valknar/home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: kompose secrets

Browse Source
This commit is contained in:
Sebastian Krüger
2025-10-11 11:45:47 +02:00
parent c69e86fb95
commit a18d68f336
43 changed files with 904 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
Projects/kompose/.env
View File

@@ -1,28 +1,70 @@
# ===================================================================
# KOMPOSE - Root Configuration
# ===================================================================
# Non-sensitive shared configuration for all stacks
# Sensitive values should be in secrets.env (not committed to git)
# ===================================================================
# -------------------------------------------------------------------
# Network Configuration
# -------------------------------------------------------------------
NETWORK_NAME=kompose
# Database Connection Settings (shared across stacks)
# -------------------------------------------------------------------
# Database Connection Settings (non-sensitive)
# -------------------------------------------------------------------
DB_USER=valknar
DB_PASSWORD=ragnarok98
DB_PORT=5432
DB_HOST=postgres
# Admin Settings
ADMIN_EMAIL=valknar@pivoine.art
ADMIN_PASSWORD=macromeat888$
# NOTE: DB_PASSWORD is in secrets.env
# Email/SMTP Settings (shared across stacks)
# -------------------------------------------------------------------
# Admin Settings (non-sensitive)
# -------------------------------------------------------------------
ADMIN_EMAIL=valknar@pivoine.art
# NOTE: ADMIN_PASSWORD is in secrets.env
# -------------------------------------------------------------------
# Email/SMTP Settings (non-sensitive)
# -------------------------------------------------------------------
EMAIL_TRANSPORT=smtp
EMAIL_FROM=hi@pivoine.art
EMAIL_SMTP_HOST=smtp.ionos.de
EMAIL_SMTP_PORT=465
EMAIL_SMTP_USER=hi@pivoine.art
EMAIL_SMTP_PASSWORD=jaquoment
GITEA_RUNNER_REGISTRATION_TOKEN=Vncav0M9tCaezdy2O9hnGas3hGjaODU5qeiayMdC
NEXTAUTH_SECRET=zB7m3BTke5zZ8FxXCSV9gu3RbXC67S7i4No6InWvi60
JWT_TOKEN=NtUr9kvfyyQwdWfEKddDxBRx2oQEO5oy
N8N_ENCRYPTION_KEY=a858dd62a2bb22fbb7eb243b6d49a920e82db66a883d271731ae78f9d8044e8a
DIRECTUS_SECRET=5c132272-bafe-4f14-8275-baebe9b948f4
APP_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
PASSWORD_HASH=b121f10d4e0cbada1e3268381836cff9006d642e9b7023decf1d6546856607a3
# NOTE: EMAIL_SMTP_PASSWORD is in secrets.env
# -------------------------------------------------------------------
# Traefik Hostnames (shared configuration)
# -------------------------------------------------------------------
# Set custom domains for each stack here
# These can be overridden in individual stack .env files if needed
TRAEFIK_HOST_PROXY=proxy.pivoine.art
TRAEFIK_HOST_AUTH=auth.pivoine.art
TRAEFIK_HOST_AUTO=auto.pivoine.art
TRAEFIK_HOST_BLOG=blog.pivoine.art
TRAEFIK_HOST_CHAIN=chain.pivoine.art
TRAEFIK_HOST_CHAT=chat.pivoine.art
TRAEFIK_HOST_CODE=code.pivoine.art
TRAEFIK_HOST_DASH=dash.pivoine.art
TRAEFIK_HOST_DATA=data.pivoine.art
TRAEFIK_HOST_DOCK=dock.pivoine.art
TRAEFIK_HOST_DOCS=docs.pivoine.art
TRAEFIK_HOST_HOME=home.pivoine.art
TRAEFIK_HOST_LINK=link.pivoine.art
TRAEFIK_HOST_NEWS=news.pivoine.art
TRAEFIK_HOST_SEXY=sexy.pivoine.art
TRAEFIK_HOST_TRACE=trace.pivoine.art
TRAEFIK_HOST_TRACK=umami.pivoine.art
TRAEFIK_HOST_VAULT=vault.pivoine.art
TRAEFIK_HOST_VPN=vpn.pivoine.art
# -------------------------------------------------------------------
# Default Settings (can be overridden in stack .env files)
# -------------------------------------------------------------------
# Enable Traefik integration by default
TRAEFIK_ENABLED=true

16
Projects/kompose/auth/.env
View File

@@ -1,3 +1,7 @@
# =================================================================
# AUTH Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=auth
@@ -7,9 +11,13 @@ DOCKER_IMAGE=quay.io/keycloak/keycloak:latest
# Database name
DB_NAME=keycloak
# Traefik hostname
TRAEFIK_HOST=auth.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_AUTH}
# Keycloak admin credentials
# Additional configuration
KC_ADMIN_USERNAME=admin
KC_ADMIN_PASSWORD=admin
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

15
Projects/kompose/auth/.env.bak Normal file
View File

@@ -0,0 +1,15 @@
# Stack identification
COMPOSE_PROJECT_NAME=auth
# Docker image
DOCKER_IMAGE=quay.io/keycloak/keycloak:latest
# Database name
DB_NAME=keycloak
# Traefik hostname
TRAEFIK_HOST=auth.pivoine.art
# Keycloak admin credentials
KC_ADMIN_USERNAME=admin
KC_ADMIN_PASSWORD=admin

6
Projects/kompose/auth/.env.new
View File

@@ -1,6 +0,0 @@
# Stack identification
COMPOSE_PROJECT_NAME=auth
# Note: All configuration variables are now in the root .env file
# with AUTH_ prefix (e.g., AUTH_TRAEFIK_HOST, AUTH_DOCKER_IMAGE, AUTH_DB_NAME)
# All secrets are in secrets.env (e.g., AUTH_KC_ADMIN_PASSWORD)

23
Projects/kompose/auto/.env
View File

@@ -1,23 +1,28 @@
# =================================================================
# AUTO Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=auto
# Docker images
# Docker image
DOCKER_IMAGE=semaphoreui/semaphore:v2.16.18
RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18
# Database name
DB_NAME=semaphore
# Traefik hostname
TRAEFIK_HOST=auto.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_AUTO}
# App settings
# Application port
APP_PORT=3000
# Semaphore admin credentials
# Additional configuration
RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18
SEMAPHORE_ADMIN=admin
SEMAPHORE_ADMIN_PASSWORD=admin
SEMAPHORE_ADMIN_NAME=Admin
# Registration token
JWT_TOKEN=changeme
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - AUTO_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE

23
Projects/kompose/auto/.env.bak Normal file
View File

@@ -0,0 +1,23 @@
# Stack identification
COMPOSE_PROJECT_NAME=auto
# Docker images
DOCKER_IMAGE=semaphoreui/semaphore:v2.16.18
RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18
# Database name
DB_NAME=semaphore
# Traefik hostname
TRAEFIK_HOST=auto.pivoine.art
# App settings
APP_PORT=3000
# Semaphore admin credentials
SEMAPHORE_ADMIN=admin
SEMAPHORE_ADMIN_PASSWORD=admin
SEMAPHORE_ADMIN_NAME=Admin
# Registration token
JWT_TOKEN=changeme

16
Projects/kompose/blog/.env
View File

@@ -1,11 +1,21 @@
# =================================================================
# BLOG Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=blog
# Docker image
DOCKER_IMAGE=joseluisq/static-web-server:latest
# Traefik hostname
TRAEFIK_HOST=pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_BLOG}
# App port
# Application port
APP_PORT=80
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

11
Projects/kompose/blog/.env.bak Normal file
View File

@@ -0,0 +1,11 @@
# Stack identification
COMPOSE_PROJECT_NAME=blog
# Docker image
DOCKER_IMAGE=joseluisq/static-web-server:latest
# Traefik hostname
TRAEFIK_HOST=pivoine.art
# App port
APP_PORT=80

24
Projects/kompose/chain/.env
View File

@@ -1,3 +1,7 @@
# =================================================================
# CHAIN Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=chain
@@ -7,22 +11,18 @@ DOCKER_IMAGE=n8nio/n8n:latest
# Database name
DB_NAME=n8n
# Traefik hostname
TRAEFIK_HOST=chain.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_CHAIN}
# App port
# Application port
APP_PORT=5678
# Network
# Additional configuration
NETWORK_NAME=kompose
# Timezone
TZ=Europe/Paris
# Encryption key for credentials
N8N_ENCRYPTION_KEY=changeme
# Basic Auth (optional, recommended for initial setup)
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=admin
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

28
Projects/kompose/chain/.env.bak Normal file
View File

@@ -0,0 +1,28 @@
# Stack identification
COMPOSE_PROJECT_NAME=chain
# Docker image
DOCKER_IMAGE=n8nio/n8n:latest
# Database name
DB_NAME=n8n
# Traefik hostname
TRAEFIK_HOST=chain.pivoine.art
# App port
APP_PORT=5678
# Network
NETWORK_NAME=kompose
# Timezone
TZ=Europe/Paris
# Encryption key for credentials
N8N_ENCRYPTION_KEY=changeme
# Basic Auth (optional, recommended for initial setup)
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=admin

