feat(Matomo): Add service

see: https://github.com/docker/compose/issues/11628

README.md

@@ -9,20 +9,29 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien
 - [Directus](./directus) : Permet d'administrer une base de données
 - [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
 - [Matomo](./matomo) : Logiciel libre et open source de mesure de statistiques web
+- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
 - [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
 - [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
+- [signaturepdf](./signaturepdf) : Logiciel WEB libre permettant de modifier un fichier PDF facilement
+- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
+- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
+- [Vikunja](./vikunja) : L'application pour organiser sa vie
 
 ### Pour les devs / ops
 
+- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
 - [Drone](./drone) : Un service d'intégration continue
-- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
+- [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
+- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
 - [Grafana](./grafana) : Un outil de supervision simple et élégant
 - [MariaDB](./mariadb) : MariaDB est un système de gestion de base de données, un fork communautaire de MySQL
+- [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification
 - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
 - [Prometheus](./prometheus) : Un logiciel de surveillance informatique
 - [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
 - [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
 - [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
+- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
 - [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
 
 ## Comment ça marche ?

clickhouse/.env

@@ -0,0 +1,3 @@
+#CLICKHOUSE_VOLUME_NAME=
+#CLICKHOUSE_CONTAINER_NAME=
+#CLICKHOUSE_IMAGE=

clickhouse/README.md

@@ -0,0 +1,16 @@
+# ClickHouse
+
+> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
+>
+> <cite>[Wikipédia][wikipedia]</cite>
+
+## Liens
+
+- [Site Officiel][site]
+- [Code source][source]
+- [Docker Hub][dockerhub]
+
+[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
+[site]: https://clickhouse.com/
+[source]: https://github.com/ClickHouse/ClickHouse
+[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server

clickhouse/docker-compose.yml

@@ -0,0 +1,19 @@
+---
+
+volumes:
+  clickhouse:
+    name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
+
+services:
+  clickhouse:
+    container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
+    image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
+    restart: always
+    volumes:
+      - clickhouse:/var/lib/clickhouse
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ulimits:
+      nofile:
+        soft: 262144
+        hard: 262144

directus/.env

@@ -44,7 +44,9 @@ POSTGRES_VOLUME_NAME=directus-postgres
 #######
 # REDIS
 
+#REDIS_IMAGE=
 #REDIS_CONTAINER_NAME=
+#REDIS_VOLUME_NAME=
 
 #########
 # TRAEFIK

directus/README.md

@@ -6,6 +6,8 @@
 
 [De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
 
+- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
+
 ## Liens
 
 - [Site officiel][website]

directus/docker-compose.redis.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   directus:
     environment:

directus/docker-compose.smtp.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   directus:
     environment:

directus/docker-compose.traefik.yml

@@ -1,10 +1,9 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   directus:

directus/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   directus:
     name: ${DIRECTUS_VOLUME_NAME:-directus}
@@ -9,12 +7,10 @@ volumes:
 services:
   directus:
     container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
-    image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
+    image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
     restart: always
     volumes:
       - directus:/directus/uploads
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
     depends_on:
       - postgres
       - redis
@@ -22,10 +18,13 @@ services:
       KEY: ${DIRECTUS_KEY:?err}
       SECRET: ${DIRECTUS_SECRET:?err}
       TELEMETRY: false
+      ACCEPT_TERMS: ${DIRECTUS_ACCEPT_TERMS:-true}
 
       ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
       ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
       PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
+      CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
+      CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
 
       DB_CLIENT: 'pg'
       DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
@@ -34,5 +33,7 @@ services:
       DB_USER: ${POSTGRES_USER:?err}
       DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
 
+      TZ: ${TZ:-Europe/Paris}
+
       PUID: ${DIRECTUS_PUID:-1000}
       PGID: ${DIRECTUS_PGID:-1000}

drone/runner/docker-compose.dashboard.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/configuration/dashboard/
 
 services:

drone/runner/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   drone-runner:
     ports:

drone/runner/docker-compose.logging.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/configuration/logging/
 
 services:

drone/runner/docker-compose.traefik.yml

@@ -1,10 +1,9 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}
+    external: true
 
 services:
   drone-runner:

drone/runner/docker-compose.yml

@@ -1,13 +1,11 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/runner/docker/installation/linux/
 
 services:
   drone-runner:
     container_name: ${DRONE_RUNNER_CONTAINER_NAME}
-    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
+    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
     restart: always
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

drone/server/README.md

@@ -33,9 +33,10 @@ Il faut ajouter les utilisateurs non admin :
 ```
 drone user add kosssi
 drone user add killian
+export PROMETHEUS_TOKEN=`openssl rand -hex 16`
 drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
 ```
 
 En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
 
-[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)
+[Documentation officielle](https://docs.drone.io/server/user/machine/#create-accounts) [cli](https://docs.drone.io/cli/user/drone-user-add/)

drone/server/docker-compose.cookie.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/cookie/
 
 services:

drone/server/docker-compose.gitea.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/provider/gitea/
 
 services:

drone/server/docker-compose.header.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/headers/
 
 services:

drone/server/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   drone-server:
     ports:

drone/server/docker-compose.logging.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/logging/
 
 services:

drone/server/docker-compose.postgres.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/storage/database/
 # https://docs.drone.io/server/storage/encryption/
 

drone/server/docker-compose.traefik.yml

@@ -1,10 +1,9 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}
+    external: true
 
 services:
   drone-server:

drone/server/docker-compose.user.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 # https://docs.drone.io/server/user/registration/
 
 services:

drone/server/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   drone-server:
     name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
@@ -9,7 +7,7 @@ volumes:
 services:
   drone-server:
     container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
-    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
+    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
     restart: always
     environment:
       # https://docs.drone.io/server/reference/drone-rpc-secret/

geoip/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   geoip:
     name: ${GEOIP_VOLUME_NAME:-geoip}

geoipupdate/.env

@@ -0,0 +1,10 @@
+#GEOIPUPDATE_VOLUME_NAME=
+#GEOIPUPDATE_IMAGE=
+#GEOIPUPDATE_CONTAINER_NAME=
+
+GEOIPUPDATE_ACCOUNT_ID=<change-me>
+GEOIPUPDATE_LICENSE_KEY=<change-me>
+#GEOIPUPDATE_EDITION_IDS=
+#GEOIPUPDATE_FREQUENCY=
+#GEOIPUPDATE_VERBOSE=
+#GEOIPUPDATE_DB_DIR=

geoipupdate/README.md

@@ -0,0 +1,14 @@
+# HedgeDoc
+
+>  Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
+
+## Liens
+
+- [Site officiel][website]
+- [Github][github]
+- [L'image Docker de LinuxServer][docker]
+
+[website]: https://www.maxmind.com/en/home
+[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
+[github]: https://github.com/maxmind/geoipupdate
+[documentation]: https://dev.maxmind.com/geoip/updating-databases

geoipupdate/docker-compose.yml

@@ -0,0 +1,20 @@
+---
+
+volumes:
+  geoipupdate:
+    name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
+
+services:
+  geoipupdate:
+    image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
+    container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
+    restart: always
+    volumes:
+      - geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
+    environment:
+      GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
+      GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
+      GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
+      GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
+      GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
+      GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}

gitea/.env

@@ -1,26 +1,34 @@
-COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml
+########
+# DOCKER
 
-# APP
+SERVICES_DIR=".."
+COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
+COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
 
-GITEA_VOLUME_NAME=gitea
+#######
-GITEA_PROTOCOL=http
+# GITEA
-GITEA_DOMAIN=gitea.lan
-
-# APP CONFIG
 # https://docs.gitea.io/en-us/install-with-docker/#environments-variables
 
-DISABLE_SSH=true
+GITEA_DOMAIN=gitea.lan
-RUN_MODE=prod
+GITEA_VOLUME_NAME=gitea
-ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN}
+GITEA_IMAGE=gitea/gitea:1.18.4
-DISABLE_REGISTRATION=true
+GITEA_PROTOCOL=http
-DISABLE_GRAVATAR=true
+GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
-#INSTALL_LOCK=true
+GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
+
+# SMTP
+
+GITEA__mailer__FROM='"Name" <email@example.com>'
+GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
+GITEA__mailer__SMTP_PORT=465
+GITEA__mailer__USER=gitea.lan
+GITEA__mailer__PASSWD=gitea.lan
 
 # DATABASE
-# Voir la description ../postgres/README.md
 
 POSTGRES_USER=user-example
 POSTGRES_PASSWORD=password-example
 POSTGRES_DB=postgres-database-name-example
 POSTGRES_CONTAINER_NAME=gitea-postgres
 POSTGRES_VOLUME_NAME=gitea-postgres
+POSTGRES_IMAGE=postgres:15.2-alpine

gitea/docker-compose.metrics.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   gitea:

gitea/docker-compose.override.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   gitea:

gitea/docker-compose.postgres.yml

@@ -0,0 +1,12 @@
+---
+
+services:
+  gitea:
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
+      - GITEA__database__NAME=${POSTGRES_DB}
+      - GITEA__database__USER=${POSTGRES_USER}
+      - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
+    depends_on:
+      - postgres

gitea/docker-compose.smtp.yml

@@ -1,12 +1,14 @@
-version: "3.8"
+---
 
 services:
   gitea:
     environment:
       - GITEA__mailer__ENABLED=true
-      - GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
+      - GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
-      - GITEA__mailer__MAILER_TYPE=smtp
+      - GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
-      - GITEA__mailer__HOST=${GITEA__mailer__HOST:?GITEA__mailer__HOST not set}
+      - GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
-      - GITEA__mailer__IS_TLS_ENABLED=true
+
       - GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
       - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
+
+      - GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}

gitea/docker-compose.traefik.yml

@@ -1,16 +1,15 @@
-version: "3.8"
+---
 
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   gitea:
     labels:
-      traefik.enable: 'true'
+      - traefik.enable=true
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
-      traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)'
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
-      traefik.http.routers.gitea.entrypoints: 'web'
+      - traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
-
-      traefik.http.services.gitea.loadbalancer.server.port: '3000'

gitea/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   gitea:
@@ -7,19 +7,17 @@ volumes:
 services:
   gitea:
     container_name: ${GITEA_CONTAINER_NAME:-gitea}
-    image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a}
+    image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
     restart: always
     environment:
-      # - USER_UID=1000
+      - USER_UID=${GITEA_UID:-1000}
-      # - USER_GID=1000
+      - USER_GID=${GITEA_GID:-1000}
-      DB_TYPE: postgres
+      # Security
-      DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
+      # docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
-      DB_NAME: ${POSTGRES_DB}
+      - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
-      DB_USER: ${POSTGRES_USER}
+      # docker run -it --rm  gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
-      DB_PASSWD: ${POSTGRES_PASSWORD}
+      - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
     volumes:
       - gitea:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - postgres

grafana/.env

@@ -34,6 +34,10 @@ GF_INSTALL_PLUGINS=grafana-piechart-panel
 #######
 # REDIS
 
+#REDIS_IMAGE=
+#REDIS_CONTAINER_NAME=
+#REDIS_VOLUME_NAME=
+
 #GF_REMOTE_CACHE_CONNSTR=
 
 #########

grafana/docker-compose.postgres.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.redis.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.smtp.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   grafana:

grafana/docker-compose.traefik.yml

@@ -1,8 +1,9 @@
-version: "3.8"
+---
 
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   grafana:

grafana/docker-compose.yml

@@ -1,5 +1,4 @@
 ---
-version: "3.8"
 
 volumes:
   grafana:
@@ -8,7 +7,7 @@ volumes:
 services:
   grafana:
     container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
-    image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48}
+    image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
     restart: always
     volumes:
       - grafana:/var/lib/grafana

hedgedoc/docker-compose.traefik.yml

@@ -1,8 +1,9 @@
-version: "3.8"
+---
 
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   hedgedoc:

hedgedoc/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   hedgedoc:
@@ -7,12 +7,12 @@ volumes:
 services:
   hedgedoc:
     container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
-    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f}
+    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
     restart: always
     depends_on:
       - postgres
     volumes:
-      - hedgedoc:/opt/hedgedoc/public/uploads
+      - hedgedoc:/config/uploads
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     environment:

listmonk/.env

@@ -0,0 +1,26 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+## APP
+
+LISTMONK_DOMAIN=localhost
+LISTMONK_ADMIN_USERNAME=
+LISTMONK_ADMIN_PASSWORD=
+#LISTMONK_CONTAINER_NAME=listmonk
+#LISTMONK_VOLUME_NAME=listmonk
+#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
+
+## POSTGRES
+
+#POSTGRES_VOLUME_NAME=
+#POSTGRES_CONTAINER_NAME=
+#POSTGRES_IMAGE=
+POSTGRES_USER=listmonk
+POSTGRES_PASSWORD=listmonk
+POSTGRES_DB=listmonk

listmonk/README.md

@@ -0,0 +1,37 @@
+# listmonk
+
+> Gestionnaire de listes de diffusion et de newsletter
+
+## Documentation
+
+listmonk ne gère actuellement pas le multicompte.
+
+Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
+
+```
+command: [sh, -c, "./listmonk --config ''"]
+```
+
+Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
+
+```
+command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
+```
+
+Pour faire les mise à jour et ainsi migrer la base de donnée :
+
+```
+command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
+```
+
+## Liens
+
+- [Site Officiel][site]
+- [Documentation][documentation]
+- [Code source][source]
+- [Docker Hub][dockerhub]
+
+[site]: https://listmonk.app/
+[source]: https://github.com/knadh/listmonk
+[documentation]: https://listmonk.app/docs/
+[dockerhub]: https://hub.docker.com/r/listmonk/listmonk

listmonk/docker-compose.yml

@@ -0,0 +1,41 @@
+---
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
+
+volumes:
+  listmonk:
+    name: ${LISTMONK_VOLUME_NAME:-listmonk}
+
+services:
+  listmonk:
+    container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
+    image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
+    restart: always
+    #command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
+    #command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
+    command: [sh, -c, "./listmonk --config ''"]
+    depends_on:
+      - postgres
+    environment:
+      LISTMONK_app__address: 0.0.0.0:9000
+      LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
+      LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
+      LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
+      LISTMONK_db__port: 5432
+      LISTMONK_db__user: ${POSTGRES_USER:?err}
+      LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
+      LISTMONK_db__database: ${POSTGRES_DB:?err}
+      LISTMONK_db__ssl_mode: disable
+      TZ: Europe/Paris
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - listmonk:/listmonk/uploads
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

lldap/.env

@@ -0,0 +1,50 @@
+########
+# DOCKER
+
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+#######
+# LLDAP
+
+SERVICE_DOMAIN=lldap.cool.life
+LLDAP_VOLUME_NAME=lldap_cool_life
+LLDAP_CONTAINER_NAME=lldap_cool_life
+LLDAP_IMAGE=nitnelave/lldap:v0.4.3
+
+LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
+LLDAP_VERBOSE=true
+
+LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
+LLDAP_LDAP_USER_DN="myuser"
+LLDAP_LDAP_USER_EMAIL="admin@cool.life"
+LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
+
+# LLDAP_TEST_EMAIL_TO=
+# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
+# LLDAP_SMTP_OPTIONS__SERVER=
+# LLDAP_SMTP_OPTIONS__PORT=
+# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
+# LLDAP_SMTP_OPTIONS__USER=
+# LLDAP_SMTP_OPTIONS__PASSWORD=
+# LLDAP_SMTP_OPTIONS__FROM=
+# LLDAP_SMTP_OPTIONS__REPLY_TO=
+
+
+##########
+# POSTGRES
+
+POSTGRES_USER=user-example
+POSTGRES_PASSWORD=password-example
+POSTGRES_DB=postgres-database-name-example
+POSTGRES_CONTAINER_NAME=lldap-postgres
+POSTGRES_VOLUME_NAME=lldap-postgres
+#POSTGRES_IMAGE=
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=

lldap/README.md

@@ -0,0 +1,27 @@
+# LLDAP
+
+> Implémentation légère de LDAP pour l'authentification :
+> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
+
+## Documentation
+
+- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
+- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
+- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
+- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
+
+## Configuration
+
+La configuration a été séparée en 5 fichiers :
+
+- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
+- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik
+- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP
+- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres
+- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik
+
+## Liens
+
+- [Code source](https://github.com/lldap/lldap)
+- [Docker Hub](https://hub.docker.com/r/nitnelave/lldap)
+- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml)

lldap/docker-compose.local.yml

@@ -0,0 +1,11 @@
+---
+
+services:
+  lldap:
+    ports:
+      # For LDAP
+      - "3890:3890"
+      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
+      - "6360:6360"
+      # For the web front-end
+      - "17170:17170"

lldap/docker-compose.postgres.yml

@@ -0,0 +1,6 @@
+---
+
+services:
+  lldap:
+    environment:
+      - LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}

lldap/docker-compose.smtp.yml

@@ -0,0 +1,14 @@
+---
+
+services:
+  lldap:
+    environment:
+      - LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
+      - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
+      - LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
+      - LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
+      - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
+      - LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
+      - LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
+      - LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
+      - LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}

lldap/docker-compose.traefik.yml

@@ -0,0 +1,22 @@
+---
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
+
+services:
+  lldap:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      # - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
+      - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
+      - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
+
+      # https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
+      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
+      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      # - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

lldap/docker-compose.yml

@@ -0,0 +1,24 @@
+---
+
+volumes:
+  lldap:
+    name: ${LLDAP_VOLUME_NAME:-lldap}
+
+services:
+  lldap:
+    container_name: ${LLDAP_CONTAINER_NAME:-lldap}
+    image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3}
+    restart: always
+    volumes:
+      - "lldap:/data"
+    environment:
+      - TZ=${TIMEZONE:-Europe/Paris}
+      - LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
+
+      - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
+      - LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
+
+      - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
+      - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
+      - LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
+      - LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}

matomo/.env

@@ -4,32 +4,28 @@
 #DOCKER_CONTEXT=
 #DOCKER_HOST=
 SERVICES_DIR=..
-COMPOSE_FILE=${SERVICES_DIR}/matomo/docker-compose.yml:${SERVICES_DIR}/matomo/docker-compose.local.yml:${SERVICES_DIR}/mariadb/docker-compose.yml
+COMPOSE_FILE=${SERVICES_DIR}/matomo/docker-compose.yml:${SERVICES_DIR}/matomo/docker-compose.local.yml
 #COMPOSE_PROJECT_NAME=
 
 ## APP
 
-#MATOMO_DOMAIN=matomo.cool.life
+MATOMO_DOMAIN=localhost
-#MATOMO_CONTAINER_NAME=
+#MATOMO_CONTAINER_NAME=matomo
-#MATOMO_VOLUME_NAME=
+#MATOMO_VOLUME_NAME=matomo
-#MATOMO_IMAGE=
+#MATOMO_IMAGE=matomo:4.1.1-apache
-#PHP_MEMORY_LIMIT=
 
