From 6d610e85a11b7ae096ccc17ce6a3a6fea6b03424 Mon Sep 17 00:00:00 2001
From: Florian RICHER <florian.richer@unova.fr>
Date: Mon, 31 Oct 2022 10:12:14 +0100
Subject: [PATCH] Add penpot

---
 penpot/config.env         | 96 +++++++++++++++++++++++++++++++++++++++
 penpot/docker-compose.yml | 78 +++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
 create mode 100644 penpot/config.env
 create mode 100644 penpot/docker-compose.yml

diff --git a/penpot/config.env b/penpot/config.env
new file mode 100644
index 0000000..3dee73b
--- /dev/null
+++ b/penpot/config.env
@@ -0,0 +1,96 @@
+## Should be set to the public domain where penpot is going to be served.
+##
+## NOTE: If you are going to serve it under different domain than
+## 'localhost' without HTTPS, consider setting the
+## `disable-secure-session-cookies' flag on the 'PENPOT_FLAGS'
+## setting.
+
+PENPOT_PUBLIC_URI=http://localhost:9001
+
+## Feature flags.
+PENPOT_FLAGS=enable-registration enable-login disable-email-verification
+
+## Temporal workaround because of bad builtin default
+
+PENPOT_HTTP_SERVER_HOST=0.0.0.0
+
+## Standard database connection parameters (only postgresql is supported):
+
+PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
+PENPOT_DATABASE_USERNAME=penpot
+PENPOT_DATABASE_PASSWORD=penpot
+
+## Redis is used for the websockets notifications.
+
+PENPOT_REDIS_URI=redis://penpot-redis/0
+
+## By default, files uploaded by users are stored in local
+## filesystem. But it can be configured to store in AWS S3.
+
+PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
+PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
+
+## Telemetry. When enabled, a periodical process will send anonymous
+## data about this instance. Telemetry data will enable us to learn on
+## how the application is used, based on real scenarios. If you want
+## to help us, please leave it enabled.
+
+PENPOT_TELEMETRY_ENABLED=true
+
+## Email sending configuration. By default, emails are printed in the
+## console, but for production usage is recommended to setup a real
+## SMTP provider. Emails are used to confirm user registrations.
+
+PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
+PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
+# PENPOT_SMTP_HOST=
+# PENPOT_SMTP_PORT=
+# PENPOT_SMTP_USERNAME=
+# PENPOT_SMTP_PASSWORD=
+# PENPOT_SMTP_TLS=true
+# PENPOT_SMTP_SSL=false
+
+## Comma separated list of allowed domains to register. Empty to allow
+## all.
+
+# PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
+
+## Authentication providers
+
+## Google
+
+# PENPOT_GOOGLE_CLIENT_ID=
+# PENPOT_GOOGLE_CLIENT_SECRET=
+
+## GitHub
+
+# PENPOT_GITHUB_CLIENT_ID=
+# PENPOT_GITHUB_CLIENT_SECRET=
+
+## GitLab
+
+# PENPOT_GITLAB_BASE_URI=https://gitlab.com
+# PENPOT_GITLAB_CLIENT_ID=
+# PENPOT_GITLAB_CLIENT_SECRET=
+
+## OpenID Connect (since 1.5.0)
+
+# PENPOT_OIDC_BASE_URI=
+# PENPOT_OIDC_CLIENT_ID=
+# PENPOT_OIDC_CLIENT_SECRET=
+
+## LDAP
+##
+## NOTE: to enable ldap, you will need to put 'enable-login-with-ldap'
+## on the 'PENPOT_FLAGS' environment variable.
+
+# PENPOT_LDAP_HOST=ldap
+# PENPOT_LDAP_PORT=10389
+# PENPOT_LDAP_SSL=false
+# PENPOT_LDAP_STARTTLS=false
+# PENPOT_LDAP_BASE_DN=ou=people,dc=planetexpress,dc=com
+# PENPOT_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com
+# PENPOT_LDAP_BIND_PASSWORD=GoodNewsEveryone
+# PENPOT_LDAP_ATTRS_USERNAME=uid
+# PENPOT_LDAP_ATTRS_EMAIL=mail
+# PENPOT_LDAP_ATTRS_FULLNAME=cn
\ No newline at end of file
diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml
new file mode 100644
index 0000000..ebb300b
--- /dev/null
+++ b/penpot/docker-compose.yml
@@ -0,0 +1,78 @@
+version: '3.5'
+
+services:
+  penpot-frontend:
+    image: 'penpotapp/frontend:latest'
+    restart: always
+    volumes:
+      - penpot_assets_data:/opt/data
+    env_file:
+      - config.env
+    depends_on:
+      - penpot-backend
+      - penpot-exporter
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.penpot-secure.entrypoints=https"
+      - "traefik.http.routers.penpot-secure.rule=Host(`penpot.mrdev023.fr`)"
+      - "traefik.http.routers.penpot-secure.tls=true"
+      - "traefik.http.routers.penpot-secure.tls.certresolver=sslResolver"
+      # - "traefik.http.routers.whoami-secure.service=whoami"
+      # - "traefik.http.services.whoami.loadbalancer.server.port=9002"
+      - "traefik.docker.network=proxy"
+    networks:
+      - internal
+      - proxy
+
+  penpot-backend:
+    image: 'penpotapp/backend:latest'
+    restart: always
+    volumes:
+      - penpot_assets_data:/opt/data
+    depends_on:
+      - penpot-postgres
+      - penpot-redis
+    env_file:
+      - config.env
+    networks:
+      - internal
+
+  penpot-exporter:
+    image: 'penpotapp/exporter:latest'
+    restart: always
+    env_file:
+      - config.env
+    environment:
+      # Don't touch it; this uses internal docker network to
+      # communicate with the frontend.
+      - PENPOT_PUBLIC_URI=http://penpot-frontend
+    networks:
+      - internal
+
+  penpot-postgres:
+    image: 'postgres:14'
+    restart: always
+    environment:
+      - POSTGRES_INITDB_ARGS=--data-checksums
+      - POSTGRES_DB=penpot
+      - POSTGRES_USER=penpot
+      - POSTGRES_PASSWORD=penpot
+    volumes:
+      - penpot_postgres_data:/var/lib/postgresql/data
+    networks:
+      - internal
+
+  penpot-redis:
+    image: redis:7
+    restart: always
+    networks:
+      - internal
+
+volumes:
+  penpot_postgres_data:
+  penpot_assets_data:
+
+networks:
+  internal:
+  proxy:
+    external: true
\ No newline at end of file