Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Trez.One
|
cc9c76d958 | ||
 Trez.One
|
3fd5a39866 | ||
 gitea-sonarqube-bot
|
05fe650895 | ||
|
Trez.One
|
0b3b42d103 | ||
|
Trez.One
|
9115efd9bb | ||
|
Trez.One
|
7cff89b4cf | ||
|
Trez.One
|
8a442b3b91 | ||
|
gitea-sonarqube-bot
|
584d304497 |
@@ -49,7 +49,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
|
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
|
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -136,14 +136,17 @@ jobs:
|
|||||||
- name: Docker Compose Dry Run
|
- name: Docker Compose Dry Run
|
||||||
timeout-minutes: 360
|
timeout-minutes: 360
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
uses: keatonLiu/docker-compose-remote-action@v1.2
|
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||||
with:
|
with:
|
||||||
docker_compose_file: docker-compose.yml
|
|
||||||
docker_args: -d --remove-orphans --pull missing ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
|
||||||
ssh_user: gitea-deploy
|
|
||||||
ssh_host: 192.168.1.254
|
ssh_host: 192.168.1.254
|
||||||
ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
|
ssh_port: 22
|
||||||
ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
ssh_user: gitea-deploy
|
||||||
|
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||||
|
service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||||
|
compose_file: docker-compose.yml
|
||||||
|
pull: false
|
||||||
|
build: false
|
||||||
|
options: -d --remove-orphans
|
||||||
env:
|
env:
|
||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
@@ -296,12 +299,13 @@ jobs:
|
|||||||
docker-compose-deploy:
|
docker-compose-deploy:
|
||||||
name: Docker Compose Deployment
|
name: Docker Compose Deployment
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [pr-merge]
|
needs: [docker-compose-dry-run, pr-merge]
|
||||||
env:
|
env:
|
||||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||||
|
DOCKER_SVC_LIST: ${{ needs.docker-compose-dry-run.outputs.svc_deploy_list }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
@@ -332,17 +336,22 @@ jobs:
|
|||||||
- name: Generate .env file for deployment
|
- name: Generate .env file for deployment
|
||||||
run: |
|
run: |
|
||||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||||
- name: Docker Compose Deployment
|
- name: Docker Compose Dry Run
|
||||||
timeout-minutes: 360
|
timeout-minutes: 360
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
uses: keatonLiu/docker-compose-remote-action@v1.2
|
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||||
|
env:
|
||||||
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
with:
|
with:
|
||||||
docker_compose_file: docker-compose.yml
|
|
||||||
docker_args: -d --remove-orphans --pull missing ${{ docker-compose-dry-run.outputs.svc_deploy_list }}
|
|
||||||
ssh_user: gitea-deploy
|
|
||||||
ssh_host: 192.168.1.254
|
ssh_host: 192.168.1.254
|
||||||
ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
|
ssh_port: 22
|
||||||
ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
ssh_user: gitea-deploy
|
||||||
|
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||||
|
service: ${DOCKER_SVC_LIST}
|
||||||
|
compose_file: docker-compose.yml
|
||||||
|
pull: false
|
||||||
|
build: false
|
||||||
|
options: -d --remove-orphans
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -39,7 +39,7 @@
|
|||||||
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
||||||
| freescout | tiredofit/freescout:latest |
|
| freescout | tiredofit/freescout:latest |
|
||||||
| ghost | ghost:latest |
|
| ghost | ghost:latest |
|
||||||
| gitea | gitea/gitea:1.23.1 |
|
| gitea | gitea/gitea:1.24.0 |
|
||||||
| gitea-db | postgres:14 |
|
| gitea-db | postgres:14 |
|
||||||
| gitea-runner | gitea/act_runner:latest |
|
| gitea-runner | gitea/act_runner:latest |
|
||||||
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
||||||
|
|||||||
@@ -3,4 +3,4 @@
|
|||||||
|
|
||||||
urls:
|
urls:
|
||||||
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
||||||
- mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
|
- mailto://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
|
||||||
@@ -0,0 +1,49 @@
|
|||||||
|
common:
|
||||||
|
daemonize: false
|
||||||
|
log_media: stdout
|
||||||
|
log_level: info
|
||||||
|
log_dir: /var/log/
|
||||||
|
config_paths:
|
||||||
|
config_dir: /etc/crowdsec/
|
||||||
|
data_dir: /var/lib/crowdsec/data/
|
||||||
|
simulation_path: /etc/crowdsec/simulation.yaml
|
||||||
|
hub_dir: /etc/crowdsec/hub/
|
||||||
|
index_path: /etc/crowdsec/hub/.index.json
|
||||||
|
notification_dir: /etc/crowdsec/notifications/
|
||||||
|
plugin_dir: /usr/local/lib/crowdsec/plugins/
|
||||||
|
crowdsec_service:
|
||||||
|
acquisition_path: /etc/crowdsec/acquis.yaml
|
||||||
|
acquisition_dir: /etc/crowdsec/acquis.d
|
||||||
|
parser_routines: 1
|
||||||
|
plugin_config:
|
||||||
|
user: nobody
|
||||||
|
group: nobody
|
||||||
|
cscli:
|
||||||
|
output: human
|
||||||
|
db_config:
|
||||||
|
log_level: info
|
||||||
|
type: sqlite
|
||||||
|
db_path: /var/lib/crowdsec/data/crowdsec.db
|
||||||
|
flush:
|
||||||
|
max_items: 5000
|
||||||
|
max_age: 7d
|
||||||
|
use_wal: false
|
||||||
|
api:
|
||||||
|
client:
|
||||||
|
insecure_skip_verify: false
|
||||||
|
credentials_path: /etc/crowdsec/local_api_credentials.yaml
|
||||||
|
server:
|
||||||
|
log_level: info
|
||||||
|
listen_uri: 0.0.0.0:8080
|
||||||
|
profiles_path: /etc/crowdsec/profiles.yaml
|
||||||
|
trusted_ips: # IP ranges, or IPs which can have admin API access
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
online_client: # Central API credentials (to push signals and receive bad IPs)
|
||||||
|
credentials_path: /etc/crowdsec/online_api_credentials.yaml
|
||||||
|
enable: true
|
||||||
|
prometheus:
|
||||||
|
enabled: true
|
||||||
|
level: full
|
||||||
|
listen_addr: 0.0.0.0
|
||||||
|
listen_port: 6060
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
url: https://api.crowdsec.net/
|
||||||
|
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||||
|
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||||
+9
-31
@@ -722,36 +722,13 @@ services:
|
|||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges=true
|
- no-new-privileges=true
|
||||||
volumes:
|
volumes:
|
||||||
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
||||||
target: /etc/crowdsec/config.yaml.local
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
||||||
type: bind
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
|
||||||
bind:
|
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro
|
||||||
create_host_path: true
|
- crowdsec-config:/etc/crowdsec
|
||||||
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local
|
- crowdsec-db:/var/lib/crowdsec/data
|
||||||
target: /etc/crowdsec/local_api_credentials.yaml.local
|
- /var/log/journal:/var/log/host:ro
|
||||||
type: bind
|
|
||||||
bind:
|
|
||||||
create_host_path: true
|
|
||||||
- read_only: true
|
|
||||||
source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx
|
|
||||||
target: /var/log/swag
|
|
||||||
type: bind
|
|
||||||
bind:
|
|
||||||
create_host_path: true
|
|
||||||
- source: crowdsec-config
|
|
||||||
target: /etc/crowdsec
|
|
||||||
type: volume
|
|
||||||
volume: {}
|
|
||||||
- source: crowdsec-db
|
|
||||||
target: /var/lib/crowdsec/data
|
|
||||||
type: volume
|
|
||||||
volume: {}
|
|
||||||
- bind:
|
|
||||||
create_host_path: true
|
|
||||||
read_only: true
|
|
||||||
source: /var/log/journal
|
|
||||||
target: /var/log/host
|
|
||||||
type: bind
|
|
||||||
crowdsec-dashboard:
|
crowdsec-dashboard:
|
||||||
container_name: crowdsec-dashboard
|
container_name: crowdsec-dashboard
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -1067,6 +1044,7 @@ services:
|
|||||||
homepage.icon: /icons/dockflare.png
|
homepage.icon: /icons/dockflare.png
|
||||||
homepage.description: Cloudflare Tunnel controller
|
homepage.description: Cloudflare Tunnel controller
|
||||||
swag: enable
|
swag: enable
|
||||||
|
swag_auth: authelia
|
||||||
swag_proto: http
|
swag_proto: http
|
||||||
swag_url: cftunn.${MY_TLD}
|
swag_url: cftunn.${MY_TLD}
|
||||||
swag.uptime-kuma.enabled: true
|
swag.uptime-kuma.enabled: true
|
||||||
@@ -1367,7 +1345,7 @@ services:
|
|||||||
GITEA__mailer__SMTP_PORT: 25
|
GITEA__mailer__SMTP_PORT: 25
|
||||||
GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
|
GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
|
||||||
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
||||||
image: gitea/gitea:1.23.1
|
image: gitea/gitea:1.24.0
|
||||||
labels:
|
labels:
|
||||||
homepage.group: Code/DevOps
|
homepage.group: Code/DevOps
|
||||||
homepage.name: Gitea
|
homepage.name: Gitea
|
||||||
|
|||||||
Reference in New Issue
Block a user