commit c15ad05c01d3c4961e5284b3e17f7f7c24e49fc8 Author: grubshka Date: Fri Apr 3 17:37:48 2026 +0200 feat: first stacks diff --git a/stacks/lail-apps/collabora/README.md b/stacks/lail-apps/collabora/README.md new file mode 100644 index 0000000..22e191a --- /dev/null +++ b/stacks/lail-apps/collabora/README.md @@ -0,0 +1,22 @@ +# Déploiement de l'application Collabora CODE + +Pour le moment, l'application a été déployée via une image Docker, il faudra la migrer sur un docker-compose complet. + +## Configuration + +- Domaine : `https://collabora1.apps.lopin.lail.cloud` +- Docker image: `collabora/code` +- Ports exposes: `9980` +- Custom Docker Options : `--cap-add SYS_ADMIN --device=/dev/fuse --security-opt apparmor:unconfined --ulimit nofile=1024:1024` +- Variable d'environnements +``` +aliasgroup1=z.lail.cloud|a.lail.cloud +server_name=collabora1.apps.lopin.lail.cloud +ssl.enable=false +ssl.termination=true +extra_params=--o:ssl.enable=false --o:ssl.termination=true +``` + +## Configuration de Nextcloud + +TODO \ No newline at end of file diff --git a/stacks/lail-apps/forgejo/docker-compose.yml b/stacks/lail-apps/forgejo/docker-compose.yml new file mode 100644 index 0000000..f6fa9af --- /dev/null +++ b/stacks/lail-apps/forgejo/docker-compose.yml @@ -0,0 +1,52 @@ +services: + forgejo: + image: 'codeberg.org/forgejo/forgejo:8' + environment: + - SERVICE_URL_FORGEJO_3000 + - 'FORGEJO__server__ROOT_URL=${SERVICE_URL_FORGEJO}' + - 'FORGEJO__migrations__ALLOWED_DOMAINS=${FORGEJO__migrations__ALLOWED_DOMAINS}' + - 'FORGEJO__migrations__ALLOW_LOCALNETWORKS=${FORGEJO__migrations__ALLOW_LOCALNETWORKS-false}' + - USER_UID=1000 + - USER_GID=1000 + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=postgresql + - 'FORGEJO__database__NAME=${POSTGRESQL_DATABASE-forgejo}' + - FORGEJO__database__USER=$SERVICE_USER_POSTGRESQL + - FORGEJO__database__PASSWD=$SERVICE_PASSWORD_POSTGRESQL + - FORGEJO__service__DISABLE_REGISTRATION=false + - FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true + - FORGEJO__service__SHOW_REGISTRATION_BUTTON=false + - FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION=true + volumes: + - '/data/lail-apps/lail-forgejo:/data' + - 'forgejo-timezone:/etc/timezone:ro' + - 'forgejo-localtime:/etc/localtime:ro' + ports: + - '22222:22' + depends_on: + postgresql: + condition: service_healthy + healthcheck: + test: + - CMD + - curl + - '-f' + - 'http://127.0.0.1:3000' + interval: 2s + timeout: 10s + retries: 15 + postgresql: + image: 'postgres:16-alpine' + volumes: + - 'forgejo-postgresql-data:/var/lib/postgresql/data' + environment: + - 'POSTGRES_USER=${SERVICE_USER_POSTGRESQL}' + - 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}' + - 'POSTGRES_DB=${POSTGRESQL_DATABASE}' + healthcheck: + test: + - CMD-SHELL + - 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}' + interval: 5s + timeout: 20s + retries: 10 \ No newline at end of file diff --git a/stacks/lail-apps/outline/README.md b/stacks/lail-apps/outline/README.md new file mode 100644 index 0000000..44dd9e6 --- /dev/null +++ b/stacks/lail-apps/outline/README.md @@ -0,0 +1,25 @@ +# Application Outline + +## Configuration +- URL du container outline : https://wiki.lail.cloud:3000 +- Variables d'environnement : +``` +OIDC_USERINFO_URI=https://sso.lail.cloud/application/o/userinfo/ +OIDC_LOGOUT_URI=https://sso.lail.cloud/application/o/lail-outline/end-session/ +OIDC_USERNAME_CLAIM=preferred_username +OIDC_DISPLAY_NAME=Authentik +OIDC_SCOPES=openid profile email +SMTP_HOST= +SMTP_PORT= +SMTP_USERNAME= +SMTP_PASSWORD= +SMTP_FROM_EMAIL= +OIDC_CLIENT_ID=[protected] +OIDC_CLIENT_SECRET=[protected] +OIDC_AUTH_URI=https://sso.lail.cloud/application/o/authorize/ +OIDC_TOKEN_URI=https://sso.lail.cloud/application/o/token/ +SMTP_REPLY_EMAIL= +SMTP_TLS_CIPHERS= +SMTP_SECURE= +SMTP_NAME= +``` \ No newline at end of file diff --git a/stacks/lail-apps/outline/docker-compose.yml b/stacks/lail-apps/outline/docker-compose.yml new file mode 100644 index 0000000..4ac9b95 --- /dev/null +++ b/stacks/lail-apps/outline/docker-compose.yml @@ -0,0 +1,108 @@ +services: + outline: + image: 'docker.getoutline.com/outlinewiki/outline:latest' + volumes: + - '/data/lail-apps/lail-outline:/var/lib/outline/data' + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + environment: + - SERVICE_URL_OUTLINE_3000 + - NODE_ENV=production + - 'SECRET_KEY=${SERVICE_HEX_32_OUTLINE}' + - 'UTILS_SECRET=${SERVICE_PASSWORD_64_OUTLINE}' + - 'DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_64_POSTGRES}@postgres:5432/${POSTGRES_DATABASE:-outline}' + - 'REDIS_URL=redis://:${SERVICE_PASSWORD_64_REDIS}@redis:6379' + - 'URL=${SERVICE_URL_OUTLINE}' + - 'PORT=${OUTLINE_PORT:-3000}' + - 'FILE_STORAGE=${FILE_STORAGE:-local}' + - 'FILE_STORAGE_LOCAL_ROOT_DIR=${FILE_STORAGE_LOCAL_ROOT_DIR:-/var/lib/outline/data}' + - 'FILE_STORAGE_UPLOAD_MAX_SIZE=${FILE_STORAGE_UPLOAD_MAX_SIZE:-2000}' + - 'FILE_STORAGE_IMPORT_MAX_SIZE=${FILE_STORAGE_IMPORT_MAX_SIZE:-100}' + - 'FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=${FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE}' + - 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}' + - 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}' + - 'AWS_REGION=${AWS_REGION}' + - 'AWS_S3_ACCELERATE_URL=${AWS_S3_ACCELERATE_URL}' + - 'AWS_S3_UPLOAD_BUCKET_URL=${AWS_S3_UPLOAD_BUCKET_URL}' + - 'AWS_S3_UPLOAD_BUCKET_NAME=${AWS_S3_UPLOAD_BUCKET_NAME}' + - 'AWS_S3_FORCE_PATH_STYLE=${AWS_S3_FORCE_PATH_STYLE:-true}' + - 'AWS_S3_ACL=${AWS_S3_ACL:-private}' + - 'SLACK_CLIENT_ID=${SLACK_CLIENT_ID}' + - 'SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}' + - 'GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}' + - 'GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}' + - 'AZURE_CLIENT_ID=${AZURE_CLIENT_ID}' + - 'AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}' + - 'AZURE_RESOURCE_APP_ID=${AZURE_RESOURCE_APP_ID}' + - 'OIDC_CLIENT_ID=${OIDC_CLIENT_ID}' + - 'OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}' + - 'OIDC_AUTH_URI=${OIDC_AUTH_URI}' + - 'OIDC_TOKEN_URI=${OIDC_TOKEN_URI}' + - 'OIDC_USERINFO_URI=${OIDC_USERINFO_URI}' + - 'OIDC_LOGOUT_URI=${OIDC_LOGOUT_URI}' + - 'OIDC_USERNAME_CLAIM=${OIDC_USERNAME_CLAIM}' + - 'OIDC_DISPLAY_NAME=${OIDC_DISPLAY_NAME}' + - 'OIDC_SCOPES=${OIDC_SCOPES}' + - 'GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}' + - 'GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}' + - 'GITHUB_APP_NAME=${GITHUB_APP_NAME}' + - 'GITHUB_APP_ID=${GITHUB_APP_ID}' + - 'GITHUB_APP_PRIVATE_KEY=${GITHUB_APP_PRIVATE_KEY}' + - 'DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}' + - 'DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}' + - 'DISCORD_SERVER_ID=${DISCORD_SERVER_ID}' + - 'DISCORD_SERVER_ROLES=${DISCORD_SERVER_ROLES}' + - 'PGSSLMODE=${PGSSLMODE:-disable}' + - 'FORCE_HTTPS=${FORCE_HTTPS:-true}' + - 'SMTP_HOST=${SMTP_HOST}' + - 'SMTP_PORT=${SMTP_PORT}' + - 'SMTP_USERNAME=${SMTP_USERNAME}' + - 'SMTP_PASSWORD=${SMTP_PASSWORD}' + - 'SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL}' + - 'SMTP_REPLY_EMAIL=${SMTP_REPLY_EMAIL}' + - 'SMTP_TLS_CIPHERS=${SMTP_TLS_CIPHERS}' + - 'SMTP_SECURE=${SMTP_SECURE}' + - 'SMTP_NAME=${SMTP_NAME}' + healthcheck: + disable: true + redis: + image: 'redis:alpine' + environment: + - 'REDIS_PASSWORD=${SERVICE_PASSWORD_64_REDIS}' + command: + - redis-server + - '--requirepass' + - '${SERVICE_PASSWORD_64_REDIS}' + healthcheck: + test: + - CMD + - redis-cli + - '-a' + - '${SERVICE_PASSWORD_64_REDIS}' + - PING + interval: 10s + timeout: 30s + retries: 3 + postgres: + image: 'postgres:12-alpine' + volumes: + - 'database-data:/var/lib/postgresql/data' + environment: + - 'POSTGRES_USER=${SERVICE_USER_POSTGRES}' + - 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_64_POSTGRES}' + - 'POSTGRES_DB=${POSTGRES_DATABASE:-outline}' + healthcheck: + test: + - CMD + - pg_isready + - '-U' + - '${SERVICE_USER_POSTGRES}' + - '-d' + - '${POSTGRES_DATABASE:-outline}' + interval: 30s + timeout: 20s + retries: 3 + diff --git a/stacks/lail-apps/paheko/config.local.php b/stacks/lail-apps/paheko/config.local.php new file mode 100644 index 0000000..0615091 --- /dev/null +++ b/stacks/lail-apps/paheko/config.local.php @@ -0,0 +1,119 @@ + 'read', 'accounting' => 'read']; + +// ----------------------------------------------------------------------- +// SMTP +// ----------------------------------------------------------------------- + +// Hôte SMTP (null = utiliser la fonction mail() de PHP) +const SMTP_HOST = getenv('PAHEKO_SMTP_HOST') ?: null; + +// Port SMTP (587 = STARTTLS, 465 = SSL) +const SMTP_PORT = getenv('PAHEKO_SMTP_PORT') ? (int) getenv('PAHEKO_SMTP_PORT') : 587; + +// Utilisateur SMTP +const SMTP_USER = getenv('PAHEKO_SMTP_USER') ?: null; + +// Mot de passe SMTP +const SMTP_PASSWORD = getenv('PAHEKO_SMTP_PASSWORD') ?: null; + +// Sécurité SMTP : NONE, SSL, TLS, STARTTLS +const SMTP_SECURITY = getenv('PAHEKO_SMTP_SECURITY') ?: 'STARTTLS'; + +// Nom d'hôte HELO SMTP +const SMTP_HELO_HOSTNAME = getenv('PAHEKO_SMTP_HELO_HOSTNAME') ?: null; + +// Adresse expéditrice forcée (Return-Path / MAIL FROM) +// Utile pour héberger plusieurs assos sur le même serveur mail +const MAIL_RETURN_PATH = getenv('PAHEKO_MAIL_RETURN_PATH') ?: null; + +// Adresse From forcée (les réponses iront en Reply-To à l'adresse de l'asso) +const MAIL_SENDER = getenv('PAHEKO_MAIL_SENDER') ?: null; + +// ----------------------------------------------------------------------- +// STOCKAGE ET DONNÉES +// ----------------------------------------------------------------------- + +// Répertoire des données (base SQLite, sauvegardes, cache) +// Doit correspondre au volume monté dans Docker +const DATA_ROOT = '/var/www/paheko/data'; + +// ----------------------------------------------------------------------- +// INTÉGRATION COLLABORA (optionnel) +// ----------------------------------------------------------------------- + +// URL de découverte Collabora pour l'édition de documents en ligne +// Pointer vers votre instance Collabora +const WOPI_DISCOVERY_URL = getenv('PAHEKO_WOPI_DISCOVERY_URL') ?: null; + +// Outils de conversion (si Collabora est disponible) +const CONVERSION_TOOLS = ['collabora']; + +// ----------------------------------------------------------------------- +// API (optionnel) +// ----------------------------------------------------------------------- + +// Accès API système (accès total en écriture) +const API_USER = getenv('PAHEKO_API_USER') ?: null; +const API_PASSWORD = getenv('PAHEKO_API_PASSWORD') ?: null; + +// ----------------------------------------------------------------------- +// HÉBERGEMENT +// ----------------------------------------------------------------------- + +// Mentions légales affichées en bas de la page légale +const LEGAL_HOSTING_DETAILS = getenv('PAHEKO_LEGAL_HOSTING_DETAILS'); + +// Désactiver le ping de télémétrie à l'installation/mise à jour +const DISABLE_INSTALL_PING = true; + +// Désactiver les mises à jour automatiques depuis fossil.kd2.org +// (les mises à jour se font via Docker) +const ENABLE_UPGRADES = false; + +// Command line to use mupdf to generate thumbnails +const DOCUMENT_THUMBNAIL_COMMANDS = ['mupdf']; +// Command line to use chromium to generate PDF documents +const PDF_COMMAND = 'chromium --no-sandbox --headless --disable-dev-shm-usage --autoplay-policy=no-user-gesture-required --no-first-run --disable-gpu --disable-features=DefaultPassthroughCommandDecoder --use-fake-ui-for-media-stream --use-fake-device-for-media-stream --disable-sync --print-to-pdf=%2$s %1$s'; +// I moved plugins outside of /var/www/paheko/data (could be standard with 1.4) +const PLUGINS_ROOT = '/var/www/paheko/plugins'; \ No newline at end of file diff --git a/stacks/lail-apps/paheko/docker-compose.yml b/stacks/lail-apps/paheko/docker-compose.yml new file mode 100644 index 0000000..dc625d2 --- /dev/null +++ b/stacks/lail-apps/paheko/docker-compose.yml @@ -0,0 +1,11 @@ +services: + paheko: + image: bololo/paheko:latest + restart: unless-stopped + volumes: + - ./config.local.php:/var/www/paheko/config.local.php:ro + - /data/lail-apps/lail-paheko/data:/var/www/paheko/data + - /data/lail-apps/lail-paheko/plugins:/var/www/paheko/plugins + +volumes: + paheko-data: \ No newline at end of file