WIP: optional SSH connection

.env.sample

@@ -5,12 +5,19 @@ DOMAIN=wordpress.example.com
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 LETS_ENCRYPT_ENV=production
 
+# Necessary for optional features, leave this alone:
+COMPOSE_FILE="compose.yml"
+
 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
 
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 
+# SSH access
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
+#SSH_PUBLIC_KEY=<your pubkey here>
+
 # Multisite
 #WORDPRESS_CONFIG_EXTRA="\
 #	define('WP_CACHE', false);\
@@ -30,12 +37,12 @@ SECRET_DB_PASSWORD_VERSION=v1
 #	define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 
 # Local SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_PORT=587

compose.ssh.yml

@@ -0,0 +1,27 @@
+---
+version: "3.8"
+
+services:
+  ssh:
+    image: lscr.io/linuxserver/openssh-server
+    environment:
+      - PUID=33
+      - PGID=33
+      - PUBLIC_KEY=${SSH_PUBLIC_KEY}
+      - USER_NAME=wordpress
+      - PASSWORD_ACCESS=false
+    networks:
+      - proxy
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
+        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=2222"
+
+networks:
+  proxy:
+    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "wordpress:5.8.3"
+    image: "wordpress:5.8.1"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
     networks:
@@ -48,9 +48,7 @@ services:
         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "coop-cloud.${STACK_NAME}.version=1.0.2+5.8.3"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+5.8.1"
-        - "backupbot.backup=true"
-        - "backupbot.backup.path=/var/www/html"
 
   db:
     image: "mariadb:10.6"
@@ -66,12 +64,6 @@ services:
     secrets:
       - db_password
       - db_root_password
-    deploy:
-      labels:
-        - "backupbot.backup=true"
-        - "backupbot.backup.path=/tmp/dump.sql.gz"
-        - "backupbot.backup.post-hook=rm -f /tmp/dump.sql.gz"
-        - "backupbot.backup.pre-hook=mysqldump -u root -p`cat /run/secrets/db_root_password` wordpress | gzip > /tmp/dump.sql.gz"
 
 networks:
   backend: