Add Lychee and fix stuff
parent
e3a9a64675
commit
8bfb5909f8
4
all.yml
4
all.yml
|
@ -16,3 +16,7 @@
|
|||
tags: ["docker"]
|
||||
- role: "traefik"
|
||||
tags: ["docker", "traefik"]
|
||||
- role: "grav"
|
||||
tags: ["docker", "grav"]
|
||||
- role: "lychee"
|
||||
tags: ["docker", "lychee"]
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66363166326338646463393939653335373564616361303565363066633931333637656330616636
|
||||
3031633235313930666138646662643036376662613139340a396466303434386232663131346466
|
||||
35653261386639623264646331363037336439373065323437663039333635633430323938363861
|
||||
6631656433626432320a303938333734373961333264663835316134326464643365393963613036
|
||||
30306337373636366336373736633233393466323663306331343762336465373737383536393735
|
||||
35353837316264663461643733653536346537333731646436646566656538643661623530323536
|
||||
62646665303566633461343739626332326334636531336264636533353431393436336333393564
|
||||
30353062326434613663373730656431623638333537383031343837353231323665666432356166
|
||||
31653432383261396664383863623864633633373431356363656131313862336364343061393730
|
||||
38666236323237626536313739643063303838653636613037383465663163313061326532356239
|
||||
32363966323363353233356631363033616462313036376663383833636331353763373132303031
|
||||
38653866303636633163303064343239663330666537333833373630326335323261356534643062
|
||||
30363463643162623736373233633661623530353037353430376535636361336534353936336136
|
||||
61346235373034626563343637336166633531373939636366666666616338396339353535323032
|
||||
623138313638333138323638336365643930
|
||||
30666166383930623566383530643039346135323862643935353063396638333462393530333363
|
||||
3862636461353565353331663163323362663635396666370a336633623666343361613035316632
|
||||
30663833623362393139343237326137643537343036336635663930343330303663393235653661
|
||||
3339396266373636300a653733666236646637343735373931613033666532636437363965323461
|
||||
39633032616233663464343635313838616431356363363333356265343030376337646137313436
|
||||
39613230393965333764366465353361366361336661386464303763663739613435373735346139
|
||||
35353131303038633561336464366162636362316538363735653730383531306363326138636265
|
||||
36383936623162613335356430383934356435353039353437393063653739356165323637343738
|
||||
35636433343139656631643636393232333431333039656136393734383639373066323364323766
|
||||
66316638636237353164623861303639343930396162633866313730613066393361643661666633
|
||||
63346263326165326239623232303335336332643265303465353364616530373065383961363537
|
||||
64333339393934623838333863353532353735383137626234363562353264373661633032333363
|
||||
37386534636664653239356432623232643031633731323336313839633633643630653862376461
|
||||
37366336396237353939663365366137323766393238373036346531393231396665616364653465
|
||||
64643438643963333438353363333237323233663730313732313665303238643863316463326262
|
||||
30663531346432373235353065316132336265306136326339316530343232356131663034616662
|
||||
65633730343337623736396461623737393337633165643264396531646461306564
|
||||
|
|
|
@ -10,6 +10,7 @@ ssh_port: "2220"
|
|||
prometheus_server_ip: "51.178.182.35"
|
||||
|
||||
docker_files: "/home/{{ base_user_name }}/docker"
|
||||
compose_version: "3.7"
|
||||
|
||||
traefik_network: proxy
|
||||
|
||||
|
|
|
@ -14,3 +14,4 @@ ihl_base_apt_packages:
|
|||
- smartmontools
|
||||
- sudo
|
||||
- nano
|
||||
- rsync
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"log-driver": "json-file",
|
||||
"log-opts": {
|
||||
"max-size": "100m",
|
||||
"max-file": "3"
|
||||
}
|
||||
}
|
|
@ -21,6 +21,15 @@
|
|||
state: "{{ docker_service_state }}"
|
||||
enabled: "{{ docker_service_enabled }}"
|
||||
|
||||
- name: Copy Docker configuration
|
||||
copy:
|
||||
src: daemon.json
|
||||
dest: /etc/docker/daemon.json
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Restart docker
|
||||
|
||||
- name: Ensure handlers are notified now to avoid firewall conflicts.
|
||||
meta: flush_handlers
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
echo "Launching supercronic..."
|
||||
supercronic /var/www/crontab &
|
||||
echo "Launching Grav..."
