chriswin/home-server-docker
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: chriswin:renovate/ghcr.io-kiwix-kiwix-serve-3.x
Branches Tags
chriswin:main chriswin:renovate/n8nio-n8n-2.x chriswin:renovate/ghost-6.x chriswin:renovate/ghcr.io-kiwix-kiwix-serve-3.x
..
compare: chriswin:eacd8410cdd7328bd045b7614f56d67343957704
Branches Tags
chriswin:main chriswin:renovate/n8nio-n8n-2.x chriswin:renovate/ghost-6.x chriswin:renovate/ghcr.io-kiwix-kiwix-serve-3.x

1 Commits
renovate/g ... eacd8410cd

Author SHA1 Message Date
Renovate Bot
eacd8410cd Update amir20/dozzle Docker tag to v9 2026-01-08 00:02:44 +00:00
60 changed files with 788 additions and 373 deletions
Expand all files Collapse all files

18
.gitignore vendored
View File

@@ -1,18 +0,0 @@
# ignore ALL .log files
*.env
*.log
# ignore submodules
project/service/overleaf-toolkit
project/service/superset
# ignore ALL files in ANY directory named temp
data/
secrets/
letsencrypt/
config/
certs/
init/
meili_data/
log-dashboard/
mousehole/

5
Crescentec-network.excalidraw.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 18 MiB

7
LICENSE
View File

@@ -1,7 +0,0 @@
Copyright 2025 chriswin
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

3
README.md
View File

@@ -1,3 +0,0 @@
## Home network:
![Alt text](Crescentec-network.excalidraw.svg?raw=true "Title")

2
docker-compose.yml
View File

@@ -7,7 +7,6 @@
include: include:
- path: - path:
- ${DB_PATH}/adminer/adminer.yml - ${DB_PATH}/adminer/adminer.yml
- ${DB_PATH}/databasus/databasus.yml
- ${DB_PATH}/lldap/lldap.yml - ${DB_PATH}/lldap/lldap.yml
- ${DB_PATH}/mariadb/mariadb.yml - ${DB_PATH}/mariadb/mariadb.yml
- ${DB_PATH}/postgres/postgres.yml - ${DB_PATH}/postgres/postgres.yml
@@ -17,6 +16,7 @@ include:
- path: - path:
- ${INFRA_PATH}/authelia/authelia.yml - ${INFRA_PATH}/authelia/authelia.yml
- ${INFRA_PATH}/crowdsec/crowdsec.yml
- ${INFRA_PATH}/homepage/homepage.yml - ${INFRA_PATH}/homepage/homepage.yml
- ${INFRA_PATH}/ntfy/ntfy.yml - ${INFRA_PATH}/ntfy/ntfy.yml
- ${INFRA_PATH}/speedtest/speedtest.yml - ${INFRA_PATH}/speedtest/speedtest.yml

2
project/db/adminer/adminer.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: adminer:5.4.2 image: adminer:5.4.1
container_name: adminer container_name: adminer
ports: ports:
- 8085:8080 - 8085:8080

19
project/db/databasus/databasus.yml
View File

@@ -1,19 +0,0 @@
services:
databasus:
extends:
file: ${TEMPLATES_PATH}
service: default
image: databasus/databasus:v3.19.2
container_name: databasus
ports:
- 8086:4005
networks:
- ip4net
volumes:
- ${DB_PATH}/databasus/data:/databasus-data
labels:
# Traefik
- "traefik.enable=true"
- "traefik.http.routers.databasus.rule=Host(`databasus.${LOCAL_DOMAIN}`)"
- "traefik.http.routers.databasus.entrypoints=https"
- "traefik.http.routers.databasus.tls=true"

3
project/db/lldap/lldap.yml
View File

@@ -39,6 +39,9 @@ services:
- "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.lldap.entrypoints=https" - "traefik.http.routers.lldap.entrypoints=https"
- "traefik.http.routers.lldap.tls=true" - "traefik.http.routers.lldap.tls=true"
- "traefik.http.routers.lldap.tls.certresolver=myresolver"
- "traefik.http.routers.lldap.service=lldap-service" - "traefik.http.routers.lldap.service=lldap-service"
- "traefik.http.services.lldap-service.loadbalancer.server.port=17170" - "traefik.http.services.lldap-service.loadbalancer.server.port=17170"
- "traefik.http.services.lldap-service.loadbalancer.server.scheme=http" - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http"
# middlewares
- "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file"

2
project/db/mariadb/mariadb.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: mariadb:12.2.2 image: mariadb:12.1.2
container_name: mariadb container_name: mariadb
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
networks: networks:

2
project/db/pgadmin/pgadmin.yml
View File

@@ -7,7 +7,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: pgadmin container_name: pgadmin
image: dpage/pgadmin4:9.13.0 image: dpage/pgadmin4:9.11.0
ports: ports:
- 8082:80 - 8082:80
networks: networks:

2
project/db/redis/redis.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: redis container_name: redis
image: redis:8.6.1 image: redis:8.4.0
networks: networks:
- ip4net - ip4net
- ip6net - ip6net

3
project/infrastructure/authelia/authelia.yml
View File

@@ -36,7 +36,10 @@ services:
# Traefik # Traefik
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.authelia.tls.certresolver=myresolver"
- "traefik.http.routers.authelia.entryPoints=https" - "traefik.http.routers.authelia.entryPoints=https"
- "traefik.http.routers.authelia.tls=true" - "traefik.http.routers.authelia.tls=true"
- "traefik.http.routers.authelia.service=authelia-svc" - "traefik.http.routers.authelia.service=authelia-svc"
- "traefik.http.services.authelia-svc.loadbalancer.server.port=9091" - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091"
# Middleware
- "traefik.http.routers.authelia.middlewares=crowdsec-bouncer@file"

2
project/infrastructure/crowdsec/crowdsec.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: crowdsec container_name: crowdsec
image: crowdsecurity/crowdsec:v1.7.6 image: crowdsecurity/crowdsec:v1.7.4
environment: environment:
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY} CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}

3
project/infrastructure/homepage/homepage.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/gethomepage/homepage:v1.10.1 image: ghcr.io/gethomepage/homepage:v1.8.0
container_name: homepage container_name: homepage
ports: ports:
- 3030:3000 - 3030:3000
@@ -12,7 +12,6 @@ services:
environment: environment:
HOMEPAGE_VAR_LOCAL_DOMAIN: ${LOCAL_DOMAIN} HOMEPAGE_VAR_LOCAL_DOMAIN: ${LOCAL_DOMAIN}
HOMEPAGE_VAR_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} HOMEPAGE_VAR_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
HOMEPAGE_VAR_LOCAL_VPS_DOMAIN: ${VPS_DOMAIN}
HOMEPAGE_ALLOWED_HOSTS: homepage.${LOCAL_DOMAIN}, 192.168.178.35:3030 HOMEPAGE_ALLOWED_HOSTS: homepage.${LOCAL_DOMAIN}, 192.168.178.35:3030
volumes: volumes:
- ${INFRA_PATH}/homepage/config:/app/config - ${INFRA_PATH}/homepage/config:/app/config

4
project/infrastructure/ntfy/ntfy.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: ntfy container_name: ntfy
image: binwiederhier/ntfy:v2.18.0 image: binwiederhier/ntfy:v2.15.0
ports: ports:
- "4023:80" - "4023:80"
networks: networks:
@@ -21,3 +21,5 @@ services:
- "traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.ntfy.entrypoints=https" - "traefik.http.routers.ntfy.entrypoints=https"
- "traefik.http.routers.ntfy.tls=true" - "traefik.http.routers.ntfy.tls=true"
# Middlewares
- "traefik.http.routers.ntfy.middlewares=crowdsec-bouncer@file"

4
project/infrastructure/syncthing/syncthing.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: syncthing/syncthing:2.0.15 image: syncthing/syncthing:2.0.13
container_name: syncthing container_name: syncthing
volumes: volumes:
- ${EXTERNAL_STORAGE}/notes/Obsidian-sync:/var/syncthing-data/Obsidian-sync - ${EXTERNAL_STORAGE}/notes/Obsidian-sync:/var/syncthing-data/Obsidian-sync
@@ -25,3 +25,5 @@ services:
- "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls=true"
- "traefik.http.routers.syncthing.service=syncthing-svc" - "traefik.http.routers.syncthing.service=syncthing-svc"
- "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384" - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384"
# Middlewares
#- "traefik.http.routers.syncthing.middlewares=crowdsec-bouncer@file"

329
project/infrastructure/traefik/html/ban.html Normal file
View File

@@ -0,0 +1,329 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>CrowdSec Access Forbidden</title>
<meta content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<style>
/*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
*,
:after,
:before {
border: 0 solid #e5e7eb;
box-sizing: border-box
}
:after,
:before {
--tw-content: ""
}
html {
-webkit-text-size-adjust: 100%;
font-feature-settings: normal;
font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
line-height: 1.5;
-moz-tab-size: 4;
-o-tab-size: 4;
tab-size: 4
}
body {
line-height: inherit;
margin: 0
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-size: inherit;
font-weight: inherit
}
a {
color: inherit;
text-decoration: inherit
}
h1,
h2,
h3,
h4,
h5,
h6,
hr,
p,
pre {
margin: 0
}
*,
::backdrop,
:after,
:before {
--tw-border-spacing-x: 0;
--tw-border-spacing-y: 0;
--tw-translate-x: 0;
--tw-translate-y: 0;
--tw-rotate: 0;
--tw-skew-x: 0;
--tw-skew-y: 0;
--tw-scale-x: 1;
--tw-scale-y: 1;
--tw-pan-x: ;
--tw-pan-y: ;
--tw-pinch-zoom: ;
--tw-scroll-snap-strictness: proximity;
--tw-ordinal: ;
--tw-slashed-zero: ;
--tw-numeric-figure: ;
--tw-numeric-spacing: ;
--tw-numeric-fraction: ;
--tw-ring-inset: ;
--tw-ring-offset-width: 0px;
--tw-ring-offset-color: #fff;
--tw-ring-color: #3b82f680;
--tw-ring-offset-shadow: 0 0 #0000;
--tw-ring-shadow: 0 0 #0000;
--tw-shadow: 0 0 #0000;
--tw-shadow-colored: 0 0 #0000;
--tw-blur: ;
--tw-brightness: ;
--tw-contrast: ;
--tw-grayscale: ;
--tw-hue-rotate: ;
--tw-invert: ;
--tw-saturate: ;
--tw-sepia: ;
--tw-drop-shadow: ;
--tw-backdrop-blur: ;
--tw-backdrop-brightness: ;
--tw-backdrop-contrast: ;
--tw-backdrop-grayscale: ;
--tw-backdrop-hue-rotate: ;
--tw-backdrop-invert: ;
--tw-backdrop-opacity: ;
--tw-backdrop-saturate: ;
--tw-backdrop-sepia:
}
.flex {
display: flex
}
.flex-wrap {
flex-wrap: wrap
}
.inline-flex {
display: inline-flex
}
.h-24 {
height: 6rem
}
.h-6 {
height: 1.5rem
}
.h-full {
height: 100%
}
.h-screen {
height: 100vh
}
.text-center {
text-align: center
}
.w-24 {
width: 6rem
}
.w-6 {
width: 1.5rem
}
.w-full {
width: 100%
}
.w-screen {
width: 100vw
}
.my-3 {
margin-top: 0.75rem;
margin-bottom: 0.75rem
}
.flex-col {
flex-direction: column
}
.items-center {
align-items: center
}
.justify-center {
justify-content: center
}
.justify-between {
justify-content: space-between
}
.space-y-1>:not([hidden])~:not([hidden]) {
--tw-space-y-reverse: 0;
margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
}
.space-y-4>:not([hidden])~:not([hidden]) {
--tw-space-y-reverse: 0;
margin-bottom: calc(1rem*var(--tw-space-y-reverse));
margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
}
.rounded-xl {
border-radius: .75rem
}
.border-2 {
border-width: 2px
}
.border-black {
--tw-border-opacity: 1;
border-color: rgb(0 0 0/var(--tw-border-opacity))
}
.p-4 {
padding: 1rem
}
.px-4 {
padding-left: 1rem;
padding-right: 1rem
}
.py-2 {
padding-bottom: .5rem;
padding-top: .5rem
}
.text-2xl {
font-size: 1.5rem;
line-height: 2rem
}
.text-sm {
font-size: .875rem;
line-height: 1.25rem
}
.text-xl {
font-size: 1.25rem;
line-height: 1.75rem
}
.font-bold {
font-weight: 700
}
.text-white {
--tw-text-opacity: 1;
color: rgb(255 255 255/var(--tw-text-opacity))
}
@media (min-width:640px) {
.sm\:w-2\/3 {
width: 66.666667%
}
}
@media (min-width:768px) {
.md\:flex-row {
flex-direction: row
}
}
@media (min-width:1024px) {
.lg\:w-1\/2 {
width: 50%
}
.lg\:text-3xl {
font-size: 1.875rem;
line-height: 2.25rem
}
.lg\:text-xl {
font-size: 1.25rem;
line-height: 1.75rem
}
}
@media (min-width:1280px) {
.xl\:text-4xl {
font-size: 2.25rem;
line-height: 2.5rem
}
}
</style>
</head>
<body class="h-screen w-screen p-4">
<div class="h-full w-full flex flex-col justify-center items-center">
<div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
<div class="flex flex-col items-center space-y-4">
<svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
class="warning">
<path
d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
</path>
</svg>
<h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Access Forbidden</h1>
</div>
<div class="flex justify-center flex-wrap">
<p class="my-3">This security check has been powered by</p>
<a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
<svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
<defs>
<clipPath id="a">
<path d="M0 52h84v201.2H0zm0 0" />
</clipPath>
<clipPath id="b">
<path d="M170 52h84.4v201.2H170zm0 0" />
</clipPath>
</defs>
<path
d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
<path
d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
<g clip-path="url(#a)">
<path
d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
</g>
<g clip-path="url(#b)">
<path
d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
</g>
<path
d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
</svg>
<span>CrowdSec</span>
</a>
</div>
</div>
</div>
</body>
</html>

