Add Lychee and fix stuff

master
Quentin Duchemin 2021-04-26 21:23:23 +02:00
parent e3a9a64675
commit 8bfb5909f8
Signed by: Chosto
GPG Key ID: 0547178FEEDE7D6B
20 changed files with 304 additions and 38 deletions

View File

@ -16,3 +16,7 @@
tags: ["docker"] tags: ["docker"]
- role: "traefik" - role: "traefik"
tags: ["docker", "traefik"] tags: ["docker", "traefik"]
- role: "grav"
tags: ["docker", "grav"]
- role: "lychee"
tags: ["docker", "lychee"]

View File

@ -1,16 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
66363166326338646463393939653335373564616361303565363066633931333637656330616636 30666166383930623566383530643039346135323862643935353063396638333462393530333363
3031633235313930666138646662643036376662613139340a396466303434386232663131346466 3862636461353565353331663163323362663635396666370a336633623666343361613035316632
35653261386639623264646331363037336439373065323437663039333635633430323938363861 30663833623362393139343237326137643537343036336635663930343330303663393235653661
6631656433626432320a303938333734373961333264663835316134326464643365393963613036 3339396266373636300a653733666236646637343735373931613033666532636437363965323461
30306337373636366336373736633233393466323663306331343762336465373737383536393735 39633032616233663464343635313838616431356363363333356265343030376337646137313436
35353837316264663461643733653536346537333731646436646566656538643661623530323536 39613230393965333764366465353361366361336661386464303763663739613435373735346139
62646665303566633461343739626332326334636531336264636533353431393436336333393564 35353131303038633561336464366162636362316538363735653730383531306363326138636265
30353062326434613663373730656431623638333537383031343837353231323665666432356166 36383936623162613335356430383934356435353039353437393063653739356165323637343738
31653432383261396664383863623864633633373431356363656131313862336364343061393730 35636433343139656631643636393232333431333039656136393734383639373066323364323766
38666236323237626536313739643063303838653636613037383465663163313061326532356239 66316638636237353164623861303639343930396162633866313730613066393361643661666633
32363966323363353233356631363033616462313036376663383833636331353763373132303031 63346263326165326239623232303335336332643265303465353364616530373065383961363537
38653866303636633163303064343239663330666537333833373630326335323261356534643062 64333339393934623838333863353532353735383137626234363562353264373661633032333363
30363463643162623736373233633661623530353037353430376535636361336534353936336136 37386534636664653239356432623232643031633731323336313839633633643630653862376461
61346235373034626563343637336166633531373939636366666666616338396339353535323032 37366336396237353939663365366137323766393238373036346531393231396665616364653465
623138313638333138323638336365643930 64643438643963333438353363333237323233663730313732313665303238643863316463326262
30663531346432373235353065316132336265306136326339316530343232356131663034616662
65633730343337623736396461623737393337633165643264396531646461306564

View File

@ -10,6 +10,7 @@ ssh_port: "2220"
prometheus_server_ip: "51.178.182.35" prometheus_server_ip: "51.178.182.35"
docker_files: "/home/{{ base_user_name }}/docker" docker_files: "/home/{{ base_user_name }}/docker"
compose_version: "3.7"
traefik_network: proxy traefik_network: proxy

View File

@ -14,3 +14,4 @@ ihl_base_apt_packages:
- smartmontools - smartmontools
- sudo - sudo
- nano - nano
- rsync

View File

@ -0,0 +1,7 @@
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}

View File

@ -21,6 +21,15 @@
state: "{{ docker_service_state }}" state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}" enabled: "{{ docker_service_enabled }}"
- name: Copy Docker configuration
copy:
src: daemon.json
dest: /etc/docker/daemon.json
owner: root
group: root
mode: 0644
notify: Restart docker
- name: Ensure handlers are notified now to avoid firewall conflicts. - name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers meta: flush_handlers

View File

@ -0,0 +1,7 @@
#!/bin/sh
set -e
echo "Launching supercronic..."
supercronic /var/www/crontab &
echo "Launching Grav..."
exec $@

View File

@ -0,0 +1,41 @@
---
- name: Create Grav directory
file:
path: "{{ grav_folder_name }}"
state: directory
owner: "{{ base_user_name }}"
group: "{{ base_user_name }}"
mode: 0755
- name: Copy Grav templates
template:
src: "{{ item }}"
# Remove .j2 extension
dest: "{{ grav_folder_name }}/{{ (item | splitext)[0] }}"
owner: "{{ base_user_name }}"
group: "{{ base_user_name }}"
mode: 0644
loop:
- docker-compose.yml.j2
- Dockerfile.j2
- name: Copy Grav entrypoint
copy:
src: entrypoint.sh
dest: "{{ grav_folder_name }}/entrypoint.sh"
owner: "{{ base_user_name }}"
group: "{{ base_user_name }}"
mode: 0644
- name: Build Grav
community.docker.docker_compose:
project_src: "{{ grav_folder_name }}"
build: yes
- name: Ensure container is up to date
community.docker.docker_compose:
project_src: "{{ traefik_folder_name }}"
remove_orphans: yes
pull: yes
recreate: smart
state: present

View File

@ -0,0 +1,92 @@
FROM php:7.4-apache
LABEL maintainer="Andy Miller <rhuk@getgrav.org> (@rhukster)"
# Enable Apache Rewrite + Expires Module
RUN a2enmod rewrite expires && \
sed -i 's/ServerTokens OS/ServerTokens ProductOnly/g' \
/etc/apache2/conf-available/security.conf
# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
unzip \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libyaml-dev \
libzip4 \
libzip-dev \
zlib1g-dev \
libicu-dev \
g++ \
git \
cron \
vim \
&& docker-php-ext-install opcache \
&& docker-php-ext-configure intl \
&& docker-php-ext-install intl \
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd \
&& docker-php-ext-install zip \
&& rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=4000'; \
echo 'opcache.revalidate_freq=2'; \
echo 'opcache.fast_shutdown=1'; \
echo 'opcache.enable_cli=1'; \
echo 'upload_max_filesize=128M'; \
echo 'post_max_size=128M'; \
echo 'expose_php=off'; \
} > /usr/local/etc/php/conf.d/php-recommended.ini
RUN pecl install apcu \
&& pecl install yaml-2.0.4 \
&& docker-php-ext-enable apcu yaml
# Install Supercronic
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64 \
SUPERCRONIC=supercronic-linux-amd64 \
SUPERCRONIC_SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
RUN curl -fsSLO "$SUPERCRONIC_URL" \
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
&& chmod +x "$SUPERCRONIC" \
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
# Create cron job for Grav maintenance scripts
RUN echo "*/30 * * * * cd /var/www/html;/usr/local/bin/php bin/grav scheduler 1>> /dev/null 2>&1" > /var/www/crontab
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
RUN sed -i s/80/{{ grav_internal_port }}/g /etc/apache2/sites-enabled/000-default.conf /etc/apache2/ports.conf
# Set user to www-data
RUN chown www-data:www-data /var/www
USER www-data
# Set Grav version
ARG GRAV_VERSION={{ grav_version }}
# Install grav
WORKDIR /var/www
RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \
unzip grav-admin.zip && \
mv -T /var/www/grav-admin /var/www/html && \
rm grav-admin.zip
# Install plugins
RUN cd html && \
bin/gpm install admin
# provide container inside image for data persistance
VOLUME ["/var/www/html"]
ENTRYPOINT ["/entrypoint.sh"]
CMD ["apache2-foreground"]

View File

@ -0,0 +1,25 @@
version: "{{ compose_version }}"
networks:
proxy:
name: "{{ traefik_network }}"
volumes:
grav_lola:
name: grav_lola
services:
grav_lola:
image: grav:{{ grav_version }}
build: .
container_name: grav_lola
volumes:
- grav_lola:/var/www/html
networks:
- proxy
labels:
traefik.http.routers.grav.entrypoints: websecure
traefik.http.routers.grav.rule: "Host(`blog.leaula.me`)"
traefik.http.services.grav.loadbalancer.server.port: "{{ grav_internal_port }}"
traefik.enable: true
restart: unless-stopped

View File

@ -0,0 +1,3 @@
grav_internal_port: 8080
grav_version: 1.7.13
grav_folder_name: "{{ docker_files }}/grav"

View File

@ -0,0 +1,25 @@
---
- name: Create Lychee directory
file:
path: "{{ lychee_folder_name }}"
state: directory
owner: "{{ base_user_name }}"
group: "{{ base_user_name }}"
mode: 0755
- name: Copy Lychee Compose file
template:
src: docker-compose.yml.j2
# Remove .j2 extension
dest: "{{ lychee_folder_name }}/docker-compose.yml"
owner: "{{ base_user_name }}"
group: "{{ base_user_name }}"
mode: 0644
- name: Ensure container is up to date
community.docker.docker_compose:
project_src: "{{ lychee_folder_name }}"
remove_orphans: yes
pull: yes
recreate: smart
state: present

View File

@ -0,0 +1,57 @@
version: "{{ compose_version }}"
networks:
proxy:
name: "{{ traefik_network }}"
db:
name: lychee_db
volumes:
lychee_db:
name: lychee_db
lychee_uploads:
name: lychee_uploads
services:
lychee:
container_name: lychee
image: "lycheeorg/lychee:{{ lychee_version }}"
volumes:
- lychee_uploads:/uploads
labels:
traefik.http.routers.lychee.entrypoints: websecure
traefik.http.routers.lychee.rule: "Host(`pic.{{ domain_name }}`)"
traefik.http.services.lychee.loadbalancer.server.port: 80
traefik.enable: true
environment:
PUID: 1001
PGID: 1001
PHP_TZ: Europe/Paris
DB_CONNECTION: pgsql
DB_HOST: lychee_db
DB_PORT: 5432
DB_DATABASE: lychee
DB_USERNAME: lychee
DB_PASSWORD: "{{ lychee_db_password }}"
APP_NAME: Lychee
APP_ENV: production
APP_DEBUG: "false"
STARTUP_DELAY: 5
networks:
- proxy
- db
restart: unless-stopped
lychee_db:
image: "postgres:{{ postgres_version }}-alpine"
container_name: lychee_db
volumes:
- lychee_db:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
POSTGRES_USER: lychee
POSTGRES_PASSWORD: "{{ lychee_db_password }}"
POSTGRES_DB: lychee
networks:
- db
restart: unless-stopped

View File

@ -0,0 +1,3 @@
lychee_folder_name: "{{ docker_files }}/lychee"
lychee_version: v4.3.0
postgres_version: 13

View File

@ -1,17 +0,0 @@
traefik_folder_name: "{{ docker_files }}/traefik"
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
traefik_metrics_port: 8082
traefik_http_port: 80
traefik_https_port: 443
# Equivalent of docker-compose stop
traefik_stopped: no
# Equivalent of docker-compose restart
traefik_restarted: no
# If always, equivalent to up -d --force-recreate
traefik_recreated: smart
# If present, up (or restart/stop depending of the above)
# If absent, equivalent of docker-compose down
traefik_state: present
traefik_subdomain: proxy
traefik_version: 2.4

View File

@ -43,7 +43,5 @@
project_src: "{{ traefik_folder_name }}" project_src: "{{ traefik_folder_name }}"
remove_orphans: yes remove_orphans: yes
pull: yes pull: yes
recreate: "{{ traefik_recreated }}" recreate: smart
restarted: "{{ traefik_restarted }}" state: present
state: "{{ traefik_state }}"
stopped: "{{ traefik_stopped }}"

View File

@ -1,4 +1,4 @@
version: "3.7" version: "{{ compose_version }}"
networks: networks:
proxy: proxy:
@ -34,5 +34,5 @@ services:
environment: environment:
GANDIV5_API_KEY: "{{ gandi_api_key }}" GANDIV5_API_KEY: "{{ gandi_api_key }}"
networks: networks:
- "{{ traefik_network }}" - proxy
restart: unless-stopped restart: unless-stopped

View File

@ -0,0 +1,8 @@
traefik_folder_name: "{{ docker_files }}/traefik"
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
traefik_metrics_port: 8082
traefik_http_port: 80
traefik_https_port: 443
traefik_subdomain: proxy
traefik_version: 2.4

View File