From 273a7480ec0e44e84d45dacd7624bb09f35fe219 Mon Sep 17 00:00:00 2001 From: Matthias Date: Fri, 16 Aug 2024 12:15:48 +0200 Subject: [PATCH] Added vaultwarden and removed old compose directory Also updated gitea to use no NFS and added vaultwarden to swag --- compose/backup/docker-compose.yml | 88 --------- compose/backup/start.sh | 1 - compose/cadvisor/docker-compose.yml | 22 --- compose/gitea/docker-compose.yml | 28 --- compose/grafana/docker-compose.yml | 75 -------- compose/jenkins/docker-compose.yml | 34 ---- compose/magicmirror/docker-compose.yml | 37 ---- compose/nextcloud-fpm/docker-compose.yml | 115 ------------ compose/nextcloud-fpm/nc-fpm/Dockerfile | 13 -- compose/nextcloud-fpm/nginx/Dockerfile | 11 -- compose/nextcloud-fpm/nginx/nginx.conf | 175 ------------------ compose/nextcloud-fpm/redis/Dockerfile | 6 - compose/nextcloud-fpm/start.sh | 3 - compose/nodeexporter/docker-compose.yml | 19 -- compose/photoprism/docker-compose.yml | 133 ------------- compose/photoprism/storage/backup/serial | 1 - compose/photoprism/storage/config/hub.yml | 6 - .../photoprism/storage/config/settings.yml | 62 ------- compose/photoprism/storage/serial | 1 - compose/piholeexporter/docker-compose.yml | 17 -- compose/proxymanager/docker-compose.yml | 40 ---- compose/registrybrowser/docker-compose.yml | 43 ----- compose/reverseproxy/docker-compose.yml | 36 ---- compose/reverseproxy/init-letsencrypt.sh | 83 --------- compose/swag/docker-compose.yml | 35 ---- compose/tado-exporter/docker-compose.yml | 17 -- compose/tado-exporter/start.sh | 1 - homenetwork/nas/gitea.yml | 6 +- homenetwork/nas/swag.yml | 10 +- homenetwork/nas/vaultwarden.yml | 34 ++++ 30 files changed, 39 insertions(+), 1113 deletions(-) delete mode 100644 compose/backup/docker-compose.yml delete mode 100755 compose/backup/start.sh delete mode 100644 compose/cadvisor/docker-compose.yml delete mode 100644 compose/gitea/docker-compose.yml delete mode 100644 compose/grafana/docker-compose.yml delete mode 100644 compose/jenkins/docker-compose.yml delete mode 100644 compose/magicmirror/docker-compose.yml delete mode 100644 compose/nextcloud-fpm/docker-compose.yml delete mode 100644 compose/nextcloud-fpm/nc-fpm/Dockerfile delete mode 100644 compose/nextcloud-fpm/nginx/Dockerfile delete mode 100644 compose/nextcloud-fpm/nginx/nginx.conf delete mode 100644 compose/nextcloud-fpm/redis/Dockerfile delete mode 100755 compose/nextcloud-fpm/start.sh delete mode 100644 compose/nodeexporter/docker-compose.yml delete mode 100644 compose/photoprism/docker-compose.yml delete mode 100644 compose/photoprism/storage/backup/serial delete mode 100644 compose/photoprism/storage/config/hub.yml delete mode 100644 compose/photoprism/storage/config/settings.yml delete mode 100644 compose/photoprism/storage/serial delete mode 100644 compose/piholeexporter/docker-compose.yml delete mode 100644 compose/proxymanager/docker-compose.yml delete mode 100644 compose/registrybrowser/docker-compose.yml delete mode 100644 compose/reverseproxy/docker-compose.yml delete mode 100755 compose/reverseproxy/init-letsencrypt.sh delete mode 100644 compose/swag/docker-compose.yml delete mode 100644 compose/tado-exporter/docker-compose.yml delete mode 100755 compose/tado-exporter/start.sh create mode 100644 homenetwork/nas/vaultwarden.yml diff --git a/compose/backup/docker-compose.yml b/compose/backup/docker-compose.yml deleted file mode 100644 index 73c68cc..0000000 --- a/compose/backup/docker-compose.yml +++ /dev/null @@ -1,88 +0,0 @@ -version: '3.8' - -volumes: - docker_config: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config - - repo: - driver_opts: - type: nfs - o: addr=maurice,nfsvers=4 - device: :/repositories - - nc_storage: - driver_opts: - type: nfs - o: addr=maurice,nfsvers=4 - device: :/nextcloud - - bands: - driver_opts: - type: nfs - o: addr=maurice,nfsvers=4 - device: :/bands - - -configs: - stackstorage: - external: true - -services: - dockerstorage: - image: registry.vbchaos.nl/rclone - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/docker_config - - CRON_SCHEDULE=*/1 * * * * - configs: - - source: stackstorage - target: /root/.config/rclone/rclone.conf - volumes: - - docker_config:/backup - deploy: - placement: - constraints: [node.labels.isDNS == false] - -# repositories: -# image: registry.vbchaos.nl/rclone:arm64 -# environment: -# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/repositories -# - CRON_SCHEDULE=0 1-23/4 * * * -# configs: -# - source: stackstorage -# target: /config/rclone.conf -# volumes: -# - repo:/backup -# deploy: -# mode: replicated -# replicas: 1 - -# nc_storage: -# image: registry.vbchaos.nl/rclone:arm64 -# environment: -# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/nextcloud -# - CRON_SCHEDULE=0 2-23/4 * * * -# configs: -# - source: stackstorage -# target: /config/rclone.conf -# volumes: -# - nc_storage:/backup -# deploy: -# mode: replicated -# replicas: 1 - -# bands: -# image: registry.vbchaos.nl/rclone:arm64 -# environment: -# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/bands -# - CRON_SCHEDULE=0 3-23/4 * * * -# configs: -# - source: stackstorage -# target: /config/rclone.conf -# volumes: -# - bands:/backup -# deploy: -# mode: replicated -# replicas: 1 diff --git a/compose/backup/start.sh b/compose/backup/start.sh deleted file mode 100755 index f2ce680..0000000 --- a/compose/backup/start.sh +++ /dev/null @@ -1 +0,0 @@ -docker stack deploy -c docker-compose.yml --with-registry-auth backup diff --git a/compose/cadvisor/docker-compose.yml b/compose/cadvisor/docker-compose.yml deleted file mode 100644 index 798ddac..0000000 --- a/compose/cadvisor/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: "3.7" - -services: - cadvisor: - user: "0:0" - image: zcube/cadvisor:latest - hostname: '{{.Node.ID}}' - command: -logtostderr -docker_only -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influx:8086 - volumes: - - /:/rootfs:ro - - /var/run:/var/run:rw - - /sys:/sys:ro - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - /var/lib/docker/:/var/lib/docker:ro - - /dev/disk/:/dev/disk:ro - ports: - - 8081:8080 - deploy: - mode: global - restart_policy: - condition: on-failure - diff --git a/compose/gitea/docker-compose.yml b/compose/gitea/docker-compose.yml deleted file mode 100644 index df25bfa..0000000 --- a/compose/gitea/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: "3" - -volumes: - gitea_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/gitea - - gitea_repository: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/repositories/git - -services: - server: - image: gitea/gitea - container_name: gitea - volumes: - - gitea_data:/data - - gitea_repository:/data/git/repo - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - ports: - - "3000:3000" - - "222:22" - diff --git a/compose/grafana/docker-compose.yml b/compose/grafana/docker-compose.yml deleted file mode 100644 index f8ed17e..0000000 --- a/compose/grafana/docker-compose.yml +++ /dev/null @@ -1,75 +0,0 @@ -version: '3.8' - -volumes: - prometheus_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/grafana_prometheus_data - - grafana_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/grafana/grafana - - loki_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/grafana/loki - -configs: - prometheus_config: - external: true - grafana_config: - external: true - - -services: - -# loki: -# image: grafana/loki:2.6.1 -# user: "0:0" -# volumes: -# - loki_data:/loki -# ports: -# - "3100:3100" -# command: -config.file=/etc/loki/local-config.yaml - -# promtail: -# image: grafana/promtail:2.6.1 -# user: "0:0" -# volumes: -# - /var/log:/var/log -# command: -config.file=/etc/promtail/config.yml - - prometheus: - user: "0:0" - hostname: prometheus - image: prom/prometheus - environment: - - TZ=Europe/Berlin #change Time Zone if needed - configs: - - source: prometheus_config - target: /etc/prometheus/prometheus.yml - volumes: - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - 9090:9090 - - grafana: - user: "0:0" - hostname: grafana - image: grafana/grafana - environment: - - TZ=Europe/Amsterdam - configs: - - source: grafana_config - target: /etc/grafana/grafana.ini - volumes: - - grafana_data:/var/lib/grafana - ports: - - 3300:3000 diff --git a/compose/jenkins/docker-compose.yml b/compose/jenkins/docker-compose.yml deleted file mode 100644 index 8644fa5..0000000 --- a/compose/jenkins/docker-compose.yml +++ /dev/null @@ -1,34 +0,0 @@ -# docker-compose.yaml -version: '3.8' - -volumes: - jenkins_home: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/jenkins/home - jenkins_certs: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/jenkins/certs - -services: - jenkins: - image: registry.vbchaos.nl/jenkins-docker - ports: - - 8080:8080 - - 50000:50000 -# environment: -# - DOCKER_CERT_PATH=/certs/client -# - DOCKER_TLS_VERIFY=1 - deploy: - placement: - constraints: - - "node.labels.highperformance==YES" - volumes: - - jenkins_home:/var/jenkins_home -# - jenkins_certs:/certs/client - - /var/run/docker.sock:/var/run/docker.sock - - diff --git a/compose/magicmirror/docker-compose.yml b/compose/magicmirror/docker-compose.yml deleted file mode 100644 index 9335e7f..0000000 --- a/compose/magicmirror/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '3' - -volumes: - magicmirror_config: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/magicmirror/config - - magicmirror_modules: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/magicmirror/modules - - magicmirror_css: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/magicmirror/css - - -services: - magicmirror: - container_name: mm - image: karsten13/magicmirror:latest - ports: - - "8083:8080" - volumes: - - magicmirror_config:/opt/magic_mirror/config - - magicmirror_modules:/opt/magic_mirror/modules - - magicmirror_css:/opt/magic_mirror/css - restart: unless-stopped - command: - - npm - - run - - server diff --git a/compose/nextcloud-fpm/docker-compose.yml b/compose/nextcloud-fpm/docker-compose.yml deleted file mode 100644 index ba60c54..0000000 --- a/compose/nextcloud-fpm/docker-compose.yml +++ /dev/null @@ -1,115 +0,0 @@ -version: "3" - -volumes: - nchome: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home - ncdb: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database - ncdata: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage - - -services: - db: - image: mariadb:10.6 - restart: always - command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW - volumes: - - ncdb:/var/lib/mysql:Z - environment: - - MYSQL_ROOT_PASSWORD=rootpw - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - aio-imaginary: - image: nextcloud/aio-imaginary:latest - restart: always - environment: - - PORT=9000 - ports: - - 9999:9000 - command: -concurrency 50 -enable-url-source - - nextcloud: - build: - context: ./nc-fpm - args: - UID: ${MUID} - GID: ${MGID} - restart: always - links: - - db - volumes: - - nchome:/var/www/html:z - - ncdata:/var/www/html/data - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/ -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Fearium:/ex_storage/bands/fearium -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Breakpoint9:/ex_storage/bands/breakpointnine -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/music:/ex_storage/music -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/video:/ex_storage/video -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/repositories:/ex_storage/repositories -# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/hwsw:/ex_storage/hwsw - - - environment: - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=db - - REDIS_HOST=redis - - nginx: - build: - context: ./nginx - args: - UID: ${MUID} - GID: ${MGID} - restart: always - ports: - - 8888:80 - links: - - nextcloud - volumes: - - nchome:/var/www/html:z,ro - - redis: - build: - context: ./redis - args: - UID: ${MUID} - GID: ${MGID} - restart: always - - cron: - build: - context: ./nc-fpm - args: - UID: ${MUID} - GID: ${MGID} - restart: always - volumes: - - nchome:/var/www/html:z - - ncdata:/var/www/html/data - environment: - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=db - - REDIS_HOST=redis - entrypoint: /cron.sh - depends_on: - - nextcloud - diff --git a/compose/nextcloud-fpm/nc-fpm/Dockerfile b/compose/nextcloud-fpm/nc-fpm/Dockerfile deleted file mode 100644 index 08834be..0000000 --- a/compose/nextcloud-fpm/nc-fpm/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM nextcloud:fpm - -ARG UID=1000 -ARG GID=1000 - -#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data -RUN usermod -u $UID -o www-data -RUN apt update \ - && apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \ - && apt clean - -# Add custom cron job for previews -RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data diff --git a/compose/nextcloud-fpm/nginx/Dockerfile b/compose/nextcloud-fpm/nginx/Dockerfile deleted file mode 100644 index 5e76d82..0000000 --- a/compose/nextcloud-fpm/nginx/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -#FROM nginx:alpine -FROM nginx:bullseye - -ARG UID=1000 -ARG GID=1000 - -RUN usermod -u $UID -o www-data - -#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/compose/nextcloud-fpm/nginx/nginx.conf b/compose/nextcloud-fpm/nginx/nginx.conf deleted file mode 100644 index 7b6e48c..0000000 --- a/compose/nextcloud-fpm/nginx/nginx.conf +++ /dev/null @@ -1,175 +0,0 @@ -user www-data; -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server nextcloud:9000; - } - - - server { - listen 80; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - - # set max upload size - client_max_body_size 512M; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; - - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in `.htaccess` that concern `/.well-known`. - - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; - } - - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; - - try_files $fastcgi_script_name =404; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; - - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; - - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ \.(?:css|js|svg|gif)$ { - try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - # Rule borrowed from `.htaccess` - location /remote { - return 301 /remote.php$request_uri; - } - - location / { - try_files $uri $uri/ /index.php$request_uri; - } - } -} diff --git a/compose/nextcloud-fpm/redis/Dockerfile b/compose/nextcloud-fpm/redis/Dockerfile deleted file mode 100644 index 5770389..0000000 --- a/compose/nextcloud-fpm/redis/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM redis:latest - -ARG UID=1000 -ARG GID=1000 - -RUN usermod -u $UID -o www-data diff --git a/compose/nextcloud-fpm/start.sh b/compose/nextcloud-fpm/start.sh deleted file mode 100755 index 58e6caf..0000000 --- a/compose/nextcloud-fpm/start.sh +++ /dev/null @@ -1,3 +0,0 @@ -MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache -MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate - diff --git a/compose/nodeexporter/docker-compose.yml b/compose/nodeexporter/docker-compose.yml deleted file mode 100644 index c96f97d..0000000 --- a/compose/nodeexporter/docker-compose.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: '3' - -services: - node-exporter: - image: prom/node-exporter:latest - deploy: - mode: global - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - ports: - - "9100:9100" - diff --git a/compose/photoprism/docker-compose.yml b/compose/photoprism/docker-compose.yml deleted file mode 100644 index af226b6..0000000 --- a/compose/photoprism/docker-compose.yml +++ /dev/null @@ -1,133 +0,0 @@ -version: '3.5' - -# Example Docker Compose config file for PhotoPrism (Linux / AMD64) -# -# Note: -# - Hardware transcoding is only available for sponsors due to the high maintenance and support effort. -# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected -# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files. -# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure -# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted -# in clear text and can be intercepted by anyone, including your provider, hackers, and governments: -# https://docs.photoprism.app/getting-started/proxies/traefik/ -# -# Setup Guides: -# - https://docs.photoprism.app/getting-started/docker-compose/ -# - https://docs.photoprism.app/getting-started/raspberry-pi/ -# -# Troubleshooting Checklists: -# - https://docs.photoprism.app/getting-started/troubleshooting/ -# - https://docs.photoprism.app/getting-started/troubleshooting/docker/ -# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/ -# -# CLI Commands: -# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface -# -# All commands may have to be prefixed with "sudo" when not running as root. -# This will point the home directory srtcut ~ to /root in volume mounts. - -volumes: - photoprismdatabase: - driver: local - driver_opts: - o: bind - type: none - device: /srv/dev-disk-by-uuid-f3ca381b-e85a-4348-8086-833317c5d96e/dockerstorage/photoprism/database - - -services: - photoprism: - ## Use photoprism/photoprism:preview for testing preview builds: - image: photoprism/photoprism:latest - depends_on: - - mariadb - ## Don't enable automatic restarts until PhotoPrism has been properly configured and tested! - ## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue: - ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors - # restart: unless-stopped - security_opt: - - seccomp:unconfined - - apparmor:unconfined - ports: - - "2342:2342" # HTTP port (host:container) - environment: - PHOTOPRISM_ADMIN_USER: "admin" # superadmin username - PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial superadmin password (minimum 8 characters) - PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) - PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)" - PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) - PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) - PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic - PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) - PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features - PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup - PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server - PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API - PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow - PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) - PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) - PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files - PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance) - PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) - PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) - PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) - # PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server - PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance - PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) - PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name - PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name - PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password - PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" - PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description - PHOTOPRISM_SITE_AUTHOR: "" # meta site author - ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): - # PHOTOPRISM_INIT: "https gpu tensorflow" - ## Hardware Video Transcoding: - # PHOTOPRISM_FFMPEG_ENCODER: "software" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry") - # PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50) - ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): - # PHOTOPRISM_UID: 1000 - # PHOTOPRISM_GID: 1000 - # PHOTOPRISM_UMASK: 0000 - ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): - # user: "1000:1000" - ## Share hardware devices with FFmpeg and TensorFlow (optional): - # devices: - # - "/dev/dri:/dev/dri" # Intel QSV - # - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA - # - "/dev/nvidiactl:/dev/nvidiactl" - # - "/dev/nvidia-modeset:/dev/nvidia-modeset" - # - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl" - # - "/dev/nvidia-uvm:/dev/nvidia-uvm" - # - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools" - # - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m) - working_dir: "/photoprism" # do not change or remove - ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory - volumes: - # "/host/folder:/photoprism/folder" # Example - - "./Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE) - # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this - # - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals - - "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) - - ## Database Server (recommended) - ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql - mariadb: - ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue: - ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors - restart: unless-stopped - image: mariadb:10.10 - security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 - - seccomp:unconfined - - apparmor:unconfined - command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 - ## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder: - volumes: - - photoprismdatabase:/var/lib/mysql - environment: - MARIADB_AUTO_UPGRADE: "1" - MARIADB_INITDB_SKIP_TZINFO: "1" - MARIADB_DATABASE: "photoprism" - MARIADB_USER: "photoprism" - MARIADB_PASSWORD: "insecure" - MARIADB_ROOT_PASSWORD: "insecure" diff --git a/compose/photoprism/storage/backup/serial b/compose/photoprism/storage/backup/serial deleted file mode 100644 index 2dafad8..0000000 --- a/compose/photoprism/storage/backup/serial +++ /dev/null @@ -1 +0,0 @@ -zrsyd9l35vf8qz3s \ No newline at end of file diff --git a/compose/photoprism/storage/config/hub.yml b/compose/photoprism/storage/config/hub.yml deleted file mode 100644 index f45a62f..0000000 --- a/compose/photoprism/storage/config/hub.yml +++ /dev/null @@ -1,6 +0,0 @@ -Version: 221118-e58fee0fb-Linux-ARM64 -Key: 7b51906306b5aba668e0beda443a2c57cbe239f5 -Secret: 13bb44da3f919c04a89439bf157d8631 -Session: 6a58a5ba0432511981b0ddb0bbe44e5cd636a0b4ceeae537f17379cb2b7d86a33e6471c87b587c26008b9500995e153ffca4e9e2a9fd077484bd5ee63b1a032d6e71d8bec4764591f117230732ebf49f6ad801d58b0b84250c22dbd7460e4829ff -Status: ce -Serial: zrsyd9l35vf8qz3s diff --git a/compose/photoprism/storage/config/settings.yml b/compose/photoprism/storage/config/settings.yml deleted file mode 100644 index 2af62ff..0000000 --- a/compose/photoprism/storage/config/settings.yml +++ /dev/null @@ -1,62 +0,0 @@ -UI: - Scrollbar: true - Zoom: false - Theme: default - Language: en - TimeZone: "" -Search: - BatchSize: 0 -Maps: - Animate: 0 - Style: "" -Features: - Account: true - Advanced: false - Albums: true - Archive: true - Delete: false - Download: true - Edit: true - Estimates: true - Favorites: true - Files: true - Folders: true - Import: true - Labels: true - Library: true - Logs: true - Moments: true - People: true - Places: true - Private: true - Ratings: true - Reactions: true - Review: true - Search: true - Services: true - Settings: true - Share: true - Upload: true - Videos: true -Import: - Path: / - Move: false -Index: - Path: / - Convert: true - Rescan: false - SkipArchived: false -Stack: - UUID: true - Meta: true - Name: false -Share: - Title: "" -Download: - Name: file - Disabled: false - Originals: true - MediaRaw: false - MediaSidecar: false -Templates: - Default: index.gohtml diff --git a/compose/photoprism/storage/serial b/compose/photoprism/storage/serial deleted file mode 100644 index 2dafad8..0000000 --- a/compose/photoprism/storage/serial +++ /dev/null @@ -1 +0,0 @@ -zrsyd9l35vf8qz3s \ No newline at end of file diff --git a/compose/piholeexporter/docker-compose.yml b/compose/piholeexporter/docker-compose.yml deleted file mode 100644 index cb5277c..0000000 --- a/compose/piholeexporter/docker-compose.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: '3.3' - -services: - pihole-exporter: - image: ekofr/pihole-exporter:latest -# image: remiflandrois/pihole-exporter:latest - container_name: pihole_exporter - ports: - - 9617:9617 - environment: - PIHOLE_HOSTNAME: 192.168.1.8 - PIHOLE_PORT: 80 - PIHOLE_PASSWORD: 14Mai1984 - INTERVAL: 5s - PORT: 9617 - - diff --git a/compose/proxymanager/docker-compose.yml b/compose/proxymanager/docker-compose.yml deleted file mode 100644 index 510e8ab..0000000 --- a/compose/proxymanager/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: "3" - -volumes: - data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/proxymanager/data - - letsencrypt: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/proxymanager/letsencrypt - - -services: - app: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped - ports: - # These ports are in format : - - '80:80' # Public HTTP Port - - '443:443' # Public HTTPS Port - - '81:81' # Admin Web Port - # Add any other Stream port you want to expose - # - '21:21' # FTP - - # Uncomment the next line if you uncomment anything in the section - # environment: - # Uncomment this if you want to change the location of - # the SQLite DB file within the container - # DB_SQLITE_FILE: "/data/database.sqlite" - - # Uncomment this if IPv6 is not enabled on your host - # DISABLE_IPV6: 'true' - - volumes: - - data:/data - - letsencrypt:/etc/letsencrypt diff --git a/compose/registrybrowser/docker-compose.yml b/compose/registrybrowser/docker-compose.yml deleted file mode 100644 index 371bf74..0000000 --- a/compose/registrybrowser/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '3' - -volumes: - registrystorage: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/registry - registryauth: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/dockerstorage/registry/auth - - - -services: - registry: - image: registry:2 - volumes: - - registryauth:/auth - - registrystorage:/var/lib/registry - environment: - - REGISTRY_STORAGE_DELETE_ENABLED=true - - REGISTRY_AUTH=htpasswd - - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm - - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd - - VIRTUAL_HOST=registry.vbchaos.nl - - VIRTUAL_PORT=5000 - - VIRTUAL_PROTO=http - ports: - - '5000:5000' - - registrybrowser: - image: klausmeyer/docker-registry-browser - ports: - - 8082:8080 - environment: - - 'DOCKER_REGISTRY_URL=http://maurice:5000' -# - 'DOCKER_REGISTRY_URL=https://registry.vbchaos.nl' - - 'PUBLIC_REGISTRY_URL=registry.vbchaos.nl' - - 'NO_SSL_VERIFICATION=true' - - 'ENABLE_DELETE_IMAGES=true' diff --git a/compose/reverseproxy/docker-compose.yml b/compose/reverseproxy/docker-compose.yml deleted file mode 100644 index fab6c0c..0000000 --- a/compose/reverseproxy/docker-compose.yml +++ /dev/null @@ -1,36 +0,0 @@ -version: '3' - -volumes: - nginx_conf: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/swarm/stacks/reverseproxy/nginx - certbot_conf: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/swarm/stacks/reverseproxy/certbot_conf - certificates: - external: true - - - -services: - nginx: - image: nginx:1.15-alpine - command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" - ports: - - "80:80" - - "443:443" - volumes: - - nginx_conf:/etc/nginx/conf.d - - certbot_conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot - certbot: - image: certbot/certbot:arm64v8-v1.32.2 - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - volumes: - - certbot_conf:/etc/letsencrypt -# - certificates:/etc/letsencrypt/live - - ./data/certbot/www:/var/www/certbot diff --git a/compose/reverseproxy/init-letsencrypt.sh b/compose/reverseproxy/init-letsencrypt.sh deleted file mode 100755 index cc5a9d1..0000000 --- a/compose/reverseproxy/init-letsencrypt.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -if ! [ -x "$(command -v docker-compose)" ]; then - echo 'Error: docker-compose is not installed.' >&2 - exit 1 -fi - -domains=(vbchaos.ddns.net) -rsa_key_size=4096 -data_path="./certbot_data" -email="matthias.mitscherlich@gmail.com" # Adding a valid address is strongly recommended -staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits - -if [ -d "$data_path" ]; then - read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision - if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then - exit - fi -fi - - -if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then - echo "### Downloading recommended TLS parameters ..." - mkdir -p "$data_path/conf" - curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" - curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" - echo -fi - -echo "### Creating dummy certificate for $domains ..." -path="/etc/letsencrypt/live/$domains" -mkdir -p "$data_path/conf/live/$domains" -docker-compose run --rm --entrypoint "\ - openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\ - -keyout '$path/privkey.pem' \ - -out '$path/fullchain.pem' \ - -subj '/CN=localhost'" certbot -echo - - -echo "### Starting nginx ..." -docker-compose up --force-recreate -d nginx -echo - - - -echo "### Deleting dummy certificate for $domains ..." -docker-compose run --rm --entrypoint "\ - rm -Rf /etc/letsencrypt/live/$domains && \ - rm -Rf /etc/letsencrypt/archive/$domains && \ - rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot -echo - -# exit 1 - -echo "### Requesting Let's Encrypt certificate for $domains ..." -#Join $domains to -d args -domain_args="" -for domain in "${domains[@]}"; do - domain_args="$domain_args -d $domain" -done - -# Select appropriate email arg -case "$email" in - "") email_arg="--register-unsafely-without-email" ;; - *) email_arg="--email $email" ;; -esac - -# Enable staging mode if needed -if [ $staging != "0" ]; then staging_arg="--staging"; fi - -docker-compose run --rm --entrypoint "\ - certbot certonly --webroot -w /var/www/certbot \ - $staging_arg \ - $email_arg \ - $domain_args \ - --rsa-key-size $rsa_key_size \ - --agree-tos \ - --force-renewal" certbot -echo - -echo "### Reloading nginx ..." -docker-compose exec nginx nginx -s reload diff --git a/compose/swag/docker-compose.yml b/compose/swag/docker-compose.yml deleted file mode 100644 index 9f4ad66..0000000 --- a/compose/swag/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: "3" - -volumes: - swag_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/swag - -services: - swag: - image: lscr.io/linuxserver/swag:latest - container_name: swag - cap_add: - - NET_ADMIN - environment: - - PUID=1000 - - PGID=100 - - TZ=Etc/UTC - - URL=vbchaos.nl - - VALIDATION=http - - SUBDOMAINS=nc,git,grafana,registry,registrybrowser,omv - - CERTPROVIDER= #optional - - DNSPLUGIN=cloudflare #optional - - PROPAGATION= #optional - - EMAIL= matthias.mitscherlich@gmail.com - - ONLY_SUBDOMAINS=false #optional - - EXTRA_DOMAINS= #optional - - STAGING=false #optional - volumes: - - swag_data:/config - ports: - - 443:443 - - 81:80 #optional - restart: unless-stopped diff --git a/compose/tado-exporter/docker-compose.yml b/compose/tado-exporter/docker-compose.yml deleted file mode 100644 index 2dcac33..0000000 --- a/compose/tado-exporter/docker-compose.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: '3' - - -services: - - tado-exporter: - user: "1000:1000" - image: registry.vbchaos.nl/tado-exporter:arm64 - hostname: tado-exporter - - environment: - EXPORTER_USERNAME: matthias.mitscherlich@gmail.com - EXPORTER_PASSWORD: 14Mai1984 - - ports: - - "9898:9898" - diff --git a/compose/tado-exporter/start.sh b/compose/tado-exporter/start.sh deleted file mode 100755 index 6e8d666..0000000 --- a/compose/tado-exporter/start.sh +++ /dev/null @@ -1 +0,0 @@ -docker stack deploy -c docker-compose.yml --with-registry-auth tado-exporter diff --git a/homenetwork/nas/gitea.yml b/homenetwork/nas/gitea.yml index 8e85d2b..14d67e2 100644 --- a/homenetwork/nas/gitea.yml +++ b/homenetwork/nas/gitea.yml @@ -18,8 +18,10 @@ services: image: gitea/gitea container_name: gitea volumes: - - gitea_data:/data - - gitea_repository:/data/git/repo + - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/gitea:/data + - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories/git:/data/git/repo +# - gitea_data:/data +# - gitea_repository:/data/git/repo - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: diff --git a/homenetwork/nas/swag.yml b/homenetwork/nas/swag.yml index 052ef10..418630c 100644 --- a/homenetwork/nas/swag.yml +++ b/homenetwork/nas/swag.yml @@ -1,12 +1,5 @@ version: "3" -volumes: - swag_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/swag - services: swag: image: lscr.io/linuxserver/swag:latest @@ -19,7 +12,7 @@ services: - TZ=Etc/UTC - URL=vbchaos.nl - VALIDATION=http - - SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn + - SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden - CERTPROVIDER= #optional - DNSPLUGIN=cloudflare #optional - PROPAGATION= #optional @@ -28,7 +21,6 @@ services: - EXTRA_DOMAINS= #optional - STAGING=false #optional volumes: -# - swag_data:/config - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/swag:/config ports: - 443:443 diff --git a/homenetwork/nas/vaultwarden.yml b/homenetwork/nas/vaultwarden.yml new file mode 100644 index 0000000..ac68464 --- /dev/null +++ b/homenetwork/nas/vaultwarden.yml @@ -0,0 +1,34 @@ +version: '3' + +services: + vaultwarden: + container_name: vaultwarden + image: vaultwarden/server:latest + restart: unless-stopped + volumes: + - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/ + ports: + - 5555:80 + environment: + - DOMAIN=https://vaultwarden.vbchaos.nl + - LOGIN_RATELIMIT_MAX_BURST=10 + - LOGIN_RATELIMIT_SECONDS=60 + - ADMIN_RATELIMIT_MAX_BURST=10 + - ADMIN_RATELIMIT_SECONDS=2 + - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM + - SENDS_ALLOWED=true + - EMERGENCY_ACCESS_ALLOWED=true + - WEB_VAULT_ENABLED=true + - SIGNUPS_ALLOWED=false + - SIGNUPS_VERIFY=true + - SIGNUPS_VERIFY_RESEND_TIME=3600 + - SIGNUPS_VERIFY_RESEND_LIMIT=5 + - SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl + - SMTP_HOST=smtp.gmail.com + - SMTP_FROM=vaultwarden@vbchaos.nl + - SMTP_FROM_NAME=Vaultwarden + - SMTP_SECURITY=starttls + - SMTP_PORT=587 + - SMTP_USERNAME=matthias.mitscherlich@gmail.com + - SMTP_PASSWORD=oomgyoiqepsqaikn + - SMTP_AUTH_MECHANISM="Login"