add radicale, update readme with some todos

Add broken wallabag, waiting for issues on git
Add gitea
2021-01-08 23:59:03 -05:00 · 2021-01-08 22:42:52 -05:00 · 2021-01-08 22:42:39 -05:00 · 2021-01-08 21:42:55 -05:00 · 2021-01-08 17:42:35 -05:00 · 2021-01-08 15:33:15 -05:00
16 changed files with 497 additions and 50 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,12 @@
 # infra
 Mah Infra
 ## Todo
 1. get a working wallabag instance
    https://github.com/wallabag/docker/issues/242
 2. fix up freshrss once this is addressed
    https://github.com/FreshRSS/FreshRSS/issues/3349
 3. Proper networking so i'm not manually updating nginx like a chump
 4. Fix up the user permissions and work towards rootless
--- a/ansible/inventory.txt
+++ b/ansible/inventory.txt
@ -25,3 +25,6 @@ ivyking.minhas.io
 [vault_server]
 ivyking.minhas.io
 sedan.minhas.io
 [wekan]
 sedan.minhas.io
--- a/ansible/playbooks/site.yml
+++ b/ansible/playbooks/site.yml
@ -6,4 +6,5 @@
 - import_playbook: nomad.yml
 - import_playbook: nexus.yml
 - import_playbook: lnd.yml
 - import_playbook: wekan.yml
 ...
--- a/ansible/playbooks/wekan.yml
+++ b/ansible/playbooks/wekan.yml
@ -0,0 +1,6 @@
 ---
 - hosts: wekan
  roles:
    - role: snapd
    - role: wekan
 ...
--- a/ansible/roles/snapd/tasks/main.yml
+++ b/ansible/roles/snapd/tasks/main.yml
@ -0,0 +1,6 @@
 ---
 - name: install snapd
  apt:
    name: snapd
    state: present
 ...
--- a/ansible/roles/wekan/tasks/main.yml
+++ b/ansible/roles/wekan/tasks/main.yml
@ -0,0 +1,5 @@
 ---
 - name: install wekan
  snap:
    name: wekan
    state: present
--- a/docker/gitea/Dockerfile
+++ b/docker/gitea/Dockerfile
@ -0,0 +1,10 @@
 FROM gitea/gitea:latest
 # add ca-certificates package
 RUN apk add --no-cache ca-certificates
 # Copy masked.name root cert
 COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
 # update ca certs
 RUN update-ca-certificates 2>/dev/null
--- a/docker/gitea/files/MaskedName_Root_CA.crt
+++ b/docker/gitea/files/MaskedName_Root_CA.crt
@ -0,0 +1,43 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
 ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
 lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
 97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
 RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
 7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
 lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
 URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
 A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
 W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
 NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
 PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
 RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
 Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
 KibGel+gFPpq
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
 ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
 QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
 ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
 UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
 d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
 jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
 fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
 nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
 BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
 FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
 BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
 a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
 aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
 BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
 dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
 APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
 4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
 hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
 KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
 -----END CERTIFICATE-----
--- a/docker/radicale/Dockerfile
+++ b/docker/radicale/Dockerfile
@ -0,0 +1,16 @@
 FROM alpine:edge
 RUN adduser --uid 1009 --system radicale && \
    addgroup --gid 1011 --system radicale && \
    apk update && \
    apk add --update --no-cache ca-certificates radicale
 # Copy masked.name root cert
 COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
 COPY files/logging /etc/radicale/logging
 # update ca certs
 RUN update-ca-certificates 2>/dev/null
 EXPOSE 5232
 CMD ["radicale"]
--- a/docker/radicale/files/MaskedName_Root_CA.crt
+++ b/docker/radicale/files/MaskedName_Root_CA.crt
@ -0,0 +1,43 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
 ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
 lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
 97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
 RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
 7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
 lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
 URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
 A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
 W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
 NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
 PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
 RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
 Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
 KibGel+gFPpq
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
 ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
 QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
 ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
 UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
 d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
 jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
 fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
 nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
 BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
 FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
 BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
 a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
 aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
 BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
 dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
 APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
 4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
 hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
 KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
 -----END CERTIFICATE-----
--- a/docker/wallabag/Dockerfile
+++ b/docker/wallabag/Dockerfile
@ -0,0 +1,10 @@
 FROM wallabag/wallabag:latest
 # add ca-certificates package
 RUN apk add --no-cache ca-certificates
 # Copy masked.name root cert
 COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
 # update ca certs
 RUN update-ca-certificates 2>/dev/null
--- a/docker/wallabag/files/MaskedName_Root_CA.crt
+++ b/docker/wallabag/files/MaskedName_Root_CA.crt
@ -0,0 +1,43 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
 ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
 lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
 97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
 RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
 7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
 lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
 URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
 A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
 W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
 NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
 PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
 RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
 Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
 KibGel+gFPpq
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
 ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
 QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
 ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
 UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
 d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
 jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
 fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
 nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
 BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
 FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
 BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
 a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
 aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
 BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
 dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
 APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
 4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
 hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
 KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
 -----END CERTIFICATE-----
--- a/nomad/freshrss/files/config.php.tpl
+++ b/nomad/freshrss/files/config.php.tpl
@ -1,49 +0,0 @@
 <?php
 return array (
  'environment' => 'production',
  'salt' => '{{ freshrss_salt }}',
  'base_url' => 'http://192.168.122.71/FreshRSS',
  'auto_update_url' => 'https://update.freshrss.org',
  'language' => 'en',
  'title' => 'RSS - Minhas.io',
  'meta_description' => '',
  'default_user' => 'asara',
  'allow_anonymous' => false,
  'allow_anonymous_refresh' => false,
  'auth_type' => 'form',
  'api_enabled' => true,
  'unsafe_autologin_enabled' => false,
  'simplepie_syslog_enabled' => true,
  'pubsubhubbub_enabled' => true,
  'allow_robots' => false,
  'allow_referrer' => false,
  'limits' => 
  array (
    'cookie_duration' => 2592000,
    'cache_duration' => 800,
    'timeout' => 15,
    'max_inactivity' => 9223372036854775807,
    'max_feeds' => 16384,
    'max_categories' => 16384,
    'max_registrations' => 1,
  ),
  'curl_options' => 
  array (
  ),
  'db' => 
  array (
    'type' => 'pgsql',
    'host' => '192.168.122.101',
    'user' => 'freshrss',
    'password' => '{{ freshrss_db_pw }}',
    'base' => 'freshrss',
    'prefix' => 'freshrss_',
    'pdo_options' => 
    array (
    ),
  ),
  'extensions_enabled' => 
  array (
  ),
  'disable_update' => false,
 );
--- a/nomad/gitea/gitea.nomad
+++ b/nomad/gitea/gitea.nomad
@ -0,0 +1,95 @@
 job "gitea" {
  datacenters = ["columbia"]
  region      = "global"
  type        = "service"
  update {
    stagger      = "30s"
    max_parallel = 1
  }
  group "gitea" {
    count = 1
    task "gitea" {
      vault {
        policies    = ["default", "ansible"]
        change_mode = "restart"
      }
      driver = "docker"
      config {
        image   = "docker.service.masked.name:8082/gitea"
        ports   = ["http"]
        volumes = [
            "/mnt/raid/gitea:/data"
        ]
      }
      service {
        name = "gitea"
        port = "http"
        check {
          name     = "gitea"
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
          address_mode = "driver"
        }
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=gitea.service.masked.name" "alt_names=gitea.service.columbia.masked.name" -}}
            {{- .Data.certificate -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/gitea.crt"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=gitea.service.masked.name" "alt_names=gitea.service.columbia.masked.name" -}}
            {{- .Data.private_key -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/gitea.key"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
          APP_NAME          = "gitea"
          ROOT_URL          = "https://git.minhas.io"
