lail/infra-coolify
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: first stacks

Browse source
This commit is contained in:
grubshka 2026-04-03 17:37:48 +02:00
commit c15ad05c01
6 changed files with 337 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
stacks/lail-apps/collabora/README.md Normal file
View file

@ -0,0 +1,22 @@
# Déploiement de l'application Collabora CODE
Pour le moment, l'application a été déployée via une image Docker, il faudra la migrer sur un docker-compose complet.
## Configuration
- Domaine : `https://collabora1.apps.lopin.lail.cloud`
- Docker image: `collabora/code`
- Ports exposes: `9980`
- Custom Docker Options : `--cap-add SYS_ADMIN --device=/dev/fuse --security-opt apparmor:unconfined --ulimit nofile=1024:1024`
- Variable d'environnements
```
aliasgroup1=z.lail.cloud|a.lail.cloud
server_name=collabora1.apps.lopin.lail.cloud
ssl.enable=false
ssl.termination=true
extra_params=--o:ssl.enable=false --o:ssl.termination=true
```
## Configuration de Nextcloud
TODO

52
stacks/lail-apps/forgejo/docker-compose.yml Normal file
View file

@ -0,0 +1,52 @@
services:
forgejo:
image: 'codeberg.org/forgejo/forgejo:8'
environment:
- SERVICE_URL_FORGEJO_3000
- 'FORGEJO__server__ROOT_URL=${SERVICE_URL_FORGEJO}'
- 'FORGEJO__migrations__ALLOWED_DOMAINS=${FORGEJO__migrations__ALLOWED_DOMAINS}'
- 'FORGEJO__migrations__ALLOW_LOCALNETWORKS=${FORGEJO__migrations__ALLOW_LOCALNETWORKS-false}'
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=postgresql
- 'FORGEJO__database__NAME=${POSTGRESQL_DATABASE-forgejo}'
- FORGEJO__database__USER=$SERVICE_USER_POSTGRESQL
- FORGEJO__database__PASSWD=$SERVICE_PASSWORD_POSTGRESQL
- FORGEJO__service__DISABLE_REGISTRATION=false
- FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
- FORGEJO__service__SHOW_REGISTRATION_BUTTON=false
- FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION=true
volumes:
- '/data/lail-apps/lail-forgejo:/data'
- 'forgejo-timezone:/etc/timezone:ro'
- 'forgejo-localtime:/etc/localtime:ro'
ports:
- '22222:22'
depends_on:
postgresql:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:3000'
interval: 2s
timeout: 10s
retries: 15
postgresql:
image: 'postgres:16-alpine'
volumes:
- 'forgejo-postgresql-data:/var/lib/postgresql/data'
environment:
- 'POSTGRES_USER=${SERVICE_USER_POSTGRESQL}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}'
- 'POSTGRES_DB=${POSTGRESQL_DATABASE}'
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
interval: 5s
timeout: 20s
retries: 10

25
stacks/lail-apps/outline/README.md Normal file
View file

@ -0,0 +1,25 @@
# Application Outline
## Configuration
- URL du container outline : https://wiki.lail.cloud:3000
- Variables d'environnement :
```
OIDC_USERINFO_URI=https://sso.lail.cloud/application/o/userinfo/
OIDC_LOGOUT_URI=https://sso.lail.cloud/application/o/lail-outline/end-session/
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Authentik
OIDC_SCOPES=openid profile email
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=
OIDC_CLIENT_ID=[protected]
OIDC_CLIENT_SECRET=[protected]
OIDC_AUTH_URI=https://sso.lail.cloud/application/o/authorize/
OIDC_TOKEN_URI=https://sso.lail.cloud/application/o/token/
SMTP_REPLY_EMAIL=
SMTP_TLS_CIPHERS=
SMTP_SECURE=
SMTP_NAME=
```

108
stacks/lail-apps/outline/docker-compose.yml Normal file
View file

@ -0,0 +1,108 @@
services:
outline:
image: 'docker.getoutline.com/outlinewiki/outline:latest'
volumes:
- '/data/lail-apps/lail-outline:/var/lib/outline/data'
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_URL_OUTLINE_3000
- NODE_ENV=production
- 'SECRET_KEY=${SERVICE_HEX_32_OUTLINE}'
- 'UTILS_SECRET=${SERVICE_PASSWORD_64_OUTLINE}'
- 'DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_64_POSTGRES}@postgres:5432/${POSTGRES_DATABASE:-outline}'
- 'REDIS_URL=redis://:${SERVICE_PASSWORD_64_REDIS}@redis:6379'
- 'URL=${SERVICE_URL_OUTLINE}'
- 'PORT=${OUTLINE_PORT:-3000}'
- 'FILE_STORAGE=${FILE_STORAGE:-local}'
- 'FILE_STORAGE_LOCAL_ROOT_DIR=${FILE_STORAGE_LOCAL_ROOT_DIR:-/var/lib/outline/data}'
- 'FILE_STORAGE_UPLOAD_MAX_SIZE=${FILE_STORAGE_UPLOAD_MAX_SIZE:-2000}'
- 'FILE_STORAGE_IMPORT_MAX_SIZE=${FILE_STORAGE_IMPORT_MAX_SIZE:-100}'
- 'FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=${FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE}'
- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'
- 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'
- 'AWS_REGION=${AWS_REGION}'
- 'AWS_S3_ACCELERATE_URL=${AWS_S3_ACCELERATE_URL}'
- 'AWS_S3_UPLOAD_BUCKET_URL=${AWS_S3_UPLOAD_BUCKET_URL}'
- 'AWS_S3_UPLOAD_BUCKET_NAME=${AWS_S3_UPLOAD_BUCKET_NAME}'
- 'AWS_S3_FORCE_PATH_STYLE=${AWS_S3_FORCE_PATH_STYLE:-true}'
- 'AWS_S3_ACL=${AWS_S3_ACL:-private}'
- 'SLACK_CLIENT_ID=${SLACK_CLIENT_ID}'
- 'SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}'
- 'GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}'
- 'GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}'
- 'AZURE_CLIENT_ID=${AZURE_CLIENT_ID}'
- 'AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}'
- 'AZURE_RESOURCE_APP_ID=${AZURE_RESOURCE_APP_ID}'
- 'OIDC_CLIENT_ID=${OIDC_CLIENT_ID}'
- 'OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}'
- 'OIDC_AUTH_URI=${OIDC_AUTH_URI}'
- 'OIDC_TOKEN_URI=${OIDC_TOKEN_URI}'
- 'OIDC_USERINFO_URI=${OIDC_USERINFO_URI}'
- 'OIDC_LOGOUT_URI=${OIDC_LOGOUT_URI}'
- 'OIDC_USERNAME_CLAIM=${OIDC_USERNAME_CLAIM}'
- 'OIDC_DISPLAY_NAME=${OIDC_DISPLAY_NAME}'
- 'OIDC_SCOPES=${OIDC_SCOPES}'
- 'GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}'
- 'GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}'
- 'GITHUB_APP_NAME=${GITHUB_APP_NAME}'
- 'GITHUB_APP_ID=${GITHUB_APP_ID}'
- 'GITHUB_APP_PRIVATE_KEY=${GITHUB_APP_PRIVATE_KEY}'
- 'DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}'
- 'DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}'
- 'DISCORD_SERVER_ID=${DISCORD_SERVER_ID}'
- 'DISCORD_SERVER_ROLES=${DISCORD_SERVER_ROLES}'
- 'PGSSLMODE=${PGSSLMODE:-disable}'
- 'FORCE_HTTPS=${FORCE_HTTPS:-true}'
- 'SMTP_HOST=${SMTP_HOST}'
- 'SMTP_PORT=${SMTP_PORT}'
- 'SMTP_USERNAME=${SMTP_USERNAME}'
- 'SMTP_PASSWORD=${SMTP_PASSWORD}'
- 'SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL}'
- 'SMTP_REPLY_EMAIL=${SMTP_REPLY_EMAIL}'
- 'SMTP_TLS_CIPHERS=${SMTP_TLS_CIPHERS}'
- 'SMTP_SECURE=${SMTP_SECURE}'
- 'SMTP_NAME=${SMTP_NAME}'
healthcheck:
disable: true
redis:
image: 'redis:alpine'
environment:
- 'REDIS_PASSWORD=${SERVICE_PASSWORD_64_REDIS}'
command:
- redis-server
- '--requirepass'
- '${SERVICE_PASSWORD_64_REDIS}'
healthcheck:
test:
- CMD
- redis-cli
- '-a'
- '${SERVICE_PASSWORD_64_REDIS}'
- PING
interval: 10s
timeout: 30s
retries: 3
postgres:
image: 'postgres:12-alpine'
volumes:
- 'database-data:/var/lib/postgresql/data'
environment:
- 'POSTGRES_USER=${SERVICE_USER_POSTGRES}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_64_POSTGRES}'
- 'POSTGRES_DB=${POSTGRES_DATABASE:-outline}'
healthcheck:
test:
- CMD
- pg_isready
- '-U'
- '${SERVICE_USER_POSTGRES}'
- '-d'
- '${POSTGRES_DATABASE:-outline}'
interval: 30s
timeout: 20s
retries: 3

119
stacks/lail-apps/paheko/config.local.php Normal file
View file

@ -0,0 +1,119 @@
<?php
namespace Paheko;
// -----------------------------------------------------------------------
// SÉCURITÉ
// -----------------------------------------------------------------------
// Clé secrète anti-CSRF - générée automatiquement par Paheko si absente
// const SECRET_KEY = '...';
// Désactiver les détails d'erreur en production
const SHOW_ERRORS = false;
// Mode journal SQLite - WAL est plus rapide (ok si pas de NFS)
const SQLITE_JOURNAL_MODE = 'WAL';
// -----------------------------------------------------------------------
// SSO / OIDC
// -----------------------------------------------------------------------
// Libellé du bouton de connexion SSO
// Si null : redirection automatique vers le SSO (pas de bouton affiché)
const OIDC_CLIENT_BUTTON = getenv('PAHEKO_OIDC_CLIENT_BUTTON') ?: 'Se connecter avec le SSO LAIL';
// URL de découverte du fournisseur OIDC (Authentik)
// Exemple : https://sso.lail.cloud/application/o/paheko/
const OIDC_CLIENT_URL = getenv('PAHEKO_OIDC_CLIENT_URL') ?: null;
// Client ID fourni par Authentik
const OIDC_CLIENT_ID = getenv('PAHEKO_OIDC_CLIENT_ID') ?: null;
// Secret client fourni par Authentik
const OIDC_CLIENT_SECRET = getenv('PAHEKO_OIDC_CLIENT_SECRET') ?: null;
// Faire correspondre l'email SSO avec un membre existant dans Paheko
// true = l'utilisateur SSO doit exister comme membre dans Paheko
// false = tout utilisateur SSO est accepté (avec les droits de OIDC_CLIENT_DEFAULT_PERMISSIONS)
const OIDC_CLIENT_MATCH_EMAIL = true;
// Droits accordés si OIDC_CLIENT_MATCH_EMAIL = false (ignoré sinon)
// const OIDC_CLIENT_DEFAULT_PERMISSIONS = ['users' => 'read', 'accounting' => 'read'];
// -----------------------------------------------------------------------
// SMTP
// -----------------------------------------------------------------------
// Hôte SMTP (null = utiliser la fonction mail() de PHP)
const SMTP_HOST = getenv('PAHEKO_SMTP_HOST') ?: null;
// Port SMTP (587 = STARTTLS, 465 = SSL)
const SMTP_PORT = getenv('PAHEKO_SMTP_PORT') ? (int) getenv('PAHEKO_SMTP_PORT') : 587;
// Utilisateur SMTP
const SMTP_USER = getenv('PAHEKO_SMTP_USER') ?: null;
// Mot de passe SMTP
const SMTP_PASSWORD = getenv('PAHEKO_SMTP_PASSWORD') ?: null;
// Sécurité SMTP : NONE, SSL, TLS, STARTTLS
const SMTP_SECURITY = getenv('PAHEKO_SMTP_SECURITY') ?: 'STARTTLS';
// Nom d'hôte HELO SMTP
const SMTP_HELO_HOSTNAME = getenv('PAHEKO_SMTP_HELO_HOSTNAME') ?: null;
// Adresse expéditrice forcée (Return-Path / MAIL FROM)
// Utile pour héberger plusieurs assos sur le même serveur mail
const MAIL_RETURN_PATH = getenv('PAHEKO_MAIL_RETURN_PATH') ?: null;
// Adresse From forcée (les réponses iront en Reply-To à l'adresse de l'asso)
const MAIL_SENDER = getenv('PAHEKO_MAIL_SENDER') ?: null;
// -----------------------------------------------------------------------
// STOCKAGE ET DONNÉES
// -----------------------------------------------------------------------
// Répertoire des données (base SQLite, sauvegardes, cache)
// Doit correspondre au volume monté dans Docker
const DATA_ROOT = '/var/www/paheko/data';
// -----------------------------------------------------------------------
// INTÉGRATION COLLABORA (optionnel)
// -----------------------------------------------------------------------
// URL de découverte Collabora pour l'édition de documents en ligne
// Pointer vers votre instance Collabora
const WOPI_DISCOVERY_URL = getenv('PAHEKO_WOPI_DISCOVERY_URL') ?: null;
// Outils de conversion (si Collabora est disponible)
const CONVERSION_TOOLS = ['collabora'];
// -----------------------------------------------------------------------
// API (optionnel)
// -----------------------------------------------------------------------
// Accès API système (accès total en écriture)
const API_USER = getenv('PAHEKO_API_USER') ?: null;
const API_PASSWORD = getenv('PAHEKO_API_PASSWORD') ?: null;
// -----------------------------------------------------------------------
// HÉBERGEMENT
// -----------------------------------------------------------------------
// Mentions légales affichées en bas de la page légale
const LEGAL_HOSTING_DETAILS = getenv('PAHEKO_LEGAL_HOSTING_DETAILS');
// Désactiver le ping de télémétrie à l'installation/mise à jour
const DISABLE_INSTALL_PING = true;
// Désactiver les mises à jour automatiques depuis fossil.kd2.org
// (les mises à jour se font via Docker)
const ENABLE_UPGRADES = false;
// Command line to use mupdf to generate thumbnails
const DOCUMENT_THUMBNAIL_COMMANDS = ['mupdf'];
// Command line to use chromium to generate PDF documents
const PDF_COMMAND = 'chromium --no-sandbox --headless --disable-dev-shm-usage --autoplay-policy=no-user-gesture-required --no-first-run --disable-gpu --disable-features=DefaultPassthroughCommandDecoder --use-fake-ui-for-media-stream --use-fake-device-for-media-stream --disable-sync --print-to-pdf=%2$s %1$s';
// I moved plugins outside of /var/www/paheko/data (could be standard with 1.4)
const PLUGINS_ROOT = '/var/www/paheko/plugins';

11
stacks/lail-apps/paheko/docker-compose.yml Normal file
View file

@ -0,0 +1,11 @@
services:
paheko:
image: bololo/paheko:latest
restart: unless-stopped
volumes:
- ./config.local.php:/var/www/paheko/config.local.php:ro
- /data/lail-apps/lail-paheko/data:/var/www/paheko/data
- /data/lail-apps/lail-paheko/plugins:/var/www/paheko/plugins
volumes:
paheko-data: