archive

firefly/postgres/.dockerignore

@@ -0,0 +1 @@
+tmp

firefly/postgres/Dockerfile

@@ -0,0 +1,75 @@
+FROM ubuntu:18.04
+
+###   APT
+RUN apt -y update \
+   && DEBIAN_FRONTEND=noninteractive apt -y install tzdata \
+   && apt -y install locales language-pack-en-base \
+   && echo '127.0.0.1 firefly-iii-domain.com firefly-iii localhost' >> /etc/hosts \
+   && apt -y install \
+      postgresql postgresql-contrib \
+      nginx \
+      php-fpm php7.3-pgsql php-curl php-gd php-bcmath php-zip php-intl php-mbstring php-xml php-ldap \
+      curl \
+      gcc \
+      cron \
+      rsync \
+      sudo \
+   && rm /etc/nginx/sites-enabled/default \
+   && touch /etc/nginx/sites-available/firefly-iii.conf \
+   && ln -s /etc/nginx/sites-available/firefly-iii.conf /etc/nginx/sites-enabled/firefly-iii.conf \
+   && openssl dhparam 2048 > /etc/nginx/dhparam.pem
+
+USER postgres
+RUN service postgresql start && sleep 5 \
+   && psql --command "CREATE DATABASE fireflyiii WITH ENCODING 'UTF8' TEMPLATE='template0';" \
+   && psql --command "CREATE USER ffly WITH SUPERUSER PASSWORD 'pwd';" \
+   && psql --command "GRANT ALL PRIVILEGES ON DATABASE fireflyiii TO ffly;" \
+   && service postgresql stop && sleep 5
+
+   #&& sed 's/^password .*/password = pwd/' /etc/mysql/debian.cnf > /tmp/cnf \
+   #&& mv /tmp/cnf /etc/mysql/debian.cnf \
+   #&& echo 'create database fireflyiii character set utf8 collate utf8_bin; ' \
+   #   'grant all privileges on fireflyiii.* to fireflyiii@localhost identified by '"'"'pwd'"'"'; ' \
+   #   | mysql --user=root --password=pwd mysql && echo made fireflyiii
+USER root
+
+###   PHP
+RUN service postgresql start && sleep 10 \
+   && curl -sS https://getcomposer.org/installer \
+      | php -- --install-dir=/usr/local/bin --filename=composer \
+   && cd /opt \
+   && composer create-project grumpydictator/firefly-iii --no-dev --prefer-dist firefly-iii 5.0.1
+COPY ./env /opt/firefly-iii/.env
+RUN service postgresql start && sleep 10 \
+   && cd /opt/firefly-iii \
+   && php artisan migrate:refresh --seed \
+   && php artisan passport:install \
+   && chown -R www-data:www-data /opt/firefly-iii \
+   && mkdir -p /run/php
+
+###   WAIT
+COPY ./pause /xfer/
+RUN cd /xfer && gcc main.c -o /xfer/pauser
+
+###   CONFIG
+COPY ./env /opt/firefly-iii/.env
+COPY ./firefly-iii.conf /etc/nginx/sites-enabled/
+
+RUN apt -y autoremove \
+   && apt -y purge --auto-remove gcc curl \
+   && rm -rf /var/lib/apt \
+   && apt clean
+
+###   CRON
+RUN true \
+   && echo '0 4,8,12,16,20 * * * bash /backup.sh >> /var/log/cronj.log 2>&1' > /etc/cron.d/backups \
+   && echo '' >> /etc/cron.d/backups \
+   && chmod 0644 /etc/cron.d/backups \
+   && crontab /etc/cron.d/backups \
+   && touch /var/log/cronj.log
+
+###   COPY
+COPY ./backup.sh ./restore.sh ./entrypoint.sh /
+
+###   on enter/exit, rsync to/from /var/lib/mysql and /mnt
+ENTRYPOINT bash /entrypoint.sh

firefly/postgres/backup.sh

@@ -0,0 +1,21 @@
+#! /bin/bash
+
+set -e
+set -x
+service postgresql start
+thisback="/mnt/back/$(date -u +%Y%m%d%H%M%S).dump"
+rm -rf "$thisback" || true
+mkdir -p "$(dirname "$thisback")"
+pg_dump postgres://ffly:pwd@localhost/fireflyiii --clean > "$thisback"
+service postgresql start
+n=$(ls /mnt/back | wc -l)
+if ((n<=25)); then
+   echo "No old backups to purge" >&2
+   exit 0
+fi
+((m=n-25))
+stale=($(find /mnt/back/ -mindepth 1 -maxdepth 1 | sort | head -n $m))
+echo "Purging: rm -rf ${stale[@]}" >&2
+rm -rf "${stale[@]}"
+remaining=($(find /mnt/back/ -mindepth 1 -maxdepth 1 | sort))
+echo "Remains: ${remaining[@]}" >&2

firefly/postgres/build.sh

@@ -0,0 +1,15 @@
+#! /bin/bash
+
+set -e
+
+mkdir -p $(pwd)/tmp
+
+docker build -t dev:dev .
+docker run \
+   --rm \
+   -it \
+   -p 9031:9031 \
+   -v $PWD/tmp:/mnt \
+   dev:dev
+
+  # -v $(pwd)/tmp:/mnt \

firefly/postgres/entrypoint.sh

@@ -0,0 +1,16 @@
+#! /bin/bash
+
+set -e
+
+echo "  : servicing" >&2
+for s in postgresql nginx php7.3-fpm cron; do
+   service $s restart
+done
+echo "  : restoring" >&2
+bash /restore.sh $i
+echo "  : backing" >&2
+bash /backup.sh
+echo "  : sleeping" >&2
+sleep 10
+echo "  : pausering" >&2
+exec /xfer/pauser

firefly/postgres/env

@@ -0,0 +1,102 @@
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+APP_ENV=local
+
+# Set to true if you want to see debug information in error screens.
+APP_DEBUG=true
+
+# This should be your email address
+SITE_OWNER=admin@email.com
+
+# The encryption key for your database and sessions. Keep this very secure.
+# If you generate a new one all existing data must be considered LOST.
+# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
+APP_KEY=11111111111111111111111111111111
+
+# Change this value to your preferred time zone.
+# Example: Europe/Amsterdam
+TZ=America/Chicago
+
+# APP_URL and TRUSTED_PROXIES are useful when using Docker and/or a reverse proxy.
+APP_URL=http://localhost
+TRUSTED_PROXIES=
+
+# The log channel defines where your log entries go to.
+LOG_CHANNEL=daily
+
+# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
+# For other database types, please see the FAQ: http://firefly-iii.readthedocs.io/en/latest/support/faq.html
+DB_CONNECTION=pgsql
+DB_HOST=127.0.0.1
+DB_PORT=5432
+DB_DATABASE=fireflyiii
+DB_USERNAME=ffly
+DB_PASSWORD=pwd
+
+# 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/.
+# Several other options exist. You can use 'single' for one big fat error log (not recommended).
+# Also available are 'syslog' and 'errorlog' which will log to the system itself.
+APP_LOG=daily
+
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+APP_LOG_LEVEL=notice
+
+# If you're looking for performance improvements, you could install memcached.
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+
+# Cookie settings. Should not be necessary to change these.
+COOKIE_PATH="/"
+COOKIE_DOMAIN=
+COOKIE_SECURE=false
+
+# If you want Firefly III to mail you, update these settings
+MAIL_DRIVER=smtp
+MAIL_HOST=smtp.server.com
+MAIL_PORT=587
+MAIL_FROM=<from_email>
+MAIL_USERNAME=<email_username>
+MAIL_PASSWORD=<user_password>
+MAIL_ENCRYPTION=tls
+
+# Firefly III can send you the following messages
+SEND_REGISTRATION_MAIL=true
+SEND_ERROR_MESSAGE=true
+
+# Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places.
+MAPBOX_API_KEY=
+
+# Set a Fixer IO API key here (see https://fixer.io) to enable live currency exchange rates.
+# Please note that this will only work for paid fixer.io accounts because they severly limited
+# the free API up to the point where you might as well offer nothing.
+FIXER_API_KEY=
+
+# If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here.
+ANALYTICS_ID=
+
+# Most parts of the database are encrypted by default, but you can turn this off if you want to.
+# This makes it easier to migrate your database. Not that some fields will never be decrypted.
+USE_ENCRYPTION=true
+
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+APP_NAME=FireflyIII
+BROADCAST_DRIVER=log
+QUEUE_DRIVER=sync
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+CACHE_PREFIX=firefly
+SEARCH_RESULT_LIMIT=50
+PUSHER_KEY=
+PUSHER_SECRET=
+PUSHER_ID=
+DEMO_USERNAME=
+DEMO_PASSWORD=
+IS_DOCKER=true
+IS_SANDSTORM=false
+BUNQ_USE_SANDBOX=false
+IS_HEROKU=false

firefly/postgres/firefly-iii.conf

@@ -0,0 +1,29 @@
+server {
+   listen 9031;
+   listen [::]:9031;
+
+   root /opt/firefly-iii/public;
+
+   # Add index.php to the list if you are using PHP
+   client_max_body_size 300M;
+   index index.html index.htm index.php;
+
+   # Load configuration files for the default server block.
+   include /etc/nginx/default.d/*.conf;
+   location ~ \.php$ {
+      try_files $uri =404;
+      fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+      fastcgi_index index.php;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include fastcgi_params;
+
+   }
+
+   index index.php index.htm index.html;
+
+   location / {
+      try_files $uri $uri/ /index.php?$query_string;
+      autoindex on;
+      sendfile off;
+   }
+}

firefly/postgres/pause/main.c

@@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <signal.h>
+#include <stdlib.h>
+
+int main() {
+   int stat;
+   int sig;
+   sigset_t set;
+   sigemptyset(&set);
+   printf("add signal SIGINT: %i\n", sigaddset(&set, SIGINT));
+   printf("add signal SIGKILL: %i\n", sigaddset(&set, SIGKILL));
+   printf("add signal SIGTERM: %i\n", sigaddset(&set, SIGTERM));
+   sigprocmask(SIG_BLOCK, &set, NULL);
+   printf("Waiting...\n");
+   stat = sigwait(&set, &sig);
+   printf("Wait complete: %i (%i)\n", sig, stat);
+   printf("Backed: %i\n", system("bash /backup.sh"));
+   printf("Bye-bye!\n");
+   return 0;
+}

firefly/postgres/restore.sh

@@ -0,0 +1,38 @@
+#! /bin/bash
+
+skip=${1:-0}
+set -x
+set -e
+backups="$(find /mnt/back/ -maxdepth 1 -mindepth 1 | grep -v '\/\.' | sort -r)"
+if [ -z "${backups}" ]; then
+   echo "ERR: no backups to restore" >&2
+   exit 0
+fi
+tried=0
+echo Trying backups ${backups}... >&2
+for lastback in ${backups}; do
+   ((tried+=1))
+   if ((tried<=skip)); then
+      continue
+   fi
+   if (
+      echo Trying backup from $lastback >&2
+      set -e
+      service postgresql start
+      psql postgres://ffly:pwd@localhost/fireflyiii < "$lastback"
+      service postgresql start
+      n=0
+      until service postgresql status || ((n>10)); do
+         sleep 5
+         ((n+=1))
+      done
+      until service postgresql status | grep -E 'down|online'; do
+         sleep 5
+      done
+      service postgresql status | grep online
+   ); then
+      exit 0
+   fi
+done
+echo "ERR: could not load any backup" >&2
+exit 1

firefly/postgres/script.sh

@@ -0,0 +1,50 @@
+#! /bin/bash
+
+set -e
+set -u
+
+apt -y update && apt -y upgrade && apt -y autoremove
+DEBIAN_FRONTEND=noninteractive apt -y install tzdata
+apt -y install vim locales language-pack-en-base
+
+echo '127.0.0.1 firefly-iii-domain.com firefly-iii localhost' >> /etc/hosts
+
+apt -y install fail2ban
+
+apt -y install mariadb-server nginx php-fpm php7.3-mysql php-curl php-gd php-bcmath php-zip php-intl php-mbstring php-xml
+
+service mysql start
+echo 'FLUSH PRIVILEGES; ' \
+   'USE mysql; ' \
+   'UPDATE user SET authentication_string=PASSWORD("pwd") WHERE User='"'"'root'"'"'; ' \
+   'UPDATE user SET plugin="mysql_native_password" WHERE User='"'"'root'"'"'; ' \
+   | mysql -u root || true
+service mysql restart
+sleep 5
+
+echo 'create database fireflyiii character set utf8 collate utf8_bin; ' \
+   'grant all privileges on fireflyiii.* to fireflyiii@localhost identified by '"'"'pwd'"'"'; ' \
+   | mysql -uroot -ppwd
+service mysql restart
+
+apt -y install curl
+curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+cd /opt
+composer create-project grumpydictator/firefly-iii --no-dev --prefer-dist firefly-iii 4.7.4
+
+cp /copied/env /opt/firefly-iii/.env
+
+cd firefly-iii
+php artisan migrate:refresh --seed
+php artisan passport:install
+
+chown -R www-data:www-data /opt/firefly-iii/
+
+rm /etc/nginx/sites-enabled/default
+touch /etc/nginx/sites-available/firefly-iii.conf
+ln -s /etc/nginx/sites-available/firefly-iii.conf /etc/nginx/sites-enabled/firefly-iii.conf
+openssl dhparam 2048 > /etc/nginx/dhparam.pem
+cp /copied/firefly-iii.conf /etc/nginx/sites-enabled/firefly-iii.conf
+
+mkdir -p /run/php