Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lupa/compose.libre.sh
  • libre.sh/compose.libre.sh
  • ecobytes/compose.libre.sh
  • jordan.mitchell/compose.libre.sh
  • timothee/compose.libre.sh
5 results
Show changes
Commits on Source (202)
102 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 484 additions and 638 deletions
.gitignore
View file @ 408b8f91
.vagrant
docker-haproxy-confd
*.swp
CHANGELOG.md
View file @ 408b8f91
# 1.2.0
* Add app admin email as argument in provision #189
* Handle git branches when provisioning #174
* REPO mode to retrieve application recipe #187
# 0.3.0
* adds automation script for user provisionning
......
INSTALL.cloud.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh
## Recommendation
- you'd need API key on Namecheap (if you want to automatically buy and configure domain name)
## Installation
These instructions depend a bit on your cloud provider.
### [Digital Ocean](https://m.do.co/c/1b468ce0671f)
1. Install [doctl](https://github.com/digitalocean/doctl/)
2. Issue the following command:
```
doctl compute droplet create libre.sh --user-data-file ./user_data --wait --ssh-keys $KEY_ID --size 1gb --region lon1 --image coreos-stable
```
### Provider with user_data support
If you use a cloud provider that support `user_data`, like [Scaleway](http://scaleway.com/), just use [this user_data](https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data).
### Hetzner
You can also buy a baremetal at [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around. Follow these [instructions](INSTALL_HETZNER.md) in this case.
### Provider without user_data support
Use boot a live cd, and issue that command:
```
wget https://raw.github.com/coreos/init/master/bin/coreos-install
bash coreos-install -d /dev/sda -c user_data
```
And voila, your first libre.sh node is ready!
INSTALL_HETZNER.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh
## Recommendation
- ssd on /dev/sda
- hdd on /dev/sdb
- hdd on /dev/sdc
- API key on Namecheap (if you want to automatically buy domain name)
# Installation
First, you need a server.
We recommend [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around.
You can filter servers with ssd.
These instructions can also work on any VM/VPS/Hardware.
## Install the system
```
IP=
ssh -o "StrictHostKeyChecking no" root@$IP
hostname=
ssh_public_key=""
fdisk -l #find your ssd
# Setup raid
cat > /etc/mdadm.conf << EOF
MAILADDR dev@null.org
EOF
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sdb /dev/sdc
mkfs.ext4 /dev/md0
cat > cloud-config.tmp << EOF
#cloud-config
hostname: "$hostname"
ssh_authorized_keys:
- $ssh_public_key
EOF
apt-get install gawk
wget https://raw.github.com/coreos/init/master/bin/coreos-install
bash coreos-install -d /dev/sda -c cloud-config.tmp
reboot
```
```
ssh core@$IP
#configure mdmonitor.
sudo su -
mdadm --examine --scan > /etc/mdadm.conf
vim /etc/mdadm.conf
#ADD your mail
MAILADDR xxx@xxx.org
# Start service
systemctl start mdmonitor.service
cat > /etc/systemd/system/data.mount << EOF
[Mount]
What=/dev/md0
Where=/data
Type=ext4
EOF
wget https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data -O /var/lib/coreos-install/user_data
coreos-cloudinit /var/lib/coreos-install/user_data
INSTALL_LINUX.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh on linux with Systemd
## Recommendation
- Systemd distro (ubuntu server 18.04.3 or debian 9 )
# Installation
Where basicly reproduce what the user_data do for us.
as root
# configure sshd (Optional)
Don't forget to create the user core and adding your ssh key before
You could also remove AllowUsers core or/and change the username.
```
cat > /etc/ssh/sshd_config <<EOF
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no
EOF
chmod 600 /etc/ssh/sshd_config
systemctl restart sshd
```
# add kernel parameter (optional but recommended )
```
cat > /etc/sysctl.d/libresh.conf <<EOF
fs.aio-max-nr=1048576
vm.max_map_count=262144
vm.overcommit_memory=1
EOF
chmod 644 /etc/sysctl.d/libresh.conf
sysctl -p /etc/sysctl.d/libresh.conf
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```
# define Localhost (should not be needed but... )
```
cat > /etc/hosts <<EOF
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
EOF
```
# define envrionment
```
cat > /etc/environment <<EOF
NAMECHEAP_URL="namecheap.com"
NAMECHEAP_API_USER="pierreo"
NAMECHEAP_API_KEY=
IP="curl -s http://icanhazip.com/"
FirstName="Pierre"
LastName="Ozoux"
Address=""
PostalCode=""
Country="Portugal"
Phone="+351.967184553"
EmailAddress="pierre@ozoux.net"
City="Lisbon"
CountryCode="PT"
BACKUP_DESTINATION=root@xxxxx:port
MAIL_USER=
MAIL_PASS=
MAIL_HOST=mail.indie.host
MAIL_PORT=587
EOF
```
# install docker
*Current tested version : 19.03.5 see https://docs.docker.com/install/linux/docker-ce/ubuntu/ .*
# install docker-compose
*Remark I did a variante to find the last version of DockerCompose and download it*
```
mkdir -p /opt/bin &&\
dockerComposeVersion=$(curl -s https://api.github.com/repos/docker/compose/releases/latest|grep tag_name|cut -d'"' -f4) &&\
curl -L https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose &&\
chmod +x /opt/bin/docker-compose
```
# install Libre.sh
```
git clone https://lab.libreho.st/libre.sh/compose.libre.sh /libre.sh &&\
mkdir -p /{data,system} &&\
mkdir -p /data/trash &&\
cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
systemctl enable web-net.service &&\
systemctl start web-net.service &&\
mkdir -p /opt/bin &&\
cp /libre.sh/utils/* /opt/bin/
```
# add /opt/bin path
```
cat > /etc/profile.d/libre.sh <<EOF
export PATH=$PATH:/opt/bin
EOF
chmod 644 /etc/profile.d/libre.sh
```
README.md
View file @ 408b8f91
## IndieHosters
# libre.sh Version 1.2
[![Backers on Open Collective](https://opencollective.com/libresh/backers/badge.svg)](#backers)
[![Sponsors on Open Collective](https://opencollective.com/libresh/sponsors/badge.svg)](#sponsors)
This repository contains the configuration and scripts I use to control my servers.
