Use a unified docker-compose file

2020-02-02 23:55:37 +01:00 · 2020-02-02 23:55:37 +01:00 · 47b7980502
commit 47b7980502
parent 370e8dc871
29 changed files with 354 additions and 525 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-data_*
+*_data
 .env
--- a/README.md
+++ b/README.md
@ -4,15 +4,14 @@ Ensemble des recettes Docker d'Aurore.
 L'idée est de pouvoir redonder les services « légers » entre les résidences.
-Pour lancer un service, aller dans le dossier puis
+Pour lancer un service, cloner le repo, aller dans le dossier puis
 `sudo docker-compose up --build -d`.
 ## Fichiers à protéger
 Les fichiers suivant ne doivent être lisibles que par root :
-  * les fichiers `.env` (s'inspirer des `example.env`)
+  * le fichier `.env` (s'inspirer de `example.env`)
  * grafana/ldap.toml
  * django-cas/docker-compose.yml
 Mettez dedans les mots de passe de base de données ou du LDAP.
--- a/codimd/docker-compose.yml
+++ b/codimd/docker-compose.yml
@ -1,44 +0,0 @@
 # From https://github.com/codimd/container/
 version: '3'
 services:
  database:
    # Don't upgrade PostgreSQL by simply changing the version number
    # You need to migrate the Database to the new PostgreSQL version
    image: postgres:9.6-alpine
    environment:
      POSTGRES_USER: codimd
      POSTGRES_PASSWORD: codimdpass
      POSTGRES_DB: codimd
    volumes:
      - ./data_db:/var/lib/postgresql/data
    restart: always
  app:
    image: quay.io/codimd/server:1.4.0
    environment:
      DEBUG: "false"
      CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
      CMD_URL_ADDPORT: "false"
      CMD_EMAIL: "false"
      CMD_DOMAIN: "${DOMAIN}"
      CMD_PROTOCOL_USESSL: "true"
      CMD_USECDN: "false"
      CMD_ALLOW_FREEURL: "true"
      CMD_IMAGE_UPLOAD_TYPE: "filesystem"
      CMD_LDAP_URL: "${LDAP_URL}"
      CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
      CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
      CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
      CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
      CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
      CMD_LDAP_USERIDFIELD: "uid"
      CMD_LDAP_USERNAMEFIELD: "uid"
      CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
    ports:
      - "8081:3000"
    volumes:
      - ./data_uploads:/codimd/public/uploads
    restart: always
    depends_on:
      - database
--- a/codimd/example.env
+++ b/codimd/example.env
@ -1,6 +0,0 @@
 DOMAIN=codimd.auro.re
 LDAP_URL=ldap://10.128.0.11
 LDAP_BINDDN=cn=codimd,ou=service-users,dc=auro,dc=re
 LDAP_BINDCREDENTIALS=Change me
 LDAP_SEARCHBASE=cn=Utilisateurs,dc=auro,dc=re
 LDAP_PROVIDERNAME=Aurore
--- a/django-cas/Dockerfile
+++ b/django-cas/Dockerfile
@ -1,27 +0,0 @@
 # Django CAS server Dockerfile
 #
 # https://github.com/nitmir/django-cas-server
 #
 # Author: erdnaxe
 FROM debian:buster-slim
 RUN apt-get update && apt-get install -y \
    python3-pip \
 	python3-django \
 	python3-lxml \
 	python3-requests \
 	python3-requests-futures \
 	python3-six \
    python3-psycopg2 \
    python3-whitenoise \
    python3-ldap3 \
    gunicorn3
 RUN pip3 install django-cas-server
 COPY ./code /code/
 WORKDIR /code/
 EXPOSE 8000
 ENTRYPOINT ["./docker-entrypoint.sh"]
--- a/django-cas/code/cas/init.py
+++ b/django-cas/code/cas/init.py
--- a/django-cas/code/cas/settings.py
+++ b/django-cas/code/cas/settings.py
@ -1,176 +0,0 @@
 """
 Django settings for cas project.
 Generated by 'django-admin startproject' using Django 1.11.
 For more information on this file, see
 https://docs.djangoproject.com/en/1.11/topics/settings/
 For the full list of settings and their values, see
 https://docs.djangoproject.com/en/1.11/ref/settings/
 """
 import os
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv('DJANGO_DEBUG', False)
 ALLOWED_HOSTS = [os.getenv('DJANGO_HOST')]
 # Suivi des erreurs sur root@
 EMAIL_SUBJECT_PREFIX = "[CAS] "
 ADMINS = (
    ('Intranet', 'root@crans.org'),
 )
 # Application definition
 INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'cas_server',
 ]
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'whitenoise.middleware.WhiteNoiseMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.locale.LocaleMiddleware',
 ]
 ROOT_URLCONF = 'cas.urls'
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
 ]
 WSGI_APPLICATION = 'cas.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/1.11/ref/settings/#databases
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': os.getenv('DJANGO_DB_NAME'),
        'HOST': os.getenv('DJANGO_DB_HOST'),
        'USER': os.getenv('DJANGO_DB_USER'),
        'PASSWORD': os.getenv('DJANGO_DB_PASSWORD'),
    }
 }
 # Password validation
 # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
 AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
 ]
 # Internationalization
 # https://docs.djangoproject.com/en/1.11/topics/i18n/
 LANGUAGE_CODE = 'en-us'
 TIME_ZONE = 'UTC'
 USE_I18N = True
 USE_L10N = True
 USE_TZ = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.11/howto/static-files/
 STATIC_URL = '/static/'
 # Below are custom parameters
 STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
 STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
 STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
 CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
 CAS_LDAP_SERVER = os.getenv('DJANGO_CAS_LDAP_SERVER')
 CAS_LDAP_USER = os.getenv('DJANGO_CAS_LDAP_USER')
 CAS_LDAP_PASSWORD = os.getenv('DJANGO_CAS_LDAP_PASSWORD')
 CAS_LDAP_BASE_DN = os.getenv('DJANGO_CAS_LDAP_BASE_DN')
 CAS_INFO_MESSAGES_ORDER = ["cas_explained"]
 SESSION_COOKIE_AGE = 86400
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_HTTPONLY = True
 LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'cas_syslog': {
            'format': 'cas: %(levelname)s %(message)s'
        },
    },
    'handlers': {
        'cas_syslog': {
            'level': 'INFO',
            'class': 'logging.handlers.SysLogHandler',
            'address': '/dev/log',
            'formatter': 'cas_syslog',
        },
    },
    'loggers': {
        'cas_server': {
            'handlers': ['cas_syslog'],
            'level': 'INFO',
            'propagate': True,
        },
    },
 }
--- a/django-cas/code/cas/urls.py
+++ b/django-cas/code/cas/urls.py
@ -1,23 +0,0 @@
 """cas URL Configuration
 The `urlpatterns` list routes URLs to views. For more information please see:
    https://docs.djangoproject.com/en/1.11/topics/http/urls/
 Examples:
 Function views
    1. Add an import:  from my_app import views
    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
 Class-based views
    1. Add an import:  from other_app.views import Home
    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
 Including another URLconf
    1. Import the include() function: from django.conf.urls import url, include
    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
 """
 from django.conf.urls import include, url
 from django.contrib import admin
 urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^', include('cas_server.urls', namespace="cas_server")),
 ]
--- a/django-cas/code/cas/wsgi.py
+++ b/django-cas/code/cas/wsgi.py
@ -1,16 +0,0 @@
 """
 WSGI config for cas project.
 It exposes the WSGI callable as a module-level variable named ``application``.
