remove taskserver

.gitattributes

@@ -7,3 +7,4 @@ ddclient/ddclient.conf filter=git-crypt diff=git-crypt
 *.secret filter=git-crypt diff=git-crypt
 htpasswd filter=git-crypt diff=git-crypt
 id_rsa filter=git-crypt diff=git-crypt
+.env filter=git-crypt diff=git-crypt

bind9/guiotte.db

@@ -27,3 +27,5 @@ home.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
 zotero.guiotte.fr. IN  CNAME   dm.guiotte.fr.
 git.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
 db.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
+flix.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+task.guiotte.fr.   IN  CNAME   dm.guiotte.fr.

docker-compose.yml

@@ -197,22 +197,6 @@ services:
     restart: unless-stopped
 
 
-  taskserver:
-    build: taskserver
-    container_name: taskserver
-    hostname: dm.guiotte.fr
-    restart: always
-    environment: *common-environment
-    env_file:
-      - taskserver/taskserver.env
-    ports:
-      - "53589:53589"
-    volumes:
-      - taskserver-data:/var/taskd
-      - taskserver-certs:/ssl_certs
-      - ./taskserver/client_certs:/client_certs
-
-
   # Not in use anymore
   # subdomain still activated though
   #slides-notes:
@@ -301,40 +285,42 @@ services:
     volumes:
       - homeassistant-config:/config
     restart: unless-stopped
-    devices:
-      - /dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20240219191913-if00:/dev/ttyACM0
-
-
-  yee0:
-    build: ssh
-    container_name: yee0
-    volumes:
-      - ./ssh/id_rsa:/root/.ssh/id_rsa
-    environment:
-      - SSH_HOSTNAME=192.168.1.5
-      - SSH_USERNAME=alarm
-      - SSH_LOCAL_PORT=55443
-      - SSH_DESTINATION=10.0.0.100
-      - SSH_DESTINATION_PORT=55443
-        #ports:
-        #  - 55443:55443
-    restart: unless-stopped
-
-
-  yee1:
-    build: ssh
-    container_name: yee1
-    volumes:
-      - ./ssh/id_rsa:/root/.ssh/id_rsa
-    environment:
-      - SSH_HOSTNAME=192.168.1.5
-      - SSH_USERNAME=alarm
-      - SSH_LOCAL_PORT=55443
-      - SSH_DESTINATION=10.0.0.101
-      - SSH_DESTINATION_PORT=55443
-        #ports:
-        #  - 55443:55443
-    restart: unless-stopped
+  # NOTE: Temporarily disable zigbee and wifi iot 
+  #
+  #  devices:
+  #    - /dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20240219191913-if00:/dev/ttyACM0
+  #
+  #
+  #yee0:
+  #  build: ssh
+  #  container_name: yee0
+  #  volumes:
+  #    - ./ssh/id_rsa:/root/.ssh/id_rsa
+  #  environment:
+  #    - SSH_HOSTNAME=192.168.1.5
+  #    - SSH_USERNAME=alarm
+  #    - SSH_LOCAL_PORT=55443
+  #    - SSH_DESTINATION=10.0.0.100
+  #    - SSH_DESTINATION_PORT=55443
+  #      #ports:
+  #      #  - 55443:55443
+  #  restart: unless-stopped
+  #
+  #
+  #yee1:
+  #  build: ssh
+  #  container_name: yee1
+  #  volumes:
+  #    - ./ssh/id_rsa:/root/.ssh/id_rsa
+  #  environment:
+  #    - SSH_HOSTNAME=192.168.1.5
+  #    - SSH_USERNAME=alarm
+  #    - SSH_LOCAL_PORT=55443
+  #    - SSH_DESTINATION=10.0.0.101
+  #    - SSH_DESTINATION_PORT=55443
+  #      #ports:
+  #      #  - 55443:55443
+  #  restart: unless-stopped
 
   gitea:
     image: gitea/gitea:latest
@@ -405,6 +391,37 @@ services:
       - nocodb-db-pw
 
 
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    environment:
+      <<: *common-environment
+      JELLYFIN_PublishedServerUrl: https://flix.guiotte.fr
+    volumes:
+      - jellyfin-config:/config
+      - /storage/@media/video:/data/video
+      - /storage/@media/music:/data/music
+    ports:
+      - 7359:7359/udp #optional Allows clients to discover Jellyfin on the local network
+      - 1900:1900/udp #optional Service discovery used by DNLA and clients
+    restart: unless-stopped
+    devices:
+      - /dev/dri:/dev/dri
+
+
+  taskchampion:
+    image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:latest
+    container_name: taskchampion
+    restart: unless-stopped
+    environment:
+      - "RUST_LOG=info" # Log every request
+      - "DATA_DIR=/taskchampion-data"
+      - "TASKCHAMPION_SYNC_SERVER_HOSTNAME=task.guiotte.fr"
+      - "TASKCHAMPION_SYNC_SERVER_CLIENT_ID=${TASKCHAMPION_SYNC_SERVER_CLIENT_ID}"
+    volumes:
+      - taskchampion-data:/taskchampion-data
+
+
 volumes:
   money-data:
   lychee-db:
@@ -430,6 +447,8 @@ volumes:
   nocodb:
   nocodb-data:
   nocodb-db:
+  jellyfin-config:
+  taskchampion-data:
 
 
 secrets:

swag/nginx/proxy-confs/taskchampion.subdomain.conf

@@ -0,0 +1,63 @@
+## Version 2024/07/16
+# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
+# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
+# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name task.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app taskchampion;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+    }
+
+    # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
+    # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
+    # location ~ (/<container_name>)?/api {
+    #     include /config/nginx/proxy.conf;
+    #     include /config/nginx/resolver.conf;
+    #     set $upstream_app <container_name>;
+    #     set $upstream_port <port_number>;
+    #     set $upstream_proto <http or https>;
+    #     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    #
+    #     # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+    # }
+}

taskserver/Dockerfile

@@ -1,13 +0,0 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:3.16
-
-RUN apk --no-cache add taskd
-
-ENV TASKDDATA=/var/taskd
-VOLUME /var/taskd
-
-COPY root/ /
-
-VOLUME /ssl_certs/ /client_certs/
-EXPOSE 53589
-
-ENTRYPOINT ["/init"]

taskserver/README.md

@@ -1,23 +0,0 @@
-# Taskserver
-
-Written with the help of
-<https://github.com/coaxial/docker-taskd-service>.
-
-
-## Certs renewal
-
-- *do we need to remove volumes?:* Yes!
-
-Once a year recreate the container and copy the `client_certs` dir! On the server:
-
-```shell
-dcc stop taskserver && dcc rm taskserver && docker volume rm docker_taskserver-certs docker_taskserver-data && dcu
-```
-
-On the client:
-
-```shell
-scp -r florent@dm.guiotte.fr:~/docker/taskserver/client_certs/* ~/.config/task/certs
-task config taskd.credentials -- watch/user/$(cat ~/.config/task/certs/user-uuid)
-task sync init
-```

taskserver/root/etc/cont-init.d/14-install-cert-generator

@@ -1,20 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellsheck shell=sh
-
-printf "Installing the certificate generator\n"
-apk --no-cache add curl gnutls-utils
-mkdir -p /opt/src/taskd
-# get a copy of the repo wich also contains the certificate generation scripts
-curl -sSL https://api.github.com/repos/gothenburgbitfactory/taskserver/tarball/master -o /tmp/taskd.tar.gz
-tar xzf /tmp/taskd.tar.gz -C /opt/src/taskd --strip 1
-# set the variables for the certs to be generated (as defined in
-# taskserver.env)
-{
-  echo "BITS=$TASKD_CERT_BITS";
-  echo "EXPIRATION_DAYS=$TASKD_CERT_EXPIRATION_DAYS";
-  echo "ORGANIZATION=\"$TASKD_CERT_ORGANIZATION\"";
-  echo "CN=$(hostname -f)";
-  echo "COUNTRY=$TASKD_CERT_COUNTRY";
-  echo "STATE=\"$TASKD_CERT_STATE\"";
-  echo "LOCALITY=\"$TASKD_CERT_LOCALITY\"";
-} > /opt/src/taskd/pki/vars

taskserver/root/etc/cont-init.d/15-generate-server-certs

@@ -1,20 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-if [ -s "$TASKDDATA/ca.cert.pem" ]; then
-  printf "Server certificates found, not generating any.\n"
-else
-  # Use the generate script to make the CA and server certificates
-  printf "No server certificates found, generating them...\n"
-  cd /opt/src/taskd/pki || exit 1
-  ./generate
-  # move generated certs to volumes so they're not lost when the container is
-  # destroyed, and so that they can be accessed from other containers if needed
-  cp ./client.key.pem /ssl_certs/
-  cp ./client.cert.pem /ssl_certs/
-  cp ./server.key.pem /ssl_certs/
-  cp ./server.cert.pem /ssl_certs/
-  cp ./ca.key.pem /ssl_certs/
-  cp ./ca.cert.pem /ssl_certs/
-  cp ./ca.cert.pem /client_certs/
-fi

taskserver/root/etc/cont-init.d/16-generate-user-certs

@@ -1,15 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-if [ -s "$TASKDDATA/$TASKD_USERNAME.cert.pem" ]; then
-  printf "User certificate for %s found, not generating again\n" "$TASKD_USERNAME"
-else
-  # Now we generate the user certificate that will go on the client machine
-  printf "No certificate found for %s, generating user certificate...\n" "$TASKD_USERNAME"
-  cd /opt/src/taskd/pki || exit 1
-  ./generate.client "$TASKD_USERNAME"
-  # move cert and key to a volume so they're not lost when the container is 
-  # removed and so that they're accessible outside the taskd container
-  cp "$TASKD_USERNAME".cert.pem /client_certs/"$TASKD_USERNAME".cert.pem
-  cp "$TASKD_USERNAME".key.pem /client_certs/"$TASKD_USERNAME".key.pem
-fi

taskserver/root/etc/cont-init.d/20-copy-certs

@@ -1,29 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-# Regroup all certificates where taskd will look for them
-if [ -s "$TASKDDATA/server.cert.pem" ]; then
-  printf "Server certificates found in %s, not overwriting\n" "$TASKDDATA"
-  # put the certs in the ssl_certs volume to avoid mismatch between /ssl_certs
-  # and the ones the server is using
-  cp "$TASKDDATA/server.key.pem" /ssl_certs
-  cp "$TASKDDATA/server.cert.pem" /ssl_certs
-else
-  printf "No server certificates in %s, copying them over...\n" "$TASKDDATA"
-  cp /ssl_certs/server.key.pem "$TASKDDATA"
-  cp /ssl_certs/server.cert.pem "$TASKDDATA"
-fi
-
-if [ -s "$TASKDDATA/$TASKD_USERNAME.cert.pem" ]; then
-  printf "Client certificates for user %s found in %s, not overwriting\n" "$TASKD_USERNAME" "$TASKDDATA"
-  # put the certs in the client_certs volume to avoid mismatch between
-  # /client_certs and the ones the server is using
-  cp "$TASKDDATA/ca.cert.pem" /client_certs
-  cp "$TASKDDATA/$TASKD_USERNAME.key.pem" /client_certs
-  cp "$TASKDDATA/$TASKD_USERNAME.cert.pem" /client_certs
-else
-  printf "No certificates for user %s in %s, copying them over...\n" "$TASKD_USERNAME" "$TASKDDATA"
-  cp /client_certs/ca.cert.pem "$TASKDDATA"
-  cp "/client_certs/$TASKD_USERNAME.key.pem" "$TASKDDATA"
-  cp "/client_certs/$TASKD_USERNAME.cert.pem" "$TASKDDATA"
-fi

taskserver/root/etc/cont-init.d/30-bootstrap-taskd

@@ -1,43 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-# with help from https://blog.polettix.it/setup-a-taskwarrior-server/
-
-# if we already have a config file, we don't want to overwrite it
-if [ -s "$TASKDDATA/config" ]; then
-  printf "%s/config file found, skipping bootstrap\n" "$TASKDDATA"
-else
-  printf "%s/config file not found, bootstrapping taskd\n" "$TASKDDATA"
-  # configure taskd, create the organization and user
-  taskd init
-  touch "$TASKDDATA/taskd.log"
-  touch "$TASKDDATA/taskd.pid"
-  chown taskd "$TASKDDATA/taskd.log"
-  chown taskd "$TASKDDATA/taskd.pid"
-  taskd config --force server      "$(hostname -f):53589"
-  taskd config --force log         "$TASKDDATA"/taskd.log
-  taskd config --force pid.file    "$TASKDDATA"/taskd.pid
-  taskd config --force server.key  "$TASKDDATA"/server.key.pem
-  taskd config --force server.cert "$TASKDDATA"/server.cert.pem
-  taskd config --force server.crl  "$TASKDDATA"/server.crl.pem
-  taskd config --force ca.cert     "$TASKDDATA"/ca.cert.pem
-fi
-
-if find "$TASKDDATA/orgs" -name "$TASKD_ORGNAME" | grep "$TASKD_ORGNAME"; then
-  printf "Organization %s found, not regenerating it\n" "$TASKD_ORGNAME"
-else
-  printf "Organization %s not found, generating it...\n" "$TASKD_ORGNAME"
-  taskd add org "$TASKD_ORGNAME"
-fi
-
-if grep -qrw "$TASKDDATA/orgs/$TASKD_ORGNAME/users" -e "user=$TASKD_USERNAME"; then
-  printf "User %s already exists, not recreating it\n" "$TASKD_USERNAME"
-  # extract the UUID anyway
-  grep -rw "$TASKDDATA/orgs/$TASKD_ORGNAME/users" -e "user=$TASKD_USERNAME" | sed '/.*\([0-9a-f\-]\{36\}\).*/!d;s//\1/g' > /client_certs/"$TASKD_USERNAME-uuid"
-else
-  printf "User %s didn't exist, creating it...\n" "$TASKD_USERNAME"
-  # use tee to still write to stdout but also save output to file
-  taskd add user "$TASKD_ORGNAME" "$TASKD_USERNAME" | tee /client_certs/"$TASKD_USERNAME-uuid"
-  # now remove the rest of the output and only keep the uuid, useful for
-  # configuring taskwarrior on the client machine
-  sed -i '/.*\([0-9a-f\-]\{36\}\)/!d;s//\1/g' /client_certs/"$TASKD_USERNAME-uuid"
-fi

taskserver/root/etc/cont-init.d/35-fix-permissions

@@ -1,8 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-# make the taskd data dir rw for the user running taskd
-chown -R taskd:taskd "$TASKDDATA"
-# make client certs readable for every user to work around UID and GID mapping
-# inconsistencies across hosts
-chmod +r /client_certs/*

taskserver/root/etc/cont-init.d/90-diagnostics

@@ -1,6 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-# some debug info, useful when running CI tests mostly
-s6-setuidgid taskd taskd diagnostics
-ls -clash "$TASKDDATA"

taskserver/root/etc/services.d/taskd-logs/run

@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-# write a copy of the log in the container's console for easier monitoring/inspection
-exec tail -F "$TASKDDATA/taskd.log"

taskserver/root/etc/services.d/taskd/run

@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv sh
-#shellcheck shell=sh
-
-# user taskd will run the taskserver, running as root is asking for trouble
-exec s6-setuidgid taskd taskd server