From f0ab11502a4e83690761c2a4a16cd37b94e0c81b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Sat, 15 Nov 2025 16:44:21 +0100 Subject: [PATCH] feat: create util stack consolidating utility services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Consolidates 6 utility services into a single util stack: - drop (PairDrop) - P2P file sharing - joplin (Joplin Server) - Note-taking and sync - links (Linkwarden) - Bookmark manager with Meilisearch - mattermost (Mattermost) - Team collaboration - vault (Vaultwarden) - Password manager - tandoor (Tandoor) - Recipe manager Changes: - Created util/compose.yaml with all 6 services - Moved rtc_config.json to util directory - Updated environment variables to use UTIL_ prefix - Updated restic volume references to util_* names - Container names changed from {service}_app to util_{service} - Volume names changed from {service}_* to util_{service}_* - Removed individual stack directories (drop, joplin, links, mattermost, vault, tandoor) - Updated compose.yaml to include util/compose.yaml instead of individual stacks All services maintain their original hostnames and functionality. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- arty.yml | 77 ++++---- compose.yaml | 7 +- drop/compose.yaml | 41 ----- joplin/compose.yaml | 52 ------ links/compose.yaml | 54 ------ mattermost/compose.yaml | 74 -------- restic/compose.yaml | 54 +++--- tandoor/compose.yaml | 78 -------- util/compose.yaml | 324 +++++++++++++++++++++++++++++++++ {drop => util}/rtc_config.json | 0 vault/compose.yaml | 46 ----- 11 files changed, 388 insertions(+), 419 deletions(-) delete mode 100644 drop/compose.yaml delete mode 100644 joplin/compose.yaml delete mode 100644 links/compose.yaml delete mode 100644 mattermost/compose.yaml delete mode 100644 tandoor/compose.yaml create mode 100644 util/compose.yaml rename {drop => util}/rtc_config.json (100%) delete mode 100644 vault/compose.yaml diff --git a/arty.yml b/arty.yml index c133180..14ba4d8 100644 --- a/arty.yml +++ b/arty.yml @@ -40,25 +40,44 @@ envs: SEXY_PASSWORD_RESET_URL_ALLOW_LIST: https://sexy.pivoine.art/password/reset SEXY_FRONTEND_PUBLIC_API_URL: https://sexy.pivoine.art/api SEXY_FRONTEND_PUBLIC_URL: https://sexy.pivoine.art + # Util Stack (Mattermost, Tandoor, Linkwarden, Vault, Joplin, PairDrop) + UTIL_TRAEFIK_ENABLED: true + UTIL_COMPOSE_PROJECT_NAME: util # Mattermost - MATTERMOST_TRAEFIK_ENABLED: true - MATTERMOST_COMPOSE_PROJECT_NAME: mattermost - MATTERMOST_IMAGE: mattermost/mattermost-team-edition:latest - MATTERMOST_TRAEFIK_HOST: mattermost.pivoine.art - MATTERMOST_DB_NAME: mattermost + UTIL_MATTERMOST_IMAGE: mattermost/mattermost-team-edition:latest + UTIL_MATTERMOST_TRAEFIK_HOST: mattermost.pivoine.art + UTIL_MATTERMOST_DB_NAME: mattermost # Tandoor - TANDOOR_TRAEFIK_ENABLED: true - TANDOOR_COMPOSE_PROJECT_NAME: tandoor - TANDOOR_IMAGE: vabene1111/recipes:latest - TANDOOR_TRAEFIK_HOST: tandoor.pivoine.art - TANDOOR_DB_NAME: tandoor - TANDOOR_ENABLE_SIGNUP: 0 - TANDOOR_REVERSE_PROXY_AUTH: 0 - TANDOOR_EMAIL_USE_TLS: 0 - TANDOOR_EMAIL_USE_SSL: 1 - TANDOOR_GUNICORN_MEDIA: 0 - TANDOOR_COMMENT_PREF_DEFAULT: 1 - TANDOOR_SHOPPING_MIN_AUTOSYNC_INTERVAL: 5 + UTIL_TANDOOR_IMAGE: vabene1111/recipes:latest + UTIL_TANDOOR_TRAEFIK_HOST: tandoor.pivoine.art + UTIL_TANDOOR_DB_NAME: tandoor + UTIL_TANDOOR_ENABLE_SIGNUP: 0 + UTIL_TANDOOR_REVERSE_PROXY_AUTH: 0 + UTIL_TANDOOR_EMAIL_USE_TLS: 0 + UTIL_TANDOOR_EMAIL_USE_SSL: 1 + UTIL_TANDOOR_GUNICORN_MEDIA: 0 + UTIL_TANDOOR_COMMENT_PREF_DEFAULT: 1 + UTIL_TANDOOR_SHOPPING_MIN_AUTOSYNC_INTERVAL: 5 + # Linkwarden + UTIL_LINKS_DOCKER_IMAGE: ghcr.io/linkwarden/linkwarden:latest + UTIL_LINKS_TRAEFIK_HOST: links.pivoine.art + UTIL_LINKS_DB_NAME: linkwarden + UTIL_LINKS_MEILI_IMAGE: getmeili/meilisearch:v1.12.8 + UTIL_LINKS_MEILI_NO_ANALYTICS: true + # Vault + UTIL_VAULT_IMAGE: vaultwarden/server:latest + UTIL_VAULT_TRAEFIK_HOST: vault.pivoine.art + UTIL_VAULT_WEBSOCKET_ENABLED: true + UTIL_VAULT_SIGNUPS_ALLOWED: true + UTIL_VAULT_INVITATIONS_ALLOWED: true + UTIL_VAULT_SHOW_PASSWORD_HINT: false + # Joplin + UTIL_JOPLIN_IMAGE: joplin/server:latest + UTIL_JOPLIN_TRAEFIK_HOST: joplin.pivoine.art + UTIL_JOPLIN_APP_PORT: 22300 + UTIL_JOPLIN_DB_NAME: joplin + # PairDrop + UTIL_DROP_TRAEFIK_HOST: drop.pivoine.art # Filestash STASH_TRAEFIK_ENABLED: true STASH_COMPOSE_PROJECT_NAME: stash @@ -66,14 +85,6 @@ envs: STASH_TRAEFIK_HOST: stash.pivoine.art STASH_PORT: 8334 STASH_CANARY: true - # Linkwarden - LINKS_TRAEFIK_ENABLED: true - LINKS_COMPOSE_PROJECT_NAME: links - LINKS_DOCKER_IMAGE: ghcr.io/linkwarden/linkwarden:latest - LINKS_TRAEFIK_HOST: links.pivoine.art - LINKS_DB_NAME: linkwarden - LINKS_MEILI_IMAGE: getmeili/meilisearch:v1.12.8 - LINKS_MEILI_NO_ANALYTICS: true # Restic RESTIC_TRAEFIK_ENABLED: true RESTIC_COMPOSE_PROJECT_NAME: restic @@ -81,22 +92,6 @@ envs: RESTIC_TRAEFIK_HOST: restic.pivoine.art RESTIC_HOSTNAME: falcon RESTIC_BACKUP_PATH: /mnt/hidrive/users/valknar/Backup - # Vault - VAULT_TRAEFIK_ENABLED: true - VAULT_COMPOSE_PROJECT_NAME: vault - VAULT_IMAGE: vaultwarden/server:latest - VAULT_TRAEFIK_HOST: vault.pivoine.art - VAULT_WEBSOCKET_ENABLED: true - VAULT_SIGNUPS_ALLOWED: true - VAULT_INVITATIONS_ALLOWED: true - VAULT_SHOW_PASSWORD_HINT: false - # Joplin - JOPLIN_TRAEFIK_ENABLED: true - JOPLIN_COMPOSE_PROJECT_NAME: joplin - JOPLIN_IMAGE: joplin/server:latest - JOPLIN_TRAEFIK_HOST: joplin.pivoine.art - JOPLIN_APP_PORT: 22300 - JOPLIN_DB_NAME: joplin # Jellyfin JELLY_TRAEFIK_ENABLED: true JELLY_COMPOSE_PROJECT_NAME: jelly diff --git a/compose.yaml b/compose.yaml index e902299..099f88b 100644 --- a/compose.yaml +++ b/compose.yaml @@ -2,12 +2,7 @@ name: falcon include: - core/compose.yaml - sexy/compose.yaml - - mattermost/compose.yaml - - tandoor/compose.yaml - - links/compose.yaml - - vault/compose.yaml - - joplin/compose.yaml - - drop/compose.yaml + - util/compose.yaml - ai/compose.yaml - restic/compose.yaml - netdata/compose.yaml diff --git a/drop/compose.yaml b/drop/compose.yaml deleted file mode 100644 index 89d332b..0000000 --- a/drop/compose.yaml +++ /dev/null @@ -1,41 +0,0 @@ -services: - pairdrop: - image: lscr.io/linuxserver/pairdrop:latest - container_name: ${DROP_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - volumes: - - ./rtc_config.json:/rtc_config.json:ro - environment: - PUID: 1000 - PGID: 1000 - TZ: ${TIMEZONE:-Europe/Berlin} - RATE_LIMIT: true - WS_FALLBACK: true - WS_SERVER: true - RTC_CONFIG: /rtc_config.json - DEBUG_MODE: true - networks: - - compose_network - labels: - - 'traefik.enable=${DROP_TRAEFIK_ENABLED}' - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${DROP_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web.middlewares=${DROP_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web.rule=Host(`${DROP_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - # HTTPS router - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${DROP_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${DROP_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${DROP_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${DROP_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file' - # Service - - 'traefik.http.services.${DROP_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000' - - 'traefik.docker.network=${NETWORK_NAME}' - # Watchtower - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true diff --git a/joplin/compose.yaml b/joplin/compose.yaml deleted file mode 100644 index 8bc04fe..0000000 --- a/joplin/compose.yaml +++ /dev/null @@ -1,52 +0,0 @@ -services: - joplin: - image: ${JOPLIN_IMAGE:-joplin/server:latest} - container_name: ${JOPLIN_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - volumes: - - joplin_data:/data - environment: - TZ: ${TIMEZONE:-Europe/Berlin} - APP_PORT: ${JOPLIN_APP_PORT:-22300} - APP_BASE_URL: https://${JOPLIN_TRAEFIK_HOST} - DB_CLIENT: pg - POSTGRES_HOST: ${CORE_DB_HOST} - POSTGRES_PORT: ${CORE_DB_PORT} - POSTGRES_DATABASE: ${JOPLIN_DB_NAME} - POSTGRES_USER: ${DB_USER} - POSTGRES_PASSWORD: ${DB_PASSWORD} - MAILER_ENABLED: 1 - MAILER_HOST: ${EMAIL_SMTP_HOST} - MAILER_PORT: ${EMAIL_SMTP_PORT} - MAILER_SECURE: 1 - MAILER_AUTH_USER: ${EMAIL_SMTP_USER} - MAILER_AUTH_PASSWORD: ${EMAIL_SMTP_PASSWORD} - MAILER_NOREPLY_NAME: Joplin Server - MAILER_NOREPLY_EMAIL: ${EMAIL_FROM} - networks: - - compose_network - depends_on: - - postgres - labels: - - 'traefik.enable=${JOPLIN_TRAEFIK_ENABLED}' - - 'traefik.http.middlewares.