Initial commit
This commit is contained in:
commit
84bb7e33c8
14 changed files with 165 additions and 0 deletions
3
container-config/act-runner/config.yaml
Normal file
3
container-config/act-runner/config.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
container:
|
||||
docker_host: '-'
|
||||
options: --oom-score-adj=200
|
5
container-config/nginx/mime.types
Normal file
5
container-config/nginx/mime.types
Normal file
|
@ -0,0 +1,5 @@
|
|||
types {
|
||||
application/javascript js;
|
||||
text/css css;
|
||||
text/html html;
|
||||
}
|
38
container-config/nginx/nginx.conf
Normal file
38
container-config/nginx/nginx.conf
Normal file
|
@ -0,0 +1,38 @@
|
|||
pid /tmp/nginx.pid;
|
||||
|
||||
http {
|
||||
resolver 172.16.0.1;
|
||||
types_hash_max_size 4096;
|
||||
ssl_certificate /etc/certificates/fullchain.pem;
|
||||
ssl_certificate_key /etc/certificates/privkey.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
charset utf-8;
|
||||
http2 on;
|
||||
gzip on;
|
||||
include mime.types;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
tcp_nopush on;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
client_max_body_size 100M;
|
||||
proxy_read_timeout 600;
|
||||
proxy_send_timeout 600;
|
||||
include sites/*;
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
}
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
62
container-config/nginx/sites/kelder.zeus.ugent.be.conf
Normal file
62
container-config/nginx/sites/kelder.zeus.ugent.be.conf
Normal file
|
@ -0,0 +1,62 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
# kelder.zeus.ugent.be irc.zeus.ugent.be zeusgw.ugent.be endymion.ugent.be
|
||||
# all point to here
|
||||
server_name kelder.zeus.ugent.be zeusgw.ugent.be;
|
||||
|
||||
#############
|
||||
# LOCATIONS #
|
||||
#############
|
||||
|
||||
rewrite ^/$ https://zeus.ugent.be/ permanent;
|
||||
|
||||
# This uses https://github.com/vvidic/mjpeg-proxy to proxy MJPG cameras so only one stream
|
||||
# per camera is opened
|
||||
location ~ ^/camera/(.*)$ {
|
||||
proxy_pass http://systemd-mjpeg-proxy.:8080/$1$is_args$args;
|
||||
}
|
||||
|
||||
location /webcam/cgi/ptdc.cgi {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
try_files /tmp/freeze_camera @cammie_movement;
|
||||
}
|
||||
|
||||
location @cammie_movement {
|
||||
# Cammie movement commands
|
||||
proxy_pass http://10.0.0.7/cgi/ptdc.cgi$is_args$args;
|
||||
expires off;
|
||||
}
|
||||
|
||||
# Slotmachien
|
||||
location /lockbot {
|
||||
proxy_pass http://10.0.1.5/;
|
||||
}
|
||||
|
||||
location /fingerprint {
|
||||
proxy_pass http://10.0.1.15/;
|
||||
}
|
||||
|
||||
location /messages {
|
||||
proxy_pass http://10.0.0.11:5000/messages;
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Headers' 'X-Username';
|
||||
}
|
||||
|
||||
location /kelderapi/ {
|
||||
proxy_pass http://10.0.0.8:5000/kelderapi/;
|
||||
}
|
||||
|
||||
location /socket.io/ {
|
||||
proxy_redirect off;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://10.0.0.11:5000/socket.io/;
|
||||
}
|
||||
}
|
||||
|
3
setup-tolkien.sh
Normal file
3
setup-tolkien.sh
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
cp -R tolkien/* /
|
2
tolkien/etc/containers/containers.conf
Normal file
2
tolkien/etc/containers/containers.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
[network]
|
||||
default_subnet_pools = [{base = "172.16.0.0/24", size = 24}]
|
7
tolkien/etc/containers/systemd/mjpeg-proxy.container
Normal file
7
tolkien/etc/containers/systemd/mjpeg-proxy.container
Normal file
|
@ -0,0 +1,7 @@
|
|||
[Container]
|
||||
Image=git.zeus.gent/sysadmin/mjpeg-proxy
|
||||
Network=nginx.network
|
||||
UserNS=auto
|
||||
AutoUpdate=registry
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
14
tolkien/etc/containers/systemd/nginx.container
Normal file
14
tolkien/etc/containers/systemd/nginx.container
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Container]
|
||||
Image=cgr.dev/chainguard/nginx:latest-dev
|
||||
UserNS=auto
|
||||
Network=nginx.network
|
||||
Volume=/var/lib/configs/container-config/nginx:/etc/nginx:z,ro
|
||||
Volume=/etc/certificates/private:/etc/certificates:z,ro
|
||||
PublishPort=80:80
|
||||
PublishPort=[::]:80:80
|
||||
PublishPort=443:443
|
||||
PublishPort=[::]:443:443
|
||||
Sysctl=net.ipv4.ip_unprivileged_port_start=80
|
||||
AutoUpdate=registry
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
3
tolkien/etc/containers/systemd/nginx.network
Normal file
3
tolkien/etc/containers/systemd/nginx.network
Normal file
|
@ -0,0 +1,3 @@
|
|||
[Network]
|
||||
IPv6=true
|
||||
Options=isolate=true
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Requires=podman-container.service
|
||||
After=podman-container.service
|
||||
[Container]
|
||||
Image=docker.io/gitea/act_runner
|
||||
LogDriver=none
|
||||
Volume=podman.volume:/run/podman:z
|
||||
Volume=/var/lib/configs/container-config/act-runner:/etc/act-runner:O
|
||||
Volume=act-runner.volume:/data:U,Z
|
||||
Environment=CONFIG_FILE=/etc/act-runner/config.yaml
|
||||
Environment=GITEA_INSTANCE_URL=https://git.zeus.gent
|
||||
Environment=GITEA_RUNNER_NAME=home
|
||||
Environment=GITEA_RUNNER_LABELS=debian-12:docker://node:bookworm
|
||||
Secret=GITEA_RUNNER_REGISTRATION_TOKEN,type=env
|
||||
AutoUpdate=registry
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -0,0 +1,11 @@
|
|||
[Container]
|
||||
Image=quay.io/containers/podman
|
||||
Unmask=/proc/*
|
||||
SecurityLabelDisable=true
|
||||
User=1000
|
||||
AddDevice=/dev/net/tun
|
||||
Exec=podman system service -t0 unix:///run/podman/podman.sock
|
||||
Volume=podman.volume:/run/podman:U,z
|
||||
AutoUpdate=registry
|
||||
[Install]
|
||||
WantedBy=default.target
|
0
tolkien/etc/containers/systemd/users/1500/podman.volume
Normal file
0
tolkien/etc/containers/systemd/users/1500/podman.volume
Normal file
0
tolkien/var/lib/systemd/linger/act-runner
Normal file
0
tolkien/var/lib/systemd/linger/act-runner
Normal file
Loading…
Reference in a new issue