feat(Matomo): Add service

feat(MariaDB): Add new service
chore(Nextcloud): Upgrade to 23.0.0
2022-02-15 00:05:58 +01:00 · 2022-02-15 00:00:30 +01:00 · 2022-02-14 10:31:18 +01:00 · 2022-02-14 10:18:03 +01:00 · 2022-02-14 10:18:03 +01:00 · 2022-02-14 10:18:03 +01:00
86 changed files with 1566 additions and 433 deletions
--- a/README.md
+++ b/README.md
@ -1,28 +1,33 @@
 # Services

-Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
+Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt.

 ## Liste des services

 ### Pour les utilisateurs

+- [Directus](./directus) : Permet d'administrer une base de données
 - [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
+- [Matomo](./matomo) : Logiciel libre et open source de mesure de statistiques web
+- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
 - [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration

 ### Pour les devs / ops

- [Drone](./drone) `en pause` : Un service d'intégration continue
+- [Drone](./drone) : Un service d'intégration continue
 - [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
 - [Grafana](./grafana) : Un outil de supervision simple et élégant
+- [MariaDB](./mariadb) : MariaDB est un système de gestion de base de données, un fork communautaire de MySQL
 - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
 - [Prometheus](./prometheus) : Un logiciel de surveillance informatique
- [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
+- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
+- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
 - [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
- [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
+- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker

 ## Comment ça marche ?

-Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
+Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples).

 ### Docker et Docker Compose

@ -35,9 +40,11 @@ Voici les commandes de base :

 ### ./run

+> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
+
 Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.

-Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
+Vous pouvez lancer le script sans paramètres pour afficher la documentation du script.

 ## Documentation

@ -55,6 +62,8 @@ En haut de chaque script il y a `set -eu` qui veut dire :

 ## Tâches

+> 🚧 Ses tâches ne sont pas à jour
+
 Général :

 - [ ] Mettre en place une rotation des logs
--- a/directus/.env
+++ b/directus/.env
@ -0,0 +1,54 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+##########
+# DIRECTUS
+#
+# see https://github.com/directus/directus/blob/main/api/example.env
+
+DIRECTUS_CONTAINER_NAME=directus_cool_life
+DIRECTUS_DOMAIN=directus.cool.life
+DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
+DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
+DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
+DIRECTUS_ADMIN_EMAIL=admin@example.com
+DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
+
+EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
+EMAIL_SMTP_HOST=mail.example.org
+#EMAIL_SMTP_PORT=
+EMAIL_SMTP_USER=user
+EMAIL_SMTP_PASSWORD=password
+#EMAIL_SMTP_SECURE=
+#EMAIL_SMTP_IGNORE_TLS=
+
+# DIRECTUS_PUID=
+# DIRECTUS_PGID=
+
+##########
+# POSTGRES
+
+POSTGRES_USER=user-example
+POSTGRES_PASSWORD=password-example
+POSTGRES_DB=postgres-database-name-example
+POSTGRES_CONTAINER_NAME=directus-postgres
+POSTGRES_VOLUME_NAME=directus-postgres
+#POSTGRES_IMAGE=
+
+#######
+# REDIS
+
+#REDIS_CONTAINER_NAME=
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/directus/README.md
+++ b/directus/README.md
@ -0,0 +1,18 @@
+# Directus
+
+>  Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
+
+## Configuration
+
+[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
+
+## Liens
+
+- [Site officiel][website]
+- [Github][github]
+- [L'image Docker][docker]
+
+[website]: https://directus.io/
+[docker]: https://hub.docker.com/r/directus/directus
+[github]: https://github.com/directus/directus/
+[documentation]: https://docs.directus.io/reference/environment-variables/
--- a/directus/docker-compose.redis.yml
+++ b/directus/docker-compose.redis.yml
@ -0,0 +1,10 @@
+---
+
+version: "3.8"
+
+services:
+  directus:
+    environment:
+      CACHE_ENABLED: 'true'
+      CACHE_STORE: 'redis'
+      CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'
--- a/directus/docker-compose.smtp.yml
+++ b/directus/docker-compose.smtp.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+services:
+  directus:
+    environment:
+      EMAIL_TRANSPORT: smtp
+      EMAIL_FROM: ${EMAIL_FROM:?err}
+      EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
+      EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
+      EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
+      EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
+      EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
+      EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}
--- a/directus/docker-compose.traefik.yml
+++ b/directus/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  directus:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web
--- a/directus/docker-compose.yml
+++ b/directus/docker-compose.yml
@ -0,0 +1,38 @@
+---
+
+version: "3.8"
+
+volumes:
+  directus:
+    name: ${DIRECTUS_VOLUME_NAME:-directus}
+
+services:
+  directus:
+    container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
+    image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
+    restart: always
+    volumes:
+      - directus:/directus/uploads
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      - postgres
+      - redis
+    environment:
+      KEY: ${DIRECTUS_KEY:?err}
+      SECRET: ${DIRECTUS_SECRET:?err}
+      TELEMETRY: false
+
+      ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
+      ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
+      PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
+
+      DB_CLIENT: 'pg'
+      DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+      DB_PORT: '5432'
+      DB_DATABASE: ${POSTGRES_DB:?err}
+      DB_USER: ${POSTGRES_USER:?err}
+      DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
+
+      PUID: ${DIRECTUS_PUID:-1000}
+      PGID: ${DIRECTUS_PGID:-1000}
--- a/drone/.env
+++ b/drone/.env
@ -1,37 +0,0 @@
-## DOCKER
-
-COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
-TRAEFIK_NETWORK_NAME=kifeart
-
-
-## DRONE SERVER
-
-# https://hub.docker.com/r/drone/drone/tags
-DRONE_SERVER_IMAGE=drone/drone:1.7.0
-
-DRONE_SERVER_VOLUME_NAME=drone-server
-DRONE_SERVER_CONTAINER_NAME=drone-server
-
-# https://docs.drone.io/server/reference/
-DRONE_GIT_ALWAYS_AUTH=true
-DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
-DRONE_SERVER_HOST=ci.cool.life
-DRONE_SERVER_PROTO=https
-
-# https://docs.drone.io/server/provider/gitea/
-DRONE_GITEA_SERVER=gitea.cool.life
-DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
-DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
-
-
-
-## DRONE RUNNER
-
-# https://hub.docker.com/r/drone/drone-runner-docker/tags
-DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
-DRONE_RUNNER_CONTAINER_NAME=drone-runner
-DRONE_RUNNER_CAPACITY=2
-DRONE_RUNNER_HOST=ci-runner.cool.life
-DRONE_RUNNER_NAME=ci-runner.cool.life
-DRONE_RUNNER_UI_USERNAME=kosssi
-DRONE_RUNNER_UI_PASSWORD=$not$a$password
--- a/drone/README.md
+++ b/drone/README.md
@ -4,6 +4,22 @@
 >
 > <cite>[Codeflow][article]</cite>

+## Documentation
+
+Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
+
+Le service est basé sur 2 briques :
+- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
+- le coté exécution des tâches (_[runner](./runner)_).
+
+### Génération de clé
+
+Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
+
+```
+openssl rand -hex 16
+```
+
 ## Liens

