diff --git a/.paasify/plugins/_paasify.jsonnet b/.paasify/plugins/_paasify.jsonnet index 3055d7e..d30d830 100644 --- a/.paasify/plugins/_paasify.jsonnet +++ b/.paasify/plugins/_paasify.jsonnet @@ -111,6 +111,7 @@ local global_vars_default(runtime) = app_puid: '1000', app_pgid: '1000', + app_lang: 'en_US', app_tz: 'UTC', app_tz_var: 'TZ', app_tz_mount: false, @@ -134,14 +135,16 @@ local global_vars_default(runtime) = app_user_email: 'user@' + self.app_domain, app_user_passwd: 'user', - # Other implementations standard: - # mysql_network_name - # pgsql_network_name - # ldap_network_name - # wireguard_network_name - # traefik_network_name - # Like: - # traefik_network_name: ns + sep + 'traefik', + # Generic networks + net_vpn: runtime.paasify_ns + runtime.paasify_sep + 'vpn', + net_proxy: runtime.paasify_ns + runtime.paasify_sep + 'proxy', + net_ldap: runtime.paasify_ns + runtime.paasify_sep + 'ldap', + net_sql: runtime.paasify_ns + runtime.paasify_sep + 'sql', + net_nosql: runtime.paasify_ns + runtime.paasify_sep + 'nosql', + net_queue: runtime.paasify_ns + runtime.paasify_sep + 'queue', + net_ostorage: runtime.paasify_ns + runtime.paasify_sep + 'ostorage', # Object storage + net_fstorage: runtime.paasify_ns + runtime.paasify_sep + 'fstorage', # File storage + net_bstorage: runtime.paasify_ns + runtime.paasify_sep + 'bstorage', # Block storage #FUTURE app_dir_prefix: std.get(user_data, 'app_dir_prefix', './') # app_dir_logs: ResolvePath(std.get(user_data, 'app_dir_logs', './logs/'), cwd), diff --git a/authelia/docker-compose.expose.yml b/authelia/docker-compose.expose.yml index 78f3c1e..d1903aa 100644 --- a/authelia/docker-compose.expose.yml +++ b/authelia/docker-compose.expose.yml @@ -1,4 +1,4 @@ services: authelia: expose: - - ${APP_EXPOSE_IP}:${APP_EXPOSE_PORT:-9091}:9091 + - ${app_expose_ip}:${app_expose_port:-9091}:9091 diff --git a/authelia/docker-compose.yml b/authelia/docker-compose.yml index 1f63bfa..fc290f4 100644 --- a/authelia/docker-compose.yml +++ b/authelia/docker-compose.yml @@ -23,9 +23,9 @@ services: #- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' #- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' # yamllint disable-line rule:line-length # - - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.trustForwardHeader=true' - - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${APP_DOMAIN}' - - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length + - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}' + - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length healthcheck: disable: true environment: @@ -38,10 +38,10 @@ services: # MISC - #- AUTHELIA_DEFAULT_REDICTION_URL=${APP_DOMAIN} - - AUTHELIA_DEFAULT_REDIRECTION_URL=https://${APP_DOMAIN} - - AUTHELIA_SESSION_DOMAIN=${APP_TOP_DOMAIN} - #- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${APP_TOP_DOMAIN} + #- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn} + - AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn} + - AUTHELIA_SESSION_DOMAIN=${app_domain} + #- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain} # LDAP configuration # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true diff --git a/ldap-account-manager/docker-compose.yml b/ldap-account-manager/docker-compose.yml index 16d9765..0b0b96a 100644 --- a/ldap-account-manager/docker-compose.yml +++ b/ldap-account-manager/docker-compose.yml @@ -8,16 +8,16 @@ services: - "9999:80" volumes: - ###- ./lametc/:/etc/ldap-account-manager - - ./lamconfig/:/var/lib/ldap-account-manager/config - - ./lamsession/:/var/lib/ldap-account-manager/sess + ###- $app_dir_conf:/etc/ldap-account-manager + - $app_dir_conf:/var/lib/ldap-account-manager/config + - $app_dir_conf/sess:/var/lib/ldap-account-manager/sess environment: - - LAM_PASSWORD=${LAM_PASSWORD} - - LAM_LANG=en_US - - LDAP_SERVER=${LDAP_SERVER} - - LDAP_DOMAIN=${LDAP_DOMAIN} - - LDAP_BASE_DN=${LDAP_BASE_DN} - - ADMIN_USER=cn=admin,${LDAP_BASE_DN} + - LAM_PASSWORD=${ldap_admin_bind_passwd} + - LAM_LANG=${app_lang} + - LDAP_SERVER=${ldap_uri_server} + - LDAP_DOMAIN=${ldap_domain} + - LDAP_BASE_DN=${ldap_base_dn} + - ADMIN_USER=${ldap_admin_bind_dn} - DEBUG=true diff --git a/ldap-user-manager/TMP_DISABLED_docker-compose.traefik.yml b/ldap-user-manager/TMP_DISABLED_docker-compose.traefik.yml index e40d6a2..e89343c 100644 --- a/ldap-user-manager/TMP_DISABLED_docker-compose.traefik.yml +++ b/ldap-user-manager/TMP_DISABLED_docker-compose.traefik.yml @@ -1,7 +1,7 @@ networks: proxy: external: true - name: ${APP_PROXY_NETWORK} + name: ${net_proxy} services: @@ -10,8 +10,8 @@ services: labels: traefik.enable: "true" traefik.http.routers.lum.entrypoints: front-http,front-https - traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`) + traefik.http.routers.lum.rule: Host(`lum.$app_domain`) traefik.http.routers.lum.service: lum traefik.http.routers.lum.tls: "true" - traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV + traefik.http.routers.lum.tls.certresolver: $traefik_svc_certresolver traefik.http.services.lum.loadbalancer.server.port: '80' diff --git a/ldap-user-manager/docker-compose.yml b/ldap-user-manager/docker-compose.yml index 283784d..0ffac26 100644 --- a/ldap-user-manager/docker-compose.yml +++ b/ldap-user-manager/docker-compose.yml @@ -1,29 +1,18 @@ version: "3.7" -#networks: -# ldap: -# external: true -# name: ${APP_LDAP_NETWORK} - services: lum: image: wheelybird/ldap-user-manager:latest - #restart: always - - #networks: - # ldap: - environment: - - "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN" - - "LDAP_URI=$LDAP_SERVER_URI" - - "LDAP_BASE_DN=$LDAP_BASE_DN" + - "SERVER_HOSTNAME=lum.$app_domain" + - "LDAP_URI=$ldap_uri" + - "LDAP_BASE_DN=$ldap_base_dn" - "LDAP_ADMINS_GROUP=admins" - - "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN" - - "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD" - #- "LDAP_ADMIN_BIND_PWD=admin" + - "LDAP_ADMIN_BIND_DN=$ldap_admin_bind_dn" + - "LDAP_ADMIN_BIND_PWD=$ldap_admin_bind_passwd" - "LDAP_IGNORE_CERT_ERRORS=true" - - "NO_HTTPS=true" + - "NO_HTTPS=true" # Tofix, we can't use: ldap_tls here ... - "ACCEPT_WEAK_PASSWORDS=true" # MrJK Tweaking diff --git a/librespeed/docker-compose.expose.yml b/librespeed/docker-compose.expose.yml index a4aa431..c0b76ea 100644 --- a/librespeed/docker-compose.expose.yml +++ b/librespeed/docker-compose.expose.yml @@ -1,6 +1,6 @@ services: librespeed: ports: - #- ${APP_EXPOSE_PORT:-80}:80 - - ${APP_EXPOSE_IP:-0.0.0.0}:${APP_EXPOSE_PORT:-80}:80 + #- ${app_expose_port:-80}:80 + - ${app_expose_ip:-0.0.0.0}:${app_expose_port:-80}:80 diff --git a/minio/docker-compose.ldap.yml b/minio/docker-compose.ldap.yml index fbbc44f..6774688 100644 --- a/minio/docker-compose.ldap.yml +++ b/minio/docker-compose.ldap.yml @@ -1,7 +1,7 @@ networks: ldap: - name: ${APP_LDAP_NETWORK:-s3} + name: ${net_ldap:-s3} services: minio: diff --git a/minio/docker-compose.traefik.yml b/minio/docker-compose.traefik.yml index 500f382..35e5e92 100644 --- a/minio/docker-compose.traefik.yml +++ b/minio/docker-compose.traefik.yml @@ -2,7 +2,7 @@ networks: front: external: true - name: ${APP_PROXY_NETWORK:-traefik} + name: ${net_proxy:-traefik} services: minio: diff --git a/minio/docker-compose.yml b/minio/docker-compose.yml index f40a62f..cf8f809 100644 --- a/minio/docker-compose.yml +++ b/minio/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.9" networks: default: - name: ${APP_S3_NETWORK:-s3} + name: ${net_ostorage:-s3} services: diff --git a/openldap/docker-compose.lemon-ldap.yml b/openldap/docker-compose.lemon-ldap.yml index 1b74f08..0fa3bd3 100644 --- a/openldap/docker-compose.lemon-ldap.yml +++ b/openldap/docker-compose.lemon-ldap.yml @@ -17,20 +17,20 @@ services: - ./lemonldap-logs:/var/log/nginx environment: - - SSODOMAIN=$APP_TOP_DOMAIN - - PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN - - MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN - - HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN - - TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN - - TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN + - SSODOMAIN=$app_domain + - PORTAL_HOSTNAME=auth.$app_domain + - MANAGER_HOSTNAME=lemon.$app_domain + - HANDLER_HOSTNAME=handler.$app_domain + - TEST1_HOSTNAME=mytest1.$app_domain + - TEST2_HOSTNAME=mytest2.$app_domain - LOGLEVEL=debug labels: traefik.enable: "true" traefik.http.routers.lemon.entrypoints: front-http,front-https - #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`) - traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`) - #traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`) + #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$app_domain`) + traefik.http.routers.lemon.rule: Host(`auth.$app_domain`,`lemon.$app_domain`,`handler.$app_domain`) + #traefik.http.routers.lemon.rule: Host(`lemon.$app_domain`) traefik.http.routers.lemon.service: lemon traefik.http.routers.lemon.tls: "true" - traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV + traefik.http.routers.lemon.tls.certresolver: $traefik_svc_certresolver traefik.http.services.lemon.loadbalancer.server.port: '80' diff --git a/openldap/docker-compose.self-service.yml b/openldap/docker-compose.self-service.yml index 806ea20..89f3e87 100644 --- a/openldap/docker-compose.self-service.yml +++ b/openldap/docker-compose.self-service.yml @@ -1,7 +1,7 @@ networks: proxy: - name: ${APP_PROXY_NETWORK} + name: ${net_proxy} services: @@ -18,11 +18,11 @@ services: labels: traefik.enable: "true" traefik.http.routers.selfserve.entrypoints: front-http,front-https - #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`) - traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`) - #traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`) + #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$app_domain`) + traefik.http.routers.selfserve.rule: Host(`self.$app_domain`) + #traefik.http.routers.selfserve.rule: Host(`selfserve.$app_domain`) traefik.http.routers.selfserve.service: selfserve traefik.http.routers.selfserve.tls: "true" - traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV + traefik.http.routers.selfserve.tls.certresolver: $traefik_svc_certresolver traefik.http.services.selfserve.loadbalancer.server.port: '80' diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml index 7d56130..2f89948 100644 --- a/openldap/docker-compose.yml +++ b/openldap/docker-compose.yml @@ -1,8 +1,8 @@ version: "3.9" -networks: - default: - name: ${app_network_name} +#networks: +# default: +# name: ${app_network_name} services: @@ -13,14 +13,15 @@ services: default: aliases: - ldap + - $ldap_uri_server environment: - - "LDAP_ORGANISATION=$LDAP_ORGANISATION" - - "LDAP_DOMAIN=$LDAP_DOMAIN" - - "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD" + - "LDAP_ORGANISATION=${ldap_domain:-$app_fqdn}" + - "LDAP_DOMAIN=${ldap_domain:-$app_fqdn}" + - "LDAP_ADMIN_PASSWORD=$ldap_admin_bind_passwd" - "LDAP_RFC2307BIS_SCHEMA=true" - "LDAP_REMOVE_CONFIG_AFTER_SETUP=true" - "LDAP_TLS_VERIFY_CLIENT=never" - - "LDAP_TLS=false" + - "LDAP_TLS=${ldap_tls:-false}" volumes: - $app_dir_conf:/etc/ldap/slapd.d - $app_dir_data:/var/lib/ldap diff --git a/traefik/docker-compose.letsencrypt.yml b/traefik/docker-compose.letsencrypt.yml index 9f82080..5a6f40b 100644 --- a/traefik/docker-compose.letsencrypt.yml +++ b/traefik/docker-compose.letsencrypt.yml @@ -6,13 +6,13 @@ services: environment: # Custom ACME certificates - - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true - - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL} - - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json - - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true - - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER} - #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10 - #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53" + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}=true + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_EMAIL=${app_admin_email} + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_STORAGE=/data/acme-${traefik_svc_certresolver}.json + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE=true + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_PROVIDER} + #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10 + #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53" # ACME credentials for ovh-eu # - OVH_ENDPOINT=ovh-eu