diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..48e09ec --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,22 @@ +image: docker:latest + +services: + - docker:dind + +variables: + GIT_SUBMODULE_STRATEGY: "recursive" + +before_script: + - apk add docker-compose + - docker info + - docker-compose --version + +#include: +# - template: Code-Quality.gitlab-ci.yml + +test: + stage: test + script: + - scripts/subinstallers/gen_prod_env.sh "default_password" + - docker-compose -f base.yml build + diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index c1a1929..f8ff21a 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down -ExecStartPre=/bin/chown -R root:root /opt/mistborn_volumes/ + ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build ExecStartPre=/bin/systemctl stop systemd-resolved ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 32d505b..49c144d 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build diff --git a/scripts/services/Mistborn-homeassistant.service b/scripts/services/Mistborn-homeassistant.service index 65170b4..f1a0d4d 100644 --- a/scripts/services/Mistborn-homeassistant.service +++ b/scripts/services/Mistborn-homeassistant.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/homeassistant.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-jellyfin.service b/scripts/services/Mistborn-jellyfin.service index d7c4a58..86d1315 100644 --- a/scripts/services/Mistborn-jellyfin.service +++ b/scripts/services/Mistborn-jellyfin.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jellyfin.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-nextcloud.service b/scripts/services/Mistborn-nextcloud.service index 1556361..6a9302c 100644 --- a/scripts/services/Mistborn-nextcloud.service +++ b/scripts/services/Mistborn-nextcloud.service @@ -5,12 +5,12 @@ After=Mistborn-base.service [Service] Restart=always -User=root +User=www-data Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/nextcloud.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 0c68952..421912e 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-raspap.service b/scripts/services/Mistborn-raspap.service index 80169c0..2f3faec 100644 --- a/scripts/services/Mistborn-raspap.service +++ b/scripts/services/Mistborn-raspap.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/raspap.yml up --build # Stop container when unit is stopped diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index eaa8c53..e99e307 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index 3127e9d..9dcfbbf 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP # Start container when unit is started diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index a111822..c67fb85 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -10,7 +10,7 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down -ExecStartPre=/bin/chown -R --from=root:root root:root /opt/mistborn_volumes/ + ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build