diff --git a/infrastructure/docker-compose.yml b/infrastructure/docker-compose.yml index 22fd91b..69e9f92 100644 --- a/infrastructure/docker-compose.yml +++ b/infrastructure/docker-compose.yml @@ -45,6 +45,8 @@ include: - services/memos/docker-compose.memos.yml # Argus - services/argus/docker-compose.argus.yml +# Dependency-Track + - services/dependency-track/docker-compose.dependency-track.yml # Minecraft - services/minecraft-server/docker-compose.yml # 7daystodie diff --git a/infrastructure/services/caddy/config/Caddyfile b/infrastructure/services/caddy/config/Caddyfile index ef89d7a..2e5d7bb 100644 --- a/infrastructure/services/caddy/config/Caddyfile +++ b/infrastructure/services/caddy/config/Caddyfile @@ -40,3 +40,4 @@ import website/qbittorrent.caddy import website/syncthing.caddy import website/uptimekuma.caddy import website/argus.caddy +import website/dependency-track.caddy diff --git a/infrastructure/services/caddy/config/website/dependency-track.caddy b/infrastructure/services/caddy/config/website/dependency-track.caddy new file mode 100644 index 0000000..323b174 --- /dev/null +++ b/infrastructure/services/caddy/config/website/dependency-track.caddy @@ -0,0 +1,4 @@ +dependency-track.{$MAIN_DOMAIN} { + reverse_proxy /api/* {$DEPENDENCY_TRACK_APISERVER_ADDRESS} + reverse_proxy {$DEPENDENCY_TRACK_FRONTEND_ADDRESS} +} diff --git a/infrastructure/services/caddy/docker-compose.caddy.yml b/infrastructure/services/caddy/docker-compose.caddy.yml index a6a2243..adb719b 100644 --- a/infrastructure/services/caddy/docker-compose.caddy.yml +++ b/infrastructure/services/caddy/docker-compose.caddy.yml @@ -42,6 +42,7 @@ services: - privatebin-network - picoshare-network - memos-network + - dependency-track-network # - satisfactory-network # - teamfortress2-network # - minecraft-network diff --git a/infrastructure/services/caddy/env/caddy.env b/infrastructure/services/caddy/env/caddy.env index 03c065f..22ec34e 100644 --- a/infrastructure/services/caddy/env/caddy.env +++ b/infrastructure/services/caddy/env/caddy.env @@ -17,3 +17,5 @@ SYNCTHING_ADDRESS=syncthing:8384 TRANSMISSION_ADDRESS=transmission:9091 PSITRANSFER_ADDRESS=psitransfer:3000 WORDPRESS_ADDRESS=wordpress:9000 +DEPENDENCY_TRACK_FRONTEND_ADDRESS=dependency-track-frontend:8080 +DEPENDENCY_TRACK_APISERVER_ADDRESS=dependency-track-apiserver:8080 diff --git a/infrastructure/services/dependency-track/docker-compose.dependency-track.yml b/infrastructure/services/dependency-track/docker-compose.dependency-track.yml new file mode 100644 index 0000000..f90820e --- /dev/null +++ b/infrastructure/services/dependency-track/docker-compose.dependency-track.yml @@ -0,0 +1,69 @@ +services: + dependency-track-apiserver: + image: dependencytrack/apiserver + container_name: dependency-track-apiserver + profiles: + - dependency-track + depends_on: + dependency-track-postgres: + condition: service_healthy + env_file: + - ./env/dependency-track.env + restart: on-failure:5 + networks: + - dependency-track-network + deploy: + resources: + limits: + memory: 4g + restart_policy: + condition: on-failure + volumes: + - 'dtrack-data:/data' + + dependency-track-frontend: + image: dependencytrack/frontend + container_name: dependency-track-frontend + profiles: + - dependency-track + restart: on-failure:5 + networks: + - dependency-track-network + depends_on: + dependency-track-apiserver: + condition: service_healthy + caddy: + condition: service_healthy + security_opt: + - no-new-privileges:true + env_file: + - ./env/dependency-track.env + + dependency-track-postgres: + image: postgres:17-alpine + container_name: dependency-track-postgres + profiles: + - dependency-track + env_file: + - ./env/dependency-track.env + restart: on-failure:5 + networks: + - dependency-track-network + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}" ] + interval: 5s + timeout: 3s + retries: 3 + volumes: + - "dtrack-postgres-data:/var/lib/postgresql/data" + +volumes: + dtrack-data: + name: dtrack-data + dtrack-postgres-data: + name: dtrack-postgres-data + +networks: + dependency-track-network: + driver: bridge + name: dependency-track-network diff --git a/infrastructure/services/dependency-track/env/dependency-track.env b/infrastructure/services/dependency-track/env/dependency-track.env new file mode 100644 index 0000000..3cce4df --- /dev/null +++ b/infrastructure/services/dependency-track/env/dependency-track.env @@ -0,0 +1,114 @@ +# apiserver + + # The Dependency-Track container can be configured using any of the + # available configuration properties defined in: + # https://docs.dependencytrack.org/getting-started/configuration/ + # All properties are upper case with periods replaced by underscores. + # + # Database Properties + # ALPINE_DATABASE_MODE: "external" + # ALPINE_DATABASE_URL: "jdbc:postgresql://postgres10:5432/dtrack" + # ALPINE_DATABASE_DRIVER: "org.postgresql.Driver" + # ALPINE_DATABASE_USERNAME: "dtrack" + # ALPINE_DATABASE_PASSWORD: "changeme" + # ALPINE_DATABASE_POOL_ENABLED: "true" + # ALPINE_DATABASE_POOL_MAX_SIZE: "20" + # ALPINE_DATABASE_POOL_MIN_IDLE: "10" + # ALPINE_DATABASE_POOL_IDLE_TIMEOUT: "300000" + # ALPINE_DATABASE_POOL_MAX_LIFETIME: "600000" + # + # Optional LDAP Properties + # ALPINE_LDAP_ENABLED: "true" + # ALPINE_LDAP_SERVER_URL: "ldap://ldap.example.com:389" + # ALPINE_LDAP_BASEDN: "dc=example,dc=com" + # ALPINE_LDAP_SECURITY_AUTH: "simple" + # ALPINE_LDAP_BIND_USERNAME: "" + # ALPINE_LDAP_BIND_PASSWORD: "" + # ALPINE_LDAP_AUTH_USERNAME_FORMAT: "%s@example.com" + # ALPINE_LDAP_ATTRIBUTE_NAME: "userPrincipalName" + # ALPINE_LDAP_ATTRIBUTE_MAIL: "mail" + # ALPINE_LDAP_GROUPS_FILTER: "(&(objectClass=group)(objectCategory=Group))" + # ALPINE_LDAP_USER_GROUPS_FILTER: "(member:1.2.840.113556.1.4.1941:={USER_DN})" + # ALPINE_LDAP_GROUPS_SEARCH_FILTER: "(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))" + # ALPINE_LDAP_USERS_SEARCH_FILTER: "(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))" + # ALPINE_LDAP_USER_PROVISIONING: "false" + # ALPINE_LDAP_TEAM_SYNCHRONIZATION: "false" + # + # Optional OpenID Connect (OIDC) Properties + # ALPINE_OIDC_ENABLED: "true" + # ALPINE_OIDC_ISSUER: "https://auth.example.com/auth/realms/example" + # ALPINE_OIDC_CLIENT_ID: "" + # ALPINE_OIDC_USERNAME_CLAIM: "preferred_username" + # ALPINE_OIDC_TEAMS_CLAIM: "groups" + # ALPINE_OIDC_USER_PROVISIONING: "true" + # ALPINE_OIDC_TEAM_SYNCHRONIZATION: "true" + # + # Optional HTTP Proxy Settings + # ALPINE_HTTP_PROXY_ADDRESS: "proxy.example.com" + # ALPINE_HTTP_PROXY_PORT: "8888" + # ALPINE_HTTP_PROXY_USERNAME: "" + # ALPINE_HTTP_PROXY_PASSWORD: "" + # ALPINE_NO_PROXY: "" + # + # Optional HTTP Outbound Connection Timeout Settings. All values are in seconds. + # ALPINE_HTTP_TIMEOUT_CONNECTION: "30" + # ALPINE_HTTP_TIMEOUT_SOCKET: "30" + # ALPINE_HTTP_TIMEOUT_POOL: "60" + # + # Optional Cross-Origin Resource Sharing (CORS) Headers + # ALPINE_CORS_ENABLED: "true" + # ALPINE_CORS_ALLOW_ORIGIN: "*" + # ALPINE_CORS_ALLOW_METHODS: "GET, POST, PUT, DELETE, OPTIONS" + # ALPINE_CORS_ALLOW_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *" + # ALPINE_CORS_EXPOSE_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count" + # ALPINE_CORS_ALLOW_CREDENTIALS: "true" + # ALPINE_CORS_MAX_AGE: "3600" + # + # Optional logging configuration + # LOGGING_LEVEL: "INFO" + # LOGGING_CONFIG_PATH: "logback.xml" + # + # Optional metrics properties + # ALPINE_METRICS_ENABLED: "true" + # ALPINE_METRICS_AUTH_USERNAME: "" + # ALPINE_METRICS_AUTH_PASSWORD: "" + # + # Optional environmental variables to enable default notification publisher templates override and set the base directory to search for templates + # DEFAULT_TEMPLATES_OVERRIDE_ENABLED: "false" + # DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY: "/data" + # + # Optional configuration for the Snyk analyzer + # SNYK_THREAD_BATCH_SIZE: "10" + # + # Optional environmental variables to provide more JVM arguments to the API Server JVM, i.e. "-XX:ActiveProcessorCount=8" + # EXTRA_JAVA_OPTIONS: "" +ALPINE_DATABASE_MODE="external" +ALPINE_DATABASE_URL="jdbc:postgresql://dependency-track-postgres:5432/dtrack" +ALPINE_DATABASE_DRIVER="org.postgresql.Driver" +ALPINE_DATABASE_USERNAME="dtrack" +ALPINE_DATABASE_PASSWORD="dtrack" + + + +# frontend + + + # The base URL of the API server. + # NOTE: + # * This URL must be reachable by the browsers of your users. + # * The frontend container itself does NOT communicate with the API server directly, it just serves static files. + # * When deploying to dedicated servers, please use the external IP or domain of the API server. + # OIDC_ISSUER: "" + # OIDC_CLIENT_ID: "" + # OIDC_SCOPE: "" + # OIDC_FLOW: "" + # OIDC_LOGIN_BUTTON_TEXT: "" + # volumes: + # - "/host/path/to/config.json:/app/static/config.json" + +API_BASE_URL="https://dependency-track.bensuperpc.org" + +# postgres +POSTGRES_DB="dtrack" +POSTGRES_USER="dtrack" +POSTGRES_PASSWORD="dtrack" diff --git a/infrastructure/services/homepage/docker-compose.homepage.yml b/infrastructure/services/homepage/docker-compose.homepage.yml index b5776f9..82677f9 100644 --- a/infrastructure/services/homepage/docker-compose.homepage.yml +++ b/infrastructure/services/homepage/docker-compose.homepage.yml @@ -17,7 +17,7 @@ services: - homepage_log:/app/logs - ./config:/app/config - ./image:/app/public/image:ro - - /var/run/docker.sock:/var/run/docker.sock:ro + # - /var/run/docker.sock:/var/run/docker.sock:ro # develop: # watch: # - action: sync+restart diff --git a/infrastructure/services/uptime-kuma/docker-compose.uptime-kuma.yml b/infrastructure/services/uptime-kuma/docker-compose.uptime-kuma.yml index 4bd6420..4071c2a 100644 --- a/infrastructure/services/uptime-kuma/docker-compose.uptime-kuma.yml +++ b/infrastructure/services/uptime-kuma/docker-compose.uptime-kuma.yml @@ -7,7 +7,7 @@ services: - uptime-kuma volumes: - uptimekuma_data:/app/data - - /var/run/docker.sock:/var/run/docker.sock:ro + # - /var/run/docker.sock:/var/run/docker.sock:ro restart: on-failure:5 depends_on: - caddy diff --git a/presets/torrent.conf b/presets/torrent.conf index b3e9f93..820818e 100644 --- a/presets/torrent.conf +++ b/presets/torrent.conf @@ -1,4 +1,4 @@ DOCKER_PROFILES += main_infrastructure caddy DOCKER_PROFILES += qbittorrent openssh -DOCKER_PROFILES += uptime-kuma argus +DOCKER_PROFILES += uptime-kuma argus dependency-track # transmission