139 lines
No EOL
5 KiB
Text
139 lines
No EOL
5 KiB
Text
##-----core pre-deploy------
|
|
#make traefik dirs
|
|
mkdir -p /docker/traefik/dynamic || true
|
|
mkdir -p /docker/traefik/letsencrypt ||true
|
|
#copy traefik connection files
|
|
cp -r /etc/komodo/repos/mapletree-pve*lxc*/lxc*/traefik/dynamic/* /docker/traefik/dynamic/
|
|
#traefik secure acme.json
|
|
touch /docker/traefik/letsencrypt/acme.json
|
|
chmod 600 /docker/traefik/letsencrypt/acme.json
|
|
|
|
##-----guacamole variables------
|
|
##Change these variables
|
|
TRAEFIK_ENABLED=
|
|
#TRAEFIK - copy in whichever environment is being worked on
|
|
# prod(lxc1): mapletree.email
|
|
# dev(lxc6): dev.mapletree.email
|
|
# test(lxc7): test.mapletree.email
|
|
ENV_DOMAIN=
|
|
#TRAEFIK - set the unque public name (i.e. ssh, manage, etc)
|
|
SUBDOMAIN=
|
|
#TRAEFIK - set the hostname with no dashes (i.e. pve1-lxc1 would be set as pve1lxc1)
|
|
HOSTNAME_NODASH=
|
|
#TRAEFIK - use "web", "websecure", or "web,websecure"
|
|
TRAEFIK_ENTRYPOINT=
|
|
#TRAEFIK - set the correct resolver name (default is myresolver)
|
|
TRAEFIK_RESOLVER=
|
|
#TRAEFIK - set the internal port that http/https will redirect to
|
|
INTERNAL_PORT=
|
|
#TRAEFIK - most apps are unneeded but if needed add required flag
|
|
#MIDDLEWARES
|
|
|
|
##Variables that don't change
|
|
#traefik DB creds
|
|
PG_USERNAME=guacamole_user
|
|
PG_PASSWORD={$--standard_apts--}
|
|
|
|
|
|
##-----keepalived files------
|
|
run: /docker/keepalived
|
|
path: {keepalived static compose link i.e. /etc/komodo/[repo]/[lxc#]/[service]/[container].yml}
|
|
|
|
##-----keepalived variables------
|
|
#Make sure that /docker from the node is mounted in the periphery
|
|
|
|
|
|
|
|
##static blocks - doesn't change per slot (VIP)
|
|
#KEEPALIVED - define which PVE we're deploying this to (i.e. pve1-lxc6 would have 1 here)
|
|
PVE_NUM=
|
|
#KEEPALIVED - define which LXC we're deploying this to (i.e. pve1-lxc6 would have 6 here)
|
|
LXC_NUM=
|
|
#KEEPALIVED - define the base password it uses to talk to the opposing node.
|
|
#note: this should be different for each LXC
|
|
BASE_PASSSWORD=
|
|
|
|
##dynamic blocks - used in generating the slots (VIPs)
|
|
#KEEPALIVED - copy the format below (between the #<># marks and change for additional slots
|
|
#
|
|
SLOT_DEFINITIONS=SLOT_DEFINITIONS="1,keepalived,,MASTER,150,172.16.201.106,172.16.201.220;,gitea,gitea-postgres,MASTER,150,172.16.201.106,172.16.201.221"
|
|
#<slot,Name,Dependency,State,Priority,Peer,VIP>#
|
|
#
|
|
#KEEPALIVED - slot - Define the slot number
|
|
#KEEPALIVED - Name - Define the namne that the service is known as (i.e. komodo)
|
|
#KEEPALIVED - Dependency - Define the name that the service dependency is deployed as (i.e. komodo-mongo)
|
|
#KEEPALIVED - State - select MASTER or BACKUP depending on PVE placement (i.e. pve2-lxc1 = MASTER)
|
|
#KEEPALIVED - Priority - select the priority to match the master/backup (higher number mean more important)
|
|
#master=150 #backup=100
|
|
#KEEPALIVED - Peer - give the opposing LXC peer IP (i.e. if pve2-lx6 connecting to pve1-lx6 the put 172.16.201.106)
|
|
#KEEPALIVED - define the VIP for this service slot
|
|
|
|
##-----keepalived pre-deploy-----
|
|
mkdir /docker/keepalived || true
|
|
mkdir /docker/keepalived/config || true
|
|
mkdir /docker/keepalived/checks || true
|
|
cp -r /etc/komodo/repos/mapletree-pve2lxc6/lxc1/keepalived/* /docker/keepalived/
|
|
chmod +x /docker/keepalived/deploy_keepalived.sh
|
|
chmod +x /docker/keepalived/check_services.sh
|
|
|
|
##-----keepalived post-deploy-----
|
|
bash /docker/keepalived/deploy_keepalived.sh
|
|
|
|
##-----management files------
|
|
run:/docker/management
|
|
path: {gitea static compose link i.e. /etc/komodo/[repo]/[lxc#]/[service]/[container].yml}
|
|
path: {komodo static compose link i.e. /etc/komodo/[repo]/[lxc#]/[service]/[container].yml}
|
|
path: {wud static compose link i.e. /etc/komodo/[repo]/[lxc#]/[service]/[container].yml}
|
|
|
|
##-----management environment------
|
|
#Make sure that /docker from the node is mounted in the periphery
|
|
|
|
##change these entries
|
|
#change the node numbers
|
|
REPO_ROOT=/repo/mapletree-pve#lxc#
|
|
#GITEA - change the FQDN for the root URL
|
|
GITEA_FQDN=
|
|
#GITEA - define the service name (used in everything)
|
|
SERVICE_NAME=gitea
|
|
#GITEA - define the network names
|
|
GITEA_INTERNAL_NETWORK_NAME=gitea_internal
|
|
GITEA_EXTERNAL_NETWORK_NAME=gitea_external
|
|
|
|
##static entries - leave alone
|
|
TZ=America/Edmonton
|
|
#Gitea - DB info
|
|
GITEA_DB_USERNAME=admin
|
|
GITEA_DB_PASSWORD=admin
|
|
#GITEA - app info
|
|
GITEA_PROTOCOL=HTTPS
|
|
TRAEFIK_ENTRYPOINT=websecure
|
|
TRAEFIK_RESOLVER=dns_resolver
|
|
GITEA_INTERNAL_PORT=3000
|
|
#KOMODO CORE - general config
|
|
KOMODO_DISABLE_CONFIRM_DIALOG=false
|
|
KOMODO_MONITORING_INTERVAL="5-sec"
|
|
KOMODO_RESOURCE_POLL_INTERVAL="1-hr"
|
|
KOMODO_LOCAL_AUTH=true
|
|
KOMODO_DISABLE_USER_REGISTRATION=false
|
|
KOMODO_ENABLE_NEW_USERS=false
|
|
KOMODO_DISABLE_NON_ADMIN_CREATE=false
|
|
KOMODO_TRANSPARENT_MODE=false
|
|
KOMODO_LOGGING_PRETTY=false
|
|
KOMODO_PRETTY_STARTUP_CONFIG=true
|
|
KOMODO_OIDC_ENABLED=false
|
|
KOMODO_GITHUB_OAUTH_ENABLED=false
|
|
KOMODO_GOOGLE_OAUTH_ENABLED=false
|
|
KOMODO_TITLE=Komodo
|
|
#KOMODO PERIPHERY - general config
|
|
PERIPHERY_ROOT_DIRECTORY=/etc/komodo
|
|
PERIPHERY_PASSKEYS=${KOMODO_PASSKEY}
|
|
PERIPHERY_DISABLE_TERMINALS=false
|
|
PERIPHERY_SSL_ENABLED=true
|
|
PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
|
|
PERIPHERY_LOGGING_PRETTY=false
|
|
PERIPHERY_PRETTY_STARTUP_CONFIG=true
|
|
|
|
|
|
##-----management pre-deploy------
|
|
docker network create ${GITEA_INTERNAL_NETWORK_NAME} || true
|
|
docker network create ${GITEA_EXTERNAL_NETWORK_NAME} || true |