Compare commits

...

26 Commits

Author SHA1 Message Date
Trez.One 319f9de326 Adding Signoz configs.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 7m1s
Gitea Branch PR & Ansible Deployment / Docker Compose & Ansible Lints (push) Failing after 14m56s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 4m45s
Gitea Branch PR & Ansible Deployment / Ansible Configs & Docker Compose Deployment (push) Failing after 7m45s
2025-06-10 08:16:29 -04:00
Trez.One c461393b09 Aduard SWAG and Homepage label fixes.
Auto-Unseal for Vault / Unseal Vault (push) Failing after 12m35s
2025-06-09 08:20:00 -04:00
Trez.One 1e7d183877 AdGuard Home Jinja template. 2025-06-09 08:05:26 -04:00
gitea-sonarqube-bot 1e4ad6ac1a Auto Merge of PR 58 - zammad-replacement-with-freescout
Auto-Unseal for Vault / Unseal Vault (push) Failing after 8s
Merged by Trez.One
2025-06-08 06:40:16 -04:00
Trez.One 0aec31eca2 chore: Update README 2025-06-08 10:38:22 +00:00
Trez.One 3e0d2963a5 AdGuard Home - network_mode modifications. 2025-06-08 05:13:40 -04:00
Trez.One 0a49f05410 Adding Jinja template for AdGuard Home.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Waiting to run
Gitea Branch PR & Ansible Deployment / Docker Compose & Ansible Lints (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / Ansible Configs & Docker Compose Deployment (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Successful in 4m24s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Successful in 3m48s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 4m49s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Dry Run (push) Failing after 18s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Successful in 33s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Deployment (push) Failing after 51m28s
2025-06-07 09:43:27 -04:00
Trez.One 51cdb74265 Adding image tag for FreeScout. 2025-06-07 09:43:27 -04:00
Trez.One a5480f20f4 Link fix.
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Failing after 12m43s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README & Generate List of Modified Services (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Deployment (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Dry Run (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled
2025-06-06 18:34:34 -04:00
Trez.One cd174158f2 Adding FreeScout in place of Zammad. 2025-06-06 16:02:58 -04:00
Trez.One 35cce79dd7 Removing Netbird volumes. 2025-05-29 10:35:26 -04:00
Trez.One 2fc16ad610 Removing HortusFox volumes. 2025-05-29 10:13:55 -04:00
Trez.One 75f1098691 Added volume mappings. 2025-05-29 09:52:45 -04:00
Trez.One c5213b50a1 Renaming FreeScout service. 2025-05-29 09:07:38 -04:00
Trez.One 03f6a061b7 Merge remote-tracking branch 'refs/remotes/origin/main' 2025-05-29 09:06:42 -04:00
Trez.One 38b0b89562 Removing Netbird volumes. 2025-05-29 09:06:27 -04:00
Trez.One 17b50c1445 Replacing Zammad with FreeScout. 2025-05-29 08:37:41 -04:00
Trez.One 3fb2a2aea5 Gitea Runner env fix. 2025-05-28 11:57:06 -04:00
Trez.One fedb88af3b Modifying custom registry login for Docker Compose flow.
Auto-Unseal for Vault / Unseal Vault (push) Failing after 12m55s
2025-05-27 10:05:34 -04:00
Trez.One 767bb535cc Modifying custom registry login for Docker Compose flow. 2025-05-27 10:05:07 -04:00
Trez.One fc4d075e16 Healthcheck tweak for Maxun. 2025-05-27 08:51:05 -04:00
Trez.One 76fa75c4c7 Env var PUBLIC_URL fix for Maxun. 2025-05-27 08:49:37 -04:00
Trez.One 465823d215 Downgrading Postgres version for Maxun. 2025-05-27 08:24:55 -04:00
Trez.One e3975a83c5 Immich server label fix. 2025-05-27 06:45:06 -04:00
gitea-sonarqube-bot e4d2ca2e2d Auto Merge of PR 57 - replace-scraperr-maxun-deployment
Auto-Unseal for Vault / Unseal Vault (push) Has been cancelled
Merged by Trez.One
2025-05-26 09:25:22 -04:00
Trez.One 3519ca207a chore: Update README 2025-05-26 13:24:47 +00:00
13 changed files with 1781 additions and 216 deletions
@@ -75,7 +75,7 @@ jobs:
git fetch origin ${{ github.event.pull_request.base.ref }} git fetch origin ${{ github.event.pull_request.base.ref }}
- name: Login to Gitea Container Registry - name: Login to Gitea Container Registry
run: | run: |
docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_TOKEN }} https://git.trez.wtf docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_PASSWORD }} git.trez.wtf
- name: Save both versions of docker-compose.yml - name: Save both versions of docker-compose.yml
run: | run: |
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -318,7 +318,7 @@ jobs:
uses: cpanato/vault-installer@main uses: cpanato/vault-installer@main
- name: Login to Gitea Container Registry - name: Login to Gitea Container Registry
run: | run: |
docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_TOKEN }} http://gitea:3000 docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_PASSWORD }} git.trez.wtf
- name: Gotify Notification - name: Gotify Notification
uses: eikendev/gotify-action@master uses: eikendev/gotify-action@master
with: with:
+5 -13
View File
@@ -36,6 +36,7 @@
| explo | ghcr.io/lumepart/explo:latest | | explo | ghcr.io/lumepart/explo:latest |
| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main | | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest | | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
| freescout | tiredofit/freescout:latest |
| ghost | ghost:latest | | ghost | ghost:latest |
| gitea | gitea/gitea:1.23.1 | | gitea | gitea/gitea:1.23.1 |
| gitea-db | postgres:14 | | gitea-db | postgres:14 |
@@ -85,8 +86,11 @@
| mariadb | linuxserver/mariadb | | mariadb | linuxserver/mariadb |
| mastodon | lscr.io/linuxserver/mastodon:latest | | mastodon | lscr.io/linuxserver/mastodon:latest |
| mastodon-pg-db | postgres:17-alpine | | mastodon-pg-db | postgres:17-alpine |
| maxun-backend | getmaxun/maxun-backend:latest |
| maxun-frontend | getmaxun/maxun-frontend:latest |
| maxun-pg-db | postgres:13-alpine |
| meilisearch | getmeili/meilisearch:v1.12.3 | | meilisearch | getmeili/meilisearch:v1.12.3 |
| minio | minio/minio | | minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
| mixpost | inovector/mixpost:latest | | mixpost | inovector/mixpost:latest |
| mongodb | bitnami/mongodb:7.0 | | mongodb | bitnami/mongodb:7.0 |
| multi-scrobbler | foxxmd/multi-scrobbler | | multi-scrobbler | foxxmd/multi-scrobbler |
@@ -122,8 +126,6 @@
| romm | rommapp/romm:latest | | romm | rommapp/romm:latest |
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest | | sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
| sablier | sablierapp/sablier:latest | | sablier | sablierapp/sablier:latest |
| scraperr | jpyles0524/scraperr:latest |
| scraperr-api | jpyles0524/scraperr_api:latest |
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus | | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
| searxng | searxng/searxng:latest | | searxng | searxng/searxng:latest |
| semaphore | semaphoreui/semaphore:v2.12.14 | | semaphore | semaphoreui/semaphore:v2.12.14 |
@@ -147,14 +149,4 @@
| web-check | lissy93/web-check | | web-check | lissy93/web-check |
| whodb | clidey/whodb | | whodb | clidey/whodb |
| youtubedl | nbr23/youtube-dl-server:latest | | youtubedl | nbr23/youtube-dl-server:latest |
| zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
| zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
| zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
| zammad-memcached | memcached:1.6.38-alpine |
| zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
| zammad-postgresql | postgres:17.4-alpine |
| zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
| zammad-redis | redis:7.4.2-alpine |
| zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
| zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
+199
View File
@@ -0,0 +1,199 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:8008
session_ttl: 720h
users:
- name: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_BCRYPT'] }}
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 53
anonymize_client_ip: false
ratelimit: 20
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 94.140.14.14
- 94.140.15.15
- https://dns.adguard-dns.com/dns-query
- tls://dns.adguard-dns.com
- quic://dns.adguard-dns.com
- 1.1.1.1
- 1.0.0.1
- 1.1.1.2
- 1.0.0.2
- 185.228.168.9
- 185.228.169.9
- 76.76.2.3
- tls://getdnsapi.net
- 185.49.141.37
- tls://dot.seby.io
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
fallback_dns: []
upstream_mode: load_balance
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: false
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
pending_requests:
enabled: true
tls:
enabled: true
server_name: ""
force_https: false
port_https: 446
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
private_key_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 24h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: 192.168.1.1
subnet_mask: 255.255.255.0
range_start: 192.168.1.2
range_end: 192.168.1.240
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: America/New_York
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /opt/adguardhome/work/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: false
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29
@@ -0,0 +1,75 @@
<?xml version="1.0"?>
<clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
Optional. If you don't use replicated tables, you could omit that.
See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
-->
<zookeeper>
<node index="1">
<host>zookeeper-1</host>
<port>2181</port>
</node>
<node index="2">
<host>zookeeper-2</host>
<port>2181</port>
</node>
<node index="3">
<host>zookeeper-3</host>
<port>2181</port>
</node>
</zookeeper>
<!-- Configuration of clusters that could be used in Distributed tables.
https://clickhouse.com/docs/en/operations/table_engines/distributed/
-->
<remote_servers>
<cluster>
<!-- Inter-server per-cluster secret for Distributed queries
default: no secret (no authentication will be performed)
If set, then Distributed queries will be validated on shards, so at least:
- such cluster should exist on the shard,
- such cluster should have the same secret.
And also (and which is more important), the initial_user will
be used as current user for the query.
Right now the protocol is pretty simple and it only takes into account:
- cluster name
- query
Also it will be nice if the following will be implemented:
- source hostname (see interserver_http_host), but then it will depends from DNS,
it can use IP address instead, but then the you need to get correct on the initiator node.
- target hostname / ip address (same notes as for source hostname)
- time-based security tokens
-->
<!-- <secret></secret> -->
<shard>
<!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
<!-- <internal_replication>false</internal_replication> -->
<!-- Optional. Shard weight when writing data. Default: 1. -->
<!-- <weight>1</weight> -->
<replica>
<host>clickhouse</host>
<port>9000</port>
<!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
<!-- <priority>1</priority> -->
</replica>
</shard>
<shard>
<replica>
<host>clickhouse-2</host>
<port>9000</port>
</replica>
</shard>
<shard>
<replica>
<host>clickhouse-3</host>
<port>9000</port>
</replica>
</shard>
</cluster>
</remote_servers>
</clickhouse>
@@ -0,0 +1,75 @@
<?xml version="1.0"?>
<clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
Optional. If you don't use replicated tables, you could omit that.
See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
-->
<zookeeper>
<node index="1">
<host>zookeeper-1</host>
<port>2181</port>
</node>
<!-- <node index="2">
<host>zookeeper-2</host>
<port>2181</port>
</node>
<node index="3">
<host>zookeeper-3</host>
<port>2181</port>
</node> -->
</zookeeper>
<!-- Configuration of clusters that could be used in Distributed tables.
https://clickhouse.com/docs/en/operations/table_engines/distributed/
-->
<remote_servers>
<cluster>
<!-- Inter-server per-cluster secret for Distributed queries
default: no secret (no authentication will be performed)
If set, then Distributed queries will be validated on shards, so at least:
- such cluster should exist on the shard,
- such cluster should have the same secret.
And also (and which is more important), the initial_user will
be used as current user for the query.
Right now the protocol is pretty simple and it only takes into account:
- cluster name
- query
Also it will be nice if the following will be implemented:
- source hostname (see interserver_http_host), but then it will depends from DNS,
it can use IP address instead, but then the you need to get correct on the initiator node.
- target hostname / ip address (same notes as for source hostname)
- time-based security tokens
-->
<!-- <secret></secret> -->
<shard>
<!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
<!-- <internal_replication>false</internal_replication> -->
<!-- Optional. Shard weight when writing data. Default: 1. -->
<!-- <weight>1</weight> -->
<replica>
<host>clickhouse</host>
<port>9000</port>
<!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
<!-- <priority>1</priority> -->
</replica>
</shard>
<!-- <shard>
<replica>
<host>clickhouse-2</host>
<port>9000</port>
</replica>
</shard>
<shard>
<replica>
<host>clickhouse-3</host>
<port>9000</port>
</replica>
</shard> -->
</cluster>
</remote_servers>
</clickhouse>
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,21 @@
<functions>
<function>
<type>executable</type>
<name>histogramQuantile</name>
<return_type>Float64</return_type>
<argument>
<type>Array(Float64)</type>
<name>buckets</name>
</argument>
<argument>
<type>Array(Float64)</type>
<name>counts</name>
</argument>
<argument>
<type>Float64</type>
<name>quantile</name>
</argument>
<format>CSV</format>
<command>./histogramQuantile</command>
</function>
</functions>
@@ -0,0 +1,41 @@
<?xml version="1.0"?>
<clickhouse>
<storage_configuration>
<disks>
<default>
<keep_free_space_bytes>10485760</keep_free_space_bytes>
</default>
<s3>
<type>s3</type>
<!-- For S3 cold storage,
if region is us-east-1, endpoint can be https://<bucket-name>.s3.amazonaws.com
if region is not us-east-1, endpoint should be https://<bucket-name>.s3-<region>.amazonaws.com
For GCS cold storage,
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
-->
<endpoint>https://BUCKET-NAME.s3-REGION-NAME.amazonaws.com/data/</endpoint>
<access_key_id>ACCESS-KEY-ID</access_key_id>
<secret_access_key>SECRET-ACCESS-KEY</secret_access_key>
<!-- In case of S3, uncomment the below configuration in case you want to read
AWS credentials from the Environment variables if they exist. -->
<!-- <use_environment_credentials>true</use_environment_credentials> -->
<!-- In case of GCS, uncomment the below configuration, since GCS does
not support batch deletion and result in error messages in logs. -->
<!-- <support_batch_delete>false</support_batch_delete> -->
</s3>
</disks>
<policies>
<tiered>
<volumes>
<default>
<disk>default</disk>
</default>
<s3>
<disk>s3</disk>
<perform_ttl_move_on_insert>0</perform_ttl_move_on_insert>
</s3>
</volumes>
</tiered>
</policies>
</storage_configuration>
</clickhouse>
@@ -0,0 +1,123 @@
<?xml version="1.0"?>
<clickhouse>
<!-- See also the files in users.d directory where the settings can be overridden. -->
<!-- Profiles of settings. -->
<profiles>
<!-- Default settings. -->
<default>
<!-- Maximum memory usage for processing single query, in bytes. -->
<max_memory_usage>10000000000</max_memory_usage>
<!-- How to choose between replicas during distributed query processing.
random - choose random replica from set of replicas with minimum number of errors
nearest_hostname - from set of replicas with minimum number of errors, choose replica
with minimum number of different symbols between replica's hostname and local hostname
(Hamming distance).
in_order - first live replica is chosen in specified order.
first_or_random - if first replica one has higher number of errors, pick a random one from replicas with minimum number of errors.
-->
<load_balancing>random</load_balancing>
</default>
<!-- Profile that allows only read queries. -->
<readonly>
<readonly>1</readonly>
</readonly>
</profiles>
<!-- Users and ACL. -->
<users>
<!-- If user name was not specified, 'default' user is used. -->
<default>
<!-- See also the files in users.d directory where the password can be overridden.
Password could be specified in plaintext or in SHA256 (in hex format).
If you want to specify password in plaintext (not recommended), place it in 'password' element.
Example: <password>qwerty</password>.
Password could be empty.
If you want to specify SHA256, place it in 'password_sha256_hex' element.
Example: <password_sha256_hex>65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5</password_sha256_hex>
Restrictions of SHA256: impossibility to connect to ClickHouse using MySQL JS client (as of July 2019).
If you want to specify double SHA1, place it in 'password_double_sha1_hex' element.
Example: <password_double_sha1_hex>e395796d6546b1b65db9d665cd43f0e858dd4303</password_double_sha1_hex>
If you want to specify a previously defined LDAP server (see 'ldap_servers' in the main config) for authentication,
place its name in 'server' element inside 'ldap' element.
Example: <ldap><server>my_ldap_server</server></ldap>
If you want to authenticate the user via Kerberos (assuming Kerberos is enabled, see 'kerberos' in the main config),
place 'kerberos' element instead of 'password' (and similar) elements.
The name part of the canonical principal name of the initiator must match the user name for authentication to succeed.
You can also place 'realm' element inside 'kerberos' element to further restrict authentication to only those requests
whose initiator's realm matches it.
Example: <kerberos />
Example: <kerberos><realm>EXAMPLE.COM</realm></kerberos>
How to generate decent password:
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
In first line will be password and in second - corresponding SHA256.
How to generate double SHA1:
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
In first line will be password and in second - corresponding double SHA1.
-->
<password></password>
<!-- List of networks with open access.
To open access from everywhere, specify:
<ip>::/0</ip>
To open access only from localhost, specify:
<ip>::1</ip>
<ip>127.0.0.1</ip>
Each element of list has one of the following forms:
<ip> IP-address or network mask. Examples: 213.180.204.3 or 10.0.0.1/8 or 10.0.0.1/255.255.255.0
2a02:6b8::3 or 2a02:6b8::3/64 or 2a02:6b8::3/ffff:ffff:ffff:ffff::.
<host> Hostname. Example: server01.clickhouse.com.
To check access, DNS query is performed, and all received addresses compared to peer address.
<host_regexp> Regular expression for host names. Example, ^server\d\d-\d\d-\d\.clickhouse\.com$
To check access, DNS PTR query is performed for peer address and then regexp is applied.
Then, for result of PTR query, another DNS query is performed and all received addresses compared to peer address.
Strongly recommended that regexp is ends with $
All results of DNS requests are cached till server restart.
-->
<networks>
<ip>::/0</ip>
</networks>
<!-- Settings profile for user. -->
<profile>default</profile>
<!-- Quota for user. -->
<quota>default</quota>
<!-- User can create other users and grant rights to them. -->
<!-- <access_management>1</access_management> -->
</default>
</users>
<!-- Quotas. -->
<quotas>
<!-- Name of quota. -->
<default>
<!-- Limits for time interval. You could specify many intervals with different limits. -->
<interval>
<!-- Length of interval. -->
<duration>3600</duration>
<!-- No limits. Just calculate resource usage for time interval. -->
<queries>0</queries>
<errors>0</errors>
<result_rows>0</result_rows>
<read_rows>0</read_rows>
<execution_time>0</execution_time>
</interval>
</default>
</quotas>
</clickhouse>
@@ -0,0 +1 @@
server_endpoint: ws://signoz:4320/v1/opamp
@@ -0,0 +1 @@
server_endpoint: ws://signoz:4320/v1/opamp
@@ -0,0 +1,25 @@
# my global config
global:
scrape_interval: 5s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
- alertmanager:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files: []
# - "first_rules.yml"
# - "second_rules.yml"
# - 'alerts.yml'
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs: []
remote_read:
- url: tcp://clickhouse:9000/signoz_metrics
+71 -201
View File
@@ -21,65 +21,6 @@ x-app-common: &jitsi_admin_app
PHP_INI_MEMORY_LIMIT: "1G" PHP_INI_MEMORY_LIMIT: "1G"
PHP_EXTENSION_LDAP: 1 PHP_EXTENSION_LDAP: 1
PHP_EXTENSION_INTL: 1 PHP_EXTENSION_INTL: 1
x-shared:
zammad-service: &zammad-service
environment: &zammad-environment
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS:-zammad-memcached:11211}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST:-zammad-postgresql}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS:-zammad}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT:-5432}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS:-?pool=50}
POSTGRESQL_DB_CREATE:
REDIS_URL: ${ZAMMAD_REDIS_URL:-redis://zammad-redis:6379}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad-storage-bucket?region=us-east-fh-pln&force_path_style=true
# Backup settings
BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}"
BACKUP_TIME: "${BACKUP_TIME:-03:00}"
HOLD_DAYS: "${HOLD_DAYS:-7}"
TZ: "${TZ:-Europe/Berlin}"
# Allow passing in these variables via .env:
AUTOWIZARD_JSON:
AUTOWIZARD_RELATIVE_PATH:
ELASTICSEARCH_ENABLED: false
ELASTICSEARCH_SCHEMA:
ELASTICSEARCH_HOST:
ELASTICSEARCH_PORT:
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-elastic}
ELASTICSEARCH_PASS: ${ELASTICSEARCH_PASS:-zammad}
ELASTICSEARCH_NAMESPACE:
ELASTICSEARCH_REINDEX:
NGINX_PORT:
NGINX_EXPOSE_PORT: 15257
NGINX_CLIENT_MAX_BODY_SIZE:
NGINX_SERVER_NAME:
NGINX_SERVER_SCHEME:
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
ZAMMAD_HTTP_TYPE:
ZAMMAD_FQDN:
ZAMMAD_WEB_CONCURRENCY:
ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS:
ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS:
