From cdba7902cebaeecfffbce38b8fb3b7542b2b5190 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Oct 2022 22:46:36 +0000 Subject: [PATCH] Update: Collection with latest options --- README.md | 4 +++ authelia/conf/configuration.ldap.yml | 6 ++-- ldap-account-manager/.env | 11 ------- ldap-user-manager/.env | 11 ------- librespeed/docker-compose.mysql.yml | 10 +++++++ librespeed/docker-compose.yml | 16 +++------- librespeed/vars.yml | 2 ++ minio/docker-compose.client.yml | 24 +++++++++++++++ minio/docker-compose.ldap.yml | 22 +++++++++----- minio/docker-compose.yml | 18 +++++------- minio/vars.yml | 2 ++ openldap/.env | 11 ------- openldap/README.md | 14 +++++++++ openldap/docker-compose.expose.yml | 1 + openldap/docker-compose.yml | 12 ++++---- traefik/.env | 11 ------- ...yml => docker-compose.letsencrypt-dns.yml} | 15 +++++----- traefik/docker-compose.yml | 29 ++++++++++--------- traefik/vars.yml | 14 +++++++++ 19 files changed, 129 insertions(+), 104 deletions(-) delete mode 100644 ldap-account-manager/.env delete mode 100644 ldap-user-manager/.env create mode 100644 librespeed/docker-compose.mysql.yml create mode 100644 librespeed/vars.yml create mode 100644 minio/docker-compose.client.yml create mode 100644 minio/vars.yml delete mode 100644 openldap/.env delete mode 100644 traefik/.env rename traefik/{docker-compose.letsencrypt.yml => docker-compose.letsencrypt-dns.yml} (55%) create mode 100644 traefik/vars.yml diff --git a/README.md b/README.md index d8a51aa..b7bbb1f 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,10 @@ https://github.com/linuxserver/docker-doublecommander/ Some other external resources gathered from the web +Must read: + * https://geek-cookbook.funkypenguin.co.nz/docker-swarm/design/ + * https://homelabos.com/docs/ + #### Large Collections - https://docs.linuxserver.io/general/awesome-lsio diff --git a/authelia/conf/configuration.ldap.yml b/authelia/conf/configuration.ldap.yml index ac77178..c2f5d3b 100644 --- a/authelia/conf/configuration.ldap.yml +++ b/authelia/conf/configuration.ldap.yml @@ -21,8 +21,8 @@ authentication_backend: permit_unauthenticated_bind: false additional_users_dn: ou=people - base_dn: DC=dev,DC=box - user: CN=admin,DC=dev,DC=box - password: admin + base_dn: DC=jeznet,DC=org + user: CN=admin,DC=jeznet,DC=org + password: devbox_admin diff --git a/ldap-account-manager/.env b/ldap-account-manager/.env deleted file mode 100644 index 9df03d4..0000000 --- a/ldap-account-manager/.env +++ /dev/null @@ -1,11 +0,0 @@ -APP_IMAGE=traefik -APP_VERSION=v2.6.1 - -APP_PUBLIC_IP="127.0.0.1" -APP_NETWORK='' - -APP_DOMAIN=dev -APP_ADMIN_EMAIL=admin@dev - -TRAEFIK_CERTRESOLV=default -TRAEFIK_CERTRESOLV_PROVIDER='' diff --git a/ldap-user-manager/.env b/ldap-user-manager/.env deleted file mode 100644 index 9df03d4..0000000 --- a/ldap-user-manager/.env +++ /dev/null @@ -1,11 +0,0 @@ -APP_IMAGE=traefik -APP_VERSION=v2.6.1 - -APP_PUBLIC_IP="127.0.0.1" -APP_NETWORK='' - -APP_DOMAIN=dev -APP_ADMIN_EMAIL=admin@dev - -TRAEFIK_CERTRESOLV=default -TRAEFIK_CERTRESOLV_PROVIDER='' diff --git a/librespeed/docker-compose.mysql.yml b/librespeed/docker-compose.mysql.yml new file mode 100644 index 0000000..594d043 --- /dev/null +++ b/librespeed/docker-compose.mysql.yml @@ -0,0 +1,10 @@ +services: + librespeed: + environment: + - DB_TYPE=$app_db_type #optional + - DB_NAME=$app_db_name #optional + - DB_HOSTNAME=$app_db_host #optional + - DB_USERNAME=$app_db_user #optional + - DB_PASSWORD=$app_db_passwd #optional + - DB_PORT=$app_db_port #optional + diff --git a/librespeed/docker-compose.yml b/librespeed/docker-compose.yml index ae2c21a..e3e5ad6 100644 --- a/librespeed/docker-compose.yml +++ b/librespeed/docker-compose.yml @@ -1,22 +1,14 @@ version: "3.7" + services: librespeed: - image: lscr.io/linuxserver/librespeed:latest - #container_name: librespeed + image: ${app_image}:${app_image_version} environment: - #- PUID=$app_puid - #- PGID=$app_pgid + - PUID=$app_puid + - PGID=$app_pgid - TZ=$app_tz - PASSWORD=$app_admin_passwd - CUSTOM_RESULTS=false #optional - DB_TYPE=sqlite #optional - # - DB_NAME=DB_NAME #optional - # - DB_HOSTNAME=DB_HOSTNAME #optional - # - DB_USERNAME=DB_USERNAME #optional - # - DB_PASSWORD=DB_PASSWORD #optional - # - DB_PORT=DB_PORT #optional volumes: - ./config:/config - #ports: - # - 80:80 - diff --git a/librespeed/vars.yml b/librespeed/vars.yml new file mode 100644 index 0000000..58d48b6 --- /dev/null +++ b/librespeed/vars.yml @@ -0,0 +1,2 @@ +app_image: lscr.io/linuxserver/librespeed +app_image_version: 5.2.5 diff --git a/minio/docker-compose.client.yml b/minio/docker-compose.client.yml new file mode 100644 index 0000000..412173e --- /dev/null +++ b/minio/docker-compose.client.yml @@ -0,0 +1,24 @@ + +networks: + default: + name: ${net_ostorage:-s3} + + +services: + client: + image: minio/mc:latest + command: server --console-address ":9001" /data + volumes: + - ./data:/data + - ./config:/root/.minio + environment: + - MINIO_ROOT_USER=$app_admin_login + - MINIO_ROOT_PASSWORD=$app_admin_passwd + + # Why this does not work ? + #- MINIO_SERVER_URL=${app_prot}://minio.$app_domain + - MINIO_SERVER_URL=${app_prot}://minio:9000 + + - MINIO_DOMAIN=minio.$app_domain + - MINIO_BROWSER_REDIRECT_URL=${app_prot}://minio-console.$app_domain + diff --git a/minio/docker-compose.ldap.yml b/minio/docker-compose.ldap.yml index 6774688..6aacda2 100644 --- a/minio/docker-compose.ldap.yml +++ b/minio/docker-compose.ldap.yml @@ -1,19 +1,25 @@ networks: ldap: - name: ${net_ldap:-s3} + name: ${net_ldap:-ldap} services: minio: networks: ldap: environment: - - MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN - - MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD - - MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN - - MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER + - MINIO_IDENTITY_LDAP_SERVER_ADDR=ldap:389 + #- MINIO_IDENTITY_LDAP_SERVER_ADDR=ldap:636 + - MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN=$ldap_admin_bind_dn + - MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD=$ldap_admin_bind_passwd + - MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN=$ldap_user_base_dn + - MINIO_IDENTITY_LDAP_SERVER_INSECURE=on + #- MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on + #- MINIO_IDENTITY_LDAP_SERVER_STARTTLS=off + - MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER=(uid=%s) + #- MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER - - MINIO_IDENTITY_LDAP_USERNAME_FORMAT - - MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN - - MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER + #- MINIO_IDENTITY_LDAP_USERNAME_FORMAT # Legacy method + - MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN=$ldap_group_base_dn + - MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER=(&(objectClass=posixGroup)(uniqueMember=%d)) diff --git a/minio/docker-compose.yml b/minio/docker-compose.yml index 12f9f44..3afaa76 100644 --- a/minio/docker-compose.yml +++ b/minio/docker-compose.yml @@ -1,5 +1,6 @@ version: "3.9" + # Official docuemtnation # https://min.io/docs/minio/container/index.html @@ -20,22 +21,19 @@ networks: services: minio: - image: quay.io/minio/minio:latest + image: ${app_image}:${app_image_version} command: server --console-address ":9001" /data - restart: always volumes: - ./data:/data - ./config:/root/.minio environment: - MINIO_ROOT_USER=$app_admin_login - MINIO_ROOT_PASSWORD=$app_admin_passwd - - #- MINIO_DOMAIN=minio.$app_domain - #- MINIO_DOMAIN=http://localhost:9000 - #- MINIO_SERVER_URL=http://minio.$app_domain + + # Why this does not work ? + #- MINIO_SERVER_URL=${app_prot}://minio.$app_domain - MINIO_SERVER_URL=${app_prot}://minio:9000 - - MINIO_BROWSER_REDIRECT_URL=${app_prot}://minio-console.$app_domain - # - #- MINIO_ACCESS_KEY=dksflhdskhfkjdshfkdf - #- MINIO_SECRET_KEY=kfsdfksdhfkjsdhfkjdshf + + - MINIO_DOMAIN=minio.$app_domain + - MINIO_BROWSER_REDIRECT_URL=${app_prot}://minio-console.$app_domain diff --git a/minio/vars.yml b/minio/vars.yml new file mode 100644 index 0000000..ac60143 --- /dev/null +++ b/minio/vars.yml @@ -0,0 +1,2 @@ +app_image: quay.io/minio/minio +app_image_version: RELEASE.2022-10-20T00-55-09Z diff --git a/openldap/.env b/openldap/.env deleted file mode 100644 index 9df03d4..0000000 --- a/openldap/.env +++ /dev/null @@ -1,11 +0,0 @@ -APP_IMAGE=traefik -APP_VERSION=v2.6.1 - -APP_PUBLIC_IP="127.0.0.1" -APP_NETWORK='' - -APP_DOMAIN=dev -APP_ADMIN_EMAIL=admin@dev - -TRAEFIK_CERTRESOLV=default -TRAEFIK_CERTRESOLV_PROVIDER='' diff --git a/openldap/README.md b/openldap/README.md index b1fc28e..dd10b92 100644 --- a/openldap/README.md +++ b/openldap/README.md @@ -1,5 +1,19 @@ # OpenLDAP Server +## Connecting as admin + +You can use JXplorer as LDAP client to test it out: +* Host: Your LDAP IP +* Port: Your LDAP port (389) +* Base DN: dc=example,dc=org +* User DN: cn=admin,dc=example,dc=org +* Password: LDAP Admin password + +## Note about TLS + +LDAP port: 389 +LDAPS port: 636 + ## Self-serve configuration diff --git a/openldap/docker-compose.expose.yml b/openldap/docker-compose.expose.yml index 7112566..b32b2e7 100644 --- a/openldap/docker-compose.expose.yml +++ b/openldap/docker-compose.expose.yml @@ -2,4 +2,5 @@ services: openldap: ports: - $app_expose_ip:${app_expose_port:-389}:389 + - $app_expose_ip:${app_expose_port:-636}:636 diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml index 132f49c..e2fc415 100644 --- a/openldap/docker-compose.yml +++ b/openldap/docker-compose.yml @@ -9,13 +9,13 @@ services: openldap: image: osixia/openldap:latest restart: always - networks: - default: - aliases: - - ldap - - $ldap_uri_server + #networks: + # default: + # aliases: + # - ldap + # - $ldap_uri_server environment: - - "LDAP_ORGANISATION=${ldap_domain:-$app_fqdn}" + - "LDAP_ORGANISATION=${ldap_org:-$app_fqdn}" - "LDAP_DOMAIN=${ldap_domain:-$app_fqdn}" - "LDAP_ADMIN_PASSWORD=${ldap_admin_bind_passwd:-$app_admin_passwd}" - "LDAP_RFC2307BIS_SCHEMA=true" diff --git a/traefik/.env b/traefik/.env deleted file mode 100644 index bc17724..0000000 --- a/traefik/.env +++ /dev/null @@ -1,11 +0,0 @@ -APP_IMAGE=traefik -APP_VERSION=v2.6.1 - -app_expose_ip="127.0.0.1" -APP_NETWORK='' - -APP_DOMAIN=dev -APP_ADMIN_EMAIL=admin@dev - -TRAEFIK_CERTRESOLV=default -TRAEFIK_CERTRESOLV_PROVIDER='' diff --git a/traefik/docker-compose.letsencrypt.yml b/traefik/docker-compose.letsencrypt-dns.yml similarity index 55% rename from traefik/docker-compose.letsencrypt.yml rename to traefik/docker-compose.letsencrypt-dns.yml index 5a6f40b..dc2a428 100644 --- a/traefik/docker-compose.letsencrypt.yml +++ b/traefik/docker-compose.letsencrypt-dns.yml @@ -10,13 +10,14 @@ services: - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_EMAIL=${app_admin_email} - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_STORAGE=/data/acme-${traefik_svc_certresolver}.json - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE=true - - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_PROVIDER} + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_provider} + - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS=${traefik_svc_certresolver_resolvers} #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10 - #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53" - # ACME credentials for ovh-eu - # - OVH_ENDPOINT=ovh-eu - # - OVH_APPLICATION_KEY=XXX - # - OVH_APPLICATION_SECRET=YYY - # - OVH_CONSUMER_KEY=ZZZ + # ACME support for ovh + - OVH_ENDPOINT=${traefik_svc_certresolver_ovh_endpoint} + - OVH_APPLICATION_KEY=${traefik_svc_certresolver_ovh_app_key} + - OVH_APPLICATION_SECRET=${traefik_svc_certresolver_ovh_app_secret} + - OVH_CONSUMER_KEY=${traefik_svc_certresolver_ovh_consumer_key} + diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml index 33d9871..59f1a23 100644 --- a/traefik/docker-compose.yml +++ b/traefik/docker-compose.yml @@ -6,23 +6,24 @@ version: "3.7" # - bash does not allow hyphen in their name # - Traefik does not allow underscore when shell configuration is used -x-paasify: - app: - service: traefik - port: 8080 - image: traefik - version: v1.6 - cmd: my command - cmd_help: - cmd_shell: - cmd_status: - conf: - traefik_svc_tls: false - traefik_svc_entrypoints: default-http + + # x-paasify: + # app: + # service: traefik + # port: 8080 + # image: traefik + # version: v1.6 + # cmd: my command + # cmd_help: + # cmd_shell: + # cmd_status: + # conf: + # traefik_svc_tls: false + # traefik_svc_entrypoints: default-http services: traefik: - image: ${app_image} + image: ${app_image}:${app_image_version} restart: always #networks: # default: diff --git a/traefik/vars.yml b/traefik/vars.yml new file mode 100644 index 0000000..7e49f5c --- /dev/null +++ b/traefik/vars.yml @@ -0,0 +1,14 @@ +app_image: traefik +app_image_version: v2.9 + +# Let's encrypt support +traefik_svc_certresolver: default +traefik_svc_certresolver_provider: null +traefik_svc_certresolver_resolvers: + +# OVH support for Let's encrypt +traefik_svc_certresolver_ovh_endpoint: ovh-eu +traefik_svc_certresolver_ovh_app_key: +traefik_svc_certresolver_ovh_app_secret: +traefik_svc_certresolver_ovh_consumer_key: +