Next : vaultwarden

Prochainement Pour la gestion des mots de passe en équipe ! https://github.com/dani-garcia/vaultwarden docker-compose.yml version: '3.3' services: server: restart: always container_name: vaultwarden environment: WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications. SIGNUPS_ALLOWED=: "true" ADMIN_TOKEN: "super_secret_token_api" DATABASE_URL: "postgresql://vault:StrongPassword@postgres:5432/vaultwarden" ORG_GROUPS_ENABLED: "true" INVITATIONS_ALLOWED: "false" ORG_CREATION_USERS: "test@test.com" DOMAIN: "https://test.com" volumes: - '/home/docker/vaultwarden/data:/data/' ports: - '8000:80' - '3012:3012' image: vaultwarden/server:latest postgres: restart: always image: 'postgres:latest' ports: - '5432:5432' environment: POSTGRES_USER: vault POSTGRES_PASSWORD: StrongPassword POSTGRES_DB: vaultwarden volumes: - '/home/docker/vaultwarden/db/:/var/lib/postgresql/data/' Jusqu’ici tout va bien.

28 octobre 2022 · 1 min

DRONE : my hugo pipeline

Tools CI/CD https://docs.drone.io/ https://gitea.io/en-us/ Blog https://gohugo.io/ https://github.com/adityatelange/hugo-PaperMod as git submodule Pipeline .drone.yml kind: pipeline type: docker name: default # default clone doesn't recursive clone: disable: true steps: - name: clone-with-submodules image: plugins/git pull: if-not-exists settings: depth: 50 recursive: true - name: build image: klakegg/hugo pull: if-not-exists commands: - hugo - name: deploy image: drillster/drone-rsync settings: user: from_secret: deploy-blog-user hosts: from_secret: deploy-blog-host key: from_secret: deploy-blog-key source: ./public target: /home/www/releases/${DRONE_BUILD_NUMBER} script: - ln -sfn /home/www/releases/${DRONE_BUILD_NUMBER}/public /home/www/b when: branch: include: - master trigger: branch: - master - dev Badge ...

18 juin 2022 · 1 min

Opensearch alternative to Elasticsearch

https://www.opensearch.org/ opensearch opensearch-dashboards logstash Works with rootless podman with podman-compose version: '3' services: opensearch-node1: image: opensearchproject/opensearch:1.3.1 container_name: opensearch-node1 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node1 - discovery.seed_hosts=opensearch-node1,opensearch-node2 - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 #- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM # ulimits: # memlock: # soft: -1 # hard: -1 # nofile: # soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems # hard: 65536 volumes: - opensearch-data1:/usr/share/opensearch/data ports: - 9200:9200 - 9600:9600 # required for Performance Analyzer networks: - opensearch-net opensearch-node2: image: opensearchproject/opensearch:1.3.1 container_name: opensearch-node2 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node2 - discovery.seed_hosts=opensearch-node1,opensearch-node2 - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 #- bootstrap.memory_lock=true - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # ulimits: # memlock: # soft: -1 # hard: -1 # nofile: # soft: 65536 # hard: 65536 volumes: - opensearch-data2:/usr/share/opensearch/data networks: - opensearch-net opensearch-dashboards: image: opensearchproject/opensearch-dashboards:1.3.0 container_name: opensearch-dashboards ports: - 5601:5601 expose: - "5601" environment: OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # must be a string with no spaces when specified as an environment variable logstash: image: opensearchproject/logstash-oss-with-opensearch-output-plugin:7.16.2 container_name: logstash volumes: - ./config/:/usr/share/logstash/pipeline/:ro ports: - 5044:5044 expose: - "5044" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" # networks: # - opensearch-net networks: opensearch-net:

6 mai 2022 · 1 min

La chaîne iptables DOCKER-USER

Si on démarre un container avec : docker run -p 80:80 nginx, docker rajoute une règle dans sa chaîne DOCKER-USER de iptables afin de faire son foward. De cette manière, les règles de INPUT ne sont pas utilisées et le filtre entrant ne s’applique pas au service des containers. On joue donc avec DOCKER-USER pour contourner ce problème. Par exemple on peut ajouter en dernière ligne à cette chaîne une règle -j DROP -i eth0 et filtrer par la suite. ...

14 janvier 2022 · 1 min

Gitlab-runner : DinD

gitlab-runner.yaml : Un truc du genre à adapter. [[runners]] name = "Cool" url = "https://cool/" token = "123456789" output_limit = 50000000 executor = "docker" [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] [runners.docker] tls_verify = false image = "docker:stable" privileged = true disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false shm_size = 0

3 novembre 2021 · 1 min