Add ruby application service sample

Add nftables firewall
Add gitea server
2025-06-28 14:13:24 +02:00 · 2025-06-28 13:59:15 +02:00 · 2025-06-26 21:37:38 +02:00 · 2025-06-26 21:37:17 +02:00
47 changed files with 146 additions and 0 deletions
--- a/applications/application-ruby-log/consumer-for
+++ b/applications/application-ruby-log/consumer-for
@ -0,0 +1 @@
+application-ruby-srv
--- a/applications/application-ruby-log/dependencies
+++ b/applications/application-ruby-log/dependencies
@ -0,0 +1,4 @@
+# Comment out remount-root and uncomment local-fs
+# if you use separate partition for /var/log
+remount-root
+#local-fs
--- a/applications/application-ruby-log/notification-fd
+++ b/applications/application-ruby-log/notification-fd
@ -0,0 +1 @@
+3
--- a/applications/application-ruby-log/pipeline-name
+++ b/applications/application-ruby-log/pipeline-name
@ -0,0 +1 @@
+application-ruby
--- a/applications/application-ruby-log/run
+++ b/applications/application-ruby-log/run
@ -0,0 +1,5 @@
+#!/bin/execlineb -P
+
+s6-setuidgid application
+exec -c
+s6-log -d3 -- T /srv/httpd/application/ruby/log
--- a/applications/application-ruby-log/type
+++ b/applications/application-ruby-log/type
@ -0,0 +1 @@
+longrun
--- a/applications/application-ruby-srv/dependencies
+++ b/applications/application-ruby-srv/dependencies
@ -0,0 +1,2 @@
+postgresql
+redis-instances
--- a/applications/application-ruby-srv/env/HOME
+++ b/applications/application-ruby-srv/env/HOME
@ -0,0 +1 @@
+/srv/httpd/application
--- a/applications/application-ruby-srv/env/RAILS_ENV
+++ b/applications/application-ruby-srv/env/RAILS_ENV
@ -0,0 +1 @@
+production
--- a/applications/application-ruby-srv/producer-for
+++ b/applications/application-ruby-srv/producer-for
@ -0,0 +1 @@
+application-ruby-log
--- a/applications/application-ruby-srv/run
+++ b/applications/application-ruby-srv/run
@ -0,0 +1,8 @@
+#!/bin/execlineb -P
+
+fdmove -c 2 1
+foreground { chown application:users supervise supervise/control event }
+s6-setuidgid application
+s6-envdir env
+cd /srv/httpd/application/ruby/current/
+rbenv exec bundle exec puma
--- a/applications/application-ruby-srv/type
+++ b/applications/application-ruby-srv/type
@ -0,0 +1 @@
+longrun
--- a/rc.firewall/firewall/dependencies
+++ b/rc.firewall/firewall/dependencies
@ -0,0 +1,4 @@
+network
+# In some cases this service might need to be started after the service
+# below dealing with IP packet forwarding
+#ip_forward
--- a/rc.firewall/firewall/down
+++ b/rc.firewall/firewall/down
@ -0,0 +1,9 @@
+######################################################
+# Run the rc.firewall_shutdown script (if it exists) #
+######################################################
+
+if -t { [ -x /etc/rc.d/rc.firewall_shutdown ] }
+# Prepend every output with the service's name
+pipeline -w { sed -u "s/^/firewall: /" }
+fdmove -c 2 1
+nft flush ruleset
--- a/rc.firewall/firewall/type
+++ b/rc.firewall/firewall/type
@ -0,0 +1 @@
+oneshot
--- a/rc.firewall/firewall/up
+++ b/rc.firewall/firewall/up
@ -0,0 +1,11 @@
+####################################################################
+# Run the rc.firewall script                                       #
+#                                                                  #
+# See the HOWTOs on http://www.netfilter.org/ for documentation on #
+# setting up a firewall or NAT on Linux                            #
+####################################################################
+
+# Prepend every output with the service's name
+pipeline -w { sed -u "s/^/firewall: /" }
+fdmove -c 2 1
+nft -f /etc/nftables/conf.nft
--- a/rc.prosody/prosody-log/consumer-for
+++ b/rc.prosody/prosody-log/consumer-for
@ -0,0 +1 @@
+prosody-srv
--- a/rc.prosody/prosody-log/dependencies
+++ b/rc.prosody/prosody-log/dependencies
@ -0,0 +1,4 @@
+# Comment out remount-root and uncomment local-fs
+# if you use separate partition for /var/log
+remount-root
+#local-fs
--- a/rc.prosody/prosody-log/env/CMD
+++ b/rc.prosody/prosody-log/env/CMD
@ -0,0 +1 @@
+s6-log
--- a/rc.prosody/prosody-log/env/CMD_OPTS
+++ b/rc.prosody/prosody-log/env/CMD_OPTS
@ -0,0 +1 @@
+-d3
--- a/rc.prosody/prosody-log/env/LOGDIR_GROUP
+++ b/rc.prosody/prosody-log/env/LOGDIR_GROUP
@ -0,0 +1,2 @@
+root
+# Logging directory group ownership
--- a/rc.prosody/prosody-log/env/LOGDIR_OWNER
+++ b/rc.prosody/prosody-log/env/LOGDIR_OWNER
@ -0,0 +1,2 @@
+root
+# Logging directory owner
--- a/rc.prosody/prosody-log/env/LOGDIR_PATH
+++ b/rc.prosody/prosody-log/env/LOGDIR_PATH
@ -0,0 +1,2 @@
+/var/log/prosody
+# Logging directory path
--- a/rc.prosody/prosody-log/env/LOGDIR_PERMS
+++ b/rc.prosody/prosody-log/env/LOGDIR_PERMS
@ -0,0 +1,2 @@
+750
+# Logging directory access rights in octal
--- a/rc.prosody/prosody-log/env/LOG_SCRIPT
+++ b/rc.prosody/prosody-log/env/LOG_SCRIPT
@ -0,0 +1,2 @@
+n4 s500000 T $LOGDIR_PATH
+# Logging script used by s6-log
--- a/rc.prosody/prosody-log/notification-fd
+++ b/rc.prosody/prosody-log/notification-fd
@ -0,0 +1 @@
+3
--- a/rc.prosody/prosody-log/pipeline-name
+++ b/rc.prosody/prosody-log/pipeline-name
@ -0,0 +1 @@
+prosody
--- a/rc.prosody/prosody-log/run
+++ b/rc.prosody/prosody-log/run
@ -0,0 +1,24 @@
+#!/bin/execlineb -P
+
+#################################################
+# Start a logging daemon for the prosody daemon #
+#################################################
+
+s6-envdir env
+multisubstitute {
+  importas -u LOGDIR_OWNER LOGDIR_OWNER
+  importas -u LOGDIR_GROUP LOGDIR_GROUP
+  importas -u LOGDIR_PERMS LOGDIR_PERMS
+  importas -u CMD CMD
+  importas -usCd" " CMD_OPTS CMD_OPTS
+  importas -usCd" " LOG_SCRIPT LOG_SCRIPT
+}
+s6-envuidgid -B ${LOGDIR_OWNER}:${LOGDIR_GROUP}
+multisubstitute {
+  importas -u LOGDIR_PATH LOGDIR_PATH
+  importas -u UID UID
+  importas -u GID GID
+}
+if { install -dm $LOGDIR_PERMS -o $UID -g $GID $LOGDIR_PATH }
+s6-setuidgid ${UID}:${GID}
+exec -c $CMD $CMD_OPTS -- $LOG_SCRIPT
--- a/rc.prosody/prosody-log/type
+++ b/rc.prosody/prosody-log/type
@ -0,0 +1 @@
+longrun
--- a/rc.prosody/prosody-srv/dependencies
+++ b/rc.prosody/prosody-srv/dependencies
@ -0,0 +1,5 @@
+tmpfs-run
+# Comment out "remount-root" and uncomment "local-fs"
+# if you use separate partition for /var
+remount-root
+#local-fs
--- a/rc.prosody/prosody-srv/env/CMD
+++ b/rc.prosody/prosody-srv/env/CMD
@ -0,0 +1 @@
+prosody
--- a/rc.prosody/prosody-srv/env/CMD_OPTS
+++ b/rc.prosody/prosody-srv/env/CMD_OPTS
@ -0,0 +1 @@
+--config /etc/prosody/prosody.cfg.lua -F
--- a/rc.prosody/prosody-srv/producer-for
+++ b/rc.prosody/prosody-srv/producer-for
@ -0,0 +1 @@
+prosody-log
--- a/rc.prosody/prosody-srv/run
+++ b/rc.prosody/prosody-srv/run
@ -0,0 +1,16 @@
+#!/bin/execlineb -P
+
+###################################
+# Start prosody (Lua XMPP Server) #
+###################################
+
+fdmove -c 2 1
+if { install -do ldap -g ldap /var/run/openldap }
+emptyenv -p
+s6-envdir env
+multisubstitute {
+  importas -u CMD CMD
+  importas -usCd" " CMD_OPTS CMD_OPTS
+}
+s6-setuidgid prosody
+exec -c $CMD $CMD_OPTS
--- a/rc.prosody/prosody-srv/type
+++ b/rc.prosody/prosody-srv/type
@ -0,0 +1 @@
+longrun
--- a/server/server-git-log/consumer-for
+++ b/server/server-git-log/consumer-for
@ -0,0 +1 @@
+server-git-srv
--- a/server/server-git-log/dependencies
+++ b/server/server-git-log/dependencies
@ -0,0 +1,4 @@
+# Comment out remount-root and uncomment local-fs
+# if you use separate partition for /var/log
+remount-root
+#local-fs
--- a/server/server-git-log/notification-fd
+++ b/server/server-git-log/notification-fd
@ -0,0 +1 @@
+3
--- a/server/server-git-log/pipeline-name
+++ b/server/server-git-log/pipeline-name
@ -0,0 +1 @@
+server-git
--- a/server/server-git-log/run
+++ b/server/server-git-log/run
@ -0,0 +1,5 @@
+#!/bin/execlineb -P
+
+s6-setuidgid git
+exec -c
+s6-log -d3 -- T /srv/httpd/server/git/log
--- a/server/server-git-log/type
+++ b/server/server-git-log/type
@ -0,0 +1 @@
+longrun
--- a/server/server-git-srv/dependencies
+++ b/server/server-git-srv/dependencies
@ -0,0 +1,2 @@
+postgresql
+redis-instances
--- a/server/server-git-srv/env/GITEA_WORK_DIR
+++ b/server/server-git-srv/env/GITEA_WORK_DIR
@ -0,0 +1 @@
+/srv/httpd/server/git/
--- a/server/server-git-srv/env/HOME
+++ b/server/server-git-srv/env/HOME
@ -0,0 +1 @@
+/srv/git
--- a/server/server-git-srv/producer-for
+++ b/server/server-git-srv/producer-for
@ -0,0 +1 @@
+server-git-log
--- a/server/server-git-srv/run
+++ b/server/server-git-srv/run
@ -0,0 +1,6 @@
+#!/bin/execlineb -P
+
+fdmove -c 2 1
+s6-setuidgid git
+s6-envdir env
+/srv/httpd/server/git/bin/gitea web --config /srv/httpd/server/git/etc/app.ini -p 3001
--- a/server/server-git-srv/type
+++ b/server/server-git-srv/type
@ -0,0 +1 @@
+longrun
Author	SHA1	Message	Date
Eugen Wissner	5eb5ce724f	Add ruby application service sample	2025-06-28 14:13:24 +02:00
Eugen Wissner	be3fcc6075	Add nftables firewall	2025-06-28 13:59:15 +02:00
Eugen Wissner	544d98d884	Add gitea server	2025-06-26 21:37:38 +02:00
Eugen Wissner	66c0bf0bf5	Add prosody	2025-06-26 21:37:17 +02:00