mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-04 13:43:13 -04:00
feat: initial zROC project recreation (stubs for large files pending)
- 61 files across zroc-ui/ and zroc-ova/ directories - Full content written for: config, auth, API layers, CSS, build files, OVA scripts, backend routes, charts, hooks, constants - Stubs in place for: page components, Sidebar, TopBar, docker-compose, authentik client, blueprint YAML, packer HCL, workflows, setup wizard Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/00-base.sh
|
||||
set -euo pipefail
|
||||
|
||||
echo "==> [00-base] Configuring base system"
|
||||
|
||||
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 2; done
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
apt-get update -y
|
||||
apt-get upgrade -y
|
||||
apt-get dist-upgrade -y
|
||||
|
||||
timedatectl set-timezone UTC
|
||||
|
||||
cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'EOF'
|
||||
Unattended-Upgrade::Allowed-Origins {
|
||||
"${distro_id}:${distro_codename}-security";
|
||||
};
|
||||
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
|
||||
Unattended-Upgrade::MinimalSteps "true";
|
||||
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
||||
Unattended-Upgrade::Automatic-Reboot "false";
|
||||
EOF
|
||||
|
||||
cat >> /etc/sysctl.d/99-zroc.conf << 'EOF'
|
||||
net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
fs.suid_dumpable = 0
|
||||
kernel.core_pattern = |/bin/false
|
||||
EOF
|
||||
|
||||
sysctl --system
|
||||
|
||||
sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
|
||||
|
||||
apt-get install -y ufw
|
||||
ufw --force reset
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
ufw allow 22/tcp comment 'SSH'
|
||||
ufw allow 80/tcp comment 'HTTP redirect'
|
||||
ufw allow 443/tcp comment 'HTTPS — zROC dashboard'
|
||||
ufw allow 3000/tcp comment 'Grafana (optional direct access)'
|
||||
ufw --force enable
|
||||
|
||||
echo "==> [00-base] Done"
|
||||
@@ -0,0 +1,47 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/01-docker.sh
|
||||
set -euo pipefail
|
||||
echo "==> [01-docker] Installing Docker Engine"
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
||||
-o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
|
||||
https://download.docker.com/linux/ubuntu \
|
||||
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
|
||||
> /etc/apt/sources.list.d/docker.list
|
||||
|
||||
apt-get update -y
|
||||
apt-get install -y \
|
||||
docker-ce \
|
||||
docker-ce-cli \
|
||||
containerd.io \
|
||||
docker-buildx-plugin \
|
||||
docker-compose-plugin
|
||||
|
||||
usermod -aG docker zroc
|
||||
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
docker --version
|
||||
docker compose version
|
||||
|
||||
cat > /etc/docker/daemon.json << 'EOF'
|
||||
{
|
||||
"log-driver": "json-file",
|
||||
"log-opts": {
|
||||
"max-size": "50m",
|
||||
"max-file": "3"
|
||||
},
|
||||
"storage-driver": "overlay2"
|
||||
}
|
||||
EOF
|
||||
|
||||
systemctl restart docker
|
||||
|
||||
echo "==> [01-docker] Done"
|
||||
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/02-zroc.sh
|
||||
set -euo pipefail
|
||||
echo "==> [02-zroc] Setting up zROC installation"
|
||||
|
||||
INSTALL_DIR=/opt/zroc
|
||||
ZROC_REPO="https://github.com/ZertoPublic/zroc.git"
|
||||
|
||||
git clone --depth=1 "$ZROC_REPO" "$INSTALL_DIR"
|
||||
|
||||
mkdir -p \
|
||||
"$INSTALL_DIR/certs" \
|
||||
"$INSTALL_DIR/zvmexporter" \
|
||||
"$INSTALL_DIR/data"
|
||||
|
||||
cd "$INSTALL_DIR"
|
||||
|
||||
docker compose pull prometheus grafana authentik-server authentik-worker \
|
||||
|| echo "[02-zroc] Some images not yet available — will pull on first start"
|
||||
|
||||
chown -R zroc:zroc "$INSTALL_DIR"
|
||||
|
||||
echo "==> [02-zroc] Installation directory: $INSTALL_DIR"
|
||||
echo "==> [02-zroc] Done"
|
||||
@@ -0,0 +1,38 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/03-setup-wizard.sh
|
||||
set -euo pipefail
|
||||
echo "==> [03-setup-wizard] Installing setup wizard"
|
||||
|
||||
install -m 0755 /tmp/zroc-setup /usr/local/bin/zroc-setup
|
||||
|
||||
cat > /etc/systemd/system/zroc-firstboot.service << 'EOF'
|
||||
[Unit]
|
||||
Description=zROC First-Boot Setup Wizard
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
ConditionPathExists=!/opt/zroc/.env
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/local/bin/zroc-setup
|
||||
StandardInput=tty
|
||||
TTYPath=/dev/tty1
|
||||
StandardOutput=journal+console
|
||||
StandardError=journal+console
|
||||
TimeoutStartSec=0
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable zroc-firstboot.service
|
||||
|
||||
rm -f /etc/sudoers.d/zroc-packer
|
||||
cat > /etc/sudoers.d/zroc << 'EOF'
|
||||
zroc ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/local/bin/zroc-setup, /usr/bin/systemctl restart zroc
|
||||
EOF
|
||||
chmod 440 /etc/sudoers.d/zroc
|
||||
|
||||
echo "==> [03-setup-wizard] Done"
|
||||
@@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/04-systemd-service.sh
|
||||
set -euo pipefail
|
||||
echo "==> [04-systemd-service] Installing zroc.service"
|
||||
|
||||
cat > /etc/systemd/system/zroc.service << 'EOF'
|
||||
[Unit]
|
||||
Description=zROC Observability Stack
|
||||
Documentation=https://github.com/ZertoPublic/zroc
|
||||
After=docker.service network-online.target
|
||||
Requires=docker.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
User=zroc
|
||||
Group=zroc
|
||||
WorkingDirectory=/opt/zroc
|
||||
EnvironmentFile=-/opt/zroc/.env
|
||||
ExecStartPre=/usr/bin/docker compose pull --quiet
|
||||
ExecStart=/usr/bin/docker compose up -d --remove-orphans
|
||||
ExecStop=/usr/bin/docker compose down
|
||||
ExecReload=/usr/bin/docker compose up -d --remove-orphans
|
||||
TimeoutStartSec=180
|
||||
TimeoutStopSec=60
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
echo "==> [04-systemd-service] Done"
|
||||
@@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env bash
|
||||
# zroc-ova/scripts/05-cleanup.sh
|
||||
set -euo pipefail
|
||||
echo "==> [05-cleanup] Cleaning build artefacts"
|
||||
|
||||
rm -f /etc/sudoers.d/zroc-packer
|
||||
|
||||
apt-get autoremove -y
|
||||
apt-get autoclean -y
|
||||
apt-get clean
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
journalctl --rotate
|
||||
journalctl --vacuum-time=1s
|
||||
find /var/log -type f -name "*.log" -delete
|
||||
find /var/log -type f -name "*.gz" -delete
|
||||
truncate -s 0 /var/log/wtmp /var/log/btmp /var/log/lastlog 2>/dev/null || true
|
||||
|
||||
unset HISTFILE
|
||||
rm -f /home/zroc/.bash_history /root/.bash_history
|
||||
history -c
|
||||
|
||||
cloud-init clean --logs 2>/dev/null || true
|
||||
|
||||
rm -rf /tmp/* /var/tmp/*
|
||||
|
||||
echo "==> [05-cleanup] Zeroing free space (this takes a moment)…"
|
||||
dd if=/dev/zero of=/ZERO bs=4M status=progress 2>/dev/null || true
|
||||
rm -f /ZERO
|
||||
sync
|
||||
|
||||
SWAP_DEV=$(swapon --show=NAME --noheadings 2>/dev/null | head -1)
|
||||
if [[ -n "$SWAP_DEV" ]]; then
|
||||
swapoff "$SWAP_DEV"
|
||||
dd if=/dev/zero of="$SWAP_DEV" bs=4M status=progress 2>/dev/null || true
|
||||
mkswap "$SWAP_DEV"
|
||||
fi
|
||||
|
||||
echo "==> [05-cleanup] Done — image ready for OVA packaging"
|
||||
Reference in New Issue
Block a user