librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Lint files

This commit is contained in:
Théophile Diot 2023-02-17 10:11:47 +01:00
parent 0faa34ac7b
commit 26de0a233a
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
16 changed files with 287 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
src/common/core/misc/files/default.html
View File

File diff suppressed because one or more lines are too long

16
src/common/core/misc/plugin.json
View File

@ -160,12 +160,12 @@
"select": ["403", "444"]
}
},
"jobs": [
{
"name": "default-server-cert",
"file": "default-server-cert.py",
"every": "once",
"reload": false
}
]
"jobs": [
{
"name": "default-server-cert",
"file": "default-server-cert.py",
"every": "once",
"reload": false
}
]
}

29
tests/Upgrade.py
View File

@ -72,12 +72,7 @@ if distro == "ubuntu":
f.write(bash_script)
f.flush()
subprocess.run(
[
"docker",
"cp",
f.name,
"systemd-ubuntu:/data/install_nginx.sh"
]
["docker", "cp", f.name, "systemd-ubuntu:/data/install_nginx.sh"]
)
result = subprocess.run(
[
@ -444,12 +439,7 @@ if distro == "ubuntu":
f.write(bash_script)
f.flush()
subprocess.run(
[
"docker",
"cp",
f.name,
"systemd-ubuntu:/data/install_nginx.sh"
]
["docker", "cp", f.name, "systemd-ubuntu:/data/install_nginx.sh"]
)
result = subprocess.run(
[
@ -975,12 +965,7 @@ elif distro == "debian":
f.write(bash_script)
f.flush()
subprocess.run(
[
"docker",
"cp",
f.name,
"systemd-debian:/data/install_nginx.sh"
]
["docker", "cp", f.name, "systemd-debian:/data/install_nginx.sh"]
)
result = subprocess.run(
[
@ -1551,7 +1536,9 @@ elif distro == "fedora":
subprocess.run(["docker", "start", "systemd-fedora"])
def check_container_status():
result = subprocess.run(["docker", "inspect", "systemd-fedora"], stdout=subprocess.PIPE)
result = subprocess.run(
["docker", "inspect", "systemd-fedora"], stdout=subprocess.PIPE
)
return "running" in str(result.stdout)
while True:
@ -1682,9 +1669,7 @@ elif distro == "rhel":
with tempfile.NamedTemporaryFile(mode="w") as f:
f.write(bash_script)
f.flush()
subprocess.run(
["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"]
)
subprocess.run(["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"])
result = subprocess.run(
[
"docker",

6
tests/ansible/ovh_roles/common/tasks/apt.yml
View File

@ -5,7 +5,7 @@
dest: /etc/apt/sources.list
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Update APT cache and install dependencies
shell: apt update && apt autoclean && apt install -y unattended-upgrades python3-apt rename python3-pip
@ -16,7 +16,7 @@
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root
group: root
mode: '0644'
mode: "0644"
- name: copy 20auto-upgrades
copy:
@ -24,4 +24,4 @@
dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root
group: root
mode: '0644'
mode: "0644"

2
tests/ansible/ovh_roles/common/tasks/fail2ban.yml
View File

@ -10,4 +10,4 @@
dest: /etc/fail2ban/jail.d/defaults-debian.conf
owner: root
group: root
mode: '0644'
mode: "0644"

11
tests/ansible/ovh_roles/common/tasks/network.yml
View File

@ -5,7 +5,7 @@
dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Update /etc/network/interfaces.d/50-cloud-init
template:
@ -13,9 +13,9 @@
dest: /etc/network/interfaces.d/50-cloud-init
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart networking
- Restart networking
- name: Update /etc/sysctl.d/70-disable-ipv6.conf
copy:
@ -23,7 +23,6 @@
dest: /etc/sysctl.d/70-disable-ipv6.conf
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Reload sysctl
- Reload sysctl

2
tests/ansible/ovh_roles/docker/tasks/main.yml
View File

@ -13,7 +13,7 @@
dest: /etc/apt/sources.list.d/docker.list
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Trust docker key
apt_key:

4
tests/ansible/ovh_roles/private_net/tasks/network.yml
View File

@ -5,6 +5,6 @@
dest: /etc/network/interfaces.d/ens4
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart networking
- Restart networking

2
tests/ansible/roles/common/tasks/apt.yml
View File

@ -5,7 +5,7 @@
dest: /etc/apt/sources.list
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Update APT cache and install dependencies
shell: apt update && apt autoclean && apt install -y python3-apt rename python3-pip sudo

11
tests/ansible/roles/common/tasks/network.yml
View File

@ -5,7 +5,7 @@
dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Update /etc/network/interfaces.d/50-cloud-init
template:
@ -13,9 +13,9 @@
dest: /etc/network/interfaces.d/50-cloud-init
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart networking
- Restart networking
- name: Update /etc/sysctl.d/70-disable-ipv6.conf
copy:
@ -23,7 +23,6 @@
dest: /etc/sysctl.d/70-disable-ipv6.conf
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Reload sysctl
- Reload sysctl

2
tests/ansible/roles/common/tasks/user.yml
View File

@ -8,4 +8,4 @@
state: present
user: "user"
commands: ALL
nopassword: true
nopassword: true

2
tests/ansible/roles/docker/tasks/main.yml
View File

@ -13,7 +13,7 @@
dest: /etc/apt/sources.list.d/docker.list
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Trust docker key
apt_key:

4
tests/ansible/roles/private_net/tasks/network.yml
View File

@ -5,6 +5,6 @@
dest: /etc/network/interfaces.d/60-ens5-vpc
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart networking
- Restart networking

2
tests/ansible/roles/swarm/files/daemon.json
View File

@ -1,3 +1,3 @@
{
"insecure-registries" : ["192.168.42.100:5000"]
"insecure-registries": ["192.168.42.100:5000"]
}

2
tests/ansible/roles/swarm/tasks/main.yml
View File

@ -69,7 +69,7 @@
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0644'
mode: "0644"
- name: Reload docker
service:

314
tests/utils/bunkerweb.yml
View File

@ -1,157 +1,157 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-bunkerweb
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: bunkerweb
spec:
selector:
matchLabels:
app: bunkerweb
template:
metadata:
labels:
app: bunkerweb
annotations:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
- containerPort: 8443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
- name: API_WHITELIST_IP
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
- name: USE_REAL_IP
value: "yes"
- name: USE_PROXY_PROTOCOL
value: "yes"
- name: REAL_IP_HEADER
value: "proxy_protocol"
- name: REAL_IP_FROM
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
- name: USE_LETS_ENCRYPT_STAGING
value: "yes"
livenessProbe:
exec:
command:
- /opt/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /opt/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
imagePullSecrets:
- name: secret-registry
---
apiVersion: v1
kind: Service
metadata:
name: svc-bunkerweb
spec:
clusterIP: None
selector:
app: bunkerweb
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bunkerweb-controller
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: bunkerweb-controller
template:
metadata:
labels:
app: bunkerweb-controller
spec:
serviceAccountName: sa-bunkerweb
volumes:
- name: vol-bunkerweb
persistentVolumeClaim:
claimName: pvc-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
volumeMounts:
- name: vol-bunkerweb
mountPath: /data
imagePullSecrets:
- name: secret-registry
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-bunkerweb
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: bunkerweb
spec:
selector:
matchLabels:
app: bunkerweb
template:
metadata:
labels:
app: bunkerweb
annotations:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
- containerPort: 8443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
- name: API_WHITELIST_IP
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
- name: USE_REAL_IP
value: "yes"
- name: USE_PROXY_PROTOCOL
value: "yes"
- name: REAL_IP_HEADER
value: "proxy_protocol"
- name: REAL_IP_FROM
value: "10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 100.64.0.0/10"
- name: USE_LETS_ENCRYPT_STAGING
value: "yes"
livenessProbe:
exec:
command:
- /opt/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /opt/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
imagePullSecrets:
- name: secret-registry
---
apiVersion: v1
kind: Service
metadata:
name: svc-bunkerweb
spec:
clusterIP: None
selector:
app: bunkerweb
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bunkerweb-controller
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: bunkerweb-controller
template:
metadata:
labels:
app: bunkerweb-controller
spec:
serviceAccountName: sa-bunkerweb
volumes:
- name: vol-bunkerweb
persistentVolumeClaim:
claimName: pvc-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
volumeMounts:
- name: vol-bunkerweb
mountPath: /data
imagePullSecrets:
- name: secret-registry