feat: lech

lech/docker/.gitignore

@@ -0,0 +1,2 @@
+CaverEveryHour/
+*.env

lech/docker/Dockerfile.caddy

@@ -0,0 +1,8 @@
+FROM caddy:2.7.4-builder AS builder
+
+RUN xcaddy build \
+  --with github.com/caddyserver/replace-response
+
+FROM caddy:2.7.4
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

lech/docker/caddy.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  docker network create pew-net || true
+  
+  # main caddy container
+  docker build -t customcaddy:latest -f Dockerfile.caddy .
+
+  docker run \
+    --detach \
+    --name caddy \
+    --restart unless-stopped \
+    --privileged \
+    --volume /mammoth/files:/www/seaturtle.pw_files:ro \
+    --volume /mammoth/gis/bigcavemaps.com:/www/bigcavemaps.com:ro \
+    --volume /mammoth/gis/source:/gis/source:ro \
+    --volume /mammoth/k8s-config/caddy/Caddyfile:/etc/caddy/Caddyfile:ro \
+    --volume /mammoth/k8s-config/caddy/data:/data:rw \
+    --publish 80:80 \
+    --publish 443:443 \
+    --publish 443:443/udp \
+    --network pew-net \
+    customcaddy:latest
+}
+
+down () {
+  docker stop caddy || true
+  docker rm caddy || true
+}
+
+logs () {
+  docker logs --follow caddy
+}
+
+$@

lech/docker/cavereveryhour.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  docker run \
+    --detach \
+    --name cavereveryhour \
+    --restart unless-stopped \
+    --workdir /home/node/app \
+    --env NODE_ENV=production \
+    --env TZ='America/New_York' \
+    --volume $PWD/CaverEveryHour:/home/node/app:rw \
+    --volume $PWD/cavereveryhour.env:/home/node/app/.env:ro \
+    --volume /mammoth/tmp/EveryHourBot/CaverEveryHour:/home/node/app/media:ro \
+    docker.io/node:16 /bin/bash -c "npm install && node index.js"
+}
+
+down () {
+  docker stop cavereveryhour || true
+  docker rm cavereveryhour || true
+}
+
+logs () {
+  docker logs --follow cavereveryhour
+}
+
+$@

lech/docker/firefly.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+set -e
+
+# Don't forget cron!
+# https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
+
+up () {
+  # Exposed on port 8080 in pew-net
+  # env options: https://raw.githubusercontent.com/firefly-iii/firefly-iii/main/.env.example
+  # Create firefly.env with APP_KEY
+  docker run \
+    --detach \
+    --name firefly \
+    --restart unless-stopped \
+    --env-file firefly.env \
+    --env SITE_OWNER=paul@bigcavemaps.com \
+    --env TZ=US/Eastern \
+    --env TRUSTED_PROXIES=** \
+    --env DB_CONNECTION=mysql \
+    --env DB_HOST=firefly-mariadb \
+    --env DB_PORT=3306 \
+    --env DB_DATABASE=firefly \
+    --env DB_USERNAME=firefly \
+    --env DB_PASSWORD=firefly \
+    --env APP_URL=https://ff.seaturtle.pw \
+    --volume /mammoth/k8s-config/firefly/data:/var/www/html/storage/upload:rw \
+    --network pew-net \
+    docker.io/fireflyiii/core:latest
+
+  # Exposed on port 3306 in pew-net
+  docker run \
+    --detach \
+    --name firefly-mariadb \
+    --restart unless-stopped \
+    --label com.centurylinklabs.watchtower.enable=false \
+    --env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \
+    --env MYSQL_PASSWORD=firefly \
+    --env MYSQL_DATABASE=firefly \
+    --env MYSQL_USER=firefly \
+    --volume /mammoth/k8s-config/firefly/mariadb:/var/lib/mysql:rw \
+    --network pew-net \
+    docker.io/mariadb:10.5.6
+}
+
+down () {
+  docker stop firefly || true
+  docker rm firefly || true
+  docker stop firefly-mariadb || true
+  docker rm firefly-mariadb || true
+}
+
+logs () {
+  docker logs --follow firefly
+}
+
+logsm () {
+  docker logs --follow firefly-mariadb
+}
+
+
+$@

lech/docker/geoserver.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  # Exposed on port 8080 in pew-net  
+  docker run \
+    --detach \
+    --name geoserver \
+    --restart unless-stopped \
+    --volume /mammoth/gis/geoserver/config/geoserver-web.xml:/usr/local/geoserver/WEB-INF/web.xml:ro \
+    --volume /mammoth/gis/geoserver/extensions:/var/local/geoserver-exts:ro \
+    --volume /mammoth/gis/geoserver/data:/var/local/geoserver:rw \
+    --volume /mammoth/gis/store:/gis/store:ro \
+    --publish 8181:8080 \
+    --network pew-net \
+    docker.io/oscarfonts/geoserver:2.20.2
+    #--volume /mammoth/k8s-config/geoserver/config/tomcat-web.xml:/usr/local/tomcat/conf/web.xml:ro \
+
+  # Exposed on port 5432 in pew-net
+  docker run \
+    --detach \
+    --name geoserver-postgis \
+    --env POSTGRES_PASSWORD=postgres \
+    --restart unless-stopped \
+    --volume /mammoth/gis/geoserver/postgis:/var/lib/postgresql/data:rw \
+    --network pew-net \
+    docker.io/postgis/postgis:14-3.2-alpine
+}
+
+down () {
+  docker stop geoserver || true
+  docker rm geoserver || true
+  docker stop geoserver-postgis || true
+  docker rm geoserver-postgis || true
+}
+
+logs () {
+  docker logs --follow geoserver
+}
+
+logsp () {
+  docker logs --follow geoserver-postgis
+}
+
+$@

lech/docker/gitea.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  # Exposed on port 3000 in pew-net  
+  docker run \
+    --detach \
+    --name gitea \
+    --restart unless-stopped \
+    --env RUN_MODE=prod \
+    --env DOMAIN=git.seaturtle.pw \
+    --env SSH_DOMAIN=git.seaturtle.pw \
+    --env SSH_PORT=2222 \
+    --env ROOT_URL=https://git.seaturtle.pw \
+    --env LFS_START=true \
+    --env DISABLE_REGISTRATION=true \
+    --env REQUIRE_SIGNIN_VIEW=false \
+    --env USER_UID=1000 \
+    --volume /mammoth/k8s-config/gitea/data:/data:rw \
+    --volume /etc/localtime:/etc/localtime:ro \
+    --volume /etc/timezone:/etc/timezone:ro \
+    --publish 2222:2222 \
+    --network pew-net \
+    docker.io/gitea/gitea:1.20
+}
+
+down () {
+  docker stop gitea || true
+  docker rm gitea || true
+}
+
+logs () {
+  docker logs --follow gitea
+}
+
+$@

lech/docker/mapproxy.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  # Exposed on port 8080 in pew-net  
+  docker run \
+    --detach \
+    --name mapproxy \
+    --volume /mammoth/k8s-config/mapproxy/mapproxy.yaml:/mapproxy/mapproxy.yaml:ro \
+    --volume /mammoth/k8s-config/mapproxy/seed.yaml:/mapproxy/seed.yaml:ro \
+    --volume /mammoth/gis/mapproxy/cache_data:/mapproxy/cache_data:rw \
+    --network pew-net \
+    docker.io/kartoza/mapproxy:latest
+}
+
+down () {
+  docker stop mapproxy || true
+  docker rm mapproxy || true
+}
+
+logs () {
+  docker logs --follow mapproxy
+}
+
+$@

lech/docker/mastodon.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+set -e
+
+TRUSTED_PROXY_IP=172.25.0.0/16
+LOCAL_DOMAIN=social.bigcavemaps.com
+REDIS_HOST=mastodon-redis
+REDIS_PORT=6379
+DB_HOST=mastodon-pg
+DB_USER=mastodon
+DB_NAME=mastodon_production
+DB_PASS=mastodon
+DB_PORT=5432
+
+up () {
+  docker run \
+    --detach \
+    --name mastodon-web \
+    --restart unless-stopped \
+    --env-file mastodon.env \
+    --env TRUSTED_PROXY_IP=$TRUSTED_PROXY_IP \
+    --env LOCAL_DOMAIN=$LOCAL_DOMAIN \
+    --env REDIS_HOST=$REDIS_HOST \
+    --env REDIS_PORT=$PORT \
+    --env DB_HOST=$DB_HOST \
+    --env DB_USER=$DB_USER \
+    --env DB_NAME=$DB_NAME \
+    --env DB_PASS=$DB_PASS \
+    --env DB_PORT=$DB_PORT \
+    --volume /mammoth/k8s-config/mastodon/public/system:/mastodon/public/system:rw \
+    --network pew-net \
+    ghcr.io/mastodon/mastodon:v4.1 bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+
+  docker run \
+    --detach \
+    --name mastodon-streaming \
+    --restart unless-stopped \
+    --env-file mastodon.env \
+    --env TRUSTED_PROXY_IP=$TRUSTED_PROXY_IP \
+    --env LOCAL_DOMAIN=$LOCAL_DOMAIN \
+    --env REDIS_HOST=$REDIS_HOST \
+    --env REDIS_PORT=$PORT \
+    --env DB_HOST=$DB_HOST \
+    --env DB_USER=$DB_USER \
+    --env DB_NAME=$DB_NAME \
+    --env DB_PASS=$DB_PASS \
+    --env DB_PORT=$DB_PORT \
+    --network pew-net \
+    ghcr.io/mastodon/mastodon:v4.1 node ./streaming
+
+  docker run \
+    --detach \
+    --name mastodon-sidekiq \
+    --restart unless-stopped \
+    --env-file mastodon.env \
+    --env TRUSTED_PROXY_IP=$TRUSTED_PROXY_IP \
+    --env LOCAL_DOMAIN=$LOCAL_DOMAIN \
+    --env REDIS_HOST=$REDIS_HOST \
+    --env REDIS_PORT=$PORT \
+    --env DB_HOST=$DB_HOST \
+    --env DB_USER=$DB_USER \
+    --env DB_NAME=$DB_NAME \
+    --env DB_PASS=$DB_PASS \
+    --env DB_PORT=$DB_PORT \
+    --volume /mammoth/k8s-config/mastodon/public/system:/mastodon/public/system:rw \
+    --network pew-net \
+    ghcr.io/mastodon/mastodon:v4.1 bundle exec sidekiq
+
+  # may have to run db:migrate if things don't work right away
+  docker run \
+    --detach \
+    --name mastodon-pg \
+    --restart unless-stopped \
+    --env POSTGRES_HOST_AUTH_METHOD=trust \
+    --env POSTGRES_USER=$DB_USER \
+    --env POSTGRES_DB=$DB_NAME \
+    --env POSTGRES_PASSWORD=$DB_PASS \
+    --volume /mammoth/k8s-config/mastodon/postgres/data:/var/lib/postgresql/data:rw \
+    --network pew-net \
+    docker.io/postgres:14-alpine
+
+  docker run \
+    --detach \
+    --name mastodon-redis \
+    --restart unless-stopped \
+    --volume /mammoth/k8s-config/mastodon/redis/data:/data:rw \
+    --network pew-net \
+    docker.io/redis:7-alpine
+}
+
+down () {
+  docker stop mastodon-web || true
+  docker rm mastodon-web || true
+  docker stop mastodon-streaming || true
+  docker rm mastodon-streaming || true
+  docker stop mastodon-sidekiq || true
+  docker rm mastodon-sidekiq || true
+  docker stop mastodon-pg || true
+  docker rm mastodon-pg || true
+  docker stop mastodon-redis || true
+  docker rm mastodon-redis || true
+}
+
+logs () {
+  docker logs --follow mastodon
+}
+
+$@

lech/docker/minio.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  docker run \
+    --detach \
+    --name minio \
+    --restart unless-stopped \
+    --env-file minio.env \
+    --env MINIO_BROWSER_REDIRECT_URL=https://s3.bigcavemaps.com \
+    --env MINIO_ROOT_USER=admin \
+    --env MINIO_SERVER_URL=https://s3.bigcavemaps.com:9000 \
+    --volume /mammoth/minio:/data:rw \
+    --volume /mammoth/k8s-config/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/s3.bigcavemaps.com/s3.bigcavemaps.com.crt:/certs/public.crt:ro \
+    --volume /mammoth/k8s-config/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/s3.bigcavemaps.com/s3.bigcavemaps.com.key:/certs/private.key:ro \
+    --publish 9000:9000 \
+    --publish 9090:9090 \
+    quay.io/minio/minio:latest server /data --console-address ":9090" --certs-dir /certs
+}
+
+down () {
+  docker stop minio || true
+  docker rm minio || true
+}
+
+logs () {
+  docker logs --follow minio
+}
+
+$@

lech/docker/plex.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  # Exposed on port 32400 in pew-net
+  docker run \
+    --detach \
+    --name plex \
+    --restart unless-stopped \
+    --env PUID=1000 \
+    --env PGID=1000 \
+    --env VERSION=docker \
+    --env PLEX_CLAIM=claim-QCs9nSWJ23sex_75xQ_a \
+    --volume /mammoth/k8s-config/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/plex.seaturtle.pw:/certs:ro \
+    --volume /mammoth/plex/config:/config:rw \
+    --volume /mammoth/media/audiobooks:/media/audiobooks:ro \
+    --volume /mammoth/media/movies:/media/movies:ro \
+    --volume /mammoth/media/music:/media/music:ro \
+    --volume /mammoth/media/radio:/media/radio:ro \
+    --volume /mammoth/media/tv:/media/tv:ro \
+    --volume /media-vtluug:/media/media-vtluug:ro \
+    --volume /mammoth/tmp/plex/transcode:/transcode:rw \
+    --device=/dev/dri:/dev/dri:rw \
+    --network pew-net \
+    ghcr.io/linuxserver/plex:latest
+}
+
+down () {
+  docker stop plex || true
+  docker rm plex || true
+}
+
+logs () {
+  docker logs --follow plex
+}
+
+$@

lech/docker/watchtower.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  # Poll interval: 1800s (30 mins)
+  docker run \
+    --detach \
+    --name watchtower \
+    --volume /var/run/docker.sock:/var/run/docker.sock:rw \
+    ghcr.io/containrrr/watchtower:amd64-1.4.0 --interval 1800
+}
+
+down () {
+  docker stop watchtower || true
+  docker rm watchtower || true
+}
+
+logs () {
+  docker logs --follow watchtower
+}
+
+$@