e302d0ce · e302d0ce · e302d0ce · e302d0ce · 408b8f91 · 408b8f91
--- a/unit-files/backup-u@.timer
+++ b/unit-files/backup-u@.timer
-[Unit]
-Description=Hourly backup of www and mysql content.
-
-# Dependency binding
-BindsTo=universal@%i.service
-
-[Timer]
-OnActiveSec=20
-OnUnitActiveSec=60min
-AccuracySec=50min
-
--- a/unit-files/confd.service
+++ b/unit-files/confd.service
-[Unit]
-Description=%p
-
-# Requirements
-Requires=docker.service
-Requires=etcd.service
-
-# Dependency ordering
-After=docker.service
-After=etcd.service
-Before=haproxy.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name %p \
-  -v /data/runtime/haproxy/:/etc/haproxy/ \
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  indiepaas/confd
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/d-u@.service
+++ b/unit-files/d-u@.service
-[Unit]
-Description=%p for %i etcd registration
-
-# Requirements
-Requires=etcd.service
-
-# Dependency binding
-BindsTo=u@%i.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-Environment=URL=%i
-ExecStart=/bin/bash -xc ' \
-  ip=""; \
-  while [ -z $ip ]; \
-  do \
-    container_name=`echo ${URL}_web_1 | sed "s/\.//g" | sed "s/-//g"`; \
-    ip=`docker inspect --format \'{{.NetworkSettings.IPAddress}}\' $container_name`; \
-    sleep 1; \
-  done; \
-  etcdctl --peers 172.17.42.1:4001 set /services/web/%i \'{"ip":"\'$ip\'", "port":"80"}\';'
-ExecStop=-/usr/bin/etcdctl rm /services/web/%i
-
--- a/unit-files/discovery-u@.service
+++ b/unit-files/discovery-u@.service
-[Unit]
-Description=%p for %i etcd registration
-
-# Requirements
-Requires=etcd.service
-
-# Dependency binding
-BindsTo=universal@%i.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-Environment=URL=%i
-ExecStart=/bin/bash -xc ' \
-  ip=""; \
-  while [ -z $ip ]; \
-  do \
-    container_name=`echo ${URL}_web_1 | sed "s/\.//g" | sed "s/-//g"`; \
-    ip=`docker inspect --format \'{{.NetworkSettings.IPAddress}}\' $container_name`; \
-    sleep 1; \
-  done; \
-  etcdctl --peers 172.17.42.1:4001 set /services/web/%i \'{"ip":"\'$ip\'", "port":"80"}\';'
-ExecStop=-/usr/bin/etcdctl rm /services/web/%i
-
--- a/unit-files/dump_all.service
+++ b/unit-files/dump_all.service
+[Service]
+Type=oneshot
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin
+ExecStart=/opt/bin/dump_all.sh 
--- a/unit-files/dump_all.timer
+++ b/unit-files/dump_all.timer
+[Unit]
+Description=Run dump all dayly
+
+[Timer]
+OnCalendar=*-*-* 00:15:30
+
+[Install]
+WantedBy=timers.target
--- a/unit-files/git-puller.service
+++ b/unit-files/git-puller.service
-[Unit]
-Description=Git pull on every git repo
-
-[Service]
-Type=oneshot
-TimeoutStartSec=0
-ExecStart=/bin/bash -euxc ' \
-  for directory in `find /data/domains/ -mindepth 3 -name .git -type d -prune -not -path "*/owncloud/data/*"`;do \
-    cd $directory; cd ..;\
-    git pull; \
-  done'
-
--- a/unit-files/git-puller.timer
+++ b/unit-files/git-puller.timer
-[Unit]
-Description=Git pull every 5 minutes
-
-[Timer]
-OnBootSec=5min
-OnUnitActiveSec=5min
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/haproxy.path
+++ b/unit-files/haproxy.path
-[Path]
-PathExists=/data/runtime/haproxy/haproxy.cfg
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/haproxy.service
+++ b/unit-files/haproxy.service
-[Unit]
-Description=%p
-
-# Requirements
-Requires=docker.service
-
-# Dependency ordering
-After=docker.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name %p \
-  -v /data/runtime/haproxy:/etc/haproxy \
-  -p 80:80 \
-  -p 443:443 \
-  indiepaas/haproxy
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-
--- a/unit-files/mail-mon.service
+++ b/unit-files/mail-mon.service
+[Service]
+Type=oneshot
+ExecStart=/libre.sh/utils/mail-mon.sh
--- a/unit-files/ocsp.timer
+++ b/unit-files/ocsp.timer
 [Unit]
-Description=Daily timer for OCSP stapling
+Description=Run mail mon hourly and on boot

