cleanup for app deployment for ops exit.
This commit is contained in:
@@ -1,3 +0,0 @@
|
||||
# TSYS GIS Backend
|
||||
|
||||
This folder contains the GIS related backend docker compose files for TSYS GIS stack. HFNOC will own this.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
3
NonCloudron/Techops/apigw.knownelement.com/apigw-info.md
Normal file
3
NonCloudron/Techops/apigw.knownelement.com/apigw-info.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# APIGW
|
||||
|
||||
https://projects.knownelement.com/issues/179
|
||||
@@ -1,14 +0,0 @@
|
||||
API gateway notes
|
||||
|
||||
* API gateway (TYK)
|
||||
|
||||
<https://tyk.io/>
|
||||
|
||||
<https://tyk.io/docs/getting-started/installation/with-tyk-on-premises/docker/>
|
||||
|
||||
<https://tyk.io/docs/advanced-configuration/integrate/sso/dashboard-login-ldap-tib/>
|
||||
|
||||
|
||||
(or perhaps..)
|
||||
|
||||
https://github.com/apache/apisix
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1,4 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
|
||||
|
||||
https://hub.docker.com/r/apache/apisix
|
||||
@@ -1,25 +0,0 @@
|
||||
# Cloud dev at tsys
|
||||
|
||||
## Desired architecute
|
||||
|
||||
(essentially the lap.dev architecure)
|
||||
|
||||
- control plane running as a web app on cosmos
|
||||
- agent that spins up ephermeral containers on runner hosts
|
||||
|
||||
|
||||
## Contenders
|
||||
|
||||
- strong.network
|
||||
- lap.dev (dont like that it only supports github/gitlab oautg) (also that it doesnt appear to be dockerized)
|
||||
|
||||
## Links
|
||||
|
||||
- https://github.com/strong-network/images
|
||||
|
||||
|
||||
|
||||
https://github.com/daytonaio/daytona?tab=readme-ov-file
|
||||
https://www.daytona.io
|
||||
|
||||
https://github.com/gitpod-io/openvscode-server
|
||||
3
NonCloudron/Techops/cde.knownelement.com/cde-info.md
Normal file
3
NonCloudron/Techops/cde.knownelement.com/cde-info.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# CDE
|
||||
|
||||
https://projects.knownelement.com/issues/231
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
@@ -0,0 +1,3 @@
|
||||
# Draw.io
|
||||
|
||||
- https://projects.knownelement.com/issues/272
|
||||
@@ -1 +0,0 @@
|
||||
Nextcloud is able to utilize a draw.io server. Let’s give it one to use
|
||||
@@ -0,0 +1,3 @@
|
||||
# Functions
|
||||
|
||||
- https://projects.knownelement.com/issues/232
|
||||
@@ -1,8 +0,0 @@
|
||||
## Introduction
|
||||
|
||||
Need a serverless / functions as a service runtime
|
||||
|
||||
## Options
|
||||
|
||||
- https://github.com/adnanh/webhook
|
||||
- https://github.com/metrue/fx
|
||||
@@ -1 +0,0 @@
|
||||
#graylog docker compose for tsys
|
||||
@@ -0,0 +1,3 @@
|
||||
# Graylog
|
||||
|
||||
- https://projects.knownelement.com/issues/190
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
@@ -0,0 +1,3 @@
|
||||
# Kicad CI
|
||||
|
||||
- https://projects.knownelement.com/issues/197
|
||||
@@ -1 +0,0 @@
|
||||
#mailman docker compose for tsys
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
3
NonCloudron/Techops/lists.knownelement.com/lists-info.md
Normal file
3
NonCloudron/Techops/lists.knownelement.com/lists-info.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# Lists
|
||||
|
||||
- https://projects.knownelement.com/issues/199
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
@@ -0,0 +1,3 @@
|
||||
# Mailpiler
|
||||
|
||||
- https://projects.knownelement.com/issues/200
|
||||
@@ -1 +0,0 @@
|
||||
netbird can be run behind an existing reverse proxy. so we shall run it on cloudron.
|
||||
@@ -0,0 +1,3 @@
|
||||
# Netmon
|
||||
|
||||
- https://projects.knownelement.com/issues/203
|
||||
@@ -1 +0,0 @@
|
||||
#opensearch docker compose file for tsys
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -0,0 +1,3 @@
|
||||
# Opensearch
|
||||
|
||||
- https://projects.knownelement.com/issues/206
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
@@ -1,236 +0,0 @@
|
||||
#openvas docker compose for tsys
|
||||
|
||||
#git subtree add --prefix upstream/openvas https://github.com/mikesplain/openvas-docker.git master --squash
|
||||
|
||||
# greenbone/vulnerability-tests \
|
||||
# greenbone/notus-data \
|
||||
# greenbone/scap-data \
|
||||
# securecompliance/gvm:debian-master-data-full \
|
||||
# securecompliance/gvm:debian-master-data \
|
||||
# securecompliance/gvm:debian-master-full \
|
||||
# securecompliance/gvm:debian-master \
|
||||
|
||||
services:
|
||||
vulnerability-tests:
|
||||
image: registry.community.greenbone.net/community/vulnerability-tests
|
||||
environment:
|
||||
STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
|
||||
volumes:
|
||||
- vt_data_vol:/mnt
|
||||
|
||||
notus-data:
|
||||
image: registry.community.greenbone.net/community/notus-data
|
||||
volumes:
|
||||
- notus_data_vol:/mnt
|
||||
|
||||
scap-data:
|
||||
image: registry.community.greenbone.net/community/scap-data
|
||||
volumes:
|
||||
- scap_data_vol:/mnt
|
||||
|
||||
cert-bund-data:
|
||||
image: registry.community.greenbone.net/community/cert-bund-data
|
||||
volumes:
|
||||
- cert_data_vol:/mnt
|
||||
|
||||
dfn-cert-data:
|
||||
image: registry.community.greenbone.net/community/dfn-cert-data
|
||||
volumes:
|
||||
- cert_data_vol:/mnt
|
||||
depends_on:
|
||||
- cert-bund-data
|
||||
|
||||
data-objects:
|
||||
image: registry.community.greenbone.net/community/data-objects
|
||||
volumes:
|
||||
- data_objects_vol:/mnt
|
||||
|
||||
report-formats:
|
||||
image: registry.community.greenbone.net/community/report-formats
|
||||
volumes:
|
||||
- data_objects_vol:/mnt
|
||||
depends_on:
|
||||
- data-objects
|
||||
|
||||
gpg-data:
|
||||
image: registry.community.greenbone.net/community/gpg-data
|
||||
volumes:
|
||||
- gpg_data_vol:/mnt
|
||||
|
||||
redis-server:
|
||||
image: registry.community.greenbone.net/community/redis-server
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- redis_socket_vol:/run/redis/
|
||||
|
||||
pg-gvm:
|
||||
image: registry.community.greenbone.net/community/pg-gvm:stable
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- psql_data_vol:/var/lib/postgresql
|
||||
- psql_socket_vol:/var/run/postgresql
|
||||
|
||||
gvmd:
|
||||
image: registry.community.greenbone.net/community/gvmd:stable
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- gvmd_data_vol:/var/lib/gvm
|
||||
- scap_data_vol:/var/lib/gvm/scap-data/
|
||||
- cert_data_vol:/var/lib/gvm/cert-data
|
||||
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
|
||||
- vt_data_vol:/var/lib/openvas/plugins
|
||||
- psql_data_vol:/var/lib/postgresql
|
||||
- gvmd_socket_vol:/run/gvmd
|
||||
- ospd_openvas_socket_vol:/run/ospd
|
||||
- psql_socket_vol:/var/run/postgresql
|
||||
depends_on:
|
||||
pg-gvm:
|
||||
condition: service_started
|
||||
scap-data:
|
||||
condition: service_completed_successfully
|
||||
cert-bund-data:
|
||||
condition: service_completed_successfully
|
||||
dfn-cert-data:
|
||||
condition: service_completed_successfully
|
||||
data-objects:
|
||||
condition: service_completed_successfully
|
||||
report-formats:
|
||||
condition: service_completed_successfully
|
||||
|
||||
gsa:
|
||||
image: registry.community.greenbone.net/community/gsa:stable
|
||||
restart: on-failure
|
||||
ports:
|
||||
- 127.0.0.1:9392:80
|
||||
volumes:
|
||||
- gvmd_socket_vol:/run/gvmd
|
||||
depends_on:
|
||||
- gvmd
|
||||
# Sets log level of openvas to the set LOG_LEVEL within the env
|
||||
# and changes log output to /var/log/openvas instead /var/log/gvm
|
||||
# to reduce likelyhood of unwanted log interferences
|
||||
configure-openvas:
|
||||
image: registry.community.greenbone.net/community/openvas-scanner:stable
|
||||
volumes:
|
||||
- openvas_data_vol:/mnt
|
||||
- openvas_log_data_vol:/var/log/openvas
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
|
||||
sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
|
||||
chmod 644 /mnt/openvas.conf
|
||||
chmod 644 /mnt/openvas_log.conf
|
||||
touch /var/log/openvas/openvas.log
|
||||
chmod 666 /var/log/openvas/openvas.log
|
||||
|
||||
# shows logs of openvas
|
||||
openvas:
|
||||
image: registry.community.greenbone.net/community/openvas-scanner:stable
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- openvas_data_vol:/etc/openvas
|
||||
- openvas_log_data_vol:/var/log/openvas
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
cat /etc/openvas/openvas.conf
|
||||
tail -f /var/log/openvas/openvas.log
|
||||
depends_on:
|
||||
configure-openvas:
|
||||
condition: service_completed_successfully
|
||||
|
||||
openvasd:
|
||||
image: registry.community.greenbone.net/community/openvas-scanner:stable
|
||||
restart: on-failure
|
||||
environment:
|
||||
# `service_notus` is set to disable everything but notus,
|
||||
# if you want to utilize openvasd directly removed `OPENVASD_MODE`
|
||||
OPENVASD_MODE: service_notus
|
||||
GNUPGHOME: /etc/openvas/gnupg
|
||||
LISTENING: 0.0.0.0:80
|
||||
volumes:
|
||||
- openvas_data_vol:/etc/openvas
|
||||
- openvas_log_data_vol:/var/log/openvas
|
||||
- gpg_data_vol:/etc/openvas/gnupg
|
||||
- notus_data_vol:/var/lib/notus
|
||||
# enable port forwarding when you want to use the http api from your host machine
|
||||
# ports:
|
||||
# - 127.0.0.1:3000:80
|
||||
depends_on:
|
||||
vulnerability-tests:
|
||||
condition: service_completed_successfully
|
||||
configure-openvas:
|
||||
condition: service_completed_successfully
|
||||
gpg-data:
|
||||
condition: service_completed_successfully
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- openvasd
|
||||
|
||||
ospd-openvas:
|
||||
image: registry.community.greenbone.net/community/ospd-openvas:stable
|
||||
restart: on-failure
|
||||
hostname: ospd-openvas.local
|
||||
cap_add:
|
||||
- NET_ADMIN # for capturing packages in promiscuous mode
|
||||
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
|
||||
security_opt:
|
||||
- seccomp=unconfined
|
||||
- apparmor=unconfined
|
||||
command:
|
||||
[
|
||||
"ospd-openvas",
|
||||
"-f",
|
||||
"--config",
|
||||
"/etc/gvm/ospd-openvas.conf",
|
||||
"--notus-feed-dir",
|
||||
"/var/lib/notus/advisories",
|
||||
"-m",
|
||||
"666"
|
||||
]
|
||||
volumes:
|
||||
- gpg_data_vol:/etc/openvas/gnupg
|
||||
- vt_data_vol:/var/lib/openvas/plugins
|
||||
- notus_data_vol:/var/lib/notus
|
||||
- ospd_openvas_socket_vol:/run/ospd
|
||||
- redis_socket_vol:/run/redis/
|
||||
- openvas_data_vol:/etc/openvas/
|
||||
- openvas_log_data_vol:/var/log/openvas
|
||||
depends_on:
|
||||
redis-server:
|
||||
condition: service_started
|
||||
gpg-data:
|
||||
condition: service_completed_successfully
|
||||
vulnerability-tests:
|
||||
condition: service_completed_successfully
|
||||
configure-openvas:
|
||||
condition: service_completed_successfully
|
||||
|
||||
gvm-tools:
|
||||
image: registry.community.greenbone.net/community/gvm-tools
|
||||
volumes:
|
||||
- gvmd_socket_vol:/run/gvmd
|
||||
- ospd_openvas_socket_vol:/run/ospd
|
||||
depends_on:
|
||||
- gvmd
|
||||
- ospd-openvas
|
||||
|
||||
volumes:
|
||||
gpg_data_vol:
|
||||
scap_data_vol:
|
||||
cert_data_vol:
|
||||
data_objects_vol:
|
||||
gvmd_data_vol:
|
||||
psql_data_vol:
|
||||
vt_data_vol:
|
||||
notus_data_vol:
|
||||
psql_socket_vol:
|
||||
gvmd_socket_vol:
|
||||
ospd_openvas_socket_vol:
|
||||
redis_socket_vol:
|
||||
openvas_data_vol:
|
||||
openvas_log_data_vol:
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -0,0 +1,3 @@
|
||||
# Openvas
|
||||
|
||||
- https://projects.knownelement.com/issues/207
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
@@ -1,3 +0,0 @@
|
||||
We need a production DB SQL proxy.
|
||||
|
||||
Ideally it can be integrated into the Cloudron core to increase the security of the database access.
|
||||
@@ -0,0 +1,3 @@
|
||||
# SQL Proxy
|
||||
|
||||
- https://projects.knownelement.com/issues/273
|
||||
@@ -0,0 +1,3 @@
|
||||
# Tunnel
|
||||
|
||||
- https://projects.knownelement.com/issues/225
|
||||
@@ -1,3 +0,0 @@
|
||||
# wazuh docker compose for tsys
|
||||
|
||||
# https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
||||
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
||||
3
NonCloudron/Techops/wazuh.knownelement.com/wazuh-info.md
Normal file
3
NonCloudron/Techops/wazuh.knownelement.com/wazuh-info.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# Wazuh
|
||||
|
||||
- https://projects.knownelement.com/issues/229
|
||||
@@ -1 +0,0 @@
|
||||
Webhook system
|
||||
@@ -0,0 +1,3 @@
|
||||
# Webhookso
|
||||
|
||||
- https://projects.knownelement.com/issues/271
|
||||
Reference in New Issue
Block a user