diff --git a/.env b/.env index 630b323..9e870c7 100644 --- a/.env +++ b/.env @@ -1 +1,5 @@ -# Template \ No newline at end of file +POSTGRES_IMAGE_TAG=postgres:15.6-alpine +POSTGRE_DB_NAME=metabase_db +POSTGRE_DB_USER=metabase_user +POSTGRE_DB_PASSWORD=P@ssword!Here!123456 +POSTGRE_DB_DATA=/var/lib/postgresql/data/guacamole \ No newline at end of file diff --git a/.gitea/workflows/ci-develop.yml b/.gitea/workflows/ci-develop.yml index 9728a42..c7254ba 100644 --- a/.gitea/workflows/ci-develop.yml +++ b/.gitea/workflows/ci-develop.yml @@ -14,15 +14,21 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout repository + - name: Checkout uses: actions/checkout@v4 + # https://github.com/docker/setup-qemu-action#usage + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.2.0 + + # https://github.com/marketplace/actions/docker-setup-buildx - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + id: buildx + uses: docker/setup-buildx-action@v3.6.1 - name: Create necessary Docker networks run: | - docker network create back_network || true + docker network create back_network_guacamole || true docker network create traefik_front_network || true - name: Start up services using Docker Compose @@ -30,8 +36,7 @@ jobs: # - name: Modify /etc/hosts for internal routing # run: | -# echo "127.0.0.1 gitea.tips-of-mine.com" | sudo tee -a /etc/hosts -# echo "127.0.0.1 dashboard.tips-of-mine.com" | sudo tee -a /etc/hosts +# echo "127.0.0.1 guacamole.tips-of-mine.com" | sudo tee -a /etc/hosts - name: Print Docker Compose services status run: docker ps @@ -39,11 +44,11 @@ jobs: - name: Wait for the application to be ready via Traefik run: | echo "Checking the routing and availability of application via Traefik..." - timeout 5m bash -c 'while ! curl -fsSLk "https://metabase.tips-of-mine.com"; do echo "Waiting for the application to be ready..."; sleep 10; done' + timeout 5m bash -c 'while ! curl -fsSLk "https://guacamole.tips-of-mine.com"; do echo "Waiting for the application to be ready..."; sleep 10; done' - name: Inspect Network Configuration run: | - docker network inspect back_network + docker network inspect back_network_guacamole docker network inspect traefik_front_network - name: Shutdown Docker Compose services @@ -54,4 +59,4 @@ jobs: if: always() run: | docker compose --profile setup down - rm -rf /workspace/tips-of-mine/metabase/* \ No newline at end of file + rm -rf /workspace/tips-of-mine/guacamole/* \ No newline at end of file diff --git a/.gitea/workflows/ci-main.yml b/.gitea/workflows/ci-main.yml index bf77843..16e5213 100644 --- a/.gitea/workflows/ci-main.yml +++ b/.gitea/workflows/ci-main.yml @@ -14,11 +14,17 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout repository + - name: Checkout uses: actions/checkout@v4 + # https://github.com/docker/setup-qemu-action#usage + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.2.0 + + # https://github.com/marketplace/actions/docker-setup-buildx - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + id: buildx + uses: docker/setup-buildx-action@v3.6.1 - name: Create necessary Docker networks run: | diff --git a/docker-compose.yml b/docker-compose.yml index 4054566..dda58ea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,41 +2,163 @@ networks: traefik_front_network: external: true - back_network_: + back_network_guacamole: driver: bridge attachable: true #### SERVICES services: -### hello_world - hello_world: - container_name: gitea-app - hostname: gitea-app - image: hello-world +### guacd + guacd: + container_name: guacamole-guacd + hostname: guacamole-guacd + image: guacamole/guacd:latest + networks: + - back_network_guacamole + restart: always + volumes: + - ./drive:/drive:rw + - ./record:/var/lib/guacamole/recordings:rw + +### postgres + postgres: + container_name: guacamole-postgres + hostname: guacamole-postgres + image: ${POSTGRES_IMAGE_TAG} environment: + PGDATA: ${POSTGRE_DB_DATA} + POSTGRES_DB: ${POSTGRE_DB_NAME} + POSTGRES_PASSWORD: ${POSTGRE_DB_PASSWORD} + POSTGRES_USER: ${POSTGRE_DB_USER} + TZ: Europe/Paris + networks: + - back_network_guacamole + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + interval: 30s + timeout: 10s + retries: 10 + restart: always + volumes: + - ./init:/docker-entrypoint-initdb.d:ro + - ./data:/var/lib/postgresql/data:rw + +### adminer + adminer: + container_name: guacamole-adminer + hostname: guacamole-adminer + depends_on: + - postgres + image: adminer restart: always networks: -# - back_network_gitea - - traefik_front_network - volumes: + - back_network_guacamole + - traefik_front_network labels: - "traefik.enable=true" - "traefik.docker.network=traefik_front_network" # HTTP - - "traefik.http.routers.hello-world-http.rule=Host(`hello-world.tips-of-mine.com`)" - - "traefik.http.routers.hello-world-http.entrypoints=http" - - "traefik.http.routers.hello-world-http.priority=49" + - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.com`)" + - "traefik.http.routers.adminer-http.entrypoints=http" + - "traefik.http.routers.adminer-http.priority=49" # HTTPS - - "traefik.http.routers.hello-world-https.rule=Host(`hello-world.tips-of-mine.com`)" - - "traefik.http.routers.hello-world-https.entrypoints=https" - - "traefik.http.routers.hello-world-https.tls=true" - - "traefik.http.routers.hello-world-https.priority=50" - - "traefik.http.routers.gitea.service=gitea-https-service" + - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.com`)" + - "traefik.http.routers.adminer-https.entrypoints=https" + - "traefik.http.routers.adminer-https.tls=true" + - "traefik.http.routers.adminer-https.priority=50" + - "traefik.http.routers.adminer.service=adminer-service" # Middleware # Service -# - "traefik.http.services.gitea-https-service.loadbalancer.server.port=3000" -# - "traefik.http.services.gitea-https-service.loadbalancer.server.scheme=https" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.hostname=gitea.traefik.me" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.method=foobar" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.timeout=10" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.interval=30" + - "traefik.http.services.adminer-service.loadbalancer.server.port=8080" + +### guacamole + guacamole: + container_name: guacamole-app + hostname: guacamole-app + image: guacamole/guacamole:latest + depends_on: + - guacd + - postgres + environment: +### GUACD + GUACD_HOME: "/opt/guac_home" + GUACD_HOSTNAME: guacd + RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings" +### PostgreSQL + POSTGRES_HOSTNAME: postgres + POSTGRESQL_PORT: 5432 + POSTGRES_DATABASE: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: 'P@ssword!Here!123456' +### Active Directory +# Controler de domaine +# LDAP_HOSTNAME: "10.0.4.4" +# LDAP_PORT: 389 +# LDAP_ENCRYPTION_METHOD: "none" +# LDAP_MAX_SEARCH_RESULTS: "10000" +# Recherche des utilisateurs +# LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_USERNAME_ATTRIBUTE: "samAccountName" +# LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))" +# Utilisateur pour connexion AD +# LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_SEARCH_BIND_PASSWORD: "some_password" +# Recherche des groupes +# LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)" +# LDAP_GROUP_NAME_ATTRIBUTE: "cn" +# LDAP_MEMBER_AATRIBUTE: "member" +### OpenID + OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.com/application/o/authorize/ + OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs + OPENID_ISSUER: https://authentik.tips-of-mine.com/application/o/guacamole/ + OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.com/application/o/guacamole/jwks/ + OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.com +### +# OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth +# OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs +# OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master +# OPENID_CLIENT_ID: guacamole +# OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local +# Priority +# EXTENSION_PRIORITY: ldap +### Extension Guacamole +# TOTP_ENABLED: "true" +# TOTP_ISSUER: "Guacamole IT Tips-Of-Mine" +# TOTP_DIGITS: 6 +# TOTP_PERIOD: 60 +# TOTP_MODE: sha1 + links: + - guacd + networks: + - traefik_front_network + - back_network_guacamole +# ports: +## enable next line if not using nginx +## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. +## enable next line when using nginx +# - 8080/tcp + restart: always + volumes: + - ./guacamole-config:/config + - ./guac_home:/opt/guac_home + - ./record:/var/lib/guacamole/recordings:ro + - ./drive:/drive:rw + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik_front_network" +# HTTP + - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.com`)" + - "traefik.http.routers.guacamole-http.entrypoints=http" + - "traefik.http.routers.guacamole-http.priority=49" +# HTTPS + - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.com`)" + - "traefik.http.routers.guacamole-https.entrypoints=https" + - "traefik.http.routers.guacamole-https.tls=true" + - "traefik.http.routers.guacamole-https.priority=50" + - "traefik.http.routers.guacamole-https.service=guacamole-service" + - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix" +# Middleware + - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole" +# Service + - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080"