From 4229392454a84badc759b1ae882d95455b91a11c Mon Sep 17 00:00:00 2001 From: debian Date: Sun, 8 Sep 2024 21:08:22 +0200 Subject: [PATCH] add ghost, radicale, make paperless public, add vps link --- docker-compose.yml | 2 + project/db/postgres/postgres.yml | 2 +- project/infrastructure/authelia/authelia.yml | 2 + project/infrastructure/traefik/traefik.yml | 1 + project/service/ghost/ghost.yml | 33 ++++++++++++++++ project/service/home-assistant/ha-addon | 1 + project/service/overleaf-toolkit | 1 + .../service/paperless-ngx/paperless-ngx.yml | 22 ++++++----- project/service/radicale/radicale.yml | 39 +++++++++++++++++++ 9 files changed, 93 insertions(+), 10 deletions(-) create mode 100644 project/service/ghost/ghost.yml create mode 160000 project/service/home-assistant/ha-addon create mode 160000 project/service/overleaf-toolkit create mode 100644 project/service/radicale/radicale.yml diff --git a/docker-compose.yml b/docker-compose.yml index c6ceb1d..dd62e9b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,11 +43,13 @@ include: - ${SERVICE_PATH}/freshrss/freshrss.yml - ${SERVICE_PATH}/gitea/gitea.yml - ${SERVICE_PATH}/home-assistant/home-assistant.yml + - ${SERVICE_PATH}/ghost/ghost.yml - ${SERVICE_PATH}/home-assistant/ha-addon/ha-ewelink-addon.yml - ${SERVICE_PATH}/it-tools/it-tools.yml - ${SERVICE_PATH}/jupyter-notebook/jupyter-notebook.yml - ${SERVICE_PATH}/mealie/mealie.yml - ${SERVICE_PATH}/paperless-ngx/paperless-ngx.yml + - ${SERVICE_PATH}/radicale/radicale.yml - ${SERVICE_PATH}/shlink/shlink.yml - ${SERVICE_PATH}/sponsorblock/sponsorblock.yml - ${SERVICE_PATH}/stirling-pdf/stirling-pdf.yml diff --git a/project/db/postgres/postgres.yml b/project/db/postgres/postgres.yml index ef01ba5..2e57ba1 100644 --- a/project/db/postgres/postgres.yml +++ b/project/db/postgres/postgres.yml @@ -32,7 +32,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: postgres-with-pg-vector - image: tensorchord/pgvecto-rs:pg16-v0.2.1-alpha.2 + image: tensorchord/pgvecto-rs:pg16-v0.3.0 ports: - 5433:5432 networks: diff --git a/project/infrastructure/authelia/authelia.yml b/project/infrastructure/authelia/authelia.yml index 5c28dd8..cd4acf8 100644 --- a/project/infrastructure/authelia/authelia.yml +++ b/project/infrastructure/authelia/authelia.yml @@ -30,6 +30,8 @@ services: AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet volumes: - ${INFRA_PATH}/authelia/config:/config + - ${INFRA_PATH}/authelia/config:/config + - "/var/log/authelia/:/config/log" labels: # Watchtower - "com.centurylinklabs.watchtower.enable=true" diff --git a/project/infrastructure/traefik/traefik.yml b/project/infrastructure/traefik/traefik.yml index baac9c2..8094fb0 100644 --- a/project/infrastructure/traefik/traefik.yml +++ b/project/infrastructure/traefik/traefik.yml @@ -13,6 +13,7 @@ services: - ip6net - ip4net environment: + TRAEFIK_EMAIL: ${EMAIL} TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN} TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN} diff --git a/project/service/ghost/ghost.yml b/project/service/ghost/ghost.yml new file mode 100644 index 0000000..14efabe --- /dev/null +++ b/project/service/ghost/ghost.yml @@ -0,0 +1,33 @@ +services: + ghost: + extends: + file: ${TEMPLATES_PATH} + service: default + image: ghost:latest + container_name: ghost + ports: + - 4016:2368 + environment: + # see https://ghost.org/docs/config/#configuration-options + database__client: mysql + database__connection__host: mysql-ghost + database__connection__user: root + database__connection__password: example + database__connection__database: ghost + # this url value is just an example, and is likely wrong for your environment! + url: http://192.168.1.38:4016 + # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired) + NODE_ENV: development + volumes: + - ${SERVICE_PATH}/ghost/data/ghost:/var/lib/ghost/content + + mysql-ghost: + extends: + file: ${TEMPLATES_PATH} + service: default + image: mysql:8.0 + container_name: mysql-ghost + environment: + MYSQL_ROOT_PASSWORD: example + volumes: + - ${SERVICE_PATH}/ghost/data/db:/var/lib/mysql \ No newline at end of file diff --git a/project/service/home-assistant/ha-addon b/project/service/home-assistant/ha-addon new file mode 160000 index 0000000..032fb20 --- /dev/null +++ b/project/service/home-assistant/ha-addon @@ -0,0 +1 @@ +Subproject commit 032fb202d4893b552db32a259618ff5ca8ae31e3 diff --git a/project/service/overleaf-toolkit b/project/service/overleaf-toolkit new file mode 160000 index 0000000..c7a9593 --- /dev/null +++ b/project/service/overleaf-toolkit @@ -0,0 +1 @@ +Subproject commit c7a9593809a1715a394cf043363996987dff78af diff --git a/project/service/paperless-ngx/paperless-ngx.yml b/project/service/paperless-ngx/paperless-ngx.yml index 4739316..673011d 100644 --- a/project/service/paperless-ngx/paperless-ngx.yml +++ b/project/service/paperless-ngx/paperless-ngx.yml @@ -8,7 +8,7 @@ services: ports: - "4009:8000" networks: - - ip4net + - ip6net volumes: - ${EXTERNAL_STORAGE}/paperless-ngx/data:/usr/src/paperless/data - ${EXTERNAL_STORAGE}/paperless-ngx/media:/usr/src/paperless/media @@ -23,23 +23,27 @@ services: PAPERLESS_DBUSER: paperless PAPERLESS_DBPASS: ${PAPERLESS_DB_PASSWORD} # Paperless var - PAPERLESS_URL: https://paperless.${LOCAL_DOMAIN} - PAPERLESS_ALLOWED_HOSTS: ${LOCAL_DOMAIN} + PAPERLESS_URL: https://paperless.${PUBLIC_DOMAIN} + PAPERLESS_ALLOWED_HOSTS: ${PUBLIC_DOMAIN},192.168.1.38,"2a04:ee41:86:9397:844f:f9ff:fe5c:e416" PAPERLESS_OCR_LANGUAGE: fra+eng+deu # Admin user when not OIDC PAPERLESS_ADMIN_USER: chris PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} - # # OIDC + # OIDC + # PAPERLESS_DISABLE_REGULAR_LOGIN: true # PAPERLESS_ENABLE_HTTP_REMOTE_USER: true - # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: false - # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN} + # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER + # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.crescentec.xyz/logout + # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect" + # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}' labels: # Watchtower - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - - "traefik.http.routers.paperless.rule=Host(`paperless.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.paperless.entrypoints=https" + - "traefik.http.routers.paperless.tls.certresolver=myresolver" - "traefik.http.routers.paperless.tls=true" - # # Middlewares - # - "traefik.http.routers.paperless.middlewares=authelia@file" \ No newline at end of file + # Middlewares + - "traefik.http.routers.paperless.middlewares=crowdsec-bouncer@file" \ No newline at end of file diff --git a/project/service/radicale/radicale.yml b/project/service/radicale/radicale.yml new file mode 100644 index 0000000..8f200fe --- /dev/null +++ b/project/service/radicale/radicale.yml @@ -0,0 +1,39 @@ +services: + radicale: + extends: + file: ${TEMPLATES_PATH} + service: default + image: tomsquest/docker-radicale + container_name: radicale + ports: + - 4017:5232 + networks: + - ip6net + init: true + read_only: true + cap_drop: + - ALL + cap_add: + - SETUID + - CHOWN + - SETGID + - KILL + # healthcheck: + # test: curl -f http://127.0.0.1:5232 || exit 1 + # interval: 30s + # retries: 3 + volumes: + - ${SERVICE_PATH}/radicale/data:/data/ + - ${SERVICE_PATH}/radicale/config:/data/ + + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.radicale.entrypoints=https" + - "traefik.http.routers.radicale.tls.certresolver=myresolver" + - "traefik.http.routers.radicale.tls=true" + # Middlewares + - "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file" \ No newline at end of file