 [Timer]
 OnBootSec=15min
-OnUnitActiveSec=1day
+OnUnitActiveSec=1h

 [Install]
-WantedBy=multi-user.target
-
+WantedBy=timers.target
--- a/unit-files/ocsp.service
+++ b/unit-files/ocsp.service
-[Unit]
-Description=Get the OCSP data from the cert provider
-
-[Service]
-Type=oneshot
-TimeoutStartSec=0
-ExecStart=/bin/bash -euxc ' \
-  for cert in `ls /data/runtime/haproxy/approved-certs/*.pem`;do \
-    /data/indiehosters/utils/ocsp.sh $cert; \
-  done; \
-  systemctl restart haproxy; \
-  rm /tmp/*.crt'
-
--- a/unit-files/rsyslog.service
+++ b/unit-files/rsyslog.service
-[Unit]
-Description=%p
-
-# Requirements
-Requires=docker.service
-
-# Dependency ordering
-After=docker.service
-
-[Service]
-Restart=always
-RestartSec=20
-TimeoutStartSec=0
-ExecStartPre=-/usr/bin/docker kill %p
-ExecStartPre=-/usr/bin/docker rm %p
-ExecStart=/usr/bin/docker run \
-  --rm \
-  --name rsyslog \
-  -v /data/runtime/dev:/dev \
-  -v /data/runtime/log:/var/log \
-  indiepaas/rsyslog
-ExecReload=/usr/bin/docker restart %p
-ExecStop=/usr/bin/docker stop %p
-
-[Install]
-WantedBy=multi-user.target
-
--- a/unit-files/universal@.service
+++ b/unit-files/universal@.service
@@ -3,24 +3,21 @@ Description=%p-%i

 # Requirements
 Requires=docker.service
-Requires=discovery-u@%i.service
-Requires=backup-u@%i.timer

 # Dependency ordering
 After=docker.service
-Before=discovery-u@%i.service
-Before=backup-u@%i.timer

 [Service]
 Restart=always
 RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
-WorkingDirectory=/data/domains/%i/
-ExecStartPre=/bin/cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
-ExecStart=/bin/bash -euxc '/data/domains/%i/RUN'
-ExecStop=/bin/bash -euxc '/data/domains/%i/STOP'
+EnvironmentFile=-/system/%i/env
+Environment=HOSTNAME=%H
+WorkingDirectory=/system/%i/
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "docker-compose up"
+ExecStop=docker-compose stop

 [Install]
 WantedBy=multi-user.target
-
--- a/unit-files/swapon.service
+++ b/unit-files/swapon.service
+[Unit]
+Description=Turn on swap
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStartPre=-/bin/bash -euxc ' \
+  fallocate -l 8192m /swap &&\
+  chmod 600 /swap &&\
+  mkswap /swap'
+ExecStart=/sbin/swapon /swap
+ExecStop=/sbin/swapoff /swap
+[Install]
+WantedBy=local.target
--- a/unit-files/u@.service
+++ b/unit-files/u@.service
@@ -3,25 +3,21 @@ Description=%p-%i

 # Requirements
 Requires=docker.service
-Requires=d-u@%i.service
-Requires=b-u@%i.timer

 # Dependency ordering
 After=docker.service
-Before=d-u@%i.service
-Before=b-u@%i.timer

 [Service]
 Restart=always
 RestartSec=10
 TimeoutStartSec=60
 TimeoutStopSec=15
+EnvironmentFile=-/data/domains/%i/env
+Environment=HOSTNAME=%H
 WorkingDirectory=/data/domains/%i/
-ExecStartPre=/bin/cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
-ExecStartPre=-/opt/bin/docker-compose rm -f
-ExecStart=/opt/bin/docker-compose up
-ExecStop=/opt/bin/docker-compose stop
+ExecStartPre=-docker-compose rm -f
+ExecStart=/bin/bash -euxc "LETSENCRYPT_HOST=%i VIRTUAL_HOST=%i,www.%i docker-compose up"
+ExecStop=docker-compose stop

 [Install]
 WantedBy=multi-user.target
-
--- a/unit-files/web-net.service
+++ b/unit-files/web-net.service
+[Unit]
+Description=Create lb_web network
+Requires=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/docker network create lb_web
+ExecStop=/usr/bin/docker network rm lb_web
+[Install]
+WantedBy=local.target
--- a/user_data
+++ b/user_data
+#cloud-config
+
+ssh_authorized_keys:
+  - "PUT YOUR SSH KEY PUBLIC HERE"
+
+write_files:
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
+  - path: /etc/sysctl.d/libresh.conf
+    permissions: 0644
+    owner: root
+    content: |
+      fs.aio-max-nr=1048576
+      vm.max_map_count=262144
+      vm.overcommit_memory=1
+      vm.nr_hugepages=0
+  - path: /etc/hosts
+    permissions: 0644
+    owner: root
+    content: |
+      127.0.0.1 localhost
+      255.255.255.255 broadcasthost
+      ::1 localhost
+  - path: /etc/environment
+    permissions: 0644
+    owner: root
+    content: |
+      NAMECHEAP_URL="namecheap.com"
+      NAMECHEAP_API_USER="pierreo"
+      NAMECHEAP_API_KEY=
+      IP=`curl -s http://icanhazip.com/`
+      FirstName="Pierre"
+      LastName="Ozoux"
+      Address=""
+      PostalCode=""
+      Country="Portugal"
+      Phone="+351.967184553"
+      EmailAddress="pierre@ozoux.net"
+      City="Lisbon"
+      CountryCode="PT"
+      BACKUP_DESTINATION=root@xxxxx:port
+      MAIL_USER=
+      MAIL_PASS=
+      MAIL_HOST=mail.indie.host
+      MAIL_PORT=587
+coreos:
+  update:
+    reboot-strategy: off
+  units:
+    - name: systemd-sysctl.service
+      command: restart
+    - name: swap.service
+      enable: true
+      command: start
+      content: |
+        [Unit]
+        Description=Turn on swap
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStartPre=-/bin/bash -euxc ' \
+          fallocate -l 8192m /swap &&\
+          chmod 600 /swap &&\
+          mkswap /swap'
+        ExecStart=/sbin/swapon /swap
+        ExecStop=/sbin/swapoff /swap
+        [Install]
+        WantedBy=local.target
+    - name: install-compose.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install Docker Compose
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          mkdir -p /opt/bin &&\
+          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
+          curl -L $url > /opt/bin/docker-compose &&\
+          chmod +x /opt/bin/docker-compose'
+    - name: install-libresh.service
+      command: start
+      content: |
+        [Unit]
+        Description=Install libre.sh
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=-/bin/bash -euxc ' \
+          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
+          mkdir /{data,system} &&\
+          mkdir /data/trash &&\
+          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
+          systemctl enable web-net.service &&\
+          systemctl start web-net.service &&\
+          cp /libre.sh/utils/* /opt/bin/'
--- a/utils/add_cloud_user
+++ b/utils/add_cloud_user
+#!/bin/bash -eux
+
+source /etc/environment
+
+user=$1
+email=$2
+quota=$3
+
+curl -X POST -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users -d userid="$1" -d password="`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 10 | xargs`"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="email" -d value="${email}"
+curl -X PUT -H "OCS-APIRequest:true" --user ${cloud_admin}:${cloud_pass} https://${cloud_hostname}/ocs/v1.php/cloud/users/${user} -d key="quota" -d value="${quota}"