Compare commits

..

148 Commits

Author SHA1 Message Date
Simon bbf61dc0f0 Merge pull request 'feat(LLDAP): Utilisation de la nouvelle variable plus généric' (#83) from lldap into main
Reviewed-on: #83
2024-10-17 14:14:35 +02:00
Simon a5b7aca9b7 feat(LLDAP): Utilisation de la nouvelle variable plus généric 2024-10-17 14:13:47 +02:00
Simon 1f9bd5ea4b Merge pull request 'feat(Vaultwarden): Change domain variable' (#82) from vaultwarden_domain into main
Reviewed-on: #82
2024-10-01 10:51:14 +02:00
Simon e2931630c6 feat(Vaultwarden): Change domain variable 2024-10-01 10:49:32 +02:00
Simon a0300d20d6 Merge pull request 'feat(Vaultwarden): Remove experimental configuration' (#80) from vaultwarden into main
Reviewed-on: #80
2024-08-02 16:52:54 +02:00
Simon d9653fc215 feat(Vaultwarden): Remove experimental configuration 2024-08-02 16:52:33 +02:00
Simon 15a13f1eff Merge pull request 'vaultwarden' (#79) from vaultwarden into main
## Détails

- Ajout d'une redirection automatique du trafic HTTP
- Ajout de documentation pour la traduction des mails
- Ajout des variables pour la configuration du service ainsi que du SSO

## Pourquoi

- Pour faciliter son intégration sur un serveur qui fait office de _entrypoint_
- Pour avoir des mails envoyé en Français
- Pour faciliter le déploiement de Vaultwarden

Reviewed-on: #79
2024-08-01 16:17:30 +02:00
Simon b2509bfd67 feat(Vaultwarden): Ajout de la configuration SSO 2024-08-01 16:13:57 +02:00
Simon 78300c3bf4 feat(Vaultwarden): Ajout de variable de configuration du service 2024-08-01 16:13:57 +02:00
Simon 2630301d58 feat(Vaultwarden): Ajout de documentation pour la traduction des mails 2024-08-01 16:13:57 +02:00
Simon 3f2a4b78fb feat(Vaultwarden): Ajout d'une configuration de Traefik pour redirection automatique HTTP 2024-08-01 16:13:57 +02:00
Simon 342d7bfa58 Merge pull request 'Mise à jour de SignaturePDF' (#78) from signaturepdf into main
## Détails

- Ajout des dernière variables par défaut
- Ajout d'une redirection HTTP vers HTTPS

## Pourquoi

- Pour changer les variables si besoin
- Pour pouvoir mettre en place la redirection facilement

Reviewed-on: #78
2024-07-31 10:49:27 +02:00
Simon fad68813ae feat(SignaturePDF): Add Traefik redirection 2024-07-31 10:48:05 +02:00
Simon f4d72bff12 feat(SignaturePDF): Add default variable for # Installation variable 2024-07-31 10:48:05 +02:00
Simon 532c0a9c7b feat(SignaturePDF): Add default language variable 2024-07-31 10:48:05 +02:00
Simon e24754bc44 feat(SignaturePDF): Add Traefik entrypoints variable 2024-07-31 10:48:05 +02:00
Simon b770dfd525 Merge pull request 'feat(Nextcloud): Update default value of SMTP' (#76) from fix_nextcloud_smtp into main
Reviewed-on: #76
2024-03-29 17:38:54 +01:00
Simon ec039c4474 feat(Nextcloud): Update default value of SMTP 2024-03-29 17:38:38 +01:00
Simon 16a583e326 Merge pull request 'feat(Docker Compose): Remove obsolete version variable' (#75) from docker_compose_version into main
Reviewed-on: #75
2024-03-25 14:36:04 +01:00
Simon 4f3c112404 feat(Docker Compose): Remove obsolete version variable
see: https://github.com/docker/compose/issues/11628
2024-03-25 14:35:05 +01:00
Simon bbd45d8f3f Merge pull request 'feat(Drone Server): Add external parameter for network' (#74) from drone into main
Reviewed-on: #74
2024-03-25 14:19:52 +01:00
Simon 68820ec859 feat(Drone Server): Add external parameter for network 2024-03-25 14:19:17 +01:00
Simon 9b8591caee Merge pull request 'nextcloud' (#73) from nextcloud into main
Reviewed-on: #73
2024-02-05 14:28:41 +01:00
Simon 4c2ebac4e7 chore(Nextcloud): Upgrade nginx 2024-02-05 14:27:45 +01:00
Simon b516600e50 feat(Nextcloud): Update nginx template
https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
2024-02-05 14:27:45 +01:00
Simon c579565849 Merge pull request 'feat(Nextcloud): Split redis & postgres configuration' (#72) from nextcloud into main
Reviewed-on: #72
2023-10-05 14:13:47 +02:00
Simon a26e291396 feat(Nextcloud): Split redis & postgres configuration 2023-10-03 22:22:02 +02:00
Simon 6441551318 Merge pull request 'feat(Vikunja): Add all default variables' (#71) from vikunja into main
Reviewed-on: #71
2023-10-03 14:54:12 +02:00
Simon d88b1829f1 feat(Vikunja): Add all default variables 2023-10-03 14:53:59 +02:00
Simon 6047ad6050 Merge pull request 'vikunja' (#70) from vikunja into main
## Détails

- Mise à jour de la valeur par défaut du langage sinon ça ne fonctionne pas
- Séparation des variables légales dans un fichier

Reviewed-on: #70
2023-10-03 14:19:16 +02:00
Simon 11f89a1c8c feat(Vikunja): Split configuration 2023-10-03 14:17:35 +02:00
Simon 847bc2b014 fix(Vikunja): Fix default language 2023-10-03 14:17:35 +02:00
Simon 2111829feb Merge pull request 'fix(Vikunja): Add default values' (#69) from vikunja into main
Reviewed-on: #69
2023-10-03 10:50:09 +02:00
Simon 06d35b9c9a fix(Vikunja): Add default values 2023-10-03 10:49:56 +02:00
Simon 2ceca1c76a Merge pull request 'vikunja' (#68) from vikunja into main
## Détails

- Mise à jour de vikunja
- Ajout de variable de configuration

Reviewed-on: #68
2023-10-03 10:12:55 +02:00
Simon 225015a5c9 feat(Vikunja): Add more configuration 2023-10-03 10:11:55 +02:00
Simon ab822795ad chore(Vikunja): Upgrade to 0.21.0
https://vikunja.io/blog/2023/07/whats-new-in-vikunja-0.21.0/
2023-10-03 10:11:55 +02:00
Simon f944ef4fe3 Merge pull request 'gitea' (#67) from gitea into main
## Détails

- Crétion d'un fichier spécifique pour la configuration de Postgres pour la configuration du projet Gitea
- Mise à jour de la version de Gitea

## Pourquoi

- Pour permettre d'initialiser un projet Gitea sans base de données et en utilisant SQLite

Reviewed-on: #67
2023-09-28 12:02:13 +02:00
Simon b047319556 chore(Gitea): Upgrade default version to 1.20.4 2023-09-28 12:00:00 +02:00
Simon 9078d9d04f feat(Gitea): Split Postgres configuration 2023-09-28 11:59:08 +02:00
Simon 0a99b3402c Merge pull request 'feat(Traefik): Upgrade and disable dashboard ad' (#66) from traefik into main
Voir [la nouvelle version ](https://github.com/traefik/traefik/releases/tag/v2.10.4)et surtout [ce _commit_](https://github.com/traefik/traefik/pull/10008).

Reviewed-on: #66
2023-09-27 15:19:18 +02:00
Simon 6d5884343e feat(Traefik): Upgrade and disable dashboard ad 2023-09-27 15:17:40 +02:00
Simon 8162c6a81a Merge pull request 'feat(Directus): Add DIRECTUS_ prefix like others variables' (#65) from directus_cors into main
## Détails

- Ajout du préfixe `DIRECTUS_`

## Pourquoi

- Pour garder une cohérence dans le nommage des variables

Reviewed-on: #65
2023-07-18 16:34:06 +02:00
Simon b803eedf8c feat(Directus): Add DIRECTUS_ prefix like others variables 2023-07-18 16:32:30 +02:00
Simon 61680c6e6e Merge pull request 'feat(Directus): Add CORS_ORIGIN variable' (#64) from directus_cors into main
## Détails

- Ajout de la variable `CORS_ORIGIN`

## Pourquoi

- Pour permettre de spécifier les URLs

Reviewed-on: #64
2023-07-18 16:29:14 +02:00
Simon 353c1bd812 feat(Directus): Add CORS_ORIGIN variable 2023-07-18 16:27:39 +02:00
Simon c5d761d229 Merge pull request 'feat(Directus): Add CORS_ENABLED variable' (#63) from directus_cors into main
## Détails

- Ajout de la variable pour configurer les [CORS](https://developer.mozilla.org/fr/docs/Web/http/CORS) de Directus

## Pourquoi

- Pour permettre à un site WEB d’interroger directement l'API de Directus

Reviewed-on: #63
2023-07-18 16:21:36 +02:00
Simon 72621b893d feat(Directus): Add CORS_ENABLED variable 2023-07-18 16:17:40 +02:00
Simon fe0d4d6224 Merge pull request 'fix(lldap): variables name' (#62) from fix_lldap into main
## Détails

- Changement de nom de variables

## Pourquoi

- Pour être plus cohérent

Reviewed-on: #62
2023-07-17 17:57:38 +02:00
Simon b5ea07c70a fix(lldap): variables name 2023-07-17 17:56:24 +02:00
Simon 0b41480815 Merge pull request 'fix(Docker): Network should be external with docker compose 2.20.0' (#61) from fix_networks into main
## Détails

- Ajout du paramètre permettant d'expliciter que le réseau Docker est externe

## Pourquoi

Pour être compatible avec la dernière version de Docker Compose

Reviewed-on: #61
2023-07-17 12:34:44 +02:00
Simon 0e06b651e8 fix(Docker): Network should be external with docker compose 2.20.0 2023-07-17 12:33:30 +02:00
Simon d7206c92de Merge pull request 'feat(LLDAP): Add new service' (#60) from lldap into main
## Détails

- Ajout du service [LLDAP](https://github.com/lldap/lldap)

## Pourquoi

- Pour permettre une gestion simplifiée des utilisateurs des services de RésiLien

Reviewed-on: #60
2023-07-05 15:57:31 +02:00
Simon 06f1e2910f feat(LLDAP): Add new service 2023-07-05 15:56:32 +02:00
Simon 2667aa22dd Merge pull request 'signaturepdf' (#59) from signaturepdf into main
## Détails

- Ajout de l'image par défaut
- Ajout du paramètre _`restart`_

## Pourquoi

- Pour être transparent sur notre image
- Pour que le serveur redémarre automatique lors d'une coupure

Reviewed-on: #59
2023-06-12 16:57:57 +02:00
Simon b7862e8fe5 feat(Signaturepdf): Add restart parameter 2023-06-12 16:54:08 +02:00
Simon 980ced43c4 feat(Signaturepdf): Add default image 2023-06-12 16:53:38 +02:00
Simon 45c731e31e Merge pull request 'feat(Signaturepdf): Add new service' (#58) from signaturepdf into main
## Détails

- Ajout du service de manipulation de fichier PDF

## Pourquoi

- C'est un service qui m’intéresse pour signer les documents de mes associations

Reviewed-on: #58
2023-06-05 10:32:31 +02:00
Simon 573cd5a462 feat(Signaturepdf): Add new service 2023-06-05 10:31:11 +02:00
Simon 47d0a7eaa2 Merge pull request 'docs' (#57) from docs into main
## Détails

- Ajout de documentation

## Pourquoi

- Pour garder des traces de mes recherches

Reviewed-on: #57
2023-06-05 10:09:16 +02:00
Simon 692a26ddff docs(Redis): Add documentation 2023-06-05 10:06:49 +02:00
Simon e2d0a53db4 docs(Drone): Add documentation 2023-06-05 10:06:49 +02:00
Simon 53ebc3f591 Merge pull request 'fix(Nextcloud): Trusted proxies is for fpm not web container' (#56) from nextcloud into main
## Détails

- Fix le problème de configuration des reverses proxies

## Pourquoi

C'était une configuration que nous devions faire à la main alors que la configuration devait fonctionner. En recherchant un peu je me suis rendu compte que nous donnions le nom du reverse proxie au mauvais contenaire.

Reviewed-on: #56
2023-05-23 11:59:19 +02:00
Simon 982c1322bc fix(Nextcloud): Trusted proxies is for fpm not web container 2023-05-23 11:56:12 +02:00
Simon 0483e4325e Merge pull request 'fix(Nextcloud): Add variable to configure SMTP' (#55) from gitea into main
## Détails

- Ajout de variable d'environnement pour configurer le SMTP des Nextcloud

## Pourquoi

- La configuration ne fonctionnait plus depuis [ce commit](b3dce58f7b).

Reviewed-on: #55
2023-05-10 22:03:07 +02:00
Simon 745d69aade fix(Nextcloud): Add variable to configure SMTP 2023-05-10 22:02:28 +02:00
Simon d5e61d35a5 Merge pull request 'feat(Gitea): Update configuration' (#54) from gitea into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/54
2023-02-21 12:44:50 +01:00
Simon 8f5fcec3a9 feat(Gitea): Update configuration 2023-02-21 12:44:23 +01:00
Simon 0798bab099 Merge pull request 'feat(Gitea): Upgrade to 1.19 and update configuration' (#53) from gitea into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/53
2023-02-21 11:58:40 +01:00
Simon e8a022e7e3 feat(Gitea): Upgrade to 1.19 and update configuration 2023-02-21 11:58:06 +01:00
Simon c8c945ad64 Merge pull request 'feat(Traefik): Pilot is deprecated' (#52) from traefik into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/52
2023-02-02 16:51:23 +01:00
Simon ba29719ed1 feat(Traefik): Pilot is deprecated
https://traefik.io/blog/announcing-traefik-proxy-2-8/
2023-02-02 16:51:07 +01:00
Simon f598c06029 Merge pull request 'feat(Vikunja): Restart container & explicite dependency' (#51) from nextcloud into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/51
2023-02-02 13:02:45 +01:00
Simon de2a8eef46 feat(Vikunja): Restart container & explicite dependency 2023-02-02 12:59:09 +01:00
Simon 6334a88085 Merge pull request 'Mise à jour de Nextcloud' (#50) from nextcloud into main
## Détails

1. Modification de la syntaxe d'erreur coté SMTP `?err` -> `:?err`
2. Ajout des variables de configuration dans le conteneur cron
3. Fix le chemin du dossier pour construire l'image Docker web
4. Ajout de variables d'envionnement pour surcharger la configuration de `config.php`
5. Modification des variables SMTP pour utiliser plutôt les variables d'environnement plutôt que le script d'installation
6. Mise à jour de Nginx
7. Modification de la documentation en fonction des changements
8. Mise à jour de Nextcloud

## Pourquoi

1. Les variables SMTP ne doivent pas être vide
2. Le conteneur cron doit avoir la même configuration que fpm
3. Il y avait un problème de build lorsque l'on ajoutait un fichier docker-compose.yml à coté du dossier contenant le fichier `.env`
4. Pour pouvoir surcharger correctement la configuration et ne pas seulement les configurer à l'installation
5. La même raison que 4
6. Pour être à jour
7. Pour être à jour
8. Pour être à jour

Reviewed-on: https://git.weko.io/resilien/services/pulls/50
2023-01-03 22:27:02 +01:00
Simon e3dcc0efd5 chore(Nextcloud): Upgrade to 25.0.2
https://nextcloud.com/changelog/#25-0-2
2023-01-03 22:15:37 +01:00
Simon 264688abf8 feat(Nextcloud): Remove run script 2023-01-03 22:11:02 +01:00
Simon 669866b44e docs(Nextcloud): Add environment variables documentation 2023-01-03 22:10:29 +01:00
Simon b54891ec38 chore(Nginx): Upgrade to 1.23.3 2023-01-03 22:01:55 +01:00
Simon b3dce58f7b feat(Nextcloud): Update SMTP environment variables 2023-01-03 21:47:02 +01:00
Simon 0198c030e9 feat(Nextcloud): Add environment variables to configure server 2023-01-03 21:36:36 +01:00
Simon 2281c4337c feat(Nextcloud): Update web folder path with generic SERVICES_DIR 2023-01-03 21:09:37 +01:00
Simon fd63036294 feat(Nextcloud): Add all configuration on cron container 2023-01-03 21:08:48 +01:00
Simon 0af258dcae feat(Nextcloud): SMTP configuration should not be empty 2023-01-03 21:08:06 +01:00
Simon f78676d3ee Merge pull request 'fix(Vaultwarden): Update image variable name' (#49) from vaultwarden into main
## Détails

Fix le nom de la variable de l'image de Vaultwarden

## Pourquoi

Pour être cohérent

Reviewed-on: https://git.weko.io/resilien/services/pulls/49
2022-12-31 15:29:33 +01:00
Simon 4e32136c26 fix(Vaultwarden): Update image variable name 2022-12-31 15:28:35 +01:00
Simon c68a73b55b Merge pull request 'feat(Vaultwarden): Ajout de la variable pour configurer le nom du service' (#48) from vaultwarden into main
## Détails

- Ajout de la variable pour le nom du conteneur
- Déplace la dépendance à postgres dans le fichier spécifique postgres

## Pourquoi

- Pour être facilement configurable

Reviewed-on: https://git.weko.io/resilien/services/pulls/48
2022-12-31 15:25:34 +01:00
Simon 4bf479d0e0 feat(Vaultwarden): Move postgres dependency on postgres file 2022-12-31 15:24:38 +01:00
Simon 62334b2f85 feat(Vaultwarden): Ajout de la variable pour configurer le nom du service 2022-12-31 15:22:38 +01:00
Simon 250f015535 Merge pull request 'feat(Vaultwarden): Add timezone information' (#47) from vaultwarden into main
## Détails

Ajout de la timezone du serveur dans le contenaire même si c'est une image Alpine qui ne prend pas en compte la valeur sauf en installant le package _tzdata_.

## Pourquoi

Pour avoir l'heure du serveur

Reviewed-on: https://git.weko.io/resilien/services/pulls/47
2022-12-31 15:20:02 +01:00
Simon c631f47ae1 feat(Vaultwarden): Add timezone information 2022-12-31 15:17:51 +01:00
Simon ea59336efb Merge pull request 'feat(Vaultwarden): Add new service' (#46) from vaultwarden into main
## Détails
un serveur compatible Bitwarden mais écrit en Rust pour économiser des ressources système

## Pourquoi

Actuellement j'utilisais Nextcloud Password mais son évolution est lente et la comunnauté trop petite pour faire comfiance à son développement. Ainsi nous pourrons proposer se service à d'autres personnes.

Reviewed-on: https://git.weko.io/resilien/services/pulls/46
2022-12-31 14:55:45 +01:00
Simon 747d158f58 feat(Vaultwarden): Add new service 2022-12-31 14:55:18 +01:00
Simon 347ff1d19b Merge pull request 'feat(Uptime Kuma): Add documentation and default .env' (#45) from uptime-kuma into main
## Détails

- Ajout de documentation pour Uptime Kuma
- Ajout d'un fichier d'environnement par defaut

## Pourquoi

- Pour renseigner qu'il n'est actuellement pas possible de créer des comptes
- Pour faciliter l'utilisation du service

Reviewed-on: https://git.weko.io/resilien/services/pulls/45
2022-12-09 22:14:17 +01:00
Simon c9ef1d34a1 feat(Uptime Kuma): Add documentation and default .env 2022-12-09 22:12:41 +01:00
Simon ce43797716 Merge pull request 'feat(Uptime Kuma): Add new service' (#44) from uptime-kuma into main
## Détails

- Mise en place du nouveau service Uptime Kuma

## Pourquoi

- Pour pouvoir monitorer nos services avec notre propre outil

Reviewed-on: https://git.weko.io/resilien/services/pulls/44
2022-12-09 21:17:39 +01:00
Simon cae7eafbe0 feat(Uptime Kuma): Add new service 2022-12-09 21:16:41 +01:00
Simon 6026bb7709 Merge pull request 'feat(listmonk): Add new service' (#43) from listmonk into main
## Détail

- Ajout du service listmonk

## Pourquoi

- Pour faciliter la création de liste de diffusion ainsi que des newsletters

Reviewed-on: https://git.weko.io/resilien/services/pulls/43
2022-11-29 23:02:01 +01:00
Simon 912fe146af feat(listmonk): Add new service 2022-11-29 23:01:51 +01:00
Simon 01060abda6 Merge pull request 'docs(Registry): Add command to clean registry' (#42) from registry_clean into main
## Détails

- Ajout de la commande pour supprimer toutes les images non taggées

## Pourquoi

- Pour ce souvenir de la commande et permettre de faire de la place rapidement sur un serveur

### Ticket

https://tree.taiga.io/project/killiankemps-resilien/us/634

Reviewed-on: https://git.weko.io/resilien/services/pulls/42
Reviewed-by: killian <developer@killiankemps.fr>
2022-07-18 17:16:58 +02:00
Simon cfc0771bb5 docs(Registry): Add command to clean registry 2022-07-12 10:23:14 +02:00
Simon add83cd745 Merge pull request 'feat(Vikunja): Add new service' (#41) from vikunja into main
## Détails

- [x] Ajout du service [Vikunja](https://vikunja.io/)
- [x] Ajout d'un documentation
- [x] Ajout de l'url des releases dans le processus de [mise à jour](https://tree.taiga.io/project/killiankemps-resilien/us/374)

## Pourquoi

Pour nous organiser autour d'un outil simple et performant

Reviewed-on: https://git.weko.io/resilien/services/pulls/41
Reviewed-by: killian <developer@killiankemps.fr>
2022-04-21 16:38:36 +02:00
Simon efcd3891ba feat(Vikunja): Add new service 2022-04-20 17:48:08 +02:00
Simon d8414788ef Merge pull request 'Mise à jour des applications' (#40) from upgrade into main
* ec25f4b chore(Traefik): Upgrade to 2.6.3
* 8da5cc4 chore(Registry): Upgrade to 2.8.1
* 10337ac chore(Prometheus): Upgrade to 2.34.0
* ec4ae3a chore(Nextcloud): Upgrade to 23.0.3
* 5b6ce7c chore(Hedgedoc): Upgrade to 1.9.3
* 7498f63 chore(Grafana): Upgrade to 8.4.6
* 3a7e863 chore(Gitea): Upgrade to 1.16.5
* 62a5159 chore(Drone): Upgrade to 2.11.1
* 9d3175d chore(Directus): Upgrade to 9.8.0

Reviewed-on: https://git.weko.io/resilien/services/pulls/40
Reviewed-by: killian <developer@killiankemps.fr>
2022-04-15 09:11:59 +02:00
Simon ec25f4b76f chore(Traefik): Upgrade to 2.6.3
https://github.com/traefik/traefik/releases/tag/v2.6.3
2022-04-13 23:16:23 +02:00
Simon 8da5cc41ed chore(Registry): Upgrade to 2.8.1
https://github.com/distribution/distribution/releases/tag/v2.8.1
2022-04-13 23:15:32 +02:00
Simon 10337ac53c chore(Prometheus): Upgrade to 2.34.0
https://github.com/prometheus/prometheus/releases/tag/v2.34.0
2022-04-13 23:13:22 +02:00
Simon ec4ae3a8b8 chore(Nextcloud): Upgrade to 23.0.3
https://nextcloud.com/changelog/#latest23
2022-04-13 23:10:15 +02:00
Simon 5b6ce7cfcd chore(Hedgedoc): Upgrade to 1.9.3
https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.3
2022-04-13 23:08:01 +02:00
Simon 7498f63974 chore(Grafana): Upgrade to 8.4.6
https://github.com/grafana/grafana/releases/tag/v8.4.6
2022-04-13 23:03:44 +02:00
Simon 3a7e863d0c chore(Gitea): Upgrade to 1.16.5
https://github.com/go-gitea/gitea/releases/tag/v1.16.5
2022-04-13 22:59:46 +02:00
Simon 62a5159232 chore(Drone): Upgrade to 2.11.1
https://github.com/harness/drone/releases/tag/v2.11.1
2022-04-13 22:58:18 +02:00
Simon 9d3175df69 chore(Directus): Upgrade to 9.8.0
https://github.com/directus/directus/releases/tag/v9.8.0
2022-04-13 22:56:15 +02:00
Simon 7939150137 Merge pull request 'fix(Hedgedoc): Update backup folder' (#39) from fix_hedgedoc into main
## Détails

- Mise à jour du dossier de backup des fichiers téléversés

## Pourquoi

- Pour correctement sauvegarder les images téléversés

## Liens

- [Ticket](https://tree.taiga.io/project/killiankemps-resilien/us/407)

Reviewed-on: https://git.weko.io/resilien/services/pulls/39
2022-03-07 16:04:01 +01:00
Simon db74e92291 fix(Hedgedoc): Update backup folder 2022-03-07 16:02:21 +01:00
Simon 8f1a45969d Merge pull request 'Add configuration' (#38) from config into main
## Détails

- Ajout d'une variable d'environnement spécifique pour le timezone de l'image Docker Directus. (Fonctionnalité arrivé dans la dernière version)
- Ajout d'une variable d'environnement pour les log de Plausible

## Pourquoi

- Pour résoudre un bug d'affichage lorsque l'on selectionnait une date la valeur par défaut n'était pas sur le même fuseau horaire ce qui faisait reculer d'un jour...
- Permet d'afficher plus de logs

Reviewed-on: https://git.weko.io/resilien/services/pulls/38
2022-03-07 11:54:39 +01:00
Simon c4248a6f97 feat(Plausible): Add log level variable 2022-03-07 11:51:48 +01:00
Simon cfd8b5a2ce feat(Directus): Add timezone variable 2022-03-07 11:51:21 +01:00
Simon 1cee679407 Merge pull request 'upgrade services' (#37) from upgrade into main
## Détails

- Mise à jour de [Directus](https://github.com/directus/directus/releases/tag/v9.6.0)
- Mise à jour de [Grafana](https://github.com/grafana/grafana/releases/tag/v8.4.3)
- Mise à jour de [Prometheus](https://github.com/prometheus/prometheus/releases/tag/v2.33.4)
- Mise à jour de [Drone Server](https://github.com/harness/drone/releases/tag/v2.10.0)
- Mise à Jour de [Gitea](https://github.com/go-gitea/gitea/releases/tag/v1.16.3)

## Pourquoi

- Pour suivre les évolutions des différents projets

## Liens

- [Ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374)

Reviewed-on: https://git.weko.io/resilien/services/pulls/37
2022-03-07 11:46:24 +01:00
Simon 1f7e610297 chore(Gitea): Upgrade to 1.16.3
https://github.com/go-gitea/gitea/releases/tag/v1.16.3
2022-03-07 11:20:33 +01:00
Simon 1931adafa4 chore(Drone Server): Upgrade to 2.10.0
https://github.com/harness/drone/releases/tag/v2.10.0
2022-03-07 11:15:32 +01:00
Simon 63246c442c chore(Prometheus): Upgrade to 2.33.4
https://github.com/prometheus/prometheus/releases/tag/v2.33.4
2022-03-07 11:11:39 +01:00
Simon a60026a672 chore(Grafana): Upgrade to 8.4.3
https://github.com/grafana/grafana/releases/tag/v8.4.3
2022-03-07 11:09:18 +01:00
Simon 47ce108eb6 chore(Directus): Upgrade to 9.6.0
https://github.com/directus/directus/releases/tag/v9.6.0
2022-03-07 10:58:08 +01:00
Simon a295e42fc5 Merge pull request 'feat(Plausible): Add more environment variables' (#36) from plausible into main
## Détails

- Ajout de nouvelles variables pour configurer Plausible

## Pourquoi

- Pour pouvoir configurer plus précisément le service

## Liens

- [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/390)
- [config](26e34596c8/config/.env.test)

Reviewed-on: https://git.weko.io/resilien/services/pulls/36
2022-02-23 10:03:26 +01:00
Simon 768bf9b71d feat(Plausible): Add more environment variables 2022-02-23 09:59:12 +01:00
Simon 8e1cb72245 Merge pull request 'plausible' (#35) from plausible into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/35
2022-02-22 19:13:49 +01:00
Simon d951d0c8f5 docs(Plausible): Add default variables 2022-02-22 19:13:28 +01:00
Simon 30fd1db0a3 fix(GeoIP Update): Frequency 2022-02-22 19:13:28 +01:00
Simon b8814b4391 Merge pull request 'fix(GeoIp Update): volume name' (#34) from plausible into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/34
2022-02-22 16:59:09 +01:00
Simon 361f9b7d69 fix(GeoIp Update): volume name 2022-02-22 16:58:50 +01:00
Simon 903ba0283e Merge pull request 'fix(Plausible): BASE_URL != PLAUSIBLE_DOMAIN' (#33) from plausible into main
Reviewed-on: https://git.weko.io/resilien/services/pulls/33
2022-02-22 16:29:10 +01:00
Simon 7bc9788cd8 fix(Plausible): BASE_URL != PLAUSIBLE_DOMAIN 2022-02-22 16:28:52 +01:00
Simon 9cb520624f Merge pull request 'plausible' (#32) from plausible into main
## Détails

- Suppression des hash Docker
- Ajout des variables par défaut dans Postgres
- Ajout du service ClickHouse
- Ajout du service GeoIP Update
- Ajout du service Plausible

## Pourquoi

- Les hash Docker sont dépendant de la platforme hors nous gérons plusieurs type de platforme
- Pour simplifier la lecture des variables Postgres
- Pour proposer à nos utilisateurs Plausible

Reviewed-on: https://git.weko.io/resilien/services/pulls/32
2022-02-22 16:12:00 +01:00
Simon 5d4d7ad7fb feat(Plausible): Add new service 2022-02-22 16:10:46 +01:00
Simon 895623732f feat(GeoIP Update): Add new service 2022-02-22 16:01:45 +01:00
Simon 607e6c83c2 feat(ClickHouse): Add new service 2022-02-22 16:01:09 +01:00
Simon 58e5685b4d docs(Postgres): Add default variable 2022-02-22 15:55:45 +01:00
Simon 0e1c155fbf feat(Docker): Remove hash because it depends on the architecture 2022-02-22 15:55:18 +01:00
Simon cf44901c1d Merge pull request 'docs(Redis): Add default variable on .env files' (#31) from redis into main
## Détails

- Ajout des variables non défini de Redis

## Pourquoi

- Pour clarifier l'utilisation des variables Redis

Reviewed-on: https://git.weko.io/resilien/services/pulls/31
2022-02-22 11:57:42 +01:00
Simon 557d35b9bf docs(Redis): Add default variable on .env files 2022-02-22 11:56:17 +01:00
Simon af49fefe12 Merge pull request 'feat(Redis): Add volume name' (#30) from redis into main
## Détails

- Ajout d'un volume dans le conteneur Redis

## Pourquoi

- Pour permettre de persister les données de Redis permettant de redémarrer un conteneur sans être déconnecté

Reviewed-on: https://git.weko.io/resilien/services/pulls/30
2022-02-22 11:53:15 +01:00
Simon 4f2ae331df feat(Redis): Add volume name 2022-02-22 11:51:34 +01:00
Simon dbe1cd0f0e Merge pull request 'upgrade' (#29) from upgrade into main
## Détails

- Mise à jour de Traefik en [2.6.1](https://github.com/traefik/traefik/releases/tag/v2.6.1)
- Mise à jour de Nextcloud en [23.0.2](https://nextcloud.com/changelog/#latest23)
- Mise à jour de Grafana en [8.4.1](https://github.com/grafana/grafana/releases/tag/v8.4.1)

## Pourquoi

- Pour être à jour

Reviewed-on: https://git.weko.io/resilien/services/pulls/29
2022-02-21 23:05:06 +01:00
Simon ec62e7a14c chore(Traefik): Upgrade to 2.6.1
https://github.com/traefik/traefik/releases/tag/v2.6.1
2022-02-21 23:00:00 +01:00
Simon 248f2fc174 chore(Nextcloud): Upgrade to 23.0.2
https://nextcloud.com/changelog/#latest23
2022-02-21 22:56:02 +01:00
Simon ca15dfeca1 chore(Grafana): Upgrade to 8.4.1
https://github.com/grafana/grafana/releases/tag/v8.4.0
https://github.com/grafana/grafana/releases/tag/v8.4.1
2022-02-21 22:47:11 +01:00
Simon fe99557d1b Merge pull request 'upgrade' (#26) from upgrade into main
## Détails

- Mise à jour de :
    * Watchtower en [1.4.0](https://github.com/containrrr/watchtower/releases/tag/v1.4.0)
    * Registry en [2.8.0](https://github.com/distribution/distribution/releases/tag/v2.8.0)
    * Prometheus en [2.33.3](https://github.com/prometheus/prometheus/releases/tag/v2.33.3)
    * Postgres en [14.2](https://www.postgresql.org/docs/release/14.2/)
    * Grafana en [8.3.6](https://github.com/grafana/grafana/releases/tag/v8.3.6)
    * Gitea en [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1)
    * Nextcloud en [23.0.0](https://nextcloud.com/changelog/#latest23)
- Ajout des sha256 des images docker

## Pourquoi

- Pour avoir les derniers fix de sécurité
- Pour ajouter de la sécurité lors du téléchargement des images

## Liens

- [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374)

Reviewed-on: https://git.weko.io/resilien/services/pulls/26
Reviewed-by: killian <developer@killiankemps.fr>
2022-02-14 14:15:55 +01:00
127 changed files with 1568 additions and 377 deletions

View File

@ -8,20 +8,28 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien
- [Directus](./directus) : Permet d'administrer une base de données - [Directus](./directus) : Permet d'administrer une base de données
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel - [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes - [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration - [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
- [signaturepdf](./signaturepdf) : Logiciel WEB libre permettant de modifier un fichier PDF facilement
- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
- [Vikunja](./vikunja) : L'application pour organiser sa vie
### Pour les devs / ops ### Pour les devs / ops
- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
- [Drone](./drone) : Un service d'intégration continue - [Drone](./drone) : Un service d'intégration continue
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab. - [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Grafana](./grafana) : Un outil de supervision simple et élégant - [Grafana](./grafana) : Un outil de supervision simple et élégant
- [MariaDB](./mariadb) : MariaDB est un système de gestion de base de données, un fork communautaire de MySQL - [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet. - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique - [Prometheus](./prometheus) : Un logiciel de surveillance informatique
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances - [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker - [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs - [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker - [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
## Comment ça marche ? ## Comment ça marche ?

3
clickhouse/.env Normal file
View File

@ -0,0 +1,3 @@
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=

16
clickhouse/README.md Normal file
View File

@ -0,0 +1,16 @@
# ClickHouse
> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
>
> <cite>[Wikipédia][wikipedia]</cite>
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
[site]: https://clickhouse.com/
[source]: https://github.com/ClickHouse/ClickHouse
[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server

View File

@ -0,0 +1,19 @@
---
volumes:
clickhouse:
name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
services:
clickhouse:
container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
restart: always
volumes:
- clickhouse:/var/lib/clickhouse
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ulimits:
nofile:
soft: 262144
hard: 262144

View File

@ -44,7 +44,9 @@ POSTGRES_VOLUME_NAME=directus-postgres
####### #######
# REDIS # REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME= #REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
######### #########
# TRAEFIK # TRAEFIK

View File

@ -6,6 +6,8 @@
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus. [De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
## Liens ## Liens
- [Site officiel][website] - [Site officiel][website]

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
services: services:
directus: directus:
environment: environment:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
services: services:
directus: directus:
environment: environment:

View File

@ -1,10 +1,9 @@
--- ---
version: "3.8"
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
directus: directus:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
volumes: volumes:
directus: directus:
name: ${DIRECTUS_VOLUME_NAME:-directus} name: ${DIRECTUS_VOLUME_NAME:-directus}
@ -9,12 +7,10 @@ volumes:
services: services:
directus: directus:
container_name: ${DIRECTUS_CONTAINER_NAME:-directus} container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289} image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
restart: always restart: always
volumes: volumes:
- directus:/directus/uploads - directus:/directus/uploads
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on: depends_on:
- postgres - postgres
- redis - redis
@ -26,6 +22,8 @@ services:
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err} ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err} ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err} PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
DB_CLIENT: 'pg' DB_CLIENT: 'pg'
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8 DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
@ -34,5 +32,7 @@ services:
DB_USER: ${POSTGRES_USER:?err} DB_USER: ${POSTGRES_USER:?err}
DB_PASSWORD: ${POSTGRES_PASSWORD:?err} DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
TZ: ${TZ:-Europe/Paris}
PUID: ${DIRECTUS_PUID:-1000} PUID: ${DIRECTUS_PUID:-1000}
PGID: ${DIRECTUS_PGID:-1000} PGID: ${DIRECTUS_PGID:-1000}

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/dashboard/ # https://docs.drone.io/runner/docker/configuration/dashboard/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
services: services:
drone-runner: drone-runner:
ports: ports:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/logging/ # https://docs.drone.io/runner/docker/configuration/logging/
services: services:

View File

@ -1,10 +1,9 @@
--- ---
version: "3.8"
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME} name: ${TRAEFIK_NETWORK_NAME}
external: true
services: services:
drone-runner: drone-runner:

View File

@ -1,13 +1,11 @@
--- ---
version: "3.8"
# https://docs.drone.io/runner/docker/installation/linux/ # https://docs.drone.io/runner/docker/installation/linux/
services: services:
drone-runner: drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME} container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260} image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View File

@ -33,9 +33,10 @@ Il faut ajouter les utilisateurs non admin :
``` ```
drone user add kosssi drone user add kosssi
drone user add killian drone user add killian
export PROMETHEUS_TOKEN=`openssl rand -hex 16`
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN} drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
``` ```
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}` En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/) [Documentation officielle](https://docs.drone.io/server/user/machine/#create-accounts) [cli](https://docs.drone.io/cli/user/drone-user-add/)

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/cookie/ # https://docs.drone.io/server/cookie/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/provider/gitea/ # https://docs.drone.io/server/provider/gitea/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/headers/ # https://docs.drone.io/server/headers/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
services: services:
drone-server: drone-server:
ports: ports:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/logging/ # https://docs.drone.io/server/logging/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/storage/database/ # https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/ # https://docs.drone.io/server/storage/encryption/

View File

@ -1,10 +1,9 @@
--- ---
version: "3.8"
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME} name: ${TRAEFIK_NETWORK_NAME}
external: true
services: services:
drone-server: drone-server:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
# https://docs.drone.io/server/user/registration/ # https://docs.drone.io/server/user/registration/
services: services:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
volumes: volumes:
drone-server: drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server} name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
@ -9,7 +7,7 @@ volumes:
services: services:
drone-server: drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server} container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479} image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
restart: always restart: always
environment: environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/ # https://docs.drone.io/server/reference/drone-rpc-secret/

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
volumes: volumes:
geoip: geoip:
name: ${GEOIP_VOLUME_NAME:-geoip} name: ${GEOIP_VOLUME_NAME:-geoip}

10
geoipupdate/.env Normal file
View File

@ -0,0 +1,10 @@
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
GEOIPUPDATE_ACCOUNT_ID=<change-me>
GEOIPUPDATE_LICENSE_KEY=<change-me>
#GEOIPUPDATE_EDITION_IDS=
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=

14
geoipupdate/README.md Normal file
View File

@ -0,0 +1,14 @@
# HedgeDoc
> Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker de LinuxServer][docker]
[website]: https://www.maxmind.com/en/home
[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
[github]: https://github.com/maxmind/geoipupdate
[documentation]: https://dev.maxmind.com/geoip/updating-databases

View File

@ -0,0 +1,20 @@
---
volumes:
geoipupdate:
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
services:
geoipupdate:
image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
environment:
GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}

View File

@ -1,26 +1,34 @@
COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml ########
# DOCKER
# APP SERVICES_DIR=".."
COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
GITEA_VOLUME_NAME=gitea #######
GITEA_PROTOCOL=http # GITEA
GITEA_DOMAIN=gitea.lan
# APP CONFIG
# https://docs.gitea.io/en-us/install-with-docker/#environments-variables # https://docs.gitea.io/en-us/install-with-docker/#environments-variables
DISABLE_SSH=true GITEA_DOMAIN=gitea.lan
RUN_MODE=prod GITEA_VOLUME_NAME=gitea
ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN} GITEA_IMAGE=gitea/gitea:1.18.4
DISABLE_REGISTRATION=true GITEA_PROTOCOL=http
DISABLE_GRAVATAR=true GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
#INSTALL_LOCK=true GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
# SMTP
GITEA__mailer__FROM='"Name" <email@example.com>'
GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
GITEA__mailer__SMTP_PORT=465
GITEA__mailer__USER=gitea.lan
GITEA__mailer__PASSWD=gitea.lan
# DATABASE # DATABASE
# Voir la description ../postgres/README.md
POSTGRES_USER=user-example POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=gitea-postgres POSTGRES_CONTAINER_NAME=gitea-postgres
POSTGRES_VOLUME_NAME=gitea-postgres POSTGRES_VOLUME_NAME=gitea-postgres
POSTGRES_IMAGE=postgres:15.2-alpine

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
gitea: gitea:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
gitea: gitea:

View File

@ -0,0 +1,12 @@
---
services:
gitea:
environment:
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
- GITEA__database__NAME=${POSTGRES_DB}
- GITEA__database__USER=${POSTGRES_USER}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
depends_on:
- postgres

View File

@ -1,12 +1,14 @@
version: "3.8" ---
services: services:
gitea: gitea:
environment: environment:
- GITEA__mailer__ENABLED=true - GITEA__mailer__ENABLED=true
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set} - GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
- GITEA__mailer__MAILER_TYPE=smtp - GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
- GITEA__mailer__HOST=${GITEA__mailer__HOST:?GITEA__mailer__HOST not set} - GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
- GITEA__mailer__IS_TLS_ENABLED=true
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set} - GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}""" - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}

View File

@ -1,16 +1,15 @@
version: "3.8" ---
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
gitea: gitea:
labels: labels:
traefik.enable: 'true' - traefik.enable=true
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik} - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)' - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
traefik.http.routers.gitea.entrypoints: 'web' - traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
traefik.http.services.gitea.loadbalancer.server.port: '3000'

View File

@ -1,4 +1,4 @@
version: "3.8" ---
volumes: volumes:
gitea: gitea:
@ -7,19 +7,17 @@ volumes:
services: services:
gitea: gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea} container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a} image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
restart: always restart: always
environment: environment:
# - USER_UID=1000 - USER_UID=${GITEA_UID:-1000}
# - USER_GID=1000 - USER_GID=${GITEA_GID:-1000}
DB_TYPE: postgres # Security
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8 # docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
DB_NAME: ${POSTGRES_DB} - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
DB_USER: ${POSTGRES_USER} # docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
DB_PASSWD: ${POSTGRES_PASSWORD} - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
volumes: volumes:
- gitea:/data - gitea:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
depends_on:
- postgres

View File

@ -34,6 +34,10 @@ GF_INSTALL_PLUGINS=grafana-piechart-panel
####### #######
# REDIS # REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
#GF_REMOTE_CACHE_CONNSTR= #GF_REMOTE_CACHE_CONNSTR=
######### #########

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
grafana: grafana:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
grafana: grafana:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
grafana: grafana:

View File

@ -1,8 +1,9 @@
version: "3.8" ---
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
grafana: grafana:

View File

@ -1,5 +1,4 @@
--- ---
version: "3.8"
volumes: volumes:
grafana: grafana:
@ -8,7 +7,7 @@ volumes:
services: services:
grafana: grafana:
container_name: ${GRAFANA_CONTAINER_NAME:-grafana} container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48} image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
restart: always restart: always
volumes: volumes:
- grafana:/var/lib/grafana - grafana:/var/lib/grafana

View File

@ -1,8 +1,9 @@
version: "3.8" ---
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
hedgedoc: hedgedoc:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
volumes: volumes:
hedgedoc: hedgedoc:
@ -7,12 +7,12 @@ volumes:
services: services:
hedgedoc: hedgedoc:
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc} container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f} image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres
volumes: volumes:
- hedgedoc:/opt/hedgedoc/public/uploads - hedgedoc:/config/uploads
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:

26
listmonk/.env Normal file
View File

@ -0,0 +1,26 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
LISTMONK_DOMAIN=localhost
LISTMONK_ADMIN_USERNAME=
LISTMONK_ADMIN_PASSWORD=
#LISTMONK_CONTAINER_NAME=listmonk
#LISTMONK_VOLUME_NAME=listmonk
#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=listmonk
POSTGRES_PASSWORD=listmonk
POSTGRES_DB=listmonk

37
listmonk/README.md Normal file
View File

@ -0,0 +1,37 @@
# listmonk
> Gestionnaire de listes de diffusion et de newsletter
## Documentation
listmonk ne gère actuellement pas le multicompte.
Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
```
command: [sh, -c, "./listmonk --config ''"]
```
Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
```
Pour faire les mise à jour et ainsi migrer la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
```
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://listmonk.app/
[source]: https://github.com/knadh/listmonk
[documentation]: https://listmonk.app/docs/
[dockerhub]: https://hub.docker.com/r/listmonk/listmonk

View File

@ -0,0 +1,41 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
volumes:
listmonk:
name: ${LISTMONK_VOLUME_NAME:-listmonk}
services:
listmonk:
container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
restart: always
#command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
#command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
command: [sh, -c, "./listmonk --config ''"]
depends_on:
- postgres
environment:
LISTMONK_app__address: 0.0.0.0:9000
LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
LISTMONK_db__port: 5432
LISTMONK_db__user: ${POSTGRES_USER:?err}
LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
LISTMONK_db__database: ${POSTGRES_DB:?err}
LISTMONK_db__ssl_mode: disable
TZ: Europe/Paris
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- listmonk:/listmonk/uploads
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

50
lldap/.env Normal file
View File

@ -0,0 +1,50 @@
########
# DOCKER
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
#######
# LLDAP
SERVICE_DOMAIN=lldap.cool.life
LLDAP_VOLUME_NAME=lldap_cool_life
LLDAP_CONTAINER_NAME=lldap_cool_life
LLDAP_IMAGE=nitnelave/lldap:v0.4.3
LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
LLDAP_VERBOSE=true
LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
LLDAP_LDAP_USER_DN="myuser"
LLDAP_LDAP_USER_EMAIL="admin@cool.life"
LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
# LLDAP_TEST_EMAIL_TO=
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
# LLDAP_SMTP_OPTIONS__SERVER=
# LLDAP_SMTP_OPTIONS__PORT=
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
# LLDAP_SMTP_OPTIONS__USER=
# LLDAP_SMTP_OPTIONS__PASSWORD=
# LLDAP_SMTP_OPTIONS__FROM=
# LLDAP_SMTP_OPTIONS__REPLY_TO=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=lldap-postgres
POSTGRES_VOLUME_NAME=lldap-postgres
#POSTGRES_IMAGE=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

27
lldap/README.md Normal file
View File

@ -0,0 +1,27 @@
# LLDAP
> Implémentation légère de LDAP pour l'authentification :
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
## Documentation
- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
## Configuration
La configuration a été séparée en 5 fichiers :
- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik
- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP
- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres
- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik
## Liens
- [Code source](https://github.com/lldap/lldap)
- [Docker Hub](https://hub.docker.com/r/nitnelave/lldap)
- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml)

View File

@ -0,0 +1,11 @@
---
services:
lldap:
ports:
# For LDAP
- "3890:3890"
# For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
- "6360:6360"
# For the web front-end
- "17170:17170"

View File

@ -0,0 +1,6 @@
---
services:
lldap:
environment:
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}

View File

@ -0,0 +1,14 @@
---
services:
lldap:
environment:
- LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}

View File

@ -0,0 +1,22 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
lldap:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

24
lldap/docker-compose.yml Normal file
View File

@ -0,0 +1,24 @@
---
volumes:
lldap:
name: ${LLDAP_VOLUME_NAME:-lldap}
services:
lldap:
container_name: ${LLDAP_CONTAINER_NAME:-lldap}
image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3}
restart: always
volumes:
- "lldap:/data"
environment:
- TZ=${TIMEZONE:-Europe/Paris}
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
- LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
- LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
- LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}

View File

@ -1,8 +0,0 @@
#MARIADB_CONTAINER_NAME=
#MARIADB_VOLUME_NAME=
#MARIADB_IMAGE=
MARIADB_ROOT_PASSWORD=replace-me
MARIADB_USER=user-example
MARIADB_PASSWORD=password-example
MARIADB_DATABASE=mariadb-database-name-example
#MARIADB_COMMAND=

View File

@ -1,28 +0,0 @@
# MariaDB
> MariaDB est un système de gestion de base de données édité sous licence GPL. Il s'agit d'un fork communautaire de MySQL
>
> <cite>[Wikipédia][wikipedia]</cite>
## Configuration
Les variables contenu dans `.env` permettent de changer :
- `MARIADB_IMAGE` : la version
- `MARIADB_ROOT_PASSWORD` : le mot de passe _root_
- `MARIADB_USER` : le nom d'utilisateur
- `MARIADB_PASSWORD` : le mot de passe
- `MARIADB_DATABASE` : le nom de la base de données
- `MARIADB_CONTAINER_NAME` (par defaut _mariadb_) : le nom du conteneur
- `MARIADB_VOLUME_NAME` (par defaut _mariadb_) : le nom du volume
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/MariaDB
[site]: https://mariadb.org/
[source]: https://github.com/MariaDB/server
[dockerhub]: https://hub.docker.com/_/mariadb/

View File

@ -1,23 +0,0 @@
version: "3.8"
volumes:
mariadb:
name: ${MARIADB_VOLUME_NAME:-mariadb}
services:
mariadb:
container_name: ${MARIADB_CONTAINER_NAME:-mariadb}
image: ${MARIADB_IMAGE:-mariadb:10.7.1-focal}
command: ${MARIADB_COMMAND}
restart: always
environment:
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD:?err}
MARIADB_USER: ${MARIADB_USER:?err}
MARIADB_PASSWORD: ${MARIADB_PASSWORD:?err}
MARIADB_DATABASE: ${MARIADB_DATABASE:?err}
PUID: ${MARIADB_PUID:-1000}
PGID: ${MARIADB_PGID:-1000}
volumes:
- mariadb:/var/lib/mysql
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
services: services:
mobilizon: mobilizon:
ports: ports:

View File

@ -1,10 +1,9 @@
--- ---
version: "3.8"
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
mobilizon: mobilizon:

View File

@ -1,7 +1,5 @@
--- ---
version: "3.8"
volumes: volumes:
mobilizon: mobilizon:
name: ${MOBILIZON_VOLUME_NAME:-mobilizon} name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
@ -9,7 +7,7 @@ volumes:
services: services:
mobilizon: mobilizon:
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon} container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3} image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres

View File

@ -4,7 +4,7 @@
#DOCKER_CONTEXT= #DOCKER_CONTEXT=
#DOCKER_HOST= #DOCKER_HOST=
SERVICES_DIR=.. SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME= #COMPOSE_PROJECT_NAME=
## APP ## APP
@ -39,7 +39,9 @@ POSTGRES_VOLUME_NAME=nextcloud-postgres
####### #######
# REDIS # REDIS
#REDIS_IMAGE=
REDIS_CONTAINER_NAME=nextcloud-redis REDIS_CONTAINER_NAME=nextcloud-redis
#REDIS_VOLUME_NAME=
######### #########
# TRAEFIK # TRAEFIK

View File

@ -14,45 +14,78 @@ On peut trouver [la documentation ici][documentation] en anglais ou ici pour la
## Aide ## Aide
Exemple de commande : Commande pour se connecter à un serveur :
```sh ```sh
docker exec --user www-data -it nextcloud bash . .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
```
docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys Pour mettre un site en maintenance :
```sh
. .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
``` ```
## Configuration ## Configuration
Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration. Il est possible de configurer certaines parties avec des variables d'environnement :
- Soit les variables sont spécifique à l'image Docker
- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
Voici les modifications que j'effectue : ### Création d'un groupe
``` ```
docker-compose exec --user www-data nextcloud-fpm ash export NC_GROUP=com-en-aubrac
vi config/config.php php occ group:add $NC_GROUP
```
Ajout de la configuration suivante :
```
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'default_phone_region' => 'FR',
'defaultapp' => 'files',
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'jpeg_quality' => 60,
``` ```
Ajout de imagemagick : ### Création d'un utilisateur
```
docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
```
ou
``` ```
ssh <server> # La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
docker exec nextcloud-fpm apk add --no-cache imagemagick export OC_PASS=unmotdepasse!
export NC_USER=simon
export NC_NAME=Simon
export NC_MAIL=simon@example.org
export NC_QUOTA="180 GB"
php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
php occ user:setting $NC_USER settings email $NC_MAIL
```
### Quota
Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
```
export NC_USER=simon
export NC_QUOTA="10 GB"
php occ user:setting $NC_USER files quota "$NC_QUOTA"
```
### imagemagick
> Le module php-imagick na aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de linstaller.
Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
```
. .env
docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
```
## Application
Suppression d'application :
```
php occ app:disable dashboard
php occ app:disable photos
php occ app:disable weather_status
php occ app:disable user_status
``` ```
## PHP-FPM: remédier à server reached pm.max_children ## PHP-FPM: remédier à server reached pm.max_children

View File

@ -0,0 +1,20 @@
---
services:
nextcloud-fpm:
environment:
&nextcloud-configuration
NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
NC_force_language: ${NC_force_language:-fr}
NC_default_locale: ${NC_default_locale:-fr_FR}
NC_force_locale: ${NC_force_locale:-fr_FR}
NC_default_language: ${NC_default_language:-fr}
NC_default_phone_region: ${NC_default_phone_region:-FR}
NC_defaultapp: ${NC_defaultapp:-files}
NC_preview_max_x: ${NC_preview_max_x:-2048}
NC_preview_max_y: ${NC_preview_max_y:-2048}
NC_jpeg_quality: ${NC_jpeg_quality:-60}
nextcloud-cron:
environment:
<<: *nextcloud-configuration

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
nextcloud-web: nextcloud-web:

View File

@ -0,0 +1,16 @@
---
services:
nextcloud-fpm:
depends_on:
- postgres
environment:
&postgres-configuration
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
nextcloud-cron:
environment:
<<: *postgres-configuration

View File

@ -0,0 +1,13 @@
---
services:
nextcloud-fpm:
depends_on:
- redis
environment:
&redis-configuration
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
nextcloud-cron:
environment:
<<: *redis-configuration

View File

@ -1,13 +1,18 @@
version: "3.8" ---
services: services:
nextcloud-fpm: nextcloud-fpm:
environment: environment:
SMTP_HOST: ${SMTP_HOST?err} # The hostname of the SMTP server. &smtp-configuration
SMTP_SECURE: ${SMTP_SECURE:-ssl} # Set to ssl to use SSL, or tls to use STARTTLS. SMTP_HOST: ${SMTP_HOST:?err}
SMTP_PORT: ${SMTP_PORT:-465} SMTP_SECURE: ${SMTP_SECURE:-}
SMTP_PORT: ${SMTP_PORT:-587}
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN} SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
SMTP_NAME: ${SMTP_NAME?err} SMTP_NAME: ${SMTP_NAME:?err}
SMTP_PASSWORD: ${SMTP_PASSWORD?err} SMTP_PASSWORD: ${SMTP_PASSWORD:?err}
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS} MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS:?err}
MAIL_DOMAIN: ${MAIL_DOMAIN} MAIL_DOMAIN: ${MAIL_DOMAIN:?err}
nextcloud-cron:
environment:
<<: *smtp-configuration

View File

@ -1,13 +1,15 @@
version: "3.8" ---
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
nextcloud-web: nextcloud-fpm:
environment: environment:
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik} TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
nextcloud-web:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}

View File

@ -1,4 +1,4 @@
version: "3.8" ---
volumes: volumes:
nextcloud: nextcloud:
@ -7,32 +7,25 @@ volumes:
services: services:
nextcloud-fpm: nextcloud-fpm:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1} image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
restart: always restart: always
depends_on:
- postgres
- redis
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
&fpm-configuration
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err} NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err} NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err} NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https} OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M} PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
PUID: ${NEXTCLOUD_PUID:-1000} PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000} PGID: ${NEXTCLOUD_PGID:-1000}
nextcloud-web: nextcloud-web:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
build: web build: ${SERVICES_DIR}/nextcloud/web
restart: always restart: always
environment: environment:
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
@ -46,15 +39,14 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
nextcloud-cron: nextcloud-cron:
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine} image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
restart: always restart: always
depends_on: depends_on:
- nextcloud-web - nextcloud-web
entrypoint: /cron.sh entrypoint: /cron.sh
environment: environment:
PUID: ${NEXTCLOUD_PUID:-1000} <<: *fpm-configuration
PGID: ${NEXTCLOUD_PGID:-1000}
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

View File

@ -1,49 +0,0 @@
#!/bin/bash
set -eu
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
. $DIR/../help.sh
. $DIR/../postgres/run --only-source
nextcloud_help() {
echo "./run backup : Lancement de la sauvegarde de Nextcloud"
echo "./run restore : Restauration de la sauvegarde de Nextcloud"
}
nextcloud_backup() {
script_env
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
backup_folder_create
POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
postgres_backup
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
}
nextcloud_restore() {
script_env
postgres_restore
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
}
if [ $# -ge 1 ]; then
if [ "${1}" == "backup" ]; then
script_start
nextcloud_backup
script_end
elif [ "${1}" == "restore" ]; then
script_start
nextcloud_restore
script_end
elif [ "${1}" != "--only-source" ]; then
nextcloud_help
fi
else
nextcloud_help
fi

View File

@ -1,3 +1,3 @@
FROM nginx:1.21.5-alpine FROM nginx:1.25.3-alpine
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template

View File

@ -2,64 +2,32 @@ upstream php-handler {
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000; server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
} }
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server { server {
listen 80; listen 80;
# Add headers to serve security related headers # Path to the root of your installation
# Before enabling Strict-Transport-Security headers please read into this root /var/www/html;
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # Prevent nginx HTTP Server Detection
# server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # set max upload size and increase upload timeout:
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G; client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
@ -68,78 +36,137 @@ server {
gzip_comp_level 4; gzip_comp_level 4;
gzip_min_length 256; gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module # Pagespeed is not supported by Nextcloud, so if your server is built
# This module is currently not supported. # with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off; #pagespeed off;
location / { # The settings allows you to optimize the HTTP2 bandwidth.
rewrite ^ /index.php; # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
} # for tuning hints
client_body_buffer_size 512k;
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { # HTTP response headers borrowed from Nextcloud `.htaccess`
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { # Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
} }
} }

71
plausible/.env Normal file
View File

@ -0,0 +1,71 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
PLAUSIBLE_DOMAIN=localhost
BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
#PLAUSIBLE_CONTAINER_NAME=plausible
#PLAUSIBLE_VOLUME_NAME=plausible
#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
ADMIN_USER_NAME=example
ADMIN_USER_EMAIL=email@example.org
ADMIN_USER_PWD=change-me
SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
#DISABLE_AUTH=
#DISABLE_REGISTRATION=
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=plausible_dev
## CLICKHOUSE
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=
## SMTP
#MAILER_EMAIL=
#SMTP_HOST_ADDR=
#SMTP_HOST_PORT=
#SMTP_USER_NAME=
#SMTP_USER_PWD=
#SMTP_HOST_SSL_ENABLED=
#SMTP_RETRIES=
## GOOGLE SEARCH CONSOLE
#GOOGLE_CLIENT_ID=
#GOOGLE_CLIENT_SECRET=
## GEOIPUPDATE
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
#GEOIPUPDATE_ACCOUNT_ID=
#GEOIPUPDATE_LICENSE_KEY=
#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=
## TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

