From d2f5bb5fa6596b6797cd2ea9b73cbe047f94741d Mon Sep 17 00:00:00 2001 From: eriks Date: Fri, 8 Jul 2022 22:20:00 +0300 Subject: [PATCH] cleanup (#1) Reviewed-on: https://git.72.lv/eriks/docker_system/pulls/1 --- .gitignore | 1 + README.md | 7 +- compose/{cloud => nextcloud}/Dockerfile | 0 .../{cloud => nextcloud}/entry_uid_change.sh | 0 compose/{cloud => nextcloud}/supervisord.conf | 0 compose/nginx/Dockerfile | 7 +- compose/nginx/conf/nginx.conf | 3 +- compose/nginx/conf/ssl-dhparams.pem | 17 ++- compose/nginx/conf/ssl.conf | 3 +- compose/nginx/defaults/fastcgi.conf | 26 ---- compose/nginx/defaults/fastcgi_params | 25 ---- compose/nginx/defaults/mime.types | 97 --------------- compose/nginx/defaults/nginx.conf | 32 ----- compose/nginx/defaults/scgi_params | 17 --- compose/nginx/defaults/ssl.conf | 14 --- compose/nginx/defaults/uwsgi_params | 17 --- compose/nginx/entrypoint_host.sh | 10 -- .../00-init-users-db.sh.example | 12 +- default.env | 9 +- default.env_certbot | 1 + default.env_cloud => default.env_nextcloud | 0 docker-compose.yaml | 115 ++++-------------- 22 files changed, 55 insertions(+), 358 deletions(-) rename compose/{cloud => nextcloud}/Dockerfile (100%) rename compose/{cloud => nextcloud}/entry_uid_change.sh (100%) rename compose/{cloud => nextcloud}/supervisord.conf (100%) delete mode 100644 compose/nginx/defaults/fastcgi.conf delete mode 100644 compose/nginx/defaults/fastcgi_params delete mode 100644 compose/nginx/defaults/mime.types delete mode 100644 compose/nginx/defaults/nginx.conf delete mode 100644 compose/nginx/defaults/scgi_params delete mode 100644 compose/nginx/defaults/ssl.conf delete mode 100644 compose/nginx/defaults/uwsgi_params delete mode 100644 compose/nginx/entrypoint_host.sh rename default.env_cloud => default.env_nextcloud (100%) diff --git a/.gitignore b/.gitignore index eb9137b..325f193 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ compose/qbit/config/* !compose/pgdb/docker-entrypoint-initdb.d/ compose/pgdb/docker-entrypoint-initdb.d/*.sh +.idea \ No newline at end of file diff --git a/README.md b/README.md index ed5df3e..55e6d32 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,6 @@ - **registry** - Privately hosted DockerRegistry (must generate `compose/nginx/conf/registry.htpasswd` - **gitea** - Privately hosted Git server -- **default\_web\_app** - primitive Flask app to serve default nginx tempalte html and display request information at `/req` or `/json` endpoints +- **default\_web\_app** - primitive Flask app to serve default nginx template html and display request information at `/req` or `/json` endpoints -- **vardadienas** - private Flask app to generate and download customisable Latvian nameday calendar `.ics` -- **datne** - private Flask app for on-disk file browsing through WebUI -- **fuelkeeper** - private Django app -- **books** - private Django app +- **vardadienas** - Flask app to generate and download customisable Latvian nameday calendar `.ics` diff --git a/compose/cloud/Dockerfile b/compose/nextcloud/Dockerfile similarity index 100% rename from compose/cloud/Dockerfile rename to compose/nextcloud/Dockerfile diff --git a/compose/cloud/entry_uid_change.sh b/compose/nextcloud/entry_uid_change.sh similarity index 100% rename from compose/cloud/entry_uid_change.sh rename to compose/nextcloud/entry_uid_change.sh diff --git a/compose/cloud/supervisord.conf b/compose/nextcloud/supervisord.conf similarity index 100% rename from compose/cloud/supervisord.conf rename to compose/nextcloud/supervisord.conf diff --git a/compose/nginx/Dockerfile b/compose/nginx/Dockerfile index aa24940..b4cc66f 100644 --- a/compose/nginx/Dockerfile +++ b/compose/nginx/Dockerfile @@ -1,16 +1,11 @@ FROM nginx:stable-alpine -#COPY conf /etc/nginx -COPY ./entrypoint_host.sh /entrypoint_host.sh RUN apk add shadow \ && groupmod -g 1001 nginx \ && usermod -u 1000 -g 1001 nginx \ && find / -user 101 -exec chown -v -h 1000 '{}' \; \ - && find / -group 101 -exec chgrp -v 1001 '{}' \; \ - && curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/nginx/ssl.conf \ - && chmod +x /entrypoint_host.sh + && find / -group 101 -exec chgrp -v 1001 '{}' \; VOLUME ["/var/cache/nginx", "/var/run"] -ENTRYPOINT ["/entrypoint_host.sh"] CMD ["nginx", "-g", "daemon off;"] diff --git a/compose/nginx/conf/nginx.conf b/compose/nginx/conf/nginx.conf index b2cd543..785af54 100644 --- a/compose/nginx/conf/nginx.conf +++ b/compose/nginx/conf/nginx.conf @@ -42,8 +42,7 @@ http { geo $local_ips { default 0; 10.1.1.0/24 1; - 83.243.93.200/32 1; } - include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enables/*.conf; } diff --git a/compose/nginx/conf/ssl-dhparams.pem b/compose/nginx/conf/ssl-dhparams.pem index 9b182b7..4ed7ab8 100644 --- a/compose/nginx/conf/ssl-dhparams.pem +++ b/compose/nginx/conf/ssl-dhparams.pem @@ -1,8 +1,13 @@ -----BEGIN DH PARAMETERS----- -MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== +MIICCAKCAgEAzaxkoeWOsulfwhlabx/a394WaXNP33NGA0ip3qljJbWFqdpO3sgu +39he541CU3cziJGvkYXl8TTmNzZL6whFaESnx9npTP4k7s1gnF7PI8QKqlRefSnT +xhxcI1shC8L7deOM/wkEEWVn+rv0WDDzs623eOK9dA22biGZn0x9yq5NAvFnxBI7 +4/DMosFspiUOoBoj5/tyXvnXWGXRxzwcmYSOE4MaZIYKYheqq6DrRyqef9mPeGQn +8dZx1a1paICIhsg2I89VwT5zwPgO1NV/w8HXB97/c07znJ3p+1xKDoxQcexGR3UK +czobKI7vuWfxxRj4T7W5Wg/jOWOXeyKqCXkX6wVyBxhTmiwcoz2oPYSIOqkOmlKk +wp6D08RRE3PJcrDP80ls1b/ChL3CZ2VfzEg9ZE2UHlikRGxNf+SGur0J/yPlZ2TZ +3l3GaBHGGEuFmRrZ+M2ZeS2v1+To2nV/jM/jJF5Xmb6FZPD/con1AYsR71oQUU+h +fTsc4W40JRbOCJTP1gwrLjq293tKJ8bN6U3tqDfLCRsJlcGUX+ZePffB1Heu6B9L +eHG6sQ7l9HM7DYkPzZldTenLuhqX7zGyxrdSlFTz/jPb8+eWSMvy54j2l8+qKgH0 +i7o/yP4nrDffk0xUwUkubyX9UIY8LDyOMFttrEoLyDhzeaScSSyV6hsCAQI= -----END DH PARAMETERS----- diff --git a/compose/nginx/conf/ssl.conf b/compose/nginx/conf/ssl.conf index 978e6e8..7f4c98e 100644 --- a/compose/nginx/conf/ssl.conf +++ b/compose/nginx/conf/ssl.conf @@ -2,7 +2,7 @@ # manually, Certbot will be unable to automatically provide future security # updates. Instead, Certbot will print and log an error message with a path to # the up-to-date file that you will need to refer to when manually updating -# this file. +# this file. Contents are based on https://ssl-config.mozilla.org ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; @@ -12,3 +12,4 @@ ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + diff --git a/compose/nginx/defaults/fastcgi.conf b/compose/nginx/defaults/fastcgi.conf deleted file mode 100644 index 091738c..0000000 --- a/compose/nginx/defaults/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/compose/nginx/defaults/fastcgi_params b/compose/nginx/defaults/fastcgi_params deleted file mode 100644 index 28decb9..0000000 --- a/compose/nginx/defaults/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/compose/nginx/defaults/mime.types b/compose/nginx/defaults/mime.types deleted file mode 100644 index 2961256..0000000 --- a/compose/nginx/defaults/mime.types +++ /dev/null @@ -1,97 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/compose/nginx/defaults/nginx.conf b/compose/nginx/defaults/nginx.conf deleted file mode 100644 index 5e076aa..0000000 --- a/compose/nginx/defaults/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/compose/nginx/defaults/scgi_params b/compose/nginx/defaults/scgi_params deleted file mode 100644 index 6d4ce4f..0000000 --- a/compose/nginx/defaults/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/compose/nginx/defaults/ssl.conf b/compose/nginx/defaults/ssl.conf deleted file mode 100644 index 978e6e8..0000000 --- a/compose/nginx/defaults/ssl.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This file contains important security parameters. If you modify this file -# manually, Certbot will be unable to automatically provide future security -# updates. Instead, Certbot will print and log an error message with a path to -# the up-to-date file that you will need to refer to when manually updating -# this file. - -ssl_session_cache shared:le_nginx_SSL:10m; -ssl_session_timeout 1440m; -ssl_session_tickets off; - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_prefer_server_ciphers off; - -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; diff --git a/compose/nginx/defaults/uwsgi_params b/compose/nginx/defaults/uwsgi_params deleted file mode 100644 index 09c732c..0000000 --- a/compose/nginx/defaults/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/compose/nginx/entrypoint_host.sh b/compose/nginx/entrypoint_host.sh deleted file mode 100644 index 78b21be..0000000 --- a/compose/nginx/entrypoint_host.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -HOST_DOMAIN="host.docker.internal" -ping -q -c1 $HOST_DOMAIN > /dev/null 2>&1 -if [ $? -ne 0 ]; then - HOST_IP=$(ip route | awk 'NR==1 {print $3}') - echo -e "$HOST_IP\t$HOST_DOMAIN" >> /etc/hosts -fi - -/bin/sh /docker-entrypoint.sh "$@" diff --git a/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example b/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example index 53992c6..552ce01 100644 --- a/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example +++ b/compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example @@ -2,15 +2,15 @@ set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER books WITH PASSWORD 'books'; - CREATE DATABASE books; - GRANT ALL PRIVILEGES ON DATABASE books TO books; + CREATE USER flask WITH PASSWORD 'flask'; + CREATE DATABASE flask; + GRANT ALL PRIVILEGES ON DATABASE flask TO flask; EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER fuelkeeper WITH PASSWORD 'fuelkeeper'; - CREATE DATABASE fuelkeeper; - GRANT ALL PRIVILEGES ON DATABASE fuelkeeper TO fuelkeeper; + CREATE USER django WITH PASSWORD 'django'; + CREATE DATABASE django; + GRANT ALL PRIVILEGES ON DATABASE django TO django; EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL diff --git a/default.env b/default.env index 24e1602..db68e27 100644 --- a/default.env +++ b/default.env @@ -1,7 +1,4 @@ -cloud_data=/path/to/data/nextcloud -datne_media=/path/to/data/files -datne_target=/path/to/data/files -certbot_path=./compose/cb +nextcloud_data=/path/to/data/nextcloud +torrent_path=/path/to/data/files -datne_git_path="git@gitlab.com:keriks/datne.git" -fuelkeeper_git_path="git@bitbucket.org:keriks/fuelkeeper.git" +nameday_git_path="https://git.72.lv/eriks/flask-namedays" diff --git a/default.env_certbot b/default.env_certbot index 20510c5..ef77949 100644 --- a/default.env_certbot +++ b/default.env_certbot @@ -1,3 +1,4 @@ DIGITALOCEAN_TOKEN= DOMAINS="main example.com|secrets secret.example.com|testing test.example.com *.test.example.com" ADMIN_EMAIL=domain@example.com +CB_STAGING=1 \ No newline at end of file diff --git a/default.env_cloud b/default.env_nextcloud similarity index 100% rename from default.env_cloud rename to default.env_nextcloud diff --git a/docker-compose.yaml b/docker-compose.yaml index 3b6fdb7..4724d3f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -10,86 +10,21 @@ services: - "443:443" restart: always volumes: - - ./compose/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro - - ./compose/nginx/conf/sites-enabled:/etc/nginx/conf.d:ro - - ./compose/nginx/conf/proxy_params:/etc/nginx/proxy_params:ro - - ./compose/nginx/conf/ssl-dhparams.pem:/etc/nginx/ssl-dhparams.pem:ro - - ./compose/nginx/conf/registry.htpasswd:/etc/nginx/registry.htpasswd:ro + - ./compose/nginx/conf:/etc/nginx:ro - - fuelkeeper_static:/var/www/app/fuelkeeper/staticfiles:ro - - fuelkeeper_media:/var/www/app/fuelkeeper/media:ro - - - books_static:/var/www/app/books/static:ro - - books_media:/var/www/app/books/media:ro - - - ${datne_static}:/var/www/app/datne/staticfiles:ro - - ${datne_media}:/var/www/app/datne/media:ro - - - nextcloud:/var/www/app/cloud:ro - - ${cloud_data}:/var/www/app/cloud/data:ro + # All mount points are read only (:ro) - file uploads/edits are processed inside service containers + - nextcloud:/var/www/app/nextcloud:ro + - ${nextcloud_data}:/var/www/app/nextcloud/data:ro - certbot_certs:/etc/letsencrypt:ro - - ./projects/72_lv:/var/www/72_lv:ro depends_on: - default_web_app - - fuelkeeper - - books - - datne - - cloud + - nextcloud - yopass - certbot - - registry + - gitea - vardadienas - qbit: - image: lscr.io/linuxserver/qbittorrent - environment: - - PUID=1000 - - PGID=1001 - - TZ=UTC - volumes: - - qbit_config:/config - - ${datne_target}:/downloads - ports: - - "30000:30000" - - "30000:30000/udp" - restart: unless-stopped - - fuelkeeper: - image: registry.72.lv/fuelkeeper:latest - volumes: - - fuelkeeper_static:/app/staticfiles - - fuelkeeper_media:/app/fuelkeeper/media - env_file: ./projects/fuelkeeper/.env - restart: unless-stopped - security_opt: - - no-new-privileges - depends_on: - - redis - - pgdb - - books: - image: registry.72.lv/bookkeeping:latest - volumes: - - books_static:/app/static - - books_media:/app/media - - ./projects/bookkeeping:/app - env_file: ./projects/bookkeeping/.env - restart: unless-stopped - security_opt: - - no-new-privileges - depends_on: - - pgdb - - datne: - image: registry.72.lv/datne:latest - volumes: - - ${datne_media}:/media - - ${datne_static}:/app/static - restart: unless-stopped - security_opt: - - no-new-privileges - default_web_app: build: context: ./projects/default @@ -102,14 +37,16 @@ services: image: redis:alpine restart: always - cloud: + nextcloud: build: - context: ./compose/cloud + context: ./compose/nextcloud dockerfile: Dockerfile - env_file: .env_cloud + env_file: .env_nextcloud volumes: - nextcloud:/var/www/html - - ${cloud_data}:/var/www/html/data + # Using path from variable "nextcloud_data" to place data at different disk, + # which isn't easily accomplished from compose + - ${nextcloud_data}:/var/www/html/data restart: always links: - pgdb @@ -134,8 +71,6 @@ services: vardadienas: image: registry.72.lv/flask-namedays:latest restart: always - security_opt: - - no-new-privileges certbot: image: certbot/dns-digitalocean:latest @@ -148,12 +83,6 @@ services: env_file: - .env_certbot - registry: - image: registry:2 - restart: unless-stopped - volumes: - - registry:/var/lib/registry - gitea: image: gitea/gitea:latest-rootless restart: always @@ -170,14 +99,24 @@ services: env_file: - .env_gitea + qbit: + image: lscr.io/linuxserver/qbittorrent + environment: + - PUID=1000 + - PGID=1001 + - TZ=UTC + volumes: + - /config # persistent unnamed storage + - ${torrent_path}:/downloads + ports: + - "30000:30000" + - "30000:30000/udp" + restart: unless-stopped volumes: - books_media: {} - books_static: {} - fuelkeeper_media: {} - fuelkeeper_static: {} - nextcloud: {} + # named persistent volumes + nextcloud: {} # nextcloud configuration pgdb: {} certbot_certs: {} registry: {}