Compare commits
36 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Trez.One
|
db9908b6d3 | ||
|
Trez.One
|
46b5d5eb37 | ||
|
Trez.One
|
880e6ddf29 | ||
|
Trez.One
|
8b69853300 | ||
|
Trez.One
|
dfbc8fbaaf | ||
|
Trez.One
|
21f1659c6d | ||
|
Trez.One
|
db383f4367 | ||
 gitea-sonarqube-bot
|
5b2aeae72d | ||
 Trez.One
|
cbdf8b2461 | ||
|
Trez.One
|
a087b8c60a | ||
|
Trez.One
|
60b45411db | ||
|
Trez.One
|
e6821bf57e | ||
|
Trez.One
|
753833878a | ||
|
Trez.One
|
f57bd27617 | ||
|
Trez.One
|
9734d1284e | ||
|
Trez.One
|
46783a8fa3 | ||
|
Trez.One
|
a54b310260 | ||
|
Trez.One
|
63c9891582 | ||
|
gitea-sonarqube-bot
|
32f187ee55 | ||
|
Trez.One
|
c37a84ee90 | ||
|
Trez.One
|
0242957fc4 | ||
|
Trez.One
|
aedcdfe4d2 | ||
|
Trez.One
|
0b252923ab | ||
|
Trez.One
|
40b79c6913 | ||
|
Trez.One
|
90f648fa62 | ||
|
Trez.One
|
a4dfc70c66 | ||
|
Trez.One
|
9c1dd9cb4b | ||
|
Trez.One
|
4fe88c0109 | ||
|
Trez.One
|
9f8538f892 | ||
|
Trez.One
|
391844015a | ||
|
Trez.One
|
2789ee7121 | ||
|
Trez.One
|
adf07ff505 | ||
|
Trez.One
|
b7b3fb1af0 | ||
|
Trez.One
|
f704e3f3f2 | ||
|
Trez.One
|
5ecde8b8eb | ||
|
gitea-sonarqube-bot
|
d5281c8231 |
@@ -25,6 +25,13 @@ jobs:
|
||||
uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
|
||||
name: 'tea'
|
||||
version: '0.9.2'
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'Checking for existing PR... 🔍'
|
||||
- name: Check if open PR exists
|
||||
id: check-opened-pr-step
|
||||
continue-on-error: true
|
||||
@@ -39,6 +46,13 @@ jobs:
|
||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'PR Created 🎟️'
|
||||
docker-compose-ansible-lints:
|
||||
name: Docker Compose & Ansible Lints
|
||||
needs: [check-and-create-pr]
|
||||
@@ -65,6 +79,13 @@ jobs:
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||
notification_message: 'Starting Ansible dry run...'
|
||||
- name: Ansible Playbook Dry Run
|
||||
uses: dawidd6/action-ansible-playbook@v2
|
||||
with:
|
||||
@@ -82,7 +103,7 @@ jobs:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||
notification_message: 'Ansible dry run completed successfully.'
|
||||
notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
|
||||
- name: Generate .env file for Docker Compose Dry Run
|
||||
run: |
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
@@ -149,7 +170,7 @@ jobs:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
|
||||
notification_message: 'Starting Cloudflare setup'
|
||||
notification_message: 'Starting Cloudflare DNS setup...'
|
||||
- name: Compare Subdomains
|
||||
id: compare-subdomains
|
||||
uses: LouisBrunner/diff-action@v2.2.0
|
||||
@@ -203,6 +224,13 @@ jobs:
|
||||
# modified_services=${egrep '^ [a-z]' changes.yml | sed -e 's|^ ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
|
||||
# echo "Modified services: $modified_services"
|
||||
# echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: README Update'
|
||||
notification_message: 'Updating README...'
|
||||
- name: Generate service list
|
||||
run: |
|
||||
yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
|
||||
@@ -222,6 +250,13 @@ jobs:
|
||||
with:
|
||||
message: "chore: Update README"
|
||||
add: "README.md"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: README Update'
|
||||
notification_message: 'README updated'
|
||||
pr-merge:
|
||||
name: PR Merge
|
||||
needs: [regenerate-readme-modified-services]
|
||||
@@ -278,6 +313,13 @@ jobs:
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||
notification_message: 'Starting config deployment with Ansible.'
|
||||
- name: Deploy Docker Configs via Ansible
|
||||
uses: dawidd6/action-ansible-playbook@v2
|
||||
with:
|
||||
@@ -295,6 +337,13 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||
notification_message: 'Deployment completed successfully.'
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Docker Compose Deployment @ Rinoa'
|
||||
notification_message: 'Starting Docker Compose run...'
|
||||
- name: Generate .env file for deployment
|
||||
run: |
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
|
||||
+2
-1
@@ -1,3 +1,4 @@
|
||||
**/.cache_ggshield
|
||||
ansible/collections/ansible_collections/
|
||||
**/.env
|
||||
**/.env
|
||||
**/netbird_openid-configuration.json.j2
|
||||
@@ -50,6 +50,8 @@
|
||||
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
||||
| gluetun | qmcgaw/gluetun:latest |
|
||||
| gotify | gotify/server |
|
||||
| graylog | graylog/graylog:6.1 |
|
||||
| graylog-datanode | graylog/graylog-datanode:6.1 |
|
||||
| guacamole | flcontainers/guacamole:latest |
|
||||
| homepage | ghcr.io/gethomepage/homepage:latest |
|
||||
| hugo | hugomods/hugo:exts |
|
||||
@@ -94,11 +96,15 @@
|
||||
| n8n | docker.n8n.io/n8nio/n8n |
|
||||
| navidrome | deluan/navidrome:latest |
|
||||
| netalertx | jokobsk/netalertx:latest |
|
||||
| netbird-dashboard | netbirdio/dashboard:latest |
|
||||
| netbird-signal | netbirdio/signal:latest |
|
||||
| netbird-relay | netbirdio/relay:latest |
|
||||
| netbird-management | netbirdio/management:latest |
|
||||
| netbird-coturn | coturn/coturn:latest |
|
||||
| nextcloud | nextcloud/all-in-one:latest |
|
||||
| ollama | ollama/ollama |
|
||||
| ombi | lscr.io/linuxserver/ombi:latest |
|
||||
| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
|
||||
| parseable | containers.parseable.com/parseable/parseable:latest |
|
||||
| pgbackweb | eduardolat/pgbackweb:latest |
|
||||
| pgbackweb-db | postgres:16-alpine |
|
||||
| plantuml-server | plantuml/plantuml-server:jetty |
|
||||
@@ -139,7 +145,6 @@
|
||||
| unmanic | josh5/unmanic:latest |
|
||||
| uptimekuma | louislam/uptime-kuma:latest |
|
||||
| vault | hashicorp/vault:latest |
|
||||
| vector | timberio/vector:0.44.0-alpine |
|
||||
| wallabag | wallabag/wallabag |
|
||||
| wallos | bellamy/wallos:latest |
|
||||
| watchtower | ghcr.io/containrrr/watchtower:latest |
|
||||
|
||||
@@ -0,0 +1,174 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
|
||||
---
|
||||
theme: auto
|
||||
default_2fa_method: "totp"
|
||||
server:
|
||||
address: '0.0.0.0:9091'
|
||||
endpoints:
|
||||
enable_pprof: false
|
||||
enable_expvars: false
|
||||
disable_healthcheck: false
|
||||
tls:
|
||||
key: ""
|
||||
certificate: ""
|
||||
client_certificates: []
|
||||
headers:
|
||||
csp_template: ""
|
||||
log:
|
||||
level: debug
|
||||
telemetry:
|
||||
metrics:
|
||||
enabled: true
|
||||
address: tcp://0.0.0.0:9959
|
||||
totp:
|
||||
disable: false
|
||||
issuer: authelia.com
|
||||
algorithm: sha256
|
||||
digits: 6
|
||||
period: 30
|
||||
skew: 1
|
||||
secret_size: 32
|
||||
webauthn:
|
||||
disable: false
|
||||
timeout: 60s
|
||||
display_name: Authelia
|
||||
attestation_conveyance_preference: indirect
|
||||
user_verification: preferred
|
||||
ntp:
|
||||
address: "time.cloudflare.com:123"
|
||||
version: 4
|
||||
max_desync: 3s
|
||||
disable_startup_check: false
|
||||
disable_failure: false
|
||||
authentication_backend:
|
||||
password_reset:
|
||||
disable: false
|
||||
custom_url: ""
|
||||
ldap:
|
||||
implementation: custom
|
||||
address: ldap://lldap:3890
|
||||
timeout: 5s
|
||||
start_tls: false
|
||||
base_dn: dc=trez,dc=wtf
|
||||
additional_users_dn: ou=people
|
||||
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
||||
additional_groups_dn: ou=groups
|
||||
groups_filter: "(member={dn})"
|
||||
attributes:
|
||||
username: uid
|
||||
group_name: cn
|
||||
mail: mail
|
||||
display_name: displayName
|
||||
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
||||
refresh_interval: 5m
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
|
||||
password_policy:
|
||||
standard:
|
||||
enabled: true
|
||||
min_length: 8
|
||||
max_length: 0
|
||||
require_uppercase: true
|
||||
require_lowercase: true
|
||||
require_number: true
|
||||
require_special: false
|
||||
zxcvbn:
|
||||
enabled: false
|
||||
min_score: 3
|
||||
access_control:
|
||||
default_policy: deny
|
||||
networks:
|
||||
- name: 'internal'
|
||||
networks:
|
||||
- '172.17.0.0/16'
|
||||
- '172.18.0.0/16'
|
||||
- '192.168.1.0/24'
|
||||
rules:
|
||||
- domain_regex:
|
||||
- '^trez.wtf$'
|
||||
- ^www.trez.wtf$''
|
||||
policy: bypass
|
||||
- domain: '*.trez.wtf'
|
||||
policy: bypass
|
||||
networks:
|
||||
- 'internal'
|
||||
- domain: '*.trez.wtf'
|
||||
policy: one_factor
|
||||
subject:
|
||||
- ['user:the.trezured.one']
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
||||
expiration: 1h
|
||||
inactivity: 5m
|
||||
remember_me: 1M
|
||||
cookies:
|
||||
- domain: 'trez.wtf'
|
||||
authelia_url: 'https://auth.trez.wtf'
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
storage:
|
||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
||||
postgres:
|
||||
address: 'tcp://authelia-pg:5432'
|
||||
database: authelia
|
||||
username: authelia
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
||||
timeout: '5s'
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 2m
|
||||
ban_time: 5m
|
||||
notifier:
|
||||
disable_startup_check: true
|
||||
smtp:
|
||||
address: 'smtp://postal-smtp:25'
|
||||
timeout: '5s'
|
||||
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
||||
sender: "Authelia <noreply@trez.wtf>"
|
||||
identifier: 'localhost'
|
||||
subject: "[Authelia] {title}"
|
||||
startup_check_address: 'test@authelia.com'
|
||||
disable_require_tls: true
|
||||
disable_starttls: true
|
||||
disable_html_emails: false
|
||||
identity_providers:
|
||||
oidc:
|
||||
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
||||
jwks:
|
||||
key_id: 'netbird'
|
||||
key: |
|
||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(8) }}
|
||||
certificate_chain: |
|
||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_CERT_CHAIN"] | replace("\\n", "\n") | indent(8) }}
|
||||
cors:
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
endpoints:
|
||||
- 'userinfo'
|
||||
- 'authorization'
|
||||
- 'token'
|
||||
- 'revocation'
|
||||
- 'introspection'
|
||||
clients:
|
||||
- client_id: 'netbird'
|
||||
client_name: 'NetBird'
|
||||
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
||||
public: false
|
||||
authorization_policy: 'two_factor'
|
||||
redirect_uris:
|
||||
- 'https://vpn.trez.wtf/peers'
|
||||
- 'https://vpn.trez.wtf/add-peers'
|
||||
- 'http://localhost'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'email'
|
||||
- 'profile'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
@@ -2,62 +2,107 @@
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
{
|
||||
"sourceDefaults": {
|
||||
"maxPollRetries": 0, // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
|
||||
"maxRequestRetries": 1, // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
|
||||
"retryMultiplier": 1.5 // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
|
||||
"debugMode": false,
|
||||
"disableWeb": false,
|
||||
"sourceDefaults": {
|
||||
"logPayload": false,
|
||||
"logFilterFailure": "warn",
|
||||
"logPlayerState": false,
|
||||
"scrobbleThresholds": {
|
||||
"duration": 30,
|
||||
"percent": 20
|
||||
},
|
||||
"clientDefaults": {
|
||||
"maxRequestRetries": 1, // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
|
||||
"retryMultiplier": 1.5 // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
|
||||
"maxPollRetries": 1,
|
||||
"maxRequestRetries": 1,
|
||||
"retryMultiplier": 1.5
|
||||
},
|
||||
"clientDefaults": {
|
||||
"maxRequestRetries": 1,
|
||||
"retryMultiplier": 1.5
|
||||
},
|
||||
"sources": [
|
||||
{
|
||||
"type": "spotify",
|
||||
"enable": true,
|
||||
"clients": [],
|
||||
"name": "Spotify",
|
||||
"data": {
|
||||
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
||||
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
||||
"redirectUri": "http://localhost:9078/callback"
|
||||
}
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"name": "Last.fm Client",
|
||||
"enable": true,
|
||||
"configureAs": "client",
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Last.fm Source",
|
||||
"enable": true,
|
||||
"configureAs": "source",
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Maloja",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"url": "http://maloja:42010",
|
||||
"apiKey": "myMalojaKey"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "ListenBrainz Client",
|
||||
"enable": true,
|
||||
"configureAs": "client",
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "ListenBrainz Source",
|
||||
"enable": true,
|
||||
"configureAs": "source",
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
{
|
||||
"type:": "lastfm",
|
||||
"name": "Last.fm",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "listenbrainz",
|
||||
"name": "ListenBrainz",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "subsonic",
|
||||
"name": "Navidrome",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"url": "http://navidrome:4533",
|
||||
"user": "admin",
|
||||
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}"
|
||||
}
|
||||
}
|
||||
],
|
||||
"clients": [
|
||||
{
|
||||
"type": "lastfm",
|
||||
"name": "Last.fm Client",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "listenbrainz",
|
||||
"name": "ListenBrainz Client",
|
||||
"enable": true,
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "maloja",
|
||||
"enable": true,
|
||||
"name": "Maloja",
|
||||
"data": {
|
||||
"url": "http://maloja:42010",
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
|
||||
}
|
||||
}
|
||||
],
|
||||
"webhooks": [
|
||||
{
|
||||
"name": "Gotify",
|
||||
"type": "gotify",
|
||||
"url": "http://gotify",
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
||||
"priorities": {
|
||||
"info": 5,
|
||||
"warn": 7,
|
||||
"error": 10
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -47,60 +47,30 @@
|
||||
},
|
||||
"HttpConfig": {
|
||||
"Address": "0.0.0.0:33073",
|
||||
"AuthIssuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
||||
"AuthAudience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
|
||||
"AuthKeysLocation": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/keys",
|
||||
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
||||
"AuthAudience": "netbird",
|
||||
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
||||
"AuthUserIDClaim": "",
|
||||
"CertFile": "",
|
||||
"CertKey": "",
|
||||
"IdpSignKeyRefreshEnabled": true,
|
||||
"OIDCConfigEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
||||
},
|
||||
"IdpManagerConfig": {
|
||||
"ManagerType": "zitadel",
|
||||
"ClientConfig": {
|
||||
"Issuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
||||
"TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
|
||||
"ClientID": "netbird",
|
||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_SECRET'] }}",
|
||||
"GrantType": "client_credentials"
|
||||
},
|
||||
"ExtraConfig": {
|
||||
"ManagementEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/management/v1"
|
||||
},
|
||||
"Auth0ClientCredentials": null,
|
||||
"AzureClientCredentials": null,
|
||||
"KeycloakClientCredentials": null,
|
||||
"ZitadelClientCredentials": null
|
||||
},
|
||||
"DeviceAuthorizationFlow": {
|
||||
"Provider": "hosted",
|
||||
"ProviderConfig": {
|
||||
"Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
|
||||
"AuthorizationEndpoint": "",
|
||||
"Domain": "",
|
||||
"ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
|
||||
"ClientSecret": "",
|
||||
"TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
|
||||
"DeviceAuthEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/device_authorization",
|
||||
"Scope": "openid",
|
||||
"UseIDToken": false,
|
||||
"RedirectURLs": null
|
||||
}
|
||||
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
||||
},
|
||||
"IdpManagerConfig": {},
|
||||
"DeviceAuthorizationFlow": {},
|
||||
"PKCEAuthorizationFlow": {
|
||||
"ProviderConfig": {
|
||||
"Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
|
||||
"ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
|
||||
"ClientSecret": "",
|
||||
"Audience": "netbird",
|
||||
"ClientID": "netbird",
|
||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
||||
"Domain": "",
|
||||
"AuthorizationEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/authorize",
|
||||
"TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
|
||||
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
||||
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
||||
"Scope": "openid profile email offline_access api",
|
||||
"RedirectURLs": [
|
||||
"http://localhost:53000"
|
||||
],
|
||||
"UseIDToken": false
|
||||
"UseIDToken": true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+332
-399
@@ -202,9 +202,10 @@ services:
|
||||
AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
|
||||
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
|
||||
# PGID: ${PGID}
|
||||
# PUID: ${PUID}
|
||||
PGID: ${PGID}
|
||||
PUID: ${PUID}
|
||||
TZ: ${TZ}
|
||||
X_AUTHELIA_CONFIG_FILTERS: template
|
||||
expose:
|
||||
- 9091
|
||||
image: authelia/authelia:master
|
||||
@@ -577,6 +578,26 @@ services:
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD}
|
||||
restart: unless-stopped
|
||||
bytebase:
|
||||
container_name: bytebase
|
||||
image: bytebase/bytebase:3.5.0
|
||||
labels:
|
||||
homepage.group: System Administration
|
||||
homepage.name: Bytebase
|
||||
homepage.href: https://dbs.${MY_TLD}
|
||||
homepage.icon: /icons/bytebase.png
|
||||
homepage.description: Database-as-Code CI/CD
|
||||
swag: enable
|
||||
swag_port: 8080
|
||||
swag_proto: http
|
||||
swag_url: dbs.${MY_TLD}
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
|
||||
ports:
|
||||
- 49054:8080
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_CONFIG}/bytebase:/var/opt/bytebase
|
||||
bytestash:
|
||||
container_name: bytestash
|
||||
environment:
|
||||
@@ -1013,141 +1034,6 @@ services:
|
||||
- dawarich_public:/var/app/public
|
||||
- dawarich_watched:/var/app/tmp/imports/watched
|
||||
- ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
|
||||
dbgate:
|
||||
container_name: dbgate
|
||||
environment:
|
||||
CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,peppermint-db,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,redis
|
||||
LOGIN: TrezOne
|
||||
PASSWORD: ${DBGATE_LOGIN_PASSWORD}
|
||||
|
||||
LABEL_mariadb: mariadb
|
||||
SERVER_mariadb: mariadb
|
||||
USER_mariadb: root
|
||||
PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
|
||||
PORT_mariadb: 3306
|
||||
ENGINE_mariadb: mariadb@dbgate-plugin-mysql
|
||||
|
||||
LABEL_authelia-pg: authelia-pg
|
||||
SERVER_authelia-pg: authelia-pg
|
||||
USER_authelia-pg: authelia
|
||||
DATABASE_authelia-pg: authelia
|
||||
PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD}
|
||||
PORT_authelia-pg: 5432
|
||||
ENGINE_authelia-pg: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_bitmagnet-pg-db: bitmagnet-pg-db
|
||||
SERVER_bitmagnet-pg-db: bitmagnet-pg-db
|
||||
USER_bitmagnet-pg-db: bitmagnet-pg
|
||||
DATABASE_bitmagnet-pg-db: bitmagnet
|
||||
PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD}
|
||||
PORT_bitmagnet-pg-db: 5432
|
||||
ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_gitea-db: gitea-db
|
||||
SERVER_gitea-db: gitea-db
|
||||
USER_gitea-db: gitea
|
||||
PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD}
|
||||
DATABASE_gitea-db: gitea
|
||||
PORT_gitea-db: 5432
|
||||
ENGINE_gitea-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_invidious-db: invidious-db
|
||||
SERVER_invidious-db: invidious-db
|
||||
USER_invidious-db: kemal
|
||||
PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD}
|
||||
PORT_invidious-db: 5432
|
||||
DATABASE_invidious-db: invidious
|
||||
ENGINE_invidious-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_joplin-db: joplin-db
|
||||
SERVER_joplin-db: joplin-db
|
||||
USER_joplin-db: ${JOPLIN_POSTGRES_USER}
|
||||
PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE}
|
||||
DATABASE_joplin-db: joplin
|
||||
PORT_joplin-db: 5432
|
||||
ENGINE_joplin-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_mastodon-pg-db: mastodon-pg-db
|
||||
SERVER_mastodon-pg-db: mastodon-pg-db
|
||||
USER_mastodon-pg-db: mastodon
|
||||
PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD}
|
||||
DATABASE_mastodon-pg-db: mastodon
|
||||
PORT_mastodon-pg-db: 5432
|
||||
ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_mongodb: mongodb
|
||||
SERVER_mongodb: mongodb
|
||||
USER_mongodb: root
|
||||
PASSWORD_mongodb: ${MONGO_INITDB_ROOT_PASSWORD}
|
||||
PORT_mongodb: 27017
|
||||
DATABSE_mongodb: admin
|
||||
# URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017/admin?replicaSet=rinoa
|
||||
ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2
|
||||
|
||||
LABEL_peppermint-db: peppermint-pg-db
|
||||
SERVER_peppermint-db: peppermint-pg-db
|
||||
USER_peppermint-db: peppermint
|
||||
PASSWORD_peppermint-db: ${PEPPERMINT_PG_PASSWORD}
|
||||
PORT_peppermint-db: 5432
|
||||
ENGINE_peppermint-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_pgbackweb-db: pgbackweb-db
|
||||
SERVER_pgbackweb-db: pgbackweb-db
|
||||
USER_pgbackweb-db: pgbackweb
|
||||
PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD}
|
||||
PORT_pgbackweb-db: 5432
|
||||
ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_plausible-db: plausible-db
|
||||
SERVER_plausible-db: plausible-db
|
||||
USER_plausible-db: plausible
|
||||
PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD}
|
||||
PORT_plausible-db: 5432
|
||||
ENGINE_plausible-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_reactive-resume-pg: reactive-resume-pg
|
||||
SERVER_reactive-resume-pg: reactive-resume-pg
|
||||
USER_reactive-resume-pg: reactiveresume
|
||||
PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD}
|
||||
PORT_reactive-resume-pg: 5432
|
||||
ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_sonarqube-pg-db: sonarqube-pg-db
|
||||
SERVER_sonarqube-pg-db: sonarqube-pg-db
|
||||
USER_sonarqube-pg-db: sonar
|
||||
PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD}
|
||||
PORT_sonarqube-pg-db: 5432
|
||||
ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_tandoor-pg: tandoor-pg
|
||||
SERVER_tandoor-pg: tandoor-pg
|
||||
USER_tandoor-pg: tandoor
|
||||
PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD}
|
||||
PORT_tandoor-pg: 5432
|
||||
ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres
|
||||
|
||||
LABEL_redis: redis
|
||||
SERVER_redis: redis
|
||||
PORT_redis: 6379
|
||||
ENGINE_redis: redis@dbgate-plugin-redis
|
||||
image: dbgate/dbgate:alpine
|
||||
labels:
|
||||
homepage.group: System Administration
|
||||
homepage.name: DbGate
|
||||
homepage.href: https://dbs.${MY_TLD}
|
||||
homepage.icon: sh-dbgate.png
|
||||
homepage.description: Cross-platform database manager
|
||||
swag: enable
|
||||
swag_port: 3000
|
||||
swag_proto: http
|
||||
swag_url: dbs.${MY_TLD}
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
|
||||
ports:
|
||||
- 49054:3000
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- dbgate-data:/root/.dbgate
|
||||
delugevpn:
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
@@ -1268,77 +1154,74 @@ services:
|
||||
restart: always
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
|
||||
- authelia-pg-db:/data/authelia-pg-db:ro
|
||||
- bitmagnet-pg-db:/data/bitmagnet-pg-db:ro
|
||||
- bunkerweb-storage:/data/bunkerweb-storage:ro
|
||||
- castopod-media:/data/castopod-media:ro
|
||||
- crowdsec-config:/data/crowdsec-config:ro
|
||||
- crowdsec-db:/data/crowdsec-db:ro
|
||||
- dawarich_db_data:/data/dawarich_db_data:ro
|
||||
- dawarich_shared:/data/dawarich_shared:ro
|
||||
- dawarich_public:/data/dawarich_public:ro
|
||||
- dawarich_watched:/data/dawarich_watched:ro
|
||||
- dbgate-data:/data/dbgate-data:ro
|
||||
- docker-volume-bkup-data:/data/docker-volume-bkup-data:ro
|
||||
- fastenhealth-cache:/data/fastenhealth-cache:ro
|
||||
- fastenhealth-db:/data/fastenhealth-db:ro
|
||||
- filebeat_etc:/data/filebeat_etc:ro
|
||||
- filebeat_var:/data/filebeat_var:ro
|
||||
- gitea-pg-db:/data/gitea-pg-db:ro
|
||||
- hortusfox_app_backup:/data/hortusfox_app_backup:ro
|
||||
- hortusfox_app_images:/data/hortusfox_app_images:ro
|
||||
- hortusfox_app_logs:/data/hortusfox_app_logs:ro
|
||||
- hortusfox_app_migrate:/data/hortusfox_app_migrate:ro
|
||||
- hortusfox_app_themes:/data/hortusfox_app_themes:ro
|
||||
- hortusfox_db_data:/data/hortusfox_db_data:ro
|
||||
- immich-model-cache:/data/immich-model-cache:ro
|
||||
- influxdb2-data:/data/influxdb2-data:ro
|
||||
- influxdb2-config:/data/influxdb2-config:ro
|
||||
- invidious-postgres:/data/invidious-postgres:ro
|
||||
- invoice-ninja_cache:/data/invoice-ninja_cache:ro
|
||||
- invoice-ninja_public:/data/invoice-ninja_public:ro
|
||||
- invoice-ninja_storage:/data/invoice-ninja_storage:ro
|
||||
- jitsi-web-admin-theme:/data/jitsi-web-admin-theme:ro
|
||||
- jitsi-web-admin-upload:/data/jitsi-web-admin-upload:ro
|
||||
- joplin_data:/data/joplin_data:ro
|
||||
- librechat-pg-data:/data/librechat-pg-data:ro
|
||||
- libretranslate_models:/data/libretranslate_models:ro
|
||||
- lldap_data:/data/lldap_data:ro
|
||||
- mastodon-pg-db:/data/mastodon-pg-db:ro
|
||||
- mixpost-storage:/data/mixpost-storage:ro
|
||||
- mixpost-logs:/data/mixpost-logs:ro
|
||||
- mongodb_config:/data/mongodb_config:ro
|
||||
- mongodb_data:/data/mongodb_data:ro
|
||||
- n8n-data:/data/n8n-data:ro
|
||||
- netbird-mgmt:/data/netbird-mgmt:ro
|
||||
- netbird-signal:/data/netbird-signal:ro
|
||||
- netbird-letsencrypt:/data/netbird-letsencrypt:ro
|
||||
- nextcloud_aio_mastercontainer:/data/nextcloud_aio_mastercontainer:ro
|
||||
- ollama:/data/ollama:ro
|
||||
- open-webui:/data/open-webui:ro
|
||||
- paperless-ngx-data:/data/paperless-ngx-data:ro
|
||||
- paperless-ngx-media:/data/paperless-ngx-media:ro
|
||||
- paperless-ngx-pg:/data/paperless-ngx-pg:ro
|
||||
- peppermint-pg-data:/data/peppermint-pg-data:ro
|
||||
- pgbackweb-data:/data/pgbackweb-data:ro
|
||||
- plausible-db-data:/data/plausible-db-data:ro
|
||||
- plausible-event-data:/data/plausible-event-data:ro
|
||||
- plausible-event-logs:/data/plausible-event-logs:ro
|
||||
- portainer-data:/data/portainer-data:ro
|
||||
- reactive-resume-pg:/data/reactive-resume-pg:ro
|
||||
- semaphore_config:/data/semaphore_config:ro
|
||||
- semaphore_data:/data/semaphore_data:ro
|
||||
- semaphore_tmp:/data/semaphore_tmp:ro
|
||||
- sonarqube-data:/data/sonarqube-data:ro
|
||||
- sonarqube-db:/data/sonarqube-db:ro
|
||||
- sonarqube-db-data:/data/sonarqube-db-data:ro
|
||||
- sonarqube-extensions:/data/sonarqube-extensions:ro
|
||||
- sonarqube-logs:/data/sonarqube-logs:ro
|
||||
- sonarqube-temp:/data/sonarqube-temp:ro
|
||||
- tandoor-pg:/data/tandoor-pg:ro
|
||||
- unmanic-cache:/data/unmanic-cache:ro
|
||||
- wallos-db:/data/wallos-db:ro
|
||||
- wallos-logos:/data/wallos-logos:ro
|
||||
- authelia-pg-db:/backup/authelia-pg-db:ro
|
||||
- bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
|
||||
- bunkerweb-storage:/backup/bunkerweb-storage:ro
|
||||
- castopod-media:/backup/castopod-media:ro
|
||||
- crowdsec-config:/backup/crowdsec-config:ro
|
||||
- crowdsec-db:/backup/crowdsec-db:ro
|
||||
- dawarich_db_data:/backup/dawarich_db_data:ro
|
||||
- dawarich_shared:/backup/dawarich_shared:ro
|
||||
- dawarich_public:/backup/dawarich_public:ro
|
||||
- dawarich_watched:/backup/dawarich_watched:ro
|
||||
- docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
|
||||
- fastenhealth-cache:/backup/fastenhealth-cache:ro
|
||||
- fastenhealth-db:/backup/fastenhealth-db:ro
|
||||
- gitea-pg-db:/backup/gitea-pg-db:ro
|
||||
- hortusfox_app_backup:/backup/hortusfox_app_backup:ro
|
||||
- hortusfox_app_images:/backup/hortusfox_app_images:ro
|
||||
- hortusfox_app_logs:/backup/hortusfox_app_logs:ro
|
||||
- hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
|
||||
- hortusfox_app_themes:/backup/hortusfox_app_themes:ro
|
||||
- hortusfox_db_data:/backup/hortusfox_db_data:ro
|
||||
- immich-model-cache:/backup/immich-model-cache:ro
|
||||
- influxdb2-data:/backup/influxdb2-data:ro
|
||||
- influxdb2-config:/backup/influxdb2-config:ro
|
||||
- invidious-postgres:/backup/invidious-postgres:ro
|
||||
- invoice-ninja_cache:/backup/invoice-ninja_cache:ro
|
||||
- invoice-ninja_public:/backup/invoice-ninja_public:ro
|
||||
- invoice-ninja_storage:/backup/invoice-ninja_storage:ro
|
||||
- jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
|
||||
- jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
|
||||
- joplin_data:/backup/joplin_data:ro
|
||||
- librechat-pg-data:/backup/librechat-pg-data:ro
|
||||
- libretranslate_models:/backup/libretranslate_models:ro
|
||||
- lldap_data:/backup/lldap_data:ro
|
||||
- mastodon-pg-db:/backup/mastodon-pg-db:ro
|
||||
- mixpost-storage:/backup/mixpost-storage:ro
|
||||
- mixpost-logs:/backup/mixpost-logs:ro
|
||||
- mongodb_config:/backup/mongodb_config:ro
|
||||
- mongodb_data:/backup/mongodb_data:ro
|
||||
- n8n-data:/backup/n8n-data:ro
|
||||
- netbird-mgmt:/backup/netbird-mgmt:ro
|
||||
- netbird-signal:/backup/netbird-signal:ro
|
||||
- netbird-letsencrypt:/backup/netbird-letsencrypt:ro
|
||||
- nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
|
||||
- ollama:/backup/ollama:ro
|
||||
- open-webui:/backup/open-webui:ro
|
||||
- paperless-ngx-data:/backup/paperless-ngx-data:ro
|
||||
- paperless-ngx-media:/backup/paperless-ngx-media:ro
|
||||
- paperless-ngx-pg:/backup/paperless-ngx-pg:ro
|
||||
- peppermint-pg-data:/backup/peppermint-pg-data:ro
|
||||
- pgbackweb-data:/backup/pgbackweb-data:ro
|
||||
- plausible-db-data:/backup/plausible-db-data:ro
|
||||
- plausible-event-data:/backup/plausible-event-data:ro
|
||||
- plausible-event-logs:/backup/plausible-event-logs:ro
|
||||
- portainer-data:/backup/portainer-data:ro
|
||||
- reactive-resume-pg:/backup/reactive-resume-pg:ro
|
||||
- semaphore_config:/backup/semaphore_config:ro
|
||||
- semaphore_data:/backup/semaphore_data:ro
|
||||
- semaphore_tmp:/backup/semaphore_tmp:ro
|
||||
- sonarqube-data:/backup/sonarqube-data:ro
|
||||
- sonarqube-db:/backup/sonarqube-db:ro
|
||||
- sonarqube-db-data:/backup/sonarqube-db-data:ro
|
||||
- sonarqube-extensions:/backup/sonarqube-extensions:ro
|
||||
- sonarqube-logs:/backup/sonarqube-logs:ro
|
||||
- sonarqube-temp:/backup/sonarqube-temp:ro
|
||||
- tandoor-pg:/backup/tandoor-pg:ro
|
||||
- unmanic-cache:/backup/unmanic-cache:ro
|
||||
- wallos-db:/backup/wallos-db:ro
|
||||
- wallos-logos:/backup/wallos-logos:ro
|
||||
docuseal:
|
||||
container_name: docuseal
|
||||
image: docuseal/docuseal:latest
|
||||
@@ -1704,6 +1587,86 @@ services:
|
||||
type: bind
|
||||
bind:
|
||||
create_host_path: true
|
||||
graylog:
|
||||
container_name: graylog
|
||||
image: ${GRAYLOG_IMAGE:-graylog/graylog:6.1}
|
||||
depends_on:
|
||||
graylog-datanode:
|
||||
condition: service_started
|
||||
required: true
|
||||
mongodb:
|
||||
condition: service_started
|
||||
required: true
|
||||
entrypoint: /usr/bin/tini -- /docker-entrypoint.sh
|
||||
environment:
|
||||
GRAYLOG_NODE_ID_FILE: /usr/share/graylog/data/data/node-id
|
||||
GRAYLOG_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
|
||||
GRAYLOG_ROOT_PASSWORD_SHA2: ${GRAYLOG_ROOT_PASSWORD_SHA2}
|
||||
GRAYLOG_HTTP_BIND_ADDRESS: 0.0.0.0:9000
|
||||
GRAYLOG_HTTP_EXTERNAL_URI: http://localhost:9000/
|
||||
GRAYLOG_MONGODB_URI: mongodb://graylog:${GRAYLOG_MONGODB_PASSWORD}@mongodb:27017/graylog?replicaSet=rinoa
|
||||
GRAYLOG_ROOT_EMAIL: charish.patel@${MY_TLD}
|
||||
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
||||
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: ${POSTAL_SMTP_AUTH_USER}
|
||||
GRAYLOG_TRANSPORT_EMAIL_ENABLED: true
|
||||
GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL: noreply@${MY_TLD}
|
||||
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: postal-smtp
|
||||
GRAYLOG_TRANSPORT_EMAIL_PORT: 25
|
||||
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: true
|
||||
labels:
|
||||
homepage.group: Infrastructure/App Performance Monitoring
|
||||
homepage.name: Graylog
|
||||
homepage.href: https://logs.${MY_TLD}
|
||||
homepage.icon: sh-graylog.svg
|
||||
homepage.description: Log Management
|
||||
swag: enable
|
||||
swag_port: 9000
|
||||
swag_proto: http
|
||||
swag.uptime-kuma.enabled: true
|
||||
ports:
|
||||
- 5044:5044/tcp # Beats
|
||||
- 5140:5140/udp # Syslog
|
||||
- 5140:5140/tcp # Syslog
|
||||
- 5555:5555/tcp # RAW TCP
|
||||
- 5555:5555/udp # RAW UDP
|
||||
- 13457:9000/tcp # Server API
|
||||
- 12201:12201/tcp # GELF TCP
|
||||
- 12201:12201/udp # GELF UDP
|
||||
#- 10000:10000/tcp # Custom TCP port
|
||||
#- 10000:10000/udp # Custom UDP port
|
||||
- 13301:13301/tcp # Forwarder data
|
||||
- 13302:13302/tcp # Forwarder config
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- graylog-data:/usr/share/graylog/data/data
|
||||
graylog-datanode:
|
||||
container_name: graylog-datanode
|
||||
image: ${DATANODE_IMAGE:-graylog/graylog-datanode:6.1}
|
||||
environment:
|
||||
GRAYLOG_DATANODE_NODE_ID_FILE: /var/lib/graylog-datanode/node-id
|
||||
GRAYLOG_DATANODE_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
|
||||
GRAYLOG_DATANODE_MONGODB_URI: mongodb://graylog:${GRAYLOG_MONGODB_PASSWORD}@mongodb:27017/graylog?replicaSet=rinoa
|
||||
GRAYLOG_PATH_REPO: graylog
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_ACCESS_KEY: ${GRAYLOG_S3_ACCESS_KEY}
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_ENDPOINT: minio:9000
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_PATH_STYLE_ACCESS: 1
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_PROTOCOL: http
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_REGION: us-east-fh-pln
|
||||
GRAYLOG_S3_CLIENT_DEFAULT_SECRET_KEY: ${GRAYLOG_S3_SECRET_KEY}
|
||||
ports:
|
||||
- 8999:8999
|
||||
- 9200:9200
|
||||
- 9300:9300
|
||||
restart: on-failure
|
||||
ulimits:
|
||||
memlock:
|
||||
hard: -1
|
||||
soft: -1
|
||||
nofile:
|
||||
soft: 65536
|
||||
hard: 65536
|
||||
volumes:
|
||||
- graylog-datanode:/var/lib/graylog-datanode
|
||||
guacamole:
|
||||
container_name: guacamole
|
||||
environment:
|
||||
@@ -1731,11 +1694,11 @@ services:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
homepage:
|
||||
container_name: homepage
|
||||
environment:
|
||||
HOMEPAGE_ALLOWED_HOSTS: ${MY_TLD}
|
||||
image: ghcr.io/gethomepage/homepage:latest
|
||||
labels:
|
||||
swag_server_custom_directive: access_log /config/log/$$host_access.log ; error_log /config/log/$$host_error.log ;
|
||||
networks:
|
||||
default: null
|
||||
ports:
|
||||
- 3004:3000
|
||||
restart: unless-stopped
|
||||
@@ -1790,8 +1753,12 @@ services:
|
||||
condition: service_started
|
||||
required: true
|
||||
immich-pg-db:
|
||||
condition: service_started
|
||||
condition: service_healthy
|
||||
required: true
|
||||
immich-machine-learning:
|
||||
condition: service_healthy
|
||||
required: true
|
||||
restart: true
|
||||
environment:
|
||||
DB_DATABASE_NAME: immich
|
||||
DB_HOSTNAME: immich-pg-db
|
||||
@@ -1835,10 +1802,6 @@ services:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
immich-machine-learning:
|
||||
container_name: immich-machine-learning
|
||||
depends_on:
|
||||
immich-server:
|
||||
condition: service_started
|
||||
required: true
|
||||
healthcheck:
|
||||
disable: false
|
||||
image: ghcr.io/immich-app/immich-machine-learning:release
|
||||
@@ -2968,15 +2931,15 @@ services:
|
||||
labels:
|
||||
homepage.group: Media Library
|
||||
homepage.name: Maloja
|
||||
homepage.href: https://scrobble.${MY_TLD}
|
||||
homepage.href: https://maloja.${MY_TLD}
|
||||
homepage.icon: maloja.png
|
||||
homepage.description: Simple self-hosted music scrobble database to create personal listening statistics
|
||||
swag: enable
|
||||
swag_proto: http
|
||||
swag_port: 42010
|
||||
swag_url: scrobble.${MY_TLD}
|
||||
swag_url: maloja.${MY_TLD}
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
|
||||
swag.uptime-kuma.monitor.url: https://maloja.${MY_TLD}
|
||||
networks:
|
||||
default: null
|
||||
ports:
|
||||
@@ -3251,6 +3214,7 @@ services:
|
||||
multi-scrobbler:
|
||||
container_name: multi-scrobbler
|
||||
environment:
|
||||
BASE_URL: https://scrobble.trez.wtf
|
||||
TZ: ${TZ}
|
||||
PUID: ${PUID}
|
||||
PGID: ${PGID}
|
||||
@@ -3258,7 +3222,7 @@ services:
|
||||
MALOJA_API_KEY: ${MALOJA_API_KEY}
|
||||
LASTFM_API_KEY: ${LASTFM_API_KEY}
|
||||
LASTFM_API_SECRET: ${LASTFM_API_SECRET}
|
||||
LZ_USER: Trez.on
|
||||
LZ_USER: Trez.One
|
||||
LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN}
|
||||
SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
|
||||
SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
|
||||
@@ -3266,9 +3230,15 @@ services:
|
||||
labels:
|
||||
homepage.group: Media Library
|
||||
homepage.name: Multi-Scrobbler
|
||||
homepage.href: http://192.168.1.254:9078
|
||||
homepage.href: https://scrobble.trez.wtf
|
||||
homepage.icon: sh-multi-scrobbler.svg
|
||||
homepage.description: JS App for scrobbling/recording play history from/to multiple sources
|
||||
swag: enable
|
||||
swag_proto: http
|
||||
swag_port: 9078
|
||||
swag_url: scrobble.${MY_TLD}
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
|
||||
networks:
|
||||
default: null
|
||||
ports:
|
||||
@@ -3310,13 +3280,20 @@ services:
|
||||
navidrome:
|
||||
container_name: navidrome
|
||||
environment:
|
||||
ND_AUTOIMPORTPLAYLISTS: false
|
||||
ND_AUTOIMPORTPLAYLISTS: true
|
||||
ND_BASEURL: ""
|
||||
ND_BACKUP_PATH: /backups
|
||||
ND_BACKUP_SCHEDULE: '@every 6h'
|
||||
ND_BACKUP_COUNT: 7
|
||||
ND_ENABLEGRAVATAR: true
|
||||
ND_ENABLESHARING: true
|
||||
ND_LASTFM_APIKEY: ${LASTFM_API_KEY}
|
||||
ND_LASTFM_ENABLED: true
|
||||
ND_LASTFM_SECRET: ${LASTFM_API_SECRET}
|
||||
ND_LISTENBRAINZ_ENABLED: true
|
||||
ND_LOGLEVEL: info
|
||||
ND_MUSICFOLDER: /music
|
||||
ND_PLAYLISTPATH: /playlists
|
||||
ND_SCANNER_GROUPALBUMRELEASES: true
|
||||
ND_SCANSCHEDULE: '@every 6h'
|
||||
ND_SESSIONTIMEOUT: 24h
|
||||
@@ -3333,8 +3310,8 @@ services:
|
||||
homepage.widget.type: navidrome
|
||||
homepage.widget.url: http://navidrome:4533
|
||||
homepage.widget.user: admin
|
||||
homepage.widget.token: e8a9e97b29aa963fa4729c633289d232
|
||||
homepage.widget.salt: v5Z93Z
|
||||
homepage.widget.token: ${NAVIDROME_HOMEPAGE_TOKEN}
|
||||
homepage.widget.salt: ${NAVIDROME_HOMEPAGE_SALT}
|
||||
swag: enable
|
||||
swag_port: 4533
|
||||
swag_proto: http
|
||||
@@ -3348,16 +3325,10 @@ services:
|
||||
restart: unless-stopped
|
||||
user: 1000:1000
|
||||
volumes:
|
||||
- source: ${DOCKER_VOLUME_CONFIG}/navidrome
|
||||
target: /data
|
||||
type: bind
|
||||
bind:
|
||||
create_host_path: true
|
||||
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
|
||||
target: /music
|
||||
type: bind
|
||||
bind:
|
||||
create_host_path: true
|
||||
- ${DOCKER_VOLUME_CONFIG}/navidrome:/data
|
||||
- ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
|
||||
- ${DOCKER_VOLUME_STORAGE}/Audio/Playlists:/playlists
|
||||
- ${DOCKER_VOLUME_STORAGE}/backups/navidrome:/backups
|
||||
netalertx:
|
||||
container_name: netalertx
|
||||
environment:
|
||||
@@ -3385,123 +3356,124 @@ services:
|
||||
target: /app/api
|
||||
# (API: OPTION 2) use when debugging issues
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
|
||||
# netbird-dashboard:
|
||||
# container_name: netbird-dashboard
|
||||
# environment:
|
||||
# # Endpoints
|
||||
# NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073
|
||||
# NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073
|
||||
# # OIDC
|
||||
# AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID}
|
||||
# AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID}
|
||||
# AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET}
|
||||
# AUTH_AUTHORITY: https://id.${MY_TLD}
|
||||
# USE_AUTH0: false
|
||||
# AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
|
||||
# AUTH_REDIRECT_URI: /auth
|
||||
# AUTH_SILENT_REDIRECT_URI: /silent-auth
|
||||
# NETBIRD_TOKEN_SOURCE: accessToken
|
||||
# # SSL
|
||||
# NGINX_SSL_PORT: 443
|
||||
# # Letsencrypt
|
||||
# LETSENCRYPT_DOMAIN:
|
||||
# LETSENCRYPT_EMAIL:
|
||||
# image: netbirdio/dashboard:latest
|
||||
# labels:
|
||||
# homepage.group: Privacy/Security
|
||||
# homepage.name: Netbird
|
||||
# homepage.href: https://netbird.${MY_TLD}
|
||||
# homepage.icon: netbird.svg
|
||||
# homepage.description: Peer-to-peer private network and centralized access control system
|
||||
# swag: enable
|
||||
# swag_proto: http
|
||||
# swag_port: 80
|
||||
# swag_auth: authelia
|
||||
# swag_url: netbird.${MY_TLD}
|
||||
# swag_server_custom_directive: |
|
||||
# location /signalexchange.SignalExchange/ {
|
||||
# grpc_pass grpc://netbird-signal:80;
|
||||
# #grpc_ssl_verify off;
|
||||
# grpc_read_timeout 1d;
|
||||
# grpc_send_timeout 1d;
|
||||
# grpc_socket_keepalive on;
|
||||
# }
|
||||
# # Proxy Management http endpoint
|
||||
# location /api {
|
||||
# proxy_pass http://netbird-management:443;
|
||||
# }
|
||||
# # Proxy Management grpc endpoint
|
||||
# location /management.ManagementService/ {
|
||||
# grpc_pass grpc://netbird-management:443;
|
||||
# #grpc_ssl_verify off;
|
||||
# grpc_read_timeout 1d;
|
||||
# grpc_send_timeout 1d;
|
||||
# grpc_socket_keepalive on;
|
||||
# }
|
||||
# swag.uptime-kuma.enabled: true
|
||||
# swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD}
|
||||
# ports:
|
||||
# - 32908:80
|
||||
# - 36610:443
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - netbird-letsencrypt:/etc/letsencrypt/
|
||||
# netbird-signal:
|
||||
# container_name: netbird-signal
|
||||
# image: netbirdio/signal:latest
|
||||
# ports:
|
||||
# - 10001:80
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - netbird-signal:/var/lib/netbird
|
||||
# netbird-relay:
|
||||
# container_name: netbird-relay
|
||||
# image: netbirdio/relay:latest
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# NB_LOG_LEVEL: info
|
||||
# NB_LISTEN_ADDRESS: :33080
|
||||
# NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080
|
||||
# # todo: change to a secure secret
|
||||
# NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
|
||||
# ports:
|
||||
# - 33080:33080
|
||||
# netbird-management:
|
||||
# command: [
|
||||
# "--port", "443",
|
||||
# "--log-file", "console",
|
||||
# "--log-level", "info",
|
||||
# "--disable-anonymous-metrics=false",
|
||||
# "--single-account-mode-domain=netbird.${MY_TLD}",
|
||||
# "--dns-domain=netbird.selfhosted"
|
||||
# ]
|
||||
# container_name: netbird-management
|
||||
# depends_on:
|
||||
# netbird-dashboard:
|
||||
# condition: service_started
|
||||
# environment:
|
||||
# NETBIRD_STORE_ENGINE_POSTGRES_DSN:
|
||||
# NETBIRD_STORE_ENGINE_MYSQL_DSN:
|
||||
# image: netbirdio/management:latest
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - netbird-mgmt:/var/lib/netbird
|
||||
# - netbird-letsencrypt:/etc/letsencrypt:ro
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
|
||||
# ports:
|
||||
# - 23833:443 #API port
|
||||
# netbird-coturn:
|
||||
# command:
|
||||
# - -c /etc/turnserver.conf
|
||||
# container_name: netbird-coturn
|
||||
# image: coturn/coturn:latest
|
||||
# restart: unless-stopped
|
||||
# #domainname: netbird.${MY_TLD} # only needed when TLS is enabled
|
||||
# volumes:
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
|
||||
# network_mode: host
|
||||
netbird-dashboard:
|
||||
container_name: netbird-dashboard
|
||||
environment:
|
||||
# Endpoints
|
||||
NETBIRD_MGMT_API_ENDPOINT: https://vpn.${MY_TLD}
|
||||
NETBIRD_MGMT_GRPC_API_ENDPOINT: https://vpn.${MY_TLD}
|
||||
# OIDC
|
||||
AUTH_AUDIENCE: none
|
||||
AUTH_CLIENT_ID: netbird
|
||||
AUTH_CLIENT_SECRET: ${AUTHELIA_NETBIRD_CLIENT_SECRET}
|
||||
AUTH_AUTHORITY: https://auth.${MY_TLD}
|
||||
USE_AUTH0: false
|
||||
AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
|
||||
AUTH_REDIRECT_URI: /peers
|
||||
AUTH_SILENT_REDIRECT_URI: /add-peers
|
||||
NETBIRD_TOKEN_SOURCE: idToken
|
||||
# SSL
|
||||
NGINX_SSL_PORT: 443
|
||||
# Letsencrypt
|
||||
LETSENCRYPT_DOMAIN:
|
||||
LETSENCRYPT_EMAIL:
|
||||
image: netbirdio/dashboard:latest
|
||||
labels:
|
||||
homepage.group: Privacy/Security
|
||||
homepage.name: Netbird
|
||||
homepage.href: https://vpn.${MY_TLD}
|
||||
homepage.icon: netbird.svg
|
||||
homepage.description: Peer-to-peer private network and centralized access control system
|
||||
swag: enable
|
||||
swag_proto: http
|
||||
swag_port: 80
|
||||
swag_auth: authelia
|
||||
swag_url: vpn.${MY_TLD}
|
||||
swag_server_custom_directive: |
|
||||
location /signalexchange.SignalExchange/ {
|
||||
grpc_pass grpc://netbird-signal:10000;
|
||||
#grpc_ssl_verify off;
|
||||
grpc_read_timeout 1d;
|
||||
grpc_send_timeout 1d;
|
||||
grpc_socket_keepalive on;
|
||||
}
|
||||
# Proxy Management http endpoint
|
||||
location /api {
|
||||
proxy_pass http://netbird-management;
|
||||
}
|
||||
# Proxy Management grpc endpoint
|
||||
location /management.ManagementService/ {
|
||||
grpc_pass grpc://netbird-management;
|
||||
#grpc_ssl_verify off;
|
||||
grpc_read_timeout 1d;
|
||||
grpc_send_timeout 1d;
|
||||
grpc_socket_keepalive on;
|
||||
}
|
||||
swag.uptime-kuma.enabled: true
|
||||
swag.uptime-kuma.monitor.url: https://vpn.${MY_TLD}
|
||||
ports:
|
||||
- 32908:80
|
||||
- 36610:443
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- netbird-letsencrypt:/etc/letsencrypt/
|
||||
netbird-signal:
|
||||
container_name: netbird-signal
|
||||
expose:
|
||||
- 10000
|
||||
image: netbirdio/signal:latest
|
||||
ports:
|
||||
- 10001:80
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- netbird-signal:/var/lib/netbird
|
||||
netbird-relay:
|
||||
container_name: netbird-relay
|
||||
image: netbirdio/relay:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
NB_LOG_LEVEL: info
|
||||
NB_LISTEN_ADDRESS: :33080
|
||||
NB_EXPOSED_ADDRESS: vpn.${MY_TLD}:33080
|
||||
# todo: change to a secure secret
|
||||
NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
|
||||
ports:
|
||||
- 33080:33080
|
||||
netbird-management:
|
||||
command: [
|
||||
"--port", "443",
|
||||
"--log-file", "console",
|
||||
"--log-level", "info",
|
||||
"--disable-anonymous-metrics=false",
|
||||
"--single-account-mode-domain=vpn.${MY_TLD}",
|
||||
"--dns-domain=vpn.trez.wtf"
|
||||
]
|
||||
container_name: netbird-management
|
||||
depends_on:
|
||||
netbird-dashboard:
|
||||
condition: service_started
|
||||
environment:
|
||||
NETBIRD_STORE_ENGINE_POSTGRES_DSN:
|
||||
NETBIRD_STORE_ENGINE_MYSQL_DSN:
|
||||
image: netbirdio/management:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- netbird-mgmt:/var/lib/netbird
|
||||
- netbird-letsencrypt:/etc/letsencrypt:ro
|
||||
- ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
|
||||
ports:
|
||||
- 33073:443 #API port
|
||||
netbird-coturn:
|
||||
command:
|
||||
- -c /etc/turnserver.conf
|
||||
container_name: netbird-coturn
|
||||
image: coturn/coturn:latest
|
||||
restart: unless-stopped
|
||||
#domainname: vpn.${MY_TLD} # only needed when TLS is enabled
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
|
||||
# - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
|
||||
nextcloud:
|
||||
container_name: nextcloud-aio-mastercontainer
|
||||
environment:
|
||||
@@ -3641,37 +3613,6 @@ services:
|
||||
type: bind
|
||||
bind:
|
||||
create_host_path: true
|
||||
parseable:
|
||||
container_name: parseable
|
||||
command: [ "parseable", "s3-store" ]
|
||||
depends_on:
|
||||
- minio
|
||||
environment:
|
||||
P_STAGING_DIR: /staging
|
||||
P_ADDR: 0.0.0.0:8000
|
||||
P_USERNAME: admin
|
||||
P_PASSWORD: ${PARSEABLE_PASSWORD}
|
||||
P_S3_URL: http://minio:9000
|
||||
P_S3_BUCKET: parseable
|
||||
P_S3_ACCESS_KEY: ${PARSEABLE_S3_ACCESS_KEY}
|
||||
P_S3_SECRET_KEY: ${PARSEABLE_S3_SECRET_KEY}
|
||||
P_S3_REGION: us-east-fh-pln
|
||||
image: containers.parseable.com/parseable/parseable:latest
|
||||
labels:
|
||||
homepage.group: Infrastructure/App Performance Monitoring
|
||||
homepage.name: Parseable
|
||||
homepage.href: https://logs.${MY_TLD}
|
||||
homepage.icon: parseable.svg
|
||||
homepage.description: Log analytics system for high throughput log ingestion
|
||||
swag: enable
|
||||
swag_proto: http
|
||||
swag_port: 8000
|
||||
swag_url: logs.${MY_TLD}
|
||||
ports:
|
||||
- 14453:8000
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
|
||||
pgbackweb:
|
||||
container_name: pgbackweb
|
||||
depends_on:
|
||||
@@ -3991,7 +3932,7 @@ services:
|
||||
MAIL_FROM: noreply@trez.wtf
|
||||
NODE_ENV: production
|
||||
PORT: 3000
|
||||
PUBLIC_URL: https://resume.${MY_TLD}
|
||||
PUBLIC_URL: http://reactive-resume:3000
|
||||
REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET}
|
||||
SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
|
||||
STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY}
|
||||
@@ -4736,7 +4677,7 @@ services:
|
||||
VALIDATION: dns
|
||||
CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||
CROWDSEC_LAPI_URL: http://crowdsec:8080
|
||||
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma
|
||||
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma
|
||||
PROPAGATION: 30
|
||||
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
|
||||
UPTIME_KUMA_URL: http://uptimekuma:3001
|
||||
@@ -4897,6 +4838,10 @@ services:
|
||||
volume: {}
|
||||
uptimekuma:
|
||||
container_name: uptimekuma
|
||||
depends_on:
|
||||
swag:
|
||||
condition: service_started
|
||||
required: true
|
||||
environment:
|
||||
PGID: ${PGID}
|
||||
PUID: ${PUID}
|
||||
@@ -4969,16 +4914,6 @@ services:
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
|
||||
- ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
|
||||
vector:
|
||||
image: timberio/vector:0.44.0-alpine
|
||||
container_name: vector
|
||||
environment:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
ports:
|
||||
- 60157:8686
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_CONFIG}/vector/vector.yaml:/etc/vector/vector.yaml:ro
|
||||
wallabag:
|
||||
container_name: wallabag
|
||||
depends_on:
|
||||
@@ -5229,20 +5164,18 @@ volumes:
|
||||
name: dawarich_public
|
||||
dawarich_watched:
|
||||
name: dawarich_watched
|
||||
dbgate-data:
|
||||
name: dbgate-data
|
||||
docker-volume-bkup-data:
|
||||
name: docker-volume-bkup-data
|
||||
fastenhealth-cache:
|
||||
name: fastenhealth-cache
|
||||
fastenhealth-db:
|
||||
name: fastenhealth-db
|
||||
filebeat_etc:
|
||||
name: filebeat_etc
|
||||
filebeat_var:
|
||||
name: filebeat_var
|
||||
gitea-pg-db:
|
||||
name: gitea-pg-db
|
||||
graylog-data:
|
||||
name: graylog-data
|
||||
graylog-datanode:
|
||||
name: graylog-datanode
|
||||
hortusfox_app_backup:
|
||||
name: hortusfox_app_backup
|
||||
hortusfox_app_images:
|
||||
|
||||
Reference in New Issue
Block a user