From 699945c7688f939ad1003ed9030bf999bf9b0018 Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 15:46:10 -0500 Subject: [PATCH] Updated Docker Compose file with new services. --- jitsi-env.example | 366 ++++++++++++++++++++++++++++++++ rinoa-docker-compose.yml | 437 ++++++++++++++++++++++++++++++--------- 2 files changed, 700 insertions(+), 103 deletions(-) create mode 100644 jitsi-env.example diff --git a/jitsi-env.example b/jitsi-env.example new file mode 100644 index 00000000..80603aab --- /dev/null +++ b/jitsi-env.example @@ -0,0 +1,366 @@ +ADMIN_DB_PASSWORD= +ADMIN_JWT_SECRET= +AMPLITUDE_ID= +ANALYTICS_SCRIPT_URLS= +ANALYTICS_WHITELISTED_EVENTS= +AUDIO_QUALITY_OPUS_BITRATE= +AUTH_TYPE= +AUTO_CAPTION_ON_RECORD= +AUTOSCALER_SIDECAR_GROUP_NAME= +AUTOSCALER_SIDECAR_HOST_ID= +AUTOSCALER_SIDECAR_INSTANCE_ID= +AUTOSCALER_SIDECAR_KEY_FILE= +AUTOSCALER_SIDECAR_KEY_ID= +AUTOSCALER_SIDECAR_PORT= +AUTOSCALER_SIDECAR_REGION= +AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL= +AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL= +AUTOSCALER_URL= +BRANDING_DATA_URL= +BRIDGE_AVG_PARTICIPANT_STRESS= +BRIDGE_STRESS_THRESHOLD= +CALLSTATS_CUSTOM_SCRIPT_URL= +CALLSTATS_ID= +CALLSTATS_SECRET= +CHROME_EXTENSION_BANNER_JSON= +CHROMIUM_FLAGS= +COLIBRI_REST_ENABLED= +COLIBRI_WEBSOCKET_PORT= +CONFCODE_URL= +CONFIG_EXTERNAL_CONNECT= +DATABASE_URL= +DEFAULT_LANGUAGE= +DEPLOYMENTINFO_ENVIRONMENT= +DEPLOYMENTINFO_ENVIRONMENT_TYPE= +DEPLOYMENTINFO_REGION= +DEPLOYMENTINFO_SHARD= +DEPLOYMENTINFO_USERREGION= +DESKTOP_SHARING_FRAMERATE_MAX= +DESKTOP_SHARING_FRAMERATE_MIN= +DIALIN_NUMBERS_URL= +DIALOUT_AUTH_URL= +DIALOUT_CODES_URL= +DISABLE_AUDIO_LEVELS= +DISABLE_DEEP_LINKING= +DISABLE_GRANT_MODERATOR= +DISABLE_HTTPS= +DISABLE_KICKOUT= +DISABLE_LOCAL_RECORDING= +DISABLE_POLLS= +DISABLE_PRIVATE_CHAT= +DISABLE_PROFILE= +DISABLE_REACTIONS= +DISABLE_REMOTE_VIDEO_MENU= +DISABLE_START_FOR_ALL= +DOCKER_HOST_ADDRESS= +DROPBOX_APPKEY= +DROPBOX_REDIRECT_URI= +DYNAMIC_BRANDING_URL= +E2EPING_MAX_CONFERENCE_SIZE= +E2EPING_MAX_MESSAGE_PER_SECOND= +E2EPING_NUM_REQUESTS= +ENABLE_AUDIO_PROCESSING= +ENABLE_AUTH= +ENABLE_AUTO_LOGIN= +ENABLE_AUTO_OWNER= +ENABLE_AV_MODERATION= +ENABLE_BREAKOUT_ROOMS= +ENABLE_CALENDAR= +ENABLE_CLOSE_PAGE= +ENABLE_CODEC_OPUS_RED= +ENABLE_COLIBRI_WEBSOCKET= +ENABLE_E2EPING= +ENABLE_END_CONFERENCE= +ENABLE_FILE_RECORDING_SHARING= +ENABLE_HSTS= +ENABLE_HTTP_REDIRECT= +ENABLE_JAAS_COMPONENTS= +ENABLE_JVB_XMPP_SERVER= +ENABLE_LETSENCRYPT= +ENABLE_LIPSYNC= +ENABLE_LIVESTREAMING= +ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK= +ENABLE_LIVESTREAMING_HELP_LINK= +ENABLE_LIVESTREAMING_TERMS_LINK= +ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING= +ENABLE_LOBBY= +ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT= +ENABLE_LOCAL_RECORDING_SELF_START= +ENABLE_NO_AUDIO_DETECTION= +ENABLE_NOISY_MIC_DETECTION= +ENABLE_OCTO= +ENABLE_OPUS_RED= +ENABLE_PREJOIN_PAGE= +ENABLE_REMB= +ENABLE_REQUIRE_DISPLAY_NAME= +ENABLE_SCTP= +ENABLE_SERVICE_RECORDING= +ENABLE_SIMULCAST= +ENABLE_STATS_ID= +ENABLE_STEREO= +ENABLE_SUBDOMAINS= +ENABLE_TALK_WHILE_MUTED= +ENABLE_TCC= +ENABLE_TRANSCRIPTIONS= +ENABLE_WELCOME_PAGE= +ENABLE_XMPP_WEBSOCKET= +ETHERPAD_DEFAULT_PAD_TEXT= +ETHERPAD_PUBLIC_URL= +ETHERPAD_`= +SKIN_VARIANTS= +ETHERPAD_SKIN_VARIANTS= +ETHERPAD_TITLE= +TITLE= +URL_BASE= +ETHERPAD_URL_BASE= +GC_CLIENT_CERT_URL= +GC_CLIENT_EMAIL= +GC_CLIENT_ID= +GC_GEN_MAX_TH= +GC_GEN_MIN_TH= +GC_INC_SPEED= +GC_INC_STEP_SIZE= +GC_INC_TH= +GC_PRIVATE_KEY= +GC_PRIVATE_KEY_ID= +GC_PROJECT_ID= +GC_TYPE= +GLOBAL_CONFIG= +GLOBAL_MODULES= +GOOGLE_ANALYTICS_ID= +GOOGLE_API_APP_CLIENT_ID= +HIDE_PREJOIN_DISPLAY_NAME= +HIDE_PREJOIN_EXTRA_BUTTONS= +HIDE_PREMEETING_BUTTONS= +HTTP_PORT= +HTTPS_PORT= +INVITE_SERVICE_URL= +JIBRI_BREWERY_MUC= +JIBRI_FINALIZE_RECORDING_SCRIPT_PATH= +JIBRI_HTTP_API_EXTERNAL_PORT= +JIBRI_HTTP_API_INTERNAL_PORT= +JIBRI_PENDING_TIMEOUT= +JIBRI_RECORDER_PASSWORD= +JIBRI_RECORDER_USER= +JIBRI_RECORDING_CONSTANT_RATE_FACTOR= +JIBRI_RECORDING_DIR= +JIBRI_RECORDING_FRAMERATE= +JIBRI_RECORDING_QUEUE_SIZE= +JIBRI_RECORDING_RESOLUTION= +JIBRI_RECORDING_STREAMING_MAX_BITRATE= +JIBRI_RECORDING_VIDEO_ENCODE_PRESET= +JIBRI_REQUEST_RETRIES= +JIBRI_STATSD_HOST= +JIBRI_STATSD_PORT= +JIBRI_STRIP_DOMAIN_JID= +JIBRI_USAGE_TIMEOUT= +JIBRI_WEBHOOK_SUBSCRIBERS= +JIBRI_XMPP_PASSWORD= +JIBRI_XMPP_USER= +JICOFO_AUTH_LIFETIME= +JICOFO_AUTH_PASSWORD= +JICOFO_AUTH_TYPE= +JICOFO_BRIDGE_REGION_GROUPS= +JICOFO_COMPONENT_SECRET= +JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT= +JICOFO_CONF_MAX_AUDIO_SENDERS= +JICOFO_CONF_MAX_VIDEO_SENDERS= +JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT= +JICOFO_CONF_SOURCE_SIGNALING_DELAYS= +JICOFO_CONF_SSRC_REWRITING= +JICOFO_CONF_STRIP_SIMULCAST= +JICOFO_ENABLE_AUTH= +JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS= +JICOFO_ENABLE_HEALTH_CHECKS= +JICOFO_ENABLE_REST= +JICOFO_HEALTH_CHECKS_USE_PRESENCE= +JICOFO_MULTI_STREAM_BACKWARD_COMPAT= +JICOFO_OCTO_REGION= +JIGAGI_SIP_PASSWORD= +JIGAGI_SIP_PORT= +JIGAGI_SIP_SERVER= +JIGAGI_SIP_TRANSPORT= +JIGAGI_SIP_URI= +JIGASI_BREWERY_MUC= +JIGASI_DISABLE_SIP= +JIGASI_ENABLE_SDES_SRTP= +JIGASI_HEALTH_CHECK_INTERVAL= +JIGASI_HEALTH_CHECK_SIP_URI= +JIGASI_PORT_MAX= +JIGASI_PORT_MIN= +JIGASI_SIP_DEFAULT_ROOM= +JIGASI_SIP_KEEP_ALIVE_METHOD= +JIGASI_SIP_URI= +JIGASI_TRANSCRIBER_ADVERTISE_URL= +JIGASI_TRANSCRIBER_RECORD_AUDIO= +JIGASI_TRANSCRIBER_SEND_TXT= +JIGASI_XMPP_PASSWORD= +JIGASI_XMPP_USER= +JVB_ADVERTISE_IPS= +JVB_ADVERTISE_PRIVATE_CANDIDATES= +JVB_AUTH_PASSWORD= +JVB_AUTH_USER= +JVB_BREWERY_MUC= +JVB_DISABLE_STUN= +JVB_MUC_NICKNAME= +JVB_OCTO_BIND_ADDRESS= +JVB_OCTO_REGION= +JVB_OCTO_RELAY_ID= +JVB_PORT= +JVB_STUN_SERVERS= +JVB_WS_DOMAIN= +JVB_WS_SERVER_ID= +JVB_XMPP_AUTH_DOMAIN= +JVB_XMPP_INTERNAL_MUC_DOMAIN= +JVB_XMPP_PORT= +JVB_XMPP_SERVER= +JWT_ACCEPTED_AUDIENCES= +JWT_ACCEPTED_ISSUERS= +JWT_ALLOW_EMPTY= +JWT_APP_ID= +JWT_APP_SECRET= +JWT_ASAP_KEYSERVER= +JWT_AUTH_TYPE= +JWT_ENABLE_DOMAIN_VERIFICATION= +JWT_TOKEN_AUTH_MODULE= +KEYCLOAK_ADMIN_PASSWORD= +KEYCLOAK_ROOT_LOG_LEVEL= +laF_baseUrl= +LDAP_AUTH_METHOD= +LDAP_BASE= +LDAP_BINDDN= +LDAP_BINDPW= +LDAP_FILTER= +LDAP_START_TLS= +LDAP_TLS_CACERT_DIR= +LDAP_TLS_CACERT_FILE= +LDAP_TLS_CHECK_PEER= +LDAP_TLS_CIPHERS= +LDAP_URL= +LDAP_USE_TLS= +LDAP_VERSION= +LETSENCRYPT_DOMAIN= +LETSENCRYPT_EMAIL= +LETSENCRYPT_USE_STAGING= +LOCAL_ADDRESS= +LOG_LEVEL= +MAILER_DSN= +MATOMO_ENDPOINT= +MATOMO_SITE_ID= +MATRIX_UVS_AUTH_TOKEN= +MATRIX_UVS_ISSUER= +MATRIX_UVS_SYNC_POWER_LEVELS= +MATRIX_UVS_URL= +MAX_BRIDGE_PARTICIPANTS= +MAX_PARTICIPANTS= +MERCURE_JWT_SECRET= +MERCURE_PUBLIC_URL= +MICROSOFT_API_APP_CLIENT_ID= +MY_TLD= +NGINX_RESOLVER= +NGINX_WORKER_CONNECTIONS= +NGINX_WORKER_PROCESSES= +OCTO_BRIDGE_SELECTION_STRATEGY= +P2P_PREFERRED_CODEC= +PEOPLE_SEARCH_URL= +PREFERRED_LANGUAGE= +PROSODY_AUTH_TYPE= +PROSODY_ENABLE_RATE_LIMITS= +PROSODY_RATE_LIMIT_ALLOW_RANGES= +PROSODY_RATE_LIMIT_CACHE_SIZE= +PROSODY_RATE_LIMIT_LOGIN_RATE= +PROSODY_RATE_LIMIT_SESSION_RATE= +PROSODY_RATE_LIMIT_TIMEOUT= +PROSODY_RESERVATION_ENABLED= +PROSODY_RESERVATION_REST_BASE_URL= +PUBLIC_URL= +PUBLIC_URL= +registerEmailAdress= +RESOLUTION= +RESOLUTION_MIN= +RESOLUTION_WIDTH= +RESOLUTION_WIDTH_MIN= +SENTRY_ENVIRONMENT= +SENTRY_RELEASE= +SHUTDOWN_REST_ENABLED= +SIP_URI= +START_AUDIO_MUTED= +START_AUDIO_ONLY= +START_BITRATE= +START_SILENT= +START_VIDEO_MUTED= +START_WITH_AUDIO_MUTED= +START_WITH_VIDEO_MUTED= +SUPPRESS_ERRORS_IN_PAD_TEXT= +TESTING_CAP_SCREENSHARE_BITRATE= +TESTING_OCTO_PROBABILITY= +TOKEN_AUTH_URL= +TOOLBAR_BUTTONS= +TRANSLATION_LANGUAGES= +TRANSLATION_LANGUAGES_HEAD= +TURN_CREDENTIALS= +TURN_HOST= +TURN_PORT= +TURNS_HOST= +TURNS_PORT= +TURN_TRANSPORT= +TZ= +USE_APP_LANGUAGE= +VICH_BASE= +VIDEOQUALITY_BITRATE_H264_HIGH= +VIDEOQUALITY_BITRATE_H264_LOW= +VIDEOQUALITY_BITRATE_H264_STANDARD= +VIDEOQUALITY_BITRATE_VP8_HIGH= +VIDEOQUALITY_BITRATE_VP8_LOW= +VIDEOQUALITY_BITRATE_VP8_STANDARD= +VIDEOQUALITY_BITRATE_VP9_HIGH= +VIDEOQUALITY_BITRATE_VP9_LOW= +VIDEOQUALITY_BITRATE_VP9_STANDARD= +VIDEOQUALITY_ENFORCE_PREFERRED_CODEC= +VIDEOQUALITY_PREFERRED_CODEC= +WEBSOCKET_SECRET= +WHITEBOARD_COLLAB_SERVER_PUBLIC_URL= +WHITEBOARD_ENABLED= +XMPP_AUTH_DOMAIN= +XMPP_BOSH_URL_BASE= +XMPP_DOMAIN= +XMPP_GUEST_DOMAIN= +XMPP_INTERNAL_MUC_DOMAIN= +XMPP_INTERNAL_MUC_MODULES= +XMPP_MODULES= +XMPP_MUC_CONFIGURATION= +XMPP_MUC_DOMAIN= +XMPP_MUC_MODULES= +XMPP_PORT= +XMPP_RECORDER_DOMAIN= +XMPP_SERVER= +XMPP_TRUST_ALL_CERTS= +# Allow insecure certificate while connecting Keycloak +# Set this if Keycloak has not a trusted certificate. Dont set this on prod +ALLOW_UNSECURE_CERT=1 + +# Secret for API +# Update this value for your deployment +API_SECRET=J2EQnU25NhmhFebLjHrJGVMl7SpE93ktgVi9h3Fm4aNMBJLYcvR9UdPveMpthokD + +# Timeout for API session +API_TIMEOUT=86400 + +# Postgresql host address +DB_HOST=galaxy-db + +# Postgresql password +# Update this value for your deployment +DB_PASSWD=A$s%o7!^$CapY8dsjJsromXfVbGfL8vt + +# FQDN for this setup +GALAXY_FQDN=app.galaxy-kc.loc + +# Keycloak client ID +KEYCLOAK_CLIENT_ID=galaxy + +# Keycloak address +KEYCLOAK_ORIGIN=https=//ucs-sso-ng.mydomain.corp + +# Keycloak realm +KEYCLOAK_REALM=ucs \ No newline at end of file diff --git a/rinoa-docker-compose.yml b/rinoa-docker-compose.yml index 8d96b2d8..b11662f7 100644 --- a/rinoa-docker-compose.yml +++ b/rinoa-docker-compose.yml @@ -392,7 +392,7 @@ services: - --keys=dht_crawler container_name: bitmagnet depends_on: - bitmagnet-pgsql: + bitmagnet-pg-db: condition: service_healthy required: true gluetun: @@ -401,7 +401,7 @@ services: restart: true environment: LOG_FILE_ROTATION_ENABLED: true - POSTGRES_HOST: bitmagnet-pgsql + POSTGRES_HOST: bitmagnet-pg-db POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} POSTGRES_USER: bitmagnet image: ghcr.io/bitmagnet-io/bitmagnet:latest @@ -430,8 +430,8 @@ services: type: bind bind: create_host_path: true - bitmagnet-pgsql: - container_name: bitmagnet-pgsql + bitmagnet-pg-db: + container_name: bitmagnet-pg-db environment: POSTGRES_DB: bitmagnet POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} @@ -444,7 +444,7 @@ services: test: - CMD-SHELL - pg_isready - image: postgres:16-alpine + image: postgres:17-alpine networks: bitmagnet: ipv4_address: 192.168.55.8 @@ -452,7 +452,7 @@ services: restart: unless-stopped shm_size: 1g volumes: - - source: bitmagnet-pgsql + - source: bitmagnet-pg-db target: /var/lib/postgresql/data type: volume volume: {} @@ -512,6 +512,40 @@ services: source: /rinoa-storage target: /storage type: bind + bluesky-pds: + container_name: bluesky-pds + environment: + PDS_ADMIN_EMAIL: charish.patel@trez.wtf + PDS_HOSTNAME: bsky.trez.wtf + PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET} + PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD} + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX} + PDS_DATA_DIRECTORY: /pds + PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 + PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf + PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks + PDS_BLOB_UPLOAD_LIMIT: 52428800 + PDS_DID_PLC_URL: ${PDS_DID_PLC_URL} + PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL} + PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID} + PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL} + PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID} + PDS_CRAWLERS: ${PDS_CRAWLERS} + LOG_ENABLED: true + expose: + - 3000 + image: ghcr.io/bluesky-social/pds:latest + labels: + - swag=enable + - swag_port=3000 + - swag_url=bsky.${MY_TLD} + - swag.uptime-kuma.enabled=true + - swag.uptime-kuma.monitor.url=https://bsky.${MY_TLD} + restart: unless-stopped + volumes: + - type: bind + source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds + target: /pds browserless: container_name: browserless environment: @@ -536,6 +570,55 @@ services: networks: default: null restart: unless-stopped + castopod: + container_name: castopod + depends_on: + - mariadb + environment: + MYSQL_DATABASE: castopod + MYSQL_USER: castopod + MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} + CP_DATABASE_HOSTNAME: mariadb + CP_DATABASE_NAME: castopod + CP_DATABASE_USERNAME: castopod + CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} + CP_BASEURL: pod.trez.wtf + CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT} + CP_CACHE_HANDLER: redis + CP_DISABLE_HTTPS: 1 + CP_REDIS_HOST: redis + CP_EMAIL_SMTP_HOST: postal-smtp + CP_EMAIL_FROM: noreply@trez.wtf + CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} + CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + expose: + - 8000 + image: castopod/castopod:latest + labels: + - homepage.group=Social + - homepage.name=Castopod + - homepage.href=https://pod.${MY_TLD} + - homepage.icon=castopod.png + - homepage.description=Podcast self-hosting + - swag=enable + - swag_port=8000 + - swag_url=pod.${MY_TLD} + - swag.uptime-kuma.enabled=true + - swag.uptime-kuma.monitor.url=https://pod.${MY_TLD} + restart: unless-stopped + volumes: + - castopod-media:/var/www/castopod/public/media + cloudflared: + command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}'] + container_name: cloudflared + environment: + CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN} + extra_hosts: + - host.docker.internal:host-gateway + image: 'cloudflare/cloudflared:latest' + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared cloudflareddns: container_name: cloudflareddns environment: @@ -1141,12 +1224,11 @@ services: - GITEA__mailer__PROTOCOL=smtp - GITEA__mailer__SMTP_ADDR=postal-smtp - GITEA__mailer__SMTP_PORT=25 - - GITEA__mailer__IS_TLS_ENABLED=faLse - GITEA__mailer__USER=${POSTAL_SMTP_AUTH_USER} - GITEA__mailer__PASSWD=${POSTAL_SMTP_AUTH_PASSWORD} image: gitea/gitea:1.22.2 labels: - - homepage.group=Code + - homepage.group=Code/DevOps - homepage.name=Gitea - homepage.href=https://git.${MY_TLD} - homepage.icon=gitea.svg @@ -1155,8 +1237,6 @@ services: - homepage.widget.url=http://gitea:3000 - homepage.widget.key=${GITEA_HOMEPAGE_API_KEY} - swag=enable - - swag_port=3000 - - swag_proto=http - swag_url=git.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://git.${MY_TLD} @@ -1223,10 +1303,11 @@ services: OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET} OG_GITEA_URL: https://git.trez.wtf OG_GITEA_NAME: "Gitea @ Rinoa" + OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf image: ghcr.io/thomiceli/opengist:latest labels: homepage.description: Private Code Gists - homepage.group: Code + homepage.group: Code/DevOps homepage.href: https://gist.trez.wtf homepage.icon: /icons/opengist.svg homepage.name: Opengist @@ -1250,12 +1331,10 @@ services: environment: CONFIG_FILE: /config.yaml DOCKER_HOST: tcp://dockerproxy:2375 - GITEA_INSTANCE_URL: http://gitea:3000 + GITEA_INSTANCE_URL: https://git.trez.wtf GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" GITEA_RUNNER_NAME: "gitea-runner-1" image: gitea/act_runner:latest - networks: - default: null ports: - 63604:63604 restart: always @@ -1274,6 +1353,7 @@ services: GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml ports: - 58525:58525 + restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/ gluetun: @@ -1289,7 +1369,7 @@ services: expose: - 8000 extra_hosts: - - bitmagnet-pgsql:192.168.55.8 + - bitmagnet-pg-db:192.168.55.8 image: qmcgaw/gluetun:latest networks: bitmagnet: @@ -2012,7 +2092,7 @@ services: - swag_url=itt.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://itt.${MY_TLD} - - homepage.group=Code + - homepage.group=Code/DevOps - homepage.name=IT-Tools - homepage.href=https://itt.${MY_TLD} - homepage.icon=it-tools.svg @@ -2033,7 +2113,7 @@ services: MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 MERCURE_JWT_SECRET: ${JITSI__ADMIN_JWT_SECRET} MERCURE_PUBLIC_URL: https://meet-admin.${MY_TLD} - MERCURE_URL: http://jitsi-admin-websocket + MERCURE_URL: http://jitsi-admin-websocket:3000 OAUTH_KEYCLOAK_CLIENT_ID: null OAUTH_KEYCLOAK_CLIENT_REALM: null OAUTH_KEYCLOAK_CLIENT_SECRET: null @@ -2043,6 +2123,18 @@ services: laF_baseUrl: https://meet-admin.${MY_TLD} registerEmailAdress: noreply@trez.wtf image: h2invent/jitsi-admin-main + labels: + - swag=enable + - swag_proto=http + - swag_port=3000 + - swag_url=meet-admin.${MY_TLD} + - swag.uptime-kuma.enabled=true + - swag.uptime-kuma.monitor.url=https://meet-admin.${MY_TLD} + - homepage.group=System Administration + - homepage.name=Jitsi Admin + - homepage.href=https://meet-admin.${MY_TLD} + - homepage.icon=/icons/jitsi-admin.png + - homepage.description=Web Conferencing networks: default: null restart: unless-stopped @@ -2104,7 +2196,7 @@ services: restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/keycloak - target: /opt/keycloak + target: /opt/keycloak/data/import type: bind bind: create_host_path: true @@ -2118,7 +2210,9 @@ services: labels: - swag=enable - swag_proto=http + - swag_port=3000 - swag_url=meet-admin.${MY_TLD} + - swag_server_custom_directive="location /ws { proxy_pass http://localhost:3000; proxy_set_header X-Forwarded-Proto http; proxy_set_header Host $$host; }" - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://meet-admin.${MY_TLD} - homepage.group=System Administration @@ -2711,8 +2805,8 @@ services: target: /var/lib/postgresql/data type: volume volume: {} - joplin-server: - container_name: joplin-server + joplin: + container_name: joplin environment: - ACCOUNT_TYPES_ENABLED=true - APP_PORT=${JOPLIN_APP_PORT} @@ -2735,18 +2829,15 @@ services: - POSTGRES_HOST=joplin-db image: joplin/server:latest labels: - - homepage.group=Personal Services - - homepage.name=Joplin - - homepage.href=https://notes.${MY_TLD} - - homepage.icon=joplin.svg - - homepage.description=Open-source note taking & to-do - - swag=enable - - swag_proto=http - - swag_port=22300 - - swag_url=notes.${MY_TLD} - - swag_server_custom_directive="proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;" - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://notes.${MY_TLD} + homepage.group: Personal Services + homepage.name: Joplin + homepage.href: https://notes.${MY_TLD} + homepage.icon: joplin.svg + homepage.description: Open-source note taking & to-do + swag: enable + swag_url: notes.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://notes.${MY_TLD} networks: default: null ports: @@ -2911,7 +3002,7 @@ services: container_name: lldap environment: - UID=${PUID} - - GID=${GUID} + - GID=${PGID} - TZ=${TZ} - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET} - LLDAP_KEY_SEED=${LLDAP_KEY_SEED} @@ -3114,7 +3205,7 @@ services: - homepage.icon=mattermost.svg - homepage.description=Team collaboration and technical workflows (Slack alternative) - swag=enable - - swag_custom_directive=client_max_body_size 0; + - swag_server_custom_directive=client_max_body_size 0; - swag_proto=http - swag_port=8065 - swag_url=mm.${MY_TLD} @@ -3472,6 +3563,69 @@ services: type: bind bind: create_host_path: true + netbox: + container_name: netbox + depends_on: + netbox-db: + condition: service_healthy + required: true + redis: + condition: service_started + required: true + environment: + PUID: ${PUID} + PGID: ${PGID} + TZ: ${TZ} + SUPERUSER_EMAIL: charish.patel@pm.me + SUPERUSER_PASSWORD: ${NETBOX_SUPERUSER_PASSWORD} + ALLOWED_HOST: net.trez.wtf + DB_NAME: netbox + DB_USER: netbox + DB_PASSWORD: ${NETBOX_PG_DB_PASSWORD} + DB_HOST: netbox-db + DB_PORT: 5432 + DEBUG: false + DOCKER_MODS: linuxserver/mods:netbox-slurpit + REDIS_HOST: redis + REDIS_PORT: 6379 + REMOTE_AUTH_ENABLED: + image: lscr.io/linuxserver/netbox:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Netbox + homepage.href: https://net.${MY_TLD} + homepage.icon: netbox.svg + homepage.description: Network modeling/documentation + swag: enable + swag_url: net.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://net.${MY_TLD} + ports: + - 8007:8000 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/netbox/:/config + netbox-db: + container_name: netbox-db + environment: + POSTGRES_USER: netbox + POSTGRES_PASSWORD: ${NETBOX_PG_DB_PASSWORD} + POSTGRES_DB: netbox + expose: + - 5432 + healthcheck: + test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER + start_period: 20s + timeout: 30s + interval: 10s + retries: 5 + image: postgres:17-alpine + restart: always + volumes: + - source: netbox-pg-db + target: /var/lib/postgresql/data + type: volume + volume: {} nextcloud: container_name: nextcloud environment: @@ -4170,6 +4324,7 @@ services: - homepage.icon=libreddit.svg - homepage.description=Redlib is a private front-end like Invidious but for Reddit - swag=enable + - swag_auth=authelia - swag_proto=http - swag_port=8080 - swag_url=rlib.${MY_TLD} @@ -4465,6 +4620,120 @@ services: type: bind bind: create_host_path: true + semaphore: + container_name: semaphore + environment: + ANSIBLE_HOST_KEY_CHECKING: false + SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD} + SEMAPHORE_ADMIN_NAME: admin + SEMAPHORE_ADMIN_EMAIL: charish.patel@pm.me + SEMAPHORE_ADMIN: admin + SEMAPHORE_DB_DIALECT: bolt + SEMAPHORE_EMAIL_ALERT: true + SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf + SEMAPHORE_EMAIL_HOST: postal-smtp + SEMAPHORE_EMAIL_PORT: 25 + SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} + SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + SEMAPHORE_EMAIL_SECURE: false + SEMAPHORE_USE_REMOTE_RUNNER: true + image: semaphoreui/semaphore:v2.10.32 + labels: + - homepage.group=Code/DevOps + - homepage.name=Semaphore + - homepage.href=https://devops.${MY_TLD} + - homepage.icon=semaphore.svg + - homepage.description=Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools + - swag=enable + - swag_port=3000 + - swag_proto=http + - swag_url=devops.${MY_TLD} + - swag.uptime-kuma.enabled=true + - swag.uptime-kuma.monitor.url=https://search.${MY_TLD} + ports: + - 3015:3000 + restart: unless-stopped + volumes: + - semaphore_config:/etc/semaphore + - semaphore_data:/var/lib/semaphore + - semaphore_tmp:/tmp/semaphore + slurpit-portal: + container_name: slurpit-portal + environment: + TZ: ${TZ} + PORTAL_BASE_URL: https://slurpit.trez.wtf + PORTAL_WAREHOUSE_URL: http://slurpit-warehouse + image: slurpit/portal:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Slurp'it + homepage.href: https://slurpit.${MY_TLD} + homepage.icon: /icons/slurpit.png + homepage.description: Network discovery + swag: enable + swag_port: 80 + swag_url: slurpit.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://slurpit.${MY_TLD} + ports: + - 8110:80 + - 5443:443 + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/nginx:/var/log/nginx/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/mysql:/var/log/mysql/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/php:/var/log/php/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/certs:/etc/nginx/certs/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/db/portal:/var/lib/mysql + - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/portal:/backup/files + slurpit-scanner: + container_name: slurpit-scanner + depends_on: + slurpit-warehouse: + condition: service_healthy + environment: + TZ: ${TZ} + SCANNER_POOLSIZE: 4 + SCANNER_TIMEOUT: 10 + SCANNER_WAREHOUSE_URL: http://slurpit-warehouse + image: slurpit/scanner:latest + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scanner:/logs + slurpit-scraper: + container_name: slurpit-scraper + depends_on: + slurpit-warehouse: + condition: service_healthy + image: slurpit/scraper:latest + environment: + TZ: ${TZ} + SCRAPER_TIMEOUT: 20 + SCRAPER_POOLSIZE: 4 + SCRAPER_WAREHOUSE_URL: http://slurpit-warehouse + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scraper:/logs + slurpit-warehouse: + container_name: slurpit-warehouse + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/services"] + interval: 10s + timeout: 10s + retries: 360 + image: slurpit/warehouse:latest + environment: + TZ: ${TZ} + WAREHOUSE_CALLBACK_SCANNER_URL: http://slurpit-portal/callback/scanner + WAREHOUSE_CALLBACK_SCANNER_TOKEN: + WAREHOUSE_CALLBACK_SCRAPER_URL: http://slurpit-portal/callback/scraper + WAREHOUSE_CALLBACK_SCRAPER_TOKEN: + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/warehouse:/backup/files + - ${DOCKER_VOLUME_CONFIG}/slurpit/db/warehouse:/var/lib/mongodb + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse/mongodb:/var/log/mongodb + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse:/logs sonarqube: container_name: sonarqube depends_on: @@ -4486,11 +4755,11 @@ services: hostname: sonarqube image: mc1arke/sonarqube-with-community-branch-plugin:lts labels: - - homepage.group=Code + - homepage.group=Code/DevOps - homepage.name=Sonarqube - homepage.href=https://sqube.trez.wtf - homepage.icon=sonarqube.svg - - homepage.description=Code quality/security + - homepage.description=Code/DevOps quality/security - swag=enable - swag_proto=http - swag_port=9000 @@ -4518,6 +4787,7 @@ services: timeout: 5s retries: 5 image: postgres:17-alpine + restart: unless-stopped volumes: - sonarqube-db:/var/lib/postgresql - sonarqube-db-data:/var/lib/postgresql/data @@ -4676,7 +4946,7 @@ services: - VALIDATION=dns - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - CROWDSEC_LAPI_URL=http://crowdsec:8080 - - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec + - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma - PROPAGATION=30 - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - UPTIME_KUMA_URL=http://uptimekuma:3001 @@ -4690,7 +4960,7 @@ services: - swag_url=swag.${MY_TLD} - swag_auth=authelia - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} + - swag.uptime-kuma.monitor.url=https://swag.${MY_TLD} - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=SWAG Dashboard - homepage.href=https://swag.${MY_TLD} @@ -4764,7 +5034,6 @@ services: - homepage.widget.url=http://tandoor-recipes:8080 - homepage.widget.key=${TANDOOR_API_TOKEN} - swag=enable - - swag_server_custom_directive="proxy_set_header X-Forwarded-Host $$http_host; proxy_set_header Host $$http_host;" - swag_proto=http - swag_url=recipes.${MY_TLD} - swag.uptime-kuma.enabled=true @@ -6156,52 +6425,6 @@ services: source: /etc/localtime target: /etc/localtime type: bind - vault: - cap_add: - - IPC_LOCK - command: - - server - container_name: hc-vault - environment: - - AWS_ACCESS_KEY_ID=${VAULT_HASHICORP_AWS_ACCESS_KEY_ID} - - AWS_SECRET_ACCESS_KEY=${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY} - image: hashicorp/vault:latest - labels: - - homepage.group=Code - - homepage.name=Vault - - homepage.icon=vault.png - - homepage.href=https://vault.${MY_TLD} - - homepage.description=Hashicorp Vault for secrets, key/value stores, etc. - - swag=enable - - swag_proto=http - - swag_port=8200 - - swag_address=hc-vault - - swag_url=vault.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://vault.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8200" - target: 8200 - - mode: ingress - protocol: tcp - published: "8250" - target: 8250 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/ - target: /vault/config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/ - target: /vault/logs - type: bind - bind: - create_host_path: true wallabag: container_name: wallabag depends_on: @@ -7141,8 +7364,10 @@ services: volumes: authelia-pg-db: name: compose_authelia-pg-db - bitmagnet-pgsql: - name: compose_bitmagnet-pgsql + bitmagnet-pg-db: + name: bitmagnet-pg-db + castopod-media: + name: castopod-media crowdsec-config: name: compose_crowdsec-config crowdsec-db: @@ -7156,9 +7381,9 @@ volumes: fastenhealth-db: name: compose_fastenhealth-db filebeat_etc: - name: compose_filebeat_etc + name: filebeat_etc filebeat_var: - name: compose_filebeat_var + name: filebeat_var gitea-pg-db: name: compose_gitea-pg-db grafana-mimir-data: @@ -7217,6 +7442,8 @@ volumes: name: compose_mongo3_config mongo3_data: name: compose_mongo3_data + netbox-pg-db: + name: netbox-pg-db ollama: name: compose_ollama paperless-ngx-data: @@ -7233,8 +7460,12 @@ volumes: name: compose_plausible-event-logs reactive-resume-pg: name: compose_reactive-resume-pg - rustdesk-data: - name: compose_rustdesk-data + semaphore_config: + name: semaphore_config + semaphore_data: + name: semaphore_data + semaphore_tmp: + name: semaphore_tmp sonarqube-data: name: sonarqube-data sonarqube-db: @@ -7258,29 +7489,29 @@ volumes: wallos-logos: name: compose_wallos-logos wazuh-dashboard-config: - name: compose_wazuh-dashboard-config + name: wazuh-dashboard-config wazuh-dashboard-custom: - name: compose_wazuh-dashboard-custom + name: wazuh-dashboard-custom wazuh-indexer-data: - name: compose_wazuh-indexer-data + name: wazuh-indexer-data wazuh_active_response: - name: compose_wazuh_active_response + name: wazuh_active_response wazuh_agentless: - name: compose_wazuh_agentless + name: wazuh_agentless wazuh_api_configuration: - name: compose_wazuh_api_configuration + name: wazuh_api_configuration wazuh_etc: - name: compose_wazuh_etc + name: wazuh_etc wazuh_integrations: - name: compose_wazuh_integrations + name: wazuh_integrations wazuh_logs: - name: compose_wazuh_logs + name: wazuh_logs wazuh_queue: - name: compose_wazuh_queue + name: wazuh_queue wazuh_var_multigroups: - name: compose_wazuh_var_multigroups + name: wazuh_var_multigroups wazuh_wodles: - name: compose_wazuh_wodles + name: wazuh_wodles zammad-backup: driver: local name: compose_zammad-backup