Merge branch 'master' into onramp-rework-env

.githooks/pre-commit

@@ -1,3 +1,3 @@
 #!/bin/sh
-echo "Running pre-commit hook yamllint..."
+echo "Running pre-commit yamllint checks..."
 yamllint -c .yamllint .

.templates/service.template

@@ -25,10 +25,10 @@ services:
       - TZ=${TZ}
     labels:
       - joyride.host.name=${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN}
-      - traefik.enable=true
+      - traefik.enable=${${SERVICE_PASSED_UPCASED}_TRAEFIK_ENABLED:-true}
       - traefik.http.routers.${SERVICE_PASSED_DNCASED}.entrypoints=websecure
       - traefik.http.routers.${SERVICE_PASSED_DNCASED}.rule=Host(`${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN}`)
       #- traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.scheme=https # enable if the service wants to connect over https
       - traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.port=8096
-      - com.centurylinklabs.watchtower.enable=true
-      - autoheal=true
+      - com.centurylinklabs.watchtower.enable=${${SERVICE_PASSED_UPCASED}_WATCHTOWER_ENABLED:-true}
+      - autoheal=${${SERVICE_PASSED_UPCASED}_AUTOHEAL_ENABLED:-true}

SERVICES.md

@@ -1,5 +1,5 @@
 # Available Services
-175 services and counting...
+173 services and counting...
 
 
 - [adguard](https://github.com/AdguardTeam/AdGuardHome): Network-wide ad blocker and privacy tool
@@ -14,8 +14,9 @@
 - [basaran](https://github.com/hyperonym/basaran): Container for running basaran, a web-based file manager
 - [bazarr](https://hub.docker.com/r/linuxserver/bazarr): Manages subtitles for media content
 - [cadvisor](https://hub.docker.com/r/google/cadvisor/): Collects and analyzes resource usage and performance characteristics of running containers
+- [cert-dumper](https://github.com/ldez/traefik-certs-dumper): Extracts ssl certificate information from websites
 - [chromadb](https://github.com/chroma-core/chroma/): Chromecast database and controller
-- [cloudflare-ddns](https://github.com/oznu/docker-cloudflare-ddns): 
+- [cloudflare-ddns](https://github.com/oznu/docker-cloudflare-ddns): Updates dns records on cloudflare dynamically
 - [cloudflare-tunnel-gui](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/): Provides a graphical interface for cloudflare tunnel
 - [cloudflare-tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/): Creates secure tunnels to expose local services
 - [code-server](https://github.com/coder/code-server): Runs visual studio code in a web browser
@@ -27,8 +28,9 @@
 - [dashdot](https://github.com/MauriceNino/dashdot): Dashboard for monitoring docker containers
 - [dashy](https://github.com/Lissy93/dashy): Customizable dashboard for displaying information
 - [docker-proxy](https://github.com/Tecnativa/docker-socket-proxy): Proxy for docker containers
-- [dozzle-host](https://github.com/amir20/dozzle): Web-based docker container log viewer
+- docker-registry: <= put a brief description of docker-registry here =>
 - [dozzle-path](https://github.com/amir20/dozzle): Path-based reverse proxy for dozzle
+- [dozzle](https://github.com/amir20/dozzle): Web-based docker container log viewer
 - [droneci](https://github.com/harness/drone): Continuous integration and delivery platform
 - [duplicati](https://www.duplicati.com/): Backs up files and folders to various storage destinations
 - [excalidraw](https://excalidraw.com/): Collaborative whiteboard tool
@@ -60,19 +62,17 @@
 - [influxdb](https://hub.docker.com/_/influxdb): Time-series database for metrics and events
 - [itflow](https://itflow.org/): Workflow automation tool
 - [jellyfin](https://hub.docker.com/r/linuxserver/jellyfin): Media server for streaming content
-- [jellyseer](https://github.com/Fallenbagel/jellyseerr/tree/develop): 
 - [jellyseerr](https://github.com/Fallenbagel/jellyseerr/tree/develop): Container for running jellyseerr, a torrent indexer
 - [joplin](https://joplinapp.org/): Note-taking and to-do app
-- [joyride-host](https://github.com/ilude/joyride): Container for running joyride, a web-based dashboard
 - [joyride](https://github.com/ilude/joyride): Web-based dashboard for monitoring services
 - [kaizoku](https://github.com/oae/kaizoku): Web-based anime downloader
 - [kasm](https://hub.docker.com/r/linuxserver/kasm): Browser-based access to desktops, applications, and web services
+- [kestra](https://github.com/kestra-io/kestra): <= put a brief description of kestra here =>
 - [kimai](https://github.com/tobybatch/kimai2): Time-tracking software for freelancers and small businesses
 - [komga](https://komga.org/docs/installation/docker/): Web-based comic book server
 - [librespeed](https://hub.docker.com/r/linuxserver/librespeed): Self-hosted internet speed test tool
 - [lidarr](https://hub.docker.com/r/linuxserver/lidarr): Manages music collections and downloads
 - [linkding](https://github.com/sissbruecker/linkding): Self-hosted bookmark manager
-- [loki](https://grafana.com/docs/loki/latest/installation/docker/): 
 - [lychee](https://github.com/LycheeOrg/Lychee-Docker): Photo management and sharing platform
 - [mailhog](https://github.com/mailhog/MailHog): Mail testing tool for developers
 - [mailrise](https://github.com/YoRyan/mailrise): Self-hosted email marketing platform
@@ -101,13 +101,12 @@
 - [overseerr](https://hub.docker.com/r/linuxserver/overseerr): Request management and notification system for media content
 - [owncast](https://github.com/owncast/owncast): Self-hosted live video streaming server
 - [paperless-ngx](https://hub.docker.com/r/linuxserver/paperless-ngx): Document management system
-- [paperlessngx](https://hub.docker.com/r/linuxserver/paperless-ngx): 
 - [pgadmin](https://www.pgadmin.org/): Web-based postgresql administration tool
 - [photoprism](https://github.com/photoprism/photoprism): Personal photo management software
 - [phpmyadmin](https://hub.docker.com/r/phpmyadmin/phpmyadmin): Web-based mysql and mariadb database management tool
 - [pihole](https://github.com/pi-hole/docker-pi-hole/blob/master/README.md): Network-wide ad blocker and dns sinkhole
-- [pingvinshare](https://github.com/stautonico/pingvin-share): File-sharing platform
-- [playitdocker](https://github.com/mafen/playit-docker): Container for running playit live, a radio automation software
+- [pingvin-share](https://github.com/stautonico/pingvin-share): File-sharing platform
+- [playit-docker](https://github.com/mafen/playit-docker): Container for running playit live, a radio automation software
 - [plex](https://github.com/plexinc/pms-docker): Media server for streaming movies, tv shows, and music
 - [portainer-ee](https://github.com/portainer/portainer): Commercial version of portainer, a container management tool
 - [portainer](https://github.com/portainer/portainer): Lightweight container management ui
@@ -153,7 +152,6 @@
 - [syncthing](https://hub.docker.com/r/linuxserver/syncthing): Decentralized file synchronization tool
 - [tautulli](https://hub.docker.com/r/linuxserver/tautulli): Monitors plex usage and provides statistics
 - [tdarr](https://docs.tdarr.io/docs/installation/docker/run-compose): Media optimization and conversion tool
-- [traefik-cert-dumper](https://github.com/ldez/traefik-certs-dumper): Extracts ssl certificate information from websites
 - [transmission-vpn](https://hub.docker.com/r/haugene/transmission-openvpn): Bittorrent client with vpn support
 - [trilium](https://github.com/zadam/trilium): Personal knowledge management system
 - [truecommand](https://hub.docker.com/r/ixsystems/truecommand): Management tool for truenas

ansible/install-docker.yml

@@ -14,3 +14,64 @@
       - "{{ lookup('env','USER') }}"
   roles:
     - geerlingguy.docker
+
+  tasks:
+    # https://code.visualstudio.com/docs/setup/linux#_visual-studio-code-is-unable-to-watch-for-file-changes-in-this-large-workspace-error-enospc
+    - name: Set fs.inotify.max_user_watches
+      sysctl:
+        name: fs.inotify.max_user_watches
+        value: '524288'
+        sysctl_file: /etc/sysctl.conf
+
+    - name: Set net.core.somaxconn
+      sysctl:
+        name: net.core.somaxconn
+        value: '1024'
+        sysctl_file: /etc/sysctl.conf
+
+    - name: Set vm.max_map_count
+      sysctl:
+        name: vm.max_map_count
+        value: '262144'
+        sysctl_file: /etc/sysctl.conf
+
+    - name: Set vm.overcommit_memory
+      sysctl:
+        name: vm.overcommit_memory
+        value: '1'
+        sysctl_file: /etc/sysctl.conf
+
+    - name: Set vm.swappiness
+      sysctl:
+        name: vm.swappiness
+        value: '1'
+        sysctl_file: /etc/sysctl.conf
+
+    - name: Create disable-hugepages.service file
+      become: true
+      lineinfile:
+        path: /etc/systemd/system/disable-hugepages.service
+        line: |
+          [Unit]
+          Description="Disable Transparent Hugepage"
+          Before=docker.service
+          [Service]
+          Type=oneshot
+          ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
+          ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'
+          [Install]
+          RequiredBy=docker.service
+        create: yes
+        mode: '0644'
+
+    - name: Enable and start disable-hugepages.service
+      become: true
+      systemd:
+        name: disable-hugepages
+        enabled: true
+        state: started
+
+    - name: Reload systemd
+      become: true
+      systemd:
+        daemon_reload: true

make.d/install.mk

@@ -7,6 +7,12 @@ ACME_JSON_FILE := ./etc/traefik/letsencrypt/acme.json
 ACME_JSON_PERMS := 600
 export DEBIAN_FRONTEND = noninteractive
 
+
+# Silence absent and/or empty Ansible inventory warnings
+# https://stackoverflow.com/a/59940796/1973777
+export ANSIBLE_LOCALHOST_WARNING = False
+export ANSIBLE_INVENTORY_UNPARSED_WARNING = False
+
 ifneq ("$(wildcard $(ACME_JSON_FILE))","")
   BUILD_DEPENDENCIES += fix-acme-json-permissions
 endif
@@ -49,7 +55,12 @@ environments-enabled/onramp.env:
 	@python3 scripts/env-subst.py environments-available/onramp.template "ONRAMP"
 
 REPOS = rmescandon/yq ansible/ansible
-MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo)))
+MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo))) 
+
+# If it's not empty, add a value to it
+ifneq ($(strip $(MISSING_REPOS)),)
+    MISSING_REPOS += update-distro
+endif
 
 EXECUTABLES = git nano jq yq python3-pip yamllint python3-pathspec ansible 
 MISSING_PACKAGES := $(foreach exec,$(EXECUTABLES),$(if $(shell dpkg -s "$(exec)" &> /dev/null),,addpackage-$(exec)))
@@ -63,6 +74,11 @@ addrepo/%:
 addpackage-%: 
 	sudo apt install $* -y
 
+update-distro:
+	sudo apt update
+	sudo apt full-upgrade -y
+	sudo apt autoremove -y
+
 install-dependencies: .gitconfig $(MISSING_REPOS) $(MISSING_PACKAGES) 
 
 .gitconfig:

services-available/docker-registry.yml

@@ -0,0 +1,37 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+
+# description: <= put a brief description of docker-registry here =>
+# <================= add links to dockerhub or github repo here =================>
+# <================= add links to other related documentation here =================>
+
+services:
+  docker-registry:
+    image: registry:${DOCKER_REGISTRY_DOCKER_TAG:-2}
+    container_name: ${DOCKER_REGISTRY_CONTAINER_NAME:-docker-registry}
+    restart: ${DOCKER_REGISTRY_RESTART:-unless-stopped}
+    networks:
+      - traefik
+    volumes:
+      - ./media/docker-registry:/var/lib/registry
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - REGISTRY_STORAGE_DELETE_ENABLED=${DOCKER_REGISTRY_STORAGE_DELETE_ENABLED:-true}
+      - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=${DOCKER_REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY:-/var/lib/registry}
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+      - TZ=${TZ}
+    labels:
+      - joyride.host.name=${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN}
+      - traefik.enable=${DOCKER_REGISTRY_TRAEFIK_ENABLED:-true}
+      - traefik.http.routers.registry.entrypoints=websecure
+      - traefik.http.routers.registry.rule=Host(`${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN}`)
+      - traefik.http.services.registry.loadbalancer.server.port=5000
+      # https://bcrypt-generator.com/ Generate DOCKER_REGISTRY_AUTH_PASS - make sure you double up the $$ to escape them
+      - traefik.http.middlewares.auth.basicauth.users=${DOCKER_REGISTRY_AUTH_USER:-admin}:${DOCKER_REGISTRY_AUTH_PASS:-password}}
+      - com.centurylinklabs.watchtower.enable=${DOCKER_REGISTRY_WATCHTOWER_ENABLED:-true}
+      - autoheal=${DOCKER_REGISTRY_AUTOHEAL_ENABLED:-true}

services-available/dozzle-host.yml → services-available/dozzle.yml

@@ -8,7 +8,7 @@ networks:
 # https://github.com/amir20/dozzle
 
 services:
-  dozzle-host:
+  dozzle:
     image: amir20/dozzle:${DOZZLE_DOCKER_TAG:-latest}
     container_name: ${DOZZLE_CONTAINER_NAME:-dozzle}
     restart: ${DOZZLE_RESTART:-unless-stopped}

services-available/joyride.yml

@@ -13,7 +13,7 @@ version: '3'
 
 services:
   joyride:
-    image: ghcr.io/ilude/joyride:${JOYRIDE_DOCKER_TAG:-latest}
+    image: ghcr.io/traefikturkey/joyride:${JOYRIDE_DOCKER_TAG:-latest}
     container_name: ${JOYRIDE_CONTAINER_NAME:-joyride}
     restart: ${JOYRIDE_RESTART:-unless-stopped}
     environment:

services-available/kestra.yml

@@ -0,0 +1,38 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+
+# description: <= put a brief description of kestra here =>
+# https://github.com/kestra-io/kestra
+# https://github.com/kestra-io/kestra/blob/develop/docker-compose.yml
+# https://kestra.io/docs
+
+services:
+  kestra:
+    image: kestra/kestra:${KESTRA_DOCKER_TAG:-latest-full}
+    container_name: ${KESTRA_CONTAINER_NAME:-kestra}
+    restart: ${KESTRA_RESTART:-unless-stopped}
+    user: "${KESTRA_USER:-root}"
+    command: ${KESTRA_COMMAND:-server local}
+    networks:
+      - traefik
+    volumes:
+      - ./etc/kestra/storage:/app/storage
+      - /tmp/kestra-wd:/tmp
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      TZ: ${TZ}
+    ports:
+      - 4040:8080
+    labels:
+      - joyride.host.name=${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN}
+      - traefik.enable=true
+      - traefik.http.routers.kestra.entrypoints=websecure
+      - traefik.http.routers.kestra.rule=Host(`${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN}`)\
+      - traefik.http.services.kestra.loadbalancer.server.port=8080
+      - com.centurylinklabs.watchtower.enable=true
+      - autoheal=true