commit d01a1f67e820541786072c0470a0cc973ba957b7
Author: 3wc <3wc.git@doesthisthing.work>
Date:   Thu Sep 24 17:22:03 2020 +0200

    Initial import

diff --git a/.envrc.sample b/.envrc.sample
new file mode 100644
index 0000000..145f70a
--- /dev/null
+++ b/.envrc.sample
@@ -0,0 +1,10 @@
+export SERVICE=kimai
+export DOMAIN=kimai.example.com
+export STACK_NAME=kimai
+export LETS_ENCRYPT_ENV=production
+
+export DB_PASSWORD_VERSION=v1
+export DB_ROOT_PASSWORD_VERSION=v1
+export ADMIN_PASSWORD_VERSION=v1
+
+export ENTRYPOINT_CONF_VERSION=v1
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..571c1e3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+. /docker-entrypoint.sh -e
+/opt/kimai/bin/console kimai:createuser
+
+https://tobybatch.github.io/kimai2/docker-compose.html#docker-compose
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..ceb1026
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,105 @@
+---
+version: '3.8'
+services:
+
+  mariadb:
+    image: mysql:5.7
+    environment:
+      - MYSQL_DATABASE=kimai
+      - MYSQL_USER=kimai
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    volumes:
+      - mariadb:/var/lib/mysql
+    networks:
+      - internal
+    command: --default-storage-engine innodb
+    secrets:
+      - db_password
+      - db_root_password
+    #healthcheck:
+    #  test: mysqladmin -pchangemeplease ping -h localhost
+    #  interval: 20s
+    #  start_period: 10s
+    #  timeout: 10s
+    #  retries: 3
+
+  kimai:
+    image: kimai/kimai2:apache-debian-1.8-prod
+    environment:
+      - APP_ENV=prod
+      - TRUSTED_HOSTS=localhost,traefik,${DOMAIN}
+      - TRUSTED_PROXIES=localhost,traefik,127.0.0.1
+      - ADMINMAIL=admin@kimai.local
+      - ADMINPASS_FILE=/run/secrets/admin_password
+      - DATABASE_TYPE=mysql
+      - DATABASE_HOST=mariadb
+      - DATABASE_NAME=kimai
+      - DATABASE_USER=kimai
+      - DATABASE_PASSWORD_FILE=/run/secrets/db_password
+    volumes:
+      - kimai_public:/opt/kimai/public
+      - kimai_var:/opt/kimai/var
+    networks:
+      - internal
+      - proxy
+    configs:
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
+        mode: 0555
+    secrets:
+      - db_password
+      - admin_password
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${STACK_NAME}.tls=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8001"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+    #entrypoint: ['tail', '-f', '/dev/null']
+    entrypoint: /docker-entrypoint.sh
+    #healthcheck:
+    #  test: curl -s -o /dev/null http://localhost:8001 || exit 1
+    #  interval: 20s
+    #  start_period: 10s
+    #  timeout: 10s
+    #  retries: 3
+
+  #postfix:
+  #  image: catatnight/postfix:latest
+  #  environment:
+  #    maildomain: kimai.local
+  #    smtp_user: kimai:kimai
+  #  restart: unless-stopped
+
+volumes:
+    kimai_var:
+    kimai_public:
+    mariadb:
+
+secrets:
+  db_password:    
+    external: true 
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
+  db_root_password:    
+    external: true 
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
+  admin_password:    
+    external: true 
+    name: ${STACK_NAME}_admin_password_${ADMIN_PASSWORD_VERSION}
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+configs:
+  entrypoint_conf:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
new file mode 100644
index 0000000..683b4f0
--- /dev/null
+++ b/entrypoint.sh.tmpl
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+file_env() {
+	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
+	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+load_vars() {
+	file_env "ADMINPASS"
+	file_env "DATABASE_PASSWORD"
+}
+
+main() {
+	set -eu
+
+	load_vars
+}
+
+main
+
+export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST/$DATABASE_NAME"
+
+if [ ! "${1-}" == "-e" ]; then
+	# 3wc: upstream ENTRYPOINT
+	# https://github.com/tobybatch/kimai2/blob/main/Dockerfile#L226
+	/startup.sh
+fi
+
+set +eu