From 7710eebe51e6312979ef0a26d6a5cd5c568eaf56 Mon Sep 17 00:00:00 2001 From: EdyTheCow Date: Fri, 19 Apr 2024 15:00:49 +0200 Subject: [PATCH] add ente server tools --- .../ente-server-tools-docker-image.yml | 36 ++++++++++++ _base/compose/.env | 5 ++ _base/compose/docker-compose.yml | 23 ++++++++ _base/data/traefik/acme.json | 0 _base/data/traefik/logs/.gitkeep | 0 _base/data/traefik/traefik.toml | 35 ++++++++++++ ente-server-tools/Dockerfile | 11 ++++ ente-server/compose/.env | 54 ++++++++++++++++++ ente-server/compose/docker-compose.yml | 56 +++++++++++++++++++ ente-server/data/museum/credentials.yaml | 28 ++++++++++ ente-server/data/museum/data/.gitkeep | 0 ente-server/data/museum/logs/.gitkeep | 0 ente-server/data/museum/museum.yml | 0 ente-server/data/postgres/.gitkeep | 0 14 files changed, 248 insertions(+) create mode 100644 .github/workflows/ente-server-tools-docker-image.yml create mode 100644 _base/compose/.env create mode 100644 _base/compose/docker-compose.yml create mode 100644 _base/data/traefik/acme.json create mode 100644 _base/data/traefik/logs/.gitkeep create mode 100644 _base/data/traefik/traefik.toml create mode 100644 ente-server-tools/Dockerfile create mode 100644 ente-server/compose/.env create mode 100644 ente-server/compose/docker-compose.yml create mode 100644 ente-server/data/museum/credentials.yaml create mode 100644 ente-server/data/museum/data/.gitkeep create mode 100644 ente-server/data/museum/logs/.gitkeep create mode 100644 ente-server/data/museum/museum.yml create mode 100644 ente-server/data/postgres/.gitkeep diff --git a/.github/workflows/ente-server-tools-docker-image.yml b/.github/workflows/ente-server-tools-docker-image.yml new file mode 100644 index 0000000..4460725 --- /dev/null +++ b/.github/workflows/ente-server-tools-docker-image.yml @@ -0,0 +1,36 @@ +name: Build and Publish + +on: + push: + branches: [master] + pull_request: + +jobs: + build-and-push-docker-image: + name: Build Docker image and push + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to Github Packages + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build image and push to GitHub Container Registry + uses: docker/build-push-action@v2 + with: + context: ente-server-tools/. + tags: ghcr.io/edythecow/ente-server-tools:latest + push: ${{ github.ref == 'refs/heads/master' }} + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/_base/compose/.env b/_base/compose/.env new file mode 100644 index 0000000..47310cc --- /dev/null +++ b/_base/compose/.env @@ -0,0 +1,5 @@ +# Prefix for container names when docker compose is started +COMPOSE_PROJECT_NAME=ente + +# Directory for storing containers data +DATA_DIR=../data diff --git a/_base/compose/docker-compose.yml b/_base/compose/docker-compose.yml new file mode 100644 index 0000000..c176d72 --- /dev/null +++ b/_base/compose/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3' + +networks: + ente: + external: true + +services: + + traefik: + image: traefik:v3.0 + restart: always + env_file: + - .env + ports: + - "80:80" + - "443:443" + networks: + - ente + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${DATA_DIR}/traefik/traefik.toml:/etc/traefik/traefik.toml + - ${DATA_DIR}/traefik/acme.json:/acme.json + - ${DATA_DIR}/traefik/logs:/logs diff --git a/_base/data/traefik/acme.json b/_base/data/traefik/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/_base/data/traefik/logs/.gitkeep b/_base/data/traefik/logs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/_base/data/traefik/traefik.toml b/_base/data/traefik/traefik.toml new file mode 100644 index 0000000..c9c609e --- /dev/null +++ b/_base/data/traefik/traefik.toml @@ -0,0 +1,35 @@ +[global] + checkNewVersion = false + sendAnonymousUsage = false + +[log] + level = "INFO" + +[entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.http] + [entryPoints.web.http.redirections] + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + scheme = "https" + + [entryPoints.websecure] + address = ":443" + +[providers.docker] + exposedbydefault = false + +[certificatesResolvers.cloudflare.acme] + email = "admin@example.com" + [certificatesResolvers.cloudflare.acme.dnsChallenge] + provider = "cloudflare" + delayBeforeCheck = 0 + +[certificatesResolvers.letsencrypt.acme] + email = "admin@example.com" + storage = "acme.json" + [certificatesResolvers.letsencrypt.acme.httpChallenge] + entryPoint = "web" + diff --git a/ente-server-tools/Dockerfile b/ente-server-tools/Dockerfile new file mode 100644 index 0000000..ae3cabe --- /dev/null +++ b/ente-server-tools/Dockerfile @@ -0,0 +1,11 @@ +FROM golang:1.20-alpine3.17 + +RUN apk add --no-cache gcc musl-dev git libsodium-dev + +WORKDIR /etc/ + +RUN git clone https://github.com/ente-io/ente.git && mv ente/server /etc/server && rm -r /etc/ente + +WORKDIR /etc/server/ + +RUN go mod download diff --git a/ente-server/compose/.env b/ente-server/compose/.env new file mode 100644 index 0000000..2a9e90b --- /dev/null +++ b/ente-server/compose/.env @@ -0,0 +1,54 @@ +### +# DOCKER COMPOSE ENTE-SELFHOST SPECIFIC VARIABLES +# These variables are unofficial variables used by Traefik and Docker Compose +### + +# Prefix for container names when docker compose is started +COMPOSE_PROJECT_NAME=ente + +# Directory for storing containers data +DATA_DIR=../data + +# Endpoint domain for ente server, DO NOT include https:// here. +# This is used by Traefik to generate certificates and route traffic +DOMAIN_MUSEUM=api.your-domain.com + + +### +# OFFICIAL ENTE-SERVER ENVIRONMENT VARIABLES +# These variables are provided by Ente server +# Used to override config file values so we have everything in one place +# Full config: https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml +### + +# First time setup for account if SMTP isn't working +#ENTE_INTERNAL_HARDCODED-OTT_LOCAL-DOMAIN-SUFFIX=@example.com +#ENTE_INTERNAL_HARDCODED-OTT_LOCAL-DOMAIN-VALUE=123456 + +#ENTE_HTTP_USE-TLS=false +#ENTE_APPS_PUBLIC-ALBUMS=https://albums.example.com + +# Database credentials +# These are automatically passed down to postgres in docker-compose.yml file +ENTE_DB_USER=ente +ENTE_DB_PASSWORD= +ENTE_DB_NAME=ente_db + +# SMTP configuration +ENTE_SMTP_HOST= +ENTE_SMTP_PORT= +ENTE_SMTP_USERNAME= +ENTE_SMTP_PASSWORD= + +# Key used for encrypting user emails before storing them in DB +ENTE_KEY_ENCRYPTION= +ENTE_KEY_HASH= + +# JWT secrets +ENTE_JWT_SECRET= + +# Move to config file? +# S3 storage endpoints +ENTE_S3_B2-EU-CEN_KEY= + + diff --git a/ente-server/compose/docker-compose.yml b/ente-server/compose/docker-compose.yml new file mode 100644 index 0000000..716cc8f --- /dev/null +++ b/ente-server/compose/docker-compose.yml @@ -0,0 +1,56 @@ +services: + museum: + image: ghcr.io/ente-io/server + depends_on: + postgres: + condition: service_healthy + volumes: + - ${DATA_DIR}/museum/logs:/var/logs + networks: + - internal + - ente + labels: + - "traefik.enable=true" + # HTTP + - "traefik.http.routers.ente-museum.entrypoints=web" + - "traefik.http.routers.ente-museum.rule=Host(`${DOMAIN_MUSEUM}`)" + - "traefik.http.routers.ente-museum.middlewares=ente-museum_https" + - "traefik.http.middlewares.ente-museum_https.redirectscheme.scheme=https" + # HTTPS + - "traefik.http.routers.ente-museum_https.entrypoints=websecure" + - "traefik.http.routers.ente-museum_https.rule=Host(`${DOMAIN_MUSEUM}`)" + - "traefik.http.routers.ente-museum_https.tls=true" + - "traefik.http.routers.ente-museum_https.tls.certresolver=letsencrypt" + - "traefik.http.services.ente-museum_https.loadbalancer.server.port=8080" + + postgres: + image: postgres:12 + environment: + POSTGRES_USER: ${ENTE_DB_USER} + POSTGRES_PASSWORD: ${ENTE_DB_PASSWORD} + POSTGRES_DB: ${ENTE_DB_NAME} + # Wait for postgres to be accept connections before starting museum. + healthcheck: + test: + [ + "CMD", + "pg_isready", + "-q", + "-d", + "ente_db", + "-U", + "pguser" + ] + interval: 1s + timeout: 5s + retries: 20 + volumes: + - ${DATA_DIR}/postgres:/var/lib/postgresql/data + networks: + - internal + +networks: + ente: + external: true + internal: + external: false diff --git a/ente-server/data/museum/credentials.yaml b/ente-server/data/museum/credentials.yaml new file mode 100644 index 0000000..d20532e --- /dev/null +++ b/ente-server/data/museum/credentials.yaml @@ -0,0 +1,28 @@ +db: + host: postgres + port: 5432 + name: ente_db + user: pguser + password: pgpass + +s3: + are_local_buckets: true + b2-eu-cen: + key: test + secret: testtest + endpoint: localhost:3200 + region: eu-central-2 + bucket: b2-eu-cen + wasabi-eu-central-2-v3: + key: test + secret: testtest + endpoint: localhost:3200 + region: eu-central-2 + bucket: wasabi-eu-central-2-v3 + compliance: false + scw-eu-fr-v3: + key: test + secret: testtest + endpoint: localhost:3200 + region: eu-central-2 + bucket: scw-eu-fr-v3 diff --git a/ente-server/data/museum/data/.gitkeep b/ente-server/data/museum/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ente-server/data/museum/logs/.gitkeep b/ente-server/data/museum/logs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ente-server/data/museum/museum.yml b/ente-server/data/museum/museum.yml new file mode 100644 index 0000000..e69de29 diff --git a/ente-server/data/postgres/.gitkeep b/ente-server/data/postgres/.gitkeep new file mode 100644 index 0000000..e69de29