-##########
+## MARIADB
-# MARIADB
 
-#MARIADB_CONTAINER_NAME=
 #MARIADB_VOLUME_NAME=
+#MARIADB_CONTAINER_NAME=
 #MARIADB_IMAGE=
-MARIADB_ROOT_PASSWORD=replace-me
 MARIADB_USER=user-example
+MARIADB_ROOT_PASSWORD=password-example
 MARIADB_PASSWORD=password-example
-MARIADB_DATABASE=mariadb-database-name-example
+MARIADB_DB=matomo_dev
-MARIADB_COMMAND=--max-allowed-packet=64MB
 
-#########
+## TRAEFIK
-# TRAEFIK
 
 #TRAEFIK_NETWORK_NAME=
-#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ROUTER_NAME=
 #TRAEFIK_ENTRYPOINTS=

matomo/README.md

@@ -1,22 +1,15 @@
 # Matomo
 
-> Matomo, anciennement Piwik, est un logiciel libre et open source de mesure de statistiques web, conçu pour être une alternative libre à Google Analytics.
+> Matomo est une plateforme d'analyse Web complète et open source.
->
-> <cite>[Wikipédia][wikipedia]</cite>
-
-## Commande
-
-```
-docker compose exec --user www-data matomo-fpm php console
-```
 
 ## Liens
 
 - [Site Officiel][site]
+- [Documentation][documentation]
 - [Code source][source]
 - [Docker Hub][dockerhub]
 
-[wikipedia]: https://fr.wikipedia.org/wiki/Matomo_(logiciel)
+[site]: https://matomo.org/
-[site]: https://fr.matomo.org/
 [source]: https://github.com/matomo-org/matomo
+[documentation]: https://matomo.org/faq/reports/tour-of-matomo-overview-of-the-reporting-interface/
 [dockerhub]: https://hub.docker.com/_/matomo/

matomo/docker-compose.local.yml

@@ -1,6 +1,6 @@
-version: "3.8"
+---
 
 services:
-  matomo-web:
+  matomo:
     ports:
-      - ${LOCAL_PORT:-80}:80
+      - ${LOCAL_PORT:-8080}:80

matomo/docker-compose.traefik.yml

@@ -1,13 +1,12 @@
-version: "3.8"
+---
 
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
-  matomo-web:
+  matomo:
-    environment:
-      TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}

matomo/docker-compose.yml

@@ -1,42 +1,48 @@
-version: "3.8"
+---
-
-volumes:
-  matomo:
-    name: ${MATOMO_VOLUME_NAME:-matomo}
 
 services:
-  matomo-fpm:
+  db:
-    container_name: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
+    image: mariadb:lts
-    image: ${MATOMO_IMAGE:-matomo:4.7.1-fpm-alpine}
+    container_name: ${MARIADB_CONTAINER_NAME:-mariadb}
+    image: ${MARIADB_IMAGE:-mariadb:lts}
+    command: --max-allowed-packet=64MB
     restart: always
-    environment:
-      MATOMO_DATABASE_HOST: ${MARIADB_CONTAINER_NAME:-mariadb}
-      MATOMO_DATABASE_ADAPTER: mysql
-      MATOMO_DATABASE_TABLES_PREFIX: matomo_
-      MATOMO_DATABASE_USERNAME: ${MARIADB_USER:?err}
-      MATOMO_DATABASE_PASSWORD: ${MARIADB_PASSWORD:?err}
-      MATOMO_DATABASE_DBNAME: ${MARIADB_DATABASE:?err}
-      PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-256M}
-      PUID: ${MATOMO_PUID:-1000}
-      PGID: ${MATOMO_PGID:-1000}
-    depends_on:
-      - mariadb
     volumes:
-      - matomo:/var/www/html
+      - db:/var/lib/mysql:Z
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    environment:
+      - MARIADB_AUTO_UPGRADE=1
+      - MARIADB_DATABASE=matomo
+      - MARIADB_DISABLE_UPGRADE_BACKUP=1
+      - MARIADB_INITDB_SKIP_TZINFO=1
+      - MARIADB_PASSWORD=${MARIADB_PASSWORD:?err}
+      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD:?err}
+      - MARIADB_USER=matomo
 
-  matomo-web:
+  app:
-    container_name: ${MATOMO_CONTAINER_NAME:-matomo}-web
+    container_name: ${MATOMO_CONTAINER_NAME:-matomo}
-    build: web
+    image: ${MATOMO_IMAGE:-matomo:4.1.1-apache}
     restart: always
-    environment:
-      MATOMO_FPM_CONTAINER_NAME: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
-      PUID: ${MATOMO_PUID:-1000}
-      PGID: ${MATOMO_PGID:-1000}
-    depends_on:
-      - matomo-fpm
     volumes:
-      - matomo:/var/www/html
+#     - ./config:/var/www/html/config:z
+#     - ./logs:/var/www/html/logs:z
+      - matomo:/var/www/html:z
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      - db
+    environment:
+      - MATOMO_DATABASE_ADAPTER=mysql
+      - MATOMO_DATABASE_DBNAME=matomo
+      - MATOMO_DATABASE_HOST=db
+      - MATOMO_DATABASE_PASSWORD=${MARIADB_PASSWORD:?err}
+      - MATOMO_DATABASE_TABLES_PREFIX=matomo_
+      - MATOMO_DATABASE_USERNAME=matomo
+    ports:
+      - 8080:80
+
+volumes:
+  db:
+  matomo:
+    name: ${MATOMO_VOLUME_NAME:-matomo}

matomo/web/Dockerfile

@@ -1,3 +0,0 @@
-FROM nginx:1.21.6-alpine
-
-COPY matomo.conf.template /etc/nginx/templates/default.conf.template

matomo/web/matomo.conf.template

@@ -1,70 +0,0 @@
-upstream php-handler {
-    server ${MATOMO_FPM_CONTAINER_NAME}:9000;
-}
-
-server {
-	listen 80;
-	server_name ${MATOMO_DOMAIN}
-
-	add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
-	add_header X-Content-Type-Options "nosniff" always;
-	add_header X-XSS-Protection "1; mode=block" always;
-	root /var/www/html; # replace with path to your matomo instance
-	index index.php;
-	try_files $uri $uri/ =404;
-
-	## only allow accessing the following php files
-	location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
-		# regex to split $uri to $fastcgi_script_name and $fastcgi_path
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
-		# Check that the PHP script exists before passing it
-		try_files $fastcgi_script_name =404;
-
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		fastcgi_param PATH_INFO $fastcgi_path_info;
-		fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
-		fastcgi_pass php-handler;
-	}
-
-	## deny access to all other .php files
-	location ~* ^.+\.php$ {
-		deny all;
-		return 403;
-	}
-
-	## disable all access to the following directories
-	location ~ /(config|tmp|core|lang) {
-		deny all;
-		return 403; # replace with 404 to not show these directories exist
-	}
-	location ~ /\.ht {
-		deny all;
-		return 403;
-	}
-
-	location ~ js/container_.*_preview\.js$ {
-		expires off;
-		add_header Cache-Control 'private, no-cache, no-store';
-	}
-
-	location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
-		allow all;
-		## Cache images,CSS,JS and webfonts for an hour
-		## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
-		expires 1h;
-		add_header Pragma public;
-		add_header Cache-Control "public";
-	}
-
-	location ~ /(libs|vendor|plugins|misc/user) {
-		deny all;
-		return 403;
-	}
-
-	## properly display textfiles in root directory
-	location ~/(.*\.md|LEGALNOTICE|LICENSE) {
-		default_type text/plain;
-	}
-}

mobilizon/docker-compose.local.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 services:
   mobilizon:
     ports:

mobilizon/docker-compose.traefik.yml

@@ -1,10 +1,9 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   mobilizon:

mobilizon/docker-compose.yml

@@ -1,7 +1,5 @@
 ---
 
-version: "3.8"
-
 volumes:
   mobilizon:
     name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
@@ -9,7 +7,7 @@ volumes:
 services:
   mobilizon:
     container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
-    image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
+    image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
     restart: always
     depends_on:
       - postgres

nextcloud/.env

@@ -4,7 +4,7 @@
 #DOCKER_CONTEXT=
 #DOCKER_HOST=
 SERVICES_DIR=..
-COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
+COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
 #COMPOSE_PROJECT_NAME=
 
 ## APP
@@ -39,7 +39,9 @@ POSTGRES_VOLUME_NAME=nextcloud-postgres
 #######
 # REDIS
 
+#REDIS_IMAGE=
 REDIS_CONTAINER_NAME=nextcloud-redis
+#REDIS_VOLUME_NAME=
 
 #########
 # TRAEFIK

nextcloud/README.md

@@ -14,45 +14,78 @@ On peut trouver [la documentation ici][documentation] en anglais ou ici pour la
 
 ## Aide
 
-Exemple de commande :
+Commande pour se connecter à un serveur :
 
 ```sh
-docker exec --user www-data -it nextcloud bash
+. .env
+docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
+```
 
-docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys
+Pour mettre un site en maintenance :
+
+```sh
+. .env
+docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
 ```
 
 ## Configuration
 
-Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration.
+Il est possible de configurer certaines parties avec des variables d'environnement :
+- Soit les variables sont spécifique à l'image Docker 
+- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
 
-Voici les modifications que j'effectue :
+### Création d'un groupe
 
 ```
-docker-compose exec --user www-data nextcloud-fpm ash
+export NC_GROUP=com-en-aubrac
-vi config/config.php
+php occ group:add $NC_GROUP
-```
-Ajout de la configuration suivante :
-```
-  'default_language' => 'fr',
-  'default_locale' => 'fr_FR',
-  'default_phone_region' => 'FR',
-  'defaultapp' => 'files',
-  'preview_max_x' => 2048,
-  'preview_max_y' => 2048,
-  'jpeg_quality' => 60,
 ```
 
-Ajout de imagemagick :
+### Création d'un utilisateur
-```
-docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
-```
-
-ou
 
 ```
-ssh <server>
+# La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
-docker exec nextcloud-fpm apk add --no-cache imagemagick
+export OC_PASS=unmotdepasse!
+
+export NC_USER=simon
+export NC_NAME=Simon
+export NC_MAIL=simon@example.org
+export NC_QUOTA="180 GB"
+
+php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
+php occ user:setting $NC_USER settings email $NC_MAIL
+```
+
+### Quota
+
+Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
+
+```
+export NC_USER=simon
+export NC_QUOTA="10 GB"
+php occ user:setting $NC_USER files quota "$NC_QUOTA"
+```
+
+### imagemagick
+
+> Le module php-imagick n’a aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de l’installer.
+
+Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
+
+```
+. .env
+docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
+```
+
+## Application
+
+Suppression d'application :
+
+```
+php occ app:disable dashboard
+php occ app:disable photos
+php occ app:disable weather_status
+php occ app:disable user_status
 ```
 
 ## PHP-FPM: remédier à server reached pm.max_children

nextcloud/docker-compose.config.yml

@@ -0,0 +1,20 @@
+---
+
+services:
+  nextcloud-fpm:
+    environment:
+      &nextcloud-configuration
+      NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
+      NC_force_language: ${NC_force_language:-fr}
+      NC_default_locale: ${NC_default_locale:-fr_FR}
+      NC_force_locale: ${NC_force_locale:-fr_FR}
+      NC_default_language: ${NC_default_language:-fr}
+      NC_default_phone_region: ${NC_default_phone_region:-FR}
+      NC_defaultapp: ${NC_defaultapp:-files}
+      NC_preview_max_x: ${NC_preview_max_x:-2048}
+      NC_preview_max_y: ${NC_preview_max_y:-2048}
+      NC_jpeg_quality: ${NC_jpeg_quality:-60}
+
+  nextcloud-cron:
+    environment:
+      <<: *nextcloud-configuration

nextcloud/docker-compose.local.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 services:
   nextcloud-web:

nextcloud/docker-compose.postgres.yml

@@ -0,0 +1,16 @@
+---
+
+services:
+  nextcloud-fpm:
+    depends_on:
+      - postgres
+    environment:
+      &postgres-configuration
+      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+      POSTGRES_USER: ${POSTGRES_USER:?err}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
+      POSTGRES_DB: ${POSTGRES_DB:?err}
+
+  nextcloud-cron:
+    environment:
+      <<: *postgres-configuration

nextcloud/docker-compose.redis.yml

@@ -0,0 +1,13 @@
+---
+
+services:
+  nextcloud-fpm:
+    depends_on:
+      - redis
+    environment:
+      &redis-configuration
+      REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
+
+  nextcloud-cron:
+    environment:
+      <<: *redis-configuration

