From 5f706fac8bcc8ef6f1b8269b20261a21e908b947 Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Sat, 13 Jan 2024 10:58:03 +0000 Subject: [PATCH] Latest --- home/.chezmoidata.yaml | 4 +- .../secrets/DISCORD_CLIENT_ID | 7 + .../secrets/DISCORD_CLIENT_SECRET | 7 + .../secrets/HEALTHCHECKS_S3_ACCESS_KEY | 7 + .../secrets/HEALTHCHECKS_S3_SECRET_KEY | 7 + .../TODO/code-server.docker-stack.yml.tmpl | 16 --- .../docker/TODO/dashy.docker-stack.yml.tmpl | 28 ---- .../healthchecks/docker-stack.yml.tmpl | 135 ++++++++++-------- .../templates/kasm/docker-compose.yml.tmpl | 20 +++ .../nextcloud/docker-compose.yml.tmpl | 23 +++ .../templates/portainer/docker-stack.yml.tmpl | 10 +- .../sonatype-nexus3/docker-compose.yml.tmpl} | 3 +- .../statping/docker-compose.yml.tmpl | 20 +-- .../wazuh}/wazuh.docker-stack.yml.tmpl | 0 14 files changed, 168 insertions(+), 119 deletions(-) create mode 100644 home/.chezmoitemplates/secrets/DISCORD_CLIENT_ID create mode 100644 home/.chezmoitemplates/secrets/DISCORD_CLIENT_SECRET create mode 100644 home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_ACCESS_KEY create mode 100644 home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_SECRET_KEY delete mode 100644 home/dot_config/docker/TODO/code-server.docker-stack.yml.tmpl delete mode 100644 home/dot_config/docker/TODO/dashy.docker-stack.yml.tmpl create mode 100644 home/dot_config/docker/templates/kasm/docker-compose.yml.tmpl create mode 100644 home/dot_config/docker/templates/nextcloud/docker-compose.yml.tmpl rename home/dot_config/docker/{TODO/sonatype.docker-stack.yml.tmpl => templates/sonatype-nexus3/docker-compose.yml.tmpl} (81%) rename home/dot_config/docker/{TODO => templates/wazuh}/wazuh.docker-stack.yml.tmpl (100%) diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index a82ba7b4..0f9f4df3 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -24,9 +24,9 @@ config: docker: healthchecks: allowedHosts: '*' - defaultFromEmail: no-reply@megabyte.space + s3Endpoint: s3.wasabisys.com siteLogoUrl: https://raw.githubusercontent.com/megabyte-labs/install.doctor/master/home/dot_local/etc/branding/black-icon-128x128.png - siteName: CombineOS Healthchecks + siteName: Healthchecks siteRoot: '/' portainer: siteLogoUrl: https://gitlab.com/megabyte-labs/misc/assets/-/raw/master/logo/color3@10x.png diff --git a/home/.chezmoitemplates/secrets/DISCORD_CLIENT_ID b/home/.chezmoitemplates/secrets/DISCORD_CLIENT_ID new file mode 100644 index 00000000..6bf068a8 --- /dev/null +++ b/home/.chezmoitemplates/secrets/DISCORD_CLIENT_ID @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVWE2U1lTaDFndHNCYkkv +OC9UWnJnKzU2dDcydjhmcVBIVlJxRytHQzNNCm85SjJESXlhY01VRlJCUi9vVXN3 +R3RkOGtKc3dUREdtd2NvZ1NVb3lzMFkKLS0tIFIvc3FreTFsczF3R0tOY2VOaW9h +eWJ5Z3YvbnVEeE4yZGVGVTM5OWIvcE0KtRKkOlEYhSwnjOfFs7cw15Zz7J8vW9Dv +uDFT3wzibSYfeCX8rhhu7CdqBB0InIklSozC +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/DISCORD_CLIENT_SECRET b/home/.chezmoitemplates/secrets/DISCORD_CLIENT_SECRET new file mode 100644 index 00000000..1c478262 --- /dev/null +++ b/home/.chezmoitemplates/secrets/DISCORD_CLIENT_SECRET @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVkQxN1c5ejByRDNSM2hx +b1IwcTJxWFIvNkxTNmVPbW5TVXFFUzNVOUR3CmhLOFExRVRhakdYcUNGbi9GM2ZT +V016bktYOEo0a1ZTd2NGdWxxejVzZEEKLS0tIDMrVUpxNWFYaC9WVWttWkhManV5 +UGZJVHR6ZzhsVUR5Y1djaHc4QjJwQmsK8f3FRTSBS9Kf47BSyYlluvDkdySitGem +0eUnFevBRmN6Vim4VqokcvZoy32xPCqUa14Te5kUHbrXheAtMsK/Lw== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_ACCESS_KEY b/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_ACCESS_KEY new file mode 100644 index 00000000..91ad2fdb --- /dev/null +++ b/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_ACCESS_KEY @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbHBwQkRqVThNWlVXZFc0 +YUNiNlI3N016VC9zaW5BS1JMRzVkdG1Cc3drClJ1dWFxdTBJcUhzWVVDaUFqMjJS +bkFwTWVoU2FxaGlkN3ltUmlzU2ltQkEKLS0tIGZYaENQOElqUDlwVG8rYktvbFRi +aEpjTGNFWGNPd3BEbTY4RG05SGtNeUEKxookow/IkARufcGLvLNc0+9cV/JTbQoK +KOV0QpE6Wwch7bpBfeHB3H1Rv3p0jgNQvqYXqA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_SECRET_KEY b/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_SECRET_KEY new file mode 100644 index 00000000..fce360da --- /dev/null +++ b/home/.chezmoitemplates/secrets/HEALTHCHECKS_S3_SECRET_KEY @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbWVtYnFMWnM3bmhQcGJu +R1JOR2VpVnJZK0tsR3NoV2o2QW9WV3R2eWxNCnJNdFFZRDBXNnh2NVBHMG1ZdFR5 +NWp0Y3ppT0NQdWVSVXNyYWZqejdlM3cKLS0tIHFwMlZ2V1dMcGhHUGFic2ZIUEhI +SUJBRzZJYnh6SHFZdVhZRkVQa3k2YjgKgV5Phj4VpdrYErOAaIIEycp+pAO3GJIW +inJV72iPbtbaMClZdK1mRX+x1+nZvb7UITe4k63YAOhpKEReIJ+irUins8ygeltJ +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/dot_config/docker/TODO/code-server.docker-stack.yml.tmpl b/home/dot_config/docker/TODO/code-server.docker-stack.yml.tmpl deleted file mode 100644 index 2e71e266..00000000 --- a/home/dot_config/docker/TODO/code-server.docker-stack.yml.tmpl +++ /dev/null @@ -1,16 +0,0 @@ ---- -version: '3.8' - -services: - code-server: - image: linuxserver/code-server - container_name: CodeServer - environment: - PUID: 1000 - PGID: 1000 - TZ: America/New_York - volumes: - - ./config:/config - ports: - - 28814:8443 - restart: unless-stopped diff --git a/home/dot_config/docker/TODO/dashy.docker-stack.yml.tmpl b/home/dot_config/docker/TODO/dashy.docker-stack.yml.tmpl deleted file mode 100644 index c74572bd..00000000 --- a/home/dot_config/docker/TODO/dashy.docker-stack.yml.tmpl +++ /dev/null @@ -1,28 +0,0 @@ ---- -version: "3.8" -services: - dashy: - # To build from source, replace 'image: lissy93/dashy' with 'build: .' - # build: . - image: lissy93/dashy - container_name: Dashy - # Pass in your config file below, by specifying the path on your host machine - volumes: - - /root/my-config.yml:{{ .host.home }}/config/dashy/conf.yml - ports: - - 4000:80 - # Set any environmental variables - environment: - - NODE_ENV=production - # Specify your user ID and group ID. You can find this by running `id -u` and `id -g` - # - UID=1000 - # - GID=1000 - # Specify restart policy - restart: unless-stopped - # Configure healthchecks - healthcheck: - test: ['CMD', 'node', '/app/services/healthcheck'] - interval: 1m30s - timeout: 10s - retries: 3 - start_period: 40s \ No newline at end of file diff --git a/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl b/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl index b5acb03d..5ac02ef2 100644 --- a/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl +++ b/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl @@ -12,53 +12,50 @@ services: - nginx_network environment: ALLOWED_HOSTS: "{{ .docker.healthchecks.allowedHosts }}" - APPRISE_ENABLED: 'True' - DB_HOST: postgres - DB_NAME: healthdb + APPRISE_ENABLED: "False" + DB_HOST: "postgres" + DB_NAME: "healthdb" DB_PASSWORD_FILE: /run/secrets/healthchecks_db_password - DB_USER: healthuser - DEBUG: 'False' - DEFAULT_FROM_EMAIL: "{{ .docker.healthchecks.defaultFromEmail }}" + DB_USER: "healthuser" + DEBUG: "False" + DEFAULT_FROM_EMAIL: "no-reply@{{ .host.domain }}" + DISCORD_CLIENT_ID_FILE: /run/secrets/discord_client_id + DISCORD_CLIENT_SECRET_FILE: /run/secrets/discord_client_secret EMAIL_HOST_PASSWORD_FILE: /run/secrets/sendgrid_api_key - EMAIL_HOST_USER: {{ .host.smtp.user }} - EMAIL_HOST: {{ .host.smtp.host }} - EMAIL_PORT: {{ .host.smtp.port }} - EMAIL_USE_TLS: 'True' - PGID: 1000 - PROMETHEUS_ENABLED: 'True' - PUID: 1000 - REGENERATE_SETTINGS: 'True' - SECRET_KEY_FILE: /run/secrets/healthchecks_secret_key - SHELL_ENABLED: 'True' - SITE_LOGO_URL: {{ .docker.healthchecks.siteLogoUrl }} - SITE_NAME: {{ .docker.healthchecks.siteName }} - SITE_ROOT: {{ .docker.healthchecks.siteRoot }} - SLACK_CLIENT_ID_FILE: /run/secrets/slack_client_id - SLACK_CLIENT_SECRET_FILE: /run/secrets/slack_client_secret - SLACK_ENABLED: 'True' - SUPERUSER_EMAIL: "{{ .user.email }}" - SUPERUSER_PASSWORD_FILE: /run/secrets/healthchecks_superuser_password - TZ: "{{ .user.timezone }}" - WEBHOOKS_ENABLED: 'True' - DISCORD_CLIENT_ID: - DISCORD_CLIENT_SECRET: + EMAIL_HOST_USER: "{{ .host.smtp.user }}" + EMAIL_HOST: "{{ .host.smtp.host }}" + EMAIL_PORT: "{{ .host.smtp.port }}" + EMAIL_USE_TLS: "True" + MATRIX_ACCESS_TOKEN_FILE: /run/secrets/matrix_access_token MATRIX_HOMESERVER_FILE: /run/secrets/matrix_homeserver MATRIX_USER_ID_FILE: /run/secrets/matrix_username - MATRIX_ACCESS_TOKEN_FILE: /run/secrets/matrix_access_token - APPRISE_ENABLED: 'True' - SHELL_ENABLED: 'True' + PGID: 1000 + PROMETHEUS_ENABLED: "True" + PUID: 1000 PUSHBULLET_CLIENT_ID_FILE: /run/secrets/pushbullet_client_id PUSHBULLET_CLIENT_SECRET_FILE: /run/secrets/pushbullet_client_secret - S3_ACCESS_KEY: - S3_BUCKET: - S3_ENDPOINT: - S3_REGION: - S3_SECRET_KEY: - TELEGRAM_BOT_NAME: /run/secrets/telegram_bot_name - TELEGRAM_TOKEN: /run/secrets/telegram_bot_token - TWILIO_ACCOUNT: /run/secrets/twilio_account_sid - TWILIO_AUTH: /run/secrets/twilio_auth_token - TWILIO_FROM: /run/secrets/twilio_from_number + S3_ACCESS_KEY_FILE: /run/secrets/healthchecks_s3_access_key + S3_BUCKET: "health.{{ .host.domain }}" + S3_ENDPOINT: "{{ .docker.healthchecks.s3Endpoint }}" + S3_REGION: "" + S3_SECRET_KEY_FILE: /run/secrets/healthchecks_s3_secret_key + SECRET_KEY_FILE: /run/secrets/healthchecks_secret_key + SHELL_ENABLED: "True" + SITE_LOGO_URL: "{{ .docker.healthchecks.siteLogoUrl }}" + SITE_NAME: "{{ .docker.healthchecks.siteName }}" + SITE_ROOT: "{{ .docker.healthchecks.siteRoot }}" + SLACK_CLIENT_ID_FILE: /run/secrets/slack_client_id + SLACK_CLIENT_SECRET_FILE: /run/secrets/slack_client_secret + SLACK_ENABLED: "True" + SUPERUSER_EMAIL: "{{ .user.email }}" + SUPERUSER_PASSWORD_FILE: /run/secrets/healthchecks_superuser_password + TELEGRAM_BOT_NAME_FILE: /run/secrets/telegram_bot_name + TELEGRAM_TOKEN_FILE: /run/secrets/telegram_bot_token + TWILIO_ACCOUNT_FILE: /run/secrets/twilio_account_sid + TWILIO_AUTH_FILE: /run/secrets/twilio_auth_token + TWILIO_FROM_FILE: /run/secrets/twilio_from_number + TZ: "{{ .user.timezone }}" + WEBHOOKS_ENABLED: "True" deploy: mode: replicated replicas: 1 @@ -70,15 +67,23 @@ services: restart: unless-stopped secrets: - healthchecks_db_password + - healthchecks_s3_access_key + - healthchecks_s3_secret_key - healthchecks_secret_key + - healthchecks_superuser_password + - matrix_access_token + - matrix_homeserver + - matrix_username + - pushbullet_client_id + - pushbullet_client_secret - sendgrid_api_key - slack_client_id - slack_client_secret - telegram_bot_name - telegram_bot_token - - healthchecks_superuser_password - - pushbullet_client_id - - pushbullet_client_secret + - twilio_account_sid + - twilio_auth_token + - twilio_from_number postgres: container_name: Postgres @@ -90,15 +95,13 @@ services: - healthchecks_network environment: POSTGRES_PASSWORD_FILE: /run/secrets/healthchecks_db_password - POSTGRES_USER_FILE: /run/secrets/healthchecks_db_user - POSTGRES_DB_FILE: /run/secrets/healthchecks_db_name + POSTGRES_USER: healthuser + POSTGRES_DB: healthdb deploy: mode: replicated replicas: 1 secrets: - - healthchecks_db_name - - healthchecks_db_password - - healthchecks_db_user + - healthchecks_db_password networks: healthchecks_network: @@ -109,23 +112,41 @@ networks: external: true secrets: - healthchecks_db_name: - external: true healthchecks_db_password: external: true - healthchecks_db_user: - external: true healthchecks_secret_key: external: true + healthchecks_superuser_password: + external: true + healthchecks_s3_access_key: + external: true + healthchecks_s3_secret_key: + external: true + matrix_access_token: + external: true + matrix_homeserver: + external: true + matrix_username: + external: true + pushbullet_client_id: + external: true + pushbullet_client_secret: + external: true sendgrid_api_key: external: true - healthchecks_slack_client_id: + slack_client_id: external: true - healthchecks_slack_client_secret: + slack_client_secret: external: true - healthchecks_superuser_email: + telegram_bot_name: external: true - healthchecks_superuser_password: + telegram_bot_token: + external: true + twilio_account_sid: + external: true + twilio_auth_token: + external: true + twilio_from_number: external: true volumes: diff --git a/home/dot_config/docker/templates/kasm/docker-compose.yml.tmpl b/home/dot_config/docker/templates/kasm/docker-compose.yml.tmpl new file mode 100644 index 00000000..8ed43d9f --- /dev/null +++ b/home/dot_config/docker/templates/kasm/docker-compose.yml.tmpl @@ -0,0 +1,20 @@ +--- +services: + kasm: + image: lscr.io/linuxserver/kasm:latest + container_name: Kasm + privileged: true + environment: + KASM_PORT: 443 + DOCKER_HUB_USERNAME: USER + DOCKER_HUB_PASSWORD: PASS + DOCKER_MTU: 1500 + volumes: + - /path/to/data:/opt + - /path/to/profiles:/profiles #optional + - /dev/input:/dev/input #optional + - /run/udev/data:/run/udev/data #optional + ports: + - 3000:3000 + - 443:443 + restart: unless-stopped \ No newline at end of file diff --git a/home/dot_config/docker/templates/nextcloud/docker-compose.yml.tmpl b/home/dot_config/docker/templates/nextcloud/docker-compose.yml.tmpl new file mode 100644 index 00000000..e4051872 --- /dev/null +++ b/home/dot_config/docker/templates/nextcloud/docker-compose.yml.tmpl @@ -0,0 +1,23 @@ +--- +version: "3.7" + +services: + nextcloud: + image: lscr.io/linuxserver/nextcloud:latest + container_name: NextCloud + environment: + PUID: 1000 + PGID: 1000 + TZ: "{{ .user.timezone }}" + volumes: + - nextcloud_config:/config + - nextcloud_data:/data + ports: + - 26777:443 + restart: unless-stopped + +volumes: + nextcloud_config: + name: nextcloud_config + nextcloud_data: + name: nextcloud_data diff --git a/home/dot_config/docker/templates/portainer/docker-stack.yml.tmpl b/home/dot_config/docker/templates/portainer/docker-stack.yml.tmpl index 807158fb..9727203e 100644 --- a/home/dot_config/docker/templates/portainer/docker-stack.yml.tmpl +++ b/home/dot_config/docker/templates/portainer/docker-stack.yml.tmpl @@ -24,8 +24,8 @@ services: volumes: - portainer_manager_data:/data networks: + - cloudflared_tunnel - portainer_agent_network - - nginx_network secrets: - portainer_admin_password deploy: @@ -38,11 +38,13 @@ services: image: cloudflare/cloudflared command: tunnel run deploy: - replicas: 2 + replicas: 4 networks: - cloudflared_tunnel environment: - TUNNEL_TOKEN: /run/secrets/cloudflared_docker_swarm_token + TUNNEL_TOKEN_FILE: /run/secrets/cloudflared_docker_swarm_token + secrets: + - cloudflared_docker_swarm_token networks: cloudflared_tunnel: @@ -51,8 +53,6 @@ networks: driver: overlay attachable: true internal: true - nginx_network: - external: true secrets: cloudflared_docker_swarm_token: diff --git a/home/dot_config/docker/TODO/sonatype.docker-stack.yml.tmpl b/home/dot_config/docker/templates/sonatype-nexus3/docker-compose.yml.tmpl similarity index 81% rename from home/dot_config/docker/TODO/sonatype.docker-stack.yml.tmpl rename to home/dot_config/docker/templates/sonatype-nexus3/docker-compose.yml.tmpl index 17492d30..d9706af6 100644 --- a/home/dot_config/docker/TODO/sonatype.docker-stack.yml.tmpl +++ b/home/dot_config/docker/templates/sonatype-nexus3/docker-compose.yml.tmpl @@ -10,4 +10,5 @@ services: - "8081:8081" volumes: - nexus-data: + nexus_data: + name: nexus_data \ No newline at end of file diff --git a/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl b/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl index 64b27874..c17946f3 100644 --- a/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl +++ b/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl @@ -17,19 +17,19 @@ services: - statping_app:/app - services.yml:/app/services.yml environment: - VIRTUAL_HOST: localhost - VIRTUAL_PORT: 8072 - DB_CONN: postgres - DB_HOST: postgres - ADMIN_USER: admin ADMIN_PASSWORD_FILE: /run/secrets/statping_admin_password + ADMIN_USER: "admin" API_SECRET_FILE: /run/secrets/statping_api_secret - DB_USER: statuser + DB_CONN: "postgres" + DB_DATABASE: "statdb" + DB_HOST: "postgres" DB_PASS_FILE: /run/secrets/statping_database_password - DB_DATABASE: statdb - NAME: "{{ .docker.statping.name }}" + DB_USER: "statuser" DESCRIPTION: "{{ .docker.statping.description }}" DOMAIN: "status.{{ .host.domain }}" + NAME: "{{ .docker.statping.name }}" + VIRTUAL_HOST: "localhost" + VIRTUAL_PORT: "8072" deploy: mode: replicated replicas: 1 @@ -47,9 +47,9 @@ services: networks: - statping_network environment: + POSTGRES_DB: "statdb" POSTGRES_PASSWORD_FILE: /run/secrets/statping_database_password - POSTGRES_USER: statuser - POSTGRES_DB: statdb + POSTGRES_USER: "statuser" deploy: mode: replicated replicas: 1 diff --git a/home/dot_config/docker/TODO/wazuh.docker-stack.yml.tmpl b/home/dot_config/docker/templates/wazuh/wazuh.docker-stack.yml.tmpl similarity index 100% rename from home/dot_config/docker/TODO/wazuh.docker-stack.yml.tmpl rename to home/dot_config/docker/templates/wazuh/wazuh.docker-stack.yml.tmpl