ConfigLMM 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -0
- data/CNAME +1 -0
- data/Examples/.lmm.state.yaml +159 -0
- data/Examples/ConfigLMM.mm.yaml +32 -0
- data/Examples/Implemented.mm.yaml +252 -4
- data/Examples/SmallBusiness.mm.yaml +492 -0
- data/Plugins/Apps/Answer/answer.lmm.rb +165 -0
- data/Plugins/Apps/Answer/answer@.service +40 -0
- data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb +0 -3
- data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb +0 -1
- data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +7 -1
- data/Plugins/Apps/Authentik/Authentik-Server.container +6 -1
- data/Plugins/Apps/Authentik/Authentik-Worker.container +6 -1
- data/Plugins/Apps/Authentik/Authentik.conf.erb +12 -7
- data/Plugins/Apps/Authentik/Authentik.lmm.rb +226 -61
- data/Plugins/Apps/BookStack/BookStack.conf.erb +0 -3
- data/Plugins/Apps/BookStack/BookStack.container +5 -0
- data/Plugins/Apps/BookStack/BookStack.lmm.rb +14 -3
- data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +9 -19
- data/Plugins/Apps/ClickHouse/ClickHouse.container +28 -0
- data/Plugins/Apps/ClickHouse/ClickHouse.lmm.rb +113 -0
- data/Plugins/Apps/ClickHouse/Config/listen.yaml +2 -0
- data/Plugins/Apps/ClickHouse/Config/logger.yaml +8 -0
- data/Plugins/Apps/ClickHouse/Config/zookeepers.yaml +5 -0
- data/Plugins/Apps/ClickHouse/Connection.rb +96 -0
- data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +5 -0
- data/Plugins/Apps/Discourse/Discourse.conf.erb +1 -4
- data/Plugins/Apps/Discourse/Discourse.container +4 -0
- data/Plugins/Apps/Discourse/Discourse.lmm.rb +116 -55
- data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +74 -62
- data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +6 -1
- data/Plugins/Apps/ERPNext/ERPNext-Queue.container +5 -0
- data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +5 -0
- data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +6 -1
- data/Plugins/Apps/ERPNext/ERPNext.container +6 -1
- data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +138 -127
- data/Plugins/Apps/GitLab/GitLab.container +6 -0
- data/Plugins/Apps/GitLab/GitLab.lmm.rb +43 -49
- data/Plugins/Apps/Homepage/Homepage.conf.erb +86 -0
- data/Plugins/Apps/Homepage/Homepage.container +19 -0
- data/Plugins/Apps/Homepage/Homepage.lmm.rb +54 -0
- data/Plugins/Apps/IPFS/IPFS.conf.erb +0 -3
- data/Plugins/Apps/IPFS/IPFS.lmm.rb +0 -1
- data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb +0 -3
- data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb +0 -1
- data/Plugins/Apps/Jackett/Jackett.conf.erb +0 -3
- data/Plugins/Apps/Jackett/Jackett.lmm.rb +0 -1
- data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb +0 -3
- data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb +0 -1
- data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +49 -28
- data/Plugins/Apps/LibreTranslate/LibreTranslate.container +21 -0
- data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb +34 -0
- data/Plugins/Apps/Lobsters/Containerfile +81 -0
- data/Plugins/Apps/Lobsters/Lobsters-Tasks.container +26 -0
- data/Plugins/Apps/Lobsters/Lobsters.conf.erb +99 -0
- data/Plugins/Apps/Lobsters/Lobsters.container +27 -0
- data/Plugins/Apps/Lobsters/Lobsters.lmm.rb +196 -0
- data/Plugins/Apps/Lobsters/crontab +3 -0
- data/Plugins/Apps/Lobsters/database.yml +26 -0
- data/Plugins/Apps/Lobsters/entrypoint.sh +30 -0
- data/Plugins/Apps/Lobsters/generateCredentials.rb +19 -0
- data/Plugins/Apps/Lobsters/lobsters-cron.sh +25 -0
- data/Plugins/Apps/Lobsters/lobsters-daily.sh +23 -0
- data/Plugins/Apps/Lobsters/puma.rb +49 -0
- data/Plugins/Apps/MariaDB/Connection.rb +55 -0
- data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +60 -53
- data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container +22 -0
- data/Plugins/Apps/Mastodon/Mastodon-Streaming.container +20 -0
- data/Plugins/Apps/Mastodon/Mastodon.conf.erb +34 -45
- data/Plugins/Apps/Mastodon/Mastodon.container +28 -0
- data/Plugins/Apps/Mastodon/Mastodon.lmm.rb +240 -5
- data/Plugins/Apps/Mastodon/configlmm.rake +30 -0
- data/Plugins/Apps/Mastodon/entrypoint.sh +16 -0
- data/Plugins/Apps/Matrix/Element.container +5 -0
- data/Plugins/Apps/Matrix/Matrix.conf.erb +2 -8
- data/Plugins/Apps/Matrix/Matrix.lmm.rb +100 -71
- data/Plugins/Apps/Matrix/Synapse.container +5 -0
- data/Plugins/Apps/Netdata/Netdata.conf.erb +0 -3
- data/Plugins/Apps/Netdata/Netdata.lmm.rb +0 -1
- data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +3 -4
- data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +150 -68
- data/Plugins/Apps/Nextcloud/autoconfig.php +13 -0
- data/Plugins/Apps/Nextcloud/config.php +10 -1
- data/Plugins/Apps/Nextcloud/nextcloudcron.service +8 -0
- data/Plugins/Apps/Nextcloud/nextcloudcron.timer +10 -0
- data/Plugins/Apps/Nginx/Connection.rb +93 -0
- data/Plugins/Apps/Nginx/conf.d/configlmm.conf +50 -9
- data/Plugins/Apps/Nginx/conf.d/languages.conf +21 -0
- data/Plugins/Apps/Nginx/config-lmm/errors.conf +25 -20
- data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf +20 -0
- data/Plugins/Apps/Nginx/config-lmm/proxy.conf +1 -1
- data/Plugins/Apps/Nginx/main.conf.erb +7 -3
- data/Plugins/Apps/Nginx/nginx.conf +2 -2
- data/Plugins/Apps/Nginx/nginx.lmm.rb +99 -81
- data/Plugins/Apps/Nginx/proxy.conf.erb +11 -3
- data/Plugins/Apps/Odoo/Odoo.conf.erb +0 -3
- data/Plugins/Apps/Odoo/Odoo.container +5 -0
- data/Plugins/Apps/Odoo/Odoo.lmm.rb +4 -5
- data/Plugins/Apps/Ollama/Ollama.container +26 -0
- data/Plugins/Apps/Ollama/Ollama.lmm.rb +73 -0
- data/Plugins/Apps/OpenTelemetry/Config/config.yaml +704 -0
- data/Plugins/Apps/OpenTelemetry/OpenTelemetry.lmm.rb +154 -0
- data/Plugins/Apps/OpenVidu/Ingress.container +5 -0
- data/Plugins/Apps/OpenVidu/OpenVidu.conf.erb +0 -3
- data/Plugins/Apps/OpenVidu/OpenVidu.container +5 -0
- data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +7 -3
- data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +0 -3
- data/Plugins/Apps/OpenVidu/OpenViduCall.container +5 -0
- data/Plugins/Apps/PHP-FPM/Connection.rb +91 -0
- data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +31 -4
- data/Plugins/Apps/Peppermint/Peppermint.conf.erb +2 -5
- data/Plugins/Apps/Peppermint/Peppermint.container +5 -0
- data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +29 -33
- data/Plugins/Apps/Perplexica/Perplexica.container +25 -0
- data/Plugins/Apps/Perplexica/Perplexica.lmm.rb +92 -0
- data/Plugins/Apps/Perplexica/config.toml +26 -0
- data/Plugins/Apps/Podman/Connection.rb +24 -0
- data/Plugins/Apps/Podman/Podman.lmm.rb +80 -0
- data/Plugins/Apps/Podman/storage.conf +6 -0
- data/Plugins/Apps/Postfix/Postfix.lmm.rb +242 -164
- data/Plugins/Apps/PostgreSQL/Connection.rb +97 -0
- data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +184 -148
- data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb +0 -3
- data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb +0 -2
- data/Plugins/Apps/Pterodactyl/Wings.conf.erb +0 -3
- data/Plugins/Apps/RVM/RVM.lmm.rb +57 -0
- data/Plugins/Apps/Roundcube/Roundcube.conf.erb +0 -3
- data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +15 -19
- data/Plugins/Apps/SSH/SSH.lmm.rb +9 -15
- data/Plugins/Apps/SearXNG/SearXNG.container +22 -0
- data/Plugins/Apps/SearXNG/SearXNG.lmm.rb +79 -0
- data/Plugins/Apps/SearXNG/limiter.toml +40 -0
- data/Plugins/Apps/SearXNG/settings.yml +2 -0
- data/Plugins/Apps/SigNoz/Config/alerts.yml +11 -0
- data/Plugins/Apps/SigNoz/Config/otel-collector-config.yaml +110 -0
- data/Plugins/Apps/SigNoz/Config/otel-collector-opamp-config.yaml +1 -0
- data/Plugins/Apps/SigNoz/Config/prometheus.yml +18 -0
- data/Plugins/Apps/SigNoz/SigNoz-Collector.container +23 -0
- data/Plugins/Apps/SigNoz/SigNoz-Migrator.container +17 -0
- data/Plugins/Apps/SigNoz/SigNoz.conf.erb +61 -0
- data/Plugins/Apps/SigNoz/SigNoz.container +26 -0
- data/Plugins/Apps/SigNoz/SigNoz.lmm.rb +319 -0
- data/Plugins/Apps/Solr/log4j2.xml +89 -0
- data/Plugins/Apps/Solr/solr.lmm.rb +82 -0
- data/Plugins/Apps/Sunshine/Sunshine.conf.erb +0 -3
- data/Plugins/Apps/Sunshine/Sunshine.lmm.rb +0 -1
- data/Plugins/Apps/Tunnel/tunnel.lmm.rb +33 -37
- data/Plugins/Apps/UVdesk/UVdesk.conf.erb +0 -3
- data/Plugins/Apps/Umami/Umami.container +19 -0
- data/Plugins/Apps/Umami/Umami.lmm.rb +108 -0
- data/Plugins/Apps/Valkey/Valkey.lmm.rb +54 -42
- data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +9 -6
- data/Plugins/Apps/Vaultwarden/Vaultwarden.container +7 -1
- data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +64 -29
- data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +1 -4
- data/Plugins/Apps/Wiki.js/Wiki.js.container +5 -0
- data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +31 -37
- data/Plugins/Apps/YaCy/YaCy.conf.erb +93 -0
- data/Plugins/Apps/YaCy/YaCy.container +21 -0
- data/Plugins/Apps/YaCy/YaCy.lmm.rb +160 -0
- data/Plugins/Apps/ZooKeeper/ZooKeeper.container +24 -0
- data/Plugins/Apps/ZooKeeper/ZooKeeper.lmm.rb +68 -0
- data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb +0 -3
- data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb +0 -1
- data/Plugins/Apps/gollum/gollum.conf.erb +2 -4
- data/Plugins/Apps/gollum/gollum.container +6 -0
- data/Plugins/Apps/gollum/gollum.lmm.rb +51 -50
- data/Plugins/Apps/llama.cpp/llama.cpp.container +28 -0
- data/Plugins/Apps/llama.cpp/llama.cpp.lmm.rb +90 -0
- data/Plugins/Apps/vLLM/vLLM.container +32 -0
- data/Plugins/Apps/vLLM/vLLM.lmm.rb +89 -0
- data/Plugins/OS/General/Utils.lmm.rb +26 -0
- data/Plugins/OS/Linux/Connection.rb +472 -0
- data/Plugins/OS/Linux/Debian/preseed.cfg.erb +25 -6
- data/Plugins/OS/Linux/Flavours.yaml +13 -0
- data/Plugins/OS/Linux/Grub/grub.cfg +10 -0
- data/Plugins/OS/Linux/HTTP.rb +32 -0
- data/Plugins/OS/Linux/Linux.lmm.rb +533 -187
- data/Plugins/OS/Linux/Packages.yaml +20 -1
- data/Plugins/OS/Linux/Services.yaml +8 -0
- data/Plugins/OS/Linux/Shell.rb +70 -0
- data/Plugins/OS/Linux/Syslinux/default +8 -0
- data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +83 -59
- data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +3 -0
- data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb +29 -3
- data/Plugins/OS/Linux/systemd/systemd.lmm.rb +13 -11
- data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb +6 -5
- data/Plugins/Platforms/GitHub.lmm.rb +73 -28
- data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +9 -6
- data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb +402 -0
- data/Plugins/Platforms/Proxmox/XTerm.rb +321 -0
- data/Plugins/Platforms/libvirt/libvirt.lmm.rb +38 -13
- data/Plugins/Platforms/porkbun.lmm.rb +12 -2
- data/Plugins/Platforms/porkbun_spec.rb +2 -2
- data/Plugins/Services/DNS/AmberBit.lmm.rb +1 -1
- data/Plugins/Services/DNS/ArubaItDNS.lmm.rb +1 -1
- data/Plugins/Services/DNS/NICLV.lmm.rb +1 -1
- data/Plugins/Services/DNS/PowerDNS.lmm.rb +70 -68
- data/Plugins/Services/DNS/tonic.lmm.rb +22 -12
- data/lib/ConfigLMM/Framework/plugins/dns.rb +4 -3
- data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +145 -184
- data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +34 -17
- data/lib/ConfigLMM/Framework/plugins/plugin.rb +53 -181
- data/lib/ConfigLMM/Framework/plugins/store.rb +4 -4
- data/lib/ConfigLMM/Framework/variables.rb +75 -0
- data/lib/ConfigLMM/Framework.rb +1 -0
- data/lib/ConfigLMM/cli.rb +12 -6
- data/lib/ConfigLMM/commands/configsCommand.rb +37 -6
- data/lib/ConfigLMM/commands/diff.rb +33 -9
- data/lib/ConfigLMM/context.rb +22 -3
- data/lib/ConfigLMM/io/configList.rb +82 -6
- data/lib/ConfigLMM/io/connection.rb +143 -0
- data/lib/ConfigLMM/io/dhcp.rb +330 -0
- data/lib/ConfigLMM/io/http.rb +78 -0
- data/lib/ConfigLMM/io/local.rb +207 -0
- data/lib/ConfigLMM/io/pxe.rb +92 -0
- data/lib/ConfigLMM/io/ssh.rb +156 -0
- data/lib/ConfigLMM/io/tftp.rb +105 -0
- data/lib/ConfigLMM/io.rb +2 -0
- data/lib/ConfigLMM/secrets/envStore.rb +39 -0
- data/lib/ConfigLMM/secrets/fileStore.rb +43 -0
- data/lib/ConfigLMM/state.rb +2 -1
- data/lib/ConfigLMM/version.rb +2 -1
- data/lib/ConfigLMM.rb +1 -0
- data/{Examples → scripts}/configlmmAuth.sh +7 -5
- metadata +205 -8
|
@@ -1,37 +1,44 @@
|
|
|
1
1
|
|
|
2
2
|
module ConfigLMM
|
|
3
3
|
module LMM
|
|
4
|
-
class ERPNext < Framework::
|
|
4
|
+
class ERPNext < Framework::Plugin
|
|
5
5
|
|
|
6
6
|
USER = 'erpnext'
|
|
7
7
|
HOME_DIR = '/var/lib/erpnext'
|
|
8
8
|
VERSION = '15'
|
|
9
9
|
FRAPPE_REPO = 'https://github.com/frappe/frappe_docker.git'
|
|
10
10
|
IMAGE_ID = 'ConfigLM.moe/erpnext:v' + VERSION
|
|
11
|
+
CONTAINER_NAME = 'ERPNext'
|
|
11
12
|
|
|
12
13
|
def actionERPNextBuild(id, target, activeState, context, options)
|
|
13
14
|
buildContainer(id, target, options)
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def buildContainer(id, target, options)
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
18
|
+
Linux.withConnection(local) do |localLinux|
|
|
19
|
+
begin
|
|
20
|
+
localLinux.ensurePackages(['git', 'Podman'], options) unless localLinux.hasBinaries?(['git', 'podman'], options)
|
|
21
|
+
rescue RuntimeError => error
|
|
22
|
+
prompt.say(error, :color => :red)
|
|
23
|
+
end
|
|
24
|
+
frappe = File.expand_path(REPOS_CACHE + '/frappe_docker')
|
|
25
|
+
if !File.exist?(frappe)
|
|
26
|
+
localLinux.createDirs(options, File.expand_path(REPOS_CACHE))
|
|
27
|
+
localLinux.exec("cd #{REPOS_CACHE} && git clone --quiet #{FRAPPE_REPO}", false, options)
|
|
28
|
+
else
|
|
29
|
+
localLinux.exec("cd #{REPOS_CACHE}/frappe_docker && git pull --quiet", false, options)
|
|
30
|
+
end
|
|
31
|
+
localLinux.exec("cd #{REPOS_CACHE}/frappe_docker && git checkout . --quiet", false, options)
|
|
32
|
+
|
|
33
|
+
if !IO::Connection.cmdSuccess?("podman image exists #{IMAGE_ID}")
|
|
34
|
+
appsJSON = Base64.urlsafe_encode64(File.read(__dir__ + '/sites/apps.json').gsub('$VERSION', VERSION))
|
|
35
|
+
# if you see error like "newuidmap 5227 0 1000 1 1 100000 65536: newuidmap: write to uid_map failed: Operation not permitted"
|
|
36
|
+
# then for LXC you need to set idmap like:
|
|
37
|
+
# LXC:
|
|
38
|
+
# - idmap: u 0 100000 165536
|
|
39
|
+
# - idmap: g 0 100000 165536
|
|
40
|
+
localLinux.exec("cd #{REPOS_CACHE}/frappe_docker && podman build --tag=#{IMAGE_ID} --build-arg APPS_JSON_BASE64=#{appsJSON} --build-arg FRAPPE_BRANCH=version-#{VERSION} --file images/custom/Containerfile .", false, options)
|
|
41
|
+
end
|
|
35
42
|
end
|
|
36
43
|
end
|
|
37
44
|
|
|
@@ -39,149 +46,153 @@ module ConfigLMM
|
|
|
39
46
|
raise Framework::PluginProcessError.new('Domain field must be set!') if (!target.key?('Proxy') || target['Proxy']) && !target['Domain']
|
|
40
47
|
|
|
41
48
|
target['Database'] ||= {}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
49
|
+
self.withConnection(target['Location'], target) do |connection|
|
|
50
|
+
Linux.withConnection(connection) do |linuxConnection|
|
|
51
|
+
|
|
52
|
+
dbPassword = self.configureMariaDB(target['Database'], activeState, linuxConnection, options)
|
|
45
53
|
|
|
46
|
-
|
|
54
|
+
Podman.ensurePresent(linuxConnection, options)
|
|
55
|
+
Podman.createUser(USER, HOME_DIR, 'ERPNext', linuxConnection, options)
|
|
47
56
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
57
|
+
cmd = IO::SSH.cmd(target['Location'])
|
|
58
|
+
local.exec("podman image save ConfigLM.moe/erpnext:v#{VERSION} | #{cmd} 'cat > #{HOME_DIR}/erpnext.tar'", false, options)
|
|
59
|
+
|
|
60
|
+
linuxConnection.withUserShell(USER) do |shell|
|
|
61
|
+
shell.createDirs(options, '~/sites', '~/logs')
|
|
62
|
+
Podman.loadImage(shell, 'erpnext.tar', options)
|
|
63
|
+
end
|
|
53
64
|
|
|
54
|
-
|
|
55
|
-
self.class.exec("podman image save ConfigLM.moe/erpnext:v#{VERSION} | #{cmd} 'cat > #{HOME_DIR}/erpnext.tar'")
|
|
56
|
-
self.class.exec("su --login #{USER} --shell /usr/bin/sh --command 'podman image load --input erpnext.tar'", ssh)
|
|
57
|
-
self.class.exec("rm -f #{HOME_DIR}/erpnext.tar", ssh)
|
|
65
|
+
linuxConnection.exec("rm -f #{HOME_DIR}/erpnext.tar", false, options)
|
|
58
66
|
|
|
59
|
-
path =
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
#
|
|
63
|
-
#
|
|
64
|
-
|
|
65
|
-
|
|
67
|
+
path = Podman.containersPath(HOME_DIR)
|
|
68
|
+
linuxConnection.exec(" echo 'FRAPPE_DB_PASSWORD=#{dbPassword}' > #{path}/ERPNext.env", false, options)
|
|
69
|
+
linuxConnection.exec("echo 'FRAPPE_SITE_NAME_HEADER=site' >> #{path}/ERPNext.env", false, options)
|
|
70
|
+
#linuxConnection.exec("echo 'UPSTREAM_REAL_IP_ADDRESS=127.0.0.1' >> #{path}/ERPNext.env", false, options)
|
|
71
|
+
#linuxConnection.exec("echo 'UPSTREAM_REAL_IP_RECURSIVE=on' >> #{path}/ERPNext.env", false, options)
|
|
72
|
+
linuxConnection.exec("echo 'BACKEND=10.90.50.10:8000' >> #{path}/ERPNext.env", false, options)
|
|
73
|
+
linuxConnection.exec("echo 'SOCKETIO=10.90.50.11:9000' >> #{path}/ERPNext.env", false, options)
|
|
66
74
|
|
|
67
|
-
|
|
68
|
-
|
|
75
|
+
linuxConnection.exec("chown #{USER}:#{USER} #{path}/ERPNext.env", false, options)
|
|
76
|
+
linuxConnection.exec("chmod 600 #{path}/ERPNext.env", false, options)
|
|
69
77
|
|
|
70
|
-
|
|
71
|
-
|
|
78
|
+
linuxConnection.upload(__dir__ + '/sites/apps.txt', HOME_DIR + '/sites/', options)
|
|
79
|
+
linuxConnection.upload(__dir__ + '/sites/common_site_config.json', HOME_DIR + '/sites/', options)
|
|
72
80
|
|
|
73
81
|
if target['Database'] && target['Database']['HostName']
|
|
74
|
-
|
|
82
|
+
linuxConnection.exec("sed -i 's|\"10.0.2.2\"|\"#{target['Database']['HostName']}\"|' #{HOME_DIR}/sites/common_site_config.json", false, options)
|
|
75
83
|
end
|
|
76
84
|
|
|
77
85
|
if target['Valkey']
|
|
78
|
-
|
|
86
|
+
linuxConnection.exec("sed -i 's|10.0.2.2:6379|#{target['Valkey']}|' #{HOME_DIR}/sites/common_site_config.json", false, options)
|
|
79
87
|
end
|
|
80
88
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
89
|
+
if target['ValkeySecretId']
|
|
90
|
+
valkeyPassword = context.secrets.load(target['ValkeySecretId'], 'VALKEY_PASSWORD')
|
|
91
|
+
linuxConnection.exec("sed -i 's|\"use_rq_auth\": false|\"use_rq_auth\": true|' #{HOME_DIR}/sites/common_site_config.json", false, options)
|
|
92
|
+
linuxConnection.exec("sed -i 's|$VALKEY_PASSWORD|#{valkeyPassword}|' #{HOME_DIR}/sites/common_site_config.json", false, { **options, hide: true })
|
|
85
93
|
end
|
|
86
94
|
|
|
87
|
-
|
|
95
|
+
linuxConnection.exec("chown -R #{USER}:#{USER} " + HOME_DIR + '/sites', false, options)
|
|
88
96
|
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
97
|
+
linuxConnection.upload(__dir__ + '/ERPNext.network', path, options)
|
|
98
|
+
linuxConnection.upload(__dir__ + '/ERPNext.container', path, options)
|
|
99
|
+
linuxConnection.upload(__dir__ + '/ERPNext-Queue.container', path, options)
|
|
100
|
+
linuxConnection.upload(__dir__ + '/ERPNext-Scheduler.container', path, options)
|
|
101
|
+
linuxConnection.upload(__dir__ + '/ERPNext-Websocket.container', path, options)
|
|
102
|
+
linuxConnection.upload(__dir__ + '/ERPNext-Frontend.container', path, options)
|
|
103
|
+
linuxConnection.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext.container", false, options)
|
|
104
|
+
linuxConnection.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Queue.container", false, options)
|
|
105
|
+
linuxConnection.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Scheduler.container", false, options)
|
|
106
|
+
linuxConnection.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Websocket.container", false, options)
|
|
107
|
+
linuxConnection.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Frontend.container", false, options)
|
|
100
108
|
|
|
101
109
|
if !target.key?('Proxy') || target['Proxy']
|
|
102
|
-
|
|
110
|
+
Nginx.withConnection(linuxConnection) do |nginxConnection|
|
|
111
|
+
nginxConnection.provisionProxy('http://127.0.0.1:18400', 'ERPNext', target, activeState, context, options)
|
|
112
|
+
end
|
|
103
113
|
elsif target.key?('Proxy') && target['Proxy'] == false
|
|
104
|
-
|
|
105
|
-
|
|
114
|
+
linuxConnection.exec("sed -i 's|PublishPort=127.0.0.1:18400:|PublishPort=0.0.0.0:18400:|' #{path}/ERPNext-Frontend.container", false, options)
|
|
115
|
+
linuxConnection.firewallAddPort('18400/tcp', options)
|
|
106
116
|
end
|
|
107
117
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
118
|
+
linuxConnection.reloadUserServices(USER, options)
|
|
119
|
+
linuxConnection.restartUserService(USER, 'ERPNext-network', options)
|
|
120
|
+
linuxConnection.restartUserService(USER, 'ERPNext', options)
|
|
121
|
+
|
|
122
|
+
MariaDB.withConnection(target['Database'], linuxConnection) do |connectionDB|
|
|
123
|
+
if !connectionDB.tableExist?(USER, 'tabUser', { **options, 'dry': false })
|
|
124
|
+
linuxConnection.withUserShell(USER) do |shellConnection|
|
|
125
|
+
Podman.withConnection(shellConnection, Podman.container(CONTAINER_NAME, shellConnection, options)) do |podmanConnection|
|
|
126
|
+
adminPassword = SecureRandom.alphanumeric(20)
|
|
127
|
+
dbAdminPassword = connectionDB.createAdmin(options)
|
|
128
|
+
linuxConnection.exec("rm -rf " + HOME_DIR + '/sites/erpnext', false, options)
|
|
129
|
+
#podmanConnection.exec("bench new-site --no-setup-db --db-name erpnext --db-user erpnext --admin-password #{adminPassword} --install-app erpnext --set-default site", false, { **options, hide: true })
|
|
130
|
+
connectionDB.dropDB(USER, options)
|
|
131
|
+
podmanConnection.exec("bench new-site --db-root-username admin --db-root-password #{dbAdminPassword} --db-name erpnext --admin-password #{adminPassword} --install-app erpnext --set-default site", false, { **options, hide: true })
|
|
132
|
+
podmanConnection.exec("bench --site site install-app hrms", false, options)
|
|
133
|
+
prompt.say("Administrator password: #{adminPassword}", :color => :magenta)
|
|
134
|
+
connectionDB.dropAdmin(options)
|
|
135
|
+
end
|
|
136
|
+
end
|
|
126
137
|
end
|
|
127
138
|
end
|
|
128
139
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
140
|
+
linuxConnection.restartUserService(USER, 'ERPNext-Queue', options)
|
|
141
|
+
linuxConnection.restartUserService(USER, 'ERPNext-Scheduler', options)
|
|
142
|
+
linuxConnection.restartUserService(USER, 'ERPNext-Websocket', options)
|
|
143
|
+
linuxConnection.restartUserService(USER, 'ERPNext-Frontend', options)
|
|
135
144
|
end
|
|
136
|
-
else
|
|
137
|
-
# TODO
|
|
138
145
|
end
|
|
139
146
|
end
|
|
140
147
|
|
|
141
|
-
def configureMariaDB(settings, activeState,
|
|
148
|
+
def configureMariaDB(settings, activeState, linuxConnection, options)
|
|
142
149
|
password = SecureRandom.alphanumeric(20)
|
|
143
|
-
MariaDB.
|
|
150
|
+
MariaDB.withConnection(settings, linuxConnection) do |mariaConnection|
|
|
151
|
+
mariaConnection.createUserAndDB(USER, password, nil, options)
|
|
152
|
+
end
|
|
144
153
|
password
|
|
145
154
|
end
|
|
146
155
|
|
|
147
156
|
def cleanup(configs, state, context, options)
|
|
148
|
-
cleanupType(:ERPNext, configs, state, context, options) do |item, id, state, context, options,
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext", ssh, true, options[:dry])
|
|
156
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Frontend", ssh, true, options[:dry])
|
|
157
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Websocket", ssh, true, options[:dry])
|
|
158
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Scheduler", ssh, true, options[:dry])
|
|
159
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Queue", ssh, true, options[:dry])
|
|
160
|
-
self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-network", ssh, true, options[:dry])
|
|
161
|
-
|
|
162
|
-
path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
|
|
163
|
-
rm(path + 'ERPNext.network', options[:dry], ssh)
|
|
164
|
-
rm(path + 'ERPNext.container', options[:dry], ssh)
|
|
165
|
-
rm(path + 'ERPNext-Queue.container', options[:dry], ssh)
|
|
166
|
-
rm(path + 'ERPNext-Scheduler.container', options[:dry], ssh)
|
|
167
|
-
rm(path + 'ERPNext-Websocket.container', options[:dry], ssh)
|
|
168
|
-
rm(path + 'ERPNext-Frontend.container', options[:dry], ssh)
|
|
169
|
-
|
|
170
|
-
self.class.exec("podman rmi #{IMAGE_ID}", ssh, true, options[:dry])
|
|
171
|
-
|
|
172
|
-
state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
|
|
173
|
-
|
|
174
|
-
if options[:destroy]
|
|
175
|
-
item['Database'] ||= {}
|
|
176
|
-
MariaDB.executeRemotely(item['Database'], ssh) do |sshDB|
|
|
177
|
-
MariaDB.executeSQL("DROP DATABASE #{USER}", nil, sshDB, true, options[:dry])
|
|
157
|
+
cleanupType(:ERPNext, configs, state, context, options) do |item, id, state, context, options, connection|
|
|
158
|
+
Linux.withConnection(connection) do |linuxConnection|
|
|
159
|
+
if item['Config']['Proxy'].nil? || item['Config']['Proxy']
|
|
160
|
+
Nginx.withConnection(linuxConnection) do |nginxConnection|
|
|
161
|
+
nginxConnection.cleanupConfig('ERPNext', context, options)
|
|
162
|
+
nginxConnection.reload(options)
|
|
163
|
+
end
|
|
178
164
|
end
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
165
|
+
linuxConnection.firewallRemovePort('18400/tcp', options)
|
|
166
|
+
|
|
167
|
+
linuxConnection.stopUserService(USER, 'ERPNext-Frontend', options)
|
|
168
|
+
linuxConnection.stopUserService(USER, 'ERPNext', options)
|
|
169
|
+
linuxConnection.stopUserService(USER, 'ERPNext-Websocket', options)
|
|
170
|
+
linuxConnection.stopUserService(USER, 'ERPNext-Scheduler', options)
|
|
171
|
+
linuxConnection.stopUserService(USER, 'ERPNext-Queue', options)
|
|
172
|
+
linuxConnection.stopUserService(USER, 'ERPNext-network', options)
|
|
173
|
+
|
|
174
|
+
path = Podman.containersPath(HOME_DIR)
|
|
175
|
+
linuxConnection.rm(path + 'ERPNext.network', options[:dry])
|
|
176
|
+
linuxConnection.rm(path + 'ERPNext.container', options[:dry])
|
|
177
|
+
linuxConnection.rm(path + 'ERPNext-Queue.container', options[:dry])
|
|
178
|
+
linuxConnection.rm(path + 'ERPNext-Scheduler.container', options[:dry])
|
|
179
|
+
linuxConnection.rm(path + 'ERPNext-Websocket.container', options[:dry])
|
|
180
|
+
linuxConnection.rm(path + 'ERPNext-Frontend.container', options[:dry])
|
|
181
|
+
|
|
182
|
+
linuxConnection.exec("podman rmi #{IMAGE_ID}", true, options)
|
|
183
|
+
|
|
184
|
+
state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
|
|
185
|
+
|
|
186
|
+
if options[:destroy]
|
|
187
|
+
item['Config']['Database'] ||= {}
|
|
188
|
+
MariaDB.withConnection(item['Config']['Database'], linuxConnection) do |connectionDB|
|
|
189
|
+
connectionDB.dropDB(USER, options)
|
|
190
|
+
end
|
|
191
|
+
linuxConnection.deleteUserAndGroup(USER, options)
|
|
192
|
+
linuxConnection.rm(HOME_DIR, options[:dry])
|
|
183
193
|
|
|
184
|
-
|
|
194
|
+
state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
|
|
195
|
+
end
|
|
185
196
|
end
|
|
186
197
|
end
|
|
187
198
|
end
|
|
@@ -4,6 +4,7 @@ Description=GitLab container
|
|
|
4
4
|
After=local-fs.target firewalld.service
|
|
5
5
|
|
|
6
6
|
[Container]
|
|
7
|
+
ContainerName=GitLab
|
|
7
8
|
Image=docker.io/gitlab/gitlab-ce:latest
|
|
8
9
|
PublishPort=127.0.0.1:18100:80
|
|
9
10
|
PublishPort=0.0.0.0:22:22
|
|
@@ -12,7 +13,12 @@ Volume=/var/lib/gitlab/logs:/var/log/gitlab
|
|
|
12
13
|
Volume=/var/lib/gitlab/data:/var/opt/gitlab
|
|
13
14
|
Volume=/var/lib/gitlab/backups:/var/opt/gitlab/backups
|
|
14
15
|
ShmSize=256M
|
|
16
|
+
LogDriver=journald
|
|
15
17
|
AutoUpdate=registry
|
|
16
18
|
|
|
19
|
+
[Service]
|
|
20
|
+
TimeoutStartSec=20min
|
|
21
|
+
Restart=on-failure
|
|
22
|
+
|
|
17
23
|
[Install]
|
|
18
24
|
WantedBy=multi-user.target default.target
|
|
@@ -1,44 +1,46 @@
|
|
|
1
1
|
|
|
2
2
|
module ConfigLMM
|
|
3
3
|
module LMM
|
|
4
|
-
class GitLab < Framework::
|
|
4
|
+
class GitLab < Framework::Plugin
|
|
5
5
|
|
|
6
6
|
HOME_DIR = '/var/lib/gitlab'
|
|
7
7
|
IMAGE_ID = 'docker.io/gitlab/gitlab-ce:latest'
|
|
8
8
|
|
|
9
9
|
def actionGitLabDeploy(id, target, activeState, context, options)
|
|
10
|
+
raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
|
|
10
11
|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
|
|
12
|
+
self.withConnection(target['Location'], target) do |connection|
|
|
13
|
+
Linux.withConnection(connection) do |linuxConnection|
|
|
14
14
|
|
|
15
|
-
|
|
16
|
-
self.prepareConfig(target, ssh)
|
|
17
|
-
|
|
18
|
-
distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
|
|
19
|
-
self.class.exec("mkdir -p #{HOME_DIR}/config", ssh)
|
|
20
|
-
self.class.exec("mkdir -p #{HOME_DIR}/logs", ssh)
|
|
21
|
-
self.class.exec("mkdir -p #{HOME_DIR}/data", ssh)
|
|
22
|
-
self.class.exec("mkdir -p #{HOME_DIR}/backups", ssh)
|
|
15
|
+
linuxConnection.createDirs(options, "#{HOME_DIR}/config", "#{HOME_DIR}/logs", "#{HOME_DIR}/data", "#{HOME_DIR}/backups")
|
|
23
16
|
|
|
24
17
|
path = '/etc/containers/systemd'
|
|
25
|
-
|
|
18
|
+
linuxConnection.upload(__dir__ + '/GitLab.container', path, options)
|
|
26
19
|
|
|
27
20
|
if !target.key?('Proxy') || target['Proxy']
|
|
28
|
-
|
|
21
|
+
Nginx.withConnection(linuxConnection) do |nginxConnection|
|
|
22
|
+
nginxConnection.provisionProxy('http://127.0.0.1:18100', 'GitLab', target, activeState, context, options)
|
|
23
|
+
end
|
|
29
24
|
elsif target.key?('Proxy') && target['Proxy'] == false
|
|
30
|
-
|
|
31
|
-
|
|
25
|
+
linuxConnection.fileReplace("#{path}/GitLab.container", 'PublishPort=127.0.0.1:18100:', 'PublishPort=0.0.0.0:18100:', options)
|
|
26
|
+
linuxConnection.firewallAddPort('18100/tcp', options)
|
|
32
27
|
end
|
|
33
28
|
|
|
34
|
-
|
|
35
|
-
|
|
29
|
+
linuxConnection.reloadServiceManager(options)
|
|
30
|
+
linuxConnection.restartService('GitLab', options)
|
|
36
31
|
|
|
37
32
|
configFile = HOME_DIR + '/config/gitlab.rb'
|
|
38
|
-
|
|
39
|
-
|
|
33
|
+
if options['dry']
|
|
34
|
+
linuxConnection.filePresent?(configFile, options)
|
|
35
|
+
else
|
|
36
|
+
counter = 200
|
|
37
|
+
while !linuxConnection.filePresent?(configFile, options)
|
|
38
|
+
counter -= 1
|
|
39
|
+
raise "Timeout while waiting for #{configFile}!" if counter <= 0
|
|
40
|
+
sleep(2)
|
|
41
|
+
end
|
|
40
42
|
end
|
|
41
|
-
|
|
43
|
+
linuxConnection.updateFile(configFile, options, true) do |fileLines|
|
|
42
44
|
fileLines << "external_url 'https://#{target['Domain']}'\n"
|
|
43
45
|
fileLines << "letsencrypt['enable'] = false\n"
|
|
44
46
|
fileLines << "nginx['listen_port'] = 80\n"
|
|
@@ -48,9 +50,9 @@ module ConfigLMM
|
|
|
48
50
|
fileLines << "mattermost_nginx['listen_port'] = 80\n"
|
|
49
51
|
fileLines << "mattermost_nginx['listen_https'] = false\n"
|
|
50
52
|
if target['SMTP']
|
|
51
|
-
fileLines << "gitlab_rails['smtp_address'] = '#{target['SMTP']['
|
|
53
|
+
fileLines << "gitlab_rails['smtp_address'] = '#{target['SMTP']['Host']}'\n"
|
|
52
54
|
fileLines << "gitlab_rails['smtp_port'] = '#{target['SMTP']['Port']}'\n"
|
|
53
|
-
fileLines << "gitlab_rails['smtp_user_name'] = '#{target['SMTP']['
|
|
55
|
+
fileLines << "gitlab_rails['smtp_user_name'] = '#{target['SMTP']['Username']}'\n"
|
|
54
56
|
if target['SMTP']['TLS']
|
|
55
57
|
fileLines << "gitlab_rails['smtp_tls'] = true\n"
|
|
56
58
|
fileLines << "gitlab_rails['smtp_openssl_verify_mode'] = 'peer'\n"
|
|
@@ -58,37 +60,29 @@ module ConfigLMM
|
|
|
58
60
|
end
|
|
59
61
|
end
|
|
60
62
|
|
|
61
|
-
|
|
63
|
+
linuxConnection.restartService('GitLab', options)
|
|
62
64
|
end
|
|
63
|
-
else
|
|
64
|
-
# TODO
|
|
65
65
|
end
|
|
66
|
-
activeState['Status'] = State::STATUS_DEPLOYED
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
def prepareConfig(target, ssh)
|
|
70
|
-
raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
|
|
71
|
-
|
|
72
|
-
Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
|
|
73
|
-
self.class.prepareNginxConfig(target, ssh)
|
|
74
66
|
end
|
|
75
67
|
|
|
76
68
|
def cleanup(configs, state, context, options)
|
|
77
|
-
cleanupType(:GitLab, configs, state, context, options) do |item, id, state, context, options,
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
69
|
+
cleanupType(:GitLab, configs, state, context, options) do |item, id, state, context, options, connection|
|
|
70
|
+
Linux.withConnection(connection) do |linuxConnection|
|
|
71
|
+
if item['Config']['Proxy'].nil? || item['Config']['Proxy']
|
|
72
|
+
Nginx.withConnection(linuxConnection) do |nginxConnection|
|
|
73
|
+
nginxConnection.cleanupConfig('GitLab', context, options)
|
|
74
|
+
nginxConnection.reload(options)
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
linuxConnection.firewallRemovePort('18100/tcp', options)
|
|
78
|
+
linuxConnection.stopService('GitLab', options)
|
|
79
|
+
linuxConnection.rm('/etc/containers/systemd/GitLab.container', options[:dry])
|
|
80
|
+
linuxConnection.exec("podman rmi #{IMAGE_ID}", true, options)
|
|
81
|
+
state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
|
|
82
|
+
if options[:destroy]
|
|
83
|
+
connection.rm('/var/lib/gitlab', options[:dry])
|
|
84
|
+
state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
|
|
85
|
+
end
|
|
92
86
|
end
|
|
93
87
|
end
|
|
94
88
|
end
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
|
|
2
|
+
server {
|
|
3
|
+
|
|
4
|
+
<% if config['NginxVersion'] >= 1.25 %>
|
|
5
|
+
<% if !config['TLS'] %>
|
|
6
|
+
listen <%= config['Port'] %>;
|
|
7
|
+
listen [::]:<%= config['Port'] %>;
|
|
8
|
+
<% else %>
|
|
9
|
+
listen <%= config['Port'] %> ssl;
|
|
10
|
+
listen [::]:<%= config['Port'] %> ssl;
|
|
11
|
+
|
|
12
|
+
include config-lmm/ssl.conf;
|
|
13
|
+
<% end %>
|
|
14
|
+
http2 on;
|
|
15
|
+
http3 on;
|
|
16
|
+
quic_retry on;
|
|
17
|
+
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
18
|
+
<% else %>
|
|
19
|
+
<% if !config['TLS'] %>
|
|
20
|
+
listen <%= config['Port'] %>;
|
|
21
|
+
listen [::]:<%= config['Port'] %>;
|
|
22
|
+
<% else %>
|
|
23
|
+
listen <%= config['Port'] %> ssl http2;
|
|
24
|
+
listen [::]:<%= config['Port'] %> ssl http2;
|
|
25
|
+
|
|
26
|
+
include config-lmm/ssl.conf;
|
|
27
|
+
<% end %>
|
|
28
|
+
<% end %>
|
|
29
|
+
|
|
30
|
+
server_name <%= config['Domain'] %>;
|
|
31
|
+
|
|
32
|
+
<% if config['AuthentikDomain'].nil? %>
|
|
33
|
+
include config-lmm/private.conf;
|
|
34
|
+
<% end %>
|
|
35
|
+
|
|
36
|
+
include config-lmm/errors.conf;
|
|
37
|
+
|
|
38
|
+
<% if config['CertName'] %>
|
|
39
|
+
ssl_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/fullchain.pem";
|
|
40
|
+
ssl_certificate_key "/etc/letsencrypt/live/<%= config['CertName'] %>/privkey.pem";
|
|
41
|
+
ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
|
|
42
|
+
<% end %>
|
|
43
|
+
|
|
44
|
+
location / {
|
|
45
|
+
proxy_pass <%= config['Server'] %>;
|
|
46
|
+
|
|
47
|
+
<% if config['AuthentikDomain'] %>
|
|
48
|
+
error_page 401 = @authenticate;
|
|
49
|
+
include config-lmm/errors.conf;
|
|
50
|
+
|
|
51
|
+
auth_request /outpost.goauthentik.io/auth/nginx;
|
|
52
|
+
|
|
53
|
+
# translate headers from the outposts back to the actual upstream
|
|
54
|
+
auth_request_set $authentik_username $upstream_http_x_authentik_username;
|
|
55
|
+
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
|
|
56
|
+
auth_request_set $authentik_email $upstream_http_x_authentik_email;
|
|
57
|
+
auth_request_set $authentik_name $upstream_http_x_authentik_name;
|
|
58
|
+
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
|
|
59
|
+
|
|
60
|
+
proxy_set_header REMOTE_USER $authentik_username;
|
|
61
|
+
proxy_set_header REMOTE_GROUPS $authentik_groups;
|
|
62
|
+
proxy_set_header REMOTE_EMAIL $authentik_email;
|
|
63
|
+
proxy_set_header REMOTE_NAME $authentik_name;
|
|
64
|
+
proxy_set_header REMOTE_UID $authentik_uid;
|
|
65
|
+
<% end %>
|
|
66
|
+
|
|
67
|
+
include config-lmm/proxy.conf;
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
<% if config['AuthentikDomain'] %>
|
|
71
|
+
location /outpost.goauthentik.io {
|
|
72
|
+
proxy_pass https://<%= config['AuthentikDomain'] %>/outpost.goauthentik.io;
|
|
73
|
+
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
|
74
|
+
proxy_set_header X-Authentik-Host $host;
|
|
75
|
+
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
|
76
|
+
proxy_pass_request_body off;
|
|
77
|
+
proxy_set_header Content-Length "";
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
location @authenticate {
|
|
81
|
+
internal;
|
|
82
|
+
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
|
|
83
|
+
}
|
|
84
|
+
<% end %>
|
|
85
|
+
}
|
|
86
|
+
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
|
|
2
|
+
[Unit]
|
|
3
|
+
Description=Homepage container
|
|
4
|
+
After=local-fs.target
|
|
5
|
+
|
|
6
|
+
[Container]
|
|
7
|
+
ContainerName=Homepage
|
|
8
|
+
Image=ghcr.io/gethomepage/homepage:latest
|
|
9
|
+
PublishPort=127.0.0.1:13400:3000
|
|
10
|
+
LogDriver=journald
|
|
11
|
+
AutoUpdate=registry
|
|
12
|
+
Volume=/var/lib/homepage/config:/app/config
|
|
13
|
+
|
|
14
|
+
[Service]
|
|
15
|
+
TimeoutStartSec=3min
|
|
16
|
+
Restart=on-failure
|
|
17
|
+
|
|
18
|
+
[Install]
|
|
19
|
+
WantedBy=multi-user.target default.target
|