ResiLien/services
3
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity

Compare commits

base: ResiLien:matomo
Branches Tags
ResiLien:main ResiLien:snikket ResiLien:vikunja ResiLien:matomo ResiLien:mariadb ResiLien:fix_hedgedoc_backup
..
compare: ResiLien:fix_hedgedoc_backup
Branches Tags
ResiLien:main ResiLien:snikket ResiLien:vikunja ResiLien:matomo ResiLien:mariadb ResiLien:fix_hedgedoc_backup

1 Commits
matomo ... fix_hedged

Author SHA1 Message Date
Simon C
951490a1da fix: Backup uploaded files 
Environment variables take precedence over configurations from the config files, so don't backup it.
 2021-09-15 22:32:50 +02:00
86 changed files with 432 additions and 1565 deletions
Expand all files Collapse all files

21
README.md
View File

@ -1,33 +1,28 @@
# Services # Services
Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt. Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
## Liste des services ## Liste des services
### Pour les utilisateurs ### Pour les utilisateurs
- [Directus](./directus) : Permet d'administrer une base de données
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel - [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
- [Matomo](./matomo) : Logiciel libre et open source de mesure de statistiques web
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration - [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
### Pour les devs / ops ### Pour les devs / ops
- [Drone](./drone) : Un service d'intégration continue - [Drone](./drone) `en pause` : Un service d'intégration continue
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab. - [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Grafana](./grafana) : Un outil de supervision simple et élégant - [Grafana](./grafana) : Un outil de supervision simple et élégant
- [MariaDB](./mariadb) : MariaDB est un système de gestion de base de données, un fork communautaire de MySQL
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet. - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique - [Prometheus](./prometheus) : Un logiciel de surveillance informatique
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances - [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs - [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker - [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
## Comment ça marche ? ## Comment ça marche ?
Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples). Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
### Docker et Docker Compose ### Docker et Docker Compose
@ -40,11 +35,9 @@ Voici les commandes de base :
### ./run ### ./run
> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service. Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.
Vous pouvez lancer le script sans paramètres pour afficher la documentation du script. Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
## Documentation ## Documentation
@ -62,8 +55,6 @@ En haut de chaque script il y a `set -eu` qui veut dire :
## Tâches ## Tâches
> 🚧 Ses tâches ne sont pas à jour
Général : Général :
- [ ] Mettre en place une rotation des logs - [ ] Mettre en place une rotation des logs

54
directus/.env
View File

@ -1,54 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
##########
# DIRECTUS
#
# see https://github.com/directus/directus/blob/main/api/example.env
DIRECTUS_CONTAINER_NAME=directus_cool_life
DIRECTUS_DOMAIN=directus.cool.life
DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
DIRECTUS_ADMIN_EMAIL=admin@example.com
DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
EMAIL_SMTP_HOST=mail.example.org
#EMAIL_SMTP_PORT=
EMAIL_SMTP_USER=user
EMAIL_SMTP_PASSWORD=password
#EMAIL_SMTP_SECURE=
#EMAIL_SMTP_IGNORE_TLS=
# DIRECTUS_PUID=
# DIRECTUS_PGID=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=directus-postgres
POSTGRES_VOLUME_NAME=directus-postgres
#POSTGRES_IMAGE=
#######
# REDIS
#REDIS_CONTAINER_NAME=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

18
directus/README.md
View File

@ -1,18 +0,0 @@
# Directus
> Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker][docker]
[website]: https://directus.io/
[docker]: https://hub.docker.com/r/directus/directus
[github]: https://github.com/directus/directus/
[documentation]: https://docs.directus.io/reference/environment-variables/

10
directus/docker-compose.redis.yml
View File

@ -1,10 +0,0 @@
---
version: "3.8"
services:
directus:
environment:
CACHE_ENABLED: 'true'
CACHE_STORE: 'redis'
CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'

15
directus/docker-compose.smtp.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
services:
directus:
environment:
EMAIL_TRANSPORT: smtp
EMAIL_FROM: ${EMAIL_FROM:?err}
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}

15
directus/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
directus:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web

38
directus/docker-compose.yml
View File

@ -1,38 +0,0 @@
---
version: "3.8"
volumes:
directus:
name: ${DIRECTUS_VOLUME_NAME:-directus}
services:
directus:
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
restart: always
volumes:
- directus:/directus/uploads
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- postgres
- redis
environment:
KEY: ${DIRECTUS_KEY:?err}
SECRET: ${DIRECTUS_SECRET:?err}
TELEMETRY: false
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
DB_CLIENT: 'pg'
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
DB_PORT: '5432'
DB_DATABASE: ${POSTGRES_DB:?err}
DB_USER: ${POSTGRES_USER:?err}
DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
PUID: ${DIRECTUS_PUID:-1000}
PGID: ${DIRECTUS_PGID:-1000}

37
drone/.env Normal file
View File

@ -0,0 +1,37 @@
## DOCKER
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
TRAEFIK_NETWORK_NAME=kifeart
## DRONE SERVER
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:1.7.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
# https://docs.drone.io/server/reference/
DRONE_GIT_ALWAYS_AUTH=true
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
# https://docs.drone.io/server/provider/gitea/
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
## DRONE RUNNER
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
DRONE_RUNNER_CONTAINER_NAME=drone-runner
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_NAME=ci-runner.cool.life
DRONE_RUNNER_UI_USERNAME=kosssi
DRONE_RUNNER_UI_PASSWORD=$not$a$password

16
drone/README.md
View File

@ -4,22 +4,6 @@
> >
> <cite>[Codeflow][article]</cite> > <cite>[Codeflow][article]</cite>
## Documentation
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
Le service est basé sur 2 briques :
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
- le coté exécution des tâches (_[runner](./runner)_).
### Génération de clé
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
```
openssl rand -hex 16
```
## Liens ## Liens
- [Site internet][site] - [Site internet][site]

10
drone/docker-compose.gitea.yml Normal file
View File

@ -0,0 +1,10 @@
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}

22
drone/docker-compose.traefik.yml Normal file
View File

@ -0,0 +1,22 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
traefik.http.routers.drone-server.entrypoints: 'web'
drone-runner:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
traefik.http.routers.drone-runner.entrypoints: 'web'

41
drone/docker-compose.yml Normal file
View File

@ -0,0 +1,41 @@
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME}
image: ${DRONE_SERVER_IMAGE}
restart: always
environment:
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
DRONE_LOGS_DEBUG: 'true'
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE}
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
DRONE_RPC_PROTO: http
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
DRONE_DEBUG: 'true'

36
drone/runner/.env
View File

@ -1,36 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
#COMPOSE_PROJECT_NAME=
## DRONE RUNNER
#https://docs.drone.io/runner/docker/configuration/reference/
### Docker
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
DRONE_RUNNER_CONTAINER_NAME=drone-server
### Drone
# https://docs.drone.io/runner/docker/installation/linux/
DRONE_RPC_HOST=drone.cool.life
DRONE_RPC_PROTO=https
DRONE_RPC_SECRET=change-me
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=drone-runner
DRONE_UI_USERNAME=resilien
DRONE_UI_PASSWORD=change-me
DRONE_UI_DISABLE=false
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

11
drone/runner/README.md
View File

@ -1,11 +0,0 @@
# Drone CI Runner
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
## Installation
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.

15
drone/runner/docker-compose.dashboard.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/dashboard/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}

8
drone/runner/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
drone-runner:
ports:
- "3000:3000"

15
drone/runner/docker-compose.logging.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/logging/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
DRONE_DEBUG: ${DRONE_DEBUG:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}

15
drone/runner/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-runner:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

26
drone/runner/docker-compose.yml
View File

@ -1,26 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/installation/linux/
services:
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}

65
drone/server/.env
View File

@ -1,65 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## DRONE SERVER
# https://docs.drone.io/server/reference/
### Docker
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:2.8.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
### Drone
DRONE_RPC_SECRET=change-me
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
### User
DRONE_ADMIN_USER=resilien
DRONE_ADMIN_TOKEN=change-me
DRONE_USER_FILTER=resilien
DRONE_REGISTRATION_CLOSED=true
### Gitea
# https://docs.drone.io/server/provider/gitea/
#DRONE_GIT_ALWAYS_AUTH=
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=change-me
## Header
# https://docs.drone.io/server/headers/
#DRONE_HTTP_SSL_REDIRECT=
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
#DRONE_HTTP_SSL_HOST=
#DRONE_HTTP_STS_SECONDS=
### Cookie
# https://docs.drone.io/server/cookie/
DRONE_COOKIE_SECRET=change-me
#DRONE_COOKIE_TIMEOUT=720h
### POSTGRES
# https://docs.drone.io/server/storage/encryption/
DRONE_DATABASE_SECRET=change-me
POSTGRES_USER=user
POSTGRES_PASSWORD=password
POSTGRES_VOLUME_NAME=postgres
POSTGRES_CONTAINER_NAME=postgres
POSTGRES_DB=drone
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

41
drone/server/README.md
View File

@ -1,41 +0,0 @@
# Drone CI Server
## Installation
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
## Configuration
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
### Installation du CLI
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
### Configuration du CLI en local
Il faut :
- l'url de l'instance (`DRONE_SERVER_HOST`)
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
```
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
```
[Documentation officielle](https://docs.drone.io/cli/configure/)
### Les utilisateurs
Il faut ajouter les utilisateurs non admin :
```
drone user add kosssi
drone user add killian
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
```
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)

13
drone/server/docker-compose.cookie.yml
View File

@ -1,13 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/cookie/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-cookie-secret/
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
# https://docs.drone.io/server/reference/drone-cookie-timeout/
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days

17
drone/server/docker-compose.gitea.yml
View File

@ -1,17 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-git-always-auth/
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
# https://docs.drone.io/server/reference/drone-gitea-server/
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-id/
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}

13
drone/server/docker-compose.header.yml
View File

@ -1,13 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/headers/
services:
drone-server:
environment:
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}

8
drone/server/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
drone-server:
ports:
- "3000:3000"

19
drone/server/docker-compose.logging.yml
View File

@ -1,19 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/logging/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-logs-debug/
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
# https://docs.drone.io/server/reference/drone-logs-text/
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
# https://docs.drone.io/server/reference/drone-logs-pretty/
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
# https://docs.drone.io/server/reference/drone-logs-color/
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
# https://docs.drone.io/server/reference/drone-logs-trace/
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}

16
drone/server/docker-compose.postgres.yml
View File

@ -1,16 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-database-secret/
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
# https://docs.drone.io/server/reference/drone-database-driver/
DRONE_DATABASE_DRIVER: postgres
# https://docs.drone.io/server/reference/drone-database-datasource/
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable

15
drone/server/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

15
drone/server/docker-compose.user.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/user/registration/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-user-create/
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
# https://docs.drone.io/server/reference/drone-user-filter/
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
# https://docs.drone.io/server/reference/drone-registration-closed/
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}

24
drone/server/docker-compose.yml
View File

@ -1,24 +0,0 @@
---
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
restart: always
environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
# https://docs.drone.io/server/reference/drone-server-host/
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
# https://docs.drone.io/server/reference/drone-server-proto/
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

2
examples/README.md
View File

@ -13,5 +13,3 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
## DOCKER_HOST ## DOCKER_HOST
Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit sexécuter sur ce serveur. Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit sexécuter sur ce serveur.
> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur

9
geoip/.env
View File

@ -1,9 +0,0 @@
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=blablabla
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=

22
geoip/docker-compose.yml
View File

@ -1,22 +0,0 @@
---
version: "3.8"
volumes:
geoip:
name: ${GEOIP_VOLUME_NAME:-geoip}
services:
geoip:
image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoip:${GEOIP_DOWNLOAD_PATH:-/data}
environment:
EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
LOG_JSON: ${GEOIP_LOG_JSON:-false}

2
gitea/README.md
View File

@ -4,8 +4,6 @@
> >
> <cite>[Documentation][documentation]</cite> > <cite>[Documentation][documentation]</cite>
Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
## Commandes ## Commandes
```sh ```sh

6
gitea/docker-compose.metrics.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
gitea:
environment:
- GITEA__METRICS__ENABLED=true

12
gitea/docker-compose.smtp.yml
View File

@ -1,12 +0,0 @@
version: "3.8"
services:
gitea:
environment:
- GITEA__mailer__ENABLED=true
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
- GITEA__mailer__MAILER_TYPE=smtp
- GITEA__mailer__HOST=${GITEA__mailer__HOST:?GITEA__mailer__HOST not set}
- GITEA__mailer__IS_TLS_ENABLED=true
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""

4
gitea/docker-compose.yml
View File

@ -7,13 +7,13 @@ volumes:
services: services:
gitea: gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea} container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a} image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
restart: always restart: always
environment: environment:
# - USER_UID=1000 # - USER_UID=1000
# - USER_GID=1000 # - USER_GID=1000
DB_TYPE: postgres DB_TYPE: postgres
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8 DB_HOST: postgres:5432
DB_NAME: ${POSTGRES_DB} DB_NAME: ${POSTGRES_DB}
DB_USER: ${POSTGRES_USER} DB_USER: ${POSTGRES_USER}
DB_PASSWD: ${POSTGRES_PASSWORD} DB_PASSWD: ${POSTGRES_PASSWORD}

43
grafana/.env
View File

@ -1,44 +1,3 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
#########
# GRAFANA
GRAFANA_DOMAIN=grafana.cool.life GRAFANA_DOMAIN=grafana.cool.life
#GRAFANA_VOLUME_NAME=
#GRAFANA_CONTAINER_NAME=
#GRAFANA_IMAGE=
GF_SECURITY_ADMIN_USER=admin GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=password GF_SECURITY_ADMIN_PASSWORD=admin
#GF_SECURITY_DISABLE_GRAVATAR=
#GF_SECURITY_COOKIE_SECURE=
#GF_USERS_ALLOW_SIGN_UP=
GF_INSTALL_PLUGINS=grafana-piechart-panel
######
# SMTP
#GF_SMTP_HOST=
#GF_SMTP_USER=
#GF_SMTP_PASSWORD=
#GF_SMTP_FROM_ADDRESS=
#GF_SMTP_FROM_NAME=
#######
# REDIS
#GF_REMOTE_CACHE_CONNSTR=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

19
grafana/README.md
View File

@ -1,19 +0,0 @@
# Grafana
> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
>
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
## 🔧 Configuration
La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
## 🔗 Liens
- [Site officiel](https://grafana.com)
- [La documentation](https://grafana.com/docs)
- [Github](https://github.com/grafana/grafana)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)

11
grafana/docker-compose.postgres.yml
View File

@ -1,11 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#database
GF_DATABASE_TYPE: postgres
GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
GF_DATABASE_NAME: ${POSTGRES_DB:?err}
GF_DATABASE_USER: ${POSTGRES_USER:?err}
GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}

8
grafana/docker-compose.redis.yml
View File

@ -1,8 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
GF_REMOTE_CACHE_TYPE: redis
GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}

12
grafana/docker-compose.smtp.yml
View File

@ -1,12 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
GF_SMTP_ENABLED: true
GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
GF_SMTP_USER: ${GF_SMTP_USER:?err}
GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}

13
grafana/docker-compose.traefik.yml
View File

@ -1,13 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
grafana:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

20
grafana/docker-compose.yml
View File

@ -1,5 +1,9 @@
--- ---
version: "3.8" version: "3"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
volumes: volumes:
grafana: grafana:
@ -8,17 +12,17 @@ volumes:
services: services:
grafana: grafana:
container_name: ${GRAFANA_CONTAINER_NAME:-grafana} container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48} image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
restart: always restart: always
volumes: volumes:
- grafana:/var/lib/grafana - grafana:/var/lib/grafana
environment: environment:
GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err} GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err} GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false} GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
traefik.http.routers.grafana.entrypoints: 'web'

19
hedgedoc/README.md
View File

@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :
## Configuration ## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées. [De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env). Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).
@ -21,23 +21,6 @@ Lancer le service :
docker-compose up -d docker-compose up -d
``` ```
## Debug
### Se connecter à la base de données
```shell
. .env
docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
```
### Traitement des notes vides
```
SELECT count(*) FROM public."Notes" WHERE content = '';
SELECT * FROM public."Notes" WHERE content = '';
DELETE FROM public."Notes" WHERE content = '';
```
## Liens ## Liens
- [Site officiel][website] - [Site officiel][website]

9
hedgedoc/docker-compose.yml
View File

@ -7,7 +7,7 @@ volumes:
services: services:
hedgedoc: hedgedoc:
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc} container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f} image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres
@ -17,17 +17,14 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
# https://docs.hedgedoc.org/configuration/ # https://docs.hedgedoc.org/configuration/
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err} CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err} CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err} CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
NODE_ENV: ${NODE_ENV:-development} # `production` or `development` NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false} CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true} CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false} CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true} CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
PGID: ${PGID:-1000} PGID: ${PGID:-1000}
PUID: ${PUID:-1000} PUID: ${PUID:-1000}

8
mariadb/.env
View File

@ -1,8 +0,0 @@
#MARIADB_CONTAINER_NAME=
#MARIADB_VOLUME_NAME=
#MARIADB_IMAGE=
MARIADB_ROOT_PASSWORD=replace-me
MARIADB_USER=user-example
MARIADB_PASSWORD=password-example
MARIADB_DATABASE=mariadb-database-name-example
#MARIADB_COMMAND=

28
mariadb/README.md
View File

@ -1,28 +0,0 @@
# MariaDB
> MariaDB est un système de gestion de base de données édité sous licence GPL. Il s'agit d'un fork communautaire de MySQL
>
> <cite>[Wikipédia][wikipedia]</cite>
## Configuration
Les variables contenu dans `.env` permettent de changer :
- `MARIADB_IMAGE` : la version
- `MARIADB_ROOT_PASSWORD` : le mot de passe _root_
- `MARIADB_USER` : le nom d'utilisateur
- `MARIADB_PASSWORD` : le mot de passe
- `MARIADB_DATABASE` : le nom de la base de données
- `MARIADB_CONTAINER_NAME` (par defaut _mariadb_) : le nom du conteneur
- `MARIADB_VOLUME_NAME` (par defaut _mariadb_) : le nom du volume
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/MariaDB
[site]: https://mariadb.org/
[source]: https://github.com/MariaDB/server
[dockerhub]: https://hub.docker.com/_/mariadb/

23
mariadb/docker-compose.yml
View File

@ -1,23 +0,0 @@
version: "3.8"
volumes:
mariadb:
name: ${MARIADB_VOLUME_NAME:-mariadb}
services:
mariadb:
container_name: ${MARIADB_CONTAINER_NAME:-mariadb}
image: ${MARIADB_IMAGE:-mariadb:10.7.1-focal}
command: ${MARIADB_COMMAND}
restart: always
environment:
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD:?err}
MARIADB_USER: ${MARIADB_USER:?err}
MARIADB_PASSWORD: ${MARIADB_PASSWORD:?err}
MARIADB_DATABASE: ${MARIADB_DATABASE:?err}
PUID: ${MARIADB_PUID:-1000}
PGID: ${MARIADB_PGID:-1000}
volumes:
- mariadb:/var/lib/mysql
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

35
matomo/.env
View File

@ -1,35 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/matomo/docker-compose.yml:${SERVICES_DIR}/matomo/docker-compose.local.yml:${SERVICES_DIR}/mariadb/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
#MATOMO_DOMAIN=matomo.cool.life
#MATOMO_CONTAINER_NAME=
#MATOMO_VOLUME_NAME=
#MATOMO_IMAGE=
#PHP_MEMORY_LIMIT=
##########
# MARIADB
#MARIADB_CONTAINER_NAME=
#MARIADB_VOLUME_NAME=
#MARIADB_IMAGE=
MARIADB_ROOT_PASSWORD=replace-me
MARIADB_USER=user-example
MARIADB_PASSWORD=password-example
MARIADB_DATABASE=mariadb-database-name-example
MARIADB_COMMAND=--max-allowed-packet=64MB
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

22
matomo/README.md
View File

@ -1,22 +0,0 @@
# Matomo
> Matomo, anciennement Piwik, est un logiciel libre et open source de mesure de statistiques web, conçu pour être une alternative libre à Google Analytics.
>
> <cite>[Wikipédia][wikipedia]</cite>
## Commande
```
docker compose exec --user www-data matomo-fpm php console
```
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/Matomo_(logiciel)
[site]: https://fr.matomo.org/
[source]: https://github.com/matomo-org/matomo
[dockerhub]: https://hub.docker.com/_/matomo/

6
matomo/docker-compose.local.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
matomo-web:
ports:
- ${LOCAL_PORT:-80}:80

15
matomo/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
matomo-web:
environment:
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.rule=Host(`${MATOMO_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

42
matomo/docker-compose.yml
View File

@ -1,42 +0,0 @@
version: "3.8"
volumes:
matomo:
name: ${MATOMO_VOLUME_NAME:-matomo}
services:
matomo-fpm:
container_name: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
image: ${MATOMO_IMAGE:-matomo:4.7.1-fpm-alpine}
restart: always
environment:
MATOMO_DATABASE_HOST: ${MARIADB_CONTAINER_NAME:-mariadb}
MATOMO_DATABASE_ADAPTER: mysql
MATOMO_DATABASE_TABLES_PREFIX: matomo_
MATOMO_DATABASE_USERNAME: ${MARIADB_USER:?err}
MATOMO_DATABASE_PASSWORD: ${MARIADB_PASSWORD:?err}
MATOMO_DATABASE_DBNAME: ${MARIADB_DATABASE:?err}
PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-256M}
PUID: ${MATOMO_PUID:-1000}
PGID: ${MATOMO_PGID:-1000}
depends_on:
- mariadb
volumes:
- matomo:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
matomo-web:
container_name: ${MATOMO_CONTAINER_NAME:-matomo}-web
build: web
restart: always
environment:
MATOMO_FPM_CONTAINER_NAME: ${MATOMO_CONTAINER_NAME:-matomo}-fpm
PUID: ${MATOMO_PUID:-1000}
PGID: ${MATOMO_PGID:-1000}
depends_on:
- matomo-fpm
volumes:
- matomo:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

3
matomo/web/Dockerfile
View File

@ -1,3 +0,0 @@
FROM nginx:1.21.6-alpine
COPY matomo.conf.template /etc/nginx/templates/default.conf.template

70
matomo/web/matomo.conf.template
View File

@ -1,70 +0,0 @@
upstream php-handler {
server ${MATOMO_FPM_CONTAINER_NAME}:9000;
}
server {
listen 80;
server_name ${MATOMO_DOMAIN}
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
root /var/www/html; # replace with path to your matomo instance
index index.php;
try_files $uri $uri/ =404;
## only allow accessing the following php files
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass php-handler;
}
## deny access to all other .php files
location ~* ^.+\.php$ {
deny all;
return 403;
}
## disable all access to the following directories
location ~ /(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ /(libs|vendor|plugins|misc/user) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}

63
mobilizon/.env
View File

@ -1,63 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
#COMPOSE_PROJECT_NAME=
############
## MOBILIZON
MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
MOBILIZON_DOMAIN=mobilizon.lan
#MOBILIZON_INSTANCE_PORT=4000
MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
MOBILIZON_INSTANCE_SECRET_KEY=changethis
MOBILIZON_SMTP_SERVER=localhost
MOBILIZON_SMTP_HOSTNAME=localhost
MOBILIZON_SMTP_PORT=25
MOBILIZON_SMTP_SSL=false
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
MOBILIZON_SMTP_PASSWORD=password
#MOBILIZON_PUID=
#MOBILIZON_PGID=
#######
# GEOIP
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=
##########
# POSTGRES
POSTGRES_USER=mobilizon_user
POSTGRES_PASSWORD=mobilizon_password
POSTGRES_DB=mobilizon_db
#POSTGRES_CONTAINER_NAME=mobilizon_postgres
#POSTGRES_VOLUME_NAME=mobilizon_postgres
POSTGRES_IMAGE=kartoza/postgis:14-3.1
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

23
mobilizon/README.md
View File

@ -1,23 +0,0 @@
# Mobilizon
> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
>
> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
## Configuration
Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
## Liens
- 🌐 [Site website](https://joinmobilizon.org)
- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
- 💻 Source officiel :
- [le logiciel](https://framagit.org/framasoft/mobilizon)
- [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
- 📜 [Documentation](https://docs.joinmobilizon.org)
- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)

8
mobilizon/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
mobilizon:
ports:
- "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"

15
mobilizon/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
mobilizon:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

47
mobilizon/docker-compose.yml
View File

@ -1,47 +0,0 @@
---
version: "3.8"
volumes:
mobilizon:
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
services:
mobilizon:
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
restart: always
depends_on:
- postgres
- geoip
volumes:
- mobilizon:/var/lib/mobilizon/uploads
# - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
- geoip:/var/lib/mobilizon/geo_db
environment:
MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
PUID: ${MOBILIZON_PUID:-1000}
PGID: ${MOBILIZON_PGID:-1000}

42
nextcloud/.env
View File

@ -1,49 +1,23 @@
######## ## DOCKER
# DOCKER
#DOCKER_CONTEXT= COMPOSE_FILE=./docker-compose.yml
#DOCKER_HOST= #DOCKER_HOST=
SERVICES_DIR=.. TRAEFIK_NETWORK_NAME=kifeart
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP ## APP
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
NEXTCLOUD_CONTAINER_NAME=nextcloud NEXTCLOUD_CONTAINER_NAME=nextcloud
NEXTCLOUD_VOLUME_NAME=nextcloud NEXTCLOUD_VOLUME_NAME=nextcloud
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_ADMIN_USER=user NEXTCLOUD_ADMIN_USER: user
NEXTCLOUD_ADMIN_PASSWORD=password NEXTCLOUD_ADMIN_PASSWORD: password
#SMTP_HOST=mail.test.org # DATABASE
#SMTP_SECURE= # Voir la description ../postgres/README.md
#SMTP_PORT=
#SMTP_AUTHTYPE=
#SMTP_NAME=test@test.org
#SMTP_PASSWORD=blablablabla
#MAIL_FROM_ADDRESS=no-reply
#MAIL_DOMAIN=test.org
##########
# POSTGRES
POSTGRES_USER=user-example POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=nextcloud-postgres POSTGRES_CONTAINER_NAME=nextcloud-postgres
POSTGRES_VOLUME_NAME=nextcloud-postgres POSTGRES_VOLUME_NAME=nextcloud-postgres
#POSTGRES_IMAGE=
#######
# REDIS
REDIS_CONTAINER_NAME=nextcloud-redis
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

4
nextcloud/README.md
View File

@ -10,12 +10,10 @@
> >
> -- <cite>[Github][github]</cite> > -- <cite>[Github][github]</cite>
On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/). On peut trouver [la documentation ici][documentation].
## Aide ## Aide
Exemple de commande :
```sh ```sh
docker exec --user www-data -it nextcloud bash docker exec --user www-data -it nextcloud bash

6
nextcloud/docker-compose.local.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
nextcloud-web:
ports:
- ${LOCAL_PORT:-80}:80

13
nextcloud/docker-compose.smtp.yml
View File

@ -1,13 +0,0 @@
version: "3.8"
services:
nextcloud-fpm:
environment:
SMTP_HOST: ${SMTP_HOST?err} # The hostname of the SMTP server.
SMTP_SECURE: ${SMTP_SECURE:-ssl} # Set to ssl to use SSL, or tls to use STARTTLS.
SMTP_PORT: ${SMTP_PORT:-465}
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
SMTP_NAME: ${SMTP_NAME?err}
SMTP_PASSWORD: ${SMTP_PASSWORD?err}
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
MAIL_DOMAIN: ${MAIL_DOMAIN}

18
nextcloud/docker-compose.traefik.yml
View File

@ -1,18 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
nextcloud-web:
environment:
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/

108
nextcloud/docker-compose.yml
View File

@ -1,60 +1,98 @@
version: "3.8" version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
volumes: volumes:
nextcloud: nextcloud:
name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud} name: ${NEXTCLOUD_VOLUME_NAME}
nextcloud-postgres:
name: ${POSTGRES_VOLUME_NAME}
services: services:
nextcloud-fpm:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
restart: always
depends_on:
- postgres
- redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
nextcloud-web: nextcloud-web:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web container_name: nextcloud-web
build: web build: ./web
restart: always restart: always
environment:
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
depends_on: depends_on:
- nextcloud-fpm - nextcloud-fpm
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
nextcloud-fpm:
container_name: nextcloud-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
restart: always
hostname: ${NEXTCLOUD_DOMAIN}
depends_on:
- nextcloud-postgres
- nextcloud-redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
OVERWRITEPROTOCOL: 'https'
APACHE_DISABLE_REWRITE_IP: '1'
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
OVERWRITEPROTOCOL: 'https'
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_USER: ${POSTGRES_USER}
REDIS_HOST: 'nextcloud-redis'
PUID: 1001
PGID: 119
nextcloud-postgres:
container_name: ${POSTGRES_CONTAINER_NAME}
image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
PUID: 1001
PGID: 119
volumes:
- nextcloud-postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
nextcloud-redis:
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
container_name: nextcloud-redis
restart: always
environment:
PUID: 1001
PGID: 119
volumes:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
nextcloud-cron: nextcloud-cron:
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine} image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron container_name: nextcloud-cron
restart: always restart: always
depends_on: depends_on:
- nextcloud-web - nextcloud-web
entrypoint: /cron.sh entrypoint: /cron.sh
environment: environment:
PUID: ${NEXTCLOUD_PUID:-1000} PUID: 1001
PGID: ${NEXTCLOUD_PGID:-1000} PGID: 119
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

4
nextcloud/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:1.21.5-alpine FROM nginx:1.21.1-alpine
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template COPY nginx.conf /etc/nginx/nginx.conf

145
nextcloud/web/nextcloud.conf.template
View File

@ -1,145 +0,0 @@
upstream php-handler {
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

174
nextcloud/web/nginx.conf Normal file
View File

@ -0,0 +1,174 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud-fpm:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

4
postgres/docker-compose.yml
View File

@ -7,14 +7,12 @@ volumes:
services: services:
postgres: postgres:
container_name: ${POSTGRES_CONTAINER_NAME:-postgres} container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3} image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
restart: always restart: always
environment: environment:
POSTGRES_USER: ${POSTGRES_USER:?err} POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err} POSTGRES_DB: ${POSTGRES_DB:?err}
PUID: ${POSTGRES_PUID:-1000}
PGID: ${POSTGRES_PGID:-1000}
volumes: volumes:
- postgres:/var/lib/postgresql/data - postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

21
prometheus/.env
View File

@ -1,21 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
############
# PROMETHEUS
#PROMETHEUS_IMAGE=
PROMETHEUS_DOMAIN=prometheus.cool.life
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

3
prometheus/Dockerfile
View File

@ -1,3 +0,0 @@
ARG PROMETHEUS_IMAGE
FROM $PROMETHEUS_IMAGE
ADD prometheus.yml /etc/prometheus/

16
prometheus/README.md
View File

@ -1,16 +0,0 @@
# Prometheus
> Prometheus est un logiciel libre de surveillance informatique et générateur d'alertes. Il enregistre des métriques en temps réel dans une base de données de séries temporelles (avec une capacité d'acquisition élevée) en se basant sur le contenu de point d'entrée exposé à l'aide du protocole HTTP.
>
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Prometheus_(logiciel))</cite>
## 🔧 Configuration
Pour configurer le service il faut ajouter un fichier prometheus.yml décrivant votre configuration. Vous retrouverz toutes les informations sur la page de [documentation officielle](https://prometheus.io/docs/prometheus/latest/configuration/configuration/).
## 🔗 Liens
- [Site officiel](https://prometheus.io/)
- [La documentation](https://prometheus.io/docs/)
- [Github](https://github.com/prometheus/prometheus)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/prom/prometheus)

15
prometheus/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
prometheus:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.rule=Host(`${PROMETHEUS_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

18
prometheus/docker-compose.yml
View File

@ -1,18 +0,0 @@
---
version: '3.8'
volumes:
prometheus:
name: ${PROMETHEUS_VOLUME_NAME:-prometheus}
services:
prometheus:
container_name: ${PROMETHEUS_CONTAINER_NAME:-prometheus}
build:
context: .
args:
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
volumes:
- prometheus:/prometheus
restart: always

16
prometheus/node-exporter/docker-compose.yml Normal file
View File

@ -0,0 +1,16 @@
---
version: '3.8'
services:
node_exporter:
image: ${NODE_EXPORTER_IMAGE:-quay.io/prometheus/node-exporter:v1.2.0}
container_name: node_exporter
command:
- '--path.rootfs=/host --collector.textfile.directory=/host/var/lib/node_exporter/textfile_collector'
network_mode: host
pid: host
restart: unless-stopped
expose:
- 9100
volumes:
- '/:/host:ro,rslave'

2
redis/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.8"
services: services:
redis: redis:
image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d} image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
container_name: ${REDIS_CONTAINER_NAME:-redis} container_name: ${REDIS_CONTAINER_NAME:-redis}
restart: always restart: always
environment: environment:

2
registry/.env
View File

@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart
## REGISTRY ## REGISTRY
#REGISTRY_IMAGE= REGISTRY_IMAGE=registry:2.7.1
REGISTRY_CUSTOM_IMAGE=custom/registry REGISTRY_CUSTOM_IMAGE=custom/registry
REGISTRY_DOMAIN=registry.cool.life REGISTRY_DOMAIN=registry.cool.life
REGISTRY_VOLUME_NAME=registry REGISTRY_VOLUME_NAME=registry

2
registry/docker-compose.yml
View File

@ -7,7 +7,7 @@ volumes:
services: services:
registry: registry:
container_name: ${REGISTRY_CONTAINER_NAME} container_name: ${REGISTRY_CONTAINER_NAME}
image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97} image: ${REGISTRY_IMAGE}
restart: always restart: always
environment: environment:
REGISTRY_AUTH: htpasswd REGISTRY_AUTH: htpasswd

17
traefik/docker-compose.ovh.yml
View File

@ -1,17 +0,0 @@
version: "3.8"
services:
traefik:
environment:
OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
OVH_ENDPOINT: ${OVH_ENDPOINT:-ovh-eu}
OVH_POLLING_INTERVAL: ${OVH_POLLING_INTERVAL:-30}
OVH_PROPAGATION_TIMEOUT: ${OVH_PROPAGATION_TIMEOUT:-3600}
command:
- --certificatesResolvers.ovh.acme.dnsChallenge=true
- --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
# - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
- --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}

14
traefik/docker-compose.redirect.yml
View File

@ -1,14 +0,0 @@
version: "3.8"
services:
traefik:
command:
# Redirection HTTP to HTTPS
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
# Redirection to remove www.
traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'

26
traefik/docker-compose.secure.yml
View File

@ -1,26 +0,0 @@
version: "3.8"
networks:
default:
driver: bridge
services:
traefik:
ports:
- target: 443
published: 443
protocol: tcp
mode: host
command:
- --providers.file.filename=/traefik/dynamic_conf.toml
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
- --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
labels:
traefik.http.routers.traefik.entrypoints: 'websecure'
traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
traefik.http.routers.traefik.priority: '2000'

35
traefik/docker-compose.yml
View File

@ -11,11 +11,11 @@ networks:
services: services:
traefik: traefik:
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik} container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
image: ${TRAEFIK_IMAGE:-traefik:v2.6.0@sha256:b22bd53ef626cf3667390c3e3651936b08f9c0c9107e3a6faf02e6dc06b3e0c0} image: ${TRAEFIK_IMAGE:-traefik:v2.5.2}
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- traefik:/traefik - ${TRAEFIK_VOLUME_NAME:-traefik}:/traefik
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
@ -24,26 +24,25 @@ services:
protocol: tcp protocol: tcp
mode: host mode: host
networks: networks:
- traefik - ${TRAEFIK_NETWORK_NAME:-traefik}
command: command:
- --api.insecure=${TRAEFIK_API_INSECURE:-true} - --api.insecure=true
- --log.level=${TRAEFIK_LOG_LEVEL:-INFO} - --log.level=INFO
- --global.sendanonymoususage=${TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:-false} - --global.sendanonymoususage=false
- --global.checknewversion=${TRAEFIK_GLOBAL_CHECKNEWVERSION:-false} - --global.checknewversion=false
- --pilot.dashboard=${TRAEFIK_PILOT_DASHBOARD:-false} - --pilot.dashboard=false
- --metrics.prometheus=${TRAEFIK_METRICS_PROMETHEUS:-true} - --metrics.prometheus=true
- --accesslog=${TRAEFIK_ACCESSLOG:-false}
- --providers.docker - --providers.docker
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
- --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- --entryPoints.traefik.address=:8080 - --entrypoints.web.address=:80
- --entryPoints.web.forwardedHeaders.insecure
- --entrypoints.${TRAEFIK_ENTRYPOINTS:-web}.address=:80
- --entryPoints.${TRAEFIK_ENTRYPOINTS:-web}.forwardedHeaders.insecure
labels: labels:
- traefik.enable=true traefik.enable: 'true'
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:?err}`)
- traefik.http.routers.traefik.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} traefik.http.routers.traefik.rule: 'Host(`${TRAEFIK_DOMAIN:?err}`)'
- traefik.http.services.traefik.loadbalancer.server.port=8080 traefik.http.routers.traefik.entrypoints: 'web'
traefik.http.services.traefik.loadbalancer.server.port: '8080'

2
watchtower/.env
View File

@ -1,5 +1,5 @@
WATCHTOWER_CONTAINER_NAME=watchtower WATCHTOWER_CONTAINER_NAME=watchtower
#WATCHTOWER_IMAGE= WATCHTOWER_IMAGE=containrrr/watchtower:1.0.3
REGISTRY_DOMAIN=registry.cool.life REGISTRY_DOMAIN=registry.cool.life
REGISTRY_USER=kosssi REGISTRY_USER=kosssi
REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O

2
watchtower/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3.8'
services: services:
watchtower: watchtower:
container_name: ${WATCHTOWER_CONTAINER_NAME} container_name: ${WATCHTOWER_CONTAINER_NAME}
image: ${WATCHTOWER_IMAGE:-containrrr/watchtower:1.4.0@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3} image: ${WATCHTOWER_IMAGE}
restart: always restart: always
command: -i 60 --label-enable --cleanup --debug command: -i 60 --label-enable --cleanup --debug
# --debug # --debug