Adjusting Docker Compose actions.

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -58,26 +58,25 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: PR Check'
           notification_message: 'PR Created 🎟️'
-  docker-compose-dry-run:
-    name: Docker Compose Dry Run
-    needs: [check-and-create-pr]
+  generate-service-list:
+    name: Generate list of added/modified/deleted services
     runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
-      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+    needs: [check-and-create-pr]
     outputs:
-      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+      svc_deploy_list: ${{ steps.detected_services.outputs.docker_svc_list }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Fetch base branch
         run: |
           git fetch origin ${{ github.event.pull_request.base.ref }}
-      - name: Login to Gitea Container Registry
-        run: |
-          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Services TBD'
+          notification_message: 'Generating list of services to deploy...'
       - name: Save both versions of docker-compose.yml
         run: |
           git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -107,8 +106,27 @@ jobs:
           echo "Detected service changes:"
           cat service_changes.txt
 
-          svc_list=$(paste -sd '|' service_changes.txt)
-          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
+          temp_svc_list=$(paste -sd '|' service_changes.txt)
+          mod_svcs=$(echo "${temp_svc_list}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo "docker_svc_list=$mod_svcs" >> "$GITHUB_OUTPUT"
+      - name: Testing service list output
+        run: |
+          echo ${{ steps.detected_services.outputs.docker_svc_list }}
+  docker-compose-dry-run:
+    name: Docker Compose Dry Run
+    needs: [generate-service-list]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Gitea Container Registry
+        run: |
+          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Gotify Notification
@@ -118,37 +136,18 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
           notification_message: 'Starting Docker Compose dry run...'
-      - name: Cache .env Files
-        uses: actions/cache@v4
-        with:
-          path: .env
-          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
-      - name: Generate modified services list & .env file for Docker Compose Dry Run
-        id: modded_svcs
+      - name: Generate .env file for Docker Compose
         run: |
-          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
-          echo ${mod_svcs}
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
-      - name: Testing service list output
-        run: |
-          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
       - name: Docker Compose Dry Run
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: chaplyk/docker-compose-remote-action@v1.1
-        with:
-          ssh_host: 192.168.1.254
-          ssh_port: 22
-          ssh_user: gitea-deploy
-          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
-          service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
-          compose_file: docker-compose.yml
-          pull: false
-          build: false
-          options: -d --remove-orphans
+        uses: hoverkraft-tech/compose-action@v2.2.0
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
+        with:
+          services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans --dry-run
+          down-flags: --dry-run
+          compose-flags: --dry-run
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -158,7 +157,7 @@ jobs:
           notification_message: 'Docker Compose dry run completed successfully.'
   cloudflare-dns-setup:
     name: Cloudflare DNS Setup
-    needs: [docker-compose-ansible-lints]
+    needs: [docker-compose-dry-run]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -299,7 +298,7 @@ jobs:
   docker-compose-deploy:
     name: Docker Compose Deployment
     runs-on: ubuntu-latest
-    needs: [docker-compose-dry-run, pr-merge]
+    needs: [generate-service-list, docker-compose-dry-run, pr-merge]
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
@@ -333,21 +332,14 @@ jobs:
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: chaplyk/docker-compose-remote-action@v1.1
+        uses: hoverkraft-tech/compose-action@v2.2.0
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
         with:
-          ssh_host: 192.168.1.254
-          ssh_port: 22
-          ssh_user: gitea-deploy
-          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
-          service: ${DOCKER_SVC_LIST}
-          compose_file: docker-compose.yml
-          pull: false
-          build: false
-          options: -d --remove-orphans
+          docker-flags: -H "$DOCKER_HOST"
+          services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans
+          down-flags: --dry-run
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:

ansible/app-configs/loggifly/config.yaml.j2

@@ -13,6 +13,10 @@ containers:
   invidious:
     keywords:
       - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
+  scrutiny:
+    action_keywords:
+      - restart:
+          regex: s6.*fatal
 global_keywords:
   keywords:
     - panic

docker-compose.yml

@@ -33,9 +33,9 @@ x-maxun: &maxun-env
     REDIS_PORT: 6379
     BACKEND_PORT: 8080
     FRONTEND_PORT: 5173
-    BACKEND_URL: http://maxun-backend:8080
+    BACKEND_URL: https://scrape.trez.wtf/api
     PUBLIC_URL: https://scrape.trez.wtf
-    VITE_BACKEND_URL: http://maxun-backend:8080
+    VITE_BACKEND_URL: https://scrape.trez.wtf/api
     VITE_PUBLIC_URL: https://scrape.trez.wtf
     MAXUN_TELEMETRY: true
     PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
@@ -179,6 +179,11 @@ services:
       APPRISE_STATEFUL_MODE: simple
     image: lscr.io/linuxserver/apprise-api:latest
     labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: apprise.trez.wtf
+      cloudflare.tunnel.service: http://apprise:8000
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Apprise
       homepage.icon: apprise.png
@@ -448,8 +453,8 @@ services:
     image: vaultwarden/server:latest
     labels:
       homepage.group: Privacy/Security
-      homepage.name: Bitwarden
-      homepage.icon: bitwarden.png
+      homepage.name: Vaultwarden
+      homepage.icon: vaultwarden.svg
       homepage.href: https://bitwarden.${MY_TLD}
       homepage.description: Credential/Information Vault
       swag: enable
@@ -708,10 +713,12 @@ services:
         - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
   crowdsec:
     container_name: crowdsec
+    depends_on:
+      - swag
     environment:
       DOCKER_HOST: tcp://dockerproxy:2375
       GID: 1000
-      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
+      BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
       COLLECTIONS: >-
         corvese/apache-guacamole
         crowdsecurity/home-assistant
@@ -744,15 +751,13 @@ services:
     security_opt:
       - no-new-privileges=true
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
+      # - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
       - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
       - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
       - ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
       - crowdsec-config:/etc/crowdsec
       - crowdsec-db:/var/lib/crowdsec/data
-      - /var/log/journal:/var/log/host:ro
+      - /var/log/journal:/var/log/host/journal:ro
       - /var/log/auth.log:/var/log/host/auth.log:ro
   crowdsec-dashboard:
     container_name: crowdsec-dashboard
@@ -788,11 +793,7 @@ services:
       - 8908:3000
     restart: always
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
-      - source: crowdsec-db
-        target: /data/
-        type: volume
-        volume: {}
+      - crowdsec-db:/data/
   cyber-chef:
     container_name: cyber-chef
     image: mpepping/cyberchef:latest
@@ -870,7 +871,7 @@ services:
     entrypoint: web-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -922,7 +923,7 @@ services:
       POSTGRES_USER: dawarich
       POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
     healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
+      test: [ "CMD-SHELL", "pg_isready -U dawarich -d dawarich" ]
       interval: 10s
       retries: 5
       start_period: 30s
@@ -954,7 +955,7 @@ services:
     entrypoint: sidekiq-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -1375,7 +1376,6 @@ services:
       cloudflare.tunnel.enable: true
       cloudflare.tunnel.hostname: git-ssh.trez.wtf
       cloudflare.tunnel.service: http://gitea:22
-      cloudflare.tunnel.zonename: trez.wtf
       cloudflare.tunnel.no_tls_verify: true
       homepage.group: Code/DevOps
       homepage.name: Gitea
@@ -3192,10 +3192,12 @@ services:
       - 8080
     image: getmaxun/maxun-backend:latest
     mem_limit: 2g   # Set a 2GB memory limit
+    ports:
+      - 8369:8080
+    restart: unless-stopped
     security_opt:
       - seccomp=unconfined  # This might help with browser sandbox issues
     shm_size: '2gb' # Increase shared memory size for Chromium
-    restart: unless-stopped
     volumes:
       - /var/run/dbus:/var/run/dbus
   maxun-frontend:
@@ -3206,6 +3208,10 @@ services:
     image: getmaxun/maxun-frontend:latest
     labels:
       swag: enable
+      swag_server_custom_directive:
+        location /api {
+              proxy_pass http://maxun-backend:8080;
+        }
       swag_proto: http
       swag_port: 5173
       swag_url: scrape.${MY_TLD}
@@ -3472,6 +3478,11 @@ services:
       PORT: 20211
     image: jokobsk/netalertx:latest
     labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: net.trez.wtf
+      cloudflare.tunnel.service: http://192.168.1.254:20211
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: NetAlertX
       homepage.href: http://192.168.1.254:20211
@@ -3948,12 +3959,12 @@ services:
       homepage.group: Downloaders
       homepage.name: qBittorrent
       homepage.href: https://qbit.${MY_TLD}
-      homepage.icon: qBittorrent.svg
-      homepage.description: qbittorrentvpn over VPN
+      homepage.icon: qbittorrent.svg
+      homepage.description: Fast and stable torrent client
       homepage.widget.type: qbittorrent
       homepage.widget.url: http://qbittorrentvpn:8080
       homepage.widget.user: admin
-      homepage.widget.password: "${DELUGEVPN_PASSWORD}"
+      homepage.widget.password: ${DELUGEVPN_PASSWORD}
       swag: enable
       swag_port: 8080
       swag_proto: http
@@ -4442,7 +4453,7 @@ services:
       cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Scrutiny
-      homepage.href: http://192.168.1.254:8909
+      homepage.href: https://smartd.trez.wtf
       homepage.icon: scrutiny.png
       homepage.description: WebUI for smartd S.M.A.R.T monitoring
       homepage.widget.type: scrutiny
@@ -4940,7 +4951,7 @@ services:
       TZ: America/New_York
       URL: trez.wtf
       VALIDATION: dns
-      CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
+      CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
       CROWDSEC_LAPI_URL: http://crowdsec:8080
       DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma
       INSTALL_PACKAGES: nginx-mod-http-js