diff options
| author | RATDAD <lambda@disroot.org> | 2026-03-06 02:05:52 -0500 |
|---|---|---|
| committer | RATDAD <lambda@disroot.org> | 2026-03-06 02:05:52 -0500 |
| commit | 2578d12ea47d10130472a845244e4aaac48897cb (patch) | |
| tree | 3dc5ba45a79006d549cb9e551724a6a5d19f71b4 | |
| parent | 88ba319238bb4af0106bc1a83fbbb1963af88fe1 (diff) | |
| download | rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.tar.gz rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.tar.bz2 rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.zip | |
checkpoint: development state
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | stacks/dav/compose.yml | 39 | ||||
| -rw-r--r-- | stacks/db/.gitignore | 2 | ||||
| -rw-r--r-- | stacks/db/compose.yml | 28 | ||||
| -rw-r--r-- | stacks/db/env.example | 16 | ||||
| -rw-r--r-- | stacks/db/env.template | 17 | ||||
| -rw-r--r-- | stacks/db/run.env.template (renamed from stacks/db/run.env.example) | 2 | ||||
| -rw-r--r-- | stacks/edge/.edge.env.template | 18 | ||||
| -rw-r--r-- | stacks/edge/.env.template | 14 | ||||
| -rw-r--r-- | stacks/edge/.gitignore | 2 | ||||
| -rw-r--r-- | stacks/edge/Caddyfile.template | 52 | ||||
| -rw-r--r-- | stacks/edge/compose.yml | 19 | ||||
| -rw-r--r-- | stacks/edge/env.template (renamed from stacks/tss/.env.template) | 11 | ||||
| -rw-r--r-- | stacks/edge/run.env.template | 34 | ||||
| -rw-r--r-- | stacks/iam/.gitignore | 7 | ||||
| -rw-r--r-- | stacks/iam/TODO | 1 | ||||
| -rw-r--r-- | stacks/iam/compose.yml | 63 | ||||
| -rw-r--r-- | stacks/iam/env.example | 17 | ||||
| -rw-r--r-- | stacks/iam/env.template | 17 | ||||
| -rw-r--r-- | stacks/iam/iam.env.template (renamed from stacks/iam/auth.env.example) | 0 | ||||
| -rwxr-xr-x | stacks/iam/util/gen-secrets.sh | 4 | ||||
| -rw-r--r-- | stacks/irm/compose.yml | 31 | ||||
| -rw-r--r-- | stacks/irm/env.template (renamed from stacks/irm/env.example) | 15 | ||||
| -rw-r--r-- | stacks/irm/run.env.template (renamed from stacks/irm/run.env.example) | 0 | ||||
| -rw-r--r-- | stacks/news/.gitignore | 2 | ||||
| -rw-r--r-- | stacks/news/compose.yml | 42 | ||||
| -rw-r--r-- | stacks/news/env.template (renamed from stacks/news/env.example) | 17 | ||||
| -rw-r--r-- | stacks/news/run.env.example | 34 | ||||
| -rw-r--r-- | stacks/news/run.env.template | 32 | ||||
| -rw-r--r-- | stacks/pim/.gitignore (renamed from stacks/dav/.gitignore) | 0 | ||||
| -rw-r--r-- | stacks/pim/compose.yml | 26 | ||||
| -rw-r--r-- | stacks/pim/env.template (renamed from stacks/dav/.env.template) | 0 | ||||
| -rw-r--r-- | stacks/pim/run.env.template (renamed from stacks/dav/.run.env.template) | 0 | ||||
| -rw-r--r-- | stacks/pkm/compose.yml | 12 | ||||
| -rw-r--r-- | stacks/pkm/env.template (renamed from stacks/pkm/.env.template) | 8 | ||||
| -rw-r--r-- | stacks/pkm/pkm.env.template (renamed from stacks/pkm/.pkm.env.template) | 1 | ||||
| -rw-r--r-- | stacks/scm/.env.template (renamed from stacks/cgit/.env.template) | 0 | ||||
| -rw-r--r-- | stacks/scm/.gitignore (renamed from stacks/cgit/.gitignore) | 0 | ||||
| -rw-r--r-- | stacks/scm/.run.template (renamed from stacks/cgit/.run.template) | 0 | ||||
| -rw-r--r-- | stacks/scm/compose.yml (renamed from stacks/cgit/compose.yml) | 0 | ||||
| -rw-r--r-- | stacks/tss/.run.env.template | 5 | ||||
| -rw-r--r-- | stacks/tss/compose.yml | 20 | ||||
| -rw-r--r-- | stacks/tss/env.template | 12 | ||||
| -rw-r--r-- | stacks/tss/run.env.template | 11 |
44 files changed, 318 insertions, 315 deletions
@@ -1,2 +1,2 @@ .editorconfig -srv/ +.vscode diff --git a/stacks/dav/compose.yml b/stacks/dav/compose.yml deleted file mode 100644 index 42d254f..0000000 --- a/stacks/dav/compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: ${_STACK_0} - -networks: - edge-net: - name: ${_NET_0} - external: true - db-net: - name: ${_NET_1} - -volumes: - dav-db: - name: ${_VOLUME_0} - external: true - -services: - dav: - container_name: ${_CONTAINER_0} - image: ghcr.io/tchapi/davis-standalone:latest - env_file: - - .run.env - - .env - networks: - - net - - intra - expose: - - 9000 - depends_on: - - db - dav-db: - container_name: ${_CONTAINER_1} # Required for now. - image: postgres:16 - networks: - - edge-net - - db-net - env_file: - - .run.env - - .env - volumes: - - dav-db:/var/lib/postgresql/data diff --git a/stacks/db/.gitignore b/stacks/db/.gitignore index 31c0c95..13fed15 100644 --- a/stacks/db/.gitignore +++ b/stacks/db/.gitignore @@ -1,3 +1,3 @@ *.env -password +data/ compose.test.yml diff --git a/stacks/db/compose.yml b/stacks/db/compose.yml index b7227d1..9a44712 100644 --- a/stacks/db/compose.yml +++ b/stacks/db/compose.yml @@ -1,28 +1,35 @@ -name: ${_STACK_0} +name: ${STACK} networks: - db-net: - name: ${_NET_0} - external: true edge-net: - name: ${_NET_1} + name: ${EDGE_NET} + external: true + db-net: + name: ${DB_NET} external: true volumes: db-data: - name: ${_VOLUME_0} + name: ${DB_VOLUME} external: true +secrets: + DB_PASSWORD: + file: '/srv/secrets/DB_PASSWORD' + services: - db-test: - container_name: ${_CONTAINER_0} + db: + container_name: ${DB_CONTAINER} image: postgres:16 restart: unless-stopped + environment: + POSTGRES_USER: 'admin' env_file: - .run.env # Runtime ENV - .env # Compose ENV + user: '${UID}:${GID}' volumes: - - db-data:/var/lib/postgresql/data + - ./data/:/var/lib/postgresql/data networks: - db-net expose: @@ -32,9 +39,10 @@ services: interval: 5s retries: 5 db-admin: - container_name: ${_CONTAINER_1} + container_name: ${DBA_CONTAINER} image: adminer:latest env_file: + - .run.env - .env depends_on: - db-test diff --git a/stacks/db/env.example b/stacks/db/env.example deleted file mode 100644 index 05092c2..0000000 --- a/stacks/db/env.example +++ /dev/null @@ -1,16 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Network -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/db/env.template b/stacks/db/env.template new file mode 100644 index 0000000..cad7ccb --- /dev/null +++ b/stacks/db/env.template @@ -0,0 +1,17 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Containers +DB_CONTAINER= +DBA_CONTAINER= + +# Networks +EDGE_NET= +DB_NET= + +# Volumes +DB_CONTAINER= diff --git a/stacks/db/run.env.example b/stacks/db/run.env.template index b7371f5..b5f8727 100644 --- a/stacks/db/run.env.example +++ b/stacks/db/run.env.template @@ -8,4 +8,4 @@ POSTGRES_PASSWORD= # Adminer ADMINER_DEFAULT_SERVER= -ADMINER_DESIGN=mancave +ADMINER_DESIGN=galkaev diff --git a/stacks/edge/.edge.env.template b/stacks/edge/.edge.env.template deleted file mode 100644 index 737f239..0000000 --- a/stacks/edge/.edge.env.template +++ /dev/null @@ -1,18 +0,0 @@ -DOMAIN= -DOCUMENT_ROOT= - -SERVICE0= -SERVICE0_SUB= -SERVICE0_PORT= - -SERVICE1= -SERVICE1_SUB= -SERVICE1_PORT= - -SERVICE2= -SERVICE2_SUB= -SERVICE2_PORT= - -SERVICE3= -SERVICE3_SUB= -SERVICE3_PORT= diff --git a/stacks/edge/.env.template b/stacks/edge/.env.template deleted file mode 100644 index 0dc0292..0000000 --- a/stacks/edge/.env.template +++ /dev/null @@ -1,14 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -_STACK= -_CONTAINER= - -# Network -_NET= - -# Volumes -_CADDYFILE= -_WEBROOT= diff --git a/stacks/edge/.gitignore b/stacks/edge/.gitignore index 4d2bac6..14be0dc 100644 --- a/stacks/edge/.gitignore +++ b/stacks/edge/.gitignore @@ -1,5 +1,5 @@ # Ignore .env files *.env -.srv/ +srv/ Caddyfile compose.test.yml diff --git a/stacks/edge/Caddyfile.template b/stacks/edge/Caddyfile.template index 85ca962..03dadf8 100644 --- a/stacks/edge/Caddyfile.template +++ b/stacks/edge/Caddyfile.template @@ -1,29 +1,53 @@ -# { -# debug -# auto_https off -# } - -# NOTE: EDIT THIS FILE EXPLICITLY. DO NOT AUTOMATE. +# +# +# Reverse Proxy Configuration {$DOMAIN}:80 { + redir https://{$DOMAIN}{uri} 302 +} + +{$DOMAIN} { + root * {$DOCUMENT_ROOT} encode try_files {path} index.html file_server } -{$SERVICE0_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE0}:{$SERVICE0_PORT} +{$PKM_SUB}.{$DOMAIN} { + reverse_proxy {$PKM_HOST}:{$PKM_PORT} +} + +{$SCM_SUB}.{$DOMAIN} { + reverse_proxy {$SCM_HOST}:{$SCM_PORT} +} + +{$PIM_SUB}.{$DOMAIN} { + + reverse_proxy {$PIM_HOST}:{$PIM_PORT} +} + +{$TSS_SUB}.{$DOMAIN} { + + reverse_proxy {$TSS_HOST}:{$TSS_PORT} } -{$SERVICE1_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE1}:{$SERVICE1_PORT} +{$IAM_SUB}.{$DOMAIN} { + + reverse_proxy {$IAM_HOST}:{$IAM_PORT} } -{$SERVICE2_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE2}:{$SERVICE2_PORT} +{$IRM_SUB}.{$DOMAIN} { + + reverse_proxy {$IRM_HOST}:{$IRM_PORT} } -{$SERVICE3_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE3}:{$SERVICE3_PORT} +{$NEWS_SUB}.{$DOMAIN} { + + reverse_proxy {$NEWS_HOST}:{$NEWS_PORT} +} + +{$DBA_SUB}.{$DOMAIN} { + + reverse_proxy {$DBA_HOST}:{$DBA_PORT} } diff --git a/stacks/edge/compose.yml b/stacks/edge/compose.yml index 7e88c95..d8c86fa 100644 --- a/stacks/edge/compose.yml +++ b/stacks/edge/compose.yml @@ -1,27 +1,26 @@ -name: ${_STACK_0} +name: ${STACK} networks: - edge-net: - name: ${_NET_0} + net: + name: ${EDGE_NET} external: true services: - edge: - container_name: ${_CONTAINER_0} + edge-test: + container_name: ${EDGE_CONTAINER} image: caddy:latest restart: unless-stopped env_file: - .run.env - .env networks: - - edge-net + - net cap_add: - - NET_ADMIN # Allow Caddy to redefine memory limits based on host spec. + - NET_ADMIN ports: - 80:80 - 443:443 - 443:443/udp volumes: - - ${_CADDYFILE:-./Caddyfile}:/etc/caddy/Caddyfile - - ${_WEBROOT:-.srv/}:/srv - - /var/log/http/:/var/log/http # Fail2Ban needs this. + - ${CADDYFILE}:/etc/caddy/Caddyfile + - ${WEBROOT}/:/srv diff --git a/stacks/tss/.env.template b/stacks/edge/env.template index b607b6b..b43dec1 100644 --- a/stacks/tss/.env.template +++ b/stacks/edge/env.template @@ -2,14 +2,15 @@ # # Stack Compose Variables -# Namespaces -_STACK_0= +# Namespace +STACK= # Containers -_CONTAINER_0= +EDGE_CONTAINER= # Networks -_NET_0= +EDGE_NET= # Volumes -_VOLUME_0= +CADDYFILE= +WEBROOT= diff --git a/stacks/edge/run.env.template b/stacks/edge/run.env.template new file mode 100644 index 0000000..aa456bf --- /dev/null +++ b/stacks/edge/run.env.template @@ -0,0 +1,34 @@ +DOMAIN= +DOCUMENT_ROOT= + +PKM_HOST= +PKM_SUB= +PKM_PORT= + +SCM_HOST= +SCM_SUB= +SCM_PORT= + +PIM_HOST= +PIM_SUB= +PIM_PORT= + +TSS_HOST= +TSS_SUB= +TSS_PORT= + +IAM_HOST= +IAM_SUB= +IAM_PORT= + +IRM_HOST= +IRM_SUB= +IRM_PORT= + +NEWS_HOST= +NEWS_SUB= +NEWS_PORT= + +DBA_HOST= +DBA_SUB= +DBA_PORT= diff --git a/stacks/iam/.gitignore b/stacks/iam/.gitignore index 4dfeb35..6b67a59 100644 --- a/stacks/iam/.gitignore +++ b/stacks/iam/.gitignore @@ -1,7 +1,4 @@ *.env -config/ -config/* -secrets/ -secrets/* +config +secrets compose.test.yml -compose.cache.test.yml diff --git a/stacks/iam/TODO b/stacks/iam/TODO deleted file mode 100644 index dba0e14..0000000 --- a/stacks/iam/TODO +++ /dev/null @@ -1 +0,0 @@ -1. Make a script to initialize Authelia with an admin user and streamline prod setup. diff --git a/stacks/iam/compose.yml b/stacks/iam/compose.yml index af25bb9..3e516ca 100644 --- a/stacks/iam/compose.yml +++ b/stacks/iam/compose.yml @@ -1,54 +1,67 @@ -name: ${_STACK_0} +name: ${STACK} networks: - net_0: - name: ${_NET_0} + edge-net: + name: ${EDGE_NET} external: true - net_1: - name: ${_NET_1} + db-net: + name: ${DB_NET} + external: true + cache-net: volumes: - volume_0: - name: ${_VOLUME_0} + config: + name: ${IAM_CONFIG_VOLUME} external: true secrets: JWT_SECRET: - file: '/srv/secrets/auth/JWT_SECRET' + file: './srv/secrets/auth/JWT_SECRET' SESSION_SECRET: - file: '/srv/secrets/auth/SESSION_SECRET' + file: './srv/secrets/auth/SESSION_SECRET' STORAGE_ENCRYPTION: - file: '/srv/secrets/auth/STORAGE_ENCRYPTION' + file: './srv/secrets/auth/STORAGE_ENCRYPTION' OIDC_HMAC_SECRET: - file: '/srv/secrets/auth/OIDC_HMAC_SECRET' + file: './srv/secrets/auth/OIDC_HMAC_SECRET' + POSTGRES_PASSWORD: + file: './srv/secrets/auth/POSTGRES_PASSWORD' services: - auth: - container_name: ${_CONTAINER_0} + auth-test: + container_name: ${IAM_CONTAINER} image: authelia/authelia:latest restart: unless-stopped - secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET'] + secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD'] + environment: + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET' + AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET' + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET' + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD' + X_AUTHELIA_CONFIG_FILTERS: 'template' env_file: - - .auth.env # Runtime Vars + - .run.env # Runtime Vars - .env # Stack Vars + user: "${UID}:${GID}" volumes: - - volume_0:/config/db - - /srv/secrets/auth/configuration.yml:/config/configuration.yml - - /srv/secrets/auth/users.yml:/config/users.yml - - /srv/secrets/auth/jwks/oidc-jwk.pem:/config/jwks/oidc-jwk.pem - - /srv/secrets/auth/jwks/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem + - config:/config + - ${CONFIG_FILE}:/config/configuration.yml + - ${USERS_FILE}:/config/users.yml + - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem + - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem networks: - - net_0 - - net_1 + - edge-net + - db-net + - cache-net expose: - 9091 - auth-cache: - container_name: ${_CONTAINER_1} + auth-cache-test: + container_name: ${IAM_CACHE_CONTAINER} image: redis:latest restart: unless-stopped env_file: - .env networks: - - net_1 + - cache-net expose: - 6379 diff --git a/stacks/iam/env.example b/stacks/iam/env.example deleted file mode 100644 index 913a774..0000000 --- a/stacks/iam/env.example +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -_STACK_0= - -# Containers -_CONTAINER_0= -_CONTAINER_1= - -# Network -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/iam/env.template b/stacks/iam/env.template new file mode 100644 index 0000000..b6a023e --- /dev/null +++ b/stacks/iam/env.template @@ -0,0 +1,17 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Containers +IAM_CONTAINER= +IAM_CACHE_CONTAINER= + +# Network +EDGE_NET= +DB_NET= + +# Volumes +IAM_CONFIG_VOLUME= diff --git a/stacks/iam/auth.env.example b/stacks/iam/iam.env.template index b5275ab..b5275ab 100644 --- a/stacks/iam/auth.env.example +++ b/stacks/iam/iam.env.template diff --git a/stacks/iam/util/gen-secrets.sh b/stacks/iam/util/gen-secrets.sh index 832f5d8..8ebec55 100755 --- a/stacks/iam/util/gen-secrets.sh +++ b/stacks/iam/util/gen-secrets.sh @@ -1,6 +1,6 @@ #!/bin/bash -USERS=(RATDAD) +USERS=(ADMIN) SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET) SECRET_DIR=$PWD/secrets @@ -13,7 +13,7 @@ for filename in "${SECRETS[@]}"; do fi done -# Generate admin passwords +# Generate admin password for filename in "${USERS[@]}"; do if [ ! -f "$SECRET_DIR"/"$filename" ]; then openssl rand -hex 12 > "$SECRET_DIR"/"$filename" diff --git a/stacks/irm/compose.yml b/stacks/irm/compose.yml index 0e97160..4ba9977 100644 --- a/stacks/irm/compose.yml +++ b/stacks/irm/compose.yml @@ -1,21 +1,17 @@ -name: ${_STACK_0} # Explicitly name stacks (do not rely on directory name). +name: ${STACK} # Explicitly name stacks (do not rely on directory name). networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true # All networks SHOULD be external in production. db-net: - name: ${_NET_1} - -volumes: - irm-db: - name: ${_VOLUME_0} - external: true # All volumes SHOULD be external in production. + name: ${DB_NET} + external: true services: irm: - container_name: ${_CONTAINER_0} # Name the containers explicitly. - image: ghcr.io/linkwarden/linkwarden:latest + container_name: ${IRM_CONTAINER} # Name the containers explicitly. + image: ${IRM_IMAGE} restart: unless-stopped env_file: # NOTE: .compose.env WILL override .env if there are overlapping values. @@ -29,18 +25,3 @@ services: # Github Issue: https://github.com/linkwarden/linkwarden/issues/1153 extra_hosts: - "${OIDC_PROVIDER_URL}:${PROXY_IP}" - depends_on: - - irm-db - irm-db: - container_name: ${_CONTAINER_1} # Name the containers explicitly. - image: postgres:16 - restart: unless-stopped - env_file: - - .run.env - - .env - volumes: - - irm-db:/var/lib/postgresql/data - networks: - - db-net - expose: - - 5432 diff --git a/stacks/irm/env.example b/stacks/irm/env.template index b39f698..2c032b8 100644 --- a/stacks/irm/env.example +++ b/stacks/irm/env.template @@ -3,15 +3,18 @@ # Stack Compose Variables # Namespaces -_STACK_0= +STACK= # Networks -_NET_0= -_NET_1= +EDGE_NET= +DB_NET= -# Volumes -_VOLUME_0= +# Containers +IRM_CONTAINER= -# OIDC Provider +# Images +IRM_IMAGE= + +# OIDC OIDC_PROVIDER_URL= PROXY_IP= diff --git a/stacks/irm/run.env.example b/stacks/irm/run.env.template index 0b05f6b..0b05f6b 100644 --- a/stacks/irm/run.env.example +++ b/stacks/irm/run.env.template diff --git a/stacks/news/.gitignore b/stacks/news/.gitignore index c581994..01b11ab 100644 --- a/stacks/news/.gitignore +++ b/stacks/news/.gitignore @@ -5,4 +5,4 @@ extensions/ certs/ compose.test.yml config.custom.php - +config-user.custom.php diff --git a/stacks/news/compose.yml b/stacks/news/compose.yml index e9963f5..65a7847 100644 --- a/stacks/news/compose.yml +++ b/stacks/news/compose.yml @@ -1,39 +1,30 @@ ## Template compose used for each stack. -name: ${_STACK_0} # Explicit project name (do not rely on directory name) +name: ${STACK} # Explicit project name (do not rely on directory name) networks: edge-net: - name: ${_NET_0} - external: true # All networks SHOULD be external in production. + name: ${EDGE_NET} + external: true # All networks MUST be external in production. db-net: - name: ${_NET_1} - -volumes: - rss-data: - name: ${VOLUME_0} + name: ${DB_NET} external: true - rss-db: - name: ${_VOLUME_1} - external: true # All volumes SHOULD be external in production. services: - rss: - container_name: ${_CONTAINER_0} # Name the containers explicitly. + news-test: + container_name: ${NEWS_CONTAINER} # Explicitly name containers. image: freshrss/freshrss:latest restart: unless-stopped env_file: # NOTE: .compose.env WILL override .env if there are overlapping values. - - .run.env # Runtime ENV - - .env # Compose ENV - volumes: - - rss-data:/var/www/FreshRSS/data - extra_hosts: - - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" + - .run.env # Compose wiring defaults go here + - .env # Service env vars networks: - edge-net - db-net expose: - 80 + extra_hosts: + - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" # This is required so the container can return the right uri after auth. healthcheck: test: ["CMD", "cli/health.php"] timeout: 10s @@ -41,16 +32,3 @@ services: start_interval: 11s interval: 75s retries: 3 - rss-db: - container_name: ${_CONTAINER_1} # Name the containers explicitly. - image: postgres:18 - restart: unless-stopped - env_file: - - run.env # Runtime ENV - - .env # Compose ENV - volumes: - - rss-db:/var/lib/postgresql - networks: - - db-net - expose: - - 5432 diff --git a/stacks/news/env.example b/stacks/news/env.template index 7781c65..79e216b 100644 --- a/stacks/news/env.example +++ b/stacks/news/env.template @@ -3,23 +3,18 @@ # Stack Compose Variables # Namespaces -_STACK_0= +STACK= # Containers -_CONTAINER_0= -_CONTAINER_1= +NEWS_CONTAINER= # Network -_NET_0= -_NET_1= +EDGE_NET= +DB_NET= # Volumes -_VOLUME_0= -_VOLUME_1= - -# UID/GID -UID= -GID= +# TODO: Manage Volumes that may be necessary for FreshRSS. +# OIDC OIDC_PROVIDER_DOMAIN= PROXY_IP= diff --git a/stacks/news/run.env.example b/stacks/news/run.env.example deleted file mode 100644 index 6ccba27..0000000 --- a/stacks/news/run.env.example +++ /dev/null @@ -1,34 +0,0 @@ -# -# -# Stack Runtime Variables -ADMIN_EMAIL= - -# General Settings -# Formatted -BASE_URL=https://sub.main.tld/subdir(?) -SERVER_DNS= -TZ= -CRON_MIN=2,32 -FRESHRSS_ENV=production -LISTEN=0.0.0.0:80 -# Put the reverse proxy's docker ip range here--v -TRUSTED_PROXY= - -# Database -POSTGRES_USER= -POSTGRES_PASSWORD= -# Put the name of the docker container for the database here--v -DB_HOST= - -# OIDC Provider -OIDC_ENABLED=0 -OIDC_PROVIDER_METADATA_URL= -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_CLIENT_CRYPTO_KEY= -OIDC_REMOTE_USER_CLAIM=preferred_username -OIDC_SCOPES=openid groups email profile -OIDC_X_FORWARDED_HEADERS=X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto -# OIDC_SESSION_INACTIVITY_TIMEOUT= -# OIDC_SESSION_MAX_DURATION= -# OIDC_SESSION_TYPE= diff --git a/stacks/news/run.env.template b/stacks/news/run.env.template new file mode 100644 index 0000000..44bfcde --- /dev/null +++ b/stacks/news/run.env.template @@ -0,0 +1,32 @@ +# +# +# Stack Runtime Variables + +# DB +POSTGRES_USER= +POSTGRES_PASSWORD= +DB_BASE= +DB_HOST= + +# GENERAL +TZ= +CRON_MIN=2,32 +FRESHRSS_ENV=production +LISTEN=0.0.0.0:80 +TRUSTED_PROXY= +ADMIN_EMAIL= +BASE_URL= +SERVER_DNS= + +# OIDC +OIDC_ENABLED=1 +OIDC_PROVIDER_METADATA_URL= +OIDC_CLIENT_ID= +OIDC_CLIENT_SECRET= +OIDC_CLIENT_CRYPTO_KEY= +OIDC_REMOTE_USER_CLAIM= +OIDC_SCOPES= +OIDC_X_FORWARDED_HEADERS= +# OIDC_SESSION_INACTIVITY_TIMEOUT= +# OIDC_SESSION_MAX_DURATION= +# OIDC_SESSION_TYPE= diff --git a/stacks/dav/.gitignore b/stacks/pim/.gitignore index e6c78b8..e6c78b8 100644 --- a/stacks/dav/.gitignore +++ b/stacks/pim/.gitignore diff --git a/stacks/pim/compose.yml b/stacks/pim/compose.yml new file mode 100644 index 0000000..8359e9c --- /dev/null +++ b/stacks/pim/compose.yml @@ -0,0 +1,26 @@ +name: ${STACK} + +networks: + edge-net: + name: ${EDGE_NET} + external: true + db-net: + name: ${DB_NET} + external: true + +services: + pim: + container_name: ${PIM_CONTAINER} + image: ghcr.io/tchapi/davis-standalone:latest + environment: + ADMIN_AUTH_BYPASS: false + AUTH_METHOD: Basic + AUTH_REALM: SabreDAV + env_file: + - .run.env + - .env + networks: + - edge-net + - db-net + expose: + - 9000 diff --git a/stacks/dav/.env.template b/stacks/pim/env.template index d84f2b0..d84f2b0 100644 --- a/stacks/dav/.env.template +++ b/stacks/pim/env.template diff --git a/stacks/dav/.run.env.template b/stacks/pim/run.env.template index 6ef4bc3..6ef4bc3 100644 --- a/stacks/dav/.run.env.template +++ b/stacks/pim/run.env.template diff --git a/stacks/pkm/compose.yml b/stacks/pkm/compose.yml index 68afaf0..52546cc 100644 --- a/stacks/pkm/compose.yml +++ b/stacks/pkm/compose.yml @@ -1,18 +1,18 @@ -name: ${_STACK_0} +name: ${STACK} networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true volumes: pkm-data: - name: ${_VOLUME_0} + name: ${PKM_DATA_VOLUME} external: true services: - pkm: - container_name: ${_CONTAINER_0} + pkm-test: + container_name: ${PKM_CONTAINER} image: ghcr.io/silverbulletmd/silverbullet restart: unless-stopped env_file: @@ -23,4 +23,4 @@ services: expose: - 3000 volumes: - - pkm-data:/space + - ${PKM_DATA_VOLUME}:/space diff --git a/stacks/pkm/.env.template b/stacks/pkm/env.template index b607b6b..cceb8db 100644 --- a/stacks/pkm/.env.template +++ b/stacks/pkm/env.template @@ -3,13 +3,13 @@ # Stack Compose Variables # Namespaces -_STACK_0= +STACK= # Containers -_CONTAINER_0= +PKM_CONTAINER= # Networks -_NET_0= +EDGE_NET= # Volumes -_VOLUME_0= +PIM_DATA_VOLUME= diff --git a/stacks/pkm/.pkm.env.template b/stacks/pkm/pkm.env.template index 9f373a5..c45f07a 100644 --- a/stacks/pkm/.pkm.env.template +++ b/stacks/pkm/pkm.env.template @@ -1,6 +1,5 @@ # # # Stack Runtime Variables -SB_USER= SB_NAME= SB_DESCRIPTION= diff --git a/stacks/cgit/.env.template b/stacks/scm/.env.template index c461361..c461361 100644 --- a/stacks/cgit/.env.template +++ b/stacks/scm/.env.template diff --git a/stacks/cgit/.gitignore b/stacks/scm/.gitignore index 4c28985..4c28985 100644 --- a/stacks/cgit/.gitignore +++ b/stacks/scm/.gitignore diff --git a/stacks/cgit/.run.template b/stacks/scm/.run.template index cd5eebc..cd5eebc 100644 --- a/stacks/cgit/.run.template +++ b/stacks/scm/.run.template diff --git a/stacks/cgit/compose.yml b/stacks/scm/compose.yml index b40dbaf..b40dbaf 100644 --- a/stacks/cgit/compose.yml +++ b/stacks/scm/compose.yml diff --git a/stacks/tss/.run.env.template b/stacks/tss/.run.env.template deleted file mode 100644 index 103c5da..0000000 --- a/stacks/tss/.run.env.template +++ /dev/null @@ -1,5 +0,0 @@ -# TSS CONFIG -RUST_LOG=info -DATA_DIR=/var/lib/taskchampion-sync-server/data -LISTEN=0.0.0.0:8080 -CLIENT_ID= diff --git a/stacks/tss/compose.yml b/stacks/tss/compose.yml index 63913f0..cbaf2f0 100644 --- a/stacks/tss/compose.yml +++ b/stacks/tss/compose.yml @@ -1,26 +1,26 @@ -name: ${_STACK_0} +name: ${STACK} networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true - -volumes: - tss-db: - name: ${_VOLUME_0} + db-net: + name: ${DB_NET} external: true services: tss: - container_name: ${_CONTAINER_0} - image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:latest + container_name: ${TSS_CONTAINER} + image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres:latest restart: unless-stopped + environment: + RUST_LOG: info + LISTEN: 0.0.0.0:8080 env_file: - .run.env - .env - volumes: - - tss-db:/var/lib/taskchampion-sync-server/data networks: - edge-net + - db-net expose: - 8080 diff --git a/stacks/tss/env.template b/stacks/tss/env.template new file mode 100644 index 0000000..57ab20a --- /dev/null +++ b/stacks/tss/env.template @@ -0,0 +1,12 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Container + +# Network +EDGE_NET= +DB_NET= diff --git a/stacks/tss/run.env.template b/stacks/tss/run.env.template new file mode 100644 index 0000000..09f266a --- /dev/null +++ b/stacks/tss/run.env.template @@ -0,0 +1,11 @@ +# +# +# Stack Runtime Variables + +CLIENT_ID= +DB_HOST= +DB_PORT +DB_USER= +DB_PASSWORD= +DB_BASE= +CONNECTION=postgresql://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_BASE |