From 725574b6ce664c82bf23c64f917e87177226e396 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Wed, 6 Jan 2021 22:18:55 +0100 Subject: [PATCH 01/16] Started Miniflux README --- miniflux/README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/miniflux/README.md b/miniflux/README.md index e69de29..202fb1f 100644 --- a/miniflux/README.md +++ b/miniflux/README.md @@ -0,0 +1,26 @@ +# Miniflux +> [Miniflux](https://miniflux.app/) is a minimalist and opinionated feed reader. + +This description sums up Miniflux pretty well. It's very simple to setup and +operate, yet does exactly what it's supposed to: it manages RSS feeds. + +## Environment variables +Not much configuration is required by default to get things up and running. + +For the database, you have the usual PostgreSQL stuff: +* `POSTGRES_DB`: database name +* `POSTGRES_USER`: main user of the database +* `POSTGRES_PASSWORD`: password for main user + +For Miniflux, I used the following defaults: +* `DATABASE_URL`: this URL defines how to connect to the database. It follows + the form + `postgres://POSTGRES_USER:POSTGRES_PASSWORD@db/POSTGRES_DB?sslmode=disable` +* `RUN_MIGRATIONS`: this lets Miniflux auto-migrate the database when needed + (this is especially useful during initial startup) +* `CREATE_ADMIN`: this allows us to create an admin account using env vars +* `ADMIN_USERNAME`: admin username +* `ADMIN_PASSWORD`: admin password + +Miniflux has many other variables you can set, which you can find +[here](https://miniflux.app/docs/configuration.html). From 932b2048849da7586c7b46e19a535deceb015ac1 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Thu, 7 Jan 2021 12:06:56 +0100 Subject: [PATCH 02/16] Added initial nefarious config --- nefarious/.env.example | 27 +++++++ nefarious/README.md | 0 nefarious/docker-compose.yml | 108 +++++++++++++++++++++++++++ nefarious/transmission_settings.json | 10 +++ 4 files changed, 145 insertions(+) create mode 100644 nefarious/.env.example create mode 100644 nefarious/README.md create mode 100644 nefarious/docker-compose.yml create mode 100644 nefarious/transmission_settings.json diff --git a/nefarious/.env.example b/nefarious/.env.example new file mode 100644 index 0000000..4fcda8a --- /dev/null +++ b/nefarious/.env.example @@ -0,0 +1,27 @@ +# Only sqlite3 works by default +DATABASE_URL=sqlite:////config/db.sqlite3 + +# Path to download torrents to. +# In this setup, we juse use a docker volume as the downloads aren't meant to stay on the system after being watched +# You can change this to a directory if you wish to download to the host's file system instead +HOST_DOWNLOAD_PATH=downloads + +# Redis host; shouldn't be changed +REDIS_HOST=redis + +# Config path for nefarious inside container; leave as is +NEFARIOUS_CONFIG_PATH=/config + +# Admin user credentials +NEFARIOUS_USER=admin +NEFARIOUS_PASS=changeme + +# UID and GID to run as +PUID=1000 +PGID=1000 + +# Timezone +TZ=Europe/London + +# How many worker processes celery may use; if 0, uses all cpu cores +CELERY_WORKERS=0 diff --git a/nefarious/README.md b/nefarious/README.md new file mode 100644 index 0000000..e69de29 diff --git a/nefarious/docker-compose.yml b/nefarious/docker-compose.yml new file mode 100644 index 0000000..f1db7fc --- /dev/null +++ b/nefarious/docker-compose.yml @@ -0,0 +1,108 @@ +version: '3.5' + +services: + # Main nefarious app + app: + image: 'lardbit/nefarious:latest' + restart: 'always' + logging: + options: + max-size: '500k' + max-file: '10' + + depends_on: + - 'celery' + - 'jackett' + - 'redis' + environment: + - 'DATABASE_URL' + - 'REDIS_HOST' + - 'HOST_DOWNLOAD_PATH' + - 'NEFARIOUS_USER' + - 'NEFARIOUS_PASS' + - 'CONFIG_PATH=${NEFARIOUS_CONFIG_PATH}' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + networks: + - 'default' + - 'nginx' + volumes: + - 'config:${NEFARIOUS_CONFIG_PATH}' + + # Caching + redis: + image: 'redis:6-alpine' + restart: 'always' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + + # Background task queue + celery: + image: 'lardbit/nefarious:latest' + restart: 'always' + entrypoint: /env/bin/celery -A nefarious worker --concurrency $CELERY_WORKERS --beat --loglevel=INFO + logging: + options: + max-size: '500k' + max-file: '10' + + depends_on: + - 'redis' + environment: + - 'DATABASE_URL' + - 'REDIS_HOST' + - 'CONFIG_PATH=${NEFARIOUS_CONFIG_PATH}' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + volumes: + - 'config:${NEFARIOUS_CONFIG_PATH}' + + # Tracker searching + jackett: + image: 'linuxserver/jackett:latest' + restart: 'always' + logging: + options: + max-size: '500k' + max-file: '10' + + ports: + - '9117:9117' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + networks: + - 'default' + - 'nginx' + volumes: + - 'jackett-config:/config' + + # Torrenting server + transmission: + image: 'linuxserver/transmission:latest' + restart: 'always' + logging: + options: + max-size: '500k' + max-file: '10' + + environment: + - 'PUID' + - 'PGID' + - 'TZ' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + ports: + - '51413:51413' + - '51413:51413/udp' + volumes: + - '$HOST_DOWNLOAD_PATH:/downloads' + - './transmission_settings.json:/config/settings.json' + +networks: + nginx: + external: true + +volumes: + config: + downloads: + jackett-config: diff --git a/nefarious/transmission_settings.json b/nefarious/transmission_settings.json new file mode 100644 index 0000000..c079c8f --- /dev/null +++ b/nefarious/transmission_settings.json @@ -0,0 +1,10 @@ +{ + "download-dir": "/downloads/complete", + "incomplete-dir": "/downloads/incomplete", + "rpc-whitelist": "*", + "rpc-host-whitelist-enabled": "false", + "port-forwarding-enabled": true, + "peer-port": 51413, + "peer-port-random-on-start": false, + "peer-socket-tos": "default" +} From 05f864dd477a487baeb8bbebc130b8643aef31dd Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Thu, 7 Jan 2021 12:45:29 +0100 Subject: [PATCH 03/16] Added transmission user settings --- nefarious/.env.example | 5 +++++ nefarious/docker-compose.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nefarious/.env.example b/nefarious/.env.example index 4fcda8a..aeaffa3 100644 --- a/nefarious/.env.example +++ b/nefarious/.env.example @@ -16,6 +16,11 @@ NEFARIOUS_CONFIG_PATH=/config NEFARIOUS_USER=admin NEFARIOUS_PASS=changeme +# Transmission user credentials +# These are only needed if you wish to expose the transmission server +TRANSMISSION_USER= +TRANSMISSION_PASS= + # UID and GID to run as PUID=1000 PGID=1000 diff --git a/nefarious/docker-compose.yml b/nefarious/docker-compose.yml index f1db7fc..85c8d29 100644 --- a/nefarious/docker-compose.yml +++ b/nefarious/docker-compose.yml @@ -89,6 +89,8 @@ services: - 'PUID' - 'PGID' - 'TZ' + - 'USER=${TRANSMISSION_USER}' + - 'PASS=${TRANSMISSION_PASS}' labels: - 'com.centurylinklabs.watchtower.enable=true' ports: From 69fadcbbed88c83a8c59ff90474b832458b3e39c Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Thu, 7 Jan 2021 12:57:45 +0100 Subject: [PATCH 04/16] Removed jackett open port --- nefarious/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/nefarious/docker-compose.yml b/nefarious/docker-compose.yml index 85c8d29..e41d754 100644 --- a/nefarious/docker-compose.yml +++ b/nefarious/docker-compose.yml @@ -66,8 +66,6 @@ services: max-size: '500k' max-file: '10' - ports: - - '9117:9117' labels: - 'com.centurylinklabs.watchtower.enable=true' networks: From 929d1e2cf4fc7f961589bddfe8e048c1d57c1006 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sat, 9 Jan 2021 15:15:22 +0100 Subject: [PATCH 05/16] Nginx now uses template syntax for easier config --- nginx/.env.example | 12 ++++ nginx/build/entrypoint.sh | 2 +- nginx/conf.d/http.conf | 35 ------------ nginx/docker-compose.yml | 17 ++++-- nginx/nginx.env.example | 5 -- nginx/sites-available/nextcloud.conf | 55 +++++++++++++++++++ .../events.conf.template} | 0 nginx/templates/http.conf.template | 35 ++++++++++++ 8 files changed, 114 insertions(+), 47 deletions(-) create mode 100644 nginx/.env.example delete mode 100644 nginx/conf.d/http.conf delete mode 100644 nginx/nginx.env.example create mode 100644 nginx/sites-available/nextcloud.conf rename nginx/{conf.d/events.conf => templates/events.conf.template} (100%) create mode 100644 nginx/templates/http.conf.template diff --git a/nginx/.env.example b/nginx/.env.example new file mode 100644 index 0000000..445e483 --- /dev/null +++ b/nginx/.env.example @@ -0,0 +1,12 @@ +# Main domain; also name of certificate +MAIN_DOMAIN= + +# Comma-separated list of other domains which also arrive here +DOMAINS= + +# Admin email; used for certificates +EMAIL= + +# HTTP(S) Port +HTTP_PORT=80 +HTTPS_PORT=443 diff --git a/nginx/build/entrypoint.sh b/nginx/build/entrypoint.sh index ede0c39..14ca52a 100644 --- a/nginx/build/entrypoint.sh +++ b/nginx/build/entrypoint.sh @@ -1,4 +1,4 @@ #!