Add(module): add girasol module

Add(module): add amap module Add(module): add common lib and services Add(module): add base structure for keycloak Add(module): add base structure for rocket Add(module): add n8n and windmill modules Add(docker): add install docker script in common module Add(template): add root for aldon.fr and mathieu.wiki in traefik.service template
2026-04-21 16:52:41 +02:00
parent 905cc8b43d
commit a56911b896
65 changed files with 1893 additions and 23 deletions
--- a/modules/apps/gateway/lib/scripts/create-backup.sh
+++ b/modules/apps/gateway/lib/scripts/create-backup.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+
+source /opt/environment/.env
+
+TIMESTAMP=$(date +'%Y-%m-%d_%H%M%S')
+
+sudo -u $USERNAME docker cp crowdsec-metabase:/metabase-data/metabase.db/metabase.db.mv.db  $SERVICE_BACKUPS_DIR/$SERVICE_BACKUPS_PREFIX-$TIMESTAMP.$SERVICE_BACKUPS_EXTENSION
+
+ls -1dt $SERVICE_BACKUPS_DIR/$SERVICE_BACKUPS_PREFIX-*.$SERVICE_BACKUPS_EXTENSION | tail -n +5 | xargs -r rm -f
--- a/modules/apps/gateway/lib/scripts/install-crowdsec.sh
+++ b/modules/apps/gateway/lib/scripts/install-crowdsec.sh
@@ -0,0 +1,17 @@
+set -e
+
+sudo apt update
+sudo apt install -y curl gnupg lsb-release
+
+sudo apt install crowdsec
+sudo cscli collections install crowdsecurity/traefik
+sudo cscli collections install crowdsecurity/http-cve
+sudo cscli collections install crowdsecurity/base-http-scenarios
+sudo cscli parsers install crowdsecurity/geoip-enrich
+
+sudo systemctl enable crowdsec
+sudo systemctl restart crowdsec
+
+sudo cscli hub update
+
+cscli dashboard setup -l 0.0.0.0
--- a/modules/apps/gateway/lib/scripts/install-traefik.sh
+++ b/modules/apps/gateway/lib/scripts/install-traefik.sh
@@ -32,6 +32,10 @@ chown $TRAEFIK_USER:$TRAEFIK_USER /etc/traefik/acme.json
 chmod 600 /etc/traefik/acme.json
 setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik

+sudo mkdir -p /var/log/traefik
+sudo touch /var/log/traefik/access.log
+sudo chown -R traefik:adm /var/log/traefik
+
 cat > "$TRAEFIK_CONF" <<EOF
 entryPoints:
  web:
@@ -47,7 +51,9 @@ api:
  insecure: false
 log:
  level: INFO
-accessLog: {}
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  bufferingSize: 100
 certificatesResolvers:
  letsencrypt:
    acme:
@@ -58,4 +64,4 @@ certificatesResolvers:
 EOF

 systemctl enable traefik.service
-systemctl start traefik.service
+systemctl start traefik.service
--- a/modules/apps/gateway/lib/scripts/restore-backup.sh
+++ b/modules/apps/gateway/lib/scripts/restore-backup.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+
+source /opt/environment/.env
+
+LATEST_BACKUP=$(ls -1 $SERVICE_BACKUPS_DIR/$SERVICE_BACKUPS_PREFIX-*.$SERVICE_BACKUPS_EXTENSION 2>/dev/null | sort | tail -n1)
+
+if [ -n "$LATEST_BACKUP" ] && [ -f "$LATEST_BACKUP" ]; then
+    sudo -u $USERNAME docker cp "$LATEST_BACKUP" "crowdsec-metabase:/metabase-data/metabase.db/metabase.db.mv.db"
+fi