Merge branch 'main' of 6t7.net:cnphpbb/deploy.stack

apt.list/ustc/Debian13/docker.list

@@ -0,0 +1 @@
+deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.ustc.edu.cn/docker-ce/linux/debian trixie stable

base/cadvisor.stack.yaml

@@ -0,0 +1,17 @@
+
+## RUN:: docker compose -p base --env-file ./base/env.cfg -f ./base/cadvisor.stack.yaml up -d
+services:
+
+  cadvisor:
+    image: ${Cadvisor_Image}
+    restart: always
+    container_name: cadvisor-prod
+    ports:
+      - 9180:8080
+    volumes:
+      - /:/rootfs:ro
+      - /data/docker/:/var/lib/docker:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /dev/disk/:/dev/disk:ro
+    privileged: true

base/env.cfg

@@ -0,0 +1,2 @@
+Cadvisor_Tag_Ver=v0.53.0
+Cadvisor_Image=hub.tp229.com:3500/google/cadvisor:${Cadvisor_Tag_Ver}

dbSer/loki/readme.md

@@ -0,0 +1,5 @@
+## LOKI 日志收集服务
+
+[loki docker 安装文档](https://grafana.com/docs/loki/latest/setup/install/docker/)
+
+

gitea/backup.job

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+## gitea 数据备份脚本
+## CRON:: 4 4 * * * /data/deploy/crontab/backup.job >> /dev/null 2>&1
+
+DATA_PATH=/data/volumes/gitea
+BACKUP_PATH=/data/backups/gitea
+
+docker stop gitea-app
+sleep 0.3
+rsync -au --delete ${DATA_PATH} ${BACKUP_PATH}
+sleep 0.3
+docker start gitea-app

grafana/env.cfg

@@ -1 +1,2 @@
-IMAGE_TAG=grafana/grafana:12.2.0
+IMAGE_TAG_VER=12.2.0
+IMAGE_TAG=grafana/grafana:${IMAGE_TAG_VER}

harbor/compose.yaml

@@ -1,10 +1,8 @@
-version: '2.3'
 services:
   log:
-    image: goharbor/harbor-log:v2.2.2
+    image: goharbor/harbor-log:v2.14.1
     container_name: harbor-log
     restart: always
-    dns_search: .
     cap_drop:
       - ALL
     cap_add:
@@ -14,18 +12,14 @@ services:
       - SETUID
     volumes:
       - /var/log/harbor/:/var/log/docker/:z
-      - type: bind
+      - /data/harbor/common/config/log/logrotate.conf:/etc/logrotate.d/logrotate.conf
-        source: ./common/config/log/logrotate.conf
+      - /data/harbor/common/config/log/rsyslog_docker.conf:/etc/rsyslog.d/rsyslog_docker.conf
-        target: /etc/logrotate.d/logrotate.conf
-      - type: bind
-        source: ./common/config/log/rsyslog_docker.conf
-        target: /etc/rsyslog.d/rsyslog_docker.conf
     ports:
       - 127.0.0.1:1514:10514
     networks:
       - harbor
   registry:
-    image: goharbor/registry-photon:v2.2.2
+    image: goharbor/registry-photon:v2.14.1
     container_name: registry
     restart: always
     cap_drop:
@@ -35,29 +29,24 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/registry:/storage:z
+      - /data/harbor/registry:/storage:z
-      - ./common/config/registry/:/etc/registry/:z
+      - /data/harbor/common/config/registry/:/etc/registry/:z
-      - type: bind
+      - /data/harbor/secret/registry/root.crt:/etc/registry/root.crt
-        source: /data/secret/registry/root.crt
+      - /data/harbor/common/config/shared/trust-certificates:/harbor_cust_cert
-        target: /etc/registry/root.crt
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
     networks:
       - harbor
-    dns_search: .
     depends_on:
       - log
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "registry"
   registryctl:
-    image: goharbor/harbor-registryctl:v2.2.2
+    image: goharbor/harbor-registryctl:v2.14.1
     container_name: registryctl
     env_file:
-      - ./common/config/registryctl/env
+      - /data/harbor/common/config/registryctl/env
     restart: always
     cap_drop:
       - ALL
@@ -66,26 +55,21 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/registry:/storage:z
+      - /data/harbor/registry:/storage:z
-      - ./common/config/registry/:/etc/registry/:z
+      - /data/harbor/common/config/registry/:/etc/registry/:z
-      - type: bind
+      - /data/harbor/common/config/registryctl/config.yml:/etc/registryctl/config.yml
-        source: ./common/config/registryctl/config.yml
+      - /data/harbor/common/config/shared/trust-certificates:/harbor_cust_cert
-        target: /etc/registryctl/config.yml
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
     networks:
       - harbor
-    dns_search: .
     depends_on:
       - log
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "registryctl"
   postgresql:
-    image: goharbor/harbor-db:v2.2.2
+    image: goharbor/harbor-db:v2.14.1
     container_name: harbor-db
     restart: always
     cap_drop:
@@ -96,24 +80,24 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/database:/var/lib/postgresql/data:z
+      - /data/harbor/database:/var/lib/postgresql/data:z
     networks:
       harbor:
-    dns_search: .
     env_file:
-      - ./common/config/db/env
+      - /data/harbor/common/config/db/env
     depends_on:
       - log
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "postgresql"
+    shm_size: '1gb'
   core:
-    image: goharbor/harbor-core:v2.2.2
+    image: goharbor/harbor-core:v2.14.1
     container_name: harbor-core
     env_file:
-      - ./common/config/core/env
+      - /data/harbor/common/config/core/env
     restart: always
     cap_drop:
       - ALL
@@ -121,24 +105,15 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/ca_download/:/etc/core/ca/:z
+      - /data/harbor/ca_download/:/etc/core/ca/:z
-      - /data/:/data/:z
+      - /data/harbor/:/data/:z
-      - ./common/config/core/certificates/:/etc/core/certificates/:z
+      - /data/harbor/common/config/core/certificates/:/etc/core/certificates/:z
-      - type: bind
+      - /data/harbor/common/config/core/app.conf:/etc/core/app.conf
-        source: ./common/config/core/app.conf
+      - /data/harbor/secret/core/private_key.pem:/etc/core/private_key.pem
-        target: /etc/core/app.conf
+      - /data/harbor/data/harbor/secret/keys/secretkey:/etc/core/key
-      - type: bind
+      - /data/harbor/common/config/shared/trust-certificates:/harbor_cust_cert
-        source: /data/secret/core/private_key.pem
-        target: /etc/core/private_key.pem
-      - type: bind
-        source: /data/secret/keys/secretkey
-        target: /etc/core/key
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
     networks:
       harbor:
-    dns_search: .
     depends_on:
       - log
       - registry
@@ -147,10 +122,10 @@ services:
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "core"
   portal:
-    image: goharbor/harbor-portal:v2.2.2
+    image: goharbor/harbor-portal:v2.14.1
     container_name: harbor-portal
     restart: always
     cap_drop:
@@ -161,25 +136,22 @@ services:
       - SETUID
       - NET_BIND_SERVICE
     volumes:
-      - type: bind
+      - /data/harbor/common/config/portal/nginx.conf:/etc/nginx/nginx.conf
-        source: ./common/config/portal/nginx.conf
-        target: /etc/nginx/nginx.conf
     networks:
       - harbor
-    dns_search: .
     depends_on:
       - log
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "portal"
 
   jobservice:
-    image: goharbor/harbor-jobservice:v2.2.2
+    image: goharbor/harbor-jobservice:v2.14.1
     container_name: harbor-jobservice
     env_file:
-      - ./common/config/jobservice/env
+      - /data/harbor/common/config/jobservice/env
     restart: always
     cap_drop:
       - ALL
@@ -188,25 +160,20 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/job_logs:/var/log/jobs:z
+      - /data/harbor/job_logs:/var/log/jobs:z
-      - type: bind
+      - /data/harbor/common/config/jobservice/config.yml:/etc/jobservice/config.yml
-        source: ./common/config/jobservice/config.yml
+      - /data/harbor/common/config/shared/trust-certificates:/harbor_cust_cert
-        target: /etc/jobservice/config.yml
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
     networks:
       - harbor
-    dns_search: .
     depends_on:
       - core
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "jobservice"
   redis:
-    image: goharbor/redis-photon:v2.2.2
+    image: goharbor/redis-photon:v2.14.1
     container_name: redis
     restart: always
     cap_drop:
@@ -216,19 +183,18 @@ services:
       - SETGID
       - SETUID
     volumes:
-      - /data/redis:/var/lib/redis
+      - /data/harbor/redis:/var/lib/redis
     networks:
       harbor:
-    dns_search: .
     depends_on:
       - log
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "redis"
   proxy:
-    image: goharbor/nginx-photon:v2.2.2
+    image: goharbor/nginx-photon:v2.14.1
     container_name: nginx
     restart: always
     cap_drop:
@@ -239,14 +205,10 @@ services:
       - SETUID
       - NET_BIND_SERVICE
     volumes:
-      - ./common/config/nginx:/etc/nginx:z
+      - /data/harbor/common/config/nginx:/etc/nginx:z
-      - /data/secret/cert:/etc/cert:z
+      - /data/harbor/common/config/shared/trust-certificates:/harbor_cust_cert
-      - type: bind
-        source: ./common/config/shared/trust-certificates
-        target: /harbor_cust_cert
     networks:
       - harbor
-    dns_search: .
     ports:
       - 8080:8080
       - 8443:8443
@@ -258,7 +220,7 @@ services:
     logging:
       driver: "syslog"
       options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
         tag: "proxy"
 networks:
   harbor:

harbor/readme.md

@@ -0,0 +1,57 @@
+## 部署 Harbor
+
+[harbor github](https://github.com/goharbor/harbor)
+
+[Harbor Docs](https://goharbor.io/docs/)
+
+### 以下是harbor的各个组件
+
+| 组件名称 | 核心作用 | 关键功能说明 | 端口/依赖 |
+| --- | --- | --- | --- |
+| harbor-core | Harbor 核心服务 | 提供 API 接口、用户权限管理、项目配置、Webhook 等核心逻辑 | 依赖 harbor-db 和 redis |
+| harbor-db | 元数据存储数据库 | 存储用户信息、项目数据、镜像元数据、复制策略等（PostgreSQL） | 健康状态表明数据服务正常 |
+| harbor-jobservice | 异步任务处理器 | 执行镜像复制、垃圾回收、漏洞扫描等后台任务 | 通过 redis 协调任务队列 |
+| harbor-log | 集中式日志收集器 | 聚合所有组件日志，提供统一查询接口 | 127.0.0.1:1514→10514/tcp |
+| harbor-portal | Web 用户界面 (UI) | 提供图形化管理界面（基于 Vue.js），操作镜像、项目、用户等 | 由 nginx 代理访问 |
+| nginx | 反向代理和入口网关 | 接收外部请求，路由到后端服务（核心/UI/注册表） | 对外端口:<br>HTTP: 14080<br>HTTPS: 14443 |
+| redis | 缓存与会话存储 | 缓存数据库查询、存储用户会话、管理任务队列 | 加速系统性能 |
+| registry | Docker 镜像存储服务 | 实际存储镜像文件（Blobs）和清单（Manifests） | 依赖存储卷持久化数据 |
+| registryctl | 注册表控制服务 | 管理 registry 组件（触发垃圾回收、配置更新等操作） | 与 registry 交互 |
+
+### harbor安装步骤
+
+1. 到github找到最新版的安装包：https://github.com/goharbor/harbor/releases 下载最新版本的harbor-offline-installer-(版本号).tgz安装包。
+
+解压安装包：
+```
+tar xvf harbor-offline-installer-v2.14.1.tgz
+```
+
+2. 进入harbor安装目录，修改配置文件
+```
+cd ./harbor
+#复制 harbor的配置文件并改名harbor.yml
+cp -ar harbor.yml.tmpl harbor.yml
+#修改文件
+vim harbor.yml
+```
+3. 完成并保存配置文件后执行预处理
+```
+# 预处理
+./prepare
+
+```
+4. 修改生成的docker-compose.yml文件，修改相关配置
+5. 执行安装
+```
+# 安装
+docker compose -p harbor -f ./docker-compose.yml pull
+docker compose -p harbor -f ./docker-compose.yml up -d
+```
+
+```
+root@hkthyear-8015912443:/data/caddy/certificate/certificates/acme-v02.api.letsencrypt.org-directory/hub.6t7.net# lsd
+ hub.6t7.net.crt   hub.6t7.net.json  󰌆 hub.6t7.net.key
+root@hkthyear-8015912443:/data/caddy/certificate/certificates/acme-v02.api.letsencrypt.org-directory/hub.6t7.net# 
+harbor#1977
+```