ResiLien/services
3
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity

Compare commits

base: ResiLien:snikket
Branches Tags
ResiLien:main ResiLien:snikket ResiLien:vikunja ResiLien:matomo ResiLien:mariadb ResiLien:fix_hedgedoc_backup
..
compare: ResiLien:9accdf9896a108eeb6d241f7e9289fc1f0ca0e51
Branches Tags
ResiLien:main ResiLien:snikket ResiLien:vikunja ResiLien:matomo ResiLien:mariadb ResiLien:fix_hedgedoc_backup

1 Commits
snikket ... 9accdf9896

Author SHA1 Message Date
Simon C
9accdf9896 feat(LLDAP): Add new service 2023-07-05 15:04:24 +02:00
92 changed files with 272 additions and 455 deletions
Expand all files Collapse all files

2
clickhouse/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
clickhouse:

2
directus/README.md
View File

@ -6,8 +6,6 @@
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
## Liens
- [Site officiel][website]

2
directus/docker-compose.redis.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
directus:
environment:

2
directus/docker-compose.smtp.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
directus:
environment:

3
directus/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
directus:

4
directus/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
directus:
name: ${DIRECTUS_VOLUME_NAME:-directus}
@ -22,8 +24,6 @@ services:
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
DB_CLIENT: 'pg'
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8

2
drone/runner/docker-compose.dashboard.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/dashboard/
services:

2
drone/runner/docker-compose.local.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
drone-runner:
ports:

2
drone/runner/docker-compose.logging.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/logging/
services:

3
drone/runner/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
external: true
services:
drone-runner:

2
drone/runner/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/installation/linux/
services:

2
drone/server/docker-compose.cookie.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/cookie/
services:

2
drone/server/docker-compose.gitea.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:

2
drone/server/docker-compose.header.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/headers/
services:

2
drone/server/docker-compose.local.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
drone-server:
ports:

2
drone/server/docker-compose.logging.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/logging/
services:

2
drone/server/docker-compose.postgres.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/

3
drone/server/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
external: true
services:
drone-server:

2
drone/server/docker-compose.user.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
# https://docs.drone.io/server/user/registration/
services:

2
drone/server/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}

2
geoip/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
geoip:
name: ${GEOIP_VOLUME_NAME:-geoip}

2
geoipupdate/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
geoipupdate:
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}

2
gitea/docker-compose.metrics.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
gitea:

2
gitea/docker-compose.override.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
gitea:

12
gitea/docker-compose.postgres.yml
View File

@ -1,12 +0,0 @@
---
services:
gitea:
environment:
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
- GITEA__database__NAME=${POSTGRES_DB}
- GITEA__database__USER=${POSTGRES_USER}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
depends_on:
- postgres

2
gitea/docker-compose.smtp.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
gitea:

3
gitea/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
gitea:

12
gitea/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
gitea:
@ -7,11 +7,17 @@ volumes:
services:
gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
image: ${GITEA_IMAGE:-gitea/gitea:1.18.4}
restart: always
environment:
- USER_UID=${GITEA_UID:-1000}
- USER_GID=${GITEA_GID:-1000}
# Database
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
- GITEA__database__NAME=${POSTGRES_DB}
- GITEA__database__USER=${POSTGRES_USER}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
# Security
# docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
@ -21,3 +27,5 @@ services:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- postgres

2
grafana/docker-compose.postgres.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
grafana:

2
grafana/docker-compose.redis.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
grafana:

2
grafana/docker-compose.smtp.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
grafana:

3
grafana/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
grafana:

1
grafana/docker-compose.yml
View File

@ -1,4 +1,5 @@
---
version: "3.8"
volumes:
grafana:

3
hedgedoc/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
hedgedoc:

2
hedgedoc/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
hedgedoc:

3
listmonk/docker-compose.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
volumes:
listmonk:

50
lldap/.env
View File

@ -1,50 +0,0 @@
########
# DOCKER
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
#######
# LLDAP
LLDAP_DOMAIN=lldap.cool.life
LLDAP_VOLUME_NAME=lldap_cool_life
LLDAP_CONTAINER_NAME=lldap_cool_life
LLDAP_IMAGE=nitnelave/lldap:v0.4.3
LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
LLDAP_VERBOSE=true
LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
LLDAP_LDAP_USER_DN="myuser"
LLDAP_LDAP_USER_EMAIL="admin@cool.life"
LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
# LLDAP_TEST_EMAIL_TO=
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
# LLDAP_SMTP_OPTIONS__SERVER=
# LLDAP_SMTP_OPTIONS__PORT=
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
# LLDAP_SMTP_OPTIONS__USER=
# LLDAP_SMTP_OPTIONS__PASSWORD=
# LLDAP_SMTP_OPTIONS__FROM=
# LLDAP_SMTP_OPTIONS__REPLY_TO=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=lldap-postgres
POSTGRES_VOLUME_NAME=lldap-postgres
#POSTGRES_IMAGE=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

8
lldap/README.md
View File

@ -1,18 +1,18 @@
# LLDAP
> Implémentation légère de LDAP pour l'authentification :
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à Authelia en passant par Nextcloud et plus encore !
## Documentation
- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
- De base le projet utilise SQLite mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
- Lors du lancement du service un clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegardé puisque les mots de passe sont chiffrés en base avec.
## Configuration
La configuration a été séparée en 5 fichiers :
La configuration a été séparé dans 5 fichiers :
- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik

8
lldap/docker-compose.local.yml
View File

@ -1,11 +1,13 @@
---
version: "3.8"
services:
lldap:
ports:
# For LDAP
- "3890:3890"
- "3890:3890"
# For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
- "6360:6360"
- "6360:6360"
# For the web front-end
- "17170:17170"
- "17170:17170"

4
lldap/docker-compose.postgres.yml
View File

@ -1,6 +1,8 @@
---
version: "3.8"
services:
lldap:
environment:
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}

6
lldap/docker-compose.smtp.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
lldap:
environment:
@ -7,8 +9,8 @@ services:
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__ENCRYPTION}
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__TO}

25
lldap/docker-compose.traefik.yml
View File

@ -1,22 +1,23 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
lldap:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`)
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`)
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

14
lldap/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
lldap:
name: ${LLDAP_VOLUME_NAME:-lldap}
@ -13,12 +15,22 @@ services:
- "lldap:/data"
environment:
- TZ=${TIMEZONE:-Europe/Paris}
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
- LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err}
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
- LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
- LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}
- LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__ENCRYPTION}
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__TO}

2
mobilizon/docker-compose.local.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
mobilizon:
ports:

3
mobilizon/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
mobilizon:

2
mobilizon/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
mobilizon:
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}

1
nextcloud/docker-compose.config.yml
View File

@ -1,4 +1,5 @@
---
version: "3.8"
services:
nextcloud-fpm:

2
nextcloud/docker-compose.local.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
nextcloud-web:

16
nextcloud/docker-compose.postgres.yml
View File

@ -1,16 +0,0 @@
---
services:
nextcloud-fpm:
depends_on:
- postgres
environment:
&postgres-configuration
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
nextcloud-cron:
environment:
<<: *postgres-configuration

13
nextcloud/docker-compose.redis.yml
View File

@ -1,13 +0,0 @@
---
services:
nextcloud-fpm:
depends_on:
- redis
environment:
&redis-configuration
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
nextcloud-cron:
environment:
<<: *redis-configuration

6
nextcloud/docker-compose.smtp.yml
View File

@ -1,12 +1,12 @@
---
version: "3.8"
services:
nextcloud-fpm:
environment:
&smtp-configuration
SMTP_HOST: ${SMTP_HOST:?err}
SMTP_SECURE: ${SMTP_SECURE:-}
SMTP_PORT: ${SMTP_PORT:-587}
SMTP_SECURE: ${SMTP_SECURE:-ssl}
SMTP_PORT: ${SMTP_PORT:-465}
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
SMTP_NAME: ${SMTP_NAME:?err}
SMTP_PASSWORD: ${SMTP_PASSWORD:?err}

3
nextcloud/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
nextcloud-fpm:

10
nextcloud/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
nextcloud:
@ -9,6 +9,9 @@ services:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
restart: always
depends_on:
- postgres
- redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
@ -20,6 +23,11 @@ services:
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}

2
nextcloud/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:1.25.3-alpine
FROM nginx:1.23.3-alpine
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template

223
nextcloud/web/nextcloud.conf.template
View File

@ -2,32 +2,64 @@ upstream php-handler {
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
# Path to the root of your installation
root /var/www/html;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# set max upload size and increase upload timeout:
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
@ -36,137 +68,78 @@ server {
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
location / {
rewrite ^ /index.php;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
location ~ \.wasm$ {
default_type application/wasm;
}
# Optional: Don't log access to assets
access_log off;
}
location ~ \.woff2?$ {
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

2
plausible/docker-compose.clickhouse.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
clickhouse:

2
plausible/docker-compose.geoip.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
plausible:

2
plausible/docker-compose.google.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
plausible:

2
plausible/docker-compose.local.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
plausible:

2
plausible/docker-compose.smtp.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
plausible:

3
plausible/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
plausible:

2
plausible/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
plausible:

2
postgres/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
postgres:

3
prometheus/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
prometheus:

2
redis/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
redis:

1
registry/docker-compose.traefik.yml
View File

@ -3,7 +3,6 @@ version: '3.8'
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
external: true
services:
registry:

3
signaturepdf/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
signaturepdf:

2
signaturepdf/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
signaturepdf:
name: ${SIGNATUREPDF_VOLUME_NAME:-signaturepdf}

24
snikket/.env
View File

@ -1,24 +0,0 @@
########
# DOCKER
SERVICES_DIR=".."
COMPOSE_FILE=${SERVICES_DIR}/snikket/docker-compose.yml:${SERVICES_DIR}/snikket/docker-compose.local.yml
# COMPOSE_PROJECT_NAME=
## APP
# SNIKKET_DOMAIN={{ SNIKKET_DOMAIN }}
SNIKKET_CONTAINER_NAME=snikket
SNIKKET_DATA_VOLUME_NAME=snikket_data
SNIKKET_ACME_CHALLENGES_VOLUME_NAME=acme_challenges
# SNIKKET_SERVER_IMAGE=
# SNIKKET_WEB_PORTAL_IMAGE=
# SNIKKET_CERT_MANAGER_IMAGE
# SNIKKET_WEB_PROXY_IMAGE
#########
# TRAEFIK
# TRAEFIK_NETWORK_NAME=
# TRAEFIK_ROUTER_NAME=
# TRAEFIK_ENTRYPOINTS=

22
snikket/README.md
View File

@ -1,22 +0,0 @@
# Snikket
> Snikket est un service de messagerie instantanée basée sur le protocole XMPP destiné à être utilisé d'abord sur téléphone.
## Clients
Pour utiliser Snikket sur un téléphone Android, vous pouvez télécharger l'application sur F-droid (recommandé) ou sur le Google Play Store.
Sur Linux, nous recommandons le client Dino (d'abord créer son compte Snikket via le téléphone).
Sur iPhone, vous pouvez aussi télécharger l'application Snikket qui sera cependant moins complète que sur Android.
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://snikket.org
[source]: https://github.com/snikket-im/snikket-selfhosted
[documentation]: https://snikket.org/service/quickstart/
[dockerhub]: https://hub.docker.com/r/snikket/snikket-server

13
snikket/docker-compose.local.yml
View File

@ -1,13 +0,0 @@
---
version: "3.8"
services:
snikket_proxy:
network_mode: host
snikket_certs:
network_mode: host
snikket_portal:
network_mode: host
snikket_server:
network_mode: host

15
snikket/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
snikket_proxy:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-snikket}.rule=Host(`${SNIKKET_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-snikket}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

48
snikket/docker-compose.yml
View File

@ -1,48 +0,0 @@
---
version: "3.3"
services:
snikket_proxy:
container_name: ${SNIKKET_CONTAINER_NAME:-snikket}_proxy
image: ${SNIKKET_WEB_PROXY_IMAGE:-snikket/snikket-web-proxy:beta}
environment:
- SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
- SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
volumes:
- snikket_data:/snikket
- acme_challenges:/var/www/html/.well-known/acme-challenge
restart: "unless-stopped"
snikket_certs:
container_name: ${SNIKKET_CONTAINER_NAME:-snikket}-certs
image: ${SNIKKET_CERT_MANAGER_IMAGE:-snikket/snikket-cert-manager:beta}
environment:
- SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
- SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
volumes:
- snikket_data:/snikket
- acme_challenges:/var/www/.well-known/acme-challenge
restart: "unless-stopped"
snikket_portal:
container_name: ${SNIKKET_CONTAINER_NAME:-snikket}-portal
image: ${SNIKKET_WEB_PORTAL_IMAGE:-snikket/snikket-web-portal:beta}
environment:
- SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
- SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
restart: "unless-stopped"
snikket_server:
container_name: ${SNIKKET_CONTAINER_NAME:-snikket}
image: ${SNIKKET_SERVER_IMAGE:-snikket/snikket-server:beta}
volumes:
- snikket_data:/snikket
environment:
- SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
- SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
restart: "unless-stopped"
volumes:
acme_challenges:
name: ${SNIKKET_ACME_CHALLENGES_VOLUME_NAME:-acme_challenges}
snikket_data:
name: ${SNIKKET_DATA_VOLUME_NAME:-snikket_data}

2
traefik/docker-compose.network.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
networks:
default:

2
traefik/docker-compose.ovh.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
traefik:

2
traefik/docker-compose.redirect.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
traefik:

2
traefik/docker-compose.secure.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
networks:
default:

5
traefik/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
volumes:
traefik:
@ -11,7 +11,7 @@ networks:
services:
traefik:
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
image: ${TRAEFIK_IMAGE:-traefik:v2.10.4}
image: ${TRAEFIK_IMAGE:-traefik:v2.6.3}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
@ -27,7 +27,6 @@ services:
- traefik
command:
- --api.insecure=${TRAEFIK_API_INSECURE:-true}
- --api.disabledashboardad=${TRAEFIK_API_DISABLEDASHBOARDAD:-true}
- --log.level=${TRAEFIK_LOG_LEVEL:-INFO}
- --global.sendanonymoususage=${TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:-false}
- --global.checknewversion=${TRAEFIK_GLOBAL_CHECKNEWVERSION:-false}

2
uptimekuma/docker-compose.local.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
uptimekuma:
ports:

3
uptimekuma/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
uptimekuma:

2
uptimekuma/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
uptimekuma:
name: ${UPTIMEKUMA_VOLUME_NAME:-uptimekuma}

2
vaultwarden/docker-compose.postgres.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
vaultwarden:
depends_on:

2
vaultwarden/docker-compose.smtp.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
services:
vaultwarden:
environment:

3
vaultwarden/docker-compose.traefik.yml
View File

@ -1,9 +1,10 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
services:
vaultwarden:

2
vaultwarden/docker-compose.yml
View File

@ -1,5 +1,7 @@
---
version: "3.8"
volumes:
vaultwarden:
name: ${VAULTWARDEN_VOLUME_NAME:-vaultwarden}

9
vikunja/docker-compose.legal.yml
View File

@ -1,9 +0,0 @@
---
version: "3.8"
services:
vikunja_api:
environment:
VIKUNJA_LEGAL_IMPRINTURL: ${VIKUNJA_LEGAL_IMPRINTURL}
VIKUNJA_LEGAL_PRIVACYURL: ${VIKUNJA_LEGAL_PRIVACYURL}

2
vikunja/docker-compose.local.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
services:
vikunja_api:

2
vikunja/docker-compose.prometheus.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
# https://vikunja.io/docs/config-options/#metrics

2
vikunja/docker-compose.redis.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
# https://vikunja.io/docs/config-options/#redis

2
vikunja/docker-compose.smtp.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
# https://vikunja.io/docs/config-options/#mailer

3
vikunja/docker-compose.traefik.yml
View File

@ -1,9 +1,8 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
external: true
# https://vikunja.io/docs/full-docker-example/#example-with-traefik-2

30
vikunja/docker-compose.yml
View File

@ -1,4 +1,4 @@
---
version: "3.8"
# https://vikunja.io/docs/config-options
# https://vikunja.io/docs/full-docker-example/
@ -10,30 +10,13 @@ volumes:
services:
vikunja_api:
container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_api
image: ${VIKUNJA_API_IMAGE:-vikunja/api:0.21.0}
image: ${VIKUNJA_API_IMAGE:-vikunja/api:0.18.1}
restart: always
environment:
VIKUNJA_DATABASE_PATH: ${VIKUNJA_DATABASE_PATH:-./vikunja.db}
VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER:-initials}
VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID:-0}
VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED:-false}
VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME:-true}
VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL:-true}
VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED:-false}
VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME:-9:00}
VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID: ${VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID:-0}
VIKUNJA_DEFAULTSETTINGS_WEEK_START: ${VIKUNJA_DEFAULTSETTINGS_WEEK_START:-1}
VIKUNJA_DEFAULTSETTINGS_LANGUAGE: ${VIKUNJA_DEFAULTSETTINGS_LANGUAGE:-fr-FR}
VIKUNJA_DEFAULTSETTINGS_TIMEZONE: ${VIKUNJA_DEFAULTSETTINGS_TIMEZONE:-Europe/Paris}
VIKUNJA_FILES_BASEPATH: ${VIKUNJA_FILES_BASEPATH:-./files}
VIKUNJA_FILES_MAXSIZE: ${VIKUNJA_FILES_MAXSIZE:-20MB}
VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET}
VIKUNJA_SERVICE_JWTTTL: ${VIKUNJA_SERVICE_JWTTTL:-259200}
VIKUNJA_SERVICE_JWTTTLLONG: ${VIKUNJA_SERVICE_JWTTTLLONG:-2592000}
VIKUNJA_SERVICE_FRONTENDURL: ${VIKUNJA_SERVICE_FRONTENDURL:?err}
VIKUNJA_SERVICE_MAXITEMSPERPAGE: ${VIKUNJA_SERVICE_MAXITEMSPERPAGE:-50}
VIKUNJA_SERVICE_ENABLECALDAV: ${VIKUNJA_SERVICE_ENABLECALDAV:-true}
@ -45,17 +28,18 @@ services:
VIKUNJA_SERVICE_ENABLETOTP: ${VIKUNJA_SERVICE_ENABLETOTP:-true}
VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: ${VIKUNJA_SERVICE_ENABLEEMAILREMINDERS:-true}
VIKUNJA_SERVICE_ENABLEUSERDELETION: ${VIKUNJA_SERVICE_ENABLEUSERDELETION:-true}
VIKUNJA_SERVICE_ROOTPATH: ${VIKUNJA_SERVICE_ROOTPATH:-/app/vikunja/}
VIKUNJA_FILES_BASEPATH: ${VIKUNJA_FILES_BASEPATH:-./files}
VIKUNJA_FILES_MAXSIZE: ${VIKUNJA_FILES_MAXSIZE:-20MB}
PUID: ${VIKUNJA_PUID:-1000}
PGID: ${VIKUNJA_PGID:-1000}
volumes:
- vikunja:${VIKUNJA_VOLUME_PATH:-/app/vikunja/files}
- vikunja:/app/vikunja/files
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
vikunja_frontend:
container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_frontend
image: ${VIKUNJA_FRONTEND_IMAGE:-vikunja/frontend:0.21.0}
image: ${VIKUNJA_FRONTEND_IMAGE:-vikunja/frontend:0.18.2}
restart: always
depends_on:
- vikunja_api