Merge erdnaxe docker into Aurore
This commit is contained in:
parent
f2945bfb1f
commit
fe16b6c810
12 changed files with 131 additions and 145 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
|||
# data
|
||||
data_*
|
||||
.env
|
||||
|
|
14
README.md
14
README.md
|
@ -4,8 +4,6 @@ Ensemble des recettes Docker d'Aurore.
|
|||
|
||||
L'idée est de pouvoir redonder les services « légers » entre les résidences.
|
||||
|
||||
En cours de test par erdnaxe.
|
||||
|
||||
Pour lancer un service, aller dans le dossier puis
|
||||
`sudo docker-compose up --build -d`.
|
||||
|
||||
|
@ -13,19 +11,17 @@ Pour lancer un service, aller dans le dossier puis
|
|||
|
||||
Les fichiers suivant ne doivent être lisibles que par root :
|
||||
|
||||
* les fichiers `.env` (s'inspirer des `example.env`)
|
||||
* grafana/ldap.toml
|
||||
* codimd/docker-compose.yml
|
||||
* etherpad/settings.json
|
||||
* django-cas/docker-compose.yml
|
||||
|
||||
Mettez dedans les mots de passe de base de données ou du LDAP.
|
||||
|
||||
## Map des ports
|
||||
|
||||
* 8080 -> Riot Web
|
||||
* 8080 -> Riot Web (chat)
|
||||
* 8081 -> CodiMD
|
||||
* 8082 -> Grafana
|
||||
* 8083 -> PrivateBin
|
||||
* 8084 -> EtherPad
|
||||
* 8085 -> Django CAS server
|
||||
|
||||
* 8083 -> PrivateBin (paste)
|
||||
* 8084 -> EtherPad (pad)
|
||||
* 8085 -> Django CAS server (cas)
|
||||
|
|
|
@ -20,20 +20,20 @@ services:
|
|||
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
|
||||
CMD_URL_ADDPORT: "false"
|
||||
CMD_EMAIL: "false"
|
||||
CMD_DOMAIN: "codimd.auro.re"
|
||||
CMD_DOMAIN: "${DOMAIN}"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
CMD_USECDN: "false"
|
||||
CMD_ALLOW_FREEURL: "true"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_LDAP_URL: "ldap://10.128.0.11"
|
||||
CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re"
|
||||
CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !"
|
||||
CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re"
|
||||
CMD_LDAP_URL: "${LDAP_URL}"
|
||||
CMD_LDAP_BINDDN: "${LDAP_BINDDN}"
|
||||
CMD_LDAP_BINDCREDENTIALS: "${LDAP_BINDCREDENTIALS}"
|
||||
CMD_LDAP_SEARCHBASE: "${LDAP_SEARCHBASE}"
|
||||
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
|
||||
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
|
||||
CMD_LDAP_USERIDFIELD: "uid"
|
||||
CMD_LDAP_USERNAMEFIELD: "uid"
|
||||
CMD_LDAP_PROVIDERNAME: "Aurore"
|
||||
CMD_LDAP_PROVIDERNAME: "${LDAP_PROVIDERNAME}"
|
||||
ports:
|
||||
- "8081:3000"
|
||||
volumes:
|
||||
|
|
6
codimd/example.env
Normal file
6
codimd/example.env
Normal file
|
@ -0,0 +1,6 @@
|
|||
DOMAIN=codimd.auro.re
|
||||
LDAP_URL=ldap://10.128.0.11
|
||||
LDAP_BINDDN="cn=codimd,ou=service-users,dc=auro,dc=re"
|
||||
LDAP_BINDCREDENTIALS="Change me"
|
||||
LDAP_SEARCHBASE="cn=Utilisateurs,dc=auro,dc=re"
|
||||
LDAP_PROVIDERNAME="Aurore"
|
|
@ -1,60 +0,0 @@
|
|||
# Etherpad Lite Dockerfile
|
||||
#
|
||||
# https://github.com/ether/etherpad-docker
|
||||
#
|
||||
# Author: muxator
|
||||
#
|
||||
# Version 0.1, patched by Aurore
|
||||
|
||||
FROM node:latest
|
||||
LABEL maintainer="Etherpad team, https://github.com/ether/etherpad-lite"
|
||||
|
||||
# git hash of the version to be built.
|
||||
# If not given, build the latest development version.
|
||||
ARG ETHERPAD_VERSION=develop
|
||||
|
||||
# plugins to install while building the container. By default no plugins are
|
||||
# installed.
|
||||
# If given a value, it has to be a space-separated, quoted list of plugin names.
|
||||
#
|
||||
# EXAMPLE:
|
||||
# ETHERPAD_PLUGINS="ep_codepad ep_author_neat"
|
||||
ARG ETHERPAD_PLUGINS=
|
||||
|
||||
# Set the following to production to avoid installing devDeps
|
||||
# this can be done with build args (and is mandatory to build ARM version)
|
||||
ARG NODE_ENV=development
|
||||
|
||||
# grab the ETHERPAD_VERSION tarball from github (no need to clone the whole
|
||||
# repository)
|
||||
RUN echo "Getting version: ${ETHERPAD_VERSION}" && \
|
||||
curl \
|
||||
--location \
|
||||
--fail \
|
||||
--silent \
|
||||
--show-error \
|
||||
--output /opt/etherpad-lite.tar.gz \
|
||||
https://github.com/ether/etherpad-lite/archive/"${ETHERPAD_VERSION}".tar.gz && \
|
||||
mkdir /opt/etherpad-lite && \
|
||||
tar xf /opt/etherpad-lite.tar.gz \
|
||||
--directory /opt/etherpad-lite \
|
||||
--strip-components=1 && \
|
||||
rm /opt/etherpad-lite.tar.gz
|
||||
|
||||
WORKDIR /opt/etherpad-lite
|
||||
|
||||
# install node dependencies for Etherpad
|
||||
RUN bin/installDeps.sh
|
||||
|
||||
# Install the plugins, if ETHERPAD_PLUGINS is not empty.
|
||||
#
|
||||
# Bash trick: in the for loop ${ETHERPAD_PLUGINS} is NOT quoted, in order to be
|
||||
# able to split at spaces.
|
||||
RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; done
|
||||
|
||||
# Copy the custom configuration file
|
||||
COPY settings.json /opt/etherpad-lite/
|
||||
|
||||
EXPOSE 9001
|
||||
CMD ["node", "node_modules/ep_etherpad-lite/node/server.js"]
|
||||
|
|
@ -1,11 +1,15 @@
|
|||
version: "3.7"
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
etherpad:
|
||||
build:
|
||||
context: .
|
||||
args:
|
||||
ETHERPAD_VERSION: 1.7.5
|
||||
NODE_ENV: production
|
||||
image: etherpad/etherpad
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- POSTGRES_USER=etherpad
|
||||
- "POSTGRES_PASSWORD=${POSTGRES_PASSWD}"
|
||||
- POSTGRES_DB=etherpad
|
||||
ports:
|
||||
- 8084:9001
|
||||
volumes:
|
||||
- ./settings.json:/opt/etherpad-lite/settings.json:ro
|
||||
restart: always
|
||||
|
|
1
etherpad/example.env
Normal file
1
etherpad/example.env
Normal file
|
@ -0,0 +1 @@
|
|||
POSTGRES_PASSWD=asupersecurepassword
|
|
@ -3,14 +3,54 @@
|
|||
*
|
||||
* Please edit settings.json, not settings.json.template
|
||||
*
|
||||
* Please note that since Etherpad 1.6.0 you can store DB credentials in a
|
||||
* separate file (credentials.json).
|
||||
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
|
||||
* a separate file (credentials.json).
|
||||
*
|
||||
*
|
||||
* ENVIRONMENT VARIABLE SUBSTITUTION
|
||||
* =================================
|
||||
*
|
||||
* All the configuration values can be read from environment variables using the
|
||||
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
|
||||
*
|
||||
* This is useful, for example, when running in a Docker container.
|
||||
*
|
||||
* EXAMPLE:
|
||||
* "port": "${PORT:9001}"
|
||||
* "minify": "${MINIFY}"
|
||||
* "skinName": "${SKIN_NAME:colibris}"
|
||||
*
|
||||
* Would read the configuration values for those items from the environment
|
||||
* variables PORT, MINIFY and SKIN_NAME.
|
||||
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
||||
* "colibris" would be used. The configuration value "minify", on the other
|
||||
* hand, does not have a default indicated. Thus, if the environment variable
|
||||
* MINIFY were undefined, "minify" would be null (do not do this).
|
||||
*
|
||||
* REMARKS:
|
||||
* Please note that variable substitution always needs to be quoted.
|
||||
*
|
||||
* "port": 9001, <-- Literal values. When not using
|
||||
* "minify": false substitution, only strings must be
|
||||
* "skinName": "colibris" quoted. Booleans and numbers must not.
|
||||
*
|
||||
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
|
||||
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
|
||||
* "skinName": "${SKIN_NAME}" even if the required value is a number or
|
||||
* a boolean.
|
||||
* Etherpad will take care of rewriting it
|
||||
* to the proper type if necessary.
|
||||
*
|
||||
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
|
||||
* "minify": ${MINIFY} around variable names are missing.
|
||||
* "skinName": ${SKIN_NAME}
|
||||
*
|
||||
*/
|
||||
{
|
||||
/*
|
||||
* Name your instance!
|
||||
*/
|
||||
"title": "Etherpad Aurore",
|
||||
"title": "Etherpad",
|
||||
|
||||
/*
|
||||
* favicon default name
|
||||
|
@ -19,6 +59,15 @@
|
|||
"favicon": "favicon.ico",
|
||||
|
||||
/*
|
||||
* Skin name.
|
||||
*
|
||||
* Its value has to be an existing directory under src/static/skins.
|
||||
* You can write your own, or use one of the included ones:
|
||||
*
|
||||
* - "no-skin": an empty skin (default). This yields the unmodified,
|
||||
* traditional Etherpad theme.
|
||||
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
||||
* become the default in Etherpad 2.0
|
||||
*/
|
||||
"skinName": "no-skin",
|
||||
|
||||
|
@ -60,24 +109,22 @@
|
|||
* You shouldn't use "dirty" for for anything else than testing or
|
||||
* development.
|
||||
*
|
||||
* For a complete list of the supported drivers, please consult:
|
||||
*
|
||||
* Database specific settings are dependent on dbType, and go in dbSettings.
|
||||
* Remember that since Etherpad 1.6.0 you can also store these informations in
|
||||
* credentials.json.
|
||||
*
|
||||
* For a complete list of the supported drivers, please refer to:
|
||||
* https://www.npmjs.com/package/ueberdb2
|
||||
*/
|
||||
|
||||
"dbType" : "postgres",
|
||||
|
||||
/*
|
||||
* Database specific settings (dependent on dbType).
|
||||
*
|
||||
* Remember that since Etherpad 1.6.0 you can also store these informations in
|
||||
* credentials.json.
|
||||
*/
|
||||
"dbSettings" : {
|
||||
"user" : "etherpad",
|
||||
"user" : "${POSTGRES_USER}",
|
||||
"host" : "10.128.0.31",
|
||||
"port" : 5432,
|
||||
"password": "CHANGE ME IN PROD !",
|
||||
"database": "etherpad"
|
||||
"password": "${POSTGRES_PASSWORD}",
|
||||
"database": "${POSTGRES_DB}"
|
||||
},
|
||||
|
||||
/*
|
||||
|
@ -87,7 +134,7 @@
|
|||
*/
|
||||
|
||||
/*
|
||||
"dbType" : "postgres",
|
||||
"dbType" : "mysql",
|
||||
"dbSettings" : {
|
||||
"user" : "etherpaduser",
|
||||
"host" : "localhost",
|
||||
|
@ -119,7 +166,7 @@
|
|||
"rtl": false,
|
||||
"alwaysShowChat": false,
|
||||
"chatAndUsers": false,
|
||||
"lang": "fr-fr"
|
||||
"lang": "en-gb"
|
||||
},
|
||||
|
||||
/*
|
||||
|
@ -365,6 +412,13 @@
|
|||
},
|
||||
*/
|
||||
|
||||
/*
|
||||
* Expose Etherpad version in the web interface and in the Server http header.
|
||||
*
|
||||
* Do not enable on production machines.
|
||||
*/
|
||||
"exposeVersion": false,
|
||||
|
||||
/*
|
||||
* The log level we are using.
|
||||
*
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
FROM nginx:alpine
|
||||
|
||||
ARG version
|
||||
ARG gpg_key
|
||||
|
||||
# Download Riot Web, verify with GPG, then install
|
||||
RUN apk add --no-cache --virtual .build-deps curl gnupg &&\
|
||||
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz -o riot-web.tar.gz &&\
|
||||
curl -sSL https://github.com/vector-im/riot-web/releases/download/${version}/riot-${version}.tar.gz.asc -o riot-web.tar.gz.asc &&\
|
||||
for server in \
|
||||
hkp://keyserver.ubuntu.com:80 \
|
||||
hkp://p80.pool.sks-keyservers.net:80 \
|
||||
ha.pool.sks-keyservers.net \
|
||||
; do \
|
||||
echo "Fetching GPG key $gpg_key from $server"; \
|
||||
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$gpg_key" && break; \
|
||||
done &&\
|
||||
gpg --batch --verify riot-web.tar.gz.asc riot-web.tar.gz &&\
|
||||
tar -xzf riot-web.tar.gz &&\
|
||||
mv riot-${version} /etc/riot-web &&\
|
||||
cp /etc/riot-web/config.sample.json /etc/riot-web/config.json &&\
|
||||
rm -rf /usr/share/nginx/html && ln -s /etc/riot-web /usr/share/nginx/html &&\
|
||||
rm riot-web.tar.gz* &&\
|
||||
apk del .build-deps
|
BIN
riot/bg.jpg
Normal file
BIN
riot/bg.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 454 KiB |
|
@ -9,19 +9,31 @@
|
|||
}
|
||||
},
|
||||
"disable_custom_urls": false,
|
||||
"disable_guests": false,
|
||||
"disable_guests": true,
|
||||
"disable_login_language_selector": false,
|
||||
"disable_3pid_login": false,
|
||||
"brand": "Riot Aurore",
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"disable_3pid_login": true,
|
||||
"brand": "Riot",
|
||||
"branding": {
|
||||
"welcomeBackgroundUrl": "/bg.jpg"
|
||||
},
|
||||
"integrations_ui_url": "",
|
||||
"integrations_rest_url": "",
|
||||
"integrations_widgets_urls": [
|
||||
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar.vector.im/api",
|
||||
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar-staging.vector.im/api",
|
||||
"https://scalar-staging.riot.im/scalar/api"
|
||||
],
|
||||
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
|
||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||
"defaultCountryCode": "GB",
|
||||
"defaultCountryCode": "FR",
|
||||
"showLabsSettings": false,
|
||||
"features": {
|
||||
"feature_groups": "labs",
|
||||
"feature_pinning": "labs"
|
||||
"feature_pinning": "labs",
|
||||
"feature_custom_status": "labs",
|
||||
"feature_custom_tags": "labs",
|
||||
"feature_state_counters": "labs"
|
||||
},
|
||||
"default_federate": true,
|
||||
"default_theme": "light",
|
||||
|
@ -31,13 +43,13 @@
|
|||
]
|
||||
},
|
||||
"welcomeUserId": "@riot-bot:matrix.org",
|
||||
"piwik": {
|
||||
"url": "https://piwik.riot.im/",
|
||||
"whitelistedHSUrls": ["https://matrix.org"],
|
||||
"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
|
||||
"siteId": 1
|
||||
},
|
||||
"piwik": false,
|
||||
"permalinkPrefix": "https://auro.re",
|
||||
"enable_presence_by_hs_url": {
|
||||
"https://matrix.org": false
|
||||
}
|
||||
},
|
||||
"settingDefaults": {
|
||||
"breadcrumbs": true
|
||||
},
|
||||
"disable_custom_urls": true
|
||||
}
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
version: "3.7"
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
riot:
|
||||
build:
|
||||
context: .
|
||||
args:
|
||||
version: v1.3.0
|
||||
gpg_key: 5EA7E0F70461A3BCBEBE4D5EF6151806032026F9
|
||||
image: vectorim/riot-web
|
||||
volumes:
|
||||
# Make Riot default to auro.re matrix server
|
||||
- ./config.json:/etc/riot-web/config.json:ro
|
||||
- ./config.json:/app/config.json:ro
|
||||
- ./bg.jpg:/app/bg.jpg:ro
|
||||
# - ./welcome.html:/app/welcome.html:ro
|
||||
ports:
|
||||
- 8080:80
|
||||
restart: always
|
||||
|
|
Loading…
Reference in a new issue