From 071b33c1c549ae3aff8cbe4782af1f51c2453e53 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Sun, 17 Oct 2021 18:03:03 +0200 Subject: [PATCH] init --- .env.sample | 33 +++++++++++ compose.yml | 130 +++++++++++++++++++++++++++++++++++++++++++ custom-entrypoint.sh | 8 +++ healthcheck.js | 23 ++++++++ 4 files changed, 194 insertions(+) create mode 100644 .env.sample create mode 100644 compose.yml create mode 100644 custom-entrypoint.sh create mode 100644 healthcheck.js diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..7254dfc --- /dev/null +++ b/.env.sample @@ -0,0 +1,33 @@ +TYPE=wekan +SECRET_SSO_ID_VERSION=v1 +SECRET_SSO_SECRET_VERSION=v1 + +MONGO_URL=mongodb://db:27017/wekan + +DOMAIN=board.example.com +ROOT_URL=https://board.example.com + +DEBUG=false +OAUTH2_ENABLED=true +OAUTH2_LOGIN_STYLE=redirect +OAUTH2_CLIENT_ID=secret +OAUTH2_SERVER_URL=https://sso.example.com +OAUTH2_AUTH_ENDPOINT=/application/o/authorize/ +OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/ +OAUTH2_TOKEN_ENDPOINT=/application/o/token/ +OAUTH2_SECRET=secret +OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan" +OAUTH2_ID_MAP=preferred_username +OAUTH2_USERNAME_MAP=preferred_username +OAUTH2_FULLNAME_MAP=given_name +OAUTH2_EMAIL_MAP=email + +PASSWORD_LOGIN_ENABLED=false + + + +MAIL_URL=smtp://smtp:25/?ignoreTLS=true&tls={rejectUnauthorized:false} +MAIL_FROM="[SKA] Wekan Notifications" + +WITH_API=true +RICHER_CARD_COMMENT_EDITOR=false \ No newline at end of file diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..e9a2b56 --- /dev/null +++ b/compose.yml @@ -0,0 +1,130 @@ +version: '3.8' +services: + db: + image: mongo:4.4 + command: mongod --oplogSize 128 + volumes: + - wekan-db:/data/db + - wekan-db-dump:/dump + networks: + - internal + healthcheck: + test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + deploy: + labels: + - "coop-cloud.${STACK_NAME}.db.version=1.0.0+4.4" + + app: + image: wekanteam/wekan:v5.41 + environment: + - MONGO_URL + - DOMAIN + - ROOT_URL + - DEBUG + - OAUTH2_ENABLED + - OAUTH2_LOGIN_STYLE + - OAUTH2_CLIENT_ID + - OAUTH2_SERVER_URL + - OAUTH2_AUTH_ENDPOINT + - OAUTH2_USERINFO_ENDPOINT + - OAUTH2_TOKEN_ENDPOINT + - OAUTH2_SECRET + - OAUTH2_REQUEST_PERMISSIONS + - OAUTH2_ID_MAP + - OAUTH2_USERNAME_MAP + - OAUTH2_FULLNAME_MAP + - OAUTH2_EMAIL_MAP + - PASSWORD_LOGIN_ENABLED + - MAIL_URL + - MAIL_FROM + - WITH_API + - RICHER_CARD_COMMENT_EDITOR + + networks: + - internal + - proxy + depends_on: + - db + healthcheck: # workaround because there is no curl in wekan container + test: node /build/healthcheck.js + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + secrets: + - sso_id + - sso_secret + configs: + - source: healthcheck_js + target: /build/healthcheck.js + mode: 0555 + - source: entrypoint + target: /custom-entrypoint.sh + mode: 0555 + + entrypoint: /custom-entrypoint.sh + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.board.loadbalancer.server.port=8080" + - "traefik.http.routers.board.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.board.entrypoints=web" + - "coop-cloud.${STACK_NAME}.app.version=1.0.0+v5.41" + + + # restic: + # image: mazzolino/restic + # hostname: restic_wekan + # environment: + # BACKUP_CRON: "0 5 * * *" + # RESTIC_REPOSITORY: /backup + # RESTIC_PASSWORD: ${RESTIC_PASSWORD} + # RESTIC_BACKUP_SOURCES: /source + # RESTIC_FORGET_ARGS: --prune --keep-daily 7 --keep-weekly 4 + # PRE_COMMANDS: |- + # docker stop wekan_app_1 + # docker exec wekan_db_1 bash -c "mongodump --archive=dump/wekan.archiv" + # docker stop wekan_db_1 + # POST_COMMANDS_EXIT: |- + # docker start wekan_db_1 + # docker start wekan_app_1 + # volumes: + # - wekan-db-dump:/source/db:rw + # - /var/run/docker.sock:/var/run/docker.sock + # - /mnt/backup/wekan:/backup + # networks: + # - backend + +secrets: + sso_id: + external: true + name: ${STACK_NAME}_sso_id_${SECRET_SSO_ID_VERSION} + sso_secret: + external: true + name: ${STACK_NAME}_sso_secret_${SECRET_SSO_SECRET_VERSION} + + +volumes: + wekan-db: + wekan-db-dump: + +networks: + proxy: + external: true + internal: + +configs: + healthcheck_js: + name: ${STACK_NAME}_healthcheck_js + file: healthcheck.js + entrypoint: + name: ${STACK_NAME}_custom-entrypoint.sh + file: custom-entrypoint.sh diff --git a/custom-entrypoint.sh b/custom-entrypoint.sh new file mode 100644 index 0000000..c37a819 --- /dev/null +++ b/custom-entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +export OAUTH2_CLIENT_ID=$(cat /run/secrets/sso_id) +export OAUTH2_SECRET=$(cat /run/secrets/sso_secret) + +node /build/main.js \ No newline at end of file diff --git a/healthcheck.js b/healthcheck.js new file mode 100644 index 0000000..876f167 --- /dev/null +++ b/healthcheck.js @@ -0,0 +1,23 @@ +const http = require('http'); +const options = { + host: '0.0.0.0', + port: 8080, + timeout: 2000 +}; + +const healthCheck = http.request(options, (res) => { + console.log(`HEALTHCHECK STATUS: ${res.statusCode}`); + if (res.statusCode == 200) { + process.exit(0); + } + else { + process.exit(1); + } +}); + +healthCheck.on('error', function (err) { + console.error('ERROR'); + process.exit(1); +}); + +healthCheck.end();