From b2e3483d7a34f45c908b80692aa7fb4333a77cb8 Mon Sep 17 00:00:00 2001 From: waveringana Date: Sat, 31 May 2025 21:23:07 -0400 Subject: [PATCH] add docker --- .gitignore | 9 +++ beszel/docker-compose.yml | 23 ++++++ komodo/compose.env | 138 +++++++++++++++++++++++++++++++++ komodo/compose.yml | 85 ++++++++++++++++++++ notes/compose.yml | 74 ++++++++++++++++++ pocketid/docker-compose.yml | 17 ++++ s3web/docker-compose.yml | 13 ++++ vaultwarden/docker-compose.yml | 20 +++++ 8 files changed, 379 insertions(+) create mode 100644 .gitignore create mode 100644 beszel/docker-compose.yml create mode 100644 komodo/compose.env create mode 100644 komodo/compose.yml create mode 100644 notes/compose.yml create mode 100644 pocketid/docker-compose.yml create mode 100644 s3web/docker-compose.yml create mode 100644 vaultwarden/docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8272d53 --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +.env +*.env.local +*.env.[a-zA-Z0-9]* # Ignore specific environment files like .env.production, .env.staging, etc. + +vaultwarden/vw-data +pocketid/data +beszel/beszel_data +beszel/beszel_socket +authentik \ No newline at end of file diff --git a/beszel/docker-compose.yml b/beszel/docker-compose.yml new file mode 100644 index 0000000..135d660 --- /dev/null +++ b/beszel/docker-compose.yml @@ -0,0 +1,23 @@ +services: + beszel: + image: henrygd/beszel:latest + container_name: beszel + restart: unless-stopped + ports: + - 8090:8090 + volumes: + - ./beszel_data:/beszel_data + - ./beszel_socket:/beszel_socket + + beszel-agent: + image: henrygd/beszel-agent:latest + container_name: beszel-agent + restart: unless-stopped + network_mode: host + volumes: + - ./beszel_socket:/beszel_socket + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + LISTEN: /beszel_socket/beszel.sock + # Do not remove quotes around the key + KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBqN5zZLDBhxD2pEVCekTD+3CDPtvZqGRh9Y9xn3eby' diff --git a/komodo/compose.env b/komodo/compose.env new file mode 100644 index 0000000..f305899 --- /dev/null +++ b/komodo/compose.env @@ -0,0 +1,138 @@ +#################################### +# 🦎 KOMODO COMPOSE - VARIABLES 🦎 # +#################################### + +## These compose variables can be used with all Komodo deployment options. +## Pass these variables to the compose up command using `--env-file komodo/compose.env`. +## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`, +## so you can pass any additional environment variables to Core / Periphery directly in this file as well. + +## Stick to a specific version, or use `latest` +COMPOSE_KOMODO_IMAGE_TAG=latest + +## Note: 🚨 Podman does NOT support local logging driver 🚨. See Podman options here: +## `https://docs.podman.io/en/v4.6.1/markdown/podman-run.1.html#log-driver-driver` +COMPOSE_LOGGING_DRIVER=local # Enable log rotation with the local driver. + +## DB credentials - Ignored for Sqlite +KOMODO_DB_USERNAME=admin +KOMODO_DB_PASSWORD=admin + +## Configure a secure passkey to authenticate between Core / Periphery. +KOMODO_PASSKEY="CutestR0s3!123" + +## Set your time zone for schedules +## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Etc/UTC + +#=-------------------------=# +#= Komodo Core Environment =# +#=-------------------------=# + +## Full variable list + descriptions are available here: +## 🦎 https://github.com/moghtech/komodo/blob/main/config/core.config.toml 🦎 + +## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets. +## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples + +## Used for Oauth / Webhook url suggestion / Caddy reverse proxy. +KOMODO_HOST=https://komodo.nekomimi.pet +## Displayed in the browser tab. +KOMODO_TITLE=Komodo +## Create a server matching this address as the "first server". +## Use `https://host.docker.internal:8120` when using systemd-managed Periphery. +KOMODO_FIRST_SERVER=https://periphery:8120 +## Make all buttons just double-click, rather than the full confirmation dialog. +KOMODO_DISABLE_CONFIRM_DIALOG=false + +## Rate Komodo polls your servers for +## status / container status / system stats / alerting. +## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min. +## Default: 15-sec +KOMODO_MONITORING_INTERVAL="15-sec" +## Rate Komodo polls Resources for updates, +## like outdated commit hash. +## Options: 1-min, 5-min, 15-min, 30-min, 1-hr. +## Default: 5-min +KOMODO_RESOURCE_POLL_INTERVAL="5-min" + +## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE +KOMODO_WEBHOOK_SECRET=CutestR0s3!123 +## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE +KOMODO_JWT_SECRET=ILOVEGIRLDICKSOMUCH + +## Enable login with username + password. +KOMODO_LOCAL_AUTH=true +## Disable new user signups. +KOMODO_DISABLE_USER_REGISTRATION=false +## All new logins are auto enabled +KOMODO_ENABLE_NEW_USERS=false +## Disable non-admins from creating new resources. +KOMODO_DISABLE_NON_ADMIN_CREATE=false +## Allows all users to have Read level access to all resources. +KOMODO_TRANSPARENT_MODE=false + +## Time to live for jwt tokens. +## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk +KOMODO_JWT_TTL="1-day" + +## OIDC Login +KOMODO_OIDC_ENABLED=true +## Must reachable from Komodo Core container +KOMODO_OIDC_PROVIDER=https://pocketid.nekomimi.pet +## Change the host to one reachable be reachable by users (optional if it is the same as above). +## DO NOT include the `path` part of the URL. +KOMODO_OIDC_REDIRECT_HOST=https://pocketid.nekomimi.pet +## Your OIDC client id +KOMODO_OIDC_CLIENT_ID=79a5b4ab-fa34-428d-9abf-75078845d25d # Alt: KOMODO_OIDC_CLIENT_ID_FILE +## Your OIDC client secret. +## If your provider supports PKCE flow, this can be ommitted. +KOMODO_OIDC_CLIENT_SECRET=imSJdYeKdnY08AR6Cy3KaUhVKblSsAyi # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE +## Make usernames the full email. +## Note. This does not work for all OIDC providers. +# KOMODO_OIDC_USE_FULL_EMAIL=true +## Add additional trusted audiences for token claims verification. +## Supports comma separated list, and passing with _FILE (for compose secrets). +# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE + +## Github Oauth +KOMODO_GITHUB_OAUTH_ENABLED=false +# KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE +# KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE + +## Google Oauth +KOMODO_GOOGLE_OAUTH_ENABLED=false +# KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE +# KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE + +## Aws - Used to launch Builder instances. +KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE +KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE + +#=------------------------------=# +#= Komodo Periphery Environment =# +#=------------------------------=# + +## Full variable list + descriptions are available here: +## 🦎 https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml 🦎 + +## Specify the root directory used by Periphery agent. +PERIPHERY_ROOT_DIRECTORY=/etc/komodo + +## Periphery passkeys must include KOMODO_PASSKEY to authenticate. +PERIPHERY_PASSKEYS=${KOMODO_PASSKEY} + +## Specify whether to disable the terminals feature +## and disallow remote shell access (inside the Periphery container). +PERIPHERY_DISABLE_TERMINALS=false + +## Enable SSL using self signed certificates. +## Connect to Periphery at https://address:8120. +PERIPHERY_SSL_ENABLED=true + +## If the disk size is overreporting, can use one of these to +## whitelist / blacklist the disks to filter them, whichever is easier. +## Accepts comma separated list of paths. +## Usually whitelisting just /etc/hostname gives correct size. +PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname +# PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos diff --git a/komodo/compose.yml b/komodo/compose.yml new file mode 100644 index 0000000..b43f2c5 --- /dev/null +++ b/komodo/compose.yml @@ -0,0 +1,85 @@ +################################ +# 🦎 KOMODO COMPOSE - MONGO 🦎 # +################################ + +## This compose file will deploy: +## 1. MongoDB +## 2. Komodo Core +## 3. Komodo Periphery + +services: + mongo: + image: mongo + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + command: --quiet --wiredTigerCacheSizeGB 0.25 + restart: unless-stopped + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + # ports: + # - 27017:27017 + volumes: + - mongo-data:/data/db + - mongo-config:/data/configdb + environment: + MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DB_PASSWORD} + + core: + image: ghcr.io/moghtech/komodo-core:${COMPOSE_KOMODO_IMAGE_TAG:-latest} + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + restart: unless-stopped + depends_on: + - mongo + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + ports: + - 9120:9120 + env_file: ./compose.env + environment: + KOMODO_DATABASE_ADDRESS: mongo:27017 + KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME} + KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD} + volumes: + ## Core cache for repos for latest commit hash / contents + - repo-cache:/repo-cache + ## Store sync files on server + # - /path/to/syncs:/syncs + ## Optionally mount a custom core.config.toml + # - /path/to/core.config.toml:/config/config.toml + ## Allows for systemd Periphery connection at + ## "http://host.docker.internal:8120" + # extra_hosts: + # - host.docker.internal:host-gateway + + ## Deploy Periphery container using this block, + ## or deploy the Periphery binary with systemd using + ## https://github.com/moghtech/komodo/tree/main/scripts + periphery: + image: ghcr.io/moghtech/komodo-periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest} + ports: + - 8120:8120 + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + restart: unless-stopped + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + env_file: ./compose.env + volumes: + ## Mount external docker socket + - /var/run/docker.sock:/var/run/docker.sock + ## Allow Periphery to see processes outside of container + - /proc:/proc + ## Specify the Periphery agent root directory. + ## Must be the same inside and outside the container, + ## or docker will get confused. See https://github.com/moghtech/komodo/discussions/180. + ## Default: /etc/komodo. + - ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}:${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo} + +volumes: + # Mongo + mongo-data: + mongo-config: + # Core + repo-cache: diff --git a/notes/compose.yml b/notes/compose.yml new file mode 100644 index 0000000..78bdb45 --- /dev/null +++ b/notes/compose.yml @@ -0,0 +1,74 @@ +name: affine +services: + affine: + image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable} + container_name: affine_server + ports: + - '${PORT:-3010}:3010' + depends_on: + redis: + condition: service_healthy + postgres: + condition: service_healthy + affine_migration: + condition: service_completed_successfully + volumes: + # custom configurations + - ${UPLOAD_LOCATION}:/root/.affine/storage + - ${CONFIG_LOCATION}:/root/.affine/config + env_file: + - .env + environment: + - REDIS_SERVER_HOST=redis + - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} + restart: unless-stopped + + affine_migration: + image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable} + container_name: affine_migration_job + volumes: + # custom configurations + - ${UPLOAD_LOCATION}:/root/.affine/storage + - ${CONFIG_LOCATION}:/root/.affine/config + command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js'] + env_file: + - .env + environment: + - REDIS_SERVER_HOST=redis + - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + + redis: + image: redis + container_name: affine_redis + healthcheck: + test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping'] + interval: 10s + timeout: 5s + retries: 5 + restart: unless-stopped + + postgres: + image: postgres:16 + container_name: affine_postgres + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + environment: + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_DB: ${DB_DATABASE:-affine} + POSTGRES_INITDB_ARGS: '--data-checksums' + # you better set a password for you database + # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy + POSTGRES_HOST_AUTH_METHOD: trust + healthcheck: + test: + ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"] + interval: 10s + timeout: 5s + retries: 5 + restart: unless-stopped diff --git a/pocketid/docker-compose.yml b/pocketid/docker-compose.yml new file mode 100644 index 0000000..8e4a075 --- /dev/null +++ b/pocketid/docker-compose.yml @@ -0,0 +1,17 @@ +services: + pocket-id: + image: ghcr.io/pocket-id/pocket-id:v1.0 + container_name: pocket-id + restart: unless-stopped + env_file: .env + ports: + - 3000:1411 + volumes: + - "./data:/app/data" + # Optional healthcheck + healthcheck: + test: "curl -f http://localhost:1411/healthz" + interval: 1m30s + timeout: 5s + retries: 2 + start_period: 10s diff --git a/s3web/docker-compose.yml b/s3web/docker-compose.yml new file mode 100644 index 0000000..524c92c --- /dev/null +++ b/s3web/docker-compose.yml @@ -0,0 +1,13 @@ +services: + webui: + image: khairul169/garage-webui:latest + container_name: garage-webui + restart: unless-stopped + volumes: + - /etc/garage.toml:/etc/garage.toml:ro + ports: + - 3909:3909 + environment: + API_BASE_URL: "http://127.0.0.1:3903" + S3_ENDPOINT_URL: "http://127.0.0.1:3900" + network_mode: "host" \ No newline at end of file diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml new file mode 100644 index 0000000..ad78161 --- /dev/null +++ b/vaultwarden/docker-compose.yml @@ -0,0 +1,20 @@ +services: + vaultwarden: + image: ghcr.io/timshel/oidcwarden:latest + container_name: vaultwarden + restart: unless-stopped + environment: + DOMAIN: "https://pass.nekomimi.pet" + SSO_ENABLED: true + SSO_ONLY: true + SSO_SCOPES: "email profile offline_access" + SSO_FRONTEND: 'override' + SSO_MASTER_PASSWORD_POLICY: 'true' + SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION: 'true' + SSO_SIGNUPS_MATCH_EMAIL: 'true' + env_file: + - .env + volumes: + - ./vw-data/:/data/ + ports: + - 9002:80