From 5dd44565ac1ac18d16be091ceb381a875a355b77 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 Mar 2023 20:23:58 +0000 Subject: [PATCH] Added Container Updates --- Composer/{caddy => basic}/README.MD | 0 Composer/basic/docker-compose.yml | 40 ++++++ Composer/caddy/docker-compose.yml | 29 ----- .../default-config/preview.config.php | 12 ++ Composer/nextcloud/docker-compose.yml | 115 ++++++++++++++++++ Composer/photoprism/docker-compose.yml | 99 +++++++++++++++ Composer/portainer/docker-compose.yml | 99 +++++++++++++++ Composer/woodpecker/docker-compose.yml | 11 +- 8 files changed, 369 insertions(+), 36 deletions(-) rename Composer/{caddy => basic}/README.MD (100%) create mode 100644 Composer/basic/docker-compose.yml delete mode 100644 Composer/caddy/docker-compose.yml create mode 100644 Composer/nextcloud/default-config/preview.config.php create mode 100644 Composer/nextcloud/docker-compose.yml create mode 100644 Composer/photoprism/docker-compose.yml create mode 100644 Composer/portainer/docker-compose.yml diff --git a/Composer/caddy/README.MD b/Composer/basic/README.MD similarity index 100% rename from Composer/caddy/README.MD rename to Composer/basic/README.MD diff --git a/Composer/basic/docker-compose.yml b/Composer/basic/docker-compose.yml new file mode 100644 index 0000000..25c839a --- /dev/null +++ b/Composer/basic/docker-compose.yml @@ -0,0 +1,40 @@ +version: "3.7" +services: + # Ingress + caddy: + image: lucaslorentz/caddy-docker-proxy + ports: + - 80:80 + - 443:443 + environment: + - CADDY_INGRESS_NETWORKS=caddy + networks: + - caddy + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - caddy_data:/data + restart: unless-stopped + + # Automatic Container Updates + watchtower: + image: containrrr/watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + + # Cleanup unused Docker Container + janitor: + image: flaviostutz/docker-janitor + environment: + - RUN_ON_STARTUP=true + - PRUNE_VOLUMES=true + - SLEEP_TIME=86400 + - UNUSED_TIME=24h + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +networks: + caddy: + external: true + +volumes: + caddy_data: {} \ No newline at end of file diff --git a/Composer/caddy/docker-compose.yml b/Composer/caddy/docker-compose.yml deleted file mode 100644 index 77ebbd5..0000000 --- a/Composer/caddy/docker-compose.yml +++ /dev/null @@ -1,29 +0,0 @@ -version: "3.7" -services: - caddy: - image: lucaslorentz/caddy-docker-proxy - ports: - - 80:80 - - 443:443 - environment: - - CADDY_INGRESS_NETWORKS=caddy - networks: - - caddy - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - caddy_data:/data - restart: unless-stopped - whoami: - image: containous/whoami - networks: - - caddy - labels: - caddy: whoami.localhost - caddy.reverse_proxy: "{{upstreams 80}}" - -networks: - caddy: - external: true - -volumes: - caddy_data: {} \ No newline at end of file diff --git a/Composer/nextcloud/default-config/preview.config.php b/Composer/nextcloud/default-config/preview.config.php new file mode 100644 index 0000000..9f7ffff --- /dev/null +++ b/Composer/nextcloud/default-config/preview.config.php @@ -0,0 +1,12 @@ + [ + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown', + 'OC\Preview\OpenDocument', + 'OC\Preview\Krita', + 'OC\Preview\Imaginary', +], +'preview_imaginary_url' => 'http://preview:9000', +); \ No newline at end of file diff --git a/Composer/nextcloud/docker-compose.yml b/Composer/nextcloud/docker-compose.yml new file mode 100644 index 0000000..54a3794 --- /dev/null +++ b/Composer/nextcloud/docker-compose.yml @@ -0,0 +1,115 @@ +version: '3' + +services: + app: + image: nextcloud + restart: always + networks: + - caddy + - nextcloud + labels: + caddy: ${HOSTNAME} + caddy.reverse_proxy: "{{upstreams http 80}}" + caddy.0_redir: "/.well-known/carddav /remote.php/dav 301" + caddy.1_redir: "/.well-known/caldav /remote.php/dav 301" + caddy.header: "Strict-Transport-Security max-age=15552000" + caddy.tls: "internal" + volumes: + - ./data/nextcloud/www:/var/www/html + - ./default-config/preview.config.php:/var/www/html/config/preview.config.php + depends_on: + - clamav + - preview + - db + - redis + environment: + - POSTGRES_HOST=db + - REDIS_HOST=redis + - POSTGRES_DB=nextcloud + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - NEXTCLOUD_TRUSTED_DOMAINS=${HOSTNAME} + - OVERWRITEPROTOCOL=https + - TRUSTED_PROXIES=${NEXTCLOUD_TRUSTED_PROXIES} + - APACHE_DISABLE_REWRITE_IP=1 + + preview: + image: docker.io/nextcloud/aio-imaginary:latest + restart: always + networks: + - nextcloud + environment: + - PORT=9000 + command: -concurrency 50 -enable-url-source + + clamav: + image: "clamav/clamav:stable_base" + container_name: "clamav" + networks: + - nextcloud + volumes: + - ./data/clamav/virus_db:/var/lib/clamav/ # Virus database + restart: unless-stopped + + # Does Not Work + #notify_push: + # image: icewind1991/notify_push + # restart: always + # networks: + # - nextcloud + # - caddy + # labels: + # caddy: ${HOSTNAME} + # caddy.handle_path: /push/* + # caddy.handle_path.0_reverse_proxy: "{{upstreams http 7867}}" + # depends_on: + # - db + # - redis + # - app + # volumes: + # - ./data/nextcloud/www:/var/www/html:ro + # - /etc/localtime:/etc/localtime:ro + # - /etc/timezone:/etc/timezone:ro + # environment: + # - PORT=7867 + # - "NEXTCLOUD_URL=http://app" # don't go through the proxy to contact the nextcloud server + # entrypoint: ./notify_push --allow-self-signed --dump-config redis://:@redis --log-level debug /var/www/html/config/config.php + + cron: + image: nextcloud + restart: always + volumes: + - ./data/nextcloud/www:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + networks: + - nextcloud + + + db: + container_name: db + image: postgres:alpine + restart: always + networks: + - nextcloud + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + volumes: + - ./data/db:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro + + redis: + image: redis:alpine + restart: always + networks: + - nextcloud + + +networks: + nextcloud: + internal: true + caddy: + external: true diff --git a/Composer/photoprism/docker-compose.yml b/Composer/photoprism/docker-compose.yml new file mode 100644 index 0000000..4cea8df --- /dev/null +++ b/Composer/photoprism/docker-compose.yml @@ -0,0 +1,99 @@ +version: '3.5' + +services: + photoprism: + image: photoprism/photoprism:latest + depends_on: + - mariadb + restart: unless-stopped + security_opt: + - seccomp:unconfined + - apparmor:unconfined + #ports: + # - "2342:2342" # HTTP port (host:container) + labels: + caddy: ${SERVER_DOMAIN} + caddy.reverse_proxy: "{{upstreams http 2342}}" + #caddy.@denied.not.remote_ip: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8" + #caddy.reverse_proxy: "@denied {{upstreams 2342}}" + caddy.tls: "internal" + networks: + - caddy + - photoprism + environment: + PHOTOPRISM_ADMIN_USER: "admin" # superadmin username + PHOTOPRISM_ADMIN_PASSWORD: ${ADMIN_PW} # initial superadmin password (minimum 8 characters) + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: ${SERVER_URL} # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic + PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) + PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance) + PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) + PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) + PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) + PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name + PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name + PHOTOPRISM_DATABASE_PASSWORD: ${MYSQL_PW} # MariaDB or MySQL database user password + PHOTOPRISM_SITE_CAPTION: "Henriks Fotos" + PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description + PHOTOPRISM_SITE_AUTHOR: "Henrik Mertens" # meta site author + ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): + # PHOTOPRISM_INIT: "tensorflow" + working_dir: "/photoprism" # do not change or remove + volumes: + - /mnt/helmut/homes/henrik/Fotos:/photoprism/originals/Fotos + - /mnt/helmut/homes/henrik/photoprism/originals:/photoprism/originals # Original media files (DO NOT REMOVE) + - /mnt/helmut/homes/henrik/photoprism/import:/photoprism/import + - "./data/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) + + mariadb: + restart: unless-stopped + image: mariadb:10.10 + security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 + - seccomp:unconfined + - apparmor:unconfined + command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + volumes: + - "./data/mysql:/var/lib/mysql" # DO NOT REMOVE + networks: + - photoprism + environment: + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" + MARIADB_DATABASE: "photoprism" + MARIADB_USER: "photoprism" + MARIADB_PASSWORD: ${MYSQL_PW} + MARIADB_ROOT_PASSWORD: ${MYSQL_PW} + + ## Watchtower upgrades services automatically (optional) + ## see https://docs.photoprism.app/getting-started/updates/#watchtower + ## activate via "COMPOSE_PROFILES=update docker compose up -d" + #watchtower: + # restart: unless-stopped + # image: containrrr/watchtower + # profiles: ["update"] + # environment: + # WATCHTOWER_CLEANUP: "true" + # WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours + # volumes: + # - "/var/run/docker.sock:/var/run/docker.sock" + # - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account + + +networks: + photoprism: + internal: true + caddy: + external: true \ No newline at end of file diff --git a/Composer/portainer/docker-compose.yml b/Composer/portainer/docker-compose.yml new file mode 100644 index 0000000..4cea8df --- /dev/null +++ b/Composer/portainer/docker-compose.yml @@ -0,0 +1,99 @@ +version: '3.5' + +services: + photoprism: + image: photoprism/photoprism:latest + depends_on: + - mariadb + restart: unless-stopped + security_opt: + - seccomp:unconfined + - apparmor:unconfined + #ports: + # - "2342:2342" # HTTP port (host:container) + labels: + caddy: ${SERVER_DOMAIN} + caddy.reverse_proxy: "{{upstreams http 2342}}" + #caddy.@denied.not.remote_ip: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8" + #caddy.reverse_proxy: "@denied {{upstreams 2342}}" + caddy.tls: "internal" + networks: + - caddy + - photoprism + environment: + PHOTOPRISM_ADMIN_USER: "admin" # superadmin username + PHOTOPRISM_ADMIN_PASSWORD: ${ADMIN_PW} # initial superadmin password (minimum 8 characters) + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: ${SERVER_URL} # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic + PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) + PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance) + PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) + PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) + PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) + PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name + PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name + PHOTOPRISM_DATABASE_PASSWORD: ${MYSQL_PW} # MariaDB or MySQL database user password + PHOTOPRISM_SITE_CAPTION: "Henriks Fotos" + PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description + PHOTOPRISM_SITE_AUTHOR: "Henrik Mertens" # meta site author + ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): + # PHOTOPRISM_INIT: "tensorflow" + working_dir: "/photoprism" # do not change or remove + volumes: + - /mnt/helmut/homes/henrik/Fotos:/photoprism/originals/Fotos + - /mnt/helmut/homes/henrik/photoprism/originals:/photoprism/originals # Original media files (DO NOT REMOVE) + - /mnt/helmut/homes/henrik/photoprism/import:/photoprism/import + - "./data/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) + + mariadb: + restart: unless-stopped + image: mariadb:10.10 + security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 + - seccomp:unconfined + - apparmor:unconfined + command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + volumes: + - "./data/mysql:/var/lib/mysql" # DO NOT REMOVE + networks: + - photoprism + environment: + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" + MARIADB_DATABASE: "photoprism" + MARIADB_USER: "photoprism" + MARIADB_PASSWORD: ${MYSQL_PW} + MARIADB_ROOT_PASSWORD: ${MYSQL_PW} + + ## Watchtower upgrades services automatically (optional) + ## see https://docs.photoprism.app/getting-started/updates/#watchtower + ## activate via "COMPOSE_PROFILES=update docker compose up -d" + #watchtower: + # restart: unless-stopped + # image: containrrr/watchtower + # profiles: ["update"] + # environment: + # WATCHTOWER_CLEANUP: "true" + # WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours + # volumes: + # - "/var/run/docker.sock:/var/run/docker.sock" + # - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account + + +networks: + photoprism: + internal: true + caddy: + external: true \ No newline at end of file diff --git a/Composer/woodpecker/docker-compose.yml b/Composer/woodpecker/docker-compose.yml index 9944812..fc50070 100644 --- a/Composer/woodpecker/docker-compose.yml +++ b/Composer/woodpecker/docker-compose.yml @@ -3,10 +3,11 @@ version: '3' services: woodpecker-server: image: woodpeckerci/woodpecker-server:next + restart: always #ports: # - 8000:8000 volumes: - - woodpecker-server-data:/var/lib/woodpecker/ + - ./data/woodpecker:/var/lib/woodpecker/ environment: - WOODPECKER_LOG_LEVEL=info - WOODPECKER_OPEN=true @@ -20,7 +21,7 @@ services: - caddy - woodpecker labels: - caddy: woodpecker.localhost + caddy: woodpecker.mertens.digital caddy.reverse_proxy: "{{upstreams 8000}}" woodpecker-agent: image: woodpeckerci/woodpecker-agent:next @@ -37,12 +38,8 @@ services: - WOODPECKER_SERVER=woodpecker-server:9000 - WOODPECKER_SECRET=${WOODPECKER_AGENT_SECRET} -volumes: - woodpecker-server-data: - - networks: woodpecker: internal: true caddy: - external: true \ No newline at end of file + external: true