Merge erdnaxe docker into Aurore

This commit is contained in:
Alexandre Iooss 2019-11-01 11:32:07 +01:00
parent f2945bfb1f
commit fe16b6c810
No known key found for this signature in database
GPG key ID: 6C79278F3FCDCC02
12 changed files with 131 additions and 145 deletions

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
# data
data_*
.env

View file

@ -4,8 +4,6 @@ Ensemble des recettes Docker d'Aurore.
L'idée est de pouvoir redonder les services « légers » entre les résidences.
En cours de test par erdnaxe.
Pour lancer un service, aller dans le dossier puis
`sudo docker-compose up --build -d`.
@ -13,19 +11,17 @@ Pour lancer un service, aller dans le dossier puis
Les fichiers suivant ne doivent être lisibles que par root :
* les fichiers `.env` (s'inspirer des `example.env`)
* grafana/ldap.toml
* codimd/docker-compose.yml
* etherpad/settings.json
* django-cas/docker-compose.yml
Mettez dedans les mots de passe de base de données ou du LDAP.
## Map des ports
* 8080 -> Riot Web
* 8080 -> Riot Web (chat)
* 8081 -> CodiMD
* 8082 -> Grafana
* 8083 -> PrivateBin
* 8084 -> EtherPad
* 8085 -> Django CAS server
* 8083 -> PrivateBin (paste)
* 8084 -> EtherPad (pad)
* 8085 -> Django CAS server (cas)

View file

@ -20,20 +20,20 @@ services:
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
CMD_URL_ADDPORT: "false"
CMD_EMAIL: "false"
CMD_DOMAIN: "codimd.auro.re"
CMD_DOMAIN: "${DOMAIN}"
CMD_PROTOCOL_USESSL: "true"
CMD_USECDN: "false"
CMD_ALLOW_FREEURL: "true"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_LDAP_URL: "ldap://10.128.0.11"
CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re"
CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !"
CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re"
CMD_LDAP_URL: "${LDAP_URL}"
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid"
CMD_LDAP_PROVIDERNAME: "Aurore"
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
ports:
- "8081:3000"
volumes:

6
codimd/example.env Normal file
View file

@ -0,0 +1,6 @@
DOMAIN=codimd.auro.re
LDAP_URL=ldap://10.128.0.11
LDAP_BINDDN="cn=codimd,ou=service-users,dc=auro,dc=re"
LDAP_BINDCREDENTIALS="Change me"
LDAP_SEARCHBASE="cn=Utilisateurs,dc=auro,dc=re"
LDAP_PROVIDERNAME="Aurore"

View file

@ -1,60 +0,0 @@
# Etherpad Lite Dockerfile
#
# https://github.com/ether/etherpad-docker
#
# Author: muxator
#
# Version 0.1, patched by Aurore
FROM node:latest
LABEL maintainer="Etherpad team, https://github.com/ether/etherpad-lite"
# git hash of the version to be built.
# If not given, build the latest development version.
ARG ETHERPAD_VERSION=develop
# plugins to install while building the container. By default no plugins are
# installed.
# If given a value, it has to be a space-separated, quoted list of plugin names.
#
# EXAMPLE:
# ETHERPAD_PLUGINS="ep_codepad ep_author_neat"
ARG ETHERPAD_PLUGINS=
# Set the following to production to avoid installing devDeps
# this can be done with build args (and is mandatory to build ARM version)
ARG NODE_ENV=development
# grab the ETHERPAD_VERSION tarball from github (no need to clone the whole
# repository)
RUN echo "Getting version: ${ETHERPAD_VERSION}" && \
curl \
--location \
--fail \
--silent \
--show-error \
--output /opt/etherpad-lite.tar.gz \
https://github.com/ether/etherpad-lite/archive/"${ETHERPAD_VERSION}".tar.gz && \
mkdir /opt/etherpad-lite && \
tar xf /opt/etherpad-lite.tar.gz \
--directory /opt/etherpad-lite \
--strip-components=1 && \
rm /opt/etherpad-lite.tar.gz
WORKDIR /opt/etherpad-lite
# install node dependencies for Etherpad
RUN bin/installDeps.sh
# Install the plugins, if ETHERPAD_PLUGINS is not empty.
#
# Bash trick: in the for loop ${ETHERPAD_PLUGINS} is NOT quoted, in order to be
# able to split at spaces.
RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; done
# Copy the custom configuration file
COPY settings.json /opt/etherpad-lite/
EXPOSE 9001
CMD ["node", "node_modules/ep_etherpad-lite/node/server.js"]

