resilien
/
services
Archived
2
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

Compare commits

base: resilien:main
Branches Tags
resilien:main
resilien:matomo
resilien:mariadb
resilien:docs
resilien:fix_hedgedoc_backup
..
compare: resilien:fix_hedgedoc_backup
Branches Tags
resilien:main
resilien:matomo
resilien:mariadb
resilien:docs
resilien:fix_hedgedoc_backup

1 Commits
main ... fix_hedged

Author SHA1 Message Date
Simon 951490a1da fix: Backup uploaded files 
Environment variables take precedence over configurations from the config files, so don't backup it.
 2021-09-15 22:32:50 +02:00
123 changed files with 531 additions and 2311 deletions
Show Stats Expand all files Collapse all files

28
README.md
View File

@ -1,38 +1,28 @@
# Services
Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt.
Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
## Liste des services
### Pour les utilisateurs
- [Directus](./directus) : Permet d'administrer une base de données
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
- [Vikunja](./vikunja) : L'application pour organiser sa vie
### Pour les devs / ops
- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
- [Drone](./drone) : Un service d'intégration continue
- [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Drone](./drone) `en pause` : Un service d'intégration continue
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Grafana](./grafana) : Un outil de supervision simple et élégant
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
- [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
- [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
## Comment ça marche ?
Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples).
Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
### Docker et Docker Compose
@ -45,11 +35,9 @@ Voici les commandes de base :
### ./run
> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.
Vous pouvez lancer le script sans paramètres pour afficher la documentation du script.
Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
## Documentation
@ -67,8 +55,6 @@ En haut de chaque script il y a `set -eu` qui veut dire :
## Tâches
> 🚧 Ses tâches ne sont pas à jour
Général :
- [ ] Mettre en place une rotation des logs

3
clickhouse/.env
View File

@ -1,3 +0,0 @@
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=

16
clickhouse/README.md
View File

@ -1,16 +0,0 @@
# ClickHouse
> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
>
> <cite>[Wikipédia][wikipedia]</cite>
## Liens
- [Site Officiel][site]
- [Code source][source]
- [Docker Hub][dockerhub]
[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
[site]: https://clickhouse.com/
[source]: https://github.com/ClickHouse/ClickHouse
[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server

19
clickhouse/docker-compose.yml
View File

@ -1,19 +0,0 @@
version: "3.8"
volumes:
clickhouse:
name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
services:
clickhouse:
container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
restart: always
volumes:
- clickhouse:/var/lib/clickhouse
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ulimits:
nofile:
soft: 262144
hard: 262144

56
directus/.env
View File

@ -1,56 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
##########
# DIRECTUS
#
# see https://github.com/directus/directus/blob/main/api/example.env
DIRECTUS_CONTAINER_NAME=directus_cool_life
DIRECTUS_DOMAIN=directus.cool.life
DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
DIRECTUS_ADMIN_EMAIL=admin@example.com
DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
EMAIL_SMTP_HOST=mail.example.org
#EMAIL_SMTP_PORT=
EMAIL_SMTP_USER=user
EMAIL_SMTP_PASSWORD=password
#EMAIL_SMTP_SECURE=
#EMAIL_SMTP_IGNORE_TLS=
# DIRECTUS_PUID=
# DIRECTUS_PGID=
##########
# POSTGRES
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=directus-postgres
POSTGRES_VOLUME_NAME=directus-postgres
#POSTGRES_IMAGE=
#######
# REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

18
directus/README.md
View File

@ -1,18 +0,0 @@
# Directus
> Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker][docker]
[website]: https://directus.io/
[docker]: https://hub.docker.com/r/directus/directus
[github]: https://github.com/directus/directus/
[documentation]: https://docs.directus.io/reference/environment-variables/

10
directus/docker-compose.redis.yml
View File

@ -1,10 +0,0 @@
---
version: "3.8"
services:
directus:
environment:
CACHE_ENABLED: 'true'
CACHE_STORE: 'redis'
CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'

15
directus/docker-compose.smtp.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
services:
directus:
environment:
EMAIL_TRANSPORT: smtp
EMAIL_FROM: ${EMAIL_FROM:?err}
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}

15
directus/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
directus:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web

38
directus/docker-compose.yml
View File

@ -1,38 +0,0 @@
---
version: "3.8"
volumes:
directus:
name: ${DIRECTUS_VOLUME_NAME:-directus}
services:
directus:
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
restart: always
volumes:
- directus:/directus/uploads
depends_on:
- postgres
- redis
environment:
KEY: ${DIRECTUS_KEY:?err}
SECRET: ${DIRECTUS_SECRET:?err}
TELEMETRY: false
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
DB_CLIENT: 'pg'
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
DB_PORT: '5432'
DB_DATABASE: ${POSTGRES_DB:?err}
DB_USER: ${POSTGRES_USER:?err}
DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
TZ: ${TZ:-Europe/Paris}
PUID: ${DIRECTUS_PUID:-1000}
PGID: ${DIRECTUS_PGID:-1000}

37
drone/.env Normal file
View File

@ -0,0 +1,37 @@
## DOCKER
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
TRAEFIK_NETWORK_NAME=kifeart
## DRONE SERVER
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:1.7.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
# https://docs.drone.io/server/reference/
DRONE_GIT_ALWAYS_AUTH=true
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
# https://docs.drone.io/server/provider/gitea/
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
## DRONE RUNNER
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
DRONE_RUNNER_CONTAINER_NAME=drone-runner
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_NAME=ci-runner.cool.life
DRONE_RUNNER_UI_USERNAME=kosssi
DRONE_RUNNER_UI_PASSWORD=$not$a$password

16
drone/README.md
View File

@ -4,22 +4,6 @@
>
> <cite>[Codeflow][article]</cite>
## Documentation
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
Le service est basé sur 2 briques :
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
- le coté exécution des tâches (_[runner](./runner)_).
### Génération de clé
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
```
openssl rand -hex 16
```
## Liens
- [Site internet][site]

10
drone/docker-compose.gitea.yml Normal file
View File

@ -0,0 +1,10 @@
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}

22
drone/docker-compose.traefik.yml Normal file
View File

@ -0,0 +1,22 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
traefik.http.routers.drone-server.entrypoints: 'web'
drone-runner:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
traefik.http.routers.drone-runner.entrypoints: 'web'

41
drone/docker-compose.yml Normal file
View File

@ -0,0 +1,41 @@
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME}
image: ${DRONE_SERVER_IMAGE}
restart: always
environment:
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
DRONE_LOGS_DEBUG: 'true'
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE}
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
DRONE_RPC_PROTO: http
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
DRONE_DEBUG: 'true'

36
drone/runner/.env
View File

@ -1,36 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
#COMPOSE_PROJECT_NAME=
## DRONE RUNNER
#https://docs.drone.io/runner/docker/configuration/reference/
### Docker
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
DRONE_RUNNER_CONTAINER_NAME=drone-server
### Drone
# https://docs.drone.io/runner/docker/installation/linux/
DRONE_RPC_HOST=drone.cool.life
DRONE_RPC_PROTO=https
DRONE_RPC_SECRET=change-me
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=drone-runner
DRONE_UI_USERNAME=resilien
DRONE_UI_PASSWORD=change-me
DRONE_UI_DISABLE=false
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

11
drone/runner/README.md
View File

@ -1,11 +0,0 @@
# Drone CI Runner
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
## Installation
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.

15
drone/runner/docker-compose.dashboard.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/dashboard/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}

8
drone/runner/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
drone-runner:
ports:
- "3000:3000"

15
drone/runner/docker-compose.logging.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/logging/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
DRONE_DEBUG: ${DRONE_DEBUG:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}

15
drone/runner/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-runner:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

26
drone/runner/docker-compose.yml
View File

@ -1,26 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/installation/linux/
services:
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}

65
drone/server/.env
View File

@ -1,65 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## DRONE SERVER
# https://docs.drone.io/server/reference/
### Docker
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:2.8.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
### Drone
DRONE_RPC_SECRET=change-me
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
### User
DRONE_ADMIN_USER=resilien
DRONE_ADMIN_TOKEN=change-me
DRONE_USER_FILTER=resilien
DRONE_REGISTRATION_CLOSED=true
### Gitea
# https://docs.drone.io/server/provider/gitea/
#DRONE_GIT_ALWAYS_AUTH=
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=change-me
## Header
# https://docs.drone.io/server/headers/
#DRONE_HTTP_SSL_REDIRECT=
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
#DRONE_HTTP_SSL_HOST=
#DRONE_HTTP_STS_SECONDS=
### Cookie
# https://docs.drone.io/server/cookie/
DRONE_COOKIE_SECRET=change-me
#DRONE_COOKIE_TIMEOUT=720h
### POSTGRES
# https://docs.drone.io/server/storage/encryption/
DRONE_DATABASE_SECRET=change-me
POSTGRES_USER=user
POSTGRES_PASSWORD=password
POSTGRES_VOLUME_NAME=postgres
POSTGRES_CONTAINER_NAME=postgres
POSTGRES_DB=drone
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

41
drone/server/README.md
View File

@ -1,41 +0,0 @@
# Drone CI Server
## Installation
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
## Configuration
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
### Installation du CLI
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
### Configuration du CLI en local
Il faut :
- l'url de l'instance (`DRONE_SERVER_HOST`)
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
```
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
```
[Documentation officielle](https://docs.drone.io/cli/configure/)
### Les utilisateurs
Il faut ajouter les utilisateurs non admin :
```
drone user add kosssi
drone user add killian
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
```
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)

13
drone/server/docker-compose.cookie.yml
View File

@ -1,13 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/cookie/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-cookie-secret/
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
# https://docs.drone.io/server/reference/drone-cookie-timeout/
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days

17
drone/server/docker-compose.gitea.yml
View File

@ -1,17 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-git-always-auth/
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
# https://docs.drone.io/server/reference/drone-gitea-server/
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-id/
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}

13
drone/server/docker-compose.header.yml
View File

@ -1,13 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/headers/
services:
drone-server:
environment:
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}

8
drone/server/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
drone-server:
ports:
- "3000:3000"

19
drone/server/docker-compose.logging.yml
View File

@ -1,19 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/logging/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-logs-debug/
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
# https://docs.drone.io/server/reference/drone-logs-text/
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
# https://docs.drone.io/server/reference/drone-logs-pretty/
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
# https://docs.drone.io/server/reference/drone-logs-color/
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
# https://docs.drone.io/server/reference/drone-logs-trace/
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}

16
drone/server/docker-compose.postgres.yml
View File

@ -1,16 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-database-secret/
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
# https://docs.drone.io/server/reference/drone-database-driver/
DRONE_DATABASE_DRIVER: postgres
# https://docs.drone.io/server/reference/drone-database-datasource/
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable

15
drone/server/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

15
drone/server/docker-compose.user.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
# https://docs.drone.io/server/user/registration/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-user-create/
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
# https://docs.drone.io/server/reference/drone-user-filter/
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
# https://docs.drone.io/server/reference/drone-registration-closed/
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}

