base ubutnu installation

.env.example

@@ -0,0 +1,5 @@
+DOMAIN=example.com
+
+COMPOSE_FILE=traefik.yml:agent.yml:docker-compose.yml
+
+HTP=

alpine-node.sh

@@ -1 +0,0 @@
-echo 100

alpine/cron-updater.run.sh

@@ -0,0 +1 @@
+echo "*/3     *       *       *       *       /srv/update.sh" >> /etc/crontabs/root

install-keys.sh

@@ -0,0 +1 @@
+echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDClgKOnqBTUDtdJcsXEjEPbnSxc+qWjhuHmYQZqdyKShEO2Edg8N0u0QIVNmoWVQFOkZOwTBJwJJs4Wsjn1Z0Ika+ZayefSY8Cgdm1mXUJW5dSCjVebUDJMDc2P1J4XPCiWQQXdvDD5dpcx83DQKOzG4l+iYXTFYSjYgUDHTP6hSpFjIGjVFXG73n4+04fLUSSEeP9MnFIGXD+vhID0FfIsj6zLnsRGDc7r9Y0uGJpD/RTiFtNoL1QGeetF9YdBjnou8yeD9egV8+AIZ8L0vNZxXeDG/irwmbXLEunvoQ8TwkZHMGf6H//ndoTTTygD1oqt5bIYajSk9X/kz7GtvACgveve7YjK0CAqO24bZzgK2+nj5Y08OFI3LccAe5SCwSx8IxBLfxGeDVim8A7CLBRyw4Jsld2BqWlzXJNmj+I5bn8iIPoCtARCreQkGCHgg1ZALpFvDkMYSU+kysrKSl40Ftyvno6HiBJJdu+7J+IjYa4/VhigDxg8UkXE+8lPr8= d@timal.kz > /root/.ssh/authorized_keys

srv/agent.yml

@@ -0,0 +1,13 @@
+version: '3'
+
+services:
+  agent:
+    image: portainer/agent:2.19.1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+    restart: always
+    ports:
+      - 9001:9001
+    labels:
+      - traefik.enable=false

srv/docker-compose.yml

@@ -0,0 +1,5 @@
+version: '3'
+
+services:
+  dummy:
+    image: busybox

srv/mysql.yml

@@ -0,0 +1,18 @@
+version: '3'
+
+services:
+  mysql:
+    image: mariadb
+    restart: always
+    environment:
+      - MARIADB_ROOT_PASSWORD=${MYSQL_PASSWORD}
+    volumes:
+      - ./mysql:/var/lib/mysql
+    labels:
+      - traefik.enable=false
+
+  pma:
+    image: phpmyadmin/phpmyadmin
+    restart: always
+    environment:
+      - PMA_HOST=mysql

srv/traefik.yml

@@ -0,0 +1,31 @@
+version: '3'
+
+services:
+  traefik:
+    image: traefik:v2.9
+    restart: always
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls=true
+      - --entrypoints.websecure.http.tls.certresolver=le
+      - --providers.docker
+      - --providers.docker.exposedByDefault=true
+      - --providers.docker.defaultRule=Host(`{{ index .Labels "com.docker.compose.service" }}.${DOMAIN}`)
+      - --api
+      - --certificatesresolvers.le.acme.email=admin@mail.${DOMAIN}
+      - --certificatesresolvers.le.acme.storage=/acme/acme.json
+      - --certificatesresolvers.le.acme.tlschallenge=true
+#      - --certificatesresolvers.le.acme.httpchallenge=true
+#      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./traefik/acme:/acme"
+    labels:
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.middlewares.auth.basicauth.users=${HTP}test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0
+      - traefik.http.routers.traefik.middlewares=myauth

srv/update.sh

@@ -0,0 +1,3 @@
+cd /srv
+echo $(date) > lastupdate
+docker-compose pull && docker-compose up -d --remove-orphans

ubuntu/install-node.sh

@@ -0,0 +1,16 @@
+cd /srv
+
+# install software
+apt install nano wget curl docker.io docker-compose -y
+
+# install  keys
+curl https://git.infra.timal.kz/djerom/public/raw/branch/master/install-keys.sh | bash
+
+# copy base services (traefik, agent)
+wget https://git.infra.timal.kz/djerom/public/raw/branch/master/srv/traefik.yml
+wget https://git.infra.timal.kz/djerom/public/raw/branch/master/srv/agent.yml
+wget https://git.infra.timal.kz/djerom/public/raw/branch/master/srv/mysql.yml
+
+# install updater
+wget https://git.infra.timal.kz/djerom/public/raw/branch/master/srv/update.sh
+echo "*/3     *       *       *       *       /srv/update.sh" >> /etc/crontabs/root