From 41470ced845fd81fa05512d99efa140a741af84d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=84riks=20K?= Date: Fri, 8 Jul 2022 22:17:49 +0300 Subject: [PATCH] Configuration changes --- README.md | 7 +- compose/{cloud => nextcloud}/Dockerfile | 0 .../{cloud => nextcloud}/entry_uid_change.sh | 0 compose/{cloud => nextcloud}/supervisord.conf | 0 compose/nginx/conf/nginx.conf | 3 +- .../sites-enabled}/100-default.conf | 0 compose/nginx/site-configs/110-registry.conf | 55 ------- compose/nginx/site-configs/200-static.conf | 46 ------ compose/nginx/site-configs/210-flask.conf | 40 ----- compose/nginx/site-configs/220-django.conf | 39 ----- compose/nginx/site-configs/300-qbit.conf | 31 ---- compose/nginx/site-configs/310-cloud.conf | 141 ------------------ compose/nginx/site-configs/320-secret.conf | 28 ---- compose/nginx/site-configs/330-gitea.conf | 28 ---- .../00-init-users-db.sh.example | 12 +- default.env | 9 +- default.env_certbot | 1 + default.env_cloud => default.env_nextcloud | 0 docker-compose.yaml | 50 +++---- 19 files changed, 38 insertions(+), 452 deletions(-) rename compose/{cloud => nextcloud}/Dockerfile (100%) rename compose/{cloud => nextcloud}/entry_uid_change.sh (100%) rename compose/{cloud => nextcloud}/supervisord.conf (100%) rename compose/nginx/{site-configs => conf/sites-enabled}/100-default.conf (100%) delete mode 100644 compose/nginx/site-configs/110-registry.conf delete mode 100644 compose/nginx/site-configs/200-static.conf delete mode 100644 compose/nginx/site-configs/210-flask.conf delete mode 100644 compose/nginx/site-configs/220-django.conf delete mode 100644 compose/nginx/site-configs/300-qbit.conf delete mode 100644 compose/nginx/site-configs/310-cloud.conf delete mode 100644 compose/nginx/site-configs/320-secret.conf delete mode 100644 compose/nginx/site-configs/330-gitea.conf rename default.env_cloud => default.env_nextcloud (100%) diff --git a/README.md b/README.md index ed5df3e..55e6d32 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,6 @@ - **registry** - Privately hosted DockerRegistry (must generate `compose/nginx/conf/registry.htpasswd` - **gitea** - Privately hosted Git server -- **default\_web\_app** - primitive Flask app to serve default nginx tempalte html and display request information at `/req` or `/json` endpoints +- **default\_web\_app** - primitive Flask app to serve default nginx template html and display request information at `/req` or `/json` endpoints -- **vardadienas** - private Flask app to generate and download customisable Latvian nameday calendar `.ics` -- **datne** - private Flask app for on-disk file browsing through WebUI -- **fuelkeeper** - private Django app -- **books** - private Django app +- **vardadienas** - Flask app to generate and download customisable Latvian nameday calendar `.ics` diff --git a/compose/cloud/Dockerfile b/compose/nextcloud/Dockerfile similarity index 100% rename from compose/cloud/Dockerfile rename to compose/nextcloud/Dockerfile diff --git a/compose/cloud/entry_uid_change.sh b/compose/nextcloud/entry_uid_change.sh similarity index 100% rename from compose/cloud/entry_uid_change.sh rename to compose/nextcloud/entry_uid_change.sh diff --git a/compose/cloud/supervisord.conf b/compose/nextcloud/supervisord.conf similarity index 100% rename from compose/cloud/supervisord.conf rename to compose/nextcloud/supervisord.conf diff --git a/compose/nginx/conf/nginx.conf b/compose/nginx/conf/nginx.conf index b2cd543..785af54 100644 --- a/compose/nginx/conf/nginx.conf +++ b/compose/nginx/conf/nginx.conf @@ -42,8 +42,7 @@ http { geo $local_ips { default 0; 10.1.1.0/24 1; - 83.243.93.200/32 1; } - include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enables/*.conf; } diff --git a/compose/nginx/site-configs/100-default.conf b/compose/nginx/conf/sites-enabled/100-default.conf similarity index 100% rename from compose/nginx/site-configs/100-default.conf rename to compose/nginx/conf/sites-enabled/100-default.conf diff --git a/compose/nginx/site-configs/110-registry.conf b/compose/nginx/site-configs/110-registry.conf deleted file mode 100644 index d500e00..0000000 --- a/compose/nginx/site-configs/110-registry.conf +++ /dev/null @@ -1,55 +0,0 @@ -upstream docker-registry { - server registry:5000; -} - -map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { - '' 'registry/2.0'; -} - -server { - listen 80; - server_name registry.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name registry.example.com; - - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - #include /etc/nginx/proxy_params; - - add_header Strict-Transport-Security max-age=31536000 always; - - ssl_certificate /etc/letsencrypt/live/registry.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/registry.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location /v2/ { - # Do not allow connections from docker 1.5 and earlier - # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents - if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { - return 404; - } - - # To add basic authentication to v2 use auth_basic setting. - auth_basic "Registry realm"; - auth_basic_user_file /etc/nginx/registry.htpasswd; - - ## If $docker_distribution_api_version is empty, the header is not added. - ## See the map directive above where this variable is defined. - add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; - - proxy_pass http://registry:5000; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/200-static.conf b/compose/nginx/site-configs/200-static.conf deleted file mode 100644 index 343f8cc..0000000 --- a/compose/nginx/site-configs/200-static.conf +++ /dev/null @@ -1,46 +0,0 @@ -server { - listen 80; - server_name example.com example.org; - return 301 https://$host$request_uri; - - # display real ip in nginx logs when connected through reverse proxy via docker network - set_real_ip_from 172.0.0.0/8; - real_ip_header X-Forwarded-For; -} - -server { - listen 443 ssl http2; - server_name example.com; - - # display real ip in nginx logs when connected through reverse proxy via docker network - set_real_ip_from 172.0.0.0/8; - real_ip_header X-Forwarded-For; - - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - - root /var/www/72_lv; - location / { - try_files $uri /index.html; - } -} -server { - listen 443 ssl http2; - server_name example.org; - - # display real ip in nginx logs when connected through reverse proxy via docker network - set_real_ip_from 172.0.0.0/8; - real_ip_header X-Forwarded-For; - - ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - - root /var/www/72_lv; - location / { - try_files $uri /index.html; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/210-flask.conf b/compose/nginx/site-configs/210-flask.conf deleted file mode 100644 index 2907629..0000000 --- a/compose/nginx/site-configs/210-flask.conf +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen 80; - server_name flask.example.com; - location / { - return 301 https://$host$request_uri; - } -} -server { - listen 443 ssl http2; - server_name flask.example.com; - client_max_body_size 10G; - - ssl_certificate /etc/letsencrypt/live/flask.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/flask.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location = /robots.txt { - alias /var/www/app/flask/staticfiles/robots.txt; - } - location = /favicon.ico { - alias /var/www/app/flask/staticfiles/favicon.ico; - } - - location /static { - expires max; - alias /var/www/app/flask/staticfiles; - } - - location /media { - #expires max; - proxy_max_temp_file_size 0; - proxy_buffering off; - alias /var/www/app/flask/media; - } - location / { - include /etc/nginx/proxy_params; - proxy_pass http://flask:5000/; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/220-django.conf b/compose/nginx/site-configs/220-django.conf deleted file mode 100644 index 967ce48..0000000 --- a/compose/nginx/site-configs/220-django.conf +++ /dev/null @@ -1,39 +0,0 @@ -server { - listen 80; - server_name django.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name django.example.com; - client_max_body_size 500M; - - ssl_certificate /etc/letsencrypt/live/django.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/django.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location = /robots.txt { - access_log off; - alias /var/www/app/django/staticfiles/robots.txt; - } - location = /favicon.ico { - access_log off; - alias /var/www/app/django/staticfiles/favicon.ico; - } - - location /static { - access_log off; - expires max; - alias /var/www/app/django/staticfiles; - } - - location /media { - expires max; - alias /var/www/app/django/media; - } - location / { - include /etc/nginx/proxy_params; - proxy_pass http://django:5000/; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/300-qbit.conf b/compose/nginx/site-configs/300-qbit.conf deleted file mode 100644 index 24f70b7..0000000 --- a/compose/nginx/site-configs/300-qbit.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 80; - server_name qbit.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name qbit.example.com; - client_max_body_size 25M; - - access_log off; - error_log off; - - add_header Strict-Transport-Security max-age=31536000 always; - - ssl_certificate /etc/letsencrypt/live/qbit.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/qbit.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location / { - include /etc/nginx/proxy_params; - proxy_set_header X-Forwarded-Host $host:3000; - proxy_hide_header Referer; - proxy_hide_header Origin; - proxy_set_header Referer ''; - proxy_set_header Origin ''; - add_header X-Frame-Options "SAMEORIGIN"; - proxy_pass http://qbit:8080; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/310-cloud.conf b/compose/nginx/site-configs/310-cloud.conf deleted file mode 100644 index 8bf488e..0000000 --- a/compose/nginx/site-configs/310-cloud.conf +++ /dev/null @@ -1,141 +0,0 @@ -upstream php-handler { - server cloud:9000; -} -server { - listen 80; - server_name cloud.example.org cloud.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name cloud.example.org cloud.example.com; - - ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - add_header Strict-Transport-Security "max-age=5184000; includeSubDomains; preload;" always; - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/app/cloud; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/320-secret.conf b/compose/nginx/site-configs/320-secret.conf deleted file mode 100644 index 1116059..0000000 --- a/compose/nginx/site-configs/320-secret.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name secret.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name secret.example.com; - client_max_body_size 25M; - - add_header Strict-Transport-Security max-age=5184000 always; - - ssl_certificate /etc/letsencrypt/live/secret.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/secret.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location / { - include /etc/nginx/proxy_params; - proxy_set_header X-Forwarded-Host $host:3000; - proxy_hide_header Referer; - proxy_hide_header Origin; - proxy_set_header Referer ''; - proxy_set_header Origin ''; - add_header X-Frame-Options "SAMEORIGIN"; - proxy_pass http://yopass:1337; - } -} \ No newline at end of file diff --git a/compose/nginx/site-configs/330-gitea.conf b/compose/nginx/site-configs/330-gitea.conf deleted file mode 100644 index 327e494..0000000 --- a/compose/nginx/site-configs/330-gitea.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name git.example.com; - return 301 https://$host$request_uri; -} -server { - listen 443 ssl http2; - server_name git.example.com; - client_max_body_size 250M; - - add_header Strict-Transport-Security max-age=5184000 always; - - ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem; # managed by Certbot - ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot - include /etc/nginx/ssl.conf; # managed by Certbot - - location / { - include /etc/nginx/proxy_params; - proxy_set_header X-Forwarded-Host $host:3000; - proxy_hide_header Referer; - proxy_hide_header Origin; - proxy_set_header Referer ''; - proxy_set_header Origin ''; - add_header X-Frame-Options "SAMEORIGIN"; - proxy_pass http://gitea:3000; - } -} \ No newline at end of file diff --git a/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example b/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example index 53992c6..552ce01 100644 --- a/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example +++ b/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example @@ -2,15 +2,15 @@ set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER books WITH PASSWORD 'books'; - CREATE DATABASE books; - GRANT ALL PRIVILEGES ON DATABASE books TO books; + CREATE USER flask WITH PASSWORD 'flask'; + CREATE DATABASE flask; + GRANT ALL PRIVILEGES ON DATABASE flask TO flask; EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER fuelkeeper WITH PASSWORD 'fuelkeeper'; - CREATE DATABASE fuelkeeper; - GRANT ALL PRIVILEGES ON DATABASE fuelkeeper TO fuelkeeper; + CREATE USER django WITH PASSWORD 'django'; + CREATE DATABASE django; + GRANT ALL PRIVILEGES ON DATABASE django TO django; EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL diff --git a/default.env b/default.env index 24e1602..db68e27 100644 --- a/default.env +++ b/default.env @@ -1,7 +1,4 @@ -cloud_data=/path/to/data/nextcloud -datne_media=/path/to/data/files -datne_target=/path/to/data/files -certbot_path=./compose/cb +nextcloud_data=/path/to/data/nextcloud +torrent_path=/path/to/data/files -datne_git_path="git@gitlab.com:keriks/datne.git" -fuelkeeper_git_path="git@bitbucket.org:keriks/fuelkeeper.git" +nameday_git_path="https://git.72.lv/eriks/flask-namedays" diff --git a/default.env_certbot b/default.env_certbot index 20510c5..ef77949 100644 --- a/default.env_certbot +++ b/default.env_certbot @@ -1,3 +1,4 @@ DIGITALOCEAN_TOKEN= DOMAINS="main example.com|secrets secret.example.com|testing test.example.com *.test.example.com" ADMIN_EMAIL=domain@example.com +CB_STAGING=1 \ No newline at end of file diff --git a/default.env_cloud b/default.env_nextcloud similarity index 100% rename from default.env_cloud rename to default.env_nextcloud diff --git a/docker-compose.yaml b/docker-compose.yaml index ed1b125..4724d3f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -11,25 +11,15 @@ services: restart: always volumes: - ./compose/nginx/conf:/etc/nginx:ro - - ./compose/nginx/site-configs:/etc/nginx/conf.d:ro - - fuelkeeper_static:/var/www/app/fuelkeeper/staticfiles:ro - - fuelkeeper_media:/var/www/app/fuelkeeper/media:ro - - - books_static:/var/www/app/books/static:ro - - books_media:/var/www/app/books/media:ro - - - ${datne_static}:/var/www/app/datne/staticfiles:ro - - ${datne_media}:/var/www/app/datne/media:ro - - - nextcloud:/var/www/app/cloud:ro - - ${cloud_data}:/var/www/app/cloud/data:ro + # All mount points are read only (:ro) - file uploads/edits are processed inside service containers + - nextcloud:/var/www/app/nextcloud:ro + - ${nextcloud_data}:/var/www/app/nextcloud/data:ro - certbot_certs:/etc/letsencrypt:ro - - ./projects/72_lv:/var/www/72_lv:ro depends_on: - default_web_app - - cloud + - nextcloud - yopass - certbot - gitea @@ -47,14 +37,16 @@ services: image: redis:alpine restart: always - cloud: + nextcloud: build: - context: ./compose/cloud + context: ./compose/nextcloud dockerfile: Dockerfile - env_file: .env_cloud + env_file: .env_nextcloud volumes: - nextcloud:/var/www/html - - ${cloud_data}:/var/www/html/data + # Using path from variable "nextcloud_data" to place data at different disk, + # which isn't easily accomplished from compose + - ${nextcloud_data}:/var/www/html/data restart: always links: - pgdb @@ -79,8 +71,6 @@ services: vardadienas: image: registry.72.lv/flask-namedays:latest restart: always - security_opt: - - no-new-privileges certbot: image: certbot/dns-digitalocean:latest @@ -109,14 +99,24 @@ services: env_file: - .env_gitea + qbit: + image: lscr.io/linuxserver/qbittorrent + environment: + - PUID=1000 + - PGID=1001 + - TZ=UTC + volumes: + - /config # persistent unnamed storage + - ${torrent_path}:/downloads + ports: + - "30000:30000" + - "30000:30000/udp" + restart: unless-stopped volumes: - books_media: {} - books_static: {} - fuelkeeper_media: {} - fuelkeeper_static: {} - nextcloud: {} + # named persistent volumes + nextcloud: {} # nextcloud configuration pgdb: {} certbot_certs: {} registry: {}