Compare commits
22 Commits
c9f81cfd45
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ff8f84b550 | |||
| 13ab653c48 | |||
| 46a43c9820 | |||
| dbb5a71a0b | |||
| 54c197b464 | |||
| 8ee7ba83b5 | |||
| 1ae8c6cdb4 | |||
| d3aa09298f | |||
| a2b2a73e58 | |||
| 1539d44d10 | |||
| 00ebbd0f16 | |||
| 8288f0ba3c | |||
| 91706bbf09 | |||
| 609d932507 | |||
| 4e67fdb8a0 | |||
| 9327a3f953 | |||
| 1855d45aa9 | |||
| 812dd38f2e | |||
| 4a88d7d3f7 | |||
| 909150f2b0 | |||
| a4151877d4 | |||
| b5d9b62ea9 |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -5,5 +5,4 @@ data
|
||||
db
|
||||
|
||||
# Files
|
||||
.env
|
||||
users
|
||||
.env
|
||||
79
authentik/compose.yml
Normal file
79
authentik/compose.yml
Normal file
@@ -0,0 +1,79 @@
|
||||
# /services/authentik/compose.yml
|
||||
|
||||
services:
|
||||
authentik_server:
|
||||
image: authentik/server:2025.10
|
||||
container_name: authentik_server
|
||||
restart: always
|
||||
command: server
|
||||
depends_on:
|
||||
authentik_db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
AUTHENTIK_POSTGRESQL__HOST: authentik_db
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
|
||||
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
volumes:
|
||||
- ./data/media:/media
|
||||
- ./data/templates:/templates
|
||||
|
||||
authentik_worker:
|
||||
image: authentik/server:2025.10
|
||||
container_name: authentik_worker
|
||||
restart: always
|
||||
command: worker
|
||||
depends_on:
|
||||
authentik_db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
AUTHENTIK_POSTGRESQL__HOST: authentik_db
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
|
||||
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||
networks:
|
||||
- default
|
||||
user: root
|
||||
volumes:
|
||||
- ./certs:/certs
|
||||
- ./data/media:/media
|
||||
- ./data/templates:/templates
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
authentik_proxy:
|
||||
image: authentik/proxy:2025.10
|
||||
container_name: authentik_proxy
|
||||
restart: always
|
||||
environment:
|
||||
AUTHENTIK_HOST: https://login.eliasfink.de
|
||||
AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
|
||||
authentik_db:
|
||||
image: postgres:16
|
||||
container_name: authentik_db
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_DB: authentik
|
||||
POSTGRES_USER: authentik
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: pg_isready
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
networks:
|
||||
- default
|
||||
volumes:
|
||||
- ./db:/var/lib/postgresql/data
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
@@ -9,12 +9,12 @@ services:
|
||||
gitea_db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- GITEA_CUSTOM=/data/gitea/custom
|
||||
- GITEA__database__DB_TYPE=postgres
|
||||
- GITEA__database__HOST=gitea_db:5432
|
||||
- GITEA__database__NAME=gitea
|
||||
- GITEA__database__USER=gitea
|
||||
- GITEA__database__PASSWD=${DB_PASSWORD}
|
||||
GITEA_CUSTOM: /data/gitea/custom
|
||||
GITEA__database__DB_TYPE: postgres
|
||||
GITEA__database__HOST: gitea_db:5432
|
||||
GITEA__database__NAME: gitea
|
||||
GITEA__database__USER: gitea
|
||||
GITEA__database__PASSWD: ${DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: curl -f http://localhost:3000/api/healthz || exit 1
|
||||
interval: 30s
|
||||
@@ -33,9 +33,9 @@ services:
|
||||
container_name: gitea_db
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_DB=gitea
|
||||
- POSTGRES_USER=gitea
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
POSTGRES_DB: gitea
|
||||
POSTGRES_USER: gitea
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: pg_isready
|
||||
interval: 30s
|
||||
|
||||
@@ -9,10 +9,20 @@ services:
|
||||
hedgedoc_db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- CMD_ALLOW_EMAIL_REGISTER=false
|
||||
- CMD_DB_URL=postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
|
||||
- CMD_DOMAIN=pad.eliasfink.de
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
CMD_ALLOW_EMAIL_REGISTER: false
|
||||
CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
|
||||
CMD_DOMAIN: pad.eliasfink.de
|
||||
CMD_OAUTH2_PROVIDERNAME: EFlogin
|
||||
CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
|
||||
CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET}
|
||||
CMD_OAUTH2_SCOPE: openid email profile
|
||||
CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
|
||||
CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
|
||||
CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
|
||||
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
||||
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
||||
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
||||
CMD_PROTOCOL_USESSL: true
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
@@ -24,9 +34,9 @@ services:
|
||||
container_name: hedgedoc_db
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_DB=hedgedoc
|
||||
- POSTGRES_USER=hedgedoc
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
POSTGRES_DB: hedgedoc
|
||||
POSTGRES_USER: hedgedoc
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: pg_isready
|
||||
interval: 30s
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
# /services/home-assistant/compose.yml
|
||||
|
||||
services:
|
||||
home-assistant:
|
||||
image: homeassistant/home-assistant:2025.7
|
||||
container_name: home-assistant
|
||||
restart: always
|
||||
networks:
|
||||
- traefik
|
||||
volumes:
|
||||
- ./data:/config
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /run/dbus:/run/dbus:ro
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
services:
|
||||
nextcloud:
|
||||
image: nextcloud:31
|
||||
image: nextcloud:32
|
||||
container_name: nextcloud
|
||||
restart: always
|
||||
depends_on:
|
||||
@@ -11,11 +11,11 @@ services:
|
||||
nextcloud_redis:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- POSTGRES_HOST=nextcloud_db
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- REDIS_HOST=nextcloud_redis
|
||||
POSTGRES_HOST: nextcloud_db
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
REDIS_HOST: nextcloud_redis
|
||||
healthcheck:
|
||||
test: curl -f http://localhost/status.php || exit 1
|
||||
interval: 30s
|
||||
@@ -33,9 +33,9 @@ services:
|
||||
container_name: nextcloud_db
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: pg_isready
|
||||
interval: 30s
|
||||
|
||||
5
overleaf/Dockerfile
Normal file
5
overleaf/Dockerfile
Normal file
@@ -0,0 +1,5 @@
|
||||
FROM sharelatex/sharelatex:main
|
||||
|
||||
RUN tlmgr update --self && \
|
||||
tlmgr install scheme-full && \
|
||||
tlmgr path add
|
||||
13
overleaf/build-images.sh
Normal file
13
overleaf/build-images.sh
Normal file
@@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
cd /overleaf
|
||||
git pull
|
||||
|
||||
cd server-ce
|
||||
make build-base
|
||||
make build-community
|
||||
|
||||
cd /services/overleaf
|
||||
docker compose up -d --build
|
||||
74
overleaf/compose.yml
Normal file
74
overleaf/compose.yml
Normal file
@@ -0,0 +1,74 @@
|
||||
services:
|
||||
overleaf:
|
||||
build: .
|
||||
container_name: overleaf
|
||||
restart: always
|
||||
depends_on:
|
||||
overleaf_db:
|
||||
condition: service_healthy
|
||||
overleaf_redis:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
ENABLE_CONVERSIONS: true
|
||||
OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
|
||||
OVERLEAF_APP_NAME: EFlatex
|
||||
OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
|
||||
OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
|
||||
OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
|
||||
OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
|
||||
OVERLEAF_EMAIL_SMTP_PORT: 465
|
||||
OVERLEAF_EMAIL_SMTP_SECURE: true
|
||||
OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
|
||||
OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
|
||||
OVERLEAF_REDIS_HOST: overleaf_redis
|
||||
OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
|
||||
OVERLEAF_SITE_LANGUAGE: de
|
||||
OVERLEAF_SITE_URL: https://latex.eliasfink.de
|
||||
REDIS_HOST: overleaf_redis
|
||||
labels:
|
||||
- com.centurylinklabs.watchtower.enable=false
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
stop_grace_period: 60s
|
||||
volumes:
|
||||
- ./data:/var/lib/overleaf
|
||||
|
||||
overleaf_db:
|
||||
image: mongo:6.0
|
||||
container_name: overleaf_db
|
||||
restart: always
|
||||
command: --replSet overleaf
|
||||
environment:
|
||||
MONGO_INITDB_DATABASE: overleaf
|
||||
extra_hosts:
|
||||
- overleaf_db:127.0.0.1
|
||||
healthcheck:
|
||||
test: echo 'db.stats().ok' | mongosh localhost:27017/test --quiet
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
networks:
|
||||
- default
|
||||
volumes:
|
||||
- ./db/config:/data/configdb
|
||||
- ./db/data:/data/db
|
||||
- ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
|
||||
|
||||
overleaf_redis:
|
||||
image: redis:6.2
|
||||
container_name: overleaf_redis
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: redis-cli ping
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
networks:
|
||||
- default
|
||||
volumes:
|
||||
- ./cache:/data
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
3
overleaf/config/mongodb-init-replica-set.js
Normal file
3
overleaf/config/mongodb-init-replica-set.js
Normal file
@@ -0,0 +1,3 @@
|
||||
/* eslint-disable no-undef */
|
||||
|
||||
rs.initiate({ _id: 'overleaf', members: [{ _id: 0, host: 'overleaf_db:27017' }] })
|
||||
@@ -1,16 +0,0 @@
|
||||
# /services/traefik/config/dashboard/dashboard.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
traefik:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`traefik.eliasfink.de`)
|
||||
middlewares:
|
||||
- traefik-dashboard-auth
|
||||
service: api@internal
|
||||
|
||||
middlewares:
|
||||
traefik-dashboard-auth:
|
||||
digestAuth:
|
||||
usersFile: /etc/traefik/config/dashboard/users
|
||||
@@ -1,4 +1,4 @@
|
||||
# /services/traefik/config/home-redirection.yml
|
||||
# /services/traefik/config/middlewares/home-redirection.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
30
traefik/config/middlewares/traefik-dashboard-auth.yml
Normal file
30
traefik/config/middlewares/traefik-dashboard-auth.yml
Normal file
@@ -0,0 +1,30 @@
|
||||
# /services/traefik/config/middlewares/dashboard.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
traefik:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`traefik.eliasfink.de`)
|
||||
middlewares:
|
||||
- traefik-dashboard-auth
|
||||
service: api@internal
|
||||
|
||||
middlewares:
|
||||
traefik-dashboard-auth:
|
||||
forwardAuth:
|
||||
address: http://authentik_proxy:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-entitlements
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
||||
24
traefik/config/services/authentik.yml
Normal file
24
traefik/config/services/authentik.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
# /services/traefik/config/services/authentik.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
login:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`login.eliasfink.de`)
|
||||
service: authentik
|
||||
login_outpost:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`login.eliasfink.de`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||
service: authentik_proxy
|
||||
|
||||
services:
|
||||
authentik:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://authentik_server:9000
|
||||
authentik_proxy:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://authentik_proxy:9000
|
||||
@@ -1,15 +0,0 @@
|
||||
# /services/traefik/config/services/home-assistant.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
smarthome:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`smarthome.eliasfink.de`)
|
||||
service: home-assistant
|
||||
|
||||
services:
|
||||
home-assistant:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://home-assistant:8123
|
||||
15
traefik/config/services/overleaf.yml
Normal file
15
traefik/config/services/overleaf.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
# /services/traefik/config/services/overleaf.yml
|
||||
|
||||
http:
|
||||
routers:
|
||||
latex:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`latex.eliasfink.de`)
|
||||
service: overleaf
|
||||
|
||||
services:
|
||||
overleaf:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://overleaf:80
|
||||
@@ -6,10 +6,10 @@ http:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`status.eliasfink.de`)
|
||||
service: uptime-kuma
|
||||
service: authentik_proxy
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://uptime-kuma:3001
|
||||
# services:
|
||||
# uptime-kuma:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - url: http://uptime-kuma:3001
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1
|
||||
image: louislam/uptime-kuma:2
|
||||
container_name: uptime-kuma
|
||||
restart: always
|
||||
networks:
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
services:
|
||||
watchtower:
|
||||
image: containrrr/watchtower:arm64v8-latest
|
||||
image: nickfedor/watchtower:latest
|
||||
container_name: watchtower
|
||||
restart: always
|
||||
command:
|
||||
|
||||
Reference in New Issue
Block a user