kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2024-11-10 06:51:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:kevinveenbirkenbach/server-manager

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2022-02-01 10:49:12 +01:00
commit be6000476f
13 changed files with 125 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
playbook.yml
View File

@ -7,6 +7,11 @@
- system-update - system-update
- native-journalctl - native-journalctl
#- native-hostname #- native-hostname
- name: setup btrfs health check
hosts: btrfs_health_check_hosts
become: true
roles:
- native-btrfs-health-check
- name: setup standard wireguard hosts - name: setup standard wireguard hosts
hosts: wireguard_hosts hosts: wireguard_hosts
become: true become: true

23
roles/docker-mailu/templates/docker-compose.yml.j2
View File

@ -14,6 +14,8 @@ services:
interval: 1s interval: 1s
timeout: 3s timeout: 3s
retries: 30 retries: 30
logging:
driver: journald
database: database:
image: mariadb image: mariadb
restart: always restart: always
@ -29,13 +31,16 @@ services:
interval: 3s interval: 3s
timeout: 1s timeout: 1s
retries: 5 retries: 5
logging:
driver: journald
# Core services # Core services
front: front:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
logging: logging:
driver: json-file driver: journald
ports: ports:
- "127.0.0.1:{{ http_port }}:80" - "127.0.0.1:{{ http_port }}:80"
- "{{ ip4_address }}:25:25" - "{{ ip4_address }}:25:25"
@ -60,6 +65,8 @@ services:
- "dkim:/dkim" - "dkim:/dkim"
depends_on: depends_on:
- front - front
logging:
driver: journald
imap: imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
restart: always restart: always
@ -69,6 +76,8 @@ services:
- "/etc/mailu/overrides:/overrides" - "/etc/mailu/overrides:/overrides"
depends_on: depends_on:
- front - front
logging:
driver: journald
smtp: smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
@ -79,6 +88,8 @@ services:
- "smtp_queue:/queue" - "smtp_queue:/queue"
depends_on: depends_on:
- front - front
logging:
driver: journald
antispam: antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
@ -90,6 +101,8 @@ services:
- "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d" - "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d"
depends_on: depends_on:
- front - front
logging:
driver: journald
# Optional services # Optional services
antivirus: antivirus:
@ -98,6 +111,8 @@ services:
env_file: mailu.env env_file: mailu.env
volumes: volumes:
- "filter:/data" - "filter:/data"
logging:
driver: journald
webdav: webdav:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8}
@ -105,6 +120,8 @@ services:
env_file: mailu.env env_file: mailu.env
volumes: volumes:
- "webdav_data:/data" - "webdav_data:/data"
logging:
driver: journald
# Deactivated, because service leads to slowing down of webservices. # Deactivated, because service leads to slowing down of webservices.
# Checkout the readme.md for more information # Checkout the readme.md for more information
@ -112,6 +129,8 @@ services:
# image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} # image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8}
# restart: always # restart: always
# env_file: mailu.env # env_file: mailu.env
# logging:
# driver: journald
# Webmail # Webmail
webmail: webmail:
@ -122,6 +141,8 @@ services:
- "webmail_data:/data" - "webmail_data:/data"
depends_on: depends_on:
- imap - imap
logging:
driver: journald
volumes: volumes:
database: database:
smtp_queue: smtp_queue:

18
roles/docker-nextcloud/README.md
View File

@ -67,6 +67,15 @@ To use occ run:
```bash ```bash
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
``` ```
### app relevant tables
- oc_appconfig
- oc_migrations
### initialize duplicates
```bash
sudo docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ duplicates:find-all --output
```
### unlock files ### unlock files
```bash ```bash
@ -81,12 +90,17 @@ Until NC24 MariaDB version has to be used.
## performance ## performance
### 504 Gateway Timeout ### 504 Gateway Timeout
- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 ```bash
docker logs nextcloud_web_1 --tail 1000 | grep 504
```
#### See #### See
- https://support.f5.com/csp/article/K48373902
- https://github.com/nextcloud/server/issues/25436 - https://github.com/nextcloud/server/issues/25436
- https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2 - https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2
- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070
## further information ## further information
- https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml - https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml

1
roles/docker-nextcloud/templates/nginx.conf.j2
View File

@ -25,6 +25,7 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
fastcgi_send_timeout 600s; fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s; fastcgi_read_timeout 600s;
proxy_buffering off;
#gzip on; #gzip on;

8
roles/native-btrfs-health-check/README.md Normal file
View File

@ -0,0 +1,8 @@
# btrfs-health-check
Sends a health report
## see
- https://superuser.com/questions/789303/how-to-monitor-btrfs-filesystem-raid-for-errors
- https://unix.stackexchange.com/questions/193619/list-all-btrfs-filesystems-and-subvolumes-in-shell
- https://www.freedesktop.org/software/systemd/man/systemd.unit.html

8
roles/native-btrfs-health-check/files/btrfs-health-check.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Check btrfs status
OnFailure=systemd-email@%n.service
OnSuccess=systemd-email@%n.service
[Service]
Type=oneshot
ExecStart=/bin/bash /home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh

6
roles/native-btrfs-health-check/files/btrfs-health-check.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Checks the healt of all btrfs volumes
for path in $(btrfs filesystem show | awk '/ path /{print $NF}')
do
btrfs device stats $path
done

8
roles/native-btrfs-health-check/files/btrfs-health-check.timer Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=starts btrfs-health-check.service
[Timer]
OnCalendar=12:00
[Install]
WantedBy=timers.target

12
roles/native-btrfs-health-check/handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
- name: "restart btrfs-health-check.service"
systemd:
name: btrfs-health-check.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "restart btrfs-health-check.timer"
systemd:
name: btrfs-health-check.timer
state: restarted
enabled: yes
daemon_reload: yes

2
roles/native-btrfs-health-check/meta/main.yml Normal file
View File

@ -0,0 +1,2 @@
dependencies:
- native-systemd-email

22
roles/native-btrfs-health-check/tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
- name: "create /home/administrator/scripts/btrfs-health-check/"
file:
path: "/home/administrator/scripts/btrfs-health-check"
state: directory
mode: 0755
- name: create btrfs-health-check.sh
copy:
src: btrfs-health-check.sh
dest: "/home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh"
- name: create btrfs-health-check.service
copy:
src: btrfs-health-check.service
dest: "/etc/systemd/system/btrfs-health-check.service"
notify: restart btrfs-health-check.service
- name: create btrfs-health-check.timer
copy:
src: btrfs-health-check.timer
dest: "/etc/systemd/system/btrfs-health-check.timer"
notify: restart btrfs-health-check.timer

6
roles/native-docker-reverse-proxy/readme.md
View File

@ -11,3 +11,9 @@ curl -I {{address}}
## performance ## performance
- https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy - https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy
- https://www.tweaked.io/guide/nginx-proxying/ - https://www.tweaked.io/guide/nginx-proxying/
- https://serverfault.com/questions/796735/nginx-reverse-proxy-is-slow/796740
- https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng
- https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin
- https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi
- https://github.com/sissbruecker/linkding/issues/88
- https://www.bogotobogo.com/DevOps/Docker/Docker-Compose-Nginx-Reverse-Proxy-Multiple-Containers.php

7
roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2
View File

@ -6,11 +6,16 @@ location /
proxy_pass http://127.0.0.1:{{http_port}}/; proxy_pass http://127.0.0.1:{{http_port}}/;
{% endif %} {% endif %}
# headers
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Port 443;
# deactivate buffering
proxy_buffering off;
proxy_request_buffering off;
# timeouts # timeouts
proxy_connect_timeout 1s; proxy_connect_timeout 1s;
proxy_send_timeout 300s; proxy_send_timeout 300s;
@ -19,6 +24,7 @@ location /
# cache media files # cache media files
location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ { location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ {
proxy_buffering on;
proxy_cache cache; proxy_cache cache;
proxy_cache_key $host$uri$is_args$args; proxy_cache_key $host$uri$is_args$args;
proxy_cache_revalidate on; proxy_cache_revalidate on;
@ -37,6 +43,7 @@ location /
# cache content # cache content
location ~* \.(html|css|js)$ { location ~* \.(html|css|js)$ {
proxy_buffering on;
proxy_cache cache; proxy_cache cache;
proxy_cache_key $host$uri$is_args$args; proxy_cache_key $host$uri$is_args$args;
proxy_cache_revalidate on; proxy_cache_revalidate on;