## Introduction
### Tests
An ecosystem to ease free software hosting \o/
There is a script that provision 2 VMs on Vutlr for tests purpose.
We are working on bootstrapping an ecosystem of tools to facilitate the hosting of free software.
Think of it as
- [ISPconfig](https://www.ispconfig.org/)
- FLOSS [cpanel](https://www.cpanel.net/products/)
- [cloudron](https://cloudron.io/) with email
#### Prerequisites
- have a [vultr account](http://www.vultr.com/?ref=6810586)
- have a [VULTR API KEY](https://my.vultr.com/settings/)
- have the [port 25 open](https://www.vultr.com/docs/what-ports-are-blocked) (if you want to test emails)
- have an [ssh key registered](https://my.vultr.com/sshkeys/)
* Libre.sh V1 (Stable) is using docker-compose
* Libre.sh V2 (Alpha) is using [kubernetes](https://kubernetes.io/).
#### Start tests
/!\ This is still in dev, use it at your own risk /!\
This ecosystem can be deployed on [Raspberries](https://kubecloud.io/setting-up-a-kubernetes-1-11-raspberry-pi-cluster-using-kubeadm-952bbda329c8) or on popular cloud providers and scale globally or anything in between.
We can affirm that V2 scales globally because it is based on kubernetes, a tool developped from the experience of Google hosting containers at scale.
## Installation
To install it, follow the instructions in `INSTALL_LINUX.md` : https://lab.libreho.st/libre.sh/compose.libre.sh/blob/master/INSTALL_LINUX.md
Or run our installer script
https://lab.libreho.st/libre.sh/compose.libre.sh/raw/master/install.linux.sh
### What is libre.sh
libre.sh is a little framework to host Docker. It is simple and modular and respect the convention over configuration paradigm.
This is aimed at Hosters to manage a huge amount of different web application, and a quantity of domain names related with emails and so on.
It is currently installed at 3 different hosters in production and hosting ~20 different web applications, with ~500 containers.
Once well installed, in one bash command, you'll be able to:
- buy a domain name
- configure DNS for it
- configure email for it
- configure dkim for that domain
- configure dmarc for that domain
- configure autoconfig for that domain
- install and start a web application on that domain (WordPress, Nextcloud, piwik...)
- provision a TLS cert on that domain
Amazing, right?
### Modular
The PaaS is really modular, that's why it contains the strict necessary, then you'll probably want to add `system` modules or `applications`.
It contains 2 [unit-files](https://lab.libreho.st/libre.sh/compose.libre.sh/tree/master/unit-files) to manage system modules and applications, start them at boot, and load the appropriate environment.
### Support
You can use the following channels to request community support:
- [mailinglist/forum](https://forum.indie.host/t/about-the-libre-sh-category/71)
- [chat](https://chat.indie.host/channel/libre.sh)
For paid support, just send an inquiry to support@libre.sh.
You can also watch the Fosdem Video : [Video Fosdem](https://fosdem.org/2017/schedule/event/libre_sh/)
All of this is hosted by libre.sh :)
## System modules
Here is a list of modules supported:
- https proxy:
- [HAProxy](https://lab.libreho.st/libre.sh/compose/haproxy)
- [Nginx](https://lab.libreho.st/libre.sh/compose/nginx)
- [monitoring](https://lab.libreho.st/libre.sh/compose/monitoring)
- [git-puller](https://lab.libreho.st/libre.sh/compose/git-puller)
Go to their respective page for more details.
### To install and start a module:
```
cd /system/
git clone https://lab.libreho.st/libre.sh/compose/[module]
cd module
libre enable
libre start
```
## Applications
### List of supported applications
| Application | Latest Version | Comments |
|--------------|---------------------------|------------|
| wordpress | 5.9 | Includes the support of SMTP email though libresh variables |
| dolibarr | 15.0.3 | need manual deletion of the install.lock to upgrade |
### Installation
To install application `wordpress` on `example.org`, first make point example.org to your server IP, and then, just run:
```
libre provision -a wordpress -u example.org -s
```
- -u [arg] URL to process. Required.
- -a [arg] Application to install. (wordpress in REPO_MODE)
- -t [arg] Checkout a specific tag or branch from the application repo. default to master
- -e [arg] Specify the email of the application admin
- -s Start the application right away.
- -b Buys the associated domain name.
- -i Configure OpenDKIM.
- -c Configures DNS if possible.
## To debug a module or an application:
```
export VULTR_API_KEY=
./scripts/start.sh
ssh root@server.test
cd /data/indiehosters
./tests/start.sh
./tests/email.sh
reboot
ssh root@server.test
./tests/stop.sh
# find out WordPress password:
journalctl -u web@*.test | grep to\ connect\ test
# find out piwik and owncloud password:
journalctl -u web@*.test | grep \'\>\>\ generated
exit
./scripts/stop.sh
libre ps
libre logs -f --tail=100
libre stop
libre restart
```
Most of the tests are "visual", but by reading them, it gives you an idea on how to start and stop services.
## Contributing
If you have any issue (something not working, missing doc), please do report an issue here! Thanks
This system is used in production at [IndieHosters](https://indiehosters.net/) so it is maintained. If you use it, please tell us, and we'll be really happy to update this README!
You can help us by:
- starring this project
- sending us a thanks email
- reporting bugs
- writing documentation/blog on how you got up and running in 5mins
- writing more documentation
- sending us cake :) We loove cake!
## Contributors
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="https://github.com/indiehosters/libre.sh/graphs/contributors"><img src="https://opencollective.com/libresh/contributors.svg?width=890&button=false" /></a>
## Backers
Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/libresh#backer)]
<a href="https://opencollective.com/libresh#backers" target="_blank"><img src="https://opencollective.com/libresh/backers.svg?width=890"></a>
## Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/libresh#sponsor)]
<a href="https://opencollective.com/libresh/sponsor/0/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/0/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/1/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/1/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/2/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/2/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/3/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/3/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/4/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/4/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/5/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/5/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/6/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/6/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/7/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/7/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/8/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/8/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/9/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/9/avatar.svg"></a>
## Other projects
Simplifying web application hosting has always been a goal for a lot of other projects, here is some project that share goals with libre.sh
Before running `./scripts/stop.sh`, you can use your browser to see the applications:
* https://wordpress.test/ user: test@test.org pass: as found with journalctl before
* https://owncloud.test/ user: test@test.org pass: as found with journalctl before
* https://piwik.test/ user: test@test.org pass: as found with journalctl before
* https://static.test/ (you will simply see the contents of server.test:/data/domains/static.test/static/www-content/index.html)
* https://known.test/ (you will be able to create a user there)
- Yunohost https://yunohost.org
- Sandstorm https://sandstorm.io/
- Cloudron https://git.cloudron.io/cloudron/box
This is still work in progress, please feel free to contribute to it!
ROADMAP.md 0 → 100644
View file @ 408b8f91
# TL;DR
- k8s
- [ ] ceph
- [ ] flannel
- [ ] baremetal install
# Object
The aim of this document is to write the big lines of the future of libre.sh.
# Version 1
The current version, let's call it 1, is a nice opiniated framework on how to run a single host with docker-compose.
It provides a list of packages and module compatible with this framework.
The best features of this framework are:
- https only
- some integration between the tools (auto provisioning of emails for new applications)
- domain name buying (Namecheap api)
- dns configuration (Namecheap api)
# Version 2 - k8s
This roadmap will discuss about the migration to kubernetes (k8s).
## Distributions
There are various k8s distributions (Tectonic, deis, openshift..) and the aim of libre.sh is not to become yet another distribution.
It would be nice if we could list them, evaluate them, and decide to use one of them or not.
## Installation/Operation
libre.sh should be opiniated on the way to install and operate the cluster.
It should provide easy steps to install on baremetal first. We aim for libre software, and as such, we can't rely
on cloud providers like gcloud, aws, or digital ocean.
As a second priority, we should give easy instructions to deploy on any cloud providers, as people are free to choose their chains :)
## Storage
One big challenge in k8s cluster context is to provide an implementation of major cloud providers about [PersistantVolume](https://kubernetes.io/docs/user-guide/persistent-volumes/).
In a libre cluster, this function would be achieved by a distributed file system technology.
After some investigation, the choice would be to use ceph.
There are already some work done on it like the [ceph-docker](https://github.com/ceph/ceph-docker/tree/master/examples) repo.
## Network
Another big challenge is network. k8s is strongly opiniated on what should be the network configuration.
Ideally, we would use some IPsec to secure the links between machine in a context we can't trust the network (like at hetzner).
There are 3 options:
- zerotier
- tinc vpn
- flannel that might implement IPsec in a near future
The cheapest in term of work would be to bet on flannel.
## Packages
There is now a way to create and distribute packages in a standard way.
We can then remove the idea of modules and applications.
They will all be packages.
The k8s standard for that is [helm](http://helm.sh/). There is already a big list of packages.
As for libre.sh, the idea would be to contribute the missing packages there.
### opportunistic packages
libre.sh would then be, just a repo of documentation on how to install, operate and manage a k8s cluster on baremetal.
There is still a place where we can have a difference.
This idea is called opportunistic package.
This would be a package based on an official one.
Let's take the example of WordPress.
The libre.sh version of WordPress would be based on the official one.
But it will have some mechanisms to discovers services available inside the cluster it is running on.
These services could be:
- ldap
- piwik
- email
So, when you install a new WordPress, it will try to discover opportunistically if there is a ldap service in the cluster,
and if yes, configure WordPress to use this ldap service.
This pattern will help make it happen:
https://github.com/kubernetes-incubator/service-catalog
certs/ca-sha2.pem deleted 100644 → 0
View file @ 949f5d5d
-----BEGIN CERTIFICATE-----
MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul
F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC
ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w
ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk
aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0
YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg
c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG
CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF
wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS
Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst
0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc
pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl
CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF
P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK
1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm
KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ
8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm
fyWl8kgAwKQB2j8=
-----END CERTIFICATE-----
certs/sub.class1.server.sha2.ca.pem deleted 100644 → 0
View file @ 949f5d5d
-----BEGIN CERTIFICATE-----
MIIF2TCCA8GgAwIBAgIHFxU9nqs/vzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NDE3WhcNMjIxMDE0MjA1
NDE3WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj
0PREGBiEgFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo
/OenJOJApgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn6
6+6CPAVvkvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+v
WjhwRRI/ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxD
KslIDlc5xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21T
Lwb0pwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAQYwHQYDVR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaA
FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQCBnsOw7dxamNbdJb/ydkh4Qb6E
qgEU+G9hCCIGXwhWRZMYczNJMrpVvyLq5mNOmrFPC7bJrqYV+vEOYHNXrzthLyOG
FFOVQe2cxbmQecFOvbkWVlYAIaTG42sHKVi+RFsG2jRNZcFhHnsFnLPMyE6148lZ
wVdZGsxZvpeHReNUpW0jh7uq90sShFzHs4f7wJ5XmiHOL7fZbnFV6uE/OoFnBWif
CRnd9+RE3uCospESPCRPdbG+Q4GQ+MBS1moXDTRB6DcNoHvqC6eU3r8/Fn/DeA9w
9JHPXUfrAhZYKyOQUIqcfE5bvssaY+oODVxji6BMk8VSVHsJ4FSC1/7Pkt/UPoQp
FVh38wIJnvEUeNVmVl3HHFYTd50irdKYPBC63qi2V/YYI6bJKmbrjfP9Vhyt9uNr
y3Kh4W22ktDuCCvWC7n/gqerdq+VlTRfNt7D/mB0irnaKjEVNCXBXm9V/978J+Ez
8aplGZccQ9jnc9kiPtUp5dj45E3V8vKqzp9srSSI5Xapdg+ZcPY+6HNuVB+MadRp
ZW2One/Qnzg9B4GnVX7MOETImdoP4kXpostFuxoY/5LxCU1LJAIENV4txvT50lX2
GBXCkxllRLWOgdyll11ift/4IO1aCOGDijGIfh498YisM1LGxytmGcxvbJERVri+
gGpWAZ5J6dvtf0s+bA==
-----END CERTIFICATE-----
certs/sub.class2.server.sha2.ca.pem deleted 100644 → 0
View file @ 949f5d5d
-----BEGIN CERTIFICATE-----
MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1
NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I
PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV
sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k
s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125
w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH
M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp
Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA
FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw
tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u
agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs
BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy
36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn
cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy
T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6
4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV
iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA
7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u
y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR
RNvbaAxIU4U67YaZSw==
-----END CERTIFICATE-----
configs/backup.config deleted 100644 → 0
View file @ 949f5d5d
#cloud-config
hostname: backup.test
coreos:
update:
reboot-strategy: best-effort
users:
- name: backup
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9rLjfQVci9g/ex+ZYGH0n1cSyp65oKeAgcPQtWGJ6V3KbzzePlR+ROSwA8XtSks9geQdq8kuWvO07cWrgvoOg1OYRfRhjQj0mY0uIKXSEAcGC2ndZoKN0CBOsPhYhZCxeMIem9ixmOFPSRhYgfg6+JZDn5/EZR/s2Et04yksHRmwxxuc7Pj6d0bBvUnkWz6IEZ7G8qhNikOAXskxEJKnm5grpPf7bQk6nztNbHwxuCHC3FrcTlu3a3yEMpC1+bmkCicVOQGtl7aVEQiGJMc7jITv52YC6Gcg+Oz65hLG9JJF3w42uFj01di6ghJAHwaqOBP2fGpKhoi1+FwQnmnf root@server.test
configs/server.config deleted 100644 → 0
View file @ 949f5d5d
#cloud-config
hostname: server.test
coreos:
update:
reboot-strategy: best-effort
etcd:
addr: 172.17.42.1:4001
bind-addr: 172.17.42.1:4001
peer-addr: 172.17.42.1:7001
peer-bind-addr: 172.17.42.1:7001
units:
- name: etcd.service
command: start
write_files:
- path: /etc/environment
permissions: 0600
owner: root
content: |
ENCRYPT_KEY="30082747"
BACKUP_DESTINATION="backup@##BACKUP_IP##"
- path: /etc/hosts
permissions: 0644
owner: root
content: |
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 static.test
127.0.0.1 wordpress.test
127.0.0.1 known.test
127.0.0.1 piwik.test
127.0.0.1 owncloud.test
##BACKUP_IP## backup.test
- path: /root/key.pub
permissions: 0644
owner: root
content: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFS2lIEBCAC+kiok9swkG+ufytTbsT4jUrrPiRLqCt8ATlkCsCeensSE0c5q
H9bbsUhEEA6JUhsQ4P/p+5KVB9du4odvsBeB5bW4dm79f+YuZMNiOXW7rzQ8AXjK
PJLSYtwa7P5xPTN4OU8IPg06FMEyrWpdfviMv+f5ekJrC6hyTfDBTtfcr2/u4Hu8
PSC3AP76FO1QwRzCBHzzCWwoMe/WnUc1F36C3S1//yJn6IZvgQppc4Z2NXkFTUFm
+xK63vSzH5b3Foqd0JgFZ0O/40V3Y/g2lhA3dFLKFlZU3BpgOGQbXck7pUuQpmMR
k7+pz6b0CRtnk2kB7ViRzY65x74f+JY44q7pABEBAAG0FVRlc3QgQmFja3VwIDxy
b290QHQxPokBOAQTAQIAIgUCVLaUgQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
F4AACgkQN2JsMjAIJ0efrggAkf7uh7fM+6uKlamJRBxN0GQdo8ORNpflND62GLQp
TdvGB2sJdVrAspwcEiccaUsEcCiFGyJlNzCuNCjj7OGtBme3+NCCerIR+hFukO5l
tVttcvIQTf+9FPXT5B0TvempI7Of3+WEwmhG7OBOt6VlikKxQ3gFcRCAhznPJyu0
SUU6h0swEYeojNJTbrsoUDGQt3VFbN+0Iv6SoY9gYM18ak8yxxUJBTyiVofFZBDV
Rx1iGQ8reaHUvkjfwmdSSDpRUk7S7Z4ciAWOt7ZvENJI9LERmdEHm3JYfIM1ENB2
CfwLziIzpQ2DcwxZJw3W+tF6ip78+PDftBoy5MqTTKKzibkBDQRUtpSBAQgApp/S
R3pEn3fLQeOG5w5DI6nUZFOfMjiAL5azvkcDiBdtJp7KafQnjGOuJBH0u+Rb9t32
BkvuKNNbumLn0H8a8HDqwEI5vVYil4YCbPtmFIrmBjWwaReEH/hYWz/vZcbdSA9w
V5nNToE8SoESJh9GyAfS3UMTCQj6HX/i8ldHMqVgoY7gwOQHSLuZlRYT/b5Clbfy
9iKen0sjxhtnW+sYwXfY3iwda7m8LMFkUhdzjthhhInrtv2KhNTvJS94PLmx6F9v
PSq87Wozg/mN+nCYCSA2NuXMZS5G9Wxl2n7qHVLNIwRL17qJ2uG+nLEIi/gG9nf7
bA+qItGljIKBwpYC/wARAQABiQEfBBgBAgAJBQJUtpSBAhsMAAoJEDdibDIwCCdH
NqMIAJP+iow4wkvmiphHCKbCMFM9k82w9qJ8cE3uCDlWDrjnjf9vJFId6NwhLnl/
TIb/MeKHPP178Kn05ZAI0nFokRGhzyx1OFZOy5HfoDjo8Y6uiAZWq0jRDqYPWkDr
rRnApbcjKTdirrhYL4b3v7MloaKU4qrpYiYGIhdd2+pZTkvY7AKojVw1Xi5CiIj6
puXiXENEetu0HhyGMiH9TjAQgt81R0VIj+X+CTZQa/3e9NWXf0O5T7zqadvIGzEC
YsLlEkuop3TqPdIEk0uJVmtbfNOaHMUIl4/ZziYZmVDUhXyfPfU5JM12yMTRTe7t
OCeGO1ft3KS3Dm4KSgDcDK43vi8=
=2QSP
-----END PGP PUBLIC KEY BLOCK-----
- path: /root/.ssh/id_rsa
permissions: 0600
owner: root
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwPay430FXIvYP3sfmWBh9J9XEsqeuaCngIHD0LVhieldym88
3j5UfkTksAPF7UpLPYHkHavJLlrztO3Fq4L6DoNTmEX0YY0I9JmNLiCl0hAHBgtp
3WaCjdAgTrD4WIWQsXjCHpvYsZjhT0kYWIH4OviWQ5+fxGUf7NhLdOMpLB0ZsMcb
nOz4+ndGwb1J5Fs+iBGexvKoTYpDgF7JMRCSp5uYK6T3+20JOp87TWx8Mbghwtxa
3E5bt2t8hDKQtfm5pAonFTkBrZe2lREIhiTHO4yE7+dmAuhnIPjs+uYSxvSSRd8O
NrhY9NXYuoISQB8GqjgT9nxqSoaItfhcEJ5p3wIDAQABAoIBAHMwUWV/cj3mtTZf
92MFqDPxEneDQPEquBL8Y7opLIq5JmX7tWgt6R5fXey8s+CM4xFagqQ7siLb5HNz
JPbXfxI+zx4tVE8Pc/Mf3qlUj+gv7SFsmsuxr+mb/k07U2T0hoWKwsam3dpWmtlL
lx7upxH85yaDGUqR21b1X0XtfNx5kMj9584JQ9Bgs4vXd/iCCrF9SsCMIk0pdg/8
LDvhHJr4sLFJWVj54HW4k+Bf+xbERp+adHsR6FIlT6OcJD9vzLrTQT8KTgyHppM9
ZTqdThp+qYw4GKV0fDtlwC3G80q60aYfLdzf7m8SBsuJWgRyjm7YPpjxK3xJjpEH
qM/7c3ECgYEA7HXAUYR+ZZpWj3acGYOMfbAPu8d26L0TD8qs6LbLUb4uSOlYuQQu
mn/F8sRiszuWEqAAA3RJlRSUK6HhyI30Tbe/K3p/QnBxjNfU5reolRvjSvD2Txpt
q1xHNHCezZb8JuZgyYn0CfKHyxs2OjQDmQoa+jHHQ2QkCtinmqfLya0CgYEA0OjL
clHMrJIhgHDx+KpzGGaRKh1/8Zn+pa1iBFYdXEN/h36/ZYuAYgmxV/jX+nc3hrce
iUj1xNEN+51Ozn5KyHImSSGlJ1Ra0af0h0+0jtXN+a3lB8uWozenItMuH2S5dEDM
VXqDWRRjc6dHTjoDda2Tdy1yT/9ci2E7zcd+izsCgYAZTojksI9uhFQbSpBuUpvo
n70vVauuQP4XRJO43EdqWjZN61tpgb8THfWrg8UkdY4cNC+MLxfo8qjg+pRViIvK
/Y1iM9wG2k3syvSoNKPAQZnT3XIfCS8PlfKw9BSq4CvgZeuZ5j/OCLzryd/F3uc7
q88zU7yFw+PvnTxi2u5+iQKBgQCeFDm2ZK1ivCT7ovuGdbwn75zS6IWjFSr6xSsR
KvSGl1DN/5vmw9u+06TNc7BCh6mNl81Uhs/qQWK6TbuPR0NhT/cmiX4GN6+NS/Ed
3rM7DhARaYOQFX8EPJ2NHY2eFcK7dDjqSY1Qf7wNjLvJNt7dUh3vJYWFgS7PDSGK
wfVAdwKBgQCsaRcaopsbjknffjPefhx6DinLrdWZ+HN4hKft29gXUyiWxyKHl7Bw
L6nmdssgy786p/zR4uAy7Q9NEm5vhbfsStGOEfNb1gVgmcvCkLmRJ/ptIyg3t6pq
QBCRI/nRcO5FhEEqIXcn7tccBLVxJVp41XKqvONpYqq+oBNuy2po9w==
-----END RSA PRIVATE KEY-----
- path: /root/.ssh/id_rsa.pub
permissions: 0600
owner: root
content: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9rLjfQVci9g/ex+ZYGH0n1cSyp65oKeAgcPQtWGJ6V3KbzzePlR+ROSwA8XtSks9geQdq8kuWvO07cWrgvoOg1OYRfRhjQj0mY0uIKXSEAcGC2ndZoKN0CBOsPhYhZCxeMIem9ixmOFPSRhYgfg6+JZDn5/EZR/s2Et04yksHRmwxxuc7Pj6d0bBvUnkWz6IEZ7G8qhNikOAXskxEJKnm5grpPf7bQk6nztNbHwxuCHC3FrcTlu3a3yEMpC1+bmkCicVOQGtl7aVEQiGJMc7jITv52YC6Gcg+Oz65hLG9JJF3w42uFj01di6ghJAHwaqOBP2fGpKhoi1+FwQnmnf root@server.test
dockerfiles/backup/duplicity/Dockerfile deleted 100644 → 0
View file @ 949f5d5d
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
RUN \
export VERSION=0.7.01 && \
apt-get update && \
apt-get install -y wget python python-dev python-pip librsync-dev ncftp lftp rsync && \
rm -rf /var/lib/apt/lists/* && \
pip install --upgrade lockfile paramiko pycrypto && \
cd /tmp/ && \
wget https://launchpad.net/duplicity/0.7-series/$VERSION/+download/duplicity-$VERSION.tar.gz && \
cd /opt/ && \
tar xzvf /tmp/duplicity-$VERSION.tar.gz && \
rm /tmp/duplicity-$VERSION.tar.gz && \
cd duplicity-$VERSION && \
./setup.py install
ENTRYPOINT [ "/usr/local/bin/duplicity" ]
fresh_install deleted 100644 → 0
View file @ 949f5d5d
IP=
hostname=
ssh -o "StrictHostKeyChecking no" root@$IP
fdisk -l #find your ssd
#Check the state of the drives
smartctl -a /dev/sda
smartctl -a /dev/sdb
smartctl -a /dev/sdc
wget https://raw.github.com/coreos/init/master/bin/coreos-install
cat > cloud-config << EOF
#cloud-config
hostname: $hostname
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTDu9fp/BkVv7afu4HWBf9Ou/Bu0A0wmT8ELx6w2LguywKVYytubS++j1cuZ90BmK7pso22gJL8JA+z3I4YSzzX07E+/Tauug/xqWY88nk2yykIbRdYwnBQ545yDoK9b2MG+3Ih9NFNo4CTe0hfm9OC8Ztd+6/tJI85JUNjISSEuGhwkfCHUKwu5kUQDLCJg5hzbq0mpE/CAnXiX6Vs2vJL2RHuvM37CzuqjFqJq+k7OYW1Dz32PrFxOefCHCHXI5Oq2a6lWcBLHmYPx8KDk5li7XSm3HirPoPOpSgfZmFtTM7bbJmOjlJgD27tDUgM94yZoRB9qFSM3103CX1qRfLfDd/e9BDI6jbG/Jdq4Zt1PdOb4V6ee86DzO+PIOqv0P9tImMAwZDve9EfcaNjqNhWeY4oUbEuvsZ5R5BrFGvg10D7WsVs1iIJ//XYaiC+D5PG6iDjXsvR7j+auLGGMOjZNEvIJcqDmtTi2mQsZ4n9Y9M0zAKCKIGkKS+JQqZZUToRA7YV+C7JniTlxg4UZxVQgpsGhwxnWuc8YeM99byB6lbWqGTewVbDy97zXcJwHfVgx0oUNwQl0qwZ+B1LX8Cw1eei2vBzHlsVpx0G/RKn4ai1puSyYeFyTOWIc38HZ8d4ZdL2LYx2PqCTYOfHYfLY4q3Mj2SDxr/fq++0F7jbQ== pierre@ozoux.net
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoQ/sHcgXwcmTWDAd+8uc7dk7eIpLv0T1i8gkQOamBaCV+Y9SXDlUcveWHXa0JTZJTzXn/m/O1VE5AlqP3TEKSPBxnVBya6LWuLlNNGBKmponWXIb5aIcpKHicojEcrt1KjQyc3UAKRcLz7ajgsQ+kj2GXcbXlCGIsEUx08MIV1bowxmHIKNDe/SaBUAVsHZFuE7R4okQxPYJfU5SeHogUtwon99ND4PohEmR0IYtXGTNu4ky2j+qBAIZLbXa0AR20v4dvE5apZKwmD/Uyv7sTPApm0KfqRozgi/T5Ba0OcR79AAm1XaBzT78YTO+41eV3EHTiH1Y/XIQR75iMdfTPGWcaSlU6qMoLSJ8OsGX9qOJCoWNzJSl2j7OgHchhNmf6uuZkvBR2hOpTQgDsDHHk8LVFiQ3VlDdL6mWYoxRCmKil7lycAczx7MdjfEU6QGdEfRKWpwWKV8qJEIJqhVMVKgqJOk+fxyAmC+oije+7JUEa64r30A6rwsTUkO8cI5KxxksYDsQYmZPvAMM3pxi01WTxt01gG//vC+4Hxg1OZdPwUlJdYEGKhGVSa127eKobpb460avon24a1OW9qCpiv79/qOrKUEjQX8PpPlG6oFZlAzFkLkNDDMMqhePOXapgpyclbemFC+5Xj2w/8gVJJZotPr1OzTjzfqFAUOwqw== pboua@Peters-MacBook-Air.local
write_files:
- path: /etc/sysctl.d/aio-max.conf
permissions: 0644
owner: root
content: "fs.aio-max-nr = 1048576"
- path: /etc/hosts
permissions: 0644
owner: root
content: |
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
coreos:
update:
reboot-strategy: off
units:
- name: systemd-sysctl.service
command: restart
- name: data-domains.mount
command: start
content: |
[Mount]
What=/dev/md0
Where=/data/domains
Type=ext4
EOF
bash coreos-install -d /dev/sda -c cloud-config
reboot
ssh core@$IP
sudo su -
# Create Directory structure
mkdir -p /data/domains
git clone https://github.com/indiehosters/LibrePaaS.git /data/indiehosters
# Install unit-files
cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload
# Setup raid
cat > /etc/mdadm.conf << EOF
MAILADDR support@indie.host
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sdb /dev/sdc
EOF
mkfs.ext4 /dev/md0
coreos-cloudinit --from-file=/var/lib/coreos-install/user_data
cat > /etc/environment << EOF
NAMECHEAP_URL="namecheap.com"
NAMECHEAP_API_USER="pierreo"
NAMECHEAP_API_KEY=
IP=`curl -s http://icanhazip.com/`
FirstName="Pierre"
LastName="Ozoux"
Address="23CalcadaSaoVicente"
PostalCode="1100-567"
Country="Portugal"
Phone="+351.967184553"
EmailAddress="pierre@ozoux.net"
City="Lisbon"
CountryCode="PT"
BACKUP_DESTINATION=root@xxxxx:port
ENCRYPT_KEY=
PASSPHRASE= #encrypt key passphrase
mail_username=contact%40indie.host
mail_password=
mail_hostname=mail.indie.host
MAIL_HOST=mail.indie.host
MAIL_PORT=587
MAIL_DOMAIN=indie.host
EOF
source /etc/environment
ssh-keygen -t rsa -b 4096 -C "root@$hostname"
# add the new public key to your backup server
ssh -o "StrictHostKeyChecking no" -o "BatchMode yes" -o "HostKeyAlgorithms=ssh-rsa" root@5.9.102.20 -p port exit
gpg --gen-key
mkdir -p /opt/bin
DOCKER_COMPOSE_VERSION=1.4.2
curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose
chmod +x /opt/bin/docker-compose
# add swap
cd /data
fallocate -l 8192m ./swap
chmod 600 ./swap
mkswap ./swap
systemctl status swapon
systemctl start swapon
systemctl status swapon
hotfixes/2015-01-09-rename-repository.sh deleted 100644 → 0
View file @ 949f5d5d
START
docker pull pierreozoux/haproxy
docker pull pierreozoux/confd
docker pull pierreozoux/email-forwarder
docker pull pierreozoux/nginx
docker pull pierreozoux/mysql
docker pull pierreozoux/wordpress
docker pull pierreozoux/known
mv /data/indiehosters /data/indiehosters.old
git clone https://github.com/pierreozoux/IndiePaaS.git /data/indiehosters
cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload
systemctl disable postfix
systemctl disable haproxy-confd
systemctl enable email-forwarder
systemctl enable confd
reboot
STOP
ROLLBACK START
mv /data/indiehosters /data/indiehosters.new
mv /data/indiehosters.old /data/indiehosters
cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload
systemctl enable postfix
systemctl enable haproxy-confd
systemctl disable email-forwarder
systemctl disable confd
reboot
ROLLBACK STOP
CLEAN START
rm /etc/systemd/system/postfix.service
rm /etc/systemd/system/haproxy-confd.service
rm -rf /data/indiehosters.old
CLEAN STOP
hotfixes/2015-01-12-merge-unit-files.sh deleted 100644 → 0
View file @ 949f5d5d
domains=( domain1 domain2 )
# START
echo "APPLICATION=wordpress" > /tmp/wordpress_env
echo "VOLUME=/app/wp-content" >> /tmp/wordpress_env
echo "EMAIL=test@test.org" >> /tmp/wordpress_env
docker pull ibuildthecloud/systemd-docker
for domain in "${domains[@]}"
do
cp /tmp/wordpress_env /data/domains/$domain/.env
systemctl stop wordpress@$domain
systemctl disable wordpress@$domain
mv /data/domains/$domain/wordpress/wp-content /data/domains/$domain/wordpress/data
done
cd /data/indiehosters
git pull
cp /data/indiehosters/unit-files/* /etc/systemd/system && sudo systemctl daemon-reload
docker pull pierreozoux/wordpress
for domain in "${domains[@]}"
do
systemctl start lamp@$domain
systemctl enable lamp@$domain
done
docker pull pierreozoux/known
# put the right email in each folder
# STOP
# ROLLBACK START
cd /data/indiehosters
git checkout 2c71084d502c05be220dd2de00acfd0c333bc7ff
cp /data/indiehosters/unit-files/* /etc/systemd/system && sudo systemctl daemon-reload
cd dockerfiles/services/wordpress/
docker build -t pierreozoux/wordpress .
