From 9585718e0e1a6a58b919c59c716a2b7730ecd260 Mon Sep 17 00:00:00 2001
From: Kakious <kakious@kakio.us>
Date: Tue, 26 Sep 2023 15:03:01 -0400
Subject: [PATCH] chore: initial upload

---
 docker-images/backend-node.Dockerfile         |  56 ++++
 docker-images/backend-php.Dockerfile          |  69 +++++
 docker-images/main.Dockerfile                 |  33 +++
 fox-api/main.tf                               | 259 ++++++++++++++++++
 fox-api/nginx/nginx.conf                      |  53 ++++
 fox-api/nginx/nginxconfig.io/general.conf     |  32 +++
 fox-api/nginx/nginxconfig.io/php_fastcgi.conf |  17 ++
 fox-api/nginx/nginxconfig.io/security.conf    |  13 +
 8 files changed, 532 insertions(+)
 create mode 100644 docker-images/backend-node.Dockerfile
 create mode 100644 docker-images/backend-php.Dockerfile
 create mode 100644 docker-images/main.Dockerfile
 create mode 100644 fox-api/main.tf
 create mode 100644 fox-api/nginx/nginx.conf
 create mode 100644 fox-api/nginx/nginxconfig.io/general.conf
 create mode 100644 fox-api/nginx/nginxconfig.io/php_fastcgi.conf
 create mode 100644 fox-api/nginx/nginxconfig.io/security.conf

diff --git a/docker-images/backend-node.Dockerfile b/docker-images/backend-node.Dockerfile
new file mode 100644
index 0000000..127d9a2
--- /dev/null
+++ b/docker-images/backend-node.Dockerfile
@@ -0,0 +1,56 @@
+# Start from base image (built on Docker host)
+FROM git.kakio.us/kakious/coder-base:latest
+
+# Install everything as root
+USER root
+
+# Install Node
+RUN curl -sL https://deb.nodesource.com/setup_19.x | bash -
+RUN DEBIAN_FRONTEND="noninteractive" apt-get update -y && \
+    apt-get install -y nodejs
+
+# Install Yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
+RUN DEBIAN_FRONTEND="noninteractive" apt-get update && apt-get install -y yarn
+
+# Create the persistent data folder
+RUN mkdir -p /data
+
+# Install MySQL
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y mysql-server
+
+# Move the data folder to the persistent data folder and grant mysql access to it
+RUN mv /var/lib/mysql /data/mysql
+RUN echo "datadir       = /data/mysql" >> /etc/mysql/mysql.conf.d/mysqld.cnf
+RUN usermod -a -G coder mysql
+
+# Create a symbolic link to the persistent data folder just in case
+RUN ln -s /data/mysql /var/lib/mysql
+
+# Install Redis
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y redis-server
+
+# Install the latest redisjson
+RUN wget https://redismodules.s3.amazonaws.com/rejson/rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip
+RUN unzip rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip
+RUN mkdir -p /usr/lib/redis/modules
+RUN cp rejson.so /usr/lib/redis/modules/rejson.so
+RUN rm rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip && rm rejson.so
+
+# Update the redis config to include loadmodule
+RUN echo "loadmodule /usr/lib/redis/modules/rejson.so" >> /etc/redis/redis.conf
+
+# Install the latest rabbitmq
+RUN apt install -y rabbitmq-server
+RUN ln -s /data/rabbitmq /var/lib/rabbitmq
+
+
+
+RUN sudo usermod -d /data/mysql/ mysql
+
+# Make sure the services are started on the start of the container
+CMD service mysql start && service redis-server start && service rabbitmq-server start && /usr/bin/code-server --bind-addr
+
+# Set back to coder user
+USER coder
\ No newline at end of file
diff --git a/docker-images/backend-php.Dockerfile b/docker-images/backend-php.Dockerfile
new file mode 100644
index 0000000..b7cf3cc
--- /dev/null
+++ b/docker-images/backend-php.Dockerfile
@@ -0,0 +1,69 @@
+# Start from base image (built on Docker host)
+FROM git.kakio.us/kakious/coder-base:latest
+
+# Install everything as root
+USER root
+
+RUN DEBIAN_FRONTEND="noninteractive" apt-get update
+
+# Create the persistent data folder
+RUN mkdir -p /data
+
+# Install MySQL
