diff --git a/.githooks/pre-commit b/.githooks/pre-commit index a2ca2a83..fb519530 100755 --- a/.githooks/pre-commit +++ b/.githooks/pre-commit @@ -1,3 +1,3 @@ #!/bin/sh -echo "Running pre-commit hook yamllint..." +echo "Running pre-commit yamllint checks..." yamllint -c .yamllint . \ No newline at end of file diff --git a/.github/workflows/alert-mafenci.yml b/.github/workflow-archive/alert-mafenci.yml similarity index 100% rename from .github/workflows/alert-mafenci.yml rename to .github/workflow-archive/alert-mafenci.yml diff --git a/.github/workflows/alert-traefik-project.yml b/.github/workflow-archive/alert-traefik-project.yml similarity index 100% rename from .github/workflows/alert-traefik-project.yml rename to .github/workflow-archive/alert-traefik-project.yml diff --git a/.github/workflows/merge-upstream-master.yml b/.github/workflow-archive/merge-upstream-master.yml similarity index 100% rename from .github/workflows/merge-upstream-master.yml rename to .github/workflow-archive/merge-upstream-master.yml diff --git a/.templates/service.template b/.templates/service.template index 6deebc79..ebcd8e9e 100644 --- a/.templates/service.template +++ b/.templates/service.template @@ -25,10 +25,10 @@ services: - TZ=${TZ} labels: - joyride.host.name=${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN} - - traefik.enable=true + - traefik.enable=${${SERVICE_PASSED_UPCASED}_TRAEFIK_ENABLED:-true} - traefik.http.routers.${SERVICE_PASSED_DNCASED}.entrypoints=websecure - traefik.http.routers.${SERVICE_PASSED_DNCASED}.rule=Host(`${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN}`) #- traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.scheme=https # enable if the service wants to connect over https - traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.port=8096 - - com.centurylinklabs.watchtower.enable=true - - autoheal=true + - com.centurylinklabs.watchtower.enable=${${SERVICE_PASSED_UPCASED}_WATCHTOWER_ENABLED:-true} + - autoheal=${${SERVICE_PASSED_UPCASED}_AUTOHEAL_ENABLED:-true} diff --git a/Dockerfile.autokuma b/Dockerfile.autokuma deleted file mode 100755 index 4ff06cf5..00000000 --- a/Dockerfile.autokuma +++ /dev/null @@ -1,10 +0,0 @@ -FROM rust:1.75 as builder -WORKDIR /usr/src/autokuma -RUN cargo install --git https://github.com/BigBoot/AutoKuma.git kuma-cli -RUN cargo install --git https://github.com/BigBoot/AutoKuma.git autokuma - - -FROM debian:bookworm-slim -RUN apt-get update && apt-get install -y libssl3 && rm -rf /var/lib/apt/lists/* -COPY --from=builder /usr/local/cargo/bin/* /usr/local/bin -CMD ["autokuma"] \ No newline at end of file diff --git a/SERVICES.md b/SERVICES.md index f5e4d1e1..586960c6 100644 --- a/SERVICES.md +++ b/SERVICES.md @@ -1,5 +1,5 @@ # Available Services -175 services and counting... +173 services and counting... - [adguard](https://github.com/AdguardTeam/AdGuardHome): Network-wide ad blocker and privacy tool @@ -14,8 +14,9 @@ - [basaran](https://github.com/hyperonym/basaran): Container for running basaran, a web-based file manager - [bazarr](https://hub.docker.com/r/linuxserver/bazarr): Manages subtitles for media content - [cadvisor](https://hub.docker.com/r/google/cadvisor/): Collects and analyzes resource usage and performance characteristics of running containers +- [cert-dumper](https://github.com/ldez/traefik-certs-dumper): Extracts ssl certificate information from websites - [chromadb](https://github.com/chroma-core/chroma/): Chromecast database and controller -- [cloudflare-ddns](https://github.com/oznu/docker-cloudflare-ddns): +- [cloudflare-ddns](https://github.com/oznu/docker-cloudflare-ddns): Updates dns records on cloudflare dynamically - [cloudflare-tunnel-gui](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/): Provides a graphical interface for cloudflare tunnel - [cloudflare-tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/): Creates secure tunnels to expose local services - [code-server](https://github.com/coder/code-server): Runs visual studio code in a web browser @@ -27,8 +28,9 @@ - [dashdot](https://github.com/MauriceNino/dashdot): Dashboard for monitoring docker containers - [dashy](https://github.com/Lissy93/dashy): Customizable dashboard for displaying information - [docker-proxy](https://github.com/Tecnativa/docker-socket-proxy): Proxy for docker containers -- [dozzle-host](https://github.com/amir20/dozzle): Web-based docker container log viewer +- docker-registry: <= put a brief description of docker-registry here => - [dozzle-path](https://github.com/amir20/dozzle): Path-based reverse proxy for dozzle +- [dozzle](https://github.com/amir20/dozzle): Web-based docker container log viewer - [droneci](https://github.com/harness/drone): Continuous integration and delivery platform - [duplicati](https://www.duplicati.com/): Backs up files and folders to various storage destinations - [excalidraw](https://excalidraw.com/): Collaborative whiteboard tool @@ -60,19 +62,17 @@ - [influxdb](https://hub.docker.com/_/influxdb): Time-series database for metrics and events - [itflow](https://itflow.org/): Workflow automation tool - [jellyfin](https://hub.docker.com/r/linuxserver/jellyfin): Media server for streaming content -- [jellyseer](https://github.com/Fallenbagel/jellyseerr/tree/develop): - [jellyseerr](https://github.com/Fallenbagel/jellyseerr/tree/develop): Container for running jellyseerr, a torrent indexer - [joplin](https://joplinapp.org/): Note-taking and to-do app -- [joyride-host](https://github.com/ilude/joyride): Container for running joyride, a web-based dashboard - [joyride](https://github.com/ilude/joyride): Web-based dashboard for monitoring services - [kaizoku](https://github.com/oae/kaizoku): Web-based anime downloader - [kasm](https://hub.docker.com/r/linuxserver/kasm): Browser-based access to desktops, applications, and web services +- [kestra](https://github.com/kestra-io/kestra): <= put a brief description of kestra here => - [kimai](https://github.com/tobybatch/kimai2): Time-tracking software for freelancers and small businesses - [komga](https://komga.org/docs/installation/docker/): Web-based comic book server - [librespeed](https://hub.docker.com/r/linuxserver/librespeed): Self-hosted internet speed test tool - [lidarr](https://hub.docker.com/r/linuxserver/lidarr): Manages music collections and downloads - [linkding](https://github.com/sissbruecker/linkding): Self-hosted bookmark manager -- [loki](https://grafana.com/docs/loki/latest/installation/docker/): - [lychee](https://github.com/LycheeOrg/Lychee-Docker): Photo management and sharing platform - [mailhog](https://github.com/mailhog/MailHog): Mail testing tool for developers - [mailrise](https://github.com/YoRyan/mailrise): Self-hosted email marketing platform @@ -101,13 +101,12 @@ - [overseerr](https://hub.docker.com/r/linuxserver/overseerr): Request management and notification system for media content - [owncast](https://github.com/owncast/owncast): Self-hosted live video streaming server - [paperless-ngx](https://hub.docker.com/r/linuxserver/paperless-ngx): Document management system -- [paperlessngx](https://hub.docker.com/r/linuxserver/paperless-ngx): - [pgadmin](https://www.pgadmin.org/): Web-based postgresql administration tool - [photoprism](https://github.com/photoprism/photoprism): Personal photo management software - [phpmyadmin](https://hub.docker.com/r/phpmyadmin/phpmyadmin): Web-based mysql and mariadb database management tool - [pihole](https://github.com/pi-hole/docker-pi-hole/blob/master/README.md): Network-wide ad blocker and dns sinkhole -- [pingvinshare](https://github.com/stautonico/pingvin-share): File-sharing platform -- [playitdocker](https://github.com/mafen/playit-docker): Container for running playit live, a radio automation software +- [pingvin-share](https://github.com/stautonico/pingvin-share): File-sharing platform +- [playit-docker](https://github.com/mafen/playit-docker): Container for running playit live, a radio automation software - [plex](https://github.com/plexinc/pms-docker): Media server for streaming movies, tv shows, and music - [portainer-ee](https://github.com/portainer/portainer): Commercial version of portainer, a container management tool - [portainer](https://github.com/portainer/portainer): Lightweight container management ui @@ -153,7 +152,6 @@ - [syncthing](https://hub.docker.com/r/linuxserver/syncthing): Decentralized file synchronization tool - [tautulli](https://hub.docker.com/r/linuxserver/tautulli): Monitors plex usage and provides statistics - [tdarr](https://docs.tdarr.io/docs/installation/docker/run-compose): Media optimization and conversion tool -- [traefik-cert-dumper](https://github.com/ldez/traefik-certs-dumper): Extracts ssl certificate information from websites - [transmission-vpn](https://hub.docker.com/r/haugene/transmission-openvpn): Bittorrent client with vpn support - [trilium](https://github.com/zadam/trilium): Personal knowledge management system - [truecommand](https://hub.docker.com/r/ixsystems/truecommand): Management tool for truenas diff --git a/ansible/install-docker.yml b/ansible/install-docker.yml index 0ce83f5a..84798774 100644 --- a/ansible/install-docker.yml +++ b/ansible/install-docker.yml @@ -14,3 +14,64 @@ - "{{ lookup('env','USER') }}" roles: - geerlingguy.docker + + tasks: + # https://code.visualstudio.com/docs/setup/linux#_visual-studio-code-is-unable-to-watch-for-file-changes-in-this-large-workspace-error-enospc + - name: Set fs.inotify.max_user_watches + sysctl: + name: fs.inotify.max_user_watches + value: '524288' + sysctl_file: /etc/sysctl.conf + + - name: Set net.core.somaxconn + sysctl: + name: net.core.somaxconn + value: '1024' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.max_map_count + sysctl: + name: vm.max_map_count + value: '262144' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.overcommit_memory + sysctl: + name: vm.overcommit_memory + value: '1' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.swappiness + sysctl: + name: vm.swappiness + value: '1' + sysctl_file: /etc/sysctl.conf + + - name: Create disable-hugepages.service file + become: true + lineinfile: + path: /etc/systemd/system/disable-hugepages.service + line: | + [Unit] + Description="Disable Transparent Hugepage" + Before=docker.service + [Service] + Type=oneshot + ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' + ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' + [Install] + RequiredBy=docker.service + create: yes + mode: '0644' + + - name: Enable and start disable-hugepages.service + become: true + systemd: + name: disable-hugepages + enabled: true + state: started + + - name: Reload systemd + become: true + systemd: + daemon_reload: true \ No newline at end of file diff --git a/make.d/install.mk b/make.d/install.mk index e52c1454..be6e2672 100644 --- a/make.d/install.mk +++ b/make.d/install.mk @@ -7,6 +7,12 @@ ACME_JSON_FILE := ./etc/traefik/letsencrypt/acme.json ACME_JSON_PERMS := 600 export DEBIAN_FRONTEND = noninteractive + +# Silence absent and/or empty Ansible inventory warnings +# https://stackoverflow.com/a/59940796/1973777 +export ANSIBLE_LOCALHOST_WARNING = False +export ANSIBLE_INVENTORY_UNPARSED_WARNING = False + ifneq ("$(wildcard $(ACME_JSON_FILE))","") BUILD_DEPENDENCIES += fix-acme-json-permissions endif @@ -49,7 +55,12 @@ environments-enabled/onramp.env: @python3 scripts/env-subst.py environments-available/onramp.template "ONRAMP" REPOS = rmescandon/yq ansible/ansible -MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo))) +MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo))) + +# If it's not empty, add a value to it +ifneq ($(strip $(MISSING_REPOS)),) + MISSING_REPOS += update-distro +endif EXECUTABLES = git nano jq yq python3-pip yamllint python3-pathspec ansible MISSING_PACKAGES := $(foreach exec,$(EXECUTABLES),$(if $(shell dpkg -s "$(exec)" &> /dev/null),,addpackage-$(exec))) @@ -63,6 +74,11 @@ addrepo/%: addpackage-%: sudo apt install $* -y +update-distro: + sudo apt update + sudo apt full-upgrade -y + sudo apt autoremove -y + install-dependencies: .gitconfig $(MISSING_REPOS) $(MISSING_PACKAGES) .gitconfig: diff --git a/services-available/docker-registry.yml b/services-available/docker-registry.yml new file mode 100644 index 00000000..cb86c81e --- /dev/null +++ b/services-available/docker-registry.yml @@ -0,0 +1,37 @@ +version: '3' + +networks: + traefik: + external: true + +# description: <= put a brief description of docker-registry here => +# <================= add links to dockerhub or github repo here =================> +# <================= add links to other related documentation here =================> + +services: + docker-registry: + image: registry:${DOCKER_REGISTRY_DOCKER_TAG:-2} + container_name: ${DOCKER_REGISTRY_CONTAINER_NAME:-docker-registry} + restart: ${DOCKER_REGISTRY_RESTART:-unless-stopped} + networks: + - traefik + volumes: + - ./media/docker-registry:/var/lib/registry + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + - REGISTRY_STORAGE_DELETE_ENABLED=${DOCKER_REGISTRY_STORAGE_DELETE_ENABLED:-true} + - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=${DOCKER_REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY:-/var/lib/registry} + - PUID=${PUID:-1000} + - PGID=${PGID:-1000} + - TZ=${TZ} + labels: + - joyride.host.name=${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN} + - traefik.enable=${DOCKER_REGISTRY_TRAEFIK_ENABLED:-true} + - traefik.http.routers.registry.entrypoints=websecure + - traefik.http.routers.registry.rule=Host(`${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN}`) + - traefik.http.services.registry.loadbalancer.server.port=5000 + # https://bcrypt-generator.com/ Generate DOCKER_REGISTRY_AUTH_PASS - make sure you double up the $$ to escape them + - traefik.http.middlewares.auth.basicauth.users=${DOCKER_REGISTRY_AUTH_USER:-admin}:${DOCKER_REGISTRY_AUTH_PASS:-password}} + - com.centurylinklabs.watchtower.enable=${DOCKER_REGISTRY_WATCHTOWER_ENABLED:-true} + - autoheal=${DOCKER_REGISTRY_AUTOHEAL_ENABLED:-true} diff --git a/services-available/dozzle-host.yml b/services-available/dozzle.yml similarity index 98% rename from services-available/dozzle-host.yml rename to services-available/dozzle.yml index 984e8e70..ba9cddd0 100644 --- a/services-available/dozzle-host.yml +++ b/services-available/dozzle.yml @@ -8,7 +8,7 @@ networks: # https://github.com/amir20/dozzle services: - dozzle-host: + dozzle: image: amir20/dozzle:${DOZZLE_DOCKER_TAG:-latest} container_name: ${DOZZLE_CONTAINER_NAME:-dozzle} restart: ${DOZZLE_RESTART:-unless-stopped} diff --git a/services-available/joyride-host.yml b/services-available/joyride-host.yml deleted file mode 100644 index 13045e4c..00000000 --- a/services-available/joyride-host.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '3' - -# description: Container for running joyride, a web-based dashboard -# https://github.com/ilude/joyride -# use this if combined with pihole - -services: - joyride-host: - image: ghcr.io/ilude/joyride:${JOYRIDE_HOST_DOCKER_TAG:-latest} - container_name: ${JOYRIDE_HOST_CONTAINER_NAME:-joyride} - restart: unless-stopped - network_mode: "host" - environment: - - HOSTIP=${HOSTIP} - # ports: - # - 54:54/udp - volumes: - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - labels: - - traefik.enable=false diff --git a/services-available/joyride.yml b/services-available/joyride.yml index 23c85b2c..2caeffa0 100644 --- a/services-available/joyride.yml +++ b/services-available/joyride.yml @@ -13,7 +13,7 @@ version: '3' services: joyride: - image: ghcr.io/ilude/joyride:${JOYRIDE_DOCKER_TAG:-latest} + image: ghcr.io/traefikturkey/joyride:${JOYRIDE_DOCKER_TAG:-latest} container_name: ${JOYRIDE_CONTAINER_NAME:-joyride} restart: ${JOYRIDE_RESTART:-unless-stopped} environment: diff --git a/services-available/kestra.yml b/services-available/kestra.yml new file mode 100644 index 00000000..d779aee0 --- /dev/null +++ b/services-available/kestra.yml @@ -0,0 +1,38 @@ +version: '3' + +networks: + traefik: + external: true + +# description: <= put a brief description of kestra here => +# https://github.com/kestra-io/kestra +# https://github.com/kestra-io/kestra/blob/develop/docker-compose.yml +# https://kestra.io/docs + +services: + kestra: + image: kestra/kestra:${KESTRA_DOCKER_TAG:-latest-full} + container_name: ${KESTRA_CONTAINER_NAME:-kestra} + restart: ${KESTRA_RESTART:-unless-stopped} + user: "${KESTRA_USER:-root}" + command: ${KESTRA_COMMAND:-server local} + networks: + - traefik + volumes: + - ./etc/kestra/storage:/app/storage + - /tmp/kestra-wd:/tmp + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock + environment: + TZ: ${TZ} + ports: + - 4040:8080 + labels: + - joyride.host.name=${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN} + - traefik.enable=true + - traefik.http.routers.kestra.entrypoints=websecure + - traefik.http.routers.kestra.rule=Host(`${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN}`)\ + - traefik.http.services.kestra.loadbalancer.server.port=8080 + - com.centurylinklabs.watchtower.enable=true + - autoheal=true