modified: apps/gramps/docker-compose.yml

modified: apps/nextcloud/docker-compose.yml modified: apps/passbolt/docker-compose.yml modified: core/authelia/configuration.yml modified: core/docker-compose.yml modified: default-environment.env modified: monitoring/gotify/docker-compose.yml modified: monitoring/prometheus/docker-compose.yml modified: monitoring/prometheus/prometheus.yml modified: services-up.sh
2026-04-07 21:57:22 +10:00
parent 39debaf4b4
commit f221b12f8d
10 changed files with 60 additions and 80 deletions
@@ -5,7 +5,7 @@ services:
    container_name: gramps-db
    restart: always
    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+      - ${SECRETS_ENV_FILE}
    environment:
      POSTGRES_USER: ${GRAMPS_DB_USER}
      POSTGRES_PASSWORD_FILE: /run/secrets/gramps_db_password
@@ -31,7 +31,7 @@ services:
      - gramps-db
    restart: always
    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+      - ${SECRETS_ENV_FILE}
    environment:
      DB_URI: ${GRAMPS_DB_URI}
      GRAMPSWEB_LOGLEVEL: ${GRAMPSWEB_LOGLEVEL}
@@ -5,9 +5,9 @@ services:
      context: ${PROJECT_ROOT}/apps/nextcloud
    container_name: nextcloud-webapp
    restart: always
-    hostname: nextcloud.lan.ddnsgeek.com
+    hostname: ${NEXTCLOUD_TRUSTED_DOMAINS}
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${SECRETS_ENV_FILE}
    volumes:
      - ${PROJECT_ROOT}/apps/nextcloud/data:/var/www/html/data:rw
      - ${PROJECT_ROOT}/apps/nextcloud/config:/var/www/html/config:rw
@@ -18,22 +18,22 @@ services:
      - nextcloud-redis
    environment:
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
+      - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_HOST=nextcloud_db:3306
+      - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST}
-      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
+      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
-      - OVERWRITEPROTOCOL=https
+      - OVERWRITEPROTOCOL=${NEXTCLOUD_OVERWRITEPROTOCOL}
-      - OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com
+      - OVERWRITECLIURL=${NEXTCLOUD_OVERWRITECLIURL}
-      - SMTP_HOST=smtp.gmail.com
+      - SMTP_HOST=${NEXTCLOUD_SMTP_HOST}
-      - SMTP_SECURE=tls
+      - SMTP_SECURE=${NEXTCLOUD_SMTP_SECURE}
-      - SMTP_PORT=587
+      - SMTP_PORT=${NEXTCLOUD_SMTP_PORT}
-      - SMTP_AUTHTYPE=login
+      - SMTP_AUTHTYPE=${NEXTCLOUD_SMTP_AUTHTYPE}
      - MAIL_FROM_ADDRESS=${NEXTCLOUD_SMTP_FROM_ADDRESS}
      - MAIL_DOMAIN=${NEXTCLOUD_SMTP_DOMAIN}
      - SMTP_NAME=${NEXTCLOUD_SMTP_NAME}
      - SMTP_PASSWORD_FILE=/run/secrets/nextcloud_smtp_password
-      - REDIS_HOST=redis
+      - REDIS_HOST=${NEXTCLOUD_REDIS_HOST}
-      - REDIS_HOST_PORT=6379
+      - REDIS_HOST_PORT=${NEXTCLOUD_REDIS_HOST_PORT}
      - REDIS_HOST_PASSWORD_FILE=/run/secrets/nextcloud_redis_password
    secrets:
      - nextcloud_db_password
@@ -43,7 +43,7 @@ services:
      - traefik
      - nextcloud
    labels:
-      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)"
+      - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_TRUSTED_DOMAINS}`)"
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
@@ -77,16 +77,16 @@ services:
    container_name: nextcloud-db
    hostname: nextcloud_db
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    volumes:
      - ${PROJECT_ROOT}/apps/nextcloud/database:/var/lib/mysql:rw
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
+      - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MARIADB_AUTO_UPGRADE=1
+      - MARIADB_AUTO_UPGRADE=${NEXTCLOUD_MARIADB_AUTO_UPGRADE}
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
    secrets:
@@ -4,10 +4,10 @@ services:
    container_name: passbolt-db
    image: mariadb:12
    restart: always
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    environment:
-      MYSQL_RANDOM_ROOT_PASSWORD: "true"
+      MYSQL_RANDOM_ROOT_PASSWORD: ${PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD}
      MYSQL_DATABASE: ${PASSBOLT_DB_NAME}
      MYSQL_USER: ${PASSBOLT_DB_USER}
      MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
@@ -33,15 +33,15 @@ services:
    restart: always
    depends_on:
      - passbolt-db
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    environment:
-      APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com
+      APP_FULL_BASE_URL: ${PASSBOLT_APP_FULL_BASE_URL}
-      DATASOURCES_DEFAULT_HOST: "passbolt-db"
+      DATASOURCES_DEFAULT_HOST: ${PASSBOLT_DATASOURCES_DEFAULT_HOST}
      DATASOURCES_DEFAULT_USERNAME: ${PASSBOLT_DB_USER}
      DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
      DATASOURCES_DEFAULT_DATABASE: ${PASSBOLT_DB_NAME}
-      PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "CBBB2B8F3E9FACA114537ACB8965B750F7363586"
+      PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: ${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT}
    secrets:
      - passbolt_db_password
    volumes:
@@ -3,16 +3,16 @@ server.address: tcp://0.0.0.0:9091
 log:
  level: info
-identity_validation.reset_password.jwt_secret: ${AUTHELIA_JWT_SECRET}
+identity_validation.reset_password.jwt_secret: T72Xcxa4d7xpQRypFDZpunlZt0IjqspojmBlxBr69gnkRjzR144YgjZsgFYZK0gS
 session:
-  secret: ${AUTHELIA_SESSION_SECRET}
+  secret: BYksO7YUAJ8gXx9Endgpe46RgB10nkeKpD1qcQPt0GuYGQm2pS2zjJtNOrCEqpav
  cookies:
    - domain: lan.ddnsgeek.com
      authelia_url: https://auth.lan.ddnsgeek.com
 storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+  encryption_key: N7mkWziClgDhLgZDRkRwU6jEHmGF6ciOt53pzoFcZ0meEV1AZCC5bWZd24jeu19y
  local:
    path: /config/data/db.sqlite3
@@ -17,8 +17,8 @@ services:
    build:
      context: ${PROJECT_ROOT}/core
-    env_file:
+ #   env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+ #     - ${PROJECT_ROOT}/secrets/stack-secrets.env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -54,7 +54,7 @@ services:
    restart: always
    environment:
      - COLLECTIONS=crowdsecurity/traefik
-      - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
+#      - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
    volumes:
      - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
      - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
@@ -102,8 +102,12 @@ services:
    restart: always
    build:
      context: ${PROJECT_ROOT}/core/authelia
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
 #    environment:
 #      - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET}
 #      - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET}
 #      - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY}
    volumes:
      - ${PROJECT_ROOT}/core/authelia:/config
    networks:
@@ -2,6 +2,7 @@ PROJECT_ROOT=/home/nixos/docker
 DOMAIN=lan.ddnsgeek.com
 TZ=Australia/Brisbane
 EMAIL=wayne.bennett@live.com
 SECRETS_ENV_FILE=${PROJECT_ROOT}/secrets/stack-secrets.env
 # Core
 CROWDSEC_COLLECTIONS=crowdsecurity/traefik
@@ -17,69 +18,43 @@ GITEA_ROOT_URL=https://gitea.lan.ddnsgeek.com/
 GRAFANA_ROOT_URL=https://grafana.lan.ddnsgeek.com/
 # Nextcloud
 NEXTCLOUD_MYSQL_ROOT_PASSWORD=R1m@dmin
 NEXTCLOUD_MYSQL_PASSWORD=R1m@dmin
 NEXTCLOUD_MYSQL_DATABASE=nextcloud
 NEXTCLOUD_MYSQL_USER=nextcloud
 NEXTCLOUD_MYSQL_HOST=nextcloud_db:3306
 NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
 NEXTCLOUD_OVERWRITEPROTOCOL=https
-NEXTCLOUD_OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com
+NEXTCLOUD_OVERWRITECLIURL=https://${NEXTCLOUD_TRUSTED_DOMAINS}
 NEXTCLOUD_SMTP_HOST=smtp.gmail.com
 NEXTCLOUD_SMTP_SECURE=tls
 NEXTCLOUD_SMTP_PORT=587
 NEXTCLOUD_SMTP_AUTHTYPE=login
 NEXTCLOUD_MAIL_FROM_ADDRESS=beatz174
 NEXTCLOUD_MAIL_DOMAIN=gmail.com
 NEXTCLOUD_SMTP_NAME=beatz174@gmail.com
 NEXTCLOUD_SMTP_PASSWORD=kqdw fvml wlag ldgv
 NEXTCLOUD_REDIS_HOST=redis
 NEXTCLOUD_REDIS_HOST_PORT=6379
 NEXTCLOUD_REDIS_HOST_PASSWORD=TzBF8wcJNmVd9p2CTmBejPS9dpye6kWQeH3DmrQS9TPfTRriSHFN5VqH4CgzcuVZYWH2GBb7QU5GuEpNDGYdKjM6hjmLyjSgCFMiPms3Hv9n
 NEXTCLOUD_MARIADB_AUTO_UPGRADE=1
 NEXTCLOUD_ADMIN_USER=admin
 NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin
 # Passbolt
 PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD=true
 PASSBOLT_MYSQL_DATABASE=passbolt
 PASSBOLT_MYSQL_USER=passbolt
 PASSBOLT_MYSQL_PASSWORD=P4ssb0lt
 PASSBOLT_APP_FULL_BASE_URL=https://passbolt.lan.ddnsgeek.com
 PASSBOLT_DATASOURCES_DEFAULT_HOST=passbolt-db
 PASSBOLT_DATASOURCES_DEFAULT_USERNAME=passbolt
 PASSBOLT_DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
 PASSBOLT_DATASOURCES_DEFAULT_DATABASE=passbolt
 PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=CBBB2B8F3E9FACA114537ACB8965B750F7363586
 # Gramps
 GRAMPS_POSTGRES_USER=gramps
 GRAMPS_POSTGRES_PASSWORD=grampspassword
 GRAMPS_POSTGRES_DB=gramps
 GRAMPS_DB_URI=postgresql://gramps:grampspassword@db:5432/gramps
 GRAMPSWEB_LOGLEVEL=INFO
 GRAMPS_INITIAL_ADMIN=admin
 GRAMPS_INITIAL_ADMIN_PASSWORD=admin
 GRAMPSWEB_MEDIAPATH=/app/media
 GRAMPSWEB_TREE=main
 # Prometheus stack
 INFLUXDB_INIT_MODE=setup
 INFLUXDB_INIT_USERNAME=admin
 INFLUXDB_INIT_PASSWORD=adminpassword
 INFLUXDB_INIT_ORG=pbs
 INFLUXDB_INIT_BUCKET=telemetry
 DOCKER_EXPORTER_LOG_LEVEL=INFO
 PIHOLE_HOSTNAME=pihole.sweet.home
 PIHOLE_PASSWORD=
 PIHOLE_EXPORTER_PORT=9617
 # Gotify
 GOTIFY_DEFAULTUSER_NAME=admin
 GOTIFY_DEFAULTUSER_PASS=R1m@dmin
 GOTIFY_REGISTRATION=false
 #GOTIFY_URL=https://gotify.lan.ddnsgeek.com
 #GOTIFY_TOKEN=ADuOnDBG7C27hcf
 # Portainer
 PORTAINER_GODEBUG=netdns=cgo
@@ -4,8 +4,8 @@ services:
    image: gotify/server:latest
    container_name: gotify
    restart: always
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    volumes:
      - ${PROJECT_ROOT}/monitoring/gotify/data:/app/data
    environment:
@@ -4,8 +4,8 @@ services:
  prometheus:
    profiles: ["monitoring","all","prometheus"]
    image: prom/prometheus:latest
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    container_name: prometheus
    depends_on:
 #      - alertmanager
@@ -104,12 +104,12 @@ services:
    image: influxdb:2.7
    container_name: influxdb
    restart: unless-stopped
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    volumes:
      - ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2
    environment:
-      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE}
      DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
      DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
      DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
@@ -212,14 +212,14 @@ services:
    profiles: ["monitoring","all","prometheus-exporters"]
    image: ekofr/pihole-exporter:latest
    container_name: pihole-exporter
-    env_file:
+#    env_file:
-      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
    environment:
      PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME}
      PIHOLE_PASSWORD: ${PIHOLE_PASSWORD}
-      PORT: 9617
+      PORT: ${PIHOLE_EXPORTER_PORT}
    ports:
-      - "9617:9617"
+      - "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}"
    restart: unless-stopped
    networks:
 #      - edge
@@ -96,9 +96,9 @@ scrape_configs:
    scrape_interval: 30s
    basic_auth:
-      username: ${PROMETHEUS_KUMA_BASIC_AUTH_USERNAME}
+      username: wayne.bennett@live.com
      password_file: /run/secrets/prometheus_kuma_basic_auth_password
-
+#      password: '4vjCco?[%{=+,t`):C'
    static_configs:
      - targets:
          - monitor-kuma:3001
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 ENV="default-environment.env"
 SECRETS="secrets/stack-secrets.env"
 PROJECT="core"
 FILES=(
  -f default-network.yml
@@ -21,4 +22,4 @@ FILES=(
  -f core/test/docker-compose.yml
 )
-docker compose -p $PROJECT --env-file $ENV  "${FILES[@]}" $1 $2 $3 $4 $5 $6 $7 $8 $9
+docker compose -p $PROJECT --env-file $ENV --env-file $SECRETS  "${FILES[@]}" $1 $2 $3 $4 $5 $6 $7 $8 $9