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y mysql-server
+
+# Move the data folder to the persistent data folder and grant mysql access to it
+RUN mv /var/lib/mysql /data/mysql
+RUN echo "datadir       = /data/mysql" >> /etc/mysql/mysql.conf.d/mysqld.cnf
+RUN usermod -a -G coder mysql
+
+# Create a symbolic link to the persistent data folder just in case
+RUN ln -s /data/mysql /var/lib/mysql
+
+# Install Redis
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y redis-server
+
+# Install the latest redisjson
+RUN wget https://redismodules.s3.amazonaws.com/rejson/rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip
+RUN unzip rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip
+RUN mkdir -p /usr/lib/redis/modules
+RUN cp rejson.so /usr/lib/redis/modules/rejson.so
+RUN rm rejson.Linux-ubuntu20.04-x86_64.2.4.5.zip && rm rejson.so
+
+# Update the redis config to include loadmodule
+RUN echo "loadmodule /usr/lib/redis/modules/rejson.so" >> /etc/redis/redis.conf
+
+# Install the latest rabbitmq
+RUN apt install -y rabbitmq-server
+RUN ln -s /data/rabbitmq /var/lib/rabbitmq
+
+RUN sudo usermod -d /data/mysql/ mysql
+
+
+RUN DEBIAN_FRONTEND="noninteractive" add-apt-repository ppa:ondrej/php -y
+RUN DEBIAN_FRONTEND="noninteractive" apt-get update
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y php8.2 php8.2-cli php8.2-bz2 php8.2-curl php8.2-mbstring php8.2-intl php8.2-apcu php8.2-redis php8.2-fpm
+
+# Install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+
+#Configure PHP-FPM
+RUN sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/8.2/fpm/php.ini
+RUN sed -i 's/;apc.enable_cli=0/apc.enable_cli=1/g' /etc/php/8.2/fpm/php.ini
+
+# Install NGINX
+RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y nginx
+
+# Setup Nginx config
+RUN rm /etc/nginx/sites-enabled/default
+
+#Download nginx config from git
+RUN wget https://raw.githubusercontent.com/kakious/coder/main/nginx.conf -O /etc/nginx/sites-enabled/default
+
+
+# Make sure the services are started on the start of the container
+CMD service mysql start && service redis-server start && service rabbitmq-server start && service php8.2-fpm start && service nginx start
+
+# Set back to coder user
+USER coder
\ No newline at end of file
diff --git a/docker-images/main.Dockerfile b/docker-images/main.Dockerfile
new file mode 100644
index 0000000..a688e92
--- /dev/null
+++ b/docker-images/main.Dockerfile
@@ -0,0 +1,33 @@
+FROM ubuntu:jammy
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND="noninteractive" apt-get install --yes \
+    bash \
+    build-essential \
+    ca-certificates \
+    curl \
+    htop \
+    locales \
+    man \
+    python3 \
+    python3-pip \
+    software-properties-common \
+    sudo \
+    systemd \
+    systemd-sysv \
+    unzip \
+    vim \
+    wget && \
+    # Install latest Git using their official PPA
+    add-apt-repository ppa:git-core/ppa && \
+    DEBIAN_FRONTEND="noninteractive" apt-get install --yes git
+
+# Add a user `coder` so that you're not developing as the `root` user
+RUN useradd coder \
+    --create-home \
+    --shell=/bin/bash \
+    --uid=1001 \
+    --user-group && \
+    echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
+
+USER coder
\ No newline at end of file
diff --git a/fox-api/main.tf b/fox-api/main.tf
new file mode 100644
index 0000000..9040c14
--- /dev/null
+++ b/fox-api/main.tf
@@ -0,0 +1,259 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "~> 0.8.3"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 3.0.1"
+    }
+  }
+}
+
+locals {
+  username = data.coder_workspace.me.owner
+}
+
+data "coder_provisioner" "me" {
+}
+
+provider "docker" {
+}
+
+data "coder_workspace" "me" {
+}
+
+data "coder_git_auth" "github" {
+  # Matches the ID of the git auth provider in Coder.
+  id = "primary-github"
+}
+
+resource "coder_app" "fox_api" {
+  agent_id     = coder_agent.main.id
+  slug         = "fox-api"
+  display_name = "F.O.X. API"
+  icon         = "https://media.furality.online/boop/furality.png"
+  url          = "http://localhost:8080"
+  share        = "public"
+  subdomain    = false
+}
+
+resource "coder_agent" "main" {
+  arch = data.coder_provisioner.me.arch
+  os   = "linux"
+
+  startup_script_timeout = 180
+  startup_script         = <<-EOT
+    set -e
+
+    # start the services
+    echo "[SETUP] Starting core services (sql and redis)"
+    sudo service mysql start 2>&1 /dev/null
+    sudo service redis-server start 2>&1 /dev/null
+    echo "[SETUP] Core services started"
+
+    if [ ! -f ~/.coder-env ]; then
+      echo "[SETUP] Creating ~/.coder-env"
+      echo "WORKSPACE_ENV=$WORKSPACE_ENV" >> ~/.coder-env
+      echo "USERNAME_ENV=$USERNAME_ENV" >> ~/.coder-env
+      echo "[SETUP] Created ~/.coder-env"
+    fi
+
+    if [ ! -d ~/oauth-provider ]; then
+        echo "[SETUP] Cloning Github Repo"
+        git clone https://github.com/furality/oauth-provider/
+
+        echo "[SETUP] Git Keys imported"
+
+
+        echo "Downloading setup script from git"
+        wget -q -O ~/setup-script.sh https://git.kakio.us/kakious/docker-images/raw/branch/main/boop-keys/setup-fox.sh
+        echo "[SETUP] Downloaded setup script from git"
+        chmod +x ~/setup-script.sh
+
+        echo "[SETUP] Running Setup Script"
+        sudo ./setup-script.sh 2>&1 /dev/null
+        echo "[SETUP] Setup Script Done"
+        cd ~/oauth-provider
+   fi
+
+   echo "[SETUP] Setup Complete"
+  EOT
+
+    env = {
+    GIT_AUTHOR_NAME     = "${data.coder_workspace.me.owner}"
+    GIT_COMMITTER_NAME  = "${data.coder_workspace.me.owner}"
+    GIT_AUTHOR_EMAIL    = "${data.coder_workspace.me.owner_email}"
+    GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}"
+    GITHUB_TOKEN        = "${data.coder_git_auth.github.access_token}"
+    WORKSPACE_ENV       = "${data.coder_workspace.me.name}"
+    USERNAME_ENV        = "${data.coder_workspace.me.owner}"
+    }
+
+metadata {
+    display_name = "RAM Usage"
+    key          = "1_ram_usage"
+    script       = "coder stat mem"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Home Disk"
+    key          = "3_home_disk"
+    script       = "coder stat disk --path $${HOME}"
+    interval     = 60
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "CPU Usage (Host)"
+    key          = "4_cpu_usage_host"
+    script       = "coder stat cpu --host"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Memory Usage (Host)"
+    key          = "5_mem_usage_host"
+    script       = "coder stat mem --host"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Load Average (Host)"
+    key          = "6_load_host"
+    # get load avg scaled by number of cores
+    script   = <<EOT
+      echo "`cat /proc/loadavg | awk '{ print $1 }'` `nproc`" | awk '{ printf "%0.2f", $1/$2 }'
+    EOT
+    interval = 60
+    timeout  = 1
+  }
+
+  metadata {
+    display_name = "Swap Usage (Host)"
+    key          = "7_swap_host"
+    script       = <<EOT
+      free -b | awk '/^Swap/ { printf("%.1f/%.1f", $3/1024.0/1024.0/1024.0, $2/1024.0/1024.0/1024.0) }'
+    EOT
+    interval     = 10
+    timeout      = 1
+  }
+}
+
+resource "docker_volume" "home_volume" {
+  name = "coder-${data.coder_workspace.me.id}-home"
+  # Protect the volume from being deleted due to changes in attributes.
+  lifecycle {
+    ignore_changes = all
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace.me.owner
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace.me.owner_id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  # This field becomes outdated if the workspace is renamed but can
+  # be useful for debugging or cleaning out dangling volumes.
+  labels {
+    label = "coder.workspace_name_at_creation"
+    value = data.coder_workspace.me.name
+  }
+}
+
+resource "docker_volume" "data_volume" {
+name = "coder-${data.coder_workspace.me.id}-data"
+  # Protect the volume from being deleted due to changes in attributes.
+  lifecycle {
+    ignore_changes = all
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace.me.owner
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace.me.owner_id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  # This field becomes outdated if the workspace is renamed but can
+  # be useful for debugging or cleaning out dangling volumes.
+  labels {
+    label = "coder.workspace_name_at_creation"
+    value = data.coder_workspace.me.name
+  }
+}
+
+data "docker_registry_image" "main" {
+  name = "git.kakio.us/kakious/coder-backend:latest"
+}
+
+resource "docker_image" "main" {
+  name          = data.docker_registry_image.main.name
+  pull_triggers = [data.docker_registry_image.main.sha256_digest]
+  force_remove = false
+  keep_locally = true
+}
+
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = docker_image.main.name
+  # Uses lower() to avoid Docker restriction on container names.
+  name = "${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
+  # Hostname makes the shell more user friendly: coder@my-workspace:~$
+  hostname = data.coder_workspace.me.name
+  memory = "4098"
+  memory_swap = "-1" 
+  # Use the docker gateway if the access URL is 127.0.0.1
+  entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")]
+  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+  volumes {
+    container_path = "/home/coder"
+    volume_name    = docker_volume.home_volume.name
+    read_only      = false
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name    = docker_volume.data_volume.name
+    read_only      = false
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace.me.owner
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace.me.owner_id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  labels {
+    label = "coder.workspace_name"
+    value = data.coder_workspace.me.name
+  }
+}
+
+
diff --git a/fox-api/nginx/nginx.conf b/fox-api/nginx/nginx.conf
new file mode 100644
index 0000000..7920df9
--- /dev/null
+++ b/fox-api/nginx/nginx.conf
@@ -0,0 +1,53 @@
+# Generated by nginxconfig.io
+
+user www-data;
+pid /run/nginx.pid;
+worker_processes auto;
+worker_rlimit_nofile 65535;
+
+events {
+	multi_accept on;
+	worker_connections 65535;
+}
+
+http {
+	charset utf-8;
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	server_tokens off;
+	log_not_found off;
+	types_hash_max_size 2048;
+	client_max_body_size 16M;
+
+	# MIME
+	include mime.types;
+	default_type application/octet-stream;
+
+	# logging
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log warn;
+
+	# SSL
+	ssl_session_timeout 1d;
+	ssl_session_cache shared:SSL:10m;
+	ssl_session_tickets off;
+
+	# Diffie-Hellman parameter for DHE ciphersuites
+	ssl_dhparam /etc/nginx/dhparam.pem;
+
+	# Mozilla Intermediate configuration
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+	# OCSP Stapling
+	ssl_stapling on;
+	ssl_stapling_verify on;
+	resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
+	resolver_timeout 2s;
+
+	# load configs
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
diff --git a/fox-api/nginx/nginxconfig.io/general.conf b/fox-api/nginx/nginxconfig.io/general.conf
new file mode 100644
index 0000000..525651b
--- /dev/null
+++ b/fox-api/nginx/nginxconfig.io/general.conf
@@ -0,0 +1,32 @@
+# favicon.ico
+location = /favicon.ico {
+	log_not_found off;
+	access_log off;
+}
+
+# robots.txt
+location = /robots.txt {
+	log_not_found off;
+	access_log off;
+}
+
+# assets, media
+location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+	expires 7d;
+	access_log off;
+}
+
+# svg, fonts
+location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+	add_header Access-Control-Allow-Origin "*";
+	expires 7d;
+	access_log off;
+}
+
+# gzip
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
diff --git a/fox-api/nginx/nginxconfig.io/php_fastcgi.conf b/fox-api/nginx/nginxconfig.io/php_fastcgi.conf
new file mode 100644
index 0000000..92da90a
--- /dev/null
+++ b/fox-api/nginx/nginxconfig.io/php_fastcgi.conf
@@ -0,0 +1,17 @@
+# 404
+try_files $fastcgi_script_name =404;
+
+# default fastcgi_params
+include fastcgi_params;
+
+# fastcgi settings
+fastcgi_pass			unix:/var/run/php/php8.2-fpm.sock;
+fastcgi_index			index.php;
+fastcgi_buffers			8 16k;
+fastcgi_buffer_size		32k;
+
+# fastcgi params
+fastcgi_param DOCUMENT_ROOT		$realpath_root;
+fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
+fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
+
diff --git a/fox-api/nginx/nginxconfig.io/security.conf b/fox-api/nginx/nginxconfig.io/security.conf
new file mode 100644
index 0000000..633d359
--- /dev/null
+++ b/fox-api/nginx/nginxconfig.io/security.conf
@@ -0,0 +1,13 @@
+# security headers
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+# . files
+location ~ /\.(?!well-known) {
+	deny all;
+}
+