add README for gitea

README.md

@@ -47,6 +47,7 @@ enable EPEL Repo:
 # dnf install firewalld
 # firewall-cmd --add-service={http,https} --permanent
 # firewall-cmd --remove-service=cockpit --permanent
+# firewall-cmd --add-port=1883/tcp --permanent   ; only for MQTT
 # firewall-cmd --reload
 
 List Rules:
@@ -192,6 +193,19 @@ Set Defaults:
 containers$ cat ~/.config/containers/containers.conf
 [network]
 network_backend = "netavark"
+
+
+Credentials for Gitlab Registry should be available after Reboot
+
+# User: drpuur, Password: Token from Gitlab (glpat-L5fU-_eZ6u74-3a8Jsnn)
+[containers@onyx-dev ~]$ podman login registry.gitlab.com
+Username: drpuur
+Password:
+Login Succeeded!
+
+[containers@onyx-dev ~]$ cp /run/user/1000/containers/auth.json ~/.config/containers/auth.json
+
+
 ```
 
 ### Setup Traefik
@@ -309,3 +323,7 @@ on master:
 
 
 ```
+
+Read Rights for Grafana Agent:
+
+# setfacl -R -m u:grafana-agent:rX /var/log

gitea/README.md

@@ -0,0 +1,7 @@
+
+Config of Gitea is done in config/app.ini
+
+To disable the possibility to self-register:
+
+[root@onyx ~]# grep DISABLE_REGISTRATION /data/gitea/config/app.ini
+DISABLE_REGISTRATION              = true

gitea/gitea.yaml

@@ -0,0 +1,57 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/gitea/data: z
+    bind-mount-options:/data/gitea/config: z
+    io.kubernetes.cri-o.TTY/gitea: "false"
+    io.podman.annotations.autoremove/gitea: "FALSE"
+    io.podman.annotations.init/gitea: "FALSE"
+    io.podman.annotations.label/gitea: type:container_runtime_t
+    io.podman.annotations.privileged/gitea: "FALSE"
+    io.podman.annotations.publish-all/gitea: "FALSE"
+  labels:
+    app: gitea-pod
+  name: gitea-pod
+spec:
+  containers:
+  - image: docker.io/gitea/gitea:latest-rootless
+    name: gitea
+    ports:
+    - containerPort: 3000
+      hostPort: 9080
+      hostIP: 127.0.0.1
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/lib/gitea
+      name: data-gitea-data-0
+    - mountPath: /etc/gitea
+      name: data-gitea-config-0
+    - mountPath: /etc/timezone
+      name: etc-timezone-0
+      readOnly: true
+    - mountPath: /etc/localtime
+      name: etc-localtime-0
+      readOnly: true
+  volumes:
+  - hostPath:
+      path: /data/gitea/data
+      type: Directory
+    name: data-gitea-data-0
+  - hostPath:
+      path: /data/gitea/config
+      type: Directory
+    name: data-gitea-config-0
+  - hostPath:
+      path: /etc/timezone
+      type: File
+    name: etc-timezone-0
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-0

minibeieli/minibeieli.yaml

@@ -18,7 +18,7 @@ metadata:
 spec:
   containers:
   - name: mini-beieli-web
-    image: registry.gitlab.com/drpuur/mini-beieli-web:2022122601
+    image: registry.gitlab.com/drpuur/mini-beieli-web:2023020301
     env:
     - name: REDIS_CONNECTION_STRING
       value: 127.0.0.1:6379
@@ -43,7 +43,7 @@ spec:
         - CAP_NET_RAW
         - CAP_AUDIT_WRITE
   - name: mini-beieli-lorahandler
-    image: registry.gitlab.com/drpuur/mini-beieli-lorahandler:2022122601
+    image: registry.gitlab.com/drpuur/mini-beieli-lorahandler:2022122801
     env:
     - name: REDIS_CONNECTION_STRING
       value: 127.0.0.1:6379
@@ -64,7 +64,6 @@ spec:
     image: docker.io/library/influxdb:2.6
     ports:
     - containerPort: 8086
-      hostPort: 8086
     resources: {}
     securityContext:
       capabilities:

traefik/configuration/gitea.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    gitea:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "git.nbit.ch"
+      rule: "Host(`git.nbit.ch`)"
+      service: gitea
+
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9080/
+        passHostHeader: false

traefik/configuration/wobisch.yml

@@ -0,0 +1,35 @@
+http:
+  routers:
+    wobisch-web:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "wo-bisch.ch"
+            sans: "www.wo-bisch.ch"
+      rule: "Host(`wo-bisch.ch`,`www.wo-bisch.ch`)"
+      service: wobisch-web
+
+    wobisch-lorahandler:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "wo-bisch.ch"
+            sans: "www.wo-bisch.ch"
+      rule: "Host(`wo-bisch.ch`,`www.wo-bisch.ch`) && PathPrefix(`/lorahandler`)"
+      service: wobisch-lorahandler
+
+  services:
+    wobisch-web:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9060/
+        passHostHeader: true
+    wobisch-lorahandler:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9061/
+        passHostHeader: true

wobisch/telegraf.conf

@@ -0,0 +1,31 @@
+[global_tags]
+
+# Configuration for telegraf agent
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 100000
+  collection_jitter = "0s"
+  flush_interval = "10s"
+  flush_jitter = "0s"
+  precision = ""
+  debug = false
+  quiet = false
+  logfile = ""
+  hostname = ""
+  omit_hostname = false
+
+[[inputs.tail]]
+  files = ["/data/wo-bisch-lorahandler.log"]
+  from_beginning = false
+  pipe = false
+  tagexclude = ["path","host"]
+  data_format = "influx"
+
+# Configuration for sending metrics to InfluxDB 2.0
+[[outputs.influxdb_v2]]
+  urls = ["http://127.0.0.1:8086"]
+  token = "OMFWazmSYezw2vVw2cC6pbvMXKaQpzjgN7nemstXifQtQAINeBSXNR66Z6PB2CemTHUdbz5IBIbRdBpcPXZ4FQ=="
+  organization = "wobischorg"
+  bucket = "wobischbucket"

wobisch/wobisch.yaml

@@ -0,0 +1,125 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/wobisch/influxdb: z
+    bind-mount-options:/data/wobisch/redis: z
+    bind-mount-options:/data/wobisch/lorahandlerdata: z
+    bind-mount-options:/home/containers/onyx_pods/wobisch/telegraf.conf: z
+    io.kubernetes.cri-o.TTY/wobisch: "false"
+    io.podman.annotations.autoremove/wobisch: "FALSE"
+    io.podman.annotations.init/wobisch: "FALSE"
+    io.podman.annotations.label/wobisch: type:container_runtime_t
+    io.podman.annotations.privileged/wobisch: "FALSE"
+    io.podman.annotations.publish-all/wobisch: "FALSE"
+  labels:
+    app: wobisch-pod
+  name: wobisch-pod
+spec:
+  containers:
+  - name: wo-bisch-web
+    image: registry.gitlab.com/drpuur/wo-bisch-web:2023020304
+    env:
+    - name: REDIS_CONNECTION_STRING
+      value: 127.0.0.1:6379
+    - name: INFLUX_URL
+      value: http://127.0.0.1:8086/api/v2/query?org=wobischorg
+    - name: INFLUX_RO_TOKEN
+      value: hVK-DQk3kQhrTndYCvv8T1c99nSdpUe2wPAzEMH77rpuDKLbEdsI-Ten6S09EPlgKBCPVypYohMNO9AYbt0MlQ==
+    - name: STRIPE_KEY
+      value: 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
+    - name: STRIPE_PK
+      value: pk_live_51Icq29K2XyHQRTs2oNQMPT75m7J96ajcKDADEE8FCSA3WWD98je6IZgN0E7Q2t5Vccdu1ar5kQZUIjbPhRluTkS500rgdMr0dF
+    - name: MAILSERVER_HOST
+      value: mail.nbit.ch
+    ports:
+    - containerPort: 4000
+      hostPort: 9060
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+  - name: wo-bisch-lorahandler
+    image: registry.gitlab.com/drpuur/wo-bisch-lorahandler:2022122801
+    env:
+    - name: REDIS_CONNECTION_STRING
+      value: 127.0.0.1:6379
+    - name: MAILSERVER_HOST
+      value: mail.nbit.ch
+    ports:
+    - containerPort: 8080
+      hostPort: 9061
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: lorahandlerdata
+  - name: influxdb
+    image: docker.io/library/influxdb:2.6
+    ports:
+    - containerPort: 8086
+      hostPort: 8087
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/lib/influxdb2
+      name: influxdb
+  - name: redis
+    image: docker.io/library/redis:7
+    args: ["--save 60 1", "--loglevel warning"]
+    ports:
+    - containerPort: 5432
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: redis
+  - name: telegraf
+    image: docker.io/library/telegraf:1.25
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: lorahandlerdata
+    - mountPath: /etc/telegraf/telegraf.conf
+      name: telegrafconf
+  restartPolicy: Always
+  volumes:
+  - hostPath:
+      path: /data/wobisch/influxdb
+      type: Directory
+    name: influxdb
+  - hostPath:
+      path: /data/wobisch/redis
+      type: Directory
+    name: redis
+  - hostPath:
+      path: /data/wobisch/lorahandlerdata
+      type: Directory
+    name: lorahandlerdata
+  - hostPath:
+      path: /home/containers/onyx_pods/wobisch/telegraf.conf
+      type: File
+    name: telegrafconf