jaydee/docker-compose
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/home/docker-compose.git synced 2025-12-14 10:24:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jaydee:c80fba3ec27862d94c9c40dfc99022a7d49eed9c
Branches Tags
jaydee:main
...
compare: jaydee:main
Branches Tags
jaydee:main

395 Commits
c80fba3ec2 ... main

Author SHA1 Message Date
jaydee
67b908b5ad build 2025-12-14 10:22:19 +01:00
jaydee
2a2aa81e5f build 2025-12-14 10:08:30 +01:00
jaydee
b6d6c62071 build 2025-12-14 10:05:40 +01:00
jaydee
cc0df08051 build 2025-12-14 02:06:26 +01:00
jaydee
bf2772103a build 2025-12-14 02:05:47 +01:00
jaydee
e23498073d build 2025-12-14 02:04:35 +01:00
jaydee
a75e61ef72 build 2025-12-14 02:04:03 +01:00
jaydee
d0d3a56a7c build 2025-12-14 02:03:02 +01:00
jaydee
c6d44a83e2 build 2025-12-14 01:50:14 +01:00
jaydee
91d00911e5 build 2025-12-14 01:19:08 +01:00
jaydee
9594626646 build 2025-12-13 21:26:29 +01:00
jaydee
e96c3015fb build 2025-12-13 15:17:49 +01:00
jaydee
5b340d6b3d build 2025-12-12 18:10:59 +01:00
jaydee
94c59d85fc build 2025-12-12 18:07:34 +01:00
jaydee
f78408484b build 2025-12-12 16:42:51 +01:00
jaydee
42adb45e9f build 2025-12-12 16:38:53 +01:00
jaydee
e986f77d26 build 2025-12-12 16:32:23 +01:00
jaydee
4e1dcb5009 build 2025-12-12 16:25:04 +01:00
jaydee
4f7c3a285c build 2025-12-12 16:23:39 +01:00
jaydee
62cab99470 build 2025-12-12 16:22:47 +01:00
jaydee
1bc1b0dcb9 build 2025-12-12 16:19:03 +01:00
jaydee
b37bf9f699 build 2025-12-12 16:02:28 +01:00
jaydee
bed32a51a6 build 2025-12-12 16:00:49 +01:00
jaydee
cf04cb7f74 build 2025-12-12 15:57:16 +01:00
jaydee
c835e3fbea build 2025-12-12 15:55:48 +01:00
jaydee
6affd9f1a4 build 2025-12-12 15:53:56 +01:00
jaydee
9a064b469e build 2025-12-12 15:23:20 +01:00
jaydee
c206590073 build 2025-12-12 15:18:18 +01:00
jaydee
565b25dc9b build 2025-12-12 12:16:10 +01:00
jaydee
24179fade8 build 2025-12-11 17:12:09 +01:00
jaydee
1ed48b84c4 build 2025-12-11 16:45:19 +01:00
jaydee
2cf269a868 build 2025-12-10 23:42:15 +01:00
jaydee
c01c495b41 build 2025-12-10 23:34:38 +01:00
jaydee
e2748ccda8 build 2025-12-10 23:33:15 +01:00
jaydee
a4eb29de87 build 2025-12-10 23:25:37 +01:00
jaydee
005616c0a6 Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose 2025-12-10 23:24:13 +01:00
jaydee
74213b1de9 build 2025-12-10 23:23:26 +01:00
ladislav.dusa
f3de9e0995 build 2025-12-09 09:21:14 +01:00
ladislav.dusa
f82f7e0f25 build 2025-12-09 09:20:58 +01:00
jaydee
a98a226099 build 2025-12-08 18:57:14 +01:00
jaydee
f6536c0e6c build 2025-12-08 18:53:19 +01:00
jaydee
b73b3dc929 build 2025-12-08 18:15:05 +01:00
jaydee
4e8fe0a1a1 build 2025-12-08 18:14:12 +01:00
jaydee
6484de18e8 build 2025-12-08 18:00:55 +01:00
jaydee
a92d32e73b build 2025-12-08 16:51:22 +01:00
jaydee
178f30e9f1 build 2025-12-08 16:49:06 +01:00
jaydee
121abc76b0 build 2025-12-08 16:48:20 +01:00
jaydee
62a3ba833f build 2025-12-08 16:47:44 +01:00
jaydee
cd2dc573f4 build 2025-12-08 16:46:24 +01:00
jaydee
7b6229bb39 build 2025-12-08 16:41:58 +01:00
jaydee
f06bcd22a6 build 2025-12-08 16:41:10 +01:00
jaydee
fa00fadccf build 2025-12-08 16:06:47 +01:00
jaydee
4537da6174 build 2025-12-08 15:21:02 +01:00
jaydee
020b784632 build 2025-12-08 15:20:18 +01:00
jaydee
2963ee88f9 build 2025-12-08 15:08:41 +01:00
jaydee
682a727d50 build 2025-12-08 14:02:49 +01:00
jaydee
fca4bb4508 build 2025-12-08 00:02:56 +01:00
jaydee
8f2d400301 build 2025-12-07 23:25:42 +01:00
jaydee
bc41a0431d build 2025-12-07 23:22:52 +01:00
jaydee
838fe4ed2a build 2025-12-07 23:21:54 +01:00
jaydee
d932db7b28 build 2025-12-07 23:18:19 +01:00
jaydee
abaf235fed build 2025-12-07 21:13:21 +01:00
jaydee
914bd21457 build 2025-12-07 21:04:38 +01:00
jaydee
0a746ab637 build 2025-12-07 21:01:33 +01:00
jaydee
3191ca5b55 build 2025-12-07 21:00:52 +01:00
jaydee
5a2235ae06 build 2025-12-07 20:59:57 +01:00
jaydee
4f212e10f2 build 2025-12-07 20:54:15 +01:00
jaydee
fc0ea98def build 2025-12-07 20:47:22 +01:00
jaydee
0d9b5ef975 build 2025-12-07 20:44:01 +01:00
jaydee
4ce8f2ec9f build 2025-12-07 20:40:26 +01:00
jaydee
5f24941a59 build 2025-12-07 20:32:19 +01:00
jaydee
fe563de936 build 2025-12-07 20:17:21 +01:00
jaydee
324244afac build 2025-12-07 20:06:38 +01:00
jaydee
106e53fd0e build 2025-12-07 20:05:50 +01:00
jaydee
ecdbbfb69f build 2025-12-07 20:00:33 +01:00
jaydee
eb676c9dc6 build 2025-12-07 13:24:10 +01:00
jaydee
139908ad56 build 2025-12-07 13:19:02 +01:00
jaydee
46a0ae669c build 2025-12-07 13:16:00 +01:00
jaydee
4708260c5c build 2025-12-07 13:11:24 +01:00
jaydee
8fedeb155a build 2025-12-07 13:05:41 +01:00
jaydee
bd29257d19 build 2025-12-07 13:04:52 +01:00
jaydee
f5628ee014 build 2025-12-07 12:55:51 +01:00
jaydee
b70c372e07 build 2025-12-06 16:38:51 +01:00
jaydee
dcee21d9d5 build 2025-12-06 16:36:27 +01:00
jaydee
5748b06dee build 2025-12-06 16:32:49 +01:00
jaydee
042a50b572 build 2025-12-06 16:27:33 +01:00
jaydee
80781812de build 2025-12-06 16:26:01 +01:00
jaydee
718dd27570 build 2025-12-06 16:22:19 +01:00
jaydee
d2e18a53e6 build 2025-12-06 16:20:53 +01:00
jaydee
7a5291fb37 build 2025-12-06 16:19:30 +01:00
jaydee
5651b03906 build 2025-12-06 16:18:26 +01:00
jaydee
246dc997b5 build 2025-12-06 16:17:27 +01:00
jaydee
81b430e23d build 2025-12-06 16:15:23 +01:00
jaydee
43b82acc66 build 2025-12-06 16:12:53 +01:00
jaydee
7b95fd74cd build 2025-12-06 16:10:40 +01:00
jaydee
403f9396c5 build 2025-12-06 16:08:57 +01:00
jaydee
1f82d674f8 build 2025-12-06 16:06:47 +01:00
jaydee
6f66064c8b build 2025-12-06 16:05:02 +01:00
jaydee
504eb1229a build 2025-12-06 16:01:52 +01:00
jaydee
c5c66dc914 build 2025-12-06 15:59:44 +01:00
jaydee
b7efad7a12 build 2025-12-06 15:55:55 +01:00
jaydee
4d98f7f39e build 2025-12-06 15:53:02 +01:00
jaydee
f449431a91 build 2025-12-06 15:51:42 +01:00
jaydee
8f36939703 build 2025-12-06 15:48:47 +01:00
jaydee
136e637aed build 2025-12-06 15:46:41 +01:00
jaydee
6ba2c2dd0f build 2025-12-06 15:27:44 +01:00
jaydee
b4961f5961 build 2025-12-06 15:14:25 +01:00
jaydee
e34addb608 build 2025-12-06 15:11:35 +01:00
jaydee
89321a9b46 build 2025-12-06 15:10:34 +01:00
jaydee
0e31d85bc7 build 2025-12-06 13:25:29 +01:00
jaydee
68046f8bb3 build 2025-12-06 02:22:16 +01:00
jaydee
cc3b725b59 build 2025-12-06 02:19:58 +01:00
jaydee
7af37e4adf build 2025-12-06 02:18:09 +01:00
jaydee
59276f0a0d build 2025-12-06 02:13:52 +01:00
jaydee
53a2087e21 build 2025-12-06 01:53:54 +01:00
jaydee
c4a5822ee7 build 2025-12-06 01:50:44 +01:00
jaydee
6c65d61a9d build 2025-12-06 01:17:11 +01:00
jaydee
a3661ef551 build 2025-12-06 01:14:42 +01:00
jaydee
99c4787189 build 2025-12-06 01:10:29 +01:00
jaydee
7ee17ad41c build 2025-12-06 01:05:53 +01:00
jaydee
f414ced56e build 2025-12-06 01:04:34 +01:00
jaydee
43966299d7 build 2025-12-06 01:01:07 +01:00
jaydee
df897ceee3 build 2025-12-06 00:59:20 +01:00
jaydee
4c73d641e8 build 2025-12-06 00:55:48 +01:00
jaydee
34cb6e28d6 build 2025-12-06 00:54:38 +01:00
jaydee
690d1a2a15 build 2025-12-06 00:47:35 +01:00
jaydee
cdd64767f4 build 2025-12-06 00:33:08 +01:00
jaydee
9080a8914c build 2025-12-06 00:30:40 +01:00
jaydee
a428b50ecd build 2025-12-06 00:29:45 +01:00
jaydee
630946ad99 build 2025-12-06 00:20:51 +01:00
jaydee
0fc0f74183 build 2025-12-06 00:14:24 +01:00
jaydee
bab3fd7ec3 build 2025-12-06 00:11:34 +01:00
jaydee
116855a14c build 2025-12-06 00:07:08 +01:00
jaydee
db91ebd75e build 2025-12-06 00:03:52 +01:00
jaydee
914ceee33c build 2025-12-05 23:45:12 +01:00
jaydee
b784bc08e9 build 2025-12-05 23:31:00 +01:00
jaydee
3eb5938c7d build 2025-12-05 23:28:27 +01:00
jaydee
05b09e3ab4 build 2025-12-05 23:27:54 +01:00
jaydee
b1336936a7 build 2025-12-05 23:23:16 +01:00
jaydee
e3e59b73c6 build 2025-12-05 23:15:16 +01:00
jaydee
9c8f603390 build 2025-12-05 23:14:25 +01:00
jaydee
e77462a602 build 2025-12-05 23:05:40 +01:00
jaydee
3b3a520099 build 2025-12-05 23:02:56 +01:00
jaydee
b5ad9aa6f1 build 2025-12-05 22:54:34 +01:00
jaydee
68fe8d68bf build 2025-12-05 22:49:10 +01:00
jaydee
3fad5abfb2 build 2025-12-05 22:46:00 +01:00
jaydee
279d51b43e build 2025-12-05 22:36:47 +01:00
jaydee
782b2361b1 build 2025-12-05 22:35:09 +01:00
jaydee
ca167b83a1 build 2025-12-05 22:34:31 +01:00
jaydee
1c7d250719 build 2025-12-05 22:27:08 +01:00
jaydee
3fd77c7a85 build 2025-12-05 22:02:54 +01:00
jaydee
c4de5186ef build 2025-12-05 17:40:21 +01:00
jaydee
8684ec35b1 build 2025-12-05 17:38:52 +01:00
jaydee
4b3edfb97e build 2025-12-05 17:38:16 +01:00
jaydee
f8a3b1df09 build 2025-12-05 17:37:12 +01:00
jaydee
fc47bf7ca8 build 2025-12-05 17:36:18 +01:00
jaydee
1880468c0a build 2025-12-05 17:35:18 +01:00
jaydee
cd45bf010a build 2025-12-05 14:23:23 +01:00
jaydee
b6bb681347 build 2025-12-05 14:22:53 +01:00
jaydee
75094c4bef build 2025-12-05 14:22:30 +01:00
jaydee
ad6bddbd27 build 2025-12-05 14:21:56 +01:00
jaydee
4f23e7bcac build 2025-12-05 14:21:14 +01:00
jaydee
09af3a71f2 build 2025-12-05 14:18:29 +01:00
jaydee
4044c739f3 build 2025-12-05 13:34:11 +01:00
jaydee
52101e3559 build 2025-12-05 07:30:09 +01:00
jaydee
1699f45b01 build 2025-12-04 20:36:28 +01:00
jaydee
a95436bff8 build 2025-12-04 20:34:39 +01:00
jaydee
09f7bcf059 build 2025-12-04 20:28:26 +01:00
jaydee
60f60c4950 build 2025-12-04 20:26:49 +01:00
jaydee
89231da969 build 2025-12-04 20:24:48 +01:00
jaydee
ae54ed3d27 build 2025-12-04 20:24:45 +01:00
jaydee
da2bbe5318 build 2025-12-04 20:06:12 +01:00
jaydee
16725c9d47 build 2025-12-04 14:18:31 +01:00
jaydee
f4742596e5 build 2025-12-04 13:35:13 +01:00
jaydee
c7f06a3d67 build 2025-12-04 13:29:46 +01:00
jaydee
225b5e07e4 Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose 2025-12-04 13:28:07 +01:00
jaydee
e222a43e52 build 2025-12-04 13:27:56 +01:00
ladislav.dusa
e38fdbc412 build 2025-12-03 13:17:01 +01:00
jaydee
6b9b310267 build 2025-12-02 23:50:19 +01:00
jaydee
e6b210c5c2 build 2025-12-02 17:45:31 +01:00
jaydee
05f7d57ea0 build 2025-12-02 09:27:40 +01:00
jaydee
77bf212ea5 build 2025-12-02 09:15:35 +01:00
jaydee
4e78ee240b build 2025-12-02 09:10:24 +01:00
jaydee
71470ad568 build 2025-12-02 00:47:29 +01:00
jaydee
bfaaccd820 build 2025-12-02 00:07:30 +01:00
jaydee
d3cc962d2c build 2025-12-02 00:07:11 +01:00
jaydee
d0430f6c29 build 2025-12-02 00:06:51 +01:00
jaydee
1f4db460b2 build 2025-12-02 00:05:18 +01:00
jaydee
2f626e5d1d build 2025-12-02 00:02:48 +01:00
jaydee
eefa342936 build 2025-12-02 00:02:23 +01:00
jaydee
b8f2e75104 build 2025-12-01 23:56:28 +01:00
jaydee
f2cd7820ee build 2025-12-01 23:54:51 +01:00
jaydee
5fb1992d5a build 2025-12-01 23:52:11 +01:00
jaydee
920a1612f1 build 2025-12-01 23:51:38 +01:00
jaydee
5e747541a9 build 2025-12-01 23:51:18 +01:00
jaydee
6596084339 build 2025-12-01 23:50:10 +01:00
jaydee
7aa2886f56 build 2025-12-01 23:49:35 +01:00
jaydee
3faf6f4518 build 2025-12-01 23:44:14 +01:00
jaydee
7fd268c8f7 build 2025-12-01 23:33:08 +01:00
jaydee
36c3a04d68 build 2025-12-01 23:32:00 +01:00
jaydee
a7f03c4018 build 2025-12-01 23:31:08 +01:00
jaydee
e4aae2ad7f build 2025-12-01 23:29:08 +01:00
jaydee
cb8da69fb7 build 2025-12-01 23:26:52 +01:00
jaydee
3db89c2fa4 build 2025-12-01 23:17:55 +01:00
jaydee
0cee8f9035 build 2025-12-01 23:13:44 +01:00
jaydee
72e396ca25 build 2025-12-01 23:09:45 +01:00
jaydee
43b639d032 build 2025-12-01 23:09:19 +01:00
jaydee
ed9e536fe3 build 2025-12-01 23:04:40 +01:00
jaydee
9a35e5dd04 build 2025-12-01 23:04:11 +01:00
jaydee
b4b12f491b build 2025-12-01 23:01:26 +01:00
jaydee
7b5a0df31a build 2025-12-01 23:01:04 +01:00
jaydee
38794f8d05 build 2025-12-01 22:54:45 +01:00
jaydee
7ee80c8dd7 build 2025-12-01 22:51:51 +01:00
jaydee
15d4158cf4 build 2025-12-01 22:50:00 +01:00
jaydee
f67185ff7a build 2025-12-01 22:43:16 +01:00
jaydee
2f3e5f1c34 build 2025-12-01 22:40:54 +01:00
jaydee
23c1830136 build 2025-12-01 22:39:54 +01:00
jaydee
4019769b46 build 2025-12-01 22:39:30 +01:00
jaydee
9a5fef9a6c build 2025-12-01 22:17:46 +01:00
jaydee
7086a5d938 build 2025-12-01 22:14:56 +01:00
jaydee
cc1973cfba build 2025-12-01 22:13:40 +01:00
jaydee
21b1074c66 build 2025-12-01 22:10:13 +01:00
jaydee
940f6a44b4 build 2025-12-01 22:09:44 +01:00
jaydee
c711d5f918 build 2025-12-01 22:04:37 +01:00
jaydee
9a31555e24 build 2025-12-01 22:04:05 +01:00
jaydee
6ce28fee3d build 2025-12-01 22:02:12 +01:00
jaydee
59ef2785aa build 2025-12-01 21:32:54 +01:00
jaydee
05832a32f8 build 2025-12-01 21:25:22 +01:00
jaydee
df36b5e6e9 build 2025-12-01 21:06:10 +01:00
jaydee
db968226bd build 2025-12-01 21:05:25 +01:00
jaydee
b44183d97f build 2025-12-01 20:56:04 +01:00
jaydee
78f958d101 build 2025-12-01 20:53:34 +01:00
jaydee
6f0c7e1b01 build 2025-12-01 20:50:22 +01:00
jaydee
a76a083829 build 2025-12-01 20:49:33 +01:00
jaydee
a30bdd2aaf build 2025-12-01 20:30:18 +01:00
jaydee
d4ad6a6e20 build 2025-12-01 20:28:55 +01:00
jaydee
a52c6d0acf build 2025-12-01 20:05:39 +01:00
jaydee
83075b5d70 build 2025-12-01 19:37:17 +01:00
jaydee
b7bda89eac build 2025-12-01 14:40:34 +01:00
jaydee
019b9279b7 build 2025-12-01 11:54:15 +01:00
jaydee
238ed8934c build 2025-12-01 11:50:53 +01:00
jaydee
8832b26ac6 build 2025-12-01 09:46:49 +01:00
jaydee
df02fb6493 build 2025-12-01 00:45:31 +01:00
jaydee
2503bdff11 build 2025-12-01 00:44:21 +01:00
jaydee
46f149d67d build 2025-11-30 23:59:15 +01:00
jaydee
36f36feea3 build 2025-11-30 23:56:04 +01:00
jaydee
cde8f6c486 build 2025-11-30 23:54:27 +01:00
jaydee
8a49f037e2 build 2025-11-30 23:54:10 +01:00
jaydee
f3c5258573 build 2025-11-30 23:51:33 +01:00
jaydee
0adb6aee4f build 2025-11-30 23:49:56 +01:00
jaydee
e1638acd8d build 2025-11-30 23:34:46 +01:00
jaydee
c349c2e262 build 2025-11-30 23:16:59 +01:00
jaydee
6fe23b5734 build 2025-11-30 23:15:18 +01:00
jaydee
4100776d71 build 2025-11-30 22:49:47 +01:00
jaydee
614aea1790 build 2025-11-30 22:38:10 +01:00
jaydee
7e0423af92 build 2025-11-30 22:34:44 +01:00
jaydee
fe0e418533 build 2025-11-30 22:28:40 +01:00
jaydee
2bda209455 build 2025-11-30 22:25:10 +01:00
jaydee
661cdf4a37 build 2025-11-30 22:20:45 +01:00
jaydee
e9598adce8 build 2025-11-30 22:06:14 +01:00
jaydee
71af5ccc4c build 2025-11-30 22:02:25 +01:00
jaydee
0f990c2c9e build 2025-11-30 21:58:23 +01:00
jaydee
28afb56f15 build 2025-11-30 21:45:08 +01:00
jaydee
8cd6483f92 build 2025-11-30 21:39:05 +01:00
jaydee
f1d9b5afea build 2025-11-30 21:35:07 +01:00
jaydee
a733b283b1 build 2025-11-30 21:25:00 +01:00
jaydee
d7e80a3e06 build 2025-11-30 21:21:55 +01:00
jaydee
d9495b67a2 build 2025-11-30 20:59:37 +01:00
jaydee
ecdfa9182a build 2025-11-30 20:56:53 +01:00
jaydee
7be1fc6085 build 2025-11-30 20:55:45 +01:00
jaydee
aa68e0f291 build 2025-11-30 20:50:00 +01:00
jaydee
972be8425a build 2025-11-30 19:37:27 +01:00
jaydee
f901c8a22c build 2025-11-30 19:35:08 +01:00
jaydee
99966b04ba build 2025-11-30 18:46:25 +01:00
jaydee
86ed33513d build 2025-11-30 18:26:06 +01:00
jaydee
a1ceec582a build 2025-11-30 18:01:08 +01:00
jaydee
f49b9a13e0 build 2025-11-30 17:28:04 +01:00
jaydee
c2420987ca build 2025-11-30 17:27:05 +01:00
jaydee
af8e4b1cbf build 2025-11-30 17:13:02 +01:00
jaydee
5ef7c025f4 build 2025-11-30 17:12:46 +01:00
jaydee
befd931165 build 2025-11-30 17:04:24 +01:00
jaydee
a037496191 build 2025-11-30 17:01:20 +01:00
jaydee
5e8b06175d build 2025-11-30 16:59:40 +01:00
jaydee
03516cad45 build 2025-11-30 16:58:51 +01:00
jaydee
1b14ee6a6d build 2025-11-30 16:57:24 +01:00
jaydee
0e0383bf49 build 2025-11-30 16:56:13 +01:00
jaydee
527c18c89f build 2025-11-30 16:43:19 +01:00
jaydee
03c1e12a27 build 2025-11-30 16:35:09 +01:00
jaydee
2ddb1fad36 build 2025-11-30 16:31:04 +01:00
jaydee
6f137b7a1b build 2025-11-30 16:29:53 +01:00
jaydee
9ae1911a44 build 2025-11-30 16:03:20 +01:00
jaydee
ac9f9dd009 build 2025-11-30 15:57:29 +01:00
jaydee
3fbf904a6c build 2025-11-30 15:57:28 +01:00
jaydee
cfb619f3c3 build 2025-11-30 15:36:23 +01:00
jaydee
bf052fae54 build 2025-11-30 15:35:00 +01:00
jaydee
63bf6b805b build 2025-11-30 15:16:46 +01:00
jaydee
a63b1353a7 build 2025-11-30 15:15:01 +01:00
jaydee
0443fcf7aa build 2025-11-30 15:13:57 +01:00
jaydee
d3ef0fb2b7 build 2025-11-30 15:08:49 +01:00
jaydee
67400a92b0 build 2025-11-30 15:05:19 +01:00
jaydee
a59d0b5fa7 build 2025-11-30 15:04:25 +01:00
jaydee
c1dec9fbc7 build 2025-11-30 15:02:09 +01:00
jaydee
29fe44abdb build 2025-11-30 15:01:11 +01:00
jaydee
8296f99b41 build 2025-11-30 14:58:16 +01:00
jaydee
06041dc3ee build 2025-11-30 14:50:36 +01:00
jaydee
6f18999452 build 2025-11-30 14:40:21 +01:00
jaydee
9477960cca build 2025-11-30 14:39:30 +01:00
jaydee
8354f41f09 build 2025-11-30 14:14:01 +01:00
jaydee
ce5765ed78 build 2025-11-30 13:20:47 +01:00
jaydee
0420f90ac8 build 2025-11-30 12:56:57 +01:00
jaydee
8076465132 build 2025-11-30 12:47:57 +01:00
jaydee
ff651e8a4e build 2025-11-30 12:47:02 +01:00
jaydee
9b9647ac3b build 2025-11-30 12:46:17 +01:00
jaydee
13e6dd903a build 2025-11-30 12:34:45 +01:00
jaydee
e5f390ad42 build 2025-11-27 01:42:57 +01:00
jaydee
a295d88932 build 2025-11-27 01:28:42 +01:00
jaydee
1895b255c0 build 2025-11-27 01:27:01 +01:00
jaydee
04036069e2 build 2025-11-27 01:10:17 +01:00
jaydee
20b4ffeecd build 2025-11-27 01:05:30 +01:00
jaydee
360e7b3889 build 2025-11-27 00:52:55 +01:00
jaydee
a54bdf3164 build 2025-11-27 00:47:47 +01:00
jaydee
9f0b6d3380 build 2025-11-27 00:46:20 +01:00
jaydee
58ac59775f build 2025-11-27 00:44:36 +01:00
jaydee
45b4ffb3a0 build 2025-11-27 00:43:14 +01:00
jaydee
2dc3c02720 build 2025-11-27 00:20:01 +01:00
jaydee
9c5f226c1b build 2025-11-26 23:02:19 +01:00
jaydee
348b5bde0c build 2025-11-22 10:15:09 +01:00
jaydee
60a4459383 build 2025-11-22 10:07:38 +01:00
jaydee
e77bcfcd1d build 2025-11-22 10:05:24 +01:00
jaydee
59fdf78983 build 2025-11-22 09:31:52 +01:00
jaydee
c89bffbbcb build 2025-11-22 09:25:44 +01:00
jaydee
009ac6e534 build 2025-11-22 09:18:32 +01:00
jaydee
132ba61d1c build 2025-11-21 13:28:42 +01:00
jaydee
7fb4f4e7e2 build 2025-11-21 00:03:25 +01:00
jaydee
c895947d2c build 2025-11-21 00:00:31 +01:00
jaydee
4fba507909 build 2025-11-20 23:59:53 +01:00
jaydee
52c271e592 build 2025-11-20 23:57:51 +01:00
jaydee
3a8cc691f4 build 2025-11-20 23:53:47 +01:00
jaydee
bc2ccf529f build 2025-11-20 23:45:36 +01:00
jaydee
13c366a7de build 2025-11-20 23:44:46 +01:00
jaydee
7793689b89 build 2025-11-20 23:44:08 +01:00
jaydee
5d3f47f90d build 2025-11-20 23:43:41 +01:00
jaydee
678101718f build 2025-11-20 23:30:43 +01:00
jaydee
0d480e7ae8 build 2025-11-20 23:26:06 +01:00
jaydee
f615d6b147 build 2025-11-19 00:54:25 +01:00
jaydee
25148d8769 build 2025-11-19 00:37:58 +01:00
jaydee
e929defb34 build 2025-11-19 00:09:22 +01:00
jaydee
376b66d9a6 build 2025-11-19 00:08:26 +01:00
jaydee
18a5022df8 build 2025-11-19 00:00:01 +01:00
jaydee
e4a1ba7073 build 2025-11-18 23:56:14 +01:00
jaydee
d98370e9b8 build 2025-11-18 23:55:20 +01:00
jaydee
cd94c86daf build 2025-11-18 23:51:22 +01:00
jaydee
991ef075a2 build 2025-11-18 23:46:32 +01:00
jaydee
d0d7b14d16 build 2025-11-18 23:40:14 +01:00
jaydee
3fce655511 build 2025-11-18 23:35:19 +01:00
jaydee
15c7cdb3aa build 2025-11-18 23:31:51 +01:00
jaydee
8d7101366b build 2025-11-18 23:26:11 +01:00
jaydee
cf68eb4c75 build 2025-11-18 23:00:17 +01:00
jaydee
80e633cecd build 2025-11-18 22:58:25 +01:00
jaydee
3c83de6a35 build 2025-11-18 22:46:32 +01:00
jaydee
46401dd288 build 2025-11-18 22:43:15 +01:00
jaydee
873ea0efb4 build 2025-11-18 22:34:01 +01:00
jaydee
4d0d9c93ca alias 2025-11-18 20:54:46 +01:00
jaydee
8db02b515e alias 2025-11-18 20:44:48 +01:00
jaydee
f8bb4bbd34 alias 2025-11-18 20:43:35 +01:00
jaydee
c28e3651b1 alias 2025-11-18 20:43:21 +01:00
jaydee
c94109a95e alias 2025-11-18 18:38:42 +01:00
jaydee
74121897a5 alias 2025-11-18 17:57:06 +01:00
jaydee
c4aff80566 alias 2025-11-18 16:57:18 +01:00
jaydee
2e6ab18df8 alias 2025-11-18 16:52:34 +01:00
jaydee
03be5a8916 alias 2025-11-18 16:49:41 +01:00
jaydee
b644b36d06 alias 2025-11-18 16:48:10 +01:00
jaydee
f71ca15c11 alias 2025-11-18 16:41:32 +01:00
jaydee
d9092ebaa3 alias 2025-11-18 12:36:36 +01:00
jaydee
09460a2637 alias 2025-11-18 11:32:22 +01:00
jaydee
4e7160d332 alias 2025-11-18 11:32:15 +01:00
jaydee
46f865a292 alias 2025-11-18 01:58:20 +01:00
jaydee
efa026ccab alias 2025-11-18 01:57:26 +01:00
jaydee
10b2bde7f9 alias 2025-11-18 01:57:14 +01:00
jaydee
712a3f65d9 alias 2025-11-18 01:47:58 +01:00
jaydee
6acff3fe5d alias 2025-11-18 01:12:43 +01:00
jaydee
714c150042 alias 2025-11-18 01:11:47 +01:00
jaydee
f690971659 alias 2025-11-16 20:32:51 +01:00
jaydee
cdc5dc8e45 alias 2025-11-13 17:27:50 +01:00
jaydee
e8b248847b alias 2025-11-13 09:43:49 +01:00
jaydee
46ea08fe1c alias 2025-11-13 02:29:03 +01:00
jaydee
3352a74e24 alias 2025-11-13 02:22:35 +01:00
jaydee
78922c407e alias 2025-11-13 02:22:22 +01:00
jaydee
680961397f build 2025-11-13 02:03:38 +01:00
jaydee
e71867f77c alias 2025-11-13 01:40:53 +01:00
jaydee
0e2b856b02 alias 2025-11-13 01:03:14 +01:00
jaydee
07ecd6cd75 alias 2025-11-13 01:02:38 +01:00
jaydee
a34b753ae8 alias 2025-11-13 00:27:30 +01:00
jaydee
97691340d1 Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose 2025-11-13 00:00:30 +01:00
jaydee
947af590e1 alias 2025-11-12 23:58:49 +01:00
212 changed files with 8880 additions and 95 deletions
Expand all files Collapse all files

16
__swarm/authentik/.env Executable file
View File

@@ -0,0 +1,16 @@
PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
PG_USER=authentik
PG_DB=authentik
AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_TAG=2025.8.4
POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
POSTGRES_USER=authentik
POSTGRES_DB=authentik
TZ=Europe/Bratislava
AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
DOCKER_REGISTRY=r.sectorq.eu/library/

150
__swarm/authentik/authentik-swarm.yml Normal file
View File

@@ -0,0 +1,150 @@
services:
authentik_ldap:
environment:
AUTHENTIK_HOST: https://auth.sectorq.eu
AUTHENTIK_INSECURE: 'false'
AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
ports:
- target: 3389
published: 2389
protocol: tcp
mode: ingress
- target: 6636
published: 2636
protocol: tcp
mode: ingress
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
postgresql:
environment:
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
POSTGRES_DB: ${PG_DB:-authentik}
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
TZ: Europe/Bratislava
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 5s
image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
volumes:
- database:/var/lib/postgresql/data
deploy:
labels:
wud.watch: 'false'
replicas: 1
placement:
constraints:
- node.role == manager
redis:
command: --save 60 1 --loglevel warning
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- redis-cli ping | grep PONG
timeout: 3s
image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
volumes:
- redis:/data
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
server:
command: server
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
ports:
- target: 9000
published: 9003
protocol: tcp
mode: ingress
- target: 9443
published: 9453
protocol: tcp
mode: ingress
volumes:
- media:/media
- custom-templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
deploy:
labels:
homepage.container: authentik_server
homepage.description: Authentification server
homepage.group: Utilities
homepage.href: https://auth.sectorq.eu
homepage.icon: authentik.png
homepage.name: Authentik
homepage.server: my-docker-swarm
homepage.weight: '10'
homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
homepage.widget.type: authentik
homepage.widget.url: https://auth.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
worker:
command: worker
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- media:/media
- certs:/certs
- custom-templates:/templates
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
database:
driver: local
redis:
driver: local
custom-templates:
driver: local
media:
driver: local
certs:
driver: local

125
__swarm/authentik/docker-compose.yml Executable file
View File

@@ -0,0 +1,125 @@
services:
authentik_ldap:
environment:
AUTHENTIK_HOST: https://auth.sectorq.eu
AUTHENTIK_INSECURE: 'false'
AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
labels:
wud.watch: true
wud.watch.digest: true
ports:
- 2389:3389
- 2636:6636
restart: ${RESTART:-unless-stopped}
postgresql:
environment:
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
POSTGRES_DB: ${PG_DB:-authentik}
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
TZ: Europe/Bratislava
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 5s
image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
labels:
wud.watch: false
restart: ${RESTART:-unless-stopped}
volumes:
- database:/var/lib/postgresql/data
redis:
command: --save 60 1 --loglevel warning
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- redis-cli ping | grep PONG
timeout: 3s
image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- authentik_redis:/data
server:
command: server
depends_on:
- postgresql
- redis
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
labels:
homepage.container: authentik-server-1
homepage.description: Authentification server
homepage.group: Utilities
homepage.href: https://auth.sectorq.eu
homepage.icon: authentik.png
homepage.name: Authentik
homepage.server: my-docker
homepage.weight: '10'
homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
homepage.widget.type: authentik
homepage.widget.url: https://auth.sectorq.eu
wud.watch: true
wud.watch.digest: true
ports:
- 9003:9000
- 9453:9443
restart: ${RESTART:-unless-stopped}
volumes:
- media:/media
- templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
worker:
command: worker
depends_on:
- postgresql
- redis
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- media:/media
- certs:/certs
- custom-templates:/templates
volumes:
database:
driver: local
redis:
driver: local
custom-templates:
driver: local
media:
driver: local
certs:
driver: local

15
__swarm/authentik/stack.env Executable file
View File

@@ -0,0 +1,15 @@
PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
PG_USER=authentik
PG_DB=authentik
AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_TAG=2025.10.2
POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
POSTGRES_USER=authentik
POSTGRES_DB=authentik
TZ=Europe/Bratislava
AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp

2
__swarm/bitwarden/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=bitwarden
DOCKER_REGISTRY=r.sectorq.eu/library/

39
__swarm/bitwarden/bitwarden-stack.yml Normal file
View File

@@ -0,0 +1,39 @@
services:
bitwarden:
environment:
WEBSOCKET_ENABLED: 'true'
SIGNUPS_ALLOWED: 'true'
DOMAIN: https://pw.sectorq.eu
SMTP_HOST: mail.sectorq.eu
SMTP_FROM: jaydee@sectorq.eu
SMTP_PORT: '465'
SMTP_SSL: 'true'
SMTP_USERNAME: jaydee@sectorq.eu
SMTP_PASSWORD: $SMTP_PASSWORD
ADMIN_TOKEN: $ADMIN_PASSWORD
image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
ports:
- target: 80
published: 8181
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: vaultwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

42
__swarm/bitwarden/bitwarden-swarm.yml Normal file
View File

@@ -0,0 +1,42 @@
volumes:
data:
driver: local
services:
bitwarden:
environment:
WEBSOCKET_ENABLED: 'true'
SIGNUPS_ALLOWED: 'true'
DOMAIN: https://pw.sectorq.eu
SMTP_HOST: mail.sectorq.eu
SMTP_FROM: jaydee@sectorq.eu
SMTP_PORT: '465'
SMTP_SSL: 'true'
SMTP_USERNAME: jaydee@sectorq.eu
SMTP_PASSWORD: $SMTP_PASSWORD
ADMIN_TOKEN: $ADMIN_PASSWORD
image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
ports:
- target: 80
published: 8181
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
volumes:
- data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bitwarden_bitwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

35
__swarm/bitwarden/docker-compose.yml Executable file
View File

@@ -0,0 +1,35 @@
services:
bitwarden:
container_name: vaultwarden
environment:
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=true
- DOMAIN=https://pw.sectorq.eu
- SMTP_HOST=mail.sectorq.eu
- SMTP_FROM=jaydee@sectorq.eu
- SMTP_PORT=465
- SMTP_SSL=true
- SMTP_USERNAME=jaydee@sectorq.eu
- SMTP_PASSWORD=$SMTP_PASSWORD
- ADMIN_TOKEN=$ADMIN_PASSWORD
image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: vaultwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker
homepage.weight: 1
wud.watch: true
wud.watch.digest: true
ports:
- 8181:80
restart: ${RESTART:-unless-stopped}
volumes:
- data:/data
volumes:
data:
driver: local

2
__swarm/bookstack/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=bookstack
DOCKER_REGISTRY=r.sectorq.eu/library/

52
__swarm/bookstack/bookstack-swarm.yml Normal file
View File

@@ -0,0 +1,52 @@
volumes:
app_data:
driver: local
db_data:
driver: local
services:
app:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
ports:
- target: 80
published: 6875
protocol: tcp
mode: ingress
volumes:
- app_data:/config
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bookstack_app
homepage.description: Books
homepage.group: Utilities
homepage.href: https://bookstack.sectorq.eu
homepage.icon: bookstack.png
homepage.name: Bookstack
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
db:
env_file:
- stack.env
environment:
PGID: 0
PUID: 0
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
volumes:
- db_data:/config
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

88
__swarm/bookstack/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,88 @@
---
version: "2"
services:
app:
image: lscr.io/linuxserver/bookstack:latest
environment:
PUID: 1000
PGID: 1000
APP_URL: https://bookstack.sectorq.eu
DB_HOST: db
DB_PORT: 3306
DB_USER: bookstack
DB_PASS: l4c1j4yd33Du5lo
DB_DATABASE: bookstackapp
# Set authentication method to be saml2
AUTH_METHOD: saml2
# Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
# Prevents the need for the user to click the "Login with x" button on the login page.
# Setting this to true enables auto-initiation.
AUTH_AUTO_INITIATE: false
# Set the display name to be shown on the login button.
# (Login with <name>)
SAML2_NAME: authentik
# Name of the attribute which provides the user's email address
SAML2_EMAIL_ATTRIBUTE: email
# Name of the attribute to use as an ID for the SAML user.
SAML2_EXTERNAL_ID_ATTRIBUTE: uid
# Enable SAML group sync.
SAML2_USER_TO_GROUPS: true
# Set the attribute from which BookStack will read groups names from.
# You will need to rename your roles in Bookstack to match your groups in authentik.
SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
# Name of the attribute(s) to use for the user's display name
# Can have multiple attributes listed, separated with a '|' in which
# case those values will be joined with a space.
# Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
# Defaults to the ID value if not found.
######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
SAML2_DISPLAY_NAME_ATTRIBUTES: username
# Identity Provider entityID URL
SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
# Auto-load metadata from the IDP
# Setting this to true negates the need to specify the next three options
SAML2_AUTOLOAD_METADATA: true
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
ports:
- 6875:80
restart: ${RESTART:-unless-stopped}
depends_on:
- db
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Utilities
homepage.name: Bookstack
homepage.weight: 1
homepage.icon: bookstack.png
homepage.href: https://bookstack.sectorq.eu
homepage.description: Books
homepage.server: my-docker
homepage.container: bookstack-app-1
# homepage.widget.type: ${APPNAME}
# homepage.widget.url: https://${APPNAME}.sectorq.eu
# homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
# homepage.widget.version: 2
db:
image: lscr.io/linuxserver/mariadb
environment:
PUID: 0
PGID: 0
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
TZ: Europe/Bratislava
MYSQL_DATABASE: bookstackapp
MYSQL_USER: bookstack
MYSQL_PASSWORD: l4c1j4yd33Du5lo
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
restart: ${RESTART:-unless-stopped}

38
__swarm/bookstack/docker-compose.yml Executable file
View File

@@ -0,0 +1,38 @@
services:
app:
depends_on:
- db
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: bookstack-app-1
homepage.description: Books
homepage.group: Utilities
homepage.href: https://bookstack.sectorq.eu
homepage.icon: bookstack.png
homepage.name: Bookstack
homepage.server: my-docker
homepage.weight: 1
wud.watch: true
wud.watch.digest: true
ports:
- 6875:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
db:
env_file:
- stack.env
environment:
PGID: 0
PUID: 0
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
version: '2'

86
__swarm/bookstack/stack.env Executable file
View File

@@ -0,0 +1,86 @@
PUID=1000
PGID=1000
APP_URL=https://bookstack.sectorq.eu
DB_HOST=db
DB_PORT=3306
DB_USER=bookstack
DB_PASS=l4c1j4yd33Du5lo
DB_DATABASE=bookstackapp
MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
TZ=Europe/Bratislava
MYSQL_DATABASE=bookstackapp
MYSQL_USER=bookstack
MYSQL_PASSWORD=l4c1j4yd33Du5lo
# # Set authentication method to be saml2
# AUTH_METHOD: saml2
# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
# # Prevents the need for the user to click the "Login with x" button on the login page.
# # Setting this to true enables auto-initiation.
# AUTH_AUTO_INITIATE: false
# # Set the display name to be shown on the login button.
# # (Login with <name>)
# SAML2_NAME: authentik
# # Name of the attribute which provides the user's email address
# SAML2_EMAIL_ATTRIBUTE: email
# # Name of the attribute to use as an ID for the SAML user.
# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
# # Enable SAML group sync.
# SAML2_USER_TO_GROUPS: true
# # Set the attribute from which BookStack will read groups names from.
# # You will need to rename your roles in Bookstack to match your groups in authentik.
# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
# # Name of the attribute(s) to use for the user's display name
# # Can have multiple attributes listed, separated with a '|' in which
# # case those values will be joined with a space.
# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
# # Defaults to the ID value if not found.
# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
# SAML2_DISPLAY_NAME_ATTRIBUTES: username
# # Identity Provider entityID URL
# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
# # Auto-load metadata from the IDP
# # Setting this to true negates the need to specify the next three options
# SAML2_AUTOLOAD_METADATA: true
# Set OIDC to be the authentication method
AUTH_METHOD=oidc
#AUTH_METHOD: standard
# Control if BookStack automatically initiates login via your OIDC system
# if it's the only authentication method. Prevents the need for the
# user to click the "Login with x" button on the login page.
# Setting this to true enables auto-initiation.
AUTH_AUTO_INITIATE=true
# Set the display name to be shown on the login button.
# (Login with <name>)
OIDC_NAME=SSO
# Name of the claims(s) to use for the user's display name.
# Can have multiple attributes listed, separated with a '|' in which
# case those values will be joined with a space.
# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
OIDC_DISPLAY_NAME_CLAIMS=name
# OAuth Client ID to access the identity provider
OIDC_CLIENT_ID=GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
# OAuth Client Secret to access the identity provider
OIDC_CLIENT_SECRET=Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
# Issuer URL
# Must start with 'https://'
OIDC_ISSUER=https://auth.sectorq.eu/application/o/bookstack/
# The "end session" (RP-initiated logout) URL to call during BookStack logout.
# By default this is false which disables RP-initiated logout.
# Setting to "true" will enable logout if found as supported by auto-discovery.
# Otherwise, this can be set as a specific URL endpoint.
OIDC_END_SESSION_ENDPOINT=false
# Enable auto-discovery of endpoints and token keys.
# As per the standard, expects the service to serve a
# `<issuer>/.well-known/openid-configuration` endpoint.
OIDC_ISSUER_DISCOVER=true

2
__swarm/dockermon/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=dockermon
DOCKER_REGISTRY=r.sectorq.eu/library/

14
__swarm/dockermon/docker-compose.yml Executable file
View File

@@ -0,0 +1,14 @@
services:
docker_mon:
image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
ports:
- 8126:8126
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/dockermon/config:/config
version: '2'

22
__swarm/dockermon/dockermon-swarm.yml Normal file
View File

@@ -0,0 +1,22 @@
services:
docker_mon:
image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
ports:
- target: 8126
published: 8126
protocol: tcp
mode: ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- config:/config
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:

2
__swarm/fail2ban/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=fail2ban
DOCKER_REGISTRY=r.sectorq.eu/library/

0
__swarm/fail2ban/.gitkeep Executable file
View File

49
__swarm/fail2ban/docker-compose.yaml Executable file
View File

@@ -0,0 +1,49 @@
---
services:
# fail2ban:
# image: lscr.io/linuxserver/fail2ban:latest
# container_name: fail2ban
# cap_add:
# - NET_ADMIN
# - NET_RAW
# network_mode: host
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=Europe/Bratislava
# - VERBOSITY=-vvv #optional
# volumes:
# - /share/docker_data/fail2ban/config:/config
# - /share/docker_data/fail2ban/log:/var/log:ro
# # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
# # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
# # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
# # - /path/to/emby/log:/remotelogs/emby:ro #optional
# # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
# - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
# # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
# # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
# # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
# # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
# # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
# # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
# # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
# # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
# # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
# # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
# # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
# restart: unless-stopped
blockips-unifi:
stdin_open: true
tty: true
container_name: blockips-unifi
restart: always
environment:
- TZ=Europe/Bratislava
volumes:
- /share/docker_data/unify_block/config.php:/config.php
- /share/docker_data/unify_block/ban.sh:/ban.sh
- /share/docker_data/unify_block/crontab:/etc/crontabs/root
- /share/docker_data/fail2ban/ban:/ban
- /share/docker_data/fail2ban/unban:/unban
image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest

12
__swarm/fail2ban/fail2ban.env Executable file
View File

@@ -0,0 +1,12 @@
TZ=Europe/Bratislava
F2B_LOG_TARGET=/log/fail2ban.log
F2B_LOG_LEVEL=INFO
F2B_DB_PURGE_AGE=1d
SSMTP_HOST=mail.sectorq.eu
SSMTP_PORT=465
SSMTP_HOSTNAME=mail.sectorq.eu
SSMTP_USER=fail2ban@sectorq.eu
SSMTP_PASSWORD=l4c1j4yd33Du5lo
SSMTP_TLS=YES

3
__swarm/gitea/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=gitea
DOCKER_REGISTRY=r.sectorq.eu/library/
TOKEN=ddfc91b29920082636da70cc677aec74c88a7666

55
__swarm/gitea/docker-compose.yml Executable file
View File

@@ -0,0 +1,55 @@
networks:
gitea:
external: false
services:
server:
container_name: gitea
environment:
USER_UID: 1000
USER_GID: 1000
ROOT_URL: https://gitea.sectorq.eu
ENABLE_PASSWORD_SIGNIN_FORM: false
DISABLE_REGISTRATION: true
image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: gitea
homepage.description: Version control server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Gitea
homepage.server: my-docker
homepage.weight: 1
homepage.widget.key: ${TOKEN}
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: 2
wud.watch: true
wud.watch.digest: true
networks:
- gitea
ports:
- 3000:3000
- '222:22'
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
runner:
image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
GITEA_RUNNER_NAME: jaydee
GITEA_RUNNER_LABELS: jaydee
volumes:
- /share/docker_data/gitea-runner/config:/config
- /share/docker_data/gitea-runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: ${RESTART:-unless-stopped}
labels:
wud.watch: true
wud.watch.digest: true

81
__swarm/gitea/gitea-swarm.yml Normal file
View File

@@ -0,0 +1,81 @@
networks:
gitea:
external: false
services:
server:
environment:
USER_UID: 1000
USER_GID: 1000
ROOT_URL: https://gitea.sectorq.eu
ENABLE_PASSWORD_SIGNIN_FORM: 'false'
DISABLE_REGISTRATION: 'true'
image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
networks:
- gitea
ports:
- target: 3000
published: 3000
protocol: tcp
mode: ingress
- target: 22
published: 222
protocol: tcp
mode: ingress
volumes:
- data:/data
- /etc/localtime:/etc/localtime:ro
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitea_server
homepage.description: Version control server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Gitea
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.key: "b7b6e21beb7489c170215e2b7ae0d9b0099132d6"
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
runner:
image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
secrets:
- gitea_runner_registration_token
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
GITEA_RUNNER_NAME: jaydee
GITEA_RUNNER_LABELS: jaydee
volumes:
- runner_config:/config
- runner_data:/data
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
driver: local
runner_config:
driver: local
runner_data:
driver: local
secrets:
gitea_runner_registration_token:
external: true

70
__swarm/gitlab/docker-compose.yml Executable file
View File

@@ -0,0 +1,70 @@
services:
runner:
container_name: gitlab-runner
restart: always
volumes:
- runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
labels:
- wud.watch.digest=true
- wud.watch=true
web:
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
\ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
\ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
\ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
\ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
\ = true\ngitlab_rails['omniauth_providers'] = [\n {\n name: 'saml',\n\
\ args: {\n assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
\ # Shown when navigating to certificates in authentik1\n idp_cert_fingerprint:\
\ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n idp_sso_target_url:\
\ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
\ issuer: 'https://gitlab.sectorq.eu',\n name_identifier_format:\
\ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n attribute_statements:\
\ {\n email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
\ first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
\ nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
\ }\n },\n label: 'authentik'\n }\n]\n"
TZ: Europe/Bratislava
hostname: gitlab.sectorq.eu
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitlab
homepage.description: Version control
homepage.group: Infrastructure
homepage.href: https://gitlab.sectorq.eu
homepage.icon: gitlab.png
homepage.name: Gitlab
homepage.server: my-docker
homepage.weight: '1'
homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
homepage.widget.type: gitlab
homepage.widget.url: https://gitlab.sectorq.eu
homepage.widget.user_id: '2'
wud.watch: true
wud.watch.digest: true
network_mode: bridge
ports:
- 8785:80
- 8743:443
- '8722:22'
restart: unless-stopped
shm_size: 4gb
volumes:
- config:/etc/gitlab
- logs:/var/log/gitlab
- data:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
version: '3.6'
volumes:
runner:
config:
logs:
data:

101
__swarm/gitlab/gitlab-swarm.yml Normal file
View File

@@ -0,0 +1,101 @@
services:
runner:
container_name: gitlab-runner
restart: always
volumes:
- runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
labels:
- wud.watch.digest=true
- wud.watch=true
dns:
- 192.168.77.1
- 192.168.77.101
app:
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.sectorq.eu'
nginx['listen_port'] = 80
nginx['listen_https'] = false
web_server['username'] = 'git'
gitlab_rails['time_zone'] = 'Europe/Bratislava'
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',
# Shown when navigating to certificates in authentik1
idp_cert_fingerprint: 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',
idp_sso_target_url: 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',
issuer: 'https://gitlab.sectorq.eu',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
attribute_statements: {
email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
}
},
label: 'authentik'
}
]
TZ: Europe/Bratislava
hostname: gitlab.sectorq.eu
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
network_mode: bridge
ports:
- target: 80
published: 8785
protocol: tcp
mode: ingress
- target: 443
published: 8743
protocol: tcp
mode: ingress
- target: 22
published: 8722
protocol: tcp
mode: ingress
shm_size: 4gb
volumes:
- config:/etc/gitlab
- logs:/var/log/gitlab
- data:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitlab
homepage.description: Version control
homepage.group: Infrastructure
homepage.href: https://gitlab.sectorq.eu
homepage.icon: gitlab.png
homepage.name: Gitlab
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
homepage.widget.type: gitlab
homepage.widget.url: https://gitlab.sectorq.eu
homepage.widget.user_id: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:
driver: local
logs:
driver: local
data:
driver: local

3
__swarm/gotify/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=gotify
DOCKER_REGISTRY=r.sectorq.eu/library/
CLIENT_TOKEN=CowKqc8UU5Xn-EA

22
__swarm/gotify/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,22 @@
name: gotify
services:
server:
ports:
- 8010:80
environment:
- TZ=Europe/Berlin
- GOTIFY_DEFAULTUSER_PASS='admin'
volumes:
- /share/docker_data/gotify/data:/app/data
image: ${DOCKER_REGISTRY:-}gotify/server
labels:
- com.centurylinklabs.watchtower.enable=true
- homepage.group=Utilities
- homepage.name=Gotify
- homepage.weight=1
- homepage.icon=gotify.png
- homepage.href=https://gotify.sectorq.eu
- homepage.description=Notification Server
- homepage.widget.type=gotify
- homepage.widget.url=https://gotify.sectorq.eu
- homepage.widget.key=C3Fy8AQym_sc1zS

46
__swarm/gotify/docker-compose.yml Executable file
View File

@@ -0,0 +1,46 @@
version: '3.8'
services:
gotify:
container_name: gotify
hostname: gotify
image: gotify/server
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- net
ports:
- "8680:80"
volumes:
- data:/app/data
environment:
GOTIFY_DEFAULTUSER_PASS: 'l4c1j4yd33Du5lo' # Change me!!!!!
igotify:
container_name: igotify
hostname: igotify
image: ghcr.io/androidseb25/igotify-notification-assist:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
pull_policy: always
networks:
- net
ports:
- "8681:8080"
volumes:
- api-data:/app/data
environment: # option environment see above note
GOTIFY_URLS: 'https://gotify.sectorq.eu'
GOTIFY_CLIENT_TOKENS: ${CLIENT_TOKEN}
SECNTFY_TOKENS: 'NTFY-DEVICE-nmE8MaAk1PX9wCRSkqKatiKzD4LCvDTENi3LTPwcn5cckXtkwQQ'
GOTIFY_DEFAULTUSER_PASS: 'l4c1j4yd33Du5lo'
networks:
net:
volumes:
data:
api-data:

4
__swarm/gotify/stack.env Executable file
View File

@@ -0,0 +1,4 @@
GOTIFY_URLS=https://gotify.sectorq.eu
GOTIFY_CLIENT_TOKENS=CfYatBoIszgIr07
SECNTFY_TOKENS=NTFY-DEVICE-CIrIeIoagAdUFwI8uOZlo6Qd9b3OF1x1NSpdns6mlImvzb4X0kI
GOTIFY_DEFAULTUSER_PASS=l4c1j4yd33Du5lo

2
__swarm/grafana/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=grafana
DOCKER_REGISTRY=r.sectorq.eu/library/

88
__swarm/grafana/docker-compose.yml Executable file
View File

@@ -0,0 +1,88 @@
name: grafana
networks:
loki: null
services:
grafana:
container_name: grafana
entrypoint:
- sh
- -euc
- "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
apiVersion: 1\ndatasources:\n- name: Loki\n type: loki\n access: proxy\n \
\ orgId: 1\n url: http://loki:3100\n basicAuth: false\n isDefault: true\n\
\ version: 1\n editable: false\nEOF\n/run.sh\n"
environment:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
&& 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
GF_LOG_FILTERS: rendering:debug
GF_RENDERING_CALLBACK_URL: http://grafana:3000/
GF_RENDERING_SERVER_URL: http://renderer:8092/render
GF_SERVER_ROOT_URL: https://g.sectorq.eu/
image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: grafana
homepage.description: Graphs
homepage.group: Smarthome
homepage.href: https://g.sectorq.eu
homepage.icon: grafana.png
homepage.name: Grafana
homepage.server: my-docker
homepage.weight: '1'
wud.watch: true
wud.watch.digest: true
networks:
- loki
ports:
- 3007:3000
restart: ${RESTART:-unless-stopped}
user: 0:0
volumes:
- /share/docker_data/grafana/data:/var/lib/grafana
- /share/docker_data/grafana/certs:/certs
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
labels:
wud.watch: true
wud.watch.digest: true
networks:
- loki
ports:
- 3100:3100
restart: ${RESTART:-unless-stopped}
promtail:
command: -config.file=/etc/promtail/config.yml
image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
labels:
wud.watch: true
wud.watch.digest: true
networks:
- loki
volumes:
- /var/log:/var/log
- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
restart: ${RESTART:-unless-stopped}
renderer:
image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
ports:
- 8092
networks:
- loki
restart: ${RESTART:-unless-stopped}

120
__swarm/grafana/grafana-swarm.yml Normal file
View File

@@ -0,0 +1,120 @@
networks:
loki:
volumes:
loki_data:
grafana_data:
grafana_certs:
services:
grafana:
entrypoint:
- sh
- -euc
- "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
apiVersion: 1\ndatasources:\n- name: Loki\n type: loki\n access: proxy\n \
\ orgId: 1\n url: http://loki:3100\n basicAuth: false\n isDefault: true\n\
\ version: 1\n editable: false\nEOF\n/run.sh\n"
environment:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
&& 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
GF_LOG_FILTERS: rendering:debug
GF_RENDERING_CALLBACK_URL: http://grafana:3000/
GF_RENDERING_SERVER_URL: http://renderer:8092/render
GF_SERVER_ROOT_URL: https://g.sectorq.eu/
image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
networks:
- loki
ports:
- target: 3000
published: 3007
protocol: tcp
mode: ingress
user: 0:0
volumes:
- grafana_data:/var/lib/grafana
- grafana_certs:/certs
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: grafana_grafana
homepage.description: Graphs
homepage.group: Smarthome
homepage.href: https://g.sectorq.eu
homepage.icon: grafana.png
homepage.name: Grafana
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
volumes:
- loki_data:/loki
networks:
- loki
ports:
- target: 3100
published: 3100
protocol: tcp
mode: ingress
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
promtail:
command: -config.file=/etc/promtail/config.yml
image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
networks:
- loki
configs:
- source: promtail
target: /etc/promtail/config.yml
volumes:
- /var/log:/var/log
#- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
#- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
renderer:
image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
ports:
- 8092
networks:
- loki
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
configs:
promtail:
external: true

