Add Lychee and fix stuff
parent
e3a9a64675
commit
8bfb5909f8
4
all.yml
4
all.yml
|
@ -16,3 +16,7 @@
|
||||||
tags: ["docker"]
|
tags: ["docker"]
|
||||||
- role: "traefik"
|
- role: "traefik"
|
||||||
tags: ["docker", "traefik"]
|
tags: ["docker", "traefik"]
|
||||||
|
- role: "grav"
|
||||||
|
tags: ["docker", "grav"]
|
||||||
|
- role: "lychee"
|
||||||
|
tags: ["docker", "lychee"]
|
||||||
|
|
|
@ -1,16 +1,18 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
66363166326338646463393939653335373564616361303565363066633931333637656330616636
|
30666166383930623566383530643039346135323862643935353063396638333462393530333363
|
||||||
3031633235313930666138646662643036376662613139340a396466303434386232663131346466
|
3862636461353565353331663163323362663635396666370a336633623666343361613035316632
|
||||||
35653261386639623264646331363037336439373065323437663039333635633430323938363861
|
30663833623362393139343237326137643537343036336635663930343330303663393235653661
|
||||||
6631656433626432320a303938333734373961333264663835316134326464643365393963613036
|
3339396266373636300a653733666236646637343735373931613033666532636437363965323461
|
||||||
30306337373636366336373736633233393466323663306331343762336465373737383536393735
|
39633032616233663464343635313838616431356363363333356265343030376337646137313436
|
||||||
35353837316264663461643733653536346537333731646436646566656538643661623530323536
|
39613230393965333764366465353361366361336661386464303763663739613435373735346139
|
||||||
62646665303566633461343739626332326334636531336264636533353431393436336333393564
|
35353131303038633561336464366162636362316538363735653730383531306363326138636265
|
||||||
30353062326434613663373730656431623638333537383031343837353231323665666432356166
|
36383936623162613335356430383934356435353039353437393063653739356165323637343738
|
||||||
31653432383261396664383863623864633633373431356363656131313862336364343061393730
|
35636433343139656631643636393232333431333039656136393734383639373066323364323766
|
||||||
38666236323237626536313739643063303838653636613037383465663163313061326532356239
|
66316638636237353164623861303639343930396162633866313730613066393361643661666633
|
||||||
32363966323363353233356631363033616462313036376663383833636331353763373132303031
|
63346263326165326239623232303335336332643265303465353364616530373065383961363537
|
||||||
38653866303636633163303064343239663330666537333833373630326335323261356534643062
|
64333339393934623838333863353532353735383137626234363562353264373661633032333363
|
||||||
30363463643162623736373233633661623530353037353430376535636361336534353936336136
|
37386534636664653239356432623232643031633731323336313839633633643630653862376461
|
||||||
61346235373034626563343637336166633531373939636366666666616338396339353535323032
|
37366336396237353939663365366137323766393238373036346531393231396665616364653465
|
||||||
623138313638333138323638336365643930
|
64643438643963333438353363333237323233663730313732313665303238643863316463326262
|
||||||
|
30663531346432373235353065316132336265306136326339316530343232356131663034616662
|
||||||
|
65633730343337623736396461623737393337633165643264396531646461306564
|
||||||
|
|
|
@ -10,6 +10,7 @@ ssh_port: "2220"
|
||||||
prometheus_server_ip: "51.178.182.35"
|
prometheus_server_ip: "51.178.182.35"
|
||||||
|
|
||||||
docker_files: "/home/{{ base_user_name }}/docker"
|
docker_files: "/home/{{ base_user_name }}/docker"
|
||||||
|
compose_version: "3.7"
|
||||||
|
|
||||||
traefik_network: proxy
|
traefik_network: proxy
|
||||||
|
|
||||||
|
|
|
@ -14,3 +14,4 @@ ihl_base_apt_packages:
|
||||||
- smartmontools
|
- smartmontools
|
||||||
- sudo
|
- sudo
|
||||||
- nano
|
- nano
|
||||||
|
- rsync
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"log-driver": "json-file",
|
||||||
|
"log-opts": {
|
||||||
|
"max-size": "100m",
|
||||||
|
"max-file": "3"
|
||||||
|
}
|
||||||
|
}
|
|
@ -21,6 +21,15 @@
|
||||||
state: "{{ docker_service_state }}"
|
state: "{{ docker_service_state }}"
|
||||||
enabled: "{{ docker_service_enabled }}"
|
enabled: "{{ docker_service_enabled }}"
|
||||||
|
|
||||||
|
- name: Copy Docker configuration
|
||||||
|
copy:
|
||||||
|
src: daemon.json
|
||||||
|
dest: /etc/docker/daemon.json
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: Restart docker
|
||||||
|
|
||||||
- name: Ensure handlers are notified now to avoid firewall conflicts.
|
- name: Ensure handlers are notified now to avoid firewall conflicts.
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
echo "Launching supercronic..."
|
||||||
|
supercronic /var/www/crontab &
|
||||||
|
echo "Launching Grav..."
|
||||||
|
exec $@
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
- name: Create Grav directory
|
||||||
|
file:
|
||||||
|
path: "{{ grav_folder_name }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ base_user_name }}"
|
||||||
|
group: "{{ base_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Copy Grav templates
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
# Remove .j2 extension
|
||||||
|
dest: "{{ grav_folder_name }}/{{ (item | splitext)[0] }}"
|
||||||
|
owner: "{{ base_user_name }}"
|
||||||
|
group: "{{ base_user_name }}"
|
||||||
|
mode: 0644
|
||||||
|
loop:
|
||||||
|
- docker-compose.yml.j2
|
||||||
|
- Dockerfile.j2
|
||||||
|
|
||||||
|
- name: Copy Grav entrypoint
|
||||||
|
copy:
|
||||||
|
src: entrypoint.sh
|
||||||
|
dest: "{{ grav_folder_name }}/entrypoint.sh"
|
||||||
|
owner: "{{ base_user_name }}"
|
||||||
|
group: "{{ base_user_name }}"
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Build Grav
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "{{ grav_folder_name }}"
|
||||||
|
build: yes
|
||||||
|
|
||||||
|
- name: Ensure container is up to date
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "{{ traefik_folder_name }}"
|
||||||
|
remove_orphans: yes
|
||||||
|
pull: yes
|
||||||
|
recreate: smart
|
||||||
|
state: present
|
|
@ -0,0 +1,92 @@
|
||||||
|
FROM php:7.4-apache
|
||||||
|
LABEL maintainer="Andy Miller <rhuk@getgrav.org> (@rhukster)"
|
||||||
|
|
||||||
|
# Enable Apache Rewrite + Expires Module
|
||||||
|
RUN a2enmod rewrite expires && \
|
||||||
|
sed -i 's/ServerTokens OS/ServerTokens ProductOnly/g' \
|
||||||
|
/etc/apache2/conf-available/security.conf
|
||||||
|
|
||||||
|
# Install dependencies
|
||||||
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
|
unzip \
|
||||||
|
libfreetype6-dev \
|
||||||
|
libjpeg62-turbo-dev \
|
||||||
|
libpng-dev \
|
||||||
|
libyaml-dev \
|
||||||
|
libzip4 \
|
||||||
|
libzip-dev \
|
||||||
|
zlib1g-dev \
|
||||||
|
libicu-dev \
|
||||||
|
g++ \
|
||||||
|
git \
|
||||||
|
cron \
|
||||||
|
vim \
|
||||||
|
&& docker-php-ext-install opcache \
|
||||||
|
&& docker-php-ext-configure intl \
|
||||||
|
&& docker-php-ext-install intl \
|
||||||
|
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
|
||||||
|
&& docker-php-ext-install -j$(nproc) gd \
|
||||||
|
&& docker-php-ext-install zip \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# set recommended PHP.ini settings
|
||||||
|
# see https://secure.php.net/manual/en/opcache.installation.php
|
||||||
|
RUN { \
|
||||||
|
echo 'opcache.memory_consumption=128'; \
|
||||||
|
echo 'opcache.interned_strings_buffer=8'; \
|
||||||
|
echo 'opcache.max_accelerated_files=4000'; \
|
||||||
|
echo 'opcache.revalidate_freq=2'; \
|
||||||
|
echo 'opcache.fast_shutdown=1'; \
|
||||||
|
echo 'opcache.enable_cli=1'; \
|
||||||
|
echo 'upload_max_filesize=128M'; \
|
||||||
|
echo 'post_max_size=128M'; \
|
||||||
|
echo 'expose_php=off'; \
|
||||||
|
} > /usr/local/etc/php/conf.d/php-recommended.ini
|
||||||
|
|
||||||
|
RUN pecl install apcu \
|
||||||
|
&& pecl install yaml-2.0.4 \
|
||||||
|
&& docker-php-ext-enable apcu yaml
|
||||||
|
|
||||||
|
# Install Supercronic
|
||||||
|
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64 \
|
||||||
|
SUPERCRONIC=supercronic-linux-amd64 \
|
||||||
|
SUPERCRONIC_SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
