From 1c5350065588a047652b0cb8c99d955add453361 Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 00:12:19 +0000 Subject: [PATCH 01/12] disable mafenbot :-( --- .github/{workflows => workflow-archive}/alert-mafenci.yml | 0 .github/{workflows => workflow-archive}/alert-traefik-project.yml | 0 .github/{workflows => workflow-archive}/merge-upstream-master.yml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename .github/{workflows => workflow-archive}/alert-mafenci.yml (100%) rename .github/{workflows => workflow-archive}/alert-traefik-project.yml (100%) rename .github/{workflows => workflow-archive}/merge-upstream-master.yml (100%) diff --git a/.github/workflows/alert-mafenci.yml b/.github/workflow-archive/alert-mafenci.yml similarity index 100% rename from .github/workflows/alert-mafenci.yml rename to .github/workflow-archive/alert-mafenci.yml diff --git a/.github/workflows/alert-traefik-project.yml b/.github/workflow-archive/alert-traefik-project.yml similarity index 100% rename from .github/workflows/alert-traefik-project.yml rename to .github/workflow-archive/alert-traefik-project.yml diff --git a/.github/workflows/merge-upstream-master.yml b/.github/workflow-archive/merge-upstream-master.yml similarity index 100% rename from .github/workflows/merge-upstream-master.yml rename to .github/workflow-archive/merge-upstream-master.yml From 485fe20cb3e9203f0285397407eab2412b685c4a Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 00:14:35 +0000 Subject: [PATCH 02/12] cleanup --- Dockerfile.autokuma | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100755 Dockerfile.autokuma diff --git a/Dockerfile.autokuma b/Dockerfile.autokuma deleted file mode 100755 index 4ff06cf5..00000000 --- a/Dockerfile.autokuma +++ /dev/null @@ -1,10 +0,0 @@ -FROM rust:1.75 as builder -WORKDIR /usr/src/autokuma -RUN cargo install --git https://github.com/BigBoot/AutoKuma.git kuma-cli -RUN cargo install --git https://github.com/BigBoot/AutoKuma.git autokuma - - -FROM debian:bookworm-slim -RUN apt-get update && apt-get install -y libssl3 && rm -rf /var/lib/apt/lists/* -COPY --from=builder /usr/local/cargo/bin/* /usr/local/bin -CMD ["autokuma"] \ No newline at end of file From 7fbf4ec89fd18153f191b2af8ea249d2c23faaf2 Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 15:31:45 +0000 Subject: [PATCH 03/12] update install-docker playbook and ansible configuration --- ansible/install-docker.yml | 61 ++++++++++++++++++++++++++++++++++++++ make.d/install.mk | 9 ++++++ 2 files changed, 70 insertions(+) diff --git a/ansible/install-docker.yml b/ansible/install-docker.yml index 0ce83f5a..84798774 100644 --- a/ansible/install-docker.yml +++ b/ansible/install-docker.yml @@ -14,3 +14,64 @@ - "{{ lookup('env','USER') }}" roles: - geerlingguy.docker + + tasks: + # https://code.visualstudio.com/docs/setup/linux#_visual-studio-code-is-unable-to-watch-for-file-changes-in-this-large-workspace-error-enospc + - name: Set fs.inotify.max_user_watches + sysctl: + name: fs.inotify.max_user_watches + value: '524288' + sysctl_file: /etc/sysctl.conf + + - name: Set net.core.somaxconn + sysctl: + name: net.core.somaxconn + value: '1024' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.max_map_count + sysctl: + name: vm.max_map_count + value: '262144' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.overcommit_memory + sysctl: + name: vm.overcommit_memory + value: '1' + sysctl_file: /etc/sysctl.conf + + - name: Set vm.swappiness + sysctl: + name: vm.swappiness + value: '1' + sysctl_file: /etc/sysctl.conf + + - name: Create disable-hugepages.service file + become: true + lineinfile: + path: /etc/systemd/system/disable-hugepages.service + line: | + [Unit] + Description="Disable Transparent Hugepage" + Before=docker.service + [Service] + Type=oneshot + ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' + ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' + [Install] + RequiredBy=docker.service + create: yes + mode: '0644' + + - name: Enable and start disable-hugepages.service + become: true + systemd: + name: disable-hugepages + enabled: true + state: started + + - name: Reload systemd + become: true + systemd: + daemon_reload: true \ No newline at end of file diff --git a/make.d/install.mk b/make.d/install.mk index 6819b68e..75205a7d 100644 --- a/make.d/install.mk +++ b/make.d/install.mk @@ -7,6 +7,12 @@ ACME_JSON_FILE := ./etc/traefik/letsencrypt/acme.json ACME_JSON_PERMS := 600 export DEBIAN_FRONTEND = noninteractive + +# Silence absent and/or empty Ansible inventory warnings +# https://stackoverflow.com/a/59940796/1973777 +export ANSIBLE_LOCALHOST_WARNING = False +export ANSIBLE_INVENTORY_UNPARSED_WARNING = False + ifneq ("$(wildcard $(ACME_JSON_FILE))","") BUILD_DEPENDENCIES += fix-acme-json-permissions endif @@ -43,6 +49,9 @@ addpackage-%: sudo apt install $* -y install-dependencies: .gitconfig $(MISSING_REPOS) $(MISSING_PACKAGES) + sudo apt update + sudo apt full-upgrade -y + sudo apt autoremove -y .gitconfig: git config -f .gitconfig core.hooksPath .githooks From 9eb58c8d54818ad5d271dd95b03ee71aeaa94c10 Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 15:46:48 +0000 Subject: [PATCH 04/12] fix messaging --- .githooks/pre-commit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.githooks/pre-commit b/.githooks/pre-commit index a2ca2a83..fb519530 100755 --- a/.githooks/pre-commit +++ b/.githooks/pre-commit @@ -1,3 +1,3 @@ #!/bin/sh -echo "Running pre-commit hook yamllint..." +echo "Running pre-commit yamllint checks..." yamllint -c .yamllint . \ No newline at end of file From 1c51a7420ba51568cfd8e5cdb0576c1ebdd371a1 Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 18:46:37 +0000 Subject: [PATCH 05/12] tweak updating to only run when a new repo is added --- make.d/install.mk | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/make.d/install.mk b/make.d/install.mk index 75205a7d..34f5b030 100644 --- a/make.d/install.mk +++ b/make.d/install.mk @@ -34,7 +34,12 @@ install: build install-docker $(EDITOR) .env REPOS = rmescandon/yq ansible/ansible -MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo))) +MISSING_REPOS := $(foreach repo,$(REPOS),$(if $(shell apt-cache policy | grep $(repo)),,addrepo/$(repo))) + +# If it's not empty, add a value to it +ifneq ($(strip $(MISSING_REPOS)),) + MISSING_REPOS += update-distro +endif EXECUTABLES = git nano jq yq python3-pip yamllint python3-pathspec ansible MISSING_PACKAGES := $(foreach exec,$(EXECUTABLES),$(if $(shell dpkg -s "$(exec)" &> /dev/null),,addpackage-$(exec))) @@ -48,11 +53,13 @@ addrepo/%: addpackage-%: sudo apt install $* -y -install-dependencies: .gitconfig $(MISSING_REPOS) $(MISSING_PACKAGES) +update-distro: sudo apt update sudo apt full-upgrade -y sudo apt autoremove -y +install-dependencies: .gitconfig $(MISSING_REPOS) $(MISSING_PACKAGES) + .gitconfig: git config -f .gitconfig core.hooksPath .githooks git config --local include.path $(shell pwd)/.gitconfig From b810ed068b33138f41739124e445dd085ed3994c Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 18:47:23 +0000 Subject: [PATCH 06/12] add kestra, still needs work only works using mapped port 4040, not working behind traefik --- services-available/kestra.yml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 services-available/kestra.yml diff --git a/services-available/kestra.yml b/services-available/kestra.yml new file mode 100644 index 00000000..d779aee0 --- /dev/null +++ b/services-available/kestra.yml @@ -0,0 +1,38 @@ +version: '3' + +networks: + traefik: + external: true + +# description: <= put a brief description of kestra here => +# https://github.com/kestra-io/kestra +# https://github.com/kestra-io/kestra/blob/develop/docker-compose.yml +# https://kestra.io/docs + +services: + kestra: + image: kestra/kestra:${KESTRA_DOCKER_TAG:-latest-full} + container_name: ${KESTRA_CONTAINER_NAME:-kestra} + restart: ${KESTRA_RESTART:-unless-stopped} + user: "${KESTRA_USER:-root}" + command: ${KESTRA_COMMAND:-server local} + networks: + - traefik + volumes: + - ./etc/kestra/storage:/app/storage + - /tmp/kestra-wd:/tmp + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock + environment: + TZ: ${TZ} + ports: + - 4040:8080 + labels: + - joyride.host.name=${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN} + - traefik.enable=true + - traefik.http.routers.kestra.entrypoints=websecure + - traefik.http.routers.kestra.rule=Host(`${KESTRA_CONTAINER_NAME:-kestra}.${HOST_DOMAIN}`)\ + - traefik.http.services.kestra.loadbalancer.server.port=8080 + - com.centurylinklabs.watchtower.enable=true + - autoheal=true From 756dea99e8c29b2e315e8980c915d86cc2ec73cc Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 26 Mar 2024 18:47:47 +0000 Subject: [PATCH 07/12] Update services.md --- SERVICES.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SERVICES.md b/SERVICES.md index 2cbdcdd4..54fb4ddb 100644 --- a/SERVICES.md +++ b/SERVICES.md @@ -1,5 +1,5 @@ # Available Services -172 services and counting... +173 services and counting... - [adguard](https://github.com/AdguardTeam/AdGuardHome): Network-wide ad blocker and privacy tool @@ -67,6 +67,7 @@ - [joyride](https://github.com/ilude/joyride): Web-based dashboard for monitoring services - [kaizoku](https://github.com/oae/kaizoku): Web-based anime downloader - [kasm](https://hub.docker.com/r/linuxserver/kasm): Browser-based access to desktops, applications, and web services +- [kestra](https://github.com/kestra-io/kestra): <= put a brief description of kestra here => - [kimai](https://github.com/tobybatch/kimai2): Time-tracking software for freelancers and small businesses - [komga](https://komga.org/docs/installation/docker/): Web-based comic book server - [librespeed](https://hub.docker.com/r/linuxserver/librespeed): Self-hosted internet speed test tool From 29d722d3052b45668796f7b8aef774e9b5b8c70c Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 20:19:15 +0000 Subject: [PATCH 08/12] change dozzle-host to just dozzle --- services-available/{dozzle-host.yml => dozzle.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename services-available/{dozzle-host.yml => dozzle.yml} (98%) diff --git a/services-available/dozzle-host.yml b/services-available/dozzle.yml similarity index 98% rename from services-available/dozzle-host.yml rename to services-available/dozzle.yml index 984e8e70..ba9cddd0 100644 --- a/services-available/dozzle-host.yml +++ b/services-available/dozzle.yml @@ -8,7 +8,7 @@ networks: # https://github.com/amir20/dozzle services: - dozzle-host: + dozzle: image: amir20/dozzle:${DOZZLE_DOCKER_TAG:-latest} container_name: ${DOZZLE_CONTAINER_NAME:-dozzle} restart: ${DOZZLE_RESTART:-unless-stopped} From d8267aaa0a61a266f1bc4b590512610de960f4b2 Mon Sep 17 00:00:00 2001 From: mike Date: Tue, 26 Mar 2024 20:23:53 +0000 Subject: [PATCH 09/12] update joyride to point at traefikturkey images --- services-available/joyride-host.yml | 22 ---------------------- services-available/joyride.yml | 2 +- 2 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 services-available/joyride-host.yml diff --git a/services-available/joyride-host.yml b/services-available/joyride-host.yml deleted file mode 100644 index 7fb0b518..00000000 --- a/services-available/joyride-host.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '3' - -# description: Container for running joyride, a web-based dashboard -# https://github.com/ilude/joyride -# use this if combined with pihole - -services: - joyride-host: - image: ghcr.io/ilude/joyride:${JOYRIDE_DOCKER_TAG:-latest} - container_name: ${JOYRIDE_CONTAINER_NAME:-joyride} - restart: unless-stopped - network_mode: "host" - environment: - - HOSTIP=${HOSTIP} - # ports: - # - 54:54/udp - volumes: - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - labels: - - traefik.enable=false diff --git a/services-available/joyride.yml b/services-available/joyride.yml index 23c85b2c..2caeffa0 100644 --- a/services-available/joyride.yml +++ b/services-available/joyride.yml @@ -13,7 +13,7 @@ version: '3' services: joyride: - image: ghcr.io/ilude/joyride:${JOYRIDE_DOCKER_TAG:-latest} + image: ghcr.io/traefikturkey/joyride:${JOYRIDE_DOCKER_TAG:-latest} container_name: ${JOYRIDE_CONTAINER_NAME:-joyride} restart: ${JOYRIDE_RESTART:-unless-stopped} environment: From ab1512e8968d690d6766a2a6754daf5e8a063202 Mon Sep 17 00:00:00 2001 From: mike Date: Thu, 28 Mar 2024 23:08:40 +0000 Subject: [PATCH 10/12] update template --- .templates/service.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.templates/service.template b/.templates/service.template index 6deebc79..ebcd8e9e 100644 --- a/.templates/service.template +++ b/.templates/service.template @@ -25,10 +25,10 @@ services: - TZ=${TZ} labels: - joyride.host.name=${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN} - - traefik.enable=true + - traefik.enable=${${SERVICE_PASSED_UPCASED}_TRAEFIK_ENABLED:-true} - traefik.http.routers.${SERVICE_PASSED_DNCASED}.entrypoints=websecure - traefik.http.routers.${SERVICE_PASSED_DNCASED}.rule=Host(`${${SERVICE_PASSED_UPCASED}_CONTAINER_NAME:-${SERVICE_PASSED_DNCASED}}.${HOST_DOMAIN}`) #- traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.scheme=https # enable if the service wants to connect over https - traefik.http.services.${SERVICE_PASSED_DNCASED}.loadbalancer.server.port=8096 - - com.centurylinklabs.watchtower.enable=true - - autoheal=true + - com.centurylinklabs.watchtower.enable=${${SERVICE_PASSED_UPCASED}_WATCHTOWER_ENABLED:-true} + - autoheal=${${SERVICE_PASSED_UPCASED}_AUTOHEAL_ENABLED:-true} From edffa50efbab8bd8241d0cd9354b6756d9e7b410 Mon Sep 17 00:00:00 2001 From: mike Date: Thu, 28 Mar 2024 23:28:47 +0000 Subject: [PATCH 11/12] yolo docker-registry for @blade --- services-available/docker-registry.yml | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 services-available/docker-registry.yml diff --git a/services-available/docker-registry.yml b/services-available/docker-registry.yml new file mode 100644 index 00000000..cb86c81e --- /dev/null +++ b/services-available/docker-registry.yml @@ -0,0 +1,37 @@ +version: '3' + +networks: + traefik: + external: true + +# description: <= put a brief description of docker-registry here => +# <================= add links to dockerhub or github repo here =================> +# <================= add links to other related documentation here =================> + +services: + docker-registry: + image: registry:${DOCKER_REGISTRY_DOCKER_TAG:-2} + container_name: ${DOCKER_REGISTRY_CONTAINER_NAME:-docker-registry} + restart: ${DOCKER_REGISTRY_RESTART:-unless-stopped} + networks: + - traefik + volumes: + - ./media/docker-registry:/var/lib/registry + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + - REGISTRY_STORAGE_DELETE_ENABLED=${DOCKER_REGISTRY_STORAGE_DELETE_ENABLED:-true} + - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=${DOCKER_REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY:-/var/lib/registry} + - PUID=${PUID:-1000} + - PGID=${PGID:-1000} + - TZ=${TZ} + labels: + - joyride.host.name=${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN} + - traefik.enable=${DOCKER_REGISTRY_TRAEFIK_ENABLED:-true} + - traefik.http.routers.registry.entrypoints=websecure + - traefik.http.routers.registry.rule=Host(`${DOCKER_REGISTRY_CONTAINER_NAME:-registry}.${HOST_DOMAIN}`) + - traefik.http.services.registry.loadbalancer.server.port=5000 + # https://bcrypt-generator.com/ Generate DOCKER_REGISTRY_AUTH_PASS - make sure you double up the $$ to escape them + - traefik.http.middlewares.auth.basicauth.users=${DOCKER_REGISTRY_AUTH_USER:-admin}:${DOCKER_REGISTRY_AUTH_PASS:-password}} + - com.centurylinklabs.watchtower.enable=${DOCKER_REGISTRY_WATCHTOWER_ENABLED:-true} + - autoheal=${DOCKER_REGISTRY_AUTOHEAL_ENABLED:-true} From 1c123822076e8d27208951774180388ef6a70b5c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 28 Mar 2024 23:29:11 +0000 Subject: [PATCH 12/12] Update services.md --- SERVICES.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SERVICES.md b/SERVICES.md index 54fb4ddb..586960c6 100644 --- a/SERVICES.md +++ b/SERVICES.md @@ -28,8 +28,9 @@ - [dashdot](https://github.com/MauriceNino/dashdot): Dashboard for monitoring docker containers - [dashy](https://github.com/Lissy93/dashy): Customizable dashboard for displaying information - [docker-proxy](https://github.com/Tecnativa/docker-socket-proxy): Proxy for docker containers -- [dozzle-host](https://github.com/amir20/dozzle): Web-based docker container log viewer +- docker-registry: <= put a brief description of docker-registry here => - [dozzle-path](https://github.com/amir20/dozzle): Path-based reverse proxy for dozzle +- [dozzle](https://github.com/amir20/dozzle): Web-based docker container log viewer - [droneci](https://github.com/harness/drone): Continuous integration and delivery platform - [duplicati](https://www.duplicati.com/): Backs up files and folders to various storage destinations - [excalidraw](https://excalidraw.com/): Collaborative whiteboard tool @@ -63,7 +64,6 @@ - [jellyfin](https://hub.docker.com/r/linuxserver/jellyfin): Media server for streaming content - [jellyseerr](https://github.com/Fallenbagel/jellyseerr/tree/develop): Container for running jellyseerr, a torrent indexer - [joplin](https://joplinapp.org/): Note-taking and to-do app -- [joyride-host](https://github.com/ilude/joyride): Container for running joyride, a web-based dashboard - [joyride](https://github.com/ilude/joyride): Web-based dashboard for monitoring services - [kaizoku](https://github.com/oae/kaizoku): Web-based anime downloader - [kasm](https://hub.docker.com/r/linuxserver/kasm): Browser-based access to desktops, applications, and web services