47
__swarm/hashicorp/hashicorp-swarm.yml Normal file
View File

@@ -0,0 +1,47 @@
services:
vault:
image: hashicorp/vault:latest
command: server -config=/vault/config/vault.hcl
volumes:
- data:/vault/data
configs:
- source: vault_hcl
target: /vault/config/vault.hcl
ports:
- "8200:8200"
environment:
VAULT_LOCAL_CONFIG: |
{
"backend": {
"file": {
"path": "/vault/file"
}
},
"listener": {
"tcp": {
"address": "0.0.0.0:8200",
"tls_disable": 1
}
},
"disable_mlock": true
}
VAULT_API_ADDR: "http://192.168.77.101:8200"
cap_add:
- IPC_LOCK
networks:
- vault-net
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
configs:
vault_hcl:
external: true
volumes:
data:
networks:
vault-net:
driver: overlay

230
__swarm/home-assistant-swarm.yml Normal file
View File

@@ -0,0 +1,230 @@
version: '3.9'
services:
homeassistant:
network_mode: host
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
volumes:
- /share/docker_data/ha/:/config
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
privileged: true
environment:
- DISABLE_JEMALLOC=value
- TZ=Europe/Bratislava
dns:
- 192.168.77.101
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: 1
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
esphome:
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- /etc/localtime:/etc/localtime:ro
privileged: true
network_mode: host
environment:
- USERNAME=jaydee
- PASSWORD=jaydee1
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: 1
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
ports:
- 10200:10200
volumes:
- /share/docker_data/piper/english:/data
command: --data-dir /data --voice en_US-lessac-medium
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
ports:
- 10300:10300
volumes:
- /share/docker_data/whisper/english:/data
command: --data-dir /data --model tiny-int8 --language en
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
openwakeword:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
--model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
2 --debug
volumes:
- /share/docker_data/openwakeword-data:/data
- /share/docker_data/openwakeword-data:/custom
environment:
- TZ=Europe/Bratislava
ports:
- 10400:10400
- 10400:10400/udp
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
matter-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
security_opt:
- apparmor=unconfined
volumes:
- /share/docker_data/matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
music-assistant-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
network_mode: host
volumes:
- /share/docker_data/music-assistant-server/data:/data/
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
- LOG_LEVEL=info
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.container: music-assistant-server
placement:
constraints:
- node.role == manager
influxdb:
ports:
- 8086:8086
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

3
__swarm/home-assistant/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=home-assistant
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

23
home-assistant/docker-compose.yaml → __swarm/home-assistant/docker-compose.yml
View File

@@ -168,18 +168,32 @@ services:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.container: music-assistant-server
influxdb:
ports:
- 8086:8086
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
restart: ${RESTART:-unless-stopped}
healthcheck:
@@ -190,4 +204,11 @@ services:
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
wud.watch.digest: true
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

225
__swarm/home-assistant/home-assistant-swarm.yml Normal file
View File

@@ -0,0 +1,225 @@
services:
homeassistant:
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
volumes:
- ha_config:/config
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
networks:
- swarm-ipvlan
- traefik-public
- homeassistant-internal
privileged: true
environment:
DISABLE_JEMALLOC: value
TZ: Europe/Bratislava
dns:
- 192.168.77.101
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: '1'
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker-swarm
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
esphome:
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- esphome_config:/config
- /etc/localtime:/etc/localtime:ro
privileged: true
network_mode: host
environment:
USERNAME: jaydee
PASSWORD: jaydee1
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: '1'
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker-swarm
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
ports:
- target: 10200
published: 10200
protocol: tcp
mode: ingress
volumes:
- piper_data:/data
command: --data-dir /data --voice en_US-lessac-medium
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
ports:
- target: 10300
published: 10300
protocol: tcp
mode: ingress
volumes:
- whisper_data:/data
command: --data-dir /data --model tiny-int8 --language en
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
openwakeword:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
--model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
2 --debug
volumes:
- openwakeword_data:/data
- openwakeword_data:/custom
environment:
TZ: Europe/Bratislava
ports:
- target: 10400
published: 10400
protocol: tcp
mode: ingress
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
matter-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
security_opt:
- apparmor=unconfined
volumes:
- matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
music-assistant-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
network_mode: host
volumes:
- music_assistant_server_data:/data/
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
LOG_LEVEL: info
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: '1'
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker-swarm
homepage.container: music-assistant-server
replicas: 1
placement:
constraints:
- node.role == manager
influxdb:
ports:
- target: 8086
published: 8086
protocol: tcp
mode: ingress
volumes:
- influxdb2_data:/var/lib/influxdb2
- influxdb2_config:/etc/influxdb2
secrets:
- ha_influxdb2_admin_token
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: ha
DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
DOCKER_INFLUXDB_INIT_ORG: ha
DOCKER_INFLUXDB_INIT_BUCKET: ha
#DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: mytoken123
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/ha_influxdb2_admin_token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
influxdb2_data:
influxdb2_config:
music_assistant_server_data:
matter-server:
ha_config:
esphome_config:
piper_data:
whisper_data:
openwakeword_data:
secrets:
ha_influxdb2_admin_token:
external: true

2
__swarm/homepage/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=homepage
DOCKER_REGISTRY=r.sectorq.eu/library/

26
__swarm/homepage/docker-compose.yml Executable file
View File

@@ -0,0 +1,26 @@
networks:
pihole_pihole:
external: true
services:
homepage:
container_name: homepage
dns:
- 192.168.78.254
environment:
HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- pihole_pihole
ports:
- 3003:3000
restart: unless-stopped
volumes:
- /share/docker_data/homepage/config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- /share/docker_data/homepage/images:/app/public/images
- /share/docker_data/homepage/icons:/app/public/icons

35
__swarm/homepage/homepage-swarm.yml Normal file
View File

@@ -0,0 +1,35 @@
services:
homepage:
dns:
- 192.168.77.1
- 192.168.77.101
environment:
HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003,192.168.80.222:3003
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
ports:
- target: 3000
published: 3003
protocol: tcp
mode: ingress
volumes:
- config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- images:/app/public/images
- icons:/app/public/icons
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:
driver: local
images:
driver: local
icons:
driver: local

26
__swarm/immich/.env Executable file
View File

@@ -0,0 +1,26 @@
# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/media/nas/qda_1/immich/library
# The location where your database files are stored. Network shares are not supported for the database
DB_DATA_LOCATION=/share/docker_data/immich/db
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=postgres
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
HW_MODE1=vaapi
HW_MODE2=openvino
APPNAME=immich
DOCKER_REGISTRY=r.sectorq.eu/library/

88
__swarm/immich/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,88 @@
name: immich
services:
database:
command: postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user",
public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB
-c wal_compression=on
container_name: immich_postgres
env_file:
- stack.env
environment:
POSTGRES_INITDB_ARGS: --data-checksums
healthcheck:
interval: 5m
start_interval: 30s
start_period: 5m
test: pg_isready --dbname="$${DB_PASSWORD}" --username="$${DB_USERNAME}" ||
exit 1; Chksum="$$(psql --dbname="$${DB_DATABASE_NAME}" --username="$${DB_USERNAME}"
--tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures),
0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
"$$Chksum" = '0' ] || exit 1
image: ${DOCKER_REGISTRY:-}docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/immich/db:/var/lib/postgresql/data
immich-machine-learning:
container_name: immich_machine_learning
env_file:
- stack.env
extends:
file: hwaccel.ml.yml
service: ${HW_MODE2:-cpu}
healthcheck:
disable: false
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- model-cache:/cache
immich-server:
container_name: immich_server
depends_on:
- redis
- database
env_file:
- stack.env
extends:
file: hwaccel.transcoding.yml
service: ${HW_MODE1:-cpu}
healthcheck:
disable: false
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker
homepage.widget.key: wVxjlztA8MpeuzKkNGCSUPK2WjAY55qq4cfs9Zr5opU
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: true
wud.watch.digest: true
ports:
- 2283:2283
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/immich/library:/usr/src/app/upload
- /media/nas/nas-photo:/mnt/photos2
- /etc/localtime:/etc/localtime:ro
redis:
container_name: immich_redis
healthcheck:
test: redis-cli ping || exit 1
image: ${DOCKER_REGISTRY:-}docker.io/redis:6.2-alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
model-cache: null

88
__swarm/immich/docker-compose.yml Executable file
View File

@@ -0,0 +1,88 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
extends:
file: hwaccel.transcoding.yml
service: ${HW_MODE1:-vaapi} # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
- /media/nas/photo:/mnt/photos2
env_file:
- .env
ports:
- '2283:2283'
depends_on:
- redis
- database
restart: ${RESTART:-unless-stopped}
healthcheck:
disable: false
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker
homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: true
wud.watch.digest: true
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
file: hwaccel.ml.yml
service: ${HW_MODE2:-openvino} # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: ${RESTART:-unless-stopped}
healthcheck:
disable: false
redis:
container_name: immich_redis
image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
healthcheck:
test: redis-cli ping || exit 1
restart: ${RESTART:-unless-stopped}
database:
container_name: immich_postgres
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: ${RESTART:-unless-stopped}
volumes:
model-cache:

43
__swarm/immich/hwaccel.ml.yml Executable file
View File

@@ -0,0 +1,43 @@
# Configurations for hardware-accelerated machine learning
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-machine-learning service in the docker-compose.yml file.
# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.
services:
armnn:
devices:
- /dev/mali0:/dev/mali0
volumes:
- /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
- /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
cpu: {}
cuda:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
openvino:
device_cgroup_rules:
- 'c 189:* rmw'
devices:
- /dev/dri:/dev/dri
volumes:
- /dev/bus/usb:/dev/bus/usb
openvino-wsl:
devices:
- /dev/dri:/dev/dri
- /dev/dxg:/dev/dxg
volumes:
- /dev/bus/usb:/dev/bus/usb
- /usr/lib/wsl:/usr/lib/wsl

57
__swarm/immich/hwaccel.transcoding.yml Executable file
View File

@@ -0,0 +1,57 @@
# Configurations for hardware-accelerated transcoding
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-microservices service in the docker-compose.yml file.
# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.
services:
cpu: {}
nvenc:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
- compute
- video
quicksync:
devices:
- /dev/dri:/dev/dri
rkmpp:
security_opt: # enables full access to /sys and /proc, still far better than privileged: true
- systempaths=unconfined
- apparmor=unconfined
group_add:
- video
devices:
- /dev/rga:/dev/rga
- /dev/dri:/dev/dri
- /dev/dma_heap:/dev/dma_heap
- /dev/mpp_service:/dev/mpp_service
#- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
volumes:
#- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
#- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
vaapi:
devices:
- /dev/dri:/dev/dri
group_add:
- video
- 993
vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
devices:
- /dev/dri:/dev/dri
- /dev/dxg:/dev/dxg
volumes:
- /usr/lib/wsl:/usr/lib/wsl
environment:
- LIBVA_DRIVER_NAME=d3d12

85
__swarm/immich/immich-swarm.yml Normal file
View File

@@ -0,0 +1,85 @@
services:
server:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# devices:
# - /dev/dri:/dev/dri
# group_add:
# - video
# - 993
volumes:
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
- /media/nas/photo:/mnt/photos2
env_file:
- .env
ports:
- target: 2283
published: 2283
protocol: tcp
mode: ingress
healthcheck:
disable: false
deploy:
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker-swarm
homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
machine-learning:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# device_cgroup_rules:
# - 'c 189:* rmw'
# devices:
# - /dev/dri:/dev/dri
volumes:
- model-cache:/cache
- /dev/bus/usb:/dev/bus/usb
env_file:
- .env
healthcheck:
disable: false
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
redis:
image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
healthcheck:
test: redis-cli ping || exit 1
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
database:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: --data-checksums
volumes:
- db:/var/lib/postgresql/data
shm_size: 128mb
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
model-cache: null
db: null

25
__swarm/immich/stack.env Executable file
View File

@@ -0,0 +1,25 @@
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/media/nas/qda_1/immich/library
#UPLOAD_LOCATION=/share/docker_data/immich/library
# The location where your database files are stored
DB_DATA_LOCATION=/share/docker_data/immich/db
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
TZ=Europe/Bratislava
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=postgres
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
POSTGRES_PASSWORD=postgres
APPNAME=immich
DOCKER_REGISTRY=r.sectorq.eu/library/

3
__swarm/influxdb/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=influxdb
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

1
__swarm/influxdb/.env.influxdb2-admin-password Normal file
View File

@@ -0,0 +1 @@
ha

1
__swarm/influxdb/.env.influxdb2-admin-token Normal file
View File

@@ -0,0 +1 @@
l4c1j4yd33Du5lo

1
__swarm/influxdb/.env.influxdb2-admin-username Normal file
View File

@@ -0,0 +1 @@
ha

37
__swarm/influxdb/docker-compose.yml Executable file
View File

@@ -0,0 +1,37 @@
version: '3'
services:
influxdb:
ports:
- 8087:8086
volumes:
- /share/docker_data/influxdb2/data:/var/lib/influxdb2
- /share/docker_data/influxdb2/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
restart: ${RESTART:-unless-stopped}
healthcheck:
test: "echo test > /var/lib/influxdb2/hc || exit 1"
interval: 10s
timeout: 3s
retries: 2
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

37
__swarm/influxdb/influxdb-swarm.yml Normal file
View File

@@ -0,0 +1,37 @@
services:
influxdb:
ports:
- target: 8086
published: 8087
protocol: tcp
mode: ingress
volumes:
- data:/var/lib/influxdb2
- config:/etc/influxdb2
secrets:
- influxdb2-admin-token
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: ha
DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
DOCKER_INFLUXDB_INIT_ORG: ha
DOCKER_INFLUXDB_INIT_BUCKET: ha
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
secrets:
influxdb2-admin-token:
external: true
volumes:
data:
config:

0
jupyter_notebook/.env → __swarm/jupyter/.env
View File

0
jupyter_notebook/docker-compose.yml → __swarm/jupyter/docker-compose.yml
View File

27
__swarm/jupyter/jupyter-swarm.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
base-notebook:
ports:
- target: 8888
published: 8888
protocol: tcp
mode: ingress
volumes:
- data:/home/jovyan/work
image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
deploy:
labels:
homepage.container: jupyter_base-notebook
homepage.description: Python server
homepage.group: Utils
homepage.href: http://m-server.home.lan:8888/
homepage.icon: ${APPNAME}.png
homepage.name: Jupyter Notebook
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

2
__swarm/kestra/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=kestra
PASSWORD=l4c1j4yd33Du5lo