 - [Site internet][site]
--- a/drone/docker-compose.gitea.yml
+++ b/drone/docker-compose.gitea.yml
@ -1,10 +0,0 @@
-version: "3.8"
-
-# https://docs.drone.io/server/provider/gitea/
-
-services:
-  drone-server:
-    environment:
-      DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
-      DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
-      DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}
--- a/drone/docker-compose.traefik.yml
+++ b/drone/docker-compose.traefik.yml
@ -1,22 +0,0 @@
-version: "3.8"
-
-networks:
-  default:
-    name: ${TRAEFIK_NETWORK_NAME}
-
-services:
-  drone-server:
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
-
-      traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
-      traefik.http.routers.drone-server.entrypoints: 'web'
-
-  drone-runner:
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
-
-      traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
-      traefik.http.routers.drone-runner.entrypoints: 'web'
--- a/drone/docker-compose.yml
+++ b/drone/docker-compose.yml
@ -1,41 +0,0 @@
-version: "3.8"
-
-volumes:
-  drone-server:
-    name: ${DRONE_SERVER_VOLUME_NAME}
-
-services:
-  drone-server:
-    container_name: ${DRONE_SERVER_CONTAINER_NAME}
-    image: ${DRONE_SERVER_IMAGE}
-    restart: always
-    environment:
-      DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
-      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
-      DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
-      DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
-      DRONE_LOGS_DEBUG: 'true'
-    volumes:
-      - drone-server:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-
-  drone-runner:
-    container_name: ${DRONE_RUNNER_CONTAINER_NAME}
-    image: ${DRONE_RUNNER_IMAGE}
-    restart: always
-    depends_on:
-      - drone-server
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      DRONE_RPC_PROTO: http
-      DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
-      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
-      DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
-      DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
-      DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
-      DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
-      DRONE_DEBUG: 'true'
--- a/drone/runner/.env
+++ b/drone/runner/.env
@ -0,0 +1,36 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=../..
+COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
+#COMPOSE_PROJECT_NAME=
+
+
+## DRONE RUNNER
+#https://docs.drone.io/runner/docker/configuration/reference/
+
+### Docker
+# https://hub.docker.com/r/drone/drone-runner-docker/tags
+DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
+DRONE_RUNNER_CONTAINER_NAME=drone-server
+
+### Drone
+# https://docs.drone.io/runner/docker/installation/linux/
+DRONE_RPC_HOST=drone.cool.life
+DRONE_RPC_PROTO=https
+DRONE_RPC_SECRET=change-me
+DRONE_RUNNER_HOST=ci-runner.cool.life
+DRONE_RUNNER_CAPACITY=2
+DRONE_RUNNER_NAME=drone-runner
+DRONE_UI_USERNAME=resilien
+DRONE_UI_PASSWORD=change-me
+DRONE_UI_DISABLE=false
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/drone/runner/README.md
+++ b/drone/runner/README.md
@ -0,0 +1,11 @@
+# Drone CI Runner
+
+Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
+
+## Installation
+
+L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
+
+Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
+
+Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.
--- a/drone/runner/docker-compose.dashboard.yml
+++ b/drone/runner/docker-compose.dashboard.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/configuration/dashboard/
+
+services:
+  drone-runner:
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
+      DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
+      DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
+      DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}
--- a/drone/runner/docker-compose.local.yml
+++ b/drone/runner/docker-compose.local.yml
@ -0,0 +1,8 @@
+---
+
+version: "3.8"
+
+services:
+  drone-runner:
+    ports:
+      - "3000:3000"
--- a/drone/runner/docker-compose.logging.yml
+++ b/drone/runner/docker-compose.logging.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/configuration/logging/
+
+services:
+  drone-runner:
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
+      DRONE_DEBUG: ${DRONE_DEBUG:-false}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
+      DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
+      DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}
--- a/drone/runner/docker-compose.traefik.yml
+++ b/drone/runner/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME}
+
+services:
+  drone-runner:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/drone/runner/docker-compose.yml
+++ b/drone/runner/docker-compose.yml
@ -0,0 +1,26 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/installation/linux/
+
+services:
+  drone-runner:
+    container_name: ${DRONE_RUNNER_CONTAINER_NAME}
+    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
+      DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
+      DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
+      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
+      DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
+      DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
--- a/drone/server/.env
+++ b/drone/server/.env
@ -0,0 +1,65 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=../..
+COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+
+## DRONE SERVER
+# https://docs.drone.io/server/reference/
+
+### Docker
+# https://hub.docker.com/r/drone/drone/tags
+DRONE_SERVER_IMAGE=drone/drone:2.8.0
+DRONE_SERVER_VOLUME_NAME=drone-server
+DRONE_SERVER_CONTAINER_NAME=drone-server
+
+### Drone
+
+DRONE_RPC_SECRET=change-me
+DRONE_SERVER_HOST=ci.cool.life
+DRONE_SERVER_PROTO=https
+
+### User
+DRONE_ADMIN_USER=resilien
+DRONE_ADMIN_TOKEN=change-me
+DRONE_USER_FILTER=resilien
+DRONE_REGISTRATION_CLOSED=true
+
+### Gitea
+# https://docs.drone.io/server/provider/gitea/
+#DRONE_GIT_ALWAYS_AUTH=
+DRONE_GITEA_SERVER=gitea.cool.life
+DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
+DRONE_GITEA_CLIENT_SECRET=change-me
+
+## Header
+# https://docs.drone.io/server/headers/
+#DRONE_HTTP_SSL_REDIRECT=
+#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
+#DRONE_HTTP_SSL_HOST=
+#DRONE_HTTP_STS_SECONDS=
+
+### Cookie
+# https://docs.drone.io/server/cookie/
+DRONE_COOKIE_SECRET=change-me
+#DRONE_COOKIE_TIMEOUT=720h
+
+### POSTGRES
+# https://docs.drone.io/server/storage/encryption/
+DRONE_DATABASE_SECRET=change-me
+POSTGRES_USER=user
+POSTGRES_PASSWORD=password
+POSTGRES_VOLUME_NAME=postgres
+POSTGRES_CONTAINER_NAME=postgres
+POSTGRES_DB=drone
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/drone/server/README.md
+++ b/drone/server/README.md
@ -0,0 +1,41 @@
+# Drone CI Server
+
+## Installation
+
+L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
+
+## Configuration
+
+Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
+
+### Installation du CLI
+
+Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
+
+### Configuration du CLI en local
+
+Il faut :
+- l'url de l'instance (`DRONE_SERVER_HOST`)
+- le protocol de l'instance (`DRONE_SERVER_PROTO`)
+- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
+
+```
+export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
+export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
+```
+
+[Documentation officielle](https://docs.drone.io/cli/configure/)
+
+### Les utilisateurs
+
+Il faut ajouter les utilisateurs non admin :
+
+```
+drone user add kosssi
+drone user add killian
+drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
+```
+
+En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
+
+[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)
--- a/drone/server/docker-compose.cookie.yml
+++ b/drone/server/docker-compose.cookie.yml
@ -0,0 +1,13 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/cookie/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-cookie-secret/
+      DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
+      # https://docs.drone.io/server/reference/drone-cookie-timeout/
+      DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days
--- a/drone/server/docker-compose.gitea.yml
+++ b/drone/server/docker-compose.gitea.yml
@ -0,0 +1,17 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/provider/gitea/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-git-always-auth/
+      DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
+      # https://docs.drone.io/server/reference/drone-gitea-server/
+      DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
+      # https://docs.drone.io/server/reference/drone-gitea-client-id/
+      DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
+      # https://docs.drone.io/server/reference/drone-gitea-client-secret/
+      DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}
--- a/drone/server/docker-compose.header.yml
+++ b/drone/server/docker-compose.header.yml
@ -0,0 +1,13 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/headers/
+
+services:
+  drone-server:
+    environment:
+      DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
+      DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
+      DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
+      DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}
--- a/drone/server/docker-compose.local.yml
+++ b/drone/server/docker-compose.local.yml
@ -0,0 +1,8 @@
+---
+
+version: "3.8"
+
+services:
+  drone-server:
+    ports:
+      - "3000:3000"
--- a/drone/server/docker-compose.logging.yml
+++ b/drone/server/docker-compose.logging.yml
@ -0,0 +1,19 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/logging/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-logs-debug/
+      DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
+      # https://docs.drone.io/server/reference/drone-logs-text/
+      DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
+      # https://docs.drone.io/server/reference/drone-logs-pretty/
+      DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
+      # https://docs.drone.io/server/reference/drone-logs-color/
+      DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
+      # https://docs.drone.io/server/reference/drone-logs-trace/
+      DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}
--- a/drone/server/docker-compose.postgres.yml
+++ b/drone/server/docker-compose.postgres.yml
@ -0,0 +1,16 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/storage/database/
+# https://docs.drone.io/server/storage/encryption/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-database-secret/
+      DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
+      # https://docs.drone.io/server/reference/drone-database-driver/
+      DRONE_DATABASE_DRIVER: postgres
+      # https://docs.drone.io/server/reference/drone-database-datasource/
+      DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable
--- a/drone/server/docker-compose.traefik.yml
+++ b/drone/server/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME}
+
+services:
+  drone-server:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/drone/server/docker-compose.user.yml
+++ b/drone/server/docker-compose.user.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/user/registration/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-user-create/
+      DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
+      # https://docs.drone.io/server/reference/drone-user-filter/
+      DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
+      # https://docs.drone.io/server/reference/drone-registration-closed/
+      DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}
--- a/drone/server/docker-compose.yml
+++ b/drone/server/docker-compose.yml
@ -0,0 +1,24 @@
+---
+
+version: "3.8"
+
+volumes:
+  drone-server:
+    name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
+
+services:
+  drone-server:
+    container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
+    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
+    restart: always
+    environment:
+      # https://docs.drone.io/server/reference/drone-rpc-secret/
+      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
+      # https://docs.drone.io/server/reference/drone-server-host/
+      DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
+      # https://docs.drone.io/server/reference/drone-server-proto/
+      DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
+    volumes:
+      - drone-server:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
--- a/examples/README.md
+++ b/examples/README.md
@ -13,3 +13,5 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
 ## DOCKER_HOST

 Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit s’exécuter sur ce serveur.
+
+> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur
--- a/geoip/.env
+++ b/geoip/.env
@ -0,0 +1,9 @@
+#GEOIP_VOLUME_NAME=
+#GEOIP_IMAGE=
+#GEOIP_CONTAINER_NAME=
+
+#GEOIP_EDITION_IDS=
+GEOIP_LICENSE_KEY=blablabla
+#GEOIP_DOWNLOAD_PATH=
+#GEOIP_SCHEDULE=
+#GEOIP_LOG_LEVEL=
--- a/geoip/docker-compose.yml
+++ b/geoip/docker-compose.yml
@ -0,0 +1,22 @@
+---
+
+version: "3.8"
+
+volumes:
+  geoip:
+    name: ${GEOIP_VOLUME_NAME:-geoip}
+
+services:
+  geoip:
+    image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
+    container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
+    restart: always
+    volumes:
+      - geoip:${GEOIP_DOWNLOAD_PATH:-/data}
+    environment:
+      EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
+      LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
+      DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
+      SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
+      LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
+      LOG_JSON: ${GEOIP_LOG_JSON:-false}
--- a/gitea/README.md
+++ b/gitea/README.md
@ -4,6 +4,8 @@
 >
 > <cite>[Documentation][documentation]</cite>

+Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
+
 ## Commandes

 ```sh
--- a/gitea/docker-compose.metrics.yml
+++ b/gitea/docker-compose.metrics.yml
@ -0,0 +1,6 @@
+version: "3.8"
+
+services:
+  gitea:
+    environment:
+      - GITEA__METRICS__ENABLED=true
--- a/gitea/docker-compose.smtp.yml
+++ b/gitea/docker-compose.smtp.yml
@ -0,0 +1,12 @@
+version: "3.8"
+
+services:
+  gitea:
+    environment:
+      - GITEA__mailer__ENABLED=true
+      - GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
+      - GITEA__mailer__MAILER_TYPE=smtp
+      - GITEA__mailer__HOST=${GITEA__mailer__HOST:?GITEA__mailer__HOST not set}
+      - GITEA__mailer__IS_TLS_ENABLED=true
+      - GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
+      - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -7,13 +7,13 @@ volumes:
 services:
  gitea:
    container_name: ${GITEA_CONTAINER_NAME:-gitea}
-    image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
+    image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a}
    restart: always
    environment:
      # - USER_UID=1000
      # - USER_GID=1000
      DB_TYPE: postgres
-      DB_HOST: postgres:5432
+      DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
      DB_NAME: ${POSTGRES_DB}
      DB_USER: ${POSTGRES_USER}
      DB_PASSWD: ${POSTGRES_PASSWORD}
--- a/grafana/.env
+++ b/grafana/.env
@ -1,3 +1,44 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
+#COMPOSE_PROJECT_NAME=
+
+#########
+# GRAFANA
+
 GRAFANA_DOMAIN=grafana.cool.life
+#GRAFANA_VOLUME_NAME=
+#GRAFANA_CONTAINER_NAME=
+#GRAFANA_IMAGE=
+
 GF_SECURITY_ADMIN_USER=admin
-GF_SECURITY_ADMIN_PASSWORD=admin
+GF_SECURITY_ADMIN_PASSWORD=password
+#GF_SECURITY_DISABLE_GRAVATAR=
+#GF_SECURITY_COOKIE_SECURE=
+#GF_USERS_ALLOW_SIGN_UP=
+GF_INSTALL_PLUGINS=grafana-piechart-panel
+
+######
+# SMTP
+
+#GF_SMTP_HOST=
+#GF_SMTP_USER=
+#GF_SMTP_PASSWORD=
+#GF_SMTP_FROM_ADDRESS=
+#GF_SMTP_FROM_NAME=
+
+#######
+# REDIS
+
+#GF_REMOTE_CACHE_CONNSTR=
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/grafana/README.md
+++ b/grafana/README.md
@ -0,0 +1,19 @@
+# Grafana
+
+> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
+>
+> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
+
+## 🔧 Configuration
+
+La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
+- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
+- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
+- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
+
+## 🔗 Liens
+
+- [Site officiel](https://grafana.com)
+- [La documentation](https://grafana.com/docs)
+- [Github](https://github.com/grafana/grafana)
+- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)
--- a/grafana/docker-compose.postgres.yml
+++ b/grafana/docker-compose.postgres.yml
@ -0,0 +1,11 @@
+version: "3.8"
+
+services:
+  grafana:
+    environment:
+      # https://grafana.com/docs/grafana/latest/administration/configuration/#database
+      GF_DATABASE_TYPE: postgres
+      GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+      GF_DATABASE_NAME: ${POSTGRES_DB:?err}
+      GF_DATABASE_USER: ${POSTGRES_USER:?err}
+      GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}
--- a/grafana/docker-compose.redis.yml
+++ b/grafana/docker-compose.redis.yml
@ -0,0 +1,8 @@
+version: "3.8"
+
+services:
+  grafana:
+    environment:
+      # https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
+      GF_REMOTE_CACHE_TYPE: redis
+      GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}
--- a/grafana/docker-compose.smtp.yml
+++ b/grafana/docker-compose.smtp.yml
@ -0,0 +1,12 @@
+version: "3.8"
+
+services:
+  grafana:
+    environment:
+      # https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
+      GF_SMTP_ENABLED: true
+      GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
+      GF_SMTP_USER: ${GF_SMTP_USER:?err}
+      GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
+      GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
+      GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}
--- a/grafana/docker-compose.traefik.yml
+++ b/grafana/docker-compose.traefik.yml
@ -0,0 +1,13 @@
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  grafana:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/grafana/docker-compose.yml
+++ b/grafana/docker-compose.yml
@ -1,9 +1,5 @@
 ---
-version: "3"
-
-networks:
-  default:
-    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+version: "3.8"

 volumes:
  grafana:
@ -12,17 +8,17 @@ volumes:
 services:
  grafana:
    container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
-    image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
+    image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48}
    restart: always
    volumes:
      - grafana:/var/lib/grafana
    environment:
+      GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
+      GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
+      GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
      GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
      GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
+      GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
+      GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
+      GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
      GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
-      GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
-      traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
-      traefik.http.routers.grafana.entrypoints: 'web'
--- a/hedgedoc/README.md
+++ b/hedgedoc/README.md
@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :

 ## Configuration

-[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
+[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées.

 Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).

@ -21,6 +21,23 @@ Lancer le service :
 docker-compose up -d
 ```

+## Debug
+
+### Se connecter à la base de données
+
+```shell
+. .env
+docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
+```
+
+### Traitement des notes vides
+
+```
+SELECT count(*) FROM public."Notes" WHERE content = '';
+SELECT * FROM public."Notes" WHERE content = '';
+DELETE FROM public."Notes" WHERE content = '';
+```
+
 ## Liens

