From f0ec7564b478a7310815939ee1d8fa7b63e691be Mon Sep 17 00:00:00 2001
From: Romain de Laage <romain.delaage@rdelaage.ovh>
Date: Thu, 15 Oct 2020 13:52:02 +0200
Subject: [PATCH] [PrivateBin] New docker image for privatebin

---
 pica-privatebin/Dockerfile                    | 19 +++++
 pica-privatebin/conf.php                      | 72 +++++++++++++++++++
 pica-privatebin/docker-compose.yml            | 37 ++++++++++
 pica-privatebin/entrypoint.sh                 |  7 ++
 .../secrets/pica-privatebin.secrets.example   |  8 +++
 5 files changed, 143 insertions(+)
 create mode 100644 pica-privatebin/Dockerfile
 create mode 100644 pica-privatebin/conf.php
 create mode 100644 pica-privatebin/docker-compose.yml
 create mode 100644 pica-privatebin/entrypoint.sh
 create mode 100644 pica-privatebin/secrets/pica-privatebin.secrets.example

diff --git a/pica-privatebin/Dockerfile b/pica-privatebin/Dockerfile
new file mode 100644
index 00000000..a69a74d9
--- /dev/null
+++ b/pica-privatebin/Dockerfile
@@ -0,0 +1,19 @@
+FROM registry.picasoft.net/pica-nginx:stretch-20200901
+
+ARG VERSION=1.3.4
+
+RUN apt update && \
+    apt install -y php7.3-pgsql && \
+    curl -SL https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz -o privatebin.tar.gz && \
+    mkdir -p /var/www/html && \
+    tar xzf privatebin.tar.gz && \
+    mv PrivateBin-$VERSION/* /var/www/html && \
+    rm -rf privatebin.tar.gz PrivateBin-$VERSION /var/www/html/cfg/conf.php /var/www/html/README.md /var/www/html/INSTALL.md
+
+COPY conf.php /var/www/html/cfg/conf.php
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+CMD /entrypoint.sh
diff --git a/pica-privatebin/conf.php b/pica-privatebin/conf.php
new file mode 100644
index 00000000..da2d861f
--- /dev/null
+++ b/pica-privatebin/conf.php
@@ -0,0 +1,72 @@
+;<?php http_response_code(403);
+[main]
+name = "PicaPaste"
+
+discussion = true
+
+opendiscussion = false
+
+password = true
+
+fileupload = false
+
+burnafterreadingselected = false
+
+defaultformatter = "plaintext"
+
+sizelimit = 10485760
+
+template = "bootstrap"
+
+notice = "Veuillez lire les <a href="">CGU</a> avant d'utiliser ce service"
+
+languageselection = false
+
+languagedefault = "fr"
+
+qrcode = true
+
+cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' * data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
+
+httpwarning = true
+
+compression = "zlib"
+
+[expire]
+default = "1week"
+
+[expire_options]
+5min = 300
+10min = 600
+1hour = 3600
+1day = 86400
+1week = 604800
+1month = 2592000
+1year = 31536000
+
+[formatter_options]
+plaintext = "Plain Text"
+syntaxhighlighting = "Source Code"
+markdown = "Markdown"
+
+[traffic]
+limit = 10
+
+header = "X_FORWARDED_FOR"
+
+dir = PATH "data"
+
+[purge]
+limit = 300
+batchsize = 40
+
+dir = PATH "data"
+
+[model]
+class = Database
+[model_options]
+dsn = ""
+tbl = ""
+usr = ""
+pwd = ""
+opt[12] = true
diff --git a/pica-privatebin/docker-compose.yml b/pica-privatebin/docker-compose.yml
new file mode 100644
index 00000000..1909f8fa
--- /dev/null
+++ b/pica-privatebin/docker-compose.yml
@@ -0,0 +1,37 @@
+version: "3.7"
+
+networks:
+  proxy:
+    external: true
+  privatebin:
+
+volumes:
+  privatebin-db:
+    name: privatebin-db
+
+services:
+  privatebin-app:
+    image: registry.picasoft.net/privatebin:1.3.4
+    container_name: privatebin-app
+    build: .
+    env_file: ./secrets/pica-privatebin.secrets
+    labels:
+      traefik.http.routers.website.entrypoints: websecure
+      traefik.http.routers.website.rule: Host(`paste.picasoft.net`)
+      traefik.http.services.website.loadbalancer.server.port: 80
+      traefik.enable: true
+    networks:
+      - proxy
+      - privatebin
+    restart: unless-stopped
+
+  privatebin-db:
+    image: postgres:12-alpine
+    container_name: privatebin-db
+    volumes:
+      - privatebin-db:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file: ./secrets/pica-privatebin.secrets
+    networks:
+      - privatebin
+    restart: unless-stopped
diff --git a/pica-privatebin/entrypoint.sh b/pica-privatebin/entrypoint.sh
new file mode 100644
index 00000000..be57225a
--- /dev/null
+++ b/pica-privatebin/entrypoint.sh
@@ -0,0 +1,7 @@
+#! /bin/sh
+
+sed -i "s/usr = \"\"/usr = \"$PB_USER\"/" /var/www/html/cfg/conf.php
+sed -i "s/pwd = \"\"/pwd = \"$PB_PASSWD\"/" /var/www/html/cfg/conf.php
+sed -i "s/dsn = \"\"/dsn = \"pgsql:host=$PB_HOST;port=$PB_PORT;dbname=$PB_NAME\"/" /var/www/html/cfg/conf.php
+
+/start.sh
diff --git a/pica-privatebin/secrets/pica-privatebin.secrets.example b/pica-privatebin/secrets/pica-privatebin.secrets.example
new file mode 100644
index 00000000..f9fb1d8d
--- /dev/null
+++ b/pica-privatebin/secrets/pica-privatebin.secrets.example
@@ -0,0 +1,8 @@
+PB_HOST=privatebin-db
+PB_PORT=5432
+PB_NAME=privatebin
+PB_USER=privatebin
+PB_PASSWD=changeme
+POSTGRES_USER=privatebin
+POSTGRES_PASSWORD=changeme
+POSTGRES_DB=privatebin
-- 
GitLab