Compare commits
16 Commits
1.0.0+0.24
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 0a6f397f4b | |||
| ba78d79998 | |||
| 5637a59368 | |||
| e039b08ff0 | |||
| db3edafbee | |||
| ce8c3eec63 | |||
| c4a74a817a | |||
| 2011a91921 | |||
| dddc5f7df2 | |||
| 3bb2a94d3a | |||
| 27f33cd0d5 | |||
| 4e5dc4e185 | |||
| c18d143b7c | |||
| bc1bdc825b | |||
| 2e40802f55 | |||
| 95cf5c9374 |
@ -17,7 +17,9 @@ steps:
|
||||
DOMAIN: authentik.swarm-test.autonomic.zone
|
||||
STACK_NAME: authentik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
CONFIG_YML_VERSION: v1
|
||||
CONFIG_YML_VERSION: v8
|
||||
HEALTHCHECK_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_JWT_SECRET_VERSION: v1
|
||||
|
||||
@ -36,8 +38,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
TYPE=vikunja
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=vikunja.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.vikunja.example.com`'
|
||||
#REDIRECT_DOMAIN=www.vikunja.example.com
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
|
||||
25
README.md
25
README.md
@ -23,3 +23,28 @@ Organize everything, on all platforms
|
||||
* `abra app deploy <app-name>`
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
|
||||
|
||||
## Healthcheck
|
||||
|
||||
Vikunja uses a docker [scratch](https://hub.docker.com/_/scratch/) image, that is completely empty, therefore it is necessary to copy a statically build healthcheck binary into the container to perform the healthcheck.
|
||||
|
||||
To verify the binary in this recipe run this code:
|
||||
|
||||
```
|
||||
# Set the source date epoch for reproducibility
|
||||
export SOURCE_DATE_EPOCH=1640995200
|
||||
export DOCKER_BUILDKIT=1
|
||||
|
||||
# Build the Docker image
|
||||
docker build --build-arg SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} -t healthcheck -f healthcheck_Dockerfile .
|
||||
|
||||
# Create container, extract binary and remove the container
|
||||
docker create --name healthcheck_builder healthcheck
|
||||
docker cp healthcheck_builder:/app/healthcheck .
|
||||
docker rm healthcheck_builder
|
||||
|
||||
# Check if the build is reproducible by calculating hash
|
||||
sha256sum healthcheck
|
||||
```
|
||||
The sha256 checksum should be **c7c12a0eb019edd275c3f5a9302c70b2112941a8c0b9d9128d26c66a81a263c6**
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1 +1,3 @@
|
||||
export CONFIG_YML_VERSION=v8
|
||||
export HEALTHCHECK_VERSION=v1
|
||||
export PG_BACKUP_VERSION=v2
|
||||
|
||||
47
compose.yml
47
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: vikunja/vikunja:0.24.2
|
||||
image: vikunja/vikunja:0.24.6
|
||||
environment:
|
||||
- DOMAIN
|
||||
- LOG_LEVEL
|
||||
@ -47,29 +47,32 @@ services:
|
||||
configs:
|
||||
- source: config_yml
|
||||
target: /etc/vikunja/config.yml
|
||||
- source: healthcheck
|
||||
target: /healthcheck
|
||||
mode: 555
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3456"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect-aliases@docker"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-aliases.redirectregex.regex=^https://${REDIRECT_DOMAIN:-example.com}(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-aliases.redirectregex.replacement=https://${DOMAIN}$${1}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+0.24.2"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.1+0.24.6"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
#healthcheck:
|
||||
# test: [ "CMD", "curl", "-f", "http://localhost:3456" ]
|
||||
# interval: 30s
|
||||
# timeout: 10s
|
||||
# retries: 10
|
||||
# start_period: 1m
|
||||
healthcheck:
|
||||
test: [ "CMD", "/healthcheck"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
|
||||
redis:
|
||||
image: redis
|
||||
image: redis:7.4.2-alpine
|
||||
networks:
|
||||
- internal
|
||||
ports:
|
||||
- "6379:6379"
|
||||
|
||||
|
||||
db:
|
||||
image: postgres:13
|
||||
@ -88,10 +91,14 @@ services:
|
||||
- db_password
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.db.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
|
||||
volumes:
|
||||
files:
|
||||
@ -109,6 +116,12 @@ configs:
|
||||
name: ${STACK_NAME}_config_yml_${CONFIG_YML_VERSION}
|
||||
file: config.yml.tmpl
|
||||
template_driver: golang
|
||||
healthcheck:
|
||||
name: ${STACK_NAME}_healthcheck_${HEALTHCHECK_VERSION}
|
||||
file: healthcheck
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
secrets:
|
||||
db_password:
|
||||
|
||||
16
debug_Dockerfile
Normal file
16
debug_Dockerfile
Normal file
@ -0,0 +1,16 @@
|
||||
FROM vikunja/vikunja:0.24.2 AS vikunja-scratch
|
||||
|
||||
FROM alpine
|
||||
|
||||
RUN apk add --upgrade --no-cache vim bash curl
|
||||
|
||||
WORKDIR /app/vikunja
|
||||
CMD [ "/app/vikunja/vikunja" ]
|
||||
EXPOSE 3456
|
||||
USER 1000
|
||||
|
||||
ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
|
||||
ENV VIKUNJA_DATABASE_PATH=/db/vikunja.db
|
||||
|
||||
COPY --from=vikunja-scratch /app/vikunja /app/vikunja
|
||||
COPY --from=vikunja-scratch /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
BIN
healthcheck
Executable file
BIN
healthcheck
Executable file
Binary file not shown.
50
healthcheck.c
Normal file
50
healthcheck.c
Normal file
@ -0,0 +1,50 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main() {
|
||||
int sockfd;
|
||||
struct sockaddr_in server_addr;
|
||||
char request[] = "HEAD / HTTP/1.1\r\nHost: localhost\r\n\r\n";
|
||||
char response[1024];
|
||||
int received_bytes;
|
||||
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sockfd < 0) {
|
||||
perror("socket");
|
||||
return 1;
|
||||
}
|
||||
|
||||
server_addr.sin_family = AF_INET;
|
||||
server_addr.sin_port = htons(3456);
|
||||
server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
|
||||
if (connect(sockfd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
|
||||
perror("connect");
|
||||
close(sockfd);
|
||||
return 1;
|
||||
}
|
||||
|
||||
send(sockfd, request, strlen(request), 0);
|
||||
|
||||
received_bytes = recv(sockfd, response, sizeof(response) - 1, 0);
|
||||
if (received_bytes < 0) {
|
||||
perror("recv");
|
||||
close(sockfd);
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Null-terminieren der empfangenen Bytes
|
||||
response[received_bytes] = '\0';
|
||||
|
||||
// Statuscode extrahieren (erste Zeile enthält den Statuscode)
|
||||
char *status_line = strtok(response, "\r\n");
|
||||
printf("Response: %s\n", status_line);
|
||||
|
||||
close(sockfd);
|
||||
return 0;
|
||||
}
|
||||
13
healthcheck_Dockerfile
Normal file
13
healthcheck_Dockerfile
Normal file
@ -0,0 +1,13 @@
|
||||
FROM alpine:latest
|
||||
|
||||
ENV SOURCE_DATE_EPOCH=1640995200
|
||||
|
||||
RUN apk add --no-cache gcc musl-dev
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY healthcheck.c /app
|
||||
|
||||
RUN gcc -o healthcheck healthcheck.c -static
|
||||
|
||||
CMD ["./healthcheck"]
|
||||
34
pg_backup.sh
Normal file
34
pg_backup.sh
Normal file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
|
||||
|
||||
function backup {
|
||||
export PGPASSWORD=$(cat /run/secrets/db_password)
|
||||
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
|
||||
}
|
||||
|
||||
function restore {
|
||||
cd /var/lib/postgresql/data/
|
||||
restore_config(){
|
||||
# Restore allowed connections
|
||||
cat pg_hba.conf.bak > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
}
|
||||
# Don't allow any other connections than local
|
||||
cp pg_hba.conf pg_hba.conf.bak
|
||||
echo "local all all trust" > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
trap restore_config EXIT INT TERM
|
||||
|
||||
# Recreate Database
|
||||
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
|
||||
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
|
||||
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
|
||||
|
||||
trap - EXIT INT TERM
|
||||
restore_config
|
||||
}
|
||||
|
||||
$@
|
||||
Loading…
x
Reference in New Issue
Block a user