add mkdocs-wiki (#601)

Reviewed-on: #601
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-16 20:09:14 +01:00 committed by mg
parent 55f002f828
commit 7c0c860600
14 changed files with 200 additions and 15 deletions

View file

@ -78,6 +78,11 @@ services:
url: "http://docker10.grote.lan:2342"
target: "_blank"
subtitle: "Bildersammlung"
- name: "Wiki"
logo: "assets/icons/mkdocs.png"
url: "http://wiki2.mgrote.net" # noch ändern
target: "_blank"
subtitle: "Wiki"
- name: "Web"
icon: "fas fa-cloud"

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.5 KiB

View file

@ -63,7 +63,7 @@ services:
subtitle: "Container-Registry"
- name: "Woodpecker"
logo: "assets/icons/woodpecker.svg"
url: "http://docker10.grote.lan:8000"
url: "https://ci.mgrote.net"
target: "_blank"
subtitle: "CI/CD"

View file

@ -30,7 +30,7 @@ services:
traefik.http.routers.registry.middlewares: registry-ipwhitelist
traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker
traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth
com.centurylinklabs.watchtower.depends-on: oci-registry-redis
@ -80,7 +80,7 @@ services:
traefik.http.routers.registry-ui.entrypoints: entry_https
traefik.http.services.registry-ui.loadbalancer.server.port: 80
traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth

View file

@ -2,7 +2,7 @@ version: '3'
services:
######## traefik ########
traefik:
container_name: "traefik"
container_name: traefik
image: traefik:latest
restart: always
volumes:
@ -21,19 +21,40 @@ services:
TZ: Europe/Berlin
labels:
com.centurylinklabs.watchtower.enable: true
# hier sind gemeinsame middlewares defniert und zu einer chain zusammengefasst
# CAVE: die Reihenfolge innerhalb von Chains/von Middlewares ist wichtig
# Aufbau: traefik.http.middlewares.<NAME>.chain.middlewares: middleware1,middleware2,middleware3
# diese kann dann direkt eingebunden werden:
# Beispiel: XXXXX
# beim Einsatz von nforwardauth:
# Beispiel: YYYYY
######## nforwardauth ########
nforwardauth:
image: nosduco/nforwardauth:v1
container_name: traefik-nforwardauth
environment:
TOKEN_SECRET: {{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}
AUTH_HOST: auth.mgrote.net
labels:
traefik.enable: true
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
traefik.http.routers.nforwardauth.tls: true
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
traefik.http.routers.nforwardauth.entrypoints: entry_https
com.centurylinklabs.watchtower.depends-on: traefik
com.centurylinklabs.watchtower.enable: true
volumes:
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
networks:
- traefik
######## Networks ########
networks:
traefik:
external: true
######## Volumes ########
volumes:
acme_data:
# passwd
# echo "<user>:$(mkpasswd -m sha-512 <password>)"

View file

@ -0,0 +1 @@
{{ lookup('keepass', 'nforwardauth-mg-hash', 'password') }}

View file

@ -31,8 +31,14 @@ certificatesResolvers:
tlsChallenge: true
log:
level: DEBUG
level: INFO
api:
insecure: true
dashboard: true # unter Port 8081 erreichbar
#experimental:
# plugins:
# ldapAuth:
# moduleName: "github.com/wiltonsr/ldapAuth"
# version: "v0.1.4"

View file

@ -0,0 +1,31 @@
version: '3'
services:
wiki-webserver:
container_name: wiki-webserver
image: httpd:2.4
restart: always
networks:
- traefik
ports:
- 8087:80
volumes:
- /docker/wiki/site:/usr/local/apache2/htdocs/
# /docker/wiki/site ist ein lokales Verzeichnis auf docker10
# dieser Verzeichnis wird direkt in der wiki ci gemountet
# und die daten werden dort reingeschrieben
labels:
traefik.http.routers.wiki.rule: Host(`wiki2.mgrote.net`)
traefik.enable: true
traefik.http.routers.wiki.tls: true
traefik.http.routers.wiki.tls.certresolver: resolver_letsencrypt
traefik.http.routers.wiki.entrypoints: entry_https
traefik.http.services.wiki.loadbalancer.server.port: 80
traefik.http.routers.wiki.middlewares: nforwardauth
com.centurylinklabs.watchtower.enable: true
######## Networks ########
networks:
traefik:
external: true

View file

@ -5,7 +5,7 @@ services:
woodpecker-server:
restart: always
container_name: woodpecker-server
image: woodpeckerci/woodpecker-server:latest
image: woodpeckerci/woodpecker-server:v1.0
ports:
- 8000:8000
volumes:
@ -13,6 +13,7 @@ services:
environment:
WOODPECKER_OPEN: false
WOODPECKER_HOST: https://ci.mgrote.net
WOODPECKER_WEBHOOK_HOST: http://docker10.grote.lan:8000
WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: https://git.mgrote.net
WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
@ -42,7 +43,7 @@ services:
woodpecker-agent:
container_name: woodpecker-agent
image: woodpeckerci/woodpecker-agent:latest
image: woodpeckerci/woodpecker-agent:v1.0
command: agent
restart: always
depends_on:

View file

@ -0,0 +1,73 @@
version: "3"
services:
######## App ########
lldap:
image: nitnelave/lldap:stable
container_name: lldap-app
restart: always
ports:
# For LDAP
- "3890:3890"
# For the web front-end
- "17170:17170"
networks:
- intern
- traefik
- mail-relay
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- "lldap:/data"
environment:
UID: 1000
GID: 1000
LLDAP_HTTP_PORT: 17170
LLDAP_HTTP_URL: http://docker10.grote.lan:17170
LLDAP_KEY_SEED: ganz_lang
LLDAP_VERBOSE: true
LLDAP_JWT_SECRET: jwt_secret
LLDAP_LDAP_BASE_DN: dc=grote,dc=lan
LLDAP_USER_DN: admin
LLDAP_LDAP_USER_PASS: user_pass_geheim
LLDAP_DATABASE_URL: mysql://lldap-db-user:mysql_password@lldap-db/lldap
LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_reset: true
LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <info@mgrote.net>"
LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <info@mgrote.net>"
LLDAP_SMTP_OPTIONS__SERVER: mail-relay
LLDAP_SMTP_OPTIONS__PORT: 25
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: NONE
LLDAP_SMTP_OPTIONS__USER: info@mgrote.net
labels:
- com.centurylinklabs.watchtower.enable=true
- com.centurylinklabs.watchtower.depends-on=lldap-db
######## DB ########
lldap-db:
image: mariadb:10
container_name: lldap-db
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=mysql_root_password
- MYSQL_PASSWORD=mysql_password
- MYSQL_DATABASE=lldap
- MYSQL_USER=lldap-db-user
- MYSQL_INITDB_SKIP_TZINFO=1
networks:
- intern
labels:
- com.centurylinklabs.watchtower.enable=true
######## Volumes ########
volumes:
lldap:
db:
######## Networks ########
networks:
intern:
traefik:
external: true
mail-relay:
external: true

View file

@ -0,0 +1,40 @@
version: '3'
services:
wiki-webserver:
container_name: wiki-webserver
image: httpd:2.4
restart: always
networks:
- traefik
ports:
- 8087:80
volumes:
- /docker/wiki/site:/usr/local/apache2/htdocs/
# /docker/wiki/site ist ein lokales Verzeichnis auf docker10
# dieser Verzeichnis wird direkt in der wiki ci gemountet
# und die daten werden dort reingeschrieben
labels:
traefik.http.routers.wiki.rule: Host(`wiki2.mgrote.net`)
traefik.enable: true
traefik.http.routers.wiki.tls: true
traefik.http.routers.wiki.tls.certresolver: resolver_letsencrypt
traefik.http.routers.wiki.entrypoints: entry_https
traefik.http.services.wiki.loadbalancer.server.port: 80
traefik.http.routers.wiki.middlewares: nforwardauth
# traefik.http.routers.wiki.middlewares: ldap_auth
#
# # ldapAuth Options
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.enabled: true
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.logLevel: DEBUG
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.url: ldap://lldap-app
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.port: 3890
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.baseDN: "ou=people,dc=grote,dc=lan"
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.attribute: uid
com.centurylinklabs.watchtower.enable: true
######## Networks ########
networks:
traefik:
external: true

View file

@ -76,6 +76,12 @@ compose_files:
- name: whoami
state: absent
network: traefik_test
- name: wiki
state: present
network: traefik
- name: lldap
state: absent
network: ldap
### oefenweb.ufw
ufw_rules:

Binary file not shown.

View file

@ -37,6 +37,7 @@
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
no_log: true
register: copy_template
- name: Ensure needed networks exists
become: true