diff --git a/.gitea/workflows/deployment.yml b/.gitea/workflows/deployment.yml index 9d97bfdd..28369086 100644 --- a/.gitea/workflows/deployment.yml +++ b/.gitea/workflows/deployment.yml @@ -30,11 +30,11 @@ jobs: with: url: ${{ gitea.server_url }} token: ${{ secrets.BOT_GITEA_TOKEN }} - assignee: ${{ gitea.actor }} + pr-label: 'auto-deploy-pr' docker-compose-test: name: Docker Compose Test - needs: [create-pr] + needs: [check-and-create-pr] runs-on: ubuntu-latest steps: - name: Checkout @@ -56,10 +56,64 @@ jobs: env: DOCKER_HOST: tcp://dockerproxy:2375 + cloudflare-dns-setup: + name: Cloudflare DNS Setup + needs: [docker-compose-test] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install jq + uses: dcarbone/install-jq-action@v3.0.1 + + - name: Install yq + uses: dcarbone/install-yq-action@v1 + + - name: Install flarectl + uses: supplypike/setup-bin@v4 + with: + uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz' + name: 'flarectl' + version: '0.113.0' + + - name: Grab Subdomains from Docker Compose & Cloudflare + id: grab-subdomains + env: + CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }} + run: | + echo "Grabbing subdomains from docker-compose.yml..." + yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt + echo "Grabbing subdomains from Cloudflare..." + flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt + + - name: Compare Subdomains + id: compare-subdomains + uses: LouisBrunner/diff-action@v2.2.0 + with: + old: compose_subdomains.txt + new: cloudflare_subdomains.txt + mode: addition + tolerance: mixed-better + output: domain_compare.txt + + - name: Create Subdomains + if: steps.compare-subdomains.outputs.output != '' + env: + CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }} + run: | + cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do + echo "Creating $subdomain.trez.wtf..." + flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" + done + merge-pr: name: PR Merge runs-on: ubuntu-latest - needs: [docker-compose-test] + if: ${{ always() }} + needs: [cloudflare-dns-setup] steps: - name: Checkout uses: actions/checkout@v4 @@ -70,6 +124,5 @@ jobs: chmod +x /usr/local/bin/tea echo "Merging PR..." tea login add --name gitea-rinoa --url ${{ vars.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} - echo ${{ gitea.ref_name }} pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g') tea pr m --repo ${{ github.repository }} --title "${{ github.ref_name }} Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index a9c0f897..5f68c750 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,6 +46,18 @@ services: homepage.widget.url: http://adguard:80 homepage.widget.username: admin homepage.widget.password: ${ADGUARD_PASSWORD} + swag: enable + swag_proto: http + swag_url: adgh.${MY_TLD} + homepage.group: System Administration + homepage.name: AdGuard Home + homepage.icon: adguard-home.png + homepage.href: https://adgh.${MY_TLD} + homepage.description: Ad-blocking/DNS + homepage.widget.type: adguard + homepage.widget.url: http://adguard:80 + homepage.widget.username: admin + homepage.widget.password: ${ADGUARD_PASSWORD} networks: default: null ports: @@ -474,6 +486,11 @@ services: swag_url: bsky.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD} + swag: enable + swag_port: 3000 + swag_url: bsky.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD} restart: unless-stopped volumes: - type: bind @@ -500,6 +517,10 @@ services: swag_proto: http swag_port: 3000 swag_url: browse.${MY_TLD} + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: browse.${MY_TLD} networks: default: null restart: unless-stopped @@ -691,7 +712,7 @@ services: homepage.group: System Administration homepage.name: Czkawka homepage.href: https://czkawka.${MY_TLD} - homepage.icon: sh-czkawka.png + homepage.icon: /icons/czkawka.png homepage.description: Smart file management swag: enable swag_port: 5800 @@ -2851,6 +2872,12 @@ services: LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} LLDAP_KEY_SEED: ${LLDAP_KEY_SEED} LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf + UID: ${PUID} + GID: ${PGID} + TZ: ${TZ} + LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} + LLDAP_KEY_SEED: ${LLDAP_KEY_SEED} + LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf image: lldap/lldap:stable labels: homepage.group: System Administration @@ -3008,52 +3035,19 @@ services: type: bind bind: create_host_path: true - mastodon: - container_name: mastodon - environment: - PUID: ${PUID} - PGID: ${PGID} - TZ: ${TZ} - LOCAL_DOMAIN: trez.wtf - REDIS_HOST: redis - REDIS_PORT: 6379 - DB_HOST: mastodon-pg-db - DB_USER: mastodon - DB_NAME: mastodon - DB_PASS: ${MASTODON_PG_DB_PASSWORD} - DB_PORT: 5432 - ES_ENABLED: false - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: - SECRET_KEY_BASE: - OTP_SECRET: - VAPID_PRIVATE_KEY: - VAPID_PUBLIC_KEY: - SMTP_SERVER: postal-smtp - SMTP_PORT: 25 - SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER} - SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - SMTP_FROM_ADDRESS: noreply@trez.wtf - S3_ENABLED: true - S3_BUCKET: mastodon - AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY} - AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY} - image: lscr.io/linuxserver/mastodon:latest + meshcentral: + container_name: meshcentral + image: ghcr.io/ylianst/meshcentral:master labels: - swag: enable - swag_proto: http - swag_port: 5678 - swag_url: mastodon.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD} - homepage.group: Social - homepage.name: Mastodon - homepage.href: https://mastodon.${MY_TLD} - homepage.icon: mastodon.svg - homepage.description: Open-source social network - homepage.widget.type: mastodon - homepage.widget.url: http://mastodon + - homepage.group=System Administration + - homepage.name=MeshCentral + - homepage.href=https://mesh.${MY_TLD} + - homepage.icon=meshcentral.png + - homepage.description= + - swag=enable + - swag_proto=http + - swag_port=80 + - swag_url=mesh.${MY_TLD} ports: - 9044:80 - 3444:443 @@ -4405,7 +4399,7 @@ services: homepage.group: Servarr Stack homepage.name: Sonashow homepage.href: https://sonashow.${MY_TLD} - homepage.icon: sh-sonashow.png + homepage.icon: /icons/sonashow.png homepage.description: TV show discovery based on library/tastes swag: enable swag_auth: authelia @@ -4452,7 +4446,7 @@ services: homepage.group: Downloaders homepage.description: Modern client-server application for the Soulseek file-sharing network. homepage.href: https://slsk.${MY_TLD} - homepage.icon: sh-slskd.svg + homepage.icon: /icons/slskd.png swag: enable swag_proto: http swag_url: slsk.${MY_TLD} @@ -6481,7 +6475,7 @@ services: homepage.group: System Administration homepage.name: WhoDB homepage.href: https://dbs.${MY_TLD} - homepage.icon: sh-whodb.png + homepage.icon: /icons/whodb.png homepage.description: Web-based DB management swag: enable swag_proto: http