renamed customer user group

mailu/docker-compose.yml

@@ -20,10 +20,10 @@ networks:
 services:
   admin:
     depends_on:
-    - redis
-    - resolver
+      - redis
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
     labels:
@@ -31,17 +31,17 @@ services:
       wud.watch.digest: true
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/data:/data
-    - /share/docker_data/mailu3/dkim:/dkim
+      - /share/docker_data/mailu3/data:/data
+      - /share/docker_data/mailu3/dkim:/dkim
   antispam:
     depends_on:
-    - front
-    - redis
-    - oletools
-    - antivirus
-    - resolver
+      - front
+      - redis
+      - oletools
+      - antivirus
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     hostname: antispam
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
@@ -49,39 +49,39 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - default
-    - oletools
-    - clamav
+      - default
+      - oletools
+      - clamav
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/filter:/var/lib/rspamd
-    - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
+      - /share/docker_data/mailu3/filter:/var/lib/rspamd
+      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
   antivirus:
     healthcheck:
       interval: 10s
       retries: 3
       start_period: 10s
       test:
-      - CMD-SHELL
-      - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+        - CMD-SHELL
+        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
       timeout: 5s
     image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - clamav
+      - clamav
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
+      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
   fetchmail:
     depends_on:
-    - admin
-    - smtp
-    - imap
-    - resolver
+      - admin
+      - smtp
+      - imap
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
     labels:
@@ -92,9 +92,9 @@ services:
     - /share/docker_data/mailu3/data/fetchmail:/data
   front:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     extends:
       file: logging.yml
@@ -113,36 +113,36 @@ services:
       homepage.weight: 1
 
     networks:
-    - default
-    - webmail
-    - radicale
+      - default
+      - webmail
+      - radicale
     ports:
-    - 0.0.0.0:8880:80
-    - 0.0.0.0:8443:443
-    - 0.0.0.0:25:25
-    - 0.0.0.0:465:465
-    - 0.0.0.0:587:587
-    - 0.0.0.0:110:110
-    - 0.0.0.0:995:995
-    - 0.0.0.0:143:143
-    - 0.0.0.0:993:993
-    - 0.0.0.0:4190:4190
+      - 0.0.0.0:8880:80
+      - 0.0.0.0:8443:443
+      - 0.0.0.0:25:25
+      - 0.0.0.0:465:465
+      - 0.0.0.0:587:587
+      - 0.0.0.0:110:110
+      - 0.0.0.0:995:995
+      - 0.0.0.0:143:143
+      - 0.0.0.0:993:993
+      - 0.0.0.0:4190:4190
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/certs:/certs
-    - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
+      - /share/docker_data/mailu3/certs:/certs
+      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
   fts_attachments:
     depends_on:
-    - resolver
+     - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     healthcheck:
       interval: 10s
       retries: 3
       start_period: 10s
       test:
-      - CMD-SHELL
-      - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
+        - CMD-SHELL
+        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
       timeout: 5s
     hostname: tika
     image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
@@ -150,45 +150,45 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - fts_attachments
+      - fts_attachments
     restart: ${RESTART:-unless-stopped}
   imap:
     depends_on:
-    - front
-    - fts_attachments
-    - resolver
+      - front
+      - fts_attachments
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - default
-    - fts_attachments
+      - default
+      - fts_attachments
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/mail:/mail
-    - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
+      - /share/docker_data/mailu3/mail:/mail
+      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
   oletools:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     hostname: oletools
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - oletools
+      - oletools
     restart: ${RESTART:-unless-stopped}
   redis:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     image: ${DOCKER_REGISTRY:-}redis:alpine
     labels:
       wud.watch: true
@@ -208,10 +208,10 @@ services:
     restart: ${RESTART:-unless-stopped}
   smtp:
     depends_on:
-    - front
-    - resolver
+      - front
+      - resolver
     dns:
-    - 192.168.205.254
+     - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
     labels:
@@ -219,29 +219,29 @@ services:
       wud.watch.digest: true
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/mailqueue:/queue
-    - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
+     - /share/docker_data/mailu3/mailqueue:/queue
+     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
   webdav:
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - radicale
+      - radicale
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/dav:/data
+      - /share/docker_data/mailu3/dav:/data
   webmail:
     depends_on:
-    - front
+      - front
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - webmail
+      - webmail
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/webmail:/data
-    - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
+      - /share/docker_data/mailu3/webmail:/data
+      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

mailu/stack.env

@@ -25,7 +25,7 @@ POSTMASTER=admin
 
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 TLS_FLAVOR=cert
-
+#TLS_FLAVOR=letsencrypt
 # Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
 AUTH_RATELIMIT_IP=5/hour
 

