Compare commits

...

2 commits

Author SHA1 Message Date
3ce28b14b4
Fix problems (mailcow, typos, watchtower script)
Mailcow blocked login because "force_pw_update" was true
2024-11-09 02:32:41 +01:00
05e79ae90a
Fix issues (backup, watchtower, firewall)
Remove remote_docker backups
Add option to monitor with watchtower
Add teamspeak ports to firewall
2024-11-08 00:05:55 +01:00
24 changed files with 57 additions and 35 deletions

View file

@ -4,7 +4,8 @@ compose_file_main:
image: "{{ compose.image }}" image: "{{ compose.image }}"
restart: always restart: always
labels: labels:
com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}" com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default('') == 'update' }}"
com.centurylinklabs.watchtower.monitor-only: "{{ compose.watchtower | default('') == 'monitor' }}"
compose_file_env: compose_file_env:
services: services:

View file

@ -10,6 +10,7 @@ resource "mailcow_mailbox" "services" {
full_name = each.value.mail full_name = each.value.mail
local_part = each.value.mail local_part = each.value.mail
password = random_password.mailcow_service_passwords[each.key].result password = random_password.mailcow_service_passwords[each.key].result
force_pw_update = false
imap_access = false imap_access = false
pop3_access = false pop3_access = false
sogo_access = false sogo_access = false

View file

@ -7,7 +7,7 @@ NAME_env:
EXAMPLE: value EXAMPLE: value
NAME_compose: NAME_compose:
watchtower: true watchtower: update
image: image:
volumes: volumes:
- data:/data - data:/data

View file

@ -14,7 +14,7 @@ acme_dns_svc:
db: "{{ opentofu.postgresql_data.acme_dns.database }}" db: "{{ opentofu.postgresql_data.acme_dns.database }}"
acme_dns_compose: acme_dns_compose:
watchtower: true watchtower: update
monitoring: true monitoring: true
image: joohoi/acme-dns image: joohoi/acme-dns
volumes: volumes:

View file

@ -13,9 +13,9 @@ forgejo_svc:
forgejo_env: forgejo_env:
FORGEJO__database__DB_TYPE: postgres FORGEJO__database__DB_TYPE: postgres
FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
FORGEJO__database__NAME: "{{ opentofu.postgresql_service_roles.forgejo.database }}" FORGEJO__database__NAME: "{{ opentofu.postgresql_data.forgejo.database }}"
FORGEJO__database__USER: "{{ opentofu.postgresql_service_roles.forgejo.user }}" FORGEJO__database__USER: "{{ opentofu.postgresql_data.forgejo.user }}"
FORGEJO__database__PASSWD: "{{ opentofu.postgresql_service_roles.forgejo.pass }}" FORGEJO__database__PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}"
FORGEJO__database__SSL_MODE: verify-full FORGEJO__database__SSL_MODE: verify-full
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
@ -52,7 +52,7 @@ forgejo_env:
FORGEJO__mailer__ENABLED: true FORGEJO__mailer__ENABLED: true
FORGEJO__mailer__PROTOCOL: smtp+starttls FORGEJO__mailer__PROTOCOL: smtp+starttls
FORGEJO__mailer__SMTP_ADDR: "{{ mailer.host }}" FORGEJO__mailer__SMTP_ADDR: "{{ mailer.host }}"
FORGEJO__mailer__SMTP_PORT: "{{ mailer.post }}" FORGEJO__mailer__SMTP_PORT: "{{ mailer.port }}"
FORGEJO__mailer__FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>" FORGEJO__mailer__FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>"
FORGEJO__mailer__USER: "{{ opentofu.mailcow_data.forgejo.address }}" FORGEJO__mailer__USER: "{{ opentofu.mailcow_data.forgejo.address }}"
FORGEJO__mailer__PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}" FORGEJO__mailer__PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}"
@ -81,7 +81,7 @@ forgejo_env:
FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
forgejo_compose: forgejo_compose:
watchtower: true watchtower: update
image: codeberg.org/forgejo/forgejo:9 image: codeberg.org/forgejo/forgejo:9
volumes: volumes:
- data:/data - data:/data

View file

@ -5,7 +5,7 @@ forgejo_runner_env:
DOCKER_HOST: tcp://docker-in-docker:2375 DOCKER_HOST: tcp://docker-in-docker:2375
forgejo_runner_compose: forgejo_runner_compose:
watchtower: true watchtower: update
image: code.forgejo.org/forgejo/runner:3.3.0 image: code.forgejo.org/forgejo/runner:3.3.0
volumes: volumes:
- ./config.yml:/config/config.yml - ./config.yml:/config/config.yml

View file

@ -65,7 +65,7 @@ gatus_yml:
endpoints: "{{ gatus_endpoints_hosts | union(gatus_endpoints_services) | union(gatus_endpoints_other) }}" endpoints: "{{ gatus_endpoints_hosts | union(gatus_endpoints_services) | union(gatus_endpoints_other) }}"
gatus_compose: gatus_compose:
watchtower: true watchtower: update
image: twinproduction/gatus image: twinproduction/gatus
volumes: volumes:
- ./config.yaml:/config/config.yaml - ./config.yaml:/config/config.yaml

View file

@ -13,8 +13,8 @@ homebox_env:
HBOX_SWAGGER_SCHEMA: https HBOX_SWAGGER_SCHEMA: https
homebox_compose: homebox_compose:
watchtower: true watchtower: update
image: ghcr.io/hay-kot/homebox:latest-rootless image: ghcr.io/sysadminsmedia/homebox:latest-rootless
volumes: volumes:
- data:/data - data:/data
file: file:

View file

@ -30,7 +30,7 @@ immich_env:
REDIS_HOSTNAME: redis REDIS_HOSTNAME: redis
immich_compose: immich_compose:
watchtower: false watchtower: monitor
image: ghcr.io/immich-app/immich-server:release image: ghcr.io/immich-app/immich-server:release
volumes: volumes:
- upload:/usr/src/app/upload - upload:/usr/src/app/upload

View file

@ -62,7 +62,7 @@ influxdb_yml:
vault-token: "" vault-token: ""
influxdb_compose: influxdb_compose:
watchtower: false watchtower: monitor
image: influxdb:2.7 image: influxdb:2.7
volumes: volumes:
- ./influxdb.yml:/etc/influxdb2/config.yml - ./influxdb.yml:/etc/influxdb2/config.yml

View file

@ -10,7 +10,7 @@ jellyfin_env:
JELLYFIN_PublishedServerUrl: https://{{ svc.domain }} JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}
jellyfin_compose: jellyfin_compose:
watchtower: true watchtower: update
image: jellyfin/jellyfin image: jellyfin/jellyfin
volumes: volumes:
- config:/config - config:/config

View file

@ -34,5 +34,5 @@ linkwarden_env:
AUTHENTIK_CLIENT_SECRET: "{{ opentofu.authentik_data.linkwarden.client_secret }}" AUTHENTIK_CLIENT_SECRET: "{{ opentofu.authentik_data.linkwarden.client_secret }}"
linkwarden_compose: linkwarden_compose:
watchtower: true watchtower: update
image: ghcr.io/linkwarden/linkwarden:latest image: ghcr.io/linkwarden/linkwarden:latest

View file

@ -29,7 +29,7 @@ minio_env:
minio_compose: minio_compose:
watchtower: true watchtower: update
image: minio/minio image: minio/minio
volumes: volumes:
- data:/data - data:/data

View file

@ -39,7 +39,7 @@ ntfy_env:
NTFY_ENABLE_METRICS: true NTFY_ENABLE_METRICS: true
ntfy_compose: ntfy_compose:
watchtower: true watchtower: update
image: binwiederhier/ntfy image: binwiederhier/ntfy
volumes: volumes:
- cache:/var/cache/ntfy - cache:/var/cache/ntfy

View file

@ -26,5 +26,5 @@ shlink_env:
GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}" GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"
shlink_compose: shlink_compose:
watchtower: true watchtower: update
image: shlinkio/shlink image: shlinkio/shlink

