|
|
|
MODULES += nginx
|
|
|
|
MODULES += keycloak
|
|
|
|
MODULES += hedgedoc
|
|
|
|
MODULES += grafana
|
|
|
|
MODULES += prometheus
|
|
|
|
MODULES += mastodon
|
|
|
|
MODULES += matrix
|
|
|
|
MODULES += nextcloud
|
|
|
|
MODULES += mobilizon
|
|
|
|
MODULES += gitea
|
|
|
|
MODULES += nitter
|
|
|
|
#MODULES += pixelfed
|
|
|
|
|
|
|
|
include env.production
|
|
|
|
domain_name := $(DOMAIN_NAME)
|
|
|
|
|
|
|
|
|
|
|
|
help:
|
|
|
|
@echo "usage: make run"
|
|
|
|
UC = $(shell echo '$1' | tr '[:lower:]' '[:upper:]')
|
|
|
|
|
|
|
|
DOCKER = \
|
|
|
|
$(foreach m,$(MODULES),. data/$m/secrets && ) \
|
|
|
|
docker-compose \
|
|
|
|
--env-file env.production \
|
|
|
|
$(foreach m,$(MODULES),--file ./$m.yaml) \
|
|
|
|
|
|
|
|
run:
|
|
|
|
$(DOCKER) up
|
|
|
|
down:
|
|
|
|
$(DOCKER) down
|
|
|
|
nginx-shell:
|
|
|
|
$(DOCKER) exec nginx sh
|
|
|
|
nginx-logs:
|
|
|
|
$(DOCKER) logs -f --tail 1000 nginx
|
|
|
|
mastodon-logs:
|
|
|
|
$(DOCKER) logs -f --tail 1000 mastodon
|
|
|
|
grafana-shell:
|
|
|
|
$(DOCKER) exec grafana bash
|
|
|
|
hedgedoc-shell:
|
|
|
|
$(DOCKER) exec hedgedoc sh
|
|
|
|
keycloak-shell:
|
|
|
|
$(DOCKER) exec keycloak sh
|
|
|
|
keycloak-rebuild:
|
|
|
|
$(DOCKER) create keycloak
|
|
|
|
$(DOCKER) restart keycloak
|
|
|
|
mastodon-es-rebuild:
|
|
|
|
$(DOCKER) create mastodon-es
|
|
|
|
$(DOCKER) restart mastodon-es
|
|
|
|
mastodon-shell:
|
|
|
|
$(DOCKER) exec mastodon bash
|
|
|
|
mastodon-streaming-shell:
|
|
|
|
$(DOCKER) exec mastodon-streaming bash
|
|
|
|
matrix-shell:
|
|
|
|
$(DOCKER) exec matrix-synapse bash
|
|
|
|
nextcloud-shell:
|
|
|
|
$(DOCKER) exec nextcloud bash
|
|
|
|
matrix-logs:
|
|
|
|
$(DOCKER) logs --tail 100 -f matrix-synapse
|
|
|
|
nextcloud-logs:
|
|
|
|
$(DOCKER) logs -f nextcloud
|
|
|
|
nginx-build: data/nginx/secrets
|
|
|
|
$(DOCKER) build nginx
|
|
|
|
|
|
|
|
certdir = ./data/certbot/conf/live/${DOMAIN_NAME}
|
|
|
|
|
|
|
|
run: secrets-setup
|
|
|
|
|
|
|
|
secrets-setup: $(foreach m,$(MODULES),data/$m/secrets)
|
|
|
|
|
|
|
|
# Create the per-subdomain secrets if they don't exist
|
|
|
|
# not every service requires all of these features, but create them anyway
|
|
|
|
GET_MODULE = $(call UC,$(word 2,$(subst /, ,$@)))
|
|
|
|
RAND = $$(openssl rand -hex $1)
|
|
|
|
|
|
|
|
data/%/secrets:
|
|
|
|
mkdir -p $(dir $@)
|
|
|
|
echo >$@ "# DO NOT CHECK IN"
|
|
|
|
echo >>$@ "export $(GET_MODULE)_ADMIN_PASSWORD=$(call RAND,8)"
|
|
|
|
echo >>$@ "export $(GET_MODULE)_CLIENT_SECRET=$(call RAND,20)"
|
|
|
|
echo >>$@ "export $(GET_MODULE)_SESSION_SECRET=$(call RAND,20)"
|
|
|
|
|
|
|
|
data/gitea/secrets: data/gitea/host-setup.done
|
|
|
|
data/gitea/host-setup.done:
|
|
|
|
sudo ./gitea/host-setup.sh
|
|
|
|
mkdir -p $(dir $@)
|
|
|
|
touch $@
|
|
|
|
|
|
|
|
keycloak-setup: secrets-setup
|
|
|
|
docker exec keycloak /setup.sh
|
|
|
|
|
|
|
|
# Determine the extra hostnames that need to be included in the SSL cert
|
|
|
|
# see sites/README.md for an explanation of how to add additional sites
|
|
|
|
EXTRA_HOSTNAMES=$(foreach f,$(wildcard sites/*.conf),$(notdir $(f:.conf=)))
|
|
|
|
|
|
|
|
certbot:
|
|
|
|
$(DOCKER) \
|
|
|
|
run --entrypoint '/bin/sh -c "\
|
|
|
|
rm -rf /etc/letsencrypt ; \
|
|
|
|
certbot certonly \
|
|
|
|
--webroot \
|
|
|
|
--webroot-path /var/www/certbot \
|
|
|
|
--email "admin@$(DOMAIN_NAME)" \
|
|
|
|
--rsa-key-size "2048" \
|
|
|
|
--agree-tos \
|
|
|
|
--no-eff-email \
|
|
|
|
--force-renewal \
|
|
|
|
-d $(DOMAIN_NAME) \
|
|
|
|
$(foreach m,$(MODULES),\
|
|
|
|
-d $($(call UC,$m)_HOSTNAME).$(DOMAIN_NAME)) \
|
|
|
|
$(foreach m,$(EXTRA_HOSTNAMES),\
|
|
|
|
-d $m) \
|
|
|
|
"' certbot
|
|
|
|
|
|
|
|
|
|
|
|
nginx-reload:
|
|
|
|
$(DOCKER) restart nginx
|
|
|
|
nextcloud-restart:
|
|
|
|
$(DOCKER) restart nextcloud
|
|
|
|
|
|
|
|
|
|
|
|
config:
|
|
|
|
$(DOCKER) config
|
|
|
|
|
|
|
|
FORCE:
|