bunkerweb-deployment Auto Merge

Merged by Trez.One

.gitea/workflows/deployment.yml

@@ -30,11 +30,11 @@ jobs:
         with:
           url: ${{ gitea.server_url }}
           token: ${{ secrets.BOT_GITEA_TOKEN }}
-          assignee: ${{ gitea.actor }}
+          pr-label: 'auto-deploy-pr'
 
   docker-compose-test:
     name: Docker Compose Test
-    needs: [create-pr]
+    needs: [check-and-create-pr]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -56,10 +56,64 @@ jobs:
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
 
+  cloudflare-dns-setup:
+    name: Cloudflare DNS Setup
+    needs: [docker-compose-test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install jq
+        uses: dcarbone/install-jq-action@v3.0.1
+
+      - name: Install yq
+        uses: dcarbone/install-yq-action@v1
+      
+      - name: Install flarectl
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
+          name: 'flarectl'
+          version: '0.113.0'
+
+      - name: Grab Subdomains from Docker Compose & Cloudflare
+        id: grab-subdomains
+        env:
+          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
+        run: |
+          echo "Grabbing subdomains from docker-compose.yml..."
+          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
+          echo "Grabbing subdomains from Cloudflare..."
+          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
+          
+      - name: Compare Subdomains
+        id: compare-subdomains
+        uses: LouisBrunner/diff-action@v2.2.0
+        with:
+          old: compose_subdomains.txt
+          new: cloudflare_subdomains.txt
+          mode: addition
+          tolerance: mixed-better
+          output: domain_compare.txt
+
+      - name: Create Subdomains
+        if: steps.compare-subdomains.outputs.output != ''
+        env:
+          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
+        run: |
+          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
+            echo "Creating $subdomain.trez.wtf..."
+            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf"
+          done
+
   merge-pr:
     name: PR Merge
     runs-on: ubuntu-latest
-    needs: [docker-compose-test]
+    if: ${{ always() }}
+    needs: [cloudflare-dns-setup]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -70,6 +124,5 @@ jobs:
           chmod +x /usr/local/bin/tea
           echo "Merging PR..."
           tea login add --name gitea-rinoa --url ${{ vars.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          echo ${{ gitea.ref_name }}
           pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
           tea pr m --repo ${{ github.repository }} --title "${{ github.ref_name }} Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}

docker-compose.yml

@@ -503,6 +503,53 @@ services:
     networks:
       default: null
     restart: unless-stopped
+  bunkerweb:
+    container_name: bunkerweb
+    environment:
+      SERVER_NAME: www.trez.wtf
+      API_WHITELIST_IP: 172.18.0.0/16 192.168.1.0/24
+      USE_REAL_IP: yes
+      REAL_IP_FROM: 172.18.0.0/16
+      REAL_IP_HEADER: X-Forwarded-For
+    expose:
+      - 8080
+      - 8443
+    image: bunkerity/bunkerweb:latest
+    labels:
+      bunkerweb.INSTANCE: yes
+  bunkerweb-scheduler:
+    container_name: bunkerweb-scheduler
+    depends_on:
+      - bunkerweb
+      - docker-socket-proxy
+    environment:
+      DOCKER_HOST: tcp://dockerproxy:2375
+    image: bunkerity/bunkerweb-scheduler:latest
+    volumes:
+      - bunkerweb-data:/data
+  bunkerweb-ui:
+    container_name: bunkerweb-ui
+    depends_on:
+      - bunkerweb
+      - docker-socket-proxy
+    environment:
+      DOCKER_HOST: tcp://dockerproxy:2375
+    expose:
+      - 7000
+    image: bunkerity/bunkerweb-ui:latest
+    labels:
+      homepage.group: Privacy/Security
+      homepage.name: Bunkerweb
+      homepage.href: https://bunker.${MY_TLD}
+      homepage.icon: bunker.svg
+      homepage.description: Next-gen WAF
+      swag: enable
+      swag_port: 7000
+      swag_url: bunker.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD}
+    volumes:
+      - bunkerweb-data:/data
   castopod:
     container_name: castopod
     depends_on:
@@ -691,7 +738,7 @@ services:
       homepage.group: System Administration
       homepage.name: Czkawka
       homepage.href: https://czkawka.${MY_TLD}
-      homepage.icon: sh-czkawka.png
+      homepage.icon: /icons/czkawka.png
       homepage.description: Smart file management
       swag: enable
       swag_port: 5800
@@ -1104,7 +1151,7 @@ services:
       GITEA__mailer__SMTP_PORT: 25
       GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
       GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
-    image: gitea/gitea:1.22.2
+    image: gitea/gitea:1.22.6
     labels:
       homepage.group: Code/DevOps
       homepage.name: Gitea
@@ -3008,58 +3055,6 @@ services:
         type: bind
         bind:
           create_host_path: true
-  mastodon:
-    container_name: mastodon
-    environment:
-      PUID: ${PUID}
-      PGID: ${PGID}
-      TZ: ${TZ}
-      LOCAL_DOMAIN: trez.wtf
-      REDIS_HOST: redis
-      REDIS_PORT: 6379
-      DB_HOST: mastodon-pg-db
-      DB_USER: mastodon
-      DB_NAME: mastodon
-      DB_PASS: ${MASTODON_PG_DB_PASSWORD}
-      DB_PORT: 5432
-      ES_ENABLED: false
-      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: 
-      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: 
-      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 
-      SECRET_KEY_BASE: 
-      OTP_SECRET: 
-      VAPID_PRIVATE_KEY: 
-      VAPID_PUBLIC_KEY: 
-      SMTP_SERVER: postal-smtp
-      SMTP_PORT: 25
-      SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER}
-      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
-      SMTP_FROM_ADDRESS: noreply@trez.wtf
-      S3_ENABLED: true
-      S3_BUCKET: mastodon
-      AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
-      AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
-    image: lscr.io/linuxserver/mastodon:latest
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_port: 5678
-      swag_url: mastodon.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD}
-      homepage.group: Social
-      homepage.name: Mastodon
-      homepage.href: https://mastodon.${MY_TLD}
-      homepage.icon: mastodon.svg
-      homepage.description: Open-source social network
-      homepage.widget.type: mastodon
-      homepage.widget.url: http://mastodon
-    ports:
-      - 9044:80
-      - 3444:443
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/mastodon:/config
   mastodon-pg-db:
     container_name: mastodon-pg-db
     environment:
@@ -4405,7 +4400,7 @@ services:
       homepage.group: Servarr Stack
       homepage.name: Sonashow
       homepage.href: https://sonashow.${MY_TLD}
-      homepage.icon: sh-sonashow.png
+      homepage.icon: /icons/sonashow.png
       homepage.description: TV show discovery based on library/tastes
       swag: enable
       swag_auth: authelia
@@ -4452,7 +4447,7 @@ services:
       homepage.group: Downloaders
       homepage.description: Modern client-server application for the Soulseek file-sharing network.
       homepage.href: https://slsk.${MY_TLD}
-      homepage.icon: sh-slskd.svg
+      homepage.icon: /icons/slskd.png
       swag: enable
       swag_proto: http
       swag_url: slsk.${MY_TLD}
@@ -6481,7 +6476,7 @@ services:
       homepage.group: System Administration
       homepage.name: WhoDB
       homepage.href: https://dbs.${MY_TLD}
-      homepage.icon: sh-whodb.png
+      homepage.icon: /icons/whodb.png
       homepage.description: Web-based DB management
       swag: enable
       swag_proto: http
@@ -6982,6 +6977,8 @@ volumes:
     name: authelia-pg-db
   bitmagnet-pg-db:
     name: bitmagnet-pg-db
+  bunkerweb-data:
+    name: bunkerweb-data
   castopod-media:
     name: castopod-media
   crowdsec-config:
@@ -7036,10 +7033,6 @@ volumes:
     name: localai_data
   mastodon-pg-db:
     name: mastodon-pg-db
-  meshcentral-data:
-  meshcentral-user_files:
-  meshcentral-backup:
-  meshcentral-web:
   mongodb_config:
     name: mongo1_config
   mongodb_data: