diff --git a/templates/GitLab-Runner/0/docker-compose.yml b/templates/GitLab-Runner/0/docker-compose.yml index 8816116..b55aa5c 100644 --- a/templates/GitLab-Runner/0/docker-compose.yml +++ b/templates/GitLab-Runner/0/docker-compose.yml @@ -5,31 +5,23 @@ services: image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners command: - register - - --non-interactive - - --url - - ${GITLAB_URL} - - --registration-token - - ${GITLAB_TOKEN} - - --executor - - "docker" + environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html + REGISTER_NON_INTERACTIVE: true # Run registration unattended + CI_SERVER_URL: http://gitlab/ # Runner URL + REGISTRATION_TOKEN: ${GITLAB_TOKEN} # Runner's registration token + RUNNER_EXECUTOR: docker # Select executor, eg. shell, docker, etc. {{- if .Values.GITLAB_RUNNER_DESCRIPTION}} - - --description - - ${GITLAB_RUNNER_DESCRIPTION} + RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION} # Runner name {{- end}} {{- if .Values.GITLAB_TAGS}} - - --tag-list - - ${GITLAB_TAGS} + RUNNER_TAG_LIST: ${GITLAB_TAGS} # Tag list {{- end}} - - --locked=false - - --docker-image - - docker:latest - - --docker-privileged - {{- if .Values.GITLAB_IP}} - - --docker-extra-hosts - - "gitlab:${GITLAB_IP}" - {{- end}} - {{- if .Values.GITLAB_LINK}} + REGISTER_LOCKED: false # Lock Runner for current project + DOCKER_IMAGE: docker:latest # Docker image to be used + DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP} # Add local alias for GitLab instance within Rancher network + DOCKER_VOLUMES: "/var/run/docker.sock:/var/run/docker.sock" # Docker Socket binding external_links: + {{- if .Values.GITLAB_LINK}} - ${GITLAB_LINK}:gitlab {{- end}} labels: @@ -40,12 +32,26 @@ services: {{- end}} traefik.enable: false volumes: - - /var/run/docker.sock:/var/run/docker.sock - GitLab-Runner:/etc/gitlab-runner gitlab-runner: image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners command: - run + environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html + REGISTER_NON_INTERACTIVE: true # Run registration unattended + CI_SERVER_URL: http://gitlab/ # Runner URL + REGISTRATION_TOKEN: ${GITLAB_TOKEN} # Runner's registration token + RUNNER_EXECUTOR: docker # Select executor, eg. shell, docker, etc. + {{- if .Values.GITLAB_RUNNER_DESCRIPTION}} + RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION} # Runner name + {{- end}} + {{- if .Values.GITLAB_TAGS}} + RUNNER_TAG_LIST: ${GITLAB_TAGS} # Tag list + {{- end}} + REGISTER_LOCKED: false # Lock Runner for current project + DOCKER_IMAGE: docker:latest # Docker image to be used + DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP} # Add local alias for GitLab instance within Rancher network + DOCKER_VOLUMES: "/var/run/docker.sock:/var/run/docker.sock" # Docker Socket binding {{- if .Values.GITLAB_LINK}} external_links: - ${GITLAB_LINK}:gitlab @@ -60,9 +66,11 @@ services: privileged: true restart: always volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /var/run/docker.sock:/var/run/docker.sock - GitLab-Runner:/etc/gitlab-runner volumes: GitLab-Runner: - driver: local \ No newline at end of file + driver: local diff --git a/templates/GitLab-Runner/0/rancher-compose.yml b/templates/GitLab-Runner/0/rancher-compose.yml index 8140b66..4782668 100644 --- a/templates/GitLab-Runner/0/rancher-compose.yml +++ b/templates/GitLab-Runner/0/rancher-compose.yml @@ -64,4 +64,4 @@ catalog: (Optional) The local IP address of the GitLab service. # default: "" required: false - type: string \ No newline at end of file + type: string diff --git a/templates/GitLab/0/docker-compose.yml b/templates/GitLab/0/docker-compose.yml index 4a7c37c..2ec9407 100644 --- a/templates/GitLab/0/docker-compose.yml +++ b/templates/GitLab/0/docker-compose.yml @@ -12,7 +12,7 @@ services: GITLAB_OMNIBUS_CONFIG: | external_url 'https://${TRAEFIK_HOST}' gitlab_rails['gitlab_shell_ssh_port'] = 1022 - nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher managed subnet + nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher-managed subnet nginx['listen_port'] = 80 # Using HTTP between the Traefik container and GitLab nginx['listen_https'] = false # Traefik is handling HTTPS on outside hostname: ${TRAEFIK_HOST} diff --git a/templates/Grav/0/docker-compose.yml b/templates/Grav/0/docker-compose.yml index 98b8351..21e5340 100644 --- a/templates/Grav/0/docker-compose.yml +++ b/templates/Grav/0/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: grav: - image: williammiceli/grav:latest-git + image: williammiceli/grav:dev-1.6.14-git dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -19,6 +19,7 @@ services: traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSIncludeSubdomains: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 traefik.frontend.passHostHeader: true diff --git a/templates/Matomo/0/README.md b/templates/Matomo/0/README.md new file mode 100644 index 0000000..8607f11 --- /dev/null +++ b/templates/Matomo/0/README.md @@ -0,0 +1 @@ +# Matomo diff --git a/templates/Matomo/0/docker-compose.yml b/templates/Matomo/0/docker-compose.yml new file mode 100644 index 0000000..9a99d0b --- /dev/null +++ b/templates/Matomo/0/docker-compose.yml @@ -0,0 +1,65 @@ +version: '2' + +services: + matomo: + image: matomo:latest + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + environment: + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web Segment + links: + - mysql + {{- if eq .Values.REDIS "true"}} + - redis + {{- end}} + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /Persistent/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps + - /Persistent/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files + - /Persistent/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site + - /Persistent/${DATA_DIR}/UserData:/var/www/html/data # Users' data file + mariadb: + image: mariadb + command: --max-allowed-packet=64MB + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + environment: + MYSQL_DATABASE: matomo_db + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: matomo_user + MYSQL_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: false + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /Persistent/${DATA_DIR}/Database:/var/lib/mysql diff --git a/templates/Matomo/0/rancher-compose.yml b/templates/Matomo/0/rancher-compose.yml new file mode 100644 index 0000000..fcfd24e --- /dev/null +++ b/templates/Matomo/0/rancher-compose.yml @@ -0,0 +1,49 @@ +version: '2' +catalog: + name: Matomo + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair of the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + default: "subdomain.domain.tld" + required: true + type: string + + - variable: "DB_ROOT_PASS" + label: "Database Root Password" + description: | + A secure password to be used by the "root" database user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "Database User Password" + description: | + A secure password to be used by the "nextcloud_user" database user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Matomo" + required: true + type: string \ No newline at end of file diff --git a/templates/Matomo/config.yml b/templates/Matomo/config.yml new file mode 100644 index 0000000..154f602 --- /dev/null +++ b/templates/Matomo/config.yml @@ -0,0 +1,8 @@ +name: Matomo +description: | + +version: latest +# category: +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file diff --git a/templates/Mautic/0/README.md b/templates/Mautic/0/README.md new file mode 100644 index 0000000..e2552bb --- /dev/null +++ b/templates/Mautic/0/README.md @@ -0,0 +1 @@ +# Mautic \ No newline at end of file diff --git a/templates/Mautic/0/docker-compose.yml b/templates/Mautic/0/docker-compose.yml new file mode 100644 index 0000000..a32a861 --- /dev/null +++ b/templates/Mautic/0/docker-compose.yml @@ -0,0 +1,66 @@ +version: '2' + +services: + mautic: + image: mautic/mautic:latest + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + environment: + MAUTIC_DB_HOST: mysql + MAUTIC_DB_USER: mautic_user + MAUTIC_DB_PASSWORD: ${DB_USER_PASS} + MAUTIC_DB_NAME: mautic_db + MAUTIC_TRUSTED_PROXIES: 10.42.0.0/16 # 10.42.0.0/16 is the default Rancher-managed subnet + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} +# io.rancher.sidekicks: cron + traefik.enable: true + ### Start Web UI Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSIncludeSubdomains: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web UI Segment + links: + - mysql + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /Persistent/${DATA_DIR}:/var/www/html # Mautic site + mysql: + image: mysql:5.6 + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + environment: + MYSQL_DATABASE: mautic_db + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: mautic_user + MYSQL_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: false + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /Persistent/${DATA_DIR}/Database:/var/lib/mysql + diff --git a/templates/Mautic/0/rancher-compose.yml b/templates/Mautic/0/rancher-compose.yml new file mode 100644 index 0000000..89fa3b2 --- /dev/null +++ b/templates/Mautic/0/rancher-compose.yml @@ -0,0 +1,49 @@ +version: '2' +catalog: + name: Mautic + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair of the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + default: "subdomain.domain.tld" + required: true + type: string + + - variable: "DB_ROOT_PASS" + label: "Database Root Password" + description: | + A secure password to be used by the "root" database user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "Database User Password" + description: | + A secure password to be used by the "mautic_user" database user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Mautic" + required: true + type: string \ No newline at end of file diff --git a/templates/Mautic/config.yml b/templates/Mautic/config.yml new file mode 100644 index 0000000..e7ba8bc --- /dev/null +++ b/templates/Mautic/config.yml @@ -0,0 +1,8 @@ +name: Mautic +description: | + Status: Experimental +version: latest +# category: +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 61406ce..1114dd5 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -23,4 +23,8 @@ You can monitor if it is working by opening a shell terminal on your Redis conta * Explain how to manually setup Redis * Fix Cron container, does not yet properly execute yet * Better setup trusted_proxies - * [Documentation Reference](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=reverse%20proxy) \ No newline at end of file + * [Documentation Reference](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=reverse%20proxy) +* Create my own Nextcloud image and make the following changes: + * Add the Redis config + * Add the reverse proxy config + * Have the entrypoint automatically run the "php occ db:add-missing-indices" \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 046631b..beb12b8 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -41,17 +41,23 @@ services: {{- end}} # io.rancher.sidekicks: cron traefik.enable: true - ### Start Nextcloud Segment - traefik.nextcloud.frontend.entryPoints: http,https - traefik.nextcloud.frontend.headers.forceSTSHeader: true - traefik.nextcloud.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.nextcloud.frontend.headers.SSLRedirect: true - traefik.nextcloud.frontend.headers.STSPreload: true - traefik.nextcloud.frontend.headers.STSSeconds: 15552000 - traefik.nextcloud.frontend.passHostHeader: true - traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST} - traefik.nextcloud.port: "80" - ### End Nextcloud Segment + ### Start Web UI Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSIncludeSubdomains: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web UI Segment + ### Start CalDAV/CardDAV Redirect Segment + traefik.frontend.redirect.permanent: true + traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav + traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/ + ### End CalDAV/CardDAV Redirect Segment links: - mysql {{- if eq .Values.REDIS "true"}} diff --git a/templates/Nextcloud/0/reverseproxy.config.php b/templates/Nextcloud/0/reverseproxy.config.php new file mode 100644 index 0000000..0d24671 --- /dev/null +++ b/templates/Nextcloud/0/reverseproxy.config.php @@ -0,0 +1,4 @@ + ['10.42.0.0/16'], // 10.42.0.0/16 is the default Rancher managed subnet +); \ No newline at end of file diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index fc9da25..aabe8c4 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -3,10 +3,10 @@ version: '2' services: traefik: image: traefik:latest - command: --api # Using Rancher API - dns: - - 1.1.1.1 # Cloudflare Public DNS 1 - - 1.0.0.1 # Cloudflare Public DNS 2 + command: --api # Use Web Dashboard + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 - 2606:4700:4700::1111 - 2606:4700:4700::1001 labels: @@ -17,7 +17,7 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} ports: - - "${DASHBOARD_PORT}:8080" + - "${DASHBOARD_PORT}:8080" # Traefik Dashboard - "80:80" # HTTP - "443:443" # HTTPS restart: always