commit 95707101ebb77086413208b27cf680136588a97f Author: Yorick Barbanneau Date: Sun Mar 28 23:50:05 2021 +0200 First commit diff --git a/Bastillefile b/Bastillefile new file mode 100644 index 0000000..bd0b026 --- /dev/null +++ b/Bastillefile @@ -0,0 +1,39 @@ +ARG WALLABAG_VERSION=2.4.2 +ARG DBNAME=wallabag +ARG DBUSER=u_wallabag +ARG DBPASS=mypass +ARG SECRET=mysecret +ARG FQDN=http://${JAIL_IP} +ARG LOCALE=en + +PKG php74-session php74-ctype php74-dom php74-simplexml php74-json php74-gd php74-mbstring php74-xml php74-tidy php74-iconv php74-curl php74-gettext php74-tokenizer php74-bcmath php74-intl php74-pdo_pgsql php74-composer php74-sockets php74-xmlreader php74-zlib postgresql12-server nginx git + +SYSRC postgresql_enable=YES +SYSRC php_fpm_enable=YES +SYSRC nginx_enable=YES + +CP etc /usr/local/ + +# Service, sysvshm must be new in jail.conf or postgre +SERVICE postgresql initdb +SERVICE postgresql start +SERVICE php-fpm start +SERVICE nginx start + +# Create role and database +CMD echo "CREATE ROLE ${DBUSER} WITH LOGIN ENCRYPTED PASSWORD '${DBPASS}'" | su postgres -c psql +CMD echo "CREATE DATABASE ${DBNAME} OWNER ${DBUSER};" | su postgres -c psql +CMD echo "GRANT ALL PRIVILEGES ON DATABASE ${DBNAME} TO ${DBUSER};" | su postgres -c psql + +# Download wallabag +CMD mkdir -p /usr/local/www/wallabag +CMD git clone --branch ${WALLABAG_VERSION} --depth 1 https://github.com/wallabag/wallabag.git /usr/local/www/wallabag +CP www /usr/local + +# Process config file +RENDER /usr/local/www/wallabag/app/config/parameters.yml + +# Launch installation via composer +CMD chown -R nobody:nobody /usr/local/www/wallabag +CMD cd /usr/local/www/wallabag && su -m nobody -c "composer install --no-dev --no-cache -o --no-scripts" +CMD cd /usr/local/www/wallabag && su -m nobody -c "php bin/console wallabag:install --env=prod -n" diff --git a/README.md b/README.md new file mode 100644 index 0000000..7ac3911 --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +Wallabag Bastille Template +-------------------------- + +Template for [Wallabag](https://wallabag.org) application configured with Nginx, +PostgreSQL and PHP-FPM. For PostgreSQL, you need to activate `sysvshm` with: + +``` +bastille config set sysvshm new && bastille restart +``` + +before applying this template. + +## Template variables + +List of variables of this template: + + * `WALLABAG_VERSION`: version of wallabag to install + * `DBNAME`, `DBUSER`, `DBPASS`: database parameters + * `SECRET`: value of Wallabag secret parameter + * `FQDN`: domain name for Wallabag + * `LOCALE`: locale for wallabag parameter diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..0023212 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,41 @@ +user www www; +worker_processes auto; +error_log /var/log/nginx/error.log; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + + sendfile on; + keepalive_timeout 65; + + server { + listen 80 default_server; + root /usr/local/www/wallabag/web; + index index.php; + location / { + # try to serve file directly, fallback to app.php + try_files $uri /app.php$is_args$args; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/local/www/nginx-dist; + } + + location ~ ^/app\.php(/|$) { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php-fpm_wallabag.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include fastcgi_params; + } + } +} diff --git a/etc/php-fpm.d/www.conf b/etc/php-fpm.d/www.conf new file mode 100644 index 0000000..2945c66 --- /dev/null +++ b/etc/php-fpm.d/www.conf @@ -0,0 +1,13 @@ +[wallabag] +user = nobody +group = nobody +listen = /var/run/php-fpm_wallabag.sock +listen.owner = www +listen.group = www + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + diff --git a/www/wallabag/app/config/parameters.yml b/www/wallabag/app/config/parameters.yml new file mode 100644 index 0000000..0b6110e --- /dev/null +++ b/www/wallabag/app/config/parameters.yml @@ -0,0 +1,63 @@ +parameters: + database_driver: pdo_pgsql + database_host: null + database_port: 5432 + database_name: ${DBNAME} + database_user: ${DBUSER} + database_password: ${DBPASS} + database_path: null + database_table_prefix: wallabag_ + database_socket: /tmp/.s.PGSQL.5432 + database_charset: utf8 + + domain_name: ${FQDN} + + mailer_transport: smtp + mailer_user: + mailer_password: + mailer_host: + mailer_port: + mailer_encryption: + mailer_auth_mode: + + locale: ${LOCALE} + + # A secret key that's used to generate certain security-related tokens + secret: ${SECRET} + + # two factor stuff + twofactor_auth: + twofactor_sender: + + # fosuser stuff + fosuser_registration: false + fosuser_confirmation: false + + # how long the access token should live in seconds for the API + fos_oauth_server_access_token_lifetime: 3600 + # how long the refresh token should life in seconds for the API + fos_oauth_server_refresh_token_lifetime: 1209600 + + from_email: no_user@noreply.com + + rss_limit: 50 + + # RabbitMQ processing + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + + # Redis processing + redis_scheme: + redis_host: + redis_port: + redis_path: + redis_password: + + # sentry logging + sentry_dsn: null + + # User-friendly name of your instance for 2FA issuer + server_name: