[ { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: 'tommoulard'\n" }, { "path": ".github/dependabot.yml", "content": "# To get started with Dependabot version updates, you'll need to specify which\n# package ecosystems to update and where the package manifests are located.\n# Please see the documentation for all configuration options:\n# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates\n\nversion: 2\nupdates:\n # Maintain dependencies for GitHub Actions\n - package-ecosystem: 'github-actions'\n directory: '/'\n schedule:\n interval: 'weekly'\n" }, { "path": ".github/workflows/dockerpublish.yml", "content": "name: 'Tests'\n\non: # yamllint disable-line rule:truthy\n push: {}\n\njobs:\n Config-test:\n runs-on: 'ubuntu-latest'\n steps:\n - uses: 'KengoTODA/actions-setup-docker-compose@v1'\n with:\n version: '2.20.2'\n - uses: 'actions/checkout@v6'\n - name: 'DEBUG'\n run: 'docker version && docker compose version'\n - name: 'Run tests'\n run: './test.sh'\n - uses: 'actions/upload-artifact@v7'\n if: 'failure()'\n with:\n name: 'test-artifacts'\n path: |\n log.log\n *.patch\n Health-checks-codimd:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'codimd'\n timeout-minutes: 5\n # Health-checks-grafana:\n # uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n # with:\n # sus: 'mkdir -p ./grafana/grafana/ ./grafana/prometheus/data/'\n # service_name: 'grafana'\n # Health-checks-hits:\n # uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n # with:\n # sus: 'mkdir -p ./hits/postgresql/data'\n # service_name: 'hits'\n Health-checks-homeassistant:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'homeassistant'\n # Health-checks-hugo:\n # uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n # with:\n # service_name: 'hugo'\n Health-checks-jackett:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'jackett'\n Health-checks-kavita:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'kavita'\n # Health-checks-mastodon:\n # uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n # with:\n # service_name: 'mastodon'\n Health-checks-nextcloud:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'nextcloud'\n Health-checks-nginx:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'nginx'\n Health-checks-searxng:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'searxng'\n Health-checks-sharelatex:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'sharelatex'\n Health-checks-streama:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n sus: 'touch streama/streama.mv.db streama/streama.trace.db'\n service_name: 'streama'\n Health-checks-traefik:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'traefik'\n Health-checks-transmission:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'transmission'\n Health-checks-wordpress:\n uses: 'tomMoulard/make-my-server/.github/workflows/healthcheck.workflow.tmpl.yml@master'\n with:\n service_name: 'wordpress'\n Lint:\n runs-on: 'ubuntu-latest'\n steps:\n - uses: 'actions/checkout@v6'\n - name: 'Install yamllint'\n run: 'pip install yamllint'\n - name: 'yamllint version'\n run: 'yamllint --version'\n - name: 'Lint YAML files'\n run: 'yamllint --format github .'\n" }, { "path": ".github/workflows/healthcheck.workflow.tmpl.yml", "content": "on: # yamllint disable-line rule:truthy\n workflow_call:\n inputs:\n sus:\n description: 'a StartUp Script to run beforehand'\n required: false\n type: 'string'\n service_name:\n description: 'A service name to check health check uppon'\n required: true\n type: 'string'\n timeout-minutes:\n description: 'a timeout to waitfor running containers'\n required: false\n default: 2\n type: 'number'\n\njobs:\n health-check:\n runs-on: 'ubuntu-latest'\n steps:\n - uses: 'actions/checkout@v6'\n - uses: 'KengoTODA/actions-setup-docker-compose@v1'\n with:\n version: '2.20.2'\n - name: 'Caching'\n uses: 'actions/cache@v5'\n with:\n path: '/var/lib/docker/'\n key: '${{ runner.os }}-health-${{ github.job }}'\n - name: 'Setting up job'\n if: '${{ inputs.sus }}'\n run: |\n ${{ inputs.sus }}\n - name: 'Starting the docker-compose stack'\n run: |\n echo -e \"USERS=runner\\nUSERNAME=octocat\\nTRAEFIK_DNS_ENTRYPOINT=8080\" > .env\n docker-compose up -d ${{inputs.service_name}}\n - name: 'Waiting for running containers'\n timeout-minutes: '${{ inputs.timeout-minutes }}'\n run: |\n while :; do\n echo \"sleeping for 5s\"\n sleep 5s;\n docker-compose ps ${{inputs.service_name}} | grep \"starting\" || exit 0\n done\n - name: 'Checking containers health'\n run: |\n docker-compose ps ${{inputs.service_name}} | grep \"healthy\"\n - name: 'Checking for unattended volumes'\n run: |\n git diff --exit-code .\n - name: 'Exporting logs'\n if: '${{ failure() }}'\n run: |\n docker-compose ps ${{inputs.service_name}}\n docker-compose logs ${{inputs.service_name}}\n" }, { "path": ".gitignore", "content": "*.log\nblog/blog*\nblog/nginx/conf/www\ngitlab/logs\nportainer/data\n.env\n.env.generated\n*.patch\n*.swp\n" }, { "path": ".yamllint", "content": "# yaml-language-server: $schema=https://json.schemastore.org/yamllint.json\n# ref: https://yamllint.readthedocs.io/en/stable/configuration.html\n\nextends: 'default'\n\nignore: |\n homer/**\n matrix/**\n huginn/**\n registry/**\n registery/**\n results.json\n peertube/config/custom-environment-variables.yaml\n\n .git/\n peertube/config/default.yaml\n test_config.yml\n\n# https://yamllint.readthedocs.io/en/stable/rules.html\nrules:\n document-start:\n present: false\n comments:\n min-spaces-from-content: 1\n line-length:\n allow-non-breakable-inline-mappings: true\n ignore:\n - '.github/workflows/healthcheck.workflow.tmpl.yml'\n - '.github/workflows/dockerpublish.yml'\n truthy:\n allowed-values:\n - 'false'\n - 'on'\n - 'true'\n indentation:\n spaces: 2\n empty-values: 'enable'\n float-values:\n forbid-inf: true\n forbid-nan: true\n forbid-scientific-notation: true\n require-numeral-before-decimal: true\n octal-values: 'enable'\n quoted-strings:\n quote-type: 'single'\n required: true\n allow-quoted-quotes: false\n\n# vim: ft=yaml\n" }, { "path": "README.md", "content": "# Server configuration\n[![Discord](https://img.shields.io/discord/861623516142501898)](https://discord.gg/zQV6m9Jk6Z)\n\nYour (my) own server configuration, managed by docker-compose, with\ncomprehensive default configuration.\n\n## Setup\nIF you are using [docker compose version <2.20](https://docs.docker.com/compose/multiple-compose-files/include/),\nyou need to use the following bash command to use this project:\n```bash\ndocker-compose ()\n{\n docker-compose $(find -name 'docker-compose.*.yml' -type f -printf '%p\\t%d\\n' 2>/dev/null | sort -n -k2 | cut -f 1 | awk '{print \"-f \"$0}') $@\n}\n```\n\n### Run\n```bash\nSITE=tom.moulard.org docker-compose up -d\n```\n\nNow you have your own server configuration.\n\nTo be a little more consistent with the management, you can use a `.env` file\nand do:\n```bash\ncp .env.default .env\n```\n\nAnd edit the `.env` file to use the correct configuration.\n\nThe `docker-compose` function gather all docker-compose files in order to have\nthe whole configuration in one place (see `docker-compose config`).\n\n### Tear down\n```bash\ndocker-compose down\n```\n\n### Services list\nThere **should** be only one service by folder:\nFor example, le folder `traefik/` contains all the necessary configuration to\nrun the `traefik` service.\n\nThus each folder represent an available service.\n\nThe directory must follow the following architecture:\n```\nservice/\n├── conf\n│ └── ...\n├── data\n│ └── ...\n├── docker-compose.servicename.yml\n├── logs\n│ ├── access.log\n│ └── error.log\n└── README.md\n```\n\nIf the service you are adding can use volumes:\n - `data/`, is where to store to service data\n - `conf/`, is where to store to service configuration\n - `logs/`, is where to store to service logs (others than Docker logs)\n\nFeel free to do a Pull Request to add your ideas.\n\n[more ideas](https://github.com/awesome-selfhosted/awesome-selfhosted)\n\n## Configuration\nDon't forget to change:\n\n - db passwords (might not be needed since they are beyond the reverse proxy)\n - VPN secrets (if none provided, they are generated directly).\n\nConfiguration files are: `docker-compose.yml`, `nginx.conf`\n\nTo set the password:\n```bash\necho \"USERS=$(htpasswd -nB $USER)\" >> .env\n```\n\nYou can add a new set of credentials by editing the .env file like\n```env\nUSERS=toto:pass,tata:pass, ...\n```\n\nThe `.env.default` is generated using this command:\n```bash\ngrep '${' **/docker-compose.*.yml | sed \"s/.*\\${\\(.*\\)}.*/\\1/g\" | cut -d\":\" -f 1 | sort -u | sort | xargs -I % echo \"%=\" >> .env.default\n```\n\n### For local developments\nEdit the file `/etc/hosts` to provide the reverse proxy with good URLs.\n\nFor example, adding this in your `/etc/hosts` will allow to run and debug the\nTraefik service locally:\n```bash\n127.0.0.1 traefik.moulard.org\n```\n\n### Scaling up\n```bash\ndocker-compose scale nginx=2\n```\n\n## Tests\n\n### Lint\n\n! Warning: This is enforced for all PRs.\n\nWe are using yamllint to lint our yaml files.\nYou can install it by looking at the [official\ndocumentation](https://yamllint.readthedocs.io/en/stable/quickstart.html#installation).\n\nOnce installed, you can run the following command to lint all the yaml files:\n```bash\nyamllint .\n```\n\n### docker-compose config\n\n! Warning: This is enforced for all PRs.\n\nYou can run the following command to check that the docker-compose files are\ncorrectly written:\n```bash\n./test.sh\n```\n\nIt tests that:\n\n - all docker-compose files are valid\n - all docker-compose files are parsable\n - all docker-compose files are consistent with the test_config.yml file\n - all environment variables are set inside the `.env.default` file\n\nOnce this shell scritp is run, if the tests failes, you can see a bunch of\nmodified files (e.g., `test_config.yml`) that indicates what is wrong.\n\nNote that the GitHub Action will run this script for you, and provides a\n`patch.patch` file that **should** solve most of your issues.\n\n# Authors\nMain author:\n - [Tom](http://tom.moulard.org)\n\nGitlab helper:\n - [michel_k](mailto:thomas.michelot@epita.fr)\n\nDiscord MusicBot/minecraft:\n - [huvell_m](mailto:martin.huvelle@epita.fr),\nsee PR [#6](https://github.com/tomMoulard/make-my-server/pull/6)\n\n" }, { "path": "arachni/README.md", "content": "# arachni\n\nhttps://www.arachni-scanner.com/\n\nArachni is a feature-full, modular, high-performance Ruby framework aimed\ntowards helping penetration testers and administrators evaluate the security of\nmodern web applications.\n\nIt is versatile enough to cover a great deal of use cases, ranging from a\nsimple command line scanner utility, to a global high performance grid of\nscanners, to a Ruby library allowing for scripted audits, to a multi-user\nmulti-scan web collaboration platform. In addition, its simple REST API makes\nintegration a cinch.\n" }, { "path": "arachni/docker-compose.arachni.yml", "content": "services:\n arachni:\n image: 'arachni/arachni'\n labels:\n traefik.enable: true\n traefik.http.routers.arachni.middlewares: 'basic_auth@docker'\n traefik.http.routers.arachni.rule: 'Host(`arachni.${SITE:-localhost}`)'\n traefik.http.services.arachni.loadbalancer.server.port: 9292\n networks:\n - 'srv'\n restart: 'always'\n" }, { "path": "bazarr/.gitignore", "content": "config/\nmovies/\ntv/" }, { "path": "bazarr/README.md", "content": "# bazarr\n\nhttps://www.bazarr.media/\n\nBazarr is a companion application to Sonarr and Radarr that manages and\ndownloads subtitles based on your requirements.\n" }, { "path": "bazarr/docker-compose.bazarr.yml", "content": "services:\n bazarr:\n image: 'linuxserver/bazarr:${BAZARR_IMAGE_VERSION:-v1.2.2}'\n environment:\n PGID: '${BAZARR_GPID:-1000}'\n PUID: '${BAZARR_PUID:-1000}'\n TZ: '${TZ:-Europe/Paris}'\n labels:\n traefik.enable: true\n traefik.http.routers.bazarr.middlewares: 'basic_auth@docker'\n traefik.http.routers.bazarr.rule: 'Host(`bazarr.${SITE:-localhost}`)'\n traefik.http.services.bazarr.loadbalancer.server.port: 8080\n links:\n - 'transmission'\n - 'jackett'\n - 'sonarr'\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './config:/config'\n - './movies:/movies'\n - './tv:/tv'\n" }, { "path": "bitwarden/.gitignore", "content": "data/\n" }, { "path": "bitwarden/README.md", "content": "# bitwarden\n\nhttps://bitwarden.com\n\nBitwarden is an outstanding password manager that includes all the bells and\nwhistles you've come to expect from such a tool. And because Bitwarden is open\nsource, it updates regularly. Plans and Pricing Options\n\nHere is used `https://hub.docker.com/r/bitwardenrs/server`:\nThis is a Bitwarden server API implementation written in Rust compatible with\nupstream Bitwarden clients*, perfect for self-hosted deployment where running\nthe official resource-heavy service might not be ideal.\n\nThis server is based on vaultwarden instead of bitwarden_rw. See\n[dani-garcia/vaultwarden#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642)\nfor more explanation.\n" }, { "path": "bitwarden/docker-compose.bitwarden.yml", "content": "services:\n bitwarden:\n image: 'vaultwarden/server:${BITWARDEN_IMAGE_VERSION:-latest}'\n environment:\n ADMIN_TOKEN: '${USERS}'\n # to enable U2F and FIDO2 WebAuthn authentication\n DOMAIN: 'https://bitwarden.${SITE:-localhost}'\n PASSWORD_ITERATIONS: 500000\n ROCKET_PORT: 8080\n # whether users are allowed to create Bitwarden Sends/\n SENDS_ALLOWED: 'true'\n SIGNUPS_ALLOWED: 'true'\n # if new users need to verify their email address upon registration\n SIGNUPS_VERIFY: 'false'\n TZ: '${TZ:-Europe/Paris}'\n labels:\n traefik.enable: true\n traefik.http.routers.bitwarden-admin.middlewares: 'basic_auth@docker'\n traefik.http.routers.bitwarden-admin.rule: |\n 'Host(`bitwarden.${SITE:-localhost}`) && PathPrefix(`/admin`)'\n traefik.http.routers.bitwarden-user.rule: |\n 'Host(`bitwarden.${SITE:-localhost}`) && !PathPrefix(`/admin`)'\n traefik.http.services.bitwarden.loadbalancer.server.port: 8080\n networks:\n - 'srv'\n restart: 'always'\n user: 'nobody'\n volumes:\n - './data:/data'\n" }, { "path": "ciao/.gitignore", "content": "db\n" }, { "path": "ciao/README.md", "content": "# ciao\n\nhttps://github.com/brotandgames/ciao\n\nciao checks HTTP(S) URL endpoints for a HTTP status code (or errors on the lower TCP stack) and sends a notification on status change via E-Mail or Webhooks.\n\nIt uses Cron syntax to schedule the checks and comes along with a Web UI and a RESTful JSON API.\n" }, { "path": "ciao/docker-compose.ciao.yml", "content": "services:\n ciao:\n image: 'brotandgames/ciao:${CIAO_IMAGE_VERSION:-latest}'\n environment:\n PROMETHEUS_ENABLED: '${CIAO_PROMETHEUS_ENABLED:-false}'\n TIME_ZONE: '${TZ:-Europe/Paris}'\n labels:\n traefik.enable: true\n traefik.http.routers.ciao.middlewares: 'basic_auth@docker'\n traefik.http.routers.ciao.rule: 'Host(`ciao.${SITE:-localhost}`)'\n traefik.http.services.ciao.loadbalancer.server.port: 3000\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './db:/app/db/sqlite/'\n" }, { "path": "codimd/.gitignore", "content": "data/\ndb/\n" }, { "path": "codimd/README.md", "content": "# codimd\n\nhttps://github.com/hackmdio/codimd\n\nA hackmd self hosted.\n\nThe best platform to write and share markdown. Sign In or Explore all features.\nReal time collaboration. Works with charts and MathJax. Supports slide mode.\n\n## Installation\n\nTo install codimd, follow these steps:\n\n```bash\nmkdir -p codimd/data codimd/db\nchown -R 1500:1500 codimd/data\n```\n\n## User creation\n\n```bash\n$ docker-compose exec codimd ./bin/manage_users\nYou did not specify either --add or --del or --reset!\n\nCommand-line utility to create users for email-signin.\nUsage: bin/manage_users [--pass password] (--add | --del) user-email\n Options:\n --add\tAdd user with the specified user-email\n --del\tDelete user with specified user-email\n --reset\tReset user password with specified user-email\n --pass\tUse password from cmdline rather than prompting\n```\n" }, { "path": "codimd/docker-compose.codimd.yml", "content": "networks:\n codi-internal: {}\n\nservices:\n codimd:\n image: 'hackmdio/hackmd:${CODIMD_IMAGE_VERSION:-2.4.2-cjk}'\n depends_on:\n - 'codimd-db'\n environment:\n # https://hackmd.io/c/codimd-documentation/%2Fs%2Fcodimd-configuration\n CMD_DB_URL: 'postgres://codimd:mypwd@codimd-db/codimd'\n CMD_USECDN: 'false'\n healthcheck:\n test: ['CMD', 'wget', '0.0.0.0:3000']\n labels:\n traefik.enable: true\n traefik.http.routers.codimd.rule: 'Host(`codimd.${SITE:-localhost}`)'\n traefik.http.services.codimd.loadbalancer.server.port: 3000\n links:\n - 'codimd-db'\n networks:\n - 'codi-internal'\n - 'srv'\n restart: 'always'\n volumes:\n - './data:/home/hackmd/app/public/uploads'\n\n codimd-db:\n image: 'postgres:11.6-alpine'\n environment:\n POSTGRES_DB: 'codimd'\n POSTGRES_PASSWORD: 'mypwd'\n POSTGRES_USER: 'codimd'\n healthcheck:\n test: ['CMD', 'pg_isready', '-U', 'codimd']\n labels:\n traefik.enable: false\n networks:\n - 'codi-internal'\n restart: 'always'\n volumes:\n - './db:/var/lib/postgresql/data'\n" }, { "path": "docker-compose.networks.yml", "content": "networks:\n srv: {}\n" }, { "path": "docker-compose.yml", "content": "include:\n - path: 'docker-compose.networks.yml'\n - path: 'arachni/docker-compose.arachni.yml'\n - path: 'bazarr/docker-compose.bazarr.yml'\n - path: 'bitwarden/docker-compose.bitwarden.yml'\n - path: 'ciao/docker-compose.ciao.yml'\n - path: 'codimd/docker-compose.codimd.yml'\n - path: 'elk/docker-compose.elk.yml'\n - path: 'factorio/docker-compose.factorio.yml'\n - path: 'framadate/docker-compose.framadate.yml'\n - path: 'gitlab/docker-compose.gitlab.yml'\n - path: 'grafana/docker-compose.grafana.yml'\n - path: 'hits/docker-compose.hits.yml'\n - path: 'homeassistant/docker-compose.homeassistant.yml'\n - path: 'hugo/docker-compose.hugo.yml'\n - path: 'jackett/docker-compose.jackett.yml'\n - path: 'jellyfin/docker-compose.jellyfin.yml'\n - path: 'jupyter/docker-compose.jupyter.yml'\n - path: 'kavita/docker-compose.kavita.yml'\n - path: 'mastodon/docker-compose.mastodon.yml'\n - path: 'minecraft/docker-compose.minecraft-ftb.yml'\n - path: 'minecraft/docker-compose.minecraft.yml'\n - path: 'mumble/docker-compose.mumble.yml'\n - path: 'musicbot/docker-compose.musicBot.yml'\n - path: 'nextcloud/docker-compose.nextcloud.yml'\n - path: 'nginx/docker-compose.nginx.yml'\n - path: 'pastebin/docker-compose.pastebin.yml'\n - path: 'peertube/docker-compose.peertube.yml'\n - path: 'pihole/docker-compose.pihole.yml'\n - path: 'portainer/docker-compose.portainer.yml'\n - path: 'remotely/docker-compose.remotely.yml'\n - path: 'rocketchat/docker-compose.rocket-chat.yml'\n - path: 'searxng/docker-compose.searxng.yml'\n - path: 'sharelatex/docker-compose.sharelatex.yml'\n - path: 'sonarr/docker-compose.sonarr.yml'\n - path: 'streama/docker-compose.streama.yml'\n - path: 'theia/docker-compose.theia.yml'\n - path: 'tor-relay/docker-compose.tor-relay.yml'\n - path: 'traefik/docker-compose.traefik.yml'\n - path: 'transmission/docker-compose.transmission.yml'\n - path: 'vpn/docker-compose.vpn.yml'\n - path: 'watchtower/docker-compose.watchtower.yml'\n - path: 'wordpress/docker-compose.wordpress.yml'\n" }, { "path": "elk/README.md", "content": "# elk\n\nhttps://www.elastic.co/fr/what-is/elk-stack\n\nThe Elastic suite: Elastic search, Logstash Kibana.\n\nElastic search is a database with a search engine backed in.\n\nLogstash is a log pipeline to gather all logs and send them to elastic search.\n\nKibana allow users to view elastic search's data using tables and graphs.\n" }, { "path": "elk/docker-compose.elk.yml", "content": "services:\n elasticsearch:\n image: 'docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_IMAGE_VERSION:-7.1.0}'\n environment:\n ES_JAVA_OPTS: '${ELASTICSEARCH_JAVA_OPTS:--Xms512m -Xmx512m}'\n bootstrap.memory_lock: '${ELASTICSEARCH_MEMORY_LOCK:-true}'\n cluster.name: '${ELASTICSEARCH_CLUSTER_NAME:-docker-cluster}'\n discovery.type: '${ELASTICSEARCH_DISCOVERY_TYPE:-single-node}'\n labels:\n traefik.enable: false\n restart: 'always'\n ulimits:\n memlock:\n hard: -1\n soft: -1\n volumes:\n - './elasticsearch/data:/usr/share/elasticsearch/data'\n\n kibana:\n image: 'docker.elastic.co/kibana/kibana:${KIBANA_IMAGE_VERSION:-7.1.0}'\n labels:\n traefik.enable: true\n traefik.http.routers.kibana.middlewares: 'basic_auth@docker'\n traefik.http.routers.kibana.rule: 'Host(`kibana.${SITE:-localhost}`)'\n traefik.http.services.kibana.loadbalancer.server.port: 5601\n links:\n - 'elasticsearch'\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './kibana/kibana.yml:/usr/share/kibana/config/kibana.yml'\n\n logstash:\n image: 'docker.elastic.co/logstash/logstash:${LOGSTASH_IMAGE_VERSION:-7.1.0}'\n labels:\n traefik.enable: false\n links:\n - 'elasticsearch'\n restart: 'always'\n volumes:\n - './logstash/:/usr/share/logstash/pipeline/'\n - '../nginx/logs:/var/log/nginx'\n - '../traefik/logs:/var/log/traefik'\n" }, { "path": "elk/elasticsearch/.gitignore", "content": "data/\n" }, { "path": "elk/elasticsearch/.gitkeep", "content": "" }, { "path": "elk/logstash/logstash.conf", "content": "# logstash.con\n# Where you see:\n# # start_position => \"beginning\"\n# You can un comment this line if the elasticsearch instance is new and you want\n# to import all previous logs.\n\ninput {\n file {\n path => \"/var/log/traefik/traefik.log\"\n type => \"traefik_log\"\n# start_position => \"beginning\"\n }\n file {\n path => \"/var/log/traefik/access.log\"\n type => \"traefik_access\"\n# start_position => \"beginning\"\n }\n file {\n path => \"/var/log/nginx/access.log\"\n type => \"nginx_access\"\n# start_position => \"beginning\"\n }\n file {\n path => \"/var/log/nginx/error.log\"\n type => \"nginx_error\"\n# start_position => \"beginning\"\n }\n}\n\nfilter {\n if [type] == \"nginx_access\" {\n grok {\n match => { \"message\" => [\"%{IPORHOST:[nginx][access][remote_ip]} - %{DATA:[nginx][access][user_name]} \\[%{HTTPDATE:[nginx][access][time]}\\] \\\"%{WORD:[nginx][access][method]} %{DATA:[nginx][access][url]} HTTP/%{NUMBER:[nginx][access][http_version]}\\\" %{NUMBER:[nginx][access][response_code]} %{NUMBER:[nginx][access][body_sent][bytes]} \\\"%{DATA:[nginx][access][referrer]}\\\" \\\"%{DATA:[nginx][access][agent]}\\\"\"] }\n remove_field => \"message\"\n }\n mutate {\n add_field => { \"read_timestamp\" => \"%{@timestamp}\" }\n }\n date {\n match => [ \"[nginx][access][time]\", \"dd/MMM/YYYY:H:m:s Z\" ]\n remove_field => \"[nginx][access][time]\"\n }\n useragent {\n source => \"[nginx][access][agent]\"\n target => \"[nginx][access][user_agent]\"\n remove_field => \"[nginx][access][agent]\"\n }\n# This is not needed because traefik hides the real ip\n# geoip {\n# source => \"[nginx][access][remote_ip]\"\n# target => \"[nginx][access][geoip]\"\n# }\n }\n if [type] == \"nginx_error\" {\n grok {\n match => { \"message\" => [\"%{DATA:[nginx][error][time]} \\[%{DATA:[nginx][error][level]}\\] %{NUMBER:[nginx][error][pid]}#%{NUMBER:[nginx][error][tid]}: (\\*%{NUMBER:[nginx][error][connection_id]} )?%{GREEDYDATA:[nginx][error][message]}\"] }\n remove_field => \"message\"\n }\n mutate {\n rename => { \"@timestamp\" => \"read_timestamp\" }\n }\n date {\n match => [ \"[nginx][error][time]\", \"YYYY/MM/dd H:m:s\" ]\n remove_field => \"[nginx][error][time]\"\n }\n }\n if [type] == \"traefik_access\" {\n json {\n source => \"message\"\n }\n date {\n match => [ \"timestamp\", \"dd/MM/YYYY:KK:mm:ss Z\"]\n target => \"event_timestamp\"\n }\n geoip {\n source => \"ClientHost\"\n }\n useragent {\n source => \"request_User-Agent\"\n }\n }\n if [type] == \"traefik_log\" {\n json {\n source => \"message\"\n }\n date {\n match => [ \"timestamp\", \"dd/MM/YYYY:KK:mm:ss Z\"]\n target => \"event_timestamp\"\n }\n }\n uuid {\n target => \"uuid\"\n }\n}\n\noutput {\n elasticsearch {\n hosts => [ \"elasticsearch\" ]\n user => \"elastic\"\n password => \"changeme\"\n index => \"logstash-%{+YYYY.MM.dd}\"\n }\n}\n" }, { "path": "factorio/.gitignore", "content": "saves/\n*.log\nplayer-data.json\nsaves/\nscenarios/\nscript-output/\n" }, { "path": "factorio/README.md", "content": "# factorio\n\nhttps://www.factorio.com\n\nFactorio is a game in which you build and maintain factories. You will be\nmining resources, researching technologies, building infrastructure, automating\nproduction and fighting enemies.\n" }, { "path": "factorio/config/.gitignore", "content": "rconpw\n" }, { "path": "factorio/config/map-gen-settings.json", "content": "{\n \"_terrain_segmentation_comment\": \"Inverse of map scale\",\n \"terrain_segmentation\": 1,\n\n \"_water_comment\":\n [\n \"Multiplier for water 'coverage' - higher increases the water level.\",\n \"Water level = 10 * log2(this value)\"\n ],\n \"water\": 1,\n\n \"_comment_width+height\": \"Width and height of map, in tiles; 0 means infinite\",\n \"width\": 0,\n \"height\": 0,\n\n \"_starting_area_comment\": \"Multiplier for 'biter free zone radius'\",\n \"starting_area\": 1,\n\n \"peaceful_mode\": false,\n\n \"autoplace_controls\":\n {\n \"coal\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"stone\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"copper-ore\": {\"frequency\": 1, \"size\": 1,\"richness\": 1},\n \"iron-ore\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"uranium-ore\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"crude-oil\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"trees\": {\"frequency\": 1, \"size\": 1, \"richness\": 1},\n \"enemy-base\": {\"frequency\": 1, \"size\": 1, \"richness\": 1}\n },\n\n \"cliff_settings\":\n {\n \"_name_comment\": \"Name of the cliff prototype\",\n \"name\": \"cliff\",\n\n \"_cliff_elevation_0_comment\": \"Elevation of first row of cliffs\",\n \"cliff_elevation_0\": 10,\n\n \"_cliff_elevation_interval_comment\": \"Elevation difference between successive rows of cliffs\",\n \"cliff_elevation_interval\": 10,\n\n \"_richness_comment\": \"Multiplier for cliff continuity; 0 will result in no cliffs, 10 will make all cliff rows completely solid\",\n \"richness\": 1\n },\n\n \"_property_expression_names_comment\":\n [\n \"Overrides for property value generators\",\n \"Elevation influences water and cliff placement.\",\n \"Leave it blank to get 'normal' terrain.\",\n \"Use '0_16-elevation' to reproduce terrain from 0.16.\",\n \"Use '0_17-island' to get an island.\"\n ],\n \"property_expression_names\":\n {\n \"elevation\": \"0_17-island\",\n\n \"control-setting:aux:bias\": \"0.300000\",\n \"control-setting:aux:frequency:multiplier\": \"1.333333\",\n \"control-setting:moisture:bias\": \"0.100000\",\n \"control-setting:moisture:frequency:multiplier\": \"0.500000\"\n },\n\n \"starting_points\":\n [\n {\"x\": 1000, \"y\": 2000}\n ],\n\n \"_seed_comment\": \"Use null for a random seed, number for a specific seed.