initial commit

2024-10-03 01:47:38 +02:00
commit 72d18ac6c0
--- a/docker/Building
+++ b/docker/Building
@@ -0,0 +1,2 @@
+sudo apt-get install -y qemu binfmt-support qemu-user-static
+docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
--- a/docker/Dockerfile-ssh-vuln
+++ b/docker/Dockerfile-ssh-vuln
@@ -0,0 +1,6 @@
+FROM debian
+RUN apt update && apt -y install curl fail2ban rsyslog swaks host python3-pyinotify curl iptables tzdata go-mmproxy iproute2 sendmail net-tools python3-distutils dirmngr && apt clean
+RUN curl -fSsL https://deb.sipwise.com/spce/sipwise.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/sipwise.gpg > /dev/null
+RUN echo 'deb https://deb.sipwise.com/debian bookworm main contrib non-free' >> /etc/apt/sources.list
+ENV VERSION=1:9.2p1-2+deb12u2
+RUN apt update && apt -y install openssh-server=$VERSION openssh-client=$VERSION openssh-sftp-server=$VERSION && apt clean
--- a/docker/Install
+++ b/docker/Install
@@ -0,0 +1,13 @@
+#!/bin/bash
+git clone https://github.com/vieux/docker-volume-sshfs
+cd docker-volume-sshfs/
+docker build -t rootfsimage .
+cd ..
+mkdir -p docker-volume-sshfs/rootfs
+id=$(docker create rootfsimage true)
+sudo docker export "$id" | sudo tar -x -C docker-volume-sshfs/rootfs
+docker rm -vf "$id"
+docker rmi rootfsimage
+sudo docker plugin create vieux/sshfs docker-volume-sshfs/
+docker plugin enable vieux/sshfs:latest
+docker plugin ls
--- a/docker/OrangePi
+++ b/docker/OrangePi
@@ -0,0 +1,166 @@
+--- .config	2018-09-02 18:58:17.646331196 +0200
+++ .orangepi-docker-config.config	2018-09-02 18:57:30.621852013 +0200
+@@ -37,7 +37,8 @@
+ CONFIG_SWAP=y
+ CONFIG_SYSVIPC=y
+ CONFIG_SYSVIPC_SYSCTL=y
+-# CONFIG_POSIX_MQUEUE is not set
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+ CONFIG_FHANDLE=y
+ CONFIG_AUDIT=y
+ # CONFIG_AUDIT_LOGINUID_IMMUTABLE is not set
+@@ -91,12 +92,12 @@
+ # CONFIG_RCU_BOOST is not set
+ # CONFIG_RCU_NOCB_CPU is not set
+ CONFIG_IKCONFIG=y
+-# CONFIG_IKCONFIG_PROC is not set
+CONFIG_IKCONFIG_PROC=y
+ CONFIG_LOG_BUF_SHIFT=17
+ CONFIG_CGROUPS=y
+ CONFIG_CGROUP_DEBUG=y
+ CONFIG_CGROUP_FREEZER=y
+-# CONFIG_CGROUP_DEVICE is not set
+CONFIG_CGROUP_DEVICE=y
+ CONFIG_CPUSETS=y
+ CONFIG_PROC_PID_CPUSET=y
+ CONFIG_CGROUP_CPUACCT=y
+@@ -552,6 +553,7 @@
+ CONFIG_NETFILTER=y
+ # CONFIG_NETFILTER_DEBUG is not set
+ CONFIG_NETFILTER_ADVANCED=y
+CONFIG_BRIDGE_NETFILTER=y
+ 
+ #
+ # Core Netfilter Configuration
+@@ -635,7 +637,7 @@
+ #
+ # Xtables matches
+ #
+-# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+ # CONFIG_NETFILTER_XT_MATCH_BPF is not set
+ # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
+ CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+@@ -658,11 +660,12 @@
+ CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+ CONFIG_NETFILTER_XT_MATCH_MAC=y
+ CONFIG_NETFILTER_XT_MATCH_MARK=y
+-# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+ # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+ # CONFIG_NETFILTER_XT_MATCH_OSF is not set
+ # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+ CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+ CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+ CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
+ CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+@@ -737,16 +740,20 @@
+ CONFIG_IP6_NF_RAW=y
+ CONFIG_IP6_NF_SECURITY=y
+ # CONFIG_NF_NAT_IPV6 is not set
+# CONFIG_BRIDGE_NF_EBTABLES is not set
+ # CONFIG_IP_DCCP is not set
+ # CONFIG_IP_SCTP is not set
+ # CONFIG_RDS is not set
+ # CONFIG_TIPC is not set
+ # CONFIG_ATM is not set
+ # CONFIG_L2TP is not set
+-# CONFIG_BRIDGE is not set
+CONFIG_STP=m
+CONFIG_BRIDGE=m
+# CONFIG_BRIDGE_IGMP_SNOOPING is not set
+ CONFIG_HAVE_NET_DSA=y
+ # CONFIG_VLAN_8021Q is not set
+ # CONFIG_DECNET is not set
+CONFIG_LLC=m
+ # CONFIG_LLC2 is not set
+ # CONFIG_IPX is not set
+ # CONFIG_ATALK is not set
+@@ -816,6 +823,7 @@
+ # CONFIG_NET_CLS_IND is not set
+ CONFIG_NET_SCH_FIFO=y
+ # CONFIG_DCB is not set
+# CONFIG_DNS_RESOLVER is not set
+ # CONFIG_BATMAN_ADV is not set
+ # CONFIG_OPENVSWITCH is not set
+ # CONFIG_VSOCKETS is not set
+@@ -1068,9 +1076,12 @@
+ CONFIG_BLK_DEV_DM=y
+ # CONFIG_DM_DEBUG is not set
+ CONFIG_DM_BUFIO=y
+CONFIG_DM_BIO_PRISON=y
+CONFIG_DM_PERSISTENT_DATA=y
+ CONFIG_DM_CRYPT=y
+ # CONFIG_DM_SNAPSHOT is not set
+-# CONFIG_DM_THIN_PROVISIONING is not set
+CONFIG_DM_THIN_PROVISIONING=y
+# CONFIG_DM_DEBUG_BLOCK_STACK_TRACING is not set
+ # CONFIG_DM_CACHE is not set
+ # CONFIG_DM_MIRROR is not set
+ # CONFIG_DM_RAID is not set
+@@ -1095,7 +1106,7 @@
+ # CONFIG_NETPOLL is not set
+ # CONFIG_NET_POLL_CONTROLLER is not set
+ CONFIG_TUN=y
+-# CONFIG_VETH is not set
+CONFIG_VETH=y
+ 
+ #
+ # CAIF transport drivers
+@@ -2901,7 +2912,7 @@
+ # CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
+ # CONFIG_QUOTA is not set
+ # CONFIG_QUOTACTL is not set
+-# CONFIG_AUTOFS4_FS is not set
+CONFIG_AUTOFS4_FS=y
+ CONFIG_FUSE_FS=y
+ CONFIG_CUSE=y
+ CONFIG_GENERIC_ACL=y
+@@ -2956,6 +2967,7 @@
+ CONFIG_MISC_FILESYSTEMS=y
+ # CONFIG_ADFS_FS is not set
+ # CONFIG_AFFS_FS is not set
+# CONFIG_ECRYPT_FS is not set
+ # CONFIG_HFS_FS is not set
+ # CONFIG_HFSPLUS_FS is not set
+ # CONFIG_BEFS_FS is not set
+@@ -2997,8 +3009,10 @@
+ CONFIG_CIFS=y
+ # CONFIG_CIFS_STATS is not set
+ # CONFIG_CIFS_WEAK_PW_HASH is not set
+# CONFIG_CIFS_UPCALL is not set
+ # CONFIG_CIFS_XATTR is not set
+ # CONFIG_CIFS_DEBUG is not set
+# CONFIG_CIFS_DFS_UPCALL is not set
+ # CONFIG_CIFS_SMB2 is not set
+ CONFIG_CIFS_FSCACHE=y
+ # CONFIG_NCP_FS is not set
+@@ -3208,7 +3222,9 @@
+ #
+ # Security options
+ #
+-# CONFIG_KEYS is not set
+CONFIG_KEYS=y
+CONFIG_ENCRYPTED_KEYS=m
+CONFIG_KEYS_DEBUG_PROC_KEYS=y
+ # CONFIG_SECURITY_DMESG_RESTRICT is not set
+ CONFIG_SECURITY=y
+ CONFIG_SECURITYFS=y
+@@ -3230,6 +3246,7 @@
+ # CONFIG_SECURITY_APPARMOR is not set
+ # CONFIG_SECURITY_YAMA is not set
+ # CONFIG_IMA is not set
+# CONFIG_EVM is not set
+ CONFIG_DEFAULT_SECURITY_SELINUX=y
+ # CONFIG_DEFAULT_SECURITY_DAC is not set
+ CONFIG_DEFAULT_SECURITY="selinux"
+@@ -3343,6 +3360,7 @@
+ CONFIG_CRYPTO_USER_API_RNG=m
+ CONFIG_CRYPTO_HW=y
+ CONFIG_CRYPTO_SUNXI=m
+# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+ # CONFIG_ARM64_CRYPTO is not set
+ CONFIG_BINARY_PRINTF=y
+ 
--- a/docker/ci
+++ b/docker/ci
@@ -0,0 +1,31 @@
+version: '2'
+services:
+  jenkins:
+    image: jenkins/jenkins
+    container_name: jenkins
+    hostname: jenkins
+    restart: always
+    volumes:
+      - ./jenkins:/var/jenkins_home
+    expose:
+      - 8080
+    networks:
+      - icnet
+        
+  sonarqube:
+    image: sonarqube
+    container_name: sonarqube
+    hostname: sonarqube
+    restart: always
+    expose:
+      - 9000
+    volumes:
+      - ./sonar/conf:/opt/sonarqube/conf
+      - ./sonar/data:/opt/sonarqube/data
+      - ./sonar/logs:/opt/sonarqube/logs
+      - ./sonar/extensions:/opt/sonarqube/extensions
+    networks:
+      - icnet
+
+networks:
+  icnet:
--- a/docker/docker-compose-es7.yml
+++ b/docker/docker-compose-es7.yml
@@ -0,0 +1,40 @@
+version: '3.6'
+
+services:
+  elasticsearch:
+    image: 'docker.elastic.co/elasticsearch/elasticsearch:7.0.0-alpha2'
+    restart: always
+    container_name: elasticsearch
+    hostname: elasticsearch
+    environment:
+      - cluster.name=elasticsearch
+      - bootstrap.memory_lock=true
+      - transport.host=localhost
+      - "ES_JAVA_OPTS=-Xms1G -Xmx2G"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    volumes:
+      - ./esdata:/usr/share/elasticsearch/data
+    expose:
+      - 9200
+    networks:
+      - esnet
+
+  kibana:
+    image: 'docker.elastic.co/kibana/kibana:7.0.0-alpha2'
+    restart: always
+    container_name: kibana
+    hostname: kibana
+    ports:
+      - "5601:5601"
+    depends_on:
+      - elasticsearch
+    volumes:
+      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
+    networks:
+      - esnet
+        
+networks:
+  esnet:
--- a/docker/docker-compose-kamailio.yml
+++ b/docker/docker-compose-kamailio.yml
@@ -0,0 +1,24 @@
+version: '2'
+services:
+  kamailio:
+    build: ./kamailio
+    restart: always
+    hostname: kamailio
+    container_name: kamailio
+    entrypoint: 
+      - /bin/bash
+      - /etc/kamailio/entrypoint.sh
+    volumes:
+      - ./kamailio:/etc/kamailio
+      - ./kamailio/kamailio:/etc/default/kamailio
+      - ./kamailio/rtpproxy:/etc/default/rtpproxy
+    ports:
+      - "5060:5060/tcp"
+      - "5060:5060/udp"
+      - "5061:5061/tcp"
+      - "5061:5061/udp"
+    networks:
+      - net
+
+networks:
+  - net
--- a/docker/docker-compose-liferay-7.1.1-ga2.yml
+++ b/docker/docker-compose-liferay-7.1.1-ga2.yml
@@ -0,0 +1,95 @@
+version: '3.6'
+
+services:
+  liferay:
+    image: esystemstech/liferay:7.1.1-ga2
+    container_name: liferay
+    restart: always
+    environment:
+      - "DB_HOST=mysql"
+      - "DB_SCHEMA=liferay"
+      - "DB_USER=liferay"
+      - "DB_PASSWORD=xxx"
+      - "ELASTICSEARCH_CLUSTER_NAME=docker-cluster"
+      - "ELASTICSEARCH_HOST=elasticsearch"
+      - "ELASTICSEARCH_PORT=9300"
+      - "LIBREOFFICE_ENABLED=true"
+      - "LIBREOFFICE_CACHE=true"
+      - "LIBREOFFICE_HOST=libreoffice"
+      - "LIBREOFFICE_PORT=8100"
+    ports:
+      - 8080:8080
+    networks:
+      - external
+      - services-only
+    volumes:
+      - liferay-data:/opt/liferay/home/data
+      - liferay-logs:/var/log/tomcat8
+      - liferay-conversions:/var/lib/tomcat8/temp/liferay/document_conversion
+    tmpfs:
+      - /var/lib/tomcat8/temp/liferay:uid=7002,gid=7006,mode=1770
+    depends_on:
+      - mysql
+      - elasticsearch
+      - libreoffice
+  elasticsearch:
+    image: esystemstech/elasticsearch:liferay-7.1.1-ga2-cc
+    container_name: elasticsearch
+    hostname: elasticsearch
+    restart: always
+    networks:
+      - services-only
+    volumes:
+      - elasticsearch-data:/usr/share/elasticsearch/data
+    ulimits:
+      nofile:
+        soft: 65536
+        hard: 65536
+    expose:
+      - 9200
+      - 9300
+  libreoffice:
+    image: esystemstech/libreoffice:liferay-7.1.1-ga2-cc
+    container_name: libreoffice
+    hostname: libreoffice
+    restart: always
+    networks:
+      - services-only
+    expose:
+      - 8100
+    volumes:
+      - liferay-conversions:/var/lib/tomcat8/temp/liferay/document_conversion
+
+  mysql:
+    image: mysql:5.7
+    container_name: mysql
+    hostname: mysql
+    restart: always
+    command: ["mysqld", "--character-set-server=utf8", "--collation-server=utf8_general_ci", "--default-time-zone=+00:00","--explicit_defaults_for_timestamp", "--default-authentication-plugin=mysql_native_password"]
+    networks:
+      - services-only
+    expose:
+      - 3306
+    environment:
+      - "MYSQL_ROOT_PASSWORD=yyy"
+      - "MYSQL_DATABASE=liferay"
+      - "MYSQL_USER=liferay"
+      - "MYSQL_PASSWORD=xxx"
+    volumes:
+      - mysql-data:/var/lib/mysql
+volumes:
+  mysql-data:
+  liferay-data:
+  liferay-logs:
+  elasticsearch-data:
+  liferay-conversions:
+    driver_opts:
+      type: tmpfs
+      device: tmpfs
+      o: uid=7002,gid=7005,mode=2770
+
+networks:
+  services-only:
+    internal: true
+  external:
+    internal: false
--- a/docker/docker-compose-rocketchat.yml
+++ b/docker/docker-compose-rocketchat.yml
@@ -0,0 +1,92 @@
+    version: '2'
+    services:
+      db-rocketchat1:
+        image: mongo
+        restart: always
+        container_name: db-rocketchat1
+        hostname: db-rocketchat1
+        command: --smallfiles --keyFile /opt/keyfile --replSet "rs0"
+        volumes:
+          - ./mongo/data1:/data/db
+          - ./mongo/mongodb-keyfile:/opt/keyfile
+        networks:
+          mynet:
+
+      db-rocketchat2:
+        image: mongo
+        restart: always
+        container_name: db-rocketchat2
+        hostname: db-rocketchat2
+        command: --smallfiles --keyFile /opt/keyfile --replSet "rs0"
+        volumes:
+          - ./mongo/data2:/data/db
+          - ./mongo/mongodb-keyfile:/opt/keyfile
+        networks:
+          mynet:
+
+      rocketchat:
+        build: ./rocketchat
+        restart: always
+        container_name: rocketchat
+        hostname: rocketchat
+        entrypoint:
+          - /bin/bash
+          - /entrypoint.sh
+        environment:
+          - ROOT_URL=https://domain
+          - PORT=3000
+          - MAIL_URL=smtp.domain
+          - Accounts_UseDNSDomainCheck=False
+          - NODE_ENV=production
+          - Accounts_AvatarStorePath=/home/rocketchat/uploads
+          - MONGO_URL=mongodb://rocket:password@db-rocketchat1:27017,db-rocketchat2:27017/rocketchat?authSource=admin&replicaSet=rs0&readPreference=nearest&w=majority
+          - MONGO_OPLOG_URL=mongodb://oploguser:password@db-rocketchat1:27017,db-rocketchat2:27017/local?authSource=admin&replicaSet=rs0
+          - INSTANCE_IP=ipofthisinstance
+        volumes:
+          - ./rocketchat/uploads:/home/rocketchat/uploads
+          - ./rocketchat/hosts:/etc/hosts
+        links:
+          - db-rocketchat1:db-rocketchat1
+          - db-rocketchat2:db-rocketchat2
+        depends_on:
+          - db-rocketchat1
+          - db-rocketchat2
+        expose:
+          - 3000
+        networks:
+          mynet:
+
+      hubot:
+        build: ./hubot
+        restart: always
+        container_name: hubot
+        hostname: hubot
+        entrypoint:
+          - /usr/bin/sudo
+          - -u
+          - hubot
+          - /bin/bash
+          - /entrypoint.sh
+        volumes:
+          - ./hubot/external-scripts.json:/external-scripts.json
+        links:
+          - rocketchat:rocketchat
+        expose:
+          - 3001
+        networks:
+          mynet:
+
+      redis:       
+        image: redis:alpine
+        hostname: redis-rocketchat
+        container_name: redis-rocketchat
+        restart: always
+        volumes:
+          - ./redis:/data
+        expose:
+          - 6379
+        networks:            
+          mynet:
+
+    networks:
+      mynet: