From fbb8934b2dd17dd7bd76dafd3a9daca6ab823367 Mon Sep 17 00:00:00 2001 From: gyurix Date: Thu, 14 Aug 2025 15:23:27 +0200 Subject: [PATCH 1/3] Update secret key generation method in template.json to use openssl|rand --- outline/template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outline/template.json b/outline/template.json index 32f7d99..fdd05eb 100644 --- a/outline/template.json +++ b/outline/template.json @@ -10,14 +10,14 @@ "key": "SECRET_KEY", "value": "", "required": "true", - "generated": "openssl|hex|32" + "generated": "openssl|rand|32" }, { "description": "Util secret key", "key": "UTILS_SECRET", "value": "", "required": "true", - "generated": "openssl|hex|32" + "generated": "openssl|rand|32" }, { "description": "Postgres database name", From 8e61ae53e3fc66f04f0c6aeb1afa2a8f40b975f3 Mon Sep 17 00:00:00 2001 From: gyurix Date: Thu, 14 Aug 2025 17:30:29 +0200 Subject: [PATCH 2/3] Add firewall configuration files for Leantime services --- leantime/firewall-leantime-dns.json | 76 +++++++ leantime/firewall-leantime-smtp.json | 75 +++++++ leantime/firewall-leantime.json | 75 +++++++ leantime/leantime-secret.json | 17 ++ leantime/service-leantime.json | 302 +++++++++++++++++++++++++++ 5 files changed, 545 insertions(+) create mode 100644 leantime/firewall-leantime-dns.json create mode 100644 leantime/firewall-leantime-smtp.json create mode 100644 leantime/firewall-leantime.json create mode 100644 leantime/leantime-secret.json create mode 100644 leantime/service-leantime.json diff --git a/leantime/firewall-leantime-dns.json b/leantime/firewall-leantime-dns.json new file mode 100644 index 0000000..c975920 --- /dev/null +++ b/leantime/firewall-leantime-dns.json @@ -0,0 +1,76 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "safebox/firewall", + "UPDATE": "true", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "CHAIN": "DOCKER-USER" + }, + { + "SOURCE": "leantimeapp" + }, + { + "TARGET": "coredns" + }, + { + "TYPE": "udp" + }, + { + "TARGET_PORT": "53" + }, + { + "COMMENT": "leantime nginx access for local dns" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "", + "PRE_START": [], + "POST_START": [] + } + ] +} \ No newline at end of file diff --git a/leantime/firewall-leantime-smtp.json b/leantime/firewall-leantime-smtp.json new file mode 100644 index 0000000..a0db66b --- /dev/null +++ b/leantime/firewall-leantime-smtp.json @@ -0,0 +1,75 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "safebox/firewall", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "CHAIN": "DOCKER-USER" + }, + { + "SOURCE": "leantime-app" + }, + { + "TARGET": "smtp" + }, + { + "TYPE": "tcp" + }, + { + "TARGET_PORT": "25" + }, + { + "COMMENT": "leantime to smtp" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/leantime/firewall-leantime.json b/leantime/firewall-leantime.json new file mode 100644 index 0000000..46b2ed7 --- /dev/null +++ b/leantime/firewall-leantime.json @@ -0,0 +1,75 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "safebox/firewall", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "CHAIN": "DOCKER-USER" + }, + { + "SOURCE": "smarthostbackend" + }, + { + "TARGET": "leantime-app" + }, + { + "TYPE": "tcp" + }, + { + "TARGET_PORT": "80" + }, + { + "COMMENT": "leantime" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/leantime/leantime-secret.json