sysadmin/configs
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Mathieu Strypsteen 2023-11-22 21:12:36 +01:00
commit 84bb7e33c8
14 changed files with 165 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
container-config/act-runner/config.yaml Normal file
View file

@ -0,0 +1,3 @@
container:
docker_host: '-'
options: --oom-score-adj=200

5
container-config/nginx/mime.types Normal file
View file

@ -0,0 +1,5 @@
types {
application/javascript js;
text/css css;
text/html html;
}

38
container-config/nginx/nginx.conf Normal file
View file

@ -0,0 +1,38 @@
pid /tmp/nginx.pid;
http {
resolver 172.16.0.1;
types_hash_max_size 4096;
ssl_certificate /etc/certificates/fullchain.pem;
ssl_certificate_key /etc/certificates/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
charset utf-8;
http2 on;
gzip on;
include mime.types;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 100M;
proxy_read_timeout 600;
proxy_send_timeout 600;
include sites/*;
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
location / {
return 404;
}
}
}
events {
worker_connections 1024;
}

62
container-config/nginx/sites/kelder.zeus.ugent.be.conf Normal file
View file

@ -0,0 +1,62 @@
server {
listen 443 ssl;
# kelder.zeus.ugent.be irc.zeus.ugent.be zeusgw.ugent.be endymion.ugent.be
# all point to here
server_name kelder.zeus.ugent.be zeusgw.ugent.be;
#############
# LOCATIONS #
#############
rewrite ^/$ https://zeus.ugent.be/ permanent;
# This uses https://github.com/vvidic/mjpeg-proxy to proxy MJPG cameras so only one stream
# per camera is opened
location ~ ^/camera/(.*)$ {
proxy_pass http://systemd-mjpeg-proxy.:8080/$1$is_args$args;
}
location /webcam/cgi/ptdc.cgi {
add_header 'Access-Control-Allow-Origin' '*';
try_files /tmp/freeze_camera @cammie_movement;
}
location @cammie_movement {
# Cammie movement commands
proxy_pass http://10.0.0.7/cgi/ptdc.cgi$is_args$args;
expires off;
}
# Slotmachien
location /lockbot {
proxy_pass http://10.0.1.5/;
}
location /fingerprint {
proxy_pass http://10.0.1.15/;
}
location /messages {
proxy_pass http://10.0.0.11:5000/messages;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'X-Username';
}
location /kelderapi/ {
proxy_pass http://10.0.0.8:5000/kelderapi/;
}
location /socket.io/ {
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_pass http://10.0.0.11:5000/socket.io/;
}
}

3
setup-tolkien.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/sh
set -e
cp -R tolkien/* /

2
tolkien/etc/containers/containers.conf Normal file
View file

@ -0,0 +1,2 @@
[network]
default_subnet_pools = [{base = "172.16.0.0/24", size = 24}]

7
tolkien/etc/containers/systemd/mjpeg-proxy.container Normal file
View file

@ -0,0 +1,7 @@
[Container]
Image=git.zeus.gent/sysadmin/mjpeg-proxy
Network=nginx.network
UserNS=auto
AutoUpdate=registry
[Install]
WantedBy=multi-user.target

14
tolkien/etc/containers/systemd/nginx.container Normal file
View file

@ -0,0 +1,14 @@
[Container]
Image=cgr.dev/chainguard/nginx:latest-dev
UserNS=auto
Network=nginx.network
Volume=/var/lib/configs/container-config/nginx:/etc/nginx:z,ro
Volume=/etc/certificates/private:/etc/certificates:z,ro
PublishPort=80:80
PublishPort=[::]:80:80
PublishPort=443:443
PublishPort=[::]:443:443
Sysctl=net.ipv4.ip_unprivileged_port_start=80
AutoUpdate=registry
[Install]
WantedBy=multi-user.target

3
tolkien/etc/containers/systemd/nginx.network Normal file
View file

@ -0,0 +1,3 @@
[Network]
IPv6=true
Options=isolate=true

17
tolkien/etc/containers/systemd/users/1500/act-runner.container Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Requires=podman-container.service
After=podman-container.service
[Container]
Image=docker.io/gitea/act_runner
LogDriver=none
Volume=podman.volume:/run/podman:z
Volume=/var/lib/configs/container-config/act-runner:/etc/act-runner:O
Volume=act-runner.volume:/data:U,Z
Environment=CONFIG_FILE=/etc/act-runner/config.yaml
Environment=GITEA_INSTANCE_URL=https://git.zeus.gent
Environment=GITEA_RUNNER_NAME=home
Environment=GITEA_RUNNER_LABELS=debian-12:docker://node:bookworm
Secret=GITEA_RUNNER_REGISTRATION_TOKEN,type=env
AutoUpdate=registry
[Install]
WantedBy=default.target

0
tolkien/etc/containers/systemd/users/1500/act-runner.volume Normal file
View file

11
tolkien/etc/containers/systemd/users/1500/podman-container.container Normal file
View file

@ -0,0 +1,11 @@
[Container]
Image=quay.io/containers/podman
Unmask=/proc/*
SecurityLabelDisable=true
User=1000
AddDevice=/dev/net/tun
Exec=podman system service -t0 unix:///run/podman/podman.sock
Volume=podman.volume:/run/podman:U,z
AutoUpdate=registry
[Install]
WantedBy=default.target

0
tolkien/etc/containers/systemd/users/1500/podman.volume Normal file
View file

0
tolkien/var/lib/systemd/linger/act-runner Normal file
View file