diff --git a/all-apps/ghost/.compose-env b/all-apps/ghost/.compose-env new file mode 100644 index 0000000..b9b9999 --- /dev/null +++ b/all-apps/ghost/.compose-env @@ -0,0 +1,61 @@ +# Use the below flags to enable the Analytics or ActivityPub containers as well +# COMPOSE_PROFILES=analytics,activitypub + +# Ghost domain +# Custom public domain Ghost will run on +GHOST_DOMAIN=www.nassella.cc + +# Ghost Admin domain +# If you have Ghost Admin setup on a separate domain uncomment the line below and add the domain +# You also need to uncomment the corresponding block in your Caddyfile +# ADMIN_DOMAIN= + +# Database settings +# All database settings must not be changed once the database is initialised +GHOST_DATABASE_ROOT_PASSWORD=reallysecurerootpassword +# DATABASE_USER=optionalusername +GHOST_DATABASE_PASSWORD=ghostpassword + +# ActivityPub +# If you'd prefer to self-host ActivityPub yourself uncomment the line below +# ACTIVITYPUB_TARGET=activitypub:8080 + +# Tinybird configuration +# If you want to run Analytics, paste the output from `docker compose run --rm tinybird-login get-tokens` below +# TINYBIRD_API_URL=https://api.tinybird.co +# TINYBIRD_TRACKER_TOKEN=p.eyJxxxxx +# TINYBIRD_ADMIN_TOKEN=p.eyJxxxxx +# TINYBIRD_WORKSPACE_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + +# Ghost configuration (https://ghost.org/docs/config/) + +# SMTP Email (https://ghost.org/docs/config/#mail) +# Transactional email is required for logins, account creation (staff invites), password resets and other features +# This is not related to bulk mail / newsletter sending +mail__transport=SMTP +mail__options__host=imap.fastmail.com +mail__options__port=993 +mail__options__secure=true +mail__options__auth__user=t@thintz.com +mail__options__auth__pass=5n6y9g6s9r6g3b6l +mail__from="'Thomas Hintz' " + +# Advanced customizations + +# Force Ghost version +# You should only do this if you need to pin a specific version +# The update commands won't work +# GHOST_VERSION=6-alpine + +# Port Ghost should listen on +# You should only need to edit this if you want to host +# multiple sites on the same server +# GHOST_PORT=2368 + +# Data locations +# Location to store uploaded data +# GHOST_UPLOAD_LOCATION=./data/ghost + +# Location for database data +# GHOST_MYSQL_DATA_LOCATION=./data/mysql +# NEWLINE REQUIRED AT END OF FILE diff --git a/all-apps/ghost/docker-compose.yaml b/all-apps/ghost/docker-compose.yaml index a0091fd..de0f16a 100644 --- a/all-apps/ghost/docker-compose.yaml +++ b/all-apps/ghost/docker-compose.yaml @@ -18,17 +18,17 @@ services: tinybird__tracker__datasource: analytics_events tinybird__stats__endpoint: ${GHOST_TINYBIRD_API_URL:-https://api.tinybird.co} volumes: - - ${GHOST_UPLOAD_LOCATION:-./data/ghost}:/var/lib/ghost/content + - /nassella/ghost/var-lib-ghost-content:/var/lib/ghost/content depends_on: ghost_db: condition: service_healthy - tinybird-sync: + ghost_tinybird-sync: condition: service_completed_successfully required: false - tinybird-deploy: + ghost_tinybird-deploy: condition: service_completed_successfully required: false - activitypub: + ghost_activitypub: condition: service_started required: false networks: @@ -47,7 +47,7 @@ services: MYSQL_DATABASE: ghost MYSQL_MULTIPLE_DATABASES: activitypub volumes: - - ${GHOST_MYSQL_DATA_LOCATION:-./data/mysql}:/var/lib/mysql + - /nassella/ghost/var-lib-mysql:/var/lib/mysql - ./mysql-init:/docker-entrypoint-initdb.d healthcheck: test: mysqladmin ping -p$$GHOST_MYSQL_ROOT_PASSWORD -h 127.0.0.1 @@ -58,7 +58,7 @@ services: networks: - ghost_network - traffic-analytics: + ghost_traffic-analytics: image: ghost/traffic-analytics:1.0.20@sha256:a72573d89457e778b00e9061422516d2d266d79a72a0fc02005ba6466e391859 restart: always expose: @@ -76,13 +76,13 @@ services: networks: - ghost_network - activitypub: + ghost_activitypub: image: ghcr.io/tryghost/activitypub:1.1.0@sha256:39c212fe23603b182d68e67d555c6b9b04b1e57459dfc0bef26d6e4980eb04d1 restart: always expose: - "8080" volumes: - - ${GHOST_UPLOAD_LOCATION:-./data/ghost}:/opt/activitypub/content + - /nassella/ghost/var-lib-ghost-content:/opt/activitypub/content environment: # See https://github.com/TryGhost/ActivityPub/blob/main/docs/env-vars.md NODE_ENV: production @@ -95,7 +95,7 @@ services: depends_on: ghost_db: condition: service_healthy - activitypub-migrate: + ghost_activitypub-migrate: condition: service_completed_successfully profiles: [activitypub] networks: @@ -103,7 +103,7 @@ services: # Supporting Services - tinybird-login: + ghost_tinybird-login: build: context: ./tinybird dockerfile: Dockerfile @@ -118,7 +118,7 @@ services: tty: false restart: no - tinybird-sync: + ghost_tinybird-sync: # Do not alter this without updating the Ghost container as well image: ghost:${GHOST_VERSION:-6-alpine} command: > @@ -134,14 +134,14 @@ services: volumes: - tinybird_files:/data/tinybird depends_on: - tinybird-login: + ghost_tinybird-login: condition: service_completed_successfully networks: - ghost_network profiles: [analytics] restart: no - tinybird-deploy: + ghost_tinybird-deploy: build: context: ./tinybird dockerfile: Dockerfile @@ -154,14 +154,14 @@ services: - tinybird_home:/home/tinybird - tinybird_files:/data/tinybird depends_on: - tinybird-sync: + ghost_tinybird-sync: condition: service_completed_successfully profiles: [analytics] networks: - ghost_network tty: true - activitypub-migrate: + ghost_activitypub-migrate: image: ghcr.io/tryghost/activitypub-migrations:1.1.0@sha256:b3ab20f55d66eb79090130ff91b57fe93f8a4254b446c2c7fa4507535f503662 environment: MYSQL_DB: mysql://${GHOST_DATABASE_USER:-ghost}:${GHOST_DATABASE_PASSWORD:?GHOST_DATABASE_PASSWORD environment variable is required}@tcp(ghost_db:3306)/activitypub @@ -174,8 +174,6 @@ services: restart: no volumes: - caddy_data: - caddy_config: tinybird_files: tinybird_home: traffic_analytics_data: diff --git a/all-apps/nextcloud/docker-compose.yaml b/all-apps/nextcloud/docker-compose.yaml index c360834..638c88c 100644 --- a/all-apps/nextcloud/docker-compose.yaml +++ b/all-apps/nextcloud/docker-compose.yaml @@ -5,17 +5,17 @@ secrets: file: ./nextcloud/nextcloud_admin_password nextcloud_admin_user: file: ./nextcloud/nextcloud_admin_user - postgres_db: + nextcloud_postgres_db: file: ./nextcloud/postgres_db - postgres_password: + nextcloud_postgres_password: file: ./nextcloud/postgres_password - postgres_user: + nextcloud_postgres_user: file: ./nextcloud/postgres_user - redis_password: + nextcloud_redis_password: file: ./nextcloud/redis_password services: - db: + nextcloud_db: image: postgres:17.6-trixie env_file: - ./nextcloud/nextcloud.env @@ -23,12 +23,8 @@ services: restart: always volumes: - /nassella/nextcloud/var-lib-postgresql-data:/var/lib/postgresql/data - environment: - - POSTGRES_DB_FILE=/run/secrets/postgres_db - - POSTGRES_USER_FILE=/run/secrets/postgres_user - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password networks: - - internal + - nextcloud_internal healthcheck: test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"] start_period: 15s @@ -36,58 +32,49 @@ services: retries: 3 timeout: 5s secrets: - - postgres_db - - postgres_password - - postgres_user - redis: + - nextcloud_postgres_db + - nextcloud_postgres_password + - nextcloud_postgres_user + nextcloud_redis: image: redis:8.2.1-bookworm env_file: - ./nextcloud/nextcloud.env - command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/redis_password)"' + command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/nextcloud_redis_password)"' secrets: - - redis_password + - nextcloud_redis_password restart: always healthcheck: - test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/redis_password)\" ping | grep PONG"] + test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/nextcloud_redis_password)\" ping | grep PONG"] start_period: 10s interval: 30s retries: 3 timeout: 3s networks: - - internal + - nextcloud_internal nextcloud: image: nextcloud:31.0.8-apache - environment: - - POSTGRES_HOST=db - - POSTGRES_DB=nextcloud - - POSTGRES_USER=nextcloud - - POSTGRES_PASSWORD=dbpassword - - NEXTCLOUD_ADMIN_PASSWORD=password - - NEXTCLOUD_ADMIN_USER=admin - - REDIS_HOST=redis - - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.nassella.cc # TODO generate this? depends_on: - redis: + nextcloud_redis: condition: service_healthy - db: + nextcloud_db: condition: service_healthy env_file: - ./nextcloud/nextcloud.env secrets: - - postgres_db - - postgres_password - - postgres_user + - nextcloud_postgres_db + - nextcloud_postgres_password + - nextcloud_postgres_user - nextcloud_admin_user - nextcloud_admin_password - - redis_password + - nextcloud_redis_password networks: - lb - - internal + - nextcloud_internal volumes: - /nassella/nextcloud/var-www-html:/var/www/html restart: unless-stopped networks: lb: - internal: + nextcloud_internal: driver: bridge internal: true diff --git a/all-apps/nextcloud/nextcloud.env.tmpl b/all-apps/nextcloud/nextcloud.env.tmpl index 6abc6d8..93c6c12 100644 --- a/all-apps/nextcloud/nextcloud.env.tmpl +++ b/all-apps/nextcloud/nextcloud.env.tmpl @@ -7,13 +7,13 @@ OVERWRITEPROTOCOL=https TRUSTED_PROXIES=172.16.0.0/24 # trust the local lb PHP_MEMORY_LIMIT=1G PHP_UPLOAD_LIMIT=10G -POSTGRES_HOST=db -POSTGRES_DB_FILE=/run/secrets/postgres_db -POSTGRES_USER_FILE=/run/secrets/postgres_user -POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password +POSTGRES_HOST=nextcloud_db +POSTGRES_DB_FILE=/run/secrets/nextcloud_postgres_db +POSTGRES_USER_FILE=/run/secrets/nextcloud_postgres_user +POSTGRES_PASSWORD_FILE=/run/secrets/nextcloud_postgres_password # admin user NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user # redis -REDIS_HOST=redis -REDIS_HOST_PASSWORD_FILE=/run/secrets/redis_password \ No newline at end of file +REDIS_HOST=nextcloud_redis +REDIS_HOST_PASSWORD_FILE=/run/secrets/nextcloud_redis_password \ No newline at end of file diff --git a/make-nextcloud-env.sh b/make-nextcloud-env.sh index c9396ee..a6f7617 100755 --- a/make-nextcloud-env.sh +++ b/make-nextcloud-env.sh @@ -20,5 +20,6 @@ for config_string in ${APP_CONFIGS[@]}; do fi done +# write container env file echo "DOMAIN=\"$nextcloud_subdomain.$ROOT_DOMAIN\"" > all-apps/nextcloud/nextcloud.env cat all-apps/nextcloud/nextcloud.env.tmpl >> all-apps/nextcloud/nextcloud.env