make container setup suck less

migrated to Postgres because of binary availability of postgres python
client. Also implemented development compose file and refactored
production python image

Dockerfile

@@ -1,6 +1,9 @@
-FROM python:3.11.0a3-bullseye
-RUN pip install keycloak_wrapper paho-mqtt python-keycloak mysql.connector
-RUN mkdir /app/
-COPY main.py /app/
+FROM python:3.11-alpine
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+COPY ./fab_access/* /app
+
 ENTRYPOINT [ "python" ]
-CMD [ "-u", "/app/main.py" ]
+CMD [ "-u", "main.py" ]

Dockerfile-DB

@@ -1,2 +0,0 @@
-FROM mysql:5.7
-ADD FabAccess.sql /docker-entrypoint-initdb.d

FabAccess.sql

@@ -1,5 +0,0 @@
-DROP DATABASE IF EXISTS FabAccess;
-CREATE DATABASE IF NOT EXISTS FabAccess;
-USE FabAccess;
-CREATE TABLE `ReaderPlug` (`ReaderID` INT NOT NULL , `PlugName` VARCHAR(255) NOT NULL, `PermissionPath` VARCHAR(255) NOT NULL, `Status` BOOLEAN NOT NULL, `LastUser` VARCHAR(255) NOT NULL) ENGINE = InnoDB;
-INSERT INTO `ReaderPlug` (`ReaderID`, `PlugName`, `PermissionPath`, `Status`, `LastUser`) VALUES ("001", "lasercutter", "sfz.lasercutter.trotec", 0, "luca.lutz");

