Update: alpha2
This commit is contained in:
parent
56f3eaa797
commit
79611b022d
@ -111,6 +111,7 @@ local global_vars_default(runtime) =
|
|||||||
app_puid: '1000',
|
app_puid: '1000',
|
||||||
app_pgid: '1000',
|
app_pgid: '1000',
|
||||||
|
|
||||||
|
app_lang: 'en_US',
|
||||||
app_tz: 'UTC',
|
app_tz: 'UTC',
|
||||||
app_tz_var: 'TZ',
|
app_tz_var: 'TZ',
|
||||||
app_tz_mount: false,
|
app_tz_mount: false,
|
||||||
@ -134,14 +135,16 @@ local global_vars_default(runtime) =
|
|||||||
app_user_email: 'user@' + self.app_domain,
|
app_user_email: 'user@' + self.app_domain,
|
||||||
app_user_passwd: 'user',
|
app_user_passwd: 'user',
|
||||||
|
|
||||||
# Other implementations standard:
|
# Generic networks
|
||||||
# mysql_network_name
|
net_vpn: runtime.paasify_ns + runtime.paasify_sep + 'vpn',
|
||||||
# pgsql_network_name
|
net_proxy: runtime.paasify_ns + runtime.paasify_sep + 'proxy',
|
||||||
# ldap_network_name
|
net_ldap: runtime.paasify_ns + runtime.paasify_sep + 'ldap',
|
||||||
# wireguard_network_name
|
net_sql: runtime.paasify_ns + runtime.paasify_sep + 'sql',
|
||||||
# traefik_network_name
|
net_nosql: runtime.paasify_ns + runtime.paasify_sep + 'nosql',
|
||||||
# Like:
|
net_queue: runtime.paasify_ns + runtime.paasify_sep + 'queue',
|
||||||
# traefik_network_name: ns + sep + 'traefik',
|
net_ostorage: runtime.paasify_ns + runtime.paasify_sep + 'ostorage', # Object storage
|
||||||
|
net_fstorage: runtime.paasify_ns + runtime.paasify_sep + 'fstorage', # File storage
|
||||||
|
net_bstorage: runtime.paasify_ns + runtime.paasify_sep + 'bstorage', # Block storage
|
||||||
|
|
||||||
#FUTURE app_dir_prefix: std.get(user_data, 'app_dir_prefix', './')
|
#FUTURE app_dir_prefix: std.get(user_data, 'app_dir_prefix', './')
|
||||||
# app_dir_logs: ResolvePath(std.get(user_data, 'app_dir_logs', './logs/'), cwd),
|
# app_dir_logs: ResolvePath(std.get(user_data, 'app_dir_logs', './logs/'), cwd),
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
services:
|
services:
|
||||||
authelia:
|
authelia:
|
||||||
expose:
|
expose:
|
||||||
- ${APP_EXPOSE_IP}:${APP_EXPOSE_PORT:-9091}:9091
|
- ${app_expose_ip}:${app_expose_port:-9091}:9091
|
||||||
|
|||||||
@ -23,9 +23,9 @@ services:
|
|||||||
#- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
|
#- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
|
||||||
#- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' # yamllint disable-line rule:line-length
|
#- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' # yamllint disable-line rule:line-length
|
||||||
#
|
#
|
||||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.trustForwardHeader=true'
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true'
|
||||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${APP_DOMAIN}'
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}'
|
||||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
||||||
healthcheck:
|
healthcheck:
|
||||||
disable: true
|
disable: true
|
||||||
environment:
|
environment:
|
||||||
@ -38,10 +38,10 @@ services:
|
|||||||
|
|
||||||
|
|
||||||
# MISC
|
# MISC
|
||||||
#- AUTHELIA_DEFAULT_REDICTION_URL=${APP_DOMAIN}
|
#- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn}
|
||||||
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${APP_DOMAIN}
|
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn}
|
||||||
- AUTHELIA_SESSION_DOMAIN=${APP_TOP_DOMAIN}
|
- AUTHELIA_SESSION_DOMAIN=${app_domain}
|
||||||
#- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${APP_TOP_DOMAIN}
|
#- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain}
|
||||||
|
|
||||||
# LDAP configuration
|
# LDAP configuration
|
||||||
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true
|
||||||
|
|||||||
@ -8,16 +8,16 @@ services:
|
|||||||
- "9999:80"
|
- "9999:80"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
###- ./lametc/:/etc/ldap-account-manager
|
###- $app_dir_conf:/etc/ldap-account-manager
|
||||||
- ./lamconfig/:/var/lib/ldap-account-manager/config
|
- $app_dir_conf:/var/lib/ldap-account-manager/config
|
||||||
- ./lamsession/:/var/lib/ldap-account-manager/sess
|
- $app_dir_conf/sess:/var/lib/ldap-account-manager/sess
|
||||||
|
|
||||||
environment:
|
environment:
|
||||||
- LAM_PASSWORD=${LAM_PASSWORD}
|
- LAM_PASSWORD=${ldap_admin_bind_passwd}
|
||||||
- LAM_LANG=en_US
|
- LAM_LANG=${app_lang}
|
||||||
- LDAP_SERVER=${LDAP_SERVER}
|
- LDAP_SERVER=${ldap_uri_server}
|
||||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
- LDAP_DOMAIN=${ldap_domain}
|
||||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
- LDAP_BASE_DN=${ldap_base_dn}
|
||||||
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
- ADMIN_USER=${ldap_admin_bind_dn}
|
||||||
- DEBUG=true
|
- DEBUG=true
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
name: ${APP_PROXY_NETWORK}
|
name: ${net_proxy}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
@ -10,8 +10,8 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.lum.entrypoints: front-http,front-https
|
traefik.http.routers.lum.entrypoints: front-http,front-https
|
||||||
traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`)
|
traefik.http.routers.lum.rule: Host(`lum.$app_domain`)
|
||||||
traefik.http.routers.lum.service: lum
|
traefik.http.routers.lum.service: lum
|
||||||
traefik.http.routers.lum.tls: "true"
|
traefik.http.routers.lum.tls: "true"
|
||||||
traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV
|
traefik.http.routers.lum.tls.certresolver: $traefik_svc_certresolver
|
||||||
traefik.http.services.lum.loadbalancer.server.port: '80'
|
traefik.http.services.lum.loadbalancer.server.port: '80'
|
||||||
|
|||||||
@ -1,29 +1,18 @@
|
|||||||
version: "3.7"
|
version: "3.7"
|
||||||
|
|
||||||
#networks:
|
|
||||||
# ldap:
|
|
||||||
# external: true
|
|
||||||
# name: ${APP_LDAP_NETWORK}
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
lum:
|
lum:
|
||||||
image: wheelybird/ldap-user-manager:latest
|
image: wheelybird/ldap-user-manager:latest
|
||||||
#restart: always
|
|
||||||
|
|
||||||
#networks:
|
|
||||||
# ldap:
|
|
||||||
|
|
||||||
environment:
|
environment:
|
||||||
- "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN"
|
- "SERVER_HOSTNAME=lum.$app_domain"
|
||||||
- "LDAP_URI=$LDAP_SERVER_URI"
|
- "LDAP_URI=$ldap_uri"
|
||||||
- "LDAP_BASE_DN=$LDAP_BASE_DN"
|
- "LDAP_BASE_DN=$ldap_base_dn"
|
||||||
- "LDAP_ADMINS_GROUP=admins"
|
- "LDAP_ADMINS_GROUP=admins"
|
||||||
- "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN"
|
- "LDAP_ADMIN_BIND_DN=$ldap_admin_bind_dn"
|
||||||
- "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD"
|
- "LDAP_ADMIN_BIND_PWD=$ldap_admin_bind_passwd"
|
||||||
#- "LDAP_ADMIN_BIND_PWD=admin"
|
|
||||||
- "LDAP_IGNORE_CERT_ERRORS=true"
|
- "LDAP_IGNORE_CERT_ERRORS=true"
|
||||||
- "NO_HTTPS=true"
|
- "NO_HTTPS=true" # Tofix, we can't use: ldap_tls here ...
|
||||||
- "ACCEPT_WEAK_PASSWORDS=true"
|
- "ACCEPT_WEAK_PASSWORDS=true"
|
||||||
|
|
||||||
# MrJK Tweaking
|
# MrJK Tweaking
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
librespeed:
|
librespeed:
|
||||||
ports:
|
ports:
|
||||||
#- ${APP_EXPOSE_PORT:-80}:80
|
#- ${app_expose_port:-80}:80
|
||||||
- ${APP_EXPOSE_IP:-0.0.0.0}:${APP_EXPOSE_PORT:-80}:80
|
- ${app_expose_ip:-0.0.0.0}:${app_expose_port:-80}:80
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
networks:
|
networks:
|
||||||
ldap:
|
ldap:
|
||||||
name: ${APP_LDAP_NETWORK:-s3}
|
name: ${net_ldap:-s3}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
minio:
|
minio:
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
networks:
|
networks:
|
||||||
front:
|
front:
|
||||||
external: true
|
external: true
|
||||||
name: ${APP_PROXY_NETWORK:-traefik}
|
name: ${net_proxy:-traefik}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
minio:
|
minio:
|
||||||
|
|||||||
@ -2,7 +2,7 @@ version: "3.9"
|
|||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
name: ${APP_S3_NETWORK:-s3}
|
name: ${net_ostorage:-s3}
|
||||||
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|||||||
@ -17,20 +17,20 @@ services:
|
|||||||
- ./lemonldap-logs:/var/log/nginx
|
- ./lemonldap-logs:/var/log/nginx
|
||||||
|
|
||||||
environment:
|
environment:
|
||||||
- SSODOMAIN=$APP_TOP_DOMAIN
|
- SSODOMAIN=$app_domain
|
||||||
- PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN
|
- PORTAL_HOSTNAME=auth.$app_domain
|
||||||
- MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN
|
- MANAGER_HOSTNAME=lemon.$app_domain
|
||||||
- HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN
|
- HANDLER_HOSTNAME=handler.$app_domain
|
||||||
- TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN
|
- TEST1_HOSTNAME=mytest1.$app_domain
|
||||||
- TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN
|
- TEST2_HOSTNAME=mytest2.$app_domain
|
||||||
- LOGLEVEL=debug
|
- LOGLEVEL=debug
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.lemon.entrypoints: front-http,front-https
|
traefik.http.routers.lemon.entrypoints: front-http,front-https
|
||||||
#traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`)
|
#traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$app_domain`)
|
||||||
traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`)
|
traefik.http.routers.lemon.rule: Host(`auth.$app_domain`,`lemon.$app_domain`,`handler.$app_domain`)
|
||||||
#traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`)
|
#traefik.http.routers.lemon.rule: Host(`lemon.$app_domain`)
|
||||||
traefik.http.routers.lemon.service: lemon
|
traefik.http.routers.lemon.service: lemon
|
||||||
traefik.http.routers.lemon.tls: "true"
|
traefik.http.routers.lemon.tls: "true"
|
||||||
traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV
|
traefik.http.routers.lemon.tls.certresolver: $traefik_svc_certresolver
|
||||||
traefik.http.services.lemon.loadbalancer.server.port: '80'
|
traefik.http.services.lemon.loadbalancer.server.port: '80'
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
name: ${APP_PROXY_NETWORK}
|
name: ${net_proxy}
|
||||||
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
@ -18,11 +18,11 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.selfserve.entrypoints: front-http,front-https
|
traefik.http.routers.selfserve.entrypoints: front-http,front-https
|
||||||
#traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`)
|
#traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$app_domain`)
|
||||||
traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`)
|
traefik.http.routers.selfserve.rule: Host(`self.$app_domain`)
|
||||||
#traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`)
|
#traefik.http.routers.selfserve.rule: Host(`selfserve.$app_domain`)
|
||||||
traefik.http.routers.selfserve.service: selfserve
|
traefik.http.routers.selfserve.service: selfserve
|
||||||
traefik.http.routers.selfserve.tls: "true"
|
traefik.http.routers.selfserve.tls: "true"
|
||||||
traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV
|
traefik.http.routers.selfserve.tls.certresolver: $traefik_svc_certresolver
|
||||||
traefik.http.services.selfserve.loadbalancer.server.port: '80'
|
traefik.http.services.selfserve.loadbalancer.server.port: '80'
|
||||||
|
|
||||||
|
|||||||
@ -1,8 +1,8 @@
|
|||||||
version: "3.9"
|
version: "3.9"
|
||||||
|
|
||||||
networks:
|
#networks:
|
||||||
default:
|
# default:
|
||||||
name: ${app_network_name}
|
# name: ${app_network_name}
|
||||||
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
@ -13,14 +13,15 @@ services:
|
|||||||
default:
|
default:
|
||||||
aliases:
|
aliases:
|
||||||
- ldap
|
- ldap
|
||||||
|
- $ldap_uri_server
|
||||||
environment:
|
environment:
|
||||||
- "LDAP_ORGANISATION=$LDAP_ORGANISATION"
|
- "LDAP_ORGANISATION=${ldap_domain:-$app_fqdn}"
|
||||||
- "LDAP_DOMAIN=$LDAP_DOMAIN"
|
- "LDAP_DOMAIN=${ldap_domain:-$app_fqdn}"
|
||||||
- "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD"
|
- "LDAP_ADMIN_PASSWORD=$ldap_admin_bind_passwd"
|
||||||
- "LDAP_RFC2307BIS_SCHEMA=true"
|
- "LDAP_RFC2307BIS_SCHEMA=true"
|
||||||
- "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
|
- "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
|
||||||
- "LDAP_TLS_VERIFY_CLIENT=never"
|
- "LDAP_TLS_VERIFY_CLIENT=never"
|
||||||
- "LDAP_TLS=false"
|
- "LDAP_TLS=${ldap_tls:-false}"
|
||||||
volumes:
|
volumes:
|
||||||
- $app_dir_conf:/etc/ldap/slapd.d
|
- $app_dir_conf:/etc/ldap/slapd.d
|
||||||
- $app_dir_data:/var/lib/ldap
|
- $app_dir_data:/var/lib/ldap
|
||||||
|
|||||||
@ -6,13 +6,13 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
|
|
||||||
# Custom ACME certificates
|
# Custom ACME certificates
|
||||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true
|
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}=true
|
||||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL}
|
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_EMAIL=${app_admin_email}
|
||||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json
|
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_STORAGE=/data/acme-${traefik_svc_certresolver}.json
|
||||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true
|
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE=true
|
||||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER}
|
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_PROVIDER}
|
||||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
|
#- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
|
||||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
|
#- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
|
||||||
|
|
||||||
# ACME credentials for ovh-eu
|
# ACME credentials for ovh-eu
|
||||||
# - OVH_ENDPOINT=ovh-eu
|
# - OVH_ENDPOINT=ovh-eu
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user