Merge pull request 'feat(LLDAP): Utilisation de la nouvelle variable plus généric' (#83) from lldap into main

Reviewed-on: #83

lldap/.env

@@ -8,7 +8,7 @@ COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/dock
 #######
 # LLDAP
 
-LLDAP_DOMAIN=lldap.cool.life
+SERVICE_DOMAIN=lldap.cool.life
 LLDAP_VOLUME_NAME=lldap_cool_life
 LLDAP_CONTAINER_NAME=lldap_cool_life
 LLDAP_IMAGE=nitnelave/lldap:v0.4.3

lldap/docker-compose.traefik.yml

@@ -10,13 +10,13 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
       # - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
       - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
       - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
 
       # https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
-      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`)
+      # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
       # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
       # - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890

lldap/docker-compose.yml

@@ -16,7 +16,7 @@ services:
       - LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
 
       - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
-      - LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err}
+      - LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
 
       - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
       - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}

signaturepdf/docker-compose.traefik.https.yml

@@ -0,0 +1,11 @@
+---
+services:
+  signaturepdf:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}_http.middlewares=${TRAEFIK_ROUTER_NAME:-signaturepdf}_redirect_https

signaturepdf/docker-compose.traefik.yml

@@ -11,4 +11,4 @@ services:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.rule=Host(`${SIGNATUREPDF_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=web
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-signaturepdf}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

signaturepdf/docker-compose.yml

@@ -19,3 +19,5 @@ services:
       PDF_STORAGE_PATH: ${PDF_STORAGE_PATH}
       DISABLE_ORGANIZATION: ${DISABLE_ORGANIZATION}
       PDF_DEMO_LINK: ${PDF_DEMO_LINK}
+      DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE:-fr_FR.UTF-8}
+      PDF_STORAGE_ENCRYPTION: ${PDF_STORAGE_ENCRYPTION:-true}

snikket/.env

@@ -1,24 +0,0 @@
-########
-# DOCKER
-
-SERVICES_DIR=".."
-COMPOSE_FILE=${SERVICES_DIR}/snikket/docker-compose.yml:${SERVICES_DIR}/snikket/docker-compose.local.yml
-# COMPOSE_PROJECT_NAME=
-
-## APP
-
-# SNIKKET_DOMAIN={{ SNIKKET_DOMAIN }}
-SNIKKET_CONTAINER_NAME=snikket
-SNIKKET_DATA_VOLUME_NAME=snikket_data
-SNIKKET_ACME_CHALLENGES_VOLUME_NAME=acme_challenges
-# SNIKKET_SERVER_IMAGE=
-# SNIKKET_WEB_PORTAL_IMAGE=
-# SNIKKET_CERT_MANAGER_IMAGE
-# SNIKKET_WEB_PROXY_IMAGE
-
-#########
-# TRAEFIK
-
-# TRAEFIK_NETWORK_NAME=
-# TRAEFIK_ROUTER_NAME=
-# TRAEFIK_ENTRYPOINTS=

snikket/README.md

@@ -1,22 +0,0 @@
-# Snikket
-
-> Snikket est un service de messagerie instantanée basée sur le protocole XMPP destiné à être utilisé d'abord sur téléphone.
-
-## Clients
-
-Pour utiliser Snikket sur un téléphone Android, vous pouvez télécharger l'application sur F-droid (recommandé) ou sur le Google Play Store.
-
-Sur Linux, nous recommandons le client Dino (d'abord créer son compte Snikket via le téléphone).
-Sur iPhone, vous pouvez aussi télécharger l'application Snikket qui sera cependant moins complète que sur Android.
-
-## Liens
-
-- [Site Officiel][site]
-- [Documentation][documentation]
-- [Code source][source]
-- [Docker Hub][dockerhub]
-
-[site]: https://snikket.org
-[source]: https://github.com/snikket-im/snikket-selfhosted
-[documentation]: https://snikket.org/service/quickstart/
-[dockerhub]: https://hub.docker.com/r/snikket/snikket-server

snikket/docker-compose.local.yml

@@ -1,13 +0,0 @@
----
-
-version: "3.8"
-
-services:
-  snikket_proxy:
-    network_mode: host
-  snikket_certs:
-    network_mode: host
-  snikket_portal:
-    network_mode: host
-  snikket_server:
-    network_mode: host

snikket/docker-compose.traefik.yml

@@ -1,15 +0,0 @@
----
-
-version: "3.8"
-
-networks:
-  default:
-    name: ${TRAEFIK_NETWORK_NAME:-traefik}
-
-services:
-  snikket_proxy:
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-snikket}.rule=Host(`${SNIKKET_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-snikket}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

snikket/docker-compose.yml

@@ -1,48 +0,0 @@
----
-
-version: "3.3"
-
-services:
-  snikket_proxy:
-    container_name: ${SNIKKET_CONTAINER_NAME:-snikket}_proxy
-    image: ${SNIKKET_WEB_PROXY_IMAGE:-snikket/snikket-web-proxy:beta}
-    environment:
-      - SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
-      - SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
-    volumes:
-      - snikket_data:/snikket
-      - acme_challenges:/var/www/html/.well-known/acme-challenge
-    restart: "unless-stopped"
-  snikket_certs:
-    container_name: ${SNIKKET_CONTAINER_NAME:-snikket}-certs
-    image: ${SNIKKET_CERT_MANAGER_IMAGE:-snikket/snikket-cert-manager:beta}
-    environment:
-      - SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
-      - SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
-    volumes:
-      - snikket_data:/snikket
-      - acme_challenges:/var/www/.well-known/acme-challenge
-    restart: "unless-stopped"
-  snikket_portal:
-    container_name: ${SNIKKET_CONTAINER_NAME:-snikket}-portal
-    image: ${SNIKKET_WEB_PORTAL_IMAGE:-snikket/snikket-web-portal:beta}
-    environment:
-      - SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
-      - SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
-    restart: "unless-stopped"
-
-  snikket_server:
-    container_name: ${SNIKKET_CONTAINER_NAME:-snikket}
-    image: ${SNIKKET_SERVER_IMAGE:-snikket/snikket-server:beta}
-    volumes:
-      - snikket_data:/snikket
-    environment:
-      - SNIKKET_DOMAIN: ${SNIKKET_DOMAIN:?err}
-      - SNIKKET_ADMIN_EMAIL: ${SNIKKET_ADMIN_EMAIL:?err}
-    restart: "unless-stopped"
-
-volumes:
-  acme_challenges:
-    name: ${SNIKKET_ACME_CHALLENGES_VOLUME_NAME:-acme_challenges}
-  snikket_data:
-    name: ${SNIKKET_DATA_VOLUME_NAME:-snikket_data}

vaultwarden/.env

@@ -9,7 +9,7 @@ COMPOSE_FILE=${SERVICES_DIR}/vaultwarden/docker-compose.yml
 
 #VAULTWARDEN_IMAGE=
 #VAULTWARDEN_VOLUME_NAME=
-VAULTWARDEN_DOMAIN=vaultwarden.local
+SERVICE_DOMAIN=vaultwarden.local
 
 #VAULTWARDEN_LOG_LEVEL=
 #VAULTWARDEN_SIGNUPS_ALLOWED=false

vaultwarden/README.md

@@ -10,6 +10,20 @@ Toutes les variables de configuration du service sont disponibles à [cette adre
 
 [Les clients de Bitwarden](https://bitwarden.com/#download) sont compatibles avec le serveur.
 
