init

2021-10-17 18:03:03 +02:00 · 2021-10-17 18:03:03 +02:00 · 071b33c1c5
commit 071b33c1c5
4 changed files with 194 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,33 @@
+TYPE=wekan
+SECRET_SSO_ID_VERSION=v1
+SECRET_SSO_SECRET_VERSION=v1
+
+MONGO_URL=mongodb://db:27017/wekan
+
+DOMAIN=board.example.com
+ROOT_URL=https://board.example.com
+
+DEBUG=false
+OAUTH2_ENABLED=true
+OAUTH2_LOGIN_STYLE=redirect
+OAUTH2_CLIENT_ID=secret
+OAUTH2_SERVER_URL=https://sso.example.com
+OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
+OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
+OAUTH2_TOKEN_ENDPOINT=/application/o/token/
+OAUTH2_SECRET=secret
+OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan"
+OAUTH2_ID_MAP=preferred_username
+OAUTH2_USERNAME_MAP=preferred_username
+OAUTH2_FULLNAME_MAP=given_name
+OAUTH2_EMAIL_MAP=email
+
+PASSWORD_LOGIN_ENABLED=false
+
+
+
+MAIL_URL=smtp://smtp:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
+MAIL_FROM="[SKA] Wekan Notifications"
+
+WITH_API=true
+RICHER_CARD_COMMENT_EDITOR=false
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,130 @@
+version: '3.8'
+services:
+  db:
+    image: mongo:4.4
+    command: mongod --oplogSize 128
+    volumes:
+      - wekan-db:/data/db
+      - wekan-db-dump:/dump
+    networks:
+      - internal
+    healthcheck:
+      test:  echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+    deploy:
+      labels:
+        - "coop-cloud.${STACK_NAME}.db.version=1.0.0+4.4"
+
+  app:
+    image: wekanteam/wekan:v5.41
+    environment:
+      - MONGO_URL
+      - DOMAIN
+      - ROOT_URL
+      - DEBUG
+      - OAUTH2_ENABLED
+      - OAUTH2_LOGIN_STYLE
+      - OAUTH2_CLIENT_ID
+      - OAUTH2_SERVER_URL
+      - OAUTH2_AUTH_ENDPOINT
+      - OAUTH2_USERINFO_ENDPOINT
+      - OAUTH2_TOKEN_ENDPOINT
+      - OAUTH2_SECRET
+      - OAUTH2_REQUEST_PERMISSIONS
+      - OAUTH2_ID_MAP
+      - OAUTH2_USERNAME_MAP
+      - OAUTH2_FULLNAME_MAP
+      - OAUTH2_EMAIL_MAP
+      - PASSWORD_LOGIN_ENABLED
+      - MAIL_URL
+      - MAIL_FROM
+      - WITH_API
+      - RICHER_CARD_COMMENT_EDITOR
+
+    networks:
+      - internal 
+      - proxy 
+    depends_on:
+      - db
+    healthcheck: # workaround because there is no curl in wekan container
+      test: node /build/healthcheck.js
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+    secrets:
+      - sso_id
+      - sso_secret
+    configs:
+      - source: healthcheck_js
+        target: /build/healthcheck.js
+        mode: 0555
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+      
+    entrypoint: /custom-entrypoint.sh
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.board.loadbalancer.server.port=8080"
+        - "traefik.http.routers.board.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.board.entrypoints=web"
+        - "coop-cloud.${STACK_NAME}.app.version=1.0.0+v5.41"
+
+
+  # restic:
+  #   image: mazzolino/restic
+  #   hostname: restic_wekan
+  #   environment:
+  #       BACKUP_CRON: "0 5 * * *"
+  #       RESTIC_REPOSITORY: /backup
+  #       RESTIC_PASSWORD: ${RESTIC_PASSWORD}
+  #       RESTIC_BACKUP_SOURCES: /source
+  #       RESTIC_FORGET_ARGS: --prune --keep-daily 7 --keep-weekly 4
+  #       PRE_COMMANDS: |-
+  #                   docker stop wekan_app_1 
+  #                   docker exec wekan_db_1 bash -c "mongodump --archive=dump/wekan.archiv"
+  #                   docker stop wekan_db_1 
+  #       POST_COMMANDS_EXIT: |-
+  #                   docker start wekan_db_1 
+  #                   docker start wekan_app_1
+  #   volumes:
+  #      - wekan-db-dump:/source/db:rw
+  #      - /var/run/docker.sock:/var/run/docker.sock
+  #      - /mnt/backup/wekan:/backup
+  #   networks:
+  #     - backend
+
+secrets:
+  sso_id:
+    external: true
+    name: ${STACK_NAME}_sso_id_${SECRET_SSO_ID_VERSION}
+  sso_secret:
+    external: true
+    name: ${STACK_NAME}_sso_secret_${SECRET_SSO_SECRET_VERSION}
+
+
+volumes:
+  wekan-db:
+  wekan-db-dump:
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+configs:
+  healthcheck_js:
+    name: ${STACK_NAME}_healthcheck_js
+    file: healthcheck.js
+  entrypoint:
+    name: ${STACK_NAME}_custom-entrypoint.sh
+    file: custom-entrypoint.sh
--- a/custom-entrypoint.sh
+++ b/custom-entrypoint.sh
@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+export OAUTH2_CLIENT_ID=$(cat /run/secrets/sso_id)
+export OAUTH2_SECRET=$(cat /run/secrets/sso_secret)
+
+node /build/main.js
--- a/healthcheck.js
+++ b/healthcheck.js
@ -0,0 +1,23 @@
+const http = require('http');
+const options = {
+    host: '0.0.0.0',
+    port: 8080,
+    timeout: 2000
+};
+
+const healthCheck = http.request(options, (res) => {
+    console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
+    if (res.statusCode == 200) {
+        process.exit(0);
+    }
+    else {
+        process.exit(1);
+    }
+});
+
+healthCheck.on('error', function (err) {
+    console.error('ERROR');
+    process.exit(1);
+});
+
+healthCheck.end();