From 2578d12ea47d10130472a845244e4aaac48897cb Mon Sep 17 00:00:00 2001 From: RATDAD Date: Fri, 6 Mar 2026 02:05:52 -0500 Subject: checkpoint: development state --- .gitignore | 2 +- stacks/cgit/.env.template | 18 ------------ stacks/cgit/.gitignore | 9 ------ stacks/cgit/.run.template | 7 ----- stacks/cgit/compose.yml | 24 ---------------- stacks/dav/.env.template | 17 ------------ stacks/dav/.gitignore | 5 ---- stacks/dav/.run.env.template | 63 ------------------------------------------ stacks/dav/compose.yml | 39 -------------------------- stacks/db/.gitignore | 2 +- stacks/db/compose.yml | 28 ++++++++++++------- stacks/db/env.example | 16 ----------- stacks/db/env.template | 17 ++++++++++++ stacks/db/run.env.example | 11 -------- stacks/db/run.env.template | 11 ++++++++ stacks/edge/.edge.env.template | 18 ------------ stacks/edge/.env.template | 14 ---------- stacks/edge/.gitignore | 2 +- stacks/edge/Caddyfile.template | 52 ++++++++++++++++++++++++---------- stacks/edge/compose.yml | 19 ++++++------- stacks/edge/env.template | 16 +++++++++++ stacks/edge/run.env.template | 34 +++++++++++++++++++++++ stacks/iam/.gitignore | 7 ++--- stacks/iam/TODO | 1 - stacks/iam/auth.env.example | 12 -------- stacks/iam/compose.yml | 63 +++++++++++++++++++++++++----------------- stacks/iam/env.example | 17 ------------ stacks/iam/env.template | 17 ++++++++++++ stacks/iam/iam.env.template | 12 ++++++++ stacks/iam/util/gen-secrets.sh | 4 +-- stacks/irm/compose.yml | 31 ++++----------------- stacks/irm/env.example | 17 ------------ stacks/irm/env.template | 20 ++++++++++++++ stacks/irm/run.env.example | 62 ----------------------------------------- stacks/irm/run.env.template | 62 +++++++++++++++++++++++++++++++++++++++++ stacks/news/.gitignore | 2 +- stacks/news/compose.yml | 42 +++++++--------------------- stacks/news/env.example | 25 ----------------- stacks/news/env.template | 20 ++++++++++++++ stacks/news/run.env.example | 34 ----------------------- stacks/news/run.env.template | 32 +++++++++++++++++++++ stacks/pim/.gitignore | 5 ++++ stacks/pim/compose.yml | 26 +++++++++++++++++ stacks/pim/env.template | 17 ++++++++++++ stacks/pim/run.env.template | 63 ++++++++++++++++++++++++++++++++++++++++++ stacks/pkm/.env.template | 15 ---------- stacks/pkm/.pkm.env.template | 6 ---- stacks/pkm/compose.yml | 12 ++++---- stacks/pkm/env.template | 15 ++++++++++ stacks/pkm/pkm.env.template | 5 ++++ stacks/scm/.env.template | 18 ++++++++++++ stacks/scm/.gitignore | 9 ++++++ stacks/scm/.run.template | 7 +++++ stacks/scm/compose.yml | 24 ++++++++++++++++ stacks/tss/.env.template | 15 ---------- stacks/tss/.run.env.template | 5 ---- stacks/tss/compose.yml | 20 +++++++------- stacks/tss/env.template | 12 ++++++++ stacks/tss/run.env.template | 11 ++++++++ 59 files changed, 596 insertions(+), 593 deletions(-) delete mode 100644 stacks/cgit/.env.template delete mode 100644 stacks/cgit/.gitignore delete mode 100644 stacks/cgit/.run.template delete mode 100644 stacks/cgit/compose.yml delete mode 100644 stacks/dav/.env.template delete mode 100644 stacks/dav/.gitignore delete mode 100644 stacks/dav/.run.env.template delete mode 100644 stacks/dav/compose.yml delete mode 100644 stacks/db/env.example create mode 100644 stacks/db/env.template delete mode 100644 stacks/db/run.env.example create mode 100644 stacks/db/run.env.template delete mode 100644 stacks/edge/.edge.env.template delete mode 100644 stacks/edge/.env.template create mode 100644 stacks/edge/env.template create mode 100644 stacks/edge/run.env.template delete mode 100644 stacks/iam/TODO delete mode 100644 stacks/iam/auth.env.example delete mode 100644 stacks/iam/env.example create mode 100644 stacks/iam/env.template create mode 100644 stacks/iam/iam.env.template delete mode 100644 stacks/irm/env.example create mode 100644 stacks/irm/env.template delete mode 100644 stacks/irm/run.env.example create mode 100644 stacks/irm/run.env.template delete mode 100644 stacks/news/env.example create mode 100644 stacks/news/env.template delete mode 100644 stacks/news/run.env.example create mode 100644 stacks/news/run.env.template create mode 100644 stacks/pim/.gitignore create mode 100644 stacks/pim/compose.yml create mode 100644 stacks/pim/env.template create mode 100644 stacks/pim/run.env.template delete mode 100644 stacks/pkm/.env.template delete mode 100644 stacks/pkm/.pkm.env.template create mode 100644 stacks/pkm/env.template create mode 100644 stacks/pkm/pkm.env.template create mode 100644 stacks/scm/.env.template create mode 100644 stacks/scm/.gitignore create mode 100644 stacks/scm/.run.template create mode 100644 stacks/scm/compose.yml delete mode 100644 stacks/tss/.env.template delete mode 100644 stacks/tss/.run.env.template create mode 100644 stacks/tss/env.template create mode 100644 stacks/tss/run.env.template diff --git a/.gitignore b/.gitignore index ea4ca75..9de1226 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ .editorconfig -srv/ +.vscode diff --git a/stacks/cgit/.env.template b/stacks/cgit/.env.template deleted file mode 100644 index c461361..0000000 --- a/stacks/cgit/.env.template +++ /dev/null @@ -1,18 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Networks -_NET_0= - -# Volumes -_CSS_FILE= -_CONFIG_FILE= -_GIT_ROOT= -_IMPORTS= diff --git a/stacks/cgit/.gitignore b/stacks/cgit/.gitignore deleted file mode 100644 index 4c28985..0000000 --- a/stacks/cgit/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -# Ignore .env files -*.env -srv/ -srv/* -opt/ -opt/* -etc/ -etc/* -compose.test.yml diff --git a/stacks/cgit/.run.template b/stacks/cgit/.run.template deleted file mode 100644 index cd5eebc..0000000 --- a/stacks/cgit/.run.template +++ /dev/null @@ -1,7 +0,0 @@ -# -# -# Stack Runtime Variables -HTTP_AUTH_USER= -HTTP_AUTH_PASSWORD= -GIT_HTTP_AUTH_USER= -GIT_HTTP_AUTH_PASSWORD= diff --git a/stacks/cgit/compose.yml b/stacks/cgit/compose.yml deleted file mode 100644 index b40dbaf..0000000 --- a/stacks/cgit/compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: ${_STACK_0} - -networks: - net: - name: ${_NET_0} - external: true - -services: - cgit: - container_name: ${_CONTAINER_0} - image: ratdad/cgit:latest - env_file: - - .run.env - - .env - networks: - - net - expose: - - 80 - volumes: - # TODO: Make these cgit-docker builtins. - - ${_CSS_FILE:-./opt/cgit.css}:/srv/www/htdocs/cgit/cgit.css - - ${_CONFIG_FILE:-./etc/cgitrc}:/etc/cgitrc - - ${_IMPORTS:-./opt/}:/opt - - ${_GIT_ROOT:-./srv/git/}:/srv/git # mount the directory you use for your git server diff --git a/stacks/dav/.env.template b/stacks/dav/.env.template deleted file mode 100644 index d84f2b0..0000000 --- a/stacks/dav/.env.template +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= -_CONTAINER_1= - -# Networks -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/dav/.gitignore b/stacks/dav/.gitignore deleted file mode 100644 index e6c78b8..0000000 --- a/stacks/dav/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# Ignore .env files -*.env -.database/ -.database/** -compose.test.yml diff --git a/stacks/dav/.run.env.template b/stacks/dav/.run.env.template deleted file mode 100644 index 6ef4bc3..0000000 --- a/stacks/dav/.run.env.template +++ /dev/null @@ -1,63 +0,0 @@ -# -# -# DAViS Environment Variables - -# General settings -APP_ENV=prod # or dev -CALDAV_ENABLED=true -CARDDAV_ENABLED=true -WEBDAV_ENABLED=false -PUBLIC_CALENDARS_ENABLED=true -BIRTHDAY_REMINDER_OFFSET=PT9H -APP_TIMEZONE=America/New_York -LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log" - -# Database -POSTGRES_PASSWORD= -POSTGRES_DB= -POSTGRES_USER= -DATABASE_DRIVER=postgresql -DB_DATABASE=${POSTGRES_DB} -DB_USER=${POSTGRES_USER} -DB_PASSWORD=${POSTGRES_PASSWORD} -DATABASE_URL=${DATABASE_DRIVER}://${DB_USER}:${DB_PASSWORD}@${_DB_CONTAINER}:5432/${DB_DATABASE}?serverVersion=15&charset=UTF-8 - -# For the Davis admin interface -ADMIN_LOGIN=admin -ADMIN_PASSWORD=admin -ADMIN_AUTH_BYPASS=false - -# DAV auth settings -AUTH_METHOD=Basic # Basic or IMAP or LDAP - -# Basic HTTP auth settings -AUTH_REALM=SabreDAV - -# IMAP auth settings -# IMAP_AUTH_URL=imap.mydomain.com:993 -# IMAP_ENCRYPTION_METHOD=ssl -# IMAP_CERTIFICATE_VALIDATION=true -# IMAP_AUTH_USER_AUTOCREATE=false - -# LDAP auth settings -# LDAP_AUTH_URL=ldap://127.0.0.1:3890 -# LDAP_DN_PATTERN=uid=%u,ou=users,dc=domain,dc=com -# LDAP_MAIL_ATTRIBUTE=mail -# LDAP_AUTH_USER_AUTOCREATE=false -# LDAP_CERTIFICATE_CHECKING_STRATEGY=try # never, hard, demand, try, or allow - -# WebDAV settings -WEBDAV_TMP_DIR=/webdav/tmp -WEBDAV_PUBLIC_DIR=/webdav/public -WEBDAV_HOMES_DIR= - -# Mail settings -# INVITE_FROM_ADDRESS=no-reply@example.org -# MAIL_HOST=smtp.myprovider.com -# MAIL_PORT=587 -# MAIL_USERNAME=userdav -# MAIL_PASSWORD=test -# MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT} - -# Trust the immediate proxy for X-Forwarded-* headers including HTTPS detection -SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR diff --git a/stacks/dav/compose.yml b/stacks/dav/compose.yml deleted file mode 100644 index 42d254f..0000000 --- a/stacks/dav/compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: ${_STACK_0} - -networks: - edge-net: - name: ${_NET_0} - external: true - db-net: - name: ${_NET_1} - -volumes: - dav-db: - name: ${_VOLUME_0} - external: true - -services: - dav: - container_name: ${_CONTAINER_0} - image: ghcr.io/tchapi/davis-standalone:latest - env_file: - - .run.env - - .env - networks: - - net - - intra - expose: - - 9000 - depends_on: - - db - dav-db: - container_name: ${_CONTAINER_1} # Required for now. - image: postgres:16 - networks: - - edge-net - - db-net - env_file: - - .run.env - - .env - volumes: - - dav-db:/var/lib/postgresql/data diff --git a/stacks/db/.gitignore b/stacks/db/.gitignore index 31c0c95..13fed15 100644 --- a/stacks/db/.gitignore +++ b/stacks/db/.gitignore @@ -1,3 +1,3 @@ *.env -password +data/ compose.test.yml diff --git a/stacks/db/compose.yml b/stacks/db/compose.yml index b7227d1..9a44712 100644 --- a/stacks/db/compose.yml +++ b/stacks/db/compose.yml @@ -1,28 +1,35 @@ -name: ${_STACK_0} +name: ${STACK} networks: - db-net: - name: ${_NET_0} - external: true edge-net: - name: ${_NET_1} + name: ${EDGE_NET} + external: true + db-net: + name: ${DB_NET} external: true volumes: db-data: - name: ${_VOLUME_0} + name: ${DB_VOLUME} external: true +secrets: + DB_PASSWORD: + file: '/srv/secrets/DB_PASSWORD' + services: - db-test: - container_name: ${_CONTAINER_0} + db: + container_name: ${DB_CONTAINER} image: postgres:16 restart: unless-stopped + environment: + POSTGRES_USER: 'admin' env_file: - .run.env # Runtime ENV - .env # Compose ENV + user: '${UID}:${GID}' volumes: - - db-data:/var/lib/postgresql/data + - ./data/:/var/lib/postgresql/data networks: - db-net expose: @@ -32,9 +39,10 @@ services: interval: 5s retries: 5 db-admin: - container_name: ${_CONTAINER_1} + container_name: ${DBA_CONTAINER} image: adminer:latest env_file: + - .run.env - .env depends_on: - db-test diff --git a/stacks/db/env.example b/stacks/db/env.example deleted file mode 100644 index 05092c2..0000000 --- a/stacks/db/env.example +++ /dev/null @@ -1,16 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Network -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/db/env.template b/stacks/db/env.template new file mode 100644 index 0000000..cad7ccb --- /dev/null +++ b/stacks/db/env.template @@ -0,0 +1,17 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Containers +DB_CONTAINER= +DBA_CONTAINER= + +# Networks +EDGE_NET= +DB_NET= + +# Volumes +DB_CONTAINER= diff --git a/stacks/db/run.env.example b/stacks/db/run.env.example deleted file mode 100644 index b7371f5..0000000 --- a/stacks/db/run.env.example +++ /dev/null @@ -1,11 +0,0 @@ -# -# -# Stack Runtime Variables - -# PostgreSQL -POSTGRES_USER= -POSTGRES_PASSWORD= - -# Adminer -ADMINER_DEFAULT_SERVER= -ADMINER_DESIGN=mancave diff --git a/stacks/db/run.env.template b/stacks/db/run.env.template new file mode 100644 index 0000000..b5f8727 --- /dev/null +++ b/stacks/db/run.env.template @@ -0,0 +1,11 @@ +# +# +# Stack Runtime Variables + +# PostgreSQL +POSTGRES_USER= +POSTGRES_PASSWORD= + +# Adminer +ADMINER_DEFAULT_SERVER= +ADMINER_DESIGN=galkaev diff --git a/stacks/edge/.edge.env.template b/stacks/edge/.edge.env.template deleted file mode 100644 index 737f239..0000000 --- a/stacks/edge/.edge.env.template +++ /dev/null @@ -1,18 +0,0 @@ -DOMAIN= -DOCUMENT_ROOT= - -SERVICE0= -SERVICE0_SUB= -SERVICE0_PORT= - -SERVICE1= -SERVICE1_SUB= -SERVICE1_PORT= - -SERVICE2= -SERVICE2_SUB= -SERVICE2_PORT= - -SERVICE3= -SERVICE3_SUB= -SERVICE3_PORT= diff --git a/stacks/edge/.env.template b/stacks/edge/.env.template deleted file mode 100644 index 0dc0292..0000000 --- a/stacks/edge/.env.template +++ /dev/null @@ -1,14 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -_STACK= -_CONTAINER= - -# Network -_NET= - -# Volumes -_CADDYFILE= -_WEBROOT= diff --git a/stacks/edge/.gitignore b/stacks/edge/.gitignore index 4d2bac6..14be0dc 100644 --- a/stacks/edge/.gitignore +++ b/stacks/edge/.gitignore @@ -1,5 +1,5 @@ # Ignore .env files *.env -.srv/ +srv/ Caddyfile compose.test.yml diff --git a/stacks/edge/Caddyfile.template b/stacks/edge/Caddyfile.template index 85ca962..03dadf8 100644 --- a/stacks/edge/Caddyfile.template +++ b/stacks/edge/Caddyfile.template @@ -1,29 +1,53 @@ -# { -# debug -# auto_https off -# } - -# NOTE: EDIT THIS FILE EXPLICITLY. DO NOT AUTOMATE. +# +# +# Reverse Proxy Configuration {$DOMAIN}:80 { + redir https://{$DOMAIN}{uri} 302 +} + +{$DOMAIN} { + root * {$DOCUMENT_ROOT} encode try_files {path} index.html file_server } -{$SERVICE0_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE0}:{$SERVICE0_PORT} +{$PKM_SUB}.{$DOMAIN} { + reverse_proxy {$PKM_HOST}:{$PKM_PORT} +} + +{$SCM_SUB}.{$DOMAIN} { + reverse_proxy {$SCM_HOST}:{$SCM_PORT} +} + +{$PIM_SUB}.{$DOMAIN} { + + reverse_proxy {$PIM_HOST}:{$PIM_PORT} +} + +{$TSS_SUB}.{$DOMAIN} { + + reverse_proxy {$TSS_HOST}:{$TSS_PORT} } -{$SERVICE1_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE1}:{$SERVICE1_PORT} +{$IAM_SUB}.{$DOMAIN} { + + reverse_proxy {$IAM_HOST}:{$IAM_PORT} } -{$SERVICE2_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE2}:{$SERVICE2_PORT} +{$IRM_SUB}.{$DOMAIN} { + + reverse_proxy {$IRM_HOST}:{$IRM_PORT} } -{$SERVICE3_SUB}.{$DOMAIN} { - reverse_proxy {$SERVICE3}:{$SERVICE3_PORT} +{$NEWS_SUB}.{$DOMAIN} { + + reverse_proxy {$NEWS_HOST}:{$NEWS_PORT} +} + +{$DBA_SUB}.{$DOMAIN} { + + reverse_proxy {$DBA_HOST}:{$DBA_PORT} } diff --git a/stacks/edge/compose.yml b/stacks/edge/compose.yml index 7e88c95..d8c86fa 100644 --- a/stacks/edge/compose.yml +++ b/stacks/edge/compose.yml @@ -1,27 +1,26 @@ -name: ${_STACK_0} +name: ${STACK} networks: - edge-net: - name: ${_NET_0} + net: + name: ${EDGE_NET} external: true services: - edge: - container_name: ${_CONTAINER_0} + edge-test: + container_name: ${EDGE_CONTAINER} image: caddy:latest restart: unless-stopped env_file: - .run.env - .env networks: - - edge-net + - net cap_add: - - NET_ADMIN # Allow Caddy to redefine memory limits based on host spec. + - NET_ADMIN ports: - 80:80 - 443:443 - 443:443/udp volumes: - - ${_CADDYFILE:-./Caddyfile}:/etc/caddy/Caddyfile - - ${_WEBROOT:-.srv/}:/srv - - /var/log/http/:/var/log/http # Fail2Ban needs this. + - ${CADDYFILE}:/etc/caddy/Caddyfile + - ${WEBROOT}/:/srv diff --git a/stacks/edge/env.template b/stacks/edge/env.template new file mode 100644 index 0000000..b43dec1 --- /dev/null +++ b/stacks/edge/env.template @@ -0,0 +1,16 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Containers +EDGE_CONTAINER= + +# Networks +EDGE_NET= + +# Volumes +CADDYFILE= +WEBROOT= diff --git a/stacks/edge/run.env.template b/stacks/edge/run.env.template new file mode 100644 index 0000000..aa456bf --- /dev/null +++ b/stacks/edge/run.env.template @@ -0,0 +1,34 @@ +DOMAIN= +DOCUMENT_ROOT= + +PKM_HOST= +PKM_SUB= +PKM_PORT= + +SCM_HOST= +SCM_SUB= +SCM_PORT= + +PIM_HOST= +PIM_SUB= +PIM_PORT= + +TSS_HOST= +TSS_SUB= +TSS_PORT= + +IAM_HOST= +IAM_SUB= +IAM_PORT= + +IRM_HOST= +IRM_SUB= +IRM_PORT= + +NEWS_HOST= +NEWS_SUB= +NEWS_PORT= + +DBA_HOST= +DBA_SUB= +DBA_PORT= diff --git a/stacks/iam/.gitignore b/stacks/iam/.gitignore index 4dfeb35..6b67a59 100644 --- a/stacks/iam/.gitignore +++ b/stacks/iam/.gitignore @@ -1,7 +1,4 @@ *.env -config/ -config/* -secrets/ -secrets/* +config +secrets compose.test.yml -compose.cache.test.yml diff --git a/stacks/iam/TODO b/stacks/iam/TODO deleted file mode 100644 index dba0e14..0000000 --- a/stacks/iam/TODO +++ /dev/null @@ -1 +0,0 @@ -1. Make a script to initialize Authelia with an admin user and streamline prod setup. diff --git a/stacks/iam/auth.env.example b/stacks/iam/auth.env.example deleted file mode 100644 index b5275ab..0000000 --- a/stacks/iam/auth.env.example +++ /dev/null @@ -1,12 +0,0 @@ -# -# -# Stack Runtime Variables - -# Authelia secrets -AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/JWT_SECRET -AUTHELIA_SESSION_SECRET_FILE=/run/secrets/SESSION_SECRET -AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/STORAGE_ENCRYPTION -AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/OIDC_HMAC_SECRET - -# Use Authelia's file filter in config. -X_AUTHELIA_CONFIG_FILTERS=template diff --git a/stacks/iam/compose.yml b/stacks/iam/compose.yml index af25bb9..3e516ca 100644 --- a/stacks/iam/compose.yml +++ b/stacks/iam/compose.yml @@ -1,54 +1,67 @@ -name: ${_STACK_0} +name: ${STACK} networks: - net_0: - name: ${_NET_0} + edge-net: + name: ${EDGE_NET} external: true - net_1: - name: ${_NET_1} + db-net: + name: ${DB_NET} + external: true + cache-net: volumes: - volume_0: - name: ${_VOLUME_0} + config: + name: ${IAM_CONFIG_VOLUME} external: true secrets: JWT_SECRET: - file: '/srv/secrets/auth/JWT_SECRET' + file: './srv/secrets/auth/JWT_SECRET' SESSION_SECRET: - file: '/srv/secrets/auth/SESSION_SECRET' + file: './srv/secrets/auth/SESSION_SECRET' STORAGE_ENCRYPTION: - file: '/srv/secrets/auth/STORAGE_ENCRYPTION' + file: './srv/secrets/auth/STORAGE_ENCRYPTION' OIDC_HMAC_SECRET: - file: '/srv/secrets/auth/OIDC_HMAC_SECRET' + file: './srv/secrets/auth/OIDC_HMAC_SECRET' + POSTGRES_PASSWORD: + file: './srv/secrets/auth/POSTGRES_PASSWORD' services: - auth: - container_name: ${_CONTAINER_0} + auth-test: + container_name: ${IAM_CONTAINER} image: authelia/authelia:latest restart: unless-stopped - secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET'] + secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD'] + environment: + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET' + AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET' + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET' + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD' + X_AUTHELIA_CONFIG_FILTERS: 'template' env_file: - - .auth.env # Runtime Vars + - .run.env # Runtime Vars - .env # Stack Vars + user: "${UID}:${GID}" volumes: - - volume_0:/config/db - - /srv/secrets/auth/configuration.yml:/config/configuration.yml - - /srv/secrets/auth/users.yml:/config/users.yml - - /srv/secrets/auth/jwks/oidc-jwk.pem:/config/jwks/oidc-jwk.pem - - /srv/secrets/auth/jwks/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem + - config:/config + - ${CONFIG_FILE}:/config/configuration.yml + - ${USERS_FILE}:/config/users.yml + - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem + - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem networks: - - net_0 - - net_1 + - edge-net + - db-net + - cache-net expose: - 9091 - auth-cache: - container_name: ${_CONTAINER_1} + auth-cache-test: + container_name: ${IAM_CACHE_CONTAINER} image: redis:latest restart: unless-stopped env_file: - .env networks: - - net_1 + - cache-net expose: - 6379 diff --git a/stacks/iam/env.example b/stacks/iam/env.example deleted file mode 100644 index 913a774..0000000 --- a/stacks/iam/env.example +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespace -_STACK_0= - -# Containers -_CONTAINER_0= -_CONTAINER_1= - -# Network -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= diff --git a/stacks/iam/env.template b/stacks/iam/env.template new file mode 100644 index 0000000..b6a023e --- /dev/null +++ b/stacks/iam/env.template @@ -0,0 +1,17 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Containers +IAM_CONTAINER= +IAM_CACHE_CONTAINER= + +# Network +EDGE_NET= +DB_NET= + +# Volumes +IAM_CONFIG_VOLUME= diff --git a/stacks/iam/iam.env.template b/stacks/iam/iam.env.template new file mode 100644 index 0000000..b5275ab --- /dev/null +++ b/stacks/iam/iam.env.template @@ -0,0 +1,12 @@ +# +# +# Stack Runtime Variables + +# Authelia secrets +AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/JWT_SECRET +AUTHELIA_SESSION_SECRET_FILE=/run/secrets/SESSION_SECRET +AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/STORAGE_ENCRYPTION +AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/OIDC_HMAC_SECRET + +# Use Authelia's file filter in config. +X_AUTHELIA_CONFIG_FILTERS=template diff --git a/stacks/iam/util/gen-secrets.sh b/stacks/iam/util/gen-secrets.sh index 832f5d8..8ebec55 100755 --- a/stacks/iam/util/gen-secrets.sh +++ b/stacks/iam/util/gen-secrets.sh @@ -1,6 +1,6 @@ #!/bin/bash -USERS=(RATDAD) +USERS=(ADMIN) SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET) SECRET_DIR=$PWD/secrets @@ -13,7 +13,7 @@ for filename in "${SECRETS[@]}"; do fi done -# Generate admin passwords +# Generate admin password for filename in "${USERS[@]}"; do if [ ! -f "$SECRET_DIR"/"$filename" ]; then openssl rand -hex 12 > "$SECRET_DIR"/"$filename" diff --git a/stacks/irm/compose.yml b/stacks/irm/compose.yml index 0e97160..4ba9977 100644 --- a/stacks/irm/compose.yml +++ b/stacks/irm/compose.yml @@ -1,21 +1,17 @@ -name: ${_STACK_0} # Explicitly name stacks (do not rely on directory name). +name: ${STACK} # Explicitly name stacks (do not rely on directory name). networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true # All networks SHOULD be external in production. db-net: - name: ${_NET_1} - -volumes: - irm-db: - name: ${_VOLUME_0} - external: true # All volumes SHOULD be external in production. + name: ${DB_NET} + external: true services: irm: - container_name: ${_CONTAINER_0} # Name the containers explicitly. - image: ghcr.io/linkwarden/linkwarden:latest + container_name: ${IRM_CONTAINER} # Name the containers explicitly. + image: ${IRM_IMAGE} restart: unless-stopped env_file: # NOTE: .compose.env WILL override .env if there are overlapping values. @@ -29,18 +25,3 @@ services: # Github Issue: https://github.com/linkwarden/linkwarden/issues/1153 extra_hosts: - "${OIDC_PROVIDER_URL}:${PROXY_IP}" - depends_on: - - irm-db - irm-db: - container_name: ${_CONTAINER_1} # Name the containers explicitly. - image: postgres:16 - restart: unless-stopped - env_file: - - .run.env - - .env - volumes: - - irm-db:/var/lib/postgresql/data - networks: - - db-net - expose: - - 5432 diff --git a/stacks/irm/env.example b/stacks/irm/env.example deleted file mode 100644 index b39f698..0000000 --- a/stacks/irm/env.example +++ /dev/null @@ -1,17 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Networks -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= - -# OIDC Provider -OIDC_PROVIDER_URL= -PROXY_IP= diff --git a/stacks/irm/env.template b/stacks/irm/env.template new file mode 100644 index 0000000..2c032b8 --- /dev/null +++ b/stacks/irm/env.template @@ -0,0 +1,20 @@ +# +# +# Stack Compose Variables + +# Namespaces +STACK= + +# Networks +EDGE_NET= +DB_NET= + +# Containers +IRM_CONTAINER= + +# Images +IRM_IMAGE= + +# OIDC +OIDC_PROVIDER_URL= +PROXY_IP= diff --git a/stacks/irm/run.env.example b/stacks/irm/run.env.example deleted file mode 100644 index 0b05f6b..0000000 --- a/stacks/irm/run.env.example +++ /dev/null @@ -1,62 +0,0 @@ -# -# -# Stack Runtime Variables -NEXTAUTH_URL= -NEXTAUTH_SECRET= - -POSTGRES_USER= -POSTGRES_PASSWORD= - -DATABASE_URL= - -# Additional Optional Settings -PAGINATION_TAKE_COUNT= -STORAGE_FOLDER= -AUTOSCROLL_TIMEOUT= -NEXT_PUBLIC_DISABLE_REGISTRATION= -NEXT_PUBLIC_CREDENTIALS_ENABLED= -DISABLE_NEW_SSO_USERS= -MAX_LINKS_PER_USER= -ARCHIVE_TAKE_COUNT= -BROWSER_TIMEOUT= -IGNORE_UNAUTHORIZED_CA= -IGNORE_HTTPS_ERRORS= -IGNORE_URL_SIZE_LIMIT= -NEXT_PUBLIC_DEMO= -NEXT_PUBLIC_DEMO_USERNAME= -NEXT_PUBLIC_DEMO_PASSWORD= -NEXT_PUBLIC_ADMIN= -NEXT_PUBLIC_MAX_FILE_BUFFER= -PDF_MAX_BUFFER= -SCREENSHOT_MAX_BUFFER= -READABILITY_MAX_BUFFER= -PREVIEW_MAX_BUFFER= -MONOLITH_MAX_BUFFER= -MONOLITH_CUSTOM_OPTIONS= -IMPORT_LIMIT= -PLAYWRIGHT_LAUNCH_OPTIONS_EXECUTABLE_PATH= -PLAYWRIGHT_WS_URL= -MAX_WORKERS= -DISABLE_PRESERVATION= -NEXT_PUBLIC_RSS_POLLING_INTERVAL_MINUTES= -RSS_SUBSCRIPTION_LIMIT_PER_USER= -TEXT_CONTENT_LIMIT= -SEARCH_FILTER_LIMIT= -INDEX_TAKE_COUNT= -MEILI_TIMEOUT= - -# SMTP Settings -NEXT_PUBLIC_EMAIL_PROVIDER= -EMAIL_FROM= -EMAIL_SERVER= -BASE_URL= - -# PDF archive settings -PDF_MARGIN_TOP= -PDF_MARGIN_BOTTOM= - -# SSO settings -NEXT_PUBLIC_AUTHELIA_ENABLED= -AUTHELIA_CLIENT_ID= -AUTHELIA_CLIENT_SECRET= -AUTHELIA_WELLKNOWN_URL= diff --git a/stacks/irm/run.env.template b/stacks/irm/run.env.template new file mode 100644 index 0000000..0b05f6b --- /dev/null +++ b/stacks/irm/run.env.template @@ -0,0 +1,62 @@ +# +# +# Stack Runtime Variables +NEXTAUTH_URL= +NEXTAUTH_SECRET= + +POSTGRES_USER= +POSTGRES_PASSWORD= + +DATABASE_URL= + +# Additional Optional Settings +PAGINATION_TAKE_COUNT= +STORAGE_FOLDER= +AUTOSCROLL_TIMEOUT= +NEXT_PUBLIC_DISABLE_REGISTRATION= +NEXT_PUBLIC_CREDENTIALS_ENABLED= +DISABLE_NEW_SSO_USERS= +MAX_LINKS_PER_USER= +ARCHIVE_TAKE_COUNT= +BROWSER_TIMEOUT= +IGNORE_UNAUTHORIZED_CA= +IGNORE_HTTPS_ERRORS= +IGNORE_URL_SIZE_LIMIT= +NEXT_PUBLIC_DEMO= +NEXT_PUBLIC_DEMO_USERNAME= +NEXT_PUBLIC_DEMO_PASSWORD= +NEXT_PUBLIC_ADMIN= +NEXT_PUBLIC_MAX_FILE_BUFFER= +PDF_MAX_BUFFER= +SCREENSHOT_MAX_BUFFER= +READABILITY_MAX_BUFFER= +PREVIEW_MAX_BUFFER= +MONOLITH_MAX_BUFFER= +MONOLITH_CUSTOM_OPTIONS= +IMPORT_LIMIT= +PLAYWRIGHT_LAUNCH_OPTIONS_EXECUTABLE_PATH= +PLAYWRIGHT_WS_URL= +MAX_WORKERS= +DISABLE_PRESERVATION= +NEXT_PUBLIC_RSS_POLLING_INTERVAL_MINUTES= +RSS_SUBSCRIPTION_LIMIT_PER_USER= +TEXT_CONTENT_LIMIT= +SEARCH_FILTER_LIMIT= +INDEX_TAKE_COUNT= +MEILI_TIMEOUT= + +# SMTP Settings +NEXT_PUBLIC_EMAIL_PROVIDER= +EMAIL_FROM= +EMAIL_SERVER= +BASE_URL= + +# PDF archive settings +PDF_MARGIN_TOP= +PDF_MARGIN_BOTTOM= + +# SSO settings +NEXT_PUBLIC_AUTHELIA_ENABLED= +AUTHELIA_CLIENT_ID= +AUTHELIA_CLIENT_SECRET= +AUTHELIA_WELLKNOWN_URL= diff --git a/stacks/news/.gitignore b/stacks/news/.gitignore index c581994..01b11ab 100644 --- a/stacks/news/.gitignore +++ b/stacks/news/.gitignore @@ -5,4 +5,4 @@ extensions/ certs/ compose.test.yml config.custom.php - +config-user.custom.php diff --git a/stacks/news/compose.yml b/stacks/news/compose.yml index e9963f5..65a7847 100644 --- a/stacks/news/compose.yml +++ b/stacks/news/compose.yml @@ -1,39 +1,30 @@ ## Template compose used for each stack. -name: ${_STACK_0} # Explicit project name (do not rely on directory name) +name: ${STACK} # Explicit project name (do not rely on directory name) networks: edge-net: - name: ${_NET_0} - external: true # All networks SHOULD be external in production. + name: ${EDGE_NET} + external: true # All networks MUST be external in production. db-net: - name: ${_NET_1} - -volumes: - rss-data: - name: ${VOLUME_0} + name: ${DB_NET} external: true - rss-db: - name: ${_VOLUME_1} - external: true # All volumes SHOULD be external in production. services: - rss: - container_name: ${_CONTAINER_0} # Name the containers explicitly. + news-test: + container_name: ${NEWS_CONTAINER} # Explicitly name containers. image: freshrss/freshrss:latest restart: unless-stopped env_file: # NOTE: .compose.env WILL override .env if there are overlapping values. - - .run.env # Runtime ENV - - .env # Compose ENV - volumes: - - rss-data:/var/www/FreshRSS/data - extra_hosts: - - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" + - .run.env # Compose wiring defaults go here + - .env # Service env vars networks: - edge-net - db-net expose: - 80 + extra_hosts: + - "${OIDC_PROVIDER_DOMAIN}:${PROXY_IP}" # This is required so the container can return the right uri after auth. healthcheck: test: ["CMD", "cli/health.php"] timeout: 10s @@ -41,16 +32,3 @@ services: start_interval: 11s interval: 75s retries: 3 - rss-db: - container_name: ${_CONTAINER_1} # Name the containers explicitly. - image: postgres:18 - restart: unless-stopped - env_file: - - run.env # Runtime ENV - - .env # Compose ENV - volumes: - - rss-db:/var/lib/postgresql - networks: - - db-net - expose: - - 5432 diff --git a/stacks/news/env.example b/stacks/news/env.example deleted file mode 100644 index 7781c65..0000000 --- a/stacks/news/env.example +++ /dev/null @@ -1,25 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= -_CONTAINER_1= - -# Network -_NET_0= -_NET_1= - -# Volumes -_VOLUME_0= -_VOLUME_1= - -# UID/GID -UID= -GID= - -OIDC_PROVIDER_DOMAIN= -PROXY_IP= diff --git a/stacks/news/env.template b/stacks/news/env.template new file mode 100644 index 0000000..79e216b --- /dev/null +++ b/stacks/news/env.template @@ -0,0 +1,20 @@ +# +# +# Stack Compose Variables + +# Namespaces +STACK= + +# Containers +NEWS_CONTAINER= + +# Network +EDGE_NET= +DB_NET= + +# Volumes +# TODO: Manage Volumes that may be necessary for FreshRSS. + +# OIDC +OIDC_PROVIDER_DOMAIN= +PROXY_IP= diff --git a/stacks/news/run.env.example b/stacks/news/run.env.example deleted file mode 100644 index 6ccba27..0000000 --- a/stacks/news/run.env.example +++ /dev/null @@ -1,34 +0,0 @@ -# -# -# Stack Runtime Variables -ADMIN_EMAIL= - -# General Settings -# Formatted -BASE_URL=https://sub.main.tld/subdir(?) -SERVER_DNS= -TZ= -CRON_MIN=2,32 -FRESHRSS_ENV=production -LISTEN=0.0.0.0:80 -# Put the reverse proxy's docker ip range here--v -TRUSTED_PROXY= - -# Database -POSTGRES_USER= -POSTGRES_PASSWORD= -# Put the name of the docker container for the database here--v -DB_HOST= - -# OIDC Provider -OIDC_ENABLED=0 -OIDC_PROVIDER_METADATA_URL= -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_CLIENT_CRYPTO_KEY= -OIDC_REMOTE_USER_CLAIM=preferred_username -OIDC_SCOPES=openid groups email profile -OIDC_X_FORWARDED_HEADERS=X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto -# OIDC_SESSION_INACTIVITY_TIMEOUT= -# OIDC_SESSION_MAX_DURATION= -# OIDC_SESSION_TYPE= diff --git a/stacks/news/run.env.template b/stacks/news/run.env.template new file mode 100644 index 0000000..44bfcde --- /dev/null +++ b/stacks/news/run.env.template @@ -0,0 +1,32 @@ +# +# +# Stack Runtime Variables + +# DB +POSTGRES_USER= +POSTGRES_PASSWORD= +DB_BASE= +DB_HOST= + +# GENERAL +TZ= +CRON_MIN=2,32 +FRESHRSS_ENV=production +LISTEN=0.0.0.0:80 +TRUSTED_PROXY= +ADMIN_EMAIL= +BASE_URL= +SERVER_DNS= + +# OIDC +OIDC_ENABLED=1 +OIDC_PROVIDER_METADATA_URL= +OIDC_CLIENT_ID= +OIDC_CLIENT_SECRET= +OIDC_CLIENT_CRYPTO_KEY= +OIDC_REMOTE_USER_CLAIM= +OIDC_SCOPES= +OIDC_X_FORWARDED_HEADERS= +# OIDC_SESSION_INACTIVITY_TIMEOUT= +# OIDC_SESSION_MAX_DURATION= +# OIDC_SESSION_TYPE= diff --git a/stacks/pim/.gitignore b/stacks/pim/.gitignore new file mode 100644 index 0000000..e6c78b8 --- /dev/null +++ b/stacks/pim/.gitignore @@ -0,0 +1,5 @@ +# Ignore .env files +*.env +.database/ +.database/** +compose.test.yml diff --git a/stacks/pim/compose.yml b/stacks/pim/compose.yml new file mode 100644 index 0000000..8359e9c --- /dev/null +++ b/stacks/pim/compose.yml @@ -0,0 +1,26 @@ +name: ${STACK} + +networks: + edge-net: + name: ${EDGE_NET} + external: true + db-net: + name: ${DB_NET} + external: true + +services: + pim: + container_name: ${PIM_CONTAINER} + image: ghcr.io/tchapi/davis-standalone:latest + environment: + ADMIN_AUTH_BYPASS: false + AUTH_METHOD: Basic + AUTH_REALM: SabreDAV + env_file: + - .run.env + - .env + networks: + - edge-net + - db-net + expose: + - 9000 diff --git a/stacks/pim/env.template b/stacks/pim/env.template new file mode 100644 index 0000000..d84f2b0 --- /dev/null +++ b/stacks/pim/env.template @@ -0,0 +1,17 @@ +# +# +# Stack Compose Variables + +# Namespaces +_STACK_0= + +# Containers +_CONTAINER_0= +_CONTAINER_1= + +# Networks +_NET_0= +_NET_1= + +# Volumes +_VOLUME_0= diff --git a/stacks/pim/run.env.template b/stacks/pim/run.env.template new file mode 100644 index 0000000..6ef4bc3 --- /dev/null +++ b/stacks/pim/run.env.template @@ -0,0 +1,63 @@ +# +# +# DAViS Environment Variables + +# General settings +APP_ENV=prod # or dev +CALDAV_ENABLED=true +CARDDAV_ENABLED=true +WEBDAV_ENABLED=false +PUBLIC_CALENDARS_ENABLED=true +BIRTHDAY_REMINDER_OFFSET=PT9H +APP_TIMEZONE=America/New_York +LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log" + +# Database +POSTGRES_PASSWORD= +POSTGRES_DB= +POSTGRES_USER= +DATABASE_DRIVER=postgresql +DB_DATABASE=${POSTGRES_DB} +DB_USER=${POSTGRES_USER} +DB_PASSWORD=${POSTGRES_PASSWORD} +DATABASE_URL=${DATABASE_DRIVER}://${DB_USER}:${DB_PASSWORD}@${_DB_CONTAINER}:5432/${DB_DATABASE}?serverVersion=15&charset=UTF-8 + +# For the Davis admin interface +ADMIN_LOGIN=admin +ADMIN_PASSWORD=admin +ADMIN_AUTH_BYPASS=false + +# DAV auth settings +AUTH_METHOD=Basic # Basic or IMAP or LDAP + +# Basic HTTP auth settings +AUTH_REALM=SabreDAV + +# IMAP auth settings +# IMAP_AUTH_URL=imap.mydomain.com:993 +# IMAP_ENCRYPTION_METHOD=ssl +# IMAP_CERTIFICATE_VALIDATION=true +# IMAP_AUTH_USER_AUTOCREATE=false + +# LDAP auth settings +# LDAP_AUTH_URL=ldap://127.0.0.1:3890 +# LDAP_DN_PATTERN=uid=%u,ou=users,dc=domain,dc=com +# LDAP_MAIL_ATTRIBUTE=mail +# LDAP_AUTH_USER_AUTOCREATE=false +# LDAP_CERTIFICATE_CHECKING_STRATEGY=try # never, hard, demand, try, or allow + +# WebDAV settings +WEBDAV_TMP_DIR=/webdav/tmp +WEBDAV_PUBLIC_DIR=/webdav/public +WEBDAV_HOMES_DIR= + +# Mail settings +# INVITE_FROM_ADDRESS=no-reply@example.org +# MAIL_HOST=smtp.myprovider.com +# MAIL_PORT=587 +# MAIL_USERNAME=userdav +# MAIL_PASSWORD=test +# MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT} + +# Trust the immediate proxy for X-Forwarded-* headers including HTTPS detection +SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR diff --git a/stacks/pkm/.env.template b/stacks/pkm/.env.template deleted file mode 100644 index b607b6b..0000000 --- a/stacks/pkm/.env.template +++ /dev/null @@ -1,15 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Networks -_NET_0= - -# Volumes -_VOLUME_0= diff --git a/stacks/pkm/.pkm.env.template b/stacks/pkm/.pkm.env.template deleted file mode 100644 index 9f373a5..0000000 --- a/stacks/pkm/.pkm.env.template +++ /dev/null @@ -1,6 +0,0 @@ -# -# -# Stack Runtime Variables -SB_USER= -SB_NAME= -SB_DESCRIPTION= diff --git a/stacks/pkm/compose.yml b/stacks/pkm/compose.yml index 68afaf0..52546cc 100644 --- a/stacks/pkm/compose.yml +++ b/stacks/pkm/compose.yml @@ -1,18 +1,18 @@ -name: ${_STACK_0} +name: ${STACK} networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true volumes: pkm-data: - name: ${_VOLUME_0} + name: ${PKM_DATA_VOLUME} external: true services: - pkm: - container_name: ${_CONTAINER_0} + pkm-test: + container_name: ${PKM_CONTAINER} image: ghcr.io/silverbulletmd/silverbullet restart: unless-stopped env_file: @@ -23,4 +23,4 @@ services: expose: - 3000 volumes: - - pkm-data:/space + - ${PKM_DATA_VOLUME}:/space diff --git a/stacks/pkm/env.template b/stacks/pkm/env.template new file mode 100644 index 0000000..cceb8db --- /dev/null +++ b/stacks/pkm/env.template @@ -0,0 +1,15 @@ +# +# +# Stack Compose Variables + +# Namespaces +STACK= + +# Containers +PKM_CONTAINER= + +# Networks +EDGE_NET= + +# Volumes +PIM_DATA_VOLUME= diff --git a/stacks/pkm/pkm.env.template b/stacks/pkm/pkm.env.template new file mode 100644 index 0000000..c45f07a --- /dev/null +++ b/stacks/pkm/pkm.env.template @@ -0,0 +1,5 @@ +# +# +# Stack Runtime Variables +SB_NAME= +SB_DESCRIPTION= diff --git a/stacks/scm/.env.template b/stacks/scm/.env.template new file mode 100644 index 0000000..c461361 --- /dev/null +++ b/stacks/scm/.env.template @@ -0,0 +1,18 @@ +# +# +# Stack Compose Variables + +# Namespaces +_STACK_0= + +# Containers +_CONTAINER_0= + +# Networks +_NET_0= + +# Volumes +_CSS_FILE= +_CONFIG_FILE= +_GIT_ROOT= +_IMPORTS= diff --git a/stacks/scm/.gitignore b/stacks/scm/.gitignore new file mode 100644 index 0000000..4c28985 --- /dev/null +++ b/stacks/scm/.gitignore @@ -0,0 +1,9 @@ +# Ignore .env files +*.env +srv/ +srv/* +opt/ +opt/* +etc/ +etc/* +compose.test.yml diff --git a/stacks/scm/.run.template b/stacks/scm/.run.template new file mode 100644 index 0000000..cd5eebc --- /dev/null +++ b/stacks/scm/.run.template @@ -0,0 +1,7 @@ +# +# +# Stack Runtime Variables +HTTP_AUTH_USER= +HTTP_AUTH_PASSWORD= +GIT_HTTP_AUTH_USER= +GIT_HTTP_AUTH_PASSWORD= diff --git a/stacks/scm/compose.yml b/stacks/scm/compose.yml new file mode 100644 index 0000000..b40dbaf --- /dev/null +++ b/stacks/scm/compose.yml @@ -0,0 +1,24 @@ +name: ${_STACK_0} + +networks: + net: + name: ${_NET_0} + external: true + +services: + cgit: + container_name: ${_CONTAINER_0} + image: ratdad/cgit:latest + env_file: + - .run.env + - .env + networks: + - net + expose: + - 80 + volumes: + # TODO: Make these cgit-docker builtins. + - ${_CSS_FILE:-./opt/cgit.css}:/srv/www/htdocs/cgit/cgit.css + - ${_CONFIG_FILE:-./etc/cgitrc}:/etc/cgitrc + - ${_IMPORTS:-./opt/}:/opt + - ${_GIT_ROOT:-./srv/git/}:/srv/git # mount the directory you use for your git server diff --git a/stacks/tss/.env.template b/stacks/tss/.env.template deleted file mode 100644 index b607b6b..0000000 --- a/stacks/tss/.env.template +++ /dev/null @@ -1,15 +0,0 @@ -# -# -# Stack Compose Variables - -# Namespaces -_STACK_0= - -# Containers -_CONTAINER_0= - -# Networks -_NET_0= - -# Volumes -_VOLUME_0= diff --git a/stacks/tss/.run.env.template b/stacks/tss/.run.env.template deleted file mode 100644 index 103c5da..0000000 --- a/stacks/tss/.run.env.template +++ /dev/null @@ -1,5 +0,0 @@ -# TSS CONFIG -RUST_LOG=info -DATA_DIR=/var/lib/taskchampion-sync-server/data -LISTEN=0.0.0.0:8080 -CLIENT_ID= diff --git a/stacks/tss/compose.yml b/stacks/tss/compose.yml index 63913f0..cbaf2f0 100644 --- a/stacks/tss/compose.yml +++ b/stacks/tss/compose.yml @@ -1,26 +1,26 @@ -name: ${_STACK_0} +name: ${STACK} networks: edge-net: - name: ${_NET_0} + name: ${EDGE_NET} external: true - -volumes: - tss-db: - name: ${_VOLUME_0} + db-net: + name: ${DB_NET} external: true services: tss: - container_name: ${_CONTAINER_0} - image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:latest + container_name: ${TSS_CONTAINER} + image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres:latest restart: unless-stopped + environment: + RUST_LOG: info + LISTEN: 0.0.0.0:8080 env_file: - .run.env - .env - volumes: - - tss-db:/var/lib/taskchampion-sync-server/data networks: - edge-net + - db-net expose: - 8080 diff --git a/stacks/tss/env.template b/stacks/tss/env.template new file mode 100644 index 0000000..57ab20a --- /dev/null +++ b/stacks/tss/env.template @@ -0,0 +1,12 @@ +# +# +# Stack Compose Variables + +# Namespace +STACK= + +# Container + +# Network +EDGE_NET= +DB_NET= diff --git a/stacks/tss/run.env.template b/stacks/tss/run.env.template new file mode 100644 index 0000000..09f266a --- /dev/null +++ b/stacks/tss/run.env.template @@ -0,0 +1,11 @@ +# +# +# Stack Runtime Variables + +CLIENT_ID= +DB_HOST= +DB_PORT +DB_USER= +DB_PASSWORD= +DB_BASE= +CONNECTION=postgresql://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_BASE -- cgit v1.2.3-70-g09d2