generated from coop-cloud/example
Compare commits
No commits in common. "main" and "2.6.1+0.79.1" have entirely different histories.
main
...
2.6.1+0.79
@ -18,8 +18,6 @@ steps:
|
||||
STACK_NAME: outline
|
||||
LETS_ENCRYPT_ENV: production
|
||||
APP_ENTRYPOINT_VERSION: v1
|
||||
DB_ENTRYPOINT_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SECRET_KEY_VERSION: v1 # length=64
|
||||
SECRET_UTILS_SECRET_VERSION: v1 # length=64
|
||||
@ -38,7 +36,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -8,8 +8,6 @@ DOMAIN=outline.example.com
|
||||
#EXTRA_DOMAINS=', `www.outline.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# –––––––––––––––– REQUIRED ––––––––––––––––
|
||||
@ -41,7 +39,7 @@ WEB_CONCURRENCY=1
|
||||
|
||||
# Override the maxium size of document imports, could be required if you have
|
||||
# especially large Word documents with embedded imagery
|
||||
FILE_STORAGE_IMPORT_MAX_SIZE=5120000
|
||||
MAXIMUM_IMPORT_SIZE=5120000
|
||||
|
||||
# You can remove this line if your reverse proxy already logs incoming http
|
||||
# requests and this ends up being duplicative
|
||||
|
||||
13
README.md
13
README.md
@ -71,11 +71,12 @@ revisions to (instead of deleting them).
|
||||
- `abra app deploy <domain> -f`
|
||||
- enjoy getting rid of S3 🥳
|
||||
|
||||
## Single Sign On with Keycloak/Authentik
|
||||
## Single Sign On with Keycloak
|
||||
|
||||
`abra app config YOURAPPNAME`, then uncomment everything in the `OIDC_` section.
|
||||
|
||||
Create a new client in Keycloak:
|
||||
|
||||
- Create an OIDC client in Keycloak (in Authentik this is called a provider and application)
|
||||
- Run `abra app config YOURAPPNAME`, then uncomment everything in the `OIDC_` section.
|
||||
- **Valid Redirect URIs**: `https://YOURAPPDOMAIN/auth/oidc.callback`
|
||||
- Reference the client/provider info to populate the `_AUTH_URI` `_TOKEN_URI` and `_USERINFO_URI` values
|
||||
- Set the OIDC secret using the value from the client/provider `abra app secret insert YOURAPPNAME oidc_client_secret v1 SECRETVALUE`
|
||||
- `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
`abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
1
abra.sh
1
abra.sh
@ -1,6 +1,5 @@
|
||||
export APP_ENTRYPOINT_VERSION=v9
|
||||
export DB_ENTRYPOINT_VERSION=v2
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
create_email_user() {
|
||||
if [ -z "$1" ]; then
|
||||
|
||||
@ -8,6 +8,10 @@ services:
|
||||
environment:
|
||||
- FILE_STORAGE
|
||||
- FILE_STORAGE_UPLOAD_MAX_SIZE
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/var/lib/outline/data/"
|
||||
|
||||
volumes:
|
||||
storage-data:
|
||||
|
||||
31
compose.yml
31
compose.yml
@ -6,7 +6,7 @@ services:
|
||||
networks:
|
||||
- backend
|
||||
- proxy
|
||||
image: outlinewiki/outline:0.84.0
|
||||
image: outlinewiki/outline:0.79.1
|
||||
secrets:
|
||||
- db_password
|
||||
- secret_key
|
||||
@ -34,20 +34,19 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.10.0+0.84.0"
|
||||
# Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-80}"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.6.1+0.79.1"
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
|
||||
cache:
|
||||
image: redis:8.0.2
|
||||
image: redis:7.4.0
|
||||
networks:
|
||||
- backend
|
||||
|
||||
db:
|
||||
image: postgres:17.5
|
||||
image: postgres:16.4
|
||||
networks:
|
||||
- backend
|
||||
secrets:
|
||||
@ -56,9 +55,6 @@ services:
|
||||
- source: db_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
environment:
|
||||
POSTGRES_DB: outline
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
@ -68,10 +64,10 @@ services:
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres_data.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/dump.sql.gz"
|
||||
backupbot.backup.post-hook: "rm -f /var/lib/postgresql/data/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U outline outline | gzip > /var/lib/postgresql/data/dump.sql.gz'"
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
@ -101,6 +97,3 @@ configs:
|
||||
name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.postgres.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
34
pg_backup.sh
34
pg_backup.sh
@ -1,34 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
|
||||
|
||||
function backup {
|
||||
export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
|
||||
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
|
||||
}
|
||||
|
||||
function restore {
|
||||
cd /var/lib/postgresql/data/
|
||||
restore_config(){
|
||||
# Restore allowed connections
|
||||
cat pg_hba.conf.bak > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
}
|
||||
# Don't allow any other connections than local
|
||||
cp pg_hba.conf pg_hba.conf.bak
|
||||
echo "local all all trust" > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
trap restore_config EXIT INT TERM
|
||||
|
||||
# Recreate Database
|
||||
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
|
||||
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
|
||||
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
|
||||
|
||||
trap - EXIT INT TERM
|
||||
restore_config
|
||||
}
|
||||
|
||||
$@
|
||||
@ -1 +0,0 @@
|
||||
Fixes a problem where deployments were consistently giving a timeout response even though they were successful
|
||||
Loading…
x
Reference in New Issue
Block a user