jaydee/docker-compose
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/home/docker-compose.git synced 2025-12-14 02:14:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jaydee:e5f390ad42f0b9297b9a867240a662f5a4b71f57
Branches Tags
jaydee:main
...
compare: jaydee:6f18999452176f6fed512df8dc8bcba8fda178cc
Branches Tags
jaydee:main

9 Commits
e5f390ad42 ... 6f18999452

Author SHA1 Message Date
jaydee
6f18999452 build 2025-11-30 14:40:21 +01:00
jaydee
9477960cca build 2025-11-30 14:39:30 +01:00
jaydee
8354f41f09 build 2025-11-30 14:14:01 +01:00
jaydee
ce5765ed78 build 2025-11-30 13:20:47 +01:00
jaydee
0420f90ac8 build 2025-11-30 12:56:57 +01:00
jaydee
8076465132 build 2025-11-30 12:47:57 +01:00
jaydee
ff651e8a4e build 2025-11-30 12:47:02 +01:00
jaydee
9b9647ac3b build 2025-11-30 12:46:17 +01:00
jaydee
13e6dd903a build 2025-11-30 12:34:45 +01:00
128 changed files with 5747 additions and 28 deletions
Expand all files Collapse all files

39
__swarm/bitwarden/bitwarden-stack.yml Normal file
View File

@@ -0,0 +1,39 @@
services:
bitwarden:
environment:
WEBSOCKET_ENABLED: 'true'
SIGNUPS_ALLOWED: 'true'
DOMAIN: https://pw.sectorq.eu
SMTP_HOST: mail.sectorq.eu
SMTP_FROM: jaydee@sectorq.eu
SMTP_PORT: '465'
SMTP_SSL: 'true'
SMTP_USERNAME: jaydee@sectorq.eu
SMTP_PASSWORD: $SMTP_PASSWORD
ADMIN_TOKEN: $ADMIN_PASSWORD
image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
ports:
- target: 80
published: 8181
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: vaultwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

39
__swarm/bitwarden/bitwarden-swarm.yml Normal file
View File

@@ -0,0 +1,39 @@
services:
bitwarden:
environment:
WEBSOCKET_ENABLED: 'true'
SIGNUPS_ALLOWED: 'true'
DOMAIN: https://pw.sectorq.eu
SMTP_HOST: mail.sectorq.eu
SMTP_FROM: jaydee@sectorq.eu
SMTP_PORT: '465'
SMTP_SSL: 'true'
SMTP_USERNAME: jaydee@sectorq.eu
SMTP_PASSWORD: $SMTP_PASSWORD
ADMIN_TOKEN: $ADMIN_PASSWORD
image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
ports:
- target: 80
published: 8181
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: vaultwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

2
__swarm/bookstack/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=bookstack
DOCKER_REGISTRY=r.sectorq.eu/library/

50
__swarm/bookstack/bookstack-swarm.yml Normal file
View File

@@ -0,0 +1,50 @@
version: '3.9'
services:
app:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
ports:
- 6875:80
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: bookstack-app-1
homepage.description: Books
homepage.group: Utilities
homepage.href: https://bookstack.sectorq.eu
homepage.icon: bookstack.png
homepage.name: Bookstack
homepage.server: my-docker-swarm
homepage.weight: 1
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
db:
env_file:
- stack.env
environment:
PGID: 0
PUID: 0
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager

88
__swarm/bookstack/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,88 @@
---
version: "2"
services:
app:
image: lscr.io/linuxserver/bookstack:latest
environment:
PUID: 1000
PGID: 1000
APP_URL: https://bookstack.sectorq.eu
DB_HOST: db
DB_PORT: 3306
DB_USER: bookstack
DB_PASS: l4c1j4yd33Du5lo
DB_DATABASE: bookstackapp
# Set authentication method to be saml2
AUTH_METHOD: saml2
# Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
# Prevents the need for the user to click the "Login with x" button on the login page.
# Setting this to true enables auto-initiation.
AUTH_AUTO_INITIATE: false
# Set the display name to be shown on the login button.
# (Login with <name>)
SAML2_NAME: authentik
# Name of the attribute which provides the user's email address
SAML2_EMAIL_ATTRIBUTE: email
# Name of the attribute to use as an ID for the SAML user.
SAML2_EXTERNAL_ID_ATTRIBUTE: uid
# Enable SAML group sync.
SAML2_USER_TO_GROUPS: true
# Set the attribute from which BookStack will read groups names from.
# You will need to rename your roles in Bookstack to match your groups in authentik.
SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
# Name of the attribute(s) to use for the user's display name
# Can have multiple attributes listed, separated with a '|' in which
# case those values will be joined with a space.
# Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
# Defaults to the ID value if not found.
######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
SAML2_DISPLAY_NAME_ATTRIBUTES: username
# Identity Provider entityID URL
SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
# Auto-load metadata from the IDP
# Setting this to true negates the need to specify the next three options
SAML2_AUTOLOAD_METADATA: true
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
ports:
- 6875:80
restart: ${RESTART:-unless-stopped}
depends_on:
- db
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Utilities
homepage.name: Bookstack
homepage.weight: 1
homepage.icon: bookstack.png
homepage.href: https://bookstack.sectorq.eu
homepage.description: Books
homepage.server: my-docker
homepage.container: bookstack-app-1
# homepage.widget.type: ${APPNAME}
# homepage.widget.url: https://${APPNAME}.sectorq.eu
# homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
# homepage.widget.version: 2
db:
image: lscr.io/linuxserver/mariadb
environment:
PUID: 0
PGID: 0
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
TZ: Europe/Bratislava
MYSQL_DATABASE: bookstackapp
MYSQL_USER: bookstack
MYSQL_PASSWORD: l4c1j4yd33Du5lo
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
restart: ${RESTART:-unless-stopped}

38
__swarm/bookstack/docker-compose.yml Executable file
View File

@@ -0,0 +1,38 @@
services:
app:
depends_on:
- db
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: bookstack-app-1
homepage.description: Books
homepage.group: Utilities
homepage.href: https://bookstack.sectorq.eu
homepage.icon: bookstack.png
homepage.name: Bookstack
homepage.server: my-docker
homepage.weight: 1
wud.watch: true
wud.watch.digest: true
ports:
- 6875:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
db:
env_file:
- stack.env
environment:
PGID: 0
PUID: 0
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
version: '2'

86
__swarm/bookstack/stack.env Executable file
View File

@@ -0,0 +1,86 @@
PUID: 1000
PGID: 1000
APP_URL: https://bookstack.sectorq.eu
DB_HOST: db
DB_PORT: 3306
DB_USER: bookstack
DB_PASS: l4c1j4yd33Du5lo
DB_DATABASE: bookstackapp
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
TZ: Europe/Bratislava
MYSQL_DATABASE: bookstackapp
MYSQL_USER: bookstack
MYSQL_PASSWORD: l4c1j4yd33Du5lo
# # Set authentication method to be saml2
# AUTH_METHOD: saml2
# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
# # Prevents the need for the user to click the "Login with x" button on the login page.
# # Setting this to true enables auto-initiation.
# AUTH_AUTO_INITIATE: false
# # Set the display name to be shown on the login button.
# # (Login with <name>)
# SAML2_NAME: authentik
# # Name of the attribute which provides the user's email address
# SAML2_EMAIL_ATTRIBUTE: email
# # Name of the attribute to use as an ID for the SAML user.
# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
# # Enable SAML group sync.
# SAML2_USER_TO_GROUPS: true
# # Set the attribute from which BookStack will read groups names from.
# # You will need to rename your roles in Bookstack to match your groups in authentik.
# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
# # Name of the attribute(s) to use for the user's display name
# # Can have multiple attributes listed, separated with a '|' in which
# # case those values will be joined with a space.
# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
# # Defaults to the ID value if not found.
# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
# SAML2_DISPLAY_NAME_ATTRIBUTES: username
# # Identity Provider entityID URL
# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
# # Auto-load metadata from the IDP
# # Setting this to true negates the need to specify the next three options
# SAML2_AUTOLOAD_METADATA: true
# Set OIDC to be the authentication method
AUTH_METHOD: oidc
#AUTH_METHOD: standard
# Control if BookStack automatically initiates login via your OIDC system
# if it's the only authentication method. Prevents the need for the
# user to click the "Login with x" button on the login page.
# Setting this to true enables auto-initiation.
AUTH_AUTO_INITIATE: true
# Set the display name to be shown on the login button.
# (Login with <name>)
OIDC_NAME: SSO
# Name of the claims(s) to use for the user's display name.
# Can have multiple attributes listed, separated with a '|' in which
# case those values will be joined with a space.
# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
OIDC_DISPLAY_NAME_CLAIMS: name
# OAuth Client ID to access the identity provider
OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
# OAuth Client Secret to access the identity provider
OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
# Issuer URL
# Must start with 'https://'
OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
# The "end session" (RP-initiated logout) URL to call during BookStack logout.
# By default this is false which disables RP-initiated logout.
# Setting to "true" will enable logout if found as supported by auto-discovery.
# Otherwise, this can be set as a specific URL endpoint.
OIDC_END_SESSION_ENDPOINT: false
# Enable auto-discovery of endpoints and token keys.
# As per the standard, expects the service to serve a
# `<issuer>/.well-known/openid-configuration` endpoint.
OIDC_ISSUER_DISCOVER: true

2
__swarm/dockermon/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=dockermon
DOCKER_REGISTRY=r.sectorq.eu/library/

14
__swarm/dockermon/docker-compose.yml Executable file
View File

@@ -0,0 +1,14 @@
services:
docker_mon:
image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
ports:
- 8126:8126
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/dockermon/config:/config
version: '2'

2
__swarm/fail2ban/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=fail2ban
DOCKER_REGISTRY=r.sectorq.eu/library/

0
__swarm/fail2ban/.gitkeep Executable file
View File

49
__swarm/fail2ban/docker-compose.yaml Executable file
View File

@@ -0,0 +1,49 @@
---
services:
# fail2ban:
# image: lscr.io/linuxserver/fail2ban:latest
# container_name: fail2ban
# cap_add:
# - NET_ADMIN
# - NET_RAW
# network_mode: host
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=Europe/Bratislava
# - VERBOSITY=-vvv #optional
# volumes:
# - /share/docker_data/fail2ban/config:/config
# - /share/docker_data/fail2ban/log:/var/log:ro
# # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
# # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
# # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
# # - /path/to/emby/log:/remotelogs/emby:ro #optional
# # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
# - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
# # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
# # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
# # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
# # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
# # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
# # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
# # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
# # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
# # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
# # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
# # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
# restart: unless-stopped
blockips-unifi:
stdin_open: true
tty: true
container_name: blockips-unifi
restart: always
environment:
- TZ=Europe/Bratislava
volumes:
- /share/docker_data/unify_block/config.php:/config.php
- /share/docker_data/unify_block/ban.sh:/ban.sh
- /share/docker_data/unify_block/crontab:/etc/crontabs/root
- /share/docker_data/fail2ban/ban:/ban
- /share/docker_data/fail2ban/unban:/unban
image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest

12
__swarm/fail2ban/fail2ban.env Executable file
View File

@@ -0,0 +1,12 @@
TZ=Europe/Bratislava
F2B_LOG_TARGET=/log/fail2ban.log
F2B_LOG_LEVEL=INFO
F2B_DB_PURGE_AGE=1d
SSMTP_HOST=mail.sectorq.eu
SSMTP_PORT=465
SSMTP_HOSTNAME=mail.sectorq.eu
SSMTP_USER=fail2ban@sectorq.eu
SSMTP_PASSWORD=l4c1j4yd33Du5lo
SSMTP_TLS=YES

49
__swarm/gitea/docker-compose.yml
View File

@@ -3,33 +3,30 @@ networks:
external: false
services:
server:
container_name: gitea
environment:
USER_UID: 1000
USER_GID: 1000
ROOT_URL: https://gitea.sectorq.eu
ENABLE_PASSWORD_SIGNIN_FORM: "false"
DISABLE_REGISTRATION: "true"
ENABLE_PASSWORD_SIGNIN_FORM: false
DISABLE_REGISTRATION: true
image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
labels:
homepage.container: gitea_server
homepage.description: Version control server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Gitea
homepage.server: my-docker1
homepage.weight: 1
homepage.widget.key: b486c53526c26093a255227bc0165c0d329fd638
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: 2
wud.watch: "true"
wud.watch.digest: "true"
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: gitea
homepage.description: Version control server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Gitea
homepage.server: my-docker
homepage.weight: 1
homepage.widget.key: ${TOKEN}
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: 2
wud.watch: true
wud.watch.digest: true
networks:
- gitea
ports:
@@ -53,8 +50,6 @@ services:
- /share/docker_data/gitea-runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: ${RESTART:-unless-stopped}
deploy:
replicas: 1
labels:
wud.watch: "true"
wud.watch.digest: "true"
labels:
wud.watch: true
wud.watch.digest: true

69
__swarm/gitea/gitea-swarm.yml Normal file
View File

@@ -0,0 +1,69 @@
version: '3.9'
services:
server:
environment:
USER_UID: '1000'
USER_GID: '1000'
ROOT_URL: https://gitea.sectorq.eu
ENABLE_PASSWORD_SIGNIN_FORM: 'false'
DISABLE_REGISTRATION: 'true'
image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
networks:
- gitea
ports:
- 3000:3000
- '222:22'
volumes:
- /share/docker_data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitea
homepage.description: version control server
homepage.group: utilities
homepage.href: https://${appname}.sectorq.eu
homepage.icon: ${appname}.png
homepage.name: gitea
homepage.server: my-docker
homepage.weight: '1'
homepage.widget.key: ${token}
homepage.widget.type: ${appname}
homepage.widget.url: https://${appname}.sectorq.eu
homepage.widget.version: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
placement:
constraints:
- node.role == manager
runner:
image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
GITEA_RUNNER_REGISTRATION_TOKEN: 8nmkqjhkvywltmnff2o9vs0tzo70ufhsqpvg6ymb
GITEA_RUNNER_NAME: jaydee
GITEA_RUNNER_LABELS: jaydee
volumes:
- /share/docker_data/gitea-runner/config:/config
- /share/docker_data/gitea-runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
placement:
constraints:
- node.role == manager
networks:
gitea:
external: false

54
__swarm/gitlab/docker-compose.yml Executable file
View File

@@ -0,0 +1,54 @@
services:
web:
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
\ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
\ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
\ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
\ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
\ = true\ngitlab_rails['omniauth_providers'] = [\n {\n name: 'saml',\n\
\ args: {\n assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
\ # Shown when navigating to certificates in authentik1\n idp_cert_fingerprint:\
\ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n idp_sso_target_url:\
\ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
\ issuer: 'https://gitlab.sectorq.eu',\n name_identifier_format:\
\ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n attribute_statements:\
\ {\n email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
\ first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
\ nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
\ }\n },\n label: 'authentik'\n }\n]\n"
TZ: Europe/Bratislava
hostname: gitlab.sectorq.eu
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitlab
homepage.description: Version control
homepage.group: Infrastructure
homepage.href: https://gitlab.sectorq.eu
homepage.icon: gitlab.png
homepage.name: Gitlab
homepage.server: my-docker
homepage.weight: '1'
homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
homepage.widget.type: gitlab
homepage.widget.url: https://gitlab.sectorq.eu
homepage.widget.user_id: '2'
wud.watch: true
wud.watch.digest: true
network_mode: bridge
ports:
- 8785:80
- 8743:443
- '8722:22'
restart: unless-stopped
shm_size: 4gb
volumes:
- /share/docker_data/gitlab/config:/etc/gitlab
- /share/docker_data/gitlab/logs:/var/log/gitlab
- /share/docker_data/gitlab/data:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
version: '3.6'

3
__swarm/gotify/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=gotify
DOCKER_REGISTRY=r.sectorq.eu/library/
CLIENT_TOKEN=CowKqc8UU5Xn-EA

22
__swarm/gotify/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,22 @@
name: gotify
services:
server:
ports:
- 8010:80
environment:
- TZ=Europe/Berlin
- GOTIFY_DEFAULTUSER_PASS='admin'
volumes:
- /share/docker_data/gotify/data:/app/data
image: ${DOCKER_REGISTRY:-}gotify/server
labels:
- com.centurylinklabs.watchtower.enable=true
- homepage.group=Utilities
- homepage.name=Gotify
- homepage.weight=1
- homepage.icon=gotify.png
- homepage.href=https://gotify.sectorq.eu
- homepage.description=Notification Server
- homepage.widget.type=gotify
- homepage.widget.url=https://gotify.sectorq.eu
- homepage.widget.key=C3Fy8AQym_sc1zS

46
__swarm/gotify/docker-compose.yml Executable file
View File

@@ -0,0 +1,46 @@
version: '3.8'
services:
gotify:
container_name: gotify
hostname: gotify
image: gotify/server
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- net
ports:
- "8680:80"
volumes:
- data:/app/data
environment:
GOTIFY_DEFAULTUSER_PASS: 'l4c1j4yd33Du5lo' # Change me!!!!!
igotify:
container_name: igotify
hostname: igotify
image: ghcr.io/androidseb25/igotify-notification-assist:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
pull_policy: always
networks:
- net
ports:
- "8681:8080"
volumes:
- api-data:/app/data
environment: # option environment see above note
GOTIFY_URLS: 'https://gotify.sectorq.eu'
GOTIFY_CLIENT_TOKENS: ${CLIENT_TOKEN}
SECNTFY_TOKENS: 'NTFY-DEVICE-nmE8MaAk1PX9wCRSkqKatiKzD4LCvDTENi3LTPwcn5cckXtkwQQ'
GOTIFY_DEFAULTUSER_PASS: 'l4c1j4yd33Du5lo'
networks:
net:
volumes:
data:
api-data:

4
__swarm/gotify/stack.env Executable file
View File

@@ -0,0 +1,4 @@
GOTIFY_URLS=https://gotify.sectorq.eu
GOTIFY_CLIENT_TOKENS=CfYatBoIszgIr07
SECNTFY_TOKENS=NTFY-DEVICE-CIrIeIoagAdUFwI8uOZlo6Qd9b3OF1x1NSpdns6mlImvzb4X0kI
GOTIFY_DEFAULTUSER_PASS=l4c1j4yd33Du5lo

2
__swarm/grafana/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=grafana
DOCKER_REGISTRY=r.sectorq.eu/library/

88
__swarm/grafana/docker-compose.yml Executable file
View File

@@ -0,0 +1,88 @@
name: grafana
networks:
loki: null
services:
grafana:
container_name: grafana
entrypoint:
- sh
- -euc
- "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
apiVersion: 1\ndatasources:\n- name: Loki\n type: loki\n access: proxy\n \
\ orgId: 1\n url: http://loki:3100\n basicAuth: false\n isDefault: true\n\
\ version: 1\n editable: false\nEOF\n/run.sh\n"
environment:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
&& 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
GF_LOG_FILTERS: rendering:debug
GF_RENDERING_CALLBACK_URL: http://grafana:3000/
GF_RENDERING_SERVER_URL: http://renderer:8092/render
GF_SERVER_ROOT_URL: https://g.sectorq.eu/
image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: grafana
homepage.description: Graphs
homepage.group: Smarthome
homepage.href: https://g.sectorq.eu
homepage.icon: grafana.png
homepage.name: Grafana
homepage.server: my-docker
homepage.weight: '1'
wud.watch: true
wud.watch.digest: true
networks:
- loki
ports:
- 3007:3000
restart: ${RESTART:-unless-stopped}
user: 0:0
volumes:
- /share/docker_data/grafana/data:/var/lib/grafana
- /share/docker_data/grafana/certs:/certs
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
labels:
wud.watch: true
wud.watch.digest: true
networks:
- loki
ports:
- 3100:3100
restart: ${RESTART:-unless-stopped}
promtail:
command: -config.file=/etc/promtail/config.yml
image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
labels:
wud.watch: true
wud.watch.digest: true
networks:
- loki
volumes:
- /var/log:/var/log
- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
restart: ${RESTART:-unless-stopped}
renderer:
image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
ports:
- 8092
networks:
- loki
restart: ${RESTART:-unless-stopped}

