From 99ea78d740759c4fd8a0d8fd75144bb55591666c Mon Sep 17 00:00:00 2001 From: Joerg Lehmann Date: Sat, 10 Dec 2022 09:57:27 +0000 Subject: [PATCH] add wiki, wordpresscmoag, wordpressacmoag, update doc --- README.md | 91 ++++++++++++++--------- nbitwiki/nbitwiki.yaml | 45 +++++++++++ traefik/configuration/nbitwebsite.yml | 6 +- traefik/configuration/nbitwiki.yml | 18 +++++ traefik/configuration/wordpressacmoag.yml | 19 +++++ traefik/configuration/wordpresscmoag.yml | 18 +++++ wordpressacmoag/uploads.ini | 1 + wordpressacmoag/wordpressacmoag.yaml | 81 ++++++++++++++++++++ wordpresscmoag/uploads.ini | 1 + wordpresscmoag/wordpresscmoag.yaml | 81 ++++++++++++++++++++ 10 files changed, 324 insertions(+), 37 deletions(-) create mode 100644 nbitwiki/nbitwiki.yaml create mode 100644 traefik/configuration/nbitwiki.yml create mode 100644 traefik/configuration/wordpressacmoag.yml create mode 100644 traefik/configuration/wordpresscmoag.yml create mode 100644 wordpressacmoag/uploads.ini create mode 100644 wordpressacmoag/wordpressacmoag.yaml create mode 100644 wordpresscmoag/uploads.ini create mode 100644 wordpresscmoag/wordpresscmoag.yaml diff --git a/README.md b/README.md index 2ee31d5..7339398 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ onyx.nbit.ch is used to run rootless Podman containers, using Traefik as a Reverse Proxy +Additionally it acts as a secondary nameserver ns2.nbit.ch + In this directory (/home/containers/onyx_pods), you will find all configuration files to run the containers (with Podman and Kubernetes YAML files) Specs: @@ -77,39 +79,7 @@ command to check who is banned: ## Backup Server -TODO - ```bash -Backup MySQL-DBs: - -/usr/local/bin/backup-mysql-dbs.sh (sinngemaess, eine Zeile pro Container): -root@moby:/usr/local/bin# more backup-mysql-dbs.sh -#!/bin/bash -# Backup der MySQL DBs (Docker) -# -for container_name in $(docker ps --format "{{.Image}} {{.Names}}" |grep mysql |awk '{print $2}'); do - if [ -f /usr/local/bin/${container_name}.pwd ]; then - # im pwd-File muss "PWD=XXXX" (root) gesetzt werden - . /usr/local/bin/${container_name}.pwd - docker exec ${container_name} /usr/bin/mysqldump -u root --password=${PWD} --all-databases > /backup/mysql-databases-${container_name}-$(date +%Y%m%W).sql 2>/dev/null - else - >&2 echo "Password must be set as PWD=XXXX in /usr/local/bin/${container_name}.pwd" - fi -done - -# Cleanup Old Backups -find /backup -type f -mtime +30 -exec rm {} \; - -/etc/cron.d/backup-mysql-dbs: -# Backup MySQL DBs -# -45 5 * * * root /usr/local/bin/backup-mysql-dbs.sh >/dev/null - - -Restore: just in case: -cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE - - # dnf install restic # mkdir /backup # mkdir /backup-restic @@ -119,8 +89,6 @@ SSH Keypaar fuer User root erstellen und auf Hetzner Storagebox hinterlegen: # ssh-keygen - - Restic Script: /usr/local/bin/backup-to-disk.sh @@ -155,6 +123,46 @@ Backup auf Storag Box: HERE ``` +```bash +Backup MySQL-DBs: + +# mkdir /backup/mysql-dbs +# chown containers:containers /backup/mysql-dbs/ + +/usr/local/bin/backup-mysql-dbs.sh (sinngemaess, eine Zeile pro Container): +[root@onyx bin]# more backup-mysql-dbs.sh +#!/bin/bash +# Backup der MySQL DBs (Podman) +# +for container_name in $(podman ps --format "{{.Image}} {{.Names}}" |grep mysql |awk '{print $2}'); do + if [ -f /usr/local/bin/${container_name}.pwd ]; then + # im pwd-File muss "PWD=XXXX" (root) gesetzt werden + . /usr/local/bin/${container_name}.pwd + podman exec ${container_name} /usr/bin/mysqldump -u root --password=${PWD} --all-databases > /backup//mysql-dbs/mysql-databases-${container_name}-$(date +%Y%m%W).sql 2>/dev/null + else + >&2 echo "Password must be set as PWD=XXXX in /usr/local/bin/${container_name}.pwd" + fi +done + +# Cleanup Old Backups +find /backup/mysql-dbs -type f -mtime +30 -exec rm {} \; + +[root@onyx bin]# ls -l *pwd +-r--------. 1 containers containers 15 Dec 10 09:42 wordpressacmoag-pod-db.pwd +-r--------. 1 containers containers 15 Dec 10 09:38 wordpresscmoag-pod-db.pwd + +/etc/cron.d/backup-mysql-dbs: +# Backup MySQL DBs +# +45 5 * * * containers /usr/local/bin/backup-mysql-dbs.sh >/dev/null + + +Restore: just in case: +cat backup.sql | podman exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE + + + + ## Wordpress behind Traefik @@ -281,3 +289,18 @@ containers$ escaped=$(systemd-escape ~/onyx_pods/${backendservice}/${backendserv containers$ systemctl --user start podman-kube@$escaped.service containers$ systemctl --user enable podman-kube@$escaped.service ``` + + + +## Secondary Nameserver + +```bash +# dnf install bind bind-utils +# systemctl enable --now named +# firewall-cmd --add-service=dns --permanent +# firewall-cmd --reload + +Adopt /etc/named.conf: + + +``` diff --git a/nbitwiki/nbitwiki.yaml b/nbitwiki/nbitwiki.yaml new file mode 100644 index 0000000..d44c6fa --- /dev/null +++ b/nbitwiki/nbitwiki.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/nbitwiki/config: z + io.kubernetes.cri-o.TTY/nbitwiki: "false" + io.podman.annotations.autoremove/nbitwiki: "FALSE" + io.podman.annotations.init/nbitwiki: "FALSE" + io.podman.annotations.label/nbitwiki: type:container_runtime_t + io.podman.annotations.privileged/nbitwiki: "FALSE" + io.podman.annotations.publish-all/nbitwiki: "FALSE" + labels: + app: nbitwiki-pod + name: nbitwiki-pod +spec: + containers: + - image: ghcr.io/linuxserver/dokuwiki + name: dokuwiki + env: + - name: PUID + value: 1000 + - name: PGID + value: 1000 + - name: TZ + value: "Europe/Zurich" + ports: + - containerPort: 80 + hostPort: 9010 + hostIP: 127.0.0.1 + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_AUDIT_WRITE + seLinuxOptions: + type: container_runtime_t + volumeMounts: + - mountPath: /config + name: data-nbitwiki-host-0 + volumes: + - hostPath: + path: /data/nbitwiki/config + type: Directory + name: data-nbitwiki-host-0 diff --git a/traefik/configuration/nbitwebsite.yml b/traefik/configuration/nbitwebsite.yml index 98b0bbc..9ccd235 100644 --- a/traefik/configuration/nbitwebsite.yml +++ b/traefik/configuration/nbitwebsite.yml @@ -6,9 +6,9 @@ http: tls: certresolver: "myresolver" domains: - - main: "www.linux-freelancer.ch" - sans: "linux-freelancer.ch" - rule: "Host(`linux-freelancer.ch`,`www.linux-freelancer.ch`)" + - main: "nbit.ch" + sans: "www.nbit.ch,linux-freelancer.ch,www.linux-freelancer.ch" + rule: "Host(`nbit.ch`,`www.nbit.ch`,`linux-freelancer.ch`,`www.linux-freelancer.ch`)" service: nbitwebsite services: diff --git a/traefik/configuration/nbitwiki.yml b/traefik/configuration/nbitwiki.yml new file mode 100644 index 0000000..ef69b8d --- /dev/null +++ b/traefik/configuration/nbitwiki.yml @@ -0,0 +1,18 @@ +http: + routers: + nbitwiki: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "wiki.nbit.ch" + rule: "Host(`wiki.nbit.ch`)" + service: nbitwiki + + services: + nbitwiki: + loadBalancer: + servers: + - url: http://127.0.0.1:9010/ + passHostHeader: true diff --git a/traefik/configuration/wordpressacmoag.yml b/traefik/configuration/wordpressacmoag.yml new file mode 100644 index 0000000..cd00bff --- /dev/null +++ b/traefik/configuration/wordpressacmoag.yml @@ -0,0 +1,19 @@ +http: + routers: + wordpressacmoag: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "www.acmoag.com" + sans: "acmoag.com" + rule: "Host(`acmoag.com`,`www.acmoag.com`)" + service: wordpresscmoag + + services: + wordpresscmoag: + loadBalancer: + servers: + - url: http://127.0.0.1:9030/ + passHostHeader: true diff --git a/traefik/configuration/wordpresscmoag.yml b/traefik/configuration/wordpresscmoag.yml new file mode 100644 index 0000000..ae8c1f0 --- /dev/null +++ b/traefik/configuration/wordpresscmoag.yml @@ -0,0 +1,18 @@ +http: + routers: + wordpresscmoag: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "www.cmoag.com" + rule: "Host(`www.cmoag.com`)" + service: wordpresscmoag + + services: + wordpresscmoag: + loadBalancer: + servers: + - url: http://127.0.0.1:9020/ + passHostHeader: true diff --git a/wordpressacmoag/uploads.ini b/wordpressacmoag/uploads.ini new file mode 100644 index 0000000..e16356a --- /dev/null +++ b/wordpressacmoag/uploads.ini @@ -0,0 +1 @@ +upload_max_filesize = 8M diff --git a/wordpressacmoag/wordpressacmoag.yaml b/wordpressacmoag/wordpressacmoag.yaml new file mode 100644 index 0000000..6b5e4af --- /dev/null +++ b/wordpressacmoag/wordpressacmoag.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/wordpressacmoag/wp: z + bind-mount-options:/data/wordpressacmoag/db: z + bind-mount-options:/home/containers/onyx_pods/wordpressacmoag/uploads.ini: z + io.kubernetes.cri-o.TTY/wordpressacmoag: "false" + io.podman.annotations.autoremove/wordpressacmoag: "FALSE" + io.podman.annotations.init/wordpressacmoag: "FALSE" + io.podman.annotations.label/wordpressacmoag: type:container_runtime_t + io.podman.annotations.privileged/wordpressacmoag: "FALSE" + io.podman.annotations.publish-all/wordpressacmoag: "FALSE" + labels: + app: wordpressacmoag-pod + name: wordpressacmoag-pod +spec: + containers: + - args: + - mysqld + env: + - name: MYSQL_USER + value: wordpress + - name: MYSQL_ROOT_PASSWORD + value: blafasel27 + - name: MYSQL_DATABASE + value: wordpress + - name: MYSQL_PASSWORD + value: blafasel27 + image: docker.io/library/mysql:8.0 + name: db + ports: + - containerPort: 80 + hostPort: 9030 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/lib/mysql + name: data-wordpressacmoag-dp-0 + - env: + - name: WORDPRESS_DB_PASSWORD + value: blafasel27 + - name: WORDPRESS_DB_USER + value: wordpress + - name: WORDPRESS_DB_NAME + value: wordpress + - name: WORDPRESS_DB_HOST + value: 127.0.0.1 + image: docker.io/library/wordpress:php7.4-apache + name: wordpress + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/www/html + name: data-wordpressacmoag-wp-0 + - mountPath: /usr/local/etc/php/conf.d/uploads.ini + name: data-wordpressacmoag-wp-1 + restartPolicy: Never + volumes: + - hostPath: + path: /data/wordpressacmoag/wp + type: Directory + name: data-wordpressacmoag-wp-0 + - hostPath: + path: /home/containers/onyx_pods/wordpressacmoag/uploads.ini + type: File + name: data-wordpressacmoag-wp-1 + - hostPath: + path: /data/wordpressacmoag/db + type: Directory + name: data-wordpressacmoag-dp-0 diff --git a/wordpresscmoag/uploads.ini b/wordpresscmoag/uploads.ini new file mode 100644 index 0000000..e16356a --- /dev/null +++ b/wordpresscmoag/uploads.ini @@ -0,0 +1 @@ +upload_max_filesize = 8M diff --git a/wordpresscmoag/wordpresscmoag.yaml b/wordpresscmoag/wordpresscmoag.yaml new file mode 100644 index 0000000..afc5c53 --- /dev/null +++ b/wordpresscmoag/wordpresscmoag.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/wordpresscmoag/wp: z + bind-mount-options:/data/wordpresscmoag/db: z + bind-mount-options:/home/containers/onyx_pods/wordpresscmoag/uploads.ini: z + io.kubernetes.cri-o.TTY/wordpresscmoag: "false" + io.podman.annotations.autoremove/wordpresscmoag: "FALSE" + io.podman.annotations.init/wordpresscmoag: "FALSE" + io.podman.annotations.label/wordpresscmoag: type:container_runtime_t + io.podman.annotations.privileged/wordpresscmoag: "FALSE" + io.podman.annotations.publish-all/wordpresscmoag: "FALSE" + labels: + app: wordpresscmoag-pod + name: wordpresscmoag-pod +spec: + containers: + - args: + - mysqld + env: + - name: MYSQL_USER + value: wordpress + - name: MYSQL_ROOT_PASSWORD + value: blafasel27 + - name: MYSQL_DATABASE + value: wordpress + - name: MYSQL_PASSWORD + value: blafasel27 + image: docker.io/library/mysql:8.0 + name: db + ports: + - containerPort: 80 + hostPort: 9020 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/lib/mysql + name: data-wordpresscmoag-dp-0 + - env: + - name: WORDPRESS_DB_PASSWORD + value: blafasel27 + - name: WORDPRESS_DB_USER + value: wordpress + - name: WORDPRESS_DB_NAME + value: wordpress + - name: WORDPRESS_DB_HOST + value: 127.0.0.1 + image: docker.io/library/wordpress:php7.4-apache + name: wordpress + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/www/html + name: data-wordpresscmoag-wp-0 + - mountPath: /usr/local/etc/php/conf.d/uploads.ini + name: data-wordpresscmoag-wp-1 + restartPolicy: Never + volumes: + - hostPath: + path: /data/wordpresscmoag/wp + type: Directory + name: data-wordpresscmoag-wp-0 + - hostPath: + path: /home/containers/onyx_pods/wordpresscmoag/uploads.ini + type: File + name: data-wordpresscmoag-wp-1 + - hostPath: + path: /data/wordpresscmoag/db + type: Directory + name: data-wordpresscmoag-dp-0