Compare commits

..

No commits in common. "main" and "dev/outout/fix_ci" have entirely different histories.

40 changed files with 86 additions and 425 deletions

View file

@ -1,20 +1,7 @@
#!/bin/sh
find . -name "docker-compose.yaml" | while read -r compose_file; do
dir=$(dirname "$compose_file")
echo "Checking directory: $dir"
# Source .env if it exists
if [ -f "$dir/.env" ]; then
set -o allexport
. "$dir/.env"
set +o allexport
for i in $(find . -name "docker-compose.yaml" -exec sh -c 'docker-compose -f {} config -q; echo {}:$?' \;); do
conf=$(echo $i | cut -d: -f1)
return_code=$(echo $i | cut -d: -f2)
if [ $return_code -ne "0" ]; then
echo $conf return code : $return_code && exit $return_code
fi
# Run docker-compose config check
if ! docker-compose -f "$compose_file" config -q; then
echo "$compose_file return code: 1"
exit 1
fi
done
done

3
.gitignore vendored
View file

@ -1,4 +1,3 @@
.vscode
.env.priv
.venv
**/.env
.venv

View file

@ -20,7 +20,7 @@ steps:
- rm -rf output.txt
- apt-get update
- apt-get install -y curl
- curl -SL https://github.com/docker/compose/releases/download/v2.33.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
- curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
- bash .ci/lint_wrap.sh
comment_2:

View file

@ -8,7 +8,7 @@ volumes:
services:
agent:
image: woodpeckerci/woodpecker-agent:next
image: woodpeckerci/woodpecker-agent:latest
container_name: woodpecker_agent
environment:
- WOODPECKER_SERVER=grpc.cicd.gnous.eu:443
@ -16,8 +16,7 @@ services:
- WOODPECKER_GRPC_SECURE=true
- WOODPECKER_GRPC_VERIFY=true
env_file:
- path: .env
required: false
- .env
restart: always
volumes:
- agent:/etc/woodpecker

View file

@ -9,12 +9,11 @@ volumes:
services:
server:
image: codeberg.org/forgejo/forgejo:12.0.1
image: codeberg.org/forgejo/forgejo:10.0.0
restart: always
container_name: forgejo
env_file:
- path: .env
required: false
- .env
environment:
- USER_UID=1000
- USER_GID=1000
@ -71,6 +70,8 @@ services:
# web server
- "traefik.http.services.forgejo-service-gnous.loadbalancer.server.port=3001"
- "traefik.http.routers.forgejognous.rule=(Host(`git.gnous.eu`) && !Path(`/metrics`))"
- "traefik.http.routers.forgejognous.tls=true"
- "traefik.http.routers.forgejognous.tls.certresolver=defaultacme"
- "traefik.http.routers.forgejognous.entrypoints=websecure"
- "traefik.http.routers.forgejognous.service=forgejo-service-gnous"
- "traefik.http.routers.forgejognous.middlewares=proxyHeader@file,proxyError@file"
@ -82,7 +83,7 @@ services:
depends_on:
- cache
cache:
image: "redis:8-alpine"
image: "redis:7-alpine"
restart: always
healthcheck:
test: ["CMD", "redis-cli", "ping"]

View file

@ -25,6 +25,8 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.freshrss.entryPoints=websecure"
- "traefik.http.routers.freshrss.rule=Host(`rss.gnous.eu`)"
- "traefik.http.routers.freshrss.tls=true"
- "traefik.http.routers.freshrss.tls.certresolver=defaultacme"
- "traefik.http.routers.freshrss.middlewares=proxyHeader@file,proxyError@file"
env_file:
- path: .env

View file

@ -18,6 +18,8 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.gnoushaste.entryPoints=websecure"
- "traefik.http.routers.gnoushaste.rule=Host(`haste.gnous.eu`)"
- "traefik.http.routers.gnoushaste.tls=true"
- "traefik.http.routers.gnoushaste.tls.certresolver=defaultacme"
- "traefik.http.routers.gnoushaste.middlewares=proxyHeader@file,proxyError@file"
env_file:
- path: .env

View file

@ -1,2 +0,0 @@
RENOVATE_TOKEN=[[RENOVATE_TOKEN]]
GITHUB_COM_TOKEN=[[RENOVATE_GH_TOKEN]]

View file

@ -4,7 +4,7 @@ networks:
services:
renovate:
image: ghcr.io/renovatebot/renovate:41.43.2-full
image: ghcr.io/renovatebot/renovate:39.156.0-full
restart: always
environment:
- LOG_LEVEL=info
@ -14,5 +14,4 @@ services:
- RENOVATE_GIT_AUTHOR=Renovate bot <renovate@gnous.eu>
- RENOVATE_TOKEN=${RENOVATE_TOKEN}
env_file:
- path: .env
required: false
- .env

View file

@ -1,2 +0,0 @@
RESTIC_BASE_URL=[[RESTIC_BASE_URL]]
RESTIC_PASSWORD=[[RESTIC_PASSWORD]]

View file

@ -1,6 +1,6 @@
services:
backup:
image: mazzolino/restic:1.8.0
image: mazzolino/restic:1.7.2
hostname: docker
restart: unless-stopped
environment:
@ -31,7 +31,7 @@ services:
- ./ssh:/run/secrets/.ssh:ro
prune:
image: mazzolino/restic:1.8.0
image: mazzolino/restic:1.7.2
hostname: docker
restart: unless-stopped
environment:

View file

@ -8,7 +8,7 @@ volumes:
services:
server:
image: "searxng/searxng:2025.4.24-c6c6d3027"
image: "searxng/searxng:2025.1.6-6dab7fe78"
depends_on:
- "redis"
environment:
@ -35,9 +35,11 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.searx.entryPoints=websecure"
- "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)"
- "traefik.http.routers.searx.tls=true"
- "traefik.http.routers.searx.tls.certresolver=defaultacme"
- "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file"
redis:
image: "redis:8.0-alpine"
image: "redis:7.4-alpine"
command: 'redis-server --save "" --appendonly "no"'
healthcheck:
test: ["CMD", "redis-cli", "ping"]

View file

@ -1,11 +1,10 @@
services:
traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17"
image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- path: .env
required: false
- .env
environment:
- BIND_IP=10.100.2.2

View file

@ -1,7 +0,0 @@
MEP_DB_HOST_IP=[[MEP_DB_HOST_IP]]
WALLABAG_DB_NAME=[[WALLABAG_DB_NAME]]
WALLABAG_DB_PASS=[[WALLABAG_DB_PASS]]
WALLABAG_DB_USER=[[WALLABAG_DB_USER]]
SMTP_PASS=[[SMTP_PASS]]
SMTP_HOST=[[SMTP_HOST]]
WALLABAG_SECRET=[[WALLABAG_SECRET]]

View file

@ -8,7 +8,7 @@ volumes:
services:
wallabag:
image: wallabag/wallabag:2.6.13
image: wallabag/wallabag:2.6.10
restart: unless-stopped
environment:
- SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
@ -48,6 +48,8 @@ services:
# web server
- "traefik.http.services.wallabag-service-gnous.loadbalancer.server.port=3009"
- "traefik.http.routers.wallabaggnous.rule=Host(`bag.gnous.eu`)"
- "traefik.http.routers.wallabaggnous.tls=true"
- "traefik.http.routers.wallabaggnous.tls.certresolver=defaultacme"
- "traefik.http.routers.wallabaggnous.entrypoints=websecure"
- "traefik.http.routers.wallabaggnous.service=wallabag-service-gnous"
- "traefik.http.routers.wallabaggnous.middlewares=proxyHeader@file,proxyError@file"

View file

@ -12,5 +12,7 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.wiki.entryPoints=websecure"
- "traefik.http.routers.wiki.rule=Host(`wiki.gnous.eu`)"
- "traefik.http.routers.wiki.tls=true"
- "traefik.http.routers.wiki.tls.certresolver=defaultacme"
- "traefik.http.routers.wiki.middlewares=proxyHeader@file,proxyError@file"

View file

@ -1,3 +0,0 @@
SMTP_HOST=[[SMTP_HOST]]
SMTP_PASS=[[SMTP_PASS]]
SMTP_USER=[[SMTP_USER]]

View file

@ -12,7 +12,7 @@ volumes:
services:
gitlab:
image: gitlab/gitlab-ce:18.2.1-ce.0
image: gitlab/gitlab-ce:17.8.1-ce.0
container_name: gitlab
restart: always
hostname: "gitlab.gnous.eu"
@ -48,12 +48,16 @@ services:
# Web
- "traefik.http.services.gitlab-gnous.loadbalancer.server.port=3005"
- "traefik.http.routers.gitlabgnous.rule=Host(`gitlab.gnous.eu`)"
- "traefik.http.routers.gitlabgnous.tls=true"
- "traefik.http.routers.gitlabgnous.tls.certresolver=defaultacme"
- "traefik.http.routers.gitlabgnous.entrypoints=websecure"
- "traefik.http.routers.gitlabgnous.service=gitlab-gnous"
- "traefik.http.routers.gitlabgnous.middlewares=proxyHeader@file,proxyError@file"
# Registry
- "traefik.http.services.registry-gnous.loadbalancer.server.port=3006"
- "traefik.http.routers.registrygnous.rule=Host(`pkg.gnous.eu`)"
- "traefik.http.routers.registrygnous.tls=true"
- "traefik.http.routers.registrygnous.tls.certresolver=defaultacme"
- "traefik.http.routers.registrygnous.entrypoints=websecure"
- "traefik.http.routers.registrygnous.service=registry-gnous"
- "traefik.http.routers.registrygnous.middlewares=proxyHeader@file,proxyError@file"
@ -61,4 +65,4 @@ services:
- "traefik.tcp.routers.gitlabssh.entrypoints=sshgitlab"
- "traefik.tcp.routers.gitlabssh.rule=HostSNI(`*`)"
- "traefik.tcp.routers.gitlabssh.service=gitlab-ssh"
- "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"
- "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"

View file

@ -13,4 +13,6 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.gnousdoteu.entryPoints=websecure"
- "traefik.http.routers.gnousdoteu.rule=Host(`gnous.eu`)"
- "traefik.http.routers.gnousdoteu.tls=true"
- "traefik.http.routers.gnousdoteu.tls.certresolver=defaultacme"
- "traefik.http.routers.gnousdoteu.middlewares=proxyHeader@file,proxyError@file"

View file

@ -19,7 +19,7 @@ SMTP_FROM_ADDRESS=Mastodon <service@gnous.eu>
S3_ENABLED=true
S3_BUCKET=gnoustoot
S3_REGION=fr-par
S3_HOSTNAME=cdn.gnous.eu
S3_HOSTNAME=obiwan.gnous.eu
S3_ENDPOINT=https://s3.fr-par.scw.cloud
ES_ENABLED=false

View file

@ -5,7 +5,7 @@ networks:
services:
redis:
image: redis:8-alpine
image: redis:7-alpine
restart: always
healthcheck:
test: ["CMD", "redis-cli", "ping"]
@ -13,7 +13,7 @@ services:
- mastodon
web:
image: ghcr.io/mastodon/mastodon:v4.4.2
image: ghcr.io/mastodon/mastodon:v4.3.3
restart: always
env_file:
- path: .env.production
@ -33,6 +33,8 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-web.entrypoints=websecure"
- "traefik.http.routers.mastodon-web.rule=Host(`toot.gnous.eu`)"
- "traefik.http.routers.mastodon-web.tls=true"
- "traefik.http.routers.mastodon-web.tls.certresolver=defaultacme"
- "traefik.http.routers.mastodon-web.middlewares=proxyHeader@file,proxyError@file"
# Cron
- "ofelia.enabled=true"
@ -42,7 +44,7 @@ services:
- "ofelia.job-exec.clean-account.command=tootctl accounts cull"
streaming:
image: ghcr.io/mastodon/mastodon-streaming:v4.4.2
image: ghcr.io/mastodon/mastodon-streaming:v4.3.3
restart: always
env_file:
- path: .env.production
@ -62,10 +64,13 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
- "traefik.http.routers.mastodon-streaming.rule=(Host(`toot.gnous.eu`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
- "traefik.http.routers.mastodon-streaming.tls=true"
- "traefik.http.routers.mastodon-streaming.tls.certresolver=defaultacme"
- "traefik.http.routers.mastodon-streaming.middlewares=proxyHeader@file,proxyError@file"
sidekiq:
image: ghcr.io/mastodon/mastodon:v4.4.2
image: ghcr.io/mastodon/mastodon:v4.3.3
restart: always
env_file:
- path: .env.production

View file

@ -1,2 +0,0 @@
RESTIC_BASE_URL=[[RESTIC_BASE_URL]]
RESTIC_PASSWORD=[[RESTIC_PASSWORD]]

View file

@ -1,6 +1,6 @@
services:
backup:
image: mazzolino/restic:1.8.0
image: mazzolino/restic:1.7.2
hostname: docker
restart: unless-stopped
environment:
@ -28,7 +28,7 @@ services:
- ./ssh:/run/secrets/.ssh:ro
prune:
image: mazzolino/restic:1.8.0
image: mazzolino/restic:1.7.2
hostname: docker
restart: unless-stopped
environment:

View file

@ -1,11 +1,10 @@
services:
traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17"
image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- path: .env
required: false
- .env
environment:
- BIND_IP=10.100.2.3

View file

@ -8,7 +8,7 @@ volumes:
services:
vaultwarden:
image: vaultwarden/server:1.34.1
image: vaultwarden/server:1.33.0
container_name: vaultwarden
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
@ -24,6 +24,8 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.entryPoints=websecure"
- "traefik.http.routers.vaultwarden.rule=Host(`pass.gnous.eu`)"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.routers.vaultwarden.tls.certresolver=defaultacme"
- "traefik.http.routers.vaultwarden.middlewares=proxyHeader@file,proxyError@file"
restart: always
volumes:

View file

@ -1,4 +0,0 @@
WOODPECKER_GITEA_CLIENT=[[WOODPECKER_GITEA_CLIENT]]
WOODPECKER_GITEA_SECRET=[[WOODPECKER_GITEA_SECRET]]
WOODPECKER_DB_PASS=[[WOODPECKER_DB_PASS]]
MEP_DB_HOST=[[MEP_DB_HOST]]

View file

@ -9,7 +9,7 @@ volumes:
services:
server:
image: woodpeckerci/woodpecker-server:v3.8.0
image: woodpeckerci/woodpecker-server:v3.0.1
container_name: woodpecker_server
environment:
- WOODPECKER_OPEN=true
@ -40,6 +40,8 @@ services:
# web server
- "traefik.http.services.woodpecker-service-gnous.loadbalancer.server.port=4001"
- "traefik.http.routers.woodpeckergnous.rule=Host(`cicd.gnous.eu`)"
- "traefik.http.routers.woodpeckergnous.tls=true"
- "traefik.http.routers.woodpeckergnous.tls.certresolver=defaultacme"
- "traefik.http.routers.woodpeckergnous.entrypoints=websecure"
- "traefik.http.routers.woodpeckergnous.service=woodpecker-service-gnous"
- "traefik.http.routers.woodpeckergnous.middlewares=proxyHeader@file,proxyError@file"
@ -47,6 +49,8 @@ services:
- "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.port=4002"
- "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.scheme=h2c"
- "traefik.http.routers.woodpecker-grpc-gnous.rule=Host(`grpc.cicd.gnous.eu`)"
- "traefik.http.routers.woodpecker-grpc-gnous.tls=true"
- "traefik.http.routers.woodpecker-grpc-gnous.tls.certresolver=defaultacme"
- "traefik.http.routers.woodpecker-grpc-gnous.entrypoints=websecure"
- "traefik.http.routers.woodpecker-grpc-gnous.service=woodpecker-grpc-gnous"
- "traefik.http.routers.woodpecker-grpc-gnous.middlewares=woodpecker-grpc-redirect@docker"

View file

@ -1,20 +0,0 @@
TRAEFIK_KOP_REDIS_ADDR=[[TRAEFIK_KOP_REDIS_ADDR]]
TRAEFIK_KOP_REDIS_PASS=[[TRAEFIK_KOP_REDIS_PASS]]
# TRACS3 ENV
TRACS_AWS_REGION=[[TRACS_AWS_REGION]]
TRACS_S3_ENDPOINT=[[TRACS_S3_ENDPOINT]]
TRACS_S3_ACCESS_KEY_ID=[[TRACS_S3_ACCESS_KEY_ID]]
TRACS_S3_SECRET=[[TRACS_S3_SECRET]]
TRACS_CLOSET_BUCKET=[[TRACS_CLOSET_BUCKET]]
TRACS_CLOSET_PASSWORD=[[TRACS_CLOSET_PASSWORD]]
AWS_CONFIGURE_PLUGINS=awscli_plugin_endpoint
AWS_REQUEST_CHECKSUM_CALCULATION=WHEN_REQUIRED
AWS_S3_SIGNATURE_VERSION=s3v4
TRAEFIK_LOCAL_STORE=/certificates/
TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
TRAEFIK_CERTIFICATE_DIR=/certificates/
# TRACING
OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

View file

@ -1,110 +0,0 @@
services:
traefik:
image: "traefik:v3.5.0"
container_name: "traefik"
command:
- "--log.level=info"
- "--log.maxsize=100"
- "--log.maxage=3"
- "--metrics.prometheus=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.web.http.redirections.entryPoint.to=webpublic"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
- "--entryPoints.web.http.redirections.entryPoint.permanent=true"
- "--entryPoints.web.allowACMEByPass=true"
- "--entryPoints.websecure.address=:446"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
- "--entryPoints.webpublic.address=:443"
- "--entryPoints.webpublic.http.tls=true"
- "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
- "--entryPoints.ssh.address=:2222"
- "--entryPoints.sshgitlab.address=:2223"
- "--providers.file.directory=/traefik"
- "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
- "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
- "--tracing=true"
- "--tracing.otlp=true"
- "--tracing.otlp.http=true"
- "--tracing.serviceName=traefik"
- "--tracing.sampleRate=0.2"
- "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}"
- "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}"
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/traefik/sites:/traefik"
- "certificates:/certificates"
network_mode: host
epee:
image: "git.gnous.eu/enpls/epee-service:stable"
restart: always
container_name: "epee"
ports:
- "5900:5900"
networks:
- traefik_internal
varnish:
image: varnish:7.7.1
restart: always
command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
ports:
- 445:445
volumes:
- /etc/varnish:/etc/varnish
- "workdir:/var/lib/varnish"
tracs3:
image: ghcr.io/outout14/traefik-acme-s3:main
env_file:
- tracs3.env
command:
- "sync"
volumes:
- "/etc/traefik/sites:/configs"
- "certificates:/certificates"
network_mode: "host"
environment:
- AWS_REGION=${TRACS_AWS_REGION}
- AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
- AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
- AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}
- CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
- CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}
tracs3-certificate-sync:
image: mcuadros/ofelia:latest
restart: always
depends_on:
tracs3:
condition: service_completed_successfully
command: daemon --docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
ofelia.job-run.certificate-rotate.schedule: "@every 10m"
ofelia.job-run.certificate-rotate.command: "sh -c 'docker restart front-http-par-tracs3-1'"
ofelia.job-run.certificate-rotate.image: "docker:cli"
ofelia.job-run.certificate-rotate.volume: "/var/run/docker.sock:/var/run/docker.sock"
volumes:
certificates:
workdir:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
networks:
traefik_internal:
enable_ipv6: true

View file

@ -1,20 +0,0 @@
TRAEFIK_KOP_REDIS_ADDR=[[TRAEFIK_KOP_REDIS_ADDR]]
TRAEFIK_KOP_REDIS_PASS=[[TRAEFIK_KOP_REDIS_PASS]]
# TRACS3 ENV
TRACS_AWS_REGION=[[TRACS_AWS_REGION]]
TRACS_S3_ENDPOINT=[[TRACS_S3_ENDPOINT]]
TRACS_S3_ACCESS_KEY_ID=[[TRACS_S3_ACCESS_KEY_ID]]
TRACS_S3_SECRET=[[TRACS_S3_SECRET]]
TRACS_CLOSET_BUCKET=[[TRACS_CLOSET_BUCKET]]
TRACS_CLOSET_PASSWORD=[[TRACS_CLOSET_PASSWORD]]
AWS_CONFIGURE_PLUGINS=awscli_plugin_endpoint
AWS_REQUEST_CHECKSUM_CALCULATION=WHEN_REQUIRED
AWS_S3_SIGNATURE_VERSION=s3v4
TRAEFIK_LOCAL_STORE=/certificates/
TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
TRAEFIK_CERTIFICATE_DIR=/certificates/
# TRACING
OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

View file

@ -1,110 +0,0 @@
services:
traefik:
image: "traefik:v3.5.0"
container_name: "traefik"
command:
- "--log.level=info"
- "--log.maxsize=100"
- "--log.maxage=3"
- "--metrics.prometheus=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.web.http.redirections.entryPoint.to=webpublic"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
- "--entryPoints.web.http.redirections.entryPoint.permanent=true"
- "--entryPoints.web.allowACMEByPass=true"
- "--entryPoints.websecure.address=:446"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
- "--entryPoints.webpublic.address=:443"
- "--entryPoints.webpublic.http.tls=true"
- "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
- "--entryPoints.ssh.address=:2222"
- "--entryPoints.sshgitlab.address=:2223"
- "--providers.file.directory=/traefik"
- "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
- "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
- "--tracing=true"
- "--tracing.otlp=true"
- "--tracing.otlp.http=true"
- "--tracing.serviceName=traefik"
- "--tracing.sampleRate=0.2"
- "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}"
- "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}"
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/traefik/sites:/traefik"
- "certificates:/certificates"
network_mode: host
epee:
image: "git.gnous.eu/enpls/epee-service:stable"
restart: always
container_name: "epee"
ports:
- "5900:5900"
networks:
- traefik_internal
varnish:
image: varnish:7.7.1
restart: always
command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
ports:
- 445:445
volumes:
- /etc/varnish:/etc/varnish
- "workdir:/var/lib/varnish"
tracs3:
image: ghcr.io/outout14/traefik-acme-s3:main
env_file:
- tracs3.env
command:
- "sync"
volumes:
- "/etc/traefik/sites:/configs"
- "certificates:/certificates"
network_mode: "host"
environment:
- AWS_REGION=${TRACS_AWS_REGION}
- AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
- AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
- AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}
- CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
- CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}
tracs3-certificate-sync:
image: mcuadros/ofelia:latest
restart: always
depends_on:
tracs3:
condition: service_completed_successfully
command: daemon --docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
ofelia.job-run.certificate-rotate.schedule: "@every 10m"
ofelia.job-run.certificate-rotate.command: "sh -c 'docker restart front-http-par-tracs3-1'"
ofelia.job-run.certificate-rotate.image: "docker:cli"
ofelia.job-run.certificate-rotate.volume: "/var/run/docker.sock:/var/run/docker.sock"
volumes:
certificates:
workdir:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
networks:
traefik_internal:
enable_ipv6: true

View file

@ -1,7 +0,0 @@
DB_USERNAME=[[KOMODO_DB_USERNAME]]
DB_PASSWORD=[[KOMODO_DB_PASSWORD]]
KOMODO_PASSKEY=[[KOMODO_PASSKEY]]
KOMODO_WEBHOOK_SECRET=[[KOMODO_WEBHOOK_SECRET]]
KOMODO_JWT_SECRET=[[KOMODO_JWT_SECRET]]
KOMODO_OIDC_CLIENT_SECRET=[[KOMODO_OIDC_CLIENT_SECRET]]
PERIPHERY_PASSKEYS=[[KOMODO_PASSKEY]]

View file

@ -18,7 +18,6 @@ services:
env_file:
- path: ./core.env
- path: ./.env
required: false
core:
image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
restart: unless-stopped
@ -33,7 +32,6 @@ services:
env_file:
- path: ./core.env
- path: ./.env
required: false
environment:
KOMODO_DATABASE_ADDRESS: mongo:27017
KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
@ -45,6 +43,8 @@ services:
- "traefik.http.routers.komodo.entryPoints=websecure"
- "traefik.http.routers.komodo.rule=Host(`deploy.net.enpls.org`)"
- "traefik.http.routers.komodo.tls=true"
- "traefik.http.routers.komodo.tls.certresolver=defaultacme"
- "traefik.http.routers.komodo.middlewares=proxyHeader@file,proxyError@file"
- "komodo.skip:"
periphery:
@ -59,7 +59,6 @@ services:
env_file:
- path: ./core.env
- path: ./.env
required: false
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /proc:/proc

View file

@ -6,8 +6,7 @@ services:
volumes:
- db:/var/lib/postgresql/data
env_file:
- path: .env
required: false
- .env
environment:
POSTGRES_USER: semaphore
POSTGRES_DB: semaphore
@ -15,10 +14,9 @@ services:
restart: unless-stopped
ports:
- 8085:3000
image: semaphoreui/semaphore:v2.15.4
image: semaphoreui/semaphore:v2.12.3
env_file:
- path: .env
required: false
- .env
environment:
SEMAPHORE_DB_USER: semaphore
SEMAPHORE_DB_HOST: postgres
@ -33,6 +31,8 @@ services:
- "traefik.enable=true"
- "traefik.http.services.semaphore-service.loadbalancer.server.port=8085"
- "traefik.http.routers.semaphore.rule=Host(`semaphore.net.enpls.org`)"
- "traefik.http.routers.semaphore.tls=true"
- "traefik.http.routers.semaphore.tls.certresolver=defaultacme"
- "traefik.http.routers.semaphore.entrypoints=websecure"
- "traefik.http.routers.semaphore.service=semaphore-service"
- "traefik.http.routers.semaphore.middlewares=proxyHeader@file,proxyError@file"

View file

@ -1,11 +1,10 @@
services:
traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17"
image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- path: .env
required: false
- .env
environment:
- BIND_IP=10.100.2.5

View file

@ -1,60 +0,0 @@
services:
vikunja:
image: vikunja/vikunja:0.24.6
environment:
VIKUNJA_SERVICE_PUBLICURL: https://todo.net.enpls.org
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: vikunja
VIKUNJA_DATABASE_TYPE: postgres
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_SERVICE_ENABLEREGISTRATION: true
VIKUNJA_AUTH_LOCAL_ENABLED: false
VIKUNJA_AUTH_OPENID_ENABLED: true
VIKUNJA_AUTH_OPENID_REDIRECT_URL: "https://todo.net.enpls.org/auth/openid/"
VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_NAME: "Kanidm"
VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_AUTHURL: "https://idm.enpls.org/oauth2/openid/vikunja"
VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_SCOPE: "openid profile email"
volumes:
- vikunja:/app/vikunja/files
- config:/etc/vikunja
networks:
- vikunja
ports:
- 3456:3456
depends_on:
db:
condition: service_healthy
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja.rule=Host(`todo.net.enpls.org`)"
- "traefik.http.routers.vikunja.entrypoints=websecure"
- "traefik.http.routers.vikunja.middlewares=proxyHeader@file,proxyError@file"
db:
image: postgres:17
environment:
POSTGRES_PASSWORD: vikunja
POSTGRES_USER: vikunja
volumes:
- pgdata2:/var/lib/postgresql/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
interval: 2s
networks:
- vikunja
volumes:
pgdata2:
driver: local
vikunja:
driver: local
config:
driver: local
networks:
vikunja:
external: false

View file

@ -2,8 +2,7 @@ services:
db:
image: postgres:14
env_file:
- path: .env
required: false
- .env
logging:
driver: "none"
restart: unless-stopped
@ -11,7 +10,7 @@ services:
- db-data:/var/lib/postgresql/data
server:
image: ghcr.io/requarks/wiki:2.5.307
image: ghcr.io/requarks/wiki:2.5.305
depends_on:
- db
environment:
@ -19,8 +18,7 @@ services:
DB_HOST: db
DB_PORT: 5432
env_file:
- path: .env
required: false
- .env
restart: unless-stopped
ports:
- "8082:3000"
@ -28,6 +26,8 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.wikijs.entryPoints=websecure"
- "traefik.http.routers.wikijs.rule=Host(`doc.net.enpls.org`)"
- "traefik.http.routers.wikijs.tls=true"
- "traefik.http.routers.wikijs.tls.certresolver=defaultacme"
- "traefik.http.routers.wikijs.middlewares=proxyHeader@file,proxyError@file"
volumes:

View file

@ -12,8 +12,7 @@ services:
- WOODPECKER_GRPC_SECURE=true
- WOODPECKER_GRPC_VERIFY=true
env_file:
- path: .env
required: false
- .env
restart: always
volumes:
- agent:/etc/woodpecker

View file

@ -10,7 +10,7 @@ volumes:
services:
server:
image: woodpeckerci/woodpecker-server:v3.8.0
image: woodpeckerci/woodpecker-server:v3.0.1
container_name: woodpecker_server
environment:
- WOODPECKER_OPEN=false
@ -24,10 +24,8 @@ services:
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=https://git.gnous.eu
- WOODPECKER_DATABASE_DRIVER=postgres
- WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.2
env_file:
- path: .env
required: false
- .env
restart: always
networks:
- woodpecker
@ -41,6 +39,8 @@ services:
# web server
- "traefik.http.services.woodpecker-service.loadbalancer.server.port=8083"
- "traefik.http.routers.woodpecker.rule=Host(`build.net.enpls.org`)"
- "traefik.http.routers.woodpecker.tls=true"
- "traefik.http.routers.woodpecker.tls.certresolver=defaultacme"
- "traefik.http.routers.woodpecker.entrypoints=websecure"
- "traefik.http.routers.woodpecker.service=woodpecker-service"
- "traefik.http.routers.woodpecker.middlewares=proxyHeader@file,proxyError@file"
@ -48,6 +48,8 @@ services:
- "traefik.http.services.woodpecker-grpc.loadbalancer.server.port=8084"
- "traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c"
- "traefik.http.routers.woodpecker-grpc-secure.rule=Host(`grpc.build.net.enpls.org`)"
- "traefik.http.routers.woodpecker-grpc-secure.tls=true"
- "traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=defaultacme"
- "traefik.http.routers.woodpecker-grpc-secure.entrypoints=websecure"
- "traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc"
- "traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker"
@ -59,8 +61,7 @@ services:
image: postgres:14-alpine
restart: always
env_file:
- path: .env
required: false
- .env
networks:
- woodpecker
volumes: