From a18d68f336bc54dde51a811428a372093c19e2ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Sat, 11 Oct 2025 11:45:47 +0200 Subject: [PATCH] feat: kompose secrets --- Projects/kompose/.env | 70 ++++++++-- Projects/kompose/auth/.env | 16 ++- Projects/kompose/auth/.env.bak | 15 +++ Projects/kompose/auth/.env.new | 6 - Projects/kompose/auto/.env | 23 ++-- Projects/kompose/auto/.env.bak | 23 ++++ Projects/kompose/blog/.env | 16 ++- Projects/kompose/blog/.env.bak | 11 ++ Projects/kompose/chain/.env | 24 ++-- Projects/kompose/chain/.env.bak | 28 ++++ Projects/kompose/chat/.env | 15 ++- Projects/kompose/chat/.env.bak | 14 ++ Projects/kompose/code/.env | 23 ++-- Projects/kompose/code/.env.bak | 26 ++++ Projects/kompose/dash/.env | 20 ++- Projects/kompose/dash/.env.bak | 20 +++ Projects/kompose/data/.env | 16 ++- Projects/kompose/data/.env.bak | 6 + Projects/kompose/dock/.env | 16 ++- Projects/kompose/dock/.env.bak | 14 ++ Projects/kompose/docs/.env | 17 ++- Projects/kompose/docs/.env.bak | 3 + Projects/kompose/home/.env | 18 ++- Projects/kompose/home/.env.bak | 17 +++ Projects/kompose/link/.env | 21 +-- Projects/kompose/link/.env.bak | 25 ++++ Projects/kompose/migrate-stack-env.sh | 176 ++++++++++++++++++++++++++ Projects/kompose/news/.env | 20 ++- Projects/kompose/news/.env.bak | 14 ++ Projects/kompose/proxy/.env | 12 ++ Projects/kompose/proxy/.env.bak | 5 + Projects/kompose/secrets.env.template | 73 ++++++++--- Projects/kompose/sexy/.env | 44 +++---- Projects/kompose/sexy/.env.bak | 54 ++++++++ Projects/kompose/trace/.env | 22 ++-- Projects/kompose/trace/.env.bak | 25 ++++ Projects/kompose/track/.env | 18 ++- Projects/kompose/track/.env.bak | 17 +++ Projects/kompose/track/.env.new | 6 - Projects/kompose/vault/.env | 23 ++-- Projects/kompose/vault/.env.bak | 25 ++++ Projects/kompose/vpn/.env | 22 ++-- Projects/kompose/vpn/.env.bak | 27 ++++ 43 files changed, 904 insertions(+), 182 deletions(-) create mode 100644 Projects/kompose/auth/.env.bak delete mode 100644 Projects/kompose/auth/.env.new create mode 100644 Projects/kompose/auto/.env.bak create mode 100644 Projects/kompose/blog/.env.bak create mode 100644 Projects/kompose/chain/.env.bak create mode 100644 Projects/kompose/chat/.env.bak create mode 100644 Projects/kompose/code/.env.bak create mode 100644 Projects/kompose/dash/.env.bak create mode 100644 Projects/kompose/data/.env.bak create mode 100644 Projects/kompose/dock/.env.bak mode change 100755 => 100644 Projects/kompose/docs/.env create mode 100755 Projects/kompose/docs/.env.bak create mode 100644 Projects/kompose/home/.env.bak create mode 100644 Projects/kompose/link/.env.bak create mode 100755 Projects/kompose/migrate-stack-env.sh create mode 100644 Projects/kompose/news/.env.bak create mode 100644 Projects/kompose/proxy/.env.bak create mode 100644 Projects/kompose/sexy/.env.bak create mode 100644 Projects/kompose/trace/.env.bak create mode 100644 Projects/kompose/track/.env.bak delete mode 100644 Projects/kompose/track/.env.new create mode 100644 Projects/kompose/vault/.env.bak create mode 100644 Projects/kompose/vpn/.env.bak diff --git a/Projects/kompose/.env b/Projects/kompose/.env index e842efb9..02ac7205 100644 --- a/Projects/kompose/.env +++ b/Projects/kompose/.env @@ -1,28 +1,70 @@ +# =================================================================== +# KOMPOSE - Root Configuration +# =================================================================== +# Non-sensitive shared configuration for all stacks +# Sensitive values should be in secrets.env (not committed to git) +# =================================================================== + +# ------------------------------------------------------------------- # Network Configuration +# ------------------------------------------------------------------- NETWORK_NAME=kompose -# Database Connection Settings (shared across stacks) +# ------------------------------------------------------------------- +# Database Connection Settings (non-sensitive) +# ------------------------------------------------------------------- DB_USER=valknar -DB_PASSWORD=ragnarok98 DB_PORT=5432 DB_HOST=postgres -# Admin Settings -ADMIN_EMAIL=valknar@pivoine.art -ADMIN_PASSWORD=macromeat888$ +# NOTE: DB_PASSWORD is in secrets.env -# Email/SMTP Settings (shared across stacks) +# ------------------------------------------------------------------- +# Admin Settings (non-sensitive) +# ------------------------------------------------------------------- +ADMIN_EMAIL=valknar@pivoine.art + +# NOTE: ADMIN_PASSWORD is in secrets.env + +# ------------------------------------------------------------------- +# Email/SMTP Settings (non-sensitive) +# ------------------------------------------------------------------- EMAIL_TRANSPORT=smtp EMAIL_FROM=hi@pivoine.art EMAIL_SMTP_HOST=smtp.ionos.de EMAIL_SMTP_PORT=465 EMAIL_SMTP_USER=hi@pivoine.art -EMAIL_SMTP_PASSWORD=jaquoment -GITEA_RUNNER_REGISTRATION_TOKEN=Vncav0M9tCaezdy2O9hnGas3hGjaODU5qeiayMdC -NEXTAUTH_SECRET=zB7m3BTke5zZ8FxXCSV9gu3RbXC67S7i4No6InWvi60 -JWT_TOKEN=NtUr9kvfyyQwdWfEKddDxBRx2oQEO5oy -N8N_ENCRYPTION_KEY=a858dd62a2bb22fbb7eb243b6d49a920e82db66a883d271731ae78f9d8044e8a -DIRECTUS_SECRET=5c132272-bafe-4f14-8275-baebe9b948f4 -APP_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263 -PASSWORD_HASH=b121f10d4e0cbada1e3268381836cff9006d642e9b7023decf1d6546856607a3 +# NOTE: EMAIL_SMTP_PASSWORD is in secrets.env + +# ------------------------------------------------------------------- +# Traefik Hostnames (shared configuration) +# ------------------------------------------------------------------- +# Set custom domains for each stack here +# These can be overridden in individual stack .env files if needed + +TRAEFIK_HOST_PROXY=proxy.pivoine.art +TRAEFIK_HOST_AUTH=auth.pivoine.art +TRAEFIK_HOST_AUTO=auto.pivoine.art +TRAEFIK_HOST_BLOG=blog.pivoine.art +TRAEFIK_HOST_CHAIN=chain.pivoine.art +TRAEFIK_HOST_CHAT=chat.pivoine.art +TRAEFIK_HOST_CODE=code.pivoine.art +TRAEFIK_HOST_DASH=dash.pivoine.art +TRAEFIK_HOST_DATA=data.pivoine.art +TRAEFIK_HOST_DOCK=dock.pivoine.art +TRAEFIK_HOST_DOCS=docs.pivoine.art +TRAEFIK_HOST_HOME=home.pivoine.art +TRAEFIK_HOST_LINK=link.pivoine.art +TRAEFIK_HOST_NEWS=news.pivoine.art +TRAEFIK_HOST_SEXY=sexy.pivoine.art +TRAEFIK_HOST_TRACE=trace.pivoine.art +TRAEFIK_HOST_TRACK=umami.pivoine.art +TRAEFIK_HOST_VAULT=vault.pivoine.art +TRAEFIK_HOST_VPN=vpn.pivoine.art + +# ------------------------------------------------------------------- +# Default Settings (can be overridden in stack .env files) +# ------------------------------------------------------------------- +# Enable Traefik integration by default +TRAEFIK_ENABLED=true diff --git a/Projects/kompose/auth/.env b/Projects/kompose/auth/.env index 27312fec..f0847635 100644 --- a/Projects/kompose/auth/.env +++ b/Projects/kompose/auth/.env @@ -1,3 +1,7 @@ +# ================================================================= +# AUTH Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=auth @@ -7,9 +11,13 @@ DOCKER_IMAGE=quay.io/keycloak/keycloak:latest # Database name DB_NAME=keycloak -# Traefik hostname -TRAEFIK_HOST=auth.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_AUTH} -# Keycloak admin credentials +# Additional configuration KC_ADMIN_USERNAME=admin -KC_ADMIN_PASSWORD=admin + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/auth/.env.bak b/Projects/kompose/auth/.env.bak new file mode 100644 index 00000000..27312fec --- /dev/null +++ b/Projects/kompose/auth/.env.bak @@ -0,0 +1,15 @@ +# Stack identification +COMPOSE_PROJECT_NAME=auth + +# Docker image +DOCKER_IMAGE=quay.io/keycloak/keycloak:latest + +# Database name +DB_NAME=keycloak + +# Traefik hostname +TRAEFIK_HOST=auth.pivoine.art + +# Keycloak admin credentials +KC_ADMIN_USERNAME=admin +KC_ADMIN_PASSWORD=admin diff --git a/Projects/kompose/auth/.env.new b/Projects/kompose/auth/.env.new deleted file mode 100644 index 8c0e819e..00000000 --- a/Projects/kompose/auth/.env.new +++ /dev/null @@ -1,6 +0,0 @@ -# Stack identification -COMPOSE_PROJECT_NAME=auth - -# Note: All configuration variables are now in the root .env file -# with AUTH_ prefix (e.g., AUTH_TRAEFIK_HOST, AUTH_DOCKER_IMAGE, AUTH_DB_NAME) -# All secrets are in secrets.env (e.g., AUTH_KC_ADMIN_PASSWORD) diff --git a/Projects/kompose/auto/.env b/Projects/kompose/auto/.env index 2b867fb6..0a6220ba 100644 --- a/Projects/kompose/auto/.env +++ b/Projects/kompose/auto/.env @@ -1,23 +1,28 @@ +# ================================================================= +# AUTO Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=auto -# Docker images +# Docker image DOCKER_IMAGE=semaphoreui/semaphore:v2.16.18 -RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18 # Database name DB_NAME=semaphore -# Traefik hostname -TRAEFIK_HOST=auto.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_AUTO} -# App settings +# Application port APP_PORT=3000 -# Semaphore admin credentials +# Additional configuration +RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18 SEMAPHORE_ADMIN=admin -SEMAPHORE_ADMIN_PASSWORD=admin SEMAPHORE_ADMIN_NAME=Admin -# Registration token -JWT_TOKEN=changeme +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - AUTO_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/auto/.env.bak b/Projects/kompose/auto/.env.bak new file mode 100644 index 00000000..2b867fb6 --- /dev/null +++ b/Projects/kompose/auto/.env.bak @@ -0,0 +1,23 @@ +# Stack identification +COMPOSE_PROJECT_NAME=auto + +# Docker images +DOCKER_IMAGE=semaphoreui/semaphore:v2.16.18 +RUNNER_IMAGE=public.ecr.aws/semaphore/pro/runner:v2.16.18 + +# Database name +DB_NAME=semaphore + +# Traefik hostname +TRAEFIK_HOST=auto.pivoine.art + +# App settings +APP_PORT=3000 + +# Semaphore admin credentials +SEMAPHORE_ADMIN=admin +SEMAPHORE_ADMIN_PASSWORD=admin +SEMAPHORE_ADMIN_NAME=Admin + +# Registration token +JWT_TOKEN=changeme diff --git a/Projects/kompose/blog/.env b/Projects/kompose/blog/.env index f8b9dc92..84d84a09 100644 --- a/Projects/kompose/blog/.env +++ b/Projects/kompose/blog/.env @@ -1,11 +1,21 @@ +# ================================================================= +# BLOG Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=blog # Docker image DOCKER_IMAGE=joseluisq/static-web-server:latest -# Traefik hostname -TRAEFIK_HOST=pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_BLOG} -# App port +# Application port APP_PORT=80 + +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/blog/.env.bak b/Projects/kompose/blog/.env.bak new file mode 100644 index 00000000..f8b9dc92 --- /dev/null +++ b/Projects/kompose/blog/.env.bak @@ -0,0 +1,11 @@ +# Stack identification +COMPOSE_PROJECT_NAME=blog + +# Docker image +DOCKER_IMAGE=joseluisq/static-web-server:latest + +# Traefik hostname +TRAEFIK_HOST=pivoine.art + +# App port +APP_PORT=80 diff --git a/Projects/kompose/chain/.env b/Projects/kompose/chain/.env index b2ccf775..aabb7f54 100644 --- a/Projects/kompose/chain/.env +++ b/Projects/kompose/chain/.env @@ -1,3 +1,7 @@ +# ================================================================= +# CHAIN Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=chain @@ -7,22 +11,18 @@ DOCKER_IMAGE=n8nio/n8n:latest # Database name DB_NAME=n8n -# Traefik hostname -TRAEFIK_HOST=chain.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_CHAIN} -# App port +# Application port APP_PORT=5678 -# Network +# Additional configuration NETWORK_NAME=kompose - -# Timezone TZ=Europe/Paris - -# Encryption key for credentials -N8N_ENCRYPTION_KEY=changeme - -# Basic Auth (optional, recommended for initial setup) N8N_BASIC_AUTH_ACTIVE=true N8N_BASIC_AUTH_USER=admin -N8N_BASIC_AUTH_PASSWORD=admin + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/chain/.env.bak b/Projects/kompose/chain/.env.bak new file mode 100644 index 00000000..b2ccf775 --- /dev/null +++ b/Projects/kompose/chain/.env.bak @@ -0,0 +1,28 @@ +# Stack identification +COMPOSE_PROJECT_NAME=chain + +# Docker image +DOCKER_IMAGE=n8nio/n8n:latest + +# Database name +DB_NAME=n8n + +# Traefik hostname +TRAEFIK_HOST=chain.pivoine.art + +# App port +APP_PORT=5678 + +# Network +NETWORK_NAME=kompose + +# Timezone +TZ=Europe/Paris + +# Encryption key for credentials +N8N_ENCRYPTION_KEY=changeme + +# Basic Auth (optional, recommended for initial setup) +N8N_BASIC_AUTH_ACTIVE=true +N8N_BASIC_AUTH_USER=admin +N8N_BASIC_AUTH_PASSWORD=admin diff --git a/Projects/kompose/chat/.env b/Projects/kompose/chat/.env index 901d25d5..c20c3931 100644 --- a/Projects/kompose/chat/.env +++ b/Projects/kompose/chat/.env @@ -1,14 +1,23 @@ +# ================================================================= +# CHAT Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=chat # Docker image DOCKER_IMAGE=gotify/server:latest -# Traefik hostname -TRAEFIK_HOST=chat.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_CHAT} -# App port +# Application port APP_PORT=80 +# Additional configuration GOTIFY_DEFAULTUSER_NAME=admin GOTIFY_DEFAULTUSER_PASS=admin + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/chat/.env.bak b/Projects/kompose/chat/.env.bak new file mode 100644 index 00000000..901d25d5 --- /dev/null +++ b/Projects/kompose/chat/.env.bak @@ -0,0 +1,14 @@ +# Stack identification +COMPOSE_PROJECT_NAME=chat + +# Docker image +DOCKER_IMAGE=gotify/server:latest + +# Traefik hostname +TRAEFIK_HOST=chat.pivoine.art + +# App port +APP_PORT=80 + +GOTIFY_DEFAULTUSER_NAME=admin +GOTIFY_DEFAULTUSER_PASS=admin diff --git a/Projects/kompose/code/.env b/Projects/kompose/code/.env index 9438e9f1..722c99ee 100644 --- a/Projects/kompose/code/.env +++ b/Projects/kompose/code/.env @@ -1,3 +1,7 @@ +# ================================================================= +# CODE Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=code @@ -7,20 +11,19 @@ DOCKER_IMAGE=gitea/gitea:latest # Database name DB_NAME=gitea -# Traefik hostname -TRAEFIK_HOST=code.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_CODE} -# App port (internal HTTP) +# Application port APP_PORT=3000 -# SSH port (for git operations) +# Additional configuration SSH_PORT=2222 - -# Network NETWORK_NAME=kompose - -# SSH settings DISABLE_SSH=false - -# Email settings (optional) EMAIL_ENABLED=true + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - CODE_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/code/.env.bak b/Projects/kompose/code/.env.bak new file mode 100644 index 00000000..9438e9f1 --- /dev/null +++ b/Projects/kompose/code/.env.bak @@ -0,0 +1,26 @@ +# Stack identification +COMPOSE_PROJECT_NAME=code + +# Docker image +DOCKER_IMAGE=gitea/gitea:latest + +# Database name +DB_NAME=gitea + +# Traefik hostname +TRAEFIK_HOST=code.pivoine.art + +# App port (internal HTTP) +APP_PORT=3000 + +# SSH port (for git operations) +SSH_PORT=2222 + +# Network +NETWORK_NAME=kompose + +# SSH settings +DISABLE_SSH=false + +# Email settings (optional) +EMAIL_ENABLED=true diff --git a/Projects/kompose/dash/.env b/Projects/kompose/dash/.env index 6d21c56c..45bf6ae1 100644 --- a/Projects/kompose/dash/.env +++ b/Projects/kompose/dash/.env @@ -1,20 +1,26 @@ +# ================================================================= +# DASH Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=dash # Docker image DOCKER_IMAGE=ghcr.io/gethomepage/homepage:latest -# Traefik hostname -TRAEFIK_HOST=dash.localhost +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_DASH} -# App port +# Application port APP_PORT=3000 -# Network +# Additional configuration NETWORK_NAME=kompose - -# User/Group IDs PUID=1000 PGID=1000 - ALLOWED_HOST=pivoine.art + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - DASH_NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/dash/.env.bak b/Projects/kompose/dash/.env.bak new file mode 100644 index 00000000..6d21c56c --- /dev/null +++ b/Projects/kompose/dash/.env.bak @@ -0,0 +1,20 @@ +# Stack identification +COMPOSE_PROJECT_NAME=dash + +# Docker image +DOCKER_IMAGE=ghcr.io/gethomepage/homepage:latest + +# Traefik hostname +TRAEFIK_HOST=dash.localhost + +# App port +APP_PORT=3000 + +# Network +NETWORK_NAME=kompose + +# User/Group IDs +PUID=1000 +PGID=1000 + +ALLOWED_HOST=pivoine.art diff --git a/Projects/kompose/data/.env b/Projects/kompose/data/.env index 051ffe8b..5b92cab8 100644 --- a/Projects/kompose/data/.env +++ b/Projects/kompose/data/.env @@ -1,6 +1,16 @@ +# ================================================================= +# DATA Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=data -# Infrastructure images (can override root defaults) -# POSTGRES_IMAGE=postgres:16-alpine -# REDIS_IMAGE=redis:7-alpine +# Docker image + +# Traefik configuration +TRAEFIK_ENABLED=true + +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/data/.env.bak b/Projects/kompose/data/.env.bak new file mode 100644 index 00000000..051ffe8b --- /dev/null +++ b/Projects/kompose/data/.env.bak @@ -0,0 +1,6 @@ +# Stack identification +COMPOSE_PROJECT_NAME=data + +# Infrastructure images (can override root defaults) +# POSTGRES_IMAGE=postgres:16-alpine +# REDIS_IMAGE=redis:7-alpine diff --git a/Projects/kompose/dock/.env b/Projects/kompose/dock/.env index d786bb2c..1ad4e873 100644 --- a/Projects/kompose/dock/.env +++ b/Projects/kompose/dock/.env @@ -1,14 +1,22 @@ +# ================================================================= +# DOCK Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=dock # Docker image DOCKER_IMAGE=louislam/dockge:1 -# Traefik hostname -TRAEFIK_HOST=dock.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_DOCK} -# App port +# Application port APP_PORT=5001 -# Stacks directory path +# Additional configuration DOCKGE_STACKS_DIR=/root/repos/compose + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/dock/.env.bak b/Projects/kompose/dock/.env.bak new file mode 100644 index 00000000..d786bb2c --- /dev/null +++ b/Projects/kompose/dock/.env.bak @@ -0,0 +1,14 @@ +# Stack identification +COMPOSE_PROJECT_NAME=dock + +# Docker image +DOCKER_IMAGE=louislam/dockge:1 + +# Traefik hostname +TRAEFIK_HOST=dock.pivoine.art + +# App port +APP_PORT=5001 + +# Stacks directory path +DOCKGE_STACKS_DIR=/root/repos/compose diff --git a/Projects/kompose/docs/.env b/Projects/kompose/docs/.env old mode 100755 new mode 100644 index 1918445c..be34ca75 --- a/Projects/kompose/docs/.env +++ b/Projects/kompose/docs/.env @@ -1,3 +1,18 @@ +# ================================================================= +# DOCS Stack Configuration +# ================================================================= + +# Stack identification COMPOSE_PROJECT_NAME=docs -TRAEFIK_HOST=docs.pivoine.art + +# Docker image DOCKER_IMAGE=joseluisq/static-web-server:latest + +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_DOCS} + +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/docs/.env.bak b/Projects/kompose/docs/.env.bak new file mode 100755 index 00000000..1918445c --- /dev/null +++ b/Projects/kompose/docs/.env.bak @@ -0,0 +1,3 @@ +COMPOSE_PROJECT_NAME=docs +TRAEFIK_HOST=docs.pivoine.art +DOCKER_IMAGE=joseluisq/static-web-server:latest diff --git a/Projects/kompose/home/.env b/Projects/kompose/home/.env index 664e66a2..8c7db10c 100644 --- a/Projects/kompose/home/.env +++ b/Projects/kompose/home/.env @@ -1,17 +1,23 @@ +# ================================================================= +# HOME Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=home # Docker image DOCKER_IMAGE=ghcr.io/home-assistant/home-assistant:stable -# Traefik hostname -TRAEFIK_HOST=home.localhost +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_HOME} -# App port +# Application port APP_PORT=8123 -# Network +# Additional configuration NETWORK_NAME=kompose - -# Timezone (important for automations!) TZ=Europe/Paris + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/home/.env.bak b/Projects/kompose/home/.env.bak new file mode 100644 index 00000000..664e66a2 --- /dev/null +++ b/Projects/kompose/home/.env.bak @@ -0,0 +1,17 @@ +# Stack identification +COMPOSE_PROJECT_NAME=home + +# Docker image +DOCKER_IMAGE=ghcr.io/home-assistant/home-assistant:stable + +# Traefik hostname +TRAEFIK_HOST=home.localhost + +# App port +APP_PORT=8123 + +# Network +NETWORK_NAME=kompose + +# Timezone (important for automations!) +TZ=Europe/Paris diff --git a/Projects/kompose/link/.env b/Projects/kompose/link/.env index b1a2f898..1c7d7676 100644 --- a/Projects/kompose/link/.env +++ b/Projects/kompose/link/.env @@ -1,3 +1,7 @@ +# ================================================================= +# LINK Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=link @@ -7,19 +11,18 @@ DOCKER_IMAGE=ghcr.io/linkwarden/linkwarden:latest # Database name DB_NAME=linkwarden -# Traefik hostname -TRAEFIK_HOST=link.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_LINK} -# App port +# Application port APP_PORT=3000 -# Network +# Additional configuration NETWORK_NAME=kompose - -# NextAuth Secret -NEXTAUTH_SECRET=changeme - -# Features DISABLE_SCREENSHOT=false DISABLE_ARCHIVE=false DISABLE_REGISTRATION=true + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/link/.env.bak b/Projects/kompose/link/.env.bak new file mode 100644 index 00000000..b1a2f898 --- /dev/null +++ b/Projects/kompose/link/.env.bak @@ -0,0 +1,25 @@ +# Stack identification +COMPOSE_PROJECT_NAME=link + +# Docker image +DOCKER_IMAGE=ghcr.io/linkwarden/linkwarden:latest + +# Database name +DB_NAME=linkwarden + +# Traefik hostname +TRAEFIK_HOST=link.pivoine.art + +# App port +APP_PORT=3000 + +# Network +NETWORK_NAME=kompose + +# NextAuth Secret +NEXTAUTH_SECRET=changeme + +# Features +DISABLE_SCREENSHOT=false +DISABLE_ARCHIVE=false +DISABLE_REGISTRATION=true diff --git a/Projects/kompose/migrate-stack-env.sh b/Projects/kompose/migrate-stack-env.sh new file mode 100755 index 00000000..e183bead --- /dev/null +++ b/Projects/kompose/migrate-stack-env.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash + +# =================================================================== +# Kompose Stack .env Migration Script +# =================================================================== +# This script updates all stack .env files to: +# 1. Add TRAEFIK_ENABLED=true (if not present) +# 2. Update TRAEFIK_HOST to use root .env variable +# 3. Remove sensitive secrets (move to secrets.env) +# 4. Add standardized comments +# =================================================================== + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +RESET='\033[0m' + +log_info() { + echo -e "${BLUE}[INFO]${RESET} $*" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${RESET} $*" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${RESET} $*" +} + +update_stack_env() { + local stack="$1" + local env_file="${SCRIPT_DIR}/${stack}/.env" + + if [[ ! -f "${env_file}" ]]; then + log_warning "No .env file in ${stack}, skipping" + return + fi + + log_info "Updating ${stack}/.env..." + + local temp_file="${env_file}.new" + + # Read stack name + local project_name=$(grep "^COMPOSE_PROJECT_NAME=" "${env_file}" | cut -d= -f2) + local has_traefik_enabled=false + local has_traefik_host=false + + # Check if file already has TRAEFIK_ENABLED + if grep -q "^TRAEFIK_ENABLED=" "${env_file}"; then + has_traefik_enabled=true + fi + + # Check if file has TRAEFIK_HOST + if grep -q "^TRAEFIK_HOST=" "${env_file}"; then + has_traefik_host=true + fi + + # Start building new file + { + echo "# =================================================================" + echo "# ${stack^^} Stack Configuration" + echo "# =================================================================" + echo "" + echo "# Stack identification" + + # Copy COMPOSE_PROJECT_NAME + grep "^COMPOSE_PROJECT_NAME=" "${env_file}" || echo "COMPOSE_PROJECT_NAME=${stack}" + + echo "" + echo "# Docker image" + grep "^DOCKER_IMAGE=" "${env_file}" 2>/dev/null || true + + # Add database if present + if grep -q "^DB_NAME=" "${env_file}"; then + echo "" + echo "# Database name" + grep "^DB_NAME=" "${env_file}" + fi + + echo "" + echo "# Traefik configuration" + + # Add TRAEFIK_ENABLED if not present + if ${has_traefik_enabled}; then + grep "^TRAEFIK_ENABLED=" "${env_file}" + else + echo "TRAEFIK_ENABLED=true" + fi + + # Update TRAEFIK_HOST to reference root variable + if ${has_traefik_host}; then + local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]') + echo "TRAEFIK_HOST=\${TRAEFIK_HOST_${uppercase_stack}}" + fi + + # Copy APP_PORT if present + if grep -q "^APP_PORT=" "${env_file}"; then + echo "" + echo "# Application port" + grep "^APP_PORT=" "${env_file}" + fi + + # Copy other non-sensitive variables + echo "" + echo "# Additional configuration" + grep -v "^COMPOSE_PROJECT_NAME=" "${env_file}" | \ + grep -v "^DOCKER_IMAGE=" | \ + grep -v "^DB_NAME=" | \ + grep -v "^TRAEFIK_ENABLED=" | \ + grep -v "^TRAEFIK_HOST=" | \ + grep -v "^APP_PORT=" | \ + grep -v "^#" | \ + grep -v "^$" | \ + grep -v "_SECRET=" | \ + grep -v "_PASSWORD=" | \ + grep -v "_TOKEN=" | \ + grep -v "_KEY=" || true + + # Add note about secrets + echo "" + echo "# NOTE: Secrets are stored in root secrets.env file" + echo "# Available secrets for this stack:" + local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]') + + # List stack-specific secrets from template + if [[ -f "${SCRIPT_DIR}/secrets.env.template" ]]; then + grep "^${uppercase_stack}_" "${SCRIPT_DIR}/secrets.env.template" | \ + sed 's/^/# - /' || true + fi + + } > "${temp_file}" + + # Show diff + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "Changes for ${stack}/.env:" + diff -u "${env_file}" "${temp_file}" || true + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + + # Ask for confirmation + read -p "Apply these changes? (y/N): " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + mv "${env_file}" "${env_file}.bak" + mv "${temp_file}" "${env_file}" + log_success "Updated ${stack}/.env (backup: ${stack}/.env.bak)" + else + rm "${temp_file}" + log_info "Skipped ${stack}/.env" + fi +} + +# Main migration +main() { + log_info "Starting stack .env migration..." + echo "" + + # Get all stacks + local stacks=(auth auto blog chain chat code dash data dock docs home link news proxy sexy trace track vault vpn) + + for stack in "${stacks[@]}"; do + if [[ -d "${SCRIPT_DIR}/${stack}" ]]; then + update_stack_env "${stack}" + echo "" + fi + done + + log_success "Migration complete!" + log_info "Review the changes and test with: ./kompose.sh --list" +} + +main "$@" diff --git a/Projects/kompose/news/.env b/Projects/kompose/news/.env index 1649dce4..41f65924 100644 --- a/Projects/kompose/news/.env +++ b/Projects/kompose/news/.env @@ -1,14 +1,24 @@ +# ================================================================= +# NEWS Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=news +# Docker image + # Database name DB_NAME=letterspace -# Traefik hostname -TRAEFIK_HOST=news.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_NEWS} -# App settings +# Application port APP_PORT=5000 -# JWT secret (generate with: openssl rand -hex 32) -JWT_SECRET=changeme +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - NEWS_JWT_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/news/.env.bak b/Projects/kompose/news/.env.bak new file mode 100644 index 00000000..1649dce4 --- /dev/null +++ b/Projects/kompose/news/.env.bak @@ -0,0 +1,14 @@ +# Stack identification +COMPOSE_PROJECT_NAME=news + +# Database name +DB_NAME=letterspace + +# Traefik hostname +TRAEFIK_HOST=news.pivoine.art + +# App settings +APP_PORT=5000 + +# JWT secret (generate with: openssl rand -hex 32) +JWT_SECRET=changeme diff --git a/Projects/kompose/proxy/.env b/Projects/kompose/proxy/.env index 85527f77..e123c8a6 100644 --- a/Projects/kompose/proxy/.env +++ b/Projects/kompose/proxy/.env @@ -1,5 +1,17 @@ +# ================================================================= +# PROXY Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=proxy # Docker image DOCKER_IMAGE=traefik:latest + +# Traefik configuration +TRAEFIK_ENABLED=true + +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/proxy/.env.bak b/Projects/kompose/proxy/.env.bak new file mode 100644 index 00000000..85527f77 --- /dev/null +++ b/Projects/kompose/proxy/.env.bak @@ -0,0 +1,5 @@ +# Stack identification +COMPOSE_PROJECT_NAME=proxy + +# Docker image +DOCKER_IMAGE=traefik:latest diff --git a/Projects/kompose/secrets.env.template b/Projects/kompose/secrets.env.template index b1d10cac..826d55eb 100644 --- a/Projects/kompose/secrets.env.template +++ b/Projects/kompose/secrets.env.template @@ -2,50 +2,85 @@ # KOMPOSE - Secrets Configuration # =================================================================== # This file contains SENSITIVE data and should NOT be committed to git. -# Add secrets.env to your .gitignore file! +# Ensure secrets.env is in your .gitignore file! # -# Generate random secrets with: ./kompose.sh --generate-secrets +# Generate random secrets with: ./kompose.sh secrets generate +# List all secrets with: ./kompose.sh secrets list +# Validate configuration: ./kompose.sh secrets validate +# Rotate a secret: ./kompose.sh secrets rotate SECRET_NAME # =================================================================== # ------------------------------------------------------------------- -# Database Passwords (Shared) +# Shared Database Secrets # ------------------------------------------------------------------- DB_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE # ------------------------------------------------------------------- -# Admin Passwords +# Shared Admin Secrets # ------------------------------------------------------------------- ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE # ------------------------------------------------------------------- -# Email/SMTP Passwords +# Shared Email/SMTP Secrets # ------------------------------------------------------------------- EMAIL_SMTP_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE # ------------------------------------------------------------------- # AUTH Stack Secrets (Keycloak) +# Scope: auth.pivoine.art # ------------------------------------------------------------------- AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE # ------------------------------------------------------------------- -# TRACK Stack Secrets (Umami) +# CODE Stack Secrets (Gitea) +# Scope: code.pivoine.art +# ------------------------------------------------------------------- +CODE_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# AUTO Stack Secrets (n8n) +# Scope: auto.pivoine.art +# ------------------------------------------------------------------- +AUTO_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# SEXY Stack Secrets (Directus) +# Scope: sexy.pivoine.art +# ------------------------------------------------------------------- +SEXY_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +SEXY_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# DASH Stack Secrets (NextAuth) +# Scope: dash.pivoine.art +# ------------------------------------------------------------------- +DASH_NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# NEWS Stack Secrets (Letterspace) +# Scope: news.pivoine.art +# ------------------------------------------------------------------- +NEWS_JWT_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# TRACK Stack Secrets (Umami) +# Scope: umami.pivoine.art # ------------------------------------------------------------------- -# APP_SECRET for Umami (64 character hex string) TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE # ------------------------------------------------------------------- -# Add more stack secrets below (scope them with stack name) +# CHAT Stack Secrets +# Scope: chat.pivoine.art # ------------------------------------------------------------------- -# BLOG_SECRET_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE # CHAT_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE -# DATA_DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE -# CODE_GITEA_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE -# etc... -# Example secrets from your current .env that should be scoped: -# GITEA_RUNNER_REGISTRATION_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE -# NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE -# JWT_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE -# N8N_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE -# DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE -# PASSWORD_HASH=CHANGE_ME_GENERATE_WITH_KOMPOSE +# ------------------------------------------------------------------- +# VAULT Stack Secrets (Vaultwarden) +# Scope: vault.pivoine.art +# ------------------------------------------------------------------- +# VAULT_ADMIN_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# Additional Stack Secrets +# Follow the naming convention: STACKNAME_SECRET_PURPOSE +# ------------------------------------------------------------------- diff --git a/Projects/kompose/sexy/.env b/Projects/kompose/sexy/.env index c56fdbec..18905f15 100644 --- a/Projects/kompose/sexy/.env +++ b/Projects/kompose/sexy/.env @@ -1,54 +1,44 @@ +# ================================================================= +# SEXY Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=sexy -# Docker images +# Docker image DOCKER_IMAGE=directus/directus:11.12.0 -FRONTEND_IMAGE=node:22 # Database name DB_NAME=directus -# Traefik hostname -TRAEFIK_HOST=sexy.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_SEXY} -# App settings +# Application port APP_PORT=8055 + +# Additional configuration +FRONTEND_IMAGE=node:22 FRONTEND_PORT=3000 - -# Directus secret (generate with: openssl rand -hex 32) -DIRECTUS_SECRET=changeme - -# Cache Configuration CACHE_ENABLED=true CACHE_AUTO_PURGE=true - -# Admin credentials -ADMIN_PASSWORD=admin - -# WebSocket Configuration WEBSOCKETS_ENABLED=true - -# URL Configuration PUBLIC_URL=https://sexy.pivoine.art/api - -# CORS Configuration CORS_ENABLED=true CORS_ORIGIN=https://sexy.pivoine.art CORS_CREDENTIALS=true - -# Cookie Configuration SESSION_COOKIE_SECURE=true SESSION_COOKIE_SAME_SITE=strict SESSION_COOKIE_DOMAIN=sexy.pivoine.art - -# Extensions Configuration EXTENSIONS_PATH=./extensions EXTENSIONS_AUTO_RELOAD=true DIRECTUS_BUNDLE=/var/www/sexy.pivoine.art/packages/bundle - -# Content Security Policy CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC=https://sexy.pivoine.art - -# User registration and password reset URLs USER_REGISTER_URL_ALLOW_LIST=https://sexy.pivoine.art/signup/verify PASSWORD_RESET_URL_ALLOW_LIST=https://sexy.pivoine.art/password/reset + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - SEXY_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +# - SEXY_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/sexy/.env.bak b/Projects/kompose/sexy/.env.bak new file mode 100644 index 00000000..c56fdbec --- /dev/null +++ b/Projects/kompose/sexy/.env.bak @@ -0,0 +1,54 @@ +# Stack identification +COMPOSE_PROJECT_NAME=sexy + +# Docker images +DOCKER_IMAGE=directus/directus:11.12.0 +FRONTEND_IMAGE=node:22 + +# Database name +DB_NAME=directus + +# Traefik hostname +TRAEFIK_HOST=sexy.pivoine.art + +# App settings +APP_PORT=8055 +FRONTEND_PORT=3000 + +# Directus secret (generate with: openssl rand -hex 32) +DIRECTUS_SECRET=changeme + +# Cache Configuration +CACHE_ENABLED=true +CACHE_AUTO_PURGE=true + +# Admin credentials +ADMIN_PASSWORD=admin + +# WebSocket Configuration +WEBSOCKETS_ENABLED=true + +# URL Configuration +PUBLIC_URL=https://sexy.pivoine.art/api + +# CORS Configuration +CORS_ENABLED=true +CORS_ORIGIN=https://sexy.pivoine.art +CORS_CREDENTIALS=true + +# Cookie Configuration +SESSION_COOKIE_SECURE=true +SESSION_COOKIE_SAME_SITE=strict +SESSION_COOKIE_DOMAIN=sexy.pivoine.art + +# Extensions Configuration +EXTENSIONS_PATH=./extensions +EXTENSIONS_AUTO_RELOAD=true +DIRECTUS_BUNDLE=/var/www/sexy.pivoine.art/packages/bundle + +# Content Security Policy +CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC=https://sexy.pivoine.art + +# User registration and password reset URLs +USER_REGISTER_URL_ALLOW_LIST=https://sexy.pivoine.art/signup/verify +PASSWORD_RESET_URL_ALLOW_LIST=https://sexy.pivoine.art/password/reset diff --git a/Projects/kompose/trace/.env b/Projects/kompose/trace/.env index 06e9348f..955132c5 100644 --- a/Projects/kompose/trace/.env +++ b/Projects/kompose/trace/.env @@ -1,25 +1,31 @@ +# ================================================================= +# TRACE Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=trace -# Traefik hostname -TRAEFIK_HOST=trace.pivoine.art +# Docker image -# App port (SigNoz UI) +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_TRACE} + +# Application port APP_PORT=8080 -# Docker images +# Additional configuration SIGNOZ_IMAGE=signoz/signoz:v0.96.1 OTELCOL_IMAGE=signoz/signoz-otel-collector:v0.129.6 CLICKHOUSE_IMAGE=clickhouse/clickhouse-server:25.5.6 ZOOKEEPER_IMAGE=signoz/zookeeper:3.7.1 - -# Port configuration SIGNOZ_API_PORT=4320 SIGNOZ_PPROF_PORT=6060 CLICKHOUSE_PORT=9000 CLICKHOUSE_HTTP_PORT=8123 CLICKHOUSE_METRICS_PORT=9181 - -# Feature flags TELEMETRY_ENABLED=true DOT_METRICS_ENABLED=true + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/trace/.env.bak b/Projects/kompose/trace/.env.bak new file mode 100644 index 00000000..06e9348f --- /dev/null +++ b/Projects/kompose/trace/.env.bak @@ -0,0 +1,25 @@ +# Stack identification +COMPOSE_PROJECT_NAME=trace + +# Traefik hostname +TRAEFIK_HOST=trace.pivoine.art + +# App port (SigNoz UI) +APP_PORT=8080 + +# Docker images +SIGNOZ_IMAGE=signoz/signoz:v0.96.1 +OTELCOL_IMAGE=signoz/signoz-otel-collector:v0.129.6 +CLICKHOUSE_IMAGE=clickhouse/clickhouse-server:25.5.6 +ZOOKEEPER_IMAGE=signoz/zookeeper:3.7.1 + +# Port configuration +SIGNOZ_API_PORT=4320 +SIGNOZ_PPROF_PORT=6060 +CLICKHOUSE_PORT=9000 +CLICKHOUSE_HTTP_PORT=8123 +CLICKHOUSE_METRICS_PORT=9181 + +# Feature flags +TELEMETRY_ENABLED=true +DOT_METRICS_ENABLED=true diff --git a/Projects/kompose/track/.env b/Projects/kompose/track/.env index df752a43..6e4fcf5c 100644 --- a/Projects/kompose/track/.env +++ b/Projects/kompose/track/.env @@ -1,3 +1,7 @@ +# ================================================================= +# TRACK Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=track @@ -7,11 +11,15 @@ DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest # Database name DB_NAME=umami -# Traefik hostname -TRAEFIK_HOST=umami.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_TRACK} -# App settings +# Application port APP_PORT=3000 -# App secret (generate with: openssl rand -hex 32) -APP_SECRET=changeme +# Additional configuration + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: +# - TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/track/.env.bak b/Projects/kompose/track/.env.bak new file mode 100644 index 00000000..df752a43 --- /dev/null +++ b/Projects/kompose/track/.env.bak @@ -0,0 +1,17 @@ +# Stack identification +COMPOSE_PROJECT_NAME=track + +# Docker image +DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest + +# Database name +DB_NAME=umami + +# Traefik hostname +TRAEFIK_HOST=umami.pivoine.art + +# App settings +APP_PORT=3000 + +# App secret (generate with: openssl rand -hex 32) +APP_SECRET=changeme diff --git a/Projects/kompose/track/.env.new b/Projects/kompose/track/.env.new deleted file mode 100644 index 6d0846f1..00000000 --- a/Projects/kompose/track/.env.new +++ /dev/null @@ -1,6 +0,0 @@ -# Stack identification -COMPOSE_PROJECT_NAME=track - -# Note: All configuration variables are now in the root .env file -# with TRACK_ prefix (e.g., TRACK_TRAEFIK_HOST, TRACK_DOCKER_IMAGE) -# All secrets are in secrets.env (e.g., TRACK_APP_SECRET) diff --git a/Projects/kompose/vault/.env b/Projects/kompose/vault/.env index b5f19cf9..dfd9b14e 100644 --- a/Projects/kompose/vault/.env +++ b/Projects/kompose/vault/.env @@ -1,25 +1,26 @@ +# ================================================================= +# VAULT Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=vault # Docker image DOCKER_IMAGE=vaultwarden/server:latest -# Traefik hostname -TRAEFIK_HOST=vault.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_VAULT} -# App port +# Application port APP_PORT=80 -# Admin token (generate with: openssl rand -base64 32) -JWT_TOKEN=changeme - -# WebSocket Configuration +# Additional configuration WEBSOCKET_ENABLED=true SIGNUPS_ALLOWED=false - -# SMTP Settings (using root .env values) SMTP_SECURITY=force_tls SMTP_TIMEOUT=15 - -# Domain DOMAIN=https://vault.pivoine.art + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/vault/.env.bak b/Projects/kompose/vault/.env.bak new file mode 100644 index 00000000..b5f19cf9 --- /dev/null +++ b/Projects/kompose/vault/.env.bak @@ -0,0 +1,25 @@ +# Stack identification +COMPOSE_PROJECT_NAME=vault + +# Docker image +DOCKER_IMAGE=vaultwarden/server:latest + +# Traefik hostname +TRAEFIK_HOST=vault.pivoine.art + +# App port +APP_PORT=80 + +# Admin token (generate with: openssl rand -base64 32) +JWT_TOKEN=changeme + +# WebSocket Configuration +WEBSOCKET_ENABLED=true +SIGNUPS_ALLOWED=false + +# SMTP Settings (using root .env values) +SMTP_SECURITY=force_tls +SMTP_TIMEOUT=15 + +# Domain +DOMAIN=https://vault.pivoine.art diff --git a/Projects/kompose/vpn/.env b/Projects/kompose/vpn/.env index eccf97cb..760dac29 100644 --- a/Projects/kompose/vpn/.env +++ b/Projects/kompose/vpn/.env @@ -1,27 +1,29 @@ +# ================================================================= +# VPN Stack Configuration +# ================================================================= + # Stack identification COMPOSE_PROJECT_NAME=vpn # Docker image DOCKER_IMAGE=ghcr.io/wg-easy/wg-easy:15 -# Traefik hostname -TRAEFIK_HOST=vpn.pivoine.art +# Traefik configuration +TRAEFIK_ENABLED=true +TRAEFIK_HOST=${TRAEFIK_HOST_VPN} -# App port +# Application port APP_PORT=51821 -# WireGuard port +# Additional configuration WG_PORT=51820 - -# WireGuard host (public IP or domain) WG_HOST=vpn.pivoine.art - -# Password hash (generate with: echo -n 'your-password' | npx bcrypt-cli) PASSWORD_HASH=changeme - -# Optional settings WG_DEFAULT_DNS=1.1.1.1 WG_ALLOWED_IPS=0.0.0.0/0,::/0 LANG=en UI_TRAFFIC_STATS=true UI_CHART_TYPE=0 + +# NOTE: Secrets are stored in root secrets.env file +# Available secrets for this stack: diff --git a/Projects/kompose/vpn/.env.bak b/Projects/kompose/vpn/.env.bak new file mode 100644 index 00000000..eccf97cb --- /dev/null +++ b/Projects/kompose/vpn/.env.bak @@ -0,0 +1,27 @@ +# Stack identification +COMPOSE_PROJECT_NAME=vpn + +# Docker image +DOCKER_IMAGE=ghcr.io/wg-easy/wg-easy:15 + +# Traefik hostname +TRAEFIK_HOST=vpn.pivoine.art + +# App port +APP_PORT=51821 + +# WireGuard port +WG_PORT=51820 + +# WireGuard host (public IP or domain) +WG_HOST=vpn.pivoine.art + +# Password hash (generate with: echo -n 'your-password' | npx bcrypt-cli) +PASSWORD_HASH=changeme + +# Optional settings +WG_DEFAULT_DNS=1.1.1.1 +WG_ALLOWED_IPS=0.0.0.0/0,::/0 +LANG=en +UI_TRAFFIC_STATS=true +UI_CHART_TYPE=0