WiP

Makefile.common

@@ -115,9 +115,9 @@ DEPENDENCIES_IGNITION_FILES := $(shell for dep in base $(DEPENDENCIES); do echo
 PROJECT_UID ?= 0
 PROJECT_GID ?= 0
 
-# Function to reverse a list of words
-# Usage: $(call reverse,word1 word2 word3)
-reverse = $(let first rest,$1,$(if $(rest),$(call reverse,$(rest)) )$(first))
+# Source Makefiles providing hooks to extend this Makefile.
+HOOKS := $(wildcard $(TOP_LEVEL_DIR)/*/Makefile.hooks)
+include $(HOOKS)
 
 # Ensure that the Makefile is not run from the top-level directory and that it is run as root.
 pre-requisites::

gitea/Makefile

@@ -0,0 +1,12 @@
+##
+## Makefile for Gitea quadlet
+##
+
+DEPENDENCIES = postgresql traefik
+
+# Gitea quadlet is mapped to the 10009 user (gitea) and 10000 group (itix-svc)
+PROJECT_UID = 10009
+PROJECT_GID = 10000
+
+TOP_LEVEL_DIR := ..
+include $(TOP_LEVEL_DIR)/Makefile.common

gitea/config/examples/app.ini

@@ -0,0 +1,114 @@
+APP_NAME = Gitea
+RUN_USER = git
+RUN_MODE = prod
+
+[oauth2]
+; OAuth2 authentication secret for access and refresh tokens, change this a unique string
+;JWT_SECRET = 
+
+[security]
+; Secret used to validate communication within Gitea binary. random at every install if no uri set.
+;INTERNAL_TOKEN = 
+INSTALL_LOCK   = true
+; Global secret key. random at every install.
+;SECRET_KEY     = 
+
+[database]
+DB_TYPE  = postgres
+HOST     = 127.0.0.1:5432
+NAME     = gitea
+USER     = gitea
+PASSWD   = gitea
+SSL_MODE = disable
+CHARSET  = utf8
+; SQL logs are rarely helpful unless we specifically ask for them
+LOG_SQL  = false
+
+[server]
+APP_DATA_PATH           = /data
+SSH_DOMAIN              = gitea
+DOMAIN                  = gitea
+HTTP_PORT               = 3000
+ROOT_URL                = http://gitea/
+DISABLE_SSH             = false
+START_SSH_SERVER        = true
+LFS_START_SERVER        = true
+; LFS authentication secret, change this to a unique string
+;LFS_JWT_SECRET          = 
+OFFLINE_MODE            = true
+PROTOCOL                = http
+BUILTIN_SSH_SERVER_USER = git
+SSH_LISTEN_PORT         = 2222
+SSH_PORT                = 22
+ENABLE_PPROF            = false
+
+[mailer]
+;ENABLED = true
+;HOST    = smtp.gmail.com:587
+;FROM    = 
+;USER    = 
+;PASSWD  = 
+
+[service]
+REGISTER_EMAIL_CONFIRM            = true
+ENABLE_NOTIFY_MAIL                = true
+DISABLE_REGISTRATION              = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+;NO_REPLY_ADDRESS                  = itix.fr
+
+[picture]
+DISABLE_GRAVATAR        = true
+ENABLE_FEDERATED_AVATAR = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE              = console
+LEVEL             = warn
+ENABLE_ACCESS_LOG = true
+COLORIZE          = false
+STDERR            = true
+ROUTER            = console
+
+[log.sublogger.access]
+MODE      = file
+ROOT_PATH = /data/log
+
+[log.sublogger.macaron]
+MODE      = file
+FILE_NAME = /dev/null
+
+[log.console]
+MODE     = console
+COLORIZE = false
+STDERR   = true
+
+[cron]
+ENABLED      = true
+RUN_AT_START = true
+
+[cron.update_mirrors]
+SCHEDULE = @every 24h
+
+[mirror]
+DEFAULT_INTERVAL = 24h
+MIN_INTERVAL     = 30m
+
+[app_name]
+APP_NAME = Gitea
+
+[repository]
+ROOT = /data/git/gitea-repositories
+
+[metrics]
+ENABLED = false

gitea/fcos.bu

@@ -0,0 +1,13 @@
+variant: fcos
+version: 1.4.0
+ignition:
+  config:
+    merge:
+    - local: base.ign
+    - local: traefik.ign
+    - local: traefik-examples.ign
+    - local: postgresql.ign
+    - local: postgresql-examples.ign
+    - local: gitea.ign
+    - local: gitea-examples.ign
+    - local: local.ign

gitea/gitea.container

@@ -0,0 +1,53 @@
+[Unit]
+Description=Gitea
+Documentation=https://docs.gitea.com/
+After=network.target var-lib-virtiofs-data.mount
+Requires=var-lib-virtiofs-data.mount
+
+# Only start if Gitea has been configured
+ConditionPathExists=/etc/quadlets/gitea/config.env
+
+# Start/stop this unit when the target is started/stopped
+PartOf=gitea.target
+
+[Container]
+ContainerName=gitea
+Image=docker.gitea.com/gitea:latest
+AutoUpdate=registry
+
+# Network configuration
+Network=host
+
+# No need for root privileges
+User=10009
+Group=10000
+Environment=USER_UID=10009
+Environment=USER_GID=10000
+AddCapability=CAP_NET_BIND_SERVICE
+
+# Override default command to start Gitea
+Entrypoint=/usr/local/bin/gitea
+Exec=-c /etc/gitea/app.ini web
+
+# Volume mounts
+Volume=/var/lib/virtiofs/data/gitea:/data:z
+Volume=/etc/quadlets/gitea/app.ini:/etc/gitea/app.ini:Z
+
+# Health check
+HealthCmd=curl -sSf http://127.0.0.1:3000/
+HealthInterval=30s
+HealthTimeout=10s
+HealthStartPeriod=10s
+HealthRetries=3
+
+[Service]
+Restart=always
+RestartSec=10
+TimeoutStartSec=120
+TimeoutStopSec=30
+
+# Wait for PostgreSQL to be ready on localhost
+ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
+
+[Install]
+WantedBy=gitea.target

gitea/gitea.target

@@ -0,0 +1,13 @@
+[Unit]
+Description=Gitea Service Target
+Documentation=man:systemd.target(5)
+Requires=postgresql.target gitea.service
+After=postgresql.target gitea.service
+
+# Allow isolation - can stop/start this target independently
+AllowIsolate=yes
+# Only start if Gitea has been configured
+ConditionPathExists=/etc/quadlets/gitea/config.env
+
+[Install]
+WantedBy=multi-user.target

gitea/other/postgresql/gitea.sql

@@ -0,0 +1,5 @@
+-- Initialization script for Gitea database and user
+CREATE USER gitea WITH PASSWORD 'gitea';
+CREATE DATABASE gitea OWNER gitea;
+GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
+ALTER ROLE gitea SET client_encoding TO 'utf8';

gitea/other/traefik/gitea.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    gitea:
+      rule: "Host(`gitea`)"
+      entryPoints:
+      - http
+      #- https
+      middlewares:
+      service: "gitea"
+      #tls:
+      #  certResolver: le
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:3000"

gitea/overlay.bu

@@ -0,0 +1,9 @@
+variant: fcos
+version: 1.4.0
+passwd:
+  users:
+  - name: gitea
+    uid: 10009
+    gecos: Gitea
+    home_dir: /var/lib/quadlets/gitea
+    primary_group: itix-svc

gitea/tmpfiles.d/gitea.conf

@@ -0,0 +1 @@
+d$ /var/lib/virtiofs/data/gitea 0700 10009 10000 -

keycloak/Makefile

@@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10007
 PROJECT_GID = 10000
 
-# PostgreSQL initialization scripts
-TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*))
-TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES)
-$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql
-	install -m 0600 -o 10004 -g 10000 $< $@
-
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 

miniflux/Makefile

@@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10010
 PROJECT_GID = 10000
 
-# PostgreSQL initialization scripts
-TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*))
-TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES)
-$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql
-	install -m 0600 -o 10004 -g 10000 $< $@
-
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 

nextcloud/Makefile

@@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10008
 PROJECT_GID = 10000
 
-# PostgreSQL initialization scripts
-TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*))
-TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES)
-$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql
-	install -m 0600 -o 10004 -g 10000 $< $@
-
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 # Additional Nextcloud directories and files
 TARGET_FILES += $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis
 $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis:

postgresql/Makefile.hooks

@@ -0,0 +1,5 @@
+# PostgreSQL initialization scripts
+TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*))
+TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES)
+$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql
+	install -m 0600 -o 10004 -g 10000 $< $@

restic-server/Makefile

@@ -8,12 +8,6 @@ DEPENDENCIES = traefik
 PROJECT_UID = 10022
 PROJECT_GID = 10000
 
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 

samba/Makefile.hooks

@@ -0,0 +1,5 @@
+# Samba configuration files
+TARGET_SAMBA_FILES = $(patsubst other/samba/%, $(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%, $(wildcard other/samba/*))
+TARGET_EXAMPLE_FILES += $(TARGET_SAMBA_FILES)
+$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%: other/samba/%
+	install -m 0644 -o root -g root $< $@

seedbox/Makefile

@@ -8,18 +8,6 @@ DEPENDENCIES = traefik samba
 PROJECT_UID = 10017
 PROJECT_GID = 10000
 
-# Samba configuration files
-TARGET_SAMBA_FILES = $(patsubst other/samba/%, $(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%, $(wildcard other/samba/*))
-TARGET_EXAMPLE_FILES += $(TARGET_SAMBA_FILES)
-$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%: other/samba/%
-	install -m 0644 -o root -g root $< $@
-
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 

traefik/Makefile.hooks

@@ -0,0 +1,5 @@
+# Traefik configuration files
+TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
+TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
+$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
+	install -m 0644 -o 10001 -g 10000 $< $@

vaultwarden/Makefile

@@ -8,18 +8,6 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10020
 PROJECT_GID = 10000
 
-# PostgreSQL initialization scripts
-TARGET_POSTGRESQL_FILES = $(patsubst other/postgresql/%, $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%, $(wildcard other/postgresql/*))
-TARGET_EXAMPLE_FILES += $(TARGET_POSTGRESQL_FILES)
-$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/%.sql: other/postgresql/%.sql
-	install -m 0600 -o 10004 -g 10000 $< $@
-
-# Traefik configuration files
-TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
-TARGET_EXAMPLE_FILES += $(TARGET_TRAEFIK_FILES)
-$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
-	install -m 0644 -o 10001 -g 10000 $< $@
-
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 

vaultwarden/config/examples/config.env

@@ -1,3 +1,6 @@
+# Vaultwarden Configuration File
+# See https://github.com/dani-garcia/vaultwarden/blob/main/.env.template for more details
+
 # Public URL where Vaultwarden will be accessible
 DOMAIN=http://vaultwarden
 
@@ -8,6 +11,9 @@ ROCKET_PORT=8080
 # Database configuration
 DATABASE_URL=postgresql://vaultwarden:vaultwarden@localhost:5432/vaultwarden
 
+# Folder to store data (attachments, icons, etc.)
+DATA_FOLDER=/data
+
 # Generated using the following command:
 # echo -n 'Ch4ng3M3!' | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
 ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$cnV0dFVjODhCcDRyR2E1azNRM2NNTDAvamxNUzJpdklrVkpaRmQ5Sm95WT0$mS2zqCE1fTOYSEg0q8pffD2C/6cFctTZQXVxlZ5Of8E