|
||||||
|
|
||||||
|
RUN curl -fsSLO "$SUPERCRONIC_URL" \
|
||||||
|
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
|
||||||
|
&& chmod +x "$SUPERCRONIC" \
|
||||||
|
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
|
||||||
|
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
|
||||||
|
|
||||||
|
# Create cron job for Grav maintenance scripts
|
||||||
|
RUN echo "*/30 * * * * cd /var/www/html;/usr/local/bin/php bin/grav scheduler 1>> /dev/null 2>&1" > /var/www/crontab
|
||||||
|
|
||||||
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
|
RUN sed -i s/80/{{ grav_internal_port }}/g /etc/apache2/sites-enabled/000-default.conf /etc/apache2/ports.conf
|
||||||
|
|
||||||
|
# Set user to www-data
|
||||||
|
RUN chown www-data:www-data /var/www
|
||||||
|
USER www-data
|
||||||
|
|
||||||
|
|
||||||
|
# Set Grav version
|
||||||
|
ARG GRAV_VERSION={{ grav_version }}
|
||||||
|
|
||||||
|
# Install grav
|
||||||
|
WORKDIR /var/www
|
||||||
|
RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \
|
||||||
|
unzip grav-admin.zip && \
|
||||||
|
mv -T /var/www/grav-admin /var/www/html && \
|
||||||
|
rm grav-admin.zip
|
||||||
|
|
||||||
|
# Install plugins
|
||||||
|
RUN cd html && \
|
||||||
|
bin/gpm install admin
|
||||||
|
|
||||||
|
# provide container inside image for data persistance
|
||||||
|
VOLUME ["/var/www/html"]
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
CMD ["apache2-foreground"]
|
|
@ -0,0 +1,25 @@
|
||||||
|
version: "{{ compose_version }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
name: "{{ traefik_network }}"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
grav_lola:
|
||||||
|
name: grav_lola
|
||||||
|
|
||||||
|
services:
|
||||||
|
grav_lola:
|
||||||
|
image: grav:{{ grav_version }}
|
||||||
|
build: .
|
||||||
|
container_name: grav_lola
|
||||||
|
volumes:
|
||||||
|
- grav_lola:/var/www/html
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
labels:
|
||||||
|
traefik.http.routers.grav.entrypoints: websecure
|
||||||
|
traefik.http.routers.grav.rule: "Host(`blog.leaula.me`)"
|
||||||
|
traefik.http.services.grav.loadbalancer.server.port: "{{ grav_internal_port }}"
|
||||||
|
traefik.enable: true
|
||||||
|
restart: unless-stopped
|
|
@ -0,0 +1,3 @@
|
||||||
|
grav_internal_port: 8080
|
||||||
|
grav_version: 1.7.13
|
||||||
|
grav_folder_name: "{{ docker_files }}/grav"
|
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
- name: Create Lychee directory
|
||||||
|
file:
|
||||||
|
path: "{{ lychee_folder_name }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ base_user_name }}"
|
||||||
|
group: "{{ base_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Copy Lychee Compose file
|
||||||
|
template:
|
||||||
|
src: docker-compose.yml.j2
|
||||||
|
# Remove .j2 extension
|
||||||
|
dest: "{{ lychee_folder_name }}/docker-compose.yml"
|
||||||
|
owner: "{{ base_user_name }}"
|
||||||
|
group: "{{ base_user_name }}"
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Ensure container is up to date
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "{{ lychee_folder_name }}"
|
||||||
|
remove_orphans: yes
|
||||||
|
pull: yes
|
||||||
|
recreate: smart
|
||||||
|
state: present
|
|
@ -0,0 +1,57 @@
|
||||||
|
version: "{{ compose_version }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
name: "{{ traefik_network }}"
|
||||||
|
db:
|
||||||
|
name: lychee_db
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
lychee_db:
|
||||||
|
name: lychee_db
|
||||||
|
lychee_uploads:
|
||||||
|
name: lychee_uploads
|
||||||
|
|
||||||
|
services:
|
||||||
|
lychee:
|
||||||
|
container_name: lychee
|
||||||
|
image: "lycheeorg/lychee:{{ lychee_version }}"
|
||||||
|
volumes:
|
||||||
|
- lychee_uploads:/uploads
|
||||||
|
labels:
|
||||||
|
traefik.http.routers.lychee.entrypoints: websecure
|
||||||
|
traefik.http.routers.lychee.rule: "Host(`pic.{{ domain_name }}`)"
|
||||||
|
traefik.http.services.lychee.loadbalancer.server.port: 80
|
||||||
|
traefik.enable: true
|
||||||
|
environment:
|
||||||
|
PUID: 1001
|
||||||
|
PGID: 1001
|
||||||
|
PHP_TZ: Europe/Paris
|
||||||
|
DB_CONNECTION: pgsql
|
||||||
|
DB_HOST: lychee_db
|
||||||
|
DB_PORT: 5432
|
||||||
|
DB_DATABASE: lychee
|
||||||
|
DB_USERNAME: lychee
|
||||||
|
DB_PASSWORD: "{{ lychee_db_password }}"
|
||||||
|
APP_NAME: Lychee
|
||||||
|
APP_ENV: production
|
||||||
|
APP_DEBUG: "false"
|
||||||
|
STARTUP_DELAY: 5
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- db
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
lychee_db:
|
||||||
|
image: "postgres:{{ postgres_version }}-alpine"
|
||||||
|
container_name: lychee_db
|
||||||
|
volumes:
|
||||||
|
- lychee_db:/var/lib/postgresql/data
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: lychee
|
||||||
|
POSTGRES_PASSWORD: "{{ lychee_db_password }}"
|
||||||
|
POSTGRES_DB: lychee
|
||||||
|
networks:
|
||||||
|
- db
|
||||||
|
restart: unless-stopped
|
|
@ -0,0 +1,3 @@
|
||||||
|
lychee_folder_name: "{{ docker_files }}/lychee"
|
||||||
|
lychee_version: v4.3.0
|
||||||
|
postgres_version: 13
|
|
@ -1,17 +0,0 @@
|
||||||
traefik_folder_name: "{{ docker_files }}/traefik"
|
|
||||||
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
|
|
||||||
traefik_metrics_port: 8082
|
|
||||||
traefik_http_port: 80
|
|
||||||
traefik_https_port: 443
|
|
||||||
# Equivalent of docker-compose stop
|
|
||||||
traefik_stopped: no
|
|
||||||
# Equivalent of docker-compose restart
|
|
||||||
traefik_restarted: no
|
|
||||||
# If always, equivalent to up -d --force-recreate
|
|
||||||
traefik_recreated: smart
|
|
||||||
# If present, up (or restart/stop depending of the above)
|
|
||||||
# If absent, equivalent of docker-compose down
|
|
||||||
traefik_state: present
|
|
||||||
traefik_subdomain: proxy
|
|
||||||
|
|
||||||
traefik_version: 2.4
|
|
|
@ -43,7 +43,5 @@
|
||||||
project_src: "{{ traefik_folder_name }}"
|
project_src: "{{ traefik_folder_name }}"
|
||||||
remove_orphans: yes
|
remove_orphans: yes
|
||||||
pull: yes
|
pull: yes
|
||||||
recreate: "{{ traefik_recreated }}"
|
recreate: smart
|
||||||
restarted: "{{ traefik_restarted }}"
|
state: present
|
||||||
state: "{{ traefik_state }}"
|
|
||||||
stopped: "{{ traefik_stopped }}"
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
version: "3.7"
|
version: "{{ compose_version }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -34,5 +34,5 @@ services:
|
||||||
environment:
|
environment:
|
||||||
GANDIV5_API_KEY: "{{ gandi_api_key }}"
|
GANDIV5_API_KEY: "{{ gandi_api_key }}"
|
||||||
networks:
|
networks:
|
||||||
- "{{ traefik_network }}"
|
- proxy
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
traefik_folder_name: "{{ docker_files }}/traefik"
|
||||||
|
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
|
||||||
|
traefik_metrics_port: 8082
|
||||||
|
traefik_http_port: 80
|
||||||
|
traefik_https_port: 443
|
||||||
|
traefik_subdomain: proxy
|
||||||
|
|
||||||
|
traefik_version: 2.4
|
Loading…
Reference in New Issue