From 6df40ae4201a9068b267598118788cd5323c9a00 Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Sat, 13 Jan 2024 07:47:07 +0000 Subject: [PATCH] Latest --- docs/TODO.md | 10 ++++ home/.chezmoidata.yaml | 12 +++++ home/.chezmoitemplates/files/juicefs.pem | 46 ++++++++++++++++ .../CLOUDFLARED_DOCKER_SWARM_TOKEN} | 0 .../secrets/HEALTHCHECKS_DB_NAME | 7 --- .../secrets/HEALTHCHECKS_DB_USER | 7 --- .../secrets/HEALTHCHECKS_SUPERUSER_EMAIL | 7 --- .../secrets/JFS_RSA_PASSPHRASE | 8 +++ .../secrets/JUICEFS_WEB_TOKEN_DOCKER | 7 +++ .../secrets/JUICEFS_WEB_TOKEN_PRIVATE | 7 +++ .../secrets/JUICEFS_WEB_TOKEN_PUBLIC | 7 +++ .../secrets/JUICEFS_WEB_TOKEN_USER | 7 +++ .../secrets/MATRIX_HOMESERVER | 7 +++ .../secrets/MINIO_ROOT_PASSWORD | 7 +++ .../.chezmoitemplates/secrets/MINIO_ROOT_USER | 7 +++ .../PORTAINER_ADMIN_PASSWORD} | 0 .../secrets/PUSHBULLET_CLIENT_ID | 7 +++ .../secrets/PUSHBULLET_CLIENT_SECRET | 7 +++ .../secrets/STATPING_ADMIN_PASSWORD | 7 +++ .../secrets/STATPING_API_SECRET | 11 ++-- .../secrets/STATPING_DATABASE_PASSWORD | 7 +++ .../secrets/TELEGRAM_BOT_NAME | 7 +++ .../secrets/WASABI_ROOT_ACCESS_KEY | 7 +++ .../secrets/WASABI_ROOT_ACCESS_SECRET | 7 +++ .../secrets/WASABI_USER_ACCESS_KEY | 7 +++ .../secrets/WASABI_USER_ACCESS_SECRET | 7 +++ .../.chezmoitemplates/secrets/WEBDAV_PASSWORD | 7 +++ home/.chezmoitemplates/secrets/WEBDAV_USER | 7 +++ .../healthchecks/docker-stack.yml.tmpl | 52 +++++++++++++------ .../statping/docker-compose.yml.tmpl | 21 ++------ .../{TODO => templates}/statping/services.yml | 0 home/dot_config/samba/config.tmpl | 32 +++++++++++- home/dot_config/shell/exports.sh.tmpl | 3 ++ home/dot_config/shell/private_private.sh.tmpl | 12 ++++- .../dot_local/bin/installx/executable_juicefs | 43 +++++++++++++++ home/dot_local/etc/juicefs/cert.pem.tmpl | 3 ++ .../prometheus/private_prometheus.yml.tmpl | 26 +++++++++- software.yml | 46 ++++++++++++++++ system/etc/logrotate.d/juicefs | 9 ++++ 39 files changed, 418 insertions(+), 63 deletions(-) create mode 100644 home/.chezmoitemplates/files/juicefs.pem rename home/.chezmoitemplates/{docker/cloudflared_docker_swarm_token => secrets/CLOUDFLARED_DOCKER_SWARM_TOKEN} (100%) delete mode 100644 home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_NAME delete mode 100644 home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_USER delete mode 100644 home/.chezmoitemplates/secrets/HEALTHCHECKS_SUPERUSER_EMAIL create mode 100644 home/.chezmoitemplates/secrets/JFS_RSA_PASSPHRASE create mode 100644 home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_DOCKER create mode 100644 home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PRIVATE create mode 100644 home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PUBLIC create mode 100644 home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_USER create mode 100644 home/.chezmoitemplates/secrets/MATRIX_HOMESERVER create mode 100644 home/.chezmoitemplates/secrets/MINIO_ROOT_PASSWORD create mode 100644 home/.chezmoitemplates/secrets/MINIO_ROOT_USER rename home/.chezmoitemplates/{docker/portainer_admin_password => secrets/PORTAINER_ADMIN_PASSWORD} (100%) create mode 100644 home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_ID create mode 100644 home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_SECRET create mode 100644 home/.chezmoitemplates/secrets/STATPING_ADMIN_PASSWORD create mode 100644 home/.chezmoitemplates/secrets/STATPING_DATABASE_PASSWORD create mode 100644 home/.chezmoitemplates/secrets/TELEGRAM_BOT_NAME create mode 100644 home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_KEY create mode 100644 home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_SECRET create mode 100644 home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_KEY create mode 100644 home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_SECRET create mode 100644 home/.chezmoitemplates/secrets/WEBDAV_PASSWORD create mode 100644 home/.chezmoitemplates/secrets/WEBDAV_USER rename home/dot_config/docker/{TODO => templates}/healthchecks/docker-stack.yml.tmpl (63%) rename home/dot_config/docker/{TODO => templates}/statping/docker-compose.yml.tmpl (74%) rename home/dot_config/docker/{TODO => templates}/statping/services.yml (100%) create mode 100644 home/dot_local/bin/installx/executable_juicefs create mode 100644 home/dot_local/etc/juicefs/cert.pem.tmpl create mode 100644 system/etc/logrotate.d/juicefs diff --git a/docs/TODO.md b/docs/TODO.md index 8931ac91..02708132 100644 --- a/docs/TODO.md +++ b/docs/TODO.md @@ -4,6 +4,16 @@ https://github.com/harababurel/gcsf xattr -d com.apple.quarantine rclone Create issue about setting up completions - https://github.com/rsteube/lazycomplete pw="$(osascript -e 'Tell application "System Events" to display dialog "Password:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)" && echo "$pw" +https://github.com/Shougo/ddc.vim +https://github.com/harababurel/gcsf +https://github.com/awslabs/mountpoint-s3 / https://github.com/s3fs-fuse/s3fs-fuse +https://github.com/superfly/litefs +https://github.com/Qihoo360/QConf +https://github.com/ossec/ossec-hids +https://github.com/search?q=system&type=repositories&s=stars&o=desc&p=59 +- https://github.com/apache/pulsar +- https://github.com/nats-io/nats-server +- https://github.com/foambubble/foam - [Title](https://github.com/albfan/miraclecast) - [Title](https://gitlab.gnome.org/GNOME/gnome-network-displays) Use minimum permissions / IAM for https://iosexample.com/a-command-line-tool-to-download-and-install-apples-xcode/ diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index 1796732f..a82ba7b4 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -37,6 +37,8 @@ docker: wireguard: serverUrl: megabyte.space internalSubnet: 10.93.92.0 +# All JuiceFS volumes should be postfixed with "manhattan" so you should create private-manhattan, public-manhattan, user-manhattan, and docker-manhattan +juicefsVolumeNamePostfix: manhattan kubernetesHost: kochab macosRemoteLogin: 'on' themeparkTheme: aquamarine @@ -847,6 +849,7 @@ softwareGroups: - makeself - meta - mono + - ninja - ntl - nugetpackageexplorer - openjdk @@ -884,6 +887,7 @@ softwareGroups: - etcd - cloudflared - glusterfs + - juicefs - mole - mutagen - nebula @@ -1036,6 +1040,7 @@ softwareGroups: - prefsniff - pulumi - rtop + - supervisor - sysbench - sysdig - sysz @@ -1188,6 +1193,7 @@ softwareGroups: - surge - trellis - ts2c + - turbo - typescript - typescript-to-lua - web-ext @@ -1289,6 +1295,7 @@ softwareGroups: - rust - sake - samba + - sapling - sftpgo - sharp - skate @@ -1628,6 +1635,9 @@ helm: - name: cloudflare-exporter url: https://lablabs.github.io/cloudflare-exporter/ pkg: cloudflare-exporter/cloudflare-exporter + - name: juicefs + url: https://juicedata.github.io/charts/ + pkg: juicefs/juicefs-csi-driver softwarePlugins: alfred: cmd: null @@ -1740,6 +1750,7 @@ softwarePlugins: cmd: bash -c 'if ! docker plugin ls | grep "{PLUGIN}" > /dev/null; then echo y | docker plugin install "{PLUGIN}"; fi' plugins: # TODO - Add https://github.com/ContainX/docker-volume-netshare + - juicedata/juicefs - n0r1skcom/docker-volume-cephfs - sapk/plugin-rclone - vieux/sshfs @@ -1747,6 +1758,7 @@ softwarePlugins: dotnet: cmd: bash -c 'if ! dotnet tool list -g | grep "{PLUGIN}" > /dev/null; then dotnet tool install -g "{PLUGIN}"; fi' plugins: + - Cake.Tool - microsoft.cst.attacksurfaceanalyzer.cli - dotnet-format - git-credential-manager diff --git a/home/.chezmoitemplates/files/juicefs.pem b/home/.chezmoitemplates/files/juicefs.pem new file mode 100644 index 00000000..90996787 --- /dev/null +++ b/home/.chezmoitemplates/files/juicefs.pem @@ -0,0 +1,46 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcTZrVnptZUFiTmZYSzFz +L0lDZmtacUtLa3B4TW1HcjUxR1lkQ1BTSlVnCnBUZ1VvY3M1NkpVUFRucE00c0dX +WUJqMEM1UUdBSW55dTBMWkF4K3pWQkEKLS0tIEhSVmJOdllqVXZKc1owRGxJWXB3 +d0l0eGhVc2pGV1BPaGhucEkyU3JacXMKp3N0lqFwtjXf7nhHP75zDzKA9kpW9oij +D9ZizA1sBnexdYpaJJd+dLUlAXqflW4F1mxXl16YsHVfvtxqoBLruVbs7SKMeExY +MareOl//hFQ1wwlOxR/lMCZsSATsXf9/IFvExWm1OM2gGLvCe/iNpAF0Z0zLvESk +GVTccKkJVY+7J3KF8B8RKOjCQotPETdAyfUrmSkkr2BbemWvie0XrbSmZfkQH1zS +XqR4qh8aV5xBKhyK8XLhSezB/V/I36tBY4ffJE93R4jCSNPQWhzeNzlErhnfi6b1 +dXYpKUuAO4jInbOXoWL72YO7VKfOUStbpOroD9iBToqUbA/RbKHXsSi7GrNuGkTs +gsc+Q+YJNgjfkD8/gkCDt92bVx5lv5r3u4ITxDmui6y/kkV4hogl8lS0tQ6imG1X +BhdC+rAlGR2YHKMMA9G3laFSvstEsq7FCm7DtOPpjoDqwfNBvwUmaTXiiC46ISxf +U1WBCCAVUFpvEFufOgX0NzrTfnKP57A7hWPlPFsF25b0EW12pSmtgKSfTBKZN626 +FFcWbCYWeiUTCCE50wTWR9aZkO685alLYVQYzPv+cNsCwhC3lyAuWkJnBgwvvOHQ +rcMaPwraHPGcEceDNoAQINQb4PEfqy2DFlMMsQbIvObkna1ZbCXGVR+PONZE1DwD +jm27PC084xpppOtwTu0LeGp1XXp3lArQWz/BZmPayKFekTRyWaGqRouv6RBBpGd9 +f26AS0bZp2JSiBh6yRzrdiOW3FUbdVNY9zwt2ht0CrMZMcMypYUGRblL3Y/4EB13 +92xmACFEop22Uz5nckxQQsV3zcbKb8NGs77TboHtcgOWlZy5cuiCQJplRsO2rYDt +0SdsFKNATfVSdB58BC3f5FaAlQ7HDwNHV6Pf7SN05eeycGjTDuUDfxlaBB83NMYP +Czc94VrkU7+x8MAZLWG2ZI249YLR2yeZTxBpvVu3MFTqJYILCEZlciY5DUkI4m1N +9b0DtUvjlh8e1Q+RUK+ctOeucyKs3rtBtTRTBKfCjQY6Iu/wWvdova/fLMBR7WUw +7sShK/6ayIe44zLjyiBkOjpMWXNnuxeD3/+ip4qMFlIyC/oUScGwU0r7NAJ1mdzA +4c0qETTL/RFqdx9j5QZHNcra2RIQFfshA3BH+H4g4SdpXIYtCk4YR0l3wtKU0R/H +gZji26XGlL1Tao7eG8sPJ0HrelmVNu8uUhHl9lelr1wIftReaKpofLZ2l7aIb3Rt +gjZ4DDfQOeY+AfFxvRqu9CSKoioaP3CKnAYvV6crQjrQjbjiAaZk2Mgu75gZ1LWS +zI1t/hGwaL05G/4eUk0tcTqmo4xSSuU/HAZEV+fnizHYj94dZZwi9YzhYJ7v3z9s +Pwufxs7y61W8dLGw76nGXGA2Krj5zpW4M5kSx/tvMGhhLNPbHsCHOMyu9enUAK1l +Ob0/dix7x4S29pQ6Fb8ac6Q/N3nrg2L69j2Fxw2GvPrcppKUH3eV1XMeFpAT1gBX +duC0aOkMNTehAhtlcFTOoNjGdHGGOUlbR14COmd0ujlAPZwAnwXeLdHJqN+nTSnb +HA5IE9j0j6N4CtDz+TDT1l1CGms4hgBC/3L0Am/MUnfcNuQVueErqGQTeLIFAY/X +id4IUy7wDFol92/MNmLtBD0IpIzE8Xc+wXaJK8RclqcNDh2PzimKfzCKjL3qWc5p +ixocPjo0CO7CsH91Opm5J3d2wJs37yiZWxzWB8i8EjNXF+0Gjp2dH1IE/nrpoZU0 +5FYPmdnm68hevMnn6N6CTd5mKCv+6FfQjvjm6itpvpn3Smv3SQtFJeXgmymzxTzg +eqJyhXDAhn7A1IupsQLJty+EomuW/+1lr3w6INB4IAYbbncgYCG4tD+FJAfIcAkn +p6luuyO0+vCY+3benMAYTz1b1LgBVMJh8dmV7HPpdQuX5hX1ktVPSBoR/dK4iLeZ +L7KKdTC8+DPNfB7KGqjaBn53zi7D9SU4wpOLApvoZqtTxV5n0/ohUDazmGLFIChn +ppPg3odtSvK/et5XUCjHm+A4YMiecy/IyuGr+v2FMvB5bPc8YmF0Plei754RxGDG +DDbmr0IfjsuksDcdc2mS2cWwZJVYeN3sbWr3oVQFp1Vjs42vA03IhOz60N34m5j8 +HZQ9LCN4ajmZ/FyWf27/+k/RcQwZ+sWh2yv0Et8VPs29kptnw4xoOv5YpJJW/83H +vVW6UpNamDaEcAmCAC3oyJ05gSiorE6k2Q0zKI60clakTJB6OhBUAESrrh9OeW33 +ooVD3gs8YUZ5oMHDoEIVKUxLi/ELvyOaJJvRkOFOR6HDRUm+j5yjKZ7Y77SJ59a5 +qPFVVSZnn8nTel377n/GlmN7QsdatY8kh2tLdxIvIJUCKIha8x335SNyOntpKD2F +eXZaCKqLxr2nkct0oZw79iXZ2wlG98HPMXTXe+3aieZUdYfrwSXXjvJKrt/SQ5pN +6P1Xe/qXCnpWTHnvaffdc8uUZl7e13eaaGAGuGoX2CaAx9JDRNP5Wym0MFkwH5xR +xevpTXbctOfQLA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/docker/cloudflared_docker_swarm_token b/home/.chezmoitemplates/secrets/CLOUDFLARED_DOCKER_SWARM_TOKEN similarity index 100% rename from home/.chezmoitemplates/docker/cloudflared_docker_swarm_token rename to home/.chezmoitemplates/secrets/CLOUDFLARED_DOCKER_SWARM_TOKEN diff --git a/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_NAME b/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_NAME deleted file mode 100644 index b8a53bca..00000000 --- a/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_NAME +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFekx0S0JqbkhtSUpldWRW -QUFPa21iS2JBYWVqUlpyUW1INThoR0h1NUJzCi9CWmJPNFpQdEhwNzlGMlFtRnkr -Z3RyVFAwTkdIZ1UrcVRjTmlIc2ZYT1EKLS0tIGxrWCtWS3RVeHkrcUZVZmM4cVo1 -R1VTTk1LUUtZNGZ0MGs3akc0OEtBanMK+kyTXeqIqF4qPwv+Fc9OphknufvRv2B8 -6Jho0+ICC1Bxubwy ------END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_USER b/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_USER deleted file mode 100644 index 8a7fb363..00000000 --- a/home/.chezmoitemplates/secrets/HEALTHCHECKS_DB_USER +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SHBMSVBHWlJTWXo2eTFm -bnJYa0NYWW42V0VOWE52MDdwK0N3Q2VZMzNjCmVsWk5mQUlNbWhPanpLU04xQmNS -YlZnVTd5OGNybEUwMFNoZ3NjZWVzTncKLS0tIHFVbFIzV0s3MmY2S3ViRUsxTmI3 -cVpjRjVIMmVLSDJkZ1cwcEZ2SFZGemsKYrXMDabkAh02NX85ZL7U29AGgpaecSir -2oDXDv/BEdI3vzLivguQmw== ------END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/HEALTHCHECKS_SUPERUSER_EMAIL b/home/.chezmoitemplates/secrets/HEALTHCHECKS_SUPERUSER_EMAIL deleted file mode 100644 index 53a33cba..00000000 --- a/home/.chezmoitemplates/secrets/HEALTHCHECKS_SUPERUSER_EMAIL +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOThqUUEyUjFEUTBkUElQ -ZDlkcldTWDZGc2wyaldMbkgvcGdlUTdvMjM4CnEvTGlSZVVYSCt2dWZGb3Y1bWM0 -NStPOS8rcytUWGtFUGczaVNQQUFQY2MKLS0tIFB6OFNJYlEyNTE5alZXeW5TSkpO -REJ1NFVXSzRTU1RHc3dRSlZWMkdlS1EKqcmK27xpMAMnzLW+JEhQipSll/0vT59q -XoHH/cBJFknH9QQX1cRvlJh8Pjd7+bHaSZRnog== ------END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/JFS_RSA_PASSPHRASE b/home/.chezmoitemplates/secrets/JFS_RSA_PASSPHRASE new file mode 100644 index 00000000..bbb1027f --- /dev/null +++ b/home/.chezmoitemplates/secrets/JFS_RSA_PASSPHRASE @@ -0,0 +1,8 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWVlUVUQwbjQ5Y3hDdzha +WDRGYUtsOWxZWHhqeklXU0ZWT2JRL3VlUURrCkNXblhtb1VtM01BYUlFTFNncjNv +YnhVaFFpZUphZVNORkhpNjNpWnRDQVkKLS0tIEFqdHdSeE1ZR2FucjNTb0pDMXlh +eFhrUU1lekF5bTBCUE55OWxFWjB2U0kKllgRF50HsiFm4k/E+xaJgW+YckhPPaQz +hFneEtP2wzMHdp3Ggxb0B84BUsOhIufN+N2Y92vOTBFJQNSQIjdlAXlU0wIfpIsJ +o7QieS14mo6h +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_DOCKER b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_DOCKER new file mode 100644 index 00000000..02ce6905 --- /dev/null +++ b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_DOCKER @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVBZbmU1TVpEMHlTUytI +UWhOYXFlZEtpbEpnd2hyTURFWHFDdGJ2QjJFCktkZVBrM0lLS2g3a1l1QUk4b0Fv +a0dVR1o3cENzN3dVMW01T09rNjYzY28KLS0tIGEvNHNDdUR1WnhqWXJoQ2p2ZDl6 +YVNHV2ZTbFBmQTlnMVFUaWNLeVFLMG8KIXiPMJEcQE4JvIwUU9+cAbWfbHEKaHeF +9VFRKUXHIvVZGUIWTQyi8Ncvlxax3NtsYfsJmlX8nW3KVtBEWUsbYAdMSmMVOpm7 +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PRIVATE b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PRIVATE new file mode 100644 index 00000000..79df0a5a --- /dev/null +++ b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PRIVATE @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNWorWVVEN3pxQzAxcFV5 +OURFNGczMGc4dlgzbHlXZDhlbFVHRnFzNHdJCklldHIxb3J4Vlc1b2k1WCs5NnBj +UWN4MzRtdHFqWnorQ1JEU3l0a2FJWGMKLS0tIGdFaFdzSkRtb0w1Q0hlNllMcGRM +R09SSU92SjlHd2tQQkpEcG5VR0V6bzQKeEw5aZ21GtDvNVDiqwtk9BFY7Nn6ZVyf +g86oklgvT/rA0MLIlO7vViFHDGhR1M9Vh/55bIyEWMcjyienF8V21y3TMbiXAFeL +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PUBLIC b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PUBLIC new file mode 100644 index 00000000..7f981ec2 --- /dev/null +++ b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_PUBLIC @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNEg4aDEwMG5yVllSRWpz +S3VlZ2U2Z2NuSlJRcE5ROG1NU2V4d2pyQVgwClJ5WUNXWldLeFBpZjJKUWMwcHRW +VTcwZ3cwYnVCWENTYkNQRTMvZnYzMXcKLS0tIFIzWUh6RlhtK2lHdVo3NVVJQ09H +ejBiWklub2U0TGh6Q3U3YWhVaTJOZ1EKYfe4t1FHMSpvPdldnbkXFgbhYPq2xkFq +fERTMv2HJ+Pa9fJL/9AymsHsibwwliF+UAPXkSerAgUj1/PRRu1n1DkkifR1ATYq +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_USER b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_USER new file mode 100644 index 00000000..0ced64cc --- /dev/null +++ b/home/.chezmoitemplates/secrets/JUICEFS_WEB_TOKEN_USER @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dXBZKzVBMjVzd0xERzdu +bUVVOXMyRHIybHNLSUtwVXdzZExnOTBQRVNzCkVML0RkeXV0Y0lYd2s0Vk1XaUxJ +ZEZId2w3V0hjWkpNbWc1NEFxbzZlajAKLS0tIFUxamNJVi9oZndWbWgwNW9tdjdl +dlYyWGZHTEo1TnNBN1VOeTZnOFNlbzQK5vEQxgItGUr6MXDzQsaEI/GuS7ld/XXe +dbqKUSoKoUdrYVomWpJPx8MMBl7ZpJBDXu3E8OJKQR0GPacxbW1FVcMXJ5WB4ACc +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/MATRIX_HOMESERVER b/home/.chezmoitemplates/secrets/MATRIX_HOMESERVER new file mode 100644 index 00000000..8030d5b3 --- /dev/null +++ b/home/.chezmoitemplates/secrets/MATRIX_HOMESERVER @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEY2VZK3N0aWRsUDJvb3oy +VGNiRDVCdjNSajNxeG1zditEb0V0TklOR1dnCk5HNmV0L1lid1RoelFCTU15OGdU +NjZFZVl5MGovakFvQ2llTUpGRE43L1kKLS0tIGlhU0tWRGJwT3ZHS3FSNi9MMjdz +d3g5NjJ4ck84c0p3RlMreXdieEp3L28KWtVkffkcjNtMQnLSmh1mmu2mGteM5jFB +yF8Xg6LN2G+D9+Pu+7tAIfr+ +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/MINIO_ROOT_PASSWORD b/home/.chezmoitemplates/secrets/MINIO_ROOT_PASSWORD new file mode 100644 index 00000000..8526f0ff --- /dev/null +++ b/home/.chezmoitemplates/secrets/MINIO_ROOT_PASSWORD @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWGZCVTNMcStyRVJhK0Nm +d051b0xoSG0vcVBIeU5ubG11bW1rb2hDdVNnCnVlaVVuNEtwWE9tRmJkNFBUWjFC +Y3Y3YWVDYktobEZ0aFREM2pnelpVVTQKLS0tIE9YbWxvbmp1NVByWm5uRnB0a05q +dkVBSnhrNXJZcFlFYmticlFkbmIxM28KKAUG+xEhGFP+txeM7wdMjeTIGqB5/rvZ +d3eJONx0I8uGMZIotSKxtDkfeHJtY9FGbEL7PT4zINzC9xQ03em1rCBYTQoO +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/MINIO_ROOT_USER b/home/.chezmoitemplates/secrets/MINIO_ROOT_USER new file mode 100644 index 00000000..89d8fbc8 --- /dev/null +++ b/home/.chezmoitemplates/secrets/MINIO_ROOT_USER @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTXZiaWowWG5KeGFSTTNX +OW1nT1RsRTlKWHlWaXp1T245MElBV0pQUFhJCnIzaDZNd2MzTGY0NExLb2FsRU1n +eS9ONXJWbkJWY2lTY3pheHRPVGR1VEEKLS0tIGRBVE5uM1dNK2ZSQzQrL2MrRHcw +T0Q1T1dVWUxmRG5qQjNHck5UanAyWWcK8YxcQigegNtnp54GhHUTsmWqZzC3UH/Q +mnwMuDyLxEmjVsZ/vA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/docker/portainer_admin_password b/home/.chezmoitemplates/secrets/PORTAINER_ADMIN_PASSWORD similarity index 100% rename from home/.chezmoitemplates/docker/portainer_admin_password rename to home/.chezmoitemplates/secrets/PORTAINER_ADMIN_PASSWORD diff --git a/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_ID b/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_ID new file mode 100644 index 00000000..03346605 --- /dev/null +++ b/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_ID @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbEVOVlVkbCtWd2h4a3BE +ejhobTJIV0JDdWtFSmp2U1p0YThjbFVjSmk4CnVoS2xkMnBHNlJncnR0dkFHN24z +bk51U3JvMi8wMDA1OHAxTzFhUXhZa2cKLS0tIHhSQU9RSGRHNWYrWTNUKzNpaTFk +d1JCRlF0ZDU1YmVoTG9WTnNvL01uYTgKWJdaiA7r/QpsMjHbwEl5fR2ZcWNgWsOc +ZbOtQYn7TG3rsiObV+mvoRapHxKih8V6yvmADTkv8Ao0x9lipXjCzg== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_SECRET b/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_SECRET new file mode 100644 index 00000000..01705c4d --- /dev/null +++ b/home/.chezmoitemplates/secrets/PUSHBULLET_CLIENT_SECRET @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2aFVUbUs1OExZd01LUHNB +WnJVZnN5TTJXRGRkUXMvSFdVR3p0aWMwR0hvCnBHTWhNVy9pSCtiV3lxUitWTDBv +bFhxa21zcGRiV1o2RGgzNnVIamp0MjAKLS0tIE9QbVlmU25vc09vWVpmMjIwKzdW +cWgwN0JmdXFMcmN5UUY4cTNCaDY2Y1EKOuRonXPKhihvOXKNuoRtMtydUTQpAH0W +WBDbePLJIXNMtgn0CwS4tHOUX3+IiKxaEExrfuwUK2jYDlwZepOiaA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/STATPING_ADMIN_PASSWORD b/home/.chezmoitemplates/secrets/STATPING_ADMIN_PASSWORD new file mode 100644 index 00000000..ea5802a8 --- /dev/null +++ b/home/.chezmoitemplates/secrets/STATPING_ADMIN_PASSWORD @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJU2Irb0ZaR0kvK1FBOEVN +b1ZLUWMzdVNXZFlQZ24vODZyRXRPeGhKekgwClpZUmUzczVOSUVCRlg4K3I4MkZI +ZHZXRExqU252UWxnNVE3VzZKK0x6QkEKLS0tIEx3d1NqS3VOV2tpajYzZWhHMGZ6 +OGVFL3JwUG5yVXdNWjdjMW1MNnp5OU0K9gwvyg0QPRw+7grvHXWRHV4cKwuSxHxK +PiSTrmGjlR18rmEwJjPgyw5YZMPYGr15D9kZ/+EUFaBDGQwAGjkINw== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/STATPING_API_SECRET b/home/.chezmoitemplates/secrets/STATPING_API_SECRET index 25639bdc..6caa9cbf 100644 --- a/home/.chezmoitemplates/secrets/STATPING_API_SECRET +++ b/home/.chezmoitemplates/secrets/STATPING_API_SECRET @@ -1,8 +1,7 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbkRUamU0NVpmZElOR3lQ -aGtzajZNNVJORUI0UnlpZmd4ajBmKzVjWldZCmlJcDVMc0dvMnpJcXpRWksyQW9E -S0ZTcHNIRzNKd2p5OVRUNCtLN1lIVjQKLS0tIEMwTGQvSGUxNHdmUmcvUXQ0M2sr -bFpRRExaWDJrWkp2dU0xMnAyZ3J4WXcKBrfBa8E2UnEcul0K6nqKU0SbCD2zHFbT -ShxyuKF6NKLgG0gfNaQPqdELCL4LIF4h5E0jmlA+z/pJR6l2PBA0S6SP1/Rwiq8K -DaFIwQ6DT/+RzPl9Z/sLoYwMnw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIUXlDdkNPcEIzS0VOcFR6 +amNkcm1lV3lsWVkwWGhDdkhrT09kaTF1ODBFCkQ3T0FrOGgxYWNLaGxMbGs0VnhG +cy9jU0crUnNpVlNEK0RwWnpvSkV4OW8KLS0tIDEzUTdxTTM4bFBEQ1JzQnlMMjNG +RUJUY255VG02Z1FUTllFN3JSYThFTWcK8uYPAKXOlY6Ve+TXUUNgehp7TsFDTQV6 +gj2/TXcdVBXxEYTT14cGScC6rVULg4XhX8N8wgw0dUZjMKdP9ENHVA== -----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/STATPING_DATABASE_PASSWORD b/home/.chezmoitemplates/secrets/STATPING_DATABASE_PASSWORD new file mode 100644 index 00000000..8bdc6e24 --- /dev/null +++ b/home/.chezmoitemplates/secrets/STATPING_DATABASE_PASSWORD @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMjFkcGg5VkJsTExvMUZo +d0pYcEdKeDRlU0I4dzlFK1RVc1dKcmVvNXlvCnA5VStlRFJnZklqakpvMlAycTFX +WCtWOWhmRVBIcEMyVUZRb3d1SWZLQlUKLS0tIEFFZC9taGJYT2dsRVphNEZGdHpZ +TVpsalpJUTZETHg5aGNpd3hwQVBRL2MKxy3A2WHSJOhkf+p75hZWCXJ5W81jgxKr +QdZPBEjIBz0he6SJP2RxkQYY5IjMu7B+oAgZxoALpl6HYsJ7g6/NWtjYxQ== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/TELEGRAM_BOT_NAME b/home/.chezmoitemplates/secrets/TELEGRAM_BOT_NAME new file mode 100644 index 00000000..8069b1ad --- /dev/null +++ b/home/.chezmoitemplates/secrets/TELEGRAM_BOT_NAME @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLT2w2YlkxUHJkanRVWTZW +VjE1cXJxVVFHRDF1MHpxSXloa3pWeW1nS1dBCmVoWFErRTFkL0lwS0R2YzNUUkUv +Ry9JT1FRay9VREhjdE9UUXprVFJORHcKLS0tIG9GTjVWN3VaUi96eFNYRVpaR3Ez +bFJuRUNqa01pRFI4WHRRNzk3aGxPSjQKOanZs0XzXmyC2i+OZFfLbuHvmDi20KZh +1GAcOtzse78SkW8FP4hP71NZNki+q6c= +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_KEY b/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_KEY new file mode 100644 index 00000000..d73e2b90 --- /dev/null +++ b/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_KEY @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UTlyUzNVUXVWcFVOaDIr +TzEvbXVYMmtFRjdwMGlrTVNpZ1djUmVTU0dvCkdEcE9vcXJWN2l1MUFlK2M5aUov +TmQzeU1WM1FjSkE2OG1XR3RHTUpKMVUKLS0tIFNXVjJTQ3hNelFJYkxXUEp1Y2Q4 +dno5bUk2SzZDL2ZhZk9iRFduVTlyQ00K4QbZO2E8jENzEU2rHw8ITnqJeyHcv2qD +S6C/TFX/bMb1n0XEfOaBZGcoNdgbTul+07R12A== +-----END AGE ENCRYPTED FILE----- diff --git a/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_SECRET b/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_SECRET new file mode 100644 index 00000000..aefaac9f --- /dev/null +++ b/home/.chezmoitemplates/secrets/WASABI_ROOT_ACCESS_SECRET @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbnRhU0RTOTFqdWtneG9l +ZGs2dGFWWE0wckxJc2g1SXJBMFV2ZW9UcVVvCjNpOUg4ZmlacWg2UG1jZUpvVXg0 +b2RxWjRkbm1MT1ZhSmUxZHEybndvbUEKLS0tIDNoZVdpdzhKYkRjdnFnUVNQalNM +bmxLemlrMmVad2lJekk2bXlCWVl6TUUKi8NdpkB0qjXhZx8sRI5G47b/LefCYmbC +eDG3RpWvlxkUCgKhUzVYMWeBAklDngmOzNoWKak6wWFOEHF2HDpW5CocV2Eb0GYu +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_KEY b/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_KEY new file mode 100644 index 00000000..665403b2 --- /dev/null +++ b/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_KEY @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUM1NzaGp3S0ZDVmVjSnRk +eFZUQzNTZU8wZ2NscVBid2tIbmxzak4zZVJZCnpwY3JTK0NoR0p3SlpzT083NGZ3 +OGJkODVyVVF1cDBaMXdDektIeTFDcW8KLS0tIHNtNVgyUmJBR3NNNXhnbDJnVGNL +QUlDSlV4cUxpRmJ3dFdJK1ZhcGQ3eGsKHiRH69ZPqhsUVTUrQiQG6lxCCLt1UnRx +eFCL/LwTnLZAGOKUQSyGOg4oHgeChfwf3JX5hg== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_SECRET b/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_SECRET new file mode 100644 index 00000000..ade82560 --- /dev/null +++ b/home/.chezmoitemplates/secrets/WASABI_USER_ACCESS_SECRET @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Z2hjb0FaWHB1RldoOUow +UmRVNlMxeGN5Ritrb1NQc0Z0cjNOTXBnT1VrCllzMnNpS2pLS0pDQ0xyU3IzVGJL +cTdqYlRmaVoxZHJCMW9TV1ZLZmphUzAKLS0tIFYrUnBwL3JqUEVCOTd5VklqRXo3 +bXJ6WU5OcjhoQm9tamQ0YzBwZVo0Q0UKT/A1OlMwh5sulmFY3aKMX/d0JWectHRk +j2x4dQGFAcXwO0SlUMFB4Vs/mzWMc1p15RQrcP8/TiwfsFfm9W+6vc/eMVmqyjgN +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/WEBDAV_PASSWORD b/home/.chezmoitemplates/secrets/WEBDAV_PASSWORD new file mode 100644 index 00000000..41b61638 --- /dev/null +++ b/home/.chezmoitemplates/secrets/WEBDAV_PASSWORD @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NTMrMyt0RGNLTTlNa0Fn +Ri9BQVlRUWtiSXNHdTY3SDBiVDdWNTVUd1ZZCmZnY2lTQjY5Ynp3ZnBSZEFaTGdQ +QWN1bTZNa0h5djQxQXRNcHluRFc5MEkKLS0tIG9VSCtDYjRtTmx4cWljci9jbUhD +R0FPNHl4SngxbjUweWxvOEFmL2FzcmcK1UPhue5s3Fr3nliNFLVeGgIHw/sZyoQS +FctpK7bk1TACDPAf2Ta1wxZOufnNhgOAfYzavfx73/A= +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/WEBDAV_USER b/home/.chezmoitemplates/secrets/WEBDAV_USER new file mode 100644 index 00000000..1b4b3e83 --- /dev/null +++ b/home/.chezmoitemplates/secrets/WEBDAV_USER @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZnBac1dKam5IOFJJU2Rx +Sis3SGRSeXAvaHFjL3NhaDE1ZjIreGt5YmxjCjZ1OU84RE55TEZIZWZud0hBQytY +dTlxVkRDck9vT2FzeXNpYnIzS2NORlUKLS0tIHJKRzYrWU9wUWpzdTBoYStvd055 +dzZBUy9FYjhKWnJSd1NkVTBNS2oxZ1kK3b6y3/xth0LVfS/HKJvH7o4pUEChKLdX +FdhPE8d9OmUVu12vmoY= +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/dot_config/docker/TODO/healthchecks/docker-stack.yml.tmpl b/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl similarity index 63% rename from home/dot_config/docker/TODO/healthchecks/docker-stack.yml.tmpl rename to home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl index 741b523b..b5acb03d 100644 --- a/home/dot_config/docker/TODO/healthchecks/docker-stack.yml.tmpl +++ b/home/dot_config/docker/templates/healthchecks/docker-stack.yml.tmpl @@ -14,12 +14,12 @@ services: ALLOWED_HOSTS: "{{ .docker.healthchecks.allowedHosts }}" APPRISE_ENABLED: 'True' DB_HOST: postgres - DB_NAME_FILE: /run/secrets/healthchecks_db_name + DB_NAME: healthdb DB_PASSWORD_FILE: /run/secrets/healthchecks_db_password - DB_USER_FILE: /run/secrets/healthchecks_db_user + DB_USER: healthuser DEBUG: 'False' DEFAULT_FROM_EMAIL: "{{ .docker.healthchecks.defaultFromEmail }}" - EMAIL_HOST_PASSWORD_FILE: /run/secrets/healthchecks_sendgrid_api_key + EMAIL_HOST_PASSWORD_FILE: /run/secrets/sendgrid_api_key EMAIL_HOST_USER: {{ .host.smtp.user }} EMAIL_HOST: {{ .host.smtp.host }} EMAIL_PORT: {{ .host.smtp.port }} @@ -30,16 +30,35 @@ services: REGENERATE_SETTINGS: 'True' SECRET_KEY_FILE: /run/secrets/healthchecks_secret_key SHELL_ENABLED: 'True' - SITE_LOGO_URL: "{{ .docker.healthchecks.siteLogoUrl }}" - SITE_NAME: "{{ .docker.healthchecks.siteName }}" - SITE_ROOT: "{{ .docker.healthchecks.siteRoot }}" - SLACK_CLIENT_ID_FILE: /run/secrets/healthchecks_slack_client_id - SLACK_CLIENT_SECRET_FILE: /run/secrets/healthchecks_slack_client_secret + SITE_LOGO_URL: {{ .docker.healthchecks.siteLogoUrl }} + SITE_NAME: {{ .docker.healthchecks.siteName }} + SITE_ROOT: {{ .docker.healthchecks.siteRoot }} + SLACK_CLIENT_ID_FILE: /run/secrets/slack_client_id + SLACK_CLIENT_SECRET_FILE: /run/secrets/slack_client_secret SLACK_ENABLED: 'True' - SUPERUSER_EMAIL_FILE: /run/secrets/healthchecks_superuser_email + SUPERUSER_EMAIL: "{{ .user.email }}" SUPERUSER_PASSWORD_FILE: /run/secrets/healthchecks_superuser_password TZ: "{{ .user.timezone }}" WEBHOOKS_ENABLED: 'True' + DISCORD_CLIENT_ID: + DISCORD_CLIENT_SECRET: + MATRIX_HOMESERVER_FILE: /run/secrets/matrix_homeserver + MATRIX_USER_ID_FILE: /run/secrets/matrix_username + MATRIX_ACCESS_TOKEN_FILE: /run/secrets/matrix_access_token + APPRISE_ENABLED: 'True' + SHELL_ENABLED: 'True' + PUSHBULLET_CLIENT_ID_FILE: /run/secrets/pushbullet_client_id + PUSHBULLET_CLIENT_SECRET_FILE: /run/secrets/pushbullet_client_secret + S3_ACCESS_KEY: + S3_BUCKET: + S3_ENDPOINT: + S3_REGION: + S3_SECRET_KEY: + TELEGRAM_BOT_NAME: /run/secrets/telegram_bot_name + TELEGRAM_TOKEN: /run/secrets/telegram_bot_token + TWILIO_ACCOUNT: /run/secrets/twilio_account_sid + TWILIO_AUTH: /run/secrets/twilio_auth_token + TWILIO_FROM: /run/secrets/twilio_from_number deploy: mode: replicated replicas: 1 @@ -50,15 +69,16 @@ services: - "2525:2525" restart: unless-stopped secrets: - - healthchecks_db_name - healthchecks_db_password - - healthchecks_db_user - healthchecks_secret_key - - healthchecks_sendgrid_api_key - - healthchecks_slack_client_id - - healthchecks_slack_client_secret - - healthchecks_superuser_email + - sendgrid_api_key + - slack_client_id + - slack_client_secret + - telegram_bot_name + - telegram_bot_token - healthchecks_superuser_password + - pushbullet_client_id + - pushbullet_client_secret postgres: container_name: Postgres @@ -97,7 +117,7 @@ secrets: external: true healthchecks_secret_key: external: true - healthchecks_sendgrid_api_key: + sendgrid_api_key: external: true healthchecks_slack_client_id: external: true diff --git a/home/dot_config/docker/TODO/statping/docker-compose.yml.tmpl b/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl similarity index 74% rename from home/dot_config/docker/TODO/statping/docker-compose.yml.tmpl rename to home/dot_config/docker/templates/statping/docker-compose.yml.tmpl index 92d5f27d..64b27874 100644 --- a/home/dot_config/docker/TODO/statping/docker-compose.yml.tmpl +++ b/home/dot_config/docker/templates/statping/docker-compose.yml.tmpl @@ -21,12 +21,12 @@ services: VIRTUAL_PORT: 8072 DB_CONN: postgres DB_HOST: postgres - ADMIN_USER_FILE: /run/secrets/statping_admin_user + ADMIN_USER: admin ADMIN_PASSWORD_FILE: /run/secrets/statping_admin_password API_SECRET_FILE: /run/secrets/statping_api_secret - DB_USER_FILE: /run/secrets/statping_database_user + DB_USER: statuser DB_PASS_FILE: /run/secrets/statping_database_password - DB_DATABASE_FILE: /run/secrets/statping_database_name + DB_DATABASE: statdb NAME: "{{ .docker.statping.name }}" DESCRIPTION: "{{ .docker.statping.description }}" DOMAIN: "status.{{ .host.domain }}" @@ -34,12 +34,9 @@ services: mode: replicated replicas: 1 secrets: - - statping_admin_user - statping_admin_password - statping_api_secret - - statping_database_name - statping_database_password - - statping_database_user postgres: container_name: Postgres @@ -51,15 +48,13 @@ services: - statping_network environment: POSTGRES_PASSWORD_FILE: /run/secrets/statping_database_password - POSTGRES_USER_FILE: /run/secrets/statping_database_user - POSTGRES_DB_FILE: /run/secrets/statping_database_name + POSTGRES_USER: statuser + POSTGRES_DB: statdb deploy: mode: replicated replicas: 1 secrets: - - statping_database_name - statping_database_password - - statping_database_user networks: statping_network: @@ -72,16 +67,10 @@ networks: secrets: statping_admin_password: external: true - statping_admin_user: - external: true statping_api_secret: external: true - statping_database_name: - external: true statping_database_password: external: true - statping_database_user: - external: true volumes: statping_app: diff --git a/home/dot_config/docker/TODO/statping/services.yml b/home/dot_config/docker/templates/statping/services.yml similarity index 100% rename from home/dot_config/docker/TODO/statping/services.yml rename to home/dot_config/docker/templates/statping/services.yml diff --git a/home/dot_config/samba/config.tmpl b/home/dot_config/samba/config.tmpl index fc6cb54a..6966854d 100644 --- a/home/dot_config/samba/config.tmpl +++ b/home/dot_config/samba/config.tmpl @@ -10,6 +10,9 @@ # Allow using DNS to specify allowed hosts # Source: https://serverfault.com/questions/702455/samba-hosts-allow-example-com dns proxy = yes + # Required for macOS JuiceFS Samba + ea support = yes + passdb backend = tdbsam security = user server role = standalone server server string = Samba on %L @@ -23,12 +26,37 @@ # unix extension = no # wide links = yes +[default] + ### Source: https://gist.github.com/jbfriedrich/49b186473486ac72c4fe194af01288be + # Use NTFS streams if supported + streams = yes + # Soft mount by default + soft = yes + # Disable signing due to macOS bug + signing_required = no + # Disable directory caching + dir_cache_off = yes + # Lock negotiation to SMB2/3 only + # 7 == 0111 SMB 1/2/3 should be enabled + # 6 == 0110 SMB 2/3 should be enabled + # 4 == 0100 SMB 3 should be enabled + protocol_vers_map = 6 + # No SMB1, so we disable NetBIOS + port445 = no_netbios + # Turn off notifications + notify_off = yes + # SMB Multichannel behavior + # To disable multichannel support completely uncomment the next line + # mc_on=no + # Some Wi-Fi networks advertise faster speeds than the connected wired network. + mc_prefer_wired = yes + [Private] browsable = yes comment = Authenticated share with read/write capabilities (backed up to S3) follow symlinks = yes guest only = no - path = /mnt/Private + path = /mnt/private public = no unix extension = yes valid users = @sambausers @@ -40,7 +68,7 @@ comment = Public folder provided for file sharing on the LAN (backed up to S3) follow symlinks = no guest only = yes - path = /mnt/Public + path = /mnt/public public = yes writable = yes diff --git a/home/dot_config/shell/exports.sh.tmpl b/home/dot_config/shell/exports.sh.tmpl index 855a946b..fc335b09 100644 --- a/home/dot_config/shell/exports.sh.tmpl +++ b/home/dot_config/shell/exports.sh.tmpl @@ -286,6 +286,9 @@ fi ### IPFS export IPFS_PATH="${XDG_DATA_HOME:-$HOME/.local/share}/ipfs" +### JuiceFS +export JFS_PRIVATE_KEY="$HOME/.local/etc/juicefs/cert.pem" + ### k9s export K9SCONFIG="${XDG_CONFIG_HOME:-$HOME/.config}/k9s" diff --git a/home/dot_config/shell/private_private.sh.tmpl b/home/dot_config/shell/private_private.sh.tmpl index 972f1ecc..f126f106 100644 --- a/home/dot_config/shell/private_private.sh.tmpl +++ b/home/dot_config/shell/private_private.sh.tmpl @@ -82,9 +82,16 @@ if [ -d /Applications/Cisco ]; then export WORK_ENVIRONMENT=true fi +### JuiceFS +export JFS_RSA_PASSPHRASE="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JFS_RSA_PASSPHRASE")) }}{{ includeTemplate "secrets/JFS_RSA_PASSPHRASE" | decrypt | trim }}{{ else }}{{ env "JFS_RSA_PASSPHRASE" }}{{ end }}" + ### Megabyte Labs export FULLY_AUTOMATED_TASKS=true +### Minio +export MINIO_ROOT_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_USER")) }}{{ includeTemplate "secrets/MINIO_ROOT_USER" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_USER" }}{{ end }}" +export MINIO_ROOT_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_PASSWORD")) }}{{ includeTemplate "secrets/MINIO_ROOT_PASSWORD" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_PASSWORD" }}{{ end }}" + ### NPM export NPM_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NPM_TOKEN")) }}{{ includeTemplate "secrets/NPM_TOKEN" | decrypt | trim }}{{ else }}{{ env "NPM_TOKEN" }}{{ end }}" @@ -127,13 +134,16 @@ export SURGE_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" ### Tailscale export TAILSCALE_AUTH_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "TAILSCALE_AUTH_KEY")) }}{{ includeTemplate "secrets/TAILSCALE_AUTH_KEY" | decrypt | trim }}{{ else }}{{ env "TAILSCALE_AUTH_KEY" }}{{ end }}" - ### Vagrant Cloud export VAGRANT_CLOUD_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VAGRANT_CLOUD_TOKEN")) }}{{ includeTemplate "secrets/VAGRANT_CLOUD_TOKEN" | decrypt | trim }}{{ else }}{{ env "VAGRANT_CLOUD_TOKEN" }}{{ end }}" ### VMWare export VMWARE_WORKSTATION_LICENSE_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VMWARE_WORKSTATION_LICENSE_KEY")) }}{{ includeTemplate "secrets/VMWARE_WORKSTATION_LICENSE_KEY" | decrypt | trim }}{{ else }}{{ default "4C21U-2KK9Q-M8130-4V2QH-CF810" (env "VMWARE_WORKSTATION_LICENSE_KEY") }}{{ end }}" +### WebDAV +export WEBDAV_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_USER")) }}{{ includeTemplate "secrets/WEBDAV_USER" | decrypt | trim }}{{ else }}{{ env "WEBDAV_USER" }}{{ end }}" +export WEBDAV_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_PASSWORD")) }}{{ includeTemplate "secrets/WEBDAV_PASSWORD" | decrypt | trim }}{{ else }}{{ env "WEBDAV_PASSWORD" }}{{ end }}" + ### Xcodes # Apple ID username and password export XCODES_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "APPLE_USERNAME")) }}{{ includeTemplate "secrets/APPLE_USERNAME" | decrypt | trim }}{{ else }}{{ env "APPLE_USERNAME" }}{{ end }}" diff --git a/home/dot_local/bin/installx/executable_juicefs b/home/dot_local/bin/installx/executable_juicefs new file mode 100644 index 00000000..6474b577 --- /dev/null +++ b/home/dot_local/bin/installx/executable_juicefs @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# @file JuiceFS +# @brief Mounts various S3-backed storage volumes (assuming correct secrets are in place) +# @description +# This script handles the mounting of various S3-backed storage volumes via [JuiceFS](https://juicefs.com/en/). +# The script will attempt to mount four different S3 volumes: +# +# 1. `public-{ { .juicefsVolumeNamePostfix } }` +# 2. `private-{ { .juicefsVolumeNamePostfix } }` +# 3. `docker-{ { .juicefsVolumeNamePostfix } }` +# 4. `user-{ { .juicefsVolumeNamePostfix } }` +# +# Where `{ { .juicefsVolumeNamePostfix } }` is replaced with the name stored in `home/.chezmoidata.yaml`. +# When creating the four volumes in the [JuiceFS console](https://juicefs.com/console/), it is important that you name the volumes using +# these four volume names. + +MOUNT_FOLDER="/mnt" +UPDATE_FSTAB="--update-fstab" +if [ -d /Applications ] && [ -d /System ]; then + ### macOS + MOUNT_FOLDER="/Volumes" + UPDATE_FSTAB="" +elif [ -f /snap/juicefs/current/juicefs ]; then + logg info 'Symlinking /snap/juicefs/current/juicefs to /snap/bin/juicefs' && sudo ln -s -f /snap/juicefs/current/juicefs /snap/bin/juicefs +fi + +logg info "Acquiring juicefsVolumeNamePostfix from ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoidata.yaml" +JUICEFS_VOLUME_PREFIX="$(yq '.juicefsVolumeNamePostfix' "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoidata.yaml")" +for MOUNT_NAME in "docker" "private" "public" "user"; do + if [ "$MOUNT_NAME" == "user" ]; then + sudo juicefs mount --enable-xattr -o user_id="$(id -u "$USER")",group_id="$(id -g "$USER")" --conf-dir "${XDG_CONFIG_HOME:-$HOME/.config}/juicefs" -b $UPDATE_FSTAB "${JUICEFS_VOLUME_PREFIX}-${MOUNT_NAME}" "$HOME/.local/jfs" + else + sudo juicefs mount --enable-xattr --conf-dir /root/.juicefs $UPDATE_FSTAB -b "${JUICEFS_VOLUME_PREFIX}-${MOUNT_NAME}" "${MOUNT_FOLDER}/jfs-${MOUNT_NAME}" + fi +done + +### Linux systemd +if command -v systemctl > /dev/null; then + logg info 'Ensuring /etc/systemd/system/docker.service.d exists as a directory' && sudo mkdir -p /etc/systemd/system/docker.service.d + logg info 'Creating /etc/systemd/system/docker.service.d/override.conf which ensures JuiceFS is loaded before Docker starts' + echo '[Unit]' | sudo tee /etc/systemd/system/docker.service.d/override.conf + echo 'After=network-online.target firewalld.service containerd.service jfs.mount' | sudo tee -a /etc/systemd/system/docker.service.d/override.conf +fi diff --git a/home/dot_local/etc/juicefs/cert.pem.tmpl b/home/dot_local/etc/juicefs/cert.pem.tmpl new file mode 100644 index 00000000..f39b15ee --- /dev/null +++ b/home/dot_local/etc/juicefs/cert.pem.tmpl @@ -0,0 +1,3 @@ +{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "juicefs.pem")) -}} +{{ includeTemplate "files/juicefs.pem" | decrypt -}} +{{- end -}} \ No newline at end of file diff --git a/home/dot_local/etc/prometheus/private_prometheus.yml.tmpl b/home/dot_local/etc/prometheus/private_prometheus.yml.tmpl index 9fba3757..82f56fa2 100644 --- a/home/dot_local/etc/prometheus/private_prometheus.yml.tmpl +++ b/home/dot_local/etc/prometheus/private_prometheus.yml.tmpl @@ -9,4 +9,28 @@ scrape_configs: scrape_interval: 30s bearer_token: '{{ if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "STATPING_API_SECRET")) }}{{ includeTemplate "secrets/STATPING_API_SECRET" | decrypt | trim }}{{ else }}{{ default "" (env "STATPING_API_SECRET") }}{{ end }}' static_configs: - - targets: ['status.{{ .host.domain }}'] \ No newline at end of file + - targets: ['status.{{ .host.domain }}'] + - job_name: 'juicefs-private' + scrape_interval: 15s + scheme: 'https' + metrics_path: '/api/vol/private/metrics' + params: + token: ['API_TOKEN'] + static_configs: + - targets: ['juicefs.com'] + - job_name: 'juicefs-public' + scrape_interval: 15s + scheme: 'https' + metrics_path: '/api/vol/public/metrics' + params: + token: ['API_TOKEN'] + static_configs: + - targets: ['juicefs.com'] + - job_name: 'juicefs-user' + scrape_interval: 15s + scheme: 'https' + metrics_path: '/api/vol/user/metrics' + params: + token: ['API_TOKEN'] + static_configs: + - targets: ['juicefs.com'] \ No newline at end of file diff --git a/software.yml b/software.yml index 09ae0068..7d633c75 100644 --- a/software.yml +++ b/software.yml @@ -10394,6 +10394,11 @@ softwarePackages: flatpak: org.audacityteam.Audacity scoop: extras/audacity snap: audacity + turbo: + _bin: turbo + _github: https://github.com/vercel/turbo + _name: Turbo + npm: turbo bazelisk: _bin: bazelisk _desc: A user-friendly launcher for Bazel. @@ -11685,6 +11690,17 @@ softwarePackages: #!/usr/bin/env bash micromamba self-update brew: micromamba + sapling: + _bin: sl + _name: Sapling + _github: https://github.com/facebook/sapling + brew: sapling + pacman: sapling-scm-bin + script:windows: | + curl -sSL https://github.com/facebook/sapling/releases/latest > ~/Downloads/sapling_windows_0.2.20231113-145254+995db0d6_amd64.zip + Expand-Archive ~/Downloads/sapling_windows_0.2.20231113-145254+995db0d6_amd64.zip 'C:\Program Files' + setx PATH "$env:PATH;C:\Program Files\Sapling" -m + Set-Alias -Name sl -Value 'C:\Program Files\Sapling\sl.exe' -Force -Option Constant,ReadOnly,AllScope steam: _bin: steam _github: false @@ -11707,6 +11723,36 @@ softwarePackages: flatpak: com.microsoft.Teams snap: teams-for-linux yay: teams-for-linux + ninja: + _bin: ninja + _github: https://github.com/Supervisor/supervisor + _name: Ninja + apt: ninja + dnf: ninja + brew: ninja + pacman: ninja + zypper: ninja + juicefs: + _bin: juicefs + _github: https://github.com/juicedata/juicefs + _name: JuiceFS + _post: | + #!/usr/bin/env sh + . "$HOME/.local/bin/installx/juicefs.sh" + brew: juicefs + scoop: juicefs + snap: juicefs + yay: juicefs + supervisor: + _bin: supervisord + _github: https://github.com/Supervisor/supervisor + _name: Supervisor + apt: supervisor + dnf: supervisor + brew: supervisor + pacman: supervisor + pipx: supervisor + zypper: supervisor has: _bin: has _github: https://github.com/kdabir/has diff --git a/system/etc/logrotate.d/juicefs b/system/etc/logrotate.d/juicefs new file mode 100644 index 00000000..594e2bb4 --- /dev/null +++ b/system/etc/logrotate.d/juicefs @@ -0,0 +1,9 @@ +/var/log/juicefs.log { + daily + rotate 7 + compress + delaycompress + missingok + notifempty + copytruncate +} \ No newline at end of file