Use a unified docker-compose file
This commit is contained in:
parent
370e8dc871
commit
47b7980502
29 changed files with 354 additions and 525 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
|||
data_*
|
||||
*_data
|
||||
.env
|
||||
|
|
|
@ -4,15 +4,14 @@ Ensemble des recettes Docker d'Aurore.
|
|||
|
||||
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
||||
|
||||
Pour lancer un service, aller dans le dossier puis
|
||||
Pour lancer un service, cloner le repo, aller dans le dossier puis
|
||||
`sudo docker-compose up --build -d`.
|
||||
|
||||
## Fichiers à protéger
|
||||
|
||||
Les fichiers suivant ne doivent être lisibles que par root :
|
||||
|
||||
* les fichiers `.env` (s'inspirer des `example.env`)
|
||||
* grafana/ldap.toml
|
||||
* le fichier `.env` (s'inspirer de `example.env`)
|
||||
* django-cas/docker-compose.yml
|
||||
|
||||
Mettez dedans les mots de passe de base de données ou du LDAP.
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
# From https://github.com/codimd/container/
|
||||
version: '3'
|
||||
services:
|
||||
database:
|
||||
# Don't upgrade PostgreSQL by simply changing the version number
|
||||
# You need to migrate the Database to the new PostgreSQL version
|
||||
image: postgres:9.6-alpine
|
||||
environment:
|
||||
POSTGRES_USER: codimd
|
||||
POSTGRES_PASSWORD: codimdpass
|
||||
POSTGRES_DB: codimd
|
||||
volumes:
|
||||
- ./data_db:/var/lib/postgresql/data
|
||||
restart: always
|
||||
|
||||
app:
|
||||
image: quay.io/codimd/server:1.4.0
|
||||
environment:
|
||||
DEBUG: "false"
|
||||
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
||||
CMD_URL_ADDPORT: "false"
|
||||
CMD_EMAIL: "false"
|
||||
CMD_DOMAIN: "${DOMAIN}"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
CMD_USECDN: "false"
|
||||
CMD_ALLOW_FREEURL: "true"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_LDAP_URL: "${LDAP_URL}"
|
||||
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
|
||||
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
|
||||
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
|
||||
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
||||
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
||||
CMD_LDAP_USERIDFIELD: "uid"
|
||||
CMD_LDAP_USERNAMEFIELD: "uid"
|
||||
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
|
||||
ports:
|
||||
- "8081:3000"
|
||||
volumes:
|
||||
- ./data_uploads:/codimd/public/uploads
|
||||
restart: always
|
||||
depends_on:
|
||||
- database
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
DOMAIN=codimd.auro.re
|
||||
LDAP_URL=ldap://10.128.0.11
|
||||
LDAP_BINDDN=cn=codimd,ou=service-users,dc=auro,dc=re
|
||||
LDAP_BINDCREDENTIALS=Change me
|
||||
LDAP_SEARCHBASE=cn=Utilisateurs,dc=auro,dc=re
|
||||
LDAP_PROVIDERNAME=Aurore
|
|
@ -1,27 +0,0 @@
|
|||
# Django CAS server Dockerfile
|
||||
#
|
||||
# https://github.com/nitmir/django-cas-server
|
||||
#
|
||||
# Author: erdnaxe
|
||||
|
||||
FROM debian:buster-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
python3-pip \
|
||||
python3-django \
|
||||
python3-lxml \
|
||||
python3-requests \
|
||||
python3-requests-futures \
|
||||
python3-six \
|
||||
python3-psycopg2 \
|
||||
python3-whitenoise \
|
||||
python3-ldap3 \
|
||||
gunicorn3
|
||||
|
||||
RUN pip3 install django-cas-server
|
||||
|
||||
COPY ./code /code/
|
||||
WORKDIR /code/
|
||||
EXPOSE 8000
|
||||
ENTRYPOINT ["./docker-entrypoint.sh"]
|
||||
|
|
@ -1,176 +0,0 @@
|
|||
"""
|
||||
Django settings for cas project.
|
||||
|
||||
Generated by 'django-admin startproject' using Django 1.11.
|
||||
|
||||
For more information on this file, see
|
||||
https://docs.djangoproject.com/en/1.11/topics/settings/
|
||||
|
||||
For the full list of settings and their values, see
|
||||
https://docs.djangoproject.com/en/1.11/ref/settings/
|
||||
"""
|
||||
|
||||
import os
|
||||
|
||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
|
||||
|
||||
# Quick-start development settings - unsuitable for production
|
||||
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
|
||||
|
||||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = os.getenv('DJANGO_DEBUG', False)
|
||||
|
||||
ALLOWED_HOSTS = [os.getenv('DJANGO_HOST')]
|
||||
|
||||
# Suivi des erreurs sur root@
|
||||
EMAIL_SUBJECT_PREFIX = "[CAS] "
|
||||
ADMINS = (
|
||||
('Intranet', 'root@crans.org'),
|
||||
)
|
||||
|
||||
# Application definition
|
||||
|
||||
INSTALLED_APPS = [
|
||||
'django.contrib.admin',
|
||||
'django.contrib.auth',
|
||||
'django.contrib.contenttypes',
|
||||
'django.contrib.sessions',
|
||||
'django.contrib.messages',
|
||||
'django.contrib.staticfiles',
|
||||
'cas_server',
|
||||
]
|
||||
|
||||
MIDDLEWARE = [
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
'django.middleware.common.CommonMiddleware',
|
||||
'django.middleware.csrf.CsrfViewMiddleware',
|
||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||
'django.contrib.messages.middleware.MessageMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
'django.middleware.locale.LocaleMiddleware',
|
||||
]
|
||||
|
||||
ROOT_URLCONF = 'cas.urls'
|
||||
|
||||
TEMPLATES = [
|
||||
{
|
||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
||||
'DIRS': [],
|
||||
'APP_DIRS': True,
|
||||
'OPTIONS': {
|
||||
'context_processors': [
|
||||
'django.template.context_processors.debug',
|
||||
'django.template.context_processors.request',
|
||||
'django.contrib.auth.context_processors.auth',
|
||||
'django.contrib.messages.context_processors.messages',
|
||||
],
|
||||
},
|
||||
},
|
||||
]
|
||||
|
||||
WSGI_APPLICATION = 'cas.wsgi.application'
|
||||
|
||||
|
||||
# Database
|
||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.postgresql',
|
||||
'NAME': os.getenv('DJANGO_DB_NAME'),
|
||||
'HOST': os.getenv('DJANGO_DB_HOST'),
|
||||
'USER': os.getenv('DJANGO_DB_USER'),
|
||||
'PASSWORD': os.getenv('DJANGO_DB_PASSWORD'),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Password validation
|
||||
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
|
||||
|
||||
AUTH_PASSWORD_VALIDATORS = [
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
||||
},
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
||||
},
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
||||
},
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
||||
},
|
||||
]
|
||||
|
||||
|
||||
# Internationalization
|
||||
# https://docs.djangoproject.com/en/1.11/topics/i18n/
|
||||
|
||||
LANGUAGE_CODE = 'en-us'
|
||||
|
||||
TIME_ZONE = 'UTC'
|
||||
|
||||
USE_I18N = True
|
||||
|
||||
USE_L10N = True
|
||||
|
||||
USE_TZ = True
|
||||
|
||||
|
||||
# Static files (CSS, JavaScript, Images)
|
||||
# https://docs.djangoproject.com/en/1.11/howto/static-files/
|
||||
|
||||
STATIC_URL = '/static/'
|
||||
|
||||
|
||||
# Below are custom parameters
|
||||
|
||||
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
|
||||
STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
|
||||
STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
|
||||
|
||||
CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
|
||||
CAS_LDAP_SERVER = os.getenv('DJANGO_CAS_LDAP_SERVER')
|
||||
CAS_LDAP_USER = os.getenv('DJANGO_CAS_LDAP_USER')
|
||||
CAS_LDAP_PASSWORD = os.getenv('DJANGO_CAS_LDAP_PASSWORD')
|
||||
CAS_LDAP_BASE_DN = os.getenv('DJANGO_CAS_LDAP_BASE_DN')
|
||||
|
||||
CAS_INFO_MESSAGES_ORDER = ["cas_explained"]
|
||||
|
||||
SESSION_COOKIE_AGE = 86400
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
'formatters': {
|
||||
'cas_syslog': {
|
||||
'format': 'cas: %(levelname)s %(message)s'
|
||||
},
|
||||
},
|
||||
'handlers': {
|
||||
'cas_syslog': {
|
||||
'level': 'INFO',
|
||||
'class': 'logging.handlers.SysLogHandler',
|
||||
'address': '/dev/log',
|
||||
'formatter': 'cas_syslog',
|
||||
},
|
||||
},
|
||||
'loggers': {
|
||||
'cas_server': {
|
||||
'handlers': ['cas_syslog'],
|
||||
'level': 'INFO',
|
||||
'propagate': True,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
"""cas URL Configuration
|
||||
|
||||
The `urlpatterns` list routes URLs to views. For more information please see:
|
||||
https://docs.djangoproject.com/en/1.11/topics/http/urls/
|
||||
Examples:
|
||||
Function views
|
||||
1. Add an import: from my_app import views
|
||||
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
|
||||
Class-based views
|
||||
1. Add an import: from other_app.views import Home
|
||||
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
|
||||
Including another URLconf
|
||||
1. Import the include() function: from django.conf.urls import url, include
|
||||
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
|
||||
"""
|
||||
from django.conf.urls import include, url
|
||||
from django.contrib import admin
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^admin/', admin.site.urls),
|
||||
url(r'^', include('cas_server.urls', namespace="cas_server")),
|
||||
]
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
"""
|
||||
WSGI config for cas project.
|
||||
|
||||
It exposes the WSGI callable as a module-level variable named ``application``.
|
||||
|
||||
For more information on this file, see
|
||||
https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/
|
||||
"""
|
||||
|
||||
import os
|
||||
|
||||
from django.core.wsgi import get_wsgi_application
|
||||
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
||||
|
||||
application = get_wsgi_application()
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Collect static files
|
||||
echo "Collect static files"
|
||||
python3 manage.py collectstatic --noinput
|
||||
|
||||
# Apply database migrations
|
||||
echo "Apply database migrations"
|
||||
sleep 5 # wait for db
|
||||
python3 manage.py migrate
|
||||
|
||||
# Start server
|
||||
echo "Starting server"
|
||||
gunicorn3 cas.wsgi:application --bind 0.0.0.0:8000 --workers 2 --log-level debug
|
|
@ -1,22 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
import os
|
||||
import sys
|
||||
|
||||
if __name__ == "__main__":
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cas.settings")
|
||||
try:
|
||||
from django.core.management import execute_from_command_line
|
||||
except ImportError:
|
||||
# The above import may fail for some other reason. Ensure that the
|
||||
# issue is really that Django is missing to avoid masking other
|
||||
# exceptions on Python 2.
|
||||
try:
|
||||
import django
|
||||
except ImportError:
|
||||
raise ImportError(
|
||||
"Couldn't import Django. Are you sure it's installed and "
|
||||
"available on your PYTHONPATH environment variable? Did you "
|
||||
"forget to activate a virtual environment?"
|
||||
)
|
||||
raise
|
||||
execute_from_command_line(sys.argv)
|
Binary file not shown.
Before Width: | Height: | Size: 126 KiB |
|
@ -1,35 +0,0 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
database:
|
||||
# Don't upgrade PostgreSQL by simply changing the version number
|
||||
# You need to migrate the Database to the new PostgreSQL version
|
||||
image: postgres:9.6-alpine
|
||||
environment:
|
||||
POSTGRES_USER: cas
|
||||
POSTGRES_PASSWORD: caspass
|
||||
POSTGRES_DB: cas
|
||||
volumes:
|
||||
- ./data_db:/var/lib/postgresql/data
|
||||
restart: always
|
||||
|
||||
cas:
|
||||
build:
|
||||
context: .
|
||||
environment:
|
||||
DJANGO_DB_NAME: cas
|
||||
DJANGO_DB_HOST: database
|
||||
DJANGO_DB_USER: cas
|
||||
DJANGO_DB_PASSWORD: caspass
|
||||
DJANGO_SECRET_KEY: "Please change me in production !"
|
||||
DJANGO_HOST: localhost
|
||||
DJANGO_CAS_LDAP_SERVER: "re2o-ldap.adm.auro.re"
|
||||
DJANGO_CAS_LDAP_USER: "cn=cas,ou=service-users,dc=auro,dc=re"
|
||||
DJANGO_CAS_LDAP_PASSWORD: "Change me in prod !"
|
||||
DJANGO_CAS_LDAP_BASE_DN: "cn=Utilisateurs,dc=auro,dc=re"
|
||||
ports:
|
||||
- "8085:8000"
|
||||
restart: always
|
||||
depends_on:
|
||||
- database
|
||||
|
55
docker-compose.yml
Normal file
55
docker-compose.yml
Normal file
|
@ -0,0 +1,55 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
riot:
|
||||
build: riot
|
||||
restart: always
|
||||
ports:
|
||||
- 8080:80
|
||||
|
||||
privatebin:
|
||||
image: privatebin/nginx-fpm-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- ./privatebin_data:/srv/data
|
||||
ports:
|
||||
- 8083:80
|
||||
|
||||
etherpad:
|
||||
build: etherpad
|
||||
restart: always
|
||||
environment:
|
||||
- "POSTGRES_PASSWORD=${ETHERPAD_POSTGRES_PASSWD}"
|
||||
ports:
|
||||
- 8084:9001
|
||||
|
||||
grafana:
|
||||
build: grafana
|
||||
restart: always
|
||||
environment:
|
||||
- "ENV_PASSWORD=${GRAFANA_LDAP_BIND_PASSWD}"
|
||||
volumes:
|
||||
- ./grafana_data:/var/lib/grafana
|
||||
ports:
|
||||
- 8082:3000
|
||||
|
||||
matrix-appservice-discord:
|
||||
image: halfshot/matrix-appservice-discord
|
||||
restart: always
|
||||
volumes:
|
||||
- ./matrix-appservice-discord_data:/data
|
||||
- ./matrix-appservice-discord_data/discord.db:/discord.db
|
||||
ports:
|
||||
- 9005:9005
|
||||
|
||||
prometheus-alertmanager:
|
||||
build: prometheus-alertmanager
|
||||
restart: always
|
||||
ports:
|
||||
- 9093:9093
|
||||
|
||||
prometheus-alertmanager-discord:
|
||||
build: prometheus-alertmanager-discord
|
||||
restart: always
|
||||
environment:
|
||||
- "DISCORD_WEBHOOK=${PROMETHEUS_DISCORD_WEBHOOK}"
|
4
env.example
Normal file
4
env.example
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Copy this as .env and make it only readable by root
|
||||
ETHERPAD_POSTGRES_PASSWD=CHANGE ME
|
||||
GRAFANA_LDAP_BIND_PASSWD=CHANGE ME
|
||||
PROMETHEUS_DISCORD_WEBHOOK=CHANGE ME
|
6
etherpad/Dockerfile
Normal file
6
etherpad/Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
|||
FROM etherpad/etherpad
|
||||
|
||||
# Change instance settings
|
||||
ENV NODE_ENV=production
|
||||
ENV TRUST_PROXY=true
|
||||
COPY settings.json /opt/etherpad-lite/settings.json
|
|
@ -1,15 +0,0 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
etherpad:
|
||||
image: etherpad/etherpad
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- POSTGRES_USER=etherpad
|
||||
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
|
||||
- POSTGRES_DB=etherpad
|
||||
ports:
|
||||
- 8084:9001
|
||||
volumes:
|
||||
- ./settings.json:/opt/etherpad-lite/settings.json:ro
|
||||
restart: always
|
|
@ -1 +0,0 @@
|
|||
POSTGRES_PASSWD=asupersecurepassword
|
|
@ -22,6 +22,7 @@
|
|||
*
|
||||
* Would read the configuration values for those items from the environment
|
||||
* variables PORT, MINIFY and SKIN_NAME.
|
||||
*
|
||||
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
||||
* "colibris" would be used. The configuration value "minify", on the other
|
||||
* hand, does not have a default indicated. Thus, if the environment variable
|
||||
|
@ -50,13 +51,13 @@
|
|||
/*
|
||||
* Name your instance!
|
||||
*/
|
||||
"title": "Etherpad",
|
||||
"title": "${TITLE:Etherpad}",
|
||||
|
||||
/*
|
||||
* favicon default name
|
||||
* alternatively, set up a fully specified Url to your own favicon
|
||||
*/
|
||||
"favicon": "favicon.ico",
|
||||
"favicon": "${FAVICON:favicon.ico}",
|
||||
|
||||
/*
|
||||
* Skin name.
|
||||
|
@ -69,20 +70,20 @@
|
|||
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
||||
* become the default in Etherpad 2.0
|
||||
*/
|
||||
"skinName": "no-skin",
|
||||
"skinName": "${SKIN_NAME:colibris}",
|
||||
|
||||
/*
|
||||
* IP and port which etherpad should bind at
|
||||
*/
|
||||
"ip": "0.0.0.0",
|
||||
"port" : 9001,
|
||||
"ip": "${IP:0.0.0.0}",
|
||||
"port": "${PORT:9001}",
|
||||
|
||||
/*
|
||||
* Option to hide/show the settings.json in admin page.
|
||||
*
|
||||
* Default option is set to true
|
||||
*/
|
||||
"showSettingsInAdminPage" : true,
|
||||
"showSettingsInAdminPage": "${SHOW_SETTINGS_IN_ADMIN_PAGE:true}",
|
||||
|
||||
/*
|
||||
* Node native SSL support
|
||||
|
@ -118,33 +119,15 @@
|
|||
* https://www.npmjs.com/package/ueberdb2
|
||||
*/
|
||||
|
||||
"dbType" : "postgres",
|
||||
"dbSettings" : {
|
||||
"user" : "${POSTGRES_USER}",
|
||||
"host" : "10.128.0.31",
|
||||
"port" : 5432,
|
||||
"password": "${POSTGRES_PASSWORD}",
|
||||
"database": "${POSTGRES_DB}"
|
||||
"dbType": "postgres",
|
||||
"dbSettings": {
|
||||
"host": "10.128.0.31",
|
||||
"port": 5432,
|
||||
"database": "etherpad",
|
||||
"user": "etherpad",
|
||||
"password": "${POSTGRES_PASSWORD}"
|
||||
},
|
||||
|
||||
/*
|
||||
* An Example of MySQL Configuration (commented out).
|
||||
*
|
||||
* See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
|
||||
*/
|
||||
|
||||
/*
|
||||
"dbType" : "mysql",
|
||||
"dbSettings" : {
|
||||
"user" : "etherpaduser",
|
||||
"host" : "localhost",
|
||||
"port" : 3306,
|
||||
"password": "PASSWORD",
|
||||
"database": "etherpad_lite_db",
|
||||
"charset" : "utf8mb4"
|
||||
},
|
||||
*/
|
||||
|
||||
/*
|
||||
* The default text of a pad
|
||||
*/
|
||||
|
@ -173,40 +156,40 @@
|
|||
* Pad Shortcut Keys
|
||||
*/
|
||||
"padShortcutEnabled" : {
|
||||
"altF9" : true, /* focus on the File Menu and/or editbar */
|
||||
"altC" : true, /* focus on the Chat window */
|
||||
"cmdShift2" : true, /* shows a gritter popup showing a line author */
|
||||
"delete" : true,
|
||||
"return" : true,
|
||||
"esc" : true, /* in mozilla versions 14-19 avoid reconnecting pad */
|
||||
"cmdS" : true, /* save a revision */
|
||||
"tab" : true, /* indent */
|
||||
"cmdZ" : true, /* undo/redo */
|
||||
"cmdY" : true, /* redo */
|
||||
"cmdI" : true, /* italic */
|
||||
"cmdB" : true, /* bold */
|
||||
"cmdU" : true, /* underline */
|
||||
"cmd5" : true, /* strike through */
|
||||
"cmdShiftL" : true, /* unordered list */
|
||||
"cmdShiftN" : true, /* ordered list */
|
||||
"cmdShift1" : true, /* ordered list */
|
||||
"cmdShiftC" : true, /* clear authorship */
|
||||
"cmdH" : true, /* backspace */
|
||||
"ctrlHome" : true, /* scroll to top of pad */
|
||||
"pageUp" : true,
|
||||
"pageDown" : true
|
||||
"altF9": true, /* focus on the File Menu and/or editbar */
|
||||
"altC": true, /* focus on the Chat window */
|
||||
"cmdShift2": true, /* shows a gritter popup showing a line author */
|
||||
"delete": true,
|
||||
"return": true,
|
||||
"esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */
|
||||
"cmdS": true, /* save a revision */
|
||||
"tab": true, /* indent */
|
||||
"cmdZ": true, /* undo/redo */
|
||||
"cmdY": true, /* redo */
|
||||
"cmdI": true, /* italic */
|
||||
"cmdB": true, /* bold */
|
||||
"cmdU": true, /* underline */
|
||||
"cmd5": true, /* strike through */
|
||||
"cmdShiftL": true, /* unordered list */
|
||||
"cmdShiftN": true, /* ordered list */
|
||||
"cmdShift1": true, /* ordered list */
|
||||
"cmdShiftC": true, /* clear authorship */
|
||||
"cmdH": true, /* backspace */
|
||||
"ctrlHome": true, /* scroll to top of pad */
|
||||
"pageUp": true,
|
||||
"pageDown": true
|
||||
},
|
||||
|
||||
/*
|
||||
* Should we suppress errors from being visible in the default Pad Text?
|
||||
*/
|
||||
"suppressErrorsInPadText" : false,
|
||||
"suppressErrorsInPadText": false,
|
||||
|
||||
/*
|
||||
* If this option is enabled, a user must have a session to access pads.
|
||||
* This effectively allows only group pads to be accessed.
|
||||
*/
|
||||
"requireSession" : false,
|
||||
"requireSession": false,
|
||||
|
||||
/*
|
||||
* Users may edit pads but not create new ones.
|
||||
|
@ -214,13 +197,13 @@
|
|||
* Pad creation is only via the API.
|
||||
* This applies both to group pads and regular pads.
|
||||
*/
|
||||
"editOnly" : false,
|
||||
"editOnly": false,
|
||||
|
||||
/*
|
||||
* If set to true, those users who have a valid session will automatically be
|
||||
* granted access to password protected pads.
|
||||
*/
|
||||
"sessionNoPassword" : false,
|
||||
"sessionNoPassword": false,
|
||||
|
||||
/*
|
||||
* If true, all css & js will be minified before sending to the client.
|
||||
|
@ -228,7 +211,7 @@
|
|||
* This will improve the loading performance massively, but makes it difficult
|
||||
* to debug the javascript/css
|
||||
*/
|
||||
"minify" : true,
|
||||
"minify": true,
|
||||
|
||||
/*
|
||||
* How long may clients use served javascript code (in seconds)?
|
||||
|
@ -236,7 +219,7 @@
|
|||
* Not setting this may cause problems during deployment.
|
||||
* Set to 0 to disable caching.
|
||||
*/
|
||||
"maxAge" : 21600, // 60 * 60 * 6 = 6 hours
|
||||
"maxAge": 21600, // 60 * 60 * 6 = 6 hours
|
||||
|
||||
/*
|
||||
* Absolute path to the Abiword executable.
|
||||
|
@ -245,7 +228,7 @@
|
|||
* it to null disables Abiword and will only allow plain text and HTML
|
||||
* import/exports.
|
||||
*/
|
||||
"abiword" : null,
|
||||
"abiword": null,
|
||||
|
||||
/*
|
||||
* This is the absolute path to the soffice executable.
|
||||
|
@ -253,7 +236,7 @@
|
|||
* LibreOffice can be used in lieu of Abiword to export pads.
|
||||
* Setting it to null disables LibreOffice exporting.
|
||||
*/
|
||||
"soffice" : null,
|
||||
"soffice": null,
|
||||
|
||||
/*
|
||||
* Path to the Tidy executable.
|
||||
|
@ -261,35 +244,41 @@
|
|||
* Tidy is used to improve the quality of exported pads.
|
||||
* Setting it to null disables Tidy.
|
||||
*/
|
||||
"tidyHtml" : null,
|
||||
"tidyHtml": null,
|
||||
|
||||
/*
|
||||
* Allow import of file types other than the supported ones:
|
||||
* txt, doc, docx, rtf, odt, html & htm
|
||||
*/
|
||||
"allowUnknownFileEnds" : true,
|
||||
"allowUnknownFileEnds": true,
|
||||
|
||||
/*
|
||||
* This setting is used if you require authentication of all users.
|
||||
*
|
||||
* Note: "/admin" always requires authentication.
|
||||
*/
|
||||
"requireAuthentication" : false,
|
||||
"requireAuthentication": false,
|
||||
|
||||
/*
|
||||
* Require authorization by a module, or a user with is_admin set, see below.
|
||||
*/
|
||||
"requireAuthorization" : false,
|
||||
"requireAuthorization": false,
|
||||
|
||||
/*
|
||||
* When you use NGINX or another proxy/load-balancer set this to true.
|
||||
*
|
||||
* This is especially necessary when the reverse proxy performs SSL
|
||||
* termination, otherwise the cookies will not have the "secure" flag.
|
||||
*
|
||||
* The other effect will be that the logs will contain the real client's IP,
|
||||
* instead of the reverse proxy's IP.
|
||||
*/
|
||||
"trustProxy" : false,
|
||||
"trustProxy": "${TRUST_PROXY:false}",
|
||||
|
||||
/*
|
||||
* Privacy: disable IP logging
|
||||
*/
|
||||
"disableIPlogging" : false,
|
||||
"disableIPlogging": false,
|
||||
|
||||
/*
|
||||
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
|
||||
|
@ -297,7 +286,7 @@
|
|||
*
|
||||
* Set to 0 to disable automatic reconnection.
|
||||
*/
|
||||
"automaticReconnectionTimeout" : 0,
|
||||
"automaticReconnectionTimeout": 0,
|
||||
|
||||
/*
|
||||
* By default, when caret is moved out of viewport, it scrolls the minimum
|
||||
|
@ -351,20 +340,20 @@
|
|||
* follow the section "secure your installation" in README.md
|
||||
*/
|
||||
|
||||
/*
|
||||
"users": {
|
||||
"admin": {
|
||||
// "password" can be replaced with "hash" if you install ep_hash_auth
|
||||
"password": "changeme1",
|
||||
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
|
||||
// 2) please note that if password is null, the user will not be created
|
||||
"password": "${ADMIN_PASSWORD}",
|
||||
"is_admin": true
|
||||
},
|
||||
"user": {
|
||||
// "password" can be replaced with "hash" if you install ep_hash_auth
|
||||
"password": "changeme1",
|
||||
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
|
||||
// 2) please note that if password is null, the user will not be created
|
||||
"password": "${USER_PASSWORD}",
|
||||
"is_admin": false
|
||||
}
|
||||
},
|
||||
*/
|
||||
|
||||
/*
|
||||
* Restrict socket.io transport methods
|
||||
|
@ -424,7 +413,7 @@
|
|||
*
|
||||
* Valid values: DEBUG, INFO, WARN, ERROR
|
||||
*/
|
||||
"loglevel": "INFO",
|
||||
"loglevel": "${LOGLEVEL:INFO}",
|
||||
|
||||
/*
|
||||
* Logging configuration. See log4js documentation for further information:
|
||||
|
|
14
grafana/Dockerfile
Normal file
14
grafana/Dockerfile
Normal file
|
@ -0,0 +1,14 @@
|
|||
FROM grafana/grafana
|
||||
|
||||
ENV GF_SERVER_ROOT_URL=https://grafana.auro.re
|
||||
ENV GF_SESSION_COOKIE_SECURE=true
|
||||
ENV GF_ANALYTICS_REPORTING_ENABLED=false
|
||||
ENV GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
||||
ENV GF_USERS_ALLOW_SIGN_UP=false
|
||||
ENV GF_USERS_ALLOW_ORG_CREATE=false
|
||||
ENV GF_AUTH_BASIC_ENABLED=false
|
||||
ENV GF_AUTH_LDAP_ENABLED=true
|
||||
ENV GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
||||
|
||||
COPY ldap.toml /etc/grafana/ldap.toml
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
# For the moment, the LDAP password need to be in ldap.toml
|
||||
# In the future, we will be able to make a secret
|
||||
# See https://github.com/grafana/grafana/pull/17526
|
||||
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
grafana:
|
||||
image: grafana/grafana
|
||||
environment:
|
||||
- GF_SERVER_ROOT_URL=https://grafana.auro.re
|
||||
- GF_SESSION_COOKIE_SECURE=true
|
||||
- GF_ANALYTICS_REPORTING_ENABLED=false
|
||||
- GF_SNAPSHOTS_EXTERNAL_ENABLED=false
|
||||
- GF_USERS_ALLOW_SIGN_UP=false
|
||||
- GF_USERS_ALLOW_ORG_CREATE=false
|
||||
- GF_AUTH_BASIC_ENABLED=false
|
||||
- GF_AUTH_LDAP_ENABLED=true
|
||||
- GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
|
||||
|
||||
# Install Grafana plugins at startup
|
||||
- GF_INSTALL_PLUGINS=grafana-worldmap-panel
|
||||
volumes:
|
||||
- ./data_grafana:/var/lib/grafana
|
||||
- ./ldap.toml:/etc/grafana/ldap.toml:ro
|
||||
ports:
|
||||
- 8082:3000
|
||||
restart: always
|
||||
|
|
@ -23,7 +23,7 @@ ssl_skip_verify = false
|
|||
bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
|
||||
# Search user bind password
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
bind_password = 'CHANGE ME IN PRODUCTION, I WILL DIFFER !'
|
||||
bind_password = '${ENV_PASSWORD}'
|
||||
|
||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||
search_filter = "(cn=%s)"
|
||||
|
@ -50,7 +50,7 @@ email = "mail"
|
|||
group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
|
||||
org_role = "Admin"
|
||||
# To make user an instance admin (Grafana Admin) uncomment line below
|
||||
grafana_admin = true
|
||||
# grafana_admin = true
|
||||
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
|
||||
# org_id = 1
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
privatebin:
|
||||
image: privatebin/nginx-fpm-alpine
|
||||
volumes:
|
||||
- ./data_privatebin:/srv/data
|
||||
ports:
|
||||
- 8083:80
|
||||
restart: always
|
||||
|
43
prometheus-alertmanager-discord/Dockerfile
Normal file
43
prometheus-alertmanager-discord/Dockerfile
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Built following https://medium.com/@chemidy/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
|
||||
|
||||
# STEP 1 build executable binary
|
||||
FROM golang:alpine as builder
|
||||
|
||||
# BUILD_DATE and VCS_REF are immaterial, since this is a 2-stage build, but our build
|
||||
# hook won't work unless we specify the args
|
||||
ARG BUILD_DATE
|
||||
ARG VCS_REF
|
||||
|
||||
# Install SSL ca certificates
|
||||
RUN apk update && apk add git && apk add ca-certificates
|
||||
# Create appuser
|
||||
RUN adduser -D -g '' appuser
|
||||
COPY . $GOPATH/src/mypackage/myapp/
|
||||
WORKDIR $GOPATH/src/mypackage/myapp/
|
||||
#get dependancies
|
||||
RUN go get -d -v
|
||||
#build the binary
|
||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/alertmanager-discord
|
||||
|
||||
|
||||
# STEP 2 build a small image
|
||||
# start from scratch
|
||||
FROM scratch
|
||||
# Now we DO need these, for the auto-labeling of the image
|
||||
ARG BUILD_DATE
|
||||
ARG VCS_REF
|
||||
|
||||
# Good docker practice, plus we get microbadger badges
|
||||
LABEL org.label-schema.build-date=$BUILD_DATE \
|
||||
org.label-schema.vcs-url="https://github.com/funkypenguin/alertmanager-discord.git" \
|
||||
org.label-schema.vcs-ref=$VCS_REF \
|
||||
org.label-schema.schema-version="2.2-r1"
|
||||
|
||||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
COPY --from=builder /etc/passwd /etc/passwd
|
||||
# Copy our static executable
|
||||
COPY --from=builder /go/bin/alertmanager-discord /go/bin/alertmanager-discord
|
||||
|
||||
EXPOSE 9094
|
||||
USER appuser
|
||||
ENTRYPOINT ["/go/bin/alertmanager-discord"]
|
82
prometheus-alertmanager-discord/main.go
Normal file
82
prometheus-alertmanager-discord/main.go
Normal file
|
@ -0,0 +1,82 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type alertManOut struct {
|
||||
Alerts []struct {
|
||||
Annotations struct {
|
||||
Description string `json:"description"`
|
||||
Summary string `json:"summary"`
|
||||
} `json:"annotations"`
|
||||
EndsAt string `json:"endsAt"`
|
||||
GeneratorURL string `json:"generatorURL"`
|
||||
Labels map[string]string `json:"labels"`
|
||||
StartsAt string `json:"startsAt"`
|
||||
Status string `json:"status"`
|
||||
} `json:"alerts"`
|
||||
CommonAnnotations struct {
|
||||
Summary string `json:"summary"`
|
||||
} `json:"commonAnnotations"`
|
||||
CommonLabels struct {
|
||||
Alertname string `json:"alertname"`
|
||||
} `json:"commonLabels"`
|
||||
ExternalURL string `json:"externalURL"`
|
||||
GroupKey string `json:"groupKey"`
|
||||
GroupLabels struct {
|
||||
Alertname string `json:"alertname"`
|
||||
} `json:"groupLabels"`
|
||||
Receiver string `json:"receiver"`
|
||||
Status string `json:"status"`
|
||||
Version string `json:"version"`
|
||||
}
|
||||
|
||||
type discordOut struct {
|
||||
Content string `json:"content"`
|
||||
Name string `json:"username"`
|
||||
}
|
||||
|
||||
func main() {
|
||||
webhookUrl := os.Getenv("DISCORD_WEBHOOK")
|
||||
if webhookUrl == "" {
|
||||
fmt.Fprintf(os.Stderr, "error: environment variable DISCORD_WEBHOOK not found\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
whURL := flag.String("webhook.url", webhookUrl, "")
|
||||
flag.Parse()
|
||||
fmt.Fprintf(os.Stdout, "info: Listening on 0.0.0.0:9094\n")
|
||||
http.ListenAndServe(":9094", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
b, err := ioutil.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
amo := alertManOut{}
|
||||
err = json.Unmarshal(b, &amo)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Format alerts
|
||||
Content := "\n"
|
||||
for _, alert := range amo.Alerts {
|
||||
Content += fmt.Sprintf("*%s* **%s** %s\n", alert.Labels["alertname"], alert.Labels["severity"], alert.Annotations.Summary)
|
||||
}
|
||||
|
||||
// Send to Discord
|
||||
DO := discordOut{
|
||||
Name: "Prometheus 🦋️",
|
||||
Content: Content,
|
||||
}
|
||||
DOD, _ := json.Marshal(DO)
|
||||
http.Post(*whURL, "application/json", bytes.NewReader(DOD))
|
||||
}))
|
||||
}
|
||||
|
3
prometheus-alertmanager/Dockerfile
Normal file
3
prometheus-alertmanager/Dockerfile
Normal file
|
@ -0,0 +1,3 @@
|
|||
FROM prom/alertmanager
|
||||
|
||||
COPY alertmanager.yml /etc/alertmanager/alertmanager.yml
|
61
prometheus-alertmanager/alertmanager.yml
Normal file
61
prometheus-alertmanager/alertmanager.yml
Normal file
|
@ -0,0 +1,61 @@
|
|||
# See https://prometheus.io/docs/alerting/configuration/ for documentation.
|
||||
|
||||
global:
|
||||
# The smarthost and SMTP sender used for mail notifications.
|
||||
smtp_smarthost: 'localhost:25'
|
||||
smtp_from: 'alertmanager@example.org'
|
||||
#smtp_auth_username: 'alertmanager'
|
||||
#smtp_auth_password: 'password'
|
||||
# The auth token for Hipchat.
|
||||
hipchat_auth_token: '1234556789'
|
||||
# Alternative host for Hipchat.
|
||||
hipchat_api_url: 'https://hipchat.foobar.org/'
|
||||
|
||||
# The directory from which notification templates are read.
|
||||
templates:
|
||||
- '/etc/prometheus/alertmanager_templates/*.tmpl'
|
||||
|
||||
# The root route on which each incoming alert enters.
|
||||
route:
|
||||
# The labels by which incoming alerts are grouped together. For example,
|
||||
# multiple alerts coming in for cluster=A and alertname=LatencyHigh would
|
||||
# be batched into a single group.
|
||||
group_by: ['instance'] # group per instance
|
||||
|
||||
# When a new group of alerts is created by an incoming alert, wait at
|
||||
# least 'group_wait' to send the initial notification.
|
||||
# This way ensures that you get multiple alerts for the same group that start
|
||||
# firing shortly after another are batched together on the first
|
||||
# notification.
|
||||
group_wait: 30s
|
||||
|
||||
# When the first notification was sent, wait 'group_interval' to send a batch
|
||||
# of new alerts that started firing for that group.
|
||||
group_interval: 5m
|
||||
|
||||
# If an alert has successfully been sent, wait 'repeat_interval' to
|
||||
# resend them.
|
||||
repeat_interval: 12h
|
||||
|
||||
# A default receiver
|
||||
receiver: webhook
|
||||
|
||||
|
||||
# Inhibition rules allow to mute a set of alerts given that another alert is
|
||||
# firing.
|
||||
# We use this to mute any warning-level notifications if the same alert is
|
||||
# already critical.
|
||||
inhibit_rules:
|
||||
- source_match:
|
||||
severity: 'critical'
|
||||
target_match:
|
||||
severity: 'warning'
|
||||
# Apply inhibition if the alertname is the same.
|
||||
equal: ['alertname', 'cluster', 'service']
|
||||
|
||||
|
||||
receivers:
|
||||
- name: 'webhook'
|
||||
webhook_configs:
|
||||
- url: 'http://prometheus-alertmanager-discord:9094'
|
||||
send_resolved: true
|
5
riot/Dockerfile
Normal file
5
riot/Dockerfile
Normal file
|
@ -0,0 +1,5 @@
|
|||
FROM vectorim/riot-web
|
||||
|
||||
# Customize instance settings and background
|
||||
COPY config.json /app/config.json
|
||||
COPY bg.jpg /app/bg.jpg
|
|
@ -1,13 +0,0 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
riot:
|
||||
image: vectorim/riot-web
|
||||
volumes:
|
||||
- ./config.json:/app/config.json:ro
|
||||
- ./bg.jpg:/app/bg.jpg:ro
|
||||
# - ./welcome.html:/app/welcome.html:ro
|
||||
ports:
|
||||
- 8080:80
|
||||
restart: always
|
||||
|
Loading…
Reference in a new issue