15
Projects/kompose/chat/.env
View File

@@ -1,14 +1,23 @@
# =================================================================
# CHAT Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=chat
# Docker image
DOCKER_IMAGE=gotify/server:latest
# Traefik hostname
TRAEFIK_HOST=chat.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_CHAT}
# App port
# Application port
APP_PORT=80
# Additional configuration
GOTIFY_DEFAULTUSER_NAME=admin
GOTIFY_DEFAULTUSER_PASS=admin
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

14
Projects/kompose/chat/.env.bak Normal file
View File

@@ -0,0 +1,14 @@
# Stack identification
COMPOSE_PROJECT_NAME=chat
# Docker image
DOCKER_IMAGE=gotify/server:latest
# Traefik hostname
TRAEFIK_HOST=chat.pivoine.art
# App port
APP_PORT=80
GOTIFY_DEFAULTUSER_NAME=admin
GOTIFY_DEFAULTUSER_PASS=admin

23
Projects/kompose/code/.env
View File

@@ -1,3 +1,7 @@
# =================================================================
# CODE Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=code
@@ -7,20 +11,19 @@ DOCKER_IMAGE=gitea/gitea:latest
# Database name
DB_NAME=gitea
# Traefik hostname
TRAEFIK_HOST=code.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_CODE}
# App port (internal HTTP)
# Application port
APP_PORT=3000
# SSH port (for git operations)
# Additional configuration
SSH_PORT=2222
# Network
NETWORK_NAME=kompose
# SSH settings
DISABLE_SSH=false
# Email settings (optional)
EMAIL_ENABLED=true
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - CODE_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE

26
Projects/kompose/code/.env.bak Normal file
View File

@@ -0,0 +1,26 @@
# Stack identification
COMPOSE_PROJECT_NAME=code
# Docker image
DOCKER_IMAGE=gitea/gitea:latest
# Database name
DB_NAME=gitea
# Traefik hostname
TRAEFIK_HOST=code.pivoine.art
# App port (internal HTTP)
APP_PORT=3000
# SSH port (for git operations)
SSH_PORT=2222
# Network
NETWORK_NAME=kompose
# SSH settings
DISABLE_SSH=false
# Email settings (optional)
EMAIL_ENABLED=true

20
Projects/kompose/dash/.env
View File

@@ -1,20 +1,26 @@
# =================================================================
# DASH Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=dash
# Docker image
DOCKER_IMAGE=ghcr.io/gethomepage/homepage:latest
# Traefik hostname
TRAEFIK_HOST=dash.localhost
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_DASH}
# App port
# Application port
APP_PORT=3000
# Network
# Additional configuration
NETWORK_NAME=kompose
# User/Group IDs
PUID=1000
PGID=1000
ALLOWED_HOST=pivoine.art
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - DASH_NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

20
Projects/kompose/dash/.env.bak Normal file
View File

@@ -0,0 +1,20 @@
# Stack identification
COMPOSE_PROJECT_NAME=dash
# Docker image
DOCKER_IMAGE=ghcr.io/gethomepage/homepage:latest
# Traefik hostname
TRAEFIK_HOST=dash.localhost
# App port
APP_PORT=3000
# Network
NETWORK_NAME=kompose
# User/Group IDs
PUID=1000
PGID=1000
ALLOWED_HOST=pivoine.art

16
Projects/kompose/data/.env
View File

@@ -1,6 +1,16 @@
# =================================================================
# DATA Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=data
# Infrastructure images (can override root defaults)
# POSTGRES_IMAGE=postgres:16-alpine
# REDIS_IMAGE=redis:7-alpine
# Docker image
# Traefik configuration
TRAEFIK_ENABLED=true
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

6
Projects/kompose/data/.env.bak Normal file
View File

@@ -0,0 +1,6 @@
# Stack identification
COMPOSE_PROJECT_NAME=data
# Infrastructure images (can override root defaults)
# POSTGRES_IMAGE=postgres:16-alpine
# REDIS_IMAGE=redis:7-alpine

16
Projects/kompose/dock/.env
View File

@@ -1,14 +1,22 @@
# =================================================================
# DOCK Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=dock
# Docker image
DOCKER_IMAGE=louislam/dockge:1
# Traefik hostname
TRAEFIK_HOST=dock.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_DOCK}
# App port
# Application port
APP_PORT=5001
# Stacks directory path
# Additional configuration
DOCKGE_STACKS_DIR=/root/repos/compose
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

14
Projects/kompose/dock/.env.bak Normal file
View File

@@ -0,0 +1,14 @@
# Stack identification
COMPOSE_PROJECT_NAME=dock
# Docker image
DOCKER_IMAGE=louislam/dockge:1
# Traefik hostname
TRAEFIK_HOST=dock.pivoine.art
# App port
APP_PORT=5001
# Stacks directory path
DOCKGE_STACKS_DIR=/root/repos/compose

17
Projects/kompose/docs/.env Executable file → Normal file
View File

@@ -1,3 +1,18 @@
# =================================================================
# DOCS Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=docs
TRAEFIK_HOST=docs.pivoine.art
# Docker image
DOCKER_IMAGE=joseluisq/static-web-server:latest
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_DOCS}
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

3
Projects/kompose/docs/.env.bak Executable file
View File

@@ -0,0 +1,3 @@
COMPOSE_PROJECT_NAME=docs
TRAEFIK_HOST=docs.pivoine.art
DOCKER_IMAGE=joseluisq/static-web-server:latest

18
Projects/kompose/home/.env
View File

@@ -1,17 +1,23 @@
# =================================================================
# HOME Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=home
# Docker image
DOCKER_IMAGE=ghcr.io/home-assistant/home-assistant:stable
# Traefik hostname
TRAEFIK_HOST=home.localhost
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_HOME}
# App port
# Application port
APP_PORT=8123
# Network
# Additional configuration
NETWORK_NAME=kompose
# Timezone (important for automations!)
TZ=Europe/Paris
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

17
Projects/kompose/home/.env.bak Normal file
View File

@@ -0,0 +1,17 @@
# Stack identification
COMPOSE_PROJECT_NAME=home
# Docker image
DOCKER_IMAGE=ghcr.io/home-assistant/home-assistant:stable
# Traefik hostname
TRAEFIK_HOST=home.localhost
# App port
APP_PORT=8123
# Network
NETWORK_NAME=kompose
# Timezone (important for automations!)
TZ=Europe/Paris

21
Projects/kompose/link/.env
View File

@@ -1,3 +1,7 @@
# =================================================================
# LINK Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=link
@@ -7,19 +11,18 @@ DOCKER_IMAGE=ghcr.io/linkwarden/linkwarden:latest
# Database name
DB_NAME=linkwarden
# Traefik hostname
TRAEFIK_HOST=link.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_LINK}
# App port
# Application port
APP_PORT=3000
# Network
# Additional configuration
NETWORK_NAME=kompose
# NextAuth Secret
NEXTAUTH_SECRET=changeme
# Features
DISABLE_SCREENSHOT=false
DISABLE_ARCHIVE=false
DISABLE_REGISTRATION=true
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

25
Projects/kompose/link/.env.bak Normal file
View File

@@ -0,0 +1,25 @@
# Stack identification
COMPOSE_PROJECT_NAME=link
# Docker image
DOCKER_IMAGE=ghcr.io/linkwarden/linkwarden:latest
# Database name
DB_NAME=linkwarden
# Traefik hostname
TRAEFIK_HOST=link.pivoine.art
# App port
APP_PORT=3000
# Network
NETWORK_NAME=kompose
# NextAuth Secret
NEXTAUTH_SECRET=changeme
# Features
DISABLE_SCREENSHOT=false
DISABLE_ARCHIVE=false
DISABLE_REGISTRATION=true

176
Projects/kompose/migrate-stack-env.sh Executable file
View File

@@ -0,0 +1,176 @@
#!/usr/bin/env bash
# ===================================================================
# Kompose Stack .env Migration Script
# ===================================================================
# This script updates all stack .env files to:
# 1. Add TRAEFIK_ENABLED=true (if not present)
# 2. Update TRAEFIK_HOST to use root .env variable
# 3. Remove sensitive secrets (move to secrets.env)
# 4. Add standardized comments
# ===================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RESET='\033[0m'
log_info() {
echo -e "${BLUE}[INFO]${RESET} $*"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${RESET} $*"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${RESET} $*"
}
update_stack_env() {
local stack="$1"
local env_file="${SCRIPT_DIR}/${stack}/.env"
if [[ ! -f "${env_file}" ]]; then
log_warning "No .env file in ${stack}, skipping"
return
fi
log_info "Updating ${stack}/.env..."
local temp_file="${env_file}.new"
# Read stack name
local project_name=$(grep "^COMPOSE_PROJECT_NAME=" "${env_file}" | cut -d= -f2)
local has_traefik_enabled=false
local has_traefik_host=false
# Check if file already has TRAEFIK_ENABLED
if grep -q "^TRAEFIK_ENABLED=" "${env_file}"; then
has_traefik_enabled=true
fi
# Check if file has TRAEFIK_HOST
if grep -q "^TRAEFIK_HOST=" "${env_file}"; then
has_traefik_host=true
fi
# Start building new file
{
echo "# ================================================================="
echo "# ${stack^^} Stack Configuration"
echo "# ================================================================="
echo ""
echo "# Stack identification"
# Copy COMPOSE_PROJECT_NAME
grep "^COMPOSE_PROJECT_NAME=" "${env_file}" || echo "COMPOSE_PROJECT_NAME=${stack}"
echo ""
echo "# Docker image"
grep "^DOCKER_IMAGE=" "${env_file}" 2>/dev/null || true
# Add database if present
if grep -q "^DB_NAME=" "${env_file}"; then
echo ""
echo "# Database name"
grep "^DB_NAME=" "${env_file}"
fi
echo ""
echo "# Traefik configuration"
# Add TRAEFIK_ENABLED if not present
if ${has_traefik_enabled}; then
grep "^TRAEFIK_ENABLED=" "${env_file}"
else
echo "TRAEFIK_ENABLED=true"
fi
# Update TRAEFIK_HOST to reference root variable
if ${has_traefik_host}; then
local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]')
echo "TRAEFIK_HOST=\${TRAEFIK_HOST_${uppercase_stack}}"
fi
# Copy APP_PORT if present
if grep -q "^APP_PORT=" "${env_file}"; then
echo ""
echo "# Application port"
grep "^APP_PORT=" "${env_file}"
fi
# Copy other non-sensitive variables
echo ""
echo "# Additional configuration"
grep -v "^COMPOSE_PROJECT_NAME=" "${env_file}" | \
grep -v "^DOCKER_IMAGE=" | \
grep -v "^DB_NAME=" | \
grep -v "^TRAEFIK_ENABLED=" | \
grep -v "^TRAEFIK_HOST=" | \
grep -v "^APP_PORT=" | \
grep -v "^#" | \
grep -v "^$" | \
grep -v "_SECRET=" | \
grep -v "_PASSWORD=" | \
grep -v "_TOKEN=" | \
grep -v "_KEY=" || true
# Add note about secrets
echo ""
echo "# NOTE: Secrets are stored in root secrets.env file"
echo "# Available secrets for this stack:"
local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]')
# List stack-specific secrets from template
if [[ -f "${SCRIPT_DIR}/secrets.env.template" ]]; then
grep "^${uppercase_stack}_" "${SCRIPT_DIR}/secrets.env.template" | \
sed 's/^/# - /' || true
fi
} > "${temp_file}"
# Show diff
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Changes for ${stack}/.env:"
diff -u "${env_file}" "${temp_file}" || true
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# Ask for confirmation
read -p "Apply these changes? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
mv "${env_file}" "${env_file}.bak"
mv "${temp_file}" "${env_file}"
log_success "Updated ${stack}/.env (backup: ${stack}/.env.bak)"
else
rm "${temp_file}"
log_info "Skipped ${stack}/.env"
fi
}
# Main migration
main() {
log_info "Starting stack .env migration..."
echo ""
# Get all stacks
local stacks=(auth auto blog chain chat code dash data dock docs home link news proxy sexy trace track vault vpn)
for stack in "${stacks[@]}"; do
if [[ -d "${SCRIPT_DIR}/${stack}" ]]; then
update_stack_env "${stack}"
echo ""
fi
done
log_success "Migration complete!"
log_info "Review the changes and test with: ./kompose.sh --list"
}
main "$@"

20
Projects/kompose/news/.env
View File

@@ -1,14 +1,24 @@
# =================================================================
# NEWS Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=news
# Docker image
# Database name
DB_NAME=letterspace
# Traefik hostname
TRAEFIK_HOST=news.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_NEWS}
# App settings
# Application port
APP_PORT=5000
# JWT secret (generate with: openssl rand -hex 32)
JWT_SECRET=changeme
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - NEWS_JWT_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

14
Projects/kompose/news/.env.bak Normal file
View File

@@ -0,0 +1,14 @@
# Stack identification
COMPOSE_PROJECT_NAME=news
# Database name
DB_NAME=letterspace
# Traefik hostname
TRAEFIK_HOST=news.pivoine.art
# App settings
APP_PORT=5000
# JWT secret (generate with: openssl rand -hex 32)
JWT_SECRET=changeme

12
Projects/kompose/proxy/.env
View File

@@ -1,5 +1,17 @@
# =================================================================
# PROXY Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=proxy
# Docker image
DOCKER_IMAGE=traefik:latest
# Traefik configuration
TRAEFIK_ENABLED=true
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

5
Projects/kompose/proxy/.env.bak Normal file
View File

@@ -0,0 +1,5 @@
# Stack identification
COMPOSE_PROJECT_NAME=proxy
# Docker image
DOCKER_IMAGE=traefik:latest

73
Projects/kompose/secrets.env.template
View File

@@ -2,50 +2,85 @@
# KOMPOSE - Secrets Configuration
# ===================================================================
# This file contains SENSITIVE data and should NOT be committed to git.
# Add secrets.env to your .gitignore file!
# Ensure secrets.env is in your .gitignore file!
#
# Generate random secrets with: ./kompose.sh --generate-secrets
# Generate random secrets with: ./kompose.sh secrets generate
# List all secrets with: ./kompose.sh secrets list
# Validate configuration: ./kompose.sh secrets validate
# Rotate a secret: ./kompose.sh secrets rotate SECRET_NAME
# ===================================================================
# -------------------------------------------------------------------
# Database Passwords (Shared)
# Shared Database Secrets
# -------------------------------------------------------------------
DB_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# Admin Passwords
# Shared Admin Secrets
# -------------------------------------------------------------------
ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# Email/SMTP Passwords
# Shared Email/SMTP Secrets
# -------------------------------------------------------------------
EMAIL_SMTP_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# AUTH Stack Secrets (Keycloak)
# Scope: auth.pivoine.art
# -------------------------------------------------------------------
AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# TRACK Stack Secrets (Umami)
# CODE Stack Secrets (Gitea)
# Scope: code.pivoine.art
# -------------------------------------------------------------------
CODE_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# AUTO Stack Secrets (n8n)
# Scope: auto.pivoine.art
# -------------------------------------------------------------------
AUTO_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# SEXY Stack Secrets (Directus)
# Scope: sexy.pivoine.art
# -------------------------------------------------------------------
SEXY_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
SEXY_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# DASH Stack Secrets (NextAuth)
# Scope: dash.pivoine.art
# -------------------------------------------------------------------
DASH_NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# NEWS Stack Secrets (Letterspace)
# Scope: news.pivoine.art
# -------------------------------------------------------------------
NEWS_JWT_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# TRACK Stack Secrets (Umami)
# Scope: umami.pivoine.art
# -------------------------------------------------------------------
# APP_SECRET for Umami (64 character hex string)
TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# Add more stack secrets below (scope them with stack name)
# CHAT Stack Secrets
# Scope: chat.pivoine.art
# -------------------------------------------------------------------
# BLOG_SECRET_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE
# CHAT_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE
# DATA_DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# CODE_GITEA_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE
# etc...
# Example secrets from your current .env that should be scoped:
# GITEA_RUNNER_REGISTRATION_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE
# NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# JWT_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE
# N8N_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE
# DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# PASSWORD_HASH=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# VAULT Stack Secrets (Vaultwarden)
# Scope: vault.pivoine.art
# -------------------------------------------------------------------
# VAULT_ADMIN_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE
# -------------------------------------------------------------------
# Additional Stack Secrets
# Follow the naming convention: STACKNAME_SECRET_PURPOSE
# -------------------------------------------------------------------

44
Projects/kompose/sexy/.env
View File

@@ -1,54 +1,44 @@
# =================================================================
# SEXY Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=sexy
# Docker images
# Docker image
DOCKER_IMAGE=directus/directus:11.12.0
FRONTEND_IMAGE=node:22
# Database name
DB_NAME=directus
# Traefik hostname
TRAEFIK_HOST=sexy.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_SEXY}
# App settings
# Application port
APP_PORT=8055
# Additional configuration
FRONTEND_IMAGE=node:22
FRONTEND_PORT=3000
# Directus secret (generate with: openssl rand -hex 32)
DIRECTUS_SECRET=changeme
# Cache Configuration
CACHE_ENABLED=true
CACHE_AUTO_PURGE=true
# Admin credentials
ADMIN_PASSWORD=admin
# WebSocket Configuration
WEBSOCKETS_ENABLED=true
# URL Configuration
PUBLIC_URL=https://sexy.pivoine.art/api
# CORS Configuration
CORS_ENABLED=true
CORS_ORIGIN=https://sexy.pivoine.art
CORS_CREDENTIALS=true
# Cookie Configuration
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_SAME_SITE=strict
SESSION_COOKIE_DOMAIN=sexy.pivoine.art
# Extensions Configuration
EXTENSIONS_PATH=./extensions
EXTENSIONS_AUTO_RELOAD=true
DIRECTUS_BUNDLE=/var/www/sexy.pivoine.art/packages/bundle
# Content Security Policy
CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC=https://sexy.pivoine.art
# User registration and password reset URLs
USER_REGISTER_URL_ALLOW_LIST=https://sexy.pivoine.art/signup/verify
PASSWORD_RESET_URL_ALLOW_LIST=https://sexy.pivoine.art/password/reset
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - SEXY_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
# - SEXY_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

54
Projects/kompose/sexy/.env.bak Normal file
View File

@@ -0,0 +1,54 @@
# Stack identification
COMPOSE_PROJECT_NAME=sexy
# Docker images
DOCKER_IMAGE=directus/directus:11.12.0
FRONTEND_IMAGE=node:22
# Database name
DB_NAME=directus
# Traefik hostname
TRAEFIK_HOST=sexy.pivoine.art
# App settings
APP_PORT=8055
FRONTEND_PORT=3000
# Directus secret (generate with: openssl rand -hex 32)
DIRECTUS_SECRET=changeme
# Cache Configuration
CACHE_ENABLED=true
CACHE_AUTO_PURGE=true
# Admin credentials
ADMIN_PASSWORD=admin
# WebSocket Configuration
WEBSOCKETS_ENABLED=true
# URL Configuration
PUBLIC_URL=https://sexy.pivoine.art/api
# CORS Configuration
CORS_ENABLED=true
CORS_ORIGIN=https://sexy.pivoine.art
CORS_CREDENTIALS=true
# Cookie Configuration
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_SAME_SITE=strict
SESSION_COOKIE_DOMAIN=sexy.pivoine.art
# Extensions Configuration
EXTENSIONS_PATH=./extensions
EXTENSIONS_AUTO_RELOAD=true
DIRECTUS_BUNDLE=/var/www/sexy.pivoine.art/packages/bundle
# Content Security Policy
CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC=https://sexy.pivoine.art
# User registration and password reset URLs
USER_REGISTER_URL_ALLOW_LIST=https://sexy.pivoine.art/signup/verify
PASSWORD_RESET_URL_ALLOW_LIST=https://sexy.pivoine.art/password/reset

22
Projects/kompose/trace/.env
View File

@@ -1,25 +1,31 @@
# =================================================================
# TRACE Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=trace
# Traefik hostname
TRAEFIK_HOST=trace.pivoine.art
# Docker image
# App port (SigNoz UI)
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_TRACE}
# Application port
APP_PORT=8080
# Docker images
# Additional configuration
SIGNOZ_IMAGE=signoz/signoz:v0.96.1
OTELCOL_IMAGE=signoz/signoz-otel-collector:v0.129.6
CLICKHOUSE_IMAGE=clickhouse/clickhouse-server:25.5.6
ZOOKEEPER_IMAGE=signoz/zookeeper:3.7.1
# Port configuration
SIGNOZ_API_PORT=4320
SIGNOZ_PPROF_PORT=6060
CLICKHOUSE_PORT=9000
CLICKHOUSE_HTTP_PORT=8123
CLICKHOUSE_METRICS_PORT=9181
# Feature flags
TELEMETRY_ENABLED=true
DOT_METRICS_ENABLED=true
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

25
Projects/kompose/trace/.env.bak Normal file
View File

@@ -0,0 +1,25 @@
# Stack identification
COMPOSE_PROJECT_NAME=trace
# Traefik hostname
TRAEFIK_HOST=trace.pivoine.art
# App port (SigNoz UI)
APP_PORT=8080
# Docker images
SIGNOZ_IMAGE=signoz/signoz:v0.96.1
OTELCOL_IMAGE=signoz/signoz-otel-collector:v0.129.6
CLICKHOUSE_IMAGE=clickhouse/clickhouse-server:25.5.6
ZOOKEEPER_IMAGE=signoz/zookeeper:3.7.1
# Port configuration
SIGNOZ_API_PORT=4320
SIGNOZ_PPROF_PORT=6060
CLICKHOUSE_PORT=9000
CLICKHOUSE_HTTP_PORT=8123
CLICKHOUSE_METRICS_PORT=9181
# Feature flags
TELEMETRY_ENABLED=true
DOT_METRICS_ENABLED=true

18
Projects/kompose/track/.env
View File

@@ -1,3 +1,7 @@
# =================================================================
# TRACK Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=track
@@ -7,11 +11,15 @@ DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest
# Database name
DB_NAME=umami
# Traefik hostname
TRAEFIK_HOST=umami.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_TRACK}
# App settings
# Application port
APP_PORT=3000
# App secret (generate with: openssl rand -hex 32)
APP_SECRET=changeme
# Additional configuration
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:
# - TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

17
Projects/kompose/track/.env.bak Normal file
View File

@@ -0,0 +1,17 @@
# Stack identification
COMPOSE_PROJECT_NAME=track
# Docker image
DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest
# Database name
DB_NAME=umami
# Traefik hostname
TRAEFIK_HOST=umami.pivoine.art
# App settings
APP_PORT=3000
# App secret (generate with: openssl rand -hex 32)
APP_SECRET=changeme

6
Projects/kompose/track/.env.new
View File

@@ -1,6 +0,0 @@
# Stack identification
COMPOSE_PROJECT_NAME=track
# Note: All configuration variables are now in the root .env file
# with TRACK_ prefix (e.g., TRACK_TRAEFIK_HOST, TRACK_DOCKER_IMAGE)
# All secrets are in secrets.env (e.g., TRACK_APP_SECRET)

23
Projects/kompose/vault/.env
View File

@@ -1,25 +1,26 @@
# =================================================================
# VAULT Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=vault
# Docker image
DOCKER_IMAGE=vaultwarden/server:latest
# Traefik hostname
TRAEFIK_HOST=vault.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_VAULT}
# App port
# Application port
APP_PORT=80
# Admin token (generate with: openssl rand -base64 32)
JWT_TOKEN=changeme
# WebSocket Configuration
# Additional configuration
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=false
# SMTP Settings (using root .env values)
SMTP_SECURITY=force_tls
SMTP_TIMEOUT=15
# Domain
DOMAIN=https://vault.pivoine.art
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

25
Projects/kompose/vault/.env.bak Normal file
View File

@@ -0,0 +1,25 @@
# Stack identification
COMPOSE_PROJECT_NAME=vault
# Docker image
DOCKER_IMAGE=vaultwarden/server:latest
# Traefik hostname
TRAEFIK_HOST=vault.pivoine.art
# App port
APP_PORT=80
# Admin token (generate with: openssl rand -base64 32)
JWT_TOKEN=changeme
# WebSocket Configuration
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=false
# SMTP Settings (using root .env values)
SMTP_SECURITY=force_tls
SMTP_TIMEOUT=15
# Domain
DOMAIN=https://vault.pivoine.art

22
Projects/kompose/vpn/.env
View File

@@ -1,27 +1,29 @@
# =================================================================
# VPN Stack Configuration
# =================================================================
# Stack identification
COMPOSE_PROJECT_NAME=vpn
# Docker image
DOCKER_IMAGE=ghcr.io/wg-easy/wg-easy:15
# Traefik hostname
TRAEFIK_HOST=vpn.pivoine.art
# Traefik configuration
TRAEFIK_ENABLED=true
TRAEFIK_HOST=${TRAEFIK_HOST_VPN}
# App port
# Application port
APP_PORT=51821
# WireGuard port
# Additional configuration
WG_PORT=51820
# WireGuard host (public IP or domain)
WG_HOST=vpn.pivoine.art
# Password hash (generate with: echo -n 'your-password' | npx bcrypt-cli)
PASSWORD_HASH=changeme
# Optional settings
WG_DEFAULT_DNS=1.1.1.1
WG_ALLOWED_IPS=0.0.0.0/0,::/0
LANG=en
UI_TRAFFIC_STATS=true
UI_CHART_TYPE=0
# NOTE: Secrets are stored in root secrets.env file
# Available secrets for this stack:

27
Projects/kompose/vpn/.env.bak Normal file
View File

@@ -0,0 +1,27 @@
# Stack identification
COMPOSE_PROJECT_NAME=vpn
# Docker image
DOCKER_IMAGE=ghcr.io/wg-easy/wg-easy:15
# Traefik hostname
TRAEFIK_HOST=vpn.pivoine.art
# App port
APP_PORT=51821
# WireGuard port
WG_PORT=51820
# WireGuard host (public IP or domain)
WG_HOST=vpn.pivoine.art
# Password hash (generate with: echo -n 'your-password' | npx bcrypt-cli)
PASSWORD_HASH=changeme
# Optional settings
WG_DEFAULT_DNS=1.1.1.1
WG_ALLOWED_IPS=0.0.0.0/0,::/0
LANG=en
UI_TRAFFIC_STATS=true
UI_CHART_TYPE=0