22 add wekan recipe (#8)

* Add Wekan recipe

docs/recipies/git-docker.md

@@ -1,29 +0,0 @@
-# Introduction
-
-Our HA platform design relies on Atomic OS, which only contains bare minimum elements to run containers.
-
-So how can we use git on this system, to push/pull the changes we make to config files?
-
-docker run -v /var/data/git-docker/data:/root funkypenguin/git-docker ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519
-Generating public/private ed25519 key pair.
-Enter passphrase (empty for no passphrase): Enter same passphrase again: Created directory '/root/.ssh'.
-Your identification has been saved in /root/.ssh/id_ed25519.
-Your public key has been saved in /root/.ssh/id_ed25519.pub.
-The key fingerprint is:
-SHA256:uZtriS7ypx7Q4kr+w++nHhHpcRfpf5MhxP3Wpx3H3hk root@a230749d8d8a
-The key's randomart image is:
-+--[ED25519 256]--+
-|         .o .    |
-|      .  ..o .   |
-|     + ....   ...|
-|   .. + .o . . E=|
-|  o .o  S . . ++B|
-| . o  .  . . +..+|
-| .o .. ...  . .  |
-|o..o..+.oo       |
-|...=OX+.+.       |
-+----[SHA256]-----+
-[root@ds3 data]#
-
-
-alias git='docker run -v $PWD:/var/data -v /var/data/git-docker/data:/root funkypenguin/git-docker git'

docs/recipies/gitlab.md

@@ -101,9 +101,11 @@ networks:
     driver: overlay
     ipam:
       config:
-        - subnet: 172.16.1.0/24
+        - subnet: 172.16.2.0/24
+        - 
 ```
-
+!!! tip
+    Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
 
 
 ## Serving

docs/recipies/wekan.md

@@ -0,0 +1,115 @@
+# Wekan
+
+Wekan is an open-source kanban board which allows a card-based task and to-do management, similar to tools like WorkFlowy or Trello.
+
+![Wekan Screenshot](../images/wekan.jpg)
+
+Wekan allows to create Boards, on which Cards can be moved around between a number of Columns. Boards can have many members, allowing for easy collaboration, just add everyone that should be able to work with you on the board to it, and you are good to go! You can assign colored Labels to cards to facilitate grouping and filtering, additionally you can add members to a card, for example to assign a task to someone.
+
+There's a [video](https://www.youtube.com/watch?v=N3iMLwCNOro) of the developer showing off the app, as well as a f[unctional demo](https://wekan.indie.host/b/t2YaGmyXgNkppcFBq/wekan-fork-roadmap).
+
+!!! note
+    For added privacy, this design secures wekan behind an [oauth2 proxy](/reference/oauth_proxy/), so that in order to gain access to the wekan UI at all, oauth2 authentication (to GitHub, GitLab, Google, etc) must have already occured.
+
+## Ingredients
+
+1. [Docker swarm cluster](/ha-docker-swarm/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+2. [Traefik](/ha-docker-swarm/traefik) configured per design
+
+## Preparation
+
+### Setup data locations
+
+We'll need several directories to bind-mount into our container, so create them in /var/data/wekan:
+
+```
+mkdir /var/data/wekan
+cd /var/data/wekan
+mkdir -p {wekan-db,wekan-db-dump}
+```
+
+### Prepare environment
+
+You'll need to know the following:
+
+1. Choose an oauth provider, and obtain a client ID and secret
+2. Create wekan.env, and populate with the following variables
+```
+OAUTH2_PROXY_CLIENT_ID=
+OAUTH2_PROXY_CLIENT_SECRET=
+OAUTH2_PROXY_COOKIE_SECRET=
+MONGO_URL=mongodb://wekandb:27017/wekan
+ROOT_URL=https://wekan.example.com
+MAIL_URL=smtp://wekan@wekan.example.com:password@mail.example.com:587/
+MAIL_FROM="Wekan <wekan@wekan.example.com>"
+```
+
+### Setup Docker Swarm
+
+Create a docker swarm config file in docker-compose syntax (v3), something like this:
+
+```
+version: '3'
+
+services:
+
+  wekandb:
+    image: mongo:3.2.15
+    command: mongod --smallfiles --oplogSize 128
+    networks:
+      - internal
+    volumes:
+      - /var/data/wekan/wekan-db:/data/db
+      - /var/data/wekan/wekan-db-dump:/dump
+
+  proxy:
+    image: zappi/oauth2_proxy
+    env_file: /var/data/wekan/wekan.env
+    networks:
+      - traefik
+      - internal
+    deploy:
+      labels:
+        - traefik.frontend.rule=Host:wekan.example.com
+        - traefik.docker.network=traefik
+        - traefik.port=4180
+    command: |
+      -cookie-secure=false
+      -upstream=http://wekan:80
+      -redirect-url=https://wekan.example.com
+      -http-address=http://0.0.0.0:4180
+      -email-domain=example.com
+      -provider=github
+
+  wekan:
+    image: wekanteam/wekan:latest
+    networks:
+      - internal
+    env_file: /var/data/wekan/wekan.env
+
+networks:
+  traefik:
+    external: true
+  internal:
+    driver: overlay
+    ipam:
+      config:
+        - subnet: 172.16.3.0/24
+```
+
+!!! tip
+    Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
+
+
+
+## Serving
+
+### Launch Wekan stack
+
+Launch the Wekan stack by running ```docker stack deploy wekan -c <path -to-docker-compose.yml>```
+
+Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in gitlab.env.
+
+## Chef's Notes
+
+1. If you wanted to expose the Wekan UI directly, you could remove the oauth2_proxy from the design, and move the traefik-related labels directly to the wekan container. You'd also need to add the traefik network to the wekan container.