          LOCAL_ROOT_URL    = "http://localhost:3000"
          DOMAIN            = "git.minhas.io"
          DB_TYPE           = postgres
          DB_HOST           = ivyking.node.masked.name
          DB_NAME           = gogs
          DB_USER           = gogs
          DB_PASSWD         = "{{ with secret "kv/data/gitea" }}{{ .Data.data.db_pw }}{{ end }}"
          DISABLE_SSH       = true
          USER_UID          = 1008
          USER_GID          = 1010
          INSTALL_LOCK      = true
          SECRET_KEY        = "{{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}"
        EOH
        destination = "secrets/gitea.env"
        env         = true
      }
      resources {
        cpu    = 2000
        memory = 2560
      }
    }
    network {
      port "http" {
        to = 3000
       }
    }
  }
 }
--- a/nomad/radicale/radicale.nomad
+++ b/nomad/radicale/radicale.nomad
@ -0,0 +1,119 @@
 job "radicale" {
  datacenters = ["columbia"]
  region      = "global"
  type        = "service"
  update {
    stagger      = "30s"
    max_parallel = 1
  }
  group "radicale" {
    count = 1
    task "radicale" {
      vault {
        policies    = ["default", "ansible"]
        change_mode = "restart"
      }
      driver = "docker"
      config {
        image   = "docker.service.masked.name:8082/radicale"
        ports   = ["http"]
        volumes = [
            "/mnt/raid/radicale/collections:/collections"
        ]
      }
      service {
        name = "radicale"
        port = "http"
        check {
          name     = "radicale"
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
          address_mode = "driver"
        }
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=radicale.service.masked.name" "alt_names=radicale.service.columbia.masked.name" -}}
            {{- .Data.certificate -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/radicale.crt"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=radicale.service.masked.name" "alt_names=radicale.service.columbia.masked.name" -}}
            {{- .Data.private_key -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/radicale.key"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
 [server]
 hosts = 0.0.0.0:5232
 max_connections = 20
 max_content_length = 10000000
 timeout = 60
 ssl = False
 [encoding]
 request = utf-8
 stock = utf-8
 [auth]
 type = htpasswd
 htpasswd_filename = /secrets/users
 htpasswd_encryption = bcrypt
 delay = 1
 realm = Radicale - Password Required
 [storage]
 type = multifilesystem
 filesystem_folder = /collections
 [logging]
 mask_passwords = True
 [headers]
 Access-Control-Allow-Origin = *
 EOH
        destination = "local/config"
      }
      template {
        data = <<EOH
 amarpreet:{{ with secret "kv/data/radicale" }}{{ .Data.data.amarpreet }}{{ end }}
        EOH
        destination = "secrets/users"
      }
      env {
        RADICALE_CONFIG = "/local/config"
      }
      resources {
        cpu    = 2000
        memory = 2560
      }
    }
    network {
      port "http" {
        to = 5232
       }
    }
  }
 }
--- a/nomad/wallabag/wallabag.nomad
+++ b/nomad/wallabag/wallabag.nomad
@ -0,0 +1,87 @@
 job "wallabag" {
  datacenters = ["columbia"]
  region      = "global"
  type        = "service"
  update {
    stagger      = "30s"
    max_parallel = 1
  }
  group "wallabag" {
    count = 1
    task "wallabag" {
      vault {
        policies    = ["default", "ansible"]
        change_mode = "restart"
      }
      driver = "docker"
      config {
        image   = "docker.service.masked.name:8082/wallabag"
        ports   = ["http"]
      }
      service {
        name = "wallabag"
        port = "http"
        check {
          name     = "wallabag"
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
          address_mode = "driver"
        }
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=wallabag.service.masked.name" "alt_names=wallabag.service.columbia.masked.name" -}}
            {{- .Data.certificate -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/wallabag.crt"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=wallabag.service.masked.name" "alt_names=wallabag.service.columbia.masked.name" -}}
            {{- .Data.private_key -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/wallabag.key"
        change_mode   = "restart"
      }
      template {
        data = <<EOH
          POSTGRES_USER                   = wallabag
          POSTGRES_PASSWORD               = "{{ with secret "kv/data/wallabag" }}{{ .Data.data.db_pw }}{{ end }}"
          SYMFONY__ENV__DATABASE_DRIVER   = pdo_pgsql
          SYMFONY__ENV__DATABASE_HOST     = ivyking.node.masked.name
          SYMFONY__ENV__DATABASE_PORT     = 5432
          SYMFONY__ENV__DATABASE_NAME     = wallabag
          SYMFONY__ENV__DATABASE_USER     = wallabag
          SYMFONY__ENV__DATABASE_PASSWORD = "{{ with secret "kv/data/wallabag" }}{{ .Data.data.db_pw }}{{ end }}"
          SYMFONY__ENV__DOMAIN_NAME       = "https://wallabag.minhas.io"
        EOH
        destination = "secrets/wallabag.env"
        env         = true
      }
      resources {
        cpu    = 2000
        memory = 2560
      }
    }
    network {
      port "http" {
        to = 80
       }
    }
  }
 }
Author	SHA1	Message	Date
Asara	4e292cc6fa	add radicale, update readme with some todos	2021-01-08 23:59:03 -05:00
Asara	8e8362cf0b	Add broken wallabag, waiting for issues on git	2021-01-08 22:42:52 -05:00
Asara	cd6e1d15d1	Add gitea	2021-01-08 22:42:39 -05:00
Asara	d5cd27021b	Docker and wallabag dockerfiles	2021-01-08 21:42:55 -05:00
Asara	7f1cbb3cb6	Remove unnecessary file	2021-01-08 17:42:35 -05:00
Asara	bfd7fff0d5	Add wekan as a snap package since its not supported under alpine currently	2021-01-08 15:33:15 -05:00