Init

docker-containers/gitea/docker-compose.yml

@@ -0,0 +1,48 @@
+version: "3"
+
+services:
+  db:
+    image: postgres:14
+    restart: always
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_DB=gitea
+    networks:
+      - gitea
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+
+  server:
+    image: gitea/gitea:1.17.3
+    container_name: gitea
+    environment:
+      - USER_UID=1002  # git
+      - USER_GID=999   # docker
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=gitea
+      - GITEA__security__SECRET_KEY=UVtqmCdTmLwgprrhXiLOOjTENkR1VXhmWCvJ9kwYBp545oGXFJ1Gakz3hk13dtIp
+      - GITEA__security__INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2Njc2ODY4NjZ9.So-OnzTxFU-Ps6jfad9rEZPGNnNBmbcF_wHhjsjF_0g
+      - VIRTUAL_HOST=git.cttue.de
+      - VIRTUAL_PORT=3000
+      - LETSENCRYPT_HOST=git.cttue.de
+    restart: always
+    networks:
+      - cttue_web_services
+      - gitea
+    ports:
+      - 127.0.0.1:2222:22
+    volumes:
+      - ./gitea-data:/data
+      - /home/git/.ssh/:/data/git/.ssh
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+
+networks:
+  cttue_web_services:
+    external: true
+  gitea:

docker-containers/keycloak/docker-compose.yml

@@ -0,0 +1,46 @@
+version: '3.9'
+
+services:
+  keycloak_db:
+    image: postgres:14.5
+    restart: always
+    environment:
+      - POSTGRES_DB=keycloak
+      - POSTGRES_USER=keycloak
+      - POSTGRES_PASSWORD=keycloak
+    volumes:
+      - ./postgres_data:/var/lib/postgresql/data
+    networks:
+      - local-keycloak
+
+  keycloak:
+    build:
+      context: ./build
+    depends_on:
+      - keycloak_db
+    environment:
+      - KC_HEALTH_ENABLED=true
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak_db:5432/keycloak
+      - KC_DB_URL_DATABASE=keycloak
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD=keycloak
+      - KC_PROXY_ADDRESS_FORWARDING=true
+      - KC_HOSTNAME=auth.cttue.de
+      - KC_HOSTNAME_STRICT_HTTPS=false
+      - KC_PROXY=edge
+      - KC_HTTP_ENABLED=true
+      - KC_HOSTNAME_STRICT=false
+      - VIRTUAL_HOST=auth.cttue.de
+      - VIRTUAL_PORT=8080
+      - LETSENCRYPT_HOST=auth.cttue.de
+    restart: always
+    networks:
+      - local-keycloak
+      - cttue_web_services
+
+networks:
+  cttue_web_services:
+    external: true
+  local-keycloak:
+

docker-containers/nextcloud/config.php

@@ -0,0 +1,23 @@
+'allow_user_to_change_display_name' => false,
+'lost_password_link' => 'disabled',
+'oidc_login_button_text' => 'Continue with Chaostreff Tübingen SSO',
+'oidc_login_use_id_token' => false,
+'oidc_login_redir_fallback'       => true,
+'oidc_login_provider_url'         => 'https://auth.cttue.de/realms/cttue',
+'oidc_login_client_id'            => 'nextcloud',
+'oidc_login_client_secret'        => 'oUZYWWLTVsRy0cmONdvXy3DV3dVAxpME',
+'oidc_login_auto_redirect'        => false,
+'oidc_login_hide_password_form'   => true,
+'oidc_login_scope'                => 'openid profile',
+'oidc_login_logout_url'           => 'https://auth.cttue.de/realms/cttue/protocol/openid-connect/logout',
+'oidc_login_disable_registration' => false,
+'oidc_login_proxy_ldap'           => false,
+'oidc_login_attributes'           => [
+  'ldap_uid' => 'ldap_uid',
+  'id'       => 'sub',
+  'name'     => 'name',
+  'mail'     => 'email',
+  'groups'   => 'groups',
+],
+
+

docker-containers/nextcloud/docker-compose.yml

@@ -0,0 +1,44 @@
+version: '3'
+services:
+  nc_db:
+    image: mariadb
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    environment:
+      - MYSQL_ROOT_PASSWORD=nextcloud
+      - MYSQL_PASSWORD=nextcloud
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+    volumes:
+      - ./database:/var/lib/mysql
+    networks:
+      backend:
+
+  app:
+    image: nextcloud
+    restart: always
+    environment:
+      - MYSQL_PASSWORD=nextcloud
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=nc_db
+      - OVERWRITEPROTOCOL=https
+      - OVERWRITEHOST=cloud.cttue.de
+      - PHP_UPLOAD_LIMIT=50M
+      - VIRTUAL_HOST=cloud.cttue.de
+      - VIRTUAL_PORT=80
+      - LETSENCRYPT_HOST=cloud.cttue.de
+    volumes:
+      - ./nextcloud-data:/var/www/html:z
+    networks:
+      cttue_web_services:
+      backend:
+    depends_on:
+      - nc_db
+
+networks:
+  cttue_web_services:
+    external: true
+  # Internal network for communication with MySQL
+  backend:
+

docker-containers/nginx-proxy/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "2"
+
+services:
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./conf:/etc/nginx/conf.d
+      - ./certs:/etc/nginx/certs
+      - ./vhost:/etc/nginx/vhost.d
+      - ./html:/usr/share/nginx/html
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    networks:
+      cttue_web_services:
+
+  nginx-proxy-acme:
+    image: nginxproxy/acme-companion
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - ./certs:/etc/nginx/certs:rw
+      - ./acme:/etc/acme.sh
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - DEFAULT_EMAIL=codingmarco@gmail.com
+    networks:
+      cttue_web_services:
+
+networks:
+  cttue_web_services:
+    external: true
+

docker-containers/pad/docker-compose.yml

@@ -0,0 +1,39 @@
+version: '3'
+
+services:
+  database:
+    image: postgres:13.4-alpine
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=hedgedoc
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - ./database:/var/lib/postgresql/data
+    networks:
+      cttue_web_services:
+    restart: always
+
+  app:
+    image: quay.io/hedgedoc/hedgedoc:1.9.4
+    environment:
+      - CMD_DB_URL=postgres://hedgedoc:hedgedoc@database:5432/hedgedoc
+      - CMD_DOMAIN=pad.cttue.de
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_ALLOW_PDF_EXPORT=true
+      - CMD_ALLOW_FREEURL=true
+      - CMD_SESSION_SECRET=9yonH247cLTXEqDv9JTGEygBCxk7fHXfYY2ckkhY7n0KPEuzRJ6yfmcUNBVcEJQI
+      # nginx-proxy stuff
+      - VIRTUAL_HOST=pad.cttue.de
+      - VIRTUAL_PORT=3000
+      - LETSENCRYPT_HOST=pad.cttue.de
+    volumes:
+      - ./uploads:/hedgedoc/public/uploads
+    networks:
+      cttue_web_services:
+    restart: always
+    depends_on:
+      - database
+
+networks:
+  cttue_web_services:
+    external: true