Compare commits

...

16 Commits

Author SHA1 Message Date
Simon bbf61dc0f0 Merge pull request 'feat(LLDAP): Utilisation de la nouvelle variable plus généric' (#83) from lldap into main
Reviewed-on: #83
2024-10-17 14:14:35 +02:00
Simon a5b7aca9b7 feat(LLDAP): Utilisation de la nouvelle variable plus généric 2024-10-17 14:13:47 +02:00
Simon 1f9bd5ea4b Merge pull request 'feat(Vaultwarden): Change domain variable' (#82) from vaultwarden_domain into main
Reviewed-on: #82
2024-10-01 10:51:14 +02:00
Simon e2931630c6 feat(Vaultwarden): Change domain variable 2024-10-01 10:49:32 +02:00
Simon a0300d20d6 Merge pull request 'feat(Vaultwarden): Remove experimental configuration' (#80) from vaultwarden into main
Reviewed-on: #80
2024-08-02 16:52:54 +02:00
Simon d9653fc215 feat(Vaultwarden): Remove experimental configuration 2024-08-02 16:52:33 +02:00
Simon 15a13f1eff Merge pull request 'vaultwarden' (#79) from vaultwarden into main
## Détails

- Ajout d'une redirection automatique du trafic HTTP
- Ajout de documentation pour la traduction des mails
- Ajout des variables pour la configuration du service ainsi que du SSO

## Pourquoi

- Pour faciliter son intégration sur un serveur qui fait office de _entrypoint_
- Pour avoir des mails envoyé en Français
- Pour faciliter le déploiement de Vaultwarden

Reviewed-on: #79
2024-08-01 16:17:30 +02:00
Simon b2509bfd67 feat(Vaultwarden): Ajout de la configuration SSO 2024-08-01 16:13:57 +02:00
Simon 78300c3bf4 feat(Vaultwarden): Ajout de variable de configuration du service 2024-08-01 16:13:57 +02:00
Simon 2630301d58 feat(Vaultwarden): Ajout de documentation pour la traduction des mails 2024-08-01 16:13:57 +02:00
Simon 3f2a4b78fb feat(Vaultwarden): Ajout d'une configuration de Traefik pour redirection automatique HTTP 2024-08-01 16:13:57 +02:00
Simon 342d7bfa58 Merge pull request 'Mise à jour de SignaturePDF' (#78) from signaturepdf into main
## Détails

- Ajout des dernière variables par défaut
- Ajout d'une redirection HTTP vers HTTPS

## Pourquoi

- Pour changer les variables si besoin
- Pour pouvoir mettre en place la redirection facilement

Reviewed-on: #78
2024-07-31 10:49:27 +02:00
Simon fad68813ae feat(SignaturePDF): Add Traefik redirection 2024-07-31 10:48:05 +02:00
Simon f4d72bff12 feat(SignaturePDF): Add default variable for # Installation variable 2024-07-31 10:48:05 +02:00
Simon 532c0a9c7b feat(SignaturePDF): Add default language variable 2024-07-31 10:48:05 +02:00
Simon e24754bc44 feat(SignaturePDF): Add Traefik entrypoints variable 2024-07-31 10:48:05 +02:00
12 changed files with 78 additions and 9 deletions

View File

@ -8,7 +8,7 @@ COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/dock
####### #######
# LLDAP # LLDAP
LLDAP_DOMAIN=lldap.cool.life SERVICE_DOMAIN=lldap.cool.life
LLDAP_VOLUME_NAME=lldap_cool_life LLDAP_VOLUME_NAME=lldap_cool_life
LLDAP_CONTAINER_NAME=lldap_cool_life LLDAP_CONTAINER_NAME=lldap_cool_life
LLDAP_IMAGE=nitnelave/lldap:v0.4.3 LLDAP_IMAGE=nitnelave/lldap:v0.4.3

View File

@ -10,13 +10,13 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`) - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt # - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170 - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511 # https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`) # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890 # - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

View File

@ -16,7 +16,7 @@ services:
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false} - LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err} - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
- LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err} - LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err} - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err} - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}

View File

@ -0,0 +1,11 @@
---
services:
signaturepdf:
labels:
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.tls.certResolver=letsencrypt
# redirect HTTP to HTTPS
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.entrypoints=web
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.scheme=https
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.permanent=true
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.middlewares=${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https

View File

@ -11,4 +11,4 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`) - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=web - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -19,3 +19,5 @@ services:
PDF_STORAGE_PATH: ${PDF_STORAGE_PATH} PDF_STORAGE_PATH: ${PDF_STORAGE_PATH}
DISABLE_ORGANIZATION: ${DISABLE_ORGANIZATION} DISABLE_ORGANIZATION: ${DISABLE_ORGANIZATION}
PDF_DEMO_LINK: ${PDF_DEMO_LINK} PDF_DEMO_LINK: ${PDF_DEMO_LINK}
DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE:-fr_FR.UTF-8}
PDF_STORAGE_ENCRYPTION: ${PDF_STORAGE_ENCRYPTION:-true}

View File

@ -9,7 +9,7 @@ COMPOSE_FILE=${SERVICES_DIR}/vaultwarden/docker-compose.yml
#VAULTWARDEN_IMAGE= #VAULTWARDEN_IMAGE=
#VAULTWARDEN_VOLUME_NAME= #VAULTWARDEN_VOLUME_NAME=
VAULTWARDEN_DOMAIN=vaultwarden.local SERVICE_DOMAIN=vaultwarden.local
#VAULTWARDEN_LOG_LEVEL= #VAULTWARDEN_LOG_LEVEL=
#VAULTWARDEN_SIGNUPS_ALLOWED=false #VAULTWARDEN_SIGNUPS_ALLOWED=false

View File

@ -10,6 +10,20 @@ Toutes les variables de configuration du service sont disponibles à [cette adre
[Les clients de Bitwarden](https://bitwarden.com/#download) sont compatibles avec le serveur. [Les clients de Bitwarden](https://bitwarden.com/#download) sont compatibles avec le serveur.
## Ajout des mails en Français
Il est possible de [traduire les mails](https://github.com/dani-garcia/vaultwarden/wiki/Translating-the-email-templates).
```
. .env
cd /var/lib/docker/volumes/${VAULTWARDEN_VOLUME_NAME}/_data/
mkdir templates && cd templates
wget https://github.com/YoanSimco/vaultwarden-lang-fr/archive/refs/heads/main.zip
unzip main.zip
mv vaultwarden-lang-fr/email .
rm vaultwarden-lang-fr-main/ main.zip -rf
```
## Liens ## Liens
- [Documentation][documentation] - [Documentation][documentation]

View File

@ -0,0 +1,25 @@
---
services:
vaultwarden:
environment:
SSO_ENABLED: ${SSO_ENABLED:-true}
SSO_ONLY: ${SSO_ONLY:-true}
SSO_SIGNUPS_MATCH_EMAIL: ${SSO_SIGNUPS_MATCH_EMAIL:-true}
SSO_AUTHORITY: ${SSO_AUTHORITY}
SSO_SCOPES: ${SSO_SCOPES:-email groups profile offline_access}
SSO_AUTHORIZE_EXTRA_PARAMS: ${SSO_AUTHORIZE_EXTRA_PARAMS:-}
SSO_PKCE: ${SSO_PKCE:-false}
SSO_CLIENT_ID: ${SSO_CLIENT_ID}
SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
# SSO_MASTER_PASSWORD_POLICY: ${SSO_MASTER_PASSWORD_POLICY:-}
SSO_AUTH_ONLY_NOT_SESSION: ${SSO_AUTH_ONLY_NOT_SESSION:-false}
SSO_CLIENT_CACHE_EXPIRATION: ${SSO_CLIENT_CACHE_EXPIRATION:-0}
SSO_DEBUG_TOKENS: ${SSO_DEBUG_TOKENS:-false}
SSO_FRONTEND: ${SSO_FRONTEND:-override}
# SSO_EXPERIMENTAL_NO_MASTER_PWD: ${SSO_EXPERIMENTAL_NO_MASTER_PWD:-false}
SSO_ROLES_ENABLED: ${SSO_ROLES_ENABLED:-false}
SSO_ROLES_DEFAULT_TO_USER: ${SSO_ROLES_DEFAULT_TO_USER:-false}
SSO_ORGANIZATIONS_INVITE: ${SSO_ORGANIZATIONS_INVITE:-false}

View File

@ -0,0 +1,12 @@
---
services:
vaultwarden:
labels:
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.tls.certResolver=letsencrypt
# redirect HTTP to HTTPS
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.rule=Host(`${SERVICE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.entrypoints=web
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.scheme=https
- traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.permanent=true
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.middlewares=${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https

View File

@ -10,5 +10,5 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${VAULTWARDEN_DOMAIN:?err}`) - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${SERVICE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -11,10 +11,15 @@ services:
restart: always restart: always
environment: environment:
ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?err} ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?err}
DOMAIN: https://${VAULTWARDEN_DOMAIN:?err} DOMAIN: https://${SERVICE_DOMAIN:?err}
SENDS_ALLOWED: ${SENDS_ALLOWED:-true}
TRASH_AUTO_DELETE_DAYS: ${TRASH_AUTO_DELETE_DAYS:-}
DISABLE_ICON_DOWNLOAD: ${DISABLE_ICON_DOWNLOAD:-false}
SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
SIGNUPS_VERIFY: ${SIGNUPS_VERIFY:-false}
SIGNUPS_DOMAINS_WHITELIST: ${SIGNUPS_DOMAINS_WHITELIST:-}
INVITATION_ORG_NAME: ${VAULTWARDEN_INVITATION_ORG_NAME:-Vaultwarden} INVITATION_ORG_NAME: ${VAULTWARDEN_INVITATION_ORG_NAME:-Vaultwarden}
LOG_LEVEL: ${VAULTWARDEN_LOG_LEVEL:-Info} LOG_LEVEL: ${VAULTWARDEN_LOG_LEVEL:-Info}
SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
volumes: volumes:
- vaultwarden:/data - vaultwarden:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro