add ghost, radicale, make paperless public, add vps link

2024-09-08 21:08:22 +02:00
parent 61682090cb
commit 4229392454
9 changed files with 93 additions and 10 deletions
--- a/project/service/ghost/ghost.yml
+++ b/project/service/ghost/ghost.yml
@@ -0,0 +1,33 @@
+services:
+  ghost:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghost:latest
+    container_name: ghost
+    ports:
+      - 4016:2368
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: mysql-ghost
+      database__connection__user: root
+      database__connection__password: example
+      database__connection__database: ghost
+      # this url value is just an example, and is likely wrong for your environment!
+      url: http://192.168.1.38:4016
+      # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
+      NODE_ENV: development
+    volumes:
+      - ${SERVICE_PATH}/ghost/data/ghost:/var/lib/ghost/content
+
+  mysql-ghost:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mysql:8.0
+    container_name: mysql-ghost
+    environment:
+      MYSQL_ROOT_PASSWORD: example
+    volumes:
+      - ${SERVICE_PATH}/ghost/data/db:/var/lib/mysql
--- a/project/service/home-assistant/ha-addon
+++ b/project/service/home-assistant/ha-addon
--- a/project/service/overleaf-toolkit
+++ b/project/service/overleaf-toolkit
--- a/project/service/paperless-ngx/paperless-ngx.yml
+++ b/project/service/paperless-ngx/paperless-ngx.yml
@@ -8,7 +8,7 @@ services:
    ports:
      - "4009:8000"
    networks:
-      - ip4net
+      - ip6net
    volumes:
      - ${EXTERNAL_STORAGE}/paperless-ngx/data:/usr/src/paperless/data
      - ${EXTERNAL_STORAGE}/paperless-ngx/media:/usr/src/paperless/media
@@ -23,23 +23,27 @@ services:
      PAPERLESS_DBUSER: paperless
      PAPERLESS_DBPASS: ${PAPERLESS_DB_PASSWORD}
      # Paperless var
-      PAPERLESS_URL: https://paperless.${LOCAL_DOMAIN}
-      PAPERLESS_ALLOWED_HOSTS: ${LOCAL_DOMAIN}
+      PAPERLESS_URL: https://paperless.${PUBLIC_DOMAIN}
+      PAPERLESS_ALLOWED_HOSTS: ${PUBLIC_DOMAIN},192.168.1.38,"2a04:ee41:86:9397:844f:f9ff:fe5c:e416"
      PAPERLESS_OCR_LANGUAGE: fra+eng+deu
      # Admin user when not OIDC
      PAPERLESS_ADMIN_USER: chris
      PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD}
-      # # OIDC
+      # OIDC
+      # PAPERLESS_DISABLE_REGULAR_LOGIN: true
      # PAPERLESS_ENABLE_HTTP_REMOTE_USER: true
-      # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: false
-      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN}
+      # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER
+      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.crescentec.xyz/logout
+      # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+      # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}'
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
-      - "traefik.http.routers.paperless.rule=Host(`paperless.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.paperless.entrypoints=https"
+      - "traefik.http.routers.paperless.tls.certresolver=myresolver"
      - "traefik.http.routers.paperless.tls=true"
-      # # Middlewares
-      # - "traefik.http.routers.paperless.middlewares=authelia@file"
+      # Middlewares
+      - "traefik.http.routers.paperless.middlewares=crowdsec-bouncer@file"
--- a/project/service/radicale/radicale.yml
+++ b/project/service/radicale/radicale.yml
@@ -0,0 +1,39 @@
+services:
+  radicale:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: tomsquest/docker-radicale
+    container_name: radicale
+    ports:
+      - 4017:5232
+    networks:
+      - ip6net
+    init: true
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - CHOWN
+      - SETGID
+      - KILL
+    # healthcheck:
+    #   test: curl -f http://127.0.0.1:5232 || exit 1
+    #   interval: 30s
+    #   retries: 3
+    volumes:
+      - ${SERVICE_PATH}/radicale/data:/data/
+      - ${SERVICE_PATH}/radicale/config:/data/
+
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.radicale.entrypoints=https"
+      - "traefik.http.routers.radicale.tls.certresolver=myresolver"
+      - "traefik.http.routers.radicale.tls=true"
+      # Middlewares
+      - "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file"