOST=beedb \
-e USER=$UUID \
-e PASSWORD=$UUID \
-e STAGING=$STAGING \
--label "$DOMAIN_LABEL" \
--label "traefik.http.services.$1.loadbalancer.server.port=8069" \
--label "traefic.http.routers.$1.entrypoints=web, websecure" \
--label "traefik.http.routers.$1.tls.certresolver=production" \
--label "traefik.http.routers.$1.tls=true" \
--label "traefik.http.routers.$1.service=$1" \
--label "traefik.http.routers.$1_S.entrypoints=web,websecure" \
--label "traefik.http.routers.$1_S.rule=Host(\`s.$1.odoo4projects.com\`)" \
--label "traefik.http.routers.$1_S.tls.certresolver=production" \
--label "traefik.http.routers.$1_S.tls=true" \
--label "traefik.http.services.$1_S.loadbalancer.server.port=8070" \
--label "traefik.http.routers.$1_S.service=$1_S" \
docker.odoo4projects.com/4projects/odoo_18:$BRANCH
sudo chmod 777 $DATA_DIR/odoo-web-data
sudo mkdir $ETC_DIR
sudo chmod 777 $ETC_DIR
sudo chmod 777 $INSTALL_DIR
sudo cp /4PROJECTS/config/odoo_18/odoo.conf $CONFIG_DIR
sudo cp /4PROJECTS/config/odoo_18/staging.conf $CONFIG_DIR
echo "git clone ssh://git@$1.odoo4projects.com:$PORT/git-server/repos/odoo.git" > $ETC_DIR/gitpath
echo "$1" > $ETC_DIR/uuid
d exec -it $1 chown -R odoo /mnt
d exec -it $1 chgrp -R odoo /mnt/
d exec -it $1 chown -R git /git-server
d exec -it $1 chgrp -R git /git-server
d exec -it $1 chmod -R g+rw /git-server
if [ "$NEW" -eq 1 ]; then
restoreODOO $1 default.zip
echo "here"
restoreODOO ${1}_ default.zip
echo "there"
fi

5
app/sbin/startContainer
View File

@@ -34,7 +34,6 @@ done < <(sqlite3 "$DB_PATH" "
")
# Debug: print loaded environment variables
env | grep -E 'UUID|EMAIL|EXPIRES|TAGS|ENV|AFFILIATE|IMAGE|HISTORY|COMMENT|DOMAINS|STATUS|CREATED|BUMP'
@@ -50,10 +49,10 @@ case "$SECOND_PART" in
"$BIN_PATH/start/n8n"
;;
002)
"$BIN_PATH/start/ODOO18"
"$BIN_PATH/start/ODOO_18"
;;
003)
"$BIN_PATH/start/ODOO19"
"$BIN_PATH/start/ODOO_19"
;;
*)
echo "Unknown UUID type: $SECOND_PART"

2
app/templates/.profile
View File

@@ -5,4 +5,4 @@ echo "Server {{HOSTNAME}}"
export PS1="\[\e[32m\]\h:\w\$\[\e[0m\] "
df -h .
cd /4server

1
app/templates/docker-compose.yml
View File

@@ -20,7 +20,6 @@ services:
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /run/docker.sock:/run/docker.sock:ro
- /4server/data/traefik/etc:/etc/traefik

23
app/templates/extlinux.conf Normal file
View File

@@ -0,0 +1,23 @@
SERIAL ttyS0 115200
DEFAULT menu.c32
PROMPT 0
MENU TITLE Alpine/Linux Boot Menu
MENU HIDDEN
MENU AUTOBOOT Alpine will be booted automatically in # seconds.
TIMEOUT 100
LABEL virt
MENU LABEL Linux virt
LINUX vmlinuz-virt
INITRD initramfs-virt
APPEND root=LABEL=/ modules=sd-mod,usb-storage,ext4 console=ttyS0,115200n8 console=ttyAMA0,115200n8
LABEL lts
MENU DEFAULT
MENU LABEL Linux lts
LINUX vmlinuz-lts
INITRD initramfs-lts
APPEND root=LABEL=/ modules=sd-mod,usb-storage,ext4 console=ttyS0,115200n8 console=ttyAMA0,115200n8
MENU SEPARATOR

10
app/templates/nebula/config.yml
View File

@@ -50,18 +50,14 @@ firewall:
inbound:
- port: any #ping
proto: icmp
host: any
groups:
- admin
- port: 22 #GIT
proto: tcp
groups:
- admin
- ansible
- port: 8080
proto: tcp
groups:
-admin

15
app/templates/traefik.yaml
View File

@@ -6,9 +6,9 @@ accesslog:
filePath: /var/log/traefik/access.log
api:
dashboard: true
dashboard: false
disableDashboardAd: true
insecure: true
insecure: false
entryPoints:
web:
@@ -29,9 +29,6 @@ entryPoints:
readTimeout: 0
writeTimeout: 0
idleTimeout: 42
# -- (Optional) Add custom Entrypoint
# custom:
# address: :8080
# -- Configure your CertificateResolver here...
certificatesResolvers:
@@ -85,16 +82,16 @@ http:
routers:
saopaulo-router:
rule: "Host(`dev.local`)"
service: saopaulo-service
api-router:
rule: "Host(`{{HOSTNAME}}.odoo4projects.com`)"
service: api-service
entryPoints:
- websecure
tls:
certResolver: production
services:
saopaulo-service:
api-service:
loadBalancer:
servers:
- url: "http://10.5.0.1:8888"

8
app/update
View File

@@ -12,15 +12,13 @@ template templates/.profile /home/4server/.profile
### PACKAGES
template templates/repositories /etc/apk/repositories
rex "doas apk update && doas apk upgrade"
rex doas apk add openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
rex doas apk add linux-lts openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
rex doas pip install --root-user-action ignore --break-system-packages --no-cache-dir "uvicorn[standard]" fastapi pydantic psutil
### own bins
echo "Running prsync ./sbin"
prsync -h "$hosts_file" -avz ./sbin/ /4server/sbin/
prsync -h "/app/host_vars/hosts" -avz ./sbin/ /4server/sbin/
### API
@@ -48,7 +46,7 @@ template templates/traefik.yaml /4server/data/traefik/etc/traefik.yaml
rex mkdir -p /4server/data/traefik/etc/certs
echo "prsync traefik certs"
prsync -h "$hosts_file" -avz ./etc/traefik/certs/* /4server/data/traefik/etc/certs/
prsync -h "/app/host_vars/hosts" -avz ./etc/traefik/certs/* /4server/data/traefik/etc/certs/
template templates/docker-compose.yml /4server/docker-compose.yml
rex doas docker-compose -f /4server/docker-compose.yml up -d --force-recreate

35
app/vault/close Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/sh
set -euo pipefail
MAPPER_NAME="host_vars_crypt"
MOUNT_POINT="/app/host_vars"
# Unmount if mounted
if mountpoint -q "$MOUNT_POINT"; then
echo "Unmounting $MOUNT_POINT..."
umount "$MOUNT_POINT"
else
echo "$MOUNT_POINT is not mounted."
fi
if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
echo "Closing stale mapping $MAPPER_NAME..."
if ! cryptsetup close "$MAPPER_NAME"; then
echo "cryptsetup close failed, forcing dmsetup remove..."
dmsetup remove --force --retry "$MAPPER_NAME" || true
fi
fi
# Close the LUKS/dm-crypt device if open
if [ -e "/dev/mapper/$MAPPER_NAME" ]; then
echo "Closing /dev/mapper/$MAPPER_NAME..."
cryptsetup close "$MAPPER_NAME"
else
echo "Mapper $MAPPER_NAME is not active."
fi
echo "Vault is now closed."

45
app/vault/create Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
set -euo pipefail
VAULT_DIR="/app/vault"
VAULT_FILE="$VAULT_DIR/host_vars.img"
MAPPER_NAME="host_vars_crypt"
MOUNT_POINT="/app/host_vars"
SIZE_MB=25
# Prepare directories
mkdir -p "$VAULT_DIR"
mkdir -p "$MOUNT_POINT"
# Create 5MB backing file if it doesn't exist
if [ ! -f "$VAULT_FILE" ]; then
echo "Creating $SIZE_MB MB vault file at $VAULT_FILE"
dd if=/dev/zero of="$VAULT_FILE" bs=1M count=$SIZE_MB
fi
# Setup LUKS encryption if not already formatted
if ! cryptsetup isLuks "$VAULT_FILE"; then
echo "Formatting with LUKS (you will be prompted for a passphrase)..."
cryptsetup luksFormat "$VAULT_FILE"
fi
# Open the encrypted volume
if ! [ -e "/dev/mapper/$MAPPER_NAME" ]; then
echo "Opening encrypted volume..."
cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
fi
# Create filesystem if not already present
if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
echo "Creating ext4 filesystem..."
mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
fi
# Mount it
if ! mountpoint -q "$MOUNT_POINT"; then
echo "Mounting at $MOUNT_POINT"
mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
fi
echo "Encrypted volume is ready and mounted at $MOUNT_POINT"

BIN
app/vault/host_vars.img Normal file
View File

Binary file not shown.

32
app/vault/open Executable file
View File

@@ -0,0 +1,32 @@
#!/bin/sh
set -euo pipefail
VAULT_FILE="/app/vault/host_vars.img"
MAPPER_NAME="host_vars_crypt"
MOUNT_POINT="/app/host_vars"
mkdir -p "$MOUNT_POINT"
# Always close if active
if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
echo "Closing stale mapping $MAPPER_NAME..."
cryptsetup close "$MAPPER_NAME"
fi
# Open
echo "Opening encrypted volume..."
cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
# Format if needed
if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
echo "No filesystem found, creating ext4..."
mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
fi
# Mount
echo "Mounting at $MOUNT_POINT..."
mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
echo "Vault is mounted at $MOUNT_POINT"