Added vaultwarden and removed old compose directory
Also updated gitea to use no NFS and added vaultwarden to swag
This commit is contained in:
@@ -1,88 +0,0 @@
|
||||
version: '3.8'
|
||||
|
||||
volumes:
|
||||
docker_config:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config
|
||||
|
||||
repo:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=maurice,nfsvers=4
|
||||
device: :/repositories
|
||||
|
||||
nc_storage:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=maurice,nfsvers=4
|
||||
device: :/nextcloud
|
||||
|
||||
bands:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=maurice,nfsvers=4
|
||||
device: :/bands
|
||||
|
||||
|
||||
configs:
|
||||
stackstorage:
|
||||
external: true
|
||||
|
||||
services:
|
||||
dockerstorage:
|
||||
image: registry.vbchaos.nl/rclone
|
||||
environment:
|
||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/docker_config
|
||||
- CRON_SCHEDULE=*/1 * * * *
|
||||
configs:
|
||||
- source: stackstorage
|
||||
target: /root/.config/rclone/rclone.conf
|
||||
volumes:
|
||||
- docker_config:/backup
|
||||
deploy:
|
||||
placement:
|
||||
constraints: [node.labels.isDNS == false]
|
||||
|
||||
# repositories:
|
||||
# image: registry.vbchaos.nl/rclone:arm64
|
||||
# environment:
|
||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/repositories
|
||||
# - CRON_SCHEDULE=0 1-23/4 * * *
|
||||
# configs:
|
||||
# - source: stackstorage
|
||||
# target: /config/rclone.conf
|
||||
# volumes:
|
||||
# - repo:/backup
|
||||
# deploy:
|
||||
# mode: replicated
|
||||
# replicas: 1
|
||||
|
||||
# nc_storage:
|
||||
# image: registry.vbchaos.nl/rclone:arm64
|
||||
# environment:
|
||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/nextcloud
|
||||
# - CRON_SCHEDULE=0 2-23/4 * * *
|
||||
# configs:
|
||||
# - source: stackstorage
|
||||
# target: /config/rclone.conf
|
||||
# volumes:
|
||||
# - nc_storage:/backup
|
||||
# deploy:
|
||||
# mode: replicated
|
||||
# replicas: 1
|
||||
|
||||
# bands:
|
||||
# image: registry.vbchaos.nl/rclone:arm64
|
||||
# environment:
|
||||
# - COMMAND=rclone copy -v /backup/ stackstorage:/maurice/bands
|
||||
# - CRON_SCHEDULE=0 3-23/4 * * *
|
||||
# configs:
|
||||
# - source: stackstorage
|
||||
# target: /config/rclone.conf
|
||||
# volumes:
|
||||
# - bands:/backup
|
||||
# deploy:
|
||||
# mode: replicated
|
||||
# replicas: 1
|
||||
@@ -1 +0,0 @@
|
||||
docker stack deploy -c docker-compose.yml --with-registry-auth backup
|
||||
@@ -1,22 +0,0 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
cadvisor:
|
||||
user: "0:0"
|
||||
image: zcube/cadvisor:latest
|
||||
hostname: '{{.Node.ID}}'
|
||||
command: -logtostderr -docker_only -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influx:8086
|
||||
volumes:
|
||||
- /:/rootfs:ro
|
||||
- /var/run:/var/run:rw
|
||||
- /sys:/sys:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /var/lib/docker/:/var/lib/docker:ro
|
||||
- /dev/disk/:/dev/disk:ro
|
||||
ports:
|
||||
- 8081:8080
|
||||
deploy:
|
||||
mode: global
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
version: "3"
|
||||
|
||||
volumes:
|
||||
gitea_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config/gitea
|
||||
|
||||
gitea_repository:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/repositories/git
|
||||
|
||||
services:
|
||||
server:
|
||||
image: gitea/gitea
|
||||
container_name: gitea
|
||||
volumes:
|
||||
- gitea_data:/data
|
||||
- gitea_repository:/data/git/repo
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "222:22"
|
||||
|
||||
@@ -1,75 +0,0 @@
|
||||
version: '3.8'
|
||||
|
||||
volumes:
|
||||
prometheus_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/grafana_prometheus_data
|
||||
|
||||
grafana_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config/grafana/grafana
|
||||
|
||||
loki_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config/grafana/loki
|
||||
|
||||
configs:
|
||||
prometheus_config:
|
||||
external: true
|
||||
grafana_config:
|
||||
external: true
|
||||
|
||||
|
||||
services:
|
||||
|
||||
# loki:
|
||||
# image: grafana/loki:2.6.1
|
||||
# user: "0:0"
|
||||
# volumes:
|
||||
# - loki_data:/loki
|
||||
# ports:
|
||||
# - "3100:3100"
|
||||
# command: -config.file=/etc/loki/local-config.yaml
|
||||
|
||||
# promtail:
|
||||
# image: grafana/promtail:2.6.1
|
||||
# user: "0:0"
|
||||
# volumes:
|
||||
# - /var/log:/var/log
|
||||
# command: -config.file=/etc/promtail/config.yml
|
||||
|
||||
prometheus:
|
||||
user: "0:0"
|
||||
hostname: prometheus
|
||||
image: prom/prometheus
|
||||
environment:
|
||||
- TZ=Europe/Berlin #change Time Zone if needed
|
||||
configs:
|
||||
- source: prometheus_config
|
||||
target: /etc/prometheus/prometheus.yml
|
||||
volumes:
|
||||
- prometheus_data:/prometheus
|
||||
command:
|
||||
- '--config.file=/etc/prometheus/prometheus.yml'
|
||||
ports:
|
||||
- 9090:9090
|
||||
|
||||
grafana:
|
||||
user: "0:0"
|
||||
hostname: grafana
|
||||
image: grafana/grafana
|
||||
environment:
|
||||
- TZ=Europe/Amsterdam
|
||||
configs:
|
||||
- source: grafana_config
|
||||
target: /etc/grafana/grafana.ini
|
||||
volumes:
|
||||
- grafana_data:/var/lib/grafana
|
||||
ports:
|
||||
- 3300:3000
|
||||
@@ -1,34 +0,0 @@
|
||||
# docker-compose.yaml
|
||||
version: '3.8'
|
||||
|
||||
volumes:
|
||||
jenkins_home:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/jenkins/home
|
||||
jenkins_certs:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/jenkins/certs
|
||||
|
||||
services:
|
||||
jenkins:
|
||||
image: registry.vbchaos.nl/jenkins-docker
|
||||
ports:
|
||||
- 8080:8080
|
||||
- 50000:50000
|
||||
# environment:
|
||||
# - DOCKER_CERT_PATH=/certs/client
|
||||
# - DOCKER_TLS_VERIFY=1
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.labels.highperformance==YES"
|
||||
volumes:
|
||||
- jenkins_home:/var/jenkins_home
|
||||
# - jenkins_certs:/certs/client
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
volumes:
|
||||
magicmirror_config:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/magicmirror/config
|
||||
|
||||
magicmirror_modules:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/magicmirror/modules
|
||||
|
||||
magicmirror_css:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/magicmirror/css
|
||||
|
||||
|
||||
services:
|
||||
magicmirror:
|
||||
container_name: mm
|
||||
image: karsten13/magicmirror:latest
|
||||
ports:
|
||||
- "8083:8080"
|
||||
volumes:
|
||||
- magicmirror_config:/opt/magic_mirror/config
|
||||
- magicmirror_modules:/opt/magic_mirror/modules
|
||||
- magicmirror_css:/opt/magic_mirror/css
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- npm
|
||||
- run
|
||||
- server
|
||||
@@ -1,115 +0,0 @@
|
||||
version: "3"
|
||||
|
||||
volumes:
|
||||
nchome:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
o: bind
|
||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home
|
||||
ncdb:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
o: bind
|
||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database
|
||||
ncdata:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
o: bind
|
||||
device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage
|
||||
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb:10.6
|
||||
restart: always
|
||||
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
||||
volumes:
|
||||
- ncdb:/var/lib/mysql:Z
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=rootpw
|
||||
- MYSQL_PASSWORD=password
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
|
||||
aio-imaginary:
|
||||
image: nextcloud/aio-imaginary:latest
|
||||
restart: always
|
||||
environment:
|
||||
- PORT=9000
|
||||
ports:
|
||||
- 9999:9000
|
||||
command: -concurrency 50 -enable-url-source
|
||||
|
||||
nextcloud:
|
||||
build:
|
||||
context: ./nc-fpm
|
||||
args:
|
||||
UID: ${MUID}
|
||||
GID: ${MGID}
|
||||
restart: always
|
||||
links:
|
||||
- db
|
||||
volumes:
|
||||
- nchome:/var/www/html:z
|
||||
- ncdata:/var/www/html/data
|
||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Fearium:/ex_storage/bands/fearium
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/bands/Breakpoint9:/ex_storage/bands/breakpointnine
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/music:/ex_storage/music
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/video:/ex_storage/video
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/repositories:/ex_storage/repositories
|
||||
# - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/hwsw:/ex_storage/hwsw
|
||||
|
||||
|
||||
environment:
|
||||
- MYSQL_PASSWORD=password
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
|
||||
nginx:
|
||||
build:
|
||||
context: ./nginx
|
||||
args:
|
||||
UID: ${MUID}
|
||||
GID: ${MGID}
|
||||
restart: always
|
||||
ports:
|
||||
- 8888:80
|
||||
links:
|
||||
- nextcloud
|
||||
volumes:
|
||||
- nchome:/var/www/html:z,ro
|
||||
|
||||
redis:
|
||||
build:
|
||||
context: ./redis
|
||||
args:
|
||||
UID: ${MUID}
|
||||
GID: ${MGID}
|
||||
restart: always
|
||||
|
||||
cron:
|
||||
build:
|
||||
context: ./nc-fpm
|
||||
args:
|
||||
UID: ${MUID}
|
||||
GID: ${MGID}
|
||||
restart: always
|
||||
volumes:
|
||||
- nchome:/var/www/html:z
|
||||
- ncdata:/var/www/html/data
|
||||
environment:
|
||||
- MYSQL_PASSWORD=password
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
entrypoint: /cron.sh
|
||||
depends_on:
|
||||
- nextcloud
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data
|
||||
RUN usermod -u $UID -o www-data
|
||||
RUN apt update \
|
||||
&& apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \
|
||||
&& apt clean
|
||||
|
||||
# Add custom cron job for previews
|
||||
RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data
|
||||
@@ -1,11 +0,0 @@
|
||||
#FROM nginx:alpine
|
||||
FROM nginx:bullseye
|
||||
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
RUN usermod -u $UID -o www-data
|
||||
|
||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
@@ -1,175 +0,0 @@
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server nextcloud:9000;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 512M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
#fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|svg|gif)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,6 +0,0 @@
|
||||
FROM redis:latest
|
||||
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
RUN usermod -u $UID -o www-data
|
||||
@@ -1,3 +0,0 @@
|
||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache
|
||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
node-exporter:
|
||||
image: prom/node-exporter:latest
|
||||
deploy:
|
||||
mode: global
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /:/rootfs:ro
|
||||
command:
|
||||
- '--path.procfs=/host/proc'
|
||||
- '--path.rootfs=/rootfs'
|
||||
- '--path.sysfs=/host/sys'
|
||||
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
||||
ports:
|
||||
- "9100:9100"
|
||||
|
||||
@@ -1,133 +0,0 @@
|
||||
version: '3.5'
|
||||
|
||||
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
|
||||
#
|
||||
# Note:
|
||||
# - Hardware transcoding is only available for sponsors due to the high maintenance and support effort.
|
||||
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
|
||||
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
|
||||
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
|
||||
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
|
||||
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
|
||||
# https://docs.photoprism.app/getting-started/proxies/traefik/
|
||||
#
|
||||
# Setup Guides:
|
||||
# - https://docs.photoprism.app/getting-started/docker-compose/
|
||||
# - https://docs.photoprism.app/getting-started/raspberry-pi/
|
||||
#
|
||||
# Troubleshooting Checklists:
|
||||
# - https://docs.photoprism.app/getting-started/troubleshooting/
|
||||
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
|
||||
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
|
||||
#
|
||||
# CLI Commands:
|
||||
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
|
||||
#
|
||||
# All commands may have to be prefixed with "sudo" when not running as root.
|
||||
# This will point the home directory srtcut ~ to /root in volume mounts.
|
||||
|
||||
volumes:
|
||||
photoprismdatabase:
|
||||
driver: local
|
||||
driver_opts:
|
||||
o: bind
|
||||
type: none
|
||||
device: /srv/dev-disk-by-uuid-f3ca381b-e85a-4348-8086-833317c5d96e/dockerstorage/photoprism/database
|
||||
|
||||
|
||||
services:
|
||||
photoprism:
|
||||
## Use photoprism/photoprism:preview for testing preview builds:
|
||||
image: photoprism/photoprism:latest
|
||||
depends_on:
|
||||
- mariadb
|
||||
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
|
||||
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
|
||||
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
||||
# restart: unless-stopped
|
||||
security_opt:
|
||||
- seccomp:unconfined
|
||||
- apparmor:unconfined
|
||||
ports:
|
||||
- "2342:2342" # HTTP port (host:container)
|
||||
environment:
|
||||
PHOTOPRISM_ADMIN_USER: "admin" # superadmin username
|
||||
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial superadmin password (minimum 8 characters)
|
||||
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
|
||||
PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
|
||||
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
|
||||
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
|
||||
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
|
||||
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
|
||||
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
|
||||
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
|
||||
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
|
||||
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
|
||||
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
|
||||
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
|
||||
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
|
||||
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files
|
||||
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance)
|
||||
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
|
||||
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
|
||||
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
|
||||
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
|
||||
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
||||
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
||||
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
||||
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
||||
PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password
|
||||
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
|
||||
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
|
||||
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
|
||||
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
|
||||
# PHOTOPRISM_INIT: "https gpu tensorflow"
|
||||
## Hardware Video Transcoding:
|
||||
# PHOTOPRISM_FFMPEG_ENCODER: "software" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry")
|
||||
# PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
|
||||
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
||||
# PHOTOPRISM_UID: 1000
|
||||
# PHOTOPRISM_GID: 1000
|
||||
# PHOTOPRISM_UMASK: 0000
|
||||
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
||||
# user: "1000:1000"
|
||||
## Share hardware devices with FFmpeg and TensorFlow (optional):
|
||||
# devices:
|
||||
# - "/dev/dri:/dev/dri" # Intel QSV
|
||||
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
|
||||
# - "/dev/nvidiactl:/dev/nvidiactl"
|
||||
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
|
||||
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
|
||||
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
|
||||
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
|
||||
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
|
||||
working_dir: "/photoprism" # do not change or remove
|
||||
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
|
||||
volumes:
|
||||
# "/host/folder:/photoprism/folder" # Example
|
||||
- "./Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
|
||||
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
|
||||
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
|
||||
- "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
|
||||
|
||||
## Database Server (recommended)
|
||||
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
|
||||
mariadb:
|
||||
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
|
||||
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
||||
restart: unless-stopped
|
||||
image: mariadb:10.10
|
||||
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
|
||||
- seccomp:unconfined
|
||||
- apparmor:unconfined
|
||||
command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
||||
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
|
||||
volumes:
|
||||
- photoprismdatabase:/var/lib/mysql
|
||||
environment:
|
||||
MARIADB_AUTO_UPGRADE: "1"
|
||||
MARIADB_INITDB_SKIP_TZINFO: "1"
|
||||
MARIADB_DATABASE: "photoprism"
|
||||
MARIADB_USER: "photoprism"
|
||||
MARIADB_PASSWORD: "insecure"
|
||||
MARIADB_ROOT_PASSWORD: "insecure"
|
||||
@@ -1 +0,0 @@
|
||||
zrsyd9l35vf8qz3s
|
||||
@@ -1,6 +0,0 @@
|
||||
Version: 221118-e58fee0fb-Linux-ARM64
|
||||
Key: 7b51906306b5aba668e0beda443a2c57cbe239f5
|
||||
Secret: 13bb44da3f919c04a89439bf157d8631
|
||||
Session: 6a58a5ba0432511981b0ddb0bbe44e5cd636a0b4ceeae537f17379cb2b7d86a33e6471c87b587c26008b9500995e153ffca4e9e2a9fd077484bd5ee63b1a032d6e71d8bec4764591f117230732ebf49f6ad801d58b0b84250c22dbd7460e4829ff
|
||||
Status: ce
|
||||
Serial: zrsyd9l35vf8qz3s
|
||||
@@ -1,62 +0,0 @@
|
||||
UI:
|
||||
Scrollbar: true
|
||||
Zoom: false
|
||||
Theme: default
|
||||
Language: en
|
||||
TimeZone: ""
|
||||
Search:
|
||||
BatchSize: 0
|
||||
Maps:
|
||||
Animate: 0
|
||||
Style: ""
|
||||
Features:
|
||||
Account: true
|
||||
Advanced: false
|
||||
Albums: true
|
||||
Archive: true
|
||||
Delete: false
|
||||
Download: true
|
||||
Edit: true
|
||||
Estimates: true
|
||||
Favorites: true
|
||||
Files: true
|
||||
Folders: true
|
||||
Import: true
|
||||
Labels: true
|
||||
Library: true
|
||||
Logs: true
|
||||
Moments: true
|
||||
People: true
|
||||
Places: true
|
||||
Private: true
|
||||
Ratings: true
|
||||
Reactions: true
|
||||
Review: true
|
||||
Search: true
|
||||
Services: true
|
||||
Settings: true
|
||||
Share: true
|
||||
Upload: true
|
||||
Videos: true
|
||||
Import:
|
||||
Path: /
|
||||
Move: false
|
||||
Index:
|
||||
Path: /
|
||||
Convert: true
|
||||
Rescan: false
|
||||
SkipArchived: false
|
||||
Stack:
|
||||
UUID: true
|
||||
Meta: true
|
||||
Name: false
|
||||
Share:
|
||||
Title: ""
|
||||
Download:
|
||||
Name: file
|
||||
Disabled: false
|
||||
Originals: true
|
||||
MediaRaw: false
|
||||
MediaSidecar: false
|
||||
Templates:
|
||||
Default: index.gohtml
|
||||
@@ -1 +0,0 @@
|
||||
zrsyd9l35vf8qz3s
|
||||
@@ -1,17 +0,0 @@
|
||||
version: '3.3'
|
||||
|
||||
services:
|
||||
pihole-exporter:
|
||||
image: ekofr/pihole-exporter:latest
|
||||
# image: remiflandrois/pihole-exporter:latest
|
||||
container_name: pihole_exporter
|
||||
ports:
|
||||
- 9617:9617
|
||||
environment:
|
||||
PIHOLE_HOSTNAME: 192.168.1.8
|
||||
PIHOLE_PORT: 80
|
||||
PIHOLE_PASSWORD: 14Mai1984
|
||||
INTERVAL: 5s
|
||||
PORT: 9617
|
||||
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
version: "3"
|
||||
|
||||
volumes:
|
||||
data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/proxymanager/data
|
||||
|
||||
letsencrypt:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/proxymanager/letsencrypt
|
||||
|
||||
|
||||
services:
|
||||
app:
|
||||
image: 'jc21/nginx-proxy-manager:latest'
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
# These ports are in format <host-port>:<container-port>
|
||||
- '80:80' # Public HTTP Port
|
||||
- '443:443' # Public HTTPS Port
|
||||
- '81:81' # Admin Web Port
|
||||
# Add any other Stream port you want to expose
|
||||
# - '21:21' # FTP
|
||||
|
||||
# Uncomment the next line if you uncomment anything in the section
|
||||
# environment:
|
||||
# Uncomment this if you want to change the location of
|
||||
# the SQLite DB file within the container
|
||||
# DB_SQLITE_FILE: "/data/database.sqlite"
|
||||
|
||||
# Uncomment this if IPv6 is not enabled on your host
|
||||
# DISABLE_IPV6: 'true'
|
||||
|
||||
volumes:
|
||||
- data:/data
|
||||
- letsencrypt:/etc/letsencrypt
|
||||
@@ -1,43 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
volumes:
|
||||
registrystorage:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/registry
|
||||
registryauth:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/dockerstorage/registry/auth
|
||||
|
||||
|
||||
|
||||
services:
|
||||
registry:
|
||||
image: registry:2
|
||||
volumes:
|
||||
- registryauth:/auth
|
||||
- registrystorage:/var/lib/registry
|
||||
environment:
|
||||
- REGISTRY_STORAGE_DELETE_ENABLED=true
|
||||
- REGISTRY_AUTH=htpasswd
|
||||
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
|
||||
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
|
||||
- VIRTUAL_HOST=registry.vbchaos.nl
|
||||
- VIRTUAL_PORT=5000
|
||||
- VIRTUAL_PROTO=http
|
||||
ports:
|
||||
- '5000:5000'
|
||||
|
||||
registrybrowser:
|
||||
image: klausmeyer/docker-registry-browser
|
||||
ports:
|
||||
- 8082:8080
|
||||
environment:
|
||||
- 'DOCKER_REGISTRY_URL=http://maurice:5000'
|
||||
# - 'DOCKER_REGISTRY_URL=https://registry.vbchaos.nl'
|
||||
- 'PUBLIC_REGISTRY_URL=registry.vbchaos.nl'
|
||||
- 'NO_SSL_VERIFICATION=true'
|
||||
- 'ENABLE_DELETE_IMAGES=true'
|
||||
@@ -1,36 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
volumes:
|
||||
nginx_conf:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/swarm/stacks/reverseproxy/nginx
|
||||
certbot_conf:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/swarm/stacks/reverseproxy/certbot_conf
|
||||
certificates:
|
||||
external: true
|
||||
|
||||
|
||||
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:1.15-alpine
|
||||
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- nginx_conf:/etc/nginx/conf.d
|
||||
- certbot_conf:/etc/letsencrypt
|
||||
- ./data/certbot/www:/var/www/certbot
|
||||
certbot:
|
||||
image: certbot/certbot:arm64v8-v1.32.2
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
volumes:
|
||||
- certbot_conf:/etc/letsencrypt
|
||||
# - certificates:/etc/letsencrypt/live
|
||||
- ./data/certbot/www:/var/www/certbot
|
||||
@@ -1,83 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if ! [ -x "$(command -v docker-compose)" ]; then
|
||||
echo 'Error: docker-compose is not installed.' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
domains=(vbchaos.ddns.net)
|
||||
rsa_key_size=4096
|
||||
data_path="./certbot_data"
|
||||
email="matthias.mitscherlich@gmail.com" # Adding a valid address is strongly recommended
|
||||
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
|
||||
|
||||
if [ -d "$data_path" ]; then
|
||||
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
|
||||
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
|
||||
echo "### Downloading recommended TLS parameters ..."
|
||||
mkdir -p "$data_path/conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
||||
echo
|
||||
fi
|
||||
|
||||
echo "### Creating dummy certificate for $domains ..."
|
||||
path="/etc/letsencrypt/live/$domains"
|
||||
mkdir -p "$data_path/conf/live/$domains"
|
||||
docker-compose run --rm --entrypoint "\
|
||||
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
|
||||
-keyout '$path/privkey.pem' \
|
||||
-out '$path/fullchain.pem' \
|
||||
-subj '/CN=localhost'" certbot
|
||||
echo
|
||||
|
||||
|
||||
echo "### Starting nginx ..."
|
||||
docker-compose up --force-recreate -d nginx
|
||||
echo
|
||||
|
||||
|
||||
|
||||
echo "### Deleting dummy certificate for $domains ..."
|
||||
docker-compose run --rm --entrypoint "\
|
||||
rm -Rf /etc/letsencrypt/live/$domains && \
|
||||
rm -Rf /etc/letsencrypt/archive/$domains && \
|
||||
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
|
||||
echo
|
||||
|
||||
# exit 1
|
||||
|
||||
echo "### Requesting Let's Encrypt certificate for $domains ..."
|
||||
#Join $domains to -d args
|
||||
domain_args=""
|
||||
for domain in "${domains[@]}"; do
|
||||
domain_args="$domain_args -d $domain"
|
||||
done
|
||||
|
||||
# Select appropriate email arg
|
||||
case "$email" in
|
||||
"") email_arg="--register-unsafely-without-email" ;;
|
||||
*) email_arg="--email $email" ;;
|
||||
esac
|
||||
|
||||
# Enable staging mode if needed
|
||||
if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
||||
|
||||
docker-compose run --rm --entrypoint "\
|
||||
certbot certonly --webroot -w /var/www/certbot \
|
||||
$staging_arg \
|
||||
$email_arg \
|
||||
$domain_args \
|
||||
--rsa-key-size $rsa_key_size \
|
||||
--agree-tos \
|
||||
--force-renewal" certbot
|
||||
echo
|
||||
|
||||
echo "### Reloading nginx ..."
|
||||
docker-compose exec nginx nginx -s reload
|
||||
@@ -1,35 +0,0 @@
|
||||
version: "3"
|
||||
|
||||
volumes:
|
||||
swag_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config/swag
|
||||
|
||||
services:
|
||||
swag:
|
||||
image: lscr.io/linuxserver/swag:latest
|
||||
container_name: swag
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=100
|
||||
- TZ=Etc/UTC
|
||||
- URL=vbchaos.nl
|
||||
- VALIDATION=http
|
||||
- SUBDOMAINS=nc,git,grafana,registry,registrybrowser,omv
|
||||
- CERTPROVIDER= #optional
|
||||
- DNSPLUGIN=cloudflare #optional
|
||||
- PROPAGATION= #optional
|
||||
- EMAIL= matthias.mitscherlich@gmail.com
|
||||
- ONLY_SUBDOMAINS=false #optional
|
||||
- EXTRA_DOMAINS= #optional
|
||||
- STAGING=false #optional
|
||||
volumes:
|
||||
- swag_data:/config
|
||||
ports:
|
||||
- 443:443
|
||||
- 81:80 #optional
|
||||
restart: unless-stopped
|
||||
@@ -1,17 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
|
||||
services:
|
||||
|
||||
tado-exporter:
|
||||
user: "1000:1000"
|
||||
image: registry.vbchaos.nl/tado-exporter:arm64
|
||||
hostname: tado-exporter
|
||||
|
||||
environment:
|
||||
EXPORTER_USERNAME: matthias.mitscherlich@gmail.com
|
||||
EXPORTER_PASSWORD: 14Mai1984
|
||||
|
||||
ports:
|
||||
- "9898:9898"
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
docker stack deploy -c docker-compose.yml --with-registry-auth tado-exporter
|
||||
@@ -18,8 +18,10 @@ services:
|
||||
image: gitea/gitea
|
||||
container_name: gitea
|
||||
volumes:
|
||||
- gitea_data:/data
|
||||
- gitea_repository:/data/git/repo
|
||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/gitea:/data
|
||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories/git:/data/git/repo
|
||||
# - gitea_data:/data
|
||||
# - gitea_repository:/data/git/repo
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
|
||||
@@ -1,12 +1,5 @@
|
||||
version: "3"
|
||||
|
||||
volumes:
|
||||
swag_data:
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: addr=dockerstorage,nfsvers=4
|
||||
device: :/docker_config/swag
|
||||
|
||||
services:
|
||||
swag:
|
||||
image: lscr.io/linuxserver/swag:latest
|
||||
@@ -19,7 +12,7 @@ services:
|
||||
- TZ=Etc/UTC
|
||||
- URL=vbchaos.nl
|
||||
- VALIDATION=http
|
||||
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn
|
||||
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden
|
||||
- CERTPROVIDER= #optional
|
||||
- DNSPLUGIN=cloudflare #optional
|
||||
- PROPAGATION= #optional
|
||||
@@ -28,7 +21,6 @@ services:
|
||||
- EXTRA_DOMAINS= #optional
|
||||
- STAGING=false #optional
|
||||
volumes:
|
||||
# - swag_data:/config
|
||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/swag:/config
|
||||
ports:
|
||||
- 443:443
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
vaultwarden:
|
||||
container_name: vaultwarden
|
||||
image: vaultwarden/server:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/
|
||||
ports:
|
||||
- 5555:80
|
||||
environment:
|
||||
- DOMAIN=https://vaultwarden.vbchaos.nl
|
||||
- LOGIN_RATELIMIT_MAX_BURST=10
|
||||
- LOGIN_RATELIMIT_SECONDS=60
|
||||
- ADMIN_RATELIMIT_MAX_BURST=10
|
||||
- ADMIN_RATELIMIT_SECONDS=2
|
||||
- ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM
|
||||
- SENDS_ALLOWED=true
|
||||
- EMERGENCY_ACCESS_ALLOWED=true
|
||||
- WEB_VAULT_ENABLED=true
|
||||
- SIGNUPS_ALLOWED=false
|
||||
- SIGNUPS_VERIFY=true
|
||||
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
||||
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
||||
- SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl
|
||||
- SMTP_HOST=smtp.gmail.com
|
||||
- SMTP_FROM=vaultwarden@vbchaos.nl
|
||||
- SMTP_FROM_NAME=Vaultwarden
|
||||
- SMTP_SECURITY=starttls
|
||||
- SMTP_PORT=587
|
||||
- SMTP_USERNAME=matthias.mitscherlich@gmail.com
|
||||
- SMTP_PASSWORD=oomgyoiqepsqaikn
|
||||
- SMTP_AUTH_MECHANISM="Login"
|
||||
Reference in New Issue
Block a user