nextcloud/docker-compose.smtp.yml

@@ -1,13 +1,18 @@
-version: "3.8"
+---
 
 services:
   nextcloud-fpm:
     environment:
-      SMTP_HOST: ${SMTP_HOST?err} # The hostname of the SMTP server.
+      &smtp-configuration
-      SMTP_SECURE: ${SMTP_SECURE:-ssl} # Set to ssl to use SSL, or tls to use STARTTLS.
+      SMTP_HOST: ${SMTP_HOST:?err}
-      SMTP_PORT: ${SMTP_PORT:-465}
+      SMTP_SECURE: ${SMTP_SECURE:-}
+      SMTP_PORT: ${SMTP_PORT:-587}
       SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
-      SMTP_NAME: ${SMTP_NAME?err}
+      SMTP_NAME: ${SMTP_NAME:?err}
-      SMTP_PASSWORD: ${SMTP_PASSWORD?err}
+      SMTP_PASSWORD: ${SMTP_PASSWORD:?err}
-      MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
+      MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS:?err}
-      MAIL_DOMAIN: ${MAIL_DOMAIN}
+      MAIL_DOMAIN: ${MAIL_DOMAIN:?err}
+
+  nextcloud-cron:
+    environment:
+      <<: *smtp-configuration

nextcloud/docker-compose.traefik.yml

@@ -1,13 +1,15 @@
-version: "3.8"
+---
 
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
-  nextcloud-web:
+  nextcloud-fpm:
     environment:
       TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
+  nextcloud-web:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}

nextcloud/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   nextcloud:
@@ -7,32 +7,25 @@ volumes:
 services:
   nextcloud-fpm:
     container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
-    image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
+    image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
     restart: always
-    depends_on:
-      - postgres
-      - redis
     volumes:
       - nextcloud:/var/www/html
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     environment:
+      &fpm-configuration
       NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
       NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
       NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
       OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
       PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
-      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
-      POSTGRES_USER: ${POSTGRES_USER:?err}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
-      POSTGRES_DB: ${POSTGRES_DB:?err}
-      REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
       PUID: ${NEXTCLOUD_PUID:-1000}
       PGID: ${NEXTCLOUD_PGID:-1000}
 
   nextcloud-web:
     container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
-    build: web
+    build: ${SERVICES_DIR}/nextcloud/web
     restart: always
     environment:
       NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
@@ -46,15 +39,14 @@ services:
       - /etc/localtime:/etc/localtime:ro
 
   nextcloud-cron:
-    image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine}
+    image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
     container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
     restart: always
     depends_on:
       - nextcloud-web
     entrypoint: /cron.sh
     environment:
-      PUID: ${NEXTCLOUD_PUID:-1000}
+      <<: *fpm-configuration
-      PGID: ${NEXTCLOUD_PGID:-1000}
     volumes:
       - nextcloud:/var/www/html
       - /etc/timezone:/etc/timezone:ro

nextcloud/run

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-. $DIR/../help.sh
-. $DIR/../postgres/run --only-source
-
-nextcloud_help() {
-  echo "./run backup    : Lancement de la sauvegarde de Nextcloud"
-  echo "./run restore   : Restauration de la sauvegarde de Nextcloud"
-}
-
-nextcloud_backup() {
-  script_env
-  BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
-  BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
-  backup_folder_create
-
-  POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
-  docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
-  postgres_backup
-
-  docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
-  docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
-}
-
-nextcloud_restore() {
-  script_env
-
-  postgres_restore
-  docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
-}
-
-if [ $# -ge 1 ]; then
-  if [ "${1}" == "backup" ]; then
-    script_start
-    nextcloud_backup
-    script_end
-  elif [ "${1}" == "restore" ]; then
-    script_start
-    nextcloud_restore
-    script_end
-  elif [ "${1}" != "--only-source" ]; then
-    nextcloud_help
-  fi
-else
-  nextcloud_help
-fi

nextcloud/web/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginx:1.21.5-alpine
+FROM nginx:1.25.3-alpine
 
 COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template

nextcloud/web/nextcloud.conf.template

@@ -2,64 +2,32 @@ upstream php-handler {
     server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
 }
 
+# Set the `immutable` cache control options only for assets with a cache busting `v` argument
+map $arg_v $asset_immutable {
+    "" "";
+    default "immutable";
+}
+
 server {
     listen 80;
 
-    # Add headers to serve security related headers
+    # Path to the root of your installation
-    # Before enabling Strict-Transport-Security headers please read into this
+    root /var/www/html;
-    # topic first.
+
-    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    # Prevent nginx HTTP Server Detection
-    #
+    server_tokens off;
+
+    # HSTS settings
     # WARNING: Only add the preload option once you read about
     # the consequences in https://hstspreload.org/. This option
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    add_header Referrer-Policy "no-referrer" always;
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Permitted-Cross-Domain-Policies "none" always;
-    add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
 
-    # Remove X-Powered-By, which is an information leak
+    # set max upload size and increase upload timeout:
-    fastcgi_hide_header X-Powered-By;
-
-    # Path to the root of your installation
-    root /var/www/html;
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    # The following 2 rules are only needed for the user_webfinger app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-
-    # The following rule is only needed for the Social app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-
-    location = /.well-known/carddav {
-        return 301 $scheme://$host:$server_port/remote.php/dav;
-    }
-
-    location = /.well-known/caldav {
-        return 301 $scheme://$host:$server_port/remote.php/dav;
-    }
-
-    # location /nginx_status {
-    #     stub_status;
-    #     allow 192.168.1.0/24;	#only allow requests from local network
-    #     deny all;		#deny all other hosts
-    # }
-
-    # set max upload size
     client_max_body_size 10G;
+    client_body_timeout 300s;
     fastcgi_buffers 64 4K;
 
     # Enable gzip but do not remove ETag headers
@@ -68,78 +36,137 @@ server {
     gzip_comp_level 4;
     gzip_min_length 256;
     gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+    gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
-    # Uncomment if your server is build with the ngx_pagespeed module
+    # Pagespeed is not supported by Nextcloud, so if your server is built
-    # This module is currently not supported.
+    # with the `ngx_pagespeed` module, uncomment this line to disable it.
     #pagespeed off;
 
-    location / {
+    # The settings allows you to optimize the HTTP2 bandwidth.
-        rewrite ^ /index.php;
+    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+    # for tuning hints
+    client_body_buffer_size 512k;
+
+    # HTTP response headers borrowed from Nextcloud `.htaccess`
+    add_header Referrer-Policy                   "no-referrer"       always;
+    add_header X-Content-Type-Options            "nosniff"           always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Frame-Options                   "SAMEORIGIN"        always;
+    add_header X-Permitted-Cross-Domain-Policies "none"              always;
+    add_header X-Robots-Tag                      "noindex, nofollow" always;
+    add_header X-XSS-Protection                  "1; mode=block"     always;
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Add .mjs as a file extension for javascript
+    # Either include it in the default mime.types list
+    # or include you can include that list explicitly and add the file extension
+    # only for Nextcloud like below:
+    include mime.types;
+    types {
+        text/javascript js mjs;
     }
 
-    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+    # Specify how to handle directories -- specifying `/index.php$request_uri`
-        deny all;
+    # here as the fallback means that Nginx always exhibits the desired behaviour
-    }
+    # when a client requests a path that corresponds to a directory that exists
-    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+    # on the server. In particular, if that directory contains an index.php file,
-        deny all;
+    # that file is correctly served; if it doesn't, then the request is passed to
+    # the front-end controller. This consistent behaviour means that we don't need
+    # to specify custom rules for certain paths (e.g. images and other assets,
+    # `/updater`, `/ocs-provider`), and thus
+    # `try_files $uri $uri/ /index.php$request_uri`
+    # always provides the desired behaviour.
+    index index.php index.html /index.php$request_uri;
+
+    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+    location = / {
+        if ( $http_user_agent ~ ^DavClnt ) {
+            return 302 /remote.php/webdav/$is_args$args;
+        }
     }
 
-    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+    location = /robots.txt {
-        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Make a regex exception for `/.well-known` so that clients can still
+    # access it despite the existence of the regex rule
+    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+    # for `/.well-known`.
+    location ^~ /.well-known {
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
+    }
+
+    # Rules borrowed from `.htaccess` to hide certain paths from clients
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+
+    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+    # which handle static assets (as seen below). If this block is not declared first,
+    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+    # to the URI, resulting in a HTTP 500 error response.
+    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         set $path_info $fastcgi_path_info;
+
         try_files $fastcgi_script_name =404;
+
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $path_info;
-        # fastcgi_param HTTPS on;
+        fastcgi_param HTTPS on;
 
-        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
-        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;     # Enable pretty urls
-
-        # Enable pretty urls
-        fastcgi_param front_controller_active true;
         fastcgi_pass php-handler;
+
         fastcgi_intercept_errors on;
         fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
     }
 
-    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+    # Serve static files
-        try_files $uri/ =404;
+    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
-        index index.php;
-    }
-
-    # Adding the cache control header for js, css and map files
-    # Make sure it is BELOW the PHP block
-    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
         try_files $uri /index.php$request_uri;
-        add_header Cache-Control "public, max-age=15778463";
+        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-        # Add headers to serve security related headers (It is intended to
+        access_log off;     # Optional: Don't log access to assets
-        # have those duplicated to the ones above)
-        # Before enabling Strict-Transport-Security headers please read into
-        # this topic first.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        add_header Referrer-Policy "no-referrer" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Download-Options "noopen" always;
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies "none" always;
-        add_header X-Robots-Tag "none" always;
-        add_header X-XSS-Protection "1; mode=block" always;
 
-        # Optional: Don't log access to assets
+        location ~ \.wasm$ {
-        access_log off;
+            default_type application/wasm;
+        }
     }
 
-    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
+    location ~ \.woff2?$ {
         try_files $uri /index.php$request_uri;
-        # Optional: Don't log access to other assets
+        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
-        access_log off;
+        access_log off;     # Optional: Don't log access to assets
+    }
+
+    # Rule borrowed from `.htaccess`
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
     }
 }

plausible/.env

@@ -0,0 +1,71 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+## APP
+
+PLAUSIBLE_DOMAIN=localhost
+BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
+#PLAUSIBLE_CONTAINER_NAME=plausible
+#PLAUSIBLE_VOLUME_NAME=plausible
+#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
+
+ADMIN_USER_NAME=example
+ADMIN_USER_EMAIL=email@example.org
+ADMIN_USER_PWD=change-me
+SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
+#DISABLE_AUTH=
+#DISABLE_REGISTRATION=
+
+## POSTGRES
+
+#POSTGRES_VOLUME_NAME=
+#POSTGRES_CONTAINER_NAME=
+#POSTGRES_IMAGE=
+POSTGRES_USER=user-example
+POSTGRES_PASSWORD=password-example
+POSTGRES_DB=plausible_dev
+
+## CLICKHOUSE
+
+#CLICKHOUSE_VOLUME_NAME=
+#CLICKHOUSE_CONTAINER_NAME=
+#CLICKHOUSE_IMAGE=
+
+## SMTP
+
+#MAILER_EMAIL=
+#SMTP_HOST_ADDR=
+#SMTP_HOST_PORT=
+#SMTP_USER_NAME=
+#SMTP_USER_PWD=
+#SMTP_HOST_SSL_ENABLED=
+#SMTP_RETRIES=
+
+## GOOGLE SEARCH CONSOLE
+
+#GOOGLE_CLIENT_ID=
+#GOOGLE_CLIENT_SECRET=
+
+## GEOIPUPDATE
+
+#GEOIPUPDATE_VOLUME_NAME=
+#GEOIPUPDATE_IMAGE=
+#GEOIPUPDATE_CONTAINER_NAME=
+#GEOIPUPDATE_ACCOUNT_ID=
+#GEOIPUPDATE_LICENSE_KEY=
+#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
+#GEOIPUPDATE_FREQUENCY=
+#GEOIPUPDATE_VERBOSE=
+#GEOIPUPDATE_DB_DIR=
+
+## TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=
+#TRAEFIK_ENTRYPOINTS=

plausible/README.md

@@ -0,0 +1,15 @@
+# Plausible
+
+> Plausible est une plateforme d'analyse Web légère et open source.
+
+## Liens
+
+- [Site Officiel][site]
+- [Documentation][documentation]
+- [Code source][source]
+- [Docker Hub][dockerhub]
+
+[site]: https://plausible.io/
+[source]: https://github.com/plausible/analytics
+[documentation]: https://plausible.io/docs
+[dockerhub]: https://hub.docker.com/r/plausible/analytics

plausible/clickhouse-config.xml

@@ -0,0 +1,14 @@
+<yandex>
+    <logger>
+        <level>warning</level>
+        <console>true</console>
+    </logger>
+
+    <!-- Stop all the unnecessary logging -->
+    <query_thread_log remove="remove"/>
+    <query_log remove="remove"/>
+    <text_log remove="remove"/>
+    <trace_log remove="remove"/>
+    <metric_log remove="remove"/>
+    <asynchronous_metric_log remove="remove"/>
+</yandex>

plausible/clickhouse-user-config.xml

@@ -0,0 +1,8 @@
+<yandex>
+    <profiles>
+        <default>
+            <log_queries>0</log_queries>
+            <log_query_threads>0</log_query_threads>
+        </default>
+    </profiles>
+</yandex>

