Tidy up

.example.env

@@ -0,0 +1 @@
+DOMAIN=localhost

.gitignore

@@ -1,3 +1,3 @@
-server.crt
-server.key
-db.env
+services/nginx/server.crt
+services/nginx/server.key
+.env

db.example.env

@@ -1,3 +0,0 @@
-MYSQL_PASSWORD="password"
-MYSQL_DATABASE=nextcloud
-MYSQL_USER=nextcloud

docker-compose.yaml

@@ -1,51 +1,102 @@
 name: tvcloud
 
+networks:
+  nextcloud-frontend:
+  nextcloud-backend:
+  gitea-frontend:
+  gitea-backend:
+  redmine-frontend:
+  redmine-backend:
+
+volumes:
+  db:
+  nextcloud:
+  gitea:
+  redmine:
+
 services:
-  web:
+  proxy:
     build:
-      dockerfile: ./nginx.Dockerfile
+      context: ./services/nginx
+      args:
+        DOMAIN: ${DOMAIN:?DOMAIN not set}
     networks:
-      - front-tier
+      - nextcloud-frontend
+      - gitea-frontend
+      - redmine-frontend
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - nextcloud:/var/www/html:ro
     depends_on:
-      - cloud
+      - nextcloud
+      - gitea
+      - redmine
 
-  cloud:
+  db:
+    build:
+      context: ./services/mariadb
+    environment:
+      - MARIADB_ROOT_PASSWORD=password
+    networks:
+      - nextcloud-backend
+      - gitea-backend
+      - redmine-backend
+    volumes:
+      - db:/var/lib/mysql
+
+  nextcloud:
     image: nextcloud:31-fpm
-    env_file:
-      - db.env
+    build:
+      context: ./services/nextcloud
     environment:
       - MYSQL_HOST=db
+      - MYSQL_PASSWORD=password
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
     networks:
-      - front-tier
-      - back-tier
+      - nextcloud-frontend
+      - nextcloud-backend
     volumes:
       - nextcloud:/var/www/html
     depends_on:
       - db
 
-  db:
-    image: mariadb:11-ubi
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    env_file:
-      - db.env
+  gitea:
+    image: docker.gitea.com/gitea:1.25.2
     environment:
-      - MARIADB_ROOT_PASSWORD=pswd
-      - MARIADB_AUTO_UPGRADE=1
-      - MARIADB_DISABLE_UPGRADE_BACKUP=1
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=password
+    restart: always
     networks:
-      - back-tier
+      - gitea-frontend
+      - gitea-backend
     volumes:
-      - mariadb:/var/lib/mysql
+      - gitea:/data
+      - /etc/timezone:/etc/timezones:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "222:22"
+    depends_on:
+      - db
 
-networks:
-  front-tier:
-  back-tier:
-
-volumes:
-  mariadb:
-  nextcloud:
+  redmine:
+    image: redmine:6-alpine
+    environment:
+      - REDMINE_DB_MYSQL=db
+      - REDMINE_DB_USERNAME=redmine
+      - REDMINE_DB_PASSWORD=password
+    restart: always
+    networks:
+      - redmine-frontend
+      - redmine-backend
+    volumes:
+      - redmine:/usr/src/redmine/files
+    depends_on:
+      - db

nginx.Dockerfile

@@ -1,5 +0,0 @@
-FROM nginx:1.28-alpine
-
-COPY ./default.conf /etc/nginx/conf.d/default.conf
-COPY ./server.key /etc/ssl/crt/server.key
-COPY ./server.crt /etc/ssl/crt/server.crt

readme.md

@@ -1,21 +1,32 @@
 # tvcloud
 
 This project is a personal cloud of services:
-- NextCloud
+- [NextCloud](https://nextcloud.com/)
+- [Gitea](https://about.gitea.com/products/gitea/)
+- [Redmine](https://www.redmine.org/)
 
 # Setup
 
-1. Generate self-signed certificate.
+1. Generate a certificate for the proxy
+
+To generate a self-signed certificate (e.g. for `localhost`):
 
 ```
-openssl genpkey -algorithm RSA -out server.key
-openssl req -new -x509 -key server.key -out server.crt -days 365
+./tools/generate_self_signed_cert.bash localhost .
 ```
 
-2. Make a `db.env` file. See `db.example.env`.
+Alternatively to generate a CA signed certificate (if your own a domain):
+
+```
+./tools/generate_cert.bash yourdomain.com admin@email.com .
+```
+
+2. Make a `.env` configuration file
+
+See `.example.env`.
 
 3. Start the services.
 
 ```
-docker compose up -d
-```
+sudo docker compose up --detach
+```

services/mariadb/Dockerfile

@@ -0,0 +1,4 @@
+FROM mariadb:11.4
+
+COPY ./init.sql /docker-entrypoint-initdb.d/init.sql
+COPY ./my.cnf  /etc/mysql/conf.d/my.cnf

services/mariadb/init.sql

@@ -0,0 +1,11 @@
+CREATE USER 'nextcloud'@'%' IDENTIFIED BY 'password';
+CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+GRANT ALL PRIVILEGES on nextcloud.* to 'nextcloud'@'%';
+
+CREATE USER 'gitea'@'%' IDENTIFIED BY 'password';
+CREATE DATABASE gitea CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'%';
+
+CREATE USER 'redmine'@'%' IDENTIFIED BY 'password';
+CREATE DATABASE redmine;
+GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%';

services/mariadb/my.cnf

@@ -0,0 +1,36 @@
+[mariadb]
+host-cache-size = 128
+skip-name-resolve = true
+
+[mysqld]
+transaction_isolation = READ-COMMITTED
+binlog_format = ROW
+
+[server]
+skip_name_resolve = 1
+innodb_buffer_pool_size = 128M
+innodb_buffer_pool_instances = 1
+innodb_flush_log_at_trx_commit = 2
+innodb_log_buffer_size = 32M
+innodb_max_dirty_pages_pct = 90
+query_cache_type = 1
+query_cache_limit = 2M
+query_cache_min_res_unit = 2k
+query_cache_size = 64M
+tmp_table_size= 64M
+max_heap_table_size= 64M
+slow_query_log = 1
+slow_query_log_file = /var/log/mysql/slow.log
+long_query_time = 1
+
+[client]
+default-character-set = utf8mb4
+
+[mysqld]
+character_set_server = utf8mb4
+collation_server = utf8mb4_general_ci
+transaction_isolation = READ-COMMITTED
+binlog_format = ROW
+innodb_large_prefix=on
+innodb_file_format=barracuda
+innodb_file_per_table=1

services/nextcloud/Dockerfile

@@ -0,0 +1,3 @@
+FROM nextcloud:31-fpm
+
+COPY ./mysql.ini /usr/local/etc/php/conf.d/mysql.ini

services/nextcloud/mysql.ini

@@ -0,0 +1,18 @@
+# configuration for PHP MySQL module
+# This causes errors
+# https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/linux_database_configuration.html
+# extension=pdo_mysql.so
+
+[mysql]
+mysql.allow_local_infile=On
+mysql.allow_persistent=On
+mysql.cache_size=2000
+mysql.max_persistent=-1
+mysql.max_links=-1
+mysql.default_port=
+mysql.default_socket=/var/lib/mysql/mysql.sock
+mysql.default_host=
+mysql.default_user=
+mysql.default_password=
+mysql.connect_timeout=60
+mysql.trace_mode=Off

services/nginx/Dockerfile

@@ -0,0 +1,7 @@
+FROM nginx:1.28-alpine
+
+ARG DOMAIN
+COPY ./default.template.conf /tmp/default.template.conf
+RUN envsubst '$DOMAIN' < /tmp/default.template.conf > /etc/nginx/conf.d/default.conf
+COPY ./server.key /etc/ssl/crt/server.key
+COPY ./server.crt /etc/ssl/crt/server.crt

services/nginx/default.template.conf

@@ -1,7 +1,3 @@
-#
-# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
-#
-
 # Set the `immutable` cache control options only for assets with a cache busting `v` argument
 map $arg_v $asset_immutable {
     "" "";
@@ -11,20 +7,56 @@ default ", immutable";
 resolver 127.0.0.11 valid=2s;
 upstream php-handler {
     zone backends 64k;
-    server cloud:9000 resolve;
+    server nextcloud:9000 resolve;
 }
 
 server {
     listen 80;
 
-    server_name tvcloud.fr;
+    server_name ${DOMAIN} www.${DOMAIN}
+                nextcloud.${DOMAIN}
+                gitea.${DOMAIN}
+                redmine.${DOMAIN};
 
     return 301 https://$host$request_uri;
 }
 
 server {
     listen 443 ssl;
-    server_name tvcloud.fr;
+    server_name gitea.${DOMAIN};
+
+    ssl_certificate     /etc/ssl/crt/server.crt;
+    ssl_certificate_key /etc/ssl/crt/server.key;
+
+    location / {
+        client_max_body_size 512M;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_pass http://gitea:3000;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name redmine.${DOMAIN};
+
+    ssl_certificate     /etc/ssl/crt/server.crt;
+    ssl_certificate_key /etc/ssl/crt/server.key;
+
+    location / {
+	proxy_pass http://redmine:3000;
+    }
+}
+
+# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
+server {
+    listen 443 ssl;
+    server_name nextcloud.${DOMAIN};
 
     ssl_certificate     /etc/ssl/crt/server.crt;
     ssl_certificate_key /etc/ssl/crt/server.key;

tools/generate_cert.bash

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -eu
+shopt -s patsub_replacement
+
+usage="Usage: $0 host email"
+host="${1:?$usage}"
+email="${2:?$usage}"
+services=(www nextcloud gitea redmine)
+
+# shellcheck disable=SC2068
+sudo certbot certonly --manual --preferred-challenges dns --agree-tos --email "$email" ${services[@]/*/-d &."$host"} -d "$host"

tools/generate_self_signed_cert.bash

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -eu
+
+usage="Usage: $0 host project_root"
+host="${1:?$usage}"
+root="${2:?$usage}"
+services=(nextcloud gitea redmine)
+nginx_dir="$root"/services/nginx
+
+mkcert -install
+mkcert -cert-file "$nginx_dir"/server.crt -key-file "$nginx_dir"/server.key \
+  "${services[@]/%/.$host}" "$host" 127.0.0.1 ::1