jdormit/jdormit-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Delete wallabag, syncthing, freshrss, and justin-ghost-site

Browse Source
This commit is contained in:
jdormit 2024-01-14 23:37:24 -05:00
parent 7b7b6b3606
commit ab49519de7
54 changed files with 0 additions and 1503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
mgmt/do-jeremydormitzer-com/terraform/main.tf
View File

@ -75,27 +75,3 @@ resource "digitalocean_record" "git_txt" {
value = "\"k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpGHgB9oj3UdxdGUp9389PihevWCs+YKdkXv+C9DRv7nXY+L1bGjgqooIXwW9Bte5QC9lFpCN81NzK95gDYkX9rgo+huaeSw2B4slGBBWIBet4Wk6OafcQ2LsT9/VFUYeFyKD8AF4hV44CC5ZSWYVC6TiYCrNhEscQo9OYBhKicwIDAQAB\""
ttl = 3600
}
resource "digitalocean_record" "syncthing" {
domain = digitalocean_domain.jeremydormitzer_com.name
type = "A"
name = "syncthing"
value = data.terraform_remote_state.nginx.outputs.nginx_ip_address
ttl = 3600
}
resource "digitalocean_record" "wallabag" {
domain = digitalocean_domain.jeremydormitzer_com.name
type = "A"
name = "wallabag"
value = data.terraform_remote_state.nginx.outputs.nginx_ip_address
ttl = 3600
}
resource "digitalocean_record" "freshrss" {
domain = digitalocean_domain.jeremydormitzer_com.name
type = "A"
name = "rss"
value = data.terraform_remote_state.nginx.outputs.nginx_ip_address
ttl = 3600
}

8
prod/freshrss/packer/.envrc
View File

@ -1,8 +0,0 @@
source_up
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

2
prod/freshrss/packer/.gitignore vendored
View File

@ -1,2 +0,0 @@
tmp/
certbot/

35
prod/freshrss/packer/Makefile
View File

@ -1,35 +0,0 @@
.PHONY: reissue-certs
packer-manifest.json: freshrss.json \
scripts/dependencies.sh \
files/freshrss.timer \
files/freshrss.service \
scripts/freshrss.sh \
files/freshrss-nginx.conf \
scripts/nginx.sh \
certbot/live/rss.jeremydormitzer.com/fullchain.pem \
certbot/live/rss.jeremydormitzer.com/privkey.pem
packer build freshrss.json
certbot/live/rss.jeremydormitzer.com/fullchain.pem certbot/live/rss.jeremydormitzer.com/privkey.pem &: tmp/do.ini
certbot certonly -n \
--agree-tos \
--email ${CERTBOT_EMAIL} \
--dns-digitalocean \
--dns-digitalocean-credentials tmp/do.ini \
--config-dir ./certbot \
--work-dir ./certbot \
--logs-dir ./certbot \
-d rss.jeremydormitzer.com
tmp/do.ini: templates/do.ini.template tmp
sigil -p -f templates/do.ini.template > tmp/do.ini
chmod 600 tmp/do.ini
tmp:
mkdir tmp
reissue-certs:
rm -rf certbot
make

49
prod/freshrss/packer/files/freshrss-nginx.conf
View File

@ -1,49 +0,0 @@
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /var/www/freshrss/fullchain.pem;
ssl_certificate_key /var/www/freshrss/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
root /var/www/html/p/;
index index.php index.html index.htm;
# nginx log files
access_log /var/log/nginx/rss.access.log;
error_log /var/log/nginx/rss.error.log;
# php files handling
# this regex is mandatory because of the API
location ~ ^.+?\.php(/.*)?$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
# NOTE: the separate $path_info variable is required. For more details, see:
# https://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ index.php;
}
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

8
prod/freshrss/packer/files/freshrss.service
View File

@ -1,8 +0,0 @@
[Unit]
Description=Refresh FreshRSS feeds
Wants=freshrss.timer
[Service]
User=www-data
Type=simple
ExecStart=/usr/bin/php /usr/share/FreshRSS/app/actualize_script.php

9
prod/freshrss/packer/files/freshrss.timer
View File

@ -1,9 +0,0 @@
[Unit]
Description=Refresh FreshRSS feeds
[Timer]
OnBootSec=30s
OnCalendar=*:0/20
[Install]
WantedBy=timers.target

75
prod/freshrss/packer/freshrss.json
View File

@ -1,75 +0,0 @@
{
"variables": {
"freshrss_user": "{{env `FRESHRSS_USER`}}",
"freshrss_password": "{{env `FRESHRSS_PASSWORD`}}",
"freshrss_api_password": "{{env `FRESHRSS_API_PASSWORD`}}",
"freshrss_email": "{{env `FRESHRSS_EMAIL`}}",
"freshrss_token": "{{env `FRESHRSS_TOKEN`}}"
},
"sensitive-variables": [
"freshrss_password",
"freshrss_api_password",
"freshrss_token"
],
"builders": [
{
"type": "digitalocean",
"image": "ubuntu-20-04-x64",
"region": "nyc1",
"size": "s-1vcpu-1gb",
"snapshot_name": "packer-freshrss-{{timestamp}}",
"ssh_username": "root"
}
],
"provisioners": [
{
"type": "shell",
"script": "scripts/dependencies.sh"
},
{
"type": "file",
"source": "files/freshrss.timer",
"destination": "/tmp/freshrss.timer"
},
{
"type": "file",
"source": "files/freshrss.service",
"destination": "/tmp/freshrss.service"
},
{
"type": "shell",
"script": "scripts/freshrss.sh",
"environment_vars": [
"FRESHRSS_USER={{user `freshrss_user`}}",
"FRESHRSS_PASSWORD={{user `freshrss_password`}}",
"FRESHRSS_API_PASSWORD={{user `freshrss_api_password`}}",
"FRESHRSS_EMAIL={{user `freshrss_email`}}",
"FRESHRSS_TOKEN={{user `freshrss_token`}}"
]
},
{
"type": "file",
"source": "files/freshrss-nginx.conf",
"destination": "/tmp/freshrss.conf"
},
{
"type": "file",
"source": "certbot/live/rss.jeremydormitzer.com/fullchain.pem",
"destination": "/tmp/fullchain.pem"
},
{
"type": "file",
"source": "certbot/live/rss.jeremydormitzer.com/privkey.pem",
"destination": "/tmp/privkey.pem"
},
{
"type": "shell",
"script": "scripts/nginx.sh"
}
],
"post-processors": [
{
"type": "manifest"
}
]
}

59
prod/freshrss/packer/packer-manifest.json
View File

@ -1,59 +0,0 @@
{
"builds": [
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612361314,
"files": null,
"artifact_id": "nyc1:78078146",
"packer_run_uuid": "72a4e9c5-4af6-004f-16c0-78d3c1c3a042",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612361796,
"files": null,
"artifact_id": "nyc1:78078261",
"packer_run_uuid": "8da75b0f-8ce0-3bc5-367c-747f5b9108c4",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612362495,
"files": null,
"artifact_id": "nyc1:78078442",
"packer_run_uuid": "bd823de9-374d-5f08-0f0e-e356f06a0a9e",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612364211,
"files": null,
"artifact_id": "nyc1:78078891",
"packer_run_uuid": "9882ebb5-7261-8f20-1e5e-0cd7ed85b50e",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612364708,
"files": null,
"artifact_id": "nyc1:78079287",
"packer_run_uuid": "fa3af97a-429b-19f8-e8e6-d2f506a28837",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1612366050,
"files": null,
"artifact_id": "nyc1:78079747",
"packer_run_uuid": "4c4f7792-865e-3caa-3051-eb2d34fb234b",
"custom_data": null
}
],
"last_run_uuid": "4c4f7792-865e-3caa-3051-eb2d34fb234b"
}

17
prod/freshrss/packer/scripts/dependencies.sh
View File

@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -ex
sudo apt-get update
sudo apt-get install -y \
nginx \
sqlite3 \
php-fpm \
php-curl \
php-gmp \
php-intl \
php-mbstring \
php-sqlite3 \
php-xml \
php-zip

40
prod/freshrss/packer/scripts/freshrss.sh
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -ex
VERSION=1.17.0
wget -O /tmp/freshrss.tar.gz "https://github.com/FreshRSS/FreshRSS/archive/$VERSION.tar.gz"
cd /usr/share
sudo tar -xzvf /tmp/freshrss.tar.gz
sudo mv "FreshRSS-$VERSION" FreshRSS
sudo chown -R :www-data FreshRSS
sudo chmod -R g+r FreshRSS
sudo chmod g+w FreshRSS/data
sudo ln -s /usr/share/FreshRSS/p /var/www/html/
sudo usermod --shell /bin/bash www-data
sudo -i -u www-data bash << EOF
set -ex
cd /usr/share/FreshRSS
./cli/prepare.php
./cli/do-install.php --default_user '$FRESHRSS_USER' \
--base_url https://rss.jeremydormitzer.com \
--api_enabled \
--db-type sqlite \
--db-prefix freshrss
./cli/create-user.php --user '$FRESHRSS_USER' \
--password '$FRESHRSS_PASSWORD' \
--api_password '$FRESHRSS_API_PASSWORD' \
--language en \
--email '$FRESHRSS_EMAIL' \
--token '$FRESHRSS_TOKEN'
./cli/actualize-user.php --user '$FRESHRSS_USER'
EOF
sudo mv /tmp/freshrss.timer /etc/systemd/system/
sudo mv /tmp/freshrss.service /etc/systemd/system/
sudo systemctl enable freshrss.timer

16
prod/freshrss/packer/scripts/nginx.sh
View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
set -ex
sudo mv /tmp/freshrss.conf /etc/nginx/sites-available/freshrss.conf
sudo ln -s \
/etc/nginx/sites-available/freshrss.conf \
/etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo mkdir -p /var/www/freshrss
sudo mv /tmp/fullchain.pem /var/www/freshrss/fullchain.pem
sudo mv /tmp/privkey.pem /var/www/freshrss/privkey.pem
chown www-data:www-data /var/www/freshrss/{fullchain,privkey}.pem
sudo systemctl enable nginx

1
prod/freshrss/packer/templates/do.ini.template
View File

@ -1 +0,0 @@
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}

40
prod/freshrss/terraform/.terraform.lock.hcl
View File

@ -1,40 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.3.0"
constraints = "~> 2.3.0"
hashes = [
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.0.0"
hashes = [
"h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=",
"zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1",
"zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092",
"zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e",
"zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6",
"zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e",
"zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f",
"zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4",
"zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e",
"zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84",
"zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70",
]
}

13
prod/freshrss/terraform/main.tf
View File

@ -1,13 +0,0 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
module "packer_droplet" {
source = "../../../terraform-modules/packer_droplet"
name = "freshrss"
do_token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}

7
prod/freshrss/terraform/outputs.tf
View File

@ -1,7 +0,0 @@
output "ip_address" {
value = module.packer_droplet.droplet_ip_address
}
output "droplet_urn" {
value = module.packer_droplet.droplet_urn
}

18
prod/freshrss/terraform/terraform.tf
View File

@ -1,18 +0,0 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.3.0"
}
}
backend "s3" {
skip_credentials_validation = true
skip_metadata_api_check = true
# Need to specify an AWS region to stop Terraform complaining
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/freshrss.tfstate"
}
}

11
prod/freshrss/terraform/variables.tf
View File

@ -1,11 +0,0 @@
variable "do_token" {
type = string
}
variable "spaces_access_id" {
type = string
}
variable "spaces_secret_key" {
type = string
}

13
prod/justin-ghost-site/terraform/main.tf
View File

@ -1,13 +0,0 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
resource "digitalocean_droplet" "justin_ghost_site" {
name = "justin-ghost-site"
image = "53296993"
region = "nyc3"
size = "s-1vcpu-1gb"
backups = true
}

3
prod/justin-ghost-site/terraform/outputs.tf
View File

@ -1,3 +0,0 @@
output "justin_ghost_site_urn" {
value = digitalocean_droplet.justin_ghost_site.urn
}

18
prod/justin-ghost-site/terraform/terraform.tf
View File

@ -1,18 +0,0 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.3.0"
}
}
backend "s3" {
skip_credentials_validation = true
skip_metadata_api_check = true
# Need to specify an AWS region to stop Terraform complaining
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/justin-ghost-site.tfstate"
}
}

11
prod/justin-ghost-site/terraform/variables.tf
View File

@ -1,11 +0,0 @@
variable "do_token" {
type = string
}
variable "spaces_access_id" {
type = string
}
variable "spaces_secret_key" {
type = string
}

5
prod/syncthing/.gitignore vendored
View File

@ -1,5 +0,0 @@
packer/syncthing-config.xml
packer/syncthing-cert.pem
packer/syncthing-key.pem
packer/do.ini
packer/certbot/

15
prod/syncthing/packer/.envrc
View File

@ -1,15 +0,0 @@
source_up
# export SYNCTHING_USER=$(pass packer-syncthing-user)
# export SYNCTHING_PW=$(pass packer-syncthing-pw)
# export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
# export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
# export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
# export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

17
prod/syncthing/packer/Makefile
View File

@ -1,17 +0,0 @@
.PHONY: packer reissue-certs
packer-manifest.json: syncthing-config.xml \
syncthing.json \
syncthing@.service \
syncthing-cert.pem \
syncthing-key.pem
packer build syncthing.json
syncthing-config.xml: syncthing-config.xml.template
sigil -p -f syncthing-config.xml.template > syncthing-config.xml
syncthing-cert.pem: syncthing-cert.pem.template
sigil -p -f syncthing-cert.pem.template > syncthing-cert.pem
syncthing-key.pem: syncthing-key.pem.template
sigil -p -f syncthing-key.pem.template > syncthing-key.pem

95
prod/syncthing/packer/packer-manifest.json
View File

@ -1,95 +0,0 @@
{
"builds": [
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609427687,
"files": null,
"artifact_id": "nyc1:76122293",
"packer_run_uuid": "b8b05181-f2b2-fd24-8231-64db6a8ee83e",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609428815,
"files": null,
"artifact_id": "nyc1:76122707",
"packer_run_uuid": "6f564392-0dbc-1643-e857-1dffe292f182",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609429797,
"files": null,
"artifact_id": "nyc1:76123038",
"packer_run_uuid": "3476cdcc-3e08-7ede-8348-379491435681",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609430273,
"files": null,
"artifact_id": "nyc1:76123201",
"packer_run_uuid": "e61d396f-483d-ad37-8f9f-ba0b436e2c53",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609434928,
"files": null,
"artifact_id": "nyc1:76125071",
"packer_run_uuid": "6bcf474c-c7a7-9af5-7417-d9c49e4b1e60",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609440708,
"files": null,
"artifact_id": "nyc1:76126717",
"packer_run_uuid": "cb8cb390-b790-bd63-e653-39e44dd16cc8",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609441735,
"files": null,
"artifact_id": "nyc1:76127226",
"packer_run_uuid": "f4072db9-bac8-d881-9897-a34fa9007df6",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1623250562,
"files": null,
"artifact_id": "nyc1:85651139",
"packer_run_uuid": "c64817b6-eddc-fa4a-ed1a-9fcc47f7daae",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1633471355,
"files": null,
"artifact_id": "nyc1:93062577",
"packer_run_uuid": "27dea89d-5116-3f5b-9739-98e7f191c14c",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1633489816,
"files": null,
"artifact_id": "nyc1:93087880",
"packer_run_uuid": "35962fce-2bc7-25d0-0372-1fc76813715c",
"custom_data": null
}
],
"last_run_uuid": "35962fce-2bc7-25d0-0372-1fc76813715c"
}

1
prod/syncthing/packer/syncthing-cert.pem.template
View File

@ -1 +0,0 @@
${SYNCTHING_CERT_PEM:?}

119
prod/syncthing/packer/syncthing-config.xml.template
View File

@ -1,119 +0,0 @@
<configuration version="30">
<folder id="default" label="Default Folder" path="/mnt/syncthing/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
<device id="UW7FOJM-POJIOL5-JRHZ3BP-BOWBHKY-VY3B5UH-MO2QNKB-4HBSNR6-DD6RIQL" introducedBy=""></device>
<device id="U7CQRH7-7CG4M2R-QOGYHBJ-ZJZ35GA-KZR2JE5-7OLJZ7R-FRKT2RG-UMYUHQM" introducedBy=""></device>
<device id="WJHJK2I-R3EOVWD-FW3KD2P-P4OMCIK-EDNCI3D-QQQGXEY-3OGUAGC-MWQX5AL" introducedBy=""></device>
<device id="3TVGWWD-CWLUBJI-6IPGB2Z-JESEM5U-JBZOOHJ-RAYO2EA-JDJVNLG-S52GTAQ" introducedBy=""></device>
<minDiskFree unit="%">1</minDiskFree>
<versioning type="staggered">
<param key="cleanInterval" val="3600"></param>
<param key="maxAge" val="31536000"></param>
<param key="versionsPath" val=""></param>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>random</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>-1</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
</folder>
<device id="DU4PIUR-4MIPB4W-D2Z377I-TN5B2CL-GAKW2FA-UMW7W5U-AYUVESS-FVULWAV" name="jdormit-syncthing" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
</device>
<device id="U7CQRH7-7CG4M2R-QOGYHBJ-ZJZ35GA-KZR2JE5-7OLJZ7R-FRKT2RG-UMYUHQM" name="Pixel 3 XL" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
</device>
<device id="WJHJK2I-R3EOVWD-FW3KD2P-P4OMCIK-EDNCI3D-QQQGXEY-3OGUAGC-MWQX5AL" name="jdormit-laptop" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
</device>
<device id="3TVGWWD-CWLUBJI-6IPGB2Z-JESEM5U-JBZOOHJ-RAYO2EA-JDJVNLG-S52GTAQ" name="Jeremys-MBP" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
</device>
<gui enabled="true" tls="false" debugging="false">
<address>127.0.0.1:8384</address>
<user>${SYNCTHING_USER:?}</user>
<password>${SYNCTHING_PW:?}</password>
<apikey>${SYNCTHING_API_KEY:?}</apikey>
<theme>default</theme>
</gui>
<ldap></ldap>
<options>
<listenAddress>default</listenAddress>
<globalAnnounceServer>default</globalAnnounceServer>
<globalAnnounceEnabled>true</globalAnnounceEnabled>
<localAnnounceEnabled>true</localAnnounceEnabled>
<localAnnouncePort>21027</localAnnouncePort>
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<reconnectionIntervalS>60</reconnectionIntervalS>
<relaysEnabled>true</relaysEnabled>
<relayReconnectIntervalM>10</relayReconnectIntervalM>
<startBrowser>true</startBrowser>
<natEnabled>true</natEnabled>
<natLeaseMinutes>60</natLeaseMinutes>
<natRenewalMinutes>30</natRenewalMinutes>
<natTimeoutSeconds>10</natTimeoutSeconds>
<urAccepted>-1</urAccepted>
<urSeen>3</urSeen>
<urUniqueID></urUniqueID>
<urURL>https://data.syncthing.net/newdata</urURL>
<urPostInsecurely>false</urPostInsecurely>
<urInitialDelayS>1800</urInitialDelayS>
<restartOnWakeup>true</restartOnWakeup>
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
<upgradeToPreReleases>false</upgradeToPreReleases>
<keepTemporariesH>24</keepTemporariesH>
<cacheIgnoredFiles>false</cacheIgnoredFiles>
<progressUpdateIntervalS>5</progressUpdateIntervalS>
<limitBandwidthInLan>false</limitBandwidthInLan>
<minHomeDiskFree unit="%">1</minHomeDiskFree>
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
<tempIndexMinBlocks>10</tempIndexMinBlocks>
<trafficClass>0</trafficClass>
<defaultFolderPath>~</defaultFolderPath>
<setLowPriority>true</setLowPriority>
<maxFolderConcurrency>0</maxFolderConcurrency>
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
<crashReportingEnabled>true</crashReportingEnabled>
<stunKeepaliveStartS>180</stunKeepaliveStartS>
<stunKeepaliveMinS>20</stunKeepaliveMinS>
<stunServer>default</stunServer>
<databaseTuning>auto</databaseTuning>
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
</options>
</configuration>

1
prod/syncthing/packer/syncthing-key.pem.template
View File

@ -1 +0,0 @@
${SYNCTHING_KEY_PEM:?}

71
prod/syncthing/packer/syncthing.json
View File

@ -1,71 +0,0 @@
{
"builders": [
{
"type": "digitalocean",
"image": "ubuntu-18-04-x64",
"region": "nyc1",
"size": "s-1vcpu-1gb",
"snapshot_name": "packer-syncthing-{{timestamp}}",
"ssh_username": "root"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"sudo apt-get update",
"sudo apt-get install -y bindfs ca-certificates",
"sudo useradd -m syncthing",
"sudo mkdir -p /mnt/syncthing-volume",
"sudo mkdir -p /mnt/syncthing",
"sudo echo \"/dev/disk/by-label/syncthing-volume /mnt/syncthing-volume ext4 defaults,nofail,discard,noatime 0 2\" >> /etc/fstab",
"sudo echo \"/mnt/syncthing-volume /mnt/syncthing fuse.bindfs force-user=syncthing,force-group=syncthing 0 0\" >> /etc/fstab",
"sudo findmnt --verify --verbose"
]
},
{
"type": "file",
"source": "syncthing@.service",
"destination": "/tmp/syncthing@.service"
},
{
"type": "file",
"source": "syncthing-config.xml",
"destination": "/tmp/syncthing-config.xml"
},
{
"type": "file",
"source": "syncthing-cert.pem",
"destination": "/tmp/syncthing-cert.pem"
},
{
"type": "file",
"source": "syncthing-key.pem",
"destination": "/tmp/syncthing-key.pem"
},
{
"type": "shell",
"inline": [
"sudo update-ca-certificates",
"sudo curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg",
"echo \"deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable\" | sudo tee /etc/apt/sources.list.d/syncthing.list",
"printf \"Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n\" | sudo tee /etc/apt/preferences.d/syncthing",
"sudo apt-get update",
"sudo apt-get install -y syncthing",
"sudo mkdir -p /home/syncthing/.config/syncthing",
"sudo mv /tmp/syncthing-config.xml /home/syncthing/.config/syncthing/config.xml",
"sudo mv /tmp/syncthing-cert.pem /home/syncthing/.config/syncthing/cert.pem",
"sudo mv /tmp/syncthing-key.pem /home/syncthing/.config/syncthing/key.pem",
"sudo chown -R syncthing:syncthing /home/syncthing/.config/syncthing",
"sudo mv /tmp/syncthing@.service /etc/systemd/system/syncthing@.service",
"sudo systemctl daemon-reload",
"sudo systemctl enable syncthing@syncthing"
]
}
],
"post-processors": [
{
"type": "manifest"
}
]
}

14
prod/syncthing/packer/syncthing@.service
View File

@ -1,14 +0,0 @@
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target
[Service]
User=%i
ExecStart=/usr/bin/syncthing -no-browser -gui-address="0.0.0.0:8384" -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
[Install]
WantedBy=multi-user.target

40
prod/syncthing/terraform/.terraform.lock.hcl
View File

@ -1,40 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.3.0"
constraints = "~> 2.3.0"
hashes = [
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.0.0"
hashes = [
"h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=",
"zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1",
"zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092",
"zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e",
"zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6",
"zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e",
"zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f",
"zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4",
"zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e",
"zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84",
"zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70",
]
}

32
prod/syncthing/terraform/main.tf
View File

@ -1,32 +0,0 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
module "packer_droplet" {
source = "../../../terraform-modules/packer_droplet"
name = "syncthing"
do_token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
resource "digitalocean_volume" "syncthing_volume" {
name = "syncthing-volume"
description = "The volume to hold the default Sync folder"
region = "nyc1"
size = 150
initial_filesystem_label = "syncthing-volume"
initial_filesystem_type = "ext4"
tags = ["terraform"]
lifecycle {
prevent_destroy = true
}
}
resource "digitalocean_volume_attachment" "syncthing" {
droplet_id = module.packer_droplet.droplet_id
volume_id = digitalocean_volume.syncthing_volume.id
}

11
prod/syncthing/terraform/outputs.tf
View File

@ -1,11 +0,0 @@
output "ip_address" {
value = module.packer_droplet.droplet_ip_address
}
output "urn" {
value = module.packer_droplet.droplet_urn
}
output "volume_urn" {
value = digitalocean_volume.syncthing_volume.urn
}

18
prod/syncthing/terraform/terraform.tf
View File

@ -1,18 +0,0 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.3.0"
}
}
backend "s3" {
skip_credentials_validation = true
skip_metadata_api_check = true
# Need to specify an AWS region to stop Terraform complaining
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/syncthing.tfstate"
}
}

11
prod/syncthing/terraform/variables.tf
View File

@ -1,11 +0,0 @@
variable "do_token" {
type = string
}
variable "spaces_access_id" {
type = string
}
variable "spaces_secret_key" {
type = string
}

21
prod/wallabag/packer/.envrc
View File

@ -1,21 +0,0 @@
source_up
# export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password)
# export WALLABAG_SECRET=$(pass packer-wallabag-secret)
# export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com)
# export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id)
# export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret)
# export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id)
# export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret)
# export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id)
# export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret)
# export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id)
# export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret)
# export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

4
prod/wallabag/packer/.gitignore vendored
View File

@ -1,4 +0,0 @@
files/wallabag-params.yml
files/clients.sql
tmp/
certbot/

16
prod/wallabag/packer/Makefile
View File

@ -1,16 +0,0 @@
packer-manifest.json: wallabag.json \
scripts/dependencies.sh \
scripts/nginx.sh \
scripts/redis.sh \
scripts/wallabag.sh \
files/wallabag-nginx.conf \
files/entries.json \
files/wallabag-params.yml \
files/clients.sql
packer build wallabag.json
files/wallabag-params.yml: templates/wallabag-params.yml.template
sigil -p -f templates/wallabag-params.yml.template > files/wallabag-params.yml
files/clients.sql: templates/clients.sql.template
sigil -p -f templates/clients.sql.template > files/clients.sql

1
prod/wallabag/packer/files/entries.json
View File

File diff suppressed because one or more lines are too long

42
prod/wallabag/packer/files/wallabag-nginx.conf
View File

@ -1,42 +0,0 @@
server {
root /var/www/wallabag/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
location ~ ^/app\.php(/|$) {
# if, for some reason, you are still using PHP 5,
# then replace /run/php/php7.0 by /var/run/php5
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
listen 80;
listen [::]:80;
error_log /var/log/nginx/wallabag_error.log;
access_log /var/log/nginx/wallabag_access.log;
client_max_body_size 512M; # allows file uploads up to 512 megabytes
}

167
prod/wallabag/packer/packer-manifest.json
View File

@ -1,167 +0,0 @@
{
"builds": [
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609885342,
"files": null,
"artifact_id": "nyc1:76421685",
"packer_run_uuid": "990cb13b-f868-37b3-067f-ad0427c28022",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609891000,
"files": null,
"artifact_id": "nyc1:76426560",
"packer_run_uuid": "484d51bc-f44e-4815-7a88-25205bf293d1",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609893774,
"files": null,
"artifact_id": "nyc1:76431170",
"packer_run_uuid": "cc8a035a-ef43-4910-fdde-59d9ae491449",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609941260,
"files": null,
"artifact_id": "nyc1:76462043",
"packer_run_uuid": "5c66f7fe-71a0-b1b9-bd49-1739a347fc66",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609942737,
"files": null,
"artifact_id": "nyc1:76462488",
"packer_run_uuid": "5e0cd34c-0d90-9910-b596-55dfa92ad2a1",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609954695,
"files": null,
"artifact_id": "nyc1:76466549",
"packer_run_uuid": "870a0b80-2ca0-3561-92a3-210b79e7c773",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609959393,
"files": null,
"artifact_id": "nyc1:76467390",
"packer_run_uuid": "bbdb5c8d-a7c7-9f7b-ea51-efb20dea80d3",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609969544,
"files": null,
"artifact_id": "nyc1:76475302",
"packer_run_uuid": "0ee078df-61d1-ca71-55ad-54af353951bc",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609970473,
"files": null,
"artifact_id": "nyc1:76476102",
"packer_run_uuid": "b63fe1c4-a1e1-4e5e-be44-6a55b81fe342",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609971370,
"files": null,
"artifact_id": "nyc1:76477000",
"packer_run_uuid": "2baa8d5b-496a-45cf-ab6d-143923b65079",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609976881,
"files": null,
"artifact_id": "nyc1:76481960",
"packer_run_uuid": "49264f22-48ae-4a65-dd29-b79edd3f81e6",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1610030808,
"files": null,
"artifact_id": "nyc1:76519919",
"packer_run_uuid": "407ebe24-29e2-fe61-80fe-b46b8cffd12b",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1616166912,
"files": null,
"artifact_id": "nyc1:80665588",
"packer_run_uuid": "a07632c5-a9db-e40b-9c8a-73641abf7103",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1616168088,
"files": null,
"artifact_id": "nyc1:80666049",
"packer_run_uuid": "349298f0-82da-11bf-2152-3c734a1bcd28",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1623252842,
"files": null,
"artifact_id": "nyc1:85651899",
"packer_run_uuid": "098e8011-5a82-6ba9-352e-d2db39974e39",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1633275419,
"files": null,
"artifact_id": "nyc1:92910997",
"packer_run_uuid": "56b6b59b-1c09-36d2-baa2-2af9f20a2a63",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1633276973,
"files": null,
"artifact_id": "nyc1:92911527",
"packer_run_uuid": "3a30edf6-a694-103e-2bf8-68fd5d530ec5",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1633458464,
"files": null,
"artifact_id": "nyc1:93046881",
"packer_run_uuid": "def16176-d225-bf50-7611-7cde1c9e7c17",
"custom_data": null
}
],
"last_run_uuid": "def16176-d225-bf50-7611-7cde1c9e7c17"
}

22
prod/wallabag/packer/scripts/dependencies.sh
View File

@ -1,22 +0,0 @@
#!/usr/bin/env bash
set -xe
sudo apt-get update
sudo apt-get install -y \
git \
unzip \
make \
sqlite3 \
redis \
nginx \
php \
php-fpm \
php-curl \
php-xml \
php-gd \
php-mbstring \
php-tidy \
php-intl \
composer \
php-sqlite3 \

10
prod/wallabag/packer/scripts/nginx.sh
View File

@ -1,10 +0,0 @@
#!/usr/bin/env bash
set -xe
sudo mv /tmp/wallabag-nginx.conf \
/etc/nginx/sites-available/wallabag.conf
sudo ln -s /etc/nginx/sites-available/wallabag.conf \
/etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo systemctl enable nginx

6
prod/wallabag/packer/scripts/redis.sh
View File

@ -1,6 +0,0 @@
#!/usr/bin/env bash
set -xe
sudo systemctl enable redis
sudo systemctl start redis

20
prod/wallabag/packer/scripts/wallabag.sh
View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -xe
sudo usermod --shell /bin/bash www-data
git clone https://github.com/wallabag/wallabag.git /var/www/wallabag
mv /tmp/wallabag-params.yml /var/www/wallabag/app/config/parameters.yml
chown -R www-data:www-data /var/www/wallabag
chown www-data:www-data /tmp/entries.json
sudo -i -u www-data bash << EOF
set -xe
cd /var/www/wallabag
make install
php bin/console --env=prod fos:user:create jdormit jeremy.dormitzer@gmail.com "$ADMIN_PASSWORD" --super-admin
php bin/console --env=prod wallabag:import --importer=v2 jdormit /tmp/entries.json
sqlite3 /var/www/wallabag/data/db/wallabag.sqlite < /tmp/clients.sql
EOF

91
prod/wallabag/packer/templates/clients.sql.template
View File

@ -1,91 +0,0 @@
--- -*- mode: sql -*-
BEGIN TRANSACTION;
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
1,
id,
'${WALLABAG_WALLABAGER_ID:?}',
'${WALLABAG_WALLABAGER_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'wallabager'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
2,
id,
'${WALLABAG_ANDROID_APP_ID}',
'${WALLABAG_ANDROID_APP_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'Android app'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
3,
id,
'${WALLABAG_IPAD_ID:?}',
'${WALLABAG_IPAD_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'iPad'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
4,
id,
'${WALLABAG_WALLABAG_EL_ID:?}',
'${WALLABAG_WALLABAG_EL_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'wallabag.el'
FROM
wallabag_user
WHERE
username = 'jdormit';
COMMIT;

31
prod/wallabag/packer/templates/wallabag-params.yml.template
View File

@ -1,31 +0,0 @@
# -*- yaml-mode -*-
parameters:
database_driver: pdo_sqlite
database_driver_class: null
database_host: null
database_port: null
database_name: null
database_user: null
database_password: null
database_path: /var/www/wallabag/data/db/wallabag.sqlite
database_table_prefix: wallabag_
database_socket: null
database_charset: utf8mb4
domain_name: 'https://wallabag.jeremydormitzer.com'
mailer_transport: smtp
mailer_host: 184.173.153.194
mailer_user: postmaster@mg.getpterotype.com
mailer_password: ${WALLABAG_MAILGUN_PASSWORD:?}
locale: en
secret: ${WALLABAG_SECRET:?}
twofactor_auth: true
twofactor_sender: no-reply@wallabag.org
fosuser_registration: true
fosuser_confirmation: true
from_email: no-reply@wallabag.org
rss_limit: 50
redis_scheme: tcp
redis_host: localhost
redis_port: 6379
redis_path: null
redis_password: null

56
prod/wallabag/packer/wallabag.json
View File

@ -1,56 +0,0 @@
{
"variables": {
"wallabag_admin_password": "{{env `WALLABAG_PASSWORD`}}"
},
"sensitive-variables": ["wallabag_admin_password"],
"builders": [
{
"type": "digitalocean",
"image": "ubuntu-18-04-x64",
"region": "nyc1",
"size": "s-1vcpu-1gb",
"snapshot_name": "packer-wallabag-{{timestamp}}",
"ssh_username": "root"
}
],
"provisioners": [
{
"type": "shell",
"script": "scripts/dependencies.sh"
},
{
"type": "file",
"source": "files/wallabag-params.yml",
"destination": "/tmp/wallabag-params.yml"
},
{
"type": "file",
"source": "files/entries.json",
"destination": "/tmp/entries.json"
},
{
"type": "file",
"source": "files/clients.sql",
"destination": "/tmp/clients.sql"
},
{
"type": "shell",
"environment_vars": ["ADMIN_PASSWORD={{user `wallabag_admin_password`}}"],
"script": "scripts/wallabag.sh"
},
{
"type": "file",
"source": "files/wallabag-nginx.conf",
"destination": "/tmp/wallabag-nginx.conf"
},
{
"type": "shell",
"script": "scripts/nginx.sh"
}
],
"post-processors": [
{
"type": "manifest"
}
]
}

40
prod/wallabag/terraform/.terraform.lock.hcl
View File

@ -1,40 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.3.0"
constraints = "~> 2.3.0"
hashes = [
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.0.0"
hashes = [
"h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=",
"zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1",
"zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092",
"zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e",
"zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6",
"zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e",
"zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f",
"zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4",
"zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e",
"zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84",
"zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70",
]
}

13
prod/wallabag/terraform/main.tf
View File

@ -1,13 +0,0 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
module "packer_droplet" {
source = "../../../terraform-modules/packer_droplet"
name = "wallabag"
do_token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}

7
prod/wallabag/terraform/outputs.tf
View File

@ -1,7 +0,0 @@
output "ip_address" {
value = module.packer_droplet.droplet_ip_address
}
output "urn" {
value = module.packer_droplet.droplet_urn
}

18
prod/wallabag/terraform/terraform.tf
View File

@ -1,18 +0,0 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.3.0"
}
}
backend "s3" {
skip_credentials_validation = true
skip_metadata_api_check = true
# Need to specify an AWS region to stop Terraform complaining
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/wallabag.tfstate"
}
}

11
prod/wallabag/terraform/variables.tf
View File

@ -1,11 +0,0 @@
variable "do_token" {
type = string
}
variable "spaces_access_id" {
type = string
}
variable "spaces_secret_key" {
type = string
}