From fbbaf1f31f4b0f866998e8cd7953d1e7fc7e1cd2 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Mon, 20 Jan 2025 17:24:27 +0100
Subject: [PATCH] fully qualified images + static ips

---
 apache.Containerfile     |  2 +-
 base.yaml                |  3 ++-
 compose.yaml             | 26 ++++++++++++++++++++++++++
 conf/knot-secondary.conf |  6 +++---
 conf/knot.conf           |  6 +++---
 cronie.Containerfile     |  2 +-
 knot.Containerfile       |  2 +-
 nginx.Containerfile      |  2 +-
 php.Containerfile        |  2 +-
 sftpgo.Containerfile     |  4 ++--
 tor.Containerfile        |  2 +-
 11 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/apache.Containerfile b/apache.Containerfile
index 552f2c1..d55b340 100644
--- a/apache.Containerfile
+++ b/apache.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add apache2 apache2-brotli
 RUN chown apache: /run/apache2/
 USER apache
diff --git a/base.yaml b/base.yaml
index 2bcb636..7dd47e5 100644
--- a/base.yaml
+++ b/base.yaml
@@ -1,6 +1,8 @@
 name: servnest
 services:
   alpine:
+    pull_policy: build
+    image: a.invalid/servnest/alpine
     build:
       args:
         SYS: $SYS
@@ -18,4 +20,3 @@ services:
       service: alpine
     build:
       args: {}
-
diff --git a/compose.yaml b/compose.yaml
index 4a35f2d..c71d7be 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,7 @@
 name: servnest
 services:
   tor:
+    image: a.invalid/servnest/tor
     extends:
       file: base.yaml
       service: base
@@ -15,7 +16,11 @@ services:
       - ./sock/nginx-onion/:/run/nginx-onion/:rw
       - ./tmp/tor/:/var/lib/tor/:rw
     mem_limit: 128m
+    networks:
+      snet:
+        ipv4_address: 10.5.0.59
   sftpgo:
+    image: a.invalid/servnest/sftpgo
     extends:
       file: base.yaml
       service: base
@@ -32,7 +37,11 @@ services:
       - ./data/ht/fs/:/srv/servnest/ht/fs/:rw
       - ./logs/sftpgo/:/var/log/sftpgo/:rw
     mem_limit: 256mb
+    networks:
+      snet:
+        ipv4_address: 10.5.0.58
   knot:
+    image: a.invalid/servnest/knot
     extends:
       file: base.yaml
       service: base
@@ -52,6 +61,7 @@ services:
       snet:
         ipv4_address: 10.5.0.51
   knot-secondary:
+    image: a.invalid/servnest/knot-secondary
     extends:
       file: base.yaml
       service: base
@@ -69,6 +79,7 @@ services:
       snet:
         ipv4_address: 10.5.0.52
   apache:
+    image: a.invalid/servnest/apache
     extends:
       file: base.yaml
       service: base
@@ -80,7 +91,11 @@ services:
       - ./data/ht/:/srv/servnest/ht/:ro
       - ./logs/apache/:/var/log/apache2/:rw
       - ./tmp/apache/:/run/apache2/:rw
+    networks:
+      snet:
+        ipv4_address: 10.5.0.57
   php:
+    image: a.invalid/servnest/php
     extends:
       file: base.yaml
       service: base
@@ -126,7 +141,11 @@ services:
       - SETUID
       - SETGID
       - CHOWN
+    networks:
+      snet:
+        ipv4_address: 10.5.0.54
   cronie:
+    image: a.invalid/servnest/cronie
     extends:
       service: php
     build:
@@ -135,7 +154,11 @@ services:
       - ./conf/cronie:/etc/cron.d/servnest:ro
       - ./logs/cronie/:/var/log/cronie/:rw
       - ./tmp/cronie/:/var/run/:rw
+    networks:
+      snet:
+        ipv4_address: 10.5.0.55
   nginx:
+    image: a.invalid/servnest/nginx
     extends:
       file: base.yaml
       service: base
@@ -157,6 +180,9 @@ services:
       - ./tmp/nginx/:/var/lib/nginx/tmp/:rw
       - ./tmp/nginx-run/:/run/nginx/:rw
       - ./tmp/acme/:/srv/servnest/acme/:ro
+    networks:
+      snet:
+        ipv4_address: 10.5.0.56
 networks:
   snet:
     driver: bridge
diff --git a/conf/knot-secondary.conf b/conf/knot-secondary.conf
index 4fa9876..cdf17a6 100644
--- a/conf/knot-secondary.conf
+++ b/conf/knot-secondary.conf
@@ -2,8 +2,8 @@ server:
     version: ""
     nsid: ""
     rundir: "/run/knot"
-    listen: [ "::@53", "0.0.0.0@53", "/run/knot/dns.sock" ]
-    listen-quic: [ "::@853", "0.0.0.0@853" ]
+    listen: [ "::@42053", "0.0.0.0@42053" ] #, "/run/knot/dns.sock" ]
+    listen-quic: [ "::@42853", "0.0.0.0@42853" ]
     automatic-acl: "on"
 
 log:
@@ -17,7 +17,7 @@ database:
 
 remote:
   - id: "primary"
-    address: [ "10.5.0.51@853" ]
+    address: [ "10.5.0.51@42853" ]
     quic: on
     cert-key: "0000000000000000000000000000000000000000000=" # will be replaced by setup-xoq.sh
 
diff --git a/conf/knot.conf b/conf/knot.conf
index a838792..5843fab 100644
--- a/conf/knot.conf
+++ b/conf/knot.conf
@@ -2,8 +2,8 @@ server:
     version: ""
     nsid: ""
     rundir: "/run/knot"
-    listen: [ "::@53", "0.0.0.0@53", "/run/knot/dns.sock" ]
-    listen-quic: [ "::@853", "0.0.0.0@853" ]
+    listen: [ "::@42053", "0.0.0.0@42053" ] #, "/run/knot/dns.sock" ]
+    listen-quic: [ "::@42853", "0.0.0.0@42853" ]
     automatic-acl: "on"
 
 log:
@@ -26,7 +26,7 @@ policy:
 
 remote:
   - id: "secondary"
-    address: [ "10.5.0.52@853" ]
+    address: [ "10.5.0.52@42853" ]
     quic: on
     cert-key: "1111111111111111111111111111111111111111111=" # will be replaced by setup-xoq.sh
 
diff --git a/cronie.Containerfile b/cronie.Containerfile
index ed55ec1..d0d55aa 100644
--- a/cronie.Containerfile
+++ b/cronie.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-php
+FROM a.invalid/servnest/php
 USER root
 RUN apk add cronie moreutils
 CMD ["crond", "-n", "-s"]
diff --git a/knot.Containerfile b/knot.Containerfile
index 4ef8f7c..d5aa207 100644
--- a/knot.Containerfile
+++ b/knot.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add knot knot-utils
 USER knot
 CMD ["knotd", "--confdb", "/var/lib/knot/confdb/"]
diff --git a/nginx.Containerfile b/nginx.Containerfile
index 2d3d395..f43b9ec 100644
--- a/nginx.Containerfile
+++ b/nginx.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add nginx nginx-mod-http-headers-more openssl
 RUN openssl req -quiet -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt \
 	&& openssl req -quiet -subj '/CN=servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.test.key -out /etc/ssl/certs/servnest.test.crt \
diff --git a/php.Containerfile b/php.Containerfile
index 31cc4e6..9f618c7 100644
--- a/php.Containerfile
+++ b/php.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add \
 	php83 \
 	php83-fpm \
diff --git a/sftpgo.Containerfile b/sftpgo.Containerfile
index 1611089..dc2ba30 100644
--- a/sftpgo.Containerfile
+++ b/sftpgo.Containerfile
@@ -1,4 +1,4 @@
-FROM servnest-alpine AS builder
+FROM a.invalid/servnest/alpine AS builder
 RUN apk add go
 ARG SFTPGO
 ADD $SFTPGO /
@@ -8,7 +8,7 @@ RUN cp -r openapi ./internal/bundle/openapi && \
 	cp -r static ./internal/bundle/static
 RUN go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,nosqlite,noportable,nometrics,bundle -o /usr/local/bin/sftpgo && strip /usr/local/bin/sftpgo
 
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add openssh-keygen bash
 RUN mkdir /etc/sftpgo/ && ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
 RUN touch /etc/sftpgo/banner.txt
diff --git a/tor.Containerfile b/tor.Containerfile
index aac960a..45b43b1 100644
--- a/tor.Containerfile
+++ b/tor.Containerfile
@@ -1,3 +1,3 @@
-FROM servnest-alpine
+FROM a.invalid/servnest/alpine
 RUN apk add tor
 CMD ["tor", "--hush"]