initial commit

2022-08-30 13:22:14 +02:00 · 2022-08-30 13:22:14 +02:00 · e551d73226
commit e551d73226
7 changed files with 118 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+*.service	linguist-language=systemd
+*.slice		linguist-language=systemd
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,12 @@
+---
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  line-length:
+    level: warning
+
+# vim: ft=yaml bs=2 ts=2
+...
--- a/14
+++ b/14
@ -0,0 +1,14 @@
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+
+Version 2, December 2004
+
+Copyright (C) 2022 dotya.ml authors
+
+Everyone is permitted to copy and distribute verbatim or modified copies of
+this license document, and changing it is allowed as long as the name is changed.
+
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+   0. You just DO WHAT THE FUCK YOU WANT TO.
--- a/README.md
+++ b/README.md
@ -0,0 +1,6 @@
+# [status](https://git.dotya.ml/dotya.ml/status)
+
+this repo holds configs of [dotya.ml's Statping-ng instance](https://status.dotya.ml/).
+
+### LICENSE
+WTFPLv2, see [LICENSE](LICENSE) for details
--- a/etc/statping/docker-compose.yml
+++ b/etc/statping/docker-compose.yml
@ -0,0 +1,30 @@
+---
+version: '2.3'
+services:
+  statping:
+    container_name: statping
+    # discontinued:
+    # image: statping/statping
+    # moved to separate org
+    # image: adamboutcher/statping-ng:v0.90.78
+    image: quay.io/statping-ng/statping-ng:v0.90.78
+    # broken for now
+    # image: quay.io/statping-ng/statping-ng:v0.90.80
+    restart: always
+    mem_limit: 256m
+    ports:
+      - 127.0.0.1:8380:8080
+    volumes:
+      - "/var/lib/statping:/app"
+    environment:
+      DB_CONN: sqlite
+      DESCRIPTION: ""
+      DOMAIN: "status.dotya.ml"
+      ALLOW_REPORTS: "false"
+      SAMPLE_DATA: 'false'
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/health || false"]
+      timeout: 2s
+      interval: 10s
+      retries: 20
+...
--- a/etc/systemd/system/statping.service
+++ b/etc/systemd/system/statping.service
@ -0,0 +1,44 @@
+[Unit]
+Description=Statping server
+After=ssh.service nginx.service docker.service gitea.service drone.service grafana.service prometheus.service
+
+[Service]
+Slice=statping.slice
+Delegate=no
+Nice=18
+IOSchedulingClass=2
+Restart=always
+RestartSec=10
+ExecStartPre=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml down
+ExecStart=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml up --remove-orphans
+ExecStop=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml stop
+
+CapabilityBoundingSet=
+SystemCallFilter=~@reboot @debug
+ProtectHome=true
+RestrictNamespaces=uts ipc pid user cgroup
+; RestrictNamespaces=true
+NoNewPrivileges=True
+InaccessiblePaths=/dev/shm
+ReadWritePaths=-/etc/statping
+ReadWritePaths=-/var/lib/statping
+ProtectSystem=strict
+DevicePolicy=closed
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/statping.slice
+++ b/etc/systemd/system/statping.slice
@ -0,0 +1,10 @@
+[Unit]
+Description=Slice that limits statping.service resources
+Before=slices.target
+
+[Slice]
+CPUAccounting=yes
+CPUQuota=5%
+MemoryAccounting=yes
+MemoryHigh=240M
+MemoryMax=256M