Change overleaf domain to latex.eliasfink.de

Update uptime kuma to major version 2
Correct overleaf compose file
2025-12-22 17:34:33 +01:00 · 2025-12-22 17:34:20 +01:00 · 2025-11-13 11:55:14 +01:00 · 2025-11-13 10:33:59 +01:00 · 2025-11-13 10:25:31 +01:00 · 2025-11-13 10:24:49 +01:00
19 changed files with 289 additions and 85 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,3 @@ db

 # Files
 .env
-.users
--- a/authentik/compose.yml
+++ b/authentik/compose.yml
@@ -0,0 +1,79 @@
+# /services/authentik/compose.yml
+
+services:
+  authentik_server:
+    image: authentik/server:2025.10
+    container_name: authentik_server
+    restart: always
+    command: server
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: authentik_db
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    networks:
+      - default
+      - traefik
+    volumes:
+      - ./data/media:/media
+      - ./data/templates:/templates
+
+  authentik_worker:
+    image: authentik/server:2025.10
+    container_name: authentik_worker
+    restart: always
+    command: worker
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: authentik_db
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    networks:
+      - default
+    user: root
+    volumes:
+      - ./certs:/certs
+      - ./data/media:/media
+      - ./data/templates:/templates
+      - /var/run/docker.sock:/var/run/docker.sock
+  
+  authentik_proxy:
+    image: authentik/proxy:2025.10
+    container_name: authentik_proxy
+    restart: always
+    environment:
+      AUTHENTIK_HOST: https://login.eliasfink.de
+      AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
+    networks:
+      - default
+      - traefik
+
+  authentik_db:
+    image: postgres:16
+    container_name: authentik_db
+    restart: always
+    environment:
+      POSTGRES_DB: authentik
+      POSTGRES_USER: authentik
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    healthcheck:
+      test: pg_isready
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - default
+    volumes:
+      - ./db:/var/lib/postgresql/data
+
+networks:
+  traefik:
+    external: true
--- a/gitea/compose.yml
+++ b/gitea/compose.yml
@@ -9,12 +9,12 @@ services:
      gitea_db:
        condition: service_healthy
    environment:
-      - GITEA_CUSTOM=/data/gitea/custom
-      - GITEA__database__DB_TYPE=postgres
-      - GITEA__database__HOST=gitea_db:5432
-      - GITEA__database__NAME=gitea
-      - GITEA__database__USER=gitea
-      - GITEA__database__PASSWD=${DB_PASSWORD}
+      GITEA_CUSTOM: /data/gitea/custom
+      GITEA__database__DB_TYPE: postgres
+      GITEA__database__HOST: gitea_db:5432
+      GITEA__database__NAME: gitea
+      GITEA__database__USER: gitea
+      GITEA__database__PASSWD: ${DB_PASSWORD}
    healthcheck:
      test: curl -f http://localhost:3000/api/healthz || exit 1
      interval: 30s
@@ -33,9 +33,9 @@ services:
    container_name: gitea_db
    restart: always
    environment:
-      - POSTGRES_DB=gitea
-      - POSTGRES_USER=gitea
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      POSTGRES_DB: gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
    healthcheck:
      test: pg_isready
      interval: 30s
--- a/hedgedoc/compose.yml
+++ b/hedgedoc/compose.yml
@@ -9,24 +9,34 @@ services:
      hedgedoc_db:
        condition: service_healthy
    environment:
-      - CMD_ALLOW_EMAIL_REGISTER=false
-      - CMD_DB_URL=postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
-      - CMD_DOMAIN=pad.eliasfink.de
-      - CMD_PROTOCOL_USESSL=true
+      CMD_ALLOW_EMAIL_REGISTER: false
+      CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
+      CMD_DOMAIN: pad.eliasfink.de
+      CMD_OAUTH2_PROVIDERNAME: EFlogin
+      CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
+      CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET} 
+      CMD_OAUTH2_SCOPE: openid email profile
+      CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
+      CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
+      CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
+      CMD_PROTOCOL_USESSL: true
    networks:
      - default
      - traefik
    volumes:
-      - ./uploads:/hedgedoc/public/uploads
+      - ./data/uploads:/hedgedoc/public/uploads

  hedgedoc_db:
    image: postgres:17
    container_name: hedgedoc_db
    restart: always
    environment:
-      - POSTGRES_DB=hedgedoc
-      - POSTGRES_USER=hedgedoc
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      POSTGRES_DB: hedgedoc
+      POSTGRES_USER: hedgedoc
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
    healthcheck:
      test: pg_isready
      interval: 30s
--- a/home-assistant/compose.yml
+++ b/home-assistant/compose.yml
@@ -1,17 +0,0 @@
-# /services/home-assistant/compose.yml
-
-services:
-  home-assistant:
-    image: homeassistant/home-assistant:2025.7
-    container_name: home-assistant
-    restart: always
-    networks:
-      - traefik
-    volumes:
-      - ./data:/config
-      - /etc/localtime:/etc/localtime:ro
-      - /run/dbus:/run/dbus:ro
-
-networks:
-  traefik:
-    external: true
--- a/nextcloud/compose.yml
+++ b/nextcloud/compose.yml
@@ -2,7 +2,7 @@

 services:
  nextcloud:
-    image: nextcloud:31
+    image: nextcloud:32
    container_name: nextcloud
    restart: always
    depends_on:
@@ -11,11 +11,11 @@ services:
      nextcloud_redis:
        condition: service_healthy
    environment:
-      - POSTGRES_HOST=nextcloud_db
-      - POSTGRES_DB=nextcloud
-      - POSTGRES_USER=nextcloud
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
-      - REDIS_HOST=nextcloud_redis
+      POSTGRES_HOST: nextcloud_db
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      REDIS_HOST: nextcloud_redis
    healthcheck:
      test: curl -f http://localhost/status.php || exit 1
      interval: 30s
@@ -33,9 +33,9 @@ services:
    container_name: nextcloud_db
    restart: always
    environment:
-      - POSTGRES_DB=nextcloud
-      - POSTGRES_USER=nextcloud
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
    healthcheck:
      test: pg_isready
      interval: 30s
--- a/overleaf/Dockerfile
+++ b/overleaf/Dockerfile
@@ -0,0 +1,5 @@
+FROM sharelatex/sharelatex:main
+
+RUN tlmgr update --self && \
+    tlmgr install scheme-full && \
+    tlmgr path add
--- a/overleaf/build-images.sh
+++ b/overleaf/build-images.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+cd /overleaf
+git pull
+
+cd server-ce
+make build-base
+make build-community
+
+cd /services/overleaf
+docker compose up -d --build
--- a/overleaf/compose.yml
+++ b/overleaf/compose.yml
@@ -0,0 +1,74 @@
+services:
+  overleaf:
+    build: .
+    container_name: overleaf
+    restart: always
+    depends_on:
+      overleaf_db:
+        condition: service_healthy
+      overleaf_redis:
+        condition: service_healthy
+    environment:
+      ENABLE_CONVERSIONS: true
+      OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
+      OVERLEAF_APP_NAME: EFlatex
+      OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
+      OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
+      OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
+      OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
+      OVERLEAF_EMAIL_SMTP_PORT: 465
+      OVERLEAF_EMAIL_SMTP_SECURE: true
+      OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
+      OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
+      OVERLEAF_REDIS_HOST: overleaf_redis
+      OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
+      OVERLEAF_SITE_LANGUAGE: de
+      OVERLEAF_SITE_URL: https://latex.eliasfink.de
+      REDIS_HOST: overleaf_redis
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+    networks:
+      - default
+      - traefik
+    stop_grace_period: 60s
+    volumes:
+      - ./data:/var/lib/overleaf
+
+  overleaf_db:
+    image: mongo:6.0
+    container_name: overleaf_db
+    restart: always
+    command: --replSet overleaf
+    environment:
+      MONGO_INITDB_DATABASE: overleaf
+    extra_hosts:
+      - overleaf_db:127.0.0.1
+    healthcheck:
+      test: echo 'db.stats().ok' | mongosh localhost:27017/test --quiet
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - default
+    volumes:
+      - ./db/config:/data/configdb
+      - ./db/data:/data/db
+      - ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
+
+  overleaf_redis:
+    image: redis:6.2
+    container_name: overleaf_redis
+    restart: always
+    healthcheck:
+      test: redis-cli ping
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - default
+    volumes:
+      - ./cache:/data
+
+networks:
+  traefik:
+    external: true
--- a/overleaf/config/mongodb-init-replica-set.js
+++ b/overleaf/config/mongodb-init-replica-set.js
@@ -0,0 +1,3 @@
+/* eslint-disable no-undef */
+
+rs.initiate({ _id: 'overleaf', members: [{ _id: 0, host: 'overleaf_db:27017' }] })
--- a/traefik/config/dashboard/dashboard.yml
+++ b/traefik/config/dashboard/dashboard.yml
@@ -1,16 +0,0 @@
-# /services/traefik/config/dashboard/dashboard.yml
-
-http:
-  routers:
-    traefik:
-      entryPoints:
-        - https
-      rule: Host(`traefik.eliasfink.de`)
-      middlewares:
-        - traefik-dashboard-auth
-      service: api@internal
-
-  middlewares:
-    traefik-dashboard-auth:
-      digestAuth:
-        usersFile: /etc/traefik/config/dashboard/.users
--- a/traefik/config/middlewares/home-redirection.yml
+++ b/traefik/config/middlewares/home-redirection.yml
@@ -1,4 +1,4 @@
-# /services/traefik/config/home-redirection.yml
+# /services/traefik/config/middlewares/home-redirection.yml

 http:
  routers:
--- a/traefik/config/middlewares/traefik-dashboard-auth.yml
+++ b/traefik/config/middlewares/traefik-dashboard-auth.yml
@@ -0,0 +1,30 @@
+# /services/traefik/config/middlewares/dashboard.yml
+
+http:
+  routers:
+    traefik:
+      entryPoints:
+        - https
+      rule: Host(`traefik.eliasfink.de`)
+      middlewares:
+        - traefik-dashboard-auth
+      service: api@internal
+
+  middlewares:
+    traefik-dashboard-auth:
+      forwardAuth:
+        address: http://authentik_proxy:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-entitlements
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
--- a/traefik/config/services/authentik.yml
+++ b/traefik/config/services/authentik.yml
@@ -0,0 +1,24 @@
+# /services/traefik/config/services/authentik.yml
+
+http:
+  routers:
+    login:
+      entryPoints:
+        - https
+      rule: Host(`login.eliasfink.de`)
+      service: authentik
+    login_outpost:
+      entryPoints:
+        - https
+      rule: Host(`login.eliasfink.de`) && PathPrefix(`/outpost.goauthentik.io/`)
+      service: authentik_proxy
+
+  services:
+    authentik:
+      loadBalancer:
+        servers:
+          - url: http://authentik_server:9000
+    authentik_proxy:
+      loadBalancer:
+        servers:
+          - url: http://authentik_proxy:9000
--- a/traefik/config/services/home-assistant.yml
+++ b/traefik/config/services/home-assistant.yml
@@ -1,15 +0,0 @@
-# /services/traefik/config/services/home-assistant.yml
-
-http:
-  routers:
-    smarthome:
-      entryPoints:
-        - https
-      rule: Host(`smarthome.eliasfink.de`)
-      service: home-assistant
-
-  services:
-    home-assistant:
-      loadBalancer:
-        servers:
-          - url: http://home-assistant:8123
--- a/traefik/config/services/overleaf.yml
+++ b/traefik/config/services/overleaf.yml
@@ -0,0 +1,15 @@
+# /services/traefik/config/services/overleaf.yml
+
+http:
+  routers:
+    latex:
+      entryPoints:
+        - https
+      rule: Host(`latex.eliasfink.de`)
+      service: overleaf
+
+  services:
+    overleaf:
+      loadBalancer:
+        servers:
+          - url: http://overleaf:80
--- a/traefik/config/services/uptime-kuma.yml
+++ b/traefik/config/services/uptime-kuma.yml
@@ -6,10 +6,10 @@ http:
      entryPoints:
        - https
      rule: Host(`status.eliasfink.de`)
-      service: uptime-kuma
+      service: authentik_proxy

-  services:
-    uptime-kuma:
-      loadBalancer:
-        servers:
-          - url: http://uptime-kuma:3001
+# services:
+#   uptime-kuma:
+#     loadBalancer:
+#       servers:
+#         - url: http://uptime-kuma:3001
--- a/uptime-kuma/compose.yml
+++ b/uptime-kuma/compose.yml
@@ -2,7 +2,7 @@

 services:
  uptime-kuma:
-    image: louislam/uptime-kuma:1
+    image: louislam/uptime-kuma:2
    container_name: uptime-kuma
    restart: always
    networks:
--- a/watchtower/compose.yml
+++ b/watchtower/compose.yml
@@ -2,7 +2,7 @@

 services:
  watchtower:
-    image: containrrr/watchtower:arm64v8-latest
+    image: nickfedor/watchtower:latest
    container_name: watchtower
    restart: always
    command:
Author	SHA1	Message	Date
Elias Fink	ff8f84b550	Change overleaf domain to latex.eliasfink.de	2025-12-22 17:34:33 +01:00
Elias Fink	13ab653c48	Update uptime kuma to major version 2	2025-12-22 17:34:20 +01:00
Elias Fink	46a43c9820	Correct overleaf compose file	2025-11-13 11:55:14 +01:00
Elias Fink	dbb5a71a0b	Exclude overleaf from watchtower	2025-11-13 10:33:59 +01:00
Elias Fink	54c197b464	Add login_outpost router and authentik_proxy service	2025-11-13 10:25:31 +01:00
Elias Fink	8ee7ba83b5	Route status.eliasfink.de to authentik proxy	2025-11-13 10:24:49 +01:00
Elias Fink	1ae8c6cdb4	Update nextcloud version	2025-11-12 23:37:39 +01:00
Elias Fink	d3aa09298f	User newer, fixed watchtower docker image	2025-11-12 23:35:25 +01:00
Elias Fink	a2b2a73e58	Correct watchtower image tag	2025-11-12 23:17:21 +01:00
Elias Fink	1539d44d10	Rename traefik dashboard config file	2025-11-12 16:46:24 +01:00
Elias Fink	00ebbd0f16	Replace traefik dashboard auth with authentik auth	2025-11-12 00:03:21 +01:00
Elias Fink	8288f0ba3c	Restructure traefik config folder	2025-11-12 00:02:56 +01:00
Elias Fink	91706bbf09	Add authentik proxy for traefik forwardAuth	2025-11-12 00:01:45 +01:00
Elias Fink	609d932507	Use login.eliasfink.de as authentik domain	2025-11-11 22:59:38 +01:00
Elias Fink	4e67fdb8a0	Add OAUTH2 login to hedgedoc	2025-11-11 22:58:07 +01:00
Elias Fink	9327a3f953	Remove home assistant	2025-11-11 22:56:28 +01:00
Elias Fink	1855d45aa9	Correct compose.yml for authentik	2025-11-06 11:41:36 +01:00
Elias Fink	812dd38f2e	Add compose.yml for authentik	2025-11-06 11:09:16 +01:00
Elias Fink	4a88d7d3f7	Add traefik config for authentik	2025-11-06 11:06:48 +01:00
Elias Fink	909150f2b0	Added overleaf service	2025-09-28 20:33:48 +02:00
Elias Fink	a4151877d4	Change format of environment variables in compose files	2025-09-28 19:37:56 +02:00
Elias Fink	b5d9b62ea9	Add traefik config for overleaf service	2025-09-28 19:17:06 +02:00
Elias Fink	c9f81cfd45	Change name of traefik dashboard users file	2025-07-20 22:42:12 +02:00
Elias Fink	254b7c70f7	Move hedgedoc uploads folder inside data folder	2025-07-20 22:40:47 +02:00