turtlebasket
/
michaelnet
mirror of https://github.com/turtlebasket/michaelnet
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://git.michaellisano.com/turtlebasket/michaelnet

master
michael 2023-09-28 22:01:24 -07:00
parent 5113bfdb27 7d581c87c0
commit 41bb6a6ced
6 changed files with 94 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@ -82,3 +82,12 @@ Temporary Items
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# Keys & Secrets
*.key
*.asc
*.txt
# Backups
*.tar.gz
*.tar.gz.enc
*.tar.gz.age

41
README.md
View File

@ -1,18 +1,21 @@
# Michael's Homelab
## Hosts & Services
## Hosts
### Cuddlefish
| Host | OS | Services |
| :--- | :--- | :------- |
| Cuddlefish | ![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea |
| Rocktiplex | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom |
| Cloud8 | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud |
![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0)
## SELinux Notes
- `git.michaellisano.com`
Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`:
### Rocktiplex
![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white)
- `analytics.michaellisano.com`
```bash
# SELINUX=enforcing
SELINUX=permissive
```
## Dockerized Cloudflared Notes
@ -34,3 +37,23 @@ Then in this case the name of the target service is `gitea-server`, and (per Doc
https://git.michaellisano.com -> http://gitea-server:3000
```
## Backup Decryption Notes
Everything is encrypted with [age](https://github.com/FiloSottile/age).
All keys are generated using age-keygen and stored in a text file, e.g.
**backup-key.txt**
```
# created: 2023-06-24T18:01:36-07:00
# public key: age12345...
AGE-SECRET-KEY-xyz123...
```
Decrypting a file:
```
age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc
```

30
backup/README.md Normal file
View File

@ -0,0 +1,30 @@
# Generic Backup Host
## Crontab
Runs on the second of every month.
```
0 0 2 * * cd /home/USER/backups && bash prune.sh
```
## Filename Pattern
Container volume backups are of the format:
```
gitea-data-2023-06-17_050002.tar.gz.enc
^ ^ ^
| | Backups are encrypted tarballs
| |
| ISO Datetime separated by _
|
Container volume name (*-data)
```
Regex to match backups that are *not* from the first of every month, using the above format:
```
[0-9A-Za-z]+-data-[0-9]{4}-[0-9]{2}-([^0][0-9]|[0-9][^1])_.*
```

14
backup/prune.sh Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/bash
# Prunes container data folders monthly on backup host.
# Removes all items but the backup from the first day of the month.
# Should run on the first day of every month - since it doesn't remove the backup
# from that time, it doesn't matter what time it's run
for item in *; do
if [[ "$item" =~ [0-9A-Za-z]+-data-[0-9]{4}-[0-9]{2}-([^0][0-9]|[0-9][^1])_.* ]]; then
echo "Removing $item"
rm -f $item
fi
done

8
cuddlefish/backup
View File

@ -1,11 +1,11 @@
#!/bin/bash
# NOTE: DEPENDING ON PERMISSIONING, YOU MAY NEED TO RUN THIS SCRIPT USING SUDO
source .env
DATESTRING=$(date +"%Y-%m-%d_%H%M%S" | tr '[:upper:]' '[:lower:]' | tr ' ' '_')
ARCHIVE="gitea-data-${DATESTRING}.tar.gz"
tar -czvf $ARCHIVE gitea-data/
scp -i $BACKUP_KEYPATH -P $BACKUP_SSH_PORT $ARCHIVE $BACKUP_HOST:~/backups/
rm $ARCHIVE && echo Removed $ARCHIVE.
tar -czvf $ARCHIVE gitea-data/ && \
age -e -r age1grpe9c934q09933g7mxne03z7k6e572tjcqxdkne6rwyfht2saeq90sf3f -o $ARCHIVE.enc $ARCHIVE && \
scp -i $BACKUP_KEYPATH -P $BACKUP_SSH_PORT $ARCHIVE.enc $BACKUP_HOST:~/backups/
rm -f $ARCHIVE $ARCHIVE.age && echo Removed $ARCHIVE, $ARCHIVE.enc.

5
cuddlefish/docker-compose.yaml
View File

@ -6,6 +6,10 @@ networks:
services:
# ========================================
# GIT.MICHAELLISANO.COM
# ========================================
gitea-server:
image: gitea/gitea:1.19.3
container_name: gitea
@ -33,3 +37,4 @@ services:
networks:
- gitea