modified: apps/gramps/docker-compose.yml
modified: apps/nextcloud/docker-compose.yml modified: apps/passbolt/docker-compose.yml modified: core/authelia/configuration.yml modified: core/docker-compose.yml modified: default-environment.env modified: monitoring/gotify/docker-compose.yml modified: monitoring/prometheus/docker-compose.yml modified: monitoring/prometheus/prometheus.yml modified: services-up.sh
This commit is contained in:
git
@@ -5,7 +5,7 @@ services:
|
||||
container_name: gramps-db
|
||||
restart: always
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
- ${SECRETS_ENV_FILE}
|
||||
environment:
|
||||
POSTGRES_USER: ${GRAMPS_DB_USER}
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/gramps_db_password
|
||||
@@ -31,7 +31,7 @@ services:
|
||||
- gramps-db
|
||||
restart: always
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
- ${SECRETS_ENV_FILE}
|
||||
environment:
|
||||
DB_URI: ${GRAMPS_DB_URI}
|
||||
GRAMPSWEB_LOGLEVEL: ${GRAMPSWEB_LOGLEVEL}
|
||||
|
||||
@@ -5,9 +5,9 @@ services:
|
||||
context: ${PROJECT_ROOT}/apps/nextcloud
|
||||
container_name: nextcloud-webapp
|
||||
restart: always
|
||||
hostname: nextcloud.lan.ddnsgeek.com
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
hostname: ${NEXTCLOUD_TRUSTED_DOMAINS}
|
||||
# env_file:
|
||||
# - ${SECRETS_ENV_FILE}
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/apps/nextcloud/data:/var/www/html/data:rw
|
||||
- ${PROJECT_ROOT}/apps/nextcloud/config:/var/www/html/config:rw
|
||||
@@ -18,22 +18,22 @@ services:
|
||||
- nextcloud-redis
|
||||
environment:
|
||||
- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
|
||||
- MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
|
||||
- MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE}
|
||||
- MYSQL_USER=${NEXTCLOUD_DB_USER}
|
||||
- MYSQL_HOST=nextcloud_db:3306
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
|
||||
- OVERWRITEPROTOCOL=https
|
||||
- OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com
|
||||
- SMTP_HOST=smtp.gmail.com
|
||||
- SMTP_SECURE=tls
|
||||
- SMTP_PORT=587
|
||||
- SMTP_AUTHTYPE=login
|
||||
- MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST}
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
|
||||
- OVERWRITEPROTOCOL=${NEXTCLOUD_OVERWRITEPROTOCOL}
|
||||
- OVERWRITECLIURL=${NEXTCLOUD_OVERWRITECLIURL}
|
||||
- SMTP_HOST=${NEXTCLOUD_SMTP_HOST}
|
||||
- SMTP_SECURE=${NEXTCLOUD_SMTP_SECURE}
|
||||
- SMTP_PORT=${NEXTCLOUD_SMTP_PORT}
|
||||
- SMTP_AUTHTYPE=${NEXTCLOUD_SMTP_AUTHTYPE}
|
||||
- MAIL_FROM_ADDRESS=${NEXTCLOUD_SMTP_FROM_ADDRESS}
|
||||
- MAIL_DOMAIN=${NEXTCLOUD_SMTP_DOMAIN}
|
||||
- SMTP_NAME=${NEXTCLOUD_SMTP_NAME}
|
||||
- SMTP_PASSWORD_FILE=/run/secrets/nextcloud_smtp_password
|
||||
- REDIS_HOST=redis
|
||||
- REDIS_HOST_PORT=6379
|
||||
- REDIS_HOST=${NEXTCLOUD_REDIS_HOST}
|
||||
- REDIS_HOST_PORT=${NEXTCLOUD_REDIS_HOST_PORT}
|
||||
- REDIS_HOST_PASSWORD_FILE=/run/secrets/nextcloud_redis_password
|
||||
secrets:
|
||||
- nextcloud_db_password
|
||||
@@ -43,7 +43,7 @@ services:
|
||||
- traefik
|
||||
- nextcloud
|
||||
labels:
|
||||
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)"
|
||||
- "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_TRUSTED_DOMAINS}`)"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.nextcloud.entrypoints=websecure"
|
||||
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
|
||||
@@ -77,16 +77,16 @@ services:
|
||||
container_name: nextcloud-db
|
||||
hostname: nextcloud_db
|
||||
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/apps/nextcloud/database:/var/lib/mysql:rw
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
|
||||
- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
|
||||
- MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
|
||||
- MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE}
|
||||
- MYSQL_USER=${NEXTCLOUD_DB_USER}
|
||||
- MARIADB_AUTO_UPGRADE=1
|
||||
- MARIADB_AUTO_UPGRADE=${NEXTCLOUD_MARIADB_AUTO_UPGRADE}
|
||||
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
|
||||
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
|
||||
secrets:
|
||||
|
||||
@@ -4,10 +4,10 @@ services:
|
||||
container_name: passbolt-db
|
||||
image: mariadb:12
|
||||
restart: always
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
environment:
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: "true"
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: ${PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD}
|
||||
MYSQL_DATABASE: ${PASSBOLT_DB_NAME}
|
||||
MYSQL_USER: ${PASSBOLT_DB_USER}
|
||||
MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
||||
@@ -33,15 +33,15 @@ services:
|
||||
restart: always
|
||||
depends_on:
|
||||
- passbolt-db
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
environment:
|
||||
APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com
|
||||
DATASOURCES_DEFAULT_HOST: "passbolt-db"
|
||||
APP_FULL_BASE_URL: ${PASSBOLT_APP_FULL_BASE_URL}
|
||||
DATASOURCES_DEFAULT_HOST: ${PASSBOLT_DATASOURCES_DEFAULT_HOST}
|
||||
DATASOURCES_DEFAULT_USERNAME: ${PASSBOLT_DB_USER}
|
||||
DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
||||
DATASOURCES_DEFAULT_DATABASE: ${PASSBOLT_DB_NAME}
|
||||
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "CBBB2B8F3E9FACA114537ACB8965B750F7363586"
|
||||
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: ${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT}
|
||||
secrets:
|
||||
- passbolt_db_password
|
||||
volumes:
|
||||
|
||||
@@ -3,16 +3,16 @@ server.address: tcp://0.0.0.0:9091
|
||||
log:
|
||||
level: info
|
||||
|
||||
identity_validation.reset_password.jwt_secret: ${AUTHELIA_JWT_SECRET}
|
||||
identity_validation.reset_password.jwt_secret: T72Xcxa4d7xpQRypFDZpunlZt0IjqspojmBlxBr69gnkRjzR144YgjZsgFYZK0gS
|
||||
|
||||
session:
|
||||
secret: ${AUTHELIA_SESSION_SECRET}
|
||||
secret: BYksO7YUAJ8gXx9Endgpe46RgB10nkeKpD1qcQPt0GuYGQm2pS2zjJtNOrCEqpav
|
||||
cookies:
|
||||
- domain: lan.ddnsgeek.com
|
||||
authelia_url: https://auth.lan.ddnsgeek.com
|
||||
|
||||
storage:
|
||||
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
encryption_key: N7mkWziClgDhLgZDRkRwU6jEHmGF6ciOt53pzoFcZ0meEV1AZCC5bWZd24jeu19y
|
||||
local:
|
||||
path: /config/data/db.sqlite3
|
||||
|
||||
|
||||
@@ -17,8 +17,8 @@ services:
|
||||
|
||||
build:
|
||||
context: ${PROJECT_ROOT}/core
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
@@ -54,7 +54,7 @@ services:
|
||||
restart: always
|
||||
environment:
|
||||
- COLLECTIONS=crowdsecurity/traefik
|
||||
- CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
|
||||
# - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
|
||||
- ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
|
||||
@@ -102,8 +102,12 @@ services:
|
||||
restart: always
|
||||
build:
|
||||
context: ${PROJECT_ROOT}/core/authelia
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# environment:
|
||||
# - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET}
|
||||
# - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET}
|
||||
# - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/core/authelia:/config
|
||||
networks:
|
||||
|
||||
+4
-29
@@ -2,6 +2,7 @@ PROJECT_ROOT=/home/nixos/docker
|
||||
DOMAIN=lan.ddnsgeek.com
|
||||
TZ=Australia/Brisbane
|
||||
EMAIL=wayne.bennett@live.com
|
||||
SECRETS_ENV_FILE=${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
|
||||
# Core
|
||||
CROWDSEC_COLLECTIONS=crowdsecurity/traefik
|
||||
@@ -17,69 +18,43 @@ GITEA_ROOT_URL=https://gitea.lan.ddnsgeek.com/
|
||||
GRAFANA_ROOT_URL=https://grafana.lan.ddnsgeek.com/
|
||||
|
||||
# Nextcloud
|
||||
NEXTCLOUD_MYSQL_ROOT_PASSWORD=R1m@dmin
|
||||
NEXTCLOUD_MYSQL_PASSWORD=R1m@dmin
|
||||
NEXTCLOUD_MYSQL_DATABASE=nextcloud
|
||||
NEXTCLOUD_MYSQL_USER=nextcloud
|
||||
NEXTCLOUD_MYSQL_HOST=nextcloud_db:3306
|
||||
NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
|
||||
NEXTCLOUD_OVERWRITEPROTOCOL=https
|
||||
NEXTCLOUD_OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com
|
||||
NEXTCLOUD_OVERWRITECLIURL=https://${NEXTCLOUD_TRUSTED_DOMAINS}
|
||||
NEXTCLOUD_SMTP_HOST=smtp.gmail.com
|
||||
NEXTCLOUD_SMTP_SECURE=tls
|
||||
NEXTCLOUD_SMTP_PORT=587
|
||||
NEXTCLOUD_SMTP_AUTHTYPE=login
|
||||
NEXTCLOUD_MAIL_FROM_ADDRESS=beatz174
|
||||
NEXTCLOUD_MAIL_DOMAIN=gmail.com
|
||||
NEXTCLOUD_SMTP_NAME=beatz174@gmail.com
|
||||
NEXTCLOUD_SMTP_PASSWORD=kqdw fvml wlag ldgv
|
||||
NEXTCLOUD_REDIS_HOST=redis
|
||||
NEXTCLOUD_REDIS_HOST_PORT=6379
|
||||
NEXTCLOUD_REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n
|
||||
NEXTCLOUD_MARIADB_AUTO_UPGRADE=1
|
||||
NEXTCLOUD_ADMIN_USER=admin
|
||||
NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin
|
||||
|
||||
# Passbolt
|
||||
PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD=true
|
||||
PASSBOLT_MYSQL_DATABASE=passbolt
|
||||
PASSBOLT_MYSQL_USER=passbolt
|
||||
PASSBOLT_MYSQL_PASSWORD=P4ssb0lt
|
||||
PASSBOLT_APP_FULL_BASE_URL=https://passbolt.lan.ddnsgeek.com
|
||||
PASSBOLT_DATASOURCES_DEFAULT_HOST=passbolt-db
|
||||
PASSBOLT_DATASOURCES_DEFAULT_USERNAME=passbolt
|
||||
PASSBOLT_DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
|
||||
PASSBOLT_DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=CBBB2B8F3E9FACA114537ACB8965B750F7363586
|
||||
|
||||
# Gramps
|
||||
GRAMPS_POSTGRES_USER=gramps
|
||||
GRAMPS_POSTGRES_PASSWORD=grampspassword
|
||||
GRAMPS_POSTGRES_DB=gramps
|
||||
GRAMPS_DB_URI=postgresql://gramps:grampspassword@db:5432/gramps
|
||||
GRAMPSWEB_LOGLEVEL=INFO
|
||||
GRAMPS_INITIAL_ADMIN=admin
|
||||
GRAMPS_INITIAL_ADMIN_PASSWORD=admin
|
||||
GRAMPSWEB_MEDIAPATH=/app/media
|
||||
GRAMPSWEB_TREE=main
|
||||
|
||||
# Prometheus stack
|
||||
INFLUXDB_INIT_MODE=setup
|
||||
INFLUXDB_INIT_USERNAME=admin
|
||||
INFLUXDB_INIT_PASSWORD=adminpassword
|
||||
INFLUXDB_INIT_ORG=pbs
|
||||
INFLUXDB_INIT_BUCKET=telemetry
|
||||
|
||||
DOCKER_EXPORTER_LOG_LEVEL=INFO
|
||||
|
||||
PIHOLE_HOSTNAME=pihole.sweet.home
|
||||
PIHOLE_PASSWORD=
|
||||
PIHOLE_EXPORTER_PORT=9617
|
||||
|
||||
# Gotify
|
||||
GOTIFY_DEFAULTUSER_NAME=admin
|
||||
GOTIFY_DEFAULTUSER_PASS=R1m@dmin
|
||||
GOTIFY_REGISTRATION=false
|
||||
#GOTIFY_URL=https://gotify.lan.ddnsgeek.com
|
||||
#GOTIFY_TOKEN=ADuOnDBG7C27hcf
|
||||
|
||||
# Portainer
|
||||
PORTAINER_GODEBUG=netdns=cgo
|
||||
|
||||
@@ -4,8 +4,8 @@ services:
|
||||
image: gotify/server:latest
|
||||
container_name: gotify
|
||||
restart: always
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/gotify/data:/app/data
|
||||
environment:
|
||||
|
||||
@@ -4,8 +4,8 @@ services:
|
||||
prometheus:
|
||||
profiles: ["monitoring","all","prometheus"]
|
||||
image: prom/prometheus:latest
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
container_name: prometheus
|
||||
depends_on:
|
||||
# - alertmanager
|
||||
@@ -104,12 +104,12 @@ services:
|
||||
image: influxdb:2.7
|
||||
container_name: influxdb
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2
|
||||
environment:
|
||||
DOCKER_INFLUXDB_INIT_MODE: setup
|
||||
DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE}
|
||||
DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
|
||||
DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
|
||||
DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
|
||||
@@ -212,14 +212,14 @@ services:
|
||||
profiles: ["monitoring","all","prometheus-exporters"]
|
||||
image: ekofr/pihole-exporter:latest
|
||||
container_name: pihole-exporter
|
||||
env_file:
|
||||
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
environment:
|
||||
PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME}
|
||||
PIHOLE_PASSWORD: ${PIHOLE_PASSWORD}
|
||||
PORT: 9617
|
||||
PORT: ${PIHOLE_EXPORTER_PORT}
|
||||
ports:
|
||||
- "9617:9617"
|
||||
- "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
# - edge
|
||||
|
||||
@@ -96,9 +96,9 @@ scrape_configs:
|
||||
scrape_interval: 30s
|
||||
|
||||
basic_auth:
|
||||
username: ${PROMETHEUS_KUMA_BASIC_AUTH_USERNAME}
|
||||
username: wayne.bennett@live.com
|
||||
password_file: /run/secrets/prometheus_kuma_basic_auth_password
|
||||
|
||||
# password: '4vjCco?[%{=+,t`):C'
|
||||
static_configs:
|
||||
- targets:
|
||||
- monitor-kuma:3001
|
||||
|
||||
+2
-1
@@ -1,6 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
ENV="default-environment.env"
|
||||
SECRETS="secrets/stack-secrets.env"
|
||||
PROJECT="core"
|
||||
FILES=(
|
||||
-f default-network.yml
|
||||
@@ -21,4 +22,4 @@ FILES=(
|
||||
-f core/test/docker-compose.yml
|
||||
)
|
||||
|
||||
docker compose -p $PROJECT --env-file $ENV "${FILES[@]}" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||
docker compose -p $PROJECT --env-file $ENV --env-file $SECRETS "${FILES[@]}" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||
|
||||
Reference in New Issue
Block a user