diff --git a/config/docker/2023/yml-files/BookStack.env b/config/docker/2023/yml-files/BookStack.env new file mode 100644 index 0000000..ebc220d --- /dev/null +++ b/config/docker/2023/yml-files/BookStack.env @@ -0,0 +1,87 @@ +MAIL_DRIVER=smtp + +# Host, Port & Encryption mechanism to use +MAIL_HOST=smtp.provider.tld +MAIL_PORT=465 +MAIL_ENCRYPTION=tls + +# Authentication details for your SMTP service +MAIL_USERNAME=user@provider.tld +MAIL_PASSWORD=onlyifneeded + +# The "from" email address for outgoing email +MAIL_FROM=noreply@yourdomain.tld + +# The "from" name used for outgoing email +MAIL_FROM_NAME=BookStack + +# General auth +AUTH_METHOD=ldap + +# The LDAP host, Adding a port is optional +LDAP_SERVER=example.com:389 +# If using LDAP over SSL you should also define the protocol: +# LDAP_SERVER=ldaps://example.com:636 + +# The base DN from where users will be searched within +LDAP_BASE_DN="ou=People,dc=example,dc=com" + +# The full DN and password of the user used to search the server +# Can both be left as 'false' (without quotes) to bind anonymously +LDAP_DN="cn=serviceaccount,ou=People,dc=example,dc=org" +LDAP_PASS="my#super#secret#password543" + +# A filter to use when searching for users +# The user-provided user-name used to replace any occurrences of '${user}' +# If you're setting this option via other means, such as within a docker-compose.yml, +# you may need escape the $, often using $$ or \$ instead. +# Note: This option cannot be used with the docker-compose.yml `env_file` option. +LDAP_USER_FILTER=(&(uid=${user})) + +# Set the LDAP version to use when connecting to the server +# Should be set to 3 in most cases. +LDAP_VERSION=3 + +# Set the property to use as a unique identifier for this user. +# Stored and used to match LDAP users with existing BookStack users. +# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as +# binary data and BookStack will convert the value to a hexidecimal representation. +# Defaults to 'uid'. +LDAP_ID_ATTRIBUTE=uid + +# Set the default 'email' attribute. Defaults to 'mail' +LDAP_EMAIL_ATTRIBUTE=mail + +# Set the property to use for a user's display name. Defaults to 'cn' +LDAP_DISPLAY_NAME_ATTRIBUTE=cn + +# Set the attribute to use for the user's avatar image. +# Must provide JPEG binary image data. +# Will be used upon login or registration when the user doesn't +# already have an avatar image set. +# Remove this option or set to 'null' to disable LDAP avatar import. +LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto + +# Force TLS to be used for LDAP communication. +# Use this if you can but your LDAP support will need to support it and +# you may need to import your certificate to the BookStack host machine. +# Defaults to 'false'. +LDAP_START_TLS=false + +# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #) +# Only set this option if debugging or you're absolutely sure it's required for your setup. +# If using php-fpm, you may want to restart it after changing this option to avoid instability. +#LDAP_TLS_INSECURE=true + +# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #) +# Only set this option if debugging since it will block logins and potentially show private details. +#LDAP_DUMP_USER_DETAILS=true + +# Active Directory +LDAP_USER_FILTER=(&(sAMAccountName=${user})) +LDAP_VERSION=3 +LDAP_ID_ATTRIBUTE=BIN;objectGUID +# Change the below to true if your AD server supports TLS and if your +# BookStack host system will accept the AD provided certificate. +LDAP_START_TLS=false +LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto \ No newline at end of file diff --git a/config/docker/2023/yml-files/BookStack.yml b/config/docker/2023/yml-files/BookStack.yml new file mode 100644 index 0000000..ef4e2c4 --- /dev/null +++ b/config/docker/2023/yml-files/BookStack.yml @@ -0,0 +1,45 @@ +version: "3" +services: + mariadb: + image: lscr.io/linuxserver/mariadb:latest + container_name: bookstack_mariadb + restart: unless-stopped + volumes: + - /gurulandia/data/docker/bookstack/db:/config + environment: + - MYSQL_ROOT_PASSWORD=SuperPassword + - MYSQL_DATABASE=bookstack + - MYSQL_USER=bookstack + - MYSQL_PASSWORD=bookstack + - PGID=1000 + - PUID=1000 + - TZ=Europe/Helsinki + adminer: + image: adminer:latest + container_name: adminer_bs + environment: + ADMINER_DEFAULT_SERVER: mariadb_bs + restart: unless-stopped + ports: + - 7778:8080 + bookstack: + image: linuxserver/bookstack:latest + container_name: bookstack + restart: unless-stopped + depends_on: + - mariadb + volumes: + - /gurulandia/data/docker/bookstack/config:/config + environment: + - DB_HOST=mariadb:3306 + - DB_USER=bookstack + - DB_PASS=bookstack + - DB_DATABASE=bookstack + #- DB_PORT=3306 + - PGID=1000 + - PUID=1000 + - TZ=Europe/Helsinki + #- APP_URL=http://test-bookstack.gurulandia.fi + - APP_URL=http://192.168.99.63:53001 + ports: + - 53001:80 \ No newline at end of file diff --git a/config/docker/2023/yml-files/argus.yml b/config/docker/2023/yml-files/argus.yml new file mode 100644 index 0000000..15373a5 --- /dev/null +++ b/config/docker/2023/yml-files/argus.yml @@ -0,0 +1,21 @@ +version: '3.7' + +services: + argus: + image: releaseargus/argus:latest + container_name: argus + volumes: + - /gurulandia/data/docker/argus/config.yml:/app/config.yml + - /gurulandia/data/docker/argus/argus.db:/app/data/argus.db + environment: + ARGUS_UID: 1000 # Optional UID override + ARGUS_GID: 1000 #911 # Optional GID override + ports: + - 53006:8080 # + #healthcheck: # Optional healthcheck + # test: ["CMD", "/healthcheck", "http://localhost:8080/api/v1/healthcheck"] + # interval: 1m + # timeout: 10s + # retries: 3 + # start_period: 10s + restart: unless-stopped diff --git a/config/docker/2023/yml-files/bender.yml b/config/docker/2023/yml-files/bender.yml new file mode 100644 index 0000000..09c6297 --- /dev/null +++ b/config/docker/2023/yml-files/bender.yml @@ -0,0 +1,15 @@ +version: "2" +services: + bender: + image: jez500/bender + #To build from source, comment previous line and uncomment below + #build: . + container_name: bender + volumes: + - /gurulandia/data/docker/bender/assets/:/app/static + ports: + - 53004:8080 + user: 1000:1000 # default + environment: + - INIT_ASSETS=1 # default + restart: unless-stopped diff --git a/config/docker/2023/yml-files/docker-socket-proxy.yml b/config/docker/2023/yml-files/docker-socket-proxy.yml new file mode 100644 index 0000000..beb9c6a --- /dev/null +++ b/config/docker/2023/yml-files/docker-socket-proxy.yml @@ -0,0 +1,72 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: +# proxy: +# name: proxy +# driver: bridge +# ipam: +# config: +# - subnet: $PROXY_SUBNET +# gateway: $PROXY_GATEWAY +# default: +# driver: bridge + socket_proxy: + name: socket_proxy + driver: bridge + ipam: + config: + - subnet: $SOCKET_PROXY_SUBNET + gateway: $SOCKET_PROXY_GATEWAY + +########################### SERVICES +services: + # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket + socket-proxy: + container_name: socket-proxy + image: ghcr.io/tecnativa/docker-socket-proxy:edge + restart: always + networks: + socket_proxy: +# ipv4_address: $SOCKET_PROXY_IP # You can specify a static IP + privileged: true + ports: + # - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line. + # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network. + - "2375:2375" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg + ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.). + # 0 to revoke access. + # 1 to grant access. + ## Granted by Default + - EVENTS=1 + - PING=1 + - VERSION=1 + ## Revoked by Default + # Security critical + - AUTH=0 + - SECRETS=0 + - POST=1 # Ouroboros + # Not always needed + - BUILD=0 + - COMMIT=0 + - CONFIGS=0 + - CONTAINERS=1 # Traefik, portainer, etc. + - DISTRIBUTION=0 + - EXEC=1 + - IMAGES=1 # Portainer + - INFO=1 # Portainer + - NETWORKS=1 # Portainer + - NODES=0 + - PLUGINS=0 + - SERVICES=1 # Portainer + - SESSION=0 + - SWARM=0 + - SYSTEM=0 + - TASKS=1 # Portaienr + - VOLUMES=1 # Portainer