Merge branch 'master' of https://git.michaellisano.com/turtlebasket/michaelnet
commit
41bb6a6ced
|
@ -82,3 +82,12 @@ Temporary Items
|
||||||
# .nfs files are created when an open file is removed but is still being accessed
|
# .nfs files are created when an open file is removed but is still being accessed
|
||||||
.nfs*
|
.nfs*
|
||||||
|
|
||||||
|
# Keys & Secrets
|
||||||
|
*.key
|
||||||
|
*.asc
|
||||||
|
*.txt
|
||||||
|
|
||||||
|
# Backups
|
||||||
|
*.tar.gz
|
||||||
|
*.tar.gz.enc
|
||||||
|
*.tar.gz.age
|
||||||
|
|
41
README.md
41
README.md
|
@ -1,18 +1,21 @@
|
||||||
# Michael's Homelab
|
# Michael's Homelab
|
||||||
|
|
||||||
## Hosts & Services
|
## Hosts
|
||||||
|
|
||||||
### Cuddlefish
|
| Host | OS | Services |
|
||||||
|
| :--- | :--- | :------- |
|
||||||
|
| Cuddlefish | ![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea |
|
||||||
|
| Rocktiplex | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom |
|
||||||
|
| Cloud8 | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud |
|
||||||
|
|
||||||
![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0)
|
## SELinux Notes
|
||||||
|
|
||||||
- `git.michaellisano.com`
|
Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`:
|
||||||
|
|
||||||
### Rocktiplex
|
```bash
|
||||||
|
# SELINUX=enforcing
|
||||||
![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white)
|
SELINUX=permissive
|
||||||
|
```
|
||||||
- `analytics.michaellisano.com`
|
|
||||||
|
|
||||||
## Dockerized Cloudflared Notes
|
## Dockerized Cloudflared Notes
|
||||||
|
|
||||||
|
@ -34,3 +37,23 @@ Then in this case the name of the target service is `gitea-server`, and (per Doc
|
||||||
https://git.michaellisano.com -> http://gitea-server:3000
|
https://git.michaellisano.com -> http://gitea-server:3000
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Backup Decryption Notes
|
||||||
|
|
||||||
|
Everything is encrypted with [age](https://github.com/FiloSottile/age).
|
||||||
|
|
||||||
|
All keys are generated using age-keygen and stored in a text file, e.g.
|
||||||
|
|
||||||
|
**backup-key.txt**
|
||||||
|
|
||||||
|
```
|
||||||
|
# created: 2023-06-24T18:01:36-07:00
|
||||||
|
# public key: age12345...
|
||||||
|
AGE-SECRET-KEY-xyz123...
|
||||||
|
```
|
||||||
|
|
||||||
|
Decrypting a file:
|
||||||
|
|
||||||
|
```
|
||||||
|
age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc
|
||||||
|
```
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Generic Backup Host
|
||||||
|
|
||||||
|
## Crontab
|
||||||
|
|
||||||
|
Runs on the second of every month.
|
||||||
|
|
||||||
|
```
|
||||||
|
0 0 2 * * cd /home/USER/backups && bash prune.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
## Filename Pattern
|
||||||
|
|
||||||
|
Container volume backups are of the format:
|
||||||
|
|
||||||
|
```
|
||||||
|
gitea-data-2023-06-17_050002.tar.gz.enc
|
||||||
|
^ ^ ^
|
||||||
|
| | Backups are encrypted tarballs
|
||||||
|
| |
|
||||||
|
| ISO Datetime separated by _
|
||||||
|
|
|
||||||
|
Container volume name (*-data)
|
||||||
|
```
|
||||||
|
|
||||||
|
Regex to match backups that are *not* from the first of every month, using the above format:
|
||||||
|
|
||||||
|
```
|
||||||
|
[0-9A-Za-z]+-data-[0-9]{4}-[0-9]{2}-([^0][0-9]|[0-9][^1])_.*
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
# Prunes container data folders monthly on backup host.
|
||||||
|
# Removes all items but the backup from the first day of the month.
|
||||||
|
# Should run on the first day of every month - since it doesn't remove the backup
|
||||||
|
# from that time, it doesn't matter what time it's run
|
||||||
|
|
||||||
|
for item in *; do
|
||||||
|
if [[ "$item" =~ [0-9A-Za-z]+-data-[0-9]{4}-[0-9]{2}-([^0][0-9]|[0-9][^1])_.* ]]; then
|
||||||
|
echo "Removing $item"
|
||||||
|
rm -f $item
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# NOTE: DEPENDING ON PERMISSIONING, YOU MAY NEED TO RUN THIS SCRIPT USING SUDO
|
# NOTE: DEPENDING ON PERMISSIONING, YOU MAY NEED TO RUN THIS SCRIPT USING SUDO
|
||||||
|
|
||||||
source .env
|
source .env
|
||||||
|
|
||||||
DATESTRING=$(date +"%Y-%m-%d_%H%M%S" | tr '[:upper:]' '[:lower:]' | tr ' ' '_')
|
DATESTRING=$(date +"%Y-%m-%d_%H%M%S" | tr '[:upper:]' '[:lower:]' | tr ' ' '_')
|
||||||
ARCHIVE="gitea-data-${DATESTRING}.tar.gz"
|
ARCHIVE="gitea-data-${DATESTRING}.tar.gz"
|
||||||
tar -czvf $ARCHIVE gitea-data/
|
tar -czvf $ARCHIVE gitea-data/ && \
|
||||||
scp -i $BACKUP_KEYPATH -P $BACKUP_SSH_PORT $ARCHIVE $BACKUP_HOST:~/backups/
|
age -e -r age1grpe9c934q09933g7mxne03z7k6e572tjcqxdkne6rwyfht2saeq90sf3f -o $ARCHIVE.enc $ARCHIVE && \
|
||||||
rm $ARCHIVE && echo Removed $ARCHIVE.
|
scp -i $BACKUP_KEYPATH -P $BACKUP_SSH_PORT $ARCHIVE.enc $BACKUP_HOST:~/backups/
|
||||||
|
rm -f $ARCHIVE $ARCHIVE.age && echo Removed $ARCHIVE, $ARCHIVE.enc.
|
||||||
|
|
|
@ -6,6 +6,10 @@ networks:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
|
# ========================================
|
||||||
|
# GIT.MICHAELLISANO.COM
|
||||||
|
# ========================================
|
||||||
|
|
||||||
gitea-server:
|
gitea-server:
|
||||||
image: gitea/gitea:1.19.3
|
image: gitea/gitea:1.19.3
|
||||||
container_name: gitea
|
container_name: gitea
|
||||||
|
@ -33,3 +37,4 @@ services:
|
||||||
networks:
|
networks:
|
||||||
- gitea
|
- gitea
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue