This commit is contained in:
1
coreos-config/roles/compose_project/templates/blog/.env
Normal file
1
coreos-config/roles/compose_project/templates/blog/.env
Normal file
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=blog
|
||||
@ -0,0 +1,19 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
tobiasmanske.de:
|
||||
image: registry.tobiasmanske.de/tobiasmanske.de:latest
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.tobiasmanskede.rule=Host(`tobiasmanske.de`) || Host(`www.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.tobiasmanskede.entryPoints=websecure"
|
||||
- "traefik.http.services.tobiasmanskede.loadbalancer.server.port=80"
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
...
|
||||
1
coreos-config/roles/compose_project/templates/caddy/.env
Normal file
1
coreos-config/roles/compose_project/templates/caddy/.env
Normal file
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=caddy
|
||||
@ -0,0 +1,10 @@
|
||||
{
|
||||
auto_https off
|
||||
}
|
||||
|
||||
{% for rule in redirect.hosts %}
|
||||
http://{{ rule.from }} {
|
||||
redir https://{{ rule.to }}{uri} permanent
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
@ -0,0 +1,21 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
redirect:
|
||||
image: caddy:2
|
||||
volumes:
|
||||
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.caddyredir.rule={{ redirect.hosts | map(attribute='from') | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
|
||||
- "traefik.http.routers.caddyredir.entryPoints=websecure"
|
||||
- "traefik.http.services.caddyredir.loadbalancer.server.port=80"
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
...
|
||||
1
coreos-config/roles/compose_project/templates/diun/.env
Normal file
1
coreos-config/roles/compose_project/templates/diun/.env
Normal file
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=diun
|
||||
19
coreos-config/roles/compose_project/templates/diun/diun.yml
Normal file
19
coreos-config/roles/compose_project/templates/diun/diun.yml
Normal file
@ -0,0 +1,19 @@
|
||||
watch:
|
||||
workers: 20
|
||||
schedule: "0 */6 * * *"
|
||||
firstCheckNotif: false
|
||||
|
||||
notif:
|
||||
discord:
|
||||
webhookURL: {{ diun.discord.webhook }}
|
||||
mentions:
|
||||
- "@here"
|
||||
renderFields: true
|
||||
timeout: 10s
|
||||
templateBody: |
|
||||
{% raw %}Docker tag {{ if .Entry.Image.HubLink }}[**{{ .Entry.Image }}**]({{ .Entry.Image.HubLink }}){{ else }}**{{ .Entry.Image }}**{{ end }} which you subscribed to through {{ .Entry.Provider }} provider {{ if (eq .Entry.Status "new") }}is available{{ else }}has been updated{{ end }} on {{ .Entry.Image.Domain }} registry.
|
||||
{{ if (eq .Entry.Status "new") }}See https://github.com/jitsi/docker-jitsi-meet/releases/tag/{{ .Entry.Image.Tag }}{{ end }}{% endraw %}
|
||||
|
||||
providers:
|
||||
file:
|
||||
filename: /watch.yml
|
||||
@ -0,0 +1,22 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
diun:
|
||||
image: crazymax/diun:latest
|
||||
container_name: diun
|
||||
command: serve
|
||||
volumes:
|
||||
- "data:/data"
|
||||
- "./diun.yml:/diun.yml:ro,Z"
|
||||
- "./watch.yml:/watch.yml:ro,Z"
|
||||
environment:
|
||||
- "TZ=Europe/Berlin"
|
||||
- "LOG_LEVEL=info"
|
||||
- "LOG_JSON=false"
|
||||
restart: always
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
...
|
||||
13
coreos-config/roles/compose_project/templates/diun/watch.yml
Normal file
13
coreos-config/roles/compose_project/templates/diun/watch.yml
Normal file
@ -0,0 +1,13 @@
|
||||
- name: docker.io/jitsi/web
|
||||
watch_repo: true
|
||||
notify_on:
|
||||
- new
|
||||
include_tags:
|
||||
- ^stable-\d+
|
||||
|
||||
- name: docker.io/jetbrains/youtrack
|
||||
watch_repo: true
|
||||
notify_on:
|
||||
- new
|
||||
include_tags:
|
||||
- .*
|
||||
1
coreos-config/roles/compose_project/templates/gitea/.env
Normal file
1
coreos-config/roles/compose_project/templates/gitea/.env
Normal file
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=gitea
|
||||
@ -0,0 +1,110 @@
|
||||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
gitea:
|
||||
image: gitea/gitea:1
|
||||
container_name: gitea
|
||||
environment:
|
||||
- "USER_UID=1000"
|
||||
- "USER_GID=1000"
|
||||
- "GITEA__database__DB_TYPE=postgres"
|
||||
- "GITEA__database__HOST=db:5432"
|
||||
- "GITEA__database__NAME={{ gitea.db.name }}"
|
||||
- "GITEA__database__USER={{ gitea.db.user }}"
|
||||
- "GITEA__database__PASSWD={{ gitea.db.password }}"
|
||||
- "GITEA__webhook__ALLOWED_HOST_LIST=*.tobiasmanske.de"
|
||||
- "GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true"
|
||||
- "GITEA__service__DISABLE_REGISTRATION=true"
|
||||
restart: always
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
volumes:
|
||||
- gitea_data:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.gitea.entryPoints=websecure"
|
||||
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
|
||||
ports:
|
||||
- "7779:22"
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
|
||||
db:
|
||||
image: postgres:14
|
||||
restart: always
|
||||
environment:
|
||||
- "POSTGRES_USER={{ gitea.db.user }}"
|
||||
- "POSTGRES_PASSWORD={{ gitea.db.password }}"
|
||||
- "POSTGRES_DB={{ gitea.db.name }}"
|
||||
networks:
|
||||
- backend
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
drone:
|
||||
image: drone/drone:2
|
||||
restart: always
|
||||
environment:
|
||||
- "DRONE_GITEA_SERVER=https://git.tobiasmanske.de"
|
||||
- "DRONEC_COOKIE_SECRET={{ gitea.drone.cookie_secret }}"
|
||||
- "DRONE_GITEA_CLIENT_ID={{ gitea.drone.client_id }}"
|
||||
- "DRONE_GIT_ALWAYS_AUTH=true"
|
||||
- "DRONE_GITEA_CLIENT_SECRET={{ gitea.drone.client_secret }}"
|
||||
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
|
||||
- "DRONE_SERVER_HOST=drone.tobiasmanske.de"
|
||||
- "DRONE_SERVER_PROTO=https"
|
||||
- "DRONE_IMAGE_CLONE=openjdk:17-bullseye"
|
||||
- "DRONE_USER_CREATE=username:tobias,admin:true"
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
volumes:
|
||||
- drone_data:/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.drone.entryPoints=websecure"
|
||||
- "traefik.http.services.drone.loadbalancer.server.port=80"
|
||||
depends_on:
|
||||
- gitea
|
||||
|
||||
drone_runner:
|
||||
image: drone/drone-runner-docker:1.8
|
||||
restart: always
|
||||
privileged: true
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
|
||||
- "DRONE_RPC_HOST=drone.tobiasmanske.de"
|
||||
- "DRONE_RPC_PROTO=https"
|
||||
- "DRONE_RUNNER_CAPACITY=2"
|
||||
- "DRONE_RUNNER_NAME=docker-01"
|
||||
- "DRONE_RUNNER_CLONE_IMAGE=drone/git:linux-amd64"
|
||||
- "DRONE_RUNNER_VOLUMES=/etc/hosts:/etc/hosts"
|
||||
networks:
|
||||
- backend
|
||||
- default
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
gateway:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
gitea_data:
|
||||
drone_data:
|
||||
pg_data:
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=hedgedoc
|
||||
@ -0,0 +1,71 @@
|
||||
---
|
||||
version: '3'
|
||||
services:
|
||||
database:
|
||||
image: postgres:13-alpine
|
||||
environment:
|
||||
- POSTGRES_USER={{ hedgedoc.db.user }}
|
||||
- POSTGRES_PASSWORD={{ hedgedoc.db.password }}
|
||||
- POSTGRES_DB={{ hedgedoc.db.name }}
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
restart: always
|
||||
networks:
|
||||
- backend
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
app:
|
||||
# Make sure to use the latest release from https://hedgedoc.org/latest-release
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.3
|
||||
environment:
|
||||
- CMD_DB_URL=postgres://{{ hedgedoc.db.user }}:{{ hedgedoc.db.password }}@database:5432/{{ hedgedoc.db.name }}
|
||||
- CMD_DOMAIN=doc.tobiasmanske.de
|
||||
- CMD_ALLOW_ORIGIN=doc.tobiasmanske.de,localhost
|
||||
- CMD_CSP_ENABLE=true
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
- CMD_PROTOCOL_USE_SSL=true
|
||||
- CMD_ALLOW_EMAIL_REGISTER=false
|
||||
- CMD_ALLOW_ANONYMOUS=false
|
||||
- CMD_ALLOW_ANONYMOUS_EDITS=true
|
||||
- CMD_ALLOW_FREEURL=true
|
||||
- CMD_DEFAULT_PERMISSION=private
|
||||
- CMD_SESSION_SECRET={{ hedgedoc.cmd.session_secret }}
|
||||
- CMD_OAUTH2_CLIENT_ID={{ hedgedoc.cmd.client_id }}
|
||||
- CMD_OAUTH2_CLIENT_SECRET={{ hedgedoc.cmd.client_secret }}
|
||||
- CMD_OAUTH2_AUTHORIZATION_URL={{ hedgedoc.cmd.authorization_url }}
|
||||
- CMD_OAUTH2_TOKEN_URL={{ hedgedoc.cmd.token_url }}
|
||||
- CMD_OAUTH2_USER_PROFILE_URL={{ hedgedoc.cmd.user_profile_url }}
|
||||
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
||||
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
||||
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
||||
- CMD_OAUTH2_PROVIDERNAME=Keycloak
|
||||
volumes:
|
||||
- uploads:/hedgedoc/public/uploads
|
||||
restart: always
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.hedgedoc.entryPoints=websecure"
|
||||
- "traefik.http.services.hedgedoc.loadbalancer.server.port=3000"
|
||||
- "com.centurylinklabs.watchtower.scope=update"
|
||||
depends_on:
|
||||
database:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
|
||||
volumes:
|
||||
database:
|
||||
uploads:
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
backend:
|
||||
internal: true
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=keycloak
|
||||
@ -0,0 +1,58 @@
|
||||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:14
|
||||
restart: always
|
||||
environment:
|
||||
- "POSTGRES_DB={{ auth.db.name }}"
|
||||
- "POSTGRES_USER={{ auth.db.user }}"
|
||||
- "POSTGRES_PASSWORD={{ auth.db.password }}"
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.scope=update"
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- backend
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:19.0.0
|
||||
command: start
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- "KC_DB=postgres"
|
||||
- "KC_DB_URL_HOST=postgres"
|
||||
- "KC_DB_URL_DATABASE={{ auth.db.name }}"
|
||||
- "KC_DB_USERNAME={{ auth.db.user }}"
|
||||
- "KC_DB_PASSWORD={{ auth.db.password }}"
|
||||
- "KEYCLOAK_ADMIN={{ auth.keycloak.user }}"
|
||||
- "KEYCLOAK_ADMIN_PASSWORD={{ auth.keycloak.password }}"
|
||||
- "KC_PROXY=edge"
|
||||
- "KC_HOSTNAME=auth.tobiasmanske.de"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.keycloak.entryPoints=websecure"
|
||||
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
|
||||
restart: always
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
gateway:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
pg_data:
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=miniflux
|
||||
@ -0,0 +1,57 @@
|
||||
---
|
||||
version: '3'
|
||||
services:
|
||||
miniflux:
|
||||
image: miniflux/miniflux:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- DATABASE_URL=postgres://{{ miniflux.db.user }}:{{ miniflux.db.password }}@db/{{ miniflux.db.name }}?sslmode=disable
|
||||
- RUN_MIGRATIONS=1
|
||||
- CREATE_ADMIN=1
|
||||
- ADMIN_USERNAME={{ miniflux.admin.user }}
|
||||
- ADMIN_PASSWORD={{ miniflux.admin.password }}
|
||||
- BASE_URL=https://rss.tobiasmanske.de
|
||||
- OAUTH2_CLIENT_ID={{ miniflux.oauth.client_id }}
|
||||
- OAUTH2_CLIENT_SECRET={{ miniflux.oauth.client_secret }}
|
||||
- OAUTH2_OIDC_DISCOVERY_ENDPOINT={{ miniflux.oauth.discovery_endpoint }}
|
||||
- OAUTH2_PROVIDER=oidc
|
||||
- OAUTH2_REDIRECT_URL={{ miniflux.oauth.redirect_url }}
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.miniflux.entryPoints=websecure"
|
||||
- "traefik.http.services.miniflux.loadbalancer.server.port=8080"
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
|
||||
db:
|
||||
image: postgres:13
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_USER={{ miniflux.db.user }}
|
||||
- POSTGRES_PASSWORD={{ miniflux.db.password }}
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.scope=update"
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "miniflux"]
|
||||
interval: 10s
|
||||
start_period: 30s
|
||||
networks:
|
||||
- backend
|
||||
|
||||
volumes:
|
||||
database:
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
gateway:
|
||||
external: true
|
||||
name: gateway
|
||||
...
|
||||
3
coreos-config/roles/compose_project/templates/minio/.env
Normal file
3
coreos-config/roles/compose_project/templates/minio/.env
Normal file
@ -0,0 +1,3 @@
|
||||
COMPOSE_PROJECT_NAME=minio
|
||||
MINIO_URL=s3.tobiasmanske.de
|
||||
DASHBOARD_URL=minio.tobiasmanske.de
|
||||
@ -0,0 +1,38 @@
|
||||
---
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
minio:
|
||||
image: minio/minio:latest
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
environment:
|
||||
- "MINIO_ROOT_USER={{ minio.user | mandatory }}"
|
||||
- "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
|
||||
- "MINIO_SERVER_URL=https://${MINIO_URL}"
|
||||
- "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
|
||||
volumes:
|
||||
- data:/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)"
|
||||
- "traefik.http.routers.minio.entryPoints=websecure"
|
||||
- "traefik.http.services.minio.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.minio.service=minio"
|
||||
- "traefik.http.routers.minio-dashboard.rule=Host(`${DASHBOARD_URL}`)"
|
||||
- "traefik.http.routers.minio-dashboard.entryPoints=websecure"
|
||||
- "traefik.http.routers.minio-dashboard.middlewares=sso@file"
|
||||
- "traefik.http.services.minio-dashboard.loadbalancer.server.port=9001"
|
||||
- "traefik.http.routers.minio-dashboard.service=minio-dashboard"
|
||||
command: "server /data --console-address ':9001' --anonymous"
|
||||
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=nextcloud
|
||||
@ -0,0 +1,114 @@
|
||||
$ANSIBLE_VAULT;1.2;AES256;secrets
|
||||
33383562353338643538646630616337323735313562636466636339666235633061383136323331
|
||||
3462316230303637636165376230633161343563393334380a633138663531366231323838313863
|
||||
66353332666362313737326663376635336331356438363130316436363466333463393764353362
|
||||
3964636666333932390a363065366566636564303434346165613961383562353131346338356131
|
||||
35366534626430376539316265373262356163633831316261363839353438373262343362633063
|
||||
35363534656361376164383362336632386531366463366432356637316338633130613238313433
|
||||
64613636343331333865643731306266666430666633306539353265393637616130323233356364
|
||||
63333939643335353236646161663630323030303434373362623931616332316639303736363763
|
||||
30363933633961636531313363316532376634303839386630343664316235653962343533383163
|
||||
38633562656432643765646338616230336634383437303131666332383631636131336133323566
|
||||
35663739633031353964363961383234343835393631653434636163613632633031366265353539
|
||||
39306261363735663035373362636663373065613163646266653136623831333830396136316464
|
||||
62666530613734383836316537386433626232323630313533323332663431626266356465373235
|
||||
65363865663933646364633164653136616437343665356231653237353366323835333837656365
|
||||
36383039343365643334663933313433356666333238323261383732363031653733353332623934
|
||||
61663636646638653431313638393233386235646434623131366662616361336632303937396565
|
||||
66653663626231646265336663353232656361343266666565666633376134303533623733383865
|
||||
63323032663161616233653262393336326432323165616332376633336264373665346233313038
|
||||
39386430336563633264653930643239386637306465383738626336303535643835643738343438
|
||||
33313066323637366631343338613633623734353266373139323963333563343334666234623563
|
||||
34633334333932646561623832626435663236393565646534326466376235363430626561663739
|
||||
61383439666266393632643562326432323133633537653130383461393831303564386164393366
|
||||
39316433373634363837346435303537626536636163353034636566646538356164643038363163
|
||||
37656266656164396461346334303138643737646161626335633861323231626334663663613634
|
||||
34373363353763303435336635356363393035353831373061313364326132396437313538373834
|
||||
65313231383164373135663034613963303437336234363936366466326461613137383033313263
|
||||
35333030653033336561393737313466343963643134386432613531356530333163343331656336
|
||||
31383239376437623664383863323438653163653438366566386439346439343562333161383663
|
||||
63316662326266613865393733323266383062643466396566356262336662616637626633623964
|
||||
35353234663335396231333834313634393735636161363730643865393265653239613637366538
|
||||
34353738616161313562303937353638326138643733316330343738343762626333363630323164
|
||||
36623263333662353665653139636533363939333634666239356165313139643535653239343732
|
||||
35646566653364663561303335633035346530646538623438613062366265646637616436303363
|
||||
63363935373964656161363064636162666539616563363663636565336136306431346461303564
|
||||
36333331323061343931636565396336363935616330613838376465376561663037306634373332
|
||||
33313462626165353332666634383236633632613564613263373133663330363263666163316436
|
||||
35336163616136653234343833623462386636393133623430396132663063333463663935613939
|
||||
61356163353731373235653964313562313266616364336439623732653166626134313839636238
|
||||
38613561313466633466323839343436666165333930656162373665376431386366313533333031
|
||||
32663561633230626133663730633865323536383636613032373932353363646365313437316363
|
||||
65346263633834373262333939316662626165653066346138626135383838373237613732663862
|
||||
64306439616433386335643330306365643835626361316463353432623532393035633365343632
|
||||
63653362646638346431646161353837313061333562313162613364373339353031303565313266
|
||||
63633831356135656532383562333736343730323838396663616362333764346663373766323366
|
||||
38343763613164646239383366663338306363366662343364646564666333373665653364666339
|
||||
61303465323930383434623931376362333535323231393933386162336434376365343233306661
|
||||
