100 lines
2.8 KiB
YAML
100 lines
2.8 KiB
YAML
---
|
|
|
|
# Name of this instance
|
|
instance: bookstack
|
|
|
|
bookstack:
|
|
|
|
# Docker image to use
|
|
image: '[[ .docker.repo ]]bookstack:23.12.1'
|
|
|
|
# Number of instances to run
|
|
count: 1
|
|
|
|
# Custom env vars to set in the container
|
|
env:
|
|
WAIT_FOR_TARGET: 127.0.0.1:3306
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 100
|
|
memory: 256
|
|
memory_max: 512
|
|
|
|
vault:
|
|
# List of vault policies to attach in to the task
|
|
policies:
|
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
|
|
|
# Wait for MariaDB to be ready before starting
|
|
wait_for:
|
|
service: mariadb[[ .consul.suffix ]]
|
|
|
|
consul:
|
|
connect:
|
|
# Connect a few services from the mesh
|
|
upstreams:
|
|
- destination_name: mariadb[[ .consul.suffix ]]
|
|
local_bind_port: 3306
|
|
- destination_name: '[[ .mail.smtp_service_name ]]'
|
|
local_bind_port: 25
|
|
|
|
# Bookstack settings (which will populate .env)
|
|
settings:
|
|
APP_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.app_key }}{{ end }}'
|
|
APP_URL: '[[ .bookstack.public_url ]]'
|
|
APP_LANG: fr
|
|
APP_PROXIES: 127.0.0.1
|
|
DB_HOST: '[[ .bookstack.mysql.host ]]'
|
|
DB_PORT: '[[ .bookstack.mysql.port ]]'
|
|
DB_DATABASE: '[[ .bookstack.mysql.database ]]'
|
|
DB_USERNAME: '[[ .bookstack.mysql.user ]]'
|
|
DB_PASSWORD: '[[ .bookstack.mysql.password ]]'
|
|
MAIL_DRIVER: smtp
|
|
MAIL_FROM_NAME: '[[ .instance ]]'
|
|
MAIL_FROM: no-reply@[[ (urlParse .bookstack.public_url).Hostname ]]
|
|
MAIL_HOST: 127.0.0.1
|
|
MAIL_PORT: 25
|
|
CACHE_PREFIX: '[[ .instance ]]'
|
|
CACHE_DRIVER: database
|
|
SESSION_DRIVER: database
|
|
SESSION_LIFETIME: 240
|
|
SESSION_COOKIE_NAME: '[[ .instance ]]_session'
|
|
QUEUE_CONNECTION: database
|
|
STORAGE_TYPE: local_secure_restricted
|
|
DISABLE_EXTERNAL_SERVICES: true
|
|
WKHTMLTOPDF: /usr/local/bin/wkhtmltopdf
|
|
|
|
# Database settings
|
|
mysql:
|
|
host: 127.0.0.1
|
|
port: 3306
|
|
database: '[[ .instance ]]'
|
|
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
|
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
|
|
|
# Public URL on which bookstack will be available
|
|
public_url: https://bookstack.example.org
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
middlewares:
|
|
# Can be removed once compression is added back to the default base_middlewares
|
|
- compression@file
|
|
|
|
# Custom CSP to set
|
|
csp:
|
|
default-src: "'self'"
|
|
script-src: "'self' 'unsafe-inline'"
|
|
img-src: "'self' blob: data:"
|
|
style-src: "'self' 'unsafe-inline'"
|
|
font-src: "'self' data:"
|
|
|
|
# Volume for data persistence
|
|
volumes:
|
|
data:
|
|
type: csi
|
|
source: '[[ .instance ]]-data[[ .consul.suffix ]]'
|
|
# Note: use multi-node-multi-writer so we can run several instances
|
|
access_mode: multi-node-multi-writer
|