From 9b41dbdcb2c810804417b9ffc4e74a7b3e534ac2 Mon Sep 17 00:00:00 2001 From: Daniel Weipert Date: Tue, 14 Nov 2023 13:33:14 +0100 Subject: initial commit --- .config/yadm/bootstrap | 1 + .config/yadm/bootstrap##distro.Ubuntu | 29 ++++++++++++++ .local/bin/docker-compose-update | 4 ++ .local/bin/docker-compose-update-all | 23 +++++++++++ .local/bin/update | 13 ++++++ Applications/Services/traefik/.env.example | 6 +++ Applications/Services/traefik/docker-compose.yml | 50 ++++++++++++++++++++++++ 7 files changed, 126 insertions(+) create mode 120000 .config/yadm/bootstrap create mode 100644 .config/yadm/bootstrap##distro.Ubuntu create mode 100755 .local/bin/docker-compose-update create mode 100755 .local/bin/docker-compose-update-all create mode 100755 .local/bin/update create mode 100644 Applications/Services/traefik/.env.example create mode 100644 Applications/Services/traefik/docker-compose.yml diff --git a/.config/yadm/bootstrap b/.config/yadm/bootstrap new file mode 120000 index 0000000..c57c56e --- /dev/null +++ b/.config/yadm/bootstrap @@ -0,0 +1 @@ +bootstrap##distro.Ubuntu \ No newline at end of file diff --git a/.config/yadm/bootstrap##distro.Ubuntu b/.config/yadm/bootstrap##distro.Ubuntu new file mode 100644 index 0000000..6ff7558 --- /dev/null +++ b/.config/yadm/bootstrap##distro.Ubuntu @@ -0,0 +1,29 @@ +#!/bin/bash + +sudo apt update +sudo apt install -y \ + zsh neovim man-db + +chsh -s /bin/zsh + + +# docker +sudo apt install -y \ + ca-certificates curl gnupg + +sudo install -m 0775 -d /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +sudo chmod a+r /etc/apt/keyrings/docker.gpg + +echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + +sudo apt update +sudo apt install -y \ + docker-ce docker-compose + +usermod -a -G docker $(whoami) +sudo service docker enable +sudo service docker start diff --git a/.local/bin/docker-compose-update b/.local/bin/docker-compose-update new file mode 100755 index 0000000..ba76da1 --- /dev/null +++ b/.local/bin/docker-compose-update @@ -0,0 +1,4 @@ +docker compose down +docker compose build +docker compose pull +docker compose up -d $@ diff --git a/.local/bin/docker-compose-update-all b/.local/bin/docker-compose-update-all new file mode 100755 index 0000000..99db85f --- /dev/null +++ b/.local/bin/docker-compose-update-all @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 + +import sys, os +import subprocess + + +process_docker_ps = subprocess.run(['docker', 'ps', '-q'], stdout=subprocess.PIPE) + +container_ids = process_docker_ps.stdout.decode('utf-8').split('\n') + +docker_compose_project_paths = [] +for id in container_ids: + if id: + process_docker_inspect = subprocess.run(['docker', 'inspect', '--format', '{{ index .Config.Labels "com.docker.compose.project.working_dir" }}', id], stdout=subprocess.PIPE) + docker_compose_project_paths.append(process_docker_inspect.stdout.decode('utf-8').strip()) + +docker_compose_project_paths = set(docker_compose_project_paths) + +for path in docker_compose_project_paths: + subprocess.run(['docker', 'compose', 'down'], cwd=path) + subprocess.run(['docker', 'compose', 'build'], cwd=path) + subprocess.run(['docker', 'compose', 'pull'], cwd=path) + subprocess.Popen(['docker', 'compose', 'up', '-d'], cwd=path) diff --git a/.local/bin/update b/.local/bin/update new file mode 100755 index 0000000..3fc5067 --- /dev/null +++ b/.local/bin/update @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys, os +import subprocess + + +# apt +subprocess.run(["sudo", "apt", "update"]) +subprocess.run(["sudo", "apt", "upgrade", "-y"]) + + +# docker +subprocess.run(["docker-compose-update-all"]) diff --git a/Applications/Services/traefik/.env.example b/Applications/Services/traefik/.env.example new file mode 100644 index 0000000..f68b9ba --- /dev/null +++ b/Applications/Services/traefik/.env.example @@ -0,0 +1,6 @@ +DOMAIN=traefik.example.org +ADMIN_USER=admin +ADMIN_PASSWORD=123456 +LETSENCRYPT_EMAIL=le@example.org +VOLUME_LETSENCRYPT=traefik-letsencrypt +NETWORK=traefik-public diff --git a/Applications/Services/traefik/docker-compose.yml b/Applications/Services/traefik/docker-compose.yml new file mode 100644 index 0000000..9a04d83 --- /dev/null +++ b/Applications/Services/traefik/docker-compose.yml @@ -0,0 +1,50 @@ +version: "3" + +services: + traefik: + image: traefik + container_name: "traefik" + restart: always + command: + #- "--log.level=DEBUG" + - "--api.insecure=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" + ports: + - "80:80" + - "443:443" + labels: + - "traefik.enable=true" + # Dashboard + - "traefik.http.services.traefik.loadbalancer.server.port=8080" + - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" + # Dashboard Auth + - "traefik.http.routers.traefik.middlewares=dashboardauth" + - "traefik.http.middlewares.dashboardauth.basicauth.users=${ADMIN_USER}:${ADMIN_PASSWORD}" + # HTTPS redirect + - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.entrypoints=web" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "traefik-letsencrypt:/letsencrypt" + networks: + - traefik + +volumes: + traefik-letsencrypt: + name: "${VOLUME_LETSENCRYPT}" + +networks: + traefik: + name: "${NETWORK}" + external: true -- cgit v1.2.3