Compare commits
3 Commits
9517bc3573
...
main
Author | SHA1 | Date |
---|---|---|
Sandro Pratesi | cd5455b9d8 | |
Sandro Pratesi | 2de4849816 | |
Sandro Pratesi | cfa6eac308 |
|
@ -0,0 +1,95 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -u
|
||||
|
||||
CHECK_SPACE_APIKEY="<API-KEY>"
|
||||
HEALTCHECKSIO_UPTIMEKUMA_UUID="<HEALTCHECKSIO_UPTIMEKUMA_UUID>"
|
||||
|
||||
UPTIMEKUMA_URL="https://uptime-kuma.golem.linux.it"
|
||||
PUSH_PATH="/api/push/"
|
||||
|
||||
UK_PING_TIMEOUT=2
|
||||
UK_PING_RETRY=3
|
||||
UK_STATUS_UP="up"
|
||||
UK_STATUS_DOWN="down"
|
||||
|
||||
HC_PING_TIMEOUT=10
|
||||
HC_PING_RETRY=5
|
||||
HC_FAIL_PATH="/fail"
|
||||
|
||||
ROOTFS_USED_THRESHOLD=75
|
||||
|
||||
# uptime-kuma ###########################################################
|
||||
|
||||
get-push-url() {
|
||||
local apikey="$1"
|
||||
echo "${UPTIMEKUMA_URL}${PUSH_PATH}${apikey}"
|
||||
}
|
||||
|
||||
ping-url() {
|
||||
local url="${1}"
|
||||
echo "Ping to ${url}: "
|
||||
curl -m "$UK_PING_TIMEOUT" --retry "$UK_PING_RETRY" "${url}"
|
||||
echo
|
||||
}
|
||||
|
||||
ping-status-msg() {
|
||||
local apikey="${1}"
|
||||
local status="${2}"
|
||||
local msg="${3}"
|
||||
local url
|
||||
url=$(get-push-url "${apikey}")"?status=${status}&msg=${msg}"
|
||||
ping-url "${url}"
|
||||
}
|
||||
|
||||
urlencode() {
|
||||
echo "${1}" | jq -s -R -r @uri
|
||||
}
|
||||
|
||||
# healthchecks.io #######################################################
|
||||
|
||||
hc-ping() {
|
||||
local url="$1"
|
||||
echo "Ping to ${url}: "
|
||||
curl -m $HC_PING_TIMEOUT --retry $HC_PING_RETRY "${url}"
|
||||
echo
|
||||
}
|
||||
|
||||
# checks ################################################################
|
||||
|
||||
check-site-hc() {
|
||||
local hcurl="$1"
|
||||
local site="$2"
|
||||
local hcpath=""
|
||||
echo "Checking ${site}:"
|
||||
# shellcheck disable=SC2015
|
||||
curl -m 3 -fSs -o /dev/null "${site}"
|
||||
if test $? -ne 0; then
|
||||
hcpath=$HC_FAIL_PATH
|
||||
fi
|
||||
hc-ping "${hcurl}${hcpath}"
|
||||
}
|
||||
|
||||
check-space() {
|
||||
local apikey=$CHECK_SPACE_APIKEY
|
||||
local status=$UK_STATUS_UP
|
||||
local msg
|
||||
|
||||
local rootfs_used
|
||||
rootfs_used="$(df --output=pcent / | tail -n1 | sed 's/\%//')"
|
||||
if test "$rootfs_used" -ge $ROOTFS_USED_THRESHOLD; then
|
||||
status=$UK_STATUS_DOWN
|
||||
msg="WARN / : ${rootfs_used}%"
|
||||
else
|
||||
msg="OK / : ${rootfs_used}%"
|
||||
fi
|
||||
|
||||
echo "$msg"
|
||||
msg=$(urlencode "$msg")
|
||||
ping-status-msg "$apikey" "$status" "$msg"
|
||||
}
|
||||
|
||||
#########################################################################
|
||||
|
||||
check-space
|
||||
check-site-hc "https://hc-ping.com/${HEALTCHECKSIO_UPTIMEKUMA_UUID}" uptime-kuma.golem.linux.it
|
|
@ -8,6 +8,12 @@ networks:
|
|||
proxy:
|
||||
external: true
|
||||
|
||||
secrets:
|
||||
cloudflare_account_email_address:
|
||||
file: /srv/secrets/traefik/email
|
||||
cloudflare_dns_api_token:
|
||||
file: /srv/secrets/traefik/token
|
||||
|
||||
services:
|
||||
reverse-proxy:
|
||||
container_name: traefik
|
||||
|
@ -20,6 +26,9 @@ services:
|
|||
# Use the public network created to be shared between Traefik and
|
||||
# any other service that needs to be publicly available with HTTPS
|
||||
- proxy
|
||||
secrets:
|
||||
- cloudflare_account_email_address
|
||||
- cloudflare_dns_api_token
|
||||
command:
|
||||
- --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services
|
||||
- --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed
|
||||
|
@ -31,7 +40,6 @@ services:
|
|||
# Set up LetsEncrypt
|
||||
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
|
||||
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
|
||||
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS}
|
||||
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
||||
# Set up an insecure listener that redirects all traffic to TLS
|
||||
- --entrypoints.web.address=:80
|
||||
|
@ -49,12 +57,13 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services
|
||||
- /srv/volumes/letsencrypt:/letsencrypt
|
||||
environment:
|
||||
- CLOUDFLARE_EMAIL=${CLOUDFLARE_ACCOUNT_EMAIL_ADDRESS}
|
||||
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_TOKEN_GOES_HERE}
|
||||
CLOUDFLARE_EMAIL_FILE: /run/secrets/cloudflare_account_email_address
|
||||
CLOUDFLARE_DNS_API_TOKEN_FILE: /run/secrets/cloudflare_dns_api_token
|
||||
# https://go-acme.github.io/lego/dns/cloudflare/
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.dashboard.service=api@internal
|
||||
- traefik.http.routers.dashboard.rule=Host(`traefik.889217.xyz`)
|
||||
- traefik.http.routers.dashboard.service=api@internal # TODO: not working
|
||||
- traefik.http.routers.dashboard.rule=Host(`traefik.golem.linux.it`)
|
||||
- traefik.http.routers.dashboard.entrypoints=websecure
|
||||
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
||||
healthcheck:
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
watchtower:
|
||||
image: containrrr/watchtower
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
env_file:
|
||||
- /srv/secrets/watchtower/docker-compose.env # for: WATCHTOWER_NOTIFICATION_URL (format: "telegram://<API_KEY>@telegram?chats=<CHAT_ID>")
|
||||
# chat id: https://api.telegram.org/botXXX:YYYYY/getUpdates (replace the XXX: YYYYY with your BOT HTTP API Token
|
||||
environment:
|
||||
WATCHTOWER_CLEANUP: 1
|
||||
WATCHTOWER_INCLUDE_RESTARTING: 1
|
||||
WATCHTOWER_NOTIFICATIONS: shoutrrr
|
||||
WATCHTOWER_NOTIFICATIONS_HOSTNAME: golem.linux.it
|
||||
# WATCHTOWER_NOTIFICATION_TEMPLATE: "{{range .}}{{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}"
|
Loading…
Reference in New Issue