Compare commits
27 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0aec31eca2 | |||
| 0a49f05410 | |||
| 51cdb74265 | |||
| a5480f20f4 | |||
| cd174158f2 | |||
| 35cce79dd7 | |||
| 2fc16ad610 | |||
| 75f1098691 | |||
| c5213b50a1 | |||
| 17b50c1445 | |||
| fedb88af3b | |||
| 767bb535cc | |||
| fc4d075e16 | |||
| 76fa75c4c7 | |||
| 465823d215 | |||
| e3975a83c5 | |||
| e4d2ca2e2d | |||
| 3519ca207a | |||
| dd323d27b6 | |||
| 75da6eb7d6 | |||
| a5dea73c35 | |||
| fcf3687b25 | |||
| 189fe886b2 | |||
| 5227fde5f4 | |||
| b78eb5fd2e | |||
| 1047687a3e | |||
| d00fac81fd |
@@ -5,6 +5,7 @@ on:
|
|||||||
- 'main'
|
- 'main'
|
||||||
paths:
|
paths:
|
||||||
- '**/docker-compose.yml'
|
- '**/docker-compose.yml'
|
||||||
|
- '**/pr-cloudflare-docker-deploy.yml'
|
||||||
- '!ansible/**.yml'
|
- '!ansible/**.yml'
|
||||||
jobs:
|
jobs:
|
||||||
check-and-create-pr:
|
check-and-create-pr:
|
||||||
@@ -72,6 +73,9 @@ jobs:
|
|||||||
- name: Fetch base branch
|
- name: Fetch base branch
|
||||||
run: |
|
run: |
|
||||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||||
|
- name: Login to Gitea Container Registry
|
||||||
|
run: |
|
||||||
|
docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_PASSWORD }} git.trez.wtf
|
||||||
- name: Save both versions of docker-compose.yml
|
- name: Save both versions of docker-compose.yml
|
||||||
run: |
|
run: |
|
||||||
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
||||||
@@ -313,11 +317,8 @@ jobs:
|
|||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Login to Gitea Container Registry
|
- name: Login to Gitea Container Registry
|
||||||
uses: docker/login-action@v3
|
run: |
|
||||||
with:
|
docker login -u gitea-sonarqube-bot -p ${{ secrets.BOT_GITEA_PASSWORD }} git.trez.wtf
|
||||||
registry: https://git.trez.wtf
|
|
||||||
username: gitea-sonarqube-bot
|
|
||||||
password: ${{ secrets.BOT_GITEA_TOKEN }}
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -36,6 +36,7 @@
|
|||||||
| explo | ghcr.io/lumepart/explo:latest |
|
| explo | ghcr.io/lumepart/explo:latest |
|
||||||
| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
|
| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
|
||||||
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
||||||
|
| freescout | tiredofit/freescout:latest |
|
||||||
| ghost | ghost:latest |
|
| ghost | ghost:latest |
|
||||||
| gitea | gitea/gitea:1.23.1 |
|
| gitea | gitea/gitea:1.23.1 |
|
||||||
| gitea-db | postgres:14 |
|
| gitea-db | postgres:14 |
|
||||||
@@ -85,8 +86,11 @@
|
|||||||
| mariadb | linuxserver/mariadb |
|
| mariadb | linuxserver/mariadb |
|
||||||
| mastodon | lscr.io/linuxserver/mastodon:latest |
|
| mastodon | lscr.io/linuxserver/mastodon:latest |
|
||||||
| mastodon-pg-db | postgres:17-alpine |
|
| mastodon-pg-db | postgres:17-alpine |
|
||||||
|
| maxun-backend | getmaxun/maxun-backend:latest |
|
||||||
|
| maxun-frontend | getmaxun/maxun-frontend:latest |
|
||||||
|
| maxun-pg-db | postgres:13-alpine |
|
||||||
| meilisearch | getmeili/meilisearch:v1.12.3 |
|
| meilisearch | getmeili/meilisearch:v1.12.3 |
|
||||||
| minio | minio/minio |
|
| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
|
||||||
| mixpost | inovector/mixpost:latest |
|
| mixpost | inovector/mixpost:latest |
|
||||||
| mongodb | bitnami/mongodb:7.0 |
|
| mongodb | bitnami/mongodb:7.0 |
|
||||||
| multi-scrobbler | foxxmd/multi-scrobbler |
|
| multi-scrobbler | foxxmd/multi-scrobbler |
|
||||||
@@ -121,8 +125,7 @@
|
|||||||
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
|
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
|
||||||
| romm | rommapp/romm:latest |
|
| romm | rommapp/romm:latest |
|
||||||
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
|
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
|
||||||
| scraperr | jpyles0524/scraperr:latest |
|
| sablier | sablierapp/sablier:latest |
|
||||||
| scraperr-api | jpyles0524/scraperr_api:latest |
|
|
||||||
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
|
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
|
||||||
| searxng | searxng/searxng:latest |
|
| searxng | searxng/searxng:latest |
|
||||||
| semaphore | semaphoreui/semaphore:v2.12.14 |
|
| semaphore | semaphoreui/semaphore:v2.12.14 |
|
||||||
@@ -146,14 +149,4 @@
|
|||||||
| web-check | lissy93/web-check |
|
| web-check | lissy93/web-check |
|
||||||
| whodb | clidey/whodb |
|
| whodb | clidey/whodb |
|
||||||
| youtubedl | nbr23/youtube-dl-server:latest |
|
| youtubedl | nbr23/youtube-dl-server:latest |
|
||||||
| zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
|
|
||||||
| zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-memcached | memcached:1.6.38-alpine |
|
|
||||||
| zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-postgresql | postgres:17.4-alpine |
|
|
||||||
| zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-redis | redis:7.4.2-alpine |
|
|
||||||
| zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,199 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
http:
|
||||||
|
pprof:
|
||||||
|
port: 6060
|
||||||
|
enabled: false
|
||||||
|
address: 0.0.0.0:80
|
||||||
|
session_ttl: 720h
|
||||||
|
users:
|
||||||
|
- name: admin
|
||||||
|
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_BCRYPT'] }}
|
||||||
|
auth_attempts: 5
|
||||||
|
block_auth_min: 15
|
||||||
|
http_proxy: ""
|
||||||
|
language: ""
|
||||||
|
theme: auto
|
||||||
|
dns:
|
||||||
|
bind_hosts:
|
||||||
|
- 0.0.0.0
|
||||||
|
port: 53
|
||||||
|
anonymize_client_ip: false
|
||||||
|
ratelimit: 20
|
||||||
|
ratelimit_subnet_len_ipv4: 24
|
||||||
|
ratelimit_subnet_len_ipv6: 56
|
||||||
|
ratelimit_whitelist: []
|
||||||
|
refuse_any: true
|
||||||
|
upstream_dns:
|
||||||
|
- 94.140.14.14
|
||||||
|
- 94.140.15.15
|
||||||
|
- https://dns.adguard-dns.com/dns-query
|
||||||
|
- tls://dns.adguard-dns.com
|
||||||
|
- quic://dns.adguard-dns.com
|
||||||
|
- 1.1.1.1
|
||||||
|
- 1.0.0.1
|
||||||
|
- 1.1.1.2
|
||||||
|
- 1.0.0.2
|
||||||
|
- 185.228.168.9
|
||||||
|
- 185.228.169.9
|
||||||
|
- 76.76.2.3
|
||||||
|
- tls://getdnsapi.net
|
||||||
|
- 185.49.141.37
|
||||||
|
- tls://dot.seby.io
|
||||||
|
upstream_dns_file: ""
|
||||||
|
bootstrap_dns:
|
||||||
|
- 9.9.9.10
|
||||||
|
- 149.112.112.10
|
||||||
|
- 2620:fe::10
|
||||||
|
- 2620:fe::fe:10
|
||||||
|
fallback_dns: []
|
||||||
|
upstream_mode: load_balance
|
||||||
|
fastest_timeout: 1s
|
||||||
|
allowed_clients: []
|
||||||
|
disallowed_clients: []
|
||||||
|
blocked_hosts:
|
||||||
|
- version.bind
|
||||||
|
- id.server
|
||||||
|
- hostname.bind
|
||||||
|
trusted_proxies:
|
||||||
|
- 127.0.0.0/8
|
||||||
|
- ::1/128
|
||||||
|
cache_size: 4194304
|
||||||
|
cache_ttl_min: 0
|
||||||
|
cache_ttl_max: 0
|
||||||
|
cache_optimistic: false
|
||||||
|
bogus_nxdomain: []
|
||||||
|
aaaa_disabled: false
|
||||||
|
enable_dnssec: false
|
||||||
|
edns_client_subnet:
|
||||||
|
custom_ip: ""
|
||||||
|
enabled: false
|
||||||
|
use_custom: false
|
||||||
|
max_goroutines: 300
|
||||||
|
handle_ddr: true
|
||||||
|
ipset: []
|
||||||
|
ipset_file: ""
|
||||||
|
bootstrap_prefer_ipv6: false
|
||||||
|
upstream_timeout: 10s
|
||||||
|
private_networks: []
|
||||||
|
use_private_ptr_resolvers: false
|
||||||
|
local_ptr_upstreams: []
|
||||||
|
use_dns64: false
|
||||||
|
dns64_prefixes: []
|
||||||
|
serve_http3: false
|
||||||
|
use_http3_upstreams: false
|
||||||
|
serve_plain_dns: true
|
||||||
|
hostsfile_enabled: true
|
||||||
|
pending_requests:
|
||||||
|
enabled: true
|
||||||
|
tls:
|
||||||
|
enabled: true
|
||||||
|
server_name: ""
|
||||||
|
force_https: false
|
||||||
|
port_https: 443
|
||||||
|
port_dns_over_tls: 853
|
||||||
|
port_dns_over_quic: 853
|
||||||
|
port_dnscrypt: 0
|
||||||
|
dnscrypt_config_file: ""
|
||||||
|
allow_unencrypted_doh: false
|
||||||
|
certificate_chain: ""
|
||||||
|
private_key: ""
|
||||||
|
certificate_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
|
||||||
|
private_key_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
|
||||||
|
strict_sni_check: false
|
||||||
|
querylog:
|
||||||
|
dir_path: ""
|
||||||
|
ignored: []
|
||||||
|
interval: 2160h
|
||||||
|
size_memory: 1000
|
||||||
|
enabled: true
|
||||||
|
file_enabled: true
|
||||||
|
statistics:
|
||||||
|
dir_path: ""
|
||||||
|
ignored: []
|
||||||
|
interval: 24h
|
||||||
|
enabled: true
|
||||||
|
filters:
|
||||||
|
- enabled: true
|
||||||
|
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
|
||||||
|
name: AdGuard DNS filter
|
||||||
|
id: 1
|
||||||
|
- enabled: false
|
||||||
|
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
|
||||||
|
name: AdAway Default Blocklist
|
||||||
|
id: 2
|
||||||
|
whitelist_filters: []
|
||||||
|
user_rules: []
|
||||||
|
dhcp:
|
||||||
|
enabled: false
|
||||||
|
interface_name: ""
|
||||||
|
local_domain_name: lan
|
||||||
|
dhcpv4:
|
||||||
|
gateway_ip: 192.168.1.1
|
||||||
|
subnet_mask: 255.255.255.0
|
||||||
|
range_start: 192.168.1.2
|
||||||
|
range_end: 192.168.1.240
|
||||||
|
lease_duration: 86400
|
||||||
|
icmp_timeout_msec: 1000
|
||||||
|
options: []
|
||||||
|
dhcpv6:
|
||||||
|
range_start: ""
|
||||||
|
lease_duration: 86400
|
||||||
|
ra_slaac_only: false
|
||||||
|
ra_allow_slaac: false
|
||||||
|
filtering:
|
||||||
|
blocking_ipv4: ""
|
||||||
|
blocking_ipv6: ""
|
||||||
|
blocked_services:
|
||||||
|
schedule:
|
||||||
|
time_zone: America/New_York
|
||||||
|
ids: []
|
||||||
|
protection_disabled_until: null
|
||||||
|
safe_search:
|
||||||
|
enabled: false
|
||||||
|
bing: true
|
||||||
|
duckduckgo: true
|
||||||
|
ecosia: true
|
||||||
|
google: true
|
||||||
|
pixabay: true
|
||||||
|
yandex: true
|
||||||
|
youtube: true
|
||||||
|
blocking_mode: default
|
||||||
|
parental_block_host: family-block.dns.adguard.com
|
||||||
|
safebrowsing_block_host: standard-block.dns.adguard.com
|
||||||
|
rewrites: []
|
||||||
|
safe_fs_patterns:
|
||||||
|
- /opt/adguardhome/work/userfilters/*
|
||||||
|
safebrowsing_cache_size: 1048576
|
||||||
|
safesearch_cache_size: 1048576
|
||||||
|
parental_cache_size: 1048576
|
||||||
|
cache_time: 30
|
||||||
|
filters_update_interval: 24
|
||||||
|
blocked_response_ttl: 10
|
||||||
|
filtering_enabled: true
|
||||||
|
parental_enabled: false
|
||||||
|
safebrowsing_enabled: false
|
||||||
|
protection_enabled: true
|
||||||
|
clients:
|
||||||
|
runtime_sources:
|
||||||
|
whois: true
|
||||||
|
arp: true
|
||||||
|
rdns: true
|
||||||
|
dhcp: true
|
||||||
|
hosts: true
|
||||||
|
persistent: []
|
||||||
|
log:
|
||||||
|
enabled: true
|
||||||
|
file: ""
|
||||||
|
max_backups: 0
|
||||||
|
max_size: 100
|
||||||
|
max_age: 3
|
||||||
|
compress: false
|
||||||
|
local_time: false
|
||||||
|
verbose: false
|
||||||
|
os:
|
||||||
|
group: ""
|
||||||
|
user: ""
|
||||||
|
rlimit_nofile: 0
|
||||||
|
schema_version: 29
|
||||||
+165
-570
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user