chore: remove old proxy, netdata, watch, and umami stack directories
All services have been consolidated into the net stack. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -1,11 +0,0 @@
|
||||
# Dockerfile for Netdata with msmtp support for email alerts
|
||||
FROM netdata/netdata:latest
|
||||
|
||||
# Install msmtp for sending emails
|
||||
RUN apt-get update && \
|
||||
apt-get install -y msmtp msmtp-mta ca-certificates && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set proper permissions for msmtp config
|
||||
RUN chmod 600 /etc/msmtprc || true
|
||||
@@ -1,70 +0,0 @@
|
||||
services:
|
||||
netdata:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
image: ${NETDATA_IMAGE:-netdata/netdata:latest}
|
||||
container_name: ${NETDATA_COMPOSE_PROJECT_NAME}_app
|
||||
restart: unless-stopped
|
||||
hostname: ${NETDATA_HOSTNAME:-netdata.pivoine.art}
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
- SYS_ADMIN
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
volumes:
|
||||
- netdata_config:/etc/netdata
|
||||
- netdata_lib:/var/lib/netdata
|
||||
- netdata_cache:/var/cache/netdata
|
||||
- ./go.d/postgres.conf:/etc/netdata/go.d/postgres.conf:ro
|
||||
- ./go.d/filecheck.conf:/etc/netdata/go.d/filecheck.conf:ro
|
||||
- ./health_alarm_notify.conf:/etc/netdata/health_alarm_notify.conf:ro
|
||||
- ./msmtprc:/etc/msmtprc:ro
|
||||
- /mnt/hidrive/users/valknar/Backup:/mnt/hidrive/users/valknar/Backup:ro
|
||||
- /etc/passwd:/host/etc/passwd:ro
|
||||
- /etc/group:/host/etc/group:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /etc/os-release:/host/etc/os-release:ro
|
||||
- /var/log:/host/var/log:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-}
|
||||
- NETDATA_CLAIM_URL=${NETDATA_CLAIM_URL:-}
|
||||
- NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS:-}
|
||||
- MATTERMOST_WEBHOOK_URL=${MATTERMOST_WEBHOOK_URL:-}
|
||||
networks:
|
||||
- compose_network
|
||||
labels:
|
||||
- 'traefik.enable=${NETDATA_TRAEFIK_ENABLED}'
|
||||
# HTTP to HTTPS redirect
|
||||
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
|
||||
# HTTPS router
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
|
||||
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-compress.compress=true'
|
||||
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
|
||||
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-auth,${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
|
||||
# Service
|
||||
- 'traefik.http.services.${NETDATA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=19999'
|
||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
||||
# Watchtower
|
||||
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
||||
|
||||
volumes:
|
||||
netdata_config:
|
||||
name: ${NETDATA_COMPOSE_PROJECT_NAME}_config
|
||||
netdata_lib:
|
||||
name: ${NETDATA_COMPOSE_PROJECT_NAME}_lib
|
||||
netdata_cache:
|
||||
name: ${NETDATA_COMPOSE_PROJECT_NAME}_cache
|
||||
|
||||
networks:
|
||||
compose_network:
|
||||
name: ${NETWORK_NAME}
|
||||
external: true
|
||||
@@ -1,5 +0,0 @@
|
||||
jobs:
|
||||
- name: restic_repository
|
||||
dirs:
|
||||
include:
|
||||
- '/mnt/hidrive/users/valknar/Backup'
|
||||
@@ -1,3 +0,0 @@
|
||||
jobs:
|
||||
- name: docker_core_postgres
|
||||
dsn: 'postgres://netdata:netdata_monitor_password@172.18.0.5:5432/postgres'
|
||||
@@ -1,47 +0,0 @@
|
||||
# Netdata health alarm notification configuration
|
||||
# This file configures where to send alarm notifications
|
||||
|
||||
# Enable/disable sending email notifications
|
||||
SEND_EMAIL="YES"
|
||||
|
||||
# Recipient email address for all alarms
|
||||
DEFAULT_RECIPIENT_EMAIL="${ADMIN_EMAIL}"
|
||||
|
||||
# Email sender address
|
||||
EMAIL_SENDER="${EMAIL_FROM}"
|
||||
|
||||
# SMTP configuration
|
||||
SENDMAIL=""
|
||||
EMAIL_SENDER="${EMAIL_FROM}"
|
||||
|
||||
# Custom send email command using msmtp
|
||||
EMAIL_COMMAND="msmtp -t"
|
||||
|
||||
# Enable specific notification types
|
||||
role_recipients_email[sysadmin]="${ADMIN_EMAIL}"
|
||||
role_recipients_email[domainadmin]="${ADMIN_EMAIL}"
|
||||
role_recipients_email[dba]="${ADMIN_EMAIL}"
|
||||
role_recipients_email[webmaster]="${ADMIN_EMAIL}"
|
||||
role_recipients_email[proxyadmin]="${ADMIN_EMAIL}"
|
||||
role_recipients_email[sitemgr]="${ADMIN_EMAIL}"
|
||||
|
||||
###############################################################################
|
||||
# Mattermost notifications via Slack-compatible webhook
|
||||
###############################################################################
|
||||
|
||||
# Enable Slack notifications (Mattermost supports Slack-compatible webhooks)
|
||||
SEND_SLACK="YES"
|
||||
|
||||
# Mattermost incoming webhook URL (Slack-compatible)
|
||||
SLACK_WEBHOOK_URL="${MATTERMOST_WEBHOOK_URL}"
|
||||
|
||||
# Slack channel (optional, webhook default channel will be used if empty)
|
||||
DEFAULT_RECIPIENT_SLACK=""
|
||||
|
||||
# Slack notification recipients per role
|
||||
role_recipients_slack[sysadmin]="notifications"
|
||||
role_recipients_slack[domainadmin]="notifications"
|
||||
role_recipients_slack[dba]="notifications"
|
||||
role_recipients_slack[webmaster]="notifications"
|
||||
role_recipients_slack[proxyadmin]="notifications"
|
||||
role_recipients_slack[sitemgr]="notifications"
|
||||
@@ -1,20 +0,0 @@
|
||||
# MSMTP configuration for Netdata email alerts
|
||||
|
||||
# Set default values for all accounts
|
||||
defaults
|
||||
auth on
|
||||
tls on
|
||||
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||
logfile /var/log/msmtp.log
|
||||
|
||||
# IONOS SMTP account
|
||||
account ionos
|
||||
host smtp.ionos.de
|
||||
port 465
|
||||
tls_starttls off
|
||||
from hi@pivoine.art
|
||||
user hi@pivoine.art
|
||||
password jaquoment
|
||||
|
||||
# Set default account
|
||||
account default : ionos
|
||||
@@ -1,92 +0,0 @@
|
||||
services:
|
||||
traefik:
|
||||
image: ${PROXY_DOCKER_IMAGE}
|
||||
container_name: ${PROXY_COMPOSE_PROJECT_NAME}_app
|
||||
restart: unless-stopped
|
||||
command:
|
||||
# API & Dashboard
|
||||
- '--api.dashboard=true'
|
||||
- '--api.insecure=false'
|
||||
|
||||
# Ping endpoint for healthcheck
|
||||
- '--ping=true'
|
||||
|
||||
# Experimental plugins
|
||||
- '--experimental.plugins.sablier.modulename=github.com/acouvreur/sablier'
|
||||
- '--experimental.plugins.sablier.version=v1.8.0'
|
||||
|
||||
# Logging
|
||||
- '--log.level=${PROXY_LOG_LEVEL:-INFO}'
|
||||
- '--accesslog=true'
|
||||
|
||||
# Global
|
||||
- '--global.sendAnonymousUsage=false'
|
||||
- '--global.checkNewVersion=true'
|
||||
|
||||
# Docker Provider
|
||||
- '--providers.docker=true'
|
||||
- '--providers.docker.exposedbydefault=false'
|
||||
- '--providers.docker.network=${NETWORK_NAME}'
|
||||
|
||||
# File Provider for dynamic configuration
|
||||
- '--providers.file.directory=/etc/traefik/dynamic'
|
||||
- '--providers.file.watch=true'
|
||||
|
||||
# Entrypoints
|
||||
- '--entrypoints.web.address=:${PROXY_PORT_HTTP:-80}'
|
||||
- '--entrypoints.web-secure.address=:${PROXY_PORT_HTTPS:-443}'
|
||||
|
||||
# Global HTTP to HTTPS redirect
|
||||
- '--entrypoints.web.http.redirections.entryPoint.to=web-secure'
|
||||
- '--entrypoints.web.http.redirections.entryPoint.scheme=https'
|
||||
- '--entrypoints.web.http.redirections.entryPoint.permanent=true'
|
||||
|
||||
# Security Headers (applied globally)
|
||||
- '--entrypoints.web-secure.http.middlewares=security-headers@file'
|
||||
|
||||
# Let's Encrypt
|
||||
- '--certificatesresolvers.resolver.acme.tlschallenge=true'
|
||||
- '--certificatesresolvers.resolver.acme.email=${ADMIN_EMAIL}'
|
||||
- '--certificatesresolvers.resolver.acme.storage=/letsencrypt/acme.json'
|
||||
|
||||
healthcheck:
|
||||
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
|
||||
environment:
|
||||
AUTH_USERS: ${AUTH_USERS}
|
||||
|
||||
networks:
|
||||
- compose_network
|
||||
|
||||
ports:
|
||||
- "${PROXY_PORT_HTTP:-80}:80"
|
||||
- "${PROXY_PORT_HTTPS:-443}:443"
|
||||
|
||||
volumes:
|
||||
- letsencrypt_data:/letsencrypt
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./dynamic:/etc/traefik/dynamic:ro
|
||||
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
# HTTP to HTTPS redirect
|
||||
- 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.rule=Host(`${PROXY_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
|
||||
# HTTPS router with auth
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${PROXY_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.service=api@internal'
|
||||
- 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
|
||||
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-auth'
|
||||
- 'traefik.http.services.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080'
|
||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
||||
volumes:
|
||||
letsencrypt_data:
|
||||
name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data
|
||||
@@ -1,61 +0,0 @@
|
||||
tls:
|
||||
options:
|
||||
default:
|
||||
minVersion: VersionTLS12
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
curvePreferences:
|
||||
- CurveP521
|
||||
- CurveP384
|
||||
sniStrict: true
|
||||
|
||||
http:
|
||||
middlewares:
|
||||
# Security Headers Middleware
|
||||
security-headers:
|
||||
headers:
|
||||
# HSTS (HTTP Strict Transport Security)
|
||||
stsSeconds: 31536000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
|
||||
# Force HTTPS
|
||||
forceSTSHeader: true
|
||||
|
||||
# Clickjacking protection
|
||||
customFrameOptionsValue: "SAMEORIGIN"
|
||||
|
||||
# XSS Protection
|
||||
browserXssFilter: true
|
||||
|
||||
# Content Type sniffing protection
|
||||
contentTypeNosniff: true
|
||||
|
||||
# Referrer Policy
|
||||
referrerPolicy: "strict-origin-when-cross-origin"
|
||||
|
||||
# Permissions Policy (formerly Feature Policy)
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
|
||||
Permissions-Policy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()"
|
||||
X-Content-Type-Options: "nosniff"
|
||||
X-Frame-Options: "SAMEORIGIN"
|
||||
|
||||
# Rate Limiting Middleware (optional, can be applied per service)
|
||||
rate-limit:
|
||||
rateLimit:
|
||||
average: 100
|
||||
burst: 50
|
||||
period: 1s
|
||||
|
||||
# Rate Limiting for API endpoints (stricter)
|
||||
api-rate-limit:
|
||||
rateLimit:
|
||||
average: 30
|
||||
burst: 15
|
||||
period: 1s
|
||||
@@ -1,44 +0,0 @@
|
||||
services:
|
||||
umami:
|
||||
image: ${TRACK_DOCKER_IMAGE}
|
||||
container_name: ${TRACK_COMPOSE_PROJECT_NAME}_app
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
TZ: ${TIMEZONE:-Europe/Amsterdam}
|
||||
|
||||
# Database Configuration
|
||||
DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${TRACK_DB_NAME}
|
||||
DATABASE_TYPE: postgresql
|
||||
|
||||
# Application Secret
|
||||
APP_SECRET: ${TRACK_APP_SECRET}
|
||||
|
||||
# Redis Cache Integration
|
||||
REDIS_URL: redis://${CORE_REDIS_HOST}:${CORE_REDIS_PORT}
|
||||
CACHE_ENABLED: true
|
||||
|
||||
|
||||
networks:
|
||||
- compose_network
|
||||
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 40s
|
||||
|
||||
labels:
|
||||
# Traefik Configuration
|
||||
- 'traefik.enable=${TRACK_TRAEFIK_ENABLED:-true}'
|
||||
|
||||
# HTTP to HTTPS redirect
|
||||
- 'traefik.http.middlewares.${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.middlewares=${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TRACK_TRAEFIK_HOST}`)'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
|
||||
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
|
||||
- 'traefik.http.services.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000'
|
||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
||||
@@ -1,30 +0,0 @@
|
||||
services:
|
||||
watchtower:
|
||||
image: containrrr/watchtower:latest
|
||||
container_name: watchtower
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
# Check for updates every 5 minutes (300 seconds)
|
||||
WATCHTOWER_POLL_INTERVAL: ${WATCHTOWER_POLL_INTERVAL:-300}
|
||||
# Only update containers with the watchtower label
|
||||
WATCHTOWER_LABEL_ENABLE: ${WATCHTOWER_LABEL_ENABLE:-true}
|
||||
# Clean up old images after update
|
||||
WATCHTOWER_CLEANUP: ${WATCHTOWER_CLEANUP:-true}
|
||||
# Include stopped containers
|
||||
WATCHTOWER_INCLUDE_STOPPED: ${WATCHTOWER_INCLUDE_STOPPED:-false}
|
||||
# Include restarting containers
|
||||
WATCHTOWER_INCLUDE_RESTARTING: ${WATCHTOWER_INCLUDE_RESTARTING:-true}
|
||||
# Run once and exit (set to false for continuous monitoring)
|
||||
WATCHTOWER_RUN_ONCE: ${WATCHTOWER_RUN_ONCE:-false}
|
||||
# Notifications via Shoutrrr
|
||||
WATCHTOWER_NOTIFICATIONS: ${WATCHTOWER_NOTIFICATIONS:-}
|
||||
WATCHTOWER_NOTIFICATION_URL: ${WATCHTOWER_NOTIFICATION_URL:-}
|
||||
# Log level (trace, debug, info, warn, error, fatal, panic)
|
||||
WATCHTOWER_LOG_LEVEL: ${WATCHTOWER_LOG_LEVEL:-info}
|
||||
# Rolling restart (update one container at a time)
|
||||
WATCHTOWER_ROLLING_RESTART: ${WATCHTOWER_ROLLING_RESTART:-false}
|
||||
labels:
|
||||
# Allow watchtower to update itself
|
||||
- com.centurylinklabs.watchtower.enable=true
|
||||
Reference in New Issue
Block a user