commit de88e811673f3265525e770f34c9b027c0aebf5f
Author: Christian Galo <christian.galo@outlook.com>
Date:   Mon May 19 02:15:29 2025 +0000

    Initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/README b/README
new file mode 100644
index 0000000..0542827
--- /dev/null
+++ b/README
@@ -0,0 +1,24 @@
+# Member Console
+
+Wiki Cafe's configuration for a Member Console deployment.
+
+
+## Deploying the app with Docker Swarm
+
+Set the environment variables from the .env file during the shell session.
+
+```
+set -a && source .env && set +a
+```
+
+Set the secrets.
+
+```
+printf "SECRET_HERE" | docker secret create SECRET_NAME -
+```
+
+Deploy using the `-c` flag to specify one or multiple compose files.
+
+```
+docker stack deploy member-console --detach=true -c compose.yaml
+```
diff --git a/compose.yaml b/compose.yaml
new file mode 100644
index 0000000..fc772c2
--- /dev/null
+++ b/compose.yaml
@@ -0,0 +1,47 @@
+services:
+
+  member-console:
+    image: git.coopcloud.tech/wiki-cafe/member-console:2025-05-19t02z
+    networks:
+      - proxy
+      - internal
+    environment:
+      - MC_BASE_URL=https://${DOMAIN}
+      - MC_ENV
+      - MC_PORT
+      - MC_OIDC_SP_CLIENT_ID
+      - MC_OIDC_SP_CLIENT_SECRET_FILE=/run/secrets/oidc_sp_client_secret
+      - MC_OIDC_IDP_ISSUER_URL
+      - MC_SESSION_SECRET_FILE=/run/secrets/session_secret
+      - MC_CSRF_SECRET_FILE=/run/secrets/csrf_secret
+    secrets:
+      - oidc_sp_client_secret
+      - session_secret
+      - csrf_secret
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "caddy=${DOMAIN}"
+        - "caddy.reverse_proxy={{upstreams 8080}}"
+        - "caddy.tls.on_demand="
+        - "backupbot.backup=true"
+
+secrets:
+  oidc_sp_client_secret:
+    external: true
+    name: ${STACK_NAME}_oidc_sp_client_secret
+  session_secret:
+    external: true
+    name: ${STACK_NAME}_session_secret
+  csrf_secret:
+    external: true
+    name: ${STACK_NAME}_csrf_secret
+
+networks:
+  proxy:
+    external: true
+  internal: