Compare commits
29 Commits
07b7ce6dd0
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
 ryuupendragon
|
fc9a82e0fc | ||
|
ryuupendragon
|
f6c2836eb1 | ||
|
ryuupendragon
|
1f215f50dd | ||
|
ryuupendragon
|
7093fd72c0 | ||
|
ryuupendragon
|
df48548d28 | ||
|
ryuupendragon
|
a41b248292 | ||
|
ryuupendragon
|
a4f1a3f637 | ||
|
ryuupendragon
|
ce4484d1c5 | ||
|
ryuupendragon
|
933e88616e | ||
|
ryuupendragon
|
298e15ca55 | ||
|
ryuupendragon
|
f4319da80e | ||
|
ryuupendragon
|
55802f0539 | ||
|
ryuupendragon
|
9c26c342cf | ||
|
ryuupendragon
|
d9d5022092 | ||
|
ryuupendragon
|
ec22c27e03 | ||
 renovate-bot
|
e7b42e4284 | ||
|
renovate-bot
|
deb4fff9df | ||
|
renovate-bot
|
ea2a39c317 | ||
|
renovate-bot
|
3678aedd4d | ||
|
ryuupendragon
|
310d542630 | ||
|
renovate-bot
|
8e86853f3d | ||
|
renovate-bot
|
ef581fbc53 | ||
|
renovate-bot
|
cdb784da81 | ||
|
renovate-bot
|
3fa6c744d9 | ||
|
renovate-bot
|
52bfb58cfa | ||
|
renovate-bot
|
b1d1051c46 | ||
|
renovate-bot
|
0ff40798bb | ||
|
renovate-bot
|
2c3e3c53da | ||
|
renovate-bot
|
0c1b94eaeb |
@@ -1,71 +1,53 @@
|
|||||||
# Vaultwarden Configuration - (Bitwarden-compatible) Password Manager
|
|
||||||
services:
|
services:
|
||||||
vaultwarden_db:
|
vaultwarden_db:
|
||||||
# PostgreSQL Database Configuration
|
|
||||||
container_name: vaultwarden_db
|
container_name: vaultwarden_db
|
||||||
image: docker.io/library/postgres:17.5
|
image: docker.io/library/postgres:17.5
|
||||||
restart: unless-stopped # Auto-recover from crashes
|
restart: unless-stopped
|
||||||
|
|
||||||
# Database credentials
|
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=${POSTGRES_USER} # Database username
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD} # Database password
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
- POSTGRES_DB=${POSTGRES_DB} # Database name
|
- POSTGRES_DB=${POSTGRES_DB}
|
||||||
|
|
||||||
# Persistent storage configuration
|
|
||||||
volumes:
|
volumes:
|
||||||
- ${APPDATA_PATH}/vaultwarden/db:/var/lib/postgresql/data # Database files
|
- ${APPDATA_PATH}/vaultwarden/db:/var/lib/postgresql/data
|
||||||
|
|
||||||
# Network configuration
|
|
||||||
ports:
|
ports:
|
||||||
- ${DB_PORT}:5432 # PostgreSQL default port
|
- ${DB_PORT}:5432
|
||||||
networks:
|
networks:
|
||||||
- backend # Connects to backend network
|
- backend
|
||||||
|
|
||||||
# Health monitoring
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"] # Connection check
|
test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
|
||||||
interval: 30s # Check every 30 seconds
|
interval: 30s
|
||||||
timeout: 5s # Maximum check duration
|
timeout: 5s
|
||||||
retries: 5 # Allow 5 failures before marking unhealthy
|
retries: 5
|
||||||
start_period: 20s # Initial grace period
|
start_period: 20s
|
||||||
|
|
||||||
vaultwarden_server:
|
vaultwarden_server:
|
||||||
container_name: vaultwarden_server
|
container_name: vaultwarden_server
|
||||||
# Container configuration
|
image: ghcr.io/dani-garcia/vaultwarden:1.34.1
|
||||||
image: ghcr.io/dani-garcia/vaultwarden:1.34.1 # Official Vaultwarden image
|
restart: unless-stopped
|
||||||
restart: unless-stopped # Auto-restart on failure
|
|
||||||
depends_on:
|
depends_on:
|
||||||
vaultwarden_db:
|
vaultwarden_db:
|
||||||
condition: service_healthy # Wait for healthy database
|
condition: service_healthy
|
||||||
|
|
||||||
# Application settings
|
|
||||||
environment:
|
environment:
|
||||||
- PUID=${PUID} # User ID for file permissions
|
- PUID=${PUID}
|
||||||
- PGID=${PGID} # Group ID for file permissions
|
- PGID=${PGID}
|
||||||
- TZ=${TZ} # Timezone configuration
|
- TZ=${TZ}
|
||||||
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@vaultwarden_db:5432/${POSTGRES_DB} # DB connection
