ccalifice/compose-projects-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adjust for pangolin + glance homepage
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Christoph Califice
2025-09-18 17:49:31 -03:00
parent 92a52a236a
commit b7d81aa0b0
17 changed files with 288 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -13,4 +13,5 @@
!monitoring/grafana/prometheus.yml
!caddy/config/**
!.gitea/**/*
!gitea/runner/config.yaml
!gitea/runner/config.yaml
!monitoring/glance/**/*

12
caddy/Caddyfile
View File

@@ -54,6 +54,18 @@ ccalifice.com {
respond "Hello ccalifice!"
}
files.sereiaguardia.com {
redir https://files.sereiaguardia.com:8088{uri} permanent
}
files.sereiaguardia.com:8088 {
reverse_proxy 192.168.1.67:8088
}
files.sereiaguardia.com:9021 {
reverse_proxy 192.168.1.67:9021
}
*.bortolasosail.com.br, bortolasosail.com.br {
header {
Content-Security-Policy upgrade-insecure-requests

36
caddy/docker-compose.yml
View File

@@ -13,6 +13,7 @@ services:
- "443:443"
- "443:443/udp"
- "8282:8282"
- "8088:8088"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./site/bortolaso-sail:/srv/bortolaso-sail
@@ -22,18 +23,29 @@ services:
networks:
- caddy-net
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
user: "0:0"
volumes:
- ./config:/root/.cloudflared
#command: tunnel login
#command: tunnel create tunnel_ccalifice
command: tunnel --no-autoupdate run
restart: unless-stopped
networks:
- caddy-net
newt:
image: fosrl/newt
container_name: newt
restart: unless-stopped
environment:
- PANGOLIN_ENDPOINT=https://pangolin.sereiaguardia.com
- NEWT_ID=t9eefucz8uk0qds
- NEWT_SECRET=tqb7nl80iwqsmyox0nndb82k516egcc7ui4fkuigvesuui3f
networks:
- caddy-net
# cloudflared:
# image: cloudflare/cloudflared:latest
# container_name: cloudflared
# user: "0:0"
# volumes:
# - ./config:/root/.cloudflared
# #command: tunnel login
# #command: tunnel create tunnel_ccalifice
# command: tunnel --no-autoupdate run
# restart: unless-stopped
# networks:
# - caddy-net
networks:
caddy-net:

146
guacamole/docker-compose.yml
View File

@@ -1,123 +1,31 @@
####################################################################################
# docker-compose file for Apache Guacamole
# created by PCFreak 2017-06-28
#
# Apache Guacamole is a clientless remote desktop gateway. It supports standard
# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
# client software are required. Thanks to HTML5, once Guacamole is installed on
# a server, all you need to access your desktops is a web browser.
####################################################################################
#
# What does this file do?
#
# Using docker-compose it will:
#
# - create a network 'guacnetwork_compose' with the 'bridge' driver.
# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose'
# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose'
# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose'
# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose'
#
# (1)
# DB-Init script is in './init/initdb.sql' it has been created executing
# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql'
# once.
# DATA-DIR is in './data'
# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
# change it to your needs before first start.
# To start from scratch delete './data' dir completely
# './data' will hold all data after first start!
# The initdb.d scripts are only executed the first time the container is started
# (and the database files are empty). If the database files already exist then the initdb.d
# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
# the volume and reuses it for the new container).
#
# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
# !!!!! or 'initdb.sql' will be ignored!
#
# './data' will hold all data after first start!
#
# (2)
# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
# as configured under (1)
#
# (3)
# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates
# and according to the official nginx container docs the guacamole.conf.template will be
# placed in /etc/nginx/conf.d/guacamole.conf after container startup.
# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
# prepare.sh creates a a self-signed certificate. If you want to use your own certs
# just remove the part that generates the certs from prepare.sh and replace
# 'self-ssl.key' and 'self.cert' with your certificate.
# nginx will export port 8443 to the outside world, make sure that this port is reachable
# on your system from the "outside world". All other traffic is only internal.
#
# You could remove the entire 'nginx' service from this file if you want to use your own
# reverse proxy in front of guacamole. If doing so, make sure you change the line
# from - 8080/tcp
# to - 8080:8080/tcp
# within the 'guacamole' service. This will expose the guacamole webinterface directly
# on port 8080 and you can use it for your own purposes.
# Note: Guacamole is available on :8080/guacamole, not /.
#
# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
#
# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
# !!!!! ./reset.sh
#
#
# The initial login to the guacamole webinterface is:
#
# Username: guacadmin
# Password: guacadmin
#
# Make sure you change it immediately!
#
# version date comment
# 0.1 2017-06-28 initial release
# 0.2 2017-10-09 minor fixes + internal GIT push
# 0.3 2017-10-09 minor fixes + public GIT push
# 0.4 2019-08-14 creating of ssl certs now in prepare.sh
# simplified nginx startup commands
# 0.5 2023-02-24 nginx now uses a template + some minor changes
# 0.6 2023-03-23 switched to postgres 15.2-alpine
# 0.61 2024-07-27 fix networks + version 3.0
# 0.62 2024-07-27 fix
#####################################################################################
#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
#version: '3.0'
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
guacnetwork_compose:
driver: bridge
caddy-net:
name: caddy-net
external: true
# services
services:
# guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: unless-stopped
image: guacamole/guacd:1.6.0
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# postgres
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'H4RD!PA$$word92753'
POSTGRES_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983'
POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine
networks:
- guacnetwork_compose
restart: unless-stopped
restart: always
volumes:
- ./init:/docker-entrypoint-initdb.d:z
- ./data:/var/lib/postgresql/data:Z
@@ -125,39 +33,27 @@ services:
# guacamole
guacamole:
container_name: guacamole_compose
group_add:
- "1000"
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'H4RD!PA$$word92753'
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
POSTGRESQL_DATABASE: guacamole_db
POSTGRESQL_HOSTNAME: postgres
POSTGRESQL_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983'
POSTGRESQL_USERNAME: guacamole_user
RECORDING_SEARCH_PATH: /record
image: guacamole/guacamole:1.6.0
networks:
- guacnetwork_compose
- caddy-net
- default
volumes:
- ./record:/record:rw
ports:
## enable next line if not using nginx
- 8181:8080/tcp # Guacamole is on :8080/guacamole, not /.
- 8085:8080/tcp # Guacamole is on :8080/guacamole, not /.
## enable next line when using nginx
# - 8080/tcp
restart: unless-stopped
########### optional ##############
# nginx
# nginx:
# container_name: nginx_guacamole_compose
# restart: unless-stopped
# image: nginx:latest
# volumes:
# - ./nginx/templates:/etc/nginx/templates:ro
# - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
# - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
# ports:
# - 8443:443
# networks:
# - guacnetwork_compose
####################################################################################
- 8080/tcp
restart: always

2
immich-app/.env
View File

@@ -4,7 +4,7 @@
UPLOAD_LOCATION=/mnt/immich-library
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=v1.142.0
IMMICH_VERSION=v1.142.1
# Connection secret for postgres. You should change it to a random password
DB_PASSWORD=asdf1234

9
immich-app/docker-compose.yml
View File

@@ -14,6 +14,9 @@ services:
- redis
- database
restart: unless-stopped
networks:
- caddy-net
- default
immich-machine-learning:
container_name: immich_machine_learning
@@ -43,3 +46,9 @@ services:
volumes:
- ./pgdata:/var/lib/postgresql/data
restart: unless-stopped
networks:
caddy-net:
external: true
name: caddy-net
default:

6
monitoring/.env Normal file
View File

@@ -0,0 +1,6 @@
# Variables defined here will be available to use anywhere in the config with the syntax ${MY_SECRET_TOKEN}
# Note: making changes to this file requires re-running docker compose up
MY_SECRET_TOKEN=09cjk13znm31asdnm36981238vasd52
UPTIME_KUMA_URL=http://192.168.1.202:3001
UPTIME_KUMA_STATUS_SLUG=external

15
monitoring/docker-compose.yml
View File

@@ -92,6 +92,7 @@ services:
restart: unless-stopped
networks:
- caddy-net
- default
homepage:
image: ghcr.io/gethomepage/homepage:latest
@@ -108,6 +109,20 @@ services:
- /mnt/hdd_1tb:/hdd_1tb
restart: unless-stopped
glance:
container_name: glance
image: glanceapp/glance
restart: unless-stopped
volumes:
- ./glance/config:/app/config
- ./glance/assets:/app/assets
- /etc/localtime:/etc/localtime:ro
# Optionally, also mount docker socket if you want to use the docker containers widget
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 3099:8080
env_file: .env
##### Grafana

BIN
monitoring/glance/assets/sereiaguardia.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.3 KiB

BIN
monitoring/glance/assets/sgpro.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

0
monitoring/glance/assets/user.css Normal file
View File

16
monitoring/glance/config/glance.yml Normal file
View File

@@ -0,0 +1,16 @@
server:
assets-path: /app/assets
theme:
theme:
background-color: 240 21 15
contrast-multiplier: 1.2
primary-color: 217 92 83
positive-color: 115 54 76
negative-color: 347 70 65
custom-css-file: /assets/user.css
pages:
# It's not necessary to create a new file for each page and include it, you can simply
# put its contents here, though multiple pages are easier to manage when separated
- $include: home.yml

170
monitoring/glance/config/home.yml Normal file
View File

@@ -0,0 +1,170 @@
- name: Home
# Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
# hide-desktop-navigation: true
columns:
- size: small
widgets:
- type: calendar
first-day-of-week: monday
- type: to-do
- type: server-stats
servers:
- type: local
name: Services
hide-mountpoints-by-default: true
mountpoints:
"/":
hide: false
#- type: remote
# name: arr-stack
- size: full
widgets:
- type: monitor
title: arr-stack
cache: 1m
sites:
- title: Jellyfin
url: http://192.168.1.201:8096/
icon: di:jellyfin.svg
- title: Prowlarr
url: http://192.168.1.201:9696/
icon: di:prowlarr.svg
#- title: Jackett
# url: http://192.168.1.201:9117/api/v2.0/
# icon: di:jackett.svg
- title: Sonarr
url: http://192.168.1.201:8989/
icon: di:sonarr.svg
- title: Radarr
url: http://192.168.1.201:7878/
icon: di:radarr.svg
- title: Bazarr
url: http://192.168.1.201:6767/
icon: di:bazarr.svg
- title: Stash
url: http://192.168.1.201:9999/
icon: di:stash.svg
- title: Jellyseerr
url: http://192.168.1.201:5055/
icon: di:jellyseerr.svg
- title: Kavita
url: http://192.168.1.201:5000/
icon: di:kavita.svg
- title: Slskd
url: http://192.168.1.201:5030/
icon: di:slskd.svg
- type: monitor
title: Services - LAN
cache: 1m
sites:
- title: OpenMediaVault
url: http://192.168.1.67
icon: di:openmediavault.svg
- title: Komodo
url: http://192.168.1.202:9120/
icon: di:komodo.svg
- title: Gitea
url: http://192.168.1.202:3005/
icon: di:gitea.svg
- title: Scrutiny
url: http://192.168.1.202:8081/
icon: di:gitea.svg
- type: monitor
title: Services - Internet
cache: 1m
sites:
- title: Vaultwarden
url: https://vaultwarden.ccalifice.com/#/login
icon: di:vaultwarden.svg
- title: Immich
url: https://immich.ccalifice.com
icon: di:immich.svg
- title: Ntfy
url: https://ntfy.ccalifice.com
icon: di:ntfy.svg
- title: n8
url: https://n8n.ccalifice.com
icon: di:n8n.svg
- title: paperless
url: https://paperless.ccalifice.com
icon: di:paperless.svg
- title: Guacamole
url: https://remote.ccalifice.com/guacamole/#/
icon: di:guacamole.svg
- type: monitor
title: Utils
cache: 1m
sites:
- title: Cyberchef
url: http://192.168.1.202:8383
icon: di:cyberchef.svg
- title: Stirling PDF
url: http://192.168.1.202:8585
icon: di:stirling-pdf.svg
- title: Gitea
url: http://192.168.1.202:3005/
icon: di:gitea.svg
- title: Scrutiny
url: http://192.168.1.202:8081/
icon: di:gitea.svg
- type: monitor
title: Sereia Guardiã
cache: 1m
sites:
- title: Pro
url: https://pro.sereiaguardia.com
icon: /assets/sereiaguardia.webp
- title: Files
url: https://files.sereiaguardia.com:8088
icon: di:filebrowser.svg
- title: n8n
url: https://n8n.sereiaguardia.com
icon: di:n8n.svg
- title: Mautic
url: https://mautic.sereiaguardia.com/s/login
icon: di:mautic.svg
- title: Pangolin
url: https://pangolin.sereiaguardia.com
icon: di:pangolin.svg
- size: small
widgets:
- type: weather
location: Porto Alegre, Brazil
units: metric # alternatively "imperial"
hour-format: 24h # alternatively "24h"
# Optionally hide the location from being displayed in the widget
# hide-location: true
- type: markets
markets:
- symbol: SPY
name: S&P 500
- symbol: BTC-USD
name: Bitcoin
- symbol: NVDA
name: NVIDIA
- symbol: AAPL
name: Apple
- symbol: MSFT
name: Microsoft
- type: releases
cache: 1d
# Without authentication the Github API allows for up to 60 requests per hour. You can create a
# read-only token from your Github account settings and use it here to increase the limit.
token: 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
repositories:
- glanceapp/glance
- go-gitea/gitea
- immich-app/immich
- syncthing/syncthing

9
n8n/docker-compose.yml
View File

@@ -30,7 +30,7 @@ services:
restart: unless-stopped
networks:
- caddy-net
- n8n-net
- default
db:
image: postgres:12
@@ -42,13 +42,8 @@ services:
- POSTGRES_PASSWORD=n8n
- POSTGRES_DB=n8n
restart: unless-stopped
networks:
- n8n-net
networks:
caddy-net:
external: true
name: caddy-net
n8n-net:
name: n8n-net
driver: bridge
name: caddy-net

10
paperless/docker-compose.yml
View File

@@ -5,8 +5,6 @@ services:
restart: unless-stopped
volumes:
- ./redisdata:/data
networks:
- paperless-net
db:
image: docker.io/library/postgres:15
@@ -17,8 +15,6 @@ services:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
networks:
- paperless-net
container_name: paperless-db
webserver:
@@ -56,14 +52,12 @@ services:
USERMAP_UID: 1000
USERMAP_GID: 1002
networks:
- paperless-net
- default
- caddy-net
gotenberg:
image: docker.io/gotenberg/gotenberg:8.3.0
restart: unless-stopped
networks:
- paperless-net
# The gotenberg chromium route is used to convert .eml files. We do not
# want to allow external content like tracking pixels or even javascript.
command:
@@ -75,8 +69,6 @@ services:
tika:
image: ghcr.io/paperless-ngx/tika:latest
restart: unless-stopped
networks:
- paperless-net
container_name: tika
networks:

2
vaultwarden/.env
View File

@@ -1,4 +1,4 @@
DOMAIN=http://vaultwarden.ccalifice.com/
DOMAIN=https://vaultwarden.ccalifice.com/
ADMIN_TOKEN=yuioqzkjiouqeiu3948sdnasdnmk239!!!asdakj&&
WEB_VAULT_ENABLED=true
WEBSOCKET_ENABLED=true

8
vaultwarden/docker-compose.yml
View File

@@ -9,3 +9,11 @@ services:
- 8080:80
env_file:
- .env
networks:
- caddy-net
networks:
caddy-net:
name: caddy-net
external: true