Lint files
This commit is contained in:
parent
0faa34ac7b
commit
26de0a233a
File diff suppressed because one or more lines are too long
|
@ -160,12 +160,12 @@
|
|||
"select": ["403", "444"]
|
||||
}
|
||||
},
|
||||
"jobs": [
|
||||
{
|
||||
"name": "default-server-cert",
|
||||
"file": "default-server-cert.py",
|
||||
"every": "once",
|
||||
"reload": false
|
||||
}
|
||||
]
|
||||
"jobs": [
|
||||
{
|
||||
"name": "default-server-cert",
|
||||
"file": "default-server-cert.py",
|
||||
"every": "once",
|
||||
"reload": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -72,12 +72,7 @@ if distro == "ubuntu":
|
|||
f.write(bash_script)
|
||||
f.flush()
|
||||
subprocess.run(
|
||||
[
|
||||
"docker",
|
||||
"cp",
|
||||
f.name,
|
||||
"systemd-ubuntu:/data/install_nginx.sh"
|
||||
]
|
||||
["docker", "cp", f.name, "systemd-ubuntu:/data/install_nginx.sh"]
|
||||
)
|
||||
result = subprocess.run(
|
||||
[
|
||||
|
@ -444,12 +439,7 @@ if distro == "ubuntu":
|
|||
f.write(bash_script)
|
||||
f.flush()
|
||||
subprocess.run(
|
||||
[
|
||||
"docker",
|
||||
"cp",
|
||||
f.name,
|
||||
"systemd-ubuntu:/data/install_nginx.sh"
|
||||
]
|
||||
["docker", "cp", f.name, "systemd-ubuntu:/data/install_nginx.sh"]
|
||||
)
|
||||
result = subprocess.run(
|
||||
[
|
||||
|
@ -975,12 +965,7 @@ elif distro == "debian":
|
|||
f.write(bash_script)
|
||||
f.flush()
|
||||
subprocess.run(
|
||||
[
|
||||
"docker",
|
||||
"cp",
|
||||
f.name,
|
||||
"systemd-debian:/data/install_nginx.sh"
|
||||
]
|
||||
["docker", "cp", f.name, "systemd-debian:/data/install_nginx.sh"]
|
||||
)
|
||||
result = subprocess.run(
|
||||
[
|
||||
|
@ -1551,7 +1536,9 @@ elif distro == "fedora":
|
|||
subprocess.run(["docker", "start", "systemd-fedora"])
|
||||
|
||||
def check_container_status():
|
||||
result = subprocess.run(["docker", "inspect", "systemd-fedora"], stdout=subprocess.PIPE)
|
||||
result = subprocess.run(
|
||||
["docker", "inspect", "systemd-fedora"], stdout=subprocess.PIPE
|
||||
)
|
||||
return "running" in str(result.stdout)
|
||||
|
||||
while True:
|
||||
|
@ -1682,9 +1669,7 @@ elif distro == "rhel":
|
|||
with tempfile.NamedTemporaryFile(mode="w") as f:
|
||||
f.write(bash_script)
|
||||
f.flush()
|
||||
subprocess.run(
|
||||
["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"]
|
||||
)
|
||||
subprocess.run(["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"])
|
||||
result = subprocess.run(
|
||||
[
|
||||
"docker",
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/apt/sources.list
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Update APT cache and install dependencies
|
||||
shell: apt update && apt autoclean && apt install -y unattended-upgrades python3-apt rename python3-pip
|
||||
|
@ -16,7 +16,7 @@
|
|||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: copy 20auto-upgrades
|
||||
copy:
|
||||
|
@ -24,4 +24,4 @@
|
|||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
dest: /etc/fail2ban/jail.d/defaults-debian.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Update /etc/network/interfaces.d/50-cloud-init
|
||||
template:
|
||||
|
@ -13,9 +13,9 @@
|
|||
dest: /etc/network/interfaces.d/50-cloud-init
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart networking
|
||||
- Restart networking
|
||||
|
||||
- name: Update /etc/sysctl.d/70-disable-ipv6.conf
|
||||
copy:
|
||||
|
@ -23,7 +23,6 @@
|
|||
dest: /etc/sysctl.d/70-disable-ipv6.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Reload sysctl
|
||||
|
||||
- Reload sysctl
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
dest: /etc/apt/sources.list.d/docker.list
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Trust docker key
|
||||
apt_key:
|
||||
|
|
|
@ -5,6 +5,6 @@
|
|||
dest: /etc/network/interfaces.d/ens4
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart networking
|
||||
- Restart networking
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/apt/sources.list
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Update APT cache and install dependencies
|
||||
shell: apt update && apt autoclean && apt install -y python3-apt rename python3-pip sudo
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Update /etc/network/interfaces.d/50-cloud-init
|
||||
template:
|
||||
|
@ -13,9 +13,9 @@
|
|||
dest: /etc/network/interfaces.d/50-cloud-init
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart networking
|
||||
- Restart networking
|
||||
|
||||
- name: Update /etc/sysctl.d/70-disable-ipv6.conf
|
||||
copy:
|
||||
|
@ -23,7 +23,6 @@
|
|||
dest: /etc/sysctl.d/70-disable-ipv6.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Reload sysctl
|
||||
|
||||
- Reload sysctl
|
||||
|
|
|
@ -8,4 +8,4 @@
|
|||
state: present
|
||||
user: "user"
|
||||
commands: ALL
|
||||
nopassword: true
|
||||
nopassword: true
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
dest: /etc/apt/sources.list.d/docker.list
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Trust docker key
|
||||
apt_key:
|
||||
|
|
|
@ -5,6 +5,6 @@
|
|||
dest: /etc/network/interfaces.d/60-ens5-vpc
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart networking
|
||||
- Restart networking
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"insecure-registries" : ["192.168.42.100:5000"]
|
||||
"insecure-registries": ["192.168.42.100:5000"]
|
||||
}
|
||||
|
|
|
@ -69,7 +69,7 @@
|
|||
dest: /etc/docker/daemon.json
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Reload docker
|
||||
service:
|
||||
|
|
|
@ -1,157 +1,157 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
- name: API_WHITELIST_IP
|
||||
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
- name: USE_REAL_IP
|
||||
value: "yes"
|
||||
- name: USE_PROXY_PROTOCOL
|
||||
value: "yes"
|
||||
- name: REAL_IP_HEADER
|
||||
value: "proxy_protocol"
|
||||
- name: REAL_IP_FROM
|
||||
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
|
||||
- name: USE_LETS_ENCRYPT_STAGING
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /opt/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /opt/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
imagePullSecrets:
|
||||
- name: secret-registry
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
volumes:
|
||||
- name: vol-bunkerweb
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
volumeMounts:
|
||||
- name: vol-bunkerweb
|
||||
mountPath: /data
|
||||
imagePullSecrets:
|
||||
- name: secret-registry
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
- name: API_WHITELIST_IP
|
||||
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
- name: USE_REAL_IP
|
||||
value: "yes"
|
||||
- name: USE_PROXY_PROTOCOL
|
||||
value: "yes"
|
||||
- name: REAL_IP_HEADER
|
||||
value: "proxy_protocol"
|
||||
- name: REAL_IP_FROM
|
||||
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
|
||||
- name: USE_LETS_ENCRYPT_STAGING
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /opt/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /opt/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
imagePullSecrets:
|
||||
- name: secret-registry
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
volumes:
|
||||
- name: vol-bunkerweb
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
volumeMounts:
|
||||
- name: vol-bunkerweb
|
||||
mountPath: /data
|
||||
imagePullSecrets:
|
||||
- name: secret-registry
|
||||
|
|
Loading…
Reference in New Issue