docker-compose.yml

@@ -1,536 +1,47 @@
 version: '3'
-
-networks:
-  auth:
-  FabDB:
-  FabLoggingDB:
-  FabLoggingTelegraf:
-  reverse-proxy:
-  mediawiki:
-  nextcloud:
-  gitea:
-  octofarm:
-  octoproxy:
-    ipam:
-      config:
-        - subnet: 172.42.0.0/24
-  odoo:
-  roundcube:
-  partdb:
-
-volumes:
-  build-trigger:
-  build-output:
-  db:
-  nextcloud:
-
-secrets:
-  samba-admin-password:
-    file: ./samba-admin-password
-
 services:
-  AD:
-    image: instantlinux/samba-dc:latest
-    restart: always
-    network_mode: host
-    cap_add:
-      - CAP_SYS_ADMIN
-    hostname: dc.sfz.lab
-    environment:
-      DOMAIN_ACTION: provision
-      INTERFACES: -lo eth0
-      REALM: ad.sfz.lab
-      TZ: Europe/Berlin
-      WORKGROUP: AD
-    volumes:
-      - ./data/samba/config:/etc/samba
-      - ./data/samba/data:/var/lib/samba
-    secrets:
-      - samba-admin-password
-
-  reverse-proxy:
-    image: nginx-openid
-    build:
-      context: ./data/reverse-proxy/
-      dockerfile: Dockerfile
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./data/reverse-proxy/content/:/usr/share/nginx/html/
-      - ./data/reverse-proxy/config/:/etc/nginx/conf.d/
-      - /etc/letsencrypt:/etc/nginx/certs
-      - /etc/localtime:/etc/localtime:ro
-      - ./data/mirror/config/:/mirror/config_web/
-    networks:
-      reverse-proxy:
-    restart: unless-stopped
-
-
-  mysql:
-    image: mysql:5.7
-    volumes:
-      - ./data/keycloak/DB/:/var/lib/mysql
-    environment:
-      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
-      MYSQL_DATABASE: ${KEYCLOAK_DB_NAME}
-      MYSQL_USER: ${KEYCLOAK_DB_USER}
-      MYSQL_PASSWORD: ${KEYCLOAK_DB_PW}
-    networks:
-      auth:
-
-  keycloak:
-    image: keycloak-sfz
-    build:
-      context: ./data/keycloak/
-      dockerfile: Dockerfile
-    environment:
-      - DB_VENDOR=MYSQL
-      - DB_ADDR=mysql
-      - DB_DATABASE=${KEYCLOAK_DB_NAME}
-      - DB_USER=${KEYCLOAK_DB_USER}
-      - DB_PASSWORD=${KEYCLOAK_DB_PW}
-      - KEYCLOAK_USER=${KEYCLOAK_USER_NAME}
-      - KEYCLOAK_PASSWORD=${KEYCLOAK_USER_PW}
-      - PROXY_ADDRESS_FORWARDING=true
+  backend:
+    build: .
     depends_on:
-      - mysql
-    networks:
-      auth:
-      reverse-proxy:
-    volumes:
-      - ./data/keycloak/data/:/lib/jvm/jre-11/lib/security/
-      - ./data/keycloak/cert/:/etc/pki/java/
-    
-
-  mosquitto:
-    image: hivemq/hivemq4
-    ports:
-      - 1883:1883
-      - 9001:9001
-    networks:
-      - FabDB
-
-  FabBackend:
-    image: fabbackend
-    build:
-      context: ./data/FabBackend
-      dockerfile: Dockerfile
+      - db
+      - mqtt
     environment:
-      KEYCLOAK_USER_NAME: ${KEYCLOAK_USER_NAME}
-      KEYCLOAK_USER_PW: ${KEYCLOAK_USER_PW}
-      KEYCLOAK_REALM: ${KEYCLOAK_REALM}
-      FABDB_DB_USER_NAME: ${FABDB_DB_USER_NAME}
-      FABDB_DB_USER_PW: ${FABDB_DB_USER_PW}
-      FABDB_DB_NAME: ${FABDB_DB_NAME}
-    networks:
-      - FabDB
-      - auth
+      # Keycloak config
+      KEYCLOAK_URL: ${KEYCLOAK_URL:?err}
+      KEYCLOAK_USER_NAME: ${KEYCLOAK_USER_NAME:?err}
+      KEYCLOAK_USER_PW: ${KEYCLOAK_USER_PW:?err}
+      KEYCLOAK_REALM: ${KEYCLOAK_REALM:?err}
+      # DB config
+      DB_HOSTNAME: ${DB_HOSTNAME:?err}
+      DB_USERNAME: ${DB_USERNAME:?err}
+      DB_PASSWORD: ${DB_PASSWORD:?err}
+      DB_DATABASE: ${DB_DATABASE:?err}
+      # MQTT config
+      MQTT_USERNAME: ${MQTT_USERNAME:?err}
+      MQTT_PASSWORD: ${MQTT_PASSWORD:?err}
+      MQTT_BROKER: ${MQTT_BROKER:?err}
+      MQTT_CLIENT: ${MQTT_CLIENT:?err}
     restart: unless-stopped
-
-  FabDB:
-    image: fabdb
-    build:
-      context: ./data/FabBackend
-      dockerfile: Dockerfile-DB
-    volumes:
-      - ./data/FabBackend/DB/:/var/lib/mysql
-    environment:
-      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
-      MYSQL_DATABASE: ${FABDB_DB_NAME}
-      MYSQL_USER: ${FABDB_DB_USER_NAME}
-      MYSQL_PASSWORD: ${FABDB_DB_USER_PW}
-    networks:
-      - FabDB
-
-  FabLoggingDB:
-    image: influxdb:1.5
-    volumes:
-      - ./data/FabLogging/DB/data/:/var/lib/influxdb/
-      - ./data/FabLogging/DB/config/:/etc/influxdb/
-    restart: always
-    networks:
-      - FabLoggingDB
-      - FabLoggingTelegraf
-
-  FabLoggingDBTelegraf:
-    image: telegraf
-    volumes:
-      - ./data/FabLogging/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf
-      - /var/run/docker.sock:/var/run/docker.sock
-    restart: always
-    user: "0"
-    networks:
-      - FabDB
-      - FabLoggingTelegraf
-
-  grafana:
-    image: grafana/grafana
-    user: "0"
-    #ports:
-    #  - "3000:3000"
-    volumes:
-      - ./data/FabLogging/data/grafana:/var/lib/grafana
-    restart: always
-    networks:
-      - FabLoggingDB
-
-  buildserver-worker:
-    image: buildserver
-    build:
-      context: ./data/buildserver/worker/
-      dockerfile: Dockerfile
-    volumes:
-      - build-trigger:/trigger/
-      - build-output:/output/
-      - /etc/localtime:/etc/localtime:ro
-    restart: unless-stopped
-
-  buildserver-web-trigger:
-    image: buildserver-web-trigger
-    build: 
-      context: ./data/buildserver/trigger/
-      dockerfile: Dockerfile
-    networks:
-      reverse-proxy:
-    volumes:
-      - build-trigger:/var/www/trigger/
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      - DEBUG=true
-      - HISTCONTROL=ignoredups
-    restart: unless-stopped
-      
-  buildserver-web-server:
-    image: httpd:latest
-    networks:
-      reverse-proxy:
-    volumes:
-      - build-output:/usr/local/apache2/htdocs/
-      - /etc/localtime:/etc/localtime:ro
-    restart: unless-stopped
-
-  mediawiki:
-    image: mediawikisfz
-    build:
-      dockerfile: Dockerfile
-      context: ./data/mediawiki/
-    networks:
-      reverse-proxy:
-      mediawiki:
-      auth:
-    depends_on:
-      - mediawiki-mysql
-    restart: unless-stopped
-    volumes:
-     - ./data/mediawiki/images:/var/www/html/images/
-
-  mediawiki-mysql:
-    image: mariadb
-    volumes:
-     - ./data/mediawiki/DB:/var/lib/mysql
-    environment: 
-      MYSQL_ROOT_PASSWORD: ${MEDIAWIKIDB_ROOT_PW}
-    networks:
-      mediawiki:
-    hostname: mediawiki-mysql
-    restart: unless-stopped
-
-  cdn01:
-    image: httpd
-    networks:
-      reverse-proxy:
-    volumes:
-      - ./data/CDN:/usr/local/apache2/htdocs/
-    restart: unless-stopped
-
-  cdn02:
-    image: httpd
-    networks:
-      reverse-proxy:
-    volumes:
-      - ./data/CDN:/usr/local/apache2/htdocs/
-    restart: unless-stopped
-    
-  cdn03:  
-    image: httpd
-    networks:
-      reverse-proxy:    
-    volumes:
-      - ./data/CDN:/usr/local/apache2/htdocs/
-    restart: unless-stopped
-
   db:
-    image: mariadb:10.5
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    restart: always
+    image: postgres:15-alpine
     volumes:
-      - db:/var/lib/mysql
-    networks:
-      nextcloud:
+      - ./sql/:/docker-entrypoint-initdb.d/:ro,Z
     environment:
-      - MYSQL_RANDOM_ROOT_PASSWORD="yes"
-      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW}
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  redis:
-    image: redis:alpine
-    restart: always
-    networks:
-      nextcloud:
-
-  app:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html
