initial commit
This commit is contained in:
commit
e551d73226
|
@ -0,0 +1,2 @@
|
||||||
|
*.service linguist-language=systemd
|
||||||
|
*.slice linguist-language=systemd
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
yaml-files:
|
||||||
|
- '*.yaml'
|
||||||
|
- '*.yml'
|
||||||
|
- '.yamllint'
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
level: warning
|
||||||
|
|
||||||
|
# vim: ft=yaml bs=2 ts=2
|
||||||
|
...
|
|
@ -0,0 +1,14 @@
|
||||||
|
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
||||||
|
|
||||||
|
Version 2, December 2004
|
||||||
|
|
||||||
|
Copyright (C) 2022 dotya.ml authors
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim or modified copies of
|
||||||
|
this license document, and changing it is allowed as long as the name is changed.
|
||||||
|
|
||||||
|
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. You just DO WHAT THE FUCK YOU WANT TO.
|
|
@ -0,0 +1,6 @@
|
||||||
|
# [status](https://git.dotya.ml/dotya.ml/status)
|
||||||
|
|
||||||
|
this repo holds configs of [dotya.ml's Statping-ng instance](https://status.dotya.ml/).
|
||||||
|
|
||||||
|
### LICENSE
|
||||||
|
WTFPLv2, see [LICENSE](LICENSE) for details
|
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
version: '2.3'
|
||||||
|
services:
|
||||||
|
statping:
|
||||||
|
container_name: statping
|
||||||
|
# discontinued:
|
||||||
|
# image: statping/statping
|
||||||
|
# moved to separate org
|
||||||
|
# image: adamboutcher/statping-ng:v0.90.78
|
||||||
|
image: quay.io/statping-ng/statping-ng:v0.90.78
|
||||||
|
# broken for now
|
||||||
|
# image: quay.io/statping-ng/statping-ng:v0.90.80
|
||||||
|
restart: always
|
||||||
|
mem_limit: 256m
|
||||||
|
ports:
|
||||||
|
- 127.0.0.1:8380:8080
|
||||||
|
volumes:
|
||||||
|
- "/var/lib/statping:/app"
|
||||||
|
environment:
|
||||||
|
DB_CONN: sqlite
|
||||||
|
DESCRIPTION: ""
|
||||||
|
DOMAIN: "status.dotya.ml"
|
||||||
|
ALLOW_REPORTS: "false"
|
||||||
|
SAMPLE_DATA: 'false'
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "curl -f http://localhost:8080/health || false"]
|
||||||
|
timeout: 2s
|
||||||
|
interval: 10s
|
||||||
|
retries: 20
|
||||||
|
...
|
|
@ -0,0 +1,44 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Statping server
|
||||||
|
After=ssh.service nginx.service docker.service gitea.service drone.service grafana.service prometheus.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Slice=statping.slice
|
||||||
|
Delegate=no
|
||||||
|
Nice=18
|
||||||
|
IOSchedulingClass=2
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10
|
||||||
|
ExecStartPre=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml down
|
||||||
|
ExecStart=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml up --remove-orphans
|
||||||
|
ExecStop=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml stop
|
||||||
|
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
SystemCallFilter=~@reboot @debug
|
||||||
|
ProtectHome=true
|
||||||
|
RestrictNamespaces=uts ipc pid user cgroup
|
||||||
|
; RestrictNamespaces=true
|
||||||
|
NoNewPrivileges=True
|
||||||
|
InaccessiblePaths=/dev/shm
|
||||||
|
ReadWritePaths=-/etc/statping
|
||||||
|
ReadWritePaths=-/var/lib/statping
|
||||||
|
ProtectSystem=strict
|
||||||
|
DevicePolicy=closed
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
LockPersonality=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Slice that limits statping.service resources
|
||||||
|
Before=slices.target
|
||||||
|
|
||||||
|
[Slice]
|
||||||
|
CPUAccounting=yes
|
||||||
|
CPUQuota=5%
|
||||||
|
MemoryAccounting=yes
|
||||||
|
MemoryHigh=240M
|
||||||
|
MemoryMax=256M
|
Loading…
Reference in New Issue