diff --git a/Makefile b/Makefile index a022fe1..aa1b7c5 100644 --- a/Makefile +++ b/Makefile @@ -11,17 +11,18 @@ #// // #////////////////////////////////////////////////////////////// -ADMIN_SERVICES := openssh -#uptime-kuma yacht +ADMIN_SERVICES := openssh uptime-kuma #BLOG_SERVICES := wordpress #7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup #MINECRAFT_SERVICES := minecraft_server minecraft_backup #SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup -#GIT_SERVICES := forgejo +GIT_SERVICES := forgejo # forgejo-runner # gitea gitea-runner #IA_SERVICES := open-webui -#SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing +SHARING_SERVICES := privatebin +# jellyfin +# psitransfer picoshare projectsend dufs syncthing TORRENTS_SERVICES := qbittorrent # transmission UTILS_SERVICES := it-tools omni-tools cyberchef diff --git a/README.md b/README.md index bf49d66..95c6a23 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,6 @@ If you have any **questions** or **suggestions**, feel free to open an issue or - [x] it-tools and omni-tools (Tools for IT) - [x] Open-WebUI (Local chatGPT) - [x] Privatebin (Pastebin) -- [x] Yacht (Web interface for managing docker containers) - [X] [Satisfactory](https://github.com/bensuperpc/docker-satisfactory) - [x] [7 days to die](https://github.com/bensuperpc/docker-7daystodie) - [x] [minecraft](https://github.com/bensuperpc/docker-minecraft-server) @@ -114,11 +113,9 @@ And then, caddy will generate the certificate for you and renew it automatically | [it-tools.bensuperpc.org](https://it-tools.bensuperpc.org) | Sub | Tools for IT | | [omni-tools.bensuperpc.org](https://omni-tools.bensuperpc.org) | Sub | Tools for IT | | [privatebin.bensuperpc.org](https://privatebin.bensuperpc.org) | Sub | Pastebin | -| [yacht.bensuperpc.org](https://yacht.bensuperpc.org) | Sub | Web interface for managing docker containers | | [projectsend.bensuperpc.org](https://projectsend.bensuperpc.org) | Sub | ProjectSend for file sharing | | [picoshare.bensuperpc.org](https://picoshare.bensuperpc.org) | Sub | Picoshare for file sharing | | [dufs.bensuperpc.org](https://dufs.bensuperpc.org) | Sub | Dufs for file sharing | -| [public.bensuperpc.org](https://public.bensuperpc.org) | Sub | Caddy for file sharing | | [memos.bensuperpc.org](https://memos.bensuperpc.org) | Sub | Caddy for file sharing | | [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org) | Sub | Stirling PDF tools | @@ -191,12 +188,6 @@ For [psitransfer.env](infrastructure/services/psitransfer/env/psitransfer.env) f PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn ``` -For [yacht.env](infrastructure/services/yacht/env/yacht.env) file, you need to change the secret key. - -```sh -SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8 -``` - For [projectsend_db.env](infrastructure/services/projectsend/env/projectsend_db.env) file, you need to change the password(s) and user for the database. ```sh @@ -296,6 +287,14 @@ You can change the homepage config in these files: ### Forgejo +Once the installation is complete, you need to set the installation lock: + +```sh +FORGEJO__security__INSTALL_LOCK=true +``` + +### Forgejo Runner + ```sh docker exec -it forgejo_runner /bin/bash ``` @@ -380,7 +379,6 @@ ssh -p 2222 admin@bensuperpc.org - [Privatebin](https://github.com/PrivateBin/PrivateBin) - [ghost](https://ghost.org) - [Homepage Tuto](https://belginux.com/installer-homepage-avec-docker/) -- [Yacht](https://yacht.sh/) - [ProjectSend](https://www.projectsend.org/) - [Picoshare](https://github.com/mtlynch/picoshare) - [Dufs](https://github.com/sigoden/dufs) diff --git a/infrastructure/docker-compose.yml b/infrastructure/docker-compose.yml index aa7e7a2..23d56c8 100644 --- a/infrastructure/docker-compose.yml +++ b/infrastructure/docker-compose.yml @@ -41,8 +41,6 @@ include: - services/transmission/docker-compose.transmission.yml # Uptime-kuma - services/uptime-kuma/docker-compose.uptime-kuma.yml -# Yacht - - services/yacht/docker-compose.yacht.yml # open-webui - services/open-webui/docker-compose.open-webui.yml # Minecraft diff --git a/infrastructure/services/caddy/config/website/main.caddy b/infrastructure/services/caddy/config/website/main.caddy index de05cf5..6054a2c 100644 --- a/infrastructure/services/caddy/config/website/main.caddy +++ b/infrastructure/services/caddy/config/website/main.caddy @@ -16,12 +16,12 @@ www.{$MAIN_DOMAIN} { redir https://www.{host}{uri} permanent } -public.{$MAIN_DOMAIN} { - root * /public_data - file_server browse - - header / { - Cache-Control "no-store" - import header_common - } -} +#public.{$MAIN_DOMAIN} { +# root * /public_data +# file_server browse +# +# header / { +# Cache-Control "no-store" +# import header_common +# } +#} diff --git a/infrastructure/services/caddy/config/website/yacht.caddy b/infrastructure/services/caddy/config/website/yacht.caddy deleted file mode 100644 index 0054b9f..0000000 --- a/infrastructure/services/caddy/config/website/yacht.caddy +++ /dev/null @@ -1,3 +0,0 @@ -yacht.{$MAIN_DOMAIN} { - reverse_proxy yacht:8000 -} diff --git a/infrastructure/services/forgejo/docker-compose.forgejo.yml b/infrastructure/services/forgejo/docker-compose.forgejo.yml index a08dc09..308deaa 100644 --- a/infrastructure/services/forgejo/docker-compose.forgejo.yml +++ b/infrastructure/services/forgejo/docker-compose.forgejo.yml @@ -1,7 +1,7 @@ services: # forgejo forgejo: - image: codeberg.org/forgejo/forgejo:11-rootless + image: codeberg.org/forgejo/forgejo:12-rootless container_name: forgejo profiles: - forgejo @@ -10,7 +10,7 @@ services: - database_forgejo - caddy ports: - - "22:22" + - "22:2222" env_file: - ./env/forgejo.env volumes: @@ -20,6 +20,7 @@ services: - /etc/localtime:/etc/localtime:ro networks: - infra-network + user: ${PUID:-1000}:${PGID:-1000} security_opt: - no-new-privileges:true diff --git a/infrastructure/services/forgejo/env/forgejo.env b/infrastructure/services/forgejo/env/forgejo.env index 723178e..c974573 100644 --- a/infrastructure/services/forgejo/env/forgejo.env +++ b/infrastructure/services/forgejo/env/forgejo.env @@ -5,12 +5,12 @@ FORGEJO__database__HOST=database_forgejo:3306 FORGEJO__database__NAME=forgejo FORGEJO__database__USER=bensuperpc FORGEJO__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j -FORGEJO__APP_NAME=The Homelab Git +FORGEJO__APP_NAME=Bensuperpc's Forgejo FORGEJO__APP_SLOGAN=Personal Code, Mirrors, and More FORGEJO__server__DOMAIN=git.bensuperpc.org FORGEJO__server__SSH_DOMAIN=git.bensuperpc.org FORGEJO__server__HTTP_PORT=3000 -FORGEJO__server__SSH_LISTEN_PORT=22 +FORGEJO__server__SSH_LISTEN_PORT=2222 FORGEJO__server__SSH_PORT=22 FORGEJO__server__ROOT_URL=https://git.bensuperpc.org FORGEJO__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c diff --git a/infrastructure/services/homepage/config/services.yaml b/infrastructure/services/homepage/config/services.yaml index ce1f594..9d9da3d 100644 --- a/infrastructure/services/homepage/config/services.yaml +++ b/infrastructure/services/homepage/config/services.yaml @@ -64,12 +64,12 @@ description: Dufs ping: dufs.bensuperpc.org container: dufs - - caddy: - icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/caddy.png - href: https://public.bensuperpc.org/ - description: File browser - ping: public.bensuperpc.org - container: caddy +# - caddy: +# icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/caddy.png +# href: https://public.bensuperpc.org/ +# description: File browser +# ping: public.bensuperpc.org +# container: caddy - Utils: - it-tools: @@ -142,10 +142,4 @@ description: Uptime Kuma ping: uptimekuma.bensuperpc.org container: uptime-kuma - - yacht: -# icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/yacht.png - href: https://yacht.bensuperpc.org/ - description: Yacht - ping: yacht.bensuperpc.org - container: yacht diff --git a/infrastructure/services/privatebin/config/conf.php b/infrastructure/services/privatebin/config/conf.php index b2f6fe0..ef30926 100644 --- a/infrastructure/services/privatebin/config/conf.php +++ b/infrastructure/services/privatebin/config/conf.php @@ -39,16 +39,29 @@ defaultformatter = "plaintext" ; (optional) set a syntax highlighting theme, as found in css/prettify/ ; syntaxhighlightingtheme = "sons-of-obsidian" -; size limit per paste or comment in bytes, defaults to 10 Mebibytes -sizelimit = 10485760 +; size limit per document or comment in bytes, defaults to 10 Megabytes +sizelimit = 10000000 -; template to include, default is "bootstrap" (tpl/bootstrap.php), also -; available are "page" (tpl/page.php), the classic ZeroBin style and several -; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page", -; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page" -; and finally "bootstrap-compact-page" - previews at: +; by default PrivateBin use "bootstrap5" template (tpl/bootstrap5.php). +; Optionally you can enable the template selection menu, which uses +; a session cookie to store the choice until the browser is closed. +templateselection = false + +; List of available for selection templates when "templateselection" option is enabled +availabletemplates[] = "bootstrap5" +availabletemplates[] = "bootstrap" +availabletemplates[] = "bootstrap-page" +availabletemplates[] = "bootstrap-dark" +availabletemplates[] = "bootstrap-dark-page" +availabletemplates[] = "bootstrap-compact" +availabletemplates[] = "bootstrap-compact-page" + +; set the template your installs defaults to, defaults to "bootstrap5" (tpl/bootstrap5.php), also +; bootstrap template (tpl/bootstrap.php) and it's variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page", +; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page", +; "bootstrap-compact-page" - previews at: ; https://privatebin.info/screenshots.html -template = "bootstrap-dark" +; template = "bootstrap5" ; (optional) info text to display ; use single, instead of double quotes for HTML attributes @@ -66,17 +79,22 @@ languageselection = false ; if this is set and language selection is disabled, this will be the only language ; languagedefault = "en" -; (optional) URL shortener address to offer after a new paste is created. +; (optional) URL shortener address to offer after a new document is created. ; It is suggested to only use this with self-hosted shorteners as this will leak -; the pastes encryption key. +; the documents encryption key. ; urlshortener = "https://shortener.example.com/api?link=" -; (optional) Let users create a QR code for sharing the paste URL with one click. -; It works both when a new paste is created and when you view a paste. +; (optional) Whether to shorten the URL by default when a new document is created. +; If set to true, the "Shorten URL" functionality will be automatically called. +; This only works if the "urlshortener" option is set. +; shortenbydefault = false + +; (optional) Let users create a QR code for sharing the document URL with one click. +; It works both when a new document is created and when you view a document. ; qrcode = true -; (optional) Let users send an email sharing the paste URL with one click. -; It works both when a new paste is created and when you view a paste. +; (optional) Let users send an email sharing the document URL with one click. +; It works both when a new document is created and when you view a document. ; email = true ; (optional) IP based icons are a weak mechanism to detect if a comment was from @@ -84,7 +102,7 @@ languageselection = false ; used to get the IP of a comment poster if the server salt is leaked and a ; SHA512 HMAC rainbow table is generated for all (relevant) IPs. ; Can be set to one these values: -; "none" / "identicon" (default) / "jdenticon" / "vizhash". +; "none" / "identicon" / "jdenticon" (default) / "vizhash". ; icon = "none" ; Content Security Policy headers allow a website to restrict what sources are @@ -93,24 +111,21 @@ languageselection = false ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ ; Notes: -; - If you use any bootstrap theme, you can remove the allow-popups from the -; sandbox restrictions. -; - If you use the bootstrap5 theme, you must change default-src to 'self' to -; enable display of the svg icons ; - By default this disallows to load images from third-party servers, e.g. when -; they are embedded in pastes. If you wish to allow that, you can adjust the +; they are embedded in documents. If you wish to allow that, you can adjust the ; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images ; for details. -; - The 'unsafe-eval' is used in two cases; to check if the browser supports -; async functions and display an error if not and for Chrome to enable -; webassembly support (used for zlib compression). You can remove it if Chrome -; doesn't need to be supported and old browsers don't need to be warned. -; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" - -; stay compatible with PrivateBin Alpha 0.19, less secure -; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of -; sha256 in HMAC for the deletion token -; zerobincompatibility = false +; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib +; compression). You can remove it if compression doesn't need to be supported. +; - The 'unsafe-inline' style-src is used by Chrome when displaying PDF previews +; and can be omitted if attachment upload is disabled (which is the default). +; See https://issues.chromium.org/issues/343754409 +; - To allow displaying PDF previews in Firefox or Chrome, sandboxing must also +; get turned off. The following CSP allows PDF previews: +; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:" +; +; The recommended and default used CSP is: +; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-modals allow-downloads" ; Enable or disable the warning message when the site is served over an insecure ; connection (insecure HTTP instead of HTTPS), defaults to true. @@ -119,7 +134,7 @@ languageselection = false ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. ; httpwarning = true -; Pick compression algorithm or disable it. Only applies to pastes/comments +; Pick compression algorithm or disable it. Only applies to documents & comments ; created after changing the setting. ; Can be set to one these values: "none" / "zlib" (default). ; compression = "zlib" @@ -160,9 +175,9 @@ limit = 10 ; exempted = "1.2.3.4,10.10.10/24" ; (optional) If you want only some source IP addresses (v4 or v6) or subnets -; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be +; (CIDR) to be allowed to create documents, set these here. Invalid IPs will be ; ignored. If multiple values are to be exempted, the list needs to be comma -; separated. Leave unset to allow anyone to create pastes. +; separated. Leave unset to allow anyone to create documents. ; creators = "1.2.3.4,10.10.10/24" ; (optional) if your website runs behind a reverse proxy or load balancer, @@ -170,12 +185,12 @@ limit = 10 ; header = "X_FORWARDED_FOR" [purge] -; minimum time limit between two purgings of expired pastes, it is only -; triggered when pastes are created -; Set this to 0 to run a purge every time a paste is created. +; minimum time limit between two purgings of expired documents, it is only +; checked when documents get created +; Set this to 0 to run a purge every time a document is created. limit = 300 -; maximum amount of expired pastes to delete in one purge +; maximum amount of expired documents to delete in one purge ; Set this to 0 to disable purging. Set it higher, if you are running a large ; site batchsize = 10 @@ -259,7 +274,7 @@ dir = PATH "data" ;version = "latest" ;bucket = "my-bucket" -[yourls] +;[yourls] ; When using YOURLS as a "urlshortener" config item: ; - By default, "urlshortener" will point to the YOURLS API URL, with or without ; credentials, and will be visible in public on the PrivateBin web page. @@ -280,4 +295,4 @@ dir = PATH "data" ; Subresource integrity (SRI) hashes used in template files. Uncomment and set ; these for all js files used. See: ; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files -;privatebin.js = sha512-[…] +;js/privatebin.js = "sha512-[…]" \ No newline at end of file diff --git a/infrastructure/services/yacht/docker-compose.yacht.yml b/infrastructure/services/yacht/docker-compose.yacht.yml deleted file mode 100644 index 1a1454d..0000000 --- a/infrastructure/services/yacht/docker-compose.yacht.yml +++ /dev/null @@ -1,23 +0,0 @@ -services: - # yacht - yacht: - image: selfhostedpro/yacht:latest - container_name: yacht - profiles: - - yacht - restart: on-failure:5 - depends_on: - - caddy - env_file: - - ./env/yacht.env - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - yacht_config:/config - networks: - - infra-network - security_opt: - - no-new-privileges:true - -volumes: - yacht_config: - name: yacht_config diff --git a/infrastructure/services/yacht/env/yacht.env b/infrastructure/services/yacht/env/yacht.env deleted file mode 100644 index a6267a4..0000000 --- a/infrastructure/services/yacht/env/yacht.env +++ /dev/null @@ -1,3 +0,0 @@ -ADMIN_EMAIL=bensuperpc@gmail.com -SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8 -#DATABASE_URL=postgresql://user:password@postgresserver/db diff --git a/tools/docker_volumes_export.sh b/tools/docker_volumes_export.sh index 5603980..2ac6dd7 100755 --- a/tools/docker_volumes_export.sh +++ b/tools/docker_volumes_export.sh @@ -37,7 +37,6 @@ volumes=( stirlingpdf_config uptimekuma_data # private_data - yacht_config transmission_watch privatebin_data psitransfer_data