diff --git a/.gitignore b/.gitignore index 6fa9eb9..2268cd5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ .env .direnv +secrets/ diff --git a/srcs/cmd/getFileEnv/getFileEnv.go b/srcs/cmd/getFileEnv/getFileEnv.go new file mode 100644 index 0000000..fe7274a --- /dev/null +++ b/srcs/cmd/getFileEnv/getFileEnv.go @@ -0,0 +1,22 @@ +package main + +import ( + "fmt" + "os" + + "git.keyzox.me/42_adjoly/inception/internal/env" +) + +func main() { + args := os.Args + + if len(args) < 2 { + os.Exit(0) + } + + env := env.FileEnv(args[1], "") + if env == "" { + os.Exit(1) + } + fmt.Print(env) +} diff --git a/srcs/configs/nginx/templates/testing.conf.template b/srcs/configs/nginx/templates/testing.conf.template deleted file mode 100644 index 7e5686e..0000000 --- a/srcs/configs/nginx/templates/testing.conf.template +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 8443 ssl; - - server_name _; - - root /var/www/wordpress; - index index.php; - - ssl_certificate $NGINX_SSL_CERT_FILE; - ssl_certificate_key $NGINX_SSL_KEY_FILE; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_session_timeout 10m; - - keepalive_timeout 60; - - location / { - try_files $${q}uri $${q}uri/ =404; - } - - location ~ \.php$ { - fastcgi_pass $NGINX_PHP_HOST:9000; - fastcgi_index index.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include fastcgi.conf; - } -} diff --git a/srcs/configs/wordpress/entry/configure-wp.sh b/srcs/configs/wordpress/entry/configure-wp.sh index 9b6d171..c89cd2d 100755 --- a/srcs/configs/wordpress/entry/configure-wp.sh +++ b/srcs/configs/wordpress/entry/configure-wp.sh @@ -1,6 +1,15 @@ #!/bin/sh WP_DIR="/var/www/wordpress" +#WP_VERSION="6.7.2" + +#if [ -f "$WP_DIR/index.php" ]; then +# echo "Already downloaded wordpress, skipping..." +#else +# echo "Downloading Wordpress ${WP_VERSION}" +# wp --allow-root core download --version=${WP_VERSION} --path=${WP_DIR} +#fi + if [ -f "${WP_DIR}/wp-config.php" ]; then echo "Wordpress already configured, skipping installation" diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index f92b18e..60b1aa8 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -2,9 +2,41 @@ name: inception volumes: wp-db: + driver: local + driver_opts: + type: none + device: /home/adjoly/data/wp-db + o: bind wp-site: + driver: local + driver_opts: + type: none + device: /home/adjoly/data/wp-site + o: bind nginx-certs: + driver: local + driver_opts: + type: none + device: /home/adjoly/data/certs + o: bind backup: + driver: local + driver_opts: + type: none + device: /home/adjoly/data/backup + o: bind + +secrets: + ftp-pass: + file: ../secrets/ftp/ftp_pass.txt + root-db-pass: + file: ../secrets/db/root_db_pass.txt + user-db-pass: + file: ../secrets/db/user_db_pass.txt + borg-passphrase: + file: ../secrets/borg/borg_passphrase.txt + wp-admin-pass: + file: ../secrets/wp/wp_admin_pass.txt networks: inception: @@ -19,7 +51,6 @@ services: networks: - inception environment: - - TZ=Europe/Paris - NGINX_PHP_HOST=inception-wordp-php - NGINX_SSL_KEY_FILE=/etc/nginx/ssl/adjoly-wp.key - NGINX_SSL_CERT_FILE=/etc/nginx/ssl/adjoly-wp.crt @@ -34,7 +65,7 @@ services: - ./configs/nginx/entry:/docker-entrypoint.d - nginx-certs:/etc/nginx/ssl ports: - - "8443:8443" + - "443:443" restart: unless-stopped wordpress-php: @@ -50,12 +81,12 @@ services: environment: - WP_DB_NAME=knl - WP_DB_USER=kanel - - WP_DB_PASS=alpine + - WP_DB_PASS_FILE=/run/secrets/user-db-pass - WP_DB_HOST=db - WP_ADMIN_EMAIL=contact@kanel.ovh - WP_ADMIN_USER=kanel - - WP_ADMIN_PASS=alpine - - WP_URL=localhost:8443 + - WP_ADMIN_PASS_FILE=/run/secrets/wp-admin-pass + - WP_URL=adjoly.42.fr - WP_TITLE=Kanel Supremacy - WP_SEARCH_ENGINE_VISIBILITY=false - PHP_MEMORY_LIMIT="512M" @@ -63,10 +94,12 @@ services: - PHP_PORT=9000 - REDIS_HOSTNAME=redis - REDIS_PORT=6379 - - TZ=Europe/Paris volumes: - wp-site:/var/www/wordpress - ./configs/wordpress/entry:/docker-entrypoint.d + secrets: + - user-db-pass + - wp-admin-pass restart: unless-stopped db: @@ -77,11 +110,10 @@ services: networks: - inception environment: - - MYSQL_ROOT_PASSWORD="alpine" - - MYSQL_PASSWORD="alpine" + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/root-db-pass + - MYSQL_PASSWORD_FILE=/run/secrets/user-db-pass - MYSQL_USER="kanel" - MYSQL_DATABASE="knl" - - TZ=Europe/Paris volumes: - wp-db:/var/lib/mysql restart: unless-stopped @@ -94,7 +126,6 @@ services: depends_on: - nginx environment: - - TZ=Europe/Paris - NGINX_SSL_KEY_FILE=/etc/nginx/ssl/kanel-wp.key - NGINX_SSL_CERT_FILE=/etc/nginx/ssl/kanel-wp.crt restart: unless-stopped @@ -107,10 +138,8 @@ services: networks: - inception environment: - - TZ=Europe/Paris # handled by tzdata - CRON_INTERVAL=0 2 * * * # handled by entrypoint - - BORG_PASSPHRASE=Hanky-Kangaroo-Thinning5-Statute-Mascot-Islamist - - BORG_COMPRESS= + - BORG_PASSPHRASE_FILE=/run/secrets/borg-passphrase - BORG_PRUNE_KEEP_DAILY=3 - BORG_PRUNE_KEEP_WEEKLY=2 - BORG_PRUNE_KEEP_MONTHLY=1 @@ -124,6 +153,8 @@ services: - wp-db:/source/db - wp-site:/source/wordpress - backup:/backup + secrets: + - borg-passphrase restart: unless-stopped adminer: @@ -158,10 +189,12 @@ services: - inception environment: - VSFTPD_USER=kanel - - VSFTPD_PASS=alpine + - VSFTPD_PASS_FILE=/run/secrets/ftp-pass volumes: - wp-site:/var/ftp ports: - 21:21 - 30000-30100:30000-30100 + secrets: + - ftp-pass restart: unless-stopped diff --git a/srcs/docker/bonus/adminer/Dockerfile b/srcs/docker/bonus/adminer/Dockerfile index 1a80c76..041b13c 100644 --- a/srcs/docker/bonus/adminer/Dockerfile +++ b/srcs/docker/bonus/adminer/Dockerfile @@ -9,7 +9,7 @@ VOLUME /var/www/adminer COPY docker/bonus/adminer/adminer-4.17.1-mysql.php /var/www/adminer/index.php RUN apk update \ - && apk add php84 php84-mysqli php84-session curl \ + && apk add php84 php84-mysqli php84-session curl tzdata \ && addgroup -S adminer \ && adduser -S -G adminer adminer \ && chown -R adminer:adminer /var/www/adminer \ diff --git a/srcs/docker/bonus/vsftpd/Dockerfile b/srcs/docker/bonus/vsftpd/Dockerfile index 56aa987..fe84de2 100644 --- a/srcs/docker/bonus/vsftpd/Dockerfile +++ b/srcs/docker/bonus/vsftpd/Dockerfile @@ -1,8 +1,24 @@ +FROM scratch AS builder +ADD docker/alpine/alpine-minirootfs-3.21.2-x86_64.tar.gz / + +RUN apk add --no-cache go + +WORKDIR /build + +COPY go.sum /build/go.sum +COPY go.mod /build/go.mod +COPY cmd /build/cmd +COPY internal /build/internal + +RUN cd /build \ + && go build git.keyzox.me/42_adjoly/inception/cmd/getEnvFile + FROM scratch ADD docker/alpine/alpine-minirootfs-3.21.2-x86_64.tar.gz / -RUN apk add vsftpd +RUN apk add vsftpd tzdata +COPY --from=builder /build/getEnvFile /bin/getEnvFile COPY docker/bonus/vsftpd/entry.sh /docker-entrypoint COPY docker/bonus/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf RUN chmod +x /docker-entrypoint diff --git a/srcs/docker/bonus/vsftpd/entry.sh b/srcs/docker/bonus/vsftpd/entry.sh index 5379f99..f91b5c5 100644 --- a/srcs/docker/bonus/vsftpd/entry.sh +++ b/srcs/docker/bonus/vsftpd/entry.sh @@ -12,7 +12,7 @@ else echo "[*] Creating vsftpd user" adduser -D $VSFTPD_USER - echo "$VSFTPD_USER:$VSFTPD_PASS" | /usr/sbin/chpasswd > /dev/null + echo "$VSFTPD_USER:$(getEnvFile VSFTPD_PASSWORD)" | /usr/sbin/chpasswd > /dev/null echo "[*] Giving vsftpd user ownership of WordPress data directory" chown -R "$VSFTPD_USER:$VSFTPD_USER" /var/ftp diff --git a/srcs/docker/mariadb/Dockerfile b/srcs/docker/mariadb/Dockerfile index 07426a4..af3fbfc 100644 --- a/srcs/docker/mariadb/Dockerfile +++ b/srcs/docker/mariadb/Dockerfile @@ -44,4 +44,4 @@ WORKDIR /var/lib/mysql EXPOSE 3306 CMD [ "mariadbd", "--user=mysql" ] -HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=3s --start-interval=2s CMD /docker-healthcheck +HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=5s --start-interval=2s CMD /docker-healthcheck