beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: overhaul repo documentation and workflow guides

Browse Source
This commit is contained in:
beatz174-bit
2026-04-21 09:28:55 +10:00
parent 020d6ecb79
commit c7dd9f2229
13 changed files with 539 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DEPLOYMENT.md
+21 -20
View File
@@ -1,15 +1,17 @@
# Deployment prerequisites (required)
# Deployment Prerequisites
Before running `docker compose up`, you **must** provision runtime secrets.
Before running compose operations, provision local secret material.
## 1) Create non-committed secret files
## 1) Create non-committed secret env file
```bash
cp secrets/.env.secrets.example secrets/stack-secrets.env
chmod 600 secrets/stack-secrets.env
```
Create these Docker secret files (all ignored by git):
## 2) Create required Docker secret files
All files below are expected locally and are gitignored:
- `secrets/nextcloud_db_root_password.txt`
- `secrets/nextcloud_db_password.txt`
@@ -26,23 +28,22 @@ Recommended permissions:
chmod 600 secrets/*.txt
```
## 2) Rotate previously committed credentials
## 3) Validate composed configuration
These values were previously hardcoded and must be rotated in upstream systems immediately:
- Database credentials (Nextcloud, Passbolt, InfluxDB).
- Nextcloud SMTP app password.
- Authelia reset JWT secret, session secret, storage encryption key.
- Traefik CrowdSec LAPI key.
- Gotify admin password.
- Prometheus Uptime Kuma basic-auth password.
## 3) Start stack
After secrets are provisioned:
Use the repository composition entrypoint:
```bash
docker compose -f core/docker-compose.yml up -d
docker compose -f monitoring/prometheus/docker-compose.yml up -d
docker compose -f apps/nextcloud/docker-compose.yml up -d
./services-up.sh --profile all config
```
This confirms compose rendering with shared env/network inputs before any runtime operation.
## 4) Rotate previously committed credentials
If migrating from older states where secrets were committed, rotate upstream values immediately (DB credentials, app passwords, auth keys, and API tokens).
## Related docs
- [SECURITY_SECRETS_INVENTORY.md](SECURITY_SECRETS_INVENTORY.md)
- [docs/docker-environment.md](docs/docker-environment.md)
- [docs/source-of-truth.md](docs/source-of-truth.md)