Configuration changes

.gitignore

@@ -12,3 +12,4 @@ compose/qbit/config/*
 
 !compose/pgdb/docker-entrypoint-initdb.d/
 compose/pgdb/docker-entrypoint-initdb.d/*.sh
+.idea

README.md

@@ -26,9 +26,6 @@
 - **registry** - Privately hosted DockerRegistry (must generate `compose/nginx/conf/registry.htpasswd`
 - **gitea** - Privately hosted Git server
 
-- **default\_web\_app** - primitive Flask app to serve default nginx tempalte html and display request information at `/req` or `/json` endpoints
+- **default\_web\_app** - primitive Flask app to serve default nginx template html and display request information at `/req` or `/json` endpoints
 
-- **vardadienas** - private Flask app to generate and download customisable Latvian nameday calendar `.ics`
-- **datne** - private Flask app for on-disk file browsing through WebUI
-- **fuelkeeper** - private Django app
-- **books** - private Django app
+- **vardadienas** - Flask app to generate and download customisable Latvian nameday calendar `.ics`

compose/nginx/conf/nginx.conf

@@ -42,8 +42,7 @@ http {
     geo $local_ips {
         default 0;
         10.1.1.0/24 1;
-        83.243.93.200/32 1;
     }
 
-    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enables/*.conf;
 }

compose/pgdb/docker-entrypoint-initdb.d/00-init-users-db.sh.example

@@ -2,15 +2,15 @@
 set -e
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-    CREATE USER books WITH PASSWORD 'books';
-    CREATE DATABASE books;
-    GRANT ALL PRIVILEGES ON DATABASE books TO books;
+    CREATE USER flask WITH PASSWORD 'flask';
+    CREATE DATABASE flask;
+    GRANT ALL PRIVILEGES ON DATABASE flask TO flask;
 EOSQL
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-    CREATE USER fuelkeeper WITH PASSWORD 'fuelkeeper';
-    CREATE DATABASE fuelkeeper;
-    GRANT ALL PRIVILEGES ON DATABASE fuelkeeper TO fuelkeeper;
+    CREATE USER django WITH PASSWORD 'django';
+    CREATE DATABASE django;
+    GRANT ALL PRIVILEGES ON DATABASE django TO django;
 EOSQL
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL

default.env

@@ -1,7 +1,4 @@
-cloud_data=/path/to/data/nextcloud
-datne_media=/path/to/data/files
-datne_target=/path/to/data/files
-certbot_path=./compose/cb
+nextcloud_data=/path/to/data/nextcloud
+torrent_path=/path/to/data/files
 
-datne_git_path="git@gitlab.com:keriks/datne.git"
-fuelkeeper_git_path="git@bitbucket.org:keriks/fuelkeeper.git"
+nameday_git_path="https://git.72.lv/eriks/flask-namedays"

default.env_certbot

@@ -1,3 +1,4 @@
 DIGITALOCEAN_TOKEN=
 DOMAINS="main example.com|secrets secret.example.com|testing test.example.com *.test.example.com"
 ADMIN_EMAIL=domain@example.com
+CB_STAGING=1

docker-compose.yaml

@@ -11,25 +11,15 @@ services:
     restart: always
     volumes:
       - ./compose/nginx/conf:/etc/nginx:ro
-      - ./compose/nginx/site-configs:/etc/nginx/conf.d:ro
 
-      - fuelkeeper_static:/var/www/app/fuelkeeper/staticfiles:ro
-      - fuelkeeper_media:/var/www/app/fuelkeeper/media:ro
-
-      - books_static:/var/www/app/books/static:ro
-      - books_media:/var/www/app/books/media:ro
-
-      - ${datne_static}:/var/www/app/datne/staticfiles:ro
-      - ${datne_media}:/var/www/app/datne/media:ro
-
-      - nextcloud:/var/www/app/cloud:ro
-      - ${cloud_data}:/var/www/app/cloud/data:ro
+      # All mount points are read only (:ro) - file uploads/edits are processed inside service containers
+      - nextcloud:/var/www/app/nextcloud:ro
+      - ${nextcloud_data}:/var/www/app/nextcloud/data:ro
 
       - certbot_certs:/etc/letsencrypt:ro
-      - ./projects/72_lv:/var/www/72_lv:ro
     depends_on:
       - default_web_app
-      - cloud
+      - nextcloud
       - yopass
       - certbot
       - gitea
@@ -47,14 +37,16 @@ services:
     image: redis:alpine
     restart: always
 
-  cloud:
+  nextcloud:
     build:
-      context: ./compose/cloud
+      context: ./compose/nextcloud
       dockerfile: Dockerfile
-    env_file: .env_cloud
+    env_file: .env_nextcloud
     volumes:
       - nextcloud:/var/www/html
-      - ${cloud_data}:/var/www/html/data
+      # Using path from variable "nextcloud_data" to place data at different disk,
+      #   which isn't easily accomplished from compose
+      - ${nextcloud_data}:/var/www/html/data
     restart: always
     links:
       - pgdb
@@ -79,8 +71,6 @@ services:
   vardadienas:
     image: registry.72.lv/flask-namedays:latest
     restart: always
-    security_opt:
-      - no-new-privileges
 
   certbot:
     image: certbot/dns-digitalocean:latest
@@ -109,14 +99,24 @@ services:
     env_file:
       - .env_gitea
 
+  qbit:
+    image: lscr.io/linuxserver/qbittorrent
+    environment:
+      - PUID=1000
+      - PGID=1001
+      - TZ=UTC
+    volumes:
+      - /config  # persistent unnamed storage
+      - ${torrent_path}:/downloads
+    ports:
+      - "30000:30000"
+      - "30000:30000/udp"
+    restart: unless-stopped
 
 
 volumes:
-  books_media: {}
-  books_static: {}
-  fuelkeeper_media: {}
-  fuelkeeper_static: {}
-  nextcloud: {}
+  # named persistent volumes
+  nextcloud: {} # nextcloud configuration
   pgdb: {}
   certbot_certs: {}
   registry: {}