Compare commits

..

2 Commits

Author SHA1 Message Date
joeac 1444b29fae removes duplicate module rule funcs in Makefile 2026-07-01 16:58:20 +01:00
joeac 7c4c5a6f50 pulls out container.mk 2026-07-01 16:55:29 +01:00
48 changed files with 1233 additions and 1235 deletions
-3
View File
@@ -5,6 +5,3 @@ indent_size = 2
[*.{md,markdown,mdx}]
max_line_length = 80
[{Makefile,*.mk}]
indent_style = tab
+93 -45
View File
@@ -1,66 +1,114 @@
include make/vars.mk
include config.mk
submake_file = $(shell [ -f "$(module)/Makefile" ] && echo "$(module)/Makefile")
install_submake_file = $(shell [ -f "$(module)/install.mk" ] && echo "$(module)/install.mk")
#############
# VARIABLES #
#############
define make_module_rule =
.PHONY: make_$(module)
make_$(module): $(module)/.env
$(if $(submake_file),\
$(MAKE) --makefile=$(notdir $(submake_file)) --directory=$(module))
CPU_ARCH := $(if $(shell which arch 2>/dev/null),\
$(shell arch),\
$(shell lscpu | grep ^Architecture: | sed "s/^Architecture:[[:space:]]*\([[:alnum:][:punct:]]\+\).*/\1/"))
HOSTNAME := $(shell cat /etc/hostname)
IMAGE_PREFIX := $(if $(filter armv7%,$(CPU_ARCH)),armv7/)
REGISTRY_DOMAIN := git.joeac.net
REGISTRY_USER := joeac
MODULES_pi-broughton := http gemini smtp vaultwarden ln
MODULES_blade-canongate := etherpad
MASTER_NODE := pi-broughton
IS_MASTER_NODE := $(filter $(MASTER_NODE),$(HOSTNAME))
MODULES := $(MODULES_$(HOSTNAME))
SUBDOMAINS := $(foreach module,$(MODULES),$(SUBDOMAIN_$(module)))
COMPOSE_SERVICES := $(shell podman-compose config \
| yq ".services | keys" --output-format csv --csv-separator " ")
MAKE_MODULES := $(foreach module,$(MODULES),\
$(shell [ -f $(module)/Makefile ] && echo $(module)))
NGINX_CONFIG_SRC := nginx/nginx.conf
NGINX_CONFIG := /etc/nginx/nginx.conf
NGINX_CONFIG_BACKUP := /etc/nginx/nginx.joeac.net-backup
RESTART_NGINX := sudo rc-service nginx restart
#############
# FUNCTIONS #
#############
container_image_name = $(REGISTRY_DOMAIN)/$(REGISTRY_USER)/joeac.net-$(module)
nginx_module_target = $(if $(SUBDOMAIN_$(module)),/etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf)
dyndns_module_target = $(if $(SUBDOMAIN_$(module)),/etc/periodic/daily/dyndns-$(SUBDOMAIN_$(module)).joeac.net)
define install_module_rule =
.PHONY: install_$(module)
install_$(module): install_openrc_$(module) $(nginx_module_target) $(dyndns_module_target) $(install_submake_file)
$(if $(install_submake_file),$(MAKE) --makefile=$(notdir $(install_submake_file)) --directory=$(dir $(install_submake_file)) install)
endef
define reinstall_module_rule =
.PHONY: reinstall_$(module)
reinstall_$(module): reinstall_openrc_$(module) $(nginx_module_target) $(dyndns_module_target) $(install_submake_file)
$(if $(install_submake_file),$(MAKE) --makefile=$(notdir $(install_submake_file)) --directory=$(dir $(install_submake_file)) reinstall)
endef
define uninstall_module_rule =
.PHONY: uninstall_$(module)
uninstall_$(module):
$(if $(openrc_module_target),\
rc-service -U joeac.net.$(module) stop \
rc-update -U del joeac.net.$(module) default \
rm ~/.config/rc/init.d/joeac.net.$(module) \
)
$(if $(SUBDOMAIN_$(module)),\
sudo rm -f /etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf; \
$(RESTART_NGINX); \
sudo rm -f /etc/periodic/daily/dyndns-$(SUBDOMAIN_$(module)).joeac.net; \
)
$(if $(install_submake_file),\
$(MAKE) --makefile=$(notdir (install_submake_file)) --directory $(dir $(install_submake_file)) uninstall
)
endef
= $(if $(filter $(COMPOSE_SERVICES),$(module)),~/.config/rc/init.d/joeac.net.$(module))
install_submake_file = $(shell [ -f "$(module)/install.mk" ] && echo "$(module)/install.mk")
define module_env_rule =
$(module)/.env: .env
cp .env $(module)/.env
endef
define install_module_rule =
.PHONY: install_$(module)
install_$(module): install_openrc_$(module) install_dyndns_$(module) $(if $(SUBDOMAIN_$(module)),install_tls_$(SUBDOMAIN_$(module))) $(install_submake_file)
$(if $(install_submake_file),$(MAKE) --makefile=$(notdir $(install_submake_file)) --directory=$(dir $(install_submake_file)) install)
endef
define reinstall_module_rule =
.PHONY: reinstall_$(module)
reinstall_$(module): reinstall_openrc_$(module) reinstall_dyndns_$(module) $(if $(SUBDOMAIN_$(module)),reinstall_tls_$(SUBDOMAIN_$(module))) $(install_submake_file)
$(if $(install_submake_file),$(MAKE) --makefile=$(notdir $(install_submake_file)) --directory=$(dir $(install_submake_file)) reinstall)
endef
#########
# RULES #
#########
define uninstall_module_rule =
.PHONY: uninstall_$(module)
uninstall_$(module): uninstall_openrc_$(module) uninstall_dyndns_$(module) $(if $(SUBDOMAIN_$(module)),install_tls_$(SUBDOMAIN_$(module)))
$(if $(install_submake_file),\
$(MAKE) --makefile=$(notdir $(install_submake_file)) --directory $(dir $(install_submake_file)) uninstall
)
endef
.SILENT: usage
.PHONY: usage
usage:
echo "usage:"
echo " make install"
$(foreach module,$(MODULES),echo " make install_$(module)")
echo " make reinstall"
$(foreach module,$(MODULES),echo " make reinstall_$(module)")
echo " make uninstall"
$(foreach module,$(MODULES),echo " make uninstall_$(module)")
.PHONY: all
all: $(ENV_RULES) $(MAKE_RULES) $(BUILD_RULES) $(PUSH_RULES)
$(foreach module,$(ALL_MODULES),$(eval $(call make_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(call module_env_rule)))
$(foreach module,$(MODULES),$(eval $(call module_env_rule)))
.PHONY: install
install: install_tls install_nginx $(ENV_RULES) $(INSTALL_RULES) install_crontab
.PHONY: reinstall
reinstall: reinstall_tls reinstall_nginx reinstall_dyndns $(ENV_RULES) $(REINSTALL_RULES) reinstall_crontab
install: $(foreach module,$(MODULES),install_$(module)) install_crontab
.PHONY: uninstall
uninstall: uninstall_nginx uninstall_dyndns uninstall_tls uninstall_joeac.net_service $(UNINSTALL_RULES) uninstall_crontab
uninstall: uninstall_nginx uninstall_dyndns uninstall_joeac.net_service $(foreach module,$(MODULES),uninstall_$(module)) uninstall_crontab
$(foreach module,$(ALL_MODULES),$(eval $(install_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(reinstall_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(uninstall_module_rule)))
.PHONY: uninstall_joeac.net_service
rm ~/.config/rc/joeac.net
$(foreach module,$(MODULES),$(eval $(install_module_rule)))
$(foreach module,$(MODULES),$(eval $(reinstall_module_rule)))
$(foreach module,$(MODULES),$(eval $(uninstall_module_rule)))
include container.mk
include openrc.mk
include nginx.mk
include crontab.mk
include dyndns.mk
.PHONY: clean
clean:
$(foreach module,$(MAKE_MODULES),$(MAKE) --directory=$(module) clean;)
include make/container.mk
include make/openrc.mk
include make/nginx.mk
include make/crontab.mk
include make/dyndns.mk
include make/tls.mk
+28 -87
View File
@@ -2,103 +2,44 @@
Joe Carstairs' public Internet presence
To install:
```sh
wget -O- https://git.joeac.net/joeac/joeac.net/raw/branch/main/install.sh | sh
```
## DNS setup
A/AAAA DNS records are added automatically by `make install`, but in order to
get `mox` working as an email server, you'll have to manually add the following
DNS records.
Deliver mail for mail.joeac.net to mail.joeac.net:
Structure:
```
mail.joeac.net. MX 10 mail.joeac.net.
/
├── gemini My Gemini capsule
├── smtp A local SMTP server
└── http My Website
```
All emails from the email server will be signed with two DKIM keys. So that
clients can verify the authenticity of the messages, provide these keys as TXT
records:
## Running with Podman
```
2026a._domainkey.mail.joeac.net. TXT v=DKIM1;h=sha256;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYfjrzmYgBtYofzBwI80aiW98+M2g6z+gd1Iwz9g0y30rPFNTctFn9GwBNuYBgZiZxB+sqjEbPMbr3li/R7i0A9t/KbNNJhkNC+4IjKJjk+jw1CXm4vXOUa4YSYWwy7NVYTH/QwZGz6fwjVM7YvDnnE4gG2NwrVx+AXlONt2R1G+qgV6HAIIvVi8T0yCjjqEc5B5bKlqk0XU9vSyUFJhhKnR/KNRe79C+H9GWJzcU7HUCmIHX04Xi0JeB/wm3weF1xjtGTsWyy5BmHHsfWGqSr2Dbg5o6AI5W0h4VkQ4QzdEYGVQ9ZBDyqFQwQFXLn0oHZjCD/vFzPOPdM5pxF/OgwIDAQAB
2026b._domainkey.mail.joeac.net. TXT v=DKIM1;h=sha256;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcrk9FUt6AdrvnAP3KawuOTLw7uL5SJ+ZYmShuz41zwM6bPQteGSSwddFXIxcqVlJrdFahrK4KvHX/sw/hWVfZoPLDdwsGN5eI8cqQjNDE+JDu9BbPlTituva4Hkve0hbAKDqA8jmbcZg6aU7b44Kzq8UpWAlPO273Rq2tsbCBcITt8B3NFoeY9CSsZU1LqGl855GUtaNyhlPaAvfab3Q9/4wyusPhCHlBYaRK+ZzuSMs5KEOG6n4kbZfMVi2+4c/bPU5PdTuyvbSIEqjNH4TpfatE0I9ubGv0WbAzr5EZbv5+xtukZ/dIisPPMjn1AbjpSJYNYr2OYgey6+WvzRmQIDAQAB
These instructions will probably work with Docker, too: just substitute `podman`
for `docker` in all the commands.
To run with Podman, first set up your environment variables. Copy `example.env`
to `.env` and edit the values accordingly.
Then, create the `remote_smtp_password` secret, storing the password for the
remote SMTP server which will send the contact emails on behalf of the website.
```bash
sudo podman secret create remote_smtp_password /path/to/remote/smtp/password
```
Specify the MX host is allowed to send for our domain and for itself (for DSNs).
~all means softfail for anything else, which is done instead of -all to prevent
older mail servers from rejecting the message because they never get to looking
for a dkim/dmarc pass.
Now build and start the containers:
```
mail.joeac.net. TXT v=spf1 ip4:217.155.190.42 ip6:fdc9:6aec:7a18:0:2e0:4cff:fe61:9b17 mx ~all
```bash
sudo podman-compose build && sudo podman-compose up -d
```
Emails that fail the DMARC check (without aligned DKIM and without aligned SPF)
should be rejected, and request reports. If you email through mailing lists that
strip DKIM-Signature headers and don't rewrite the From header, you may want to
set the policy to p=none.
## Running on the host machine
```
_dmarc.mail.joeac.net. TXT v=DMARC1;p=reject;rua=mailto:dmarcreports@mail.joeac.net!10m
To run on the host machine, first, as before, set up your environment variables
by copying `example.env` to `.env` and editing the values as appropriate.
```bash
npm run start
```
Remote servers can use MTA-STS to verify our TLS certificate with the WebPKI
pool of CA's (certificate authorities) when delivering over SMTP with
STARTTLSTLS.
```
mta-sts.mail.joeac.net. CNAME mail.joeac.net.
_mta-sts.mail.joeac.net. TXT v=STSv1; id=20260705T153220
```
Request reporting about TLS failures.
```
_smtp._tls.mail.joeac.net. TXT v=TLSRPTv1; rua=mailto:tlsreports@mail.joeac.net
```
Client settings will reference a subdomain of the hosted domain, making it
easier to migrate to a different server in the future by not requiring settings
in all clients to be updated.
