├── docs └── CHANGELOG.md ├── screenshot.png ├── .gitignore ├── utils ├── installers │ ├── docker-compose │ │ ├── portainer_agent │ │ │ ├── .env │ │ │ └── docker-compose.yml │ │ ├── portainer │ │ │ ├── .env │ │ │ └── docker-compose.yml │ │ └── netdata_agent │ │ │ ├── .env │ │ │ └── docker-compose.yml │ ├── wpcli_installer.sh │ ├── postgres_installer.sh │ └── redis_installer.sh ├── it_utils_manager_deprecated.sh ├── server_and_image_optimizations.sh ├── installers_and_configurators.sh ├── environment_manager.sh └── certbot_manager.sh ├── config ├── redis │ └── redis.conf ├── networking │ ├── 60-my-floating-ip.cfg │ └── 60-floating-ip.yaml ├── docker-compose │ ├── php │ │ └── production-stack-proxy │ │ │ ├── php-7.4_docker │ │ │ ├── php-fpm │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ ├── www.conf-overrides │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── Dockerfile │ │ │ │ └── opcache-prod.ini │ │ │ └── nginx │ │ │ │ └── nginx.conf │ │ │ ├── php-8.0_docker │ │ │ ├── php-fpm │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── opcache-prod.ini │ │ │ │ └── Dockerfile │ │ │ └── nginx │ │ │ │ └── nginx.conf │ │ │ ├── php-8.1_docker │ │ │ ├── php-fpm │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ ├── www.conf-overrides │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── opcache-prod.ini │ │ │ │ └── Dockerfile │ │ │ └── nginx │ │ │ │ └── nginx.conf │ │ │ ├── php-8.2_docker │ │ │ ├── php-fpm │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── opcache-prod.ini │ │ │ │ └── Dockerfile │ │ │ └── nginx │ │ │ │ └── nginx.conf │ │ │ ├── php-8.3_docker │ │ │ ├── php-fpm │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── opcache-prod.ini │ │ │ │ └── Dockerfile │ │ │ └── nginx │ │ │ │ └── nginx.conf │ │ │ └── .env │ └── wordpress │ │ └── production-stack-proxy │ │ ├── php-7.4_docker │ │ ├── php-fpm │ │ │ ├── php-ini-overrides.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ ├── Dockerfile │ │ │ └── opcache-prod.ini │ │ └── nginx │ │ │ └── nginx.conf │ │ ├── php-8.0_docker │ │ ├── php-fpm │ │ │ ├── php-ini-overrides.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ ├── opcache-prod.ini │ │ │ └── Dockerfile │ │ └── nginx │ │ │ └── nginx.conf │ │ ├── php-8.1_docker │ │ ├── php-fpm │ │ │ ├── php-ini-overrides.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ ├── opcache-prod.ini │ │ │ └── Dockerfile │ │ └── nginx │ │ │ └── nginx.conf │ │ ├── php-8.2_docker │ │ ├── php-fpm │ │ │ ├── php-ini-overrides.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ ├── opcache-prod.ini │ │ │ └── Dockerfile │ │ └── nginx │ │ │ └── nginx.conf │ │ ├── php-8.3_docker │ │ ├── php-fpm │ │ │ ├── php-ini-overrides.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ ├── opcache-prod.ini │ │ │ └── Dockerfile │ │ └── nginx │ │ │ └── nginx.conf │ │ ├── ssh_docker │ │ ├── entrypoint.sh │ │ ├── ssh_config │ │ ├── sshd_config │ │ ├── user.sh │ │ └── Dockerfile │ │ └── .env ├── cloud-init.cfg ├── monit │ ├── docker-mysql │ ├── fail2ban │ ├── nginx │ ├── mysql │ ├── phpfpm │ ├── postgresql │ ├── redis │ └── system ├── nginx │ ├── sites-available │ │ ├── default │ │ ├── nodejs_single │ │ ├── phpmyadmin_single │ │ ├── cockpit_single │ │ ├── portainer_single │ │ ├── html_single │ │ ├── php_single │ │ ├── other_single │ │ ├── laravel_single │ │ ├── netdata_single │ │ ├── wordpress_single │ │ ├── wordpress_root_domain │ │ ├── other_root_domain │ │ ├── php_root_domain │ │ ├── wordpress_multi_domain │ │ ├── proxy_single │ │ ├── proxy_root_domain │ │ └── zabbix_single │ ├── globals │ │ ├── wordpress_rank_math.conf │ │ ├── brotli.conf │ │ ├── php_fastcgi.conf │ │ ├── pagespeed.conf │ │ ├── security.conf │ │ ├── wordpress_mu_subdomain.conf │ │ ├── wordpress_mu_subdirectory.conf │ │ ├── logs.conf │ │ ├── cache_aggressive.conf │ │ └── wordpress_sec.conf │ └── conf.d │ │ └── webp.conf ├── netdata │ ├── health.d │ │ ├── ram-usage.conf │ │ ├── php-fpm.conf │ │ ├── anomalies.conf │ │ └── cpu.conf │ └── python.d │ │ ├── varnish.conf │ │ ├── postfix.conf │ │ ├── fail2ban.conf │ │ ├── apache.conf │ │ ├── memcached.conf │ │ ├── phpfpm.conf │ │ └── monit.conf ├── mysql │ ├── override.conf │ └── tunned.cnf ├── promtail │ ├── promtail.service │ └── config-promtail.yml ├── teleport │ ├── teleport_server.yaml │ └── teleport_client.yaml ├── borg │ ├── borgmatic.template-docker.yml │ ├── borgmatic.template-postgres.yml │ └── borgmatic.template-default.yml ├── motd │ └── 00-header ├── brolit │ ├── brolit_firewall_conf.json │ └── brolit_project.json ├── wordpress │ └── wp-rocket-config.json └── domain_extension-list ├── tools ├── third-party │ ├── dropbox-uploader │ │ ├── Dockerfile │ │ ├── Dockerfile.pi │ │ └── testUnit.sh │ ├── bench_scripts.sh │ └── blacklist-checker │ │ └── LICENSE └── monitor_docker_mysql.sh ├── templates └── emails │ └── default │ ├── footer-tpl.html │ ├── packages-tpl.html │ ├── notification-alert-tpl.html │ ├── notification-info-tpl.html │ ├── notification-success-tpl.html │ ├── notification-warning-tpl.html │ ├── server_info-tpl.html │ ├── backup_files-tpl.html │ ├── backup_configuration-tpl.html │ ├── backup_databases-tpl.html │ ├── certificates-tpl.html │ └── main-tpl.html ├── tests ├── test-environment │ ├── docker-compose.yml │ ├── Dockerfile │ └── README.md ├── test_nginx_helper.sh ├── test_project_helper.sh ├── test_php_helper.sh ├── test_mail_functions.sh ├── test_borg_restore_fix.sh ├── test_display_functions.sh ├── test_borg_connectivity_check.sh ├── test_json_helper.sh ├── test_borg_restore_debug.sh └── test_borg_integration.sh ├── .claude └── settings.local.json ├── cron ├── brolit_ui_tasks.sh └── optimizer_tasks.sh ├── LICENSE ├── runner.sh ├── updater.sh ├── libs ├── notification_controller.sh └── apps │ ├── ftp_helper.sh │ ├── ntfy_notification_helper.sh │ └── netdata_helper.sh └── TEST_NOTIFICATION_TYPES.sh /docs/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/brolit-shell/HEAD/screenshot.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | .gitpod.yml 3 | settings.json 4 | res 5 | tmp/ 6 | log/ 7 | reports/ -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer_agent/.env: -------------------------------------------------------------------------------- 1 | # PORTAINER AGENT 2 | PORTAINER_AGENT_PORT=9001 -------------------------------------------------------------------------------- /config/redis/redis.conf: -------------------------------------------------------------------------------- 1 | maxmemory 256mb 2 | maxmemory-policy allkeys-lru 3 | requirepass "TO_CHANGE" 4 | -------------------------------------------------------------------------------- /config/networking/60-my-floating-ip.cfg: -------------------------------------------------------------------------------- 1 | auto eth0:1 2 | iface eth0:1 inet static 3 | address your.float.ing.ip 4 | netmask 32 -------------------------------------------------------------------------------- /config/networking/60-floating-ip.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | version: 2 3 | ethernets: 4 | eth0: 5 | addresses: 6 | - your.float.ing.ip/32 -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.3_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.3_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/www.conf-overrides: -------------------------------------------------------------------------------- 1 | # DEFAULT 2 | PM_MAX_REQUESTS=500 3 | PM_PROCESS_IDDLE_TIMEOUT="10s" 4 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/www.conf-overrides: -------------------------------------------------------------------------------- 1 | # DEFAULT 2 | PM_MAX_REQUESTS=500 3 | PM_PROCESS_IDDLE_TIMEOUT="10s" 4 | -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer/.env: -------------------------------------------------------------------------------- 1 | # PORTAINER .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | ## HOST 5 | VIRTUAL_HOST= 6 | 7 | ## PORTAINER 8 | PORTAINER_PORT=9000 9 | PORTAINER_DATA=./portainer_data -------------------------------------------------------------------------------- /config/cloud-init.cfg: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | package_update: true 3 | package_upgrade: true 4 | packages: 5 | - git 6 | runcmd: 7 | - cd /root/ 8 | - git clone https://github.com/gauchocode/brolit-shell 9 | - chmod +x brolit-shell/runner.sh -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.3_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | printf "\n\033[0;44m---> Starting the SSH server.\033[0m\n" 5 | 6 | service ssh start 7 | service ssh status 8 | 9 | exec "$@" -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.3_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/monit/docker-mysql: -------------------------------------------------------------------------------- 1 | # Docker MySQL container monitoring 2 | check program mysql-container with path "/root/brolit-shell/tools/monitor_docker_mysql.sh" 3 | if status != 0 then alert 4 | if 3 restarts within 5 cycles then timeout 5 | -------------------------------------------------------------------------------- /config/nginx/sites-available/default: -------------------------------------------------------------------------------- 1 | # Catch-all server block, resulting in a 444 response for unknown domains. 2 | 3 | server { 4 | listen 80 default_server; 5 | listen [::]:80 default_server; 6 | server_name _; 7 | 8 | return 444; 9 | } -------------------------------------------------------------------------------- /config/netdata/health.d/ram-usage.conf: -------------------------------------------------------------------------------- 1 | alarm: ram_usage 2 | on: system.ram 3 | lookup: average -1m percentage of used 4 | units: % 5 | every: 5m 6 | warn: $this > 85 7 | crit: $this > 90 8 | info: The percentage of RAM being used by the system. -------------------------------------------------------------------------------- /config/mysql/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | LimitNOFILE=max_open_files (ex: 102400) 3 | PIDFile=/path/to/pid/file (ex: /var/lib/mysql/mysql.pid) 4 | Nice=nice_level (ex: -10) 5 | Environment="LD_PRELOAD=/path/to/malloc/library" Environment="TZ=time_zone_setting" 6 | -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_rank_math.conf: -------------------------------------------------------------------------------- 1 | # START Nginx Rewrites for Rank Math Sitemaps 2 | rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; 3 | rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap="${1}"&sitemap_n=$2 last; 4 | # END Nginx Rewrites for Rank Math Sitemaps -------------------------------------------------------------------------------- /config/nginx/globals/brotli.conf: -------------------------------------------------------------------------------- 1 | brotli on; 2 | brotli_comp_level 6; 3 | brotli_static on; 4 | brotli_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml; -------------------------------------------------------------------------------- /config/promtail/promtail.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Promtail service 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=promtail 8 | ExecStart=/opt/promtail/promtail-linux-amd64 -config.file /opt/promtail/config-promtail.yml 9 | 10 | [Install] 11 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /config/monit/fail2ban: -------------------------------------------------------------------------------- 1 | # Fail2ban 2 | check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid 3 | start program = "/usr/bin/systemctl start fail2ban" 4 | stop program = "/usr/bin/systemctl stop fail2ban" 5 | if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert 6 | -------------------------------------------------------------------------------- /config/monit/nginx: -------------------------------------------------------------------------------- 1 | # Nginx 2 | check process nginx with pidfile /var/run/nginx.pid 3 | group www-data 4 | start program = "/usr/bin/systemctl start nginx" 5 | stop program = "/usr/bin/systemctl stop nginx" 6 | if cpu > 90% for 5 cycles then restart 7 | if 3 restarts within 5 cycles then timeout 8 | -------------------------------------------------------------------------------- /utils/installers/docker-compose/netdata_agent/.env: -------------------------------------------------------------------------------- 1 | # NETDATA AGENT .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | ## NETDATA REQUIRED 5 | NETDATA_DOMAIN= 6 | NETDATA_CLAIM_TOKEN= 7 | 8 | ## NETDATA OPTIONAL 9 | NETDATA_VERSION=latest 10 | NETDATA_PORT=19999 11 | NETDATA_DATA=./netdata_data 12 | NETDATA_CLAIM_ROOMS= -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.5 2 | MAINTAINER peez@stiffi.de 3 | 4 | RUN apk add --no-cache bash curl 5 | COPY / /opt/dropbox_uploader 6 | RUN mkdir -p /config && mkdir -p /workdir 7 | 8 | VOLUME /config /workdir 9 | 10 | WORKDIR /workdir 11 | 12 | ENTRYPOINT ["/opt/dropbox_uploader/dropbox_uploader.sh", "-f", "/config/dropbox_uploader.conf"] -------------------------------------------------------------------------------- /config/monit/mysql: -------------------------------------------------------------------------------- 1 | # MySQL 2 | check process mysql with pidfile /var/run/mysqld/mysqld.pid 3 | start program = "/usr/bin/systemctl start mysql" 4 | stop program = "/usr/bin/systemctl stop mysql" 5 | if failed unixsocket /var/run/mysqld/mysqld.sock then restart 6 | if cpu > 90% for 5 cycles then alert 7 | if cpu > 90% for 5 cycles then restart 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/Dockerfile.pi: -------------------------------------------------------------------------------- 1 | FROM hypriot/rpi-alpine-scratch 2 | MAINTAINER github@vanefferenonline.nl 3 | 4 | RUN apk update && apk add bash curl 5 | COPY *.sh /opt/dropbox_uploader/ 6 | RUN mkdir -p /config && mkdir -p /workdir 7 | 8 | VOLUME /config /workdir 9 | 10 | WORKDIR /workdir 11 | 12 | ENTRYPOINT ["/opt/dropbox_uploader/dropbox_uploader.sh", "-f", "/config/dropbox_uploader.conf"] 13 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/ssh_config: -------------------------------------------------------------------------------- 1 | # Prevents "Are you sure you want to continue connecting (yes/no)?" question while connecting to the server. 2 | # The host IP below is the client machine where the ssh command is issued from. 3 | # Host 192.168.99.* 4 | # StrictHostKeyChecking no 5 | # UserKnownHostsFile=/dev/null 6 | 7 | Host * 8 | HashKnownHosts yes 9 | GSSAPIAuthentication yes -------------------------------------------------------------------------------- /config/monit/phpfpm: -------------------------------------------------------------------------------- 1 | # PHP-FPM 2 | check process phpPHP_V-fpm with pidfile /var/run/php/phpPHP_V-fpm.pid 3 | start program = "/usr/bin/systemctl start phpPHP_V-fpm" 4 | stop program = "/usr/bin/systemctl stop phpPHP_V-fpm" 5 | if failed unixsocket /var/run/php/phpPHP_V-fpm.sock then restart 6 | if cpu > 90% for 5 cycles then alert 7 | if memory usage > 90% for 5 cycles then restart 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /config/nginx/sites-available/nodejs_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | server_name domain.com; 4 | 5 | proxy_redirect off; 6 | proxy_set_header X-Real-IP $remote_addr; 7 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 8 | proxy_set_header Host $http_host; 9 | 10 | location / { 11 | proxy_pass http://localhost:NODE_PORT; 12 | } 13 | 14 | listen 80; 15 | 16 | } -------------------------------------------------------------------------------- /config/monit/postgresql: -------------------------------------------------------------------------------- 1 | # PostgreSQL 2 | check process postgresql with pidfile /var/run/postgresql/postgresql.pid 3 | start program = "/usr/bin/systemctl start postgres" 4 | restart program = "/usr/bin/systemctl start postgres" 5 | stop program = "/usr/bin/systemctl stop postgres" 6 | if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 then restart 7 | if cpu > 90% for 5 cycles then alert 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /config/monit/redis: -------------------------------------------------------------------------------- 1 | # Redis 2 | check process redis-server 3 | with pidfile "/var/run/redis.pid" 4 | start program = "/etc/init.d/redis-server start" 5 | stop program = "/etc/init.d/redis-server stop" 6 | if totalmem > 100 Mb then alert 7 | if children > 255 for 5 cycles then stop 8 | if cpu usage > 95% for 3 cycles then restart 9 | if failed host 127.0.0.1 port 6379 then restart 10 | if 5 restarts within 5 cycles then timeout -------------------------------------------------------------------------------- /templates/emails/default/footer-tpl.html: -------------------------------------------------------------------------------- 1 |
3 | BROLIT Version: {{brolit_version}} by GauchoCode 5 |
-------------------------------------------------------------------------------- /tests/test-environment/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | 3 | services: 4 | brolit-test: 5 | build: . 6 | container_name: brolit-test-env 7 | privileged: true 8 | cap_add: 9 | - SYS_ADMIN 10 | security_opt: 11 | - apparmor:unconfined 12 | tmpfs: 13 | - /tmp 14 | - /run 15 | - /run/lock 16 | volumes: 17 | - ./config:/brolit-shell/config 18 | - ./data:/data 19 | ports: 20 | - "2222:22" 21 | -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer_agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.2' 2 | 3 | services: 4 | 5 | agent: 6 | image: portainer/agent:2.6.3 7 | container_name: agent_portainer 8 | security_opt: 9 | - no-new-privileges:true 10 | restart: always 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | - /var/lib/docker/volumes:/var/lib/docker/volumes 14 | ports: 15 | - "${PORTAINER_AGENT_PORT}:9001" 16 | -------------------------------------------------------------------------------- /config/nginx/conf.d/webp.conf: -------------------------------------------------------------------------------- 1 | ## Chrome/65 accept : image/webp,image/apng,image/*,*/*;q=0.8 2 | ## Firefox/58 accept: */* 3 | ## iPhone5s accept: */* 4 | map $http_accept $img_suffix { 5 | "~*webp" ".webp"; 6 | "~*jxr" ".jxr"; 7 | } 8 | ## https://github.com/cdowdy/Nginx-Content-Negotiation/blob/master/nginx.conf 9 | map $msie $cache_control { 10 | "1" "private"; 11 | } 12 | map $msie $vary_header { 13 | default "Accept"; 14 | "1" ""; 15 | } -------------------------------------------------------------------------------- /templates/emails/default/packages-tpl.html: -------------------------------------------------------------------------------- 1 |
3 | Packages Status: {{packages_status}} {{packages_status_icon}}
4 |
6 |
{{packages_status_details}}
7 |
-------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/sshd_config: -------------------------------------------------------------------------------- 1 | AllowUsers broobe_sftp_user 2 | 3 | ChallengeResponseAuthentication no 4 | UsePAM no 5 | PrintMotd no 6 | X11Forwarding no 7 | AllowTcpForwarding no 8 | AllowAgentForwarding no 9 | PermitTunnel no 10 | 11 | Subsystem sftp internal-sftp 12 | Match Group sftp 13 | ChrootDirectory %h 14 | X11Forwarding no 15 | AllowTcpForwarding no 16 | AllowAgentForwarding no 17 | PermitTunnel no 18 | ForceCommand internal-sftp -------------------------------------------------------------------------------- /config/nginx/sites-available/phpmyadmin_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | root /var/www/domain.com; 7 | index index.php index.html index.htm; 8 | 9 | server_name domain.com; 10 | 11 | location / { 12 | try_files $uri $uri/ /index.php?q=$uri&$args; 13 | } 14 | 15 | location ~ \.php$ { 16 | include snippets/fastcgi-php.conf; 17 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /config/netdata/health.d/php-fpm.conf: -------------------------------------------------------------------------------- 1 | template: phpfpm_max_children_reached 2 | on: phpfpm.performance 3 | calc: $max_children_reached 4 | units: times 5 | every: 5m 6 | crit: $this > 0 7 | info: number of times phpfmp has reached max children 8 | to: webmaster 9 | 10 | template: phpfpm_local_requests 11 | on: phpfpm_local.requests 12 | calc: $phpfpm_local_requests 13 | units: times 14 | every: 5m 15 | crit: $this > 0 16 | info: number of times phpfmp has reached max children 17 | to: webmaster -------------------------------------------------------------------------------- /tools/third-party/bench_scripts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.2-alpha16 5 | ################################################################################ 6 | # 7 | # Ref: https://github.com/haydenjames/bench-scripts 8 | # 9 | 10 | log_event "info" "Running Benchmark ..." "true" 11 | 12 | (curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee benchmark_nench.log 13 | 14 | log_event "info" "Benchmark finished" "true" 15 | 16 | menu_main_options -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | 5 | portainer: 6 | image: portainer/portainer-ce 7 | container_name: portainer 8 | command: -H unix:///var/run/docker.sock 9 | restart: unless-stopped 10 | environment: 11 | - VIRTUAL_HOST=${VIRTUAL_HOST} 12 | - VIRTUAL_PORT=${PORTAINER_PORT} 13 | ports: 14 | - ${PORTAINER_PORT}:9000 15 | volumes: 16 | - /var/run/docker.sock:/var/run/docker.sock 17 | - ${PORTAINER_DATA}:/data 18 | 19 | volumes: 20 | portainer_data: -------------------------------------------------------------------------------- /.claude/settings.local.json: -------------------------------------------------------------------------------- 1 | { 2 | "permissions": { 3 | "allow": [ 4 | "Bash(bash -n:*)", 5 | "Bash(chmod:*)", 6 | "Bash(./runner.sh:*)", 7 | "Bash(TERM=xterm ./runner.sh:*)", 8 | "Bash(/tmp/commons_new.sh)", 9 | "Bash(echo:*)", 10 | "Bash(./TEST_NOTIFICATION_TYPES.sh:*)", 11 | "Bash(find:*)", 12 | "Bash(cat:*)", 13 | "Bash(command -v yq:*)", 14 | "Bash(command -v:*)", 15 | "Bash(borgmatic:*)", 16 | "Bash(nginx -t:*)", 17 | "Bash(certbot show_account:*)" 18 | ], 19 | "deny": [], 20 | "ask": [] 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /config/nginx/globals/php_fastcgi.conf: -------------------------------------------------------------------------------- 1 | # 404 2 | try_files $fastcgi_script_name =404; 3 | 4 | # default fastcgi_params 5 | include fastcgi_params; 6 | 7 | # fastcgi settings 8 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 9 | fastcgi_index index.php; 10 | fastcgi_buffers 8 16k; 11 | fastcgi_buffer_size 32k; 12 | 13 | # fastcgi params 14 | fastcgi_param DOCUMENT_ROOT $realpath_root; 15 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 16 | fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/"; -------------------------------------------------------------------------------- /templates/emails/default/notification-alert-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | ⛔ {{title}}
5 |
7 | {{content}} 8 |
9 |
10 | -------------------------------------------------------------------------------- /templates/emails/default/notification-info-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | ℹ️ {{title}}
5 |
7 | {{content}} 8 |
9 |
10 | -------------------------------------------------------------------------------- /templates/emails/default/notification-success-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | ✅ {{title}}
5 |
7 | {{content}} 8 |
9 |
10 | -------------------------------------------------------------------------------- /templates/emails/default/notification-warning-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | ⚠️ {{title}}
5 |
7 | {{content}} 8 |
9 |
10 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/user.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | echo "---> Creating SSH alias user" 5 | 6 | usermod -s /bin/bash www-data 7 | 8 | if ! id "${SSH_MASTER_USER}" >/dev/null 2>&1; then 9 | useradd \ 10 | --non-unique \ 11 | -u 33 \ 12 | -g 33 \ 13 | -M \ 14 | -s /bin/bash \ 15 | "${SSH_MASTER_USER}" 16 | fi 17 | 18 | if [ ! -d /home/${SSH_MASTER_USER} ]; then 19 | mkdir -p /home/${SSH_MASTER_USER} 20 | chown 33:33 /home/${SSH_MASTER_USER} 21 | chmod 755 /home/${SSH_MASTER_USER} 22 | fi 23 | 24 | echo "${SSH_MASTER_USER}:${SSH_MASTER_PASS}" | chpasswd -------------------------------------------------------------------------------- /templates/emails/default/server_info-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Server Status: {{server_status}} {{server_status_icon}}
5 |
7 | Server IPv4: {{server_ipv4}}
8 | Server IPv6: {{server_ipv6}}
9 | Disk usage: {{disk_usage}}
10 |
11 |
-------------------------------------------------------------------------------- /templates/emails/default/backup_files-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Files Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12-slim 2 | 3 | ARG SSH_MASTER_USER 4 | ARG SSH_MASTER_PASS 5 | 6 | RUN apt-get update \ 7 | && apt-get install -y --no-install-recommends \ 8 | vim \ 9 | sudo \ 10 | openssh-server 11 | 12 | COPY ssh_config /etc/ssh/ssh_config 13 | COPY sshd_config /etc/ssh/sshd_config 14 | 15 | COPY user.sh /usr/local/bin/user.sh 16 | RUN chmod +x /usr/local/bin/user.sh 17 | RUN /usr/local/bin/user.sh 18 | RUN rm /usr/local/bin/user.sh 19 | 20 | COPY entrypoint.sh /usr/local/bin/entrypoint.sh 21 | RUN chmod +x /usr/local/bin/entrypoint.sh 22 | 23 | ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] 24 | 25 | CMD tail -f /dev/null -------------------------------------------------------------------------------- /templates/emails/default/backup_configuration-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Config Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /templates/emails/default/backup_databases-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Database Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
13 | -------------------------------------------------------------------------------- /config/nginx/sites-available/cockpit_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | location / { 8 | # Required to proxy the connection to Cockpit 9 | proxy_pass https://127.0.0.1:PROXY_PORT; 10 | proxy_set_header Host $host; 11 | proxy_set_header X-Forwarded-Proto $scheme; 12 | 13 | # Required for web sockets to function 14 | proxy_http_version 1.1; 15 | proxy_buffering off; 16 | proxy_set_header Upgrade $http_upgrade; 17 | proxy_set_header Connection "upgrade"; 18 | 19 | # Pass ETag header from Cockpit to clients. 20 | # See: https://github.com/cockpit-project/cockpit/issues/5239 21 | gzip off; 22 | } 23 | 24 | } -------------------------------------------------------------------------------- /templates/emails/default/certificates-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Certificates on server: {{certificates_status}} {{certificates_status_icon}}
5 |
7 | Sites certificate expiration days:
8 |
9 | {{certificates_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /config/netdata/health.d/anomalies.conf: -------------------------------------------------------------------------------- 1 | # raise a warning alarm if an anomaly probability is consistently above 70% 2 | 3 | template: anomalies_anomaly_probabilities 4 | on: anomalies.probability 5 | class: Errors 6 | type: Netdata 7 | component: ML 8 | lookup: average -30m foreach * 9 | every: 15m 10 | warn: $this > 70 11 | info: average anomaly probability over the last 30 minutes 12 | 13 | # raise a warning alarm if an anomaly flag is consistently firing 14 | 15 | template: anomalies_anomaly_flags 16 | on: anomalies.anomaly 17 | class: Errors 18 | type: Netdata 19 | component: ML 20 | lookup: sum -30m foreach * 21 | every: 15m 22 | warn: $this > 10 23 | info: number of anomalies in the last 30 minutes 24 | -------------------------------------------------------------------------------- /tools/monitor_docker_mysql.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Get a list of all running containers with "mysql" in their name 4 | running_containers=$(docker ps --filter "ancestor=mysql" --format "{{.Names}}") 5 | 6 | if [[ -z "$running_containers" ]]; then 7 | #echo "No MySQL containers are running." 8 | exit 1 9 | else 10 | # Loop through each container and check its status 11 | for container in $running_containers; do 12 | # Chequear si el contenedor responde a un simple query 13 | if ! docker exec "$container" mysqladmin ping -h 127.0.0.1 --silent; then 14 | #echo "MySQL container $container is not responding." 15 | exit 1 16 | fi 17 | done 18 | fi 19 | 20 | #echo "All MySQL containers are running and responding." 21 | exit 0 22 | -------------------------------------------------------------------------------- /config/nginx/globals/pagespeed.conf: -------------------------------------------------------------------------------- 1 | # enable pagespeed module on this server block 2 | pagespeed on; 3 | 4 | # Needs to exist and be writable by nginx. Use tmpfs for best performance. 5 | pagespeed FileCachePath /var/ngx_pagespeed_cache; 6 | 7 | # Ensure requests for pagespeed optimized resources go to the pagespeed handler 8 | # and no extraneous headers get set. 9 | location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { 10 | add_header "" ""; 11 | } 12 | 13 | location ~ "^/pagespeed_static/" { } 14 | location ~ "^/ngx_pagespeed_beacon$" { } 15 | 16 | pagespeed RewriteLevel CoreFilters; 17 | 18 | pagespeed EnableFilters collapse_whitespace; 19 | pagespeed EnableFilters lazyload_images; 20 | pagespeed EnableFilters insert_dns_prefetch; 21 | pagespeed EnableFilters prioritize_critical_css; -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:7.4-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php7.4-bcmath \ 9 | php7.4-bz2 \ 10 | php7.4-intl \ 11 | php7.4-imap \ 12 | php7.4-imagick \ 13 | php7.4-mysql \ 14 | php7.4-yaml \ 15 | php7.4-gd \ 16 | php7.4-redis; \ 17 | apt-get clean; \ 18 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 19 | 20 | COPY php-ini-overrides.ini /etc/php/7.4/fpm/conf.d/z-overrides.ini 21 | COPY opcache-prod.ini /etc/php/7.4/fpm/conf.d/z-opcache.ini 22 | COPY php-fpm-pool-prod.conf /etc/php/7.4/fpm/pool.d/z-optimised.conf 23 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:7.4-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php7.4-bcmath \ 9 | php7.4-bz2 \ 10 | php7.4-intl \ 11 | php7.4-imap \ 12 | php7.4-imagick \ 13 | php7.4-mysql \ 14 | php7.4-yaml \ 15 | php7.4-gd \ 16 | php7.4-redis; \ 17 | apt-get clean; \ 18 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 19 | 20 | COPY php-ini-overrides.ini /etc/php/7.4/fpm/conf.d/z-overrides.ini 21 | COPY opcache-prod.ini /etc/php/7.4/fpm/conf.d/z-opcache.ini 22 | COPY php-fpm-pool-prod.conf /etc/php/7.4/fpm/pool.d/z-optimised.conf 23 | -------------------------------------------------------------------------------- /config/teleport/teleport_server.yaml: -------------------------------------------------------------------------------- 1 | version: v2 2 | teleport: 3 | nodename: TELEPORT_NODENAME 4 | data_dir: /var/lib/teleport 5 | log: 6 | output: stderr 7 | severity: INFO 8 | format: 9 | output: text 10 | ca_pin: [] 11 | diag_addr: "" 12 | auth_service: 13 | enabled: "yes" 14 | listen_addr: 0.0.0.0:3025 15 | cluster_name: TELEPORT_CLUSTER_NAME 16 | proxy_listener_mode: multiplex 17 | ssh_service: 18 | enabled: "yes" 19 | labels: 20 | env: SERVER_ENV 21 | type: SERVER_TYPE 22 | role: SERVER_ROLE 23 | commands: 24 | - name: hostname 25 | command: [hostname] 26 | period: 1m0s 27 | proxy_service: 28 | enabled: "yes" 29 | web_listen_addr: 0.0.0.0:443 30 | public_addr: TELEPORT_CLUSTER_DOMAIN:443 31 | https_keypairs: [] 32 | acme: 33 | enabled: "yes" 34 | email: TELEPORT_EMAIL 35 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.3_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /utils/it_utils_manager_deprecated.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.6 5 | ################################################################################ 6 | # 7 | # DEPRECATED: This file has been replaced by Environment Manager. 8 | # Kept for reference only. Will be removed in version 3.4.0. 9 | # 10 | # Migration: 11 | # it_utils_menu() -> environment_manager_menu() 12 | # Located in: utils/environment_manager.sh 13 | # 14 | ################################################################################ 15 | 16 | # This file is intentionally empty and serves as a placeholder. 17 | # All functionality has been migrated to: 18 | # - utils/environment_manager.sh 19 | # - utils/environment_manager_host.sh 20 | # - utils/environment_manager_docker.sh 21 | # - libs/apps/docker_optimizer_helper.sh 22 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.3_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /cron/brolit_ui_tasks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | ### Main dir check 8 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 9 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BROLIT_MAIN_DIR}")" && pwd) 10 | if [[ -z ${BROLIT_MAIN_DIR} ]]; then 11 | exit 1 # error; the path is not accessible 12 | fi 13 | 14 | # shellcheck source=${BROLIT_MAIN_DIR}/brolit_lite.sh 15 | source "${BROLIT_MAIN_DIR}/brolit_lite.sh" 16 | 17 | ################################################################################ 18 | 19 | show_server_data "true" 20 | dropbox_get_sites_backups "true" 21 | firewall_get_apps_details "true" 22 | list_packages_ready_to_upgrade "true" 23 | show_backup_information "true" 24 | retrieve_cron_jobs "true" -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.0-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.0-bz2 \ 9 | php8.0-gd \ 10 | php8.0-imagick \ 11 | php8.0-imap \ 12 | php8.0-intl \ 13 | php8.0-mcrypt \ 14 | php8.0-mysql \ 15 | php8.0-oauth \ 16 | php8.0-pgsql \ 17 | php8.0-redis \ 18 | php8.0-xdebug \ 19 | php8.0-xmlrpc; \ 20 | apt-get clean; \ 21 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 22 | 23 | COPY php-ini-overrides.ini /etc/php/8.0/fpm/conf.d/z-overrides.ini 24 | COPY opcache-prod.ini /etc/php/8.0/fpm/conf.d/z-opcache.ini 25 | COPY php-fpm-pool-prod.conf /etc/php/8.0/fpm/pool.d/z-optimised.conf 26 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.0-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.0-raphf \ 9 | php8.0-bz2 \ 10 | php8.0-gd \ 11 | php8.0-imagick \ 12 | php8.0-imap \ 13 | php8.0-intl \ 14 | php8.0-mcrypt \ 15 | php8.0-mysql \ 16 | php8.0-oauth \ 17 | php8.0-pgsql \ 18 | php8.0-redis \ 19 | php8.0-xdebug \ 20 | php8.0-xmlrpc; \ 21 | apt-get clean; \ 22 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 23 | 24 | COPY php-ini-overrides.ini /etc/php/8.0/fpm/conf.d/z-overrides.ini 25 | COPY opcache-prod.ini /etc/php/8.0/fpm/conf.d/z-opcache.ini 26 | COPY php-fpm-pool-prod.conf /etc/php/8.0/fpm/pool.d/z-optimised.conf 27 | -------------------------------------------------------------------------------- /config/nginx/sites-available/portainer_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | access_log off; 8 | #error_log /var/log/nginx/portainer.error.log error; 9 | 10 | keepalive_timeout 70; 11 | client_max_body_size 50m; 12 | 13 | location / { 14 | proxy_pass http://127.0.0.1:PROXY_PORT; 15 | proxy_http_version 1.1; 16 | proxy_set_header Upgrade $http_upgrade; 17 | proxy_set_header Connection "Upgrade"; 18 | proxy_set_header Host $host; 19 | } 20 | location /api/websocket/ { 21 | proxy_pass http://127.0.0.1:PROXY_PORT/api/websocket/; 22 | proxy_http_version 1.1; 23 | proxy_set_header Upgrade $http_upgrade; 24 | proxy_set_header Connection "Upgrade"; 25 | proxy_set_header Host $host; 26 | } 27 | 28 | } -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.2-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.2-raphf \ 9 | php8.2-bcmath \ 10 | php8.2-bz2 \ 11 | php8.2-gd \ 12 | php8.2-gmagick \ 13 | php8.2-gmp \ 14 | php8.2-grpc \ 15 | php8.2-imap \ 16 | php8.2-mysql \ 17 | php8.2-pgsql \ 18 | php8.2-redis \ 19 | php8.2-tidy \ 20 | php8.2-xdebug \ 21 | php8.2-xmlrpc \ 22 | php8.2-yaml \ 23 | php8.2-zstd; \ 24 | apt-get clean; \ 25 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 26 | 27 | COPY php-ini-overrides.ini /etc/php/8.2/fpm/conf.d/z-overrides.ini 28 | COPY opcache-prod.ini /etc/php/8.2/fpm/conf.d/z-opcache.ini 29 | COPY php-fpm-pool-prod.conf /etc/php/8.2/fpm/pool.d/z-optimised.conf 30 | -------------------------------------------------------------------------------- /utils/installers/docker-compose/netdata_agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | netdata: 6 | image: netdata/netdata:${NETDATA_VERSION} 7 | container_name: agent_netdata 8 | hostname: ${NETDATA_DOMAIN} # set to fqdn of host 9 | ports: 10 | - ${NETDATA_PORT}:19999 11 | restart: unless-stopped 12 | cap_add: 13 | - SYS_PTRACE 14 | security_opt: 15 | - apparmor:unconfined 16 | volumes: 17 | - netdataconfig:/etc/netdata 18 | - netdatalib:/var/lib/netdata 19 | - netdatacache:/var/cache/netdata 20 | - /etc/passwd:/host/etc/passwd:ro 21 | - /etc/group:/host/etc/group:ro 22 | - /proc:/host/proc:ro 23 | - /sys:/host/sys:ro 24 | - /etc/os-release:/host/etc/os-release:ro 25 | environment: 26 | - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN} 27 | - NETDATA_CLAIM_URL=https://app.netdata.cloud 28 | - NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS} 29 | 30 | volumes: 31 | netdataconfig: 32 | netdatalib: 33 | netdatacache: -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.1-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.1-bcmath \ 9 | php8.1-raphf \ 10 | php8.1-bz2 \ 11 | php8.1-cgi \ 12 | php8.1-gd \ 13 | php8.1-grpc \ 14 | php8.1-http \ 15 | php8.1-intl \ 16 | php8.1-imagick \ 17 | php8.1-imap \ 18 | php8.1-inotify \ 19 | php8.1-mcrypt \ 20 | php8.1-mysql \ 21 | php8.1-redis \ 22 | php8.1-xmlrpc \ 23 | php8.1-yaml \ 24 | php8.1-zstd; \ 25 | apt-get clean; \ 26 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 27 | 28 | COPY php-ini-overrides.ini /etc/php/8.1/fpm/conf.d/z-overrides.ini 29 | COPY opcache-prod.ini /etc/php/8.1/fpm/conf.d/z-opcache.ini 30 | COPY php-fpm-pool-prod.conf /etc/php/8.1/fpm/pool.d/z-optimised.conf 31 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.1-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.1-bcmath \ 9 | php8.1-raphf \ 10 | php8.1-bz2 \ 11 | php8.1-cgi \ 12 | php8.1-gd \ 13 | php8.1-grpc \ 14 | php8.1-http \ 15 | php8.1-intl \ 16 | php8.1-imagick \ 17 | php8.1-imap \ 18 | php8.1-inotify \ 19 | php8.1-mcrypt \ 20 | php8.1-mysql \ 21 | php8.1-redis \ 22 | php8.1-xmlrpc \ 23 | php8.1-yaml \ 24 | php8.1-zstd; \ 25 | apt-get clean; \ 26 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 27 | 28 | COPY php-ini-overrides.ini /etc/php/8.1/fpm/conf.d/z-overrides.ini 29 | COPY opcache-prod.ini /etc/php/8.1/fpm/conf.d/z-opcache.ini 30 | COPY php-fpm-pool-prod.conf /etc/php/8.1/fpm/pool.d/z-optimised.conf 31 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.3_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2020 Leandro Padula 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 6 | associated documentation files (the "Software"), to deal in the Software without restriction, 7 | including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 9 | subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all copies or substantial 12 | portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 15 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /config/nginx/sites-available/html_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /var/www/domain.com; 8 | 9 | index index.html; 10 | 11 | # Log 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | ### INC 15 | #include /var/www/domain.com/nginx.conf; 16 | 17 | ### PERF 18 | #gzip_static on; 19 | 20 | ### SEC 21 | #include /etc/nginx/globals/security.conf; 22 | 23 | server_tokens off; 24 | 25 | #### SECURITY HEADERS 26 | add_header X-Frame-Options SAMEORIGIN; 27 | add_header Strict-Transport-Security "max-age=31536000"; 28 | add_header X-Content-Type-Options nosniff; 29 | add_header X-XSS-Protection "1; mode=block"; 30 | add_header Referrer-Policy "same-origin"; 31 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 32 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 33 | 34 | } -------------------------------------------------------------------------------- /tools/third-party/blacklist-checker/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Anders Aarvik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/.env: -------------------------------------------------------------------------------- 1 | # PHP .