x1995gourichon/gourichon_org

Go to file

Stephane Gourichon 58c84052d5 Update script runs unit and acceptance tests.

2025-09-05 22:55:44 +02:00

partials/fsg-image

Use common base image.

2025-09-05 22:55:44 +02:00

service_definitions/public/gourichon_org/domain

Building containers runs unit and acceptance tests.

2025-09-05 22:55:44 +02:00

Update script runs unit and acceptance tests.

2025-09-05 22:55:44 +02:00

.gitignore

.gitignore

2024-03-23 22:40:35 +01:00

Makefile

Makefile also set permissions.

2024-03-24 17:16:19 +01:00

README.md

Main README.md documents what this is about.

2025-09-05 22:55:44 +02:00

README.md

Debian-focused flexible service management

Who is this for?

Anyone who needs to maintain network services...
... that favors Debian as a basis ...
... and does not want to trust random opaque containers from strangers.

What does this provide?

A set of packaged services, all made with simple Dockerfiles, all based on Debian.
A small set of tools to ensure services are up-to-date, see features
run_and_output_only_on_error.sh a simple script that runs anything, capturing its output. If the thing went fine (return status zero), the output is deleted, else the output is propagated. This is meant to be (and is) used in crontab entries, to ensure the admin receives e-mails when things go wrong, but are not over-notified daily by as many e-mails as there are tasks.

Features

No root needed

None of this needs root permission.

For example, podman can build Dockerfiles and run containers from them purely as user.
Optionally, a dedicated user can be created.

Live check

Any directory prodiving a service provides a live check.
monitoring_check_all_once.sh checks at once each service and report status.
monitoring__crontask_install.sh sets up a user-level crontab entry to perform the live check once a day -- and alert root on failure

Always up-to-date w.r.t. Debian

Whenever applicable Debian packages are updated, containers are rebuilt:

containers_check_update_rebuild_switch.sh walks all currently running containers, does apt-get upgrade -y --dry-run inside, and if apt reports that some package needs an update, rebuilds the container and replaces it
containers_check_update_rebuild_switch__crontask_install.sh sets up a user-level crontab entry to perform the check-update-and-rebuild-if-needed once a day -- and alert root when something happens (the only and common case when root has no mail is when container is confirmed up-to-date)

Run containers as relevant on current machine

build_and_up_all_containers.sh -> Currently runs all containers on local machine. TODO replace using some configuration, per host name.
ensure_infra_user_exists.sh ensures a fsginfra user exists on the machine, dedicated to infrastructure maintenance.