nassella/app
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improving ghost & nextcloud compose configs.

Browse Source
This commit is contained in:
Thomas Hintz
2025-12-08 06:58:02 -08:00
parent 179373f04a
commit 73d6d28c69
5 changed files with 105 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
all-apps/ghost/.compose-env Normal file
View File

@@ -0,0 +1,61 @@
# Use the below flags to enable the Analytics or ActivityPub containers as well
# COMPOSE_PROFILES=analytics,activitypub
# Ghost domain
# Custom public domain Ghost will run on
GHOST_DOMAIN=www.nassella.cc
# Ghost Admin domain
# If you have Ghost Admin setup on a separate domain uncomment the line below and add the domain
# You also need to uncomment the corresponding block in your Caddyfile
# ADMIN_DOMAIN=
# Database settings
# All database settings must not be changed once the database is initialised
GHOST_DATABASE_ROOT_PASSWORD=reallysecurerootpassword
# DATABASE_USER=optionalusername
GHOST_DATABASE_PASSWORD=ghostpassword
# ActivityPub
# If you'd prefer to self-host ActivityPub yourself uncomment the line below
# ACTIVITYPUB_TARGET=activitypub:8080
# Tinybird configuration
# If you want to run Analytics, paste the output from `docker compose run --rm tinybird-login get-tokens` below
# TINYBIRD_API_URL=https://api.tinybird.co
# TINYBIRD_TRACKER_TOKEN=p.eyJxxxxx
# TINYBIRD_ADMIN_TOKEN=p.eyJxxxxx
# TINYBIRD_WORKSPACE_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# Ghost configuration (https://ghost.org/docs/config/)
# SMTP Email (https://ghost.org/docs/config/#mail)
# Transactional email is required for logins, account creation (staff invites), password resets and other features
# This is not related to bulk mail / newsletter sending
mail__transport=SMTP
mail__options__host=imap.fastmail.com
mail__options__port=993
mail__options__secure=true
mail__options__auth__user=t@thintz.com
mail__options__auth__pass=5n6y9g6s9r6g3b6l
mail__from="'Thomas Hintz' <t@thintz.com>"
# Advanced customizations
# Force Ghost version
# You should only do this if you need to pin a specific version
# The update commands won't work
# GHOST_VERSION=6-alpine
# Port Ghost should listen on
# You should only need to edit this if you want to host
# multiple sites on the same server
# GHOST_PORT=2368
# Data locations
# Location to store uploaded data
# GHOST_UPLOAD_LOCATION=./data/ghost
# Location for database data
# GHOST_MYSQL_DATA_LOCATION=./data/mysql
# NEWLINE REQUIRED AT END OF FILE

32
all-apps/ghost/docker-compose.yaml
View File

@@ -18,17 +18,17 @@ services:
tinybird__tracker__datasource: analytics_events
tinybird__stats__endpoint: ${GHOST_TINYBIRD_API_URL:-https://api.tinybird.co}
volumes:
- ${GHOST_UPLOAD_LOCATION:-./data/ghost}:/var/lib/ghost/content
- /nassella/ghost/var-lib-ghost-content:/var/lib/ghost/content
depends_on:
ghost_db:
condition: service_healthy
tinybird-sync:
ghost_tinybird-sync:
condition: service_completed_successfully
required: false
tinybird-deploy:
ghost_tinybird-deploy:
condition: service_completed_successfully
required: false
activitypub:
ghost_activitypub:
condition: service_started
required: false
networks:
@@ -47,7 +47,7 @@ services:
MYSQL_DATABASE: ghost
MYSQL_MULTIPLE_DATABASES: activitypub
volumes:
- ${GHOST_MYSQL_DATA_LOCATION:-./data/mysql}:/var/lib/mysql
- /nassella/ghost/var-lib-mysql:/var/lib/mysql
- ./mysql-init:/docker-entrypoint-initdb.d
healthcheck:
test: mysqladmin ping -p$$GHOST_MYSQL_ROOT_PASSWORD -h 127.0.0.1
@@ -58,7 +58,7 @@ services:
networks:
- ghost_network
traffic-analytics:
ghost_traffic-analytics:
image: ghost/traffic-analytics:1.0.20@sha256:a72573d89457e778b00e9061422516d2d266d79a72a0fc02005ba6466e391859
restart: always
expose:
@@ -76,13 +76,13 @@ services:
networks:
- ghost_network
activitypub:
ghost_activitypub:
image: ghcr.io/tryghost/activitypub:1.1.0@sha256:39c212fe23603b182d68e67d555c6b9b04b1e57459dfc0bef26d6e4980eb04d1
restart: always
expose:
- "8080"
volumes:
- ${GHOST_UPLOAD_LOCATION:-./data/ghost}:/opt/activitypub/content
- /nassella/ghost/var-lib-ghost-content:/opt/activitypub/content
environment:
# See https://github.com/TryGhost/ActivityPub/blob/main/docs/env-vars.md
NODE_ENV: production
@@ -95,7 +95,7 @@ services:
depends_on:
ghost_db:
condition: service_healthy
activitypub-migrate:
ghost_activitypub-migrate:
condition: service_completed_successfully
profiles: [activitypub]
networks:
@@ -103,7 +103,7 @@ services:
# Supporting Services
tinybird-login:
ghost_tinybird-login:
build:
context: ./tinybird
dockerfile: Dockerfile
@@ -118,7 +118,7 @@ services:
tty: false
restart: no
tinybird-sync:
ghost_tinybird-sync:
# Do not alter this without updating the Ghost container as well
image: ghost:${GHOST_VERSION:-6-alpine}
command: >
@@ -134,14 +134,14 @@ services:
volumes:
- tinybird_files:/data/tinybird
depends_on:
tinybird-login:
ghost_tinybird-login:
condition: service_completed_successfully
networks:
- ghost_network
profiles: [analytics]
restart: no
tinybird-deploy:
ghost_tinybird-deploy:
build:
context: ./tinybird
dockerfile: Dockerfile
@@ -154,14 +154,14 @@ services:
- tinybird_home:/home/tinybird
- tinybird_files:/data/tinybird
depends_on:
tinybird-sync:
ghost_tinybird-sync:
condition: service_completed_successfully
profiles: [analytics]
networks:
- ghost_network
tty: true
activitypub-migrate:
ghost_activitypub-migrate:
image: ghcr.io/tryghost/activitypub-migrations:1.1.0@sha256:b3ab20f55d66eb79090130ff91b57fe93f8a4254b446c2c7fa4507535f503662
environment:
MYSQL_DB: mysql://${GHOST_DATABASE_USER:-ghost}:${GHOST_DATABASE_PASSWORD:?GHOST_DATABASE_PASSWORD environment variable is required}@tcp(ghost_db:3306)/activitypub
@@ -174,8 +174,6 @@ services:
restart: no
volumes:
caddy_data:
caddy_config:
tinybird_files:
tinybird_home:
traffic_analytics_data:

57
all-apps/nextcloud/docker-compose.yaml
View File

@@ -5,17 +5,17 @@ secrets:
file: ./nextcloud/nextcloud_admin_password
nextcloud_admin_user:
file: ./nextcloud/nextcloud_admin_user
postgres_db:
nextcloud_postgres_db:
file: ./nextcloud/postgres_db
postgres_password:
nextcloud_postgres_password:
file: ./nextcloud/postgres_password
postgres_user:
nextcloud_postgres_user:
file: ./nextcloud/postgres_user
redis_password:
nextcloud_redis_password:
file: ./nextcloud/redis_password
services:
db:
nextcloud_db:
image: postgres:17.6-trixie
env_file:
- ./nextcloud/nextcloud.env
@@ -23,12 +23,8 @@ services:
restart: always
volumes:
- /nassella/nextcloud/var-lib-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
networks:
- internal
- nextcloud_internal
healthcheck:
test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
start_period: 15s
@@ -36,58 +32,49 @@ services:
retries: 3
timeout: 5s
secrets:
- postgres_db
- postgres_password
- postgres_user
redis:
- nextcloud_postgres_db
- nextcloud_postgres_password
- nextcloud_postgres_user
nextcloud_redis:
image: redis:8.2.1-bookworm
env_file:
- ./nextcloud/nextcloud.env
command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/redis_password)"'
command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/nextcloud_redis_password)"'
secrets:
- redis_password
- nextcloud_redis_password
restart: always
healthcheck:
test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/redis_password)\" ping | grep PONG"]
test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/nextcloud_redis_password)\" ping | grep PONG"]
start_period: 10s
interval: 30s
retries: 3
timeout: 3s
networks:
- internal
- nextcloud_internal
nextcloud:
image: nextcloud:31.0.8-apache
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=dbpassword
- NEXTCLOUD_ADMIN_PASSWORD=password
- NEXTCLOUD_ADMIN_USER=admin
- REDIS_HOST=redis
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.nassella.cc # TODO generate this?
depends_on:
redis:
nextcloud_redis:
condition: service_healthy
db:
nextcloud_db:
condition: service_healthy
env_file:
- ./nextcloud/nextcloud.env
secrets:
- postgres_db
- postgres_password
- postgres_user
- nextcloud_postgres_db
- nextcloud_postgres_password
- nextcloud_postgres_user
- nextcloud_admin_user
- nextcloud_admin_password
- redis_password
- nextcloud_redis_password
networks:
- lb
- internal
- nextcloud_internal
volumes:
- /nassella/nextcloud/var-www-html:/var/www/html
restart: unless-stopped
networks:
lb:
internal:
nextcloud_internal:
driver: bridge
internal: true

12
all-apps/nextcloud/nextcloud.env.tmpl
View File

@@ -7,13 +7,13 @@ OVERWRITEPROTOCOL=https
TRUSTED_PROXIES=172.16.0.0/24 # trust the local lb
PHP_MEMORY_LIMIT=1G
PHP_UPLOAD_LIMIT=10G
POSTGRES_HOST=db
POSTGRES_DB_FILE=/run/secrets/postgres_db
POSTGRES_USER_FILE=/run/secrets/postgres_user
POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
POSTGRES_HOST=nextcloud_db
POSTGRES_DB_FILE=/run/secrets/nextcloud_postgres_db
POSTGRES_USER_FILE=/run/secrets/nextcloud_postgres_user
POSTGRES_PASSWORD_FILE=/run/secrets/nextcloud_postgres_password
# admin user
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user
# redis
REDIS_HOST=redis
REDIS_HOST_PASSWORD_FILE=/run/secrets/redis_password
REDIS_HOST=nextcloud_redis
REDIS_HOST_PASSWORD_FILE=/run/secrets/nextcloud_redis_password

1
make-nextcloud-env.sh
View File

@@ -20,5 +20,6 @@ for config_string in ${APP_CONFIGS[@]}; do
fi
done
# write container env file
echo "DOMAIN=\"$nextcloud_subdomain.$ROOT_DOMAIN\"" > all-apps/nextcloud/nextcloud.env
cat all-apps/nextcloud/nextcloud.env.tmpl >> all-apps/nextcloud/nextcloud.env