Added vaultwarden and removed old compose directory
Also updated gitea to use no NFS and added vaultwarden to swag
This commit is contained in:
@@ -1,88 +0,0 @@
|
|||||||
version: '3.8'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
docker_config:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config
|
|
||||||
|
|
||||||
repo:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=maurice,nfsvers=4
|
|
||||||
device: :/repositories
|
|
||||||
|
|
||||||
nc_storage:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=maurice,nfsvers=4
|
|
||||||
device: :/nextcloud
|
|
||||||
|
|
||||||
bands:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=maurice,nfsvers=4
|
|
||||||
device: :/bands
|
|
||||||
|
|
||||||
|
|
||||||
configs:
|
|
||||||
stackstorage:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
services:
|
|
||||||
dockerstorage:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/docker_config
|
|
||||||
- CRON_SCHEDULE=*/1 * * * *
|
|
||||||
configs:
|
|
||||||
- source: stackstorage
|
|
||||||
target: /root/.config/rclone/rclone.conf
|
|
||||||
volumes:
|
|
||||||
- docker_config:/backup
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints: [node.labels.isDNS == false]
|
|
||||||
|
|
||||||
# repositories:
|
|
||||||
# image: registry.vbchaos.nl/rclone:arm64
|
|
||||||
# environment:
|
|
||||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/repositories
|
|
||||||
# - CRON_SCHEDULE=0 1-23/4 * * *
|
|
||||||
# configs:
|
|
||||||
# - source: stackstorage
|
|
||||||
# target: /config/rclone.conf
|
|
||||||
# volumes:
|
|
||||||
# - repo:/backup
|
|
||||||
# deploy:
|
|
||||||
# mode: replicated
|
|
||||||
# replicas: 1
|
|
||||||
|
|
||||||
# nc_storage:
|
|
||||||
# image: registry.vbchaos.nl/rclone:arm64
|
|
||||||
# environment:
|
|
||||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/nextcloud
|
|
||||||
# - CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
# configs:
|
|
||||||
# - source: stackstorage
|
|
||||||
# target: /config/rclone.conf
|
|
||||||
# volumes:
|
|
||||||
# - nc_storage:/backup
|
|
||||||
# deploy:
|
|
||||||
# mode: replicated
|
|
||||||
# replicas: 1
|
|
||||||
|
|
||||||
# bands:
|
|
||||||
# image: registry.vbchaos.nl/rclone:arm64
|
|
||||||
# environment:
|
|
||||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/bands
|
|
||||||
# - CRON_SCHEDULE=0 3-23/4 * * *
|
|
||||||
# configs:
|
|
||||||
# - source: stackstorage
|
|
||||||
# target: /config/rclone.conf
|
|
||||||
# volumes:
|
|
||||||
# - bands:/backup
|
|
||||||
# deploy:
|
|
||||||
# mode: replicated
|
|
||||||
# replicas: 1
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
docker stack deploy -c docker-compose.yml --with-registry-auth backup
|
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
cadvisor:
|
|
||||||
user: "0:0"
|
|
||||||
image: zcube/cadvisor:latest
|
|
||||||
hostname: '{{.Node.ID}}'
|
|
||||||
command: -logtostderr -docker_only -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influx:8086
|
|
||||||
volumes:
|
|
||||||
- /:/rootfs:ro
|
|
||||||
- /var/run:/var/run:rw
|
|
||||||
- /sys:/sys:ro
|
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
||||||
- /var/lib/docker/:/var/lib/docker:ro
|
|
||||||
- /dev/disk/:/dev/disk:ro
|
|
||||||
ports:
|
|
||||||
- 8081:8080
|
|
||||||
deploy:
|
|
||||||
mode: global
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
gitea_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/gitea
|
|
||||||
|
|
||||||
gitea_repository:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/repositories/git
|
|
||||||
|
|
||||||
services:
|
|
||||||
server:
|
|
||||||
image: gitea/gitea
|
|
||||||
container_name: gitea
|
|
||||||
volumes:
|
|
||||||
- gitea_data:/data
|
|
||||||
- gitea_repository:/data/git/repo
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
ports:
|
|
||||||
- "3000:3000"
|
|
||||||
- "222:22"
|
|
||||||
|
|
||||||
@@ -1,75 +0,0 @@
|
|||||||
version: '3.8'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
prometheus_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/grafana_prometheus_data
|
|
||||||
|
|
||||||
grafana_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/grafana/grafana
|
|
||||||
|
|
||||||
loki_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/grafana/loki
|
|
||||||
|
|
||||||
configs:
|
|
||||||
prometheus_config:
|
|
||||||
external: true
|
|
||||||
grafana_config:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
# loki:
|
|
||||||
# image: grafana/loki:2.6.1
|
|
||||||
# user: "0:0"
|
|
||||||
# volumes:
|
|
||||||
# - loki_data:/loki
|
|
||||||
# ports:
|
|
||||||
# - "3100:3100"
|
|
||||||
# command: -config.file=/etc/loki/local-config.yaml
|
|
||||||
|
|
||||||
# promtail:
|
|
||||||
# image: grafana/promtail:2.6.1
|
|
||||||
# user: "0:0"
|
|
||||||
# volumes:
|
|
||||||
# - /var/log:/var/log
|
|
||||||
# command: -config.file=/etc/promtail/config.yml
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
user: "0:0"
|
|
||||||
hostname: prometheus
|
|
||||||
image: prom/prometheus
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Berlin #change Time Zone if needed
|
|
||||||
configs:
|
|
||||||
- source: prometheus_config
|
|
||||||
target: /etc/prometheus/prometheus.yml
|
|
||||||
volumes:
|
|
||||||
- prometheus_data:/prometheus
|
|
||||||
command:
|
|
||||||
- '--config.file=/etc/prometheus/prometheus.yml'
|
|
||||||
ports:
|
|
||||||
- 9090:9090
|
|
||||||
|
|
||||||
grafana:
|
|
||||||
user: "0:0"
|
|
||||||
hostname: grafana
|
|
||||||
image: grafana/grafana
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Amsterdam
|
|
||||||
configs:
|
|
||||||
- source: grafana_config
|
|
||||||
target: /etc/grafana/grafana.ini
|
|
||||||
volumes:
|
|
||||||
- grafana_data:/var/lib/grafana
|
|
||||||
ports:
|
|
||||||
- 3300:3000
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
# docker-compose.yaml
|
|
||||||
version: '3.8'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
jenkins_home:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/jenkins/home
|
|
||||||
jenkins_certs:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/jenkins/certs
|
|
||||||
|
|
||||||
services:
|
|
||||||
jenkins:
|
|
||||||
image: registry.vbchaos.nl/jenkins-docker
|
|
||||||
ports:
|
|
||||||
- 8080:8080
|
|
||||||
- 50000:50000
|
|
||||||
# environment:
|
|
||||||
# - DOCKER_CERT_PATH=/certs/client
|
|
||||||
# - DOCKER_TLS_VERIFY=1
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- "node.labels.highperformance==YES"
|
|
||||||
volumes:
|
|
||||||
- jenkins_home:/var/jenkins_home
|
|
||||||
# - jenkins_certs:/certs/client
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,37 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
magicmirror_config:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/magicmirror/config
|
|
||||||
|
|
||||||
magicmirror_modules:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/magicmirror/modules
|
|
||||||
|
|
||||||
magicmirror_css:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/magicmirror/css
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
magicmirror:
|
|
||||||
container_name: mm
|
|
||||||
image: karsten13/magicmirror:latest
|
|
||||||
ports:
|
|
||||||
- "8083:8080"
|
|
||||||
volumes:
|
|
||||||
- magicmirror_config:/opt/magic_mirror/config
|
|
||||||
- magicmirror_modules:/opt/magic_mirror/modules
|
|
||||||
- magicmirror_css:/opt/magic_mirror/css
|
|
||||||
restart: unless-stopped
|
|
||||||
command:
|
|
||||||
- npm
|
|
||||||
- run
|
|
||||||
- server
|
|
||||||
@@ -1,115 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
nchome:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home
|
|
||||||
ncdb:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database
|
|
||||||
ncdata:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: mariadb:10.6
|
|
||||||
restart: always
|
|
||||||
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
|
||||||
volumes:
|
|
||||||
- ncdb:/var/lib/mysql:Z
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=rootpw
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
|
|
||||||
aio-imaginary:
|
|
||||||
image: nextcloud/aio-imaginary:latest
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- PORT=9000
|
|
||||||
ports:
|
|
||||||
- 9999:9000
|
|
||||||
command: -concurrency 50 -enable-url-source
|
|
||||||
|
|
||||||
nextcloud:
|
|
||||||
build:
|
|
||||||
context: ./nc-fpm
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
links:
|
|
||||||
- db
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z
|
|
||||||
- ncdata:/var/www/html/data
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Fearium:/ex_storage/bands/fearium
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Breakpoint9:/ex_storage/bands/breakpointnine
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/music:/ex_storage/music
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/video:/ex_storage/video
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/repositories:/ex_storage/repositories
|
|
||||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/hwsw:/ex_storage/hwsw
|
|
||||||
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_HOST=db
|
|
||||||
- REDIS_HOST=redis
|
|
||||||
|
|
||||||
nginx:
|
|
||||||
build:
|
|
||||||
context: ./nginx
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- 8888:80
|
|
||||||
links:
|
|
||||||
- nextcloud
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z,ro
|
|
||||||
|
|
||||||
redis:
|
|
||||||
build:
|
|
||||||
context: ./redis
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
cron:
|
|
||||||
build:
|
|
||||||
context: ./nc-fpm
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z
|
|
||||||
- ncdata:/var/www/html/data
|
|
||||||
environment:
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_HOST=db
|
|
||||||
- REDIS_HOST=redis
|
|
||||||
entrypoint: /cron.sh
|
|
||||||
depends_on:
|
|
||||||
- nextcloud
|
|
||||||
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
FROM nextcloud:fpm
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
RUN apt update \
|
|
||||||
&& apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \
|
|
||||||
&& apt clean
|
|
||||||
|
|
||||||
# Add custom cron job for previews
|
|
||||||
RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
#FROM nginx:alpine
|
|
||||||
FROM nginx:bullseye
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
|
|
||||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data
|
|
||||||
|
|
||||||
COPY nginx.conf /etc/nginx/nginx.conf
|
|
||||||
@@ -1,175 +0,0 @@
|
|||||||
user www-data;
|
|
||||||
worker_processes auto;
|
|
||||||
|
|
||||||
error_log /var/log/nginx/error.log warn;
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
http {
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
|
|
||||||
sendfile on;
|
|
||||||
#tcp_nopush on;
|
|
||||||
|
|
||||||
# Prevent nginx HTTP Server Detection
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
keepalive_timeout 65;
|
|
||||||
|
|
||||||
#gzip on;
|
|
||||||
|
|
||||||
upstream php-handler {
|
|
||||||
server nextcloud:9000;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
# HSTS settings
|
|
||||||
# WARNING: Only add the preload option once you read about
|
|
||||||
# the consequences in https://hstspreload.org/. This option
|
|
||||||
# will add the domain to a hardcoded list that is shipped
|
|
||||||
# in all major browsers and getting removed from this list
|
|
||||||
# could take several months.
|
|
||||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
|
||||||
|
|
||||||
# set max upload size
|
|
||||||
client_max_body_size 512M;
|
|
||||||
fastcgi_buffers 64 4K;
|
|
||||||
|
|
||||||
# Enable gzip but do not remove ETag headers
|
|
||||||
gzip on;
|
|
||||||
gzip_vary on;
|
|
||||||
gzip_comp_level 4;
|
|
||||||
gzip_min_length 256;
|
|
||||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
|
||||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
|
||||||
|
|
||||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
|
||||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
|
||||||
#pagespeed off;
|
|
||||||
|
|
||||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header X-Download-Options "noopen" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
||||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
|
|
||||||
# Remove X-Powered-By, which is an information leak
|
|
||||||
fastcgi_hide_header X-Powered-By;
|
|
||||||
|
|
||||||
# Path to the root of your installation
|
|
||||||
root /var/www/html;
|
|
||||||
|
|
||||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
|
||||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
|
||||||
# when a client requests a path that corresponds to a directory that exists
|
|
||||||
# on the server. In particular, if that directory contains an index.php file,
|
|
||||||
# that file is correctly served; if it doesn't, then the request is passed to
|
|
||||||
# the front-end controller. This consistent behaviour means that we don't need
|
|
||||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
|
||||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
|
||||||
# `try_files $uri $uri/ /index.php$request_uri`
|
|
||||||
# always provides the desired behaviour.
|
|
||||||
index index.php index.html /index.php$request_uri;
|
|
||||||
|
|
||||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
|
||||||
location = / {
|
|
||||||
if ( $http_user_agent ~ ^DavClnt ) {
|
|
||||||
return 302 /remote.php/webdav/$is_args$args;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /robots.txt {
|
|
||||||
allow all;
|
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Make a regex exception for `/.well-known` so that clients can still
|
|
||||||
# access it despite the existence of the regex rule
|
|
||||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
|
||||||
# for `/.well-known`.
|
|
||||||
location ^~ /.well-known {
|
|
||||||
# The rules in this block are an adaptation of the rules
|
|
||||||
# in `.htaccess` that concern `/.well-known`.
|
|
||||||
|
|
||||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
|
||||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
|
||||||
|
|
||||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
|
||||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
|
||||||
|
|
||||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
|
||||||
# requests by passing them to the front-end controller.
|
|
||||||
return 301 /index.php$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
|
||||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
|
||||||
|
|
||||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
|
||||||
# which handle static assets (as seen below). If this block is not declared first,
|
|
||||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
|
||||||
location ~ \.php(?:$|/) {
|
|
||||||
# Required for legacy support
|
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
set $path_info $fastcgi_path_info;
|
|
||||||
|
|
||||||
try_files $fastcgi_script_name =404;
|
|
||||||
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $path_info;
|
|
||||||
#fastcgi_param HTTPS on;
|
|
||||||
|
|
||||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
|
||||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
|
||||||
fastcgi_pass php-handler;
|
|
||||||
|
|
||||||
fastcgi_intercept_errors on;
|
|
||||||
fastcgi_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.(?:css|js|svg|gif)$ {
|
|
||||||
try_files $uri /index.php$request_uri;
|
|
||||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
|
||||||
access_log off; # Optional: Don't log access to assets
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.woff2?$ {
|
|
||||||
try_files $uri /index.php$request_uri;
|
|
||||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
|
||||||
access_log off; # Optional: Don't log access to assets
|
|
||||||
}
|
|
||||||
|
|
||||||
# Rule borrowed from `.htaccess`
|
|
||||||
location /remote {
|
|
||||||
return 301 /remote.php$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
FROM redis:latest
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache
|
|
||||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate
|
|
||||||
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
node-exporter:
|
|
||||||
image: prom/node-exporter:latest
|
|
||||||
deploy:
|
|
||||||
mode: global
|
|
||||||
volumes:
|
|
||||||
- /proc:/host/proc:ro
|
|
||||||
- /sys:/host/sys:ro
|
|
||||||
- /:/rootfs:ro
|
|
||||||
command:
|
|
||||||
- '--path.procfs=/host/proc'
|
|
||||||
- '--path.rootfs=/rootfs'
|
|
||||||
- '--path.sysfs=/host/sys'
|
|
||||||
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
|
||||||
ports:
|
|
||||||
- "9100:9100"
|
|
||||||
|
|
||||||
@@ -1,133 +0,0 @@
|
|||||||
version: '3.5'
|
|
||||||
|
|
||||||
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
|
|
||||||
#
|
|
||||||
# Note:
|
|
||||||
# - Hardware transcoding is only available for sponsors due to the high maintenance and support effort.
|
|
||||||
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
|
|
||||||
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
|
|
||||||
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
|
|
||||||
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
|
|
||||||
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
|
|
||||||
# https://docs.photoprism.app/getting-started/proxies/traefik/
|
|
||||||
#
|
|
||||||
# Setup Guides:
|
|
||||||
# - https://docs.photoprism.app/getting-started/docker-compose/
|
|
||||||
# - https://docs.photoprism.app/getting-started/raspberry-pi/
|
|
||||||
#
|
|
||||||
# Troubleshooting Checklists:
|
|
||||||
# - https://docs.photoprism.app/getting-started/troubleshooting/
|
|
||||||
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
|
|
||||||
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
|
|
||||||
#
|
|
||||||
# CLI Commands:
|
|
||||||
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
|
|
||||||
#
|
|
||||||
# All commands may have to be prefixed with "sudo" when not running as root.
|
|
||||||
# This will point the home directory srtcut ~ to /root in volume mounts.
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
photoprismdatabase:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
o: bind
|
|
||||||
type: none
|
|
||||||
device: /srv/dev-disk-by-uuid-f3ca381b-e85a-4348-8086-833317c5d96e/dockerstorage/photoprism/database
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
photoprism:
|
|
||||||
## Use photoprism/photoprism:preview for testing preview builds:
|
|
||||||
image: photoprism/photoprism:latest
|
|
||||||
depends_on:
|
|
||||||
- mariadb
|
|
||||||
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
|
|
||||||
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
|
|
||||||
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
|
||||||
# restart: unless-stopped
|
|
||||||
security_opt:
|
|
||||||
- seccomp:unconfined
|
|
||||||
- apparmor:unconfined
|
|
||||||
ports:
|
|
||||||
- "2342:2342" # HTTP port (host:container)
|
|
||||||
environment:
|
|
||||||
PHOTOPRISM_ADMIN_USER: "admin" # superadmin username
|
|
||||||
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial superadmin password (minimum 8 characters)
|
|
||||||
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
|
|
||||||
PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
|
|
||||||
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
|
|
||||||
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
|
|
||||||
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
|
|
||||||
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
|
|
||||||
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
|
|
||||||
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
|
|
||||||
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
|
|
||||||
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
|
|
||||||
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
|
|
||||||
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
|
|
||||||
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
|
|
||||||
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files
|
|
||||||
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance)
|
|
||||||
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
|
|
||||||
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
|
|
||||||
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
|
|
||||||
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
|
|
||||||
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
|
||||||
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
|
||||||
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
|
||||||
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
|
||||||
PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password
|
|
||||||
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
|
|
||||||
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
|
|
||||||
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
|
|
||||||
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
|
|
||||||
# PHOTOPRISM_INIT: "https gpu tensorflow"
|
|
||||||
## Hardware Video Transcoding:
|
|
||||||
# PHOTOPRISM_FFMPEG_ENCODER: "software" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry")
|
|
||||||
# PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
|
|
||||||
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
|
||||||
# PHOTOPRISM_UID: 1000
|
|
||||||
# PHOTOPRISM_GID: 1000
|
|
||||||
# PHOTOPRISM_UMASK: 0000
|
|
||||||
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
|
||||||
# user: "1000:1000"
|
|
||||||
## Share hardware devices with FFmpeg and TensorFlow (optional):
|
|
||||||
# devices:
|
|
||||||
# - "/dev/dri:/dev/dri" # Intel QSV
|
|
||||||
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
|
|
||||||
# - "/dev/nvidiactl:/dev/nvidiactl"
|
|
||||||
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
|
|
||||||
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
|
|
||||||
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
|
|
||||||
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
|
|
||||||
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
|
|
||||||
working_dir: "/photoprism" # do not change or remove
|
|
||||||
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
|
|
||||||
volumes:
|
|
||||||
# "/host/folder:/photoprism/folder" # Example
|
|
||||||
- "./Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
|
|
||||||
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
|
|
||||||
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
|
|
||||||
- "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
|
|
||||||
|
|
||||||
## Database Server (recommended)
|
|
||||||
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
|
|
||||||
mariadb:
|
|
||||||
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
|
|
||||||
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
|
||||||
restart: unless-stopped
|
|
||||||
image: mariadb:10.10
|
|
||||||
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
|
|
||||||
- seccomp:unconfined
|
|
||||||
- apparmor:unconfined
|
|
||||||
command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
||||||
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
|
|
||||||
volumes:
|
|
||||||
- photoprismdatabase:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
MARIADB_AUTO_UPGRADE: "1"
|
|
||||||
MARIADB_INITDB_SKIP_TZINFO: "1"
|
|
||||||
MARIADB_DATABASE: "photoprism"
|
|
||||||
MARIADB_USER: "photoprism"
|
|
||||||
MARIADB_PASSWORD: "insecure"
|
|
||||||
MARIADB_ROOT_PASSWORD: "insecure"
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
zrsyd9l35vf8qz3s
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
Version: 221118-e58fee0fb-Linux-ARM64
|
|
||||||
Key: 7b51906306b5aba668e0beda443a2c57cbe239f5
|
|
||||||
Secret: 13bb44da3f919c04a89439bf157d8631
|
|
||||||
Session: 6a58a5ba0432511981b0ddb0bbe44e5cd636a0b4ceeae537f17379cb2b7d86a33e6471c87b587c26008b9500995e153ffca4e9e2a9fd077484bd5ee63b1a032d6e71d8bec4764591f117230732ebf49f6ad801d58b0b84250c22dbd7460e4829ff
|
|
||||||
Status: ce
|
|
||||||
Serial: zrsyd9l35vf8qz3s
|
|
||||||
@@ -1,62 +0,0 @@
|
|||||||
UI:
|
|
||||||
Scrollbar: true
|
|
||||||
Zoom: false
|
|
||||||
Theme: default
|
|
||||||
Language: en
|
|
||||||
TimeZone: ""
|
|
||||||
Search:
|
|
||||||
BatchSize: 0
|
|
||||||
Maps:
|
|
||||||
Animate: 0
|
|
||||||
Style: ""
|
|
||||||
Features:
|
|
||||||
Account: true
|
|
||||||
Advanced: false
|
|
||||||
Albums: true
|
|
||||||
Archive: true
|
|
||||||
Delete: false
|
|
||||||
Download: true
|
|
||||||
Edit: true
|
|
||||||
Estimates: true
|
|
||||||
Favorites: true
|
|
||||||
Files: true
|
|
||||||
Folders: true
|
|
||||||
Import: true
|
|
||||||
Labels: true
|
|
||||||
Library: true
|
|
||||||
Logs: true
|
|
||||||
Moments: true
|
|
||||||
People: true
|
|
||||||
Places: true
|
|
||||||
Private: true
|
|
||||||
Ratings: true
|
|
||||||
Reactions: true
|
|
||||||
Review: true
|
|
||||||
Search: true
|
|
||||||
Services: true
|
|
||||||
Settings: true
|
|
||||||
Share: true
|
|
||||||
Upload: true
|
|
||||||
Videos: true
|
|
||||||
Import:
|
|
||||||
Path: /
|
|
||||||
Move: false
|
|
||||||
Index:
|
|
||||||
Path: /
|
|
||||||
Convert: true
|
|
||||||
Rescan: false
|
|
||||||
SkipArchived: false
|
|
||||||
Stack:
|
|
||||||
UUID: true
|
|
||||||
Meta: true
|
|
||||||
Name: false
|
|
||||||
Share:
|
|
||||||
Title: ""
|
|
||||||
Download:
|
|
||||||
Name: file
|
|
||||||
Disabled: false
|
|
||||||
Originals: true
|
|
||||||
MediaRaw: false
|
|
||||||
MediaSidecar: false
|
|
||||||
Templates:
|
|
||||||
Default: index.gohtml
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
zrsyd9l35vf8qz3s
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
version: '3.3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
pihole-exporter:
|
|
||||||
image: ekofr/pihole-exporter:latest
|
|
||||||
# image: remiflandrois/pihole-exporter:latest
|
|
||||||
container_name: pihole_exporter
|
|
||||||
ports:
|
|
||||||
- 9617:9617
|
|
||||||
environment:
|
|
||||||
PIHOLE_HOSTNAME: 192.168.1.8
|
|
||||||
PIHOLE_PORT: 80
|
|
||||||
PIHOLE_PASSWORD: 14Mai1984
|
|
||||||
INTERVAL: 5s
|
|
||||||
PORT: 9617
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,40 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/proxymanager/data
|
|
||||||
|
|
||||||
letsencrypt:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/proxymanager/letsencrypt
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: 'jc21/nginx-proxy-manager:latest'
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
# These ports are in format <host-port>:<container-port>
|
|
||||||
- '80:80' # Public HTTP Port
|
|
||||||
- '443:443' # Public HTTPS Port
|
|
||||||
- '81:81' # Admin Web Port
|
|
||||||
# Add any other Stream port you want to expose
|
|
||||||
# - '21:21' # FTP
|
|
||||||
|
|
||||||
# Uncomment the next line if you uncomment anything in the section
|
|
||||||
# environment:
|
|
||||||
# Uncomment this if you want to change the location of
|
|
||||||
# the SQLite DB file within the container
|
|
||||||
# DB_SQLITE_FILE: "/data/database.sqlite"
|
|
||||||
|
|
||||||
# Uncomment this if IPv6 is not enabled on your host
|
|
||||||
# DISABLE_IPV6: 'true'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- data:/data
|
|
||||||
- letsencrypt:/etc/letsencrypt
|
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
registrystorage:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/registry
|
|
||||||
registryauth:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/dockerstorage/registry/auth
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
registry:
|
|
||||||
image: registry:2
|
|
||||||
volumes:
|
|
||||||
- registryauth:/auth
|
|
||||||
- registrystorage:/var/lib/registry
|
|
||||||
environment:
|
|
||||||
- REGISTRY_STORAGE_DELETE_ENABLED=true
|
|
||||||
- REGISTRY_AUTH=htpasswd
|
|
||||||
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
|
|
||||||
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
|
|
||||||
- VIRTUAL_HOST=registry.vbchaos.nl
|
|
||||||
- VIRTUAL_PORT=5000
|
|
||||||
- VIRTUAL_PROTO=http
|
|
||||||
ports:
|
|
||||||
- '5000:5000'
|
|
||||||
|
|
||||||
registrybrowser:
|
|
||||||
image: klausmeyer/docker-registry-browser
|
|
||||||
ports:
|
|
||||||
- 8082:8080
|
|
||||||
environment:
|
|
||||||
- 'DOCKER_REGISTRY_URL=http://maurice:5000'
|
|
||||||
# - 'DOCKER_REGISTRY_URL=https://registry.vbchaos.nl'
|
|
||||||
- 'PUBLIC_REGISTRY_URL=registry.vbchaos.nl'
|
|
||||||
- 'NO_SSL_VERIFICATION=true'
|
|
||||||
- 'ENABLE_DELETE_IMAGES=true'
|
|
||||||
@@ -1,36 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
nginx_conf:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/swarm/stacks/reverseproxy/nginx
|
|
||||||
certbot_conf:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/swarm/stacks/reverseproxy/certbot_conf
|
|
||||||
certificates:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
nginx:
|
|
||||||
image: nginx:1.15-alpine
|
|
||||||
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- nginx_conf:/etc/nginx/conf.d
|
|
||||||
- certbot_conf:/etc/letsencrypt
|
|
||||||
- ./data/certbot/www:/var/www/certbot
|
|
||||||
certbot:
|
|
||||||
image: certbot/certbot:arm64v8-v1.32.2
|
|
||||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
|
||||||
volumes:
|
|
||||||
- certbot_conf:/etc/letsencrypt
|
|
||||||
# - certificates:/etc/letsencrypt/live
|
|
||||||
- ./data/certbot/www:/var/www/certbot
|
|
||||||
@@ -1,83 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if ! [ -x "$(command -v docker-compose)" ]; then
|
|
||||||
echo 'Error: docker-compose is not installed.' >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
domains=(vbchaos.ddns.net)
|
|
||||||
rsa_key_size=4096
|
|
||||||
data_path="./certbot_data"
|
|
||||||
email="matthias.mitscherlich@gmail.com" # Adding a valid address is strongly recommended
|
|
||||||
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
|
|
||||||
|
|
||||||
if [ -d "$data_path" ]; then
|
|
||||||
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
|
|
||||||
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
|
|
||||||
echo "### Downloading recommended TLS parameters ..."
|
|
||||||
mkdir -p "$data_path/conf"
|
|
||||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
|
||||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "### Creating dummy certificate for $domains ..."
|
|
||||||
path="/etc/letsencrypt/live/$domains"
|
|
||||||
mkdir -p "$data_path/conf/live/$domains"
|
|
||||||
docker-compose run --rm --entrypoint "\
|
|
||||||
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
|
|
||||||
-keyout '$path/privkey.pem' \
|
|
||||||
-out '$path/fullchain.pem' \
|
|
||||||
-subj '/CN=localhost'" certbot
|
|
||||||
echo
|
|
||||||
|
|
||||||
|
|
||||||
echo "### Starting nginx ..."
|
|
||||||
docker-compose up --force-recreate -d nginx
|
|
||||||
echo
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
echo "### Deleting dummy certificate for $domains ..."
|
|
||||||
docker-compose run --rm --entrypoint "\
|
|
||||||
rm -Rf /etc/letsencrypt/live/$domains && \
|
|
||||||
rm -Rf /etc/letsencrypt/archive/$domains && \
|
|
||||||
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
|
|
||||||
echo
|
|
||||||
|
|
||||||
# exit 1
|
|
||||||
|
|
||||||
echo "### Requesting Let's Encrypt certificate for $domains ..."
|
|
||||||
#Join $domains to -d args
|
|
||||||
domain_args=""
|
|
||||||
for domain in "${domains[@]}"; do
|
|
||||||
domain_args="$domain_args -d $domain"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Select appropriate email arg
|
|
||||||
case "$email" in
|
|
||||||
"") email_arg="--register-unsafely-without-email" ;;
|
|
||||||
*) email_arg="--email $email" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Enable staging mode if needed
|
|
||||||
if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
|
||||||
|
|
||||||
docker-compose run --rm --entrypoint "\
|
|
||||||
certbot certonly --webroot -w /var/www/certbot \
|
|
||||||
$staging_arg \
|
|
||||||
$email_arg \
|
|
||||||
$domain_args \
|
|
||||||
--rsa-key-size $rsa_key_size \
|
|
||||||
--agree-tos \
|
|
||||||
--force-renewal" certbot
|
|
||||||
echo
|
|
||||||
|
|
||||||
echo "### Reloading nginx ..."
|
|
||||||
docker-compose exec nginx nginx -s reload
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
swag_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/swag
|
|
||||||
|
|
||||||
services:
|
|
||||||
swag:
|
|
||||||
image: lscr.io/linuxserver/swag:latest
|
|
||||||
container_name: swag
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=100
|
|
||||||
- TZ=Etc/UTC
|
|
||||||
- URL=vbchaos.nl
|
|
||||||
- VALIDATION=http
|
|
||||||
- SUBDOMAINS=nc,git,grafana,registry,registrybrowser,omv
|
|
||||||
- CERTPROVIDER= #optional
|
|
||||||
- DNSPLUGIN=cloudflare #optional
|
|
||||||
- PROPAGATION= #optional
|
|
||||||
- EMAIL= matthias.mitscherlich@gmail.com
|
|
||||||
- ONLY_SUBDOMAINS=false #optional
|
|
||||||
- EXTRA_DOMAINS= #optional
|
|
||||||
- STAGING=false #optional
|
|
||||||
volumes:
|
|
||||||
- swag_data:/config
|
|
||||||
ports:
|
|
||||||
- 443:443
|
|
||||||
- 81:80 #optional
|
|
||||||
restart: unless-stopped
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
tado-exporter:
|
|
||||||
user: "1000:1000"
|
|
||||||
image: registry.vbchaos.nl/tado-exporter:arm64
|
|
||||||
hostname: tado-exporter
|
|
||||||
|
|
||||||
environment:
|
|
||||||
EXPORTER_USERNAME: matthias.mitscherlich@gmail.com
|
|
||||||
EXPORTER_PASSWORD: 14Mai1984
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- "9898:9898"
|
|
||||||
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
docker stack deploy -c docker-compose.yml --with-registry-auth tado-exporter
|
|
||||||
@@ -18,8 +18,10 @@ services:
|
|||||||
image: gitea/gitea
|
image: gitea/gitea
|
||||||
container_name: gitea
|
container_name: gitea
|
||||||
volumes:
|
volumes:
|
||||||
- gitea_data:/data
|
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/gitea:/data
|
||||||
- gitea_repository:/data/git/repo
|
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories/git:/data/git/repo
|
||||||
|
# - gitea_data:/data
|
||||||
|
# - gitea_repository:/data/git/repo
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
@@ -1,12 +1,5 @@
|
|||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
volumes:
|
|
||||||
swag_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/swag
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
swag:
|
swag:
|
||||||
image: lscr.io/linuxserver/swag:latest
|
image: lscr.io/linuxserver/swag:latest
|
||||||
@@ -19,7 +12,7 @@ services:
|
|||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
- URL=vbchaos.nl
|
- URL=vbchaos.nl
|
||||||
- VALIDATION=http
|
- VALIDATION=http
|
||||||
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn
|
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden
|
||||||
- CERTPROVIDER= #optional
|
- CERTPROVIDER= #optional
|
||||||
- DNSPLUGIN=cloudflare #optional
|
- DNSPLUGIN=cloudflare #optional
|
||||||
- PROPAGATION= #optional
|
- PROPAGATION= #optional
|
||||||
@@ -28,7 +21,6 @@ services:
|
|||||||
- EXTRA_DOMAINS= #optional
|
- EXTRA_DOMAINS= #optional
|
||||||
- STAGING=false #optional
|
- STAGING=false #optional
|
||||||
volumes:
|
volumes:
|
||||||
# - swag_data:/config
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/swag:/config
|
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/swag:/config
|
||||||
ports:
|
ports:
|
||||||
- 443:443
|
- 443:443
|
||||||
|
|||||||
@@ -0,0 +1,34 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
vaultwarden:
|
||||||
|
container_name: vaultwarden
|
||||||
|
image: vaultwarden/server:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/
|
||||||
|
ports:
|
||||||
|
- 5555:80
|
||||||
|
environment:
|
||||||
|
- DOMAIN=https://vaultwarden.vbchaos.nl
|
||||||
|
- LOGIN_RATELIMIT_MAX_BURST=10
|
||||||
|
- LOGIN_RATELIMIT_SECONDS=60
|
||||||
|
- ADMIN_RATELIMIT_MAX_BURST=10
|
||||||
|
- ADMIN_RATELIMIT_SECONDS=2
|
||||||
|
- ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM
|
||||||
|
- SENDS_ALLOWED=true
|
||||||
|
- EMERGENCY_ACCESS_ALLOWED=true
|
||||||
|
- WEB_VAULT_ENABLED=true
|
||||||
|
- SIGNUPS_ALLOWED=false
|
||||||
|
- SIGNUPS_VERIFY=true
|
||||||
|
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
||||||
|
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
||||||
|
- SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl
|
||||||
|
- SMTP_HOST=smtp.gmail.com
|
||||||
|
- SMTP_FROM=vaultwarden@vbchaos.nl
|
||||||
|
- SMTP_FROM_NAME=Vaultwarden
|
||||||
|
- SMTP_SECURITY=starttls
|
||||||
|
- SMTP_PORT=587
|
||||||
|
- SMTP_USERNAME=matthias.mitscherlich@gmail.com
|
||||||
|
- SMTP_PASSWORD=oomgyoiqepsqaikn
|
||||||
|
- SMTP_AUTH_MECHANISM="Login"
|
||||||
Reference in New Issue
Block a user