From cd3cdb2fdd33f9807780062fecb1909b7d8eecd9 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 08:07:38 -0400 Subject: [PATCH 01/26] Adding Dead Man Switch service. --- docker-compose.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 22848d21..4f55d641 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1086,6 +1086,15 @@ services: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh + dead-man-hand: + container_name: dead-man-hand + environment: + DMH_CONFIG_FILE: /data/config.yaml + image: 'ghcr.io/bkupidura/dead-man-hand:latest' + ports: + - '8080:8080' + volumes: + - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data delugevpn: cap_add: - NET_ADMIN @@ -5672,12 +5681,6 @@ volumes: name: paperless-ngx-pg pgbackweb-data: name: pgbackweb-data - plausible-db-data: - name: plausible-db-data - plausible-event-data: - name: plausible-event-data - plausible-event-logs: - name: plausible-event-logs portainer-data: name: portainer-data portnote-db-data: From f460c3315c8d7af27150b6c889fa183ca5053671 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 08:07:38 -0400 Subject: [PATCH 02/26] Adding steps for detecting Docker changes in cocker-compose.yml. --- .../workflows/pr-cloudflare-docker-deploy.yml | 38 ++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 648041b8..461e4b63 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -3,6 +3,8 @@ on: push: branches-ignore: - 'main' + paths: + - **/docker-compose.yml jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' @@ -64,6 +66,39 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Compare Docker Compose changes + run: | + git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + cp docker-compose.yml docker-compose-${{ github.head_ref }}.yml + - name: Detect added, deleted, and modified services + id: detect_services + run: | + yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt + yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt + + touch service_changes.txt + + comm -13 services_main.txt services_head.txt | while read service; do + echo "$service: added" >> service_changes.txt + done + + comm -23 services_main.txt services_head.txt | while read service; do + echo "$service: deleted" >> service_changes.txt + done + + comm -12 services_main.txt services_head.txt | while read service; do + yq ".services[\"$service\"]" main.yml > tmp_main.yml + yq ".services[\"$service\"]" head.yml > tmp_head.yml + if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then + echo "$service: modified" >> service_changes.txt + fi + done + + echo "Detected service changes:" + cat service_changes.txt + + svc_list=$(paste -sd '|' service_changes.txt) + echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT" - name: Cache Ansible Galaxy Collections uses: actions/cache@v3 with: @@ -93,8 +128,9 @@ jobs: playbook: docker_config_deploy.yml key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} options: | - --inventory inventory/hosts.yml --check + --extra-vars group_vars/all.yml + --inventory inventory/hosts.yml requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification From c97227a3ab10eb1e796d62d3d24eca4a23edc97c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 08:14:01 -0400 Subject: [PATCH 03/26] Adding steps for detecting Docker changes in cocker-compose.yml. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 461e4b63..269aeecc 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -4,7 +4,7 @@ on: branches-ignore: - 'main' paths: - - **/docker-compose.yml + - '**/docker-compose.yml' jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' From bcd89b7121936b0263904638adb8af2f88c77146 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 08:18:34 -0400 Subject: [PATCH 04/26] Updating conditions workflow runs by. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 269aeecc..c8f69e01 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -5,6 +5,7 @@ on: - 'main' paths: - '**/docker-compose.yml' + - '!ansible/**.yml' jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' From 57a0ffd2ded344c5c5c03734d37e31140d7d5d81 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 08:27:14 -0400 Subject: [PATCH 05/26] Adding collections for CrowdSec. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4f55d641..58a16bc1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -806,7 +806,7 @@ services: DOCKER_HOST: tcp://dockerproxy:2375 GID: 1000 BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} - COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables + COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server image: crowdsecurity/crowdsec:latest networks: default: null From 286f881a5848342bca7cd08834f7ca9f6e0400cc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 09:28:31 -0400 Subject: [PATCH 06/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index c8f69e01..4b68c970 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -4,7 +4,7 @@ on: branches-ignore: - 'main' paths: - - '**/docker-compose.yml' + - '**.yml' - '!ansible/**.yml' jobs: check-and-create-pr: @@ -70,7 +70,7 @@ jobs: - name: Compare Docker Compose changes run: | git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml - cp docker-compose.yml docker-compose-${{ github.head_ref }}.yml + cp docker-compose.yml docker-compose-head.yml - name: Detect added, deleted, and modified services id: detect_services run: | @@ -88,8 +88,8 @@ jobs: done comm -12 services_main.txt services_head.txt | while read service; do - yq ".services[\"$service\"]" main.yml > tmp_main.yml - yq ".services[\"$service\"]" head.yml > tmp_head.yml + yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml + yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then echo "$service: modified" >> service_changes.txt fi From 20073aabc23104390114b22c7ed42940ca353987 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 10:29:06 -0400 Subject: [PATCH 07/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 4b68c970..7040e782 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -67,10 +67,18 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Compare Docker Compose changes + - name: Fetch base branch run: | - git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + git fetch origin ${{ github.event.pull_request.base.ref }} + - name: Save both versions of docker-compose.yml + run: | + BASE=${{ github.event.pull_request.base.ref }} + git show origin/$BASE:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml cp docker-compose.yml docker-compose-head.yml + # - name: Compare Docker Compose changes + # run: | + # git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + # cp docker-compose.yml docker-compose-head.yml - name: Detect added, deleted, and modified services id: detect_services run: | From 53ad24a155b0cd5db8a438abad75c16b5cf61883 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 14:56:30 -0400 Subject: [PATCH 08/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 7040e782..07497690 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -82,9 +82,11 @@ jobs: - name: Detect added, deleted, and modified services id: detect_services run: | + echo "Getting services from main and ${{ github.ref_name }}" yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt + echo "Creating list of modified services..." touch service_changes.txt comm -13 services_main.txt services_head.txt | while read service; do From 14e7c98a10907e4742ca0958bcc6e3e5dfb7756c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 17:26:12 -0400 Subject: [PATCH 09/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 07497690..755d4860 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -72,8 +72,7 @@ jobs: git fetch origin ${{ github.event.pull_request.base.ref }} - name: Save both versions of docker-compose.yml run: | - BASE=${{ github.event.pull_request.base.ref }} - git show origin/$BASE:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml cp docker-compose.yml docker-compose-head.yml # - name: Compare Docker Compose changes # run: | From fc09c1ce5b2f51188f2258bdb5ee918170af6e19 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 20:00:23 -0400 Subject: [PATCH 10/26] Using different action for Ansible dry run. --- .../workflows/pr-cloudflare-docker-deploy.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 755d4860..50f21947 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -132,17 +132,16 @@ jobs: notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' notification_message: 'Starting Ansible dry run...' - name: Ansible Playbook Dry Run - uses: dawidd6/action-ansible-playbook@v2 + uses: arillso/action.playbook@0.1.0 with: - directory: ansible/ - playbook: docker_config_deploy.yml - key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} - options: | - --check - --extra-vars group_vars/all.yml - --inventory inventory/hosts.yml - requirements: collections/requirements.yml + check: true + galaxy_collections_path: ansible/collections + galaxy_requirements_file: ansible/collections/requirements.yml + inventory: ansible/inventory/hosts.yml + playbook: ansible/docker_config_deploy.yml + private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + verbose: 0 - name: Gotify Notification uses: eikendev/gotify-action@master with: From 23783aa228837fda070c439ae1c5d60e3de25e4d Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 15 May 2025 20:00:23 -0400 Subject: [PATCH 11/26] Location for Scrutiny config. --- ansible/app-configs/scrutiny_config_config.yaml.j2 | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ansible/app-configs/scrutiny_config_config.yaml.j2 diff --git a/ansible/app-configs/scrutiny_config_config.yaml.j2 b/ansible/app-configs/scrutiny_config_config.yaml.j2 new file mode 100644 index 00000000..e192a936 --- /dev/null +++ b/ansible/app-configs/scrutiny_config_config.yaml.j2 @@ -0,0 +1,7 @@ +{% set vault_addr = 'https://vault.trez.wtf' %} +{% set secrets_path = 'rinoa-docker/env' %} + +bolt-path: /opt/scrutiny/influxdb/influxd.bolt +engine-path: /opt/scrutiny/influxdb/engine +http-bind-address: ":8086" +reporting-disabled: true From a8e1d29567936ed4309d616e5370036b28cdd0fc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 06:08:35 -0400 Subject: [PATCH 12/26] Renaming Scrutiny config. --- ansible/app-configs/scrutiny_config.yaml.j2 | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 ansible/app-configs/scrutiny_config.yaml.j2 diff --git a/ansible/app-configs/scrutiny_config.yaml.j2 b/ansible/app-configs/scrutiny_config.yaml.j2 deleted file mode 100644 index e192a936..00000000 --- a/ansible/app-configs/scrutiny_config.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -bolt-path: /opt/scrutiny/influxdb/influxd.bolt -engine-path: /opt/scrutiny/influxdb/engine -http-bind-address: ":8086" -reporting-disabled: true From 7919cb26b1c6a7dce448d5fcde186ef6f7efb785 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 06:15:14 -0400 Subject: [PATCH 13/26] Adding restart policy for PortNote containers. --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 58a16bc1..8de5d120 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3995,6 +3995,7 @@ services: homepage.description: Management for container ports ports: - 23186:3000 + restart: always portnote-agent: container_name: portnote-agent depends_on: @@ -4004,6 +4005,7 @@ services: image: haedlessdev/portnote-agent:latest environment: DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote" + restart: always portnote-pg-db: container_name: portnote-pg-db image: postgres:17-alpine From 98f40a628619e8306848ba13155ed66f8f3fe36a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 10:00:34 -0400 Subject: [PATCH 14/26] Temporarily removing Ansible dry run step... --- .../workflows/pr-cloudflare-docker-deploy.yml | 69 ++++++++++--------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 50f21947..bbc9e3cb 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -109,48 +109,49 @@ jobs: svc_list=$(paste -sd '|' service_changes.txt) echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT" - - name: Cache Ansible Galaxy Collections - uses: actions/cache@v3 - with: - path: ansible/collections - key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }} - restore-keys: | - ${{ runner.os }}-ansible- - - name: Install Ansible - uses: alex-oleshkevich/setup-ansible@v1.0.1 - with: - version: "11.0.0" - - name: Install Vault - uses: cpanato/vault-installer@main - - name: Install hvac - run: pip install hvac + # - name: Cache Ansible Galaxy Collections + # uses: actions/cache@v3 + # with: + # path: ansible/collections + # key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }} + # restore-keys: | + # ${{ runner.os }}-ansible- + # - name: Install Ansible + # uses: alex-oleshkevich/setup-ansible@v1.0.1 + # with: + # version: "11.0.0" + # - name: Install Vault + # uses: cpanato/vault-installer@main + # - name: Install hvac + # run: pip install hvac + # - name: Gotify Notification + # uses: eikendev/gotify-action@master + # with: + # gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' + # gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' + # notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' + # notification_message: 'Starting Ansible dry run...' + # - name: Ansible Playbook Dry Run + # uses: arillso/action.playbook@0.1.0 + # with: + # check: true + # galaxy_collections_path: ansible/collections + # galaxy_requirements_file: ansible/collections/requirements.yml + # inventory: ansible/inventory/hosts.yml + # playbook: ansible/docker_config_deploy.yml + # private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} + # vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + # verbose: 0 - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' - notification_message: 'Starting Ansible dry run...' - - name: Ansible Playbook Dry Run - uses: arillso/action.playbook@0.1.0 - with: - check: true - galaxy_collections_path: ansible/collections - galaxy_requirements_file: ansible/collections/requirements.yml - inventory: ansible/inventory/hosts.yml - playbook: ansible/docker_config_deploy.yml - private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} - vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - verbose: 0 - - name: Gotify Notification - uses: eikendev/gotify-action@master - with: - gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' - gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' - notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' - notification_message: 'Ansible dry run completed successfully; starting Docker Compose' + notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | + echo ${{ steps.detect_services. }} vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From bf767e57f9feaff79b8a28e01636637127f772a3 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 10:13:57 -0400 Subject: [PATCH 15/26] Removing Docker Volume Backup service. --- docker-compose.yml | 81 ---------------------------------------------- 1 file changed, 81 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 8de5d120..652a2afc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1202,87 +1202,6 @@ services: source: /var/run/docker.sock target: /var/run/docker.sock type: bind - docker-volume-backup: - container_name: docker-volume-backup - image: offen/docker-volume-backup:v2 - environment: - BACKUP_ARCHIVE: /archive - BACKUP_CRON_EXPRESSION: '@weekly' - BACKUP_COMPRESSION: zst - BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }} - BACKUP_FILENAME_EXPAND: true - BACKUP_RETENTION_DAYS: 14 - DOCKER_HOST: tcp://dockerproxy:2375 - NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN} - restart: always - volumes: - - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive - - authelia-pg-db:/backup/authelia-pg-db:ro - - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro - - bunkerweb-storage:/backup/bunkerweb-storage:ro - - castopod-media:/backup/castopod-media:ro - - crowdsec-config:/backup/crowdsec-config:ro - - crowdsec-db:/backup/crowdsec-db:ro - - dawarich_db_data:/backup/dawarich_db_data:ro - - dawarich_shared:/backup/dawarich_shared:ro - - dawarich_public:/backup/dawarich_public:ro - - dawarich_watched:/backup/dawarich_watched:ro - - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro - - fastenhealth-cache:/backup/fastenhealth-cache:ro - - fastenhealth-db:/backup/fastenhealth-db:ro - - gitea-pg-db:/backup/gitea-pg-db:ro - - hortusfox_app_backup:/backup/hortusfox_app_backup:ro - - hortusfox_app_images:/backup/hortusfox_app_images:ro - - hortusfox_app_logs:/backup/hortusfox_app_logs:ro - - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro - - hortusfox_app_themes:/backup/hortusfox_app_themes:ro - - hortusfox_db_data:/backup/hortusfox_db_data:ro - - immich-model-cache:/backup/immich-model-cache:ro - - influxdb2-data:/backup/influxdb2-data:ro - - influxdb2-config:/backup/influxdb2-config:ro - - invidious-postgres:/backup/invidious-postgres:ro - - invoice-ninja_cache:/backup/invoice-ninja_cache:ro - - invoice-ninja_public:/backup/invoice-ninja_public:ro - - invoice-ninja_storage:/backup/invoice-ninja_storage:ro - - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro - - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro - - joplin_data:/backup/joplin_data:ro - - librechat-pg-data:/backup/librechat-pg-data:ro - - libretranslate_models:/backup/libretranslate_models:ro - - lldap_data:/backup/lldap_data:ro - - mastodon-pg-db:/backup/mastodon-pg-db:ro - - mixpost-storage:/backup/mixpost-storage:ro - - mixpost-logs:/backup/mixpost-logs:ro - - mongodb_config:/backup/mongodb_config:ro - - mongodb_data:/backup/mongodb_data:ro - - n8n-data:/backup/n8n-data:ro - - netbird-mgmt:/backup/netbird-mgmt:ro - - netbird-signal:/backup/netbird-signal:ro - - netbird-letsencrypt:/backup/netbird-letsencrypt:ro - - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro - - ollama:/backup/ollama:ro - - paperless-ngx-data:/backup/paperless-ngx-data:ro - - paperless-ngx-media:/backup/paperless-ngx-media:ro - - paperless-ngx-pg:/backup/paperless-ngx-pg:ro - - pgbackweb-data:/backup/pgbackweb-data:ro - - plausible-db-data:/backup/plausible-db-data:ro - - plausible-event-data:/backup/plausible-event-data:ro - - plausible-event-logs:/backup/plausible-event-logs:ro - - portainer-data:/backup/portainer-data:ro - - reactive-resume-pg:/backup/reactive-resume-pg:ro - - semaphore_config:/backup/semaphore_config:ro - - semaphore_data:/backup/semaphore_data:ro - - semaphore_tmp:/backup/semaphore_tmp:ro - - sonarqube-data:/backup/sonarqube-data:ro - - sonarqube-db:/backup/sonarqube-db:ro - - sonarqube-db-data:/backup/sonarqube-db-data:ro - - sonarqube-extensions:/backup/sonarqube-extensions:ro - - sonarqube-logs:/backup/sonarqube-logs:ro - - sonarqube-temp:/backup/sonarqube-temp:ro - - tandoor-pg:/backup/tandoor-pg:ro - - unmanic-cache:/backup/unmanic-cache:ro - - wallos-db:/backup/wallos-db:ro - - wallos-logos:/backup/wallos-logos:ro duplicati: container_name: duplicati environment: From eb15eb815402abb92308c463090792d421409513 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 10:13:57 -0400 Subject: [PATCH 16/26] Verifying services output. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index bbc9e3cb..472a831c 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo ${{ steps.detect_services. }} + echo ${{ steps.detect_services.outputs.classified_services }} vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From 254a05398de1ae95ed88116d31c32a4871d2fc0c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 10:41:49 -0400 Subject: [PATCH 17/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 472a831c..571ce2d5 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo ${{ steps.detect_services.outputs.classified_services }} + echo "${{ steps.detect_services.outputs.classified_services }}"" vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From 096584c9fa3ab34f234483369cd46772860ce4ed Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 10:59:45 -0400 Subject: [PATCH 18/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 571ce2d5..dac79d79 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo "${{ steps.detect_services.outputs.classified_services }}"" + echo "${{ steps.detect_services.outputs.classified_services }}" vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From df98c47578e0589108fdfbbd1784d28c84c5ee6d Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 11:15:33 -0400 Subject: [PATCH 19/26] ... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index dac79d79..a7eae38a 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -120,8 +120,8 @@ jobs: # uses: alex-oleshkevich/setup-ansible@v1.0.1 # with: # version: "11.0.0" - # - name: Install Vault - # uses: cpanato/vault-installer@main + - name: Install Vault + uses: cpanato/vault-installer@main # - name: Install hvac # run: pip install hvac # - name: Gotify Notification @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo "${{ steps.detect_services.outputs.classified_services }}" + cat ${{ steps.detect_services.outputs.classified_services }} | awk -F":" '{print $1}' vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From fe5aaf44eed20b1ba999e2c4573190a023a2faa6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 13:55:03 -0400 Subject: [PATCH 20/26] .... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index a7eae38a..e5ac76d5 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - cat ${{ steps.detect_services.outputs.classified_services }} | awk -F":" '{print $1}' + echo "${{ steps.detect_services.outputs.classified_services }} | awk -F":" '{print $1}'" vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From 1d934ad2203d9449d00716da42d8dbfe2ceeba48 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 13:59:31 -0400 Subject: [PATCH 21/26] .... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index e5ac76d5..6c2cca67 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo "${{ steps.detect_services.outputs.classified_services }} | awk -F":" '{print $1}'" + echo "${{ steps.detect_services.outputs.classified_services }}" | awk -F":" '{print $1}' vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From b14cfdfdabdb861e9445137ebc86d14f316d37a5 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 14:02:12 -0400 Subject: [PATCH 22/26] .... --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 6c2cca67..b9738232 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -151,7 +151,7 @@ jobs: notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - name: Generate .env file for Docker Compose Dry Run run: | - echo "${{ steps.detect_services.outputs.classified_services }}" | awk -F":" '{print $1}' + echo "${{ steps.detect_services.outputs.classified_services }}" vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Cache .env Files uses: actions/cache@v4 From 115209626779daceade5671ce5e9dca3574bc907 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 16 May 2025 14:59:22 -0400 Subject: [PATCH 23/26] .... --- .../workflows/pr-cloudflare-docker-deploy.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index b9738232..6912a095 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -147,17 +147,20 @@ jobs: with: gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' - notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa' - notification_message: 'Ansible dry run completed successfully; starting Docker Compose dry run...' - - name: Generate .env file for Docker Compose Dry Run - run: | - echo "${{ steps.detect_services.outputs.classified_services }}" - vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env + notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa' + notification_message: 'Starting Docker Compose dry run...' - name: Cache .env Files uses: actions/cache@v4 with: path: .env key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }} + - name: Generate modified services list & .env file for Docker Compose Dry Run + id: modded_svcs + run: | + mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g') + echo ${mod_svcs} + vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env + echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT" - name: Docker Compose Dry Run uses: yu-ichiro/spin-up-docker-compose-action@v1 with: @@ -165,7 +168,7 @@ jobs: pull: true pull-opts: --dry-run up: true - up-opts: --dry-run -d --remove-orphans + up-opts: --dry-run -d --remove-orphans ${{ steps.modded_svcs.rinoa_svcs.output }} env: DOCKER_HOST: tcp://dockerproxy:2375 - name: Gotify Notification From a164e31699ca444c558a9580b7dc1128b43778ba Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 18 May 2025 07:20:47 -0400 Subject: [PATCH 24/26] Docker Compose dry run action change. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 6912a095..758e6947 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -162,13 +162,16 @@ jobs: vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT" - name: Docker Compose Dry Run - uses: yu-ichiro/spin-up-docker-compose-action@v1 + timeout-minutes: 360 + continue-on-error: true + uses: keatonLiu/docker-compose-remote-action@v1.2 with: - file: docker-compose.yml - pull: true - pull-opts: --dry-run - up: true - up-opts: --dry-run -d --remove-orphans ${{ steps.modded_svcs.rinoa_svcs.output }} + docker_compose_file: docker-compose.yml + docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }} + ssh_user: gitea-deploy + ssh_host: 192.168.1.254 + ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }} + ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} env: DOCKER_HOST: tcp://dockerproxy:2375 - name: Gotify Notification @@ -403,7 +406,6 @@ jobs: run: | vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Docker Compose Deployment - # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }} timeout-minutes: 360 continue-on-error: true uses: keatonLiu/docker-compose-remote-action@v1.2 From 9ffa183ec9958a31a99fe9914af6fab57fd26335 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 18 May 2025 07:58:56 -0400 Subject: [PATCH 25/26] Removing deleted services from container arguments. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 758e6947..46695e01 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -92,10 +92,6 @@ jobs: echo "$service: added" >> service_changes.txt done - comm -23 services_main.txt services_head.txt | while read service; do - echo "$service: deleted" >> service_changes.txt - done - comm -12 services_main.txt services_head.txt | while read service; do yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml From 5a71cb877d929bf2ad36cf2d9c7a0a9d3e675ff6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 18 May 2025 12:12:37 +0000 Subject: [PATCH 26/26] chore: Update README --- README.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7b67b0ff..414d947d 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ | bitwarden | vaultwarden/server:latest | | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 | | browserless | ghcr.io/browserless/chromium:latest | -| bytebase | bytebase/bytebase:3.5.0 | | bytestash | ghcr.io/jordan-dalby/bytestash:latest | | castopod | castopod/castopod:latest | | cloudflared | cloudflare/cloudflared:latest | @@ -33,10 +32,11 @@ | dawarich-app | freikin/dawarich:latest | | dawarich-pg-db | postgis/postgis:17-3.5-alpine | | dawarich-sidekiq | freikin/dawarich:latest | +| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest | | delugevpn | ghcr.io/binhex/arch-delugevpn:latest | | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest | -| docker-volume-backup | offen/docker-volume-backup:v2 | | duplicati | lscr.io/linuxserver/duplicati:latest | +| excalidraw | excalidraw/excalidraw:latest | | explo | ghcr.io/lumepart/explo:latest | | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main | | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest | @@ -61,6 +61,8 @@ | invidious | quay.io/invidious/invidious:latest | | invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest | | invidious-db | docker.io/library/postgres:14 | +| invoice-ninja | invoiceninja/invoiceninja-debian:5 | +| invoice-ninja_proxy | nginx | | it-tools | ghcr.io/corentinth/it-tools:latest | | jellyfin | jellyfin/jellyfin | | jitsi-etherpad | etherpad/etherpad:1.8.6 | @@ -72,6 +74,7 @@ | jitsi-web | jitsi/web:stable | | joplin-db | postgres:17-alpine | | joplin | joplin/server:latest | +| languagetool | elestio/languagetool:latest | | librechat-api | ghcr.io/danny-avila/librechat-dev:latest | | librechat-vectordb | ankane/pgvector:latest | | librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest | @@ -98,12 +101,15 @@ | ollama | ollama/ollama | | ombi | lscr.io/linuxserver/ombi:latest | | omni-tools | iib0011/omni-tools:latest | +| omnipoly | kweg/omnipoly:latest | | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest | | pgbackweb | eduardolat/pgbackweb:latest | | pgbackweb-db | postgres:16-alpine | | plantuml-server | plantuml/plantuml-server:jetty | | portainer | portainer/portainer-ce:alpine | -| portall | need4swede/portall:latest | +| portnote-web | haedlessdev/portnote:latest | +| portnote-agent | haedlessdev/portnote-agent:latest | +| portnote-pg-db | postgres:17-alpine | | postal-smtp | ghcr.io/postalserver/postal:latest | | postal-web | ghcr.io/postalserver/postal:latest | | postal-worker | ghcr.io/postalserver/postal:latest | @@ -140,6 +146,7 @@ | wallos | bellamy/wallos:latest | | watchtower | ghcr.io/containrrr/watchtower:latest | | web-check | lissy93/web-check | +| whodb | clidey/whodb | | youtubedl | nbr23/youtube-dl-server:latest | | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 | | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |