search

DevSecNinja / home

Deploys a single Kubernetes cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium and more!
MIT License
0 stars 1 forks source link

[wallabag] Add OpenID Auth #131

Closed github-actions[bot] closed 7 months ago

github-actions[bot] commented 7 months ago

test: ["CMD", "wget" ,"--no-verbose", "--tries\=1", "--spider", "http://localhost/api/info"]

interval: 1m

timeout: 3s

- DEFAULT_COMPRESSION\=ZSTD # Compress all with ZSTD

- DEFAULT_BACKUP_INTERVAL\=1440 # Backup every 1440 minutes \= 24 hours

- DEFAULT_BACKUP_BEGIN\=0000 # Start backing up at midnight

- DEFAULT_CLEANUP_TIME\=2880 # Cleanup backups after two days

- DEFAULT_ENCRYPT_PASSPHRASE\=${DB_ENC_PASSPHRASE} # Set encryption password

https://github.com/DevSecNinja/home/blob/90c7177d4bce27a1b746d137672b574de879bf5b/docker/ansible/templates/compose-modules/wallabag.yml#L41


services:
  # NOTE: Requires the following command on fresh install:
  # docker exec -t wallabag /var/www/wallabag/bin/console wallabag:install --env=prod --no-interaction
  wallabag:
    image: wallabag/wallabag:2.6.8@sha256:4e6a1872badda4631f841f2d2a96391710df21283da7de1803fdc4d4935a2aa0
    container_name: wallabag
    depends_on:
      - traefik
      - wallabag-db
      - wallabag-redis
    restart: always
    networks:
      - t2_proxy
      - wallabag-backend
    security_opt:
      - no-new-privileges:true
    mem_limit: 200m
    environment:
      - TZ=${TZ}
      - POPULATE_DATABASE=false # Hands-off solution doesn't seem to work. Run manual command from line 2.
      # MySQL
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
      - SYMFONY__ENV__DATABASE_HOST=wallabag-db
      - SYMFONY__ENV__DATABASE_PORT=3306
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=wallabag
      - SYMFONY__ENV__DATABASE_PASSWORD=${WALLABAG_MYSQL_PASSWORD}
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
      # Redis
      - SYMFONY__ENV__REDIS_HOST=wallabag-redis
      - SYMFONY__ENV__REDIS_PORT=6379
      - SYMFONY__ENV__REDIS_PASSWORD=${WALLABAG_REDIS_PASSWORD}
      # Wallabag
      - SYMFONY__ENV__SECRET=${WALLABAG_SECRET}
      - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.$DOMAINNAME
      - SYMFONY__ENV__SERVER_NAME=${ORGANIZATION_NAME}
      - SYMFONY__ENV__FOSUSER_REGISTRATION=false
      - SYMFONY__ENV__FOSUSER_CONFIRMATION=false
      - SYMFONY__ENV__TWOFACTOR_AUTH=false
      # TODO: [wallabag] Add mail notifications
      # TODO: [wallabag] Add OpenID Auth
    volumes:
      - wallabag_data:/var/www/wallabag/web/assets/images
    # healthcheck:
    #   test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost/api/info"]
    #   interval: 1m
    #   timeout: 3s
    labels:
      # Homepage
      - homepage.group=Productivity
      - homepage.name=Wallabag
      - homepage.icon=wallabag.svg
      - homepage.href=https://wallabag.$DOMAINNAME
      - homepage.description=Bookmark Collector
      # Group
      - org.label-schema.group=productivity
      # Traefik
      - "traefik.enable=true"
      ## Middlewares
      - "traefik.http.routers.wallabag-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.wallabag-rtr.service=wallabag"
      ### Enable the server port
      - "traefik.http.services.wallabag.loadbalancer.server.port=80"

  wallabag-db:
    image: mariadb:11.3.2@sha256:851f05fe1e4cb290442c1b12b7108436a33fd8f6a733d4989950322d06d45c65
    container_name: wallabag-db
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    restart: always
    security_opt:
      - no-new-privileges:true
    networks:
      - wallabag-backend
    volumes:
      - wallabag_db_data:/var/lib/mysql
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - MYSQL_ROOT_PASSWORD=${WALLABAG_MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${WALLABAG_MYSQL_PASSWORD}
      - MYSQL_DATABASE=wallabag
      - MYSQL_USER=wallabag
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    healthcheck:
      interval: 30s
      retries: 3
      test:
        [
          "CMD",
          "healthcheck.sh",
          "--su-mysql",
          "--connect",
          "--innodb_initialized"
        ]
      timeout: 30s

  wallabag-db-backup:
    container_name: wallabag-db-backup
    image: tiredofit/db-backup:4.0.35@sha256:794ffd160cf01057d0f64ef7baf5da3cd8925a48f1f65653e016f58c7d69b13c
    depends_on:
      - wallabag-db
    volumes:
      - $DOCKERDIR/data/backup:/backup
    networks:
      - wallabag-backend
      - mailrise
    environment:
      - TIMEZONE=${TZ}
      - USER_DBBACKUP=${PUID}
      - GROUP_DBBACKUP=${PGID}
      - CONTAINER_NAME=wallabag-db-backup
      - CONTAINER_ENABLE_MONITORING=FALSE # Disables Zabbix backup statistics

      - ENABLE_NOTIFICATIONS=TRUE
      - NOTIFICATION_TYPE=EMAIL
      - SMTP_HOST=mailrise
      - SMTP_PORT=${NOTIFICATIONS_MAILRISE_SMTP_PORT}
      - MAIL_TO=msteams@mailrise.xyz
      - MAIL_FROM=wallabag-db-backup

      - DEFAULT_CHECKSUM=SHA1        # Set standard checksum to SHA1
      - DEFAULT_COMPRESSION=ZSTD     # Compress all with ZSTD
      - DEFAULT_BACKUP_INTERVAL=1440 # Backup every 1440 minutes = 24 hours
      - DEFAULT_BACKUP_BEGIN=0000    # Start backing up at midnight
      - DEFAULT_CLEANUP_TIME=2880    # Cleanup backups after two days

      - DEFAULT_ENCRYPT=TRUE                            # Encrypt backup files with GPG
      - DEFAULT_ENCRYPT_PASSPHRASE=${DB_ENC_PASSPHRASE} # Set encryption password

      - DB01_TYPE=mysql
      - DB01_HOST=wallabag-db
      - DB01_NAME=wallabag
      - DB01_USER=wallabag
      - DB01_PORT=3306
      - DB01_PASS=${WALLABAG_MYSQL_PASSWORD}
    restart: always
    security_opt:
      - no-new-privileges:true

  wallabag-redis:
    image: redis:alpine3.19@sha256:c1ac6782927e574394225a790b6eb476154d1a16681b1374c62625d9bc324b18
    container_name: wallabag-redis
    # Requirepass is needed as environment variable isn't picked up
    command: >
      --requirepass ${WALLABAG_REDIS_PASSWORD}
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 20s
      timeout: 3s
    security_opt:
      - no-new-privileges:true
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - REDIS_PASSWORD=${WALLABAG_REDIS_PASSWORD}
    networks:
      - wallabag-backend

volumes:
  wallabag_data:
  wallabag_db_data:

networks:
  wallabag-backend:
    name: wallabag-backend
    driver: bridge
github-actions[bot] commented 7 months ago

Closed in 0057ed8657f2b2fd7b9af52411541962390ae657