View file

@ -1,11 +1,15 @@
version: "3.7"
version: "3"
services:
etherpad:
build:
context: .
args:
ETHERPAD_VERSION: 1.7.5
NODE_ENV: production
image: etherpad/etherpad
environment:
- NODE_ENV=production
- POSTGRES_USER=etherpad
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
- POSTGRES_DB=etherpad
ports:
- 8084:9001
volumes:
- ./settings.json:/opt/etherpad-lite/settings.json:ro
restart: always

1
etherpad/example.env Normal file
View file

@ -0,0 +1 @@
POSTGRES_PASSWD=asupersecurepassword

View file

@ -3,14 +3,54 @@
*
* Please edit settings.json, not settings.json.template
*
* Please note that since Etherpad 1.6.0 you can store DB credentials in a
* separate file (credentials.json).
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
* a separate file (credentials.json).
*
*
* ENVIRONMENT VARIABLE SUBSTITUTION
* =================================
*
* All the configuration values can be read from environment variables using the
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
*
* This is useful, for example, when running in a Docker container.
*
* EXAMPLE:
* "port": "${PORT:9001}"
* "minify": "${MINIFY}"
* "skinName": "${SKIN_NAME:colibris}"
*
* Would read the configuration values for those items from the environment
* variables PORT, MINIFY and SKIN_NAME.
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
* "colibris" would be used. The configuration value "minify", on the other
* hand, does not have a default indicated. Thus, if the environment variable
* MINIFY were undefined, "minify" would be null (do not do this).
*
* REMARKS:
* Please note that variable substitution always needs to be quoted.
*
* "port": 9001, <-- Literal values. When not using
* "minify": false substitution, only strings must be
* "skinName": "colibris" quoted. Booleans and numbers must not.
*
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
* "skinName": "${SKIN_NAME}" even if the required value is a number or
* a boolean.
* Etherpad will take care of rewriting it
* to the proper type if necessary.
*
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
* "minify": ${MINIFY} around variable names are missing.
* "skinName": ${SKIN_NAME}
*
*/
{
/*
* Name your instance!
*/
"title": "Etherpad Aurore",
"title": "Etherpad",
/*
* favicon default name
@ -19,6 +59,15 @@
"favicon": "favicon.ico",
/*
* Skin name.
*
* Its value has to be an existing directory under src/static/skins.
* You can write your own, or use one of the included ones:
*
* - "no-skin": an empty skin (default). This yields the unmodified,
* traditional Etherpad theme.
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
* become the default in Etherpad 2.0
*/
"skinName": "no-skin",
@ -60,24 +109,22 @@
* You shouldn't use "dirty" for for anything else than testing or
* development.
*
* For a complete list of the supported drivers, please consult:
*
* Database specific settings are dependent on dbType, and go in dbSettings.
* Remember that since Etherpad 1.6.0 you can also store these informations in
* credentials.json.
*
* For a complete list of the supported drivers, please refer to:
* https://www.npmjs.com/package/ueberdb2
*/
"dbType" : "postgres",
/*
* Database specific settings (dependent on dbType).
*
* Remember that since Etherpad 1.6.0 you can also store these informations in
* credentials.json.
*/
"dbSettings" : {
"user" : "etherpad",
"user" : "${POSTGRES_USER}",
"host" : "10.128.0.31",
"port" : 5432,
"password": "CHANGE ME IN PROD !",
"database": "etherpad"
"password": "${POSTGRES_PASSWORD}",
"database": "${POSTGRES_DB}"
},
/*
@ -87,7 +134,7 @@
*/
/*
"dbType" : "postgres",
"dbType" : "mysql",
"dbSettings" : {
"user" : "etherpaduser",
"host" : "localhost",
@ -119,7 +166,7 @@
"rtl": false,
"alwaysShowChat": false,
"chatAndUsers": false,
"lang": "fr-fr"
"lang": "en-gb"
},
/*
@ -365,6 +412,13 @@
},
*/
/*
* Expose Etherpad version in the web interface and in the Server http header.
*
* Do not enable on production machines.
*/
"exposeVersion": false,
/*
* The log level we are using.
*

View file

@ -1,24 +0,0 @@
FROM nginx:alpine
ARG version
ARG gpg_key
# Download Riot Web, verify with GPG, then install
RUN apk add --no-cache --virtual .build-deps curl gnupg &&\
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz -o riot-web.tar.gz &&\
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz.asc -o riot-web.tar.gz.asc &&\
for server in \
hkp://keyserver.ubuntu.com:80 \
hkp://p80.pool.sks-keyservers.net:80 \
ha.pool.sks-keyservers.net \
; do \
echo "Fetching GPG key $gpg_key from $server"; \
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$gpg_key" && break; \
done &&\
gpg --batch --verify riot-web.tar.gz.asc riot-web.tar.gz &&\
tar -xzf riot-web.tar.gz &&\
mv riot-${version} /etc/riot-web &&\
cp /etc/riot-web/config.sample.json /etc/riot-web/config.json &&\
rm -rf /usr/share/nginx/html && ln -s /etc/riot-web /usr/share/nginx/html &&\
rm riot-web.tar.gz* &&\
apk del .build-deps

BIN
riot/bg.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 454 KiB

View file

@ -9,19 +9,31 @@
}
},
"disable_custom_urls": false,
"disable_guests": false,
"disable_guests": true,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "Riot Aurore",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"disable_3pid_login": true,
"brand": "Riot",
"branding": {
"welcomeBackgroundUrl": "/bg.jpg"
},
"integrations_ui_url": "",
"integrations_rest_url": "",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"defaultCountryCode": "GB",
"defaultCountryCode": "FR",
"showLabsSettings": false,
"features": {
"feature_groups": "labs",
"feature_pinning": "labs"
"feature_pinning": "labs",
"feature_custom_status": "labs",
"feature_custom_tags": "labs",
"feature_state_counters": "labs"
},
"default_federate": true,
"default_theme": "light",
@ -31,13 +43,13 @@
]
},
"welcomeUserId": "@riot-bot:matrix.org",
"piwik": {
"url": "https://piwik.riot.im/",
"whitelistedHSUrls": ["https://matrix.org"],
"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
"siteId": 1
},
"piwik": false,
"permalinkPrefix": "https://auro.re",
"enable_presence_by_hs_url": {
"https://matrix.org": false
}
},
"settingDefaults": {
"breadcrumbs": true
},
"disable_custom_urls": true
}

View file

@ -1,15 +1,12 @@
version: "3.7"
version: "3"
services:
riot:
build:
context: .
args:
version: v1.3.0
gpg_key: 5EA7E0F70461A3BCBEBE4D5EF6151806032026F9
image: vectorim/riot-web
volumes:
# Make Riot default to auro.re matrix server
- ./config.json:/etc/riot-web/config.json:ro
- ./config.json:/app/config.json:ro
- ./bg.jpg:/app/bg.jpg:ro
# - ./welcome.html:/app/welcome.html:ro
ports:
- 8080:80
restart: always