coop-cloud/zammad
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: coop-cloud:0.1.0+zammad-5.2.3-19
Branches Tags
coop-cloud:master coop-cloud:custom_css
coop-cloud:2.1.0+6.5.0-34 coop-cloud:2.0.0+6.4.0-34 coop-cloud:1.0.5+6.3.1-95 coop-cloud:1.0.4+6.3.1-95 coop-cloud:1.0.3+6.3.1-95 coop-cloud:1.0.2+6.3.1-95 coop-cloud:1.0.1+6.3.1-95 coop-cloud:1.0.0+6.3.1-95 coop-cloud:0.1.0+zammad-5.2.3-19
...
compare: coop-cloud:custom_css
Branches Tags
coop-cloud:master coop-cloud:custom_css
coop-cloud:2.1.0+6.5.0-34 coop-cloud:2.0.0+6.4.0-34 coop-cloud:1.0.5+6.3.1-95 coop-cloud:1.0.4+6.3.1-95 coop-cloud:1.0.3+6.3.1-95 coop-cloud:1.0.2+6.3.1-95 coop-cloud:1.0.1+6.3.1-95 coop-cloud:1.0.0+6.3.1-95 coop-cloud:0.1.0+zammad-5.2.3-19

14 Commits
0.1.0+zamm ... custom_css

Author SHA1 Message Date
Moritz
b4c262a6fb customize css 2024-09-03 18:28:49 +02:00
Moritz
71d770afb0 chore: publish 1.0.2+6.3.1-95 release 2024-09-03 16:37:27 +02:00
Moritz
3db2ea49a2 add set_logo command 2024-09-03 16:37:24 +02:00
Moritz
4d77a2e48a Update README 2024-08-23 16:41:17 +02:00
Moritz
2abf963cd5 chore: publish 1.0.1+6.3.1-95 release 2024-08-22 01:15:15 +02:00
Moritz
dcd703d6a3 add alaconnect 2024-08-22 01:15:15 +02:00
Moritz
4ce7571905 abra.sh: enable_authentik_sso() command 2024-08-21 23:00:40 +02:00
Moritz
1000b563eb automatic initialization 2024-08-21 22:29:42 +02:00
Moritz
6ae8b9543d Add healthchecks 2024-08-20 17:38:06 +02:00
Moritz
63c6b6de53 Fix backup container 2024-08-20 17:37:58 +02:00
Moritz
e69c5155b4 chore: publish 1.0.0+6.3.1-95 release 2024-08-15 16:07:44 +02:00
3wc
3c161f0270 Switch to self-hosted stack-ssh-deploy image [mass update] 2023-01-21 11:49:56 -08:00
3wc
adbc1f08e9 Add CI and catalogue generation [mass update] 2023-01-20 10:37:25 -08:00
Philipp Rothmann
6a93603994 add xframe options 2022-11-15 13:29:16 +01:00
10 changed files with 420 additions and 103 deletions
Expand all files Collapse all files

38
.drone.yml Normal file
View File

@ -0,0 +1,38 @@
---
kind: pipeline
name: deploy to swarm-test.autonomic.zone
steps:
- name: deployment
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings:
host: swarm-test.autonomic.zone
stack: zammad
generate_secrets: true
purge: true
deploy_key:
from_secret: drone_ssh_swarm_test
networks:
- proxy
environment:
DOMAIN: zammad.swarm-test.autonomic.zone
STACK_NAME: zammad
LETS_ENCRYPT_ENV: production
trigger:
branch:
- main
---
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

23
.env.sample
View File

@ -1,6 +1,7 @@
TYPE=zammad
DOMAIN=zammad.example.com
TIMEOUT=600
## Domain aliases
#EXTRA_DOMAINS=', `www.zammad.example.com`'
@ -8,6 +9,26 @@ DOMAIN=zammad.example.com
LETS_ENCRYPT_ENV=production
SECRET_DB_PASSWORD_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1
RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app']
#RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app']
## Initialization ##
PRODUCT_NAME="Support"
ORGANIZATION="Test Org"
# TIMEZONE="Europe/Berlin"
LOCALE="de-de"
#TEXT_MUTED="#7e7e7e"
#MENU_TEXT="#7e7e7e"
#BACKGROUND_1="#7e7e7e"
#BACKGROUND_2="#7e7e7e"
ADMIN_EMAIL=admin@example.com
SMTP_HOST=mail.example.com
SMTP_LOGIN=user@example.com
SMTP_PORT=465
## SAML SSO ##
#SSO_PROVIDER_DOMAIN=authentik.example.com
#IDP_SSO_TARGET_URL=https://authentik.example.com/application/saml/zammad/sso/binding/init/
#IDP_SLO_SERVICE_URL=https://authentik.example.com/application/saml/zammad/slo/binding/redirect/

30
README.md
View File

@ -1,17 +1,17 @@
# zammad
> One line description of the recipe
Zammad is a free helpdesk or issue tracking system.
<!-- metadata -->
* **Category**: Apps
* **Status**: 0
* **Image**: [`zammad`](https://hub.docker.com/r/zammad), 4, upstream
* **Healthcheck**: No
* **Healthcheck**: Yes
* **Backups**: No
* **Email**: No
* **Email**: Yes
* **Tests**: No
* **SSO**: No
* **SSO**: Yes
<!-- endmetadata -->
@ -21,6 +21,28 @@ if using elasticsearch, set on your host: `vm.max_map_count=262144` in `/etc/sy
* `abra app new zammad --secrets`
* `abra app config <app-name>`
* `abra app secret insert <app-name> smtp_password v1 <password>`
* `abra app secret generate -a <app-name>`
* `abra app deploy <app-name>`
Either use the web wizard for the initial setup or run: `abra app cmd <app-name> zammad-railsserver init`
## Authentik SSO
* `abra app config <app-name>`
```
SSO_PROVIDER_DOMAIN=authentik.example.com
IDP_SSO_TARGET_URL=https://authentik.example.com/application/saml/zammad/sso/binding/init/
IDP_SLO_SERVICE_URL=https://authentik.example.com/application/saml/zammad/slo/binding/redirect/
```
Run:
`abra app cmd --local <app_name> enable_authentik_sso`
## Useful Commands
Show changed settings: `abra app cmd <app_name> zammad-railsserver get_setting_changes`
Open rails console: `abra app cmd <app_name> zammad-railsserver console`
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).

60
abra.sh
View File

@ -1 +1,59 @@
export ENTRYPOINT_VERSION=v1
export ENTRYPOINT_VERSION=v2
export AUTO_WIZARD_VERSION=v1
export CUSTOM_STYLE_VERSION=v1
get_setting_changes() {
/custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
}
console() {
/custom-entrypoint.sh "rails c"
}
rails_run() {
COMMAND="rails r \"$@\""
/custom-entrypoint.sh "$COMMAND"
}
init() {
cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
/custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
}
enable_authentik_sso() {
ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
COMMAND="
(u = User.find_by(login: 'admin')) && (u.login='$ADMIN_UID') && u.save!;
Setting.set('auth_saml', true);
Setting.set('auth_third_party_auto_link_at_inital_login', true);
Setting.set('auth_saml_credentials', {
'display_name'=>'$ORGANIZATION',
'idp_sso_target_url'=>'$IDP_SSO_TARGET_URL',
'idp_slo_service_url'=>'$IDP_SLO_SERVICE_URL',
'idp_cert'=>'$CERT',
'idp_cert_fingerprint'=>'',
'name_identifier_format'=>'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'})
"
abra app cmd -T -C support.dev.local-it.cloud zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
}
set_logo() {
LOGO_PATH="$1"
abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
filename="$(basename "$LOGO_PATH")"
COMMAND="
logo_path = '/tmp/$filename';
logo_content = File.open(logo_path, 'rb') { |file| file.read };
logo_timestamp = Service::SystemAssets::ProductLogo.store(logo_content);
Setting.set('product_logo', logo_timestamp);
"
abra app cmd -T -C support.dev.local-it.cloud zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
}
customize(){
apt update
apt install nodejs npm
/custom-entrypoint.sh "rails assets:precompile"
}

8
alaconnect.yml Normal file
View File

@ -0,0 +1,8 @@
authentik:
uncomment:
- SSO_PROVIDER_DOMAIN
- IDP_SSO_TARGET_URL
- IDP_SLO_SERVICE_URL
initial-hooks:
- local enable_authentik_sso

69
auto_wizard.json.tmpl Normal file
View File

@ -0,0 +1,69 @@
{
"Users": [
{
"login": "admin",
"firstname": "Admin",
"lastname": "Agent",
"password": "{{ secret "admin_password" }}",
"email": "{{ env "ADMIN_EMAIL" }}"
}
],
"Channels": [
{
"id": 1,
"area": "Email::Notification",
"options": {
"outbound": {
"adapter": "smtp",
"options": {
"host": "{{ env "SMTP_HOST" }}",
"user": "{{ env "SMTP_LOGIN" }}",
"password": "{{ secret "smtp_password" }}",
"port": "{{ env "SMTP_PORT" }}",
"ssl": true,
"domain": "{{ env "DOMAIN" }}",
"enable_starttls_auto": true,
"openssl_verify_mode": "none"
}
}
},
"active": true,
"preferences": {
"online_service_disable": true
}
}
],
"Settings": [
{
"name": "fqdn",
"value": "{{ env "DOMAIN" }}"
},
{
"name": "product_name",
"value": "{{ env "PRODUCT_NAME" }}"
},
{
"name": "organization",
"value": "{{ env "ORGANIZATION" }}"
},
{
"name": "product_logo",
"value": "{{ env "LOGO_URL" }}"
},
{
"name": "timezone_default",
"value": "{{ env "TZ" }}"
},
{
"name": "locale_default",
"value": "{{ env "LOCALE" }}"
},
{
"name": "http_type",
"value": "https"
}
],
"TextModuleLocale": {
"Locale": "{{ env "LOCALE" }}"
}
}

279
compose.yml
View File

@ -1,158 +1,243 @@
---
version: "3.8"
services:
zammad-backup:
image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19
command: ["zammad-backup"]
x-shared:
zammad-service: &zammad-service
environment: &zammad-environment
MEMCACHE_SERVERS: zammad-memcached:11211
POSTGRESQL_DB: zammad_production
POSTGRESQL_HOST: zammad-postgresql
POSTGRESQL_USER: zammad
POSTGRESQL_PASS_FILE: /run/secrets/db_password
POSTGRESQL_PORT: 5432
POSTGRESQL_OPTIONS: ?pool=50
POSTGRESQL_DB_CREATE:
REDIS_URL: redis://zammad-redis:6379
# Backup settings
BACKUP_DIR: "/var/tmp/zammad"
BACKUP_TIME: "${BACKUP_TIME:-03:00}"
#BACKUP_SLEEP: 86400
HOLD_DAYS: 10
TZ: "${TZ:-Europe/Berlin}"
# Allow passing in these variables via .env:
AUTOWIZARD_JSON:
AUTOWIZARD_RELATIVE_PATH:
ELASTICSEARCH_ENABLED:
ELASTICSEARCH_HOST:
ELASTICSEARCH_PORT:
ELASTICSEARCH_SCHEMA:
ELASTICSEARCH_NAMESPACE:
ELASTICSEARCH_REINDEX:
ELASTICSEARCH_SSL_VERIFY:
NGINX_PORT:
NGINX_SERVER_NAME:
NGINX_SERVER_SCHEME: https
RAILS_TRUSTED_PROXIES:
ZAMMAD_WEB_CONCURRENCY:
ZAMMAD_SESSION_JOBS:
ZAMMAD_PROCESS_SCHEDULED:
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
TEXT_MUTED: "${TEXT_MUTED:-hsl(213, 3%, 64%)}"
MENU_TEXT: "${MENU_TEXT:-hsl(0, 0%, 74%)}"
BACKGROUND_1: "${BACKGROUND_1:-hsl(231, 9%, 16%)}"
BACKGROUND_2: "${BACKGROUND_2:-hsl(233, 9%, 19%)}"
PRODUCT_NAME:
ORGANIZATION:
LOCALE:
ADMIN_EMAIL:
SMTP_HOST:
SMTP_LOGIN:
SMTP_PORT:
DOMAIN:
SSO_PROVIDER_DOMAIN:
IDP_SSO_TARGET_URL:
IDP_SLO_SERVICE_URL:
image: ghcr.io/zammad/zammad:6.3.1-95
deploy:
restart_policy:
condition: on-failure
volumes:
- zammad-storage:/opt/zammad/storage
#old: - zammad-data:/opt/zammad
depends_on:
- zammad-railsserver
- zammad-memcached
- zammad-postgresql
- zammad-redis
entrypoint: /custom-entrypoint.sh
configs:
- source: entrypoint
target: /custom-entrypoint.sh
mode: 0555
- source: auto_wizard
target: /opt/zammad/contrib/auto_wizard.json
- source: custom_style
target: /opt/zammad/app/assets/stylesheets/custom/custom_style.css
secrets:
- db_password
environment:
- BACKUP_SLEEP=86400
- HOLD_DAYS=10
- POSTGRESQL_USER=zammad
- POSTGRESQL_PASS_FILE=/run/secrets/db_password
- smtp_password
- admin_password
services:
zammad-backup:
<<: *zammad-service
command: ["zammad-backup"]
volumes:
- zammad-backup:/var/tmp/zammad
- zammad-data:/opt/zammad
- zammad-storage:/opt/zammad/storage:ro
#old: - zammad-data:/opt/zammad
user: 0:0
deploy:
labels:
- "backupbot.backup=true"
- "backupbot.backup.path=/var/tmp/zammad"
zammad-elasticsearch:
image: zammad/zammad-docker-compose:zammad-elasticsearch-5.2.3-19
image: bitnami/elasticsearch:8.14.3
deploy:
restart_policy:
condition: on-failure
volumes:
- elasticsearch-data:/bitnami/elasticsearch/data
environment:
- discovery.type=single-node
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
healthcheck:
test: "/opt/bitnami/scripts/elasticsearch/healthcheck.sh"
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
deploy:
resources:
limits:
memory: 4G
reservations:
memory: 2G
zammad-init:
image: zammad/zammad-docker-compose:zammad-5.2.3-19
<<: *zammad-service
command: ["zammad-init"]
depends_on:
- zammad-postgresql
entrypoint: /custom-entrypoint.sh
configs:
- source: entrypoint
target: /custom-entrypoint.sh
mode: 0555
secrets:
- db_password
environment:
- MEMCACHE_SERVERS=zammad-memcached:11211
- POSTGRESQL_USER=zammad
- POSTGRESQL_PASS_FILE=/run/secrets/db_password
- REDIS_URL=redis://zammad-redis:6379
volumes:
- zammad-data:/opt/zammad
deploy:
restart_policy:
condition: on-failure
user: 0:0
zammad-memcached:
command: memcached -m 256M
image: memcached:1.6.17-alpine
app:
image: zammad/zammad-docker-compose:zammad-5.2.3-19
command: ["zammad-nginx"]
depends_on:
- zammad-railsserver
volumes:
- zammad-data:/opt/zammad
networks:
- proxy
- default
environment:
- NGINX_SERVER_SCHEME=https
- RAILS_TRUSTED_PROXIES
image: memcached:1.6.29-alpine
healthcheck:
test: 'echo "version" | nc -vn -w 1 127.0.0.1 11211'
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
deploy:
restart_policy:
condition: on-failure
app:
<<: *zammad-service
command: ["zammad-nginx"]
#expose:
# - 8080
#ports:
# - "8080:8080"
depends_on:
- zammad-railsserver
networks:
- proxy
- default
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
## Redirect from EXTRA_DOMAINS to DOMAIN
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=0.1.0+zammad-5.2.3-19"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=1.0.2+6.3.1-95"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
zammad-postgresql:
image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19
image: postgres:15.7-alpine
environment:
- POSTGRES_USER=zammad
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
secrets:
- db_password
POSTGRES_DB: zammad_production
POSTGRES_USER: zammad
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
deploy:
restart_policy:
condition: on-failure
volumes:
- postgresql-data:/var/lib/postgresql/data
# Backup Restore
#- zammad-backup:/var/tmp/zammad:ro
secrets:
- db_password
healthcheck:
test: ["CMD", "pg_isready", "-U", "zammad"]
interval: 30s
timeout: 10s
retries: 10
start_period: 2m
zammad-railsserver:
image: zammad/zammad-docker-compose:zammad-5.2.3-19
<<: *zammad-service
command: ["zammad-railsserver"]
depends_on:
- zammad-memcached
- zammad-postgresql
- zammad-redis
environment:
- MEMCACHE_SERVERS=zammad-memcached:11211
- REDIS_URL=redis://zammad-redis:6379
volumes:
- zammad-data:/opt/zammad
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
zammad-redis:
image: redis:6.2.7-alpine
image: redis:7.2.5-alpine
deploy:
restart_policy:
condition: on-failure
volumes:
- redis-data:/data
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
zammad-scheduler:
image: zammad/zammad-docker-compose:zammad-5.2.3-19
<<: *zammad-service
command: ["zammad-scheduler"]
depends_on:
- zammad-memcached
- zammad-railsserver
- zammad-redis
environment:
- MEMCACHE_SERVERS=zammad-memcached:11211
- REDIS_URL=redis://zammad-redis:6379
volumes:
- zammad-data:/opt/zammad
healthcheck:
test: 'ps x | grep "[b]ackground-worker.rb"'
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
zammad-websocket:
image: zammad/zammad-docker-compose:zammad-5.2.3-19
<<: *zammad-service
command: ["zammad-websocket"]
depends_on:
- zammad-memcached
- zammad-railsserver
- zammad-redis
environment:
- MEMCACHE_SERVERS=zammad-memcached:11211
- REDIS_URL=redis://zammad-redis:6379
volumes:
- zammad-data:/opt/zammad
healthcheck:
test: 'ruby -rsocket -e "s = TCPSocket.new(''localhost'', 6042); s.close"'
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
volumes:
elasticsearch-data:
postgresql-data:
redis-data:
zammad-backup:
zammad-data:
zammad-storage:
networks:
default:
@ -163,8 +248,22 @@ configs:
entrypoint:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: entrypoint.sh
auto_wizard:
name: ${STACK_NAME}_auto_wizard_${AUTO_WIZARD_VERSION}
file: auto_wizard.json.tmpl
template_driver: golang
custom_style:
name: ${STACK_NAME}_custom_style_${CUSTOM_STYLE_VERSION}
file: custom_style.css.tmpl
template_driver: golang
secrets:
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
admin_password:
external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}

6
custom_style.css.tmpl Normal file
View File

@ -0,0 +1,6 @@
:root {
--text-muted: {{ env "TEXT_MUTED" }};
--menu-text: {{ env "MENU_TEXT" }};
--background-quaternary: {{ env "BACKGROUND_1" }};
--background-tertiary: {{ env "BACKGROUND_2" }};
}

9
entrypoint.sh
View File

@ -26,10 +26,5 @@ file_env() {
file_env "POSTGRESQL_PASS"
if [ "$1" == "zammad-backup" ];
then
bash -c "/usr/local/bin/backup.sh $@"
else
# https://github.com/zammad/zammad-docker-compose/blob/master/containers/zammad/docker-entrypoint.sh
bash -c "/docker-entrypoint.sh $@"
fi
# https://github.com/zammad/zammad/blob/develop/contrib/docker/docker-entrypoint.sh
bash -c "/docker-entrypoint.sh $@"

1
release/1.0.0+6.3.1-95 Normal file
View File

@ -0,0 +1 @@
New Major Version, breaking change! Backup and restore your database.