 For more information on this file, see
 https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/
 """
 import os
 from django.core.wsgi import get_wsgi_application
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
 application = get_wsgi_application()
--- a/django-cas/code/docker-entrypoint.sh
+++ b/django-cas/code/docker-entrypoint.sh
@ -1,14 +0,0 @@
 #!/bin/bash
 # Collect static files
 echo "Collect static files"
 python3 manage.py collectstatic --noinput
 # Apply database migrations
 echo "Apply database migrations"
 sleep 5  # wait for db
 python3 manage.py migrate
 # Start server
 echo "Starting server"
 gunicorn3 cas.wsgi:application --bind 0.0.0.0:8000 --workers 2 --log-level debug
--- a/django-cas/code/manage.py
+++ b/django-cas/code/manage.py
@ -1,22 +0,0 @@
 #!/usr/bin/env python
 import os
 import sys
 if __name__ == "__main__":
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
    try:
        from django.core.management import execute_from_command_line
    except ImportError:
        # The above import may fail for some other reason. Ensure that the
        # issue is really that Django is missing to avoid masking other
        # exceptions on Python 2.
        try:
            import django
        except ImportError:
            raise ImportError(
                "Couldn't import Django. Are you sure it's installed and "
                "available on your PYTHONPATH environment variable? Did you "
                "forget to activate a virtual environment?"
            )
        raise
    execute_from_command_line(sys.argv)
--- a/django-cas/code/static/cas_server/logo.png
+++ b/django-cas/code/static/cas_server/logo.png
--- a/django-cas/docker-compose.yml
+++ b/django-cas/docker-compose.yml
@ -1,35 +0,0 @@
 version: '3.7'
 services:
  database:
    # Don't upgrade PostgreSQL by simply changing the version number
    # You need to migrate the Database to the new PostgreSQL version
    image: postgres:9.6-alpine
    environment:
      POSTGRES_USER: cas
      POSTGRES_PASSWORD: caspass
      POSTGRES_DB: cas
    volumes:
      - ./data_db:/var/lib/postgresql/data
    restart: always
  cas:
    build:
      context: .
    environment:
      DJANGO_DB_NAME: cas
      DJANGO_DB_HOST: database
      DJANGO_DB_USER: cas
      DJANGO_DB_PASSWORD: caspass
      DJANGO_SECRET_KEY: "Please change me in production !"
      DJANGO_HOST: localhost
      DJANGO_CAS_LDAP_SERVER: "re2o-ldap.adm.auro.re"
      DJANGO_CAS_LDAP_USER: "cn=cas,ou=service-users,dc=auro,dc=re"
      DJANGO_CAS_LDAP_PASSWORD: "Change me in prod !"
      DJANGO_CAS_LDAP_BASE_DN: "cn=Utilisateurs,dc=auro,dc=re"
    ports:
      - "8085:8000"
    restart: always
    depends_on:
      - database
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,55 @@
 version: "3"
 services:
  riot:
    build: riot
    restart: always
    ports:
      - 8080:80
  privatebin:
    image: privatebin/nginx-fpm-alpine
    restart: always
    volumes:
      - ./privatebin_data:/srv/data
    ports:
      - 8083:80
  etherpad:
    build: etherpad
    restart: always
    environment:
      - "POSTGRES_PASSWORD=${ETHERPAD_POSTGRES_PASSWD}"
    ports:
      - 8084:9001
  grafana:
    build: grafana
    restart: always
    environment:
      - "ENV_PASSWORD=${GRAFANA_LDAP_BIND_PASSWD}"
    volumes:
      - ./grafana_data:/var/lib/grafana
    ports:
      - 8082:3000
  matrix-appservice-discord:
    image: halfshot/matrix-appservice-discord
    restart: always
    volumes:
      - ./matrix-appservice-discord_data:/data
      - ./matrix-appservice-discord_data/discord.db:/discord.db
    ports:
      - 9005:9005
  prometheus-alertmanager:
    build: prometheus-alertmanager
    restart: always
    ports:
      - 9093:9093
  prometheus-alertmanager-discord:
    build: prometheus-alertmanager-discord
    restart: always
    environment:
      - "DISCORD_WEBHOOK=${PROMETHEUS_DISCORD_WEBHOOK}"
--- a/env.example
+++ b/env.example
@ -0,0 +1,4 @@
 # Copy this as .env and make it only readable by root
 ETHERPAD_POSTGRES_PASSWD=CHANGE ME
 GRAFANA_LDAP_BIND_PASSWD=CHANGE ME
 PROMETHEUS_DISCORD_WEBHOOK=CHANGE ME
--- a/etherpad/Dockerfile
+++ b/etherpad/Dockerfile
@ -0,0 +1,6 @@
 FROM etherpad/etherpad
 # Change instance settings
 ENV NODE_ENV=production
 ENV TRUST_PROXY=true
 COPY settings.json /opt/etherpad-lite/settings.json
--- a/etherpad/docker-compose.yml
+++ b/etherpad/docker-compose.yml
@ -1,15 +0,0 @@
 version: "3"
 services:
  etherpad:
    image: etherpad/etherpad
    environment:
      - NODE_ENV=production
      - POSTGRES_USER=etherpad
      - "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
      - POSTGRES_DB=etherpad
    ports:
      - 8084:9001
    volumes:
      - ./settings.json:/opt/etherpad-lite/settings.json:ro
    restart: always
--- a/etherpad/example.env
+++ b/etherpad/example.env
@ -1 +0,0 @@
 POSTGRES_PASSWD=asupersecurepassword
--- a/etherpad/settings.json
+++ b/etherpad/settings.json
@ -22,6 +22,7 @@
 *
 * Would read the configuration values for those items from the environment
 * variables PORT, MINIFY and SKIN_NAME.
 *
 * If PORT and SKIN_NAME variables were not defined, the default values 9001 and
 * "colibris" would be used. The configuration value "minify", on the other
 * hand, does not have a default indicated. Thus, if the environment variable
@ -50,13 +51,13 @@
  /*
   * Name your instance!
   */
-  "title": "Etherpad",
+  "title": "${TITLE:Etherpad}",
  /*
   * favicon default name
   * alternatively, set up a fully specified Url to your own favicon
   */
-  "favicon": "favicon.ico",
+  "favicon": "${FAVICON:favicon.ico}",
  /*
   * Skin name.
@ -69,20 +70,20 @@
   * - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
   *               become the default in Etherpad 2.0
   */
-  "skinName": "no-skin",
+  "skinName": "${SKIN_NAME:colibris}",
  /*
   * IP and port which etherpad should bind at
   */
-  "ip": "0.0.0.0",
+  "ip": "${IP:0.0.0.0}",
-  "port" : 9001,
+  "port": "${PORT:9001}",
  /*
   * Option to hide/show the settings.json in admin page.
   *
   * Default option is set to true
   */
-  "showSettingsInAdminPage" : true,
+  "showSettingsInAdminPage": "${SHOW_SETTINGS_IN_ADMIN_PAGE:true}",
  /*
   * Node native SSL support
@ -120,31 +121,13 @@
  "dbType": "postgres",
  "dbSettings": {
                   "user"    : "${POSTGRES_USER}",
    "host":     "10.128.0.31",
    "port":     5432,
-                   "password": "${POSTGRES_PASSWORD}",
+    "database": "etherpad",
-                   "database": "${POSTGRES_DB}"
+    "user":     "etherpad",
    "password": "${POSTGRES_PASSWORD}"
  },
  /*
   * An Example of MySQL Configuration (commented out).
   *
   * See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
   */
  /*
  "dbType" : "mysql",
  "dbSettings" : {
                   "user"    : "etherpaduser",
                   "host"    : "localhost",
                   "port"    : 3306,
                   "password": "PASSWORD",
                   "database": "etherpad_lite_db",
                   "charset" : "utf8mb4"
                 },
  */
  /*
   * The default text of a pad
   */
@ -283,8 +266,14 @@
  /*
   * When you use NGINX or another proxy/load-balancer set this to true.
   *
   * This is especially necessary when the reverse proxy performs SSL
   * termination, otherwise the cookies will not have the "secure" flag.
   *
   * The other effect will be that the logs will contain the real client's IP,
   * instead of the reverse proxy's IP.
   */
-  "trustProxy" : false,
+  "trustProxy": "${TRUST_PROXY:false}",
  /*
   * Privacy: disable IP logging
@ -351,20 +340,20 @@
   *          follow the section "secure your installation" in README.md
   */
  /*
  "users": {
    "admin": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
-      "password": "changeme1",
+      // 2) please note that if password is null, the user will not be created
      "password": "${ADMIN_PASSWORD}",
      "is_admin": true
    },
    "user": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
-      "password": "changeme1",
+      // 2) please note that if password is null, the user will not be created
      "password": "${USER_PASSWORD}",
      "is_admin": false
    }
  },
  */
  /*
   * Restrict socket.io transport methods
@ -424,7 +413,7 @@
   *
   * Valid values: DEBUG, INFO, WARN, ERROR
   */
-  "loglevel": "INFO",
+  "loglevel": "${LOGLEVEL:INFO}",
  /*
   * Logging configuration. See log4js documentation for further information:
--- a/grafana/Dockerfile
+++ b/grafana/Dockerfile
@ -0,0 +1,14 @@
 FROM grafana/grafana
 ENV GF_SERVER_ROOT_URL=https://grafana.auro.re
 ENV GF_SESSION_COOKIE_SECURE=true
 ENV GF_ANALYTICS_REPORTING_ENABLED=false
 ENV GF_SNAPSHOTS_EXTERNAL_ENABLED=false
 ENV GF_USERS_ALLOW_SIGN_UP=false
 ENV GF_USERS_ALLOW_ORG_CREATE=false
 ENV GF_AUTH_BASIC_ENABLED=false
 ENV GF_AUTH_LDAP_ENABLED=true
 ENV GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
 COPY ldap.toml /etc/grafana/ldap.toml
--- a/grafana/docker-compose.yml
+++ b/grafana/docker-compose.yml
@ -1,29 +0,0 @@
 # For the moment, the LDAP password need to be in ldap.toml
 # In the future, we will be able to make a secret
 # See https://github.com/grafana/grafana/pull/17526
 version: "3.7"
 services:
  grafana:
    image: grafana/grafana
    environment:
      - GF_SERVER_ROOT_URL=https://grafana.auro.re
      - GF_SESSION_COOKIE_SECURE=true
      - GF_ANALYTICS_REPORTING_ENABLED=false
      - GF_SNAPSHOTS_EXTERNAL_ENABLED=false
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_USERS_ALLOW_ORG_CREATE=false
      - GF_AUTH_BASIC_ENABLED=false
      - GF_AUTH_LDAP_ENABLED=true
      - GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
      # Install Grafana plugins at startup
      - GF_INSTALL_PLUGINS=grafana-worldmap-panel
    volumes:
      - ./data_grafana:/var/lib/grafana
      - ./ldap.toml:/etc/grafana/ldap.toml:ro
    ports:
      - 8082:3000
    restart: always
--- a/grafana/ldap.toml
+++ b/grafana/ldap.toml
@ -23,7 +23,7 @@ ssl_skip_verify = false
 bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
 # Search user bind password
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-bind_password = 'CHANGE ME IN PRODUCTION, I WILL DIFFER !'
+bind_password = '${ENV_PASSWORD}'
 # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
 search_filter = "(cn=%s)"
@ -50,7 +50,7 @@ email =  "mail"
 group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
 org_role = "Admin"
 # To make user an instance admin  (Grafana Admin) uncomment line below
-grafana_admin = true
+# grafana_admin = true
 # The Grafana organization database id, optional, if left out the default org (id 1) will be used
 # org_id = 1
--- a/privatebin/docker-compose.yml
+++ b/privatebin/docker-compose.yml
@ -1,11 +0,0 @@
 version: "3.7"
 services:
  privatebin:
    image: privatebin/nginx-fpm-alpine
    volumes:
      - ./data_privatebin:/srv/data
    ports:
      - 8083:80
    restart: always
--- a/prometheus-alertmanager-discord/Dockerfile
+++ b/prometheus-alertmanager-discord/Dockerfile
@ -0,0 +1,43 @@
 # Built following https://medium.com/@chemidy/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
 # STEP 1 build executable binary
 FROM golang:alpine as builder
 # BUILD_DATE and VCS_REF are immaterial, since this is a 2-stage build, but our build
 # hook won't work unless we specify the args
 ARG BUILD_DATE
 ARG VCS_REF
 # Install SSL ca certificates
 RUN apk update && apk add git && apk add ca-certificates
 # Create appuser
 RUN adduser -D -g '' appuser
 COPY . $GOPATH/src/mypackage/myapp/
 WORKDIR $GOPATH/src/mypackage/myapp/
 #get dependancies
 RUN go get -d -v
 #build the binary
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/alertmanager-discord
 # STEP 2 build a small image
 # start from scratch
 FROM scratch
 # Now we DO need these, for the auto-labeling of the image
 ARG BUILD_DATE
 ARG VCS_REF
 # Good docker practice, plus we get microbadger badges
 LABEL org.label-schema.build-date=$BUILD_DATE \
      org.label-schema.vcs-url="https://github.com/funkypenguin/alertmanager-discord.git" \
      org.label-schema.vcs-ref=$VCS_REF \
      org.label-schema.schema-version="2.2-r1"
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /etc/passwd /etc/passwd
 # Copy our static executable
 COPY --from=builder /go/bin/alertmanager-discord /go/bin/alertmanager-discord
 EXPOSE 9094
 USER appuser
 ENTRYPOINT ["/go/bin/alertmanager-discord"]
--- a/prometheus-alertmanager-discord/main.go
+++ b/prometheus-alertmanager-discord/main.go
@ -0,0 +1,82 @@
 package main
 import (
 	"bytes"
 	"encoding/json"
 	"flag"
 	"fmt"
        "os"
 	"io/ioutil"
 	"net/http"
 )
 type alertManOut struct {
 	Alerts []struct {
 		Annotations struct {
 			Description string `json:"description"`
 			Summary     string `json:"summary"`
 		} `json:"annotations"`
 		EndsAt       string            `json:"endsAt"`
 		GeneratorURL string            `json:"generatorURL"`
 		Labels       map[string]string `json:"labels"`
 		StartsAt     string            `json:"startsAt"`
 		Status       string            `json:"status"`
 	} `json:"alerts"`
 	CommonAnnotations struct {
 		Summary string `json:"summary"`
 	} `json:"commonAnnotations"`
 	CommonLabels struct {
 		Alertname string `json:"alertname"`
 	} `json:"commonLabels"`
 	ExternalURL string `json:"externalURL"`
 	GroupKey    string `json:"groupKey"`
 	GroupLabels struct {
 		Alertname string `json:"alertname"`
 	} `json:"groupLabels"`
 	Receiver string `json:"receiver"`
 	Status   string `json:"status"`
 	Version  string `json:"version"`
 }
 type discordOut struct {
 	Content string `json:"content"`
 	Name    string `json:"username"`
 }
 func main() {
 	webhookUrl := os.Getenv("DISCORD_WEBHOOK")
 	if webhookUrl == "" {
 		fmt.Fprintf(os.Stderr, "error: environment variable DISCORD_WEBHOOK not found\n")
 		os.Exit(1)
 	}
 	whURL := flag.String("webhook.url", webhookUrl, "")
 	flag.Parse()
 	fmt.Fprintf(os.Stdout, "info: Listening on 0.0.0.0:9094\n")
 	http.ListenAndServe(":9094", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		b, err := ioutil.ReadAll(r.Body)
 		if err != nil {
 			panic(err)
 		}
 		amo := alertManOut{}
 		err = json.Unmarshal(b, &amo)
 		if err != nil {
 			panic(err)
 		}
 		// Format alerts
 		Content := "\n"
 		for _, alert := range amo.Alerts {
 			Content += fmt.Sprintf("*%s* **%s** %s\n", alert.Labels["alertname"], alert.Labels["severity"], alert.Annotations.Summary)
 		}
 		// Send to Discord
 		DO := discordOut{
 			Name: "Prometheus 🦋️",
 			Content: Content,
 		}
 		DOD, _ := json.Marshal(DO)
 		http.Post(*whURL, "application/json", bytes.NewReader(DOD))
 	}))
 }
--- a/prometheus-alertmanager/Dockerfile
+++ b/prometheus-alertmanager/Dockerfile
@ -0,0 +1,3 @@
 FROM prom/alertmanager
 COPY alertmanager.yml /etc/alertmanager/alertmanager.yml
--- a/prometheus-alertmanager/alertmanager.yml
+++ b/prometheus-alertmanager/alertmanager.yml
@ -0,0 +1,61 @@
 # See https://prometheus.io/docs/alerting/configuration/ for documentation.
 global:
  # The smarthost and SMTP sender used for mail notifications.
  smtp_smarthost: 'localhost:25'
  smtp_from: 'alertmanager@example.org'
  #smtp_auth_username: 'alertmanager'
  #smtp_auth_password: 'password'
  # The auth token for Hipchat.
  hipchat_auth_token: '1234556789'
  # Alternative host for Hipchat.
  hipchat_api_url: 'https://hipchat.foobar.org/'
 # The directory from which notification templates are read.
 templates: 
 - '/etc/prometheus/alertmanager_templates/*.tmpl'
 # The root route on which each incoming alert enters.
 route:
  # The labels by which incoming alerts are grouped together. For example,
  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would
  # be batched into a single group.
  group_by: ['instance']  # group per instance
  # When a new group of alerts is created by an incoming alert, wait at
  # least 'group_wait' to send the initial notification.
  # This way ensures that you get multiple alerts for the same group that start
  # firing shortly after another are batched together on the first 
  # notification.
  group_wait: 30s
  # When the first notification was sent, wait 'group_interval' to send a batch
  # of new alerts that started firing for that group.
  group_interval: 5m
  # If an alert has successfully been sent, wait 'repeat_interval' to
  # resend them.
  repeat_interval: 12h 
  # A default receiver
  receiver: webhook
 # Inhibition rules allow to mute a set of alerts given that another alert is
 # firing.
 # We use this to mute any warning-level notifications if the same alert is 
 # already critical.
 inhibit_rules:
 - source_match:
    severity: 'critical'
  target_match:
    severity: 'warning'
  # Apply inhibition if the alertname is the same.
  equal: ['alertname', 'cluster', 'service']
 receivers:
 - name: 'webhook'
  webhook_configs:
  - url: 'http://prometheus-alertmanager-discord:9094'
    send_resolved: true
--- a/riot/Dockerfile
+++ b/riot/Dockerfile
@ -0,0 +1,5 @@
 FROM vectorim/riot-web
 # Customize instance settings and background
 COPY config.json /app/config.json
 COPY bg.jpg /app/bg.jpg
--- a/riot/docker-compose.yml
+++ b/riot/docker-compose.yml
@ -1,13 +0,0 @@
 version: "3"
 services:
  riot:
    image: vectorim/riot-web
    volumes:
      - ./config.json:/app/config.json:ro
      - ./bg.jpg:/app/bg.jpg:ro
      # - ./welcome.html:/app/welcome.html:ro
    ports:
      - 8080:80
    restart: always
		`@ -0,0 +1,3 @@`
							`FROM prom/alertmanager`

							`COPY alertmanager.yml /etc/alertmanager/alertmanager.yml`