diff --git a/.gitignore b/.gitignore index bae30c5..d656be4 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,5 @@ !monitoring/grafana/prometheus.yml !caddy/config/** !.gitea/**/* -!gitea/runner/config.yaml \ No newline at end of file +!gitea/runner/config.yaml +!monitoring/glance/**/* \ No newline at end of file diff --git a/caddy/Caddyfile b/caddy/Caddyfile index c71472f..c6c9260 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -54,6 +54,18 @@ ccalifice.com { respond "Hello ccalifice!" } +files.sereiaguardia.com { + redir https://files.sereiaguardia.com:8088{uri} permanent +} + +files.sereiaguardia.com:8088 { + reverse_proxy 192.168.1.67:8088 +} + +files.sereiaguardia.com:9021 { + reverse_proxy 192.168.1.67:9021 +} + *.bortolasosail.com.br, bortolasosail.com.br { header { Content-Security-Policy upgrade-insecure-requests diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml index 2ad5a1c..041b643 100644 --- a/caddy/docker-compose.yml +++ b/caddy/docker-compose.yml @@ -13,6 +13,7 @@ services: - "443:443" - "443:443/udp" - "8282:8282" + - "8088:8088" volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./site/bortolaso-sail:/srv/bortolaso-sail @@ -22,18 +23,29 @@ services: networks: - caddy-net - cloudflared: - image: cloudflare/cloudflared:latest - container_name: cloudflared - user: "0:0" - volumes: - - ./config:/root/.cloudflared - #command: tunnel login - #command: tunnel create tunnel_ccalifice - command: tunnel --no-autoupdate run - restart: unless-stopped - networks: - - caddy-net + newt: + image: fosrl/newt + container_name: newt + restart: unless-stopped + environment: + - PANGOLIN_ENDPOINT=https://pangolin.sereiaguardia.com + - NEWT_ID=t9eefucz8uk0qds + - NEWT_SECRET=tqb7nl80iwqsmyox0nndb82k516egcc7ui4fkuigvesuui3f + networks: + - caddy-net + + # cloudflared: + # image: cloudflare/cloudflared:latest + # container_name: cloudflared + # user: "0:0" + # volumes: + # - ./config:/root/.cloudflared + # #command: tunnel login + # #command: tunnel create tunnel_ccalifice + # command: tunnel --no-autoupdate run + # restart: unless-stopped + # networks: + # - caddy-net networks: caddy-net: diff --git a/guacamole/docker-compose.yml b/guacamole/docker-compose.yml index 02b01dc..e564acb 100644 --- a/guacamole/docker-compose.yml +++ b/guacamole/docker-compose.yml @@ -1,123 +1,31 @@ -#################################################################################### -# docker-compose file for Apache Guacamole -# created by PCFreak 2017-06-28 -# -# Apache Guacamole is a clientless remote desktop gateway. It supports standard -# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or -# client software are required. Thanks to HTML5, once Guacamole is installed on -# a server, all you need to access your desktops is a web browser. -#################################################################################### -# -# What does this file do? -# -# Using docker-compose it will: -# -# - create a network 'guacnetwork_compose' with the 'bridge' driver. -# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose' -# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose' -# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose' -# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose' -# -# (1) -# DB-Init script is in './init/initdb.sql' it has been created executing -# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql' -# once. -# DATA-DIR is in './data' -# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and -# change it to your needs before first start. -# To start from scratch delete './data' dir completely -# './data' will hold all data after first start! -# The initdb.d scripts are only executed the first time the container is started -# (and the database files are empty). If the database files already exist then the initdb.d -# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves -# the volume and reuses it for the new container). -# -# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init) -# !!!!! or 'initdb.sql' will be ignored! -# -# './data' will hold all data after first start! -# -# (2) -# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD' -# as configured under (1) -# -# (3) -# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates -# and according to the official nginx container docs the guacamole.conf.template will be -# placed in /etc/nginx/conf.d/guacamole.conf after container startup. -# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl -# prepare.sh creates a a self-signed certificate. If you want to use your own certs -# just remove the part that generates the certs from prepare.sh and replace -# 'self-ssl.key' and 'self.cert' with your certificate. -# nginx will export port 8443 to the outside world, make sure that this port is reachable -# on your system from the "outside world". All other traffic is only internal. -# -# You could remove the entire 'nginx' service from this file if you want to use your own -# reverse proxy in front of guacamole. If doing so, make sure you change the line -# from - 8080/tcp -# to - 8080:8080/tcp -# within the 'guacamole' service. This will expose the guacamole webinterface directly -# on port 8080 and you can use it for your own purposes. -# Note: Guacamole is available on :8080/guacamole, not /. -# -# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once -# -# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A -# !!!!! ./reset.sh -# -# -# The initial login to the guacamole webinterface is: -# -# Username: guacadmin -# Password: guacadmin -# -# Make sure you change it immediately! -# -# version date comment -# 0.1 2017-06-28 initial release -# 0.2 2017-10-09 minor fixes + internal GIT push -# 0.3 2017-10-09 minor fixes + public GIT push -# 0.4 2019-08-14 creating of ssl certs now in prepare.sh -# simplified nginx startup commands -# 0.5 2023-02-24 nginx now uses a template + some minor changes -# 0.6 2023-03-23 switched to postgres 15.2-alpine -# 0.61 2024-07-27 fix networks + version 3.0 -# 0.62 2024-07-27 fix -##################################################################################### - -#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion -#version: '3.0' - # networks # create a network 'guacnetwork_compose' in mode 'bridged' networks: - guacnetwork_compose: - driver: bridge + caddy-net: + name: caddy-net + external: true # services services: # guacd guacd: container_name: guacd_compose - image: guacamole/guacd - networks: - - guacnetwork_compose - restart: unless-stopped + image: guacamole/guacd:1.6.0 + restart: always volumes: - ./drive:/drive:rw - ./record:/record:rw + # postgres postgres: container_name: postgres_guacamole_compose environment: PGDATA: /var/lib/postgresql/data/guacamole POSTGRES_DB: guacamole_db - POSTGRES_PASSWORD: 'H4RD!PA$$word92753' + POSTGRES_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983' POSTGRES_USER: guacamole_user image: postgres:15.2-alpine - networks: - - guacnetwork_compose - restart: unless-stopped + restart: always volumes: - ./init:/docker-entrypoint-initdb.d:z - ./data:/var/lib/postgresql/data:Z @@ -125,39 +33,27 @@ services: # guacamole guacamole: container_name: guacamole_compose + group_add: + - "1000" depends_on: - guacd - postgres environment: GUACD_HOSTNAME: guacd - POSTGRES_DATABASE: guacamole_db - POSTGRES_HOSTNAME: postgres - POSTGRES_PASSWORD: 'H4RD!PA$$word92753' - POSTGRES_USER: guacamole_user - image: guacamole/guacamole + POSTGRESQL_DATABASE: guacamole_db + POSTGRESQL_HOSTNAME: postgres + POSTGRESQL_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983' + POSTGRESQL_USERNAME: guacamole_user + RECORDING_SEARCH_PATH: /record + image: guacamole/guacamole:1.6.0 networks: - - guacnetwork_compose + - caddy-net + - default volumes: - ./record:/record:rw ports: ## enable next line if not using nginx - - 8181:8080/tcp # Guacamole is on :8080/guacamole, not /. + - 8085:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx -# - 8080/tcp - restart: unless-stopped - -########### optional ############## - # nginx -# nginx: -# container_name: nginx_guacamole_compose -# restart: unless-stopped -# image: nginx:latest -# volumes: -# - ./nginx/templates:/etc/nginx/templates:ro -# - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro -# - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro -# ports: -# - 8443:443 -# networks: -# - guacnetwork_compose -#################################################################################### + - 8080/tcp + restart: always \ No newline at end of file diff --git a/immich-app/.env b/immich-app/.env index 659db0c..44b2643 100644 --- a/immich-app/.env +++ b/immich-app/.env @@ -4,7 +4,7 @@ UPLOAD_LOCATION=/mnt/immich-library # The Immich version to use. You can pin this to a specific version like "v1.71.0" -IMMICH_VERSION=v1.142.0 +IMMICH_VERSION=v1.142.1 # Connection secret for postgres. You should change it to a random password DB_PASSWORD=asdf1234 diff --git a/immich-app/docker-compose.yml b/immich-app/docker-compose.yml index 5d9e050..aa8990c 100644 --- a/immich-app/docker-compose.yml +++ b/immich-app/docker-compose.yml @@ -14,6 +14,9 @@ services: - redis - database restart: unless-stopped + networks: + - caddy-net + - default immich-machine-learning: container_name: immich_machine_learning @@ -43,3 +46,9 @@ services: volumes: - ./pgdata:/var/lib/postgresql/data restart: unless-stopped + +networks: + caddy-net: + external: true + name: caddy-net + default: \ No newline at end of file diff --git a/monitoring/.env b/monitoring/.env new file mode 100644 index 0000000..0b719f0 --- /dev/null +++ b/monitoring/.env @@ -0,0 +1,6 @@ +# Variables defined here will be available to use anywhere in the config with the syntax ${MY_SECRET_TOKEN} +# Note: making changes to this file requires re-running docker compose up +MY_SECRET_TOKEN=09cjk13znm31asdnm36981238vasd52 + +UPTIME_KUMA_URL=http://192.168.1.202:3001 +UPTIME_KUMA_STATUS_SLUG=external \ No newline at end of file diff --git a/monitoring/docker-compose.yml b/monitoring/docker-compose.yml index ce4f54e..62090f5 100644 --- a/monitoring/docker-compose.yml +++ b/monitoring/docker-compose.yml @@ -92,6 +92,7 @@ services: restart: unless-stopped networks: - caddy-net + - default homepage: image: ghcr.io/gethomepage/homepage:latest @@ -108,6 +109,20 @@ services: - /mnt/hdd_1tb:/hdd_1tb restart: unless-stopped + glance: + container_name: glance + image: glanceapp/glance + restart: unless-stopped + volumes: + - ./glance/config:/app/config + - ./glance/assets:/app/assets + - /etc/localtime:/etc/localtime:ro + # Optionally, also mount docker socket if you want to use the docker containers widget + - /var/run/docker.sock:/var/run/docker.sock:ro + ports: + - 3099:8080 + env_file: .env + ##### Grafana diff --git a/monitoring/glance/assets/sereiaguardia.webp b/monitoring/glance/assets/sereiaguardia.webp new file mode 100644 index 0000000..b5c550a Binary files /dev/null and b/monitoring/glance/assets/sereiaguardia.webp differ diff --git a/monitoring/glance/assets/sgpro.png b/monitoring/glance/assets/sgpro.png new file mode 100644 index 0000000..bd6f9f9 Binary files /dev/null and b/monitoring/glance/assets/sgpro.png differ diff --git a/monitoring/glance/assets/user.css b/monitoring/glance/assets/user.css new file mode 100644 index 0000000..e69de29 diff --git a/monitoring/glance/config/glance.yml b/monitoring/glance/config/glance.yml new file mode 100644 index 0000000..aca518b --- /dev/null +++ b/monitoring/glance/config/glance.yml @@ -0,0 +1,16 @@ +server: + assets-path: /app/assets + +theme: + theme: + background-color: 240 21 15 + contrast-multiplier: 1.2 + primary-color: 217 92 83 + positive-color: 115 54 76 + negative-color: 347 70 65 + custom-css-file: /assets/user.css + +pages: + # It's not necessary to create a new file for each page and include it, you can simply + # put its contents here, though multiple pages are easier to manage when separated + - $include: home.yml diff --git a/monitoring/glance/config/home.yml b/monitoring/glance/config/home.yml new file mode 100644 index 0000000..4e3f801 --- /dev/null +++ b/monitoring/glance/config/home.yml @@ -0,0 +1,170 @@ +- name: Home + # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look + # hide-desktop-navigation: true + columns: + - size: small + widgets: + - type: calendar + first-day-of-week: monday + + - type: to-do + + - type: server-stats + servers: + - type: local + name: Services + hide-mountpoints-by-default: true + mountpoints: + "/": + hide: false + #- type: remote + # name: arr-stack + + + - size: full + widgets: + + - type: monitor + title: arr-stack + cache: 1m + sites: + - title: Jellyfin + url: http://192.168.1.201:8096/ + icon: di:jellyfin.svg + - title: Prowlarr + url: http://192.168.1.201:9696/ + icon: di:prowlarr.svg + #- title: Jackett + # url: http://192.168.1.201:9117/api/v2.0/ + # icon: di:jackett.svg + - title: Sonarr + url: http://192.168.1.201:8989/ + icon: di:sonarr.svg + - title: Radarr + url: http://192.168.1.201:7878/ + icon: di:radarr.svg + - title: Bazarr + url: http://192.168.1.201:6767/ + icon: di:bazarr.svg + - title: Stash + url: http://192.168.1.201:9999/ + icon: di:stash.svg + - title: Jellyseerr + url: http://192.168.1.201:5055/ + icon: di:jellyseerr.svg + - title: Kavita + url: http://192.168.1.201:5000/ + icon: di:kavita.svg + - title: Slskd + url: http://192.168.1.201:5030/ + icon: di:slskd.svg + + - type: monitor + title: Services - LAN + cache: 1m + sites: + - title: OpenMediaVault + url: http://192.168.1.67 + icon: di:openmediavault.svg + - title: Komodo + url: http://192.168.1.202:9120/ + icon: di:komodo.svg + - title: Gitea + url: http://192.168.1.202:3005/ + icon: di:gitea.svg + - title: Scrutiny + url: http://192.168.1.202:8081/ + icon: di:gitea.svg + + - type: monitor + title: Services - Internet + cache: 1m + sites: + - title: Vaultwarden + url: https://vaultwarden.ccalifice.com/#/login + icon: di:vaultwarden.svg + - title: Immich + url: https://immich.ccalifice.com + icon: di:immich.svg + - title: Ntfy + url: https://ntfy.ccalifice.com + icon: di:ntfy.svg + - title: n8 + url: https://n8n.ccalifice.com + icon: di:n8n.svg + - title: paperless + url: https://paperless.ccalifice.com + icon: di:paperless.svg + - title: Guacamole + url: https://remote.ccalifice.com/guacamole/#/ + icon: di:guacamole.svg + + - type: monitor + title: Utils + cache: 1m + sites: + - title: Cyberchef + url: http://192.168.1.202:8383 + icon: di:cyberchef.svg + - title: Stirling PDF + url: http://192.168.1.202:8585 + icon: di:stirling-pdf.svg + - title: Gitea + url: http://192.168.1.202:3005/ + icon: di:gitea.svg + - title: Scrutiny + url: http://192.168.1.202:8081/ + icon: di:gitea.svg + + - type: monitor + title: Sereia GuardiĆ£ + cache: 1m + sites: + - title: Pro + url: https://pro.sereiaguardia.com + icon: /assets/sereiaguardia.webp + - title: Files + url: https://files.sereiaguardia.com:8088 + icon: di:filebrowser.svg + - title: n8n + url: https://n8n.sereiaguardia.com + icon: di:n8n.svg + - title: Mautic + url: https://mautic.sereiaguardia.com/s/login + icon: di:mautic.svg + - title: Pangolin + url: https://pangolin.sereiaguardia.com + icon: di:pangolin.svg + + - size: small + widgets: + - type: weather + location: Porto Alegre, Brazil + units: metric # alternatively "imperial" + hour-format: 24h # alternatively "24h" + # Optionally hide the location from being displayed in the widget + # hide-location: true + + - type: markets + markets: + - symbol: SPY + name: S&P 500 + - symbol: BTC-USD + name: Bitcoin + - symbol: NVDA + name: NVIDIA + - symbol: AAPL + name: Apple + - symbol: MSFT + name: Microsoft + + - type: releases + cache: 1d + # Without authentication the Github API allows for up to 60 requests per hour. You can create a + # read-only token from your Github account settings and use it here to increase the limit. + token: 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 + repositories: + - glanceapp/glance + - go-gitea/gitea + - immich-app/immich + - syncthing/syncthing diff --git a/n8n/docker-compose.yml b/n8n/docker-compose.yml index d9eca7f..4630420 100644 --- a/n8n/docker-compose.yml +++ b/n8n/docker-compose.yml @@ -30,7 +30,7 @@ services: restart: unless-stopped networks: - caddy-net - - n8n-net + - default db: image: postgres:12 @@ -42,13 +42,8 @@ services: - POSTGRES_PASSWORD=n8n - POSTGRES_DB=n8n restart: unless-stopped - networks: - - n8n-net networks: caddy-net: external: true - name: caddy-net - n8n-net: - name: n8n-net - driver: bridge + name: caddy-net \ No newline at end of file diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml index 9c3ac3e..d65db18 100644 --- a/paperless/docker-compose.yml +++ b/paperless/docker-compose.yml @@ -5,8 +5,6 @@ services: restart: unless-stopped volumes: - ./redisdata:/data - networks: - - paperless-net db: image: docker.io/library/postgres:15 @@ -17,8 +15,6 @@ services: POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless - networks: - - paperless-net container_name: paperless-db webserver: @@ -56,14 +52,12 @@ services: USERMAP_UID: 1000 USERMAP_GID: 1002 networks: - - paperless-net + - default - caddy-net gotenberg: image: docker.io/gotenberg/gotenberg:8.3.0 restart: unless-stopped - networks: - - paperless-net # The gotenberg chromium route is used to convert .eml files. We do not # want to allow external content like tracking pixels or even javascript. command: @@ -75,8 +69,6 @@ services: tika: image: ghcr.io/paperless-ngx/tika:latest restart: unless-stopped - networks: - - paperless-net container_name: tika networks: diff --git a/vaultwarden/.env b/vaultwarden/.env index 5df3611..5f482dd 100644 --- a/vaultwarden/.env +++ b/vaultwarden/.env @@ -1,4 +1,4 @@ -DOMAIN=http://vaultwarden.ccalifice.com/ +DOMAIN=https://vaultwarden.ccalifice.com/ ADMIN_TOKEN=yuioqzkjiouqeiu3948sdnasdnmk239!!!asdakj&& WEB_VAULT_ENABLED=true WEBSOCKET_ENABLED=true diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml index 65790ea..a229813 100755 --- a/vaultwarden/docker-compose.yml +++ b/vaultwarden/docker-compose.yml @@ -9,3 +9,11 @@ services: - 8080:80 env_file: - .env + networks: + - caddy-net + + +networks: + caddy-net: + name: caddy-net + external: true \ No newline at end of file