Compare commits
229 Commits
fix_hedged
...
vikunja
| Author | SHA1 | Date | |
|---|---|---|---|
| d4e525159e | |||
| 08f0f7ea20 | |||
| 9b8591caee | |||
| 4c2ebac4e7 | |||
| b516600e50 | |||
| c579565849 | |||
| a26e291396 | |||
| 6441551318 | |||
| d88b1829f1 | |||
| 6047ad6050 | |||
| 11f89a1c8c | |||
| 847bc2b014 | |||
| 2111829feb | |||
| 06d35b9c9a | |||
| 2ceca1c76a | |||
| 225015a5c9 | |||
| ab822795ad | |||
| f944ef4fe3 | |||
| b047319556 | |||
| 9078d9d04f | |||
| 0a99b3402c | |||
| 6d5884343e | |||
| 8162c6a81a | |||
| b803eedf8c | |||
| 61680c6e6e | |||
| 353c1bd812 | |||
| c5d761d229 | |||
| 72621b893d | |||
| fe0d4d6224 | |||
| b5ea07c70a | |||
| 0b41480815 | |||
| 0e06b651e8 | |||
| d7206c92de | |||
| 06f1e2910f | |||
| 2667aa22dd | |||
| b7862e8fe5 | |||
| 980ced43c4 | |||
| 45c731e31e | |||
| 573cd5a462 | |||
| 47d0a7eaa2 | |||
| 692a26ddff | |||
| e2d0a53db4 | |||
| 53ebc3f591 | |||
| 982c1322bc | |||
| 0483e4325e | |||
| 745d69aade | |||
| d5e61d35a5 | |||
| 8f5fcec3a9 | |||
| 0798bab099 | |||
| e8a022e7e3 | |||
| c8c945ad64 | |||
| ba29719ed1 | |||
| f598c06029 | |||
| de2a8eef46 | |||
| 6334a88085 | |||
| e3dcc0efd5 | |||
| 264688abf8 | |||
| 669866b44e | |||
| b54891ec38 | |||
| b3dce58f7b | |||
| 0198c030e9 | |||
| 2281c4337c | |||
| fd63036294 | |||
| 0af258dcae | |||
| f78676d3ee | |||
| 4e32136c26 | |||
| c68a73b55b | |||
| 4bf479d0e0 | |||
| 62334b2f85 | |||
| 250f015535 | |||
| c631f47ae1 | |||
| ea59336efb | |||
| 747d158f58 | |||
| 347ff1d19b | |||
| c9ef1d34a1 | |||
| ce43797716 | |||
| cae7eafbe0 | |||
| 6026bb7709 | |||
| 912fe146af | |||
| 01060abda6 | |||
| cfc0771bb5 | |||
| add83cd745 | |||
| efcd3891ba | |||
| d8414788ef | |||
| ec25f4b76f | |||
| 8da5cc41ed | |||
| 10337ac53c | |||
| ec4ae3a8b8 | |||
| 5b6ce7cfcd | |||
| 7498f63974 | |||
| 3a7e863d0c | |||
| 62a5159232 | |||
| 9d3175df69 | |||
| 7939150137 | |||
| db74e92291 | |||
| 8f1a45969d | |||
| c4248a6f97 | |||
| cfd8b5a2ce | |||
| 1cee679407 | |||
| 1f7e610297 | |||
| 1931adafa4 | |||
| 63246c442c | |||
| a60026a672 | |||
| 47ce108eb6 | |||
| a295e42fc5 | |||
| 768bf9b71d | |||
| 8e1cb72245 | |||
| d951d0c8f5 | |||
| 30fd1db0a3 | |||
| b8814b4391 | |||
| 361f9b7d69 | |||
| 903ba0283e | |||
| 7bc9788cd8 | |||
| 9cb520624f | |||
| 5d4d7ad7fb | |||
| 895623732f | |||
| 607e6c83c2 | |||
| 58e5685b4d | |||
| 0e1c155fbf | |||
| cf44901c1d | |||
| 557d35b9bf | |||
| af49fefe12 | |||
| 4f2ae331df | |||
| dbe1cd0f0e | |||
| ec62e7a14c | |||
| 248f2fc174 | |||
| ca15dfeca1 | |||
| fe99557d1b | |||
| c4735acbc5 | |||
| 9f9948950c | |||
| b0a72c954c | |||
| 60394b5c9d | |||
| 7992eb4ffa | |||
| 6bed3d6aa2 | |||
| fe99e604d7 | |||
| 31935e4acf | |||
| 3109e64b6d | |||
| d6671e5f1b | |||
| 7f4140dea6 | |||
| 478fbac2be | |||
| 55430b3e8f | |||
| 23c932580f | |||
| d75ffc2ad6 | |||
| c68c7ab749 | |||
| 1b77dbfa48 | |||
| e301bb6b64 | |||
| 5e2338036e | |||
| 34e08f9183 | |||
| cb5d8cf5ff | |||
| 567349390c | |||
| 87554f4ada | |||
| d23ab55885 | |||
| 08d6448897 | |||
| 26842cadd3 | |||
| 80250b899b | |||
| 2c9b9257f9 | |||
| bb99235ccc | |||
| 97f12a40bb | |||
| dc1e627330 | |||
| afa9b3a997 | |||
| 862a5f5228 | |||
| 23f2bf72df | |||
| c3b9f78ef6 | |||
| e376de5443 | |||
| 3d61fa584d | |||
| b571aa1ecd | |||
| c5b4223bbb | |||
| 132fb026c5 | |||
| bcb8aa8a2d | |||
| 126a4e2048 | |||
| 9f37a9695b | |||
| 68d529fa21 | |||
| 5ae74fc856 | |||
| 84927499f6 | |||
| d5e3a4ff7a | |||
| c6821a547f | |||
| 754f2f7834 | |||
| 43c38a6b97 | |||
| d69c601067 | |||
| 084bbd4168 | |||
| fc20ec584d | |||
| ab9d57f9a2 | |||
| f45b6eb13f | |||
| 2e99315fbc | |||
| 012823e1a3 | |||
| 3d6d254f21 | |||
| f705596bce | |||
| 70aab13358 | |||
| a364dce66c | |||
| 563ce1ed90 | |||
| 514ba4bd42 | |||
| 57283af5af | |||
| 185dc32625 | |||
| b40f9ddde2 | |||
| 5bf6a8630c | |||
| e6ac037b11 | |||
| a231c5c1cf | |||
| 23c1af409a | |||
| 04388d48f0 | |||
| 9793ae506d | |||
| 6ffd081de2 | |||
| 94c96bbd7d | |||
| 5ecaffdfa2 | |||
| 8c802e3aa6 | |||
| bed39a6286 | |||
| 3f3d0d92b1 | |||
| 165d984b35 | |||
| 39c2022925 | |||
| 6822fa5788 | |||
| 1b3604715a | |||
| 0de0b28958 | |||
| abd1dd06fc | |||
| 9786534a2e | |||
| 80004a4460 | |||
| 8ee63ec4b2 | |||
| fd5e12a201 | |||
| cd5366b34e | |||
| f14f2cafeb | |||
| 50f2b22523 | |||
| 88af04b233 | |||
| 671d8e0d6d | |||
| d1b92e0a17 | |||
| 6c4c387234 | |||
| f204561f5f | |||
| 2fbb7ca0ca | |||
| 9f4327cae2 | |||
| 0d52bdfd59 | |||
| c8f242428a | |||
| b22d545ed6 |
30
README.md
30
README.md
@ -1,28 +1,40 @@
|
||||
# Services
|
||||
|
||||
Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
|
||||
Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt.
|
||||
|
||||
## Liste des services
|
||||
|
||||
### Pour les utilisateurs
|
||||
|
||||
- [Directus](./directus) : Permet d'administrer une base de données
|
||||
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
|
||||
- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
|
||||
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
|
||||
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
|
||||
- [signaturepdf](./signaturepdf) : Logiciel WEB libre permettant de modifier un fichier PDF facilement
|
||||
- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
|
||||
- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
|
||||
- [Vikunja](./vikunja) : L'application pour organiser sa vie
|
||||
|
||||
### Pour les devs / ops
|
||||
|
||||
- [Drone](./drone) `en pause` : Un service d'intégration continue
|
||||
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
|
||||
- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
|
||||
- [Drone](./drone) : Un service d'intégration continue
|
||||
- [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
|
||||
- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
|
||||
- [Grafana](./grafana) : Un outil de supervision simple et élégant
|
||||
- [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification
|
||||
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
|
||||
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique
|
||||
- [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
|
||||
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
|
||||
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
|
||||
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
|
||||
- [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
|
||||
- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
|
||||
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
|
||||
|
||||
## Comment ça marche ?
|
||||
|
||||
Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
|
||||
Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples).
|
||||
|
||||
### Docker et Docker Compose
|
||||
|
||||
@ -35,9 +47,11 @@ Voici les commandes de base :
|
||||
|
||||
### ./run
|
||||
|
||||
> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
|
||||
|
||||
Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.
|
||||
|
||||
Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
|
||||
Vous pouvez lancer le script sans paramètres pour afficher la documentation du script.
|
||||
|
||||
## Documentation
|
||||
|
||||
@ -55,6 +69,8 @@ En haut de chaque script il y a `set -eu` qui veut dire :
|
||||
|
||||
## Tâches
|
||||
|
||||
> 🚧 Ses tâches ne sont pas à jour
|
||||
|
||||
Général :
|
||||
|
||||
- [ ] Mettre en place une rotation des logs
|
||||
|
||||
3
clickhouse/.env
Normal file
3
clickhouse/.env
Normal file
@ -0,0 +1,3 @@
|
||||
#CLICKHOUSE_VOLUME_NAME=
|
||||
#CLICKHOUSE_CONTAINER_NAME=
|
||||
#CLICKHOUSE_IMAGE=
|
||||
16
clickhouse/README.md
Normal file
16
clickhouse/README.md
Normal file
@ -0,0 +1,16 @@
|
||||
# ClickHouse
|
||||
|
||||
> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
|
||||
>
|
||||
> <cite>[Wikipédia][wikipedia]</cite>
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
|
||||
[site]: https://clickhouse.com/
|
||||
[source]: https://github.com/ClickHouse/ClickHouse
|
||||
[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server
|
||||
19
clickhouse/docker-compose.yml
Normal file
19
clickhouse/docker-compose.yml
Normal file
@ -0,0 +1,19 @@
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
clickhouse:
|
||||
name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
|
||||
|
||||
services:
|
||||
clickhouse:
|
||||
container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
|
||||
image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
|
||||
restart: always
|
||||
volumes:
|
||||
- clickhouse:/var/lib/clickhouse
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ulimits:
|
||||
nofile:
|
||||
soft: 262144
|
||||
hard: 262144
|
||||
56
directus/.env
Normal file
56
directus/.env
Normal file
@ -0,0 +1,56 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
##########
|
||||
# DIRECTUS
|
||||
#
|
||||
# see https://github.com/directus/directus/blob/main/api/example.env
|
||||
|
||||
DIRECTUS_CONTAINER_NAME=directus_cool_life
|
||||
DIRECTUS_DOMAIN=directus.cool.life
|
||||
DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
|
||||
DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
|
||||
DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
|
||||
DIRECTUS_ADMIN_EMAIL=admin@example.com
|
||||
DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
|
||||
|
||||
EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
|
||||
EMAIL_SMTP_HOST=mail.example.org
|
||||
#EMAIL_SMTP_PORT=
|
||||
EMAIL_SMTP_USER=user
|
||||
EMAIL_SMTP_PASSWORD=password
|
||||
#EMAIL_SMTP_SECURE=
|
||||
#EMAIL_SMTP_IGNORE_TLS=
|
||||
|
||||
# DIRECTUS_PUID=
|
||||
# DIRECTUS_PGID=
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=directus-postgres
|
||||
POSTGRES_VOLUME_NAME=directus-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
#REDIS_CONTAINER_NAME=
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
20
directus/README.md
Normal file
20
directus/README.md
Normal file
@ -0,0 +1,20 @@
|
||||
# Directus
|
||||
|
||||
> Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
|
||||
|
||||
## Configuration
|
||||
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
|
||||
|
||||
- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
- [Github][github]
|
||||
- [L'image Docker][docker]
|
||||
|
||||
[website]: https://directus.io/
|
||||
[docker]: https://hub.docker.com/r/directus/directus
|
||||
[github]: https://github.com/directus/directus/
|
||||
[documentation]: https://docs.directus.io/reference/environment-variables/
|
||||
10
directus/docker-compose.redis.yml
Normal file
10
directus/docker-compose.redis.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
directus:
|
||||
environment:
|
||||
CACHE_ENABLED: 'true'
|
||||
CACHE_STORE: 'redis'
|
||||
CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'
|
||||
15
directus/docker-compose.smtp.yml
Normal file
15
directus/docker-compose.smtp.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
directus:
|
||||
environment:
|
||||
EMAIL_TRANSPORT: smtp
|
||||
EMAIL_FROM: ${EMAIL_FROM:?err}
|
||||
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
|
||||
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
|
||||
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
|
||||
EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
|
||||
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
|
||||
EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}
|
||||
16
directus/docker-compose.traefik.yml
Normal file
16
directus/docker-compose.traefik.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
directus:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web
|
||||
40
directus/docker-compose.yml
Normal file
40
directus/docker-compose.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
directus:
|
||||
name: ${DIRECTUS_VOLUME_NAME:-directus}
|
||||
|
||||
services:
|
||||
directus:
|
||||
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
|
||||
image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
|
||||
restart: always
|
||||
volumes:
|
||||
- directus:/directus/uploads
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
environment:
|
||||
KEY: ${DIRECTUS_KEY:?err}
|
||||
SECRET: ${DIRECTUS_SECRET:?err}
|
||||
TELEMETRY: false
|
||||
|
||||
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
|
||||
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
|
||||
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
|
||||
CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
|
||||
CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
|
||||
|
||||
DB_CLIENT: 'pg'
|
||||
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
DB_PORT: '5432'
|
||||
DB_DATABASE: ${POSTGRES_DB:?err}
|
||||
DB_USER: ${POSTGRES_USER:?err}
|
||||
DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
|
||||
TZ: ${TZ:-Europe/Paris}
|
||||
|
||||
PUID: ${DIRECTUS_PUID:-1000}
|
||||
PGID: ${DIRECTUS_PGID:-1000}
|
||||
37
drone/.env
37
drone/.env
@ -1,37 +0,0 @@
|
||||
## DOCKER
|
||||
|
||||
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
|
||||
TRAEFIK_NETWORK_NAME=kifeart
|
||||
|
||||
|
||||
## DRONE SERVER
|
||||
|
||||
# https://hub.docker.com/r/drone/drone/tags
|
||||
DRONE_SERVER_IMAGE=drone/drone:1.7.0
|
||||
|
||||
DRONE_SERVER_VOLUME_NAME=drone-server
|
||||
DRONE_SERVER_CONTAINER_NAME=drone-server
|
||||
|
||||
# https://docs.drone.io/server/reference/
|
||||
DRONE_GIT_ALWAYS_AUTH=true
|
||||
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
|
||||
DRONE_SERVER_HOST=ci.cool.life
|
||||
DRONE_SERVER_PROTO=https
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
DRONE_GITEA_SERVER=gitea.cool.life
|
||||
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
|
||||
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
|
||||
|
||||
|
||||
|
||||
## DRONE RUNNER
|
||||
|
||||
# https://hub.docker.com/r/drone/drone-runner-docker/tags
|
||||
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
|
||||
DRONE_RUNNER_CONTAINER_NAME=drone-runner
|
||||
DRONE_RUNNER_CAPACITY=2
|
||||
DRONE_RUNNER_HOST=ci-runner.cool.life
|
||||
DRONE_RUNNER_NAME=ci-runner.cool.life
|
||||
DRONE_RUNNER_UI_USERNAME=kosssi
|
||||
DRONE_RUNNER_UI_PASSWORD=$not$a$password
|
||||
@ -4,6 +4,22 @@
|
||||
>
|
||||
> <cite>[Codeflow][article]</cite>
|
||||
|
||||
## Documentation
|
||||
|
||||
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
|
||||
|
||||
Le service est basé sur 2 briques :
|
||||
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
|
||||
- le coté exécution des tâches (_[runner](./runner)_).
|
||||
|
||||
### Génération de clé
|
||||
|
||||
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
|
||||
|
||||
```
|
||||
openssl rand -hex 16
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site internet][site]
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
|
||||
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
|
||||
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}
|
||||
@ -1,22 +0,0 @@
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
|
||||
traefik.http.routers.drone-server.entrypoints: 'web'
|
||||
|
||||
drone-runner:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
|
||||
traefik.http.routers.drone-runner.entrypoints: 'web'
|
||||
@ -1,41 +0,0 @@
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
drone-server:
|
||||
name: ${DRONE_SERVER_VOLUME_NAME}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
container_name: ${DRONE_SERVER_CONTAINER_NAME}
|
||||
image: ${DRONE_SERVER_IMAGE}
|
||||
restart: always
|
||||
environment:
|
||||
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
|
||||
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
|
||||
DRONE_LOGS_DEBUG: 'true'
|
||||
volumes:
|
||||
- drone-server:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
drone-runner:
|
||||
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
||||
image: ${DRONE_RUNNER_IMAGE}
|
||||
restart: always
|
||||
depends_on:
|
||||
- drone-server
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
DRONE_RPC_PROTO: http
|
||||
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
|
||||
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
|
||||
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
|
||||
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
|
||||
DRONE_DEBUG: 'true'
|
||||
36
drone/runner/.env
Normal file
36
drone/runner/.env
Normal file
@ -0,0 +1,36 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=../..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
|
||||
## DRONE RUNNER
|
||||
#https://docs.drone.io/runner/docker/configuration/reference/
|
||||
|
||||
### Docker
|
||||
# https://hub.docker.com/r/drone/drone-runner-docker/tags
|
||||
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
|
||||
DRONE_RUNNER_CONTAINER_NAME=drone-server
|
||||
|
||||
### Drone
|
||||
# https://docs.drone.io/runner/docker/installation/linux/
|
||||
DRONE_RPC_HOST=drone.cool.life
|
||||
DRONE_RPC_PROTO=https
|
||||
DRONE_RPC_SECRET=change-me
|
||||
DRONE_RUNNER_HOST=ci-runner.cool.life
|
||||
DRONE_RUNNER_CAPACITY=2
|
||||
DRONE_RUNNER_NAME=drone-runner
|
||||
DRONE_UI_USERNAME=resilien
|
||||
DRONE_UI_PASSWORD=change-me
|
||||
DRONE_UI_DISABLE=false
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
11
drone/runner/README.md
Normal file
11
drone/runner/README.md
Normal file
@ -0,0 +1,11 @@
|
||||
# Drone CI Runner
|
||||
|
||||
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
|
||||
|
||||
## Installation
|
||||
|
||||
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
|
||||
|
||||
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
|
||||
|
||||
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.
|
||||
15
drone/runner/docker-compose.dashboard.yml
Normal file
15
drone/runner/docker-compose.dashboard.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/runner/docker/configuration/dashboard/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
|
||||
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
|
||||
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
|
||||
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}
|
||||
8
drone/runner/docker-compose.local.yml
Normal file
8
drone/runner/docker-compose.local.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
ports:
|
||||
- "3000:3000"
|
||||
15
drone/runner/docker-compose.logging.yml
Normal file
15
drone/runner/docker-compose.logging.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/runner/docker/configuration/logging/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
|
||||
DRONE_DEBUG: ${DRONE_DEBUG:-false}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
|
||||
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
|
||||
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}
|
||||
16
drone/runner/docker-compose.traefik.yml
Normal file
16
drone/runner/docker-compose.traefik.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
external: true
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
26
drone/runner/docker-compose.yml
Normal file
26
drone/runner/docker-compose.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/runner/docker/installation/linux/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
||||
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
|
||||
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
|
||||
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
|
||||
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
|
||||
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
|
||||
65
drone/server/.env
Normal file
65
drone/server/.env
Normal file
@ -0,0 +1,65 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=../..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
|
||||
## DRONE SERVER
|
||||
# https://docs.drone.io/server/reference/
|
||||
|
||||
### Docker
|
||||
# https://hub.docker.com/r/drone/drone/tags
|
||||
DRONE_SERVER_IMAGE=drone/drone:2.8.0
|
||||
DRONE_SERVER_VOLUME_NAME=drone-server
|
||||
DRONE_SERVER_CONTAINER_NAME=drone-server
|
||||
|
||||
### Drone
|
||||
|
||||
DRONE_RPC_SECRET=change-me
|
||||
DRONE_SERVER_HOST=ci.cool.life
|
||||
DRONE_SERVER_PROTO=https
|
||||
|
||||
### User
|
||||
DRONE_ADMIN_USER=resilien
|
||||
DRONE_ADMIN_TOKEN=change-me
|
||||
DRONE_USER_FILTER=resilien
|
||||
DRONE_REGISTRATION_CLOSED=true
|
||||
|
||||
### Gitea
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
#DRONE_GIT_ALWAYS_AUTH=
|
||||
DRONE_GITEA_SERVER=gitea.cool.life
|
||||
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
|
||||
DRONE_GITEA_CLIENT_SECRET=change-me
|
||||
|
||||
## Header
|
||||
# https://docs.drone.io/server/headers/
|
||||
#DRONE_HTTP_SSL_REDIRECT=
|
||||
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
|
||||
#DRONE_HTTP_SSL_HOST=
|
||||
#DRONE_HTTP_STS_SECONDS=
|
||||
|
||||
### Cookie
|
||||
# https://docs.drone.io/server/cookie/
|
||||
DRONE_COOKIE_SECRET=change-me
|
||||
#DRONE_COOKIE_TIMEOUT=720h
|
||||
|
||||
### POSTGRES
|
||||
# https://docs.drone.io/server/storage/encryption/
|
||||
DRONE_DATABASE_SECRET=change-me
|
||||
POSTGRES_USER=user
|
||||
POSTGRES_PASSWORD=password
|
||||
POSTGRES_VOLUME_NAME=postgres
|
||||
POSTGRES_CONTAINER_NAME=postgres
|
||||
POSTGRES_DB=drone
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
42
drone/server/README.md
Normal file
42
drone/server/README.md
Normal file
@ -0,0 +1,42 @@
|
||||
# Drone CI Server
|
||||
|
||||
## Installation
|
||||
|
||||
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
|
||||
|
||||
## Configuration
|
||||
|
||||
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
|
||||
|
||||
### Installation du CLI
|
||||
|
||||
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
|
||||
|
||||
### Configuration du CLI en local
|
||||
|
||||
Il faut :
|
||||
- l'url de l'instance (`DRONE_SERVER_HOST`)
|
||||
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
|
||||
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
|
||||
|
||||
```
|
||||
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
|
||||
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
|
||||
```
|
||||
|
||||
[Documentation officielle](https://docs.drone.io/cli/configure/)
|
||||
|
||||
### Les utilisateurs
|
||||
|
||||
Il faut ajouter les utilisateurs non admin :
|
||||
|
||||
```
|
||||
drone user add kosssi
|
||||
drone user add killian
|
||||
export PROMETHEUS_TOKEN=`openssl rand -hex 16`
|
||||
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
|
||||
```
|
||||
|
||||
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
|
||||
|
||||
[Documentation officielle](https://docs.drone.io/server/user/machine/#create-accounts) [cli](https://docs.drone.io/cli/user/drone-user-add/)
|
||||
13
drone/server/docker-compose.cookie.yml
Normal file
13
drone/server/docker-compose.cookie.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/cookie/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-cookie-secret/
|
||||
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
|
||||
# https://docs.drone.io/server/reference/drone-cookie-timeout/
|
||||
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days
|
||||
17
drone/server/docker-compose.gitea.yml
Normal file
17
drone/server/docker-compose.gitea.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-git-always-auth/
|
||||
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-server/
|
||||
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-client-id/
|
||||
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
|
||||
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}
|
||||
13
drone/server/docker-compose.header.yml
Normal file
13
drone/server/docker-compose.header.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/headers/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
|
||||
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
|
||||
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
|
||||
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}
|
||||
8
drone/server/docker-compose.local.yml
Normal file
8
drone/server/docker-compose.local.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
ports:
|
||||
- "3000:3000"
|
||||
19
drone/server/docker-compose.logging.yml
Normal file
19
drone/server/docker-compose.logging.yml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/logging/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-logs-debug/
|
||||
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-text/
|
||||
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-pretty/
|
||||
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-color/
|
||||
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-trace/
|
||||
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}
|
||||
16
drone/server/docker-compose.postgres.yml
Normal file
16
drone/server/docker-compose.postgres.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/storage/database/
|
||||
# https://docs.drone.io/server/storage/encryption/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-database-secret/
|
||||
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
|
||||
# https://docs.drone.io/server/reference/drone-database-driver/
|
||||
DRONE_DATABASE_DRIVER: postgres
|
||||
# https://docs.drone.io/server/reference/drone-database-datasource/
|
||||
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable
|
||||
16
drone/server/docker-compose.traefik.yml
Normal file
16
drone/server/docker-compose.traefik.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
external: true
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
15
drone/server/docker-compose.user.yml
Normal file
15
drone/server/docker-compose.user.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/user/registration/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-user-create/
|
||||
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
|
||||
# https://docs.drone.io/server/reference/drone-user-filter/
|
||||
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
|
||||
# https://docs.drone.io/server/reference/drone-registration-closed/
|
||||
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}
|
||||
24
drone/server/docker-compose.yml
Normal file
24
drone/server/docker-compose.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
drone-server:
|
||||
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
|
||||
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
|
||||
restart: always
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-rpc-secret/
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
# https://docs.drone.io/server/reference/drone-server-host/
|
||||
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
|
||||
# https://docs.drone.io/server/reference/drone-server-proto/
|
||||
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
|
||||
volumes:
|
||||
- drone-server:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
@ -13,3 +13,5 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
|
||||
## DOCKER_HOST
|
||||
|
||||
Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit s’exécuter sur ce serveur.
|
||||
|
||||
> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur
|
||||
|
||||
9
geoip/.env
Normal file
9
geoip/.env
Normal file
@ -0,0 +1,9 @@
|
||||
#GEOIP_VOLUME_NAME=
|
||||
#GEOIP_IMAGE=
|
||||
#GEOIP_CONTAINER_NAME=
|
||||
|
||||
#GEOIP_EDITION_IDS=
|
||||
GEOIP_LICENSE_KEY=blablabla
|
||||
#GEOIP_DOWNLOAD_PATH=
|
||||
#GEOIP_SCHEDULE=
|
||||
#GEOIP_LOG_LEVEL=
|
||||
22
geoip/docker-compose.yml
Normal file
22
geoip/docker-compose.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
geoip:
|
||||
name: ${GEOIP_VOLUME_NAME:-geoip}
|
||||
|
||||
services:
|
||||
geoip:
|
||||
image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
|
||||
container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
|
||||
restart: always
|
||||
volumes:
|
||||
- geoip:${GEOIP_DOWNLOAD_PATH:-/data}
|
||||
environment:
|
||||
EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
|
||||
LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
|
||||
DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
|
||||
SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
|
||||
LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
|
||||
LOG_JSON: ${GEOIP_LOG_JSON:-false}
|
||||
10
geoipupdate/.env
Normal file
10
geoipupdate/.env
Normal file
@ -0,0 +1,10 @@
|
||||
#GEOIPUPDATE_VOLUME_NAME=
|
||||
#GEOIPUPDATE_IMAGE=
|
||||
#GEOIPUPDATE_CONTAINER_NAME=
|
||||
|
||||
GEOIPUPDATE_ACCOUNT_ID=<change-me>
|
||||
GEOIPUPDATE_LICENSE_KEY=<change-me>
|
||||
#GEOIPUPDATE_EDITION_IDS=
|
||||
#GEOIPUPDATE_FREQUENCY=
|
||||
#GEOIPUPDATE_VERBOSE=
|
||||
#GEOIPUPDATE_DB_DIR=
|
||||
14
geoipupdate/README.md
Normal file
14
geoipupdate/README.md
Normal file
@ -0,0 +1,14 @@
|
||||
# HedgeDoc
|
||||
|
||||
> Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
- [Github][github]
|
||||
- [L'image Docker de LinuxServer][docker]
|
||||
|
||||
[website]: https://www.maxmind.com/en/home
|
||||
[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
|
||||
[github]: https://github.com/maxmind/geoipupdate
|
||||
[documentation]: https://dev.maxmind.com/geoip/updating-databases
|
||||
22
geoipupdate/docker-compose.yml
Normal file
22
geoipupdate/docker-compose.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
geoipupdate:
|
||||
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
|
||||
|
||||
services:
|
||||
geoipupdate:
|
||||
image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
|
||||
container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
|
||||
restart: always
|
||||
volumes:
|
||||
- geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
|
||||
environment:
|
||||
GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
|
||||
GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
|
||||
GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
|
||||
GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
|
||||
GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
|
||||
GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
|
||||
36
gitea/.env
36
gitea/.env
@ -1,26 +1,34 @@
|
||||
COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
# APP
|
||||
SERVICES_DIR=".."
|
||||
COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
|
||||
|
||||
GITEA_VOLUME_NAME=gitea
|
||||
GITEA_PROTOCOL=http
|
||||
GITEA_DOMAIN=gitea.lan
|
||||
|
||||
# APP CONFIG
|
||||
#######
|
||||
# GITEA
|
||||
# https://docs.gitea.io/en-us/install-with-docker/#environments-variables
|
||||
|
||||
DISABLE_SSH=true
|
||||
RUN_MODE=prod
|
||||
ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN}
|
||||
DISABLE_REGISTRATION=true
|
||||
DISABLE_GRAVATAR=true
|
||||
#INSTALL_LOCK=true
|
||||
GITEA_DOMAIN=gitea.lan
|
||||
GITEA_VOLUME_NAME=gitea
|
||||
GITEA_IMAGE=gitea/gitea:1.18.4
|
||||
GITEA_PROTOCOL=http
|
||||
GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
|
||||
GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
|
||||
|
||||
# SMTP
|
||||
|
||||
GITEA__mailer__FROM='"Name" <email@example.com>'
|
||||
GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
|
||||
GITEA__mailer__SMTP_PORT=465
|
||||
GITEA__mailer__USER=gitea.lan
|
||||
GITEA__mailer__PASSWD=gitea.lan
|
||||
|
||||
# DATABASE
|
||||
# Voir la description ../postgres/README.md
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=gitea-postgres
|
||||
POSTGRES_VOLUME_NAME=gitea-postgres
|
||||
POSTGRES_IMAGE=postgres:15.2-alpine
|
||||
|
||||
@ -4,6 +4,8 @@
|
||||
>
|
||||
> <cite>[Documentation][documentation]</cite>
|
||||
|
||||
Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
|
||||
|
||||
## Commandes
|
||||
|
||||
```sh
|
||||
|
||||
8
gitea/docker-compose.metrics.yml
Normal file
8
gitea/docker-compose.metrics.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__METRICS__ENABLED=true
|
||||
@ -1,3 +1,5 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
|
||||
14
gitea/docker-compose.postgres.yml
Normal file
14
gitea/docker-compose.postgres.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__database__DB_TYPE=postgres
|
||||
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
|
||||
- GITEA__database__NAME=${POSTGRES_DB}
|
||||
- GITEA__database__USER=${POSTGRES_USER}
|
||||
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
|
||||
depends_on:
|
||||
- postgres
|
||||
16
gitea/docker-compose.smtp.yml
Normal file
16
gitea/docker-compose.smtp.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__mailer__ENABLED=true
|
||||
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
|
||||
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
|
||||
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
|
||||
|
||||
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
|
||||
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
|
||||
|
||||
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
|
||||
@ -1,16 +1,17 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
gitea:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
|
||||
traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)'
|
||||
traefik.http.routers.gitea.entrypoints: 'web'
|
||||
|
||||
traefik.http.services.gitea.loadbalancer.server.port: '3000'
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
@ -7,19 +9,17 @@ volumes:
|
||||
services:
|
||||
gitea:
|
||||
container_name: ${GITEA_CONTAINER_NAME:-gitea}
|
||||
image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
|
||||
image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
|
||||
restart: always
|
||||
environment:
|
||||
# - USER_UID=1000
|
||||
# - USER_GID=1000
|
||||
DB_TYPE: postgres
|
||||
DB_HOST: postgres:5432
|
||||
DB_NAME: ${POSTGRES_DB}
|
||||
DB_USER: ${POSTGRES_USER}
|
||||
DB_PASSWD: ${POSTGRES_PASSWORD}
|
||||
- USER_UID=${GITEA_UID:-1000}
|
||||
- USER_GID=${GITEA_GID:-1000}
|
||||
# Security
|
||||
# docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
|
||||
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
|
||||
# docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
|
||||
- GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
|
||||
volumes:
|
||||
- gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
depends_on:
|
||||
- postgres
|
||||
|
||||
47
grafana/.env
47
grafana/.env
@ -1,3 +1,48 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
#########
|
||||
# GRAFANA
|
||||
|
||||
GRAFANA_DOMAIN=grafana.cool.life
|
||||
#GRAFANA_VOLUME_NAME=
|
||||
#GRAFANA_CONTAINER_NAME=
|
||||
#GRAFANA_IMAGE=
|
||||
|
||||
GF_SECURITY_ADMIN_USER=admin
|
||||
GF_SECURITY_ADMIN_PASSWORD=admin
|
||||
GF_SECURITY_ADMIN_PASSWORD=password
|
||||
#GF_SECURITY_DISABLE_GRAVATAR=
|
||||
#GF_SECURITY_COOKIE_SECURE=
|
||||
#GF_USERS_ALLOW_SIGN_UP=
|
||||
GF_INSTALL_PLUGINS=grafana-piechart-panel
|
||||
|
||||
######
|
||||
# SMTP
|
||||
|
||||
#GF_SMTP_HOST=
|
||||
#GF_SMTP_USER=
|
||||
#GF_SMTP_PASSWORD=
|
||||
#GF_SMTP_FROM_ADDRESS=
|
||||
#GF_SMTP_FROM_NAME=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
#REDIS_CONTAINER_NAME=
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#GF_REMOTE_CACHE_CONNSTR=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
|
||||
19
grafana/README.md
Normal file
19
grafana/README.md
Normal file
@ -0,0 +1,19 @@
|
||||
# Grafana
|
||||
|
||||
> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
|
||||
>
|
||||
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
|
||||
|
||||
## 🔧 Configuration
|
||||
|
||||
La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
|
||||
- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
|
||||
- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
|
||||
- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
|
||||
|
||||
## 🔗 Liens
|
||||
|
||||
- [Site officiel](https://grafana.com)
|
||||
- [La documentation](https://grafana.com/docs)
|
||||
- [Github](https://github.com/grafana/grafana)
|
||||
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)
|
||||
11
grafana/docker-compose.postgres.yml
Normal file
11
grafana/docker-compose.postgres.yml
Normal file
@ -0,0 +1,11 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#database
|
||||
GF_DATABASE_TYPE: postgres
|
||||
GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
GF_DATABASE_NAME: ${POSTGRES_DB:?err}
|
||||
GF_DATABASE_USER: ${POSTGRES_USER:?err}
|
||||
GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
8
grafana/docker-compose.redis.yml
Normal file
8
grafana/docker-compose.redis.yml
Normal file
@ -0,0 +1,8 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
|
||||
GF_REMOTE_CACHE_TYPE: redis
|
||||
GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}
|
||||
12
grafana/docker-compose.smtp.yml
Normal file
12
grafana/docker-compose.smtp.yml
Normal file
@ -0,0 +1,12 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
|
||||
GF_SMTP_ENABLED: true
|
||||
GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
|
||||
GF_SMTP_USER: ${GF_SMTP_USER:?err}
|
||||
GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
|
||||
GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
|
||||
GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}
|
||||
14
grafana/docker-compose.traefik.yml
Normal file
14
grafana/docker-compose.traefik.yml
Normal file
@ -0,0 +1,14 @@
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
grafana:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
@ -1,9 +1,5 @@
|
||||
---
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
grafana:
|
||||
@ -12,17 +8,17 @@ volumes:
|
||||
services:
|
||||
grafana:
|
||||
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
|
||||
image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
|
||||
image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
|
||||
restart: always
|
||||
volumes:
|
||||
- grafana:/var/lib/grafana
|
||||
environment:
|
||||
GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
|
||||
GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
|
||||
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
|
||||
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
|
||||
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
|
||||
GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
|
||||
GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
|
||||
GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
|
||||
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
|
||||
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
|
||||
traefik.http.routers.grafana.entrypoints: 'web'
|
||||
|
||||
@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :
|
||||
|
||||
## Configuration
|
||||
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées.
|
||||
|
||||
Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).
|
||||
|
||||
@ -21,6 +21,23 @@ Lancer le service :
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
## Debug
|
||||
|
||||
### Se connecter à la base de données
|
||||
|
||||
```shell
|
||||
. .env
|
||||
docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
|
||||
```
|
||||
|
||||
### Traitement des notes vides
|
||||
|
||||
```
|
||||
SELECT count(*) FROM public."Notes" WHERE content = '';
|
||||
SELECT * FROM public."Notes" WHERE content = '';
|
||||
DELETE FROM public."Notes" WHERE content = '';
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
|
||||
@ -3,6 +3,7 @@ version: "3.8"
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
hedgedoc:
|
||||
|
||||
@ -7,24 +7,27 @@ volumes:
|
||||
services:
|
||||
hedgedoc:
|
||||
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
|
||||
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
|
||||
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
|
||||
restart: always
|
||||
depends_on:
|
||||
- postgres
|
||||
volumes:
|
||||
- hedgedoc:/opt/hedgedoc/public/uploads
|
||||
- hedgedoc:/config/uploads
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
# https://docs.hedgedoc.org/configuration/
|
||||
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
|
||||
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
|
||||
CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
|
||||
CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
|
||||
NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
|
||||
CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
|
||||
CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
|
||||
CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
|
||||
CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
|
||||
CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
|
||||
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
|
||||
CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
|
||||
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
|
||||
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
|
||||
PGID: ${PGID:-1000}
|
||||
PUID: ${PUID:-1000}
|
||||
|
||||
26
listmonk/.env
Normal file
26
listmonk/.env
Normal file
@ -0,0 +1,26 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
## APP
|
||||
|
||||
LISTMONK_DOMAIN=localhost
|
||||
LISTMONK_ADMIN_USERNAME=
|
||||
LISTMONK_ADMIN_PASSWORD=
|
||||
#LISTMONK_CONTAINER_NAME=listmonk
|
||||
#LISTMONK_VOLUME_NAME=listmonk
|
||||
#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
|
||||
|
||||
## POSTGRES
|
||||
|
||||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
POSTGRES_USER=listmonk
|
||||
POSTGRES_PASSWORD=listmonk
|
||||
POSTGRES_DB=listmonk
|
||||
37
listmonk/README.md
Normal file
37
listmonk/README.md
Normal file
@ -0,0 +1,37 @@
|
||||
# listmonk
|
||||
|
||||
> Gestionnaire de listes de diffusion et de newsletter
|
||||
|
||||
## Documentation
|
||||
|
||||
listmonk ne gère actuellement pas le multicompte.
|
||||
|
||||
Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
|
||||
|
||||
```
|
||||
command: [sh, -c, "./listmonk --config ''"]
|
||||
```
|
||||
|
||||
Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
|
||||
|
||||
```
|
||||
command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
|
||||
```
|
||||
|
||||
Pour faire les mise à jour et ainsi migrer la base de donnée :
|
||||
|
||||
```
|
||||
command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Documentation][documentation]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[site]: https://listmonk.app/
|
||||
[source]: https://github.com/knadh/listmonk
|
||||
[documentation]: https://listmonk.app/docs/
|
||||
[dockerhub]: https://hub.docker.com/r/listmonk/listmonk
|
||||
41
listmonk/docker-compose.yml
Normal file
41
listmonk/docker-compose.yml
Normal file
@ -0,0 +1,41 @@
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
listmonk:
|
||||
name: ${LISTMONK_VOLUME_NAME:-listmonk}
|
||||
|
||||
services:
|
||||
listmonk:
|
||||
container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
|
||||
image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
|
||||
restart: always
|
||||
#command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
|
||||
#command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
|
||||
command: [sh, -c, "./listmonk --config ''"]
|
||||
depends_on:
|
||||
- postgres
|
||||
environment:
|
||||
LISTMONK_app__address: 0.0.0.0:9000
|
||||
LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
|
||||
LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
|
||||
LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
|
||||
LISTMONK_db__port: 5432
|
||||
LISTMONK_db__user: ${POSTGRES_USER:?err}
|
||||
LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
|
||||
LISTMONK_db__database: ${POSTGRES_DB:?err}
|
||||
LISTMONK_db__ssl_mode: disable
|
||||
TZ: Europe/Paris
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- listmonk:/listmonk/uploads
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
50
lldap/.env
Normal file
50
lldap/.env
Normal file
@ -0,0 +1,50 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
#######
|
||||
# LLDAP
|
||||
|
||||
LLDAP_DOMAIN=lldap.cool.life
|
||||
LLDAP_VOLUME_NAME=lldap_cool_life
|
||||
LLDAP_CONTAINER_NAME=lldap_cool_life
|
||||
LLDAP_IMAGE=nitnelave/lldap:v0.4.3
|
||||
|
||||
LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
|
||||
LLDAP_VERBOSE=true
|
||||
|
||||
LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
|
||||
LLDAP_LDAP_USER_DN="myuser"
|
||||
LLDAP_LDAP_USER_EMAIL="admin@cool.life"
|
||||
LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
|
||||
|
||||
# LLDAP_TEST_EMAIL_TO=
|
||||
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
|
||||
# LLDAP_SMTP_OPTIONS__SERVER=
|
||||
# LLDAP_SMTP_OPTIONS__PORT=
|
||||
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
|
||||
# LLDAP_SMTP_OPTIONS__USER=
|
||||
# LLDAP_SMTP_OPTIONS__PASSWORD=
|
||||
# LLDAP_SMTP_OPTIONS__FROM=
|
||||
# LLDAP_SMTP_OPTIONS__REPLY_TO=
|
||||
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=lldap-postgres
|
||||
POSTGRES_VOLUME_NAME=lldap-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
27
lldap/README.md
Normal file
27
lldap/README.md
Normal file
@ -0,0 +1,27 @@
|
||||
# LLDAP
|
||||
|
||||
> Implémentation légère de LDAP pour l'authentification :
|
||||
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
|
||||
|
||||
## Documentation
|
||||
|
||||
- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
|
||||
- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
|
||||
- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
|
||||
- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
|
||||
|
||||
## Configuration
|
||||
|
||||
La configuration a été séparée en 5 fichiers :
|
||||
|
||||
- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
|
||||
- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik
|
||||
- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP
|
||||
- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres
|
||||
- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik
|
||||
|
||||
## Liens
|
||||
|
||||
- [Code source](https://github.com/lldap/lldap)
|
||||
- [Docker Hub](https://hub.docker.com/r/nitnelave/lldap)
|
||||
- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml)
|
||||
13
lldap/docker-compose.local.yml
Normal file
13
lldap/docker-compose.local.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
lldap:
|
||||
ports:
|
||||
# For LDAP
|
||||
- "3890:3890"
|
||||
# For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
|
||||
- "6360:6360"
|
||||
# For the web front-end
|
||||
- "17170:17170"
|
||||
8
lldap/docker-compose.postgres.yml
Normal file
8
lldap/docker-compose.postgres.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
lldap:
|
||||
environment:
|
||||
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}
|
||||
16
lldap/docker-compose.smtp.yml
Normal file
16
lldap/docker-compose.smtp.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
lldap:
|
||||
environment:
|
||||
- LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
|
||||
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
|
||||
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
|
||||
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
|
||||
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
|
||||
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
|
||||
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
|
||||
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
|
||||
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}
|
||||
24
lldap/docker-compose.traefik.yml
Normal file
24
lldap/docker-compose.traefik.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
lldap:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
|
||||
|
||||
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
|
||||
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`)
|
||||
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890
|
||||
26
lldap/docker-compose.yml
Normal file
26
lldap/docker-compose.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
lldap:
|
||||
name: ${LLDAP_VOLUME_NAME:-lldap}
|
||||
|
||||
services:
|
||||
lldap:
|
||||
container_name: ${LLDAP_CONTAINER_NAME:-lldap}
|
||||
image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3}
|
||||
restart: always
|
||||
volumes:
|
||||
- "lldap:/data"
|
||||
environment:
|
||||
- TZ=${TIMEZONE:-Europe/Paris}
|
||||
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
|
||||
|
||||
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
|
||||
- LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err}
|
||||
|
||||
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
|
||||
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
|
||||
- LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
|
||||
- LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}
|
||||
63
mobilizon/.env
Normal file
63
mobilizon/.env
Normal file
@ -0,0 +1,63 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
############
|
||||
## MOBILIZON
|
||||
|
||||
MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
|
||||
MOBILIZON_DOMAIN=mobilizon.lan
|
||||
#MOBILIZON_INSTANCE_PORT=4000
|
||||
MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
|
||||
|
||||
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
|
||||
MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
|
||||
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
|
||||
|
||||
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
|
||||
MOBILIZON_INSTANCE_SECRET_KEY=changethis
|
||||
|
||||
MOBILIZON_SMTP_SERVER=localhost
|
||||
MOBILIZON_SMTP_HOSTNAME=localhost
|
||||
MOBILIZON_SMTP_PORT=25
|
||||
MOBILIZON_SMTP_SSL=false
|
||||
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
|
||||
MOBILIZON_SMTP_PASSWORD=password
|
||||
|
||||
#MOBILIZON_PUID=
|
||||
#MOBILIZON_PGID=
|
||||
|
||||
#######
|
||||
# GEOIP
|
||||
|
||||
#GEOIP_VOLUME_NAME=
|
||||
#GEOIP_IMAGE=
|
||||
#GEOIP_CONTAINER_NAME=
|
||||
|
||||
#GEOIP_EDITION_IDS=
|
||||
GEOIP_LICENSE_KEY=
|
||||
#GEOIP_DOWNLOAD_PATH=
|
||||
#GEOIP_SCHEDULE=
|
||||
#GEOIP_LOG_LEVEL=
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=mobilizon_user
|
||||
POSTGRES_PASSWORD=mobilizon_password
|
||||
POSTGRES_DB=mobilizon_db
|
||||
#POSTGRES_CONTAINER_NAME=mobilizon_postgres
|
||||
#POSTGRES_VOLUME_NAME=mobilizon_postgres
|
||||
POSTGRES_IMAGE=kartoza/postgis:14-3.1
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
23
mobilizon/README.md
Normal file
23
mobilizon/README.md
Normal file
@ -0,0 +1,23 @@
|
||||
# Mobilizon
|
||||
|
||||
> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
|
||||
>
|
||||
> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
|
||||
|
||||
On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
|
||||
|
||||
## Configuration
|
||||
|
||||
Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
|
||||
- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
|
||||
- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
|
||||
|
||||
## Liens
|
||||
|
||||
- 🌐 [Site website](https://joinmobilizon.org)
|
||||
- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
|
||||
- 💻 Source officiel :
|
||||
- [le logiciel](https://framagit.org/framasoft/mobilizon)
|
||||
- [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
|
||||
- 📜 [Documentation](https://docs.joinmobilizon.org)
|
||||
- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)
|
||||
8
mobilizon/docker-compose.local.yml
Normal file
8
mobilizon/docker-compose.local.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
ports:
|
||||
- "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"
|
||||
16
mobilizon/docker-compose.traefik.yml
Normal file
16
mobilizon/docker-compose.traefik.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
47
mobilizon/docker-compose.yml
Normal file
47
mobilizon/docker-compose.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
mobilizon:
|
||||
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
|
||||
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
|
||||
restart: always
|
||||
depends_on:
|
||||
- postgres
|
||||
- geoip
|
||||
volumes:
|
||||
- mobilizon:/var/lib/mobilizon/uploads
|
||||
# - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
|
||||
- geoip:/var/lib/mobilizon/geo_db
|
||||
environment:
|
||||
MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
|
||||
MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
|
||||
MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
|
||||
MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
|
||||
|
||||
MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
|
||||
MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
|
||||
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
|
||||
|
||||
MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
|
||||
MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
|
||||
MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
|
||||
MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
|
||||
MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
|
||||
|
||||
MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
|
||||
MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
|
||||
MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
|
||||
MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
|
||||
MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
|
||||
MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
|
||||
|
||||
PUID: ${MOBILIZON_PUID:-1000}
|
||||
PGID: ${MOBILIZON_PGID:-1000}
|
||||
@ -1,23 +1,51 @@
|
||||
## DOCKER
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
COMPOSE_FILE=./docker-compose.yml
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
TRAEFIK_NETWORK_NAME=kifeart
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
## APP
|
||||
|
||||
NEXTCLOUD_DOMAIN=nextcloud.cool.life
|
||||
NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
|
||||
NEXTCLOUD_CONTAINER_NAME=nextcloud
|
||||
NEXTCLOUD_VOLUME_NAME=nextcloud
|
||||
NEXTCLOUD_DOMAIN=nextcloud.cool.life
|
||||
|
||||
NEXTCLOUD_ADMIN_USER: user
|
||||
NEXTCLOUD_ADMIN_PASSWORD: password
|
||||
NEXTCLOUD_ADMIN_USER=user
|
||||
NEXTCLOUD_ADMIN_PASSWORD=password
|
||||
|
||||
# DATABASE
|
||||
# Voir la description ../postgres/README.md
|
||||
#SMTP_HOST=mail.test.org
|
||||
#SMTP_SECURE=
|
||||
#SMTP_PORT=
|
||||
#SMTP_AUTHTYPE=
|
||||
#SMTP_NAME=test@test.org
|
||||
#SMTP_PASSWORD=blablablabla
|
||||
#MAIL_FROM_ADDRESS=no-reply
|
||||
#MAIL_DOMAIN=test.org
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=nextcloud-postgres
|
||||
POSTGRES_VOLUME_NAME=nextcloud-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
REDIS_CONTAINER_NAME=nextcloud-redis
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
|
||||
@ -10,47 +10,82 @@
|
||||
>
|
||||
> -- <cite>[Github][github]</cite>
|
||||
|
||||
On peut trouver [la documentation ici][documentation].
|
||||
On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/).
|
||||
|
||||
## Aide
|
||||
|
||||
```sh
|
||||
docker exec --user www-data -it nextcloud bash
|
||||
Commande pour se connecter à un serveur :
|
||||
|
||||
docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys
|
||||
```sh
|
||||
. .env
|
||||
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
|
||||
```
|
||||
|
||||
Pour mettre un site en maintenance :
|
||||
|
||||
```sh
|
||||
. .env
|
||||
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration.
|
||||
Il est possible de configurer certaines parties avec des variables d'environnement :
|
||||
- Soit les variables sont spécifique à l'image Docker
|
||||
- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
|
||||
|
||||
Voici les modifications que j'effectue :
|
||||
### Création d'un groupe
|
||||
|
||||
```
|
||||
docker-compose exec --user www-data nextcloud-fpm ash
|
||||
vi config/config.php
|
||||
```
|
||||
Ajout de la configuration suivante :
|
||||
```
|
||||
'default_language' => 'fr',
|
||||
'default_locale' => 'fr_FR',
|
||||
'default_phone_region' => 'FR',
|
||||
'defaultapp' => 'files',
|
||||
'preview_max_x' => 2048,
|
||||
'preview_max_y' => 2048,
|
||||
'jpeg_quality' => 60,
|
||||
export NC_GROUP=com-en-aubrac
|
||||
php occ group:add $NC_GROUP
|
||||
```
|
||||
|
||||
Ajout de imagemagick :
|
||||
```
|
||||
docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
|
||||
```
|
||||
|
||||
ou
|
||||
### Création d'un utilisateur
|
||||
|
||||
```
|
||||
ssh <server>
|
||||
docker exec nextcloud-fpm apk add --no-cache imagemagick
|
||||
# La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
|
||||
export OC_PASS=unmotdepasse!
|
||||
|
||||
export NC_USER=simon
|
||||
export NC_NAME=Simon
|
||||
export NC_MAIL=simon@example.org
|
||||
export NC_QUOTA="180 GB"
|
||||
|
||||
php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
|
||||
php occ user:setting $NC_USER settings email $NC_MAIL
|
||||
```
|
||||
|
||||
### Quota
|
||||
|
||||
Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
|
||||
|
||||
```
|
||||
export NC_USER=simon
|
||||
export NC_QUOTA="10 GB"
|
||||
php occ user:setting $NC_USER files quota "$NC_QUOTA"
|
||||
```
|
||||
|
||||
### imagemagick
|
||||
|
||||
> Le module php-imagick n’a aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de l’installer.
|
||||
|
||||
Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
|
||||
|
||||
```
|
||||
. .env
|
||||
docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
|
||||
```
|
||||
|
||||
## Application
|
||||
|
||||
Suppression d'application :
|
||||
|
||||
```
|
||||
php occ app:disable dashboard
|
||||
php occ app:disable photos
|
||||
php occ app:disable weather_status
|
||||
php occ app:disable user_status
|
||||
```
|
||||
|
||||
## PHP-FPM: remédier à server reached pm.max_children
|
||||
|
||||
22
nextcloud/docker-compose.config.yml
Normal file
22
nextcloud/docker-compose.config.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
&nextcloud-configuration
|
||||
NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
|
||||
NC_force_language: ${NC_force_language:-fr}
|
||||
NC_default_locale: ${NC_default_locale:-fr_FR}
|
||||
NC_force_locale: ${NC_force_locale:-fr_FR}
|
||||
NC_default_language: ${NC_default_language:-fr}
|
||||
NC_default_phone_region: ${NC_default_phone_region:-FR}
|
||||
NC_defaultapp: ${NC_defaultapp:-files}
|
||||
NC_preview_max_x: ${NC_preview_max_x:-2048}
|
||||
NC_preview_max_y: ${NC_preview_max_y:-2048}
|
||||
NC_jpeg_quality: ${NC_jpeg_quality:-60}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *nextcloud-configuration
|
||||
8
nextcloud/docker-compose.local.yml
Normal file
8
nextcloud/docker-compose.local.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
nextcloud-web:
|
||||
ports:
|
||||
- ${LOCAL_PORT:-80}:80
|
||||
18
nextcloud/docker-compose.postgres.yml
Normal file
18
nextcloud/docker-compose.postgres.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
depends_on:
|
||||
- postgres
|
||||
environment:
|
||||
&postgres-configuration
|
||||
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
POSTGRES_USER: ${POSTGRES_USER:?err}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
POSTGRES_DB: ${POSTGRES_DB:?err}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *postgres-configuration
|
||||
15
nextcloud/docker-compose.redis.yml
Normal file
15
nextcloud/docker-compose.redis.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
depends_on:
|
||||
- redis
|
||||
environment:
|
||||
&redis-configuration
|
||||
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *redis-configuration
|
||||
20
nextcloud/docker-compose.smtp.yml
Normal file
20
nextcloud/docker-compose.smtp.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
&smtp-configuration
|
||||
SMTP_HOST: ${SMTP_HOST:?err}
|
||||
SMTP_SECURE: ${SMTP_SECURE:-ssl}
|
||||
SMTP_PORT: ${SMTP_PORT:-465}
|
||||
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
|
||||
SMTP_NAME: ${SMTP_NAME:?err}
|
||||
SMTP_PASSWORD: ${SMTP_PASSWORD:?err}
|
||||
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS:?err}
|
||||
MAIL_DOMAIN: ${MAIL_DOMAIN:?err}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *smtp-configuration
|
||||
22
nextcloud/docker-compose.traefik.yml
Normal file
22
nextcloud/docker-compose.traefik.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
nextcloud-web:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
|
||||
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
|
||||
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
|
||||
@ -1,98 +1,54 @@
|
||||
version: "3.8"
|
||||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
nextcloud:
|
||||
name: ${NEXTCLOUD_VOLUME_NAME}
|
||||
nextcloud-postgres:
|
||||
name: ${POSTGRES_VOLUME_NAME}
|
||||
name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
&fpm-configuration
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
|
||||
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
|
||||
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
|
||||
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
|
||||
PUID: ${NEXTCLOUD_PUID:-1000}
|
||||
PGID: ${NEXTCLOUD_PGID:-1000}
|
||||
|
||||
nextcloud-web:
|
||||
container_name: nextcloud-web
|
||||
build: ./web
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
|
||||
build: ${SERVICES_DIR}/nextcloud/web
|
||||
restart: always
|
||||
environment:
|
||||
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
||||
PUID: ${NEXTCLOUD_PUID:-1000}
|
||||
PGID: ${NEXTCLOUD_PGID:-1000}
|
||||
depends_on:
|
||||
- nextcloud-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
|
||||
traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
|
||||
traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
|
||||
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
|
||||
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
|
||||
|
||||
nextcloud-fpm:
|
||||
container_name: nextcloud-fpm
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
|
||||
restart: always
|
||||
hostname: ${NEXTCLOUD_DOMAIN}
|
||||
depends_on:
|
||||
- nextcloud-postgres
|
||||
- nextcloud-redis
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
|
||||
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
|
||||
OVERWRITEPROTOCOL: 'https'
|
||||
APACHE_DISABLE_REWRITE_IP: '1'
|
||||
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
|
||||
OVERWRITEPROTOCOL: 'https'
|
||||
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
REDIS_HOST: 'nextcloud-redis'
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
|
||||
nextcloud-postgres:
|
||||
container_name: ${POSTGRES_CONTAINER_NAME}
|
||||
image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
volumes:
|
||||
- nextcloud-postgres:/var/lib/postgresql/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
nextcloud-redis:
|
||||
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
|
||||
container_name: nextcloud-redis
|
||||
restart: always
|
||||
environment:
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
nextcloud-cron:
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
|
||||
container_name: nextcloud-cron
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
|
||||
restart: always
|
||||
depends_on:
|
||||
- nextcloud-web
|
||||
entrypoint: /cron.sh
|
||||
environment:
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
<<: *fpm-configuration
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
||||
@ -1,49 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
. $DIR/../help.sh
|
||||
. $DIR/../postgres/run --only-source
|
||||
|
||||
nextcloud_help() {
|
||||
echo "./run backup : Lancement de la sauvegarde de Nextcloud"
|
||||
echo "./run restore : Restauration de la sauvegarde de Nextcloud"
|
||||
}
|
||||
|
||||
nextcloud_backup() {
|
||||
script_env
|
||||
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
|
||||
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
|
||||
backup_folder_create
|
||||
|
||||
POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
|
||||
docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
|
||||
postgres_backup
|
||||
|
||||
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
|
||||
docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
|
||||
}
|
||||
|
||||
nextcloud_restore() {
|
||||
script_env
|
||||
|
||||
postgres_restore
|
||||
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
|
||||
}
|
||||
|
||||
if [ $# -ge 1 ]; then
|
||||
if [ "${1}" == "backup" ]; then
|
||||
script_start
|
||||
nextcloud_backup
|
||||
script_end
|
||||
elif [ "${1}" == "restore" ]; then
|
||||
script_start
|
||||
nextcloud_restore
|
||||
script_end
|
||||
elif [ "${1}" != "--only-source" ]; then
|
||||
nextcloud_help
|
||||
fi
|
||||
else
|
||||
nextcloud_help
|
||||
fi
|
||||
@ -1,3 +1,3 @@
|
||||
FROM nginx:1.21.1-alpine
|
||||
FROM nginx:1.25.3-alpine
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template
|
||||
|
||||
172
nextcloud/web/nextcloud.conf.template
Normal file
172
nextcloud/web/nextcloud.conf.template
Normal file
@ -0,0 +1,172 @@
|
||||
upstream php-handler {
|
||||
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default "immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 10G;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Add .mjs as a file extension for javascript
|
||||
# Either include it in the default mime.types list
|
||||
# or include you can include that list explicitly and add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
|
||||
location ~ \.wasm$ {
|
||||
default_type application/wasm;
|
||||
}
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
||||
@ -1,174 +0,0 @@
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server nextcloud-fpm:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
# location /nginx_status {
|
||||
# stub_status;
|
||||
# allow 192.168.1.0/24; #only allow requests from local network
|
||||
# deny all; #deny all other hosts
|
||||
# }
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
# Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
}
|
||||
71
plausible/.env
Normal file
71
plausible/.env
Normal file
@ -0,0 +1,71 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
## APP
|
||||
|
||||
PLAUSIBLE_DOMAIN=localhost
|
||||
BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
|
||||
#PLAUSIBLE_CONTAINER_NAME=plausible
|
||||
#PLAUSIBLE_VOLUME_NAME=plausible
|
||||
#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
|
||||
|
||||
ADMIN_USER_NAME=example
|
||||
ADMIN_USER_EMAIL=email@example.org
|
||||
ADMIN_USER_PWD=change-me
|
||||
SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
|
||||
#DISABLE_AUTH=
|
||||
#DISABLE_REGISTRATION=
|
||||
|
||||
## POSTGRES
|
||||
|
||||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=plausible_dev
|
||||
|
||||
## CLICKHOUSE
|
||||
|
||||
#CLICKHOUSE_VOLUME_NAME=
|
||||
#CLICKHOUSE_CONTAINER_NAME=
|
||||
#CLICKHOUSE_IMAGE=
|
||||
|
||||
## SMTP
|
||||
|
||||
#MAILER_EMAIL=
|
||||
#SMTP_HOST_ADDR=
|
||||
#SMTP_HOST_PORT=
|
||||
#SMTP_USER_NAME=
|
||||
#SMTP_USER_PWD=
|
||||
#SMTP_HOST_SSL_ENABLED=
|
||||
#SMTP_RETRIES=
|
||||
|
||||
## GOOGLE SEARCH CONSOLE
|
||||
|
||||
#GOOGLE_CLIENT_ID=
|
||||
#GOOGLE_CLIENT_SECRET=
|
||||
|
||||
## GEOIPUPDATE
|
||||
|
||||
#GEOIPUPDATE_VOLUME_NAME=
|
||||
#GEOIPUPDATE_IMAGE=
|
||||
#GEOIPUPDATE_CONTAINER_NAME=
|
||||
#GEOIPUPDATE_ACCOUNT_ID=
|
||||
#GEOIPUPDATE_LICENSE_KEY=
|
||||
#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
|
||||
#GEOIPUPDATE_FREQUENCY=
|
||||
#GEOIPUPDATE_VERBOSE=
|
||||
#GEOIPUPDATE_DB_DIR=
|
||||
|
||||
## TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME=
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
15
plausible/README.md
Normal file
15
plausible/README.md
Normal file
@ -0,0 +1,15 @@
|
||||
# Plausible
|
||||
|
||||
> Plausible est une plateforme d'analyse Web légère et open source.
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Documentation][documentation]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[site]: https://plausible.io/
|
||||
[source]: https://github.com/plausible/analytics
|
||||
[documentation]: https://plausible.io/docs
|
||||
[dockerhub]: https://hub.docker.com/r/plausible/analytics
|
||||
14
plausible/clickhouse-config.xml
Normal file
14
plausible/clickhouse-config.xml
Normal file
@ -0,0 +1,14 @@
|
||||
<yandex>
|
||||
<logger>
|
||||
<level>warning</level>
|
||||
<console>true</console>
|
||||
</logger>
|
||||
|
||||
<!-- Stop all the unnecessary logging -->
|
||||
<query_thread_log remove="remove"/>
|
||||
<query_log remove="remove"/>
|
||||
<text_log remove="remove"/>
|
||||
<trace_log remove="remove"/>
|
||||
<metric_log remove="remove"/>
|
||||
<asynchronous_metric_log remove="remove"/>
|
||||
</yandex>
|
||||
8
plausible/clickhouse-user-config.xml
Normal file
8
plausible/clickhouse-user-config.xml
Normal file
@ -0,0 +1,8 @@
|
||||
<yandex>
|
||||
<profiles>
|
||||
<default>
|
||||
<log_queries>0</log_queries>
|
||||
<log_query_threads>0</log_query_threads>
|
||||
</default>
|
||||
</profiles>
|
||||
</yandex>
|
||||
7
plausible/docker-compose.clickhouse.yml
Normal file
7
plausible/docker-compose.clickhouse.yml
Normal file
@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
clickhouse:
|
||||
volumes:
|
||||
- ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
|
||||
- ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
|
||||
10
plausible/docker-compose.geoip.yml
Normal file
10
plausible/docker-compose.geoip.yml
Normal file
@ -0,0 +1,10 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
plausible:
|
||||
depends_on:
|
||||
- geoipupdate
|
||||
environment:
|
||||
- GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
|
||||
volumes:
|
||||
- geoipupdate:/geoip:ro
|
||||
7
plausible/docker-compose.google.yml
Normal file
7
plausible/docker-compose.google.yml
Normal file
@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
plausible:
|
||||
environment:
|
||||
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
|
||||
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}
|
||||
6
plausible/docker-compose.local.yml
Normal file
6
plausible/docker-compose.local.yml
Normal file
@ -0,0 +1,6 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
plausible:
|
||||
ports:
|
||||
- ${LOCAL_PORT:-8000}:8000
|
||||
12
plausible/docker-compose.smtp.yml
Normal file
12
plausible/docker-compose.smtp.yml
Normal file
@ -0,0 +1,12 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
plausible:
|
||||
environment:
|
||||
MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
|
||||
SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
|
||||
SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
|
||||
SMTP_USER_NAME: ${SMTP_USER_NAME}
|
||||
SMTP_USER_PWD: ${SMTP_USER_PWD}
|
||||
SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
|
||||
SMTP_RETRIES: ${SMTP_RETRIES:-2}
|
||||
14
plausible/docker-compose.traefik.yml
Normal file
14
plausible/docker-compose.traefik.yml
Normal file
@ -0,0 +1,14 @@
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
plausible:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
31
plausible/docker-compose.yml
Normal file
31
plausible/docker-compose.yml
Normal file
@ -0,0 +1,31 @@
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
plausible:
|
||||
name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
|
||||
|
||||
services:
|
||||
plausible:
|
||||
container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
|
||||
image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
|
||||
restart: always
|
||||
command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
|
||||
depends_on:
|
||||
- clickhouse
|
||||
- postgres
|
||||
environment:
|
||||
ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
|
||||
ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
|
||||
ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
|
||||
BASE_URL: ${BASE_URL}
|
||||
SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
|
||||
DISABLE_AUTH: ${DISABLE_AUTH:-false}
|
||||
DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
|
||||
DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
|
||||
CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
|
||||
SITE_LIMIT: ${SITE_LIMIT:-3}
|
||||
SELFHOST: ${SELFHOST:-true}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-warn}
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
@ -1,3 +1,7 @@
|
||||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
|
||||
@ -7,12 +7,14 @@ volumes:
|
||||
services:
|
||||
postgres:
|
||||
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
|
||||
image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
|
||||
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER:?err}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
POSTGRES_DB: ${POSTGRES_DB:?err}
|
||||
PUID: ${POSTGRES_PUID:-1000}
|
||||
PGID: ${POSTGRES_PGID:-1000}
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
||||
21
prometheus/.env
Normal file
21
prometheus/.env
Normal file
@ -0,0 +1,21 @@
|
||||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
############
|
||||
# PROMETHEUS
|
||||
|
||||
#PROMETHEUS_IMAGE=
|
||||
PROMETHEUS_DOMAIN=prometheus.cool.life
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME=
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
3
prometheus/Dockerfile
Normal file
3
prometheus/Dockerfile
Normal file
@ -0,0 +1,3 @@
|
||||
ARG PROMETHEUS_IMAGE
|
||||
FROM $PROMETHEUS_IMAGE
|
||||
ADD prometheus.yml /etc/prometheus/
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user