Compare commits

..

1 Commits

Author SHA1 Message Date
Simon 951490a1da fix: Backup uploaded files
Environment variables take precedence over configurations from the config files, so don't backup it.
2021-09-15 22:32:50 +02:00
146 changed files with 543 additions and 2673 deletions

View File

@ -1,40 +1,28 @@
# Services
Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt.
Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
## Liste des services
### Pour les utilisateurs
- [Directus](./directus) : Permet d'administrer une base de données
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
- [signaturepdf](./signaturepdf) : Logiciel WEB libre permettant de modifier un fichier PDF facilement
- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
- [Vikunja](./vikunja) : L'application pour organiser sa vie
### Pour les devs / ops
- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
- [Drone](./drone) : Un service d'intégration continue
- [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Drone](./drone) `en pause` : Un service d'intégration continue
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Grafana](./grafana) : Un outil de supervision simple et élégant
- [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
- [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
- [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
## Comment ça marche ?
Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples).
Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
### Docker et Docker Compose
@ -47,11 +35,9 @@ Voici les commandes de base :
### ./run
> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.
Vous pouvez lancer le script sans paramètres pour afficher la documentation du script.
Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
## Documentation
@ -69,8 +55,6 @@ En haut de chaque script il y a `set -eu` qui veut dire :
## Tâches
> 🚧 Ses tâches ne sont pas à jour
Général :
- [ ] Mettre en place une rotation des logs

View File

@ -1,3 +0,0 @@
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=

View File

@ -1,16 +0,0 @@
# ClickHouse
> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
>
> <cite>[Wikipédia][wikipedia]</cite>
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
[site]: https://clickhouse.com/
[source]: https://github.com/ClickHouse/ClickHouse
[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server

View File

@ -1,19 +0,0 @@
---
volumes:
clickhouse:
name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
services:
clickhouse:
container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
restart: always
volumes:
- clickhouse:/var/lib/clickhouse
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ulimits:
nofile:
soft: 262144
hard: 262144

View File

@ -1,56 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
##########
# DIRECTUS
#
# see https://github.com/directus/directus/blob/main/api/example.env
DIRECTUS_CONTAINER_NAME=directus_cool_life
DIRECTUS_DOMAIN=directus.cool.life
DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
DIRECTUS_ADMIN_EMAIL=admin@example.com
DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
EMAIL_SMTP_HOST=mail.example.org
#EMAIL_SMTP_PORT=
EMAIL_SMTP_USER=user
EMAIL_SMTP_PASSWORD=password
#EMAIL_SMTP_SECURE=
#EMAIL_SMTP_IGNORE_TLS=
# DIRECTUS_PUID=
# DIRECTUS_PGID=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=directus-postgres
POSTGRES_VOLUME_NAME=directus-postgres
#POSTGRES_IMAGE=
#######
# REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,20 +0,0 @@
# Directus
> Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker][docker]
[website]: https://directus.io/
[docker]: https://hub.docker.com/r/directus/directus
[github]: https://github.com/directus/directus/
[documentation]: https://docs.directus.io/reference/environment-variables/

View File

@ -1,8 +0,0 @@
---
services:
directus:
environment:
CACHE_ENABLED: 'true'
CACHE_STORE: 'redis'
CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'

View File

@ -1,13 +0,0 @@
---
services:
directus:
environment:
EMAIL_TRANSPORT: smtp
EMAIL_FROM: ${EMAIL_FROM:?err}
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
directus:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web

View File

@ -1,38 +0,0 @@
---
volumes:
directus:
name: ${DIRECTUS_VOLUME_NAME:-directus}
services:
directus:
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
restart: always
volumes:
- directus:/directus/uploads
depends_on:
- postgres
- redis
environment:
KEY: ${DIRECTUS_KEY:?err}
SECRET: ${DIRECTUS_SECRET:?err}
TELEMETRY: false
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
DB_CLIENT: 'pg'
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
DB_PORT: '5432'
DB_DATABASE: ${POSTGRES_DB:?err}
DB_USER: ${POSTGRES_USER:?err}
DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
TZ: ${TZ:-Europe/Paris}
PUID: ${DIRECTUS_PUID:-1000}
PGID: ${DIRECTUS_PGID:-1000}

