Merge erdnaxe docker into Aurore
This commit is contained in:
parent
f2945bfb1f
commit
fe16b6c810
12 changed files with 131 additions and 145 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
||||||
# data
|
|
||||||
data_*
|
data_*
|
||||||
|
.env
|
||||||
|
|
14
README.md
14
README.md
|
@ -4,8 +4,6 @@ Ensemble des recettes Docker d'Aurore.
|
||||||
|
|
||||||
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
||||||
|
|
||||||
En cours de test par erdnaxe.
|
|
||||||
|
|
||||||
Pour lancer un service, aller dans le dossier puis
|
Pour lancer un service, aller dans le dossier puis
|
||||||
`sudo docker-compose up --build -d`.
|
`sudo docker-compose up --build -d`.
|
||||||
|
|
||||||
|
@ -13,19 +11,17 @@ Pour lancer un service, aller dans le dossier puis
|
||||||
|
|
||||||
Les fichiers suivant ne doivent être lisibles que par root :
|
Les fichiers suivant ne doivent être lisibles que par root :
|
||||||
|
|
||||||
|
* les fichiers `.env` (s'inspirer des `example.env`)
|
||||||
* grafana/ldap.toml
|
* grafana/ldap.toml
|
||||||
* codimd/docker-compose.yml
|
|
||||||
* etherpad/settings.json
|
|
||||||
* django-cas/docker-compose.yml
|
* django-cas/docker-compose.yml
|
||||||
|
|
||||||
Mettez dedans les mots de passe de base de données ou du LDAP.
|
Mettez dedans les mots de passe de base de données ou du LDAP.
|
||||||
|
|
||||||
## Map des ports
|
## Map des ports
|
||||||
|
|
||||||
* 8080 -> Riot Web
|
* 8080 -> Riot Web (chat)
|
||||||
* 8081 -> CodiMD
|
* 8081 -> CodiMD
|
||||||
* 8082 -> Grafana
|
* 8082 -> Grafana
|
||||||
* 8083 -> PrivateBin
|
* 8083 -> PrivateBin (paste)
|
||||||
* 8084 -> EtherPad
|
* 8084 -> EtherPad (pad)
|
||||||
* 8085 -> Django CAS server
|
* 8085 -> Django CAS server (cas)
|
||||||
|
|
||||||
|
|
|
@ -20,20 +20,20 @@ services:
|
||||||
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
||||||
CMD_URL_ADDPORT: "false"
|
CMD_URL_ADDPORT: "false"
|
||||||
CMD_EMAIL: "false"
|
CMD_EMAIL: "false"
|
||||||
CMD_DOMAIN: "codimd.auro.re"
|
CMD_DOMAIN: "${DOMAIN}"
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
CMD_PROTOCOL_USESSL: "true"
|
||||||
CMD_USECDN: "false"
|
CMD_USECDN: "false"
|
||||||
CMD_ALLOW_FREEURL: "true"
|
CMD_ALLOW_FREEURL: "true"
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||||
CMD_LDAP_URL: "ldap://10.128.0.11"
|
CMD_LDAP_URL: "${LDAP_URL}"
|
||||||
CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re"
|
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
|
||||||
CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !"
|
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
|
||||||
CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re"
|
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
|
||||||
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
||||||
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
||||||
CMD_LDAP_USERIDFIELD: "uid"
|
CMD_LDAP_USERIDFIELD: "uid"
|
||||||
CMD_LDAP_USERNAMEFIELD: "uid"
|
CMD_LDAP_USERNAMEFIELD: "uid"
|
||||||
CMD_LDAP_PROVIDERNAME: "Aurore"
|
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
|
||||||
ports:
|
ports:
|
||||||
- "8081:3000"
|
- "8081:3000"
|
||||||
volumes:
|
volumes:
|
||||||
|
|
6
codimd/example.env
Normal file
6
codimd/example.env
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
DOMAIN=codimd.auro.re
|
||||||
|
LDAP_URL=ldap://10.128.0.11
|
||||||
|
LDAP_BINDDN="cn=codimd,ou=service-users,dc=auro,dc=re"
|
||||||
|
LDAP_BINDCREDENTIALS="Change me"
|
||||||
|
LDAP_SEARCHBASE="cn=Utilisateurs,dc=auro,dc=re"
|
||||||
|
LDAP_PROVIDERNAME="Aurore"
|
|
@ -1,60 +0,0 @@
|
||||||
# Etherpad Lite Dockerfile
|
|
||||||
#
|
|
||||||
# https://github.com/ether/etherpad-docker
|
|
||||||
#
|
|
||||||
# Author: muxator
|
|
||||||
#
|
|
||||||
# Version 0.1, patched by Aurore
|
|
||||||
|
|
||||||
FROM node:latest
|
|
||||||
LABEL maintainer="Etherpad team, https://github.com/ether/etherpad-lite"
|
|
||||||
|
|
||||||
# git hash of the version to be built.
|
|
||||||
# If not given, build the latest development version.
|
|
||||||
ARG ETHERPAD_VERSION=develop
|
|
||||||
|
|
||||||
# plugins to install while building the container. By default no plugins are
|
|
||||||
# installed.
|
|
||||||
# If given a value, it has to be a space-separated, quoted list of plugin names.
|
|
||||||
#
|
|
||||||
# EXAMPLE:
|
|
||||||
# ETHERPAD_PLUGINS="ep_codepad ep_author_neat"
|
|
||||||
ARG ETHERPAD_PLUGINS=
|
|
||||||
|
|
||||||
# Set the following to production to avoid installing devDeps
|
|
||||||
# this can be done with build args (and is mandatory to build ARM version)
|
|
||||||
ARG NODE_ENV=development
|
|
||||||
|
|
||||||
# grab the ETHERPAD_VERSION tarball from github (no need to clone the whole
|
|
||||||
# repository)
|
|
||||||
RUN echo "Getting version: ${ETHERPAD_VERSION}" && \
|
|
||||||
curl \
|
|
||||||
--location \
|
|
||||||
--fail \
|
|
||||||
--silent \
|
|
||||||
--show-error \
|
|
||||||
--output /opt/etherpad-lite.tar.gz \
|
|
||||||
https://github.com/ether/etherpad-lite/archive/"${ETHERPAD_VERSION}".tar.gz && \
|
|
||||||
mkdir /opt/etherpad-lite && \
|
|
||||||
tar xf /opt/etherpad-lite.tar.gz \
|
|
||||||
--directory /opt/etherpad-lite \
|
|
||||||
--strip-components=1 && \
|
|
||||||
rm /opt/etherpad-lite.tar.gz
|
|
||||||
|
|
||||||
WORKDIR /opt/etherpad-lite
|
|
||||||
|
|
||||||
# install node dependencies for Etherpad
|
|
||||||
RUN bin/installDeps.sh
|
|
||||||
|
|
||||||
# Install the plugins, if ETHERPAD_PLUGINS is not empty.
|
|
||||||
#
|
|
||||||
# Bash trick: in the for loop ${ETHERPAD_PLUGINS} is NOT quoted, in order to be
|
|
||||||
# able to split at spaces.
|
|
||||||
RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; done
|
|
||||||
|
|
||||||
# Copy the custom configuration file
|
|
||||||
COPY settings.json /opt/etherpad-lite/
|
|
||||||
|
|
||||||
EXPOSE 9001
|
|
||||||
CMD ["node", "node_modules/ep_etherpad-lite/node/server.js"]
|
|
||||||
|
|
|
@ -1,11 +1,15 @@
|
||||||
version: "3.7"
|
version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
etherpad:
|
etherpad:
|
||||||
build:
|
image: etherpad/etherpad
|
||||||
context: .
|
environment:
|
||||||
args:
|
- NODE_ENV=production
|
||||||
ETHERPAD_VERSION: 1.7.5
|
- POSTGRES_USER=etherpad
|
||||||
NODE_ENV: production
|
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
|
||||||
|
- POSTGRES_DB=etherpad
|
||||||
ports:
|
ports:
|
||||||
- 8084:9001
|
- 8084:9001
|
||||||
|
volumes:
|
||||||
|
- ./settings.json:/opt/etherpad-lite/settings.json:ro
|
||||||
|
restart: always
|
||||||
|
|
1
etherpad/example.env
Normal file
1
etherpad/example.env
Normal file
|
@ -0,0 +1 @@
|
||||||
|
POSTGRES_PASSWD=asupersecurepassword
|
|
@ -3,14 +3,54 @@
|
||||||
*
|
*
|
||||||
* Please edit settings.json, not settings.json.template
|
* Please edit settings.json, not settings.json.template
|
||||||
*
|
*
|
||||||
* Please note that since Etherpad 1.6.0 you can store DB credentials in a
|
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
|
||||||
* separate file (credentials.json).
|
* a separate file (credentials.json).
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* ENVIRONMENT VARIABLE SUBSTITUTION
|
||||||
|
* =================================
|
||||||
|
*
|
||||||
|
* All the configuration values can be read from environment variables using the
|
||||||
|
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
|
||||||
|
*
|
||||||
|
* This is useful, for example, when running in a Docker container.
|
||||||
|
*
|
||||||
|
* EXAMPLE:
|
||||||
|
* "port": "${PORT:9001}"
|
||||||
|
* "minify": "${MINIFY}"
|
||||||
|
* "skinName": "${SKIN_NAME:colibris}"
|
||||||
|
*
|
||||||
|
* Would read the configuration values for those items from the environment
|
||||||
|
* variables PORT, MINIFY and SKIN_NAME.
|
||||||
|
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
||||||
|
* "colibris" would be used. The configuration value "minify", on the other
|
||||||
|
* hand, does not have a default indicated. Thus, if the environment variable
|
||||||
|
* MINIFY were undefined, "minify" would be null (do not do this).
|
||||||
|
*
|
||||||
|
* REMARKS:
|
||||||
|
* Please note that variable substitution always needs to be quoted.
|
||||||
|
*
|
||||||
|
* "port": 9001, <-- Literal values. When not using
|
||||||
|
* "minify": false substitution, only strings must be
|
||||||
|
* "skinName": "colibris" quoted. Booleans and numbers must not.
|
||||||
|
*
|
||||||
|
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
|
||||||
|
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
|
||||||
|
* "skinName": "${SKIN_NAME}" even if the required value is a number or
|
||||||
|
* a boolean.
|
||||||
|
* Etherpad will take care of rewriting it
|
||||||
|
* to the proper type if necessary.
|
||||||
|
*
|
||||||
|
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
|
||||||
|
* "minify": ${MINIFY} around variable names are missing.
|
||||||
|
* "skinName": ${SKIN_NAME}
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Name your instance!
|
* Name your instance!
|
||||||
*/
|
*/
|
||||||
"title": "Etherpad Aurore",
|
"title": "Etherpad",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* favicon default name
|
* favicon default name
|
||||||
|
@ -19,6 +59,15 @@
|
||||||
"favicon": "favicon.ico",
|
"favicon": "favicon.ico",
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
* Skin name.
|
||||||
|
*
|
||||||
|
* Its value has to be an existing directory under src/static/skins.
|
||||||
|
* You can write your own, or use one of the included ones:
|
||||||
|
*
|
||||||
|
* - "no-skin": an empty skin (default). This yields the unmodified,
|
||||||
|
* traditional Etherpad theme.
|
||||||
|
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
||||||
|
* become the default in Etherpad 2.0
|
||||||
*/
|
*/
|
||||||
"skinName": "no-skin",
|
"skinName": "no-skin",
|
||||||
|
|
||||||
|
@ -60,24 +109,22 @@
|
||||||
* You shouldn't use "dirty" for for anything else than testing or
|
* You shouldn't use "dirty" for for anything else than testing or
|
||||||
* development.
|
* development.
|
||||||
*
|
*
|
||||||
* For a complete list of the supported drivers, please consult:
|
*
|
||||||
|
* Database specific settings are dependent on dbType, and go in dbSettings.
|
||||||
|
* Remember that since Etherpad 1.6.0 you can also store these informations in
|
||||||
|
* credentials.json.
|
||||||
|
*
|
||||||
|
* For a complete list of the supported drivers, please refer to:
|
||||||
* https://www.npmjs.com/package/ueberdb2
|
* https://www.npmjs.com/package/ueberdb2
|
||||||
*/
|
*/
|
||||||
|
|
||||||
"dbType" : "postgres",
|
"dbType" : "postgres",
|
||||||
|
|
||||||
/*
|
|
||||||
* Database specific settings (dependent on dbType).
|
|
||||||
*
|
|
||||||
* Remember that since Etherpad 1.6.0 you can also store these informations in
|
|
||||||
* credentials.json.
|
|
||||||
*/
|
|
||||||
"dbSettings" : {
|
"dbSettings" : {
|
||||||
"user" : "etherpad",
|
"user" : "${POSTGRES_USER}",
|
||||||
"host" : "10.128.0.31",
|
"host" : "10.128.0.31",
|
||||||
"port" : 5432,
|
"port" : 5432,
|
||||||
"password": "CHANGE ME IN PROD !",
|
"password": "${POSTGRES_PASSWORD}",
|
||||||
"database": "etherpad"
|
"database": "${POSTGRES_DB}"
|
||||||
},
|
},
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -87,7 +134,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
"dbType" : "postgres",
|
"dbType" : "mysql",
|
||||||
"dbSettings" : {
|
"dbSettings" : {
|
||||||
"user" : "etherpaduser",
|
"user" : "etherpaduser",
|
||||||
"host" : "localhost",
|
"host" : "localhost",
|
||||||
|
@ -119,7 +166,7 @@
|
||||||
"rtl": false,
|
"rtl": false,
|
||||||
"alwaysShowChat": false,
|
"alwaysShowChat": false,
|
||||||
"chatAndUsers": false,
|
"chatAndUsers": false,
|
||||||
"lang": "fr-fr"
|
"lang": "en-gb"
|
||||||
},
|
},
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -365,6 +412,13 @@
|
||||||
},
|
},
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expose Etherpad version in the web interface and in the Server http header.
|
||||||
|
*
|
||||||
|
* Do not enable on production machines.
|
||||||
|
*/
|
||||||
|
"exposeVersion": false,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The log level we are using.
|
* The log level we are using.
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
FROM nginx:alpine
|
|
||||||
|
|
||||||
ARG version
|
|
||||||
ARG gpg_key
|
|
||||||
|
|
||||||
# Download Riot Web, verify with GPG, then install
|
|
||||||
RUN apk add --no-cache --virtual .build-deps curl gnupg &&\
|
|
||||||
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz -o riot-web.tar.gz &&\
|
|
||||||
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz.asc -o riot-web.tar.gz.asc &&\
|
|
||||||
for server in \
|
|
||||||
hkp://keyserver.ubuntu.com:80 \
|
|
||||||
hkp://p80.pool.sks-keyservers.net:80 \
|
|
||||||
ha.pool.sks-keyservers.net \
|
|
||||||
; do \
|
|
||||||
echo "Fetching GPG key $gpg_key from $server"; \
|
|
||||||
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$gpg_key" && break; \
|
|
||||||
done &&\
|
|
||||||
gpg --batch --verify riot-web.tar.gz.asc riot-web.tar.gz &&\
|
|
||||||
tar -xzf riot-web.tar.gz &&\
|
|
||||||
mv riot-${version} /etc/riot-web &&\
|
|
||||||
cp /etc/riot-web/config.sample.json /etc/riot-web/config.json &&\
|
|
||||||
rm -rf /usr/share/nginx/html && ln -s /etc/riot-web /usr/share/nginx/html &&\
|
|
||||||
rm riot-web.tar.gz* &&\
|
|
||||||
apk del .build-deps
|
|
BIN
riot/bg.jpg
Normal file
BIN
riot/bg.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 454 KiB |
|
@ -9,19 +9,31 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"disable_custom_urls": false,
|
"disable_custom_urls": false,
|
||||||
"disable_guests": false,
|
"disable_guests": true,
|
||||||
"disable_login_language_selector": false,
|
"disable_login_language_selector": false,
|
||||||
"disable_3pid_login": false,
|
"disable_3pid_login": true,
|
||||||
"brand": "Riot Aurore",
|
"brand": "Riot",
|
||||||
"integrations_ui_url": "https://scalar.vector.im/",
|
"branding": {
|
||||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
"welcomeBackgroundUrl": "/bg.jpg"
|
||||||
|
},
|
||||||
|
"integrations_ui_url": "",
|
||||||
|
"integrations_rest_url": "",
|
||||||
|
"integrations_widgets_urls": [
|
||||||
|
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar.vector.im/api",
|
||||||
|
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar-staging.vector.im/api",
|
||||||
|
"https://scalar-staging.riot.im/scalar/api"
|
||||||
|
],
|
||||||
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
|
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
|
||||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||||
"defaultCountryCode": "GB",
|
"defaultCountryCode": "FR",
|
||||||
"showLabsSettings": false,
|
"showLabsSettings": false,
|
||||||
"features": {
|
"features": {
|
||||||
"feature_groups": "labs",
|
"feature_pinning": "labs",
|
||||||
"feature_pinning": "labs"
|
"feature_custom_status": "labs",
|
||||||
|
"feature_custom_tags": "labs",
|
||||||
|
"feature_state_counters": "labs"
|
||||||
},
|
},
|
||||||
"default_federate": true,
|
"default_federate": true,
|
||||||
"default_theme": "light",
|
"default_theme": "light",
|
||||||
|
@ -31,13 +43,13 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"welcomeUserId": "@riot-bot:matrix.org",
|
"welcomeUserId": "@riot-bot:matrix.org",
|
||||||
"piwik": {
|
"piwik": false,
|
||||||
"url": "https://piwik.riot.im/",
|
"permalinkPrefix": "https://auro.re",
|
||||||
"whitelistedHSUrls": ["https://matrix.org"],
|
|
||||||
"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
|
|
||||||
"siteId": 1
|
|
||||||
},
|
|
||||||
"enable_presence_by_hs_url": {
|
"enable_presence_by_hs_url": {
|
||||||
"https://matrix.org": false
|
"https://matrix.org": false
|
||||||
}
|
},
|
||||||
|
"settingDefaults": {
|
||||||
|
"breadcrumbs": true
|
||||||
|
},
|
||||||
|
"disable_custom_urls": true
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,12 @@
|
||||||
version: "3.7"
|
version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
riot:
|
riot:
|
||||||
build:
|
image: vectorim/riot-web
|
||||||
context: .
|
|
||||||
args:
|
|
||||||
version: v1.3.0
|
|
||||||
gpg_key: 5EA7E0F70461A3BCBEBE4D5EF6151806032026F9
|
|
||||||
volumes:
|
volumes:
|
||||||
# Make Riot default to auro.re matrix server
|
- ./config.json:/app/config.json:ro
|
||||||
- ./config.json:/etc/riot-web/config.json:ro
|
- ./bg.jpg:/app/bg.jpg:ro
|
||||||
|
# - ./welcome.html:/app/welcome.html:ro
|
||||||
ports:
|
ports:
|
||||||
- 8080:80
|
- 8080:80
|
||||||
restart: always
|
restart: always
|
||||||
|
|
Loading…
Reference in a new issue