chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working for homelab

Browse Source
This commit is contained in:
Chris
2023-03-23 20:29:29 +00:00
parent a6d5ceaa22
commit 678894d7db
18 changed files with 677 additions and 734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

393
docker-compose.yml
View File

@@ -15,20 +15,12 @@ x-logging: &logging
version: "3.4"
services:
dashboard:
<<: *logging
image: rmountjoy/dashmachine:latest
volumes:
- dashboard:/dashmachine/dashmachine/user_data
restart: always
networks:
- nginx
foundry:
<<: *logging
image: felddy/foundryvtt:release
volumes:
- foundry:/data
- /mnt/tower/foundry:/data
- /opt/scarif/foundry/patches:/data/patches
restart: always
environment:
- "FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}"
@@ -40,44 +32,22 @@ services:
- FOUNDRY_PROXY_SSL=true
- FOUNDRY_ROUTE_PREFIX=foundry
- CONTAINER_CACHE=/data/container_cache
- CONTAINER_PATCH_URLS=https://labs.scarif.space/chris/foundry-plutonium-install/raw/branch/main/plutonium.sh
- FOUNDRY_UID=82
- FOUNDRY_GID=82
- CONTAINER_PATCHES=/data/patches
- FOUNDRY_UID=1000
- FOUNDRY_GID=1000
networks:
- nginx
# monica:
# <<: *logging
# build: ./monica
# image: monica
# env_file: ./monica/.env
# environment:
# - APP_URL=https://personel.${DOMAIN}
# - DB_PASSWORD=${DB_PASSWORD}
# - DB_USERNAME=${DB_USER}
# - MAIL_FROM_ADDRESS=${MAIL_FROM}
# - MAIL_HOST=${MAIL_HOST}
# - MAIL_PORT=${MAIL_PORT}
# - MAIL_USERNAME=${MAIL_USER}
# - MAIL_PASSWORD=${MAIL_PASSWORD}
# volumes:
# - monica-data:/var/www/html/storage
# - monica-public:/var/www/html/public
# restart: always
# depends_on:
# - db
# networks:
# - db
# - nginx
nextcloud:
<<: *logging
build: ./nextcloud
image: nextcloud
restart: always
restart: unless-stopped
user: 1000:1000
volumes:
- nextcloud:/var/www/html
- foundry:/var/www/foundry
- /mnt/tower/stardust:/var/www/html/data
- /mnt/tower/foundry:/var/www/foundry
environment:
- REDIS_HOST=redis
- MYSQL_HOST=db
@@ -86,12 +56,16 @@ services:
- MYSQL_USER=${DB_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- MAIL_FROM=${MAIL_FROM}
- MAIL_HOST=${MAIL_HOST}
- MAIL_PORT=${MAIL_PORT}
- MAIL_USER=${MAIL_USER}
- MAIL_PASSWORD=${MAIL_PASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS=tower.${DOMAIN}
- MAIL_FROM_ADDRESS=${MAIL_FROM}
- SMTP_HOST=${MAIL_HOST}
- SMTP_PORT=${MAIL_PORT}
- SMTP_USER=${MAIL_USER}
- SMTP_PASSWORD=${MAIL_PASSWORD}
- "NEXTCLOUD_TRUSTED_DOMAINS=tower.${DOMAIN} 127.0.0.1"
- USER_UID=1000
- USER_GID=1000
- APACHE_RUN_USER=1000
- APACHE_RUN_GROUP=1000
depends_on:
- db
- redis
@@ -100,20 +74,17 @@ services:
- redis
- nginx
extra_hosts:
- "tower.scarif.space:${LOCAL_IP}"
- "office.scarif.space:${LOCAL_IP}"
- "tower.${DOMAIN}:${LOCAL_IP}"
- "office.${DOMAIN}:${LOCAL_IP}"
collabora:
<<: *logging
image: collabora/code
restart: always
restart: unless-stopped
cap_add:
- MKNOD
# volumes:
# - /etc/timezone:/etc/timezone:ro
# - /etc/localtime:/etc/localtime:ro
environment:
- DONT_GEN_SSL_CERT="True"
- "DONT_GEN_SSL_CERT=True"
- domain=tower.${DOMAIN}
- cert_domain=office.${DOMAIN}
- server_name=office.${DOMAIN}
@@ -124,20 +95,8 @@ services:
networks:
- nginx
extra_hosts:
- "tower.scarif.space:${LOCAL_IP}"
- "office.scarif.space:${LOCAL_IP}"
pinry:
<<: *logging
image: 'getpinry/pinry'
volumes:
- pinry:/data
- ./pinry/local_settings.py:/data/local_settings.py
networks:
- nginx
- db
depends_on:
- db
- "tower.${DOMAIN}:${LOCAL_IP}"
- "office.${DOMAIN}:${LOCAL_IP}"
gitea:
<<: *logging
@@ -158,6 +117,7 @@ services:
restart: always
volumes:
- gitea:/data
- /mnt/tower/labs:/data/git
- /home/git/.ssh/:/data/git/.ssh/
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
@@ -171,26 +131,18 @@ services:
jitsi:
<<: *logging
image: jitsi/web:latest
restart: always
image: jitsi/web:stable
restart: unless-stopped
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- ENABLE_LETSENCRYPT
- ENABLE_HTTP_REDIRECT
- ENABLE_HSTS
- ENABLE_XMPP_WEBSOCKET
- DISABLE_HTTPS
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- PUBLIC_URL
- TZ
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- BRIDGE_CHANNEL
- AUDIO_QUALITY_OPUS_BITRATE
- AUTO_CAPTION_ON_RECORD
- BRANDING_DATA_URL
- CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID
@@ -198,30 +150,60 @@ services:
- CHROME_EXTENSION_BANNER_JSON
- CONFCODE_URL
- CONFIG_EXTERNAL_CONNECT
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DEPLOYMENTINFO_USERREGION
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DISABLE_START_FOR_ALL
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTH
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_FILE_RECORDING_SERVICE
- ENABLE_FILE_RECORDING_SERVICE_SHARING
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETS_ENCRYPT
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_P2P
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
@@ -229,12 +211,22 @@ services:
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
@@ -242,38 +234,59 @@ services:
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PREFERRED_LANGUAGE
- PUBLIC_URL
- P2P_PREFERRED_CODEC
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_ONLY
- START_AUDIO_MUTED
- DISABLE_AUDIO_LEVELS
- ENABLE_NOISY_MIC_DETECTION
- START_AUDIO_ONLY
- START_BITRATE
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TESTING_CAP_SCREENSHARE_BITRATE
- TESTING_OCTO_PROBABILITY
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TRANSLATION_LANGUAGES
- TRANSLATION_LANGUAGES_HEAD
- TZ
- USE_APP_LANGUAGE
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- TOKEN_AUTH_URL
- XMPP_PORT
- WHITEBOARD_ENABLED
- WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
networks:
nginx:
meet.jitsi:
aliases:
- ${XMPP_DOMAIN}
# XMPP server
prosody:
<<: *logging
image: jitsi/prosody:latest
restart: always
image: jitsi/prosody:stable
restart: unless-stopped
expose:
- '5222'
- '${XMPP_PORT:-52222}'
- '5347'
- '5280'
volumes:
@@ -281,46 +294,35 @@ services:
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_XMPP_WEBSOCKET
- GLOBAL_MODULES
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- LDAP_URL
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_AUTH_METHOD
- LDAP_VERSION
- LDAP_USE_TLS
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_CROSS_DOMAIN
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JICOFO_AUTH_PASSWORD
- JICOFO_COMPONENT_SECRET
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
@@ -328,40 +330,97 @@ services:
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PUBLIC_URL
- TURN_CREDENTIALS
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TURN_TRANSPORT
- TZ
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER}
- ${XMPP_SERVER:-xmpp.meet.jitsi}
# Focus component
jicofo:
<<: *logging
image: jitsi/jicofo:latest
restart: always
image: jitsi/jicofo:stable
restart: unless-stopped
volumes:
- ${CONFIG}/jicofo:/config:Z
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- ENABLE_AUTO_OWNER
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_H264
- ENABLE_OCTO
- ENABLE_RECORDING
- ENABLE_SCTP
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_PASSWORD
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_ENABLE_HEALTH_CHECKS
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JVB_BREWERY_MUC
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_RESERVATION_REST_BASE_URL
- JVB_BREWERY_MUC
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JIBRI_BREWERY_MUC
- JIBRI_PENDING_TIMEOUT
- TZ
- XMPP_PORT
depends_on:
- prosody
networks:
@@ -370,31 +429,42 @@ services:
# Video bridge
jvb:
<<: *logging
image: jitsi/jvb:latest
restart: always
image: jitsi/jvb:stable
restart: unless-stopped
ports:
- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
- '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
volumes:
- ${CONFIG}/jvb:/config:Z
environment:
- DOCKER_HOST_ADDRESS
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_OCTO
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_DISABLE_STUN
- JVB_PORT
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_PORT
- JVB_TCP_MAPPED_PORT
- JVB_MUC_NICKNAME
- JVB_STUN_SERVERS
- JVB_ENABLE_APIS
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- PUBLIC_URL
- SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
@@ -432,42 +502,33 @@ services:
- /opt/ssl:/etc/nginx/certs:ro
- ./nginx/nginx.conf.template:/etc/nginx/conf.d/nginx.conf.template
- ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
- monica-public:/var/www/html/monica/public:ro
- monica-data:/var/www/html/monica/storage:ro
- nextcloud:/var/www/html/nextcloud:ro
- ./christmas:/var/www/html/christmas:ro
environment:
- DOMAIN=${DOMAIN}
depends_on:
- dashboard
# - monica
- nextcloud
- gitea
- collabora
- pinry
ports:
- 80:80
- 443:443
networks:
- nginx
# certs:
# <<: *certs
# environment:
# - SSL_SUBJECT=${DOMAIN}
# - CA_SUBJECT=chris@${DOMAIN}
# - SSL_KEY=/certs/${DOMAIN}.key
# - SSL_CSR=/certs/${DOMAIN}.csr
# - SSL_CERT=/certs/${DOMAIN}.crt
certs:
<<: *certs
environment:
- SSL_SUBJECT=${DOMAIN}
- CA_SUBJECT=chris@${DOMAIN}
- SSL_KEY=/certs/${DOMAIN}.key
- SSL_CSR=/certs/${DOMAIN}.csr
- SSL_CERT=/certs/${DOMAIN}.crt
volumes:
db:
gitea:
monica-public:
monica-data:
nextcloud:
dashboard:
pinry:
foundry:
networks: