Added vaultwarden and removed old compose directory

Also updated gitea to use no NFS and added vaultwarden to swag
This commit is contained in:
2024-08-16 12:15:48 +02:00
parent bb096004f5
commit 273a7480ec
30 changed files with 39 additions and 1113 deletions
-88
View File
@@ -1,88 +0,0 @@
version: '3.8'
volumes:
docker_config:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config
repo:
driver_opts:
type: nfs
o: addr=maurice,nfsvers=4
device: :/repositories
nc_storage:
driver_opts:
type: nfs
o: addr=maurice,nfsvers=4
device: :/nextcloud
bands:
driver_opts:
type: nfs
o: addr=maurice,nfsvers=4
device: :/bands
configs:
stackstorage:
external: true
services:
dockerstorage:
image: registry.vbchaos.nl/rclone
environment:
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/docker_config
- CRON_SCHEDULE=*/1 * * * *
configs:
- source: stackstorage
target: /root/.config/rclone/rclone.conf
volumes:
- docker_config:/backup
deploy:
placement:
constraints: [node.labels.isDNS == false]
# repositories:
# image: registry.vbchaos.nl/rclone:arm64
# environment:
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/repositories
# - CRON_SCHEDULE=0 1-23/4 * * *
# configs:
# - source: stackstorage
# target: /config/rclone.conf
# volumes:
# - repo:/backup
# deploy:
# mode: replicated
# replicas: 1
# nc_storage:
# image: registry.vbchaos.nl/rclone:arm64
# environment:
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/nextcloud
# - CRON_SCHEDULE=0 2-23/4 * * *
# configs:
# - source: stackstorage
# target: /config/rclone.conf
# volumes:
# - nc_storage:/backup
# deploy:
# mode: replicated
# replicas: 1
# bands:
# image: registry.vbchaos.nl/rclone:arm64
# environment:
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/bands
# - CRON_SCHEDULE=0 3-23/4 * * *
# configs:
# - source: stackstorage
# target: /config/rclone.conf
# volumes:
# - bands:/backup
# deploy:
# mode: replicated
# replicas: 1
-1
View File
@@ -1 +0,0 @@
docker stack deploy -c docker-compose.yml --with-registry-auth backup
-22
View File
@@ -1,22 +0,0 @@
version: "3.7"
services:
cadvisor:
user: "0:0"
image: zcube/cadvisor:latest
hostname: '{{.Node.ID}}'
command: -logtostderr -docker_only -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influx:8086
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
ports:
- 8081:8080
deploy:
mode: global
restart_policy:
condition: on-failure
-28
View File
@@ -1,28 +0,0 @@
version: "3"
volumes:
gitea_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config/gitea
gitea_repository:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/repositories/git
services:
server:
image: gitea/gitea
container_name: gitea
volumes:
- gitea_data:/data
- gitea_repository:/data/git/repo
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
-75
View File
@@ -1,75 +0,0 @@
version: '3.8'
volumes:
prometheus_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/grafana_prometheus_data
grafana_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config/grafana/grafana
loki_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config/grafana/loki
configs:
prometheus_config:
external: true
grafana_config:
external: true
services:
# loki:
# image: grafana/loki:2.6.1
# user: "0:0"
# volumes:
# - loki_data:/loki
# ports:
# - "3100:3100"
# command: -config.file=/etc/loki/local-config.yaml
# promtail:
# image: grafana/promtail:2.6.1
# user: "0:0"
# volumes:
# - /var/log:/var/log
# command: -config.file=/etc/promtail/config.yml
prometheus:
user: "0:0"
hostname: prometheus
image: prom/prometheus
environment:
- TZ=Europe/Berlin #change Time Zone if needed
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
volumes:
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
ports:
- 9090:9090
grafana:
user: "0:0"
hostname: grafana
image: grafana/grafana
environment:
- TZ=Europe/Amsterdam
configs:
- source: grafana_config
target: /etc/grafana/grafana.ini
volumes:
- grafana_data:/var/lib/grafana
ports:
- 3300:3000
-34
View File
@@ -1,34 +0,0 @@
# docker-compose.yaml
version: '3.8'
volumes:
jenkins_home:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/jenkins/home
jenkins_certs:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/jenkins/certs
services:
jenkins:
image: registry.vbchaos.nl/jenkins-docker
ports:
- 8080:8080
- 50000:50000
# environment:
# - DOCKER_CERT_PATH=/certs/client
# - DOCKER_TLS_VERIFY=1
deploy:
placement:
constraints:
- "node.labels.highperformance==YES"
volumes:
- jenkins_home:/var/jenkins_home
# - jenkins_certs:/certs/client
- /var/run/docker.sock:/var/run/docker.sock
-37
View File
@@ -1,37 +0,0 @@
version: '3'
volumes:
magicmirror_config:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/magicmirror/config
magicmirror_modules:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/magicmirror/modules
magicmirror_css:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/magicmirror/css
services:
magicmirror:
container_name: mm
image: karsten13/magicmirror:latest
ports:
- "8083:8080"
volumes:
- magicmirror_config:/opt/magic_mirror/config
- magicmirror_modules:/opt/magic_mirror/modules
- magicmirror_css:/opt/magic_mirror/css
restart: unless-stopped
command:
- npm
- run
- server
-115
View File
@@ -1,115 +0,0 @@
version: "3"
volumes:
nchome:
driver: local
driver_opts:
type: none
o: bind
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home
ncdb:
driver: local
driver_opts:
type: none
o: bind
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database
ncdata:
driver: local
driver_opts:
type: none
o: bind
device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage
services:
db:
image: mariadb:10.6
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes:
- ncdb:/var/lib/mysql:Z
environment:
- MYSQL_ROOT_PASSWORD=rootpw
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
aio-imaginary:
image: nextcloud/aio-imaginary:latest
restart: always
environment:
- PORT=9000
ports:
- 9999:9000
command: -concurrency 50 -enable-url-source
nextcloud:
build:
context: ./nc-fpm
args:
UID: ${MUID}
GID: ${MGID}
restart: always
links:
- db
volumes:
- nchome:/var/www/html:z
- ncdata:/var/www/html/data
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Fearium:/ex_storage/bands/fearium
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Breakpoint9:/ex_storage/bands/breakpointnine
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/music:/ex_storage/music
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/video:/ex_storage/video
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/repositories:/ex_storage/repositories
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/hwsw:/ex_storage/hwsw
environment:
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
nginx:
build:
context: ./nginx
args:
UID: ${MUID}
GID: ${MGID}
restart: always
ports:
- 8888:80
links:
- nextcloud
volumes:
- nchome:/var/www/html:z,ro
redis:
build:
context: ./redis
args:
UID: ${MUID}
GID: ${MGID}
restart: always
cron:
build:
context: ./nc-fpm
args:
UID: ${MUID}
GID: ${MGID}
restart: always
volumes:
- nchome:/var/www/html:z
- ncdata:/var/www/html/data
environment:
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
entrypoint: /cron.sh
depends_on:
- nextcloud
-13
View File
@@ -1,13 +0,0 @@
FROM nextcloud:fpm
ARG UID=1000
ARG GID=1000
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data
RUN usermod -u $UID -o www-data
RUN apt update \
&& apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \
&& apt clean
# Add custom cron job for previews
RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data
-11
View File
@@ -1,11 +0,0 @@
#FROM nginx:alpine
FROM nginx:bullseye
ARG UID=1000
ARG GID=1000
RUN usermod -u $UID -o www-data
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data
COPY nginx.conf /etc/nginx/nginx.conf
-175
View File
@@ -1,175 +0,0 @@
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud:9000;
}
server {
listen 80;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
-6
View File
@@ -1,6 +0,0 @@
FROM redis:latest
ARG UID=1000
ARG GID=1000
RUN usermod -u $UID -o www-data
-3
View File
@@ -1,3 +0,0 @@
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate
-19
View File
@@ -1,19 +0,0 @@
version: '3'
services:
node-exporter:
image: prom/node-exporter:latest
deploy:
mode: global
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
ports:
- "9100:9100"
-133
View File
@@ -1,133 +0,0 @@
version: '3.5'
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# Note:
# - Hardware transcoding is only available for sponsors due to the high maintenance and support effort.
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory srtcut ~ to /root in volume mounts.
volumes:
photoprismdatabase:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-f3ca381b-e85a-4348-8086-833317c5d96e/dockerstorage/photoprism/database
services:
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
depends_on:
- mariadb
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
security_opt:
- seccomp:unconfined
- apparmor:unconfined
ports:
- "2342:2342" # HTTP port (host:container)
environment:
PHOTOPRISM_ADMIN_USER: "admin" # superadmin username
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial superadmin password (minimum 8 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance)
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Hardware Video Transcoding:
# PHOTOPRISM_FFMPEG_ENCODER: "software" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry")
# PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "./Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
## Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: unless-stopped
image: mariadb:10.10
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- photoprismdatabase:/var/lib/mysql
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "insecure"
MARIADB_ROOT_PASSWORD: "insecure"
-1
View File
@@ -1 +0,0 @@
zrsyd9l35vf8qz3s
@@ -1,6 +0,0 @@
Version: 221118-e58fee0fb-Linux-ARM64
Key: 7b51906306b5aba668e0beda443a2c57cbe239f5
Secret: 13bb44da3f919c04a89439bf157d8631
Session: 6a58a5ba0432511981b0ddb0bbe44e5cd636a0b4ceeae537f17379cb2b7d86a33e6471c87b587c26008b9500995e153ffca4e9e2a9fd077484bd5ee63b1a032d6e71d8bec4764591f117230732ebf49f6ad801d58b0b84250c22dbd7460e4829ff
Status: ce
Serial: zrsyd9l35vf8qz3s
@@ -1,62 +0,0 @@
UI:
Scrollbar: true
Zoom: false
Theme: default
Language: en
TimeZone: ""
Search:
BatchSize: 0
Maps:
Animate: 0
Style: ""
Features:
Account: true
Advanced: false
Albums: true
Archive: true
Delete: false
Download: true
Edit: true
Estimates: true
Favorites: true
Files: true
Folders: true
Import: true
Labels: true
Library: true
Logs: true
Moments: true
People: true
Places: true
Private: true
Ratings: true
Reactions: true
Review: true
Search: true
Services: true
Settings: true
Share: true
Upload: true
Videos: true
Import:
Path: /
Move: false
Index:
Path: /
Convert: true
Rescan: false
SkipArchived: false
Stack:
UUID: true
Meta: true
Name: false
Share:
Title: ""
Download:
Name: file
Disabled: false
Originals: true
MediaRaw: false
MediaSidecar: false
Templates:
Default: index.gohtml
-1
View File
@@ -1 +0,0 @@
zrsyd9l35vf8qz3s
-17
View File
@@ -1,17 +0,0 @@
version: '3.3'
services:
pihole-exporter:
image: ekofr/pihole-exporter:latest
# image: remiflandrois/pihole-exporter:latest
container_name: pihole_exporter
ports:
- 9617:9617
environment:
PIHOLE_HOSTNAME: 192.168.1.8
PIHOLE_PORT: 80
PIHOLE_PASSWORD: 14Mai1984
INTERVAL: 5s
PORT: 9617
-40
View File
@@ -1,40 +0,0 @@
version: "3"
volumes:
data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/proxymanager/data
letsencrypt:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/proxymanager/letsencrypt
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
# environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- data:/data
- letsencrypt:/etc/letsencrypt
@@ -1,43 +0,0 @@
version: '3'
volumes:
registrystorage:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/registry
registryauth:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/dockerstorage/registry/auth
services:
registry:
image: registry:2
volumes:
- registryauth:/auth
- registrystorage:/var/lib/registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
- VIRTUAL_HOST=registry.vbchaos.nl
- VIRTUAL_PORT=5000
- VIRTUAL_PROTO=http
ports:
- '5000:5000'
registrybrowser:
image: klausmeyer/docker-registry-browser
ports:
- 8082:8080
environment:
- 'DOCKER_REGISTRY_URL=http://maurice:5000'
# - 'DOCKER_REGISTRY_URL=https://registry.vbchaos.nl'
- 'PUBLIC_REGISTRY_URL=registry.vbchaos.nl'
- 'NO_SSL_VERIFICATION=true'
- 'ENABLE_DELETE_IMAGES=true'
-36
View File
@@ -1,36 +0,0 @@
version: '3'
volumes:
nginx_conf:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/swarm/stacks/reverseproxy/nginx
certbot_conf:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/swarm/stacks/reverseproxy/certbot_conf
certificates:
external: true
services:
nginx:
image: nginx:1.15-alpine
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
ports:
- "80:80"
- "443:443"
volumes:
- nginx_conf:/etc/nginx/conf.d
- certbot_conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
certbot:
image: certbot/certbot:arm64v8-v1.32.2
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
- certbot_conf:/etc/letsencrypt
# - certificates:/etc/letsencrypt/live
- ./data/certbot/www:/var/www/certbot
-83
View File
@@ -1,83 +0,0 @@
#!/bin/bash
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
domains=(vbchaos.ddns.net)
rsa_key_size=4096
data_path="./certbot_data"
email="matthias.mitscherlich@gmail.com" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
# exit 1
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload
-35
View File
@@ -1,35 +0,0 @@
version: "3"
volumes:
swag_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config/swag
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=100
- TZ=Etc/UTC
- URL=vbchaos.nl
- VALIDATION=http
- SUBDOMAINS=nc,git,grafana,registry,registrybrowser,omv
- CERTPROVIDER= #optional
- DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional
- EMAIL= matthias.mitscherlich@gmail.com
- ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
volumes:
- swag_data:/config
ports:
- 443:443
- 81:80 #optional
restart: unless-stopped
-17
View File
@@ -1,17 +0,0 @@
version: '3'
services:
tado-exporter:
user: "1000:1000"
image: registry.vbchaos.nl/tado-exporter:arm64
hostname: tado-exporter
environment:
EXPORTER_USERNAME: matthias.mitscherlich@gmail.com
EXPORTER_PASSWORD: 14Mai1984
ports:
- "9898:9898"
-1
View File
@@ -1 +0,0 @@
docker stack deploy -c docker-compose.yml --with-registry-auth tado-exporter
+4 -2
View File
@@ -18,8 +18,10 @@ services:
image: gitea/gitea
container_name: gitea
volumes:
- gitea_data:/data
- gitea_repository:/data/git/repo
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/gitea:/data
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories/git:/data/git/repo
# - gitea_data:/data
# - gitea_repository:/data/git/repo
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
+1 -9
View File
@@ -1,12 +1,5 @@
version: "3"
volumes:
swag_data:
driver_opts:
type: nfs
o: addr=dockerstorage,nfsvers=4
device: :/docker_config/swag
services:
swag:
image: lscr.io/linuxserver/swag:latest
@@ -19,7 +12,7 @@ services:
- TZ=Etc/UTC
- URL=vbchaos.nl
- VALIDATION=http
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden
- CERTPROVIDER= #optional
- DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional
@@ -28,7 +21,6 @@ services:
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
volumes:
# - swag_data:/config
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/swag:/config
ports:
- 443:443
+34
View File
@@ -0,0 +1,34 @@
version: '3'
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/
ports:
- 5555:80
environment:
- DOMAIN=https://vaultwarden.vbchaos.nl
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- ADMIN_RATELIMIT_MAX_BURST=10
- ADMIN_RATELIMIT_SECONDS=2
- ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM
- SENDS_ALLOWED=true
- EMERGENCY_ACCESS_ALLOWED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=false
- SIGNUPS_VERIFY=true
- SIGNUPS_VERIFY_RESEND_TIME=3600
- SIGNUPS_VERIFY_RESEND_LIMIT=5
- SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl
- SMTP_HOST=smtp.gmail.com
- SMTP_FROM=vaultwarden@vbchaos.nl
- SMTP_FROM_NAME=Vaultwarden
- SMTP_SECURITY=starttls
- SMTP_PORT=587
- SMTP_USERNAME=matthias.mitscherlich@gmail.com
- SMTP_PASSWORD=oomgyoiqepsqaikn
- SMTP_AUTH_MECHANISM="Login"