paperless-ng/docker-compose.yml

@@ -1,28 +0,0 @@
----
-version: "2.1"
-services:
-  paperless-ng:
-    image: lscr.io/linuxserver/paperless-ng:latest
-    container_name: paperless-ng
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Bratislava
-      - REDIS_URL= #optional
-    volumes:
-      - /share/docker_data/paperless/config:/config
-      - /share/docker_data/paperless/data:/data
-    ports:
-      - 8001:8000
-    restart: unless-stopped
-    labels:
-      wud.watch: true
-      wud.watch.digest: true
-      homepage.container: paperless-ng
-      homepage.description: PDF
-      homepage.group: Utils
-      homepage.href: https://active.home.lan:9343/admin
-      homepage.icon: /images/pihole.png
-      homepage.name: Paperless-ng
-      homepage.server: my-docker
-      homepage.weight: '1'

paperless-ng/stack.env

@@ -1,95 +0,0 @@
-TZ=Europe/Bratislava
-WUD_REGISTRY_HUB_PUBLIC_LOGIN=jaydee77
-WUD_REGISTRY_HUB_PUBLIC_PASSWORD=dckr_pat_WUfjkuEEYYEFDI95myphANR7AUU
-
-WUD_REGISTRY_CUSTOM_JAYDEE_URL=https://r.sectorq.eu
-WUD_REGISTRY_CUSTOM_JAYDEE_LOGIN=jaydee
-WUD_REGISTRY_CUSTOM_JAYDEE_PASSWORD=l4c1j4yd33Du5lo
-#WUD_REGISTRY_CUSTOM_JAYDEE_AUTH="$2y$05$KM.AT7zX5BseO0HnXG4ds.a01XHLPBmrEFYt4ZjD.v6pUZw3xmCkq"
-
-# AUTHENTIK
-WUD_AUTH_OIDC_AUTHENTIK_CLIENTID=p8WUIAWMMx2mRdsnjZdkMl5XXerZQfZFo6ZadAvH
-WUD_AUTH_OIDC_AUTHENTIK_CLIENTSECRET=ApAQrTyl2qVIsxhHY1MYJkxCS5tHjQz2gKnmDTOgGALeVCxiN9upQP1h28VqqAaOtc6WEDsczhsk1hKFvit1WUe8mbk0BkGQc2Mnh0Hf2MRybXd1vDcTRWL6pqICywBs
-WUD_AUTH_OIDC_AUTHENTIK_DISCOVERY=https://auth.sectorq.eu/application/o/wud/.well-known/openid-configuration
-WUD_AUTH_OIDC_AUTHENTIK_REDIRECT=false
-WUD_AUTH_OIDC_AUTHENTIK_TIMEOUT=2000
-
-# BASIC
-WUD_AUTH_BASIC_JAYDEE_USER=homepage
-WUD_AUTH_BASIC_JAYDEE_HASH=$$apr1$$pGMz1QxU$$y6XuTscvGcYgas15JWlfg/
-# GOTIFY
-WUD_TRIGGER_GOTIFY_EXTERNAL_PRIORITY=0
-WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="AFxvpm1JpPSsmkf"
-WUD_TRIGGER_GOTIFY_EXTERNAL_URL=https://gotify.sectorq.eu
-#WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=batch
-WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=simple
-WUD_TRIGGER_GOTIFY_EXTERNAL_ONCE=true
-
-# WUD_TRIGGER_GOTIFY_EXTERNAL2_PRIORITY=0
-# WUD_TRIGGER_GOTIFY_EXTERNAL2_TOKEN=AzAY1vUr1zLS9R6
-# WUD_TRIGGER_GOTIFY_EXTERNAL2_URL=https://gotify2.sectorq.eu
-# #WUD_TRIGGER_GOTIFY_EXTERNAL2_MODE=batch
-# WUD_TRIGGER_GOTIFY_EXTERNAL2_MODE=simple
-# WUD_TRIGGER_GOTIFY_EXTERNAL2_ONCE=true
-
-
-# NTFY
-#WUD_TRIGGER_NTFY_MSERVER_URL=https://ntfy.sectorq.eu
-#WUD_TRIGGER_NTFY_MSERVER_TOPIC=wud
-
-
-WUD_TRIGGER_DOCKER_MSERVER_PRUNE=true
-WUD_TRIGGER_DOCKER_RPI5_PRUNE=true
-WUD_TRIGGER_DOCKER_NAS_PRUNE=true
-WUD_TRIGGER_DOCKER_RACK_PRUNE=true
-# error info debug trace
-WUD_LOG_LEVEL=debug
-# text json
-WUD_LOG_FORMAT=text
-
-WUD_WATCHER_EXTDOCKER_HOST=193.168.144.164
-WUD_WATCHER_EXTDOCKER_PORT=2376
-WUD_WATCHER_EXTDOCKER_CERTFILE=/certs/ext/cert.pem
-WUD_WATCHER_EXTDOCKER_CAFILE=/certs/ext/ca.pem
-WUD_WATCHER_EXTDOCKER_KEYFILE=/certs/ext/key.pem
-WUD_WATCHER_EXTDOCKER_CRON=0 * * * *
-WUD_WATCHER_EXTDOCKER_WATCHALL=true
-WUD_WATCHER_EXTDOCKER_WATCHBYDEFAULT=true
-
-WUD_WATCHER_MSERVER_HOST=192.168.77.101
-WUD_WATCHER_MSERVER_PORT=2376
-WUD_WATCHER_MSERVER_CERTFILE=/certs/m-server/cert.pem
-WUD_WATCHER_MSERVER_CAFILE=/certs/m-server/ca.pem
-WUD_WATCHER_MSERVER_KEYFILE=/certs/m-server/key.pem
-WUD_WATCHER_MSERVER_CRON=0 * * * *
-WUD_WATCHER_MSERVER_WATCHALL=true
-WUD_WATCHER_MSERVER_WATCHBYDEFAULT=false
-
-WUD_WATCHER_RPI5_HOST=192.168.77.238
-WUD_WATCHER_RPI5_PORT=2376
-WUD_WATCHER_RPI5_CERTFILE=/certs/rpi5/cert.pem
-WUD_WATCHER_RPI5_CAFILE=/certs/rpi5/ca.pem
-WUD_WATCHER_RPI5_KEYFILE=/certs/rpi5/key.pem
-WUD_WATCHER_RPI5_CRON=0 * * * *
-WUD_WATCHER_RPI5_WATCHALL=true
-WUD_WATCHER_RPI5_WATCHBYDEFAULT=true
-
-WUD_WATCHER_NAS_HOST=192.168.77.106
-WUD_WATCHER_NAS_PORT=2376
-WUD_WATCHER_NAS_CERTFILE=/certs/nas/cert.pem
-WUD_WATCHER_NAS_CAFILE=/certs/nas/ca.pem
-WUD_WATCHER_NAS_KEYFILE=/certs/nas/key.pem
-WUD_WATCHER_NAS_CRON=0 * * * *
-WUD_WATCHER_NAS_WATCHALL=true
-WUD_WATCHER_NAS_WATCHBYDEFAULT=true
-
-WUD_WATCHER_RACK_HOST=192.168.77.55
-WUD_WATCHER_RACK_PORT=2376
-WUD_WATCHER_RACK_CERTFILE=/certs/rack/cert.pem
-WUD_WATCHER_RACK_CAFILE=/certs/rack/ca.pem
-WUD_WATCHER_RACK_KEYFILE=/certs/rack/key.pem
-WUD_WATCHER_RACK_CRON=0 * * * *
-WUD_WATCHER_RACK_WATCHALL=true
-WUD_WATCHER_RACK_WATCHBYDEFAULT=true
-
-WUD_SERVER_CORS_ENABLED=true

paperless-ngx/.env

@@ -1,3 +1,3 @@
 RESTART=always
 DOCKER_REGISTRY=r.sectorq.eu/library/
-APPNAME=wud
+APPNAME=paperless-ngx

paperless-ngx/docker-compose.yml

@@ -0,0 +1,41 @@
+services:
+  broker:
+    image: docker.io/library/redis:8
+    restart: unless-stopped
+    volumes:
+      - /share/docker_data/paperless/redisdata:/data
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - broker
+    ports:
+      - "8001:8000"
+    volumes:
+      - /share/docker_data/paperless/data:/usr/src/paperless/data
+      - /share/docker_data/paperless/media:/usr/src/paperless/media
+      - /share/docker_data/paperless//export:/usr/src/paperless/export
+      - /share/docker_data/paperless//consume:/usr/src/paperless/consume
+    env_file: stack.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_URL: https://paperless.sectorq.eu
+      PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+          {
+            "openid_connect": {
+              "APPS": [
+                {
+                  "provider_id": "authentik",
+                  "name": "Authentik",
+                  "client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
+                  "secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
+                  "settings": {
+                    "server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
+                  }
+                }
+              ],
+              "OAUTH_PKCE_ENABLED": "True"
+            }
+          }

paperless-ngx/stack.env

@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces