From 9eb93f52e58f1ffcc10c9948a06be23d8b7b9f43 Mon Sep 17 00:00:00 2001
From: Bryan Joshua Pedini <b.pedini@bjphoster.com>
Date: Thu, 13 Oct 2022 15:14:23 +0200
Subject: [PATCH] turned base to snipe-it deployment

---
 README.md          |  3 +-
 docker-compose.yml | 97 +++++++++++++++++++++++++++++++++++++++++++---
 env.example        | 60 +++++++++++++++++++++++++---
 init.sh            | 11 ++++++
 start.sh           | 21 ++++++++++
 5 files changed, 178 insertions(+), 14 deletions(-)
 create mode 100755 init.sh
 create mode 100755 start.sh

diff --git a/README.md b/README.md
index 3ffde1e..41e410f 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1 @@
-# Base App Deployment
-This is the base on which (almost) every deployment is sort-of-based on.
+# Snipe-IT Deployment
diff --git a/docker-compose.yml b/docker-compose.yml
index cf8e041..1a4c6e4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,51 @@
 ---
 services:
-  app:
+  snipeit:
+    image: snipe/snipe-it:${SNIPEIT_VERSION}
     restart: unless-stopped
+    depends_on:
+      - mariadb
+      - redis
+    environment:
+      - APP_ENV=${SNIPEIT_ENV}
+      - APP_DEBUG=${SNIPEIT_DEBUG}
+      - APP_KEY=${SNIPEIT_KEY}
+      - APP_URL=${SNIPEIT_URL}
+      - APP_TIMEZONE=${SNIPEIT_TIMEZONE}
+      - APP_LOCALE=${SNIPEIT_LOCALE}
+      - MAX_RESULTS=${SNIPEIT_MAXRESULTS}
+      - PRIVATE_FILESYSTEM_DISK=${SNIPEIT_PRIVATE_FS}
+      - PUBLIC_FILESYSTEM_DISK=${SNIPEIT_PUBLIC_FS}
+      - DB_CONNECTION=mysql
+      - DB_HOST=mariadb
+      - DB_DATABASE=${MARIADB_NAME}
+      - DB_USERNAME=${MARIADB_USER}
+      - DB_PASSWORD=${MARIADB_PASS}
+      - DB_PREFIX=${MARIADB_PREFIX}
+      - DB_DUMP_PATH=
+      - DB_CHARSET=utf8mb4
+      - DB_COLLATION=utf8mb4_unicode_ci
+      - MAIL_DRIVER=smtp
+      - MAIL_HOST=${SNIPEIT_MAIL_HOST}
+      - MAIL_PORT=${SNIPEIT_MAIL_PORT}
+      - MAIL_USERNAME=${SNIPEIT_MAIL_USER}
+      - MAIL_PASSWORD=${SNIPEIT_MAIL_PASS}
+      - MAIL_ENCRYPTION=${SNIPEIT_MAIL_ENCR}
+      - MAIL_FROM_ADDR=${SNIPEIT_MAIL_FADDR}
+      - MAIL_FROM_NAME=${SNIPEIT_MAIL_FNAME}
+      - MAIL_REPLYTO_ADDR=${SNIPEIT_MAIL_RADDR}
+      - MAIL_REPLYTO_NAME=${SNIPEIT_MAIL_RNAME}
+      - MAIL_AUTO_EMBED=true
+      - MAIL_AUTO_EMBED_METHOD=${SNIPEIT_MAIL_EMBED}
+      - IMAGE_LIB=gd
+      - APP_TRUSTED_PROXIES=${SNIPEIT_PROXY}
+      - SECURE_COOKIES=true
+      - REDIS_HOST=redis
+      - REDIS_PASSWORD=${REDIS_PASS}
+      - REDIS_PORT=6379
+      - LOGIN_MAX_ATTEMPTS=${SNIPEIT_LOGINATT}
+      - LOGIN_LOCKOUT_DURATION=${SNIPEIT_LOCKDUR}
+      - RESET_PASSWORD_LINK_EXPIRES=${SNIPEIT_PWLINKEXP}
     labels:
       ### Section Træfik
       - traefik.enable=${TRAEFIK_ENABLED}
@@ -22,15 +66,56 @@ services:
       # specify a service so a custom port can be used
       - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
       ### Section Diun
-      - diun.enable=${DIUN_ENABLE}
-      - diun.watch_repo=${DIUN_WATCHREPO}
-      - diun.sort_tags=${DIUN_SORTALGO}
-      - diun.include_tags=${DIUN_INCLUDE}
-      - diun.exclude_tags=${DIUN_EXCLUDE}
+      - diun.enable=${DIUN_SNIPEIT_ENABLE}
+      - diun.watch_repo=${DIUN_SNIPEIT_WATCHREPO}
+      - diun.sort_tags=${DIUN_SNIPEIT_SORTALGO}
+      - diun.include_tags=${DIUN_SNIPEIT_INCLUDE}
+      - diun.exclude_tags=${DIUN_SNIPEIT_EXCLUDE}
     networks:
+      - internal
       - traefik
+    volumes:
+      - ${SNIPEIT_DATA}/data:/var/lib/snipeit
+      - ${SNIPEIT_DATA}/logs:/var/www/html/storage/logs
+
+  mariadb:
+    image: mariadb:${MARIADB_VERSION}
+    restart: unless-stopped
+    environment:
+      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT}
+      - MARIADB_DATABASE=${MARIADB_NAME}
+      - MARIADB_USER=${MARIADB_USER}
+      - MARIADB_PASSWORD=${MARIADB_PASS}
+    labels:
+      ### Section Diun
+      - diun.enable=${DIUN_MARIADB_ENABLE}
+      - diun.watch_repo=${DIUN_MARIADB_WATCHREPO}
+      - diun.sort_tags=${DIUN_MARIADB_SORTALGO}
+      - diun.include_tags=${DIUN_MARIADB_INCLUDE}
+      - diun.exclude_tags=${DIUN_MARIADB_EXCLUDE}
+    networks:
+      - internal
+    volumes:
+      - ${MARIADB_DATA}:/var/lib/mysql
+
+  redis:
+    image: redis:${REDIS_VERSION}
+    restart: unless-stopped
+    command: --requirepass ${REDIS_PASS}
+    environment:
+      - REDIS_PASS=${REDIS_PASS}
+    labels:
+      ### Section Diun
+      - diun.enable=${DIUN_REDIS_ENABLE}
+      - diun.watch_repo=${DIUN_REDIS_WATCHREPO}
+      - diun.sort_tags=${DIUN_REDIS_SORTALGO}
+      - diun.include_tags=${DIUN_REDIS_INCLUDE}
+      - diun.exclude_tags=${DIUN_REDIS_EXCLUDE}
+    networks:
+      - internal
 
 networks:
+  internal:
   traefik:
     external: true
     name: ${TRAEFIK_NETWORK}
diff --git a/env.example b/env.example
index 263f7aa..78c6277 100644
--- a/env.example
+++ b/env.example
@@ -10,9 +10,57 @@ TRAEFIK_CERTRESOLVER=letsencrypt
 TRAEFIK_HTTP_MIDDLEWARES=http-to-https
 TRAEFIK_HTTPS_MIDDLEWARES=hsts
 
-# Diun
-DIUN_ENABLE=true
-DIUN_WATCHREPO=true
-DIUN_SORTALGO=semver
-DIUN_INCLUDE=
-DIUN_EXCLUDE=
+# Snipe-IT
+SNIPEIT_VERSION=v6.0.11-alpine
+SNIPEIT_DATA=./data/snipeit
+SNIPEIT_ENV=production
+SNIPEIT_DEBUG=false
+SNIPEIT_KEY=
+SNIPEIT_URL=https://app.example.com
+SNIPEIT_TIMEZONE=UTC
+SNIPEIT_LOCALE=en
+SNIPEIT_MAXRESULTS=500
+SNIPEIT_PRIVATE_FS=local
+SNIPEIT_PUBLIC_FS=local_public
+SNIPEIT_MAIL_HOST=mail.example.com
+SNIPEIT_MAIL_PORT=25
+SNIPEIT_MAIL_USER=noreply@example.com
+SNIPEIT_MAIL_PASS=
+SNIPEIT_MAIL_ENCR=
+SNIPEIT_MAIL_FADDR=noreply@example.com
+SNIPEIT_MAIL_FNAME=Snipe-IT
+SNIPEIT_MAIL_RADDR=
+SNIPEIT_MAIL_RNAME=
+SNIPEIT_MAIL_EMBED=base64
+SNIPEIT_LOGINATT=5
+SNIPEIT_LOCKDUR=60
+SNIPEIT_PWLINKEXP=900
+SNIPEIT_PROXY=172.16.0.0/12
+DIUN_SNIPEIT_ENABLE=true
+DIUN_SNIPEIT_WATCHREPO=true
+DIUN_SNIPEIT_SORTALGO=semver
+DIUN_SNIPEIT_INCLUDE=v[0-9]+\.[0-9]+\.[0-9]+-alpine
+DIUN_SNIPEIT_EXCLUDE=
+
+# MariaDB
+MARIADB_VERSION=10.9.3
+MARIADB_DATA=./data/mariadb
+MARIADB_ROOT=
+MARIADB_NAME=
+MARIADB_USER=
+MARIADB_PASS=
+MARIADB_PREFIX=
+DIUN_MARIADB_ENABLE=true
+DIUN_MARIADB_WATCHREPO=true
+DIUN_MARIADB_SORTALGO=semver
+DIUN_MARIADB_INCLUDE=[0-9]+\.[0-9]+\.[0-9]+
+DIUN_MARIADB_EXCLUDE=
+
+# Redis
+REDIS_VERSION=7.0.5-alpine3.16
+REDIS_PASS=
+DIUN_REDIS_ENABLE=true
+DIUN_REDIS_WATCHREPO=true
+DIUN_REDIS_SORTALGO=semver
+DIUN_REDIS_INCLUDE=[0-9]+\.[0-9]+\.[0-9]+-alpine[0-9]+\.[0-9]+
+DIUN_REDIS_EXCLUDE=
diff --git a/init.sh b/init.sh
new file mode 100755
index 0000000..7481c9a
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+
+# Retrieve proper environment variables
+SNIPEIT_VERSION=$(cat .env | grep SNIPEIT_VERSION | sed 's/SNIPEIT_VERSION=//')
+
+# Generate a new key (escaped for `sed` use)
+SNIPEIT_KEY=$(docker run --rm snipe/snipe-it:${SNIPEIT_VERSION} | grep base64 | sed -e 's/[\/&]/\\&/g')
+
+# Place the newly generated key in the env file
+sed -i "s/SNIPEIT_KEY=.*/SNIPEIT_KEY=${SNIPEIT_KEY}/" .env
diff --git a/start.sh b/start.sh
new file mode 100755
index 0000000..16eeb8e
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,21 @@
+#/usr/bin/env bash
+set -e
+
+# Retrieve proper environment variables
+SNIPEIT_DATA=$(cat .env | grep SNIPEIT_DATA | sed 's/SNIPEIT_DATA=//')
+
+# Start MariaDB first - Snipe-IT doesn't like when the DB is not ready yet
+docker compose up -d mariadb
+
+# Wait a couple of seconds that the database is ready
+for I in {10..1}; do
+  printf " ${I}"
+  sleep 1
+done
+echo
+
+# Start everything else
+docker compose up -d
+
+# Change the logs folder owner (because Snipe-IT really seems to not be able to do it on its own)
+chown 100 ${SNIPEIT_DATA}/logs