/usr/bin/env sh -certbot certonly --standalone -d "$DOMAINS" --email "$EMAIL" -n --agree-tos --expand +certbot certonly --standalone -d "$MAIN_DOMAIN,$DOMAINS" --email "$EMAIL" -n --agree-tos --expand /usr/sbin/nginx -g "daemon off;" diff --git a/nginx/conf.d/http.conf b/nginx/conf.d/http.conf deleted file mode 100644 index c92194d..0000000 --- a/nginx/conf.d/http.conf +++ /dev/null @@ -1,35 +0,0 @@ -http { - # SSL CONFIGURATION - # Key locations - ssl_certificate /etc/letsencrypt/live/your.domain.here/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/your.domain.here/privkey.pem; - - # Allowed protocols - ssl_protocols TLSv1.2; - - # Allowed cyphers - # ssl_ciphers EECDH+CHACHA20:EECDH+AES; - - # Cache settings - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Still gotta figure out what these do - # ssl_session_tickets off; - # ssl_prefer_server_ciphers on; - # ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; - - - # Auto-route all HTTP requests to HTTPS - server { - listen 80; - listen [::]:80; - server_name _; - - return 301 https://$host:443$request_uri; - } - - - # LOAD SITES - include sites_enabled/*.conf; -} diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml index 7b758df..c8e51f1 100644 --- a/nginx/docker-compose.yml +++ b/nginx/docker-compose.yml @@ -4,17 +4,22 @@ services: build: './build' image: 'nginx-certbot:stable-alpine' - env_file: - - 'nginx.env.example' + environment: + - 'DOMAINS' + - 'EMAIL' + - 'HTTPS_PORT' + - 'HTTP_PORT' + - 'MAIN_DOMAIN' networks: - 'nginx' ports: - - '80:80' - - '443:443' + - '$HTTP_PORT:$HTTP_PORT' + - '$HTTPS_PORT:$HTTPS_PORT' volumes: - - 'certs:/etc/letsencrypt' - './nginx.conf:/etc/nginx/nginx.conf' - - './conf.d:/etc/nginx/conf.d' + - './sites-enabled:/etc/nginx/sites-enabled' + - './templates:/etc/nginx/templates' + - 'certs:/etc/letsencrypt' networks: nginx: diff --git a/nginx/nginx.env.example b/nginx/nginx.env.example deleted file mode 100644 index b807d76..0000000 --- a/nginx/nginx.env.example +++ /dev/null @@ -1,5 +0,0 @@ -# Comma-separated list of domains -DOMAINS= - -# Admin email; used for certificates -EMAIL= diff --git a/nginx/sites-available/nextcloud.conf b/nginx/sites-available/nextcloud.conf new file mode 100644 index 0000000..e36549d --- /dev/null +++ b/nginx/sites-available/nextcloud.conf @@ -0,0 +1,55 @@ +server { + listen 443 ssl; + listen [::]:443 ssl http2; + server_name DOMAIN; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Allow unlimited download size + client_max_body_size 0; + + fastcgi_buffers 64 4K; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Recommended in Nextcloud overview + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + location / { + proxy_pass http://nextcloud_app_1:80/; + + proxy_pass_request_headers on; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # All recommended in security overview + proxy_set_header Referrer-Policy "no-referrer" ; + proxy_set_header X-Content-Type-Options "nosniff" ; + proxy_set_header X-Download-Options "noopen" ; + proxy_set_header X-Frame-Options "SAMEORIGIN" ; + proxy_set_header X-Permitted-Cross-Domain-Policies "none" ; + proxy_set_header X-Robots-Tag "none" ; + proxy_set_header X-XSS-Protection "1; mode=block" ; + } + + + # Needed to make CalDAV and CardDAV work properly + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } +} diff --git a/nginx/conf.d/events.conf b/nginx/templates/events.conf.template similarity index 100% rename from nginx/conf.d/events.conf rename to nginx/templates/events.conf.template diff --git a/nginx/templates/http.conf.template b/nginx/templates/http.conf.template new file mode 100644 index 0000000..5f20a03 --- /dev/null +++ b/nginx/templates/http.conf.template @@ -0,0 +1,35 @@ +http { + # SSL CONFIGURATION + # Key locations + ssl_certificate /etc/letsencrypt/live/${MAIN_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${MAIN_DOMAIN}/privkey.pem; + + # Allowed protocols + ssl_protocols TLSv1.2; + + # Allowed cyphers + # ssl_ciphers EECDH+CHACHA20:EECDH+AES; + + # Cache settings + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Still gotta figure out what these do + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; + + + # Auto-route all HTTP requests to HTTPS + server { + listen ${HTTP_PORT}; + listen [::]:${HTTP_PORT}; + server_name _; + + return 301 https://$host:${HTTPS_PORT}$request_uri; + } + + + # LOAD SITES + include sites-enabled/*.conf; +} From 38658871e538f826fe08c3f8e82c49d6ad86cb7b Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sat, 9 Jan 2021 15:23:04 +0100 Subject: [PATCH 06/16] Added nefarious & miniflux nginx configs --- nginx/sites-available/firefly-iii.conf | 2 +- nginx/sites-available/miniflux.conf | 10 +++++++ nginx/sites-available/nefarious.conf | 36 ++++++++++++++++++++++++++ nginx/sites-available/portainer.conf | 2 +- nginx/templates/http.conf.template | 10 +++---- 5 files changed, 53 insertions(+), 7 deletions(-) create mode 100644 nginx/sites-available/miniflux.conf create mode 100644 nginx/sites-available/nefarious.conf diff --git a/nginx/sites-available/firefly-iii.conf b/nginx/sites-available/firefly-iii.conf index 9a677f2..1a9f1c4 100644 --- a/nginx/sites-available/firefly-iii.conf +++ b/nginx/sites-available/firefly-iii.conf @@ -1,6 +1,6 @@ server { listen 443 ssl; - server_name PLACEHOLDER; + server_name DOMAIN; location / { proxy_set_header Host $host; diff --git a/nginx/sites-available/miniflux.conf b/nginx/sites-available/miniflux.conf new file mode 100644 index 0000000..da25654 --- /dev/null +++ b/nginx/sites-available/miniflux.conf @@ -0,0 +1,10 @@ +server { + listen 443 ssl; + server_name DOMAIN; + + location / { + resolver 127.0.0.11; + proxy_pass http://miniflux_app_1:8080; + } +} + diff --git a/nginx/sites-available/nefarious.conf b/nginx/sites-available/nefarious.conf new file mode 100644 index 0000000..0f3eed0 --- /dev/null +++ b/nginx/sites-available/nefarious.conf @@ -0,0 +1,36 @@ +server { + listen 443 ssl; + server_name DOMAIN; + + location / { + resolver 127.0.0.11; + proxy_pass http://nefarious_transmission_1:9091; + } +} + +server { + listen 443 ssl; + server_name DOMAIN; + + location / { + resolver 127.0.0.11; + proxy_pass http://nefarious_jackett_1:9117; + } +} + +server { + listen 443 ssl; + server_name DOMAIN; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + + resolver 127.0.0.11; + proxy_pass http://nefarious_app_1:80; + } +} diff --git a/nginx/sites-available/portainer.conf b/nginx/sites-available/portainer.conf index 94c9498..98b1e44 100644 --- a/nginx/sites-available/portainer.conf +++ b/nginx/sites-available/portainer.conf @@ -1,6 +1,6 @@ server { listen 443 ssl; - server_name PLACEHOLDER; + server_name DOMAIN; location / { proxy_set_header Connection "upgrade"; diff --git a/nginx/templates/http.conf.template b/nginx/templates/http.conf.template index 5f20a03..2b62f29 100644 --- a/nginx/templates/http.conf.template +++ b/nginx/templates/http.conf.template @@ -11,13 +11,13 @@ http { # ssl_ciphers EECDH+CHACHA20:EECDH+AES; # Cache settings - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; # Still gotta figure out what these do - ssl_session_tickets off; - ssl_prefer_server_ciphers on; - ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; # Auto-route all HTTP requests to HTTPS From 7965403624fe216f166bb448805ce649a8a31d33 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sat, 9 Jan 2021 15:48:30 +0100 Subject: [PATCH 07/16] Fixed small nginx mistakes --- nginx/build/Dockerfile | 3 +++ nginx/build/entrypoint.sh | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/nginx/build/Dockerfile b/nginx/build/Dockerfile index b70c34b..309ea38 100644 --- a/nginx/build/Dockerfile +++ b/nginx/build/Dockerfile @@ -9,6 +9,9 @@ RUN mkdir /var/lib/certbot COPY renew /etc/periodic/weekly/renew RUN chmod +x /etc/periodic/weekly/renew +# Default.conf file is annoying +RUN rm -rf /etc/nginx/conf.d/* + RUN /usr/sbin/crond -f -d 8 & ENTRYPOINT [ "./entrypoint.sh" ] diff --git a/nginx/build/entrypoint.sh b/nginx/build/entrypoint.sh index 14ca52a..d652550 100644 --- a/nginx/build/entrypoint.sh +++ b/nginx/build/entrypoint.sh @@ -1,4 +1,6 @@ #!/usr/bin/env sh certbot certonly --standalone -d "$MAIN_DOMAIN,$DOMAINS" --email "$EMAIL" -n --agree-tos --expand -/usr/sbin/nginx -g "daemon off;" + +# The original script handles the template subsitution +exec /docker-entrypoint.sh nginx -g "daemon off;" From f95e9f4154363866000e782c2290faf3de47e23a Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sat, 9 Jan 2021 17:02:38 +0100 Subject: [PATCH 08/16] Moved nextcloud to single config file --- nextcloud/{nc.env.example => .env.example} | 4 ++-- nextcloud/db.env.example | 3 --- nextcloud/docker-compose.yml | 10 +++++++--- 3 files changed, 9 insertions(+), 8 deletions(-) rename nextcloud/{nc.env.example => .env.example} (95%) delete mode 100644 nextcloud/db.env.example diff --git a/nextcloud/nc.env.example b/nextcloud/.env.example similarity index 95% rename from nextcloud/nc.env.example rename to nextcloud/.env.example index 76fc4c5..526887b 100644 --- a/nextcloud/nc.env.example +++ b/nextcloud/.env.example @@ -1,8 +1,8 @@ -# Database +# Database settings +POSTGRES_HOST=db POSTGRES_DB=nextcloud POSTGRES_USER=nextcloud POSTGRES_PASSWORD=pass -POSTGRES_HOST=db # Redis REDIS_HOST=redis diff --git a/nextcloud/db.env.example b/nextcloud/db.env.example deleted file mode 100644 index f622d7f..0000000 --- a/nextcloud/db.env.example +++ /dev/null @@ -1,3 +0,0 @@ -POSTGRES_DB=nextcloud -POSTGRES_USER=nextcloud -POSTGRES_PASSWORD=pass diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml index d27f50d..b287465 100644 --- a/nextcloud/docker-compose.yml +++ b/nextcloud/docker-compose.yml @@ -9,7 +9,7 @@ services: - 'db' - 'redis' env_file: - - 'nc.env' + - '.env' labels: - 'com.centurylinklabs.watchtower.enable=true' networks: @@ -27,6 +27,8 @@ services: depends_on: - 'app' + env_file: + - '.env' labels: - 'com.centurylinklabs.watchtower.enable=true' volumes: @@ -38,8 +40,10 @@ services: image: 'postgres:13-alpine' restart: 'always' - env_file: - - 'db.env' + environment: + - 'POSTGRES_DB' + - 'POSTGRES_USER' + - 'POSTGRES_PASSWORD' labels: - 'com.centurylinklabs.watchtower.enable=true' volumes: From 6849358f51d6444455ae6b72775bca61824bfa19 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 10 Jan 2021 14:50:14 +0100 Subject: [PATCH 09/16] Added koel config --- koel/.env.example | 4 ++++ koel/README.md | 15 +++++++++++++ koel/docker-compose.yml | 49 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 koel/.env.example create mode 100644 koel/README.md create mode 100644 koel/docker-compose.yml diff --git a/koel/.env.example b/koel/.env.example new file mode 100644 index 0000000..b462e61 --- /dev/null +++ b/koel/.env.example @@ -0,0 +1,4 @@ +# Database Settings +DB_USERNAME=koel +DB_PASSWORD=changeme +DB_ROOT_PASSWORD=changeme diff --git a/koel/README.md b/koel/README.md new file mode 100644 index 0000000..7fbf68e --- /dev/null +++ b/koel/README.md @@ -0,0 +1,15 @@ +# Koel +[Koel](https://github.com/koel/koel) is a self-hostable music server. + +# Initial setup +After launching the application for the first time, you have to run the initial +setup. This can be done using the following command: + +``` +docker exec -it koel_app_1 php artisan koel:init +``` + +This will ask you to configure the admin user etc. The location for the music +can be left as the default (`/music`). The command will error out after asking +this; this is normal. Even though an error occurred, the system still +initialized successfully. diff --git a/koel/docker-compose.yml b/koel/docker-compose.yml new file mode 100644 index 0000000..9701e69 --- /dev/null +++ b/koel/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3.5' + +services: + app: + image: 'hyzual/koel:latest' + restart: 'always' + + depends_on: + - 'db' + environment: + - 'DB_CONNECTION=mysql' + - 'DB_DATABASE=koel' + - 'DB_HOST=db' + - 'DB_PASSWORD' + - 'DB_USERNAME' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + networks: + - 'default' + - 'nginx' + volumes: + - 'config:/var/www/html' + - 'covers:/var/www/html/public/img/covers' + - 'music:/music' + + db: + image: 'mysql:8' + restart: 'always' + command: '--default-authentication-plugin=mysql_native_password' + + environment: + - 'MYSQL_DATABASE=koel' + - 'MYSQL_PASSWORD=$DB_PASSWORD' + - 'MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD' + - 'MYSQL_USER=$DB_USERNAME' + labels: + - 'com.centurylinklabs.watchtower.enable=true' + volumes: + - 'db-data:/var/lib/mysql' + +networks: + nginx: + external: true + +volumes: + config: + covers: + db-data: + music: From 220a56c2e21ba3074806ba48f07047cf64d3a5c8 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 10 Jan 2021 14:51:35 +0100 Subject: [PATCH 10/16] Added koel nginx config --- nginx/sites-available/koel.conf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 nginx/sites-available/koel.conf diff --git a/nginx/sites-available/koel.conf b/nginx/sites-available/koel.conf new file mode 100644 index 0000000..82832a5 --- /dev/null +++ b/nginx/sites-available/koel.conf @@ -0,0 +1,9 @@ +server { + listen 443 ssl; + server_name DOMAIN; + + location / { + resolver 127.0.0.11; + proxy_pass http://koel_app_1:80; + } +} From 16106b36e623fb0e091c8dee3699add39494bd90 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 10 Jan 2021 15:15:57 +0100 Subject: [PATCH 11/16] Added proper .env.examplej --- koel/.env.example | 145 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 141 insertions(+), 4 deletions(-) diff --git a/koel/.env.example b/koel/.env.example index b462e61..6acdd9d 100644 --- a/koel/.env.example +++ b/koel/.env.example @@ -1,4 +1,141 @@ -# Database Settings -DB_USERNAME=koel -DB_PASSWORD=changeme -DB_ROOT_PASSWORD=changeme +APP_NAME=Koel + +# Database connection name, which corresponds to the database driver. +# Possible values are: +# mysql (MySQL/MariaDB - default) +# pgsql (PostgreSQL) +# sqlsrv (Microsoft SQL Server) +# sqlite-persistent (Local sqlite file) +# IMPORTANT: This value must present for artisan koel:init command to work. +DB_CONNECTION=mysql +DB_HOST=db +DB_PORT=3306 +DB_DATABASE=koel +DB_USERNAME=koel +DB_PASSWORD=changeme + +# A random 32-char string. You can leave this empty if use php artisan koel:init. +APP_KEY= + +# Another random 32-char string. You can leave this empty if use php artisan koel:init. +JWT_SECRET= + +# Credentials and other info to be used when Koel is installed in non-interactive mode +# (php artisan koel:init --no-interaction) +# By default (interactive mode), Koel will still prompt for these information during installation, +# but provide the values here as the defaults (except ADMIN_PASSWORD, for security reason). +ADMIN_NAME="Koel Admin" +ADMIN_EMAIL=admin@koel.com +ADMIN_PASSWORD=SoSecureMuchWow +# The ABSOLUTE path to your media. This value can always be changed later via the web interface. +MEDIA_PATH=/media + + +# By default, Koel ignores dot files and folders. This greatly improves performance if your media +# root have folders like .git or .cache. If by any chance your media files are under a dot folder, +# set the following setting to false. +IGNORE_DOT_FILES=true + +APP_ENV=production +APP_DEBUG=true +# Change this is you're deploying it on a server +APP_URL=http://localhost + + +# The maximum scan time, in seconds. Increase this if you have a huge library. +# Note: This setting doesn't have effect when scanning via koel:sync. +APP_MAX_SCAN_TIME=600 + + +# The memory limit, in MB, used by the scanning process. +# For example, if you want to set a memory limit of 2048MB, enter "2048" (without +# quotes) here. +MEMORY_LIMIT= + + +# The streaming method. +# Can be either 'php' (default), 'x-sendfile', or 'x-accel-redirect' +# See https://docs.koel.dev/#streaming-music for more information. +# Note: This setting doesn't have effect if the media needs transcoding (e.g. FLAC). +STREAMING_METHOD=php + + +# If you want Koel to integrate with Last.fm, set the API details here. +# See https://docs.koel.dev/3rd-party.html#last-fm for more information +LASTFM_API_KEY= +LASTFM_API_SECRET= + + +# If you want to use Amazon S3 with Koel, fill the info here and follow the +# installation guide at https://docs.koel.dev/aws-s3.html +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= +AWS_REGION= + + +# If you want Koel to integrate with YouTube, set the API key here. +# See https://docs.koel.dev/3rd-party.html#youtube for more information. +YOUTUBE_API_KEY= + + +# You can also configure Koel to use a CDN to serve the media files. +# This url must be mapped to the home URL of your Koel's installation. +# No trailing slash, please. +CDN_URL= + + +# If you want to transcode FLAC to MP3 and stream it on the fly, make sure the +# following settings are sane. + +# The full path of ffmpeg binary. +FFMPEG_PATH=/usr/local/bin/ffmpeg + +# The bit rate of the output mp3 stream. Higher value results in better quality, +# but slower streaming and more bandwidth. +OUTPUT_BIT_RATE=128 + +# Whether to allow song downloading. +# Note that if you're downloading more than one song, Koel will zip them up +# using PHP's ZipArchive. So if the module isn't available in the current +# environment, such a download will (silently) fail. +ALLOW_DOWNLOAD=true + +# If this is set to true, the query to get artist, album, and song information will be cached. +# This can give a boost to Koel's boot time, especially if your library is huge. +# However, the cache deserialization process can be memory sensitive, so if you encounter +# errors, try setting this to false. +CACHE_MEDIA=true + + +# Koel attempts to detect if your website use HTTPS and generates secure URLs accordingly. +# If this attempts for any reason, you can force it by setting this value to true. +FORCE_HTTPS= + + +# Pusher configuration, for interesting features such as remote controlling. +PUSHER_APP_ID= +PUSHER_APP_KEY= +PUSHER_APP_SECRET= +PUSHER_APP_CLUSTER= + +SQS_PUBLIC_KEY= +SQS_SECRET_KEY= +SQS_QUEUE_PREFIX= +SQS_QUEUE_NAME= +SQS_QUEUE_REGION= + +# The variables below are Laravel-specific. +# You can change them if you know what you're doing. Otherwise, just leave them as-is. +APP_LOG_LEVEL=debug +BROADCAST_DRIVER=log +CACHE_DRIVER=file +SESSION_DRIVER=file +QUEUE_DRIVER=sync + +MAIL_DRIVER=smtp +MAIL_HOST=mailtrap.io +MAIL_PORT=2525 +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null + From 40ec4a7569225599607f39c3cf1b2d029e94c215 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 10 Jan 2021 15:16:42 +0100 Subject: [PATCH 12/16] .env now mounted in container --- koel/docker-compose.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/koel/docker-compose.yml b/koel/docker-compose.yml index 9701e69..0bcd65a 100644 --- a/koel/docker-compose.yml +++ b/koel/docker-compose.yml @@ -7,18 +7,13 @@ services: depends_on: - 'db' - environment: - - 'DB_CONNECTION=mysql' - - 'DB_DATABASE=koel' - - 'DB_HOST=db' - - 'DB_PASSWORD' - - 'DB_USERNAME' labels: - 'com.centurylinklabs.watchtower.enable=true' networks: - 'default' - 'nginx' volumes: + - './.env:/var/www/html/.env' - 'config:/var/www/html' - 'covers:/var/www/html/public/img/covers' - 'music:/music' From e8e0fb71dd065edbd388cdc1ad5a7f8106832628 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 10 Jan 2021 20:29:43 +0100 Subject: [PATCH 13/16] Updated koel config --- koel/.env.example | 2 +- koel/docker-compose.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/koel/.env.example b/koel/.env.example index 6acdd9d..d58e408 100644 --- a/koel/.env.example +++ b/koel/.env.example @@ -109,7 +109,7 @@ CACHE_MEDIA=true # Koel attempts to detect if your website use HTTPS and generates secure URLs accordingly. # If this attempts for any reason, you can force it by setting this value to true. -FORCE_HTTPS= +FORCE_HTTPS=yes # Pusher configuration, for interesting features such as remote controlling. diff --git a/koel/docker-compose.yml b/koel/docker-compose.yml index 0bcd65a..19d6e1a 100644 --- a/koel/docker-compose.yml +++ b/koel/docker-compose.yml @@ -14,7 +14,6 @@ services: - 'nginx' volumes: - './.env:/var/www/html/.env' - - 'config:/var/www/html' - 'covers:/var/www/html/public/img/covers' - 'music:/music' @@ -26,7 +25,7 @@ services: environment: - 'MYSQL_DATABASE=koel' - 'MYSQL_PASSWORD=$DB_PASSWORD' - - 'MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD' + - 'MYSQL_ROOT_PASSWORD=$DB_PASSWORD' - 'MYSQL_USER=$DB_USERNAME' labels: - 'com.centurylinklabs.watchtower.enable=true' @@ -38,7 +37,6 @@ networks: external: true volumes: - config: covers: db-data: music: From ff6f93640f688f20c19ee66f6e0d1890cc8e192e Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Mon, 11 Jan 2021 09:48:47 +0100 Subject: [PATCH 14/16] Added cron job to firefly --- firefly/{firefly.env.example => .env.example} | 0 firefly/Dockerfile | 9 +++++ firefly/db.env.example | 3 -- firefly/docker-compose.yml | 38 ++++++++++--------- 4 files changed, 30 insertions(+), 20 deletions(-) rename firefly/{firefly.env.example => .env.example} (100%) create mode 100644 firefly/Dockerfile delete mode 100644 firefly/db.env.example diff --git a/firefly/firefly.env.example b/firefly/.env.example similarity index 100% rename from firefly/firefly.env.example rename to firefly/.env.example diff --git a/firefly/Dockerfile b/firefly/Dockerfile new file mode 100644 index 0000000..7a0d78f --- /dev/null +++ b/firefly/Dockerfile @@ -0,0 +1,9 @@ +FROM jc5x/firefly-iii:latest + +# Install cron & crontab +RUN apt update && \ +apt install --no-install-recommends -y cron && \ +echo "0 */4 * * * /usr/bin/php /var/www/html/artisan firefly-iii:cron" | crontab + +# Run cron on startup +ENTRYPOINT cron && /usr/local/bin/entrypoint.sh diff --git a/firefly/db.env.example b/firefly/db.env.example deleted file mode 100644 index b291aea..0000000 --- a/firefly/db.env.example +++ /dev/null @@ -1,3 +0,0 @@ -POSTGRES_DB=firefly -POSTGRES_USER=firefly -POSTGRES_PASSWORD=password diff --git a/firefly/docker-compose.yml b/firefly/docker-compose.yml index 1ca4abf..60e5612 100644 --- a/firefly/docker-compose.yml +++ b/firefly/docker-compose.yml @@ -2,36 +2,41 @@ version: '3.3' services: app: - image: jc5x/firefly-iii:latest - restart: always + build: + context: '.' + dockerfile: './Dockerfile' + image: 'firefly-iii-cron:latest' + restart: 'always' depends_on: - - db - - redis + - 'db' + - 'redis' env_file: - - firefly.env + - '.env' labels: - 'com.centurylinklabs.watchtower.enable=true' networks: - - nginx - - default + - 'nginx' + - 'default' volumes: - - upload:/var/www/html/storage/upload + - 'upload:/var/www/html/storage/upload' db: - image: postgres:13-alpine - restart: always + image: 'postgres:13-alpine' + restart: 'always' - env_file: - - db.env + environment: + - 'POSTGRES_DB=$DB_DATABASE' + - 'POSTGRES_PASSWORD=$DB_PASSWORD' + - 'POSTGRES_USER=$DB_USERNAME' labels: - 'com.centurylinklabs.watchtower.enable=true' volumes: - - db-data:/var/lib/postgresql/data + - 'db-data:/var/lib/postgresql/data' redis: - image: redis:6-alpine - restart: always + image: 'redis:6-alpine' + restart: 'always' labels: - 'com.centurylinklabs.watchtower.enable=true' @@ -39,8 +44,7 @@ services: networks: nginx: - external: - name: nginx + external: true volumes: upload: From ed1c712b797d1a46107607ab28dc6cd549959d81 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Mon, 11 Jan 2021 10:01:03 +0100 Subject: [PATCH 15/16] Added locale-gen to firefly build --- firefly/Dockerfile | 8 ++++++-- firefly/docker-compose.yml | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/firefly/Dockerfile b/firefly/Dockerfile index 7a0d78f..29fbc3f 100644 --- a/firefly/Dockerfile +++ b/firefly/Dockerfile @@ -1,9 +1,13 @@ FROM jc5x/firefly-iii:latest -# Install cron & crontab +ARG LOCALE + +# Install cron; setup locales RUN apt update && \ apt install --no-install-recommends -y cron && \ -echo "0 */4 * * * /usr/bin/php /var/www/html/artisan firefly-iii:cron" | crontab +echo "0 */4 * * * /usr/bin/php /var/www/html/artisan firefly-iii:cron" | crontab && \ +echo "$LOCALE.UTF-8 UTF-8" >> /etc/locale.gen && \ +locale-gen # Run cron on startup ENTRYPOINT cron && /usr/local/bin/entrypoint.sh diff --git a/firefly/docker-compose.yml b/firefly/docker-compose.yml index 60e5612..719e814 100644 --- a/firefly/docker-compose.yml +++ b/firefly/docker-compose.yml @@ -5,6 +5,8 @@ services: build: context: '.' dockerfile: './Dockerfile' + args: + - 'LOCALE=$DEFAULT_LOCALE' image: 'firefly-iii-cron:latest' restart: 'always' From 6f40029a9c8bd605ef7d46679d29131f8f42402d Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Mon, 11 Jan 2021 15:20:43 +0100 Subject: [PATCH 16/16] Fixed firefly cronjob --- firefly/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firefly/Dockerfile b/firefly/Dockerfile index 29fbc3f..a9a0873 100644 --- a/firefly/Dockerfile +++ b/firefly/Dockerfile @@ -5,7 +5,7 @@ ARG LOCALE # Install cron; setup locales RUN apt update && \ apt install --no-install-recommends -y cron && \ -echo "0 */4 * * * /usr/bin/php /var/www/html/artisan firefly-iii:cron" | crontab && \ +echo "0 */4 * * * php /var/www/html/artisan firefly-iii:cron" | crontab && \ echo "$LOCALE.UTF-8 UTF-8" >> /etc/locale.gen && \ locale-gen