89
__swarm/kestra/docker-compose.yml Executable file
View File

@@ -0,0 +1,89 @@
services:
kestra:
command: server standalone --worker-thread=128
depends_on:
postgres:
condition: service_started
environment:
SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
KESTRA_CONFIGURATION: |
datasources:
postgres:
url: jdbc:postgresql://postgres:5432/kestra
driverClassName: org.postgresql.Driver
username: kestra
password: k3str4
kestra:
server:
basicAuth:
enabled: false
username: "jaydee@sectorq.eu" # it must be a valid email address
password: ${PASSWORD}
repository:
type: postgres
storage:
type: local
local:
basePath: "/app/storage"
queue:
type: postgres
tasks:
tmpDir:
path: /tmp/kestra-wd/tmp
url: http://localhost:8080/
tutorial-flows:
enabled: false
micronaut:
server:
cors:
enabled: true
image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: kestra-kestra-1
homepage.description: Automation
homepage.group: Infrastructure
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Kestra
homepage.server: my-docker
homepage.weight: '1'
wud.display.icon: mdi:evernote
wud.watch: true
wud.watch.digest: true
ports:
- 8980:8080
- 8981:8081
pull_policy: always
restart: ${RESTART:-unless-stopped}
user: root
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/kestra/kestra-data:/app/storage
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/kestra-wd:/tmp/kestra-wd
postgres:
environment:
POSTGRES_DB: kestra
POSTGRES_PASSWORD: k3str4
POSTGRES_USER: kestra
healthcheck:
interval: 30s
retries: 10
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 10s
image: ${DOCKER_REGISTRY:-}postgres:16
labels:
wud.watch: false
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data
volumes:
kestra-data:
driver: local
postgres-data:
driver: local

98
__swarm/kestra/kestra-swarm.yml Normal file
View File

@@ -0,0 +1,98 @@
services:
kestra:
command: server standalone --worker-thread=128
environment:
SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
KESTRA_CONFIGURATION: |
datasources:
postgres:
url: jdbc:postgresql://postgres:5432/kestra
driverClassName: org.postgresql.Driver
username: kestra
password: k3str4
kestra:
server:
basicAuth:
enabled: false
username: "jaydee@sectorq.eu" # it must be a valid email address
password: ${PASSWORD}
repository:
type: postgres
storage:
type: local
local:
basePath: "/app/storage"
queue:
type: postgres
tasks:
tmpDir:
path: /tmp/kestra-wd/tmp
url: http://localhost:8080/
tutorial-flows:
enabled: false
micronaut:
server:
cors:
enabled: true
image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
ports:
- target: 8080
published: 8980
protocol: tcp
mode: ingress
- target: 8081
published: 8981
protocol: tcp
mode: ingress
user: root
volumes:
- /etc/localtime:/etc/localtime:ro
- data:/app/storage
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/kestra-wd:/tmp/kestra-wd
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: kestra_kestra
homepage.description: Automation
homepage.group: Infrastructure
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Kestra
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.display.icon: mdi:evernote
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
postgres:
environment:
POSTGRES_DB: kestra
POSTGRES_PASSWORD: k3str4
POSTGRES_USER: kestra
healthcheck:
interval: 30s
retries: 10
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 10s
image: ${DOCKER_REGISTRY:-}postgres:16
volumes:
- db:/var/lib/postgresql/data
deploy:
labels:
wud.watch: 'false'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
driver: local
db:
driver: local

1
__swarm/kestra/stack.env Executable file
View File

@@ -0,0 +1 @@
APPNAME=kestra

4
__swarm/mailu/.env Executable file
View File

@@ -0,0 +1,4 @@
APPNAME=mailu
DOCKER_REGISTRY=r.sectorq.eu/library/
MAILU_VERSION=2024.06
LOGGING=syslog

247
__swarm/mailu/docker-compose.yml Executable file
View File

@@ -0,0 +1,247 @@
networks:
clamav:
driver: bridge
default:
driver: bridge
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: bridge
internal: true
oletools:
driver: bridge
internal: true
radicale:
driver: bridge
webmail:
driver: bridge
services:
admin:
depends_on:
- redis
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
antispam:
depends_on:
- front
- redis
- oletools
- antivirus
- resolver
dns:
- 192.168.205.254
env_file: stack.env
hostname: antispam
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- oletools
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
antivirus:
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
timeout: 5s
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: true
wud.watch.digest: true
networks:
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
fetchmail:
depends_on:
- admin
- smtp
- imap
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
front:
depends_on:
- resolver
dns:
- 192.168.205.254
env_file: stack.env
extends:
file: logging.yml
service: ${LOGGING:-syslog}
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
networks:
- default
- webmail
- radicale
ports:
- 0.0.0.0:8880:80
- 0.0.0.0:8443:443
- 0.0.0.0:25:25
- 0.0.0.0:465:465
- 0.0.0.0:587:587
- 0.0.0.0:110:110
- 0.0.0.0:995:995
- 0.0.0.0:143:143
- 0.0.0.0:993:993
- 0.0.0.0:4190:4190
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
fts_attachments:
depends_on:
- resolver
dns:
- 192.168.205.254
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
timeout: 5s
hostname: tika
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
labels:
wud.watch: true
wud.watch.digest: true
networks:
- fts_attachments
restart: ${RESTART:-unless-stopped}
imap:
depends_on:
- front
- fts_attachments
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- fts_attachments
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
oletools:
depends_on:
- resolver
dns:
- 192.168.205.254
hostname: oletools
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- oletools
restart: ${RESTART:-unless-stopped}
redis:
depends_on:
- resolver
dns:
- 192.168.205.254
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: unless-stopped
volumes:
- /share/docker_data/mailu3/redis:/data
resolver:
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
default:
ipv4_address: 192.168.205.254
restart: ${RESTART:-unless-stopped}
smtp:
depends_on:
- front
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- radicale
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/dav:/data
webmail:
depends_on:
- front
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- webmail
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

18
__swarm/mailu/logging.yml Executable file
View File

@@ -0,0 +1,18 @@
---
services:
syslog:
logging:
driver: syslog
options:
tag: mailu-front
journald:
logging:
driver: journald
options:
tag: mailu-front
loki:
logging:
driver: loki
options:
loki-url: "http://192.168.77.101:3100/loki/api/v1/push"

167
__swarm/mailu/stack.env Executable file
View File

@@ -0,0 +1,167 @@
# Mailu main configuration file
#
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at
# https://mailu.io
###################################
# Common configuration variables
###################################
# Set to a randomly generated 16 bytes string
SECRET_KEY=T1GSGDDBVRYF7UR7
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.205.0/24
# Main mail domain
DOMAIN=mail.sectorq.eu
# Hostnames for this server, separated with commas
HOSTNAMES=mail.sectorq.eu,sectorq.eu
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
#TLS_FLAVOR=cert
TLS_FLAVOR=letsencrypt
# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
AUTH_RATELIMIT_IP=5/hour
# Authentication rate limit per user (regardless of the source-IP)
AUTH_RATELIMIT_USER=50/day
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=True
###################################
# Optional features
###################################
# Expose the admin interface (value: true, false)
ADMIN=true
# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBMAIL=roundcube
# Expose the API interface (value: true, false)
API=true
# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBDAV=radicale
# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
ANTIVIRUS=clamav
# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
SCAN_MACROS=true
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=
# Will relay all outgoing mails if configured
RELAYHOST=
# Enable fetchmail
FETCHMAIL_ENABLED=true
# Fetchmail delay
FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part
RECIPIENT_DELIMITER=+
# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
# Maildir Compression
# choose compression-method, default: none (value: gz, bz2, zstd)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default.
# Set the following variable to off in order to disable the feature
# or a comma separated list of language codes to support
FULL_TEXT_SEARCH=en
###################################
# Web settings
###################################
# Path to redirect / to
WEBROOT_REDIRECT=/webmail
# Path to the admin interface if enabled
WEB_ADMIN=/admin
# Path to the webmail if enabled
WEB_WEBMAIL=/webmail
# Path to the API interface if enabled
WEB_API=/api
# Website name
SITENAME=sectorq
# Linked Website URL
WEBSITE=https://mail.sectorq.eu
###################################
# Advanced settings
###################################
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12
# Header to take the real ip from
REAL_IP_HEADER=X-Real-IP
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=192.168.77.101
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=INFO
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=EU/Bratislava
# Default spam threshold used for new users
DEFAULT_SPAM_THRESHOLD=80
# API token required for authenticating to the RESTful API.
# This is a mandatory setting for using the RESTful API.
API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
FULL_TEXT_SEARCH_ATTACHMENTS=true
LD_PRELOAD=/usr/lib/libhardened_malloc.so

4
__swarm/mailu3/.env Executable file
View File

@@ -0,0 +1,4 @@
APPNAME=mailu
DOCKER_REGISTRY=r.sectorq.eu/library/
MAILU_VERSION=2024.06
LOGGING=syslog

247
__swarm/mailu3/docker-compose.yml Executable file
View File

@@ -0,0 +1,247 @@
networks:
clamav:
driver: bridge
default:
driver: bridge
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: bridge
internal: true
oletools:
driver: bridge
internal: true
radicale:
driver: bridge
webmail:
driver: bridge
services:
admin:
depends_on:
- redis
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
antispam:
depends_on:
- front
- redis
- oletools
- antivirus
- resolver
dns:
- 192.168.205.254
env_file: stack.env
hostname: antispam
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- oletools
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
antivirus:
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
timeout: 5s
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: true
wud.watch.digest: true
networks:
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
fetchmail:
depends_on:
- admin
- smtp
- imap
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
front:
depends_on:
- resolver
dns:
- 192.168.205.254
env_file: stack.env
extends:
file: logging.yml
service: ${LOGGING:-syslog}
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
networks:
- default
- webmail
- radicale
ports:
- '8880:80'
- '8443:443'
- '25:25'
- '465:465'
- '587:587'
- '110:110'
- '995:995'
- '143:143'
- '993:993'
- '4190:4190'
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
fts_attachments:
depends_on:
- resolver
dns:
- 192.168.205.254
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
timeout: 5s
hostname: tika
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
labels:
wud.watch: true
wud.watch.digest: true
networks:
- fts_attachments
restart: ${RESTART:-unless-stopped}
imap:
depends_on:
- front
- fts_attachments
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- fts_attachments
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
oletools:
depends_on:
- resolver
dns:
- 192.168.205.254
hostname: oletools
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- oletools
restart: ${RESTART:-unless-stopped}
redis:
depends_on:
- resolver
dns:
- 192.168.205.254
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: unless-stopped
volumes:
- /share/docker_data/mailu3/redis:/data
resolver:
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
default:
ipv4_address: 192.168.205.254
restart: ${RESTART:-unless-stopped}
smtp:
depends_on:
- front
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- radicale
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/dav:/data
webmail:
depends_on:
- front
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- webmail
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

18
__swarm/mailu3/logging.yml Executable file
View File

@@ -0,0 +1,18 @@
---
services:
syslog:
logging:
driver: syslog
options:
tag: mailu-front
journald:
logging:
driver: journald
options:
tag: mailu-front
loki:
logging:
driver: loki
options:
loki-url: "http://192.168.77.101:3100/loki/api/v1/push"

259
__swarm/mailu3/mailu3-swarm.yml Normal file
View File

@@ -0,0 +1,259 @@
networks:
clamav:
driver: overlay
default:
driver: overlay
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: overlay
internal: true
oletools:
driver: overlay
internal: true
radicale:
driver: overlay
webmail:
driver: overlay
services:
admin:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
networks:
# Swarm uses service discovery, but requires network connection
- default
# DNS is handled by Swarm's internal DNS resolver (the resolver service will be discoverable by name)
antispam:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
env_file: stack.env
hostname: antispam
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
networks:
- default
- oletools
- clamav
antivirus:
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
networks:
- clamav
healthcheck:
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
fetchmail:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
networks:
- default # Connect to 'default' for service discovery
front:
# NOTE: 'extends' is removed. You must manually define logging or accept default.
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
networks:
- default
- webmail
- radicale
ports:
- target: 80
published: 8880
protocol: tcp
mode: ingress
- target: 443
published: 8443
protocol: tcp
mode: ingress
- target: 25
published: 25
protocol: tcp
mode: ingress
- target: 465
published: 465
protocol: tcp
mode: ingress
- target: 587
published: 587
protocol: tcp
mode: ingress
- target: 110
published: 110
protocol: tcp
mode: ingress
- target: 995
published: 995
protocol: tcp
mode: ingress
- target: 143
published: 143
protocol: tcp
mode: ingress
- target: 993
published: 993
protocol: tcp
mode: ingress
- target: 4190
published: 4190
protocol: tcp
mode: ingress
fts_attachments:
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
hostname: tika
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
- fts_attachments
healthcheck:
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
imap:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
networks:
- default
- fts_attachments
oletools:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
hostname: oletools
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
- oletools
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/redis:/data
networks:
- default # Connect to default network
resolver:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
default:
# NOTE: Swarm does not support static IPs for scaling.
# This will fail standard 'docker stack deploy'.
# For mailu, the static IP is critical, so we attempt to enforce it
# via the deploy key, but be aware this is highly non-standard.
# It's better to configure Mailu to use the service name 'resolver' instead of the static IP.
# If using a customized deployer:
# deploy:
# placement:
# constraints:
# - node.hostname == your-swarm-manager
# endpoint_mode: dnsrr
# mode: global
# replicas: 1
# labels:
# com.docker.stack.static_ips: 192.168.205.254
# com.docker.stack.static_network: default
ipv4_address: 192.168.205.254
smtp:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
networks:
- default # Connect to default network
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/dav:/data
networks:
- radicale
webmail:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
networks:
- webmail

167
__swarm/mailu3/stack.env Executable file
View File

@@ -0,0 +1,167 @@
# Mailu main configuration file
#
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at
# https://mailu.io
###################################
# Common configuration variables
###################################
# Set to a randomly generated 16 bytes string
SECRET_KEY=T1GSGDDBVRYF7UR7
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.205.0/24
# Main mail domain
DOMAIN=mail.sectorq.eu
# Hostnames for this server, separated with commas
HOSTNAMES=mail.sectorq.eu,sectorq.eu
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
#TLS_FLAVOR=cert
TLS_FLAVOR=letsencrypt
# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
AUTH_RATELIMIT_IP=5/hour
# Authentication rate limit per user (regardless of the source-IP)
AUTH_RATELIMIT_USER=50/day
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=True
###################################
# Optional features
###################################
# Expose the admin interface (value: true, false)
ADMIN=true
# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBMAIL=roundcube
# Expose the API interface (value: true, false)
API=true
# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBDAV=radicale
# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
ANTIVIRUS=clamav
# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
SCAN_MACROS=true
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=
# Will relay all outgoing mails if configured
RELAYHOST=
# Enable fetchmail
FETCHMAIL_ENABLED=true
# Fetchmail delay
FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part
RECIPIENT_DELIMITER=+
# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
# Maildir Compression
# choose compression-method, default: none (value: gz, bz2, zstd)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default.
# Set the following variable to off in order to disable the feature
# or a comma separated list of language codes to support
FULL_TEXT_SEARCH=en
###################################
# Web settings
###################################
# Path to redirect / to
WEBROOT_REDIRECT=/webmail
# Path to the admin interface if enabled
WEB_ADMIN=/admin
# Path to the webmail if enabled
WEB_WEBMAIL=/webmail
# Path to the API interface if enabled
WEB_API=/api
# Website name
SITENAME=sectorq
# Linked Website URL
WEBSITE=https://mail.sectorq.eu
###################################
# Advanced settings
###################################
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12
# Header to take the real ip from
REAL_IP_HEADER=X-Real-IP
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=192.168.77.101
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=INFO
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=EU/Bratislava
# Default spam threshold used for new users
DEFAULT_SPAM_THRESHOLD=80
# API token required for authenticating to the RESTful API.
# This is a mandatory setting for using the RESTful API.
API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
FULL_TEXT_SEARCH_ATTACHMENTS=true
LD_PRELOAD=/usr/lib/libhardened_malloc.so