plausible/docker-compose.clickhouse.yml

@@ -0,0 +1,7 @@
+---
+
+services:
+  clickhouse:
+    volumes:
+      - ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
+      - ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro

plausible/docker-compose.geoip.yml

@@ -0,0 +1,10 @@
+---
+
+services:
+  plausible:
+    depends_on:
+      - geoipupdate
+    environment:
+      - GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
+    volumes:
+      - geoipupdate:/geoip:ro

plausible/docker-compose.google.yml

@@ -0,0 +1,7 @@
+---
+
+services:
+  plausible:
+    environment:
+      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
+      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}

plausible/docker-compose.local.yml

@@ -0,0 +1,6 @@
+---
+
+services:
+  plausible:
+    ports:
+      - ${LOCAL_PORT:-8000}:8000

plausible/docker-compose.smtp.yml

@@ -0,0 +1,12 @@
+---
+
+services:
+  plausible:
+    environment:
+      MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
+      SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
+      SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
+      SMTP_USER_NAME: ${SMTP_USER_NAME}
+      SMTP_USER_PWD: ${SMTP_USER_PWD}
+      SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
+      SMTP_RETRIES: ${SMTP_RETRIES:-2}

plausible/docker-compose.traefik.yml

@@ -0,0 +1,14 @@
+---
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
+
+services:
+  plausible:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

plausible/docker-compose.yml

@@ -0,0 +1,31 @@
+---
+
+volumes:
+  plausible:
+    name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
+
+services:
+  plausible:
+    container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
+    image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
+    restart: always
+    command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
+    depends_on:
+      - clickhouse
+      - postgres
+    environment:
+      ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
+      ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
+      ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
+      BASE_URL: ${BASE_URL}
+      SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
+      DISABLE_AUTH: ${DISABLE_AUTH:-false}
+      DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
+      DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
+      CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
+      SITE_LIMIT: ${SITE_LIMIT:-3}
+      SELFHOST: ${SELFHOST:-true}
+      LOG_LEVEL: ${LOG_LEVEL:-warn}
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro

postgres/.env

@@ -1,3 +1,7 @@
+#POSTGRES_VOLUME_NAME=
+#POSTGRES_CONTAINER_NAME=
+#POSTGRES_IMAGE=
+
 POSTGRES_USER=user-example
 POSTGRES_PASSWORD=password-example
 POSTGRES_DB=postgres-database-name-example

postgres/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+---
 
 volumes:
   postgres:
@@ -7,7 +7,7 @@ volumes:
 services:
   postgres:
     container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
-    image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3}
+    image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
     restart: always
     environment:
       POSTGRES_USER: ${POSTGRES_USER:?err}

prometheus/docker-compose.traefik.yml

@@ -1,10 +1,9 @@
 ---
 
-version: "3.8"
-
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
 
 services:
   prometheus:

prometheus/docker-compose.yml

@@ -12,7 +12,7 @@ services:
     build:
       context: .
       args:
-        PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
+        PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.34.0}
     volumes:
       - prometheus:/prometheus
     restart: always

redis/README.md

@@ -0,0 +1,6 @@
+# Redis
+
+## Information
+
+- Port par défaut : 6379
+- La configuration de mot de passe : https://github.com/docker-library/redis/issues/46

redis/docker-compose.yml

@@ -1,13 +1,18 @@
-version: "3.8"
+---
+
+volumes:
+  redis:
+    name: ${REDIS_VOLUME_NAME:-redis}
 
 services:
   redis:
-    image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d}
+    image: ${REDIS_IMAGE:-redis:6.2.6-alpine}
     container_name: ${REDIS_CONTAINER_NAME:-redis}
     restart: always
     environment:
       PUID: ${REDIS_PUID:-1000}
       PGID: ${REDIS_PGID:-1000}
     volumes:
+      - redis:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro

registry/README.md

@@ -36,6 +36,12 @@ Pour se connecter :
 docker login https://$REGISTRY_DOMAIN
 ```
 
+## Nettoyer le registre
+
+```sh
+docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged=true
+```
+
 ## Aide
 
 Pour connaître les images du registry :

registry/docker-compose.traefik.yml

@@ -3,6 +3,7 @@ version: '3.8'
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}
+    external: true
 
 services:
   registry:

registry/docker-compose.yml

@@ -7,7 +7,7 @@ volumes:
 services:
   registry:
     container_name: ${REGISTRY_CONTAINER_NAME}
-    image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97}
+    image: ${REGISTRY_IMAGE:-registry:2.8.1}
     restart: always
     environment:
       REGISTRY_AUTH: htpasswd

signaturepdf/.env

@@ -0,0 +1,30 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/signaturepdf/docker-compose.yml:${SERVICES_DIR}/signaturepdf/docker-compose.traefik.yml
+#COMPOSE_PROJECT_NAME=
+
+#SIGNATUREPDF_VOLUME_NAME=
+#SIGNATUREPDF_CONTAINER_NAME=
+#SIGNATUREPDF_IMAGE=
+
+##############
+# SIGNATUREPDF
+
+SIGNATUREPDF_DOMAIN=pdf.cool.life
+UPLOAD_MAX_FILESIZE=24M
+POST_MAX_SIZE=24M
+MAX_FILE_UPLOADS=201
+PDF_STORAGE_PATH=/data
+DISABLE_ORGANIZATION=false
+PDF_DEMO_LINK=true
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=
+#TRAEFIK_ENTRYPOINTS=

signaturepdf/README.md

@@ -0,0 +1,19 @@
+# Signature de PDF
+
+Logiciel WEB libre permettant de modifier un fichier PDF facilement.
+
+## Information
+
+Le service n'a pas d'image Docker officiel. Actuellement l'image a été construite et poussé sur Hub de Docker par Simon :
+
+```
+git clone git@github.com:24eme/signaturepdf.git
+cd signaturepdf
+docker build -t simonc/signaturepdf:latest .
+docker push simonc/signaturepdf:latest
+```
+
+## 🔗 Liens
+
+- [Github](https://github.com/24eme/signaturepdf)
+- [L'image Docker sur Docker Hub](https://hub.docker.com/r/simonc/signaturepdf)

signaturepdf/docker-compose.traefik.https.yml

@@ -0,0 +1,11 @@
+---
+services:
+  signaturepdf:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.middlewares=${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https

signaturepdf/docker-compose.traefik.yml

@@ -0,0 +1,14 @@
+---
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+    external: true
+
+services:
+  signaturepdf:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}