From a6555e95e2290a99ff75e3d7da98356032bbc7ec Mon Sep 17 00:00:00 2001 From: Paul Walko Date: Mon, 16 Dec 2024 20:33:10 -0500 Subject: [PATCH] dec updates --- lech/docker/Dockerfile.caddy | 1 + lech/docker/caddy.sh | 3 + lech/docker/cavereveryhour.sh | 28 --------- lech/docker/immich.sh | 11 +++- lech/docker/mesh.sh | 106 +++++++++++++++++----------------- lech/docker/meshmap.sh | 5 ++ lech/docker/netdata.sh | 36 ++++++++++++ lech/docker/pretix.sh | 4 +- lech/docker/scrutiny.sh | 36 ++++++++++++ lech/docker/seafile.sh | 22 ++++++- 10 files changed, 164 insertions(+), 88 deletions(-) delete mode 100755 lech/docker/cavereveryhour.sh create mode 100755 lech/docker/netdata.sh create mode 100755 lech/docker/scrutiny.sh diff --git a/lech/docker/Dockerfile.caddy b/lech/docker/Dockerfile.caddy index c2f7bb9..be3489d 100644 --- a/lech/docker/Dockerfile.caddy +++ b/lech/docker/Dockerfile.caddy @@ -1,6 +1,7 @@ FROM caddy:2.7.5-builder AS builder RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare \ --with github.com/caddy-dns/porkbun \ --with github.com/caddyserver/replace-response diff --git a/lech/docker/caddy.sh b/lech/docker/caddy.sh index e108ad7..909c6dc 100755 --- a/lech/docker/caddy.sh +++ b/lech/docker/caddy.sh @@ -32,6 +32,9 @@ up () { --volume /mammoth/caddy/logs:/logs:rw \ --publish 443:443 \ --publish 443:443/udp \ + --publish 6233:6233 \ + --publish [$(tailscale ip -4)]:8443:8443 \ + --publish [$(tailscale ip -4)]:8443:8443/udp \ --publish [$(tailscale ip -6)]:8443:8443 \ --publish [$(tailscale ip -6)]:8443:8443/udp \ --network pew-net \ diff --git a/lech/docker/cavereveryhour.sh b/lech/docker/cavereveryhour.sh deleted file mode 100755 index f8e583c..0000000 --- a/lech/docker/cavereveryhour.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -e - -up () { - docker run \ - --detach \ - --name cavereveryhour \ - --restart unless-stopped \ - --workdir /home/node/app \ - --env NODE_ENV=production \ - --env TZ='America/New_York' \ - --volume $PWD/CaverEveryHour:/home/node/app:rw \ - --volume $PWD/cavereveryhour.env:/home/node/app/.env:ro \ - --volume /mammoth/tmp/EveryHourBot/CaverEveryHour:/home/node/app/media:ro \ - docker.io/node:16 /bin/bash -c "npm install && node index.js" -} - -down () { - docker stop cavereveryhour || true - docker rm cavereveryhour || true -} - -logs () { - docker logs --follow cavereveryhour -} - -$@ diff --git a/lech/docker/immich.sh b/lech/docker/immich.sh index d12cf41..3c3184c 100755 --- a/lech/docker/immich.sh +++ b/lech/docker/immich.sh @@ -2,6 +2,11 @@ set -e +. $HOME/scripts-private/lech/immich.env +VERSION=$(curl --silent https://api.github.com/repos/immich-app/immich/releases | grep "\"tag_name\": \"$MINOR_VERSION" | head -n 1 | sed -E 's/.*"([^"]+)".*/\1/') +echo +echo "VERSION: $VERSION" + up () { # Exposed on port 3001 in pew-net docker run \ @@ -18,7 +23,7 @@ up () { --volume /mammoth/photos:/external_library/photos:ro \ --volume /etc/localtime:/etc/localtime:ro \ --network pew-net \ - ghcr.io/immich-app/immich-server:v1.120.2 + ghcr.io/immich-app/immich-server:$VERSION docker run \ --detach \ @@ -32,7 +37,7 @@ up () { --env REDIS_HOSTNAME=immich-redis \ --volume /mammoth/immich/cache:/cache:rw \ --network pew-net \ - ghcr.io/immich-app/immich-machine-learning:v1.120.2 + ghcr.io/immich-app/immich-machine-learning:$VERSION docker run \ --detach \ @@ -51,7 +56,7 @@ up () { --env POSTGRES_INITDB_ARGS=--data-checksums \ --volume /mammoth/immich/postgres:/var/lib/postgresql/data:rw \ --network pew-net \ - docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 \ + docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 \ postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on } diff --git a/lech/docker/mesh.sh b/lech/docker/mesh.sh index b7f0659..244368b 100755 --- a/lech/docker/mesh.sh +++ b/lech/docker/mesh.sh @@ -4,38 +4,38 @@ set -e sudo sysctl -w vm.max_map_count=262144 up () { -# docker run \ -# --detach \ -# --name mesh-mq \ -# --volume /mammoth/mesh/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro \ -# --volume /mammoth/mesh/mosquitto/passwd:/mosquitto/config/passwd:ro \ -# --publish 1883:1883 \ -# eclipse-mosquitto:2 -# -# docker run \ -# --detach \ -# --name mesh-es \ -# --env discovery.type=single-node \ -# --env http.host=0.0.0.0 \ -# --env xpack.security.enabled=false \ -# --volume /mammoth/mesh/elasticsearch/data:/usr/share/elasticsearch/data:rw \ -# --network pew-net \ -# docker.elastic.co/elasticsearch/elasticsearch:8.15.2 -# -# docker run \ -# --detach \ -# --name mesh-kb \ -# --env SERVER_PUBLICBASEURL=https://kibana.caving.dev:8443 \ -# --env ELASTICSEARCH_HOST='["http://mesh-es:9200"]' \ -# --volume /mammoth/mesh/kibana/data:/usr/share/kibana/data:rw \ -# --network pew-net \ -# docker.elastic.co/kibana/kibana:8.15.2 -# -# docker run \ -# --detach \ -# --name mesh-mc \ -# --network pew-net \ -# memcached:1.6 + docker run \ + --detach \ + --name mesh-mq \ + --volume /mammoth/mesh/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro \ + --volume /mammoth/mesh/mosquitto/passwd:/mosquitto/config/passwd:ro \ + --publish 1883:1883 \ + eclipse-mosquitto:2 + + docker run \ + --detach \ + --name mesh-es \ + --env discovery.type=single-node \ + --env http.host=0.0.0.0 \ + --env xpack.security.enabled=false \ + --volume /mammoth/mesh/elasticsearch/data:/usr/share/elasticsearch/data:rw \ + --network pew-net \ + docker.elastic.co/elasticsearch/elasticsearch:8.15.2 + + docker run \ + --detach \ + --name mesh-kb \ + --env SERVER_PUBLICBASEURL=https://kibana.caving.dev:8443 \ + --env ELASTICSEARCH_HOST='["http://mesh-es:9200"]' \ + --volume /mammoth/mesh/kibana/data:/usr/share/kibana/data:rw \ + --network pew-net \ + docker.elastic.co/kibana/kibana:8.15.2 + + docker run \ + --detach \ + --name mesh-mc \ + --network pew-net \ + memcached:1.6 docker run \ --detach \ @@ -43,34 +43,34 @@ up () { --volume /mammoth/mesh/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro \ --network pew-net \ docker.elastic.co/beats/filebeat:8.15.2 -# -# docker run \ -# --detach \ -# --name mesh-lg \ -# --volume /mammoth/mesh/logstash/pipeline:/usr/share/logstash/pipeline:ro \ -# --network pew-net \ -# docker.elastic.co/logstash/logstash-oss:8.15.2 -# -# docker run \ -# --detach \ -# --name mesh-gf \ -# --user 1000 \ -# --env GF_DOMAIN=mesh.caving.dev \ -# --env GF_SERVER_ROOT_URL=https://mesh.caving.dev \ -# --volume /mammoth/mesh/grafana/grafana:/var/lib/grafana:rw \ -# --network pew-net \ -# grafana/grafana-oss:11.2.1 + + docker run \ + --detach \ + --name mesh-lg \ + --volume /mammoth/mesh/logstash/pipeline:/usr/share/logstash/pipeline:ro \ + --network pew-net \ + docker.elastic.co/logstash/logstash-oss:8.15.2 + + docker run \ + --detach \ + --name mesh-gf \ + --user 1000 \ + --env GF_DOMAIN=mesh.caving.dev \ + --env GF_SERVER_ROOT_URL=https://mesh.caving.dev \ + --volume /mammoth/mesh/grafana/grafana:/var/lib/grafana:rw \ + --network pew-net \ + grafana/grafana-oss:11.2.1 } down () { -# docker stop mesh-mq || true -# docker rm mesh-mq || true + docker stop mesh-mq || true + docker rm mesh-mq || true docker stop mesh-es || true docker rm mesh-es || true docker stop mesh-kb || true docker rm mesh-kb || true -# docker stop mesh-mc || true -# docker rm mesh-mc || true + docker stop mesh-mc || true + docker rm mesh-mc || true docker stop mesh-fb || true docker rm mesh-fb || true docker stop mesh-lg || true diff --git a/lech/docker/meshmap.sh b/lech/docker/meshmap.sh index 20a1ae4..c359550 100755 --- a/lech/docker/meshmap.sh +++ b/lech/docker/meshmap.sh @@ -10,6 +10,7 @@ up () { docker run \ --detach \ --name meshmap-db \ + --restart unless-stopped \ --env MARIADB_DATABASE=meshtastic-map_db \ --env MARIADB_ROOT_PASSWORD=meshtastic-map_pw \ --volume /mammoth/meshmap/db/mariadb:/bitnami/mariadb:rw \ @@ -23,6 +24,8 @@ up () { --detach \ --name meshmap-mqtt \ --env-file $HOME/scripts-private/lech/meshmap.env \ + --restart unless-stopped \ + --label com.centurylinklabs.watchtower.enable=false \ --env DATABASE_URL="mysql://root:meshtastic-map_pw@meshmap-db:3306/meshtastic-map_db?connection_limit=100" \ --network pew-net \ meshtastic-map:latest /app/docker/mqtt.sh @@ -31,6 +34,8 @@ up () { docker run \ --detach \ --name meshmap-map \ + --restart unless-stopped \ + --label com.centurylinklabs.watchtower.enable=false \ --env DATABASE_URL="mysql://root:meshtastic-map_pw@meshmap-db:3306/meshtastic-map_db?connection_limit=100" \ --network pew-net \ meshtastic-map:latest /app/docker/map.sh diff --git a/lech/docker/netdata.sh b/lech/docker/netdata.sh new file mode 100755 index 0000000..1dbbae7 --- /dev/null +++ b/lech/docker/netdata.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +up () { + docker run \ + --name netdata \ + --detach \ + --restart unless-stopped \ + --cap-add SYS_PTRACE \ + --cap-add SYS_ADMIN \ + --pid host \ + --security-opt apparmor=unconfined \ + --env-file $HOME/scripts-private/lech/netdata.env \ + --volume /mammoth/netdata/netdata/etc/netdata:/etc/netdata:rw \ + --volume /mammoth/netdata/netdata/var/lib/netdata:/var/lib/netdata:rw \ + --volume /mammoth/netdata/netdata/var/cache/netdata:/var/cache/netdata:rw \ + --volume /:/host/root:ro,rslave \ + --volume /etc/group:/host/etc/group:ro \ + --volume /etc/localtime:/etc/localtime:ro \ + --volume /etc/os-release:/host/etc/os-release:ro \ + --volume /etc/passwd:/host/etc/passwd:ro \ + --volume /proc:/host/proc:ro \ + --volume /sys:/host/sys:ro \ + --volume /var/log:/host/var/log:ro \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + --network host \ + netdata/netdata:stable +} + +down () { + docker stop netdata || true + docker rm netdata || true +} + +$@ diff --git a/lech/docker/pretix.sh b/lech/docker/pretix.sh index 649c460..b4ec712 100755 --- a/lech/docker/pretix.sh +++ b/lech/docker/pretix.sh @@ -37,12 +37,12 @@ up () { } down () { - docker stop pretix || true - docker rm pretix || true docker stop pretix-db || true docker rm pretix-db || true docker stop pretix-redis || true docker rm pretix-redis || true + docker stop pretix || true + docker rm pretix || true } diff --git a/lech/docker/scrutiny.sh b/lech/docker/scrutiny.sh new file mode 100755 index 0000000..dbeb225 --- /dev/null +++ b/lech/docker/scrutiny.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +up () { + docker network create pew-net || true + + # 8080 -> webapp + # 8086 -> influxdb admin + docker run \ + --detach \ + --name scrutiny \ + --restart unless-stopped \ + --cap-add SYS_RAWIO \ + --device=/dev/sda \ + --device=/dev/sdb \ + --device=/dev/sdc \ + --device=/dev/sdd \ + --device=/dev/sde \ + --device=/dev/sdf \ + --device=/dev/sdg \ + --device=/dev/sdh \ + --device=/dev/sdi \ + --volume /run/udev:/run/udev:ro \ + --volume /mammoth/scrutiny/scrutiny/config:/opt/scrutiny/config:rw \ + --volume /mammoth/scrutiny/influxdb:/opt/scrutiny/influxdb:rw \ + --network pew-net \ + ghcr.io/analogj/scrutiny:master-omnibus +} + +down () { + docker stop scrutiny || true + docker rm scrutiny || true +} + +$@ diff --git a/lech/docker/seafile.sh b/lech/docker/seafile.sh index d2bb21c..f1ed810 100755 --- a/lech/docker/seafile.sh +++ b/lech/docker/seafile.sh @@ -24,6 +24,22 @@ up () { echo 'Waiting 5 seconds for mariadb to start up...' sleep 5 + docker run \ + --name seafile-oodc \ + --detach \ + --restart unless-stopped \ + --env DB_TYPE=mariadb \ + --env DB_HOST=seafile-db \ + --env DB_USER=root \ + --env DB_PWD=seafile_pw \ + --env JWT_ENABLED=true \ + --env JWT_SECRET=notasecret \ + --volume /mammoth/seafile/oodc/var/lib/openoffice:/var/lib/onlyoffice:rw \ + --volume /mammoth/seafile/oodc/var/log/openoffice:/var/log/onlyoffice:rw \ + --volume /mammoth/seafile/oodc/var/www/onlyoffice/Data:/var/www/onlyoffice/Data:rw \ + --network pew-net \ + onlyoffice/documentserver:8.1.0.1 + # Exposed on port 80 in pew-net docker run \ --detach \ @@ -41,12 +57,14 @@ up () { } down () { - docker stop seafile || true - docker rm seafile || true docker stop seafile-db || true docker rm seafile-db || true docker stop seafile-mc || true docker rm seafile-mc || true + docker stop seafile-oodc || true + docker rm seafile-oodc || true + docker stop seafile || true + docker rm seafile || true }