${JOPLIN_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web.middlewares=${JOPLIN_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web.rule=Host(`${JOPLIN_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${JOPLIN_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure-compress' - - 'traefik.http.services.${JOPLIN_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=22300' - - 'traefik.docker.network=${NETWORK_NAME}' - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -volumes: - joplin_data: - name: joplin_data - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true diff --git a/links/compose.yaml b/links/compose.yaml deleted file mode 100644 index 173d48c..0000000 --- a/links/compose.yaml +++ /dev/null @@ -1,54 +0,0 @@ -services: - linkwarden: - image: ${LINKS_DOCKER_IMAGE} - container_name: ${LINKS_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - networks: - - compose_network - environment: - TZ: ${TIMEZONE:-Europe/Amsterdam} - DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${LINKS_DB_NAME} - NEXTAUTH_SECRET: ${LINKS_NEXTAUTH_SECRET} - NEXTAUTH_URL: https://${LINKS_TRAEFIK_HOST} - MEILI_ADDR: http://linkwarden_meilisearch:7700 - MEILI_MASTER_KEY: ${LINKS_MEILI_MASTER_KEY} - BASE_URL: https://${LINKS_TRAEFIK_HOST} - NEXT_PUBLIC_EMAIL_PROVIDER: true - EMAIL_FROM: ${EMAIL_FROM} - EMAIL_SERVER: ${LINKS_EMAIL_SERVER} - volumes: - - linkwarden_data:/data/data - depends_on: - - linkwarden_meilisearch - labels: - - 'traefik.enable=${LINKS_TRAEFIK_ENABLED:-true}' - - 'traefik.http.middlewares.${LINKS_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web.middlewares=${LINKS_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web.rule=Host(`${LINKS_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${LINKS_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${LINKS_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${LINKS_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${LINKS_COMPOSE_PROJECT_NAME}-web-secure-compress' - - 'traefik.http.services.${LINKS_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000' - - 'traefik.docker.network=${NETWORK_NAME}' - - 'com.centurylinklabs.watchtower.enable=true' - - linkwarden_meilisearch: - image: ${LINKS_MEILI_IMAGE} - container_name: ${LINKS_COMPOSE_PROJECT_NAME}_meilisearch - restart: unless-stopped - networks: - - compose_network - environment: - MEILI_MASTER_KEY: ${LINKS_MEILI_MASTER_KEY} - MEILI_NO_ANALYTICS: ${LINKS_MEILI_NO_ANALYTICS:-true} - volumes: - - linkwarden_meili_data:/meili_data - -volumes: - linkwarden_data: - name: ${LINKS_COMPOSE_PROJECT_NAME}_data - linkwarden_meili_data: - name: ${LINKS_COMPOSE_PROJECT_NAME}_meili_data diff --git a/mattermost/compose.yaml b/mattermost/compose.yaml deleted file mode 100644 index 7bec1dd..0000000 --- a/mattermost/compose.yaml +++ /dev/null @@ -1,74 +0,0 @@ -services: - mattermost: - image: ${MATTERMOST_IMAGE:-mattermost/mattermost-team-edition:latest} - container_name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - security_opt: - - no-new-privileges:true - pids_limit: 200 - read_only: false - tmpfs: - - /tmp - volumes: - - mattermost_config:/mattermost/config:rw - - mattermost_data:/mattermost/data:rw - - mattermost_logs:/mattermost/logs:rw - - mattermost_plugins:/mattermost/plugins:rw - - mattermost_client_plugins:/mattermost/client/plugins:rw - - mattermost_bleve:/mattermost/bleve-indexes:rw - environment: - TZ: ${TIMEZONE:-Europe/Berlin} - MM_SQLSETTINGS_DRIVERNAME: postgres - MM_SQLSETTINGS_DATASOURCE: postgres://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10 - MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes - MM_SERVICESETTINGS_SITEURL: https://${MATTERMOST_TRAEFIK_HOST} - MM_SERVICESETTINGS_ENABLELOCALMODE: "true" - # Email settings - MM_EMAILSETTINGS_ENABLESMTPAUTH: "true" - MM_EMAILSETTINGS_SMTPUSERNAME: ${EMAIL_SMTP_USER} - MM_EMAILSETTINGS_SMTPPASSWORD: ${EMAIL_SMTP_PASSWORD} - MM_EMAILSETTINGS_SMTPSERVER: ${EMAIL_SMTP_HOST} - MM_EMAILSETTINGS_SMTPPORT: ${EMAIL_SMTP_PORT} - MM_EMAILSETTINGS_CONNECTIONSECURITY: TLS - MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost - MM_EMAILSETTINGS_FEEDBACKEMAIL: ${EMAIL_FROM} - MM_EMAILSETTINGS_REPLYTOADDRESS: ${EMAIL_FROM} - networks: - - compose_network - labels: - - 'traefik.enable=${MATTERMOST_TRAEFIK_ENABLED}' - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - # HTTPS router - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file' - # Service - - 'traefik.http.services.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8065' - - 'traefik.docker.network=${NETWORK_NAME}' - # Watchtower - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -volumes: - mattermost_config: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_config - mattermost_data: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_data - mattermost_logs: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_logs - mattermost_plugins: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_plugins - mattermost_client_plugins: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_client_plugins - mattermost_bleve: - name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_bleve - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true diff --git a/restic/compose.yaml b/restic/compose.yaml index 1abe5cf..357ffba 100644 --- a/restic/compose.yaml +++ b/restic/compose.yaml @@ -19,18 +19,18 @@ services: - backup_core_redis_data:/volumes/core_redis_data:ro - backup_directus_uploads:/volumes/directus_uploads:ro - backup_directus_bundle:/volumes/directus_bundle:ro - - backup_mattermost_config:/volumes/mattermost_config:ro - - backup_mattermost_data:/volumes/mattermost_data:ro - - backup_mattermost_plugins:/volumes/mattermost_plugins:ro - - backup_tandoor_staticfiles:/volumes/tandoor_staticfiles:ro - - backup_tandoor_mediafiles:/volumes/tandoor_mediafiles:ro + - backup_util_mattermost_config:/volumes/mattermost_config:ro + - backup_util_mattermost_data:/volumes/mattermost_data:ro + - backup_util_mattermost_plugins:/volumes/mattermost_plugins:ro + - backup_util_tandoor_staticfiles:/volumes/tandoor_staticfiles:ro + - backup_util_tandoor_mediafiles:/volumes/tandoor_mediafiles:ro - backup_n8n_data:/volumes/n8n_data:ro - backup_filestash_data:/volumes/filestash_data:ro - - backup_linkwarden_data:/volumes/linkwarden_data:ro - - backup_linkwarden_meili_data:/volumes/linkwarden_meili_data:ro + - backup_util_linkwarden_data:/volumes/linkwarden_data:ro + - backup_util_linkwarden_meili_data:/volumes/linkwarden_meili_data:ro - backup_letsencrypt_data:/volumes/letsencrypt_data:ro - - backup_vaultwarden_data:/volumes/vaultwarden_data:ro - - backup_joplin_data:/volumes/joplin_data:ro + - backup_util_vaultwarden_data:/volumes/vaultwarden_data:ro + - backup_util_joplin_data:/volumes/joplin_data:ro - backup_jelly_config:/volumes/jelly_config:ro - backup_netdata_config:/volumes/netdata_config:ro - backup_ai_postgres_data:/volumes/ai_postgres_data:ro @@ -91,20 +91,20 @@ volumes: backup_directus_bundle: name: core_directus_bundle external: true - backup_mattermost_config: - name: mattermost_config + backup_util_mattermost_config: + name: util_mattermost_config external: true - backup_mattermost_data: - name: mattermost_data + backup_util_mattermost_data: + name: util_mattermost_data external: true - backup_mattermost_plugins: - name: mattermost_plugins + backup_util_mattermost_plugins: + name: util_mattermost_plugins external: true - backup_tandoor_staticfiles: - name: tandoor_staticfiles + backup_util_tandoor_staticfiles: + name: util_tandoor_staticfiles external: true - backup_tandoor_mediafiles: - name: tandoor_mediafiles + backup_util_tandoor_mediafiles: + name: util_tandoor_mediafiles external: true backup_n8n_data: name: dev_n8n_data @@ -112,20 +112,20 @@ volumes: backup_filestash_data: name: stash_filestash_data external: true - backup_linkwarden_data: - name: links_data + backup_util_linkwarden_data: + name: util_linkwarden_data external: true - backup_linkwarden_meili_data: - name: links_meili_data + backup_util_linkwarden_meili_data: + name: util_linkwarden_meili_data external: true backup_letsencrypt_data: name: proxy_letsencrypt_data external: true - backup_vaultwarden_data: - name: vault_data + backup_util_vaultwarden_data: + name: util_vaultwarden_data external: true - backup_joplin_data: - name: joplin_data + backup_util_joplin_data: + name: util_joplin_data external: true backup_jelly_config: diff --git a/tandoor/compose.yaml b/tandoor/compose.yaml deleted file mode 100644 index 3a16507..0000000 --- a/tandoor/compose.yaml +++ /dev/null @@ -1,78 +0,0 @@ -services: - tandoor: - image: ${TANDOOR_IMAGE:-vabene1111/recipes:latest} - container_name: ${TANDOOR_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - environment: - # Django settings - SECRET_KEY: ${TANDOOR_SECRET_KEY} - ALLOWED_HOSTS: ${TANDOOR_TRAEFIK_HOST} - TIMEZONE: ${TIMEZONE:-Europe/Berlin} - - # Database configuration - DB_ENGINE: django.db.backends.postgresql - POSTGRES_HOST: ${CORE_DB_HOST} - POSTGRES_PORT: ${CORE_DB_PORT} - POSTGRES_USER: ${DB_USER} - POSTGRES_PASSWORD: ${DB_PASSWORD} - POSTGRES_DB: ${TANDOOR_DB_NAME} - - # Application settings - ENABLE_SIGNUP: ${TANDOOR_ENABLE_SIGNUP:-0} - REVERSE_PROXY_AUTH: ${TANDOOR_REVERSE_PROXY_AUTH:-0} - - # Email configuration (IONOS SMTP) - EMAIL_HOST: ${EMAIL_SMTP_HOST} - EMAIL_PORT: ${EMAIL_SMTP_PORT} - EMAIL_HOST_USER: ${EMAIL_SMTP_USER} - EMAIL_HOST_PASSWORD: ${EMAIL_SMTP_PASSWORD} - EMAIL_USE_TLS: ${TANDOOR_EMAIL_USE_TLS:-0} - EMAIL_USE_SSL: ${TANDOOR_EMAIL_USE_SSL:-1} - DEFAULT_FROM_EMAIL: ${EMAIL_FROM} - - # Gunicorn settings - GUNICORN_MEDIA: ${TANDOOR_GUNICORN_MEDIA:-0} - - # Optional features - COMMENT_PREF_DEFAULT: ${TANDOOR_COMMENT_PREF_DEFAULT:-1} - SHOPPING_MIN_AUTOSYNC_INTERVAL: ${TANDOOR_SHOPPING_MIN_AUTOSYNC_INTERVAL:-5} - - volumes: - - tandoor_staticfiles:/opt/recipes/staticfiles - - tandoor_mediafiles:/opt/recipes/mediafiles - - depends_on: - - postgres - - networks: - - compose_network - - labels: - - 'traefik.enable=${TANDOOR_TRAEFIK_ENABLED}' - # HTTP to HTTPS redirect - - 'traefik.http.middlewares.${TANDOOR_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web.middlewares=${TANDOOR_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web.rule=Host(`${TANDOOR_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - # HTTPS router - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TANDOOR_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file' - # Service - - 'traefik.http.services.${TANDOOR_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=80' - - 'traefik.docker.network=${NETWORK_NAME}' - # Watchtower - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -volumes: - tandoor_staticfiles: - name: ${TANDOOR_COMPOSE_PROJECT_NAME}_staticfiles - tandoor_mediafiles: - name: ${TANDOOR_COMPOSE_PROJECT_NAME}_mediafiles - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true diff --git a/util/compose.yaml b/util/compose.yaml new file mode 100644 index 0000000..fbd6241 --- /dev/null +++ b/util/compose.yaml @@ -0,0 +1,324 @@ +services: + # PairDrop - P2P file sharing + pairdrop: + image: lscr.io/linuxserver/pairdrop:latest + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_pairdrop + restart: unless-stopped + volumes: + - ./rtc_config.json:/rtc_config.json:ro + environment: + PUID: 1000 + PGID: 1000 + TZ: ${TIMEZONE:-Europe/Berlin} + RATE_LIMIT: true + WS_FALLBACK: true + WS_SERVER: true + RTC_CONFIG: /rtc_config.json + DEBUG_MODE: true + networks: + - compose_network + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + # HTTP to HTTPS redirect + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web.rule=Host(`${UTIL_DROP_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web.entrypoints=web' + # HTTPS router + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure.rule=Host(`${UTIL_DROP_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure-compress,security-headers@file' + # Service + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-pairdrop-web-secure.loadbalancer.server.port=3000' + - 'traefik.docker.network=${NETWORK_NAME}' + # Watchtower + - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' + + # Joplin Server - Note-taking and sync + joplin: + image: ${UTIL_JOPLIN_IMAGE:-joplin/server:latest} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_joplin + restart: unless-stopped + volumes: + - joplin_data:/data + environment: + TZ: ${TIMEZONE:-Europe/Berlin} + APP_PORT: ${UTIL_JOPLIN_APP_PORT:-22300} + APP_BASE_URL: https://${UTIL_JOPLIN_TRAEFIK_HOST} + DB_CLIENT: pg + POSTGRES_HOST: ${CORE_DB_HOST} + POSTGRES_PORT: ${CORE_DB_PORT} + POSTGRES_DATABASE: ${UTIL_JOPLIN_DB_NAME} + POSTGRES_USER: ${DB_USER} + POSTGRES_PASSWORD: ${DB_PASSWORD} + MAILER_ENABLED: 1 + MAILER_HOST: ${EMAIL_SMTP_HOST} + MAILER_PORT: ${EMAIL_SMTP_PORT} + MAILER_SECURE: 1 + MAILER_AUTH_USER: ${EMAIL_SMTP_USER} + MAILER_AUTH_PASSWORD: ${EMAIL_SMTP_PASSWORD} + MAILER_NOREPLY_NAME: Joplin Server + MAILER_NOREPLY_EMAIL: ${EMAIL_FROM} + networks: + - compose_network + depends_on: + - postgres + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-joplin-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-joplin-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web.rule=Host(`${UTIL_JOPLIN_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web.entrypoints=web' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure.rule=Host(`${UTIL_JOPLIN_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure-compress' + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-joplin-web-secure.loadbalancer.server.port=22300' + - 'traefik.docker.network=${NETWORK_NAME}' + - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' + + # Linkwarden - Bookmark manager + linkwarden: + image: ${UTIL_LINKS_DOCKER_IMAGE} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_linkwarden + restart: unless-stopped + networks: + - compose_network + environment: + TZ: ${TIMEZONE:-Europe/Amsterdam} + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${UTIL_LINKS_DB_NAME} + NEXTAUTH_SECRET: ${LINKS_NEXTAUTH_SECRET} + NEXTAUTH_URL: https://${UTIL_LINKS_TRAEFIK_HOST} + MEILI_ADDR: http://linkwarden_meilisearch:7700 + MEILI_MASTER_KEY: ${LINKS_MEILI_MASTER_KEY} + BASE_URL: https://${UTIL_LINKS_TRAEFIK_HOST} + NEXT_PUBLIC_EMAIL_PROVIDER: true + EMAIL_FROM: ${EMAIL_FROM} + EMAIL_SERVER: ${LINKS_EMAIL_SERVER} + volumes: + - linkwarden_data:/data/data + depends_on: + - linkwarden_meilisearch + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web.rule=Host(`${UTIL_LINKS_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web.entrypoints=web' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure.rule=Host(`${UTIL_LINKS_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure-compress' + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-linkwarden-web-secure.loadbalancer.server.port=3000' + - 'traefik.docker.network=${NETWORK_NAME}' + - 'com.centurylinklabs.watchtower.enable=true' + + # Linkwarden Meilisearch + linkwarden_meilisearch: + image: ${UTIL_LINKS_MEILI_IMAGE} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_linkwarden_meilisearch + restart: unless-stopped + networks: + - compose_network + environment: + MEILI_MASTER_KEY: ${LINKS_MEILI_MASTER_KEY} + MEILI_NO_ANALYTICS: ${UTIL_LINKS_MEILI_NO_ANALYTICS:-true} + volumes: + - linkwarden_meili_data:/meili_data + + # Mattermost - Team collaboration + mattermost: + image: ${UTIL_MATTERMOST_IMAGE:-mattermost/mattermost-team-edition:latest} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost + restart: unless-stopped + security_opt: + - no-new-privileges:true + pids_limit: 200 + read_only: false + tmpfs: + - /tmp + volumes: + - mattermost_config:/mattermost/config:rw + - mattermost_data:/mattermost/data:rw + - mattermost_logs:/mattermost/logs:rw + - mattermost_plugins:/mattermost/plugins:rw + - mattermost_client_plugins:/mattermost/client/plugins:rw + - mattermost_bleve:/mattermost/bleve-indexes:rw + environment: + TZ: ${TIMEZONE:-Europe/Berlin} + MM_SQLSETTINGS_DRIVERNAME: postgres + MM_SQLSETTINGS_DATASOURCE: postgres://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${UTIL_MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10 + MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes + MM_SERVICESETTINGS_SITEURL: https://${UTIL_MATTERMOST_TRAEFIK_HOST} + MM_SERVICESETTINGS_ENABLELOCALMODE: "true" + # Email settings + MM_EMAILSETTINGS_ENABLESMTPAUTH: "true" + MM_EMAILSETTINGS_SMTPUSERNAME: ${EMAIL_SMTP_USER} + MM_EMAILSETTINGS_SMTPPASSWORD: ${EMAIL_SMTP_PASSWORD} + MM_EMAILSETTINGS_SMTPSERVER: ${EMAIL_SMTP_HOST} + MM_EMAILSETTINGS_SMTPPORT: ${EMAIL_SMTP_PORT} + MM_EMAILSETTINGS_CONNECTIONSECURITY: TLS + MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost + MM_EMAILSETTINGS_FEEDBACKEMAIL: ${EMAIL_FROM} + MM_EMAILSETTINGS_REPLYTOADDRESS: ${EMAIL_FROM} + networks: + - compose_network + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + # HTTP to HTTPS redirect + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-mattermost-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web.rule=Host(`${UTIL_MATTERMOST_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web.entrypoints=web' + # HTTPS router + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure.rule=Host(`${UTIL_MATTERMOST_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure-compress,security-headers@file' + # Service + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-mattermost-web-secure.loadbalancer.server.port=8065' + - 'traefik.docker.network=${NETWORK_NAME}' + # Watchtower + - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' + + # Vaultwarden - Password manager + vaultwarden: + image: ${UTIL_VAULT_IMAGE:-vaultwarden/server:latest} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_vaultwarden + restart: unless-stopped + volumes: + - vaultwarden_data:/data + environment: + TZ: ${TIMEZONE:-Europe/Berlin} + DOMAIN: https://${UTIL_VAULT_TRAEFIK_HOST} + WEBSOCKET_ENABLED: ${UTIL_VAULT_WEBSOCKET_ENABLED:-true} + SIGNUPS_ALLOWED: ${UTIL_VAULT_SIGNUPS_ALLOWED:-false} + INVITATIONS_ALLOWED: ${UTIL_VAULT_INVITATIONS_ALLOWED:-true} + SHOW_PASSWORD_HINT: ${UTIL_VAULT_SHOW_PASSWORD_HINT:-false} + SMTP_HOST: ${EMAIL_SMTP_HOST} + SMTP_FROM: ${EMAIL_FROM} + SMTP_FROM_NAME: Vaultwarden + SMTP_SECURITY: force_tls + SMTP_PORT: ${EMAIL_SMTP_PORT} + SMTP_USERNAME: ${EMAIL_SMTP_USER} + SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD} + networks: + - compose_network + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web.rule=Host(`${UTIL_VAULT_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web.entrypoints=web' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure.rule=Host(`${UTIL_VAULT_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure-compress' + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-vaultwarden-web-secure.loadbalancer.server.port=80' + - 'traefik.docker.network=${NETWORK_NAME}' + - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' + + # Tandoor - Recipe manager + tandoor: + image: ${UTIL_TANDOOR_IMAGE:-vabene1111/recipes:latest} + container_name: ${UTIL_COMPOSE_PROJECT_NAME}_tandoor + restart: unless-stopped + environment: + # Django settings + SECRET_KEY: ${TANDOOR_SECRET_KEY} + ALLOWED_HOSTS: ${UTIL_TANDOOR_TRAEFIK_HOST} + TIMEZONE: ${TIMEZONE:-Europe/Berlin} + + # Database configuration + DB_ENGINE: django.db.backends.postgresql + POSTGRES_HOST: ${CORE_DB_HOST} + POSTGRES_PORT: ${CORE_DB_PORT} + POSTGRES_USER: ${DB_USER} + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_DB: ${UTIL_TANDOOR_DB_NAME} + + # Application settings + ENABLE_SIGNUP: ${UTIL_TANDOOR_ENABLE_SIGNUP:-0} + REVERSE_PROXY_AUTH: ${UTIL_TANDOOR_REVERSE_PROXY_AUTH:-0} + + # Email configuration (IONOS SMTP) + EMAIL_HOST: ${EMAIL_SMTP_HOST} + EMAIL_PORT: ${EMAIL_SMTP_PORT} + EMAIL_HOST_USER: ${EMAIL_SMTP_USER} + EMAIL_HOST_PASSWORD: ${EMAIL_SMTP_PASSWORD} + EMAIL_USE_TLS: ${UTIL_TANDOOR_EMAIL_USE_TLS:-0} + EMAIL_USE_SSL: ${UTIL_TANDOOR_EMAIL_USE_SSL:-1} + DEFAULT_FROM_EMAIL: ${EMAIL_FROM} + + # Gunicorn settings + GUNICORN_MEDIA: ${UTIL_TANDOOR_GUNICORN_MEDIA:-0} + + # Optional features + COMMENT_PREF_DEFAULT: ${UTIL_TANDOOR_COMMENT_PREF_DEFAULT:-1} + SHOPPING_MIN_AUTOSYNC_INTERVAL: ${UTIL_TANDOOR_SHOPPING_MIN_AUTOSYNC_INTERVAL:-5} + + volumes: + - tandoor_staticfiles:/opt/recipes/staticfiles + - tandoor_mediafiles:/opt/recipes/mediafiles + + depends_on: + - postgres + + networks: + - compose_network + + labels: + - 'traefik.enable=${UTIL_TRAEFIK_ENABLED}' + # HTTP to HTTPS redirect + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-tandoor-redirect-web-secure' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web.rule=Host(`${UTIL_TANDOOR_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web.entrypoints=web' + # HTTPS router + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure.rule=Host(`${UTIL_TANDOOR_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure-compress.compress=true' + - 'traefik.http.routers.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure.middlewares=${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure-compress,security-headers@file' + # Service + - 'traefik.http.services.${UTIL_COMPOSE_PROJECT_NAME}-tandoor-web-secure.loadbalancer.server.port=80' + - 'traefik.docker.network=${NETWORK_NAME}' + # Watchtower + - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' + +volumes: + joplin_data: + name: ${UTIL_COMPOSE_PROJECT_NAME}_joplin_data + linkwarden_data: + name: ${UTIL_COMPOSE_PROJECT_NAME}_linkwarden_data + linkwarden_meili_data: + name: ${UTIL_COMPOSE_PROJECT_NAME}_linkwarden_meili_data + mattermost_config: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_config + mattermost_data: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_data + mattermost_logs: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_logs + mattermost_plugins: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_plugins + mattermost_client_plugins: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_client_plugins + mattermost_bleve: + name: ${UTIL_COMPOSE_PROJECT_NAME}_mattermost_bleve + vaultwarden_data: + name: ${UTIL_COMPOSE_PROJECT_NAME}_vaultwarden_data + tandoor_staticfiles: + name: ${UTIL_COMPOSE_PROJECT_NAME}_tandoor_staticfiles + tandoor_mediafiles: + name: ${UTIL_COMPOSE_PROJECT_NAME}_tandoor_mediafiles + +networks: + compose_network: + name: ${NETWORK_NAME} + external: true diff --git a/drop/rtc_config.json b/util/rtc_config.json similarity index 100% rename from drop/rtc_config.json rename to util/rtc_config.json diff --git a/vault/compose.yaml b/vault/compose.yaml deleted file mode 100644 index f9253fa..0000000 --- a/vault/compose.yaml +++ /dev/null @@ -1,46 +0,0 @@ -services: - vaultwarden: - image: ${VAULT_IMAGE:-vaultwarden/server:latest} - container_name: ${VAULT_COMPOSE_PROJECT_NAME}_app - restart: unless-stopped - volumes: - - vaultwarden_data:/data - environment: - TZ: ${TIMEZONE:-Europe/Berlin} - DOMAIN: https://${VAULT_TRAEFIK_HOST} - WEBSOCKET_ENABLED: ${VAULT_WEBSOCKET_ENABLED:-true} - SIGNUPS_ALLOWED: ${VAULT_SIGNUPS_ALLOWED:-false} - INVITATIONS_ALLOWED: ${VAULT_INVITATIONS_ALLOWED:-true} - SHOW_PASSWORD_HINT: ${VAULT_SHOW_PASSWORD_HINT:-false} - SMTP_HOST: ${EMAIL_SMTP_HOST} - SMTP_FROM: ${EMAIL_FROM} - SMTP_FROM_NAME: Vaultwarden - SMTP_SECURITY: force_tls - SMTP_PORT: ${EMAIL_SMTP_PORT} - SMTP_USERNAME: ${EMAIL_SMTP_USER} - SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD} - networks: - - compose_network - labels: - - 'traefik.enable=${VAULT_TRAEFIK_ENABLED}' - - 'traefik.http.middlewares.${VAULT_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.middlewares=${VAULT_COMPOSE_PROJECT_NAME}-redirect-web-secure' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.rule=Host(`${VAULT_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.entrypoints=web' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${VAULT_TRAEFIK_HOST}`)' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - - 'traefik.http.middlewares.${VAULT_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${VAULT_COMPOSE_PROJECT_NAME}-web-secure-compress' - - 'traefik.http.services.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=80' - - 'traefik.docker.network=${NETWORK_NAME}' - - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' - -volumes: - vaultwarden_data: - name: ${VAULT_COMPOSE_PROJECT_NAME}_data - -networks: - compose_network: - name: ${NETWORK_NAME} - external: true