Refactor Docker and Kubernetes configurations to add Docmost and Outline services

.env.example

@@ -485,3 +485,77 @@ REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION=off
 REDLIB_DEFAULT_HIDE_SCORE=off
 # Enable fixed navbar by default
 REDLIB_DEFAULT_FIXED_NAVBAR=on
+
+# outline
+NODE_ENV=production
+
+# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
+# in your terminal to generate a random value.
+OUTLINE_SECRET_KEY=00b5677d3ce6c106f3d95ec830f9530f9014a2620d16fe60ed867a30c4964c5e
+
+# Generate a unique random key. The format is not important but you could still use
+# `openssl rand -hex 32` in your terminal to produce this.
+OUTLINE_UTILS_SECRET=4b8235fdc01295571bd0946abb5eaf7c131f1a652386c98b658bbc4b1b4e3540
+
+# For production point these at your databases, in development the default
+# should work out of the box.
+DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE__HOSTNAME}:5432/outline
+# DATABASE_CONNECTION_POOL_MIN=
+# DATABASE_CONNECTION_POOL_MAX=
+# Uncomment this to disable SSL for connecting to Postgres
+PGSSLMODE=disable
+
+# For redis you can either specify an ioredis compatible url like this
+REDIS_URL=redis://redis:6379
+# or alternatively, if you would like to provide additional connection options,
+# use a base64 encoded JSON connection option object. Refer to the ioredis documentation
+# for a list of available options.
+# Example: Use Redis Sentinel for high availability
+# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
+# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
+
+# URL should point to the fully qualified, publicly accessible URL. If using a
+# proxy the port in URL and PORT may be different.
+OUTLINE_URL=https://outline.${DOMAINNAME}
+OUTLINE_PORT=3000
+
+# See [documentation](docs/SERVICES.md) on running a separate collaboration
+# server, for normal operation this does not need to be set.
+COLLABORATION_URL=
+
+# Specify what storage system to use. Possible value is one of "s3" or "local".
+# For "local", the avatar images and document attachments will be saved on local disk. 
+FILE_STORAGE=local
+
+# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under
+# which all attachments/images go. Make sure that the process has permissions to create
+# this path and also to write files to it.
+FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
+
+# Maximum allowed size for the uploaded attachment.
+FILE_STORAGE_UPLOAD_MAX_SIZE=262144000
+
+# Override the maximum size of document imports, generally this should be lower
+# than the document attachment maximum size.
+FILE_STORAGE_IMPORT_MAX_SIZE=
+
+# Override the maximum size of workspace imports, these can be especially large
+# and the files are temporary being automatically deleted after a period of time.
+FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=
+
+# –––––––––––––– AUTHENTICATION ––––––––––––––
+
+# Third party signin credentials, at least ONE OF EITHER Google, Slack,
+# or Microsoft is required for a working installation or you'll have no sign-in
+# options.
+
+# To configure Google auth, you'll need to create an OAuth Client ID at
+# => https://console.cloud.google.com/apis/credentials
+#
+# When configuring the Client ID, add an Authorized redirect URI:
+# https://<URL>/auth/google.callback
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+SLACK_CLIENT_ID=
+SLACK_CLIENT_SECRET=

swarm/docmost.yml

@@ -0,0 +1,56 @@
+networks:
+  net:
+    driver: overlay
+    attachable: true
+  traefik-public:
+    external: true
+
+services:
+  docmost:
+    image: docmost/docmost:latest
+    depends_on:
+      # - db
+      - redis
+    environment:
+      APP_URL: "https://doc.${DOMAIN}"
+      APP_SECRET: ${JWT_SECRET}
+      DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE__HOSTNAME}:5432/docmost?schema=public"
+      REDIS_URL: "redis://redis:6379"
+    expose:
+      - 3000
+    restart: unless-stopped
+    volumes:
+      - /var/data/docmost:/app/data/storage
+    networks:
+      - net
+      - traefik-public
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=traefik-public
+        - traefik.constraint-label=traefik-public
+        - traefik.http.routers.docmost.entrypoints=https
+        - traefik.http.routers.docmost.rule=Host(`doc.${DOMAIN}`)
+        - traefik.http.routers.docmost.tls.certresolver=le
+        - traefik.http.routers.docmost.service=docmost_service
+        - traefik.http.services.docmost_service.loadbalancer.server.port=3000
+
+  # db:
+  #   image: postgres:16-alpine
+  #   environment:
+  #     POSTGRES_DB: docmost
+  #     POSTGRES_USER: ${POSTGRES_USER}
+  #     POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+  #   restart: unless-stopped
+  #   volumes:
+  #     - /var/data/db_data:/var/lib/postgresql/data
+  #   networks:
+  #     - net
+
+  redis:
+    image: redis:7.2-alpine
+    restart: unless-stopped
+    volumes:
+      - /var/data/redis_data:/data
+    networks:
+      - net

swarm/outline.yml

@@ -0,0 +1,66 @@
+# volumes:
+# storage-data: {}
+# database-data: {}
+
+networks:
+  net:
+    driver: overlay
+    attachable: true
+  traefik-public:
+    external: true
+
+services:
+  redis:
+    image: redis
+    command: ["redis-server", "/redis.conf"]
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 30s
+      retries: 3
+    volumes:
+      - /var/data/redis.conf:/redis.conf
+    networks:
+      - net
+
+  outline:
+    image: docker.getoutline.com/outlinewiki/outline:latest
+    environment:
+      - NODE_ENV=${NODE_ENV}
+      - SECRET_KEY=${OUTLINE_SECRET_KEY}
+      - UTILS_SECRET=${OUTLINE_UTILS_SECRET}
+      - DATABASE_URL=${DATABASE_URL}
+      - PGSSLMODE=${PGSSLMODE}
+      - REDIS_URL=${REDIS_URL}
+      - URL=${OUTLINE_URL}
+      - PORT=${OUTLINE_PORT}
+      - COLLABORATION_URL=${COLLABORATION_URL}
+      - FILE_STORAGE=${FILE_STORAGE}
+      - FILE_STORAGE_LOCAL_ROOT_DIR=${FILE_STORAGE_LOCAL_ROOT_DIR}
+      - FILE_STORAGE_UPLOAD_MAX_SIZE=${FILE_STORAGE_UPLOAD_MAX_SIZE}
+      - FILE_STORAGE_IMPORT_MAX_SIZE=${FILE_STORAGE_IMPORT_MAX_SIZE}
+      - FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=${FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE}
+      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
+      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
+      - SLACK_CLIENT_ID=${SLACK_CLIENT_ID}
+      - SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}
+    expose:
+      - 3000
+    volumes:
+      - /var/data/outline_data:/var/lib/outline/data
+    depends_on:
+      - redis
+    networks:
+      - net
+      - traefik-public
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=traefik-public
+        - traefik.constraint-label=traefik-public
+        - traefik.http.routers.outline-rtr.entrypoints=https
+        - traefik.http.routers.outline-rtr.rule=Host(`outline.${DOMAIN}`)
+        - traefik.http.routers.outline-rtr.middlewares=xbot
+        - traefik.http.routers.outline-rtr.tls.certresolver=le
+        - traefik.http.routers.outline-rtr.service=outline-svc
+        - traefik.http.services.outline-svc.loadbalancer.server.port=3000