From 34ac4a35c3a0a8aaa5159325ee194f1331a885fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Sat, 15 Nov 2025 17:03:09 +0100 Subject: [PATCH] chore: remove old proxy, netdata, watch, and umami stack directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All services have been consolidated into the net stack. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- netdata/Dockerfile | 11 ---- netdata/compose.yaml | 70 ------------------------ netdata/go.d/filecheck.conf | 5 -- netdata/go.d/postgres.conf | 3 -- netdata/health_alarm_notify.conf | 47 ---------------- netdata/msmtprc | 20 ------- proxy/compose.yaml | 92 -------------------------------- proxy/dynamic/security.yaml | 61 --------------------- umami/compose.yaml | 44 --------------- watch/compose.yaml | 30 ----------- 10 files changed, 383 deletions(-) delete mode 100644 netdata/Dockerfile delete mode 100644 netdata/compose.yaml delete mode 100644 netdata/go.d/filecheck.conf delete mode 100644 netdata/go.d/postgres.conf delete mode 100644 netdata/health_alarm_notify.conf delete mode 100644 netdata/msmtprc delete mode 100644 proxy/compose.yaml delete mode 100644 proxy/dynamic/security.yaml delete mode 100644 umami/compose.yaml delete mode 100644 watch/compose.yaml diff --git a/netdata/Dockerfile b/netdata/Dockerfile deleted file mode 100644 index 6daf85a..0000000 --- a/netdata/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# Dockerfile for Netdata with msmtp support for email alerts -FROM netdata/netdata:latest - -# Install msmtp for sending emails -RUN apt-get update && \ - apt-get install -y msmtp msmtp-mta ca-certificates && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - -# Set proper permissions for msmtp config -RUN chmod 600 /etc/msmtprc || true diff --git a/netdata/compose.yaml b/netdata/compose.yaml deleted file mode 100644 index e973232..0000000 --- a/netdata/compose.yaml +++ /dev/null @@ -1,70 +0,0 @@ -services: - netdata: - build: - context: . - dockerfile: Dockerfile - image: ${NETDATA_IMAGE:-netdata/netdata:latest} - container_name: ${NETDATA_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - hostname: ${NETDATA_HOSTNAME:-netdata.pivoine.art} - cap_add: - - SYS_PTRACE - - SYS_ADMIN - security_opt: - - apparmor:unconfined - volumes: - - netdata_config:/etc/netdata - - netdata_lib:/var/lib/netdata - - netdata_cache:/var/cache/netdata - - ./go.d/postgres.conf:/etc/netdata/go.d/postgres.conf:ro - - ./go.d/filecheck.conf:/etc/netdata/go.d/filecheck.conf:ro - - ./health_alarm_notify.conf:/etc/netdata/health_alarm_notify.conf:ro - - ./msmtprc:/etc/msmtprc:ro - - /mnt/hidrive/users/valknar/Backup:/mnt/hidrive/users/valknar/Backup:ro - - /etc/passwd:/host/etc/passwd:ro - - /etc/group:/host/etc/group:ro - - /etc/localtime:/etc/localtime:ro - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /etc/os-release:/host/etc/os-release:ro - - /var/log:/host/var/log:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - environment: - - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} - - NETDATA_CLAIM_URL=${NETDATA_CLAIM_URL:-} - - NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS:-} - - MATTERMOST_WEBHOOK_URL=${MATTERMOST_WEBHOOK_URL:-} - networks: - - compose_network - labels: - - 'traefik.enable=${NETDATA_TRAEFIK_ENABLED}' - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${NETDATA_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - # HTTPS router - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${NETDATA_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-compress.compress=true' - - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}' - - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-auth,${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file' - # Service - - 'traefik.http.services.${NETDATA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=19999' - - 'traefik.docker.network=${NETWORK_NAME}' - # Watchtower - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -volumes: - netdata_config: - name: ${NETDATA_COMPOSE_PROJECT_NAME}_config - netdata_lib: - name: ${NETDATA_COMPOSE_PROJECT_NAME}_lib - netdata_cache: - name: ${NETDATA_COMPOSE_PROJECT_NAME}_cache - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true diff --git a/netdata/go.d/filecheck.conf b/netdata/go.d/filecheck.conf deleted file mode 100644 index ee87551..0000000 --- a/netdata/go.d/filecheck.conf +++ /dev/null @@ -1,5 +0,0 @@ -jobs: - - name: restic_repository - dirs: - include: - - '/mnt/hidrive/users/valknar/Backup' diff --git a/netdata/go.d/postgres.conf b/netdata/go.d/postgres.conf deleted file mode 100644 index 03e0dd5..0000000 --- a/netdata/go.d/postgres.conf +++ /dev/null @@ -1,3 +0,0 @@ -jobs: - - name: docker_core_postgres - dsn: 'postgres://netdata:netdata_monitor_password@172.18.0.5:5432/postgres' diff --git a/netdata/health_alarm_notify.conf b/netdata/health_alarm_notify.conf deleted file mode 100644 index bf95fda..0000000 --- a/netdata/health_alarm_notify.conf +++ /dev/null @@ -1,47 +0,0 @@ -# Netdata health alarm notification configuration -# This file configures where to send alarm notifications - -# Enable/disable sending email notifications -SEND_EMAIL="YES" - -# Recipient email address for all alarms -DEFAULT_RECIPIENT_EMAIL="${ADMIN_EMAIL}" - -# Email sender address -EMAIL_SENDER="${EMAIL_FROM}" - -# SMTP configuration -SENDMAIL="" -EMAIL_SENDER="${EMAIL_FROM}" - -# Custom send email command using msmtp -EMAIL_COMMAND="msmtp -t" - -# Enable specific notification types -role_recipients_email[sysadmin]="${ADMIN_EMAIL}" -role_recipients_email[domainadmin]="${ADMIN_EMAIL}" -role_recipients_email[dba]="${ADMIN_EMAIL}" -role_recipients_email[webmaster]="${ADMIN_EMAIL}" -role_recipients_email[proxyadmin]="${ADMIN_EMAIL}" -role_recipients_email[sitemgr]="${ADMIN_EMAIL}" - -############################################################################### -# Mattermost notifications via Slack-compatible webhook -############################################################################### - -# Enable Slack notifications (Mattermost supports Slack-compatible webhooks) -SEND_SLACK="YES" - -# Mattermost incoming webhook URL (Slack-compatible) -SLACK_WEBHOOK_URL="${MATTERMOST_WEBHOOK_URL}" - -# Slack channel (optional, webhook default channel will be used if empty) -DEFAULT_RECIPIENT_SLACK="" - -# Slack notification recipients per role -role_recipients_slack[sysadmin]="notifications" -role_recipients_slack[domainadmin]="notifications" -role_recipients_slack[dba]="notifications" -role_recipients_slack[webmaster]="notifications" -role_recipients_slack[proxyadmin]="notifications" -role_recipients_slack[sitemgr]="notifications" diff --git a/netdata/msmtprc b/netdata/msmtprc deleted file mode 100644 index be22c16..0000000 --- a/netdata/msmtprc +++ /dev/null @@ -1,20 +0,0 @@ -# MSMTP configuration for Netdata email alerts - -# Set default values for all accounts -defaults -auth on -tls on -tls_trust_file /etc/ssl/certs/ca-certificates.crt -logfile /var/log/msmtp.log - -# IONOS SMTP account -account ionos -host smtp.ionos.de -port 465 -tls_starttls off -from hi@pivoine.art -user hi@pivoine.art -password jaquoment - -# Set default account -account default : ionos diff --git a/proxy/compose.yaml b/proxy/compose.yaml deleted file mode 100644 index 304d5e0..0000000 --- a/proxy/compose.yaml +++ /dev/null @@ -1,92 +0,0 @@ -services: - traefik: - image: ${PROXY_DOCKER_IMAGE} - container_name: ${PROXY_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - command: - # API & Dashboard - - '--api.dashboard=true' - - '--api.insecure=false' - - # Ping endpoint for healthcheck - - '--ping=true' - - # Experimental plugins - - '--experimental.plugins.sablier.modulename=github.com/acouvreur/sablier' - - '--experimental.plugins.sablier.version=v1.8.0' - - # Logging - - '--log.level=${PROXY_LOG_LEVEL:-INFO}' - - '--accesslog=true' - - # Global - - '--global.sendAnonymousUsage=false' - - '--global.checkNewVersion=true' - - # Docker Provider - - '--providers.docker=true' - - '--providers.docker.exposedbydefault=false' - - '--providers.docker.network=${NETWORK_NAME}' - - # File Provider for dynamic configuration - - '--providers.file.directory=/etc/traefik/dynamic' - - '--providers.file.watch=true' - - # Entrypoints - - '--entrypoints.web.address=:${PROXY_PORT_HTTP:-80}' - - '--entrypoints.web-secure.address=:${PROXY_PORT_HTTPS:-443}' - - # Global HTTP to HTTPS redirect - - '--entrypoints.web.http.redirections.entryPoint.to=web-secure' - - '--entrypoints.web.http.redirections.entryPoint.scheme=https' - - '--entrypoints.web.http.redirections.entryPoint.permanent=true' - - # Security Headers (applied globally) - - '--entrypoints.web-secure.http.middlewares=security-headers@file' - - # Let's Encrypt - - '--certificatesresolvers.resolver.acme.tlschallenge=true' - - '--certificatesresolvers.resolver.acme.email=${ADMIN_EMAIL}' - - '--certificatesresolvers.resolver.acme.storage=/letsencrypt/acme.json' - - healthcheck: - test: ["CMD", "traefik", "healthcheck", "--ping"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 10s - - environment: - AUTH_USERS: ${AUTH_USERS} - - networks: - - compose_network - - ports: - - "${PROXY_PORT_HTTP:-80}:80" - - "${PROXY_PORT_HTTPS:-443}:443" - - volumes: - - letsencrypt_data:/letsencrypt - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./dynamic:/etc/traefik/dynamic:ro - - labels: - - 'traefik.enable=true' - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.rule=Host(`${PROXY_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - # HTTPS router with auth - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${PROXY_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.service=api@internal' - - 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}' - - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-auth' - - 'traefik.http.services.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080' - - 'traefik.docker.network=${NETWORK_NAME}' -volumes: - letsencrypt_data: - name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data diff --git a/proxy/dynamic/security.yaml b/proxy/dynamic/security.yaml deleted file mode 100644 index b6f925b..0000000 --- a/proxy/dynamic/security.yaml +++ /dev/null @@ -1,61 +0,0 @@ -tls: - options: - default: - minVersion: VersionTLS12 - cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 - curvePreferences: - - CurveP521 - - CurveP384 - sniStrict: true - -http: - middlewares: - # Security Headers Middleware - security-headers: - headers: - # HSTS (HTTP Strict Transport Security) - stsSeconds: 31536000 - stsIncludeSubdomains: true - stsPreload: true - - # Force HTTPS - forceSTSHeader: true - - # Clickjacking protection - customFrameOptionsValue: "SAMEORIGIN" - - # XSS Protection - browserXssFilter: true - - # Content Type sniffing protection - contentTypeNosniff: true - - # Referrer Policy - referrerPolicy: "strict-origin-when-cross-origin" - - # Permissions Policy (formerly Feature Policy) - customResponseHeaders: - X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" - Permissions-Policy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" - X-Content-Type-Options: "nosniff" - X-Frame-Options: "SAMEORIGIN" - - # Rate Limiting Middleware (optional, can be applied per service) - rate-limit: - rateLimit: - average: 100 - burst: 50 - period: 1s - - # Rate Limiting for API endpoints (stricter) - api-rate-limit: - rateLimit: - average: 30 - burst: 15 - period: 1s diff --git a/umami/compose.yaml b/umami/compose.yaml deleted file mode 100644 index 744255a..0000000 --- a/umami/compose.yaml +++ /dev/null @@ -1,44 +0,0 @@ -services: - umami: - image: ${TRACK_DOCKER_IMAGE} - container_name: ${TRACK_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - environment: - TZ: ${TIMEZONE:-Europe/Amsterdam} - - # Database Configuration - DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${TRACK_DB_NAME} - DATABASE_TYPE: postgresql - - # Application Secret - APP_SECRET: ${TRACK_APP_SECRET} - - # Redis Cache Integration - REDIS_URL: redis://${CORE_REDIS_HOST}:${CORE_REDIS_PORT} - CACHE_ENABLED: true - - - networks: - - compose_network - - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"] - interval: 30s - timeout: 10s - retries: 5 - start_period: 40s - - labels: - # Traefik Configuration - - 'traefik.enable=${TRACK_TRAEFIK_ENABLED:-true}' - - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.middlewares=${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TRACK_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.services.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000' - - 'traefik.docker.network=${NETWORK_NAME}' diff --git a/watch/compose.yaml b/watch/compose.yaml deleted file mode 100644 index 4231f55..0000000 --- a/watch/compose.yaml +++ /dev/null @@ -1,30 +0,0 @@ -services: - watchtower: - image: containrrr/watchtower:latest - container_name: watchtower - restart: unless-stopped - volumes: - - /var/run/docker.sock:/var/run/docker.sock - environment: - # Check for updates every 5 minutes (300 seconds) - WATCHTOWER_POLL_INTERVAL: ${WATCHTOWER_POLL_INTERVAL:-300} - # Only update containers with the watchtower label - WATCHTOWER_LABEL_ENABLE: ${WATCHTOWER_LABEL_ENABLE:-true} - # Clean up old images after update - WATCHTOWER_CLEANUP: ${WATCHTOWER_CLEANUP:-true} - # Include stopped containers - WATCHTOWER_INCLUDE_STOPPED: ${WATCHTOWER_INCLUDE_STOPPED:-false} - # Include restarting containers - WATCHTOWER_INCLUDE_RESTARTING: ${WATCHTOWER_INCLUDE_RESTARTING:-true} - # Run once and exit (set to false for continuous monitoring) - WATCHTOWER_RUN_ONCE: ${WATCHTOWER_RUN_ONCE:-false} - # Notifications via Shoutrrr - WATCHTOWER_NOTIFICATIONS: ${WATCHTOWER_NOTIFICATIONS:-} - WATCHTOWER_NOTIFICATION_URL: ${WATCHTOWER_NOTIFICATION_URL:-} - # Log level (trace, debug, info, warn, error, fatal, panic) - WATCHTOWER_LOG_LEVEL: ${WATCHTOWER_LOG_LEVEL:-info} - # Rolling restart (update one container at a time) - WATCHTOWER_ROLLING_RESTART: ${WATCHTOWER_ROLLING_RESTART:-false} - labels: - # Allow watchtower to update itself - - com.centurylinklabs.watchtower.enable=true