anderson/mic-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Gitea, Haproxy and MIC bot/backend infra added

Browse Source
This commit is contained in:
Dmitry Anderson 2024-10-15 00:12:11 +02:00
parent 893b17720b
commit 9f3f9391e3
6 changed files with 188 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -1,3 +1,4 @@
# mic-infra Before trying to setup anything do `source ./pre-run.sh`
or add it's content into your `~/.zshrc` or `~/.bashrc` file
Compose, make, docker, config files and scripts used to setup the MIC infrastructure and (hopefully) some documentation on how to use it. As well you're gonna need to install [docker](https://docs.docker.com/engine/install/fedora/)

4
gitea/README Normal file
View File

@ -0,0 +1,4 @@
Before running do
$ mkdir gitea_data gitea_config postgres_data
$ mkdir .secret
$ nvim .secret/db_password.txt # Setup your Postgres password here

52
gitea/docker-compose.yml Normal file
View File

@ -0,0 +1,52 @@
secrets:
db_password:
file: .secrets/db_password.txt
networks:
gitea:
driver: bridge
services:
postgres:
container_name: gitea_postgres
image: postgres:latest
restart: always
volumes:
- ./postgres_data:/var/lib/postgresql/data:rw
environment:
POSTGRES_USER: gitea
POSTGRES_DB: gitea
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
user: "${USER_ID:-1000}:${GID:-1000}"
networks:
- gitea
secrets:
- db_password
server:
container_name: gitea_serv
image: gitea/gitea:latest
depends_on:
- postgres
restart: always
volumes:
- ./gitea_data:/var/lib/gitea
- ./gitea_config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER_ID=${USER_ID:-1000}
- GROUP_ID=${GID:-1000}
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=postgres:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD_FILE=/run/secrets/db_password
ports:
- "3000:3000"
- "2222:22"
networks:
- gitea
secrets:
- db_password

107
haproxy/haproxy.cfg Normal file
View File

@ -0,0 +1,107 @@
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
# log 127.0.0.1 local2
log /dev/log local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
# TLS
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
frontend git-http
bind *:80
option forwardfor
http-request redirect scheme https unless { ssl_fc }
frontend git-https
bind *:443 ssl crt /etc/letsencrypt/live/git.mic.pp.ua/fullchain.pem alpn h2,http/1.1
mode http
option forwardfor
acl is_git hdr(host) -i git.mic.pp.ua
use_backend git_backend if is_git
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend git_backend
balance roundrobin
mode http
server git_instance1 127.0.0.1:3000 check
backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888

20
mic/docker-compose.yml Normal file
View File

@ -0,0 +1,20 @@
secrets:
db_password:
file: .secrets/db_password.txt
services:
postgres:
container_name: bot_postgres
image: postgres:latest
restart: always
volumes:
- ./postgres_data:/var/lib/postgresql/data:rw
environment:
POSTGRES_USER: mic
POSTGRES_DB: mic
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
user: "${USER_ID:-1000}:${GID:-1000}"
networks:
- "127.0.0.1:5432:5432"
secrets:
- db_password

2
pre-run.sh Normal file
View File

@ -0,0 +1,2 @@
export USER_ID=$(id -u $USER)
export GID=$(id -g $USER)