First commit

Bastillefile

@@ -0,0 +1,39 @@
+ARG WALLABAG_VERSION=2.4.2
+ARG DBNAME=wallabag
+ARG DBUSER=u_wallabag
+ARG DBPASS=mypass
+ARG SECRET=mysecret
+ARG FQDN=http://${JAIL_IP}
+ARG LOCALE=en
+
+PKG php74-session php74-ctype php74-dom php74-simplexml php74-json php74-gd php74-mbstring php74-xml php74-tidy php74-iconv php74-curl php74-gettext php74-tokenizer php74-bcmath php74-intl php74-pdo_pgsql php74-composer php74-sockets php74-xmlreader php74-zlib postgresql12-server nginx git
+
+SYSRC postgresql_enable=YES
+SYSRC php_fpm_enable=YES
+SYSRC nginx_enable=YES
+
+CP etc /usr/local/
+
+# Service, sysvshm must be new in jail.conf or postgre
+SERVICE postgresql initdb
+SERVICE postgresql start
+SERVICE php-fpm start
+SERVICE nginx start
+
+# Create role and database
+CMD echo "CREATE ROLE ${DBUSER} WITH LOGIN ENCRYPTED PASSWORD '${DBPASS}'" | su postgres -c psql
+CMD echo "CREATE DATABASE ${DBNAME} OWNER ${DBUSER};" | su postgres -c psql
+CMD echo "GRANT ALL PRIVILEGES ON DATABASE ${DBNAME} TO ${DBUSER};" | su postgres -c psql
+
+# Download wallabag
+CMD mkdir -p /usr/local/www/wallabag
+CMD git clone --branch ${WALLABAG_VERSION} --depth 1 https://github.com/wallabag/wallabag.git /usr/local/www/wallabag
+CP www /usr/local
+
+# Process config file
+RENDER /usr/local/www/wallabag/app/config/parameters.yml
+
+# Launch installation via composer
+CMD chown -R nobody:nobody /usr/local/www/wallabag
+CMD cd /usr/local/www/wallabag && su -m nobody -c "composer install --no-dev --no-cache -o --no-scripts"
+CMD cd /usr/local/www/wallabag && su -m nobody -c "php bin/console wallabag:install --env=prod -n"

README.md

@@ -0,0 +1,21 @@
+Wallabag Bastille Template
+--------------------------
+
+Template for [Wallabag](https://wallabag.org) application configured with Nginx,
+PostgreSQL and PHP-FPM. For PostgreSQL, you need to activate `sysvshm` with:
+
+```
+bastille config <target> set sysvshm new && bastille restart <target>
+```
+
+before applying this template.
+
+## Template variables
+
+List of variables of this template:
+
+ * `WALLABAG_VERSION`: version of wallabag to install
+ * `DBNAME`, `DBUSER`, `DBPASS`: database parameters
+ * `SECRET`: value of Wallabag secret parameter
+ * `FQDN`: domain name for Wallabag
+ * `LOCALE`: locale for wallabag parameter

etc/nginx/nginx.conf

@@ -0,0 +1,41 @@
+user www www;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include mime.types;
+  default_type application/octet-stream;
+
+  access_log /var/log/nginx/access.log;
+
+  sendfile on;
+  keepalive_timeout 65;
+
+  server {
+    listen 80 default_server;
+    root /usr/local/www/wallabag/web;
+    index index.php;
+    location / {
+        # try to serve file directly, fallback to app.php
+        try_files $uri /app.php$is_args$args;
+    }
+
+    error_page 500 502 503 504 /50x.html;
+    location = /50x.html {
+      root /usr/local/www/nginx-dist;
+    }
+
+    location ~ ^/app\.php(/|$) {
+      try_files $uri =404;
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
+      fastcgi_pass unix:/var/run/php-fpm_wallabag.sock;
+      fastcgi_index index.php;
+      fastcgi_param SCRIPT_FILENAME $request_filename;
+      include fastcgi_params;
+    }
+  }
+}

etc/php-fpm.d/www.conf

@@ -0,0 +1,13 @@
+[wallabag]
+user = nobody
+group = nobody
+listen = /var/run/php-fpm_wallabag.sock
+listen.owner = www
+listen.group = www
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+

www/wallabag/app/config/parameters.yml

@@ -0,0 +1,63 @@
+parameters:
+    database_driver: pdo_pgsql
+    database_host: null
+    database_port: 5432
+    database_name: ${DBNAME}
+    database_user: ${DBUSER}
+    database_password: ${DBPASS}
+    database_path: null
+    database_table_prefix: wallabag_
+    database_socket: /tmp/.s.PGSQL.5432
+    database_charset: utf8
+
+    domain_name: ${FQDN}
+
+    mailer_transport: smtp
+    mailer_user: 
+    mailer_password: 
+    mailer_host: 
+    mailer_port:
+    mailer_encryption: 
+    mailer_auth_mode:
+
+    locale: ${LOCALE}
+
+    # A secret key that's used to generate certain security-related tokens
+    secret: ${SECRET}
+
+    # two factor stuff
+    twofactor_auth:
+    twofactor_sender:
+
+    # fosuser stuff
+    fosuser_registration: false
+    fosuser_confirmation: false
+
+    # how long the access token should live in seconds for the API
+    fos_oauth_server_access_token_lifetime: 3600
+    # how long the refresh token should life in seconds for the API
+    fos_oauth_server_refresh_token_lifetime: 1209600
+
+    from_email: no_user@noreply.com
+
+    rss_limit: 50
+
+    # RabbitMQ processing
+    rabbitmq_host: localhost
+    rabbitmq_port: 5672
+    rabbitmq_user: guest
+    rabbitmq_password: guest
+    rabbitmq_prefetch_count: 10
+
+    # Redis processing
+    redis_scheme: 
+    redis_host: 
+    redis_port: 
+    redis_path: 
+    redis_password: 
+
+    # sentry logging
+    sentry_dsn: null
+
+    # User-friendly name of your instance for 2FA issuer
+    server_name: