sporada/selfhosted-traefik
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Compare commits

base: sporada:master
Branches Tags
sporada:master
sporada:remote_setup
..
compare: sporada:remote_setup
Branches Tags
sporada:master
sporada:remote_setup

No commits in common. "master" and "remote_setup" have entirely different histories.
master ... remote_set

22 changed files with 252 additions and 850 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -12,7 +12,3 @@ loolwsd.xml
**/redis/
**/html/
**/volumes/
**/config/
# tar files
*.tar

47
firefly/docker-compose.yml
View File

@ -1,47 +0,0 @@
networks:
default:
name: traefik_default
external: true
services:
firefly-app:
image: fireflyiii/core:latest
restart: unless-stopped
container_name: firefly-app
networks:
- default
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.firefly.entrypoints=websecure"
- "traefik.http.routers.firefly.rule=Host(`firefly.${DOMAIN}`)"
- "traefik.http.routers.firefly.tls=true"
- "traefik.http.routers.firefly.tls.certresolver=myresolver"
# - "traefik.http.services.firefly.loadbalancer.server.port=3000"
volumes:
- ${FIREFLY_ROOT}/data:/var/www/html/storage/upload
env_file: live.env
# ports:
# - 80:8080
depends_on:
- firefly-db
firefly-db:
image: mariadb
container_name: firefly-db
restart: unless-stopped
networks:
- default
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- live.env
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_USER=${DB_USERNAME}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=${DB_DATABASE}
volumes:
- ${FIREFLY_ROOT}/db:/var/lib/mysql

316
firefly/live.env.tpl
View File

@ -1,316 +0,0 @@
# Custom variables
FIREFLY_ROOT=/home/compute/services/firefly
DOMAIN=domain.com
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
APP_ENV=local
# Set to true if you want to see debug information in error screens.
APP_DEBUG=false
# This should be your email address.
# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
SITE_OWNER=porada@posteo.de
# The encryption key for your sessions. Keep this very secure.
# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
APP_KEY=superSecretKeyWith32CharsChangeMe
# Firefly III will launch using this language (for new users and unauthenticated visitors)
# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
#
# If text is still in English, remember that not everything may have been translated.
DEFAULT_LANGUAGE=en_US
# The locale defines how numbers are formatted.
# by default this value is the same as whatever the language is.
DEFAULT_LOCALE=de_DE
# Change this value to your preferred time zone.
# Example: Europe/Amsterdam
# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Amsterdam
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=**
# The log channel defines where your log entries go to.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
# A cool option is 'papertrail' for cloud logging
# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
LOG_CHANNEL=stack
#
# Used when logging to papertrail:
#
PAPERTRAIL_HOST=
PAPERTRAIL_PORT=
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
APP_LOG_LEVEL=notice
# Audit log level.
# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
AUDIT_LOG_LEVEL=info
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=mysql
DB_HOST=firefly-db
DB_PORT=3306
DB_DATABASE=fireflydb
DB_USERNAME=fireflyuser
DB_PASSWORD=passwordChangeMe
# MySQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MYSQL_USE_SSL=false
MYSQL_SSL_VERIFY_SERVER_CERT=true
# You need to set at least of these options
MYSQL_SSL_CAPATH=/etc/ssl/certs/
MYSQL_SSL_CA=
MYSQL_SSL_CERT=
MYSQL_SSL_KEY=
MYSQL_SSL_CIPHER=
# PostgreSQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
PGSQL_SSL_MODE=prefer
PGSQL_SSL_ROOT_CERT=null
PGSQL_SSL_CERT=null
PGSQL_SSL_KEY=null
PGSQL_SSL_CRL_FILE=null
# If you're looking for performance improvements, you could install memcached or redis
CACHE_DRIVER=file
SESSION_DRIVER=file
# If you set either of the options above to 'redis', you might want to update these settings too
# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
# can be tcp, unix or http
REDIS_SCHEME=tcp
# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
REDIS_PATH=
# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
REDIS_PASSWORD=null
# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
REDIS_DB="0"
REDIS_CACHE_DB="1"
# Cookie settings. Should not be necessary to change these.
# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
# the value from a file instead of from an environment variable
# Setting samesite to "strict" may give you trouble logging in.
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
# If you want Firefly III to email you, update these settings
# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAIL_MAILER=log
MAIL_HOST=null
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# Other mail drivers:
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAILGUN_DOMAIN=
MAILGUN_SECRET=
# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
MAILGUN_ENDPOINT=api.mailgun.net
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MANDRILL_SECRET=
SPARKPOST_SECRET=
# Firefly III can send you the following messages.
SEND_REGISTRATION_MAIL=true
SEND_ERROR_MESSAGE=true
SEND_LOGIN_NEW_IP_WARNING=true
# These messages contain (sensitive) transaction information:
SEND_REPORT_JOURNALS=true
# Set this value to true if you want to set the location
# of certain things, like transactions. Since this involves an external service, it's optional
# and disabled by default.
ENABLE_EXTERNAL_MAP=false
# The map will default to this location:
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
#
# Firefly III authentication settings
#
#
# Firefly III supports a few authentication methods:
# - 'web' (default, uses built in DB)
# - 'ldap'
# - 'remote_user_guard' for Authelia etc
# Read more about these settings in the documentation.
# https://docs.firefly-iii.org/advanced-installation/authentication
AUTHENTICATION_GUARD=web
#
# Your LDAP server may speak a dialect. You can choose between 'OpenLDAP' and 'ActiveDirectory'
# Anything else defaults to 'ActiveDirectory'
#
LDAP_DIALECT=OpenLDAP
#
# LDAP connection settings:
#
LDAP_HOST=ldap.yourserver.com
LDAP_PORT=389
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false
LDAP_BASE_DN="o=something,dc=site,dc=com"
LDAP_USERNAME="uid=X,ou=,o=,dc=something,dc=com"
LDAP_PASSWORD=super_secret
LDAP_AUTH_FIELD=uid
#
# If you wish to only authenticate users from a specific group, use the base DN above.
#
# If you require extra/special filters please use the LDAP_EXTRA_FILTER with a valid DN.
#
# The extra filter will only be applied after the user is authenticated.
#
LDAP_EXTRA_FILTER=
#
# Remote user guard settings
#
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
#
# Extra authentication settings
#
CUSTOM_LOGOUT_URL=
# You can disable the X-Frame-Options header if it interferes with tools like
# Organizr. This is at your own risk. Applications running in frames run the risk
# of leaking information to their parent frame.
DISABLE_FRAME_HEADER=false
# You can disable the Content Security Policy header when you're using an ancient browser
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
# This is at your own risk.
DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
# You can set the following variables from a file by appending them with _FILE:
TRACKER_SITE_ID=
TRACKER_URL=
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
#
ALLOW_WEBHOOKS=false
#
# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
# 1. Set this token to any 32-character value (this is important!).
# 2. Use this token in the cron URL instead of a user's command line token.
#
# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
#
STATIC_CRON_TOKEN=
# You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times.
# Set each value to true to enable, or false to disable.
# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
# Won't significantly speed up things.
DKR_CHECK_SQLITE=true
# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
# and is up to date.
DKR_RUN_MIGRATION=true
# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
# with the latest fixes (outside of migrations!)
DKR_RUN_UPGRADE=true
# Verify database integrity. Includes all data checks and verifications.
# Disabling this makes Firefly III assume your DB is intact.
DKR_RUN_VERIFY=true
# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
DKR_RUN_REPORT=true
# Generate OAuth2 keys.
# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
# you had previously generated keys already and they're stored in your database for restoration.
DKR_RUN_PASSPORT_INSTALL=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
APP_NAME=FireflyIII
ADLDAP_CONNECTION=default
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
IPINFO_TOKEN=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
IS_HEROKU=false
FIREFLY_III_LAYOUT=v1
#
# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
# This configuration value WILL NOT HELP.
#
# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
#
# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
# So when configuring anything WEB related this variable doesn't do anything. Nothing
#
# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
#
APP_URL=http://localhost

8
gitea/docker-compose.yml
View File

@ -1,11 +1,13 @@
version: '3.5'
networks:
default:
name: traefik_default
external: true
external:
name: traefik_default
services:
gitea-db:
image: mariadb:10.11
image: mariadb:10
container_name: gitea-db
restart: unless-stopped
env_file: live.env

211
grocy/data/data/config.php
View File

@ -1,211 +0,0 @@
<?php
// Settings can also be overwritten in two ways:
//
// First priority:
// A .txt file with the same name as the setting in /data/settingoverrides
// the content of the file is used as the setting value
//
// Second priority:
// An environment variable with the same name as the setting and prefix "GROCY_"
// so for example "GROCY_BASE_URL"
//
// Third priority:
// The settings defined here below
// Either "production", "dev", "demo" or "prerelease"
// When not "production", authentication will be disabled and
// demo data will be populated during database migrations
Setting('MODE', 'production');
// The directory name of one of the available localization folders
// in the "/localization" directory (e.g. "en" or "de")
Setting('DEFAULT_LOCALE', 'de');
// This is used to define the first day of a week for calendar views,
// leave empty to use the locale default
// Needs to be a number where Sunday = 0, Monday = 1 and so forth
Setting('CALENDAR_FIRST_DAY_OF_WEEK', '');
// If calendars should show week numbers
Setting('CALENDAR_SHOW_WEEK_OF_YEAR', true);
// Set this if you want to have a different start day for the weekly meal plan view,
// leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
// Needs to be a number where Sunday = 0, Monday = 1 and so forth
Setting('MEAL_PLAN_FIRST_DAY_OF_WEEK', '');
// To keep it simple: grocy does not handle any currency conversions,
// this here is used to format all money values,
// so doesn't really matter, but needs to be the
// ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
Setting('CURRENCY', 'EUR');
// When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
// It needs to be set to the part (of the URL) AFTER the document root,
// if URL rewriting is disabled, including index.php
// Example with URL Rewriting support:
// Root URL = https://example.com/grocy
// => BASE_PATH = /grocy
// Example without URL Rewriting support:
// Root URL = https://example.com/grocy/public/index.php/
// => BASE_PATH = /grocy/public/index.php
Setting('BASE_PATH', '');
// The base URL of your installation,
// should be just "/" when running directly under the root of a (sub)domain
// or for example "https://example.com/grocy" when using a subdirectory
Setting('BASE_URL', '/');
// The plugin to use for external barcode lookups,
// must be the filename (folder /data/plugins) without the .php extension,
// see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
Setting('STOCK_BARCODE_LOOKUP_PLUGIN', 'DemoBarcodeLookupPlugin');
// If, however, your webserver does not support URL rewriting, set this to true
Setting('DISABLE_URL_REWRITING', false);
// Specify an custom homepage if desired, by default the homepage will be set to the stock overview page
// This needs to be one of the following values:
// stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
Setting('ENTRY_PAGE', 'stock');
// Set this to true if you want to disable authentication / the login screen,
// places where user context is needed will then use the default (first existing) user
Setting('DISABLE_AUTH', false);
// Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
// or any class that implements Grocy\Middleware\AuthMiddleware
Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
// Options when using ReverseProxyAuthMiddleware
Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER'); // The name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
Setting('REVERSE_PROXY_AUTH_USE_ENV', false); // Set to true if the username is passed as environment variable
// Options when using LdapAuthMiddleware
Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_PW', ''); // Password for the above account
Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
// Default permissions for new users
// the array needs to contain the technical/constant names
// See the file controllers/Users/User.php for possible values
Setting('DEFAULT_PERMISSIONS', ['ADMIN']);
// "1D" (=> Code128) or "2D" (=> DataMatrix)
Setting('GROCYCODE_TYPE', '1D');
// Label printer settings
Setting('LABEL_PRINTER_WEBHOOK', ''); // The URI that grocy will POST to when asked to print a label
Setting('LABEL_PRINTER_RUN_SERVER', true); // Whether the webhook will be called server- or client-side
Setting('LABEL_PRINTER_PARAMS', ['font_family' => 'Source Sans Pro (Regular)']); // Additional parameters supplied to the webhook
Setting('LABEL_PRINTER_HOOK_JSON', false); // TRUE to use JSON or FALSE to use normal POST request variables
// Thermal printer options
// Thermal printers are receipt printers, not regular printers,
// the printer must support the ESC/POS protocol, see https://github.com/mike42/escpos-php
Setting('TPRINTER_IS_NETWORK_PRINTER', false); // Set to true if it's a network printer
Setting('TPRINTER_PRINT_QUANTITY_NAME', true); // Set to false if you do not want to print the quantity names (related to the shopping list)
Setting('TPRINTER_PRINT_NOTES', true); // Set to false if you do not want to print notes (related to the shopping list)
Setting('TPRINTER_IP', '127.0.0.1'); // IP of the network printer (does only matter if it's a network printer)
Setting('TPRINTER_PORT', 9100); // Port of the network printer (does only matter if it's a network printer)
Setting('TPRINTER_CONNECTOR', '/dev/usb/lp0'); // Printer device (does only matter if you use a locally attached printer)
// For USB on Linux this is often '/dev/usb/lp0', for serial printers it could be similar to '/dev/ttyS0'
// Make sure that the user that runs the webserver has permissions to write to the printer - on Linux add your webserver user to the LP group with usermod -a -G lp www-data
// Feature flags
// Here you can disable the parts which you don't need to have a less cluttered UI
// (set the setting to "false" to disable the corresponding part, which should be self explanatory)
Setting('FEATURE_FLAG_STOCK', true);
Setting('FEATURE_FLAG_SHOPPINGLIST', true);
Setting('FEATURE_FLAG_RECIPES', true);
Setting('FEATURE_FLAG_CHORES', true);
Setting('FEATURE_FLAG_TASKS', true);
Setting('FEATURE_FLAG_BATTERIES', true);
Setting('FEATURE_FLAG_EQUIPMENT', true);
Setting('FEATURE_FLAG_CALENDAR', true);
Setting('FEATURE_FLAG_LABEL_PRINTER', false);
// Sub feature flags
Setting('FEATURE_FLAG_STOCK_PRICE_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_LOCATION_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_PRODUCT_FREEZING', true);
Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in due date fields on (supported) mobile browsers
Setting('FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS', true);
Setting('FEATURE_FLAG_CHORES_ASSIGNMENTS', true);
Setting('FEATURE_FLAG_THERMAL_PRINTER', false);
// Feature settings
Setting('FEATURE_FLAG_DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false); // Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automatically (if the device has one)
// Default user settings
// These settings can be changed per user, below here are the defaults
// which are used when the user has not changed the setting so far
// Night mode related
DefaultUserSetting('night_mode_enabled', false); // If night mode is enabled always
DefaultUserSetting('auto_night_mode_enabled', false); // If night mode is enabled automatically when inside a given time range (see the two settings below)
DefaultUserSetting('auto_night_mode_time_range_from', '20:00'); // Format HH:mm
DefaultUserSetting('auto_night_mode_time_range_to', '07:00'); // Format HH:mm
DefaultUserSetting('auto_night_mode_time_range_goes_over_midnight', true); // If the time range above goes over midnight
// Generic settings
DefaultUserSetting('auto_reload_on_db_change', false); // If the page should be automatically reloaded when there was an external change
DefaultUserSetting('show_clock_in_header', false); // Show a clock in the header next to the logo or not
DefaultUserSetting('keep_screen_on', false); // If the screen should always be kept on
DefaultUserSetting('keep_screen_on_when_fullscreen_card', false); // If the screen should be kept on when a "fullscreen-card" is displayed
// Stock settings
DefaultUserSetting('product_presets_location_id', -1); // Default location id for new products (-1 means no location is preset)
DefaultUserSetting('product_presets_product_group_id', -1); // Default product group id for new products (-1 means no product group is preset)
DefaultUserSetting('product_presets_qu_id', -1); // Default quantity unit id for new products (-1 means no quantity unit is preset)
DefaultUserSetting('product_presets_default_due_days', 0); // Default due days for new products (-1 means that the product will be never overdue)
DefaultUserSetting('product_presets_treat_opened_as_out_of_stock', true); // Default "Treat opened as out of stock" option for new products
DefaultUserSetting('stock_decimal_places_amounts', 4); // Default decimal places allowed for amounts
DefaultUserSetting('stock_decimal_places_prices', 2); // Default decimal places allowed for prices
DefaultUserSetting('stock_auto_decimal_separator_prices', false); // If the decimal separator should be set automatically for amount inputs
DefaultUserSetting('stock_due_soon_days', 5); // The "expiring soon" days
DefaultUserSetting('stock_default_purchase_amount', 0); // The default amount prefilled on the purchase page
DefaultUserSetting('stock_default_consume_amount', 1); // The default amount prefilled on the consume page
DefaultUserSetting('stock_default_consume_amount_use_quick_consume_amount', false); // If the products quick consume amount should be prefilled on the consume page
DefaultUserSetting('scan_mode_consume_enabled', false); // If scan mode on the consume page is enabled
DefaultUserSetting('scan_mode_purchase_enabled', false); // If scan mode on the purchase page is enabled
DefaultUserSetting('show_icon_on_stock_overview_page_when_product_is_on_shopping_list', true); // When enabled, an icon is shown on the stock overview page (next to the product name) when the prodcut is currently on a shopping list
DefaultUserSetting('show_purchased_date_on_purchase', false); // Whether the purchased date should be editable on purchase (defaults to today otherwise)
DefaultUserSetting('show_warning_on_purchase_when_due_date_is_earlier_than_next', true); // Show a warning on purchase when the due date of the purchased product is earlier than the next due date in stock
// Shopping list settings
DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default due days" set
DefaultUserSetting('shopping_list_show_calendar', false); // When enabled, a small (month view) calendar will be shown on the shopping list page
// Recipe settings
DefaultUserSetting('recipe_ingredients_group_by_product_group', false); // Group recipe ingredients by their product group
DefaultUserSetting('recipes_show_list_side_by_side', true); // If the recipe should be displayed next to recipe list on the recipes page
// Chores settings
DefaultUserSetting('chores_due_soon_days', 5); // The "due soon" days
// Batteries settings
DefaultUserSetting('batteries_due_soon_days', 5); // The "due soon" days
// Tasks settings
DefaultUserSetting('tasks_due_soon_days', 5); // The "due soon" days
// Component configuration for Quagga2 - read https://github.com/ericblade/quagga2#configobject for details
// Below is a generic good configuration,
// for an iPhone 7 Plus, halfsample = true, patchsize = small, frequency = 5 yields very good results
DefaultUserSetting('quagga2_numofworkers', 4);
DefaultUserSetting('quagga2_halfsample', false);
DefaultUserSetting('quagga2_patchsize', 'medium');
DefaultUserSetting('quagga2_frequency', 10);
DefaultUserSetting('quagga2_debug', true);

33
grocy/docker-compose.yml
View File

@ -1,33 +0,0 @@
networks:
default:
name: traefik_default
external: true
services:
grocy-frontend:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy-app
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ${GROCY_ROOT}/data:/config
environment:
- USER_UID=1000
- USER_GID=1000
- TZ=CET
env_file: live.env
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.grocy.entrypoints=websecure"
- "traefik.http.routers.grocy.rule=Host(`grocy.${DOMAIN}`)"
- "traefik.http.routers.grocy.tls=true"
- "traefik.http.routers.grocy.tls.certresolver=myresolver"
networks:
- default
ports:
- 9283:80

50
grocy/live.env.tpl
View File

@ -1,50 +0,0 @@
# Grocy Environment Variables
# These environment variables affect PHP and the grocy application
# For a full list of grocy settings, see config-dist.php in the main grocy repo:
#
# https://github.com/grocy/grocy/blob/master/config-dist.php
#
# Grocy application settings must be prefixed with 'GROCY_'.
#
# For example, if we'd like to configure grocy to use Euros (EUR):
#
# Setting('CURRENCY', 'USD');
#
# Then we would set GROCY_CURRENCY=EUR
## User-supplied Variables
# These are environment variables that may be supplied by the user
# No values are supplied for these as part of this distribution
# When you're ready to deploy grocy in production, set GROCY_MODE=production
# to enable user authentication
GROCY_MODE=production
## Distribution-supplied Variables
# These are 'sensible defaults' provided as part of the grocy-docker
# distribution.
# GROCY_CULTURE configures localization of the grocy application
# Supported locales: https://github.com/grocy/grocy/tree/master/localization
GROCY_CULTURE=de
GROCY_CURRENCY=EUR
GROCY_DEFAULT_LOCALE=de
# Grocy Mode
GROCY_MODE=production
# PHP Environment variables
MAX_UPLOAD=50M
PHP_MAX_FILE_UPLOAD=200
PHP_MAX_POST=100M
PHP_MEMORY_LIMIT=512M
#Custom Settings
GROCY_ROOT=/home/compute/services/grocy
DOMAIN=domain.com

183
nextcloud/collabora/loolwsd.xml.tpl Normal file
View File

@ -0,0 +1,183 @@
<config>
<!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
<!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
<allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
<sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
<server_name desc="External hostname:port of the server running loolwsd. If empty, it's derived from the request (please set it if this doesn't work). Must be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">collabora.domain.com</server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
<memproportion desc="The maximum percentage of system memory consumed by all of the Collabora Online Development Edition, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
<num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="1">1</num_prespawn_children>
<per_document desc="Document-specific settings, including LO Core settings.">
<max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
<batch_priority desc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones" type="uint" default="5">5</batch_priority>
<document_signing_url desc="The endpoint URL of signing server, if empty the document signing is disabled" type="string" default=""></document_signing_url>
<redlining_as_comments desc="If true show red-lines as comments" type="bool" default="false">false</redlining_as_comments>
<idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
<!-- Idle save and auto save are checked every 30 seconds -->
<!-- They are disabled when the value is zero or negative. -->
<idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Defaults to 30 seconds." type="int" default="30">30</idlesave_duration_secs>
<autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Defaults to 5 minutes." type="int" default="300">300</autosave_duration_secs>
<always_save_on_exit desc="On exiting the last editor, always perform the save, even if the document is not modified." type="bool" default="false">false</always_save_on_exit>
<limit_virt_mem_mb desc="The maximum virtual memory allowed to each document process. 0 for unlimited." type="uint">0</limit_virt_mem_mb>
<limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
<limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
<limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
<limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
<limit_convert_secs desc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited." type="uint" default="100">100</limit_convert_secs>
<cleanup desc="Checks for resource consuming (bad) documents and kills associated kit process. A document is considered resource consuming (bad) if is in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="false">
<cleanup_interval_ms desc="Interval between two checks" type="uint" default="10000">10000</cleanup_interval_ms>
<bad_behavior_period_secs desc="Minimum time period for a document to be in bad state before associated kit process is killed. If in this period the condition for bad document is not met once then this period is reset" type="uint" default="60">60</bad_behavior_period_secs>
<idle_time_secs desc="Minimum idle time for a document to be candidate for bad state" type="uint" default="300">300</idle_time_secs>
<limit_dirty_mem_mb desc="Minimum memory usage for a document to be candidate for bad state" type="uint" default="3072">3072</limit_dirty_mem_mb>
<limit_cpu_per desc="Minimum CPU usage for a document to be candidate for bad state" type="uint" default="85">85</limit_cpu_per>
</cleanup>
</per_document>
<per_view desc="View-specific settings.">
<out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 120 seconds." type="uint" default="120">120</out_of_focus_timeout_secs>
<idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
</per_view>
<loleaflet_html desc="Allows UI customization by replacing the single endpoint of loleaflet.html" type="string" default="loleaflet.html">loleaflet.html</loleaflet_html>
<logging>
<color type="bool">true</color>
<level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
<protocol type="bool" desc="Enable minimal client-site JS protocol logging from the start">false</protocol>
<!-- lokit_sal_log example: Log WebDAV-related messages, that is interesting for debugging Insert - Image operation: "+TIMESTAMP+INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
<lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
<file enable="false">
<!-- If you use other path than /var/log and you run loolwsd from systemd, make sure that you enable that path in loolwsd.service (ReadWritePaths). -->
<property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property>
<property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
<property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
<property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
<property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
</file>
<anonymize>
<anonymize_user_data type="bool" desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</anonymize_user_data>
<anonymization_salt type="uint" desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
</anonymize>
</logging>
<loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
<filter>
<message desc="Regex pattern of messages to exclude"></message>
</filter>
<outgoing>
<record desc="Whether or not to record outgoing messages" default="false">false</record>
</outgoing>
</trace>
<net desc="Network settings">
<!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, loolwsd unexpectedly listens on [::1] only.
You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
<listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow>
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
<connection_timeout_secs desc="Specifies the connection, send, recv timeout in seconds for connections initiated by loolwsd (such as WOPI connections)." type="int" default="30"></connection_timeout_secs>
</net>
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
<security desc="Altering these defaults potentially opens you to significant risk">
<seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
<capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
</security>
<watermark>
<opacity desc="Opacity of on-screen watermark from 0.0 to 1.0" type="double" default="0.2"></opacity>
<text desc="Watermark text to be displayed on the document if entered" type="string"></text>
</watermark>
<welcome>
<enable type="bool" desc="Controls whether the welcome screen should be shown to the users on new install and updates." default="true">true</enable>
<enable_button type="bool" desc="Controls whether the welcome screen should have an explanatory button instead of an X button to close the dialog." default="false">false</enable_button>
<path desc="Path to 'welcome-$lang.html' files served on first start or when the version changes. When empty, defaults to the Release notes." type="path" relative="true" default="loleaflet/welcome"></path>
</welcome>
<user_interface>
<mode type="string" desc="Controls the user interface style (classic|notebookbar)" default="classic">classic</mode>
</user_interface>
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\\.domain\\.com</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<reuse_cookies desc="When enabled, cookies from the browser will be captured and set on WOPI requests." type="bool" default="false">false</reuse_cookies>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
</wopi>
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
<host desc="Hostname to allow" allow="false">nextcloud.domain.com</host>
</webdav>
<ssl desc="SSL settings">
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
<enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and loolwsd. When empty this defaults to following the ssl.enable setting"></enable>
<cert_file_path desc="Path to the cert file" relative="false"></cert_file_path>
<key_file_path desc="Path to the key file" relative="false"></key_file_path>
<ca_file_path desc="Path to the ca file. If this is not empty, then SSL verification will be strict, otherwise cert of storage (WOPI-like host) will not be verified." relative="false"></ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overriden only if absolutely needed."></cipher_list>
</ssl>
</storage>
<tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>
<admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled.">username</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">test</password>
</admin_console>
<monitors desc="Addresses of servers we connect to on start for monitoring">
</monitors>
</config>

32
nextcloud/docker-compose.yml
View File

@ -1,12 +1,14 @@
version: '3.5'
networks:
default:
name: traefik_default
external: true
external:
name: traefik_default
services:
nextcloud-db:
env_file: live.env
image: mariadb:10.11
image: mariadb:10
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
labels:
@ -35,22 +37,20 @@ services:
- ${NEXTCLOUD_ROOT}/redis:/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
nextcloud-app:
depends_on:
- nextcloud-db
- nextcloud-redis
container_name: nextcloud-app
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
env_file: live.env
environment:
- NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
- NEXTCLOUD_DATA_DIR='${NEXTCLOUD_DATA_DIR}'
extra_hosts:
- "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
- "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
image: nextcloud:28
image: nextcloud:21
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
@ -78,19 +78,17 @@ services:
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
nextcloud-cron:
image: nextcloud:28
image: nextcloud:21
container_name: nextcloud-cron
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
entrypoint: /cron.sh
depends_on:
- nextcloud-db
@ -98,7 +96,7 @@ services:
- nextcloud-collabora
nextcloud-coturn:
image: coturn/coturn:4
image: instrumentisto/coturn
container_name: nextcloud-coturn
restart: unless-stopped
ports:
@ -116,7 +114,7 @@ services:
- --static-auth-secret=${COTURN_SECRET}
nextcloud-collabora:
image: collabora/code:23.05.9.1.1
image: collabora/code:6.4.2.2
container_name: nextcloud-collabora
env_file: live.env
extra_hosts:
@ -143,11 +141,11 @@ services:
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
- VIRTUAL_PROTO=https
- VIRTUAL_PORT=9980
- VIRTUAL_HOST=${COLLABORA_FQDN}
cap_add:
- MKNOD
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml

5
nextcloud/live.env.tpl
View File

@ -14,13 +14,14 @@ REDIS_HOST_PASSWORD=password_redis
NEXTCLOUD_ROOT=/home/compute/services/nextcloud
NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com
TRAEFIK_CONTAINER_IP=172.27.0.100
# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section
TRAEFIK_CONTAINER_IP=172.27.0.16
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=8G
# Collabora
COLLABORA_FQDN=collabora.domain.com
COLLABORA_DOMAIN=nextcloud_sub_domain\.domain\.com # This is the domain which the collabora server is requests accepting from.
COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from.
COLLABORA_USERNAME=username
COLLABORA_PASSWORD=password_collabora

1
nginx-rtmp/README.md Normal file
View File

@ -0,0 +1 @@
Not Traefik ready!

8
nginx-rtmp/docker-compose.yml Normal file
View File

@ -0,0 +1,8 @@
version: "3.7"
services:
streaming:
image: tiangolo/nginx-rtmp
container_name: nginx-rtmp
ports:
- "1935:1935"
restart: unless-stopped

5
osp/README.md
View File

@ -1,5 +0,0 @@
https://openstreamingplatform.com/
Open Streaming Platform (OSP) is an open-source, RTMP streamer software front-end for Arut's Nginx-RTMP Module. OSP was designed as a self-hosted alternative to services such as Twitch.tv, Ustream.tv, Mixer, and Youtube Live.
This service is based on an older software version beta6d and not on the current version 0.8.8 because an docker image ist not available for it right now.

70
osp/docker-compose.yml
View File

@ -1,70 +0,0 @@
networks:
default:
name: traefik_default
external: true
services:
osp-app:
depends_on:
- osp-db
- osp-redis
container_name: osp-app
entrypoint: ["/opt/osp/setup/docker/wait-for-it.sh", "osp-db:3306", "--strict", "-t", "60", "--", "/opt/osp/setup/docker/entrypoint.sh"]
env_file: live.env
environment:
- DB_URL=mysql+pymysql://${MYSQL_USER}:${MYSQL_PASSWORD}@${MYSQL_HOST}:3306/${MYSQL_DATABASE}
image: deamos/openstreamingplatform:latest
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.osp.entrypoints=websecure"
- "traefik.http.routers.osp.rule=Host(`osp.${DOMAIN}`)"
- "traefik.http.routers.osp.tls=true"
- "traefik.http.routers.osp.tls.certresolver=myresolver"
- "traefik.http.services.osp.loadbalancer.server.port=80"
# RTMP specific
- "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
- "traefik.tcp.routers.rtmpcast.rule=HostSNI(`osp.${DOMAIN}`)"
- "traefik.tcp.routers.rtmpcast.service=rtmpcast"
- "traefik.tcp.routers.rtmpcast.tls=true"
- "traefik.tcp.routers.rtmpcast.tls.certresolver=myresolver"
- "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
networks:
- default
restart: unless-stopped
volumes:
- ${OSP_ROOT}/data:/var/www
- ${OSP_ROOT}/data/nginx/conf:/usr/local/nginx/conf
osp-db:
image: mariadb:10
container_name: osp-db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: unless-stopped
env_file: live.env
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ${OSP_ROOT}/db:/var/lib/mysql
osp-redis:
image: redis:6-alpine
container_name: osp-redis
command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
restart: unless-stopped
volumes:
- ${OSP_ROOT}/redis:/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro

21
osp/live.env.tpl
View File

@ -1,21 +0,0 @@
# MariaDB settings
MYSQL_ROOT_PASSWORD=password_db_root
MYSQL_DATABASE=osp
MYSQL_USER=osp
MYSQL_PASSWORD=password_db
MYSQL_HOST=osp-db
# Redis
REDIS_HOST=osp-redis
REDIS_HOST_PASSWORD=password_redis
# osp
OSP_ROOT=/home/compute/services/osp
FLASK_SECRET=very_secret_key_change_me
FLASK_SALT=very_secret_salt_key_change_me
REDIS_PASSWORD=password_redis
OSP_ALLOWREGISTRATION=False
OSP_REQUIREVERIFICATION=False
# Traefik
DOMAIN=domain.com

54
traefik/docker-compose.yml
View File

@ -1,11 +1,12 @@
version: '3.5'
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.27.0.0/24
socket_proxy:
external:
name: socket_proxy
services:
# Only accept needed incoming docker API calls
@ -51,7 +52,7 @@ services:
# DELETE Options
- CONTAINERS_DELETE=1 # WatchTower
- IMAGES_DELETE=1 # WatchTower
image: tecnativa/docker-socket-proxy:latest
image: fluencelabs/docker-socket-proxy
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
@ -75,7 +76,7 @@ services:
WATCHTOWER_NO_STARTUP_MESSAGE: "false"
WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30
DOCKER_HOST: tcp://socket-proxy:2375
image: containrrr/watchtower:latest
image: containrrr/watchtower
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
@ -88,22 +89,21 @@ services:
- watchtower
# Always restart also at boot unless manually stopped
restart: unless-stopped
# The official v3 Traefik docker image
image: traefik:3.0
# The official v2 Traefik docker image
image: traefik:v2.3
networks:
default:
ipv4_address: 172.27.0.100
socket_proxy: null
- socket_proxy
- default
env_file: live.env
container_name: "traefik"
# Enables the web UI and tells Traefik to listen to docker
command:
# logging settings
# - "--log.filePath=/logs/traefik.log"
# - "--log.format=json"
- "--log.level=ERROR"
# Enable API and Dashboard access
# logging
- "--log.filePath=/logs/traefik.log"
- "--log.level=DEBUG"
# API and Dashboard
#- "--api.insecure=true"
- "--api=true"
- "--api=true"
- "--api.dashboard=true"
# Docker as provider
- "--providers.docker=true"
@ -117,7 +117,6 @@ services:
- "--entrypoints.ts-tcp.address=:30033"
# Use this CA server for testing
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# production Lets encrypt settings
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
@ -127,7 +126,7 @@ services:
labels:
# enable watchtower for traefik
- "com.centurylinklabs.watchtower.enable=true"
# Dashboard basic auth and routing
# Dashboard stuff
- "traefik.enable=true"
- "traefik.http.routers.traefik-https.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik-https.entrypoints=websecure"
@ -136,7 +135,7 @@ services:
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.tls.certresolver=myresolver"
- "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}"
# http to https redirect for all incoming http requests
# http to https redirect
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
@ -151,21 +150,10 @@ services:
#- "8080:8080"
# TS3 ports
- "9987:9987/udp"
- "10011:10011"
- "30033:30033"
volumes:
# For certificate
- "./data/letsencrypt:/letsencrypt"
- "./volumes/letsencrypt/acme.json:/letsencrypt/acme.json"
# For logging
- "./data/logs:/logs"
# Docker socket
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Test container
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
- "./volumes/logs/traefik.log:/logs/traefik.log"

4
ts3/README.md
View File

@ -1,2 +1,2 @@
This is now routed via traefik.
Still checking performance if there is no package loss.
This is now routed via traefik.
Still checking performance if working it is.

14
ts3/docker-compose.yml
View File

@ -1,7 +1,9 @@
version: '3.5'
networks:
default:
name: traefik_default
external: true
external:
name: traefik_default
services:
teamspeak-app:
@ -24,9 +26,7 @@ services:
- "traefik.tcp.routers.teamspeak-tcp.entrypoints=ts-tcp"
- "traefik.tcp.routers.teamspeak-tcp.service=teamspeak-tcp"
- "traefik.tcp.routers.teamspeak-tcp.rule=HostSNI(`ts3.${DOMAIN}`)"
- "traefik.tcp.routers.teamspeak-tcp.tls=true"
- "traefik.tcp.routers.teamspeak-tcp.tls.certresolver=myresolver"
- "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"
- "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"
# udp
- "traefik.udp.routers.teamspeak-udp.entrypoints=ts-udp"
- "traefik.udp.routers.teamspeak-udp.service=teamspeak-udp"
@ -35,9 +35,9 @@ services:
teamspeak-db:
networks:
- default
image: mariadb:10.11
image: mariadb:10
env_file: live.env
container_name: ts3-db
restart: unless-stopped
volumes:
- ./db:/var/lib/mysql
- ./db:/var/lib/mysql

15
valheim-server/docker-compose.yaml
View File

@ -1,15 +0,0 @@
services:
valheim:
image: clarkent86/valheim-server
cap_add:
- sys_nice
volumes:
- ./config:/config
- ./data:/opt/valheim
ports:
- "2456-2458:2456-2458/udp"
- "9001:9001/tcp"
env_file:
- ./valheim.env
restart: always
stop_grace_period: 2m

6
valheim-server/valheim.env.tpl
View File

@ -1,6 +0,0 @@
SERVER_NAME=YOUR_SERVER_NAME
WORLD_NAME=Dedicated
SERVER_PASS=YOUR_PASSWORD
SERVER_PUBLIC=true
VALHEIM_PLUS=false
BEPINEX=true

13
wordpress/docker-compose.yml
View File

@ -1,12 +1,14 @@
version: '3.5'
networks:
default:
name: traefik_default
external: true
external:
name: traefik_default
services:
wordpress:
env_file: live.env
image: wordpress:6.4.3
image: wordpress
container_name: wordpress-app
restart: unless-stopped
labels:
@ -21,9 +23,6 @@ services:
- "traefik.http.routers.wordpress.tls.certresolver=myresolver"
#- "traefik.http.routers.wordpress.tls.options=intermediate@file"
### </https> ###
# multi wordpress instances useage
links:
- db:db_s1
networks:
- default
volumes:
@ -34,7 +33,7 @@ services:
db:
env_file: live.env
image: mariadb:10.11
image: mysql:5.7
restart: unless-stopped
container_name: wordpress-db
labels:

2
wordpress/live.env.tpl
View File

@ -12,4 +12,4 @@ WORDPRESS_DB_NAME=wordpress
MYSQL_DATABASE=wordpress
MYSQL_USER=username
MYSQL_PASSWORD=password_db
MYSQL_RANDOM_ROOT_PASSWORD=yes
MYSQL_RANDOM_ROOT_PASSWORD=password_db_root