commit d6f92f29b2a04811bb433b2883e456351031fd01 Author: pptx704 Date: Sat Jun 14 00:46:10 2025 +0300 Initial commits diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..5b996af --- /dev/null +++ b/.env.example @@ -0,0 +1,17 @@ +POSTGRES_USER= +POSTGRES_PASS= +POSTGRES_MULTIPLE_DATABASES= + +AUTHENTIK_SECRET_KEY= +AUTHENTIK_BOOTSTRAP_EMAIL= +AUTHENTIK_BOOTSTRAP_PASSWORD= + +OUTLINE_SECRET_KEY= +OUTLINE_UTILS_SECRET= + +PLANKA_SECRET_KEY= +PLANKA_OIDC_CLIENT_ID= +PLANKA_OIDC_CLIENT_SECRET= + +GITEA_SECRET_KEY= +GITEA_INTERNAL_TOKEN= \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1fafad2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.cursorignore +.env +outline.env \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3cb0f87 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Omukk + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..24ed528 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# Omukk Infra +Configuration related files for the employee stack maintained by Omukk. These can be used to setup a similar stack for project and team management stack. Does not contain certificates, firewall config, advanced configuration scripts etc. + +# Current Stack + +1. Outline - For documentation +2. Gitea - For repository management +3. Planka - For project and task management diff --git a/authentik.docker-compose.yml b/authentik.docker-compose.yml new file mode 100644 index 0000000..4436c19 --- /dev/null +++ b/authentik.docker-compose.yml @@ -0,0 +1,66 @@ +services: + authentik-redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ./docker-data/authentik/redis:/data + networks: + - omukk-network + authentik-server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1} + restart: unless-stopped + command: server + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: postgres + AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASS} + volumes: + - ./docker-data/authentik/media:/media + - ./docker-data/authentik/custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + authentik-redis: + condition: service_healthy + networks: + - omukk-network + authentik-worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: postgres + AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER} + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASS} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./docker-data/authentik/media:/media + - ./docker-data/authentik/custom-templates:/templates + env_file: + - .env + depends_on: + authentik-redis: + condition: service_healthy + networks: + - omukk-network + +networks: + omukk-network: + external: true \ No newline at end of file diff --git a/common.docker-compose.yml b/common.docker-compose.yml new file mode 100644 index 0000000..2aaefc7 --- /dev/null +++ b/common.docker-compose.yml @@ -0,0 +1,26 @@ +services: + postgres: + image: pgvector/pgvector:pg17 + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ./scripts/psql-multi-init.sh:/docker-entrypoint-initdb.d/psql-multi-init.sh + - ./docker-data/postgres:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${POSTGRES_PASS:?database password required} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_DB: ${POSTGRES_USER} + POSTGRES_MULTIPLE_DATABASES: ${POSTGRES_MULTIPLE_DATABASES} + env_file: + - .env + networks: + - omukk-network + +networks: + omukk-network: + external: true diff --git a/gitea.docker-compose.yml b/gitea.docker-compose.yml new file mode 100644 index 0000000..56607e8 --- /dev/null +++ b/gitea.docker-compose.yml @@ -0,0 +1,42 @@ +services: + server: + image: docker.gitea.com/gitea:1.24.0 + container_name: gitea + environment: + - USER=git + - USER_UID=1000 + - USER_GID=1000 + + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=postgres:5432 + - GITEA__database__NAME=gitea + - GITEA__database__USER=${POSTGRES_USER} + - GITEA__database__PASSWD=${POSTGRES_PASS} + + - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY} + - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN} + + - GITEA__server__ROOT_URL=https://git.omukk.dev + - GITEA__server__LANDING_PAGE=login + + - GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true + - GITEA__oauth2_client__USERNAME=preferred_username + # - GITEA__service__ENABLE_BASIC_AUTHENTICATION=false + # - GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM=false + # - GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true + - GITEA__openid__ENABLE_OPENID_SIGNIN=false + restart: always + networks: + - omukk-network + volumes: + - ./docker-data/gitea:/data + - /home/git/.ssh/:/data/git/.ssh + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "7000:3000" + - "127.0.0.1:2222:22" + +networks: + omukk-network: + external: true \ No newline at end of file diff --git a/nginx-configs/docs.omukk.dev b/nginx-configs/docs.omukk.dev new file mode 100644 index 0000000..9c1cec1 --- /dev/null +++ b/nginx-configs/docs.omukk.dev @@ -0,0 +1,60 @@ +# Upstream where your outline server is hosted. +upstream outline { + server localhost:3000; + # Improve performance by keeping some connections alive. + keepalive 10; +} + +# Upgrade WebSocket if requested, otherwise use keepalive +map $http_upgrade $connection_upgrade_keepalive { + default upgrade; + '' ''; +} + +server { + listen 80; + listen [::]:80; + server_name docs.omukk.dev; + client_max_body_size 100M; + + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + location / { + proxy_pass http://outline; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade_keepalive; + } +} \ No newline at end of file diff --git a/nginx-configs/git.omukk.dev b/nginx-configs/git.omukk.dev new file mode 100644 index 0000000..e6a8539 --- /dev/null +++ b/nginx-configs/git.omukk.dev @@ -0,0 +1,48 @@ +server { + listen 80; + listen [::]:80; + server_name git.omukk.dev; + client_max_body_size 100M; + + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + location / { + client_max_body_size 512M; + proxy_pass http://localhost:7000; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} \ No newline at end of file diff --git a/nginx-configs/projects.omukk.dev b/nginx-configs/projects.omukk.dev new file mode 100644 index 0000000..81aaccc --- /dev/null +++ b/nginx-configs/projects.omukk.dev @@ -0,0 +1,53 @@ +upstream planka { + server localhost:1337; + keepalive 32; +} + +server { + listen 80; + listen [::]:80; + server_name projects.omukk.dev; + + access_log /var/log/nginx/planka-access.log; + error_log /var/log/nginx/planka-error.log error; + + # Make sure to allow socket.io connections + location ~* \.io { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + client_max_body_size 50M; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_body_timeout 60; + send_timeout 300; + lingering_timeout 5; + proxy_connect_timeout 1d; + proxy_send_timeout 1d; + proxy_read_timeout 1d; + proxy_pass http://planka; + } + + location / { + client_max_body_size 50M; + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + proxy_read_timeout 600s; + proxy_cache_revalidate on; + proxy_cache_min_uses 2; + proxy_cache_use_stale timeout; + proxy_cache_lock on; + proxy_http_version 1.1; + proxy_pass http://planka; + } +} \ No newline at end of file diff --git a/nginx-configs/sso.omukk.dev b/nginx-configs/sso.omukk.dev new file mode 100644 index 0000000..3512d0f --- /dev/null +++ b/nginx-configs/sso.omukk.dev @@ -0,0 +1,59 @@ +# Upstream where your authentik server is hosted. +upstream authentik { + server localhost:9000; + # Improve performance by keeping some connections alive. + keepalive 10; +} + +# Upgrade WebSocket if requested, otherwise use keepalive +map $http_upgrade $connection_upgrade_keepalive { + default upgrade; + '' ''; +} +server { + listen 80; + listen [::]:80; + server_name sso.omukk.dev; + client_max_body_size 100M; + + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + location / { + proxy_pass http://authentik; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade_keepalive; + } +} \ No newline at end of file diff --git a/outline.docker-compose.yml b/outline.docker-compose.yml