```
clientsettings.mail.joeac.net. CNAME mail.joeac.net.
```
Autoconfig is used by Thunderbird. Autodiscover is (in theory) used by
Microsoft.
```
autoconfig.mail.joeac.net. CNAME mail.joeac.net.
_autodiscover._tcp.mail.joeac.net. SRV 0 1 443 mail.joeac.net.
```
For secure IMAP and submission autoconfig, point to mail host.
```
_imaps._tcp.mail.joeac.net. SRV 0 1 993 mail.joeac.net.
_submissions._tcp.mail.joeac.net. SRV 0 1 465 mail.joeac.net.
```
Next records specify POP3 and non-TLS ports are not to be used. These are
optional and safe to leave out (e.g. if you have to click a lot in a DNS admin
web interface).
```
_imap._tcp.mail.joeac.net. SRV 0 0 0 .
_submission._tcp.mail.joeac.net. SRV 0 0 0 .
_pop3._tcp.mail.joeac.net. SRV 0 0 0 .
_pop3s._tcp.mail.joeac.net. SRV 0 0 0 .
```
Optional: You could mark Let's Encrypt as the only Certificate Authority allowed
to sign TLS certificates for your domain.
```
mail.joeac.net. CAA 0 issue "letsencrypt.org"
```
Note that emails may not work locally without further setup. These instructions
are of course woefully incomplete.
-11
View File
@@ -1,11 +0,0 @@
Writing is hard! I've just spent 2 days fixing 1 paragraph in my dissertation. The problem was to give the reader good reason to think that the fossil fuel industry exerts a strong influence on the majority epistemology. The end result is a single paragraph with four citations. You'd think that would take half a day, not 2 full days.
I think what made it hard was that I needed to gain understanding. If I just needed a fact or two, it would have been easier: skim a few abstracts, extract a few figures, call it a day. But I didn't know in advance what fossil-think looks like. I couldn't write a paragraph that was almost done but for a few missing statistics. I needed to know the whens, the hows, the whos.
What I ended up doing was collecting a score of browser tabs with relevant articles and ebooks (which was easy enough), then going through each one and reading it: properly reading it, for understanding, not just skimming abstracts.
This worked: after about half a dozen articles, I reviewed my notes, realised I had enough to be getting on with, and wrote up my paragraph. Along the way I gained a (very shallow) understanding of how the fossil fuel industry influences public discourse.
But: it took a heck of a long time for one paragraph.
I really wish I had an experienced researcher looking over my shoulder, popping by a couple of times a day, to offer advice. Maybe they would tell me: sorry, that's just how it is, you need to gain understanding and that takes time. Or maybe they would say: you should really be cutting the corner here, let me show you how. It's one of the many things you cannot get from a monthly check-in with a supervisor.
-3
View File
@@ -1,3 +0,0 @@
I've been following Ink and Switch's blog for a while. They're working creatively with computers. This is a great discussion about LLMs which covers what they are, how they are being abused to de-humanise the world, and how things could be different, concluding in a call for 'punk computing.' Let's have it!
=> https://www.inkandswitch.com/tangents/artificial/ Artificial | Ink and Switch
+6 -18
View File
@@ -1,27 +1,15 @@
services:
actualbudget:
image: docker.io/actualbudget/actual-server:latest-alpine
container_name: joeac.net-actualbudget
restart: unless-stopped
volumes:
- ${ACTUALBUDGET_DATA_DIR}:/data/
ports:
- "${ACTUALBUDGET_PORT}:5006"
gemini:
image: git.joeac.net/joeac/${IMAGE_PREFIX}joeac.net-gemini
image: git.joeac.net/joeac/${CONTAINER_PREFIX}joeac.net-gemini
container_name: joeac.net-gemini
build:
context: .
dockerfile: gemini.Dockerfile
ports:
- "${GEMINI_PORT}:1965"
volumes:
- ${GEMINI_CERTIFICATES_DIR}:/var/app/.certificates
- ${GEMINI_COMITIUM_DATA_DIR}:/var/app/comitium-data
http:
image: git.joeac.net/joeac/${IMAGE_PREFIX}joeac.net-http
image: git.joeac.net/joeac/${CONTAINER_PREFIX}joeac.net-http
container_name: joeac.net-http
build:
context: .
@@ -42,7 +30,7 @@ services:
- "${HTTP_PORT}:80"
etherpad:
image: git.joeac.net/joeac/${IMAGE_PREFIX}joeac.net-etherpad
image: git.joeac.net/joeac/${CONTAINER_PREFIX}joeac.net-etherpad
container_name: joeac.net-etherpad
build:
context: .
@@ -51,7 +39,7 @@ services:
ALPINE_VERSION: ${ALPINE_VERSION}
ETHERPAD_VERSION: ${ETHERPAD_VERSION}
volumes:
- ${ETHERPAD_DATA_DIR}:/var/app/var
- ./etherpad/var:/var/app/var
environment:
NODE_ENV: ${ETHERPAD_NODE_ENV}
ADMIN_PASSWORD: ${ETHERPAD_ADMIN_PASSWORD}
@@ -60,7 +48,7 @@ services:
- "${ETHERPAD_PORT}:9001"
smtp:
image: git.joeac.net/joeac/${IMAGE_PREFIX}joeac.net-smtp
image: git.joeac.net/joeac/${CONTAINER_PREFIX}joeac.net-smtp
container_name: joeac.net-smtp
build:
context: .
@@ -86,7 +74,7 @@ services:
environment:
DOMAIN: "https://pwd.joeac.net"
volumes:
- ${VAULTWARDEN_DATA_DIR}:/data/
- ./vaultwarden/vw-data/:/data/
ports:
- "${VAULTWARDEN_PORT}:80"
+4
View File
@@ -0,0 +1,4 @@
SUBDOMAIN_http := @
SUBDOMAIN_vaultwarden := pwd
SUBDOMAIN_etherpad := docs
SUBDOMAIN_ln := ln
+25
View File
@@ -0,0 +1,25 @@
define build_module_rule =
.PHONY: build_$(module)
build_$(module): make_$(module) $(module).Dockerfile
podman-compose build $(module)
endef
define push_module_rule =
.PHONY: push_$(module)
push_$(module): login_registry build_$(module)
podman push $(container_image_name)
endef
define make_module_rule =
.PHONY: make_$(module)
make_$(module): $(module)/.env
$(MAKE) --directory=$(module)
endef
$(foreach module,$(COMPOSE_SERVICES),$(eval $(call build_module_rule)))
$(foreach module,$(COMPOSE_SERVICES),$(eval $(call push_module_rule)))
$(foreach module,$(MAKE_MODULES),$(eval $(call make_module_rule)))
.PHONY: login_registry
login_registry:
podman login $(REGISTRY_DOMAIN)
+6 -2
View File
@@ -8,6 +8,10 @@ reinstall_crontab: /etc/periodic/daily/joeac.net
uninstall_crontab:
sudo rm -f /etc/periodic/daily/joeac.net
/etc/periodic/daily/joeac.net: update.sh
sudo cp update.sh /etc/periodic/daily/joeac.net
/etc/periodic/daily/joeac.net:
echo "#!/bin/sh" > crontab.tmp
echo "git -C /usr/local/lib/joeac.net pull && $(MAKE) --directory /usr/local/lib/joeac.net && rc-service joeac.net restart" \
>> crontab.tmp
sudo mv crontab.tmp /etc/periodic/daily/joeac.net
sudo chmod +x /etc/periodic/daily/joeac.net
+38
View File
@@ -0,0 +1,38 @@
.PHONY: install_dyndns
install_dyndns: /usr/local/bin/dyndns.sh ~/.config/dyndns/DIGITALOCEAN_TOKEN
.PHONY: reinstall_dyndns
reinstall_dyndns: /usr/local/bin/dyndns.sh ~/.config/dyndns/DIGITALOCEAN_TOKEN
.PHONY: uninstall_dyndns
uninstall_dyndns:
sudo rm -rf \
/usr/local/bin/dyndns.sh \
/usr/local/bin/get_ip_addr.sh \
/usr/local/lib/digitalocean_dyndns/ \
~/.config/dyndns \
~/.cache/dyndns
/usr/local/bin/dyndns.sh: /usr/local/lib/digitalocean_dyndns/dyndns.sh /usr/local/bin/get_ip_addr.sh
sudo rm -f /usr/local/bin/dyndns.sh
sudo cp /usr/local/lib/digitalocean_dyndns/dyndns.sh /usr/local/bin/dyndns.sh
/usr/local/bin/get_ip_addr.sh: /usr/local/lib/digitalocean_dyndns/get_ip_addr.sh
sudo rm -f /usr/local/bin/get_ip_addr.sh
sudo cp /usr/local/lib/digitalocean_dyndns/get_ip_addr.sh /usr/local/bin/get_ip_addr.sh
/usr/local/lib/digitalocean_dyndns/%:
cd /usr/local/lib \
&& sudo git clone https://git.joeac.net/joeac/digitalocean_dyndns.git
~/.config/dyndns/DIGITALOCEAN_TOKEN: DIGITALOCEAN_TOKEN
mkdir -p ~/.config/dyndns/
rm -f ~/.config/dyndns/DIGITALOCEAN_TOKEN
cp DIGITALOCEAN_TOKEN ~/.config/dyndns/DIGITALOCEAN_TOKEN
/etc/periodic/daily/dyndns-%joeac.net: /usr/local/bin/dyndns.sh
echo "#!/bin/sh" > crontab.tmp
echo " /usr/local/bin/dyndns.sh 4 $(*F)joeac.net" >> crontab.tmp
echo "CONN_DEVICE_NAME=eth0 /usr/local/bin/dyndns.sh 6 $(*F)joeac.net" >> crontab.tmp
sudo mv crontab.tmp $@
sudo chmod +x $@
+2 -6
View File
@@ -16,12 +16,8 @@ install_deps: $(SRC_DIR)/node_modules
$(SRC_DIR)/node_modules: $(SRC_DIR) $(SRC_DIR)/settings.json $(SRC_DIR)/package.json $(SRC_DIR)/pnpm-lock.yaml
cd $(SRC_DIR) && pnpm install
$(SRC_DIR)/settings.json: $(SRC_DIR) settings.json.template
ifdef ETHERPAD_PORT
ETHERPAD_PORT=$(ETHERPAD_PORT) envsubst -no-unset -i settings.json.template -o $(SRC_DIR)/settings.json
else
$(error ETHERPAD_PORT is not defined)
endif
$(SRC_DIR)/settings.json: $(SRC_DIR) settings.json
cp settings.json $(SRC_DIR)/settings.json
clean:
rm -rf etherpad-*/
-13
View File
@@ -1,13 +0,0 @@
.PHONY: install
install: $(ETHERPAD_DATA_DIR)
.PHONY: reinstall
reinstall: $(ETHERPAD_DATA_DIR)
$(ETHERPAD_DATA_DIR):
sudo mkdir -p $(ETHERPAD_DATA_DIR)
ETHERPAD_USER=$(whoami) && sudo chown $$ETHERPAD_USER:$$ETHERPAD_USER $(ETHERPAD_DATA_DIR)
.PHONY: uninstall
uninstall:
$(info Nothing to do)
+747
View File
@@ -0,0 +1,747 @@
/*
* This file must be valid JSON. But comments are allowed
*
* Please edit settings.json, not settings.json.template
*
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
* a separate file (credentials.json).
*
*
* ENVIRONMENT VARIABLE SUBSTITUTION
* =================================
*
* All the configuration values can be read from environment variables using the
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
*
* This is useful, for example, when running in a Docker container.
*
* DETAILED RULES:
* - If the environment variable is set to the string "true" or "false", the
* value becomes Boolean true or false.
* - If the environment variable is set to the string "null", the value
* becomes null.
* - If the environment variable is set to the string "undefined", the setting
* is removed entirely, except when used as the member of an array in which
* case it becomes null.
* - If the environment variable is set to a string representation of a finite
* number, the string is converted to that number.
* - If the environment variable is set to any other string, including the
* empty string, the value is that string.
* - If the environment variable is unset and a default value is provided, the
* value is as if the environment variable was set to the provided default:
* - "${UNSET_VAR:}" becomes the empty string.
* - "${UNSET_VAR:foo}" becomes the string "foo".
* - "${UNSET_VAR:true}" and "${UNSET_VAR:false}" become true and false.
* - "${UNSET_VAR:null}" becomes null.
* - "${UNSET_VAR:undefined}" causes the setting to be removed (or be set
* to null, if used as a member of an array).
* - If the environment variable is unset and no default value is provided,
* the value becomes null. THIS BEHAVIOR MAY CHANGE IN A FUTURE VERSION OF
* ETHERPAD; if you want the default value to be null, you should explicitly
* specify "null" as the default value.
*
* EXAMPLE:
* "port": "${PORT:9001}"
* "minify": "${MINIFY}"
* "skinName": "${SKIN_NAME:colibris}"
*
* Would read the configuration values for those items from the environment
* variables PORT, MINIFY and SKIN_NAME.
*
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
* "colibris" would be used.
* The configuration value "minify", on the other hand, does not have a
* designated default value. Thus, if the environment variable MINIFY were
* undefined, "minify" would be null.
*
* REMARKS:
* 1) please note that variable substitution always needs to be quoted.
*
* "port": 9001, <-- Literal values. When not using
* "minify": false substitution, only strings must be
* "skinName": "colibris" quoted. Booleans and numbers must not.
*
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
* "skinName": "${SKIN_NAME}" even if the required value is a number or
* a boolean.
* Etherpad will take care of rewriting it
* to the proper type if necessary.
*
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
* "minify": ${MINIFY} around variable names are missing.
* "skinName": ${SKIN_NAME}
*
* 2) Beware of undefined variables and default values: nulls and empty strings
* are different!
*
* This is particularly important for user's passwords (see the relevant
* section):
*
* "password": "${PASSW}" // if PASSW is not defined would result in password === null
* "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
*
* If you want to use an empty value (null) as default value for a variable,
* simply do not set it, without putting any colons: "${SOFFICE}".
*
* 3) if you want to use newlines in the default value of a string parameter,
* use "\n" as usual.
*
* "defaultPadText" : "${DEFAULT_PAD_TEXT:Line 1\nLine 2}"
*/
{
/*
* Name your instance!
*/
"title": "joeac's docs",
/*
* Whether to show recent pads on the homepage or not.
*/
"showRecentPads": true,
/*
* Pathname of the favicon you want to use. If null, the skin's favicon is
* used if one is provided by the skin, otherwise the default Etherpad favicon
* is used. If this is a relative path it is interpreted as relative to the
* Etherpad root directory.
*/
"favicon": null,
/*
* Skin name.
*
* Its value has to be an existing directory under src/static/skins.
* You can write your own, or use one of the included ones:
*
* - "no-skin": an empty skin (default). This yields the unmodified,
* traditional Etherpad theme.
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
* become the default in Etherpad 2.0
*/
"skinName": "colibris",
/*
* Skin Variants
*
* Use the UI skin variants builder at /p/test#skinvariantsbuilder
*
* For the colibris skin only, you can choose how to render the three main
* containers:
* - toolbar (top menu with icons)
* - editor (containing the text of the pad)
* - background (area outside of editor, mostly visible when using page style)
*
* For each of the 3 containers you can choose 4 color combinations:
* super-light, light, dark, super-dark.
*
* For example, to make the toolbar dark, you will include "dark-toolbar" into
* skinVariants.
*
* You can provide multiple skin variants separated by spaces. Default
* skinVariant is "super-light-toolbar super-light-editor light-background".
*
* For the editor container, you can also make it full width by adding
* "full-width-editor" variant (by default editor is rendered as a page, with
* a max-width of 900px).
*/
"skinVariants": "super-light-toolbar super-light-editor light-background",
/*
* IP and port which Etherpad should bind at.
*
* Binding to a Unix socket is also supported: just use an empty string for
* the ip, and put the full path to the socket in the port parameter.
*
* EXAMPLE USING UNIX SOCKET:
* "ip": "", // <-- has to be an empty string
* "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket
*/
"ip": "0.0.0.0",
"port": 9001,
/*
* Option to hide/show the settings.json in admin page.
*
* Default option is set to true
*/
"showSettingsInAdminPage": true,
/*
* Enable/disable the metrics endpoint.
*
* This is used by the monitoring plugins to collect metrics about Etherpad.
* If you do not use any monitoring plugins, you can disable this.
*/
"enableMetrics": "${ENABLE_METRICS:true}",
/*
* Settings for cleanup of pads
*/
"cleanup": {
"enabled": false,
"keepRevisions": 5
},
/*
* Node native SSL support
*
* This is disabled by default.
* Make sure to have the minimum and correct file access permissions set so
* that the Etherpad server can access them
*/
/*
"ssl" : {
"key" : "/path-to-your/epl-server.key",
"cert" : "/path-to-your/epl-server.crt",
"ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
},
*/
/*
* The type of the database.
*
* You can choose between many DB drivers, for example: dirty, postgres,
* sqlite, mysql.
*
* You shouldn't use "dirty" for for anything else than testing or
* development.
*
*
* Database specific settings are dependent on dbType, and go in dbSettings.
* Remember that since Etherpad 1.6.0 you can also store this information in
* credentials.json.
*
* For a complete list of the supported drivers, please refer to:
* https://www.npmjs.com/package/ueberdb2
*/
"dbType": "sqlite",
"dbSettings": {
"filename": "var/etherpad.sq3"
},
/*
* An Example of MySQL Configuration (commented out).
*
* See: https://github.com/ether/etherpad/wiki/How-to-use-Etherpad-Lite-with-MySQL
*/
/*
"dbType" : "mysql",
"dbSettings" : {
"user": "etherpaduser",
"host": "localhost",
"port": 3306,
"password": "PASSWORD",
"database": "etherpad_lite_db",
"charset": "utf8mb4"
},
*/
/*
* The default text of a pad
*/
"defaultPadText" : "",
/*
* Default Pad behavior.
*
* Change them if you want to override.
*/
"padOptions": {
"noColors": false,
"showControls": true,
"showChat": true,
"showLineNumbers": true,
"useMonospaceFont": false,
"userName": null,
"userColor": null,
"rtl": false,
"alwaysShowChat": false,
"chatAndUsers": false,
"lang": null
},
/*
* Pad Shortcut Keys
*/
"padShortcutEnabled" : {
"altF9": true, /* focus on the File Menu and/or editbar */
"altC": true, /* focus on the Chat window */
"cmdShift2": true, /* shows a gritter popup showing a line author */
"delete": true,
"return": true,
"esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */
"cmdS": true, /* save a revision */
"tab": true, /* indent */
"cmdZ": true, /* undo/redo */
"cmdY": true, /* redo */
"cmdI": true, /* italic */
"cmdB": true, /* bold */
"cmdU": true, /* underline */
"cmd5": true, /* strike through */
"cmdShiftL": true, /* unordered list */
"cmdShiftN": true, /* ordered list */
"cmdShift1": true, /* ordered list */
"cmdShiftC": true, /* clear authorship */
"cmdH": true, /* backspace */
"ctrlHome": true, /* scroll to top of pad */
"pageUp": true,
"pageDown": true
},
/*
* Enables the use of a different server. We have a different one that syncs changes from the original server.
* It is hosted on GitHub and should not be blocked by many firewalls.
* https://etherpad.org/ep_infos
*/
"updateServer": "https://etherpad.org/ep_infos",
/*
* Should we suppress errors from being visible in the default Pad Text?
*/
"suppressErrorsInPadText": false,
/*
* If this option is enabled, a user must have a session to access pads.
* This effectively allows only group pads to be accessed.
*/
"requireSession": false,
/*
* Users may edit pads but not create new ones.
*
* Pad creation is only via the API.
* This applies both to group pads and regular pads.
*/
"editOnly": false,
/*
* If true, all css & js will be minified before sending to the client.
*
* This will improve the loading performance massively, but makes it difficult
* to debug the javascript/css
*/
"minify": true,
/*
* How long may clients use served javascript code (in seconds)?
*
* Not setting this may cause problems during deployment.
* Set to 0 to disable caching.
*/
"maxAge": 21600, // 60 * 60 * 6 = 6 hours
/*
* This is the absolute path to the soffice executable.
*
* LibreOffice is used for advanced import/export of pads (docx, pdf, odt).
* Setting it to null disables LibreOffice and will only allow plain text
* and HTML import/exports.
*/
"soffice": null,
/*
* When true (the default), the "Microsoft Word" export button downloads a .docx file via
* LibreOffice (requires "soffice" to be set). Set to false to revert to legacy .doc output
* (which also requires "soffice").
*/
"docxExport": true,
/*
* txt, doc, docx, rtf, odt, html & htm
*/
"allowUnknownFileEnds": true,
/*
* This setting is used if you require authentication of all users.
*
* Note: "/admin" always requires authentication.
*/
"requireAuthentication": false,
/*
* Require authorization by a module, or a user with is_admin set, see below.
*/
"requireAuthorization": false,
/*
* When you use NGINX or another proxy/load-balancer set this to true.
*
* This is especially necessary when the reverse proxy performs SSL
* termination, otherwise the cookies will not have the "secure" flag.
*
* The other effect will be that the logs will contain the real client's IP,
* instead of the reverse proxy's IP.
*/
"trustProxy": false,
/*
* Settings controlling the session cookie issued by Etherpad.
*/
"cookie": {
/*
* Prefix for all cookie names set by Etherpad. Set this to "ep_" or similar
* if Etherpad's cookie names (token, sessionID, etc.) conflict with those
* of another application on the same domain. Default: "" (no prefix).
*/
// "prefix": "ep_",
/*
* How often (in milliseconds) the key used to sign the express_sid cookie
* should be rotated. Long rotation intervals reduce signature verification
* overhead (because there are fewer historical keys to check) and database
* load (fewer historical keys to store, and less frequent queries to
* get/update the keys). Short rotation intervals are slightly more secure.
*
* Multiple Etherpad processes sharing the same database (table) is
* supported as long as the clock sync error is significantly less than this
* value.
*
* Key rotation can be disabled (not recommended) by setting this to 0 or
* null, or by disabling session expiration (see sessionLifetime).
*/
"keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* Value of the SameSite cookie property. "Lax" is recommended unless
* Etherpad will be embedded in an iframe from another site, in which case
* this must be set to "None". Note: "None" will not work (the browser will
* not send the cookie to Etherpad) unless https is used to access Etherpad
* (either directly or via a reverse proxy with "trustProxy" set to true).
*
* "Strict" is not recommended because it has few security benefits but
* significant usability drawbacks vs. "Lax". See
* https://stackoverflow.com/q/41841880 for discussion.
*/
"sameSite": "Lax",
/*
* How long (in milliseconds) after navigating away from Etherpad before the
* user is required to log in again. (The express_sid cookie is set to
* expire at time now + sessionLifetime when first created, and its
* expiration time is periodically refreshed to a new now + sessionLifetime
* value.) If requireAuthentication is false then this value does not really
* matter.
*
* The "best" value depends on your users' usage patterns and the amount of
* convenience you desire. A long lifetime is more convenient (users won't
* have to log back in as often) but has some drawbacks:
* - It increases the amount of state kept in the database.
* - It might weaken security somewhat: The cookie expiration is refreshed
* indefinitely without consulting authentication or authorization
* hooks, so once a user has accessed a pad, the user can continue to
* use the pad until the user leaves for longer than sessionLifetime.
* - More historical keys (sessionLifetime / keyRotationInterval) must be
* checked when verifying signatures.
*
* Session lifetime can be set to infinity (not recommended) by setting this
* to null or 0. Note that if the session does not expire, most browsers
* will delete the cookie when the browser exits, but a session record is
* kept in the database forever.
*/
"sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* How long (in milliseconds) before the expiration time of an active user's
* session is refreshed (to now + sessionLifetime). This setting affects the
* following:
* - How often a new session expiration time will be written to the
* database.
* - How often each user's browser will ping the Etherpad server to
* refresh the expiration time of the session cookie.
*
* High values reduce the load on the database and the load from browsers,
* but can shorten the effective session lifetime if Etherpad is restarted
* or the user navigates away.
*
* Automatic session refreshes can be disabled (not recommended) by setting
* this to null.
*/
"sessionRefreshInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* Whether to periodically clean up expired and stale sessions from the
* database. Set to false to disable. Default: true.
*/
"sessionCleanup": true
},
/*
* Privacy: disable IP logging
*/
"disableIPlogging": false,
/*
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
* message is shown to user.
*
* Set to 0 to disable automatic reconnection.
*/
"automaticReconnectionTimeout": 0,
/*
* By default, when caret is moved out of viewport, it scrolls the minimum
* height needed to make this line visible.
*/
"scrollWhenFocusLineIsOutOfViewport": {
/*
* Percentage of viewport height to be additionally scrolled.
*
* E.g.: use "percentage.editionAboveViewport": 0.5, to place caret line in
* the middle of viewport, when user edits a line above of the
* viewport
*
* Set to 0 to disable extra scrolling
*/
"percentage": {
"editionAboveViewport": 0,
"editionBelowViewport": 0
},
/*
* Time (in milliseconds) used to animate the scroll transition.
* Set to 0 to disable animation
*/
"duration": 0,
/*
* Flag to control if it should scroll when user places the caret in the
* last line of the viewport
*/
"scrollWhenCaretIsInTheLastLineOfViewport": false,
/*
* Percentage of viewport height to be additionally scrolled when user
* presses arrow up in the line of the top of the viewport.
*
* Set to 0 to let the scroll to be handled as default by Etherpad
*/
"percentageToScrollWhenUserPressesArrowUp": 0
},
/*
* User accounts. These accounts are used by:
* - default HTTP basic authentication if no plugin handles authentication
* - some but not all authentication plugins
* - some but not all authorization plugins
*
* User properties:
* - password: The user's password. Some authentication plugins will ignore
* this.
* - is_admin: true gives access to /admin. Defaults to false. If you do not
* uncomment this, /admin will not be available!
* - readOnly: If true, this user will not be able to create new pads or
* modify existing pads. Defaults to false.
* - canCreate: If this is true and readOnly is false, this user can create
* new pads. Defaults to true.
*
* Authentication and authorization plugins may define additional properties.
*
* WARNING: passwords should not be stored in plaintext in this file.
* If you want to mitigate this, please install ep_hash_auth and
* follow the section "secure your installation" in README.md
*/
"users": {
"admin": {
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "admin",
"is_admin": true
}
},
/*
* Restrict socket.io transport methods
*/
"socketTransportProtocols" : ["websocket", "polling"],
"socketIo": {
/*
* Maximum permitted client message size (in bytes). This controls the
* maximum single-message size for socket.io and directly affects large
* paste operations. All messages from clients that are larger than this
* will be rejected. Large values make it possible to paste large amounts
* of text, and plugins may require a larger value to work properly, but
* increasing the value increases susceptibility to denial of service
* attacks (malicious clients can exhaust memory).
*
* 1MB accommodates large pastes while still preventing abuse.
*/
"maxHttpBufferSize": 1000000
},
/*
* Allow Load Testing tools to hit the Etherpad Instance.
*
* WARNING: this will disable security on the instance.
*/
"loadTest": false,
/**
* Disable dump of objects preventing a clean exit
*/
"dumpOnUncleanExit": false,
/*
* Disable indentation on new line when previous line ends with some special
* chars (':', '[', '(', '{')
*/
/*
"indentationOnNewLine": false,
*/
/*
* From Etherpad 1.8.3 onwards, import and export of pads is always rate
* limited.
*
* The default is to allow at most 10 requests per IP in a 90 seconds window.
* After that the import/export request is rejected.
*
* See https://github.com/nfriedly/express-rate-limit for more options
*/
"importExportRateLimiting": {
// duration of the rate limit window (milliseconds)
"windowMs": 90000,
// maximum number of requests per IP to allow during the rate limit window
"max": 10
},
/*
* From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
* file is always bounded.
*
* File size is specified in bytes. Default is 50 MB.
*/
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
/*
The authentication method used by the server.
The default value is sso
If you want to use the old authentication system, change this to apikey
*/
"authenticationMethod": "${AUTHENTICATION_METHOD:sso}",
/**
* Allow setting dark mode for the enduser. This is so if the user has preferred dark mode in their browser, Etherpad will respect that.
* Of course this overrides all the skin variants and the skinName set by the administrator.
**/
"enableDarkMode": "${ENABLE_DARK_MODE:true}",
/**
* Enable creator-owned Pad-wide Settings and new-pad default seeding from My View.
* Disabled by default to preserve the legacy single-settings behavior.
**/
"enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:false}",
/*
* From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
*
* The default is to allow at most 10 changes per IP in a 1 second window.
* After that the change is rejected.
*
* See https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#websocket-single-connection-prevent-flooding for more options
*/
"commitRateLimiting": {
// duration of the rate limit window (seconds)
"duration": 1,
// maximum number of changes per IP to allow during the rate limit window
"points": 10
},
/*
* Toolbar buttons configuration.
*
* Uncomment to customize.
*/
/*
"toolbar": {
"left": [
["bold", "italic", "underline", "strikethrough"],
["orderedlist", "unorderedlist", "indent", "outdent"],
["undo", "redo"],
["clearauthorship"]
],
"right": [
["importexport", "timeslider", "savedrevision"],
["settings", "embed", "home"],
["showusers"]
],
"timeslider": [
["timeslider_export", "timeslider_returnToPad"]
]
},
*/
/*
* Expose Etherpad version in the web interface and in the Server http header.
*
* Do not enable on production machines.
*/
"exposeVersion": false,
/*
* The log level we are using.
*
* Valid values: DEBUG, INFO, WARN, ERROR
*/
"loglevel": "INFO",
/*
* The log layout type to use.
*
* Valid values: basic, colored
*/
"logLayoutType": "colored",
/* Override any strings found in locale directories */
"customLocaleStrings": {},
/* Disable Admin UI tests */
"enableAdminUITests": false,
/*
* Enable/Disable case-insensitive pad names.
*/
"lowerCasePadIds": false,
"sso": {
"issuer": "${SSO_ISSUER:http://localhost:9001}",
"clients": [
{
"client_id": "${ADMIN_CLIENT:admin_client}",
"client_secret": "${ADMIN_SECRET:admin}",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
},
{
"client_id": "${USER_CLIENT:user_client}",
"client_secret": "${USER_SECRET:user}",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
}
]
}
/* Set the time to live for the tokens
This is the time of seconds a user is logged into Etherpad
"ttl": {
"AccessToken": 3600,
"AuthorizationCode": 600,
"ClientCredentials": 3600,
"IdToken": 3600,
"RefreshToken": 86400
}
*/
}
-134
View File
@@ -1,134 +0,0 @@
{
"title": "joeac's docs",
"showRecentPads": true,
"favicon": null,
"skinName": "colibris",
"skinVariants": "super-light-toolbar super-light-editor light-background",
"ip": "0.0.0.0",
"port": ${ETHERPAD_PORT},
"showSettingsInAdminPage": true,
"enableMetrics": "$${ENABLE_METRICS:true}",
"cleanup": {
"enabled": false,
"keepRevisions": 5
},
"dbType": "sqlite",
"dbSettings": {
"filename": "var/etherpad.sq3"
},
"defaultPadText" : "",
"padOptions": {
"noColors": false,
"showControls": true,
"showChat": true,
"showLineNumbers": true,
"useMonospaceFont": false,
"userName": null,
"userColor": null,
"rtl": false,
"alwaysShowChat": false,
"chatAndUsers": false,
"lang": null
},
"padShortcutEnabled" : {
"altF9": true,
"altC": true,
"cmdShift2": true,
"delete": true,
"return": true,
"esc": true,
"cmdS": true,
"tab": true,
"cmdZ": true,
"cmdY": true,
"cmdI": true,
"cmdB": true,
"cmdU": true,
"cmd5": true,
"cmdShiftL": true,
"cmdShiftN": true,
"cmdShift1": true,
"cmdShiftC": true,
"cmdH": true,
"ctrlHome": true,
"pageUp": true,
"pageDown": true
},
"updateServer": "https://etherpad.org/ep_infos",
"suppressErrorsInPadText": false,
"requireSession": false,
"editOnly": false,
"minify": true,
"maxAge": 21600,
"soffice": null,
"docxExport": true,
"allowUnknownFileEnds": true,
"requireAuthentication": false,
"requireAuthorization": false,
"trustProxy": false,
"cookie": {
"keyRotationInterval": 86400000,
"sameSite": "Lax",
"sessionLifetime": 864000000,
"sessionRefreshInterval": 86400000,
"sessionCleanup": true
},
"disableIPlogging": false,
"automaticReconnectionTimeout": 0,
"scrollWhenFocusLineIsOutOfViewport": {
"percentage": {
"editionAboveViewport": 0,
"editionBelowViewport": 0
},
"duration": 0,
"scrollWhenCaretIsInTheLastLineOfViewport": false,
"percentageToScrollWhenUserPressesArrowUp": 0
},
"users": {
"admin": {
"password": "admin",
"is_admin": true
}
},
"socketTransportProtocols" : ["websocket", "polling"],
"socketIo": {
"maxHttpBufferSize": 1000000
},
"loadTest": false,
"dumpOnUncleanExit": false,
"importExportRateLimiting": {
"windowMs": 90000,
"max": 10
},
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
"authenticationMethod": "$${AUTHENTICATION_METHOD:sso}",
"enableDarkMode": "$${ENABLE_DARK_MODE:true}",
"enablePadWideSettings": "$${ENABLE_PAD_WIDE_SETTINGS:false}",
"commitRateLimiting": {
"duration": 1,
"points": 10
},
"logLayoutType": "colored",
"customLocaleStrings": {},
"enableAdminUITests": false,
"lowerCasePadIds": false,
"sso": {
"issuer": "$${SSO_ISSUER:http://localhost:${ETHERPAD_PORT}}",
"clients": [
{
"client_id": "$${ADMIN_CLIENT:admin_client}",
"client_secret": "$${ADMIN_SECRET:admin}",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"redirect_uris": ["$${ADMIN_REDIRECT:http://localhost:${ETHERPAD_PORT}/admin/}"]
},
{
"client_id": "$${USER_CLIENT:user_client}",
"client_secret": "$${USER_SECRET:user}",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"redirect_uris": ["$${USER_REDIRECT:http://localhost:${ETHERPAD_PORT}/}"]
}
]
}
}
+14
View File
@@ -1,6 +1,13 @@
# A prefix for remote container names
# If you're running on ARM 32-bit CPU architecture, use 'armv7/', otherwise keep blank
CONTAINER_PREFIX=
# The hostname to use for the local SMTP server
LOCAL_SMTP_HOST=smtp
# The port to use for the local SMTP server
LOCAL_SMTP_PORT=2500
# The username for authenticating to the local SMTP server
LOCAL_SMTP_USER=smtp
@@ -50,3 +57,10 @@ ETHERPAD_NODE_ENV=production
# The admin password for the Etherpad instance
ETHERPAD_ADMIN_PASSWORD=
# The ports on which to run apps
# See also: LOCAL_SMTP_PORT
ETHERPAD_PORT=9001
HTTP_PORT=8080
GEMINI_PORT=1965
VAULTWARDEN_PORT=9000
+5 -3
View File
@@ -1,12 +1,13 @@
FROM git.joeac.net/joeac/${IMAGE_PREFIX}agate:3.3.20-alpine3.23 AS agate
FROM git.joeac.net/joeac/${IMAGE_PREFIX}comitium:1.8.2-alpine3.23 AS comitium
FROM git.joeac.net/joeac/${IMAGE_PREFIX}crond:1.37.0-r30-alpine3.23 AS final
FROM git.joeac.net/joeac/armv7/agate:3.3.20-alpine3.23 AS agate
FROM git.joeac.net/joeac/armv7/comitium:1.8.2-alpine3.23 AS comitium
FROM git.joeac.net/joeac/armv7/crond:1.37.0-r30-alpine3.23 AS final
RUN apk --no-cache add gcc # dependency for agate
COPY --from=agate /root/.cargo/bin/agate /usr/local/bin/agate
COPY --from=comitium /usr/local/bin/comitium /usr/local/bin/comitium
RUN mkdir -p /var/app/content
WORKDIR /var/app
COPY gemini/.certificates .certificates
RUN crontab -l > crontab.tmp \
&& echo "0 */6 * * * /usr/local/bin/comitium refresh --data /var/app/comitium-data" >> crontab.tmp \
&& crontab crontab.tmp \
@@ -14,6 +15,7 @@ RUN crontab -l > crontab.tmp \
COPY gemini/run.sh /var/app/
COPY gemini/content /var/app/content
COPY gemini/comitium-data /var/app/comitium-data
COPY common /var/common
CMD ./run.sh
-22
View File
@@ -1,22 +0,0 @@
GEMINI_COMITIUM_DATA_FILES := $(addprefix $(GEMINI_COMITIUM_DATA_DIR)/,$(notdir $(wildcard comitium-data/*)))
.PHONY: install
install: $(GEMINI_CERTIFICATES_DIR) $(GEMINI_COMITIUM_DATA_FILES)
.PHONY: reinstall
reinstall: $(GEMINI_CERTIFICATES_DIR) $(GEMINI_COMITIUM_DATA_FILES)
$(GEMINI_CERTIFICATES_DIR):
sudo mkdir -p $(GEMINI_CERTIFICATES_DIR)
$(let gemini_user,$(shell whoami),sudo chown -R $(gemini_user):$(gemini_user) $(GEMINI_CERTIFICATES_DIR))
$(GEMINI_COMITIUM_DATA_DIR)/%: comitium-data/% $(GEMINI_COMITIUM_DATA_DIR)
sudo cp $< $@
$(let gemini_user,$(shell whoami),sudo chown $(gemini_user):$(gemini_user) $@)
$(GEMINI_COMITIUM_DATA_DIR):
sudo mkdir -p $(GEMINI_COMITIUM_DATA_DIR)
.PHONY: uninstall
uninstall:
sudo rm -rf $(GEMINI_COMITIUM_DATA_DIR)
+5 -5
View File
@@ -40,12 +40,12 @@ default_layout_file = $(if \
layout_file = $(if $(layout),share/layouts/$(layout).layout.upp$(ext),$(default_layout_file))
define out_rule =
out/%.$(ext): src/%$(if $(layout),.$(layout)).upp$(ext) $(layout_file) $(component_files) bin/pp
out/%.$(ext): src/%$(if $(layout),.$(layout)).upp$(ext) $(layout_file) $(component_files)
./bin/mkws https://joeac.net "$$$$(realpath $$<)"
endef
define blog_rss_feed_rule =
out/$(blog)/rss.xml: src/$(blog)/rss.uppxml $(blog_src) $(wildcard bin/*) bin/pp
out/$(blog)/rss.xml: src/$(blog)/rss.uppxml $(blog_src) $(wildcard bin/*)
./bin/mkws https://joeac.net "$$(realpath src/$(blog)/rss.uppxml)"
endef
@@ -64,7 +64,7 @@ $(blog_post_target): $(blog_post_src) $(let ext,html,$(layout_file) $(component_
endef
define blog_index_rule =
out/$(blog).html: src/$(blog).upphtml $(blog_src) $(wildcard bin/*) bin/pp
out/$(blog).html: src/$(blog).upphtml $(blog_src) $(wildcard bin/*)
./bin/mkws https://joeac.net "$$(realpath src/$(blog).upphtml)"
endef
@@ -106,10 +106,10 @@ share/man/man1/pp.1:
cp pp/pp.1 share/man/man1/pp.1
.PHONY: out
out: $(out_deps)
out: bin/pp $(out_deps)
bin/pp:
$(MAKE) --directory=pp && chmod +x pp/pp && cp pp/pp bin/pp
cd pp && $(MAKE) && chmod +x pp && cp pp ../bin/pp
$(foreach ext,$(sort $(out_deps_ext)),\
$(eval $(out_rule)))
-113
View File
@@ -1,113 +0,0 @@
#!/bin/sh
get_var_value()
{
expr "$(env | grep "^${1}=")" : "${1}=\(.*\)\$"
}
if [ -z "$(which podman 2>/dev/null)" ]
then
sudo apk add podman
fi
if [ -z "$(which podman-compose 2>/dev/null)" ]
then
sudo apk add podman-compose
fi
if [ -z "$(which yq 2>/dev/null)" ]
then
YQ_PLATFORM="linux_$(expr "$(arch)" : "armv7" && echo arm || expr "$(arch)" : "x86_64" && echo amd64 || arch)"
sudo wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${YQ_PLATFORM}
sudo chmod +x /usr/local/bin/yq
fi
if [ -z "$(which envsubst 2>/dev/null)" ]
then
if [ "$(arch)" = "x86_64" ] || [ "$(arch)" = "arm64" ]
then
ENVSUBST_VERSION=1.4.3
sudo wget -O /usr/local/bin/envsubst https://github.com/a8m/envsubst/releases/download/v${ENVSUBST_VERSION}/envsubst-Linux-$(arch)
sudo chmod +x /usr/local/bin/envsubst
else
sudo apk add go
go install github.com/a8m/envsubst/cmd/envsubst@latest
fi
fi
if [ -z "$(which bash 2>/dev/null)" ]
then
sudo apk add bash
fi
if [ -z "$(grep "\bjoeac.net\b" /etc/group)" ]
then
sudo adduser -D -h /home/joeac.net joeac.net
sudo adduser joeac.net joeac.net
fi
if ! ( expr "$(groups joeac.net)" wheel )
then
sudo adduser joeac.net wheel
fi
su -l joeac.net
if ! [ $(whoami) = "joeac.net" ]
then
echo "Could not log in to user: joeac.net. Log in manually and re-run this script as joeac.net."
exit 1
fi
if ! [ -d /home/joeac.net/joeac.net/.git ]
then
git clone https://git.joeac.net/joeac/joeac.net.git /home/joeac.net/joeac.net
fi
sudo chown joeac.net:joeac.net /home/joeac.net/joeac.net
sudo chmod 770 /home/joeac.netjoeac.net
if ! [ -f DIGITALOCEAN_TOKEN ]
then
if [ -z "${DIGITALOCEAN_TOKEN}" ]
then
read -sp "DIGITALOCEAN_TOKEN: " DIGITALOCEAN_TOKEN
fi
echo ${DIGITALOCEAN_TOKEN} > /home/joeac.net/joeac.net/DIGITALOCEAN_TOKEN
fi
if ! ( podman secret exists remote_smtp_password )
then
if [ -z "${REMOTE_SMTP_PASSWORD}" ]
then
read -sp "REMOTE_SMTP_PASSWORD: " REMOTE_SMTP_PASSWORD
fi
echo "${REMOTE_SMTP_PASSWORD}" | podman secret create remote_smtp_password -
unset REMOTE_SMTP_PASSWORD
fi
while read line
do
if expr "${line}" : "[[:alnum:]_]\+=" 1>/dev/null
then
var_name="$(expr "${line}" : "\([[:alnum:]_]\+\)=")"
if [ -n "$(grep "^${var_name}=" /home/joeac.net/joeac.net/.env)" ]
then
continue
fi
if [ -z "$(get_var_value ${var_name})" ]
then
default_value="$(expr "${line}" : "[[:alnum:]_]\+=\(.*\)\$")"
read -sp "${var_name}: " ${var_name}
if [ -z "$(get_var_value ${var_name})" ]
then
eval ${var_name}="${default_value}"
fi
fi
echo "${var_name}=$(get_var_value ${var_name})" >> /home/joeac.net/joeac.net/.env
fi
done </home/joeac.net/joeac.net/example.env
make --directory=/home/joeac.net/joeac.net
make --directory=/home/joeac.net/joeac.net install
+6 -6
View File
@@ -1,14 +1,14 @@
.PHONY: install
install: $(PUBLIC_ROOT_DIR_ln)
install: /var/ln.joeac.net/public
.PHONY: reinstall
reinstall: install
$(PUBLIC_ROOT_DIR_ln): public
sudo rm -rf $(PUBLIC_ROOT_DIR_ln)
sudo mkdir -p $(PUBLIC_ROOT_DIR_ln)
sudo cp -r public/ $(PUBLIC_ROOT_DIR_ln)/
/var/ln.joeac.net/public: public
sudo rm -rf /var/ln.joeac.net/public
sudo mkdir -p /var/ln.joeac.net/
sudo cp -r public/ /var/ln.joeac.net/public/
.PHONY: uninstall
uninstall:
sudo rm -rf $(PUBLIC_ROOT_DIR_ln)
sudo rm -rf /var/ln.joeac.net
-28
View File
@@ -1,28 +0,0 @@
REGISTRY_DOMAIN := git.joeac.net
REGISTRY_USER := joeac
container_image_name = $(shell $(COMPOSE_CMD) config | yq ".services.$(module).image")
is_containerised = $(filter $(COMPOSE_SERVICES),$(module))
is_own_image = $(filter git.joeac.net/%,$(container_image_name))
has_dockerfile = $(shell test -f $(module).Dockerfile)
define build_module_rule =
.PHONY: build_$(module)
build_$(module): $(if $(is_containerised),make_$(module) $(if $(has_dockerfile),$(module).Dockerfile))
$(if $(is_containerised),\
$(COMPOSE_CMD) build $(module))
endef
define push_module_rule =
.PHONY: push_$(module)
push_$(module): $(if $(is_containerised),login_registry)
$(if $(is_containerised),$(if $(is_own_image),\
podman push $(container_image_name)))
endef
$(foreach module,$(MODULES),$(eval $(call build_module_rule)))
$(foreach module,$(MODULES),$(eval $(call push_module_rule)))
.PHONY: login_registry
login_registry:
podman login $(REGISTRY_DOMAIN)
-55
View File
@@ -1,55 +0,0 @@
installed_dyndns_crontabs = $(wildcard /etc/periodic/daily/dyndns-*.joeac.net)
installed_dyndns_subdomains = $(installed_dyndns_crontabs:/etc/periodic/daily/dyndns-%.joeac.net=%)
dyndns_subdomains_to_remove = $(filter-out $(SUBDOMAINS),$(installed_dyndns_subdomains))
dyndns_crontabs_to_remove = $(dyndns_subdomains_to_remove:%=/etc/periodic/daily/dyndns-%.joeac.net)
define install_dyndns_module_rule =
.PHONY: install_dyndns_$(module)
install_dyndns_module_$(module): $(if $(SUBDOMAIN_$(module)),/etc/periodic/daily/dyndns-$(SUBDOMAIN_$(module)).joeac.net)
endef
define reinstall_dyndns_module_rule =
.PHONY: reinstall_dyndns_$(module)
reinstall_dyndns_$(module): $(if $(SUBDOMAIN_$(module)),/etc/periodic/daily/dyndns-$(SUBDOMAIN_$(module)).joeac.net reinstall_dyndns)
endef
define uninstall_dyndns_module_rule =
.PHONY: uninstall_dyndns_$(module)
uninstall_dyndns_$(module):
$(if $(SUBDOMAIN_$(module)), \
sudo rm -f /etc/periodic/daily/dyndns-$(SUBDOMAIN_$(module)).joeac.net
)
endef
$(foreach module,$(ALL_MODULES), $(eval $(install_dyndns_module_rule)))
$(foreach module,$(ALL_MODULES), $(eval $(reinstall_dyndns_module_rule)))
$(foreach module,$(ALL_MODULES), $(eval $(uninstall_dyndns_module_rule)))
.PHONY: remove_/etc/periodic/daily/dyndns-%.joeac.net
remove_/etc/periodic/daily/dyndns-%.joeac.net:
rm -f $(@:remove_%=%)
/etc/periodic/daily/dyndns-%joeac.net: ~/digitalocean_dyndns/dyndns.sh ~/.config/dyndns/DIGITALOCEAN_TOKEN
echo "#!/bin/sh" > crontab.tmp
echo " $(shell realpath ~)/digitalocean_dyndns/dyndns.sh 4 $(*F)joeac.net" >> crontab.tmp
echo "CONN_DEVICE_NAME=eth0 $(shell realpath ~)/digitalocean_dyndns/dyndns.sh 6 $(*F)joeac.net" >> crontab.tmp
sudo mv crontab.tmp $@
sudo chmod +x $@
.PHONY: reinstall_dyndns
reinstall_dyndns: $(addprefix remove_,$(dyndns_crontabs_to_remove))
.PHONY: uninstall_dyndns
uninstall_dyndns: $(foreach module,$(ALL_MODULES),$(uninstall_dyndns_$(module)))
sudo rm -rf \
~/digitalocean_dyndns/ \
~/.config/dyndns \
~/.cache/dyndns
~/digitalocean_dyndns/%:
git clone https://git.joeac.net/joeac/digitalocean_dyndns.git ~/digitalocean_dyndns
~/.config/dyndns/DIGITALOCEAN_TOKEN: DIGITALOCEAN_TOKEN
mkdir -p ~/.config/dyndns/
rm -f ~/.config/dyndns/DIGITALOCEAN_TOKEN
cp DIGITALOCEAN_TOKEN ~/.config/dyndns/DIGITALOCEAN_TOKEN
-75
View File
@@ -1,75 +0,0 @@
installed_nginx_sites = $(wildcard /etc/nginx/http.d/*.joeac.net.conf)
installed_nginx_subdomains = $(installed_nginx_sites:/etc/nginx/http.d/%.joeac.net.conf=%)
nginx_subdomains_to_remove = $(filter-out $(NGINX_SUBDOMAINS),$(installed_nginx_subdomains))
nginx_sites_to_remove = $(nginx_subdomains_to_remove:%=/etc/nginx/http.d/%.joeac.net.conf)
nginx_module_config_template = \
$(if $(PORT_$(module)),nginx/http.d/reverse_proxy.conf.template) \
$(if $(PUBLIC_ROOT_DIR_$(module)),nginx/http.d/static.conf.template)
nginx_module_config_template_args = \
CERTNAME=$(SUBDOMAIN_$(module)).joeac.net \
DOMAIN=$(if $(filter-out @,$(SUBDOMAIN_$(module))),$(SUBDOMAIN_$(module)).)joeac.net \
$(if $(PORT_$(module)),PORT=$(PORT_$(module)) HOST=$(HOST_$(module))) \
$(if $(PUBLIC_ROOT_DIR_$(module)),ROOT="$(PUBLIC_ROOT_DIR_$(module))")
define install_nginx_module_rule =
.PHONY: install_nginx_$(module)
install_nginx_$(module): $(if $(SUBDOMAIN_$(module)),/etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf)
endef
define reinstall_nginx_module_rule =
.PHONY: reinstall_nginx_$(module)
reinstall_nginx_$(module): $(if $(SUBDOMAIN_$(module)),/etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf)
endef
define uninstall_nginx_module_rule =
.PHONY: uninstall_nginx_$(module)
uninstall_nginx_$(module):
$(if $(SUBDOMAIN_$(module)),sudo rm -f /etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf)
endef
define remove_nginx_site_rule =
remove_$(site):
sudo rm -f $(site)
endef
define nginx_module_config_rule =
/etc/nginx/http.d/$(SUBDOMAIN_$(module)).joeac.net.conf: $(nginx_module_config_template) /etc/nginx/http.d /etc/nginx/nginx.conf
$(nginx_module_config_template_args) envsubst -i $$< -o $$(notdir $$@).tmp
sudo cp $$(notdir $$@).tmp $$@
sudo rc-service nginx restart
endef
$(foreach module,$(ALL_MODULES),$(eval $(install_nginx_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(reinstall_nginx_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(uninstall_nginx_module_rule)))
$(foreach site,$(nginx_sites_to_remove),$(eval $(remove_nginx_site_rule)))
$(foreach module,$(ALL_NGINX_MODULES),$(eval $(nginx_module_config_rule)))
/etc/nginx/http.d:
sudo mkdir -p /etc/nginx/http.d
.PHONY: remove_/etc/nginx/http.d/%.joeac.net.conf
remove_/etc/nginx/http.d/%.joeac.net.conf:
rm -f $(@:remove_%=%)
.PHONY: install_nginx
install_nginx: /etc/nginx/nginx.conf $(addprefix install_nginx_,$(NGINX_MODULES))
.PHONY: reinstall_nginx
reinstall_nginx: /etc/nginx/nginx.conf $(add_prefix reinstall_nginx_,$(NGINX_MODULES)) $(addprefix remove_,$(nginx_sites_to_remove))
.PHONY: uninstall_nginx
uninstall_nginx: $(foreach module,$(NGINX_MODULES),uninstall_nginx_$(module))
ifeq ($(shell test -d /etc/nginx/nginx.joeac.net-backup && echo 1 || echo 0),0)
$(warn No nginx backup config detected: doing nothing)
else
sudo mv /etc/nginx/nginx.joeac.net-backup /etc/nginx/nginx.conf
sudo rc-service nginx restart
endif
/etc/nginx/nginx.conf: nginx/nginx.conf /etc/nginx/nginx.joeac.net-backup
sudo cp $< $@
sudo rc-service nginx restart
/etc/nginx/nginx.joeac.net-backup:
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.joeac.net-backup
-74
View File
@@ -1,74 +0,0 @@
is_openrc_module = $(filter $(COMPOSE_SERVICES),$(module))
openrc_module_target = $(if $(is_openrc_module),~/.config/rc/init.d/joeac.net.$(module))
define install_openrc_module_rule =
.PHONY: install_openrc_$(module)
install_openrc_$(module): $(if $(is_openrc_module),$(openrc_module_target) openrc_add_$(module) openrc_start_$(module))
~/.config/rc/init.d/joeac.net.$(module): ~/.config/rc/init.d/joeac.net ~/.config/rc/runlevels/default
rm -f ~/.config/rc/init.d/joeac.net.$(module)
ln -s $(shell realpath ~)/.config/rc/init.d/joeac.net ~/.config/rc/init.d/joeac.net.$(module)
endef
define reinstall_openrc_module_rule =
.PHONY: reinstall_openrc_$(module)
reinstall_openrc_$(module): $(if $(is_openrc_module),$(openrc_module_target) openrc_restart_$(module))
endef
define uninstall_openrc_module_rule =
.PHONY: uninstall_openrc_$(module)
uninstall_openrc_$(module):
$(if $(is_openrc_module),\
rc-service -U joeac.net.$(module) stop; \
rc-update -U del joeac.net.$(module) default; \
rm -f ~/.config/rc/init.d/joeac.net.$(module); \
)
endef
define openrc_add_rule =
.PHONY: openrc_add_$(module)
openrc_add_$(module):
rc-update -U add joeac.net.$(module) default
endef
define openrc_start_rule =
.PHONY: openrc_start_$(module)
openrc_start_$(module):
rc-service -U joeac.net.$(module) start
endef
define openrc_restart_rule =
.PHONY: openrc_restart_$(module)
openrc_restart_$(module):
rc-service -U joeac.net.$(module) restart
endef
$(foreach module,$(ALL_MODULES),$(eval $(install_openrc_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(reinstall_openrc_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(uninstall_openrc_module_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(openrc_add_rule)))
$(foreach module,$(ALL_MODULES),$(eval $(openrc_start_rule)))
$(foreach module,$(MODULES),$(eval $(openrc_restart_rule)))
~/.config/rc/init.d/joeac.net: openrc/init.d/joeac.net.template ~/.config/rc/init.d ~/.config/rc/runlevels/default /etc/init.d/user.$(USER) /etc/conf.d/user.$(USER)
rm -f ~/.config/rc/init.d/joeac.net; \
mkdir -p ~/.config/rc/init.d; \
COMPOSECMD="$(COMPOSE_CMD)" envsubst -i openrc/init.d/joeac.net.template -o ~/.config/rc/init.d/joeac.net
chmod +x ~/.config/rc/init.d/joeac.net
~/.config/rc/init.d:
mkdir -p ~/.config/rc/init.d
~/.config/rc/runlevels/default:
mkdir -p ~/.config/rc/runlevels/default
/etc/init.d/user.$(USER):
sudo ln -s /etc/init.d/user /etc/init.d/user.$(USER)
/etc/conf.d/user.$(USER): openrc/conf.d/user.template
USER=$(USER) envsubst -i openrc/conf.d/user.template -o openrc/conf.d/user.$(USER)
sudo mv openrc/conf.d/user.$(USER) /etc/conf.d/user.$(USER)
sudo rc-update add user.$(USER) default
.PHONY: uninstall_joeac.net_service
rm ~/.config/rc/joeac.net
-89
View File
@@ -1,89 +0,0 @@
installed_tls_crontabs = $(wildcard /etc/periodic/daily/tls-*.joeac.net)
installed_tls_crontab_subdomains = $(installed_tls_crontabs:/etc/periodic/daily/tls-%.joeac.net=%)
tls_crontab_subdomains_to_remove = $(filter-out $(SUBDOMAINS),$(installed_tls_crontab_subdomains))
tls_crontabs_to_remove = $(tls_crontab_subdomains_to_remove:%=/etc/periodic/daily/tls-%.joeac.net)
installed_tls_certs = $(wildcard /etc/letsencrypt/live/*.joeac.net)
installed_tls_cert_subdomains = $(installed_tls_certs:/etc/letsencrypt/live/%.joeac.net=%)
tls_cert_subdomains_to_delete = $(filter-out $(SUBDOMAINS),$(installed_tls_cert_subdomains))
tls_crontab = /etc/periodic/daily/tls-$(subdomain).joeac.net
tls_cert = /etc/letsencrypt/live/$(subdomain).joeac.net/fullchain.pem
define install_tls_subdomain_rule =
.PHONY: install_tls_$(subdomain)
install_tls_$(subdomain): $(tls_crontab) $(tls_cert)
endef
define reinstall_tls_subdomain_rule =
.PHONY: reinstall_tls_$(subdomain)
reinstall_tls_$(subdomain): $(tls_crontab) renew_$(tls_cert)
endef
define uninstall_tls_subdomain_rule =
.PHONY: uninstall_tls_$(subdomain)
uninstall_tls_$(subdomain): delete_cert_$(subdomain).joeac.net
$(if $(shell [ -f $(tls_crontab) ] && echo 1),\
sudo rm -f $(tls_crontab)
)
endef
define obtain_or_renew_cert_cmd =
sudo certbot certonly \
--nginx \
--cert-name $(subdomain).joeac.net \
--domain $(subst @.,,$(subdomain).)joeac.net \
--non-interactive \
&& sudo chown -R joeac.net:joeac.net $(dir $(tls_cert))
endef
is_cert_expired = $(shell sudo certbot certificates --cert-name $(subdomain).joeac.net \
| grep "Expiry Date" | grep -E "(EXPIRED|REVOKED)")
define cert_rule =
$(tls_cert):
$(obtain_or_renew_cert_cmd)
.PHONY: renew_$(tls_cert)
renew_$(tls_cert):
$$(if $$(is_cert_expired),$(obtain_or_renew_cert_cmd))
endef
$(foreach subdomain,$(ALL_SUBDOMAINS), $(eval $(install_tls_subdomain_rule)))
$(foreach subdomain,$(ALL_SUBDOMAINS), $(eval $(reinstall_tls_subdomain_rule)))
$(foreach subdomain,$(ALL_SUBDOMAINS), $(eval $(uninstall_tls_subdomain_rule)))
$(foreach subdomain,$(ALL_SUBDOMAINS), $(eval $(cert_rule)))
.PHONY: remove_/etc/periodic/daily/tls-%.joeac.net
remove_/etc/periodic/daily/tls-%.joeac.net:
rm -f $(@:remove_%=%)
.PHONY: delete_cert_%
delete_cert_%:
sudo certbot delete --cert-name $(@:delete_cert_%=%).joeac.net --non-interactive
/etc/periodic/daily/tls-%joeac.net:
echo "#!/bin/sh" > crontab.tmp
echo "$(obtain_or_renew_cert_cmd)" >> crontab.tmp
sudo mv crontab.tmp $@
sudo chmod +x $@
certs_to_renew = $(foreach subdomain,$(filter $(SUBDOMAINS),$(installed_tls_cert_subdomains)),$(tls_cert))
tls_crontabs_to_install = $(foreach subdomain,$(SUBDOMAINS),$(tls_crontab))
tls_certs_to_install = $(foreach subdomain,$(SUBDOMAINS),$(tls_cert))
.PHONY: install_tls
install_tls: $(tls_crontabs_to_install) $(tls_certs_to_install) $(addprefix remove_,$(tls_crontabs_to_remove)) $(addprefix delete_cert_,$(tls_cert_subdomains_to_delete)) $(addprefix renew_,$(certs_to_renew))
.PHONY: reinstall_tls
reinstall_tls: install_tls
.PHONY: uninstall_tls
uninstall_tls: $(foreach subdomain,$(ALL_SUBDOMAINS),$(uninstall_tls_$(subdomain)))
.PHONY: install_certbot
install_certbot: /usr/bin/certbot /usr/bin/python /usr/lib/$(shell ls /usr/bin | grep python[0-9]\\.)/certbot_nginx
/usr/bin/certbot /usr/bin/python:
sudo apk add certbot
/usr/lib/python%/certbot_nginx:
sudo apk add certbot-nginx
-91
View File
@@ -1,91 +0,0 @@
capitalise = $(shell echo "$(1)" | tr '[:lower:]' '[:upper:]')
USER := $(shell whoami)
HOSTNAME := $(shell cat /etc/hostname)
HOSTNAMES := pi-broughton blade-canongate
IP_ADDR_pi-broughton := 192.168.178.54
IP_ADDR_blade-canongate := 192.168.178.75
MASTER_NODE := blade-canongate
IS_MASTER_NODE := $(filter $(MASTER_NODE),$(HOSTNAME))
MODULES_pi-broughton := actualbudget http smtp vaultwarden ln
MODULES_blade-canongate := etherpad gemini mox mox_clientsettings mox_autoconfig mox_mta_sts
ALL_NGINX_MODULES := actualbudget http vaultwarden ln etherpad mox mox_clientsettings mox_autoconfig mox_mta_sts
NGINX_MODULES := $(if $(IS_MASTER_NODE),$(ALL_NGINX_MODULES))
MODULES := $(MODULES_$(HOSTNAME))
ALL_MODULES := $(sort $(foreach hostname,$(HOSTNAMES),$(MODULES_$(hostname))))
COMPOSE_SERVICES := $(shell podman-compose config \
| yq ".services | keys" --output-format csv --csv-separator " ")
MAKE_MODULES := $(foreach module,$(MODULES),\
$(shell [ -f $(module)/Makefile ] && echo $(module)))
SUBDOMAIN_actualbudget := budget
SUBDOMAIN_http := @
SUBDOMAIN_vaultwarden := pwd
SUBDOMAIN_etherpad := docs
SUBDOMAIN_ln := ln
SUBDOMAIN_mox := mail
SUBDOMAIN_mox_autoconfig := autoconfig.mail
SUBDOMAIN_mox_clientsettings := clientsettings.mail
SUBDOMAIN_mox_mta_sts := mta-sts.mail
PORT_actualbudget := 5006
PORT_etherpad := 9001
PORT_http := 8080
PORT_gemini := 1965
PORT_mox := 81
PORT_mox_autoconfig := $(PORT_mox)
PORT_mox_clientsettings := $(PORT_mox)
PORT_mox_mta_sts := $(PORT_mox)
PORT_smtp := 2500
PORT_vaultwarden := 9000
PUBLIC_ROOT_DIR_ln := /var/ln.joeac.net/public
export ACTUALBUDGET_DATA_DIR := /var/joeac.net-actualbudget/var
export ETHERPAD_DATA_DIR := /var/etherpad/var
export GEMINI_CERTIFICATES_DIR := /var/joeac.net-gemini/certificates
export GEMINI_COMITIUM_DATA_DIR := /var/joeac.net-gemini/comitium-data
export VAULTWARDEN_DATA_DIR := /var/vaultwarden/data
ALPINE_VERSION := 3.23
ETHERPAD_VERSION := 3.3.2
$(foreach module,$(ALL_MODULES),$(if $(PORT_$(module)),$(eval \
export $(call capitalise,$(module))_PORT := $(PORT_$(module)))))
$(foreach hostname,$(HOSTNAMES),$(foreach module,$(MODULES_$(hostname)),$(eval \
export HOST_$(module) := $(if $(filter $(HOSTNAME),$(hostname)),127.0.0.1,$(IP_ADDR_$(hostname))))))
ALL_SUBDOMAINS := $(foreach module,$(ALL_MODULES),$(SUBDOMAIN_$(module)))
SUBDOMAINS := $(if $(IS_MASTER_NODE),$(ALL_SUBDOMAINS))
NGINX_SUBDOMAINS := $(foreach module,$(NGINX_MODULES),$(SUBDOMAIN_$(module)))
ENV_RULES := $(foreach module,$(MODULES),$(if $(shell test -d $(module) && echo 1),$(module)/.env))
MAKE_RULES := $(foreach module,$(MAKE_MODULES),make_$(module))
BUILD_RULES := $(foreach module,$(filter $(COMPOSE_SERVICES),$(MODULES)),build_$(module))
PUSH_RULES := $(foreach module,$(filter $(COMPOSE_SERVICES),$(MODULES)),push_$(module))
INSTALL_RULES := $(foreach module,$(MODULES),install_$(module))
REINSTALL_RULES := $(foreach module,$(MODULES),reinstall_$(module))
UNINSTALL_RULES := $(foreach module,$(MODULES),uninstall_$(module))
CPU_ARCH := $(if $(shell which arch 2>/dev/null),\
$(shell arch),\
$(shell lscpu | grep ^Architecture: | sed "s/^Architecture:[[:space:]]*\([[:alnum:][:punct:]]\+\).*/\1/"))
IMAGE_PREFIX := $(if $(filter armv7%,$(CPU_ARCH)),armv7/)
COMPOSE_CMD := \
ALPINE_VERSION="$(ALPINE_VERSION)" \
IMAGE_PREFIX="$(IMAGE_PREFIX)" \
GEMINI_CERTIFICATES_DIR="$(GEMINI_CERTIFICATES_DIR)" \
GEMINI_COMITIUM_DATA_DIR="$(GEMINI_COMITIUM_DATA_DIR)" \
ETHERPAD_DATA_DIR="$(ETHERPAD_DATA_DIR)" \
ETHERPAD_VERSION="$(ETHERPAD_VERSION)" \
VAULTWARDEN_DATA_DIR="$(VAULTWARDEN_DATA_DIR)" \
LOCAL_SMTP_PORT=$(PORT_smtp) \
$(foreach module,$(ALL_MODULES),$(call capitalise,$(module))_PORT=$(PORT_$(module))) \
podman-compose
$(foreach module,$(ALL_NGINX_MODULES), \
$(if $(SUBDOMAIN_$(module)),, \
$(error $(module) is declared as an nginx module, but SUBDOMAIN_$(module) is not set)))
$(foreach module,$(ALL_NGINX_MODULES), \
$(if $(PORT_$(module)) $(HOST_$(module)),,$(if $(PUBLIC_ROOT_DIR_$(module)),, \
$(error $(module) is declared as an nginx module, but neither PUBLIC_ROOT_DIR_$(module), nor both PORT_$(module) and HOST_$(module), are set))))
-2
View File
@@ -1,2 +0,0 @@
config/dkim
config/adminpasswd
-6
View File
@@ -1,6 +0,0 @@
# mox
There are three secrets required for mox. One is the admin password, which
should be stored in config/adminpasswd. The other two are DKIM private keys,
which should be stored in the config/dkim directory. The public parts of these
keys should be exposed in DNS TXT records.
-52
View File
@@ -1,52 +0,0 @@
Domains:
mail.joeac.net:
ClientSettingsDomain: clientsettings.mail.joeac.net
LocalpartCatchallSeparator: +
DKIM:
Selectors:
2026a:
Expiration: 72h
PrivateKeyFile: dkim/2026a._domainkey.mail.joeac.net.20260705T163220.rsa2048.privatekey.pkcs8.pem
2026b:
Expiration: 72h
PrivateKeyFile: dkim/2026b._domainkey.mail.joeac.net.20260705T163220.rsa2048.privatekey.pkcs8.pem
Sign:
- 2026a
DMARC:
Localpart: dmarcreports
Account: me
Mailbox: DMARC
MTASTS:
PolicyID: 20260705T153220
Mode: enforce
MaxAge: 24h0m0s
MX:
- mail.joeac.net
TLSRPT:
Localpart: tlsreports
Account: me
Mailbox: TLSRPT
Accounts:
me:
Domain: mail.joeac.net
Destinations:
me@mail.joeac.net: nil
SubjectPass:
Period: 12h0m0s
RejectsMailbox: Rejects
AutomaticJunkFlags:
Enabled: true
JunkMailboxRegexp: ^(junk|spam)
NeutralMailboxRegexp: ^(inbox|neutral|postmaster|dmarc|tlsrpt|rejects)
JunkFilter:
Threshold: 0.950000
Params:
Onegrams: true
MaxPower: 0.010000
TopWords: 10
IgnoreWords: 0.100000
RareWords: 2
NoCustomPassword: true
MonitorDNSBLs:
- zen.spamhaus.org
- bl.spamcop.net
-74
View File
@@ -1,74 +0,0 @@
DataDir: ../data
LogLevel: debug
User: mox
Hostname: mail.joeac.net
AdminPasswordFile: adminpasswd
Listeners:
internal:
IPs:
- 127.0.0.1
- ::1
Hostname: localhost
AccountHTTP:
Enabled: true
Port: 1080
Forwarded: true
AdminHTTP:
Enabled: true
Port: 1080
Forwarded: true
WebmailHTTP:
Enabled: true
Port: 1080
Forwarded: true
WebAPIHTTP:
Enabled: true
Port: 1080
Forwarded: true
MetricsHTTP:
Enabled: true
AutoconfigHTTPS:
Enabled: true
Port: 81
NonTLS: true
MTASTSHTTPS:
Enabled: true
Port: 81
NonTLS: true
WebserverHTTP:
Enabled: true
Port: 81
public:
IPs:
- 192.168.178.75
- fdc9:6aec:7a18:0:2e0:4cff:fe61:9b17
NATIPs:
- 217.155.190.42
- fdc9:6aec:7a18:0:2e0:4cff:fe61:9b17
TLS:
KeyCerts:
-
CertFile: /etc/letsencrypt/live/mail.joeac.net/fullchain.pem
KeyFile: /etc/letsencrypt/live/mail.joeac.net/privkey.pem
-
CertFile: /etc/letsencrypt/live/mta-sts.mail.joeac.net/fullchain.pem
KeyFile: /etc/letsencrypt/live/mta-sts.mail.joeac.net/privkey.pem
-
CertFile: /etc/letsencrypt/live/autoconfig.mail.joeac.net/fullchain.pem
KeyFile: /etc/letsencrypt/live/autoconfig.mail.joeac.net/privkey.pem
-
CertFile: /etc/letsencrypt/live/clientsettings.mail.joeac.net/fullchain.pem
KeyFile: /etc/letsencrypt/live/clientsettings.mail.joeac.net/privkey.pem
SMTP:
Enabled: true
Submissions:
Enabled: true
IMAPS:
Enabled: true
Postmaster:
Account: me
Mailbox: Postmaster
HostTLSRPT:
Account: me
Mailbox: TLSRPT
Localpart: tlsreports
-8
View File
@@ -1,8 +0,0 @@
server:
auto-trust-anchor-file: /var/lib/unbound/root.key
qname-minimisation: yes
interface: 0.0.0.0
access-control: 192.168.0.0/16 allow
remote-control:
control-enable: yes
-63
View File
@@ -1,63 +0,0 @@
.PHONY: install
install: install_unbound install_mox
.PHONY: reinstall
reinstall: install_unbound install_mox
.PHONY: install_unbound
install_unbound: /usr/sbin/unbound /etc/resolv.conf /var/lib/unbound/root.key install_unbound_anchor_crontab /etc/unbound/unbound.conf.d/dnssec.conf
/usr/sbin/unbound:
sudo apk add unbound
sudo rc-update add unbound default
sudo rc-service unbound start
/etc/resolv.conf: resolv.conf /etc/resolv.conf.joeac.net-backup
sudo cp resolv.conf /etc/resolv.conf
/etc/resolv.conf.joeac.net-backup:
sudo mv /etc/resolv.conf /etc/resolv.conf.joeac.net-backup
/var/lib/unbound/root.key:
sudo mkdir -p /var/lib/unbound && sudo unbound-anchor -a /var/lib/unbound/root.key
UNBOUND_ANCHOR_CRONTAB_ENTRY := @reboot unbound-anchor -a /var/lib/unbound/root.key # managed by joeac.net
IS_CRONTAB_UP_TO_DATE := $(sudo grep "$(UNBOUND_ANCHOR_CRONTAB_ENTRY)" /etc/crontabs/root)
.PHONY: install_unbound_anchor_crontab
install_unbound_anchor_crontab:
$(if $(IS_CRONTAB_UP_TO_DATE),,\
sudo crontab -l > crontab.tmp; \
sed -i "s/.*unbound-anchor.*# managed by joeac.net//" crontab.tmp; \
echo "$(UNBOUND_ANCHOR_CRONTAB_ENTRY)" >> crontab.tmp; \
sudo crontab crontab.tmp; \
rm crontab.tmp; \
)
/etc/unbound/unbound.conf.d/dnssec.conf: dnssec.conf
sudo mkdir -p $(dir $@) && sudo cp $< $@
DKIM_PRIVATE_KEY_A := ~/mox/config/dkim/2026a._domainkey.mail.joeac.net.20260705T163220.rsa2048.privatekey.pkcs8.pem
DKIM_PRIVATE_KEY_B := ~/mox/config/dkim/2026b._domainkey.mail.joeac.net.20260705T163220.rsa2048.privatekey.pkcs8.pem
DKIM_PRIVATE_KEYS := $(DKIM_PRIVATE_KEY_A) $(DKIM_PRIVATE_KEY_B)
MOX_TLS_CERTS := /etc/letsencrypt/live/mail.joeac.net/fullchain.pem /etc/letsencrypt/live/autoconfig.mail.joeac.net/fullchain.pem /etc/letsencrypt/live/clientsettings.mail.joeac.net/fullchain.pem /etc/letsencrypt/live/mta-sts.mail.joeac.net/fullchain.pem
.PHONY: install_mox
install_mox: /usr/local/bin/mox ~/mox/config/mox.conf ~/mox/config/domains.conf ~/mox/config/adminpasswd ~/mox/data $(DKIM_PRIVATE_KEYS) $(MOX_TLS_CERTS)
MOX_PLATFORM := $(if $(filter armv7% arm32%,$(CPU_ARCH)),arm,amd64)
MOX_VERSION := 0.0.15
MOX_GO_VERSION := 1.26.4
MOX_CHECKSUM_amd64_v0.0.15_go1.26.4 := 09OE-1QkNVgmpoRj53mtX9gxoEmY
MOX_CHECKSUM_arm_v0.0.15_go1.26.4 := 038X9nQx6hhai60Fk1BhcP3r6Mew
MOX_CHECKSUM := $(MOX_CHECKSUM_$(MOX_PLATFORM)_v$(MOX_VERSION)_go$(MOX_GO_VERSION))
MOX_URL_BASE := https://beta.gobuilds.org/github.com/mjl-/mox
MOX_URL := $(MOX_URL_BASE)@v$(MOX_VERSION)/linux-$(MOX_PLATFORM)-go$(MOX_GO_VERSION)/$(MOX_CHECKSUM)
/usr/local/bin/mox:
wget -O- $(MOX_URL) | gzip -d > mox
chmod +x mox
sudo mv mox /usr/local/bin/mox
~/mox/config/%: config/%
mkdir -p $(dir $@) && cp $< $@
~/mox/data:
mkdir -p $@
-1
View File
@@ -1 +0,0 @@
nameserver: 127.0.0.1
+28
View File
@@ -0,0 +1,28 @@
.PHONY: install_nginx
install_nginx: $(NGINX_CONFIG_BACKUP) $(NGINX_CONFIG)
.PHONY: reinstall_nginx
reinstall_nginx: $(NGINX_CONFIG_BACKUP) $(NGINX_CONFIG)
.PHONY: uninstall_nginx
uninstall_nginx: uninstall_dyndns
ifeq ($(shell test -d $(NGINX_CONFIG_BACKUP) && echo 1 || echo 0),0)
$(warn No nginx backup config detected: doing nothing)
else
sudo mv $(NGINX_CONFIG_BACKUP) $(NGINX_CONFIG)
$(RESTART_NGINX)
endif
$(NGINX_CONFIG_BACKUP):
sudo mv $(NGINX_CONFIG) $(NGINX_CONFIG_BACKUP)
$(NGINX_CONFIG): $(NGINX_CONFIG_SRC) $(NGINX_CONFIG_BACKUP)
sudo cp $< $@
$(RESTART_NGINX)
/etc/nginx/http.d/%joeac.net.conf: nginx/http.d/%joeac.net.conf /etc/nginx/http.d $(NGINX_CONFIG)
sudo cp $< $@
$(RESTART_NGINX)
/etc/nginx/http.d:
sudo mkdir -p /etc/nginx/http.d
+27
View File
@@ -0,0 +1,27 @@
server {
server_name joeac.net;
location / {
proxy_pass http://127.0.0.1:8080;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/joeac.net-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/joeac.net-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = joeac.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name joeac.net;
return 404; # managed by Certbot
}
+26
View File
@@ -0,0 +1,26 @@
server {
server_name docs.joeac.net;
location / {
proxy_pass http://localhost:9001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/docs.joeac.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/docs.joeac.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = docs.joeac.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name docs.joeac.net;
listen 80;
return 404; # managed by Certbot
}
+25
View File
@@ -0,0 +1,25 @@
server {
server_name ln.joeac.net;
location / {
root /var/ln.joeac.net/public;
try_files $uri $uri.html $uri/index.html =404;
error_page 404 /index.html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ln.joeac.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ln.joeac.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ln.joeac.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ln.joeac.net;
listen 80;
return 404; # managed by Certbot
}
+23
View File
@@ -0,0 +1,23 @@
server {
server_name pwd.joeac.net;
location / {
proxy_pass http://localhost:9000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pwd.joeac.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pwd.joeac.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = pwd.joeac.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name pwd.joeac.net;
listen 80;
return 404; # managed by Certbot
}
-20
View File
@@ -1,20 +0,0 @@
server {
server_name ${DOMAIN};
location / {
proxy_pass http://${HOST}:${PORT};
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($$host = ${DOMAIN}) {
return 301 https://$$host$$request_uri;
}
server_name ${DOMAIN};
listen 80;
return 404;
}
-22
View File
@@ -1,22 +0,0 @@
server {
server_name ${DOMAIN};
location / {
root ${ROOT};
try_files $$uri $$uri.html $$uri/index.html =404;
error_page 404 /index.html;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${CERTNAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${CERTNAME}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($$host = ${DOMAIN}) {
return 301 https://$$host$$request_uri;
} # managed by Certbot
server_name ln.joeac.net;
listen 80;
return 404;
}
+54
View File
@@ -0,0 +1,54 @@
define install_openrc_module_rule =
.PHONY: install_openrc_$(module)
install_openrc_$(module): $(openrc_module_target) openrc_add_$(module) openrc_start_$(module)
~/.config/rc/init.d/joeac.net.$(module): ~/.config/rc/init.d/joeac.net ~/.config/rc/runlevels/default
ln -s $(shell realpath ~)/.config/rc/init.d/joeac.net ~/.config/rc/init.d/joeac.net.$(module)
endef
define reinstall_openrc_module_rule =
.PHONY: reinstall_openrc_$(module)
reinstall_openrc_$(module): $(if $(openrc_module_target),$(openrc_module_target) openrc_restart_$(module))
endef
define openrc_add_rule =
.PHONY: openrc_add_$(module)
openrc_add_$(module):
rc-update -U add joeac.net.$(module) default
endef
define openrc_start_rule =
.PHONY: openrc_start_$(module)
openrc_start_$(module):
rc-service -U joeac.net.$(module) start
endef
define openrc_restart_rule =
.PHONY: openrc_restart_$(module)
openrc_restart_$(module):
rc-service -U joeac.net.$(module) restart
endef
$(foreach module,$(MODULES),$(eval $(install_openrc_module_rule)))
$(foreach module,$(MODULES),$(eval $(reinstall_openrc_module_rule)))
$(foreach module,$(MODULES),$(eval $(openrc_add_rule)))
$(foreach module,$(MODULES),$(eval $(openrc_start_rule)))
$(foreach module,$(MODULES),$(eval $(openrc_restart_rule)))
~/.config/rc/init.d/joeac.net: openrc/init.d/joeac.net ~/.config/rc/init.d ~/.config/rc/runlevels/default /etc/init.d/user.$(shell whoami) /etc/conf.d/user.$(shell whoami)
rm -f ~/.config/rc/init.d/joeac.net; \
mkdir -p ~/.config/rc/init.d; \
cp openrc/init.d/joeac.net ~/.config/rc/init.d/joeac.net
~/.config/rc/init.d:
mkdir -p ~/.config/rc/init.d
~/.config/rc/runlevels/default:
mkdir -p ~/.config/rc/runlevels/default
/etc/init.d/user.$(shell whoami):
sudo ln -s /etc/init.d/user /etc/init.d/user.$(shell whoami)
/etc/conf.d/user.$(shell whoami): openrc/conf.d/user.$(shell whoami)
sudo cp openrc/conf.d/user.$(shell whoami) /etc/conf.d/user.$(shell whoami)
sudo rc-update add user.$(shell whoami) default
+3
View File
@@ -0,0 +1,3 @@
*
!.gitignore
!user.example
+3
View File
@@ -0,0 +1,3 @@
# copy this file to user.<USER> for the user you want to be running joeac.net via OpenRC
# add in here any user setup, bearing in mind that OpenRC doesn't use your usual login flow
# this may include setting up $HOME and/or $XDG_RUNTIME_DIR
-15
View File
@@ -1,15 +0,0 @@
UID="$$(id -u ${USER})"
if test -z "$${XDG_RUNTIME_DIR}"; then
export XDG_RUNTIME_DIR=/tmp/xdg/"$${UID}"-xdg-runtime-dir
if ! test -d "$${XDG_RUNTIME_DIR}"; then
mkdir -p "$${XDG_RUNTIME_DIR}"
chown -R ${USER}:${USER} "$${XDG_RUNTIME_DIR}"
chmod -R 0700 "$${XDG_RUNTIME_DIR}"
fi
fi
if ! test -f "$${XDG_RUNTIME_DIR}/openrc/softlevel"; then
mkdir -p "$${XDG_RUNTIME_DIR}/openrc"
touch "$${XDG_RUNTIME_DIR}/openrc/softlevel"
chown -R ${USER}:${USER} "$${XDG_RUNTIME_DIR}"
chmod -R 0700 "$${XDG_RUNTIME_DIR}"
fi
+65
View File
@@ -0,0 +1,65 @@
#!/sbin/openrc-run
# credits:
# https://gist.github.com/itzwam/2069e935385193207f7e5bea7156e21d
# https://github.com/0x17de/dockerservice-openrc
: ${MODULENAME:=${RC_SVCNAME##*.}}
: ${SRCDIR:=/usr/local/lib/joeac.net}
DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
[ -z "${MODULENAME}" ] && exit 1
: ${COMPOSEFILE:="${SRCDIR}/compose.yml"}
: ${MAKEFILE:="${SRCDIR}/Makefile"}
COMPOSECMD="/usr/bin/podman-compose"
export COMPOSE_HTTP_TIMEOUT=300
description="Manage dockerservices defined in ${COMPOSEFILE}"
extra_commands="configtest"
description_configtest="Check configuration via \"podman-compose -f ${COMPOSEFILE} config\""
configtest() {
if ! [ -f "${COMPOSEFILE}" ]; then
eerror "The docker-compose file ${COMPOSEFILE} does not exist!"
return 1
fi
if "${COMPOSECMD}" -f "${COMPOSEFILE}" config >&/dev/null; then
einfo "config: ok"
else
eerror "config: error"
return 1
fi
}
start() {
configtest || return 1
ebegin "Starting ${MODULENAME}"
"${COMPOSECMD}" -f "${COMPOSEFILE}" up -d ${DOCKER_COMPOSE_UP_ARGS} ${MODULENAME}
eend $?
}
stop() {
ebegin "Stopping ${MODULENAME}"
"${COMPOSECMD}" -f "${COMPOSEFILE}" down --timeout=5 ${MODULENAME}
eend $?
}
status() {
pods=0
started=0
while read pod; do
pod_service="$(podman inspect $pod | jq .[0].Config.Labels.[\"com.docker.compose.service\"])"
if ! [ "$pod_service" = "\"${MODULENAME}\"" ]; then
continue
fi
pods=$(($pods+1))
if podman top $pod &>/dev/null; then
einfo "status: [$pod] started"
exit 0
else
einfo "status: [$pod] stopped"
exit 3
fi
done < <("${COMPOSECMD}" -f "${COMPOSEFILE}" ps --quiet)
einfo "status: no container found for ${MODULENAME}"
exit 3
}
-65
View File
@@ -1,65 +0,0 @@
#!/sbin/openrc-run
# credits:
# https://gist.github.com/itzwam/2069e935385193207f7e5bea7156e21d
# https://github.com/0x17de/dockerservice-openrc
: $${HOME:=/home/joeac.net}
: $${MODULENAME:=$${RC_SVCNAME##*.}}
: $${SRCDIR:=$$HOME/joeac.net}
DOCKER_COMPOSE_UP_ARGS=$${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
[ -z "$${MODULENAME}" ] && exit 1
: $${COMPOSEFILE:="$${SRCDIR}/compose.yml"}
: $${MAKEFILE:="$${SRCDIR}/Makefile"}
export COMPOSE_HTTP_TIMEOUT=300
description="Manage dockerservices defined in $${COMPOSEFILE}"
extra_commands="configtest"
description_configtest="Check configuration via \"podman-compose -f $${COMPOSEFILE} config\""
configtest() {
if ! [ -f "$${COMPOSEFILE}" ]; then
eerror "The docker-compose file $${COMPOSEFILE} does not exist!"
return 1
fi
if ${COMPOSECMD} -f "$${COMPOSEFILE}" config >&/dev/null; then
einfo "config: ok"
else
eerror "config: error"
return 1
fi
}
start() {
configtest || return 1
ebegin "Starting $${MODULENAME}"
${COMPOSECMD} -f "$${COMPOSEFILE}" up -d $${DOCKER_COMPOSE_UP_ARGS} $${MODULENAME}
eend $$?
}
stop() {
ebegin "Stopping $${MODULENAME}"
${COMPOSECMD} -f "$${COMPOSEFILE}" down --timeout=5 $${MODULENAME}
eend $$?
}
status() {
pods=0
started=0
while read pod; do
pod_service="$$(podman inspect $$pod | jq .[0].Config.Labels.[\"com.docker.compose.service\"])"
if ! [ "$$pod_service" = "\"$${MODULENAME}\"" ]; then
continue
fi
pods=$$(($$pods+1))
if podman top $$pod &>/dev/null; then
einfo "status: [$$pod] started"
exit 0
else
einfo "status: [$$pod] stopped"
exit 3
fi
done < <(${COMPOSECMD} -f "$${COMPOSEFILE}" ps --quiet)
einfo "status: no container found for $${MODULENAME}"
exit 3
}
-11
View File
@@ -1,11 +0,0 @@
#!/bin/sh
if [ -z "${XDG_RUNTIME_DIR}" ]
then
export XDG_RUNTIME_DIR=/tmp/xdg/$(id -u joeac.net)-xdg-runtime-dir
fi
cd /home/joeac.net/joeac.net \
&& sudo -u joeac.net git pull \
&& sudo -u joeac.net make \
&& sudo -u joeac.net make reinstall
-13
View File
@@ -1,13 +0,0 @@
.PHONY: install
install: $(VAULTWARDEN_DATA_DIR)
.PHONY: reinstall
reinstall: $(VAULTWARDEN_DATA_DIR)
$(VAULTWARDEN_DATA_DIR):
sudo mkdir -p $(VAULTWARDEN_DATA_DIR)
VAULTWARDEN_USER=$(whoami) && sudo chown $$VAULTWARDEN_USER:$$VAULTWARDEN_USER $(VAULTWARDEN_DATA_DIR)
.PHONY: uninstall
uninstall:
$(info Nothing to do)