peterwood/docker
1
0
Fork 0
mirror of https://github.com/acedanger/docker.git synced 2025-12-05 22:50:17 -08:00
Code Issues 1 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/acedanger/docker

Browse Source
This commit is contained in:
Peter Wood
2025-04-29 15:24:49 -04:00
parent df3b673ddd c8f57a1cd7
commit f4894f860a
31 changed files with 736 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.gitignore vendored
View File

@@ -1,14 +1,26 @@
core
cloudflare/tailscale/
nginxproxymanager/*/
media/audiobookshelf/
ntfy/*/
vaultwarden/*/
standard-notes/
pinchflat/
pinchflat/config/
homepage/config/logs/
speedtest/config/
caddy/ts-caddy/
pdf/stirling
caddy/caddy*
diun/data/
filebrowser/*.db
nginxproxymanager/data
nginxproxymanager/letsencrypt
nginxproxymanager/mysql
# stirling
pdf/stirling/latest/data/
pdf/stirling/latest/logs/
pdf/stirling/latest/config/db/backup/
pdf/stirling/latest/config/*.db
# ignore environment files
.env
memos/.memos/memos_prod.db

3
adguard/docker-compose.yml
View File

@@ -11,9 +11,10 @@ services:
- config:/opt/adguardhome/conf # app configuration
- work:/opt/adguardhome/work # app working directory
restart: always
labels:
- diun.enable=true
volumes:
config:
driver: local
work:
driver: local
networks: {}

8
caddy/.env.example Normal file
View File

@@ -0,0 +1,8 @@
# create the API token in https://dash.cloudflare.com/profile/api-tokens
# create auth tokens -
# `Zone.Zone:Read` for all zones, and
# `Zone.DNS:Edit` permissions for ptrwd.com
# https://github.com/caddy-dns/cloudflare
CF_ZONE_READ=
CF_DNS_EDIT=

155
caddy/Caddyfile Normal file
View File

@@ -0,0 +1,155 @@
{
# debug
email peter@peterwood.dev
}
ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# this is the the wiki
reverse_proxy ts-racknerd.whale-woodpecker.ts.net:8300
}
wiki.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Route ACME challenges explicitly to be handled internally by Caddy
route /.well-known/acme-challenge/* {
# No directive needed here; Caddy's internal handler takes precedence.
# This prevents the challenge requests from being proxied.
}
# Proxy all other requests to the wiki
route {
reverse_proxy ts-racknerd.whale-woodpecker.ts.net:8300
}
}
jellyfin.peterwood.rocks {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
reverse_proxy host.docker.internal:8096
}
# Serve a simple text message for home.ptrwd.com
home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Debugging: Log all requests
log {
output stdout
format console
}
# Allow connections only from private ranges and home IP using Cf-Connecting-Ip header
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
respond "Welcome home!" 200 {
close # Close the connection after responding
}
}
handle {
respond "Access denied" 403
}
}
# Reverse proxy for sonarr.home.ptrwd.com
sonarr.home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Allow connections only from private ranges and home IP
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
reverse_proxy ts-io.whale-woodpecker.ts.net:8989
}
handle {
respond 403
}
}
radarr.home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Allow connections only from private ranges and home IP
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
reverse_proxy ts-io.whale-woodpecker.ts.net:7878
}
handle {
respond 403
}
}
io.docker.home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Allow connections only from private ranges and home IP
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
reverse_proxy ts-io.whale-woodpecker.ts.net:5001
}
handle {
respond 403
}
}
europa.docker.home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Allow connections only from private ranges and home IP
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
reverse_proxy ts-europa.whale-woodpecker.ts.net:5001
}
handle {
respond 403
}
}
racknerd.docker.home.ptrwd.com {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_READ}
api_token {env.CF_DNS_EDIT}
}
}
# Allow connections only from private ranges and home IP
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
handle @allowAccess {
reverse_proxy ts-racknerd.whale-woodpecker.ts.net:5001
}
handle {
respond 403
}
}

9
caddy/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM caddy:2.10-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.10
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

37
caddy/docker-compose.yml
View File

@@ -1,18 +1,23 @@
services:
ts-caddy:
image: tailscale/tailscale:latest
container_name: ts-caddy
hostname: ts-caddy
environment:
- TS_AUTHKEY:${TAILSCALE_AUTHKEY}
- TS_SOCKET:/var/run/tailscale/tailscaled.sock
volumes:
- ${PWD}/ts-caddy/state:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
restart: unless-stopped
caddy:
image: caddy/caddy:latest
network_mode: service:ts-caddy
image: caddy-cloudflare
restart: always
ports:
- 80:80
- 443:443
- 443:443/udp
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
environment:
CF_ZONE_READ: ${CF_ZONE_READ}
CF_DNS_EDIT: ${CF_DNS_EDIT}
extra_hosts:
- host.docker.internal:host-gateway
labels:
- diun.enable=true
volumes:
caddy_data:
caddy_config:

4
cloudflare/docker-compose.yml
View File

@@ -6,6 +6,8 @@ services:
command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
depends_on:
- tailscale
labels:
- diun.enable=true
tailscale:
container_name: tailscale
image: tailscale/tailscale:stable
@@ -22,4 +24,6 @@ services:
command: tailscaled
privileged: true
restart: unless-stopped
labels:
- diun.enable=true
networks: {}

4
database/docker-compose.yml
View File

@@ -13,6 +13,8 @@ services:
networks:
- postgres
restart: unless-stopped
labels:
- diun.enable=true
pgadmin:
container_name: pgadmin_container
@@ -28,6 +30,8 @@ services:
networks:
- postgres
restart: unless-stopped
labels:
- diun.enable=true
networks:
postgres:

23
diun/compose.yaml Normal file
View File

@@ -0,0 +1,23 @@
services:
diun:
image: crazymax/diun:latest
command: serve
hostname: diun
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=America/New_York
- DIUN_WATCH_WORKERS=20
- DIUN_WATCH_SCHEDULE=0 */2 * * *
- DIUN_WATCH_JITTER=30s
- DIUN_DEFAULTS_NOTIFYON=new,update
- DIUN_PROVIDERS_DOCKER=true
- DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true
- DIUN_NOTIF_TELEGRAM_TOKEN=${TELEGRAM_TOKEN}
- DIUN_NOTIF_TELEGRAM_CHATIDS=${TELEGRAM_CHAT_ID}
#- DIUN_NOTIF_TELEGRAM_TEMPLATEBODY=${TELEGRAM_TEMPLATE}
labels:
- diun.enable=true
restart: unless-stopped
networks: {}

35
docmost/compose.yaml Normal file
View File

@@ -0,0 +1,35 @@
services:
docmost:
image: docmost/docmost:latest
depends_on:
- db
- redis
environment:
APP_URL: http://localhost:3000
APP_SECRET: ${APP_SECRET}
DATABASE_URL: ${POSTGRES_URL}
REDIS_URL: redis://redis:6379
ports:
- 9380:3000
restart: unless-stopped
volumes:
- docmost:/app/data/storage
db:
image: postgres:16-alpine
environment:
POSTGRES_DB: docmost
POSTGRES_USER: docmost
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: unless-stopped
volumes:
- db_data:/var/lib/postgresql/data
redis:
image: redis:7.2-alpine
restart: unless-stopped
volumes:
- redis_data:/data
volumes:
docmost: null
db_data: null
redis_data: null
networks: {}

12
dozzle/docker-compose.yml
View File

@@ -6,9 +6,13 @@ services:
ports:
- 9999:8080
environment:
# DOZZLE_REMOTE_HOST: tcp://ts-vperanda:2375|vperanda,tcp://ts-svr-office:2375
# DOZZLE_REMOTE_HOST: tcp://ts-rackerd:2375|racknerd,tcp://ts-svr-office:2375|svr-office
DOZZLE_HOSTNAME: ${HOSTNAME}
DOZZLE_ENABLE_ACTIONS: true
DOZZLE_AUTH_PROVIDER: forward-proxy
DOZZLE_AUTH_HEADER_USER: ${DOZZLE_AUTH_HEADER_USER}
DOZZLE_AUTH_HEADER_EMAIL: ${DOZZLE_AUTH_HEADER_EMAIL}
DOZZLE_AUTH_HEADER_NAME: ${DOZZLE_AUTH_HEADER_NAME}
restart: unless-stopped
networks:
cloudflare_default:
external: true
labels:
- diun.enable=true

14
filebrowser/compose.yaml Normal file
View File

@@ -0,0 +1,14 @@
services:
filebrowser:
image: filebrowser/filebrowser:latest
container_name: filebrowser
restart: unless-stopped
volumes:
- /mnt/share/media/tv:/srv
- ./database.db:/database.db
environment:
- PUID=1000
- PGID=1000
ports:
- 8212:80
networks: {}

2
golinks/docker-compose.yml
View File

@@ -5,6 +5,8 @@ services:
image: ghcr.io/tailscale/golink:main
volumes:
- golinks_data:/home/nonroot
labels:
- diun.enable=true
volumes:
golinks_data:

15
hoarder/docker-compose.yml
View File

@@ -1,6 +1,7 @@
name: hoarder
services:
hoarder:
image: ghcr.io/hoarder-app/hoarder:${HOARDER_VERSION:-release}
image: ghcr.io/karakeep-app/karakeep:${HOARDER_VERSION:-release}
restart: unless-stopped
volumes:
- data:/data
@@ -14,9 +15,13 @@ services:
NEXTAUTH_URL: ${NEXTAUTH_URL}
MEILI_MASTER_KEY: ${MEILI_MASTER_KEY}
DATA_DIR: /data
labels:
- diun.enable=true
chrome:
image: gcr.io/zenika-hub/alpine-chrome:123
restart: unless-stopped
labels:
- diun.enable=true
command:
- --no-sandbox
- --disable-gpu
@@ -31,7 +36,9 @@ services:
MEILI_NO_ANALYTICS: true
volumes:
- meilisearch:/meili_data
labels:
- diun.enable=true
volumes:
meilisearch:
data:
meilisearch: null
data: null
networks: {}

8
homepage/config/services.yaml
View File

@@ -56,21 +56,25 @@
- racknerd:
icon: docker.png
href: http://ts-racknerd:5001
description: racknerd docker containers.
description: racknerd docker containers.
- Stocks:
- Stocks:
icon: stock.png
icon: stocks.png
widget:
type: stocks
provider: finnhub
color: true
cache: 1
watchlist:
- ACHR
- AAPL
- AMZN
- DIS
- GOOG
- JEPQ
- META
- MSFT
- NVDA
- RDW

2
homepage/config/widgets.yaml
View File

@@ -8,5 +8,5 @@
disk: /
- search:
provider: duckduckgo
provider: google
target: _blank

5
homepage/docker-compose.yml
View File

@@ -12,6 +12,5 @@ services:
- ./config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
networks:
cloudflare_default:
external: true
labels:
- diun.enable=true

79
immich/docker-compose.yml Normal file
View File

@@ -0,0 +1,79 @@
#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- 2283:2283
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/redis:6.2-alpine@sha256:905c4ee67b8e0aa955331960d2aa745781e6bd89afc44a8584bfd13bc890f0ae
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: --data-checksums
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
healthcheck:
test: pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" ||
exit 1; Chksum="$$(psql --dbname="$${POSTGRES_DB}"
--username="$${POSTGRES_USER}" --tuples-only --no-align
--command='SELECT COALESCE(SUM(checksum_failures), 0) FROM
pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
"$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
command: postgres -c shared_preload_libraries=vectors.so -c
'search_path="$$user", public, vectors' -c logging_collector=on -c
max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on
restart: always
volumes:
model-cache: null
networks: {}

55
mealie/docker-compose.yml
View File

@@ -1,55 +0,0 @@
services:
mealie:
image: ghcr.io/mealie-recipes/mealie:latest
container_name: mealie
restart: always
ports:
- 9925:9000
deploy:
resources:
limits:
memory: 1000M
volumes:
- mealie-data:/app/data/
environment:
ALLOW_SIGNUP: false
PUID: 1000
PGID: 1000
TZ: America/New_York
MAX_WORKERS: 1
WEB_CONCURRENCY: 1
BASE_URL: ${BASE_URL}
# Database Settings
DB_ENGINE: ${DATABASE_TYPE}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_SERVER: ${POSTGRES_SERVER}
POSTGRES_PORT: ${POSTGRES_PORT}
POSTGRES_DB: ${POSTGRES_DB}
depends_on:
postgres:
condition: service_healthy
postgres:
container_name: postgres
image: postgres:15
restart: always
volumes:
- mealie-pgdata:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_USER}
POSTGRES_USER: ${POSTGRES_PASSWORD}
healthcheck:
test:
- CMD
- pg_isready
interval: 30s
timeout: 20s
retries: 3
volumes:
mealie-data: null
mealie-pgdata: null
networks:
cloudflare_default:
external: true
x-dockge:
urls: []

50
media/docker-compose.yml
View File

@@ -16,14 +16,16 @@ services:
- gluetun_data:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=protonvpn
- OPENVPN_USER=${OPENVPN_USER}
- OPENVPN_PASSWORD=${OPENVPN_PASSWORD}
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY}
- WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
- TZ=America/New_York # Timezone for accurate log times
- SERVER_COUNTRIES=United States
# - SERVER_CITIES=Stockholm
# - SERVER_HOSTNAMES: Comma separated list of server hostnames
restart: always
labels:
- diun.enable=true
sabnzbd:
image: lscr.io/linuxserver/sabnzbd:latest
container_name: sabnzbd
@@ -39,6 +41,8 @@ services:
# network_mode: "service:gluetun" forces sabnzbd to connect to the internet through the VPN defined in the gluetun container above
network_mode: service:gluetun
restart: always
labels:
- diun.enable=true
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
@@ -55,9 +59,9 @@ services:
- /data/usenet/downloads:/downloads
ports:
- 8989:8989
networks:
- cloudflare_default
restart: always
labels:
- diun.enable=true
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
@@ -74,8 +78,6 @@ services:
- /data/usenet/downloads:/downloads
ports:
- 7878:7878
networks:
- cloudflare_default
restart: always
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
@@ -88,9 +90,22 @@ services:
- /docker/config/prowlarr:/config
ports:
- 9696:9696
networks:
- cloudflare_default
restart: always
labels:
- diun.enable=true
jellyseerr:
image: fallenbagel/jellyseerr:latest
container_name: jellyseerr
environment:
- LOG_LEVEL=debug
- TZ=America/New_York
ports:
- 5055:5055
volumes:
- /docker/config/jellyseerr/:/app/config
restart: unless-stopped
labels:
- diun.enable=true
tautulli:
image: lscr.io/linuxserver/tautulli:latest
container_name: tautulli
@@ -102,9 +117,9 @@ services:
- tautulli:/config
ports:
- 8181:8181
networks:
- cloudflare_default
restart: always
labels:
- diun.enable=true
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
container_name: audiobookshelf
@@ -118,12 +133,11 @@ services:
- ./audiobookshelf/metadata:/metadata
environment:
- TZ=America/New_York
restart: always
labels:
- diun.enable=true
volumes:
gluetun_data: null
sabnzbd_data: null
tautulli: null
networks:
cloudflare_default:
external: true
networks: {}

9
memos/docker-compose.yml
View File

@@ -6,10 +6,7 @@ services:
- ./.memos/:/var/opt/memos
ports:
- 5230:5230
networks:
- cloudflare_default
restart: unless-stopped
networks:
cloudflare_default:
external: true
labels:
- diun.enable=true
networks: {}

3
metube/docker-compose.yml
View File

@@ -13,4 +13,5 @@ services:
- 7081:8081
volumes:
- /mnt/share/media/metube:/downloads
networks: {}
labels:
- diun.enable=true

9
nginxproxymanager/docker-compose.yml
View File

@@ -25,13 +25,13 @@ services:
DB_MYSQL_USER: npm
DB_MYSQL_PASSWORD: npm
DB_MYSQL_NAME: npm
networks:
- cloudflare_default
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
labels:
- diun.enable=true
db:
image: jc21/mariadb-aria:latest
restart: unless-stopped
@@ -42,6 +42,5 @@ services:
MYSQL_PASSWORD: npm
volumes:
- ./mysql:/var/lib/mysql
networks:
cloudflare_default:
external: true
labels:
- diun.enable=true

2
ntfy/docker-compose.yml
View File

@@ -15,3 +15,5 @@ services:
- 4080:80
- 4443:443
restart: unless-stopped
labels:
- diun.enable=true

20
pdf/docker-compose.yml
View File

@@ -13,12 +13,16 @@ services:
- ./stirling/latest/config:/configs:rw
- ./stirling/latest/logs:/logs:rw
environment:
DOCKER_ENABLE_SECURITY: "false"
SECURITY_ENABLELOGIN: "false"
LANGS: en_US
SYSTEM_DEFAULTLOCALE: en-US
UI_APPNAME: Stirling-PDF
UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest
UI_APPNAMENAVBAR: Stirling-PDF Latest
SECURITY_ENABLELOGIN: true
DOCKER_ENABLE_SECURITY: true
# SECURITY_INITIALLOGIN_USERNAME: ${SECURITY_INITIALLOGIN_USERNAME}
# SECURITY_INITIALLOGIN_PASSWORD: ${SECURITY_INITIALLOGIN_PASSWORD}
LANGS: "en-US"
SYSTEM_DEFAULTLOCALE: "en-US"
UI_APPNAME: "Stirling PDF"
UI_HOMEDESCRIPTION: ""
UI_APPNAMENAVBAR: ""
SYSTEM_MAXFILESIZE: "100"
restart: unless-stopped
restart: unless-stopped
labels:
- diun.enable=true

134
pdf/stirling/latest/config/custom_settings.yml Executable file
View File

@@ -0,0 +1,134 @@
#############################################################################################################
# Welcome to settings file from #
# ____ _____ ___ ____ _ ___ _ _ ____ ____ ____ _____ #
# / ___|_ _|_ _| _ \| | |_ _| \ | |/ ___| | _ \| _ \| ___| #
# \___ \ | | | || |_) | | | || \| | | _ _____| |_) | | | | |_ #
# ___) || | | || _ <| |___ | || |\ | |_| |_____| __/| |_| | _| #
# |____/ |_| |___|_| \_\_____|___|_| \_|\____| |_| |____/|_| #
# #
# Do not comment out any entry, it will be removed on next startup #
# If you want to override with environment parameter follow parameter naming SECURITY_INITIALLOGIN_USERNAME #
#############################################################################################################
security:
enableLogin: 'true' # set to 'true' to enable login
csrfDisabled: 'false' # set to 'true' to disable CSRF protection (not recommended for production)
loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
loginMethod: normal # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
initialLogin:
username: admin # initial username for the first login
password: changeme!1 # initial password for the first login
oauth2:
enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
client:
keycloak:
issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint
clientId: '' # client ID for Keycloak OAuth2
clientSecret: '' # client secret for Keycloak OAuth2
scopes: openid, profile, email # scopes for Keycloak OAuth2
useAsUsername: preferred_username # field to use as the username for Keycloak OAuth2
google:
clientId: '' # client ID for Google OAuth2
clientSecret: '' # client secret for Google OAuth2
scopes: https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile # scopes for Google OAuth2
useAsUsername: email # field to use as the username for Google OAuth2
github:
clientId: '' # client ID for GitHub OAuth2
clientSecret: '' # client secret for GitHub OAuth2
scopes: read:user # scope for GitHub OAuth2
useAsUsername: login # field to use as the username for GitHub OAuth2
issuer: '' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint
clientId: '' # client ID from your provider
clientSecret: '' # client secret from your provider
autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
useAsUsername: email # default is 'email'; custom fields can be used as the username
scopes: openid, profile, email # specify the scopes for which the application will request permissions
provider: google # set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
saml2:
enabled: false # Only enabled for paid enterprise clients (enterpriseEdition.enabled must be true)
autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
registrationId: stirling
idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml
idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml
idpIssuer: http://www.okta.com/externalKey
idpCert: classpath:okta.crt
privateKey: classpath:saml-private-key.key
spCert: classpath:saml-public-cert.crt
enterpriseEdition:
enabled: false # set to 'true' to enable enterprise edition
key: 00000000-0000-0000-0000-000000000000
SSOAutoLogin: false # Enable to auto login to first provided SSO
CustomMetadata:
autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values
author: username # supports text such as 'John Doe' or types such as username to autopopulate with user's username
creator: Stirling-PDF # supports text such as 'Company-PDF'
producer: Stirling-PDF # supports text such as 'Company-PDF'
legal:
termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder
accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder
cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder
impressum: '' # URL to the impressum of your application (e.g. https://example.com/impressum). Empty string to disable or filename to load from local file in static folder
system:
defaultLocale: en-US # set the default language (e.g. 'de-DE', 'fr-FR', etc)
googlevisibility: false # 'true' to allow Google visibility (via robots.txt), 'false' to disallow
enableAlphaFunctionality: false # set to enable functionality which might need more testing before it fully goes live (this feature might make no changes)
showUpdate: false # see when a new update is available
showUpdateOnlyAdmin: false # only admins can see when a new update is available, depending on showUpdate it must be set to 'true'
customHTMLFiles: false # enable to have files placed in /customFiles/templates override the existing template HTML files
tessdataDir: /usr/share/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored.
enableAnalytics: 'true' # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true
datasource:
enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration
customDatabaseUrl: '' # eg jdbc:postgresql://localhost:5432/postgres, set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used
username: postgres # set the database username
password: postgres # set the database password
type: postgresql # the type of the database to set (e.g. 'h2', 'postgresql')
hostName: localhost # the host name to use for the database url. Set to 'localhost' when running the app locally. Set to match the name of the container name of your database container when running the app on a server (Docker configuration)
port: 5432 # set the port number of the database. Ensure this matches the port the database is listening to
name: postgres # set the name of your database. Should match the name of the database you create
ui:
appName: '' # application's visible name
homeDescription: '' # short description or tagline shown on the homepage
appNameNavbar: '' # name displayed on the navigation bar
endpoints:
toRemove: [] # list endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
groupsToRemove: [] # list groups to disable (e.g. ['LibreOffice'])
metrics:
enabled: 'false' # 'true' to enable Info APIs (`/api/*`) endpoints, 'false' to disable
# Automatically Generated Settings (Do Not Edit Directly)
AutomaticallyGenerated:
key: 241af3aa-bb38-4e14-a593-939b64d1d7a3
UUID: 78ddd78f-688c-4b07-a351-edb8580f1fbd
appVersion: 0.39.0
processExecutor:
sessionLimit: # Process executor instances limits
libreOfficeSessionLimit: 1
pdfToHtmlSessionLimit: 1
qpdfSessionLimit: 4
tesseractSessionLimit: 1
pythonOpenCvSessionLimit: 8
weasyPrintSessionLimit: 16
installAppSessionLimit: 1
calibreSessionLimit: 1
timeoutMinutes: # Process executor timeout in minutes
libreOfficetimeoutMinutes: 30
pdfToHtmltimeoutMinutes: 20
pythonOpenCvtimeoutMinutes: 30
weasyPrinttimeoutMinutes: 30
installApptimeoutMinutes: 60
calibretimeoutMinutes: 30
tesseractTimeoutMinutes: 30

135
pdf/stirling/latest/config/settings.yml Executable file
View File

@@ -0,0 +1,135 @@
#############################################################################################################
# Welcome to settings file from #
# ____ _____ ___ ____ _ ___ _ _ ____ ____ ____ _____ #
# / ___|_ _|_ _| _ \| | |_ _| \ | |/ ___| | _ \| _ \| ___| #
# \___ \ | | | || |_) | | | || \| | | _ _____| |_) | | | | |_ #
# ___) || | | || _ <| |___ | || |\ | |_| |_____| __/| |_| | _| #
# |____/ |_| |___|_| \_\_____|___|_| \_|\____| |_| |____/|_| #
# #
# Do not comment out any entry, it will be removed on next startup #
# If you want to override with environment parameter follow parameter naming SECURITY_INITIALLOGIN_USERNAME #
#############################################################################################################
security:
enableLogin: 'true' # set to 'true' to enable login
csrfDisabled: 'false' # set to 'true' to disable CSRF protection (not recommended for production)
loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
loginMethod: normal # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
initialLogin:
username: admin # initial username for the first login
password: changeme!1 # initial password for the first login
oauth2:
enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
client:
keycloak:
issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint
clientId: '' # client ID for Keycloak OAuth2
clientSecret: '' # client secret for Keycloak OAuth2
scopes: openid, profile, email # scopes for Keycloak OAuth2
useAsUsername: preferred_username # field to use as the username for Keycloak OAuth2
google:
clientId: '' # client ID for Google OAuth2
clientSecret: '' # client secret for Google OAuth2
scopes: https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile # scopes for Google OAuth2
useAsUsername: email # field to use as the username for Google OAuth2
github:
clientId: '' # client ID for GitHub OAuth2
clientSecret: '' # client secret for GitHub OAuth2
scopes: read:user # scope for GitHub OAuth2
useAsUsername: login # field to use as the username for GitHub OAuth2
issuer: '' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint
clientId: '' # client ID from your provider
clientSecret: '' # client secret from your provider
autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
useAsUsername: email # default is 'email'; custom fields can be used as the username
scopes: openid, profile, email # specify the scopes for which the application will request permissions
provider: google # set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
saml2:
enabled: false # Only enabled for paid enterprise clients (enterpriseEdition.enabled must be true)
autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
registrationId: stirling
idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml
idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml
idpIssuer: http://www.okta.com/externalKey
idpCert: classpath:okta.crt
privateKey: classpath:saml-private-key.key
spCert: classpath:saml-public-cert.crt
enterpriseEdition:
enabled: false # set to 'true' to enable enterprise edition
key: 00000000-0000-0000-0000-000000000000
SSOAutoLogin: false # Enable to auto login to first provided SSO
CustomMetadata:
autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values
author: username # supports text such as 'John Doe' or types such as username to autopopulate with user's username
creator: Stirling-PDF # supports text such as 'Company-PDF'
producer: Stirling-PDF # supports text such as 'Company-PDF'
legal:
termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder
accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder
cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder
impressum: '' # URL to the impressum of your application (e.g. https://example.com/impressum). Empty string to disable or filename to load from local file in static folder
system:
defaultLocale: en-US # set the default language (e.g. 'de-DE', 'fr-FR', etc)
googlevisibility: false # 'true' to allow Google visibility (via robots.txt), 'false' to disallow
enableAlphaFunctionality: false # set to enable functionality which might need more testing before it fully goes live (this feature might make no changes)
showUpdate: false # see when a new update is available
showUpdateOnlyAdmin: false # only admins can see when a new update is available, depending on showUpdate it must be set to 'true'
customHTMLFiles: false # enable to have files placed in /customFiles/templates override the existing template HTML files
tessdataDir: /usr/share/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored.
enableAnalytics: 'true' # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true
disableSanitize: false # set to true to disable Sanitize HTML; (can lead to injections in HTML)
datasource:
enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration
customDatabaseUrl: '' # eg jdbc:postgresql://localhost:5432/postgres, set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used
username: postgres # set the database username
password: postgres # set the database password
type: postgresql # the type of the database to set (e.g. 'h2', 'postgresql')
hostName: localhost # the host name to use for the database url. Set to 'localhost' when running the app locally. Set to match the name of the container name of your database container when running the app on a server (Docker configuration)
port: 5432 # set the port number of the database. Ensure this matches the port the database is listening to
name: postgres # set the name of your database. Should match the name of the database you create
ui:
appName: '' # application's visible name
homeDescription: '' # short description or tagline shown on the homepage
appNameNavbar: '' # name displayed on the navigation bar
endpoints:
toRemove: [] # list endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
groupsToRemove: [] # list groups to disable (e.g. ['LibreOffice'])
metrics:
enabled: 'false' # 'true' to enable Info APIs (`/api/*`) endpoints, 'false' to disable
# Automatically Generated Settings (Do Not Edit Directly)
AutomaticallyGenerated:
key: 241af3aa-bb38-4e14-a593-939b64d1d7a3
UUID: 78ddd78f-688c-4b07-a351-edb8580f1fbd
appVersion: 0.40.1
processExecutor:
sessionLimit: # Process executor instances limits
libreOfficeSessionLimit: 1
pdfToHtmlSessionLimit: 1
qpdfSessionLimit: 4
tesseractSessionLimit: 1
pythonOpenCvSessionLimit: 8
weasyPrintSessionLimit: 16
installAppSessionLimit: 1
calibreSessionLimit: 1
timeoutMinutes: # Process executor timeout in minutes
libreOfficetimeoutMinutes: 30
pdfToHtmltimeoutMinutes: 20
pythonOpenCvtimeoutMinutes: 30
weasyPrinttimeoutMinutes: 30
installApptimeoutMinutes: 60
calibretimeoutMinutes: 30
tesseractTimeoutMinutes: 30

6
pinchflat/docker-compose.yml
View File

@@ -8,6 +8,6 @@ services:
- ./config:/config
- /mnt/share/media/youtube:/downloads
image: ghcr.io/kieraneglin/pinchflat:latest
networks:
cloudflare_default:
external: true
restart: unless-stopped
labels:
- diun.enable=true

4
speedtest/docker-compose.yml
View File

@@ -14,8 +14,10 @@ services:
- SPEEDTEST_SERVERS=${SPEEDTEST_SERVERS}
- SPEEDTEST_PING_URL=${SPEEDTEST_PING_URL}
- PRUNE_RESULTS_OLDER_THAN=${PRUNE_RESULTS_OLDER_THAN}
- TZ=${APP_TIMEZONE}
- DISPLAY_TIMEZONE=${APP_TIMEZONE}
volumes:
- ./config:/config
restart: unless-stopped
labels:
- diun.enable=true
networks: {}

5
uptime-kuma/docker-compose.yml
View File

@@ -7,8 +7,9 @@ services:
ports:
- 6001:3001
restart: unless-stopped
labels:
- diun.enable=true
volumes:
uptime-kuma:
uptime-kuma:
name: uptime-kuma
external: true

3
vaultwarden/docker-compose.yml
View File

@@ -14,7 +14,8 @@ services:
- ROCKET_PORT=80
- ROCKET_PROFILE=release
restart: always
labels:
- diun.enable=true
volumes:
vaultwarden_data:
name: vaultwarden_data