Compare commits
8 Commits
daccaf3819
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
7cde2f5123
|
|||
|
b6efc9f55a
|
|||
|
888fac609f
|
|||
|
f6d7848914
|
|||
|
a38f0c6487
|
|||
|
c48fb6bf3a
|
|||
|
b1a09b76b3
|
|||
|
bda189c903
|
@@ -7,7 +7,6 @@ services:
|
||||
- "traefik.http.routers.actual-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.actual.rule=Host(`actual.skrd.fun`)"
|
||||
- "traefik.http.routers.actual.entrypoints=websecure"
|
||||
- "traefik.http.routers.actual.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.actual.tls.certresolver=cf"
|
||||
- "traefik.http.services.actual.loadbalancer.server.port=5006"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
actual_server:
|
||||
image: ghcr.io/actualbudget/actual:latest
|
||||
image: ghcr.io/actualbudget/actual:v26.2.0
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DATA_DIR}:/data
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
DATA_DIR="./crowdsec"
|
||||
COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs"
|
||||
GID=1000
|
||||
@@ -1,24 +0,0 @@
|
||||
services:
|
||||
crowdsec:
|
||||
image: crowdsecurity/crowdsec
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 127.0.0.1:9876:8080
|
||||
expose:
|
||||
- 8080
|
||||
- 6060
|
||||
- 7422
|
||||
environment:
|
||||
COLLECTIONS: "${COLLECTIONS}"
|
||||
GID: "${GID-1000}"
|
||||
volumes:
|
||||
- "${DATA_ROOT}/crowdsec/data:/var/lib/crowdsec/data/"
|
||||
- "${DATA_ROOT}/crowdsec/config:/etc/crowdsec/"
|
||||
- "${DATA_ROOT}/traefik/logs:/var/log/traefik:ro"
|
||||
- /var/log/auth.log:/var/log/auth.log:ro
|
||||
- /var/log/syslog:/var/log/syslog:ro
|
||||
networks:
|
||||
- traefik
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
cloudflare-ddns:
|
||||
image: favonia/cloudflare-ddns:latest
|
||||
image: favonia/cloudflare-ddns:1.15.1
|
||||
restart: always
|
||||
user: "1000:1000"
|
||||
read_only: true
|
||||
|
||||
@@ -7,7 +7,6 @@ services:
|
||||
- "traefik.http.routers.gametabs-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.gametabs.rule=Host(`gametabs.skrd.fun`)"
|
||||
- "traefik.http.routers.gametabs.entrypoints=websecure"
|
||||
- "traefik.http.routers.gametabs.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.gametabs.tls.certresolver=cf"
|
||||
- "traefik.http.services.gametabs.loadbalancer.server.port=80"
|
||||
|
||||
|
||||
@@ -11,7 +11,6 @@ services:
|
||||
- "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)"
|
||||
- "traefik.http.routers.gitea.entrypoints=websecure"
|
||||
- "traefik.http.routers.gitea.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.gitea.tls.certresolver=cf"
|
||||
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
gitea:
|
||||
image: gitea/gitea:latest
|
||||
image: gitea/gitea:1.25.4
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
USER_UID: ${USER_UID}
|
||||
@@ -13,7 +13,7 @@ services:
|
||||
- gitea-db
|
||||
|
||||
runner:
|
||||
image: gitea/act_runner:latest
|
||||
image: gitea/act_runner:0.2.13
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
CONFIG_FILE: /config/config.yaml
|
||||
|
||||
@@ -8,7 +8,6 @@ services:
|
||||
- "traefik.http.routers.immich-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)"
|
||||
- "traefik.http.routers.immich.entrypoints=websecure"
|
||||
- "traefik.http.routers.immich.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.immich.tls.certresolver=cf"
|
||||
- "traefik.http.services.immich.loadbalancer.server.port=2283"
|
||||
networks:
|
||||
|
||||
@@ -8,7 +8,6 @@ services:
|
||||
- "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)"
|
||||
- "traefik.http.routers.jellyfin.entrypoints=websecure"
|
||||
- "traefik.http.routers.jellyfin.tls.certresolver=cf"
|
||||
- "traefik.http.routers.jellyfin.middlewares=crowdsec@file"
|
||||
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
|
||||
networks:
|
||||
default:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
jellyfin:
|
||||
image: jellyfin/jellyfin
|
||||
image: jellyfin/jellyfin:10
|
||||
restart: "unless-stopped"
|
||||
user: 1000:1000
|
||||
volumes:
|
||||
|
||||
@@ -5,12 +5,9 @@ services:
|
||||
- "traefik.http.routers.books-web.rule=Host(`books.skrd.fun`)"
|
||||
- "traefik.http.routers.books-web.entrypoints=web"
|
||||
- "traefik.http.routers.books-web.middlewares=redirect-to-https@file"
|
||||
|
||||
- "traefik.http.routers.books.rule=Host(`books.skrd.fun`)"
|
||||
- "traefik.http.routers.books.entrypoints=websecure"
|
||||
- "traefik.http.routers.books.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.books.tls.certresolver=cf"
|
||||
|
||||
- "traefik.http.services.books.loadbalancer.server.port=5000"
|
||||
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
kavita:
|
||||
image: jvmilazz0/kavita:latest
|
||||
image: jvmilazz0/kavita:0.7.8
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "${MEDIA_BOOKS}:/books"
|
||||
|
||||
@@ -2,6 +2,7 @@ POSTGRES_USER="miniflux"
|
||||
POSTGRES_PASSWORD="secret"
|
||||
POSTGRES_DB="miniflux"
|
||||
|
||||
DATA_DIR="./database"
|
||||
DATABASE_URL="postgres://miniflux:secret@db/miniflux?sslmode=disable"
|
||||
|
||||
ADMIN_USERNAME="ryuuji"
|
||||
|
||||
@@ -8,7 +8,6 @@ services:
|
||||
- "traefik.http.routers.rss-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.rss.rule=Host(`rss.skrd.fun`)"
|
||||
- "traefik.http.routers.rss.entrypoints=websecure"
|
||||
- "traefik.http.routers.rss.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.rss.tls.certresolver=cf"
|
||||
- "traefik.http.services.rss.loadbalancer.server.port=8080"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
miniflux:
|
||||
image: miniflux/miniflux:latest
|
||||
image: miniflux/miniflux:2.2.17
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
@@ -18,11 +18,8 @@ services:
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
volumes:
|
||||
- miniflux-db:/var/lib/postgresql
|
||||
- ${DATA_DIR}:/var/lib/postgresql
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "miniflux"]
|
||||
test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}"]
|
||||
interval: 10s
|
||||
start_period: 30s
|
||||
|
||||
volumes:
|
||||
miniflux-db:
|
||||
|
||||
@@ -7,7 +7,6 @@ services:
|
||||
- "traefik.http.routers.navidrome-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.navidrome.rule=Host(`navi.skrd.fun`)"
|
||||
- "traefik.http.routers.navidrome.entrypoints=websecure"
|
||||
- "traefik.http.routers.navidrome.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.navidrome.tls.certresolver=cf"
|
||||
- "traefik.http.services.navidrome.loadbalancer.server.port=4533"
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
navidrome:
|
||||
image: deluan/navidrome:latest
|
||||
image: deluan/navidrome:0.60.3
|
||||
user: 1000:1000
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
|
||||
@@ -7,7 +7,6 @@ services:
|
||||
- "traefik.http.routers.qbittorrent-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.qbittorrent.rule=Host(`torrent.skrd.fun`)"
|
||||
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
|
||||
- "traefik.http.routers.qbittorrent.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.qbittorrent.tls.certresolver=cf"
|
||||
- "traefik.http.services.qbittorrent.loadbalancer.server.port=${WEBUI_PORT}"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
qbittorrent:
|
||||
image: lscr.io/linuxserver/qbittorrent:latest
|
||||
image: lscr.io/linuxserver/qbittorrent:5.1.4
|
||||
environment:
|
||||
- PUID=${PUID}
|
||||
- PGID=${PGID}
|
||||
@@ -9,6 +9,7 @@ services:
|
||||
- TORRENTING_PORT=${TORRENTING_PORT}
|
||||
ports:
|
||||
- "${TORRENTING_PORT}:${TORRENTING_PORT}"
|
||||
- "${TORRENTING_PORT}:${TORRENTING_PORT}/udp"
|
||||
volumes:
|
||||
- ${DATA_DIR}:/config
|
||||
- ${DOWNLOADS_DIR}:/downloads
|
||||
|
||||
@@ -7,7 +7,6 @@ services:
|
||||
- "traefik.http.routers.speed-web.middlewares=redirect-to-https@file"
|
||||
- "traefik.http.routers.speed.rule=Host(`speed.skrd.fun`)"
|
||||
- "traefik.http.routers.speed.entrypoints=websecure"
|
||||
- "traefik.http.routers.speed.middlewares=crowdsec@file"
|
||||
- "traefik.http.routers.speed.tls.certresolver=cf"
|
||||
- "traefik.http.services.speed.loadbalancer.server.port=3000"
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
services:
|
||||
speedtest:
|
||||
image: openspeedtest/latest
|
||||
image: openspeedtest/latest:v2.0.6
|
||||
restart: unless-stopped
|
||||
|
||||
@@ -3,4 +3,3 @@ DYNAMIC_DIR="./dynamic"
|
||||
|
||||
CF_API_EMAIL=email@example.com
|
||||
CF_DNS_API_TOKEN=secret
|
||||
CROWDSEC_LAPI_KEY="secret"
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.5
|
||||
image: traefik:v3.6
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- "--log.level=DEBUG"
|
||||
- "--accesslog=true"
|
||||
- "--accesslog.filepath=/logs/traefik-access.log"
|
||||
- "--accesslog.format=json"
|
||||
@@ -16,15 +15,12 @@ services:
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--providers.file.directory=/dynamic"
|
||||
- "--providers.file.watch=true"
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
- "--entryPoints.web.address=:80"
|
||||
- "--entryPoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.cf.acme.dnschallenge=true"
|
||||
- "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
|
||||
- "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
|
||||
- "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
|
||||
- "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
|
||||
- "--experimental.plugins.bouncer.version=v1.4.6"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
@@ -38,7 +34,7 @@ services:
|
||||
- "traefik.http.routers.dashboard.tls=true"
|
||||
- "traefik.http.routers.dashboard.tls.certresolver=cf"
|
||||
- "traefik.http.routers.dashboard.service=api@internal"
|
||||
- "traefik.http.routers.dashboard.middlewares=local-only@file, crowdsec@file"
|
||||
- "traefik.http.routers.dashboard.middlewares=local-only@file"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "${DYNAMIC_DIR}:/dynamic"
|
||||
|
||||
@@ -12,25 +12,3 @@ http:
|
||||
replacePathRegex:
|
||||
regex: ^/$
|
||||
replacement: /admin/
|
||||
crowdsec:
|
||||
plugin:
|
||||
bouncer:
|
||||
enabled: true
|
||||
defaultDecisionSeconds: 60
|
||||
crowdsecMode: live
|
||||
crowdsecAppsecEnabled: true
|
||||
crowdsecAppsecHost: crowdsec:7422
|
||||
crowdsecAppsecFailureBlock: true
|
||||
crowdsecAppsecUnreachableBlock: true
|
||||
crowdsecLapiKey: mvBM8BzhJ1/P8Lcb72gsIn5JNgQCzwsRSKNuBJqJ/0Q
|
||||
crowdsecLapiHost: crowdsec:8080
|
||||
crowdsecLapiScheme: http
|
||||
crowdsecLapiTLSInsecureVerify: false
|
||||
forwardedHeadersTrustedIPs:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
clientTrustedIPs:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
version: "3"
|
||||
services:
|
||||
db:
|
||||
image: mariadb
|
||||
|
||||
Reference in New Issue
Block a user