diff --git a/.gitignore b/.gitignore index c4cc9af..03e9ceb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ .env.local -_traefik/tls -_traefik/shared +_traefik.dynamic/tls +_traefik.dynamic/shared/acme.json **/app.env ddns-updater/config.json diff --git a/_bin/checkver.sh b/_bin/checkver.sh deleted file mode 100755 index ebcfe5e..0000000 --- a/_bin/checkver.sh +++ /dev/null @@ -1,49 +0,0 @@ -#! /usr/bin/env bash -SCRIPT_DIR=${SCRIPT_DIR:-"$( cd -- "$( dirname -- "$0" )" &> /dev/null && pwd )"} - -# Function to compare semantic versions -compare_major_version() { - local major_version1=$(echo $1 | cut -d. -f1) - local major_version2=$(echo $2 | cut -d. -f1) - - if [[ "$major_version1" == "$major_version2" ]]; then - return 0 - else - return 1 - fi -} - -# Get Current Version of Runtipi -runtipi_path=${RUNTIPI_DIR:-"$(cd -- "${SCRIPT_DIR}/../.." &> /dev/null && pwd )"} -[ -r "$runtipi_path/VERSION" ] || runtipi_path=${RUNTIPI_DIR:-"$(cd -- "${SCRIPT_DIR}/../../_" &> /dev/null && pwd )"} -current_version=$(cat "$runtipi_path/VERSION") - -# Get the latest release information from GitHub API -latest_release=$(curl -sL \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/runtipi/runtipi/releases/latest) - -# Extract the tag name from the release information -tag_name=$(echo "$latest_release" | grep -o '"tag_name": "[^"]*' | cut -d'"' -f4) - -printf 'current: %-10s online: %-10s\n' "$current_version" "$tag_name" >&2 -# Compare major version numbers -compare_major_version "$tag_name" "$current_version" -# major_version_match=$? -# -# # Check if major versions are the same and if the latest release is newer than the current version -# if [[ $major_version_match -eq 0 ]] && [[ "$tag_name" > "$current_version" ]]; then -# echo "A new release is available: $tag_name" -# cd $runtipi_path -# echo "Backing up current version" -# if [ ! -d "$runtipi_path/backups" ]; then -# mkdir -p $runtipi_path/backups -# fi -# tar -czvf runtipi-backup-$current_version.tar.gz --exclude=media --exclude=backups * -# mv runtipi-backup-$current_version.tar.gz $runtipi_path/backups -# echo "Starting update" -# echo $runtipi_path/runtipi-cli update latest -# else -# echo "No new release found or major version mismatch" -# fi diff --git a/_bin/runtipictl b/_bin/runtipictl index 6c871ab..102d0ef 100755 --- a/_bin/runtipictl +++ b/_bin/runtipictl @@ -6,12 +6,6 @@ jlmkr () { JAIL_UID=${JAIL_UID:-${UID}} -jlmkr-shell() { - if jlmkr exec runtipi true; then - jlmkr shell --uid "${JAIL_UID}" runtipi - fi -} - jlmkr-exec () { local set_x=" set -x; pwd; id; " [ -z "$QUIET" ] || set_x="" @@ -89,9 +83,6 @@ case "${1}" in _ERROR_MSG="ERROR: failed to invoke a command inside the runtipi jail and can't start the jail." \ runtipi-cli start --env-file user-config/.env.local --no-permissions ;; - shell) - jlmkr-shell - ;; exec) jlmkr-exec "${@:2}" ;; @@ -133,7 +124,6 @@ case "${1}" in "" "" "" \ "misc." "" ""\ "" "exec" "execute within the shell, START_DIR env applies" \ - "" "shell" "enter an insteractive shell" \ "" "" "" \ "" "setup" "setup runtipictl in user's .local/bin dir" diff --git a/_traefik/dynamic/mw.secureHeaders.yml b/_traefik.dynamic/dynamic/dynamic.yml similarity index 63% rename from _traefik/dynamic/mw.secureHeaders.yml rename to _traefik.dynamic/dynamic/dynamic.yml index 3ca24bc..18769aa 100644 --- a/_traefik/dynamic/mw.secureHeaders.yml +++ b/_traefik.dynamic/dynamic/dynamic.yml @@ -1,4 +1,8 @@ http: + serversTransports: + insecuretransport: + insecureSkipVerify: true + middlewares: secureHeaders: headers: @@ -14,3 +18,14 @@ http: permissionsPolicy: "camera=(), microphone=(), geolocation=()" customResponseHeaders: X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" + +tls: + stores: + default: + defaultCertificate: + certFile: /etc/traefik/tls/cert.pem + keyFile: /etc/traefik/tls/key.pem + certificates: + - certFile: /etc/traefik/tls/cert.pem + keyFile: /etc/traefik/tls/key.pem + diff --git a/_traefik/dynamic/mw.fwd-auth-sysmgr.yml b/_traefik.dynamic/dynamic/fwd-auth-sysmgr.yml similarity index 100% rename from _traefik/dynamic/mw.fwd-auth-sysmgr.yml rename to _traefik.dynamic/dynamic/fwd-auth-sysmgr.yml diff --git a/_traefik/dynamic/rt.ha.yml b/_traefik.dynamic/dynamic/ha.yml similarity index 100% rename from _traefik/dynamic/rt.ha.yml rename to _traefik.dynamic/dynamic/ha.yml diff --git a/_traefik.dynamic/dynamic/kasm-workspaces.yml b/_traefik.dynamic/dynamic/kasm-workspaces.yml new file mode 100644 index 0000000..3d478bb --- /dev/null +++ b/_traefik.dynamic/dynamic/kasm-workspaces.yml @@ -0,0 +1,42 @@ +# http routing section +http: + routers: + # Define a connection between requests and services + "to-kasm-main": + rule: "Host(`k.szk.li`)" + entrypoints: + - websecure + # # If the rule matches, applies the middleware + middlewares: + - authentik_sysmgr + # - test-user + # If the rule matches, forward to the whoami service (declared below) + service: kasm-main + tls: + certresolver: myresolver + + # Define a connection between requests and services + "to-kasm-setup": + rule: "Host(`ksetup.szk.li`)" + entrypoints: + - websecure + # # If the rule matches, applies the middleware + middlewares: + - authentik_sysmgr + # - test-user + # If the rule matches, forward to the whoami service (declared below) + service: kasm-setup + tls: + certresolver: myresolver + + + services: + # Define how to reach an existing service on our infrastructure + kasm-main: + loadBalancer: + servers: + - url: "https://kasm-workspaces:8744" + kasm-setup: + loadBalancer: + servers: + - url: "https://kasm-workspaces:8743" diff --git a/_traefik.dynamic/dynamic/kateryna_apps.yml b/_traefik.dynamic/dynamic/kateryna_apps.yml new file mode 100644 index 0000000..aaf1d10 --- /dev/null +++ b/_traefik.dynamic/dynamic/kateryna_apps.yml @@ -0,0 +1,29 @@ +# http routing section +http: + routers: + to-kateryna: + rule: "Host(`kateryna.szk.li`) + || Host(`kateryna.lksz.me`) + || Host(`m.lksz.me`) + || Host(`auth.lksz.me`) + || Host(`sync.lksz.me`) + || Host(`radarr.lksz.me`) + || Host(`sonarr.lksz.me`) + || Host(`prowlarr.lksz.me`) + || Host(`req.lksz.me`) + || Host(`jd.lksz.me`) + || Host(`nzb.lksz.me`) + || Host(`stats.player.lksz.me`) + " + entrypoints: + - websecure + service: kateryna-traefik + tls: + certresolver: myresolver + + services: + # Define how to reach an existing service on our infrastructure + kateryna-traefik: + loadBalancer: + servers: + - url: https://kateryna.lksz.me diff --git a/_traefik/traefik.yml b/_traefik.dynamic/traefik.yml similarity index 57% rename from _traefik/traefik.yml rename to _traefik.dynamic/traefik.yml index a1af91f..7c8216f 100644 --- a/_traefik/traefik.yml +++ b/_traefik.dynamic/traefik.yml @@ -4,7 +4,7 @@ api: providers: docker: - endpoint: "unix:///var/run/docker.sock" + endpoint: 'unix:///var/run/docker.sock' watch: true exposedByDefault: false file: @@ -31,18 +31,12 @@ entryPoints: - "172.16.0.0/12" certificatesResolvers: - myresolver: + httpresolver: acme: - email: acme@thisprops.com +# email: acme@thisprops.com storage: /shared/acme.json - # httpChallenge: - # entryPoint: web - #logging: true - dnsChallenge: - provider: cloudflare - resolvers: - - 1.1.1.1:53 # - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[0]=1.1.1.1:53 - - 8.8.8.8:53 # - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[1]=8.8.8.8:53 + httpChallenge: + entryPoint: web log: - level: INFO + level: ERROR diff --git a/_traefik/dynamic/http.yml b/_traefik/dynamic/http.yml deleted file mode 100644 index ef2bee2..0000000 --- a/_traefik/dynamic/http.yml +++ /dev/null @@ -1,4 +0,0 @@ -http: - serversTransports: - insecuretransport: - insecureSkipVerify: true diff --git a/_traefik/dynamic/mw.lan-only.yml b/_traefik/dynamic/mw.lan-only.yml deleted file mode 100644 index 0cab8f0..0000000 --- a/_traefik/dynamic/mw.lan-only.yml +++ /dev/null @@ -1,8 +0,0 @@ -# Accepts request from defined IP -http: - middlewares: - lan-only: - ipWhiteList: - sourceRange: - - "127.0.0.1/32" - - "192.168.0.0/16" \ No newline at end of file diff --git a/_traefik/dynamic/tls.yml b/_traefik/dynamic/tls.yml deleted file mode 100644 index 39b4586..0000000 --- a/_traefik/dynamic/tls.yml +++ /dev/null @@ -1,9 +0,0 @@ -tls: - stores: - default: - defaultCertificate: - certFile: /etc/traefik/tls/cert.pem - keyFile: /etc/traefik/tls/key.pem - certificates: - - certFile: /etc/traefik/tls/cert.pem - keyFile: /etc/traefik/tls/key.pem diff --git a/tipi-compose.yml b/tipi-compose.yml index b9b6d50..c25c122 100644 --- a/tipi-compose.yml +++ b/tipi-compose.yml @@ -4,35 +4,16 @@ services: - 8080:8080 command: - '--providers.docker' - - '--providers.file.directory=/etc/traefik/dynamic' + - '--providers.file.directory=/srv/runtipi/user-config/_traefik.dynamic' - '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}' - '--certificatesresolvers.myresolver.acme.storage=/shared/acme.json' - '--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare' - - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53" - - '--log.level=INFO' environment: - CF_API_EMAIL: "${ACME_EMAIL:?}" - CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN:?}" + CF_API_EMAIL: "${ACME_EMAIL}" + CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}" networks: - tipi_main_network - tipi_internal_network - volumes: - - type: bind - source: ./traefik/shared - target: /shared - read_only: false - - type: bind - source: ./traefik - target: /etc/traefik - read_only: false - - type: bind - source: ./user-config/_traefik/dynamic/ - target: /etc/traefik/dynamic/ - read_only: true - - type: bind - source: ./user-config/_traefik/traefik.yml - target: /etc/traefik/traefik.yml - read_only: true networks: tipi_internal_network: