diff options
Diffstat (limited to 'stacks')
41 files changed, 90 insertions, 641 deletions
diff --git a/stacks/db/.gitignore b/stacks/db/.gitignore deleted file mode 100644 index 13fed15..0000000 --- a/stacks/db/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.env -data/ -compose.test.yml diff --git a/stacks/db/compose.yml b/stacks/db/compose.yml index 9a44712..ccaf70e 100644 --- a/stacks/db/compose.yml +++ b/stacks/db/compose.yml @@ -1,10 +1,8 @@ -name: ${STACK} - networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true - db-net: + db_net: name: ${DB_NET} external: true @@ -19,35 +17,38 @@ secrets: services: db: - container_name: ${DB_CONTAINER} image: postgres:16 restart: unless-stopped + secrets: ['DB_USER', 'DB_PASSWORD'] environment: - POSTGRES_USER: 'admin' + POSTGRES_USER_FILE: '/run/secrets/DB_USER' + POSTGRES_PASSWORD_FILE: /run/secrets/DB_PASSWORD env_file: - - .run.env # Runtime ENV - - .env # Compose ENV + - ${SECRETS}/env/db.env user: '${UID}:${GID}' volumes: - - ./data/:/var/lib/postgresql/data + - db-data:/var/lib/postgresql/data networks: - - db-net + - db_net expose: - 5432 healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 5s retries: 5 - db-admin: + dba: container_name: ${DBA_CONTAINER} image: adminer:latest + environment: + ADMINER_DEFAULT_SERVER: db + ADMINER_DESIGN: galkaev env_file: - .run.env - .env depends_on: - - db-test + - db networks: - - edge-net - - db-net + - edge_net + - db_net expose: - 8080 diff --git a/stacks/db/env.template b/stacks/db/env.template deleted file mode 100644 index cad7ccb..0000000 --- a/stacks/db/env.template +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -STACK= - -# Containers -DB_CONTAINER= -DBA_CONTAINER= - -# Networks -EDGE_NET= -DB_NET= - -# Volumes -DB_CONTAINER= diff --git a/stacks/db/run.env.template b/stacks/db/run.env.template deleted file mode 100644 index b5f8727..0000000 --- a/stacks/db/run.env.template +++ /dev/null @@ -1,11 +0,0 @@ -# -# -# Stack Runtime Variables - -# PostgreSQL -POSTGRES_USER= -POSTGRES_PASSWORD= - -# Adminer -ADMINER_DEFAULT_SERVER= -ADMINER_DESIGN=galkaev diff --git a/stacks/edge/.gitignore b/stacks/edge/.gitignore deleted file mode 100644 index 14be0dc..0000000 --- a/stacks/edge/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# Ignore .env files -*.env -srv/ -Caddyfile -compose.test.yml diff --git a/stacks/edge/Caddyfile.template b/stacks/edge/Caddyfile.template deleted file mode 100644 index 03dadf8..0000000 --- a/stacks/edge/Caddyfile.template +++ /dev/null @@ -1,53 +0,0 @@ -# -# -# Reverse Proxy Configuration - -{$DOMAIN}:80 { - redir https://{$DOMAIN}{uri} 302 -} - -{$DOMAIN} { - - root * {$DOCUMENT_ROOT} - encode - try_files {path} index.html - file_server -} - -{$PKM_SUB}.{$DOMAIN} { - reverse_proxy {$PKM_HOST}:{$PKM_PORT} -} - -{$SCM_SUB}.{$DOMAIN} { - reverse_proxy {$SCM_HOST}:{$SCM_PORT} -} - -{$PIM_SUB}.{$DOMAIN} { - - reverse_proxy {$PIM_HOST}:{$PIM_PORT} -} - -{$TSS_SUB}.{$DOMAIN} { - - reverse_proxy {$TSS_HOST}:{$TSS_PORT} -} - -{$IAM_SUB}.{$DOMAIN} { - - reverse_proxy {$IAM_HOST}:{$IAM_PORT} -} - -{$IRM_SUB}.{$DOMAIN} { - - reverse_proxy {$IRM_HOST}:{$IRM_PORT} -} - -{$NEWS_SUB}.{$DOMAIN} { - - reverse_proxy {$NEWS_HOST}:{$NEWS_PORT} -} - -{$DBA_SUB}.{$DOMAIN} { - - reverse_proxy {$DBA_HOST}:{$DBA_PORT} -} diff --git a/stacks/edge/compose.yml b/stacks/edge/compose.yml index d8c86fa..d18d15f 100644 --- a/stacks/edge/compose.yml +++ b/stacks/edge/compose.yml @@ -1,20 +1,16 @@ -name: ${STACK} - networks: - net: + edge_net: name: ${EDGE_NET} external: true services: - edge-test: - container_name: ${EDGE_CONTAINER} + edge: image: caddy:latest restart: unless-stopped env_file: - - .run.env - - .env + - ${SECRETS}/env/edge.env networks: - - net + - edge_net cap_add: - NET_ADMIN ports: @@ -22,5 +18,5 @@ services: - 443:443 - 443:443/udp volumes: - - ${CADDYFILE}:/etc/caddy/Caddyfile - - ${WEBROOT}/:/srv + - ${ROOT}/www:/srv/www + - ${CONFIG}/edge/Caddyfile.test:/etc/caddy/Caddyfile diff --git a/stacks/edge/env.template b/stacks/edge/env.template deleted file mode 100644 index b43dec1..0000000 --- a/stacks/edge/env.template +++ /dev/null @@ -1,16 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -STACK= - -# Containers -EDGE_CONTAINER= - -# Networks -EDGE_NET= - -# Volumes -CADDYFILE= -WEBROOT= diff --git a/stacks/edge/run.env.template b/stacks/edge/run.env.template deleted file mode 100644 index aa456bf..0000000 --- a/stacks/edge/run.env.template +++ /dev/null @@ -1,34 +0,0 @@ -DOMAIN= -DOCUMENT_ROOT= - -PKM_HOST= -PKM_SUB= -PKM_PORT= - -SCM_HOST= -SCM_SUB= -SCM_PORT= - -PIM_HOST= -PIM_SUB= -PIM_PORT= - -TSS_HOST= -TSS_SUB= -TSS_PORT= - -IAM_HOST= -IAM_SUB= -IAM_PORT= - -IRM_HOST= -IRM_SUB= -IRM_PORT= - -NEWS_HOST= -NEWS_SUB= -NEWS_PORT= - -DBA_HOST= -DBA_SUB= -DBA_PORT= diff --git a/stacks/iam/.gitignore b/stacks/iam/.gitignore deleted file mode 100644 index 6b67a59..0000000 --- a/stacks/iam/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.env -config -secrets -compose.test.yml diff --git a/stacks/iam/compose.yml b/stacks/iam/compose.yml index 3e516ca..398302d 100644 --- a/stacks/iam/compose.yml +++ b/stacks/iam/compose.yml @@ -1,62 +1,55 @@ -name: ${STACK} - networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true - db-net: + db_net: name: ${DB_NET} external: true cache-net: volumes: - config: - name: ${IAM_CONFIG_VOLUME} - external: true + name: ${IAM_DATA} + external: true secrets: - JWT_SECRET: - file: './srv/secrets/auth/JWT_SECRET' - SESSION_SECRET: - file: './srv/secrets/auth/SESSION_SECRET' - STORAGE_ENCRYPTION: - file: './srv/secrets/auth/STORAGE_ENCRYPTION' - OIDC_HMAC_SECRET: - file: './srv/secrets/auth/OIDC_HMAC_SECRET' - POSTGRES_PASSWORD: - file: './srv/secrets/auth/POSTGRES_PASSWORD' + JWT: + file: '${ROOT}/secrets/iam/JWT' + SESSION: + file: '${ROOT}/secrets/iam/SESSION' + STORAGE: + file: '${ROOT}/secrets/iam/STORAGE' + OIDC_HMAC: + file: '${ROOT}/secrets/iam/OIDC_HMAC' + DB: + file: '${ROOT}/secrets/iam/DB' services: - auth-test: - container_name: ${IAM_CONTAINER} + iam: image: authelia/authelia:latest restart: unless-stopped - secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD'] + secrets: ['JWT', 'SESSION', 'STORAGE', 'OIDC_HMAC', 'POSTGRES'] environment: - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET' - AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET' - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION' - AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET' - AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD' + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT' + AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION' + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC' + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/DB' X_AUTHELIA_CONFIG_FILTERS: 'template' env_file: - - .run.env # Runtime Vars - .env # Stack Vars user: "${UID}:${GID}" volumes: - - config:/config - - ${CONFIG_FILE}:/config/configuration.yml - - ${USERS_FILE}:/config/users.yml - - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem - - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem + - ${CONFIG}/iam/configuration.yml:/config/configuration.yml + - ${CONFIG}/iam/users.yml:/config/users.yml + - ${SECRET}/iam/jwk/oidc-jwk.pem:/config/jwks/oidc-jwk.pem + - ${SECRET}/iam/jwk/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem networks: - - edge-net - - db-net - - cache-net + - edge_net + - db_net + - cache_net expose: - 9091 - auth-cache-test: - container_name: ${IAM_CACHE_CONTAINER} + iam-cache: image: redis:latest restart: unless-stopped env_file: diff --git a/stacks/iam/env.template b/stacks/iam/env.template deleted file mode 100644 index b6a023e..0000000 --- a/stacks/iam/env.template +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -STACK= - -# Containers -IAM_CONTAINER= -IAM_CACHE_CONTAINER= - -# Network -EDGE_NET= -DB_NET= - -# Volumes -IAM_CONFIG_VOLUME= diff --git a/stacks/iam/iam.env.template b/stacks/iam/iam.env.template deleted file mode 100644 index b5275ab..0000000 --- a/stacks/iam/iam.env.template +++ /dev/null @@ -1,12 +0,0 @@ -# -# -# Stack Runtime Variables - -# Authelia secrets -AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/JWT_SECRET -AUTHELIA_SESSION_SECRET_FILE=/run/secrets/SESSION_SECRET -AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/STORAGE_ENCRYPTION -AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/OIDC_HMAC_SECRET - -# Use Authelia's file filter in config. -X_AUTHELIA_CONFIG_FILTERS=template diff --git a/stacks/iam/util/gen-oidc-client.sh b/stacks/iam/util/gen-oidc-client.sh deleted file mode 100755 index ee6d79a..0000000 --- a/stacks/iam/util/gen-oidc-client.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -euo pipefail - -docker run --rm authelia/authelia:latest authelia crypto rand --length 72 --charset rfc3986 -docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 - -printf "\n" diff --git a/stacks/iam/util/gen-oidc-jwk.sh b/stacks/iam/util/gen-oidc-jwk.sh deleted file mode 100755 index 48747fb..0000000 --- a/stacks/iam/util/gen-oidc-jwk.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -euo pipefail - -openssl genrsa -out oidc-jwk.pem 2048 -openssl genrsa -in oidc-jwk.pem -outform PEM -pubout -out oidc-jwk-pub.pem diff --git a/stacks/iam/util/gen-secrets.sh b/stacks/iam/util/gen-secrets.sh deleted file mode 100755 index 8ebec55..0000000 --- a/stacks/iam/util/gen-secrets.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -USERS=(ADMIN) -SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET) -SECRET_DIR=$PWD/secrets - -[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR" - -# Generate secrets -for filename in "${SECRETS[@]}"; do - if [ ! -f "$SECRET_DIR"/"$filename" ]; then - openssl rand -hex 64 > "$SECRET_DIR"/"$filename" - fi -done - -# Generate admin password -for filename in "${USERS[@]}"; do - if [ ! -f "$SECRET_DIR"/"$filename" ]; then - openssl rand -hex 12 > "$SECRET_DIR"/"$filename" - fi -done diff --git a/stacks/iam/util/gen-user-passwd.sh b/stacks/iam/util/gen-user-passwd.sh deleted file mode 100755 index d8202ee..0000000 --- a/stacks/iam/util/gen-user-passwd.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -euo pipefail - -read -rp "Enter a password for the new user: " PASSWORD -HASHED=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "${PASSWORD}") - -printf "Password: %s\n" "${PASSWORD}" -printf "Hash: %s\n" "${HASHED}" diff --git a/stacks/irm/.gitignore b/stacks/irm/.gitignore deleted file mode 100644 index 13fed15..0000000 --- a/stacks/irm/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.env -data/ -compose.test.yml diff --git a/stacks/irm/compose.yml b/stacks/irm/compose.yml index 4ba9977..7531465 100644 --- a/stacks/irm/compose.yml +++ b/stacks/irm/compose.yml @@ -1,25 +1,23 @@ -name: ${STACK} # Explicitly name stacks (do not rely on directory name). - networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true # All networks SHOULD be external in production. - db-net: + db_net: name: ${DB_NET} external: true services: irm: - container_name: ${IRM_CONTAINER} # Name the containers explicitly. - image: ${IRM_IMAGE} + image: ghcr.io/linkwarden/linkwarden:latest restart: unless-stopped env_file: # NOTE: .compose.env WILL override .env if there are overlapping values. - - .run.env # Runtime ENV - - .env # Compose ENV + - ${ROOT}/stacks/.env # GLOBAL + - ${CONFIG}/env/irm.env + - ${SECRET}/env/irm.env # SECRETS networks: - - edge-net - - db-net + - edge_net + - db_net expose: - 3000 # Github Issue: https://github.com/linkwarden/linkwarden/issues/1153 diff --git a/stacks/irm/env.template b/stacks/irm/env.template deleted file mode 100644 index 2c032b8..0000000 --- a/stacks/irm/env.template +++ /dev/null @@ -1,20 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -STACK= - -# Networks -EDGE_NET= -DB_NET= - -# Containers -IRM_CONTAINER= - -# Images -IRM_IMAGE= - -# OIDC -OIDC_PROVIDER_URL= -PROXY_IP= diff --git a/stacks/irm/run.env.template b/stacks/irm/run.env.template deleted file mode 100644 index 0b05f6b..0000000 --- a/stacks/irm/run.env.template +++ /dev/null @@ -1,62 +0,0 @@ -# -# -# Stack Runtime Variables -NEXTAUTH_URL= -NEXTAUTH_SECRET= - -POSTGRES_USER= -POSTGRES_PASSWORD= - -DATABASE_URL= - -# Additional Optional Settings -PAGINATION_TAKE_COUNT= -STORAGE_FOLDER= -AUTOSCROLL_TIMEOUT= -NEXT_PUBLIC_DISABLE_REGISTRATION= -NEXT_PUBLIC_CREDENTIALS_ENABLED= -DISABLE_NEW_SSO_USERS= -MAX_LINKS_PER_USER= -ARCHIVE_TAKE_COUNT= -BROWSER_TIMEOUT= -IGNORE_UNAUTHORIZED_CA= -IGNORE_HTTPS_ERRORS= -IGNORE_URL_SIZE_LIMIT= -NEXT_PUBLIC_DEMO= -NEXT_PUBLIC_DEMO_USERNAME= -NEXT_PUBLIC_DEMO_PASSWORD= -NEXT_PUBLIC_ADMIN= -NEXT_PUBLIC_MAX_FILE_BUFFER= -PDF_MAX_BUFFER= -SCREENSHOT_MAX_BUFFER= -READABILITY_MAX_BUFFER= -PREVIEW_MAX_BUFFER= -MONOLITH_MAX_BUFFER= -MONOLITH_CUSTOM_OPTIONS= -IMPORT_LIMIT= -PLAYWRIGHT_LAUNCH_OPTIONS_EXECUTABLE_PATH= -PLAYWRIGHT_WS_URL= -MAX_WORKERS= -DISABLE_PRESERVATION= -NEXT_PUBLIC_RSS_POLLING_INTERVAL_MINUTES= -RSS_SUBSCRIPTION_LIMIT_PER_USER= -TEXT_CONTENT_LIMIT= -SEARCH_FILTER_LIMIT= -INDEX_TAKE_COUNT= -MEILI_TIMEOUT= - -# SMTP Settings -NEXT_PUBLIC_EMAIL_PROVIDER= -EMAIL_FROM= -EMAIL_SERVER= -BASE_URL= - -# PDF archive settings -PDF_MARGIN_TOP= -PDF_MARGIN_BOTTOM= - -# SSO settings -NEXT_PUBLIC_AUTHELIA_ENABLED= -AUTHELIA_CLIENT_ID= -AUTHELIA_CLIENT_SECRET= -AUTHELIA_WELLKNOWN_URL= diff --git a/stacks/news/.gitignore b/stacks/news/.gitignore deleted file mode 100644 index 01b11ab..0000000 --- a/stacks/news/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -*.env -data/ -db/ -extensions/ -certs/ -compose.test.yml -config.custom.php -config-user.custom.php diff --git a/stacks/news/compose.yml b/stacks/news/compose.yml index 65a7847..d5feb83 100644 --- a/stacks/news/compose.yml +++ b/stacks/news/compose.yml @@ -1,30 +1,29 @@ -## Template compose used for each stack. -name: ${STACK} # Explicit project name (do not rely on directory name) - networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true # All networks MUST be external in production. - db-net: + db_net: name: ${DB_NET} external: true services: - news-test: - container_name: ${NEWS_CONTAINER} # Explicitly name containers. + news: image: freshrss/freshrss:latest restart: unless-stopped + environment: + FRESHRSS_ENV: production + LISTEN: 0.0.0.0:80 + CRON_MIN: 2,32 env_file: - # NOTE: .compose.env WILL override .env if there are overlapping values. - - .run.env # Compose wiring defaults go here - - .env # Service env vars + - ${ROOT}/stacks/.env # GLOBAL + - ${ROOT}/secret/env/news.env networks: - - edge-net - - db-net + - edge_net + - db_net expose: - 80 extra_hosts: - - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" # This is required so the container can return the right uri after auth. + - "${OIDC_PROVIDER_URL}:${PROXY_IP}" # This is required so the container can return the right uri after auth. healthcheck: test: ["CMD", "cli/health.php"] timeout: 10s diff --git a/stacks/news/env.template b/stacks/news/env.template deleted file mode 100644 index 79e216b..0000000 --- a/stacks/news/env.template +++ /dev/null @@ -1,20 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -STACK= - -# Containers -NEWS_CONTAINER= - -# Network -EDGE_NET= -DB_NET= - -# Volumes -# TODO: Manage Volumes that may be necessary for FreshRSS. - -# OIDC -OIDC_PROVIDER_DOMAIN= -PROXY_IP= diff --git a/stacks/news/run.env.template b/stacks/news/run.env.template deleted file mode 100644 index 44bfcde..0000000 --- a/stacks/news/run.env.template +++ /dev/null @@ -1,32 +0,0 @@ -# -# -# Stack Runtime Variables - -# DB -POSTGRES_USER= -POSTGRES_PASSWORD= -DB_BASE= -DB_HOST= - -# GENERAL -TZ= -CRON_MIN=2,32 -FRESHRSS_ENV=production -LISTEN=0.0.0.0:80 -TRUSTED_PROXY= -ADMIN_EMAIL= -BASE_URL= -SERVER_DNS= - -# OIDC -OIDC_ENABLED=1 -OIDC_PROVIDER_METADATA_URL= -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_CLIENT_CRYPTO_KEY= -OIDC_REMOTE_USER_CLAIM= -OIDC_SCOPES= -OIDC_X_FORWARDED_HEADERS= -# OIDC_SESSION_INACTIVITY_TIMEOUT= -# OIDC_SESSION_MAX_DURATION= -# OIDC_SESSION_TYPE= diff --git a/stacks/pim/.gitignore b/stacks/pim/.gitignore deleted file mode 100644 index e6c78b8..0000000 --- a/stacks/pim/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# Ignore .env files -*.env -.database/ -.database/** -compose.test.yml diff --git a/stacks/pim/compose.yml b/stacks/pim/compose.yml index 8359e9c..2ef4d17 100644 --- a/stacks/pim/compose.yml +++ b/stacks/pim/compose.yml @@ -1,16 +1,13 @@ -name: ${STACK} - networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true - db-net: + db_net: name: ${DB_NET} external: true services: pim: - container_name: ${PIM_CONTAINER} image: ghcr.io/tchapi/davis-standalone:latest environment: ADMIN_AUTH_BYPASS: false @@ -20,7 +17,7 @@ services: - .run.env - .env networks: - - edge-net - - db-net + - edge_net + - db_net expose: - 9000 diff --git a/stacks/pim/env.template b/stacks/pim/env.template deleted file mode 100644 index d84f2b0..0000000 --- a/stacks/pim/env.template +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= -_CONTAINER_1= - -# Networks -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/pim/run.env.template b/stacks/pim/run.env.template deleted file mode 100644 index 6ef4bc3..0000000 --- a/stacks/pim/run.env.template +++ /dev/null @@ -1,63 +0,0 @@ -# -# -# DAViS Environment Variables - -# General settings -APP_ENV=prod # or dev -CALDAV_ENABLED=true -CARDDAV_ENABLED=true -WEBDAV_ENABLED=false -PUBLIC_CALENDARS_ENABLED=true -BIRTHDAY_REMINDER_OFFSET=PT9H -APP_TIMEZONE=America/New_York -LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log" - -# Database -POSTGRES_PASSWORD= -POSTGRES_DB= -POSTGRES_USER= -DATABASE_DRIVER=postgresql -DB_DATABASE=${POSTGRES_DB} -DB_USER=${POSTGRES_USER} -DB_PASSWORD=${POSTGRES_PASSWORD} -DATABASE_URL=${DATABASE_DRIVER}://${DB_USER}:${DB_PASSWORD}@${_DB_CONTAINER}:5432/${DB_DATABASE}?serverVersion=15&charset=UTF-8 - -# For the Davis admin interface -ADMIN_LOGIN=admin -ADMIN_PASSWORD=admin -ADMIN_AUTH_BYPASS=false - -# DAV auth settings -AUTH_METHOD=Basic # Basic or IMAP or LDAP - -# Basic HTTP auth settings -AUTH_REALM=SabreDAV - -# IMAP auth settings -# IMAP_AUTH_URL=imap.mydomain.com:993 -# IMAP_ENCRYPTION_METHOD=ssl -# IMAP_CERTIFICATE_VALIDATION=true -# IMAP_AUTH_USER_AUTOCREATE=false - -# LDAP auth settings -# LDAP_AUTH_URL=ldap://127.0.0.1:3890 -# LDAP_DN_PATTERN=uid=%u,ou=users,dc=domain,dc=com -# LDAP_MAIL_ATTRIBUTE=mail -# LDAP_AUTH_USER_AUTOCREATE=false -# LDAP_CERTIFICATE_CHECKING_STRATEGY=try # never, hard, demand, try, or allow - -# WebDAV settings -WEBDAV_TMP_DIR=/webdav/tmp -WEBDAV_PUBLIC_DIR=/webdav/public -WEBDAV_HOMES_DIR= - -# Mail settings -# INVITE_FROM_ADDRESS=no-reply@example.org -# MAIL_HOST=smtp.myprovider.com -# MAIL_PORT=587 -# MAIL_USERNAME=userdav -# MAIL_PASSWORD=test -# MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT} - -# Trust the immediate proxy for X-Forwarded-* headers including HTTPS detection -SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR diff --git a/stacks/pkm/.gitignore b/stacks/pkm/.gitignore deleted file mode 100644 index 360f7cc..0000000 --- a/stacks/pkm/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.env -space/ -compose.test.yml diff --git a/stacks/pkm/compose.yml b/stacks/pkm/compose.yml index 52546cc..c159031 100644 --- a/stacks/pkm/compose.yml +++ b/stacks/pkm/compose.yml @@ -1,7 +1,7 @@ name: ${STACK} networks: - edge-net: + edge_net: name: ${EDGE_NET} external: true @@ -16,10 +16,10 @@ services: image: ghcr.io/silverbulletmd/silverbullet restart: unless-stopped env_file: - - .run.env + - /srv/rdc/env/pkm.env - .env networks: - - edge-net + - edge_net expose: - 3000 volumes: diff --git a/stacks/pkm/env.template b/stacks/pkm/env.template deleted file mode 100644 index cceb8db..0000000 --- a/stacks/pkm/env.template +++ /dev/null @@ -1,15 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -STACK= - -# Containers -PKM_CONTAINER= - -# Networks -EDGE_NET= - -# Volumes -PIM_DATA_VOLUME= diff --git a/stacks/pkm/pkm.env.template b/stacks/pkm/pkm.env.template deleted file mode 100644 index c45f07a..0000000 --- a/stacks/pkm/pkm.env.template +++ /dev/null @@ -1,5 +0,0 @@ -# -# -# Stack Runtime Variables -SB_NAME= -SB_DESCRIPTION= diff --git a/stacks/scm/.env.template b/stacks/scm/.env.template deleted file mode 100644 index c461361..0000000 --- a/stacks/scm/.env.template +++ /dev/null @@ -1,18 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Networks -_NET_0= - -# Volumes -_CSS_FILE= -_CONFIG_FILE= -_GIT_ROOT= -_IMPORTS= diff --git a/stacks/scm/.gitignore b/stacks/scm/.gitignore deleted file mode 100644 index 4c28985..0000000 --- a/stacks/scm/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -# Ignore .env files -*.env -srv/ -srv/* -opt/ -opt/* -etc/ -etc/* -compose.test.yml diff --git a/stacks/scm/.run.template b/stacks/scm/.run.template deleted file mode 100644 index cd5eebc..0000000 --- a/stacks/scm/.run.template +++ /dev/null @@ -1,7 +0,0 @@ -# -# -# Stack Runtime Variables -HTTP_AUTH_USER= -HTTP_AUTH_PASSWORD= -GIT_HTTP_AUTH_USER= -GIT_HTTP_AUTH_PASSWORD= diff --git a/stacks/scm/compose.yml b/stacks/scm/compose.yml index b40dbaf..c1e4bb8 100644 --- a/stacks/scm/compose.yml +++ b/stacks/scm/compose.yml @@ -1,24 +1,19 @@ -name: ${_STACK_0} - networks: - net: - name: ${_NET_0} + edge_net: + name: ${EDGE_NET} external: true services: - cgit: - container_name: ${_CONTAINER_0} + scm: image: ratdad/cgit:latest - env_file: - - .run.env - - .env networks: - - net + - edge_net expose: - 80 volumes: - # TODO: Make these cgit-docker builtins. - - ${_CSS_FILE:-./opt/cgit.css}:/srv/www/htdocs/cgit/cgit.css - - ${_CONFIG_FILE:-./etc/cgitrc}:/etc/cgitrc - - ${_IMPORTS:-./opt/}:/opt - - ${_GIT_ROOT:-./srv/git/}:/srv/git # mount the directory you use for your git server + - ${SECRETS}/scm/cgit.css}:/srv/www/htdocs/cgit/cgit.css + - ${SECRETS}/scm/header.html:/opt/header.html + - ${SECRETS}/scm/footer.html:/opt/footer.html + - ${SECRETS}/scm/README.txt:/opt/README.txt + - ${SECRETS}/scm/cgitrc:/etc/cgitrc + - ${GIT_ROOT}:/srv/git diff --git a/stacks/tss/compose.yml b/stacks/tsk/compose.yml index cbaf2f0..e9b97ea 100644 --- a/stacks/tss/compose.yml +++ b/stacks/tsk/compose.yml @@ -1,5 +1,3 @@ -name: ${STACK} - networks: edge-net: name: ${EDGE_NET} @@ -9,16 +7,14 @@ networks: external: true services: - tss: - container_name: ${TSS_CONTAINER} + tsk: image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres:latest restart: unless-stopped environment: RUST_LOG: info - LISTEN: 0.0.0.0:8080 + LISTEN: 0.0.0.0:80 env_file: - - .run.env - - .env + - ${SECRET}/env/tsk.env networks: - edge-net - db-net diff --git a/stacks/tss/.gitignore b/stacks/tss/.gitignore deleted file mode 100644 index 13fed15..0000000 --- a/stacks/tss/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.env -data/ -compose.test.yml diff --git a/stacks/tss/env.template b/stacks/tss/env.template deleted file mode 100644 index 57ab20a..0000000 --- a/stacks/tss/env.template +++ /dev/null @@ -1,12 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -STACK= - -# Container - -# Network -EDGE_NET= -DB_NET= diff --git a/stacks/tss/run.env.template b/stacks/tss/run.env.template deleted file mode 100644 index 09f266a..0000000 --- a/stacks/tss/run.env.template +++ /dev/null @@ -1,11 +0,0 @@ -# -# -# Stack Runtime Variables - -CLIENT_ID= -DB_HOST= -DB_PORT -DB_USER= -DB_PASSWORD= -DB_BASE= -CONNECTION=postgresql://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_BASE |