diff --git a/.gitignore b/.gitignore index 8699393..ea6ab22 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -# data data_* +.env diff --git a/README.md b/README.md index 7dd44c0..db5edb0 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ Ensemble des recettes Docker d'Aurore. L'idée est de pouvoir redonder les services « légers » entre les résidences. -En cours de test par erdnaxe. - Pour lancer un service, aller dans le dossier puis `sudo docker-compose up --build -d`. @@ -13,19 +11,17 @@ Pour lancer un service, aller dans le dossier puis Les fichiers suivant ne doivent être lisibles que par root : + * les fichiers `.env` (s'inspirer des `example.env`) * grafana/ldap.toml - * codimd/docker-compose.yml - * etherpad/settings.json * django-cas/docker-compose.yml Mettez dedans les mots de passe de base de données ou du LDAP. ## Map des ports - * 8080 -> Riot Web + * 8080 -> Riot Web (chat) * 8081 -> CodiMD * 8082 -> Grafana - * 8083 -> PrivateBin - * 8084 -> EtherPad - * 8085 -> Django CAS server - + * 8083 -> PrivateBin (paste) + * 8084 -> EtherPad (pad) + * 8085 -> Django CAS server (cas) diff --git a/codimd/docker-compose.yml b/codimd/docker-compose.yml index 6614f86..aa4a570 100644 --- a/codimd/docker-compose.yml +++ b/codimd/docker-compose.yml @@ -20,20 +20,20 @@ services: CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd" CMD_URL_ADDPORT: "false" CMD_EMAIL: "false" - CMD_DOMAIN: "codimd.auro.re" + CMD_DOMAIN: "${DOMAIN}" CMD_PROTOCOL_USESSL: "true" CMD_USECDN: "false" CMD_ALLOW_FREEURL: "true" CMD_IMAGE_UPLOAD_TYPE: "filesystem" - CMD_LDAP_URL: "ldap://10.128.0.11" - CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re" - CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !" - CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re" + CMD_LDAP_URL: "${LDAP_URL}" + CMD_LDAP_BINDDN: "${LDAP_BINDDN}" + CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}" + CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}" CMD_LDAP_SEARCHFILTER: "(uid={{username}})" CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail" CMD_LDAP_USERIDFIELD: "uid" CMD_LDAP_USERNAMEFIELD: "uid" - CMD_LDAP_PROVIDERNAME: "Aurore" + CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}" ports: - "8081:3000" volumes: diff --git a/codimd/example.env b/codimd/example.env new file mode 100644 index 0000000..af1cfb3 --- /dev/null +++ b/codimd/example.env @@ -0,0 +1,6 @@ +DOMAIN=codimd.auro.re +LDAP_URL=ldap://10.128.0.11 +LDAP_BINDDN="cn=codimd,ou=service-users,dc=auro,dc=re" +LDAP_BINDCREDENTIALS="Change me" +LDAP_SEARCHBASE="cn=Utilisateurs,dc=auro,dc=re" +LDAP_PROVIDERNAME="Aurore" diff --git a/etherpad/Dockerfile b/etherpad/Dockerfile deleted file mode 100644 index aa93bb8..0000000 --- a/etherpad/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Etherpad Lite Dockerfile -# -# https://github.com/ether/etherpad-docker -# -# Author: muxator -# -# Version 0.1, patched by Aurore - -FROM node:latest -LABEL maintainer="Etherpad team, https://github.com/ether/etherpad-lite" - -# git hash of the version to be built. -# If not given, build the latest development version. -ARG ETHERPAD_VERSION=develop - -# plugins to install while building the container. By default no plugins are -# installed. -# If given a value, it has to be a space-separated, quoted list of plugin names. -# -# EXAMPLE: -# ETHERPAD_PLUGINS="ep_codepad ep_author_neat" -ARG ETHERPAD_PLUGINS= - -# Set the following to production to avoid installing devDeps -# this can be done with build args (and is mandatory to build ARM version) -ARG NODE_ENV=development - -# grab the ETHERPAD_VERSION tarball from github (no need to clone the whole -# repository) -RUN echo "Getting version: ${ETHERPAD_VERSION}" && \ - curl \ - --location \ - --fail \ - --silent \ - --show-error \ - --output /opt/etherpad-lite.tar.gz \ - https://github.com/ether/etherpad-lite/archive/"${ETHERPAD_VERSION}".tar.gz && \ - mkdir /opt/etherpad-lite && \ - tar xf /opt/etherpad-lite.tar.gz \ - --directory /opt/etherpad-lite \ - --strip-components=1 && \ - rm /opt/etherpad-lite.tar.gz - -WORKDIR /opt/etherpad-lite - -# install node dependencies for Etherpad -RUN bin/installDeps.sh - -# Install the plugins, if ETHERPAD_PLUGINS is not empty. -# -# Bash trick: in the for loop ${ETHERPAD_PLUGINS} is NOT quoted, in order to be -# able to split at spaces. -RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; done - -# Copy the custom configuration file -COPY settings.json /opt/etherpad-lite/ - -EXPOSE 9001 -CMD ["node", "node_modules/ep_etherpad-lite/node/server.js"] - diff --git a/etherpad/docker-compose.yml b/etherpad/docker-compose.yml index 77822c4..636546a 100644 --- a/etherpad/docker-compose.yml +++ b/etherpad/docker-compose.yml @@ -1,11 +1,15 @@ -version: "3.7" +version: "3" services: etherpad: - build: - context: . - args: - ETHERPAD_VERSION: 1.7.5 - NODE_ENV: production + image: etherpad/etherpad + environment: + - NODE_ENV=production + - POSTGRES_USER=etherpad + - "POSTGRES_PASSWORD=${POSTGRES_PASSWD}" + - POSTGRES_DB=etherpad ports: - 8084:9001 + volumes: + - ./settings.json:/opt/etherpad-lite/settings.json:ro + restart: always diff --git a/etherpad/example.env b/etherpad/example.env new file mode 100644 index 0000000..3982410 --- /dev/null +++ b/etherpad/example.env @@ -0,0 +1 @@ +POSTGRES_PASSWD=asupersecurepassword diff --git a/etherpad/settings.json b/etherpad/settings.json index 6d2f5a7..cd493f5 100644 --- a/etherpad/settings.json +++ b/etherpad/settings.json @@ -3,14 +3,54 @@ * * Please edit settings.json, not settings.json.template * - * Please note that since Etherpad 1.6.0 you can store DB credentials in a - * separate file (credentials.json). + * Please note that starting from Etherpad 1.6.0 you can store DB credentials in + * a separate file (credentials.json). + * + * + * ENVIRONMENT VARIABLE SUBSTITUTION + * ================================= + * + * All the configuration values can be read from environment variables using the + * syntax "${ENV_VAR}" or "${ENV_VAR:default_value}". + * + * This is useful, for example, when running in a Docker container. + * + * EXAMPLE: + * "port": "${PORT:9001}" + * "minify": "${MINIFY}" + * "skinName": "${SKIN_NAME:colibris}" + * + * Would read the configuration values for those items from the environment + * variables PORT, MINIFY and SKIN_NAME. + * If PORT and SKIN_NAME variables were not defined, the default values 9001 and + * "colibris" would be used. The configuration value "minify", on the other + * hand, does not have a default indicated. Thus, if the environment variable + * MINIFY were undefined, "minify" would be null (do not do this). + * + * REMARKS: + * Please note that variable substitution always needs to be quoted. + * + * "port": 9001, <-- Literal values. When not using + * "minify": false substitution, only strings must be + * "skinName": "colibris" quoted. Booleans and numbers must not. + * + * "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable + * "minify": "${MINIFY:true}" substitution, put quotes around its name, + * "skinName": "${SKIN_NAME}" even if the required value is a number or + * a boolean. + * Etherpad will take care of rewriting it + * to the proper type if necessary. + * + * "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes + * "minify": ${MINIFY} around variable names are missing. + * "skinName": ${SKIN_NAME} + * */ { /* * Name your instance! */ - "title": "Etherpad Aurore", + "title": "Etherpad", /* * favicon default name @@ -19,6 +59,15 @@ "favicon": "favicon.ico", /* + * Skin name. + * + * Its value has to be an existing directory under src/static/skins. + * You can write your own, or use one of the included ones: + * + * - "no-skin": an empty skin (default). This yields the unmodified, + * traditional Etherpad theme. + * - "colibris": the new experimental skin (since Etherpad 1.8), candidate to + * become the default in Etherpad 2.0 */ "skinName": "no-skin", @@ -60,24 +109,22 @@ * You shouldn't use "dirty" for for anything else than testing or * development. * - * For a complete list of the supported drivers, please consult: + * + * Database specific settings are dependent on dbType, and go in dbSettings. + * Remember that since Etherpad 1.6.0 you can also store these informations in + * credentials.json. + * + * For a complete list of the supported drivers, please refer to: * https://www.npmjs.com/package/ueberdb2 */ "dbType" : "postgres", - - /* - * Database specific settings (dependent on dbType). - * - * Remember that since Etherpad 1.6.0 you can also store these informations in - * credentials.json. - */ "dbSettings" : { - "user" : "etherpad", + "user" : "${POSTGRES_USER}", "host" : "10.128.0.31", "port" : 5432, - "password": "CHANGE ME IN PROD !", - "database": "etherpad" + "password": "${POSTGRES_PASSWORD}", + "database": "${POSTGRES_DB}" }, /* @@ -87,7 +134,7 @@ */ /* - "dbType" : "postgres", + "dbType" : "mysql", "dbSettings" : { "user" : "etherpaduser", "host" : "localhost", @@ -119,7 +166,7 @@ "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, - "lang": "fr-fr" + "lang": "en-gb" }, /* @@ -366,6 +413,13 @@ */ /* + * Expose Etherpad version in the web interface and in the Server http header. + * + * Do not enable on production machines. + */ + "exposeVersion": false, + + /* * The log level we are using. * * Valid values: DEBUG, INFO, WARN, ERROR diff --git a/riot/Dockerfile b/riot/Dockerfile deleted file mode 100644 index fc2217a..0000000 --- a/riot/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM nginx:alpine - -ARG version -ARG gpg_key - -# Download Riot Web, verify with GPG, then install -RUN apk add --no-cache --virtual .build-deps curl gnupg &&\ - curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz -o riot-web.tar.gz &&\ - curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz.asc -o riot-web.tar.gz.asc &&\ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - ha.pool.sks-keyservers.net \ - ; do \ - echo "Fetching GPG key $gpg_key from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$gpg_key" && break; \ - done &&\ - gpg --batch --verify riot-web.tar.gz.asc riot-web.tar.gz &&\ - tar -xzf riot-web.tar.gz &&\ - mv riot-${version} /etc/riot-web &&\ - cp /etc/riot-web/config.sample.json /etc/riot-web/config.json &&\ - rm -rf /usr/share/nginx/html && ln -s /etc/riot-web /usr/share/nginx/html &&\ - rm riot-web.tar.gz* &&\ - apk del .build-deps diff --git a/riot/bg.jpg b/riot/bg.jpg new file mode 100644 index 0000000..c6059c9 Binary files /dev/null and b/riot/bg.jpg differ diff --git a/riot/config.json b/riot/config.json index 6bc4690..4fd6866 100644 --- a/riot/config.json +++ b/riot/config.json @@ -9,19 +9,31 @@ } }, "disable_custom_urls": false, - "disable_guests": false, + "disable_guests": true, "disable_login_language_selector": false, - "disable_3pid_login": false, - "brand": "Riot Aurore", - "integrations_ui_url": "https://scalar.vector.im/", - "integrations_rest_url": "https://scalar.vector.im/api", + "disable_3pid_login": true, + "brand": "Riot", + "branding": { + "welcomeBackgroundUrl": "/bg.jpg" + }, + "integrations_ui_url": "", + "integrations_rest_url": "", + "integrations_widgets_urls": [ + "https://scalar.vector.im/_matrix/integrations/v1", + "https://scalar.vector.im/api", + "https://scalar-staging.vector.im/_matrix/integrations/v1", + "https://scalar-staging.vector.im/api", + "https://scalar-staging.riot.im/scalar/api" + ], "integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html", "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "defaultCountryCode": "GB", + "defaultCountryCode": "FR", "showLabsSettings": false, "features": { - "feature_groups": "labs", - "feature_pinning": "labs" + "feature_pinning": "labs", + "feature_custom_status": "labs", + "feature_custom_tags": "labs", + "feature_state_counters": "labs" }, "default_federate": true, "default_theme": "light", @@ -31,13 +43,13 @@ ] }, "welcomeUserId": "@riot-bot:matrix.org", - "piwik": { - "url": "https://piwik.riot.im/", - "whitelistedHSUrls": ["https://matrix.org"], - "whitelistedISUrls": ["https://vector.im", "https://matrix.org"], - "siteId": 1 - }, + "piwik": false, + "permalinkPrefix": "https://auro.re", "enable_presence_by_hs_url": { "https://matrix.org": false - } + }, + "settingDefaults": { + "breadcrumbs": true + }, + "disable_custom_urls": true } diff --git a/riot/docker-compose.yml b/riot/docker-compose.yml index eff4877..2eea68d 100644 --- a/riot/docker-compose.yml +++ b/riot/docker-compose.yml @@ -1,15 +1,12 @@ -version: "3.7" +version: "3" services: riot: - build: - context: . - args: - version: v1.3.0 - gpg_key: 5EA7E0F70461A3BCBEBE4D5EF6151806032026F9 + image: vectorim/riot-web volumes: - # Make Riot default to auro.re matrix server - - ./config.json:/etc/riot-web/config.json:ro + - ./config.json:/app/config.json:ro + - ./bg.jpg:/app/bg.jpg:ro + # - ./welcome.html:/app/welcome.html:ro ports: - 8080:80 restart: always