add wiki, wordpresscmoag, wordpressacmoag, update doc

README.md

@@ -2,6 +2,8 @@
 
 onyx.nbit.ch is used to run rootless Podman containers, using Traefik as a Reverse Proxy
 
+Additionally it acts as a secondary nameserver ns2.nbit.ch
+
 In this directory (/home/containers/onyx_pods), you will find all configuration files to run the containers (with Podman and Kubernetes YAML files)
 
 Specs:
@@ -77,39 +79,7 @@ command to check who is banned:
 
 ## Backup Server
 
-TODO
-
 ```bash
-Backup MySQL-DBs:
-
-/usr/local/bin/backup-mysql-dbs.sh (sinngemaess, eine Zeile pro Container):
-root@moby:/usr/local/bin# more backup-mysql-dbs.sh
-#!/bin/bash
-# Backup der MySQL DBs (Docker)
-#
-for container_name in $(docker ps --format "{{.Image}} {{.Names}}" |grep mysql  |awk '{print $2}'); do
-  if [ -f /usr/local/bin/${container_name}.pwd ]; then
-    # im pwd-File muss "PWD=XXXX" (root) gesetzt werden
-    . /usr/local/bin/${container_name}.pwd
-    docker exec ${container_name} /usr/bin/mysqldump -u root --password=${PWD} --all-databases > /backup/mysql-databases-${container_name}-$(date +%Y%m%W).sql 2>/dev/null
-  else
-    >&2 echo "Password must be set as PWD=XXXX in /usr/local/bin/${container_name}.pwd"
-  fi
-done
-
-# Cleanup Old Backups
-find /backup -type f -mtime +30 -exec rm {} \;
-
-/etc/cron.d/backup-mysql-dbs:
-# Backup MySQL DBs
-#
-45 5 * * * root /usr/local/bin/backup-mysql-dbs.sh >/dev/null
-
-
-Restore: just in case:
-cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
-
-
 # dnf install restic
 # mkdir /backup
 # mkdir /backup-restic
@@ -119,8 +89,6 @@ SSH Keypaar fuer User root erstellen und auf Hetzner Storagebox hinterlegen:
 
 # ssh-keygen
 
-
-
 Restic Script:
 
 /usr/local/bin/backup-to-disk.sh
@@ -155,6 +123,46 @@ Backup auf Storag Box:
 HERE
 ```
 
+```bash
+Backup MySQL-DBs:
+
+# mkdir /backup/mysql-dbs
+# chown containers:containers /backup/mysql-dbs/
+
+/usr/local/bin/backup-mysql-dbs.sh (sinngemaess, eine Zeile pro Container):
+[root@onyx bin]# more backup-mysql-dbs.sh
+#!/bin/bash
+# Backup der MySQL DBs (Podman)
+#
+for container_name in $(podman ps --format "{{.Image}} {{.Names}}" |grep mysql |awk '{print $2}'); do
+  if [ -f /usr/local/bin/${container_name}.pwd ]; then
+    # im pwd-File muss "PWD=XXXX" (root) gesetzt werden
+    . /usr/local/bin/${container_name}.pwd
+    podman exec ${container_name} /usr/bin/mysqldump -u root --password=${PWD} --all-databases > /backup//mysql-dbs/mysql-databases-${container_name}-$(date +%Y%m%W).sql 2>/dev/null
+  else
+    >&2 echo "Password must be set as PWD=XXXX in /usr/local/bin/${container_name}.pwd"
+  fi
+done
+
+# Cleanup Old Backups
+find /backup/mysql-dbs -type f -mtime +30 -exec rm {} \;
+
+[root@onyx bin]# ls -l *pwd
+-r--------. 1 containers containers 15 Dec 10 09:42 wordpressacmoag-pod-db.pwd
+-r--------. 1 containers containers 15 Dec 10 09:38 wordpresscmoag-pod-db.pwd
+
+/etc/cron.d/backup-mysql-dbs:
+# Backup MySQL DBs
+#
+45 5 * * * containers /usr/local/bin/backup-mysql-dbs.sh >/dev/null
+
+
+Restore: just in case:
+cat backup.sql | podman exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
+
+
+
+
 
 ## Wordpress behind Traefik
 
@@ -281,3 +289,18 @@ containers$ escaped=$(systemd-escape ~/onyx_pods/${backendservice}/${backendserv
 containers$ systemctl --user start podman-kube@$escaped.service
 containers$ systemctl --user enable podman-kube@$escaped.service
 ```
+
+
+
+## Secondary Nameserver
+
+```bash
+# dnf install bind bind-utils
+# systemctl enable --now named
+# firewall-cmd --add-service=dns --permanent
+# firewall-cmd --reload
+
+Adopt /etc/named.conf:
+
+
+```

nbitwiki/nbitwiki.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/nbitwiki/config: z
+    io.kubernetes.cri-o.TTY/nbitwiki: "false"
+    io.podman.annotations.autoremove/nbitwiki: "FALSE"
+    io.podman.annotations.init/nbitwiki: "FALSE"
+    io.podman.annotations.label/nbitwiki: type:container_runtime_t
+    io.podman.annotations.privileged/nbitwiki: "FALSE"
+    io.podman.annotations.publish-all/nbitwiki: "FALSE"
+  labels:
+    app: nbitwiki-pod
+  name: nbitwiki-pod
+spec:
+  containers:
+  - image: ghcr.io/linuxserver/dokuwiki
+    name: dokuwiki
+    env:
+    - name: PUID
+      value: 1000
+    - name: PGID
+      value: 1000
+    - name: TZ
+      value: "Europe/Zurich"
+    ports:
+    - containerPort: 80
+      hostPort: 9010
+      hostIP: 127.0.0.1
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_AUDIT_WRITE
+      seLinuxOptions:
+        type: container_runtime_t
+    volumeMounts:
+    - mountPath: /config
+      name: data-nbitwiki-host-0
+  volumes:
+  - hostPath:
+      path: /data/nbitwiki/config
+      type: Directory
+    name: data-nbitwiki-host-0

traefik/configuration/nbitwebsite.yml

@@ -6,9 +6,9 @@ http:
       tls:
         certresolver: "myresolver"
         domains:
-          - main: "www.linux-freelancer.ch"
-            sans: "linux-freelancer.ch"
-      rule: "Host(`linux-freelancer.ch`,`www.linux-freelancer.ch`)"
+          - main: "nbit.ch"
+            sans: "www.nbit.ch,linux-freelancer.ch,www.linux-freelancer.ch"
+      rule: "Host(`nbit.ch`,`www.nbit.ch`,`linux-freelancer.ch`,`www.linux-freelancer.ch`)"
       service: nbitwebsite
 
   services:

traefik/configuration/nbitwiki.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    nbitwiki:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "wiki.nbit.ch"
+      rule: "Host(`wiki.nbit.ch`)"
+      service: nbitwiki
+
+  services:
+    nbitwiki:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9010/
+        passHostHeader: true

traefik/configuration/wordpressacmoag.yml

@@ -0,0 +1,19 @@
+http:
+  routers:
+    wordpressacmoag:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "www.acmoag.com"
+            sans: "acmoag.com"
+      rule: "Host(`acmoag.com`,`www.acmoag.com`)"
+      service: wordpresscmoag
+
+  services:
+    wordpresscmoag:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9030/
+        passHostHeader: true

traefik/configuration/wordpresscmoag.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    wordpresscmoag:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "www.cmoag.com"
+      rule: "Host(`www.cmoag.com`)"
+      service: wordpresscmoag
+
+  services:
+    wordpresscmoag:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9020/
+        passHostHeader: true

wordpressacmoag/uploads.ini

@@ -0,0 +1 @@
+upload_max_filesize = 8M

wordpressacmoag/wordpressacmoag.yaml

@@ -0,0 +1,81 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/wordpressacmoag/wp: z
+    bind-mount-options:/data/wordpressacmoag/db: z
+    bind-mount-options:/home/containers/onyx_pods/wordpressacmoag/uploads.ini: z
+    io.kubernetes.cri-o.TTY/wordpressacmoag: "false"
+    io.podman.annotations.autoremove/wordpressacmoag: "FALSE"
+    io.podman.annotations.init/wordpressacmoag: "FALSE"
+    io.podman.annotations.label/wordpressacmoag: type:container_runtime_t
+    io.podman.annotations.privileged/wordpressacmoag: "FALSE"
+    io.podman.annotations.publish-all/wordpressacmoag: "FALSE"
+  labels:
+    app: wordpressacmoag-pod
+  name: wordpressacmoag-pod
+spec:
+  containers:
+  - args:
+    - mysqld
+    env:
+    - name: MYSQL_USER
+      value: wordpress
+    - name: MYSQL_ROOT_PASSWORD
+      value: blafasel27
+    - name: MYSQL_DATABASE
+      value: wordpress
+    - name: MYSQL_PASSWORD
+      value: blafasel27
+    image: docker.io/library/mysql:8.0
+    name: db
+    ports:
+    - containerPort: 80
+      hostPort: 9030
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/lib/mysql
+      name: data-wordpressacmoag-dp-0
+  - env:
+    - name: WORDPRESS_DB_PASSWORD
+      value: blafasel27
+    - name: WORDPRESS_DB_USER
+      value: wordpress
+    - name: WORDPRESS_DB_NAME
+      value: wordpress
+    - name: WORDPRESS_DB_HOST
+      value: 127.0.0.1
+    image: docker.io/library/wordpress:php7.4-apache
+    name: wordpress
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/www/html
+      name: data-wordpressacmoag-wp-0
+    - mountPath: /usr/local/etc/php/conf.d/uploads.ini
+      name: data-wordpressacmoag-wp-1
+  restartPolicy: Never
+  volumes:
+  - hostPath:
+      path: /data/wordpressacmoag/wp
+      type: Directory
+    name: data-wordpressacmoag-wp-0
+  - hostPath:
+      path: /home/containers/onyx_pods/wordpressacmoag/uploads.ini
+      type: File
+    name: data-wordpressacmoag-wp-1
+  - hostPath:
+      path: /data/wordpressacmoag/db
+      type: Directory
+    name: data-wordpressacmoag-dp-0

wordpresscmoag/uploads.ini

@@ -0,0 +1 @@
+upload_max_filesize = 8M

wordpresscmoag/wordpresscmoag.yaml

@@ -0,0 +1,81 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/wordpresscmoag/wp: z
+    bind-mount-options:/data/wordpresscmoag/db: z
+    bind-mount-options:/home/containers/onyx_pods/wordpresscmoag/uploads.ini: z
+    io.kubernetes.cri-o.TTY/wordpresscmoag: "false"
+    io.podman.annotations.autoremove/wordpresscmoag: "FALSE"
+    io.podman.annotations.init/wordpresscmoag: "FALSE"
+    io.podman.annotations.label/wordpresscmoag: type:container_runtime_t
+    io.podman.annotations.privileged/wordpresscmoag: "FALSE"
+    io.podman.annotations.publish-all/wordpresscmoag: "FALSE"
+  labels:
+    app: wordpresscmoag-pod
+  name: wordpresscmoag-pod
+spec:
+  containers:
+  - args:
+    - mysqld
+    env:
+    - name: MYSQL_USER
+      value: wordpress
+    - name: MYSQL_ROOT_PASSWORD
+      value: blafasel27
+    - name: MYSQL_DATABASE
+      value: wordpress
+    - name: MYSQL_PASSWORD
+      value: blafasel27
+    image: docker.io/library/mysql:8.0
+    name: db
+    ports:
+    - containerPort: 80
+      hostPort: 9020
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/lib/mysql
+      name: data-wordpresscmoag-dp-0
+  - env:
+    - name: WORDPRESS_DB_PASSWORD
+      value: blafasel27
+    - name: WORDPRESS_DB_USER
+      value: wordpress
+    - name: WORDPRESS_DB_NAME
+      value: wordpress
+    - name: WORDPRESS_DB_HOST
+      value: 127.0.0.1
+    image: docker.io/library/wordpress:php7.4-apache
+    name: wordpress
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/www/html
+      name: data-wordpresscmoag-wp-0
+    - mountPath: /usr/local/etc/php/conf.d/uploads.ini
+      name: data-wordpresscmoag-wp-1
+  restartPolicy: Never
+  volumes:
+  - hostPath:
+      path: /data/wordpresscmoag/wp
+      type: Directory
+    name: data-wordpresscmoag-wp-0
+  - hostPath:
+      path: /home/containers/onyx_pods/wordpresscmoag/uploads.ini
+      type: File
+    name: data-wordpresscmoag-wp-1
+  - hostPath:
+      path: /data/wordpresscmoag/db
+      type: Directory
+    name: data-wordpresscmoag-dp-0