 - [Site officiel][website]
--- a/hedgedoc/docker-compose.yml
+++ b/hedgedoc/docker-compose.yml
@ -7,24 +7,27 @@ volumes:
 services:
  hedgedoc:
    container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
-    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
+    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f}
    restart: always
    depends_on:
      - postgres
    volumes:
-      - hedgedoc:/config
+      - hedgedoc:/opt/hedgedoc/public/uploads
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      # https://docs.hedgedoc.org/configuration/
-      CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
+      CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
      CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
      CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
      NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
      CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
      CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
+      CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
+      CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
      CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
-      CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
+      CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
      CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
+      CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
      PGID: ${PGID:-1000}
      PUID: ${PUID:-1000}
--- a/mariadb/.env
+++ b/mariadb/.env
@ -0,0 +1,8 @@
+#MARIADB_CONTAINER_NAME=
+#MARIADB_VOLUME_NAME=
+#MARIADB_IMAGE=
+MARIADB_ROOT_PASSWORD=replace-me
+MARIADB_USER=user-example
+MARIADB_PASSWORD=password-example
+MARIADB_DATABASE=mariadb-database-name-example
+#MARIADB_COMMAND=
--- a/mariadb/README.md
+++ b/mariadb/README.md
@ -0,0 +1,28 @@
+# MariaDB
+
+> MariaDB est un système de gestion de base de données édité sous licence GPL. Il s'agit d'un fork communautaire de MySQL
+>
+> <cite>[Wikipédia][wikipedia]</cite>
+
+## Configuration
+
+Les variables contenu dans `.env` permettent de changer :
+
+- `MARIADB_IMAGE` : la version
+- `MARIADB_ROOT_PASSWORD` : le mot de passe _root_
+- `MARIADB_USER` : le nom d'utilisateur
+- `MARIADB_PASSWORD` : le mot de passe
+- `MARIADB_DATABASE` : le nom de la base de données
+- `MARIADB_CONTAINER_NAME` (par defaut _mariadb_) : le nom du conteneur
+- `MARIADB_VOLUME_NAME` (par defaut _mariadb_) : le nom du volume
+
+## Liens
+
+- [Site Officiel][site]
+- [Code source][source]
+- [Docker Hub][dockerhub]
+
+[wikipedia]: https://fr.wikipedia.org/wiki/MariaDB
+[site]: https://mariadb.org/
+[source]: https://github.com/MariaDB/server
+[dockerhub]: https://hub.docker.com/_/mariadb/
--- a/mariadb/docker-compose.yml
+++ b/mariadb/docker-compose.yml
@ -0,0 +1,23 @@
+version: "3.8"
+
+volumes:
+  mariadb:
+    name: ${MARIADB_VOLUME_NAME:-mariadb}
+
+services:
+  mariadb:
+    container_name: ${MARIADB_CONTAINER_NAME:-mariadb}
+    image: ${MARIADB_IMAGE:-mariadb:10.7.1-focal}
+    command: ${MARIADB_COMMAND}
+    restart: always
+    environment:
+      MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD:?err}
+      MARIADB_USER: ${MARIADB_USER:?err}
+      MARIADB_PASSWORD: ${MARIADB_PASSWORD:?err}
+      MARIADB_DATABASE: ${MARIADB_DATABASE:?err}
+      PUID: ${MARIADB_PUID:-1000}
+      PGID: ${MARIADB_PGID:-1000}
+    volumes:
+      - mariadb:/var/lib/mysql
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
--- a/matomo/.env
+++ b/matomo/.env
@ -0,0 +1,35 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/matomo/docker-compose.yml:${SERVICES_DIR}/matomo/docker-compose.local.yml:${SERVICES_DIR}/mariadb/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+## APP
+
+#MATOMO_DOMAIN=matomo.cool.life
+#MATOMO_CONTAINER_NAME=
+#MATOMO_VOLUME_NAME=
+#MATOMO_IMAGE=
+#PHP_MEMORY_LIMIT=
+
+##########
+# MARIADB
+
+#MARIADB_CONTAINER_NAME=
+#MARIADB_VOLUME_NAME=
+#MARIADB_IMAGE=
+MARIADB_ROOT_PASSWORD=replace-me
+MARIADB_USER=user-example
+MARIADB_PASSWORD=password-example
+MARIADB_DATABASE=mariadb-database-name-example
+MARIADB_COMMAND=--max-allowed-packet=64MB
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/matomo/README.md
+++ b/matomo/README.md
@ -0,0 +1,22 @@
+# Matomo
+
+> Matomo, anciennement Piwik, est un logiciel libre et open source de mesure de statistiques web, conçu pour être une alternative libre à Google Analytics.
+>
+> <cite>[Wikipédia][wikipedia]</cite>
+
+## Commande
+
+```
+docker compose exec --user www-data matomo-fpm php console
+```
+
+## Liens
+
+- [Site Officiel][site]
+- [Code source][source]
+- [Docker Hub][dockerhub]
+
+[wikipedia]: https://fr.wikipedia.org/wiki/Matomo_(logiciel)
+[site]: https://fr.matomo.org/
+[source]: https://github.com/matomo-org/matomo
+[dockerhub]: https://hub.docker.com/_/matomo/
--- a/matomo/docker-compose.local.yml
+++ b/matomo/docker-compose.local.yml
@ -0,0 +1,6 @@
+version: "3.8"
+
+services:
+  matomo-web:
+    ports:
+      - ${LOCAL_PORT:-80}:80
--- a/matomo/docker-compose.traefik.yml
+++ b/matomo/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  matomo-web:
+    environment:
+      TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.rule=Host(`${MATOMO_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/matomo/docker-compose.yml
+++ b/matomo/docker-compose.yml
@ -0,0 +1,42 @@
+version: "3.8"
+
+volumes:
+  matomo:
+    name: ${MATOMO_VOLUME_NAME:-matomo}
+
+services:
+  matomo-fpm:
+    container_name: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
+    image: ${MATOMO_IMAGE:-matomo:4.7.1-fpm-alpine}
+    restart: always
+    environment:
+      MATOMO_DATABASE_HOST: ${MARIADB_CONTAINER_NAME:-mariadb}
+      MATOMO_DATABASE_ADAPTER: mysql
+      MATOMO_DATABASE_TABLES_PREFIX: matomo_
+      MATOMO_DATABASE_USERNAME: ${MARIADB_USER:?err}
+      MATOMO_DATABASE_PASSWORD: ${MARIADB_PASSWORD:?err}
+      MATOMO_DATABASE_DBNAME: ${MARIADB_DATABASE:?err}
+      PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-256M}
+      PUID: ${MATOMO_PUID:-1000}
+      PGID: ${MATOMO_PGID:-1000}
+    depends_on:
+      - mariadb
+    volumes:
+      - matomo:/var/www/html
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+  matomo-web:
+    container_name: ${MATOMO_CONTAINER_NAME:-matomo}-web
+    build: web
+    restart: always
+    environment:
+      MATOMO_FPM_CONTAINER_NAME: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
+      PUID: ${MATOMO_PUID:-1000}
+      PGID: ${MATOMO_PGID:-1000}
+    depends_on:
+      - matomo-fpm
+    volumes:
+      - matomo:/var/www/html
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
--- a/matomo/web/Dockerfile
+++ b/matomo/web/Dockerfile
@ -0,0 +1,3 @@
+FROM nginx:1.21.6-alpine
+
+COPY matomo.conf.template /etc/nginx/templates/default.conf.template
--- a/matomo/web/matomo.conf.template
+++ b/matomo/web/matomo.conf.template
@ -0,0 +1,70 @@
+upstream php-handler {
+    server ${MATOMO_FPM_CONTAINER_NAME}:9000;
+}
+
+server {
+	listen 80;
+	server_name ${MATOMO_DOMAIN}
+
+	add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
+	add_header X-Content-Type-Options "nosniff" always;
+	add_header X-XSS-Protection "1; mode=block" always;
+	root /var/www/html; # replace with path to your matomo instance
+	index index.php;
+	try_files $uri $uri/ =404;
+
+	## only allow accessing the following php files
+	location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
+		# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+		# Check that the PHP script exists before passing it
+		try_files $fastcgi_script_name =404;
+
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
+		fastcgi_pass php-handler;
+	}
+
+	## deny access to all other .php files
+	location ~* ^.+\.php$ {
+		deny all;
+		return 403;
+	}
+
+	## disable all access to the following directories
+	location ~ /(config|tmp|core|lang) {
+		deny all;
+		return 403; # replace with 404 to not show these directories exist
+	}
+	location ~ /\.ht {
+		deny all;
+		return 403;
+	}
+
+	location ~ js/container_.*_preview\.js$ {
+		expires off;
+		add_header Cache-Control 'private, no-cache, no-store';
+	}
+
+	location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
+		allow all;
+		## Cache images,CSS,JS and webfonts for an hour
+		## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
+		expires 1h;
+		add_header Pragma public;
+		add_header Cache-Control "public";
+	}
+
+	location ~ /(libs|vendor|plugins|misc/user) {
+		deny all;
+		return 403;
+	}
+
+	## properly display textfiles in root directory
+	location ~/(.*\.md|LEGALNOTICE|LICENSE) {
+		default_type text/plain;
+	}
+}
--- a/mobilizon/.env
+++ b/mobilizon/.env
@ -0,0 +1,63 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+############
+## MOBILIZON
+
+MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
+MOBILIZON_DOMAIN=mobilizon.lan
+#MOBILIZON_INSTANCE_PORT=4000
+MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
+
+MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
+MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
+MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
+
+MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
+MOBILIZON_INSTANCE_SECRET_KEY=changethis
+
+MOBILIZON_SMTP_SERVER=localhost
+MOBILIZON_SMTP_HOSTNAME=localhost
+MOBILIZON_SMTP_PORT=25
+MOBILIZON_SMTP_SSL=false
+MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
+MOBILIZON_SMTP_PASSWORD=password
+
+#MOBILIZON_PUID=
+#MOBILIZON_PGID=
+
+#######
+# GEOIP
+
+#GEOIP_VOLUME_NAME=
+#GEOIP_IMAGE=
+#GEOIP_CONTAINER_NAME=
+
+#GEOIP_EDITION_IDS=
+GEOIP_LICENSE_KEY=
+#GEOIP_DOWNLOAD_PATH=
+#GEOIP_SCHEDULE=
+#GEOIP_LOG_LEVEL=
+
+##########
+# POSTGRES
+
+POSTGRES_USER=mobilizon_user
+POSTGRES_PASSWORD=mobilizon_password
+POSTGRES_DB=mobilizon_db
+#POSTGRES_CONTAINER_NAME=mobilizon_postgres
+#POSTGRES_VOLUME_NAME=mobilizon_postgres
+POSTGRES_IMAGE=kartoza/postgis:14-3.1
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/mobilizon/README.md
+++ b/mobilizon/README.md
@ -0,0 +1,23 @@
+# Mobilizon
+
+> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
+>
+> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
+
+On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
+
+## Configuration
+
+Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
+- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
+- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
+
+## Liens
+
+- 🌐 [Site website](https://joinmobilizon.org)
+- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
+- 💻 Source officiel :
+  - [le logiciel](https://framagit.org/framasoft/mobilizon)
+  - [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
+- 📜 [Documentation](https://docs.joinmobilizon.org)
+- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)
--- a/mobilizon/docker-compose.local.yml
+++ b/mobilizon/docker-compose.local.yml
@ -0,0 +1,8 @@
+---
+
+version: "3.8"
+
+services:
+  mobilizon:
+    ports:
+      - "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"
--- a/mobilizon/docker-compose.traefik.yml
+++ b/mobilizon/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  mobilizon:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/mobilizon/docker-compose.yml
+++ b/mobilizon/docker-compose.yml
@ -0,0 +1,47 @@
+---
+
+version: "3.8"
+
+volumes:
+  mobilizon:
+    name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
+
+services:
+  mobilizon:
+    container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
+    image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
+    restart: always
+    depends_on:
+      - postgres
+      - geoip
+    volumes:
+      - mobilizon:/var/lib/mobilizon/uploads
+      # - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
+      - geoip:/var/lib/mobilizon/geo_db
+    environment:
+      MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
+      MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
+      MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
+      MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
+
+      MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
+      MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
+      MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
+
+      MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
+      MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
+      MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
+      MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+
+      MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
+      MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
+
+      MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
+      MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
+      MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
+      MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
+      MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
+      MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
+
+      PUID: ${MOBILIZON_PUID:-1000}
+      PGID: ${MOBILIZON_PGID:-1000}
--- a/nextcloud/.env
+++ b/nextcloud/.env
@ -1,23 +1,49 @@
-## DOCKER
+########
+# DOCKER

-COMPOSE_FILE=./docker-compose.yml
+#DOCKER_CONTEXT=
 #DOCKER_HOST=
-TRAEFIK_NETWORK_NAME=kifeart
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
+#COMPOSE_PROJECT_NAME=

 ## APP

+NEXTCLOUD_DOMAIN=nextcloud.cool.life
+NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
 NEXTCLOUD_CONTAINER_NAME=nextcloud
 NEXTCLOUD_VOLUME_NAME=nextcloud
-NEXTCLOUD_DOMAIN=nextcloud.cool.life

-NEXTCLOUD_ADMIN_USER: user
-NEXTCLOUD_ADMIN_PASSWORD: password
+NEXTCLOUD_ADMIN_USER=user
+NEXTCLOUD_ADMIN_PASSWORD=password

-# DATABASE
-# Voir la description ../postgres/README.md
+#SMTP_HOST=mail.test.org
+#SMTP_SECURE=
+#SMTP_PORT=
+#SMTP_AUTHTYPE=
+#SMTP_NAME=test@test.org
+#SMTP_PASSWORD=blablablabla
+#MAIL_FROM_ADDRESS=no-reply
+#MAIL_DOMAIN=test.org
+
+##########
+# POSTGRES

 POSTGRES_USER=user-example
 POSTGRES_PASSWORD=password-example
 POSTGRES_DB=postgres-database-name-example
 POSTGRES_CONTAINER_NAME=nextcloud-postgres
 POSTGRES_VOLUME_NAME=nextcloud-postgres
+#POSTGRES_IMAGE=
+
+#######
+# REDIS
+
+REDIS_CONTAINER_NAME=nextcloud-redis
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/nextcloud/README.md
+++ b/nextcloud/README.md
@ -10,10 +10,12 @@
 >
 > -- <cite>[Github][github]</cite>

-On peut trouver [la documentation ici][documentation].
+On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/).

 ## Aide

+Exemple de commande :
+
 ```sh
 docker exec --user www-data -it nextcloud bash

--- a/nextcloud/docker-compose.local.yml
+++ b/nextcloud/docker-compose.local.yml
@ -0,0 +1,6 @@
+version: "3.8"
+
+services:
+  nextcloud-web:
+    ports:
+      - ${LOCAL_PORT:-80}:80
--- a/nextcloud/docker-compose.smtp.yml
+++ b/nextcloud/docker-compose.smtp.yml
@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+  nextcloud-fpm:
+    environment:
+      SMTP_HOST: ${SMTP_HOST?err} # The hostname of the SMTP server.
+      SMTP_SECURE: ${SMTP_SECURE:-ssl} # Set to ssl to use SSL, or tls to use STARTTLS.
+      SMTP_PORT: ${SMTP_PORT:-465}
+      SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
+      SMTP_NAME: ${SMTP_NAME?err}
+      SMTP_PASSWORD: ${SMTP_PASSWORD?err}
+      MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
+      MAIL_DOMAIN: ${MAIL_DOMAIN}
--- a/nextcloud/docker-compose.traefik.yml
+++ b/nextcloud/docker-compose.traefik.yml
@ -0,0 +1,18 @@
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  nextcloud-web:
+    environment:
+      TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -1,98 +1,60 @@
 version: "3.8"

-networks:
-  default:
-    name: ${TRAEFIK_NETWORK_NAME}
-
 volumes:
  nextcloud:
-    name: ${NEXTCLOUD_VOLUME_NAME}
-  nextcloud-postgres:
-    name: ${POSTGRES_VOLUME_NAME}
+    name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}

 services:
+  nextcloud-fpm:
+    container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
+    image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
+    restart: always
+    depends_on:
+      - postgres
+      - redis
+    volumes:
+      - nextcloud:/var/www/html
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
+      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
+      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
+      OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
+      PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
+      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+      POSTGRES_USER: ${POSTGRES_USER:?err}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
+      POSTGRES_DB: ${POSTGRES_DB:?err}
+      REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
+      PUID: ${NEXTCLOUD_PUID:-1000}
+      PGID: ${NEXTCLOUD_PGID:-1000}

  nextcloud-web:
-    container_name: nextcloud-web
-    build: ./web
+    container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
+    build: web
    restart: always
+    environment:
+      NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
+      PUID: ${NEXTCLOUD_PUID:-1000}
+      PGID: ${NEXTCLOUD_PGID:-1000}
    depends_on:
      - nextcloud-fpm
    volumes:
      - nextcloud:/var/www/html
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
-      traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
-      traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
-      traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
-      traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
-      traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
-
-  nextcloud-fpm:
-    container_name: nextcloud-fpm
-    image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
-    restart: always
-    hostname: ${NEXTCLOUD_DOMAIN}
-    depends_on:
-      - nextcloud-postgres
-      - nextcloud-redis
-    volumes:
-      - nextcloud:/var/www/html
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
-      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
-      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
-      OVERWRITEPROTOCOL: 'https'
-      APACHE_DISABLE_REWRITE_IP: '1'
-      TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
-      OVERWRITEPROTOCOL: 'https'
-      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
-      POSTGRES_DB: ${POSTGRES_DB}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_USER: ${POSTGRES_USER}
-      REDIS_HOST: 'nextcloud-redis'
-      PUID: 1001
-      PGID: 119
-
-  nextcloud-postgres:
-    container_name: ${POSTGRES_CONTAINER_NAME}
-    image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
-    restart: always
-    environment:
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_DB: ${POSTGRES_DB}
-      PUID: 1001
-      PGID: 119
-    volumes:
-      - nextcloud-postgres:/var/lib/postgresql/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-
-  nextcloud-redis:
-    image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
-    container_name: nextcloud-redis
-    restart: always
-    environment:
-      PUID: 1001
-      PGID: 119
-    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

  nextcloud-cron:
-    image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
-    container_name: nextcloud-cron
+    image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine}
+    container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
    restart: always
    depends_on:
      - nextcloud-web
    entrypoint: /cron.sh
    environment:
-      PUID: 1001
-      PGID: 119
+      PUID: ${NEXTCLOUD_PUID:-1000}
+      PGID: ${NEXTCLOUD_PGID:-1000}
    volumes:
      - nextcloud:/var/www/html
      - /etc/timezone:/etc/timezone:ro
--- a/nextcloud/web/Dockerfile
+++ b/nextcloud/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx:1.21.1-alpine
+FROM nginx:1.21.5-alpine

-COPY nginx.conf /etc/nginx/nginx.conf
+COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template
--- a/nextcloud/web/nextcloud.conf.template
+++ b/nextcloud/web/nextcloud.conf.template
@ -0,0 +1,145 @@
+upstream php-handler {
+    server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
+}
+
+server {
+    listen 80;
+
+    # Add headers to serve security related headers
+    # Before enabling Strict-Transport-Security headers please read into this
+    # topic first.
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    #
+    # WARNING: Only add the preload option once you read about
+    # the consequences in https://hstspreload.org/. This option
+    # will add the domain to a hardcoded list that is shipped
+    # in all major browsers and getting removed from this list
+    # could take several months.
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "none" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Path to the root of your installation
+    root /var/www/html;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+    # The following rule is only needed for the Social app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+
+    location = /.well-known/carddav {
+        return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+
+    # location /nginx_status {
+    #     stub_status;
+    #     allow 192.168.1.0/24;	#only allow requests from local network
+    #     deny all;		#deny all other hosts
+    # }
+
+    # set max upload size
+    client_max_body_size 10G;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php;
+    }
+
+    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+        deny all;
+    }
+    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        set $path_info $fastcgi_path_info;
+        try_files $fastcgi_script_name =404;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        # fastcgi_param HTTPS on;
+
+        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+
+        # Enable pretty urls
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js, css and map files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        #
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
+        try_files $uri /index.php$request_uri;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+}
--- a/nextcloud/web/nginx.conf
+++ b/nextcloud/web/nginx.conf
@ -1,174 +0,0 @@
-worker_processes auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    upstream php-handler {
-        server nextcloud-fpm:9000;
-    }
-
-    server {
-        listen 80;
-
-        # Add headers to serve security related headers
-        # Before enabling Strict-Transport-Security headers please read into this
-        # topic first.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        add_header Referrer-Policy "no-referrer" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Download-Options "noopen" always;
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies "none" always;
-        add_header X-Robots-Tag "none" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-
-        # Remove X-Powered-By, which is an information leak
-        fastcgi_hide_header X-Powered-By;
-
-        # Path to the root of your installation
-        root /var/www/html;
-
-        location = /robots.txt {
-            allow all;
-            log_not_found off;
-            access_log off;
-        }
-
-        # The following 2 rules are only needed for the user_webfinger app.
-        # Uncomment it if you're planning to use this app.
-        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-
-        # The following rule is only needed for the Social app.
-        # Uncomment it if you're planning to use this app.
-        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-
-        location = /.well-known/carddav {
-            return 301 $scheme://$host:$server_port/remote.php/dav;
-        }
-
-        location = /.well-known/caldav {
-            return 301 $scheme://$host:$server_port/remote.php/dav;
-        }
-
-        # location /nginx_status {
-        #     stub_status;
-        #     allow 192.168.1.0/24;	#only allow requests from local network
-        #     deny all;		#deny all other hosts	
-        # }
-
-        # set max upload size
-        client_max_body_size 10G;
-        fastcgi_buffers 64 4K;
-
-        # Enable gzip but do not remove ETag headers
-        gzip on;
-        gzip_vary on;
-        gzip_comp_level 4;
-        gzip_min_length 256;
-        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-
-        # Uncomment if your server is build with the ngx_pagespeed module
-        # This module is currently not supported.
-        #pagespeed off;
-
-        location / {
-            rewrite ^ /index.php;
-        }
-
-        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
-            deny all;
-        }
-        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
-            deny all;
-        }
-
-        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
-            set $path_info $fastcgi_path_info;
-            try_files $fastcgi_script_name =404;
-            include fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $path_info;
-            # fastcgi_param HTTPS on;
-
-            # Avoid sending the security headers twice
-            fastcgi_param modHeadersAvailable true;
-
-            # Enable pretty urls
-            fastcgi_param front_controller_active true;
-            fastcgi_pass php-handler;
-            fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
-        }
-
-        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
-            try_files $uri/ =404;
-            index index.php;
-        }
-
-        # Adding the cache control header for js, css and map files
-        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463";
-            # Add headers to serve security related headers (It is intended to
-            # have those duplicated to the ones above)
-            # Before enabling Strict-Transport-Security headers please read into
-            # this topic first.
-            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-            #
-            # WARNING: Only add the preload option once you read about
-            # the consequences in https://hstspreload.org/. This option
-            # will add the domain to a hardcoded list that is shipped
-            # in all major browsers and getting removed from this list
-            # could take several months.
-            add_header Referrer-Policy "no-referrer" always;
-            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Download-Options "noopen" always;
-            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies "none" always;
-            add_header X-Robots-Tag "none" always;
-            add_header X-XSS-Protection "1; mode=block" always;
-
-            # Optional: Don't log access to assets
-            access_log off;
-        }
-
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
-            try_files $uri /index.php$request_uri;
-            # Optional: Don't log access to other assets
-            access_log off;
-        }
-    }
-}
--- a/postgres/docker-compose.yml
+++ b/postgres/docker-compose.yml
@ -7,12 +7,14 @@ volumes:
 services:
  postgres:
    container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
-    image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
+    image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3}
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER:?err}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
      POSTGRES_DB: ${POSTGRES_DB:?err}
+      PUID: ${POSTGRES_PUID:-1000}
+      PGID: ${POSTGRES_PGID:-1000}
    volumes:
      - postgres:/var/lib/postgresql/data
      - /etc/timezone:/etc/timezone:ro
--- a/prometheus/.env
+++ b/prometheus/.env
@ -0,0 +1,21 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=..
+COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
+#COMPOSE_PROJECT_NAME=
+
+############
+# PROMETHEUS
+
+#PROMETHEUS_IMAGE=
+PROMETHEUS_DOMAIN=prometheus.cool.life
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=
+#TRAEFIK_ENTRYPOINTS=
--- a/prometheus/Dockerfile
+++ b/prometheus/Dockerfile
@ -0,0 +1,3 @@
+ARG PROMETHEUS_IMAGE
+FROM $PROMETHEUS_IMAGE
+ADD prometheus.yml /etc/prometheus/
--- a/prometheus/README.md
+++ b/prometheus/README.md
@ -0,0 +1,16 @@
+# Prometheus
+
+> Prometheus est un logiciel libre de surveillance informatique et générateur d'alertes. Il enregistre des métriques en temps réel dans une base de données de séries temporelles (avec une capacité d'acquisition élevée) en se basant sur le contenu de point d'entrée exposé à l'aide du protocole HTTP.
+>
+>  -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Prometheus_(logiciel))</cite>
+
+## 🔧 Configuration
+
+Pour configurer le service il faut ajouter un fichier prometheus.yml décrivant votre configuration. Vous retrouverz toutes les informations sur la page de [documentation officielle](https://prometheus.io/docs/prometheus/latest/configuration/configuration/).
+
+## 🔗 Liens
+
+- [Site officiel](https://prometheus.io/)
+- [La documentation](https://prometheus.io/docs/)
+- [Github](https://github.com/prometheus/prometheus)
+- [L'image Docker sur Docker Hub](https://hub.docker.com/r/prom/prometheus)
--- a/prometheus/docker-compose.traefik.yml
+++ b/prometheus/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME:-traefik}
+
+services:
+  prometheus:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.rule=Host(`${PROMETHEUS_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/prometheus/docker-compose.yml
+++ b/prometheus/docker-compose.yml
@ -0,0 +1,18 @@
+---
+
+version: '3.8'
+
+volumes:
+  prometheus:
+    name: ${PROMETHEUS_VOLUME_NAME:-prometheus}
+
+services:
+  prometheus:
+    container_name: ${PROMETHEUS_CONTAINER_NAME:-prometheus}
+    build:
+      context: .
+      args:
+        PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
+    volumes:
+      - prometheus:/prometheus
+    restart: always
--- a/prometheus/node-exporter/docker-compose.yml
+++ b/prometheus/node-exporter/docker-compose.yml
@ -1,16 +0,0 @@
---
-version: '3.8'
-
-services:
-  node_exporter:
-    image: ${NODE_EXPORTER_IMAGE:-quay.io/prometheus/node-exporter:v1.2.0}
-    container_name: node_exporter
-    command:
-      - '--path.rootfs=/host --collector.textfile.directory=/host/var/lib/node_exporter/textfile_collector'
-    network_mode: host
-    pid: host
-    restart: unless-stopped
-    expose:
-      - 9100
-    volumes:
-      - '/:/host:ro,rslave'
--- a/redis/docker-compose.yml
+++ b/redis/docker-compose.yml
@ -2,7 +2,7 @@ version: "3.8"

 services:
  redis:
-    image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
+    image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d}
    container_name: ${REDIS_CONTAINER_NAME:-redis}
    restart: always
    environment:
--- a/registry/.env
+++ b/registry/.env
@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart

 ## REGISTRY

-REGISTRY_IMAGE=registry:2.7.1
+#REGISTRY_IMAGE=
 REGISTRY_CUSTOM_IMAGE=custom/registry
 REGISTRY_DOMAIN=registry.cool.life
 REGISTRY_VOLUME_NAME=registry
--- a/registry/docker-compose.yml
+++ b/registry/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  registry:
    container_name: ${REGISTRY_CONTAINER_NAME}
-    image: ${REGISTRY_IMAGE}
+    image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97}
    restart: always
    environment:
      REGISTRY_AUTH: htpasswd
--- a/traefik/docker-compose.ovh.yml
+++ b/traefik/docker-compose.ovh.yml
@ -0,0 +1,17 @@
+version: "3.8"
+
+services:
+  traefik:
+    environment:
+      OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
+      OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
+      OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
+      OVH_ENDPOINT: ${OVH_ENDPOINT:-ovh-eu}
+      OVH_POLLING_INTERVAL: ${OVH_POLLING_INTERVAL:-30}
+      OVH_PROPAGATION_TIMEOUT: ${OVH_PROPAGATION_TIMEOUT:-3600}
+    command:
+      - --certificatesResolvers.ovh.acme.dnsChallenge=true
+      - --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
+      # - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
+      - --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}
--- a/traefik/docker-compose.redirect.yml
+++ b/traefik/docker-compose.redirect.yml
@ -0,0 +1,14 @@
+version: "3.8"
+
+services:
+  traefik:
+    command:
+      # Redirection HTTP to HTTPS
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      # Redirection to remove www.
+      traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
+      traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
+      traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
+      traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'
--- a/traefik/docker-compose.secure.yml
+++ b/traefik/docker-compose.secure.yml
@ -0,0 +1,26 @@
+version: "3.8"
+
+networks:
+  default:
+    driver: bridge
+
+services:
+  traefik:
+    ports:
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+    command:
+      - --providers.file.filename=/traefik/dynamic_conf.toml
+
+      - --entrypoints.websecure.address=:443
+
+      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
+      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
+      - --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
+      - --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
+    labels:
+        traefik.http.routers.traefik.entrypoints: 'websecure'
+        traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
+        traefik.http.routers.traefik.priority: '2000'
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -11,11 +11,11 @@ networks:
 services:
  traefik:
    container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
-    image: ${TRAEFIK_IMAGE:-traefik:v2.5.2}
+    image: ${TRAEFIK_IMAGE:-traefik:v2.6.0@sha256:b22bd53ef626cf3667390c3e3651936b08f9c0c9107e3a6faf02e6dc06b3e0c0}
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-      - ${TRAEFIK_VOLUME_NAME:-traefik}:/traefik
+      - traefik:/traefik
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
@ -24,25 +24,26 @@ services:
        protocol: tcp
        mode: host
    networks:
-      - ${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik
    command:
-      - --api.insecure=true
-      - --log.level=INFO
-      - --global.sendanonymoususage=false
-      - --global.checknewversion=false
-      - --pilot.dashboard=false
-      - --metrics.prometheus=true
+      - --api.insecure=${TRAEFIK_API_INSECURE:-true}
+      - --log.level=${TRAEFIK_LOG_LEVEL:-INFO}
+      - --global.sendanonymoususage=${TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:-false}
+      - --global.checknewversion=${TRAEFIK_GLOBAL_CHECKNEWVERSION:-false}
+      - --pilot.dashboard=${TRAEFIK_PILOT_DASHBOARD:-false}
+      - --metrics.prometheus=${TRAEFIK_METRICS_PROMETHEUS:-true}
+      - --accesslog=${TRAEFIK_ACCESSLOG:-false}

      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}

-      - --entrypoints.web.address=:80
-      - --entryPoints.web.forwardedHeaders.insecure
+      - --entryPoints.traefik.address=:8080
+
+      - --entrypoints.${TRAEFIK_ENTRYPOINTS:-web}.address=:80
+      - --entryPoints.${TRAEFIK_ENTRYPOINTS:-web}.forwardedHeaders.insecure
    labels:
-      traefik.enable: 'true'
-
-      traefik.http.routers.traefik.rule: 'Host(`${TRAEFIK_DOMAIN:?err}`)'
-      traefik.http.routers.traefik.entrypoints: 'web'
-
-      traefik.http.services.traefik.loadbalancer.server.port: '8080'
+      - traefik.enable=true
+      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:?err}`)
+      - traefik.http.routers.traefik.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      - traefik.http.services.traefik.loadbalancer.server.port=8080
--- a/watchtower/.env
+++ b/watchtower/.env
@ -1,5 +1,5 @@
 WATCHTOWER_CONTAINER_NAME=watchtower
-WATCHTOWER_IMAGE=containrrr/watchtower:1.0.3
+#WATCHTOWER_IMAGE=
 REGISTRY_DOMAIN=registry.cool.life
 REGISTRY_USER=kosssi
 REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O
--- a/watchtower/docker-compose.yml
+++ b/watchtower/docker-compose.yml
@ -3,7 +3,7 @@ version: '3.8'
 services:
  watchtower:
    container_name: ${WATCHTOWER_CONTAINER_NAME}
-    image: ${WATCHTOWER_IMAGE}
+    image: ${WATCHTOWER_IMAGE:-containrrr/watchtower:1.4.0@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3}
    restart: always
    command: -i 60 --label-enable --cleanup --debug
    # --debug
Author	SHA1	Message	Date
Simon C	e6eb845efa	feat(Matomo): Add service	2022-02-15 00:05:58 +01:00
Simon C	882eda9f45	feat(MariaDB): Add new service	2022-02-15 00:00:30 +01:00
Simon C	c4735acbc5	chore(Nextcloud): Upgrade to 23.0.0 https://nextcloud.com/changelog/#latest23	2022-02-14 10:31:18 +01:00
Simon C	9f9948950c	feat(Docker): Add all sha256 on services	2022-02-14 10:18:03 +01:00
Simon C	b0a72c954c	chore(Watchtower): Upgrade to 1.4.0 https://github.com/containrrr/watchtower/releases/tag/v1.4.0	2022-02-14 10:18:03 +01:00
Simon C	60394b5c9d	chore(Registry): Upgrade to 2.8.0 https://github.com/distribution/distribution/releases/tag/v2.8.0	2022-02-14 10:18:03 +01:00
Simon C	7992eb4ffa	chore(Prometheus): Upgrade to 2.33.3 https://github.com/prometheus/prometheus/releases/tag/v2.33.3	2022-02-14 10:18:03 +01:00
Simon C	6bed3d6aa2	chore(Postgres): Upgrade to 14.2 https://www.postgresql.org/docs/release/14.2/	2022-02-14 10:18:03 +01:00
Simon C	fe99e604d7	chore(Grafana): Upgrade to 8.3.6 https://github.com/grafana/grafana/releases/tag/v8.3.6	2022-02-14 10:18:03 +01:00
Simon C	31935e4acf	chore(Gitea): Upgrade to 1.16.1 https://github.com/go-gitea/gitea/releases/tag/v1.16.1	2022-02-14 10:18:03 +01:00
Simon	3109e64b6d	Merge pull request 'upgrade' (#25 ) from upgrade into main ## Détails - Mise à jour de : - Directus en [9.5.1](https://github.com/directus/directus/releases/tag/v9.5.1) - Grafana en [8.3.4](https://github.com/grafana/grafana/releases/tag/v8.3.4) - Prometheus en [2.33.1](https://github.com/prometheus/prometheus/releases/tag/v2.33.1) - Traefik en [2.6.0](https://github.com/traefik/traefik/releases/tag/v2.6.0) - Drone en [2.9.1](https://github.com/harness/drone/blob/master/CHANGELOG.md) - fix une typo - Mise à jour de la documentation ## Pourquoi - Pour avoir les derniers fix de sécurité - RésiLien n'a qu'une seul écriture :D - Pour afficher vraiment tous les services ## Liens - [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374) Reviewed-on: https://git.weko.io/resilien/services/pulls/25 Reviewed-by: killian <developer@killiankemps.fr>	2022-02-09 21:00:53 +01:00
Simon C	d6671e5f1b	docs: Update services	2022-02-09 17:57:03 +01:00
Simon C	7f4140dea6	typo: Résilien to RésiLien	2022-02-09 17:30:15 +01:00
Simon C	478fbac2be	chore(Directus): Upgrade to 9.5.1 https://github.com/directus/directus/releases/tag/v9.5.1	2022-02-07 10:33:27 +01:00
Simon C	55430b3e8f	chore(Grafana): Upgrade to 8.3.4 https://github.com/grafana/grafana/releases/tag/v8.3.4	2022-02-07 10:27:59 +01:00
Simon C	23c932580f	chore(Prometheus): Upgrade to 2.33.1 https://github.com/prometheus/prometheus/releases/tag/v2.33.1	2022-02-07 10:24:01 +01:00
Simon C	d75ffc2ad6	chore(Traefik): Upgrade to 2.6.0 https://github.com/traefik/traefik/releases/tag/v2.6.0	2022-02-07 10:21:25 +01:00
Simon C	c68c7ab749	chore(Drone): Upgrade to 2.9.1 https://github.com/harness/drone/blob/master/CHANGELOG.md	2022-02-07 10:21:25 +01:00
Simon	1b77dbfa48	Merge pull request 'fix(Postgres): Add container name or postgres by default on postgres host' (#23 ) from postgres into main ## Détails - Homogénéisation de la déclaration des _host_ Postgres ## Pourquoi - Pour harmoniser notre code et surtout éviter des erreurs (par exemple pour Gitea on ne pouvait actuellement héberger seulement un seul Gitea sur un même serveur). ## Liens - [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/348) Reviewed-on: https://git.weko.io/resilien/services/pulls/23 Reviewed-by: killian <developer@killiankemps.fr>	2022-01-27 00:23:49 +01:00
Simon C	e301bb6b64	fix(Postgres): Add container name or postgres by default on postgres host	2022-01-27 00:23:22 +01:00
Simon	5e2338036e	Merge pull request 'docs: Update documentation' (#24 ) from add_docs into main Reviewed-on: https://git.weko.io/resilien/services/pulls/24	2022-01-26 11:26:48 +01:00
Simon C	34e08f9183	docs: Update documentation	2022-01-26 10:59:42 +01:00
Simon	cb5d8cf5ff	Merge pull request 'feat(Drone): Add more configuration and split it' (#22 ) from drone into main ## Détails - intégration d'option pour l'utilisation de Drone - séparation des docker-compose en plusieurs fichiers ## Pourquoi - Pour permettre une configuration plus avancé de Drone - Pour nous permettre d'intégrer facilement Drone avec les options que l'on veut Reviewed-on: https://git.weko.io/resilien/services/pulls/22 Reviewed-by: killian <developer@killiankemps.fr>	2022-01-26 10:54:06 +01:00
Simon C	567349390c	feat(Drone): Add more configuration and split it	2022-01-26 10:53:11 +01:00
Simon	87554f4ada	Merge pull request 'Mise à jour des services' (#21 ) from upgrade into main ## Détails Mise à jour de l'ensemble des services ## Pourquoi Pour être à jour au niveau des applications Reviewed-on: https://git.weko.io/resilien/services/pulls/21 Reviewed-by: killian <developer@killiankemps.fr>	2022-01-11 23:13:50 +01:00
Simon C	d23ab55885	chore(Directus): Upgrade to 9.4.3 https://github.com/directus/directus/releases/tag/v9.4.3	2022-01-11 23:12:56 +01:00
Simon	08d6448897	Merge pull request 'feat(Mobilizon): Add default port' (#20 ) from mobilizon into main ## Détails - ajout du port par défaut dans le fichier `mobilizon/docker-compose.yml` - mise à jour du port dans le fichier `mobilizon/docker-compose.local.yml` utile surtout pour des tests locaux ## Pourquoi Pour permettre d'éviter une configuration dans notre infrastructure et d'utiliser la valeur par défaut. ## Liens - [Ticket](https://tree.taiga.io/project/killiankemps-resilien/task/256) - [Voir la demande d'ajout coté infra](https://git.weko.io/resilien/infra/pulls/68/files#issuecomment-970) Reviewed-on: https://git.weko.io/resilien/services/pulls/20 Reviewed-by: killian <developer@killiankemps.fr>	2022-01-11 22:57:20 +01:00
Simon C	26842cadd3	docs(Mobilizon): Mise à jour de la documentation	2022-01-10 10:52:17 +01:00
Simon C	80250b899b	feat(Mobilizon): Add default port	2022-01-10 10:51:49 +01:00
Simon C	2c9b9257f9	feat(Mobilizon): Add new service	2022-01-05 00:41:26 +01:00
Simon	bb99235ccc	Merge pull request 'Modifications des hosts avec le nom des conteneurs' (#19 ) from fix_hosts into main ## Détails - Mise à jour des hosts dans docker compose - Mise à jour du reverse proxy Nginx pour utiliser la variable - Mise à jour de Nginx ## Pourquoi - Pour utiliser le nom des containers comme addresse et non le nom des services déclarés dans docker compose sinon il peut y avoir des problèmes de communications entre les conteneurs - La configuration du reverse proxy Nginx doit connaitre l'adresse du conteneur FPM pour rediriger les requêtes. Nginx met à disposition un système de template utilisant les variables d'environnement comme subtitution avec l'outil `envsubst`. - Pour rester à jour Reviewed-on: https://git.weko.io/resilien/services/pulls/19	2022-01-03 18:19:00 +01:00
Simon C	97f12a40bb	chore(Nginx): Upgrade to 1.21.5 http://nginx.org/en/CHANGES	2022-01-03 18:01:02 +01:00
Simon C	dc1e627330	feat(Nextcloud): Nginx configuration use envsubst to use variable on Nextcloud fpm	2022-01-03 17:57:35 +01:00
Simon C	afa9b3a997	fix(Nextcloud): Update default host on postgres and redis	2022-01-03 14:42:34 +01:00
Simon	862a5f5228	Merge pull request 'feat(Directus): Split configuration and add SMTP variable' (#18 ) from directus into main Reviewed-on: https://git.weko.io/resilien/services/pulls/18	2022-01-03 09:43:24 +01:00
Simon C	23f2bf72df	feat(Directus): Split configuration and add SMTP variable	2021-12-31 13:50:22 +01:00
Simon C	c3b9f78ef6	feat(Node-Exporter): Remove this service We don't use it, so I prefer remove it on this repository	2021-12-29 15:33:08 +01:00
Simon C	e376de5443	feat(Prometheus): Add new service	2021-12-29 15:16:33 +01:00
Simon C	3d61fa584d	fix(Grafana): Remove unnecessary char $	2021-12-29 14:55:06 +01:00
Simon C	b571aa1ecd	chore(Directus): Upgrade to 9.4.0 https://github.com/directus/directus/releases/tag/v9.4.0	2021-12-28 17:42:12 +01:00
Simon C	c5b4223bbb	docs(HedgeDoc): Add documentation to debug	2021-12-28 15:47:17 +01:00
Simon C	132fb026c5	chore(HedgeDoc): Upgrade to 1.9.2 https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.2	2021-12-28 15:46:56 +01:00
Simon C	bcb8aa8a2d	chore(Grafana): Upgrade to 8.3.3 https://github.com/grafana/grafana/releases/tag/v8.3.3	2021-12-28 15:17:10 +01:00
Simon C	126a4e2048	chore(Traefik): Upgrade to 2.5.6 https://github.com/traefik/traefik/releases/tag/v2.5.6	2021-12-28 15:13:13 +01:00
Simon	9f37a9695b	Merge pull request 'Mise à jour de Grafana + ajout de variables de configuration' (#17 ) from grafana into main Reviewed-on: https://git.weko.io/resilien/services/pulls/17	2021-12-13 16:59:01 +01:00
Simon C	68d529fa21	feat(Grafana): Add more configuration variable - [GF_ANALYTICS_CHECK_FOR_UPDATES](https://grafana.com/docs/grafana/latest/administration/configuration/#check_for_updates) dans la doc la variable est à true par défaut, chez nous j'ai décidé de le mettre à _false_ pour éviter des requêtes toutes les 10 minutes... - [GF_ANALYTICS_REPORTING_ENABLED](https://grafana.com/docs/grafana/latest/administration/configuration/#reporting_enabled) parreil sauf que c'est toutes les 24h - [GF_SERVER_PROTOCOL](https://grafana.com/docs/grafana/latest/administration/configuration/#protocol) pour mettre en HTTPS facilement	2021-12-13 16:54:18 +01:00
Simon C	5ae74fc856	chore(Grafana): Upgrade to 8.3.2 https://github.com/grafana/grafana/releases/tag/v8.3.2	2021-12-13 16:43:39 +01:00
killian	84927499f6	Merge pull request 'fix(traefik): Fix YAML mapping' (#15 ) from fix-traefik into main Reviewed-on: https://git.weko.io/resilien/services/pulls/15	2021-12-10 11:55:32 +01:00
Killian Kemps	d5e3a4ff7a	fix(traefik): Fix YAML mapping	2021-12-09 17:56:07 +01:00
Simon	c6821a547f	Merge pull request 'Configuration de Grafana' (#14 ) from grafana into main Reviewed-on: https://git.weko.io/resilien/services/pulls/14	2021-11-28 15:49:26 +01:00
Simon C	754f2f7834	docs(Grafana): Add documentation	2021-11-26 16:52:57 +01:00
Simon C	43c38a6b97	feat(Grafana): Update default variable	2021-11-26 16:47:15 +01:00
Simon C	d69c601067	feat(Grafana): Add SMTP configuration	2021-11-26 16:41:02 +01:00
Simon C	084bbd4168	feat(Grafana): Add redis configuration	2021-11-26 16:39:47 +01:00
Simon C	fc20ec584d	feat(Grafana): Add postgres configuration	2021-11-26 16:39:10 +01:00
Simon C	ab9d57f9a2	feat(Grafana): Add more configuration	2021-11-26 16:36:37 +01:00
Simon C	f45b6eb13f	feat(Grafana): Splite traefik configuration	2021-11-26 16:36:03 +01:00
Simon C	2e99315fbc	chore(Grafana) Upgrade to 8.2.5 https://github.com/grafana/grafana/releases/tag/v8.2.5	2021-11-26 16:33:58 +01:00
Simon	012823e1a3	Merge pull request 'fix(Nextcloud): Remove volume_from it's not valide on docker compose file v3' (#13 ) from nextcloud into main Reviewed-on: https://git.weko.io/resilien/services/pulls/13	2021-11-24 18:03:18 +01:00
Simon C	3d6d254f21	fix(Nextcloud): Remove volume_from it's not valide on docker compose file v3 see https://stackoverflow.com/questions/45494746/docker-compose-volumes-from-usage-example	2021-11-24 18:01:40 +01:00
Simon	f705596bce	Merge pull request 'feat(Nextcloud): Add configuration to PHP_UPLOAD_LIMIT' (#12 ) from nextcloud into main Reviewed-on: https://git.weko.io/resilien/services/pulls/12	2021-11-24 17:18:03 +01:00
Simon C	70aab13358	feat(Nextcloud): Add configuration to PHP_UPLOAD_LIMIT see documentation https://github.com/nextcloud/docker	2021-11-24 17:17:28 +01:00
Simon	a364dce66c	Merge pull request 'fix(Traefik): Remove variable for traefik router name' (#11 ) from traefik into main Reviewed-on: https://git.weko.io/resilien/services/pulls/11	2021-11-24 16:51:53 +01:00
Simon C	563ce1ed90	fix(Traefik): Remove variable for traefik router name	2021-11-24 16:49:51 +01:00
Simon	514ba4bd42	Merge pull request 'Mise à jour de Traefik' (#10 ) from traefik into main Reviewed-on: https://git.weko.io/resilien/services/pulls/10	2021-11-24 16:38:02 +01:00
Simon C	57283af5af	feat(Traefik): Add variable to configure traefik entrypoints name	2021-11-24 16:31:28 +01:00
Simon C	185dc32625	feat(Traefik): Add variable to configure traefik router name	2021-11-24 16:31:28 +01:00
Simon C	b40f9ddde2	refactor(Traefik): Change syntax to accept variable	2021-11-24 16:31:28 +01:00
Simon C	5bf6a8630c	chore(Traefik): Upgrade to 2.5.4 https://github.com/traefik/traefik/releases/tag/v2.5.4	2021-11-24 16:31:28 +01:00
Simon	e6ac037b11	Merge pull request 'feat(Nextcloud): Update docker-compose to add more configuration' (#9 ) from nextcloud into main Reviewed-on: https://git.weko.io/resilien/services/pulls/9	2021-11-24 15:13:55 +01:00
Simon C	a231c5c1cf	feat(Nextcloud): Update docker-compose to add more configuration _Détails - Mise à jour de l'image docker nextcloud - Mise à jour de l'image nginx - Ajout d'une configuration spécifique Traefik séparé - Ajout d'une configuration spécifique SMTP séparé - Ajout d'une configuration spécifique pour lancer le container localemement - Ajout de 2 variables pour configurer spécifiquement un PUID et PGID - Suppression de la configuration Postgres spécifique pour utiliser le docker-compose généric - Suppression de la configuration Redis spécifique pour utiliser le docker-compose généric _Pourquoi - Pour permettre une meilleure intégration dans l'infrastructure RésiLien	2021-11-24 10:56:43 +01:00
Simon	23c1af409a	Merge pull request 'Mise à jour de Postgres + configuration' (#8 ) from postgres into main Reviewed-on: https://git.weko.io/resilien/services/pulls/8	2021-11-24 09:21:44 +01:00
Simon C	04388d48f0	feat(Postgres): Add configuration of PUID and PGID	2021-11-23 22:30:09 +01:00
Simon C	9793ae506d	chore(Postgres): Upgrade to 14.1 https://www.postgresql.org/docs/release/14.1/	2021-11-23 22:05:46 +01:00
Simon	6ffd081de2	Merge pull request 'Ajout de documentation et de configuration pour Gitea' (#7 ) from gitea into main Reviewed-on: https://git.weko.io/resilien/services/pulls/7	2021-11-16 14:24:26 +01:00
Simon C	94c96bbd7d	feat(Gitea): Add configuration to enable smtp https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables https://docs.gitea.io/en-us/email-setup/	2021-11-16 12:56:24 +01:00
Simon C	5ecaffdfa2	feat(Gitea): Add configuration to enable prometheus metrics https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics	2021-11-16 12:51:01 +01:00
Simon C	8c802e3aa6	docs(Gitea): Add documentation to configure gitea with environment variables	2021-11-16 12:49:34 +01:00
Simon	bed39a6286	Merge pull request 'feat(traefik_lb): Add a Traefik LB configuration' (#6 ) from traefik-lb into main Reviewed-on: https://git.weko.io/resilien/services/pulls/6	2021-11-15 10:07:31 +01:00
Simon C	3f3d0d92b1	feat(Traefik): Remove Traefik LB	2021-11-11 09:53:38 +01:00
Simon C	165d984b35	feat(Traefik): Add ovh, secure, redirect configuration	2021-11-11 09:53:00 +01:00
Simon C	39c2022925	feat(Traefik): Add accesslog configuration	2021-11-11 09:47:00 +01:00
Simon C	6822fa5788	feat(Traefik): Add variable to configure Traefik	2021-11-11 09:45:30 +01:00
Simon C	1b3604715a	feat(Traefik): Add explicite traefik entrypoint	2021-11-11 09:43:12 +01:00
Simon C	0de0b28958	fix(Traefik): Volume and network name	2021-11-11 09:37:33 +01:00
Killian Kemps	abd1dd06fc	feat(traefik_lb): Add a Traefik LB configuration	2021-11-03 12:23:09 +01:00
Simon C	9786534a2e	chore(Nextcloud): Upgrade to 22.2.0 https://nextcloud.com/changelog/#22-2-0	2021-10-25 10:50:40 +02:00
Simon C	80004a4460	chore(Redis): Upgrade to 6.2.6 [SECURITY] https://github.com/redis/redis/releases/tag/6.2.6	2021-10-25 10:42:42 +02:00
Simon C	8ee63ec4b2	chore(Grafana): Upgrade to 8.2.2 https://github.com/grafana/grafana/releases/tag/v8.2.2	2021-10-25 10:33:04 +02:00
Simon C	fd5e12a201	chore(Gitea): Upgrade to 1.15.5 https://github.com/go-gitea/gitea/releases/tag/v1.15.4 https://github.com/go-gitea/gitea/releases/tag/v1.15.5	2021-10-25 09:53:20 +02:00
killian	cd5366b34e	Merge pull request 'docs: Add more documentation' (#5 ) from docs into main Reviewed-on: https://git.weko.io/resilien/services/pulls/5	2021-10-23 16:07:16 +02:00
Killian Kemps	f14f2cafeb	style(doc): Fix some typos	2021-10-23 16:06:42 +02:00
Simon C	50f2b22523	docs: Add more documentation	2021-10-23 00:45:25 +02:00
Simon C	88af04b233	feat(Hedgedoc): Add configuration variables https://docs.hedgedoc.org/configuration/	2021-10-11 09:23:11 +02:00
Simon C	671d8e0d6d	feat(Hedgedoc): Add authentication variable https://docs.hedgedoc.org/configuration/	2021-10-11 09:09:57 +02:00
Simon C	d1b92e0a17	feat(Directus): Add variable for Traefik router name	2021-10-08 12:50:31 +02:00
Simon	6c4c387234	Merge pull request 'feat(Directus): Add new service' (#4 ) from directus into master Reviewed-on: https://git.weko.io/weko/services/pulls/4	2021-10-08 12:33:23 +02:00
Simon C	f204561f5f	feat(Directus): Add new service	2021-10-08 12:30:49 +02:00
Simon C	2fbb7ca0ca	chore(Gitea): Upgrade to 1.15.3 https://github.com/go-gitea/gitea/releases/tag/v1.15.3	2021-09-27 11:06:54 +02:00
Simon C	9f4327cae2	chore(Traefik): Upgrade to 2.5.3 https://github.com/traefik/traefik/releases/tag/v2.5.3	2021-09-27 10:54:56 +02:00
Simon C	0d52bdfd59	chore(Grafana): Upgrade to 8.1.5 https://github.com/grafana/grafana/releases/tag/v8.1.5	2021-09-27 10:43:16 +02:00
Simon C	c8f242428a	chore(Hedgedoc): Upgrade to 1.9.0 https://github.com/linuxserver/docker-hedgedoc/releases/tag/1.9.0-ls31	2021-09-27 10:27:14 +02:00
Simon C	b22d545ed6	fix(Hedgedoc): Backup uploaded files Environment variables take precedence over configurations from the config files, so don't backup it.	2021-09-15 22:38:23 +02:00