+## Ajout des mails en Français
+
+Il est possible de [traduire les mails](https://github.com/dani-garcia/vaultwarden/wiki/Translating-the-email-templates).
+
+```
+. .env
+cd /var/lib/docker/volumes/${VAULTWARDEN_VOLUME_NAME}/_data/
+mkdir templates && cd templates
+wget https://github.com/YoanSimco/vaultwarden-lang-fr/archive/refs/heads/main.zip
+unzip main.zip
+mv vaultwarden-lang-fr/email .
+rm vaultwarden-lang-fr-main/ main.zip -rf
+```
+
 ## Liens
 
 - [Documentation][documentation]

vaultwarden/docker-compose.sso.yml

@@ -0,0 +1,25 @@
+---
+
+services:
+  vaultwarden:
+    environment:
+      SSO_ENABLED: ${SSO_ENABLED:-true}
+      SSO_ONLY: ${SSO_ONLY:-true}
+      SSO_SIGNUPS_MATCH_EMAIL: ${SSO_SIGNUPS_MATCH_EMAIL:-true}
+      SSO_AUTHORITY: ${SSO_AUTHORITY}
+      SSO_SCOPES: ${SSO_SCOPES:-email groups profile offline_access}
+      SSO_AUTHORIZE_EXTRA_PARAMS: ${SSO_AUTHORIZE_EXTRA_PARAMS:-}
+      SSO_PKCE: ${SSO_PKCE:-false}
+      SSO_CLIENT_ID: ${SSO_CLIENT_ID}
+      SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
+      # SSO_MASTER_PASSWORD_POLICY: ${SSO_MASTER_PASSWORD_POLICY:-}
+      SSO_AUTH_ONLY_NOT_SESSION: ${SSO_AUTH_ONLY_NOT_SESSION:-false}
+      SSO_CLIENT_CACHE_EXPIRATION: ${SSO_CLIENT_CACHE_EXPIRATION:-0}
+      SSO_DEBUG_TOKENS: ${SSO_DEBUG_TOKENS:-false}
+
+      SSO_FRONTEND: ${SSO_FRONTEND:-override}
+      # SSO_EXPERIMENTAL_NO_MASTER_PWD: ${SSO_EXPERIMENTAL_NO_MASTER_PWD:-false}
+      SSO_ROLES_ENABLED: ${SSO_ROLES_ENABLED:-false}
+      SSO_ROLES_DEFAULT_TO_USER: ${SSO_ROLES_DEFAULT_TO_USER:-false}
+
+      SSO_ORGANIZATIONS_INVITE: ${SSO_ORGANIZATIONS_INVITE:-false}

vaultwarden/docker-compose.traefik.https.yml

@@ -0,0 +1,12 @@
+---
+
+services:
+  vaultwarden:
+    labels:
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.tls.certResolver=letsencrypt
+      # redirect HTTP to HTTPS
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.rule=Host(`${SERVICE_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.entrypoints=web
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.scheme=https
+      - traefik.http.middlewares.${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https.redirectscheme.permanent=true
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}_http.middlewares=${TRAEFIK_ROUTER_NAME:-vaultwarden}_redirect_https

vaultwarden/docker-compose.traefik.yml

@@ -10,5 +10,5 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${VAULTWARDEN_DOMAIN:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.rule=Host(`${SERVICE_DOMAIN:?err}`)
       - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vaultwarden}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

vaultwarden/docker-compose.yml

@@ -11,10 +11,15 @@ services:
     restart: always
     environment:
       ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?err}
-      DOMAIN: https://${VAULTWARDEN_DOMAIN:?err}
+      DOMAIN: https://${SERVICE_DOMAIN:?err}
+      SENDS_ALLOWED: ${SENDS_ALLOWED:-true}
+      TRASH_AUTO_DELETE_DAYS: ${TRASH_AUTO_DELETE_DAYS:-}
+      DISABLE_ICON_DOWNLOAD: ${DISABLE_ICON_DOWNLOAD:-false}
+      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
+      SIGNUPS_VERIFY: ${SIGNUPS_VERIFY:-false}
+      SIGNUPS_DOMAINS_WHITELIST: ${SIGNUPS_DOMAINS_WHITELIST:-}
       INVITATION_ORG_NAME: ${VAULTWARDEN_INVITATION_ORG_NAME:-Vaultwarden}
       LOG_LEVEL: ${VAULTWARDEN_LOG_LEVEL:-Info}
-      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-true}
     volumes:
       - vaultwarden:/data
       - /etc/timezone:/etc/timezone:ro