@simplehomelab/deployrr 6.0.0-rc3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/announcement +1 -0
- package/apps/community/CONTRIBUTING.md +660 -0
- package/apps/community/apps.json +6 -0
- package/apps/core/apps.json +16 -0
- package/apps/core/authelia/authelia-redis.yml +24 -0
- package/apps/core/authelia/compose.yml +45 -0
- package/apps/core/authelia/files/chain-authelia.yml +8 -0
- package/apps/core/authelia/files/configuration.yml +100 -0
- package/apps/core/authelia/files/middlewares-authelia.yml +9 -0
- package/apps/core/authelia/files/users.yml +15 -0
- package/apps/core/authelia/manifest.json +156 -0
- package/apps/core/authentik/authentik-postgresql.yml +26 -0
- package/apps/core/authentik/authentik-worker.yml +37 -0
- package/apps/core/authentik/compose.yml +51 -0
- package/apps/core/authentik/files/chain-authentik.yml +8 -0
- package/apps/core/authentik/files/middlewares-authentik.yml +19 -0
- package/apps/core/authentik/manifest.json +117 -0
- package/apps/core/crowdsec/compose.yml +23 -0
- package/apps/core/crowdsec/files/acquis-traefik.yaml +4 -0
- package/apps/core/crowdsec/files/acquis.yaml +8 -0
- package/apps/core/crowdsec/files/crowdsec-firewall-bouncer.yaml +46 -0
- package/apps/core/crowdsec/files/custom-whitelists.yaml +13 -0
- package/apps/core/crowdsec/manifest.json +87 -0
- package/apps/core/crowdsec-firewall-bouncer/manifest.json +85 -0
- package/apps/core/deployrr/jokes_and_tips.txt +58 -0
- package/apps/core/deployrr-dashboard/compose.yml +23 -0
- package/apps/core/deployrr-dashboard/files/bookmarks.yaml +51 -0
- package/apps/core/deployrr-dashboard/files/deployrr_icon.ico +0 -0
- package/apps/core/deployrr-dashboard/files/deployrr_icon.png +0 -0
- package/apps/core/deployrr-dashboard/files/docker.yaml +10 -0
- package/apps/core/deployrr-dashboard/files/service-template-other.yaml +10 -0
- package/apps/core/deployrr-dashboard/files/service-template-web-local.yaml +10 -0
- package/apps/core/deployrr-dashboard/files/service-template-web-remote.yaml +10 -0
- package/apps/core/deployrr-dashboard/files/services.yaml +18 -0
- package/apps/core/deployrr-dashboard/files/settings.yaml +13 -0
- package/apps/core/deployrr-dashboard/files/widgets.yaml +20 -0
- package/apps/core/deployrr-dashboard/manifest.json +133 -0
- package/apps/core/npm/compose.yml +40 -0
- package/apps/core/npm/manifest.json +60 -0
- package/apps/core/oauth/compose.yml +38 -0
- package/apps/core/oauth/files/chain-oauth.yml +8 -0
- package/apps/core/oauth/files/middlewares-oauth.yml +8 -0
- package/apps/core/oauth/files/oauth-secrets-template +3 -0
- package/apps/core/oauth/manifest.json +58 -0
- package/apps/core/socket-proxy/compose.yml +54 -0
- package/apps/core/socket-proxy/manifest.json +62 -0
- package/apps/core/system/bash-aliases/udms_bash_aliases +229 -0
- package/apps/core/system/bash-aliases/udms_bashrc +5 -0
- package/apps/core/system/docker/custom.yml +4 -0
- package/apps/core/system/docker/starter.yml +25 -0
- package/apps/core/system/rclone/compose.yml +28 -0
- package/apps/core/system/rclone/rclone-mount-template.service +43 -0
- package/apps/core/system/rclone/rclone-template.conf +6 -0
- package/apps/core/system/rclone/start-media-after-boot.service +9 -0
- package/apps/core/system/rclone/start-media-after-boot.sh +57 -0
- package/apps/core/tinyauth/compose.yml +47 -0
- package/apps/core/tinyauth/files/chain-tinyauth.yml +8 -0
- package/apps/core/tinyauth/files/middlewares-tinyauth.yml +10 -0
- package/apps/core/tinyauth/manifest.json +70 -0
- package/apps/core/traefik/compose.yml +106 -0
- package/apps/core/traefik/files/app-http-bypass-template.yml +31 -0
- package/apps/core/traefik/files/app-http-template.yml +18 -0
- package/apps/core/traefik/files/app-https-ssc-bypass-template.yml +36 -0
- package/apps/core/traefik/files/app-https-ssc-template.yml +23 -0
- package/apps/core/traefik/files/chain-basic-auth.yml +9 -0
- package/apps/core/traefik/files/chain-nextcloud.yml +8 -0
- package/apps/core/traefik/files/chain-no-auth.yml +8 -0
- package/apps/core/traefik/files/domain-passthrough-template.yml +15 -0
- package/apps/core/traefik/files/labels-auth-bypass-template.yml +6 -0
- package/apps/core/traefik/files/labels-template.yml +10 -0
- package/apps/core/traefik/files/middlewares-basic-auth.yml +9 -0
- package/apps/core/traefik/files/middlewares-buffering.yml +9 -0
- package/apps/core/traefik/files/middlewares-compress.yml +4 -0
- package/apps/core/traefik/files/middlewares-crowdsec-bouncer.yml +13 -0
- package/apps/core/traefik/files/middlewares-nextcloud.yml +35 -0
- package/apps/core/traefik/files/middlewares-rate-limit.yml +6 -0
- package/apps/core/traefik/files/middlewares-secure-headers.yml +26 -0
- package/apps/core/traefik/files/t2_proxy_network.yml +8 -0
- package/apps/core/traefik/files/tls-opts.yml +19 -0
- package/apps/core/traefik/files/traefik-static-config-example.yml +97 -0
- package/apps/core/traefik/files/traefik.yml +123 -0
- package/apps/core/traefik/files/traefik_global_secrets_template.yml +4 -0
- package/apps/core/traefik/files/traefik_proxy_network.yml +8 -0
- package/apps/core/traefik/manifest.json +70 -0
- package/apps/manifest-schema.json +760 -0
- package/apps/official/adminer/compose.yml +14 -0
- package/apps/official/adminer/manifest.json +65 -0
- package/apps/official/airsonic-advanced/compose.yml +26 -0
- package/apps/official/airsonic-advanced/manifest.json +78 -0
- package/apps/official/apps.json +146 -0
- package/apps/official/audiobookshelf/compose.yml +20 -0
- package/apps/official/audiobookshelf/manifest.json +65 -0
- package/apps/official/autobrr/autobrr-postgresql.yml +24 -0
- package/apps/official/autobrr/compose.yml +27 -0
- package/apps/official/autobrr/manifest.json +101 -0
- package/apps/official/baikal/compose.yml +17 -0
- package/apps/official/baikal/manifest.json +65 -0
- package/apps/official/bazarr/compose.yml +23 -0
- package/apps/official/bazarr/manifest.json +65 -0
- package/apps/official/beets/compose.yml +24 -0
- package/apps/official/beets/manifest.json +65 -0
- package/apps/official/bookstack/bookstack-mariadb.yml +26 -0
- package/apps/official/bookstack/compose.yml +31 -0
- package/apps/official/bookstack/manifest.json +113 -0
- package/apps/official/boxarr/compose.yml +18 -0
- package/apps/official/boxarr/manifest.json +65 -0
- package/apps/official/cadvisor/compose.yml +23 -0
- package/apps/official/cadvisor/files/pre-install.sh +10 -0
- package/apps/official/cadvisor/manifest.json +69 -0
- package/apps/official/calibre/compose.yml +27 -0
- package/apps/official/calibre/manifest.json +87 -0
- package/apps/official/calibre-web/compose.yml +23 -0
- package/apps/official/calibre-web/manifest.json +74 -0
- package/apps/official/change-detection/compose.yml +22 -0
- package/apps/official/change-detection/manifest.json +65 -0
- package/apps/official/chromium/compose.yml +25 -0
- package/apps/official/chromium/manifest.json +82 -0
- package/apps/official/cleanuparr/compose.yml +30 -0
- package/apps/official/cleanuparr/manifest.json +65 -0
- package/apps/official/cloud-commander/compose.yml +24 -0
- package/apps/official/cloud-commander/manifest.json +65 -0
- package/apps/official/cloudflare-tunnel/compose.yml +26 -0
- package/apps/official/cloudflare-tunnel/files/pre-install.sh +7 -0
- package/apps/official/cloudflare-tunnel/manifest.json +70 -0
- package/apps/official/cyberchef/compose.yml +14 -0
- package/apps/official/cyberchef/manifest.json +65 -0
- package/apps/official/dashy/compose.yml +27 -0
- package/apps/official/dashy/files/starter-conf.yml +45 -0
- package/apps/official/dashy/manifest.json +72 -0
- package/apps/official/ddns-updater/compose.yml +28 -0
- package/apps/official/ddns-updater/files/config.json +14 -0
- package/apps/official/ddns-updater/files/pre-install.sh +18 -0
- package/apps/official/ddns-updater/manifest.json +71 -0
- package/apps/official/deunhealth/compose.yml +17 -0
- package/apps/official/deunhealth/manifest.json +46 -0
- package/apps/official/digikam/compose.yml +23 -0
- package/apps/official/digikam/manifest.json +85 -0
- package/apps/official/dispatcharr/compose.yml +39 -0
- package/apps/official/dispatcharr/manifest.json +86 -0
- package/apps/official/docker-gc/compose.yml +25 -0
- package/apps/official/docker-gc/files/docker-gc-exclude +9 -0
- package/apps/official/docker-gc/files/pre-install.sh +22 -0
- package/apps/official/docker-gc/manifest.json +54 -0
- package/apps/official/dockhand/compose.yml +24 -0
- package/apps/official/dockhand/dockhand-postgresql.yml +24 -0
- package/apps/official/dockhand/manifest.json +105 -0
- package/apps/official/dockpeek/compose.yml +20 -0
- package/apps/official/dockpeek/manifest.json +95 -0
- package/apps/official/dockwatch/compose.yml +31 -0
- package/apps/official/dockwatch/manifest.json +65 -0
- package/apps/official/dokuwiki/compose.yml +21 -0
- package/apps/official/dokuwiki/manifest.json +81 -0
- package/apps/official/double-commander/compose.yml +26 -0
- package/apps/official/double-commander/manifest.json +83 -0
- package/apps/official/dozzle/compose.yml +23 -0
- package/apps/official/dozzle/manifest.json +65 -0
- package/apps/official/dozzle-agent/compose.yml +26 -0
- package/apps/official/dozzle-agent/manifest.json +71 -0
- package/apps/official/dweebui/compose.yml +21 -0
- package/apps/official/dweebui/manifest.json +81 -0
- package/apps/official/emby/compose.yml +29 -0
- package/apps/official/emby/manifest.json +98 -0
- package/apps/official/esphome/compose.yml +20 -0
- package/apps/official/esphome/manifest.json +65 -0
- package/apps/official/filezilla/compose.yml +23 -0
- package/apps/official/filezilla/manifest.json +82 -0
- package/apps/official/flame/compose.yml +21 -0
- package/apps/official/flame/manifest.json +73 -0
- package/apps/official/flaresolverr/compose.yml +19 -0
- package/apps/official/flaresolverr/manifest.json +75 -0
- package/apps/official/flowise/compose.yml +46 -0
- package/apps/official/flowise/flowise-postgresql.yml +24 -0
- package/apps/official/flowise/flowise-redis.yml +23 -0
- package/apps/official/flowise/manifest.json +125 -0
- package/apps/official/freshrss/compose.yml +20 -0
- package/apps/official/freshrss/manifest.json +65 -0
- package/apps/official/funkwhale/compose.yml +24 -0
- package/apps/official/funkwhale/files/post-install.sh +8 -0
- package/apps/official/funkwhale/manifest.json +69 -0
- package/apps/official/gamevault/compose.yml +26 -0
- package/apps/official/gamevault/gamevault-postgresql.yml +24 -0
- package/apps/official/gamevault/manifest.json +101 -0
- package/apps/official/glances/compose.yml +26 -0
- package/apps/official/glances/files/glances.conf +771 -0
- package/apps/official/glances/manifest.json +72 -0
- package/apps/official/gluetun/compose.yml +33 -0
- package/apps/official/gluetun/files/post-install.sh +78 -0
- package/apps/official/gluetun/manifest.json +88 -0
- package/apps/official/gonic/compose.yml +26 -0
- package/apps/official/gonic/manifest.json +78 -0
- package/apps/official/gptwol/compose.yml +23 -0
- package/apps/official/gptwol/manifest.json +81 -0
- package/apps/official/grafana/compose.yml +19 -0
- package/apps/official/grafana/manifest.json +81 -0
- package/apps/official/grocy/compose.yml +20 -0
- package/apps/official/grocy/manifest.json +74 -0
- package/apps/official/guacamole/compose.yml +26 -0
- package/apps/official/guacamole/guacamole-mariadb.yml +26 -0
- package/apps/official/guacamole/guacd.yml +12 -0
- package/apps/official/guacamole/hooks/post-install.sh +60 -0
- package/apps/official/guacamole/manifest.json +131 -0
- package/apps/official/heimdall/compose.yml +20 -0
- package/apps/official/heimdall/manifest.json +65 -0
- package/apps/official/homarr/compose.yml +22 -0
- package/apps/official/homarr/manifest.json +73 -0
- package/apps/official/homebridge/compose.yml +13 -0
- package/apps/official/homebridge/manifest.json +66 -0
- package/apps/official/homepage/compose.yml +22 -0
- package/apps/official/homepage/manifest.json +65 -0
- package/apps/official/homer/compose.yml +20 -0
- package/apps/official/homer/manifest.json +65 -0
- package/apps/official/immich/compose.yml +35 -0
- package/apps/official/immich/immich-machine-learning.yml +21 -0
- package/apps/official/immich/immich-postgresql.yml +30 -0
- package/apps/official/immich/immich-redis.yml +23 -0
- package/apps/official/immich/manifest.json +135 -0
- package/apps/official/influxdb/compose.yml +17 -0
- package/apps/official/influxdb/manifest.json +65 -0
- package/apps/official/it-tools/compose.yml +14 -0
- package/apps/official/it-tools/manifest.json +65 -0
- package/apps/official/jackett/compose.yml +21 -0
- package/apps/official/jackett/manifest.json +65 -0
- package/apps/official/jellyfin/compose.yml +27 -0
- package/apps/official/jellyfin/manifest.json +89 -0
- package/apps/official/jellyseerr/compose.yml +19 -0
- package/apps/official/jellyseerr/manifest.json +65 -0
- package/apps/official/kasm/compose.yml +27 -0
- package/apps/official/kasm/manifest.json +115 -0
- package/apps/official/kavita/compose.yml +21 -0
- package/apps/official/kavita/manifest.json +65 -0
- package/apps/official/kometa/compose.yml +23 -0
- package/apps/official/kometa/manifest.json +56 -0
- package/apps/official/komga/compose.yml +22 -0
- package/apps/official/komga/manifest.json +65 -0
- package/apps/official/langfuse/compose.yml +64 -0
- package/apps/official/langfuse/files/pre-install.sh +178 -0
- package/apps/official/langfuse/langfuse-clickhouse.yml +25 -0
- package/apps/official/langfuse/langfuse-minio.yml +25 -0
- package/apps/official/langfuse/langfuse-postgresql.yml +26 -0
- package/apps/official/langfuse/langfuse-redis.yml +22 -0
- package/apps/official/langfuse/langfuse-worker.yml +50 -0
- package/apps/official/langfuse/manifest.json +201 -0
- package/apps/official/lidarr/compose.yml +25 -0
- package/apps/official/lidarr/manifest.json +65 -0
- package/apps/official/lollypop/compose.yml +26 -0
- package/apps/official/lollypop/manifest.json +83 -0
- package/apps/official/maintainerr/compose.yml +20 -0
- package/apps/official/maintainerr/manifest.json +72 -0
- package/apps/official/mariadb/compose.yml +27 -0
- package/apps/official/mariadb/manifest.json +74 -0
- package/apps/official/mosquitto/compose.yml +24 -0
- package/apps/official/mosquitto/files/mosquitto.conf +15 -0
- package/apps/official/mosquitto/files/passwd +0 -0
- package/apps/official/mosquitto/files/post-install.sh +23 -0
- package/apps/official/mosquitto/manifest.json +123 -0
- package/apps/official/mqttx-web/compose.yml +14 -0
- package/apps/official/mqttx-web/manifest.json +74 -0
- package/apps/official/mylar3/compose.yml +22 -0
- package/apps/official/mylar3/manifest.json +65 -0
- package/apps/official/n8n/compose.yml +29 -0
- package/apps/official/n8n/files/pre-install.sh +26 -0
- package/apps/official/n8n/manifest.json +103 -0
- package/apps/official/n8n/n8n-postgresql.yml +26 -0
- package/apps/official/navidrome/compose.yml +26 -0
- package/apps/official/navidrome/manifest.json +65 -0
- package/apps/official/netdata/compose.yml +28 -0
- package/apps/official/netdata/manifest.json +66 -0
- package/apps/official/nextcloud/compose.yml +38 -0
- package/apps/official/nextcloud/manifest.json +159 -0
- package/apps/official/nextcloud/nextcloud-mariadb.yml +29 -0
- package/apps/official/nextcloud/nextcloud-redis.yml +20 -0
- package/apps/official/node-exporter/compose.yml +23 -0
- package/apps/official/node-exporter/manifest.json +65 -0
- package/apps/official/node-red/compose.yml +16 -0
- package/apps/official/node-red/manifest.json +72 -0
- package/apps/official/notifiarr/compose.yml +23 -0
- package/apps/official/notifiarr/manifest.json +75 -0
- package/apps/official/nzbget/compose.yml +23 -0
- package/apps/official/nzbget/manifest.json +74 -0
- package/apps/official/ollama/compose.yml +17 -0
- package/apps/official/ollama/manifest.json +85 -0
- package/apps/official/ombi/compose.yml +21 -0
- package/apps/official/ombi/manifest.json +65 -0
- package/apps/official/open-webui/compose.yml +21 -0
- package/apps/official/open-webui/manifest.json +75 -0
- package/apps/official/openhands/compose.yml +23 -0
- package/apps/official/openhands/manifest.json +65 -0
- package/apps/official/organizr/compose.yml +19 -0
- package/apps/official/organizr/manifest.json +78 -0
- package/apps/official/overseerr/compose.yml +20 -0
- package/apps/official/overseerr/manifest.json +65 -0
- package/apps/official/paperless-ai/compose.yml +16 -0
- package/apps/official/paperless-ai/manifest.json +74 -0
- package/apps/official/paperless-ngx/compose.yml +51 -0
- package/apps/official/paperless-ngx/gotenberg.yml +18 -0
- package/apps/official/paperless-ngx/manifest.json +179 -0
- package/apps/official/paperless-ngx/paperless-ngx-mariadb.yml +26 -0
- package/apps/official/paperless-ngx/paperless-ngx-redis.yml +23 -0
- package/apps/official/paperless-ngx/tika.yml +12 -0
- package/apps/official/pdfding/compose.yml +32 -0
- package/apps/official/pdfding/files/post-install.sh +55 -0
- package/apps/official/pdfding/manifest.json +120 -0
- package/apps/official/pdfding/pdfding-postgresql.yml +24 -0
- package/apps/official/pgadmin/compose.yml +17 -0
- package/apps/official/pgadmin/manifest.json +80 -0
- package/apps/official/phpmyadmin/compose.yml +22 -0
- package/apps/official/phpmyadmin/manifest.json +65 -0
- package/apps/official/pihole/compose.yml +41 -0
- package/apps/official/pihole/manifest.json +89 -0
- package/apps/official/piwigo/compose.yml +22 -0
- package/apps/official/piwigo/manifest.json +65 -0
- package/apps/official/plex/compose.yml +39 -0
- package/apps/official/plex/files/pre-install.sh +24 -0
- package/apps/official/plex/manifest.json +109 -0
- package/apps/official/portainer/compose.yml +22 -0
- package/apps/official/portainer/manifest.json +91 -0
- package/apps/official/postgresql/compose.yml +28 -0
- package/apps/official/postgresql/manifest.json +89 -0
- package/apps/official/privatebin/compose.yml +20 -0
- package/apps/official/privatebin/files/conf.php +90 -0
- package/apps/official/privatebin/manifest.json +82 -0
- package/apps/official/projectsend/compose.yml +21 -0
- package/apps/official/projectsend/manifest.json +72 -0
- package/apps/official/prometheus/compose.yml +25 -0
- package/apps/official/prometheus/files/prometheus.yml +3 -0
- package/apps/official/prometheus/manifest.json +79 -0
- package/apps/official/prowlarr/compose.yml +22 -0
- package/apps/official/prowlarr/manifest.json +65 -0
- package/apps/official/pulse/compose.yml +28 -0
- package/apps/official/pulse/files/post-install.sh +29 -0
- package/apps/official/pulse/manifest.json +78 -0
- package/apps/official/qbittorrent/compose.yml +22 -0
- package/apps/official/qbittorrent/files/pre-install.sh +5 -0
- package/apps/official/qbittorrent/files/qBittorrent.conf +39 -0
- package/apps/official/qbittorrent/manifest.json +96 -0
- package/apps/official/qbittorrent-vpn/compose.yml +26 -0
- package/apps/official/qbittorrent-vpn/files/post-install.sh +52 -0
- package/apps/official/qbittorrent-vpn/files/pre-install.sh +10 -0
- package/apps/official/qbittorrent-vpn/files/qBittorrent.conf +39 -0
- package/apps/official/qbittorrent-vpn/manifest.json +108 -0
- package/apps/official/qdrant/compose.yml +15 -0
- package/apps/official/qdrant/manifest.json +82 -0
- package/apps/official/radarr/compose.yml +25 -0
- package/apps/official/radarr/manifest.json +65 -0
- package/apps/official/redis/compose.yml +26 -0
- package/apps/official/redis/manifest.json +73 -0
- package/apps/official/redis-commander/compose.yml +20 -0
- package/apps/official/redis-commander/manifest.json +65 -0
- package/apps/official/remmina/compose.yml +23 -0
- package/apps/official/remmina/manifest.json +84 -0
- package/apps/official/resilio-sync/compose.yml +23 -0
- package/apps/official/resilio-sync/manifest.json +74 -0
- package/apps/official/sabnzbd/compose.yml +23 -0
- package/apps/official/sabnzbd/files/post-install.sh +35 -0
- package/apps/official/sabnzbd/manifest.json +75 -0
- package/apps/official/scrutiny/compose.yml +25 -0
- package/apps/official/scrutiny/manifest.json +113 -0
- package/apps/official/scrutiny/scrutiny-influxdb.yml +28 -0
- package/apps/official/searxng/compose.yml +28 -0
- package/apps/official/searxng/files/limiter.toml +6 -0
- package/apps/official/searxng/files/pre-install.sh +25 -0
- package/apps/official/searxng/files/settings.yml +8 -0
- package/apps/official/searxng/manifest.json +88 -0
- package/apps/official/searxng/searxng-valkey.yml +26 -0
- package/apps/official/shellinabox/manifest.json +68 -0
- package/apps/official/smokeping/compose.yml +21 -0
- package/apps/official/smokeping/manifest.json +65 -0
- package/apps/official/sonarr/compose.yml +25 -0
- package/apps/official/sonarr/manifest.json +65 -0
- package/apps/official/speedtest-tracker/compose.yml +30 -0
- package/apps/official/speedtest-tracker/manifest.json +119 -0
- package/apps/official/speedtest-tracker/speedtest-tracker-mariadb.yml +24 -0
- package/apps/official/sshwifty/compose.yml +17 -0
- package/apps/official/sshwifty/files/pre-install.sh +34 -0
- package/apps/official/sshwifty/files/sshwifty.conf.json +36 -0
- package/apps/official/sshwifty/manifest.json +101 -0
- package/apps/official/stirling-pdf/compose.yml +23 -0
- package/apps/official/stirling-pdf/manifest.json +65 -0
- package/apps/official/supabase/compose.yml +39 -0
- package/apps/official/supabase/files/pre-install.sh +201 -0
- package/apps/official/supabase/files/volumes/api/kong.yml +221 -0
- package/apps/official/supabase/files/volumes/db/_supabase.sql +3 -0
- package/apps/official/supabase/files/volumes/db/jwt.sql +5 -0
- package/apps/official/supabase/files/volumes/db/logs.sql +6 -0
- package/apps/official/supabase/files/volumes/db/pooler.sql +6 -0
- package/apps/official/supabase/files/volumes/db/realtime.sql +4 -0
- package/apps/official/supabase/files/volumes/db/roles.sql +8 -0
- package/apps/official/supabase/files/volumes/db/webhooks.sql +208 -0
- package/apps/official/supabase/files/volumes/functions/hello/index.ts +6 -0
- package/apps/official/supabase/files/volumes/functions/main/index.ts +93 -0
- package/apps/official/supabase/files/volumes/logs/vector.yml +266 -0
- package/apps/official/supabase/files/volumes/pooler/pooler.exs +30 -0
- package/apps/official/supabase/manifest.json +327 -0
- package/apps/official/supabase/supabase-analytics.yml +32 -0
- package/apps/official/supabase/supabase-auth.yml +34 -0
- package/apps/official/supabase/supabase-db.yml +42 -0
- package/apps/official/supabase/supabase-functions.yml +24 -0
- package/apps/official/supabase/supabase-imgproxy.yml +25 -0
- package/apps/official/supabase/supabase-kong.yml +30 -0
- package/apps/official/supabase/supabase-meta.yml +20 -0
- package/apps/official/supabase/supabase-pooler.yml +45 -0
- package/apps/official/supabase/supabase-realtime.yml +42 -0
- package/apps/official/supabase/supabase-rest.yml +21 -0
- package/apps/official/supabase/supabase-storage.yml +36 -0
- package/apps/official/supabase/supabase-vector.yml +23 -0
- package/apps/official/tailscale/compose.yml +23 -0
- package/apps/official/tailscale/manifest.json +65 -0
- package/apps/official/tautulli/compose.yml +21 -0
- package/apps/official/tautulli/files/pre-install.sh +9 -0
- package/apps/official/tautulli/manifest.json +69 -0
- package/apps/official/termix/compose.yml +18 -0
- package/apps/official/termix/manifest.json +65 -0
- package/apps/official/teslamate/teslamate-grafana.yml +22 -0
- package/apps/official/teslamate/teslamate-mosquitto.yml +27 -0
- package/apps/official/teslamate/teslamate-pgsql.yml +24 -0
- package/apps/official/teslamate/teslamate.yml +27 -0
- package/apps/official/thelounge/compose.yml +20 -0
- package/apps/official/thelounge/manifest.json +65 -0
- package/apps/official/theme-park/compose.yml +21 -0
- package/apps/official/theme-park/manifest.json +74 -0
- package/apps/official/traefik-access-log/compose.yml +14 -0
- package/apps/official/traefik-access-log/manifest.json +59 -0
- package/apps/official/traefik-certs-dumper/compose.yml +18 -0
- package/apps/official/traefik-certs-dumper/manifest.json +56 -0
- package/apps/official/traefik-error-log/compose.yml +14 -0
- package/apps/official/traefik-error-log/manifest.json +59 -0
- package/apps/official/transmission/compose.yml +33 -0
- package/apps/official/transmission/manifest.json +90 -0
- package/apps/official/trilium/compose.yml +19 -0
- package/apps/official/trilium/manifest.json +65 -0
- package/apps/official/uptime-kuma/compose.yml +17 -0
- package/apps/official/uptime-kuma/manifest.json +65 -0
- package/apps/official/vaultwarden/compose.yml +20 -0
- package/apps/official/vaultwarden/files/pre-install.sh +27 -0
- package/apps/official/vaultwarden/manifest.json +86 -0
- package/apps/official/vikunja/compose.yml +30 -0
- package/apps/official/vikunja/manifest.json +123 -0
- package/apps/official/vikunja/vikunja-mariadb.yml +26 -0
- package/apps/official/viniplay/compose.yml +18 -0
- package/apps/official/viniplay/files/pre-install.sh +9 -0
- package/apps/official/viniplay/manifest.json +63 -0
- package/apps/official/vscode/compose.yml +28 -0
- package/apps/official/vscode/manifest.json +65 -0
- package/apps/official/wallos/compose.yml +19 -0
- package/apps/official/wallos/manifest.json +65 -0
- package/apps/official/weaviate/compose.yml +28 -0
- package/apps/official/weaviate/manifest.json +82 -0
- package/apps/official/wg-easy/compose.yml +31 -0
- package/apps/official/wg-easy/files/post-install.sh +32 -0
- package/apps/official/wg-easy/manifest.json +118 -0
- package/apps/official/wikidocs/compose.yml +19 -0
- package/apps/official/wikidocs/manifest.json +65 -0
- package/apps/official/wud/compose.yml +22 -0
- package/apps/official/wud/manifest.json +74 -0
- package/apps/official/xpipe-webtop/compose.yml +21 -0
- package/apps/official/xpipe-webtop/manifest.json +83 -0
- package/apps/official/zerotier/compose.yml +17 -0
- package/apps/official/zerotier/files/post-install.sh +23 -0
- package/apps/official/zerotier/manifest.json +78 -0
- package/apps/unofficial/9router/compose.yml +30 -0
- package/apps/unofficial/9router/files/oauth-fix.patch +32 -0
- package/apps/unofficial/9router/files/pre-install.sh +87 -0
- package/apps/unofficial/9router/manifest.json +144 -0
- package/apps/unofficial/openclaw/Dockerfile.full +79 -0
- package/apps/unofficial/openclaw/compose.yml +60 -0
- package/apps/unofficial/openclaw/files/post-install.sh +316 -0
- package/apps/unofficial/openclaw/files/pre-install.sh +174 -0
- package/apps/unofficial/openclaw/manifest.json +178 -0
- package/apps/version_pins +67 -0
- package/bin/deployrr-init.sh +49 -0
- package/latest-version +1 -0
- package/package.json +21 -0
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
services:
|
|
2
|
+
# TinyAuth - Self-Hosted Single Sign-On, 2-FA, and TOTP
|
|
3
|
+
# Version: v5 (upgraded from v4)
|
|
4
|
+
# Migration: https://tinyauth.app/docs/breaking-updates/4-to-5/
|
|
5
|
+
tinyauth:
|
|
6
|
+
container_name: tinyauth
|
|
7
|
+
image: ghcr.io/steveiliop56/tinyauth:${TINYAUTH_VERSION_PIN}
|
|
8
|
+
security_opt:
|
|
9
|
+
- no-new-privileges:true
|
|
10
|
+
restart: unless-stopped
|
|
11
|
+
profiles: ["core", "all"]
|
|
12
|
+
networks:
|
|
13
|
+
- default
|
|
14
|
+
- traefik_proxy
|
|
15
|
+
# ports:
|
|
16
|
+
# - "$TINYAUTH_PORT:3000"
|
|
17
|
+
volumes:
|
|
18
|
+
- $DOCKERDIR/appdata/tinyauth/users_file:/tinyauth/users_file
|
|
19
|
+
- $DOCKERDIR/appdata/tinyauth/data:/data # SQLite database for sessions
|
|
20
|
+
environment:
|
|
21
|
+
# v5: All env vars now use TINYAUTH_<SECTION>_<KEY> format
|
|
22
|
+
# v5: SECRET/SECRET_FILE removed — session key is auto-generated in SQLite DB
|
|
23
|
+
- TINYAUTH_APPURL=https://tinyauth.$DOMAINNAME_1
|
|
24
|
+
- TINYAUTH_AUTH_USERSFILE=/tinyauth/users_file
|
|
25
|
+
- TINYAUTH_LOG_LEVEL=info # Valid: trace/debug/info/warn/error/fatal/panic
|
|
26
|
+
- TINYAUTH_AUTH_LOGINMAXRETRIES=3
|
|
27
|
+
- TINYAUTH_AUTH_LOGINTIMEOUT=300
|
|
28
|
+
# OAuth providers use TINYAUTH_OAUTH_PROVIDERS_[PROVIDER]_* format in v5
|
|
29
|
+
# Google and GitHub auto-fill URLs/scopes - only ID and secret needed
|
|
30
|
+
# See: https://tinyauth.app/docs/breaking-updates/4-to-5/
|
|
31
|
+
# Google OAuth (uncomment to enable)
|
|
32
|
+
# - TINYAUTH_OAUTH_PROVIDERS_GOOGLE_CLIENTID=$GOOGLE_CLIENT_ID
|
|
33
|
+
# - TINYAUTH_OAUTH_PROVIDERS_GOOGLE_CLIENTSECRET=$GOOGLE_CLIENT_SECRET
|
|
34
|
+
# GitHub OAuth (uncomment to enable)
|
|
35
|
+
# - TINYAUTH_OAUTH_PROVIDERS_GITHUB_CLIENTID=$GITHUB_CLIENT_ID
|
|
36
|
+
# - TINYAUTH_OAUTH_PROVIDERS_GITHUB_CLIENTSECRET=$GITHUB_CLIENT_SECRET
|
|
37
|
+
labels:
|
|
38
|
+
- "traefik.enable=true"
|
|
39
|
+
## HTTP Routers
|
|
40
|
+
- "traefik.http.routers.tinyauth-rtr.entrypoints=websecure-internal,websecure-external"
|
|
41
|
+
- "traefik.http.routers.tinyauth-rtr.rule=Host(`tinyauth.$DOMAINNAME_1`)"
|
|
42
|
+
## Middlewares
|
|
43
|
+
- "traefik.http.routers.tinyauth-rtr.middlewares=chain-no-auth@file"
|
|
44
|
+
## HTTP Services
|
|
45
|
+
- "traefik.http.routers.tinyauth-rtr.service=tinyauth-svc"
|
|
46
|
+
- "traefik.http.services.tinyauth-svc.loadbalancer.server.port=3000"
|
|
47
|
+
# DOCKER-LABELS-PLACEHOLDER
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../../../manifest-schema.json",
|
|
3
|
+
"version": "1.1",
|
|
4
|
+
|
|
5
|
+
"app": {
|
|
6
|
+
"sname": "tinyauth",
|
|
7
|
+
"pname": "TinyAuth",
|
|
8
|
+
"descriptionShort": "Self-Hosted Single Sign-On, 2-FA",
|
|
9
|
+
"icon": "sh-tinyauth",
|
|
10
|
+
"category": "core"
|
|
11
|
+
},
|
|
12
|
+
|
|
13
|
+
"deployment": {
|
|
14
|
+
"type": "standard",
|
|
15
|
+
"compose": "compose.yml",
|
|
16
|
+
"webui": true,
|
|
17
|
+
"port": 3000,
|
|
18
|
+
"protocol": "https"
|
|
19
|
+
},
|
|
20
|
+
|
|
21
|
+
"requirements": {
|
|
22
|
+
"prerequisites": ["prerequisites", "socket_proxy_running", "traefik_production", "traefik_running", "hybrid_mode"],
|
|
23
|
+
"apps": ["socket-proxy", "traefik"]
|
|
24
|
+
},
|
|
25
|
+
|
|
26
|
+
"files": [
|
|
27
|
+
{
|
|
28
|
+
"source": "files/middlewares-tinyauth.yml",
|
|
29
|
+
"destination": "$DOCKER_FOLDER/appdata/traefik3/rules/$HOSTNAME/middlewares-tinyauth.yml",
|
|
30
|
+
"backup": false
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
"source": "files/chain-tinyauth.yml",
|
|
34
|
+
"destination": "$DOCKER_FOLDER/appdata/traefik3/rules/$HOSTNAME/chain-tinyauth.yml",
|
|
35
|
+
"backup": false
|
|
36
|
+
}
|
|
37
|
+
],
|
|
38
|
+
|
|
39
|
+
"traefik": {
|
|
40
|
+
"supported": true,
|
|
41
|
+
"subdomain": "tinyauth",
|
|
42
|
+
"chain": "chain-no-auth",
|
|
43
|
+
"middlewares": ["middlewares-tinyauth.yml", "chain-tinyauth.yml"]
|
|
44
|
+
},
|
|
45
|
+
|
|
46
|
+
"dashboard": {
|
|
47
|
+
"enabled": true,
|
|
48
|
+
"location": "other",
|
|
49
|
+
"showStats": true,
|
|
50
|
+
"portVariable": null
|
|
51
|
+
},
|
|
52
|
+
|
|
53
|
+
"env": {
|
|
54
|
+
"variables": [
|
|
55
|
+
{
|
|
56
|
+
"name": "TINYAUTH_VERSION_PIN",
|
|
57
|
+
"type": "string",
|
|
58
|
+
"default": "v5",
|
|
59
|
+
"prompt": false,
|
|
60
|
+
"required": true
|
|
61
|
+
}
|
|
62
|
+
]
|
|
63
|
+
},
|
|
64
|
+
|
|
65
|
+
"status": {
|
|
66
|
+
"file": "05_tinyauth_status",
|
|
67
|
+
"successMessage": "TinyAuth Setup Completed",
|
|
68
|
+
"telemetryAction": "tinyauth"
|
|
69
|
+
}
|
|
70
|
+
}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
services:
|
|
2
|
+
# Traefik 3 - Reverse Proxy
|
|
3
|
+
traefik:
|
|
4
|
+
container_name: traefik
|
|
5
|
+
image: traefik:${TRAEFIK_VERSION_PIN}
|
|
6
|
+
security_opt:
|
|
7
|
+
- no-new-privileges:true
|
|
8
|
+
restart: unless-stopped
|
|
9
|
+
profiles: ["core", "all"]
|
|
10
|
+
depends_on:
|
|
11
|
+
- socket-proxy
|
|
12
|
+
networks:
|
|
13
|
+
traefik_proxy:
|
|
14
|
+
ipv4_address: 192.168.90.254 # You can specify a static IP
|
|
15
|
+
socket_proxy:
|
|
16
|
+
command: # CLI arguments
|
|
17
|
+
- --global.checkNewVersion=true
|
|
18
|
+
- --global.sendAnonymousUsage=false
|
|
19
|
+
- --entrypoints.web-external.address=:81
|
|
20
|
+
- --entrypoints.web-internal.address=:80
|
|
21
|
+
- --entrypoints.websecure-external.address=:444
|
|
22
|
+
- --entrypoints.websecure-internal.address=:443
|
|
23
|
+
- --entrypoints.traefik.address=:8080
|
|
24
|
+
- --entrypoints.websecure-external.http3=true
|
|
25
|
+
- --entrypoints.websecure-internal.http3=true
|
|
26
|
+
- --entrypoints.web-external.http.redirections.entrypoint.to=websecure-external
|
|
27
|
+
- --entrypoints.web-external.http.redirections.entrypoint.scheme=https
|
|
28
|
+
- --entrypoints.web-external.http.redirections.entrypoint.permanent=true
|
|
29
|
+
- --entrypoints.web-internal.http.redirections.entrypoint.to=websecure-internal
|
|
30
|
+
- --entrypoints.web-internal.http.redirections.entrypoint.scheme=https
|
|
31
|
+
- --entrypoints.web-internal.http.redirections.entrypoint.permanent=true
|
|
32
|
+
- --api=true
|
|
33
|
+
- --api.dashboard=true
|
|
34
|
+
- --api.insecure=true
|
|
35
|
+
# - --serversTransport.insecureSkipVerify=true
|
|
36
|
+
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
|
|
37
|
+
- --entrypoints.websecure-external.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
|
|
38
|
+
- --entrypoints.websecure-internal.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
|
|
39
|
+
- --log=true
|
|
40
|
+
- --log.filePath=/logs/traefik.log
|
|
41
|
+
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
|
|
42
|
+
- --accessLog=true
|
|
43
|
+
- --accessLog.filePath=/logs/access.log
|
|
44
|
+
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
|
|
45
|
+
- --accessLog.filters.statusCodes=204-299,400-499,500-599
|
|
46
|
+
- --providers.docker=true
|
|
47
|
+
# - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise.
|
|
48
|
+
- --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise.
|
|
49
|
+
- --providers.docker.exposedByDefault=false
|
|
50
|
+
- --providers.docker.network=traefik_proxy
|
|
51
|
+
# - --providers.docker.swarmMode=false # Traefik v2 Swarm
|
|
52
|
+
# - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm
|
|
53
|
+
- --entrypoints.websecure-external.http.tls=true
|
|
54
|
+
- --entrypoints.websecure-external.http.tls.options=tls-opts@file
|
|
55
|
+
- --entrypoints.websecure-internal.http.tls=true
|
|
56
|
+
- --entrypoints.websecure-internal.http.tls.options=tls-opts@file
|
|
57
|
+
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
|
|
58
|
+
- --entrypoints.websecure-external.http.tls.certresolver=dns-cloudflare
|
|
59
|
+
- --entrypoints.websecure-internal.http.tls.certresolver=dns-cloudflare
|
|
60
|
+
# - DOMAINS-PLACEHOLDER-DO-NOT-DELETE
|
|
61
|
+
- --entrypoints.websecure-external.http.tls.domains[0].main=$DOMAINNAME_1
|
|
62
|
+
- --entrypoints.websecure-external.http.tls.domains[0].sans=*.$DOMAINNAME_1
|
|
63
|
+
- --entrypoints.websecure-internal.http.tls.domains[0].main=$DOMAINNAME_1
|
|
64
|
+
- --entrypoints.websecure-internal.http.tls.domains[0].sans=*.$DOMAINNAME_1
|
|
65
|
+
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
|
|
66
|
+
- --providers.file.watch=true # Only works on top level files in the rules folder
|
|
67
|
+
- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
|
|
68
|
+
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
|
|
69
|
+
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
|
|
70
|
+
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
|
|
71
|
+
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.propagation.delaybeforechecks=120 # To delay DNS check and reduce LE hitrate
|
|
72
|
+
#- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.propagation.disablechecks=true # Not recommended
|
|
73
|
+
# - METRICS-PLACEHOLDER-DO-NOT-DELETE
|
|
74
|
+
# - PLUGINS-PLACEHOLDER-DO-NOT-DELETE
|
|
75
|
+
ports:
|
|
76
|
+
- "80:80"
|
|
77
|
+
- "81:81"
|
|
78
|
+
- "443:443"
|
|
79
|
+
- "443:443/udp" # For HTTP/3(QUIC)
|
|
80
|
+
- "444:444"
|
|
81
|
+
- "444:444/udp" # For HTTP/3(QUIC)
|
|
82
|
+
- "$TRAEFIK_PORT:8080"
|
|
83
|
+
volumes:
|
|
84
|
+
- $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules
|
|
85
|
+
# - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
|
|
86
|
+
- $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json
|
|
87
|
+
- $DOCKERDIR/logs/$HOSTNAME/traefik:/logs
|
|
88
|
+
environment:
|
|
89
|
+
- TZ=$TZ
|
|
90
|
+
- CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
|
|
91
|
+
- HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials
|
|
92
|
+
- DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules.
|
|
93
|
+
# - TRAEFIK_AUTH_BYPASS_KEY
|
|
94
|
+
secrets:
|
|
95
|
+
- cf_dns_api_token
|
|
96
|
+
- basic_auth_credentials
|
|
97
|
+
labels:
|
|
98
|
+
- "traefik.enable=true"
|
|
99
|
+
# HTTP Routers
|
|
100
|
+
- "traefik.http.routers.traefik-rtr.entrypoints=websecure-internal,websecure-external"
|
|
101
|
+
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)"
|
|
102
|
+
# Services - API
|
|
103
|
+
- "traefik.http.routers.traefik-rtr.service=api@internal"
|
|
104
|
+
# Middlewares
|
|
105
|
+
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication
|
|
106
|
+
# DOCKER-LABELS-PLACEHOLDER
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
http:
|
|
2
|
+
routers:
|
|
3
|
+
APPNAME-PLACEHOLDER-rtr:
|
|
4
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)"
|
|
5
|
+
priority: 99
|
|
6
|
+
entryPoints:
|
|
7
|
+
# - websecure-external
|
|
8
|
+
# - websecure-internal
|
|
9
|
+
middlewares:
|
|
10
|
+
- CHAIN-PLACEHOLDER
|
|
11
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
12
|
+
tls:
|
|
13
|
+
certResolver: dns-cloudflare
|
|
14
|
+
options: tls-opts@file
|
|
15
|
+
APPNAME-PLACEHOLDER-rtr-bypass:
|
|
16
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`) && Header(`traefik-auth-bypass-key`, `{{env "TRAEFIK_AUTH_BYPASS_KEY"}}`)"
|
|
17
|
+
priority: 100
|
|
18
|
+
entryPoints:
|
|
19
|
+
# - websecure
|
|
20
|
+
# - websecure-internal
|
|
21
|
+
middlewares:
|
|
22
|
+
- chain-no-auth
|
|
23
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
24
|
+
tls:
|
|
25
|
+
certResolver: dns-cloudflare
|
|
26
|
+
options: tls-opts@file
|
|
27
|
+
services:
|
|
28
|
+
APPNAME-PLACEHOLDER-svc:
|
|
29
|
+
loadBalancer:
|
|
30
|
+
servers:
|
|
31
|
+
- url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
http:
|
|
2
|
+
routers:
|
|
3
|
+
APPNAME-PLACEHOLDER-rtr:
|
|
4
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)"
|
|
5
|
+
entryPoints:
|
|
6
|
+
# - websecure-external
|
|
7
|
+
# - websecure-internal
|
|
8
|
+
middlewares:
|
|
9
|
+
- CHAIN-PLACEHOLDER
|
|
10
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
11
|
+
tls:
|
|
12
|
+
certResolver: dns-cloudflare
|
|
13
|
+
options: tls-opts@file
|
|
14
|
+
services:
|
|
15
|
+
APPNAME-PLACEHOLDER-svc:
|
|
16
|
+
loadBalancer:
|
|
17
|
+
servers:
|
|
18
|
+
- url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
http:
|
|
2
|
+
routers:
|
|
3
|
+
APPNAME-PLACEHOLDER-rtr:
|
|
4
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)"
|
|
5
|
+
priority: 99
|
|
6
|
+
entryPoints:
|
|
7
|
+
# - websecure-external
|
|
8
|
+
# - websecure-internal
|
|
9
|
+
middlewares:
|
|
10
|
+
- CHAIN-PLACEHOLDER
|
|
11
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
12
|
+
tls:
|
|
13
|
+
certResolver: dns-cloudflare
|
|
14
|
+
options: tls-opts@file
|
|
15
|
+
APPNAME-PLACEHOLDER-rtr-bypass:
|
|
16
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`) && Header(`traefik-auth-bypass-key`, `{{env "TRAEFIK_AUTH_BYPASS_KEY"}}`)"
|
|
17
|
+
priority: 100
|
|
18
|
+
entryPoints:
|
|
19
|
+
# - websecure
|
|
20
|
+
# - websecure-internal
|
|
21
|
+
middlewares:
|
|
22
|
+
- chain-no-auth
|
|
23
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
24
|
+
tls:
|
|
25
|
+
certResolver: dns-cloudflare
|
|
26
|
+
options: tls-opts@file
|
|
27
|
+
services:
|
|
28
|
+
APPNAME-PLACEHOLDER-svc:
|
|
29
|
+
loadBalancer:
|
|
30
|
+
passHostHeader: true
|
|
31
|
+
serversTransport: "APPNAME-PLACEHOLDER-st"
|
|
32
|
+
servers:
|
|
33
|
+
- url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT
|
|
34
|
+
serversTransports:
|
|
35
|
+
APPNAME-PLACEHOLDER-st:
|
|
36
|
+
insecureSkipVerify: true
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
http:
|
|
2
|
+
routers:
|
|
3
|
+
APPNAME-PLACEHOLDER-rtr:
|
|
4
|
+
rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)"
|
|
5
|
+
entryPoints:
|
|
6
|
+
# - websecure-external
|
|
7
|
+
# - websecure-internal
|
|
8
|
+
middlewares:
|
|
9
|
+
- CHAIN-PLACEHOLDER
|
|
10
|
+
service: APPNAME-PLACEHOLDER-svc
|
|
11
|
+
tls:
|
|
12
|
+
certResolver: dns-cloudflare
|
|
13
|
+
options: tls-opts@file
|
|
14
|
+
services:
|
|
15
|
+
APPNAME-PLACEHOLDER-svc:
|
|
16
|
+
loadBalancer:
|
|
17
|
+
passHostHeader: true
|
|
18
|
+
serversTransport: "APPNAME-PLACEHOLDER-st"
|
|
19
|
+
servers:
|
|
20
|
+
- url: "APP-URL-PLACEHOLDER" # https://IP-ADDRESS:PORT
|
|
21
|
+
serversTransports:
|
|
22
|
+
APPNAME-PLACEHOLDER-st:
|
|
23
|
+
insecureSkipVerify: true
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
tcp:
|
|
2
|
+
routers:
|
|
3
|
+
HOST-PLACEHOLDER-rtr:
|
|
4
|
+
entryPoints:
|
|
5
|
+
- websecure-internal
|
|
6
|
+
- websecure-external
|
|
7
|
+
rule: "HostSNIRegexp(`DOMAINNAME-VARIABLE-PLACEHOLDER`) || HostSNIRegexp(`{subdomain:[a-z]+}.DOMAINNAME-VARIABLE-PLACEHOLDER`)"
|
|
8
|
+
service: HOST-PLACEHOLDER-svc
|
|
9
|
+
tls:
|
|
10
|
+
passthrough: true
|
|
11
|
+
services:
|
|
12
|
+
HOST-PLACEHOLDER-svc:
|
|
13
|
+
loadBalancer:
|
|
14
|
+
servers:
|
|
15
|
+
- address: "HOST-IP-PLACEHOLDER:443"
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
# Auth Bypass
|
|
2
|
+
- "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.entrypoints=websecure"
|
|
3
|
+
- "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.rule=Host(`APAPPNAME-PLACEHOLDER.$DOMAINNAME_1`) && Header(`traefik-auth-bypass-key`, `$TRAEFIK_AUTH_BYPASS_KEY`)" # Bypass Auth for LunaSea on iOS
|
|
4
|
+
- "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.priority=100"
|
|
5
|
+
- "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.middlewares=chain-no-auth@file"
|
|
6
|
+
- "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.service=APAPPNAME-PLACEHOLDER-svc"
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
labels:
|
|
2
|
+
- "traefik.enable=true"
|
|
3
|
+
## HTTP Routers
|
|
4
|
+
- "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.entrypoints=ENTRYPOINT-PLACEHOLDER"
|
|
5
|
+
- "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)"
|
|
6
|
+
## Middlewares
|
|
7
|
+
- "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.middlewares=CHAIN-PLACEHOLDER@file"
|
|
8
|
+
## HTTP Services
|
|
9
|
+
- "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.service=LABEL-SERVICE-NAME-PLACEHOLDER-svc"
|
|
10
|
+
- "traefik.http.services.LABEL-SERVICE-NAME-PLACEHOLDER-svc.loadbalancer.server.port=LABEL-SERVICE-PORT-PLACEHOLDER"
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
http:
|
|
2
|
+
middlewares:
|
|
3
|
+
middlewares-crowdsec-bouncer:
|
|
4
|
+
plugin:
|
|
5
|
+
crowdsec:
|
|
6
|
+
enabled: true
|
|
7
|
+
crowdsecLapiScheme: http
|
|
8
|
+
crowdsecLapiHost: crowdsec:8080
|
|
9
|
+
crowdsecLapiKeyFile: /run/secrets/crowdsec_bouncer_traefik_key
|
|
10
|
+
clientTrustedIPs:
|
|
11
|
+
- 10.0.0.0/8
|
|
12
|
+
- 172.16.0.0/12
|
|
13
|
+
- 192.168.0.0/16
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
http:
|
|
2
|
+
middlewares:
|
|
3
|
+
### Let's give them a new name so it won't conflict with others
|
|
4
|
+
nextcloud-middlewares-secure-headers:
|
|
5
|
+
headers:
|
|
6
|
+
accessControlMaxAge: 100
|
|
7
|
+
sslRedirect: true
|
|
8
|
+
stsSeconds: 63072000
|
|
9
|
+
stsIncludeSubdomains: true
|
|
10
|
+
stsPreload: true
|
|
11
|
+
forceSTSHeader: true
|
|
12
|
+
### We will modify this value for Nextcloud to remove the X-Frame-Options error:
|
|
13
|
+
customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr.
