From e551d7322661e29a1d0672d4665415302b7973b3 Mon Sep 17 00:00:00 2001
From: surtur <a_mirre@utb.cz>
Date: Tue, 30 Aug 2022 13:22:14 +0200
Subject: [PATCH] initial commit

---
 .gitattributes                      |  2 ++
 .yamllint                           | 12 ++++++++
 LICENSE                             | 14 +++++++++
 README.md                           |  6 ++++
 etc/statping/docker-compose.yml     | 30 ++++++++++++++++++++
 etc/systemd/system/statping.service | 44 +++++++++++++++++++++++++++++
 etc/systemd/system/statping.slice   | 10 +++++++
 7 files changed, 118 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .yamllint
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 etc/statping/docker-compose.yml
 create mode 100644 etc/systemd/system/statping.service
 create mode 100644 etc/systemd/system/statping.slice

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..284f4eb
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+*.service	linguist-language=systemd
+*.slice		linguist-language=systemd
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..05e4822
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,12 @@
+---
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  line-length:
+    level: warning
+
+# vim: ft=yaml bs=2 ts=2
+...
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..2fc469c
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,14 @@
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+
+Version 2, December 2004
+
+Copyright (C) 2022 dotya.ml authors
+
+Everyone is permitted to copy and distribute verbatim or modified copies of
+this license document, and changing it is allowed as long as the name is changed.
+
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+   0. You just DO WHAT THE FUCK YOU WANT TO.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ecbdca4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,6 @@
+# [status](https://git.dotya.ml/dotya.ml/status)
+
+this repo holds configs of [dotya.ml's Statping-ng instance](https://status.dotya.ml/).
+
+### LICENSE
+WTFPLv2, see [LICENSE](LICENSE) for details
diff --git a/etc/statping/docker-compose.yml b/etc/statping/docker-compose.yml
new file mode 100644
index 0000000..9f76db6
--- /dev/null
+++ b/etc/statping/docker-compose.yml
@@ -0,0 +1,30 @@
+---
+version: '2.3'
+services:
+  statping:
+    container_name: statping
+    # discontinued:
+    # image: statping/statping
+    # moved to separate org
+    # image: adamboutcher/statping-ng:v0.90.78
+    image: quay.io/statping-ng/statping-ng:v0.90.78
+    # broken for now
+    # image: quay.io/statping-ng/statping-ng:v0.90.80
+    restart: always
+    mem_limit: 256m
+    ports:
+      - 127.0.0.1:8380:8080
+    volumes:
+      - "/var/lib/statping:/app"
+    environment:
+      DB_CONN: sqlite
+      DESCRIPTION: ""
+      DOMAIN: "status.dotya.ml"
+      ALLOW_REPORTS: "false"
+      SAMPLE_DATA: 'false'
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/health || false"]
+      timeout: 2s
+      interval: 10s
+      retries: 20
+...
diff --git a/etc/systemd/system/statping.service b/etc/systemd/system/statping.service
new file mode 100644
index 0000000..2c0dda8
--- /dev/null
+++ b/etc/systemd/system/statping.service
@@ -0,0 +1,44 @@
+[Unit]
+Description=Statping server
+After=ssh.service nginx.service docker.service gitea.service drone.service grafana.service prometheus.service
+
+[Service]
+Slice=statping.slice
+Delegate=no
+Nice=18
+IOSchedulingClass=2
+Restart=always
+RestartSec=10
+ExecStartPre=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml down
+ExecStart=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml up --remove-orphans
+ExecStop=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml stop
+
+CapabilityBoundingSet=
+SystemCallFilter=~@reboot @debug
+ProtectHome=true
+RestrictNamespaces=uts ipc pid user cgroup
+; RestrictNamespaces=true
+NoNewPrivileges=True
+InaccessiblePaths=/dev/shm
+ReadWritePaths=-/etc/statping
+ReadWritePaths=-/var/lib/statping
+ProtectSystem=strict
+DevicePolicy=closed
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target
diff --git a/etc/systemd/system/statping.slice b/etc/systemd/system/statping.slice
new file mode 100644
index 0000000..3714b54
--- /dev/null
+++ b/etc/systemd/system/statping.slice
@@ -0,0 +1,10 @@
+[Unit]
+Description=Slice that limits statping.service resources
+Before=slices.target
+
+[Slice]
+CPUAccounting=yes
+CPUQuota=5%
+MemoryAccounting=yes
+MemoryHigh=240M
+MemoryMax=256M