diff --git a/.helpers/deploy.sh b/.helpers/deploy.sh deleted file mode 100644 index 43badc5..0000000 --- a/.helpers/deploy.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit -set -o nounset -set -o pipefail - -SERVICE=$1 - -export $(cat ./config/flow-platform-services.cfg | grep DOCKER_HOST | tr -d "\"") - -docker compose --project-directory ./build/compose up -d --build "${SERVICE}" diff --git a/.helpers/render.sh b/.helpers/render.sh deleted file mode 100644 index 9e9c753..0000000 --- a/.helpers/render.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# -set -o errexit -set -o nounset -set -o pipefail - -SERVICE=$1 - -export $(xargs < ./config/flow-platform-services.cfg) -mkdir -p build/${SERVICE} - -for i in $(find "./templates/${SERVICE}" -mindepth 1 -type f); do - file=$(basename ${i}) - envsubst < "./templates/${SERVICE}/${file}" > "./build/${SERVICE}/${file}" -done diff --git a/Makefile b/Makefile deleted file mode 100644 index 1e7f8b7..0000000 --- a/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -clean: - @find ./build -mindepth 1 -maxdepth 1 -not -iname *.gitkeep | xargs rm -rf - -compose: - bash ./.helpers/render.sh compose - -traefik-files: compose - bash ./.helpers/render.sh traefik - -traefik: traefik-files - bash ./.helpers/deploy.sh traefik - -forgejo-binary: - bash ./.helpers/download-forgejo.sh - -forgejo-files: forgejo-binary compose - bash ./.helpers/render.sh forgejo - -forgejo: forgejo-files - bash ./.helpers/deploy.sh forgejo - -gotosocial-files: compose - bash ./.helpers/render.sh gotosocial - -gotosocial: gotosocial-files - bash ./.helpers/deploy.sh gotosocial diff --git a/config b/config index 214ea82..b2d4b0b 160000 --- a/config +++ b/config @@ -1 +1 @@ -Subproject commit 214ea82fd352ea290d41ee42170db34f54a9ef7f +Subproject commit b2d4b0b766802f32f70ed2e9c1775476b19b9b6a diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..f690975 --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module flow/services + +go 1.19 + +require github.com/magefile/mage v1.14.0 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..f8bfb2f --- /dev/null +++ b/go.sum @@ -0,0 +1,2 @@ +github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo= +github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= diff --git a/magefiles/config.go b/magefiles/config.go new file mode 100644 index 0000000..eb8f49d --- /dev/null +++ b/magefiles/config.go @@ -0,0 +1,90 @@ +//go:build mage +// +build mage + +package main + +import ( + "encoding/json" + "fmt" + "os" +) + +type config struct { + RootDomain string `json:"rootDomain"` + FlowGID int32 `json:"flowGID"` + DockerNetworkSubnet string `json:"dockerNetworkSubnet"` + DockerHost string `json:"dockerHost"` + Traefik traefikConfig `json:"traefik"` + Forgejo forgejoConfig `json:"forgejo"` + GoToSocial gotosocialConfig `json:"gotosocial"` +} + +type traefikConfig struct { + Version string `json:"version"` + CheckNewVersion bool `json:"checkNewVersion"` + ExternalSSHPort int32 `json:"externalSSHPort"` + LogLevel string `json:"logLevel"` + SendAnonymousUsage bool `json:"sendAnonymousUsage"` + ContainerIpv4Address string `json:"containerIpv4Address"` + AcmeEmail string `json:"acmeEmail"` + SharedMountPoint string `json:"sharedMountPoint"` + TlsHostDirectory string `json:"tlsHostDirectory"` + TlsContainerDirectory string `json:"tlsContainerDirectory"` + PilotToken string `json:"pilotToken"` +} + +type forgejoConfig struct { + Version string `json:"version"` + Name string `json:"name"` + Subdomain string `json:"subdomain"` + ContainerIpv4Address string `json:"containerIpv4Address"` + SshPort int32 `json:"sshPort"` + HttpPort int32 `json:"httpPort"` + RunMode string `json:"runMode"` + LogLevel string `json:"logLevel"` + LinuxUID int32 `json:"linuxUID"` + DataHostDirectory string `json:"dataHostDirectory"` + DataContainerDirectory string `json:"dataContainerDirectory"` + Home string `json:"home"` + Work string `json:"work"` + Custom string `json:"custom"` + AppIni string `json:"appIni"` + Bin string `json:"bin"` + Tmp string `json:"tmp"` + SecretHostDirectory string `json:"secretHostDirectory"` + SecretContainerDirectory string `json:"secretContainerDirectory"` + SecretKey string `json:"secretKey"` + InternalToken string `json:"internalToken"` + LfsJwtSecret string `json:"lfsJwtSecret"` +} + +type gotosocialConfig struct { + Version string `json:"version"` + DockerImageDigest string `json:"dockerImageDigest"` + Name string `json:"name"` + LogLevel string `json:"logLevel"` + LinuxUID int32 `json:"linuxUID"` + Subdomain string `json:"subdomain"` + ContainerIpv4Address string `json:"containerIpv4Address"` + Port int32 `json:"port"` + DataHostDirectory string `json:"dataHostDirectory"` + DataContainerDirectory string `json:"dataContainerDirectory"` +} + +func newConfig(path string) (config, error) { + var c config + + f, err := os.Open(path) + if err != nil { + return c, fmt.Errorf("unable to open the file; %w", err) + } + defer f.Close() + + decoder := json.NewDecoder(f) + + if err = decoder.Decode(&c); err != nil { + return c, fmt.Errorf("unable to decode JSON data; %w", err) + } + + return c, nil +} diff --git a/magefiles/data/forgejo.json b/magefiles/data/forgejo.json new file mode 100644 index 0000000..8dffb4d --- /dev/null +++ b/magefiles/data/forgejo.json @@ -0,0 +1,10 @@ +{ + "1.18.3-1": { + "binary": "https://codeberg.org/attachments/be5952ea-6cfb-4be5-a593-3564c4bd8cc9", + "signature": "https://codeberg.org/attachments/07685af6-ca06-4626-8028-302c83ee041c" + }, + "1.18.3-0": { + "binary": "https://codeberg.org/attachments/af34fbfc-d651-41b1-aaff-2b9cc7134051", + "signature": "https://codeberg.org/attachments/f064c1a9-66f7-41a9-be03-4dc5e2298370" + } +} diff --git a/magefiles/download_forgejo.go b/magefiles/download_forgejo.go new file mode 100644 index 0000000..b55c1f3 --- /dev/null +++ b/magefiles/download_forgejo.go @@ -0,0 +1,126 @@ +//go:build mage +// +build mage + +package main + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "path/filepath" + + "github.com/magefile/mage/sh" +) + +type forgejoDownload map[string]map[string]string + +const ( + forgejoDownloadFileFormat string = "forgejo-%s-linux-amd64" + forgejoBinariesJson string = "./magefiles/data/forgejo.json" +) + +func downloadForgejo(version string) error { + downloadFolder := filepath.Join(rootBuildDir, "forgejo") + + if err := os.MkdirAll(downloadFolder, 0o750); err != nil { + return fmt.Errorf("unable to make %s; %w", downloadFolder, err) + } + + binaryPath := filepath.Join( + downloadFolder, + fmt.Sprintf(forgejoDownloadFileFormat, version), + ) + + _, err := os.Stat(binaryPath) + if err == nil { + fmt.Printf("Forgejo %s is already downloaded.\n", version) + return nil + } + + m, err := newForgejoDownloadMap() + if err != nil { + return err + } + + binary, err := os.Create(binaryPath) + if err != nil { + return err + } + defer binary.Close() + + client := http.Client{ + CheckRedirect: func(r *http.Request, via []*http.Request) error { + r.URL.Opaque = r.URL.Path + return nil + }, + } + + binaryURL := m[version]["binary"] + + resp, err := client.Get(binaryURL) + if err != nil { + return err + } + defer resp.Body.Close() + + size, err := io.Copy(binary, resp.Body) + if err != nil { + return err + } + + fmt.Printf("Downloaded %s with size %d.\n", binaryPath, size) + + signaturePath := binaryPath + ".asc" + + signature, err := os.Create(signaturePath) + if err != nil { + return err + } + defer signature.Close() + + signatureURL := m[version]["signature"] + + sigResp, err := client.Get(signatureURL) + if err != nil { + return err + } + defer sigResp.Body.Close() + + size, err = io.Copy(signature, sigResp.Body) + if err != nil { + return nil + } + + fmt.Printf("Downloaded %s with size %d.\n", signaturePath, size) + + if err = sh.Run( + "gpg", + "--verify", + signaturePath, + binaryPath, + ); err != nil { + return fmt.Errorf("GPG verification failed; %w", err) + } + + return nil +} + +func newForgejoDownloadMap() (forgejoDownload, error) { + m := make(forgejoDownload) + + f, err := os.Open(forgejoBinariesJson) + if err != nil { + return nil, err + } + defer f.Close() + + decoder := json.NewDecoder(f) + + if err = decoder.Decode(&m); err != nil { + return nil, err + } + + return m, nil +} diff --git a/magefiles/mage.go b/magefiles/mage.go new file mode 100644 index 0000000..4a25e5d --- /dev/null +++ b/magefiles/mage.go @@ -0,0 +1,91 @@ +//go:build mage +// +build mage + +package main + +import ( + "fmt" + "os" + + "github.com/magefile/mage/sh" +) + +const ( + configFile string = "./config/services.json" + rootBuildDir string = "./build" + templateExtension string = ".gotmpl" + rootTemplatesDir string = "./templates" +) + +// Clean cleans the workspace. +func Clean() error { + buildDir := "./build" + + objects, err := os.ReadDir(buildDir) + if err != nil { + return err + } + + for i := range objects { + name := objects[i].Name() + + if name != ".gitkeep" { + if err := sh.Rm(buildDir + "/" + name); err != nil { + return err + } + } + } + + return nil +} + +// Render renders the template files. +func Render(name string) error { + cfg, err := newConfig(configFile) + if err != nil { + return fmt.Errorf("unable to load the configuration; %v", err) + } + + if err := render(cfg, name); err != nil { + return fmt.Errorf("an error occurred whilst rendering the templates; %v", err) + } + + return nil +} + +// Deploy deploys the services to the Flow Platform. +func Deploy(name string) error { + cfg, err := newConfig(configFile) + if err != nil { + return fmt.Errorf("unable to load the configuration; %v", err) + } + + os.Setenv("DOCKER_HOST", cfg.DockerHost) + + return sh.Run( + "docker", + "compose", + "--project-directory", + rootBuildDir+"/compose", + "up", + "-d", + "--build", + name, + ) +} + +// DownloadForgejo downloads the Forgejo binary from Codeberg. +func DownloadForgejo() error { + cfg, err := newConfig(configFile) + if err != nil { + return fmt.Errorf("unable to load the configuration; %v", err) + } + + version := cfg.Forgejo.Version + + if err := downloadForgejo(version); err != nil { + return fmt.Errorf("unable to download Forgejo %s; %w", version, err) + } + + return nil +} diff --git a/magefiles/render.go b/magefiles/render.go new file mode 100644 index 0000000..2469e7c --- /dev/null +++ b/magefiles/render.go @@ -0,0 +1,62 @@ +//go:build mage +// +build mage + +package main + +import ( + "fmt" + "os" + "path/filepath" + "strings" + "text/template" +) + +func render(cfg config, component string) error { + buildDirName := filepath.Join(rootBuildDir, component) + if err := os.MkdirAll(buildDirName, 0o750); err != nil { + return fmt.Errorf("unable to make %s; %w", buildDirName, err) + } + + templateDirName := filepath.Join(rootTemplatesDir, component) + + files, err := os.ReadDir(templateDirName) + if err != nil { + return fmt.Errorf("unable to read files from %s; %w ", templateDirName, err) + } + + for _, f := range files { + err := func() error { + templateFilename := f.Name() + + if f.IsDir() || !strings.HasSuffix(templateFilename, templateExtension) { + return nil + } + + outputFilename := strings.TrimSuffix(templateFilename, templateExtension) + outputPath := filepath.Join(buildDirName, outputFilename) + + file, err := os.Create(outputPath) + if err != nil { + return fmt.Errorf("unable to create the file '%s'; %w", outputPath, err) + } + defer file.Close() + + templatePath := filepath.Join(templateDirName, templateFilename) + tmpl, err := template.New(templateFilename).ParseFiles(templatePath) + if err != nil { + return fmt.Errorf("unable to create a new template value from '%s'; %w", templateFilename, err) + } + + if err = tmpl.Execute(file, cfg); err != nil { + return fmt.Errorf("unable to render the template to '%s'; %w", outputPath, err) + } + + return nil + }() + if err != nil { + return fmt.Errorf("an error occurred whilst rendering the templates for '%s'; %w", component, err) + } + } + + return nil +} diff --git a/templates/compose/docker-compose.yaml b/templates/compose/docker-compose.yaml.gotmpl similarity index 50% rename from templates/compose/docker-compose.yaml rename to templates/compose/docker-compose.yaml.gotmpl index be60e62..b088190 100644 --- a/templates/compose/docker-compose.yaml +++ b/templates/compose/docker-compose.yaml.gotmpl @@ -1,3 +1,13 @@ +{{- define "defaultVolumes" }} + - type: "bind" + source: "/etc/timezone" + target: "/etc/timezone" + read_only: true + - type: "bind" + source: "/etc/localtime" + target: "/etc/localtime" + read_only: true +{{- end -}} --- version: "3.9" @@ -7,7 +17,7 @@ networks: ipam: driver: "default" config: - - subnet: "${NETWORK_FORGE_FLOW_SUBNET}" + - subnet: "{{ .DockerNetworkSubnet }}" volumes: traefik-shared: @@ -17,12 +27,12 @@ services: # -- Traffic flow -- traefik: container_name: "traffic-flow" - image: localhost/flow/traefik:${TRAEFIK_VERSION} + image: "localhost/flow/traefik:{{ .Traefik.Version }}" build: context: "../traefik" networks: flow: - ipv4_address: "${TRAEFIK_CONTAINER_IPV4_ADDRESS}" + ipv4_address: "{{ .Traefik.ContainerIpv4Address }}" ports: - target: 80 published: 80 @@ -32,81 +42,63 @@ services: published: 443 protocol: "tcp" mode: "host" - - target: ${TRAEFIK_EXTERNAL_SSH_PORT} - published: ${TRAEFIK_EXTERNAL_SSH_PORT} + - target: {{ .Traefik.ExternalSSHPort }} + published: {{ .Traefik.ExternalSSHPort }} protocol: "tcp" mode: "host" restart: "always" volumes: + {{- template "defaultVolumes" }} + # Shared volume - type: "volume" source: "traefik-shared" - target: "${TRAEFIK_SHARED_MOUNT_POINT}" - - type: "bind" - source: "/etc/timezone" - target: "/etc/timezone" - read_only: true - - type: "bind" - source: "/etc/localtime" - target: "/etc/localtime" - read_only: true + target: "{{ .Traefik.SharedMountPoint }}" # Traefik TLS volume - type: "bind" - source: "${TRAEFIK_TLS_HOST_DIR}" - target: "${TRAEFIK_TLS_CONTAINER_DIR}" + source: "{{ .Traefik.TlsHostDirectory }}" + target: "{{ .Traefik.TlsContainerDirectory }}" # -- Code flow -- forgejo: container_name: "code-flow" - image: localhost/flow/forgejo:${FORGEJO_VERSION} + image: "localhost/flow/forgejo:{{ .Forgejo.Version }}" build: context: "../forgejo" expose: - - "${FORGEJO_SSH_PORT}" - - "${FORGEJO_HTTP_PORT}" + - "{{ .Forgejo.SshPort }}" + - "{{ .Forgejo.HttpPort }}" networks: flow: - ipv4_address: "${FORGEJO_CONTAINER_IPV4_ADDRESS}" + ipv4_address: "{{ .Forgejo.ContainerIpv4Address }}" restart: "always" volumes: + {{- template "defaultVolumes" }} + # Shared volume - type: "volume" source: "traefik-shared" - target: "${TRAEFIK_SHARED_MOUNT_POINT}" + target: "{{ .Traefik.SharedMountPoint }}" + # Forgejo data volume - type: "bind" - source: "/etc/timezone" - target: "/etc/timezone" - read_only: true - - type: "bind" - source: "/etc/localtime" - target: "/etc/localtime" - read_only: true - # ForgeJo data volume - - type: "bind" - source: "${FORGEJO_DATA_HOST_DIR}" - target: "${FORGEJO_DATA_CONTAINER_DIR}" + source: "{{ .Forgejo.DataHostDirectory }}" + target: "{{ .Forgejo.DataContainerDirectory }}" # -- Free Flow 2 -- gotosocial: container_name: "free-flow" - image: localhost/flow/gotosocial:${GTS_VERSION} + image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}" build: context: "../gotosocial" expose: - - "${GTS_PORT}" + - "{{ .GoToSocial.Port }}" networks: flow: - ipv4_address: "${GTS_CONTAINER_IPV4_ADDRESS}" + ipv4_address: "{{ .GoToSocial.ContainerIpv4Address }}" restart: "always" volumes: + {{- template "defaultVolumes" }} + # Shared volume - type: "volume" source: "traefik-shared" - target: "${TRAEFIK_SHARED_MOUNT_POINT}" - - type: "bind" - source: "/etc/timezone" - target: "/etc/timezone" - read_only: true - - type: "bind" - source: "/etc/localtime" - target: "/etc/localtime" - read_only: true + target: "{{ .Traefik.SharedMountPoint }}" # Go To Social data volume - type: "bind" - source: "${GTS_DATA_HOST_DIR}" - target: "${GTS_DATA_CONTAINER_DIR}" + source: "{{ .GoToSocial.DataHostDirectory }}" + target: "{{ .GoToSocial.DataContainerDirectory }}" diff --git a/templates/forgejo/Dockerfile b/templates/forgejo/Dockerfile deleted file mode 100644 index 25592ce..0000000 --- a/templates/forgejo/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# This is a custom made Dockerfile for Gitea which is inspired from -# the official Dockerfile.rootless from https://github.com/go-gitea/gitea/ -FROM alpine:3.17 - -ENV FORGEJO_WORK_DIR=${FORGEJO_WORK_DIR} \ - FORGEJO_CUSTOM=${FORGEJO_CUSTOM} \ - FORGEJO_APP_INI=${FORGEJO_APP_INI} \ - FORGEJO_BIN=${FORGEJO_BIN} \ - FORGEJO_VERSION=${FORGEJO_VERSION} \ - HOME=${FORGEJO_HOME} - -RUN apk update && apk upgrade && apk --no-cache add \ - bash \ - ca-certificates \ - gettext \ - git \ - curl \ - gnupg \ - openssh-keygen \ - && addgroup -S -g ${FLOW_GID} flow \ - && adduser -S -H -D -h ${FORGEJO_HOME} -s /bin/bash -u ${FORGEJO_FLOW_UID} -G flow git \ - && mkdir -p ${FORGEJO_DATA_CONTAINER_DIR} ${FORGEJO_TMP} \ - && chown git ${FORGEJO_DATA_CONTAINER_DIR} && chmod 0700 ${FORGEJO_DATA_CONTAINER_DIR} \ - && chown git ${FORGEJO_TMP} && chmod 0700 ${FORGEJO_TMP} - -ADD --chown=root:root forgejo-${FORGEJO_VERSION}-linux-amd64 ${FORGEJO_BIN} -ADD app.ini ${FORGEJO_APP_INI} -ADD entrypoint.sh /usr/local/bin/entrypoint.sh -ADD --chown=${FORGEJO_FLOW_UID}:${FLOW_GID} dynamic_git.yaml ${FORGEJO_TMP}/ - -RUN chown -R ${FORGEJO_FLOW_UID}:${FORGEJO_FLOW_UID} ${FORGEJO_APP_INI} \ - && chmod 0400 ${FORGEJO_APP_INI} \ - && chmod a+x ${FORGEJO_BIN} \ - && chmod a+rx /usr/local/bin/entrypoint.sh - -USER ${FORGEJO_FLOW_UID}:${FLOW_GID} - -WORKDIR /flow/gitea/data - -VOLUME ["/flow/gitea/data"] - -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] - -CMD [] diff --git a/templates/forgejo/Dockerfile.gotmpl b/templates/forgejo/Dockerfile.gotmpl new file mode 100644 index 0000000..d6d1c74 --- /dev/null +++ b/templates/forgejo/Dockerfile.gotmpl @@ -0,0 +1,44 @@ +# This is a custom made Dockerfile for Gitea which is inspired from +# the official Dockerfile.rootless from https://github.com/go-gitea/gitea/ +FROM alpine:3.17 + +ENV FORGEJO_WORK_DIR={{ .Forgejo.Work }} \ + FORGEJO_CUSTOM={{ .Forgejo.Custom }} \ + FORGEJO_APP_INI={{ .Forgejo.AppIni }} \ + FORGEJO_BIN={{ .Forgejo.Bin }} \ + FORGEJO_VERSION={{ .Forgejo.Version }} \ + HOME={{ .Forgejo.Home }} + +RUN apk update && apk upgrade && apk --no-cache add \ + bash \ + ca-certificates \ + gettext \ + git \ + curl \ + gnupg \ + openssh-keygen \ + && addgroup -S -g {{ .FlowGID }} flow \ + && adduser -S -H -D -h {{ .Forgejo.Home }} -s /bin/bash -u {{ .Forgejo.LinuxUID }} -G flow git \ + && mkdir -p {{ .Forgejo.DataContainerDirectory }} {{ .Forgejo.Tmp }} \ + && chown git {{ .Forgejo.DataContainerDirectory }} && chmod 0700 {{ .Forgejo.DataContainerDirectory }} \ + && chown git {{ .Forgejo.Tmp }} && chmod 0700 {{ .Forgejo.Tmp }} + +ADD --chown=root:root forgejo-{{ .Forgejo.Version }}-linux-amd64 {{ .Forgejo.Bin }} +ADD app.ini {{ .Forgejo.AppIni }} +ADD entrypoint.sh /usr/local/bin/entrypoint.sh +ADD --chown={{ .Forgejo.LinuxUID }}:{{ .FlowGID }} dynamic_git.yaml {{ .Forgejo.Tmp }}/ + +RUN chown -R {{ .Forgejo.LinuxUID }}:{{ .Forgejo.LinuxUID }} {{ .Forgejo.AppIni }} \ + && chmod 0400 {{ .Forgejo.AppIni }} \ + && chmod a+x {{ .Forgejo.Bin }} \ + && chmod a+rx /usr/local/bin/entrypoint.sh + +USER {{ .Forgejo.LinuxUID }}:{{ .FlowGID }} + +WORKDIR /flow/gitea/data + +VOLUME ["/flow/gitea/data"] + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] + +CMD [] diff --git a/templates/forgejo/app.ini b/templates/forgejo/app.ini deleted file mode 100644 index fa81fab..0000000 --- a/templates/forgejo/app.ini +++ /dev/null @@ -1,112 +0,0 @@ -APP_NAME = "${FORGEJO_APP_NAME_01} ${FORGEJO_APP_NAME_02}" -RUN_USER = git -RUN_MODE = ${FORGEJO_RUN_MODE} - -[repository] -ROOT = ${FORGEJO_DATA_CONTAINER_DIR}/git/repositories -DEFAULT_BRANCH = main - -[repository.local] -LOCAL_COPY_PATH = ${FORGEJO_TMP}/local-repo - -[repository.upload] -TEMP_PATH = ${FORGEJO_TMP}/uploads - -[repository.signing] -INITIAL_COMMIT = pubkey, twofa -MERGES = pubkey, twofa, basesigned, commitssigned - -[ui] -DEFAULT_THEME = forgejo-dark - -[server] -APP_DATA_PATH = ${FORGEJO_DATA_CONTAINER_DIR}/git -DOMAIN = ${FORGEJO_DOMAIN} -HTTP_ADDR = ${FORGEJO_CONTAINER_IPV4_ADDRESS} -HTTP_PORT = ${FORGEJO_HTTP_PORT} -ROOT_URL = https://${FORGEJO_DOMAIN} -DISABLE_SSH = false -START_SSH_SERVER = true -SSH_DOMAIN = ${FORGEJO_DOMAIN} -SSH_PORT = ${TRAEFIK_EXTERNAL_SSH_PORT} -SSH_LISTEN_HOST = ${FORGEJO_CONTAINER_IPV4_ADDRESS} -SSH_LISTEN_PORT = ${FORGEJO_SSH_PORT} -BUILTIN_SSH_SERVER_USER = git -LFS_START_SERVER = true -LFS_JWT_SECRET = ${FORGEJO_LFS_JWT_SECRET} - -[lfs] -STORAGE_TYPE = local -PATH = ${FORGEJO_DATA_CONTAINER_DIR}/git/lfs - -[ssh.minimum_key_sizes] -ED25519 = 256 -ECDSA = 256 -RSA = 4096 -DSA = -1 - -[database] -DB_TYPE = sqlite3 -PATH = ${FORGEJO_DATA_CONTAINER_DIR}/database/gitea.db -HOST = localhost:3306 -NAME = gitea -USER = gitea -PASSWD = - -[indexer] -ISSUE_INDEXER_PATH = ${FORGEJO_DATA_CONTAINER_DIR}/indexers/issues.bleve - -[session] -PROVIDER_CONFIG = ${FORGEJO_DATA_CONTAINER_DIR}/sessions - -[queue] -DATADIR = ${FORGEJO_DATA_CONTAINER_DIR}/queues - -[admin] -DISABLE_REGULAR_ORG_CREATION = true -DEFAULT_EMAIL_NOTIFICATION = disabled - -[security] -INSTALL_LOCK = true -SECRET_KEY = ${FORGEJO_SECRET_KEY} -INTERNAL_TOKEN = ${FORGEJO_INTERNAL_TOKEN} -LOGIN_REMEMBER_DAYS = 1 -MIN_PASSWORD_LENGTH = 16 -PASSWORD_COMPLEXITY = lower,upper,digit - -[service] -DISABLE_REGISTRATION = true - -[service.explore] -REQUIRE_SIGNIN_VIEW = false - -[picture] -AVATAR_UPLOAD_PATH = ${FORGEJO_DATA_CONTAINER_DIR}/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = ${FORGEJO_DATA_CONTAINER_DIR}/repo-avatars - -[attachment] -ENABLED = true -PATH = ${FORGEJO_DATA_CONTAINER_DIR}/attachments - -[log] -ROOT_PATH = ${FORGEJO_DATA_CONTAINER_DIR}/log -MODE = console -LEVEL = ${FORGEJO_LOG_LEVEL} - -[log.console] -STDERR = false - -[i18n] -LANGS = en-US -NAMES = English - -[other] -SHOW_FOOTER_BRANDING = true -SHOW_FOOTER_VERSION = false -SHOW_FOOTER_TEMPLATE_LOAD_TIME = false - -[oauth2] -ENABLE = false - -[federation] -ENABLED = true diff --git a/templates/forgejo/app.ini.gotmpl b/templates/forgejo/app.ini.gotmpl new file mode 100644 index 0000000..7662011 --- /dev/null +++ b/templates/forgejo/app.ini.gotmpl @@ -0,0 +1,112 @@ +APP_NAME = "{{ .Forgejo.Name }}" +RUN_USER = git +RUN_MODE = {{ .Forgejo.RunMode }} + +[repository] +ROOT = {{ .Forgejo.DataContainerDirectory }}/git/repositories +DEFAULT_BRANCH = main + +[repository.local] +LOCAL_COPY_PATH = {{ .Forgejo.Tmp }}/local-repo + +[repository.upload] +TEMP_PATH = {{ .Forgejo.Tmp }}/uploads + +[repository.signing] +INITIAL_COMMIT = pubkey, twofa +MERGES = pubkey, twofa, basesigned, commitssigned + +[ui] +DEFAULT_THEME = forgejo-dark + +[server] +APP_DATA_PATH = {{ .Forgejo.DataContainerDirectory }}/git +DOMAIN = {{ .Forgejo.Subdomain }}.{{ .RootDomain }} +HTTP_ADDR = {{ .Forgejo.ContainerIpv4Address }} +HTTP_PORT = {{ .Forgejo.HttpPort }} +ROOT_URL = https://{{ .Forgejo.Subdomain }}.{{ .RootDomain }} +DISABLE_SSH = false +START_SSH_SERVER = true +SSH_DOMAIN = {{ .Forgejo.Subdomain }}.{{ .RootDomain }} +SSH_PORT = {{ .Traefik.ExternalSSHPort }} +SSH_LISTEN_HOST = {{ .Forgejo.ContainerIpv4Address }} +SSH_LISTEN_PORT = {{ .Forgejo.SshPort }} +BUILTIN_SSH_SERVER_USER = git +LFS_START_SERVER = true +LFS_JWT_SECRET = {{ .Forgejo.LfsJwtSecret }} + +[lfs] +STORAGE_TYPE = local +PATH = {{ .Forgejo.DataContainerDirectory }}/git/lfs + +[ssh.minimum_key_sizes] +ED25519 = 256 +ECDSA = 256 +RSA = 4096 +DSA = -1 + +[database] +DB_TYPE = sqlite3 +PATH = {{ .Forgejo.DataContainerDirectory }}/database/gitea.db +HOST = localhost:3306 +NAME = gitea +USER = gitea +PASSWD = + +[indexer] +ISSUE_INDEXER_PATH = {{ .Forgejo.DataContainerDirectory }}/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = {{ .Forgejo.DataContainerDirectory }}/sessions + +[queue] +DATADIR = {{ .Forgejo.DataContainerDirectory }}/queues + +[admin] +DISABLE_REGULAR_ORG_CREATION = true +DEFAULT_EMAIL_NOTIFICATION = disabled + +[security] +INSTALL_LOCK = true +SECRET_KEY = {{ .Forgejo.SecretKey }} +INTERNAL_TOKEN = {{ .Forgejo.InternalToken }} +LOGIN_REMEMBER_DAYS = 1 +MIN_PASSWORD_LENGTH = 16 +PASSWORD_COMPLEXITY = lower,upper,digit + +[service] +DISABLE_REGISTRATION = true + +[service.explore] +REQUIRE_SIGNIN_VIEW = false + +[picture] +AVATAR_UPLOAD_PATH = {{ .Forgejo.DataContainerDirectory }}/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = {{ .Forgejo.DataContainerDirectory }}/repo-avatars + +[attachment] +ENABLED = true +PATH = {{ .Forgejo.DataContainerDirectory }}/attachments + +[log] +ROOT_PATH = {{ .Forgejo.DataContainerDirectory }}/log +MODE = console +LEVEL = {{ .Forgejo.LogLevel }} + +[log.console] +STDERR = false + +[i18n] +LANGS = en-US +NAMES = English + +[other] +SHOW_FOOTER_BRANDING = true +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false + +[oauth2] +ENABLE = false + +[federation] +ENABLED = true diff --git a/templates/forgejo/dynamic_git.yaml b/templates/forgejo/dynamic_git.yaml.gotmpl similarity index 61% rename from templates/forgejo/dynamic_git.yaml rename to templates/forgejo/dynamic_git.yaml.gotmpl index e9774c0..16e17e1 100644 --- a/templates/forgejo/dynamic_git.yaml +++ b/templates/forgejo/dynamic_git.yaml.gotmpl @@ -4,7 +4,7 @@ http: gitea: entryPoints: - "https" - rule: "Host(`${FORGEJO_DOMAIN}`)" + rule: "Host(`{{ .Forgejo.Subdomain }}.{{ .RootDomain }}`)" service: "git" tls: certResolver: resolver @@ -12,7 +12,7 @@ http: git: loadBalancer: servers: - - url: "http://${FORGEJO_CONTAINER_IPV4_ADDRESS}:${FORGEJO_HTTP_PORT}/" + - url: "http://{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}/" tcp: routers: @@ -25,4 +25,4 @@ tcp: gitSSH: loadBalancer: servers: - - address: "${FORGEJO_CONTAINER_IPV4_ADDRESS}:${FORGEJO_SSH_PORT}" + - address: "{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.SshPort }}" diff --git a/templates/forgejo/entrypoint.sh b/templates/forgejo/entrypoint.sh deleted file mode 100644 index 8284dac..0000000 --- a/templates/forgejo/entrypoint.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Create the home directory. -if ! [ -d ${FORGEJO_HOME} ]; then - mkdir -p ${FORGEJO_HOME} - chmod 0700 ${FORGEJO_HOME} -fi - -# Create the custom directory. -if ! [ -d ${FORGEJO_CUSTOM} ]; then - mkdir -p ${FORGEJO_CUSTOM} - chmod 0500 ${FORGEJO_CUSTOM} -fi - -# Move the dynamic Traefik config to the shared volume. -if [ -f /flow/gitea/tmp/dynamic_git.yaml ]; then - mv /flow/gitea/tmp/dynamic_git.yaml ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic/dynamic_git.yaml -fi - -if [ $# -gt 0 ]; then - exec "$@" -else - exec ${FORGEJO_BIN} -c ${FORGEJO_APP_INI} web -fi diff --git a/templates/forgejo/entrypoint.sh.gotmpl b/templates/forgejo/entrypoint.sh.gotmpl new file mode 100644 index 0000000..a79cf5f --- /dev/null +++ b/templates/forgejo/entrypoint.sh.gotmpl @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +# Create the home directory. +if ! [ -d {{ .Forgejo.Home }} ]; then + mkdir -p {{ .Forgejo.Home }} + chmod 0700 {{ .Forgejo.Home }} +fi + +# Create the custom directory. +if ! [ -d {{ .Forgejo.Custom }} ]; then + mkdir -p {{ .Forgejo.Custom }} + chmod 0500 {{ .Forgejo.Custom }} +fi + +# Move the dynamic Traefik config to the shared volume. +if [ -f /flow/gitea/tmp/dynamic_git.yaml ]; then + mv /flow/gitea/tmp/dynamic_git.yaml {{ .Traefik.SharedMountPoint }}/dynamic/dynamic_git.yaml +fi + +if [ $# -gt 0 ]; then + exec "$@" +else + exec {{ .Forgejo.Bin }} -c {{ .Forgejo.AppIni }} web +fi diff --git a/templates/gotosocial/Dockerfile b/templates/gotosocial/Dockerfile deleted file mode 100644 index 36bdb18..0000000 --- a/templates/gotosocial/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM superseriousbusiness/gotosocial:${GTS_VERSION}@${GTS_DOCKER_IMAGE_DIGEST} - -USER 0 - -RUN apk update && apk upgrade && apk add bash \ - && addgroup -S -g ${FLOW_GID} flow \ - && adduser -S -H -D -s /bin/bash -u ${GTS_UID} -G flow gts \ - && chown -R ${GTS_UID}:${GTS_UID} /gotosocial \ - && mkdir -p /flow/gts/tmp /flow/gts/config && chown -R ${GTS_UID}:${GTS_UID} /flow/gts - -COPY --chown=${GTS_UID}:${GTS_UID} entrypoint.sh /usr/local/bin/entrypoint.sh -COPY --chown=${GTS_UID}:${GTS_UID} config.yaml /flow/gts/config/config.yaml -COPY --chown=${GTS_UID}:${FLOW_GID} traefik_gotosocial.yaml /flow/gts/tmp/traefik_gotosocial.yaml - -RUN chmod a+x /usr/local/bin/entrypoint.sh - -USER ${GTS_UID}:${FLOW_GID} - -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/templates/gotosocial/Dockerfile.gotmpl b/templates/gotosocial/Dockerfile.gotmpl new file mode 100644 index 0000000..9a46197 --- /dev/null +++ b/templates/gotosocial/Dockerfile.gotmpl @@ -0,0 +1,19 @@ +FROM superseriousbusiness/gotosocial:{{ .GoToSocial.Version }}@{{ .GoToSocial.DockerImageDigest }} + +USER 0 + +RUN apk update && apk upgrade && apk add bash \ + && addgroup -S -g {{ .FlowGID }} flow \ + && adduser -S -H -D -s /bin/bash -u {{ .GoToSocial.LinuxUID }} -G flow gts \ + && chown -R {{ .GoToSocial.LinuxUID }}:{{ .GoToSocial.LinuxUID }} /gotosocial \ + && mkdir -p /flow/gts/tmp /flow/gts/config && chown -R {{ .GoToSocial.LinuxUID }}:{{ .GoToSocial.LinuxUID }} /flow/gts + +COPY --chown={{ .GoToSocial.LinuxUID }}:{{ .GoToSocial.LinuxUID }} entrypoint.sh /usr/local/bin/entrypoint.sh +COPY --chown={{ .GoToSocial.LinuxUID }}:{{ .GoToSocial.LinuxUID }} config.yaml /flow/gts/config/config.yaml +COPY --chown={{ .GoToSocial.LinuxUID }}:{{ .FlowGID }} traefik_gotosocial.yaml /flow/gts/tmp/traefik_gotosocial.yaml + +RUN chmod a+x /usr/local/bin/entrypoint.sh + +USER {{ .GoToSocial.LinuxUID }}:{{ .FlowGID }} + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/templates/gotosocial/config.yaml b/templates/gotosocial/config.yaml.gotmpl similarity index 98% rename from templates/gotosocial/config.yaml rename to templates/gotosocial/config.yaml.gotmpl index 3e7708e..3716697 100644 --- a/templates/gotosocial/config.yaml +++ b/templates/gotosocial/config.yaml.gotmpl @@ -21,7 +21,7 @@ # String. Log level to use throughout the application. Must be lower-case. # Options: ["trace","debug","info","warn","error","fatal"] # Default: "info" -log-level: "${GTS_LOG_LEVEL}" +log-level: "{{ .GoToSocial.LogLevel }}" # Bool. Log database queries when log-level is set to debug or trace. # This setting produces verbose logs, so it's better to only enable it @@ -33,14 +33,14 @@ log-db-queries: false # String. Application name to use internally. # Examples: ["My Application","gotosocial"] # Default: "gotosocial" -application-name: "${GTS_APPLICATION_NAME_01} ${GTS_APPLICATION_NAME_02}" +application-name: "{{ .GoToSocial.Name }}" # String. Hostname that this server will be reachable at. Defaults to localhost for local testing, # but you should *definitely* change this when running for real, or your server won't work at all. # DO NOT change this after your server has already run once, or you will break things! # Examples: ["gts.example.org","some.server.com"] # Default: "localhost" -host: "${GTS_HOST}" +host: "{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}" # String. Domain to use when federating profiles. This is useful when you want your server to be at # eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better @@ -69,7 +69,7 @@ protocol: "https" # you have specific networking requirements. # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Default: "0.0.0.0" -bind-address: "${GTS_CONTAINER_IPV4_ADDRESS}" +bind-address: "{{ .GoToSocial.ContainerIpv4Address }}" # Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker, # container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly. @@ -78,7 +78,7 @@ bind-address: "${GTS_CONTAINER_IPV4_ADDRESS}" # This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off. # Examples: [443, 6666, 8080] # Default: 8080 -port: ${GTS_PORT} +port: {{ .GoToSocial.Port }} # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy. # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network, @@ -86,7 +86,7 @@ port: ${GTS_PORT} # Example: ["127.0.0.1/32", "172.20.0.1"] # Default: ["127.0.0.1/32"] (localhost) trusted-proxies: -- "${NETWORK_FORGE_FLOW_SUBNET}" +- "{{ .DockerNetworkSubnet }}" ############################ ##### DATABASE CONFIG ###### @@ -112,7 +112,7 @@ db-type: "sqlite" # # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"] # Default: "" -db-address: "${GTS_DATA_CONTAINER_DIR}/database/gts.db" +db-address: "{{ .GoToSocial.DataContainerDirectory }}/database/gts.db" # Int. Port for database connection. # Examples: [5432, 1234, 6969] @@ -306,7 +306,7 @@ storage-backend: "local" # Only required when running with the local storage backend. # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"] # Default: "/gotosocial/storage" -storage-local-base-path: "${GTS_DATA_CONTAINER_DIR}/storage" +storage-local-base-path: "{{ .GoToSocial.DataContainerDirectory }}/storage" # String. API endpoint of the S3 compatible service. # Only required when running with the s3 storage backend. diff --git a/templates/gotosocial/entrypoint.sh b/templates/gotosocial/entrypoint.sh.gotmpl similarity index 50% rename from templates/gotosocial/entrypoint.sh rename to templates/gotosocial/entrypoint.sh.gotmpl index e6bd065..563fe88 100644 --- a/templates/gotosocial/entrypoint.sh +++ b/templates/gotosocial/entrypoint.sh.gotmpl @@ -1,12 +1,14 @@ #!/usr/bin/env bash -set -euo pipefail +set -o errexit +set -o nounset +set -o pipefail # Move the dynamic traefik config to the shared volume if [ -f /flow/gts/tmp/traefik_gotosocial.yaml ]; then - mv /flow/gts/tmp/traefik_gotosocial.yaml ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic/traefik_gotosocial.yaml + mv /flow/gts/tmp/traefik_gotosocial.yaml {{ .Traefik.SharedMountPoint }}/dynamic/traefik_gotosocial.yaml fi -mkdir -p ${GTS_DATA_CONTAINER_DIR}/database +mkdir -p {{ .GoToSocial.DataContainerDirectory }}/database exec /gotosocial/gotosocial --config-path /flow/gts/config/config.yaml server start diff --git a/templates/gotosocial/traefik_gotosocial.yaml b/templates/gotosocial/traefik_gotosocial.yaml.gotmpl similarity index 57% rename from templates/gotosocial/traefik_gotosocial.yaml rename to templates/gotosocial/traefik_gotosocial.yaml.gotmpl index f1602da..f7d5924 100644 --- a/templates/gotosocial/traefik_gotosocial.yaml +++ b/templates/gotosocial/traefik_gotosocial.yaml.gotmpl @@ -4,7 +4,7 @@ http: gotosocial: entryPoints: - "https" - rule: "Host(`${GTS_HOST}`)" + rule: "Host(`{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}`)" service: "gotosocial" tls: certResolver: resolver @@ -12,4 +12,4 @@ http: gotosocial: loadBalancer: servers: - - url: "http://${GTS_CONTAINER_IPV4_ADDRESS}:${GTS_PORT}/" + - url: "http://{{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}/" diff --git a/templates/traefik/Dockerfile b/templates/traefik/Dockerfile.gotmpl similarity index 82% rename from templates/traefik/Dockerfile rename to templates/traefik/Dockerfile.gotmpl index 0d75454..9a1b238 100644 --- a/templates/traefik/Dockerfile +++ b/templates/traefik/Dockerfile.gotmpl @@ -1,4 +1,4 @@ -FROM traefik:${TRAEFIK_VERSION} +FROM traefik:{{ .Traefik.Version }} ADD traefik.yaml /flow/traefik/ diff --git a/templates/traefik/dynamic_dashboard.yaml b/templates/traefik/dynamic_dashboard.yaml.gotmpl similarity index 52% rename from templates/traefik/dynamic_dashboard.yaml rename to templates/traefik/dynamic_dashboard.yaml.gotmpl index 31cb35e..243e93c 100644 --- a/templates/traefik/dynamic_dashboard.yaml +++ b/templates/traefik/dynamic_dashboard.yaml.gotmpl @@ -4,5 +4,5 @@ http: dashboard: entryPoints: - "https" - rule: "Host(`${ROOT_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + rule: "Host(`{{ .RootDomain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" service: "api@internal" diff --git a/templates/traefik/entrypoint.sh b/templates/traefik/entrypoint.sh.gotmpl similarity index 67% rename from templates/traefik/entrypoint.sh rename to templates/traefik/entrypoint.sh.gotmpl index 1e986c6..b25c5ff 100644 --- a/templates/traefik/entrypoint.sh +++ b/templates/traefik/entrypoint.sh.gotmpl @@ -1,14 +1,15 @@ #!/bin/sh + set -e # Create the dynamic config directory in the shared volume. -mkdir -p ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic -chgrp ${FLOW_GID} ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic -chmod a-rwx,u+rwx,g+rwx ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic +mkdir -p {{ .Traefik.SharedMountPoint }}/dynamic +chgrp {{ .FlowGID }} {{ .Traefik.SharedMountPoint }}/dynamic +chmod a-rwx,u+rwx,g+rwx {{ .Traefik.SharedMountPoint }}/dynamic # Move the dashboard config to the new directory. if [ -f /tmp/dynamic_dashboard.yaml ]; then - mv /tmp/dynamic_dashboard.yaml ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic/dynamic_dashboard.yaml + mv /tmp/dynamic_dashboard.yaml {{ .Traefik.SharedMountPoint }}/dynamic/dynamic_dashboard.yaml fi # first arg is `-f` or `--some-option` diff --git a/templates/traefik/traefik.yaml b/templates/traefik/traefik.yaml deleted file mode 100644 index f4cc670..0000000 --- a/templates/traefik/traefik.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -global: - checkNewVersion: ${TRAEFIK_CHECK_NEW_VERSION} - sendAnonymousUsage: ${TRAEFIK_SEND_ANONYMOUS_USAGE} -api: - insecure: false - dashboard: true - debug: false -entryPoints: - http: - address: "${TRAEFIK_CONTAINER_IPV4_ADDRESS}:80" - http: - redirections: - entryPoint: - to: "https" - scheme: "https" - permanent: true - https: - address: "${TRAEFIK_CONTAINER_IPV4_ADDRESS}:443" - gitSSH: - address: "${TRAEFIK_CONTAINER_IPV4_ADDRESS}:${TRAEFIK_EXTERNAL_SSH_PORT}" -providers: - file: - watch: true - directory: "${TRAEFIK_SHARED_MOUNT_POINT}/dynamic" -certificatesResolvers: - resolver: - acme: - email: "${TRAEFIK_ACME_EMAIL}" - storage: "${TRAEFIK_TLS_CONTAINER_DIR}/acme.json" - keyType: "RSA4096" - tlsChallenge: {} -log: - level: "${TRAEFIK_LOG_LEVEL}" -pilot: - token: "${TRAEFIK_PILOT_TOKEN}" diff --git a/templates/traefik/traefik.yaml.gotmpl b/templates/traefik/traefik.yaml.gotmpl new file mode 100644 index 0000000..f4f6a37 --- /dev/null +++ b/templates/traefik/traefik.yaml.gotmpl @@ -0,0 +1,36 @@ +--- +global: + checkNewVersion: {{ .Traefik.CheckNewVersion }} + sendAnonymousUsage: {{ .Traefik.SendAnonymousUsage }} +api: + insecure: false + dashboard: true + debug: false +entryPoints: + http: + address: "{{ .Traefik.ContainerIpv4Address }}:80" + http: + redirections: + entryPoint: + to: "https" + scheme: "https" + permanent: true + https: + address: "{{ .Traefik.ContainerIpv4Address }}:443" + gitSSH: + address: "{{ .Traefik.ContainerIpv4Address }}:{{ .Traefik.ExternalSSHPort }}" +providers: + file: + watch: true + directory: "{{ .Traefik.SharedMountPoint }}/dynamic" +certificatesResolvers: + resolver: + acme: + email: "{{ .Traefik.AcmeEmail }}" + storage: "{{ .Traefik.TlsContainerDirectory }}/acme.json" + keyType: "RSA4096" + tlsChallenge: {} +log: + level: "{{ .Traefik.LogLevel }}" +pilot: + token: "{{ .Traefik.PilotToken }}"