b/leantime/leantime-secret.json new file mode 100644 index 0000000..fb79013 --- /dev/null +++ b/leantime/leantime-secret.json @@ -0,0 +1,17 @@ +{ + "leantimemysql": { + "MARIADB_DATABASE": "#DB_MYSQL", + "MARIADB_USER": "#DB_USER", + "MARIADB_PASSWORD": "#DB_PASSWORD", + "MARIADB_ROOT_PASSWORD": "#DB_ROOT_PASSWORD" + }, + "leantimeapp": { + "LEAN_DB_USER": "#DB_USER", + "LEAN_DB_PASSWORD": "#DB_PASSWORD", + "LEAN_DB_HOST": "leantimemysql-db", + "LEAN_DB_DATABASE": "#DB_MYSQL", + "LEAN_OIDC_CLIENT_SECRET": "#OIDC_CLIENT_SECRET", + "LEAN_S3_SECRET": "#S3_SECRET", + "LEAN_SESSION_PASSWORD": "#SESSION_PASSWORD" + } +} \ No newline at end of file diff --git a/leantime/service-leantime.json b/leantime/service-leantime.json new file mode 100644 index 0000000..23dec3e --- /dev/null +++ b/leantime/service-leantime.json @@ -0,0 +1,302 @@ +{ + "main": { + "SERVICE_NAME": "leantime", + "DOMAIN": "#DOMAIN" + }, + "containers": [ + { + "IMAGE": "alpine:latest", + "UPDATE": "true", + "NAME": "leantime", + "NETWORK": "host", + "MEMORY": "64M", + "VOLUMES": [ + { + "SOURCE": "USER_DATA", + "DEST": "/etc/user/data", + "TYPE": "rw" + }, + { + "SOURCE": "SYSTEM_DATA", + "DEST": "/etc/system/data", + "TYPE": "rw" + }, + { + "SOURCE": "SYSTEM_LOG", + "DEST": "/etc/system/log", + "TYPE": "rw" + } + ], + "ENV_FILES": [ + "/etc/user/secret/leantime/leantime.json" + ], + "EXTRA": "--rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "ENTRYPOINT": "sh -c", + "CMD": "mkdir -p /etc/user/data/leantime/db && mkdir -p /etc/system/log/leantime/db && mkdir -p /etc/user/data/leantime/data/plugins && mkdir -p /etc/user/data/leantime/data/public && mkdir -p /etc/user/data/leantime/data/user && chmod 770 -R /etc/user/data/leantime/data && chown -R 82:82 /etc/user/data/leantime/data", + "PRE_START": "null", + "POST_START": "null" + }, + { + "IMAGE": "mariadb:latest", + "UPDATE": "true", + "NAME": "leantimemysql-db", + "MEMORY": "256M", + "NETWORK": "leantime-net", + "SELECTOR": "leantimemysql", + "VOLUMES": [ + { + "SOURCE": "/etc/user/data/leantime/db", + "DEST": "/var/lib/mysql", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/system/log/leantime/db", + "DEST": "/var/lib/mysql/mysql-bin", + "TYPE": "rw" + } + ], + "PORTS": [ + { + "SOURCE": "null", + "DEST": "3306", + "TYPE": "tcp" + } + ], + "READYNESS": [ + { + "tcp": "3306" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENV_FILES": [ + "/etc/user/secret/leantime/leantime.json" + ], + "EXTRA": "--restart always", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + }, + { + "IMAGE": "leantime/leantime:latest", + "UPDATE": "true", + "NAME": "leantimeapp", + "MEMORY": "1024M", + "NETWORK": "leantime-net", + "SELECTOR": "leantime-app", + "DNS": [ + "coredns" + ], + "VOLUMES": [ + { + "SOURCE": "/etc/user/data/leantime/data/public", + "DEST": "/var/www/html/public/userfiles", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/data/leantime/data/user", + "DEST": "/var/www/html/userfiles", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/data/leantime/data/plugins", + "DEST": "/var/www/html/app/Plugins", + "TYPE": "rw" + } + ], + "PORTS": [ + { + "SOURCE": "null", + "DEST": "80", + "TYPE": "tcp" + } + ], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "LEAN_RATELIMIT_GENERAL": "1000" + }, + { + "LEAN_RATELIMIT_API": "10" + }, + { + "LEAN_RATELIMIT_AUTH": "20" + }, + { + "LEAN_LDAP_USE_LDAP": "false" + }, + { + "LEAN_USER_FILE_PATH": "userfiles/" + }, + { + "LEAN_PORT": "80" + }, + { + "LEAN_APP_URL": "https://#DOMAIN" + }, + { + "LEAN_APP_DIR": "leantime/" + }, + { + "LEAN_DEBUG": "DEBUG" + }, + { + "LEAN_SITENAME": "#LEANTIME_SITENAME" + }, + { + "LEAN_LANGUAGE": "#LEANTIME_LANG" + }, + { + "LEAN_DEFAULT_TIMEZONE": "#LEANTIME_TZ" + }, + { + "LEAN_LOG_PATH": "log/" + }, + { + "LEAN_DISABLE_LOGIN_FORM": "false" + }, + { + "LEAN_SESSION_EXPIRATION": "#SESSION_EXPIRATION" + }, + { + "LEAN_SESSION_SECURE": "#SESSION_SECURITY" + }, + { + "LEAN_EMAIL_RETURN": "" + }, + { + "LEAN_EMAIL_USE_SMTP": "true" + }, + { + "LEAN_EMAIL_SMTP_HOSTS": "#LEANTIME_SMTP" + }, + { + "LEAN_EMAIL_SMTP_AUTH": "false" + }, + { + "LEAN_EMAIL_SMTP_USERNAME": "" + }, + { + "LEAN_EMAIL_SMTP_PASSWORD": "" + }, + { + "LEAN_EMAIL_SMTP_AUTO_TLS": "false" + }, + { + "LEAN_EMAIL_SMTP_SECURE": "false" + }, + { + "LEAN_EMAIL_SMTP_SSLNOVERIFY": "false" + }, + { + "LEAN_EMAIL_SMTP_PORT": "25" + }, + { + "LEAN_LDAP_USE_LDAP": "false" + }, + { + "LEAN_OIDC_ENABLE": "#OIDC_ENABLE" + }, + { + "LEAN_OIDC_CLIENT_ID": "#OIDC_CLIENT_ID" + }, + { + "LEAN_OIDC_CREATE_USER": "#OIDC_CREATE_USER" + }, + { + "LEAN_OIDC_DEFAULT_ROLE": "20" + }, + { + "LEAN_OIDC_PROVIDER_URL": "#OIDC_PROVIDER_URL" + }, + { + "LEAN_OIDC_AUTH_URL_OVERRIDE": "#OIDC_AUTH_URL_OVERRIDE" + }, + { + "LEAN_OIDC_TOKEN_URL_OVERRIDE": "#OIDC_TOKEN_URL_OVERRIDE" + }, + { + "LEAN_OIDC_USERINFO_URL_OVERRIDE": "#OIDC_USERINFO_URL_OVERRIDE" + }, + { + "LEAN_OIDC_SCOPES": "user:email,read:user" + }, + { + "LEAN_OIDC_FIELD_EMAIL": "0.email" + }, + { + "LEAN_OIDC_FIELD_FIRSTNAME": "name" + }, + { + "LEAN_LOGO_PATH": "/dist/images/logo.svg" + }, + { + "LEAN_PRINT_LOGO_URL": "/dist/images/logo.png" + }, + { + "LEAN_DEFAULT_THEME": "default" + }, + { + "LEAN_PRIMARY_COLOR": "#006d9f" + }, + { + "LEAN_SECONDARY_COLOR": "#00a886" + }, + { + "LEAN_USE_S3": "#LEANTIME_USE_S3" + }, + { + "LEAN_S3_KEY": "#S3_KEY" + }, + { + "LEAN_S3_BUCKET": "#S3_BUCKET" + }, + { + "LEAN_S3_USE_PATH_STYLE_ENDPOINT": "#S3_USE_PATH_STYLE_ENDPOINT" + }, + { + "LEAN_S3_REGION": "#S3_REGION" + }, + { + "LEAN_S3_FOLDER_NAME": "#S3_FOLDER_NAME" + }, + { + "LEAN_S3_END_POINT": "#S3_END_POINT" + } + ], + "ENV_FILES": [ + "/etc/user/secret/leantime/leantime.json" + ], + "EXTRA": "--restart always", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": [ + "firewall-leantime-dns" + ], + "POST_START": [ + "firewall-leantime-smtp", + "firewall-leantime", + "domain-leantime" + ] + } + ] +} \ No newline at end of file From b8ac9eb0ef9a3ed2ed2d3a4b44c262129669b2b4 Mon Sep 17 00:00:00 2001 From: gyurix Date: Thu, 14 Aug 2025 17:31:20 +0200 Subject: [PATCH 3/3] Update secret key generation method in template.json to use openssl|hex --- outline/template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outline/template.json b/outline/template.json index fdd05eb..32f7d99 100644 --- a/outline/template.json +++ b/outline/template.json @@ -10,14 +10,14 @@ "key": "SECRET_KEY", "value": "", "required": "true", - "generated": "openssl|rand|32" + "generated": "openssl|hex|32" }, { "description": "Util secret key", "key": "UTILS_SECRET", "value": "", "required": "true", - "generated": "openssl|rand|32" + "generated": "openssl|hex|32" }, { "description": "Postgres database name",