new file mode 100644 index 0000000..12964d1 --- /dev/null +++ b/outline.docker-compose.yml @@ -0,0 +1,36 @@ +services: + outline: + image: docker.getoutline.com/outlinewiki/outline:latest + env_file: ./outline.env + expose: + - "3000" + ports: + - "3000:3000" + volumes: + - ./docker-data/outline/outline-data:/var/lib/outline/data + depends_on: + - outline-redis + networks: + - omukk-network + environment: + - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASS}@postgres:5432/outline + - SECRET_KEY=${OUTLINE_SECRET_KEY} + - UTILS_SECRET=${OUTLINE_UTILS_SECRET} + outline-redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ./docker-data/outline/redis:/data + networks: + - omukk-network + +networks: + omukk-network: + external: true \ No newline at end of file diff --git a/outline.env.example b/outline.env.example new file mode 100644 index 0000000..a082396 --- /dev/null +++ b/outline.env.example @@ -0,0 +1,255 @@ +NODE_ENV=production + +# This URL should point to the fully qualified, publicly accessible, URL. If using a +# proxy this will be the proxy's URL. +URL= + +# The port to expose the Outline server on, this should match what is configured +# in your docker-compose.yml +PORT=3000 + +# See [documentation](docs/SERVICES.md) on running a separate collaboration +# server, for normal operation this does not need to be set. +COLLABORATION_URL= + +# If using a Cloudfront/Cloudflare distribution or similar it can be set below. +# This will cause paths to javascript, stylesheets, and images to be updated to +# the hostname defined in CDN_URL. In your CDN configuration the origin server +# should be set to the same as URL. +CDN_URL= + +# How many processes should be spawned. As a reasonable rule divide your servers +# available memory by 512 for a rough estimate +WEB_CONCURRENCY=1 + +# Generate a hex-encoded 32-byte random key. Use `openssl rand -hex 32` in your +# terminal to generate a random value. +SECRET_KEY=generate_a_new_key + +# Generate a unique random key. The format is not important but you could still use +# `openssl rand -hex 32` in your terminal to generate a random value. +UTILS_SECRET=generate_a_new_key + +# The default interface language. See translate.getoutline.com for a list of +# available language codes and their rough percentage translated. +DEFAULT_LANGUAGE=en_US + + +# –––––––––––––––––––––––––––––––––––––– +# ––––––––––––– DATABASE ––––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# The database URL for your production database, including username, password, and database name. +DATABASE_URL=postgres://user:pass@postgres:5432/outline + +# The in-memory database pool per-process settings. Ensure that the pool size that will not exceed +# the maximum number of connections allowed by your database. Defaults to 0 and 5. +DATABASE_CONNECTION_POOL_MIN= +DATABASE_CONNECTION_POOL_MAX= + +# Uncomment this line if you will not use SSL for connecting to Postgres. This is acceptable +# if the database and the application are on the same machine. +# PGSSLMODE=disable + + +# –––––––––––––––––––––––––––––––––––––– +# –––––––––––––– REDIS ––––––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# The Redis URL for your environment you can either specify an ioredis compatible url or a Base64 +# encoded configuration object. +# DOCS: https://docs.getoutline.com/s/hosting/doc/redis-LGM4BFXYp4 +REDIS_URL=redis://outline-redis:6379 + + +# –––––––––––––––––––––––––––––––––––––– +# ––––––––––– FILE STORAGE ––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# Specify what storage system to use. Possible value is one of "s3" or "local". +# For "local" images and document attachments will be saved on local disk, for "s3" they +# will be stored in an S3-compatible network store. +# DOCS: https://docs.getoutline.com/s/hosting/doc/file-storage-N4M0T6Ypu7 +FILE_STORAGE=local + +# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under +# which all attachments/images are stored. Make sure that the process has permissions to +# create this path and also to write files to it. +FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data + +# Maximum allowed size for the uploaded attachment. +FILE_STORAGE_UPLOAD_MAX_SIZE=262144000 + +# Override the maximum size of document imports, generally this should be lower +# than the document attachment maximum size. +FILE_STORAGE_IMPORT_MAX_SIZE= + +# Override the maximum size of workspace imports, these can be especially large +# and the files are temporary being automatically deleted after a period of time. +FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE= + +# To support uploading of images for avatars and document attachments in a distributed +# architecture, an s3-compatible storage can be configured if FILE_STORAGE=s3 above. +AWS_ACCESS_KEY_ID=get_a_key_from_aws +AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key +AWS_REGION=xx-xxxx-x +AWS_S3_ACCELERATE_URL= +AWS_S3_UPLOAD_BUCKET_URL= +AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here +AWS_S3_FORCE_PATH_STYLE=true +AWS_S3_ACL=private + + +# –––––––––––––––––––––––––––––––––––––– +# –––––––––––––––– SSL ––––––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# Base64 encoded private key and certificate for HTTPS termination. This is one +# of three ways to configure SSL and can be left empty. +# DOCS: https://docs.getoutline.com/s/hosting/doc/ssl-pzk7WO8d1n +SSL_KEY= +SSL_CERT= + +# Auto-redirect to https in production. The default is true but you may set to +# false if you can be sure that SSL is terminated at an external loadbalancer. +FORCE_HTTPS=true + + +# –––––––––––––––––––––––––––––––––––––– +# –––––––––– AUTHENTICATION –––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# Third party signin credentials, at least ONE OF EITHER Google, Slack, +# Discord, or Microsoft is required for a working installation or you'll +# have no sign-in options. + +# Slack sign-in provider +# DOCS: https://docs.getoutline.com/s/hosting/doc/slack-sgMujR8J9J +SLACK_CLIENT_ID=get_a_key_from_slack +SLACK_CLIENT_SECRET=get_the_secret_of_above_key + +# Google sign-in provider +# DOCS: https://docs.getoutline.com/s/hosting/doc/google-hOuvtCmTqQ +GOOGLE_CLIENT_ID= +GOOGLE_CLIENT_SECRET= + +# Microsoft Entra / Azure AD sign-in provider +# DOCS: https://docs.getoutline.com/s/hosting/doc/microsoft-entra-UVz6jsIOcv +AZURE_CLIENT_ID= +AZURE_CLIENT_SECRET= +AZURE_RESOURCE_APP_ID= + +# Discord sign-in provider +# DOCS: https://docs.getoutline.com/s/hosting/doc/discord-g4JdWFFub6 +DISCORD_CLIENT_ID= +DISCORD_CLIENT_SECRET= +DISCORD_SERVER_ID= +DISCORD_SERVER_ROLES= + +# Generic OIDC provider +# DOCS: https://docs.getoutline.com/s/hosting/doc/oidc-8CPBm6uC0I +OIDC_CLIENT_ID= +OIDC_CLIENT_SECRET= +OIDC_AUTH_URI= +OIDC_TOKEN_URI= +OIDC_USERINFO_URI= +OIDC_LOGOUT_URI= + +# Specify which claims to derive user information from +# Supports any valid JSON path with the JWT payload +OIDC_USERNAME_CLAIM=preferred_username + +# Display name for OIDC authentication +OIDC_DISPLAY_NAME=authentik + +# Space separated auth scopes. +OIDC_SCOPES=openid profile email + + +# –––––––––––––––––––––––––––––––––––––– +# –––––––––––––– EMAIL ––––––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# To support sending outgoing transactional emails such as "document updated" or +# email sign-in you'll need to connect an SMTP server. Service can be configured +# with any service from this list: https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/ +# DOCS: https://docs.getoutline.com/s/hosting/doc/smtp-cqCJyZGMIB +SMTP_SERVICE= +SMTP_USERNAME= +SMTP_PASSWORD= +SMTP_FROM_EMAIL= + + +# –––––––––––––––––––––––––––––––––––––– +# –––––––––– RATE LIMITER –––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# Whether the rate limiter is enabled or not +RATE_LIMITER_ENABLED=true + +# Individual endpoints have hardcoded rate limits that are enabled +# with the above setting, however this is a global rate limiter +# across all requests +RATE_LIMITER_REQUESTS=1000 +RATE_LIMITER_DURATION_WINDOW=60 + + +# –––––––––––––––––––––––––––––––––––––– +# ––––––––––– INTEGRATIONS ––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# The GitHub integration allows previewing issue and pull request links +# DOCS: https://docs.getoutline.com/s/hosting/doc/github-GchT3NNxI9 +GITHUB_CLIENT_ID= +GITHUB_CLIENT_SECRET= +GITHUB_APP_NAME= +GITHUB_APP_ID= +GITHUB_APP_PRIVATE_KEY= + +# The Linear integration allows previewing issue links as rich mentions +LINEAR_CLIENT_ID= +LINEAR_CLIENT_SECRET= + +# For a complete Slack integration with search and posting to channels the +# following configs are also needed in addition to Slack authentication: +# DOCS: https://docs.getoutline.com/s/hosting/doc/slack-G2mc8DOJHk +SLACK_VERIFICATION_TOKEN=your_token +SLACK_APP_ID=A0XXXXXXX +SLACK_MESSAGE_ACTIONS=true + +# For Dropbox integration, follow these instructions to get the key https://www.dropbox.com/developers/embedder#setup +# and do not forget to whitelist your domain name in the app settings +DROPBOX_APP_KEY= + +# Optionally enable Sentry (sentry.io) to track errors and performance, +# DOCS: https://docs.getoutline.com/s/hosting/doc/sentry-jxcFttcDl5 +SENTRY_DSN= +SENTRY_TUNNEL= + +# Enable importing pages from a Notion workspace +# DOCS: https://docs.getoutline.com/s/hosting/doc/notion-2v6g7WY3l3 +NOTION_CLIENT_ID= +NOTION_CLIENT_SECRET= + +# The Iframely integration allows previews of third-party content within Outline. +# For example, hovering over an external link will show a preview. +# DOCS: https://docs.getoutline.com/s/hosting/doc/iframely-HwLF1EZ9mo +IFRAMELY_URL= +IFRAMELY_API_KEY= + + +# –––––––––––––––––––––––––––––––––––––– +# ––––––––––––– DEBUGGING –––––––––––– +# –––––––––––––––––––––––––––––––––––––– + +# Have the installation check for updates by sending anonymized statistics to +# the maintainers +ENABLE_UPDATES=true + +# Debugging categories to enable – you can remove the default "http" value if +# your proxy already logs incoming http requests and this ends up being duplicative +DEBUG=http + +# Configure lowest severity level for server logs. Should be one of +# error, warn, info, http, verbose, debug, or silly +LOG_LEVEL=info \ No newline at end of file diff --git a/planka.docker-compose.yml b/planka.docker-compose.yml new file mode 100644 index 0000000..8827b7b --- /dev/null +++ b/planka.docker-compose.yml @@ -0,0 +1,28 @@ +services: + planka: + image: ghcr.io/plankanban/planka:2.0.0-rc.3 + restart: on-failure + volumes: + - ./docker-data/planka/favicons:/app/public/favicons + - ./docker-data/planka/user-avatars:/app/public/user-avatars + - ./docker-data/planka/background-images:/app/public/background-images + - ./docker-data/planka/attachments:/app/private/attachments + ports: + - 1337:1337 + environment: + - BASE_URL=https://projects.omukk.dev + - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASS}@postgres:5432/planka + - SECRET_KEY=${PLANKA_SECRET_KEY} + - OIDC_ISSUER=https://sso.omukk.dev/application/o/projects/ + - OIDC_CLIENT_ID=${PLANKA_OIDC_CLIENT_ID} + - OIDC_CLIENT_SECRET=${PLANKA_OIDC_CLIENT_SECRET} + + - OIDC_SCOPES=openid email profile + - OIDC_ADMIN_ROLES=admin + - OIDC_ENFORCED=true + networks: + - omukk-network + +networks: + omukk-network: + external: true diff --git a/scripts/psql-multi-init.sh b/scripts/psql-multi-init.sh new file mode 100644 index 0000000..6098165 --- /dev/null +++ b/scripts/psql-multi-init.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -u + +function create_database() { + local database=$1 + echo " Creating database '$database'" + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_USER" <<-EOSQL + CREATE DATABASE $database; + GRANT ALL PRIVILEGES ON DATABASE $database TO $POSTGRES_USER; +EOSQL +} + +if [ -n "${POSTGRES_MULTIPLE_DATABASES:-}" ]; then + echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" + for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do + create_database $db + done + echo "Multiple databases created" +fi \ No newline at end of file