View file

@ -98,7 +98,7 @@ synapse_yml:
notif_from: "matrix <{{ opentofu.mailcow_data.synapse.address }}>" notif_from: "matrix <{{ opentofu.mailcow_data.synapse.address }}>"
synapse_compose: synapse_compose:
watchtower: true watchtower: update
image: ghcr.io/element-hq/synapse:latest image: ghcr.io/element-hq/synapse:latest
volumes: volumes:
- ./config:/config - ./config:/config

View file

@ -35,7 +35,7 @@ tandoor_env:
SOCIAL_DEFAULT_GROUP: guest SOCIAL_DEFAULT_GROUP: guest
tandoor_compose: tandoor_compose:
watchtower: true watchtower: update
image: nginx:mainline-alpine image: nginx:mainline-alpine
volumes: volumes:
- nginx_config:/etc/nginx/conf.d:ro - nginx_config:/etc/nginx/conf.d:ro

View file

@ -36,7 +36,7 @@ teamspeak_fallback_yml:
name: X-Webhook-Token name: X-Webhook-Token
teamspeak_fallback_compose: teamspeak_fallback_compose:
watchtower: true watchtower: update
image: ghcr.io/thecatlady/webhook image: ghcr.io/thecatlady/webhook
volumes: volumes:
- ./config:/config:ro - ./config:/config:ro

View file

@ -20,5 +20,5 @@ umami_env:
CLIENT_IP_HEADER: X-Analytics-IP CLIENT_IP_HEADER: X-Analytics-IP
umami_compose: umami_compose:
watchtower: true watchtower: update
image: "{{ umami_docker_image }}" image: "{{ umami_docker_image }}"

View file

@ -48,7 +48,7 @@ vikunja_yml:
enabled: true enabled: true
vikunja_compose: vikunja_compose:
watchtower: true watchtower: update
image: vikunja/vikunja image: vikunja/vikunja
volumes: volumes:
- data:/app/vikunja/files - data:/app/vikunja/files

View file

@ -1,3 +1,3 @@
#!/usr/bin/env sh #!/usr/bin/env sh
docker compose run -e WATCHTOWER_RUN_ONCE=true -e WATCHTOWER_NOTIFICATIONS= watchtower docker compose run --rm -e WATCHTOWER_RUN_ONCE=true app

View file

@ -21,5 +21,5 @@ wiki_js_env:
DB_SSL: 1 DB_SSL: 1
wiki_js_compose: wiki_js_compose:
watchtower: true watchtower: update
image: requarks/wiki image: requarks/wiki

View file

@ -32,7 +32,7 @@ woodpecker_env:
WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full
woodpecker_compose: woodpecker_compose:
watchtower: true watchtower: update
image: woodpeckerci/woodpecker-server image: woodpeckerci/woodpecker-server
file: file:
services: services:

View file

@ -215,10 +215,10 @@ services = {
domain = "gallery.serguzim.me" domain = "gallery.serguzim.me"
}] }]
backup = [ backup = [
{ #{
name = "immich_upload" # name = "immich_upload"
type = "docker_remote" # type = "docker_remote"
}, #},
{ {
name = "immich_database" name = "immich_database"
type = "hook" type = "hook"
@ -265,10 +265,10 @@ services = {
name = "jellyfin_config" name = "jellyfin_config"
type = "docker" type = "docker"
}, },
{ #{
name = "jellyfin_media" # name = "jellyfin_media"
type = "docker_remote" # type = "docker_remote"
} #}
] ]
monitoring = { monitoring = {
url = "/health" url = "/health"
@ -552,6 +552,26 @@ services = {
monitoring = { monitoring = {
group = "7-support" group = "7-support"
} }
ports = [
{
description = "Teamspeak server"
port = 9987
protocol = "udp"
type = "firewall"
},
{
description = "Teamspeak filetransfer"
port = 30033
protocol = "tcp"
type = "firewall"
},
{
description = "Teamspeak serverquery"
port = 10011
protocol = "tcp"
type = "firewall"
}
]
auth = false auth = false
database = false database = false
s3 = false s3 = false