mirror of
https://github.com/akpall/akpella.git
synced 2026-02-21 00:26:59 +00:00
config.yaml: replace docker with podman
This commit is contained in:
5
Makefile
5
Makefile
@@ -36,10 +36,7 @@ config.json: config.yaml .files-list $(FILES)
|
||||
--ignition-file $${TEMPDIR}/config.json \
|
||||
--keep-machine-id \
|
||||
--keep-paths '/etc/ssh/ssh_host_.*' \
|
||||
--keep-paths '/home/core/caddy/' \
|
||||
--keep-paths '/home/core/matrixdotorg-synapse/' \
|
||||
--keep-paths '/home/core/matrixdotorg-matrix-appservice-irc' \
|
||||
--keep-paths '/home/core/postgresql/secret' \
|
||||
--keep-paths '/opt/caddy/data' \
|
||||
--keep-paths '/var/log' && \
|
||||
ssh -o ControlPath=/tmp/ssh_mux_%h_%p_%r akpella \
|
||||
sudo systemctl reboot && \
|
||||
|
||||
71
config.yaml
71
config.yaml
@@ -10,66 +10,47 @@ passwd:
|
||||
|
||||
storage:
|
||||
directories:
|
||||
- path: /home/core/caddy/data
|
||||
- path: /home/core/caddy/etc/caddy
|
||||
- path: /home/core/caddy/var/www/html
|
||||
- path: /home/core/matrixdotorg-synapse/data
|
||||
- path: /home/core/matrixdotorg-matrix-appservice-irc/data
|
||||
- path: /home/core/postgresql
|
||||
- path: /opt/caddy/etc/caddy
|
||||
- path: /opt/caddy/data
|
||||
files:
|
||||
# /etc/hostname
|
||||
- path: /etc/hostname
|
||||
contents:
|
||||
inline: "akpella.fst.ee"
|
||||
# /etc/systemd/network/00-eth0.network
|
||||
- path: /etc/systemd/network/00-eth0.network
|
||||
contents:
|
||||
local: etc/systemd/network/00-eth0.network
|
||||
# /etc/hosts
|
||||
- path: /etc/hosts
|
||||
overwrite: true
|
||||
contents:
|
||||
local: etc/hosts
|
||||
# /home/core/caddy/etc/caddy/Caddyfile
|
||||
- path: /home/core/caddy/etc/caddy/Caddyfile
|
||||
overwrite: true
|
||||
# /etc/systemd/network/00-eth0.network
|
||||
- path: /etc/systemd/network/00-eth0.network
|
||||
contents:
|
||||
local: caddy/etc/caddy/Caddyfile
|
||||
# /home/core/caddy/var/www/html/index.html
|
||||
- path: /home/core/caddy/var/www/html/index.html
|
||||
overwrite: true
|
||||
local: etc/systemd/network/00-eth0.network
|
||||
# /etc/flatcar/enabled-sysext.conf
|
||||
- path: /etc/flatcar/enabled-sysext.conf
|
||||
contents:
|
||||
inline: |
|
||||
podman
|
||||
python
|
||||
# /etc/containers/policy.json
|
||||
- path: /etc/containers/policy.json
|
||||
contents:
|
||||
local: etc/containers/policy.json
|
||||
# /etc/containers/systemd/caddy.container
|
||||
- path: /etc/containers/systemd/caddy.container
|
||||
contents:
|
||||
local: etc/containers/systemd/caddy.container
|
||||
# /opt/caddy/etc/caddy/Caddyfile
|
||||
- path: /opt/caddy/etc/caddy/Caddyfile
|
||||
contents:
|
||||
local: caddy/Caddyfile
|
||||
# /opt/caddy/var/www/html/index.html
|
||||
- path: /opt/caddy/var/www/html/index.html
|
||||
contents:
|
||||
inline: |
|
||||
<h1>no</h1>
|
||||
|
||||
systemd:
|
||||
units:
|
||||
# docker-network-setup.service
|
||||
- name: docker-network-setup.service
|
||||
- name: caddy.service
|
||||
enabled: true
|
||||
contents_local: docker-network-setup.service
|
||||
# docker-matrixdotorg-synapse.service
|
||||
- name: docker-matrixdotorg-synapse.service
|
||||
enabled: true
|
||||
contents_local: docker-matrixdotorg-synapse.service
|
||||
# docker-caddy.service
|
||||
- name: docker-caddy.service
|
||||
enabled: true
|
||||
contents_local: docker-caddy.service
|
||||
# docker-matrixdotorg-matrix-appservice-irc.service
|
||||
- name: docker-matrixdotorg-matrix-appservice-irc.service
|
||||
enabled: false
|
||||
contents_local: docker-matrixdotorg-matrix-appservice-irc.service
|
||||
# generate-secrets.service
|
||||
- name: generate-secrets.service
|
||||
enabled: true
|
||||
contents_local: generate-secrets.service
|
||||
# docker-postgresql.service
|
||||
- name: docker-postgresql.service
|
||||
enabled: true
|
||||
contents_local: docker-postgresql.service
|
||||
# docker.service
|
||||
- name: docker.service
|
||||
dropins:
|
||||
- name: docker.conf
|
||||
contents_local: docker.conf
|
||||
|
||||
18
files/caddy/Caddyfile
Normal file
18
files/caddy/Caddyfile
Normal file
@@ -0,0 +1,18 @@
|
||||
{
|
||||
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email akpall+akpella@fst.ee
|
||||
}
|
||||
|
||||
fst.ee {
|
||||
root * /var/www/html
|
||||
file_server
|
||||
}
|
||||
|
||||
#fst.ee:8448 {
|
||||
# reverse_proxy /_matrix/* matrixdotorg-synapse:8008
|
||||
#}
|
||||
|
||||
#matrix.fst.ee {
|
||||
# reverse_proxy /_matrix/* matrixdotorg-synapse:8008
|
||||
# reverse_proxy /_synapse/client/* matrixdotorg-synapse:8008
|
||||
#}
|
||||
@@ -1,18 +0,0 @@
|
||||
{
|
||||
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email akpall+akpella@fst.ee
|
||||
}
|
||||
|
||||
fst.ee {
|
||||
root * /var/www/html
|
||||
file_server
|
||||
}
|
||||
|
||||
fst.ee:8448 {
|
||||
reverse_proxy /_matrix/* matrixdotorg-synapse:8008
|
||||
}
|
||||
|
||||
matrix.fst.ee {
|
||||
reverse_proxy /_matrix/* matrixdotorg-synapse:8008
|
||||
reverse_proxy /_synapse/client/* matrixdotorg-synapse:8008
|
||||
}
|
||||
8
files/etc/containers/policy.json
Normal file
8
files/etc/containers/policy.json
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"default": [{"type": "reject"}],
|
||||
"transports": {
|
||||
"docker": {
|
||||
"docker.io/library/caddy": [{"type": "insecureAcceptAnything"}]
|
||||
}
|
||||
}
|
||||
}
|
||||
13
files/etc/containers/systemd/caddy.container
Normal file
13
files/etc/containers/systemd/caddy.container
Normal file
@@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.
|
||||
|
||||
[Container]
|
||||
Image=docker.io/library/caddy:latest
|
||||
PublishPort=443:443
|
||||
PublishPort=80:80
|
||||
Volume=/opt/caddy/data:/data
|
||||
Volume=/opt/caddy/etc/caddy:/etc/caddy
|
||||
Volume=/opt/caddy/var/www/html:/var/www/html
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,2 +1,37 @@
|
||||
127.0.0.1 localhost akpella.fst.ee
|
||||
::1 localhost akpella.fst.ee
|
||||
# /etc/hosts: Local Host Database
|
||||
#
|
||||
# This file describes a number of aliases-to-address mappings for the for
|
||||
# local hosts that share this file.
|
||||
#
|
||||
# The format of lines in this file is:
|
||||
#
|
||||
# IP_ADDRESS canonical_hostname [aliases...]
|
||||
#
|
||||
#The fields can be separated by any number of spaces or tabs.
|
||||
#
|
||||
# In the presence of the domain name service or NIS, this file may not be
|
||||
# consulted at all; see /etc/host.conf for the resolution order.
|
||||
#
|
||||
|
||||
# IPv4 and IPv6 localhost aliases
|
||||
127.0.0.1 localhost akpella.fst.ee
|
||||
::1 localhost akpella.fst.ee
|
||||
|
||||
#
|
||||
# Imaginary network.
|
||||
#10.0.0.2 myname
|
||||
#10.0.0.3 myfriend
|
||||
#
|
||||
# According to RFC 1918, you can use the following IP networks for private
|
||||
# nets which will never be connected to the Internet:
|
||||
#
|
||||
# 10.0.0.0 - 10.255.255.255
|
||||
# 172.16.0.0 - 172.31.255.255
|
||||
# 192.168.0.0 - 192.168.255.255
|
||||
#
|
||||
# In case you want to be able to connect directly to the Internet (i.e. not
|
||||
# behind a NAT, ADSL router, etc...), you need real official assigned
|
||||
# numbers. Do not try to invent your own network numbers but instead get one
|
||||
# from your network provider (if any) or from your regional registry (ARIN,
|
||||
# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user