37
drone/.env Normal file
View File

@ -0,0 +1,37 @@
## DOCKER
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
TRAEFIK_NETWORK_NAME=kifeart
## DRONE SERVER
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:1.7.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
# https://docs.drone.io/server/reference/
DRONE_GIT_ALWAYS_AUTH=true
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
# https://docs.drone.io/server/provider/gitea/
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
## DRONE RUNNER
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
DRONE_RUNNER_CONTAINER_NAME=drone-runner
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_NAME=ci-runner.cool.life
DRONE_RUNNER_UI_USERNAME=kosssi
DRONE_RUNNER_UI_PASSWORD=$not$a$password

View File

@ -4,22 +4,6 @@
>
> <cite>[Codeflow][article]</cite>
## Documentation
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
Le service est basé sur 2 briques :
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
- le coté exécution des tâches (_[runner](./runner)_).
### Génération de clé
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
```
openssl rand -hex 16
```
## Liens
- [Site internet][site]

View File

@ -0,0 +1,10 @@
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}

View File

@ -0,0 +1,22 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
traefik.http.routers.drone-server.entrypoints: 'web'
drone-runner:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
traefik.http.routers.drone-runner.entrypoints: 'web'

41
drone/docker-compose.yml Normal file
View File

@ -0,0 +1,41 @@
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME}
image: ${DRONE_SERVER_IMAGE}
restart: always
environment:
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
DRONE_LOGS_DEBUG: 'true'
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE}
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
DRONE_RPC_PROTO: http
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
DRONE_DEBUG: 'true'

View File

@ -1,36 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
#COMPOSE_PROJECT_NAME=
## DRONE RUNNER
#https://docs.drone.io/runner/docker/configuration/reference/
### Docker
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
DRONE_RUNNER_CONTAINER_NAME=drone-server
### Drone
# https://docs.drone.io/runner/docker/installation/linux/
DRONE_RPC_HOST=drone.cool.life
DRONE_RPC_PROTO=https
DRONE_RPC_SECRET=change-me
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=drone-runner
DRONE_UI_USERNAME=resilien
DRONE_UI_PASSWORD=change-me
DRONE_UI_DISABLE=false
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,11 +0,0 @@
# Drone CI Runner
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
## Installation
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.

View File

@ -1,13 +0,0 @@
---
# https://docs.drone.io/runner/docker/configuration/dashboard/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}

View File

@ -1,6 +0,0 @@
---
services:
drone-runner:
ports:
- "3000:3000"

View File

@ -1,13 +0,0 @@
---
# https://docs.drone.io/runner/docker/configuration/logging/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
DRONE_DEBUG: ${DRONE_DEBUG:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
external: true
services:
drone-runner:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,24 +0,0 @@
---
# https://docs.drone.io/runner/docker/installation/linux/
services:
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}

View File

@ -1,65 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## DRONE SERVER
# https://docs.drone.io/server/reference/
### Docker
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:2.8.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
### Drone
DRONE_RPC_SECRET=change-me
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
### User
DRONE_ADMIN_USER=resilien
DRONE_ADMIN_TOKEN=change-me
DRONE_USER_FILTER=resilien
DRONE_REGISTRATION_CLOSED=true
### Gitea
# https://docs.drone.io/server/provider/gitea/
#DRONE_GIT_ALWAYS_AUTH=
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=change-me
## Header
# https://docs.drone.io/server/headers/
#DRONE_HTTP_SSL_REDIRECT=
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
#DRONE_HTTP_SSL_HOST=
#DRONE_HTTP_STS_SECONDS=
### Cookie
# https://docs.drone.io/server/cookie/
DRONE_COOKIE_SECRET=change-me
#DRONE_COOKIE_TIMEOUT=720h
### POSTGRES
# https://docs.drone.io/server/storage/encryption/
DRONE_DATABASE_SECRET=change-me
POSTGRES_USER=user
POSTGRES_PASSWORD=password
POSTGRES_VOLUME_NAME=postgres
POSTGRES_CONTAINER_NAME=postgres
POSTGRES_DB=drone
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,42 +0,0 @@
# Drone CI Server
## Installation
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
## Configuration
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
### Installation du CLI
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
### Configuration du CLI en local
Il faut :
- l'url de l'instance (`DRONE_SERVER_HOST`)
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
```
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
```
[Documentation officielle](https://docs.drone.io/cli/configure/)
### Les utilisateurs
Il faut ajouter les utilisateurs non admin :
```
drone user add kosssi
drone user add killian
export PROMETHEUS_TOKEN=`openssl rand -hex 16`
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
```
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
[Documentation officielle](https://docs.drone.io/server/user/machine/#create-accounts) [cli](https://docs.drone.io/cli/user/drone-user-add/)

