valknar/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove old proxy, netdata, watch, and umami stack directories

Browse Source 
All services have been consolidated into the net stack.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2025-11-15 17:03:09 +01:00
parent 23fbae0228
commit 34ac4a35c3
10 changed files with 0 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
netdata/Dockerfile
View File

@@ -1,11 +0,0 @@
# Dockerfile for Netdata with msmtp support for email alerts
FROM netdata/netdata:latest
# Install msmtp for sending emails
RUN apt-get update && \
apt-get install -y msmtp msmtp-mta ca-certificates && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Set proper permissions for msmtp config
RUN chmod 600 /etc/msmtprc || true

70
netdata/compose.yaml
View File

@@ -1,70 +0,0 @@
services:
netdata:
build:
context: .
dockerfile: Dockerfile
image: ${NETDATA_IMAGE:-netdata/netdata:latest}
container_name: ${NETDATA_COMPOSE_PROJECT_NAME}_app
restart: unless-stopped
hostname: ${NETDATA_HOSTNAME:-netdata.pivoine.art}
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
volumes:
- netdata_config:/etc/netdata
- netdata_lib:/var/lib/netdata
- netdata_cache:/var/cache/netdata
- ./go.d/postgres.conf:/etc/netdata/go.d/postgres.conf:ro
- ./go.d/filecheck.conf:/etc/netdata/go.d/filecheck.conf:ro
- ./health_alarm_notify.conf:/etc/netdata/health_alarm_notify.conf:ro
- ./msmtprc:/etc/msmtprc:ro
- /mnt/hidrive/users/valknar/Backup:/mnt/hidrive/users/valknar/Backup:ro
- /etc/passwd:/host/etc/passwd:ro
- /etc/group:/host/etc/group:ro
- /etc/localtime:/etc/localtime:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /etc/os-release:/host/etc/os-release:ro
- /var/log:/host/var/log:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-}
- NETDATA_CLAIM_URL=${NETDATA_CLAIM_URL:-}
- NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS:-}
- MATTERMOST_WEBHOOK_URL=${MATTERMOST_WEBHOOK_URL:-}
networks:
- compose_network
labels:
- 'traefik.enable=${NETDATA_TRAEFIK_ENABLED}'
# HTTP to HTTPS redirect
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
# HTTPS router
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-compress.compress=true'
- 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
- 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-auth,${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
# Service
- 'traefik.http.services.${NETDATA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=19999'
- 'traefik.docker.network=${NETWORK_NAME}'
# Watchtower
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
volumes:
netdata_config:
name: ${NETDATA_COMPOSE_PROJECT_NAME}_config
netdata_lib:
name: ${NETDATA_COMPOSE_PROJECT_NAME}_lib
netdata_cache:
name: ${NETDATA_COMPOSE_PROJECT_NAME}_cache
networks:
compose_network:
name: ${NETWORK_NAME}
external: true

5
netdata/go.d/filecheck.conf
View File

@@ -1,5 +0,0 @@
jobs:
- name: restic_repository
dirs:
include:
- '/mnt/hidrive/users/valknar/Backup'

3
netdata/go.d/postgres.conf
View File

@@ -1,3 +0,0 @@
jobs:
- name: docker_core_postgres
dsn: 'postgres://netdata:netdata_monitor_password@172.18.0.5:5432/postgres'

47
netdata/health_alarm_notify.conf
View File

@@ -1,47 +0,0 @@
# Netdata health alarm notification configuration
# This file configures where to send alarm notifications
# Enable/disable sending email notifications
SEND_EMAIL="YES"
# Recipient email address for all alarms
DEFAULT_RECIPIENT_EMAIL="${ADMIN_EMAIL}"
# Email sender address
EMAIL_SENDER="${EMAIL_FROM}"
# SMTP configuration
SENDMAIL=""
EMAIL_SENDER="${EMAIL_FROM}"
# Custom send email command using msmtp
EMAIL_COMMAND="msmtp -t"
# Enable specific notification types
role_recipients_email[sysadmin]="${ADMIN_EMAIL}"
role_recipients_email[domainadmin]="${ADMIN_EMAIL}"
role_recipients_email[dba]="${ADMIN_EMAIL}"
role_recipients_email[webmaster]="${ADMIN_EMAIL}"
role_recipients_email[proxyadmin]="${ADMIN_EMAIL}"
role_recipients_email[sitemgr]="${ADMIN_EMAIL}"
###############################################################################
# Mattermost notifications via Slack-compatible webhook
###############################################################################
# Enable Slack notifications (Mattermost supports Slack-compatible webhooks)
SEND_SLACK="YES"
# Mattermost incoming webhook URL (Slack-compatible)
SLACK_WEBHOOK_URL="${MATTERMOST_WEBHOOK_URL}"
# Slack channel (optional, webhook default channel will be used if empty)
DEFAULT_RECIPIENT_SLACK=""
# Slack notification recipients per role
role_recipients_slack[sysadmin]="notifications"
role_recipients_slack[domainadmin]="notifications"
role_recipients_slack[dba]="notifications"
role_recipients_slack[webmaster]="notifications"
role_recipients_slack[proxyadmin]="notifications"
role_recipients_slack[sitemgr]="notifications"

20
netdata/msmtprc
View File

@@ -1,20 +0,0 @@
# MSMTP configuration for Netdata email alerts
# Set default values for all accounts
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
# IONOS SMTP account
account ionos
host smtp.ionos.de
port 465
tls_starttls off
from hi@pivoine.art
user hi@pivoine.art
password jaquoment
# Set default account
account default : ionos

92
proxy/compose.yaml
View File

@@ -1,92 +0,0 @@
services:
traefik:
image: ${PROXY_DOCKER_IMAGE}
container_name: ${PROXY_COMPOSE_PROJECT_NAME}_app
restart: unless-stopped
command:
# API & Dashboard
- '--api.dashboard=true'
- '--api.insecure=false'
# Ping endpoint for healthcheck
- '--ping=true'
# Experimental plugins
- '--experimental.plugins.sablier.modulename=github.com/acouvreur/sablier'
- '--experimental.plugins.sablier.version=v1.8.0'
# Logging
- '--log.level=${PROXY_LOG_LEVEL:-INFO}'
- '--accesslog=true'
# Global
- '--global.sendAnonymousUsage=false'
- '--global.checkNewVersion=true'
# Docker Provider
- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.network=${NETWORK_NAME}'
# File Provider for dynamic configuration
- '--providers.file.directory=/etc/traefik/dynamic'
- '--providers.file.watch=true'
# Entrypoints
- '--entrypoints.web.address=:${PROXY_PORT_HTTP:-80}'
- '--entrypoints.web-secure.address=:${PROXY_PORT_HTTPS:-443}'
# Global HTTP to HTTPS redirect
- '--entrypoints.web.http.redirections.entryPoint.to=web-secure'
- '--entrypoints.web.http.redirections.entryPoint.scheme=https'
- '--entrypoints.web.http.redirections.entryPoint.permanent=true'
# Security Headers (applied globally)
- '--entrypoints.web-secure.http.middlewares=security-headers@file'
# Let's Encrypt
- '--certificatesresolvers.resolver.acme.tlschallenge=true'
- '--certificatesresolvers.resolver.acme.email=${ADMIN_EMAIL}'
- '--certificatesresolvers.resolver.acme.storage=/letsencrypt/acme.json'
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
environment:
AUTH_USERS: ${AUTH_USERS}
networks:
- compose_network
ports:
- "${PROXY_PORT_HTTP:-80}:80"
- "${PROXY_PORT_HTTPS:-443}:443"
volumes:
- letsencrypt_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./dynamic:/etc/traefik/dynamic:ro
labels:
- 'traefik.enable=true'
# HTTP to HTTPS redirect
- 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-redirect-web-secure'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.rule=Host(`${PROXY_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
# HTTPS router with auth
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${PROXY_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.service=api@internal'
- 'traefik.http.middlewares.${PROXY_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${PROXY_COMPOSE_PROJECT_NAME}-auth'
- 'traefik.http.services.${PROXY_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080'
- 'traefik.docker.network=${NETWORK_NAME}'
volumes:
letsencrypt_data:
name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data

61
proxy/dynamic/security.yaml
View File

@@ -1,61 +0,0 @@
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
middlewares:
# Security Headers Middleware
security-headers:
headers:
# HSTS (HTTP Strict Transport Security)
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
# Force HTTPS
forceSTSHeader: true
# Clickjacking protection
customFrameOptionsValue: "SAMEORIGIN"
# XSS Protection
browserXssFilter: true
# Content Type sniffing protection
contentTypeNosniff: true
# Referrer Policy
referrerPolicy: "strict-origin-when-cross-origin"
# Permissions Policy (formerly Feature Policy)
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
Permissions-Policy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()"
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
# Rate Limiting Middleware (optional, can be applied per service)
rate-limit:
rateLimit:
average: 100
burst: 50
period: 1s
# Rate Limiting for API endpoints (stricter)
api-rate-limit:
rateLimit:
average: 30
burst: 15
period: 1s

44
umami/compose.yaml
View File

@@ -1,44 +0,0 @@
services:
umami:
image: ${TRACK_DOCKER_IMAGE}
container_name: ${TRACK_COMPOSE_PROJECT_NAME}_app
restart: unless-stopped
environment:
TZ: ${TIMEZONE:-Europe/Amsterdam}
# Database Configuration
DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${TRACK_DB_NAME}
DATABASE_TYPE: postgresql
# Application Secret
APP_SECRET: ${TRACK_APP_SECRET}
# Redis Cache Integration
REDIS_URL: redis://${CORE_REDIS_HOST}:${CORE_REDIS_PORT}
CACHE_ENABLED: true
networks:
- compose_network
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 40s
labels:
# Traefik Configuration
- 'traefik.enable=${TRACK_TRAEFIK_ENABLED:-true}'
# HTTP to HTTPS redirect
- 'traefik.http.middlewares.${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.middlewares=${TRACK_COMPOSE_PROJECT_NAME}-redirect-web-secure'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TRACK_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
- 'traefik.http.routers.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
- 'traefik.http.services.${TRACK_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000'
- 'traefik.docker.network=${NETWORK_NAME}'

30
watch/compose.yaml
View File

@@ -1,30 +0,0 @@
services:
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
# Check for updates every 5 minutes (300 seconds)
WATCHTOWER_POLL_INTERVAL: ${WATCHTOWER_POLL_INTERVAL:-300}
# Only update containers with the watchtower label
WATCHTOWER_LABEL_ENABLE: ${WATCHTOWER_LABEL_ENABLE:-true}
# Clean up old images after update
WATCHTOWER_CLEANUP: ${WATCHTOWER_CLEANUP:-true}
# Include stopped containers
WATCHTOWER_INCLUDE_STOPPED: ${WATCHTOWER_INCLUDE_STOPPED:-false}
# Include restarting containers
WATCHTOWER_INCLUDE_RESTARTING: ${WATCHTOWER_INCLUDE_RESTARTING:-true}
# Run once and exit (set to false for continuous monitoring)
WATCHTOWER_RUN_ONCE: ${WATCHTOWER_RUN_ONCE:-false}
# Notifications via Shoutrrr
WATCHTOWER_NOTIFICATIONS: ${WATCHTOWER_NOTIFICATIONS:-}
WATCHTOWER_NOTIFICATION_URL: ${WATCHTOWER_NOTIFICATION_URL:-}
# Log level (trace, debug, info, warn, error, fatal, panic)
WATCHTOWER_LOG_LEVEL: ${WATCHTOWER_LOG_LEVEL:-info}
# Rolling restart (update one container at a time)
WATCHTOWER_ROLLING_RESTART: ${WATCHTOWER_ROLLING_RESTART:-false}
labels:
# Allow watchtower to update itself
- com.centurylinklabs.watchtower.enable=true