4
__swarm/mealie/.env Executable file
View File

@@ -0,0 +1,4 @@
RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/
APPNAME=mealie

42
__swarm/mealie/docker-compose.yml Executable file
View File

@@ -0,0 +1,42 @@
services:
mealie:
image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 #
container_name: mealie
restart: always
ports:
- "9925:9000" #
deploy:
resources:
limits:
memory: 1000M #
volumes:
- /share/docker_data/mealie/data:/app/data/
environment:
# Set Backend ENV Variables Here
ALLOW_SIGNUP: "false"
PUID: 1000
PGID: 1000
TZ: Europe/Bratislava
BASE_URL: https://mealie.sectorq.eu
OIDC_AUTH_ENABLED: true
OIDC_PROVIDER_NAME: authentik
OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
OIDC_SIGNUP_ENABLED: true
OIDC_USER_GROUP: mealie-users
OIDC_ADMIN_GROUP: mealie-admins
OIDC_AUTO_REDIRECT: true # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
OIDC_REMEMBER_ME: true
labels:
homepage.container: mealie
homepage.description: Recipe server
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mealie
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true
volumes:
mealie-data:

46
__swarm/mealie/mealie-swarm.yml Normal file
View File

@@ -0,0 +1,46 @@
services:
app:
image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0
ports:
- target: 9000
published: 9925
protocol: tcp
mode: ingress
deploy:
resources:
limits:
memory: 1000M
labels:
homepage.container: mealie_app
homepage.description: Recipe server
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mealie
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
- data:/app/data/
environment:
ALLOW_SIGNUP: 'false'
PUID: 1000
PGID: 1000
TZ: Europe/Bratislava
BASE_URL: https://mealie.sectorq.eu
OIDC_AUTH_ENABLED: 'true'
OIDC_PROVIDER_NAME: authentik
OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
OIDC_CLIENT_ID: QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b
OIDC_CLIENT_SECRET: SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV
OIDC_SIGNUP_ENABLED: 'true'
OIDC_USER_GROUP: mealie-users
OIDC_ADMIN_GROUP: mealie-admins
OIDC_AUTO_REDIRECT: 'true'
OIDC_REMEMBER_ME: 'true'
volumes:
data:

37
__swarm/mealie/stack.env Executable file
View File

@@ -0,0 +1,37 @@
###############################################################################
# Paperless-ngx settings #
###############################################################################
# See http://docs.paperless-ngx.com/configuration/ for all available options.
# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
#USERMAP_UID=1000
#USERMAP_GID=1000
# See the documentation linked above for all options. A few commonly adjusted settings
# are provided below.
# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
#PAPERLESS_URL=https://paperless.example.com
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me
# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
#PAPERLESS_TIME_ZONE=America/Los_Angeles
# The default language to use for OCR. Set this to the language most of your
# documents are written in.
#PAPERLESS_OCR_LANGUAGE=eng
# Additional languages to install for text recognition, separated by a whitespace.
# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
# the language used for OCR.
# The container installs English, German, Italian, Spanish and French by default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces

12
__swarm/mediacenter/.env Executable file
View File

@@ -0,0 +1,12 @@
APPNAME=mediacenter
DOCKER_REGISTRY=r.sectorq.eu/library/
LOGGING=syslog
JELLYSEER_TOKEN=MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg==
JELLYFIN_TOKEN=0b0247d8030b46a0afe71be194311521
JACKET_TOKEN=l4c1j4yd33Du5lo
BAZARR_TOKEN=be4265d373929be3672ac813154baf6a
LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
QBIT_TOKEN=l4c1j4yd33Du5lo
RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
HW_MODE=cpu

326
__swarm/mediacenter/docker-compose.yml Executable file
View File

@@ -0,0 +1,326 @@
networks:
duplicati:
driver: bridge
mediarr:
driver: bridge
services:
bazarr:
container_name: bazarr
depends_on:
- sonarr
- radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: bazarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bazarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://bazarr.sectorq.eu
homepage.icon: bazarr.png
homepage.name: bazarr
homepage.server: my-docker
homepage.weight: '90'
homepage.widget.key: ${BAZARR_TOKEN}
homepage.widget.type: bazarr
homepage.widget.url: https://bazarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 6767:6767
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bazarr/config:/config
- /media/m-server/movies:/movies/m-server
- /media/m-server/shows:/tv/m-server
- /media/nas/movies:/movies/nas
- /media/nas/shows:/tv/nas
flaresolverr:
container_name: flaresolverr
environment:
- LOG_LEVEL=info
- TZ=Europe/Bratislava
hostname: flaresolverr
image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8191:8191
restart: ${RESTART:-unless-stopped}
homarr:
container_name: homarr
hostname: homarr
image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 7575:7575
restart: ${RESTART:-unless-stopped}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/homarr/configs:/app/data/configs
- /share/docker_data/homarr/icons:/app/public/icons
- /share/docker_data/homarr/data:/data
jackett:
container_name: jackett
dns:
- 192.168.77.101
depends_on:
- sonarr
- radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- AUTO_UPDATE=true
- RUN_OPTS=
hostname: jackett
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jackett
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jackett.sectorq.eu
homepage.icon: jackett.png
homepage.name: Jackett
homepage.server: my-docker
homepage.weight: '80'
homepage.widget.password: ${JACKET_TOKEN}
homepage.widget.type: jackett
homepage.widget.url: https://jackett.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 9117:9117
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jackett/config:/config
- /share/docker_data/jackett/downloads:/downloads
jellyfin:
container_name: jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu
extends:
file: hwaccel.yml
service: ${HW_MODE:-cpu}
hostname: jellyfin
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jellyfin
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jf.sectorq.eu
homepage.icon: jellyfin.png
homepage.name: Jellyfin
homepage.server: my-docker
homepage.weight: '10'
homepage.widget.key: ${JELLYFIN_TOKEN}
homepage.widget.type: jellyfin
homepage.widget.url: https://jf.sectorq.eu
wud.watch: true
wud.watch.digest: true
network_mode: host
ports:
- 8096:8096
- 8920:8920
- 7359:7359
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyfin:/config
- /media/m-server/movies:/data/movies/m-server
- /media/m-server/music:/data/music/m-server
- /media/m-server/shows:/data/shows/m-server
- /media/nas/movies:/data/movies/nas
- /media/nas/music:/data/music/nas
- /media/nas/shows:/data/shows/nas
- /media/nas/xxx:/data/xxx/nas
jellyseerr:
container_name: jellyseerr
environment:
- LOG_LEVEL=debug
- TZ=Europe/Bratislava
hostname: jellyseerr
image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
labels:
com.centurylinklabs.watchtower.enabl: 'true'
homepage.container: jellyseerr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://js.sectorq.eu
homepage.icon: jellyseerr.png
homepage.name: Jellyseerr
homepage.server: my-docker
homepage.weight: '20'
homepage.widget.key: ${JELLYSEER_TOKEN}
homepage.widget.type: jellyseerr
homepage.widget.url: https://js.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 5055:5055
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyseerr/config:/app/config
lidarr:
container_name: lidarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: lidarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: lidarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://lidarr.sectorq.eu
homepage.icon: lidarr.png
homepage.name: Lidarr
homepage.server: my-docker
homepage.weight: '60'
homepage.widget.key: ${LIDARR_TOKEN}
homepage.widget.type: lidarr
homepage.widget.url: https://lidarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8686:8686
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/lidarr/config:/config
- /media/m-server/music:/music
- /media/m-server/downloads:/downloads
qbittorrent:
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- WEBUI_PORT=8085
- FILE__PASSWORD=/run/secrets/mysecretpassword
hostname: qbittorrent
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: qbittorrent
homepage.description: Subtitles
homepage.group: Utilities
homepage.href: https://qbit.sectorq.eu
homepage.icon: qbittorrent.png
homepage.name: Qbittorrent
homepage.server: my-docker
homepage.weight: '95'
homepage.widget.enableLeechProgress: 'true'
homepage.widget.password: ${QBIT_TOKEN}
homepage.widget.type: qbittorrent
homepage.widget.url: https://qbit.sectorq.eu
homepage.widget.username: admin
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8085:8085
- 6881:6881
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/qbittorrent/config:/config
- /media/m-server/downloads:/downloads
radarr:
container_name: radarr
dns:
- 192.168.77.101
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: radarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: radarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://radarr.sectorq.eu
homepage.icon: radarr.png
homepage.name: Radarr
homepage.server: my-docker
homepage.weight: '20'
homepage.widget.key: ${RADARR_TOKEN}
homepage.widget.type: radarr
homepage.widget.url: https://radarr.sectorq.eu
wud.display.icon: mdi:radarr
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 7878:7878
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/radarr/config:/config
- /media/m-server/movies/:/movies-m-server
- /media/nas/movies/:/movies-nas
- /media/m-server/downloads:/downloads
sonarr:
container_name: sonarr
dns:
- 192.168.77.101
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: sonarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: sonarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://sonarr.sectorq.eu
homepage.icon: sonarr.png
homepage.name: Sonarr
homepage.server: my-docker
homepage.weight: '30'
homepage.widget.key: ${SONARR_TOKEN}
homepage.widget.type: sonarr
homepage.widget.url: https://sonarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8989:8989
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/sonarr/config:/config
- /media/m-server/shows:/tv-m-server
- /media/nas/shows:/tv-nas
- /media/m-server/downloads:/downloads

8
__swarm/mediacenter/hwaccel.yml Executable file
View File

@@ -0,0 +1,8 @@
---
services:
cpu: {}
hw:
devices:
- /dev/dri/renderD128
- /dev/dri/card1

420
__swarm/mediacenter/mediacenter-swarm.yml Normal file
View File

@@ -0,0 +1,420 @@
networks:
duplicati:
driver: overlay
mediarr:
driver: overlay
volumes:
homarr_configs:
homarr_icons:
homarr_data:
jackett_config:
jackett_downloads:
jellyfin_config:
jellyseerr_config:
lidarr_config:
qbittorrent_config:
radarr_config:
sonarr_config:
bazarr_config:
m-server_music:
driver: local
driver_opts:
type: nfs
o: addr=192.168.77.101,rw,nfsvers=4.1
device: :/music
services:
bazarr:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: bazarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
networks:
- mediarr
dns:
- 192.168.77.101
ports:
- target: 6767
published: 6767
protocol: tcp
mode: ingress
volumes:
- bazarr_config:/config
- /media/m-server/movies:/movies/m-server
- /media/m-server/shows:/tv/m-server
- /media/nas/movies:/movies/nas
- /media/nas/shows:/tv/nas
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_bazarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://bazarr.sectorq.eu
homepage.icon: bazarr.png
homepage.name: bazarr
homepage.server: my-docker-swarm
homepage.weight: '90'
homepage.widget.key: ${BAZARR_TOKEN}
homepage.widget.type: bazarr
homepage.widget.url: https://bazarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
flaresolverr:
environment:
LOG_LEVEL: info
TZ: Europe/Bratislava
hostname: flaresolverr
image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
networks:
- mediarr
ports:
- target: 8191
published: 8191
protocol: tcp
mode: ingress
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
homarr:
hostname: homarr
image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
networks:
- mediarr
ports:
- target: 7575
published: 7575
protocol: tcp
mode: ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- homarr_configs:/app/data/configs
- homarr_icons:/app/public/icons
- homarr_data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
jackett:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
AUTO_UPDATE: 'true'
RUN_OPTS: ''
hostname: jackett
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
networks:
- mediarr
ports:
- target: 9117
published: 9117
protocol: tcp
mode: ingress
volumes:
- jackett_config:/config
- jackett_downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_jackett
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jackett.sectorq.eu
homepage.icon: jackett.png
homepage.name: Jackett
homepage.server: my-docker-swarm
homepage.weight: '80'
homepage.widget.password: ${JACKET_TOKEN}
homepage.widget.type: jackett
homepage.widget.url: https://jackett.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
jellyfin:
environment:
TZ: Europe/Bratislava
JELLYFIN_PublishedServerUrl: https://jf.sectorq.eu
VAAPI_DEVICE: /dev/dri/renderD128
LIBVA_DRIVER_NAME: radeonsi
hostname: jellyfin
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
ports:
- target: 8096
published: 8096
protocol: tcp
mode: ingress
- target: 8920
published: 8920
protocol: tcp
mode: ingress
- target: 7359
published: 7359
protocol: tcp
mode: ingress
user: root
volumes:
- jellyfin_config:/config
- /media/m-server/movies:/data/movies/m-server
- m-server_music:/data/music/m-server
- /media/m-server/shows:/data/shows/m-server
- /media/nas/movies:/data/movies/nas
- /media/nas/music:/data/music/nas
- /media/nas/shows:/data/shows/nas
- /media/nas/xxx:/data/xxx/nas
- /dev/dri:/dev/dri
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_jellyfin
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jf.sectorq.eu
homepage.icon: jellyfin.png
homepage.name: Jellyfin
homepage.server: my-docker-swarm
homepage.weight: '10'
homepage.widget.key: ${JELLYFIN_TOKEN}
homepage.widget.type: jellyfin
homepage.widget.url: https://jf.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
- node.labels.gpu == amd
jellyseerr:
environment:
LOG_LEVEL: debug
TZ: Europe/Bratislava
hostname: jellyseerr
image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
networks:
- mediarr
ports:
- target: 5055
published: 5055
protocol: tcp
mode: ingress
volumes:
- jellyseerr_config:/app/config
deploy:
labels:
com.centurylinklabs.watchtower.enabl: 'true'
homepage.container: mediacenter_jellyseerr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://js.sectorq.eu
homepage.icon: jellyseerr.png
homepage.name: Jellyseerr
homepage.server: my-docker-swarm
homepage.weight: '20'
homepage.widget.key: ${JELLYSEER_TOKEN}
homepage.widget.type: jellyseerr
homepage.widget.url: https://js.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
lidarr:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: lidarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
networks:
- mediarr
ports:
- target: 8686
published: 8686
protocol: tcp
mode: ingress
volumes:
- lidarr_config:/config
- /media/m-server/music:/music
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_lidarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://lidarr.sectorq.eu
homepage.icon: lidarr.png
homepage.name: Lidarr
homepage.server: my-docker-swarm
homepage.weight: '60'
homepage.widget.key: ${LIDARR_TOKEN}
homepage.widget.type: lidarr
homepage.widget.url: https://lidarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
qbittorrent:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
WEBUI_PORT: '8085'
FILE__PASSWORD: /run/secrets/mysecretpassword
hostname: qbittorrent
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
networks:
- mediarr
ports:
- target: 8085
published: 8085
protocol: tcp
mode: ingress
- target: 6881
published: 6881
protocol: tcp
mode: ingress
volumes:
- qbittorrent_config:/config
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_qbittorrent
homepage.description: Subtitles
homepage.group: Utilities
homepage.href: https://qbit.sectorq.eu
homepage.icon: qbittorrent.png
homepage.name: Qbittorrent
homepage.server: my-docker-swarm
homepage.weight: '95'
homepage.widget.enableLeechProgress: 'false'
homepage.widget.password: ${QBIT_TOKEN}
homepage.widget.type: qbittorrent
homepage.widget.url: https://qbit.sectorq.eu
homepage.widget.username: admin
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
radarr:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: radarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
networks:
- mediarr
ports:
- target: 7878
published: 7878
protocol: tcp
mode: ingress
volumes:
- radarr_config:/config
- /media/m-server/movies/:/movies-m-server
- /media/nas/movies/:/movies-nas
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_radarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://radarr.sectorq.eu
homepage.icon: radarr.png
homepage.name: Radarr
homepage.server: my-docker-swarm
homepage.weight: '20'
homepage.widget.key: ${RADARR_TOKEN}
homepage.widget.type: radarr
homepage.widget.url: https://radarr.sectorq.eu
wud.display.icon: mdi:radarr
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
sonarr:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: sonarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
networks:
- mediarr
ports:
- target: 8989
published: 8989
protocol: tcp
mode: ingress
volumes:
- sonarr_config:/config
- /media/m-server/shows:/tv-m-server
- /media/nas/shows:/tv-nas
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: mediacenter_sonarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://sonarr.sectorq.eu
homepage.icon: sonarr.png
homepage.name: Sonarr
homepage.server: my-docker-swarm
homepage.weight: '30'
homepage.widget.key: ${SONARR_TOKEN}
homepage.widget.type: sonarr
homepage.widget.url: https://sonarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

2
__swarm/mosquitto/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=mosquitto
DOCKER_REGISTRY=r.sectorq.eu/library/

15
__swarm/mosquitto/docker-compose.yml Executable file
View File

@@ -0,0 +1,15 @@
name: mosquitto
services:
mosquitto:
image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
mem_limit: 1g
network_mode: host
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mosquitto/conf:/mosquitto/config
- /share/docker_data/mosquitto/data:/mosquitto/data
- /share/docker_data/mosquitto/log:/mosquitto/log

25
__swarm/mosquitto/mosquitto-swarm.yml Normal file
View File

@@ -0,0 +1,25 @@
services:
mosquitto:
image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
ports:
- target: 1883
published: 1883
protocol: tcp
mode: host
volumes:
- conf:/mosquitto/config
- data:/mosquitto/data
- log:/mosquitto/log
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
conf:
data:
log:

3
__swarm/motioneye/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=motioneye
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

28
__swarm/motioneye/docker-compose.yml Executable file
View File

@@ -0,0 +1,28 @@
services:
motioneye:
container_name: motioneye
dns:
- 192.168.77.101
environment:
- TZ=Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: motioneye
homepage.description: Video manager
homepage.group: Media
homepage.href: http://m-server.home.lan:8765/
homepage.icon: /images/motioneye.webp
homepage.name: MotionEye
homepage.server: my-docker
homepage.weight: '1'
wud.watch: true
wud.watch.digest: true
ports:
- 8081:8081
- 8765:8765
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/motioneye/etc_motioneye:/etc/motioneye
- /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye

40
__swarm/motioneye/motioneye-swarm.yml Normal file
View File

@@ -0,0 +1,40 @@
services:
app:
dns:
- 192.168.77.101
environment:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
ports:
- target: 8081
published: 8081
protocol: tcp
mode: ingress
- target: 8765
published: 8765
protocol: tcp
mode: ingress
volumes:
- /etc/localtime:/etc/localtime:ro
- config:/etc/motioneye
- data:/var/lib/motioneye
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: motioneye_app
homepage.description: Video manager
homepage.group: Media
homepage.href: http://m-server.home.lan:8765/
homepage.icon: /images/motioneye.webp
homepage.name: MotionEye
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:
data:

2
__swarm/n8n/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=n8n
DOCKER_REGISTRY=r.sectorq.eu/library/

33
__swarm/n8n/docker-compose.yml Executable file
View File

@@ -0,0 +1,33 @@
version: "3"
services:
n8n:
image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
container_name: n8n
ports:
- "5679:5678"
environment:
- N8N_HOST=n8n.sectorq.eu
- N8N_PORT=5678
- N8N_PROTOCOL=https
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=sth
- N8N_BASIC_AUTH_PASSWORD=pwd
- N8N_RUNNERS_ENABLED=true
- N8N_RUNNERS_MODE=internal
- N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
- N8N_SECURE_COOKIE=false
- WEBHOOK_URL=https://n8n.sectorq.eu
volumes:
- /share/docker_data/n8n/n8n-data:/home/node/.n8n
restart: ${RESTART:-unless-stopped}
stop_grace_period: 60s
labels:
homepage.container: n8n
homepage.description: Workflow management
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: /icons/n8n.svg
homepage.name: n8n
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true

42
__swarm/n8n/n8n-swarm.yml Normal file
View File

@@ -0,0 +1,42 @@
version: '3'
services:
app:
image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
ports:
- target: 5678
published: 5679
protocol: tcp
mode: ingress
environment:
N8N_HOST: n8n.sectorq.eu
N8N_PORT: '5678'
N8N_PROTOCOL: https
N8N_BASIC_AUTH_ACTIVE: 'true'
N8N_BASIC_AUTH_USER: sth
N8N_BASIC_AUTH_PASSWORD: pwd
N8N_RUNNERS_ENABLED: 'true'
N8N_RUNNERS_MODE: internal
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'
N8N_SECURE_COOKIE: 'false'
WEBHOOK_URL: https://n8n.sectorq.eu
volumes:
- data:/home/node/.n8n
stop_grace_period: 60s
deploy:
labels:
homepage.container: n8n_app
homepage.description: Workflow management
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: /icons/n8n.svg
homepage.name: n8n
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
driver: local

2
__swarm/nebula/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=nebula
PASSWORD=l4c1j4yd33Du5lo

17
__swarm/nebula/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,17 @@
services:
nebula-sync:
image: ghcr.io/lovelaze/nebula-sync:latest
container_name: nebula-sync
environment:
- PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
- REPLICAS=http://192.168.77.238:9380|l4c1j4yd33Du5lo,http://192.168.77.106:9380|l4c1j4yd33Du5lo
- CLIENT_SKIP_TLS_VERIFICATION=true
- FULL_SYNC=true
- RUN_GRAVITY=true
- CRON=0 * * * *
labels:
wud.watch: true
wud.watch.digest: true
restart: always

11
__swarm/nebula/docker-compose.yml Executable file
View File

@@ -0,0 +1,11 @@
services:
nebula-sync:
image: ghcr.io/lovelaze/nebula-sync:latest
environment:
- PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
- REPLICAS=http://192.168.77.106:9380|l4c1j4yd33Du5lo
- CLIENT_SKIP_TLS_VERIFICATION=true
- FULL_SYNC=true
- RUN_GRAVITY=true
- CRON=0 * * * *

15
__swarm/nebula/nebula-swarm.yml Normal file
View File

@@ -0,0 +1,15 @@
services:
nebula-sync:
image: ghcr.io/lovelaze/nebula-sync:latest
environment:
PRIMARY: http://192.168.77.101:9380|l4c1j4yd33Du5lo
REPLICAS: http://192.168.77.106:9380|l4c1j4yd33Du5lo
CLIENT_SKIP_TLS_VERIFICATION: 'true'
FULL_SYNC: 'true'
RUN_GRAVITY: 'true'
CRON: 0 * * * *
deploy:
replicas: 1
placement:
constraints:
- node.role == manager

3
__swarm/nextcloud/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=nextcloud
#RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/

94
__swarm/nextcloud/docker-compose.yml Executable file
View File

@@ -0,0 +1,94 @@
networks:
nextcloud_network:
ipam:
config:
- subnet: 192.168.80.0/28
driver: default
pihole_pihole:
external: true
services:
app:
depends_on:
- db
dns:
- 192.168.78.254
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}nextcloud:latest
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
-y smbclient;chown -R www-data:www-data /var/www/html
homepage.container: nextcloud-app-1
homepage.description: Cloud server
homepage.group: Infrastructure
homepage.href: https://nc.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Nextcloud
homepage.server: my-docker
homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://nc.sectorq.eu
homepage.widget.username: jaydee
wud.watch: true
wud.watch.digest: true
links:
- db
networks:
- nextcloud_network
- pihole_pihole
ports:
- 8134:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/app:/var/www/html
- /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation
- /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
- /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
- /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
- /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting
db:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
--skip-innodb-read-only-compressed
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- nextcloud_network
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
networks:
- nextcloud_network
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/redis:/data
appapi-harp:
environment:
- HP_SHARED_KEY=l4c1j4yd33Du5lo
- NC_INSTANCE_URL=https://nc.sectorq.eu
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/nextcloud/certs:/certs
container_name: appapi-harp
hostname: appapi-harp
restart: unless-stopped
ports:
- 8780:8780
- 8782:8782
image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
networks:
- nextcloud_network
labels:
wud.watch: true
wud.watch.digest: true

109
__swarm/nextcloud/nextcloud-swarm.yml Normal file
View File

@@ -0,0 +1,109 @@
services:
app:
dns:
- 192.168.77.101
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}nextcloud:latest
links:
- db
ports:
- target: 80
published: 8134
protocol: tcp
mode: ingress
volumes:
- data:/var/www/html
- pre-installation:/docker-entrypoint-hooks.d/pre-installation
- post-installation:/docker-entrypoint-hooks.d/post-installation
- pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
- post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
- before-starting:/docker-entrypoint-hooks.d/before-starting
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
-y smbclient;chown -R www-data:www-data /var/www/html
homepage.container: nextcloud_app
homepage.description: Cloud server
homepage.group: Infrastructure
homepage.href: https://nc.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Nextcloud
homepage.server: my-docker-swarm
homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://nc.sectorq.eu
homepage.widget.username: jaydee
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
db:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
--skip-innodb-read-only-compressed
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
volumes:
- mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
volumes:
- redis:/data
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
appapi-harp:
environment:
HP_SHARED_KEY: l4c1j4yd33Du5lo
NC_INSTANCE_URL: https://nc.sectorq.eu
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- certs:/certs
hostname: appapi-harp
ports:
- target: 8780
published: 8780
protocol: tcp
mode: ingress
- target: 8782
published: 8782
protocol: tcp
mode: ingress
image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
pre-installation:
post-installation:
pre-upgrade:
post-upgrade:
before-starting:
mariadb:
redis:
certs:

10
__swarm/nextcloud/stack.env Executable file
View File

@@ -0,0 +1,10 @@
TZ=Europe/Bratislava
MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
MYSQL_PASSWORD=l4c1j4yd33Du5lo
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_HOST=db
REDIS_HOST=redis
PHP_MEMORY_LIMIT=1024M
PHP_UPLOAD_LIMIT=1024M
NEXTCLOUD_MEMORY_LIMIT=1024M

1
__swarm/nginx/.env Executable file
View File

@@ -0,0 +1 @@
APPNAME=nginx

40
__swarm/nginx/docker-compose.yml Executable file
View File

@@ -0,0 +1,40 @@
networks:
pihole_pihole:
external: true
services:
app:
dns:
- 192.168.78.254
healthcheck:
interval: 10s
test:
- CMD
- /usr/bin/check-health
timeout: 3s
image: jc21/nginx-proxy-manager:latest
labels:
homepage.container: nginx-app-1
homepage.description: Reverse Proxy
homepage.group: Infrastructure
homepage.href: http://active.home.lan:81
homepage.icon: nginx-proxy-manager.png
homepage.name: Nginx
homepage.server: my-docker
homepage.weight: '25'
homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
homepage.widget.type: npm
homepage.widget.url: http://active.home.lan:81
homepage.widget.username: monitoring@sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- pihole_pihole
ports:
- 8099:80
- 4439:443
- 81:81
restart: unless-stopped
volumes:
- /share/docker_data/nginx/data:/data
- /share/docker_data/nginx/letsencrypt:/etc/letsencrypt
version: '3.8'

55
__swarm/nginx/nginx-swarm.yml Normal file
View File

@@ -0,0 +1,55 @@
networks:
pihole_pihole:
external: true
services:
app:
dns:
- 192.168.78.254
healthcheck:
interval: 10s
test:
- CMD
- /usr/bin/check-health
timeout: 3s
image: jc21/nginx-proxy-manager:latest
networks:
- pihole_pihole
ports:
- target: 80
published: 8099
protocol: tcp
mode: ingress
- target: 443
published: 4439
protocol: tcp
mode: ingress
- target: 81
published: 81
protocol: tcp
mode: ingress
volumes:
- data:/data
- letsencrypt:/etc/letsencrypt
deploy:
labels:
homepage.container: nginx-app-1
homepage.description: Reverse Proxy
homepage.group: Infrastructure
homepage.href: http://active.home.lan:81
homepage.icon: nginx-proxy-manager.png
homepage.name: Nginx
homepage.server: my-docker-swarm
homepage.weight: '25'
homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
homepage.widget.type: npm
homepage.widget.url: http://active.home.lan:81
homepage.widget.username: monitoring@sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
letsencrypt:

2
__swarm/node-red/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=node-red
DOCKER_REGISTRY=r.sectorq.eu/library/

28
__swarm/node-red/docker-compose.yml Executable file
View File

@@ -0,0 +1,28 @@
networks:
node-red-net: null
services:
node-red:
dns:
- 192.168.77.101
environment:
- TZ=Europe/Bratislava
image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
homepage.container: node-red-node-red-1
homepage.description: Node red
homepage.group: Infrastructure
homepage.href: http://active.home.lan:1880
homepage.icon: node-red.png
homepage.name: Node-red
homepage.server: my-docker
mem_limit: 1g
networks:
- node-red-net
ports:
- 1880:1880
restart: always
volumes:
- /share/docker_data/node-red:/data

32
__swarm/node-red/node-red-swarm.yml Normal file
View File

@@ -0,0 +1,32 @@
services:
app:
dns:
- 192.168.77.101
environment:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
ports:
- target: 1880
published: 1880
protocol: tcp
mode: ingress
volumes:
- data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.container: node-red_app
homepage.description: Node red
homepage.group: Infrastructure
homepage.href: http://active.home.lan:1880
homepage.icon: node-red.png
homepage.name: Node-red
homepage.server: my-docker-swarm
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

Some files were not shown because too many files have changed in this diff Show More