init

res/config.deploy.ini

@@ -0,0 +1,36 @@
+[global]
+
+# Persistent file for storage of times, in .json format.
+# Remove or leave empty for temporary (/tmp/ftracker-db.json) storage
+db_file = /var/ftracker/db.json
+
+# Delete all information after X days (e.g. for GDPR compliance)
+delete_after_days = 28
+
+# List of people to be allowed, in .csv format (comma, no delimiters)
+# Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail
+# Remove or leave empty for no check
+name_file =
+
+
+# Username and password for data retrieval
+admin_user = admin
+admin_pass = topSecret
+
+
+# Link to a document with guidelines for entering
+guideline_url = https://youtu.be/oHg5SJYRHA0
+
+
+# JSON indentation for debugging
+json_indent = 4
+
+# VAPID credentials for push notifications
+# private key: base64url encoded public part of an EC-Prime256v1 keypair. See INSTALL.md
+# private key: base64url encoded private part of an EC-Prime256v1 keypair. See INSTALL.md
+# sender info: usually mailto link to responsible party to contact about issues
+push_public_key = abcdefghijklm_NOPQRSTUVWXYZ-0123456789abcdefghijklm_NOPQRSTUVWXYZ-0123456789abcdefghijklm_NOPQRSTUVWXYZ-0123456789
+push_private_key = abcdefghijklm_NOPQRSTUVWXYZ-0123456789
+push_sender_info = mailto:admin@example.com
+# when to notify users, in hours after arrival
+notify_after_hrs = 10

res/docker-entrypoint.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+echo " >>> Checking / Creating & patching VAPID creds <<< "
+
+VAPID_CREDS_FILE=/etc/ftracker/vapid-creds.json
+if [[ ! -f $VAPID_CREDS_FILE ]]
+then
+
+	echo "Generating keypair ..."
+
+	web-push generate-vapid-keys --json > $VAPID_CREDS_FILE
+
+	echo "Patching keypair into config ..."
+	PUB_KEY=`cat $VAPID_CREDS_FILE | jq -r .publicKey`
+	echo "pushServerPublicKey = ${PUB_KEY}" >> /var/www/html/ftracker/main.js
+
+	PRIV_KEY=`cat $VAPID_CREDS_FILE | jq -r .privateKey`
+	echo "push_private_key = ${PRIV_KEY}" >> /etc/ftracker/config.ini
+
+fi
+
+echo " >>> Starting nginx <<< "
+
+mkdir /run/nginx # needed because of bug in package
+/usr/sbin/nginx -t
+/usr/sbin/nginx
+
+echo " >>> Checking / Installing SSL certificate <<< "
+
+if [[ ${DOMAIN} ]]
+then
+	echo "Obtaining cert for '${DOMAIN}' ..."
+	echo "Registering with email '${LE_EMAIL}' ..."
+
+	certbot -n \
+		--nginx \
+		--keep-until-expiring \
+		--redirect \
+		--agree-tos \
+		--cert-name ${DOMAIN} \
+		-d ${DOMAIN} \
+		-m ${LE_EMAIL}
+
+	echo "Checked/Installed SSL certificate."
+fi
+
+echo " >>> Starting uwsgi <<< "
+
+exec /usr/sbin/uwsgi --ini /root/ftracker/res/ftracker.alpine.uwsgi.ini

res/ftracker.alpine.uwsgi.ini

@@ -0,0 +1,12 @@
+[uwsgi]
+plugin = python3
+module = ftracker:app
+socket = /tmp/ftracker.sock
+manage-script-name = true
+master = true
+
+uid = nginx
+gid = nginx
+
+proesses = 1
+threads = 1

res/ftracker.debian.uwsgi.ini

@@ -0,0 +1,12 @@
+[uwsgi]
+plugin = python3
+module = ftracker:app
+socket = /tmp/ftracker.sock
+manage-script-name = true
+master = true
+
+uid = www-data
+gid = www-data
+
+proesses = 1
+threads = 1

res/ftracker.freebsd.uwsgi.ini

@@ -0,0 +1,11 @@
+[uwsgi]
+module = ftracker:app
+socket = /tmp/ftracker.sock
+manage-script-name = true
+master = true
+
+uid = www
+gid = www
+
+proesses = 1
+threads = 1

res/ftracker.nginx.conf

@@ -0,0 +1,38 @@
+server {
+	server_name ftracker.fasttube.de;
+
+	listen 443 ssl;
+
+	root /root/ftracker/web;
+
+	index index.html index.htm;
+
+	location / {
+		# First attempt to serve request as file
+		# If no such file, pass to backend
+		try_files $uri $uri/ $uri.html @api;
+	}
+
+	location @api {
+		include uwsgi_params;
+		# Pass it to the uwsgi server
+		uwsgi_pass unix:///tmp/ftracker.sock;
+	}
+
+	# RIP
+	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+
+	ssl_certificate /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/privkey.pem;
+
+}
+
+server {
+	server_name ftracker.fasttube.de;
+
+	listen 80;
+
+	# 308 instead of 301 to prohibit method change on redirect
+	# (some clients change POST to GET on 301, 308 does not allow that)
+	return 308 https://$host$request_uri;
+}

res/ftracker.nossl.nginx.conf

@@ -0,0 +1,24 @@
+server {
+
+	listen 80 default_server;
+
+	root /var/www/html/ftracker;
+
+	index index.html index.htm;
+
+	location / {
+		# First attempt to serve request as file
+		# If no such file, pass to backend
+		try_files $uri $uri/ $uri.html @api;
+	}
+
+	location @api {
+		include uwsgi_params;
+		# Pass it to the uwsgi server
+		uwsgi_pass unix:///tmp/ftracker.sock;
+	}
+
+	# RIP
+	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+
+}

res/ftracker.rc

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# PROVIDE: ftracker
+# REQUIRE: LOGIN DAEMON NETWORKING
+# KEYWORD: fasttube corona tracker
+
+# Enable this script by adding:
+# ftracker_enable="YES"
+# ... to /etc/rc.conf
+
+. /etc/rc.subr
+
+name="ftracker"
+rcvar="ftracker_enable"
+
+pidfile="/var/run/${name}.pid"
+logfile="/var/log/${name}.log"
+configfile="/root/ftracker/res/ftracker.uwsgi.ini"
+
+command="/usr/local/bin/uwsgi";
+command_args="--ini ${configfile} --daemonize ${logfile} --pidfile ${pidfile}"
+
+sig_stop="INT"
+sig_reload="TERM"
+
+load_rc_config $name
+run_rc_command "$1"

res/ftracker.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=FaSTTUBe Corona Tracker
+After=syslog.target network.target nginx.service
+
+# Configuration mostly stolen from from uwsgi docs
+[Service]
+User=www-data
+ExecStart=/usr/bin/uwsgi --ini /root/ftracker/res/ftracker.uwsgi.ini
+RuntimeDirectory=uwsgi
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target