Chewing_Bever
/
self-hosting
Archived
1
0
Fork 0
Code Issues 10 Pull Requests 13 Projects Releases Wiki Activity

Merge branch 'master' of gitlab.com:Chewing_Bever/karaoke-server

pull/3/head
Jef Roosens 2021-01-14 16:30:41 +01:00
parent 17b8df091d 6f40029a9c
commit 5769b00c17
29 changed files with 596 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
firefly/firefly.env.example → firefly/.env.example
View File

13
firefly/Dockerfile 100644
View File

@ -0,0 +1,13 @@
FROM jc5x/firefly-iii:latest
ARG LOCALE
# Install cron; setup locales
RUN apt update && \
apt install --no-install-recommends -y cron && \
echo "0 */4 * * * php /var/www/html/artisan firefly-iii:cron" | crontab && \
echo "$LOCALE.UTF-8 UTF-8" >> /etc/locale.gen && \
locale-gen
# Run cron on startup
ENTRYPOINT cron && /usr/local/bin/entrypoint.sh

3
firefly/db.env.example
View File

@ -1,3 +0,0 @@
POSTGRES_DB=firefly
POSTGRES_USER=firefly
POSTGRES_PASSWORD=password

40
firefly/docker-compose.yml
View File

@ -2,36 +2,43 @@ version: '3.3'
services:
app:
image: jc5x/firefly-iii:latest
restart: always
build:
context: '.'
dockerfile: './Dockerfile'
args:
- 'LOCALE=$DEFAULT_LOCALE'
image: 'firefly-iii-cron:latest'
restart: 'always'
depends_on:
- db
- redis
- 'db'
- 'redis'
env_file:
- firefly.env
- '.env'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
networks:
- nginx
- default
- 'nginx'
- 'default'
volumes:
- upload:/var/www/html/storage/upload
- 'upload:/var/www/html/storage/upload'
db:
image: postgres:13-alpine
restart: always
image: 'postgres:13-alpine'
restart: 'always'
env_file:
- db.env
environment:
- 'POSTGRES_DB=$DB_DATABASE'
- 'POSTGRES_PASSWORD=$DB_PASSWORD'
- 'POSTGRES_USER=$DB_USERNAME'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
volumes:
- db-data:/var/lib/postgresql/data
- 'db-data:/var/lib/postgresql/data'
redis:
image: redis:6-alpine
restart: always
image: 'redis:6-alpine'
restart: 'always'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
@ -39,8 +46,7 @@ services:
networks:
nginx:
external:
name: nginx
external: true
volumes:
upload:

141
koel/.env.example 100644
View File

@ -0,0 +1,141 @@
APP_NAME=Koel
# Database connection name, which corresponds to the database driver.
# Possible values are:
# mysql (MySQL/MariaDB - default)
# pgsql (PostgreSQL)
# sqlsrv (Microsoft SQL Server)
# sqlite-persistent (Local sqlite file)
# IMPORTANT: This value must present for artisan koel:init command to work.
DB_CONNECTION=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=koel
DB_USERNAME=koel
DB_PASSWORD=changeme
# A random 32-char string. You can leave this empty if use php artisan koel:init.
APP_KEY=
# Another random 32-char string. You can leave this empty if use php artisan koel:init.
JWT_SECRET=
# Credentials and other info to be used when Koel is installed in non-interactive mode
# (php artisan koel:init --no-interaction)
# By default (interactive mode), Koel will still prompt for these information during installation,
# but provide the values here as the defaults (except ADMIN_PASSWORD, for security reason).
ADMIN_NAME="Koel Admin"
ADMIN_EMAIL=admin@koel.com
ADMIN_PASSWORD=SoSecureMuchWow
# The ABSOLUTE path to your media. This value can always be changed later via the web interface.
MEDIA_PATH=/media
# By default, Koel ignores dot files and folders. This greatly improves performance if your media
# root have folders like .git or .cache. If by any chance your media files are under a dot folder,
# set the following setting to false.
IGNORE_DOT_FILES=true
APP_ENV=production
APP_DEBUG=true
# Change this is you're deploying it on a server
APP_URL=http://localhost
# The maximum scan time, in seconds. Increase this if you have a huge library.
# Note: This setting doesn't have effect when scanning via koel:sync.
APP_MAX_SCAN_TIME=600
# The memory limit, in MB, used by the scanning process.
# For example, if you want to set a memory limit of 2048MB, enter "2048" (without
# quotes) here.
MEMORY_LIMIT=
# The streaming method.
# Can be either 'php' (default), 'x-sendfile', or 'x-accel-redirect'
# See https://docs.koel.dev/#streaming-music for more information.
# Note: This setting doesn't have effect if the media needs transcoding (e.g. FLAC).
STREAMING_METHOD=php
# If you want Koel to integrate with Last.fm, set the API details here.
# See https://docs.koel.dev/3rd-party.html#last-fm for more information
LASTFM_API_KEY=
LASTFM_API_SECRET=
# If you want to use Amazon S3 with Koel, fill the info here and follow the
# installation guide at https://docs.koel.dev/aws-s3.html
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_REGION=
# If you want Koel to integrate with YouTube, set the API key here.
# See https://docs.koel.dev/3rd-party.html#youtube for more information.
YOUTUBE_API_KEY=
# You can also configure Koel to use a CDN to serve the media files.
# This url must be mapped to the home URL of your Koel's installation.
# No trailing slash, please.
CDN_URL=
# If you want to transcode FLAC to MP3 and stream it on the fly, make sure the
# following settings are sane.
# The full path of ffmpeg binary.
FFMPEG_PATH=/usr/local/bin/ffmpeg
# The bit rate of the output mp3 stream. Higher value results in better quality,
# but slower streaming and more bandwidth.
OUTPUT_BIT_RATE=128
# Whether to allow song downloading.
# Note that if you're downloading more than one song, Koel will zip them up
# using PHP's ZipArchive. So if the module isn't available in the current
# environment, such a download will (silently) fail.
ALLOW_DOWNLOAD=true
# If this is set to true, the query to get artist, album, and song information will be cached.
# This can give a boost to Koel's boot time, especially if your library is huge.
# However, the cache deserialization process can be memory sensitive, so if you encounter
# errors, try setting this to false.
CACHE_MEDIA=true
# Koel attempts to detect if your website use HTTPS and generates secure URLs accordingly.
# If this attempts for any reason, you can force it by setting this value to true.
FORCE_HTTPS=yes
# Pusher configuration, for interesting features such as remote controlling.
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=
SQS_PUBLIC_KEY=
SQS_SECRET_KEY=
SQS_QUEUE_PREFIX=
SQS_QUEUE_NAME=
SQS_QUEUE_REGION=
# The variables below are Laravel-specific.
# You can change them if you know what you're doing. Otherwise, just leave them as-is.
APP_LOG_LEVEL=debug
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

15
koel/README.md 100644
View File

@ -0,0 +1,15 @@
# Koel
[Koel](https://github.com/koel/koel) is a self-hostable music server.
# Initial setup
After launching the application for the first time, you have to run the initial
setup. This can be done using the following command:
```
docker exec -it koel_app_1 php artisan koel:init
```
This will ask you to configure the admin user etc. The location for the music
can be left as the default (`/music`). The command will error out after asking
this; this is normal. Even though an error occurred, the system still
initialized successfully.

42
koel/docker-compose.yml 100644
View File

@ -0,0 +1,42 @@
version: '3.5'
services:
app:
image: 'hyzual/koel:latest'
restart: 'always'
depends_on:
- 'db'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
networks:
- 'default'
- 'nginx'
volumes:
- './.env:/var/www/html/.env'
- 'covers:/var/www/html/public/img/covers'
- 'music:/music'
db:
image: 'mysql:8'
restart: 'always'
command: '--default-authentication-plugin=mysql_native_password'
environment:
- 'MYSQL_DATABASE=koel'
- 'MYSQL_PASSWORD=$DB_PASSWORD'
- 'MYSQL_ROOT_PASSWORD=$DB_PASSWORD'
- 'MYSQL_USER=$DB_USERNAME'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
volumes:
- 'db-data:/var/lib/mysql'
networks:
nginx:
external: true
volumes:
covers:
db-data:
music:

26
miniflux/README.md
View File

@ -0,0 +1,26 @@
# Miniflux
> [Miniflux](https://miniflux.app/) is a minimalist and opinionated feed reader.
This description sums up Miniflux pretty well. It's very simple to setup and
operate, yet does exactly what it's supposed to: it manages RSS feeds.
## Environment variables
Not much configuration is required by default to get things up and running.
For the database, you have the usual PostgreSQL stuff:
* `POSTGRES_DB`: database name
* `POSTGRES_USER`: main user of the database
* `POSTGRES_PASSWORD`: password for main user
For Miniflux, I used the following defaults:
* `DATABASE_URL`: this URL defines how to connect to the database. It follows
the form
`postgres://POSTGRES_USER:POSTGRES_PASSWORD@db/POSTGRES_DB?sslmode=disable`
* `RUN_MIGRATIONS`: this lets Miniflux auto-migrate the database when needed
(this is especially useful during initial startup)
* `CREATE_ADMIN`: this allows us to create an admin account using env vars
* `ADMIN_USERNAME`: admin username
* `ADMIN_PASSWORD`: admin password
Miniflux has many other variables you can set, which you can find
[here](https://miniflux.app/docs/configuration.html).

32
nefarious/.env.example 100644
View File

@ -0,0 +1,32 @@
# Only sqlite3 works by default
DATABASE_URL=sqlite:////config/db.sqlite3
# Path to download torrents to.
# In this setup, we juse use a docker volume as the downloads aren't meant to stay on the system after being watched
# You can change this to a directory if you wish to download to the host's file system instead
HOST_DOWNLOAD_PATH=downloads
# Redis host; shouldn't be changed
REDIS_HOST=redis
# Config path for nefarious inside container; leave as is
NEFARIOUS_CONFIG_PATH=/config
# Admin user credentials
NEFARIOUS_USER=admin
NEFARIOUS_PASS=changeme
# Transmission user credentials
# These are only needed if you wish to expose the transmission server
TRANSMISSION_USER=
TRANSMISSION_PASS=
# UID and GID to run as
PUID=1000
PGID=1000
# Timezone
TZ=Europe/London
# How many worker processes celery may use; if 0, uses all cpu cores
CELERY_WORKERS=0

0
nefarious/README.md 100644
View File

108
nefarious/docker-compose.yml 100644
View File

@ -0,0 +1,108 @@
version: '3.5'
services:
# Main nefarious app
app:
image: 'lardbit/nefarious:latest'
restart: 'always'
logging:
options:
max-size: '500k'
max-file: '10'
depends_on:
- 'celery'
- 'jackett'
- 'redis'
environment:
- 'DATABASE_URL'
- 'REDIS_HOST'
- 'HOST_DOWNLOAD_PATH'
- 'NEFARIOUS_USER'
- 'NEFARIOUS_PASS'
- 'CONFIG_PATH=${NEFARIOUS_CONFIG_PATH}'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
networks:
- 'default'
- 'nginx'
volumes:
- 'config:${NEFARIOUS_CONFIG_PATH}'
# Caching
redis:
image: 'redis:6-alpine'
restart: 'always'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
# Background task queue
celery:
image: 'lardbit/nefarious:latest'
restart: 'always'
entrypoint: /env/bin/celery -A nefarious worker --concurrency $CELERY_WORKERS --beat --loglevel=INFO
logging:
options:
max-size: '500k'
max-file: '10'
depends_on:
- 'redis'
environment:
- 'DATABASE_URL'
- 'REDIS_HOST'
- 'CONFIG_PATH=${NEFARIOUS_CONFIG_PATH}'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
volumes:
- 'config:${NEFARIOUS_CONFIG_PATH}'
# Tracker searching
jackett:
image: 'linuxserver/jackett:latest'
restart: 'always'
logging:
options:
max-size: '500k'
max-file: '10'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
networks:
- 'default'
- 'nginx'
volumes:
- 'jackett-config:/config'
# Torrenting server
transmission:
image: 'linuxserver/transmission:latest'
restart: 'always'
logging:
options:
max-size: '500k'
max-file: '10'
environment:
- 'PUID'
- 'PGID'
- 'TZ'
- 'USER=${TRANSMISSION_USER}'
- 'PASS=${TRANSMISSION_PASS}'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
ports:
- '51413:51413'
- '51413:51413/udp'
volumes:
- '$HOST_DOWNLOAD_PATH:/downloads'
- './transmission_settings.json:/config/settings.json'
networks:
nginx:
external: true
volumes:
config:
downloads:
jackett-config:

10
nefarious/transmission_settings.json 100644
View File

@ -0,0 +1,10 @@
{
"download-dir": "/downloads/complete",
"incomplete-dir": "/downloads/incomplete",
"rpc-whitelist": "*",
"rpc-host-whitelist-enabled": "false",
"port-forwarding-enabled": true,
"peer-port": 51413,
"peer-port-random-on-start": false,
"peer-socket-tos": "default"
}

4
nextcloud/nc.env.example → nextcloud/.env.example
View File

@ -1,8 +1,8 @@
# Database
# Database settings
POSTGRES_HOST=db
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD=pass
POSTGRES_HOST=db
# Redis
REDIS_HOST=redis

3
nextcloud/db.env.example
View File

@ -1,3 +0,0 @@
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD=pass

10
nextcloud/docker-compose.yml
View File

@ -9,7 +9,7 @@ services:
- 'db'
- 'redis'
env_file:
- 'nc.env'
- '.env'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
networks:
@ -27,6 +27,8 @@ services:
depends_on:
- 'app'
env_file:
- '.env'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
volumes:
@ -38,8 +40,10 @@ services:
image: 'postgres:13-alpine'
restart: 'always'
env_file:
- 'db.env'
environment:
- 'POSTGRES_DB'
- 'POSTGRES_USER'
- 'POSTGRES_PASSWORD'
labels:
- 'com.centurylinklabs.watchtower.enable=true'
volumes:

12
nginx/.env.example 100644
View File

@ -0,0 +1,12 @@
# Main domain; also name of certificate
MAIN_DOMAIN=
# Comma-separated list of other domains which also arrive here
DOMAINS=
# Admin email; used for certificates
EMAIL=
# HTTP(S) Port
HTTP_PORT=80
HTTPS_PORT=443

3
nginx/build/Dockerfile
View File

@ -9,6 +9,9 @@ RUN mkdir /var/lib/certbot
COPY renew /etc/periodic/weekly/renew
RUN chmod +x /etc/periodic/weekly/renew
# Default.conf file is annoying
RUN rm -rf /etc/nginx/conf.d/*
RUN /usr/sbin/crond -f -d 8 &
ENTRYPOINT [ "./entrypoint.sh" ]

6
nginx/build/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/usr/bin/env sh
certbot certonly --standalone -d "$DOMAINS" --email "$EMAIL" -n --agree-tos --expand
/usr/sbin/nginx -g "daemon off;"
certbot certonly --standalone -d "$MAIN_DOMAIN,$DOMAINS" --email "$EMAIL" -n --agree-tos --expand
# The original script handles the template subsitution
exec /docker-entrypoint.sh nginx -g "daemon off;"

35
nginx/conf.d/http.conf
View File

@ -1,35 +0,0 @@
http {
# SSL CONFIGURATION
# Key locations
ssl_certificate /etc/letsencrypt/live/your.domain.here/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.here/privkey.pem;
# Allowed protocols
ssl_protocols TLSv1.2;
# Allowed cyphers
# ssl_ciphers EECDH+CHACHA20:EECDH+AES;
# Cache settings
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Still gotta figure out what these do
# ssl_session_tickets off;
# ssl_prefer_server_ciphers on;
# ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
# Auto-route all HTTP requests to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host:443$request_uri;
}
# LOAD SITES
include sites_enabled/*.conf;
}

17
nginx/docker-compose.yml
View File

@ -4,17 +4,22 @@ services:
build: './build'
image: 'nginx-certbot:stable-alpine'
env_file:
- 'nginx.env.example'
environment:
- 'DOMAINS'
- 'EMAIL'
- 'HTTPS_PORT'
- 'HTTP_PORT'
- 'MAIN_DOMAIN'
networks:
- 'nginx'
ports:
- '80:80'
- '443:443'
- '$HTTP_PORT:$HTTP_PORT'
- '$HTTPS_PORT:$HTTPS_PORT'
volumes:
- 'certs:/etc/letsencrypt'
- './nginx.conf:/etc/nginx/nginx.conf'
- './conf.d:/etc/nginx/conf.d'
- './sites-enabled:/etc/nginx/sites-enabled'
- './templates:/etc/nginx/templates'
- 'certs:/etc/letsencrypt'
networks:
nginx:

5
nginx/nginx.env.example
View File

@ -1,5 +0,0 @@
# Comma-separated list of domains
DOMAINS=
# Admin email; used for certificates
EMAIL=

2
nginx/sites-available/firefly-iii.conf
View File

@ -1,6 +1,6 @@
server {
listen 443 ssl;
server_name PLACEHOLDER;
server_name DOMAIN;
location / {
proxy_set_header Host $host;

9
nginx/sites-available/koel.conf 100644
View File

@ -0,0 +1,9 @@
server {
listen 443 ssl;
server_name DOMAIN;
location / {
resolver 127.0.0.11;
proxy_pass http://koel_app_1:80;
}
}

10
nginx/sites-available/miniflux.conf 100644
View File

@ -0,0 +1,10 @@
server {
listen 443 ssl;
server_name DOMAIN;
location / {
resolver 127.0.0.11;
proxy_pass http://miniflux_app_1:8080;
}
}

36
nginx/sites-available/nefarious.conf 100644
View File

@ -0,0 +1,36 @@
server {
listen 443 ssl;
server_name DOMAIN;
location / {
resolver 127.0.0.11;
proxy_pass http://nefarious_transmission_1:9091;
}
}
server {
listen 443 ssl;
server_name DOMAIN;
location / {
resolver 127.0.0.11;
proxy_pass http://nefarious_jackett_1:9117;
}
}
server {
listen 443 ssl;
server_name DOMAIN;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
resolver 127.0.0.11;
proxy_pass http://nefarious_app_1:80;
}
}

55
nginx/sites-available/nextcloud.conf 100644
View File

@ -0,0 +1,55 @@
server {
listen 443 ssl;
listen [::]:443 ssl http2;
server_name DOMAIN;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Allow unlimited download size
client_max_body_size 0;
fastcgi_buffers 64 4K;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Recommended in Nextcloud overview
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://nextcloud_app_1:80/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# All recommended in security overview
proxy_set_header Referrer-Policy "no-referrer" ;
proxy_set_header X-Content-Type-Options "nosniff" ;
proxy_set_header X-Download-Options "noopen" ;
proxy_set_header X-Frame-Options "SAMEORIGIN" ;
proxy_set_header X-Permitted-Cross-Domain-Policies "none" ;
proxy_set_header X-Robots-Tag "none" ;
proxy_set_header X-XSS-Protection "1; mode=block" ;
}
# Needed to make CalDAV and CardDAV work properly
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}

2
nginx/sites-available/portainer.conf
View File

@ -1,6 +1,6 @@
server {
listen 443 ssl;
server_name PLACEHOLDER;
server_name DOMAIN;
location / {
proxy_set_header Connection "upgrade";

0
nginx/conf.d/events.conf → nginx/templates/events.conf.template
View File

35
nginx/templates/http.conf.template 100644
View File

@ -0,0 +1,35 @@
http {
# SSL CONFIGURATION
# Key locations
ssl_certificate /etc/letsencrypt/live/${MAIN_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${MAIN_DOMAIN}/privkey.pem;
# Allowed protocols
ssl_protocols TLSv1.2;
# Allowed cyphers
# ssl_ciphers EECDH+CHACHA20:EECDH+AES;
# Cache settings
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Still gotta figure out what these do
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
# Auto-route all HTTP requests to HTTPS
server {
listen ${HTTP_PORT};
listen [::]:${HTTP_PORT};
server_name _;
return 301 https://$host:${HTTPS_PORT}$request_uri;
}
# LOAD SITES
include sites-enabled/*.conf;
}