generated from coop-cloud/example
Compare commits
20 Commits
0.1.0+4.1.
...
main
Author | SHA1 | Date |
---|---|---|
3wc | 7c03834602 | |
3wc | 81de69d8cb | |
3wc | cfe7947f94 | |
knoflook | 5d41f7539a | |
3wc | 4520d4520f | |
3wc | 9884f47704 | |
trav | 73b259327f | |
3wc | bee5f3895a | |
knoflook | c0abd0e0b3 | |
knoflook | 934d4acd1d | |
knoflook | 3bd4a37b70 | |
knoflook | f7167745a5 | |
knoflook | 71c2fd8eeb | |
3wc | 6a3141446f | |
3wc | 8f6beea2dc | |
3wc | 6d9003f50a | |
3wc | 0a3554d60d | |
3wc | bde492472a | |
3wc | 147ff204cf | |
3wc | 87e834a018 |
20
.env.sample
20
.env.sample
|
@ -7,23 +7,35 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
|
|||
|
||||
DEFAULT_LOCALES="fr_FR fr_FR.UTF-8 en_GB en_GB.UTF-8 en_US en_US.UTF-8 nl_NL nl_NL.UTF-8"
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# Custom R version
|
||||
#COMPOSE_FILE="compose.yml:compose.version.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.version.yml"
|
||||
#R_VERSION=3.6.3
|
||||
|
||||
# MSSQL driver
|
||||
MSSQL_ENABLED="1"
|
||||
|
||||
# Comment out if you are using keycloak or oidc
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.local-users.yml"
|
||||
# Share the local user database with other instances
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.local-users-shared.yml"
|
||||
#LOCAL_USERS_VOLUME=rstudio_example_com_users
|
||||
|
||||
# OpenID Connect (SSO)
|
||||
# COMPOSE_FILE="compose.yml:compose.oidc.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
|
||||
#OIDC_ENABLED=1
|
||||
#OIDC_CLIENT_ID=
|
||||
#OIDC_ISSUER_URL=
|
||||
#SECRET_OIDC_CLIENT_SECRET=v1
|
||||
|
||||
# Keycloak integration
|
||||
# COMPOSE_FILE="compose.yml:compose.keycloak.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
|
||||
#KEYCLOAK_ENABLED=1
|
||||
#KEYCLOAK_CLIENT_ID=
|
||||
#KEYCLOAK_CLIENT_TOKEN_URL=
|
||||
# SECRET_KEYCLOAK_CLIENT_SECRET=v1
|
||||
#SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
# Shared secret
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak-sharedsecret.yml"
|
||||
#SHARED_SECRET_NAME=keycloak_rstudio_client_secret
|
||||
|
|
4
abra.sh
4
abra.sh
|
@ -1,4 +1,4 @@
|
|||
export CUSTOM_ENTRYPOINT_VERSION=v12
|
||||
export CUSTOM_ENTRYPOINT_VERSION=v17
|
||||
export OIDC_CONF_VERSION=v1
|
||||
export PAM_EXEC_OAUTH2_YAML_VERSION=v1
|
||||
export PAM_SCRIPT_AUTH_VERSION=v4
|
||||
export PAM_SCRIPT_AUTH_VERSION=v7
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
secrets:
|
||||
keycloak_client_secret:
|
||||
name: ${SHARED_SECRET_NAME}
|
||||
external: true
|
|
@ -32,5 +32,5 @@ configs:
|
|||
|
||||
secrets:
|
||||
keycloak_client_secret:
|
||||
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|
||||
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
|
||||
external: true
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
users:
|
||||
external: true
|
||||
name: ${LOCAL_USERS_VOLUME}
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
volumes:
|
||||
- users:/opt/users
|
||||
environment:
|
||||
- COPY_USERS=1
|
||||
|
||||
volumes:
|
||||
users:
|
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: rocker/tidyverse:4.1.0
|
||||
image: rocker/tidyverse:4.3.2
|
||||
networks:
|
||||
- proxy
|
||||
volumes:
|
||||
|
@ -29,7 +29,7 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+4.1.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.4.0+4.3.2"
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
command: /init
|
||||
|
||||
|
|
|
@ -21,6 +21,35 @@ file_env() {
|
|||
unset "$fileVar"
|
||||
}
|
||||
|
||||
{{ if eq (env "COPY_USERS") "1" }}
|
||||
cp /opt/users/passwd /etc/passwd || true
|
||||
cp /opt/users/shadow /etc/shadow || true
|
||||
cp /opt/users/group /etc/group || true
|
||||
|
||||
copy_users() {
|
||||
while true; do
|
||||
if [ /etc/passwd -nt /opt/users/passwd ]; then
|
||||
cp -uv /etc/passwd /opt/users/passwd
|
||||
else
|
||||
cp -uv /opt/users/passwd /etc/passwd
|
||||
fi
|
||||
if [ /etc/shadow -nt /opt/users/shadow ]; then
|
||||
cp -uv /etc/shadow /opt/users/shadow
|
||||
else
|
||||
cp -uv /opt/users/shadow /etc/shadow
|
||||
fi
|
||||
if [ /etc/group -nt /opt/users/group ]; then
|
||||
cp -uv /etc/group /opt/users/group
|
||||
else
|
||||
cp -uv /opt/users/group /etc/group
|
||||
fi
|
||||
sleep 60
|
||||
done
|
||||
}
|
||||
|
||||
copy_users &
|
||||
{{ end }}
|
||||
|
||||
file_env "PASSWORD"
|
||||
|
||||
{{ if eq (env "OIDC_ENABLED") "1" }}
|
||||
|
@ -30,6 +59,7 @@ echo 'auth-openid-base-uri=https://{{ env "DOMAIN" }}' >> /etc/rstudio/rserver.c
|
|||
{{ end }}
|
||||
|
||||
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
||||
apt update --allow-releaseinfo-change
|
||||
apt install -y libpam-script
|
||||
mkdir -p /opt/pam-exec-oauth2/
|
||||
wget https://github.com/WASHNote/pam-exec-oauth2/releases/download/v0.0.1/pam-exec-oauth2 -O /opt/pam-exec-oauth2/pam-exec-oauth2
|
||||
|
@ -47,7 +77,7 @@ curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
|
|||
|
||||
curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
|
||||
|
||||
apt update && apt install -yq msodbcsql17 mssql-tools
|
||||
apt update && apt -o Dpkg::Options::="--force-overwrite" install -yq msodbcsql17 mssql-tools
|
||||
{{ end }}
|
||||
|
||||
locale-gen {{ env "DEFAULT_LOCALES" }}
|
||||
|
|
|
@ -10,9 +10,10 @@ if ! id "$PAM_USER" &>/dev/null; then
|
|||
# without it, UID→username mapping changes on every container restart, which
|
||||
# creates file ownership issues and prevents RStudio from working.
|
||||
# See https://github.com/WASHNote/washnote-apps/issues/67
|
||||
uid=$(echo "$PAM_USER" | md5sum | grep -Eo "[[:digit:]]{3}" | head -n1)
|
||||
uid=$(echo "$PAM_USER" | md5sum | grep -Eo "[[:digit:]]{3}" | head -n1 | sed -E 's/^0+//')
|
||||
uid=$((1000+uid))
|
||||
adduser --uid="$uid" "$PAM_USER" --disabled-password --quiet --gecos ""
|
||||
usermod -aG staff "$PAM_USER"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
Loading…
Reference in New Issue