add firefly iii and matrix

ansible/files/fogcutter/sshtunnel.service

@@ -11,8 +11,8 @@ ExecStart=/usr/bin/ssh -Nn \
       -o ServerAliveCountMax=3 \
       -o ExitOnForwardFailure=yes \
       -i /home/paul/.ssh/id_rsa_fast \
-      -R 7000:127.0.0.1:80 \
-      -R 7001:127.0.0.1:443 \
+      -R 7000:127.0.0.1:8080 \
+      -R 7001:127.0.0.1:8443 \
       -R 7002:127.0.0.1:2222 \
       -R 7003:127.0.0.1:25565 \
       pew@polyvalent.seaturtle.pw

ansible/handlers.yml

@@ -7,9 +7,9 @@
 - name: Re-export exportfs
   command: exportfs -arv
 
-- name: Restart and enable smartmontools
+- name: Restart and enable smartd
   service:
-    name: smartmontools
+    name: smartd
     enabled: yes
     state: restarted
 

ansible/main.yml

@@ -129,7 +129,7 @@
         owner: root
         group: root
         mode: '0644'
-      notify: Restart and enable smartmontools
+      notify: Restart and enable smartd
 
     - name: Install tor config
       copy:
@@ -166,7 +166,7 @@
         user: root
       when: gandi_api_key is defined
 
-# Compute config
+# Custom repo config
 - hosts: compute
   become: yes
   handlers:

ansible/templates/local.conf.j2

@@ -1,4 +1 @@
 net.ipv6.conf.{{ interface }}.use_tempaddr=2
-{% if hostname == 'fogcutter.seaturtle.pw' %}
-net.ipv4.ip_unprivileged_port_start=0
-{% endif %}

fogcutter/podman/.gitignore

@@ -0,0 +1 @@
+firefly.env

fogcutter/podman/firefly.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  loginctl enable-linger $USER
+  podman network create pew-net || true
+
+  # Exposed on port 8080 in pew-net
+  # env options: https://raw.githubusercontent.com/firefly-iii/firefly-iii/main/.env.example
+  # Create firefly.env with APP_KEY
+  podman create \
+    --name firefly \
+    --env-file=firefly.env \
+    --env SITE_OWNER=paulsw.pw@gmail.com \
+    --env TZ=US/Eastern \
+    --env TRUSTED_PROXIES=** \
+    --env DB_CONNECTION=mysql \
+    --env DB_HOST=firefly-mariadb \
+    --env DB_PORT=3306 \
+    --env DB_DATABASE=firefly \
+    --env DB_USERNAME=firefly \
+    --env DB_PASSWORD=firefly \
+    --env APP_URL=https://ff.seaturtle.pw \
+    --volume /bigdata/k8s-config/firefly/data:/var/www/html/storage/upload:rw \
+    --network pew-net \
+    jc5x/firefly-iii:version-5.4.6
+
+  podman generate systemd firefly --restart-policy=always --name > $HOME/.config/systemd/user/firefly.service
+  systemctl --user daemon-reload
+  systemctl start --user firefly || systemctl restart --user firefly
+  systemctl enable --user firefly
+
+  # Exposed on port 3306 in pew-net
+  podman create \
+    --name firefly-mariadb \
+    --env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \
+    --env MYSQL_PASSWORD=firefly \
+    --env MYSQL_DATABASE=firefly \
+    --env MYSQL_USER=firefly \
+    --volume /bigdata/k8s-config/firefly/mariadb:/var/lib/mysql:rw \
+    --network pew-net \
+    mariadb:10.5.6
+
+  podman generate systemd firefly-mariadb --restart-policy=always --name > $HOME/.config/systemd/user/firefly-mariadb.service
+  systemctl --user daemon-reload
+  systemctl start --user firefly-mariadb || systemctl restart --user firefly-mariadb
+  systemctl enable --user firefly-mariadb
+}
+
+down () {
+  systemctl stop --user firefly || true
+  systemctl disable --user firefly || true
+  podman rm firefly || true
+  systemctl stop --user firefly-mariadb || true
+  systemctl disable --user firefly-mariadb || true
+  podman rm firefly-mariadb || true
+}
+
+logs () {
+  podman logs -f firefly
+}
+
+logsm () {
+  podman logs -f firefly-mariadb
+}
+
+$@

fogcutter/podman/matrix.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -e
+
+up () {
+  loginctl enable-linger $USER
+  podman network create pew-net || true
+
+  # Exposed on port 8008 in pew-net
+  podman create \
+    --name synapse \
+    --env TZ=US/Eastern \
+    --volume /bigdata/k8s-config/matrix/synapse:/data:rw \
+    --network pew-net \
+    matrixdotorg/synapse:v1.26.0
+
+  podman generate systemd synapse --restart-policy=always --name > $HOME/.config/systemd/user/synapse.service
+  systemctl --user daemon-reload
+  systemctl start --user synapse || systemctl restart --user synapse
+  systemctl enable --user synapse
+
+  # Exposed on port 80 in pew-net
+  podman create \
+    --name riot-web \
+    --volume /bigdata/k8s-config/matrix/riot-web/config.json:/app/config.json:ro \
+    --network pew-net \
+    vectorim/element-web:v1.7.20
+
+  podman generate systemd riot-web --restart-policy=always --name > $HOME/.config/systemd/user/riot-web.service
+  systemctl --user daemon-reload
+  systemctl start --user riot-web || systemctl restart --user riot-web
+  systemctl enable --user riot-web
+}
+
+down () {
+  systemctl stop --user synapse || true
+  systemctl disable --user synapse || true
+  podman rm synapse || true
+  systemctl stop --user riot-web || true
+  systemctl disable --user riot-web || true
+  podman rm riot-web || true
+}
+
+logs () {
+  podman logs -f synapse
+}
+
+logsr () {
+  podman logs -f riot-web
+}
+
+$@

fogcutter/podman/nginx.sh

@@ -14,7 +14,7 @@ up () {
     --env GUID=1000 \
     --env TZ=US/Eastern \
     --env URL=seaturtle.pw \
-    --env SUBDOMAINS=airsonic,git,jf,nc,plex \
+    --env SUBDOMAINS=airsonic,ff,git,jf,m,matrix,nc,plex \
     --env VALIDATION=http \
     --env EMAIL=paulsw.pw@gmail.com \
     --volume /bigdata/files:/files:ro \
@@ -24,6 +24,7 @@ up () {
     --volume /bigdata/k8s-config/nginx/site-confs:/config/nginx/site-confs:ro \
     --publish 127.0.0.1:80:80 \
     --publish 443:443 \
+    --publish 8448:8448 \
     --network pew-net \
     linuxserver/swag:1.10.1-ls29