docker

Prochainement Pour la gestion des mots de passe en équipe ! https://github.com/dani-garcia/vaultwarden docker-compose.yml version: '3.3' services: server: restart: always container_name: vaultwarden environment: WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications. SIGNUPS_ALLOWED=: "true" ADMIN_TOKEN: "super_secret_token_api" DATABASE_URL: "postgresql://vault:StrongPassword@postgres:5432/vaultwarden" ORG_GROUPS_ENABLED: "true" INVITATIONS_ALLOWED: "false" ORG_CREATION_USERS: "test@test.com" DOMAIN: "https://test.com" volumes: - '/home/docker/vaultwarden/data:/data/' ports: - '8000:80' - '3012:3012' image: vaultwarden/server:latest postgres: restart: always image: 'postgres:latest' ports: - '5432:5432' environment: POSTGRES_USER: vault POSTGRES_PASSWORD: StrongPassword POSTGRES_DB: vaultwarden volumes: - '/home/docker/vaultwarden/db/:/var/lib/postgresql/data/' Jusqu’ici tout va bien....

Tools CI/CD https://docs.drone.io/ https://gitea.io/en-us/ Blog https://gohugo.io/ https://github.com/adityatelange/hugo-PaperMod as git submodule Pipeline .drone.yml kind: pipeline type: docker name: default # default clone doesn't recursive clone: disable: true steps: - name: clone-with-submodules image: plugins/git pull: if-not-exists settings: depth: 50 recursive: true - name: build image: klakegg/hugo pull: if-not-exists commands: - hugo - name: deploy image: drillster/drone-rsync settings: user: from_secret: deploy-blog-user hosts: from_secret: deploy-blog-host key: from_secret: deploy-blog-key source: ./public target: /home/www/releases/${DRONE_BUILD_NUMBER} script: - ln -sfn /home/www/releases/${DRONE_BUILD_NUMBER}/public /home/www/b when: branch: include: - master trigger: branch: - master - dev Badge

https://www.opensearch.org/ opensearch opensearch-dashboards logstash Works with rootless podman with podman-compose version: '3' services: opensearch-node1: image: opensearchproject/opensearch:1.3.1 container_name: opensearch-node1 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node1 - discovery.seed_hosts=opensearch-node1,opensearch-node2 - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 #- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM # ulimits: # memlock: # soft: -1 # hard: -1 # nofile: # soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems # hard: 65536 volumes: - opensearch-data1:/usr/share/opensearch/data ports: - 9200:9200 - 9600:9600 # required for Performance Analyzer networks: - opensearch-net opensearch-node2: image: opensearchproject/opensearch:1....

Si on démarre un container avec : docker run -p 80:80 nginx, docker rajoute une règle dans sa chaîne DOCKER-USER de iptables afin de faire son foward. De cette manière, les règles de INPUT ne sont pas utilisées et le filtre entrant ne s’applique pas au service des containers. On joue donc avec DOCKER-USER pour contourner ce problème. Par exemple on peut ajouter en dernière ligne à cette chaîne une règle -j DROP -i eth0 et filtrer par la suite....

gitlab-runner.yaml : Un truc du genre à adapter. [[runners]] name = "Cool" url = "https://cool/" token = "123456789" output_limit = 50000000 executor = "docker" [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] [runners.docker] tls_verify = false image = "docker:stable" privileged = true disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false shm_size = 0