338
project/infrastructure/traefik/html/captcha.html Normal file
View File

@@ -0,0 +1,338 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>CrowdSec Captcha</title>
<meta content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<style>
/*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
*,
:after,
:before {
border: 0 solid #e5e7eb;
box-sizing: border-box
}
:after,
:before {
--tw-content: ""
}
html {
-webkit-text-size-adjust: 100%;
font-feature-settings: normal;
font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
line-height: 1.5;
-moz-tab-size: 4;
-o-tab-size: 4;
tab-size: 4
}
body {
line-height: inherit;
margin: 0
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-size: inherit;
font-weight: inherit
}
a {
color: inherit;
text-decoration: inherit
}
h1,
h2,
h3,
h4,
h5,
h6,
hr,
p,
pre {
margin: 0
}
*,
::backdrop,
:after,
:before {
--tw-border-spacing-x: 0;
--tw-border-spacing-y: 0;
--tw-translate-x: 0;
--tw-translate-y: 0;
--tw-rotate: 0;
--tw-skew-x: 0;
--tw-skew-y: 0;
--tw-scale-x: 1;
--tw-scale-y: 1;
--tw-pan-x: ;
--tw-pan-y: ;
--tw-pinch-zoom: ;
--tw-scroll-snap-strictness: proximity;
--tw-ordinal: ;
--tw-slashed-zero: ;
--tw-numeric-figure: ;
--tw-numeric-spacing: ;
--tw-numeric-fraction: ;
--tw-ring-inset: ;
--tw-ring-offset-width: 0px;
--tw-ring-offset-color: #fff;
--tw-ring-color: #3b82f680;
--tw-ring-offset-shadow: 0 0 #0000;
--tw-ring-shadow: 0 0 #0000;
--tw-shadow: 0 0 #0000;
--tw-shadow-colored: 0 0 #0000;
--tw-blur: ;
--tw-brightness: ;
--tw-contrast: ;
--tw-grayscale: ;
--tw-hue-rotate: ;
--tw-invert: ;
--tw-saturate: ;
--tw-sepia: ;
--tw-drop-shadow: ;
--tw-backdrop-blur: ;
--tw-backdrop-brightness: ;
--tw-backdrop-contrast: ;
--tw-backdrop-grayscale: ;
--tw-backdrop-hue-rotate: ;
--tw-backdrop-invert: ;
--tw-backdrop-opacity: ;
--tw-backdrop-saturate: ;
--tw-backdrop-sepia:
}
.flex {
display: flex
}
.flex-wrap {
flex-wrap: wrap
}
.inline-flex {
display: inline-flex
}
.h-24 {
height: 6rem
}
.h-6 {
height: 1.5rem
}
.h-full {
height: 100%
}
.h-screen {
height: 100vh
}
.text-center {
text-align: center
}
.w-24 {
width: 6rem
}
.w-6 {
width: 1.5rem
}
.w-full {
width: 100%
}
.w-screen {
width: 100vw
}
.my-3 {
margin-top: 0.75rem;
margin-bottom: 0.75rem
}
.flex-col {
flex-direction: column
}
.items-center {
align-items: center
}
.justify-center {
justify-content: center
}
.justify-between {
justify-content: space-between
}
.space-y-1>:not([hidden])~:not([hidden]) {
--tw-space-y-reverse: 0;
margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
}
.space-y-4>:not([hidden])~:not([hidden]) {
--tw-space-y-reverse: 0;
margin-bottom: calc(1rem*var(--tw-space-y-reverse));
margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
}
.rounded-xl {
border-radius: .75rem
}
.border-2 {
border-width: 2px
}
.border-black {
--tw-border-opacity: 1;
border-color: rgb(0 0 0/var(--tw-border-opacity))
}
.p-4 {
padding: 1rem
}
.px-4 {
padding-left: 1rem;
padding-right: 1rem
}
.py-2 {
padding-bottom: .5rem;
padding-top: .5rem
}
.text-2xl {
font-size: 1.5rem;
line-height: 2rem
}
.text-sm {
font-size: .875rem;
line-height: 1.25rem
}
.text-xl {
font-size: 1.25rem;
line-height: 1.75rem
}
.font-bold {
font-weight: 700
}
.text-white {
--tw-text-opacity: 1;
color: rgb(255 255 255/var(--tw-text-opacity))
}
@media (min-width:640px) {
.sm\:w-2\/3 {
width: 66.666667%
}
}
@media (min-width:768px) {
.md\:flex-row {
flex-direction: row
}
}
@media (min-width:1024px) {
.lg\:w-1\/2 {
width: 50%
}
.lg\:text-3xl {
font-size: 1.875rem;
line-height: 2.25rem
}
.lg\:text-xl {
font-size: 1.25rem;
line-height: 1.75rem
}
}
@media (min-width:1280px) {
.xl\:text-4xl {
font-size: 2.25rem;
line-height: 2.5rem
}
}
</style>
<script src="{{ .FrontendJS }}" async defer></script>
</head>
<body class="h-screen w-screen p-4">
<div class="h-full w-full flex flex-col justify-center items-center">
<div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
<div class="flex flex-col items-center space-y-4">
<svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
class="warning">
<path
d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
</path>
</svg>
<h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Captcha</h1>
</div>
<form action="" method="POST" class="flex flex-col space-y-1" id="captcha-form">
<div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
</div>
</form>
<div class="flex justify-center flex-wrap">
<p class="my-3">This security check has been powered by</p>
<a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
<svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
<defs>
<clipPath id="a">
<path d="M0 52h84v201.2H0zm0 0" />
</clipPath>
<clipPath id="b">
<path d="M170 52h84.4v201.2H170zm0 0" />
</clipPath>
</defs>
<path
d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
<path
d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
<g clip-path="url(#a)">
<path
d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
</g>
<g clip-path="url(#b)">
<path
d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
</g>
<path
d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
</svg>
<span>CrowdSec</span>
</a>
</div>
</div>
</div>
<script>
function captchaCallback() {
setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
}
</script>
</body>
</html>

