From 4c767721328cec5444e9fdd51c8eff47380b760f Mon Sep 17 00:00:00 2001 From: Pierre de Lacroix Date: Sat, 11 Oct 2025 18:38:06 +0200 Subject: [PATCH] initial commit --- docker-compose.grist.yml | 32 ++++++++++++ docker-compose.keycloak.yml | 44 +++++++++++++++++ docker-compose.leantime.yml | 83 ++++++++++++++++++++++++++++++++ docker-compose.paheko.yml | 22 +++++++++ docker-compose.reverse-proxy.yml | 30 ++++++++++++ 5 files changed, 211 insertions(+) create mode 100644 docker-compose.grist.yml create mode 100644 docker-compose.keycloak.yml create mode 100644 docker-compose.leantime.yml create mode 100644 docker-compose.paheko.yml create mode 100644 docker-compose.reverse-proxy.yml diff --git a/docker-compose.grist.yml b/docker-compose.grist.yml new file mode 100644 index 0000000..da8b0d2 --- /dev/null +++ b/docker-compose.grist.yml @@ -0,0 +1,32 @@ +services: + grist: + image: gristlabs/grist:1.7 + restart: unless-stopped + volumes: + - ${GRIST_DATA:-grist}:/persist + environment: + - GRIST_SESSION_SECRET=${GRIST_SESSION_SECRET} + - GRIST_DEFAULT_EMAIL=${GRIST_DEFAULT_EMAIL:-admin@mail.com} + - GRIST_SANDBOX_FLAVOR=gvisor + - GRIST_SINGLE_ORG=camp + - GRIST_PAGE_TITLE_SUFFIX= - Camp Interhack + - APP_HOME_URL=https://${HOST} + depends_on: + - db + labels: + - traefik.enable=true + - traefik.http.routers.grist.entryPoints=https + - traefik.http.routers.grist.rule=Host(`${HOST}`) + - traefik.http.routers.grist.tls.certresolver=le-ssl + - traefik.http.services.grist.loadbalancer.server.port=8484 + - traefik.docker.network=front + networks: + - default + - front + +volumes: + grist: + +networks: + front: + external: true diff --git a/docker-compose.keycloak.yml b/docker-compose.keycloak.yml new file mode 100644 index 0000000..b95cb68 --- /dev/null +++ b/docker-compose.keycloak.yml @@ -0,0 +1,44 @@ +services: + postgresql: + image: postgres:18.0 + restart: unless-stopped + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER:-keycloak} + - POSTGRES_DB=${POSTGRES_DB:-keycloak} + volumes: + - ${POSTGRES_DATA:-postgres_data}:/var/lib/postgresql/data + + keycloak: + image: quay.io/keycloak/keycloak:26.4 + restart: unless-stopped + depends_on: + - postgresql + command: start + environment: + - KC_DB=postgres + - KC_DB_URL=jdbc:postgresql://postgresql/${POSTGRES_DB:-keycloak} + - KC_DB_PASSWORD=${POSTGRES_PASSWORD} + - KC_DB_USERNAME=${POSTGRES_USER:-keycloak} + - KC_PROXY=edge + - KC_HOSTNAME_STRICT=false + - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER:-admin} + - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD} + labels: + - traefik.enable=true + - traefik.http.routers.keycloak.entryPoints=https + - traefik.http.routers.keycloak.rule=Host(`${HOST}`) + - traefik.http.routers.keycloak.tls.certresolver=le-ssl + - traefik.http.services.keycloak.loadbalancer.server.port=8080 + - traefik.docker.network=front + networks: + - default + - front + +volumes: + postgresql_data: + driver: local + +networks: + front: + external: true diff --git a/docker-compose.leantime.yml b/docker-compose.leantime.yml new file mode 100644 index 0000000..a45a48c --- /dev/null +++ b/docker-compose.leantime.yml @@ -0,0 +1,83 @@ +services: + mysql: + image: mysql:9.4 + volumes: + - ${MYSQL_DATA_DIR:-db_data}:/var/lib/mysql + restart: unless-stopped + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=leantime + - MYSQL_USER=lean + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] + interval: 30s + timeout: 10s + retries: 3 + + leantime: + image: leantime/leantime:3.5.12 + restart: unless-stopped + # security_opt: + # - no-new-privileges:true + # cap_add: + # - CAP_NET_BIND_SERVICE + # - CAP_CHOWN + # - CAP_SETGID + # - CAP_SETUID + environment: + - LEAN_DB_HOST=mysql + - LEAN_DB_DATABASE=leantime + - LEAN_DB_USER=lean + - LEAN_DB_PASSWORD=${MYSQL_PASSWORD} + - LEAN_SESSION_PASSWORD=${LEAN_SESSION_PASSWORD} + - LEAN_DEBUG=0 + - LEAN_LANGUAGE=fr-FR + - LEAN_DEFAULT_TIMEZONE=Europe/Paris + - LEAN_DISABLE_LOGIN_FORM=true + - LEAN_OIDC_ENABLE=true + - LEAN_OIDC_PROVIDER_URL=${LEAN_OIDC_PROVIDER_URL} + - LEAN_OIDC_CLIENT_ID=${LEAN_OIDC_CLIENT_ID} + - LEAN_OIDC_CLIENT_SECRET=${LEAN_OIDC_CLIENT_SECRET} + - LEAN_OIDC_CREATE_USER=false + - LEAN_OIDC_DEFAULT_ROLE=20 + volumes: + - ${LEAN_PUBLIC_USERFILES_DIR:-public_userfiles}:/var/www/html/public/userfiles # Volume to store public files, logo etc + - ${LEAN_USERFILES_DIR:-userfiles}:/var/www/html/userfiles # Original volume name for compatibility + - ${LEAN_PLUGINS_DIR:-plugins}:/var/www/html/app/Plugins # Plugin storage + - ${LEAN_LOGS_DIR:-logs}:/var/www/html/storage/logs # Log storage + depends_on: + mysql: + condition: service_healthy + labels: + - traefik.enable=true + - traefik.http.routers.leantime.entryPoints=https + - traefik.http.routers.leantime.rule=Host(`${HOST}`) + - traefik.http.routers.leantime.tls.certresolver=le-ssl + - traefik.http.services.leantime.loadbalancer.server.port=8080 + - traefik.docker.network=front + networks: + - default + - front + + # Add a helper container for volume permissions + # Run via docker compose --profile mysql_helper up -d + mysql_helper: + image: mysql:9.4 + command: chown -R mysql:mysql /var/lib/mysql + volumes: + - ${MYSQL_DATA_DIR:-db_data}:/var/lib/mysql + user: root + profiles: [ "helper" ] + +volumes: + db_data: + userfiles: + public_userfiles: + plugins: + logs: + +networks: + front: + external: true diff --git a/docker-compose.paheko.yml b/docker-compose.paheko.yml new file mode 100644 index 0000000..5d2f7a2 --- /dev/null +++ b/docker-compose.paheko.yml @@ -0,0 +1,22 @@ +services: + paheko: + image: paheko/paheko:1.3.16 + restart: unless-stopped + volumes: + - ${PAHEKO_CONFIG}:/var/www/paheko/config.local.php + # - ./php.ini:/usr/local/etc/php/php.ini + - ${PAHEKO_DATA}:/var/www/paheko/data + - ${PAHEKO_PLUGINS}:/var/www/paheko/data/plugins + labels: + - traefik.enable=true + - traefik.http.routers.paheko.entryPoints=https + - traefik.http.routers.paheko.rule=Host(`${HOST}`) + - traefik.http.routers.paheko.tls.certresolver=le-ssl + - traefik.http.services.paheko.loadbalancer.server.port=80 + - traefik.docker.network=front + networks: + - front + +networks: + front: + external: true diff --git a/docker-compose.reverse-proxy.yml b/docker-compose.reverse-proxy.yml new file mode 100644 index 0000000..2c42f10 --- /dev/null +++ b/docker-compose.reverse-proxy.yml @@ -0,0 +1,30 @@ +services: + traefik: + image: traefik:v3.5 + container_name: traefik + restart: always + ports: + - 80:80 # (HTTP) + - 443:443 # (HTTPS) + command: + - --providers.docker=true + - --providers.docker.exposedByDefault=false + - --certificatesresolvers.le-ssl.acme.email=${ACME_EMAIL} + - --certificatesresolvers.le-ssl.acme.storage=acme.json + - --certificatesresolvers.le-ssl.acme.httpchallenge.entrypoint=web + - --tls.options.default.minVersion=VersionTLS12 + - --entrypoints.http.address=:80 + - --entrypoints.http.http.redirections.entryPoint.to=https + - --entrypoints.http.http.redirections.entryPoint.scheme=https + - --entrypoints.https.address=:443 + - --entrypoints.https.http.tls.certResolver=le-ssl + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - default + - front + +networks: + front: + external: true