112
__swarm/grafana/grafana-swarm.yml Normal file
View File

@@ -0,0 +1,112 @@
networks:
loki: null
services:
grafana:
entrypoint:
- sh
- -euc
- "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
apiVersion: 1\ndatasources:\n- name: Loki\n type: loki\n access: proxy\n \
\ orgId: 1\n url: http://loki:3100\n basicAuth: false\n isDefault: true\n\
\ version: 1\n editable: false\nEOF\n/run.sh\n"
environment:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
&& 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
GF_LOG_FILTERS: rendering:debug
GF_RENDERING_CALLBACK_URL: http://grafana:3000/
GF_RENDERING_SERVER_URL: http://renderer:8092/render
GF_SERVER_ROOT_URL: https://g.sectorq.eu/
image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
networks:
- loki
ports:
- target: 3000
published: 3007
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
user: 0:0
volumes:
- /share/docker_data/grafana/data:/var/lib/grafana
- /share/docker_data/grafana/certs:/certs
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: grafana
homepage.description: Graphs
homepage.group: Smarthome
homepage.href: https://g.sectorq.eu
homepage.icon: grafana.png
homepage.name: Grafana
homepage.server: my-docker
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
networks:
- loki
ports:
- target: 3100
published: 3100
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
promtail:
command: -config.file=/etc/promtail/config.yml
image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
networks:
- loki
volumes:
- /var/log:/var/log
- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
restart: ${RESTART:-unless-stopped}
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
renderer:
image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
ports:
- 8092
networks:
- loki
restart: ${RESTART:-unless-stopped}
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

230
__swarm/home-assistant-swarm.yml Normal file
View File

@@ -0,0 +1,230 @@
version: '3.9'
services:
homeassistant:
network_mode: host
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
volumes:
- /share/docker_data/ha/:/config
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
privileged: true
environment:
- DISABLE_JEMALLOC=value
- TZ=Europe/Bratislava
dns:
- 192.168.77.101
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: 1
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
esphome:
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- /etc/localtime:/etc/localtime:ro
privileged: true
network_mode: host
environment:
- USERNAME=jaydee
- PASSWORD=jaydee1
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: 1
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
ports:
- 10200:10200
volumes:
- /share/docker_data/piper/english:/data
command: --data-dir /data --voice en_US-lessac-medium
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
ports:
- 10300:10300
volumes:
- /share/docker_data/whisper/english:/data
command: --data-dir /data --model tiny-int8 --language en
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
openwakeword:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
--model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
2 --debug
volumes:
- /share/docker_data/openwakeword-data:/data
- /share/docker_data/openwakeword-data:/custom
environment:
- TZ=Europe/Bratislava
ports:
- 10400:10400
- 10400:10400/udp
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
matter-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
security_opt:
- apparmor=unconfined
volumes:
- /share/docker_data/matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
music-assistant-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
network_mode: host
volumes:
- /share/docker_data/music-assistant-server/data:/data/
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
- LOG_LEVEL=info
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.container: music-assistant-server
placement:
constraints:
- node.role == manager
influxdb:
ports:
- 8086:8086
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

3
__swarm/home-assistant/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=home-assistant
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

0
__swarm/home-assistant/.env.influxdb2-admin-password Normal file
View File

1
__swarm/home-assistant/.env.influxdb2-admin-token Normal file
View File

@@ -0,0 +1 @@
l4c1j4yd33Du5lo

0
__swarm/home-assistant/.env.influxdb2-admin-username Normal file
View File

214
__swarm/home-assistant/docker-compose.yml Executable file
View File

@@ -0,0 +1,214 @@
version: '3'
services:
homeassistant:
container_name: HomeAssistant
network_mode: host
image: "${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest"
volumes:
- /share/docker_data/ha/:/config
#- /dev/skyconnect:/dev/ttyUSB1
# - /dev/ttyUSB1:/dev/ttyUSB1
#- /var/log:/logging
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
privileged: true
environment:
- DISABLE_JEMALLOC=value
- TZ=Europe/Bratislava
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: 1
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
#homepage.widget.custom: [{"state","sensor.sonoff_1001555a27_power"}]
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
dns:
- 192.168.77.101
# ollama:
# volumes:
# - /share/docker_data/ollama:/root/.ollama
# ports:
# - 11434:11434
# container_name: ollama
# # image: ollama/ollama:0.1.27-rocm
# image: ollama/ollama
# # environment:
# # - HSA_OVERRIDE_GFX_VERSION=9.0.0
# # devices:
# # - /dev/dri/renderD128
# # - /dev/dri/card1
# # - /dev/kfd
# labels:
# com.centurylinklabs.watchtower.enable: true
esphome:
container_name: esphome
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- /etc/localtime:/etc/localtime:ro
restart: ${RESTART:-unless-stopped}
privileged: true
network_mode: host
environment:
- USERNAME=jaydee
- PASSWORD=jaydee1
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: 1
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: true
wud.watch.digest: true
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
container_name: piper-en
ports:
- 10200:10200
volumes:
- /share/docker_data/piper/english:/data
command: --data-dir /data --voice en_US-lessac-medium
restart: ${RESTART:-unless-stopped}
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
container_name: whisper-en
ports:
- 10300:10300
volumes:
- /share/docker_data/whisper/english:/data
command: --data-dir /data --model tiny-int8 --language en
restart: ${RESTART:-unless-stopped}
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
openwakeword:
container_name: openwakeword
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
command:
--preload-model 'ok_nabu'
--custom-model-dir /custom
--model 'ok nabu'
--model 'ok_nabu'
--uri 'tcp://0.0.0.0:10400'
--threshold 0.7
--trigger-level 2
--debug
volumes:
- /share/docker_data/openwakeword-data:/data
- /share/docker_data/openwakeword-data:/custom # Place my custom wakewords here
environment:
- TZ=Europe/Bratislava
restart: ${RESTART:-unless-stopped}
ports:
- 10400:10400
- 10400:10400/udp
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
matter-server:
container_name: matter-server
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
restart: ${RESTART:-unless-stopped}
security_opt:
- apparmor=unconfined
volumes:
- /share/docker_data/matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
music-assistant-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest # <<< Desired release version here (or use beta to get the latest beta version)
container_name: music-assistant-server
restart: ${RESTART:-unless-stopped}
# Network mode must be set to host for MA to work correctly
network_mode: host
volumes:
- /share/docker_data/music-assistant-server/data:/data/
# privileged caps (and security-opt) needed to mount smb folders within the container
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
# Provide logging level as environment variable.
# default=info, possible=(critical, error, warning, info, debug)
- LOG_LEVEL=info
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.container: music-assistant-server
influxdb:
ports:
- 8086:8086
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
restart: ${RESTART:-unless-stopped}
healthcheck:
test: "echo test > /var/lib/influxdb2/hc || exit 1"
interval: 10s
timeout: 3s
retries: 2
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

230
__swarm/home-assistant/home-assistant-swarm.yml Normal file
View File

@@ -0,0 +1,230 @@
version: '3.9'
services:
homeassistant:
network_mode: host
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
volumes:
- /share/docker_data/ha/:/config
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
privileged: true
environment:
- DISABLE_JEMALLOC=value
- TZ=Europe/Bratislava
dns:
- 192.168.77.101
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: 1
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
esphome:
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- /etc/localtime:/etc/localtime:ro
privileged: true
network_mode: host
environment:
- USERNAME=jaydee
- PASSWORD=jaydee1
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: 1
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
ports:
- 10200:10200
volumes:
- /share/docker_data/piper/english:/data
command: --data-dir /data --voice en_US-lessac-medium
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
ports:
- 10300:10300
volumes:
- /share/docker_data/whisper/english:/data
command: --data-dir /data --model tiny-int8 --language en
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
openwakeword:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
--model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
2 --debug
volumes:
- /share/docker_data/openwakeword-data:/data
- /share/docker_data/openwakeword-data:/custom
environment:
- TZ=Europe/Bratislava
ports:
- 10400:10400
- 10400:10400/udp
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
matter-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
security_opt:
- apparmor=unconfined
volumes:
- /share/docker_data/matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
music-assistant-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
network_mode: host
volumes:
- /share/docker_data/music-assistant-server/data:/data/
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
- LOG_LEVEL=info
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.container: music-assistant-server
placement:
constraints:
- node.role == manager
influxdb:
ports:
- 8086:8086
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
placement:
constraints:
- node.role == manager
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

2
__swarm/homepage/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=homepage
DOCKER_REGISTRY=r.sectorq.eu/library/

26
__swarm/homepage/docker-compose.yml Executable file
View File

@@ -0,0 +1,26 @@
networks:
pihole_pihole:
external: true
services:
homepage:
container_name: homepage
dns:
- 192.168.78.254
environment:
HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- pihole_pihole
ports:
- 3003:3000
restart: unless-stopped
volumes:
- /share/docker_data/homepage/config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- /share/docker_data/homepage/images:/app/public/images
- /share/docker_data/homepage/icons:/app/public/icons

24
__swarm/immich/.env Executable file
View File

@@ -0,0 +1,24 @@
# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/media/nas/qda_1/immich/library
# The location where your database files are stored. Network shares are not supported for the database
DB_DATA_LOCATION=/share/docker_data/immich/db
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=postgres
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
HW_MODE1=vaapi
HW_MODE2=openvino

88
__swarm/immich/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,88 @@
name: immich
services:
database:
command: postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user",
public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB
-c wal_compression=on
container_name: immich_postgres
env_file:
- stack.env
environment:
POSTGRES_INITDB_ARGS: --data-checksums
healthcheck:
interval: 5m
start_interval: 30s
start_period: 5m
test: pg_isready --dbname="$${DB_PASSWORD}" --username="$${DB_USERNAME}" ||
exit 1; Chksum="$$(psql --dbname="$${DB_DATABASE_NAME}" --username="$${DB_USERNAME}"
--tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures),
0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
"$$Chksum" = '0' ] || exit 1
image: ${DOCKER_REGISTRY:-}docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/immich/db:/var/lib/postgresql/data
immich-machine-learning:
container_name: immich_machine_learning
env_file:
- stack.env
extends:
file: hwaccel.ml.yml
service: ${HW_MODE2:-cpu}
healthcheck:
disable: false
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- model-cache:/cache
immich-server:
container_name: immich_server
depends_on:
- redis
- database
env_file:
- stack.env
extends:
file: hwaccel.transcoding.yml
service: ${HW_MODE1:-cpu}
healthcheck:
disable: false
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker
homepage.widget.key: wVxjlztA8MpeuzKkNGCSUPK2WjAY55qq4cfs9Zr5opU
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: true
wud.watch.digest: true
ports:
- 2283:2283
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/immich/library:/usr/src/app/upload
- /media/nas/nas-photo:/mnt/photos2
- /etc/localtime:/etc/localtime:ro
redis:
container_name: immich_redis
healthcheck:
test: redis-cli ping || exit 1
image: ${DOCKER_REGISTRY:-}docker.io/redis:6.2-alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
model-cache: null

88
__swarm/immich/docker-compose.yml Executable file
View File

@@ -0,0 +1,88 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
extends:
file: hwaccel.transcoding.yml
service: ${HW_MODE1:-vaapi} # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
- /media/nas/photo:/mnt/photos2
env_file:
- .env
ports:
- '2283:2283'
depends_on:
- redis
- database
restart: ${RESTART:-unless-stopped}
healthcheck:
disable: false
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker
homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: true
wud.watch.digest: true
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
file: hwaccel.ml.yml
service: ${HW_MODE2:-openvino} # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: ${RESTART:-unless-stopped}
healthcheck:
disable: false
redis:
container_name: immich_redis
image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
healthcheck:
test: redis-cli ping || exit 1
restart: ${RESTART:-unless-stopped}
database:
container_name: immich_postgres
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: ${RESTART:-unless-stopped}
volumes:
model-cache:

43
__swarm/immich/hwaccel.ml.yml Executable file
View File

@@ -0,0 +1,43 @@
# Configurations for hardware-accelerated machine learning
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-machine-learning service in the docker-compose.yml file.
# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.
services:
armnn:
devices:
- /dev/mali0:/dev/mali0
volumes:
- /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
- /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
cpu: {}
cuda:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
openvino:
device_cgroup_rules:
- 'c 189:* rmw'
devices:
- /dev/dri:/dev/dri
volumes:
- /dev/bus/usb:/dev/bus/usb
openvino-wsl:
devices:
- /dev/dri:/dev/dri
- /dev/dxg:/dev/dxg
volumes:
- /dev/bus/usb:/dev/bus/usb
- /usr/lib/wsl:/usr/lib/wsl

57
__swarm/immich/hwaccel.transcoding.yml Executable file
View File

@@ -0,0 +1,57 @@
# Configurations for hardware-accelerated transcoding
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-microservices service in the docker-compose.yml file.
# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.
services:
cpu: {}
nvenc:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
- compute
- video
quicksync:
devices:
- /dev/dri:/dev/dri
rkmpp:
security_opt: # enables full access to /sys and /proc, still far better than privileged: true
- systempaths=unconfined
- apparmor=unconfined
group_add:
- video
devices:
- /dev/rga:/dev/rga
- /dev/dri:/dev/dri
- /dev/dma_heap:/dev/dma_heap
- /dev/mpp_service:/dev/mpp_service
#- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
volumes:
#- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
#- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
vaapi:
devices:
- /dev/dri:/dev/dri
group_add:
- video
- 993
vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
devices:
- /dev/dri:/dev/dri
- /dev/dxg:/dev/dxg
volumes:
- /usr/lib/wsl:/usr/lib/wsl
environment:
- LIBVA_DRIVER_NAME=d3d12

23
__swarm/immich/stack.env Executable file
View File

@@ -0,0 +1,23 @@
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/media/nas/qda_1/immich/library
#UPLOAD_LOCATION=/share/docker_data/immich/library
# The location where your database files are stored
DB_DATA_LOCATION=/share/docker_data/immich/db
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
TZ=Europe/Bratislava
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=postgres
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
POSTGRES_PASSWORD=postgres

3
__swarm/influxdb/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=influxdb
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

1
__swarm/influxdb/.env.influxdb2-admin-password Normal file
View File

@@ -0,0 +1 @@
ha

1
__swarm/influxdb/.env.influxdb2-admin-token Normal file
View File

@@ -0,0 +1 @@
l4c1j4yd33Du5lo

1
__swarm/influxdb/.env.influxdb2-admin-username Normal file
View File

@@ -0,0 +1 @@
ha

37
__swarm/influxdb/docker-compose.yml Executable file
View File

@@ -0,0 +1,37 @@
version: '3'
services:
influxdb:
ports:
- 8087:8086
volumes:
- /share/docker_data/influxdb2/data:/var/lib/influxdb2
- /share/docker_data/influxdb2/config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
restart: ${RESTART:-unless-stopped}
healthcheck:
test: "echo test > /var/lib/influxdb2/hc || exit 1"
interval: 10s
timeout: 3s
retries: 2
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token

2
__swarm/jupyter/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=jupyter
DOCKER_REGISTRY=r.sectorq.eu/library/

20
__swarm/jupyter/docker-compose.yml Executable file
View File

@@ -0,0 +1,20 @@
name: jupyter
services:
base-notebook:
ports:
- 8888:8888
volumes:
- /share/docker_data/jupyter:/home/jovyan/work
image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
restart: ${RESTART:-unless-stopped}
labels:
homepage.container: jupyter-base-notebook-1
homepage.description: Python server
homepage.group: Utils
homepage.href: http://m-server.home.lan:8888/
homepage.icon: ${APPNAME}.png
homepage.name: Jupyter Notebook
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true

2
__swarm/kestra/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=kestra
PASSWORD=l4c1j4yd33Du5lo

89
__swarm/kestra/docker-compose.yml Executable file
View File

@@ -0,0 +1,89 @@
services:
kestra:
command: server standalone --worker-thread=128
depends_on:
postgres:
condition: service_started
environment:
SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
KESTRA_CONFIGURATION: |
datasources:
postgres:
url: jdbc:postgresql://postgres:5432/kestra
driverClassName: org.postgresql.Driver
username: kestra
password: k3str4
kestra:
server:
basicAuth:
enabled: false
username: "jaydee@sectorq.eu" # it must be a valid email address
password: ${PASSWORD}
repository:
type: postgres
storage:
type: local
local:
basePath: "/app/storage"
queue:
type: postgres
tasks:
tmpDir:
path: /tmp/kestra-wd/tmp
url: http://localhost:8080/
tutorial-flows:
enabled: false
micronaut:
server:
cors:
enabled: true
image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: kestra-kestra-1
homepage.description: Automation
homepage.group: Infrastructure
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Kestra
homepage.server: my-docker
homepage.weight: '1'
wud.display.icon: mdi:evernote
wud.watch: true
wud.watch.digest: true
ports:
- 8980:8080
- 8981:8081
pull_policy: always
restart: ${RESTART:-unless-stopped}
user: root
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/kestra/kestra-data:/app/storage
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/kestra-wd:/tmp/kestra-wd
postgres:
environment:
POSTGRES_DB: kestra
POSTGRES_PASSWORD: k3str4
POSTGRES_USER: kestra
healthcheck:
interval: 30s
retries: 10
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 10s
image: ${DOCKER_REGISTRY:-}postgres:16
labels:
wud.watch: false
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data
volumes:
kestra-data:
driver: local
postgres-data:
driver: local

1
__swarm/kestra/stack.env Executable file
View File

@@ -0,0 +1 @@
APPNAME=kestra

4
__swarm/mailu/.env Executable file
View File

@@ -0,0 +1,4 @@
APPNAME=mailu
DOCKER_REGISTRY=r.sectorq.eu/library/
MAILU_VERSION=2024.06
LOGGING=syslog

247
__swarm/mailu/docker-compose.yml Executable file
View File

@@ -0,0 +1,247 @@
networks:
clamav:
driver: bridge
default:
driver: bridge
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: bridge
internal: true
oletools:
driver: bridge
internal: true
radicale:
driver: bridge
webmail:
driver: bridge
services:
admin:
depends_on:
- redis
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
antispam:
depends_on:
- front
- redis
- oletools
- antivirus
- resolver
dns:
- 192.168.205.254
env_file: stack.env
hostname: antispam
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- oletools
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
antivirus:
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
timeout: 5s
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: true
wud.watch.digest: true
networks:
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
fetchmail:
depends_on:
- admin
- smtp
- imap
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
front:
depends_on:
- resolver
dns:
- 192.168.205.254
env_file: stack.env
extends:
file: logging.yml
service: ${LOGGING:-syslog}
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
networks:
- default
- webmail
- radicale
ports:
- 0.0.0.0:8880:80
- 0.0.0.0:8443:443
- 0.0.0.0:25:25
- 0.0.0.0:465:465
- 0.0.0.0:587:587
- 0.0.0.0:110:110
- 0.0.0.0:995:995
- 0.0.0.0:143:143
- 0.0.0.0:993:993
- 0.0.0.0:4190:4190
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
fts_attachments:
depends_on:
- resolver
dns:
- 192.168.205.254
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
timeout: 5s
hostname: tika
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
labels:
wud.watch: true
wud.watch.digest: true
networks:
- fts_attachments
restart: ${RESTART:-unless-stopped}
imap:
depends_on:
- front
- fts_attachments
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- fts_attachments
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
oletools:
depends_on:
- resolver
dns:
- 192.168.205.254
hostname: oletools
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- oletools
restart: ${RESTART:-unless-stopped}
redis:
depends_on:
- resolver
dns:
- 192.168.205.254
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: unless-stopped
volumes:
- /share/docker_data/mailu3/redis:/data
resolver:
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
default:
ipv4_address: 192.168.205.254
restart: ${RESTART:-unless-stopped}
smtp:
depends_on:
- front
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- radicale
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/dav:/data
webmail:
depends_on:
- front
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- webmail
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

18
__swarm/mailu/logging.yml Executable file
View File

@@ -0,0 +1,18 @@
---
services:
syslog:
logging:
driver: syslog
options:
tag: mailu-front
journald:
logging:
driver: journald
options:
tag: mailu-front
loki:
logging:
driver: loki
options:
loki-url: "http://192.168.77.101:3100/loki/api/v1/push"

167
__swarm/mailu/stack.env Executable file
View File

@@ -0,0 +1,167 @@
# Mailu main configuration file
#
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at
# https://mailu.io
###################################
# Common configuration variables
###################################
# Set to a randomly generated 16 bytes string
SECRET_KEY=T1GSGDDBVRYF7UR7
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.205.0/24
# Main mail domain
DOMAIN=mail.sectorq.eu
# Hostnames for this server, separated with commas
HOSTNAMES=mail.sectorq.eu,sectorq.eu
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
#TLS_FLAVOR=cert
TLS_FLAVOR=letsencrypt
# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
AUTH_RATELIMIT_IP=5/hour
# Authentication rate limit per user (regardless of the source-IP)
AUTH_RATELIMIT_USER=50/day
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=True
###################################
# Optional features
###################################
# Expose the admin interface (value: true, false)
ADMIN=true
# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBMAIL=roundcube
# Expose the API interface (value: true, false)
API=true
# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBDAV=radicale
# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
ANTIVIRUS=clamav
# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
SCAN_MACROS=true
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=
# Will relay all outgoing mails if configured
RELAYHOST=
# Enable fetchmail
FETCHMAIL_ENABLED=true
# Fetchmail delay
FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part
RECIPIENT_DELIMITER=+
# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
# Maildir Compression
# choose compression-method, default: none (value: gz, bz2, zstd)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default.
# Set the following variable to off in order to disable the feature
# or a comma separated list of language codes to support
FULL_TEXT_SEARCH=en
###################################
# Web settings
###################################
# Path to redirect / to
WEBROOT_REDIRECT=/webmail
# Path to the admin interface if enabled
WEB_ADMIN=/admin
# Path to the webmail if enabled
WEB_WEBMAIL=/webmail
# Path to the API interface if enabled
WEB_API=/api
# Website name
SITENAME=sectorq
# Linked Website URL
WEBSITE=https://mail.sectorq.eu
###################################
# Advanced settings
###################################
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12
# Header to take the real ip from
REAL_IP_HEADER=X-Real-IP
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=192.168.77.101
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=INFO
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=EU/Bratislava
# Default spam threshold used for new users
DEFAULT_SPAM_THRESHOLD=80
# API token required for authenticating to the RESTful API.
# This is a mandatory setting for using the RESTful API.
API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
FULL_TEXT_SEARCH_ATTACHMENTS=true
LD_PRELOAD=/usr/lib/libhardened_malloc.so

4
__swarm/mailu3/.env Executable file
View File

@@ -0,0 +1,4 @@
APPNAME=mailu
DOCKER_REGISTRY=r.sectorq.eu/library/
MAILU_VERSION=2024.06
LOGGING=syslog

247
__swarm/mailu3/docker-compose.yml Executable file
View File

@@ -0,0 +1,247 @@
networks:
clamav:
driver: bridge
default:
driver: bridge
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: bridge
internal: true
oletools:
driver: bridge
internal: true
radicale:
driver: bridge
webmail:
driver: bridge
services:
admin:
depends_on:
- redis
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
antispam:
depends_on:
- front
- redis
- oletools
- antivirus
- resolver
dns:
- 192.168.205.254
env_file: stack.env
hostname: antispam
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- oletools
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
antivirus:
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
timeout: 5s
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: true
wud.watch.digest: true
networks:
- clamav
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
fetchmail:
depends_on:
- admin
- smtp
- imap
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
front:
depends_on:
- resolver
dns:
- 192.168.205.254
env_file: stack.env
extends:
file: logging.yml
service: ${LOGGING:-syslog}
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
networks:
- default
- webmail
- radicale
ports:
- 0.0.0.0:8880:80
- 0.0.0.0:8443:443
- 0.0.0.0:25:25
- 0.0.0.0:465:465
- 0.0.0.0:587:587
- 0.0.0.0:110:110
- 0.0.0.0:995:995
- 0.0.0.0:143:143
- 0.0.0.0:993:993
- 0.0.0.0:4190:4190
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
fts_attachments:
depends_on:
- resolver
dns:
- 192.168.205.254
healthcheck:
interval: 10s
retries: 3
start_period: 10s
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
timeout: 5s
hostname: tika
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
labels:
wud.watch: true
wud.watch.digest: true
networks:
- fts_attachments
restart: ${RESTART:-unless-stopped}
imap:
depends_on:
- front
- fts_attachments
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- default
- fts_attachments
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
oletools:
depends_on:
- resolver
dns:
- 192.168.205.254
hostname: oletools
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- oletools
restart: ${RESTART:-unless-stopped}
redis:
depends_on:
- resolver
dns:
- 192.168.205.254
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
restart: unless-stopped
volumes:
- /share/docker_data/mailu3/redis:/data
resolver:
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
default:
ipv4_address: 192.168.205.254
restart: ${RESTART:-unless-stopped}
smtp:
depends_on:
- front
- resolver
dns:
- 192.168.205.254
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- radicale
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/dav:/data
webmail:
depends_on:
- front
env_file: stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
labels:
wud.watch: true
wud.watch.digest: true
networks:
- webmail
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

18
__swarm/mailu3/logging.yml Executable file
View File

@@ -0,0 +1,18 @@
---
services:
syslog:
logging:
driver: syslog
options:
tag: mailu-front
journald:
logging:
driver: journald
options:
tag: mailu-front
loki:
logging:
driver: loki
options:
loki-url: "http://192.168.77.101:3100/loki/api/v1/push"

167
__swarm/mailu3/stack.env Executable file
View File

@@ -0,0 +1,167 @@
# Mailu main configuration file
#
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at
# https://mailu.io
###################################
# Common configuration variables
###################################
# Set to a randomly generated 16 bytes string
SECRET_KEY=T1GSGDDBVRYF7UR7
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.205.0/24
# Main mail domain
DOMAIN=mail.sectorq.eu
# Hostnames for this server, separated with commas
HOSTNAMES=mail.sectorq.eu,sectorq.eu
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
#TLS_FLAVOR=cert
TLS_FLAVOR=letsencrypt
# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
AUTH_RATELIMIT_IP=5/hour
# Authentication rate limit per user (regardless of the source-IP)
AUTH_RATELIMIT_USER=50/day
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=True
###################################
# Optional features
###################################
# Expose the admin interface (value: true, false)
ADMIN=true
# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBMAIL=roundcube
# Expose the API interface (value: true, false)
API=true
# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
WEBDAV=radicale
# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
ANTIVIRUS=clamav
# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
SCAN_MACROS=true
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=
# Will relay all outgoing mails if configured
RELAYHOST=
# Enable fetchmail
FETCHMAIL_ENABLED=true
# Fetchmail delay
FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part
RECIPIENT_DELIMITER=+
# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
# Maildir Compression
# choose compression-method, default: none (value: gz, bz2, zstd)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default.
# Set the following variable to off in order to disable the feature
# or a comma separated list of language codes to support
FULL_TEXT_SEARCH=en
###################################
# Web settings
###################################
# Path to redirect / to
WEBROOT_REDIRECT=/webmail
# Path to the admin interface if enabled
WEB_ADMIN=/admin
# Path to the webmail if enabled
WEB_WEBMAIL=/webmail
# Path to the API interface if enabled
WEB_API=/api
# Website name
SITENAME=sectorq
# Linked Website URL
WEBSITE=https://mail.sectorq.eu
###################################
# Advanced settings
###################################
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12
# Header to take the real ip from
REAL_IP_HEADER=X-Real-IP
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=192.168.77.101
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=INFO
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=EU/Bratislava
# Default spam threshold used for new users
DEFAULT_SPAM_THRESHOLD=80
# API token required for authenticating to the RESTful API.
# This is a mandatory setting for using the RESTful API.
API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
FULL_TEXT_SEARCH_ATTACHMENTS=true
LD_PRELOAD=/usr/lib/libhardened_malloc.so

4
__swarm/mealie/.env Executable file
View File

@@ -0,0 +1,4 @@
RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/
APPNAME=mealie

42
__swarm/mealie/docker-compose.yml Executable file
View File

@@ -0,0 +1,42 @@
services:
mealie:
image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 #
container_name: mealie
restart: always
ports:
- "9925:9000" #
deploy:
resources:
limits:
memory: 1000M #
volumes:
- /share/docker_data/mealie/data:/app/data/
environment:
# Set Backend ENV Variables Here
ALLOW_SIGNUP: "false"
PUID: 1000
PGID: 1000
TZ: Europe/Bratislava
BASE_URL: https://mealie.sectorq.eu
OIDC_AUTH_ENABLED: true
OIDC_PROVIDER_NAME: authentik
OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
OIDC_SIGNUP_ENABLED: true
OIDC_USER_GROUP: mealie-users
OIDC_ADMIN_GROUP: mealie-admins
OIDC_AUTO_REDIRECT: true # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
OIDC_REMEMBER_ME: true
labels:
homepage.container: mealie
homepage.description: Recipe server
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mealie
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true
volumes:
mealie-data:

37
__swarm/mealie/stack.env Executable file
View File

@@ -0,0 +1,37 @@
###############################################################################
# Paperless-ngx settings #
###############################################################################
# See http://docs.paperless-ngx.com/configuration/ for all available options.
# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
#USERMAP_UID=1000
#USERMAP_GID=1000
# See the documentation linked above for all options. A few commonly adjusted settings
# are provided below.
# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
#PAPERLESS_URL=https://paperless.example.com
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me
# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
#PAPERLESS_TIME_ZONE=America/Los_Angeles
# The default language to use for OCR. Set this to the language most of your
# documents are written in.
#PAPERLESS_OCR_LANGUAGE=eng
# Additional languages to install for text recognition, separated by a whitespace.
# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
# the language used for OCR.
# The container installs English, German, Italian, Spanish and French by default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces

12
__swarm/mediacenter/.env Executable file
View File

@@ -0,0 +1,12 @@
APPNAME=mediacenter
DOCKER_REGISTRY=r.sectorq.eu/library/
LOGGING=syslog
JELLYSEER_TOKEN=MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg==
JELLYFIN_TOKEN=0b0247d8030b46a0afe71be194311521
JACKET_TOKEN=l4c1j4yd33Du5lo
BAZARR_TOKEN=be4265d373929be3672ac813154baf6a
LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
QBIT_TOKEN=l4c1j4yd33Du5lo
RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
HW_MODE=cpu

326
__swarm/mediacenter/docker-compose.yml Executable file
View File

@@ -0,0 +1,326 @@
networks:
duplicati:
driver: bridge
mediarr:
driver: bridge
services:
bazarr:
container_name: bazarr
depends_on:
- sonarr
- radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: bazarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bazarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://bazarr.sectorq.eu
homepage.icon: bazarr.png
homepage.name: bazarr
homepage.server: my-docker
homepage.weight: '90'
homepage.widget.key: ${BAZARR_TOKEN}
homepage.widget.type: bazarr
homepage.widget.url: https://bazarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 6767:6767
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bazarr/config:/config
- /media/m-server/movies:/movies/m-server
- /media/m-server/shows:/tv/m-server
- /media/nas/movies:/movies/nas
- /media/nas/shows:/tv/nas
flaresolverr:
container_name: flaresolverr
environment:
- LOG_LEVEL=info
- TZ=Europe/Bratislava
hostname: flaresolverr
image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8191:8191
restart: ${RESTART:-unless-stopped}
homarr:
container_name: homarr
hostname: homarr
image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 7575:7575
restart: ${RESTART:-unless-stopped}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/homarr/configs:/app/data/configs
- /share/docker_data/homarr/icons:/app/public/icons
- /share/docker_data/homarr/data:/data
jackett:
container_name: jackett
dns:
- 192.168.77.101
depends_on:
- sonarr
- radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- AUTO_UPDATE=true
- RUN_OPTS=
hostname: jackett
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jackett
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jackett.sectorq.eu
homepage.icon: jackett.png
homepage.name: Jackett
homepage.server: my-docker
homepage.weight: '80'
homepage.widget.password: ${JACKET_TOKEN}
homepage.widget.type: jackett
homepage.widget.url: https://jackett.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 9117:9117
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jackett/config:/config
- /share/docker_data/jackett/downloads:/downloads
jellyfin:
container_name: jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu
extends:
file: hwaccel.yml
service: ${HW_MODE:-cpu}
hostname: jellyfin
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jellyfin
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jf.sectorq.eu
homepage.icon: jellyfin.png
homepage.name: Jellyfin
homepage.server: my-docker
homepage.weight: '10'
homepage.widget.key: ${JELLYFIN_TOKEN}
homepage.widget.type: jellyfin
homepage.widget.url: https://jf.sectorq.eu
wud.watch: true
wud.watch.digest: true
network_mode: host
ports:
- 8096:8096
- 8920:8920
- 7359:7359/udp
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyfin:/config
- /media/m-server/movies:/data/movies/m-server
- /media/m-server/music:/data/music/m-server
- /media/m-server/shows:/data/shows/m-server
- /media/nas/movies:/data/movies/nas
- /media/nas/music:/data/music/nas
- /media/nas/shows:/data/shows/nas
- /media/nas/xxx:/data/xxx/nas
jellyseerr:
container_name: jellyseerr
environment:
- LOG_LEVEL=debug
- TZ=Europe/Bratislava
hostname: jellyseerr
image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
labels:
com.centurylinklabs.watchtower.enabl: 'true'
homepage.container: jellyseerr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://js.sectorq.eu
homepage.icon: jellyseerr.png
homepage.name: Jellyseerr
homepage.server: my-docker
homepage.weight: '20'
homepage.widget.key: ${JELLYSEER_TOKEN}
homepage.widget.type: jellyseerr
homepage.widget.url: https://js.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 5055:5055
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyseerr/config:/app/config
lidarr:
container_name: lidarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: lidarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: lidarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://lidarr.sectorq.eu
homepage.icon: lidarr.png
homepage.name: Lidarr
homepage.server: my-docker
homepage.weight: '60'
homepage.widget.key: ${LIDARR_TOKEN}
homepage.widget.type: lidarr
homepage.widget.url: https://lidarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8686:8686
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/lidarr/config:/config
- /media/m-server/music:/music
- /media/m-server/downloads:/downloads
qbittorrent:
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
- WEBUI_PORT=8085
- FILE__PASSWORD=/run/secrets/mysecretpassword
hostname: qbittorrent
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: qbittorrent
homepage.description: Subtitles
homepage.group: Utilities
homepage.href: https://qbit.sectorq.eu
homepage.icon: qbittorrent.png
homepage.name: Qbittorrent
homepage.server: my-docker
homepage.weight: '95'
homepage.widget.enableLeechProgress: 'true'
homepage.widget.password: ${QBIT_TOKEN}
homepage.widget.type: qbittorrent
homepage.widget.url: https://qbit.sectorq.eu
homepage.widget.username: admin
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8085:8085
- 6881:6881
- 6881:6881/udp
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/qbittorrent/config:/config
- /media/m-server/downloads:/downloads
radarr:
container_name: radarr
dns:
- 192.168.77.101
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: radarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: radarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://radarr.sectorq.eu
homepage.icon: radarr.png
homepage.name: Radarr
homepage.server: my-docker
homepage.weight: '20'
homepage.widget.key: ${RADARR_TOKEN}
homepage.widget.type: radarr
homepage.widget.url: https://radarr.sectorq.eu
wud.display.icon: mdi:radarr
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 7878:7878
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/radarr/config:/config
- /media/m-server/movies/:/movies-m-server
- /media/nas/movies/:/movies-nas
- /media/m-server/downloads:/downloads
sonarr:
container_name: sonarr
dns:
- 192.168.77.101
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Bratislava
hostname: sonarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: sonarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://sonarr.sectorq.eu
homepage.icon: sonarr.png
homepage.name: Sonarr
homepage.server: my-docker
homepage.weight: '30'
homepage.widget.key: ${SONARR_TOKEN}
homepage.widget.type: sonarr
homepage.widget.url: https://sonarr.sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- mediarr
ports:
- 8989:8989
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/sonarr/config:/config
- /media/m-server/shows:/tv-m-server
- /media/nas/shows:/tv-nas
- /media/m-server/downloads:/downloads

8
__swarm/mediacenter/hwaccel.yml Executable file
View File

@@ -0,0 +1,8 @@
---
services:
cpu: {}
hw:
devices:
- /dev/dri/renderD128
- /dev/dri/card1

2
__swarm/mosquitto/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=mosquitto
DOCKER_REGISTRY=r.sectorq.eu/library/

15
__swarm/mosquitto/docker-compose.yml Executable file
View File

@@ -0,0 +1,15 @@
name: mosquitto
services:
mosquitto:
image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
mem_limit: 1g
network_mode: host
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mosquitto/conf:/mosquitto/config
- /share/docker_data/mosquitto/data:/mosquitto/data
- /share/docker_data/mosquitto/log:/mosquitto/log

3
__swarm/motioneye/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=motioneye
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

28
__swarm/motioneye/docker-compose.yml Executable file
View File

@@ -0,0 +1,28 @@
services:
motioneye:
container_name: motioneye
dns:
- 192.168.77.101
environment:
- TZ=Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: motioneye
homepage.description: Video manager
homepage.group: Media
homepage.href: http://m-server.home.lan:8765/
homepage.icon: /images/motioneye.webp
homepage.name: MotionEye
homepage.server: my-docker
homepage.weight: '1'
wud.watch: true
wud.watch.digest: true
ports:
- 8081:8081
- 8765:8765
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/motioneye/etc_motioneye:/etc/motioneye
- /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye

2
__swarm/n8n/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=n8n
DOCKER_REGISTRY=r.sectorq.eu/library/

33
__swarm/n8n/docker-compose.yml Executable file
View File

@@ -0,0 +1,33 @@
version: "3"
services:
n8n:
image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
container_name: n8n
ports:
- "5679:5678"
environment:
- N8N_HOST=n8n.sectorq.eu
- N8N_PORT=5678
- N8N_PROTOCOL=https
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=sth
- N8N_BASIC_AUTH_PASSWORD=pwd
- N8N_RUNNERS_ENABLED=true
- N8N_RUNNERS_MODE=internal
- N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
- N8N_SECURE_COOKIE=false
- WEBHOOK_URL=https://n8n.sectorq.eu
volumes:
- /share/docker_data/n8n/n8n-data:/home/node/.n8n
restart: ${RESTART:-unless-stopped}
stop_grace_period: 60s
labels:
homepage.container: n8n
homepage.description: Workflow management
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: /icons/n8n.svg
homepage.name: n8n
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true

2
__swarm/nebula/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=nebula
PASSWORD=l4c1j4yd33Du5lo

17
__swarm/nebula/docker-compose copy.yml Executable file
View File

@@ -0,0 +1,17 @@
services:
nebula-sync:
image: ghcr.io/lovelaze/nebula-sync:latest
container_name: nebula-sync
environment:
- PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
- REPLICAS=http://192.168.77.238:9380|l4c1j4yd33Du5lo,http://192.168.77.106:9380|l4c1j4yd33Du5lo
- CLIENT_SKIP_TLS_VERIFICATION=true
- FULL_SYNC=true
- RUN_GRAVITY=true
- CRON=0 * * * *
labels:
wud.watch: true
wud.watch.digest: true
restart: always

11
__swarm/nebula/docker-compose.yml Executable file
View File

@@ -0,0 +1,11 @@
services:
nebula-sync:
image: ghcr.io/lovelaze/nebula-sync:latest
environment:
- PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
- REPLICAS=http://192.168.77.106:9380|l4c1j4yd33Du5lo
- CLIENT_SKIP_TLS_VERIFICATION=true
- FULL_SYNC=true
- RUN_GRAVITY=true
- CRON=0 * * * *

2
__swarm/nextcloud/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=nextcloud
#RESTART=always

94
__swarm/nextcloud/docker-compose.yml Executable file
View File

@@ -0,0 +1,94 @@
networks:
nextcloud_network:
ipam:
config:
- subnet: 192.168.80.0/28
driver: default
pihole_pihole:
external: true
services:
app:
depends_on:
- db
dns:
- 192.168.78.254
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}nextcloud:latest
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
-y smbclient;chown -R www-data:www-data /var/www/html
homepage.container: nextcloud-app-1
homepage.description: Cloud server
homepage.group: Infrastructure
homepage.href: https://nc.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Nextcloud
homepage.server: my-docker
homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://nc.sectorq.eu
homepage.widget.username: jaydee
wud.watch: true
wud.watch.digest: true
links:
- db
networks:
- nextcloud_network
- pihole_pihole
ports:
- 8134:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/app:/var/www/html
- /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation
- /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
- /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
- /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
- /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting
db:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
--skip-innodb-read-only-compressed
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
networks:
- nextcloud_network
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: true
wud.watch.digest: true
networks:
- nextcloud_network
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/nextcloud/redis:/data
appapi-harp:
environment:
- HP_SHARED_KEY=l4c1j4yd33Du5lo
- NC_INSTANCE_URL=https://nc.sectorq.eu
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/nextcloud/certs:/certs
container_name: appapi-harp
hostname: appapi-harp
restart: unless-stopped
ports:
- 8780:8780
- 8782:8782
image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
networks:
- nextcloud_network
labels:
wud.watch: true
wud.watch.digest: true

10
__swarm/nextcloud/stack.env Executable file
View File

@@ -0,0 +1,10 @@
TZ=Europe/Bratislava
MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
MYSQL_PASSWORD=l4c1j4yd33Du5lo
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_HOST=db
REDIS_HOST=redis
PHP_MEMORY_LIMIT=1024M
PHP_UPLOAD_LIMIT=1024M
NEXTCLOUD_MEMORY_LIMIT=1024M

1
__swarm/nginx/.env Executable file
View File

@@ -0,0 +1 @@
APPNAME=nginx

40
__swarm/nginx/docker-compose.yml Executable file
View File

@@ -0,0 +1,40 @@
networks:
pihole_pihole:
external: true
services:
app:
dns:
- 192.168.78.254
healthcheck:
interval: 10s
test:
- CMD
- /usr/bin/check-health
timeout: 3s
image: jc21/nginx-proxy-manager:latest
labels:
homepage.container: nginx-app-1
homepage.description: Reverse Proxy
homepage.group: Infrastructure
homepage.href: http://active.home.lan:81
homepage.icon: nginx-proxy-manager.png
homepage.name: Nginx
homepage.server: my-docker
homepage.weight: '25'
homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
homepage.widget.type: npm
homepage.widget.url: http://active.home.lan:81
homepage.widget.username: monitoring@sectorq.eu
wud.watch: true
wud.watch.digest: true
networks:
- pihole_pihole
ports:
- 8099:80
- 4439:443
- 81:81
restart: unless-stopped
volumes:
- /share/docker_data/nginx/data:/data
- /share/docker_data/nginx/letsencrypt:/etc/letsencrypt
version: '3.8'

2
__swarm/node-red/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=node-red
DOCKER_REGISTRY=r.sectorq.eu/library/

28
__swarm/node-red/docker-compose.yml Executable file
View File

@@ -0,0 +1,28 @@
networks:
node-red-net: null
services:
node-red:
dns:
- 192.168.77.101
environment:
- TZ=Europe/Bratislava
image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
homepage.container: node-red-node-red-1
homepage.description: Node red
homepage.group: Infrastructure
homepage.href: http://active.home.lan:1880
homepage.icon: node-red.png
homepage.name: Node-red
homepage.server: my-docker
mem_limit: 1g
networks:
- node-red-net
ports:
- 1880:1880
restart: always
volumes:
- /share/docker_data/node-red:/data

56
__swarm/octoprint/docker-compose.yml Executable file
View File

@@ -0,0 +1,56 @@
services:
octoprint1:
container_name: octoprint1
devices:
- /dev/ttyUSB0:/dev/ttyUSB0
- /dev/video0:/dev/video0
- /dev/video1:/dev/video1
environment:
- ENABLE_MJPG_STREAMER=true
image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: octoprint1
homepage.description: 3D Printing
homepage.group: Utilities
homepage.href: http://m-server.home.lan:85/
homepage.icon: octoprint.png
homepage.name: Octoprint1
homepage.server: my-docker
homepage.weight: '98'
homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]'
homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk
homepage.widget.type: octoprint
homepage.widget.url: http://m-server.home.lan:85/
wud.watch: true
wud.watch.digest: true
ports:
- 85:80
volumes:
- /share/docker_data/octoprint1:/octoprint
octoprint2:
container_name: octoprint2
environment:
- ENABLE_MJPG_STREAMER=true
image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: octoprint2
homepage.description: 3D Printing
homepage.group: Utilities
homepage.href: http://m-server.home.lan:86/
homepage.icon: octoprint.png
homepage.name: Octoprint2
homepage.server: my-docker
homepage.weight: '99'
homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]'
homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk
homepage.widget.type: octoprint
homepage.widget.url: http://m-server.home.lan:86/
wud.watch: true
wud.watch.digest: true
ports:
- 86:80
volumes:
- /share/docker_data/octoprint2:/octoprint
- /dev:/dev

3
__swarm/ollama/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=nextcloud
RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/

19
__swarm/ollama/docker-compose.yml Executable file
View File

@@ -0,0 +1,19 @@
services:
ollama:
image: ${DOCKER_REGISTRY:-}ollama/ollama:rocm
container_name: ollama
restart: ${RESTART:-unless-stopped}
devices:
- "/dev/kfd"
- "/dev/dri"
volumes:
- ollama_models:/root/.ollama
environment:
- HSA_OVERRIDE_GFX_VERSION=11.0.0
ports:
- "11434:11434"
dns:
- "8.8.8.8"
volumes:
ollama_models:

3
__swarm/onlyoffice/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=onlyoffice
RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/

85
__swarm/onlyoffice/docker-compose.yml Executable file
View File

@@ -0,0 +1,85 @@
services:
onlyoffice-documentserver:
build:
context: .
image: onlyoffice/documentserver #[-de,-ee]
container_name: onlyoffice-documentserver
depends_on:
- onlyoffice-postgresql
- onlyoffice-rabbitmq
environment:
- DB_TYPE=postgres
- DB_HOST=onlyoffice-postgresql
- DB_PORT=5432
- DB_NAME=onlyoffice
- DB_USER=onlyoffice
- AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
# Uncomment strings below to enable the JSON Web Token validation.
#- JWT_ENABLED=true
#- JWT_SECRET=secret
#- JWT_HEADER=Authorization
#- JWT_IN_BODY=true
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: true
wud.watch.digest: true
homepage.container: onlyoffice-documentserver
homepage.description: OnlyOffice Document Server
homepage.group: Infrastructure
homepage.href: http://active.home.lan:8280/example
homepage.icon: onlyoffice.png
homepage.name: OnlyOffice Document Server
homepage.server: my-docker
ports:
- '8280:80'
- '22443:443'
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
interval: 30s
retries: 5
start_period: 60s
timeout: 10s
stdin_open: true
restart: always
stop_grace_period: 60s
volumes:
- /var/www/onlyoffice/Data
- /var/log/onlyoffice
- /var/lib/onlyoffice/documentserver/App_Data/cache/files
- /var/www/onlyoffice/documentserver-example/public/files
- /usr/share/fonts
onlyoffice-rabbitmq:
container_name: onlyoffice-rabbitmq
image: rabbitmq:3
restart: always
expose:
- '5672'
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "status"]
interval: 10s
retries: 3
start_period: 10s
timeout: 10s
onlyoffice-postgresql:
container_name: onlyoffice-postgresql
image: postgres:15
environment:
- POSTGRES_DB=onlyoffice
- POSTGRES_USER=onlyoffice
- POSTGRES_HOST_AUTH_METHOD=trust
restart: always
expose:
- '5432'
volumes:
- postgresql_data:/var/lib/postgresql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
interval: 10s
retries: 3
start_period: 10s
timeout: 10s
volumes:
postgresql_data:

26
__swarm/openldap/docker-compose.yml Executable file
View File

@@ -0,0 +1,26 @@
services:
openldap:
environment:
- LDAP_SKIP_DEFAULT_TREE=yes
- LDAP_ROOT=dc=sectorq,dc=eu
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD
- LDAP_USERS=test
- LDAP_PASSWORDS=q
- LDAP_GROUP=group
- LDAP_USER_DC=people
- LDAP_CONFIG_ADMIN_ENABLED=yes
- LDAP_CONFIG_ADMIN_USERNAME=admin
- LDAP_CONFIG_ADMIN_PASSWORD=$LDAP_CONFIG_ADMIN_PASSWORD
image: bitnami/openldap:latest
labels:
wud.watch: true
wud.watch.digest: true
ports:
- 1389:1389
- 1636:1636
volumes:
- /share/docker_data/openldap/data:/bitnami/openldap
- /share/docker_data/openldap/ldifs:/ldifs
- /share/docker_data/openldap/custom:/custom
version: '2'

3
__swarm/paperless-ngx/.env Executable file
View File

@@ -0,0 +1,3 @@
RESTART=always
DOCKER_REGISTRY=r.sectorq.eu/library/
APPNAME=paperless-ngx

53
__swarm/paperless-ngx/docker-compose.yml Executable file
View File

@@ -0,0 +1,53 @@
services:
broker:
image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
restart: unless-stopped
volumes:
- /share/docker_data/paperless/redisdata:/data
webserver:
image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- broker
ports:
- "8001:8000"
volumes:
- /share/docker_data/paperless/data:/usr/src/paperless/data
- /share/docker_data/paperless/media:/usr/src/paperless/media
- /share/docker_data/paperless/export:/usr/src/paperless/export
- /share/docker_data/paperless/consume:/usr/src/paperless/consume
- /share/docker_data/paperless/scripts:/opt/scripts
env_file: stack.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
PAPERLESS_URL: https://paperless.sectorq.eu
PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
{
"openid_connect": {
"APPS": [
{
"provider_id": "authentik",
"name": "Authentik",
"client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
"secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
"settings": {
"server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
}
}
],
"OAUTH_PKCE_ENABLED": "True"
}
}
labels:
homepage.container: paperless-ngx_webserver
homepage.description: PDF server
homepage.group: Utils
homepage.href: https://paperless.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Paperless
homepage.server: my-docker
wud.watch: "true"
wud.watch.digest: "true"

37
__swarm/paperless-ngx/stack.env Executable file
View File

@@ -0,0 +1,37 @@
###############################################################################
# Paperless-ngx settings #
###############################################################################
# See http://docs.paperless-ngx.com/configuration/ for all available options.
# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
#USERMAP_UID=1000
#USERMAP_GID=1000
# See the documentation linked above for all options. A few commonly adjusted settings
# are provided below.
# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
#PAPERLESS_URL=https://paperless.example.com
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me
# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
#PAPERLESS_TIME_ZONE=America/Los_Angeles
# The default language to use for OCR. Set this to the language most of your
# documents are written in.
#PAPERLESS_OCR_LANGUAGE=eng
# Additional languages to install for text recognition, separated by a whitespace.
# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
# the language used for OCR.
# The container installs English, German, Italian, Spanish and French by default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces

2
__swarm/pihole/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=pihole
PASSWORD=l4c1j4yd33Du5lo

63
__swarm/pihole/docker-compose.yml Executable file
View File

@@ -0,0 +1,63 @@
networks:
pihole:
driver: bridge
ipam:
config:
- subnet: 192.168.78.0/24
driver: default
services:
# orbital-sync:
# environment:
# INTERVAL_MINUTES: 60
# PRIMARY_HOST_BASE_URL: http://192.168.77.101:9380
# PRIMARY_HOST_PASSWORD: l4c1j4yd33Du5lo
# SECONDARY_HOST_1_BASE_URL: http://192.168.77.106:9380
# SECONDARY_HOST_1_PASSWORD: ${PASSWORD}
# # SECONDARY_HOST_1_PATH: /admin
# SECONDARY_HOST_2_BASE_URL: http://192.168.77.238:9380
# SECONDARY_HOST_2_PASSWORD: ${PASSWORD}
# image: mattwebbio/orbital-sync:1
# labels:
# wud.watch: true
# wud.watch.digest: true
pihole:
cap_add:
- NET_ADMIN
- SYS_TIME
- SYS_NICE
container_name: pihole
environment:
FTLCONF_dns_listeningMode: all
FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4
FTLCONF_webserver_api_password: ${PASSWORD}
TZ: Europe/Bratislava
hostname: m-server
image: pihole/pihole:latest
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: pihole
homepage.description: Add blocker
homepage.group: Infrastructure
homepage.href: https://active.home.lan:9343/admin
homepage.icon: /images/pihole.png
homepage.name: Pihole
homepage.server: my-docker
homepage.weight: '1'
homepage.widget.key: ${PASSWORD}
homepage.widget.type: pihole
homepage.widget.url: https://active.home.lan:9343
homepage.widget.version: '6'
wud.watch: true
wud.watch.digest: true
networks:
pihole:
ipv4_address: 192.168.78.254
ports:
- 53:53/tcp
- 53:53/udp
- 9380:80/tcp
- 9343:443/tcp
restart: always
volumes:
- /share/docker_data/pihole/etc-pihole:/etc/pihole
- /share/docker_data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d

33
__swarm/portainer/docker-compose.yml Executable file
View File

@@ -0,0 +1,33 @@
services:
portainer:
container_name: portainer
environment:
- DOCKER_CONFIG=/data/docker_config/
image: portainer/portainer-ee:lts
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: portainer
homepage.description: Docker container manager
homepage.group: Infrastructure
homepage.href: https://portainer.sectorq.eu
homepage.icon: portainer.png
homepage.name: Portainer
homepage.server: my-docker
homepage.weight: '10'
homepage.widget.env: '25'
homepage.widget.key: ptr_gfwpbP4AUDhZ4uoPmSfNUGqZq+gescoele8reP/l/GU
homepage.widget.type: portainer
homepage.widget.url: https://portainer.sectorq.eu
wud.watch: true
wud.watch.digest: true
logging:
driver: loki
options:
loki-url: http://192.168.77.101:3100/loki/api/v1/push
ports:
- 9009:9000
restart: always
volumes:
- /etc/localtime:/etc/localtime
- /share/docker_data/portainer/portainer-data/:/data
- /var/run/docker.sock:/var/run/docker.sock

2
__swarm/rancher/.env Executable file
View File

@@ -0,0 +1,2 @@
APPNAME=rancher
DOCKER_REGISTRY=r.sectorq.eu/library/

15
__swarm/rancher/docker-compose.yml Executable file
View File

@@ -0,0 +1,15 @@
name: rancher
services:
rancher:
command: --acme-domain rancher.sectorq.eu
image: ${DOCKER_REGISTRY:-}rancher/rancher:latest
labels:
wud.watch: true
wud.watch.digest: true
ports:
- 7080:80
- 7443:443
privileged: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/rancher:/var/lib/rancher

0
__swarm/registry/.env Executable file
View File

23
__swarm/registry/docker-compose.yml Executable file
View File

@@ -0,0 +1,23 @@
name: registry
services:
registry:
container_name: registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
image: registry:2
labels:
wud.watch: false
wud.watch.digest: false
logging:
driver: loki
options:
loki-url: http://192.168.77.101:3100/loki/api/v1/push
ports:
- 5000:5000
restart: always
volumes:
- /share/docker_data/registry/auth:/auth
- /share/docker_registry/data:/var/lib/registry

3
__swarm/regsync/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME: regsync
DOCKER_REGISTRY: r.sectorq.eu/library/
RESTART: always

20
__swarm/regsync/docker-compose.yml Executable file
View File

@@ -0,0 +1,20 @@
name: regsync
services:
regsync:
command: -c /home/appuser/regsync.yml server
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest
labels:
wud.watch: true
wud.watch.digest: true
logging:
driver: loki
options:
loki-url: http://192.168.77.101:3100/loki/api/v1/push
network_mode: host
restart: ${RESTART:-unless-stopped}
stdin_open: true
volumes:
- /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml
- /etc/localtime:/etc/localtime

6
__swarm/regsync/stack.env Executable file
View File

@@ -0,0 +1,6 @@
# HUB_USER=jaydee77
# HUB_PASS=dckr_pat_WUfjkuEEYYEFDI95myphANR7AUU
HUB_USER=sectorq
HUB_PASS=dckr_pat_7XN8zNgj8JRPq1mlS5IvMcxJDUA
LOCAL_USER=jaydee
LOCAL_PASS=l4c1j4yd33Du5lo

3
__swarm/semaphore/.env Executable file
View File

@@ -0,0 +1,3 @@
APPNAME=semaphore
DOCKER_REGISTRY=r.sectorq.eu/library/
RESTART=always

29
__swarm/semaphore/config.conf Executable file
View File

@@ -0,0 +1,29 @@
{
"mysql": {
"host": "db:3306",
"user": "semaphore_user",
"pass": "StrongPassw0rd",
"name": "semaphore_db"
},
"dialect": "mysql",
"tmp_path": "/tmp/semaphore",
"cookie_hash": "mWjb9iAV2NMjvwyeS02kZysD/mEAX3pSiKLFQnrT7Z0=",
"cookie_encryption": "nnNaB+gZtrjr1z5xPfsq58zGtwcvtIHVm4g5LUeOEEY=",
"access_key_encryption": "bdEQwjNhSqXOtdd5eLG/BMn7hpIVftaobmyCQDyyQNE=",
"oidc_providers": {
"authentik": {
"display_name": "Sign in with MySSO",
"color": "orange",
"icon": "login",
"provider_url": "https://auth.sectorq.eu/application/o/semaphore/",
"client_id": "qQ377Vp5RZ7kGsaYOvKVJE7gFGozip7vwwsD5Kgg",
"client_secret": "Tf5h54NnevOwo9QvlhOTAeo7xpsrQjrXYCqMLZwiAhQ6bthX9qydUNsrEMWVOTQ7uBfQw2piHmmYmm5uYSTLa4SGi8TkT03OvsMeAotwXo3me9gYMgIAMk464lVGA2XM",
"redirect_url": "https://semaphore.sectorq.eu/api/auth/oidc/authentik/redirect/",
"scopes": ["openid", "profile", "email"],
"username_claim": "preferred_username",
"name_claim": "preferred_username"
}
}
}

53
__swarm/semaphore/docker-compose.yml Executable file
View File

@@ -0,0 +1,53 @@
services:
app:
depends_on:
- db
dns:
- 192.168.77.101
- 192.168.77.1
environment:
SEMAPHORE_ACCESS_KEY_ENCRYPTION: MflCLIUF5bn6Lgkuwy4BoAdIFhoZ4Ief2oocXmuZSjs=
SEMAPHORE_ADMIN: administrator
SEMAPHORE_ADMIN_EMAIL: administrator@sectorq.eu
SEMAPHORE_ADMIN_NAME: administrator
SEMAPHORE_ADMIN_PASSWORD: $SEMAPHORE_ADMIN_PASSWORD
SEMAPHORE_DB: semaphore_db
SEMAPHORE_DB_HOST: db
SEMAPHORE_DB_PASS: StrongPassw0rd
SEMAPHORE_DB_PORT: 3306
SEMAPHORE_DB_USER: semaphore_user
SEMAPHORE_LDAP_ACTIVATED: 'no'
SEMAPHORE_LDAP_DN_BIND: cn=jaydee,ou=users,dc=sectorq,dc=eu
SEMAPHORE_LDAP_DN_SEARCH: dc=sectorq,dc=eu
SEMAPHORE_LDAP_HOST: 192.168.77.101
SEMAPHORE_LDAP_NEEDTLS: 'no'
SEMAPHORE_LDAP_PASSWORD: $LDAP_ADMIN_PASSWORD
SEMAPHORE_LDAP_PORT: '2389'
SEMAPHORE_LDAP_SEARCH_FILTER: (&(objectClass=inetOrgPerson)(uid=%s))
SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}semaphoreui/semaphore:latest
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
mem_limit: 1g
ports:
- 3002:3000
restart: ${RESTART:-unless-stopped}
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/semaphore/app/:/etc/semaphore/
db:
environment:
MYSQL_DATABASE: semaphore_db
MYSQL_PASSWORD: StrongPassw0rd
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
MYSQL_USER: semaphore_user
image: ${DOCKER_REGISTRY:-}mysql:8.0
labels:
wud.watch: true
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/semaphore/mysql/data:/var/lib/mysql

Some files were not shown because too many files have changed in this diff Show More