From f8767f269f75db20f496c68c53b651d611469f4d Mon Sep 17 00:00:00 2001 From: Paul Walko Date: Sat, 26 Dec 2020 23:16:52 -0500 Subject: [PATCH] k8s -> podman --- fogcutter/k8s/airsonic.yml | 79 ------- fogcutter/k8s/dnsutils.yml | 17 -- fogcutter/k8s/gitea.yml | 98 --------- fogcutter/k8s/haproxy-tcp.yml | 11 - fogcutter/k8s/haproxy.cfg | 51 ----- fogcutter/k8s/haproxy.yml | 33 --- fogcutter/k8s/ingress.yml | 71 ------- fogcutter/k8s/minecraft.yml | 55 ----- fogcutter/k8s/nextcloud.yml | 199 ------------------ fogcutter/k8s/nginx.yml | 134 ------------ fogcutter/k8s/plex.yml | 73 ------- fogcutter/podman/airsonic.sh | 38 ++++ fogcutter/podman/gitea.sh | 44 ++++ fogcutter/podman/minecraft.sh | 33 +++ .../podman/nextcloud/nextcloud-cron.service | 9 + .../podman/nextcloud/nextcloud-cron.timer | 9 + fogcutter/podman/nextcloud/nextcloud.sh | 90 ++++++++ fogcutter/podman/nginx.sh | 44 ++++ fogcutter/podman/plex.sh | 38 ++++ 19 files changed, 305 insertions(+), 821 deletions(-) delete mode 100644 fogcutter/k8s/airsonic.yml delete mode 100644 fogcutter/k8s/dnsutils.yml delete mode 100644 fogcutter/k8s/gitea.yml delete mode 100644 fogcutter/k8s/haproxy-tcp.yml delete mode 100644 fogcutter/k8s/haproxy.cfg delete mode 100644 fogcutter/k8s/haproxy.yml delete mode 100644 fogcutter/k8s/ingress.yml delete mode 100644 fogcutter/k8s/minecraft.yml delete mode 100644 fogcutter/k8s/nextcloud.yml delete mode 100644 fogcutter/k8s/nginx.yml delete mode 100644 fogcutter/k8s/plex.yml create mode 100755 fogcutter/podman/airsonic.sh create mode 100755 fogcutter/podman/gitea.sh create mode 100755 fogcutter/podman/minecraft.sh create mode 100644 fogcutter/podman/nextcloud/nextcloud-cron.service create mode 100644 fogcutter/podman/nextcloud/nextcloud-cron.timer create mode 100755 fogcutter/podman/nextcloud/nextcloud.sh create mode 100755 fogcutter/podman/nginx.sh create mode 100755 fogcutter/podman/plex.sh diff --git a/fogcutter/k8s/airsonic.yml b/fogcutter/k8s/airsonic.yml deleted file mode 100644 index ae30e85..0000000 --- a/fogcutter/k8s/airsonic.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: airsonic - name: airsonic - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: airsonic - template: - metadata: - labels: - run: airsonic - spec: - containers: - - name: airsonic - image: linuxserver/airsonic:v10.6.2-ls83 - env: - - name: PUID - value: "1000" - - name: PGID - value: "1000" - - name: TZ - value: "US/Eastern" - volumeMounts: - - mountPath: /config - name: airsonic-config - readOnly: false - - mountPath: /media/music - name: bigdata-music - readOnly: true - - mountPath: /media/playlists - name: bigdata-playlists - readOnly: true - - mountPath: /media/podcasts - name: bigdata-podcasts - readOnly: true - - mountPath: /media/media-vtluug - name: vtluug-media - readOnly: true - ports: - - name: http - containerPort: 4040 - volumes: - - name: airsonic-config - hostPath: - path: /bigdata/k8s-config/airsonic/config - - name: bigdata-music - hostPath: - path: /bigdata/media/music - - name: bigdata-playlists - hostPath: - path: /bigdata/media/playlists - - name: bigdata-podcasts - hostPath: - path: /bigdata/media/podcasts - - name: vtluug-media - hostPath: - path: /media-vtluug - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: airsonic - name: airsonic - namespace: pew -spec: - selector: - run: airsonic - ports: - - name: http - port: 4040 - protocol: TCP diff --git a/fogcutter/k8s/dnsutils.yml b/fogcutter/k8s/dnsutils.yml deleted file mode 100644 index 6eb5625..0000000 --- a/fogcutter/k8s/dnsutils.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Used to test DNS, example: -# k exec -i -t dnsutils -- nslookup dns-host.default - -apiVersion: v1 -kind: Pod -metadata: - name: dnsutils - namespace: default -spec: - containers: - - name: dnsutils - image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3 - command: - - sleep - - "3600" - imagePullPolicy: IfNotPresent - restartPolicy: Always diff --git a/fogcutter/k8s/gitea.yml b/fogcutter/k8s/gitea.yml deleted file mode 100644 index a551b5a..0000000 --- a/fogcutter/k8s/gitea.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: gitea - name: gitea - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: gitea - template: - metadata: - labels: - run: gitea - spec: - containers: - - name: gitea - image: gitea/gitea:1.12.5 - # after initial install options must be changed at /data/gitea/conf/app.ini - env: - - name: RUN_MODE - value: "prod" - - name: DOMAIN - value: "git.seaturtle.pw" - - name: SSH_DOMAIN - value: "git.seaturtle.pw" - - name: SSH_PORT - value: "37122" - - name: ROOT_URL - value: "https://git.seaturtle.pw/" - - name: LFS_START - value: "true" - - name: DISABLE_REGISTRATION - value: "true" - - name: REQUIRE_SIGNIN_VIEW - value: "false" - - name: USER_UID - value: "1000" - - name: USER_GUID - value: "1000" - volumeMounts: - - mountPath: /data - name: gitea-data - readOnly: false - - mountPath: /etc/timezone - subPath: timezone - name: gitea-config - readOnly: true - - mountPath: /etc/localtime - name: gitea-localtime - readOnly: true - ports: - - name: http - containerPort: 3000 - - name: ssh - containerPort: 37122 - volumes: - - name: gitea-data - hostPath: - path: /bigdata/k8s-config/gitea/data - - name: gitea-config - configMap: - name: gitea-config - - name: gitea-localtime - hostPath: - path: /usr/share/zoneinfo/America/New_York - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: gitea - name: gitea - namespace: pew -spec: - selector: - run: gitea - ports: - - name: http - port: 3000 - protocol: TCP - - name: ssh - port: 37122 - protocol: TCP - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-config - namespace: pew -data: - timezone: | - America/New_York diff --git a/fogcutter/k8s/haproxy-tcp.yml b/fogcutter/k8s/haproxy-tcp.yml deleted file mode 100644 index e418939..0000000 --- a/fogcutter/k8s/haproxy-tcp.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tcpservices - namespace: haproxy -data: - 37122: - pew/gitea:37122 - 25565: - pew/minecraft:25565 diff --git a/fogcutter/k8s/haproxy.cfg b/fogcutter/k8s/haproxy.cfg deleted file mode 100644 index c35b6ed..0000000 --- a/fogcutter/k8s/haproxy.cfg +++ /dev/null @@ -1,51 +0,0 @@ -## For haproxy 2.2 COPY TO /etc/haproxy/haproxy.cfg -## Do https://unix.stackexchange.com/a/538901 to fix network-online.target on debian w/ /etc/intefaces -## certbot setup: -## - https://certbot.eff.org/lets-encrypt/debianbuster-haproxy -## - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{fullchain,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab -## - (Default systemd timer does not have option to stop haproxy before running) -## Ensure microk8s only exposes nodeport on 127.0.0.1: -## - Edit /var/snap/microk8s/current/args/kube-proxy, adding "--nodeport-addresses=127.0.0.1/8" - - -defaults - log global - mode tcp - option dontlognull - retries 3 - maxconn 4000 - timeout connect 5000 - timeout client 50000 - timeout server 50000 - -frontend http-in - mode http - bind :::80 - redirect scheme https - -frontend https-in - mode http - option forwardfor - bind :::443 ssl crt /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem ssl-min-ver TLSv1.2 - acl server1 hdr(host) -i airsonic.seaturtle.pw - acl server1 hdr(host) -i git.seaturtle.pw - acl server1 hdr(host) -i nc.seaturtle.pw - acl server1 hdr(host) -i paul.walko.org - acl server1 hdr(host) -i plex.seaturtle.pw - acl server1 hdr(host) -i seaturtle.pw - use_backend server1 if server1 - -backend server1 - mode http - option forwardfor - server server1 127.0.0.1:30080 - -listen proxy37122 - mode tcp - bind :::37122 - server ipv4server30122 127.0.0.1:30122 - -listen proxy25565 - mode tcp - bind :::25565 - server ipv4server30565 127.0.0.1:30565 diff --git a/fogcutter/k8s/haproxy.yml b/fogcutter/k8s/haproxy.yml deleted file mode 100644 index e617866..0000000 --- a/fogcutter/k8s/haproxy.yml +++ /dev/null @@ -1,33 +0,0 @@ -# k create namespace haproxy -# Create tcp services configmap: -# k apply -f haproxy-tcp.yml -# helm repo add haproxytech https://haproxytech.github.io/helm-charts && helm repo update -# helm install haproxy haproxytech/kubernetes-ingress --namespace haproxy -f haproxy.yml -controller: - replicaCount: 2 - extraArgs: - - --configmap-tcp-services=haproxy/tcpservices - config: - path-rewrite: /s/(.*)/p /s/\1/preview - service: - type: NodePort - nodePorts: - http: 30080 - enablePorts: - http: true - https: false - stat: true - ssh: true - minecraft: true - tcpPorts: - - name: ssh - port: 37122 - targetPort: 37122 - nodePort: 30122 - - name: minecraft - port: 25565 - targetPort: 25565 - nodePort: 30565 - -defaultBackend: - replicaCount: 2 diff --git a/fogcutter/k8s/ingress.yml b/fogcutter/k8s/ingress.yml deleted file mode 100644 index 1484643..0000000 --- a/fogcutter/k8s/ingress.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - # redirection is handled at upper haproxy layer - ingress.kubernetes.io/ssl-redirect: "false" - name: haproxy-ingress - namespace: pew -spec: - rules: - - host: seaturtle.pw - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: nginx - port: - number: 80 - - host: paul.walko.org - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: nginx - port: - number: 80 - - host: airsonic.seaturtle.pw - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: airsonic - port: - number: 4040 - - host: git.seaturtle.pw - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: gitea - port: - number: 3000 - - host: nc.seaturtle.pw - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: nextcloud - port: - number: 80 - - host: plex.seaturtle.pw - http: - paths: - - path: / - pathType: "Exact" - backend: - service: - name: plex - port: - number: 32400 diff --git a/fogcutter/k8s/minecraft.yml b/fogcutter/k8s/minecraft.yml deleted file mode 100644 index 6cc4bbe..0000000 --- a/fogcutter/k8s/minecraft.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: minecraft - name: minecraft - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: minecraft - template: - metadata: - labels: - run: minecraft - spec: - containers: - - name: minecraft - image: itzg/minecraft-server:latest - env: - - name: EULA - value: "TRUE" - - name: MAX_MEMORY - value: "8G" - - name: VERSION - value: "1.15.2" - volumeMounts: - - mountPath: /data - name: minecraft-data - readOnly: false - ports: - - name: minecraft - containerPort: 25565 - volumes: - - name: minecraft-data - hostPath: - path: /bigdata/k8s-config/minecraft/data - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: minecraft - name: minecraft - namespace: pew -spec: - selector: - run: minecraft - ports: - - name: minecraft - port: 25565 - protocol: TCP diff --git a/fogcutter/k8s/nextcloud.yml b/fogcutter/k8s/nextcloud.yml deleted file mode 100644 index ef0b626..0000000 --- a/fogcutter/k8s/nextcloud.yml +++ /dev/null @@ -1,199 +0,0 @@ -# to scan new files: k exec --stdin --tty nextcloud-POD -npew -- /bin/bash -c "/var/www/html/occ files:scan --path='/USER/files'" - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: nextcloud - name: nextcloud - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: nextcloud - template: - metadata: - labels: - run: nextcloud - spec: - containers: - - name: nextcloud - image: nextcloud:20.0.1-apache - env: - - name: OVERWRITEHOST - value: "nc.seaturtle.pw" - - name: OVERWRITEPROTOCOL - value: "https" - - name: MYSQL_DATABASE - value: "nextcloud" - - name: MYSQL_USER - value: "nextcloud" - - name: MYSQL_PASSWORD - value: "nextcloud" - - name: MYSQL_HOST - value: "nextcloud-mariadb.pew" - - name: REDIS_HOST - value: "nextcloud-redis.pew" - - name: REDIS_HOST_PASSWORD - value: "nextcloud" - volumeMounts: - - mountPath: /var/www/html - name: nextcloud-data - readOnly: false - ports: - - name: http - containerPort: 80 - volumes: - - name: nextcloud-data - hostPath: - path: /bigdata/k8s-config/nextcloud/data - ---- -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: nextcloud-cron - namespace: pew -spec: - schedule: "*/10 * * * *" - successfulJobsHistoryLimit: 1 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: nextcloud-cron - image: nextcloud:20.0.1-apache - command: - - "php" - - "-f" - - "/var/www/html/cron.php" - volumeMounts: - - mountPath: /var/www/html - name: nextcloud-data - readOnly: false - volumes: - - name: nextcloud-data - hostPath: - path: /bigdata/k8s-config/nextcloud/data - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: nextcloud - name: nextcloud - namespace: pew -spec: - selector: - run: nextcloud - ports: - - name: http - port: 80 - protocol: TCP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: nextcloud-mariadb - name: nextcloud-mariadb - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: nextcloud-mariadb - template: - metadata: - labels: - run: nextcloud-mariadb - spec: - containers: - - name: mariadb - image: mariadb:10.5.6 - env: - - name: MYSQL_RANDOM_ROOT_PASSWORD - value: "notnullvalue" - - name: MYSQL_PASSWORD - value: "nextcloud" - - name: MYSQL_DATABASE - value: "nextcloud" - - name: MYSQL_USER - value: "nextcloud" - volumeMounts: - - mountPath: /var/lib/mysql - name: nextcloud-mariadb - readOnly: false - ports: - - name: mysql - containerPort: 3306 - volumes: - - name: nextcloud-mariadb - hostPath: - path: /bigdata/k8s-config/nextcloud/mariadb - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: nextcloud-mariadb - name: nextcloud-mariadb - namespace: pew -spec: - selector: - run: nextcloud-mariadb - ports: - - name: mysql - port: 3306 - protocol: TCP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: nextcloud-redis - name: nextcloud-redis - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: nextcloud-redis - template: - metadata: - labels: - run: nextcloud-redis - spec: - containers: - - name: redis - image: redis:6.0.9 - args: - - --requirepass - - nextcloud - ports: - - name: redis - containerPort: 6379 - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: nextcloud-redis - name: nextcloud-redis - namespace: pew -spec: - selector: - run: nextcloud-redis - ports: - - name: redis - port: 6379 - protocol: TCP diff --git a/fogcutter/k8s/nginx.yml b/fogcutter/k8s/nginx.yml deleted file mode 100644 index d61e8f5..0000000 --- a/fogcutter/k8s/nginx.yml +++ /dev/null @@ -1,134 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: nginx - name: nginx - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: nginx - template: - metadata: - labels: - run: nginx - spec: - containers: - - name: nginx - image: nginx:1.19.3 - volumeMounts: - - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - name: nginx-config - readOnly: true - - mountPath: /files - name: nginx-files - readOnly: true - ports: - - name: http - containerPort: 80 - volumes: - - name: nginx-config - configMap: - name: nginx-config - - name: nginx-files - hostPath: - path: /bigdata/files ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: nginx - name: nginx - namespace: pew -spec: - selector: - run: nginx - ports: - - name: http - port: 80 - protocol: TCP ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-config - namespace: pew -data: - nginx.conf: | - user nginx; - worker_processes 4; - pid /run/nginx.pid; - include /etc/nginx/modules/*.conf; - - events { - worker_connections 768; - # multi_accept on; - } - - http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - client_max_body_size 0; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - #access_log /config/log/nginx/access.log; - #error_log /config/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - #gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - server { - listen 80; - server_name _; - root /; - - location / { - proxy_pass http://paulwalko.github.io/; - } - - location /files { - autoindex on; - } - } - #include /etc/nginx/conf.d/*.conf; - #include /config/nginx/site-confs/default; - #include /config/nginx/site-confs/*.enabled; - } diff --git a/fogcutter/k8s/plex.yml b/fogcutter/k8s/plex.yml deleted file mode 100644 index d8f6cd0..0000000 --- a/fogcutter/k8s/plex.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - run: plex - name: plex - namespace: pew -spec: - replicas: 1 - selector: - matchLabels: - run: plex - template: - metadata: - labels: - run: plex - spec: - containers: - - name: plex - image: linuxserver/plex:1.20.3.3483-211702a9f-ls122 - env: - - name: PUID - value: "1000" - - name: PGID - value: "1000" - - name: VERSION - value: "docker" - volumeMounts: - - mountPath: /config - name: plex-config - readOnly: false - - mountPath: /media/movies - name: bigdata-movies - readOnly: true - - mountPath: /media/music - name: bigdata-music - readOnly: true - - mountPath: /media/media-vtluug - name: vtluug-media - readOnly: true - ports: - - name: http - containerPort: 32400 - volumes: - - name: plex-config - hostPath: - path: /bigdata/k8s-config/plex/config - - name: bigdata-movies - hostPath: - path: /bigdata/media/movies - - name: bigdata-music - hostPath: - path: /bigdata/media/music - - name: vtluug-media - hostPath: - path: /media-vtluug - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - run: plex - name: plex - namespace: pew -spec: - selector: - run: plex - ports: - - name: http - port: 32400 - protocol: TCP diff --git a/fogcutter/podman/airsonic.sh b/fogcutter/podman/airsonic.sh new file mode 100755 index 0000000..b94b761 --- /dev/null +++ b/fogcutter/podman/airsonic.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -e + +up () { + loginctl enable-linger paul + podman network create pew-net || true + + # Exposed on port 4040 in pew-net + podman create \ + --name airsonic \ + --env PUID=1000 \ + --env PGID=1000 \ + --env TZ=US/Eastern \ + --volume /bigdata/k8s-config/airsonic/config:/config:rw \ + --volume /bigdata/media/music:/media/music:ro \ + --volume /bigdata/media/playlists:/media/playlists:ro \ + --volume /bigdata/media/podcasts:/media/podcasts:ro \ + --network pew-net \ + linuxserver/airsonic:v10.6.2-ls83 + + podman generate systemd airsonic --restart-policy=always --name > ~/.config/systemd/user/airsonic.service + systemctl --user daemon-reload + systemctl restart --user airsonic || systemctl start --user airsonic + systemctl enable --user airsonic +} + +down () { + systemctl stop --user airsonic || true + systemctl disable --user airsonic || true + podman rm airsonic || true +} + +logs () { + podman logs --follow airsonic +} + +$@ diff --git a/fogcutter/podman/gitea.sh b/fogcutter/podman/gitea.sh new file mode 100755 index 0000000..0b4d589 --- /dev/null +++ b/fogcutter/podman/gitea.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +up () { + loginctl enable-linger paul + podman network create pew-net || true + + # Exposed on port 3000 in pew-net + podman create \ + --name gitea \ + --env RUN_MODE=prod \ + --env DOMAIN=git.seaturtle.pw \ + --env SSH_DOMAIN=git.seaturtle.pw \ + --env SSH_PORT=2222 \ + --env ROOT_URL=https://git.seaturtle.pw \ + --env LFS_START=true \ + --env DISABLE_REGISTRATION=true \ + --env REQUIRE_SIGNIN_VIEW=false \ + --env USER_UID=1000 \ + --volume /bigdata/k8s-config/gitea/data:/data:rw \ + --volume /etc/localtime:/etc/localtime:ro \ + --volume /etc/timezone:/etc/timezone:ro \ + --publish 127.0.0.1:2222:2222 \ + --network pew-net \ + gitea/gitea:1.12.5 + + podman generate systemd gitea --restart-policy=always --name > ~/.config/systemd/user/gitea.service + systemctl --user daemon-reload + systemctl restart --user gitea || systemctl start --user gitea + systemctl enable --user gitea +} + +down () { + systemctl stop --user gitea || true + systemctl disable --user gitea || true + podman rm gitea || true +} + +logs () { + podman logs --follow gitea +} + +$@ diff --git a/fogcutter/podman/minecraft.sh b/fogcutter/podman/minecraft.sh new file mode 100755 index 0000000..b0e39f3 --- /dev/null +++ b/fogcutter/podman/minecraft.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +set -e + +up () { + loginctl enable-linger paul + + podman create \ + --name minecraft \ + --env EULA=TRUE \ + --env MAX_MEMORY=8G \ + --env VERSION=1.15.2 \ + --volume /bigdata/k8s-config/minecraft/data:/data:rw \ + --publish 127.0.0.1:25565:25565 \ + itzg/minecraft-server:latest + + podman generate systemd minecraft --restart-policy=always --name > ~/.config/systemd/user/minecraft.service + systemctl --user daemon-reload + systemctl restart --user minecraft || systemctl start --user minecraft + systemctl enable --user minecraft +} + +down () { + systemctl stop --user minecraft || true + systemctl disable --user minecraft || true + podman rm minecraft || true +} + +logs () { + podman logs --follow minecraft +} + +$@ diff --git a/fogcutter/podman/nextcloud/nextcloud-cron.service b/fogcutter/podman/nextcloud/nextcloud-cron.service new file mode 100644 index 0000000..67e5fe0 --- /dev/null +++ b/fogcutter/podman/nextcloud/nextcloud-cron.service @@ -0,0 +1,9 @@ +[Unit] +Description=Nextcloud cron + +[Service] +Type=simple +ExecStart=/usr/bin/podman exec nextcloud /bin/bash -c "if ! command -v sudo &> /dev/null; then apt-get update && apt-get install -y sudo; fi; sudo -u www-data php -f /var/www/html/cron.php" + +[Install] +WantedBy=default.target diff --git a/fogcutter/podman/nextcloud/nextcloud-cron.timer b/fogcutter/podman/nextcloud/nextcloud-cron.timer new file mode 100644 index 0000000..fcdc6ff --- /dev/null +++ b/fogcutter/podman/nextcloud/nextcloud-cron.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Run nextcloud-cron service every 10 minutes and on boot + +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=timers.target diff --git a/fogcutter/podman/nextcloud/nextcloud.sh b/fogcutter/podman/nextcloud/nextcloud.sh new file mode 100755 index 0000000..66324c7 --- /dev/null +++ b/fogcutter/podman/nextcloud/nextcloud.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +set -e + +# to scan new files: k exec --stdin --tty nextcloud-POD -npew -- /bin/bash -c "/var/www/html/occ files:scan --path='/USER/files'" + +up () { + loginctl enable-linger paul + podman network create pew-net || true + + # Exposed on port 80 in pew-net + # Must edit config.php file after initial setup to change settings + podman create \ + --name nextcloud \ + --env OVERWRITEHOST=nc.seaturtle.pw \ + --env OVERWRITEPROTOCOL=https \ + --env MYSQL_DATABASE=nextcloud \ + --env MYSQL_USER=nextcloud \ + --env MYSQL_PASSWORD=nextcloud \ + --env MYSQL_HOST=nextcloud-mariadb \ + --env REDIS_HOST=nextcloud-redis \ + --env REDIS_HOST_PASSWORD=nextcloud \ + --volume /bigdata/k8s-config/nextcloud/data:/var/www/html:rw \ + --network pew-net \ + nextcloud:20.0.1-apache + + podman generate systemd nextcloud --restart-policy=always --name > ~/.config/systemd/user/nextcloud.service + systemctl --user daemon-reload + systemctl restart --user nextcloud || systemctl start --user nextcloud + systemctl enable --user nextcloud + + # Exposed on port 3306 in pew-net + podman create \ + --name nextcloud-mariadb \ + --env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \ + --env MYSQL_PASSWORD=nextcloud \ + --env MYSQL_DATABASE=nextcloud \ + --env MYSQL_USER=nextcloud \ + --volume /bigdata/k8s-config/nextcloud/mariadb:/var/lib/mysql:rw \ + --network pew-net \ + mariadb:10.5.6 + + podman generate systemd nextcloud-mariadb --restart-policy=always --name > ~/.config/systemd/user/nextcloud-mariadb.service + systemctl --user daemon-reload + systemctl restart --user nextcloud-mariadb || systemctl start --user nextcloud-mariadb + systemctl enable --user nextcloud-mariadb + + # Exposed on port 6379 in pew-net + podman create \ + --name nextcloud-redis \ + --network pew-net \ + redis:6.0.9 --requirepass nextcloud + + podman generate systemd nextcloud-redis --restart-policy=always --name > ~/.config/systemd/user/nextcloud-redis.service + systemctl --user daemon-reload + systemctl restart --user nextcloud-redis || systemctl start --user nextcloud-redis + systemctl enable --user nextcloud-redis + + cp nextcloud-cron.service nextcloud-cron.timer ~/.config/systemd/user/ + systemctl restart --user nextcloud-cron.timer || systemctl start --user nextcloud-cron.timer + systemctl enable --user nextcloud-cron.timer +} + +down () { + systemctl stop --user nextcloud || true + systemctl disable --user nextcloud || true + podman rm nextcloud || true + systemctl stop --user nextcloud-mariadb || true + systemctl disable --user nextcloud-mariadb || true + podman rm nextcloud-mariadb || true + systemctl stop --user nextcloud-redis || true + systemctl disable --user nextcloud-redis || true + podman rm nextcloud-redis || true + systemctl stop --user nextcloud-cron.timer || true + systemctl disable --user nextcloud-cron.timer || true +} + +logs () { + podman logs -f nextcloud +} + +logsm () { + podman logs -f nextcloud-mariadb +} + +logsr () { + podman logs -f nextcloud-redis +} + +$@ diff --git a/fogcutter/podman/nginx.sh b/fogcutter/podman/nginx.sh new file mode 100755 index 0000000..bb69eae --- /dev/null +++ b/fogcutter/podman/nginx.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +up () { + loginctl enable-linger paul + podman network create pew-net || true + + # main nginx container + podman create \ + --name nginx \ + --env PUID=1000 \ + --env GUID=1000 \ + --env TZ=US/Eastern \ + --env URL=seaturtle.pw \ + --env SUBDOMAINS=airsonic,git,nc,plex \ + --env VALIDATION=http \ + --env EMAIL=paulsw.pw@gmail.com \ + --volume /bigdata/k8s-config/nginx/config:/config:rw \ + --volume /bigdata/k8s-config/nginx/nginx.conf:/config/nginx/nginx.conf:ro \ + --volume /bigdata/k8s-config/nginx/ssl.conf:/config/nginx/ssl.conf:ro \ + --volume /bigdata/k8s-config/nginx/site-confs:/config/nginx/site-confs:ro \ + --publish 127.0.0.1:8080:80 \ + --publish 127.0.0.1:8443:443 \ + --network pew-net \ + linuxserver/swag:1.10.1-ls29 + + podman generate systemd nginx --restart-policy=always --name > ~/.config/systemd/user/nginx.service + systemctl --user daemon-reload + systemctl restart --user nginx || systemctl start --user nginx + systemctl enable --user nginx +} + +down () { + systemctl stop --user nginx || true + systemctl disable --user nginx || true + podman rm nginx || true +} + +logs () { + podman logs --follow nginx +} + +$@ diff --git a/fogcutter/podman/plex.sh b/fogcutter/podman/plex.sh new file mode 100755 index 0000000..e9158f9 --- /dev/null +++ b/fogcutter/podman/plex.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -e + +up () { + loginctl enable-linger paul + podman network create pew-net || true + + # Exposed on port 32400 in pew-net + podman create \ + --name plex \ + --env PUID=1000 \ + --env PGID=1000 \ + --env VERSION=docker \ + --volume /bigdata/k8s-config/plex/config:/config:rw \ + --volume /bigdata/media/movies:/media/movies:ro \ + --volume /bigdata/media/music:/media/music:ro \ + --volume /media-vtluug:/media/media-vtluug:ro \ + --network pew-net \ + linuxserver/plex:1.20.3.3483-211702a9f-ls122 + + podman generate systemd plex --restart-policy=always --name > ~/.config/systemd/user/plex.service + systemctl --user daemon-reload + systemctl restart --user plex || systemctl start --user plex + systemctl enable --user plex +} + +down () { + systemctl stop --user plex || true + systemctl disable --user plex || true + podman rm plex || true +} + +logs () { + podman logs --follow plex +} + +$@