diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 648041b8..46695e01 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -3,6 +3,9 @@ on: push: branches-ignore: - 'main' + paths: + - '**.yml' + - '!ansible/**.yml' jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' @@ -64,62 +67,107 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Cache Ansible Galaxy Collections - uses: actions/cache@v3 - with: - path: ansible/collections - key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }} - restore-keys: | - ${{ runner.os }}-ansible- - - name: Install Ansible - uses: alex-oleshkevich/setup-ansible@v1.0.1 - with: - version: "11.0.0" + - name: Fetch base branch + run: | + git fetch origin ${{ github.event.pull_request.base.ref }} + - name: Save both versions of docker-compose.yml + run: | + git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + cp docker-compose.yml docker-compose-head.yml + # - name: Compare Docker Compose changes + # run: | + # git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + # cp docker-compose.yml docker-compose-head.yml + - name: Detect added, deleted, and modified services + id: detect_services + run: | + echo "Getting services from main and ${{ github.ref_name }}" + yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt + yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt + + echo "Creating list of modified services..." + touch service_changes.txt + + comm -13 services_main.txt services_head.txt | while read service; do + echo "$service: added" >> service_changes.txt + done + + comm -12 services_main.txt services_head.txt | while read service; do + yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml + yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml + if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then + echo "$service: modified" >> service_changes.txt + fi + done + + echo "Detected service changes:" + cat service_changes.txt + + svc_list=$(paste -sd '|' service_changes.txt) + echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT" + # - name: Cache Ansible Galaxy Collections + # uses: actions/cache@v3 + # with: + # path: ansible/collections + # key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }} + # restore-keys: | + # ${{ runner.os }}-ansible- + # - name: Install Ansible + # uses: alex-oleshkevich/setup-ansible@v1.0.1 + # with: + # version: "11.0.0" - name: Install Vault uses: cpanato/vault-installer@main - - name: Install hvac - run: pip install hvac + # - name: Install hvac + # run: pip install hvac + # - name: Gotify Notification + # uses: eikendev/gotify-action@master + # with: + # gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' + # gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' + # notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' + # notification_message: 'Starting Ansible dry run...' + # - name: Ansible Playbook Dry Run + # uses: arillso/action.playbook@0.1.0 + # with: + # check: true + # galaxy_collections_path: ansible/collections + # galaxy_requirements_file: ansible/collections/requirements.yml + # inventory: ansible/inventory/hosts.yml + # playbook: ansible/docker_config_deploy.yml + # private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} + # vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + # verbose: 0 - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' - notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' - notification_message: 'Starting Ansible dry run...' - - name: Ansible Playbook Dry Run - uses: dawidd6/action-ansible-playbook@v2 - with: - directory: ansible/ - playbook: docker_config_deploy.yml - key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} - options: | - --inventory inventory/hosts.yml - --check - requirements: collections/requirements.yml - vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - - name: Gotify Notification - uses: eikendev/gotify-action@master - with: - gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' - gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' - notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' - notification_message: 'Ansible dry run completed successfully; starting Docker Compose' - - name: Generate .env file for Docker Compose Dry Run - run: | - vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env + notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa' + notification_message: 'Starting Docker Compose dry run...' - name: Cache .env Files uses: actions/cache@v4 with: path: .env key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }} + - name: Generate modified services list & .env file for Docker Compose Dry Run + id: modded_svcs + run: | + mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g') + echo ${mod_svcs} + vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env + echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT" - name: Docker Compose Dry Run - uses: yu-ichiro/spin-up-docker-compose-action@v1 + timeout-minutes: 360 + continue-on-error: true + uses: keatonLiu/docker-compose-remote-action@v1.2 with: - file: docker-compose.yml - pull: true - pull-opts: --dry-run - up: true - up-opts: --dry-run -d --remove-orphans + docker_compose_file: docker-compose.yml + docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }} + ssh_user: gitea-deploy + ssh_host: 192.168.1.254 + ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }} + ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} env: DOCKER_HOST: tcp://dockerproxy:2375 - name: Gotify Notification @@ -354,7 +402,6 @@ jobs: run: | vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Docker Compose Deployment - # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }} timeout-minutes: 360 continue-on-error: true uses: keatonLiu/docker-compose-remote-action@v1.2 diff --git a/README.md b/README.md index 7b67b0ff..414d947d 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ | bitwarden | vaultwarden/server:latest | | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 | | browserless | ghcr.io/browserless/chromium:latest | -| bytebase | bytebase/bytebase:3.5.0 | | bytestash | ghcr.io/jordan-dalby/bytestash:latest | | castopod | castopod/castopod:latest | | cloudflared | cloudflare/cloudflared:latest | @@ -33,10 +32,11 @@ | dawarich-app | freikin/dawarich:latest | | dawarich-pg-db | postgis/postgis:17-3.5-alpine | | dawarich-sidekiq | freikin/dawarich:latest | +| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest | | delugevpn | ghcr.io/binhex/arch-delugevpn:latest | | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest | -| docker-volume-backup | offen/docker-volume-backup:v2 | | duplicati | lscr.io/linuxserver/duplicati:latest | +| excalidraw | excalidraw/excalidraw:latest | | explo | ghcr.io/lumepart/explo:latest | | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main | | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest | @@ -61,6 +61,8 @@ | invidious | quay.io/invidious/invidious:latest | | invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest | | invidious-db | docker.io/library/postgres:14 | +| invoice-ninja | invoiceninja/invoiceninja-debian:5 | +| invoice-ninja_proxy | nginx | | it-tools | ghcr.io/corentinth/it-tools:latest | | jellyfin | jellyfin/jellyfin | | jitsi-etherpad | etherpad/etherpad:1.8.6 | @@ -72,6 +74,7 @@ | jitsi-web | jitsi/web:stable | | joplin-db | postgres:17-alpine | | joplin | joplin/server:latest | +| languagetool | elestio/languagetool:latest | | librechat-api | ghcr.io/danny-avila/librechat-dev:latest | | librechat-vectordb | ankane/pgvector:latest | | librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest | @@ -98,12 +101,15 @@ | ollama | ollama/ollama | | ombi | lscr.io/linuxserver/ombi:latest | | omni-tools | iib0011/omni-tools:latest | +| omnipoly | kweg/omnipoly:latest | | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest | | pgbackweb | eduardolat/pgbackweb:latest | | pgbackweb-db | postgres:16-alpine | | plantuml-server | plantuml/plantuml-server:jetty | | portainer | portainer/portainer-ce:alpine | -| portall | need4swede/portall:latest | +| portnote-web | haedlessdev/portnote:latest | +| portnote-agent | haedlessdev/portnote-agent:latest | +| portnote-pg-db | postgres:17-alpine | | postal-smtp | ghcr.io/postalserver/postal:latest | | postal-web | ghcr.io/postalserver/postal:latest | | postal-worker | ghcr.io/postalserver/postal:latest | @@ -140,6 +146,7 @@ | wallos | bellamy/wallos:latest | | watchtower | ghcr.io/containrrr/watchtower:latest | | web-check | lissy93/web-check | +| whodb | clidey/whodb | | youtubedl | nbr23/youtube-dl-server:latest | | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 | | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 | diff --git a/ansible/app-configs/scrutiny_config.yaml.j2 b/ansible/app-configs/scrutiny_config_config.yaml.j2 similarity index 100% rename from ansible/app-configs/scrutiny_config.yaml.j2 rename to ansible/app-configs/scrutiny_config_config.yaml.j2 diff --git a/docker-compose.yml b/docker-compose.yml index 22848d21..652a2afc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -806,7 +806,7 @@ services: DOCKER_HOST: tcp://dockerproxy:2375 GID: 1000 BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} - COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables + COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server image: crowdsecurity/crowdsec:latest networks: default: null @@ -1086,6 +1086,15 @@ services: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh + dead-man-hand: + container_name: dead-man-hand + environment: + DMH_CONFIG_FILE: /data/config.yaml + image: 'ghcr.io/bkupidura/dead-man-hand:latest' + ports: + - '8080:8080' + volumes: + - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data delugevpn: cap_add: - NET_ADMIN @@ -1193,87 +1202,6 @@ services: source: /var/run/docker.sock target: /var/run/docker.sock type: bind - docker-volume-backup: - container_name: docker-volume-backup - image: offen/docker-volume-backup:v2 - environment: - BACKUP_ARCHIVE: /archive - BACKUP_CRON_EXPRESSION: '@weekly' - BACKUP_COMPRESSION: zst - BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }} - BACKUP_FILENAME_EXPAND: true - BACKUP_RETENTION_DAYS: 14 - DOCKER_HOST: tcp://dockerproxy:2375 - NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN} - restart: always - volumes: - - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive - - authelia-pg-db:/backup/authelia-pg-db:ro - - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro - - bunkerweb-storage:/backup/bunkerweb-storage:ro - - castopod-media:/backup/castopod-media:ro - - crowdsec-config:/backup/crowdsec-config:ro - - crowdsec-db:/backup/crowdsec-db:ro - - dawarich_db_data:/backup/dawarich_db_data:ro - - dawarich_shared:/backup/dawarich_shared:ro - - dawarich_public:/backup/dawarich_public:ro - - dawarich_watched:/backup/dawarich_watched:ro - - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro - - fastenhealth-cache:/backup/fastenhealth-cache:ro - - fastenhealth-db:/backup/fastenhealth-db:ro - - gitea-pg-db:/backup/gitea-pg-db:ro - - hortusfox_app_backup:/backup/hortusfox_app_backup:ro - - hortusfox_app_images:/backup/hortusfox_app_images:ro - - hortusfox_app_logs:/backup/hortusfox_app_logs:ro - - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro - - hortusfox_app_themes:/backup/hortusfox_app_themes:ro - - hortusfox_db_data:/backup/hortusfox_db_data:ro - - immich-model-cache:/backup/immich-model-cache:ro - - influxdb2-data:/backup/influxdb2-data:ro - - influxdb2-config:/backup/influxdb2-config:ro - - invidious-postgres:/backup/invidious-postgres:ro - - invoice-ninja_cache:/backup/invoice-ninja_cache:ro - - invoice-ninja_public:/backup/invoice-ninja_public:ro - - invoice-ninja_storage:/backup/invoice-ninja_storage:ro - - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro - - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro - - joplin_data:/backup/joplin_data:ro - - librechat-pg-data:/backup/librechat-pg-data:ro - - libretranslate_models:/backup/libretranslate_models:ro - - lldap_data:/backup/lldap_data:ro - - mastodon-pg-db:/backup/mastodon-pg-db:ro - - mixpost-storage:/backup/mixpost-storage:ro - - mixpost-logs:/backup/mixpost-logs:ro - - mongodb_config:/backup/mongodb_config:ro - - mongodb_data:/backup/mongodb_data:ro - - n8n-data:/backup/n8n-data:ro - - netbird-mgmt:/backup/netbird-mgmt:ro - - netbird-signal:/backup/netbird-signal:ro - - netbird-letsencrypt:/backup/netbird-letsencrypt:ro - - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro - - ollama:/backup/ollama:ro - - paperless-ngx-data:/backup/paperless-ngx-data:ro - - paperless-ngx-media:/backup/paperless-ngx-media:ro - - paperless-ngx-pg:/backup/paperless-ngx-pg:ro - - pgbackweb-data:/backup/pgbackweb-data:ro - - plausible-db-data:/backup/plausible-db-data:ro - - plausible-event-data:/backup/plausible-event-data:ro - - plausible-event-logs:/backup/plausible-event-logs:ro - - portainer-data:/backup/portainer-data:ro - - reactive-resume-pg:/backup/reactive-resume-pg:ro - - semaphore_config:/backup/semaphore_config:ro - - semaphore_data:/backup/semaphore_data:ro - - semaphore_tmp:/backup/semaphore_tmp:ro - - sonarqube-data:/backup/sonarqube-data:ro - - sonarqube-db:/backup/sonarqube-db:ro - - sonarqube-db-data:/backup/sonarqube-db-data:ro - - sonarqube-extensions:/backup/sonarqube-extensions:ro - - sonarqube-logs:/backup/sonarqube-logs:ro - - sonarqube-temp:/backup/sonarqube-temp:ro - - tandoor-pg:/backup/tandoor-pg:ro - - unmanic-cache:/backup/unmanic-cache:ro - - wallos-db:/backup/wallos-db:ro - - wallos-logos:/backup/wallos-logos:ro duplicati: container_name: duplicati environment: @@ -3986,6 +3914,7 @@ services: homepage.description: Management for container ports ports: - 23186:3000 + restart: always portnote-agent: container_name: portnote-agent depends_on: @@ -3995,6 +3924,7 @@ services: image: haedlessdev/portnote-agent:latest environment: DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote" + restart: always portnote-pg-db: container_name: portnote-pg-db image: postgres:17-alpine @@ -5672,12 +5602,6 @@ volumes: name: paperless-ngx-pg pgbackweb-data: name: pgbackweb-data - plausible-db-data: - name: plausible-db-data - plausible-event-data: - name: plausible-event-data - plausible-event-logs: - name: plausible-event-logs portainer-data: name: portainer-data portnote-db-data: