summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRATDAD <lambda@disroot.org>2026-03-14 19:09:51 -0400
committerRATDAD <lambda@disroot.org>2026-03-14 19:09:51 -0400
commitc4370a17dec7c1090c92efc195f6bd1188ba9bde (patch)
tree9e421f1f16ea409865a371adb4902e604ec5f299
parent2578d12ea47d10130472a845244e4aaac48897cb (diff)
downloadrd-cloud-c4370a17dec7c1090c92efc195f6bd1188ba9bde.tar.gz
rd-cloud-c4370a17dec7c1090c92efc195f6bd1188ba9bde.tar.bz2
rd-cloud-c4370a17dec7c1090c92efc195f6bd1188ba9bde.zip
refactor: alter the position of environment files and container routingdev
Diffstat
-rw-r--r--.env14
-rw-r--r--.gitignore6
-rwxr-xr-xbin/test1
-rw-r--r--compose.yml12
-rw-r--r--stacks/db/.gitignore3
-rw-r--r--stacks/db/compose.yml29
-rw-r--r--stacks/db/env.template17
-rw-r--r--stacks/db/run.env.template11
-rw-r--r--stacks/edge/.gitignore5
-rw-r--r--stacks/edge/Caddyfile.template53
-rw-r--r--stacks/edge/compose.yml16
-rw-r--r--stacks/edge/env.template16
-rw-r--r--stacks/iam/.gitignore4
-rw-r--r--stacks/iam/compose.yml65
-rw-r--r--stacks/iam/env.template17
-rw-r--r--stacks/iam/iam.env.template12
-rwxr-xr-xstacks/iam/util/gen-oidc-client.sh7
-rwxr-xr-xstacks/iam/util/gen-oidc-jwk.sh5
-rwxr-xr-xstacks/iam/util/gen-secrets.sh21
-rwxr-xr-xstacks/iam/util/gen-user-passwd.sh8
-rw-r--r--stacks/irm/.gitignore3
-rw-r--r--stacks/irm/compose.yml18
-rw-r--r--stacks/irm/env.template20
-rw-r--r--stacks/irm/run.env.template62
-rw-r--r--stacks/news/.gitignore8
-rw-r--r--stacks/news/compose.yml25
-rw-r--r--stacks/news/env.template20
-rw-r--r--stacks/news/run.env.template32
-rw-r--r--stacks/pim/.gitignore5
-rw-r--r--stacks/pim/compose.yml11
-rw-r--r--stacks/pim/env.template17
-rw-r--r--stacks/pim/run.env.template63
-rw-r--r--stacks/pkm/.gitignore3
-rw-r--r--stacks/pkm/compose.yml6
-rw-r--r--stacks/pkm/env.template15
-rw-r--r--stacks/pkm/pkm.env.template5
-rw-r--r--stacks/scm/.env.template18
-rw-r--r--stacks/scm/.gitignore9
-rw-r--r--stacks/scm/compose.yml25
-rw-r--r--stacks/tsk/compose.yml (renamed from stacks/tss/compose.yml)10
-rw-r--r--stacks/tss/.gitignore3
-rw-r--r--stacks/tss/env.template12
-rw-r--r--stacks/tss/run.env.template11
-rw-r--r--templates/edge.env.template (renamed from stacks/edge/run.env.template)22
-rw-r--r--templates/iam.env.template2
-rw-r--r--templates/irm.env.template4
-rw-r--r--templates/news.env.template24
-rw-r--r--templates/pim.env.template38
-rw-r--r--templates/pkm.env.template2
-rw-r--r--templates/scm.env.template (renamed from stacks/scm/.run.template)3
-rw-r--r--templates/tsk.env.template8
51 files changed, 212 insertions, 614 deletions
diff --git a/.env b/.env
new file mode 100644
index 0000000..f83ff07
--- /dev/null
+++ b/.env
@@ -0,0 +1,14 @@
+#
+#
+# RD-CLOUD GLOBAL ENVIRONMENT
+
+TZ=
+ORG=
+SERVER=
+DOMAIN=
+EDGE_NET=
+DB_NET=
+ROOT=../../
+SECRETS=${ROOT}/secrets
+CONFIG=${ROOT}/config
+GIT_ROOT=${ROOT}/git
diff --git a/.gitignore b/.gitignore
index 9de1226..f95beb4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,8 @@
.editorconfig
.vscode
+git/
+secrets/
+volumes/
+www/
+compose.test.yml
+.test.env
diff --git a/bin/test b/bin/test
new file mode 100755
index 0000000..309ca8a
--- /dev/null
+++ b/bin/test
@@ -0,0 +1 @@
+docker compose --env-file .test.env -f compose.test.yml "$@"
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..a540bb3
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,12 @@
+name: ${SERVER}
+
+include:
+ - stacks/db/compose.yml
+ - stacks/edge/compose.yml
+ - stacks/iam/compose.yml
+ - stacks/irm/compose.yml
+ - stacks/news/compose.yml
+ - stacks/pim/compose.yml
+ - stacks/pkm/compose.yml
+ - stacks/scm/compose.yml
+ - stacks/tsk/compose.yml
diff --git a/stacks/db/.gitignore b/stacks/db/.gitignore
deleted file mode 100644
index 13fed15..0000000
--- a/stacks/db/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*.env
-data/
-compose.test.yml
diff --git a/stacks/db/compose.yml b/stacks/db/compose.yml
index 9a44712..ccaf70e 100644
--- a/stacks/db/compose.yml
+++ b/stacks/db/compose.yml
@@ -1,10 +1,8 @@
-name: ${STACK}
-
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true
- db-net:
+ db_net:
name: ${DB_NET}
external: true
@@ -19,35 +17,38 @@ secrets:
services:
db:
- container_name: ${DB_CONTAINER}
image: postgres:16
restart: unless-stopped
+ secrets: ['DB_USER', 'DB_PASSWORD']
environment:
- POSTGRES_USER: 'admin'
+ POSTGRES_USER_FILE: '/run/secrets/DB_USER'
+ POSTGRES_PASSWORD_FILE: /run/secrets/DB_PASSWORD
env_file:
- - .run.env # Runtime ENV
- - .env # Compose ENV
+ - ${SECRETS}/env/db.env
user: '${UID}:${GID}'
volumes:
- - ./data/:/var/lib/postgresql/data
+ - db-data:/var/lib/postgresql/data
networks:
- - db-net
+ - db_net
expose:
- 5432
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 5s
retries: 5
- db-admin:
+ dba:
container_name: ${DBA_CONTAINER}
image: adminer:latest
+ environment:
+ ADMINER_DEFAULT_SERVER: db
+ ADMINER_DESIGN: galkaev
env_file:
- .run.env
- .env
depends_on:
- - db-test
+ - db
networks:
- - edge-net
- - db-net
+ - edge_net
+ - db_net
expose:
- 8080
diff --git a/stacks/db/env.template b/stacks/db/env.template
deleted file mode 100644
index cad7ccb..0000000
--- a/stacks/db/env.template
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespace
-STACK=
-
-# Containers
-DB_CONTAINER=
-DBA_CONTAINER=
-
-# Networks
-EDGE_NET=
-DB_NET=
-
-# Volumes
-DB_CONTAINER=
diff --git a/stacks/db/run.env.template b/stacks/db/run.env.template
deleted file mode 100644
index b5f8727..0000000
--- a/stacks/db/run.env.template
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-#
-# Stack Runtime Variables
-
-# PostgreSQL
-POSTGRES_USER=
-POSTGRES_PASSWORD=
-
-# Adminer
-ADMINER_DEFAULT_SERVER=
-ADMINER_DESIGN=galkaev
diff --git a/stacks/edge/.gitignore b/stacks/edge/.gitignore
deleted file mode 100644
index 14be0dc..0000000
--- a/stacks/edge/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-# Ignore .env files
-*.env
-srv/
-Caddyfile
-compose.test.yml
diff --git a/stacks/edge/Caddyfile.template b/stacks/edge/Caddyfile.template
deleted file mode 100644
index 03dadf8..0000000
--- a/stacks/edge/Caddyfile.template
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-#
-# Reverse Proxy Configuration
-
-{$DOMAIN}:80 {
- redir https://{$DOMAIN}{uri} 302
-}
-
-{$DOMAIN} {
-
- root * {$DOCUMENT_ROOT}
- encode
- try_files {path} index.html
- file_server
-}
-
-{$PKM_SUB}.{$DOMAIN} {
- reverse_proxy {$PKM_HOST}:{$PKM_PORT}
-}
-
-{$SCM_SUB}.{$DOMAIN} {
- reverse_proxy {$SCM_HOST}:{$SCM_PORT}
-}
-
-{$PIM_SUB}.{$DOMAIN} {
-
- reverse_proxy {$PIM_HOST}:{$PIM_PORT}
-}
-
-{$TSS_SUB}.{$DOMAIN} {
-
- reverse_proxy {$TSS_HOST}:{$TSS_PORT}
-}
-
-{$IAM_SUB}.{$DOMAIN} {
-
- reverse_proxy {$IAM_HOST}:{$IAM_PORT}
-}
-
-{$IRM_SUB}.{$DOMAIN} {
-
- reverse_proxy {$IRM_HOST}:{$IRM_PORT}
-}
-
-{$NEWS_SUB}.{$DOMAIN} {
-
- reverse_proxy {$NEWS_HOST}:{$NEWS_PORT}
-}
-
-{$DBA_SUB}.{$DOMAIN} {
-
- reverse_proxy {$DBA_HOST}:{$DBA_PORT}
-}
diff --git a/stacks/edge/compose.yml b/stacks/edge/compose.yml
index d8c86fa..d18d15f 100644
--- a/stacks/edge/compose.yml
+++ b/stacks/edge/compose.yml
@@ -1,20 +1,16 @@
-name: ${STACK}
-
networks:
- net:
+ edge_net:
name: ${EDGE_NET}
external: true
services:
- edge-test:
- container_name: ${EDGE_CONTAINER}
+ edge:
image: caddy:latest
restart: unless-stopped
env_file:
- - .run.env
- - .env
+ - ${SECRETS}/env/edge.env
networks:
- - net
+ - edge_net
cap_add:
- NET_ADMIN
ports:
@@ -22,5 +18,5 @@ services:
- 443:443
- 443:443/udp
volumes:
- - ${CADDYFILE}:/etc/caddy/Caddyfile
- - ${WEBROOT}/:/srv
+ - ${ROOT}/www:/srv/www
+ - ${CONFIG}/edge/Caddyfile.test:/etc/caddy/Caddyfile
diff --git a/stacks/edge/env.template b/stacks/edge/env.template
deleted file mode 100644
index b43dec1..0000000
--- a/stacks/edge/env.template
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespace
-STACK=
-
-# Containers
-EDGE_CONTAINER=
-
-# Networks
-EDGE_NET=
-
-# Volumes
-CADDYFILE=
-WEBROOT=
diff --git a/stacks/iam/.gitignore b/stacks/iam/.gitignore
deleted file mode 100644
index 6b67a59..0000000
--- a/stacks/iam/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.env
-config
-secrets
-compose.test.yml
diff --git a/stacks/iam/compose.yml b/stacks/iam/compose.yml
index 3e516ca..398302d 100644
--- a/stacks/iam/compose.yml
+++ b/stacks/iam/compose.yml
@@ -1,62 +1,55 @@
-name: ${STACK}
-
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true
- db-net:
+ db_net:
name: ${DB_NET}
external: true
cache-net:
volumes:
- config:
- name: ${IAM_CONFIG_VOLUME}
- external: true
+ name: ${IAM_DATA}
+ external: true
secrets:
- JWT_SECRET:
- file: './srv/secrets/auth/JWT_SECRET'
- SESSION_SECRET:
- file: './srv/secrets/auth/SESSION_SECRET'
- STORAGE_ENCRYPTION:
- file: './srv/secrets/auth/STORAGE_ENCRYPTION'
- OIDC_HMAC_SECRET:
- file: './srv/secrets/auth/OIDC_HMAC_SECRET'
- POSTGRES_PASSWORD:
- file: './srv/secrets/auth/POSTGRES_PASSWORD'
+ JWT:
+ file: '${ROOT}/secrets/iam/JWT'
+ SESSION:
+ file: '${ROOT}/secrets/iam/SESSION'
+ STORAGE:
+ file: '${ROOT}/secrets/iam/STORAGE'
+ OIDC_HMAC:
+ file: '${ROOT}/secrets/iam/OIDC_HMAC'
+ DB:
+ file: '${ROOT}/secrets/iam/DB'
services:
- auth-test:
- container_name: ${IAM_CONTAINER}
+ iam:
image: authelia/authelia:latest
restart: unless-stopped
- secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD']
+ secrets: ['JWT', 'SESSION', 'STORAGE', 'OIDC_HMAC', 'POSTGRES']
environment:
- AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
- AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION'
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET'
- AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD'
+ AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT'
+ AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION'
+ AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE'
+ AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC'
+ AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/DB'
X_AUTHELIA_CONFIG_FILTERS: 'template'
env_file:
- - .run.env # Runtime Vars
- .env # Stack Vars
user: "${UID}:${GID}"
volumes:
- - config:/config
- - ${CONFIG_FILE}:/config/configuration.yml
- - ${USERS_FILE}:/config/users.yml
- - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem
- - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem
+ - ${CONFIG}/iam/configuration.yml:/config/configuration.yml
+ - ${CONFIG}/iam/users.yml:/config/users.yml
+ - ${SECRET}/iam/jwk/oidc-jwk.pem:/config/jwks/oidc-jwk.pem
+ - ${SECRET}/iam/jwk/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem
networks:
- - edge-net
- - db-net
- - cache-net
+ - edge_net
+ - db_net
+ - cache_net
expose:
- 9091
- auth-cache-test:
- container_name: ${IAM_CACHE_CONTAINER}
+ iam-cache:
image: redis:latest
restart: unless-stopped
env_file:
diff --git a/stacks/iam/env.template b/stacks/iam/env.template
deleted file mode 100644
index b6a023e..0000000
--- a/stacks/iam/env.template
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespace
-STACK=
-
-# Containers
-IAM_CONTAINER=
-IAM_CACHE_CONTAINER=
-
-# Network
-EDGE_NET=
-DB_NET=
-
-# Volumes
-IAM_CONFIG_VOLUME=
diff --git a/stacks/iam/iam.env.template b/stacks/iam/iam.env.template
deleted file mode 100644
index b5275ab..0000000
--- a/stacks/iam/iam.env.template
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-#
-# Stack Runtime Variables
-
-# Authelia secrets
-AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/JWT_SECRET
-AUTHELIA_SESSION_SECRET_FILE=/run/secrets/SESSION_SECRET
-AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/STORAGE_ENCRYPTION
-AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/OIDC_HMAC_SECRET
-
-# Use Authelia's file filter in config.
-X_AUTHELIA_CONFIG_FILTERS=template
diff --git a/stacks/iam/util/gen-oidc-client.sh b/stacks/iam/util/gen-oidc-client.sh
deleted file mode 100755
index ee6d79a..0000000
--- a/stacks/iam/util/gen-oidc-client.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-docker run --rm authelia/authelia:latest authelia crypto rand --length 72 --charset rfc3986
-docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-
-printf "\n"
diff --git a/stacks/iam/util/gen-oidc-jwk.sh b/stacks/iam/util/gen-oidc-jwk.sh
deleted file mode 100755
index 48747fb..0000000
--- a/stacks/iam/util/gen-oidc-jwk.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-openssl genrsa -out oidc-jwk.pem 2048
-openssl genrsa -in oidc-jwk.pem -outform PEM -pubout -out oidc-jwk-pub.pem
diff --git a/stacks/iam/util/gen-secrets.sh b/stacks/iam/util/gen-secrets.sh
deleted file mode 100755
index 8ebec55..0000000
--- a/stacks/iam/util/gen-secrets.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-USERS=(ADMIN)
-SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET)
-SECRET_DIR=$PWD/secrets
-
-[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR"
-
-# Generate secrets
-for filename in "${SECRETS[@]}"; do
- if [ ! -f "$SECRET_DIR"/"$filename" ]; then
- openssl rand -hex 64 > "$SECRET_DIR"/"$filename"
- fi
-done
-
-# Generate admin password
-for filename in "${USERS[@]}"; do
- if [ ! -f "$SECRET_DIR"/"$filename" ]; then
- openssl rand -hex 12 > "$SECRET_DIR"/"$filename"
- fi
-done
diff --git a/stacks/iam/util/gen-user-passwd.sh b/stacks/iam/util/gen-user-passwd.sh
deleted file mode 100755
index d8202ee..0000000
--- a/stacks/iam/util/gen-user-passwd.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-read -rp "Enter a password for the new user: " PASSWORD
-HASHED=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "${PASSWORD}")
-
-printf "Password: %s\n" "${PASSWORD}"
-printf "Hash: %s\n" "${HASHED}"
diff --git a/stacks/irm/.gitignore b/stacks/irm/.gitignore
deleted file mode 100644
index 13fed15..0000000
--- a/stacks/irm/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*.env
-data/
-compose.test.yml
diff --git a/stacks/irm/compose.yml b/stacks/irm/compose.yml
index 4ba9977..7531465 100644
--- a/stacks/irm/compose.yml
+++ b/stacks/irm/compose.yml
@@ -1,25 +1,23 @@
-name: ${STACK} # Explicitly name stacks (do not rely on directory name).
-
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true # All networks SHOULD be external in production.
- db-net:
+ db_net:
name: ${DB_NET}
external: true
services:
irm:
- container_name: ${IRM_CONTAINER} # Name the containers explicitly.
- image: ${IRM_IMAGE}
+ image: ghcr.io/linkwarden/linkwarden:latest
restart: unless-stopped
env_file:
# NOTE: .compose.env WILL override .env if there are overlapping values.
- - .run.env # Runtime ENV
- - .env # Compose ENV
+ - ${ROOT}/stacks/.env # GLOBAL
+ - ${CONFIG}/env/irm.env
+ - ${SECRET}/env/irm.env # SECRETS
networks:
- - edge-net
- - db-net
+ - edge_net
+ - db_net
expose:
- 3000
# Github Issue: https://github.com/linkwarden/linkwarden/issues/1153
diff --git a/stacks/irm/env.template b/stacks/irm/env.template
deleted file mode 100644
index 2c032b8..0000000
--- a/stacks/irm/env.template
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespaces
-STACK=
-
-# Networks
-EDGE_NET=
-DB_NET=
-
-# Containers
-IRM_CONTAINER=
-
-# Images
-IRM_IMAGE=
-
-# OIDC
-OIDC_PROVIDER_URL=
-PROXY_IP=
diff --git a/stacks/irm/run.env.template b/stacks/irm/run.env.template
deleted file mode 100644
index 0b05f6b..0000000
--- a/stacks/irm/run.env.template
+++ /dev/null
@@ -1,62 +0,0 @@
-#
-#
-# Stack Runtime Variables
-NEXTAUTH_URL=
-NEXTAUTH_SECRET=
-
-POSTGRES_USER=
-POSTGRES_PASSWORD=
-
-DATABASE_URL=
-
-# Additional Optional Settings
-PAGINATION_TAKE_COUNT=
-STORAGE_FOLDER=
-AUTOSCROLL_TIMEOUT=
-NEXT_PUBLIC_DISABLE_REGISTRATION=
-NEXT_PUBLIC_CREDENTIALS_ENABLED=
-DISABLE_NEW_SSO_USERS=
-MAX_LINKS_PER_USER=
-ARCHIVE_TAKE_COUNT=
-BROWSER_TIMEOUT=
-IGNORE_UNAUTHORIZED_CA=
-IGNORE_HTTPS_ERRORS=
-IGNORE_URL_SIZE_LIMIT=
-NEXT_PUBLIC_DEMO=
-NEXT_PUBLIC_DEMO_USERNAME=
-NEXT_PUBLIC_DEMO_PASSWORD=
-NEXT_PUBLIC_ADMIN=
-NEXT_PUBLIC_MAX_FILE_BUFFER=
-PDF_MAX_BUFFER=
-SCREENSHOT_MAX_BUFFER=
-READABILITY_MAX_BUFFER=
-PREVIEW_MAX_BUFFER=
-MONOLITH_MAX_BUFFER=
-MONOLITH_CUSTOM_OPTIONS=
-IMPORT_LIMIT=
-PLAYWRIGHT_LAUNCH_OPTIONS_EXECUTABLE_PATH=
-PLAYWRIGHT_WS_URL=
-MAX_WORKERS=
-DISABLE_PRESERVATION=
-NEXT_PUBLIC_RSS_POLLING_INTERVAL_MINUTES=
-RSS_SUBSCRIPTION_LIMIT_PER_USER=
-TEXT_CONTENT_LIMIT=
-SEARCH_FILTER_LIMIT=
-INDEX_TAKE_COUNT=
-MEILI_TIMEOUT=
-
-# SMTP Settings
-NEXT_PUBLIC_EMAIL_PROVIDER=
-EMAIL_FROM=
-EMAIL_SERVER=
-BASE_URL=
-
-# PDF archive settings
-PDF_MARGIN_TOP=
-PDF_MARGIN_BOTTOM=
-
-# SSO settings
-NEXT_PUBLIC_AUTHELIA_ENABLED=
-AUTHELIA_CLIENT_ID=
-AUTHELIA_CLIENT_SECRET=
-AUTHELIA_WELLKNOWN_URL=
diff --git a/stacks/news/.gitignore b/stacks/news/.gitignore
deleted file mode 100644
index 01b11ab..0000000
--- a/stacks/news/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-*.env
-data/
-db/
-extensions/
-certs/
-compose.test.yml
-config.custom.php
-config-user.custom.php
diff --git a/stacks/news/compose.yml b/stacks/news/compose.yml
index 65a7847..d5feb83 100644
--- a/stacks/news/compose.yml
+++ b/stacks/news/compose.yml
@@ -1,30 +1,29 @@
-## Template compose used for each stack.
-name: ${STACK} # Explicit project name (do not rely on directory name)
-
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true # All networks MUST be external in production.
- db-net:
+ db_net:
name: ${DB_NET}
external: true
services:
- news-test:
- container_name: ${NEWS_CONTAINER} # Explicitly name containers.
+ news:
image: freshrss/freshrss:latest
restart: unless-stopped
+ environment:
+ FRESHRSS_ENV: production
+ LISTEN: 0.0.0.0:80
+ CRON_MIN: 2,32
env_file:
- # NOTE: .compose.env WILL override .env if there are overlapping values.
- - .run.env # Compose wiring defaults go here
- - .env # Service env vars
+ - ${ROOT}/stacks/.env # GLOBAL
+ - ${ROOT}/secret/env/news.env
networks:
- - edge-net
- - db-net
+ - edge_net
+ - db_net
expose:
- 80
extra_hosts:
- - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" # This is required so the container can return the right uri after auth.
+ - "${OIDC_PROVIDER_URL}:${PROXY_IP}" # This is required so the container can return the right uri after auth.
healthcheck:
test: ["CMD", "cli/health.php"]
timeout: 10s
diff --git a/stacks/news/env.template b/stacks/news/env.template
deleted file mode 100644
index 79e216b..0000000
--- a/stacks/news/env.template
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespaces
-STACK=
-
-# Containers
-NEWS_CONTAINER=
-
-# Network
-EDGE_NET=
-DB_NET=
-
-# Volumes
-# TODO: Manage Volumes that may be necessary for FreshRSS.
-
-# OIDC
-OIDC_PROVIDER_DOMAIN=
-PROXY_IP=
diff --git a/stacks/news/run.env.template b/stacks/news/run.env.template
deleted file mode 100644
index 44bfcde..0000000
--- a/stacks/news/run.env.template
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-#
-# Stack Runtime Variables
-
-# DB
-POSTGRES_USER=
-POSTGRES_PASSWORD=
-DB_BASE=
-DB_HOST=
-
-# GENERAL
-TZ=
-CRON_MIN=2,32
-FRESHRSS_ENV=production
-LISTEN=0.0.0.0:80
-TRUSTED_PROXY=
-ADMIN_EMAIL=
-BASE_URL=
-SERVER_DNS=
-
-# OIDC
-OIDC_ENABLED=1
-OIDC_PROVIDER_METADATA_URL=
-OIDC_CLIENT_ID=
-OIDC_CLIENT_SECRET=
-OIDC_CLIENT_CRYPTO_KEY=
-OIDC_REMOTE_USER_CLAIM=
-OIDC_SCOPES=
-OIDC_X_FORWARDED_HEADERS=
-# OIDC_SESSION_INACTIVITY_TIMEOUT=
-# OIDC_SESSION_MAX_DURATION=
-# OIDC_SESSION_TYPE=
diff --git a/stacks/pim/.gitignore b/stacks/pim/.gitignore
deleted file mode 100644
index e6c78b8..0000000
--- a/stacks/pim/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-# Ignore .env files
-*.env
-.database/
-.database/**
-compose.test.yml
diff --git a/stacks/pim/compose.yml b/stacks/pim/compose.yml
index 8359e9c..2ef4d17 100644
--- a/stacks/pim/compose.yml
+++ b/stacks/pim/compose.yml
@@ -1,16 +1,13 @@
-name: ${STACK}
-
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true
- db-net:
+ db_net:
name: ${DB_NET}
external: true
services:
pim:
- container_name: ${PIM_CONTAINER}
image: ghcr.io/tchapi/davis-standalone:latest
environment:
ADMIN_AUTH_BYPASS: false
@@ -20,7 +17,7 @@ services:
- .run.env
- .env
networks:
- - edge-net
- - db-net
+ - edge_net
+ - db_net
expose:
- 9000
diff --git a/stacks/pim/env.template b/stacks/pim/env.template
deleted file mode 100644
index d84f2b0..0000000
--- a/stacks/pim/env.template
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespaces
-_STACK_0=
-
-# Containers
-_CONTAINER_0=
-_CONTAINER_1=
-
-# Networks
-_NET_0=
-_NET_1=
-
-# Volumes
-_VOLUME_0=
diff --git a/stacks/pim/run.env.template b/stacks/pim/run.env.template
deleted file mode 100644
index 6ef4bc3..0000000
--- a/stacks/pim/run.env.template
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-#
-# DAViS Environment Variables
-
-# General settings
-APP_ENV=prod # or dev
-CALDAV_ENABLED=true
-CARDDAV_ENABLED=true
-WEBDAV_ENABLED=false
-PUBLIC_CALENDARS_ENABLED=true
-BIRTHDAY_REMINDER_OFFSET=PT9H
-APP_TIMEZONE=America/New_York
-LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log"
-
-# Database
-POSTGRES_PASSWORD=
-POSTGRES_DB=
-POSTGRES_USER=
-DATABASE_DRIVER=postgresql
-DB_DATABASE=${POSTGRES_DB}
-DB_USER=${POSTGRES_USER}
-DB_PASSWORD=${POSTGRES_PASSWORD}
-DATABASE_URL=${DATABASE_DRIVER}://${DB_USER}:${DB_PASSWORD}@${_DB_CONTAINER}:5432/${DB_DATABASE}?serverVersion=15&charset=UTF-8
-
-# For the Davis admin interface
-ADMIN_LOGIN=admin
-ADMIN_PASSWORD=admin
-ADMIN_AUTH_BYPASS=false
-
-# DAV auth settings
-AUTH_METHOD=Basic # Basic or IMAP or LDAP
-
-# Basic HTTP auth settings
-AUTH_REALM=SabreDAV
-
-# IMAP auth settings
-# IMAP_AUTH_URL=imap.mydomain.com:993
-# IMAP_ENCRYPTION_METHOD=ssl
-# IMAP_CERTIFICATE_VALIDATION=true
-# IMAP_AUTH_USER_AUTOCREATE=false
-
-# LDAP auth settings
-# LDAP_AUTH_URL=ldap://127.0.0.1:3890
-# LDAP_DN_PATTERN=uid=%u,ou=users,dc=domain,dc=com
-# LDAP_MAIL_ATTRIBUTE=mail
-# LDAP_AUTH_USER_AUTOCREATE=false
-# LDAP_CERTIFICATE_CHECKING_STRATEGY=try # never, hard, demand, try, or allow
-
-# WebDAV settings
-WEBDAV_TMP_DIR=/webdav/tmp
-WEBDAV_PUBLIC_DIR=/webdav/public
-WEBDAV_HOMES_DIR=
-
-# Mail settings
-# INVITE_FROM_ADDRESS=no-reply@example.org
-# MAIL_HOST=smtp.myprovider.com
-# MAIL_PORT=587
-# MAIL_USERNAME=userdav
-# MAIL_PASSWORD=test
-# MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
-
-# Trust the immediate proxy for X-Forwarded-* headers including HTTPS detection
-SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
diff --git a/stacks/pkm/.gitignore b/stacks/pkm/.gitignore
deleted file mode 100644
index 360f7cc..0000000
--- a/stacks/pkm/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*.env
-space/
-compose.test.yml
diff --git a/stacks/pkm/compose.yml b/stacks/pkm/compose.yml
index 52546cc..c159031 100644
--- a/stacks/pkm/compose.yml
+++ b/stacks/pkm/compose.yml
@@ -1,7 +1,7 @@
name: ${STACK}
networks:
- edge-net:
+ edge_net:
name: ${EDGE_NET}
external: true
@@ -16,10 +16,10 @@ services:
image: ghcr.io/silverbulletmd/silverbullet
restart: unless-stopped
env_file:
- - .run.env
+ - /srv/rdc/env/pkm.env
- .env
networks:
- - edge-net
+ - edge_net
expose:
- 3000
volumes:
diff --git a/stacks/pkm/env.template b/stacks/pkm/env.template
deleted file mode 100644
index cceb8db..0000000
--- a/stacks/pkm/env.template
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespaces
-STACK=
-
-# Containers
-PKM_CONTAINER=
-
-# Networks
-EDGE_NET=
-
-# Volumes
-PIM_DATA_VOLUME=
diff --git a/stacks/pkm/pkm.env.template b/stacks/pkm/pkm.env.template
deleted file mode 100644
index c45f07a..0000000
--- a/stacks/pkm/pkm.env.template
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-#
-# Stack Runtime Variables
-SB_NAME=
-SB_DESCRIPTION=
diff --git a/stacks/scm/.env.template b/stacks/scm/.env.template
deleted file mode 100644
index c461361..0000000
--- a/stacks/scm/.env.template
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespaces
-_STACK_0=
-
-# Containers
-_CONTAINER_0=
-
-# Networks
-_NET_0=
-
-# Volumes
-_CSS_FILE=
-_CONFIG_FILE=
-_GIT_ROOT=
-_IMPORTS=
diff --git a/stacks/scm/.gitignore b/stacks/scm/.gitignore
deleted file mode 100644
index 4c28985..0000000
--- a/stacks/scm/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-# Ignore .env files
-*.env
-srv/
-srv/*
-opt/
-opt/*
-etc/
-etc/*
-compose.test.yml
diff --git a/stacks/scm/compose.yml b/stacks/scm/compose.yml
index b40dbaf..c1e4bb8 100644
--- a/stacks/scm/compose.yml
+++ b/stacks/scm/compose.yml
@@ -1,24 +1,19 @@
-name: ${_STACK_0}
-
networks:
- net:
- name: ${_NET_0}
+ edge_net:
+ name: ${EDGE_NET}
external: true
services:
- cgit:
- container_name: ${_CONTAINER_0}
+ scm:
image: ratdad/cgit:latest
- env_file:
- - .run.env
- - .env
networks:
- - net
+ - edge_net
expose:
- 80
volumes:
- # TODO: Make these cgit-docker builtins.
- - ${_CSS_FILE:-./opt/cgit.css}:/srv/www/htdocs/cgit/cgit.css
- - ${_CONFIG_FILE:-./etc/cgitrc}:/etc/cgitrc
- - ${_IMPORTS:-./opt/}:/opt
- - ${_GIT_ROOT:-./srv/git/}:/srv/git # mount the directory you use for your git server
+ - ${SECRETS}/scm/cgit.css}:/srv/www/htdocs/cgit/cgit.css
+ - ${SECRETS}/scm/header.html:/opt/header.html
+ - ${SECRETS}/scm/footer.html:/opt/footer.html
+ - ${SECRETS}/scm/README.txt:/opt/README.txt
+ - ${SECRETS}/scm/cgitrc:/etc/cgitrc
+ - ${GIT_ROOT}:/srv/git
diff --git a/stacks/tss/compose.yml b/stacks/tsk/compose.yml
index cbaf2f0..e9b97ea 100644
--- a/stacks/tss/compose.yml
+++ b/stacks/tsk/compose.yml
@@ -1,5 +1,3 @@
-name: ${STACK}
-
networks:
edge-net:
name: ${EDGE_NET}
@@ -9,16 +7,14 @@ networks:
external: true
services:
- tss:
- container_name: ${TSS_CONTAINER}
+ tsk:
image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres:latest
restart: unless-stopped
environment:
RUST_LOG: info
- LISTEN: 0.0.0.0:8080
+ LISTEN: 0.0.0.0:80
env_file:
- - .run.env
- - .env
+ - ${SECRET}/env/tsk.env
networks:
- edge-net
- db-net
diff --git a/stacks/tss/.gitignore b/stacks/tss/.gitignore
deleted file mode 100644
index 13fed15..0000000
--- a/stacks/tss/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-*.env
-data/
-compose.test.yml
diff --git a/stacks/tss/env.template b/stacks/tss/env.template
deleted file mode 100644
index 57ab20a..0000000
--- a/stacks/tss/env.template
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-#
-# Stack Compose Variables
-
-# Namespace
-STACK=
-
-# Container
-
-# Network
-EDGE_NET=
-DB_NET=
diff --git a/stacks/tss/run.env.template b/stacks/tss/run.env.template
deleted file mode 100644
index 09f266a..0000000
--- a/stacks/tss/run.env.template
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-#
-# Stack Runtime Variables
-
-CLIENT_ID=
-DB_HOST=
-DB_PORT
-DB_USER=
-DB_PASSWORD=
-DB_BASE=
-CONNECTION=postgresql://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_BASE
diff --git a/stacks/edge/run.env.template b/templates/edge.env.template
index aa456bf..5686218 100644
--- a/stacks/edge/run.env.template
+++ b/templates/edge.env.template
@@ -1,34 +1,34 @@
-DOMAIN=
+DOMAIN=${DOMAIN}
DOCUMENT_ROOT=
-PKM_HOST=
+PKM_HOST=pkm
PKM_SUB=
PKM_PORT=
-SCM_HOST=
+SCM_HOST=scm
SCM_SUB=
SCM_PORT=
-PIM_HOST=
+PIM_HOST=pim
PIM_SUB=
PIM_PORT=
-TSS_HOST=
-TSS_SUB=
-TSS_PORT=
+TSK_HOST=tsk
+TSK_SUB=
+TSK_PORT=
-IAM_HOST=
+IAM_HOST=iam
IAM_SUB=
IAM_PORT=
-IRM_HOST=
+IRM_HOST=irm
IRM_SUB=
IRM_PORT=
-NEWS_HOST=
+NEWS_HOST=news
NEWS_SUB=
NEWS_PORT=
-DBA_HOST=
+DBA_HOST=dba
DBA_SUB=
DBA_PORT=
diff --git a/templates/iam.env.template b/templates/iam.env.template
new file mode 100644
index 0000000..6a811e5
--- /dev/null
+++ b/templates/iam.env.template
@@ -0,0 +1,2 @@
+AUTHELIA_STORAGE_POSTGRES_USERNAME=${ORG}-iam
+AUTHELIA_STORAGE_POSTGRES_DATABASE=${ORG}-iam
diff --git a/templates/irm.env.template b/templates/irm.env.template
new file mode 100644
index 0000000..b2dc4d1
--- /dev/null
+++ b/templates/irm.env.template
@@ -0,0 +1,4 @@
+PAGINATION_TAKE_COUNT=50
+STORAGE_FOLDER=/data
+AUTOSCROLL_TIMEOUT=30
+RE_ARCHIVE_LIMIT=5
diff --git a/templates/news.env.template b/templates/news.env.template
new file mode 100644
index 0000000..7d43b30
--- /dev/null
+++ b/templates/news.env.template
@@ -0,0 +1,24 @@
+# GENERAL
+TRUSTED_PROXY=172.18.0.0/16 172.19.0.0/16
+ADMIN_EMAIL=admin@${DOMAIN}
+BASE_URL=https://news.${DOMAIN}:443
+SERVER_DNS=news.${DOMAIN}
+
+# DB
+DB_HOST=
+DB_BASE=
+DB_USER=
+DB_PASSWORD=
+
+# OIDC
+OIDC_ENABLED=1
+OIDC_PROVIDER_METADATA_URL=https://iam./.well-known/openid-configuration
+OIDC_CLIENT_ID=
+OIDC_CLIENT_SECRET=
+OIDC_CLIENT_CRYPTO_KEY=
+OIDC_REMOTE_USER_CLAIM=
+OIDC_SCOPES=
+OIDC_X_FORWARDED_HEADERS=
+OIDC_SESSION_INACTIVITY_TIMEOUT=
+OIDC_SESSION_MAX_DURATION=
+OIDC_SESSION_TYPE=
diff --git a/templates/pim.env.template b/templates/pim.env.template
new file mode 100644
index 0000000..d99e720
--- /dev/null
+++ b/templates/pim.env.template
@@ -0,0 +1,38 @@
+# GENERAL
+APP_ENV=dev # or dev
+CALDAV_ENABLED=true
+CARDDAV_ENABLED=true
+WEBDAV_ENABLED=false
+PUBLIC_CALENDARS_ENABLED=true
+BIRTHDAY_REMINDER_OFFSET=PT0H
+APP_TIMEZONE=
+LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log"
+
+# DB
+DB_DRIVER=
+DB_HOST=
+DB_PORT=
+DB_DATABASE=
+DB_USER=
+DB_PASSWORD=
+DATABASE_URL=${DB_DRIVER}://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_DATABASE}?serverVersion=15&charset=UTF-8
+
+# ADMIN
+ADMIN_LOGIN=
+ADMIN_PASSWORD=
+
+# WebDAV
+WEBDAV_TMP_DIR=/webdav/tmp
+WEBDAV_PUBLIC_DIR=/webdav/public
+WEBDAV_HOMES_DIR=
+
+# MAIL
+INVITE_FROM_ADDRESS=no-reply@example.org
+MAIL_HOST=smtp.myprovider.com
+MAIL_PORT=587
+MAIL_USERNAME=userdav
+MAIL_PASSWORD=test
+MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
+
+# Trust the immediate proxy for X-Forwarded-* headers including HTTPS detection
+SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
diff --git a/templates/pkm.env.template b/templates/pkm.env.template
new file mode 100644
index 0000000..9eb10ce
--- /dev/null
+++ b/templates/pkm.env.template
@@ -0,0 +1,2 @@
+SB_NAME=
+SB_DESCRIPTION=
diff --git a/stacks/scm/.run.template b/templates/scm.env.template
index cd5eebc..4cf243a 100644
--- a/stacks/scm/.run.template
+++ b/templates/scm.env.template
@@ -1,6 +1,3 @@
-#
-#
-# Stack Runtime Variables
HTTP_AUTH_USER=
HTTP_AUTH_PASSWORD=
GIT_HTTP_AUTH_USER=
diff --git a/templates/tsk.env.template b/templates/tsk.env.template
new file mode 100644
index 0000000..3d123fb
--- /dev/null
+++ b/templates/tsk.env.template
@@ -0,0 +1,8 @@
+CLIENT_ID=
+DB_DRIVER=
+DB_HOST=
+DB_PORT
+DB_USER=
+DB_PASSWORD=
+DB_NAME=
+CONNECTION=${DB_DRIVER}://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}