From bea5baf47cb3d3cbac3ddffe32e35d334650a101 Mon Sep 17 00:00:00 2001 From: Dominic Ricottone Date: Mon, 29 May 2023 05:53:55 -0500 Subject: [PATCH] sr.ht Adding a postfix server image. Adding images for the sr.ht system (meta+todo+git). --- README.md | 16 ++++- postfix/Dockerfile | 23 +++++++ postfix/Makefile | 13 ++++ postfix/README.md | 66 +++++++++++++++++++ postfix/aliases | 16 +++++ postfix/entrypoint.sh | 8 +++ postfix/main.cf | 58 +++++++++++++++++ postfix/master.cf | 88 +++++++++++++++++++++++++ srht-core/.gitignore | 1 + srht-core/Dockerfile | 24 +++++++ srht-core/Makefile | 13 ++++ srht-core/README.md | 26 ++++++++ srht-git-api/Dockerfile | 4 ++ srht-git-api/Makefile | 13 ++++ srht-git-api/README.md | 40 ++++++++++++ srht-git-core/Dockerfile | 17 +++++ srht-git-core/Makefile | 13 ++++ srht-git-core/README.md | 44 +++++++++++++ srht-git-fcgi/Dockerfile | 12 ++++ srht-git-fcgi/Makefile | 13 ++++ srht-git-fcgi/README.md | 45 +++++++++++++ srht-git-ssh/.gitignore | 3 + srht-git-ssh/Dockerfile | 20 ++++++ srht-git-ssh/Makefile | 18 ++++++ srht-git-ssh/README.md | 33 ++++++++++ srht-git-ssh/sshd_config | 118 ++++++++++++++++++++++++++++++++++ srht-git-webhooks/Dockerfile | 4 ++ srht-git-webhooks/Makefile | 13 ++++ srht-git-webhooks/README.md | 25 +++++++ srht-meta-api/Dockerfile | 4 ++ srht-meta-api/Makefile | 13 ++++ srht-meta-api/README.md | 38 +++++++++++ srht-meta-core/Dockerfile | 10 +++ srht-meta-core/Makefile | 13 ++++ srht-meta-core/README.md | 47 ++++++++++++++ srht-meta-webhooks/Dockerfile | 4 ++ srht-meta-webhooks/Makefile | 13 ++++ srht-meta-webhooks/README.md | 25 +++++++ srht-nginx/Dockerfile | 10 +++ srht-nginx/Makefile | 13 ++++ srht-nginx/README.md | 20 ++++++ srht-todo-api/Dockerfile | 4 ++ srht-todo-api/Makefile | 13 ++++ srht-todo-api/README.md | 38 +++++++++++ srht-todo-core/Dockerfile | 10 +++ srht-todo-core/Makefile | 13 ++++ srht-todo-core/README.md | 38 +++++++++++ srht-todo-lmtp/Dockerfile | 10 +++ srht-todo-lmtp/Makefile | 13 ++++ srht-todo-lmtp/README.md | 28 ++++++++ srht-todo-webhooks/Dockerfile | 4 ++ srht-todo-webhooks/Makefile | 13 ++++ srht-todo-webhooks/README.md | 25 +++++++ 53 files changed, 1205 insertions(+), 1 deletion(-) create mode 100644 postfix/Dockerfile create mode 100644 postfix/Makefile create mode 100644 postfix/README.md create mode 100644 postfix/aliases create mode 100644 postfix/entrypoint.sh create mode 100644 postfix/main.cf create mode 100644 postfix/master.cf create mode 100644 srht-core/.gitignore create mode 100644 srht-core/Dockerfile create mode 100644 srht-core/Makefile create mode 100644 srht-core/README.md create mode 100644 srht-git-api/Dockerfile create mode 100644 srht-git-api/Makefile create mode 100644 srht-git-api/README.md create mode 100644 srht-git-core/Dockerfile create mode 100644 srht-git-core/Makefile create mode 100644 srht-git-core/README.md create mode 100644 srht-git-fcgi/Dockerfile create mode 100644 srht-git-fcgi/Makefile create mode 100644 srht-git-fcgi/README.md create mode 100644 srht-git-ssh/.gitignore create mode 100644 srht-git-ssh/Dockerfile create mode 100644 srht-git-ssh/Makefile create mode 100644 srht-git-ssh/README.md create mode 100644 srht-git-ssh/sshd_config create mode 100644 srht-git-webhooks/Dockerfile create mode 100644 srht-git-webhooks/Makefile create mode 100644 srht-git-webhooks/README.md create mode 100644 srht-meta-api/Dockerfile create mode 100644 srht-meta-api/Makefile create mode 100644 srht-meta-api/README.md create mode 100644 srht-meta-core/Dockerfile create mode 100644 srht-meta-core/Makefile create mode 100644 srht-meta-core/README.md create mode 100644 srht-meta-webhooks/Dockerfile create mode 100644 srht-meta-webhooks/Makefile create mode 100644 srht-meta-webhooks/README.md create mode 100644 srht-nginx/Dockerfile create mode 100644 srht-nginx/Makefile create mode 100644 srht-nginx/README.md create mode 100644 srht-todo-api/Dockerfile create mode 100644 srht-todo-api/Makefile create mode 100644 srht-todo-api/README.md create mode 100644 srht-todo-core/Dockerfile create mode 100644 srht-todo-core/Makefile create mode 100644 srht-todo-core/README.md create mode 100644 srht-todo-lmtp/Dockerfile create mode 100644 srht-todo-lmtp/Makefile create mode 100644 srht-todo-lmtp/README.md create mode 100644 srht-todo-webhooks/Dockerfile create mode 100644 srht-todo-webhooks/Makefile create mode 100644 srht-todo-webhooks/README.md diff --git a/README.md b/README.md index 9520b26..f8beb91 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,18 @@ |[nginx](/~dricottone/container-images/tree/dev/item/nginx/README.md)|latest|`registry.intra.dominic-ricottone.com/nginx:latest`| |[nitter](/~dricottone/container-images/tree/dev/item/nitter/README.md)|amd64,arm64|`registry.intra.dominic-ricottone.com/nitter:amd64`| |[php](/~dricottone/container-images/tree/dev/item/php/README.md)|latest,readwrite,fpm,development,fpm-development|`registry.intra.dominic-ricottone.com/php:latest`| - +|[postfix](/~dricottone/container-images/tree/dev/item/postfix/README.md)|latest|`registry.intra.dominic-ricottone.com/postfix:latest`| +|[srht-core](/~dricottone/container-images/tree/dev/item/srht-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-core:latest`| +|[srht-git-api](/~dricottone/container-images/tree/dev/item/srht-git-api/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-api:latest`| +|[srht-git-core](/~dricottone/container-images/tree/dev/item/srht-git-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-core:latest`| +|[srht-git-fcgi](/~dricottone/container-images/tree/dev/item/srht-git-fcgi/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-fcgi:latest`| +|[srht-git-ssh](/~dricottone/container-images/tree/dev/item/srht-git-ssh/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-ssh:latest`| +|[srht-git-webhooks](/~dricottone/container-images/tree/dev/item/srht-git-webhooks/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-webhooks:latest`| +|[srht-meta-api](/~dricottone/container-images/tree/dev/item/srht-meta-api/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-meta-api:latest`| +|[srht-meta-core](/~dricottone/container-images/tree/dev/item/srht-meta-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-meta-core:latest`| +|[srht-meta-webhooks](/~dricottone/container-images/tree/dev/item/srht-meta-webhooks/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-meta-webhooks:latest`| +|[srht-nginx](/~dricottone/container-images/tree/dev/item/srht-nginx/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-nginx:latest`| +|[srht-todo-api](/~dricottone/container-images/tree/dev/item/srht-todo-api/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-api:latest`| +|[srht-todo-core](/~dricottone/container-images/tree/dev/item/srht-todo-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-core:latest`| +|[srht-todo-lmtp](/~dricottone/container-images/tree/dev/item/srht-todo-lmtp/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-lmtp:latest`| +|[srht-todo-webhooks](/~dricottone/container-images/tree/dev/item/srht-todo-webhooks/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-webhooks:latest`| diff --git a/postfix/Dockerfile b/postfix/Dockerfile new file mode 100644 index 0000000..c485d17 --- /dev/null +++ b/postfix/Dockerfile @@ -0,0 +1,23 @@ +FROM docker.io/library/alpine:latest + +COPY aliases /etc/postfix/aliases +COPY *.cf /etc/postfix/ + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +RUN mkdir /etc/postfix/sasl && chmod 700 /etc/postfix/sasl + +RUN addgroup -S mailer +RUN adduser -SD -s /bin/sh -G mailer -g mailer mailer + +RUN apk add --no-cache postfix + +EXPOSE 25 +EXPOSE 465 +EXPOSE 587 + +ENTRYPOINT ["/entrypoint.sh"] + +CMD ["postfix", "start-fg"] + diff --git a/postfix/Makefile b/postfix/Makefile new file mode 100644 index 0000000..7cdefc8 --- /dev/null +++ b/postfix/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=postfix +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/postfix/README.md b/postfix/README.md new file mode 100644 index 0000000..f1b9721 --- /dev/null +++ b/postfix/README.md @@ -0,0 +1,66 @@ +# postfix + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Can be used with any container manager toolchain. + +Create a `generic(5)` file in `$genericfile`. +Mail with recipient addresses matching the patterns will be rewritten. +It must also be owned (on the host system) by the user that will create the +container (i.e. `root` for conventional `docker(1)` deployments). +It should like like: + +``` +root@localhost example@gmail.com +@localhost example@gmail.com +``` + +Create a `transport(5)` file in `$transportfile`. +Mail is routed based on which pattern the recipient address matches. +It must also be owned (on the host system) by the user that will create the +container (i.e. `root` for conventional `docker(1)` deployments). +It should look like: + +``` +example.com local +.example.com local +* relay:[smtp.gmail.com]:587 +``` + +Create an authentication file in `$saslfile`. +This is required for relaying mail to major email providers, including GMail. +It must also be owned (on the host system) by the user that will create the +container (i.e. `root` for conventional `docker(1)` deployments). +It should look like: + +``` +[smtp.gmail.com]:587 example@gmail.com:wwwwxxxxyyyyzzzz +``` + +Create a configuration file in `$conffile`. + +Try: + +``` +$conman run --detach --name postfix --restart always \ + --mount type=bind,src=$genericfile,dst=/etc/postfix/generic,readonly \ + --mount type=bind,src=$transportfile,dst=/etc/postfix/transport,readonly \ + --mount type=bind,src=$saslfile,dst=/etc/postfix/sasl/sasl_passwd,readonly \ + --mount type=bind,src=$conffile,dst=/etc/postfix/main.cf,readonly \ + registry.intra.dominic-ricottone.com/postfix:latest +``` + diff --git a/postfix/aliases b/postfix/aliases new file mode 100644 index 0000000..14cd1fd --- /dev/null +++ b/postfix/aliases @@ -0,0 +1,16 @@ +root: mailer +MAILER-DAEMON: mailer +postmaster: mailer +bin: mailer +daemon: mailer +named: mailer +nobody: mailer +uucp: mailer +www: mailer +ftp-bugs: mailer +postfix: mailer +manager: mailer +dumper: mailer +operator: mailer +abuse: mailer +decode: mailer diff --git a/postfix/entrypoint.sh b/postfix/entrypoint.sh new file mode 100644 index 0000000..85af13d --- /dev/null +++ b/postfix/entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +newaliases +postmap /etc/postfix/transport +postmap /etc/postfix/generic +postmap /etc/postfix/sasl/sasl_passwd + +exec "$@" + diff --git a/postfix/main.cf b/postfix/main.cf new file mode 100644 index 0000000..9c6a86b --- /dev/null +++ b/postfix/main.cf @@ -0,0 +1,58 @@ +# postfix main configuration file +# see `postconf(5)` or https://www.postfix.org/BASIC_CONFIGURATION_README.html + +compatibility_level = 3.6 + +# Allowed interfaces and addresses +inet_protocols = ipv4 +mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 + +# Values for default settings +mydomain = dominic-ricottone.com +myhostname = fedora3.$mydomain +mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain +myorigin = $mydomain + +# Advertise host name after SMTP 200 +smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# Address rewriting +smtp_generic_maps = lmdb:/etc/postfix/generic + +# Transport map +transport_maps = lmdb:/etc/postfix/transport + +# Authentication +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd +smtp_sasl_security_options = noanonymous + +# Encryption +smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt +smtp_tls_security_level = encrypt + +# If set, mail destined for any member of `$mydestination` would be rejected if user lookup failed +local_recipient_maps = + +# Local management +mail_owner = postfix +setgid_group = postdrop + +home_mailbox = Maildir/ + +sendmail_path = /usr/sbin/sendmail +newaliases_path = /usr/bin/newaliases +mailq_path = /usr/bin/mailq + +command_directory = /usr/sbin +daemon_directory = /usr/libexec/postfix +data_directory = /var/lib/postfix +html_directory = no +manpage_directory = /usr/share/man +mail_spool_directory = /var/spool/mail +meta_directory = /etc/postfix +queue_directory = /var/spool/postfix +readme_directory = /usr/share/doc/postfix/readme +sample_directory = /etc/postfix +shlib_directory = /usr/lib/postfix + diff --git a/postfix/master.cf b/postfix/master.cf new file mode 100644 index 0000000..e1bff02 --- /dev/null +++ b/postfix/master.cf @@ -0,0 +1,88 @@ +# postfix master configuration file +# see `master(5)` or https://www.postfix.org/master.5.html +# +# A line beginning with `#` is ignored. +# A line beginning with non-whitespace is a logical line. +# A line beginning with whitespace is a continuation of a logical line. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= + -o smtpd_relay_restrictions=permit +# -o milter_macro_daemon_name=ORIGINATING +smtps inet n - n - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd +# ==================================================================== +# non-Postfix software +# ==================================================================== +#maildrop unix - n n - - pipe +# flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +#mailman unix - n n - - pipe +# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/srht-core/.gitignore b/srht-core/.gitignore new file mode 100644 index 0000000..e62ef8a --- /dev/null +++ b/srht-core/.gitignore @@ -0,0 +1 @@ +pgp.* diff --git a/srht-core/Dockerfile b/srht-core/Dockerfile new file mode 100644 index 0000000..f259ceb --- /dev/null +++ b/srht-core/Dockerfile @@ -0,0 +1,24 @@ +FROM alpine:3.17 + +RUN apk add --no-cache wget + +RUN mv /etc/apk/repositories /etc/apk/repositories.bak +RUN arch="$(apk --print-arch)"; \ + case "$arch" in \ + x86_64) \ + repouri="https://mirror.sr.ht/alpine/v3.17/sr.ht"; \ + keyuri="https://mirror.sr.ht/alpine"; \ + keyfile="alpine@sr.ht.rsa.pub"; \ + ;; \ + aarch64) \ + repouri="https://pkg.intra.dominic-ricottone.com/alpine/v3.17"; \ + keyuri="https://pkg.intra.dominic-ricottone.com/alpine"; \ + keyfile="me@dominic-ricottone.com.rsa.pub"; \ + ;; \ + *) exit 1; ;; \ + esac; \ + wget --quiet --output-document=/etc/apk/keys/$keyfile $keyuri/$keyfile; \ + echo "$repouri" | cat - /etc/apk/repositories.bak >/etc/apk/repositories + +COPY pgp.* /etc/sr.ht/ + diff --git a/srht-core/Makefile b/srht-core/Makefile new file mode 100644 index 0000000..4472e73 --- /dev/null +++ b/srht-core/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-core +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-core/README.md b/srht-core/README.md new file mode 100644 index 0000000..ba582c0 --- /dev/null +++ b/srht-core/README.md @@ -0,0 +1,26 @@ +# srht-core + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +A base image that sorts out the installation of architecture-dependent +package repositories. + +Requires a pair of passwordless PGP keys. +Try `gpg --edit-key KEYID` to remove the password, +then export with `gpg --armor --export-options export-minimal --export KEYID` +and `gpg --armor --export-secret-key KEYID`. + diff --git a/srht-git-api/Dockerfile b/srht-git-api/Dockerfile new file mode 100644 index 0000000..f51e469 --- /dev/null +++ b/srht-git-api/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-git-core:latest + +CMD ["gitsrht-api", "-b", ":5101"] + diff --git a/srht-git-api/Makefile b/srht-git-api/Makefile new file mode 100644 index 0000000..80c031d --- /dev/null +++ b/srht-git-api/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-git-api +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-git-api/README.md b/srht-git-api/README.md new file mode 100644 index 0000000..7fae560 --- /dev/null +++ b/srht-git-api/README.md @@ -0,0 +1,40 @@ +# srht-git-api + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the API server for a sr.ht system's git service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`git.example.com`. + +``` +location /query { + proxy_pass http://localhost:5101; +} +``` + +The container needs to be reachable from `nginx(8)` on port 5101. +Consider either using a pod or creating a bridge network. +It also needs to have the git repositories mounted to `/var/lib/git`. + +``` +$conman run --detach --name srht-git-api --restart always \ + --mount type=bind,src=/host/path/to/git/repos,dst=/var/lib/git,z \ + registry.intra.dominic-ricottone.com/srht-git-api:latest +``` + diff --git a/srht-git-core/Dockerfile b/srht-git-core/Dockerfile new file mode 100644 index 0000000..6d86bcc --- /dev/null +++ b/srht-git-core/Dockerfile @@ -0,0 +1,17 @@ +FROM registry.intra.dominic-ricottone.com/srht-core:latest + +# user `git` should be created with PID=100:GID=101 +RUN addgroup -S git +RUN adduser -SD -h /var/lib/git -s /bin/sh -G git -g git git + +VOLUME /var/lib/git +RUN chown git:git /var/lib/git + +RUN apk add --no-cache git.sr.ht py3-srht py3-gunicorn + +USER git + +ENV HOME=/var/lib/git + +CMD ["gunicorn", "gitsrht.app:app", "-b", "127.0.0.1:5001", "-c", "/etc/sr.ht/git.sr.ht.gunicorn.conf.py"] + diff --git a/srht-git-core/Makefile b/srht-git-core/Makefile new file mode 100644 index 0000000..ae5ddf9 --- /dev/null +++ b/srht-git-core/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-git-core +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-git-core/README.md b/srht-git-core/README.md new file mode 100644 index 0000000..1f45e45 --- /dev/null +++ b/srht-git-core/README.md @@ -0,0 +1,44 @@ +# srht-git-core + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web server for a sr.ht system's git service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`git.example.com`. + +``` +location / { + proxy_pass http://localhost:5001; +} + +location = /authorize { + proxy_pass http://localhost:5001; +} +``` + +The container needs to be reachable from `nginx(8)` on port 5001. +Consider either using a pod or creating a bridge network. +It also needs to have the git repositories mounted to `/var/lib/git`. + +``` +$conman run --detach --name srht-git-core --restart always \ + --mount type=bind,src=/host/path/to/git/repos,dst=/var/lib/git,z \ + registry.intra.dominic-ricottone.com/srht-git-core:latest +``` + diff --git a/srht-git-fcgi/Dockerfile b/srht-git-fcgi/Dockerfile new file mode 100644 index 0000000..58f54ca --- /dev/null +++ b/srht-git-fcgi/Dockerfile @@ -0,0 +1,12 @@ +FROM registry.intra.dominic-ricottone.com/fcgi:latest + +VOLUME /var/lib/git + +# user `git` should be created with PID=100:GID=101 +RUN addgroup -S git +RUN adduser -SD -h /var/lib/git -s /bin/sh -G git -g git git + +RUN apk add --no-cache git-daemon + +USER git + diff --git a/srht-git-fcgi/Makefile b/srht-git-fcgi/Makefile new file mode 100644 index 0000000..2da9719 --- /dev/null +++ b/srht-git-fcgi/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-git-fcgi +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-git-fcgi/README.md b/srht-git-fcgi/README.md new file mode 100644 index 0000000..35a18b1 --- /dev/null +++ b/srht-git-fcgi/README.md @@ -0,0 +1,45 @@ +# srht-git-fcgi + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the FastCGI server for a sr.ht system's git service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`git.example.com`. + +``` +location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ { + auth_request /authorize; + root /var/lib/git; + fastcgi_pass localhost:9000; + fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; + fastcgi_param PATH_INFO $uri; + fastcgi_param GIT_PROJECT_ROOT $document_root; +} +``` + +The container needs to be reachable from `nginx(8)` on port 9000. +Consider either using a pod or creating a bridge network. +It also needs to have the git repositories mounted to `/var/lib/git`. + +``` +$conman run --detach --name srht-git-fcgi --restart always \ + --mount type=bind,src=/host/path/to/git/repos,dst=/var/lib/git,z \ + registry.intra.dominic-ricottone.com/srht-git-fcgi:latest +``` + diff --git a/srht-git-ssh/.gitignore b/srht-git-ssh/.gitignore new file mode 100644 index 0000000..c0095cc --- /dev/null +++ b/srht-git-ssh/.gitignore @@ -0,0 +1,3 @@ +*_key +*_key.pub + diff --git a/srht-git-ssh/Dockerfile b/srht-git-ssh/Dockerfile new file mode 100644 index 0000000..d2100e7 --- /dev/null +++ b/srht-git-ssh/Dockerfile @@ -0,0 +1,20 @@ +FROM registry.intra.dominic-ricottone.com/srht-git-core:latest + +USER root + +RUN apk add --no-cache openssh + +COPY ssh* /etc/ssh/ +RUN chmod 600 /etc/ssh/*_key +RUN chmod 644 /etc/ssh/*_key.pub + +RUN touch /var/log/gitsrht-shell +RUN chmod 666 /var/log/gitsrht-shell + +RUN touch /var/log/gitsrht-update-hook +RUN chmod 666 /var/log/gitsrht-update-hook + +EXPOSE 22 + +CMD ["/usr/sbin/sshd", "-D", "-e"] + diff --git a/srht-git-ssh/Makefile b/srht-git-ssh/Makefile new file mode 100644 index 0000000..92ed067 --- /dev/null +++ b/srht-git-ssh/Makefile @@ -0,0 +1,18 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-git-ssh +TAG=latest + +KEYS=ssh_host_dsa_key.pub ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key + +image: $(KEYS) + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +$(KEYS): + ssh-keygen -A -f ./ + +.PHONY: image diff --git a/srht-git-ssh/README.md b/srht-git-ssh/README.md new file mode 100644 index 0000000..7bc6a21 --- /dev/null +++ b/srht-git-ssh/README.md @@ -0,0 +1,33 @@ +# srht-git-ssh + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the SSH server for a sr.ht system's git service. + +The container needs to have the git repositories mounted to `/var/lib/git`. + +``` +$conman run --detach --name srht-git-ssh --restart always \ + --mount type=bind,src=/host/path/to/git/repos,dst=/var/lib/git,z \ + registry.intra.dominic-ricottone.com/srht-git-ssh:latest +``` + +The server will listen on port 22. + +After starting the container, log in and set the password for the git user. +This needs to be done interactively. + diff --git a/srht-git-ssh/sshd_config b/srht-git-ssh/sshd_config new file mode 100644 index 0000000..b01a724 --- /dev/null +++ b/srht-git-ssh/sshd_config @@ -0,0 +1,118 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +AuthorizedKeysCommand /usr/bin/gitsrht-dispatch "%u" "%h" "%t" "%k" +AuthorizedKeysCommandUser root + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +# Feel free to re-enable these if your use case requires them. +AllowTcpForwarding yes +GatewayPorts no +X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +PermitUserEnvironment SRHT_* +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + diff --git a/srht-git-webhooks/Dockerfile b/srht-git-webhooks/Dockerfile new file mode 100644 index 0000000..1a1add2 --- /dev/null +++ b/srht-git-webhooks/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-git-core:latest + +CMD ["celery", "-A", "gitsrht.webhooks", "worker", "--loglevel=info"] + diff --git a/srht-git-webhooks/Makefile b/srht-git-webhooks/Makefile new file mode 100644 index 0000000..21dee7a --- /dev/null +++ b/srht-git-webhooks/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-git-webhooks +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-git-webhooks/README.md b/srht-git-webhooks/README.md new file mode 100644 index 0000000..ce87a2e --- /dev/null +++ b/srht-git-webhooks/README.md @@ -0,0 +1,25 @@ +# srht-git-webhooks + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web workers for a sr.ht system's git service. + +``` +$conman run --detach --name srht-git-webhooks --restart always \ + registry.intra.dominic-ricottone.com/srht-git-webhooks:latest +``` + diff --git a/srht-meta-api/Dockerfile b/srht-meta-api/Dockerfile new file mode 100644 index 0000000..9f8c428 --- /dev/null +++ b/srht-meta-api/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-meta-core:latest + +CMD ["metasrht-api", "-b", ":5100"] + diff --git a/srht-meta-api/Makefile b/srht-meta-api/Makefile new file mode 100644 index 0000000..a27a649 --- /dev/null +++ b/srht-meta-api/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-meta-api +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-meta-api/README.md b/srht-meta-api/README.md new file mode 100644 index 0000000..7a8148e --- /dev/null +++ b/srht-meta-api/README.md @@ -0,0 +1,38 @@ +# srht-meta-api + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the API server for a sr.ht system's user account service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`meta.example.com`. + +``` +location /query { + proxy_pass http://localhost:5100; +} +``` + +The container needs to be reachable from `nginx(8)` on port 5100. +Consider either using a pod or creating a bridge network. + +``` +$conman run --detach --name srht-meta-api --restart always \ + registry.intra.dominic-ricottone.com/srht-meta-api:latest +``` + diff --git a/srht-meta-core/Dockerfile b/srht-meta-core/Dockerfile new file mode 100644 index 0000000..640e5a4 --- /dev/null +++ b/srht-meta-core/Dockerfile @@ -0,0 +1,10 @@ +FROM registry.intra.dominic-ricottone.com/srht-core:latest + +RUN apk add --no-cache meta.sr.ht py3-srht py3-gunicorn + +# user `meta` is created by a post-installation hook in `meta.sr.ht` +# the UID/GID do not matter, so allow the hook to manage it +USER meta + +CMD ["gunicorn", "metasrht.app:app", "-b", "127.0.0.1:5000", "-c", "/etc/sr.ht/meta.sr.ht.gunicorn.conf.py"] + diff --git a/srht-meta-core/Makefile b/srht-meta-core/Makefile new file mode 100644 index 0000000..7560072 --- /dev/null +++ b/srht-meta-core/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-meta-core +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-meta-core/README.md b/srht-meta-core/README.md new file mode 100644 index 0000000..3c69f37 --- /dev/null +++ b/srht-meta-core/README.md @@ -0,0 +1,47 @@ +# srht-meta-core + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web server for a sr.ht system's user account service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`meta.example.com`. + +``` +location / { + proxy_pass http://localhost:5000; +} + +location = /register { + proxy_pass http://localhost:5000; +} + +location /.well-known/oauth-authorization-server { + proxy_pass http://localhost:5000; +} + +``` + +The container needs to be reachable from `nginx(8)` on port 5000. +Consider either using a pod or creating a bridge network. + +``` +$conman run --detach --name srht-meta-core --restart always \ + registry.intra.dominic-ricottone.com/srht-meta-core:latest +``` + diff --git a/srht-meta-webhooks/Dockerfile b/srht-meta-webhooks/Dockerfile new file mode 100644 index 0000000..5eb7b18 --- /dev/null +++ b/srht-meta-webhooks/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-meta-core:latest + +CMD ["celery", "-A", "metasrht.webhooks", "worker", "--loglevel=info"] + diff --git a/srht-meta-webhooks/Makefile b/srht-meta-webhooks/Makefile new file mode 100644 index 0000000..5577035 --- /dev/null +++ b/srht-meta-webhooks/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-meta-webhooks +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-meta-webhooks/README.md b/srht-meta-webhooks/README.md new file mode 100644 index 0000000..1e21a2a --- /dev/null +++ b/srht-meta-webhooks/README.md @@ -0,0 +1,25 @@ +# srht-meta-webhooks + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web workers for a sr.ht system's user account service. + +``` +$conman run --detach --name srht-meta-webhooks --restart always \ + registry.intra.dominic-ricottone.com/srht-meta-webhooks:latest +``` + diff --git a/srht-nginx/Dockerfile b/srht-nginx/Dockerfile new file mode 100644 index 0000000..b4259f5 --- /dev/null +++ b/srht-nginx/Dockerfile @@ -0,0 +1,10 @@ +FROM registry.intra.dominic-ricottone.com/srht-core:latest AS builder + +RUN apk add --no-cache git.sr.ht meta.sr.ht todo.sr.ht + +FROM registry.intra.dominic-ricottone.com/nginx:latest + +COPY --from=builder /usr/lib/python3.10/site-packages/gitsrht /var/www/gitsrht/ +COPY --from=builder /usr/lib/python3.10/site-packages/metasrht /var/www/metasrht/ +COPY --from=builder /usr/lib/python3.10/site-packages/todosrht /var/www/todosrht/ + diff --git a/srht-nginx/Makefile b/srht-nginx/Makefile new file mode 100644 index 0000000..0c0fb1c --- /dev/null +++ b/srht-nginx/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-nginx +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-nginx/README.md b/srht-nginx/README.md new file mode 100644 index 0000000..11eb7d3 --- /dev/null +++ b/srht-nginx/README.md @@ -0,0 +1,20 @@ +# srht-nginx + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the static content server and caching reverse proxy for a sr.ht system. + diff --git a/srht-todo-api/Dockerfile b/srht-todo-api/Dockerfile new file mode 100644 index 0000000..cf822bf --- /dev/null +++ b/srht-todo-api/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-todo-core:latest + +CMD ["todosrht-api", "-b", ":5103"] + diff --git a/srht-todo-api/Makefile b/srht-todo-api/Makefile new file mode 100644 index 0000000..e9e112f --- /dev/null +++ b/srht-todo-api/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-todo-api +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-todo-api/README.md b/srht-todo-api/README.md new file mode 100644 index 0000000..97817f3 --- /dev/null +++ b/srht-todo-api/README.md @@ -0,0 +1,38 @@ +# srht-todo-api + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the API server for a sr.ht system's issue tracker service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`todo.example.com`. + +``` +location /query { + proxy_pass http://localhost:5103; +} +``` + +The container needs to be reachable from `nginx(8)` on port 5103. +Consider either using a pod or creating a bridge network. + +``` +$conman run --detach --name srht-todo-api --restart always \ + registry.intra.dominic-ricottone.com/srht-todo-api:latest +``` + diff --git a/srht-todo-core/Dockerfile b/srht-todo-core/Dockerfile new file mode 100644 index 0000000..c1d2212 --- /dev/null +++ b/srht-todo-core/Dockerfile @@ -0,0 +1,10 @@ +FROM registry.intra.dominic-ricottone.com/srht-core:latest + +RUN apk add --no-cache todo.sr.ht py3-srht py3-gunicorn + +# user `todo` is created by a post-installation hook in `todo.sr.ht` +# the UID/GID do not matter, so allow the hook to manage it +USER todo + +CMD ["gunicorn", "todosrht.app:app", "-b", "127.0.0.1:5003", "-c", "/etc/sr.ht/todo.sr.ht.gunicorn.conf.py"] + diff --git a/srht-todo-core/Makefile b/srht-todo-core/Makefile new file mode 100644 index 0000000..489d020 --- /dev/null +++ b/srht-todo-core/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-todo-core +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-todo-core/README.md b/srht-todo-core/README.md new file mode 100644 index 0000000..fd94cc8 --- /dev/null +++ b/srht-todo-core/README.md @@ -0,0 +1,38 @@ +# srht-todo-core + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web server for a sr.ht system's issue tracker service. + +Used by proxying from `nginx(8)`. +The below location should be added to the server configuration for +`todo.example.com`. + +``` +location / { + proxy_pass http://localhost:5003; +} +``` + +The container needs to be reachable from `nginx(8)` on port 5003. +Consider either using a pod or creating a bridge network. + +``` +$conman run --detach --name srht-todo-core --restart always \ + registry.intra.dominic-ricottone.com/srht-todo-core:latest +``` + diff --git a/srht-todo-lmtp/Dockerfile b/srht-todo-lmtp/Dockerfile new file mode 100644 index 0000000..89b829e --- /dev/null +++ b/srht-todo-lmtp/Dockerfile @@ -0,0 +1,10 @@ +FROM registry.intra.dominic-ricottone.com/srht-todo-core:latest + +USER root + +RUN apk add --no-cache postfix + +USER postfix + +CMD ["todosrht-lmtp"] + diff --git a/srht-todo-lmtp/Makefile b/srht-todo-lmtp/Makefile new file mode 100644 index 0000000..f87fe20 --- /dev/null +++ b/srht-todo-lmtp/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-todo-lmtp +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-todo-lmtp/README.md b/srht-todo-lmtp/README.md new file mode 100644 index 0000000..f786b45 --- /dev/null +++ b/srht-todo-lmtp/README.md @@ -0,0 +1,28 @@ +# srht-todo-lmtp + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the LMTP server for a sr.ht system's issue tracker service. + +The container needs to be have a sockets directory mounted. + +``` +$conman run --detach --name srht-todo-lmtp --restart always \ + --mount type=bind,src=$socksdir,dst=/var/socks \ + registry.intra.dominic-ricottone.com/srht-todo-lmtp:latest +``` + diff --git a/srht-todo-webhooks/Dockerfile b/srht-todo-webhooks/Dockerfile new file mode 100644 index 0000000..7d01c77 --- /dev/null +++ b/srht-todo-webhooks/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.intra.dominic-ricottone.com/srht-todo-core:latest + +CMD ["celery", "-A", "todosrht.webhooks", "worker", "--loglevel=info"] + diff --git a/srht-todo-webhooks/Makefile b/srht-todo-webhooks/Makefile new file mode 100644 index 0000000..cde6fab --- /dev/null +++ b/srht-todo-webhooks/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=srht-todo-webhooks +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/srht-todo-webhooks/README.md b/srht-todo-webhooks/README.md new file mode 100644 index 0000000..3fc261a --- /dev/null +++ b/srht-todo-webhooks/README.md @@ -0,0 +1,25 @@ +# srht-todo-webhooks + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Deploy the web workers for a sr.ht system's issue tracker service. + +``` +$conman run --detach --name srht-todo-webhooks --restart always \ + registry.intra.dominic-ricottone.com/srht-todo-webhooks:latest +``` + -- 2.45.2