From 3d5979b5f14ac22c4b7ab398acece71e882b6a95 Mon Sep 17 00:00:00 2001 From: Kelin Date: Mon, 2 Feb 2026 20:59:07 -0500 Subject: [PATCH] Implement fixes from test results - Update Docker install to use curl method - Rename ADMIN_PASSWORD to AUTHELIA_ADMIN_PASSWORD - Fix Authelia password hash generation (remove grep, no quotes) - Revert compose labels to single quotes - Ensure users_database.yml has unquoted password placeholder --- .env.example | 1 + config-templates/authelia/users_database.yml | 2 +- .../alternatives/docker-compose.yml | 64 +- docker-compose/core/docker-compose.yml | 46 +- docker-compose/dashboards/docker-compose.yml | 34 +- docker-compose/dockge/docker-compose.yml | 18 +- .../homeassistant/docker-compose.yml | 96 +-- .../infrastructure/docker-compose.yml | 76 +- .../media-management/docker-compose.yml | 144 ++-- docker-compose/media/docker-compose.yml | 36 +- docker-compose/monitoring/docker-compose.yml | 108 +-- .../productivity/docker-compose.yml | 102 +-- docker-compose/transcoders/docker-compose.yml | 36 +- docker-compose/utilities/docker-compose.yml | 74 +- docker-compose/vpn/docker-compose.yml | 18 +- docker-compose/wikis/docker-compose.yml | 62 +- get-docker.sh | 764 ++++++++++++++++++ scripts/ez-homelab.sh | 16 +- scripts/install-prerequisites.sh | 2 +- 19 files changed, 1232 insertions(+), 467 deletions(-) create mode 100644 get-docker.sh diff --git a/.env.example b/.env.example index 1f9fb32..a27c87c 100644 --- a/.env.example +++ b/.env.example @@ -60,6 +60,7 @@ ACME_EMAIL=${DEFAULT_EMAIL} ADMIN_EMAIL=${DEFAULT_EMAIL} # Used for admin user account AUTHELIA_ADMIN_USER=${DEFAULT_USER} AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL} +AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD} AUTHELIA_ADMIN_PASSWORD_HASH=generate-with-openssl-rand-hex-64 # SMTP for Authelia Notifications diff --git a/config-templates/authelia/users_database.yml b/config-templates/authelia/users_database.yml index ba22fac..a69ca71 100644 --- a/config-templates/authelia/users_database.yml +++ b/config-templates/authelia/users_database.yml @@ -5,7 +5,7 @@ users: ${AUTHELIA_ADMIN_USER}: displayname: ${AUTHELIA_ADMIN_USER} - password: "${AUTHELIA_ADMIN_PASSWORD_HASH}" + password: ${AUTHELIA_ADMIN_PASSWORD_HASH} email: ${AUTHELIA_ADMIN_EMAIL} groups: - admins diff --git a/docker-compose/alternatives/docker-compose.yml b/docker-compose/alternatives/docker-compose.yml index ddf2ed2..0b55ef7 100644 --- a/docker-compose/alternatives/docker-compose.yml +++ b/docker-compose/alternatives/docker-compose.yml @@ -26,15 +26,15 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=Docker container management UI (Alternative to Dockge)" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)" - - "traefik.http.routers.portainer.entrypoints=websecure" - - "traefik.http.routers.portainer.tls.certresolver=letsencrypt" - - "traefik.http.routers.portainer.middlewares=authelia@docker" - - "traefik.http.services.portainer.loadbalancer.server.port=9000" + - 'homelab.category=alternatives" + - 'homelab.description=Docker container management UI (Alternative to Dockge)" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)" + - 'traefik.http.routers.portainer.entrypoints=websecure" + - 'traefik.http.routers.portainer.tls.certresolver=letsencrypt" + - 'traefik.http.routers.portainer.middlewares=authelia@docker" + - 'traefik.http.services.portainer.loadbalancer.server.port=9000" # Authentik - Alternative SSO/Identity Provider with Web UI # Access at: https://authentik.${DOMAIN} @@ -66,15 +66,15 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" - - "traefik.http.routers.authentik.entrypoints=websecure" - - "traefik.http.routers.authentik.tls.certresolver=letsencrypt" - - "traefik.http.routers.authentik.middlewares=authelia@docker" - - "traefik.http.services.authentik.loadbalancer.server.port=9000" + - 'homelab.category=alternatives" + - 'homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" + - 'traefik.http.routers.authentik.entrypoints=websecure" + - 'traefik.http.routers.authentik.tls.certresolver=letsencrypt" + - 'traefik.http.routers.authentik.middlewares=authelia@docker" + - 'traefik.http.services.authentik.loadbalancer.server.port=9000" depends_on: - authentik-db - authentik-redis @@ -104,8 +104,8 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=Authentik background worker" + - 'homelab.category=alternatives" + - 'homelab.description=Authentik background worker" depends_on: - authentik-db - authentik-redis @@ -128,8 +128,8 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=Authentik database" + - 'homelab.category=alternatives" + - 'homelab.description=Authentik database" healthcheck: test: ["CMD-SHELL", "pg_isready -U ${AUTHENTIK_DB_USER}"] interval: 10s @@ -151,8 +151,8 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=Authentik cache and messaging" + - 'homelab.category=alternatives" + - 'homelab.description=Authentik cache and messaging" healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] interval: 10s @@ -202,15 +202,15 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=alternatives" - - "homelab.description=Alternative media streaming server to Jellyfin" + - 'homelab.category=alternatives" + - 'homelab.description=Alternative media streaming server to Jellyfin" # Traefik labels - NO Authelia for app access - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`)" - - "traefik.http.routers.plex.entrypoints=websecure" - - "traefik.http.routers.plex.tls.certresolver=letsencrypt" - - "traefik.http.services.plex.loadbalancer.server.port=32400" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`)" + - 'traefik.http.routers.plex.entrypoints=websecure" + - 'traefik.http.routers.plex.tls.certresolver=letsencrypt" + - 'traefik.http.services.plex.loadbalancer.server.port=32400" - "x-dockge.url=https://plex.${DOMAIN}" - "x-dockge.url=https://plex.${DOMAIN}" diff --git a/docker-compose/core/docker-compose.yml b/docker-compose/core/docker-compose.yml index 6f31cb1..e8682b3 100644 --- a/docker-compose/core/docker-compose.yml +++ b/docker-compose/core/docker-compose.yml @@ -27,7 +27,7 @@ services: image: traefik:v3 container_name: traefik restart: unless-stopped - command: ["--configFile=/config/traefik.yml"] + command: ['--configFile=/config/traefik.yml'] environment: - DUCKDNS_TOKEN=41ef7faa-fc93-41d2-a32f-340fd2b75b2f ports: @@ -45,14 +45,14 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=core" - - "homelab.description=Reverse proxy and SSL termination" - - "traefik.enable=true" - - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - - "traefik.http.routers.traefik.entrypoints=websecure" - - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" - - "traefik.http.routers.traefik.middlewares=authelia@docker" - - "traefik.http.services.traefik.loadbalancer.server.port=8080" + - 'homelab.category=core' + - 'homelab.description=Reverse proxy and SSL termination' + - 'traefik.enable=true' + - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)' + - 'traefik.http.routers.traefik.entrypoints=websecure' + - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt' + - 'traefik.http.routers.traefik.middlewares=authelia@docker' + - 'traefik.http.services.traefik.loadbalancer.server.port=8080' authelia: # Single sign-on authentication service - must always run for user authentication @@ -62,7 +62,7 @@ services: environment: - TZ=America/New_York ports: - - "9091:9091" + - '9091:9091' volumes: - ./authelia/config:/config - ./authelia/secrets:/secrets @@ -74,21 +74,21 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=core" - - "homelab.description=Single sign-on authentication" + - 'homelab.category=core' + - 'homelab.description=Single sign-on authentication' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)" - - "traefik.http.routers.authelia.entrypoints=websecure" - - "traefik.http.routers.authelia.tls.certresolver=letsencrypt" - - "traefik.http.routers.authelia.service=authelia" - - "traefik.http.services.authelia.loadbalancer.server.port=9091" + - 'traefik.enable=true' + - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)' + - 'traefik.http.routers.authelia.entrypoints=websecure' + - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' + - 'traefik.http.routers.authelia.service=authelia' + - 'traefik.http.services.authelia.loadbalancer.server.port=9091' # Authelia forward auth middleware configuration - - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/" - - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret" - - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true" + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret' + - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Sablier - Lazy loading service for Docker containers # Controls startup/shutdown of lazy-loaded services, must always run @@ -118,8 +118,8 @@ services: - 10000:10000 labels: # Service metadata - - "homelab.category=core" - - "homelab.description=Lazy loading service for Docker containers" + - 'homelab.category=core' + - 'homelab.description=Lazy loading service for Docker containers' networks: traefik-network: diff --git a/docker-compose/dashboards/docker-compose.yml b/docker-compose/dashboards/docker-compose.yml index b1f125a..ff38cd7 100644 --- a/docker-compose/dashboards/docker-compose.yml +++ b/docker-compose/dashboards/docker-compose.yml @@ -38,20 +38,20 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=dashboard" - - "homelab.description=Application dashboard" + - 'homelab.category=dashboard" + - 'homelab.description=Application dashboard" # Traefik reverse proxy (comment/uncomment to disable/enable) # IMPORTANT: On REMOTE SERVERS (where Traefik runs elsewhere): # - COMMENT OUT all traefik.* labels below (don't delete them) # - Routes are configured via external YAML files on the core server # - This prevents conflicts between Docker labels and file provider - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.homepage.rule=Host(`homepage.${DOMAIN}`)" - - "traefik.http.routers.homepage.entrypoints=websecure" - - "traefik.http.routers.homepage.tls=true" - - "traefik.http.routers.homepage.middlewares=authelia@docker" - - "traefik.http.services.homepage.loadbalancer.server.port=3000" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.homepage.rule=Host(`homepage.${DOMAIN}`)" + - 'traefik.http.routers.homepage.entrypoints=websecure" + - 'traefik.http.routers.homepage.tls=true" + - 'traefik.http.routers.homepage.middlewares=authelia@docker" + - 'traefik.http.services.homepage.loadbalancer.server.port=3000" # Sablier lazy loading (disabled by default - uncomment to enable) # - "sablier.enable=true" # - "sablier.group=jasper-homarr" @@ -94,16 +94,16 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=dashboard" - - "homelab.description=Modern homelab dashboard" - - "traefik.enable=true" + - 'homelab.category=dashboard" + - 'homelab.description=Modern homelab dashboard" + - 'traefik.enable=true" # Router configuration - - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)" - - "traefik.http.routers.homarr.entrypoints=websecure" - - "traefik.http.routers.homarr.tls=true" - - "traefik.http.routers.homarr.middlewares=authelia@docker" + - 'traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)" + - 'traefik.http.routers.homarr.entrypoints=websecure" + - 'traefik.http.routers.homarr.tls=true" + - 'traefik.http.routers.homarr.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.homarr.loadbalancer.server.port=7575" + - 'traefik.http.services.homarr.loadbalancer.server.port=7575" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-homarr" diff --git a/docker-compose/dockge/docker-compose.yml b/docker-compose/dockge/docker-compose.yml index 69405b1..0c256b7 100644 --- a/docker-compose/dockge/docker-compose.yml +++ b/docker-compose/dockge/docker-compose.yml @@ -37,18 +37,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=infrastructure" - - "homelab.description=Docker Compose stack manager (PRIMARY)" + - 'homelab.category=infrastructure" + - 'homelab.description=Docker Compose stack manager (PRIMARY)" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)" - - "traefik.http.routers.dockge.entrypoints=websecure" - - "traefik.http.routers.dockge.tls.certresolver=letsencrypt" - - "traefik.http.routers.dockge.middlewares=authelia@docker" - - "traefik.http.services.dockge.loadbalancer.server.port=5001" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)" + - 'traefik.http.routers.dockge.entrypoints=websecure" + - 'traefik.http.routers.dockge.tls.certresolver=letsencrypt" + - 'traefik.http.routers.dockge.middlewares=authelia@docker" + - 'traefik.http.services.dockge.loadbalancer.server.port=5001" networks: homelab-network: diff --git a/docker-compose/homeassistant/docker-compose.yml b/docker-compose/homeassistant/docker-compose.yml index 9fa1802..f35c70e 100644 --- a/docker-compose/homeassistant/docker-compose.yml +++ b/docker-compose/homeassistant/docker-compose.yml @@ -28,8 +28,8 @@ services: - TZ=America/New_York privileged: true labels: - - "homelab.category=iot" - - "homelab.description=Home automation platform" + - 'homelab.category=iot" + - 'homelab.description=Home automation platform" # Note: network_mode: host means Traefik can't proxy this directly # Use Traefik's file provider or external host routing @@ -63,18 +63,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=iot" - - "homelab.description=ESP8266/ESP32 firmware manager" + - 'homelab.category=iot" + - 'homelab.description=ESP8266/ESP32 firmware manager" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)" - - "traefik.http.routers.esphome.entrypoints=websecure" - - "traefik.http.routers.esphome.tls.certresolver=letsencrypt" - - "traefik.http.routers.esphome.middlewares=authelia@docker" - - "traefik.http.services.esphome.loadbalancer.server.port=6052" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)" + - 'traefik.http.routers.esphome.entrypoints=websecure" + - 'traefik.http.routers.esphome.tls.certresolver=letsencrypt" + - 'traefik.http.routers.esphome.middlewares=authelia@docker" + - 'traefik.http.services.esphome.loadbalancer.server.port=6052" # TasmoAdmin - Tasmota device manager tasmoadmin: @@ -94,18 +94,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=iot" - - "homelab.description=Tasmota device management" + - 'homelab.category=iot" + - 'homelab.description=Tasmota device management" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)" - - "traefik.http.routers.tasmoadmin.entrypoints=websecure" - - "traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt" - - "traefik.http.routers.tasmoadmin.middlewares=authelia@docker" - - "traefik.http.services.tasmoadmin.loadbalancer.server.port=80" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)" + - 'traefik.http.routers.tasmoadmin.entrypoints=websecure" + - 'traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt" + - 'traefik.http.routers.tasmoadmin.middlewares=authelia@docker" + - 'traefik.http.services.tasmoadmin.loadbalancer.server.port=80" # MotionEye - Video surveillance motioneye: @@ -126,18 +126,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=iot" - - "homelab.description=Video surveillance system" + - 'homelab.category=iot" + - 'homelab.description=Video surveillance system" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)" - - "traefik.http.routers.motioneye.entrypoints=websecure" - - "traefik.http.routers.motioneye.tls.certresolver=letsencrypt" - - "traefik.http.routers.motioneye.middlewares=authelia@docker" - - "traefik.http.services.motioneye.loadbalancer.server.port=8765" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)" + - 'traefik.http.routers.motioneye.entrypoints=websecure" + - 'traefik.http.routers.motioneye.tls.certresolver=letsencrypt" + - 'traefik.http.routers.motioneye.middlewares=authelia@docker" + - 'traefik.http.services.motioneye.loadbalancer.server.port=8765" # Node-RED - Flow-based automation (Home Assistant addon alternative) nodered: @@ -166,18 +166,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=iot" - - "homelab.description=Flow-based automation programming" + - 'homelab.category=iot" + - 'homelab.description=Flow-based automation programming" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)" - - "traefik.http.routers.nodered.entrypoints=websecure" - - "traefik.http.routers.nodered.tls.certresolver=letsencrypt" - - "traefik.http.routers.nodered.middlewares=authelia@docker" - - "traefik.http.services.nodered.loadbalancer.server.port=1880" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)" + - 'traefik.http.routers.nodered.entrypoints=websecure" + - 'traefik.http.routers.nodered.tls.certresolver=letsencrypt" + - 'traefik.http.routers.nodered.middlewares=authelia@docker" + - 'traefik.http.services.nodered.loadbalancer.server.port=1880" # Mosquitto - MQTT broker (Home Assistant addon alternative) # Used by: Home Assistant, ESPHome, Tasmota devices @@ -195,8 +195,8 @@ services: - ./mosquitto/data:/mosquitto/data - ./mosquitto/log:/mosquitto/log labels: - - "homelab.category=iot" - - "homelab.description=MQTT message broker" + - 'homelab.category=iot" + - 'homelab.description=MQTT message broker" # Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter) # NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle) @@ -219,14 +219,14 @@ services: # environment: # - TZ=America/New_York # labels: - # - "homelab.category=iot" - # - "homelab.description=Zigbee to MQTT bridge" - # - "traefik.enable=true" - # - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)" - # - "traefik.http.routers.zigbee2mqtt.entrypoints=websecure" - # - "traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt" - # - "traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker" - # - "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080" + # - 'homelab.category=iot" + # - 'homelab.description=Zigbee to MQTT bridge" + # - 'traefik.enable=true" + # - 'traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)" + # - 'traefik.http.routers.zigbee2mqtt.entrypoints=websecure" + # - 'traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt" + # - 'traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker" + # - 'traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080" networks: homelab-network: diff --git a/docker-compose/infrastructure/docker-compose.yml b/docker-compose/infrastructure/docker-compose.yml index b468f15..94f3c51 100644 --- a/docker-compose/infrastructure/docker-compose.yml +++ b/docker-compose/infrastructure/docker-compose.yml @@ -73,20 +73,20 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=infrastructure" - - "homelab.description=Network-wide ad blocking and DNS" + - 'homelab.category=infrastructure" + - 'homelab.description=Network-wide ad blocking and DNS" # Traefik reverse proxy (comment/uncomment to disable/enable) # IMPORTANT: On REMOTE SERVERS (where Traefik runs elsewhere): # - COMMENT OUT all traefik.* labels below (don't delete them) # - Routes are configured via external YAML files on the core server # - This prevents conflicts between Docker labels and file provider - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)" - - "traefik.http.routers.pihole.entrypoints=websecure" - - "traefik.http.routers.pihole.tls.certresolver=letsencrypt" - - "traefik.http.routers.pihole.middlewares=authelia@docker" - - "traefik.http.services.pihole.loadbalancer.server.port=80" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)" + - 'traefik.http.routers.pihole.entrypoints=websecure" + - 'traefik.http.routers.pihole.tls.certresolver=letsencrypt" + - 'traefik.http.routers.pihole.middlewares=authelia@docker" + - 'traefik.http.services.pihole.loadbalancer.server.port=80" # Watchtower - Automatic container updates watchtower: @@ -105,8 +105,8 @@ services: - WATCHTOWER_NOTIFICATIONS=shoutrrr - WATCHTOWER_NOTIFICATION_URL=${WATCHTOWER_NOTIFICATION_URL} labels: - - "homelab.category=infrastructure" - - "homelab.description=Automatic Docker container updates" + - 'homelab.category=infrastructure" + - 'homelab.description=Automatic Docker container updates" # Dozzle - Real-time Docker log viewer # Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity @@ -144,17 +144,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=infrastructure" - - "homelab.description=Real-time Docker log viewer" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=infrastructure" + - 'homelab.description=Real-time Docker log viewer" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.dozzle.rule=Host(`dozzle.jasper.${DOMAIN}`)" - - "traefik.http.routers.dozzle.entrypoints=websecure" - - "traefik.http.routers.dozzle.tls=true" - - "traefik.http.routers.dozzle.middlewares=authelia@docker" + - 'traefik.http.routers.dozzle.rule=Host(`dozzle.jasper.${DOMAIN}`)" + - 'traefik.http.routers.dozzle.entrypoints=websecure" + - 'traefik.http.routers.dozzle.tls=true" + - 'traefik.http.routers.dozzle.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.dozzle.loadbalancer.server.port=8085" + - 'traefik.http.services.dozzle.loadbalancer.server.port=8085" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-dozzle" @@ -196,17 +196,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=infrastructure" - - "homelab.description=System and Docker monitoring" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=infrastructure" + - 'homelab.description=System and Docker monitoring" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.glances.rule=Host(`glances.jasper.${DOMAIN}`)" - - "traefik.http.routers.glances.entrypoints=websecure" - - "traefik.http.routers.glances.tls=true" - - "traefik.http.routers.glances.middlewares=authelia@docker" + - 'traefik.http.routers.glances.rule=Host(`glances.jasper.${DOMAIN}`)" + - 'traefik.http.routers.glances.entrypoints=websecure" + - 'traefik.http.routers.glances.tls=true" + - 'traefik.http.routers.glances.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.glances.loadbalancer.server.port=61208" + - 'traefik.http.services.glances.loadbalancer.server.port=61208" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-glances" @@ -252,17 +252,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=infrastructure" - - "homelab.description=VS Code in browser" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=infrastructure" + - 'homelab.description=VS Code in browser" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)" - - "traefik.http.routers.code-server.entrypoints=websecure" - - "traefik.http.routers.code-server.tls.certresolver=letsencrypt" - - "traefik.http.routers.code-server.middlewares=authelia@docker" + - 'traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)" + - 'traefik.http.routers.code-server.entrypoints=websecure" + - 'traefik.http.routers.code-server.tls.certresolver=letsencrypt" + - 'traefik.http.routers.code-server.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.code-server.loadbalancer.server.port=8443" + - 'traefik.http.services.code-server.loadbalancer.server.port=8443" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-code-server" diff --git a/docker-compose/media-management/docker-compose.yml b/docker-compose/media-management/docker-compose.yml index 457c9a2..eaba894 100644 --- a/docker-compose/media-management/docker-compose.yml +++ b/docker-compose/media-management/docker-compose.yml @@ -33,19 +33,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=TV show management and automation" + - 'homelab.category=media" + - 'homelab.description=TV show management and automation" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - - "traefik.http.routers.sonarr.entrypoints=websecure" - - "traefik.http.routers.sonarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.sonarr.middlewares=authelia@docker" - - "traefik.http.services.sonarr.loadbalancer.server.port=8989" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" + - 'traefik.http.routers.sonarr.entrypoints=websecure" + - 'traefik.http.routers.sonarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.sonarr.middlewares=authelia@docker" + - 'traefik.http.services.sonarr.loadbalancer.server.port=8989" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -78,19 +78,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Movie management and automation" + - 'homelab.category=media" + - 'homelab.description=Movie management and automation" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - - "traefik.http.routers.radarr.entrypoints=websecure" - - "traefik.http.routers.radarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.radarr.middlewares=authelia@docker" - - "traefik.http.services.radarr.loadbalancer.server.port=7878" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" + - 'traefik.http.routers.radarr.entrypoints=websecure" + - 'traefik.http.routers.radarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.radarr.middlewares=authelia@docker" + - 'traefik.http.services.radarr.loadbalancer.server.port=7878" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -122,19 +122,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Indexer manager for Sonarr/Radarr" + - 'homelab.category=media" + - 'homelab.description=Indexer manager for Sonarr/Radarr" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" - - "traefik.http.routers.prowlarr.entrypoints=websecure" - - "traefik.http.routers.prowlarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.prowlarr.middlewares=authelia@docker" - - "traefik.http.services.prowlarr.loadbalancer.server.port=9696" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" + - 'traefik.http.routers.prowlarr.entrypoints=websecure" + - 'traefik.http.routers.prowlarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.prowlarr.middlewares=authelia@docker" + - 'traefik.http.services.prowlarr.loadbalancer.server.port=9696" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -161,19 +161,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Ebook and audiobook management" + - 'homelab.category=media" + - 'homelab.description=Ebook and audiobook management" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.readarr.rule=Host(`readarr.${DOMAIN}`)" - - "traefik.http.routers.readarr.entrypoints=websecure" - - "traefik.http.routers.readarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.readarr.middlewares=authelia@docker" - - "traefik.http.services.readarr.loadbalancer.server.port=8787" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.readarr.rule=Host(`readarr.${DOMAIN}`)" + - 'traefik.http.routers.readarr.entrypoints=websecure" + - 'traefik.http.routers.readarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.readarr.middlewares=authelia@docker" + - 'traefik.http.services.readarr.loadbalancer.server.port=8787" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -200,19 +200,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Music collection manager" + - 'homelab.category=media" + - 'homelab.description=Music collection manager" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.lidarr.rule=Host(`lidarr.${DOMAIN}`)" - - "traefik.http.routers.lidarr.entrypoints=websecure" - - "traefik.http.routers.lidarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.lidarr.middlewares=authelia@docker" - - "traefik.http.services.lidarr.loadbalancer.server.port=8686" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.lidarr.rule=Host(`lidarr.${DOMAIN}`)" + - 'traefik.http.routers.lidarr.entrypoints=websecure" + - 'traefik.http.routers.lidarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.lidarr.middlewares=authelia@docker" + - 'traefik.http.services.lidarr.loadbalancer.server.port=8686" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -240,19 +240,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Book download automation" + - 'homelab.category=media" + - 'homelab.description=Book download automation" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.${DOMAIN}`)" - - "traefik.http.routers.lazylibrarian.entrypoints=websecure" - - "traefik.http.routers.lazylibrarian.tls.certresolver=letsencrypt" - - "traefik.http.routers.lazylibrarian.middlewares=authelia@docker" - - "traefik.http.services.lazylibrarian.loadbalancer.server.port=5299" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.${DOMAIN}`)" + - 'traefik.http.routers.lazylibrarian.entrypoints=websecure" + - 'traefik.http.routers.lazylibrarian.tls.certresolver=letsencrypt" + - 'traefik.http.routers.lazylibrarian.middlewares=authelia@docker" + - 'traefik.http.services.lazylibrarian.loadbalancer.server.port=5299" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -279,19 +279,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Comic book collection manager" + - 'homelab.category=media" + - 'homelab.description=Comic book collection manager" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.mylar.rule=Host(`mylar.${DOMAIN}`)" - - "traefik.http.routers.mylar.entrypoints=websecure" - - "traefik.http.routers.mylar.tls.certresolver=letsencrypt" - - "traefik.http.routers.mylar.middlewares=authelia@docker" - - "traefik.http.services.mylar.loadbalancer.server.port=8090" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.mylar.rule=Host(`mylar.${DOMAIN}`)" + - 'traefik.http.routers.mylar.entrypoints=websecure" + - 'traefik.http.routers.mylar.tls.certresolver=letsencrypt" + - 'traefik.http.routers.mylar.middlewares=authelia@docker" + - 'traefik.http.services.mylar.loadbalancer.server.port=8090" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" @@ -321,19 +321,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Media request management" + - 'homelab.category=media" + - 'homelab.description=Media request management" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`)" - - "traefik.http.routers.jellyseerr.entrypoints=websecure" - - "traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt" - - "traefik.http.routers.jellyseerr.middlewares=authelia@docker" - - "traefik.http.services.jellyseerr.loadbalancer.server.port=5055" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`)" + - 'traefik.http.routers.jellyseerr.entrypoints=websecure" + - 'traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.jellyseerr.middlewares=authelia@docker" + - 'traefik.http.services.jellyseerr.loadbalancer.server.port=5055" - "sablier.enable=true" - "sablier.group=jasper-arr" - "sablier.start-on-demand=true" diff --git a/docker-compose/media/docker-compose.yml b/docker-compose/media/docker-compose.yml index a2dbf25..ea70ed5 100644 --- a/docker-compose/media/docker-compose.yml +++ b/docker-compose/media/docker-compose.yml @@ -50,17 +50,17 @@ services: labels: # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=media" - - "homelab.description=Open-source media streaming server" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=media" + - 'homelab.description=Open-source media streaming server" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - - "traefik.http.routers.jellyfin.entrypoints=websecure" - - "traefik.http.routers.jellyfin.tls=true" - - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt" + - 'traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" + - 'traefik.http.routers.jellyfin.entrypoints=websecure" + - 'traefik.http.routers.jellyfin.tls=true" + - 'traefik.http.routers.jellyfin.tls.certresolver=letsencrypt" # Service configuration - - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" + - 'traefik.http.services.jellyfin.loadbalancer.server.port=8096" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-jellyfin" @@ -98,17 +98,17 @@ services: labels: # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=media" - - "homelab.description=Ebook reader and library management" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=media" + - 'homelab.description=Ebook reader and library management" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)" - - "traefik.http.routers.calibre.entrypoints=websecure" - - "traefik.http.routers.calibre.tls.certresolver=letsencrypt" - - "traefik.http.routers.calibre.middlewares=authelia@docker" + - 'traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)" + - 'traefik.http.routers.calibre.entrypoints=websecure" + - 'traefik.http.routers.calibre.tls.certresolver=letsencrypt" + - 'traefik.http.routers.calibre.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.calibre.loadbalancer.server.port=8083" + - 'traefik.http.services.calibre.loadbalancer.server.port=8083" # Sablier configuration (disabled by default) - "sablier.enable=true" - "sablier.group=jasper-calibre-web" diff --git a/docker-compose/monitoring/docker-compose.yml b/docker-compose/monitoring/docker-compose.yml index fec036c..cb8b31e 100644 --- a/docker-compose/monitoring/docker-compose.yml +++ b/docker-compose/monitoring/docker-compose.yml @@ -38,19 +38,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=monitoring" - - "homelab.description=Metrics collection and time-series database" + - 'homelab.category=monitoring" + - 'homelab.description=Metrics collection and time-series database" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)" - - "traefik.http.routers.prometheus.entrypoints=websecure" - - "traefik.http.routers.prometheus.tls=true" - - "traefik.http.routers.prometheus.tls.certresolver=letsencrypt" - - "traefik.http.routers.prometheus.middlewares=authelia@docker" - - "traefik.http.services.prometheus.loadbalancer.server.port=9090" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)" + - 'traefik.http.routers.prometheus.entrypoints=websecure" + - 'traefik.http.routers.prometheus.tls=true" + - 'traefik.http.routers.prometheus.tls.certresolver=letsencrypt" + - 'traefik.http.routers.prometheus.middlewares=authelia@docker" + - 'traefik.http.services.prometheus.loadbalancer.server.port=9090" # Grafana - Metrics visualization # Default credentials: admin / admin (change on first login) @@ -87,19 +87,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=monitoring" - - "homelab.description=Metrics visualization and dashboards" + - 'homelab.category=monitoring" + - 'homelab.description=Metrics visualization and dashboards" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls=true" - - "traefik.http.routers.grafana.tls.certresolver=letsencrypt" - - "traefik.http.routers.grafana.middlewares=authelia@docker" - - "traefik.http.services.grafana.loadbalancer.server.port=3000" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)" + - 'traefik.http.routers.grafana.entrypoints=websecure" + - 'traefik.http.routers.grafana.tls=true" + - 'traefik.http.routers.grafana.tls.certresolver=letsencrypt" + - 'traefik.http.routers.grafana.middlewares=authelia@docker" + - 'traefik.http.services.grafana.loadbalancer.server.port=3000" # Node Exporter - Host metrics exporter # Metrics at: http://192.168.4.4:9100/metrics @@ -121,8 +121,8 @@ services: - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' labels: - - "homelab.category=monitoring" - - "homelab.description=Hardware and OS metrics exporter" + - 'homelab.category=monitoring" + - 'homelab.description=Hardware and OS metrics exporter" # cAdvisor - Container metrics exporter # Access at: http://192.168.4.4:8082 @@ -148,19 +148,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=monitoring" - - "homelab.description=Container metrics and performance monitoring" + - 'homelab.category=monitoring" + - 'homelab.description=Container metrics and performance monitoring" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)" - - "traefik.http.routers.cadvisor.entrypoints=websecure" - - "traefik.http.routers.cadvisor.tls=true" - - "traefik.http.routers.cadvisor.tls.certresolver=letsencrypt" - - "traefik.http.routers.cadvisor.middlewares=authelia@docker" - - "traefik.http.services.cadvisor.loadbalancer.server.port=8080" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)" + - 'traefik.http.routers.cadvisor.entrypoints=websecure" + - 'traefik.http.routers.cadvisor.tls=true" + - 'traefik.http.routers.cadvisor.tls.certresolver=letsencrypt" + - 'traefik.http.routers.cadvisor.middlewares=authelia@docker" + - 'traefik.http.services.cadvisor.loadbalancer.server.port=8080" # Uptime Kuma - Uptime monitoring uptime-kuma: @@ -188,19 +188,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=monitoring" - - "homelab.description=Service uptime monitoring and alerts" + - 'homelab.category=monitoring" + - 'homelab.description=Service uptime monitoring and alerts" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${DOMAIN}`)" - - "traefik.http.routers.uptime-kuma.entrypoints=websecure" - - "traefik.http.routers.uptime-kuma.tls=true" - - "traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt" - - "traefik.http.routers.uptime-kuma.middlewares=authelia@docker" - - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${DOMAIN}`)" + - 'traefik.http.routers.uptime-kuma.entrypoints=websecure" + - 'traefik.http.routers.uptime-kuma.tls=true" + - 'traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt" + - 'traefik.http.routers.uptime-kuma.middlewares=authelia@docker" + - 'traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" # Loki - Log aggregation # Access at: http://192.168.4.4:3100 @@ -230,19 +230,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=monitoring" - - "homelab.description=Log aggregation system" + - 'homelab.category=monitoring" + - 'homelab.description=Log aggregation system" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.loki.rule=Host(`loki.${DOMAIN}`)" - - "traefik.http.routers.loki.entrypoints=websecure" - - "traefik.http.routers.loki.tls=true" - - "traefik.http.routers.loki.tls.certresolver=letsencrypt" - - "traefik.http.routers.loki.middlewares=authelia@docker" - - "traefik.http.services.loki.loadbalancer.server.port=3100" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.loki.rule=Host(`loki.${DOMAIN}`)" + - 'traefik.http.routers.loki.entrypoints=websecure" + - 'traefik.http.routers.loki.tls=true" + - 'traefik.http.routers.loki.tls.certresolver=letsencrypt" + - 'traefik.http.routers.loki.middlewares=authelia@docker" + - 'traefik.http.services.loki.loadbalancer.server.port=3100" # Promtail - Log shipper for Loki # Ships Docker container logs to Loki @@ -260,8 +260,8 @@ services: depends_on: - loki labels: - - "homelab.category=monitoring" - - "homelab.description=Log collector for Loki" + - 'homelab.category=monitoring" + - 'homelab.description=Log collector for Loki" volumes: prometheus-data: diff --git a/docker-compose/productivity/docker-compose.yml b/docker-compose/productivity/docker-compose.yml index b365eab..43534aa 100644 --- a/docker-compose/productivity/docker-compose.yml +++ b/docker-compose/productivity/docker-compose.yml @@ -52,17 +52,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=File sync and collaboration" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=File sync and collaboration" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)" - - "traefik.http.routers.nextcloud.entrypoints=websecure" - - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt" - - "traefik.http.routers.nextcloud.middlewares=authelia@docker" + - 'traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)" + - 'traefik.http.routers.nextcloud.entrypoints=websecure" + - 'traefik.http.routers.nextcloud.tls.certresolver=letsencrypt" + - 'traefik.http.routers.nextcloud.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.nextcloud.loadbalancer.server.port=8089" + - 'traefik.http.services.nextcloud.loadbalancer.server.port=8089" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-nextcloud" @@ -83,8 +83,8 @@ services: - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD} command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW labels: - - "homelab.category=productivity" - - "homelab.description=Nextcloud database" + - 'homelab.category=productivity" + - 'homelab.description=Nextcloud database" # Mealie - Recipe manager mealie: @@ -108,17 +108,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=Recipe manager and meal planner" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=Recipe manager and meal planner" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" - - "traefik.http.routers.mealie.entrypoints=websecure" - - "traefik.http.routers.mealie.tls.certresolver=letsencrypt" - - "traefik.http.routers.mealie.middlewares=authelia@docker" + - 'traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" + - 'traefik.http.routers.mealie.entrypoints=websecure" + - 'traefik.http.routers.mealie.tls.certresolver=letsencrypt" + - 'traefik.http.routers.mealie.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.mealie.loadbalancer.server.port=9000" + - 'traefik.http.services.mealie.loadbalancer.server.port=9000" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-mealie" @@ -153,17 +153,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=Blog and website platform" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=Blog and website platform" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.wordpress.rule=Host(`wordpress.${DOMAIN}`)" - - "traefik.http.routers.wordpress.entrypoints=websecure" - - "traefik.http.routers.wordpress.tls.certresolver=letsencrypt" - - "traefik.http.routers.wordpress.middlewares=authelia@docker" + - 'traefik.http.routers.wordpress.rule=Host(`wordpress.${DOMAIN}`)" + - 'traefik.http.routers.wordpress.entrypoints=websecure" + - 'traefik.http.routers.wordpress.tls.certresolver=letsencrypt" + - 'traefik.http.routers.wordpress.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.wordpress.loadbalancer.server.port=8088" + - 'traefik.http.services.wordpress.loadbalancer.server.port=8088" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-wordpress" @@ -183,8 +183,8 @@ services: - MYSQL_USER=wordpress - MYSQL_PASSWORD=${WORDPRESS_DB_PASSWORD} labels: - - "homelab.category=productivity" - - "homelab.description=WordPress database" + - 'homelab.category=productivity" + - 'homelab.description=WordPress database" # Gitea - Self-hosted Git service gitea: @@ -229,17 +229,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=Self-hosted Git service" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=Self-hosted Git service" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" - - "traefik.http.routers.gitea.entrypoints=websecure" - - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" - - "traefik.http.routers.gitea.middlewares=authelia@docker" + - 'traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" + - 'traefik.http.routers.gitea.entrypoints=websecure" + - 'traefik.http.routers.gitea.tls.certresolver=letsencrypt" + - 'traefik.http.routers.gitea.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.gitea.loadbalancer.server.port=3010" + - 'traefik.http.services.gitea.loadbalancer.server.port=3010" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-gitea" @@ -258,8 +258,8 @@ services: - POSTGRES_PASSWORD=${GITEA_DB_PASSWORD} - POSTGRES_DB=gitea labels: - - "homelab.category=productivity" - - "homelab.description=Gitea database" + - 'homelab.category=productivity" + - 'homelab.description=Gitea database" # Jupyter Lab - Interactive computing notebooks @@ -292,18 +292,18 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=productivity" - - "homelab.description=Jupyter Lab for data science and ML" + - 'homelab.category=productivity" + - 'homelab.description=Jupyter Lab for data science and ML" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)" - - "traefik.http.routers.jupyter.entrypoints=websecure" - - "traefik.http.routers.jupyter.tls.certresolver=letsencrypt" - - "traefik.http.routers.jupyter.middlewares=authelia@docker" - - "traefik.http.services.jupyter.loadbalancer.server.port=8890" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)" + - 'traefik.http.routers.jupyter.entrypoints=websecure" + - 'traefik.http.routers.jupyter.tls.certresolver=letsencrypt" + - 'traefik.http.routers.jupyter.middlewares=authelia@docker" + - 'traefik.http.services.jupyter.loadbalancer.server.port=8890" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-jupyter" diff --git a/docker-compose/transcoders/docker-compose.yml b/docker-compose/transcoders/docker-compose.yml index fca0427..39451c2 100644 --- a/docker-compose/transcoders/docker-compose.yml +++ b/docker-compose/transcoders/docker-compose.yml @@ -33,19 +33,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Distributed transcoding server" + - 'homelab.category=media" + - 'homelab.description=Distributed transcoding server" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.tdarr.rule=Host(`tdarr.${DOMAIN}`)" - - "traefik.http.routers.tdarr.entrypoints=websecure" - - "traefik.http.routers.tdarr.tls.certresolver=letsencrypt" - - "traefik.http.routers.tdarr.middlewares=authelia@docker" - - "traefik.http.services.tdarr.loadbalancer.server.port=8265" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.tdarr.rule=Host(`tdarr.${DOMAIN}`)" + - 'traefik.http.routers.tdarr.entrypoints=websecure" + - 'traefik.http.routers.tdarr.tls.certresolver=letsencrypt" + - 'traefik.http.routers.tdarr.middlewares=authelia@docker" + - 'traefik.http.services.tdarr.loadbalancer.server.port=8265" - "sablier.enable=true" - "sablier.group=jasper-tdarr" - "sablier.start-on-demand=true" @@ -101,19 +101,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=media" - - "homelab.description=Library optimization and transcoding" + - 'homelab.category=media" + - 'homelab.description=Library optimization and transcoding" - "com.centurylinklabs.watchtower.enable=true" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" - - "traefik.http.routers.unmanic.rule=Host(`unmanic.${DOMAIN}`)" - - "traefik.http.routers.unmanic.entrypoints=websecure" - - "traefik.http.routers.unmanic.tls.certresolver=letsencrypt" - - "traefik.http.routers.unmanic.middlewares=authelia@docker" - - "traefik.http.services.unmanic.loadbalancer.server.port=8889" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" + - 'traefik.http.routers.unmanic.rule=Host(`unmanic.${DOMAIN}`)" + - 'traefik.http.routers.unmanic.entrypoints=websecure" + - 'traefik.http.routers.unmanic.tls.certresolver=letsencrypt" + - 'traefik.http.routers.unmanic.middlewares=authelia@docker" + - 'traefik.http.services.unmanic.loadbalancer.server.port=8889" - "sablier.enable=true" - "sablier.group=jasper-unmanic" - "sablier.start-on-demand=true" diff --git a/docker-compose/utilities/docker-compose.yml b/docker-compose/utilities/docker-compose.yml index 73a7e8e..2bcb1fb 100644 --- a/docker-compose/utilities/docker-compose.yml +++ b/docker-compose/utilities/docker-compose.yml @@ -36,17 +36,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=utilities" - - "homelab.description=Backup management with restic" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=utilities" + - 'homelab.description=Backup management with restic" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)" - - "traefik.http.routers.backrest.entrypoints=websecure" - - "traefik.http.routers.backrest.tls.certresolver=letsencrypt" - - "traefik.http.routers.backrest.middlewares=authelia@docker" + - 'traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)" + - 'traefik.http.routers.backrest.entrypoints=websecure" + - 'traefik.http.routers.backrest.tls.certresolver=letsencrypt" + - 'traefik.http.routers.backrest.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.backrest.loadbalancer.server.port=9898" + - 'traefik.http.services.backrest.loadbalancer.server.port=9898" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-backrest" @@ -81,17 +81,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=utilities" - - "homelab.description=Backup software with encryption" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=utilities" + - 'homelab.description=Backup software with encryption" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" - - "traefik.http.routers.duplicati.entrypoints=websecure" - - "traefik.http.routers.duplicati.tls.certresolver=letsencrypt" - - "traefik.http.routers.duplicati.middlewares=authelia@docker" + - 'traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" + - 'traefik.http.routers.duplicati.entrypoints=websecure" + - 'traefik.http.routers.duplicati.tls.certresolver=letsencrypt" + - 'traefik.http.routers.duplicati.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.duplicati.loadbalancer.server.port=8200" + - 'traefik.http.services.duplicati.loadbalancer.server.port=8200" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-duplicati" @@ -125,17 +125,17 @@ services: # ========================================== # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=utilities" - - "homelab.description=Form builder platform" + - 'homelab.category=utilities" + - 'homelab.description=Form builder platform" # Traefik labels - - "traefik.enable=true" + - 'traefik.enable=true" # Router configuration - - "traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)" - - "traefik.http.routers.formio.entrypoints=websecure" - - "traefik.http.routers.formio.tls.certresolver=letsencrypt" - - "traefik.http.routers.formio.middlewares=authelia@docker" + - 'traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)" + - 'traefik.http.routers.formio.entrypoints=websecure" + - 'traefik.http.routers.formio.tls.certresolver=letsencrypt" + - 'traefik.http.routers.formio.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.formio.loadbalancer.server.port=3001" + - 'traefik.http.services.formio.loadbalancer.server.port=3001" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-formio" @@ -148,8 +148,8 @@ services: networks: - homelab-network labels: - - "homelab.category=utilities" - - "homelab.description=Form.io database" + - 'homelab.category=utilities" + - 'homelab.description=Form.io database" # Bitwarden (Vaultwarden) - Password manager # Note: SSO disabled for browser extension and mobile app compatibility @@ -187,19 +187,19 @@ services: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - - "homelab.category=utilities" - - "homelab.description=Self-hosted password manager (Bitwarden)" + - 'homelab.category=utilities" + - 'homelab.description=Self-hosted password manager (Bitwarden)" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - - "traefik.enable=true" - - "traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)" - - "traefik.http.routers.vaultwarden.entrypoints=websecure" - - "traefik.http.routers.vaultwarden.tls=true" - - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt" + - 'traefik.enable=true" + - 'traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)" + - 'traefik.http.routers.vaultwarden.entrypoints=websecure" + - 'traefik.http.routers.vaultwarden.tls=true" + - 'traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt" # SSO disabled for browser extension and mobile app compatibility - # - "traefik.http.routers.vaultwarden.middlewares=authelia@docker" - - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" + # - 'traefik.http.routers.vaultwarden.middlewares=authelia@docker" + - 'traefik.http.services.vaultwarden.loadbalancer.server.port=80" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-vaultwarden" diff --git a/docker-compose/vpn/docker-compose.yml b/docker-compose/vpn/docker-compose.yml index 9669800..003d39c 100644 --- a/docker-compose/vpn/docker-compose.yml +++ b/docker-compose/vpn/docker-compose.yml @@ -38,17 +38,17 @@ services: labels: # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=downloaders" - - "homelab.description=VPN client for secure downloads" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=downloaders" + - 'homelab.description=VPN client for secure downloads" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)" - - "traefik.http.routers.qbittorrent.entrypoints=websecure" - - "traefik.http.routers.qbittorrent.tls=true" - - "traefik.http.routers.qbittorrent.middlewares=authelia@docker" + - 'traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)" + - 'traefik.http.routers.qbittorrent.entrypoints=websecure" + - 'traefik.http.routers.qbittorrent.tls=true" + - 'traefik.http.routers.qbittorrent.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.qbittorrent.loadbalancer.server.port=8081" + - 'traefik.http.services.qbittorrent.loadbalancer.server.port=8081" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-qbittorrent" diff --git a/docker-compose/wikis/docker-compose.yml b/docker-compose/wikis/docker-compose.yml index 7898d7e..cd7f801 100644 --- a/docker-compose/wikis/docker-compose.yml +++ b/docker-compose/wikis/docker-compose.yml @@ -26,17 +26,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=File-based wiki" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=File-based wiki" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.${DOMAIN}`)" - - "traefik.http.routers.dokuwiki.entrypoints=websecure" - - "traefik.http.routers.dokuwiki.tls.certresolver=letsencrypt" - - "traefik.http.routers.dokuwiki.middlewares=authelia@docker" + - 'traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.${DOMAIN}`)" + - 'traefik.http.routers.dokuwiki.entrypoints=websecure" + - 'traefik.http.routers.dokuwiki.tls.certresolver=letsencrypt" + - 'traefik.http.routers.dokuwiki.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.dokuwiki.loadbalancer.server.port=8087" + - 'traefik.http.services.dokuwiki.loadbalancer.server.port=8087" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-dokuwiki" @@ -77,17 +77,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=Documentation and wiki platform" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=Documentation and wiki platform" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.bookstack.rule=Host(`bookstack.${DOMAIN}`)" - - "traefik.http.routers.bookstack.entrypoints=websecure" - - "traefik.http.routers.bookstack.tls.certresolver=letsencrypt" - - "traefik.http.routers.bookstack.middlewares=authelia@docker" + - 'traefik.http.routers.bookstack.rule=Host(`bookstack.${DOMAIN}`)" + - 'traefik.http.routers.bookstack.entrypoints=websecure" + - 'traefik.http.routers.bookstack.tls.certresolver=letsencrypt" + - 'traefik.http.routers.bookstack.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.bookstack.loadbalancer.server.port=6875" + - 'traefik.http.services.bookstack.loadbalancer.server.port=6875" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-bookstack" @@ -107,8 +107,8 @@ services: - MYSQL_USER=bookstack - MYSQL_PASSWORD=${BOOKSTACK_DB_PASSWORD} labels: - - "homelab.category=productivity" - - "homelab.description=BookStack database" + - 'homelab.category=productivity" + - 'homelab.description=BookStack database" # MediaWiki - Wiki platform mediawiki: @@ -140,17 +140,17 @@ services: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - - "homelab.category=productivity" - - "homelab.description=MediaWiki platform" - - "traefik.enable=true" - - "traefik.docker.network=traefik-network" + - 'homelab.category=productivity" + - 'homelab.description=MediaWiki platform" + - 'traefik.enable=true" + - 'traefik.docker.network=traefik-network" # Router configuration - - "traefik.http.routers.mediawiki.rule=Host(`mediawiki.${DOMAIN}`)" - - "traefik.http.routers.mediawiki.entrypoints=websecure" - - "traefik.http.routers.mediawiki.tls.certresolver=letsencrypt" - - "traefik.http.routers.mediawiki.middlewares=authelia@docker" + - 'traefik.http.routers.mediawiki.rule=Host(`mediawiki.${DOMAIN}`)" + - 'traefik.http.routers.mediawiki.entrypoints=websecure" + - 'traefik.http.routers.mediawiki.tls.certresolver=letsencrypt" + - 'traefik.http.routers.mediawiki.middlewares=authelia@docker" # Service configuration - - "traefik.http.services.mediawiki.loadbalancer.server.port=8086" + - 'traefik.http.services.mediawiki.loadbalancer.server.port=8086" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-mediawiki" @@ -170,8 +170,8 @@ services: - MYSQL_USER=mediawiki - MYSQL_PASSWORD=${MEDIAWIKI_DB_PASSWORD} labels: - - "homelab.category=productivity" - - "homelab.description=MediaWiki database" + - 'homelab.category=productivity" + - 'homelab.description=MediaWiki database" volumes: bookstack-db-data: diff --git a/get-docker.sh b/get-docker.sh new file mode 100644 index 0000000..9a7bddb --- /dev/null +++ b/get-docker.sh @@ -0,0 +1,764 @@ +#!/bin/sh +set -e +# Docker Engine for Linux installation script. +# +# This script is intended as a convenient way to configure docker's package +# repositories and to install Docker Engine, This script is not recommended +# for production environments. Before running this script, make yourself familiar +# with potential risks and limitations, and refer to the installation manual +# at https://docs.docker.com/engine/install/ for alternative installation methods. +# +# The script: +# +# - Requires `root` or `sudo` privileges to run. +# - Attempts to detect your Linux distribution and version and configure your +# package management system for you. +# - Doesn't allow you to customize most installation parameters. +# - Installs dependencies and recommendations without asking for confirmation. +# - Installs the latest stable release (by default) of Docker CLI, Docker Engine, +# Docker Buildx, Docker Compose, containerd, and runc. When using this script +# to provision a machine, this may result in unexpected major version upgrades +# of these packages. Always test upgrades in a test environment before +# deploying to your production systems. +# - Isn't designed to upgrade an existing Docker installation. When using the +# script to update an existing installation, dependencies may not be updated +# to the expected version, resulting in outdated versions. +# +# Source code is available at https://github.com/docker/docker-install/ +# +# Usage +# ============================================================================== +# +# To install the latest stable versions of Docker CLI, Docker Engine, and their +# dependencies: +# +# 1. download the script +# +# $ curl -fsSL https://get.docker.com -o install-docker.sh +# +# 2. verify the script's content +# +# $ cat install-docker.sh +# +# 3. run the script with --dry-run to verify the steps it executes +# +# $ sh install-docker.sh --dry-run +# +# 4. run the script either as root, or using sudo to perform the installation. +# +# $ sudo sh install-docker.sh +# +# Command-line options +# ============================================================================== +# +# --version +# Use the --version option to install a specific version, for example: +# +# $ sudo sh install-docker.sh --version 23.0 +# +# --channel +# +# Use the --channel option to install from an alternative installation channel. +# The following example installs the latest versions from the "test" channel, +# which includes pre-releases (alpha, beta, rc): +# +# $ sudo sh install-docker.sh --channel test +# +# Alternatively, use the script at https://test.docker.com, which uses the test +# channel as default. +# +# --mirror +# +# Use the --mirror option to install from a mirror supported by this script. +# Available mirrors are "Aliyun" (https://mirrors.aliyun.com/docker-ce), and +# "AzureChinaCloud" (https://mirror.azure.cn/docker-ce), for example: +# +# $ sudo sh install-docker.sh --mirror AzureChinaCloud +# +# --setup-repo +# +# Use the --setup-repo option to configure Docker's package repositories without +# installing Docker packages. This is useful when you want to add the repository +# but install packages separately: +# +# $ sudo sh install-docker.sh --setup-repo +# +# Automatic Service Start +# +# By default, this script automatically starts the Docker daemon and enables the docker +# service after installation if systemd is used as init. +# +# If you prefer to start the service manually, use the --no-autostart option: +# +# $ sudo sh install-docker.sh --no-autostart +# +# Note: Starting the service requires appropriate privileges to manage system services. +# +# ============================================================================== + + +# Git commit from https://github.com/docker/docker-install when +# the script was uploaded (Should only be modified by upload job): +SCRIPT_COMMIT_SHA="f381ee68b32e515bb4dc034b339266aff1fbc460" + +# strip "v" prefix if present +VERSION="${VERSION#v}" + +# The channel to install from: +# * stable +# * test +DEFAULT_CHANNEL_VALUE="stable" +if [ -z "$CHANNEL" ]; then + CHANNEL=$DEFAULT_CHANNEL_VALUE +fi + +DEFAULT_DOWNLOAD_URL="https://download.docker.com" +if [ -z "$DOWNLOAD_URL" ]; then + DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL +fi + +DEFAULT_REPO_FILE="docker-ce.repo" +if [ -z "$REPO_FILE" ]; then + REPO_FILE="$DEFAULT_REPO_FILE" + # Automatically default to a staging repo fora + # a staging download url (download-stage.docker.com) + case "$DOWNLOAD_URL" in + *-stage*) REPO_FILE="docker-ce-staging.repo";; + esac +fi + +mirror='' +DRY_RUN=${DRY_RUN:-} +REPO_ONLY=${REPO_ONLY:-0} +NO_AUTOSTART=${NO_AUTOSTART:-0} +while [ $# -gt 0 ]; do + case "$1" in + --channel) + CHANNEL="$2" + shift + ;; + --dry-run) + DRY_RUN=1 + ;; + --mirror) + mirror="$2" + shift + ;; + --version) + VERSION="${2#v}" + shift + ;; + --setup-repo) + REPO_ONLY=1 + shift + ;; + --no-autostart) + NO_AUTOSTART=1 + ;; + --*) + echo "Illegal option $1" + ;; + esac + shift $(( $# > 0 ? 1 : 0 )) +done + +case "$mirror" in + Aliyun) + DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce" + ;; + AzureChinaCloud) + DOWNLOAD_URL="https://mirror.azure.cn/docker-ce" + ;; + "") + ;; + *) + >&2 echo "unknown mirror '$mirror': use either 'Aliyun', or 'AzureChinaCloud'." + exit 1 + ;; +esac + +case "$CHANNEL" in + stable|test) + ;; + *) + >&2 echo "unknown CHANNEL '$CHANNEL': use either stable or test." + exit 1 + ;; +esac + +command_exists() { + command -v "$@" > /dev/null 2>&1 +} + +# version_gte checks if the version specified in $VERSION is at least the given +# SemVer (Maj.Minor[.Patch]), or CalVer (YY.MM) version.It returns 0 (success) +# if $VERSION is either unset (=latest) or newer or equal than the specified +# version, or returns 1 (fail) otherwise. +# +# examples: +# +# VERSION=23.0 +# version_gte 23.0 // 0 (success) +# version_gte 20.10 // 0 (success) +# version_gte 19.03 // 0 (success) +# version_gte 26.1 // 1 (fail) +version_gte() { + if [ -z "$VERSION" ]; then + return 0 + fi + version_compare "$VERSION" "$1" +} + +# version_compare compares two version strings (either SemVer (Major.Minor.Path), +# or CalVer (YY.MM) version strings. It returns 0 (success) if version A is newer +# or equal than version B, or 1 (fail) otherwise. Patch releases and pre-release +# (-alpha/-beta) are not taken into account +# +# examples: +# +# version_compare 23.0.0 20.10 // 0 (success) +# version_compare 23.0 20.10 // 0 (success) +# version_compare 20.10 19.03 // 0 (success) +# version_compare 20.10 20.10 // 0 (success) +# version_compare 19.03 20.10 // 1 (fail) +version_compare() ( + set +x + + yy_a="$(echo "$1" | cut -d'.' -f1)" + yy_b="$(echo "$2" | cut -d'.' -f1)" + if [ "$yy_a" -lt "$yy_b" ]; then + return 1 + fi + if [ "$yy_a" -gt "$yy_b" ]; then + return 0 + fi + mm_a="$(echo "$1" | cut -d'.' -f2)" + mm_b="$(echo "$2" | cut -d'.' -f2)" + + # trim leading zeros to accommodate CalVer + mm_a="${mm_a#0}" + mm_b="${mm_b#0}" + + if [ "${mm_a:-0}" -lt "${mm_b:-0}" ]; then + return 1 + fi + + return 0 +) + +is_dry_run() { + if [ -z "$DRY_RUN" ]; then + return 1 + else + return 0 + fi +} + +is_wsl() { + case "$(uname -r)" in + *microsoft* ) true ;; # WSL 2 + *Microsoft* ) true ;; # WSL 1 + * ) false;; + esac +} + +is_darwin() { + case "$(uname -s)" in + *darwin* ) true ;; + *Darwin* ) true ;; + * ) false;; + esac +} + +deprecation_notice() { + distro=$1 + distro_version=$2 + echo + printf "\033[91;1mDEPRECATION WARNING\033[0m\n" + printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version" + echo " No updates or security fixes will be released for this distribution, and users are recommended" + echo " to upgrade to a currently maintained version of $distro." + echo + printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue." + echo + sleep 10 +} + +get_distribution() { + lsb_dist="" + # Every system that we officially support has /etc/os-release + if [ -r /etc/os-release ]; then + lsb_dist="$(. /etc/os-release && echo "$ID")" + fi + # Returning an empty string here should be alright since the + # case statements don't act unless you provide an actual value + echo "$lsb_dist" +} + +start_docker_daemon() { + # Use systemctl if available (for systemd-based systems) + if command_exists systemctl; then + is_dry_run || >&2 echo "Using systemd to manage Docker service" + if ( + is_dry_run || set -x + $sh_c systemctl enable --now docker.service 2>/dev/null + ); then + is_dry_run || echo "INFO: Docker daemon enabled and started" >&2 + else + is_dry_run || echo "WARNING: unable to enable the docker service" >&2 + fi + else + # No service management available (container environment) + if ! is_dry_run; then + >&2 echo "Note: Running in a container environment without service management" + >&2 echo "Docker daemon cannot be started automatically in this environment" + >&2 echo "The Docker packages have been installed successfully" + fi + fi + >&2 echo +} + +echo_docker_as_nonroot() { + if is_dry_run; then + return + fi + if command_exists docker && [ -e /var/run/docker.sock ]; then + ( + set -x + $sh_c 'docker version' + ) || true + fi + + # intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output + echo + echo "================================================================================" + echo + if version_gte "20.10"; then + echo "To run Docker as a non-privileged user, consider setting up the" + echo "Docker daemon in rootless mode for your user:" + echo + echo " dockerd-rootless-setuptool.sh install" + echo + echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode." + echo + fi + echo + echo "To run the Docker daemon as a fully privileged service, but granting non-root" + echo "users access, refer to https://docs.docker.com/go/daemon-access/" + echo + echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent" + echo " to root access on the host. Refer to the 'Docker daemon attack surface'" + echo " documentation for details: https://docs.docker.com/go/attack-surface/" + echo + echo "================================================================================" + echo +} + +# Check if this is a forked Linux distro +check_forked() { + + # Check for lsb_release command existence, it usually exists in forked distros + if command_exists lsb_release; then + # Check if the `-u` option is supported + set +e + lsb_release -a -u > /dev/null 2>&1 + lsb_release_exit_code=$? + set -e + + # Check if the command has exited successfully, it means we're in a forked distro + if [ "$lsb_release_exit_code" = "0" ]; then + # Print info about current distro + cat <<-EOF + You're using '$lsb_dist' version '$dist_version'. + EOF + + # Get the upstream release info + lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') + dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') + + # Print info about upstream distro + cat <<-EOF + Upstream release is '$lsb_dist' version '$dist_version'. + EOF + else + if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then + if [ "$lsb_dist" = "osmc" ]; then + # OSMC runs Raspbian + lsb_dist=raspbian + else + # We're Debian and don't even know it! + lsb_dist=debian + fi + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 13|14|forky) + dist_version="trixie" + ;; + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + fi + fi + fi +} + +do_install() { + echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA" + + if command_exists docker; then + cat >&2 <<-'EOF' + Warning: the "docker" command appears to already exist on this system. + + If you already have Docker installed, this script can cause trouble, which is + why we're displaying this warning and provide the opportunity to cancel the + installation. + + If you installed the current Docker package using this script and are using it + again to update Docker, you can ignore this message, but be aware that the + script resets any custom changes in the deb and rpm repo configuration + files to match the parameters passed to the script. + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + user="$(id -un 2>/dev/null || true)" + + sh_c='sh -c' + if [ "$user" != 'root' ]; then + if command_exists sudo; then + sh_c='sudo -E sh -c' + elif command_exists su; then + sh_c='su -c' + else + cat >&2 <<-'EOF' + Error: this installer needs the ability to run commands as root. + We are unable to find either "sudo" or "su" available to make this happen. + EOF + exit 1 + fi + fi + + if is_dry_run; then + sh_c="echo" + fi + + # perform some very rudimentary platform detection + lsb_dist=$( get_distribution ) + lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" + + if is_wsl; then + echo + echo "WSL DETECTED: We recommend using Docker Desktop for Windows." + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop/" + echo + cat >&2 <<-'EOF' + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + case "$lsb_dist" in + + ubuntu) + if command_exists lsb_release; then + dist_version="$(lsb_release --codename | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then + dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" + fi + ;; + + debian|raspbian) + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 13) + dist_version="trixie" + ;; + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + ;; + + centos|rhel) + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + ;; + + *) + if command_exists lsb_release; then + dist_version="$(lsb_release --release | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + ;; + + esac + + # Check if this is a forked Linux distro + check_forked + + # Print deprecation warnings for distro versions that recently reached EOL, + # but may still be commonly used (especially LTS versions). + case "$lsb_dist.$dist_version" in + centos.8|centos.7|rhel.7) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + debian.buster|debian.stretch|debian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + raspbian.buster|raspbian.stretch|raspbian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + ubuntu.focal|ubuntu.bionic|ubuntu.xenial|ubuntu.trusty) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + ubuntu.oracular|ubuntu.mantic|ubuntu.lunar|ubuntu.kinetic|ubuntu.impish|ubuntu.hirsute|ubuntu.groovy|ubuntu.eoan|ubuntu.disco|ubuntu.cosmic) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + fedora.*) + if [ "$dist_version" -lt 41 ]; then + deprecation_notice "$lsb_dist" "$dist_version" + fi + ;; + esac + + # Run setup for each distro accordingly + case "$lsb_dist" in + ubuntu|debian|raspbian) + pre_reqs="ca-certificates curl" + apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL" + ( + if ! is_dry_run; then + set -x + fi + $sh_c 'apt-get -qq update >/dev/null' + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null" + $sh_c 'install -m 0755 -d /etc/apt/keyrings' + $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc" + $sh_c "chmod a+r /etc/apt/keyrings/docker.asc" + $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list" + $sh_c 'apt-get -qq update >/dev/null' + ) + + if [ "$REPO_ONLY" = "1" ]; then + exit 0 + fi + + pkg_version="" + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + # Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel + pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/~ce~.*/g' | sed 's/-/.*/g')" + search_command="apt-cache madison docker-ce | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst apt-cache madison results" + echo + exit 1 + fi + if version_gte "18.09"; then + search_command="apt-cache madison docker-ce-cli | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + echo "INFO: $search_command" + cli_pkg_version="=$($sh_c "$search_command")" + fi + pkg_version="=$pkg_version" + fi + fi + ( + pkgs="docker-ce${pkg_version%=}" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io" + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin" + fi + if version_gte "28.2"; then + pkgs="$pkgs docker-model-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pkgs >/dev/null" + ) + if [ "$NO_AUTOSTART" != "1" ]; then + start_docker_daemon + fi + echo_docker_as_nonroot + exit 0 + ;; + centos|fedora|rhel) + if [ "$(uname -m)" = "s390x" ]; then + echo "Effective v27.5, please consult RHEL distro statement for s390x support." + exit 1 + fi + repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" + ( + if ! is_dry_run; then + set -x + fi + if command_exists dnf5; then + $sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core" + $sh_c "dnf5 config-manager addrepo --overwrite --save-filename=docker-ce.repo --from-repofile='$repo_file_url'" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "dnf5 config-manager setopt \"docker-ce-*.enabled=0\"" + $sh_c "dnf5 config-manager setopt \"docker-ce-$CHANNEL.enabled=1\"" + fi + $sh_c "dnf makecache" + elif command_exists dnf; then + $sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core" + $sh_c "rm -f /etc/yum.repos.d/docker-ce.repo /etc/yum.repos.d/docker-ce-staging.repo" + $sh_c "dnf config-manager --add-repo $repo_file_url" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "dnf config-manager --set-disabled \"docker-ce-*\"" + $sh_c "dnf config-manager --set-enabled \"docker-ce-$CHANNEL\"" + fi + $sh_c "dnf makecache" + else + $sh_c "yum -y -q install yum-utils" + $sh_c "rm -f /etc/yum.repos.d/docker-ce.repo /etc/yum.repos.d/docker-ce-staging.repo" + $sh_c "yum-config-manager --add-repo $repo_file_url" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "yum-config-manager --disable \"docker-ce-*\"" + $sh_c "yum-config-manager --enable \"docker-ce-$CHANNEL\"" + fi + $sh_c "yum makecache" + fi + ) + + if [ "$REPO_ONLY" = "1" ]; then + exit 0 + fi + + pkg_version="" + if command_exists dnf; then + pkg_manager="dnf" + pkg_manager_flags="-y -q --best" + else + pkg_manager="yum" + pkg_manager_flags="-y -q" + fi + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + if [ "$lsb_dist" = "fedora" ]; then + pkg_suffix="fc$dist_version" + else + pkg_suffix="el" + fi + pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/\\\\.ce.*/g' | sed 's/-/.*/g').*$pkg_suffix" + search_command="$pkg_manager list --showduplicates docker-ce | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst $pkg_manager list results" + echo + exit 1 + fi + if version_gte "18.09"; then + # older versions don't support a cli package + search_command="$pkg_manager list --showduplicates docker-ce-cli | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)" + fi + # Cut out the epoch and prefix with a '-' + pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)" + fi + fi + ( + pkgs="docker-ce$pkg_version" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + if [ -n "$cli_pkg_version" ]; then + pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" + else + pkgs="$pkgs docker-ce-cli containerd.io" + fi + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin docker-model-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "$pkg_manager $pkg_manager_flags install $pkgs" + ) + if [ "$NO_AUTOSTART" != "1" ]; then + start_docker_daemon + fi + echo_docker_as_nonroot + exit 0 + ;; + sles) + echo "Effective v27.5, please consult SLES distro statement for s390x support." + exit 1 + ;; + *) + if [ -z "$lsb_dist" ]; then + if is_darwin; then + echo + echo "ERROR: Unsupported operating system 'macOS'" + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" + echo + exit 1 + fi + fi + echo + echo "ERROR: Unsupported distribution '$lsb_dist'" + echo + exit 1 + ;; + esac + exit 1 +} + +# wrapped up in a function so that we have some protection against only getting +# half the file during "curl | sh" +do_install diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh index a499f4b..3263696 100755 --- a/scripts/ez-homelab.sh +++ b/scripts/ez-homelab.sh @@ -384,7 +384,7 @@ SERVER_IP="" CORE_SERVER_IP="" ADMIN_USER="" ADMIN_EMAIL="" -ADMIN_PASSWORD="" +AUTHELIA_ADMIN_PASSWORD="" DEPLOY_CORE=false DEPLOY_INFRASTRUCTURE=false DEPLOY_DASHBOARDS=false @@ -694,9 +694,9 @@ save_env_file() { if [ -z "$ADMIN_EMAIL" ]; then ADMIN_EMAIL="${DEFAULT_EMAIL:-${ADMIN_USER}@${DOMAIN}}" fi - if [ -z "$ADMIN_PASSWORD" ]; then - ADMIN_PASSWORD="${DEFAULT_PASSWORD:-changeme123}" - if [ "$ADMIN_PASSWORD" = "changeme123" ]; then + if [ -z "$AUTHELIA_ADMIN_PASSWORD" ]; then + AUTHELIA_ADMIN_PASSWORD="${DEFAULT_PASSWORD}" + if [ "$AUTHELIA_ADMIN_PASSWORD" = "changeme123" ]; then log_info "Using default admin password (changeme123) - please change this after setup!" fi fi @@ -727,16 +727,16 @@ save_env_file() { if ! docker images | grep -q authelia/authelia; then docker pull authelia/authelia:latest > /dev/null 2>&1 fi - AUTHELIA_ADMIN_PASSWORD_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "$ADMIN_PASSWORD" 2>&1 | grep -o '\$argon2id.*') + AUTHELIA_ADMIN_PASSWORD_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "$AUTHELIA_ADMIN_PASSWORD") if [ -z "$AUTHELIA_ADMIN_PASSWORD_HASH" ]; then - log_error "Failed to generate Authelia password hash. Please check that ADMIN_PASSWORD is set." + log_error "Failed to generate Authelia password hash. Please check that AUTHELIA_ADMIN_PASSWORD is set." exit 1 fi fi # Save password hash - sudo -u "$ACTUAL_USER" sed -i "s%# AUTHELIA_ADMIN_PASSWORD_HASH=.*%AUTHELIA_ADMIN_PASSWORD_HASH=\"$AUTHELIA_ADMIN_PASSWORD_HASH\"%" "$REPO_DIR/.env" - sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_ADMIN_PASSWORD_HASH=.*%AUTHELIA_ADMIN_PASSWORD_HASH=\"$AUTHELIA_ADMIN_PASSWORD_HASH\"%" "$REPO_DIR/.env" + sudo -u "$ACTUAL_USER" sed -i "s%# AUTHELIA_ADMIN_PASSWORD_HASH=.*%AUTHELIA_ADMIN_PASSWORD_HASH=$AUTHELIA_ADMIN_PASSWORD_HASH%" "$REPO_DIR/.env" + sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_ADMIN_PASSWORD_HASH=.*%AUTHELIA_ADMIN_PASSWORD_HASH=$AUTHELIA_ADMIN_PASSWORD_HASH%" "$REPO_DIR/.env" fi debug_log "Configuration saved to .env file" diff --git a/scripts/install-prerequisites.sh b/scripts/install-prerequisites.sh index 182b8ff..2a9915d 100755 --- a/scripts/install-prerequisites.sh +++ b/scripts/install-prerequisites.sh @@ -139,7 +139,7 @@ system_setup() { log_info "Docker service is already running" fi else - curl -fsSL https://get.docker.com | sh + curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh usermod -aG docker "$ACTUAL_USER" NEEDS_LOGOUT=true fi