|
||||
exec $@
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- name: Create Grav directory
|
||||
file:
|
||||
path: "{{ grav_folder_name }}"
|
||||
state: directory
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Copy Grav templates
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
# Remove .j2 extension
|
||||
dest: "{{ grav_folder_name }}/{{ (item | splitext)[0] }}"
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- docker-compose.yml.j2
|
||||
- Dockerfile.j2
|
||||
|
||||
- name: Copy Grav entrypoint
|
||||
copy:
|
||||
src: entrypoint.sh
|
||||
dest: "{{ grav_folder_name }}/entrypoint.sh"
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Build Grav
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ grav_folder_name }}"
|
||||
build: yes
|
||||
|
||||
- name: Ensure container is up to date
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ traefik_folder_name }}"
|
||||
remove_orphans: yes
|
||||
pull: yes
|
||||
recreate: smart
|
||||
state: present
|
|
@ -0,0 +1,92 @@
|
|||
FROM php:7.4-apache
|
||||
LABEL maintainer="Andy Miller <rhuk@getgrav.org> (@rhukster)"
|
||||
|
||||
# Enable Apache Rewrite + Expires Module
|
||||
RUN a2enmod rewrite expires && \
|
||||
sed -i 's/ServerTokens OS/ServerTokens ProductOnly/g' \
|
||||
/etc/apache2/conf-available/security.conf
|
||||
|
||||
# Install dependencies
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
unzip \
|
||||
libfreetype6-dev \
|
||||
libjpeg62-turbo-dev \
|
||||
libpng-dev \
|
||||
libyaml-dev \
|
||||
libzip4 \
|
||||
libzip-dev \
|
||||
zlib1g-dev \
|
||||
libicu-dev \
|
||||
g++ \
|
||||
git \
|
||||
cron \
|
||||
vim \
|
||||
&& docker-php-ext-install opcache \
|
||||
&& docker-php-ext-configure intl \
|
||||
&& docker-php-ext-install intl \
|
||||
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
|
||||
&& docker-php-ext-install -j$(nproc) gd \
|
||||
&& docker-php-ext-install zip \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# set recommended PHP.ini settings
|
||||
# see https://secure.php.net/manual/en/opcache.installation.php
|
||||
RUN { \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=4000'; \
|
||||
echo 'opcache.revalidate_freq=2'; \
|
||||
echo 'opcache.fast_shutdown=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'upload_max_filesize=128M'; \
|
||||
echo 'post_max_size=128M'; \
|
||||
echo 'expose_php=off'; \
|
||||
} > /usr/local/etc/php/conf.d/php-recommended.ini
|
||||
|
||||
RUN pecl install apcu \
|
||||
&& pecl install yaml-2.0.4 \
|
||||
&& docker-php-ext-enable apcu yaml
|
||||
|
||||
# Install Supercronic
|
||||
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64 \
|
||||
SUPERCRONIC=supercronic-linux-amd64 \
|
||||
SUPERCRONIC_SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
|
||||
|
||||
RUN curl -fsSLO "$SUPERCRONIC_URL" \
|
||||
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
|
||||
&& chmod +x "$SUPERCRONIC" \
|
||||
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
|
||||
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
|
||||
|
||||
# Create cron job for Grav maintenance scripts
|
||||
RUN echo "*/30 * * * * cd /var/www/html;/usr/local/bin/php bin/grav scheduler 1>> /dev/null 2>&1" > /var/www/crontab
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
RUN sed -i s/80/{{ grav_internal_port }}/g /etc/apache2/sites-enabled/000-default.conf /etc/apache2/ports.conf
|
||||
|
||||
# Set user to www-data
|
||||
RUN chown www-data:www-data /var/www
|
||||
USER www-data
|
||||
|
||||
|
||||
# Set Grav version
|
||||
ARG GRAV_VERSION={{ grav_version }}
|
||||
|
||||
# Install grav
|
||||
WORKDIR /var/www
|
||||
RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \
|
||||
unzip grav-admin.zip && \
|
||||
mv -T /var/www/grav-admin /var/www/html && \
|
||||
rm grav-admin.zip
|
||||
|
||||
# Install plugins
|
||||
RUN cd html && \
|
||||
bin/gpm install admin
|
||||
|
||||
# provide container inside image for data persistance
|
||||
VOLUME ["/var/www/html"]
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["apache2-foreground"]
|
|
@ -0,0 +1,25 @@
|
|||
version: "{{ compose_version }}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: "{{ traefik_network }}"
|
||||
|
||||
volumes:
|
||||
grav_lola:
|
||||
name: grav_lola
|
||||
|
||||
services:
|
||||
grav_lola:
|
||||
image: grav:{{ grav_version }}
|
||||
build: .
|
||||
container_name: grav_lola
|
||||
volumes:
|
||||
- grav_lola:/var/www/html
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
traefik.http.routers.grav.entrypoints: websecure
|
||||
traefik.http.routers.grav.rule: "Host(`blog.leaula.me`)"
|
||||
traefik.http.services.grav.loadbalancer.server.port: "{{ grav_internal_port }}"
|
||||
traefik.enable: true
|
||||
restart: unless-stopped
|
|
@ -0,0 +1,3 @@
|
|||
grav_internal_port: 8080
|
||||
grav_version: 1.7.13
|
||||
grav_folder_name: "{{ docker_files }}/grav"
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Create Lychee directory
|
||||
file:
|
||||
path: "{{ lychee_folder_name }}"
|
||||
state: directory
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Copy Lychee Compose file
|
||||
template:
|
||||
src: docker-compose.yml.j2
|
||||
# Remove .j2 extension
|
||||
dest: "{{ lychee_folder_name }}/docker-compose.yml"
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure container is up to date
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ lychee_folder_name }}"
|
||||
remove_orphans: yes
|
||||
pull: yes
|
||||
recreate: smart
|
||||
state: present
|
|
@ -0,0 +1,57 @@
|
|||
version: "{{ compose_version }}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: "{{ traefik_network }}"
|
||||
db:
|
||||
name: lychee_db
|
||||
|
||||
volumes:
|
||||
lychee_db:
|
||||
name: lychee_db
|
||||
lychee_uploads:
|
||||
name: lychee_uploads
|
||||
|
||||
services:
|
||||
lychee:
|
||||
container_name: lychee
|
||||
image: "lycheeorg/lychee:{{ lychee_version }}"
|
||||
volumes:
|
||||
- lychee_uploads:/uploads
|
||||
labels:
|
||||
traefik.http.routers.lychee.entrypoints: websecure
|
||||
traefik.http.routers.lychee.rule: "Host(`pic.{{ domain_name }}`)"
|
||||
traefik.http.services.lychee.loadbalancer.server.port: 80
|
||||
traefik.enable: true
|
||||
environment:
|
||||
PUID: 1001
|
||||
PGID: 1001
|
||||
PHP_TZ: Europe/Paris
|
||||
DB_CONNECTION: pgsql
|
||||
DB_HOST: lychee_db
|
||||
DB_PORT: 5432
|
||||
DB_DATABASE: lychee
|
||||
DB_USERNAME: lychee
|
||||
DB_PASSWORD: "{{ lychee_db_password }}"
|
||||
APP_NAME: Lychee
|
||||
APP_ENV: production
|
||||
APP_DEBUG: "false"
|
||||
STARTUP_DELAY: 5
|
||||
networks:
|
||||
- proxy
|
||||
- db
|
||||
restart: unless-stopped
|
||||
|
||||
lychee_db:
|
||||
image: "postgres:{{ postgres_version }}-alpine"
|
||||
container_name: lychee_db
|
||||
volumes:
|
||||
- lychee_db:/var/lib/postgresql/data
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
POSTGRES_USER: lychee
|
||||
POSTGRES_PASSWORD: "{{ lychee_db_password }}"
|
||||
POSTGRES_DB: lychee
|
||||
networks:
|
||||
- db
|
||||
restart: unless-stopped
|
|
@ -0,0 +1,3 @@
|
|||
lychee_folder_name: "{{ docker_files }}/lychee"
|
||||
lychee_version: v4.3.0
|
||||
postgres_version: 13
|
|
@ -1,17 +0,0 @@
|
|||
traefik_folder_name: "{{ docker_files }}/traefik"
|
||||
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
|
||||
traefik_metrics_port: 8082
|
||||
traefik_http_port: 80
|
||||
traefik_https_port: 443
|
||||
# Equivalent of docker-compose stop
|
||||
traefik_stopped: no
|
||||
# Equivalent of docker-compose restart
|
||||
traefik_restarted: no
|
||||
# If always, equivalent to up -d --force-recreate
|
||||
traefik_recreated: smart
|
||||
# If present, up (or restart/stop depending of the above)
|
||||
# If absent, equivalent of docker-compose down
|
||||
traefik_state: present
|
||||
traefik_subdomain: proxy
|
||||
|
||||
traefik_version: 2.4
|
|
@ -43,7 +43,5 @@
|
|||
project_src: "{{ traefik_folder_name }}"
|
||||
remove_orphans: yes
|
||||
pull: yes
|
||||
recreate: "{{ traefik_recreated }}"
|
||||
restarted: "{{ traefik_restarted }}"
|
||||
state: "{{ traefik_state }}"
|
||||
stopped: "{{ traefik_stopped }}"
|
||||
recreate: smart
|
||||
state: present
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
version: "3.7"
|
||||
version: "{{ compose_version }}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -34,5 +34,5 @@ services:
|
|||
environment:
|
||||
GANDIV5_API_KEY: "{{ gandi_api_key }}"
|
||||
networks:
|
||||
- "{{ traefik_network }}"
|
||||
- proxy
|
||||
restart: unless-stopped
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
traefik_folder_name: "{{ docker_files }}/traefik"
|
||||
traefik_certs_directory: "{{ traefik_folder_name }}/certs"
|
||||
traefik_metrics_port: 8082
|
||||
traefik_http_port: 80
|
||||
traefik_https_port: 443
|
||||
traefik_subdomain: proxy
|
||||
|
||||
traefik_version: 2.4
|
Loading…
Reference in New Issue