From 2dc3c02720eb8689d5d4877af6c1f012dbc97951 Mon Sep 17 00:00:00 2001 From: jaydee Date: Thu, 27 Nov 2025 00:20:01 +0100 Subject: [PATCH] build --- __swarm/authentik/.env | 16 ++++ __swarm/authentik/docker-compose.yml | 119 +++++++++++++++++++++++++++ __swarm/authentik/stack.env | 15 ++++ __swarm/bitwarden/.env | 2 + __swarm/bitwarden/docker-compose.yml | 32 +++++++ __swarm/gitea/.env | 3 + __swarm/gitea/docker-compose.yml | 57 +++++++++++++ 7 files changed, 244 insertions(+) create mode 100755 __swarm/authentik/.env create mode 100755 __swarm/authentik/docker-compose.yml create mode 100755 __swarm/authentik/stack.env create mode 100755 __swarm/bitwarden/.env create mode 100755 __swarm/bitwarden/docker-compose.yml create mode 100755 __swarm/gitea/.env create mode 100755 __swarm/gitea/docker-compose.yml diff --git a/__swarm/authentik/.env b/__swarm/authentik/.env new file mode 100755 index 0000000..30c9e93 --- /dev/null +++ b/__swarm/authentik/.env @@ -0,0 +1,16 @@ +PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp +PG_USER=authentik +PG_DB=authentik +AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ +AUTHENTIK_ERROR_REPORTING__ENABLED=true +AUTHENTIK_TAG=2025.8.4 +POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp +POSTGRES_USER=authentik +POSTGRES_DB=authentik +TZ=Europe/Bratislava +AUTHENTIK_REDIS__HOST=redis +AUTHENTIK_POSTGRESQL__HOST=postgresql +AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_POSTGRESQL__NAME=authentik +AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp +DOCKER_REGISTRY=r.sectorq.eu/library/ \ No newline at end of file diff --git a/__swarm/authentik/docker-compose.yml b/__swarm/authentik/docker-compose.yml new file mode 100755 index 0000000..6621cba --- /dev/null +++ b/__swarm/authentik/docker-compose.yml @@ -0,0 +1,119 @@ +services: + authentik_ldap: + environment: + AUTHENTIK_HOST: https://auth.sectorq.eu + AUTHENTIK_INSECURE: 'false' + AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1} + labels: + wud.watch: true + wud.watch.digest: true + ports: + - 2389:3389 + - 2636:6636 + restart: ${RESTART:-unless-stopped} + postgresql: + environment: + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + TZ: Europe/Bratislava + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine + labels: + wud.watch: false + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/authentik/database:/var/lib/postgresql/data + redis: + command: --save 60 1 --loglevel warning + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - redis-cli ping | grep PONG + timeout: 3s + image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine + labels: + wud.watch: true + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - redis:/data + server: + command: server + depends_on: + - postgresql + - redis + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + labels: + homepage.container: authentik-server-1 + homepage.description: Authentification server + homepage.group: Utilities + homepage.href: https://auth.sectorq.eu + homepage.icon: authentik.png + homepage.name: Authentik + homepage.server: my-docker + homepage.weight: '10' + homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v + homepage.widget.type: authentik + homepage.widget.url: https://auth.sectorq.eu + wud.watch: true + wud.watch.digest: true + ports: + - ${COMPOSE_PORT_HTTP:-9003}:9000 + - ${COMPOSE_PORT_HTTPS:-9453}:9443 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/authentik/media:/media + - /share/docker_data/authentik/custom-templates:/templates + - /var/run/docker.sock:/var/run/docker.sock + worker: + command: worker + depends_on: + - postgresql + - redis + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + labels: + wud.watch: true + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /share/docker_data/authentik/media:/media + - /share/docker_data/authentik/certs:/certs + - /share/docker_data/authentik/custom-templates:/templates + +volumes: + database: + driver: local + redis: + driver: local diff --git a/__swarm/authentik/stack.env b/__swarm/authentik/stack.env new file mode 100755 index 0000000..d0d1bfd --- /dev/null +++ b/__swarm/authentik/stack.env @@ -0,0 +1,15 @@ +PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp +PG_USER=authentik +PG_DB=authentik +AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ +AUTHENTIK_ERROR_REPORTING__ENABLED=true +AUTHENTIK_TAG=2025.8.4 +POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp +POSTGRES_USER=authentik +POSTGRES_DB=authentik +TZ=Europe/Bratislava +AUTHENTIK_REDIS__HOST=redis +AUTHENTIK_POSTGRESQL__HOST=postgresql +AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_POSTGRESQL__NAME=authentik +AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp \ No newline at end of file diff --git a/__swarm/bitwarden/.env b/__swarm/bitwarden/.env new file mode 100755 index 0000000..38fba10 --- /dev/null +++ b/__swarm/bitwarden/.env @@ -0,0 +1,2 @@ +APPNAME=bitwarden +DOCKER_REGISTRY=r.sectorq.eu/library/ \ No newline at end of file diff --git a/__swarm/bitwarden/docker-compose.yml b/__swarm/bitwarden/docker-compose.yml new file mode 100755 index 0000000..2bc157c --- /dev/null +++ b/__swarm/bitwarden/docker-compose.yml @@ -0,0 +1,32 @@ +services: + bitwarden: + container_name: vaultwarden + environment: + - WEBSOCKET_ENABLED=true + - SIGNUPS_ALLOWED=true + - DOMAIN=https://pw.sectorq.eu + - SMTP_HOST=mail.sectorq.eu + - SMTP_FROM=jaydee@sectorq.eu + - SMTP_PORT=465 + - SMTP_SSL=true + - SMTP_USERNAME=jaydee@sectorq.eu + - SMTP_PASSWORD=$SMTP_PASSWORD + - ADMIN_TOKEN=$ADMIN_PASSWORD + image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest + labels: + com.centurylinklabs.watchtower.enable: true + homepage.container: vaultwarden + homepage.description: Password manager + homepage.group: Utilities + homepage.href: https://pw.sectorq.eu + homepage.icon: bitwarden.png + homepage.name: Bitwarden + homepage.server: my-docker + homepage.weight: 1 + wud.watch: true + wud.watch.digest: true + ports: + - 8181:80 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/bitwarden/bw-data:/data diff --git a/__swarm/gitea/.env b/__swarm/gitea/.env new file mode 100755 index 0000000..43d12f8 --- /dev/null +++ b/__swarm/gitea/.env @@ -0,0 +1,3 @@ +APPNAME=gitea +DOCKER_REGISTRY=r.sectorq.eu/library/ +TOKEN=ddfc91b29920082636da70cc677aec74c88a7666 \ No newline at end of file diff --git a/__swarm/gitea/docker-compose.yml b/__swarm/gitea/docker-compose.yml new file mode 100755 index 0000000..0472ff4 --- /dev/null +++ b/__swarm/gitea/docker-compose.yml @@ -0,0 +1,57 @@ +networks: + gitea: + external: false +services: + server: + environment: + USER_UID: 1000 + USER_GID: 1000 + ROOT_URL: https://gitea.sectorq.eu + ENABLE_PASSWORD_SIGNIN_FORM: false + DISABLE_REGISTRATION: true + image: ${DOCKER_REGISTRY:-}gitea/gitea:latest + deploy: + replicas: 3 + labels: + com.centurylinklabs.watchtower.enable: true + homepage.container: gitea + homepage.description: Version control server + homepage.group: Utilities + homepage.href: https://${APPNAME}.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Gitea + homepage.server: my-docker + homepage.weight: 1 + homepage.widget.key: ${TOKEN} + homepage.widget.type: ${APPNAME} + homepage.widget.url: https://${APPNAME}.sectorq.eu + homepage.widget.version: 2 + wud.watch: true + wud.watch.digest: true + networks: + - gitea + ports: + - 3000:3000 + - '222:22' + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + runner: + image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly + environment: + CONFIG_FILE: /config/config.yaml + GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/" + GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb" + GITEA_RUNNER_NAME: jaydee + GITEA_RUNNER_LABELS: jaydee + volumes: + - /share/docker_data/gitea-runner/config:/config + - /share/docker_data/gitea-runner/data:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: ${RESTART:-unless-stopped} + deploy: + replicas: 3 + labels: + wud.watch: true \ No newline at end of file