Merge branch 'development'

templates/GitLab-Runner/0/docker-compose.yml

@@ -5,31 +5,23 @@ services:
     image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
     command:
       - register
-      - --non-interactive
+    environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html
-      - --url
+      REGISTER_NON_INTERACTIVE: true                                  # Run registration unattended
-      - ${GITLAB_URL}
+      CI_SERVER_URL: http://gitlab/                                   # Runner URL
-      - --registration-token
+      REGISTRATION_TOKEN: ${GITLAB_TOKEN}                             # Runner's registration token
-      - ${GITLAB_TOKEN}
+      RUNNER_EXECUTOR: docker                                         # Select executor, eg. shell, docker, etc.
-      - --executor
-      - "docker"
       {{- if .Values.GITLAB_RUNNER_DESCRIPTION}}
-      - --description
+      RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION}                       # Runner name
-      - ${GITLAB_RUNNER_DESCRIPTION}
       {{- end}}
       {{- if .Values.GITLAB_TAGS}}
-      - --tag-list
+      RUNNER_TAG_LIST: ${GITLAB_TAGS}                                 # Tag list
-      - ${GITLAB_TAGS}
       {{- end}}
-      - --locked=false
+      REGISTER_LOCKED: false                                          # Lock Runner for current project
-      - --docker-image
+      DOCKER_IMAGE: docker:latest                                     # Docker image to be used
-      - docker:latest
+      DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP}                         # Add local alias for GitLab instance within Rancher network
-      - --docker-privileged
+      DOCKER_VOLUMES: "/var/run/docker.sock:/var/run/docker.sock"     # Docker Socket binding
-      {{- if .Values.GITLAB_IP}}
-      - --docker-extra-hosts
-      - "gitlab:${GITLAB_IP}"
-      {{- end}}
-    {{- if .Values.GITLAB_LINK}}
     external_links:
+    {{- if .Values.GITLAB_LINK}}
       - ${GITLAB_LINK}:gitlab
     {{- end}}
     labels:
@@ -40,12 +32,26 @@ services:
       {{- end}}
       traefik.enable: false
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
       - GitLab-Runner:/etc/gitlab-runner
   gitlab-runner:
     image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
     command:
       - run
+    environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+      REGISTER_NON_INTERACTIVE: true                                  # Run registration unattended
+      CI_SERVER_URL: http://gitlab/                                   # Runner URL
+      REGISTRATION_TOKEN: ${GITLAB_TOKEN}                             # Runner's registration token
+      RUNNER_EXECUTOR: docker                                         # Select executor, eg. shell, docker, etc.
+      {{- if .Values.GITLAB_RUNNER_DESCRIPTION}}
+      RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION}                       # Runner name
+      {{- end}}
+      {{- if .Values.GITLAB_TAGS}}
+      RUNNER_TAG_LIST: ${GITLAB_TAGS}                                 # Tag list
+      {{- end}}
+      REGISTER_LOCKED: false                                          # Lock Runner for current project
+      DOCKER_IMAGE: docker:latest                                     # Docker image to be used
+      DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP}                         # Add local alias for GitLab instance within Rancher network
+      DOCKER_VOLUMES: "/var/run/docker.sock:/var/run/docker.sock"     # Docker Socket binding
     {{- if .Values.GITLAB_LINK}}
     external_links:
       - ${GITLAB_LINK}:gitlab
@@ -60,6 +66,8 @@ services:
     privileged: true
     restart: always
     volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
       - /var/run/docker.sock:/var/run/docker.sock
       - GitLab-Runner:/etc/gitlab-runner
 

templates/GitLab/0/docker-compose.yml

@@ -12,7 +12,7 @@ services:
       GITLAB_OMNIBUS_CONFIG: |
         external_url 'https://${TRAEFIK_HOST}'
         gitlab_rails['gitlab_shell_ssh_port'] = 1022
-        nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher managed subnet
+        nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher-managed subnet
         nginx['listen_port'] = 80 # Using HTTP between the Traefik container and GitLab
         nginx['listen_https'] = false # Traefik is handling HTTPS on outside
     hostname: ${TRAEFIK_HOST}

templates/Grav/0/docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 
 services:
   grav:
-    image: williammiceli/grav:latest-git
+    image: williammiceli/grav:dev-1.6.14-git
     dns: # Using Cloudflare DNS
       - 1.1.1.1
       - 1.0.0.1
@@ -19,6 +19,7 @@ services:
       traefik.frontend.headers.forceSTSHeader: true
       traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
       traefik.frontend.headers.SSLRedirect: true
+      traefik.frontend.headers.STSIncludeSubdomains: true
       traefik.frontend.headers.STSPreload: true
       traefik.frontend.headers.STSSeconds: 15552000
       traefik.frontend.passHostHeader: true

templates/Matomo/0/README.md

@@ -0,0 +1 @@
+# Matomo

templates/Matomo/0/docker-compose.yml

@@ -0,0 +1,65 @@
+version: '2'
+
+services:
+  matomo:
+    image: matomo:latest
+    dns: # Using Cloudflare DNS
+      - 1.1.1.1
+      - 1.0.0.1
+      - 2606:4700:4700::1111
+      - 2606:4700:4700::1001
+    environment:
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+      traefik.enable: true
+      ### Start Web Segment
+      traefik.frontend.entryPoints: http,https
+      traefik.frontend.headers.forceSTSHeader: true
+      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
+      traefik.frontend.headers.SSLRedirect: true
+      traefik.frontend.headers.STSPreload: true
+      traefik.frontend.headers.STSSeconds: 15552000
+      traefik.frontend.passHostHeader: true
+      traefik.frontend.rule: Host:${TRAEFIK_HOST}
+      traefik.port: "80"
+      ### End Web Segment
+    links:
+      - mysql
+      {{- if eq .Values.REDIS "true"}}
+      - redis
+      {{- end}}
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+      - /Persistent/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps
+      - /Persistent/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files
+      - /Persistent/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site
+      - /Persistent/${DATA_DIR}/UserData:/var/www/html/data # Users' data file
+  mariadb:
+    image: mariadb
+    command: --max-allowed-packet=64MB
+    dns: # Using Cloudflare DNS
+      - 1.1.1.1
+      - 1.0.0.1
+      - 2606:4700:4700::1111
+      - 2606:4700:4700::1001
+    environment:
+      MYSQL_DATABASE: matomo_db
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
+      MYSQL_USER: matomo_user
+      MYSQL_PASSWORD: ${DB_USER_PASS}
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+      traefik.enable: false
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+      - /Persistent/${DATA_DIR}/Database:/var/lib/mysql

templates/Matomo/0/rancher-compose.yml

@@ -0,0 +1,49 @@
+version: '2'
+catalog:
+  name: Matomo
+  version: latest
+  # description:
+  # minimum_rancher_version:
+  # maximum_rancher_version:
+  # upgrade_from:
+  questions:
+
+    - variable: "HOST_LABEL"
+      label: "Host Label Key/Value Pair"
+      description: |
+        The Label Key/Value pair of the host which containers should be deployed
+      default: "host.id=Host1"
+      required: false
+      type: string
+
+    - variable: "TRAEFIK_HOST"
+      label: "Public Host Domain"
+      description: |
+        The host that Traefik will use to provide public access.
+      default: "subdomain.domain.tld"
+      required: true
+      type: string
+
+    - variable: "DB_ROOT_PASS"
+      label: "Database Root Password"
+      description: |
+        A secure password to be used by the "root" database user.
+      # default:
+      required: true
+      type: password
+
+    - variable: "DB_USER_PASS"
+      label: "Database User Password"
+      description: |
+        A secure password to be used by the "nextcloud_user" database user.
+      # default:
+      required: true
+      type: password
+
+    - variable: "DATA_DIR"
+      label: "Data Directory"
+      description: |
+        The directory to store persistent data for the stack.
+      default: "Personal/Matomo"
+      required: true
+      type: string

templates/Matomo/config.yml

@@ -0,0 +1,8 @@
+name: Matomo
+description: |
+  
+version: latest
+# category:
+maintainer: WilliamMiceli
+# license:
+# projectURL:

templates/Mautic/0/README.md

@@ -0,0 +1 @@
+# Mautic

templates/Mautic/0/docker-compose.yml

@@ -0,0 +1,66 @@
+version: '2'
+
+services:
+  mautic:
+    image: mautic/mautic:latest
+    dns: # Using Cloudflare DNS
+      - 1.1.1.1
+      - 1.0.0.1
+      - 2606:4700:4700::1111
+      - 2606:4700:4700::1001
+    environment:
+      MAUTIC_DB_HOST: mysql
+      MAUTIC_DB_USER: mautic_user
+      MAUTIC_DB_PASSWORD: ${DB_USER_PASS}
+      MAUTIC_DB_NAME: mautic_db
+      MAUTIC_TRUSTED_PROXIES: 10.42.0.0/16 # 10.42.0.0/16 is the default Rancher-managed subnet
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+#      io.rancher.sidekicks: cron
+      traefik.enable: true
+      ### Start Web UI Segment
+      traefik.frontend.entryPoints: http,https
+      traefik.frontend.headers.forceSTSHeader: true
+      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
+      traefik.frontend.headers.SSLRedirect: true
+      traefik.frontend.headers.STSIncludeSubdomains: true
+      traefik.frontend.headers.STSPreload: true
+      traefik.frontend.headers.STSSeconds: 15552000
+      traefik.frontend.passHostHeader: true
+      traefik.frontend.rule: Host:${TRAEFIK_HOST}
+      traefik.port: "80"
+      ### End Web UI Segment
+    links:
+      - mysql
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+      - /Persistent/${DATA_DIR}:/var/www/html # Mautic site
+  mysql:
+    image: mysql:5.6
+    dns: # Using Cloudflare DNS
+      - 1.1.1.1
+      - 1.0.0.1
+      - 2606:4700:4700::1111
+      - 2606:4700:4700::1001
+    environment:
+      MYSQL_DATABASE: mautic_db
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
+      MYSQL_USER: mautic_user
+      MYSQL_PASSWORD: ${DB_USER_PASS}
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+      traefik.enable: false
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+      - /Persistent/${DATA_DIR}/Database:/var/lib/mysql
+

