Use a unified docker-compose file
parent
370e8dc871
commit
47b7980502
@ -1,2 +1,2 @@
|
|||||||
data_*
|
*_data
|
||||||
.env
|
.env
|
||||||
|
@ -1,44 +0,0 @@
|
|||||||
# From https://github.com/codimd/container/
|
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
# Don't upgrade PostgreSQL by simply changing the version number
|
|
||||||
# You need to migrate the Database to the new PostgreSQL version
|
|
||||||
image: postgres:9.6-alpine
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: codimd
|
|
||||||
POSTGRES_PASSWORD: codimdpass
|
|
||||||
POSTGRES_DB: codimd
|
|
||||||
volumes:
|
|
||||||
- ./data_db:/var/lib/postgresql/data
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: quay.io/codimd/server:1.4.0
|
|
||||||
environment:
|
|
||||||
DEBUG: "false"
|
|
||||||
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
|
||||||
CMD_URL_ADDPORT: "false"
|
|
||||||
CMD_EMAIL: "false"
|
|
||||||
CMD_DOMAIN: "${DOMAIN}"
|
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
|
||||||
CMD_USECDN: "false"
|
|
||||||
CMD_ALLOW_FREEURL: "true"
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
||||||
CMD_LDAP_URL: "${LDAP_URL}"
|
|
||||||
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
|
|
||||||
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
|
|
||||||
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
|
|
||||||
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
|
||||||
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
|
||||||
CMD_LDAP_USERIDFIELD: "uid"
|
|
||||||
CMD_LDAP_USERNAMEFIELD: "uid"
|
|
||||||
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
|
|
||||||
ports:
|
|
||||||
- "8081:3000"
|
|
||||||
volumes:
|
|
||||||
- ./data_uploads:/codimd/public/uploads
|
|
||||||
restart: always
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
@ -1,6 +0,0 @@
|
|||||||
DOMAIN=codimd.auro.re
|
|
||||||
LDAP_URL=ldap://10.128.0.11
|
|
||||||
LDAP_BINDDN=cn=codimd,ou=service-users,dc=auro,dc=re
|
|
||||||
LDAP_BINDCREDENTIALS=Change me
|
|
||||||
LDAP_SEARCHBASE=cn=Utilisateurs,dc=auro,dc=re
|
|
||||||
LDAP_PROVIDERNAME=Aurore
|
|
@ -1,27 +0,0 @@
|
|||||||
# Django CAS server Dockerfile
|
|
||||||
#
|
|
||||||
# https://github.com/nitmir/django-cas-server
|
|
||||||
#
|
|
||||||
# Author: erdnaxe
|
|
||||||
|
|
||||||
FROM debian:buster-slim
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y \
|
|
||||||
python3-pip \
|
|
||||||
python3-django \
|
|
||||||
python3-lxml \
|
|
||||||
python3-requests \
|
|
||||||
python3-requests-futures \
|
|
||||||
python3-six \
|
|
||||||
python3-psycopg2 \
|
|
||||||
python3-whitenoise \
|
|
||||||
python3-ldap3 \
|
|
||||||
gunicorn3
|
|
||||||
|
|
||||||
RUN pip3 install django-cas-server
|
|
||||||
|
|
||||||
COPY ./code /code/
|
|
||||||
WORKDIR /code/
|
|
||||||
EXPOSE 8000
|
|
||||||
ENTRYPOINT ["./docker-entrypoint.sh"]
|
|
||||||
|
|
@ -1,176 +0,0 @@
|
|||||||
"""
|
|
||||||
Django settings for cas project.
|
|
||||||
|
|
||||||
Generated by 'django-admin startproject' using Django 1.11.
|
|
||||||
|
|
||||||
For more information on this file, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/topics/settings/
|
|
||||||
|
|
||||||
For the full list of settings and their values, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/ref/settings/
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
||||||
|
|
||||||
|
|
||||||
# Quick-start development settings - unsuitable for production
|
|
||||||
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
|
|
||||||
|
|
||||||
# SECURITY WARNING: keep the secret key used in production secret!
|
|
||||||
SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
|
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
|
||||||
DEBUG = os.getenv('DJANGO_DEBUG', False)
|
|
||||||
|
|
||||||
ALLOWED_HOSTS = [os.getenv('DJANGO_HOST')]
|
|
||||||
|
|
||||||
# Suivi des erreurs sur root@
|
|
||||||
EMAIL_SUBJECT_PREFIX = "[CAS] "
|
|
||||||
ADMINS = (
|
|
||||||
('Intranet', 'root@crans.org'),
|
|
||||||
)
|
|
||||||
|
|
||||||
# Application definition
|
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
|
||||||
'django.contrib.admin',
|
|
||||||
'django.contrib.auth',
|
|
||||||
'django.contrib.contenttypes',
|
|
||||||
'django.contrib.sessions',
|
|
||||||
'django.contrib.messages',
|
|
||||||
'django.contrib.staticfiles',
|
|
||||||
'cas_server',
|
|
||||||
]
|
|
||||||
|
|
||||||
MIDDLEWARE = [
|
|
||||||
'django.middleware.security.SecurityMiddleware',
|
|
||||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
||||||
'django.middleware.common.CommonMiddleware',
|
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
||||||
'django.contrib.messages.middleware.MessageMiddleware',
|
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
||||||
'django.middleware.locale.LocaleMiddleware',
|
|
||||||
]
|
|
||||||
|
|
||||||
ROOT_URLCONF = 'cas.urls'
|
|
||||||
|
|
||||||
TEMPLATES = [
|
|
||||||
{
|
|
||||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
|
||||||
'DIRS': [],
|
|
||||||
'APP_DIRS': True,
|
|
||||||
'OPTIONS': {
|
|
||||||
'context_processors': [
|
|
||||||
'django.template.context_processors.debug',
|
|
||||||
'django.template.context_processors.request',
|
|
||||||
'django.contrib.auth.context_processors.auth',
|
|
||||||
'django.contrib.messages.context_processors.messages',
|
|
||||||
],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
WSGI_APPLICATION = 'cas.wsgi.application'
|
|
||||||
|
|
||||||
|
|
||||||
# Database
|
|
||||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
|
|
||||||
|
|
||||||
DATABASES = {
|
|
||||||
'default': {
|
|
||||||
'ENGINE': 'django.db.backends.postgresql',
|
|
||||||
'NAME': os.getenv('DJANGO_DB_NAME'),
|
|
||||||
'HOST': os.getenv('DJANGO_DB_HOST'),
|
|
||||||
'USER': os.getenv('DJANGO_DB_USER'),
|
|
||||||
'PASSWORD': os.getenv('DJANGO_DB_PASSWORD'),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Password validation
|
|
||||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
|
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = [
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
# Internationalization
|
|
||||||
# https://docs.djangoproject.com/en/1.11/topics/i18n/
|
|
||||||
|
|
||||||
LANGUAGE_CODE = 'en-us'
|
|
||||||
|
|
||||||
TIME_ZONE = 'UTC'
|
|
||||||
|
|
||||||
USE_I18N = True
|
|
||||||
|
|
||||||
USE_L10N = True
|
|
||||||
|
|
||||||
USE_TZ = True
|
|
||||||
|
|
||||||
|
|
||||||
# Static files (CSS, JavaScript, Images)
|
|
||||||
# https://docs.djangoproject.com/en/1.11/howto/static-files/
|
|
||||||
|
|
||||||
STATIC_URL = '/static/'
|
|
||||||
|
|
||||||
|
|
||||||
# Below are custom parameters
|
|
||||||
|
|
||||||
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
|
|
||||||
STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
|
|
||||||
STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
|
|
||||||
|
|
||||||
CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
|
|
||||||
CAS_LDAP_SERVER = os.getenv('DJANGO_CAS_LDAP_SERVER')
|
|
||||||
CAS_LDAP_USER = os.getenv('DJANGO_CAS_LDAP_USER')
|
|
||||||
CAS_LDAP_PASSWORD = os.getenv('DJANGO_CAS_LDAP_PASSWORD')
|
|
||||||
CAS_LDAP_BASE_DN = os.getenv('DJANGO_CAS_LDAP_BASE_DN')
|
|
||||||
|
|
||||||
CAS_INFO_MESSAGES_ORDER = ["cas_explained"]
|
|
||||||
|
|
||||||
SESSION_COOKIE_AGE = 86400
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
|
||||||
|
|
||||||
LOGGING = {
|
|
||||||
'version': 1,
|
|
||||||
'disable_existing_loggers': False,
|
|
||||||
'formatters': {
|
|
||||||
'cas_syslog': {
|
|
||||||
'format': 'cas: %(levelname)s %(message)s'
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'handlers': {
|
|
||||||
'cas_syslog': {
|
|
||||||
'level': 'INFO',
|
|
||||||
'class': 'logging.handlers.SysLogHandler',
|
|
||||||
'address': '/dev/log',
|
|
||||||
'formatter': 'cas_syslog',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'loggers': {
|
|
||||||
'cas_server': {
|
|
||||||
'handlers': ['cas_syslog'],
|
|
||||||
'level': 'INFO',
|
|
||||||
'propagate': True,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
@ -1,23 +0,0 @@
|
|||||||
"""cas URL Configuration
|
|
||||||
|
|
||||||
The `urlpatterns` list routes URLs to views. For more information please see:
|
|
||||||
https://docs.djangoproject.com/en/1.11/topics/http/urls/
|
|
||||||
Examples:
|
|
||||||
Function views
|
|
||||||
1. Add an import: from my_app import views
|
|
||||||
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
|
|
||||||
Class-based views
|
|
||||||
1. Add an import: from other_app.views import Home
|
|
||||||
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
|
|
||||||
Including another URLconf
|
|
||||||
1. Import the include() function: from django.conf.urls import url, include
|
|
||||||
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
|
|
||||||
"""
|
|
||||||
from django.conf.urls import include, url
|
|
||||||
from django.contrib import admin
|
|
||||||
|
|
||||||
urlpatterns = [
|
|
||||||
url(r'^admin/', admin.site.urls),
|
|
||||||
url(r'^', include('cas_server.urls', namespace="cas_server")),
|
|
||||||
]
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
"""
|
|
||||||
WSGI config for cas project.
|
|
||||||
|
|
||||||
It exposes the WSGI callable as a module-level variable named ``application``.
|
|
||||||
|
|
||||||
For more information on this file, see
|
|
||||||
https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
from django.core.wsgi import get_wsgi_application
|
|
||||||
|
|
||||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
|
||||||
|
|
||||||
application = get_wsgi_application()
|
|
@ -1,14 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Collect static files
|
|
||||||
echo "Collect static files"
|
|
||||||
python3 manage.py collectstatic --noinput
|
|
||||||
|
|
||||||
# Apply database migrations
|
|
||||||
echo "Apply database migrations"
|
|
||||||
sleep 5 # wait for db
|
|
||||||
python3 manage.py migrate
|
|
||||||
|
|
||||||
# Start server
|
|
||||||
echo "Starting server"
|
|
||||||
gunicorn3 cas.wsgi:application --bind 0.0.0.0:8000 --workers 2 --log-level debug
|
|
@ -1,22 +0,0 @@
|
|||||||
#!/usr/bin/env python
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
|
||||||
try:
|
|
||||||
from django.core.management import execute_from_command_line
|
|
||||||
except ImportError:
|
|
||||||
# The above import may fail for some other reason. Ensure that the
|
|
||||||
# issue is really that Django is missing to avoid masking other
|
|
||||||
# exceptions on Python 2.
|
|
||||||
try:
|
|
||||||
import django
|
|
||||||
except ImportError:
|
|
||||||
raise ImportError(
|
|
||||||
"Couldn't import Django. Are you sure it's installed and "
|
|
||||||
"available on your PYTHONPATH environment variable? Did you "
|
|
||||||
"forget to activate a virtual environment?"
|
|
||||||
)
|
|
||||||
raise
|
|
||||||
execute_from_command_line(sys.argv)
|
|
Binary file not shown.
Before Width: | Height: | Size: 126 KiB |
@ -1,35 +0,0 @@
|
|||||||
version: '3.7'
|
|
||||||
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
# Don't upgrade PostgreSQL by simply changing the version number
|
|
||||||
# You need to migrate the Database to the new PostgreSQL version
|
|
||||||
image: postgres:9.6-alpine
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: cas
|
|
||||||
POSTGRES_PASSWORD: caspass
|
|
||||||
POSTGRES_DB: cas
|
|
||||||
volumes:
|
|
||||||
- ./data_db:/var/lib/postgresql/data
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
cas:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
environment:
|
|
||||||
DJANGO_DB_NAME: cas
|
|
||||||
DJANGO_DB_HOST: database
|
|
||||||
DJANGO_DB_USER: cas
|
|
||||||
DJANGO_DB_PASSWORD: caspass
|
|
||||||
DJANGO_SECRET_KEY: "Please change me in production !"
|
|
||||||
DJANGO_HOST: localhost
|
|
||||||
DJANGO_CAS_LDAP_SERVER: "re2o-ldap.adm.auro.re"
|
|
||||||
DJANGO_CAS_LDAP_USER: "cn=cas,ou=service-users,dc=auro,dc=re"
|
|
||||||
DJANGO_CAS_LDAP_PASSWORD: "Change me in prod !"
|
|
||||||
DJANGO_CAS_LDAP_BASE_DN: "cn=Utilisateurs,dc=auro,dc=re"
|
|
||||||
ports:
|
|
||||||
- "8085:8000"
|
|
||||||
restart: always
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
@ -0,0 +1,55 @@
|
|||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
riot:
|
||||||
|
build: riot
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
|
||||||
|
privatebin:
|
||||||
|
image: privatebin/nginx-fpm-alpine
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./privatebin_data:/srv/data
|
||||||
|
ports:
|
||||||
|
- 8083:80
|
||||||
|
|
||||||
|
etherpad:
|
||||||
|
build: etherpad
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "POSTGRES_PASSWORD=${ETHERPAD_POSTGRES_PASSWD}"
|
||||||
|
ports:
|
||||||
|
- 8084:9001
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
build: grafana
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "ENV_PASSWORD=${GRAFANA_LDAP_BIND_PASSWD}"
|
||||||
|
volumes:
|
||||||
|
- ./grafana_data:/var/lib/grafana
|
||||||
|
ports:
|
||||||
|
- 8082:3000
|
||||||
|
|
||||||
|
matrix-appservice-discord:
|
||||||
|
image: halfshot/matrix-appservice-discord
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./matrix-appservice-discord_data:/data
|
||||||
|
- ./matrix-appservice-discord_data/discord.db:/discord.db
|
||||||
|
ports:
|
||||||
|
- 9005:9005
|
||||||
|
|
||||||
|
prometheus-alertmanager:
|
||||||
|
build: prometheus-alertmanager
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 9093:9093
|
||||||
|
|
||||||
|
prometheus-alertmanager-discord:
|
||||||
|
build: prometheus-alertmanager-discord
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- "DISCORD_WEBHOOK=${PROMETHEUS_DISCORD_WEBHOOK}"
|
@ -0,0 +1,4 @@
|
|||||||
|
# Copy this as .env and make it only readable by root
|
||||||
|
ETHERPAD_POSTGRES_PASSWD=CHANGE ME
|
||||||
|
GRAFANA_LDAP_BIND_PASSWD=CHANGE ME
|
||||||
|
PROMETHEUS_DISCORD_WEBHOOK=CHANGE ME
|
@ -0,0 +1,6 @@
|
|||||||
|
FROM etherpad/etherpad
|
||||||
|
|
||||||
|
# Change instance settings
|
||||||
|
ENV NODE_ENV=production
|
||||||
|
ENV TRUST_PROXY=true
|
||||||
|
COPY settings.json /opt/etherpad-lite/settings.json
|
@ -1,15 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
|
||||||
etherpad:
|
|
||||||
image: etherpad/etherpad
|
|
||||||
environment:
|
|
||||||
- NODE_ENV=production
|
|
||||||
- POSTGRES_USER=etherpad
|
|
||||||
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
|
|
||||||
- POSTGRES_DB=etherpad
|
|
||||||
ports:
|
|
||||||
- 8084:9001
|
|
||||||
volumes:
|
|
||||||
- ./settings.json:/opt/etherpad-lite/settings.json:ro
|
|
||||||
restart: always
|
|
@ -1 +0,0 @@
|
|||||||
POSTGRES_PASSWD=asupersecurepassword
|
|
@ -0,0 +1,14 @@
|
|||||||
|
FROM grafana/grafana
|
||||||
|
|
||||||
|
ENV GF_SERVER_ROOT_URL=https://grafana.auro.re
|
||||||
|
ENV GF_SESSION_COOKIE_SECURE=true
|
||||||
|
ENV GF_ANALYTICS_REPORTING_ENABLED=false
|
||||||
|
ENV GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
||||||
|
ENV GF_USERS_ALLOW_SIGN_UP=false
|
||||||
|
ENV GF_USERS_ALLOW_ORG_CREATE=false
|
||||||
|
ENV GF_AUTH_BASIC_ENABLED=false
|
||||||
|
ENV GF_AUTH_LDAP_ENABLED=true
|
||||||
|
ENV GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
||||||
|
|
||||||
|
COPY ldap.toml /etc/grafana/ldap.toml
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
# For the moment, the LDAP password need to be in ldap.toml
|
|
||||||
# In the future, we will be able to make a secret
|
|
||||||
# See https://github.com/grafana/grafana/pull/17526
|
|
||||||
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
grafana:
|
|
||||||
image: grafana/grafana
|
|
||||||
environment:
|
|
||||||
- GF_SERVER_ROOT_URL=https://grafana.auro.re
|
|
||||||
- GF_SESSION_COOKIE_SECURE=true
|
|
||||||
- GF_ANALYTICS_REPORTING_ENABLED=false
|
|
||||||
- GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
|
||||||
- GF_USERS_ALLOW_SIGN_UP=false
|
|
||||||
- GF_USERS_ALLOW_ORG_CREATE=false
|
|
||||||
- GF_AUTH_BASIC_ENABLED=false
|
|
||||||
- GF_AUTH_LDAP_ENABLED=true
|
|
||||||
- GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
|
||||||
|
|
||||||
# Install Grafana plugins at startup
|
|
||||||
- GF_INSTALL_PLUGINS=grafana-worldmap-panel
|
|
||||||
volumes:
|
|
||||||
- ./data_grafana:/var/lib/grafana
|
|
||||||
- ./ldap.toml:/etc/grafana/ldap.toml:ro
|
|
||||||
ports:
|
|
||||||
- 8082:3000
|
|
||||||
restart: always
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
privatebin:
|
|
||||||
image: privatebin/nginx-fpm-alpine
|
|
||||||
volumes:
|
|
||||||
- ./data_privatebin:/srv/data
|
|
||||||
ports:
|
|
||||||
- 8083:80
|
|
||||||
restart: always
|
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
# Built following https://medium.com/@chemidy/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
|
||||||
|
|
||||||
|
# STEP 1 build executable binary
|
||||||
|
FROM golang:alpine as builder
|
||||||
|
|
||||||
|
# BUILD_DATE and VCS_REF are immaterial, since this is a 2-stage build, but our build
|
||||||
|
# hook won't work unless we specify the args
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG VCS_REF
|
||||||
|
|
||||||
|
# Install SSL ca certificates
|
||||||
|
RUN apk update && apk add git && apk add ca-certificates
|
||||||
|
# Create appuser
|
||||||
|
RUN adduser -D -g '' appuser
|
||||||
|
COPY . $GOPATH/src/mypackage/myapp/
|
||||||
|
WORKDIR $GOPATH/src/mypackage/myapp/
|
||||||
|
#get dependancies
|
||||||
|
RUN go get -d -v
|
||||||
|
#build the binary
|
||||||
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/alertmanager-discord
|
||||||
|
|
||||||
|
|
||||||
|
# STEP 2 build a small image
|
||||||
|
# start from scratch
|
||||||
|
FROM scratch
|
||||||
|
# Now we DO need these, for the auto-labeling of the image
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG VCS_REF
|
||||||
|
|
||||||
|
# Good docker practice, plus we get microbadger badges
|
||||||
|
LABEL org.label-schema.build-date=$BUILD_DATE \
|
||||||
|
org.label-schema.vcs-url="https://github.com/funkypenguin/alertmanager-discord.git" \
|
||||||
|
org.label-schema.vcs-ref=$VCS_REF \
|
||||||
|
org.label-schema.schema-version="2.2-r1"
|
||||||
|
|
||||||
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||||
|
COPY --from=builder /etc/passwd /etc/passwd
|
||||||
|
# Copy our static executable
|
||||||
|
COPY --from=builder /go/bin/alertmanager-discord /go/bin/alertmanager-discord
|
||||||
|
|
||||||
|
EXPOSE 9094
|
||||||
|
USER appuser
|
||||||
|
ENTRYPOINT ["/go/bin/alertmanager-discord"]
|
@ -0,0 +1,82 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"flag"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
type alertManOut struct {
|
||||||
|
Alerts []struct {
|
||||||
|
Annotations struct {
|
||||||
|
Description string `json:"description"`
|
||||||
|
Summary string `json:"summary"`
|
||||||
|
} `json:"annotations"`
|
||||||
|
EndsAt string `json:"endsAt"`
|
||||||
|
GeneratorURL string `json:"generatorURL"`
|
||||||
|
Labels map[string]string `json:"labels"`
|
||||||
|
StartsAt string `json:"startsAt"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
} `json:"alerts"`
|
||||||
|
CommonAnnotations struct {
|
||||||
|
Summary string `json:"summary"`
|
||||||
|
} `json:"commonAnnotations"`
|
||||||
|
CommonLabels struct {
|
||||||
|
Alertname string `json:"alertname"`
|
||||||
|
} `json:"commonLabels"`
|
||||||
|
ExternalURL string `json:"externalURL"`
|
||||||
|
GroupKey string `json:"groupKey"`
|
||||||
|
GroupLabels struct {
|
||||||
|
Alertname string `json:"alertname"`
|
||||||
|
} `json:"groupLabels"`
|
||||||
|
Receiver string `json:"receiver"`
|
||||||
|
Status string `json:"status"`
|
||||||
|
Version string `json:"version"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type discordOut struct {
|
||||||
|
Content string `json:"content"`
|
||||||
|
Name string `json:"username"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
webhookUrl := os.Getenv("DISCORD_WEBHOOK")
|
||||||
|
if webhookUrl == "" {
|
||||||
|
fmt.Fprintf(os.Stderr, "error: environment variable DISCORD_WEBHOOK not found\n")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
whURL := flag.String("webhook.url", webhookUrl, "")
|
||||||
|
flag.Parse()
|
||||||
|
fmt.Fprintf(os.Stdout, "info: Listening on 0.0.0.0:9094\n")
|
||||||
|
http.ListenAndServe(":9094", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
b, err := ioutil.ReadAll(r.Body)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
amo := alertManOut{}
|
||||||
|
err = json.Unmarshal(b, &amo)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Format alerts
|
||||||
|
Content := "\n"
|
||||||
|
for _, alert := range amo.Alerts {
|
||||||
|
Content += fmt.Sprintf("*%s* **%s** %s\n", alert.Labels["alertname"], alert.Labels["severity"], alert.Annotations.Summary)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Send to Discord
|
||||||
|
DO := discordOut{
|
||||||
|
Name: "Prometheus 🦋️",
|
||||||
|
Content: Content,
|
||||||
|
}
|
||||||
|
DOD, _ := json.Marshal(DO)
|
||||||
|
http.Post(*whURL, "application/json", bytes.NewReader(DOD))
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM prom/alertmanager
|
||||||
|
|
||||||
|
COPY alertmanager.yml /etc/alertmanager/alertmanager.yml
|
@ -0,0 +1,61 @@
|
|||||||
|
# See https://prometheus.io/docs/alerting/configuration/ for documentation.
|
||||||
|
|
||||||
|
global:
|
||||||
|
# The smarthost and SMTP sender used for mail notifications.
|
||||||
|
smtp_smarthost: 'localhost:25'
|
||||||
|
smtp_from: 'alertmanager@example.org'
|
||||||
|
#smtp_auth_username: 'alertmanager'
|
||||||
|
#smtp_auth_password: 'password'
|
||||||
|
# The auth token for Hipchat.
|
||||||
|
hipchat_auth_token: '1234556789'
|
||||||
|
# Alternative host for Hipchat.
|
||||||
|
hipchat_api_url: 'https://hipchat.foobar.org/'
|
||||||
|
|
||||||
|
# The directory from which notification templates are read.
|
||||||
|
templates:
|
||||||
|
- '/etc/prometheus/alertmanager_templates/*.tmpl'
|
||||||
|
|
||||||
|
# The root route on which each incoming alert enters.
|
||||||
|
route:
|
||||||
|
# The labels by which incoming alerts are grouped together. For example,
|
||||||
|
# multiple alerts coming in for cluster=A and alertname=LatencyHigh would
|
||||||
|
# be batched into a single group.
|
||||||
|
group_by: ['instance'] # group per instance
|
||||||
|
|
||||||
|
# When a new group of alerts is created by an incoming alert, wait at
|
||||||
|
# least 'group_wait' to send the initial notification.
|
||||||
|
# This way ensures that you get multiple alerts for the same group that start
|
||||||
|
# firing shortly after another are batched together on the first
|
||||||
|
# notification.
|
||||||
|
group_wait: 30s
|
||||||
|
|
||||||
|
# When the first notification was sent, wait 'group_interval' to send a batch
|
||||||
|
# of new alerts that started firing for that group.
|
||||||
|
group_interval: 5m
|
||||||
|
|
||||||
|
# If an alert has successfully been sent, wait 'repeat_interval' to
|
||||||
|
# resend them.
|
||||||
|
repeat_interval: 12h
|
||||||
|
|
||||||
|
# A default receiver
|
||||||
|
receiver: webhook
|
||||||
|
|
||||||
|
|
||||||
|
# Inhibition rules allow to mute a set of alerts given that another alert is
|
||||||
|
# firing.
|
||||||
|
# We use this to mute any warning-level notifications if the same alert is
|
||||||
|
# already critical.
|
||||||
|
inhibit_rules:
|
||||||
|
- source_match:
|
||||||
|
severity: 'critical'
|
||||||
|
target_match:
|
||||||
|
severity: 'warning'
|
||||||
|
# Apply inhibition if the alertname is the same.
|
||||||
|
equal: ['alertname', 'cluster', 'service']
|
||||||
|
|
||||||
|
|
||||||
|
receivers:
|
||||||
|
- name: 'webhook'
|
||||||
|
webhook_configs:
|
||||||
|
- url: 'http://prometheus-alertmanager-discord:9094'
|
||||||
|
send_resolved: true
|
@ -0,0 +1,5 @@
|
|||||||
|
FROM vectorim/riot-web
|
||||||
|
|
||||||
|
# Customize instance settings and background
|
||||||
|
COPY config.json /app/config.json
|
||||||
|
COPY bg.jpg /app/bg.jpg
|
@ -1,13 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
|
||||||
riot:
|
|
||||||
image: vectorim/riot-web
|
|
||||||
volumes:
|
|
||||||
- ./config.json:/app/config.json:ro
|
|
||||||
- ./bg.jpg:/app/bg.jpg:ro
|
|
||||||
# - ./welcome.html:/app/welcome.html:ro
|
|
||||||
ports:
|
|
||||||
- 8080:80
|
|
||||||
restart: always
|
|
||||||
|
|
Loading…
Reference in New Issue