Add dependency-track

infrastructure/docker-compose.yml

@@ -45,6 +45,8 @@ include:
   - services/memos/docker-compose.memos.yml
 # Argus
   - services/argus/docker-compose.argus.yml
+# Dependency-Track
+  - services/dependency-track/docker-compose.dependency-track.yml
 # Minecraft
   - services/minecraft-server/docker-compose.yml
 # 7daystodie

infrastructure/services/caddy/config/Caddyfile

@@ -40,3 +40,4 @@ import website/qbittorrent.caddy
 import website/syncthing.caddy
 import website/uptimekuma.caddy
 import website/argus.caddy
+import website/dependency-track.caddy

infrastructure/services/caddy/config/website/dependency-track.caddy

@@ -0,0 +1,4 @@
+dependency-track.{$MAIN_DOMAIN} {
+	reverse_proxy /api/* {$DEPENDENCY_TRACK_APISERVER_ADDRESS}
+	reverse_proxy {$DEPENDENCY_TRACK_FRONTEND_ADDRESS}
+}

infrastructure/services/caddy/docker-compose.caddy.yml

@@ -42,6 +42,7 @@ services:
       - privatebin-network
       - picoshare-network
       - memos-network
+      - dependency-track-network
 #      - satisfactory-network
 #      - teamfortress2-network
 #      - minecraft-network

infrastructure/services/caddy/env/caddy.env

@@ -17,3 +17,5 @@ SYNCTHING_ADDRESS=syncthing:8384
 TRANSMISSION_ADDRESS=transmission:9091
 PSITRANSFER_ADDRESS=psitransfer:3000
 WORDPRESS_ADDRESS=wordpress:9000
+DEPENDENCY_TRACK_FRONTEND_ADDRESS=dependency-track-frontend:8080
+DEPENDENCY_TRACK_APISERVER_ADDRESS=dependency-track-apiserver:8080

infrastructure/services/dependency-track/docker-compose.dependency-track.yml

@@ -0,0 +1,69 @@
+services:
+  dependency-track-apiserver:
+    image: dependencytrack/apiserver
+    container_name: dependency-track-apiserver
+    profiles:
+      - dependency-track
+    depends_on:
+      dependency-track-postgres:
+        condition: service_healthy
+    env_file:
+      - ./env/dependency-track.env
+    restart: on-failure:5
+    networks:
+      - dependency-track-network
+    deploy:
+      resources:
+        limits:
+          memory: 4g
+      restart_policy:
+        condition: on-failure
+    volumes:
+    - 'dtrack-data:/data'
+
+  dependency-track-frontend:
+    image: dependencytrack/frontend
+    container_name: dependency-track-frontend
+    profiles:
+      - dependency-track
+    restart: on-failure:5
+    networks:
+      - dependency-track-network
+    depends_on:
+      dependency-track-apiserver:
+        condition: service_healthy
+      caddy:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    env_file:
+      - ./env/dependency-track.env
+
+  dependency-track-postgres:
+    image: postgres:17-alpine
+    container_name: dependency-track-postgres
+    profiles:
+      - dependency-track
+    env_file:
+      - ./env/dependency-track.env
+    restart: on-failure:5
+    networks:
+      - dependency-track-network
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}" ]
+      interval: 5s
+      timeout: 3s
+      retries: 3
+    volumes:
+    - "dtrack-postgres-data:/var/lib/postgresql/data"
+
+volumes:
+  dtrack-data:
+    name: dtrack-data
+  dtrack-postgres-data:
+    name: dtrack-postgres-data
+
+networks:
+  dependency-track-network:
+    driver: bridge
+    name: dependency-track-network

infrastructure/services/dependency-track/env/dependency-track.env

@@ -0,0 +1,114 @@
+# apiserver
+
+    # The Dependency-Track container can be configured using any of the
+    # available configuration properties defined in:
+    # https://docs.dependencytrack.org/getting-started/configuration/
+    # All properties are upper case with periods replaced by underscores.
+    #
+    # Database Properties
+    #   ALPINE_DATABASE_MODE: "external"
+    #   ALPINE_DATABASE_URL: "jdbc:postgresql://postgres10:5432/dtrack"
+    #   ALPINE_DATABASE_DRIVER: "org.postgresql.Driver"
+    #   ALPINE_DATABASE_USERNAME: "dtrack"
+    #   ALPINE_DATABASE_PASSWORD: "changeme"
+    #   ALPINE_DATABASE_POOL_ENABLED: "true"
+    #   ALPINE_DATABASE_POOL_MAX_SIZE: "20"
+    #   ALPINE_DATABASE_POOL_MIN_IDLE: "10"
+    #   ALPINE_DATABASE_POOL_IDLE_TIMEOUT: "300000"
+    #   ALPINE_DATABASE_POOL_MAX_LIFETIME: "600000"
+    #
+    # Optional LDAP Properties
+    #   ALPINE_LDAP_ENABLED: "true"
+    #   ALPINE_LDAP_SERVER_URL: "ldap://ldap.example.com:389"
+    #   ALPINE_LDAP_BASEDN: "dc=example,dc=com"
+    #   ALPINE_LDAP_SECURITY_AUTH: "simple"
+    #   ALPINE_LDAP_BIND_USERNAME: ""
+    #   ALPINE_LDAP_BIND_PASSWORD: ""
+    #   ALPINE_LDAP_AUTH_USERNAME_FORMAT: "%s@example.com"
+    #   ALPINE_LDAP_ATTRIBUTE_NAME: "userPrincipalName"
+    #   ALPINE_LDAP_ATTRIBUTE_MAIL: "mail"
+    #   ALPINE_LDAP_GROUPS_FILTER: "(&(objectClass=group)(objectCategory=Group))"
+    #   ALPINE_LDAP_USER_GROUPS_FILTER: "(member:1.2.840.113556.1.4.1941:={USER_DN})"
+    #   ALPINE_LDAP_GROUPS_SEARCH_FILTER: "(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))"
+    #   ALPINE_LDAP_USERS_SEARCH_FILTER: "(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))"
+    #   ALPINE_LDAP_USER_PROVISIONING: "false"
+    #   ALPINE_LDAP_TEAM_SYNCHRONIZATION: "false"
+    #
+    # Optional OpenID Connect (OIDC) Properties
+    #   ALPINE_OIDC_ENABLED: "true"
+    #   ALPINE_OIDC_ISSUER: "https://auth.example.com/auth/realms/example"
+    #   ALPINE_OIDC_CLIENT_ID: ""
+    #   ALPINE_OIDC_USERNAME_CLAIM: "preferred_username"
+    #   ALPINE_OIDC_TEAMS_CLAIM: "groups"
+    #   ALPINE_OIDC_USER_PROVISIONING: "true"
+    #   ALPINE_OIDC_TEAM_SYNCHRONIZATION: "true"
+    #
+    # Optional HTTP Proxy Settings
+    #   ALPINE_HTTP_PROXY_ADDRESS: "proxy.example.com"
+    #   ALPINE_HTTP_PROXY_PORT: "8888"
+    #   ALPINE_HTTP_PROXY_USERNAME: ""
+    #   ALPINE_HTTP_PROXY_PASSWORD: ""
+    #   ALPINE_NO_PROXY: ""
+    #
+    # Optional HTTP Outbound Connection Timeout Settings. All values are in seconds.
+    #   ALPINE_HTTP_TIMEOUT_CONNECTION: "30"
+    #   ALPINE_HTTP_TIMEOUT_SOCKET: "30"
+    #   ALPINE_HTTP_TIMEOUT_POOL: "60"
+    #
+    # Optional Cross-Origin Resource Sharing (CORS) Headers
+    #   ALPINE_CORS_ENABLED: "true"
+    #   ALPINE_CORS_ALLOW_ORIGIN: "*"
+    #   ALPINE_CORS_ALLOW_METHODS: "GET, POST, PUT, DELETE, OPTIONS"
+    #   ALPINE_CORS_ALLOW_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *"
+    #   ALPINE_CORS_EXPOSE_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count"
+    #   ALPINE_CORS_ALLOW_CREDENTIALS: "true"
+    #   ALPINE_CORS_MAX_AGE: "3600"
+    #
+    # Optional logging configuration
+    #   LOGGING_LEVEL: "INFO"
+    #   LOGGING_CONFIG_PATH: "logback.xml"
+    #
+    # Optional metrics properties
+    #   ALPINE_METRICS_ENABLED: "true"
+    #   ALPINE_METRICS_AUTH_USERNAME: ""
+    #   ALPINE_METRICS_AUTH_PASSWORD: ""
+    #
+    # Optional environmental variables to enable default notification publisher templates override and set the base directory to search for templates
+    #   DEFAULT_TEMPLATES_OVERRIDE_ENABLED: "false"
+    #   DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY: "/data"
+    #
+    # Optional configuration for the Snyk analyzer
+    #   SNYK_THREAD_BATCH_SIZE: "10"
+    #
+    # Optional environmental variables to provide more JVM arguments to the API Server JVM, i.e. "-XX:ActiveProcessorCount=8"
+    #   EXTRA_JAVA_OPTIONS: ""
+ALPINE_DATABASE_MODE="external"
+ALPINE_DATABASE_URL="jdbc:postgresql://dependency-track-postgres:5432/dtrack"
+ALPINE_DATABASE_DRIVER="org.postgresql.Driver"
+ALPINE_DATABASE_USERNAME="dtrack"
+ALPINE_DATABASE_PASSWORD="dtrack"
+
+
+
+# frontend
+
+
+      # The base URL of the API server.
+      # NOTE:
+      #   * This URL must be reachable by the browsers of your users.
+      #   * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
+      #   * When deploying to dedicated servers, please use the external IP or domain of the API server.
+      # OIDC_ISSUER: ""
+      # OIDC_CLIENT_ID: ""
+      # OIDC_SCOPE: ""
+      # OIDC_FLOW: ""
+      # OIDC_LOGIN_BUTTON_TEXT: ""
+      # volumes:
+      # - "/host/path/to/config.json:/app/static/config.json"
+
+API_BASE_URL="https://dependency-track.bensuperpc.org"
+
+# postgres
+POSTGRES_DB="dtrack"
+POSTGRES_USER="dtrack"
+POSTGRES_PASSWORD="dtrack"

infrastructure/services/homepage/docker-compose.homepage.yml

@@ -17,7 +17,7 @@ services:
       - homepage_log:/app/logs
       - ./config:/app/config
       - ./image:/app/public/image:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+    #  - /var/run/docker.sock:/var/run/docker.sock:ro
 #    develop:
 #      watch:
 #        - action: sync+restart

infrastructure/services/uptime-kuma/docker-compose.uptime-kuma.yml

@@ -7,7 +7,7 @@ services:
       - uptime-kuma
     volumes:
       - uptimekuma_data:/app/data
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+    #  - /var/run/docker.sock:/var/run/docker.sock:ro
     restart: on-failure:5
     depends_on:
       - caddy

presets/torrent.conf

@@ -1,4 +1,4 @@
 DOCKER_PROFILES += main_infrastructure caddy
 DOCKER_PROFILES += qbittorrent openssh
-DOCKER_PROFILES += uptime-kuma argus
+DOCKER_PROFILES += uptime-kuma argus dependency-track
 # transmission