magicalyak

#!/bin/sh

set -eu -o pipefail

CONTAINER_NAME="eap_proxy"
IMAGE_NAME="pbrah/eap_proxy-udmpro"
IMAGE_TAG="v1.1"

container_exists() {
	podman container inspect "${1}" &>/dev/null

magicalyak

server {
    listen 8080;
    server_name _;
    access_log off;
    location /api {
	api write=off;
    }
    location = /dashboard.html {
	root /usr/share/nginx/html;
    }

magicalyak

# First command is adding the sync directive to the keyavl zone
# Second command is adding the zone_sync listener and directive that lets NGINX sync the state of the keyval zone. It uses service discovery to find the other NGINX instances based off of a headless service in kubernetes for the nginx-ingress pods.
# Third command creates the headless service with port 12345
# Fourth and Fifth apply the service and the nginx-config that includes the stream config for zone_sync and the keyval zones.

# sed -i 's/\(.*keyval_zone.*\);/\1 sync;/g' nginx-config.yaml.orig
# sed -i 's/\(^data:.*\)/\1 \n  stream-snippets:\n    resolver kube-dns.kube-system.svc.cluster.local valid=5s;\n\n    server {\n      listen 0.0.0.0:12345;\n      zone_sync;\n      zone_sync_server nginx-ingress-headless.nginx-ingress.svc.cluster.local:12345 resolve;\n    }\n/g' nginx-config.yaml.orig
# cat << EOF >> headless.yaml
apiVersion: v1
kind: Service

magicalyak

image: docker:19.03.1
#
# Best practices
#
# - Do not use “latest” nor “stable” images when using a CI because we want reproducibility,
# on this pipeline for days, month or years. "Latest" images will break things. Always target a version
#
# - Speed up pipeline docker builds by pulling the “latest” image ($CI_REGISTRY_IMAGE:latest)
# before building , and then build with --cache-from $CI_REGISTRY_IMAGE:latest.
# This ensures the GitLab runner has the latest image and can leverage docker imagelayer caching.

magicalyak

#!/bin/bash
if [ ! "$(docker ps -q -f name=controller-postgres)" ]; then
    if [ "$(docker ps -aq -f status=exited -f name=controller-postgres)" ]; then
        docker start controller-postgres
        docker start controller-smtp
    fi
fi
echo "Sleeping 20 seconds before reboot"
sleep 20
sudo reboot

magicalyak

#!/bin/bash

### Run this on the nplus instances to fix the issue where they start before the controller is running

sudo mkdir -p /etc/systemd/system/controller-agent.service.d/
{ echo "[Service]";
  echo "Restart=on-failure";
  echo "RestartSec=60s";
} | sudo tee /etc/systemd/system/controller-agent.service.d/10-restart-delay.conf
sudo systemctl daemon-reload

magicalyak

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

magicalyak

FROM python:2.7.12
RUN groupadd flaskgroup && useradd -m -g flaskgroup -s /bin/bash flask
RUN mkdir -p /home/flask/app/web
RUN printf "deb http://archive.debian.org/debian/ jessie main\ndeb-src http://archive.debian.org/debian/ jessie main\ndeb http://security.debian.org jessie/updates main\ndeb-src http://security.debian.org jessie/updates main" > /etc/apt/sources.list
RUN apt-get update && apt-get install curl -y
WORKDIR /home/flask/app/web
COPY requirements.txt /home/flask/app/web
RUN pip install --no-cache-dir -r requirements.txt
COPY . /home/flask/app/web
RUN chown -R flask:flaskgroup /home/flask

magicalyak

  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: salab_idm
    provider:
      apiVersion: v1
      attributes:
        email:
        - mail

magicalyak

{
    "Ubiquiti Unifi linuxserver.io": {
        "containers": {
            "unifi-linuxserver": {
                "image": "linuxserver/unifi",
                "launch_order": 1,
                "ports": {
                    "3478": {
                        "description": "STUN Port (UDP). Suggested default: 3478",
                        "host_default": 3478,