templates/Mautic/0/rancher-compose.yml

@@ -0,0 +1,49 @@
+version: '2'
+catalog:
+  name: Mautic
+  version: latest
+  # description:
+  # minimum_rancher_version:
+  # maximum_rancher_version:
+  # upgrade_from:
+  questions:
+
+    - variable: "HOST_LABEL"
+      label: "Host Label Key/Value Pair"
+      description: |
+        The Label Key/Value pair of the host which containers should be deployed
+      default: "host.id=Host1"
+      required: false
+      type: string
+
+    - variable: "TRAEFIK_HOST"
+      label: "Public Host Domain"
+      description: |
+        The host that Traefik will use to provide public access.
+      default: "subdomain.domain.tld"
+      required: true
+      type: string
+
+    - variable: "DB_ROOT_PASS"
+      label: "Database Root Password"
+      description: |
+        A secure password to be used by the "root" database user.
+      # default:
+      required: true
+      type: password
+
+    - variable: "DB_USER_PASS"
+      label: "Database User Password"
+      description: |
+        A secure password to be used by the "mautic_user" database user.
+      # default:
+      required: true
+      type: password
+
+    - variable: "DATA_DIR"
+      label: "Data Directory"
+      description: |
+        The directory to store persistent data for the stack.
+      default: "Personal/Mautic"
+      required: true
+      type: string

templates/Mautic/config.yml

@@ -0,0 +1,8 @@
+name: Mautic
+description: |
+  Status: Experimental
+version: latest
+# category:
+maintainer: WilliamMiceli
+# license:
+# projectURL:

templates/Nextcloud/0/README.md

@@ -24,3 +24,7 @@ You can monitor if it is working by opening a shell terminal on your Redis conta
 * Fix Cron container, does not yet properly execute yet
 * Better setup trusted_proxies
   * [Documentation Reference](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=reverse%20proxy)
+* Create my own Nextcloud image and make the following changes:
+  * Add the Redis config
+  * Add the reverse proxy config
+  * Have the entrypoint automatically run the "php occ db:add-missing-indices"

templates/Nextcloud/0/docker-compose.yml

@@ -41,17 +41,23 @@ services:
       {{- end}}
 #      io.rancher.sidekicks: cron
       traefik.enable: true
-      ### Start Nextcloud Segment
+      ### Start Web UI Segment
-      traefik.nextcloud.frontend.entryPoints: http,https
+      traefik.frontend.entryPoints: http,https
-      traefik.nextcloud.frontend.headers.forceSTSHeader: true
+      traefik.frontend.headers.forceSTSHeader: true
-      traefik.nextcloud.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
+      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
-      traefik.nextcloud.frontend.headers.SSLRedirect: true
+      traefik.frontend.headers.SSLRedirect: true
-      traefik.nextcloud.frontend.headers.STSPreload: true
+      traefik.frontend.headers.STSIncludeSubdomains: true
-      traefik.nextcloud.frontend.headers.STSSeconds: 15552000
+      traefik.frontend.headers.STSPreload: true
-      traefik.nextcloud.frontend.passHostHeader: true
+      traefik.frontend.headers.STSSeconds: 15552000
-      traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST}
+      traefik.frontend.passHostHeader: true
-      traefik.nextcloud.port: "80"
+      traefik.frontend.rule: Host:${TRAEFIK_HOST}
-      ### End Nextcloud Segment
+      traefik.port: "80"
+      ### End Web UI Segment
+      ### Start CalDAV/CardDAV Redirect Segment
+      traefik.frontend.redirect.permanent: true
+      traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav
+      traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/
+      ### End CalDAV/CardDAV Redirect Segment
     links:
       - mysql
       {{- if eq .Values.REDIS "true"}}

templates/Nextcloud/0/reverseproxy.config.php

@@ -0,0 +1,4 @@
+<?php
+$CONFIG = array (
+  'trusted_proxies' => ['10.42.0.0/16'], // 10.42.0.0/16 is the default Rancher managed subnet
+);

templates/Traefik/0/docker-compose.yml

@@ -3,10 +3,10 @@ version: '2'
 services:
   traefik:
     image: traefik:latest
-    command: --api # Using Rancher API
+    command: --api # Use Web Dashboard
-    dns:
+    dns: # Using Cloudflare DNS
-      - 1.1.1.1 # Cloudflare Public DNS 1
+      - 1.1.1.1
-      - 1.0.0.1 # Cloudflare Public DNS 2
+      - 1.0.0.1
       - 2606:4700:4700::1111
       - 2606:4700:4700::1001
     labels:
@@ -17,7 +17,7 @@ services:
       io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
       {{- end}}
     ports:
-      - "${DASHBOARD_PORT}:8080"
+      - "${DASHBOARD_PORT}:8080" # Traefik Dashboard
       - "80:80" # HTTP
       - "443:443" # HTTPS
     restart: always