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | COMPOSE_PROJECT_NAME= 5 | 6 | ## PROJECT 7 | PROJECT_NAME= 8 | PROJECT_DOMAIN= 9 | PROJECT_ALT_DOMAINS= 10 | 11 | ## SYSTEM USER 12 | APP_USER_ID=1000 13 | APP_GROUP_ID=1000 14 | 15 | ## PHP 16 | PHP_VERSION= 17 | 18 | # WEBSERVER 19 | WEBSERVER_PORT= 20 | WWW_DATA_DIR=./application 21 | 22 | ## MYSQL 23 | MYSQL_DATABASE= 24 | MYSQL_USER= 25 | MYSQL_PASSWORD= 26 | MYSQL_ROOT_PASSWORD= 27 | MYSQL_DATA_DIR=./mysql_data 28 | 29 | ## REDIS 30 | REDIS_DATA=./redis 31 | 32 | ## PHPMYADMIN 33 | PHPMYADMIN_DOMAIN= 34 | PHPMYADMIN_PORT= 35 | PHPMYADMIN_DATA=./phpmyadmin 36 | 37 | ## SSH 38 | SSH_HOST_PORT= 39 | SSH_MASTER_USER= 40 | SSH_MASTER_PASS= 41 | 42 | ## WATCHTOWER 43 | WATCHTOWER_CLEANUP=true 44 | WATCHTOWER_SCHEDULE="0 0 4 * * *" 45 | WATCHTOWER_LOG_LEVEL=info 46 | WATCHTOWER_NOTIFICATIONS=email 47 | WATCHTOWER_NOTIFICATION_EMAIL_FROM= 48 | WATCHTOWER_NOTIFICATION_EMAIL_TO= 49 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER= 50 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT= 51 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER= 52 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD= 53 | WATCHTOWER_NOTIFICATION_EMAIL_DELAY= -------------------------------------------------------------------------------- /config/nginx/globals/security.conf: -------------------------------------------------------------------------------- 1 | # Generic security enhancements. Use https://securityheaders.io to test 2 | # and recommend further improvements. 3 | 4 | # Hide Nginx version in error messages and reponse headers. 5 | server_tokens off; 6 | 7 | # Don't allow pages to be rendered in an iframe on external domains. 8 | add_header X-Frame-Options "SAMEORIGIN" always; 9 | 10 | # MIME sniffing prevention 11 | add_header X-Content-Type-Options "nosniff" always; 12 | 13 | # Enable cross-site scripting filter in supported browsers. 14 | add_header X-Xss-Protection "1; mode=block" always; 15 | 16 | # Whitelist sources which are allowed to load assets (JS, CSS, etc). The following will block 17 | # only none HTTPS assets, but check out https://scotthelme.co.uk/content-security-policy-an-introduction/ 18 | # for an in-depth guide on creating a more restrictive policy. 19 | # add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; 20 | 21 | location /.git { deny all; } 22 | location /.htaccess { deny all; } 23 | location /.htpasswd { deny all; } 24 | location /.user.ini { deny all; } 25 | 26 | # . files 27 | location ~ /\.(?!well-known) { 28 | deny all; 29 | } -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_mu_subdomain.conf: -------------------------------------------------------------------------------- 1 | map $http_host $blogid { 2 | default -999; 3 | 4 | #Ref: https://wordpress.org/extend/plugins/nginx-helper/ 5 | #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; 6 | 7 | } 8 | 9 | server { 10 | server_name domain.com *.domain.com ; 11 | 12 | root /var/www/domain.com/htdocs; 13 | index index.php; 14 | 15 | location / { 16 | try_files $uri $uri/ /index.php?$args ; 17 | } 18 | 19 | location ~ \.php$ { 20 | try_files $uri =404; 21 | include fastcgi_params; 22 | fastcgi_pass php; 23 | } 24 | 25 | #WPMU Files 26 | location ~ ^/files/(.*)$ { 27 | try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file="${1}" ; 28 | access_log off; log_not_found off; expires max; 29 | } 30 | 31 | #WPMU x-sendfile to avoid php readfile() 32 | location ^~ /blogs.dir { 33 | internal; 34 | alias /var/www/domain.com/htdocs/wp-content/blogs.dir; 35 | access_log off; log_not_found off; expires max; 36 | } 37 | 38 | #add some rules for static content expiry-headers here 39 | } -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.3_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /tests/test-environment/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | # Set environment variable for non-interactive installation 4 | ENV DEBIAN_FRONTEND=noninteractive 5 | 6 | # Install required packages 7 | RUN apt-get update && \ 8 | apt-get install -y \ 9 | borgbackup \ 10 | python3-pip \ 11 | jq \ 12 | yq \ 13 | whiptail \ 14 | sshfs \ 15 | curl \ 16 | wget \ 17 | git \ 18 | sudo \ 19 | vim \ 20 | iproute2 \ 21 | iputils-ping \ 22 | openssh-server && \ 23 | pip3 install borgmatic && \ 24 | apt-get clean && \ 25 | rm -rf /var/lib/apt/lists/* 26 | 27 | # Create necessary directories 28 | RUN mkdir -p /etc/borgmatic.d /root/.config/borg /run/sshd 29 | 30 | # Copy brolit-shell files 31 | COPY . /brolit-shell 32 | 33 | # Set working directory 34 | WORKDIR /brolit-shell 35 | 36 | # Configure SSH 37 | RUN echo 'root:root' | chpasswd && \ 38 | sed -i 's/#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config && \ 39 | sed -i 's/#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config 40 | 41 | # Expose SSH port 42 | EXPOSE 22 43 | 44 | # Start SSH service and keep container running 45 | CMD ["/usr/sbin/sshd", "-D"] 46 | -------------------------------------------------------------------------------- /config/promtail/config-promtail.yml: -------------------------------------------------------------------------------- 1 | server: 2 | http_listen_port: PROMTAIL_PORT 3 | grpc_listen_port: 0 4 | 5 | positions: 6 | filename: /tmp/positions.yml 7 | 8 | clients: 9 | - url: LOKI_HOST_URL:LOKI_PORT_URL/loki/api/v1/push 10 | 11 | scrape_configs: 12 | # system logs 13 | - job_name: system 14 | # system logs 15 | static_configs: 16 | - targets: 17 | - localhost 18 | labels: 19 | job: varlogs 20 | __path__: /var/log/*log 21 | host: ${HOSTNAME} 22 | - job_name: nginx_host 23 | # nginx logs 24 | static_configs: 25 | - targets: 26 | - localhost 27 | labels: 28 | job: nginx_host 29 | __path__: /var/log/nginx/*.log 30 | host: ${HOSTNAME} 31 | - job_name: mysql_host 32 | # mysql logs 33 | static_configs: 34 | - targets: 35 | - localhost 36 | labels: 37 | job: mysql_host 38 | __path__: /var/log/mysql/*log 39 | host: ${HOSTNAME} 40 | - job_name: docker 41 | # docker logs 42 | pipeline_stages: 43 | - docker: {} 44 | static_configs: 45 | - labels: 46 | job: docker 47 | __path__: /var/lib/docker/containers/*/*-json.log 48 | host: ${HOSTNAME} -------------------------------------------------------------------------------- /config/borg/borgmatic.template-docker.yml: -------------------------------------------------------------------------------- 1 | constants: 2 | 3 | # Project & Hostname 4 | project: project_domain 5 | group: group_server 6 | hostname: hostname_server 7 | 8 | # Servers 9 | user_1: user_1 10 | server_1: server_or_ip_1 11 | port_1: port_1 12 | 13 | user_2: user_2 14 | server_2: server_or_ip_2 15 | port_2: port_2 16 | 17 | # List of source directories and files to back up 18 | source_directories: 19 | - /var/www/{project} 20 | 21 | exclude_patterns: 22 | - '*.o' 23 | - '*.log' 24 | - '*.tmp' 25 | - '*.cache' 26 | - '*.git' 27 | 28 | archive_name_format: '{project}_site-files-{now:%Y-%m-%dT%H:%M:%S}' 29 | 30 | # Retention policy 31 | keep_monthly: 6 32 | keep_yearly: 1 33 | 34 | checks: 35 | - name: archives 36 | - name: repository 37 | frequency: 2 weeks 38 | 39 | check_last: 3 40 | 41 | # Backup hooks 42 | before_backup: 43 | - docker compose -f /var/www/{project}/docker-compose.yml pause 44 | 45 | after_backup: 46 | - docker compose -f /var/www/{project}/docker-compose.yml unpause 47 | - docker compose -f /var/www/{project}/docker-compose.yml logs -t > /var/log/{project}_docker.log 48 | 49 | on_error: 50 | - send_notification "Borgmatic" "Error during backup for {project}" "alert" 51 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/.env: -------------------------------------------------------------------------------- 1 | # WORDPRESS .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | COMPOSE_PROJECT_NAME= 5 | 6 | ## PROJECT 7 | PROJECT_NAME= 8 | PROJECT_DOMAIN= 9 | PROJECT_ALT_DOMAINS= 10 | 11 | ## SYSTEM USER 12 | APP_USER_ID=1000 13 | APP_GROUP_ID=1000 14 | 15 | ## WEBSERVER 16 | WP_PORT= 17 | WWW_DATA_DIR=./wordpress 18 | WORDPRESS_TABLE_PREFIX=wp_ 19 | 20 | ## PHP 21 | PHP_VERSION=8.1 22 | 23 | ## MYSQL 24 | MYSQL_DATABASE=db_name 25 | MYSQL_USER=db_user 26 | MYSQL_PASSWORD=db_user_pass 27 | MYSQL_ROOT_PASSWORD='root_pass' 28 | MYSQL_DATA_DIR=./mysql_data 29 | 30 | ## REDIS 31 | REDIS_DATA=./redis 32 | 33 | ## PHPMYADMIN 34 | PHPMYADMIN_DOMAIN= 35 | PHPMYADMIN_PORT= 36 | PHPMYADMIN_DATA=./phpmyadmin 37 | 38 | ## WATCHTOWER 39 | WATCHTOWER_CLEANUP=true 40 | WATCHTOWER_SCHEDULE="0 0 4 * * *" 41 | WATCHTOWER_LOG_LEVEL=info 42 | WATCHTOWER_NOTIFICATIONS=email 43 | WATCHTOWER_NOTIFICATION_EMAIL_FROM= 44 | WATCHTOWER_NOTIFICATION_EMAIL_TO= 45 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER= 46 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT= 47 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER= 48 | WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD= 49 | WATCHTOWER_NOTIFICATION_EMAIL_DELAY= 50 | 51 | ## SSH 52 | SSH_HOST_PORT= 53 | SSH_MASTER_USER= 54 | SSH_MASTER_PASS= -------------------------------------------------------------------------------- /runner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Script Name: BROLIT Shell 5 | # Version: 3.4 6 | ################################################################################ 7 | 8 | ### Environment checks 9 | [ "${BASH_VERSINFO:-0}" -lt 4 ] && { 10 | echo "At least BASH version 4 is required. Aborting..." >&2 11 | exit 2 12 | } 13 | 14 | ### Main dir check 15 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) 16 | if [[ -z "${BROLIT_MAIN_DIR}" ]]; then 17 | exit 1 # error; the path is not accessible 18 | fi 19 | 20 | ### Load Main library 21 | chmod +x "${BROLIT_MAIN_DIR}/libs/commons.sh" 22 | # shellcheck source=/root/brolit-shell/libs/commons.sh 23 | source "${BROLIT_MAIN_DIR}/libs/commons.sh" 24 | 25 | ### Init ####################################################################### 26 | 27 | if [[ $# -eq 0 ]]; then 28 | 29 | # Script initialization 30 | script_init "true" 31 | 32 | # RUNNING MAIN MENU 33 | menu_main_options 34 | 35 | else 36 | 37 | # RUNNING WITH FLAGS 38 | flags_handler $* #$* stores all arguments received when the script is runned 39 | 40 | fi 41 | 42 | # Script cleanup 43 | cleanup 44 | 45 | # Log End 46 | log_event "info" "Exiting script ..." "false" "1" -------------------------------------------------------------------------------- /config/motd/00-header: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Foreground Colours 4 | cyan='36' 5 | 6 | [ -r /etc/lsb-release ] && . /etc/lsb-release 7 | 8 | if [ -z "${DISTRIB_DESCRIPTION}" ] && [ -x /usr/bin/lsb_release ]; then 9 | # Fall back to using the very slow lsb_release utility 10 | DISTRIB_DESCRIPTION="$(lsb_release -s -d)" 11 | fi 12 | 13 | # If exists, clear MOTD 14 | [ -f /etc/motd ] && echo "" > /etc/motd 15 | 16 | # Print message 17 | ## Ref: http://patorjk.com/software/taag/ 18 | printf '\n%s' "" 19 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " .aMMMMP .aMMMb dMP dMP .aMMMb dMP dMP .aMMMb .aMMMb .aMMMb dMMMMb dMMMMMP " 20 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " dMP' dMP'dMP dMP dMP dMP'VMP dMP dMP dMP'dMP dMP'VMP dMP'dMP dMP VMP dMP " 21 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " dMP MMP'dMMMMMP dMP dMP dMP dMMMMMP dMP dMP dMP dMP dMP dMP dMP dMMMP " 22 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" "dMP.dMP dMP dMP dMP.aMP dMP.aMP dMP dMP dMP.aMP dMP.aMP dMP.aMP dMP.aMP dMP " 23 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" "VMMMP' dMP dMP VMMMP' VMMMP' dMP dMP VMMMP' VMMMP' VMMMP' dMMMMP' dMMMMMP " 24 | printf '\n%s' "" 25 | 26 | # if it is non-root user, skip 27 | [ "$(id -u)" -ne 0 ] && exit 0 28 | 29 | printf "%40s\n" "You are loggedin as root, please don't do anything stupid..." 30 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.2-fpm 2 | WORKDIR "/wordpress" 3 | 4 | # This image use the composer v2 5 | # If for whatever reason you need to roll back to v1, uncomment the following line: 6 | # COPY --from=composer:1 /usr/bin/composer /usr/bin/composer 7 | 8 | # Extensions already included on base image: 9 | # APC, cURL, JSON, Sodium, MBString, OPCache, Readline, XML and Zip 10 | RUN apt-get update; \ 11 | apt-get -y --no-install-recommends install \ 12 | vim \ 13 | git \ 14 | php8.2-bcmath \ 15 | php8.2-raphf \ 16 | php8.2-bz2 \ 17 | php8.2-gd \ 18 | php8.2-gmagick \ 19 | php8.2-gmp \ 20 | php8.2-grpc \ 21 | php8.2-imap \ 22 | php8.2-mysql \ 23 | php8.2-pgsql \ 24 | php8.2-redis \ 25 | php8.2-tidy \ 26 | php8.2-xdebug \ 27 | php8.2-xmlrpc \ 28 | php8.2-yaml \ 29 | php8.2-zstd; \ 30 | apt-get clean; \ 31 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 32 | 33 | COPY php-ini-overrides.ini /etc/php/8.2/fpm/conf.d/z-overrides.ini 34 | COPY opcache-prod.ini /etc/php/8.2/fpm/conf.d/z-opcache.ini 35 | COPY php-fpm-pool-prod.conf /etc/php/8.2/fpm/pool.d/z-optimised.conf 36 | -------------------------------------------------------------------------------- /tests/test_nginx_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_nginx_helper_functions() { 8 | 9 | test_nginx_server_change_phpv 10 | 11 | } 12 | 13 | function test_nginx_server_change_phpv() { 14 | 15 | local nginx_server_file 16 | 17 | log_subsection "Test: test_nginx_server_change_phpv" 18 | 19 | nginx_server_file="wordpress_single.conf" 20 | 21 | cp "${BROLIT_MAIN_DIR}/config/nginx/sites-available/wordpress_single" "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" 22 | 23 | # First, we need to set a PHPV on file 24 | php_set_version_on_config "7.2" "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" 25 | 26 | # Function to test 27 | nginx_server_change_phpv "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" "7.4" 28 | 29 | # Get php version 30 | current_php_v=$(nginx_server_get_current_phpv "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}") 31 | if [[ ${current_php_v} == "7.4" ]]; then 32 | display --indent 6 --text "- test_nginx_server_change_phpv" --result "PASS" --color WHITE 33 | else 34 | display --indent 6 --text "- test_nginx_server_change_phpv" --result "FAIL" --color RED 35 | fi 36 | 37 | } -------------------------------------------------------------------------------- /tests/test_project_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_project_helper_funtions() { 8 | 9 | local project_domain="dev.gauchocode.com" 10 | 11 | #test_project_install "${PROJECTS_PATH}" "wordpress" 12 | test_project_set_brolit_config_var "${PROJECTS_PATH}/${project_domain}" "project_db" "broobe_dev" 13 | 14 | } 15 | 16 | function test_project_install() { 17 | 18 | local project_path 19 | local project_type 20 | local project_domain 21 | local project_name 22 | local project_stage 23 | 24 | project_path="${PROJECTS_PATH}" 25 | project_type="wordpress" 26 | project_domain="test.domain.com" 27 | project_name="domain" 28 | project_stage="test" 29 | 30 | project_install "${project_path}" "${project_type}" "${project_domain}" "${project_name}" "${project_stage}" 31 | 32 | project_delete "${project_domain}" "true" 33 | 34 | } 35 | 36 | function test_project_set_brolit_config_var() { 37 | 38 | local project_path="${1}" 39 | local config_field="${2}" 40 | local config_value="${3}" 41 | 42 | project_set_brolit_config_var "${project_path}" "${config_field}" "${config_value}" 43 | 44 | } -------------------------------------------------------------------------------- /utils/installers/wpcli_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | function wpcli_installer_menu() { 8 | 9 | WPCLI_INSTALLED="$(wpcli_check_if_installed)" 10 | 11 | if [[ ${WPCLI_INSTALLED} == "true" ]]; then 12 | 13 | wpcli_options_title="WP-CLI INSTALLER" 14 | 15 | wp_cli_installer_options=( 16 | "01)" "UPDATE WP-CLI" 17 | "02)" "UNINSTALL WP-CLI" 18 | ) 19 | 20 | chosen_wp_cli_installer_option="$(whiptail --title "${wpcli_options_title}" --menu "Choose an option:" 20 78 10 $(for x in ${wp_cli_installer_options}; do echo "$x"; done) 3>&1 1>&2 2>&3)" 21 | 22 | exitstatus=$? 23 | if [[ ${exitstatus} -eq 0 ]]; then 24 | 25 | if [[ ${chosen_wp_cli_installer_option} == *"01"* ]]; then 26 | wpcli_update 27 | 28 | fi 29 | if [[ ${chosen_wp_cli_installer_option} == *"02"* ]]; then 30 | wpcli_uninstall 31 | 32 | fi 33 | 34 | else 35 | log_event "info" "Operation cancelled ..." "true" 36 | return 1 37 | 38 | fi 39 | 40 | else 41 | 42 | wpcli_install 43 | 44 | fi 45 | 46 | } 47 | -------------------------------------------------------------------------------- /updater.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | SCRIPT="$(readlink -f "$0")" 8 | SCRIPTFILE="$(basename "${SCRIPT}")" 9 | #SCRIPTPATH="$(dirname "${SCRIPT}")" 10 | BRANCH="master" 11 | 12 | # Foreground/Text Colours 13 | GREEN='\E[32;40m' 14 | YELLOW='\E[33;40m' 15 | CYAN='\E[36;40m' 16 | ENDCOLOR='\033[0m' 17 | 18 | function _self_update() { 19 | 20 | # Store credentials on first git pull 21 | git config --global credential.helper store 22 | 23 | git fetch 24 | 25 | if git diff --name-only "origin/${BRANCH}" | grep -q "${SCRIPTFILE}"; then 26 | 27 | echo -e "${GREEN}Found a new version of BROLIT Shell, updating ...${ENDCOLOR}" 28 | 29 | git checkout --quiet "${BRANCH}" 30 | git reset --hard --quiet origin/master 31 | git pull --ff-only --force --quiet 32 | 33 | echo -e "${GREEN}Running chmod ...${ENDCOLOR}" 34 | find ./ -name "*.sh" -exec chmod +x {} \; 35 | 36 | echo -e "${CYAN}Now you can run the runner.sh, enjoy!${ENDCOLOR}" 37 | 38 | exit 1 39 | 40 | else 41 | 42 | echo -e "${YELLOW}Already the latest version.${ENDCOLOR}" 43 | 44 | fi 45 | 46 | } 47 | 48 | ############################################################################# 49 | 50 | _self_update 51 | -------------------------------------------------------------------------------- /config/nginx/sites-available/php_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /var/www/domain.com; 8 | 9 | index index.php; 10 | 11 | # Log 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | # Handle .php 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | location ~ \.php$ { 20 | include snippets/fastcgi-php.conf; 21 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 22 | } 23 | 24 | ### INC 25 | #include /var/www/domain.com/nginx.conf; 26 | 27 | ### PERF 28 | #gzip_static on; 29 | 30 | ### SEC 31 | #include /etc/nginx/globals/security.conf; 32 | 33 | server_tokens off; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | } -------------------------------------------------------------------------------- /utils/server_and_image_optimizations.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | # 7 | # Server and image optimizations Manager. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Menu for server optimizations 13 | # 14 | # Arguments: 15 | # none 16 | # 17 | # Outputs: 18 | # nothing 19 | ################################################################################ 20 | 21 | function server_optimizations_menu() { 22 | 23 | local server_optimizations_options 24 | local chosen_server_optimizations_options 25 | 26 | server_optimizations_options=( 27 | "01)" "DELETE OLD LOGS" 28 | "02)" "REMOVE OLD PACKAGES" 29 | "03)" "REDUCE RAM USAGE" 30 | ) 31 | chosen_server_optimizations_options=$(whiptail --title "SERVER OPTIMIZATIONS" --menu "\n" 20 78 10 "${server_optimizations_options[@]}" 3>&1 1>&2 2>&3) 32 | exitstatus=$? 33 | if [[ ${exitstatus} -eq 0 ]]; then 34 | 35 | [[ ${chosen_server_optimizations_options} == *"01"* ]] && delete_old_logs 36 | 37 | [[ ${chosen_server_optimizations_options} == *"02"* ]] && packages_remove_old 38 | 39 | [[ ${chosen_server_optimizations_options} == *"03"* ]] && optimize_ram_usage 40 | 41 | fi 42 | 43 | } 44 | -------------------------------------------------------------------------------- /config/nginx/sites-available/other_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /var/www/domain.com; 8 | 9 | index index.php index.html index.htm; 10 | 11 | # Log 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | # Handle requests 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | # Handle .php 20 | location ~ \.php$ { 21 | include snippets/fastcgi-php.conf; 22 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 23 | } 24 | 25 | ### INC 26 | #include /var/www/domain.com/nginx.conf; 27 | 28 | ### PERF 29 | #gzip_static on; 30 | 31 | ### SEC 32 | #include /etc/nginx/globals/security.conf; 33 | 34 | server_tokens off; 35 | 36 | #### SECURITY HEADERS 37 | add_header X-Frame-Options SAMEORIGIN; 38 | add_header Strict-Transport-Security "max-age=31536000"; 39 | add_header X-Content-Type-Options nosniff; 40 | add_header X-XSS-Protection "1; mode=block"; 41 | add_header Referrer-Policy "same-origin"; 42 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 43 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 44 | 45 | } 46 | -------------------------------------------------------------------------------- /config/borg/borgmatic.template-postgres.yml: -------------------------------------------------------------------------------- 1 | constants: 2 | 3 | # Project & Hostname 4 | project: project_domain 5 | group: group_server 6 | hostname: hostname_server 7 | 8 | # Database credentials 9 | postgres_user: postgres_user 10 | postgres_password: postgres_password 11 | 12 | # Servers 13 | user_1: user_1 14 | server_1: server_or_ip_1 15 | port_1: port_1 16 | 17 | user_2: user_2 18 | server_2: server_or_ip_2 19 | port_2: port_2 20 | 21 | # List of source directories and files to back up 22 | source_directories: 23 | - /var/www/{project} 24 | 25 | exclude_patterns: 26 | - '*.o' 27 | - '*.log' 28 | - '*.tmp' 29 | - '*.cache' 30 | - '*.git' 31 | 32 | archive_name_format: '{project}_site-files-{now:%Y-%m-%dT%H:%M:%S}' 33 | 34 | # Retention policy 35 | keep_monthly: 6 36 | keep_yearly: 1 37 | 38 | checks: 39 | - name: archives 40 | - name: repository 41 | frequency: 2 weeks 42 | 43 | check_last: 3 44 | 45 | # Backup hooks 46 | before_backup: 47 | - pg_dumpall -U {postgres_user} -W{postgres_password} --clean > /tmp/{project}_backup.sql 48 | 49 | after_backup: 50 | - rm -f /tmp/{project}_backup.sql 51 | 52 | postgres_databases: 53 | - name: {database} 54 | username: {postgres_user} 55 | password: {postgres_password} 56 | format: sql 57 | options: --no-tablespaces 58 | 59 | on_error: 60 | - send_notification "Borgmatic" "Error during backup for {project}" "alert" 61 | -------------------------------------------------------------------------------- /config/nginx/sites-available/laravel_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | 5 | listen 80; 6 | 7 | server_name domain.com; 8 | 9 | root /var/www/domain.com/public; 10 | 11 | index index.html index.htm index.php; 12 | 13 | error_log /var/log/nginx/domain.com-error.log; 14 | 15 | error_page 404 /index.php; 16 | 17 | location / { 18 | try_files $uri $uri/ /index.php?q=$uri&$args; 19 | } 20 | 21 | location ~ \.php$ { 22 | include snippets/fastcgi-php.conf; 23 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 24 | fastcgi_buffering off; 25 | } 26 | 27 | ### INC 28 | #include /var/www/domain.com/nginx.conf; 29 | 30 | ### PERF 31 | gzip_static on; 32 | 33 | ### SEC 34 | #include /etc/nginx/globals/security.conf; 35 | 36 | server_tokens off; 37 | 38 | #### SECURITY HEADERS 39 | add_header X-Frame-Options SAMEORIGIN; 40 | add_header Strict-Transport-Security "max-age=31536000"; 41 | add_header X-Content-Type-Options nosniff; 42 | add_header X-XSS-Protection "1; mode=block"; 43 | add_header Referrer-Policy "same-origin"; 44 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 45 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 46 | 47 | } -------------------------------------------------------------------------------- /config/brolit/brolit_firewall_conf.json: -------------------------------------------------------------------------------- 1 | { 2 | "ufw": [ 3 | { 4 | "status": "enabled", 5 | "config": [ 6 | { 7 | "ssh": "allow", 8 | "http": "allow", 9 | "https": "allow", 10 | "81": "", 11 | "88": "", 12 | "465": "", 13 | "587": "", 14 | "2812": "", 15 | "3022": "", 16 | "3000": "", 17 | "8000": "", 18 | "8006": "", 19 | "8080": "", 20 | "8088": "", 21 | "9000": "", 22 | "9001": "", 23 | "9443": "", 24 | "19999": "" 25 | } 26 | ] 27 | } 28 | ], 29 | "fail2ban": [ 30 | { 31 | "status": "enabled", 32 | "config": [ 33 | { 34 | "bandtime": "600", 35 | "findtime": "600", 36 | "maxretry": "3", 37 | "ignoreip": [ 38 | "127.0.0.1", 39 | "" 40 | ], 41 | "destemail": "", 42 | "sendername": "Fail2Ban", 43 | "banaction": "iptables-multiport", 44 | "mta": "sendmail", 45 | "protocol": "tcp" 46 | } 47 | ] 48 | } 49 | ] 50 | } -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_mu_subdirectory.conf: -------------------------------------------------------------------------------- 1 | # WordPress multisite subdirectory rules. 2 | # Designed to be included in any server {} block. 3 | 4 | map $uri $blogname{ 5 | ~^(?P/[^/]+/)files/(.*) $blogpath ; 6 | } 7 | 8 | map $blogname $blogid{ 9 | default -999; 10 | 11 | #Ref: https://wordpress.org/extend/plugins/nginx-helper/ 12 | #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; 13 | } 14 | 15 | server { 16 | 17 | server_name domain.com ; 18 | 19 | root /var/www/domain.com/htdocs; 20 | index index.php; 21 | 22 | location ~ ^(/[^/]+/)?files/(.+) { 23 | try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ; 24 | access_log off; log_not_found off; expires max; 25 | } 26 | 27 | #avoid php readfile() 28 | location ^~ /blogs.dir { 29 | internal; 30 | alias /var/www/domain.com/htdocs/wp-content/blogs.dir ; 31 | access_log off; log_not_found off; expires max; 32 | } 33 | 34 | if (!-e $request_filename) { 35 | rewrite /wp-admin$ $scheme://$host$uri/ permanent; 36 | rewrite ^(/[^/]+)?(/wp-.*) $2 last; 37 | rewrite ^(/[^/]+)?(/.*\.php) $2 last; 38 | } 39 | 40 | location / { 41 | try_files $uri $uri/ /index.php?$args ; 42 | } 43 | 44 | location ~ \.php$ { 45 | try_files $uri =404; 46 | include fastcgi_params; 47 | fastcgi_pass php; 48 | } 49 | 50 | #add some rules for static content expiry-headers here 51 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/netdata_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | auth_basic "Protected"; 8 | auth_basic_user_file /etc/nginx/.passwords; 9 | 10 | access_log off; 11 | #error_log /var/log/nginx/domain.com.error.log error; 12 | 13 | location / { 14 | proxy_set_header X-Real-IP $remote_addr; 15 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 16 | proxy_set_header Host $host; 17 | proxy_set_header X-NginX-Proxy true; 18 | proxy_pass http://127.0.0.1:19999/; 19 | proxy_redirect http://127.0.0.1:19999/ https://$server_name/; 20 | } 21 | 22 | } 23 | server { 24 | 25 | listen 80; 26 | 27 | server_name localhost 127.0.0.1; 28 | 29 | access_log off; 30 | #error_log /var/log/nginx/php.error.log error; 31 | 32 | location /stub_status { 33 | stub_status on; 34 | #access_log off; 35 | #allow 127.0.0.1; 36 | #allow 138.201.174.125; 37 | #deny all; 38 | } 39 | location ~ ^/(status|ping)$ { 40 | #access_log off; 41 | #allow 127.0.0.1; 42 | #deny all; 43 | include /etc/nginx/fastcgi_params; 44 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 45 | fastcgi_index index.php; 46 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | root /var/www/domain.com; 5 | 6 | index index.php; 7 | server_name domain.com; 8 | 9 | # BROLIT_LOG_FILE 10 | error_log /var/log/nginx/domain.com-error.log; 11 | 12 | 13 | location / { 14 | try_files $uri $uri/ /index.php?q=$uri&$args; 15 | } 16 | 17 | # PHP-FPM 18 | location ~ \.php$ { 19 | include snippets/fastcgi-php.conf; 20 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 21 | fastcgi_buffering off; 22 | } 23 | 24 | # CORS headers 25 | location ~* \.(eot|otf|ttf|woff|woff2)$ { 26 | add_header Access-Control-Allow-Origin *; 27 | } 28 | 29 | ### INC 30 | #include /var/www/domain.com/nginx.conf; 31 | 32 | ### PERF 33 | gzip_static on; 34 | 35 | ### WP-SEC 36 | #include /etc/nginx/globals/wordpress_sec.conf; 37 | 38 | server_tokens off; 39 | 40 | #### SECURITY HEADERS 41 | add_header X-Frame-Options SAMEORIGIN; 42 | add_header Strict-Transport-Security "max-age=31536000"; 43 | add_header X-Content-Type-Options nosniff; 44 | add_header X-XSS-Protection "1; mode=block"; 45 | add_header Referrer-Policy "same-origin"; 46 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 47 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 48 | 49 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | server_name domain.com; 7 | 8 | root /var/www/root_domain.com; 9 | index index.php; 10 | 11 | error_log /var/log/nginx/root_domain.com-error.log; 12 | 13 | location / { 14 | try_files $uri $uri/ /index.php?q=$uri&$args; 15 | } 16 | 17 | location ~ \.php$ { 18 | include snippets/fastcgi-php.conf; 19 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 20 | fastcgi_buffering off; 21 | } 22 | 23 | ### INC 24 | #include /var/www/root_domain.com/nginx.conf; 25 | 26 | ### PERF 27 | gzip_static on; 28 | 29 | ### WP-SEC 30 | #include /etc/nginx/globals/wordpress_sec.conf; 31 | 32 | server_tokens off; 33 | 34 | #### SECURITY HEADERS 35 | add_header X-Frame-Options SAMEORIGIN; 36 | add_header Strict-Transport-Security "max-age=31536000"; 37 | add_header X-Content-Type-Options nosniff; 38 | add_header X-XSS-Protection "1; mode=block"; 39 | add_header Referrer-Policy "same-origin"; 40 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 41 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 42 | 43 | } 44 | 45 | server { 46 | 47 | listen 80; 48 | 49 | server_name root_domain.com; 50 | 51 | return 301 http://domain.com$request_uri; 52 | 53 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/other_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | 5 | listen 80; 6 | 7 | server_name domain.com; 8 | 9 | root /var/www/root_domain.com; 10 | 11 | index index.php index.html index.htm; 12 | 13 | error_log /var/log/nginx/root_domain.com-error.log; 14 | 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | location ~ \.php$ { 20 | include snippets/fastcgi-php.conf; 21 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 22 | fastcgi_buffering off; 23 | } 24 | 25 | ### INC 26 | #include /var/www/root_domain.com/nginx.conf; 27 | 28 | ### PERF 29 | gzip_static on; 30 | 31 | ### SEC 32 | #include /etc/nginx/globals/security.conf; 33 | 34 | server_tokens off; 35 | 36 | #### SECURITY HEADERS 37 | add_header X-Frame-Options SAMEORIGIN; 38 | add_header Strict-Transport-Security "max-age=31536000"; 39 | add_header X-Content-Type-Options nosniff; 40 | add_header X-XSS-Protection "1; mode=block"; 41 | add_header Referrer-Policy "same-origin"; 42 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 43 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 44 | 45 | } 46 | 47 | server { 48 | 49 | listen 80; 50 | 51 | server_name root_domain.com; 52 | 53 | return 301 http://domain.com$request_uri; 54 | 55 | } 56 | -------------------------------------------------------------------------------- /config/nginx/sites-available/php_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | 5 | listen 80; 6 | 7 | server_name domain.com; 8 | 9 | root /var/www/root_domain.com; 10 | 11 | index index.php; 12 | 13 | error_log /var/log/nginx/root_domain.com-error.log; 14 | 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | location ~ \.php$ { 20 | include snippets/fastcgi-php.conf; 21 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 22 | fastcgi_buffering off; 23 | } 24 | 25 | ### INC 26 | #include /var/www/root_domain.com/nginx.conf; 27 | 28 | ### PERF 29 | gzip_static on; 30 | 31 | ### SEC 32 | #include /etc/nginx/globals/security.conf; 33 | 34 | server_tokens off; 35 | 36 | #### SECURITY HEADERS 37 | add_header X-Frame-Options SAMEORIGIN; 38 | add_header Strict-Transport-Security "max-age=31536000"; 39 | add_header X-Content-Type-Options nosniff; 40 | add_header X-XSS-Protection "1; mode=block"; 41 | add_header Referrer-Policy "same-origin"; 42 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 43 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 44 | 45 | } 46 | 47 | server { 48 | 49 | listen 80; 50 | 51 | server_name root_domain.com; 52 | 53 | return 301 http://domain.com$request_uri; 54 | 55 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_multi_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | server_name www.domain.com; 7 | 8 | root /var/www/domain.com; 9 | index index.php; 10 | 11 | ### BROLIT_LOG_FILE 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | location / { 15 | try_files $uri $uri/ /index.php?q=$uri&$args; 16 | } 17 | 18 | location ~ \.php$ { 19 | include snippets/fastcgi-php.conf; 20 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 21 | fastcgi_buffering off; 22 | } 23 | 24 | ## INC 25 | #include /var/www/domain.com/nginx.conf; 26 | 27 | ### PERF 28 | gzip_static on; 29 | 30 | ### WP-SEC 31 | #include /etc/nginx/globals/wordpress_sec.conf; 32 | 33 | server_tokens off; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | } 45 | 46 | server { 47 | 48 | listen 80; 49 | 50 | server_name domain.com; 51 | 52 | return 301 http://www.domain.com$request_uri; 53 | 54 | } -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.3_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.3-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.3-amqp \ 9 | php8.3-ast \ 10 | php8.3-bcmath \ 11 | php8.3-bz2 \ 12 | php8.3-cgi \ 13 | php8.3-dba \ 14 | php8.3-gd \ 15 | php8.3-gmagick \ 16 | php8.3-gmp \ 17 | php8.3-grpc \ 18 | php8.3-http \ 19 | php8.3-igbinary \ 20 | php8.3-imagick \ 21 | php8.3-imap \ 22 | php8.3-inotify \ 23 | php8.3-interbase \ 24 | php8.3-intl \ 25 | php8.3-lz4 \ 26 | php8.3-mailparse \ 27 | php8.3-mcrypt \ 28 | php8.3-mysql \ 29 | php8.3-oauth \ 30 | php8.3-opentelemetry \ 31 | php8.3-raphf \ 32 | php8.3-redis \ 33 | php8.3-soap \ 34 | php8.3-solr \ 35 | php8.3-sqlite3 \ 36 | php8.3-ssh2 \ 37 | php8.3-tidy \ 38 | php8.3-uopz \ 39 | php8.3-uploadprogress \ 40 | php8.3-uuid \ 41 | php8.3-vips \ 42 | php8.3-xmlrpc \ 43 | php8.3-xsl \ 44 | php8.3-yac \ 45 | php8.3-yaml \ 46 | php8.3-zmq \ 47 | php8.3-zstd \ 48 | apt-get clean; \ 49 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 50 | 51 | COPY php-ini-overrides.ini /etc/php/8.3/fpm/conf.d/z-overrides.ini 52 | COPY opcache-prod.ini /etc/php/8.3/fpm/conf.d/z-opcache.ini 53 | COPY php-fpm-pool-prod.conf /etc/php/8.3/fpm/pool.d/z-optimised.conf 54 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.3_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.3-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.3-amqp \ 9 | php8.3-ast \ 10 | php8.3-bcmath \ 11 | php8.3-bz2 \ 12 | php8.3-cgi \ 13 | php8.3-dba \ 14 | php8.3-gd \ 15 | php8.3-gmagick \ 16 | php8.3-gmp \ 17 | php8.3-grpc \ 18 | php8.3-http \ 19 | php8.3-igbinary \ 20 | php8.3-imagick \ 21 | php8.3-imap \ 22 | php8.3-inotify \ 23 | php8.3-interbase \ 24 | php8.3-intl \ 25 | php8.3-lz4 \ 26 | php8.3-mailparse \ 27 | php8.3-mcrypt \ 28 | php8.3-mysql \ 29 | php8.3-oauth \ 30 | php8.3-opentelemetry \ 31 | php8.3-raphf \ 32 | php8.3-redis \ 33 | php8.3-soap \ 34 | php8.3-solr \ 35 | php8.3-sqlite3 \ 36 | php8.3-ssh2 \ 37 | php8.3-tidy \ 38 | php8.3-uopz \ 39 | php8.3-uploadprogress \ 40 | php8.3-uuid \ 41 | php8.3-vips \ 42 | php8.3-xmlrpc \ 43 | php8.3-xsl \ 44 | php8.3-yac \ 45 | php8.3-yaml \ 46 | php8.3-zmq \ 47 | php8.3-zstd \ 48 | apt-get clean; \ 49 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 50 | 51 | COPY php-ini-overrides.ini /etc/php/8.3/fpm/conf.d/z-overrides.ini 52 | COPY opcache-prod.ini /etc/php/8.3/fpm/conf.d/z-opcache.ini 53 | COPY php-fpm-pool-prod.conf /etc/php/8.3/fpm/pool.d/z-optimised.conf 54 | -------------------------------------------------------------------------------- /utils/installers_and_configurators.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | # Installers directory path 8 | installers_path="${BROLIT_MAIN_DIR}/utils/installers" 9 | 10 | # Source all installers 11 | installers="$(find "${installers_path}" -maxdepth 1 -name '*.sh' -type f -print)" 12 | for f in ${installers}; do source "${f}"; done 13 | 14 | ################################################################################ 15 | 16 | function installers_and_configurators() { 17 | 18 | local installer_options 19 | local installer_options_title 20 | local installer_type 21 | 22 | log_section "Installers and Configurators" 23 | 24 | installer_options_title="INSTALLERS AND CONFIGURATORS" 25 | 26 | installer_options=( 27 | "01)" "PHP-FPM" 28 | "02)" "NGINX" 29 | "03)" "MONIT" 30 | ) 31 | 32 | installer_type="$(whiptail --title "${installer_options_title}" --menu "\nPlease select the utility or programs you want to install or config: \n" 20 78 10 "${installer_options[@]}" 3>&1 1>&2 2>&3)" 33 | exitstatus=$? 34 | if [[ ${exitstatus} -eq 0 ]]; then 35 | 36 | if [[ ${installer_type} == *"01"* ]]; then 37 | php_installer_menu 38 | 39 | fi 40 | if [[ ${installer_type} == *"02"* ]]; then 41 | nginx_installer_menu 42 | 43 | fi 44 | if [[ ${installer_type} == *"03"* ]]; then 45 | monit_installer_menu 46 | 47 | fi 48 | 49 | prompt_return_or_finish 50 | installers_and_configurators 51 | 52 | fi 53 | 54 | menu_main_options 55 | 56 | } 57 | -------------------------------------------------------------------------------- /config/monit/system: -------------------------------------------------------------------------------- 1 | #System Monitoring 2 | 3 | #check system HOSTNAME 4 | # if memory usage > 80% for 2 cycles then alert 5 | # if cpu usage > 95% for 10 cycles then alert 6 | # if cpu usage (user) > 70% for 2 cycles then alert 7 | # if cpu usage (system) > 30% then alert 8 | # if cpu usage (wait) > 20% then alert 9 | # if loadavg (5min) > 4 for 2 cycles then alert 10 | # if swap usage > 5% then alert 11 | # if cpu usage > 95% for 10 cycles then alert 12 | # if swap usage > 25% then alert 13 | 14 | # Alert if low on disk space. 