View File

@ -1,11 +0,0 @@
---
# https://docs.drone.io/server/cookie/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-cookie-secret/
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
# https://docs.drone.io/server/reference/drone-cookie-timeout/
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days

View File

@ -1,15 +0,0 @@
---
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-git-always-auth/
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
# https://docs.drone.io/server/reference/drone-gitea-server/
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-id/
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}

View File

@ -1,11 +0,0 @@
---
# https://docs.drone.io/server/headers/
services:
drone-server:
environment:
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}

View File

@ -1,6 +0,0 @@
---
services:
drone-server:
ports:
- "3000:3000"

View File

@ -1,17 +0,0 @@
---
# https://docs.drone.io/server/logging/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-logs-debug/
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
# https://docs.drone.io/server/reference/drone-logs-text/
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
# https://docs.drone.io/server/reference/drone-logs-pretty/
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
# https://docs.drone.io/server/reference/drone-logs-color/
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
# https://docs.drone.io/server/reference/drone-logs-trace/
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}

View File

@ -1,14 +0,0 @@
---
# https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-database-secret/
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
# https://docs.drone.io/server/reference/drone-database-driver/
DRONE_DATABASE_DRIVER: postgres
# https://docs.drone.io/server/reference/drone-database-datasource/
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
external: true
services:
drone-server:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,13 +0,0 @@
---
# https://docs.drone.io/server/user/registration/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-user-create/
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
# https://docs.drone.io/server/reference/drone-user-filter/
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
# https://docs.drone.io/server/reference/drone-registration-closed/
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}

View File

@ -1,22 +0,0 @@
---
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
restart: always
environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
# https://docs.drone.io/server/reference/drone-server-host/
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
# https://docs.drone.io/server/reference/drone-server-proto/
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

View File

@ -13,5 +13,3 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
## DOCKER_HOST
Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit sexécuter sur ce serveur.
> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur

View File

@ -1,9 +0,0 @@
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=blablabla
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=

View File

@ -1,20 +0,0 @@
---
volumes:
geoip:
name: ${GEOIP_VOLUME_NAME:-geoip}
services:
geoip:
image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoip:${GEOIP_DOWNLOAD_PATH:-/data}
environment:
EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
LOG_JSON: ${GEOIP_LOG_JSON:-false}

View File

@ -1,10 +0,0 @@
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
GEOIPUPDATE_ACCOUNT_ID=<change-me>
GEOIPUPDATE_LICENSE_KEY=<change-me>
#GEOIPUPDATE_EDITION_IDS=
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=

View File

@ -1,14 +0,0 @@
# HedgeDoc
> Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker de LinuxServer][docker]
[website]: https://www.maxmind.com/en/home
[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
[github]: https://github.com/maxmind/geoipupdate
[documentation]: https://dev.maxmind.com/geoip/updating-databases

View File

@ -1,20 +0,0 @@
---
volumes:
geoipupdate:
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
services:
geoipupdate:
image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
environment:
GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}

View File

@ -1,34 +1,26 @@
########
# DOCKER
COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml
SERVICES_DIR=".."
COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
# APP
#######
# GITEA
GITEA_VOLUME_NAME=gitea
GITEA_PROTOCOL=http
GITEA_DOMAIN=gitea.lan
# APP CONFIG
# https://docs.gitea.io/en-us/install-with-docker/#environments-variables
GITEA_DOMAIN=gitea.lan
GITEA_VOLUME_NAME=gitea
GITEA_IMAGE=gitea/gitea:1.18.4
GITEA_PROTOCOL=http
GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
# SMTP
GITEA__mailer__FROM='"Name" <email@example.com>'
GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
GITEA__mailer__SMTP_PORT=465
GITEA__mailer__USER=gitea.lan
GITEA__mailer__PASSWD=gitea.lan
DISABLE_SSH=true
RUN_MODE=prod
ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN}
DISABLE_REGISTRATION=true
DISABLE_GRAVATAR=true
#INSTALL_LOCK=true
# DATABASE
# Voir la description ../postgres/README.md
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=gitea-postgres
POSTGRES_VOLUME_NAME=gitea-postgres
POSTGRES_IMAGE=postgres:15.2-alpine

View File

@ -4,8 +4,6 @@
>
> <cite>[Documentation][documentation]</cite>
Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
## Commandes
```sh

View File

@ -1,6 +0,0 @@
---
services:
gitea:
environment:
- GITEA__METRICS__ENABLED=true

View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
gitea:

View File

@ -1,12 +0,0 @@
---
services:
gitea:
environment:
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
- GITEA__database__NAME=${POSTGRES_DB}
- GITEA__database__USER=${POSTGRES_USER}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
depends_on:
- postgres

View File

@ -1,14 +0,0 @@
---
services:
gitea:
environment:
- GITEA__mailer__ENABLED=true
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}

View File

@ -1,15 +1,16 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
gitea:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)'
traefik.http.routers.gitea.entrypoints: 'web'
traefik.http.services.gitea.loadbalancer.server.port: '3000'

View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
gitea:
@ -7,17 +7,19 @@ volumes:
services:
gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
restart: always
environment:
- USER_UID=${GITEA_UID:-1000}
- USER_GID=${GITEA_GID:-1000}
# Security
# docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
# docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
- GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
# - USER_UID=1000
# - USER_GID=1000
DB_TYPE: postgres
DB_HOST: postgres:5432
DB_NAME: ${POSTGRES_DB}
DB_USER: ${POSTGRES_USER}
DB_PASSWD: ${POSTGRES_PASSWORD}
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- postgres

View File

@ -1,48 +1,3 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
#########
# GRAFANA
GRAFANA_DOMAIN=grafana.cool.life
#GRAFANA_VOLUME_NAME=
#GRAFANA_CONTAINER_NAME=
#GRAFANA_IMAGE=
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=password
#GF_SECURITY_DISABLE_GRAVATAR=
#GF_SECURITY_COOKIE_SECURE=
#GF_USERS_ALLOW_SIGN_UP=
GF_INSTALL_PLUGINS=grafana-piechart-panel
######
# SMTP
#GF_SMTP_HOST=
#GF_SMTP_USER=
#GF_SMTP_PASSWORD=
#GF_SMTP_FROM_ADDRESS=
#GF_SMTP_FROM_NAME=
#######
# REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
#GF_REMOTE_CACHE_CONNSTR=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=
GF_SECURITY_ADMIN_PASSWORD=admin

View File

@ -1,19 +0,0 @@
# Grafana
> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
>
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
## 🔧 Configuration
La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
## 🔗 Liens
- [Site officiel](https://grafana.com)
- [La documentation](https://grafana.com/docs)
- [Github](https://github.com/grafana/grafana)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)

View File

@ -1,11 +0,0 @@
---
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#database
GF_DATABASE_TYPE: postgres
GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
GF_DATABASE_NAME: ${POSTGRES_DB:?err}
GF_DATABASE_USER: ${POSTGRES_USER:?err}
GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}

View File

@ -1,8 +0,0 @@
---
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
GF_REMOTE_CACHE_TYPE: redis
GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}

View File

@ -1,12 +0,0 @@
---
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
GF_SMTP_ENABLED: true
GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
GF_SMTP_USER: ${GF_SMTP_USER:?err}
GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
grafana:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,4 +1,9 @@
---
version: "3"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
volumes:
grafana:
@ -7,17 +12,17 @@ volumes:
services:
grafana:
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
restart: always
volumes:
- grafana:/var/lib/grafana
environment:
GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
traefik.http.routers.grafana.entrypoints: 'web'

View File

@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :
## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées.
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).
@ -21,23 +21,6 @@ Lancer le service :
docker-compose up -d
```
## Debug
### Se connecter à la base de données
```shell
. .env
docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
```
### Traitement des notes vides
```
SELECT count(*) FROM public."Notes" WHERE content = '';
SELECT * FROM public."Notes" WHERE content = '';
DELETE FROM public."Notes" WHERE content = '';
```
## Liens
- [Site officiel][website]

View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
hedgedoc:

View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
hedgedoc:
@ -7,27 +7,24 @@ volumes:
services:
hedgedoc:
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
restart: always
depends_on:
- postgres
volumes:
- hedgedoc:/config/uploads
- hedgedoc:/opt/hedgedoc/public/uploads
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.hedgedoc.org/configuration/
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
PGID: ${PGID:-1000}
PUID: ${PUID:-1000}

View File

@ -1,26 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
LISTMONK_DOMAIN=localhost
LISTMONK_ADMIN_USERNAME=
LISTMONK_ADMIN_PASSWORD=
#LISTMONK_CONTAINER_NAME=listmonk
#LISTMONK_VOLUME_NAME=listmonk
#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=listmonk
POSTGRES_PASSWORD=listmonk
POSTGRES_DB=listmonk

View File

@ -1,37 +0,0 @@
# listmonk
> Gestionnaire de listes de diffusion et de newsletter
## Documentation
listmonk ne gère actuellement pas le multicompte.
Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
```
command: [sh, -c, "./listmonk --config ''"]
```
Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
```
Pour faire les mise à jour et ainsi migrer la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
```
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://listmonk.app/
[source]: https://github.com/knadh/listmonk
[documentation]: https://listmonk.app/docs/
[dockerhub]: https://hub.docker.com/r/listmonk/listmonk

View File

@ -1,41 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
volumes:
listmonk:
name: ${LISTMONK_VOLUME_NAME:-listmonk}
services:
listmonk:
container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
restart: always
#command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
#command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
command: [sh, -c, "./listmonk --config ''"]
depends_on:
- postgres
environment:
LISTMONK_app__address: 0.0.0.0:9000
LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
LISTMONK_db__port: 5432
LISTMONK_db__user: ${POSTGRES_USER:?err}
LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
LISTMONK_db__database: ${POSTGRES_DB:?err}
LISTMONK_db__ssl_mode: disable
TZ: Europe/Paris
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- listmonk:/listmonk/uploads
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,50 +0,0 @@
########
# DOCKER
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
#######
# LLDAP
SERVICE_DOMAIN=lldap.cool.life
LLDAP_VOLUME_NAME=lldap_cool_life
LLDAP_CONTAINER_NAME=lldap_cool_life
LLDAP_IMAGE=nitnelave/lldap:v0.4.3
LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
LLDAP_VERBOSE=true
LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
LLDAP_LDAP_USER_DN="myuser"
LLDAP_LDAP_USER_EMAIL="admin@cool.life"
LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
# LLDAP_TEST_EMAIL_TO=
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
# LLDAP_SMTP_OPTIONS__SERVER=
# LLDAP_SMTP_OPTIONS__PORT=
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
# LLDAP_SMTP_OPTIONS__USER=
# LLDAP_SMTP_OPTIONS__PASSWORD=
# LLDAP_SMTP_OPTIONS__FROM=
# LLDAP_SMTP_OPTIONS__REPLY_TO=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=lldap-postgres
POSTGRES_VOLUME_NAME=lldap-postgres
#POSTGRES_IMAGE=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,27 +0,0 @@
# LLDAP
> Implémentation légère de LDAP pour l'authentification :
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
## Documentation
- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
## Configuration
La configuration a été séparée en 5 fichiers :
- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik
- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP
- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres
- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik
## Liens
- [Code source](https://github.com/lldap/lldap)
- [Docker Hub](https://hub.docker.com/r/nitnelave/lldap)
- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml)

View File

@ -1,11 +0,0 @@
---
services:
lldap:
ports:
# For LDAP
- "3890:3890"
# For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
- "6360:6360"
# For the web front-end
- "17170:17170"

View File

@ -1,6 +0,0 @@
---
services:
lldap:
environment:
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}

View File

@ -1,14 +0,0 @@
---
services:
lldap:
environment:
- LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}

View File

@ -1,22 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
lldap:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

View File

@ -1,24 +0,0 @@
---
volumes:
lldap:
name: ${LLDAP_VOLUME_NAME:-lldap}
services:
lldap:
container_name: ${LLDAP_CONTAINER_NAME:-lldap}
image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3}
restart: always
volumes:
- "lldap:/data"
environment:
- TZ=${TIMEZONE:-Europe/Paris}
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
- LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
- LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
- LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}

View File

@ -1,63 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
#COMPOSE_PROJECT_NAME=
############
## MOBILIZON
MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
MOBILIZON_DOMAIN=mobilizon.lan
#MOBILIZON_INSTANCE_PORT=4000
MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
MOBILIZON_INSTANCE_SECRET_KEY=changethis
MOBILIZON_SMTP_SERVER=localhost
MOBILIZON_SMTP_HOSTNAME=localhost
MOBILIZON_SMTP_PORT=25
MOBILIZON_SMTP_SSL=false
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
MOBILIZON_SMTP_PASSWORD=password
#MOBILIZON_PUID=
#MOBILIZON_PGID=
#######
# GEOIP
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=
##########
# POSTGRES
POSTGRES_USER=mobilizon_user
POSTGRES_PASSWORD=mobilizon_password
POSTGRES_DB=mobilizon_db
#POSTGRES_CONTAINER_NAME=mobilizon_postgres
#POSTGRES_VOLUME_NAME=mobilizon_postgres
POSTGRES_IMAGE=kartoza/postgis:14-3.1
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,23 +0,0 @@
# Mobilizon
> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
>
> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
## Configuration
Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
## Liens
- 🌐 [Site website](https://joinmobilizon.org)
- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
- 💻 Source officiel :
- [le logiciel](https://framagit.org/framasoft/mobilizon)
- [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
- 📜 [Documentation](https://docs.joinmobilizon.org)
- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)

View File

@ -1,6 +0,0 @@
---
services:
mobilizon:
ports:
- "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
mobilizon:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,45 +0,0 @@
---
volumes:
mobilizon:
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
services:
mobilizon:
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
restart: always
depends_on:
- postgres
- geoip
volumes:
- mobilizon:/var/lib/mobilizon/uploads
# - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
- geoip:/var/lib/mobilizon/geo_db
environment:
MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
PUID: ${MOBILIZON_PUID:-1000}
PGID: ${MOBILIZON_PGID:-1000}

View File

@ -1,51 +1,23 @@
########
# DOCKER
## DOCKER
#DOCKER_CONTEXT=
COMPOSE_FILE=./docker-compose.yml
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
TRAEFIK_NETWORK_NAME=kifeart
## APP
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
NEXTCLOUD_CONTAINER_NAME=nextcloud
NEXTCLOUD_VOLUME_NAME=nextcloud
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_ADMIN_USER=user
NEXTCLOUD_ADMIN_PASSWORD=password
NEXTCLOUD_ADMIN_USER: user
NEXTCLOUD_ADMIN_PASSWORD: password
#SMTP_HOST=mail.test.org
#SMTP_SECURE=
#SMTP_PORT=
#SMTP_AUTHTYPE=
#SMTP_NAME=test@test.org
#SMTP_PASSWORD=blablablabla
#MAIL_FROM_ADDRESS=no-reply
#MAIL_DOMAIN=test.org
##########
# POSTGRES
# DATABASE
# Voir la description ../postgres/README.md
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=nextcloud-postgres
POSTGRES_VOLUME_NAME=nextcloud-postgres
#POSTGRES_IMAGE=
#######
# REDIS
#REDIS_IMAGE=
REDIS_CONTAINER_NAME=nextcloud-redis
#REDIS_VOLUME_NAME=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

View File

@ -10,82 +10,47 @@
>
> -- <cite>[Github][github]</cite>
On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/).
On peut trouver [la documentation ici][documentation].
## Aide
Commande pour se connecter à un serveur :
```sh
. .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
```
docker exec --user www-data -it nextcloud bash
Pour mettre un site en maintenance :
```sh
. .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys
```
## Configuration
Il est possible de configurer certaines parties avec des variables d'environnement :
- Soit les variables sont spécifique à l'image Docker
- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration.
### Création d'un groupe
Voici les modifications que j'effectue :
```
export NC_GROUP=com-en-aubrac
php occ group:add $NC_GROUP
docker-compose exec --user www-data nextcloud-fpm ash
vi config/config.php
```
Ajout de la configuration suivante :
```
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'default_phone_region' => 'FR',
'defaultapp' => 'files',
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'jpeg_quality' => 60,
```
### Création d'un utilisateur
Ajout de imagemagick :
```
# La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
export OC_PASS=unmotdepasse!
export NC_USER=simon
export NC_NAME=Simon
export NC_MAIL=simon@example.org
export NC_QUOTA="180 GB"
php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
php occ user:setting $NC_USER settings email $NC_MAIL
docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
```
### Quota
Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
ou
```
export NC_USER=simon
export NC_QUOTA="10 GB"
php occ user:setting $NC_USER files quota "$NC_QUOTA"
```
### imagemagick
> Le module php-imagick na aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de linstaller.
Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
```
. .env
docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
```
## Application
Suppression d'application :
```
php occ app:disable dashboard
php occ app:disable photos
php occ app:disable weather_status
php occ app:disable user_status
ssh <server>
docker exec nextcloud-fpm apk add --no-cache imagemagick
```
## PHP-FPM: remédier à server reached pm.max_children

View File

@ -1,20 +0,0 @@
---
services:
nextcloud-fpm:
environment:
&nextcloud-configuration
NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
NC_force_language: ${NC_force_language:-fr}
NC_default_locale: ${NC_default_locale:-fr_FR}
NC_force_locale: ${NC_force_locale:-fr_FR}
NC_default_language: ${NC_default_language:-fr}
NC_default_phone_region: ${NC_default_phone_region:-FR}
NC_defaultapp: ${NC_defaultapp:-files}
NC_preview_max_x: ${NC_preview_max_x:-2048}
NC_preview_max_y: ${NC_preview_max_y:-2048}
NC_jpeg_quality: ${NC_jpeg_quality:-60}
nextcloud-cron:
environment:
<<: *nextcloud-configuration

View File

@ -1,6 +0,0 @@
---
services:
nextcloud-web:
ports:
- ${LOCAL_PORT:-80}:80

View File

@ -1,16 +0,0 @@
---
services:
nextcloud-fpm:
depends_on:
- postgres
environment:
&postgres-configuration
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
nextcloud-cron:
environment:
<<: *postgres-configuration

View File

@ -1,13 +0,0 @@
---
services:
nextcloud-fpm:
depends_on:
- redis
environment:
&redis-configuration
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
nextcloud-cron:
environment:
<<: *redis-configuration

View File

@ -1,18 +0,0 @@
---
services:
nextcloud-fpm:
environment:
&smtp-configuration
SMTP_HOST: ${SMTP_HOST:?err}
SMTP_SECURE: ${SMTP_SECURE:-}
SMTP_PORT: ${SMTP_PORT:-587}
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
SMTP_NAME: ${SMTP_NAME:?err}
SMTP_PASSWORD: ${SMTP_PASSWORD:?err}
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS:?err}
MAIL_DOMAIN: ${MAIL_DOMAIN:?err}
nextcloud-cron:
environment:
<<: *smtp-configuration

View File

@ -1,20 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
nextcloud-fpm:
environment:
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
nextcloud-web:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/

View File

@ -1,52 +1,98 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
volumes:
nextcloud:
name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}
name: ${NEXTCLOUD_VOLUME_NAME}
nextcloud-postgres:
name: ${POSTGRES_VOLUME_NAME}
services:
nextcloud-fpm:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
restart: always
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
&fpm-configuration
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
nextcloud-web:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
build: ${SERVICES_DIR}/nextcloud/web
container_name: nextcloud-web
build: ./web
restart: always
environment:
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
depends_on:
- nextcloud-fpm
volumes:
- nextcloud:/var/www/html
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
nextcloud-fpm:
container_name: nextcloud-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
restart: always
hostname: ${NEXTCLOUD_DOMAIN}
depends_on:
- nextcloud-postgres
- nextcloud-redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
OVERWRITEPROTOCOL: 'https'
APACHE_DISABLE_REWRITE_IP: '1'
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
OVERWRITEPROTOCOL: 'https'
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_USER: ${POSTGRES_USER}
REDIS_HOST: 'nextcloud-redis'
PUID: 1001
PGID: 119
nextcloud-postgres:
container_name: ${POSTGRES_CONTAINER_NAME}
image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
PUID: 1001
PGID: 119
volumes:
- nextcloud-postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
nextcloud-redis:
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
container_name: nextcloud-redis
restart: always
environment:
PUID: 1001
PGID: 119
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
nextcloud-cron:
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
container_name: nextcloud-cron
restart: always
depends_on:
- nextcloud-web
entrypoint: /cron.sh
environment:
<<: *fpm-configuration
PUID: 1001
PGID: 119
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro

49
nextcloud/run Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
set -eu
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
. $DIR/../help.sh
. $DIR/../postgres/run --only-source
nextcloud_help() {
echo "./run backup : Lancement de la sauvegarde de Nextcloud"
echo "./run restore : Restauration de la sauvegarde de Nextcloud"
}
nextcloud_backup() {
script_env
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
backup_folder_create
POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
postgres_backup
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
}
nextcloud_restore() {
script_env
postgres_restore
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
}
if [ $# -ge 1 ]; then
if [ "${1}" == "backup" ]; then
script_start
nextcloud_backup
script_end
elif [ "${1}" == "restore" ]; then
script_start
nextcloud_restore
script_end
elif [ "${1}" != "--only-source" ]; then
nextcloud_help
fi
else
nextcloud_help
fi

View File

@ -1,3 +1,3 @@
FROM nginx:1.25.3-alpine
FROM nginx:1.21.1-alpine
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template
COPY nginx.conf /etc/nginx/nginx.conf

View File

@ -1,172 +0,0 @@
upstream php-handler {
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
# Path to the root of your installation
root /var/www/html;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

174
nextcloud/web/nginx.conf Normal file
View File

@ -0,0 +1,174 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud-fpm:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

View File

@ -1,71 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
PLAUSIBLE_DOMAIN=localhost
BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
#PLAUSIBLE_CONTAINER_NAME=plausible
#PLAUSIBLE_VOLUME_NAME=plausible
#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
ADMIN_USER_NAME=example
ADMIN_USER_EMAIL=email@example.org
ADMIN_USER_PWD=change-me
SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
#DISABLE_AUTH=
#DISABLE_REGISTRATION=
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=plausible_dev
## CLICKHOUSE
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=
## SMTP
#MAILER_EMAIL=
#SMTP_HOST_ADDR=
#SMTP_HOST_PORT=
#SMTP_USER_NAME=
#SMTP_USER_PWD=
#SMTP_HOST_SSL_ENABLED=
#SMTP_RETRIES=
## GOOGLE SEARCH CONSOLE
#GOOGLE_CLIENT_ID=
#GOOGLE_CLIENT_SECRET=
## GEOIPUPDATE
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
#GEOIPUPDATE_ACCOUNT_ID=
#GEOIPUPDATE_LICENSE_KEY=
#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=
## TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,15 +0,0 @@
# Plausible
> Plausible est une plateforme d'analyse Web légère et open source.
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://plausible.io/
[source]: https://github.com/plausible/analytics
[documentation]: https://plausible.io/docs
[dockerhub]: https://hub.docker.com/r/plausible/analytics

View File

@ -1,14 +0,0 @@
<yandex>
<logger>
<level>warning</level>
<console>true</console>
</logger>
<!-- Stop all the unnecessary logging -->
<query_thread_log remove="remove"/>
<query_log remove="remove"/>
<text_log remove="remove"/>
<trace_log remove="remove"/>
<metric_log remove="remove"/>
<asynchronous_metric_log remove="remove"/>
</yandex>

View File

@ -1,8 +0,0 @@
<yandex>
<profiles>
<default>
<log_queries>0</log_queries>
<log_query_threads>0</log_query_threads>
</default>
</profiles>
</yandex>

View File

@ -1,7 +0,0 @@
---
services:
clickhouse:
volumes:
- ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
- ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro

View File

@ -1,10 +0,0 @@
---
services:
plausible:
depends_on:
- geoipupdate
environment:
- GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
volumes:
- geoipupdate:/geoip:ro

View File

@ -1,7 +0,0 @@
---
services:
plausible:
environment:
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}

View File

@ -1,6 +0,0 @@
---
services:
plausible:
ports:
- ${LOCAL_PORT:-8000}:8000

View File

@ -1,12 +0,0 @@
---
services:
plausible:
environment:
MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
SMTP_USER_NAME: ${SMTP_USER_NAME}
SMTP_USER_PWD: ${SMTP_USER_PWD}
SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
SMTP_RETRIES: ${SMTP_RETRIES:-2}

View File

@ -1,14 +0,0 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
plausible:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -1,31 +0,0 @@
---
volumes:
plausible:
name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
services:
plausible:
container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
restart: always
command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
depends_on:
- clickhouse
- postgres
environment:
ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
BASE_URL: ${BASE_URL}
SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
DISABLE_AUTH: ${DISABLE_AUTH:-false}
DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
SITE_LIMIT: ${SITE_LIMIT:-3}
SELFHOST: ${SELFHOST:-true}
LOG_LEVEL: ${LOG_LEVEL:-warn}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

View File

@ -1,7 +1,3 @@
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example

View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
postgres:
@ -7,14 +7,12 @@ volumes:
services:
postgres:
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
PUID: ${POSTGRES_PUID:-1000}
PGID: ${POSTGRES_PGID:-1000}
volumes:
- postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro

View File

@ -1,21 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
############
# PROMETHEUS
#PROMETHEUS_IMAGE=
PROMETHEUS_DOMAIN=prometheus.cool.life
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

View File

@ -1,3 +0,0 @@
ARG PROMETHEUS_IMAGE
FROM $PROMETHEUS_IMAGE
ADD prometheus.yml /etc/prometheus/

Some files were not shown because too many files have changed in this diff Show More