From ae6be98886c60648bab2f737aec63a1c21984ddc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Tue, 25 Feb 2025 09:57:27 -0500 Subject: [PATCH 1/5] Adding Bunkerweb and Semaphore; removing Zitadel. --- ansible/app-configs/homepage_settings.yaml.j2 | 2 +- docker-compose.yml | 154 ++++++++++++------ 2 files changed, 108 insertions(+), 48 deletions(-) diff --git a/ansible/app-configs/homepage_settings.yaml.j2 b/ansible/app-configs/homepage_settings.yaml.j2 index b24da909..8514ad5a 100644 --- a/ansible/app-configs/homepage_settings.yaml.j2 +++ b/ansible/app-configs/homepage_settings.yaml.j2 @@ -29,7 +29,7 @@ layout: columns: 4 Code/DevOps: style: row - columns: 3 + columns: 4 Social: style: row columns: 3 diff --git a/docker-compose.yml b/docker-compose.yml index 3a77a872..3f203dae 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -478,6 +478,60 @@ services: networks: default: null restart: unless-stopped + bunkerweb: + container_name: bunkerweb + image: bunkerity/bunkerweb:1.6.0 + environment: + AUTOCONF_MODE: yes + API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16 + labels: + bunkerweb.INSTANCE: yes + ports: + - 27002:8080 + - 63824:8443 + restart: unless-stopped + bunkerweb-scheduler: + container_name: bunkerweb-ui + environment: + <<: *bw-ui-env + BUNKERWEB_INSTANCES: bunkerweb + SERVER_NAME: bunker.trez.wtf + API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16 + MULTISITE: yes + UI_HOST: http://bunkerweb-ui:7000 # Change it if needed + image: bunkerity/bunkerweb-scheduler:1.6.0 + restart: unless-stopped + volumes: + - bunkerweb-storage:/data # This is used to persist the cache and other data like the backups + bunkerweb-autoconf: + container_name: bunkerweb-autoconf + depends_on: + - docker-socket-proxy + environment: + <<: *bw-ui-env + DOCKER_HOST: tcp://dockerproxy:2375 + image: bunkerity/bunkerweb-autoconf:1.6.0 + restart: unless-stopped + bunkerweb-ui: + container_name: bunkerweb-ui + environment: + <<: *bw-ui-env + TOTP_SECRETS: ${BUNKERWEB_TOTP_SECRETS} + expose: + - 7000 + image: bunkerity/bunkerweb-ui:1.6.0 + labels: + homepage.group: Privacy/Security + homepage.name: Bunker Web + homepage.href: https://bunker.${MY_TLD} + homepage.icon: bunkerweb.svg + homepage.description: Next-gen WAF + swag: enable + swag_port: 7000 + swag_url: bunker.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD} + restart: unless-stopped bytestash: container_name: bytestash environment: @@ -3724,7 +3778,7 @@ services: expose: - 9000 - 9443 - image: portainer/portainer-ce:alpine-sts + image: portainer/portainer-ce:2.27.0-alpine labels: swag: enable swag_proto: http @@ -4374,6 +4428,43 @@ services: type: bind bind: create_host_path: true + semaphore: + container_name: semaphore + environment: + ANSIBLE_HOST_KEY_CHECKING: false + SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD} + SEMAPHORE_ADMIN_NAME: admin + SEMAPHORE_ADMIN_EMAIL: charish.patel@trez.wtf + SEMAPHORE_ADMIN: admin + SEMAPHORE_DB_DIALECT: bolt + SEMAPHORE_EMAIL_ALERT: true + SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf + SEMAPHORE_EMAIL_HOST: postal-smtp + SEMAPHORE_EMAIL_PORT: 25 + SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} + SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + SEMAPHORE_EMAIL_SECURE: false + SEMAPHORE_USE_REMOTE_RUNNER: true + image: semaphoreui/semaphore:v2.12.14 + labels: + homepage.group: Code/DevOps + homepage.name: Semaphore + homepage.href: https://devops.${MY_TLD} + homepage.icon: semaphore.svg + homepage.description: Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools + swag: enable + swag_port: 3000 + swag_proto: http + swag_url: devops.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://devops.${MY_TLD} + ports: + - 3015:3000 + restart: unless-stopped + volumes: + - semaphore_config:/etc/semaphore + - semaphore_data:/var/lib/semaphore + - semaphore_tmp:/tmp/semaphore sonarqube: container_name: sonarqube depends_on: @@ -5159,57 +5250,13 @@ services: source: /rinoa-storage target: /storage type: bind - zitadel: - container_name: zitadel - image: ghcr.io/zitadel/zitadel:latest - command: 'start-from-init --masterkeyFromEnv --config /config.yaml --config /secrets.yaml --config /init-steps.yaml --tlsMode external' - depends_on: - zitadel-pg-db: - condition: 'service_started' - environment: - ZITADEL_MASTERKEY: ${ZITADEL_MASTER_KEY} - expose: - - 8080 - labels: - swag: enable - swag_proto: http - swag_port: 8080 - swag_url: id.${MY_TLD} - swag_server_custom_directive: http2 on; - homepage.group: System Administration - homepage.name: Zitadel - homepage.href: https://id.${MY_TLD} - homepage.icon: zitadel.svg - homepage.description: Centralized authentication management - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_CONFIG}/zitadel/config.yaml:/config.yaml - - ${DOCKER_VOLUME_CONFIG}/zitadel/init-steps.yaml:/init-steps.yaml - - ${DOCKER_VOLUME_CONFIG}/zitadel/secrets.yaml:/secrets.yaml - zitadel-pg-db: - container_name: zitadel-pg-db - environment: - POSTGRES_USER: root - POSTGRES_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD} - expose: - - 5432 - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "root" ] - interval: '10s' - timeout: '30s' - retries: 5 - start_period: '20s' - image: postgres:16-alpine - restart: unless-stopped - volumes: - - zitadel-pg-db:/var/lib/postgresql/data volumes: authelia-pg-db: name: authelia-pg-db bitmagnet-pg-db: name: bitmagnet-pg-db - bunkerweb-data: - name: bunkerweb-data + bunkerweb-storage: + name: bunkerweb-storage castopod-media: name: castopod-media crowdsec-config: @@ -5312,6 +5359,12 @@ volumes: name: portainer-data reactive-resume-pg: name: reactive-resume-pg + semaphore_config: + name: semaphore_config + semaphore_data: + name: semaphore_data + semaphore_tmp: + name: semaphore_tmp sonarqube-data: name: sonarqube-data sonarqube-db: @@ -5334,3 +5387,10 @@ volumes: name: wallos-logos zitadel-pg-db: name: zitadel-pg-db +x-ui-env: &bw-ui-env + # We anchor the environment variables to avoid duplication + AUTOCONF_MODE: "yes" + DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database + USE_REAL_IP: yes + REAL_IP_FROM: 172.18.0.0/16 + REAL_IP_HEADER: 'X-Forwarded-For' \ No newline at end of file From 6570bb086f52a778e7efc844a20e862630fbead4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Tue, 25 Feb 2025 10:13:40 -0500 Subject: [PATCH 2/5] Typo fix. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3f203dae..83380000 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5387,7 +5387,7 @@ volumes: name: wallos-logos zitadel-pg-db: name: zitadel-pg-db -x-ui-env: &bw-ui-env +x-bw-ui-env: &bw-ui-env # We anchor the environment variables to avoid duplication AUTOCONF_MODE: "yes" DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database From f427ab6bd3af76871266bd83e34037d9282c6f10 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Tue, 25 Feb 2025 10:22:52 -0500 Subject: [PATCH 3/5] ... --- docker-compose.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 83380000..72c72a8b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,11 @@ name: compose +x-bw-ui-env: &bw-ui-env + # We anchor the environment variables to avoid duplication + AUTOCONF_MODE: "yes" + DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database + USE_REAL_IP: yes + REAL_IP_FROM: 172.18.0.0/16 + REAL_IP_HEADER: 'X-Forwarded-For' networks: bitmagnet: driver: bridge @@ -5386,11 +5393,4 @@ volumes: wallos-logos: name: wallos-logos zitadel-pg-db: - name: zitadel-pg-db -x-bw-ui-env: &bw-ui-env - # We anchor the environment variables to avoid duplication - AUTOCONF_MODE: "yes" - DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database - USE_REAL_IP: yes - REAL_IP_FROM: 172.18.0.0/16 - REAL_IP_HEADER: 'X-Forwarded-For' \ No newline at end of file + name: zitadel-pg-db \ No newline at end of file From 4b731e414f96a4f7637b9cf0a7832aad03b82e8e Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Tue, 25 Feb 2025 10:49:06 -0500 Subject: [PATCH 4/5] Typo fix in BW Scheduler container. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 72c72a8b..388f9c33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -498,7 +498,7 @@ services: - 63824:8443 restart: unless-stopped bunkerweb-scheduler: - container_name: bunkerweb-ui + container_name: bunkerweb-scheduler environment: <<: *bw-ui-env BUNKERWEB_INSTANCES: bunkerweb From 2c15df1cec69ff35f0e7d8b9113b27e709196c3e Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Tue, 25 Feb 2025 15:59:58 +0000 Subject: [PATCH 5/5] chore: Update README --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b2c32031..5415736e 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,10 @@ | bitwarden | vaultwarden/server:latest | | bluesky-pds | ghcr.io/bluesky-social/pds:latest | | browserless | ghcr.io/browserless/chromium:latest | +| bunkerweb | bunkerity/bunkerweb:1.6.0 | +| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:1.6.0 | +| bunkerweb-autoconf | bunkerity/bunkerweb-autoconf:1.6.0 | +| bunkerweb-ui | bunkerity/bunkerweb-ui:1.6.0 | | bytestash | ghcr.io/jordan-dalby/bytestash:latest | | castopod | castopod/castopod:latest | | cloudflared | cloudflare/cloudflared:latest | @@ -75,6 +79,7 @@ | lidify | thewicklowwolf/lidify:latest | | lldap | lldap/lldap:stable | | maloja | krateng/maloja:latest | +| manyfold | lscr.io/linuxserver/manyfold:latest | | mariadb | linuxserver/mariadb | | mastodon | lscr.io/linuxserver/mastodon:latest | | mastodon-pg-db | postgres:17-alpine | @@ -103,7 +108,7 @@ | plausible | ghcr.io/plausible/community-edition:v2.1.0 | | plausible_db | postgres:16-alpine | | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine | -| portainer | portainer/portainer-ce:alpine-sts | +| portainer | portainer/portainer-ce:2.27.0-alpine | | portall | need4swede/portall:latest | | postal-smtp | ghcr.io/postalserver/postal:latest | | postal-web | ghcr.io/postalserver/postal:latest | @@ -122,6 +127,7 @@ | scraperr-api | jpyles0524/scraperr_api:latest | | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus | | searxng | searxng/searxng:latest | +| semaphore | semaphoreui/semaphore:v2.12.14 | | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts | | sonarqube-pg-db | postgres:17-alpine | | sonarr | lscr.io/linuxserver/sonarr:latest | @@ -145,6 +151,4 @@ | web-check | lissy93/web-check | | your_spotify | lscr.io/linuxserver/your_spotify:latest | | youtubedl | nbr23/youtube-dl-server:latest | -| zitadel | ghcr.io/zitadel/zitadel:latest | -| zitadel-pg-db | postgres:16-alpine |