15 | check filesystem rootfs with path / 16 | if space usage > 60% then alert 17 | 18 | #Event queue 19 | set eventqueue 20 | basedir /var/lib/monit/events # set the base directory where events will be stored 21 | slots 100 # optionally limit the queue size 22 | 23 | #Mail settings 24 | set mail-format { 25 | from: NOTIFICATION_EMAIL_SMTP_USER 26 | subject: $HOST - Monit Alert: $EVENT 27 | message: $EVENT Service $SERVICE 28 | Date: $DATE 29 | Action: $ACTION 30 | Host: $HOST 31 | Description: $DESCRIPTION 32 | 33 | Monit } 34 | set mailserver NOTIFICATION_EMAIL_SMTP_SERVER port NOTIFICATION_EMAIL_SMTP_PORT 35 | username NOTIFICATION_EMAIL_SMTP_USER password "NOTIFICATION_EMAIL_SMTP_UPASS" 36 | using TLSV12 with timeout 30 seconds 37 | set alert NOTIFICATION_EMAIL_EMAIL_TO 38 | 39 | #http settings 40 | set httpd port 2812 address 0.0.0.0 # allow connections on all adapters 41 | -------------------------------------------------------------------------------- /config/brolit/brolit_project.json: -------------------------------------------------------------------------------- 1 | { 2 | "brolit_project_config_version": "1.4.0", 3 | "project": [ 4 | { 5 | "name": "", 6 | "stage": "", 7 | "type": "", 8 | "proxy_to_port": "", 9 | "primary_subdomain": "", 10 | "secondary_subdomains": [], 11 | "override_nginx_conf": "", 12 | "use_http2": "true", 13 | "ipv6_support": "false", 14 | "certbot_mode": "nginx", 15 | "files": [ 16 | { 17 | "status": "enabled", 18 | "config": [ 19 | { 20 | "path": "", 21 | "host": "localhost", 22 | "user": "", 23 | "pass": "", 24 | "git_repo": "", 25 | "git_branch": "", 26 | "git_user": "", 27 | "git_pass": "", 28 | "git_auto_pull_cron": "" 29 | } 30 | ] 31 | } 32 | ], 33 | "database": [ 34 | { 35 | "status": "enabled", 36 | "engine": "mysql", 37 | "config": [ 38 | { 39 | "name": "", 40 | "host": "localhost", 41 | "user": "", 42 | "pass": "" 43 | } 44 | ] 45 | } 46 | ] 47 | } 48 | ] 49 | } -------------------------------------------------------------------------------- /config/netdata/health.d/cpu.conf: -------------------------------------------------------------------------------- 1 | 2 | # you can disable an alarm notification by setting the 'to' line to: silent 3 | 4 | template: 10min_cpu_usage 5 | on: system.cpu 6 | class: Utilization 7 | type: System 8 | component: CPU 9 | os: linux 10 | hosts: * 11 | lookup: average -10m unaligned of user,system,softirq,irq,guest 12 | units: % 13 | every: 1m 14 | warn: $this > (($status >= $WARNING) ? (75) : (85)) 15 | crit: $this > (($status == $CRITICAL) ? (85) : (95)) 16 | delay: down 15m multiplier 1.5 max 1h 17 | info: average CPU utilization over the last 10 minutes (excluding iowait, nice and steal) 18 | to: sysadmin 19 | 20 | template: 10min_cpu_iowait 21 | on: system.cpu 22 | class: Utilization 23 | type: System 24 | component: CPU 25 | os: linux 26 | hosts: * 27 | lookup: average -10m unaligned of iowait 28 | units: % 29 | every: 1m 30 | warn: $this > (($status >= $WARNING) ? (20) : (40)) 31 | crit: $this > (($status == $CRITICAL) ? (40) : (50)) 32 | delay: down 15m multiplier 1.5 max 1h 33 | info: average CPU iowait time over the last 10 minutes 34 | to: sysadmin 35 | 36 | template: 20min_steal_cpu 37 | on: system.cpu 38 | class: Latency 39 | type: System 40 | component: CPU 41 | os: linux 42 | hosts: * 43 | lookup: average -20m unaligned of steal 44 | units: % 45 | every: 5m 46 | warn: $this > (($status >= $WARNING) ? (5) : (10)) 47 | crit: $this > (($status == $CRITICAL) ? (20) : (30)) 48 | delay: down 1h multiplier 1.5 max 2h 49 | info: average CPU steal time over the last 20 minutes 50 | to: sysadmin 51 | -------------------------------------------------------------------------------- /utils/installers/postgres_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function postgres_default_installer() { 8 | 9 | postgresql_bin="$(package_is_installed "postgresql")" 10 | 11 | exitstatus=$? 12 | if [ ${exitstatus} -eq 0 ]; then 13 | log_event "info" "Postgres is already installed" "false" 14 | return 1 15 | 16 | else 17 | 18 | log_subsection "Postgres Installer" 19 | 20 | apt-get --yes install postgresql postgresql-contrib -qq >/dev/null 21 | 22 | display --indent 6 --text "- Postgres default installation" --result "DONE" --color GREEN 23 | 24 | return 0 25 | 26 | fi 27 | 28 | } 29 | 30 | function postgres_purge_installation() { 31 | 32 | # Log 33 | display --indent 6 --text "- Purging MySQL packages" 34 | log_event "info" "Purging postgresql-* packages ..." "false" 35 | 36 | # Apt 37 | apt-get --yes purge postgresql postgresql-common postgresql-contrib -qq >/dev/null 38 | 39 | # Remove old packages 40 | packages_remove_old 41 | 42 | # Log 43 | clear_previous_lines "1" 44 | display --indent 6 --text "- Purging Postgres packages" --result "DONE" --color GREEN 45 | log_event "info" "postgresql packages purged" "false" 46 | 47 | } 48 | 49 | function postgres_check_if_installed() { 50 | 51 | POSTGRES="$(which psql)" 52 | if [[ ! -x "${POSTGRES}" ]]; then 53 | postgres_installed="false" 54 | fi 55 | 56 | } 57 | 58 | function postgres_check_installed_version() { 59 | 60 | psql --version | awk '{ print $5 }' | awk -F\, '{ print $1 }' 61 | 62 | } 63 | -------------------------------------------------------------------------------- /tests/test_php_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_php_helper_funtions() { 8 | 9 | test_php_set_version_on_config 10 | test_php_opcode_config 11 | 12 | } 13 | 14 | function test_php_set_version_on_config() { 15 | 16 | local current_phpv 17 | 18 | log_subsection "Test: php_set_version_on_config" 19 | 20 | # test file 21 | cp "${BROLIT_MAIN_DIR}/config/nginx/sites-available/wordpress_single" "/etc/nginx/sites-available/domain.com.conf" 22 | 23 | php_set_version_on_config "7.4" "/etc/nginx/sites-available/domain.com.conf" 24 | 25 | current_phpv=$(nginx_server_get_current_phpv "/etc/nginx/sites-available/domain.com.conf") 26 | if [[ ${current_phpv} = "7.4" ]]; then 27 | display --indent 6 --text "- php_set_version_on_config result ${current_phpv}" --result "PASS" --color WHITE 28 | else 29 | display --indent 6 --text "- php_set_version_on_config" --result "FAIL" --color RED 30 | display --indent 6 --text "current_phpv: ${current_phpv}" --tcolor RED 31 | fi 32 | 33 | # Clean 34 | rm "/etc/nginx/sites-available/domain.com.conf" 35 | 36 | } 37 | 38 | function test_php_opcode_config() { 39 | 40 | log_subsection "Test: php_opcode_config" 41 | 42 | cp "/etc/php/7.4/fpm/php.ini" "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" 43 | php_opcode_config "enable" "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" 44 | 45 | cp "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" "${BROLIT_MAIN_DIR}/tmp/php_op2.ini" 46 | php_opcode_config "disable" "${BROLIT_MAIN_DIR}/tmp/php_op2.ini" 47 | 48 | } 49 | -------------------------------------------------------------------------------- /utils/installers/redis_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | function redis_installer() { 8 | 9 | log_subsection "Redis Installer" 10 | 11 | # Install redis 12 | package_install "redis" 13 | package_install "redis-server" 14 | 15 | systemctl enable redis-server.service --quiet 16 | 17 | # Creating config file 18 | cp "${BROLIT_MAIN_DIR}/config/redis/redis.conf" "/etc/redis/redis.conf" 19 | 20 | # Service restart 21 | service redis-server restart 22 | 23 | } 24 | 25 | function redis_configure() { 26 | 27 | local redis_conf 28 | local redis_pass 29 | 30 | redis_conf="/etc/redis/redis.conf" 31 | 32 | redis_pass="$(openssl rand 10 | openssl base64 -A)" 33 | 34 | # Write redis_pass on redis.conf 35 | sed -i "s/TO_CHANGE/${redis_pass}/g" "${redis_conf}" 36 | 37 | # Log 38 | log_event "info" "Configuring redis-server" "false" 39 | log_event "info" "Redis server config on ${redis_conf}" "false" 40 | display --indent 6 --text "- Configuring redis-server" --result "DONE" --color GREEN 41 | display --indent 8 --text "Password set on ${redis_conf}" --tcolor yellow 42 | 43 | # Service restart 44 | service redis-server restart 45 | 46 | } 47 | 48 | function redis_purge() { 49 | 50 | local redis_conf 51 | 52 | log_subsection "Redis Installer" 53 | 54 | # Remove redis.conf 55 | redis_conf="/etc/redis/redis.conf" 56 | rm "${redis_conf}" 57 | 58 | # Remove packages 59 | package_purge "redis" 60 | package_purge "redis-server" 61 | package_purge "redis-tools" 62 | 63 | return $? 64 | 65 | } 66 | -------------------------------------------------------------------------------- /config/nginx/globals/logs.conf: -------------------------------------------------------------------------------- 1 | log_format main '$remote_addr - $remote_user [$time_local] ' 2 | '"$request" $status $body_bytes_sent "$http_referer" ' 3 | '"$http_user_agent" "$http_x_forwarded_for"'; 4 | # access_log /var/log/nginx/access.log main; 5 | 6 | log_format netdata '$remote_addr - $remote_user [$time_local] ' 7 | '"$request" $status $body_bytes_sent ' 8 | '$request_length $request_time $upstream_response_time ' 9 | '"$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; 10 | # access_log /var/log/nginx/access.log netdata; 11 | 12 | ## cache is just a copy of netdata 13 | log_format cache '$remote_addr - $remote_user [$time_local] ' 14 | '"$request" $status $body_bytes_sent ' 15 | '$request_length $request_time $upstream_response_time ' 16 | '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" $upstream_cache_status'; 17 | # access_log /var/log/nginx/access.log cache; 18 | 19 | ## debug log to catch browser capabilities for webp/jxr 20 | log_format accept 21 | '$remote_addr [$time_local] ' 22 | '"$uri" $status "$http_user_agent" "$http_accept"'; 23 | # access_log /var/log/nginx/access.log accept; 24 | 25 | ## https://kx.cloudingenium.com/technologies/web/nginx/measure-nginx-cache-performance-using-upstream_cache_status-custom-cache-log/ 26 | # log_format cache '$remote_addr – $upstream_cache_status [$time_local] $status ' 27 | # '"$request" $body_bytes_sent "$http_referer"' 28 | # '"$http_user_agent" - "$cookie_nocache" – "$arg_nocache" – "$arg_comment" – "$http_pragma" – "$http_authorization" – "$skip_cache"'; 29 | # access_log /var/log/nginx/access.log cache; 30 | 31 | error_log /var/log/nginx/error.log info; ## [ debug | info | notice | warn | error | crit ] 32 | access_log /var/log/nginx/access.log netdata; -------------------------------------------------------------------------------- /config/borg/borgmatic.template-default.yml: -------------------------------------------------------------------------------- 1 | constants: 2 | 3 | # Project & Hostname 4 | project: project_domain # e.g: gauchocode.com 5 | group: group_server # e.g: gauchocode-hosts 6 | hostname: hostname_server # e.g: gauchocode-docker-host03 7 | 8 | # Servers 9 | user_1: user_1 10 | server_1: server_or_ip_1 11 | port_1: port_1 12 | 13 | user_2: user_2 14 | server_2: server_or_ip_2 15 | port_2: port_2 16 | 17 | # List of source directories and files to back up. Globs and tildes 18 | # are expanded. Do not backslash spaces in path names. 19 | source_directories: 20 | - /var/www/{project} 21 | 22 | exclude_patterns: 23 | - '*.o' 24 | - '*.log' 25 | - '*.tmp' 26 | - '*.cache' 27 | - '*.git' 28 | # - '*.pyc' 29 | # - /home/*/.cache 30 | # - '*/.vim*.tmp' 31 | 32 | archive_name_format: '{project}_site-files-{now:%Y-%m-%dT%H:%M:%S}' 33 | 34 | # Keep all archives within this time interval. 35 | keep_within: 1m # 1 month of backup 36 | 37 | # Number of secondly archives to keep. 38 | # keep_secondly: 60 39 | 40 | # Number of minutely archives to keep. 41 | # keep_minutely: 60 42 | 43 | # Number of hourly archives to keep. 44 | # keep_hourly: 24 45 | 46 | # Number of daily archives to keep. 47 | # keep_daily: 7 48 | 49 | # Number of weekly archives to keep. 50 | # keep_weekly: 4 51 | 52 | # Number of monthly archives to keep. 53 | keep_monthly: 6 54 | 55 | # Number of yearly archives to keep. 56 | keep_yearly: 1 57 | 58 | checks: 59 | - name: archives 60 | - name: repository 61 | frequency: 2 weeks 62 | 63 | check_last: 3 64 | 65 | before_backup: 66 | - echo "Starting backup" 67 | 68 | after_backup: 69 | - echo "Backup completed!" 70 | 71 | on_error: 72 | - echo Error during create/prune/compact/check. 73 | -------------------------------------------------------------------------------- /tests/test_mail_functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_mail_certificates_section() { 8 | 9 | local email_subject 10 | local email_content 11 | 12 | log_subsection "Test: test_mail_certificates_section" 13 | 14 | mail_certificates_section 15 | 16 | CERT_MAIL="${BROLIT_TMP_DIR}/cert-${NOW}.mail" 17 | CERT_MAIL_VAR=$(<"${CERT_MAIL}") 18 | 19 | # Preparing email to send 20 | log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_EMAIL_TO} ..." "false" 21 | 22 | email_subject="${STATUS_ICON_D} [${NOWDISPLAY}] - Cert Expiration Info on ${SERVER_NAME}" 23 | email_content="${HTMLOPEN} ${BODY_SRV} ${CERT_MAIL_VAR} ${MAIL_FOOTER}" 24 | 25 | # Sending email notification 26 | mail_send_notification "${email_subject}" "${email_content}" 27 | 28 | clear_previous_lines "1" 29 | display --indent 6 --text "- test_mail_certificates_section" --result "DONE" --color WHITE 30 | 31 | } 32 | 33 | function test_mail_package_section() { 34 | 35 | log_subsection "Test: test_mail_package_section" 36 | 37 | # Compare package versions 38 | mail_package_status_section 39 | 40 | # Preparing email to send 41 | log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_EMAIL_TO} ..." "false" 42 | 43 | email_subject="${EMAIL_STATUS} [${NOWDISPLAY}] Packages Status Info on ${SERVER_NAME}" 44 | email_content="${HTMLOPEN} ${BODY_SRV} ${PKG_MAIL_VAR} ${MAIL_FOOTER}" 45 | 46 | # Sending email notification 47 | mail_send_notification "${email_subject}" "${email_content}" 48 | 49 | clear_previous_lines "1" 50 | display --indent 6 --text "- test_mail_package_section" --result "DONE" --color WHITE 51 | 52 | } -------------------------------------------------------------------------------- /libs/notification_controller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | # 7 | # Notification Controller: Send notification to configured apps. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Send Notification: send notification to configured apps. 13 | # 14 | # Arguments: 15 | # ${1} = {notification_title} 16 | # ${2} = {notification_content} 17 | # ${3} = {notification_type} - Options: "alert", "info", "success" 18 | # 19 | # Outputs: 20 | # 0 if it utils were installed, 1 on error. 21 | ################################################################################ 22 | 23 | function send_notification() { 24 | 25 | local notification_title="${1}" 26 | local notification_content="${2}" 27 | local notification_type="${3}" 28 | 29 | log_subsection "Notifications" 30 | 31 | if [[ ${NOTIFICATION_TELEGRAM_STATUS} == "enabled" ]]; then 32 | 33 | telegram_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 34 | 35 | fi 36 | 37 | if [[ ${NOTIFICATION_DISCORD_STATUS} == "enabled" ]]; then 38 | 39 | discord_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 40 | 41 | fi 42 | 43 | if [[ ${NOTIFICATION_EMAIL_STATUS} == "enabled" ]]; then 44 | 45 | mail_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 46 | 47 | fi 48 | 49 | if [[ ${NOTIFICATION_NTFY_STATUS} == "enabled" ]]; then 50 | 51 | ntfy_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 52 | 53 | fi 54 | 55 | } 56 | -------------------------------------------------------------------------------- /config/nginx/sites-available/proxy_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | # Log 8 | access_log off; 9 | error_log /var/log/nginx/domain.com.error.log; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | 16 | proxy_pass http://127.0.0.1:PROXY_PORT; 17 | 18 | proxy_http_version 1.1; 19 | proxy_redirect off; 20 | 21 | #### PROXY HEADERS 22 | proxy_set_header Host $host; # required for docker client's sake 23 | proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | proxy_set_header X-Forwarded-Host $server_name; 26 | proxy_set_header X-Forwarded-Proto https; 27 | proxy_set_header Upgrade $http_upgrade; 28 | proxy_set_header Connection "upgrade"; 29 | 30 | #proxy_pass_header Access-Control-Allow-Origin; 31 | #proxy_pass_header Access-Control-Allow-Methods; 32 | #proxy_pass_header Access-Control-Allow-Headers; 33 | 34 | #### SECURITY HEADERS 35 | add_header X-Frame-Options SAMEORIGIN; 36 | add_header Strict-Transport-Security "max-age=31536000"; 37 | add_header X-Content-Type-Options nosniff; 38 | add_header X-XSS-Protection "1; mode=block"; 39 | add_header Referrer-Policy "same-origin"; 40 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 41 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 42 | 43 | proxy_read_timeout 86400; 44 | 45 | } 46 | 47 | } -------------------------------------------------------------------------------- /utils/environment_manager.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.6 5 | ################################################################################ 6 | # 7 | # Environment Manager: Main menu for managing host and Docker environments. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Environment Manager Main Menu 13 | # 14 | # Arguments: 15 | # none 16 | # 17 | # Outputs: 18 | # nothing 19 | ################################################################################ 20 | 21 | function environment_manager_menu() { 22 | 23 | local env_manager_options 24 | local chosen_env_manager_option 25 | 26 | log_section "Environment Manager" 27 | 28 | env_manager_options=( 29 | "01)" "HOST ENVIRONMENT" 30 | "02)" "DOCKER CONTAINERS" 31 | ) 32 | 33 | chosen_env_manager_option="$(whiptail --title "ENVIRONMENT MANAGER" --menu "\nSelect environment to manage:\n" 20 78 10 "${env_manager_options[@]}" 3>&1 1>&2 2>&3)" 34 | 35 | exitstatus=$? 36 | if [[ ${exitstatus} -eq 0 ]]; then 37 | 38 | # HOST ENVIRONMENT 39 | if [[ ${chosen_env_manager_option} == *"01"* ]]; then 40 | # shellcheck source=${BROLIT_MAIN_DIR}/utils/environment_manager_host.sh 41 | source "${BROLIT_MAIN_DIR}/utils/environment_manager_host.sh" 42 | environment_manager_host_menu 43 | fi 44 | 45 | # DOCKER CONTAINERS 46 | if [[ ${chosen_env_manager_option} == *"02"* ]]; then 47 | # shellcheck source=${BROLIT_MAIN_DIR}/utils/environment_manager_docker.sh 48 | source "${BROLIT_MAIN_DIR}/utils/environment_manager_docker.sh" 49 | environment_manager_docker_menu 50 | fi 51 | 52 | # Return to this menu 53 | prompt_return_or_finish 54 | environment_manager_menu 55 | 56 | fi 57 | 58 | # Return to main menu 59 | menu_main_options 60 | 61 | } 62 | -------------------------------------------------------------------------------- /tests/test_borg_restore_fix.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test script for Borg restore fix 4 | # This script tests the corrected Borg restore functionality 5 | # 6 | 7 | # Source the main brolit configuration 8 | source "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" 9 | 10 | # Source the borg storage controller 11 | source "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" 12 | 13 | function test_mount_storage_box() { 14 | echo "Testing mount_storage_box function..." 15 | 16 | # Test with a dummy directory 17 | local test_dir="/tmp/test_storage_box" 18 | mkdir -p "${test_dir}" 19 | 20 | # This should fail gracefully since we don't have real Borg config 21 | mount_storage_box "${test_dir}" 22 | 23 | # Clean up 24 | rm -rf "${test_dir}" 25 | 26 | echo "Test completed." 27 | } 28 | 29 | function test_generate_tar_and_decompress() { 30 | echo "Testing generate_tar_and_decompress function..." 31 | 32 | # Test with dummy parameters 33 | local test_archive="test_archive" 34 | local test_domain="test.example.com" 35 | local test_install_type="default" 36 | local test_hostname="test-server" 37 | 38 | # This should fail gracefully since we don't have real Borg repository 39 | generate_tar_and_decompress "${test_archive}" "${test_domain}" "${test_install_type}" "${test_hostname}" 40 | 41 | echo "Test completed." 42 | } 43 | 44 | function test_restore_project_with_borg() { 45 | echo "Testing restore_project_with_borg function..." 46 | 47 | # Test with dummy hostname 48 | local test_hostname="test-server" 49 | 50 | # This should fail gracefully since we don't have real Borg setup 51 | restore_project_with_borg "${test_hostname}" 52 | 53 | echo "Test completed." 54 | } 55 | 56 | # Main test execution 57 | echo "Running Borg restore fix tests..." 58 | 59 | test_mount_storage_box 60 | test_generate_tar_and_decompress 61 | test_restore_project_with_borg 62 | 63 | echo "All tests completed successfully!" 64 | -------------------------------------------------------------------------------- /config/nginx/sites-available/proxy_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | # Log 8 | access_log off; 9 | error_log /var/log/nginx/domain.com.error.log; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | 16 | proxy_pass http://127.0.0.1:PROXY_PORT; 17 | 18 | proxy_http_version 1.1; 19 | proxy_redirect off; 20 | 21 | #### PROXY HEADERS 22 | proxy_set_header Host $host; # required for docker client's sake 23 | proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | proxy_set_header X-Forwarded-Host $server_name; 26 | proxy_set_header X-Forwarded-Proto https; 27 | proxy_set_header Upgrade $http_upgrade; 28 | proxy_set_header Connection "upgrade"; 29 | 30 | #proxy_pass_header Access-Control-Allow-Origin; 31 | #proxy_pass_header Access-Control-Allow-Methods; 32 | #proxy_pass_header Access-Control-Allow-Headers; 33 | 34 | #### SECURITY HEADERS 35 | add_header X-Frame-Options SAMEORIGIN; 36 | add_header Strict-Transport-Security "max-age=31536000"; 37 | add_header X-Content-Type-Options nosniff; 38 | add_header X-XSS-Protection "1; mode=block"; 39 | add_header Referrer-Policy "same-origin"; 40 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 41 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 42 | 43 | proxy_read_timeout 86400; 44 | 45 | } 46 | 47 | } 48 | server { 49 | 50 | listen 80; 51 | 52 | server_name root_domain.com; 53 | 54 | return 301 http://domain.com$request_uri; 55 | 56 | } -------------------------------------------------------------------------------- /tests/test_display_functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_display_functions() { 8 | 9 | test_display 10 | test_string_remove_color_chars 11 | 12 | } 13 | 14 | function test_display() { 15 | 16 | log_subsection "Testing display 1" 17 | 18 | display --indent 6 --text "- Testing message DONE" --result "DONE" --color WHITE 19 | display --indent 6 --text "- Testing message WARNING" --result "WARNING" --color YELLOW 20 | display --indent 6 --text "- Testing message ERROR" --result "ERROR" --color RED 21 | display --indent 8 --text "Testing output ERROR" --tcolor RED 22 | 23 | log_subsection "Testing display 2" 24 | 25 | display --indent 6 --text "- Testing message with color" --result "DONE" --color WHITE 26 | display --indent 8 --text "Testing output DONE" --tcolor WHITE --tstyle CURSIVE 27 | display --indent 6 --text "- Testing message with color" --result "DONE" --color WHITE 28 | display --indent 8 --text "Testing output WHITE in ITALIC" --tcolor WHITE --tstyle ITALIC 29 | display --indent 6 --text "- Testing message with color" --result "WARNING" --color YELLOW 30 | display --indent 8 --text "Testing output WARNING" --tcolor YELLOW 31 | 32 | log_subsection "Testing display with spinner" 33 | 34 | spinner_start "Testing spinner for 3 seconds" 35 | sleep 3 36 | spinner_stop $? 37 | display --indent 6 --text "- Testing spinner" --result "DONE" --color WHITE 38 | 39 | } 40 | 41 | function test_string_remove_color_chars() { 42 | 43 | # Test 1 44 | message1="${YELLOW}- Testing colored message${ENDCOLOR}" 45 | echo "${message1}" 46 | colored_test_1=$(_string_remove_color_chars "${message1}") 47 | echo "${colored_test_1}" 48 | 49 | # Test 2 50 | message2="- Testing message with colored ${YELLOW}word${ENDCOLOR}" 51 | echo "${message2}" 52 | colored_test_2=$(_string_remove_color_chars "${message2}") 53 | echo "${colored_test_2}" 54 | 55 | } 56 | -------------------------------------------------------------------------------- /libs/apps/ftp_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | # 7 | # SFTP Local Helper: Local sftp configuration functions 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Download from ftp 13 | # 14 | # Arguments: 15 | # ${1} = ftp_ip 16 | # ${2} = ftp_path 17 | # ${3} = ftp_user 18 | # ${4} = ftp_pass 19 | # 20 | # Outputs: 21 | # 0 if ok, 1 on error. 22 | ################################################################################ 23 | 24 | function ftp_download() { 25 | 26 | local ftp_ip="${1}" 27 | local ftp_path="${2}" 28 | local ftp_user="${3}" 29 | local ftp_pass="${4}" 30 | local local_directory="${5}" 31 | #local excluded_dirs="${6}" 32 | 33 | log_event "debug" "Running: wget -r -l 0 --reject=log,.ftpquota ftp://${ftp_ip}/${ftp_path} --ftp-user=\"${ftp_user}\" --ftp-password=\"${ftp_pass}\" -nH --cut-dirs=1 --directory-prefix=\"${local_directory}\"" "false" 34 | 35 | # wget -r -l 0 --reject=log,.ftpquota --exclude-directories=/public_html/cgi-bin,/public_html/.well-known ftp://"${ftp_ip}/${ftp_path}" --ftp-user="${ftp_user}" --ftp-password="${ftp_pass}" -nH --cut-dirs=1 36 | wget -r -l 0 --reject="log,.ftpquota" ftp://"${ftp_ip}/${ftp_path}" --ftp-user="${ftp_user}" --ftp-password="${ftp_pass}" -nH --cut-dirs=1 --directory-prefix="${local_directory}" 37 | 38 | exitstatus=$? 39 | if [[ ${exitstatus} -eq 0 ]]; then 40 | 41 | # Log 42 | log_event "info" "Download from FTP server done." "false" 43 | display --indent 6 --text "- Downloading from FTP" --result "DONE" --color GREEN 44 | 45 | return 0 46 | 47 | else 48 | 49 | # Log 50 | log_event "error" "Failed to download from FTP server." "false" 51 | display --indent 6 --text "- Downloading from FTP" --result "FAIL" --color RED 52 | 53 | return 1 54 | 55 | fi 56 | 57 | } 58 | -------------------------------------------------------------------------------- /tests/test_borg_connectivity_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test script for Borg server connectivity check 4 | # This script tests the new check_borg_server_connectivity function 5 | # 6 | 7 | # Source the main brolit configuration 8 | if [[ -f "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" ]]; then 9 | source "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" 10 | else 11 | echo "ERROR: brolit_configuration_manager.sh not found" 12 | exit 1 13 | fi 14 | 15 | # Source the borg storage controller 16 | if [[ -f "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" ]]; then 17 | source "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" 18 | else 19 | echo "ERROR: borg_storage_controller.sh not found" 20 | exit 1 21 | fi 22 | 23 | function test_connectivity_check() { 24 | echo "Testing Borg server connectivity check..." 25 | 26 | # Enable debug mode 27 | DEBUG="true" 28 | 29 | echo "=== Current Borg Configuration ===" 30 | echo "BACKUP_BORG_STATUS: ${BACKUP_BORG_STATUS}" 31 | echo "BACKUP_BORG_GROUP: ${BACKUP_BORG_GROUP}" 32 | echo "Number of servers: ${#BACKUP_BORG_USERS[@]}" 33 | 34 | for i in "${!BACKUP_BORG_USERS[@]}"; do 35 | echo "Server ${i}: ${BACKUP_BORG_USERS[$i]}@${BACKUP_BORG_SERVERS[$i]}:${BACKUP_BORG_PORTS[$i]}" 36 | done 37 | 38 | echo "" 39 | echo "Running connectivity check..." 40 | echo "" 41 | 42 | # Run the connectivity check 43 | check_borg_server_connectivity 44 | 45 | local result=$? 46 | echo "" 47 | echo "Connectivity check returned: ${result}" 48 | 49 | if [ ${result} -eq 0 ]; then 50 | echo "✅ All servers are reachable" 51 | else 52 | echo "⚠️ Some servers have connectivity issues" 53 | fi 54 | 55 | echo "Test completed." 56 | } 57 | 58 | # Main test execution 59 | echo "Running Borg connectivity check test..." 60 | echo "BROLIT_MAIN_DIR: ${BROLIT_MAIN_DIR}" 61 | echo "Current working directory: $(pwd)" 62 | echo "" 63 | 64 | # Run the test 65 | test_connectivity_check 66 | 67 | echo "" 68 | echo "Connectivity check test completed!" 69 | echo "Check the logs and notifications for detailed results." 70 | -------------------------------------------------------------------------------- /config/nginx/globals/cache_aggressive.conf: -------------------------------------------------------------------------------- 1 | # BEGIN Browser Cache 2 | gzip on; 3 | gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon application/json application/vnd.ms-access video/webm application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint image/svg+xml application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel; 4 | location ~ \.(css|htc|less|js|js2|js3|js4)$ { 5 | expires 31536000s; 6 | etag on; 7 | if_modified_since exact; 8 | add_header Pragma "public"; 9 | add_header Cache-Control "public"; 10 | add_header Referrer-Policy "no-referrer-when-downgrade"; 11 | try_files $uri $uri/ /index.php?$args; 12 | } 13 | location ~ \.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$ { 14 | expires 86400s; 15 | etag on; 16 | if_modified_since exact; 17 | add_header Pragma "public"; 18 | add_header Cache-Control "public"; 19 | add_header Referrer-Policy "no-referrer-when-downgrade"; 20 | try_files $uri $uri/ /index.php?$args; 21 | } 22 | location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ { 23 | expires 31536000s; 24 | etag on; 25 | if_modified_since exact; 26 | add_header Pragma "public"; 27 | add_header Cache-Control "public"; 28 | add_header Referrer-Policy "no-referrer-when-downgrade"; 29 | try_files $uri $uri/ /index.php?$args; 30 | } 31 | add_header Referrer-Policy "no-referrer-when-downgrade"; 32 | # END Browser Cache -------------------------------------------------------------------------------- /tests/test_json_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | 7 | function test_json_helper_funtions() { 8 | 9 | local brolit_config="assets/brolit_conf.json" 10 | 11 | NETDATA_CONFIG_STATUS="$(json_read_field "${brolit_config}" "SUPPORT.netdata[].status")" 12 | 13 | echo "NETDATA_CONFIG_STATUS=${NETDATA_CONFIG_STATUS}" 14 | 15 | json_write_field "${brolit_config}" "SUPPORT.netdata[].status" "enabled" 16 | 17 | NETDATA_CONFIG_STATUS="$(json_read_field "${brolit_config}" "SUPPORT.netdata[].status")" 18 | 19 | echo "NETDATA_CONFIG_STATUS=${NETDATA_CONFIG_STATUS}" 20 | 21 | if [[ "${NETDATA_CONFIG_STATUS}" == "enabled" ]]; then 22 | echo "PASSED" 23 | else 24 | echo "FAILED" 25 | fi 26 | 27 | #MONIT_CONFIG_SERVICES="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services")" 28 | 29 | #echo "MONIT_CONFIG_SERVICES=${MONIT_CONFIG_SERVICES}" 30 | 31 | MONIT_CONFIG_SERVICES_REDIS="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis")" 32 | 33 | echo "MONIT_CONFIG_SERVICES_REDIS=${MONIT_CONFIG_SERVICES_REDIS}" 34 | 35 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis" "enabled" 36 | 37 | MONIT_CONFIG_SERVICES_REDIS="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis")" 38 | 39 | echo "MONIT_CONFIG_SERVICES_REDIS=${MONIT_CONFIG_SERVICES_REDIS}" 40 | 41 | if [[ "${MONIT_CONFIG_SERVICES_REDIS}" == "enabled" ]]; then 42 | echo "PASSED" 43 | else 44 | echo "FAILED" 45 | fi 46 | 47 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[]" "\"test\": \"disabled\"" 48 | 49 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].test" "enabled" 50 | 51 | MONIT_CONFIG_SERVICES_TEST="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].test")" 52 | 53 | if [[ "${MONIT_CONFIG_SERVICES_TEST}" == "enabled" ]]; then 54 | echo "PASSED" 55 | else 56 | echo "FAILED" 57 | fi 58 | 59 | } 60 | -------------------------------------------------------------------------------- /config/mysql/tunned.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | 3 | # InnoDB Settings 4 | default_storage_engine = InnoDB 5 | innodb_buffer_pool_instances = 2 # Use 1 instance per 1GB of InnoDB pool size 6 | innodb_buffer_pool_size = 2G # Use up to 70-80% of RAM & optionally check if /proc/sys/vm/swappiness is set to 0 7 | innodb_file_per_table = 1 8 | innodb_flush_log_at_trx_commit = 0 9 | innodb_flush_method = O_DIRECT 10 | innodb_log_buffer_size = 16M 11 | innodb_log_file_size = 512M 12 | innodb_stats_on_metadata = 0 13 | 14 | #innodb_temp_data_file_path = ibtmp1:64M:autoextend:max:20G # Control the maximum size for the ibtmp1 file 15 | #innodb_thread_concurrency = 4 # Optional: Set to the number of CPUs on your system (minus 1 or 2) to better 16 | # contain CPU usage. E.g. if your system has 8 CPUs, try 6 or 7 and check 17 | # the overall load produced by MySQL/MariaDB. 18 | innodb_read_io_threads = 64 19 | innodb_write_io_threads = 64 20 | 21 | # MyISAM Settings 22 | query_cache_limit = 4M # UPD - Option supported up to MySQL v5.7 23 | query_cache_size = 48M # UPD - Option supported up to MySQL v5.7 24 | query_cache_type = 1 # Option supported up to MySQL v5.7 25 | 26 | key_buffer_size = 48M # UPD 27 | 28 | low_priority_updates = 1 29 | concurrent_insert = 2 30 | 31 | # Connection Settings 32 | max_connections = 100 # UPD 33 | 34 | back_log = 512 35 | thread_cache_size = 100 36 | thread_stack = 192K 37 | 38 | interactive_timeout = 180 39 | wait_timeout = 180 40 | 41 | # Buffer Settings 42 | join_buffer_size = 4M # UPD 43 | read_buffer_size = 3M # UPD 44 | read_rnd_buffer_size = 4M # UPD 45 | sort_buffer_size = 4M # UPD 46 | 47 | max_heap_table_size = 128M 48 | tmp_table_size = 128M 49 | 50 | # Search Settings 51 | ft_min_word_len = 3 # Minimum length of words to be indexed for search results 52 | -------------------------------------------------------------------------------- /config/nginx/sites-available/zabbix_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /usr/share/zabbix; 8 | 9 | index index.php; 10 | 11 | location = /favicon.ico { 12 | log_not_found off; 13 | } 14 | 15 | location / { 16 | try_files $uri $uri/ =404; 17 | } 18 | 19 | location /assets { 20 | access_log off; 21 | expires 10d; 22 | } 23 | 24 | location ~ /\.ht { 25 | deny all; 26 | } 27 | 28 | location ~ /(api\/|conf[^\.]|include|locale) { 29 | deny all; 30 | return 404; 31 | } 32 | 33 | location /vendor { 34 | deny all; 35 | return 404; 36 | } 37 | 38 | location ~ [^/]\.php(/|$) { 39 | fastcgi_pass unix:/var/run/php/zabbix.sock; 40 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 41 | fastcgi_index index.php; 42 | 43 | fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; 44 | fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; 45 | fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; 46 | 47 | include fastcgi_params; 48 | fastcgi_param QUERY_STRING $query_string; 49 | fastcgi_param REQUEST_METHOD $request_method; 50 | fastcgi_param CONTENT_TYPE $content_type; 51 | fastcgi_param CONTENT_LENGTH $content_length; 52 | 53 | fastcgi_intercept_errors on; 54 | fastcgi_ignore_client_abort off; 55 | fastcgi_connect_timeout 60; 56 | fastcgi_send_timeout 180; 57 | fastcgi_read_timeout 180; 58 | fastcgi_buffer_size 128k; 59 | fastcgi_buffers 4 256k; 60 | fastcgi_busy_buffers_size 256k; 61 | fastcgi_temp_file_write_size 256k; 62 | } 63 | 64 | } 65 | -------------------------------------------------------------------------------- /templates/emails/default/main-tpl.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | BROLIT BACKUP 8 | 9 | 53 | 54 | 55 | 56 | 57 | 58 |
60 | 61 |
62 | 63 |
64 | 65 | 66 | {{server_info}} 67 | 68 | 69 | {{packages_section}} 70 | 71 | 72 | {{certificates_section}} 73 | 74 | 75 | {{configs_backup_section}} 76 | 77 | 78 | {{databases_backup_section}} 79 | 80 | 81 | {{files_backup_section}} 82 | 83 | 84 | {{footer}} 85 | 86 |
87 | 88 |
89 | 90 |
91 | 92 | -------------------------------------------------------------------------------- /cron/optimizer_tasks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | ### Main dir check 8 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 9 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BROLIT_MAIN_DIR}")" && pwd) 10 | if [[ -z "${BROLIT_MAIN_DIR}" ]]; then 11 | exit 1 # error; the path is not accessible 12 | fi 13 | 14 | # shellcheck source=${BROLIT_MAIN_DIR}/libs/commons.sh 15 | source "${BROLIT_MAIN_DIR}/libs/commons.sh" 16 | 17 | ################################################################################ 18 | 19 | # Script Initialization 20 | script_init "true" 21 | 22 | # Running from cron 23 | log_event "info" "Running optimizer_tasks.sh from cron ..." "false" 24 | 25 | # If NETDATA is installed, disabled alarms 26 | if [[ ${PACKAGES_NETDATA_STATUS} == "enabled" ]]; then 27 | netdata_alerts_disable 28 | fi 29 | 30 | # Running scripts 31 | # optimize_images_complete with defaults: all images, 80% quality, 1920x1080 max 32 | optimize_images_complete "" "all" "80" "1920" "1080" 33 | 34 | optimize_pdfs 35 | 36 | delete_old_logs 37 | 38 | packages_remove_old 39 | 40 | optimize_ram_usage 41 | 42 | #DB_MAIL="${BROLIT_TMP_DIR}/databases-bk-${NOW}.mail" 43 | #DB_MAIL_VAR=$(<"${DB_MAIL}") 44 | 45 | #ONFIG_MAIL="${BROLIT_TMP_DIR}/configuration-bk-${NOW}.mail" 46 | #CONFIG_MAIL_VAR=$(<"${CONFIG_MAIL}") 47 | 48 | #FILE_MAIL="${BROLIT_TMP_DIR}/files-bk-${NOW}.mail" 49 | #FILE_MAIL_VAR=$(<"${FILE_MAIL}") 50 | 51 | #MAIL_FOOTER=$(mail_footer "${SCRIPT_V}") 52 | 53 | # Checking result status for mail subject 54 | #EMAIL_STATUS=$(mail_subject_status "${STATUS_BACKUP_DBS}" "${STATUS_BACKUP_FILES}" "${STATUS_SERVER}" "${OUTDATED_PACKAGES}") 55 | 56 | # Preparing email to send 57 | #log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_EMAIL_TO} ..." "true" 58 | 59 | #EMAIL_SUBJECT="${EMAIL_STATUS} on ${SERVER_NAME} Complete Backup - [${NOWDISPLAY}]" 60 | #EMAIL_CONTENT="${HTMLOPEN} ${BODY_SRV} ${PKG_MAIL_VAR} ${CERT_MAIL_VAR} ${CONFIG_MAIL_VAR} ${DB_MAIL_VAR} ${FILE_MAIL_VAR} ${MAIL_FOOTER}" 61 | 62 | # If NETDATA is installed, enable alarms 63 | if [[ ${PACKAGES_NETDATA_STATUS} == "enabled" ]]; then 64 | netdata_alerts_enable 65 | fi 66 | 67 | # Sending email notification 68 | #mail_send_notification "${EMAIL_SUBJECT}" "${EMAIL_CONTENT}" 69 | -------------------------------------------------------------------------------- /tests/test-environment/README.md: -------------------------------------------------------------------------------- 1 | # Brolit Shell Test Environment 2 | 3 | This Docker environment is designed to test the borgmatic template update functionality in isolation. It creates a clean Ubuntu environment with all dependencies installed and mounts the current brolit-shell codebase for testing. 4 | 5 | ## Prerequisites 6 | 7 | - Docker 8 | - Docker Compose 9 | 10 | ## Setup 11 | 12 | 1. Create the necessary directories: 13 | ```bash 14 | mkdir -p tests/test-environment/config 15 | ``` 16 | 17 | 2. Create a sample brolit configuration file: 18 | ```bash 19 | cat > tests/test-environment/config/brolit_conf.json << 'EOL' 20 | { 21 | "BACKUP_BORG_STATUS": "enabled", 22 | "BACKUP_BORG_USER": "testuser", 23 | "BACKUP_BORG_SERVER": "localhost", 24 | "BACKUP_BORG_PORT": "22", 25 | "BACKUP_BORG_GROUP": "test-group", 26 | "number_of_servers": 1 27 | } 28 | EOL 29 | ``` 30 | 31 | ## Building and Starting the Environment 32 | 33 | 1. Navigate to the test environment directory: 34 | ```bash 35 | cd tests/test-environment 36 | ``` 37 | 38 | 2. Build and start the container: 39 | ```bash 40 | docker-compose up -d --build 41 | ``` 42 | 43 | This will: 44 | - Build the Docker image using the Dockerfile 45 | - Install all required dependencies (borgbackup, borgmatic, yq, jq, etc.) 46 | - Copy the current brolit-shell codebase into the container 47 | - Start the container in detached mode 48 | 49 | ## Usage 50 | 51 | 1. Access the container: 52 | ```bash 53 | docker exec -it brolit-test-env bash 54 | ``` 55 | 56 | 2. Once inside the container, you can test the borgmatic template update: 57 | ```bash 58 | # Navigate to brolit-shell directory 59 | cd /brolit-shell 60 | 61 | # Run the update script 62 | bash libs/borg_storage_controller.sh borg_update_templates 63 | ``` 64 | 65 | 3. You can also test other brolit-shell functionality as needed. 66 | 67 | ## Stopping the Environment 68 | 69 | 1. Stop and remove the container: 70 | ```bash 71 | cd tests/test-environment 72 | docker-compose down 73 | ``` 74 | 75 | 2. To completely remove the container and image: 76 | ```bash 77 | cd tests/test-environment 78 | docker-compose down --rmi all 79 | ``` 80 | 81 | ## Notes 82 | 83 | - The environment always uses the current local version of brolit-shell 84 | - Configuration files are mounted from the host, so changes to config/brolit_conf.json will be reflected in the container 85 | - The container runs as root with password 'root' 86 | - SSH is available on port 2222 (mapped to localhost:2222) 87 | -------------------------------------------------------------------------------- /libs/apps/ntfy_notification_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | 7 | ################################################################################ 8 | # Ntfy Send Notification 9 | # 10 | # Arguments: 11 | # ${1} = {notification_title} 12 | # ${2} = {notification_content} 13 | # ${3} = {notification_type} 14 | # 15 | # Outputs: 16 | # 0 if it utils were installed, 1 on error. 17 | ################################################################################ 18 | 19 | function ntfy_send_notification() { 20 | 21 | local notification_title="${1}" 22 | local notification_content="${2}" 23 | local notification_type="${3}" 24 | 25 | # Determine notification priority based on type 26 | local priority 27 | 28 | case "${notification_type}" in 29 | 30 | "alert") 31 | priority="urgent" 32 | ;; 33 | "info") 34 | priority="default" 35 | ;; 36 | "success") 37 | priority="min" 38 | ;; 39 | *) 40 | priority="default" 41 | ;; 42 | 43 | esac 44 | 45 | # Log 46 | log_event "info" "Sending Ntfy notification ..." "false" 47 | log_event "debug" "${CURL} -H 'Title: ${notification_title}' -H 'Priority: ${priority}' -d '${notification_content}' -u '${NOTIFICATION_NTFY_USERNAME}:${NOTIFICATION_NTFY_PASSWORD}' '${NOTIFICATION_NTFY_SERVER}/${NOTIFICATION_NTFY_TOPIC}'" "false" 48 | 49 | # Ntfy command with priority 50 | ${CURL} -H "Title: ${notification_title}" -H "Priority: ${priority}" -d "${notification_content}" -u "${NOTIFICATION_NTFY_USERNAME}:${NOTIFICATION_NTFY_PASSWORD}" "${NOTIFICATION_NTFY_SERVER}/${NOTIFICATION_NTFY_TOPIC}" > /dev/null 2>&1 51 | 52 | exitstatus=$? 53 | if [[ ${exitstatus} -eq 0 ]]; then 54 | 55 | # Log on success 56 | log_event "info" "Ntfy notification sent!" 57 | display --indent 6 --text "- Sending ntfy notification" --result "DONE" --color GREEN 58 | 59 | return 0 60 | 61 | else 62 | # Log on failure 63 | log_event "error" "Ntfy notification error." "false" 64 | log_event "error" "Please, check server url on .brolit_conf.json" "false" 65 | display --indent 6 --text "- Sending ntfy notification" --result "FAIL" --color RED 66 | display --indent 8 --text "Check server url on .brolit_conf.json" --tcolor YELLOW 67 | 68 | return 1 69 | 70 | fi 71 | 72 | } 73 | -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_sec.conf: -------------------------------------------------------------------------------- 1 | # Wordpress security enhancements. Use https://securityheaders.io to test 2 | 3 | # Disable xmlrpc 4 | location = /xmlrpc.php { 5 | deny all; 6 | access_log off; 7 | log_not_found off; 8 | } 9 | 10 | # Disable php on wp-content/uploads 11 | location ~ ^/wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { 12 | deny all; 13 | access_log off; 14 | log_not_found off; 15 | } 16 | 17 | # Disable PHP in Plugins 18 | location ~ ^/wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { deny all; } 19 | 20 | # Disable PHP in Themes 21 | location ~ ^/wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { deny all; } 22 | 23 | # Throttle wp-admin requests 24 | location /wp-admin/ { 25 | limit_req zone=one burst=3 nodelay; 26 | limit_req_status 444; 27 | include fastcgi_params; 28 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_index index.php; 31 | try_files $uri $uri/ /wp-admin/index.php?q=$uri&$args; 32 | } 33 | 34 | # Throttle wp-login.php 35 | location = /wp-login.php { 36 | limit_req zone=login burst=2 nodelay; 37 | #include /etc/nginx/globals/php_fastcgi.conf; 38 | include snippets/fastcgi-php.conf; 39 | } 40 | 41 | # Reduce spam on comments 42 | location = /wp-comments-post.php { 43 | limit_except POST { deny all; } 44 | if ($http_user_agent ~ "^$") { return 403; } 45 | valid_referers server_names jetpack.wordpress.com/jetpack-comment/; 46 | if ($invalid_referer) { return 403; } 47 | } 48 | 49 | # Restrict direct access to cached content 50 | location /wp-content/cache/ { deny all; } 51 | 52 | # Protect system files 53 | location = /wp-admin/install.php { deny all; } 54 | location = /nginx.conf { deny all; } 55 | 56 | # Hide any hidden files 57 | location ~ /\. { deny all; } 58 | 59 | # Hide any backup or SQL dump files 60 | location ~ ^.+\.(sql|bak|php~|php#|php.save|php.swp|php.swo)$ { 61 | return 404; 62 | } 63 | 64 | location ~ /readme\.html$ { deny all; } 65 | location ~ /readme\.txt$ { deny all; } 66 | location ~ /wp-config.php$ { deny all; } 67 | location ~ ^/wp-admin/includes/ { deny all; } 68 | location ~ ^/wp-includes/[^/]+\.php$ { deny all; } 69 | location ~ ^/wp-includes/js/tinymce/langs/.+\.php$ { deny all; } 70 | location ~ ^/wp-includes/theme-compat/ { deny all; } 71 | location ~ ^.*/\.git/.*$ { deny all; } 72 | location ~ ^.*/\.svn/.*$ { deny all; } 73 | location ~* /wp-content/.*.php$ { 74 | deny all; 75 | access_log off; 76 | log_not_found off; 77 | } -------------------------------------------------------------------------------- /config/wordpress/wp-rocket-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "cache_mobile": 1, 3 | "purge_cron_interval": 24, 4 | "purge_cron_unit": "HOUR_IN_SECONDS", 5 | "minify_css": 1, 6 | "exclude_css": [], 7 | "async_css": 1, 8 | "critical_css": "", 9 | "remove_unused_css_safelist": [], 10 | "minify_js": 1, 11 | "exclude_inline_js": [], 12 | "exclude_js": [], 13 | "defer_all_js": 1, 14 | "exclude_defer_js": [], 15 | "delay_js": 1, 16 | "delay_js_exclusions": [], 17 | "lazyload": 1, 18 | "lazyload_iframes": 1, 19 | "exclude_lazyload": [], 20 | "image_dimensions": 1, 21 | "manual_preload": 1, 22 | "sitemaps": [], 23 | "preload_links": "1", 24 | "dns_prefetch": [], 25 | "preload_fonts": [], 26 | "cache_reject_uri": [], 27 | "cache_reject_cookies": [], 28 | "cache_reject_ua": [], 29 | "cache_purge_pages": [], 30 | "cache_query_strings": [], 31 | "database_auto_drafts": 1, 32 | "database_trashed_posts": 1, 33 | "database_spam_comments": 1, 34 | "database_trashed_comments": 1, 35 | "database_expired_transients": 1, 36 | "database_optimize_tables": 1, 37 | "automatic_cleanup_frequency": "", 38 | "cdn_cnames": [], 39 | "cdn_zone": [], 40 | "cdn_reject_files": [], 41 | "control_heartbeat": 1, 42 | "heartbeat_admin_behavior": "reduce_periodicity", 43 | "heartbeat_editor_behavior": "reduce_periodicity", 44 | "heartbeat_site_behavior": "reduce_periodicity", 45 | "do_cloudflare": 1, 46 | "cloudflare_api_key": "", 47 | "cloudflare_email": "", 48 | "cloudflare_zone_id": "", 49 | "cloudflare_devmode": 1, 50 | "sucury_waf_api_key": "", 51 | "consumer_key": "", 52 | "consumer_email": "", 53 | "secret_key": "", 54 | "license": "", 55 | "secret_cache_key": "60b172f59e6e0888663157", 56 | "minify_css_key": "60b1a19b1a7da213990821", 57 | "minify_js_key": "60b1a19d71f54344546959", 58 | "version": "3.9", 59 | "cloudflare_old_settings": "", 60 | "sitemap_preload_url_crawl": "500000", 61 | "cache_ssl": 1, 62 | "minify_google_fonts": 1, 63 | "emoji": 1, 64 | "async_css_mobile": "1", 65 | "cache_logged_user": 0, 66 | "do_caching_mobile_files": 0, 67 | "minify_concatenate_css": 0, 68 | "minify_concatenate_js": 0, 69 | "embeds": 0, 70 | "lazyload_youtube": 0, 71 | "database_revisions": 0, 72 | "database_all_transients": 0, 73 | "schedule_automatic_cleanup": 0, 74 | "sitemap_preload": 0, 75 | "cloudflare_auto_settings": 0, 76 | "cloudflare_protocol_rewrite": 0, 77 | "sucury_waf_cache_sync": 0, 78 | "cdn": 0, 79 | "varnish_auto_purge": 0, 80 | "remove_unused_css": 0 81 | } -------------------------------------------------------------------------------- /config/teleport/teleport_client.yaml: -------------------------------------------------------------------------------- 1 | # By default, this file should be stored in /etc/teleport.yaml 2 | 3 | # This section of the configuration file applies to all teleport 4 | # services. 5 | teleport: 6 | # nodename allows to assign an alternative name this node can be reached by. 7 | # by default it's equal to hostname 8 | nodename: TELEPORT_NODENAME 9 | 10 | # Data directory where Teleport keeps its data, like keys/users for 11 | # authentication (if using the default BoltDB back-end) 12 | data_dir: /var/lib/teleport 13 | 14 | # one-time invitation token used to join a cluster. it is not used on 15 | # subsequent starts 16 | auth_token: AUTH_TOKEN 17 | 18 | # when running in multi-homed or NATed environments Teleport nodes need 19 | # to know which IP it will be reachable at by other nodes 20 | advertise_ip: TELEPORT_ADVERTISE_IP 21 | 22 | # list of auth servers in a cluster. you will have more than one auth server 23 | # if you configure teleport auth to run in HA configuration 24 | auth_servers: 25 | - TELEPORT_CLUSTER_DOMAIN:3025 26 | 27 | # Teleport throttles all connections to avoid abuse. These settings allow 28 | # you to adjust the default limits 29 | connection_limits: 30 | max_connections: 1000 31 | max_users: 250 32 | 33 | # Logging configuration. Possible output values are 'stdout', 'stderr' and 34 | # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). 35 | log: 36 | output: stderr 37 | severity: ERROR 38 | 39 | ca_pin: CA_PIN 40 | 41 | # Type of storage used for keys. You need to configure this to use etcd 42 | # backend if you want to run Teleport in HA configuration. 43 | storage: 44 | type: bolt 45 | 46 | # This section configures the 'auth service': 47 | auth_service: 48 | # Turns 'auth' role on. Default is 'yes' 49 | enabled: no 50 | 51 | # This section configures the 'node service': 52 | ssh_service: 53 | # Turns 'ssh' role on. Default is 'yes' 54 | enabled: yes 55 | 56 | # IP and the port for SSH service to bind to. 57 | listen_addr: 0.0.0.0:3022 58 | # See explanation of labels in "Labeling Nodes" section below 59 | labels: 60 | env: SERVER_ENV 61 | type: SERVER_TYPE 62 | role: SERVER_ROLE 63 | # List (YAML array) of commands to periodically execute and use 64 | # their output as labels. 65 | # See explanation of how this works in "Labeling Nodes" section below 66 | commands: 67 | - name: hostname 68 | command: [/bin/hostname] 69 | period: 1m0s 70 | - name: arch 71 | command: [/bin/uname, -p] 72 | period: 1h0m0s 73 | 74 | # This section configures the 'proxy servie' 75 | proxy_service: 76 | # Turns 'proxy' role on. Default is 'yes' 77 | enabled: no -------------------------------------------------------------------------------- /tests/test_borg_restore_debug.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test script for Borg restore debug 4 | # This script tests the corrected Borg restore functionality with debug logs 5 | # 6 | 7 | # Source the main brolit configuration 8 | if [[ -f "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" ]]; then 9 | source "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" 10 | else 11 | echo "ERROR: brolit_configuration_manager.sh not found" 12 | exit 1 13 | fi 14 | 15 | # Source the borg storage controller 16 | if [[ -f "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" ]]; then 17 | source "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" 18 | else 19 | echo "ERROR: borg_storage_controller.sh not found" 20 | exit 1 21 | fi 22 | 23 | function test_restore_backup_with_borg() { 24 | echo "Testing restore_backup_with_borg function..." 25 | 26 | # Enable debug mode 27 | DEBUG="true" 28 | 29 | # Test with a dummy server hostname 30 | local test_hostname="test-server" 31 | 32 | echo "Calling restore_backup_with_borg with hostname: ${test_hostname}" 33 | 34 | # This should show the server selection process 35 | restore_backup_with_borg "${test_hostname}" 36 | 37 | local result=$? 38 | echo "Function returned: ${result}" 39 | 40 | echo "Test completed." 41 | } 42 | 43 | function test_mount_storage_box() { 44 | echo "Testing mount_storage_box function..." 45 | 46 | # Enable debug mode 47 | DEBUG="true" 48 | 49 | # Test with a dummy directory 50 | local test_dir="/tmp/test_storage_box_$(date +%s)" 51 | mkdir -p "${test_dir}" 52 | 53 | echo "Calling mount_storage_box with directory: ${test_dir}" 54 | 55 | # This should show the server selection and mounting process 56 | mount_storage_box "${test_dir}" 57 | 58 | local result=$? 59 | echo "Function returned: ${result}" 60 | 61 | # Clean up 62 | if mount | grep -q "${test_dir}"; then 63 | umount "${test_dir}" 64 | fi 65 | rm -rf "${test_dir}" 66 | 67 | echo "Test completed." 68 | } 69 | 70 | # Main test execution 71 | echo "Running Borg restore debug tests..." 72 | echo "BROLIT_MAIN_DIR: ${BROLIT_MAIN_DIR}" 73 | echo "Current working directory: $(pwd)" 74 | 75 | # Show current Borg configuration 76 | echo "=== Current Borg Configuration ===" 77 | echo "BACKUP_BORG_STATUS: ${BACKUP_BORG_STATUS}" 78 | echo "BACKUP_BORG_GROUP: ${BACKUP_BORG_GROUP}" 79 | echo "Number of servers: ${#BACKUP_BORG_USERS[@]}" 80 | 81 | for i in "${!BACKUP_BORG_USERS[@]}"; do 82 | echo "Server ${i}: ${BACKUP_BORG_USERS[$i]}@${BACKUP_BORG_SERVERS[$i]}:${BACKUP_BORG_PORTS[$i]}" 83 | done 84 | 85 | echo "" 86 | 87 | # Run tests 88 | test_mount_storage_box 89 | test_restore_backup_with_borg 90 | 91 | echo "All debug tests completed!" 92 | -------------------------------------------------------------------------------- /config/netdata/python.d/varnish.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for varnish 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, varnish also supports the following: 63 | # 64 | # instance_name: 'name' # the name of the varnishd instance to get logs from. If not specified, the host name is used. 65 | # 66 | # ---------------------------------------------------------------------- 67 | -------------------------------------------------------------------------------- /config/netdata/python.d/postfix.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for postfix 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # postfix is slow, so once every 10 seconds 24 | update_every: 10 25 | 26 | # priority controls the order of charts at the netdata dashboard. 27 | # Lower numbers move the charts towards the top of the page. 28 | # If unset, the default for python.d.plugin is used. 29 | # priority: 60000 30 | 31 | # penalty indicates whether to apply penalty to update_every in case of failures. 32 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 33 | # penalty: yes 34 | 35 | # autodetection_retry sets the job re-check interval in seconds. 36 | # The job is not deleted if check fails. 37 | # Attempts to start the job are made once every autodetection_retry. 38 | # This feature is disabled by default. 39 | # autodetection_retry: 0 40 | 41 | # ---------------------------------------------------------------------- 42 | # JOBS (data collection sources) 43 | # 44 | # The default JOBS share the same *name*. JOBS with the same name 45 | # are mutually exclusive. Only one of them will be allowed running at 46 | # any time. This allows autodetection to try several alternatives and 47 | # pick the one that works. 48 | # 49 | # Any number of jobs is supported. 50 | # 51 | # All python.d.plugin JOBS (for all its modules) support a set of 52 | # predefined parameters. These are: 53 | # 54 | # job_name: 55 | # name: myname # the JOB's name as it will appear at the 56 | # # dashboard (by default is the job_name) 57 | # # JOBs sharing a name are mutually exclusive 58 | # update_every: 1 # the JOB's data collection frequency 59 | # priority: 60000 # the JOB's order on the dashboard 60 | # penalty: yes # the JOB's penalty 61 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 62 | # 63 | # Additionally to the above, postfix also supports the following: 64 | # 65 | # command: 'postqueue -p' # the command to run 66 | # 67 | 68 | # ---------------------------------------------------------------------- 69 | # AUTO-DETECTION JOBS 70 | 71 | local: 72 | command: 'postqueue -p' 73 | -------------------------------------------------------------------------------- /libs/apps/netdata_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ################################################################################ 6 | # 7 | # Netdata Helper 8 | # 9 | # Ref: https://github.com/nextcloud/vm/blob/master/apps/netdata.sh 10 | # 11 | ################################################################################ 12 | 13 | function netdata_alerts_disable() { 14 | 15 | local netdata_api_key 16 | 17 | # Doc: https://learn.netdata.cloud/docs/agent/web/api/health 18 | 19 | # The API is available by default, but it is protected by an api authorization token 20 | # that is stored in the file you will see in the following entry of http://NODE:19999/netdata.conf: 21 | # netdata management api key file = /var/lib/netdata/netdata.api.key 22 | 23 | netdata_api_key="$(cat /var/lib/netdata/netdata.api.key)" 24 | 25 | ## If all you need is temporarily disable all health checks, then you issue the following before your maintenance period starts: 26 | #curl "http://NODE:19999/api/v1/manage/health?cmd=DISABLE ALL" -H "X-Auth-Token: Mytoken" 27 | 28 | ## If you want the health checks to be running but to not receive any notifications during your maintenance period, you can instead use this: 29 | curl "http://localhost:19999/api/v1/manage/health?cmd=SILENCE%20ALL" -H "X-Auth-Token: ${netdata_api_key}" 30 | 31 | # Log 32 | log_event "info" "Disabling netdata alarms ..." "false" 33 | log_event "info" "Running: curl \"http://localhost:19999/api/v1/manage/health?cmd=SILENCE ALL\" -H \"X-Auth-Token: ${netdata_api_key}\"" "false" 34 | 35 | } 36 | 37 | function netdata_alerts_enable() { 38 | 39 | local netdata_api_key 40 | 41 | # Doc: https://learn.netdata.cloud/docs/agent/web/api/health 42 | 43 | # The API is available by default, but it is protected by an api authorization token 44 | # that is stored in the file you will see in the following entry of http://NODE:19999/netdata.conf: 45 | # netdata management api key file = /var/lib/netdata/netdata.api.key 46 | 47 | netdata_api_key="$(cat /var/lib/netdata/netdata.api.key)" 48 | 49 | ## If all you need is temporarily disable all health checks, then you issue the following before your maintenance period starts: 50 | #curl "http://NODE:19999/api/v1/manage/health?cmd=DISABLE ALL" -H "X-Auth-Token: Mytoken" 51 | 52 | ## If you want the health checks to be running but to not receive any notifications during your maintenance period, you can instead use this: 53 | curl "http://localhost:19999/api/v1/manage/health?cmd=RESET" -H "X-Auth-Token: ${netdata_api_key}" 54 | 55 | # Log 56 | log_event "info" "Restoring netdata alarms status..." "false" 57 | log_event "info" "Running: curl \"http://localhost:19999/api/v1/manage/health?cmd=RESET\" -H \"X-Auth-Token: ${netdata_api_key}\"" "false" 58 | 59 | } 60 | -------------------------------------------------------------------------------- /utils/certbot_manager.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.4 5 | ############################################################################# 6 | # 7 | # Ref: https://certbot.eff.org/docs/using.html 8 | # 9 | ############################################################################# 10 | 11 | # Manager should only contains: 12 | # 1- Menus functions 13 | # 2- Sub-task handler function 14 | # 3- User imput functions 15 | # 16 | # All other things should be on *_helper.sh 17 | 18 | function certbot_manager_menu() { 19 | 20 | local domains 21 | local certbot_options 22 | local chosen_cb_options 23 | 24 | # Check and update certbot email if needed 25 | certbot_check_and_update_email "${NOTIFICATION_EMAIL_EMAIL_TO}" 26 | 27 | certbot_options=( 28 | "01)" "INSTALL CERTIFICATE" 29 | "02)" "EXPAND CERTIFICATE" 30 | "03)" "TEST RENEW ALL CERTIFICATES" 31 | "04)" "FORCE RENEW CERTIFICATE" 32 | "05)" "DELETE CERTIFICATE" 33 | "06)" "SHOW INSTALLED CERTIFICATES" 34 | ) 35 | chosen_cb_options="$(whiptail --title "CERTBOT MANAGER" --menu " " 20 78 10 "${certbot_options[@]}" 3>&1 1>&2 2>&3)" 36 | 37 | exitstatus=$? 38 | if [[ ${exitstatus} -eq 0 ]]; then 39 | 40 | if [[ ${chosen_cb_options} == *"01"* ]]; then 41 | 42 | # INSTALL-CERTIFICATE 43 | domains="$(certbot_helper_ask_domains)" 44 | exitstatus=$? 45 | if [[ ${exitstatus} -eq 0 ]]; then 46 | certbot_helper_installer_menu "${NOTIFICATION_EMAIL_EMAIL_TO}" "${domains}" 47 | fi 48 | 49 | fi 50 | 51 | if [[ ${chosen_cb_options} == *"02"* ]]; then 52 | # EXPAND-CERTIFICATE 53 | domains="$(certbot_helper_ask_domains)" 54 | exitstatus=$? 55 | if [[ ${exitstatus} -eq 0 ]]; then 56 | certbot_certificate_expand "${NOTIFICATION_EMAIL_EMAIL_TO}" "${domains}" 57 | fi 58 | 59 | fi 60 | 61 | if [[ ${chosen_cb_options} == *"03"* ]]; then 62 | # TEST-RENEW-ALL-CERTIFICATES 63 | certbot_certificate_renew_test 64 | 65 | fi 66 | 67 | if [[ ${chosen_cb_options} == *"04"* ]]; then 68 | # FORCE-RENEW-CERTIFICATE 69 | domains="$(certbot_helper_ask_domains)" 70 | exitstatus=$? 71 | if [[ ${exitstatus} -eq 0 ]]; then 72 | certbot_certificate_force_renew "${domains}" 73 | fi 74 | 75 | fi 76 | 77 | if [[ ${chosen_cb_options} == *"05"* ]]; then 78 | # DELETE-CERTIFICATE 79 | certbot_certificate_delete "${domains}" 80 | 81 | fi 82 | 83 | if [[ ${chosen_cb_options} == *"06"* ]]; then 84 | # SHOW-INSTALLED-CERTIFICATES 85 | certbot_show_certificates_info 86 | 87 | fi 88 | 89 | prompt_return_or_finish 90 | certbot_manager_menu 91 | 92 | fi 93 | 94 | menu_main_options 95 | 96 | } 97 | 98 | function certbot_tasks_handler() { 99 | 100 | echo "TODO" 101 | 102 | } -------------------------------------------------------------------------------- /config/domain_extension-list: -------------------------------------------------------------------------------- 1 | # Countries 2 | .ae # United Arab Emirates 3 | .africa # Africa 4 | .al # Albania 5 | .ai # Anguilla 6 | .ag # Antigua 7 | .ar # Argentina 8 | .com.ar # Argentina 9 | .edu.ar # Argentina 10 | .org.ar # Argentina 11 | .net.ar # Argentina 12 | .tur.ar # Argentina 13 | .gob.ar # Argentina 14 | .asia # Asia 15 | .com.au # Australia 16 | .at # Austria 17 | .bb # Barbados 18 | .be # Belgium 19 | .bo # Bolivia 20 | .com.br # Brazil 21 | .io # British Indian Ocean Territory 22 | .bg # Bulgaria 23 | .cm # Cameroon 24 | .ca # Canada 25 | .cl # Chile 26 | .cn # China 27 | .com.cn # China 28 | .com.co # Colombia 29 | .cg # Congo Republic 30 | .co.cr # Costa Rica 31 | .com.hr # Croatia 32 | .hr # Croatia 33 | .cz # Czech Republic 34 | .dk # Denmark 35 | .ec # Ecuador 36 | .com.eg # Egypt 37 | .eg # Egypt 38 | .eu # European Union 39 | .fi # Finland 40 | .fr # France 41 | .de # Germany 42 | .gr # Greece 43 | .ht # Haiti 44 | .com.hk # Hong Kong 45 | .hk # Hong Kong 46 | .is # Iceland 47 | .in # India 48 | .co.id # Indonesia 49 | .ie # Ireland 50 | .it # Italy 51 | .jp # Japan 52 | .jo # Jordan 53 | .la # Laos 54 | .lv # Latvia 55 | .ly # Libya 56 | .my # Malaysia 57 | .mr # Mauritania 58 | .com.mx # Mexico 59 | .mx # Mexico 60 | .me # Montenegro 61 | .nl # Netherlands 62 | .no # Norway 63 | .pk # Pakistan 64 | .ps # Palestine 65 | .com.pa # Panama 66 | .com.py # Paraguay 67 | .pe # Peru 68 | .ph # Philippines 69 | .pl # Poland 70 | .pt # Portugal 71 | .com.pr # Puerto Rico 72 | .qa # Qatar 73 | .ro # Romania 74 | .ru # Russian Federation 75 | .sl # Sierra Leone 76 | .sg # Singapore 77 | .sk # Slovakia 78 | .si # Slovenia 79 | .kr # South Korea 80 | .es # Spain 81 | .se # Sweden 82 | .ch # Switzerland 83 | .tw # Taiwan 84 | .com.tr # Turkey 85 | .tv # Tuvalu 86 | .ua # Ukraine 87 | .co.uk # United Kingdom 88 | .uk # United Kingdom 89 | .com.uy # Uruguay 90 | .uy # Uruguay 91 | .us # USA 92 | .uz # Uzbekistan 93 | .com.ve # Venezuela 94 | .vn # Vietnam 95 | 96 | # Generic 97 | .com 98 | .net 99 | .org 100 | .dev 101 | .app 102 | .co 103 | .club 104 | .biz 105 | .info 106 | .int 107 | .mobi 108 | .pw 109 | .tel 110 | .travel 111 | .tv 112 | .media 113 | .agency 114 | .xxx 115 | .host 116 | .hosting 117 | .live 118 | .studio 119 | .team 120 | .top 121 | .icu 122 | .us 123 | .website 124 | .xyz 125 | 126 | # TLDs 127 | https://data.iana.org/TLD/tlds-alpha-by-domain.txt 128 | -------------------------------------------------------------------------------- /config/netdata/python.d/fail2ban.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for fail2ban 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, fail2ban also supports the following: 63 | # 64 | # log_path: 'path to fail2ban.log' # Default: '/var/log/fail2ban.log' 65 | # conf_path: 'path to jail.local/jail.conf' # Default: '/etc/fail2ban/jail.local' 66 | # conf_dir: 'path to jail.d/' # Default: '/etc/fail2ban/jail.d/' 67 | # exclude: 'jails you want to exclude from autodetection' # Default: none 68 | #------------------------------------------------------------------------------------------------------------------ 69 | -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/testUnit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DU=./dropbox_uploader.sh 4 | 5 | function check_exit 6 | { 7 | if [ $? -ne 0 ]; then 8 | echo " Error!!!" 9 | exit 1 10 | else 11 | echo " Passed" 12 | fi 13 | } 14 | 15 | #Creating garbage data 16 | echo -ne " - Creating garbage data...\n" 17 | rm -fr "testData" 18 | mkdir -p "testData" 19 | dd if=/dev/urandom of="testData/file 1.txt" bs=1M count=3 20 | dd if=/dev/urandom of="testData/file 2 ù.txt" bs=1M count=5 21 | mkdir -p "testData/recurse" 22 | dd if=/dev/urandom of="testData/recurse/file 3.txt" bs=1M count=1 23 | dd if=/dev/urandom of="testData/recurse/test_Ü.txt" bs=1M count=1 24 | dd if=/dev/urandom of="testData/recurse/test%20test.txt" bs=1M count=1 25 | mkdir -p "testData/recurse/dir 1/" 26 | dd if=/dev/urandom of="testData/recurse/dir 1/file 4.txt" bs=1M count=1 27 | mkdir -p "testData/recurse/dir 1/dir 3/" 28 | dd if=/dev/urandom of="testData/recurse/dir 1/dir 3/file 5.txt" bs=1M count=1 29 | mkdir -p "testData/recurse/dir 2/" 30 | 31 | dd if=/dev/urandom of="testData/file%20file.txt" bs=1M count=1 32 | 33 | rm -fr recurse 34 | 35 | #Rmdir 36 | echo -ne " - Remove remote directory..." 37 | $DU -q remove du_tests 38 | echo "" 39 | 40 | #Mkdir 41 | echo -ne " - Make remote directory..." 42 | $DU -q mkdir du_tests 43 | check_exit 44 | 45 | #Simple upload 46 | echo -ne " - Simple file upload..." 47 | $DU -q upload "testData/file 1.txt" du_tests 48 | check_exit 49 | 50 | #Checking with list 51 | echo -ne " - Checking file..." 52 | $DU -q list du_tests | grep "file 1.txt" > /dev/null 53 | check_exit 54 | 55 | #Simple upload 2 56 | echo -ne " - Simple file upload with unicode chars..." 57 | $DU -q upload testData/file\ 2* du_tests 58 | check_exit 59 | 60 | #Checking with list 61 | echo -ne " - Checking file..." 62 | $DU -q list du_tests | grep "file 2 ù.txt" > /dev/null 63 | check_exit 64 | 65 | #Simple upload 3 66 | echo -ne " - Simple file upload with printf formats..." 67 | $DU -q upload "testData/file%20file.txt" du_tests 68 | check_exit 69 | 70 | #Checking with list 71 | echo -ne " - Checking file..." 72 | $DU -q list du_tests | grep "file%20file.txt" > /dev/null 73 | check_exit 74 | 75 | #Recursive directory upload 76 | echo -ne " - Recursive directory upload..." 77 | $DU -q upload testData/recurse du_tests 78 | check_exit 79 | 80 | #Recursive directory download 81 | echo -ne " - Recursive directory download..." 82 | $DU -q download du_tests/recurse 83 | check_exit 84 | 85 | #Checking the downloaded dir 86 | echo -ne " - Checking the downloaded dir..." 87 | diff -r recurse testData/recurse/ 88 | check_exit 89 | 90 | #Again, recursive directory download 91 | echo -ne " - Again recursive directory download..." 92 | $DU -q download du_tests/recurse 93 | check_exit 94 | 95 | #Again, checking the downloaded dir 96 | echo -ne " - Checking the downloaded dir..." 97 | diff -r recurse testData/recurse/ 98 | check_exit 99 | 100 | rm -fr "recurse" 101 | rm -fr "testData" 102 | 103 | #Rmdir 104 | echo -ne " - Remove remote directory..." 105 | $DU -q remove du_tests 106 | check_exit 107 | -------------------------------------------------------------------------------- /TEST_NOTIFICATION_TYPES.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test script for notification_type support in email notifications 4 | # This demonstrates the new functionality added in Phase 3 5 | # 6 | 7 | # Colors for output 8 | RED='\033[0;31m' 9 | GREEN='\033[0;32m' 10 | YELLOW='\033[1;33m' 11 | BLUE='\033[0;34m' 12 | NC='\033[0m' # No Color 13 | 14 | echo "=========================================" 15 | echo " Email Notification Type Test Suite" 16 | echo "=========================================" 17 | echo "" 18 | 19 | # Check if mail_template_engine exists 20 | if [[ ! -f "libs/local/mail_template_engine.sh" ]]; then 21 | echo -e "${RED}✗ ERROR: mail_template_engine.sh not found${NC}" 22 | exit 1 23 | fi 24 | 25 | echo -e "${GREEN}✓ mail_template_engine.sh found${NC}" 26 | 27 | # Check if templates exist 28 | TEMPLATE_DIR="templates/emails/default" 29 | TEMPLATES=("notification-alert" "notification-warning" "notification-info" "notification-success") 30 | MISSING=0 31 | 32 | echo "" 33 | echo "Checking notification templates..." 34 | for template in "${TEMPLATES[@]}"; do 35 | if [[ -f "${TEMPLATE_DIR}/${template}-tpl.html" ]]; then 36 | echo -e "${GREEN} ✓ ${template}-tpl.html${NC}" 37 | else 38 | echo -e "${RED} ✗ ${template}-tpl.html MISSING${NC}" 39 | MISSING=$((MISSING + 1)) 40 | fi 41 | done 42 | 43 | if [[ $MISSING -gt 0 ]]; then 44 | echo -e "\n${RED}✗ Missing $MISSING templates${NC}" 45 | exit 1 46 | fi 47 | 48 | echo -e "\n${GREEN}✓ All 4 notification templates found${NC}" 49 | 50 | # Check modified files 51 | echo "" 52 | echo "Checking modified files..." 53 | 54 | # Check mail_send_notification accepts 3 parameters 55 | if grep -q 'local notification_type="${3:-info}"' "libs/local/mail_notification_helper.sh"; then 56 | echo -e "${GREEN} ✓ mail_send_notification() accepts notification_type parameter${NC}" 57 | else 58 | echo -e "${RED} ✗ mail_send_notification() missing notification_type parameter${NC}" 59 | exit 1 60 | fi 61 | 62 | # Check notification_controller passes notification_type 63 | if grep -q 'mail_send_notification "${notification_title}" "${notification_content}" "${notification_type}"' "libs/notification_controller.sh"; then 64 | echo -e "${GREEN} ✓ notification_controller.sh passes notification_type to email${NC}" 65 | else 66 | echo -e "${RED} ✗ notification_controller.sh not passing notification_type${NC}" 67 | exit 1 68 | fi 69 | 70 | # Summary 71 | echo "" 72 | echo "=========================================" 73 | echo -e "${GREEN}✓ All Phase 3 changes verified!${NC}" 74 | echo "=========================================" 75 | echo "" 76 | echo "Next steps:" 77 | echo " 1. Test with actual email sending (requires SMTP config)" 78 | echo " 2. Verify visual appearance of different notification types" 79 | echo " 3. Check logs for proper template wrapping" 80 | echo "" 81 | echo "Example usage:" 82 | echo " send_notification 'Test Alert' 'This is a test' 'alert'" 83 | echo " send_notification 'Test Warning' 'This is a test' 'warning'" 84 | echo " send_notification 'Test Info' 'This is a test' 'info'" 85 | echo " send_notification 'Test Success' 'This is a test' 'success'" 86 | echo "" 87 | -------------------------------------------------------------------------------- /config/netdata/python.d/apache.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for apache 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, apache also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch apache's mod_status stats 65 | # 66 | # if the URL is password protected, the following are supported: 67 | # 68 | # user: 'username' 69 | # pass: 'password' 70 | 71 | # ---------------------------------------------------------------------- 72 | # AUTO-DETECTION JOBS 73 | # only one of them will run (they have the same name) 74 | 75 | localhost: 76 | name : 'local' 77 | url : 'http://localhost/server-status?auto' 78 | 79 | localipv4: 80 | name : 'local' 81 | url : 'http://127.0.0.1/server-status?auto' 82 | 83 | localipv6: 84 | name : 'local' 85 | url : 'http://[::1]/server-status?auto' 86 | -------------------------------------------------------------------------------- /config/netdata/python.d/memcached.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for memcached 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, memcached also supports the following: 63 | # 64 | # socket: 'path/to/memcached.sock' 65 | # 66 | # or 67 | # host: 'IP or HOSTNAME' # the host to connect to 68 | # port: PORT # the port to connect to 69 | # 70 | # 71 | 72 | # ---------------------------------------------------------------------- 73 | # AUTO-DETECTION JOBS 74 | # only one of them will run (they have the same name) 75 | 76 | localhost: 77 | name : 'local' 78 | host : 'localhost' 79 | port : 11211 80 | 81 | localipv4: 82 | name : 'local' 83 | host : '127.0.0.1' 84 | port : 11211 85 | 86 | localipv6: 87 | name : 'local' 88 | host : '::1' 89 | port : 11211 90 | 91 | -------------------------------------------------------------------------------- /tests/test_borg_integration.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test script for Borg integration with connectivity check 4 | # This script tests the integrated connectivity check in mount and restore functions 5 | # 6 | 7 | # Source the main brolit configuration 8 | if [[ -f "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" ]]; then 9 | source "${BROLIT_MAIN_DIR}/utils/brolit_configuration_manager.sh" 10 | else 11 | echo "ERROR: brolit_configuration_manager.sh not found" 12 | exit 1 13 | fi 14 | 15 | # Source the borg storage controller 16 | if [[ -f "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" ]]; then 17 | source "${BROLIT_MAIN_DIR}/libs/borg_storage_controller.sh" 18 | else 19 | echo "ERROR: borg_storage_controller.sh not found" 20 | exit 1 21 | fi 22 | 23 | function test_mount_storage_box_integration() { 24 | echo "Testing mount_storage_box integration with connectivity check..." 25 | 26 | # Enable debug mode 27 | DEBUG="true" 28 | 29 | # Test with a dummy directory 30 | local test_dir="/tmp/test_storage_box_integration_$(date +%s)" 31 | mkdir -p "${test_dir}" 32 | 33 | echo "Calling mount_storage_box with directory: ${test_dir}" 34 | echo "Note: This will show the server selection menu if multiple servers are configured" 35 | 36 | # This should show the server selection and connectivity check 37 | mount_storage_box "${test_dir}" 38 | 39 | local result=$? 40 | echo "mount_storage_box returned: ${result}" 41 | 42 | # Clean up 43 | if mount | grep -q "${test_dir}"; then 44 | umount "${test_dir}" 45 | fi 46 | rm -rf "${test_dir}" 47 | 48 | echo "mount_storage_box integration test completed." 49 | } 50 | 51 | function test_restore_integration() { 52 | echo "Testing restore_backup_with_borg integration with connectivity check..." 53 | 54 | # Enable debug mode 55 | DEBUG="true" 56 | 57 | # Test with a dummy server hostname 58 | local test_hostname="test-server" 59 | 60 | echo "Calling restore_backup_with_borg with hostname: ${test_hostname}" 61 | echo "Note: This will show the server selection menu and connectivity check" 62 | 63 | # This should show the server selection and connectivity check 64 | restore_backup_with_borg "${test_hostname}" 65 | 66 | local result=$? 67 | echo "restore_backup_with_borg returned: ${result}" 68 | 69 | echo "restore_backup_with_borg integration test completed." 70 | } 71 | 72 | # Main test execution 73 | echo "Running Borg integration tests..." 74 | echo "BROLIT_MAIN_DIR: ${BROLIT_MAIN_DIR}" 75 | echo "Current working directory: $(pwd)" 76 | 77 | # Show current Borg configuration 78 | echo "=== Current Borg Configuration ===" 79 | echo "BACKUP_BORG_STATUS: ${BACKUP_BORG_STATUS}" 80 | echo "BACKUP_BORG_GROUP: ${BACKUP_BORG_GROUP}" 81 | echo "Number of servers: ${#BACKUP_BORG_USERS[@]}" 82 | 83 | for i in "${!BACKUP_BORG_USERS[@]}"; do 84 | echo "Server ${i}: ${BACKUP_BORG_USERS[$i]}@${BACKUP_BORG_SERVERS[$i]}:${BACKUP_BORG_PORTS[$i]}" 85 | done 86 | 87 | echo "" 88 | 89 | # Run integration tests 90 | test_mount_storage_box_integration 91 | echo "" 92 | test_restore_integration 93 | 94 | echo "" 95 | echo "All Borg integration tests completed!" 96 | echo "Check the logs for detailed connectivity check results." 97 | -------------------------------------------------------------------------------- /config/netdata/python.d/phpfpm.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for PHP-FPM 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, PHP-FPM also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch nginx's status stats 65 | # # Be sure and include ?full&status at the end of the url 66 | # 67 | # if the URL is password protected, the following are supported: 68 | # 69 | # user: 'username' 70 | # pass: 'password' 71 | # 72 | 73 | # ---------------------------------------------------------------------- 74 | # AUTO-DETECTION JOBS 75 | # only one of them will run (they have the same name) 76 | 77 | localhost: 78 | name : 'local' 79 | url : "http://localhost/status?full&json" 80 | 81 | localipv4: 82 | name : 'local' 83 | url : "http://127.0.0.1/status?full&json" 84 | 85 | localipv6: 86 | name : 'local' 87 | url : "http://[::1]/status?full&json" 88 | 89 | -------------------------------------------------------------------------------- /config/netdata/python.d/monit.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for monit 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, this plugin also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch monit's status stats 65 | # 66 | # if the URL is password protected, the following are supported: 67 | # 68 | # user: 'username' 69 | # pass: 'password' 70 | # 71 | # Example 72 | # 73 | # local: 74 | # name : 'Local Monit' 75 | # url : 'http://localhost:2812' 76 | # 77 | # "local" will show up in Netdata logs. "Reverse Proxy" will show up in the menu 78 | # in the monit section. 79 | 80 | # ---------------------------------------------------------------------- 81 | # AUTO-DETECTION JOBS 82 | # only one of them will run (they have the same name) 83 | 84 | localhost: 85 | name : 'local' 86 | url : 'http://localhost:2812' 87 | user : 'MONIT_USER' 88 | pass : 'MONIT_PASSWORD' 89 | --------------------------------------------------------------------------------