{"id":20165006,"url":"https://github.com/openscript-ch/services","last_synced_at":"2026-03-04T21:03:08.720Z","repository":{"id":104435080,"uuid":"484742212","full_name":"openscript-ch/services","owner":"openscript-ch","description":"Umbrella ☂️ project for the services we use.","archived":false,"fork":false,"pushed_at":"2022-04-23T16:16:35.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-03T03:22:55.449Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openscript-ch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-23T12:33:12.000Z","updated_at":"2022-04-23T12:33:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"650b0546-b6ef-4d49-a6d6-058e927065b3","html_url":"https://github.com/openscript-ch/services","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/openscript-ch/services","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscript-ch%2Fservices","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscript-ch%2Fservices/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscript-ch%2Fservices/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscript-ch%2Fservices/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openscript-ch","download_url":"https://codeload.github.com/openscript-ch/services/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscript-ch%2Fservices/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30092883,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T20:42:30.420Z","status":"ssl_error","status_checked_at":"2026-03-04T20:42:30.057Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T00:36:23.966Z","updated_at":"2026-03-04T21:03:08.626Z","avatar_url":"https://github.com/openscript-ch.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Services\n\nThis is an umbrella ☂️ project for the services we use as our infrastructure. All services are living inside Docker containers.\n\n- [Development operations](https://github.com/openscript-ch/devops-services/)\n- [Identity and Access Management](https://github.com/openscript-ch/iam-services)\n- [Learning management system](https://github.com/openscript-ch/lms-services/)\n\n## Host set up\n\nA host is set up as follows. The cloud init script does the same.\n\n### Environment\n\nThese steps describe how to set up the system environment on Ubuntu 20.04 LTS on ARM or x86_64:\n\n1. Install updates\n\n   ```bash\n   apt update \u0026\u0026 apt upgrade\n   ```\n\n1. Install Docker dependencies\n\n   ```bash\n   apt install apt-transport-https ca-certificates curl gnupg lsb-release\n   ```\n\n1. Import Dockers GPG key\n\n   ```bash\n   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg\n   ```\n\n1. Add Dockers apt repository\n   - On x86_64\n\n     ```bash\n     echo \"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" | tee /etc/apt/sources.list.d/docker.list \u003e /dev/null\n     ```\n\n   - On ARM\n\n     ```bash\n     echo \"deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" | tee /etc/apt/sources.list.d/docker.list \u003e /dev/null\n     ```\n\n1. Install Docker\n\n   ```bash\n   apt update \u0026\u0026 apt install docker-ce docker-ce-cli containerd.io\n   ```\n\n1. Create directory for Docker cli plugins\n\n   ```bash\n   mkdir -p /usr/local/lib/docker/cli-plugins\n   ```\n\n1. Download `docker-compose` executable\n   - On x86_64\n\n     ```bash\n     curl -SL https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose\n     ```\n\n   - On ARM\n\n     ```bash\n     curl -SL https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-aarch64 -o /usr/local/lib/docker/cli-plugins/docker-compose\n     ```\n\n1. Give executable permission to Docker Compose\n\n   ```bash\n   chmod +x /usr/local/lib/docker/cli-plugins/docker-compose\n   ```\n\n1. Validate the installation of Docker (\u003e= `20.10.14`)\n\n   ```bash\n   docker -v\n   ```\n\n1. Validate the installation of Docker Compose (\u003e= `2.4.1`)\n\n   ```bash\n   docker-compose -v\n   ```\n\nThe following sources were used:\n\n- [Documentation: Docker](https://docs.docker.com/engine/install/ubuntu/)\n- [Documentation: Docker Compose V2](https://docs.docker.com/compose/cli-command/#installing-compose-v2)\n\n### Application system\n\n1. Clone this repository into `/srv/lms-services`\n\n   ```bash\n   git clone https://github.com/openscript-ch/lms-services /srv/lms-services\n   ```\n\n1. Make sure that the DNS is routing all subdomains to the host where the individual services run on.\n\n   ```txt\n   *.lms 10800 IN CNAME lms.example.com.`\n   `lms 10800 IN A 999.999.999.999`\n   `lms 10800 IN AAAA xxxx:xxxx:xxxx:xxxx::1`\n   ```\n\n1. Replace all `example.com` with the domain where the application runs on.\n\n   ```bash\n   sed -i \"s/example.com/example.ch/g\" docker-compose.yml`\n   ```\n\n1. Change contact email for SSL certificates in `traefik.yml`\n1. Configure the environment variables\n\n### Deployment user\n\n1. Create `deploy` user with restricted shell (rbash)\n\n   ```bash\n   useradd --create-home --shell /bin/rbash deploy\n   ```\n\n1. Add authorized ssh key\n   1. Create `.ssh` directory\n\n      ```bash\n      mkdir /home/deploy/.ssh\n      ```\n\n   1. Add public key to `authorized_keys`\n\n      ```bash\n      echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeW1LxwN6nlJre3SkQgpe6e5t1NmjUe7apCSGJKG5xAkhIjSiNv+xt0q5IepTD7mfe6MAkTWx+z8Q0cBJD0SW04Ag2e1+GwUo6lotCavOKHFXkYYHq3FakV/JkXT3yuzROVqGWMZ0D8F0dZTsok66Ptg2ccXUU4y5em+ubxVo2/hzsU6yGFFQl5FMj444JqOqyGdFnB7vU0dbf7XSVbb4j+hoVYO+Y9ompgWOjjPFsXPkqamSgQDUe0x5vMkbNBnr9uGdB6nFZ5f55HIQUs9Qvd6jETzv6MWYuF0E0oHrh1Vy3Z27u8y2eob+o9H7CXUTw/UF8rH3wMadaP4vdCdBOk1Q82eMpZM8BdiiQoX30HU7KJgc/oW+nb9Aa6k3jV1YwnTj6s36nbOTuwuWZ1eu4ru1B6HtRpTGp+p9oL3DUhqs+VGtKU5mu5zCXRtn/xtHqJx2J7+dGKUVlYuHnHHS/f+JckJRbEgN/sK/BHlfgrRiQ+SLa9GhJm3rm2/2NBCM= deploy@openscript\" \u003e\u003e /home/deploy/.ssh/authorized_keys\n      ```\n\n   1. Set ownership\n\n      ```bash\n      chown -R deploy:deploy /home/deploy/.ssh\n      ```\n\n   1. Set permission for ssh directory\n\n      ```bash\n      chmod 700 /home/deploy/.ssh\n      ```\n\n   1. Set permission for `authorized_keys`\n\n      ```bash\n      chmod 600 /home/deploy/.ssh/authorized_keys\n      ```\n\n1. Allow to update Docker images\n   1. Create a `scripts` directory\n\n      ```bash\n      mkdir /home/deploy/scripts/\n      ```\n\n   1. Add the following script to `/home/deploy/scripts/update-docker.sh`\n\n      ```bash\n      #/bin/bash\n\n      cd /srv/lms-services\n      docker compose -f docker-compose.yml pull\n      docker compose -f docker-compose.yml up -d --remove-orphans\n      docker image prune -a -f\n      ```\n\n   1. Turn `update-docker.sh` into an executable\n\n      ```bash\n      chmod +x /home/deploy/scripts/update-docker.sh\n      ```\n\n   1. Create a symbolic link to `sudo`\n\n      ```bash\n      ln -s /usr/bin/sudo /home/deploy/scripts/sudo\n      ```\n\n   1. Allow deploy user to run `update-docker.sh` with `sudo` by adding to `/etc/sudoers`\n\n      ```txt\n      deploy ALL=NOPASSWD: /home/deploy/scripts/update-docker.sh\n      ```\n\n   1. Add `scripts` to the deploy users `PATH` by adding the following to `.bashrc`\n\n      ```bash\n      readonly PATH=$HOME/scripts\n      export PATH\n      ```\n\n   1. Change SSH SFTP to `internal-sftp` in `/etc/ssh/sshd_config` by setting `Subsystem\tsftp\tinternal-sftp` and reload with `systemctl reload sshd.service`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenscript-ch%2Fservices","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenscript-ch%2Fservices","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenscript-ch%2Fservices/lists"}