|
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@vaultwarden_db:5432/${POSTGRES_DB}
|
||||||
- WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED} # Real-time updates
|
- WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
|
||||||
- LOG_FILE=/data/vaultwarden.log # Log file location
|
- LOG_FILE=/data/vaultwarden.log
|
||||||
# Uncomment and set these only on first run
|
# Uncomment and set these only on first run
|
||||||
# - DOMAIN=${DOMAIN} # Domain Name
|
# - DOMAIN=${DOMAIN}
|
||||||
# - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED} # User registration
|
# - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
|
||||||
# - ADMIN_TOKEN=${ADMIN_TOKEN} # Admin interface access token
|
# - ADMIN_TOKEN=${ADMIN_TOKEN}
|
||||||
|
|
||||||
# Persistent storage configuration
|
|
||||||
volumes:
|
volumes:
|
||||||
- ${APPDATA_PATH}/vaultwarden/data:/data # Vault data storage
|
- ${APPDATA_PATH}/vaultwarden/data:/data
|
||||||
|
|
||||||
# Network configuration
|
|
||||||
ports:
|
ports:
|
||||||
- ${SERVER_PORT}:80 # Web interface port
|
- ${SERVER_PORT}:80
|
||||||
networks:
|
networks:
|
||||||
- frontend # Connects to frontend network
|
- frontend
|
||||||
- backend # Connects to backend network
|
- backend
|
||||||
|
|
||||||
# External network definitions
|
|
||||||
networks:
|
networks:
|
||||||
frontend:
|
frontend:
|
||||||
external: true # Uses existing frontend network
|
external: true
|
||||||
backend:
|
backend:
|
||||||
external: true # Uses existing backend network
|
external: true
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
adminer:
|
adminer:
|
||||||
container_name: adminer
|
container_name: adminer
|
||||||
image: docker.io/library/adminer:5.4.2@sha256:16a72c6140f64d00a3a9edf8d3d3b18a7b0a29ca31b0453378d9eb71f01f9e34
|
image: docker.io/library/adminer:5.4.2@sha256:41898b976011fd87f2d3037366ad97f7d89fddfebc8aa8b3a7d77d0c465aa37b
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- ${PORT}:8080
|
- ${PORT}:8080
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
dockhand_db:
|
dockhand_db:
|
||||||
container_name: dockhand_db
|
container_name: dockhand_db
|
||||||
image: docker.io/library/postgres:18.3@sha256:a9abf4275f9e99bff8e6aed712b3b7dfec9cac1341bba01c1ffdfce9ff9fc34a
|
image: docker.io/library/postgres:18.3@sha256:78481659c47e862334611ccdaf7c369c986b3046da9857112f3b309114a65fb4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=${POSTGRES_USER}
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
@@ -21,7 +21,7 @@ services:
|
|||||||
|
|
||||||
dockhand:
|
dockhand:
|
||||||
container_name: dockhand
|
container_name: dockhand
|
||||||
image: fnsys/dockhand:v1.0.22@sha256:3f38c995dfdb1f51f07ffb796162b445744456c2b8a1929c33a8b0593250892e
|
image: fnsys/dockhand:v1.0.27@sha256:8c2f62e215d257e3b17fd0d458d4fcd134f67c4ee495831b818004677ad57e3b
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
dockhand_db:
|
dockhand_db:
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
forgejo:
|
forgejo:
|
||||||
container_name: forgejo
|
container_name: forgejo
|
||||||
image: codeberg.org/forgejo/forgejo:14.0.3-rootless@sha256:3bde16a366e57f37c09599b77ceb83ed05b1934f8224072f8140bc66cf243608
|
image: codeberg.org/forgejo/forgejo:15.0.1-rootless@sha256:4f4d168b4e792d0f73e5f4da0548f3b54b9c9d03fb85f277c97eb985cb9a290a
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
user: ${PUID}:${PGID}
|
user: ${PUID}:${PGID}
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
gitea_runner:
|
gitea_runner:
|
||||||
container_name: gitea_runner
|
container_name: gitea_runner
|
||||||
image: docker.io/gitea/act_runner:0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
|
image: docker.io/gitea/act_runner:0.6.0@sha256:b2df7d04d17334ff8e741c32b0df099d5df046d96599cb330d4ed7c097cb087f
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
CONFIG_FILE: /config.yml
|
CONFIG_FILE: /config.yml
|
||||||
|
|||||||
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
hawser:
|
hawser:
|
||||||
container_name: hawser
|
container_name: hawser
|
||||||
image: ghcr.io/finsys/hawser:0.2.39@sha256:03c9f31205f7b5ee7aef55bf3058d050fe4ac8a745029c19107eaa0c34ef3422
|
image: ghcr.io/finsys/hawser:0.2.41@sha256:53bb1e23fb302f337d70fe111affee5f30f476c56aeb33c6c8c1d510fdc4133c
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- TOKEN=${TOKEN}
|
- TOKEN=${TOKEN}
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
healthchecks:
|
healthchecks:
|
||||||
container_name: healthchecks
|
container_name: healthchecks
|
||||||
image: ghcr.io/linuxserver/healthchecks:4.1.20260323@sha256:9284fb75cc62aafebb01eceef41f1630cc5c97c25ea2e310083e9799f36836f3
|
image: ghcr.io/linuxserver/healthchecks:4.2.20260428@sha256:2973440afcdcf5884b334782a70b7a7c292595810ad3a162f0289d2e878f2c80
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- PUID=${PUID}
|
- PUID=${PUID}
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
home-assistant:
|
home-assistant:
|
||||||
container_name: home-assistant
|
container_name: home-assistant
|
||||||
image: ghcr.io/home-assistant/home-assistant:2026.4.0@sha256:7fbf6a5e006e889d7799476ad7646bd18e9dc73e8a4ccd9326b41798de6bb3bf
|
image: ghcr.io/home-assistant/home-assistant:2026.4.4@sha256:c1e5f0147f4cb51ccb05bb30b62a1269cc1bd48a6274792d3b38a77ab274dfd2
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ${APPDATA_PATH}/home-assistant/config:/config
|
- ${APPDATA_PATH}/home-assistant/config:/config
|
||||||
|
|||||||
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
kiwix:
|
kiwix:
|
||||||
container_name: kiwix
|
container_name: kiwix
|
||||||
image: ghcr.io/kiwix/kiwix-serve:3.8.2@sha256:acdab28186a66b51bfd4202210c6732931ea95cf41c711148a0c9770b9fcc9e1
|
image: ghcr.io/kiwix/kiwix-serve:3.8.2@sha256:0b6541355b250c6b45d2d7725e88f22f1d6a0f45ad9480d9c0bd4bc58436a12f
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
- '*.zim'
|
- '*.zim'
|
||||||
|
|||||||
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
lldap_db:
|
lldap_db:
|
||||||
container_name: lldap_db
|
container_name: lldap_db
|
||||||
image: docker.io/library/postgres:18.3@sha256:a9abf4275f9e99bff8e6aed712b3b7dfec9cac1341bba01c1ffdfce9ff9fc34a
|
image: docker.io/library/postgres:18.3@sha256:78481659c47e862334611ccdaf7c369c986b3046da9857112f3b309114a65fb4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=${POSTGRES_USER}
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
services:
|
||||||
|
newt:
|
||||||
|
container_name: newt
|
||||||
|
image: fosrl/newt:1.12.2
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- PANGOLIN_ENDPOINT=${PANGOLIN_ENDPOINT}
|
||||||
|
- NEWT_ID=${NEWT_ID}
|
||||||
|
- NEWT_SECRET=${NEWT_SECRET}
|
||||||
|
network_mode: host
|
||||||
@@ -0,0 +1,45 @@
|
|||||||
|
name: pangolin
|
||||||
|
services:
|
||||||
|
pangolin:
|
||||||
|
container_name: pangolin
|
||||||
|
image: ghcr.io/fosrl/pangolin:1.18.0
|
||||||
|
restart: unless-stopped
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: 1g
|
||||||
|
reservations:
|
||||||
|
memory: 256m
|
||||||
|
volumes:
|
||||||
|
- ./config:/app/config
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
|
||||||
|
interval: "10s"
|
||||||
|
timeout: "10s"
|
||||||
|
retries: 15
|
||||||
|
|
||||||
|
traefik:
|
||||||
|
container_name: traefik
|
||||||
|
image: ghcr.io/traefik/traefik:v3.6.14
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
pangolin:
|
