build

__swarm/authentik/.env

@@ -0,0 +1,16 @@
+PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
+PG_USER=authentik
+PG_DB=authentik
+AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+AUTHENTIK_TAG=2025.8.4
+POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
+POSTGRES_USER=authentik
+POSTGRES_DB=authentik
+TZ=Europe/Bratislava
+AUTHENTIK_REDIS__HOST=redis
+AUTHENTIK_POSTGRESQL__HOST=postgresql
+AUTHENTIK_POSTGRESQL__USER=authentik
+AUTHENTIK_POSTGRESQL__NAME=authentik
+AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
+DOCKER_REGISTRY=r.sectorq.eu/library/

__swarm/authentik/docker-compose.yml

@@ -0,0 +1,119 @@
+services:
+  authentik_ldap:
+    environment:
+      AUTHENTIK_HOST: https://auth.sectorq.eu
+      AUTHENTIK_INSECURE: 'false'
+      AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 2389:3389
+    - 2636:6636
+    restart: ${RESTART:-unless-stopped}
+  postgresql:
+    environment:
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      POSTGRES_DB: ${PG_DB:-authentik}
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      TZ: Europe/Bratislava
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
+    image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
+    labels:
+      wud.watch: false
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/authentik/database:/var/lib/postgresql/data
+  redis:
+    command: --save 60 1 --loglevel warning
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - redis-cli ping | grep PONG
+      timeout: 3s
+    image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - redis:/data
+  server:
+    command: server
+    depends_on:
+    - postgresql
+    - redis
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
+    labels:
+      homepage.container: authentik-server-1
+      homepage.description: Authentification server
+      homepage.group: Utilities
+      homepage.href: https://auth.sectorq.eu
+      homepage.icon: authentik.png
+      homepage.name: Authentik
+      homepage.server: my-docker
+      homepage.weight: '10'
+      homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
+      homepage.widget.type: authentik
+      homepage.widget.url: https://auth.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - ${COMPOSE_PORT_HTTP:-9003}:9000
+    - ${COMPOSE_PORT_HTTPS:-9453}:9443
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/authentik/media:/media
+    - /share/docker_data/authentik/custom-templates:/templates
+    - /var/run/docker.sock:/var/run/docker.sock
+  worker:
+    command: worker
+    depends_on:
+    - postgresql
+    - redis
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    user: root
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /share/docker_data/authentik/media:/media
+    - /share/docker_data/authentik/certs:/certs
+    - /share/docker_data/authentik/custom-templates:/templates
+    
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local

__swarm/authentik/stack.env

@@ -0,0 +1,15 @@
+PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
+PG_USER=authentik
+PG_DB=authentik
+AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+AUTHENTIK_TAG=2025.8.4
+POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
+POSTGRES_USER=authentik
+POSTGRES_DB=authentik
+TZ=Europe/Bratislava
+AUTHENTIK_REDIS__HOST=redis
+AUTHENTIK_POSTGRESQL__HOST=postgresql
+AUTHENTIK_POSTGRESQL__USER=authentik
+AUTHENTIK_POSTGRESQL__NAME=authentik
+AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp

__swarm/bitwarden/.env

@@ -0,0 +1,2 @@
+APPNAME=bitwarden
+DOCKER_REGISTRY=r.sectorq.eu/library/

__swarm/bitwarden/docker-compose.yml

@@ -0,0 +1,32 @@
+services:
+  bitwarden:
+    container_name: vaultwarden
+    environment:
+    - WEBSOCKET_ENABLED=true
+    - SIGNUPS_ALLOWED=true
+    - DOMAIN=https://pw.sectorq.eu
+    - SMTP_HOST=mail.sectorq.eu
+    - SMTP_FROM=jaydee@sectorq.eu
+    - SMTP_PORT=465
+    - SMTP_SSL=true
+    - SMTP_USERNAME=jaydee@sectorq.eu
+    - SMTP_PASSWORD=$SMTP_PASSWORD
+    - ADMIN_TOKEN=$ADMIN_PASSWORD
+    image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.container: vaultwarden
+      homepage.description: Password manager
+      homepage.group: Utilities
+      homepage.href: https://pw.sectorq.eu
+      homepage.icon: bitwarden.png
+      homepage.name: Bitwarden
+      homepage.server: my-docker
+      homepage.weight: 1
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8181:80
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/bitwarden/bw-data:/data

__swarm/gitea/.env

@@ -0,0 +1,3 @@
+APPNAME=gitea
+DOCKER_REGISTRY=r.sectorq.eu/library/
+TOKEN=ddfc91b29920082636da70cc677aec74c88a7666

__swarm/gitea/docker-compose.yml

@@ -0,0 +1,60 @@
+networks:
+  gitea:
+    external: false
+services:
+  server:
+    environment:
+      USER_UID: 1000
+      USER_GID: 1000
+      ROOT_URL: https://gitea.sectorq.eu
+      ENABLE_PASSWORD_SIGNIN_FORM: "false"
+      DISABLE_REGISTRATION: "true"
+    image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        homepage.container: gitea_server
+        homepage.description: Version control server
+        homepage.group: Utilities
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Gitea
+        homepage.server: my-docker1
+        homepage.weight: 1
+        homepage.widget.key: b486c53526c26093a255227bc0165c0d329fd638
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://${APPNAME}.sectorq.eu
+        homepage.widget.version: 2
+        wud.watch: "true"
+        wud.watch.digest: "true"
+    networks:
+    - gitea
+    ports:
+    - 3000:3000
+    - '222:22'
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/gitea:/data
+    - /etc/timezone:/etc/timezone:ro
+    - /etc/localtime:/etc/localtime:ro
+  runner:
+    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
+    environment:
+      CONFIG_FILE: /config/config.yaml
+      GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
+      GITEA_RUNNER_NAME: jaydee
+      GITEA_RUNNER_LABELS: jaydee
+    volumes:
+      - /share/docker_data/gitea-runner/config:/config
+      - /share/docker_data/gitea-runner/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: ${RESTART:-unless-stopped}
+    deploy:
+      replicas: 1
+      labels:
+        wud.watch: "true"
+        wud.watch.digest: "true"

gitea/docker-compose.yml

@@ -45,7 +45,6 @@ services:
       GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
       GITEA_RUNNER_NAME: jaydee
       GITEA_RUNNER_LABELS: jaydee
-      
     volumes:
       - /share/docker_data/gitea-runner/config:/config
       - /share/docker_data/gitea-runner/data:/data

gotify/docker-compose.yml

@@ -1,43 +1,46 @@
-networks:
+version: '3.8'
-  net: null
+
 services:
   gotify:
     container_name: gotify
-    env_file:
-    - stack.env
     hostname: gotify
-    image: ${DOCKER_REGISTRY:-}gotify/server
+    image: gotify/server
-    labels:
-      wud.watch: true
-      wud.watch.digest: true
-    networks:
-    - net
-    ports:
-    - 8010:80
     restart: unless-stopped
     security_opt:
-    - no-new-privileges:true
+      - no-new-privileges:true
+    networks:
+      - net
+    ports:
+      - "8680:80"
     volumes:
-    - /share/docker_data/gotify/data:/app/data
+      - data:/app/data
+    environment:
+      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo'   # Change me!!!!!
+
+
   igotify:
     container_name: igotify
-    env_file:
-    - stack.env
     hostname: igotify
-    image: ${DOCKER_REGISTRY:-}ghcr.io/androidseb25/igotify-notification-assist:latest
+    image: ghcr.io/androidseb25/igotify-notification-assist:latest
-    labels:
-      wud.watch: true
-      wud.watch.digest: true
-    networks:
-    - net
-    ports:
-    - 8681:8080
-    pull_policy: always
     restart: unless-stopped
     security_opt:
-    - no-new-privileges:true
+      - no-new-privileges:true
+    pull_policy: always
+    networks:
+      - net
+    ports:
+      - "8681:8080"
     volumes:
-    - /share/docker_data/igotify/data:/app/data
+      - api-data:/app/data
+    environment:                 # option environment see above note
+      GOTIFY_URLS: 'https://gotify.sectorq.eu'
+      GOTIFY_CLIENT_TOKENS: ${CLIENT_TOKEN}
+      SECNTFY_TOKENS: 'NTFY-DEVICE-nmE8MaAk1PX9wCRSkqKatiKzD4LCvDTENi3LTPwcn5cckXtkwQQ'
+      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo' 
+
+networks:
+  net:
+
 volumes:
-  api-data: null
+  data:
-  data: null
+  api-data:

kestra/docker-compose.yml

@@ -32,6 +32,8 @@ services:
             tmpDir:
               path: /tmp/kestra-wd/tmp
           url: http://localhost:8080/
+          tutorial-flows:
+            enabled: false
         micronaut:
           server:
             cors: