first commit

2016-04-29 21:07:22 +02:00 · 2016-04-29 21:07:22 +02:00 · 2f106966cf
commit 2f106966cf
14 changed files with 143 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,3 @@
+.envrc
+Dockerfile
+cache
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+cache
--- a/71
+++ b/71
@ -0,0 +1,71 @@
+FROM alpine:edge
+
+# 1. common tools
+# 2. programing languages
+# 3. icinga2 stuff
+# 4. letsencrypt deps
+RUN apk add --no-cache --update \
+  bind-tools tcpdump openssh lsof curl wget git mercurial strace tmux vim rsync htop bash openssl \
+  ruby python go build-base \
+  nginx postgresql icinga2 \
+  py-requests py-setuptools && \
+  mkdir -p /run/nginx
+
+## S6 supervisor
+RUN curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v1.17.2.0/s6-overlay-amd64.tar.gz | tar -xzf - -C /
+
+## Influxdb
+RUN export GOPATH=/tmp/go \
+  && mkdir -p /etc/influxdb/ $GOPATH/src/github.com/influxdata \
+  && curl -sSL https://github.com/influxdata/influxdb/archive/v0.12.2.tar.gz | tar -xzf - -C /tmp \
+  && mv /tmp/influxdb-* $GOPATH/src/github.com/influxdata/influxdb \
+  && cd $GOPATH/src/github.com/influxdata/influxdb \
+  && go get github.com/sparrc/gdm \
+  && export PATH=$GOPATH/bin:$PATH \
+  && gdm restore \
+  && go install ./... \
+  && cp $GOPATH/bin/influx* /usr/bin/ \
+  && rm -rf $GOPATH
+
+## Grafana
+RUN apk add --no-cache nodejs \
+   && export GOPATH=/tmp/go \
+   && mkdir -p /opt/grafana/conf $GOPATH/src/github.com/grafana/ \
+   && curl -sSL https://github.com/grafana/grafana/archive/v3.0-beta5.tar.gz | tar -xzf - -C /tmp \
+   && mv /tmp/grafana-* $GOPATH/src/github.com/grafana/grafana \
+   && cd $GOPATH/src/github.com/grafana/grafana \
+   && go run build.go setup \
+   && $GOPATH/bin/godep restore \
+   && go run build.go build \
+   && npm install \
+   && npm install -g grunt-cli \
+   && grunt \
+   && npm uninstall -g grunt-cli \
+   && npm cache clear \
+   && cp -a $GOPATH/src/github.com/grafana/grafana/bin/* /usr/bin/ \
+   && cp -ra $GOPATH/src/github.com/grafana/grafana/public_gen /opt/grafana/public \
+   && apk del --purge nodejs \
+   && rm -rf $GOPATH /root/.npm* \
+   && addgroup -g 45555 grafana \
+   && adduser -u 45555 -G grafana -D grafana
+
+## simp_le
+RUN apk --no-cache add libffi-dev python-dev openssl-dev && \
+  mkdir -p /tmp/simp_le /etc/ssl/letsencrypt && \
+  curl -sSL https://github.com/kuba/simp_le/archive/master.tar.gz | tar -xzf - -C /tmp && \
+  cd /tmp/simp_le-master && \
+  python ./setup.py install && \
+  rm -rf /tmp/simp_le-master && apk del git py-pip libffi-dev python-dev openssl-dev && \
+  echo "3	10	*	*	*	/usr/bin/update-certs" >> /etc/crontabs/root
+
+## temporary keys until letsencrypt certificate is generated
+RUN cd /etc/ssl/letsencrypt && \
+    openssl req -x509 -newkey rsa:2048 -keyout nginx/key.pem -out nginx/fullchain.pem -days 5 && \
+    cat nginx/key.pem nginx/fullchain.pem > influxdb/combined.pem
+
+RUN icinga2 feature enable ido-pgsql
+
+VOLUME [ "/var/lib/influxdb/data", "/var/lib/influxdb/meta", "/var/lib/postgres/", "/var/lib/grafana", "/etc/grafana", "/etc/icinga2", "/etc/icinga-web", "/etc/icingaweb2", "/var/lib/icinga2", "/etc/ssmtp"]
+EXPOSE 22 80 443
+ADD . /
+ENTRYPOINT ["/init"]
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+all: run
+
+build:
+	docker build -t monitoring .
+
+run: build
+	docker run --rm -ti monitoring sh
--- a/etc/fix-attrs.d/grafana-dir
+++ b/etc/fix-attrs.d/grafana-dir
@ -0,0 +1,2 @@
+/var/lib/grafana true grafana 0755 0755
+/var/log/grafana true grafana 0755 0755
--- a/etc/influxdb/config.toml
+++ b/etc/influxdb/config.toml
@ -0,0 +1,16 @@
+reporting-disabled = true
+
+[meta]
+  dir = "/var/lib/influxdb/meta"
+  retention-autocreate = true
+  logging-enabled = true
+  lease-duration = "1m0s"
+
+[http]
+  auth-enabled = true
+  https-enabled = true
+  https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"
+
+[admin]
+  https-enabled = true
+  https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"
--- a/etc/services.d/cron/run
+++ b/etc/services.d/cron/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+crond -l 2 -f
--- a/etc/services.d/grafana/run
+++ b/etc/services.d/grafana/run
@ -0,0 +1,4 @@
+#!/usr/bin/execlineb -P
+cat
+#s6-setuidgid grafana
+#/opt/grafana/bin/grafana-server -homepath /opt/grafana cfg:default.paths.data=/var/lib/grafana
--- a/etc/services.d/icinga2/run
+++ b/etc/services.d/icinga2/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+cat
--- a/etc/services.d/influxdb/run
+++ b/etc/services.d/influxdb/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+/usr/bin/influxd -config /etc/influxdb/config.toml
--- a/etc/services.d/nginx/run
+++ b/etc/services.d/nginx/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+nginx -g "daemon off;"
--- a/etc/services.d/postgres/run
+++ b/etc/services.d/postgres/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+cat
--- a/etc/services.d/sshd/run
+++ b/etc/services.d/sshd/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+cat
--- a/usr/bin/update-certs
+++ b/usr/bin/update-certs
@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -eux
+
+gen_cert() {
+  local app="$1"; shift
+  local restart_action="$1"; shift
+
+  cd "/etc/ssl/letsencrypt/$app"
+  mkdir -p "/etc/ssl/letsencrypt/$app"
+
+  set +e
+  simp_le --email joerg@higgsboson.tk \
+    -f account_key.json \
+    -f fullchain.pem \
+    -f key.pem \
+    $(for domain in "$@"; do echo "-d $domain"; done) \
+    --default_root /var/www/letsenrypt
+  cat fullchain.pem key.pem > combined.pem
+  local rc=$?
+  [ $rc = 1 ] && $restart_action
+  [ $rc != 0 ] && exit $rc
+}
+
+gen_cert "nginx" "nginx -s reload" "status.higgsboson.tk" "stats.higgsboson.tk"
+gen_cert "influxdb" "s6-svc -t /var/run/s6/services/influxdb" "influxdb.higgsboson.tk"
+touch /etc/ssl/letsencrypt/last-check