diff --git a/apps/gitea/docker-compose.yml b/apps/gitea/docker-compose.yml index 55f6bc3..df09a2f 100644 --- a/apps/gitea/docker-compose.yml +++ b/apps/gitea/docker-compose.yml @@ -5,10 +5,10 @@ services: image: gitea/gitea:latest # change to 1-rootless once find out how to move data. restart: always environment: - - USER_UID=1000 - - USER_GID=1000 - - GITEA__database__DB_TYPE=sqlite3 - - GITEA__server__ROOT_URL=https://gitea.lan.ddnsgeek.com/ + - USER_UID=${GITEA_USER_UID} + - USER_GID=${GITEA_USER_GID} + - GITEA__database__DB_TYPE=${GITEA_DB_TYPE} + - GITEA__server__ROOT_URL=${GITEA_ROOT_URL} volumes: - ${PROJECT_ROOT}/apps/gitea/data:/data networks: diff --git a/apps/gramps/docker-compose.yml b/apps/gramps/docker-compose.yml index e5a5200..54c69f7 100644 --- a/apps/gramps/docker-compose.yml +++ b/apps/gramps/docker-compose.yml @@ -33,12 +33,14 @@ services: env_file: - ${PROJECT_ROOT}/secrets/stack-secrets.env environment: - DB_URI: postgresql://${GRAMPS_DB_USER}:${GRAMPS_DB_PASSWORD}@gramps-db:5432/${GRAMPS_DB_NAME} - GRAMPSWEB_LOGLEVEL: INFO + DB_URI: ${GRAMPS_DB_URI} + GRAMPSWEB_LOGLEVEL: ${GRAMPSWEB_LOGLEVEL} + # default admin user created on first run: INITIAL_ADMIN: ${GRAMPS_INITIAL_ADMIN} INITIAL_ADMIN_PASSWORD: ${GRAMPS_INITIAL_ADMIN_PASSWORD} - GRAMPSWEB_MEDIAPATH: /app/media - GRAMPSWEB_TREE: "main" + # optional: storage paths inside container + GRAMPSWEB_MEDIAPATH: ${GRAMPSWEB_MEDIAPATH} + GRAMPSWEB_TREE: "${GRAMPSWEB_TREE}" volumes: - ${PROJECT_ROOT}/apps/gramps/data/users:/app/users - ${PROJECT_ROOT}/apps/gramps/data/media:/app/media diff --git a/core/authelia/configuration.yml b/core/authelia/configuration.yml index 8981896..6212d20 100644 --- a/core/authelia/configuration.yml +++ b/core/authelia/configuration.yml @@ -33,6 +33,13 @@ access_control: - "^/health" policy: bypass + - domain: node-red.lan.ddnsgeek.com + resources: + - "^/health" + - "^/uptime-kuma" + - "^/docker-update-lockouts/clear" + policy: bypass + - domain: prometheus.lan.ddnsgeek.com resources: - "^/-/healthy" diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 79c07e8..fad817e 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -76,7 +76,7 @@ services: container_name: error-pages read_only: true environment: - TEMPLATE_NAME: app-down + TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME} networks: # - reverse_proxy - traefik diff --git a/core/test/docker-compose.yml b/core/test/docker-compose.yml index 23b7bfc..5696354 100644 --- a/core/test/docker-compose.yml +++ b/core/test/docker-compose.yml @@ -1,6 +1,6 @@ services: update-test: - image: nginx:1.27.4 + image: nginx:1.28.1 container_name: update-test profiles: ["test"] healthcheck: diff --git a/default-environment.env b/default-environment.env index 2219493..e4f10ca 100644 --- a/default-environment.env +++ b/default-environment.env @@ -2,3 +2,84 @@ PROJECT_ROOT=/home/nixos/docker DOMAIN=lan.ddnsgeek.com TZ=Australia/Brisbane EMAIL=wayne.bennett@live.com + +# Core +CROWDSEC_COLLECTIONS=crowdsecurity/traefik +ERROR_PAGES_TEMPLATE_NAME=app-down + +# Gitea +GITEA_USER_UID=1000 +GITEA_USER_GID=1000 +GITEA_DB_TYPE=sqlite3 +GITEA_ROOT_URL=https://gitea.lan.ddnsgeek.com/ + +# Grafana +GRAFANA_ROOT_URL=https://grafana.lan.ddnsgeek.com/ + +# Nextcloud +NEXTCLOUD_MYSQL_ROOT_PASSWORD=R1m@dmin +NEXTCLOUD_MYSQL_PASSWORD=R1m@dmin +NEXTCLOUD_MYSQL_DATABASE=nextcloud +NEXTCLOUD_MYSQL_USER=nextcloud +NEXTCLOUD_MYSQL_HOST=nextcloud_db:3306 +NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com +NEXTCLOUD_OVERWRITEPROTOCOL=https +NEXTCLOUD_OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com +NEXTCLOUD_SMTP_HOST=smtp.gmail.com +NEXTCLOUD_SMTP_SECURE=tls +NEXTCLOUD_SMTP_PORT=587 +NEXTCLOUD_SMTP_AUTHTYPE=login +NEXTCLOUD_MAIL_FROM_ADDRESS=beatz174 +NEXTCLOUD_MAIL_DOMAIN=gmail.com +NEXTCLOUD_SMTP_NAME=beatz174@gmail.com +NEXTCLOUD_SMTP_PASSWORD=kqdw fvml wlag ldgv +NEXTCLOUD_REDIS_HOST=redis +NEXTCLOUD_REDIS_HOST_PORT=6379 +NEXTCLOUD_REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n +NEXTCLOUD_MARIADB_AUTO_UPGRADE=1 +NEXTCLOUD_ADMIN_USER=admin +NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin + +# Passbolt +PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD=true +PASSBOLT_MYSQL_DATABASE=passbolt +PASSBOLT_MYSQL_USER=passbolt +PASSBOLT_MYSQL_PASSWORD=P4ssb0lt +PASSBOLT_APP_FULL_BASE_URL=https://passbolt.lan.ddnsgeek.com +PASSBOLT_DATASOURCES_DEFAULT_HOST=passbolt-db +PASSBOLT_DATASOURCES_DEFAULT_USERNAME=passbolt +PASSBOLT_DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt +PASSBOLT_DATASOURCES_DEFAULT_DATABASE=passbolt +PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=CBBB2B8F3E9FACA114537ACB8965B750F7363586 + +# Gramps +GRAMPS_POSTGRES_USER=gramps +GRAMPS_POSTGRES_PASSWORD=grampspassword +GRAMPS_POSTGRES_DB=gramps +GRAMPS_DB_URI=postgresql://gramps:grampspassword@db:5432/gramps +GRAMPSWEB_LOGLEVEL=INFO +GRAMPS_INITIAL_ADMIN=admin +GRAMPS_INITIAL_ADMIN_PASSWORD=admin +GRAMPSWEB_MEDIAPATH=/app/media +GRAMPSWEB_TREE=main + +# Prometheus stack +INFLUXDB_INIT_MODE=setup +INFLUXDB_INIT_USERNAME=admin +INFLUXDB_INIT_PASSWORD=adminpassword +INFLUXDB_INIT_ORG=pbs +INFLUXDB_INIT_BUCKET=telemetry +DOCKER_EXPORTER_LOG_LEVEL=INFO +PIHOLE_HOSTNAME=pihole.sweet.home +PIHOLE_PASSWORD= +PIHOLE_EXPORTER_PORT=9617 + +# Gotify +GOTIFY_DEFAULTUSER_NAME=admin +GOTIFY_DEFAULTUSER_PASS=R1m@dmin +GOTIFY_REGISTRATION=false +#GOTIFY_URL=https://gotify.lan.ddnsgeek.com +#GOTIFY_TOKEN=ADuOnDBG7C27hcf + +# Portainer +PORTAINER_GODEBUG=netdns=cgo diff --git a/monitoring/gotify/docker-compose.yml b/monitoring/gotify/docker-compose.yml index bc19268..ebaee66 100644 --- a/monitoring/gotify/docker-compose.yml +++ b/monitoring/gotify/docker-compose.yml @@ -12,7 +12,8 @@ services: - TZ=${TZ} - GOTIFY_DEFAULTUSER_NAME=${GOTIFY_DEFAULTUSER_NAME} - GOTIFY_DEFAULTUSER_PASS=${GOTIFY_DEFAULTUSER_PASS} - - GOTIFY_REGISTRATION=false + - GOTIFY_REGISTRATION=${GOTIFY_REGISTRATION} + networks: - traefik labels: diff --git a/monitoring/grafana/docker-compose.yml b/monitoring/grafana/docker-compose.yml index 1806f02..227b770 100644 --- a/monitoring/grafana/docker-compose.yml +++ b/monitoring/grafana/docker-compose.yml @@ -5,7 +5,7 @@ services: container_name: grafana restart: unless-stopped environment: - - GF_SERVER_ROOT_URL=https://grafana.lan.ddnsgeek.com/ + - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL} volumes: - ${PROJECT_ROOT}/monitoring/grafana/data:/var/lib/grafana networks: diff --git a/monitoring/node-red/Dockerfile b/monitoring/node-red/Dockerfile index 6bf9008..0730c1d 100644 --- a/monitoring/node-red/Dockerfile +++ b/monitoring/node-red/Dockerfile @@ -3,4 +3,5 @@ FROM nodered/node-red:latest USER root RUN apk add --no-cache docker-cli docker-cli-compose RUN addgroup -g 131 -S docker && addgroup node-red docker + USER node-red diff --git a/monitoring/node-red/docker-compose.yml b/monitoring/node-red/docker-compose.yml index 5f6343d..16f6daf 100644 --- a/monitoring/node-red/docker-compose.yml +++ b/monitoring/node-red/docker-compose.yml @@ -7,12 +7,15 @@ services: profiles: ["monitoring","all"] restart: unless-stopped privileged: true + environment: + - TZ=${TZ} # ports: # - "1880:1880" volumes: - ${PROJECT_ROOT}/monitoring/node-red/data:/data - /var/run/docker.sock:/var/run/docker.sock:rw - - ${PROJECT_ROOT}:/compose + - ${PROJECT_ROOT}:/compose/docker:ro + - /home/nixos/raspi:/compose/raspi:ro - ${PROJECT_ROOT}/default-environment.env:/usr/src/node-red/default-environment.env:ro - ${PROJECT_ROOT}/default-network.yml:/usr/src/node-red/default-network.yml:ro - ${PROJECT_ROOT}/core/docker-compose.yml:/usr/src/node-red/core/docker-compose.yml:ro diff --git a/monitoring/portainer/docker-compose.yml b/monitoring/portainer/docker-compose.yml index 57badde..6402119 100644 --- a/monitoring/portainer/docker-compose.yml +++ b/monitoring/portainer/docker-compose.yml @@ -24,7 +24,7 @@ services: - traefik.http.services.portainer.loadbalancer.server.port=9000 environment: - - GODEBUG=netdns=cgo + - GODEBUG=${PORTAINER_GODEBUG} # healthcheck: # test: ["CMD", "wget", "--spider", "-q", "https://portainer.lan.ddnsgeek.com/api/status"] # interval: 30s diff --git a/monitoring/prometheus/docker-compose.yml b/monitoring/prometheus/docker-compose.yml index de8840a..f95401e 100644 --- a/monitoring/prometheus/docker-compose.yml +++ b/monitoring/prometheus/docker-compose.yml @@ -169,30 +169,30 @@ services: # - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw # - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro environment: - LOG_LEVEL: DEBUG + LOG_LEVEL: ${DOCKER_EXPORTER_LOG_LEVEL} volumes: - ~/.docker/config.json:/root/.docker/config.json:ro - /var/run/docker.sock:/var/run/docker.sock - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw - - ${PROJECT_ROOT}:/compose - - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro - - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro - - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:> - - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro - - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro - - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro - - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro + - ${PROJECT_ROOT}:/compose:ro +# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro +# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro +# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:> +# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro +# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro # ports: diff --git a/monitoring/prometheus/prometheus.yml b/monitoring/prometheus/prometheus.yml index 5126509..d4db4d4 100644 --- a/monitoring/prometheus/prometheus.yml +++ b/monitoring/prometheus/prometheus.yml @@ -63,6 +63,7 @@ scrape_configs: static_configs: - targets: - telegraf:9273 + - raspberrypi.tail13f623.ts.net:9273 labels: role: docker diff --git a/update-containers.log b/update-containers.log index ebc4cb1..1c1982c 100644 --- a/update-containers.log +++ b/update-containers.log @@ -1,13 +1,13 @@ -07:29:20 INFO: === Update started: 2026-04-01 07:29:20 === -07:29:20 WARNING: Skipping traefik (directory does not exist) -07:29:20 WARNING: Skipping nextcloud (directory does not exist) -07:29:20 WARNING: Skipping passbolt (directory does not exist) -07:29:20 WARNING: Skipping searxng (directory does not exist) -07:29:20 WARNING: Skipping gitea (directory does not exist) -07:29:20 WARNING: Skipping gotify (directory does not exist) -07:29:20 WARNING: Skipping grafana (directory does not exist) -07:29:20 WARNING: Skipping gramps (directory does not exist) -07:29:20 WARNING: Skipping portainer (directory does not exist) -07:29:20 WARNING: Skipping prometheus (directory does not exist) -07:29:20 WARNING: Skipping uptime-kuma (directory does not exist) -07:29:20 INFO: Pruning unused containers, images, networks, and volumes... +12:23:36 INFO: === Update started: 2026-04-04 12:23:36 === +12:23:36 WARNING: Skipping traefik (directory does not exist) +12:23:36 WARNING: Skipping nextcloud (directory does not exist) +12:23:36 WARNING: Skipping passbolt (directory does not exist) +12:23:36 WARNING: Skipping searxng (directory does not exist) +12:23:36 WARNING: Skipping gitea (directory does not exist) +12:23:36 WARNING: Skipping gotify (directory does not exist) +12:23:36 WARNING: Skipping grafana (directory does not exist) +12:23:36 WARNING: Skipping gramps (directory does not exist) +12:23:36 WARNING: Skipping portainer (directory does not exist) +12:23:36 WARNING: Skipping prometheus (directory does not exist) +12:23:36 WARNING: Skipping uptime-kuma (directory does not exist) +12:23:36 INFO: Pruning unused containers, images, networks, and volumes...