15
plausible/README.md Normal file
View File

@ -0,0 +1,15 @@
# Plausible
> Plausible est une plateforme d'analyse Web légère et open source.
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://plausible.io/
[source]: https://github.com/plausible/analytics
[documentation]: https://plausible.io/docs
[dockerhub]: https://hub.docker.com/r/plausible/analytics

View File

@ -0,0 +1,14 @@
<yandex>
<logger>
<level>warning</level>
<console>true</console>
</logger>
<!-- Stop all the unnecessary logging -->
<query_thread_log remove="remove"/>
<query_log remove="remove"/>
<text_log remove="remove"/>
<trace_log remove="remove"/>
<metric_log remove="remove"/>
<asynchronous_metric_log remove="remove"/>
</yandex>

View File

@ -0,0 +1,8 @@
<yandex>
<profiles>
<default>
<log_queries>0</log_queries>
<log_query_threads>0</log_query_threads>
</default>
</profiles>
</yandex>

View File

@ -0,0 +1,7 @@
---
services:
clickhouse:
volumes:
- ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
- ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro

View File

@ -0,0 +1,10 @@
---
services:
plausible:
depends_on:
- geoipupdate
environment:
- GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
volumes:
- geoipupdate:/geoip:ro

View File

@ -0,0 +1,7 @@
---
services:
plausible:
environment:
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}

View File

@ -0,0 +1,6 @@
---
services:
plausible:
ports:
- ${LOCAL_PORT:-8000}:8000

View File

@ -0,0 +1,12 @@
---
services:
plausible:
environment:
MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
SMTP_USER_NAME: ${SMTP_USER_NAME}
SMTP_USER_PWD: ${SMTP_USER_PWD}
SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
SMTP_RETRIES: ${SMTP_RETRIES:-2}

View File

@ -0,0 +1,14 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
plausible:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -0,0 +1,31 @@
---
volumes:
plausible:
name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
services:
plausible:
container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
restart: always
command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
depends_on:
- clickhouse
- postgres
environment:
ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
BASE_URL: ${BASE_URL}
SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
DISABLE_AUTH: ${DISABLE_AUTH:-false}
DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
SITE_LIMIT: ${SITE_LIMIT:-3}
SELFHOST: ${SELFHOST:-true}
LOG_LEVEL: ${LOG_LEVEL:-warn}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

View File

@ -1,3 +1,7 @@
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example POSTGRES_DB=postgres-database-name-example

View File

@ -1,4 +1,4 @@
version: "3.8" ---
volumes: volumes:
postgres: postgres:
@ -7,7 +7,7 @@ volumes:
services: services:
postgres: postgres:
container_name: ${POSTGRES_CONTAINER_NAME:-postgres} container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3} image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
restart: always restart: always
environment: environment:
POSTGRES_USER: ${POSTGRES_USER:?err} POSTGRES_USER: ${POSTGRES_USER:?err}

View File

@ -1,10 +1,9 @@
--- ---
version: "3.8"
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME:-traefik} name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services: services:
prometheus: prometheus:

View File

@ -12,7 +12,7 @@ services:
build: build:
context: . context: .
args: args:
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b} PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.34.0}
volumes: volumes:
- prometheus:/prometheus - prometheus:/prometheus
restart: always restart: always

6
redis/README.md Normal file
View File

@ -0,0 +1,6 @@
# Redis
## Information
- Port par défaut : 6379
- La configuration de mot de passe : https://github.com/docker-library/redis/issues/46

View File

@ -1,13 +1,18 @@
version: "3.8" ---
volumes:
redis:
name: ${REDIS_VOLUME_NAME:-redis}
services: services:
redis: redis:
image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d} image: ${REDIS_IMAGE:-redis:6.2.6-alpine}
container_name: ${REDIS_CONTAINER_NAME:-redis} container_name: ${REDIS_CONTAINER_NAME:-redis}
restart: always restart: always
environment: environment:
PUID: ${REDIS_PUID:-1000} PUID: ${REDIS_PUID:-1000}
PGID: ${REDIS_PGID:-1000} PGID: ${REDIS_PGID:-1000}
volumes: volumes:
- redis:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro

View File

@ -36,6 +36,12 @@ Pour se connecter :
docker login https://$REGISTRY_DOMAIN docker login https://$REGISTRY_DOMAIN
``` ```
## Nettoyer le registre
```sh
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged=true
```
## Aide ## Aide
Pour connaître les images du registry : Pour connaître les images du registry :

View File

@ -3,6 +3,7 @@ version: '3.8'
networks: networks:
default: default:
name: ${TRAEFIK_NETWORK_NAME} name: ${TRAEFIK_NETWORK_NAME}
external: true
services: services:
registry: registry:

View File

@ -7,7 +7,7 @@ volumes:
services: services:
registry: registry:
container_name: ${REGISTRY_CONTAINER_NAME} container_name: ${REGISTRY_CONTAINER_NAME}
image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97} image: ${REGISTRY_IMAGE:-registry:2.8.1}
restart: always restart: always
environment: environment:
REGISTRY_AUTH: htpasswd REGISTRY_AUTH: htpasswd

30
signaturepdf/.env Normal file
View File

@ -0,0 +1,30 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/signaturepdf/docker-compose.yml:${SERVICES_DIR}/signaturepdf/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
#SIGNATUREPDF_VOLUME_NAME=
#SIGNATUREPDF_CONTAINER_NAME=
#SIGNATUREPDF_IMAGE=
##############
# SIGNATUREPDF
SIGNATUREPDF_DOMAIN=pdf.cool.life
UPLOAD_MAX_FILESIZE=24M
POST_MAX_SIZE=24M
MAX_FILE_UPLOADS=201
PDF_STORAGE_PATH=/data
DISABLE_ORGANIZATION=false
PDF_DEMO_LINK=true
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

19
signaturepdf/README.md Normal file
View File

@ -0,0 +1,19 @@
# Signature de PDF
Logiciel WEB libre permettant de modifier un fichier PDF facilement.
## Information
Le service n'a pas d'image Docker officiel. Actuellement l'image a été construite et poussé sur Hub de Docker par Simon :
```
git clone git@github.com:24eme/signaturepdf.git
cd signaturepdf
docker build -t simonc/signaturepdf:latest .
docker push simonc/signaturepdf:latest
```
## 🔗 Liens
- [Github](https://github.com/24eme/signaturepdf)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/simonc/signaturepdf)

View File

@ -0,0 +1,11 @@
---
services:
signaturepdf:
labels:
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.tls.certResolver=letsencrypt
# redirect HTTP to HTTPS
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.entrypoints=web
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.scheme=https
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.permanent=true
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.middlewares=${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https

View File

@ -0,0 +1,14 @@
---
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
signaturepdf:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -0,0 +1,23 @@
---
volumes:
signaturepdf:
name: ${SIGNATUREPDF_VOLUME_NAME:-signaturepdf}
services:
signaturepdf:
container_name: ${SIGNATUREPDF_CONTAINER_NAME:-signaturepdf}
image: ${SIGNATUREPDF_IMAGE:-simonc/signaturepdf:latest}
volumes:
- signaturepdf:/data
restart: always
environment:
SERVERNAME: ${SIGNATUREPDF_DOMAIN}
UPLOAD_MAX_FILESIZE: ${UPLOAD_MAX_FILESIZE}
POST_MAX_SIZE: ${POST_MAX_SIZE}
MAX_FILE_UPLOADS: ${MAX_FILE_UPLOADS}
PDF_STORAGE_PATH: ${PDF_STORAGE_PATH}
DISABLE_ORGANIZATION: ${DISABLE_ORGANIZATION}
PDF_DEMO_LINK: ${PDF_DEMO_LINK}
DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE:-fr_FR.UTF-8}
PDF_STORAGE_ENCRYPTION: ${PDF_STORAGE_ENCRYPTION:-true}

View File

@ -1,4 +1,4 @@
version: "3.8" ---
networks: networks:
default: default:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
traefik: traefik:

View File

@ -1,4 +1,4 @@
version: "3.8" ---
services: services:
traefik: traefik:

Some files were not shown because too many files have changed in this diff Show More