diff --git a/apps/gitea/docker-compose.yml b/apps/gitea/docker-compose.yml index 55f6bc3..df09a2f 100644 --- a/apps/gitea/docker-compose.yml +++ b/apps/gitea/docker-compose.yml @@ -5,10 +5,10 @@ services: image: gitea/gitea:latest # change to 1-rootless once find out how to move data. restart: always environment: - - USER_UID=1000 - - USER_GID=1000 - - GITEA__database__DB_TYPE=sqlite3 - - GITEA__server__ROOT_URL=https://gitea.lan.ddnsgeek.com/ + - USER_UID=${GITEA_USER_UID} + - USER_GID=${GITEA_USER_GID} + - GITEA__database__DB_TYPE=${GITEA_DB_TYPE} + - GITEA__server__ROOT_URL=${GITEA_ROOT_URL} volumes: - ${PROJECT_ROOT}/apps/gitea/data:/data networks: diff --git a/apps/gramps/docker-compose.yml b/apps/gramps/docker-compose.yml index 80f01af..65b4bc1 100644 --- a/apps/gramps/docker-compose.yml +++ b/apps/gramps/docker-compose.yml @@ -5,9 +5,9 @@ services: container_name: gramps-db restart: always environment: - POSTGRES_USER: gramps - POSTGRES_PASSWORD: grampspassword - POSTGRES_DB: gramps + POSTGRES_USER: ${GRAMPS_POSTGRES_USER} + POSTGRES_PASSWORD: ${GRAMPS_POSTGRES_PASSWORD} + POSTGRES_DB: ${GRAMPS_POSTGRES_DB} volumes: - ${PROJECT_ROOT}/apps/gramps/db:/var/lib/postgresql networks: @@ -30,14 +30,14 @@ services: # ports: # - "5000:5000" # access via http://localhost:5000 environment: - DB_URI: postgresql://gramps:grampspassword@db:5432/gramps - GRAMPSWEB_LOGLEVEL: INFO + DB_URI: ${GRAMPS_DB_URI} + GRAMPSWEB_LOGLEVEL: ${GRAMPSWEB_LOGLEVEL} # default admin user created on first run: - INITIAL_ADMIN: admin - INITIAL_ADMIN_PASSWORD: admin + INITIAL_ADMIN: ${GRAMPS_INITIAL_ADMIN} + INITIAL_ADMIN_PASSWORD: ${GRAMPS_INITIAL_ADMIN_PASSWORD} # optional: storage paths inside container - GRAMPSWEB_MEDIAPATH: /app/media - GRAMPSWEB_TREE: "main" + GRAMPSWEB_MEDIAPATH: ${GRAMPSWEB_MEDIAPATH} + GRAMPSWEB_TREE: "${GRAMPSWEB_TREE}" volumes: - ${PROJECT_ROOT}/apps/gramps/data/users:/app/users - ${PROJECT_ROOT}/apps/gramps/data/media:/app/media diff --git a/apps/nextcloud/docker-compose.yml b/apps/nextcloud/docker-compose.yml index cd5b94f..fe7ffed 100644 --- a/apps/nextcloud/docker-compose.yml +++ b/apps/nextcloud/docker-compose.yml @@ -16,26 +16,26 @@ services: - nextcloud-db - nextcloud-redis environment: - - MYSQL_PASSWORD=R1m@dmin - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=nextcloud_db:3306 - - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com - - OVERWRITEPROTOCOL=https - - OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com + - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD} + - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} + - MYSQL_USER=${NEXTCLOUD_MYSQL_USER} + - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST} + - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - OVERWRITEPROTOCOL=${NEXTCLOUD_OVERWRITEPROTOCOL} + - OVERWRITECLIURL=${NEXTCLOUD_OVERWRITECLIURL} - - SMTP_HOST=smtp.gmail.com - - SMTP_SECURE=tls - - SMTP_PORT=587 - - SMTP_AUTHTYPE=login - - MAIL_FROM_ADDRESS=beatz174 - - MAIL_DOMAIN=gmail.com - - SMTP_NAME=beatz174@gmail.com - - SMTP_PASSWORD=kqdw fvml wlag ldgv + - SMTP_HOST=${NEXTCLOUD_SMTP_HOST} + - SMTP_SECURE=${NEXTCLOUD_SMTP_SECURE} + - SMTP_PORT=${NEXTCLOUD_SMTP_PORT} + - SMTP_AUTHTYPE=${NEXTCLOUD_SMTP_AUTHTYPE} + - MAIL_FROM_ADDRESS=${NEXTCLOUD_MAIL_FROM_ADDRESS} + - MAIL_DOMAIN=${NEXTCLOUD_MAIL_DOMAIN} + - SMTP_NAME=${NEXTCLOUD_SMTP_NAME} + - SMTP_PASSWORD=${NEXTCLOUD_SMTP_PASSWORD} - - REDIS_HOST=redis - - REDIS_HOST_PORT=6379 - - REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n + - REDIS_HOST=${NEXTCLOUD_REDIS_HOST} + - REDIS_HOST_PORT=${NEXTCLOUD_REDIS_HOST_PORT} + - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD} networks: - traefik - nextcloud @@ -81,19 +81,19 @@ services: volumes: - ${PROJECT_ROOT}/apps/nextcloud/database:/var/lib/mysql:rw environment: - - MYSQL_ROOT_PASSWORD=R1m@dmin - - MYSQL_PASSWORD=R1m@dmin - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MARIADB_AUTO_UPGRADE=1 - - NEXTCLOUD_ADMIN_USER=admin - - NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin + - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_MYSQL_ROOT_PASSWORD} + - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD} + - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} + - MYSQL_USER=${NEXTCLOUD_MYSQL_USER} + - MARIADB_AUTO_UPGRADE=${NEXTCLOUD_MARIADB_AUTO_UPGRADE} + - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} + - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} networks: - nextcloud labels: - "io.portainer.accesscontrol.public" healthcheck: - test: ["CMD-SHELL", "mariadb-admin ping -u nextcloud --password=R1m@dmin --silent"] + test: ["CMD-SHELL", "mariadb-admin ping -u ${NEXTCLOUD_MYSQL_USER} --password=${NEXTCLOUD_MYSQL_PASSWORD} --silent"] interval: 10s timeout: 5s retries: 12 @@ -103,11 +103,11 @@ services: nextcloud-redis: image: "redis" profiles: ["apps","all","nextcloud"] - command: ["redis-server", "--requirepass", "TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n", "--appendonly", "yes", "--save", "60", "1000"] + command: ["redis-server", "--requirepass", "${NEXTCLOUD_REDIS_HOST_PASSWORD}", "--appendonly", "yes", "--save", "60", "1000"] hostname: redis container_name: nextcloud-redis environment: - - REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n + - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD} volumes: - ${PROJECT_ROOT}/apps/nextcloud/data/redis:/data:rw restart: always @@ -116,7 +116,7 @@ services: labels: - "io.portainer.accesscontrol.public" healthcheck: - test: ["CMD-SHELL", "redis-cli -a TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n PING | grep -q PONG"] + test: ["CMD-SHELL", "redis-cli -a ${NEXTCLOUD_REDIS_HOST_PASSWORD} PING | grep -q PONG"] interval: 10s timeout: 5s retries: 6 diff --git a/apps/passbolt/docker-compose.yml b/apps/passbolt/docker-compose.yml index f7c0e7a..a0bcc89 100644 --- a/apps/passbolt/docker-compose.yml +++ b/apps/passbolt/docker-compose.yml @@ -5,10 +5,10 @@ services: image: mariadb:12 restart: always environment: - MYSQL_RANDOM_ROOT_PASSWORD: "true" - MYSQL_DATABASE: "passbolt" - MYSQL_USER: "passbolt" - MYSQL_PASSWORD: "P4ssb0lt" + MYSQL_RANDOM_ROOT_PASSWORD: "${PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD}" + MYSQL_DATABASE: "${PASSBOLT_MYSQL_DATABASE}" + MYSQL_USER: "${PASSBOLT_MYSQL_USER}" + MYSQL_PASSWORD: "${PASSBOLT_MYSQL_PASSWORD}" volumes: - ${PROJECT_ROOT}/apps/passbolt/data/database:/var/lib/mysql networks: @@ -32,12 +32,12 @@ services: depends_on: - passbolt-db environment: - APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com - DATASOURCES_DEFAULT_HOST: "passbolt-db" - DATASOURCES_DEFAULT_USERNAME: "passbolt" - DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" - DATASOURCES_DEFAULT_DATABASE: "passbolt" - PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "CBBB2B8F3E9FACA114537ACB8965B750F7363586" + APP_FULL_BASE_URL: ${PASSBOLT_APP_FULL_BASE_URL} + DATASOURCES_DEFAULT_HOST: "${PASSBOLT_DATASOURCES_DEFAULT_HOST}" + DATASOURCES_DEFAULT_USERNAME: "${PASSBOLT_DATASOURCES_DEFAULT_USERNAME}" + DATASOURCES_DEFAULT_PASSWORD: "${PASSBOLT_DATASOURCES_DEFAULT_PASSWORD}" + DATASOURCES_DEFAULT_DATABASE: "${PASSBOLT_DATASOURCES_DEFAULT_DATABASE}" + PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT}" volumes: - ${PROJECT_ROOT}/apps/passbolt/data/gpg:/etc/passbolt/gpg - ${PROJECT_ROOT}/apps/passbolt/data/jwt:/etc/passbolt/jwt diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 63eaa40..145ae00 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -51,7 +51,7 @@ services: container_name: crowdsec restart: always environment: - - COLLECTIONS=crowdsecurity/traefik + - COLLECTIONS=${CROWDSEC_COLLECTIONS} volumes: - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data @@ -73,7 +73,7 @@ services: container_name: error-pages read_only: true environment: - TEMPLATE_NAME: app-down + TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME} networks: # - reverse_proxy - traefik diff --git a/default-environment.env b/default-environment.env index 2219493..f1510cc 100644 --- a/default-environment.env +++ b/default-environment.env @@ -2,3 +2,84 @@ PROJECT_ROOT=/home/nixos/docker DOMAIN=lan.ddnsgeek.com TZ=Australia/Brisbane EMAIL=wayne.bennett@live.com + +# Core +CROWDSEC_COLLECTIONS=crowdsecurity/traefik +ERROR_PAGES_TEMPLATE_NAME=app-down + +# Gitea +GITEA_USER_UID=1000 +GITEA_USER_GID=1000 +GITEA_DB_TYPE=sqlite3 +GITEA_ROOT_URL=https://gitea.lan.ddnsgeek.com/ + +# Grafana +GRAFANA_ROOT_URL=https://grafana.lan.ddnsgeek.com/ + +# Nextcloud +NEXTCLOUD_MYSQL_ROOT_PASSWORD=R1m@dmin +NEXTCLOUD_MYSQL_PASSWORD=R1m@dmin +NEXTCLOUD_MYSQL_DATABASE=nextcloud +NEXTCLOUD_MYSQL_USER=nextcloud +NEXTCLOUD_MYSQL_HOST=nextcloud_db:3306 +NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com +NEXTCLOUD_OVERWRITEPROTOCOL=https +NEXTCLOUD_OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com +NEXTCLOUD_SMTP_HOST=smtp.gmail.com +NEXTCLOUD_SMTP_SECURE=tls +NEXTCLOUD_SMTP_PORT=587 +NEXTCLOUD_SMTP_AUTHTYPE=login +NEXTCLOUD_MAIL_FROM_ADDRESS=beatz174 +NEXTCLOUD_MAIL_DOMAIN=gmail.com +NEXTCLOUD_SMTP_NAME=beatz174@gmail.com +NEXTCLOUD_SMTP_PASSWORD=kqdw fvml wlag ldgv +NEXTCLOUD_REDIS_HOST=redis +NEXTCLOUD_REDIS_HOST_PORT=6379 +NEXTCLOUD_REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n +NEXTCLOUD_MARIADB_AUTO_UPGRADE=1 +NEXTCLOUD_ADMIN_USER=admin +NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin + +# Passbolt +PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD=true +PASSBOLT_MYSQL_DATABASE=passbolt +PASSBOLT_MYSQL_USER=passbolt +PASSBOLT_MYSQL_PASSWORD=P4ssb0lt +PASSBOLT_APP_FULL_BASE_URL=https://passbolt.lan.ddnsgeek.com +PASSBOLT_DATASOURCES_DEFAULT_HOST=passbolt-db +PASSBOLT_DATASOURCES_DEFAULT_USERNAME=passbolt +PASSBOLT_DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt +PASSBOLT_DATASOURCES_DEFAULT_DATABASE=passbolt +PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=CBBB2B8F3E9FACA114537ACB8965B750F7363586 + +# Gramps +GRAMPS_POSTGRES_USER=gramps +GRAMPS_POSTGRES_PASSWORD=grampspassword +GRAMPS_POSTGRES_DB=gramps +GRAMPS_DB_URI=postgresql://gramps:grampspassword@db:5432/gramps +GRAMPSWEB_LOGLEVEL=INFO +GRAMPS_INITIAL_ADMIN=admin +GRAMPS_INITIAL_ADMIN_PASSWORD=admin +GRAMPSWEB_MEDIAPATH=/app/media +GRAMPSWEB_TREE=main + +# Prometheus stack +INFLUXDB_INIT_MODE=setup +INFLUXDB_INIT_USERNAME=admin +INFLUXDB_INIT_PASSWORD=adminpassword +INFLUXDB_INIT_ORG=pbs +INFLUXDB_INIT_BUCKET=telemetry +DOCKER_EXPORTER_LOG_LEVEL=INFO +PIHOLE_HOSTNAME=pihole.sweet.home +PIHOLE_PASSWORD= +PIHOLE_EXPORTER_PORT=9617 + +# Gotify +GOTIFY_DEFAULTUSER_NAME=admin +GOTIFY_DEFAULTUSER_PASS=R1m@dmin +GOTIFY_REGISTRATION=false +GOTIFY_URL=https://gotify.lan.ddnsgeek.com +GOTIFY_TOKEN=ADuOnDBG7C27hcf + +# Portainer +PORTAINER_GODEBUG=netdns=cgo diff --git a/monitoring/prometheus/docker-compose.yml b/monitoring/prometheus/docker-compose.yml index 11dfb51..d54f917 100644 --- a/monitoring/prometheus/docker-compose.yml +++ b/monitoring/prometheus/docker-compose.yml @@ -104,11 +104,11 @@ services: volumes: - ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2 environment: - DOCKER_INFLUXDB_INIT_MODE: setup - DOCKER_INFLUXDB_INIT_USERNAME: admin - DOCKER_INFLUXDB_INIT_PASSWORD: adminpassword - DOCKER_INFLUXDB_INIT_ORG: pbs - DOCKER_INFLUXDB_INIT_BUCKET: telemetry + DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE} + DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME} + DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB_INIT_PASSWORD} + DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG} + DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET} networks: # - edge # - traefik_reverse_proxy @@ -162,7 +162,7 @@ services: # - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw # - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro environment: - LOG_LEVEL: INFO + LOG_LEVEL: ${DOCKER_EXPORTER_LOG_LEVEL} volumes: - ~/.docker/config.json:/root/.docker/config.json:ro @@ -206,9 +206,9 @@ services: image: ekofr/pihole-exporter:latest container_name: pihole-exporter environment: - PIHOLE_HOSTNAME: pihole.sweet.home - PIHOLE_PASSWORD: "" - PORT: 9617 + PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME} + PIHOLE_PASSWORD: "${PIHOLE_PASSWORD}" + PORT: ${PIHOLE_EXPORTER_PORT} ports: - "9617:9617" restart: unless-stopped