for domain in "${domains[@]}"
do
mv /data/domains/$domain/wordpress/data /data/domains/$domain/wordpress/wp-content
systemctl start wordpress@$domain
systemctl enable wordpress@$domain
done
# ROLLBACK STOP
# CLEAN START
rm /etc/systemd/system/static-*
rm /etc/systemd/system/wordpress*
rm /etc/systemd/system/known*
rm /etc/systemd/system/mysql-importer@.service
# CLEAN STOP
hotfixes/2015-01-12-remove-staticgit.sh deleted 100644 → 0
View file @ 949f5d5d
domains=( domain1 domain2 )
# START
for domain in "${domains[@]}"
do
cp -R /data/runtime/domains/$domain/static-git /data/domains/$domain/static
systemctl stop static-git@$domain
systemctl start static@$domain
systemctl list-units | grep $domain | grep failed
done
# STOP
# ROLLBACK START
for domain in "${domains[@]}"
do
systemctl stop static@$domain
systemctl start static-git@$domain
done
# ROLLBACK STOP
# CLEAN START
for domain in "${domains[@]}"
do
systemctl disable static-git@$domain
systemctl enable static@$domain
rm -rf /data/domains/$domain/static-git
done
# CLEAN STOP
hotfixes/2015-01-16-moves-backup-to-duplicity.sh deleted 100644 → 0
View file @ 949f5d5d
# START
docker pull pierreozoux/duplicity
gpg --gen-key
gpg --list-keys
echo ENCRYPT_KEY="" >> /etc/environment
echo BACKUP_DESTINATION="backup@backup" >> /etc/environment
cd /data/indiehosters
git pull
cp /data/indiehosters/unit-files/* /etc/systemd/system && sudo systemctl daemon-reload
for domain in "${domains[@]}"
do
systemctl start backup@$domain
systemctl status backup@$domain
done
# STOP
# CLEAN START
rm -rf /data/import
rm /data/BACKUP_DESTINATION
su backup
cd
mkdir old_backups
mv ./* old_backups
# CLEAN STOP
hotfixes/2015-01-16-ultimate-DRY.sh deleted 100644 → 0
View file @ 949f5d5d
static_domains=( domain1 domain2 )
wordpress_domains=( domain1 domain2 )
# START
cd /data/indiehosters
git pull
cp /data/indiehosters/unit-files/* /etc/systemd/system && sudo systemctl daemon-reload
docker pull pierreozoux/wordpress
for domain in "${static_domains[@]}"
do
folder=/data/domains/${domain}
echo "EMAIL=test@test.org" > ${folder}/.env
echo "APPLICATION=nginx" >> ${folder}/.env
echo DOCKER_ARGUMENTS="-v ${folder}/static/www-content:/app" >> ${folder}/.env
systemctl restart static@$domain
systemctl status static@$domain
systemctl status web@$domain
done
for domain in "${wordpress_domains[@]}"
do
folder=/data/domains/${domain}
echo "EMAIL=test@test.org" > ${folder}/.env
echo "APPLICATION=wordpress" >> ${folder}/.env
echo DOCKER_ARGUMENTS="--link mysql-${domain}:db \
-v /data/domains/${domain}/wordpress/data:/app/wp-content \
-v /data/domains/${domain}/wordpress/.htaccess:/app/.htaccess \
--env-file /data/domains/${domain}/wordpress/.env" >> ${folder}/.env
systemctl restart lamp@$domain
systemctl status lamp@$domain
systemctl status web@$domain
done
# STOP
# ROLLBACK START
cd /data/indiehosters
git checkout 65d6486005e3d96e3ad9d5ab17f99d8910cc5e70
cp /data/indiehosters/unit-files/* /etc/systemd/system && sudo systemctl daemon-reload
cd dockerfiles/services/wordpress/
docker build -t pierreozoux/wordpress .
for domain in "${wordpress_domains[@]}"
do
systemctl restart lamp@$domain
done
for domain in "${static_domains[@]}"
do
systemctl restart static@$domain
done
# ROLLBACK STOP
# CLEAN START
# CLEAN STOP
hotfixes/2015-02-20-release-0.4.sh deleted 100644 → 0
View file @ 949f5d5d
START
cd /data/indiehosters
git pull
docker pull pierreozoux/rsyslog
docker pull pierreozoux/haproxy
docker pull pierreozoux/confd
docker pull pierreozoux/postfix
docker pull pierreozoux/nginx
docker pull pierreozoux/mysql
docker pull pierreozoux/wordpress
docker pull pierreozoux/known
docker pull pierreozoux/piwik
docker pull pierreozoux/owncloud
systemctl enable rsyslog
systemctl start rsyslog
systemctl enable postfix
systemctl disable email-forwarder
cp /data/indiehosters/unit-files/* /etc/systemd/system
reboot
STOP