From 6a465ffcd5fa9b67bdfb1a1ff6daa806552c9efe Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 5 Dec 2020 15:46:40 +0000 Subject: [PATCH] Move to VM and allow ssh to gitea through host --- .gitignore | 1 + Vagrantfile | 72 ++++++++++++++++++++++++++++++++++++++++++++ bootstrap.sh | 42 ++++++++++++++++++++++++++ docker-compose.yml | 8 +++-- nextcloud/Dockerfile | 1 - 5 files changed, 121 insertions(+), 3 deletions(-) create mode 100644 Vagrantfile create mode 100644 bootstrap.sh diff --git a/.gitignore b/.gitignore index 4c49bd7..60930ce 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .env +.vagrant diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..bcbc93d --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,72 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "archlinux/archlinux" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + config.vm.network "forwarded_port", guest: 443, host: 44300 + config.vm.network "forwarded_port", guest: 80, host: 8000 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + config.vm.network "private_network", ip: "192.168.10.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./", "/opt/scarif/" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL + config.vm.provision "shell", path: "./bootstrap.sh" +end diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..731fcd6 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Update the package repositories +pacman -Syu --noconfirm + +# Force the locale +echo "LC_ALL=en_GB.UTF-8" >> /etc/default/locale +locale-gen en_US.UTF-8 + +# Install necessary packages +pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose + +# Set the hostname +echo "scarif.space" >> /etc/hostname + +# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing) +useradd -m -psecret chris +useradd -m -psecret -u1200 git + +# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough) +#mkdir -p /var/lib/gitea +mkdir -p /app/gitea +tee /app/gitea/gitea <> /home/git/.ssh/authorized_keys + +# Start the docker service and build docker compose +systemctl enable docker --now + +docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d diff --git a/docker-compose.yml b/docker-compose.yml index b88b25e..dc36058 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -79,13 +79,17 @@ services: - DB_NAME=gitea - DB_USER=${DB_USER} - DB_PASSWD=${DB_PASSWORD} + - USER_UID=1200 + - USER_GID=1200 + - DISABLE_REGISTRATION=true restart: always volumes: - gitea:/data + - /home/git/.ssh/:/data/git/.ssh/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - - 222:22 + - "127.0.0.1:2222:22" networks: - db - nginx @@ -144,11 +148,11 @@ services: volumes: db: + gitea: monica-public: monica-data: nextcloud: certs: - gitea: dashboard: networks: diff --git a/nextcloud/Dockerfile b/nextcloud/Dockerfile index 0b6e32d..1812fd9 100644 --- a/nextcloud/Dockerfile +++ b/nextcloud/Dockerfile @@ -7,7 +7,6 @@ RUN set -ex; \ imagemagick \ procps \ supervisor \ - libreoffice \ ; RUN set -ex; \