first sync

.env

@@ -1 +1,5 @@
-# Template
+POSTGRES_IMAGE_TAG=postgres:15.6-alpine
+POSTGRE_DB_NAME=metabase_db
+POSTGRE_DB_USER=metabase_user
+POSTGRE_DB_PASSWORD=P@ssword!Here!123456
+POSTGRE_DB_DATA=/var/lib/postgresql/data/guacamole

.gitea/workflows/ci-develop.yml

@@ -14,15 +14,21 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
+    - name: Checkout
       uses: actions/checkout@v4
 
+    # https://github.com/docker/setup-qemu-action#usage
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3.2.0
+
+    # https://github.com/marketplace/actions/docker-setup-buildx
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      id: buildx
+      uses: docker/setup-buildx-action@v3.6.1
 
     - name: Create necessary Docker networks
       run: |
-        docker network create back_network || true
+        docker network create back_network_guacamole || true
         docker network create traefik_front_network || true
 
     - name: Start up services using Docker Compose
@@ -30,8 +36,7 @@ jobs:
 
 #    - name: Modify /etc/hosts for internal routing
 #      run: |
-#        echo "127.0.0.1 gitea.tips-of-mine.com" | sudo tee -a /etc/hosts
+#        echo "127.0.0.1 guacamole.tips-of-mine.com" | sudo tee -a /etc/hosts
-#        echo "127.0.0.1 dashboard.tips-of-mine.com" | sudo tee -a /etc/hosts
 
     - name: Print Docker Compose services status
       run: docker ps
@@ -39,11 +44,11 @@ jobs:
     - name: Wait for the application to be ready via Traefik
       run: |
         echo "Checking the routing and availability of application via Traefik..."
-        timeout 5m bash -c 'while ! curl -fsSLk "https://metabase.tips-of-mine.com"; do echo "Waiting for the application to be ready..."; sleep 10; done'
+        timeout 5m bash -c 'while ! curl -fsSLk "https://guacamole.tips-of-mine.com"; do echo "Waiting for the application to be ready..."; sleep 10; done'
 
     - name: Inspect Network Configuration
       run: |
-        docker network inspect back_network
+        docker network inspect back_network_guacamole
         docker network inspect traefik_front_network
 
     - name: Shutdown Docker Compose services
@@ -54,4 +59,4 @@ jobs:
       if: always()
       run: |
         docker compose --profile setup down
-        rm -rf /workspace/tips-of-mine/metabase/*
+        rm -rf /workspace/tips-of-mine/guacamole/*

.gitea/workflows/ci-main.yml

@@ -14,11 +14,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
+    - name: Checkout
       uses: actions/checkout@v4
 
+    # https://github.com/docker/setup-qemu-action#usage
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3.2.0
+
+    # https://github.com/marketplace/actions/docker-setup-buildx
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      id: buildx
+      uses: docker/setup-buildx-action@v3.6.1
 
     - name: Create necessary Docker networks
       run: |

docker-compose.yml

@@ -2,41 +2,163 @@
 networks:
   traefik_front_network:
     external: true
-  back_network_:
+  back_network_guacamole:
     driver: bridge
     attachable: true
 
 #### SERVICES
 services:
-### hello_world
+### guacd
-  hello_world:
+  guacd:
-    container_name: gitea-app
+    container_name: guacamole-guacd
-    hostname: gitea-app
+    hostname: guacamole-guacd
-    image: hello-world
+    image: guacamole/guacd:latest
+    networks:
+    - back_network_guacamole
+    restart: always
+    volumes:
+    - ./drive:/drive:rw
+    - ./record:/var/lib/guacamole/recordings:rw
+
+### postgres
+  postgres:
+    container_name: guacamole-postgres
+    hostname: guacamole-postgres
+    image: ${POSTGRES_IMAGE_TAG}
     environment:
+      PGDATA: ${POSTGRE_DB_DATA}
+      POSTGRES_DB: ${POSTGRE_DB_NAME}
+      POSTGRES_PASSWORD: ${POSTGRE_DB_PASSWORD}
+      POSTGRES_USER: ${POSTGRE_DB_USER}
+      TZ: Europe/Paris
+    networks:
+    - back_network_guacamole
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+    restart: always
+    volumes:
+    - ./init:/docker-entrypoint-initdb.d:ro
+    - ./data:/var/lib/postgresql/data:rw
+
+### adminer
+  adminer:
+    container_name: guacamole-adminer
+    hostname: guacamole-adminer
+    depends_on:
+    - postgres
+    image: adminer
     restart: always
     networks:
-#      - back_network_gitea
+    - back_network_guacamole
     - traefik_front_network
-    volumes:
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=traefik_front_network"
 # HTTP
-      - "traefik.http.routers.hello-world-http.rule=Host(`hello-world.tips-of-mine.com`)"
+      - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.com`)"
-      - "traefik.http.routers.hello-world-http.entrypoints=http"
+      - "traefik.http.routers.adminer-http.entrypoints=http"
-      - "traefik.http.routers.hello-world-http.priority=49"
+      - "traefik.http.routers.adminer-http.priority=49"
 # HTTPS
-      - "traefik.http.routers.hello-world-https.rule=Host(`hello-world.tips-of-mine.com`)"
+      - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.com`)"
-      - "traefik.http.routers.hello-world-https.entrypoints=https"
+      - "traefik.http.routers.adminer-https.entrypoints=https"
-      - "traefik.http.routers.hello-world-https.tls=true"
+      - "traefik.http.routers.adminer-https.tls=true"
-      - "traefik.http.routers.hello-world-https.priority=50"
+      - "traefik.http.routers.adminer-https.priority=50"
-      - "traefik.http.routers.gitea.service=gitea-https-service"
+      - "traefik.http.routers.adminer.service=adminer-service"
 # Middleware
 # Service
-#      - "traefik.http.services.gitea-https-service.loadbalancer.server.port=3000"
+      - "traefik.http.services.adminer-service.loadbalancer.server.port=8080"
-#      - "traefik.http.services.gitea-https-service.loadbalancer.server.scheme=https"
+
-#      - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.hostname=gitea.traefik.me"
+### guacamole
-#      - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.method=foobar"
+  guacamole:
-#      - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.timeout=10"
+    container_name: guacamole-app
-#      - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.interval=30"
+    hostname: guacamole-app
+    image: guacamole/guacamole:latest
+    depends_on:
+    - guacd
+    - postgres
+    environment:
+### GUACD
+      GUACD_HOME: "/opt/guac_home"
+      GUACD_HOSTNAME: guacd
+      RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings"
+### PostgreSQL
+      POSTGRES_HOSTNAME: postgres
+      POSTGRESQL_PORT: 5432
+      POSTGRES_DATABASE: guacamole_db
+      POSTGRES_USER: guacamole_user
+      POSTGRES_PASSWORD: 'P@ssword!Here!123456'
+### Active Directory
+# Controler de domaine
+#      LDAP_HOSTNAME: "10.0.4.4"
+#      LDAP_PORT: 389
+#      LDAP_ENCRYPTION_METHOD: "none"
+#      LDAP_MAX_SEARCH_RESULTS: "10000"
+# Recherche des utilisateurs
+#      LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_USERNAME_ATTRIBUTE: "samAccountName"
+#      LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))"
+# Utilisateur pour connexion AD
+#      LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_SEARCH_BIND_PASSWORD: "some_password"
+# Recherche des groupes
+#      LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)"
+#      LDAP_GROUP_NAME_ATTRIBUTE: "cn"
+#      LDAP_MEMBER_AATRIBUTE: "member"
+### OpenID
+      OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.com/application/o/authorize/
+      OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs
+      OPENID_ISSUER: https://authentik.tips-of-mine.com/application/o/guacamole/
+      OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.com/application/o/guacamole/jwks/
+      OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.com
+###
+#      OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth
+#      OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs
+#      OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master
+#      OPENID_CLIENT_ID: guacamole
+#      OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local
+# Priority
+#      EXTENSION_PRIORITY: ldap
+### Extension Guacamole
+#      TOTP_ENABLED: "true"
+#      TOTP_ISSUER: "Guacamole IT Tips-Of-Mine"
+#      TOTP_DIGITS: 6
+#      TOTP_PERIOD: 60
+#      TOTP_MODE: sha1
+    links:
+    - guacd
+    networks:
+    - traefik_front_network
+    - back_network_guacamole
+#    ports:
+## enable next line if not using nginx
+##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
+## enable next line when using nginx
+#    - 8080/tcp
+    restart: always
+    volumes:
+      - ./guacamole-config:/config
+      - ./guac_home:/opt/guac_home
+      - ./record:/var/lib/guacamole/recordings:ro
+      - ./drive:/drive:rw
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_front_network"
+# HTTP
+      - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.com`)"
+      - "traefik.http.routers.guacamole-http.entrypoints=http"
+      - "traefik.http.routers.guacamole-http.priority=49"
+# HTTPS
+      - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.com`)"
+      - "traefik.http.routers.guacamole-https.entrypoints=https"
+      - "traefik.http.routers.guacamole-https.tls=true"
+      - "traefik.http.routers.guacamole-https.priority=50"
+      - "traefik.http.routers.guacamole-https.service=guacamole-service"
+      - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix"
+# Middleware
+      - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole"
+# Service
+      - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080"