Add bookstack (+libib redirect)

2 years ago · 379a42f197
parent 9fc9a2a2a1
commit 379a42f197
7 changed files with 135 additions and 2 deletions
--- a/bookstack/docker-compose.yaml
+++ b/bookstack/docker-compose.yaml
@ -0,0 +1,52 @@
+version: "3"
+
+services:
+  bookstack:
+    image: lscr.io/linuxserver/bookstack
+    container_name: bookstack
+    env_file:
+      - ../env.production
+      - env.production
+      - ../data/bookstack/env.secrets
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - DB_HOST=bookstack_db
+      - DB_PORT=3306
+      - DB_USER=bookstack
+      - DB_DATABASE=bookstackapp
+      - DB_PASS=bookstackpass
+    networks:
+      - internal
+      - external
+    volumes:
+      - ../data/bookstack/app_config:/config
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 6875:6875
+    restart: unless-stopped
+    depends_on:
+      - bookstack_db
+
+  bookstack_db:
+    image: lscr.io/linuxserver/mariadb
+    container_name: bookstack_db
+    env_file:
+      - ../env.production
+      - env.production
+      - ../data/bookstack/env.secrets
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - MYSQL_DATABASE=bookstackapp
+      - MYSQL_USER=bookstack
+      - MYSQL_PASSWORD=bookstackpass
+    networks:
+      - internal
+    volumes:
+      - ../data/bookstack/db_config:/config
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
--- a/bookstack/env.production
+++ b/bookstack/env.production
@ -0,0 +1,14 @@
+AUTH_METHOD=oidc
+AUTH_AUTO_INITIATE=true
+OIDC_NAME=Keycloak
+
+OIDC_DISPLAY_NAME_CLAIMS=name
+OIDC_CLIENT_ID=bookstack
+OIDC_ISSUER=https://${KEYCLOAK_HOSTNAME}/realms/${REALM}
+
+OIDC_ISSUER_DISCOVER=true
+
+## NOTE: Use following if DISCOVER fails
+#OIDC_PUBLIC_KEY=file:///keys/idp-public-key.pem
+#OIDC_AUTH_ENDPOINT=https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/protocol/openid-connect/auth
+#OIDC_TOKEN_ENDPOINT=https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/protocol/openid-connect/token
--- a/bookstack/setup
+++ b/bookstack/setup
@ -0,0 +1,61 @@
+#!/bin/bash
+die() { echo >&2 "$@" ; exit 1 ; }
+
+DIRNAME="$(dirname $0)"
+cd "$DIRNAME"
+source ../env.production || die "no top level env?"
+source env.production || die "no local env?"
+
+DATA="../data/bookstack"
+SECRETS="$DATA/env.secrets"
+
+if [ -r "$SECRETS" ]; then
+	docker-compose up -d || die "hedgedoc: unable to start"
+	exit 0
+fi
+
+docker-compose down 2>/dev/null
+
+# regenerate the client secrets
+CLIENT_SECRET="$(openssl rand -hex 20)"
+SESSION_SECRET="$(openssl rand -hex 20)"
+
+MYSQL_ROOT_PASSWORD="$(openssl rand -hex 24)"
+
+cat <<EOF > "$SECRETS"
+# DO NOT CHECK IN
+APP_URL=https://${BOOKSTACK_HOSTNAME}
+MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+
+OIDC_CLIENT_SECRET=${CLIENT_SECRET}
+EOF
+
+../keycloak/client-delete bookstack
+
+../keycloak/client-create <<EOF || die "unable to create bookstack client"
+{
+	"clientId": "bookstack",
+	"rootUrl": "https://$BOOKSTACK_HOSTNAME",
+	"adminUrl": "https://$BOOKSTACK_HOSTNAME",
+	"redirectUris": [ "https://$BOOKSTACK_HOSTNAME/*" ],
+	"webOrigins": [ "https://$BOOKSTACK_HOSTNAME" ],
+	"clientAuthenticatorType": "client-secret",
+	"secret": "$CLIENT_SECRET",
+	"defaultClientScopes": [
+		"web-origins",
+		"acr",
+		"profile",
+		"roles",
+		"id",
+		"email"
+	],
+	"optionalClientScopes": [
+		"address",
+		"phone",
+		"offline_access",
+		"microprofile-jwt"
+	]
+}
+EOF
+
+docker-compose up -d || die "hedgedoc: unable to start container"
--- a/env.production
+++ b/env.production
@ -8,4 +8,5 @@ NEXTCLOUD_HOSTNAME=cloud.woodbine.nyc
 GITEA_HOSTNAME=git.woodbine.nyc
 MATRIX_HOSTNAME=chat.woodbine.nyc
 MOBILIZON_HOSTNAME=events.woodbine.nyc
-OBICO_HOSTNAME=printers.woodbine.nyc
+LIBIB_HOSTNAME=library.woodbine.nyc
+BOOKSTACK_HOSTNAME=wiki.woodbine.nyc
--- a/libib/setup
+++ b/libib/setup
@ -0,0 +1 @@
+echo "libib is just a redirect to the externally hosted library"
--- a/nginx/certbot-renew
+++ b/nginx/certbot-renew
@ -7,7 +7,7 @@ cd "$DIRNAME"
 source ../env.production
 source ./env.production

-domain_args="-d $DOMAIN_NAME,$KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME,$MATRIX_HOSTNAME,$GITEA_HOSTNAME,$MOBILIZON_HOSTNAME"
+domain_args="-d $DOMAIN_NAME,$KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME,$MATRIX_HOSTNAME,$GITEA_HOSTNAME,$MOBILIZON_HOSTNAME,$LIBIB_HOSTNAME,$BOOKSTACK_HOSTNAME"
 rsa_key_size=2048

 set -x
--- a/4
+++ b/4
@ -19,6 +19,8 @@ SERVICES+=\ grafana
 SERVICES+=\ matrix
 SERVICES+=\ gitea
 SERVICES+=\ mobilizon
+SERVICES+=\ libib
+SERVICES+=\ bookstack

 HOSTS+=\ $KEYCLOAK_HOST
 HOSTS+=\ $HEDGEDOC_HOST
@ -28,6 +30,8 @@ HOSTS+=\ $GRAFANA_HOST
 HOSTS+=\ $MATRIX_HOST
 HOSTS+=\ $GITEA_HOST
 HOSTS+=\ $MOBILIZON_HOST
+HOSTS+=\ $LIBIB_HOST
+HOSTS+=\ $BOOKSTACK_HOST

 for host in $HOSTS ; do
 	host $host > /dev/null || die "$host: DNS entry not present?"
				`@ -0,0 +1 @@`
				`echo "libib is just a redirect to the externally hosted library"`