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
# ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead.
ZAMMAD_SESSION_JOBS_CONCURRENT:
# Variables used by ngingx-proxy container for reverse proxy creations
# for docs refer to https://github.com/nginx-proxy/nginx-proxy
VIRTUAL_HOST:
VIRTUAL_PORT:
# Variables used by acme-companion for retrieval of LetsEncrypt certificate
# for docs refer to https://github.com/nginx-proxy/acme-companion
LETSENCRYPT_HOST:
LETSENCRYPT_EMAIL:
image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.0-15}
restart: ${RESTART:-always}
volumes:
- zammad-storage:/opt/zammad/storage
depends_on:
- zammad-memcached
- zammad-postgresql
- zammad-redis
x-maxun: &maxun-env x-maxun: &maxun-env
environment: environment:
NODE_ENV: production NODE_ENV: production
@@ -101,9 +42,9 @@ x-maxun: &maxun-env
BACKEND_PORT: 8080 BACKEND_PORT: 8080
FRONTEND_PORT: 5173 FRONTEND_PORT: 5173
BACKEND_URL: http://maxun-backend:8080 BACKEND_URL: http://maxun-backend:8080
PUBLIC_URL: http://maxun-frontend:5173 PUBLIC_URL: https://scrape.trez.wtf
VITE_BACKEND_URL: http://maxun-backend:8080 VITE_BACKEND_URL: http://maxun-backend:8080
VITE_PUBLIC_URL: http://maxun-frontend:5173 VITE_PUBLIC_URL: https://scrape.trez.wtf
MAXUN_TELEMETRY: true MAXUN_TELEMETRY: true
PLAYWRIGHT_BROWSERS_PATH: /ms-playwright PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 0 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 0
@@ -138,6 +79,8 @@ services:
volumes: volumes:
- ${DOCKER_VOLUME_CONFIG}/actual-budget:/data - ${DOCKER_VOLUME_CONFIG}/actual-budget:/data
adguard: adguard:
cap_add:
- NET_BIND_SERVICE
container_name: adguard container_name: adguard
environment: environment:
TZ: ${TZ} TZ: ${TZ}
@@ -145,6 +88,8 @@ services:
labels: labels:
swag: enable swag: enable
swag_proto: http swag_proto: http
swag_port: 8008
swag_address: 192.168.1.254
swag_url: adgh.${MY_TLD} swag_url: adgh.${MY_TLD}
homepage.group: System Administration homepage.group: System Administration
homepage.name: AdGuard Home homepage.name: AdGuard Home
@@ -152,18 +97,19 @@ services:
homepage.href: https://adgh.${MY_TLD} homepage.href: https://adgh.${MY_TLD}
homepage.description: Ad-blocking/DNS homepage.description: Ad-blocking/DNS
homepage.widget.type: adguard homepage.widget.type: adguard
homepage.widget.url: http://adguard:80 homepage.widget.url: http://192.168.1.254:8008
homepage.widget.username: admin homepage.widget.username: admin
homepage.widget.password: ${ADGUARD_PASSWORD} homepage.widget.password: ${ADGUARD_PASSWORD}
ports: network_mode: host
- "192.168.1.254:53:53/udp" # ports:
- "192.168.1.254:53:53/tcp" # - "192.168.1.254:53:53/udp"
- 3001:3000 # - "192.168.1.254:53:53/tcp"
- "192.168.1.254:446:443/tcp" # - 3001:3000
- 8008:80 # - "192.168.1.254:446:443/tcp"
- "192.168.1.254:853:853/tcp" # - 8008:80
- 67:67 # - "192.168.1.254:853:853/tcp"
- 688:68 # - 67:67
# - 688:68
restart: unless-stopped restart: unless-stopped
user: 1000:1000 user: 1000:1000
volumes: volumes:
@@ -1204,6 +1150,53 @@ services:
source: /rinoa-storage source: /rinoa-storage
target: /storage target: /storage
type: bind type: bind
freescout:
container_name: freescout
depends_on:
mariadb:
condition: service_started
required: true
environment:
ADMIN_EMAIL: it-services@${MY_TLD}
ADMIN_FIRST_NAME: Treasured
ADMIN_LAST_NAME: IT
ADMIN_PASS: ${FREESCOUT_ADMIN_PASS}
APP_TRUSTED_PROXIES: 172.18.0.0/16,192.168.1.0/24
DB_TYPE: mysql
DB_HOST: mariadb
DB_PORT: 3306
DB_NAME: freescout
DB_USER: freescout
DB_PASS: ${FREESCOUT_DB_PASS}
DB_SSL: FALSE
DISPLAY_ERRORS: TRUE
ENABLE_AUTO_UPDATE: TRUE
SETUP_TYPE: AUTO
SITE_URL: https://support.${MY_TLD}
SKIP_STORAGE_PERMISSIONS: FALSE
TIMEZONE: ${TZ}
image: tiredofit/freescout:latest
labels:
homepage.group: Lifestyle
homepage.name: FreeScout
homepage.icon: sh-freescout.svg
homepage.href: https://support.${MY_TLD}
homepage.description: Lightweight help desk and shared inbox
swag: enable
swag_proto: http
swag_url: support.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
swag.uptime-kuma.monitor.interval: 300
ports:
- 59095:80
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/freescout/assets/modules:/assets/modules
- ${DOCKER_VOLUME_CONFIG}/freescout/assets/custom:/assets/custom
- ${DOCKER_VOLUME_CONFIG}/freescout/assets/custom-scripts:/assets/custom-scripts
- ${DOCKER_VOLUME_CONFIG}/freescout/data:/www/html
- ${DOCKER_VOLUME_CONFIG}/freescout/logs/:/www/logs
ghost: ghost:
container_name: ghost_blog container_name: ghost_blog
depends_on: depends_on:
@@ -1336,7 +1329,7 @@ services:
environment: environment:
CONFIG_FILE: /config.yaml CONFIG_FILE: /config.yaml
DOCKER_HOST: tcp://dockerproxy:2375 DOCKER_HOST: tcp://dockerproxy:2375
GITEA_INSTANCE_URL: https://git.trez.wtf GITEA_INSTANCE_URL: http://gitea:3000
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
GITEA_RUNNER_NAME: "gitea-runner-1" GITEA_RUNNER_NAME: "gitea-runner-1"
image: gitea/act_runner:latest image: gitea/act_runner:latest
@@ -1633,7 +1626,7 @@ services:
swag_proto: http swag_proto: http
swag_port: 2283 swag_port: 2283
swag_url: pics.${MY_TLD} swag_url: pics.${MY_TLD}
swag_server_custom_directive:
location /share { location /share {
proxy_pass http://immich-public-proxy:3000; proxy_pass http://immich-public-proxy:3000;
} }
@@ -2691,6 +2684,8 @@ services:
container_name: librechat-rag-api container_name: librechat-rag-api
depends_on: depends_on:
- librechat-vectordb - librechat-vectordb
# env_file:
# - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env
environment: environment:
DB_HOST: librechat-vectordb DB_HOST: librechat-vectordb
OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY} OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
@@ -2703,8 +2698,6 @@ services:
RAG_PORT: 8000 RAG_PORT: 8000
image: ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest image: ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest
restart: always restart: always
# env_file:
# - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env
libretranslate: libretranslate:
container_name: libretranslate container_name: libretranslate
# command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500 # command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500
@@ -3119,7 +3112,7 @@ services:
restart: unless-stopped restart: unless-stopped
maxun-pg-db: maxun-pg-db:
container_name: maxun-pg-db container_name: maxun-pg-db
image: postgres:17-alpine image: postgres:13-alpine
environment: environment:
POSTGRES_USER: maxun POSTGRES_USER: maxun
POSTGRES_PASSWORD: ${MAXUN_DB_PASSWORD} POSTGRES_PASSWORD: ${MAXUN_DB_PASSWORD}
@@ -3127,7 +3120,7 @@ services:
expose: expose:
- 5432 - 5432
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"] test: ["CMD-SHELL", "pg_isready -U maxun"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
@@ -5071,12 +5064,6 @@ services:
swag_proto: http swag_proto: http
swag_url: scan.${MY_TLD} swag_url: scan.${MY_TLD}
swag_port: 3000 swag_port: 3000
swag_server_custom_directive: |
include /config/nginx/sablier-server.conf;
location / {
proxy_pass http://immich-public-proxy:3000;
}
swag.uptime-kuma.enabled: true swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://scan.${MY_TLD} swag.uptime-kuma.monitor.url: https://scan.${MY_TLD}
swag.uptime-kuma.monitor.interval: 300 swag.uptime-kuma.monitor.interval: 300
@@ -5231,95 +5218,6 @@ services:
source: /rinoa-storage source: /rinoa-storage
target: /storage target: /storage
type: bind type: bind
zammad-backup:
<<: *zammad-service
container_name: zammad-backup
command: ["zammad-backup"]
volumes:
- zammad-backup:/var/tmp/zammad
- zammad-storage:/opt/zammad/storage:ro
user: 0:0
zammad-elasticsearch:
container_name: zammad-elasticsearch
image: bitnami/elasticsearch:${ELASTICSEARCH_VERSION:-8.17.4}
restart: ${RESTART:-always}
profiles:
- do-not-start
volumes:
- zammad-elasticsearch-data:/bitnami/elasticsearch/data
environment:
# Enable authorization without HTTPS. For external access with
# SSL termination, use solutions like nginx-proxy-manager.
ELASTICSEARCH_ENABLE_SECURITY: 'true'
ELASTICSEARCH_SKIP_TRANSPORT_TLS: 'true'
ELASTICSEARCH_ENABLE_REST_TLS: 'false'
# ELASTICSEARCH_USER is hardcoded to 'elastic' in the container.
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASS:-zammad}
zammad-init:
<<: *zammad-service
container_name: zammad-init
command: ["zammad-init"]
depends_on:
- zammad-postgresql
restart: on-failure
user: 0:0
zammad-memcached:
container_name: zammad-memcached
command: memcached -m 256M
image: memcached:${MEMCACHE_VERSION:-1.6.38-alpine}
restart: ${RESTART:-always}
zammad-nginx:
<<: *zammad-service
container_name: zammad-nginx
command: ["zammad-nginx"]
expose:
- 8080
ports:
- 15257:8080
labels:
swag: enable
swag_proto: http
swag_port: 8080
swag_url: support.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
homepage.group: Personal/Professional Services
homepage.name: Zammad
homepage.href: https://support.${MY_TLD}
homepage.icon: zammad.svg
homepage.description: Open-source helpdesk/customer support system
depends_on:
- zammad-railsserver
zammad-postgresql:
container_name: zammad-postgresql
environment:
POSTGRES_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
POSTGRES_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS:-zammad}
image: postgres:${ZAMMAD_POSTGRES_VERSION:-17.4-alpine}
restart: ${RESTART:-always}
volumes:
- zammad-postgresql-data:/var/lib/postgresql/data
zammad-railsserver:
<<: *zammad-service
container_name: zammad-railsserver
command: ["zammad-railsserver"]
expose:
- 3000
zammad-redis:
container_name: zammad-redis
image: redis:${REDIS_VERSION:-7.4.2-alpine}
restart: ${RESTART:-always}
volumes:
- zammad-redis-data:/data
zammad-scheduler:
<<: *zammad-service
container_name: zammad-scheduler
command: ["zammad-scheduler"]
zammad-websocket:
<<: *zammad-service
container_name: zammad-websocket
command: ["zammad-websocket"]
volumes: volumes:
authelia-pg-db: authelia-pg-db:
name: authelia-pg-db name: authelia-pg-db
@@ -5347,18 +5245,6 @@ volumes:
name: graylog-data name: graylog-data
graylog-datanode: graylog-datanode:
name: graylog-datanode name: graylog-datanode
hortusfox_app_backup:
name: hortusfox_app_backup
hortusfox_app_images:
name: hortusfox_app_images
hortusfox_app_logs:
name: hortusfox_app_logs
hortusfox_app_migrate:
name: hortusfox_app_migrate
hortusfox_app_themes:
name: hortusfox_app_themes
hortusfox_db_data:
name: hortusfox_db_data
immich-model-cache: immich-model-cache:
name: immich-model-cache name: immich-model-cache
influxdb2-data: influxdb2-data:
@@ -5401,12 +5287,6 @@ volumes:
name: mongodb_data name: mongodb_data
n8n-data: n8n-data:
name: n8n-data name: n8n-data
netbird-mgmt:
name: netbird-mgmt
netbird-signal:
name: netbird-signal
netbird-letsencrypt:
name: netbird-letsencrypt
nextcloud_aio_mastercontainer: nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer name: nextcloud_aio_mastercontainer
ollama: ollama:
@@ -5452,14 +5332,4 @@ volumes:
wallos-db: wallos-db:
name: wallos-db name: wallos-db
wallos-logos: wallos-logos:
name: wallos-logos name: wallos-logos
zammad-backup:
name: zammad-backup
zammad-storage:
name: zammad-storage
zammad-elasticsearch-data:
name: zammad-elasticsearch-data
zammad-postgresql-data:
name: zammad-postgresql-data
zammad-redis-data:
name: zammad-redis-data