Initial commit
This commit is contained in:
commit
84bb7e33c8
14 changed files with 165 additions and 0 deletions
3
container-config/act-runner/config.yaml
Normal file
3
container-config/act-runner/config.yaml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
container:
|
||||||
|
docker_host: '-'
|
||||||
|
options: --oom-score-adj=200
|
5
container-config/nginx/mime.types
Normal file
5
container-config/nginx/mime.types
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
types {
|
||||||
|
application/javascript js;
|
||||||
|
text/css css;
|
||||||
|
text/html html;
|
||||||
|
}
|
38
container-config/nginx/nginx.conf
Normal file
38
container-config/nginx/nginx.conf
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
pid /tmp/nginx.pid;
|
||||||
|
|
||||||
|
http {
|
||||||
|
resolver 172.16.0.1;
|
||||||
|
types_hash_max_size 4096;
|
||||||
|
ssl_certificate /etc/certificates/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/certificates/privkey.pem;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
charset utf-8;
|
||||||
|
http2 on;
|
||||||
|
gzip on;
|
||||||
|
include mime.types;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
tcp_nopush on;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
client_max_body_size 100M;
|
||||||
|
proxy_read_timeout 600;
|
||||||
|
proxy_send_timeout 600;
|
||||||
|
include sites/*;
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 443 ssl default_server;
|
||||||
|
listen [::]:443 ssl default_server;
|
||||||
|
location / {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
62
container-config/nginx/sites/kelder.zeus.ugent.be.conf
Normal file
62
container-config/nginx/sites/kelder.zeus.ugent.be.conf
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
# kelder.zeus.ugent.be irc.zeus.ugent.be zeusgw.ugent.be endymion.ugent.be
|
||||||
|
# all point to here
|
||||||
|
server_name kelder.zeus.ugent.be zeusgw.ugent.be;
|
||||||
|
|
||||||
|
#############
|
||||||
|
# LOCATIONS #
|
||||||
|
#############
|
||||||
|
|
||||||
|
rewrite ^/$ https://zeus.ugent.be/ permanent;
|
||||||
|
|
||||||
|
# This uses https://github.com/vvidic/mjpeg-proxy to proxy MJPG cameras so only one stream
|
||||||
|
# per camera is opened
|
||||||
|
location ~ ^/camera/(.*)$ {
|
||||||
|
proxy_pass http://systemd-mjpeg-proxy.:8080/$1$is_args$args;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /webcam/cgi/ptdc.cgi {
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
try_files /tmp/freeze_camera @cammie_movement;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @cammie_movement {
|
||||||
|
# Cammie movement commands
|
||||||
|
proxy_pass http://10.0.0.7/cgi/ptdc.cgi$is_args$args;
|
||||||
|
expires off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Slotmachien
|
||||||
|
location /lockbot {
|
||||||
|
proxy_pass http://10.0.1.5/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /fingerprint {
|
||||||
|
proxy_pass http://10.0.1.15/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /messages {
|
||||||
|
proxy_pass http://10.0.0.11:5000/messages;
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'X-Username';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /kelderapi/ {
|
||||||
|
proxy_pass http://10.0.0.8:5000/kelderapi/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /socket.io/ {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://10.0.0.11:5000/socket.io/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
3
setup-tolkien.sh
Normal file
3
setup-tolkien.sh
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
cp -R tolkien/* /
|
2
tolkien/etc/containers/containers.conf
Normal file
2
tolkien/etc/containers/containers.conf
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
[network]
|
||||||
|
default_subnet_pools = [{base = "172.16.0.0/24", size = 24}]
|
7
tolkien/etc/containers/systemd/mjpeg-proxy.container
Normal file
7
tolkien/etc/containers/systemd/mjpeg-proxy.container
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
[Container]
|
||||||
|
Image=git.zeus.gent/sysadmin/mjpeg-proxy
|
||||||
|
Network=nginx.network
|
||||||
|
UserNS=auto
|
||||||
|
AutoUpdate=registry
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
14
tolkien/etc/containers/systemd/nginx.container
Normal file
14
tolkien/etc/containers/systemd/nginx.container
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
[Container]
|
||||||
|
Image=cgr.dev/chainguard/nginx:latest-dev
|
||||||
|
UserNS=auto
|
||||||
|
Network=nginx.network
|
||||||
|
Volume=/var/lib/configs/container-config/nginx:/etc/nginx:z,ro
|
||||||
|
Volume=/etc/certificates/private:/etc/certificates:z,ro
|
||||||
|
PublishPort=80:80
|
||||||
|
PublishPort=[::]:80:80
|
||||||
|
PublishPort=443:443
|
||||||
|
PublishPort=[::]:443:443
|
||||||
|
Sysctl=net.ipv4.ip_unprivileged_port_start=80
|
||||||
|
AutoUpdate=registry
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
3
tolkien/etc/containers/systemd/nginx.network
Normal file
3
tolkien/etc/containers/systemd/nginx.network
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
[Network]
|
||||||
|
IPv6=true
|
||||||
|
Options=isolate=true
|
|
@ -0,0 +1,17 @@
|
||||||
|
[Unit]
|
||||||
|
Requires=podman-container.service
|
||||||
|
After=podman-container.service
|
||||||
|
[Container]
|
||||||
|
Image=docker.io/gitea/act_runner
|
||||||
|
LogDriver=none
|
||||||
|
Volume=podman.volume:/run/podman:z
|
||||||
|
Volume=/var/lib/configs/container-config/act-runner:/etc/act-runner:O
|
||||||
|
Volume=act-runner.volume:/data:U,Z
|
||||||
|
Environment=CONFIG_FILE=/etc/act-runner/config.yaml
|
||||||
|
Environment=GITEA_INSTANCE_URL=https://git.zeus.gent
|
||||||
|
Environment=GITEA_RUNNER_NAME=home
|
||||||
|
Environment=GITEA_RUNNER_LABELS=debian-12:docker://node:bookworm
|
||||||
|
Secret=GITEA_RUNNER_REGISTRATION_TOKEN,type=env
|
||||||
|
AutoUpdate=registry
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Container]
|
||||||
|
Image=quay.io/containers/podman
|
||||||
|
Unmask=/proc/*
|
||||||
|
SecurityLabelDisable=true
|
||||||
|
User=1000
|
||||||
|
AddDevice=/dev/net/tun
|
||||||
|
Exec=podman system service -t0 unix:///run/podman/podman.sock
|
||||||
|
Volume=podman.volume:/run/podman:U,z
|
||||||
|
AutoUpdate=registry
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
0
tolkien/etc/containers/systemd/users/1500/podman.volume
Normal file
0
tolkien/etc/containers/systemd/users/1500/podman.volume
Normal file
0
tolkien/var/lib/systemd/linger/act-runner
Normal file
0
tolkien/var/lib/systemd/linger/act-runner
Normal file
Loading…
Reference in a new issue