24
drone/server/docker-compose.yml
View File

@ -1,24 +0,0 @@
---
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
restart: always
environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
# https://docs.drone.io/server/reference/drone-server-host/
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
# https://docs.drone.io/server/reference/drone-server-proto/
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

2
examples/README.md
View File

@ -13,5 +13,3 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
## DOCKER_HOST
Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit sexécuter sur ce serveur.
> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur

9
geoip/.env
View File

@ -1,9 +0,0 @@
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=blablabla
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=

22
geoip/docker-compose.yml
View File

@ -1,22 +0,0 @@
---
version: "3.8"
volumes:
geoip:
name: ${GEOIP_VOLUME_NAME:-geoip}
services:
geoip:
image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoip:${GEOIP_DOWNLOAD_PATH:-/data}
environment:
EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
LOG_JSON: ${GEOIP_LOG_JSON:-false}

10
geoipupdate/.env
View File

@ -1,10 +0,0 @@
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
GEOIPUPDATE_ACCOUNT_ID=<change-me>
GEOIPUPDATE_LICENSE_KEY=<change-me>
#GEOIPUPDATE_EDITION_IDS=
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=

14
geoipupdate/README.md
View File

@ -1,14 +0,0 @@
# HedgeDoc
> Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
## Liens
- [Site officiel][website]
- [Github][github]
- [L'image Docker de LinuxServer][docker]
[website]: https://www.maxmind.com/en/home
[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
[github]: https://github.com/maxmind/geoipupdate
[documentation]: https://dev.maxmind.com/geoip/updating-databases

22
geoipupdate/docker-compose.yml
View File

@ -1,22 +0,0 @@
---
version: "3.8"
volumes:
geoipupdate:
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
services:
geoipupdate:
image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
restart: always
volumes:
- geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
environment:
GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}

36
gitea/.env
View File

@ -1,34 +1,26 @@
########
# DOCKER
COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml
SERVICES_DIR=".."
COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
# APP
#######
# GITEA
GITEA_VOLUME_NAME=gitea
GITEA_PROTOCOL=http
GITEA_DOMAIN=gitea.lan
# APP CONFIG
# https://docs.gitea.io/en-us/install-with-docker/#environments-variables
GITEA_DOMAIN=gitea.lan
GITEA_VOLUME_NAME=gitea
GITEA_IMAGE=gitea/gitea:1.18.4
GITEA_PROTOCOL=http
GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
# SMTP
GITEA__mailer__FROM='"Name" <email@example.com>'
GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
GITEA__mailer__SMTP_PORT=465
GITEA__mailer__USER=gitea.lan
GITEA__mailer__PASSWD=gitea.lan
DISABLE_SSH=true
RUN_MODE=prod
ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN}
DISABLE_REGISTRATION=true
DISABLE_GRAVATAR=true
#INSTALL_LOCK=true
# DATABASE
# Voir la description ../postgres/README.md
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=gitea-postgres
POSTGRES_VOLUME_NAME=gitea-postgres
POSTGRES_IMAGE=postgres:15.2-alpine

2
gitea/README.md
View File

@ -4,8 +4,6 @@
>
> <cite>[Documentation][documentation]</cite>
Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
## Commandes
```sh

6
gitea/docker-compose.metrics.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
gitea:
environment:
- GITEA__METRICS__ENABLED=true

14
gitea/docker-compose.smtp.yml
View File

@ -1,14 +0,0 @@
version: "3.8"
services:
gitea:
environment:
- GITEA__mailer__ENABLED=true
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}

12
gitea/docker-compose.traefik.yml
View File

@ -7,8 +7,10 @@ networks:
services:
gitea:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)'
traefik.http.routers.gitea.entrypoints: 'web'
traefik.http.services.gitea.loadbalancer.server.port: '3000'

22
gitea/docker-compose.yml
View File

@ -7,22 +7,16 @@ volumes:
services:
gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.18.4}
image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
restart: always
environment:
- USER_UID=${GITEA_UID:-1000}
- USER_GID=${GITEA_GID:-1000}
# Database
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
- GITEA__database__NAME=${POSTGRES_DB}
- GITEA__database__USER=${POSTGRES_USER}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
# Security
# docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
# docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
- GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
# - USER_UID=1000
# - USER_GID=1000
DB_TYPE: postgres
DB_HOST: postgres:5432
DB_NAME: ${POSTGRES_DB}
DB_USER: ${POSTGRES_USER}
DB_PASSWD: ${POSTGRES_PASSWORD}
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro

47
grafana/.env
View File

@ -1,48 +1,3 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
#########
# GRAFANA
GRAFANA_DOMAIN=grafana.cool.life
#GRAFANA_VOLUME_NAME=
#GRAFANA_CONTAINER_NAME=
#GRAFANA_IMAGE=
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=password
#GF_SECURITY_DISABLE_GRAVATAR=
#GF_SECURITY_COOKIE_SECURE=
#GF_USERS_ALLOW_SIGN_UP=
GF_INSTALL_PLUGINS=grafana-piechart-panel
######
# SMTP
#GF_SMTP_HOST=
#GF_SMTP_USER=
#GF_SMTP_PASSWORD=
#GF_SMTP_FROM_ADDRESS=
#GF_SMTP_FROM_NAME=
#######
# REDIS
#REDIS_IMAGE=
#REDIS_CONTAINER_NAME=
#REDIS_VOLUME_NAME=
#GF_REMOTE_CACHE_CONNSTR=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=
GF_SECURITY_ADMIN_PASSWORD=admin

19
grafana/README.md
View File

@ -1,19 +0,0 @@
# Grafana
> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
>
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
## 🔧 Configuration
La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
## 🔗 Liens
- [Site officiel](https://grafana.com)
- [La documentation](https://grafana.com/docs)
- [Github](https://github.com/grafana/grafana)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)

11
grafana/docker-compose.postgres.yml
View File

@ -1,11 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#database
GF_DATABASE_TYPE: postgres
GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
GF_DATABASE_NAME: ${POSTGRES_DB:?err}
GF_DATABASE_USER: ${POSTGRES_USER:?err}
GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}

8
grafana/docker-compose.redis.yml
View File

@ -1,8 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
GF_REMOTE_CACHE_TYPE: redis
GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}

12
grafana/docker-compose.smtp.yml
View File

@ -1,12 +0,0 @@
version: "3.8"
services:
grafana:
environment:
# https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
GF_SMTP_ENABLED: true
GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
GF_SMTP_USER: ${GF_SMTP_USER:?err}
GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}

13
grafana/docker-compose.traefik.yml
View File

@ -1,13 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
grafana:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

20
grafana/docker-compose.yml
View File

@ -1,5 +1,9 @@
---
version: "3.8"
version: "3"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
volumes:
grafana:
@ -8,17 +12,17 @@ volumes:
services:
grafana:
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
restart: always
volumes:
- grafana:/var/lib/grafana
environment:
GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
traefik.http.routers.grafana.entrypoints: 'web'

19
hedgedoc/README.md
View File

@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :
## Configuration
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées.
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).
@ -21,23 +21,6 @@ Lancer le service :
docker-compose up -d
```
## Debug
### Se connecter à la base de données
```shell
. .env
docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
```
### Traitement des notes vides
```
SELECT count(*) FROM public."Notes" WHERE content = '';
SELECT * FROM public."Notes" WHERE content = '';
DELETE FROM public."Notes" WHERE content = '';
```
## Liens
- [Site officiel][website]

11
hedgedoc/docker-compose.yml
View File

@ -7,27 +7,24 @@ volumes:
services:
hedgedoc:
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
restart: always
depends_on:
- postgres
volumes:
- hedgedoc:/config/uploads
- hedgedoc:/opt/hedgedoc/public/uploads
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.hedgedoc.org/configuration/
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
PGID: ${PGID:-1000}
PUID: ${PUID:-1000}

26
listmonk/.env
View File

@ -1,26 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
LISTMONK_DOMAIN=localhost
LISTMONK_ADMIN_USERNAME=
LISTMONK_ADMIN_PASSWORD=
#LISTMONK_CONTAINER_NAME=listmonk
#LISTMONK_VOLUME_NAME=listmonk
#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=listmonk
POSTGRES_PASSWORD=listmonk
POSTGRES_DB=listmonk

37
listmonk/README.md
View File

@ -1,37 +0,0 @@
# listmonk
> Gestionnaire de listes de diffusion et de newsletter
## Documentation
listmonk ne gère actuellement pas le multicompte.
Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
```
command: [sh, -c, "./listmonk --config ''"]
```
Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
```
Pour faire les mise à jour et ainsi migrer la base de donnée :
```
command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
```
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://listmonk.app/
[source]: https://github.com/knadh/listmonk
[documentation]: https://listmonk.app/docs/
[dockerhub]: https://hub.docker.com/r/listmonk/listmonk

40
listmonk/docker-compose.yml
View File

@ -1,40 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
volumes:
listmonk:
name: ${LISTMONK_VOLUME_NAME:-listmonk}
services:
listmonk:
container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
restart: always
#command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
#command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
command: [sh, -c, "./listmonk --config ''"]
depends_on:
- postgres
environment:
LISTMONK_app__address: 0.0.0.0:9000
LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
LISTMONK_db__port: 5432
LISTMONK_db__user: ${POSTGRES_USER:?err}
LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
LISTMONK_db__database: ${POSTGRES_DB:?err}
LISTMONK_db__ssl_mode: disable
TZ: Europe/Paris
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- listmonk:/listmonk/uploads
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

63
mobilizon/.env
View File

@ -1,63 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
#COMPOSE_PROJECT_NAME=
############
## MOBILIZON
MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
MOBILIZON_DOMAIN=mobilizon.lan
#MOBILIZON_INSTANCE_PORT=4000
MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
MOBILIZON_INSTANCE_SECRET_KEY=changethis
MOBILIZON_SMTP_SERVER=localhost
MOBILIZON_SMTP_HOSTNAME=localhost
MOBILIZON_SMTP_PORT=25
MOBILIZON_SMTP_SSL=false
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
MOBILIZON_SMTP_PASSWORD=password
#MOBILIZON_PUID=
#MOBILIZON_PGID=
#######
# GEOIP
#GEOIP_VOLUME_NAME=
#GEOIP_IMAGE=
#GEOIP_CONTAINER_NAME=
#GEOIP_EDITION_IDS=
GEOIP_LICENSE_KEY=
#GEOIP_DOWNLOAD_PATH=
#GEOIP_SCHEDULE=
#GEOIP_LOG_LEVEL=
##########
# POSTGRES
POSTGRES_USER=mobilizon_user
POSTGRES_PASSWORD=mobilizon_password
POSTGRES_DB=mobilizon_db
#POSTGRES_CONTAINER_NAME=mobilizon_postgres
#POSTGRES_VOLUME_NAME=mobilizon_postgres
POSTGRES_IMAGE=kartoza/postgis:14-3.1
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

23
mobilizon/README.md
View File

@ -1,23 +0,0 @@
# Mobilizon
> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
>
> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
## Configuration
Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
## Liens
- 🌐 [Site website](https://joinmobilizon.org)
- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
- 💻 Source officiel :
- [le logiciel](https://framagit.org/framasoft/mobilizon)
- [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
- 📜 [Documentation](https://docs.joinmobilizon.org)
- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)

8
mobilizon/docker-compose.local.yml
View File

@ -1,8 +0,0 @@
---
version: "3.8"
services:
mobilizon:
ports:
- "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"

15
mobilizon/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
mobilizon:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

47
mobilizon/docker-compose.yml
View File

@ -1,47 +0,0 @@
---
version: "3.8"
volumes:
mobilizon:
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
services:
mobilizon:
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
restart: always
depends_on:
- postgres
- geoip
volumes:
- mobilizon:/var/lib/mobilizon/uploads
# - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
- geoip:/var/lib/mobilizon/geo_db
environment:
MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
PUID: ${MOBILIZON_PUID:-1000}
PGID: ${MOBILIZON_PGID:-1000}

44
nextcloud/.env
View File

@ -1,51 +1,23 @@
########
# DOCKER
## DOCKER
#DOCKER_CONTEXT=
COMPOSE_FILE=./docker-compose.yml
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
#COMPOSE_PROJECT_NAME=
TRAEFIK_NETWORK_NAME=kifeart
## APP
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
NEXTCLOUD_CONTAINER_NAME=nextcloud
NEXTCLOUD_VOLUME_NAME=nextcloud
NEXTCLOUD_DOMAIN=nextcloud.cool.life
NEXTCLOUD_ADMIN_USER=user
NEXTCLOUD_ADMIN_PASSWORD=password
NEXTCLOUD_ADMIN_USER: user
NEXTCLOUD_ADMIN_PASSWORD: password
#SMTP_HOST=mail.test.org
#SMTP_SECURE=
#SMTP_PORT=
#SMTP_AUTHTYPE=
#SMTP_NAME=test@test.org
#SMTP_PASSWORD=blablablabla
#MAIL_FROM_ADDRESS=no-reply
#MAIL_DOMAIN=test.org
##########
# POSTGRES
# DATABASE
# Voir la description ../postgres/README.md
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example
POSTGRES_CONTAINER_NAME=nextcloud-postgres
POSTGRES_VOLUME_NAME=nextcloud-postgres
#POSTGRES_IMAGE=
#######
# REDIS
#REDIS_IMAGE=
REDIS_CONTAINER_NAME=nextcloud-redis
#REDIS_VOLUME_NAME=
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

79
nextcloud/README.md
View File

@ -10,82 +10,47 @@
>
> -- <cite>[Github][github]</cite>
On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/).
On peut trouver [la documentation ici][documentation].
## Aide
Commande pour se connecter à un serveur :
```sh
. .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
```
docker exec --user www-data -it nextcloud bash
Pour mettre un site en maintenance :
```sh
. .env
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys
```
## Configuration
Il est possible de configurer certaines parties avec des variables d'environnement :
- Soit les variables sont spécifique à l'image Docker
- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration.
### Création d'un groupe
Voici les modifications que j'effectue :
```
export NC_GROUP=com-en-aubrac
php occ group:add $NC_GROUP
docker-compose exec --user www-data nextcloud-fpm ash
vi config/config.php
```
Ajout de la configuration suivante :
```
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'default_phone_region' => 'FR',
'defaultapp' => 'files',
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'jpeg_quality' => 60,
```
### Création d'un utilisateur
Ajout de imagemagick :
```
# La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
export OC_PASS=unmotdepasse!
export NC_USER=simon
export NC_NAME=Simon
export NC_MAIL=simon@example.org
export NC_QUOTA="180 GB"
php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
php occ user:setting $NC_USER settings email $NC_MAIL
docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
```
### Quota
Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
ou
```
export NC_USER=simon
export NC_QUOTA="10 GB"
php occ user:setting $NC_USER files quota "$NC_QUOTA"
```
### imagemagick
> Le module php-imagick na aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de linstaller.
Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
```
. .env
docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
```
## Application
Suppression d'application :
```
php occ app:disable dashboard
php occ app:disable photos
php occ app:disable weather_status
php occ app:disable user_status
ssh <server>
docker exec nextcloud-fpm apk add --no-cache imagemagick
```
## PHP-FPM: remédier à server reached pm.max_children

21
nextcloud/docker-compose.config.yml
View File

@ -1,21 +0,0 @@
---
version: "3.8"
services:
nextcloud-fpm:
environment:
&nextcloud-configuration
NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
NC_force_language: ${NC_force_language:-fr}
NC_default_locale: ${NC_default_locale:-fr_FR}
NC_force_locale: ${NC_force_locale:-fr_FR}
NC_default_language: ${NC_default_language:-fr}
NC_default_phone_region: ${NC_default_phone_region:-FR}
NC_defaultapp: ${NC_defaultapp:-files}
NC_preview_max_x: ${NC_preview_max_x:-2048}
NC_preview_max_y: ${NC_preview_max_y:-2048}
NC_jpeg_quality: ${NC_jpeg_quality:-60}
nextcloud-cron:
environment:
<<: *nextcloud-configuration

6
nextcloud/docker-compose.local.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
nextcloud-web:
ports:
- ${LOCAL_PORT:-80}:80

18
nextcloud/docker-compose.smtp.yml
View File

@ -1,18 +0,0 @@
version: "3.8"
services:
nextcloud-fpm:
environment:
&smtp-configuration
NC_mail_smtphost: ${NC_mail_smtphost:?err} # The hostname of the SMTP server.
NC_mail_smtpsecure: ${NC_mail_smtpsecure:-ssl} # Set to ssl to use SSL, or tls to use STARTTLS.
NC_mail_smtpport: ${NC_mail_smtpport:-465}
NC_mail_smtpauthtype: ${NC_mail_smtpauthtype:-LOGIN}
NC_mail_smtpname: ${NC_mail_smtpname:?err}
NC_mail_smtppassword: ${NC_mail_smtppassword:?err}
NC_mail_from_address: ${NC_mail_from_address:?err}
NC_mail_domain: ${NC_mail_domain:?err}
nextcloud-cron:
environment:
<<: *smtp-configuration

18
nextcloud/docker-compose.traefik.yml
View File

@ -1,18 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
nextcloud-web:
environment:
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/

108
nextcloud/docker-compose.yml
View File

@ -1,60 +1,98 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
volumes:
nextcloud:
name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}
name: ${NEXTCLOUD_VOLUME_NAME}
nextcloud-postgres:
name: ${POSTGRES_VOLUME_NAME}
services:
nextcloud-fpm:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
restart: always
depends_on:
- postgres
- redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
&fpm-configuration
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
nextcloud-web:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
build: ${SERVICES_DIR}/nextcloud/web
container_name: nextcloud-web
build: ./web
restart: always
environment:
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
PUID: ${NEXTCLOUD_PUID:-1000}
PGID: ${NEXTCLOUD_PGID:-1000}
depends_on:
- nextcloud-fpm
volumes:
- nextcloud:/var/www/html
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
nextcloud-fpm:
container_name: nextcloud-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
restart: always
hostname: ${NEXTCLOUD_DOMAIN}
depends_on:
- nextcloud-postgres
- nextcloud-redis