6
project/infrastructure/traefik/traefik.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: traefik:v3.6.10 image: traefik:v3.6.6
container_name: traefik container_name: traefik
ports: ports:
- "80:80" - "80:80"
@@ -15,12 +15,12 @@ services:
environment: environment:
TRAEFIK_EMAIL: ${EMAIL} TRAEFIK_EMAIL: ${EMAIL}
TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN} TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN}
TRAEFIK_VPS_DOMAIN: ${VPS_DOMAIN}
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN} TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN}
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN} INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
volumes: volumes:
- "/var/log/traefik/:/var/log/traefik/" - "/var/log/crowdsec/:/var/log/crowdsec/"
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
- "${INFRA_PATH}/traefik/letsencrypt:/letsencrypt" - "${INFRA_PATH}/traefik/letsencrypt:/letsencrypt"
- "${INFRA_PATH}/traefik/config:/etc/traefik" - "${INFRA_PATH}/traefik/config:/etc/traefik"

2
project/infrastructure/uptime-kuma/uptime-kuma.yml
View File

@@ -5,7 +5,7 @@ services:
# extends: # extends:
# file: ${TEMPLATES_PATH} # file: ${TEMPLATES_PATH}
# service: default # service: default
image: louislam/uptime-kuma:2.2.1 image: louislam/uptime-kuma:2.0.2
container_name: uptime-kuma container_name: uptime-kuma
restart: unless-stopped restart: unless-stopped
security_opt: security_opt:

26
project/infrastructure/watchtower/watchtower.yml Normal file
View File

@@ -0,0 +1,26 @@
services:
watchtower:
extends:
file: ${TEMPLATES_PATH}
service: default
image: containrrr/watchtower:latest
container_name: watchtower
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_POLL_INTERVAL=43200 # 12h
- WATCHTOWER_INCLUDE_RESTARTING=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_HTTP_API_METRICS=true
- WATCHTOWER_HTTP_API_TOKEN=mytoken
- WATCHTOWER_HTTP_API_UPDATE=true
- WATCHTOWER_HTTP_API_PERIODIC_POLLS=true
ports:
- 7999:8080
networks:
- ip4net
volumes:
# - ${INFRA_PATH}/watchtower/config:/config.json
- /var/run/docker.sock:/var/run/docker.sock
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"

5
project/media/audiobookshelf/audiobookshelf.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/advplyr/audiobookshelf:2.33.0 image: ghcr.io/advplyr/audiobookshelf:2.32.1
container_name: audiobookshelf container_name: audiobookshelf
ports: ports:
- 13378:80 - 13378:80
@@ -18,4 +18,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.audiobookshelf.entrypoints=https" - "traefik.http.routers.audiobookshelf.entrypoints=https"
- "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
- "traefik.http.routers.audiobookshelf.tls=true" - "traefik.http.routers.audiobookshelf.tls=true"
# Middlewares
- "traefik.http.routers.audiobookshelf.middlewares=crowdsec-bouncer@file"

4
project/media/calibre/calibre.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: lscr.io/linuxserver/calibre:9.4.0 image: lscr.io/linuxserver/calibre:8.16.2
container_name: calibre container_name: calibre
environment: environment:
- PASSWORD= #optional - PASSWORD= #optional
@@ -29,7 +29,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: lscr.io/linuxserver/calibre-web:0.6.26 image: lscr.io/linuxserver/calibre-web:0.6.25
container_name: calibre-web container_name: calibre-web
environment: environment:
- DOCKER_MODS=linuxserver/mods:universal-calibre #optional - DOCKER_MODS=linuxserver/mods:universal-calibre #optional

13
project/media/immich/immich.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: immich_server container_name: immich_server
image: ghcr.io/immich-app/immich-server:v2.5.6 image: ghcr.io/immich-app/immich-server:v2.4.1
environment: environment:
DB_PASSWORD: ${IMMICH_DB_PASSWORD} DB_PASSWORD: ${IMMICH_DB_PASSWORD}
DB_HOSTNAME: postgres-with-pg-vector DB_HOSTNAME: postgres-with-pg-vector
@@ -25,14 +25,17 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.immich-server.rule=Host(`immich.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.immich-server.rule=Host(`immich.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.immich-server.entrypoints=https" - "traefik.http.routers.immich-server.entrypoints=https"
- "traefik.http.routers.immich-server.tls.certresolver=myresolver"
- "traefik.http.routers.immich-server.tls=true" - "traefik.http.routers.immich-server.tls=true"
# Middlewares
- "traefik.http.routers.immich-server.middlewares=crowdsec-bouncer@file"
immich-machine-learning: immich-machine-learning:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: immich_machine_learning container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:v2.5.6 image: ghcr.io/immich-app/immich-machine-learning:v2.4.1
ports: ports:
- 3003:3003 - 3003:3003
volumes: volumes:
@@ -40,15 +43,15 @@ services:
# https://github.com/Salvoxia/immich-folder-album-creator # https://github.com/Salvoxia/immich-folder-album-creator
# one time run: # one time run:
# docker run -e -e API_URL="https://immich.${PUBLIC_DOMAIN}/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh # docker run -e -e API_URL="https://immich.crescentec.xyz/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh
immich-folder-album-creator: immich-folder-album-creator:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: immich_folder_album_creator container_name: immich_folder_album_creator
image: salvoxia/immich-folder-album-creator:0.25.1 image: salvoxia/immich-folder-album-creator:0.24.0
environment: environment:
API_URL: https://immich.${PUBLIC_DOMAIN}/api API_URL: https://immich.crescentec.xyz/api
API_KEY: qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA API_KEY: qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA
ROOT_PATH: /usr/src/app/external ROOT_PATH: /usr/src/app/external
CRON_EXPRESSION: "0 * * * *" CRON_EXPRESSION: "0 * * * *"

2
project/media/kiwix/kiwix.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/kiwix/kiwix-serve:3.8.2 image: ghcr.io/kiwix/kiwix-serve:3.8.1
container_name: kiwix container_name: kiwix
ports: ports:
- 2009:8080 - 2009:8080

6
project/media/navidrome/navidrome.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: deluan/navidrome:0.60.3 image: deluan/navidrome:0.59.0
container_name: navidrome container_name: navidrome
ports: ports:
- 2011:4533 - 2011:4533
@@ -22,8 +22,8 @@ services:
- "traefik.http.routers.navidrome.entrypoints=https" - "traefik.http.routers.navidrome.entrypoints=https"
- "traefik.http.routers.navidrome.tls=true" - "traefik.http.routers.navidrome.tls=true"
# Middlewares # Middlewares
- "traefik.http.routers.navidrome.middlewares=authelia@file" - "traefik.http.routers.navidrome.middlewares=crowdsec-bouncer@file, authelia@file"
# Subsonic endpoint use basic authentication middleware from authelia # Subsonic endpoint use basic authentication middleware from authelia
- "traefik.http.routers.navidrome-subsonic.rule=Host(`navidrome.${PUBLIC_DOMAIN}`) && PathPrefix(`/rest/`) && !Query(`c`, `NavidromeUI`)" - "traefik.http.routers.navidrome-subsonic.rule=Host(`navidrome.${PUBLIC_DOMAIN}`) && PathPrefix(`/rest/`) && !Query(`c`, `NavidromeUI`)"
- "traefik.http.routers.navidrome-subsonic.entrypoints=https" - "traefik.http.routers.navidrome-subsonic.entrypoints=https"
- "traefik.http.routers.navidrome-subsonic.middlewares=authelia-basicauth@file, subsonic-basicauth@file" - "traefik.http.routers.navidrome-subsonic.middlewares=crowdsec-bouncer@file, authelia-basicauth@file, subsonic-basicauth@file"

9
project/media/prowlarr/prowlarr.yml
View File

@@ -18,12 +18,3 @@ services:
- "traefik.http.routers.prowlarr.entrypoints=https" - "traefik.http.routers.prowlarr.entrypoints=https"
- "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls=true"
mousehole:
extends:
file: ${TEMPLATES_PATH}
service: default
ports:
- 5010:5010
image: tmmrtn/mousehole:0.2.0
volumes:
- ${MEDIA_PATH}/prowlarr/mousehole:/srv/mousehole

2
project/media/slskd/slskd.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: slskd/slskd:0.24.5 image: slskd/slskd:0.24.1
container_name: slskd container_name: slskd
user: ${PUID}:${PGID} user: ${PUID}:${PGID}
ports: ports:

2
project/monitoring/dozzle/dozzle.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: dozzle container_name: dozzle
image: amir20/dozzle:v10.1.1 image: amir20/dozzle:v9.0.1
ports: ports:
- 8083:8080 - 8083:8080
networks: networks:

2
project/monitoring/grafana/grafana.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: grafana container_name: grafana
image: grafana/grafana-oss:12.4.1 image: grafana/grafana-oss:12.3.1
ports: ports:
- 8090:3000 - 8090:3000
networks: networks:

4
project/monitoring/loki/loki.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: loki container_name: loki
image: grafana/loki:3.6.7 image: grafana/loki:3.6.3
ports: ports:
- 8094:3100 - 8094:3100
networks: networks:
@@ -23,7 +23,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: promtail container_name: promtail
image: grafana/promtail:3.6.7 image: grafana/promtail:3.6.3
networks: networks:
- ip4net - ip4net
volumes: volumes:

2
project/monitoring/prometheus/prometheus.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: prometheus container_name: prometheus
image: prom/prometheus:v3.10.0 image: prom/prometheus:v3.9.0
ports: ports:
- 9090:9090 - 9090:9090
networks: networks:

5
project/service/freshrss/freshrss.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: freshrss/freshrss:1.28.1 image: freshrss/freshrss:1.28.0
container_name: freshrss container_name: freshrss
ports: ports:
- 4014:80 - 4014:80
@@ -21,3 +21,6 @@ services:
- "traefik.http.routers.freshrss.rule=Host(`rss.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.freshrss.rule=Host(`rss.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.freshrss.entrypoints=https" - "traefik.http.routers.freshrss.entrypoints=https"
- "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls=true"
- "traefik.http.routers.freshrss.tls.certresolver=myresolver"
# Middlewares
- "traefik.http.routers.freshrss.middlewares=crowdsec-bouncer@file"

2
project/service/ghost/ghost.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghost:6.20.0-alpine image: ghost:6.10.3-alpine
container_name: ghost container_name: ghost
ports: ports:
- 4016:2368 - 4016:2368

5
project/service/gitea/gitea.yml
View File

@@ -41,15 +41,18 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.gitea.entrypoints=https" - "traefik.http.routers.gitea.entrypoints=https"
- "traefik.http.routers.gitea.tls.certresolver=myresolver"
- "traefik.http.routers.gitea.tls=true" - "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.service=gitea-service" - "traefik.http.routers.gitea.service=gitea-service"
- "traefik.http.services.gitea-service.loadbalancer.server.port=4002" - "traefik.http.services.gitea-service.loadbalancer.server.port=4002"
# Middlewares
- "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file"
gitea-runner: gitea-runner:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: gitea/act_runner:0.3.0 image: gitea/act_runner:0.2.13
container_name: gitea_runner container_name: gitea_runner
depends_on: depends_on:
- gitea - gitea

2
project/service/home-assistant/home-assistant.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/home-assistant/home-assistant:2026.3.1 image: ghcr.io/home-assistant/home-assistant:2025.12.5
container_name: home-assistant container_name: home-assistant
networks: networks:
- ip4net - ip4net

6
project/service/linkwarden/linkwarden.yml
View File

@@ -45,9 +45,3 @@ services:
- MEILI_MASTER_KEY=${LINKWARDEN_MEILI_MASTER_KEY} - MEILI_MASTER_KEY=${LINKWARDEN_MEILI_MASTER_KEY}
volumes: volumes:
- ${SERVICE_PATH}/linkwarden/meili_data:/meili_data - ${SERVICE_PATH}/linkwarden/meili_data:/meili_data
# command:
# [
# "--master-key=${LINKWARDEN_MEILI_MASTER_KEY}",
# "--env=production",
# "--import-dump=${SERVICE_PATH}/linkwarden/meili_data/dumps/20260115-183317235.dump",
# ]

5
project/service/mealie/mealie.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/mealie-recipes/mealie:v3.12.0 image: ghcr.io/mealie-recipes/mealie:v3.9.2
container_name: mealie container_name: mealie
ports: ports:
- "4006:9000" - "4006:9000"
@@ -33,4 +33,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.mealie.entrypoints=https" - "traefik.http.routers.mealie.entrypoints=https"
- "traefik.http.routers.mealie.tls.certresolver=myresolver"
- "traefik.http.routers.mealie.tls=true" - "traefik.http.routers.mealie.tls=true"
# Middlewares
- "traefik.http.routers.mealie.middlewares=crowdsec-bouncer@file"

26
project/service/n8n/Dockerfile
View File

@@ -1,5 +1,5 @@
# Start with the official n8n image # Start with the official n8n image
FROM n8nio/n8n:2.10.2 FROM n8nio/n8n:2.3.0
# Copy apk and its deps from Alpine 3.23 # Copy apk and its deps from Alpine 3.23
COPY --from=alpine:3.23 /sbin/apk /sbin/apk COPY --from=alpine:3.23 /sbin/apk /sbin/apk
@@ -9,11 +9,7 @@ COPY --from=alpine:3.23 /usr/lib/libapk.so* /usr/lib/
USER root USER root
# Install Chromium and necessary dependencies for Puppeteer # Install Chromium and necessary dependencies for Puppeteer
RUN set -x \ RUN apk add --no-cache \
&& apk update \
&& apk upgrade \
&& apk add --no-cache \
udev \
chromium \ chromium \
nss \ nss \
freetype \ freetype \
@@ -27,25 +23,9 @@ RUN set -x \
# Set environment variable for Puppeteer to find Chromium # Set environment variable for Puppeteer to find Chromium
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
ENV XDG_CONFIG_HOME=/tmp/.chromium
ENV XDG_CACHE_HOME=/tmp/.chromium
# Install Puppeteer
RUN npm install puppeteer RUN npm install puppeteer
# Install restic and rclone for backups
RUN apk add --no-cache \
restic \
curl \
unzip
# Download and install rclone
RUN curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip \
&& unzip rclone-current-linux-amd64.zip \
&& cd rclone-*-linux-amd64 \
&& cp rclone /usr/local/bin/ \
&& chmod 755 /usr/local/bin/rclone \
&& cd .. && rm -rf rclone-*-linux-amd64*
# Revert back to non-root (default n8n user) # Revert back to non-root (default n8n user)
USER node USER node

8
project/service/n8n/n8n.yml
View File

@@ -15,7 +15,6 @@ services:
- N8N_BLOCK_ENV_ACCESS_IN_NODE=false - N8N_BLOCK_ENV_ACCESS_IN_NODE=false
- MAM_USERNAME=${N8N_MAM_USERNAME} - MAM_USERNAME=${N8N_MAM_USERNAME}
- MAM_PASSWORD=${N8N_MAM_PASSWORD} - MAM_PASSWORD=${N8N_MAM_PASSWORD}
- RESTIC_PASSWORD=${N8N_RESTIC_PASSWORD}
- NODES_EXCLUDE=[] - NODES_EXCLUDE=[]
- DB_TYPE=postgresdb - DB_TYPE=postgresdb
- DB_POSTGRESDB_HOST=postgres - DB_POSTGRESDB_HOST=postgres
@@ -26,13 +25,12 @@ services:
- DB_POSTGRESDB_SCHEMA=public - DB_POSTGRESDB_SCHEMA=public
volumes: volumes:
- ${SERVICE_PATH}/n8n/data:/home/node/.n8n - ${SERVICE_PATH}/n8n/data:/home/node/.n8n
- ${SERVICE_PATH}/n8n/data/rclone.conf:/home/node/.config/rclone/rclone.conf
- ${PWD}/scripts:/home/node/.n8n/external-scripts
- ${DB_PATH}/databasus/data/backups:/home/node/.n8n/database
- ${EXTERNAL_STORAGE}/:/home/node/.n8n/data
labels: labels:
# Traefik # Traefik
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.n8n.rule=Host(`n8n.${LOCAL_DOMAIN}`)" - "traefik.http.routers.n8n.rule=Host(`n8n.${LOCAL_DOMAIN}`)"
- "traefik.http.routers.n8n.entrypoints=https" - "traefik.http.routers.n8n.entrypoints=https"
- "traefik.http.routers.n8n.tls=true" - "traefik.http.routers.n8n.tls=true"
- "traefik.http.routers.n8n.tls.certresolver=myresolver"
# Middlewares
- "traefik.http.routers.n8n.middlewares=crowdsec-bouncer@file"

5
project/service/ollama/ollama.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ollama/ollama:0.17.7 image: ollama/ollama:0.13.5
container_name: ollama container_name: ollama
ports: ports:
- 4019:11434 - 4019:11434
@@ -17,3 +17,6 @@ services:
- "traefik.http.routers.ollama.rule=Host(`ollama.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.ollama.rule=Host(`ollama.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.ollama.entrypoints=https" - "traefik.http.routers.ollama.entrypoints=https"
- "traefik.http.routers.ollama.tls=true" - "traefik.http.routers.ollama.tls=true"
- "traefik.http.routers.ollama.tls.certresolver=myresolver"
# Middlewares
- "traefik.http.routers.ollama.middlewares=crowdsec-bouncer@file"

9
project/service/paperless-ngx/paperless-ngx.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.10 image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3
container_name: paperless-ngx container_name: paperless-ngx
ports: ports:
- "4009:8000" - "4009:8000"
@@ -33,12 +33,15 @@ services:
# PAPERLESS_DISABLE_REGULAR_LOGIN: true # PAPERLESS_DISABLE_REGULAR_LOGIN: true
# PAPERLESS_ENABLE_HTTP_REMOTE_USER: true # PAPERLESS_ENABLE_HTTP_REMOTE_USER: true
# PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER
# PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN}/logout # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.crescentec.xyz/logout
# PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect" # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
# PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.${PUBLIC_DOMAIN}","token_auth_method":"client_secret_basic"}}]}}' # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}'
labels: labels:
# Traefik # Traefik
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.paperless.entrypoints=https" - "traefik.http.routers.paperless.entrypoints=https"
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
- "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.tls=true"
# Middlewares
- "traefik.http.routers.paperless.middlewares=crowdsec-bouncer@file"

5
project/service/pdf/pdf.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: ghcr.io/alam00000/bentopdf-simple:2.5.0 image: bentopdf/bentopdf-simple:v1.15.4
container_name: pdf container_name: pdf
ports: ports:
- "4003:8080" - "4003:8080"
@@ -14,4 +14,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pdf.rule=Host(`pdf.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.pdf.rule=Host(`pdf.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.pdf.entrypoints=https" - "traefik.http.routers.pdf.entrypoints=https"
- "traefik.http.routers.pdf.tls.certresolver=myresolver"
- "traefik.http.routers.pdf.tls=true" - "traefik.http.routers.pdf.tls=true"
# Middlewares
- "traefik.http.routers.pdf.middlewares=crowdsec-bouncer@file, authelia@file"

5
project/service/radicale/radicale.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: tomsquest/docker-radicale:3.6.1.0 image: tomsquest/docker-radicale:3.5.10.0
container_name: radicale container_name: radicale
ports: ports:
- 4017:5232 - 4017:5232
@@ -30,4 +30,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.radicale.entrypoints=https" - "traefik.http.routers.radicale.entrypoints=https"
- "traefik.http.routers.radicale.tls.certresolver=myresolver"
- "traefik.http.routers.radicale.tls=true" - "traefik.http.routers.radicale.tls=true"
# Middlewares
- "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file"

5
project/service/vaultwarden/vaultwarden.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: vaultwarden/server:1.35.4 image: vaultwarden/server:1.35.1
container_name: vaultwarden container_name: vaultwarden
ports: ports:
- 4018:80 - 4018:80
@@ -27,3 +27,6 @@ services:
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.vaultwarden.entrypoints=https" - "traefik.http.routers.vaultwarden.entrypoints=https"
- "traefik.http.routers.vaultwarden.tls=true" - "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.routers.vaultwarden.tls.certresolver=myresolver"
# Middlewares
- "traefik.http.routers.vaultwarden.middlewares=crowdsec-bouncer@file"

5
project/service/vikunja/vikunja.yml
View File

@@ -6,7 +6,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: vikunja/vikunja:2.1.0 image: vikunja/vikunja:1.0.0-rc3
container_name: vikunja container_name: vikunja
secrets: [vikunja_jwt_secret] secrets: [vikunja_jwt_secret]
environment: environment:
@@ -27,4 +27,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.vikunja.rule=Host(`vikunja.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.vikunja.rule=Host(`vikunja.${PUBLIC_DOMAIN}`)"
- "traefik.http.routers.vikunja.entrypoints=https" - "traefik.http.routers.vikunja.entrypoints=https"
- "traefik.http.routers.vikunja.tls.certresolver=myresolver"
- "traefik.http.routers.vikunja.tls=true" - "traefik.http.routers.vikunja.tls=true"
# Middlewares
- "traefik.http.routers.vikunja.middlewares=crowdsec-bouncer@file"

4
renovate.json
View File

@@ -68,10 +68,6 @@
{ {
"matchPackageNames": "mrusse08/soularr", "matchPackageNames": "mrusse08/soularr",
"enabled": false "enabled": false
},
{
"matchPackageNames": "getmeili/meilisearch",
"enabled": false
} }
] ]
} }

26
scripts/certificates/generate_certificate.sh
View File

@@ -1,26 +0,0 @@
# https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate
# generate all the certificates
# import certificate root-ca.crt in firefox
# in the config of traefik set the server.key and server.crt in the tls store
openssl req -x509 -nodes \
-newkey RSA:2048 \
-keyout root-ca.key \
-days 365 \
-out root-ca.crt \
-subj '/C=CH/ST=Denial/L=Earth/O=Crescentec/CN=root_CA_crescentec'
openssl req -nodes \
-newkey rsa:2048 \
-keyout server.key \
-out server.csr \
-subj '/C=CH/ST=Denial/L=Earth/O=Crescentec/CN=server_crescentec'
openssl x509 -req \
-CA root-ca.crt \
-CAkey root-ca.key \
-in server.csr \
-out server.crt \
-days 365 \
-CAcreateserial \
-extfile <(printf "subjectAltName = DNS:*.${LOCAL_DOMAIN}\nauthorityKeyIdentifier = keyid,issuer\nbasicConstraints = CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth")

17
scripts/data-backup/README.md
View File

@@ -1,17 +0,0 @@
Inspired by the [blog](https://www.ericbette.com/configuring-a-remote-backup-solution-using-restic-and-rclone)
# List of commands:
## Installation
- Install restic and rclone baremetal
## Setting up rclone:
- run: rclone config or follow the instructions on the provider (infomaniak in my case)
- run: rclone listremotes to confirm the server link creation
## Setting up backup repository with restic
- Save password in env variable, by running: echo export RESTIC_PASSWORD=my_password >> ~/.zshrc
- Initialize repository: restic -r rclone:example-remote:example-repo init
- Run the backup: restic -r rclone:example-remote:example-repo --verbose backup /path/to/backup
- List the snapshots: restic -r rclone:example-remote:example-repo snapshots
- Restore the backup: restic -r rclone:example-remote:example-repo restore latest --target /target --path "/target"

5
scripts/data-backup/backup-infomaniak-calendars-contacts.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for calendars-contact started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:calendars-contacts backup /home/node/.n8n/data/calendars-contacts >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:calendars-contacts forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

5
scripts/data-backup/backup-infomaniak-databases.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for databases started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:databases backup /home/node/.n8n/database >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:databases forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

6
scripts/data-backup/backup-infomaniak-documents.sh
View File

@@ -1,6 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for documents started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:documents backup /home/node/.n8n/data/documents >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:documents forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

5
scripts/data-backup/backup-infomaniak-music.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for music started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:music backup /home/node/.n8n/data/media/music >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:music forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

5
scripts/data-backup/backup-infomaniak-notes.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for notes started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:notes backup /home/node/.n8n/data/notes >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:notes forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

5
scripts/data-backup/backup-infomaniak-passwords.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for passwords started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:passwords backup /home/node/.n8n/data/passwords >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:passwords forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

5
scripts/data-backup/backup-infomaniak-pictures.sh
View File

@@ -1,5 +0,0 @@
LOG_FILE="/home/node/.n8n/external-scripts/data-backup/logs/log.log"
echo "------------------------------------------------------------------------" >> "$LOG_FILE"
echo "$(date) - Script for pictures started" >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:pictures backup /home/node/.n8n/data/media/pictures >> "$LOG_FILE"
restic -r rclone:sb_project_SBI-CW231949:pictures forget --keep-last 3 --group-by '' --prune >> "$LOG_FILE"

4
scripts/data-backup/backup-overleaf-cleanup.sh
View File

@@ -1,4 +0,0 @@
#!/bin/bash
BACKUP_DIR="$HOME/docker/compose/project/service/overleaf-toolkit/backup"
ls -t "$BACKUP_DIR" | tail -n +6 | xargs -I {} rm -rf "$BACKUP_DIR/{}"

72
scripts/database-backup/db_backup_script.sh
View File

@@ -1,72 +0,0 @@
#!/bin/bash
# Cron job check the logs
## Executing the script
# bash db_backup_script.sh
## command used to back up
# docker exec DOCKER_CONTAINER pg_dump -U postgres -Fc DATABASE_NAME > BACKUP_FILE.DUMP
## command used to restore
# directory where the backup is saved in in the docker container: /var/lib/postgresql/data
# for example: docker exec postgres pg_restore -U postgres -d vikunja-backup /var/lib/postgresql/data/backup/vikunja-2024-01-31.dump
# docker exec DOCKER_CONTAINER pg_restore -U postgres -d DATABASE_NAME /var/lib/postgresql/data/backup/BACKUP_FILE.DUMP
# Date format
YEAR=$(date +"%Y")
MONTH=$(date +"%m")
DAY=$(date +"%d")
NOW=$(date +"%Y-%m-%d")
BACKUP_DIRECTORY="/home/debian/docker/compose/project/db/postgres/data"
# Docker container with DB to backup
DB_1="postgres"
DB_2="postgres-with-pg-vector"
back_up_db() {
# sql to list all databases
DATABASE_NAME=$(docker exec $1 psql -U postgres -t -c 'SELECT datname FROM pg_database WHERE datistemplate = false;')
# pg_dump command
PGDUMP="docker exec $1 pg_dump -U postgres -Fc"
for i in $DATABASE_NAME; do
# ignoring postgres db
if [[ "$i" != "postgres" ]]; then
echo "Backing up database $i"
# backup path to file
BACKFILE="$BACKUP_DIRECTORY/backup/$i-$NOW.dump"
$PGDUMP $i > $BACKFILE
fi
done
}
clean_up_backups() {
echo "Looking for dumps to prune in folder: $BACKUP_DIRECTORY/backup/"
# keep one backup per year, month and last two days
BACKUP_YEAR="*-$YEAR-02-01.dump"
BACKUP_MONTH="*-$YEAR-$MONTH-01.dump"
BACKUP_DAY="*-$YEAR-$MONTH-$DAY.dump"
BACKUP_DAY_1="*-$YEAR-$MONTH-$((DAY-1)).dump"
FILE_TO_DELETE=$(find $BACKUP_DIRECTORY/backup/ -type f \( ! -name $BACKUP_YEAR -a ! -name $BACKUP_MONTH -a ! -name $BACKUP_DAY -a ! -name $BACKUP_DAY_1 \))
# delete such files
for i in $FILE_TO_DELETE; do
echo "Pruning $i"
rm $i
done
}
back_up_db $DB_1
back_up_db $DB_2
clean_up_backups

25
scripts/database-backup/overleaf_backup_script.sh
View File

@@ -1,25 +0,0 @@
# Date format
NOW=$(date +"%Y-%m-%d")
OVERLEAF_DIRECTORY="/home/debian/docker/compose/project/service/overleaf-toolkit"
# Backup config
$OVERLEAF_DIRECTORY/bin/backup-config -m tar $OVERLEAF_DIRECTORY/backup/$NOW-overleaf-config-backup.tar
# Backup mongo
tar --create --file $OVERLEAF_DIRECTORY/backup/$NOW-overleaf-mongo-backup.tar $OVERLEAF_DIRECTORY/data/mongo
# Backup sharelatex
tar --create --file $OVERLEAF_DIRECTORY/backup/$NOW-overleaf-sharelatex-backup.tar $OVERLEAF_DIRECTORY/data/sharelatex
# Pruning
clean_up_backups() {
# list all files older than 3 days
FILE_TO_DELETE=$(find $OVERLEAF_DIRECTORY/backup/ -type f -mtime 3)
# delete such files
for i in $FILE_TO_DELETE; do
rm $i
done
}
clean_up_backups

47
scripts/mam/mam-login.js
View File

@@ -1,47 +0,0 @@
const puppeteer = require('puppeteer');
async function loginToMAM(username, password) {
try {
const browser = await puppeteer.launch({
executablePath: '/usr/bin/chromium-browser',
headless: true,
args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-gpu', 'diable-dev-shm-usage']
});
const page = await browser.newPage();
console.log("Navigating to MAM login...");
await page.goto('https://www.myanonamouse.net/login.php', {
waitUntil: 'networkidle2',
timeout: 10000
});
const pageTitle = await page.title();
console.log("Filling in login form...");
await page.type('input[name="email"]', username);
await page.type('input[name="password"]', password);
console.log("Submitting login form...");
await page.click('input[type="submit"]');
await page.waitForNavigation({
waitUntil: 'domcontentloaded',
timeout: 10000
});
console.log("Login attempt completed.");
const cookies = await page.cookies();
await browser.close();
console.log(JSON.stringify(cookies));
} catch (err) {
console.error("Login failed: ", err);
process.exit(1);
}
}
const username = process.env.MAM_USERNAME;
const password = process.env.MAM_PASSWORD;
loginToMAM(username, password)
.then(cookies => ({ result: 'Success', cookies }))
.catch(err => ({ result: 'Error', error: err.message }));