Add: Gitignore and .env.example

.env

@@ -1,4 +1,11 @@
 POSTGRES_PASSWORD=postegres_project.m169
 GITEA_DB_PASSWORD=gitea_project.m169
+GITEA_RUNNER_REGISTRATION_TOKEN=7bs8jdNZ5Bj5g0T1zl54Cwjsx18a9sP41NX3TFOW
 KEYCLOAK_DB_PASSWORD=keycloak_project.m169
-SONAR_TOKEN=sqp_7f2cc6a53802da339b7fe6c9a24a74549b2b02bc
+SONAR_DB_PASSWORD=sonar
+OAUTH2_PROXY_CLIENT_ID=traefik
+OAUTH2_PROXY_CLIENT_SECRET=m3ZHftbacZ11NY8zEspcOGBgyb8GTp7L
+OAUTH2_PROXY_COOKIE_SECRET=oBmYaxLkk6X9KZUK5NJhZXCwpB2eiL7RFNgJchMSi7Y=
+CODE_SERVER_OAUTH2_CLIENT_ID=code-server
+CODE_SERVER_OAUTH2_CLIENT_SECRET=7OedgP03xM9iOnjDbnU0Wqa5qVk4yQrv
+CODE_SERVER_OAUTH2_COOKIE_SECRET=37e1e3cbb48d22922caa388aafb91a7d

.env.example

@@ -0,0 +1,15 @@
+# GITEA
+GITEA_DB_PASSWORD=changer_ce_mot_de_passe
+GITEA_RUNNER_REGISTRATION_TOKEN=token_runner_gitea
+
+# OAUTH2
+OAUTH2_PROXY_CLIENT_ID=traefik
+OAUTH2_PROXY_CLIENT_SECRET=secret_client_traefik_keycloak
+OAUTH2_PROXY_COOKIE_SECRET=valeur_base64_32_bytes
+
+CODE_SERVER_OAUTH2_CLIENT_ID=code-server
+CODE_SERVER_OAUTH2_CLIENT_SECRET=secret_client_code_server_keycloak
+CODE_SERVER_OAUTH2_COOKIE_SECRET=valeur_base64_32_bytes
+
+# KEYCLOAK
+KEYCLOAK_DB_PASSWORD=changer_ce_mot_de_passe

.gitignore

@@ -0,0 +1,2 @@
+.env
+workspace/

docker-compose.yml

@@ -21,6 +21,49 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - traefik_letsencrypt:/letsencrypt
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.mota-thomas.com`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=traefik-errors-403,traefik-errors-401,traefik-auth"
+      - "traefik.http.routers.traefik.priority=1"
+      - "traefik.http.middlewares.traefik-auth.forwardauth.address=http://oauth2-proxy:4180/oauth2/auth"
+      - "traefik.http.middlewares.traefik-auth.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.traefik-auth.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
+      - "traefik.http.middlewares.traefik-errors-401.errors.status=401"
+      - "traefik.http.middlewares.traefik-errors-401.errors.service=oauth2-proxy@docker"
+      - "traefik.http.middlewares.traefik-errors-401.errors.query=/oauth2/sign_in?rd=https://traefik.mota-thomas.com/dashboard/"
+      - "traefik.http.middlewares.traefik-errors-403.errors.status=403"
+      - "traefik.http.middlewares.traefik-errors-403.errors.service=oauth2-proxy@docker"
+      - "traefik.http.middlewares.traefik-errors-403.errors.query=/oauth2/sign_out?rd=/oauth2/sign_in"
+
+  oauth2-proxy:
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
+    restart: unless-stopped
+    environment:
+      OAUTH2_PROXY_PROVIDER: oidc
+      OAUTH2_PROXY_OIDC_ISSUER_URL: https://keycloak.mota-thomas.com/auth/realms/dev-platform
+      OAUTH2_PROXY_CLIENT_ID: ${OAUTH2_PROXY_CLIENT_ID}
+      OAUTH2_PROXY_CLIENT_SECRET: ${OAUTH2_PROXY_CLIENT_SECRET}
+      OAUTH2_PROXY_COOKIE_SECRET: ${OAUTH2_PROXY_COOKIE_SECRET}
+      OAUTH2_PROXY_EMAIL_DOMAINS: "*"
+      OAUTH2_PROXY_REDIRECT_URL: https://traefik.mota-thomas.com/oauth2/callback
+      OAUTH2_PROXY_UPSTREAMS: static://200
+      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
+      OAUTH2_PROXY_REVERSE_PROXY: "true"
+      OAUTH2_PROXY_SCOPE: "openid email profile"
+      OAUTH2_PROXY_OIDC_GROUPS_CLAIM: groups
+      OAUTH2_PROXY_ALLOWED_GROUPS: admins
+      OAUTH2_PROXY_PROMPT: "login"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.oauth2.rule=Host(`traefik.mota-thomas.com`) && PathPrefix(`/oauth2/`)"
+      - "traefik.http.routers.oauth2.entrypoints=websecure"
+      - "traefik.http.routers.oauth2.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.oauth2.priority=100"
+      - "traefik.http.services.oauth2.loadbalancer.server.port=4180"
 
   gitea-db:
     image: postgres:15
@@ -42,6 +85,7 @@ services:
       GITEA__database__USER: gitea
       GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
       GITEA__server__ROOT_URL: https://gitea.mota-thomas.com/
+      GITEA__actions__ENABLED: "true"
     volumes:
       - gitea_data:/data
     labels:
@@ -51,6 +95,22 @@ services:
       - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
       - "traefik.http.services.gitea.loadbalancer.server.port=3000"
 
+  gitea-runner:
+    image: gitea/act_runner:latest
+    restart: unless-stopped
+    depends_on:
+      - gitea
+    environment:
+      CONFIG_FILE: /config.yaml
+      GITEA_INSTANCE_URL: https://gitea.mota-thomas.com
+      GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
+      GITEA_RUNNER_NAME: dev-platform-runner
+      GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm
+    volumes:
+      - ./gitea-runner/config.yaml:/config.yaml
+      - gitea_runner_data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+
   keycloak-db:
     image: postgres:15
     environment:
@@ -89,7 +149,7 @@ services:
     container_name: sonarqube-db
     environment:
       POSTGRES_USER: sonar
-      POSTGRES_PASSWORD: sonar
+      POSTGRES_PASSWORD: ${SONAR_DB_PASSWORD}
       POSTGRES_DB: sonarqube
     volumes:
       - sonarqube_db_data:/var/lib/postgresql/data
@@ -102,7 +162,7 @@ services:
     environment:
       SONAR_JDBC_URL: jdbc:postgresql://sonarqube-db:5432/sonarqube
       SONAR_JDBC_USERNAME: sonar
-      SONAR_JDBC_PASSWORD: sonar
+      SONAR_JDBC_PASSWORD: ${SONAR_DB_PASSWORD}
     volumes:
       - sonarqube_data:/opt/sonarqube/data
       - sonarqube_logs:/opt/sonarqube/logs
@@ -114,12 +174,62 @@ services:
       - "traefik.http.routers.sonarqube.tls.certresolver=letsencrypt"
       - "traefik.http.services.sonarqube.loadbalancer.server.port=9000"
 
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Zurich
+      DEFAULT_WORKSPACE: /config/workspace
+    volumes:
+      - code_server_config:/config
+      - ./workspace:/config/workspace
+    networks:
+      - default
+    restart: unless-stopped
+
+  oauth2-proxy-code:
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
+    container_name: oauth2-proxy-code
+    depends_on:
+      - code-server
+    environment:
+      OAUTH2_PROXY_PROVIDER: keycloak-oidc
+      OAUTH2_PROXY_CLIENT_ID: ${CODE_SERVER_OAUTH2_CLIENT_ID}
+      OAUTH2_PROXY_CLIENT_SECRET: ${CODE_SERVER_OAUTH2_CLIENT_SECRET}
+      OAUTH2_PROXY_COOKIE_SECRET: ${CODE_SERVER_OAUTH2_COOKIE_SECRET}
+      OAUTH2_PROXY_COOKIE_SECURE: "true"
+      OAUTH2_PROXY_EMAIL_DOMAINS: "*"
+      OAUTH2_PROXY_REDIRECT_URL: https://code.mota-thomas.com/oauth2/callback
+      OAUTH2_PROXY_OIDC_ISSUER_URL: https://keycloak.mota-thomas.com/auth/realms/dev-platform
+      OAUTH2_PROXY_UPSTREAMS: http://code-server:8443
+      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
+      OAUTH2_PROXY_REVERSE_PROXY: "true"
+      OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
+      OAUTH2_PROXY_PASS_USER_HEADERS: "true"
+      OAUTH2_PROXY_SET_XAUTHREQUEST: "true"
+      OAUTH2_PROXY_WHITELIST_DOMAINS: .mota-thomas.com
+      OAUTH2_PROXY_COOKIE_DOMAINS: .mota-thomas.com
+      OAUTH2_PROXY_COOKIE_NAME: "_oauth2_proxy_code"
+      OAUTH2_PROXY_CODE_CHALLENGE_METHOD: S256
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.code-server.rule: Host(`code.mota-thomas.com`)
+      traefik.http.routers.code-server.entrypoints: websecure
+      traefik.http.routers.code-server.tls.certresolver: letsencrypt
+      traefik.http.services.code-server.loadbalancer.server.port: "4180"
+    networks:
+      - default
+    restart: unless-stopped
+
 volumes:
   gitea_db_data:
   gitea_data:
+  gitea_runner_data:
   keycloak_db_data:
   traefik_letsencrypt:
   sonarqube_db_data:
   sonarqube_data:
   sonarqube_logs:
-  sonarqube_extensions:
+  code_server_config:

gitea-runner/config.yaml

@@ -0,0 +1,8 @@
+log:
+  level: info
+
+runner:
+  file: /data/.runner
+
+container:
+  network: dev-platform_default