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
OVERWRITEPROTOCOL: 'https'
APACHE_DISABLE_REWRITE_IP: '1'
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
OVERWRITEPROTOCOL: 'https'
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_USER: ${POSTGRES_USER}
REDIS_HOST: 'nextcloud-redis'
PUID: 1001
PGID: 119
nextcloud-postgres:
container_name: ${POSTGRES_CONTAINER_NAME}
image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
PUID: 1001
PGID: 119
volumes:
- nextcloud-postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
nextcloud-redis:
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
container_name: nextcloud-redis
restart: always
environment:
PUID: 1001
PGID: 119
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
nextcloud-cron:
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
container_name: nextcloud-cron
restart: always
depends_on:
- nextcloud-web
entrypoint: /cron.sh
environment:
<<: *fpm-configuration
PUID: 1001
PGID: 119
volumes:
- nextcloud:/var/www/html
- /etc/timezone:/etc/timezone:ro

49
nextcloud/run Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
set -eu
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
. $DIR/../help.sh
. $DIR/../postgres/run --only-source
nextcloud_help() {
echo "./run backup : Lancement de la sauvegarde de Nextcloud"
echo "./run restore : Restauration de la sauvegarde de Nextcloud"
}
nextcloud_backup() {
script_env
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
backup_folder_create
POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
postgres_backup
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
}
nextcloud_restore() {
script_env
postgres_restore
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
}
if [ $# -ge 1 ]; then
if [ "${1}" == "backup" ]; then
script_start
nextcloud_backup
script_end
elif [ "${1}" == "restore" ]; then
script_start
nextcloud_restore
script_end
elif [ "${1}" != "--only-source" ]; then
nextcloud_help
fi
else
nextcloud_help
fi

4
nextcloud/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:1.23.3-alpine
FROM nginx:1.21.1-alpine
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template
COPY nginx.conf /etc/nginx/nginx.conf

145
nextcloud/web/nextcloud.conf.template
View File

@ -1,145 +0,0 @@
upstream php-handler {
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

174
nextcloud/web/nginx.conf Normal file
View File

@ -0,0 +1,174 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud-fpm:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# location /nginx_status {
# stub_status;
# allow 192.168.1.0/24; #only allow requests from local network
# deny all; #deny all other hosts
# }
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

71
plausible/.env
View File

@ -1,71 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## APP
PLAUSIBLE_DOMAIN=localhost
BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
#PLAUSIBLE_CONTAINER_NAME=plausible
#PLAUSIBLE_VOLUME_NAME=plausible
#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
ADMIN_USER_NAME=example
ADMIN_USER_EMAIL=email@example.org
ADMIN_USER_PWD=change-me
SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
#DISABLE_AUTH=
#DISABLE_REGISTRATION=
## POSTGRES
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=plausible_dev
## CLICKHOUSE
#CLICKHOUSE_VOLUME_NAME=
#CLICKHOUSE_CONTAINER_NAME=
#CLICKHOUSE_IMAGE=
## SMTP
#MAILER_EMAIL=
#SMTP_HOST_ADDR=
#SMTP_HOST_PORT=
#SMTP_USER_NAME=
#SMTP_USER_PWD=
#SMTP_HOST_SSL_ENABLED=
#SMTP_RETRIES=
## GOOGLE SEARCH CONSOLE
#GOOGLE_CLIENT_ID=
#GOOGLE_CLIENT_SECRET=
## GEOIPUPDATE
#GEOIPUPDATE_VOLUME_NAME=
#GEOIPUPDATE_IMAGE=
#GEOIPUPDATE_CONTAINER_NAME=
#GEOIPUPDATE_ACCOUNT_ID=
#GEOIPUPDATE_LICENSE_KEY=
#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
#GEOIPUPDATE_FREQUENCY=
#GEOIPUPDATE_VERBOSE=
#GEOIPUPDATE_DB_DIR=
## TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

15
plausible/README.md
View File

@ -1,15 +0,0 @@
# Plausible
> Plausible est une plateforme d'analyse Web légère et open source.
## Liens
- [Site Officiel][site]
- [Documentation][documentation]
- [Code source][source]
- [Docker Hub][dockerhub]
[site]: https://plausible.io/
[source]: https://github.com/plausible/analytics
[documentation]: https://plausible.io/docs
[dockerhub]: https://hub.docker.com/r/plausible/analytics

14
plausible/clickhouse-config.xml
View File

@ -1,14 +0,0 @@
<yandex>
<logger>
<level>warning</level>
<console>true</console>
</logger>
<!-- Stop all the unnecessary logging -->
<query_thread_log remove="remove"/>
<query_log remove="remove"/>
<text_log remove="remove"/>
<trace_log remove="remove"/>
<metric_log remove="remove"/>
<asynchronous_metric_log remove="remove"/>
</yandex>

8
plausible/clickhouse-user-config.xml
View File

@ -1,8 +0,0 @@
<yandex>
<profiles>
<default>
<log_queries>0</log_queries>
<log_query_threads>0</log_query_threads>
</default>
</profiles>
</yandex>

7
plausible/docker-compose.clickhouse.yml
View File

@ -1,7 +0,0 @@
version: "3.8"
services:
clickhouse:
volumes:
- ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
- ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro

10
plausible/docker-compose.geoip.yml
View File

@ -1,10 +0,0 @@
version: "3.8"
services:
plausible:
depends_on:
- geoipupdate
environment:
- GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
volumes:
- geoipupdate:/geoip:ro

7
plausible/docker-compose.google.yml
View File

@ -1,7 +0,0 @@
version: "3.8"
services:
plausible:
environment:
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}

6
plausible/docker-compose.local.yml
View File

@ -1,6 +0,0 @@
version: "3.8"
services:
plausible:
ports:
- ${LOCAL_PORT:-8000}:8000

12
plausible/docker-compose.smtp.yml
View File

@ -1,12 +0,0 @@
version: "3.8"
services:
plausible:
environment:
MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
SMTP_USER_NAME: ${SMTP_USER_NAME}
SMTP_USER_PWD: ${SMTP_USER_PWD}
SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
SMTP_RETRIES: ${SMTP_RETRIES:-2}

13
plausible/docker-compose.traefik.yml
View File

@ -1,13 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
plausible:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

31
plausible/docker-compose.yml
View File

@ -1,31 +0,0 @@
version: "3.8"
volumes:
plausible:
name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
services:
plausible:
container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
restart: always
command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
depends_on:
- clickhouse
- postgres
environment:
ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
BASE_URL: ${BASE_URL}
SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
DISABLE_AUTH: ${DISABLE_AUTH:-false}
DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
SITE_LIMIT: ${SITE_LIMIT:-3}
SELFHOST: ${SELFHOST:-true}
LOG_LEVEL: ${LOG_LEVEL:-warn}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

4
postgres/.env
View File

@ -1,7 +1,3 @@
#POSTGRES_VOLUME_NAME=
#POSTGRES_CONTAINER_NAME=
#POSTGRES_IMAGE=
POSTGRES_USER=user-example
POSTGRES_PASSWORD=password-example
POSTGRES_DB=postgres-database-name-example

4
postgres/docker-compose.yml
View File

@ -7,14 +7,12 @@ volumes:
services:
postgres:
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER:?err}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
POSTGRES_DB: ${POSTGRES_DB:?err}
PUID: ${POSTGRES_PUID:-1000}
PGID: ${POSTGRES_PGID:-1000}
volumes:
- postgres:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro

21
prometheus/.env
View File

@ -1,21 +0,0 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=..
COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
#COMPOSE_PROJECT_NAME=
############
# PROMETHEUS
#PROMETHEUS_IMAGE=
PROMETHEUS_DOMAIN=prometheus.cool.life
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME=
#TRAEFIK_ENTRYPOINTS=

3
prometheus/Dockerfile
View File

@ -1,3 +0,0 @@
ARG PROMETHEUS_IMAGE
FROM $PROMETHEUS_IMAGE
ADD prometheus.yml /etc/prometheus/

16
prometheus/README.md
View File

@ -1,16 +0,0 @@
# Prometheus
> Prometheus est un logiciel libre de surveillance informatique et générateur d'alertes. Il enregistre des métriques en temps réel dans une base de données de séries temporelles (avec une capacité d'acquisition élevée) en se basant sur le contenu de point d'entrée exposé à l'aide du protocole HTTP.
>
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Prometheus_(logiciel))</cite>
## 🔧 Configuration
Pour configurer le service il faut ajouter un fichier prometheus.yml décrivant votre configuration. Vous retrouverz toutes les informations sur la page de [documentation officielle](https://prometheus.io/docs/prometheus/latest/configuration/configuration/).
## 🔗 Liens
- [Site officiel](https://prometheus.io/)
- [La documentation](https://prometheus.io/docs/)
- [Github](https://github.com/prometheus/prometheus)
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/prom/prometheus)

15
prometheus/docker-compose.traefik.yml
View File

@ -1,15 +0,0 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME:-traefik}
services:
prometheus:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.rule=Host(`${PROMETHEUS_DOMAIN:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-prometheus}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

18
prometheus/docker-compose.yml
View File

@ -1,18 +0,0 @@
---
version: '3.8'
volumes:
prometheus:
name: ${PROMETHEUS_VOLUME_NAME:-prometheus}
services:
prometheus:
container_name: ${PROMETHEUS_CONTAINER_NAME:-prometheus}
build:
context: .
args:
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.34.0}
volumes:
- prometheus:/prometheus
restart: always

16
prometheus/node-exporter/docker-compose.yml Normal file
View File

@ -0,0 +1,16 @@
---
version: '3.8'
services:
node_exporter:
image: ${NODE_EXPORTER_IMAGE:-quay.io/prometheus/node-exporter:v1.2.0}
container_name: node_exporter
command:
- '--path.rootfs=/host --collector.textfile.directory=/host/var/lib/node_exporter/textfile_collector'
network_mode: host
pid: host
restart: unless-stopped
expose:
- 9100
volumes:
- '/:/host:ro,rslave'

7
redis/docker-compose.yml
View File

@ -1,18 +1,13 @@
version: "3.8"
volumes:
redis:
name: ${REDIS_VOLUME_NAME:-redis}
services:
redis:
image: ${REDIS_IMAGE:-redis:6.2.6-alpine}
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
container_name: ${REDIS_CONTAINER_NAME:-redis}
restart: always
environment:
PUID: ${REDIS_PUID:-1000}
PGID: ${REDIS_PGID:-1000}
volumes:
- redis:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

2
registry/.env
View File

@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart
## REGISTRY
#REGISTRY_IMAGE=
REGISTRY_IMAGE=registry:2.7.1
REGISTRY_CUSTOM_IMAGE=custom/registry
REGISTRY_DOMAIN=registry.cool.life
REGISTRY_VOLUME_NAME=registry

6
registry/README.md
View File

@ -36,12 +36,6 @@ Pour se connecter :
docker login https://$REGISTRY_DOMAIN
```
## Nettoyer le registre
```sh
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged=true
```
## Aide
Pour connaître les images du registry :

2
registry/docker-compose.yml
View File

@ -7,7 +7,7 @@ volumes:
services:
registry:
container_name: ${REGISTRY_CONTAINER_NAME}
image: ${REGISTRY_IMAGE:-registry:2.8.1}
image: ${REGISTRY_IMAGE}
restart: always
environment:
REGISTRY_AUTH: htpasswd

17
traefik/docker-compose.ovh.yml
View File

@ -1,17 +0,0 @@
version: "3.8"
services:
traefik:
environment:
OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
OVH_ENDPOINT: ${OVH_ENDPOINT:-ovh-eu}
OVH_POLLING_INTERVAL: ${OVH_POLLING_INTERVAL:-30}
OVH_PROPAGATION_TIMEOUT: ${OVH_PROPAGATION_TIMEOUT:-3600}
command:
- --certificatesResolvers.ovh.acme.dnsChallenge=true
- --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
# - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
- --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}

14
traefik/docker-compose.redirect.yml
View File

@ -1,14 +0,0 @@
version: "3.8"
services:
traefik:
command:
# Redirection HTTP to HTTPS
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
# Redirection to remove www.
traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'

26
traefik/docker-compose.secure.yml
View File

@ -1,26 +0,0 @@
version: "3.8"
networks:
default:
driver: bridge
services:
traefik:
ports:
- target: 443
published: 443
protocol: tcp
mode: host
command:
- --providers.file.filename=/traefik/dynamic_conf.toml
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
- --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
labels:
traefik.http.routers.traefik.entrypoints: 'websecure'
traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
traefik.http.routers.traefik.priority: '2000'

34
traefik/docker-compose.yml
View File

@ -11,11 +11,11 @@ networks:
services:
traefik:
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
image: ${TRAEFIK_IMAGE:-traefik:v2.6.3}
image: ${TRAEFIK_IMAGE:-traefik:v2.5.2}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik:/traefik
- ${TRAEFIK_VOLUME_NAME:-traefik}:/traefik
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
@ -24,25 +24,25 @@ services:
protocol: tcp
mode: host
networks:
- traefik
- ${TRAEFIK_NETWORK_NAME:-traefik}
command:
- --api.insecure=${TRAEFIK_API_INSECURE:-true}
- --log.level=${TRAEFIK_LOG_LEVEL:-INFO}
- --global.sendanonymoususage=${TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:-false}
- --global.checknewversion=${TRAEFIK_GLOBAL_CHECKNEWVERSION:-false}
- --metrics.prometheus=${TRAEFIK_METRICS_PROMETHEUS:-true}
- --accesslog=${TRAEFIK_ACCESSLOG:-false}
- --api.insecure=true
- --log.level=INFO
- --global.sendanonymoususage=false
- --global.checknewversion=false
- --pilot.dashboard=false
- --metrics.prometheus=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- --entryPoints.traefik.address=:8080
- --entrypoints.${TRAEFIK_ENTRYPOINTS:-web}.address=:80
- --entryPoints.${TRAEFIK_ENTRYPOINTS:-web}.forwardedHeaders.insecure
- --entrypoints.web.address=:80
- --entryPoints.web.forwardedHeaders.insecure
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:?err}`)
- traefik.http.routers.traefik.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
- traefik.http.services.traefik.loadbalancer.server.port=8080
traefik.enable: 'true'
traefik.http.routers.traefik.rule: 'Host(`${TRAEFIK_DOMAIN:?err}`)'
traefik.http.routers.traefik.entrypoints: 'web'
traefik.http.services.traefik.loadbalancer.server.port: '8080'

Some files were not shown because too many files have changed in this diff Show More