|
|
14
|
+
contentTypeNosniff: true
|
|
15
|
+
browserXssFilter: true
|
|
16
|
+
referrerPolicy: "no-referrer"
|
|
17
|
+
### While CSP is a good security setting, Nextcloud's Apache server takes care of this for us!
|
|
18
|
+
# contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
|
|
19
|
+
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
|
|
20
|
+
customResponseHeaders:
|
|
21
|
+
### Change this to none to remove the Robots error:
|
|
22
|
+
X-Robots-Tag: "noindex, nofollow"
|
|
23
|
+
X-Content-Type-Options: "nosniff"
|
|
24
|
+
X-XSS-Protection: "1; mode=block"
|
|
25
|
+
X-Frame-Options: "SAMEORIGIN"
|
|
26
|
+
Referrer-Policy: "no-referrer"
|
|
27
|
+
server: ""
|
|
28
|
+
|
|
29
|
+
### This section redirects requests for Nextcloud calendar and contacts service discovery
|
|
30
|
+
### source: https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery
|
|
31
|
+
nextcloud-redirect:
|
|
32
|
+
redirectRegex:
|
|
33
|
+
permanent: true
|
|
34
|
+
regex: "https://(.*)/.well-known/(card|cal)dav"
|
|
35
|
+
replacement: "https://${1}/remote.php/dav/"
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
http:
|
|
2
|
+
middlewares:
|
|
3
|
+
middlewares-secure-headers:
|
|
4
|
+
headers:
|
|
5
|
+
accessControlAllowMethods:
|
|
6
|
+
- GET
|
|
7
|
+
- OPTIONS
|
|
8
|
+
- PUT
|
|
9
|
+
accessControlMaxAge: 100
|
|
10
|
+
hostsProxyHeaders:
|
|
11
|
+
- "X-Forwarded-Host"
|
|
12
|
+
stsSeconds: 63072000
|
|
13
|
+
stsIncludeSubdomains: true
|
|
14
|
+
stsPreload: true
|
|
15
|
+
forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works.
|
|
16
|
+
# Comment out customFrameOptionsValue if you're using Jellyfin on LG WebOS
|
|
17
|
+
customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
18
|
+
contentTypeNosniff: true
|
|
19
|
+
browserXssFilter: true
|
|
20
|
+
referrerPolicy: "same-origin"
|
|
21
|
+
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()"
|
|
22
|
+
customResponseHeaders:
|
|
23
|
+
X-Robots-Tag: "none,noindex,nofollow,noarchive,nosnippet,notranslate,noimageindex" # disable search engines from indexing home server
|
|
24
|
+
server: "" # hide server info from visitors
|
|
25
|
+
customRequestHeaders:
|
|
26
|
+
X-Forwarded-Proto: https
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
tls:
|
|
2
|
+
options:
|
|
3
|
+
tls-opts:
|
|
4
|
+
minVersion: VersionTLS12
|
|
5
|
+
cipherSuites:
|
|
6
|
+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
7
|
+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
8
|
+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
9
|
+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
10
|
+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
11
|
+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
12
|
+
- TLS_AES_128_GCM_SHA256
|
|
13
|
+
- TLS_AES_256_GCM_SHA384
|
|
14
|
+
- TLS_CHACHA20_POLY1305_SHA256
|
|
15
|
+
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
|
|
16
|
+
curvePreferences:
|
|
17
|
+
- CurveP521
|
|
18
|
+
- CurveP384
|
|
19
|
+
sniStrict: true
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
# Static configuration in YAML format
|
|
2
|
+
global:
|
|
3
|
+
checkNewVersion: true
|
|
4
|
+
sendAnonymousUsage: false
|
|
5
|
+
|
|
6
|
+
entryPoints:
|
|
7
|
+
web-external:
|
|
8
|
+
address: ":81"
|
|
9
|
+
http:
|
|
10
|
+
redirections:
|
|
11
|
+
entrypoint:
|
|
12
|
+
to: websecure-external
|
|
13
|
+
scheme: https
|
|
14
|
+
permanent: true
|
|
15
|
+
web-internal:
|
|
16
|
+
address: ":80"
|
|
17
|
+
http:
|
|
18
|
+
redirections:
|
|
19
|
+
entrypoint:
|
|
20
|
+
to: websecure-internal
|
|
21
|
+
scheme: https
|
|
22
|
+
permanent: true
|
|
23
|
+
websecure-external:
|
|
24
|
+
address: ":444"
|
|
25
|
+
http3: true
|
|
26
|
+
forwardedHeaders:
|
|
27
|
+
trustedIPs:
|
|
28
|
+
- "$CLOUDFLARE_IPS"
|
|
29
|
+
- "$LOCAL_IPS"
|
|
30
|
+
http:
|
|
31
|
+
tls:
|
|
32
|
+
options:
|
|
33
|
+
tls-opts:
|
|
34
|
+
minVersion: VersionTLS12
|
|
35
|
+
certResolver: dns-cloudflare
|
|
36
|
+
domains:
|
|
37
|
+
- main: "$DOMAINNAME_1"
|
|
38
|
+
sans:
|
|
39
|
+
- "*.$DOMAINNAME_1"
|
|
40
|
+
websecure-internal:
|
|
41
|
+
address: ":443"
|
|
42
|
+
http3: true
|
|
43
|
+
forwardedHeaders:
|
|
44
|
+
trustedIPs:
|
|
45
|
+
- "$CLOUDFLARE_IPS"
|
|
46
|
+
- "$LOCAL_IPS"
|
|
47
|
+
http:
|
|
48
|
+
tls:
|
|
49
|
+
options:
|
|
50
|
+
tls-opts:
|
|
51
|
+
minVersion: VersionTLS12
|
|
52
|
+
certResolver: dns-cloudflare
|
|
53
|
+
domains:
|
|
54
|
+
- main: "$DOMAINNAME_1"
|
|
55
|
+
sans:
|
|
56
|
+
- "*.$DOMAINNAME_1"
|
|
57
|
+
traefik:
|
|
58
|
+
address: ":8080"
|
|
59
|
+
|
|
60
|
+
api:
|
|
61
|
+
dashboard: true
|
|
62
|
+
insecure: true
|
|
63
|
+
|
|
64
|
+
log:
|
|
65
|
+
filePath: "/logs/traefik.log"
|
|
66
|
+
level: DEBUG
|
|
67
|
+
|
|
68
|
+
accessLog:
|
|
69
|
+
filePath: "/logs/access.log"
|
|
70
|
+
bufferingSize: 100
|
|
71
|
+
filters:
|
|
72
|
+
statusCodes:
|
|
73
|
+
- "204-299"
|
|
74
|
+
- "400-499"
|
|
75
|
+
- "500-599"
|
|
76
|
+
|
|
77
|
+
providers:
|
|
78
|
+
docker:
|
|
79
|
+
endpoint: "tcp://socket-proxy:2375"
|
|
80
|
+
exposedByDefault: false
|
|
81
|
+
network: traefik_proxy
|
|
82
|
+
file:
|
|
83
|
+
directory: "/rules"
|
|
84
|
+
watch: true
|
|
85
|
+
|
|
86
|
+
certificatesResolvers:
|
|
87
|
+
dns-cloudflare:
|
|
88
|
+
acme:
|
|
89
|
+
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
90
|
+
storage: "/acme.json"
|
|
91
|
+
dnsChallenge:
|
|
92
|
+
provider: cloudflare
|
|
93
|
+
resolvers:
|
|
94
|
+
- "1.1.1.1:53"
|
|
95
|
+
- "1.0.0.1:53"
|
|
96
|
+
propagation:
|
|
97
|
+
delayBeforeCheck: 120
|