diff --git a/.drone.yml b/.drone.yml index 2d95596..521072c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -16,8 +16,8 @@ steps: STACK_NAME: traefik LETS_ENCRYPT_ENV: production LETS_ENCRYPT_EMAIL: helo@autonomic.zone - TRAEFIK_YML_VERSION: v4 - FILE_PROVIDER_YML_VERSION: v3 + TRAEFIK_YML_VERSION: v5 + FILE_PROVIDER_YML_VERSION: v4 ENTRYPOINT_VERSION: v1 trigger: branch: diff --git a/.env.sample b/.env.sample index 30762dd..500940a 100644 --- a/.env.sample +++ b/.env.sample @@ -46,21 +46,26 @@ COMPOSE_FILE="compose.yml" #GANDI_ENABLED=1 #SECRET_GANDIV5_API_KEY_VERSION=v1 +## DigitalOcean, https://digitalocean.com +#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml" +#DIGITALOCEAN_ENABLED=1 +#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1 + ##################################################################### # Manual wildcard certificate insertion # ##################################################################### # Set wildcards = 1, and uncomment compose_file to enable. # Create your certs elsewhere and add them like: -# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)" -# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)" +# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)" +# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)" #WILDCARDS_ENABLED=1 #SECRET_WILDCARD_CERT_VERSION=v1 #SECRET_WILDCARD_KEY_VERSION=v1 #COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml" ##################################################################### -# Keycloak log-in # +# Authentication # ##################################################################### ## Enable Keycloak @@ -70,6 +75,12 @@ COMPOSE_FILE="compose.yml" #KEYCLOAK_MIDDLEWARE_2_ENABLED=1 #KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app +## BASIC_AUTH +## Use httpasswd to generate the secret +#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml" +#BASIC_AUTH=1 +#SECRET_USERSFILE_VERSION=v1 + ##################################################################### # Prometheus metrics # ##################################################################### @@ -125,8 +136,7 @@ COMPOSE_FILE="compose.yml" #COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml" #MATRIX_FEDERATION_ENABLED=1 -## BASIC_AUTH -## Use httpasswd to generate the secret -#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml" -#BASIC_AUTH=1 -#SECRET_USERSFILE_VERSION=v1 +## "Web alt", an alternative web port +# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this +#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml" +#WEB_ALT_ENABLED=1 diff --git a/abra.sh b/abra.sh index e6afab4..126ccaf 100644 --- a/abra.sh +++ b/abra.sh @@ -1,3 +1,3 @@ export TRAEFIK_YML_VERSION=v21 -export FILE_PROVIDER_YML_VERSION=v9 -export ENTRYPOINT_VERSION=v2 +export FILE_PROVIDER_YML_VERSION=v10 +export ENTRYPOINT_VERSION=v3 diff --git a/alaconnect.yml b/alaconnect.yml new file mode 100644 index 0000000..52334b9 --- /dev/null +++ b/alaconnect.yml @@ -0,0 +1,4 @@ +matrix-synapse: + uncomment: + - compose.matrix.yml + - MATRIX_FEDERATION_ENABLED diff --git a/compose.digitalocean.yml b/compose.digitalocean.yml new file mode 100644 index 0000000..ebb1cc5 --- /dev/null +++ b/compose.digitalocean.yml @@ -0,0 +1,15 @@ +version: "3.8" + +services: + app: + environment: + - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token + - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED + - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER + secrets: + - digitalocean_auth_token + +secrets: + digitalocean_auth_token: + name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION} + external: true diff --git a/compose.web-alt.yml b/compose.web-alt.yml new file mode 100644 index 0000000..39e7c32 --- /dev/null +++ b/compose.web-alt.yml @@ -0,0 +1,7 @@ +version: "3.8" +services: + app: + environment: + - WEB_ALT_ENABLED + ports: + - "8000:8000" diff --git a/compose.yml b/compose.yml index f4def4e..19aa4f6 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: "traefik:v2.11.0" + image: "traefik:v2.11.2" # Note(decentral1se): *please do not* add any additional ports here. # Doing so could break new installs with port conflicts. Please use # the usual `compose.$app.yml` approach for any additional ports @@ -47,7 +47,7 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.service=api@internal" - "traefik.http.routers.${STACK_NAME}.middlewares=security@file" - - "coop-cloud.${STACK_NAME}.version=2.5.0+v2.11.0" + - "coop-cloud.${STACK_NAME}.version=2.6.3+v2.11.2" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" socket-proxy: diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 298d5dc..41cbf44 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE") export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE") {{ end }} +{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }} +export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE") +{{ end }} + /entrypoint.sh "$@" diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl index 7ecc6f3..f2af6ad 100644 --- a/traefik.yml.tmpl +++ b/traefik.yml.tmpl @@ -46,6 +46,10 @@ entrypoints: peertube-rtmp: address: ":1935" {{ end }} + {{ if eq (env "WEB_ALT_ENABLED") "1" }} + web-alt: + address: ":8000" + {{ end }} {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }} ssb-muxrpc: address: ":8008"