mirror of
				https://github.com/bensuperpc/infrastructure.git
				synced 2025-10-25 15:26:20 +02:00 
			
		
		
		
	Compare commits
	
		
			2 Commits
		
	
	
		
			aee30a0aaf
			...
			9110cfec89
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 9110cfec89 | |||
| 817d09683b | 
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -13,7 +13,7 @@ | |||||||
|  |  | ||||||
| DOCKER := docker | DOCKER := docker | ||||||
|  |  | ||||||
| PROFILES := webserver wordpress adminer uptime-kuma portainer qbittorrent gitea jellyfin watchtower backup openssh | PROFILES := webserver wordpress adminer uptime-kuma portainer qbittorrent gitea jellyfin watchtower backup syncthing openssh | ||||||
| PROFILE_CMD := $(addprefix --profile ,$(PROFILES)) | PROFILE_CMD := $(addprefix --profile ,$(PROFILES)) | ||||||
|  |  | ||||||
| COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /') | COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /') | ||||||
|   | |||||||
							
								
								
									
										10
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								README.md
									
									
									
									
									
								
							| @@ -70,10 +70,12 @@ And then, caddy will generate the certificate for you and renew it automatically | |||||||
| | git.bensuperpc.org | Sub | Gitea for git | | | git.bensuperpc.org | Sub | Gitea for git | | ||||||
| | link.bensuperpc.org | Sub | For link shortener | | | link.bensuperpc.org | Sub | For link shortener | | ||||||
| | jellyfin.bensuperpc.org | Sub | Jellyfin for media server | | | jellyfin.bensuperpc.org | Sub | Jellyfin for media server | | ||||||
|  | | syncthing.bensuperpc.org | Sub | SyncThing for file synchronization | | ||||||
|  | | ssh.bensuperpc.org | Sub | Openssh for ssh | | ||||||
| | bensuperpc.com | Main | Redirect to bensuperpc.org | | | bensuperpc.com | Main | Redirect to bensuperpc.org | | ||||||
| | bensuperpc.fr | Sub | Redirect to bensuperpc.org | | | bensuperpc.fr | Main | Redirect to bensuperpc.org | | ||||||
| | bensuperpc.net | Sub | Redirect to bensuperpc.org | | | bensuperpc.net | Main | Redirect to bensuperpc.org | | ||||||
| | bensuperpc.ovh | Sub | Redirect to bensuperpc.org | | | bensuperpc.ovh | Main | Redirect to bensuperpc.org | | ||||||
|  |  | ||||||
| ### Configure the infrastructure | ### Configure the infrastructure | ||||||
|  |  | ||||||
| @@ -163,6 +165,8 @@ You can find all services on the [docker-compose.yml](docker-compose.yml) file o | |||||||
| | Torrent | Torrent server | [torrent.bensuperpc.org](https://torrent.bensuperpc.org) | | | Torrent | Torrent server | [torrent.bensuperpc.org](https://torrent.bensuperpc.org) | | ||||||
| | Gitea | Gitea for git | [git.bensuperpc.org](https://git.bensuperpc.org) | | | Gitea | Gitea for git | [git.bensuperpc.org](https://git.bensuperpc.org) | | ||||||
| | Jellyfin | Jellyfin for media server | [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) | | | Jellyfin | Jellyfin for media server | [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) | | ||||||
|  | | SyncThing | SyncThing for file synchronization | [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) | | ||||||
|  | | Openssh | Openssh for ssh | [ssh.bensuperpc.org](https://ssh.bensuperpc.org) | | ||||||
|  |  | ||||||
| ## URL | ## URL | ||||||
|  |  | ||||||
|   | |||||||
| @@ -29,6 +29,9 @@ www.bensuperpc.org { | |||||||
|  |  | ||||||
| 		# clickjacking protection | 		# clickjacking protection | ||||||
| 		X-Frame-Options DENY | 		X-Frame-Options DENY | ||||||
|  |  | ||||||
|  | 		# Disable powerful features we don't need | ||||||
|  |         Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()" | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -60,6 +63,12 @@ ssh.bensuperpc.org { | |||||||
| 	reverse_proxy openssh:2222 | 	reverse_proxy openssh:2222 | ||||||
| } | } | ||||||
|  |  | ||||||
|  | syncthing.bensuperpc.org { | ||||||
|  | 	reverse_proxy syncthing:8384 { | ||||||
|  | 		header_up Host {upstream_hostport} | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
| link.bensuperpc.org { | link.bensuperpc.org { | ||||||
| 	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent | 	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent | ||||||
| 	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent | 	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent | ||||||
|   | |||||||
| @@ -17,7 +17,7 @@ services: | |||||||
|       - caddy_config:/backup/caddy_config:ro |       - caddy_config:/backup/caddy_config:ro | ||||||
| #      - gitea_data:/backup/gitea_data:ro | #      - gitea_data:/backup/gitea_data:ro | ||||||
| #      - gitea_config:/backup/gitea_config:ro | #      - gitea_config:/backup/gitea_config:ro | ||||||
| #      - database:/backup/database:ro | #      - wordpress_db:/backup/wordpress_db:ro | ||||||
| #      - wordpress:/backup/wordpress:ro | #      - wordpress:/backup/wordpress:ro | ||||||
| #      - jellyfin_config:/backup/jellyfin_config:ro | #      - jellyfin_config:/backup/jellyfin_config:ro | ||||||
| #      - jellyfin_data:/backup/jellyfin_data:ro | #      - jellyfin_data:/backup/jellyfin_data:ro | ||||||
|   | |||||||
| @@ -18,17 +18,26 @@ services: | |||||||
|       - ./caddy:/etc/caddy:ro |       - ./caddy:/etc/caddy:ro | ||||||
|     networks: |     networks: | ||||||
|       - infra-network |       - infra-network | ||||||
|  |     env_file: | ||||||
|  |       - env/caddy.env | ||||||
|  |     cap_add: | ||||||
|  |       - NET_ADMIN | ||||||
|     security_opt: |     security_opt: | ||||||
|       - no-new-privileges:true |       - no-new-privileges:true | ||||||
| #    cap_drop: |     #    cap_drop: | ||||||
| #      - ALL |     #      - ALL | ||||||
| #    cap_add: |     #    cap_add: | ||||||
| #      - CHOWN |     #      - CHOWN | ||||||
| #      - FOWNER |     #      - FOWNER | ||||||
| #      - DAC_OVERRIDE |     #      - DAC_OVERRIDE | ||||||
| #      - SETGID |     #      - SETGID | ||||||
| #      - SETUID |     #      - SETUID | ||||||
| #      - NET_BIND_SERVICE |     #      - NET_BIND_SERVICE | ||||||
|  |     healthcheck: | ||||||
|  |       test: pidof caddy || exit 1 | ||||||
|  |       interval: 120s | ||||||
|  |       timeout: 10s | ||||||
|  |       retries: 3 | ||||||
|  |  | ||||||
| volumes: | volumes: | ||||||
|   caddy_data: |   caddy_data: | ||||||
|   | |||||||
							
								
								
									
										25
									
								
								docker-compose.syncthing.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								docker-compose.syncthing.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | version: '3.9' | ||||||
|  |  | ||||||
|  | services: | ||||||
|  |   # syncthing | ||||||
|  |   syncthing: | ||||||
|  |     image: linuxserver/syncthing:latest | ||||||
|  |     container_name: syncthing | ||||||
|  |     profiles: | ||||||
|  |       - syncthing | ||||||
|  |     restart: on-failure | ||||||
|  |     env_file: | ||||||
|  |       - env/syncthing.env | ||||||
|  |     volumes: | ||||||
|  |       - syncthing_config:/config | ||||||
|  |       - syncthing_data:/data1 | ||||||
|  |     networks: | ||||||
|  |       - infra-network | ||||||
|  |     security_opt: | ||||||
|  |       - no-new-privileges:true | ||||||
|  |  | ||||||
|  | volumes: | ||||||
|  |   syncthing_config: | ||||||
|  |     name: syncthing_config | ||||||
|  |   syncthing_data: | ||||||
|  |     name: syncthing_data | ||||||
| @@ -32,7 +32,7 @@ services: | |||||||
|       - caddy |       - caddy | ||||||
|     restart: on-failure |     restart: on-failure | ||||||
|     volumes: |     volumes: | ||||||
|       - database:/var/lib/mysql:rw |       - wordpress_db:/var/lib/mysql:rw | ||||||
|     env_file: |     env_file: | ||||||
|       - env/wordpress_db.env |       - env/wordpress_db.env | ||||||
|     command: '--default-authentication-plugin=mysql_native_password' |     command: '--default-authentication-plugin=mysql_native_password' | ||||||
| @@ -42,7 +42,7 @@ services: | |||||||
|       - no-new-privileges:true |       - no-new-privileges:true | ||||||
|  |  | ||||||
| volumes: | volumes: | ||||||
|   database: |   wordpress_db: | ||||||
|     name: database |     name: wordpress_db | ||||||
|   wordpress: |   wordpress: | ||||||
|     name: wordpress |     name: wordpress | ||||||
							
								
								
									
										0
									
								
								env/caddy.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								env/caddy.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
								
								
									
										2
									
								
								env/syncthing.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								env/syncthing.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | |||||||
|  | PUID=1000 | ||||||
|  | PGID=1000 | ||||||
		Reference in New Issue
	
	Block a user