Use a unified docker-compose file
This commit is contained in:
parent
370e8dc871
commit
47b7980502
29 changed files with 354 additions and 525 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
||||||
data_*
|
*_data
|
||||||
.env
|
.env
|
||||||
|
|
|
@ -4,15 +4,14 @@ Ensemble des recettes Docker d'Aurore.
|
||||||
|
|
||||||
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
||||||
|
|
||||||
Pour lancer un service, aller dans le dossier puis
|
Pour lancer un service, cloner le repo, aller dans le dossier puis
|
||||||
`sudo docker-compose up --build -d`.
|
`sudo docker-compose up --build -d`.
|
||||||
|
|
||||||
## Fichiers à protéger
|
## Fichiers à protéger
|
||||||
|
|
||||||
Les fichiers suivant ne doivent être lisibles que par root :
|
Les fichiers suivant ne doivent être lisibles que par root :
|
||||||
|
|
||||||
* les fichiers `.env` (s'inspirer des `example.env`)
|
* le fichier `.env` (s'inspirer de `example.env`)
|
||||||
* grafana/ldap.toml
|
|
||||||
* django-cas/docker-compose.yml
|
* django-cas/docker-compose.yml
|
||||||
|
|
||||||
Mettez dedans les mots de passe de base de données ou du LDAP.
|
Mettez dedans les mots de passe de base de données ou du LDAP.
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
# From https://github.com/codimd/container/
|
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
# Don't upgrade PostgreSQL by simply changing the version number
|
|
||||||
# You need to migrate the Database to the new PostgreSQL version
|
|
||||||
image: postgres:9.6-alpine
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: codimd
|
|
||||||
POSTGRES_PASSWORD: codimdpass
|
|
||||||
POSTGRES_DB: codimd
|
|
||||||
volumes:
|
|
||||||
- ./data_db:/var/lib/postgresql/data
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: quay.io/codimd/server:1.4.0
|
|
||||||
environment:
|
|
||||||
DEBUG: "false"
|
|
||||||
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
|
||||||
CMD_URL_ADDPORT: "false"
|
|
||||||
CMD_EMAIL: "false"
|
|
||||||
CMD_DOMAIN: "${DOMAIN}"
|
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
|
||||||
CMD_USECDN: "false"
|
|
||||||
CMD_ALLOW_FREEURL: "true"
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
||||||
CMD_LDAP_URL: "${LDAP_URL}"
|
|
||||||
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
|
|
||||||
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
|
|
||||||
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
|
|
||||||
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
|
||||||
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
|
||||||
CMD_LDAP_USERIDFIELD: "uid"
|
|
||||||
CMD_LDAP_USERNAMEFIELD: "uid"
|
|
||||||
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
|
|
||||||
ports:
|
|
||||||
- "8081:3000"
|
|
||||||
volumes:
|
|
||||||
- ./data_uploads:/codimd/public/uploads
|
|
||||||
restart: always
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
DOMAIN=codimd.auro.re
|
|
||||||
LDAP_URL=ldap://10.128.0.11
|
|
||||||
LDAP_BINDDN=cn=codimd,ou=service-users,dc=auro,dc=re
|
|
||||||
LDAP_BINDCREDENTIALS=Change me
|
|
||||||
LDAP_SEARCHBASE=cn=Utilisateurs,dc=auro,dc=re
|
|
||||||
LDAP_PROVIDERNAME=Aurore
|
|
|
@ -1,27 +0,0 @@
|
||||||
# Django CAS server Dockerfile
|
|
||||||
#
|
|
||||||
# https://github.com/nitmir/django-cas-server
|
|
||||||
#
|
|
||||||
# Author: erdnaxe
|
|
||||||
|
|
||||||
FROM debian:buster-slim
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y \
|
|
||||||
python3-pip \
|
|
||||||
python3-django \
|
|
||||||
python3-lxml \
|
|
||||||
python3-requests \
|
|
||||||
python3-requests-futures \
|
|
||||||
python3-six \
|
|
||||||
python3-psycopg2 \
|
|
||||||
python3-whitenoise \
|
|
||||||
python3-ldap3 \
|
|
||||||
gunicorn3
|
|
||||||
|
|
||||||
RUN pip3 install django-cas-server
|
|
||||||
|
|
||||||
COPY ./code /code/
|
|
||||||
WORKDIR /code/
|
|
||||||
EXPOSE 8000
|
|
||||||
ENTRYPOINT ["./docker-entrypoint.sh"]
|
|
||||||
|
|
|
@ -1,176 +0,0 @@
|
||||||
"""
|
|
||||||
Django settings for cas project.
|
|
||||||
|
|
||||||
Generated by 'django-admin startproject' using Django 1.11.
|
|
||||||
|
|
||||||
For more information on this file, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/topics/settings/
|
|
||||||
|
|
||||||
For the full list of settings and their values, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/ref/settings/
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
||||||
|
|
||||||
|
|
||||||
# Quick-start development settings - unsuitable for production
|
|
||||||
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
|
|
||||||
|
|
||||||
# SECURITY WARNING: keep the secret key used in production secret!
|
|
||||||
SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
|
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
|
||||||
DEBUG = os.getenv('DJANGO_DEBUG', False)
|
|
||||||
|
|
||||||
ALLOWED_HOSTS = [os.getenv('DJANGO_HOST')]
|
|
||||||
|
|
||||||
# Suivi des erreurs sur root@
|
|
||||||
EMAIL_SUBJECT_PREFIX = "[CAS] "
|
|
||||||
ADMINS = (
|
|
||||||
('Intranet', 'root@crans.org'),
|
|
||||||
)
|
|
||||||
|
|
||||||
# Application definition
|
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
|
||||||
'django.contrib.admin',
|
|
||||||
'django.contrib.auth',
|
|
||||||
'django.contrib.contenttypes',
|
|
||||||
'django.contrib.sessions',
|
|
||||||
'django.contrib.messages',
|
|
||||||
'django.contrib.staticfiles',
|
|
||||||
'cas_server',
|
|
||||||
]
|
|
||||||
|
|
||||||
MIDDLEWARE = [
|
|
||||||
'django.middleware.security.SecurityMiddleware',
|
|
||||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
||||||
'django.middleware.common.CommonMiddleware',
|
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
||||||
'django.contrib.messages.middleware.MessageMiddleware',
|
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
||||||
'django.middleware.locale.LocaleMiddleware',
|
|
||||||
]
|
|
||||||
|
|
||||||
ROOT_URLCONF = 'cas.urls'
|
|
||||||
|
|
||||||
TEMPLATES = [
|
|
||||||
{
|
|
||||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
|
||||||
'DIRS': [],
|
|
||||||
'APP_DIRS': True,
|
|
||||||
'OPTIONS': {
|
|
||||||
'context_processors': [
|
|
||||||
'django.template.context_processors.debug',
|
|
||||||
'django.template.context_processors.request',
|
|
||||||
'django.contrib.auth.context_processors.auth',
|
|
||||||
'django.contrib.messages.context_processors.messages',
|
|
||||||
],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
WSGI_APPLICATION = 'cas.wsgi.application'
|
|
||||||
|
|
||||||
|
|
||||||
# Database
|
|
||||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
|
|
||||||
|
|
||||||
DATABASES = {
|
|
||||||
'default': {
|
|
||||||
'ENGINE': 'django.db.backends.postgresql',
|
|
||||||
'NAME': os.getenv('DJANGO_DB_NAME'),
|
|
||||||
'HOST': os.getenv('DJANGO_DB_HOST'),
|
|
||||||
'USER': os.getenv('DJANGO_DB_USER'),
|
|
||||||
'PASSWORD': os.getenv('DJANGO_DB_PASSWORD'),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Password validation
|
|
||||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
|
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = [
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
# Internationalization
|
|
||||||
# https://docs.djangoproject.com/en/1.11/topics/i18n/
|
|
||||||
|
|
||||||
LANGUAGE_CODE = 'en-us'
|
|
||||||
|
|
||||||
TIME_ZONE = 'UTC'
|
|
||||||
|
|
||||||
USE_I18N = True
|
|
||||||
|
|
||||||
USE_L10N = True
|
|
||||||
|
|
||||||
USE_TZ = True
|
|
||||||
|
|
||||||
|
|
||||||
# Static files (CSS, JavaScript, Images)
|
|
||||||
# https://docs.djangoproject.com/en/1.11/howto/static-files/
|
|
||||||
|
|
||||||
STATIC_URL = '/static/'
|
|
||||||
|
|
||||||
|
|
||||||
# Below are custom parameters
|
|
||||||
|
|
||||||
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
|
|
||||||
STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
|
|
||||||
STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
|
|
||||||
|
|
||||||
CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
|
|
||||||
CAS_LDAP_SERVER = os.getenv('DJANGO_CAS_LDAP_SERVER')
|
|
||||||
CAS_LDAP_USER = os.getenv('DJANGO_CAS_LDAP_USER')
|
|
||||||
CAS_LDAP_PASSWORD = os.getenv('DJANGO_CAS_LDAP_PASSWORD')
|
|
||||||
CAS_LDAP_BASE_DN = os.getenv('DJANGO_CAS_LDAP_BASE_DN')
|
|
||||||
|
|
||||||
CAS_INFO_MESSAGES_ORDER = ["cas_explained"]
|
|
||||||
|
|
||||||
SESSION_COOKIE_AGE = 86400
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
|
||||||
|
|
||||||
LOGGING = {
|
|
||||||
'version': 1,
|
|
||||||
'disable_existing_loggers': False,
|
|
||||||
'formatters': {
|
|
||||||
'cas_syslog': {
|
|
||||||
'format': 'cas: %(levelname)s %(message)s'
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'handlers': {
|
|
||||||
'cas_syslog': {
|
|
||||||
'level': 'INFO',
|
|
||||||
'class': 'logging.handlers.SysLogHandler',
|
|
||||||
'address': '/dev/log',
|
|
||||||
'formatter': 'cas_syslog',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'loggers': {
|
|
||||||
'cas_server': {
|
|
||||||
'handlers': ['cas_syslog'],
|
|
||||||
'level': 'INFO',
|
|
||||||
'propagate': True,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
"""cas URL Configuration
|
|
||||||
|
|
||||||
The `urlpatterns` list routes URLs to views. For more information please see:
|
|
||||||
https://docs.djangoproject.com/en/1.11/topics/http/urls/
|
|
||||||
Examples:
|
|
||||||
Function views
|
|
||||||
1. Add an import: from my_app import views
|
|
||||||
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
|
|
||||||
Class-based views
|
|
||||||
1. Add an import: from other_app.views import Home
|
|
||||||
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
|
|
||||||
Including another URLconf
|
|
||||||
1. Import the include() function: from django.conf.urls import url, include
|
|
||||||
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
|
|
||||||
"""
|
|
||||||
from django.conf.urls import include, url
|
|
||||||
from django.contrib import admin
|
|
||||||
|
|
||||||
urlpatterns = [
|
|
||||||
url(r'^admin/', admin.site.urls),
|
|
||||||
url(r'^', include('cas_server.urls', namespace="cas_server")),
|
|
||||||
]
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
"""
|
|
||||||
WSGI config for cas project.
|
|
||||||
|
|
||||||
It exposes the WSGI callable as a module-level variable named ``application``.
|
|
||||||
|
|
||||||
For more information on this file, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
from django.core.wsgi import get_wsgi_application
|
|
||||||
|
|
||||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
|
||||||
|
|
||||||
application = get_wsgi_application()
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Collect static files
|
|
||||||
echo "Collect static files"
|
|
||||||
python3 manage.py collectstatic --noinput
|
|
||||||
|
|
||||||
# Apply database migrations
|
|
||||||
echo "Apply database migrations"
|
|
||||||
sleep 5 # wait for db
|
|
||||||
python3 manage.py migrate
|
|
||||||
|
|
||||||
# Start server
|
|
||||||
echo "Starting server"
|
|
||||||
gunicorn3 cas.wsgi:application --bind 0.0.0.0:8000 --workers 2 --log-level debug
|
|
|
@ -1,22 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
|
||||||
try:
|
|
||||||
from django.core.management import execute_from_command_line
|
|
||||||
except ImportError:
|
|
||||||
# The above import may fail for some other reason. Ensure that the
|
|
||||||
# issue is really that Django is missing to avoid masking other
|
|
||||||
# exceptions on Python 2.
|
|
||||||
try:
|
|
||||||
import django
|
|
||||||
except ImportError:
|
|
||||||
raise ImportError(
|
|
||||||
"Couldn't import Django. Are you sure it's installed and "
|
|
||||||
"available on your PYTHONPATH environment variable? Did you "
|
|
||||||
"forget to activate a virtual environment?"
|
|
||||||
)
|
|
||||||
raise
|
|
||||||
execute_from_command_line(sys.argv)
|
|
Binary file not shown.
Before Width: | Height: | Size: 126 KiB |
|
@ -1,35 +0,0 @@
|
||||||
version: '3.7'
|
|
||||||
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
# Don't upgrade PostgreSQL by simply changing the version number
|
|
||||||
# You need to migrate the Database to the new PostgreSQL version
|
|
||||||
image: postgres:9.6-alpine
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: cas
|
|
||||||
POSTGRES_PASSWORD: caspass
|
|
||||||
POSTGRES_DB: cas
|
|
||||||
volumes:
|
|
||||||
- ./data_db:/var/lib/postgresql/data
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
cas:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
environment:
|
|
||||||
DJANGO_DB_NAME: cas
|
|
||||||
DJANGO_DB_HOST: database
|
|
||||||
DJANGO_DB_USER: cas
|
|
||||||
DJANGO_DB_PASSWORD: caspass
|
|
||||||
DJANGO_SECRET_KEY: "Please change me in production !"
|
|
||||||
DJANGO_HOST: localhost
|
|
||||||
DJANGO_CAS_LDAP_SERVER: "re2o-ldap.adm.auro.re"
|
|
||||||
DJANGO_CAS_LDAP_USER: "cn=cas,ou=service-users,dc=auro,dc=re"
|
|
||||||
DJANGO_CAS_LDAP_PASSWORD: "Change me in prod !"
|
|
||||||
DJANGO_CAS_LDAP_BASE_DN: "cn=Utilisateurs,dc=auro,dc=re"
|
|
||||||
ports:
|
|
||||||
- "8085:8000"
|
|
||||||
restart: always
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
55
docker-compose.yml
Normal file
55
docker-compose.yml
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
riot:
|
||||||
|
build: riot
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
|
||||||
|
privatebin:
|
||||||
|
image: privatebin/nginx-fpm-alpine
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./privatebin_data:/srv/data
|
||||||
|
ports:
|
||||||
|
- 8083:80
|
||||||
|
|
||||||
|
etherpad:
|
||||||
|
build: etherpad
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "POSTGRES_PASSWORD=${ETHERPAD_POSTGRES_PASSWD}"
|
||||||
|
ports:
|
||||||
|
- 8084:9001
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
build: grafana
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "ENV_PASSWORD=${GRAFANA_LDAP_BIND_PASSWD}"
|
||||||
|
volumes:
|
||||||
|
- ./grafana_data:/var/lib/grafana
|
||||||
|
ports:
|
||||||
|
- 8082:3000
|
||||||
|
|
||||||
|
matrix-appservice-discord:
|
||||||
|
image: halfshot/matrix-appservice-discord
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./matrix-appservice-discord_data:/data
|
||||||
|
- ./matrix-appservice-discord_data/discord.db:/discord.db
|
||||||
|
ports:
|
||||||
|
- 9005:9005
|
||||||
|
|
||||||
|
prometheus-alertmanager:
|
||||||
|
build: prometheus-alertmanager
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 9093:9093
|
||||||
|
|
||||||
|
prometheus-alertmanager-discord:
|
||||||
|
build: prometheus-alertmanager-discord
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "DISCORD_WEBHOOK=${PROMETHEUS_DISCORD_WEBHOOK}"
|
4
env.example
Normal file
4
env.example
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# Copy this as .env and make it only readable by root
|
||||||
|
ETHERPAD_POSTGRES_PASSWD=CHANGE ME
|
||||||
|
GRAFANA_LDAP_BIND_PASSWD=CHANGE ME
|
||||||
|
PROMETHEUS_DISCORD_WEBHOOK=CHANGE ME
|
6
etherpad/Dockerfile
Normal file
6
etherpad/Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
FROM etherpad/etherpad
|
||||||
|
|
||||||
|
# Change instance settings
|
||||||
|
ENV NODE_ENV=production
|
||||||
|
ENV TRUST_PROXY=true
|
||||||
|
COPY settings.json /opt/etherpad-lite/settings.json
|
|
@ -1,15 +0,0 @@
|
||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
|
||||||
etherpad:
|
|
||||||
image: etherpad/etherpad
|
|
||||||
environment:
|
|
||||||
- NODE_ENV=production
|
|
||||||
- POSTGRES_USER=etherpad
|
|
||||||
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
|
|
||||||
- POSTGRES_DB=etherpad
|
|
||||||
ports:
|
|
||||||
- 8084:9001
|
|
||||||
volumes:
|
|
||||||
- ./settings.json:/opt/etherpad-lite/settings.json:ro
|
|
||||||
restart: always
|
|
|
@ -1 +0,0 @@
|
||||||
POSTGRES_PASSWD=asupersecurepassword
|
|
|
@ -22,6 +22,7 @@
|
||||||
*
|
*
|
||||||
* Would read the configuration values for those items from the environment
|
* Would read the configuration values for those items from the environment
|
||||||
* variables PORT, MINIFY and SKIN_NAME.
|
* variables PORT, MINIFY and SKIN_NAME.
|
||||||
|
*
|
||||||
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
||||||
* "colibris" would be used. The configuration value "minify", on the other
|
* "colibris" would be used. The configuration value "minify", on the other
|
||||||
* hand, does not have a default indicated. Thus, if the environment variable
|
* hand, does not have a default indicated. Thus, if the environment variable
|
||||||
|
@ -50,13 +51,13 @@
|
||||||
/*
|
/*
|
||||||
* Name your instance!
|
* Name your instance!
|
||||||
*/
|
*/
|
||||||
"title": "Etherpad",
|
"title": "${TITLE:Etherpad}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* favicon default name
|
* favicon default name
|
||||||
* alternatively, set up a fully specified Url to your own favicon
|
* alternatively, set up a fully specified Url to your own favicon
|
||||||
*/
|
*/
|
||||||
"favicon": "favicon.ico",
|
"favicon": "${FAVICON:favicon.ico}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Skin name.
|
* Skin name.
|
||||||
|
@ -69,20 +70,20 @@
|
||||||
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
||||||
* become the default in Etherpad 2.0
|
* become the default in Etherpad 2.0
|
||||||
*/
|
*/
|
||||||
"skinName": "no-skin",
|
"skinName": "${SKIN_NAME:colibris}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* IP and port which etherpad should bind at
|
* IP and port which etherpad should bind at
|
||||||
*/
|
*/
|
||||||
"ip": "0.0.0.0",
|
"ip": "${IP:0.0.0.0}",
|
||||||
"port" : 9001,
|
"port": "${PORT:9001}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Option to hide/show the settings.json in admin page.
|
* Option to hide/show the settings.json in admin page.
|
||||||
*
|
*
|
||||||
* Default option is set to true
|
* Default option is set to true
|
||||||
*/
|
*/
|
||||||
"showSettingsInAdminPage" : true,
|
"showSettingsInAdminPage": "${SHOW_SETTINGS_IN_ADMIN_PAGE:true}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Node native SSL support
|
* Node native SSL support
|
||||||
|
@ -118,32 +119,14 @@
|
||||||
* https://www.npmjs.com/package/ueberdb2
|
* https://www.npmjs.com/package/ueberdb2
|
||||||
*/
|
*/
|
||||||
|
|
||||||
"dbType" : "postgres",
|
"dbType": "postgres",
|
||||||
"dbSettings" : {
|
"dbSettings": {
|
||||||
"user" : "${POSTGRES_USER}",
|
"host": "10.128.0.31",
|
||||||
"host" : "10.128.0.31",
|
"port": 5432,
|
||||||
"port" : 5432,
|
"database": "etherpad",
|
||||||
"password": "${POSTGRES_PASSWORD}",
|
"user": "etherpad",
|
||||||
"database": "${POSTGRES_DB}"
|
"password": "${POSTGRES_PASSWORD}"
|
||||||
},
|
},
|
||||||
|
|
||||||
/*
|
|
||||||
* An Example of MySQL Configuration (commented out).
|
|
||||||
*
|
|
||||||
* See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
"dbType" : "mysql",
|
|
||||||
"dbSettings" : {
|
|
||||||
"user" : "etherpaduser",
|
|
||||||
"host" : "localhost",
|
|
||||||
"port" : 3306,
|
|
||||||
"password": "PASSWORD",
|
|
||||||
"database": "etherpad_lite_db",
|
|
||||||
"charset" : "utf8mb4"
|
|
||||||
},
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The default text of a pad
|
* The default text of a pad
|
||||||
|
@ -156,57 +139,57 @@
|
||||||
* Change them if you want to override.
|
* Change them if you want to override.
|
||||||
*/
|
*/
|
||||||
"padOptions": {
|
"padOptions": {
|
||||||
"noColors": false,
|
"noColors": false,
|
||||||
"showControls": true,
|
"showControls": true,
|
||||||
"showChat": true,
|
"showChat": true,
|
||||||
"showLineNumbers": true,
|
"showLineNumbers": true,
|
||||||
"useMonospaceFont": false,
|
"useMonospaceFont": false,
|
||||||
"userName": false,
|
"userName": false,
|
||||||
"userColor": false,
|
"userColor": false,
|
||||||
"rtl": false,
|
"rtl": false,
|
||||||
"alwaysShowChat": false,
|
"alwaysShowChat": false,
|
||||||
"chatAndUsers": false,
|
"chatAndUsers": false,
|
||||||
"lang": "en-gb"
|
"lang": "en-gb"
|
||||||
},
|
},
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Pad Shortcut Keys
|
* Pad Shortcut Keys
|
||||||
*/
|
*/
|
||||||
"padShortcutEnabled" : {
|
"padShortcutEnabled" : {
|
||||||
"altF9" : true, /* focus on the File Menu and/or editbar */
|
"altF9": true, /* focus on the File Menu and/or editbar */
|
||||||
"altC" : true, /* focus on the Chat window */
|
"altC": true, /* focus on the Chat window */
|
||||||
"cmdShift2" : true, /* shows a gritter popup showing a line author */
|
"cmdShift2": true, /* shows a gritter popup showing a line author */
|
||||||
"delete" : true,
|
"delete": true,
|
||||||
"return" : true,
|
"return": true,
|
||||||
"esc" : true, /* in mozilla versions 14-19 avoid reconnecting pad */
|
"esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */
|
||||||
"cmdS" : true, /* save a revision */
|
"cmdS": true, /* save a revision */
|
||||||
"tab" : true, /* indent */
|
"tab": true, /* indent */
|
||||||
"cmdZ" : true, /* undo/redo */
|
"cmdZ": true, /* undo/redo */
|
||||||
"cmdY" : true, /* redo */
|
"cmdY": true, /* redo */
|
||||||
"cmdI" : true, /* italic */
|
"cmdI": true, /* italic */
|
||||||
"cmdB" : true, /* bold */
|
"cmdB": true, /* bold */
|
||||||
"cmdU" : true, /* underline */
|
"cmdU": true, /* underline */
|
||||||
"cmd5" : true, /* strike through */
|
"cmd5": true, /* strike through */
|
||||||
"cmdShiftL" : true, /* unordered list */
|
"cmdShiftL": true, /* unordered list */
|
||||||
"cmdShiftN" : true, /* ordered list */
|
"cmdShiftN": true, /* ordered list */
|
||||||
"cmdShift1" : true, /* ordered list */
|
"cmdShift1": true, /* ordered list */
|
||||||
"cmdShiftC" : true, /* clear authorship */
|
"cmdShiftC": true, /* clear authorship */
|
||||||
"cmdH" : true, /* backspace */
|
"cmdH": true, /* backspace */
|
||||||
"ctrlHome" : true, /* scroll to top of pad */
|
"ctrlHome": true, /* scroll to top of pad */
|
||||||
"pageUp" : true,
|
"pageUp": true,
|
||||||
"pageDown" : true
|
"pageDown": true
|
||||||
},
|
},
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Should we suppress errors from being visible in the default Pad Text?
|
* Should we suppress errors from being visible in the default Pad Text?
|
||||||
*/
|
*/
|
||||||
"suppressErrorsInPadText" : false,
|
"suppressErrorsInPadText": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If this option is enabled, a user must have a session to access pads.
|
* If this option is enabled, a user must have a session to access pads.
|
||||||
* This effectively allows only group pads to be accessed.
|
* This effectively allows only group pads to be accessed.
|
||||||
*/
|
*/
|
||||||
"requireSession" : false,
|
"requireSession": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Users may edit pads but not create new ones.
|
* Users may edit pads but not create new ones.
|
||||||
|
@ -214,13 +197,13 @@
|
||||||
* Pad creation is only via the API.
|
* Pad creation is only via the API.
|
||||||
* This applies both to group pads and regular pads.
|
* This applies both to group pads and regular pads.
|
||||||
*/
|
*/
|
||||||
"editOnly" : false,
|
"editOnly": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If set to true, those users who have a valid session will automatically be
|
* If set to true, those users who have a valid session will automatically be
|
||||||
* granted access to password protected pads.
|
* granted access to password protected pads.
|
||||||
*/
|
*/
|
||||||
"sessionNoPassword" : false,
|
"sessionNoPassword": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If true, all css & js will be minified before sending to the client.
|
* If true, all css & js will be minified before sending to the client.
|
||||||
|
@ -228,7 +211,7 @@
|
||||||
* This will improve the loading performance massively, but makes it difficult
|
* This will improve the loading performance massively, but makes it difficult
|
||||||
* to debug the javascript/css
|
* to debug the javascript/css
|
||||||
*/
|
*/
|
||||||
"minify" : true,
|
"minify": true,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* How long may clients use served javascript code (in seconds)?
|
* How long may clients use served javascript code (in seconds)?
|
||||||
|
@ -236,7 +219,7 @@
|
||||||
* Not setting this may cause problems during deployment.
|
* Not setting this may cause problems during deployment.
|
||||||
* Set to 0 to disable caching.
|
* Set to 0 to disable caching.
|
||||||
*/
|
*/
|
||||||
"maxAge" : 21600, // 60 * 60 * 6 = 6 hours
|
"maxAge": 21600, // 60 * 60 * 6 = 6 hours
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Absolute path to the Abiword executable.
|
* Absolute path to the Abiword executable.
|
||||||
|
@ -245,7 +228,7 @@
|
||||||
* it to null disables Abiword and will only allow plain text and HTML
|
* it to null disables Abiword and will only allow plain text and HTML
|
||||||
* import/exports.
|
* import/exports.
|
||||||
*/
|
*/
|
||||||
"abiword" : null,
|
"abiword": null,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This is the absolute path to the soffice executable.
|
* This is the absolute path to the soffice executable.
|
||||||
|
@ -253,7 +236,7 @@
|
||||||
* LibreOffice can be used in lieu of Abiword to export pads.
|
* LibreOffice can be used in lieu of Abiword to export pads.
|
||||||
* Setting it to null disables LibreOffice exporting.
|
* Setting it to null disables LibreOffice exporting.
|
||||||
*/
|
*/
|
||||||
"soffice" : null,
|
"soffice": null,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Path to the Tidy executable.
|
* Path to the Tidy executable.
|
||||||
|
@ -261,35 +244,41 @@
|
||||||
* Tidy is used to improve the quality of exported pads.
|
* Tidy is used to improve the quality of exported pads.
|
||||||
* Setting it to null disables Tidy.
|
* Setting it to null disables Tidy.
|
||||||
*/
|
*/
|
||||||
"tidyHtml" : null,
|
"tidyHtml": null,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Allow import of file types other than the supported ones:
|
* Allow import of file types other than the supported ones:
|
||||||
* txt, doc, docx, rtf, odt, html & htm
|
* txt, doc, docx, rtf, odt, html & htm
|
||||||
*/
|
*/
|
||||||
"allowUnknownFileEnds" : true,
|
"allowUnknownFileEnds": true,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This setting is used if you require authentication of all users.
|
* This setting is used if you require authentication of all users.
|
||||||
*
|
*
|
||||||
* Note: "/admin" always requires authentication.
|
* Note: "/admin" always requires authentication.
|
||||||
*/
|
*/
|
||||||
"requireAuthentication" : false,
|
"requireAuthentication": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Require authorization by a module, or a user with is_admin set, see below.
|
* Require authorization by a module, or a user with is_admin set, see below.
|
||||||
*/
|
*/
|
||||||
"requireAuthorization" : false,
|
"requireAuthorization": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* When you use NGINX or another proxy/load-balancer set this to true.
|
* When you use NGINX or another proxy/load-balancer set this to true.
|
||||||
|
*
|
||||||
|
* This is especially necessary when the reverse proxy performs SSL
|
||||||
|
* termination, otherwise the cookies will not have the "secure" flag.
|
||||||
|
*
|
||||||
|
* The other effect will be that the logs will contain the real client's IP,
|
||||||
|
* instead of the reverse proxy's IP.
|
||||||
*/
|
*/
|
||||||
"trustProxy" : false,
|
"trustProxy": "${TRUST_PROXY:false}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Privacy: disable IP logging
|
* Privacy: disable IP logging
|
||||||
*/
|
*/
|
||||||
"disableIPlogging" : false,
|
"disableIPlogging": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
|
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
|
||||||
|
@ -297,7 +286,7 @@
|
||||||
*
|
*
|
||||||
* Set to 0 to disable automatic reconnection.
|
* Set to 0 to disable automatic reconnection.
|
||||||
*/
|
*/
|
||||||
"automaticReconnectionTimeout" : 0,
|
"automaticReconnectionTimeout": 0,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* By default, when caret is moved out of viewport, it scrolls the minimum
|
* By default, when caret is moved out of viewport, it scrolls the minimum
|
||||||
|
@ -351,20 +340,20 @@
|
||||||
* follow the section "secure your installation" in README.md
|
* follow the section "secure your installation" in README.md
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
|
||||||
"users": {
|
"users": {
|
||||||
"admin": {
|
"admin": {
|
||||||
// "password" can be replaced with "hash" if you install ep_hash_auth
|
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
|
||||||
"password": "changeme1",
|
// 2) please note that if password is null, the user will not be created
|
||||||
|
"password": "${ADMIN_PASSWORD}",
|
||||||
"is_admin": true
|
"is_admin": true
|
||||||
},
|
},
|
||||||
"user": {
|
"user": {
|
||||||
// "password" can be replaced with "hash" if you install ep_hash_auth
|
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
|
||||||
"password": "changeme1",
|
// 2) please note that if password is null, the user will not be created
|
||||||
|
"password": "${USER_PASSWORD}",
|
||||||
"is_admin": false
|
"is_admin": false
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Restrict socket.io transport methods
|
* Restrict socket.io transport methods
|
||||||
|
@ -419,12 +408,12 @@
|
||||||
*/
|
*/
|
||||||
"exposeVersion": false,
|
"exposeVersion": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The log level we are using.
|
* The log level we are using.
|
||||||
*
|
*
|
||||||
* Valid values: DEBUG, INFO, WARN, ERROR
|
* Valid values: DEBUG, INFO, WARN, ERROR
|
||||||
*/
|
*/
|
||||||
"loglevel": "INFO",
|
"loglevel": "${LOGLEVEL:INFO}",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Logging configuration. See log4js documentation for further information:
|
* Logging configuration. See log4js documentation for further information:
|
||||||
|
|
14
grafana/Dockerfile
Normal file
14
grafana/Dockerfile
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
FROM grafana/grafana
|
||||||
|
|
||||||
|
ENV GF_SERVER_ROOT_URL=https://grafana.auro.re
|
||||||
|
ENV GF_SESSION_COOKIE_SECURE=true
|
||||||
|
ENV GF_ANALYTICS_REPORTING_ENABLED=false
|
||||||
|
ENV GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
||||||
|
ENV GF_USERS_ALLOW_SIGN_UP=false
|
||||||
|
ENV GF_USERS_ALLOW_ORG_CREATE=false
|
||||||
|
ENV GF_AUTH_BASIC_ENABLED=false
|
||||||
|
ENV GF_AUTH_LDAP_ENABLED=true
|
||||||
|
ENV GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
||||||
|
|
||||||
|
COPY ldap.toml /etc/grafana/ldap.toml
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
# For the moment, the LDAP password need to be in ldap.toml
|
|
||||||
# In the future, we will be able to make a secret
|
|
||||||
# See https://github.com/grafana/grafana/pull/17526
|
|
||||||
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
grafana:
|
|
||||||
image: grafana/grafana
|
|
||||||
environment:
|
|
||||||
- GF_SERVER_ROOT_URL=https://grafana.auro.re
|
|
||||||
- GF_SESSION_COOKIE_SECURE=true
|
|
||||||
- GF_ANALYTICS_REPORTING_ENABLED=false
|
|
||||||
- GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
|
||||||
- GF_USERS_ALLOW_SIGN_UP=false
|
|
||||||
- GF_USERS_ALLOW_ORG_CREATE=false
|
|
||||||
- GF_AUTH_BASIC_ENABLED=false
|
|
||||||
- GF_AUTH_LDAP_ENABLED=true
|
|
||||||
- GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
|
||||||
|
|
||||||
# Install Grafana plugins at startup
|
|
||||||
- GF_INSTALL_PLUGINS=grafana-worldmap-panel
|
|
||||||
volumes:
|
|
||||||
- ./data_grafana:/var/lib/grafana
|
|
||||||
- ./ldap.toml:/etc/grafana/ldap.toml:ro
|
|
||||||
ports:
|
|
||||||
- 8082:3000
|
|
||||||
restart: always
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ ssl_skip_verify = false
|
||||||
bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
|
bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
|
||||||
# Search user bind password
|
# Search user bind password
|
||||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||||
bind_password = 'CHANGE ME IN PRODUCTION, I WILL DIFFER !'
|
bind_password = '${ENV_PASSWORD}'
|
||||||
|
|
||||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||||
search_filter = "(cn=%s)"
|
search_filter = "(cn=%s)"
|
||||||
|
@ -50,7 +50,7 @@ email = "mail"
|
||||||
group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
|
group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
|
||||||
org_role = "Admin"
|
org_role = "Admin"
|
||||||
# To make user an instance admin (Grafana Admin) uncomment line below
|
# To make user an instance admin (Grafana Admin) uncomment line below
|
||||||
grafana_admin = true
|
# grafana_admin = true
|
||||||
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
|
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
|
||||||
# org_id = 1
|
# org_id = 1
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
privatebin:
|
|
||||||
image: privatebin/nginx-fpm-alpine
|
|
||||||
volumes:
|
|
||||||
- ./data_privatebin:/srv/data
|
|
||||||
ports:
|
|
||||||
- 8083:80
|
|
||||||
restart: always
|
|
||||||
|
|
43
prometheus-alertmanager-discord/Dockerfile
Normal file
43
prometheus-alertmanager-discord/Dockerfile
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# Built following https://medium.com/@chemidy/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
|
||||||
|
|
||||||
|
# STEP 1 build executable binary
|
||||||
|
FROM golang:alpine as builder
|
||||||
|
|
||||||
|
# BUILD_DATE and VCS_REF are immaterial, since this is a 2-stage build, but our build
|
||||||
|
# hook won't work unless we specify the args
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG VCS_REF
|
||||||
|
|
||||||
|
# Install SSL ca certificates
|
||||||
|
RUN apk update && apk add git && apk add ca-certificates
|
||||||
|
# Create appuser
|
||||||
|
RUN adduser -D -g '' appuser
|
||||||
|
COPY . $GOPATH/src/mypackage/myapp/
|
||||||
|
WORKDIR $GOPATH/src/mypackage/myapp/
|
||||||
|
#get dependancies
|
||||||
|
RUN go get -d -v
|
||||||
|
#build the binary
|
||||||
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/alertmanager-discord
|
||||||
|
|
||||||
|
|
||||||
|
# STEP 2 build a small image
|
||||||
|
# start from scratch
|
||||||
|
FROM scratch
|
||||||
|
# Now we DO need these, for the auto-labeling of the image
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG VCS_REF
|
||||||
|
|
||||||
|
# Good docker practice, plus we get microbadger badges
|
||||||
|
LABEL org.label-schema.build-date=$BUILD_DATE \
|
||||||
|
org.label-schema.vcs-url="https://github.com/funkypenguin/alertmanager-discord.git" \
|
||||||
|
org.label-schema.vcs-ref=$VCS_REF \
|
||||||
|
org.label-schema.schema-version="2.2-r1"
|
||||||
|
|
||||||
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||||
|
COPY --from=builder /etc/passwd /etc/passwd
|
||||||
|
# Copy our static executable
|
||||||
|
COPY --from=builder /go/bin/alertmanager-discord /go/bin/alertmanager-discord
|
||||||
|
|
||||||
|
EXPOSE 9094
|
||||||
|
USER appuser
|
||||||
|
ENTRYPOINT ["/go/bin/alertmanager-discord"]
|
82
prometheus-alertmanager-discord/main.go
Normal file
82
prometheus-alertmanager-discord/main.go
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
type alertManOut struct {
|
||||||
|
Alerts []struct {
|
||||||
|
Annotations struct {
|
||||||
|
Description string `json:"description"`
|
||||||
|
Summary string `json:"summary"`
|
||||||
|
} `json:"annotations"`
|
||||||
|
EndsAt string `json:"endsAt"`
|
||||||
|
GeneratorURL string `json:"generatorURL"`
|
||||||
|
Labels map[string]string `json:"labels"`
|
||||||
|
StartsAt string `json:"startsAt"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
} `json:"alerts"`
|
||||||
|
CommonAnnotations struct {
|
||||||
|
Summary string `json:"summary"`
|
||||||
|
} `json:"commonAnnotations"`
|
||||||
|
CommonLabels struct {
|
||||||
|
Alertname string `json:"alertname"`
|
||||||
|
} `json:"commonLabels"`
|
||||||
|
ExternalURL string `json:"externalURL"`
|
||||||
|
GroupKey string `json:"groupKey"`
|
||||||
|
GroupLabels struct {
|
||||||
|
Alertname string `json:"alertname"`
|
||||||
|
} `json:"groupLabels"`
|
||||||
|
Receiver string `json:"receiver"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
Version string `json:"version"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type discordOut struct {
|
||||||
|
Content string `json:"content"`
|
||||||
|
Name string `json:"username"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
webhookUrl := os.Getenv("DISCORD_WEBHOOK")
|
||||||
|
if webhookUrl == "" {
|
||||||
|
fmt.Fprintf(os.Stderr, "error: environment variable DISCORD_WEBHOOK not found\n")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
whURL := flag.String("webhook.url", webhookUrl, "")
|
||||||
|
flag.Parse()
|
||||||
|
fmt.Fprintf(os.Stdout, "info: Listening on 0.0.0.0:9094\n")
|
||||||
|
http.ListenAndServe(":9094", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
b, err := ioutil.ReadAll(r.Body)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
amo := alertManOut{}
|
||||||
|
err = json.Unmarshal(b, &amo)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Format alerts
|
||||||
|
Content := "\n"
|
||||||
|
for _, alert := range amo.Alerts {
|
||||||
|
Content += fmt.Sprintf("*%s* **%s** %s\n", alert.Labels["alertname"], alert.Labels["severity"], alert.Annotations.Summary)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Send to Discord
|
||||||
|
DO := discordOut{
|
||||||
|
Name: "Prometheus 🦋️",
|
||||||
|
Content: Content,
|
||||||
|
}
|
||||||
|
DOD, _ := json.Marshal(DO)
|
||||||
|
http.Post(*whURL, "application/json", bytes.NewReader(DOD))
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
|
3
prometheus-alertmanager/Dockerfile
Normal file
3
prometheus-alertmanager/Dockerfile
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
FROM prom/alertmanager
|
||||||
|
|
||||||
|
COPY alertmanager.yml /etc/alertmanager/alertmanager.yml
|
61
prometheus-alertmanager/alertmanager.yml
Normal file
61
prometheus-alertmanager/alertmanager.yml
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# See https://prometheus.io/docs/alerting/configuration/ for documentation.
|
||||||
|
|
||||||
|
global:
|
||||||
|
# The smarthost and SMTP sender used for mail notifications.
|
||||||
|
smtp_smarthost: 'localhost:25'
|
||||||
|
smtp_from: 'alertmanager@example.org'
|
||||||
|
#smtp_auth_username: 'alertmanager'
|
||||||
|
#smtp_auth_password: 'password'
|
||||||
|
# The auth token for Hipchat.
|
||||||
|
hipchat_auth_token: '1234556789'
|
||||||
|
# Alternative host for Hipchat.
|
||||||
|
hipchat_api_url: 'https://hipchat.foobar.org/'
|
||||||
|
|
||||||
|
# The directory from which notification templates are read.
|
||||||
|
templates:
|
||||||
|
- '/etc/prometheus/alertmanager_templates/*.tmpl'
|
||||||
|
|
||||||
|
# The root route on which each incoming alert enters.
|
||||||
|
route:
|
||||||
|
# The labels by which incoming alerts are grouped together. For example,
|
||||||
|
# multiple alerts coming in for cluster=A and alertname=LatencyHigh would
|
||||||
|
# be batched into a single group.
|
||||||
|
group_by: ['instance'] # group per instance
|
||||||
|
|
||||||
|
# When a new group of alerts is created by an incoming alert, wait at
|
||||||
|
# least 'group_wait' to send the initial notification.
|
||||||
|
# This way ensures that you get multiple alerts for the same group that start
|
||||||
|
# firing shortly after another are batched together on the first
|
||||||
|
# notification.
|
||||||
|
group_wait: 30s
|
||||||
|
|
||||||
|
# When the first notification was sent, wait 'group_interval' to send a batch
|
||||||
|
# of new alerts that started firing for that group.
|
||||||
|
group_interval: 5m
|
||||||
|
|
||||||
|
# If an alert has successfully been sent, wait 'repeat_interval' to
|
||||||
|
# resend them.
|
||||||
|
repeat_interval: 12h
|
||||||
|
|
||||||
|
# A default receiver
|
||||||
|
receiver: webhook
|
||||||
|
|
||||||
|
|
||||||
|
# Inhibition rules allow to mute a set of alerts given that another alert is
|
||||||
|
# firing.
|
||||||
|
# We use this to mute any warning-level notifications if the same alert is
|
||||||
|
# already critical.
|
||||||
|
inhibit_rules:
|
||||||
|
- source_match:
|
||||||
|
severity: 'critical'
|
||||||
|
target_match:
|
||||||
|
severity: 'warning'
|
||||||
|
# Apply inhibition if the alertname is the same.
|
||||||
|
equal: ['alertname', 'cluster', 'service']
|
||||||
|
|
||||||
|
|
||||||
|
receivers:
|
||||||
|
- name: 'webhook'
|
||||||
|
webhook_configs:
|
||||||
|
- url: 'http://prometheus-alertmanager-discord:9094'
|
||||||
|
send_resolved: true
|
5
riot/Dockerfile
Normal file
5
riot/Dockerfile
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
FROM vectorim/riot-web
|
||||||
|
|
||||||
|
# Customize instance settings and background
|
||||||
|
COPY config.json /app/config.json
|
||||||
|
COPY bg.jpg /app/bg.jpg
|
|
@ -1,13 +0,0 @@
|
||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
|
||||||
riot:
|
|
||||||
image: vectorim/riot-web
|
|
||||||
volumes:
|
|
||||||
- ./config.json:/app/config.json:ro
|
|
||||||
- ./bg.jpg:/app/bg.jpg:ro
|
|
||||||
# - ./welcome.html:/app/welcome.html:ro
|
|
||||||
ports:
|
|
||||||
- 8080:80
|
|
||||||
restart: always
|
|
||||||
|
|
Loading…
Reference in a new issue