||||||
|
condition: service_healthy
|
||||||
|
command:
|
||||||
|
- --configFile=/etc/traefik/traefik_config.yml
|
||||||
|
environment:
|
||||||
|
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
|
||||||
|
volumes:
|
||||||
|
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
|
||||||
|
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
|
||||||
|
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
|
||||||
|
ports:
|
||||||
|
- 443:443
|
||||||
|
- 80:80
|
||||||
|
- 22:22
|
||||||
|
- 2222:2222
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
name: pangolin
|
||||||
@@ -0,0 +1,66 @@
|
|||||||
|
name: pangolin
|
||||||
|
services:
|
||||||
|
pangolin:
|
||||||
|
container_name: pangolin
|
||||||
|
image: ghcr.io/fosrl/pangolin:1.18.0
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./config:/app/config
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
|
||||||
|
interval: "10s"
|
||||||
|
timeout: "10s"
|
||||||
|
retries: 15
|
||||||
|
|
||||||
|
gerbil:
|
||||||
|
container_name: gerbil
|
||||||
|
image: ghcr.io/fosrl/gerbil:1.3.1
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
pangolin:
|
||||||
|
condition: service_healthy
|
||||||
|
command:
|
||||||
|
- --reachableAt=http://gerbil:3004
|
||||||
|
- --generateAndSaveKeyTo=/var/config/key
|
||||||
|
- --remoteConfig=http://pangolin:3001/api/v1/
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- SYS_MODULE
|
||||||
|
volumes:
|
||||||
|
- ./config/:/var/config
|
||||||
|
ports:
|
||||||
|
- 51820:51820/udp
|
||||||
|
- 21820:21820/udp
|
||||||
|
- 443:443
|
||||||
|
- 80:80
|
||||||
|
|
||||||
|
traefik:
|
||||||
|
container_name: traefik
|
||||||
|
image: ghcr.io/traefik/traefik:v3.6.14
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
pangolin:
|
||||||
|
condition: service_healthy
|
||||||
|
command:
|
||||||
|
- --configFile=/etc/traefik/traefik_config.yml
|
||||||
|
environment:
|
||||||
|
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
|
||||||
|
volumes:
|
||||||
|
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
|
||||||
|
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
|
||||||
|
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
|
||||||
|
network_mode: service:gerbil # Ports appear on the gerbil service
|
||||||
|
|
||||||
|
webfinger: # For Tailscale
|
||||||
|
container_name: webfinger
|
||||||
|
image: nginx:1.30.0-alpine
|
||||||
|
volumes:
|
||||||
|
- ./webfinger/webfinger.json:/usr/share/nginx/html/.well-known/webfinger:ro
|
||||||
|
- ./webfinger/nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
name: pangolin
|
||||||
|
enable_ipv6: true # activate if your system supports IPv6
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
pocket-id-db:
|
pocket-id-db:
|
||||||
container_name: pocket-id-db
|
container_name: pocket-id-db
|
||||||
image: docker.io/library/postgres:18.3@sha256:a9abf4275f9e99bff8e6aed712b3b7dfec9cac1341bba01c1ffdfce9ff9fc34a
|
image: docker.io/library/postgres:18.3@sha256:78481659c47e862334611ccdaf7c369c986b3046da9857112f3b309114a65fb4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=${POSTGRES_USER}
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
@@ -21,7 +21,7 @@ services:
|
|||||||
|
|
||||||
pocket-id:
|
pocket-id:
|
||||||
container_name: pocket-id
|
container_name: pocket-id
|
||||||
image: ghcr.io/pocket-id/pocket-id:v2.5.0-distroless@sha256:deadc3c4dd6655a7d7f959200db1c74e394942dc061e6f3732b709983a08aab7
|
image: ghcr.io/pocket-id/pocket-id:v2.6.2-distroless@sha256:a9adc636b5d30098307b8a1292c5887a59690cd5429aac5e87b588852f9c346d
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
pocket-id-db:
|
pocket-id-db:
|
||||||
|
|||||||
Reference in New Issue
Block a user