32323037623862333731633533633936363363303339666335363166646462656264643463636431
|
||||
66656564333261383962633364393232303031653462306539663933343465623766666635613432
|
||||
36346130393133626535343731333532363439376533323862626333653761396237623762306662
|
||||
35643632613137313935313836343539656232303631356436393836383531633139333333666431
|
||||
32303963666132626566336334633331333838353136376630636534656430636537393938356334
|
||||
61346630633062353038653038303563363035303763326535343665623431666233356562643031
|
||||
38316333623133383834363233633936656265323332333266373137313432373039363766326134
|
||||
39323835306439326235303933633735333266623137616134333862313539393465646564303863
|
||||
35373132373161326436326165346631626538333230396636626266336430383062623462623735
|
||||
66366632376262333939656233626663373937613138666166303662623332313239333466313461
|
||||
35396339663064373861633861373330643935353933323264336365346135663633323965393436
|
||||
35366361356435626164376665356436656636643562643133383333386638313539333439613533
|
||||
64333033366331336531306466383135613135653739303239636432633265313338313734616466
|
||||
65653833656565356365333431623236653134316531616237313234376432366533396562393035
|
||||
65663437303330626637303064383862393866303163373563623832303965363839643435626365
|
||||
63346261393932393730316264313061643136633830663938613561343035646134363534393331
|
||||
34666331656136363935613337653064313363366563326266613531323865316539623534316338
|
||||
63633536376631386361373961353139333063633231643634363330636531386637663230373063
|
||||
38613864373763386538643263353434656537326536613163333130653030366537666638306162
|
||||
33356363396165336232396166626231653136666431626436396231336237653663636432646431
|
||||
39636139633433616462386137366439376531383031366562393861323261376662363437313237
|
||||
30313061643136343733643434316464656435326538303339393061396333653238613365326666
|
||||
39313261343237313630333831623661373865326630626633303435303466356634353438383436
|
||||
32356334303933623639666366366232303365313133663563633164663461396136653162626161
|
||||
38356363353733386465303366626466613739306437376363653962666138393162366333636138
|
||||
36363439613039316238626562363235643138663336646432303863613261663061613336616261
|
||||
38346636616236646661333464343638316562633665633766356239346231393462316465373165
|
||||
36363461616464343738656539353531396239383437643661613664333231383262643361653334
|
||||
35613639393763366666396631326131323931636137306632613932643538653939396531643936
|
||||
34323238633765636162336362373262633162393430373431666630356430386666336139653737
|
||||
35343836383565656466326663646234356233623864333339356562393065333632326435633530
|
||||
64643036396536333430343732313665643839323038343564323835313432373332623961303038
|
||||
39393036656633343566383163616334386464303963333135663832396633623564633637353038
|
||||
63353530303366626161636563383534636365623033633661626131633130313434636234396666
|
||||
62613536346566633365396564666137333961623765306262373333353562396538653435316264
|
||||
63616432616334393963616533633864623430303837613765373061633430346464303465653835
|
||||
36363735326530323965373765616436306339333162646561383432316335643765316332333932
|
||||
62316536626563373135663338383166303961633165383837303539336635386665616633343832
|
||||
35343236313230366233396537373230643732363033323938393233303733356334303135356533
|
||||
35316365383530343761636531303135323030396630326135656338346237643862303866366266
|
||||
31626663333732666235383036323536656261336566376538376465316531316263396665346531
|
||||
66633561666237643462333031326636396634316137363663363235623338393033616433336531
|
||||
36363639663666316431356562343838646235663133366137666431636266633839373334613037
|
||||
61313538626534613239393636643665303237643231363362333964326138616536386333363962
|
||||
32663831386232653338613662326364396165343638393537316531663561343664376165656630
|
||||
65333863643464383131643131616437366563393461613733373862373334316563313363653530
|
||||
30393931633532313333656361373033623738303834303536333063303562346639643664383437
|
||||
35353433336633653537643538663738636331373635323965656266636638626338313732316439
|
||||
31663833646631396464353166623133316339653534613366666639613462666262633134383238
|
||||
35396539323834366563613336366265386231663736373563666435613963656138323136323035
|
||||
33323238323531383135383139653930646337383039626363363532343737353562646562326665
|
||||
66303638353561356664393833316538356261656334386431303031343762303737316137666161
|
||||
38656566613938353066636261393862616539636138366562303536353762623139666431356638
|
||||
34353039613234383837373663626337663134333163623735306435316433663736646435323030
|
||||
63366235666438396630653835393130373537613665646663383662326335353665643461333466
|
||||
31326431356334326662663566383337336237633164306134343739346661333438633931376539
|
||||
38393933326239326561613935393763343537363234303835636462633365626461373265636234
|
||||
31316162303834353463313565333635303536396132643634386330363733626130303634643036
|
||||
34333437386566653265373465653836363962373639666534656462326135623361363436336230
|
||||
65653833663366343533303536343931336264373633646334653930366530313666633934376461
|
||||
32373665656236663561313363376637636565616238613532653230646666643863353962623863
|
||||
35633764333932376363663833616533663037336635363930393561353938373634343561633531
|
||||
30343837323130636632343863613066333032373466643237643362313332346535616661626132
|
||||
38313436633664353964383961386536616337396165373936373834393561393563663463313263
|
||||
35366164306163613264626231396266623331613165306132653437333065316663643030616266
|
||||
35396464373665396266383266613630333064613230363366356162633364643737326263303239
|
||||
35646432373638373264303232653038646133666531353061343164333231626666
|
||||
@ -0,0 +1,60 @@
|
||||
---
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb:latest
|
||||
restart: always
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
|
||||
volumes:
|
||||
- database:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD={{ nextcloud.db.rootpassword }}
|
||||
- MYSQL_PASSWORD={{ nextcloud.db.password }}
|
||||
- MYSQL_DATABASE={{ nextcloud.db.name }}
|
||||
- MYSQL_USER={{ nextcloud.db.user }}
|
||||
networks:
|
||||
- backend
|
||||
|
||||
app:
|
||||
image: registry.tobiasmanske.de/nextcloud:main
|
||||
restart: always
|
||||
depends_on:
|
||||
- db
|
||||
volumes:
|
||||
- ./config.php:/config.php:ro,Z
|
||||
- nc_custom_apps:/var/www/html/custom_apps
|
||||
- nc_data:/var/www/data
|
||||
environment:
|
||||
- MYSQL_PASSWORD={{ nextcloud.db.password }}
|
||||
- MYSQL_DATABASE={{ nextcloud.db.name }}
|
||||
- MYSQL_USER={{ nextcloud.db.user }}
|
||||
- MYSQL_HOST=db
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
- default
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.nextcloud.rule=Host(`wolke.chaoswg.org`)"
|
||||
- "traefik.http.routers.nextcloud.entryPoints=websecure"
|
||||
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
|
||||
- "traefik.http.middlewares.nextcloud.headers.customrequestheaders.Front-End-Https=on"
|
||||
- "traefik.http.middlewares.nextcloud.headers.customresponseheaders.Strict-Transport-Security=max-age=15768000; includeSubDomains;"
|
||||
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
|
||||
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
|
||||
- "traefik.http.middlewares.compression.compress=true"
|
||||
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud-dav,compression"
|
||||
|
||||
volumes:
|
||||
nc_custom_apps:
|
||||
nc_data:
|
||||
database:
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
name: gateway
|
||||
backend:
|
||||
internal: true
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=registry
|
||||
@ -0,0 +1,30 @@
|
||||
version: 0.1
|
||||
log:
|
||||
fields:
|
||||
service: registry
|
||||
storage:
|
||||
cache:
|
||||
blobdescriptor: inmemory
|
||||
filesystem:
|
||||
rootdirectory: /var/lib/registry
|
||||
delete:
|
||||
enabled: true
|
||||
|
||||
auth:
|
||||
htpasswd:
|
||||
realm: Registry Realm
|
||||
path: /auth/htpasswd
|
||||
http:
|
||||
addr: :5000
|
||||
headers:
|
||||
Access-Control-Expose-Headers: ['Docker-Content-Digest']
|
||||
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
|
||||
Access-Control-Allow-Origin: ['https://registry-ui.tobiasmanske.de']
|
||||
Access-Control-Allow-Credentials: [true]
|
||||
Access-Control-Allow-Headers: ['Authorization', 'Accept']
|
||||
X-Content-Type-Options: [nosniff]
|
||||
health:
|
||||
storagedriver:
|
||||
enabled: true
|
||||
interval: 10s
|
||||
threshold: 3
|
||||
@ -0,0 +1,48 @@
|
||||
---
|
||||
services:
|
||||
registry:
|
||||
container_name: registry
|
||||
restart: always
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.registry.entryPoints=websecure"
|
||||
- "traefik.http.services.registry.loadbalancer.server.port=5000"
|
||||
image: 'registry:2'
|
||||
networks:
|
||||
- gateway
|
||||
- backend
|
||||
volumes:
|
||||
- registry_data:/var/lib/registry
|
||||
- ./htpasswd:/auth/htpasswd:ro,z
|
||||
- ./config.yaml:/etc/docker/registry/config.yml:ro,z
|
||||
|
||||
frontend:
|
||||
image: joxit/docker-registry-ui:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- registry
|
||||
environment:
|
||||
- DELETE_IMAGES=true
|
||||
- REGISTRY_TITLE=My Private Docker Registry
|
||||
- NGINX_PROXY_PASS_URL=http://registry:5000
|
||||
- SINGLE_REGISTRY=true
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.registryui.rule=Host(`registry-ui.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.registryui.entryPoints=websecure"
|
||||
- "traefik.http.services.registryui.loadbalancer.server.port=80"
|
||||
networks:
|
||||
- gateway
|
||||
- backend
|
||||
|
||||
|
||||
volumes:
|
||||
registry_data:
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
backend:
|
||||
internal: true
|
||||
...
|
||||
@ -0,0 +1,3 @@
|
||||
{% for line in registry.HTPASSWD %}
|
||||
{{ line }}
|
||||
{% endfor %}
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=searxng
|
||||
@ -0,0 +1,47 @@
|
||||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
searxng:
|
||||
image: searxng/searxng:latest # >.<
|
||||
container_name: searxng
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
- default
|
||||
- backend
|
||||
volumes:
|
||||
- ./settings.yml:/etc/searxng/settings.yml:ro,z
|
||||
- ./uwsgi.ini:/etc/searxng/uwsgi.ini:ro,z
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.searxng.rule=Host(`search.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.searxng.entryPoints=websecure"
|
||||
- "traefik.http.services.searxng.loadbalancer.server.port=8080"
|
||||
- "traefik.http.middlewares.compression.compress=true"
|
||||
- "traefik.http.routers.searxng.middlewares=compression"
|
||||
|
||||
redis:
|
||||
container_name: redis
|
||||
image: "redis:alpine"
|
||||
command: redis-server --save "" --appendonly "no"
|
||||
networks:
|
||||
- backend
|
||||
tmpfs:
|
||||
- /var/lib/redis
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- SETGID
|
||||
- SETUID
|
||||
- DAC_OVERRIDE
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
backend:
|
||||
internal: true
|
||||
|
||||
volumes:
|
||||
data:
|
||||
...
|
||||
2835
coreos-config/roles/compose_project/templates/search/settings.yml
Normal file
2835
coreos-config/roles/compose_project/templates/search/settings.yml
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,49 @@
|
||||
[uwsgi]
|
||||
# Who will run the code
|
||||
uid = searxng
|
||||
gid = searxng
|
||||
|
||||
# Number of workers (usually CPU count)
|
||||
workers = 4
|
||||
threads = 4
|
||||
|
||||
# The right granted on the created socket
|
||||
chmod-socket = 666
|
||||
|
||||
# Plugin to use and interpretor config
|
||||
single-interpreter = true
|
||||
master = true
|
||||
plugin = python3
|
||||
lazy-apps = true
|
||||
enable-threads = true
|
||||
|
||||
# Module to import
|
||||
module = searx.webapp
|
||||
|
||||
# Virtualenv and python path
|
||||
pythonpath = /usr/local/searxng/
|
||||
chdir = /usr/local/searxng/searx/
|
||||
|
||||
# automatically set processes name to something meaningful
|
||||
auto-procname = true
|
||||
|
||||
# Disable request logging for privacy
|
||||
disable-logging = true
|
||||
log-5xx = true
|
||||
|
||||
# Set the max size of a request (request-body excluded)
|
||||
buffer-size = 8192
|
||||
|
||||
# No keep alive
|
||||
# See https://github.com/searx/searx-docker/issues/24
|
||||
add-header = Connection: close
|
||||
|
||||
# uwsgi serves the static files
|
||||
# expires set to one year since there are hashes
|
||||
static-map = /static=/usr/local/searxng/searx/static
|
||||
static-expires = /* 31557600
|
||||
static-gzip-all = True
|
||||
offload-threads = %k
|
||||
|
||||
# Cache
|
||||
cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=syncthing
|
||||
@ -0,0 +1,45 @@
|
||||
$ANSIBLE_VAULT;1.2;AES256;secrets
|
||||
33356661663637323832343435656464323766303832363037333663393064336439663165313637
|
||||
6461393832613137623663353337333232616135663938340a666566366335326565613738613930
|
||||
38373066313664616665633337616138303530343637636162346535633339626236303237393561
|
||||
3731366337323033310a386562326238663133653666396434663465313936313738313363613762
|
||||
65643662396237316663306163366636646338663365666632373830363930623534376338396336
|
||||
30313135623038386564373131613835316166326662313066303061393536613136353065363163
|
||||
33343438613562336235626437666661346363363933616132353764336633343739616230333438
|
||||
30333736383434346465666437346137343437366164323964353437643733333066626531383439
|
||||
35353233376164303336626661366662383535613430363439633131643838333535353833396131
|
||||
38383530666232643461623565363865323438666333626338313139656563616465626262636639
|
||||
33653965663166323630373938643638373362313832363331356339353265626262303761316664
|
||||
30303264386630363530643363346162613539623839653934646330373438396530666436376462
|
||||
34653365353961663065323730383935396666336163626337633561613139343139316665333839
|
||||
65656665353436313538636137376633633032383438366665373133396337306138393931653362
|
||||
66386465336363643035343530376437323064643861363535623135353265393034653936323437
|
||||
63353537343538383930366334316237376364613730396534356565313135633331663265323030
|
||||
35646563303031366130383131316637623131396531663862333561396162663361666536306132
|
||||
32393564383330623739393730386261333038343362626438336462616638616132343035393265
|
||||
62336338643639333366613163393332336462613230346366616333396234366231636361623838
|
||||
39373565646131636333393663356130646537356432316261616664356531373063393430653539
|
||||
30346464656535323164613236303361653033613738333235346230343238623166663462353965
|
||||
66313632646431346565633339663864613333383432616536386533313863616232323235306165
|
||||
66376238306537383966373464333532313166393735313535393365616337383034396538343463
|
||||
38386235326233343132306164376432373361383939633161656232613033363538636435393061
|
||||
37343837396362653736303436356666666138353735653134336563373430643636356665373236
|
||||
64373035626461386132666339646466396563623266326637333435633165343034646566326430
|
||||
66356666626539373462653536313636366530313463313530363538623862626537366639636266
|
||||
32653137636331616536343934356662656262623762333930653238663563646239643637386165
|
||||
63613662363235656432313666656331346461343432316530633163303331366239333666633534
|
||||
64393865366139343135303062366333363332376565646437356164306232643130356261656534
|
||||
63303339633765373136323665376137376139363265633162653563356262353162643164306430
|
||||
30306133663565386237373131353232623936623237373739623837643564386131373132316331
|
||||
31663062363133636335303966356562333438376333356330373166366531393461303037363936
|
||||
63346630333130303566383264303436393462313431623237373063393033346438633966643062
|
||||
38396163356265363363396164623664343530383937653663663864626566353365646462666535
|
||||
36303936653933363964663131376236333965313431653937626332383834373833343462333036
|
||||
30343537366462376562343865633162383263313365633332396366336238613132313630653763
|
||||
64343035366561313339316463323134643664616565663331643036306639383163373831376265
|
||||
66646336316632323034653866653532323934636639383634316163336566383830376238376433
|
||||
37653137363939643461373538623032613731383731353639313534376466303930363765303637
|
||||
37626532313430653239663835323633326263656536353330636437376237376339663336666234
|
||||
39396138323836616432396265626236333134323462623138656534333966613338636132393665
|
||||
38343662646238363735666564643336383633393963633662333262663131616163643765353232
|
||||
63613764346437663666
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,20 @@
|
||||
$ANSIBLE_VAULT;1.2;AES256;secrets
|
||||
30383836353130323131653139643365346335633063343362656530663538393435663335613132
|
||||
3533343531333434376632333630343364313061633066330a373263393966336430616530386564
|
||||
32313530333939333035393863623932666261316664666132366331626561306230306238323733
|
||||
3230396463303764300a643831633734393964363534343932303039323161373239363766643037
|
||||
35333362666332346133363063363466343338653963353333376162373331316433326436353738
|
||||
63323339346134626131316136663736313737653866393135356262363832613262316139613963
|
||||
32646532343639303732643432306239656135663363643263393832383936373837626665616662
|
||||
37373865303364373035363832633932323233396336363863336338613237623637323665386536
|
||||
37313164646266663135336432363963643630366434356230626663343534376330343461366664
|
||||
33623261313662663636346361386332343630396164616137303364643661643736653462323062
|
||||
32613335653732373365646566393930666561383465376665383531393037343638633763633563
|
||||
38613164373332306237373737623839386336613166333139656264336131326631343438373235
|
||||
31343739363366396464623662373539613433346438626335303765623738393930666430303139
|
||||
66386264623666393234623032386135323231653965393466656634353532616530306265306666
|
||||
62663039333231316130353061313233666639633563346635623464363135383863666532323432
|
||||
63376664343630633631393232636364633036636230663864323437636439623961613634613638
|
||||
38626161646166336138373931393464633030323338663763383135316665346137646139333530
|
||||
61386233373538636433363832363537313766363566623961346336353532303761313664383032
|
||||
646138346562616433343462303065306236
|
||||
@ -0,0 +1,24 @@
|
||||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
syncthing:
|
||||
image: syncthing/syncthing:1
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 22000:22000/tcp
|
||||
- 22000:22000/udp
|
||||
volumes:
|
||||
- syncthing-data:/var/syncthing
|
||||
- ./config/cert.pem:/var/syncthing/config/cert.pem:ro,z
|
||||
- ./config/key.pem:/var/syncthing/config/key.pem:ro,z
|
||||
- ./config/config.xml:/var/syncthing/config/config.xml:ro,z
|
||||
hostname: "Netcup"
|
||||
environment:
|
||||
- PUID=0
|
||||
- PGID=0
|
||||
- TZ=Europe/Berlin
|
||||
|
||||
volumes:
|
||||
syncthing-data:
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=thelounge
|
||||
@ -0,0 +1,24 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
lounge:
|
||||
image: thelounge/thelounge:4
|
||||
volumes:
|
||||
- data:/var/opt/thelounge
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.thelounge.rule=Host(`lounge.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.thelounge.entryPoints=websecure"
|
||||
- "traefik.http.services.thelounge.loadbalancer.server.port=9000"
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
data:
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=traefik
|
||||
@ -0,0 +1,61 @@
|
||||
---
|
||||
version: '3.9'
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.7
|
||||
container_name: traefik
|
||||
restart: always
|
||||
ports:
|
||||
- "443:443"
|
||||
- "80:80"
|
||||
privileged: true
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:z"
|
||||
- "./traefik.yaml:/etc/traefik/traefik.yaml:Z,ro"
|
||||
- "./dynamic.yaml:/etc/traefik/dynamic.yaml:Z,ro"
|
||||
- "acme:/acme"
|
||||
networks:
|
||||
- gateway
|
||||
- default
|
||||
environment:
|
||||
CLOUDFLARE_DNS_API_TOKEN: "{{ traefik.CLOUDFLARE_DNS_API_TOKEN }}"
|
||||
|
||||
traefik-fa:
|
||||
image: thomseddon/traefik-forward-auth:latest
|
||||
restart: always
|
||||
volumes:
|
||||
- ./traefik-fa.ini:/forward.ini:ro,Z
|
||||
environment:
|
||||
- CONFIG=/forward.ini
|
||||
networks:
|
||||
- gateway
|
||||
depends_on:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik-fa.rule=Host(`traefik-fa.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.traefik-fa.entryPoints=websecure"
|
||||
- "traefik.http.services.traefik-fa.loadbalancer.server.port=4181"
|
||||
- "traefik.http.routers.traefik-fa.middlewares=sso@file"
|
||||
|
||||
# whoami:
|
||||
# image: containous/whoami
|
||||
# networks:
|
||||
# - gateway
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.http.services.whoami.loadbalancer.server.port=80"
|
||||
# - "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
|
||||
# - "traefik.http.routers.whoami.entryPoints=websecure"
|
||||
# - "traefik.http.routers.whoami.middlewares=sso@file"
|
||||
|
||||
volumes:
|
||||
acme:
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
name: gateway
|
||||
internal: false
|
||||
default:
|
||||
driver: bridge
|
||||
...
|
||||
@ -0,0 +1,7 @@
|
||||
http:
|
||||
middlewares:
|
||||
sso:
|
||||
forwardAuth:
|
||||
address: http://traefik-fa:4181
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
@ -0,0 +1,20 @@
|
||||
default-provider = oidc
|
||||
|
||||
# Cookie signing nonce, replace this with something random
|
||||
secret = {{ traefik.oidc.cookie_secret }}
|
||||
|
||||
# This client id / secret is defined in keycloak-realm-config/master-realm.json
|
||||
providers.oidc.client-id = {{ traefik.oidc.client_id }}
|
||||
providers.oidc.client-secret = {{ traefik.oidc.client_secret }}
|
||||
providers.oidc.issuer-url = {{ traefik.oidc.issuer_url }}
|
||||
|
||||
log-level = error
|
||||
|
||||
cookie-domain = tobiasmanske.de
|
||||
auth-host = traefik-fa.tobiasmanske.de
|
||||
|
||||
# Add authorized users here
|
||||
{% for user in traefik.oidc.whitelist %}
|
||||
whitelist = {{ user }}
|
||||
{% endfor %}
|
||||
|
||||
@ -0,0 +1,31 @@
|
||||
log:
|
||||
level: ERROR
|
||||
providers:
|
||||
docker:
|
||||
network: gateway
|
||||
exposedbydefault: false
|
||||
file:
|
||||
filename: /etc/traefik/dynamic.yaml
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
permanent: true
|
||||
websecure:
|
||||
address: ":443"
|
||||
http:
|
||||
tls:
|
||||
certResolver: letsencrypt
|
||||
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
acme:
|
||||
email: webmaster@tobiasmanske.de
|
||||
storage: /acme/acme.json
|
||||
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=tubearchivist
|
||||
@ -0,0 +1,82 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
tubearchivist:
|
||||
restart: unless-stopped
|
||||
image: bbilly1/tubearchivist:latest
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.tubearchivist.middlewares=sso@file"
|
||||
- "traefik.http.routers.tubearchivist.rule=Host(`tubearchivist.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.tubearchivist.entryPoints=websecure"
|
||||
- "traefik.http.services.tubearchivist.loadbalancer.server.port=8000"
|
||||
volumes:
|
||||
- media:/youtube
|
||||
- cache:/cache
|
||||
environment:
|
||||
- ES_URL=http://archivist-es:9200
|
||||
- REDIS_HOST=archivist-redis
|
||||
- HOST_UID=1000
|
||||
- HOST_GID=1000
|
||||
- TA_HOST=tubearchivist.tobiasmanske.de
|
||||
- TA_USERNAME={{ tubearchivist.username }}
|
||||
- TA_PASSWORD={{ tubearchivist.password }}
|
||||
- ELASTIC_PASSWORD={{ tubearchivist.elastic_password }}
|
||||
- TZ=Europe/Berlin # set your time zone
|
||||
depends_on:
|
||||
- archivist-es
|
||||
- archivist-redis
|
||||
networks:
|
||||
- backend
|
||||
- gateway
|
||||
- default
|
||||
|
||||
archivist-redis:
|
||||
image: redislabs/rejson:latest # for arm64 use bbilly1/rejson
|
||||
container_name: archivist-redis
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- redis:/data
|
||||
depends_on:
|
||||
- archivist-es
|
||||
networks:
|
||||
- backend
|
||||
|
||||
archivist-es:
|
||||
image: bbilly1/tubearchivist-es:latest # only for amd64, or use official es 8.3.3
|
||||
container_name: archivist-es
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- "xpack.security.enabled=true"
|
||||
- "ELASTIC_PASSWORD={{ tubearchivist.elastic_password }}" # matching Elasticsearch password
|
||||
- "discovery.type=single-node"
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
volumes:
|
||||
- es:/usr/share/elasticsearch/data # check for permission error when using bind mount, see readme
|
||||
networks:
|
||||
- backend
|
||||
|
||||
volumes:
|
||||
media:
|
||||
driver: local
|
||||
name: nobackup_ta_media
|
||||
driver_opts: {{ docker.cifs.media }}
|
||||
es:
|
||||
driver: local
|
||||
name: nobackup_ta_es
|
||||
driver_opts: {{ docker.cifs.es }}
|
||||
cache:
|
||||
redis:
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
backend:
|
||||
internal: true
|
||||
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=watchtower
|
||||
@ -0,0 +1,21 @@
|
||||
---
|
||||
services:
|
||||
update:
|
||||
image: containrrr/watchtower:latest
|
||||
container_name: Watchtower
|
||||
privileged: true
|
||||
environment:
|
||||
DOCKER_CONFIG: /config
|
||||
WATCHTOWER_SCHEDULE: 0 42 * * * *
|
||||
WATCHTOWER_CLEANUP: 1
|
||||
WATCHTOWER_ROLLING_RESTART: 1
|
||||
WATCHTOWER_NOTIFICATIONS: slack
|
||||
WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL: https://discord.com/api/webhooks/{{ watchtower.discord.webhook }}/slack
|
||||
WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER: Watchtower
|
||||
WATCHTOWER_NOTIFICATION_SLACK_ICON_EMOJI: ":whale:"
|
||||
WATCHTOWER_NOTIFICATION_SLACK_ICON_URL: https://raw.githubusercontent.com/containrrr/watchtower/master/logo.png
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /home/core/.docker:/config
|
||||
restart: always
|
||||
...
|
||||
@ -0,0 +1 @@
|
||||
COMPOSE_PROJECT_NAME=wireguard
|
||||
@ -0,0 +1,37 @@
|
||||
---
|
||||
version: '3.9'
|
||||
|
||||
services:
|
||||
wireguard:
|
||||
image: linuxserver/wireguard:v1.0.20210914-ls81
|
||||
container_name: wireguard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
security_opt:
|
||||
- label:disable
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/Berlin
|
||||
volumes:
|
||||
- ./wg0.conf:/config/wg0.conf:ro,z
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- 51820:51820/udp
|
||||
sysctls:
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
- net.ipv6.conf.all.disable_ipv6=0
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- gateway
|
||||
- internal_services
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
internal_services:
|
||||
name: internal_services
|
||||
internal: true
|
||||
...
|
||||
@ -0,0 +1,17 @@
|
||||
[Interface]
|
||||
Address = 10.2.0.1/16
|
||||
Address = fd10:4000::1/32
|
||||
MTU = 1420
|
||||
SaveConfig = true
|
||||
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
ListenPort = 51820
|
||||
PrivateKey = {{ wireguard.private_key }}
|
||||
|
||||
{% for peer in wireguard_peers %}
|
||||
# Peer: {{ peer.name }}
|
||||
[Peer]
|
||||
PublicKey = {{ peer.pubkey }}
|
||||
AllowedIPs = {{ peer.allowedips | join(", ") }}
|
||||
|
||||
{% endfor %}
|
||||
@ -0,0 +1,2 @@
|
||||
COMPOSE_PROJECT_NAME=youtrack
|
||||
VERSION=2022.2.59587
|
||||
@ -0,0 +1,30 @@
|
||||
---
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
youtrack:
|
||||
image: jetbrains/youtrack:${VERSION}
|
||||
volumes:
|
||||
- data:/opt/youtrack/data
|
||||
- conf:/opt/youtrack/conf
|
||||
- logs:/opt/youtrack/logs
|
||||
- backups:/opt/youtrack/backups
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.youtrack.rule=Host(`youtrack.tobiasmanske.de`)"
|
||||
- "traefik.http.routers.youtrack.entryPoints=websecure"
|
||||
- "traefik.http.services.youtrack.loadbalancer.server.port=8080"
|
||||
restart: always
|
||||
networks:
|
||||
- gateway
|
||||
|
||||
networks:
|
||||
gateway:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
data:
|
||||
conf:
|
||||
logs:
|
||||
backups:
|
||||
...
|
||||
Reference in New Issue
Block a user