From 31ff7a1dc47b99cc64ac0f62c8c8b61fc9f0cf4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Sat, 10 Jan 2026 21:19:28 +0000 Subject: [PATCH] WiP --- Makefile.common | 6 +- gitea/Makefile | 12 +++ gitea/config/examples/app.ini | 114 +++++++++++++++++++++++++ gitea/config/examples/config.env | 0 gitea/fcos.bu | 13 +++ gitea/gitea.container | 53 ++++++++++++ gitea/gitea.target | 13 +++ gitea/other/postgresql/gitea.sql | 5 ++ gitea/other/traefik/gitea.yaml | 16 ++++ gitea/overlay.bu | 9 ++ gitea/tmpfiles.d/gitea.conf | 1 + keycloak/Makefile | 12 --- miniflux/Makefile | 12 --- nextcloud/Makefile | 12 --- postgresql/Makefile.hooks | 5 ++ restic-server/Makefile | 6 -- samba/Makefile.hooks | 5 ++ seedbox/Makefile | 12 --- traefik/Makefile.hooks | 5 ++ vaultwarden/Makefile | 12 --- vaultwarden/config/examples/config.env | 6 ++ 21 files changed, 260 insertions(+), 69 deletions(-) create mode 100644 gitea/Makefile create mode 100644 gitea/config/examples/app.ini create mode 100644 gitea/config/examples/config.env create mode 100644 gitea/fcos.bu create mode 100644 gitea/gitea.container create mode 100644 gitea/gitea.target create mode 100644 gitea/other/postgresql/gitea.sql create mode 100644 gitea/other/traefik/gitea.yaml create mode 100644 gitea/overlay.bu create mode 100644 gitea/tmpfiles.d/gitea.conf create mode 100644 postgresql/Makefile.hooks create mode 100644 samba/Makefile.hooks create mode 100644 traefik/Makefile.hooks diff --git a/Makefile.common b/Makefile.common index cf3d65c..ef9485f 100644 --- a/Makefile.common +++ b/Makefile.common @@ -115,9 +115,9 @@ DEPENDENCIES_IGNITION_FILES := $(shell for dep in base $(DEPENDENCIES); do echo PROJECT_UID ?= 0 PROJECT_GID ?= 0 -# Function to reverse a list of words -# Usage: $(call reverse,word1 word2 word3) -reverse = $(let first rest,$1,$(if $(rest),$(call reverse,$(rest)) )$(first)) +# Source Makefiles providing hooks to extend this Makefile. +HOOKS := $(wildcard $(TOP_LEVEL_DIR)/*/Makefile.hooks) +include $(HOOKS) # Ensure that the Makefile is not run from the top-level directory and that it is run as root. pre-requisites:: diff --git a/gitea/Makefile b/gitea/Makefile new file mode 100644 index 0000000..606461d --- /dev/null +++ b/gitea/Makefile @@ -0,0 +1,12 @@ +## +## Makefile for Gitea quadlet +## + +DEPENDENCIES = postgresql traefik + +# Gitea quadlet is mapped to the 10009 user (gitea) and 10000 group (itix-svc) +PROJECT_UID = 10009 +PROJECT_GID = 10000 + +TOP_LEVEL_DIR := .. +include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/gitea/config/examples/app.ini b/gitea/config/examples/app.ini new file mode 100644 index 0000000..e8bd499 --- /dev/null +++ b/gitea/config/examples/app.ini @@ -0,0 +1,114 @@ +APP_NAME = Gitea +RUN_USER = git +RUN_MODE = prod + +[oauth2] +; OAuth2 authentication secret for access and refresh tokens, change this a unique string +;JWT_SECRET = + +[security] +; Secret used to validate communication within Gitea binary. random at every install if no uri set. +;INTERNAL_TOKEN = +INSTALL_LOCK = true +; Global secret key. random at every install. +;SECRET_KEY = + +[database] +DB_TYPE = postgres +HOST = 127.0.0.1:5432 +NAME = gitea +USER = gitea +PASSWD = gitea +SSL_MODE = disable +CHARSET = utf8 +; SQL logs are rarely helpful unless we specifically ask for them +LOG_SQL = false + +[server] +APP_DATA_PATH = /data +SSH_DOMAIN = gitea +DOMAIN = gitea +HTTP_PORT = 3000 +ROOT_URL = http://gitea/ +DISABLE_SSH = false +START_SSH_SERVER = true +LFS_START_SERVER = true +; LFS authentication secret, change this to a unique string +;LFS_JWT_SECRET = +OFFLINE_MODE = true +PROTOCOL = http +BUILTIN_SSH_SERVER_USER = git +SSH_LISTEN_PORT = 2222 +SSH_PORT = 22 +ENABLE_PPROF = false + +[mailer] +;ENABLED = true +;HOST = smtp.gmail.com:587 +;FROM = +;USER = +;PASSWD = + +[service] +REGISTER_EMAIL_CONFIRM = true +ENABLE_NOTIFY_MAIL = true +DISABLE_REGISTRATION = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +;NO_REPLY_ADDRESS = itix.fr + +[picture] +DISABLE_GRAVATAR = true +ENABLE_FEDERATED_AVATAR = false + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = warn +ENABLE_ACCESS_LOG = true +COLORIZE = false +STDERR = true +ROUTER = console + +[log.sublogger.access] +MODE = file +ROOT_PATH = /data/log + +[log.sublogger.macaron] +MODE = file +FILE_NAME = /dev/null + +[log.console] +MODE = console +COLORIZE = false +STDERR = true + +[cron] +ENABLED = true +RUN_AT_START = true + +[cron.update_mirrors] +SCHEDULE = @every 24h + +[mirror] +DEFAULT_INTERVAL = 24h +MIN_INTERVAL = 30m + +[app_name] +APP_NAME = Gitea + +[repository] +ROOT = /data/git/gitea-repositories + +[metrics] +ENABLED = false diff --git a/gitea/config/examples/config.env b/gitea/config/examples/config.env new file mode 100644 index 0000000..e69de29 diff --git a/gitea/fcos.bu b/gitea/fcos.bu new file mode 100644 index 0000000..75c43aa --- /dev/null +++ b/gitea/fcos.bu @@ -0,0 +1,13 @@ +variant: fcos +version: 1.4.0 +ignition: + config: + merge: + - local: base.ign + - local: traefik.ign + - local: traefik-examples.ign + - local: postgresql.ign + - local: postgresql-examples.ign + - local: gitea.ign + - local: gitea-examples.ign + - local: local.ign diff --git a/gitea/gitea.container b/gitea/gitea.container new file mode 100644 index 0000000..4defd44 --- /dev/null +++ b/gitea/gitea.container @@ -0,0 +1,53 @@ +[Unit] +Description=Gitea +Documentation=https://docs.gitea.com/ +After=network.target var-lib-virtiofs-data.mount +Requires=var-lib-virtiofs-data.mount + +# Only start if Gitea has been configured +ConditionPathExists=/etc/quadlets/gitea/config.env + +# Start/stop this unit when the target is started/stopped +PartOf=gitea.target + +[Container] +ContainerName=gitea +Image=docker.gitea.com/gitea:latest +AutoUpdate=registry + +# Network configuration +Network=host + +# No need for root privileges +User=10009 +Group=10000 +Environment=USER_UID=10009 +Environment=USER_GID=10000 +AddCapability=CAP_NET_BIND_SERVICE + +# Override default command to start Gitea +Entrypoint=/usr/local/bin/gitea +Exec=-c /etc/gitea/app.ini web + +# Volume mounts +Volume=/var/lib/virtiofs/data/gitea:/data:z +Volume=/etc/quadlets/gitea/app.ini:/etc/gitea/app.ini:Z + +# Health check +HealthCmd=curl -sSf http://127.0.0.1:3000/ +HealthInterval=30s +HealthTimeout=10s +HealthStartPeriod=10s +HealthRetries=3 + +[Service] +Restart=always +RestartSec=10 +TimeoutStartSec=120 +TimeoutStopSec=30 + +# Wait for PostgreSQL to be ready on localhost +ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1' + +[Install] +WantedBy=gitea.target diff --git a/gitea/gitea.target b/gitea/gitea.target new file mode 100644 index 0000000..0052f6a --- /dev/null +++ b/gitea/gitea.target @@ -0,0 +1,13 @@ +[Unit] +Description=Gitea Service Target +Documentation=man:systemd.target(5) +Requires=postgresql.target gitea.service +After=postgresql.target gitea.service + +# Allow isolation - can stop/start this target independently +AllowIsolate=yes +# Only start if Gitea has been configured +ConditionPathExists=/etc/quadlets/gitea/config.env + +[Install] +WantedBy=multi-user.target diff --git a/gitea/other/postgresql/gitea.sql b/gitea/other/postgresql/gitea.sql new file mode 100644 index 0000000..8ab4887 --- /dev/null +++ b/gitea/other/postgresql/gitea.sql @@ -0,0 +1,5 @@ +-- Initialization script for Gitea database and user +CREATE USER gitea WITH PASSWORD 'gitea'; +CREATE DATABASE gitea OWNER gitea; +GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea; +ALTER ROLE gitea SET client_encoding TO 'utf8'; \ No newline at end of file diff --git a/gitea/other/traefik/gitea.yaml b/gitea/other/traefik/gitea.yaml new file mode 100644 index 0000000..2a1f6a9 --- /dev/null +++ b/gitea/other/traefik/gitea.yaml @@ -0,0 +1,16 @@ +http: + routers: + gitea: + rule: "Host(`gitea`)" + entryPoints: + - http + #- https + middlewares: + service: "gitea" + #tls: + # certResolver: le + services: + gitea: + loadBalancer: + servers: + - url: "http://127.0.0.1:3000" diff --git a/gitea/overlay.bu b/gitea/overlay.bu new file mode 100644 index 0000000..6fc6c4e --- /dev/null +++ b/gitea/overlay.bu @@ -0,0 +1,9 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: gitea + uid: 10009 + gecos: Gitea + home_dir: /var/lib/quadlets/gitea + primary_group: itix-svc diff --git a/gitea/tmpfiles.d/gitea.conf b/gitea/tmpfiles.d/gitea.conf new file mode 100644 index 0000000..35ff71b --- /dev/null +++ b/gitea/tmpfiles.d/gitea.conf @@ -0,0 +1 @@ +d$ /var/lib/virtiofs/data/gitea 0700 10009 10000 - diff --git a/keycloak/Makefile b/keycloak/Makefile index ec4b0ae..7f95819 100644 --- a/keycloak/Makefile +++ b/keycloak/Makefile @@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik PROJECT_UID = 10007 PROJECT_GID = 10000 -# PostgreSQL initialization scripts -TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*)) -TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES) -$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql - install -m 0600 -o 10004 -g 10000 $< $@ - -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/miniflux/Makefile b/miniflux/Makefile index 4ed051d..4d6bc24 100644 --- a/miniflux/Makefile +++ b/miniflux/Makefile @@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik PROJECT_UID = 10010 PROJECT_GID = 10000 -# PostgreSQL initialization scripts -TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*)) -TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES) -$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql - install -m 0600 -o 10004 -g 10000 $< $@ - -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/nextcloud/Makefile b/nextcloud/Makefile index bc92393..6e1912a 100644 --- a/nextcloud/Makefile +++ b/nextcloud/Makefile @@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik PROJECT_UID = 10008 PROJECT_GID = 10000 -# PostgreSQL initialization scripts -TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*)) -TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES) -$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql - install -m 0600 -o 10004 -g 10000 $< $@ - -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - # Additional Nextcloud directories and files TARGET_FILES += $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis: diff --git a/postgresql/Makefile.hooks b/postgresql/Makefile.hooks new file mode 100644 index 0000000..d17388d --- /dev/null +++ b/postgresql/Makefile.hooks @@ -0,0 +1,5 @@ +# PostgreSQL initialization scripts +TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*)) +TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES) +$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql + install -m 0600 -o 10004 -g 10000 $< $@ diff --git a/restic-server/Makefile b/restic-server/Makefile index fb4cc0d..888d06c 100644 --- a/restic-server/Makefile +++ b/restic-server/Makefile @@ -8,12 +8,6 @@ DEPENDENCIES = traefik PROJECT_UID = 10022 PROJECT_GID = 10000 -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/samba/Makefile.hooks b/samba/Makefile.hooks new file mode 100644 index 0000000..9d94a6c --- /dev/null +++ b/samba/Makefile.hooks @@ -0,0 +1,5 @@ +# Samba configuration files +TARGET_SAMBA_FILES = $(patsubst other/samba/%, $(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%, $(wildcard other/samba/*)) +TARGET_EXAMPLE_FILES += $(TARGET_SAMBA_FILES) +$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%: other/samba/% + install -m 0644 -o root -g root $< $@ diff --git a/seedbox/Makefile b/seedbox/Makefile index 9a4e224..81e2f16 100644 --- a/seedbox/Makefile +++ b/seedbox/Makefile @@ -8,18 +8,6 @@ DEPENDENCIES = traefik samba PROJECT_UID = 10017 PROJECT_GID = 10000 -# Samba configuration files -TARGET_SAMBA_FILES = $(patsubst other/samba/%, $(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%, $(wildcard other/samba/*)) -TARGET_EXAMPLE_FILES += $(TARGET_SAMBA_FILES) -$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%: other/samba/% - install -m 0644 -o root -g root $< $@ - -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/traefik/Makefile.hooks b/traefik/Makefile.hooks new file mode 100644 index 0000000..987da10 --- /dev/null +++ b/traefik/Makefile.hooks @@ -0,0 +1,5 @@ +# Traefik configuration files +TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) +TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) +$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% + install -m 0644 -o 10001 -g 10000 $< $@ diff --git a/vaultwarden/Makefile b/vaultwarden/Makefile index 4fe0bb6..b766c08 100644 --- a/vaultwarden/Makefile +++ b/vaultwarden/Makefile @@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik PROJECT_UID = 10020 PROJECT_GID = 10000 -# PostgreSQL initialization scripts -TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*)) -TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES) -$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql - install -m 0600 -o 10004 -g 10000 $< $@ - -# Traefik configuration files -TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*)) -TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES) -$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/% - install -m 0644 -o 10001 -g 10000 $< $@ - TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common diff --git a/vaultwarden/config/examples/config.env b/vaultwarden/config/examples/config.env index c19c7c0..5195a7f 100644 --- a/vaultwarden/config/examples/config.env +++ b/vaultwarden/config/examples/config.env @@ -1,3 +1,6 @@ +# Vaultwarden Configuration File +# See https://github.com/dani-garcia/vaultwarden/blob/main/.env.template for more details + # Public URL where Vaultwarden will be accessible DOMAIN=http://vaultwarden @@ -8,6 +11,9 @@ ROCKET_PORT=8080 # Database configuration DATABASE_URL=postgresql://vaultwarden:vaultwarden@localhost:5432/vaultwarden +# Folder to store data (attachments, icons, etc.) +DATA_FOLDER=/data + # Generated using the following command: # echo -n 'Ch4ng3M3!' | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4 ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$cnV0dFVjODhCcDRyR2E1azNRM2NNTDAvamxNUzJpdklrVkpaRmQ5Sm95WT0$mS2zqCE1fTOYSEg0q8pffD2C/6cFctTZQXVxlZ5Of8E