feat: initial zROC project recreation (stubs for large files pending)

- 61 files across zroc-ui/ and zroc-ova/ directories
- Full content written for: config, auth, API layers, CSS, build files,
  OVA scripts, backend routes, charts, hooks, constants
- Stubs in place for: page components, Sidebar, TopBar, docker-compose,
  authentik client, blueprint YAML, packer HCL, workflows, setup wizard

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Justin
2026-04-12 16:20:05 -04:00
parent 74c05e5a58
commit 0500ac171c
61 changed files with 2262 additions and 0 deletions
+50
View File
@@ -0,0 +1,50 @@
#!/usr/bin/env bash
# zroc-ova/scripts/00-base.sh
set -euo pipefail
echo "==> [00-base] Configuring base system"
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 2; done
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
apt-get upgrade -y
apt-get dist-upgrade -y
timedatectl set-timezone UTC
cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'EOF'
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
EOF
cat >> /etc/sysctl.d/99-zroc.conf << 'EOF'
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_syncookies = 1
fs.suid_dumpable = 0
kernel.core_pattern = |/bin/false
EOF
sysctl --system
sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
apt-get install -y ufw
ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp comment 'SSH'
ufw allow 80/tcp comment 'HTTP redirect'
ufw allow 443/tcp comment 'HTTPS — zROC dashboard'
ufw allow 3000/tcp comment 'Grafana (optional direct access)'
ufw --force enable
echo "==> [00-base] Done"
+47
View File
@@ -0,0 +1,47 @@
#!/usr/bin/env bash
# zroc-ova/scripts/01-docker.sh
set -euo pipefail
echo "==> [01-docker] Installing Docker Engine"
export DEBIAN_FRONTEND=noninteractive
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
-o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
> /etc/apt/sources.list.d/docker.list
apt-get update -y
apt-get install -y \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin
usermod -aG docker zroc
systemctl enable docker
systemctl start docker
docker --version
docker compose version
cat > /etc/docker/daemon.json << 'EOF'
{
"log-driver": "json-file",
"log-opts": {
"max-size": "50m",
"max-file": "3"
},
"storage-driver": "overlay2"
}
EOF
systemctl restart docker
echo "==> [01-docker] Done"
+24
View File
@@ -0,0 +1,24 @@
#!/usr/bin/env bash
# zroc-ova/scripts/02-zroc.sh
set -euo pipefail
echo "==> [02-zroc] Setting up zROC installation"
INSTALL_DIR=/opt/zroc
ZROC_REPO="https://github.com/ZertoPublic/zroc.git"
git clone --depth=1 "$ZROC_REPO" "$INSTALL_DIR"
mkdir -p \
"$INSTALL_DIR/certs" \
"$INSTALL_DIR/zvmexporter" \
"$INSTALL_DIR/data"
cd "$INSTALL_DIR"
docker compose pull prometheus grafana authentik-server authentik-worker \
|| echo "[02-zroc] Some images not yet available — will pull on first start"
chown -R zroc:zroc "$INSTALL_DIR"
echo "==> [02-zroc] Installation directory: $INSTALL_DIR"
echo "==> [02-zroc] Done"
+38
View File
@@ -0,0 +1,38 @@
#!/usr/bin/env bash
# zroc-ova/scripts/03-setup-wizard.sh
set -euo pipefail
echo "==> [03-setup-wizard] Installing setup wizard"
install -m 0755 /tmp/zroc-setup /usr/local/bin/zroc-setup
cat > /etc/systemd/system/zroc-firstboot.service << 'EOF'
[Unit]
Description=zROC First-Boot Setup Wizard
After=network-online.target
Wants=network-online.target
ConditionPathExists=!/opt/zroc/.env
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/zroc-setup
StandardInput=tty
TTYPath=/dev/tty1
StandardOutput=journal+console
StandardError=journal+console
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable zroc-firstboot.service
rm -f /etc/sudoers.d/zroc-packer
cat > /etc/sudoers.d/zroc << 'EOF'
zroc ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/local/bin/zroc-setup, /usr/bin/systemctl restart zroc
EOF
chmod 440 /etc/sudoers.d/zroc
echo "==> [03-setup-wizard] Done"
+33
View File
@@ -0,0 +1,33 @@
#!/usr/bin/env bash
# zroc-ova/scripts/04-systemd-service.sh
set -euo pipefail
echo "==> [04-systemd-service] Installing zroc.service"
cat > /etc/systemd/system/zroc.service << 'EOF'
[Unit]
Description=zROC Observability Stack
Documentation=https://github.com/ZertoPublic/zroc
After=docker.service network-online.target
Requires=docker.service
Wants=network-online.target
[Service]
Type=oneshot
RemainAfterExit=yes
User=zroc
Group=zroc
WorkingDirectory=/opt/zroc
EnvironmentFile=-/opt/zroc/.env
ExecStartPre=/usr/bin/docker compose pull --quiet
ExecStart=/usr/bin/docker compose up -d --remove-orphans
ExecStop=/usr/bin/docker compose down
ExecReload=/usr/bin/docker compose up -d --remove-orphans
TimeoutStartSec=180
TimeoutStopSec=60
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
echo "==> [04-systemd-service] Done"
+39
View File
@@ -0,0 +1,39 @@
#!/usr/bin/env bash
# zroc-ova/scripts/05-cleanup.sh
set -euo pipefail
echo "==> [05-cleanup] Cleaning build artefacts"
rm -f /etc/sudoers.d/zroc-packer
apt-get autoremove -y
apt-get autoclean -y
apt-get clean
rm -rf /var/lib/apt/lists/*
journalctl --rotate
journalctl --vacuum-time=1s
find /var/log -type f -name "*.log" -delete
find /var/log -type f -name "*.gz" -delete
truncate -s 0 /var/log/wtmp /var/log/btmp /var/log/lastlog 2>/dev/null || true
unset HISTFILE
rm -f /home/zroc/.bash_history /root/.bash_history
history -c
cloud-init clean --logs 2>/dev/null || true
rm -rf /tmp/* /var/tmp/*
echo "==> [05-cleanup] Zeroing free space (this takes a moment)…"
dd if=/dev/zero of=/ZERO bs=4M status=progress 2>/dev/null || true
rm -f /ZERO
sync
SWAP_DEV=$(swapon --show=NAME --noheadings 2>/dev/null | head -1)
if [[ -n "$SWAP_DEV" ]]; then
swapoff "$SWAP_DEV"
dd if=/dev/zero of="$SWAP_DEV" bs=4M status=progress 2>/dev/null || true
mkswap "$SWAP_DEV"
fi
echo "==> [05-cleanup] Done — image ready for OVA packaging"