From 4af806bebd505cea3f3799614cad4ff4429bf262 Mon Sep 17 00:00:00 2001 From: Asara Date: Fri, 8 Jan 2021 15:05:13 -0500 Subject: [PATCH] Add freshrss to docker+nomad --- docker/freshrss/Dockerfile | 10 +++ docker/freshrss/files/MaskedName_Root_CA.crt | 43 +++++++++ nomad/freshrss/files/config.php.tpl | 49 +++++++++++ nomad/freshrss/freshrss.nomad | 87 +++++++++++++++++++ nomad/{ => jenkins}/jenkins.nomad | 0 ...mad-server-policy.hcl => nomad-server.hcl} | 0 6 files changed, 189 insertions(+) create mode 100644 docker/freshrss/Dockerfile create mode 100755 docker/freshrss/files/MaskedName_Root_CA.crt create mode 100644 nomad/freshrss/files/config.php.tpl create mode 100644 nomad/freshrss/freshrss.nomad rename nomad/{ => jenkins}/jenkins.nomad (100%) rename vault/policies/{nomad-server-policy.hcl => nomad-server.hcl} (100%) diff --git a/docker/freshrss/Dockerfile b/docker/freshrss/Dockerfile new file mode 100644 index 0000000..3686783 --- /dev/null +++ b/docker/freshrss/Dockerfile @@ -0,0 +1,10 @@ +FROM freshrss/freshrss:alpine + +# add ca-certificates package +RUN apk add --no-cache ca-certificates + +# Copy masked.name root cert +COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt + +# update ca certs +RUN update-ca-certificates 2>/dev/null diff --git a/docker/freshrss/files/MaskedName_Root_CA.crt b/docker/freshrss/files/MaskedName_Root_CA.crt new file mode 100755 index 0000000..31f76a9 --- /dev/null +++ b/docker/freshrss/files/MaskedName_Root_CA.crt @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw +ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf +lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf +97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy +RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV +7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb +lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp +URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG +A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE +W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J +NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo +PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp +RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa +Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su +KibGel+gFPpq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw +ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg +QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As +ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj +UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk +d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR +jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg +fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO +nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw +FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF +BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w +a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i +aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL +BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs +dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM +APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9 +4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79 +hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV +KokuDezJFM7ie3d+EcBk1V9lHwOWdto= +-----END CERTIFICATE----- diff --git a/nomad/freshrss/files/config.php.tpl b/nomad/freshrss/files/config.php.tpl new file mode 100644 index 0000000..302d168 --- /dev/null +++ b/nomad/freshrss/files/config.php.tpl @@ -0,0 +1,49 @@ + 'production', + 'salt' => '{{ freshrss_salt }}', + 'base_url' => 'http://192.168.122.71/FreshRSS', + 'auto_update_url' => 'https://update.freshrss.org', + 'language' => 'en', + 'title' => 'RSS - Minhas.io', + 'meta_description' => '', + 'default_user' => 'asara', + 'allow_anonymous' => false, + 'allow_anonymous_refresh' => false, + 'auth_type' => 'form', + 'api_enabled' => true, + 'unsafe_autologin_enabled' => false, + 'simplepie_syslog_enabled' => true, + 'pubsubhubbub_enabled' => true, + 'allow_robots' => false, + 'allow_referrer' => false, + 'limits' => + array ( + 'cookie_duration' => 2592000, + 'cache_duration' => 800, + 'timeout' => 15, + 'max_inactivity' => 9223372036854775807, + 'max_feeds' => 16384, + 'max_categories' => 16384, + 'max_registrations' => 1, + ), + 'curl_options' => + array ( + ), + 'db' => + array ( + 'type' => 'pgsql', + 'host' => '192.168.122.101', + 'user' => 'freshrss', + 'password' => '{{ freshrss_db_pw }}', + 'base' => 'freshrss', + 'prefix' => 'freshrss_', + 'pdo_options' => + array ( + ), + ), + 'extensions_enabled' => + array ( + ), + 'disable_update' => false, +); diff --git a/nomad/freshrss/freshrss.nomad b/nomad/freshrss/freshrss.nomad new file mode 100644 index 0000000..b678ea9 --- /dev/null +++ b/nomad/freshrss/freshrss.nomad @@ -0,0 +1,87 @@ +job "freshrss" { + datacenters = ["columbia"] + region = "global" + type = "service" + + update { + stagger = "30s" + max_parallel = 1 + } + + group "freshrss" { + count = 1 + + task "freshrss" { + vault { + policies = ["default", "ansible"] + change_mode = "restart" + } + driver = "docker" + config { + image = "docker.service.masked.name:8082/freshrss" + ports = ["http"] + volumes = [ + "/mnt/raid/rss:/var/www/FreshRSS/data" + ] + } + + service { + name = "freshrss" + port = "http" + + check { + name = "freshrss" + type = "tcp" + interval = "10s" + timeout = "2s" + address_mode = "driver" + } + } + + template { + data = <