\",\n \"seed\": null\n}\n" }, { "path": "factorio/config/map-settings.json", "content": "{\n \"difficulty_settings\":\n {\n \"recipe_difficulty\": 0,\n \"technology_difficulty\": 0,\n \"technology_price_multiplier\": 1,\n \"research_queue_setting\": \"after-victory\"\n },\n \"pollution\":\n {\n \"enabled\": true,\n \"_comment_min_to_diffuse_1\": \"these are values for 60 ticks (1 simulated second)\",\n \"_comment_min_to_diffuse_2\": \"amount that is diffused to neighboring chunk\",\n \"diffusion_ratio\": 0.02,\n \"min_to_diffuse\": 15,\n \"ageing\": 1,\n \"expected_max_per_chunk\": 150,\n \"min_to_show_per_chunk\": 50,\n \"min_pollution_to_damage_trees\": 60,\n \"pollution_with_max_forest_damage\": 150,\n \"pollution_per_tree_damage\": 50,\n \"pollution_restored_per_tree_damage\": 10,\n \"max_pollution_to_restore_trees\": 20,\n \"enemy_attack_pollution_consumption_modifier\": 1\n },\n \"enemy_evolution\":\n {\n \"enabled\": true,\n \"time_factor\": 0.000004,\n \"destroy_factor\": 0.002,\n \"pollution_factor\": 0.0000009\n },\n \"enemy_expansion\":\n {\n \"enabled\": true,\n \"min_base_spacing\": 3,\n \"max_expansion_distance\": 7,\n \"friendly_base_influence_radius\": 2,\n \"enemy_building_influence_radius\": 2,\n \"building_coefficient\": 0.1,\n \"other_base_coefficient\": 2.0,\n \"neighbouring_chunk_coefficient\": 0.5,\n \"neighbouring_base_chunk_coefficient\": 0.4,\n \"max_colliding_tiles_coefficient\": 0.9,\n \"settler_group_min_size\": 5,\n \"settler_group_max_size\": 20,\n \"min_expansion_cooldown\": 14400,\n \"max_expansion_cooldown\": 216000\n },\n \"unit_group\":\n {\n \"min_group_gathering_time\": 3600,\n \"max_group_gathering_time\": 36000,\n \"max_wait_time_for_late_members\": 7200,\n \"max_group_radius\": 30.0,\n \"min_group_radius\": 5.0,\n \"max_member_speedup_when_behind\": 1.4,\n \"max_member_slowdown_when_ahead\": 0.6,\n \"max_group_slowdown_factor\": 0.3,\n \"max_group_member_fallback_factor\": 3,\n \"member_disown_distance\": 10,\n \"tick_tolerance_when_member_arrives\": 60,\n \"max_gathering_unit_groups\": 30,\n \"max_unit_group_size\": 200\n },\n \"steering\":\n {\n \"default\":\n {\n \"radius\": 1.2,\n \"separation_force\": 0.005,\n \"separation_factor\": 1.2,\n \"force_unit_fuzzy_goto_behavior\": false\n },\n \"moving\":\n {\n \"radius\": 3,\n \"separation_force\": 0.01,\n \"separation_factor\": 3,\n \"force_unit_fuzzy_goto_behavior\": false\n }\n },\n \"path_finder\":\n {\n \"fwd2bwd_ratio\": 5,\n \"goal_pressure_ratio\": 2,\n \"max_steps_worked_per_tick\": 100,\n \"max_work_done_per_tick\": 8000,\n \"use_path_cache\": true,\n \"short_cache_size\": 5,\n \"long_cache_size\": 25,\n \"short_cache_min_cacheable_distance\": 10,\n \"short_cache_min_algo_steps_to_cache\": 50,\n \"long_cache_min_cacheable_distance\": 30,\n \"cache_max_connect_to_cache_steps_multiplier\": 100,\n \"cache_accept_path_start_distance_ratio\": 0.2,\n \"cache_accept_path_end_distance_ratio\": 0.15,\n \"negative_cache_accept_path_start_distance_ratio\": 0.3,\n \"negative_cache_accept_path_end_distance_ratio\": 0.3,\n \"cache_path_start_distance_rating_multiplier\": 10,\n \"cache_path_end_distance_rating_multiplier\": 20,\n \"stale_enemy_with_same_destination_collision_penalty\": 30,\n \"ignore_moving_enemy_collision_distance\": 5,\n \"enemy_with_different_destination_collision_penalty\": 30,\n \"general_entity_collision_penalty\": 10,\n \"general_entity_subsequent_collision_penalty\": 3,\n \"extended_collision_penalty\": 3,\n \"max_clients_to_accept_any_new_request\": 10,\n \"max_clients_to_accept_short_new_request\": 100,\n \"direct_distance_to_consider_short_request\": 100,\n \"short_request_max_steps\": 1000,\n \"short_request_ratio\": 0.5,\n \"min_steps_to_check_path_find_termination\": 2000,\n \"start_to_goal_cost_multiplier_to_terminate_path_find\": 500.0,\n \"overload_levels\": [0, 100, 500],\n \"overload_multipliers\": [2, 3, 4]\n },\n \"max_failed_behavior_count\": 3\n}\n" }, { "path": "factorio/config/server-settings.json", "content": "{\n \"name\": \"Name of the game as it will appear in the game listing\",\n \"description\": \"Description of the game that will appear in the listing\",\n \"tags\": [\"game\", \"tags\", \"github.com/tomMoulard/make-my-server\"],\n\n \"_comment_max_players\": \"Maximum number of players allowed, admins can join even a full server. 0 means unlimited.\",\n \"max_players\": 0,\n\n \"_comment_visibility\": [\"public: Game will be published on the official Factorio matching server\",\n \"lan: Game will be broadcast on LAN\"],\n \"visibility\":\n {\n \"public\": false,\n \"lan\": true\n },\n\n \"_comment_credentials\": \"Your factorio.com login credentials. Required for games with visibility public\",\n \"username\": \"\",\n \"password\": \"\",\n\n \"_comment_token\": \"Authentication token. May be used instead of 'password' above.\",\n \"token\": \"\",\n\n \"game_password\": \"\",\n\n \"_comment_require_user_verification\": \"When set to true, the server will only allow clients that have a valid Factorio.com account\",\n \"require_user_verification\": false,\n\n \"_comment_max_upload_in_kilobytes_per_second\" : \"optional, default value is 0. 0 means unlimited.\",\n \"max_upload_in_kilobytes_per_second\": 0,\n\n \"_comment_max_upload_slots\" : \"optional, default value is 5. 0 means unlimited.\",\n \"max_upload_slots\": 5,\n\n \"_comment_minimum_latency_in_ticks\": \"optional one tick is 16ms in default speed, default value is 0. 0 means no minimum.\",\n \"minimum_latency_in_ticks\": 0,\n\n \"_comment_ignore_player_limit_for_returning_players\": \"Players that played on this map already can join even when the max player limit was reached.\",\n \"ignore_player_limit_for_returning_players\": false,\n\n \"_comment_allow_commands\": \"possible values are, true, false and admins-only\",\n \"allow_commands\": \"admins-only\",\n\n \"_comment_autosave_interval\": \"Autosave interval in minutes\",\n \"autosave_interval\": 10,\n\n \"_comment_autosave_slots\": \"server autosave slots, it is cycled through when the server autosaves.\",\n \"autosave_slots\": 5,\n\n \"_comment_afk_autokick_interval\": \"How many minutes until someone is kicked when doing nothing, 0 for never.\",\n \"afk_autokick_interval\": 0,\n\n \"_comment_auto_pause\": \"Whether should the server be paused when no players are present.\",\n \"auto_pause\": true,\n\n \"only_admins_can_pause_the_game\": true,\n\n \"_comment_autosave_only_on_server\": \"Whether autosaves should be saved only on server or also on all connected clients. Default is true.\",\n \"autosave_only_on_server\": true,\n\n \"_comment_non_blocking_saving\": \"Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.\",\n \"non_blocking_saving\": false,\n\n \"_comment_segment_sizes\": \"Long network messages are split into segments that are sent over multiple ticks. Their size depends on the number of peers currently connected. Increasing the segment size will increase upload bandwidth requirement for the server and download bandwidth requirement for clients. This setting only affects server outbound messages. Changing these settings can have a negative impact on connection stability for some clients.\",\n \"minimum_segment_size\": 25,\n \"minimum_segment_size_peer_count\": 20,\n \"maximum_segment_size\": 100,\n \"maximum_segment_size_peer_count\": 10\n}\n" }, { "path": "factorio/docker-compose.factorio.yml", "content": "services:\n factorio:\n image: 'factoriotools/factorio'\n labels:\n traefik.enable: false\n ports:\n - '34197:34197/udp'\n # - '27015:27015/tcp' # RCON port\n restart: 'always'\n volumes:\n - '.:/factorio'\n" }, { "path": "factorio/mods/mod-list.json", "content": "\n{\n \"mods\":\n [\n {\n \"name\": \"base\",\n \"enabled\": true\n }\n ]\n}\n" }, { "path": "framadate/.gitignore", "content": "db\n" }, { "path": "framadate/README.md", "content": "# framadate\n\nhttps://framagit.org/framasoft/framadate/framadate/\n\n[Framadate](https://framadate.org) is an online service for planning an appointment or making a decision quickly and easily. It's a community free/libre software alternative to Doodle." }, { "path": "framadate/docker-compose.framadate.yml", "content": "networks:\n framadate-internal: {}\n\nservices:\n framadate:\n image: 'xgaia/framadate:${FRAMADATE_IMAGE_VERSION:-latest}'\n depends_on:\n - 'framadate-db'\n environment:\n ADMIN_PASSWORD: '${FRAMADATE_ADMIN_PASSWORD:-pass}'\n APP_NAME: 'Framadate'\n APP_URL: 'framadate.${SITE:-localhost}'\n DEFAULT_POLL_DURATION: '365'\n MARKDOWN_EDITOR_BY_DEFAULT: 'true'\n MYSQL_DATABASE: '${FRAMADATE_MYSQL_DATABASE:-framadate}'\n MYSQL_PASSWORD: '${FRAMADATE_MYSQL_PASSWORD:-framadate}'\n MYSQL_ROOT_PASSWORD: '${FRAMADATE_MYSQL_ROOT_PASSWORD:-pass}'\n MYSQL_USER: '${FRAMADATE_MYSQL_USER:-framadate}'\n PROVIDE_FORK_AWESOME: 'true'\n SERVERNAME: 'framadate.${SITE:-localhost}'\n SHOW_CULTIVATE_YOUR_GARDEN: 'true'\n SHOW_THE_SOFTWARE: 'true'\n SHOW_WHAT_IS_THAT: 'true'\n USER_CAN_ADD_IMG_OR_LINK: 'true'\n labels:\n - 'traefik.enable=true'\n - 'traefik.http.routers.framadate.rule=Host(`framadate.${SITE:-localhost}`)'\n - 'traefik.http.services.framadate.loadbalancer.server.port=80'\n restart: 'always'\n networks:\n - 'framadate-internal'\n - 'srv'\n\n framadate-db:\n image: 'mysql:5.7'\n environment:\n MYSQL_DATABASE: '${FRAMADATE_MYSQL_DATABASE:-framadate}'\n MYSQL_PASSWORD: '${FRAMADATE_MYSQL_PASSWORD:-framadate}'\n MYSQL_ROOT_PASSWORD: '${FRAMADATE_MYSQL_ROOT_PASSWORD:-pass}'\n MYSQL_USER: '${FRAMADATE_MYSQL_USER:-framadate}'\n healthcheck:\n test: ['CMD', 'mysqlcheck', '--all-databases', '-ppass']\n labels:\n - 'traefik.enable=false'\n networks:\n - 'framadate-internal'\n restart: 'always'\n volumes:\n - './db:/var/lib/mysql'\n" }, { "path": "gitlab/.gitignore", "content": "config/gitlab-secrets.json\nconfig/*.pub\nconfig/*_key\ndata/\n" }, { "path": "gitlab/README.md", "content": "# Gitlab\nhttps://about.gitlab.com/\n\nGitLab is a web-based DevOps lifecycle tool that provides a Git-repository\nmanager providing wiki, issue-tracking and continuous integration and\ndeployment pipeline features, using an open-source license, developed by\nGitLab Inc. The software was created by Ukrainian developers Dmitriy\nZaporozhets and Valery Sizov.\n\n## Gitlab runner\n### Get the Registration Token\nFind your runner registration token (\\$REGISTRATION_TOKEN) at\n`http://GITLAB_HOST/$PROJECT_GROUP/$PROJECT_NAME/settings/ci_cd`.\n\nThere is **two** way to register the runner:\n### Register via CLI\nSteps:\n - up the runner `docker-compose up -d runner`\n - register the runner\n\n```bash\ndocker-compose exec runner gitlab-runner register \\\n --non-interactive \\\n --executor \"docker\" \\\n --docker-image alpine:latest \\\n --url \"http://gitlab/\" \\\n --registration-token \"$REGISTRATION_TOKEN\" \\\n --description \"The Best Runner\" \\\n --tag-list \"docker,aws\" \\\n --run-untagged=\"true\" \\\n --locked=\"false\" \\\n --access-level=\"not_protected\"\n```\n\n### Register via the configuration file\nRegister the Registration Token to have a Runner Token\n```bash\ncurl -X POST 'http://gitlab.${SITE}/api/v4/runners' --form 'token=$REGISTRATION_TOKEN' --form 'description=The Best Runner'\n```\n\n#### Change runner configuration\nNow change the token in the [configuration file](gitlab/runner/config.toml).\n```toml\n[[runners]]\n token = \"XXXXXXXXXXXXXXXXXXXX\"\n```\nand run the runner\n```bash\ndocker-compose up -d runner\n```\n\n" }, { "path": "gitlab/config/gitlab.rb", "content": "## GitLab configuration settings\n##! This file is generated during initial installation and **is not** modified\n##! during upgrades.\n##! Check out the latest version of this file to know about the different\n##! settings that can be configured by this file, which may be found at:\n##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template\n\n\n## GitLab URL\n##! URL on which GitLab will be reachable.\n##! For more details on configuring external_url see:\n##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab\n# external_url 'GENERATED_EXTERNAL_URL'\n\n## Roles for multi-instance GitLab\n##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.\n##! Options:\n##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role\n##! For more details on each role, see:\n##! https://docs.gitlab.com/omnibus/roles/README.html#roles\n##!\n# roles ['redis_sentinel_role', 'redis_master_role']\n\n## Legend\n##! The following notations at the beginning of each line may be used to\n##! differentiate between components of this file and to easily select them using\n##! a regex.\n##! ## Titles, subtitles etc\n##! ##! More information - Description, Docs, Links, Issues etc.\n##! Configuration settings have a single # followed by a single space at the\n##! beginning; Remove them to enable the setting.\n\n##! **Configuration settings below are optional.**\n##! **The values currently assigned are only examples and ARE NOT the default\n##! values.**\n\n\n################################################################################\n################################################################################\n## Configuration Settings for GitLab CE and EE ##\n################################################################################\n################################################################################\n\n################################################################################\n## gitlab.yml configuration\n##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md\n################################################################################\n# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'\n# gitlab_rails['time_zone'] = 'UTC'\n\n### Email Settings\n# gitlab_rails['gitlab_email_enabled'] = true\n# gitlab_rails['gitlab_email_from'] = 'example@example.com'\n# gitlab_rails['gitlab_email_display_name'] = 'Example'\n# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'\n# gitlab_rails['gitlab_email_subject_suffix'] = ''\n\n### GitLab user privileges\n# gitlab_rails['gitlab_default_can_create_group'] = true\n# gitlab_rails['gitlab_username_changing_enabled'] = true\n\n### Default Theme\n# gitlab_rails['gitlab_default_theme'] = 2\n\n### Default project feature settings\n# gitlab_rails['gitlab_default_projects_features_issues'] = true\n# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true\n# gitlab_rails['gitlab_default_projects_features_wiki'] = true\n# gitlab_rails['gitlab_default_projects_features_snippets'] = true\n# gitlab_rails['gitlab_default_projects_features_builds'] = true\n# gitlab_rails['gitlab_default_projects_features_container_registry'] = true\n\n### Automatic issue closing\n###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more\n###! information about this pattern.\n# gitlab_rails['gitlab_issue_closing_pattern'] = \"\\b((?:[Cc]los(?:e[sd]?|ing)|\\b[Ff]ix(?:e[sd]|ing)?|\\b[Rr]esolv(?:e[sd]?|ing)|\\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\\d+))+)\"\n\n### Download location\n###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file\n###! is created in the following directory.\n###! Should not be the same path, or a sub directory of any of the `git_data_dirs`\n# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'\n\n### Gravatar Settings\n# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'\n# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'\n\n### Auxiliary jobs\n###! Periodically executed jobs, to self-heal Gitlab, do external\n###! synchronizations, etc.\n###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job\n###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in\n# gitlab_rails['stuck_ci_jobs_worker_cron'] = \"0 0 * * *\"\n# gitlab_rails['expire_build_artifacts_worker_cron'] = \"50 * * * *\"\n# gitlab_rails['pipeline_schedule_worker_cron'] = \"41 * * * *\"\n# gitlab_rails['ci_archive_traces_cron_worker_cron'] = \"17 * * * *\"\n# gitlab_rails['repository_check_worker_cron'] = \"20 * * * *\"\n# gitlab_rails['admin_email_worker_cron'] = \"0 0 * * 0\"\n# gitlab_rails['repository_archive_cache_worker_cron'] = \"0 * * * *\"\n# gitlab_rails['pages_domain_verification_cron_worker'] = \"*/15 * * * *\"\n\n### Webhook Settings\n###! Number of seconds to wait for HTTP response after sending webhook HTTP POST\n###! request (default: 10)\n# gitlab_rails['webhook_timeout'] = 10\n\n### Trusted proxies\n###! Customize if you have GitLab behind a reverse proxy which is running on a\n###! different machine.\n###! **Add the IP address for your reverse proxy to the list, otherwise users\n###! will appear signed in from that address.**\n# gitlab_rails['trusted_proxies'] = []\n\n### Monitoring settings\n###! IP whitelist controlling access to monitoring endpoints\n# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']\n###! Time between sampling of unicorn socket metrics, in seconds\n# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10\n\n### Reply by email\n###! Allow users to comment on issues and merge requests by replying to\n###! notification emails.\n###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html\n# gitlab_rails['incoming_email_enabled'] = true\n\n#### Incoming Email Address\n####! The email address including the `%{key}` placeholder that will be replaced\n####! to reference the item being replied to.\n####! **The placeholder can be omitted but if present, it must appear in the\n####! \"user\" part of the address (before the `@`).**\n# gitlab_rails['incoming_email_address'] = \"gitlab-incoming+%{key}@gmail.com\"\n\n#### Email account username\n####! **With third party providers, this is usually the full email address.**\n####! **With self-hosted email servers, this is usually the user part of the\n####! email address.**\n# gitlab_rails['incoming_email_email'] = \"gitlab-incoming@gmail.com\"\n\n#### Email account password\n# gitlab_rails['incoming_email_password'] = \"[REDACTED]\"\n\n#### IMAP Settings\n# gitlab_rails['incoming_email_host'] = \"imap.gmail.com\"\n# gitlab_rails['incoming_email_port'] = 993\n# gitlab_rails['incoming_email_ssl'] = true\n# gitlab_rails['incoming_email_start_tls'] = false\n\n#### Incoming Mailbox Settings\n####! The mailbox where incoming mail will end up. Usually \"inbox\".\n# gitlab_rails['incoming_email_mailbox_name'] = \"inbox\"\n####! The IDLE command timeout.\n# gitlab_rails['incoming_email_idle_timeout'] = 60\n\n### Job Artifacts\n# gitlab_rails['artifacts_enabled'] = true\n# gitlab_rails['artifacts_path'] = \"/var/opt/gitlab/gitlab-rails/shared/artifacts\"\n####! Job artifacts Object Store\n####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage\n# gitlab_rails['artifacts_object_store_enabled'] = false\n# gitlab_rails['artifacts_object_store_direct_upload'] = false\n# gitlab_rails['artifacts_object_store_background_upload'] = true\n# gitlab_rails['artifacts_object_store_proxy_download'] = false\n# gitlab_rails['artifacts_object_store_remote_directory'] = \"artifacts\"\n# gitlab_rails['artifacts_object_store_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',\n# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',\n# # # The below options configure an S3 compatible host instead of AWS\n# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.\n# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces\n# # 'host' => 's3.amazonaws.com',\n# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'\n# }\n\n### Git LFS\n# gitlab_rails['lfs_enabled'] = true\n# gitlab_rails['lfs_storage_path'] = \"/var/opt/gitlab/gitlab-rails/shared/lfs-objects\"\n# gitlab_rails['lfs_object_store_enabled'] = false\n# gitlab_rails['lfs_object_store_direct_upload'] = false\n# gitlab_rails['lfs_object_store_background_upload'] = true\n# gitlab_rails['lfs_object_store_proxy_download'] = false\n# gitlab_rails['lfs_object_store_remote_directory'] = \"lfs-objects\"\n# gitlab_rails['lfs_object_store_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',\n# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',\n# # # The below options configure an S3 compatible host instead of AWS\n# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.\n# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces\n# # 'host' => 's3.amazonaws.com',\n# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'\n# }\n\n### GitLab uploads\n###! Docs: https://docs.gitlab.com/ee/administration/uploads.html\n# gitlab_rails['uploads_storage_path'] = \"/var/opt/gitlab/gitlab-rails/public\"\n# gitlab_rails['uploads_base_dir'] = \"uploads/-/system\"\n# gitlab_rails['uploads_object_store_enabled'] = false\n# gitlab_rails['uploads_object_store_direct_upload'] = false\n# gitlab_rails['uploads_object_store_background_upload'] = true\n# gitlab_rails['uploads_object_store_proxy_download'] = false\n# gitlab_rails['uploads_object_store_remote_directory'] = \"uploads\"\n# gitlab_rails['uploads_object_store_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',\n# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',\n# # # The below options configure an S3 compatible host instead of AWS\n# # 'host' => 's3.amazonaws.com',\n# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.\n# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces\n# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'\n# }\n\n### Impersonation settings\n# gitlab_rails['impersonation_enabled'] = true\n\n### Usage Statistics\n# gitlab_rails['usage_ping_enabled'] = true\n\n### GitLab Mattermost\n###! These settings are void if Mattermost is installed on the same omnibus\n###! install\n# gitlab_rails['mattermost_host'] = \"https://mattermost.example.com\"\n\n### LDAP Settings\n###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html\n###! **Be careful not to break the indentation in the ldap_servers block. It is\n###! in yaml format and the spaces must be retained. Using tabs will not work.**\n\n# gitlab_rails['ldap_enabled'] = false\n\n###! **remember to close this block with 'EOS' below**\n# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'\n# main: # 'main' is the GitLab 'provider ID' of this LDAP server\n# label: 'LDAP'\n# host: '_your_ldap_server'\n# port: 389\n# uid: 'sAMAccountName'\n# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'\n# password: '_the_password_of_the_bind_user'\n# encryption: 'plain' # \"start_tls\" or \"simple_tls\" or \"plain\"\n# verify_certificates: true\n# active_directory: true\n# allow_username_or_email_login: false\n# lowercase_usernames: false\n# block_auto_created_users: false\n# base: ''\n# user_filter: ''\n# ## EE only\n# group_base: ''\n# admin_group: ''\n# sync_ssh_keys: false\n#\n# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server\n# label: 'LDAP'\n# host: '_your_ldap_server'\n# port: 389\n# uid: 'sAMAccountName'\n# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'\n# password: '_the_password_of_the_bind_user'\n# encryption: 'plain' # \"start_tls\" or \"simple_tls\" or \"plain\"\n# verify_certificates: true\n# active_directory: true\n# allow_username_or_email_login: false\n# lowercase_usernames: false\n# block_auto_created_users: false\n# base: ''\n# user_filter: ''\n# ## EE only\n# group_base: ''\n# admin_group: ''\n# sync_ssh_keys: false\n# EOS\n\n### Smartcard authentication settings\n###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html\n# gitlab_rails['smartcard_enabled'] = false\n# gitlab_rails['smartcard_ca_file'] = \"/etc/gitlab/ssl/CA.pem\"\n# gitlab_rails['smartcard_client_certificate_required_port'] = 3444\n\n### OmniAuth Settings\n###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html\n# gitlab_rails['omniauth_enabled'] = nil\n# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']\n# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\n# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']\n# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n# gitlab_rails['omniauth_block_auto_created_users'] = true\n# gitlab_rails['omniauth_auto_link_ldap_user'] = false\n# gitlab_rails['omniauth_auto_link_saml_user'] = false\n# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']\n# gitlab_rails['omniauth_providers'] = [\n# {\n# \"name\" => \"google_oauth2\",\n# \"app_id\" => \"YOUR APP ID\",\n# \"app_secret\" => \"YOUR APP SECRET\",\n# \"args\" => { \"access_type\" => \"offline\", \"approval_prompt\" => \"\" }\n# }\n# ]\n\n### Backup Settings\n###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html\n\n# gitlab_rails['manage_backup_path'] = true\n# gitlab_rails['backup_path'] = \"/var/opt/gitlab/backups\"\n\n###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions\n# gitlab_rails['backup_archive_permissions'] = 0644\n\n# gitlab_rails['backup_pg_schema'] = 'public'\n\n###! The duration in seconds to keep backups before they are allowed to be deleted\n# gitlab_rails['backup_keep_time'] = 604800\n\n# gitlab_rails['backup_upload_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AKIAKIAKI',\n# 'aws_secret_access_key' => 'secret123'\n# }\n# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'\n# gitlab_rails['backup_multipart_chunk_size'] = 104857600\n\n###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for\n###! backups**\n# gitlab_rails['backup_encryption'] = 'AES256'\n\n###! **Specifies Amazon S3 storage class to use for backups. Valid values\n###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**\n# gitlab_rails['backup_storage_class'] = 'STANDARD'\n\n\n### Pseudonymizer Settings\n# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'\n# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'\n# gitlab_rails['pseudonymizer_upload_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AKIAKIAKI',\n# 'aws_secret_access_key' => 'secret123'\n# }\n\n\n### For setting up different data storing directory\n###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory\n###! **If you want to use a single non-default directory to store git data use a\n###! path that doesn't contain symlinks.**\n# git_data_dirs({\n# \"default\" => {\n# \"path\" => \"/mnt/nfs-01/git-data\"\n# }\n# })\n\n### Gitaly settings\n# gitlab_rails['gitaly_token'] = 'secret token'\n\n### For storing GitLab application uploads, eg. LFS objects, build artifacts\n###! Docs: https://docs.gitlab.com/ce/development/shared_files.html\n# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'\n\n### Wait for file system to be mounted\n###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted\n# high_availability['mountpoint'] = [\"/var/opt/gitlab/git-data\", \"/var/opt/gitlab/gitlab-rails/shared\"]\n\n### GitLab Shell settings for GitLab\n# gitlab_rails['gitlab_shell_ssh_port'] = 22\n# gitlab_rails['gitlab_shell_git_timeout'] = 800\n\n### Extra customization\n# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'\n# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'\n# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'\n\n##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html\n# gitlab_rails['env'] = {\n# 'BUNDLE_GEMFILE' => \"/opt/gitlab/embedded/service/gitlab-rails/Gemfile\",\n# 'PATH' => \"/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin\"\n# }\n\n# gitlab_rails['rack_attack_git_basic_auth'] = {\n# 'enabled' => false,\n# 'ip_whitelist' => [\"127.0.0.1\"],\n# 'maxretry' => 10,\n# 'findtime' => 60,\n# 'bantime' => 3600\n# }\n\n# gitlab_rails['rack_attack_protected_paths'] = [\n# '/users/password',\n# '/users/sign_in',\n# '/api/#{API::API.version}/session.json',\n# '/api/#{API::API.version}/session',\n# '/users',\n# '/users/confirmation',\n# '/unsubscribes/',\n# '/import/github/personal_access_token'\n# ]\n\n###! **We do not recommend changing these directories.**\n# gitlab_rails['dir'] = \"/var/opt/gitlab/gitlab-rails\"\n# gitlab_rails['log_directory'] = \"/var/log/gitlab/gitlab-rails\"\n\n### GitLab application settings\n# gitlab_rails['uploads_directory'] = \"/var/opt/gitlab/gitlab-rails/uploads\"\n# gitlab_rails['rate_limit_requests_per_period'] = 10\n# gitlab_rails['rate_limit_period'] = 60\n\n#### Change the initial default admin password and shared runner registration tokens.\n####! **Only applicable on initial setup, changing these settings after database\n####! is created and seeded won't yield any change.**\n# gitlab_rails['initial_root_password'] = \"password\"\n# gitlab_rails['initial_shared_runners_registration_token'] = \"token\"\n\n#### Enable or disable automatic database migrations\n# gitlab_rails['auto_migrate'] = true\n\n#### This is advanced feature used by large gitlab deployments where loading\n#### whole RAILS env takes a lot of time.\n# gitlab_rails['rake_cache_clear'] = true\n\n### GitLab database settings\n###! Docs: https://docs.gitlab.com/omnibus/settings/database.html\n###! **Only needed if you use an external database.**\n# gitlab_rails['db_adapter'] = \"postgresql\"\n# gitlab_rails['db_encoding'] = \"unicode\"\n# gitlab_rails['db_collation'] = nil\n# gitlab_rails['db_database'] = \"gitlabhq_production\"\n# gitlab_rails['db_pool'] = 10\n# gitlab_rails['db_username'] = \"gitlab\"\n# gitlab_rails['db_password'] = nil\n# gitlab_rails['db_host'] = nil\n# gitlab_rails['db_port'] = 5432\n# gitlab_rails['db_socket'] = nil\n# gitlab_rails['db_sslmode'] = nil\n# gitlab_rails['db_sslcompression'] = 0\n# gitlab_rails['db_sslrootcert'] = nil\n# gitlab_rails['db_prepared_statements'] = false\n# gitlab_rails['db_statements_limit'] = 1000\n\n\n### GitLab Redis settings\n###! Connect to your own Redis instance\n###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html\n\n#### Redis TCP connection\n# gitlab_rails['redis_host'] = \"127.0.0.1\"\n# gitlab_rails['redis_port'] = 6379\n# gitlab_rails['redis_ssl'] = false\n# gitlab_rails['redis_password'] = nil\n# gitlab_rails['redis_database'] = 0\n\n#### Redis local UNIX socket (will be disabled if TCP method is used)\n# gitlab_rails['redis_socket'] = \"/var/opt/gitlab/redis/redis.socket\"\n\n#### Sentinel support\n####! To have Sentinel working, you must enable Redis TCP connection support\n####! above and define a few Sentinel hosts below (to get a reliable setup\n####! at least 3 hosts).\n####! **You don't need to list every sentinel host, but the ones not listed will\n####! not be used in a fail-over situation to query for the new master.**\n# gitlab_rails['redis_sentinels'] = [\n# {'host' => '127.0.0.1', 'port' => 26379},\n# ]\n\n#### Separate instances support\n###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances\n# gitlab_rails['redis_cache_instance'] = nil\n# gitlab_rails['redis_cache_sentinels'] = nil\n# gitlab_rails['redis_queues_instance'] = nil\n# gitlab_rails['redis_queues_sentinels'] = nil\n# gitlab_rails['redis_shared_state_instance'] = nil\n# gitlab_rails['redis_shared_sentinels'] = nil\n\n### GitLab email server settings\n###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html\n###! **Use smtp instead of sendmail/postfix.**\n\n# gitlab_rails['smtp_enable'] = true\n# gitlab_rails['smtp_address'] = \"smtp.server\"\n# gitlab_rails['smtp_port'] = 465\n# gitlab_rails['smtp_user_name'] = \"smtp user\"\n# gitlab_rails['smtp_password'] = \"smtp password\"\n# gitlab_rails['smtp_domain'] = \"example.com\"\n# gitlab_rails['smtp_authentication'] = \"login\"\n# gitlab_rails['smtp_enable_starttls_auto'] = true\n# gitlab_rails['smtp_tls'] = false\n\n###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**\n###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html\n# gitlab_rails['smtp_openssl_verify_mode'] = 'none'\n\n# gitlab_rails['smtp_ca_path'] = \"/etc/ssl/certs\"\n# gitlab_rails['smtp_ca_file'] = \"/etc/ssl/certs/ca-certificates.crt\"\n\n################################################################################\n## Container Registry settings\n##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html\n################################################################################\n\n# registry_external_url 'https://registry.gitlab.example.com'\n\n### Settings used by GitLab application\n# gitlab_rails['registry_enabled'] = true\n# gitlab_rails['registry_host'] = \"registry.gitlab.example.com\"\n# gitlab_rails['registry_port'] = \"5005\"\n# gitlab_rails['registry_path'] = \"/var/opt/gitlab/gitlab-rails/shared/registry\"\n\n###! **Do not change the following 3 settings unless you know what you are\n###! doing**\n# gitlab_rails['registry_api_url'] = \"http://localhost:5000\"\n# gitlab_rails['registry_key_path'] = \"/var/opt/gitlab/gitlab-rails/certificate.key\"\n# gitlab_rails['registry_issuer'] = \"omnibus-gitlab-issuer\"\n\n### Settings used by Registry application\n# registry['enable'] = true\n# registry['username'] = \"registry\"\n# registry['group'] = \"registry\"\n# registry['uid'] = nil\n# registry['gid'] = nil\n# registry['dir'] = \"/var/opt/gitlab/registry\"\n# registry['registry_http_addr'] = \"localhost:5000\"\n# registry['debug_addr'] = \"localhost:5001\"\n# registry['log_directory'] = \"/var/log/gitlab/registry\"\n# registry['env_directory'] = \"/opt/gitlab/etc/registry/env\"\n# registry['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n# registry['log_level'] = \"info\"\n# registry['log_formatter'] = \"text\"\n# registry['rootcertbundle'] = \"/var/opt/gitlab/registry/certificate.crt\"\n# registry['health_storagedriver_enabled'] = true\n# registry['storage_delete_enabled'] = true\n\n### Registry backend storage\n###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver\n# registry['storage'] = {\n# 's3' => {\n# 'accesskey' => 'AKIAKIAKI',\n# 'secretkey' => 'secret123',\n# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'\n# }\n# }\n\n### Registry notifications endpoints\n# registry['notifications'] = [\n# {\n# 'name' => 'test_endpoint',\n# 'url' => 'https://gitlab.example.com/notify2',\n# 'timeout' => '500ms',\n# 'threshold' => 5,\n# 'backoff' => '1s',\n# 'headers' => {\n# \"Authorization\" => [\"AUTHORIZATION_EXAMPLE_TOKEN\"]\n# }\n# }\n# ]\n### Default registry notifications\n# registry['default_notifications_timeout'] = \"500ms\"\n# registry['default_notifications_threshold'] = 5\n# registry['default_notifications_backoff'] = \"1s\"\n# registry['default_notifications_headers'] = {}\n\n\n\n################################################################################\n## GitLab Workhorse\n##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md\n################################################################################\n\n# gitlab_workhorse['enable'] = true\n# gitlab_workhorse['ha'] = false\n# gitlab_workhorse['listen_network'] = \"unix\"\n# gitlab_workhorse['listen_umask'] = 000\n# gitlab_workhorse['listen_addr'] = \"/var/opt/gitlab/gitlab-workhorse/socket\"\n# gitlab_workhorse['auth_backend'] = \"http://localhost:8080\"\n\n##! the empty string is the default in gitlab-workhorse option parser\n# gitlab_workhorse['auth_socket'] = \"''\"\n\n##! put an empty string on the command line\n# gitlab_workhorse['pprof_listen_addr'] = \"''\"\n\n# gitlab_workhorse['prometheus_listen_addr'] = \"localhost:9229\"\n\n# gitlab_workhorse['dir'] = \"/var/opt/gitlab/gitlab-workhorse\"\n# gitlab_workhorse['log_directory'] = \"/var/log/gitlab/gitlab-workhorse\"\n# gitlab_workhorse['proxy_headers_timeout'] = \"1m0s\"\n\n##! limit number of concurrent API requests, defaults to 0 which is unlimited\n# gitlab_workhorse['api_limit'] = 0\n\n##! limit number of API requests allowed to be queued, defaults to 0 which\n##! disables queuing\n# gitlab_workhorse['api_queue_limit'] = 0\n\n##! duration after which we timeout requests if they sit too long in the queue\n# gitlab_workhorse['api_queue_duration'] = \"30s\"\n\n##! Long polling duration for job requesting for runners\n# gitlab_workhorse['api_ci_long_polling_duration'] = \"60s\"\n\n##! Log format: default is text, can also be json or none.\n# gitlab_workhorse['log_format'] = \"json\"\n\n# gitlab_workhorse['env_directory'] = \"/opt/gitlab/etc/gitlab-workhorse/env\"\n# gitlab_workhorse['env'] = {\n# 'PATH' => \"/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin\",\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n################################################################################\n## GitLab User Settings\n##! Modify default git user.\n##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group\n################################################################################\n\n# user['username'] = \"git\"\n# user['group'] = \"git\"\n# user['uid'] = nil\n# user['gid'] = nil\n\n##! The shell for the git user\n# user['shell'] = \"/bin/sh\"\n\n##! The home directory for the git user\n# user['home'] = \"/var/opt/gitlab\"\n\n# user['git_user_name'] = \"GitLab\"\n# user['git_user_email'] = \"gitlab@#{node['fqdn']}\"\n\n################################################################################\n## GitLab Unicorn\n##! Tweak unicorn settings.\n##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html\n################################################################################\n\n# unicorn['enable'] = true\n# unicorn['worker_timeout'] = 60\n###! Minimum worker_processes is 2 at this moment\n###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771\n# unicorn['worker_processes'] = 2\n\n### Advanced settings\n# unicorn['listen'] = 'localhost'\n# unicorn['port'] = 8080\n# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'\n# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'\n# unicorn['tcp_nopush'] = true\n# unicorn['backlog_socket'] = 1024\n\n###! **Make sure somaxconn is equal or higher then backlog_socket**\n# unicorn['somaxconn'] = 1024\n\n###! **We do not recommend changing this setting**\n# unicorn['log_directory'] = \"/var/log/gitlab/unicorn\"\n\n### **Only change these settings if you understand well what they mean**\n###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/\n###! https://github.com/kzk/unicorn-worker-killer\n# unicorn['worker_memory_limit_min'] = \"400 * 1 << 20\"\n# unicorn['worker_memory_limit_max'] = \"650 * 1 << 20\"\n\n################################################################################\n## GitLab Puma\n##! Tweak puma settings. You should only use Unicorn or Puma, not both.\n##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html\n################################################################################\n\n# puma['enable'] = false\n# puma['ha'] = false\n# puma['worker_timeout'] = 60\n# puma['worker_processes'] = 2\n# puma['min_threads'] = 1\n# puma['max_threads'] = 16\n\n### Advanced settings\n# puma['listen'] = '127.0.0.1'\n# puma['port'] = 8080\n# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'\n# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'\n# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'\n\n###! **We do not recommend changing this setting**\n# puma['log_directory'] = \"/var/log/gitlab/puma\"\n\n### **Only change these settings if you understand well what they mean**\n###! Docs: https://github.com/schneems/puma_worker_killer\n# puma['per_worker_max_memory_mb'] = 650\n\n################################################################################\n## GitLab Sidekiq\n################################################################################\n\n# sidekiq['log_directory'] = \"/var/log/gitlab/sidekiq\"\n# sidekiq['log_format'] = \"default\"\n# sidekiq['shutdown_timeout'] = 4\n# sidekiq['concurrency'] = 25\n# sidekiq['metrics_enabled'] = true\n# sidekiq['listen_address'] = \"localhost\"\n# sidekiq['listen_port'] = 8082\n\n################################################################################\n## gitlab-shell\n################################################################################\n\n# gitlab_shell['audit_usernames'] = false\n# gitlab_shell['log_level'] = 'INFO'\n# gitlab_shell['log_format'] = 'json'\n# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}\n# gitlab_shell['log_directory'] = \"/var/log/gitlab/gitlab-shell/\"\n# gitlab_shell['custom_hooks_dir'] = \"/opt/gitlab/embedded/service/gitlab-shell/hooks\"\n\n# gitlab_shell['auth_file'] = \"/var/opt/gitlab/.ssh/authorized_keys\"\n\n### Git trace log file.\n###! If set, git commands receive GIT_TRACE* environment variables\n###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging\n###! An absolute path starting with / – the trace output will be appended to\n###! that file. It needs to exist so we can check permissions and avoid\n###! throwing warnings to the users.\n# gitlab_shell['git_trace_log_file'] = \"/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log\"\n\n##! **We do not recommend changing this directory.**\n# gitlab_shell['dir'] = \"/var/opt/gitlab/gitlab-shell\"\n\n################################################################\n## GitLab PostgreSQL\n################################################################\n\n###! Changing any of these settings requires a restart of postgresql.\n###! By default, reconfigure reloads postgresql if it is running. If you\n###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`\n###! after reconfigure in order for the changes to take effect.\n# postgresql['enable'] = true\n# postgresql['listen_address'] = nil\n# postgresql['port'] = 5432\n# postgresql['data_dir'] = \"/var/opt/gitlab/postgresql/data\"\n\n##! **recommend value is 1/4 of total RAM, up to 14GB.**\n# postgresql['shared_buffers'] = \"256MB\"\n\n### Advanced settings\n# postgresql['ha'] = false\n# postgresql['dir'] = \"/var/opt/gitlab/postgresql\"\n# postgresql['log_directory'] = \"/var/log/gitlab/postgresql\"\n# postgresql['username'] = \"gitlab-psql\"\n# postgresql['group'] = \"gitlab-psql\"\n##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`\n# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'\n# postgresql['uid'] = nil\n# postgresql['gid'] = nil\n# postgresql['shell'] = \"/bin/sh\"\n# postgresql['home'] = \"/var/opt/gitlab/postgresql\"\n# postgresql['user_path'] = \"/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH\"\n# postgresql['sql_user'] = \"gitlab\"\n# postgresql['max_connections'] = 200\n# postgresql['md5_auth_cidr_addresses'] = []\n# postgresql['trust_auth_cidr_addresses'] = []\n# postgresql['wal_buffers'] = \"-1\"\n# postgresql['autovacuum_max_workers'] = \"3\"\n# postgresql['autovacuum_freeze_max_age'] = \"200000000\"\n# postgresql['log_statement'] = nil\n# postgresql['track_activity_query_size'] = \"1024\"\n# postgresql['shared_preload_libraries'] = nil\n# postgresql['dynamic_shared_memory_type'] = nil\n# postgresql['hot_standby'] = \"off\"\n\n### SSL settings\n# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details\n# postgresql['ssl'] = 'on'\n# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'\n# postgresql['ssl_cert_file'] = 'server.crt'\n# postgresql['ssl_key_file'] = 'server.key'\n# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'\n# postgresql['ssl_crl_file'] = nil\n\n### Replication settings\n###! Note, some replication settings do not require a full restart. They are documented below.\n# postgresql['wal_level'] = \"hot_standby\"\n# postgresql['max_wal_senders'] = 5\n# postgresql['max_replication_slots'] = 0\n# postgresql['max_locks_per_transaction'] = 128\n\n# Backup/Archive settings\n# postgresql['archive_mode'] = \"off\"\n\n###! Changing any of these settings only requires a reload of postgresql. You do not need to\n###! restart postgresql if you change any of these and run reconfigure.\n# postgresql['work_mem'] = \"16MB\"\n# postgresql['maintenance_work_mem'] = \"16MB\"\n# postgresql['checkpoint_segments'] = 10\n# postgresql['checkpoint_timeout'] = \"5min\"\n# postgresql['checkpoint_completion_target'] = 0.9\n# postgresql['effective_io_concurrency'] = 1\n# postgresql['checkpoint_warning'] = \"30s\"\n# postgresql['effective_cache_size'] = \"1MB\"\n# postgresql['shmmax'] = 17179869184 # or 4294967295\n# postgresql['shmall'] = 4194304 # or 1048575\n# postgresql['autovacuum'] = \"on\"\n# postgresql['log_autovacuum_min_duration'] = \"-1\"\n# postgresql['autovacuum_naptime'] = \"1min\"\n# postgresql['autovacuum_vacuum_threshold'] = \"50\"\n# postgresql['autovacuum_analyze_threshold'] = \"50\"\n# postgresql['autovacuum_vacuum_scale_factor'] = \"0.02\"\n# postgresql['autovacuum_analyze_scale_factor'] = \"0.01\"\n# postgresql['autovacuum_vacuum_cost_delay'] = \"20ms\"\n# postgresql['autovacuum_vacuum_cost_limit'] = \"-1\"\n# postgresql['statement_timeout'] = \"60000\"\n# postgresql['idle_in_transaction_session_timeout'] = \"60000\"\n# postgresql['log_line_prefix'] = \"%a\"\n# postgresql['max_worker_processes'] = 8\n# postgresql['max_parallel_workers_per_gather'] = 0\n# postgresql['log_lock_waits'] = 1\n# postgresql['deadlock_timeout'] = '5s'\n# postgresql['track_io_timing'] = 0\n# postgresql['default_statistics_target'] = 1000\n\n### Available in PostgreSQL 9.6 and later\n# postgresql['min_wal_size'] = 80MB\n# postgresql['max_wal_size'] = 1GB\n\n# Backup/Archive settings\n# postgresql['archive_command'] = nil\n# postgresql['archive_timeout'] = \"0\"\n\n### Replication settings\n# postgresql['sql_replication_user'] = \"gitlab_replicator\"\n# postgresql['sql_replication_password'] = \"md5 hash of postgresql password\" # You can generate with `gitlab-ctl pg-password-md5 `\n# postgresql['wal_keep_segments'] = 10\n# postgresql['max_standby_archive_delay'] = \"30s\"\n# postgresql['max_standby_streaming_delay'] = \"30s\"\n# postgresql['synchronous_commit'] = on\n# postgresql['synchronous_standby_names'] = ''\n# postgresql['hot_standby_feedback'] = 'off'\n# postgresql['random_page_cost'] = 2.0\n# postgresql['log_temp_files'] = -1\n# postgresql['log_checkpoints'] = 'off'\n# To add custom entries to pg_hba.conf use the following\n# postgresql['custom_pg_hba_entries'] = {\n# APPLICATION: [ # APPLICATION should identify what the settings are used for\n# {\n# type: example,\n# database: example,\n# user: example,\n# cidr: example,\n# method: example,\n# option: example\n# }\n# ]\n# }\n# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation\n# of the values\n\n\n################################################################################\n## GitLab Redis\n##! **Can be disabled if you are using your own Redis instance.**\n##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html\n################################################################################\n\n# redis['enable'] = true\n# redis['ha'] = false\n# redis['hz'] = 10\n# redis['dir'] = \"/var/opt/gitlab/redis\"\n# redis['log_directory'] = \"/var/log/gitlab/redis\"\n# redis['username'] = \"gitlab-redis\"\n# redis['group'] = \"gitlab-redis\"\n# redis['maxclients'] = \"10000\"\n# redis['maxmemory'] = \"0\"\n# redis['maxmemory_policy'] = \"noeviction\"\n# redis['maxmemory_samples'] = \"5\"\n# redis['tcp_backlog'] = 511\n# redis['tcp_timeout'] = \"60\"\n# redis['tcp_keepalive'] = \"300\"\n# redis['uid'] = nil\n# redis['gid'] = nil\n\n###! **To enable only Redis service in this machine, uncomment\n###! one of the lines below (choose master or slave instance types).**\n###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html\n###! https://docs.gitlab.com/ce/administration/high_availability/redis.html\n# redis_master_role['enable'] = true\n# redis_slave_role['enable'] = true\n\n### Redis TCP support (will disable UNIX socket transport)\n# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one\n# redis['port'] = 6379\n# redis['password'] = 'redis-password-goes-here'\n\n### Redis Sentinel support\n###! **You need a master slave Redis replication to be able to do failover**\n###! **Please read the documentation before enabling it to understand the\n###! caveats:**\n###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html\n\n### Replication support\n#### Slave Redis instance\n# redis['master'] = false # by default this is true\n\n#### Slave and Sentinel shared configuration\n####! **Both need to point to the master Redis instance to get replication and\n####! heartbeat monitoring**\n# redis['master_name'] = 'gitlab-redis'\n# redis['master_ip'] = nil\n# redis['master_port'] = 6379\n\n#### Support to run redis slaves in a Docker or NAT environment\n####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat\n# redis['announce_ip'] = nil\n# redis['announce_port'] = nil\n\n####! **Master password should have the same value defined in\n####! redis['password'] to enable the instance to transition to/from\n####! master/slave in a failover event.**\n# redis['master_password'] = 'redis-password-goes-here'\n\n####! Increase these values when your slaves can't catch up with master\n# redis['client_output_buffer_limit_normal'] = '0 0 0'\n# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'\n# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'\n\n#####! Redis snapshotting frequency\n#####! Set to [] to disable\n#####! Set to [''] to clear previously set values\n# redis['save'] = [ '900 1', '300 10', '60 10000' ]\n\n################################################################################\n## GitLab Web server\n##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server\n################################################################################\n\n##! When bundled nginx is disabled we need to add the external webserver user to\n##! the GitLab webserver group.\n# web_server['external_users'] = []\n# web_server['username'] = 'gitlab-www'\n# web_server['group'] = 'gitlab-www'\n# web_server['uid'] = nil\n# web_server['gid'] = nil\n# web_server['shell'] = '/bin/false'\n# web_server['home'] = '/var/opt/gitlab/nginx'\n\n################################################################################\n## GitLab NGINX\n##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html\n################################################################################\n\n# nginx['enable'] = true\n# nginx['client_max_body_size'] = '250m'\n# nginx['redirect_http_to_https'] = false\n# nginx['redirect_http_to_https_port'] = 80\n\n##! Most root CA's are included by default\n# nginx['ssl_client_certificate'] = \"/etc/gitlab/ssl/ca.crt\"\n\n##! enable/disable 2-way SSL client authentication\n# nginx['ssl_verify_client'] = \"off\"\n\n##! if ssl_verify_client on, verification depth in the client certificates chain\n# nginx['ssl_verify_depth'] = \"1\"\n\n# nginx['ssl_certificate'] = \"/etc/gitlab/ssl/#{node['fqdn']}.crt\"\n# nginx['ssl_certificate_key'] = \"/etc/gitlab/ssl/#{node['fqdn']}.key\"\n# nginx['ssl_ciphers'] = \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\"\n# nginx['ssl_prefer_server_ciphers'] = \"on\"\n\n##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html\n##! https://cipherli.st/**\n# nginx['ssl_protocols'] = \"TLSv1.1 TLSv1.2\"\n\n##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**\n# nginx['ssl_session_cache'] = \"builtin:1000 shared:SSL:10m\"\n\n##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**\n# nginx['ssl_session_timeout'] = \"5m\"\n\n# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem\n# nginx['listen_addresses'] = ['*', '[::]']\n\n##! **Defaults to forcing web browsers to always communicate using only HTTPS**\n##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security\n# nginx['hsts_max_age'] = 31536000\n# nginx['hsts_include_subdomains'] = false\n\n##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**\n# nginx['gzip_enabled'] = true\n\n##! **Override only if you use a reverse proxy**\n##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port\n# nginx['listen_port'] = nil\n\n##! **Override only if your reverse proxy internally communicates over HTTP**\n##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl\n# nginx['listen_https'] = nil\n\n# nginx['custom_gitlab_server_config'] = \"location ^~ /foo-namespace/bar-project/raw/ {\\n deny all;\\n}\\n\"\n# nginx['custom_nginx_config'] = \"include /etc/nginx/conf.d/example.conf;\"\n# nginx['proxy_read_timeout'] = 3600\n# nginx['proxy_connect_timeout'] = 300\n# nginx['proxy_set_headers'] = {\n# \"Host\" => \"$http_host_with_default\",\n# \"X-Real-IP\" => \"$remote_addr\",\n# \"X-Forwarded-For\" => \"$proxy_add_x_forwarded_for\",\n# \"X-Forwarded-Proto\" => \"https\",\n# \"X-Forwarded-Ssl\" => \"on\",\n# \"Upgrade\" => \"$http_upgrade\",\n# \"Connection\" => \"$connection_upgrade\"\n# }\n# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'\n# nginx['proxy_cache'] = 'gitlab'\n# nginx['http2_enabled'] = true\n# nginx['real_ip_trusted_addresses'] = []\n# nginx['real_ip_header'] = nil\n# nginx['real_ip_recursive'] = nil\n# nginx['custom_error_pages'] = {\n# '404' => {\n# 'title' => 'Example title',\n# 'header' => 'Example header',\n# 'message' => 'Example message'\n# }\n# }\n\n### Advanced settings\n# nginx['dir'] = \"/var/opt/gitlab/nginx\"\n# nginx['log_directory'] = \"/var/log/gitlab/nginx\"\n# nginx['worker_processes'] = 4\n# nginx['worker_connections'] = 10240\n# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"'\n# nginx['sendfile'] = 'on'\n# nginx['tcp_nopush'] = 'on'\n# nginx['tcp_nodelay'] = 'on'\n# nginx['gzip'] = \"on\"\n# nginx['gzip_http_version'] = \"1.0\"\n# nginx['gzip_comp_level'] = \"2\"\n# nginx['gzip_proxied'] = \"any\"\n# nginx['gzip_types'] = [ \"text/plain\", \"text/css\", \"application/x-javascript\", \"text/xml\", \"application/xml\", \"application/xml+rss\", \"text/javascript\", \"application/json\" ]\n# nginx['keepalive_timeout'] = 65\n# nginx['cache_max_size'] = '5000m'\n# nginx['server_names_hash_bucket_size'] = 64\n##! These paths have proxy_request_buffering disabled\n# nginx['request_buffering_off_path_regex'] = \"\\.git/git-receive-pack$|\\.git/info/refs?service=git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$\"\n\n### Nginx status\n# nginx['status'] = {\n# \"enable\" => true,\n# \"listen_addresses\" => [\"127.0.0.1\"],\n# \"fqdn\" => \"dev.example.com\",\n# \"port\" => 9999,\n# \"vts_enable\" => true,\n# \"options\" => {\n# \"stub_status\" => \"on\", # Turn on stats\n# \"server_tokens\" => \"off\", # Don't show the version of NGINX\n# \"access_log\" => \"off\", # Disable logs for stats\n# \"allow\" => \"127.0.0.1\", # Only allow access from localhost\n# \"deny\" => \"all\" # Deny access to anyone else\n# }\n# }\n\n################################################################################\n## GitLab Logging\n##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html\n################################################################################\n\n# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data\n# logging['svlogd_num'] = 30 # keep 30 rotated log files\n# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours\n# logging['svlogd_filter'] = \"gzip\" # compress logs with gzip\n# logging['svlogd_udp'] = nil # transmit log messages via UDP\n# logging['svlogd_prefix'] = nil # custom prefix for log messages\n# logging['logrotate_frequency'] = \"daily\" # rotate logs daily\n# logging['logrotate_size'] = nil # do not rotate by size by default\n# logging['logrotate_rotate'] = 30 # keep 30 rotated logs\n# logging['logrotate_compress'] = \"compress\" # see 'man logrotate'\n# logging['logrotate_method'] = \"copytruncate\" # see 'man logrotate'\n# logging['logrotate_postrotate'] = nil # no postrotate command by default\n# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of \"-%Y-%m-%d\" would give rotated files like production.log-2016-03-09.gz\n\n### UDP log forwarding\n##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding\n\n##! remote host to ship log messages to via UDP\n# logging['udp_log_shipping_host'] = nil\n\n##! override the hostname used when logs are shipped via UDP,\n## by default the system hostname will be used.\n# logging['udp_log_shipping_hostname'] = nil\n\n##! remote port to ship log messages to via UDP\n# logging['udp_log_shipping_port'] = 514\n\n################################################################################\n## Logrotate\n##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate\n##! You can disable built in logrotate feature.\n################################################################################\n# logrotate['enable'] = true\n\n################################################################################\n## Users and groups accounts\n##! Disable management of users and groups accounts.\n##! **Set only if creating accounts manually**\n##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management\n################################################################################\n\n# manage_accounts['enable'] = false\n\n################################################################################\n## Storage directories\n##! Disable managing storage directories\n##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management\n################################################################################\n\n##! **Set only if the select directories are created manually**\n# manage_storage_directories['enable'] = false\n# manage_storage_directories['manage_etc'] = false\n\n################################################################################\n## Runtime directory\n##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory\n################################################################################\n\n# runtime_dir '/run'\n\n################################################################################\n## Git\n##! Advanced setting for configuring git system settings for omnibus-gitlab\n##! internal git\n################################################################################\n\n##! For multiple options under one header use array of comma separated values,\n##! eg.:\n##! { \"receive\" => [\"fsckObjects = true\"], \"alias\" => [\"st = status\", \"co = checkout\"] }\n\n# omnibus_gitconfig['system'] = {\n# \"pack\" => [\"threads = 1\"],\n# \"receive\" => [\"fsckObjects = true\", \"advertisePushOptions = true\"],\n# \"repack\" => [\"writeBitmaps = true\"],\n# \"transfer\" => [\"hideRefs=^refs/tmp/\", \"hideRefs=^refs/keep-around/\", \"hideRefs=^refs/remotes/\"],\n# }\n\n################################################################################\n## GitLab Pages\n##! Docs: https://docs.gitlab.com/ce/pages/administration.html\n################################################################################\n\n##! Define to enable GitLab Pages\n# pages_external_url \"http://pages.example.com/\"\n# gitlab_pages['enable'] = false\n\n##! Configure to expose GitLab Pages on external IP address, serving the HTTP\n# gitlab_pages['external_http'] = []\n\n##! Configure to expose GitLab Pages on external IP address, serving the HTTPS\n# gitlab_pages['external_https'] = []\n\n##! Configure to enable health check endpoint on GitLab Pages\n# gitlab_pages['status_uri'] = \"/@status\"\n\n##! Tune the maximum number of concurrent connections GitLab Pages will handle.\n##! This should be in the range 1 - 10000, defaulting to 5000.\n# gitlab_pages['max_connections'] = 5000\n\n##! Configure to use JSON structured logging in GitLab Pages\n# gitlab_pages['log_format'] = \"json\"\n\n##! Configure verbose logging for GitLab Pages\n# gitlab_pages['log_verbose'] = false\n\n##! Listen for requests forwarded by reverse proxy\n# gitlab_pages['listen_proxy'] = \"localhost:8090\"\n\n# gitlab_pages['redirect_http'] = true\n# gitlab_pages['use_http2'] = true\n# gitlab_pages['dir'] = \"/var/opt/gitlab/gitlab-pages\"\n# gitlab_pages['log_directory'] = \"/var/log/gitlab/gitlab-pages\"\n\n# gitlab_pages['artifacts_server'] = true\n# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'\n# gitlab_pages['artifacts_server_timeout'] = 10\n\n##! Environments that do not support bind-mounting should set this parameter to\n##! true. This is incompatible with the artifacts server\n# gitlab_pages['inplace_chroot'] = false\n\n##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics\n# gitlab_pages['metrics_address'] = \":9235\"\n\n##! Configure the pages admin API\n# gitlab_pages['admin_secret_token'] = 'custom secret'\n# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'\n# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'\n# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'\n\n##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host\n# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'\n# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'\n\n##! Pages access control\n# gitlab_pages['access_control'] = false\n# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present\n# gitlab_pages['gitlab_secret'] = nil # Generated if not present\n# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'\n# gitlab_pages['auth_server'] = nil # Defaults to external_url\n# gitlab_pages['auth_secret'] = nil # Generated if not present\n\n################################################################################\n## GitLab Pages NGINX\n################################################################################\n\n# All the settings defined in the \"GitLab Nginx\" section are also available in this \"GitLab Pages NGINX\" section\n# You just have to change the key \"nginx['some_settings']\" with \"pages_nginx['some_settings']\"\n\n# Below you can find settings that are exclusive to \"GitLab Pages NGINX\"\n# pages_nginx['enable'] = false\n\n# gitlab_rails['pages_path'] = \"/var/opt/gitlab/gitlab-rails/shared/pages\"\n\n################################################################################\n## GitLab CI\n##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html\n################################################################################\n\n# gitlab_ci['gitlab_ci_all_broken_builds'] = true\n# gitlab_ci['gitlab_ci_add_pusher'] = true\n# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'\n\n################################################################################\n## GitLab Mattermost\n##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost\n################################################################################\n\n# mattermost_external_url 'http://mattermost.example.com'\n\n# mattermost['enable'] = false\n# mattermost['username'] = 'mattermost'\n# mattermost['group'] = 'mattermost'\n# mattermost['uid'] = nil\n# mattermost['gid'] = nil\n# mattermost['home'] = '/var/opt/gitlab/mattermost'\n# mattermost['database_name'] = 'mattermost_production'\n# mattermost['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n# mattermost['service_address'] = \"127.0.0.1\"\n# mattermost['service_port'] = \"8065\"\n# mattermost['service_site_url'] = nil\n# mattermost['service_allowed_untrusted_internal_connections'] = \"\"\n# mattermost['service_enable_api_team_deletion'] = true\n# mattermost['team_site_name'] = \"GitLab Mattermost\"\n# mattermost['sql_driver_name'] = 'mysql'\n# mattermost['sql_data_source'] = \"mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8\"\n# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'\n# mattermost['gitlab_enable'] = false\n# mattermost['gitlab_id'] = \"12345656\"\n# mattermost['gitlab_secret'] = \"123456789\"\n# mattermost['gitlab_scope'] = \"\"\n# mattermost['gitlab_auth_endpoint'] = \"http://gitlab.example.com/oauth/authorize\"\n# mattermost['gitlab_token_endpoint'] = \"http://gitlab.example.com/oauth/token\"\n# mattermost['gitlab_user_api_endpoint'] = \"http://gitlab.example.com/api/v4/user\"\n# mattermost['file_directory'] = \"/var/opt/gitlab/mattermost/data\"\n# mattermost['plugin_directory'] = \"/var/opt/gitlab/mattermost/plugins\"\n# mattermost['plugin_client_directory'] = \"/var/opt/gitlab/mattermost/client-plugins\"\n\n################################################################################\n## Mattermost NGINX\n################################################################################\n\n# All the settings defined in the \"GitLab NGINX\" section are also available in this \"Mattermost NGINX\" section\n# You just have to change the key \"nginx['some_settings']\" with \"mattermost_nginx['some_settings']\"\n\n# Below you can find settings that are exclusive to \"Mattermost NGINX\"\n# mattermost_nginx['enable'] = false\n\n# mattermost_nginx['custom_gitlab_mattermost_server_config'] = \"location ^~ /foo-namespace/bar-project/raw/ {\\n deny all;\\n}\\n\"\n# mattermost_nginx['proxy_set_headers'] = {\n# \"Host\" => \"$http_host\",\n# \"X-Real-IP\" => \"$remote_addr\",\n# \"X-Forwarded-For\" => \"$proxy_add_x_forwarded_for\",\n# \"X-Frame-Options\" => \"SAMEORIGIN\",\n# \"X-Forwarded-Proto\" => \"https\",\n# \"X-Forwarded-Ssl\" => \"on\",\n# \"Upgrade\" => \"$http_upgrade\",\n# \"Connection\" => \"$connection_upgrade\"\n# }\n\n\n################################################################################\n## Registry NGINX\n################################################################################\n\n# All the settings defined in the \"GitLab NGINX\" section are also available in this \"Registry NGINX\" section\n# You just have to change the key \"nginx['some_settings']\" with \"registry_nginx['some_settings']\"\n\n# Below you can find settings that are exclusive to \"Registry NGINX\"\n# registry_nginx['enable'] = false\n\n# registry_nginx['proxy_set_headers'] = {\n# \"Host\" => \"$http_host\",\n# \"X-Real-IP\" => \"$remote_addr\",\n# \"X-Forwarded-For\" => \"$proxy_add_x_forwarded_for\",\n# \"X-Forwarded-Proto\" => \"https\",\n# \"X-Forwarded-Ssl\" => \"on\"\n# }\n\n################################################################################\n## Prometheus\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/\n################################################################################\n\n# prometheus['enable'] = true\n# prometheus['monitor_kubernetes'] = true\n# prometheus['username'] = 'gitlab-prometheus'\n# prometheus['group'] = 'gitlab-prometheus'\n# prometheus['uid'] = nil\n# prometheus['gid'] = nil\n# prometheus['shell'] = '/bin/sh'\n# prometheus['home'] = '/var/opt/gitlab/prometheus'\n# prometheus['log_directory'] = '/var/log/gitlab/prometheus'\n# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']\n# prometheus['scrape_interval'] = 15\n# prometheus['scrape_timeout'] = 15\n# prometheus['chunk_encoding_version'] = 2\n# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'\n# prometheus['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n#\n### Custom scrape configs\n#\n# Prometheus can scrape additional jobs via scrape_configs. The default automatically\n# includes all of the exporters supported by the omnibus config.\n#\n# See: https://prometheus.io/docs/operating/configuration/#\n#\n# Example:\n#\n# prometheus['scrape_configs'] = [\n# {\n# 'job_name': 'example',\n# 'static_configs' => [\n# 'targets' => ['hostname:port'],\n# ],\n# },\n# ]\n#\n### Prometheus Memory Management\n#\n# Prometheus needs to be configured for how much memory is used.\n# * This sets the target heap size.\n# * This value accounts for approximately 2/3 of the memory used by the server.\n# * The recommended memory is 4kb per unique metrics time-series.\n# See: https://prometheus.io/docs/operating/storage/#memory-usage\n#\n# prometheus['target_heap_size'] = (\n# # Use 25mb + 2% of total memory for Prometheus memory.\n# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 )\n# ).to_i\n#\n# prometheus['flags'] = {\n# 'storage.local.path' => \"#{node['gitlab']['prometheus']['home']}/data\",\n# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'],\n# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'],\n# 'config.file' => \"#{node['gitlab']['prometheus']['home']}/prometheus.yml\"\n# }\n\n##! Advanced settings. Should be changed only if absolutely needed.\n# prometheus['listen_address'] = 'localhost:9090'\n\n################################################################################\n## Prometheus Alertmanager\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/alertmanager.html\n################################################################################\n\n# alertmanager['enable'] = true\n# alertmanager['home'] = '/var/opt/gitlab/alertmanager'\n# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'\n# alertmanager['admin_email'] = 'admin@example.com'\n# alertmanager['flags'] = {\n# 'web.listen-address' => \"#{node['gitlab']['alertmanager']['listen_address']}\"\n# 'storage.path' => \"#{node['gitlab']['alertmanager']['home']}/data\"\n# 'config.file' => \"#{node['gitlab']['alertmanager']['home']}/alertmanager.yml\"\n# }\n# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'\n# alertmanager['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n##! Advanced settings. Should be changed only if absolutely needed.\n# alertmanager['listen_address'] = 'localhost:9093'\n\n################################################################################\n## Prometheus Node Exporter\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html\n################################################################################\n\n# node_exporter['enable'] = true\n# node_exporter['home'] = '/var/opt/gitlab/node-exporter'\n# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'\n# node_exporter['flags'] = {\n# 'collector.textfile.directory' => \"#{node['gitlab']['node-exporter']['home']}/textfile_collector\"\n# }\n# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'\n# node_exporter['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n##! Advanced settings. Should be changed only if absolutely needed.\n# node_exporter['listen_address'] = 'localhost:9100'\n\n################################################################################\n## Prometheus Redis exporter\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html\n################################################################################\n\n# redis_exporter['enable'] = true\n# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'\n# redis_exporter['flags'] = {\n# 'redis.addr' => \"unix://#{node['gitlab']['gitlab-rails']['redis_socket']}\",\n# }\n# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'\n# redis_exporter['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n##! Advanced settings. Should be changed only if absolutely needed.\n# redis_exporter['listen_address'] = 'localhost:9121'\n\n################################################################################\n## Prometheus Postgres exporter\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html\n################################################################################\n\n# postgres_exporter['enable'] = true\n# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'\n# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'\n# postgres_exporter['flags'] = {}\n# postgres_exporter['listen_address'] = 'localhost:9187'\n# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'\n# postgres_exporter['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n################################################################################\n## Prometheus PgBouncer exporter (EE only)\n##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html\n################################################################################\n\n# pgbouncer_exporter['enable'] = false\n# pgbouncer_exporter['log_directory'] = \"/var/log/gitlab/pgbouncer-exporter\"\n# pgbouncer_exporter['listen_address'] = 'localhost:9188'\n# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'\n# pgbouncer_exporter['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n\n################################################################################\n## Prometheus Gitlab monitor\n##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html\n################################################################################\n\n\n# gitlab_monitor['enable'] = true\n# gitlab_monitor['log_directory'] = \"/var/log/gitlab/gitlab-monitor\"\n# gitlab_monitor['home'] = \"/var/opt/gitlab/gitlab-monitor\"\n\n##! Advanced settings. Should be changed only if absolutely needed.\n# gitlab_monitor['listen_address'] = 'localhost'\n# gitlab_monitor['listen_port'] = '9168'\n\n##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are\n##! found.\n# gitlab_monitor['probe_sidekiq'] = true\n\n# To completely disable prometheus, and all of it's exporters, set to false\n# prometheus_monitoring['enable'] = true\n\n################################################################################\n## Gitaly\n##! Docs:\n################################################################################\n\n# The gitaly['enable'] option exists for the purpose of cluster\n# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .\n# gitaly['enable'] = true\n# gitaly['dir'] = \"/var/opt/gitlab/gitaly\"\n# gitaly['log_directory'] = \"/var/log/gitlab/gitaly\"\n# gitaly['bin_path'] = \"/opt/gitlab/embedded/bin/gitaly\"\n# gitaly['env_directory'] = \"/opt/gitlab/etc/gitaly/env\"\n# gitaly['env'] = {\n# 'PATH' => \"/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin\",\n# 'HOME' => '/var/opt/gitlab'\n# }\n# gitaly['socket_path'] = \"/var/opt/gitlab/gitaly/gitaly.socket\"\n# gitaly['listen_addr'] = \"localhost:8075\"\n# gitaly['prometheus_listen_addr'] = \"localhost:9236\"\n# gitaly['logging_level'] = \"warn\"\n# gitaly['logging_format'] = \"json\"\n# gitaly['logging_sentry_dsn'] = \"https://:@sentry.io/\"\n# gitaly['logging_ruby_sentry_dsn'] = \"https://:@sentry.io/\"\n# gitaly['prometheus_grpc_latency_buckets'] = \"[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]\"\n# gitaly['auth_token'] = ''\n# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced\n# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart\n# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests\n# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby\n# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.\n# gitaly['storage'] = [\n# {\n# 'name' => 'default',\n# 'path' => '/mnt/nfs-01/git-data/repositories'\n# },\n# {\n# 'name' => 'secondary',\n# 'path' => '/mnt/nfs-02/git-data/repositories'\n# }\n# ]\n# gitaly['concurrency'] = [\n# {\n# 'rpc' => \"/gitaly.SmartHTTPService/PostReceivePack\",\n# 'max_per_repo' => 20\n# }, {\n# 'rpc' => \"/gitaly.SSHService/SSHUploadPack\",\n# 'max_per_repo' => 5\n# }\n# ]\n\n################################################################################\n# Storage check\n################################################################################\n# storage_check['enable'] = false\n# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'\n# storage_check['log_directory'] = '/var/log/gitlab/storage-check'\n\n################################################################################\n# Let's Encrypt integration\n################################################################################\n# letsencrypt['enable'] = nil\n# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts\n# letsencrypt['group'] = 'root'\n# letsencrypt['key_size'] = 2048\n# letsencrypt['owner'] = 'root'\n# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'\n# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings\n# letsencrypt['auto_renew'] = true\n# letsencrypt['auto_renew_hour'] = 0\n# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.\n# letsencrypt['auto_renew_day_of_month'] = \"*/4\"\n\n################################################################################\n################################################################################\n## Configuration Settings for GitLab EE only ##\n################################################################################\n################################################################################\n\n\n################################################################################\n## Auxiliary cron jobs applicable to GitLab EE only\n################################################################################\n#\n# gitlab_rails['geo_file_download_dispatch_worker_cron'] = \"*/10 * * * *\"\n# gitlab_rails['geo_repository_sync_worker_cron'] = \"*/5 * * * *\"\n# gitlab_rails['geo_prune_event_log_worker_cron'] = \"*/5 * * * *\"\n# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = \"*/5 * * * *\"\n# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = \"*/5 * * * *\"\n# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = \"15 */6 * * *\"\n# gitlab_rails['ldap_sync_worker_cron'] = \"30 1 * * *\"\n# gitlab_rails['ldap_group_sync_worker_cron'] = \"0 * * * *\"\n# gitlab_rails['historical_data_worker_cron'] = \"0 12 * * *\"\n# gitlab_rails['pseudonymizer_worker_cron'] = \"0 23 * * *\"\n\n################################################################################\n## Kerberos (EE Only)\n##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access\n################################################################################\n\n# gitlab_rails['kerberos_enabled'] = true\n# gitlab_rails['kerberos_keytab'] = /etc/http.keytab\n# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM\n# gitlab_rails['kerberos_use_dedicated_port'] = true\n# gitlab_rails['kerberos_port'] = 8443\n# gitlab_rails['kerberos_https'] = true\n\n################################################################################\n## Package repository (EE Only)\n##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md\n################################################################################\n\n# gitlab_rails['packages_enabled'] = true\n# gitlab_rails['packages_storage_path'] = \"/var/opt/gitlab/gitlab-rails/shared/packages\"\n# gitlab_rails['packages_object_store_enabled'] = false\n# gitlab_rails['packages_object_store_direct_upload'] = false\n# gitlab_rails['packages_object_store_background_upload'] = true\n# gitlab_rails['packages_object_store_proxy_download'] = false\n# gitlab_rails['packages_object_store_remote_directory'] = \"packages\"\n# gitlab_rails['packages_object_store_connection'] = {\n# 'provider' => 'AWS',\n# 'region' => 'eu-west-1',\n# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',\n# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',\n# # # The below options configure an S3 compatible host instead of AWS\n# # 'host' => 's3.amazonaws.com',\n# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.\n# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces\n# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'\n# }\n\n################################################################################\n## GitLab Sentinel (EE Only)\n##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel\n################################################################################\n\n##! **Make sure you configured all redis['master_*'] keys above before\n##! continuing.**\n\n##! To enable Sentinel and disable all other services in this machine,\n##! uncomment the line below (if you've enabled Redis role, it will keep it).\n##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html\n# redis_sentinel_role['enable'] = true\n\n# sentinel['enable'] = true\n\n##! Bind to all interfaces, uncomment to specify an IP and bind to a single one\n# sentinel['bind'] = '0.0.0.0'\n\n##! Uncomment to change default port\n# sentinel['port'] = 26379\n\n#### Support to run sentinels in a Docker or NAT environment\n#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues\n# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel\n# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis\n# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present\n# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present\n\n##! Quorum must reflect the amount of voting sentinels it take to start a\n##! failover.\n##! **Value must NOT be greater then the amount of sentinels.**\n##! The quorum can be used to tune Sentinel in two ways:\n##! 1. If a the quorum is set to a value smaller than the majority of Sentinels\n##! we deploy, we are basically making Sentinel more sensible to master\n##! failures, triggering a failover as soon as even just a minority of\n##! Sentinels is no longer able to talk with the master.\n##! 2. If a quorum is set to a value greater than the majority of Sentinels, we\n##! are making Sentinel able to failover only when there are a very large\n##! number (larger than majority) of well connected Sentinels which agree\n##! about the master being down.\n# sentinel['quorum'] = 1\n\n### Consider unresponsive server down after x amount of ms.\n# sentinel['down_after_milliseconds'] = 10000\n\n### Specifies the failover timeout in milliseconds.\n##! It is used in many ways:\n##!\n##! - The time needed to re-start a failover after a previous failover was\n##! already tried against the same master by a given Sentinel, is two\n##! times the failover timeout.\n##!\n##! - The time needed for a slave replicating to a wrong master according\n##! to a Sentinel current configuration, to be forced to replicate\n##! with the right master, is exactly the failover timeout (counting since\n##! the moment a Sentinel detected the misconfiguration).\n##!\n##! - The time needed to cancel a failover that is already in progress but\n##! did not produced any configuration change (SLAVEOF NO ONE yet not\n##! acknowledged by the promoted slave).\n##!\n##! - The maximum time a failover in progress waits for all the slaves to be\n##! reconfigured as slaves of the new master. However even after this time\n##! the slaves will be reconfigured by the Sentinels anyway, but not with\n##! the exact parallel-syncs progression as specified.\n# sentinel['failover_timeout'] = 60000\n\n################################################################################\n## GitLab Sidekiq Cluster (EE only)\n################################################################################\n\n##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes\n##! besides the default one. These processes can be used to consume a dedicated set\n##! of queues. This can be used to ensure certain queues always have dedicated\n##! workers, no matter the amount of jobs that need to be processed.\n\n# sidekiq_cluster['enable'] = false\n# sidekiq_cluster['ha'] = false\n# sidekiq_cluster['log_directory'] = \"/var/log/gitlab/sidekiq-cluster\"\n# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks\n# sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run\n\n##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a\n##! Sidekiq process. Multiple queues can be processed by the same process by\n##! separating them with a comma within the group entry\n\n# sidekiq_cluster['queue_groups'] = [\n# \"process_commit,post_receive\",\n# \"gitlab_shell\"\n# ]\n#\n\n##! If negate is enabled then sidekiq-cluster will process all the queues that\n##! don't match those in queue_groups.\n\n# sidekiq_cluster['negate'] = false\n\n################################################################################\n## Additional Database Settings (EE only)\n##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html\n################################################################################\n# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }\n\n################################################################################\n## GitLab Geo\n##! Docs: https://docs.gitlab.com/ee/gitlab-geo\n################################################################################\n# geo_primary_role['enable'] = false\n# geo_secondary_role['enable'] = false\n\n################################################################################\n## GitLab Geo Secondary (EE only)\n################################################################################\n# geo_secondary['auto_migrate'] = true\n# geo_secondary['db_adapter'] = \"postgresql\"\n# geo_secondary['db_encoding'] = \"unicode\"\n# geo_secondary['db_collation'] = nil\n# geo_secondary['db_database'] = \"gitlabhq_geo_production\"\n# geo_secondary['db_pool'] = 10\n# geo_secondary['db_username'] = \"gitlab_geo\"\n# geo_secondary['db_password'] = nil\n# geo_secondary['db_host'] = \"/var/opt/gitlab/geo-postgresql\"\n# geo_secondary['db_port'] = 5431\n# geo_secondary['db_socket'] = nil\n# geo_secondary['db_sslmode'] = nil\n# geo_secondary['db_sslcompression'] = 0\n# geo_secondary['db_sslrootcert'] = nil\n# geo_secondary['db_sslca'] = nil\n# geo_secondary['db_fdw'] = true\n\n################################################################################\n## GitLab Geo Secondary Tracking Database (EE only)\n################################################################################\n\n# geo_postgresql['enable'] = false\n# geo_postgresql['ha'] = false\n# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'\n# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'\n# geo_postgresql['pgbouncer_user'] = nil\n# geo_postgresql['pgbouncer_user_password'] = nil\n\n################################################################################\n# Pgbouncer (EE only)\n# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)\n# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details\n################################################################################\n# pgbouncer['enable'] = false\n# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'\n# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'\n# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'\n# pgbouncer['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n# pgbouncer['listen_addr'] = '0.0.0.0'\n# pgbouncer['listen_port'] = '6432'\n# pgbouncer['pool_mode'] = 'transaction'\n# pgbouncer['server_reset_query'] = 'DISCARD ALL'\n# pgbouncer['application_name_add_host'] = '1'\n# pgbouncer['max_client_conn'] = '2048'\n# pgbouncer['default_pool_size'] = '100'\n# pgbouncer['min_pool_size'] = '0'\n# pgbouncer['reserve_pool_size'] = '5'\n# pgbouncer['reserve_pool_timeout'] = '5.0'\n# pgbouncer['server_round_robin'] = '0'\n# pgbouncer['log_connections'] = '0'\n# pgbouncer['server_idle_timeout'] = '30'\n# pgbouncer['dns_max_ttl'] = '15.0'\n# pgbouncer['dns_zone_check_period'] = '0'\n# pgbouncer['dns_nxdomain_ttl'] = '15.0'\n# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)\n# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)\n# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'\n# pgbouncer['databases'] = {\n# DATABASE_NAME: {\n# host: HOSTNAME,\n# port: PORT\n# user: USERNAME,\n# password: PASSWORD\n###! generate this with `echo -n '$password + $username' | md5sum`\n# }\n# ...\n# }\n# pgbouncer['logfile'] = nil\n# pgbouncer['unix_socket_dir'] = nil\n# pgbouncer['unix_socket_mode'] = '0777'\n# pgbouncer['unix_socket_group'] = nil\n# pgbouncer['auth_type'] = 'md5'\n# pgbouncer['auth_hba_file'] = nil\n# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'\n# pgbouncer['users'] = {\n# {\n# name: USERNAME,\n# password: MD5_PASSWORD_HASH\n# }\n# }\n# postgresql['pgbouncer_user'] = nil\n# postgresql['pgbouncer_user_password'] = nil\n# pgbouncer['server_reset_query_always'] = 0\n# pgbouncer['server_check_query'] = 'select 1'\n# pgbouncer['server_check_delay'] = 30\n# pgbouncer['max_db_connections'] = nil\n# pgbouncer['max_user_connections'] = nil\n# pgbouncer['syslog'] = 0\n# pgbouncer['syslog_facility'] = 'daemon'\n# pgbouncer['syslog_ident'] = 'pgbouncer'\n# pgbouncer['log_disconnections'] = 1\n# pgbouncer['log_pooler_errors'] = 1\n# pgbouncer['stats_period'] = 60\n# pgbouncer['verbose'] = 0\n# pgbouncer['server_lifetime'] = 3600\n# pgbouncer['server_connect_timeout'] = 15\n# pgbouncer['server_login_retry'] = 15\n# pgbouncer['query_timeout'] = 0\n# pgbouncer['query_wait_timeout'] = 120\n# pgbouncer['client_idle_timeout'] = 0\n# pgbouncer['client_login_timeout'] = 60\n# pgbouncer['autodb_idle_timeout'] = 3600\n# pgbouncer['suspend_timeout'] = 10\n# pgbouncer['idle_transaction_timeout'] = 0\n# pgbouncer['pkt_buf'] = 4096\n# pgbouncer['listen_backlog'] = 128\n# pgbouncer['sbuf_loopcnt'] = 5\n# pgbouncer['max_packet_size'] = 2147483647\n# pgbouncer['tcp_defer_accept'] = 0\n# pgbouncer['tcp_socket_buffer'] = 0\n# pgbouncer['tcp_keepalive'] = 1\n# pgbouncer['tcp_keepcnt'] = 0\n# pgbouncer['tcp_keepidle'] = 0\n# pgbouncer['tcp_keepintvl'] = 0\n# pgbouncer['disable_pqexec'] = 0\n\n## Pgbouncer client TLS options\n# pgbouncer['client_tls_sslmode'] = 'disable'\n# pgbouncer['client_tls_ca_file'] = nil\n# pgbouncer['client_tls_key_file'] = nil\n# pgbouncer['client_tls_cert_file'] = nil\n# pgbouncer['client_tls_protocols'] = 'all'\n# pgbouncer['client_tls_dheparams'] = 'auto'\n# pgbouncer['client_tls_ecdhcurve'] = 'auto'\n#\n## Pgbouncer server TLS options\n# pgbouncer['server_tls_sslmode'] = 'disable'\n# pgbouncer['server_tls_ca_file'] = nil\n# pgbouncer['server_tls_key_file'] = nil\n# pgbouncer['server_tls_cert_file'] = nil\n# pgbouncer['server_tls_protocols'] = 'all'\n# pgbouncer['server_tls_ciphers'] = 'fast'\n\n################################################################################\n# Repmgr (EE only)\n################################################################################\n# repmgr['enable'] = false\n# repmgr['cluster'] = 'gitlab_cluster'\n# repmgr['database'] = 'gitlab_repmgr'\n# repmgr['host'] = nil\n# repmgr['node_number'] = nil\n# repmgr['port'] = 5432\n# repmgr['trust_auth_cidr_addresses'] = []\n# repmgr['user'] = 'gitlab_repmgr'\n# repmgr['sslmode'] = 'prefer'\n# repmgr['sslcompression'] = 0\n# repmgr['failover'] = 'automatic'\n# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'\n# repmgr['node_name'] = nil\n# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'\n# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'\n# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'\n# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'\n# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'\n# repmgr['service_promote_command'] = nil\n# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'\n# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'\n\n# repmgr['upstream_node'] = nil\n# repmgr['use_replication_slots'] = false\n# repmgr['loglevel'] = 'INFO'\n# repmgr['logfacility'] = 'STDERR'\n# repmgr['logfile'] = nil\n\n# repmgr['event_notification_command'] = nil\n# repmgr['event_notifications'] = nil\n\n# repmgr['rsync_options'] = nil\n# repmgr['ssh_options'] = nil\n# repmgr['priority'] = nil\n#\n# HA setting to specify if a node should attempt to be master on initialization\n# repmgr['master_on_initialization'] = true\n\n# repmgr['retry_promote_interval_secs'] = 300\n# repmgr['witness_repl_nodes_sync_interval_secs'] = 15\n# repmgr['reconnect_attempts'] = 6\n# repmgr['reconnect_interval'] = 10\n# repmgr['monitor_interval_secs'] = 2\n# repmgr['master_response_timeout'] = 60\n# repmgr['daemon'] = true\n# repmgrd['enable'] = true\n\n################################################################################\n# Consul (EEP only)\n################################################################################\n# consul['enable'] = false\n# consul['dir'] = '/var/opt/gitlab/consul'\n# consul['user'] = 'gitlab-consul'\n# consul['group'] = 'gitlab-consul'\n# consul['config_file'] = '/var/opt/gitlab/consul/config.json'\n# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'\n# consul['data_dir'] = '/var/opt/gitlab/consul/data'\n# consul['log_directory'] = '/var/log/gitlab/consul'\n# consul['env_directory'] = '/opt/gitlab/etc/consul/env'\n# consul['env'] = {\n# 'SSL_CERT_DIR' => \"/opt/gitlab/embedded/ssl/certs/\"\n# }\n# consul['node_name'] = nil\n# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'\n# consul['configuration'] = {\n# 'client_addr' => nil,\n# 'datacenter' => 'gitlab_consul',\n# 'enable_script_checks' => true,\n# 'server' => false\n# }\n# consul['services'] = []\n# consul['service_config'] = {\n# 'postgresql' => {\n# 'service' => {\n# 'name' => \"postgresql\",\n# 'address' => '',\n# 'port' => 5432,\n# 'checks' => [\n# {\n# 'script' => \"/var/opt/gitlab/consul/scripts/check_postgresql\",\n# 'interval' => \"10s\"\n# }\n# ]\n# }\n# }\n# }\n# consul['watchers'] = {\n# 'postgresql' => {\n# enable: false,\n# handler: 'failover_pgbouncer'\n# }\n# }\n" }, { "path": "gitlab/docker-compose.gitlab.yml", "content": "services:\n gitlab:\n image: 'gitlab/gitlab-ce:${GITLAB_IMAGE_VERSION:-latest}'\n environment:\n GITLAB_OMNIBUS_CONFIG: |\n external_url 'http://gitlab.${SITE:-localhost}:80'\n gitlab_rails['gitlab_shell_ssh_port'] = 2224\n hostname: 'gitlab.${SITE:-localhost}'\n labels:\n traefik.enable: true\n traefik.http.routers.gitlab.rule: 'Host(`gitlab.${SITE:-localhost}`)'\n traefik.http.services.gitlab.loadbalancer.server.port: 80\n networks:\n - 'srv'\n ports:\n - '2224:22'\n restart: 'always'\n volumes:\n - './config:/etc/gitlab'\n - './data:/var/opt/gitlab'\n - './logs:/var/log/gitlab'\n\n runner:\n image: 'gitlab/gitlab-runner:${GITLAB_RUNNER_IMAGE_VERSION:-latest}'\n labels:\n traefik.enable: false\n links:\n - 'gitlab'\n restart: 'always'\n volumes:\n - './runner:/etc/gitlab-runner'\n - '/var/run/docker.sock:/var/run/docker.sock'\n" }, { "path": "gitlab/runner/config.toml", "content": "concurrent = 10\ncheck_interval = 1\nlog_level = \"info\"\nlog_format = \"json\"\n\n[session_server]\n session_timeout = 1800\n\n[[runners]]\n token = \"\"\n name = \"The Best Runner\"\n url = \"http://gitlab/\"\n executor = \"docker\"\n [runners.custom_build_dir]\n [runners.docker]\n tls_verify = false\n image = \"ubuntu:19.04\"\n privileged = false\n disable_entrypoint_overwrite = false\n oom_kill_disable = false\n disable_cache = false\n volumes = [\"/cache\"]\n shm_size = 0\n [runners.cache]\n [runners.cache.s3]\n [runners.cache.gcs]\n [runners.custom]\n run_exec = \"\"\n" }, { "path": "hits/.gitignore", "content": "postgresql\n.*.swp\n" }, { "path": "hits/README.md", "content": "# Hits\n\nIs a hit counter using images: one image is served, the count is incremented.\n\nSee [source](https://github.com/dwyl/hits).\n\n## Setup\nSince PostgreSQL is a pain to setup, you must do this before launching the\nservice:\n```bash\nmkdir hits/postgresql\n```\n" }, { "path": "hits/docker-compose.hits.yml", "content": "networks:\n hits-internal: {}\n\nservices:\n hits:\n image: 'tommoulard/hits'\n depends_on:\n - 'hits-postgresql'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:4000']\n labels:\n traefik.enable: true\n traefik.http.routers.hits.rule: 'Host(`hits.${SITE:-localhost}`)'\n traefik.http.services.hits.loadbalancer.server.port: 4000\n networks:\n - 'hits-internal'\n - 'srv'\n restart: 'always'\n\n hits-postgresql:\n image: 'postgres'\n environment:\n POSTGRES_PASSWORD: 'postgres'\n POSTGRES_USER: 'postgres'\n healthcheck:\n test: ['CMD', 'pg_isready', '-U', 'postgres']\n networks:\n hits-internal:\n aliases:\n - 'postgresql'\n restart: 'always'\n user: '1000:1000'\n volumes:\n - './postgresql/:/var/lib/postgresql/data'\n" }, { "path": "homeassistant/.gitignore", "content": "config\n" }, { "path": "homeassistant/README.md", "content": "# Home Assistant\n\nhttps://www.home-assistant.io\n\nOpen source home automation that puts local control and privacy first. Powered\nby a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a\nRaspberry Pi or a local server.\n\nNote that traefik's basic auth cannot be used with home assistant, as\n[HA does not support](https://github.com/home-assistant/iOS/issues/193#issuecomment-760662881)\nusing the `Authorization` header for anything else than HA.\n\n\n## configuration\n\nTo enable [prometheus metrics](https://www.home-assistant.io/integrations/prometheus/),\nadd the following to your `configuration.yaml`:\n\n```yaml\nprometheus:\n```\n\nYou can also [configure basic informations](https://www.home-assistant.io/docs/configuration/basic/)\nabout your home assistant instance by setting the `homeassistant` key in your\n`configuration.yaml`. It is the recommended way to configure your instance as\nis is not possible to secure the instance with traefik's basic auth.\n\nHere is how to tell HA that it is [behind](https://www.home-assistant.io/integrations/http/#reverse-proxies)\na reverse proxy:\n\n```yaml\nhttp:\n use_x_forwarded_for: true\n trusted_proxies:\n - 127.0.0.1 # localhost\n - ::1 # localhost but in IPv6\n - 172.0.0.0/8 # docker network\n```\n" }, { "path": "homeassistant/docker-compose.homeassistant.yml", "content": "services:\n homeassistant:\n image: 'ghcr.io/home-assistant/home-assistant:${HOME_ASSISTANT_IMAGE_VERSION:-stable}'\n # devices: # For passing through USB, serial or gpio devices.\n # - '/dev/ttyUSB0:/dev/ttyUSB0'\n environment:\n GUID: 1000\n PUID: 1000\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:8123']\n labels:\n traefik.enable: true\n traefik.http.routers.homeassistant.rule: |\n Host(`homeassistant.${SITE:-localhost}`) && !Path(`/api/prometheus`)\n traefik.http.services.homeassistant.loadbalancer.server.port: 8123\n # network_mode: host # might be required to discover som devices(i.e.,UPnP).\n networks:\n - 'srv'\n # privileged: true\n restart: 'always'\n volumes:\n - './config:/config'\n - '/etc/localtime:/etc/localtime:ro'\n" }, { "path": "hugo/.gitignore", "content": "blog/\n" }, { "path": "hugo/README.md", "content": "# blog\n\nhttps://gohugo.io/\n\nThe world’s fastest framework for building websites\n\nHugo is one of the most popular open-source static site generators. With its\namazing speed and flexibility, Hugo makes building websites fun again.\n" }, { "path": "hugo/docker-compose.hugo.yml", "content": "services:\n hugo:\n image: 'nginx:stable-alpine'\n depends_on:\n - 'hugo-builder'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:80']\n labels:\n traefik.enable: true\n traefik.http.routers.hugo.rule: 'Host(`hugo.${SITE:-localhost}`)'\n traefik.http.services.hugo.loadbalancer.server.port: 80\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './nginx/conf:/etc/nginx/conf.d'\n - './nginx/logs:/var/log/nginx/'\n\n hugo-builder:\n image: 'jojomi/hugo:0.59'\n environment:\n HUGO_BASEURL: 'https://hugo.${SITE:-localhost}/'\n HUGO_REFRESH_TIME: 3600\n HUGO_THEME: 'hugo-theme-cactus-plus'\n labels:\n traefik.enable: false\n restart: 'always'\n volumes:\n - './blog:/src'\n - './nginx/conf/www:/output'\n" }, { "path": "hugo/nginx/conf/nginx.conf", "content": "error_log /var/log/nginx/error.log;\nlog_format main_log_format '$remote_addr - $remote_user [$time_local] '\n '\"$request\" $status $body_bytes_sent '\n '\"$http_referer\" \"$http_user_agent\" \"$gzip_ratio\"';\nserver {\n access_log /var/log/nginx/access.log main_log_format;\n root /etc/nginx/conf.d/www;\n index index.html;\n\n location /{\n try_files $uri $uri/ =404;\n autoindex on;\n }\n # deny all direct access for these folders\n location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }\n location ~* ^.+\\.(ico|js|gif|jpg|jpeg|png|bmp)$ {\n expires 30d;\n }\n}\n" }, { "path": "hugo/nginx/logs/.gitkeep", "content": "" }, { "path": "jackett/.gitignore", "content": "config/\ndownloads/\n" }, { "path": "jackett/README.md", "content": "# jackett\n\nhttps://github.com/Jackett/Jackett\n\nJackett is a single repository of maintained indexer scraping & translation\nlogic - removing the burden from other apps. Developer note: The software\nimplements the Torznab (with hybrid nZEDb / Newznab category numbering) and\nTorrentPotato APIs. A third-party Golang SDK for Jackett is available from\nwebtor-io/go-jackett\n" }, { "path": "jackett/docker-compose.jackett.yml", "content": "services:\n jackett:\n image: 'linuxserver/jackett:${JACKETT_IMAGE_VERSION:-v0.20.567-ls56}'\n dns:\n - '1.1.1.1'\n environment:\n PGID: '${JACKETT_GPID:-1000}'\n PUID: '${JACKETT_PUID:-1000}'\n TZ: '${TZ:-Europe/Paris}'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:9117/UI/Login?ReturnUrl=%2FUI%2FDashboard']\n labels:\n traefik.enable: true\n traefik.http.routers.jackett.middlewares: 'basic_auth@docker'\n traefik.http.routers.jackett.rule: 'Host(`jackett.${SITE:-localhost}`)'\n traefik.http.services.jackett.loadbalancer.server.port: 9117\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './config:/config'\n - './downloads:/downloads'\n" }, { "path": "jellyfin/.gitignore", "content": "cache/\nconfig/\n\n" }, { "path": "jellyfin/README.md", "content": "# jellyfin\n\nhttps://jellyfin.org\n\nJellyfin is a suite of multimedia applications designed to organize, manage,\nand share digital media files to networked devices. Jellyfin also can serve\nmedia to DLNA and Chromecast-enabled devices. It is an open-source fork of\nEmby.\n\nJellyfin is Free Software, licensed under the GNU GPL. You can use it, study\nit, modify it, build it, and distribute it for free, as long as your changes\nare licensed the same way. The project is community-built, relying entirely on\ncontributions from volunteers.\n" }, { "path": "jellyfin/docker-compose.jellyfin.yml", "content": "services:\n jellyfin:\n image: 'jellyfin/jellyfin'\n labels:\n traefik.enable: true\n traefik.http.routers.jellyfin.rule: 'Host(`jellyfin.${SITE:-localhost}`)'\n traefik.http.services.jellyfin.loadbalancer.server.port: 8096\n networks:\n - 'srv'\n restart: 'always'\n user: '1000:1000'\n volumes:\n - './cache:/cache'\n - './config:/config'\n - './logs:/logs'\n - './media:/media'\n" }, { "path": "jupyter/README.md", "content": "# jupyter\n\nhttps://jupyter.org\n\nThe Jupyter Notebook is an open-source web application that allows you to\ncreate and share documents that contain live code, equations, visualizations\nand narrative text. Uses include: data cleaning and transformation, numerical\nsimulation, statistical modeling, data visualization, machine learning, and\nmuch more using Python.\n" }, { "path": "jupyter/docker-compose.jupyter.yml", "content": "services:\n jupyter:\n image: 'jupyter/tensorflow-notebook:45f07a14b422'\n command: |\n jupyter notebook\n --NotebookApp.token=''\n --NotebookApp.password=''\n # removing token & password to enable traefik auth\n environment:\n JUPYTER_ENABLE_LAB: 'yes'\n labels:\n traefik.enable: true\n traefik.http.routers.jupyter.middlewares: 'basic_auth@docker'\n traefik.http.routers.jupyter.rule: 'Host(`jupyter.${SITE:-localhost}`)'\n traefik.http.services.jupyter.loadbalancer.server.port: 8888\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './jupyter/config:/root/.jupyter/'\n - './notebooks:/home/jovyan/'\n" }, { "path": "kavita/.gitignore", "content": "config\n" }, { "path": "kavita/README.md", "content": "# kavita\n\nhttps://www.kavitareader.com/\nhttps://docs.linuxserver.io/images/docker-kavita/\n\nKavita is a fast, feature rich, cross platform reading server. Built with a\nfocus for being a full solution for all your reading needs. Setup your own\nserver and share your reading collection with your friends and family!\n" }, { "path": "kavita/docker-compose.kavita.yml", "content": "services:\n kavita:\n image: 'lscr.io/linuxserver/kavita:${KAVITA_IMAGE_VERSION:-latest}'\n environment:\n PGID: '${KAVITA_GPID:-1000}'\n PUID: '${KAVITA_PUID:-1000}'\n TZ: '${TZ:-Europe/Paris}'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:5000']\n labels:\n traefik.enable: true\n traefik.http.routers.kavita.rule: 'Host(`kavita.${SITE:-localhost}`)'\n traefik.http.services.kavita.loadbalancer.server.port: 5000\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './data:/data'\n - './config:/config'\n" }, { "path": "minecraft/README.md", "content": "# minecraft\n\nhttps://github.com/itzg/docker-minecraft-server\n\nMinecraft is a sandbox video game developed by Mojang. The game was created by\nMarkus \"Notch\" Persson in the Java programming language. Following several\nearly test versions, it was released as a paid public alpha for personal\ncomputers in 2009 before releasing in November 2011, with Jens Bergensten\ntaking over development. Minecraft has since been ported to several other\nplatforms and is the best-selling video game of all time, with 200 million\ncopies sold and 126 million monthly active users as of 2020.\n" }, { "path": "minecraft/docker-compose.minecraft-ftb.yml", "content": "services:\n minecraft-ftb:\n image: 'jonasbonno/ftb-revelation'\n labels:\n traefik.enable: false\n ports:\n - '25565:25565/udp'\n restart: 'always'\n volumes:\n - './ftb-data:/minecraft'\n" }, { "path": "minecraft/docker-compose.minecraft.yml", "content": "services:\n minecraft:\n image: 'itzg/minecraft-server'\n environment:\n EULA: 'true'\n restart: 'always'\n labels:\n - 'traefik.enable=false'\n ports:\n - '25565:25565/udp'\n volumes:\n - './minecraft-data:/data'\n" }, { "path": "mumble/README.md", "content": "# Mumble\n\nMumble is a free, open source, low latency, high quality voice chat application.\n" }, { "path": "mumble/docker-compose.mumble.yml", "content": "services:\n mumble:\n image: 'mumblevoip/mumble-server:${MUMBLE_IMAGE_VERSION:-latest}'\n environment:\n MUMBLE_SUPERUSER_PASSWORD: '${MUMBLE_SUPERUSER_PASSWORD:-CHANGE_ME}'\n labels:\n traefik.enable: false\n networks:\n - 'srv'\n ports:\n - '64738:64738'\n - '64738:64738/udp'\n restart: 'always'\n volumes:\n - './data:/data'\n" }, { "path": "musicbot/README.md", "content": "# musicbot\n\nhttps://github.com/jagrosh/MusicBot\n\nA Discord music bot that's easy to set up and run yourself!\n" }, { "path": "musicbot/conf/config.txt", "content": "/// START OF JMUSICBOT CONFIG ///\n/////////////////////////////////////////////////////////\n// Config for the JMusicBot //\n/////////////////////////////////////////////////////////\n// Any line starting with // is ignored //\n// You MUST set the token and owner //\n// All other items have defaults if you don't set them //\n// Open in Notepad++ for best results //\n/////////////////////////////////////////////////////////\n\n\n// This sets the token for the bot to log in with\n// This MUST be a bot token (user tokens will not work)\n// If you don't know how to get a bot token, please see the guide here:\n// https://github.com/jagrosh/MusicBot/wiki/Getting-a-Bot-Token\n\ntoken = BOT_TOKEN_HERE\n\n\n// This sets the owner of the bot\n// This needs to be the owner's ID (a 17-18 digit number)\n// https://github.com/jagrosh/MusicBot/wiki/Finding-Your-User-ID\n\nowner = 0 // OWNER ID\n\n\n// This sets the prefix for the bot\n// The prefix is used to control the commands\n// If you use !!, the play command will be !!play\n// If you do not set this, the prefix will be a mention of the bot (@Botname play)\n// If you make this blank, the bot will not use a prefix\n\nprefix = \"@mention\"\n\n\n// If you set this, it modifies the default game of the bot\n// Set this to NONE to have no game\n// Set this to DEFAULT to use the default game\n// You can make the game \"Playing X\", \"Listening to X\", or \"Watching X\"\n// where X is the title. If you don't include an action, it will use the\n// default of \"Playing\"\n\ngame = \"DEFAULT\"\n\n\n// If you set this, it will modify the default status of bot\n// Valid values: ONLINE IDLE DND INVISIBLE\n\nstatus = ONLINE\n\n\n// If you set this to true, the bot will list the title of the song it is currently playing in its\n// \"Playing\" status. Note that this will ONLY work if the bot is playing music on ONE guild;\n// if the bot is playing on multiple guilds, this will not work.\n\nsonginstatus=false\n\n\n// If you set this, the bot will also use this prefix in addition to\n// the one provided above\n\naltprefix = \"NONE\"\n\n\n// If you set these, it will change the various emojis\n\nsuccess = \"🎶\"\nwarning = \"💡\"\nerror = \"🚫\"\nloading = \"⌚\"\nsearching = \"🔎\"\n\n\n// If you set this, you change the word used to view the help.\n// For example, if you set the prefix to !! and the help to cmds, you would type\n// !!cmds to see the help text\n\nhelp = help\n\n\n// If you set this, the \"nowplaying\" command will show youtube thumbnails\n// Note: If you set this to true, the nowplaying boxes will NOT refresh\n// This is because refreshing the boxes causes the image to be reloaded\n// every time it refreshes.\n\nnpimages = false\n\n\n// If you set this, the bot will not leave a voice channel after it finishes a queue.\n// Keep in mind that being connected to a voice channel uses additional bandwith,\n// so this option is not recommended if bandwidth is a concern.\n\nstayinchannel = false\n\n\n// This sets the maximum amount of seconds any track loaded can be. If not set or set\n// to any number less than or equal to zero, there is no maximum time length. This time\n// restriction applies to songs loaded from any source.\n\nmaxtime = 0\n\n\n// This sets an alternative folder to be used as the Playlists folder\n// This can be a relative or absolute path\n\nplaylistsfolder = \"Playlists\"\n\n\n// By default, the bot will DM the owner if the bot is running and a new version of the bot\n// becomes available. Set this to false to disable this feature.\n\nupdatealerts=true\n\n\n// Changing this changes the lyrics provider\n// Currently available providers: \"A-Z Lyrics\", \"Genius\", \"MusicMatch\"\n// At the time of writing, I would recommend sticking with A-Z Lyrics or MusicMatch,\n// as Genius tends to have a lot of non-song results and you might get something \n// completely unrelated to what you want.\n// If you are interested in contributing a provider, please see\n// https://github.com/jagrosh/JLyrics\n\nlyrics.default = \"A-Z Lyrics\"\n\n\n// These settings allow you to configure custom aliases for all commands.\n// Multiple aliases may be given, separated by commas.