+      POSTGRES_DB: ${DB_DATABASE}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+  mqtt:
+    image: eclipse-mosquitto:2
     environment:
-      - MYSQL_HOST=db
-      - REDIS_HOST=redis
-      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW}
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-    depends_on:
-      - db
-      - redis
-    networks:
-      nextcloud:
-
-  web:
-    build: ./data/nextcloud/
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html:ro
-    depends_on:
-      - app
-    networks:
-      reverse-proxy:
-      nextcloud:
-
-  cron:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html
-    entrypoint: /cron.sh
-    depends_on:
-      - db
-      - redis
-
-  gitea:
-    image: gitea/gitea:1.15.9
-    environment:
-      - USER_UID=1000
-      - USER_GID=1000
-      - GITEA__database__DB_TYPE=mysql
-      - GITEA__database__HOST=git-db:3306
-      - GITEA__database__NAME=gitea
-      - GITEA__database__USER=gitea
-      - GITEA__database__PASSWD=${GIT_DB_PW}
-    restart: always
-    networks:
-      - gitea
-      - reverse-proxy
-    volumes:
-      - ./data/gitea/data:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - git-db
-  
-  git-db:
-    image: mysql:8
-    restart: always
-    environment:
-      - MYSQL_RANDOM_ROOT_PASSWORD="yes"
-      - MYSQL_USER=gitea
-      - MYSQL_PASSWORD=${GIT_DB_PW}
-      - MYSQL_DATABASE=gitea
-    networks:
-      - gitea
-    volumes:
-      - ./data/gitea/db:/var/lib/mysql
-
-  octofarm-db:
-    image: mongo:4.4
-    environment:
-      MONGO_INITDB_ROOT_USERNAME: octofarm
-      MONGO_INITDB_ROOT_PASSWORD: ${OCTOFARM_DB_PW}
-      MONGO_INITDB_DATABASE: octofarm
-    volumes:
-      - ./data/OctoFarm/data/mongodb-data:/data/db
-    restart: unless-stopped
-    networks:
-      octofarm:
-
-  octofarm:
-    image: octofarm/octofarm:latest
-    restart: unless-stopped
-    mem_limit: 400m # Feel free to adjust! 400 MB is quite high and a safety limit.
-    networks:
-      reverse-proxy:
-      octofarm:
-      octoproxy:
-        ipv4_address: 172.42.0.3
-    environment:
-      - MONGO=mongodb://octofarm:${OCTOFARM_DB_PW}@octofarm-db:27017/octofarm?authSource=admin
-    ports:
-      - 4000:4000
-    expose:
-      - 4000
-    volumes:
-      - ./data/OctoFarm/logs:/app/logs
-      - ./data/OctoFarm/scripts:/app/scripts
-      - ./data/OctoFarm/images:/app/images
-      - ./data/OctoFarm/hosts:/etc/hosts:ro
-
-  octoproxy:
-    image: nginx:latest
-    volumes:
-      - ./data/octoproxy/config/:/etc/nginx/conf.d/
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/letsencrypt:/etc/nginx/certs
-    networks:
-      octoproxy:
-        ipv4_address: 172.42.0.2
-    restart: unless-stopped
-
-  octostreamer:
-    image: gersilex/cvlc
-    command: rtsp://admin:@10.10.42.60 --sout '#transcode{vcodec=MJPG,venc=ffmpeg{strict=1}}:standard{access=http{mime=multipart/x-mixed-replace;boundary=--7b3cc56e5f51db803f790dad720ed50a},mux=mpjpeg,dst=:8080/}'
-    networks:
-      reverse-proxy:
-    environment:
-      - RS_SNAPSHOT_INTERVAL=1000
-
-  octorestreamer:
-    image: datarhei/restreamer:latest
-    restart: always
-    networks:
-      reverse-proxy:
-    environment:
-      - RS_USERNAME=admin
-      - RS_PASSWORD=${OCTORESTREAMER_PW}
-    ports:
-      - 8087:8080
-    volumes:
-      - ./data/restreamer/db:/restreamer/db
-
-#  docker-zabbix-agent:
-#    restart: always
-#    ports:
-#      - '10060:10050'
-#    volumes:
-#      - /etc/localtime:/etc/localtime:ro
-#      - /etc/timezone:/etc/timezone:ro
-#    environment:
-#      - ZBX_SERVER_HOST=172.21.0.1
-#      - ZBX_HOSTNAME=USV
-#    image: apcupsd
-#    devices:
-#      - /dev/usb/hiddev0
-#    build:
-#      context: ./data/usv/
-#      dockerfile: Dockerfile
-
-  docker-zabbix-agent2:
-    restart: always
-    ports:
-      - '10061:10050'
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-    environment:
-      - ZBX_SERVER_HOST=192.168.64.1
-      - ZBX_HOSTNAME=SSL
-    image: zabbix/zabbix-agent2
-
-  odoo:
-    image: odoo-sfz
-    build:
-      context: ./data/odoo
-      dockerfile: Dockerfile
-    depends_on:
-      - odoo-db
-    environment:
-    - HOST=odoo-db
-    - USER=odoo
-    - PASSWORD=${ODOO_DB_PW}
-    networks:
-      reverse-proxy:
-      odoo:
-    volumes:
-      - ./data/odoo/addons:/var/lib/odoo/.local/share/Odoo/addons/14.0/
-      - ./data/odoo/conf:/etc/odoo
-      - ./data/odoo/data:/var/lib/odoo
-
-  odoo-db:
-    image: postgres:13
-    environment:
-      - POSTGRES_DB=postgres
-      - POSTGRES_PASSWORD=${ODOO_DB_PW}
-      - POSTGRES_USER=odoo
-    networks:
-      odoo:
-    volumes:
-      - ./data/odoo/db:/var/lib/postgresql/data
-
-  roundcubedb:
-    image: mysql:5.7
-    container_name: roundcubedb
-    restart: unless-stopped
-    volumes:
-      - ./data/webmail/db/mysql:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=${WEBMAIL_PW}
-      - MYSQL_DATABASE=roundcubemail
-    networks:
-      roundcube:
-
-  documentserver:
-    restart: always
-    image: onlyoffice/documentserver
-    networks:
-      reverse-proxy:
-
-  roundcubemail:
-    image: roundcube/roundcubemail:latest
-    container_name: roundcubemail
-    restart: unless-stopped
-    networks:
-      reverse-proxy:
-      roundcube:
-    depends_on:
-      - roundcubedb
-    volumes:
-      - ./data/webmail/www:/var/www/html
-    environment:
-      - ROUNDCUBEMAIL_DB_TYPE=mysql
-      - ROUNDCUBEMAIL_DB_HOST=roundcubedb
-      - ROUNDCUBEMAIL_DB_PASSWORD=${WEBMAIL_PW}
-      - ROUNDCUBEMAIL_SKIN=elastic
-      - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.sfz-aalen.space
-      - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.sfz-aalen.space
-
-  partdb-db:
-    image: mysql
-    command: --default-authentication-plugin=mysql_native_password
-    restart: always
-    networks:
-      partdb:
-    environment:
-      MYSQL_ROOT_PASSWORD: ${PARTDB_ROOT_PW}
-
-  partdb:
-    container_name: partdb
-    # By default Part-DB will be running under Port 8080, you can change it here
-    image: jbtronics/part-db1:master
-    volumes:
-      # By default
-      - ./uploads:/var/www/html/uploads
-      - ./public_media:/var/www/html/public/media
-    restart: unless-stopped
-    networks:
-      reverse-proxy:
-      partdb:
+      MQTT_USERNAME: ${MQTT_USERNAME}
+      MQTT_PASSWORD: ${MQTT_PASSWORD}
+    entrypoint:
+      - sh
+      - -c
+      - |
+        touch /mosquitto/config/passwd
+        mosquitto_passwd -b /mosquitto/config/passwd $${MQTT_USERNAME:?err} $${MQTT_PASSWORD:?err}
+        echo "bind_address 0.0.0.0" > /mosquitto/config/mosquitto.conf
+        echo "password_file /mosquitto/config/passwd" >> /mosquitto/config/mosquitto.conf
+        echo "allow_anonymous false" >> /mosquitto/config/mosquitto.conf
+        /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf

sql/FabAccess.sql

@@ -0,0 +1,11 @@
+CREATE TABLE ReaderPlug(
+    ReaderID INT NOT NULL,
+    PlugName VARCHAR(255) NOT NULL,
+    PermissionPath VARCHAR(255) NOT NULL,
+    Status BOOLEAN NOT NULL,
+    LastUser VARCHAR(255) NOT NULL
+);
+
+INSERT INTO ReaderPlug(
+    ReaderID, PlugName, PermissionPath, Status, LastUser
+) VALUES (1, 'lasercutter', 'sfz.lasercutter.trotec', false, 'luca.lutz');