Change folder layout

2023-01-04 16:16:46 +01:00
parent 2aa1f52113
commit aaca8c3efa
36 changed files with 50 additions and 78 deletions
--- a/docker/.gitignore
+++ b/docker/.gitignore
@@ -0,0 +1,4 @@
+secrets/*/*
+!secrets/*/README.md
+volumes/*/*/*
+!volumes/*/*/.gitkeep
--- a/docker/configs/traefik/dynamic/hsts.yml
+++ b/docker/configs/traefik/dynamic/hsts.yml
@@ -0,0 +1,9 @@
+http:
+  middlewares:
+    hsts:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        stsSeconds: 31536000 # 1 year
+        stsPreload: true
+        stsIncludeSubdomains: true
--- a/docker/configs/traefik/dynamic/tls.yml
+++ b/docker/configs/traefik/dynamic/tls.yml
@@ -0,0 +1,6 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /run/secrets/traefik_tls_cert
+        keyFile: /run/secrets/traefik_tls_key
--- a/docker/configs/traefik/dynamic/traefik.yml
+++ b/docker/configs/traefik/dynamic/traefik.yml
@@ -0,0 +1,11 @@
+http:
+  routers:
+    traefik:
+      rule: Host(`traefik.{{ env `NASCOMPOSE_TRAEFIK_DOMAIN` }}`)
+      service: api@internal
+      middlewares:
+        - traefik-auth
+  middlewares:
+    traefik-auth:
+      basicAuth:
+        usersFile: /run/secrets/traefik_password
--- a/docker/configs/traefik/traefik.yml
+++ b/docker/configs/traefik/traefik.yml
@@ -0,0 +1,32 @@
+providers:
+  docker:
+    endpoint: tcp://docker:2375
+    exposedByDefault: false
+    network: traefik
+    defaultRule: Host(`{{ index .Labels "com.docker.compose.service" }}.{{ env `NASCOMPOSE_TRAEFIK_DOMAIN` }}`)
+  file:
+    directory: /etc/traefik/dynamic/
+
+serverstransport:
+  insecureskipverify: true
+
+api: {}
+accessLog: {}
+
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: :443
+    http:
+      tls: {}
+      middlewares:
+        - hsts@file
+
+global:
+  sendAnonymousUsage: false
--- a/docker/configs/transmission/openvpn-post-config.sh
+++ b/docker/configs/transmission/openvpn-post-config.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Workaround for https://github.com/haugene/docker-transmission-openvpn/pull/2480
+if [[ -f /run/secrets/rpc_creds ]]; then
+  export TRANSMISSION_RPC_USERNAME=$(head -1 /run/secrets/rpc_creds)
+  export TRANSMISSION_RPC_PASSWORD=$(tail -1 /run/secrets/rpc_creds)
+fi
+echo "${TRANSMISSION_RPC_USERNAME}" > /config/transmission-credentials.txt
+echo "${TRANSMISSION_RPC_PASSWORD}" >> /config/transmission-credentials.txt
--- a/docker/secrets/duckdns/README.md
+++ b/docker/secrets/duckdns/README.md
--- a/docker/secrets/gotify/README.md
+++ b/docker/secrets/gotify/README.md
@@ -0,0 +1,4 @@
+Contains the file `admin_password`
+
+Environment variable file for the default admin password, this is because gotify doesn't support docker secrets yet
+https://github.com/gotify/server/issues/392
--- a/docker/secrets/portainer/README.md
+++ b/docker/secrets/portainer/README.md
@@ -0,0 +1,2 @@
+Contains the file `portainer_password`
+More on https://docs.portainer.io/advanced/cli#method-2-creating-the-account-using-a-file
--- a/docker/secrets/traefik/README.md
+++ b/docker/secrets/traefik/README.md
@@ -0,0 +1,7 @@
+Contains the file `htpasswd`
+
+Username/password to login on traefik, see https://v2.doc.traefik.io/traefik/middlewares/http/basicauth/#usersfile
+
+
+`treefik.cert`  & `traefik.key`
+Self-Signed certificate for Trafik default setup
--- a/docker/volumes/bazaar/config/.gitkeep
+++ b/docker/volumes/bazaar/config/.gitkeep
--- a/docker/volumes/gotify/data/entrypoint.sh
+++ b/docker/volumes/gotify/data/entrypoint.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		mysql_error "Both $var and $fileVar are set (but are exclusive)"
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+cd /app
+
+file_env 'GOTIFY_DEFAULTUSER_PASS'
+
+./gotify-app "$@"
--- a/docker/volumes/lazylibrarian/config/.gitkeep
+++ b/docker/volumes/lazylibrarian/config/.gitkeep
--- a/docker/volumes/mylar/config/.gitkeep
+++ b/docker/volumes/mylar/config/.gitkeep
--- a/docker/volumes/ombi/config/.gitkeep
+++ b/docker/volumes/ombi/config/.gitkeep
--- a/docker/volumes/plaxt/keystore/.gitkeep
+++ b/docker/volumes/plaxt/keystore/.gitkeep
--- a/docker/volumes/plex/data/.gitkeep
+++ b/docker/volumes/plex/data/.gitkeep
--- a/docker/volumes/portainer/data/.gitkeep
+++ b/docker/volumes/portainer/data/.gitkeep
--- a/docker/volumes/prowlarr/config/.gitkeep
+++ b/docker/volumes/prowlarr/config/.gitkeep
--- a/docker/volumes/radarr/config/.gitkeep
+++ b/docker/volumes/radarr/config/.gitkeep
--- a/docker/volumes/smokeping/config/.gitkeep
+++ b/docker/volumes/smokeping/config/.gitkeep
--- a/docker/volumes/smokeping/data/.gitkeep
+++ b/docker/volumes/smokeping/data/.gitkeep
--- a/docker/volumes/sonarr/config/.gitkeep
+++ b/docker/volumes/sonarr/config/.gitkeep
--- a/docker/volumes/transmission/config/.gitkeep
+++ b/docker/volumes/transmission/config/.gitkeep