\n//\n// Example 1: Giving command \"play\" the alias \"p\":\n// play = [ p ]\n//\n// Example 2: Giving command \"search\" the aliases \"yts\" and \"find\":\n// search = [ yts, find ]\n\naliases {\n // General commands\n settings = [ status ]\n\n // Music commands\n lyrics = []\n nowplaying = [ np, current ]\n play = []\n playlists = [ pls ]\n queue = [ list ]\n remove = [ delete ]\n scsearch = []\n search = [ ytsearch ]\n shuffle = []\n skip = [ voteskip ]\n\n // Admin commands\n prefix = [ setprefix ]\n setdj = []\n settc = []\n setvc = []\n\n // DJ Commands\n forceremove = [ forcedelete, modremove, moddelete, modelete ]\n forceskip = [ modskip ]\n movetrack = [ move ]\n pause = []\n playnext = []\n repeat = []\n skipto = [ jumpto ]\n stop = []\n volume = [ vol ]\n}\n\n// If you set this to true, it will enable the eval command for the bot owner. This command\n// allows the bot owner to run arbitrary code from the bot's account.\n//\n// WARNING:\n// This command can be extremely dangerous. If you don't know what you're doing, you could\n// cause horrific problems on your Discord server or on whatever computer this bot is running\n// on. Never run this command unless you are completely positive what you are running.\n//\n// DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT THIS DOES OR HOW TO USE IT\n// IF SOMEONE ASKS YOU TO ENABLE THIS, THERE IS AN 11/10 CHANCE THEY ARE TRYING TO SCAM YOU\n\neval=false\n\n\n/// END OF JMUSICBOT CONFIG ///\n" }, { "path": "musicbot/docker-compose.musicBot.yml", "content": "services:\n musicbot:\n image: 'raiponce/musicbot:0.2.10'\n labels:\n traefik.enable: false\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './conf:/musicBot/conf/'\n - './playlists:/musicBot/playlists/'\n" }, { "path": "nextcloud/.gitignore", "content": "data/\ndb/\n" }, { "path": "nextcloud/README.md", "content": "# NextCloud\n\nhttp://nextcloud.com/\n\nNextCloud is a suite of client-server software for creating and using file\nhosting services. NextCloud is free and open-source, which means that anyone is\nallowed to install and operate it on their own private server devices.\n\nWith the integrated OnlyOffice, NextCloud application functionally is similar\nto Dropbox, Office 365 or Google Drive, but can be used on home-local computers\nor for off-premises file storage hosting.\n\nThe original OwnCloud developer Frank Karlitschek forked OwnCloud and created\nNextCloud, which continues to be actively developed by Karlitschek and other\nmembers of the original OwnCloud team.\n\n## Setup\n\n### Cron\n\nAjax is the default, but cron is the best\n\nTo setup cron, add this line to your crontab:\n```\n*/5 * * * * docker exec -u www-data make-my-server-nextcloud-1 php -f cron.php\n```\n\nWhich should lead to:\n```bash\n$ crontab -l\n...\n#min hour day Month Day_Of_Week Command\n*/5 * * * * docker exec -u www-data make-my-server-nextcloud-1 php -f cron.php\n```\n\n### Database\n\nIf you forgot to install NextCloud with its dedicated database, you can run this command to migrate from anything to the mariadb instance:\n```\ndocker-compose exec -u www-data nextcloud php occ db:convert-type --all-apps --port 3306 --password nextcloud mysql nextcloud nextcloud-db nextcloud\n```\n\n## Upgrade\nHow to upgrade your NextCloud instance:\n```bash\ndocker-compose pull nextcloud\ndocker-compose stop nextcloud && docker-compose up -d nextcloud\ndocker-compose exec -u www-data nextcloud php occ upgrade -vvv\n```\n\nTo remove maintenance mode:\n```bash\ndocker-compose exec -u www-data nextcloud php occ maintenance:mode --off\n```\n\n## Misc\n\n### Re apply the configuration\n\nIf you want to re apply the configuration of NextCloud, you can always run this:\n```bash\ndocker-compose exec -u www-data nextcloud php occ maintenance:repair -vvv\n```\n\n### php-imagick\n\nTo fix this issue:\n```\nModule php-imagick in this instance has no SVG support. For better compatibility it is recommended to install it.\n```\n\nRun:\n\n```bash\ndocker-compose exec nextcloud apt -y install libmagickcore-6.q16-6-extra\n```\n\n### default_phone_region\n\nTo fix this issue:\n```\nERROR: Can not validate phone numbers without `default_phone_region` being set in the config file\n```\n\nRun:\n\n```bash\ndocker-compose -u www-data exec nextcloud php occ config:system:set default_phone_region --type string --value=\"FR\"\n```\n" }, { "path": "nextcloud/docker-compose.nextcloud.yml", "content": "networks:\n nextcloud-internal: {}\n\nservices:\n nextcloud:\n image: 'nextcloud:${NEXTCLOUD_IMAGE_VERSION:-latest}'\n depends_on:\n - 'nextcloud-db'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:80']\n labels:\n traefik.enable: true\n\n # https://docs.nextcloud.com/server/22/admin_manual/installation/harden_server.html\n # https://doc.traefik.io/traefik/v2.6/middlewares/http/headers/\n traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: true\n traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff: true\n traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue: 'SAMEORIGIN'\n traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: 'no-referrer'\n traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: true\n traefik.http.middlewares.header-nextcloud.headers.stspreload: true\n traefik.http.middlewares.header-nextcloud.headers.stsseconds: 15552000\n\n # https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery\n # https://docs.nextcloud.com/server/23/admin_manual/configuration_server/reverse_proxy_configuration.html#traefik-2\n # https://doc.traefik.io/traefik/v2.6/middlewares/http/redirectregex/\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: true\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: 'https://nextcloud.${SITE:-localhost}/.well-known/(card|cal)dav'\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: 'https://nextcloud.${SITE:-localhost}/remote.php/dav/'\n\n traefik.http.routers.nextcloud.middlewares: 'header-nextcloud,redirect-dav-nextcloud'\n traefik.http.routers.nextcloud.rule: 'Host(`nextcloud.${SITE:-localhost}`)'\n traefik.http.services.nextcloud.loadbalancer.server.port: 80\n networks:\n - 'srv'\n - 'nextcloud-internal'\n restart: 'always'\n volumes:\n - './data:/var/www/html'\n\n nextcloud-db:\n image: 'mariadb'\n command: '--transaction-isolation=READ-COMMITTED --binlog-format=ROW'\n environment:\n MYSQL_DATABASE: '${NEXTCLOUD_MYSQL_DATABASE:-nextcloud}'\n MYSQL_PASSWORD: '${NEXTCLOUD_MYSQL_PASSWORD:-nextcloud}'\n MYSQL_ROOT_PASSWORD: '${NEXTCLOUD_MYSQL_ROOT_PASSWORD:-pass}'\n MYSQL_USER: '${NEXTCLOUD_MYSQL_USER:-nextcloud}'\n healthcheck:\n test: ['CMD', 'mysqlcheck', '--all-databases', '-ppass']\n labels:\n traefik.enable: false\n networks:\n - 'nextcloud-internal'\n restart: 'always'\n volumes:\n - './db:/var/lib/mysql'\n" }, { "path": "nginx/README.md", "content": "# nginx\n\nhttps://www.nginx.com/\n\nNginx (pronounced \"engine X\", /ˌɛndʒɪnˈɛks/ EN-jin-EKS), stylized as NGINX\nor nginx or NginX, is a web server that can also be used as a reverse proxy,\nload balancer, mail proxy and HTTP cache. The software was created by Igor\nSysoev and publicly released in 2004. Nginx is free and open-source\nsoftware, released under the terms of the 2-clause BSD license. A large\nfraction of web servers use NGINX, often as a load balancer.\n" }, { "path": "nginx/conf/nginx.conf", "content": "error_log /var/log/nginx/error.log;\nlog_format main_log_format '$remote_addr - $remote_user [$time_local] '\n '\"$request\" $status $body_bytes_sent '\n '\"$http_referer\" \"$http_user_agent\" \"$gzip_ratio\"';\nserver {\n access_log /var/log/nginx/access.log main_log_format;\n root /etc/nginx/conf.d/www;\n index index.html;\n\n location /{\n try_files $uri $uri/ =404;\n autoindex on;\n }\n # deny all direct access for these folders\n location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }\n location ~* ^.+\\.(ico|js|gif|jpg|jpeg|png|bmp)$ {\n expires 30d;\n }\n}\n" }, { "path": "nginx/conf/www/index.html", "content": "

Simple web page

\nHello, World!\n" }, { "path": "nginx/docker-compose.nginx.yml", "content": "services:\n nginx:\n image: 'nginx:${NGINX_IMAGE_VERSION:-stable-alpine}'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:80']\n labels:\n traefik.enable: true\n traefik.http.routers.nginx.rule: 'Host(`${SITE:-localhost}`)'\n traefik.http.services.nginx.loadbalancer.server.port: 80\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './conf:/etc/nginx/conf.d'\n - './logs:/var/log/nginx/'\n" }, { "path": "nginx/logs/.gitkeep", "content": "" }, { "path": "pastebin/README.md", "content": "# pastebin\n\nhttps://github.com/mko-x/docker-pastebin\n\nPaste your stuff however\n" }, { "path": "pastebin/docker-compose.pastebin.yml", "content": "services:\n pastebin:\n image: 'mkodockx/docker-pastebin:latest'\n labels:\n traefik.enable: true\n traefik.http.routers.pastebin.rule: 'Host(`pastebin.${SITE:-localhost}`)'\n traefik.http.services.pastebin.loadbalancer.server.port: 80\n networks:\n - 'srv'\n restart: 'always'\n" }, { "path": "peertube/.gitignore", "content": "config/custom-environment-variables.yaml\nconfig/default.yaml\ndata/\ndb/\nredis/\n" }, { "path": "peertube/README.md", "content": "# peertube\n\nhttps://peer.tube\n\nYoutube but selfhosted.\n\nPeerTube, a federated (ActivityPub) video streaming platform using P2P\n(BitTorrent) directly in the web browser with WebTorrent and Angular.\n" }, { "path": "peertube/config/production.yaml", "content": "listen:\n hostname: '0.0.0.0'\n port: 9000\n\n# Correspond to your reverse proxy \"listen\" configuration\nwebserver:\n https: true\n hostname: 'undefined'\n port: 443\n\nrates_limit:\n login:\n # 15 attempts in 5 min\n window: '5 minutes'\n max: 15\n ask_send_email:\n # 3 attempts in 5 min\n window: '5 minutes'\n max: 3\n\n# Proxies to trust to get real client IP\n# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'\n# If you run PeerTube behind a remote proxy, add the proxy IP address (or\n# subnet)\ntrust_proxy:\n - 'loopback'\n - 'linklocal'\n - 'uniquelocal'\n\n# Your database name will be \"peertube\"+database.suffix\ndatabase:\n hostname: 'peertube-postgres'\n port: 5432\n suffix: ''\n username: 'postgres'\n password: 'postgres'\n\n# Redis server for short time storage\nredis:\n hostname: 'peertube-redis'\n port: 6379\n auth: null\n\n# From the project root directory\nstorage:\n tmp: '../data/tmp/'\n avatars: '../data/avatars/'\n videos: '../data/videos/'\n redundancy: '../data/redundancy/'\n logs: '../data/logs/'\n previews: '../data/previews/'\n thumbnails: '../data/thumbnails/'\n torrents: '../data/torrents/'\n captions: '../data/captions/'\n cache: '../data/cache/'\n plugins: '../data/plugins/'\n\nlog:\n level: 'info' # debug/info/warning/error\n\ntracker:\n enabled: true\n # false because we have issues with traefik and ws ip/port forwarding\n reject_too_many_announces: false\n\nadmin:\n email: null\n" }, { "path": "peertube/docker-compose.peertube.yml", "content": "services:\n peertube:\n image: 'chocobozzz/peertube:production-buster'\n depends_on:\n - 'peertube-db'\n - 'peertube-redis'\n environment:\n PEERTUBE_ADMIN_EMAIL: '${ROOT_EMAIL:-changeme@changeme.org}'\n PEERTUBE_DB_HOSTNAME: 'peertube-db'\n PEERTUBE_DB_PASSWORD: '${USERS}'\n PEERTUBE_DB_USERNAME: 'peertube'\n PEERTUBE_TRUST_PROXY: '[\"127.0.0.1\", \"loopback\", \"172.0.0.0/0\"]'\n PEERTUBE_WEBSERVER_HOSTNAME: 'peertube.${SITE:-localhost}'\n PEERTUBE_WEBSERVER_HTTPS: 'true'\n PEERTUBE_WEBSERVER_PORT: 443\n labels:\n traefik.enable: true\n traefik.http.routers.peertube.rule: 'Host(`peertube.${SITE:-localhost}`)'\n traefik.http.services.peertube.loadbalancer.server.port: 9000\n links:\n - 'peertube-db'\n - 'peertube-redis'\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './config:/config'\n - './data:/data'\n\n peertube-db:\n image: 'postgres:10-alpine'\n environment:\n POSTGRES_DB: 'peertube'\n POSTGRES_PASSWORD: '${USERS}'\n POSTGRES_USER: 'peertube'\n healthcheck:\n test: ['CMD', 'pg_isready', '-U', 'peertube']\n labels:\n traefik.enable: false\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './db:/var/lib/postgresql/data'\n\n peertube-redis:\n image: 'redis:4-alpine'\n healthcheck:\n test: ['CMD', 'redis-cli', 'PING']\n labels:\n traefik.enable: false\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './redis:/data'\n" }, { "path": "pihole/.gitignore", "content": "etc-pihole/\netc-dnsmasq.d/\nlogs/\n" }, { "path": "pihole/README.md", "content": "# Pi-hole\n\n[Pi-hole](https://pi-hole.net/) is a network-wide DNS sinkhole that blocks ads\nand trackers for every device on your network.\n\nThis service definition deploys Pi-hole behind Traefik so the admin interface is\navailable securely at `https://pihole.${SITE}` while DNS requests continue to be\nserved directly on port 53.\n\n## Volumes\n\n- `./etc-pihole` → `/etc/pihole` (gravity database, lists, custom configs)\n- `./etc-dnsmasq.d` → `/etc/dnsmasq.d` (dnsmasq overrides, DHCP config)\n- `./logs` → `/var/log/lighttpd` (web UI access/error logs)\n\nBack up these folders before upgrading or recreating the container to retain\nsettings, blocklists, and DHCP leases.\n\n## Environment variables\n\n| Variable | Default | Description |\n| -------------------------- | ---------------- | ------------------------------------------------------------------ |\n| `PIHOLE_IMAGE_VERSION` | `2024.05.0` | Pi-hole Docker image tag |\n| `PIHOLE_V4_ADDRESS` | `0.0.0.0` | IP address Pi-hole advertises to clients |\n| `PIHOLE_V6_ADDRESS` | `::` | IPv6 address Pi-hole advertises |\n| `PIHOLE_HOSTNAME` | `pihole` | Hostname shown in the UI and DHCP replies |\n| `PIHOLE_DNS1` | `1.1.1.1` | Primary upstream DNS |\n| `PIHOLE_DNS2` | `1.0.0.1` | Secondary upstream DNS |\n| `PIHOLE_DNSMASQ_LISTENING` | `all` | dnsmasq listening mode (`local`, `all`) |\n| `PIHOLE_REV_SERVER` | `false` | Enable conditional forwarding |\n| `PIHOLE_REV_SERVER_TARGET` | `192.168.0.1` | Router/DNS to forward PTR queries |\n| `PIHOLE_REV_SERVER_DOMAIN` | `lan` | Local domain for reverse lookups |\n| `PIHOLE_REV_SERVER_CIDR` | `192.168.0.0/24` | Subnet for reverse lookups |\n| `SITE` | `localhost` | Used to build the admin UI host `pihole.${SITE}` |\n| `TZ` | `Europe/Paris` | Container timezone |\n| `TRAEFIK_DNS_ENTRYPOINT` | `53` | Port that Traefik exposes for DNS (defined in the Traefik service) |\n\nThe DNS port exposed to your network is now configured globally via\n`TRAEFIK_DNS_ENTRYPOINT` and defaults to 53.\n\nUpdate `.env` (copied from `.env.default`) with secure values.\n\n## DNS port requirements\n\nTraefik now terminates all DNS traffic for Pi-hole. It binds both TCP and UDP\nport 53 by default (configurable via `TRAEFIK_DNS_ENTRYPOINT`) and proxies the\ntraffic to the Pi-hole container over the internal `srv` network. Make sure the\nhost resolver (`systemd-resolved`, dnsmasq, etc.) is disabled or moved away from\nthat port before starting Traefik, otherwise Traefik cannot bind to it.\n\n1. Disable the built-in resolver (for example `sudo systemctl disable --now\n systemd-resolved` on Ubuntu) and restart Docker so the ports are freed.\n2. If you must keep another resolver running locally, set\n `TRAEFIK_DNS_ENTRYPOINT` in `.env` to an alternate port and point every DNS\n client to that same port on the Traefik host.\n\n## Traefik integration\n\n- The compose file registers Pi-hole with Traefik using the shared `srv` network.\n- The router `pihole` matches `Host(`pihole.${SITE}`)` and explicitly targets the\n `websecure` entrypoint so TLS is always negotiated.\n- The DNS routers `pihole-dns` bind to the `dns-tcp` and `dns-udp` entrypoints so\n Traefik proxies raw DNS queries on port 53 to the container without exposing\n any Pi-hole ports.\n- Certificates are handled by Traefik via the globally configured ACME resolver.\n\n## DNS configuration steps\n\n1. Deploy the service: `SITE=example.com docker-compose up -d pihole` (or run the\n global helper to start every service).\n2. Point your network clients (router DHCP option or manual DNS setting) to the\n host running Traefik on port `${TRAEFIK_DNS_ENTRYPOINT:-53}`.\n3. Access `https://pihole.${SITE}` to finish the web-based setup and verify that\n queries are being processed.\n\n### Optional DHCP support\n\nIf you want Pi-hole to serve DHCP, you still need to grant it `NET_ADMIN` and\nexpose UDP/67 directly (Traefik does not proxy DHCP). Create an override such as:\n\n```yml\nservices:\n pihole:\n cap_add:\n - NET_ADMIN\n ports:\n - '67:67/udp'\n```\n\nThis reintroduces a host port mapping, so only enable it if no other DHCP server\nis active on your LAN and you understand the exposure.\n\n\n## Maintenance\n\n- Update Pi-hole with `docker-compose pull pihole && docker-compose up -d pihole`.\n- Review logs in `pihole/logs/` or via the web UI if troubleshooting.\n- Export blocklists or settings regularly from the admin UI in addition to\n filesystem backups.\n" }, { "path": "pihole/docker-compose.pihole.yml", "content": "services:\n pihole:\n image: 'pihole/pihole:${PIHOLE_IMAGE_VERSION:-2025.11.1}'\n environment:\n DNS1: '${PIHOLE_DNS1:-1.1.1.1}'\n DNS2: '${PIHOLE_DNS2:-1.0.0.1}'\n DNSMASQ_LISTENING: '${PIHOLE_DNSMASQ_LISTENING:-all}'\n FTLCONF_REPLY_ADDR4: '${PIHOLE_V4_ADDRESS:-0.0.0.0}'\n FTLCONF_REPLY_ADDR6: '${PIHOLE_V6_ADDRESS:-::}'\n HOSTNAME: '${PIHOLE_HOSTNAME:-pihole}'\n REV_SERVER: '${PIHOLE_REV_SERVER:-false}'\n REV_SERVER_CIDR: '${PIHOLE_REV_SERVER_CIDR:-192.168.0.0/24}'\n REV_SERVER_DOMAIN: '${PIHOLE_REV_SERVER_DOMAIN:-lan}'\n REV_SERVER_TARGET: '${PIHOLE_REV_SERVER_TARGET:-192.168.0.1}'\n TZ: '${TZ:-Europe/Paris}'\n VIRTUAL_HOST: 'pihole.${SITE:-localhost}'\n healthcheck:\n test:\n - 'CMD'\n - 'dig'\n - '+time=1'\n - '+tries=1'\n - '@127.0.0.1'\n - 'pi-hole.net'\n labels:\n traefik.enable: true\n traefik.http.routers.pihole.entrypoints: 'websecure'\n traefik.http.routers.pihole.middlewares: 'basic_auth@docker'\n traefik.http.routers.pihole.rule: 'Host(`pihole.${SITE:-localhost}`)'\n traefik.http.services.pihole.loadbalancer.server.port: 80\n traefik.tcp.routers.pihole-dns.entrypoints: 'dns-tcp'\n traefik.tcp.routers.pihole-dns.rule: 'HostSNI(`*`)'\n traefik.tcp.routers.pihole-dns.service: 'pihole-dns'\n traefik.tcp.services.pihole-dns.loadbalancer.server.port: 53\n traefik.udp.routers.pihole-dns.entrypoints: 'dns-udp'\n traefik.udp.routers.pihole-dns.service: 'pihole-dns'\n traefik.udp.services.pihole-dns.loadbalancer.server.port: 53\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './etc-pihole:/etc/pihole'\n - './etc-dnsmasq.d:/etc/dnsmasq.d'\n - './logs:/var/log/lighttpd'\n" }, { "path": "portainer/README.md", "content": "# portainer\n\nhttps://www.portainer.io\n\nWith over half a million regular users, it's a powerful, open-source toolset\nthat allows you to easily build and manage containers in Docker, Swarm,\nKubernetes and Azure ACI. Portainer works by hiding the complexity that makes\nmanaging containers difficult behind an easy to use GUI.\n" }, { "path": "portainer/docker-compose.portainer.yml", "content": "services:\n portainer:\n image: 'portainer/portainer'\n labels:\n traefik.enable: true\n traefik.http.routers.portainer.middlewares: 'basic_auth@docker'\n traefik.http.routers.portainer.rule: 'Host(`portainer.${SITE:-localhost}`)'\n traefik.http.services.portainer.loadbalancer.server.port: 9000\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - '/var/run/docker.sock:/var/run/docker.sock'\n - './data:/data'\n" }, { "path": "remotely/README.md", "content": "# Remotely\n\nRemotely is a free and open source, self-hosted solution for remote control and remote scripting via a web interface. Linux and Windows is currently supported as client device.\n\nThe client interface looks similar to TeamViewer. A nine-digit session ID is displayed, which a registered user can use to connect to the device via the website to control it remotely. The client executable can be downloaded from this hosted instance.\nThere is also a even more advanced background agent that provide unattended access and remote scripting." }, { "path": "remotely/docker-compose.remotely.yml", "content": "services:\n remotely:\n image: 'translucency/remotely:${REMOTELY_IMAGE_VERSION:-latest}'\n build: 'https://github.com/immense/remotely.git#:Server'\n labels:\n traefik.enable: true\n traefik.http.routers.remotely.rule: 'Host(`remotely.${SITE:-localhost}`)'\n traefik.http.services.remotely.loadbalancer.server.port: 5000\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './remotely-data:/remotely-data'\n" }, { "path": "rocketchat/.gitignore", "content": "db/\n" }, { "path": "rocketchat/README.md", "content": "# Rocket Chat\n\nhttps://rocket.chat/\n\nRocket.Chat is the ultimate Free Open Source Solution for team communications.\n" }, { "path": "rocketchat/docker-compose.rocket-chat.yml", "content": "networks:\n rocketchat-internal: {}\n\nservices:\n rocketchat:\n image: 'rocket.chat:latest'\n depends_on:\n - 'rocketchat-mongo'\n - 'rocketchat-mongo-replica' # replica is mandatory\n environment:\n MONGO_OPLOG_URL: 'mongodb://rocketchat-mongo:27017/local'\n MONGO_URL: 'mongodb://rocketchat-mongo:27017/rocketchat'\n ROOT_URL: 'https://rocketchat.${SITE:-localhost}'\n labels:\n traefik.enable: true\n traefik.http.routers.rocketchat.rule: 'Host(`rocketchat.${SITE:-localhost}`)'\n traefik.http.services.rocketchat.loadbalancer.server.port: 3000\n networks:\n - 'rocketchat-internal'\n - 'srv'\n restart: 'unless-stopped'\n volumes:\n - './uploads:/app/uploads'\n\n # hubot, the popular chatbot (add the bot user first and change the password\n # before starting this image)\n rocketchat-hubot:\n image: 'rocketchat/hubot-rocketchat:latest'\n depends_on:\n - 'rocketchat'\n environment:\n BOT_NAME: 'bot'\n # you can add more scripts as you'd like here, they need to be\n # installable by npm\n # EXTERNAL_SCRIPTS: 'hubot-help,hubot-seen,hubot-links,hubot-diagnostics'\n ROCKETCHAT_PASSWORD: 'botpassword'\n ROCKETCHAT_ROOM: 'GENERAL'\n ROCKETCHAT_URL: 'rocketchat:3000'\n ROCKETCHAT_USER: 'bot'\n labels:\n traefik.enable: false\n # this is used to expose the hubot port for notifications on the host on\n # port 3001, e.g. for hubot-jenkins-notifier\n # ports:\n # - '3001:8080'\n restart: 'unless-stopped'\n volumes:\n - './scripts:/home/hubot/scripts'\n\n rocketchat-mongo:\n image: 'mongo:4.0'\n command: 'mongod --smallfiles --oplogSize 128 --replSet rs01'\n healthcheck:\n test: ['CMD', 'echo', 'db.runCommand(\"ping\").ok',\n '|', 'mongo', 'localhost:27017/test', '--quiet']\n labels:\n traefik.enable: false\n networks:\n - 'rocketchat-internal'\n restart: 'unless-stopped'\n volumes:\n - './db/:/data/db'\n\n rocketchat-mongo-replica:\n image: 'mongo:4.0'\n command: |\n mongo rocketchat-mongo/rocketchat --eval\n \"rs.initiate({ _id: ''rs01'',\n members: [ { _id: 0, host: ''rocketchat-mongo:27017'' } ]})\"\n depends_on:\n - 'rocketchat-mongo'\n labels:\n traefik.enable: false\n networks:\n - 'rocketchat-internal'\n" }, { "path": "searxng/.gitignore", "content": "searx/\nsearx-checker/\n" }, { "path": "searxng/README.md", "content": "# searxng\n\nhttps://searxng.org/\n\nsearxng - a privacy-respecting, hackable metasearch engine. Advanced settings.\ngeneral files images it map music news science social media videos\n" }, { "path": "searxng/docker-compose.searxng.yml", "content": "services:\n searxng:\n image: 'searxng/searxng:${SEARXNG_IMAGE_VERSION:-latest}'\n depends_on:\n - 'searxng-redis'\n environment:\n IMAGE_PROXY: 'true'\n LIMITER: 'true'\n REDIS_URL: 'redis://searxng-redis:6379/0'\n SEARXNG_BASE_URL: 'https://searx.${SITE:-localhost}/'\n healthcheck:\n test: ['CMD',\n 'wget', '-q', '--spider', '--proxy=off', 'localhost:8080/healthz']\n labels:\n traefik.enable: true\n traefik.http.routers.searxng.rule: 'Host(`searx.${SITE:-localhost}`)'\n traefik.http.services.searxng.loadbalancer.server.port: 8080\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './searxng/:/etc/searxng:rw'\n\n searxng-redis:\n image: 'redis:6.0-alpine'\n command: 'redis-server --save \"\" --appendonly \"no\"'\n healthcheck:\n test: ['CMD', 'redis-cli', 'ping']\n labels:\n traefik.enable: false\n restart: 'always'\n tmpfs:\n - '/var/lib/redis'\n" }, { "path": "sharelatex/.gitignore", "content": "data/\nmongo/\nredis/\n" }, { "path": "sharelatex/README.md", "content": "# sharelatex\n\nhttps://github.com/sharelatex/sharelatex\n\nAn online LaTeX editor that's easy to use. No installation, real-time\ncollaboration, version control, hundreds of LaTeX templates, and more.\n\n## Getting Started\n\nAfter starting up for the first time the container, visit `/launchpad` to get\nstarted and create the root account.\n" }, { "path": "sharelatex/docker-compose.sharelatex.yml", "content": "networks:\n sharelatex-internal: {}\n\nservices:\n sharelatex:\n image: 'sharelatex/sharelatex:${SHARELATEX_IMAGE_VERSION:-3.5}'\n depends_on:\n - 'sharelatex-mongo'\n - 'sharelatex-redis'\n environment:\n REDIS_HOST: 'sharelatex-redis'\n SHARELATEX_ADMIN_EMAIL: '${ROOT_EMAIL:-changeme@changeme.org}'\n SHARELATEX_APP_NAME: '${USERNAME} ShareLaTeX'\n # SHARELATEX_HEADER_IMAGE_URL: 'http://somewhere.com/mylogo.png'\n SHARELATEX_MONGO_URL: 'mongodb://sharelatex-mongo/sharelatex'\n SHARELATEX_NAV_TITLE: '${SITE:-localhost} - ShareLaTeX'\n SHARELATEX_REDIS_HOST: 'sharelatex-redis'\n SHARELATEX_SITE_URL: 'https://latex.${SITE:-localhost}'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:80']\n labels:\n traefik.enable: true\n traefik.http.routers.sharelatex.rule: 'Host(`sharelatex.${SITE:-localhost}`)'\n traefik.http.services.sharelatex.loadbalancer.server.port: 80\n networks:\n - 'sharelatex-internal'\n - 'srv'\n restart: 'always'\n volumes:\n - './data:/var/lib/sharelatex'\n\n sharelatex-mongo:\n image: 'mongo:4.0'\n healthcheck:\n test: ['CMD', 'echo', 'db.runCommand(\"ping\").ok',\n '|', 'mongo', 'localhost:27017/test', '--quiet']\n labels:\n traefik.enable: false\n networks:\n - 'sharelatex-internal'\n restart: 'always'\n volumes:\n - './mongo:/data/db'\n\n sharelatex-redis:\n image: 'redis:6.0-alpine'\n healthcheck:\n test: ['CMD', 'redis-cli', 'ping']\n labels:\n traefik.enable: false\n networks:\n - 'sharelatex-internal'\n restart: 'always'\n volumes:\n - './redis:/data'\n" }, { "path": "sonarr/.gitignore", "content": "config/\ndownloads/\ntv/\n" }, { "path": "sonarr/README.md", "content": "# sonarr\n\nhttps://sonarr.tv/\n\nSonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS\nfeeds for new episodes of your favorite shows and will grab, sort and rename\nthem. It can also be configured to automatically upgrade the quality of files\nalready downloaded when a better quality format becomes available.\n" }, { "path": "sonarr/docker-compose.sonarr.yml", "content": "services:\n sonarr:\n image: 'linuxserver/sonarr:${SONARR_IMAGE_VERSION:-4.0.0}'\n environment:\n PGID: '${SONARR_GPID:-1000}'\n PUID: '${SONARR_PUID:-1000}'\n TZ: '${TZ:-Europe/Paris}'\n labels:\n traefik.enable: true\n traefik.http.routers.sonarr.middlewares: 'basic_auth@docker'\n traefik.http.routers.sonarr.rule: 'Host(`sonarr.${SITE:-localhost}`)'\n traefik.http.services.sonarr.loadbalancer.server.port: 8080\n links:\n - 'jackett'\n - 'transmission'\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './config:/config'\n - './downloads:/downloads'\n - './tv:/tv'\n" }, { "path": "streama/README.md", "content": "# streama\n\nhttps://docs.streama-project.com\n\nStreama. Self hosted streaming media server. Host your own Streaming\nApplication with your media library. Easy drag-and-drop to upload your media\nto streama! Live Sync Watching. Watch with your loved ones remotely, with sync\nfor play/pause and scrubbing. Beautiful Video Player.\n" }, { "path": "streama/docker-compose.streama.yml", "content": "services:\n streama:\n image: 'gkiko/streama:v1.8.3'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:8080/login/auth']\n labels:\n traefik.enable: true\n traefik.http.routers.streama.rule: 'Host(`streama.${SITE:-localhost}`)'\n traefik.http.services.streama.loadbalancer.server.port: 8080\n networks:\n - 'srv'\n restart: 'always'\n volumes:\n - './streama.mv.db:/app/streama/streama.mv.db'\n - './streama.trace.db:/app/streama/streama.trace.db'\n - '../transmission/downloads:/data'\n" }, { "path": "test.sh", "content": "#!/bin/bash\n# export PS4='$(read time junk < /proc/$$/schedstat; echo \"@@@ $time @@@ \" )'\n# set -x\nerrors=0\nlog_file=log.log\n\nGREEN=\"\\e[32m\"\nRED=\"\\e[31m\"\nWHITE=\"\\e[0m\"\n\ntest ()\n{\n tmp=$({ $@ 2>&1; echo $? > /tmp/PIPESTATUS; } | tee $log_file)\n rt=$(cat /tmp/PIPESTATUS)\n if [[ $rt -ne 0 ]]; then\n echo -e \"[${RED}X${WHITE}] \" \"$@\" \": \" \"$rt\"\n echo \"$tmp\"\n ((errors += 1))\n return\n fi\n echo -e \"[${GREEN}V${WHITE}] \" \"$@\"\n}\n\ntest docker-compose config -q\n\n# testing docker-compose.yml files\nfile=$(mktemp)\ndocker-compose config > \"$file\" 2>$log_file\ntest diff test_config.yml \"$file\"\nmv \"$file\" test_config.yml\n\n# testing environment variables.\ngrep '${' ./**/docker-compose.*.yml \\\n | sed \"s/.*\\${\\(.*\\)}.*/\\1/g\" \\\n | cut -d\":\" -f 1 \\\n | sort -u \\\n | xargs -I % echo \"%=\" \\\n | sort \\\n >> .env.generated\ntest diff .env.default .env.generated\nmv .env.generated .env.default\n\ngit diff | tee patch.patch\n\n[ $errors -gt 0 ] && echo \"There were $errors errors found\" && exit 1\n\nexit 0\n# vim: set expandtab\n" }, { "path": "test_config.yml", "content": "name: make-my-server\nservices:\n alertmanager:\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:9092/metrics\n image: prom/alertmanager:v0.21.0\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.alertmanager.middlewares: basic_auth@docker\n traefik.http.routers.alertmanager.rule: Host(`alertmanager.localhost`)\n traefik.http.services.alertmanager.loadbalancer.server.port: \"9093\"\n networks:\n srv: null\n restart: always\n arachni:\n image: arachni/arachni\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.arachni.middlewares: basic_auth@docker\n traefik.http.routers.arachni.rule: Host(`arachni.localhost`)\n traefik.http.services.arachni.loadbalancer.server.port: \"9292\"\n networks:\n srv: null\n restart: always\n bazarr:\n depends_on:\n jackett:\n condition: service_started\n restart: true\n required: true\n sonarr:\n condition: service_started\n restart: true\n required: true\n transmission:\n condition: service_started\n restart: true\n required: true\n environment:\n PGID: \"1000\"\n PUID: \"1000\"\n TZ: Europe/Paris\n image: linuxserver/bazarr:v1.2.2\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.bazarr.middlewares: basic_auth@docker\n traefik.http.routers.bazarr.rule: Host(`bazarr.localhost`)\n traefik.http.services.bazarr.loadbalancer.server.port: \"8080\"\n links:\n - transmission\n - jackett\n - sonarr\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/bazarr/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/bazarr/movies\n target: /movies\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/bazarr/tv\n target: /tv\n bind:\n create_host_path: true\n bitwarden:\n environment:\n ADMIN_TOKEN: \"\"\n DOMAIN: https://bitwarden.localhost\n PASSWORD_ITERATIONS: \"500000\"\n ROCKET_PORT: \"8080\"\n SENDS_ALLOWED: \"true\"\n SIGNUPS_ALLOWED: \"true\"\n SIGNUPS_VERIFY: \"false\"\n TZ: Europe/Paris\n image: vaultwarden/server:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.bitwarden-admin.middlewares: basic_auth@docker\n traefik.http.routers.bitwarden-admin.rule: |\n 'Host(`bitwarden.localhost`) && PathPrefix(`/admin`)'\n traefik.http.routers.bitwarden-user.rule: |\n 'Host(`bitwarden.localhost`) && !PathPrefix(`/admin`)'\n traefik.http.services.bitwarden.loadbalancer.server.port: \"8080\"\n networks:\n srv: null\n restart: always\n user: nobody\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/bitwarden/data\n target: /data\n bind:\n create_host_path: true\n cadvisor:\n devices:\n - /dev/kmsg:/dev/kmsg\n image: gcr.io/cadvisor/cadvisor:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.cadvisor.middlewares: basic_auth@docker\n traefik.http.routers.cadvisor.rule: Host(`cadvisor.localhost`)\n traefik.http.services.cadvisor.loadbalancer.server.port: \"8080\"\n networks:\n srv: null\n privileged: true\n restart: always\n volumes:\n - type: bind\n source: /\n target: /rootfs\n read_only: true\n bind:\n create_host_path: true\n - type: bind\n source: /sys\n target: /sys\n read_only: true\n bind:\n create_host_path: true\n - type: bind\n source: /var/lib/docker/\n target: /var/lib/docker\n read_only: true\n bind:\n create_host_path: true\n - type: bind\n source: /var/run\n target: /var/run\n read_only: true\n bind:\n create_host_path: true\n ciao:\n environment:\n PROMETHEUS_ENABLED: \"false\"\n TIME_ZONE: Europe/Paris\n image: brotandgames/ciao:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.ciao.middlewares: basic_auth@docker\n traefik.http.routers.ciao.rule: Host(`ciao.localhost`)\n traefik.http.services.ciao.loadbalancer.server.port: \"3000\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/ciao/db\n target: /app/db/sqlite\n bind:\n create_host_path: true\n codimd:\n depends_on:\n codimd-db:\n condition: service_started\n required: true\n environment:\n CMD_DB_URL: postgres://codimd:mypwd@codimd-db/codimd\n CMD_USECDN: \"false\"\n healthcheck:\n test:\n - CMD\n - wget\n - 0.0.0.0:3000\n image: hackmdio/hackmd:2.4.2-cjk\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.codimd.rule: Host(`codimd.localhost`)\n traefik.http.services.codimd.loadbalancer.server.port: \"3000\"\n links:\n - codimd-db\n networks:\n codi-internal: null\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/codimd/data\n target: /home/hackmd/app/public/uploads\n bind:\n create_host_path: true\n codimd-db:\n environment:\n POSTGRES_DB: codimd\n POSTGRES_PASSWORD: mypwd\n POSTGRES_USER: codimd\n healthcheck:\n test:\n - CMD\n - pg_isready\n - -U\n - codimd\n image: postgres:11.6-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n codi-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/codimd/db\n target: /var/lib/postgresql/data\n bind:\n create_host_path: true\n elasticsearch:\n environment:\n ES_JAVA_OPTS: -Xms512m -Xmx512m\n bootstrap.memory_lock: \"true\"\n cluster.name: docker-cluster\n discovery.type: single-node\n image: docker.elastic.co/elasticsearch/elasticsearch:7.1.0\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n restart: always\n ulimits:\n memlock:\n soft: -1\n hard: -1\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/elk/elasticsearch/data\n target: /usr/share/elasticsearch/data\n bind:\n create_host_path: true\n factorio:\n image: factoriotools/factorio\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n ports:\n - mode: ingress\n target: 34197\n published: \"34197\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/factorio\n target: /factorio\n bind:\n create_host_path: true\n framadate:\n depends_on:\n framadate-db:\n condition: service_started\n required: true\n environment:\n ADMIN_PASSWORD: pass\n APP_NAME: Framadate\n APP_URL: framadate.localhost\n DEFAULT_POLL_DURATION: \"365\"\n MARKDOWN_EDITOR_BY_DEFAULT: \"true\"\n MYSQL_DATABASE: framadate\n MYSQL_PASSWORD: framadate\n MYSQL_ROOT_PASSWORD: pass\n MYSQL_USER: framadate\n PROVIDE_FORK_AWESOME: \"true\"\n SERVERNAME: framadate.localhost\n SHOW_CULTIVATE_YOUR_GARDEN: \"true\"\n SHOW_THE_SOFTWARE: \"true\"\n SHOW_WHAT_IS_THAT: \"true\"\n USER_CAN_ADD_IMG_OR_LINK: \"true\"\n image: xgaia/framadate:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.framadate.rule: Host(`framadate.localhost`)\n traefik.http.services.framadate.loadbalancer.server.port: \"80\"\n networks:\n framadate-internal: null\n srv: null\n restart: always\n framadate-db:\n environment:\n MYSQL_DATABASE: framadate\n MYSQL_PASSWORD: framadate\n MYSQL_ROOT_PASSWORD: pass\n MYSQL_USER: framadate\n healthcheck:\n test:\n - CMD\n - mysqlcheck\n - --all-databases\n - -ppass\n image: mysql:5.7\n labels:\n traefik.enable: \"false\"\n networks:\n framadate-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/framadate/db\n target: /var/lib/mysql\n bind:\n create_host_path: true\n gitlab:\n environment:\n GITLAB_OMNIBUS_CONFIG: |\n external_url 'http://gitlab.localhost:80'\n gitlab_rails['gitlab_shell_ssh_port'] = 2224\n hostname: gitlab.localhost\n image: gitlab/gitlab-ce:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.gitlab.rule: Host(`gitlab.localhost`)\n traefik.http.services.gitlab.loadbalancer.server.port: \"80\"\n networks:\n srv: null\n ports:\n - mode: ingress\n target: 22\n published: \"2224\"\n protocol: tcp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/gitlab/config\n target: /etc/gitlab\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/gitlab/data\n target: /var/opt/gitlab\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/gitlab/logs\n target: /var/log/gitlab\n bind:\n create_host_path: true\n grafana:\n depends_on:\n prometheus:\n condition: service_started\n required: true\n environment:\n GF_ANALYTICS_REPORTING_ENABLED: \"false\"\n GF_AUTH_ANONYMOUS_ENABLED: \"true\"\n GF_AUTH_ANONYMOUS_ORG_ROLE: Admin\n GF_AUTH_BASIC_ENABLED: \"false\"\n GF_AUTH_DISABLE_LOGIN_FORM: \"true\"\n GF_AUTH_DISABLE_SIGNOUT_MENU: \"true\"\n GF_INSTALL_PLUGINS: grafana-piechart-panel\n GF_METRICS_ENABLED: \"true\"\n GF_USERS_ALLOW_SIGN_UP: \"false\"\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:3000/healthz\n image: grafana/grafana-oss:7.2.2\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.grafana.middlewares: basic_auth@docker\n traefik.http.routers.grafana.rule: Host(`grafana.localhost`)\n traefik.http.services.grafana.loadbalancer.server.port: \"3000\"\n networks:\n srv: null\n restart: always\n user: 1000:1000\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/grafana/grafana\n target: /var/lib/grafana\n bind:\n create_host_path: true\n hits:\n depends_on:\n hits-postgresql:\n condition: service_started\n required: true\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:4000\n image: tommoulard/hits\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.hits.rule: Host(`hits.localhost`)\n traefik.http.services.hits.loadbalancer.server.port: \"4000\"\n networks:\n hits-internal: null\n srv: null\n restart: always\n hits-postgresql:\n environment:\n POSTGRES_PASSWORD: postgres\n POSTGRES_USER: postgres\n healthcheck:\n test:\n - CMD\n - pg_isready\n - -U\n - postgres\n image: postgres\n networks:\n hits-internal:\n aliases:\n - postgresql\n restart: always\n user: 1000:1000\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/hits/postgresql\n target: /var/lib/postgresql/data\n bind:\n create_host_path: true\n homeassistant:\n environment:\n GUID: \"1000\"\n PUID: \"1000\"\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:8123\n image: ghcr.io/home-assistant/home-assistant:stable\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.homeassistant.rule: |\n Host(`homeassistant.localhost`) && !Path(`/api/prometheus`)\n traefik.http.services.homeassistant.loadbalancer.server.port: \"8123\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/homeassistant/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /etc/localtime\n target: /etc/localtime\n read_only: true\n bind:\n create_host_path: true\n hugo:\n depends_on:\n hugo-builder:\n condition: service_started\n required: true\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:80\n image: nginx:stable-alpine\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.hugo.rule: Host(`hugo.localhost`)\n traefik.http.services.hugo.loadbalancer.server.port: \"80\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/hugo/nginx/conf\n target: /etc/nginx/conf.d\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/hugo/nginx/logs\n target: /var/log/nginx\n bind:\n create_host_path: true\n hugo-builder:\n environment:\n HUGO_BASEURL: https://hugo.localhost/\n HUGO_REFRESH_TIME: \"3600\"\n HUGO_THEME: hugo-theme-cactus-plus\n image: jojomi/hugo:0.59\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/hugo/blog\n target: /src\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/hugo/nginx/conf/www\n target: /output\n bind:\n create_host_path: true\n jackett:\n dns:\n - 1.1.1.1\n environment:\n PGID: \"1000\"\n PUID: \"1000\"\n TZ: Europe/Paris\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:9117/UI/Login?ReturnUrl=%2FUI%2FDashboard\n image: linuxserver/jackett:v0.20.567-ls56\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.jackett.middlewares: basic_auth@docker\n traefik.http.routers.jackett.rule: Host(`jackett.localhost`)\n traefik.http.services.jackett.loadbalancer.server.port: \"9117\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jackett/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jackett/downloads\n target: /downloads\n bind:\n create_host_path: true\n jellyfin:\n image: jellyfin/jellyfin\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.jellyfin.rule: Host(`jellyfin.localhost`)\n traefik.http.services.jellyfin.loadbalancer.server.port: \"8096\"\n networks:\n srv: null\n restart: always\n user: 1000:1000\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jellyfin/cache\n target: /cache\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jellyfin/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jellyfin/logs\n target: /logs\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jellyfin/media\n target: /media\n bind:\n create_host_path: true\n jupyter:\n command:\n - jupyter\n - notebook\n - --NotebookApp.token=\n - --NotebookApp.password=\n environment:\n JUPYTER_ENABLE_LAB: \"yes\"\n image: jupyter/tensorflow-notebook:45f07a14b422\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.jupyter.middlewares: basic_auth@docker\n traefik.http.routers.jupyter.rule: Host(`jupyter.localhost`)\n traefik.http.services.jupyter.loadbalancer.server.port: \"8888\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jupyter/jupyter/config\n target: /root/.jupyter\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/jupyter/notebooks\n target: /home/jovyan\n bind:\n create_host_path: true\n kavita:\n environment:\n PGID: \"1000\"\n PUID: \"1000\"\n TZ: Europe/Paris\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:5000\n image: lscr.io/linuxserver/kavita:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.kavita.rule: Host(`kavita.localhost`)\n traefik.http.services.kavita.loadbalancer.server.port: \"5000\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/kavita/data\n target: /data\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/kavita/config\n target: /config\n bind:\n create_host_path: true\n kibana:\n depends_on:\n elasticsearch:\n condition: service_started\n restart: true\n required: true\n image: docker.elastic.co/kibana/kibana:7.1.0\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.kibana.middlewares: basic_auth@docker\n traefik.http.routers.kibana.rule: Host(`kibana.localhost`)\n traefik.http.services.kibana.loadbalancer.server.port: \"5601\"\n links:\n - elasticsearch\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/elk/kibana/kibana.yml\n target: /usr/share/kibana/config/kibana.yml\n bind:\n create_host_path: true\n logstash:\n depends_on:\n elasticsearch:\n condition: service_started\n restart: true\n required: true\n image: docker.elastic.co/logstash/logstash:7.1.0\n labels:\n traefik.enable: \"false\"\n links:\n - elasticsearch\n networks:\n default: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/elk/logstash\n target: /usr/share/logstash/pipeline\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/nginx/logs\n target: /var/log/nginx\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/traefik/logs\n target: /var/log/traefik\n bind:\n create_host_path: true\n mastodon:\n command:\n - rm\n - -f\n - /mastodon/tmp/pids/server.pid\n - ;\n - bundle\n - exec\n - rails\n - s\n - -p\n - \"3000\"\n depends_on:\n mastodon-postgres:\n condition: service_started\n required: true\n mastodon-redis:\n condition: service_started\n required: true\n mastodon-sidekiq:\n condition: service_started\n required: true\n mastodon-streaming:\n condition: service_started\n required: true\n environment:\n AWS_ACCESS_KEY_ID: \"\"\n AWS_SECRET_ACCESS_KEY: \"\"\n DB_HOST: mastodon-postgres\n DB_NAME: postgres\n DB_PASS: mastodon-postgres-pass\n DB_PORT: \"5432\"\n DB_USER: postgres\n ES_ENABLED: \"false\"\n ES_HOST: localhost\n ES_PORT: \"9200\"\n LOCAL_DOMAIN: mastodon.example.com\n OTP_SECRET: \"\"\n REDIS_HOST: mastodon-redis\n REDIS_PORT: \"6379\"\n S3_ALIAS_HOST: files.example.com\n S3_BUCKET: files.example.com\n S3_ENABLED: \"false\"\n SECRET_KEY_BASE: \"\"\n SMTP_FROM_ADDRESS: notificatons@example.com\n SMTP_LOGIN: \"\"\n SMTP_PASSWORD: \"\"\n SMTP_PORT: \"587\"\n SMTP_SERVER: smtp.mailgun.org\n STREAMING_API_BASE_URL: wss://mastodon-streaming.example.com\n VAPID_PRIVATE_KEY: \"\"\n VAPID_PUBLIC_KEY: \"\"\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:3000/health\n image: tootsuite/mastodon\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.mastodon.rule: Host(`mastodon.localhost`)\n traefik.http.services.mastodon.loadbalancer.server.port: \"3000\"\n networks:\n mastodon-internal: null\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/mastodon/mastodon\n target: /mastodon/public/system\n bind:\n create_host_path: true\n mastodon-postgres:\n environment:\n POSTGRES_PASSWORD: mastodon-postgres-pass\n healthcheck:\n test:\n - CMD\n - pg_isready\n - -U\n - postgres\n image: postgres:9.6-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n mastodon-internal: null\n restart: always\n shm_size: \"268435456\"\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/mastodon/postgres\n target: /var/lib/postgresql/data\n bind:\n create_host_path: true\n mastodon-redis:\n healthcheck:\n test:\n - CMD\n - redis-cli\n - ping\n image: redis:6.0-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n mastodon-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/mastodon/redis\n target: /data\n bind:\n create_host_path: true\n mastodon-sidekiq:\n command:\n - bundle\n - exec\n - sidekiq\n depends_on:\n mastodon-postgres:\n condition: service_started\n required: true\n mastodon-redis:\n condition: service_started\n required: true\n environment:\n AWS_ACCESS_KEY_ID: \"\"\n AWS_SECRET_ACCESS_KEY: \"\"\n DB_HOST: mastodon-postgres\n DB_NAME: postgres\n DB_PASS: mastodon-postgres-pass\n DB_PORT: \"5432\"\n DB_USER: postgres\n ES_ENABLED: \"false\"\n ES_HOST: localhost\n ES_PORT: \"9200\"\n LOCAL_DOMAIN: mastodon.example.com\n OTP_SECRET: \"\"\n REDIS_HOST: mastodon-redis\n REDIS_PORT: \"6379\"\n S3_ALIAS_HOST: files.example.com\n S3_BUCKET: files.example.com\n S3_ENABLED: \"false\"\n SECRET_KEY_BASE: \"\"\n SMTP_FROM_ADDRESS: notificatons@example.com\n SMTP_LOGIN: \"\"\n SMTP_PASSWORD: \"\"\n SMTP_PORT: \"587\"\n SMTP_SERVER: smtp.mailgun.org\n STREAMING_API_BASE_URL: wss://mastodon-streaming.example.com\n VAPID_PRIVATE_KEY: \"\"\n VAPID_PUBLIC_KEY: \"\"\n image: tootsuite/mastodon\n networks:\n mastodon-internal: null\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/mastodon/mastodon\n target: /mastodon/public/system\n bind:\n create_host_path: true\n mastodon-streaming:\n command:\n - node\n - ./streaming\n depends_on:\n mastodon-postgres:\n condition: service_started\n required: true\n mastodon-redis:\n condition: service_started\n required: true\n environment:\n AWS_ACCESS_KEY_ID: \"\"\n AWS_SECRET_ACCESS_KEY: \"\"\n DB_HOST: mastodon-postgres\n DB_NAME: postgres\n DB_PASS: mastodon-postgres-pass\n DB_PORT: \"5432\"\n DB_USER: postgres\n ES_ENABLED: \"false\"\n ES_HOST: localhost\n ES_PORT: \"9200\"\n LOCAL_DOMAIN: mastodon.example.com\n OTP_SECRET: \"\"\n REDIS_HOST: mastodon-redis\n REDIS_PORT: \"6379\"\n S3_ALIAS_HOST: files.example.com\n S3_BUCKET: files.example.com\n S3_ENABLED: \"false\"\n SECRET_KEY_BASE: \"\"\n SMTP_FROM_ADDRESS: notificatons@example.com\n SMTP_LOGIN: \"\"\n SMTP_PASSWORD: \"\"\n SMTP_PORT: \"587\"\n SMTP_SERVER: smtp.mailgun.org\n STREAMING_API_BASE_URL: wss://mastodon-streaming.example.com\n VAPID_PRIVATE_KEY: \"\"\n VAPID_PUBLIC_KEY: \"\"\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:4000/api/v1/streaming/health\n image: tootsuite/mastodon\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.mastodon-streaming.rule: Host(`mastodon-streaming.localhost`)\n traefik.http.services.mastodon-streaming.loadbalancer.server.port: \"4000\"\n networks:\n mastodon-internal: null\n srv: null\n restart: always\n minecraft:\n environment:\n EULA: \"true\"\n image: itzg/minecraft-server\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n ports:\n - mode: ingress\n target: 25565\n published: \"25565\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/minecraft/minecraft-data\n target: /data\n bind:\n create_host_path: true\n minecraft-ftb:\n image: jonasbonno/ftb-revelation\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n ports:\n - mode: ingress\n target: 25565\n published: \"25565\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/minecraft/ftb-data\n target: /minecraft\n bind:\n create_host_path: true\n mumble:\n environment:\n MUMBLE_SUPERUSER_PASSWORD: CHANGE_ME\n image: mumblevoip/mumble-server:latest\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n ports:\n - mode: ingress\n target: 64738\n published: \"64738\"\n protocol: tcp\n - mode: ingress\n target: 64738\n published: \"64738\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/mumble/data\n target: /data\n bind:\n create_host_path: true\n musicbot:\n image: raiponce/musicbot:0.2.10\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/musicbot/conf\n target: /musicBot/conf\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/musicbot/playlists\n target: /musicBot/playlists\n bind:\n create_host_path: true\n nextcloud:\n depends_on:\n nextcloud-db:\n condition: service_started\n required: true\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:80\n image: nextcloud:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: \"true\"\n traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff: \"true\"\n traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue: SAMEORIGIN\n traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: no-referrer\n traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: \"true\"\n traefik.http.middlewares.header-nextcloud.headers.stspreload: \"true\"\n traefik.http.middlewares.header-nextcloud.headers.stsseconds: \"15552000\"\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: \"true\"\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: https://nextcloud.localhost/.well-known/(card|cal)dav\n traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: https://nextcloud.localhost/remote.php/dav/\n traefik.http.routers.nextcloud.middlewares: header-nextcloud,redirect-dav-nextcloud\n traefik.http.routers.nextcloud.rule: Host(`nextcloud.localhost`)\n traefik.http.services.nextcloud.loadbalancer.server.port: \"80\"\n networks:\n nextcloud-internal: null\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/nextcloud/data\n target: /var/www/html\n bind:\n create_host_path: true\n nextcloud-db:\n command:\n - --transaction-isolation=READ-COMMITTED\n - --binlog-format=ROW\n environment:\n MYSQL_DATABASE: nextcloud\n MYSQL_PASSWORD: nextcloud\n MYSQL_ROOT_PASSWORD: pass\n MYSQL_USER: nextcloud\n healthcheck:\n test:\n - CMD\n - mysqlcheck\n - --all-databases\n - -ppass\n image: mariadb\n labels:\n traefik.enable: \"false\"\n networks:\n nextcloud-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/nextcloud/db\n target: /var/lib/mysql\n bind:\n create_host_path: true\n nginx:\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:80\n image: nginx:stable-alpine\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.nginx.rule: Host(`localhost`)\n traefik.http.services.nginx.loadbalancer.server.port: \"80\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/nginx/conf\n target: /etc/nginx/conf.d\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/nginx/logs\n target: /var/log/nginx\n bind:\n create_host_path: true\n node_exporter:\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:9100/metrics\n image: prom/node-exporter:v1.0.1\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.node_exporter.middlewares: basic_auth@docker\n traefik.http.routers.node_exporter.rule: Host(`node_exporter.localhost`)\n traefik.http.services.node_exporter.loadbalancer.server.port: \"9100\"\n networks:\n srv: null\n restart: always\n pastebin:\n image: mkodockx/docker-pastebin:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.pastebin.rule: Host(`pastebin.localhost`)\n traefik.http.services.pastebin.loadbalancer.server.port: \"80\"\n networks:\n srv: null\n restart: always\n peertube:\n depends_on:\n peertube-db:\n condition: service_started\n required: true\n peertube-redis:\n condition: service_started\n required: true\n environment:\n PEERTUBE_ADMIN_EMAIL: changeme@changeme.org\n PEERTUBE_DB_HOSTNAME: peertube-db\n PEERTUBE_DB_PASSWORD: \"\"\n PEERTUBE_DB_USERNAME: peertube\n PEERTUBE_TRUST_PROXY: '[\"127.0.0.1\", \"loopback\", \"172.0.0.0/0\"]'\n PEERTUBE_WEBSERVER_HOSTNAME: peertube.localhost\n PEERTUBE_WEBSERVER_HTTPS: \"true\"\n PEERTUBE_WEBSERVER_PORT: \"443\"\n image: chocobozzz/peertube:production-buster\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.peertube.rule: Host(`peertube.localhost`)\n traefik.http.services.peertube.loadbalancer.server.port: \"9000\"\n links:\n - peertube-db\n - peertube-redis\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/peertube/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/peertube/data\n target: /data\n bind:\n create_host_path: true\n peertube-db:\n environment:\n POSTGRES_DB: peertube\n POSTGRES_PASSWORD: \"\"\n POSTGRES_USER: peertube\n healthcheck:\n test:\n - CMD\n - pg_isready\n - -U\n - peertube\n image: postgres:10-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/peertube/db\n target: /var/lib/postgresql/data\n bind:\n create_host_path: true\n peertube-redis:\n healthcheck:\n test:\n - CMD\n - redis-cli\n - PING\n image: redis:4-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/peertube/redis\n target: /data\n bind:\n create_host_path: true\n pihole:\n environment:\n DNS1: 1.1.1.1\n DNS2: 1.0.0.1\n DNSMASQ_LISTENING: all\n FTLCONF_REPLY_ADDR4: 0.0.0.0\n FTLCONF_REPLY_ADDR6: '::'\n HOSTNAME: pihole\n REV_SERVER: \"false\"\n REV_SERVER_CIDR: 192.168.0.0/24\n REV_SERVER_DOMAIN: lan\n REV_SERVER_TARGET: 192.168.0.1\n TZ: Europe/Paris\n VIRTUAL_HOST: pihole.localhost\n healthcheck:\n test:\n - CMD\n - dig\n - +time=1\n - +tries=1\n - '@127.0.0.1'\n - pi-hole.net\n image: pihole/pihole:2025.11.1\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.pihole.entrypoints: websecure\n traefik.http.routers.pihole.middlewares: basic_auth@docker\n traefik.http.routers.pihole.rule: Host(`pihole.localhost`)\n traefik.http.services.pihole.loadbalancer.server.port: \"80\"\n traefik.tcp.routers.pihole-dns.entrypoints: dns-tcp\n traefik.tcp.routers.pihole-dns.rule: HostSNI(`*`)\n traefik.tcp.routers.pihole-dns.service: pihole-dns\n traefik.tcp.services.pihole-dns.loadbalancer.server.port: \"53\"\n traefik.udp.routers.pihole-dns.entrypoints: dns-udp\n traefik.udp.routers.pihole-dns.service: pihole-dns\n traefik.udp.services.pihole-dns.loadbalancer.server.port: \"53\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/pihole/etc-pihole\n target: /etc/pihole\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/pihole/etc-dnsmasq.d\n target: /etc/dnsmasq.d\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/pihole/logs\n target: /var/log/lighttpd\n bind:\n create_host_path: true\n portainer:\n image: portainer/portainer\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.portainer.middlewares: basic_auth@docker\n traefik.http.routers.portainer.rule: Host(`portainer.localhost`)\n traefik.http.services.portainer.loadbalancer.server.port: \"9000\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /var/run/docker.sock\n target: /var/run/docker.sock\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/portainer/data\n target: /data\n bind:\n create_host_path: true\n prometheus:\n command:\n - --config.file=/etc/prometheus/prometheus.yml\n - --storage.tsdb.path=/prometheus\n - --storage.tsdb.retention.time=30d\n - --web.console.libraries=/usr/share/prometheus/console_libraries\n - --web.console.templates=/usr/share/prometheus/consoles\n depends_on:\n alertmanager:\n condition: service_started\n required: true\n cadvisor:\n condition: service_started\n required: true\n node_exporter:\n condition: service_started\n required: true\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:9090\n image: prom/prometheus:v2.22.0\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.prometheus.middlewares: basic_auth@docker\n traefik.http.routers.prometheus.rule: Host(`prometheus.localhost`)\n traefik.http.services.prometheus.loadbalancer.server.port: \"9090\"\n networks:\n srv: null\n restart: always\n user: 1000:1000\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/grafana/prometheus/data\n target: /prometheus\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/grafana/prometheus/prometheus.yml\n target: /etc/prometheus/prometheus.yml\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/grafana/prometheus/rules\n target: /etc/prometheus/rules\n bind:\n create_host_path: true\n remotely:\n build:\n context: https://github.com/immense/remotely.git#:Server\n dockerfile: Dockerfile\n image: translucency/remotely:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.remotely.rule: Host(`remotely.localhost`)\n traefik.http.services.remotely.loadbalancer.server.port: \"5000\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/remotely/remotely-data\n target: /remotely-data\n bind:\n create_host_path: true\n rocketchat:\n depends_on:\n rocketchat-mongo:\n condition: service_started\n required: true\n rocketchat-mongo-replica:\n condition: service_started\n required: true\n environment:\n MONGO_OPLOG_URL: mongodb://rocketchat-mongo:27017/local\n MONGO_URL: mongodb://rocketchat-mongo:27017/rocketchat\n ROOT_URL: https://rocketchat.localhost\n image: rocket.chat:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.rocketchat.rule: Host(`rocketchat.localhost`)\n traefik.http.services.rocketchat.loadbalancer.server.port: \"3000\"\n networks:\n rocketchat-internal: null\n srv: null\n restart: unless-stopped\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/rocketchat/uploads\n target: /app/uploads\n bind:\n create_host_path: true\n rocketchat-hubot:\n depends_on:\n rocketchat:\n condition: service_started\n required: true\n environment:\n BOT_NAME: bot\n ROCKETCHAT_PASSWORD: botpassword\n ROCKETCHAT_ROOM: GENERAL\n ROCKETCHAT_URL: rocketchat:3000\n ROCKETCHAT_USER: bot\n image: rocketchat/hubot-rocketchat:latest\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n restart: unless-stopped\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/rocketchat/scripts\n target: /home/hubot/scripts\n bind:\n create_host_path: true\n rocketchat-mongo:\n command:\n - mongod\n - --smallfiles\n - --oplogSize\n - \"128\"\n - --replSet\n - rs01\n healthcheck:\n test:\n - CMD\n - echo\n - db.runCommand(\"ping\").ok\n - '|'\n - mongo\n - localhost:27017/test\n - --quiet\n image: mongo:4.0\n labels:\n traefik.enable: \"false\"\n networks:\n rocketchat-internal: null\n restart: unless-stopped\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/rocketchat/db\n target: /data/db\n bind:\n create_host_path: true\n rocketchat-mongo-replica:\n command:\n - mongo\n - rocketchat-mongo/rocketchat\n - --eval\n - |-\n rs.initiate({ _id: ''rs01'',\n members: [ { _id: 0, host: ''rocketchat-mongo:27017'' } ]})\n depends_on:\n rocketchat-mongo:\n condition: service_started\n required: true\n image: mongo:4.0\n labels:\n traefik.enable: \"false\"\n networks:\n rocketchat-internal: null\n runner:\n depends_on:\n gitlab:\n condition: service_started\n restart: true\n required: true\n image: gitlab/gitlab-runner:latest\n labels:\n traefik.enable: \"false\"\n links:\n - gitlab\n networks:\n default: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/gitlab/runner\n target: /etc/gitlab-runner\n bind:\n create_host_path: true\n - type: bind\n source: /var/run/docker.sock\n target: /var/run/docker.sock\n bind:\n create_host_path: true\n searxng:\n depends_on:\n searxng-redis:\n condition: service_started\n required: true\n environment:\n IMAGE_PROXY: \"true\"\n LIMITER: \"true\"\n REDIS_URL: redis://searxng-redis:6379/0\n SEARXNG_BASE_URL: https://searx.localhost/\n healthcheck:\n test:\n - CMD\n - wget\n - -q\n - --spider\n - --proxy=off\n - localhost:8080/healthz\n image: searxng/searxng:latest\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.searxng.rule: Host(`searx.localhost`)\n traefik.http.services.searxng.loadbalancer.server.port: \"8080\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/searxng/searxng\n target: /etc/searxng\n bind:\n create_host_path: true\n searxng-redis:\n command:\n - redis-server\n - --save\n - \"\"\n - --appendonly\n - \"no\"\n healthcheck:\n test:\n - CMD\n - redis-cli\n - ping\n image: redis:6.0-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n restart: always\n tmpfs:\n - /var/lib/redis\n sharelatex:\n depends_on:\n sharelatex-mongo:\n condition: service_started\n required: true\n sharelatex-redis:\n condition: service_started\n required: true\n environment:\n REDIS_HOST: sharelatex-redis\n SHARELATEX_ADMIN_EMAIL: changeme@changeme.org\n SHARELATEX_APP_NAME: ' ShareLaTeX'\n SHARELATEX_MONGO_URL: mongodb://sharelatex-mongo/sharelatex\n SHARELATEX_NAV_TITLE: localhost - ShareLaTeX\n SHARELATEX_REDIS_HOST: sharelatex-redis\n SHARELATEX_SITE_URL: https://latex.localhost\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:80\n image: sharelatex/sharelatex:3.5\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.sharelatex.rule: Host(`sharelatex.localhost`)\n traefik.http.services.sharelatex.loadbalancer.server.port: \"80\"\n networks:\n sharelatex-internal: null\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sharelatex/data\n target: /var/lib/sharelatex\n bind:\n create_host_path: true\n sharelatex-mongo:\n healthcheck:\n test:\n - CMD\n - echo\n - db.runCommand(\"ping\").ok\n - '|'\n - mongo\n - localhost:27017/test\n - --quiet\n image: mongo:4.0\n labels:\n traefik.enable: \"false\"\n networks:\n sharelatex-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sharelatex/mongo\n target: /data/db\n bind:\n create_host_path: true\n sharelatex-redis:\n healthcheck:\n test:\n - CMD\n - redis-cli\n - ping\n image: redis:6.0-alpine\n labels:\n traefik.enable: \"false\"\n networks:\n sharelatex-internal: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sharelatex/redis\n target: /data\n bind:\n create_host_path: true\n sonarr:\n depends_on:\n jackett:\n condition: service_started\n restart: true\n required: true\n transmission:\n condition: service_started\n restart: true\n required: true\n environment:\n PGID: \"1000\"\n PUID: \"1000\"\n TZ: Europe/Paris\n image: linuxserver/sonarr:4.0.0\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.sonarr.middlewares: basic_auth@docker\n traefik.http.routers.sonarr.rule: Host(`sonarr.localhost`)\n traefik.http.services.sonarr.loadbalancer.server.port: \"8080\"\n links:\n - jackett\n - transmission\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sonarr/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sonarr/downloads\n target: /downloads\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/sonarr/tv\n target: /tv\n bind:\n create_host_path: true\n streama:\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:8080/login/auth\n image: gkiko/streama:v1.8.3\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.streama.rule: Host(`streama.localhost`)\n traefik.http.services.streama.loadbalancer.server.port: \"8080\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/streama/streama.mv.db\n target: /app/streama/streama.mv.db\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/streama/streama.trace.db\n target: /app/streama/streama.trace.db\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/transmission/downloads\n target: /data\n bind:\n create_host_path: true\n theia:\n image: theiaide/theia\n init: true\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.theia.middlewares: basic_auth@docker\n traefik.http.routers.theia.rule: Host(`theia.localhost`)\n traefik.http.services.theia.loadbalancer.server.port: \"3000\"\n networks:\n srv: null\n restart: always\n user: 1000:1000\n volumes:\n - type: bind\n source: /home/runner\n target: /home/project\n bind:\n create_host_path: true\n tor-relay:\n build:\n context: https://github.com/jessfraz/dockerfiles.git#:tor-relay\n dockerfile: Dockerfile\n environment:\n CONTACT_EMAIL: changeme@changeme.org\n CONTACT_GPG_FINGERPRINT: \"\"\n CONTACT_NAME: \"\"\n RELAY_BANDWIDTH_BURST: 200 KBytes\n RELAY_BANDWIDTH_RATE: 100 KBytes\n RELAY_NICKNAME: hacktheplanet\n RELAY_PORT: \"9001\"\n RELAY_TYPE: middle\n image: jess/tor-relay\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n ports:\n - mode: ingress\n target: 9001\n published: \"9001\"\n protocol: tcp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/tor-relay/keys\n target: /var/lib/tor/.tor/keys\n bind:\n create_host_path: true\n - type: bind\n source: /etc/localtime\n target: /etc/localtime\n bind:\n create_host_path: true\n traefik:\n command:\n - --providers.docker\n - --providers.docker.exposedbydefault=false\n - --providers.docker.network=make-my-server_srv\n - --entrypoints.web.address=:80\n - --entrypoints.web.http.redirections.entrypoint.to=websecure\n - --entrypoints.websecure.address=:443\n - --entrypoints.dns-tcp.address=:53/tcp\n - --entrypoints.dns-udp.address=:53/udp\n - --certificatesresolvers.myresolver.acme.email=changeme@changeme.org\n - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web\n - --certificatesresolvers.myresolver.acme.httpchallenge=true\n - --entrypoints.websecure.http.tls.certresolver=myresolver\n - --entrypoints.websecure.http3\n - --accesslog.filepath=/logs/access.log\n - --accesslog.format=json\n - --log.filepath=/logs/traefik.log\n - --log.format=json\n - --log.level=ERROR\n - --metrics.prometheus.addrouterslabels\n - --api.dashboard\n - --entrypoints.websecure.http.middlewares=compress@file,headers@file\n - --experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban\n - --experimental.plugins.fail2ban.version=v0.6.0\n - --global.checknewversion=false\n - --global.sendanonymoususage=false\n - --ping\n - --providers.file.directory=/dynamic_conf/\n - --providers.file.watch=true\n environment:\n TZ: Europe/Paris\n healthcheck:\n test:\n - CMD\n - traefik\n - healthcheck\n - --ping\n image: traefik:v3\n labels:\n traefik.enable: \"true\"\n traefik.http.middlewares.basic_auth.basicauth.removeHeader: \"true\"\n traefik.http.middlewares.basic_auth.basicauth.users: \"\"\n traefik.http.routers.traefik.middlewares: basic_auth@docker\n traefik.http.routers.traefik.rule: Host(`traefik.localhost`)\n traefik.http.routers.traefik.service: api@internal\n networks:\n srv: null\n ports:\n - mode: ingress\n target: 80\n published: \"80\"\n protocol: tcp\n - mode: ingress\n target: 443\n published: \"443\"\n protocol: tcp\n - mode: ingress\n target: 53\n published: \"53\"\n protocol: tcp\n - mode: ingress\n target: 53\n published: \"53\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /var/run/docker.sock\n target: /var/run/docker.sock\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/traefik/logs\n target: /logs\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/traefik/dynamic_conf\n target: /dynamic_conf\n bind:\n create_host_path: true\n transmission:\n dns:\n - 1.1.1.1\n environment:\n PGID: \"1000\"\n PUID: \"1000\"\n TRANSMISSION_WEB_HOME: /flood-for-transmission/\n TZ: Europe/Paris\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:9091/transmission/web/\n image: linuxserver/transmission:3.00-r5-ls115\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.transmission.middlewares: basic_auth@docker\n traefik.http.routers.transmission.rule: Host(`transmission.localhost`)\n traefik.http.services.transmission.loadbalancer.server.port: \"9091\"\n networks:\n srv: null\n ports:\n - mode: ingress\n target: 51413\n published: \"51413\"\n protocol: tcp\n - mode: ingress\n target: 51413\n published: \"51413\"\n protocol: udp\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/transmission/config\n target: /config\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/transmission/downloads\n target: /downloads\n bind:\n create_host_path: true\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/transmission/watch\n target: /watch\n bind:\n create_host_path: true\n vpn:\n environment:\n VPN_ADDL_PASSWORDS: \"\"\n VPN_ADDL_USERS: \"\"\n VPN_IPSEC_PSK: \"\"\n VPN_PASSWORD: \"\"\n VPN_USER: \"\"\n image: hwdsl2/ipsec-vpn-server:latest\n networks:\n default: null\n ports:\n - mode: ingress\n target: 4500\n published: \"4500\"\n protocol: udp\n - mode: ingress\n target: 500\n published: \"500\"\n protocol: udp\n privileged: true\n restart: always\n volumes:\n - type: bind\n source: /lib/modules\n target: /lib/modules\n read_only: true\n bind:\n create_host_path: true\n watchtower:\n environment:\n WATCHTOWER_CLEANUP: \"true\"\n WATCHTOWER_ROLLING_RESTART: \"true\"\n WATCHTOWER_SCHEDULE: 0 0 2 * * *\n image: containrrr/watchtower:latest\n labels:\n traefik.enable: \"false\"\n networks:\n default: null\n restart: always\n volumes:\n - type: bind\n source: /var/run/docker.sock\n target: /var/run/docker.sock\n bind:\n create_host_path: true\n wordpress:\n depends_on:\n wordpress-db:\n condition: service_started\n required: true\n environment:\n WORDPRESS_DB_HOST: wordpress-db\n WORDPRESS_DB_NAME: wordpress-db\n WORDPRESS_DB_PASSWORD: \"\"\n WORDPRESS_DB_USER: wordpress-user\n healthcheck:\n test:\n - CMD\n - curl\n - 0.0.0.0:80\n image: wordpress:6.2\n labels:\n traefik.enable: \"true\"\n traefik.http.routers.wordpress.rule: Host(`wordpress.localhost`)\n traefik.http.services.wordpress.loadbalancer.server.port: \"80\"\n links:\n - wordpress-db\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/wordpress/wordpress\n target: /var/www/html\n bind:\n create_host_path: true\n wordpress-db:\n environment:\n MYSQL_DATABASE: wordpress-db\n MYSQL_PASSWORD: \"\"\n MYSQL_RANDOM_ROOT_PASSWORD: \"true\"\n MYSQL_USER: wordpress-user\n healthcheck:\n test:\n - CMD\n - mysqladmin\n - ping\n - -uwordpress-user\n - -p\n - '|'\n - grep\n - alive\n image: mysql:5.7\n labels:\n traefik.enable: \"false\"\n networks:\n srv: null\n restart: always\n volumes:\n - type: bind\n source: /home/runner/work/make-my-server/make-my-server/wordpress/db\n target: /var/lib/mysql\n bind:\n create_host_path: true\nnetworks:\n codi-internal:\n name: make-my-server_codi-internal\n default:\n name: make-my-server_default\n framadate-internal:\n name: make-my-server_framadate-internal\n hits-internal:\n name: make-my-server_hits-internal\n mastodon-internal:\n name: make-my-server_mastodon-internal\n nextcloud-internal:\n name: make-my-server_nextcloud-internal\n rocketchat-internal:\n name: make-my-server_rocketchat-internal\n sharelatex-internal:\n name: make-my-server_sharelatex-internal\n srv:\n name: make-my-server_srv\n" }, { "path": "theia/README.md", "content": "# theia\n\nhttps://github.com/eclipse-theia/theia\n\nEclipse Theia is a cloud & desktop IDE framework implemented in TypeScript.\n" }, { "path": "theia/docker-compose.theia.yml", "content": "services:\n theia:\n image: 'theiaide/theia'\n init: true\n labels:\n traefik.enable: true\n traefik.http.routers.theia.middlewares: 'basic_auth@docker'\n traefik.http.routers.theia.rule: 'Host(`theia.${SITE:-localhost}`)'\n traefik.http.services.theia.loadbalancer.server.port: 3000\n networks:\n - 'srv'\n restart: 'always'\n # With this, you cannot install plugins but you can save files\n user: '1000:1000'\n volumes:\n - '${HOME}:/home/project:cached'\n" }, { "path": "tor-relay/.gitignore", "content": "keys/*\n" }, { "path": "tor-relay/README.md", "content": "# tor-relay\n\nhttps://community.torproject.org/relay/\n\nThe Tor network relies on volunteers to donate bandwidth. The more people who\nrun relays, the better the Tor network will be. The current Tor network is\nquite small compared to the number of people who need to use Tor, which means\nwe need more dedicated volunteers like you to run relays. By running a Tor\nrelay you can help make the Tor network.\n" }, { "path": "tor-relay/docker-compose.tor-relay.yml", "content": "# See https://blog.jessfraz.com/post/running-a-tor-relay-with-docker/\n# Checkout logs and https://atlas.torproject.org/ for annalytics\n\nservices:\n tor-relay:\n image: 'jess/tor-relay'\n build: 'https://github.com/jessfraz/dockerfiles.git#:tor-relay'\n environment:\n # see https://github.com/jessfraz/dockerfiles/tree/master/tor-relay for\n # further information about the values\n CONTACT_EMAIL: '${ROOT_EMAIL:-changeme@changeme.org}'\n CONTACT_GPG_FINGERPRINT: '${TOR_CONTACT_GPG_FINGERPRINT:-}'\n CONTACT_NAME: '${USERNAME}'\n RELAY_BANDWIDTH_BURST: '${TOR_RELAY_BANDWIDTH_BURST:-200 KBytes}'\n RELAY_BANDWIDTH_RATE: '${TOR_RELAY_BANDWIDTH_RATE:-100 KBytes}'\n RELAY_NICKNAME: '${TOR_RELAY_NICKNAME:-hacktheplanet}'\n RELAY_PORT: 9001\n RELAY_TYPE: '${TOR_RELAY_TYPE:-middle}' # bridge, middle, or exit\n labels:\n traefik.enable: false\n networks:\n - 'srv'\n ports:\n - '9001:9001'\n restart: 'always'\n volumes:\n - './keys:/var/lib/tor/.tor/keys/'\n - '/etc/localtime:/etc/localtime'\n" }, { "path": "tor-relay/keys/.gitkeep", "content": "" }, { "path": "traefik/README.md", "content": "# traefik\n\nhttps://doc.traefik.io/traefik/\n\nTraefik is an open-source Edge Router that makes publishing your services a fun\nand easy experience. It receives requests on behalf of your system and finds\nout which components are responsible for handling them. What sets Traefik\napart, besides its many features, is that it automatically discovers the right\nconfiguration for your services.\n\n## DNS entrypoint for Pi-hole\n\nTraefik now terminates both TCP and UDP DNS traffic for Pi-hole. The\n`dns-tcp`/`dns-udp` entrypoints listen on port 53 by default (configurable via\n`TRAEFIK_DNS_ENTRYPOINT` in your `.env`). Make sure no local resolver (for\nexample `systemd-resolved`) is bound to that port before starting Traefik. If\nyou need a custom port, set `TRAEFIK_DNS_ENTRYPOINT=` and update every DNS\nclient to query Traefik on the same port.\n\n## Add a Router/Service using the file provider\nTo create a new router and/or a new service, you can use the file provider:\n\nSimply create a new file inside the `./traefik/dynamic_conf` folder with this\ncontent:\n```yml\nhttp:\n # Add the router\n routers:\n service-example-router:\n service: service-example\n rule: Host(`example.localhost`)\n\n # Add the service\n services:\n service-example:\n loadBalancer:\n servers:\n - url: http://example.com\n```\n" }, { "path": "traefik/docker-compose.traefik.yml", "content": "services:\n traefik:\n image: 'traefik:${TRAEFIK_IMAGE_VERSION:-v3}'\n command:\n # Provider\n - '--providers.docker'\n - '--providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_BY_DEFAULT:-false}'\n - '--providers.docker.network=make-my-server_srv'\n # Entrypoints\n - '--entrypoints.web.address=:${TRAEFIK_WEB_ENTRYPOINT:-80}'\n - '--entrypoints.web.http.redirections.entrypoint.to=websecure'\n - '--entrypoints.websecure.address=:${TRAEFIK_WEBSECURE_ENTRYPOINT:-443}'\n - '--entrypoints.dns-tcp.address=:${TRAEFIK_DNS_ENTRYPOINT:-53}/tcp'\n - '--entrypoints.dns-udp.address=:${TRAEFIK_DNS_ENTRYPOINT:-53}/udp'\n # Let's Encrypt\n - '--certificatesresolvers.myresolver.acme.email=${ROOT_EMAIL:-changeme@changeme.org}'\n - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web'\n - '--certificatesresolvers.myresolver.acme.httpchallenge=true'\n - '--entrypoints.websecure.http.tls.certresolver=myresolver'\n # HTTP/3\n - '--entrypoints.websecure.http3'\n # Logs\n - '--accesslog.filepath=/logs/access.log'\n - '--accesslog.format=json'\n - '--log.filepath=/logs/traefik.log'\n - '--log.format=json'\n - '--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}'\n - '--metrics.prometheus.addrouterslabels'\n # Misc\n - '--api.dashboard'\n - '--entrypoints.websecure.http.middlewares=compress@file,headers@file${TRAEFIK_PLUGINS:-}'\n - '--experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban'\n - '--experimental.plugins.fail2ban.version=v0.6.0'\n - '--global.checknewversion=${TRAEFIK_CHECK_NEW_VERSION:-false}'\n - '--global.sendanonymoususage=${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}'\n - '--ping'\n - '--providers.file.directory=/dynamic_conf/'\n - '--providers.file.watch=true'\n environment:\n - 'TZ=${TZ:-Europe/Paris}'\n healthcheck:\n test: ['CMD', 'traefik', 'healthcheck', '--ping']\n labels:\n traefik.enable: true\n # Basic Auth Middleware definitions\n traefik.http.middlewares.basic_auth.basicauth.removeHeader: true\n traefik.http.middlewares.basic_auth.basicauth.users: '${USERS}'\n traefik.http.routers.traefik.middlewares: 'basic_auth@docker'\n\n traefik.http.routers.traefik.rule: 'Host(`traefik.${SITE:-localhost}`)'\n traefik.http.routers.traefik.service: 'api@internal'\n networks:\n - 'srv'\n ports:\n - '${TRAEFIK_WEB_ENTRYPOINT:-80}:${TRAEFIK_WEB_ENTRYPOINT:-80}'\n - '${TRAEFIK_WEBSECURE_ENTRYPOINT:-443}:${TRAEFIK_WEBSECURE_ENTRYPOINT:-443}'\n - '${TRAEFIK_DNS_ENTRYPOINT:-53}:${TRAEFIK_DNS_ENTRYPOINT:-53}/tcp'\n - '${TRAEFIK_DNS_ENTRYPOINT:-53}:${TRAEFIK_DNS_ENTRYPOINT:-53}/udp'\n restart: 'always'\n volumes:\n - '/var/run/docker.sock:/var/run/docker.sock'\n - './logs:/logs'\n - './dynamic_conf:/dynamic_conf'\n" }, { "path": "traefik/dynamic_conf/fail2ban.yml", "content": "http:\n middlewares:\n fail2ban:\n plugin:\n fail2ban:\n rules:\n bantime: '3h'\n enabled: true\n findtime: '10m'\n maxretry: 1000\n ports: '80:443'\n whitelist:\n ip:\n - '::1'\n - '127.0.0.1'\n" }, { "path": "traefik/dynamic_conf/middlewares.yml", "content": "http:\n middlewares:\n compress:\n compress: {}\n\n headers:\n headers:\n stsSeconds: 63072000\n" }, { "path": "traefik/dynamic_conf/tls.yml", "content": "tls:\n options:\n default:\n cipherSuites:\n - 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'\n - 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'\n - 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305'\n - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'\n - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'\n - 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305'\n minVersion: 'VersionTLS12'\n" }, { "path": "traefik/logs/.gitkeep", "content": "" }, { "path": "transmission/.gitignore", "content": "config/\ndownloads/\nwatch/\n" }, { "path": "transmission/README.md", "content": "# transmission\n\nhttps://transmissionbt.com/\n\nTransmission is a BitTorrent client.\n" }, { "path": "transmission/docker-compose.transmission.yml", "content": "services:\n transmission:\n image: 'linuxserver/transmission:${TRANSMISSION_IMAGE_VERSION:-3.00-r5-ls115}'\n dns:\n - '1.1.1.1'\n environment:\n PGID: '${TRANSMISSION_PGID:-1000}'\n PUID: '${TRANSMISSION_PUID:-1000}'\n TRANSMISSION_WEB_HOME: '${TRANSMISSION_WEB_HOME:-/flood-for-transmission/}'\n TZ: '${TZ:-Europe/Paris}'\n healthcheck:\n test: ['CMD', 'curl', '0.0.0.0:9091/transmission/web/']\n labels:\n traefik.enable: true\n traefik.http.routers.transmission.middlewares: 'basic_auth@docker'\n traefik.http.routers.transmission.rule: 'Host(`transmission.${SITE:-localhost}`)'\n traefik.http.services.transmission.loadbalancer.server.port: 9091\n networks:\n - 'srv'\n ports:\n - '51413:51413'\n - '51413:51413/udp'\n restart: 'always'\n volumes:\n - './config:/config'\n - './downloads:/downloads'\n - './watch:/watch'\n" }, { "path": "vpn/README.md", "content": "# vpn\n\nhttps://github.com/hwdsl2/docker-ipsec-vpn-server\n\nDocker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec\n" }, { "path": "vpn/docker-compose.vpn.yml", "content": "services:\n vpn:\n image: 'hwdsl2/ipsec-vpn-server:${VPN_IMAGE_VERSION:-latest}'\n environment:\n VPN_ADDL_PASSWORDS: '${VPN_ADDL_PASSWORDS:-}' # space separated values\n VPN_ADDL_USERS: '${VPN_ADDL_USERS:-}' # space separated values\n VPN_IPSEC_PSK: '${VPN_IPSEC_PSK:-}'\n VPN_PASSWORD: '${VPN_PASSWORD:-}'\n VPN_USER: '${VPN_USER:-}'\n privileged: true\n restart: 'always'\n ports:\n - '4500:4500/udp'\n - '500:500/udp'\n volumes:\n - '/lib/modules:/lib/modules:ro'\n" }, { "path": "watchtower/README.md", "content": "# Watchtower\n\nhttps://containrrr.dev/watchtower/\n\nA container-based solution for automating Docker container base image updates.\n\nWith watchtower you can update the running version of your containerized app\nsimply by pushing a new image to the Docker Hub or your own image registry.\nWatchtower will pull down your new image, gracefully shut down your existing\ncontainer and restart it with the same options that were used when it was\ndeployed initially.\n" }, { "path": "watchtower/docker-compose.watchtower.yml", "content": "services:\n watchtower:\n image: 'containrrr/watchtower:${WATCHTOWER_IMAGE_VERSION:-latest}'\n environment:\n WATCHTOWER_CLEANUP: '${WATCHTOWER_CLEANUP:-true}'\n WATCHTOWER_ROLLING_RESTART: '${WATCHTOWER_ROLLING_RESTART:-true}'\n # run at 2am everyday\n WATCHTOWER_SCHEDULE: '${WATCHTOWER_SCHEDULE:-0 0 2 * * *}'\n labels:\n traefik.enable: false\n restart: 'always'\n volumes:\n - '/var/run/docker.sock:/var/run/docker.sock'\n" } ]